evoadmin-web/scripts/web-add.sh

1407 lines
40 KiB
Bash
Raw Normal View History

#!/bin/bash
#
# Gestion des comptes web et des hôtes virtuels pour Apache et Nginx
#
# Copyright (c) 2009-2017 Evolix - Tous droits reserves
#
# TODO
# - Gestion des quota
# - Possibilité de créer un compte FTP-only
# - Pouvoir spécifier le CONTACT_MAIL dans un fichier de conf
# - Traduire usage() en francais, ou l'inverse ??
set -e
HOME="/root"
CONTACT_MAIL="jdoe@example.org"
WWWBOUNCE_MAIL="jdoe@example.org"
2015-11-28 22:59:36 +01:00
SCRIPTS_PATH="/usr/share/scripts/evoadmin"
LOCAL_SCRIPT="$SCRIPTS_PATH/web-add.local.sh"
PRE_LOCAL_SCRIPT="$SCRIPTS_PATH/web-add.pre-local.sh"
TPL_AWSTATS="$SCRIPTS_PATH/awstats.XXX.conf"
2018-04-20 11:20:06 +02:00
SSH_GROUP="evolinux-ssh"
# Set to nginx if you use nginx and not apache
WEB_SERVER="apache"
if [ "$WEB_SERVER" == "apache" ]; then
VHOST_PATH="/etc/apache2/sites-available"
TPL_VHOST="$SCRIPTS_PATH/vhost"
TPL_MAIL="$SCRIPTS_PATH/web-mail.tpl"
elif [ "$WEB_SERVER" == "nginx" ]; then
VHOST_PATH="/etc/nginx/sites-available"
TPL_VHOST="$SCRIPTS_PATH/vhost-nginx.tpl"
TPL_MAIL="$SCRIPTS_PATH/web-mail-nginx.tpl"
else
echo "$WEB_SERVER is not apache nor nginx, exiting..."
exit 1
fi
# FPM
FPM_PATH="/etc/php/7.0/fpm/pool.d"
FPM_SERVICE_NAME="php7.0-fpm"
TPL_FPM="$SCRIPTS_PATH/fpm.conf.tpl"
MAX_LOGIN_CHAR=16
HOME_DIR="/home"
MYSQL_CREATE_DB_OPTS=""
MYSQL_OPTS=""
PHP_VERSIONS=()
# Utiliser ce fichier pour redefinir la valeur des variables ci-dessus
config_file="/etc/evolinux/web-add.conf"
# shellcheck source=/etc/evolinux/web-add.conf
[ -r $config_file ] && . $config_file
usage() {
cat <<EOT >&2
Usage: $0 COMMAND [ARG]
add [ [OPTIONS] LOGIN WWWDOMAIN ]
Create web account LOGIN.
No arguments starts interactive mode.
-p PASSWD
FTP and SFTP password (default : random)
-m DBNAME
Name of MySQL database (default : same as account)
-P DBPASSWD
MySQL password (default : random)
-l MAIL
Send summary email to MAIL
-k SSHKEY
Use this SSH key
-u UID
Force account UID (only in command line)
-g GID
Force account GID (only in command line)
-U UID
Force www-account UID (only in command line)
-y
Don't ask for confirmation
-r
PHP version (without dot)
-q
Filesystem quota in GiB, in the form <quota soft>:<quota hard>
Example : web-add.sh add -m testdb -r 56 testlogin testdomain.com
del [ [OPTIONS] LOGIN [DBNAME] ]
Delete account and all files related (Apache, Awstats, etc)
Archive home directory.
Remove MySQL database only if DBNAME is specified.
