Dmitry V. Levin
eccd1980c4
Rewrite admin interface from sudo to sshd forced command. gitery-admin users can be registered by adding restrict,command="/usr/libexec/gitery-admin/gitery-admin" ssh-keytype ssh-key comment lines to root's authorized_keys file.
81 lines
2.1 KiB
Bash
Executable File
81 lines
2.1 KiB
Bash
Executable File
#!/bin/sh -e
|
|
|
|
. gitery-admin-sh-functions
|
|
|
|
# Validate template repositories.
|
|
for n in packages private public; do
|
|
GIT_DIR="$CONF_DIR/$n.git" git rev-parse --git-dir >/dev/null
|
|
done
|
|
|
|
usage()
|
|
{
|
|
echo "$PROG: $*" >&2
|
|
echo "usage: $PROG <NAME> <GECOS> < IDENTITY"
|
|
exit 1
|
|
}
|
|
|
|
set_name "$1"
|
|
shift
|
|
|
|
load_identity
|
|
|
|
GECOS="$*"
|
|
[ -n "$GECOS" ] ||
|
|
usage 'not specified: GECOS'
|
|
[ -n "${GECOS//*:*/}" ] ||
|
|
fatal "$NAME: invalid GECOS specified"
|
|
|
|
IT_SHELL="$CMD_DIR/gitery-sh"
|
|
REAL_HOME="$PEOPLE_DIR/$NAME"
|
|
|
|
[ -d "$PEOPLE_DIR" ] ||
|
|
fatal "error adding $NAME: directory $PEOPLE_DIR not available"
|
|
|
|
AUTH="/etc/openssh/authorized_keys/$IT_NAME"
|
|
[ ! -e "$AUTH" ] ||
|
|
fatal "error adding $NAME: authorized keys file '$AUTH' already exists"
|
|
|
|
useradd -c "$GECOS" -d /var/empty -g "$USERS_GROUP" -G 'gitery' -M -s "$IT_SHELL" "$IT_NAME" ||
|
|
fatal "$IT_NAME: error adding user"
|
|
|
|
printf '%s:\t%s@%s\n' "$IT_NAME" "$NAME" "$EMAIL_DOMAIN" >>"$EMAIL_ALIASES" &&
|
|
newaliases ||
|
|
fatal "$IT_NAME: error adding email alias"
|
|
|
|
echo "restrict $IDENTITY" > "$AUTH" ||
|
|
fatal "error creating authorized keys file '$AUTH' for user $IT_NAME"
|
|
|
|
PEOPLE_MOUNT="$(df -P "$PEOPLE_DIR" |awk '{dir=$6} END{print dir}')"
|
|
setquota "$IT_NAME" 1000000 1500000 100000 150000 "$PEOPLE_MOUNT" ||
|
|
message "$IT_NAME: failed to set disk quota on $PEOPLE_MOUNT"
|
|
|
|
for d in "$REAL_HOME" "$REAL_HOME/packages" "$REAL_HOME/public"; do
|
|
install -d -o "$IT_NAME" -g gitery -m755 "$d" ||
|
|
fatal "$IT_NAME: failed to create $d"
|
|
done
|
|
|
|
for d in "$REAL_HOME/private"; do
|
|
install -d -o "$IT_NAME" -g gitery-admin -m751 "$d" ||
|
|
fatal "$IT_NAME: failed to create $d"
|
|
done
|
|
|
|
for d in "$REAL_HOME/etc"; do
|
|
install -d -o "$IT_NAME" -g gitery-admin -m750 "$d" ||
|
|
fatal "$IT_NAME: failed to create $d"
|
|
done
|
|
|
|
for n in packages private public; do
|
|
email_dir="$EMAIL_DIR/$n"
|
|
mkdir -p "$email_dir"
|
|
install -d -o "$IT_NAME" -g gitery -m755 "$email_dir/$NAME" ||
|
|
fatal "$IT_NAME: failed to create $email_dir/$NAME"
|
|
done
|
|
|
|
for n in packages private public; do
|
|
src="$CONF_DIR/$n.git"
|
|
dst="$REAL_HOME/etc/$n.git"
|
|
su -l "$IT_NAME" -s /bin/sh -c \
|
|
"git clone --bare --template='$GIT_TEMPLATE_DIR' '$src' '$dst'" ||
|
|
fatal "$IT_NAME: failed to setup $dst"
|
|
done
|