Configurable forgehook user
This commit is contained in:
parent
9287d77fad
commit
de16f9ab47
25
setup.sh
25
setup.sh
|
@ -3,9 +3,21 @@
|
|||
# TODO: currently setup.sh assumes you're a sudoer, not root
|
||||
|
||||
DEST="/usr/local/bin"
|
||||
# TODO: Make user configurable (see other todo notes)
|
||||
# Should be autodetected in case of existing setup
|
||||
owner="webhook"
|
||||
|
||||
# Autodetect forgehook user if it's already setup
|
||||
owner=$(find /usr/local/bin/webhook-backend -maxdepth 0 -printf '%u')
|
||||
if [[ $? = 0 ]]; then
|
||||
echo "[setup.sh] Found existing setup owned by user $owner. Using this user."
|
||||
else
|
||||
# OK it's not setup yet, maybe try a user from argument?
|
||||
if [ $# -gt 0 ]; then
|
||||
owner="$1"
|
||||
echo "[setup.sh] Setup for user $owner"
|
||||
else
|
||||
owner="forgehook"
|
||||
echo "[setup.sh] No setup user found. Using default value $owner"
|
||||
fi
|
||||
fi
|
||||
|
||||
# TODO: Detect if user has UID > 1000 so if it's a real user we refuse to setup
|
||||
# and try to escalate to generate a dedicated account. Maybe also check for ownership
|
||||
|
@ -19,6 +31,8 @@ if [[ $EUID = 0 ]]; then
|
|||
exit 1
|
||||
fi
|
||||
|
||||
# TODO: Check we can escalade privileges
|
||||
|
||||
# Everyone can execute (user-facing wrapper)
|
||||
sudo cp webhook $DEST
|
||||
sudo chown "$owner:$owner" $DEST/webhook
|
||||
|
@ -41,7 +55,8 @@ sudo chmod 755 $DEST/webhook-run-backend
|
|||
echo "Successfully installed webhook as user $owner to $DEST"
|
||||
|
||||
if ! sudo grep "webhook-backend" /etc/sudoers > /dev/null; then
|
||||
# TODO: auto setup sudo rules
|
||||
echo "Please place the following in your /etc/sudoers (by running visudo):"
|
||||
echo "ALL ALL=(webhook) NOPASSWD: /usr/local/bin/webhook-backend
|
||||
webhook ALL=NOPASSWD: /usr/local/bin/webhook-run"
|
||||
echo "ALL ALL=($owner) NOPASSWD: /usr/local/bin/webhook-backend
|
||||
$owner ALL=NOPASSWD: /usr/local/bin/webhook-run"
|
||||
fi
|
||||
|
|
Reference in New Issue