-y
Don't ask for confirmation
Example : web-add.sh del -y testlogin testdatabase
list-vhost LOGIN
List Apache vhost for user LOGIN
2019-03-19 11:46:41 +01:00
check-vhosts -f
List suggested changes to vhosts, apply fixes with -f
add-alias VHOST ALIAS
Add a ServerAlias to an Apache vhost
del-alias VHOST ALIAS
Del a ServerAlias from an Apache vhost
update-servername VHOST SERVERNAME OLD_SERVERNAME
2019-03-19 11:46:41 +01:00
Replace the OLD_SERVERNAME with the SERVERNAME for an Apache vhost
2019-05-16 14:40:30 +02:00
Also apply to rewrite rules
2019-03-19 11:46:41 +01:00
check-occurence NAME
List all occurences of NAME in vhosts
2019-05-16 14:40:30 +02:00
list-user-itk LOGIN
2019-03-25 18:05:37 +01:00
2019-05-16 14:40:30 +02:00
List the assigned ITK user for the LOGIN specified
2019-03-25 18:05:37 +01:00
2019-05-16 14:40:30 +02:00
enable-user-itk LOGIN
2019-03-25 18:05:37 +01:00
2019-05-16 14:40:30 +02:00
Enable the assigned ITK user for the LOGIN specified
2019-03-25 18:05:37 +01:00
2019-05-16 14:40:30 +02:00
disable-user-itk LOGIN
2019-03-25 18:05:37 +01:00
2019-05-16 14:40:30 +02:00
Disable the assigned ITK user for the LOGIN specified
2019-03-25 18:05:37 +01:00
setphpversion LOGIN VERSION
Change PHP version for LOGIN
setquota LOGIN QUOTA_SOFT:QUOTA_HARD
Change quotas for LOGIN
manage-http-challenge-file [CREATE | DELETE]
Create or delete a dummy file for the Let's Encrypt HTTP challenge
The default directory is /var/lib/letsencrypt/.well-known/
generate-csr LOGIN DOMAINS
Generate the request for the Let's Encrypt certificate
generate-ssl-certificate LOGIN [TRUE | FALSE]
Generate the Let's Encrypt certificate
Run in TEST mode if TRUE
EOT
}
#
# Affiche un message d'erreur de validation
#
in_error() {
msg=$1
cat >&2 <<EOT
***
Erreur : $msg
***
EOT
}
gen_random_passwd() {
2021-02-22 16:22:31 +01:00
apg -c /dev/urandom -MNCL -n1 -m18 -E oOlL10
}
validate_login() {
login=$1
2018-04-19 22:41:58 +02:00
length=${#login}
2018-04-19 22:41:58 +02:00
if [ "$length" -lt 3 ]; then
in_error "Le login doit contenir plus de 2 caracteres"
return 1
fi
2018-04-19 22:41:58 +02:00
if [ "$length" -gt $MAX_LOGIN_CHAR ]; then
in_error "Le login ne doit pas contenir plus de $MAX_LOGIN_CHAR caracteres"
return 1
fi
}
validate_passwd() {
passwd=$1
length=${#passwd}
if [ "$length" -lt 6 ] && [ "$length" -gt 0 ]; then
in_error "Le mot de passe doit avoir au moins 6 caracteres"
return 1
fi
}
validate_dbname() {
dbname=$1
if mysql $MYSQL_OPTS -ss -e "show databases" | grep "^$dbname$" >/dev/null; then
in_error "Base de données déjà existante"
return 1
fi
}
validate_wwwdomain() {
wwwdomain=$1
if [ -z "$wwwdomain" ]; then
in_error "Le nom de domaine est obligatoire"
return 1
fi
return 0
}
validate_mail() {
return 0
}
validate_phpversion() {
php_version="$1"
if [[ ! " ${PHP_VERSIONS[*]} " =~ ${php_version} ]]; then
in_error "Version de PHP incorrecte."
return 1
fi
}
validate_quota() {
quota_soft=$(echo "$1" |cut -f 1 -d:)
quota_hard=$(echo "$1" |cut -f 2 -d:)
if [ -z "$quota_soft" ] || [ -z "$quota_hard" ]; then
in_error "Le quota soft et le quota hard doivent être spécifiés sous la forme <quota soft>:<quota hard>."
return 1
elif [ "$quota_soft" -gt "$quota_hard" ]; then
in_error "Le quota hard doit être plus grand que le quota soft."
