diff options
author | u <u@billy> | 2023-05-29 07:39:55 -0400 |
---|---|---|
committer | u <u@billy> | 2023-05-29 07:46:50 -0400 |
commit | d7a855170d5c11b080ba62d74e583903b708ef37 (patch) | |
tree | 6d4ccb89f380d633125a269655502ef5f0aa3458 | |
parent | 3f7ac1f42b1ae91ec7ea07c0fae562cccd794e0b (diff) |
Remove references to user "u". Uses $SUDO_USER.
-rw-r--r-- | Makefile | 8 | ||||
-rwxr-xr-x | src/AuthorizedKeysCommand | 8 | ||||
-rw-r--r-- | src/fossil-user.conf | 3 | ||||
-rw-r--r-- | src/fossil-user.socket | 4 |
4 files changed, 16 insertions, 7 deletions
@@ -34,6 +34,11 @@ work: | |||
34 | work/.fslckout: | work $(fossil_database) | 34 | work/.fslckout: | work $(fossil_database) |
35 | cd work && fossil open ../$(fossil_database) | 35 | cd work && fossil open ../$(fossil_database) |
36 | else | 36 | else |
37 | ifdef SUDO_USER | ||
38 | THE_USER=$(SUDO_USER) | ||
39 | else | ||
40 | $(error "you must define THE_USER") | ||
41 | endif | ||
37 | unitdir = /etc/systemd/system | 42 | unitdir = /etc/systemd/system |
38 | unit_files = $(addprefix src/fossil-user,@.service .socket) | 43 | unit_files = $(addprefix src/fossil-user,@.service .socket) |
39 | units = $(filter-out %@.service,$(notdir $(unit_files))) | 44 | units = $(filter-out %@.service,$(notdir $(unit_files))) |
@@ -42,7 +47,8 @@ bindir = /usr/local/bin | |||
42 | 47 | ||
43 | default: install start follow | 48 | default: install start follow |
44 | install: | 49 | install: |
45 | install -t /etc/ssh/ -- src/user-d.AnonymousForceCommand src/user-d.AuthorizedKeysCommand | 50 | install -t /etc/ssh/ -- src/AuthorizedKeysCommand |
51 | install -T -- src/AnonymousForceCommand /etc/ssh/user-$(THE_USER).AnonymousForceCommand | ||
46 | install -m644 -t /etc/ssh/sshd_config.d -- src/fossil-user.conf | 52 | install -m644 -t /etc/ssh/sshd_config.d -- src/fossil-user.conf |
47 | install -m644 -t $(unitdir) -- $(unit_files) | 53 | install -m644 -t $(unitdir) -- $(unit_files) |
48 | install -t $(bindir) -- $(executables) | 54 | install -t $(bindir) -- $(executables) |
diff --git a/src/AuthorizedKeysCommand b/src/AuthorizedKeysCommand index 6bf0ec9..de0732a 100755 --- a/src/AuthorizedKeysCommand +++ b/src/AuthorizedKeysCommand | |||
@@ -1,7 +1,11 @@ | |||
1 | #!/bin/sh | 1 | #!/bin/sh |
2 | cmd=/etc/ssh/user-d.AnonymousForceCommand | 2 | username=$1 |
3 | shift | ||
4 | |||
5 | [ "$username" ] | ||
6 | cmd=/etc/ssh/user-$username.AnonymousForceCommand | ||
3 | [ -x "$cmd" ] || exit | 7 | [ -x "$cmd" ] || exit |
4 | 8 | ||
5 | key=$1 | 9 | key=$1 |
6 | shift | 10 | shift |
7 | printf 'restrict,pty,command="%s" %s\n' "$cmd $*" "$key" | 11 | printf 'restrict,pty,command="%s" %s\n' "$cmd" "$key" |
diff --git a/src/fossil-user.conf b/src/fossil-user.conf index f4296fd..86387e7 100644 --- a/src/fossil-user.conf +++ b/src/fossil-user.conf | |||
@@ -1,4 +1,3 @@ | |||
1 | Match User d | ||
2 | ExposeAuthInfo=yes | 1 | ExposeAuthInfo=yes |
3 | AuthorizedKeysCommandUser=root | 2 | AuthorizedKeysCommandUser=root |
4 | AuthorizedKeysCommand=/etc/ssh/user-d.AuthorizedKeysCommand "%t %k" "%f" | 3 | AuthorizedKeysCommand=/etc/ssh/AuthorizedKeysCommand "%u" "%t %k" |
diff --git a/src/fossil-user.socket b/src/fossil-user.socket index eab5a51..38914e6 100644 --- a/src/fossil-user.socket +++ b/src/fossil-user.socket | |||
@@ -1,5 +1,5 @@ | |||
1 | [Socket] | 1 | [Socket] |
2 | Accept = yes | 2 | Accept = yes |
3 | ListenStream = /run/fossil-user.S | 3 | ListenStream = /run/fossil-user.S |
4 | SocketUser = d | 4 | SocketUser = root |
5 | SocketMode = 0600 | 5 | SocketMode = 0666 |