free
/
freedombone
ウォッチ 1
お気に入りに登録 0
フォーク 0
コード 課題 0 プルリクエスト 0 リリース 0 Wiki アクティビティ
2105 コミット
5 ブランチ
ツリー: 90a677d514
ブランチ タグ
${ item.name }
ブランチ ${ searchTerm } を作成
'90a677d514' から
${ noResults }
freedombone/src/freedombone-adduser

freedombone-adduser 4.5KB
履歴 Raw形式

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109 
  1. #!/bin/bash

  2. MY_USERNAME=$1

  3. GPG_KEYSERVER='hkp://keys.gnupg.net'

  4. SSH_PORT=2222

  5. 

  6. if [ ! $MY_USERNAME ]; then

  7.     echo 'No username was given'

  8. 	exit 1

  9. fi

  10. 

  11. if [ -d /home/$MY_USERNAME ]; then

  12.     echo "The user $MY_USERNAME already exists"

  13. 	exit 2

  14. fi

  15. 

  16. NEW_USER_PASSWORD="$(openssl rand -base64 10 | cut -c1-8)"

  17. useradd -m -p "$NEW_USER_PASSWORD" -s /bin/bash $MY_USERNAME

  18. adduser $MY_USERNAME sasl

  19. 

  20. if [ ! -d /home/$MY_USERNAME ]; then

  21. 	echo 'Home directory was not created'

  22. 	exit 3

  23. fi

  24. 

  25. if [ ! -d /home/$MY_USERNAME/Maildir ]; then

  26. 	echo 'Email directory was not created'

  27. 	userdel -r $MY_USERNAME

  28. 	exit 4

  29. fi

  30. 

  31. # generate a gpg key

  32. echo "Making a GPG key for $MY_USERNAME@$HOSTNAME"

  33. mkdir /home/$MY_USERNAME/.gnupg

  34. echo "keyserver $GPG_KEYSERVER" >> /home/$MY_USERNAME/.gnupg/gpg.conf

  35. echo 'keyserver-options auto-key-retrieve' >> /home/$MY_USERNAME/.gnupg/gpg.conf

  36. echo '' >> /home/$MY_USERNAME/.gnupg/gpg.conf

  37. echo '# default preferences' >> /home/$MY_USERNAME/.gnupg/gpg.conf

  38. echo 'personal-digest-preferences SHA256' >> /home/$MY_USERNAME/.gnupg/gpg.conf

  39. echo 'cert-digest-algo SHA256' >> /home/$MY_USERNAME/.gnupg/gpg.conf

  40. echo 'default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed' >> /home/$MY_USERNAME/.gnupg/gpg.conf

  41. 

  42. chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.gnupg

  43. chmod 700 /home/$MY_USERNAME/.gnupg

  44. chmod 600 /home/$MY_USERNAME/.gnupg/*

  45. 

  46. # Generate a GPG key

  47. echo 'Key-Type: 1' > /home/$MY_USERNAME/gpg-genkey.conf

  48. echo 'Key-Length: 4096' >> /home/$MY_USERNAME/gpg-genkey.conf

  49. echo 'Subkey-Type: 1' >> /home/$MY_USERNAME/gpg-genkey.conf

  50. echo 'Subkey-Length: 4096' >> /home/$MY_USERNAME/gpg-genkey.conf

  51. echo "Name-Real:  $MY_USERNAME" >> /home/$MY_USERNAME/gpg-genkey.conf

  52. echo "Name-Email: $MY_USERNAME@$HOSTNAME" >> /home/$MY_USERNAME/gpg-genkey.conf

  53. echo 'Expire-Date: 0' >> /home/$MY_USERNAME/gpg-genkey.conf

  54. chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/gpg-genkey.conf

  55. su -c "gpg --batch --gen-key /home/$MY_USERNAME/gpg-genkey.conf" - $MY_USERNAME

  56. shred -zu /home/$MY_USERNAME/gpg-genkey.conf

  57. MY_GPG_PUBLIC_KEY_ID=$(su -c "gpg --list-keys $MY_USERNAME@$HOSTNAME | grep 'pub '" - $MY_USERNAME | awk -F ' ' '{print $2}' | awk -F '/' '{print $2}')

  58. MY_GPG_PUBLIC_KEY=/tmp/public_key.gpg

  59. su -c "gpg --output $MY_GPG_PUBLIC_KEY --armor --export $MY_GPG_PUBLIC_KEY_ID" - $MY_USERNAME

  60. 

  61. if ! grep -q "Change your GPG password" /home/$MY_USERNAME/README; then

  62.     echo '' >> /home/$MY_USERNAME/README

  63.     echo '' >> /home/$MY_USERNAME/README

  64.     echo 'Change your GPG password' >> /home/$MY_USERNAME/README

  65.     echo '========================' >> /home/$MY_USERNAME/README

  66.     echo "It's very important to add a password to your GPG key so that" >> /home/$MY_USERNAME/README

  67.     echo "if anyone does get access to your email they still won't be able" >> /home/$MY_USERNAME/README

  68.     echo 'to read them without knowning the GPG password.' >> /home/$MY_USERNAME/README

  69.     echo 'You can change the it with:' >> /home/$MY_USERNAME/README

  70.     echo '' >> /home/$MY_USERNAME/README

  71.     echo "  gpg --edit-key $MY_GPG_PUBLIC_KEY_ID" >> /home/$MY_USERNAME/README

  72.     echo '  passwd' >> /home/$MY_USERNAME/README

  73.     echo '  save' >> /home/$MY_USERNAME/README

  74.     echo '  quit' >> /home/$MY_USERNAME/README

  75. fi

  76. 

  77. if ! grep -q "Publish your GPG public key" /home/$MY_USERNAME/README; then

  78.     echo '' >> /home/$MY_USERNAME/README

  79.     echo '' >> /home/$MY_USERNAME/README

  80.     echo 'Publish your GPG public key' >> /home/$MY_USERNAME/README

  81.     echo '===========================' >> /home/$MY_USERNAME/README

  82.     echo 'So that others can send emails to you securely you should' >> /home/$MY_USERNAME/README

  83.     echo 'publish your GPG public key with the command:' >> /home/$MY_USERNAME/README

  84.     echo '' >> /home/$MY_USERNAME/README

  85.     echo "  gpg --send-keys $MY_GPG_PUBLIC_KEY_ID" >> /home/$MY_USERNAME/README

  86. fi

  87. 

  88. chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README

  89. chmod 600 /home/$MY_USERNAME/README

  90. 

  91. echo "Adding an XMPP account for $MY_USERNAME"

  92. freedombone-addxmpp -e "$MY_USERNAME@$HOSTNAME" "$NEW_USER_PASSWORD"

  93. 

  94. clear

  95. echo "New user $MY_USERNAME was created"

  96. echo "Their login password is $NEW_USER_PASSWORD"

  97. echo ''

  98. echo 'IMPORTANT: Make a note of the password, because it will not be saved'

  99. echo 'anywhere else. Preferably give it to them in person on paper or via'

  100. echo 'a secure channel, not in an unencrypted email.'

  101. echo ''

  102. echo "They can download their GPG keys with:"

  103. echo ''

  104. echo "    scp -P $SSH_PORT -r $MY_USERNAME@$HOSTNAME:/home/$MY_USERNAME/.gnupg ~/"

  105. echo ''

  106. echo 'They should also run freedombone-client on their system to ensure'

  107. echo 'the best security.'

  108. 

  109. exit 0