return 1
fi
}
step_ok() {
msg=$1
echo "[OK] $msg"
}
create_www_account() {
# Vérifications
for filetocheck in $TPL_VHOST $TPL_AWSTATS $TPL_MAIL; do
if [ ! -f $filetocheck ]; then
in_error "Fichier inexistant : $filetocheck"
exit 1
fi
done
############################################################################
if [ -f $PRE_LOCAL_SCRIPT ]; then
# shellcheck source=/usr/share/scripts/evoadmin/web-add.pre-local.sh
source $PRE_LOCAL_SCRIPT
fi
step_ok "Exécution du pre-script spécifique"
############################################################################
if [ -z "$HOME_DIR_USER" ]; then
HOME_DIR_USER="$HOME_DIR/$in_login"
fi
############################################################################
if [ -d "$HOME_DIR_USER" ]; then
in_error "Ce compte existe deja (ou il a mal été effacé)"
return 1
fi
2018-04-19 22:41:58 +02:00
# Create user and force UID / GID if specified
/usr/sbin/adduser \
--gecos "User $in_login" \
--disabled-password \
"$in_login" \
--shell /bin/bash \
${in_uid:+'--uid' "$in_uid"} \
${in_gid:+'--gid' "$in_gid"} \
--force-badname \
--home "$HOME_DIR_USER" >/dev/null
2019-03-19 11:46:41 +01:00
[ -z "$in_sshkey" ] \
&& echo "$in_login:$in_passwd" | chpasswd
[ -z "$in_sshkey" ] \
|| [ -n "$HOME_DIR_USER" ] \
&& mkdir "$HOME_DIR_USER/.ssh" \
&& echo "$in_sshkey" > "$HOME_DIR_USER/.ssh/authorized_keys" \
&& chmod -R u=rwX,g=,o= "$HOME_DIR_USER/.ssh/authorized_keys" \
&& chown -R "$in_login":"$in_login" "$HOME_DIR_USER/.ssh"
2019-03-19 11:46:41 +01:00
if [ "$WEB_SERVER" == "apache" ]; then
# Create www user and force UID if specified
/usr/sbin/adduser \
--gecos "WWW $in_login" \
--disabled-password \
www-"$in_login" \
--shell /bin/false \
${in_wwwuid:+'--uid' "$in_wwwuid"} \
--ingroup "$in_login" \
--force-badname \
--home "$HOME_DIR_USER"/www \
--no-create-home > /dev/null
elif [ "$WEB_SERVER" == "nginx" ]; then
# Adding user www-data to group $in_login.
# And primary group www-data for $in_login.
adduser www-data "$in_login"
usermod -g www-data "$in_login"
fi
2017-08-25 22:56:30 +02:00
# Get uid/gid for newly created accounts
uid=$(id -u "$in_login")
gid=$(id -g "$in_login")
www_uid=$(id -u www-"$in_login")
2017-08-25 22:56:30 +02:00
# Create users inside all containers
for php_version in "${PHP_VERSIONS[@]}"; do
lxc-attach -n php"${php_version}" -- /usr/sbin/addgroup "$in_login" --gid "$gid" --force-badname >/dev/null
lxc-attach -n php"${php_version}" -- /usr/sbin/adduser --gecos "User $in_login" --disabled-password "$in_login" --shell /bin/bash --uid "$uid" --gid "$gid" --force-badname --home "$HOME_DIR_USER" >/dev/null
lxc-attach -n php"${php_version}" -- [ -z "$in_sshkey" ] && echo "$in_login:$in_passwd" | chpasswd
lxc-attach -n php"${php_version}" -- /usr/sbin/adduser --disabled-password --home "$HOME_DIR_USER"/www --no-create-home --shell /bin/false --gecos "WWW $in_login" www-"$in_login" --uid "$www_uid" --ingroup "$in_login" --force-badname >/dev/null
done
if grep -qE '^AllowGroups' /etc/ssh/sshd_config; then
if ! grep -qE "^AllowGroups(\\s+\\S+)*(\\s+$SSH_GROUP)" /etc/ssh/sshd_config; then
