sudo install -m 660 -o root -g root \
"$tool"/etc/postfix/$vm_domainname/header_checks \
/etc/postfix/$vm_domainname/header_checks
- sudo install -m 664 -o root -g root \
- "$tool"/etc/postfix/aliases \
- /etc/postfix/aliases
+ sudo install -m 664 -o root -g root /dev/stdin \
+ /etc/postfix/aliases <<-EOF
+ # See man 5 aliases for format
+ abuse: root
+ admin: root
+ contact: root
+ postmaster: root
+ root: $(getent group sudo | cut -f 4 -d : | tr , ' ')
+ EOF
sudo newaliases -oA/etc/postfix/aliases
cat /dev/stdin "$tool"/etc/postfix/main.cf <<-EOF |
mydomain = $vm_domainname
EOF
sudo service ssh restart
}
-rule_user_admin_add () { # SYNTAX: $user
+rule_user_add () { # SYNTAX: $user
+ rule user_configure
local user=$1
id "$user" >/dev/null ||
sudo adduser --disabled-password "$user"
# NOTE: le mot-de-passe doit être initialisé par l'utilisateur à l'aide de passwd-init .
eval local home\; home="~$user"
+ sudo adduser "$user" users
+ sudo install -m 640 -o root -g root \
+ "$tool"/var/pub/ssh/"$user".key \
+ "$home"/etc/ssh/authorized_keys
+ local key; local -; set +f
+ for key in "$tool"/var/pub/openpgp/*.key
+ do sudo -u "$user" gpg --import - <"$key"
+ done
+ }
+rule_user_configure () {
+ true
+ }
+rule_user_admin_add () { # SYNTAX: $user
+ rule user_configure
+ local user=$1
+ id "$user" >/dev/null ||
+ sudo adduser --disabled-password "$user"
+ eval local home\; home="~$user"
sudo adduser "$user" sudo
+ sudo adduser "$user" users
sudo install -m 640 -o root -g root \
"$tool"/var/pub/ssh/"$user".key \
"$home"/etc/ssh/authorized_keys
local key; local -; set +f
for key in "$tool"/var/pub/openpgp/*.key
- do sudo -u "$user" gpg --import "$key"
+ do sudo -u "$user" gpg --import - <"$key"
done
rule user_admin_configure
}
rule_user_configure () {
sudo install -d -m 750 -o root -g adm \
/etc/skel/etc \
+ /etc/skel/etc/gpg \
/etc/skel/etc/ssh
sudo install -d -m 770 -o root -g adm \
/etc/skel/var \
rule_user_root_configure () {
sudo install -d -m 750 -o root -g adm \
/root/etc \
- /root/etc/ssh \
- /root/etc/gpg
+ /root/etc/gpg \
+ /root/etc/ssh
sudo ln -fns etc/gpg /root/.gnupg
sudo ln -fns etc/ssh /root/.ssh
getent group sudo |