add support for creation of user/groups

add support for configuring root authorized_keys file
2022-09-15 14:40:44 +02:00 · 2022-09-15 14:30:12 +02:00
2 changed files with 64 additions and 4 deletions
--- a/README.md
+++ b/README.md
@ -2,6 +2,7 @@

 * Debian slim based image
 * OpenSSH server
+* User/group creation on startup

 # Supported tags and respective `Dockerfile` links

@ -9,15 +10,29 @@

 # Usage

+## Environment variables
+
+| Key | Format | Description |
+| --- | --- | --- |
+| `ROOT_AUTHORIZED_KEYS` | `/path/to/file` | Path to file that contains the public SSH keys that can be used for root user authentication. This file will be copied to `/root/.ssh/authorized_keys` |
+| `USERADD` | `{username}:{uid}:{gid};...` | Create user account(s) on startup |
+| `GROUPADD` | `{groupname}:{gid};...` | Create group account(s) on startup |
+| `BASE_DIR` | `/home` | Basedir used for user account creation (Default: `/home`) |
+
+## docker run
+
 ```
 $ docker run -it \
    --name jumpbox \
-    -v $(pwd)/authorized_keys:/root/.ssh/authorized_keys \
+    -v $(pwd)/jumpbox:/var/lib/jumpbox \
+    -e "ROOT_AUTHORIZED_KEYS=/var/lib/jumpbox/authorized_keys"
+    -e "USERADD=jumpbox:1000:1000"
+    -e "GROUPADD=jumpbox:1000"
    -p 1022:22 \
    pommib/jumpbox:latest
 ```

-# docker-compose
+## docker-compose

 ```
 version: "3"
@ -29,5 +44,9 @@ services:
    ports:
      - "1022:22/tcp"
    volumes:
-      - '${PWD}/authorized_keys:/root/.ssh/authorized_keys'
+      - '${PWD}/jumpbox:/var/lib/jumpbox'
+    environment:
+      ROOT_AUTHORIZED_KEYS: /var/lib/jumpbox/authorized_keys
+      USERADD: jumpbox:1000:1000
+      GROUPADD: jumpbox:1000
 ```
--- a/start.sh
+++ b/start.sh
@ -1,7 +1,48 @@
 #!/bin/sh

+set -ex
+
 mkdir -p /run/sshd

-chown root: /root/.ssh/authorized_keys
+if [ -n "$ROOT_AUTHORIZED_KEYS" ]; then
+    if [ -f "$ROOT_AUTHORIZED_KEYS" ]; then
+        mkdir -p /root/.ssh
+        cp "$ROOT_AUTHORIZED_KEYS" /root/.ssh/authorized_keys
+        chmod 600 /root/.ssh/authorized_keys
+    fi
+fi
+
+if [ -z "$BASE_DIR" ]; then
+    BASE_DIR="/home"
+fi
+
+if [ ! -d "$BASE_DIR" ]; then
+    echo "BASE_DIR $BASE_DIR does not exist, creating..."
+    mkdir -p $BASE_DIR
+fi
+
+# GROUPADD="group1:1000;group2:1001;group3:1002"
+while [ "$GROUPADD" != "$i" ] ;do
+    i=${GROUPADD%%;*}
+    GROUPADD="${GROUPADD#$i;}"
+
+    GROUP_NAME=${i%%:*}
+    GROUP_GID="${i#$GROUP_NAME:}"
+
+    groupadd --gid $GROUP_GID $GROUP_NAME
+done
+
+# USERADD="user1:1000:1000;user2:1001:1000;user3:1002:1002"
+while [ "$USERADD" != "$i" ] ;do
+    i=${USERADD%%;*}
+    USERADD="${USERADD#$i;}"
+
+    USER_NAME=${i%%:*}
+    UID_GID="${i#$USER_NAME:}"
+    USER_UID="${UID_GID%%:*}"
+    USER_GID="${UID_GID#$USER_UID:}"
+
+    useradd --home-dir $BASE_DIR/$USER_NAME --uid $USER_UID --gid $USER_GID $USER_NAME
+done

 exec /usr/sbin/sshd -D -e
Author	SHA1	Message	Date
Pim van den Berg	ee9b2257da	add support for creation of user/groups continuous-integration/drone/push Build is passing Details	2022-09-15 14:40:44 +02:00
Pim van den Berg	289592cbf6	add support for configuring root authorized_keys file	2022-09-15 14:30:12 +02:00