Skip to content

Instantly share code, notes, and snippets.

@nekwebdev

nekwebdev/addwebuser

Last active December 19, 2015 13:39
Show Gist options
  • Save nekwebdev/5963724 to your computer and use it in GitHub Desktop.
Save nekwebdev/5963724 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
addwebuser
#!/bin/bash
# This script is to create users for a web server setup using this guide:
# https://coderwall.com/p/zxffsg
# The script will prompt for information as it goes.
source ${ZDOTDIR-$HOME}/.bash/color.bash
# Get the server's IP
ip=$(hostname -i)
info="$(color -b blue)*$(color)"
warn="$(color -b red)*$(color)"
# Ask for information
fnGetInformation() {
read -p "${info} Enter the linux $(color -b blue)username$(color): " username
read -s -p "${info} Enter the linux $(color -b blue)password$(color): " password
echo ""
read -s -p "${info} Enter the linux $(color -b blue)password$(color) again: " password2
echo ""
if [ $password != $password2 ]
then
read -p "${warn} Passwords did not match, start again!" username
read -p "${info} Enter the $(color -b blue)main domain$(color), format: mydomain.com: " domain
read -p "${info} Enter the $(color -b blue)dev domain$(color), format: dev.mydomain.com: " domain_dev
read -p "${info} Enter the domain admin $(color -b blue)email$(color): " email
read -s -p "${info} Enter MySQL $(color -b blue)root password$(color): " sql_rootpass
echo ""
read -p "${info} Enter MySQL $(color -b blue)database name$(color), no - only _: " sql_database
read -p "${info} Enter MySQL new $(color -b blue)user name$(color): " sql_user
read -s -p "${info} Enter MySQL new $(color -b blue)user password$(color): " sql_userpass
echo ""
while true; do
read -p "${info} Is this a $(color -b blue)jailed$(color) user [y/n]: " yn
case $yn in
[Yy]* ) jailed=true; break;;
[Nn]* ) jailed=false; break;;
* ) echo "${warn} Please answer yes or no.";;
esac
done
}
# Confirm information
fnConfirmInformation() {
echo ""
echo "${warn} Will create a user named $(color -b red)$username$(color) with ssh/sftp access"
echo "${warn} With a home directory in $(color -b red)/home/$username$(color)"
echo "${warn} Jail status: $(color -b red)$jailed$(color)"
echo "${warn} Virtual host for $(color -b red)http://www.$domain$(color)"
echo "${warn} in $(color -b red)/home/$username/www$(color)"
echo "${warn} Virtual host for $(color -b red)http://$domain_dev$(color)"
echo "${warn} in $(color -b red)/home/$username/dev$(color)"
echo "${warn} Local IP: $(color -b red)$ip$(color)"
echo "${warn} Logs in $(color -b red)/home/$username/logs$(color)"
echo "${warn} Errors in $(color -b red)/home/$username/errors$(color)"
echo "${warn} Admin email: $(color -b red)$email$(color)"
while true; do
read -p "${warn} Is this information $(color -b red)correct$(color)? [y/n]: " yn
case $yn in
[Yy]* ) break;;
[Nn]* ) exit;;
* ) echo "${warn} Please answer yes or no.";;
esac
done
}
# Create groups
fnAddToGroup() {
if !(grep -q $2 /etc/group)
then
echo "${warn} $(color -b red)$2$(color) group did not exist, this is weird will create it..."
sudo groupadd $2
fi
sudo usermod -a -G $2 $1
}
# Create the web directories
fnCreateWebDirs() {
sudo mkdir /home/$username/$1
sudo mkdir /home/$username/$1/public
sudo chown -R ${username}:www-data /home/$username/$1
sudo chmod -R 750 /home/$username/$1
sudo chmod g+rxs /home/$username/$1
sudo chmod g+rxs /home/$username/$1/public
}
fnCreateVhostTemplate(){
# Create virtualhost template
VHOST=$(cat <<EOF
<VirtualHost *:80>
ServerAdmin template.email
ServerName template.url
DocumentRoot template.webroot
