1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
|
#!/bin/sh
# SPDX-FileCopyrightText: 2023 Johannes Schauer Marin Rodrigues <josch@debian.org>
# SPDX-FileCopyrightText: 2024-2025 Helmut Grohne <helmut@subdivi.de>
# SPDX-FileCopyrightText: 2025 Jochen Sprickerhof <debvm@jochen.sprickerhof.de>
# SPDX-License-Identifier: MIT
#
# Add a non-root user, add them to the sudo group and use the same authorized
# ssh keys as the root user.
#
# - the new user is called "user" by default (customizable via $USERADDHOOK_USERNAME)
# - no password required for login
# - requires the coreutils package installed inside the chroot
# - requires the passwd package installed outside the chroot
# - adds the new user to the sudo group if it exists
# - ~/.ssh/authorized_keys files is copied from root user if it exists
# - enables immediate autologin via lightdm if installed
#
# Example usage:
#
# $ debvm-create -k ~/.ssh/id_rsa.pub -- --hook-dir=.../useraddhook --include sudo
# $ debvm-run -s 8022
# $ ssh -l user -p 8022 127.0.0.1 whoami
# user
# $ ssh -l user -p 8022 127.0.0.1 sudo whoami
# root
#
set -eu
: "${USERADDHOOK_USERNAME:=user}"
useradd --prefix "$1" --no-log-init --home-dir "/home/$USERADDHOOK_USERNAME" --create-home --shell /bin/bash "$USERADDHOOK_USERNAME"
if passwd --help | grep -q -e --prefix; then
passwd --prefix "$1" --delete "$USERADDHOOK_USERNAME"
else
# Host OS is older than trixie
PWFILE=passwd
if grep -q "^$USERADDHOOK_USERNAME:x:" "$1/etc/passwd"; then
PWFILE=shadow
fi
sed -i -e "s/^\\($USERADDHOOK_USERNAME:\\)[^:]*:/\\1:/" "$1/etc/$PWFILE"
fi
if chroot "$1" getent group sudo >/dev/null; then
echo "Adding $USERADDHOOK_USERNAME to sudo group"
usermod --prefix "$1" --append --groups sudo "$USERADDHOOK_USERNAME"
fi
if [ -e "$1"/root/.ssh/authorized_keys ]; then
echo "Installing ssh authorized_keys for $USERADDHOOK_USERNAME"
chroot "$1" install -o "$USERADDHOOK_USERNAME" -g "$USERADDHOOK_USERNAME" -m 700 -d "/home/$USERADDHOOK_USERNAME/.ssh"
chroot "$1" install -o "$USERADDHOOK_USERNAME" -g "$USERADDHOOK_USERNAME" -t "/home/$USERADDHOOK_USERNAME/.ssh" /root/.ssh/authorized_keys
fi
if [ -e "$1/etc/lightdm/lightdm.conf" ]; then
echo "Enabling autologin in lightdm for $USERADDHOOK_USERNAME"
cat >>"$1/etc/lightdm/lightdm.conf" <<EOF
[SeatDefaults]
autologin-user=$USERADDHOOK_USERNAME
autologin-user-timeout=0
EOF
fi
if [ -e "$1/etc/greetd/config.toml" ] && [ -e "$1/usr/bin/sway" ]; then
echo "Enabling autologin in greetd/sway for $USERADDHOOK_USERNAME"
cat >>"$1/etc/greetd/config.toml" <<EOF
[initial_session]
command = "sway"
user = "$USERADDHOOK_USERNAME"
EOF
fi
|