2018-04-20 11:20:06 +02:00
sed -i "s/^AllowGroups .*/& $SSH_GROUP/" /etc/ssh/sshd_config
groupadd --force $SSH_GROUP
fi
2018-04-20 11:20:06 +02:00
usermod -a -G $SSH_GROUP "$in_login"
elif grep -qE '^AllowUsers' /etc/ssh/sshd_config; then
sed -i "s/^AllowUsers .*/& $in_login/" /etc/ssh/sshd_config
fi
/etc/init.d/ssh reload
step_ok "Création des utilisateurs"
############################################################################
if [ "$WEB_SERVER" == "apache" ]; then
echo "www-$login: $login" >> /etc/aliases
echo "$login: $WWWBOUNCE_MAIL" >> /etc/aliases
elif [ "$WEB_SERVER" == "nginx" ]; then
echo "$login: $WWWBOUNCE_MAIL" >> /etc/aliases
fi
newaliases
step_ok "Alias mail"
############################################################################
chmod 750 "$HOME_DIR_USER"/
2018-04-19 22:41:58 +02:00
# Répertoires par défaut
mkdir -p "$HOME_DIR_USER"/{log,www,awstats}
chown "$in_login":"$in_login" "$HOME_DIR_USER"/www
chgrp "$in_login" "$HOME_DIR_USER"/{log,awstats}
chmod 750 "$HOME_DIR_USER"/{log,www,awstats}
2018-04-19 22:41:58 +02:00
# Ajout des logs par defaut
touch "$HOME_DIR_USER"/log/access.log
touch "$HOME_DIR_USER"/log/error.log
touch "$HOME_DIR_USER"/log/php.log
chgrp "$in_login" "$HOME_DIR_USER"/log/access.log
chgrp "$in_login" "$HOME_DIR_USER"/log/error.log
if [ "$WEB_SERVER" == "apache" ]; then
chown www-"$in_login":"$in_login" "$HOME_DIR_USER"/log/php.log
fi
# There is no php.log for nginx ATM, it will go in error.log.
chmod 640 "$HOME_DIR_USER"/log/access.log
chmod 640 "$HOME_DIR_USER"/log/error.log
chmod 640 "$HOME_DIR_USER"/log/php.log
step_ok "Création du répertoire personnel"
############################################################################
if [ -n "$in_quota" ]; then
quota_soft=$(($(echo "$in_quota" |cut -f 1 -d:) * 1024 * 1024))
quota_hard=$(($(echo "$in_quota" |cut -f 2 -d:) * 1024 * 1024))
setquota --remote --user "$in_login" $quota_soft $quota_hard 0 0 /home
fi
############################################################################
# Create FPM pool on all containers.
for php_version in "${PHP_VERSIONS[@]}"; do
if [ "$php_version" = "70" ]; then
pool_path="/etc/php/7.0/fpm/pool.d/"
elif [ "$php_version" = "73" ]; then
pool_path="/etc/php/7.3/fpm/pool.d/"
elif [ "$php_version" = "74" ]; then
pool_path="/etc/php/7.4/fpm/pool.d/"
elif [ "$php_version" = "80" ]; then
pool_path="/etc/php/8.0/fpm/pool.d/"
2022-02-22 15:16:22 +01:00
elif [ "$php_version" = "81" ]; then
pool_path="/etc/php/8.1/fpm/pool.d/"
else
pool_path="/etc/php5/fpm/pool.d/"
fi
2017-08-25 22:57:38 +02:00
phpfpm_socket_path="/home/${in_login}/php-fpm${php_version}.sock"
cat <<EOT >/var/lib/lxc/php"${php_version}"/rootfs/${pool_path}/"${in_login}".conf
[${in_login}]
user = www-${in_login}
group = ${in_login}
2017-08-25 22:57:38 +02:00
listen = ${phpfpm_socket_path}
listen.owner = ${in_login}
listen.group = ${in_login}
2021-02-22 16:12:21 +01:00
pm = ondemand
pm.status_path = /evolinux_fpm_status-$(apg -Mncl -n1 -m32)
pm.max_children = 10
pm.process_idle_timeout = 10s
php_admin_value[error_log] = /home/${in_login}/log/php.log
