From 3203e51feac210773fe8ccec40a268aeb431e93f Mon Sep 17 00:00:00 2001 From: AJ ONeal Date: Sun, 28 Jun 2020 05:07:34 +0000 Subject: [PATCH] switch user 'me' => 'app' --- ssh-adduser/README.md | 32 ++++++++++++++--------------- ssh-utils/README.md | 4 ++-- ssh-utils/ssh-adduser.sh | 44 ++++++++++++++++++++-------------------- 3 files changed, 40 insertions(+), 40 deletions(-) diff --git a/ssh-adduser/README.md b/ssh-adduser/README.md index 8a27a10..c9eeb4d 100644 --- a/ssh-adduser/README.md +++ b/ssh-adduser/README.md @@ -9,19 +9,19 @@ description: | `ssh-adduser` will - 1. add the user `me` + 1. add the user `app` 2. set a random, 32-character password (as a failsafe) 3. copy the `root` user's **`~/.ssh/authorized_keys`** (so the same users can still login) - 4. give the `me` user `sudo` (admin) privileges - 5. allow `me` to `sudo` without a password + 4. give the `app` user `sudo` (admin) privileges + 5. allow `app` to `sudo` without a password --- -How to create a new user named 'me': +How to create a new user named 'app': ```bash # --disable-password prevents a password prompt # --gecos "" skips the useless questions -adduser --disabled-password --gecos "" me +adduser --disabled-password --gecos "" app ``` How to create a and set a random password: @@ -30,30 +30,30 @@ How to create a and set a random password: # sets 'my_password' to 32 random hex characters (16 bytes) my_password=$(openssl rand -hex 16) -# uses 'my_password' for to reset and confirm 'me's password -printf "$my_password"'\n'"$my_password" | passwd me +# uses 'my_password' for to reset and confirm 'app's password +printf "$my_password"'\n'"$my_password" | passwd app ``` -How to make the user 'me' a "sudo"er (an admin): +How to make the user 'app' a "sudo"er (an admin): ```bash -adduser me sudo +adduser app sudo ``` -How to allow 'me' to run sudo commands without a password: +How to allow 'app' to run sudo commands without a password: ```bash -echo "me ALL=(ALL:ALL) NOPASSWD: ALL" | sudo tee /etc/sudoers.d/me +echo "app ALL=(ALL:ALL) NOPASSWD: ALL" | sudo tee /etc/sudoers.d/app ``` How to copy allowed keys from root to the new user: ```bash -mkdir -p /home/me/.ssh/ -chmod 0700 /home/me/.ssh/ +mkdir -p /home/app/.ssh/ +chmod 0700 /home/app/.ssh/ -cat "$HOME/.ssh/authorized_keys" >> /home/me/.ssh/authorized_keys -chmod 0600 /home/me/.ssh/authorized_keys +cat "$HOME/.ssh/authorized_keys" >> /home/app/.ssh/authorized_keys +chmod 0600 /home/app/.ssh/authorized_keys -chown -R me:me /home/me/.ssh/ +chown -R app:app /home/app/.ssh/ ``` diff --git a/ssh-utils/README.md b/ssh-utils/README.md index 2a0d20c..39dd015 100644 --- a/ssh-utils/README.md +++ b/ssh-utils/README.md @@ -25,9 +25,9 @@ ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDTOhRnzDJNBNBXVCgkxkEaDM4IAp81MtE8fuqeQuFv **ssh-adduser**: Many modern web programs (`npm` and `postgres`, for example) will not function -correctly if run as root. `ssh-adduser` adds user `me` with the same +correctly if run as root. `ssh-adduser` adds user `app` with the same **`~/.ssh/authorized_keys`** as the `root` user, with a long random password, -and gives `me` `sudo` privileges. +and gives `app` `sudo` privileges. **ssh-setpass**: diff --git a/ssh-utils/ssh-adduser.sh b/ssh-utils/ssh-adduser.sh index 621e314..47aefae 100644 --- a/ssh-utils/ssh-adduser.sh +++ b/ssh-utils/ssh-adduser.sh @@ -15,34 +15,34 @@ #apt-get -y update #apt-get -y install curl wget rsync git - # Add User - # TODO: might there be a better name? - # me, this, user, self, person, i, who, do, tron - adduser --disabled-password --gecos "" me + # Add User app + # Picking 'app' because that seems to be what the # Docker/Vagrant + # crowd is doing. TODO: Other ideas? me, user, tron + adduser --disabled-password --gecos "" app my_password=$(openssl rand -hex 16) - printf "$my_password"'\n'"$my_password" | passwd me + printf "$my_password"'\n'"$my_password" | passwd app - # make 'me' a sudo-er (admin) - adduser me sudo - echo "me ALL=(ALL:ALL) NOPASSWD: ALL" | tee /etc/sudoers.d/me + # make 'app' a sudo-er (admin) + adduser app sudo + echo "app ALL=(ALL:ALL) NOPASSWD: ALL" | tee /etc/sudoers.d/app - # allow users who can already login as 'root' to login as 'me' - mkdir -p /home/me/.ssh/ - chmod 0700 /home/me/.ssh/ - cp -r "$HOME/.ssh/authorized_keys" /home/me/.ssh/ - chmod 0600 /home/me/.ssh/authorized_keys - touch /home/me/.ssh/config - chmod 0644 /home/me/.ssh/config - chown -R me:me /home/me/.ssh/ + # allow users who can already login as 'root' to login as 'app' + mkdir -p /home/app/.ssh/ + chmod 0700 /home/app/.ssh/ + cp -r "$HOME/.ssh/authorized_keys" /home/app/.ssh/ + chmod 0600 /home/app/.ssh/authorized_keys + touch /home/app/.ssh/config + chmod 0644 /home/app/.ssh/config + chown -R app:app /home/app/.ssh/ - # ensure that 'me' has an SSH Keypair - sudo -i -u me bash -c 'ssh-keygen -b 2048 -t rsa -f /home/me/.ssh/id_rsa -q -N ""' + # ensure that 'app' has an SSH Keypair + sudo -i -u app bash -c 'ssh-keygen -b 2048 -t rsa -f /home/app/.ssh/id_rsa -q -N ""' - # Install webi for the new 'me' user - sudo -i -u me bash -c 'curl -fsSL https://webinstall.dev/webi | bash' \ - || sudo -i -u me bash -c 'wget -q -O - https://webinstall.dev/webi | bash' + # Install webi for the new 'app' user + sudo -i -u app bash -c 'curl -fsSL https://webinstall.dev/webi | bash' \ + || sudo -i -u app bash -c 'wget -q -O - https://webinstall.dev/webi | bash' # TODO ensure that ssh-password login is off - echo "Created user 'me' with password '$my_password'" + echo "Created user 'app' with password '$my_password'" } -- 2.25.1