<Directory />
Options FollowSymLinks
AllowOverride All
</Directory>
<Directory template.webroot/>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from All
</Directory>
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
<Directory "/usr/lib/cgi-bin">
AllowOverride All
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
</Directory>
ErrorLog template.error/error.log
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
CustomLog template.log/access.log combined
</VirtualHost>
EOF
)
echo "${VHOST}" > ~/template
sudo mv ~/template /etc/apache2/sites-available/template
sudo chown root:root /etc/apache2/sites-available/template
}
# Create virtual hosts
fnCreateVhosts() {
echo "${info} Checking for the virtual host template file..."
if [ ! -f /etc/apache2/sites-available/template ]; then
fnCreateVhostTemplate
fi
# $1 = sitename.com
# $2 = dev or www
echo "${info} Creating new virtual host file for $(color -b blue)$1$(color)"
echo "${info} that has a webroot of: $(color -b blue)/home/$username/$2/public$(color)"
sudo cp /etc/apache2/sites-available/template /etc/apache2/sites-available/$1
sudo sed -i 's/template.email/'$email'/g' /etc/apache2/sites-available/$1
sudo sed -i 's/template.url/'$1'/g' /etc/apache2/sites-available/$1
sudo sed -i 's#template.webroot#'/home/$username/$2/public'#g' /etc/apache2/sites-available/$1
sudo sed -i 's#template.error#'/home/$username/errors'#g' /etc/apache2/sites-available/$1
sudo sed -i 's#template.log#'/home/$username/logs'#g' /etc/apache2/sites-available/$1
echo "${info} Adding $(color -b blue)$1$(color) to the $(color -b blue)/etc/hosts$(color) file..."
if [ $2 = "dev" ]
then
sudo sed -i '1s/^/'$ip' '$1' '$username'\n/' /etc/hosts
else
sudo sed -i '1s/^/'$ip' '$1' '$1'\n/' /etc/hosts
fi
sudo a2ensite $1 >/dev/null
}
# Get information for the script
fnGetInformation
fnConfirmInformation
# Good to go!
# Change umask
umask 077
# Grant sudo rights to script
sudo -v
# Create our user.
echo "${info} Creating new user named $(color -b blue)$username$(color)"
sudo groupadd $username
sudo useradd -s /bin/bash -m -g ${username} -d /home/${username} ${username}
echo -e "$password\n$password\n" | sudo passwd $username
# Make sure it can login with ssh
fnAddToGroup $username "sshlogin"
# Prepare directories and permissions
sudo chmod 711 /home/$username
sudo chown -R ${username}:www-data /home/$username/logs
sudo chown -R ${username}:www-data /home/$username/errors
sudo chmod 770 /home/$username/logs
sudo chmod 770 /home/$username/errors
sudo chmod g+rwxs /home/$username/logs
sudo chmod g+rwxs /home/$username/errors
# Create the main domain virtual host
fnCreateWebDirs "www"
fnCreateVhosts $domain "www"
# Create the dev domain virtual host
fnCreateWebDirs "dev"
fnCreateVhosts $domain_dev "dev"
# Create MySQL database and user
sudo mysql -u root -p$sql_rootpass -Bse "CREATE DATABASE $sql_database;"
sudo mysql -u root -p$sql_rootpass -Bse "GRANT ALL ON ${sql_database}.* to ${sql_user}@'localhost' identified by '$sql_userpass';"
sudo service apache2 reload >/dev/null
# Check if we need to jail the user
if [ $jailed = "true" ]
then
fnAddToGroup $username "lshell"
# Make sure root owns the user's home folder for SSH/sftp chrooting
sudo chown root:root /home/$username
sudo chmod 755 /home/$username
echo "${warn} $(color -b red)$username$(color) is now jailed."
fi
echo "${warn} WARNING: umask will be changed to 077 by this script."
echo "${warn} Remember to revert it if you do not use 077 as default."
exit 1
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment