diff options
| author | u <u@billy> | 2023-05-29 07:39:55 -0400 |
|---|---|---|
| committer | u <u@billy> | 2023-05-29 07:46:50 -0400 |
| commit | d7a855170d5c11b080ba62d74e583903b708ef37 (patch) | |
| tree | 6d4ccb89f380d633125a269655502ef5f0aa3458 | |
| parent | 3f7ac1f42b1ae91ec7ea07c0fae562cccd794e0b (diff) | |
Remove references to user "u". Uses $SUDO_USER.
| -rw-r--r-- | Makefile | 8 | ||||
| -rwxr-xr-x | src/AuthorizedKeysCommand | 8 | ||||
| -rw-r--r-- | src/fossil-user.conf | 3 | ||||
| -rw-r--r-- | src/fossil-user.socket | 4 |
4 files changed, 16 insertions, 7 deletions
| @@ -34,6 +34,11 @@ work: | |||
| 34 | work/.fslckout: | work $(fossil_database) | 34 | work/.fslckout: | work $(fossil_database) |
| 35 | cd work && fossil open ../$(fossil_database) | 35 | cd work && fossil open ../$(fossil_database) |
| 36 | else | 36 | else |
| 37 | ifdef SUDO_USER | ||
| 38 | THE_USER=$(SUDO_USER) | ||
| 39 | else | ||
| 40 | $(error "you must define THE_USER") | ||
| 41 | endif | ||
| 37 | unitdir = /etc/systemd/system | 42 | unitdir = /etc/systemd/system |
| 38 | unit_files = $(addprefix src/fossil-user,@.service .socket) | 43 | unit_files = $(addprefix src/fossil-user,@.service .socket) |
| 39 | units = $(filter-out %@.service,$(notdir $(unit_files))) | 44 | units = $(filter-out %@.service,$(notdir $(unit_files))) |
| @@ -42,7 +47,8 @@ bindir = /usr/local/bin | |||
| 42 | 47 | ||
| 43 | default: install start follow | 48 | default: install start follow |
| 44 | install: | 49 | install: |
| 45 | install -t /etc/ssh/ -- src/user-d.AnonymousForceCommand src/user-d.AuthorizedKeysCommand | 50 | install -t /etc/ssh/ -- src/AuthorizedKeysCommand |
| 51 | install -T -- src/AnonymousForceCommand /etc/ssh/user-$(THE_USER).AnonymousForceCommand | ||
| 46 | install -m644 -t /etc/ssh/sshd_config.d -- src/fossil-user.conf | 52 | install -m644 -t /etc/ssh/sshd_config.d -- src/fossil-user.conf |
| 47 | install -m644 -t $(unitdir) -- $(unit_files) | 53 | install -m644 -t $(unitdir) -- $(unit_files) |
| 48 | install -t $(bindir) -- $(executables) | 54 | install -t $(bindir) -- $(executables) |
diff --git a/src/AuthorizedKeysCommand b/src/AuthorizedKeysCommand index 6bf0ec9..de0732a 100755 --- a/src/AuthorizedKeysCommand +++ b/src/AuthorizedKeysCommand | |||
| @@ -1,7 +1,11 @@ | |||
| 1 | #!/bin/sh | 1 | #!/bin/sh |
| 2 | cmd=/etc/ssh/user-d.AnonymousForceCommand | 2 | username=$1 |
| 3 | shift | ||
| 4 | |||
| 5 | [ "$username" ] | ||
| 6 | cmd=/etc/ssh/user-$username.AnonymousForceCommand | ||
| 3 | [ -x "$cmd" ] || exit | 7 | [ -x "$cmd" ] || exit |
| 4 | 8 | ||
| 5 | key=$1 | 9 | key=$1 |
| 6 | shift | 10 | shift |
| 7 | printf 'restrict,pty,command="%s" %s\n' "$cmd $*" "$key" | 11 | printf 'restrict,pty,command="%s" %s\n' "$cmd" "$key" |
diff --git a/src/fossil-user.conf b/src/fossil-user.conf index f4296fd..86387e7 100644 --- a/src/fossil-user.conf +++ b/src/fossil-user.conf | |||
| @@ -1,4 +1,3 @@ | |||
| 1 | Match User d | ||
| 2 | ExposeAuthInfo=yes | 1 | ExposeAuthInfo=yes |
| 3 | AuthorizedKeysCommandUser=root | 2 | AuthorizedKeysCommandUser=root |
| 4 | AuthorizedKeysCommand=/etc/ssh/user-d.AuthorizedKeysCommand "%t %k" "%f" | 3 | AuthorizedKeysCommand=/etc/ssh/AuthorizedKeysCommand "%u" "%t %k" |
diff --git a/src/fossil-user.socket b/src/fossil-user.socket index eab5a51..38914e6 100644 --- a/src/fossil-user.socket +++ b/src/fossil-user.socket | |||
| @@ -1,5 +1,5 @@ | |||
| 1 | [Socket] | 1 | [Socket] |
| 2 | Accept = yes | 2 | Accept = yes |
| 3 | ListenStream = /run/fossil-user.S | 3 | ListenStream = /run/fossil-user.S |
| 4 | SocketUser = d | 4 | SocketUser = root |
| 5 | SocketMode = 0600 | 5 | SocketMode = 0666 |