0

Please note I am a total linux newbie, please bare that in mind when answering this question as I have very limited knowledge of linux.

OS: Debian Squeeze

I am using ZSH and have created a function called webuseradd it looks like this:

function webuseradd () {
    echo creating user $1;
    mkdir /usr/share/nginx/$1;

    # sshlogin is required to allow user to ssh and sftp
    sudo useradd -G lshell,sshlogin -b /usr/share/nginx/$1/home -d /usr/share/nginx/$1/home -m --skel /etc/httpskel -K UMASK=027 $1;

    # /usr/share/nginx/$1 will be the chroot so set it to root
    sudo chown root:root /usr/share/nginx/$1;
    sudo su - $1;
    mkdir /usr/share/nginx/$1/home/.ssh;
    ssh-keygen -t rsa;
    exit;

    # force the user into a limited, jailed shell
    sudo chsh -s /usr/bin/lshell $1;
}

However if I call it this it the output I get:

$ webuseradd test
creating user test
No directory, logging in with HOME=/

The user is created fine however the issue arises when I attempt to su into the user. If I exit the script then continues with the following output:

Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):

How do I ensure the keys get created and put in the correct location with the correct permissions within the function? I'm sure there are some other things I have done that are inadvisable so if you spot anything please say.

George Reith
  • 673
  • 2
  • 12
  • 22

2 Answers2

1

If you're running this function as root, there's no need to call su and then run several commands. Besides, that won't work anyway. You'll just get an interactive shell, and then the script will continue when you exit that shell.

Just run the commands you need with sudo directly: (and you don't need mkdir; ssh-keygen will do that for you)

sudo -u $1 -- ssh-keygen -t rsa
Michael Hampton
  • 244,070
  • 43
  • 506
  • 972
1

I am assuming you are not running this function while logged in as root given all your use of sudo.

I would probably just modify your script like this.

    sudo useradd -G lshell,sshlogin -b /usr/share/nginx/$1/home -d /usr/share/nginx/$1/home -m --skel /etc/httpskel -K UMASK=027 $1;
    sudo chown root:root /usr/share/nginx/$1;
-    sudo su - $1;
-    mkdir /usr/share/nginx/$1/home/.ssh;
-    ssh-keygen -t rsa;
+    sudo mkdir -p /usr/share/nginx/$1/home/.ssh;
+    sudo ssh-keygen -t rsa -f /usr/share/nginx/$1/home/.ssh/id_rsa
+    sudo chown -R /usr/share/nginx/$1/home/.ssh/
+    sudo chmod 0600 /usr/share/nginx/$1/home/.ssh/

On a security note. You really shouldn't be creating or storing users private keys. The private keys are supposed to be private, not stored on a server where they could be stolen. You are working this the wrong way if require strong security.

Zoredache
  • 130,897
  • 41
  • 276
  • 420
  • I think those commands are meant to be run _as the new user_, not as root. – Michael Hampton Dec 14 '13 at 00:59
  • @MichaelHampton I think that is what he intended. But probably isn't technically necessary. Just run everything as root and fix correct the ssh permissions. IMO it would probably be easier this way. – Zoredache Dec 14 '13 at 01:01
  • Thanks this is also very useful. The private keys are to be used by WordPress to perform plugin updates. I chroot everyone but the admins into an area they can't access each others directories from, and in an area where each user can only affect themselves. I think the private key has to be on the server for it to utilise it. – George Reith Dec 14 '13 at 13:35