EOT
2017-08-25 22:57:38 +02:00
step_ok "Création du pool FPM ${php_version}"
done
############################################################################
2018-04-19 22:41:58 +02:00
random=$RANDOM
if [ "$WEB_SERVER" == "apache" ]; then
# On s'assure que /etc/apache2/ssl pour le IncludeOptional de la conf
mkdir -p /etc/apache2/ssl
vhostfile="/etc/apache2/sites-available/${in_login}.conf"
sed -e "s/XXX/$in_login/g ; s/SERVERNAME/$in_wwwdomain/ ; s/RANDOM/$random/ ; s#HOME_DIR#$HOME_DIR#" < $TPL_VHOST > "$vhostfile"
if [ ${#PHP_VERSIONS[@]} -gt 0 ]; then
2017-08-25 22:57:38 +02:00
phpfpm_socket_path="/home/${in_login}/php-fpm${in_phpversion}.sock"
cat <<EOT >>"$vhostfile"
2017-08-25 22:57:38 +02:00
<Proxy "unix:${phpfpm_socket_path}|fcgi://localhost/" timeout=300>
</Proxy>
<FilesMatch "\\.php$">
2017-08-25 22:57:38 +02:00
SetHandler proxy:unix:${phpfpm_socket_path}|fcgi://localhost/
</FilesMatch>
</VirtualHost>
EOT
else
cat <<EOT >>"$vhostfile"
</VirtualHost>
EOT
fi
2018-04-19 22:41:58 +02:00
# On active aussi example.com si domaine commence par "www." comme www.example
if echo "$in_wwwdomain" | grep '^www.' > /dev/null; then
subweb="${in_wwwdomain#www.}"
sed -i -e "s/^\\(.*\\)#\\(ServerAlias\\).*$/\\1\\2 $subweb/" "$vhostfile"
fi
2018-04-19 22:41:58 +02:00
a2ensite "${in_login}.conf" >/dev/null
2018-04-19 22:41:58 +02:00
step_ok "Configuration d'Apache"
elif [ "$WEB_SERVER" == "nginx" ]; then
sed -e \
"s/DOMAIN/${in_wwwdomain}/g; s/LOGIN/${in_login}/g;" \
< "$TPL_VHOST" \
> ${VHOST_PATH}/"$in_login"
ln -s /etc/nginx/sites-available/"$in_login" \
/etc/nginx/sites-enabled/"$in_login"
/etc/init.d/nginx restart
step_ok "Configuration de Nginx + restart"
############################################################################
sed -e "s/SED_LOGIN/${in_login}/g;" \
< $TPL_FPM > ${FPM_PATH}/"${in_login}".conf
step_ok "Creation du pool PHP-FPM"
2017-08-25 14:47:42 +02:00
############################################################################
fi
sed -e "s/XXX/$in_login/ ; s/SERVERNAME/$in_wwwdomain/ ; s#HOME_DIR#$HOME_DIR#" \
< $TPL_AWSTATS > /etc/awstats/awstats."$in_login".conf
chmod 644 /etc/awstats/awstats."$in_login".conf
VAR=$(grep -v "^#" /etc/cron.d/awstats |tail -1 | cut -d " " -f1)
if [ "$VAR" = "" ] || [ "$VAR" -ge 59 ]; then
VAR=1
else
VAR=$((VAR +1))
fi
echo "$VAR * * * * root umask 033; [ -x /usr/lib/cgi-bin/awstats.pl -a -f /etc/awstats/awstats.$in_login.conf -a -r $HOME_DIR_USER/log/access.log ] && /usr/lib/cgi-bin/awstats.pl -config=$in_login -update >/dev/null" >> /etc/cron.d/awstats
step_ok "Activation d'Awstats"
############################################################################
2018-04-19 22:41:58 +02:00
if [ "$in_dbname" ]; then
echo "CREATE DATABASE \`$in_dbname\` $MYSQL_CREATE_DB_OPTS;" | mysql $MYSQL_OPTS
echo "GRANT ALL PRIVILEGES ON \`$in_dbname\`.* TO \`$in_login\`@localhost IDENTIFIED BY '$in_dbpasswd';" | mysql $MYSQL_OPTS
echo "FLUSH PRIVILEGES;" | mysql $MYSQL_OPTS
my_cnf_file="$HOME_DIR_USER/.my.cnf"
cat > "$my_cnf_file" <<-EOT
2017-10-17 10:44:58 +02:00
[client]
user = $in_login
password = "$in_dbpasswd"
[mysql]
database = $in_dbname
EOT
chown "$in_login" "$my_cnf_file"
chmod 600 "$my_cnf_file"
step_ok "Création base de données et compte MySQL"
fi
############################################################################
2018-04-19 22:41:58 +02:00
if [ "$in_dbname" ]; then
sed -e "
2019-03-19 11:46:41 +01:00
s/LOGIN/$in_login/g ;
s/SERVERNAME/$in_wwwdomain/ ;
s/PASSE1/$in_passwd/ ;
s/PASSE2/$in_dbpasswd/ ;
s/RANDOM/$random/ ;
s/QUOTA/$quota/ ;
s/RCPTTO/$in_mail/ ;
s/DBNAME/$in_dbname/ ;
s#HOME_DIR#$HOME_DIR#" \
< $TPL_MAIL | /usr/lib/sendmail -oi -t -f "$CONTACT_MAIL"
else
sed -e "
2019-03-19 11:46:41 +01:00
s/LOGIN/$in_login/g ;
s/SERVERNAME/$in_wwwdomain/ ;
s/PASSE1/$in_passwd/ ;
s/RANDOM/$random/ ;
s/QUOTA/$quota/ ;
s/RCPTTO/$in_mail/ ;
s#HOME_DIR#$HOME_DIR# ;
39,58d" \
< $TPL_MAIL | /usr/lib/sendmail -oi -t -f "$CONTACT_MAIL"
fi
step_ok "Envoi du mail récapitulatif"
############################################################################
if [ -f $LOCAL_SCRIPT ]; then
# shellcheck source=/usr/share/scripts/evoadmin/web-add.local.sh
source $LOCAL_SCRIPT
fi
step_ok "Exécution du script spécifique"
############################################################################
2018-04-19 22:41:58 +02:00
if [ "$WEB_SERVER" == "apache" ]; then
apache2ctl configtest 2>/dev/null
/etc/init.d/apache2 force-reload >/dev/null
for php_version in "${PHP_VERSIONS[@]}"; do
if [ "$php_version" = "70" ]; then
initscript_path="/etc/init.d/php7.0-fpm"
binary="php-fpm7.0"
elif [ "$php_version" = "73" ]; then
initscript_path="/etc/init.d/php7.3-fpm"
binary="php-fpm7.3"
elif [ "$php_version" = "74" ]; then
initscript_path="/etc/init.d/php7.4-fpm"
binary="php-fpm7.4"
elif [ "$php_version" = "80" ]; then
initscript_path="/etc/init.d/php8.0-fpm"
binary="php-fpm8.0"
2022-02-22 15:16:22 +01:00
elif [ "$php_version" = "81" ]; then
initscript_path="/etc/init.d/php8.1-fpm"
binary="php-fpm8.1"
else
initscript_path="/etc/init.d/php5-fpm"
binary="php5-fpm"
fi
lxc-attach -n php"${php_version}" -- $binary --test >/dev/null
lxc-attach -n php"${php_version}" -- $initscript_path restart >/dev/null
2017-08-25 22:57:38 +02:00
step_ok "Rechargement de php-fpm dans php${php_version}"
done
2017-08-25 22:57:38 +02:00
step_ok "Rechargement d'Apache"
fi
############################################################################
if [ "$WEB_SERVER" == "nginx" ]; then
fpm_status=$(echo -n "$in_login" | md5sum | cut -d' ' -f1)
cat <<EOT> /etc/munin/plugin-conf.d/phpfpm_"${in_login}"_
[phpfpm_${in_login}_*]
env.url http://munin:%d/fpm_status_$fpm_status
env.ports 80
env.phpbin php-fpm
env.phppool $in_login
EOT
for name in average connections memory processes status; do
ln -s /usr/local/share/munin/plugins/phpfpm_${name} \
/etc/munin/plugins/phpfpm_"${in_login}"_${name}
done
cat <<EOT>> /etc/nginx/evolinux.d/munin-plugins.conf
# $in_login FPM Status page. Secret part is md5 of pool name.
location ~ ^/fpm_status_${fpm_status}$ {
include fastcgi_params;
fastcgi_pass unix:/var/run/php-fpm-${in_login}.sock;
fastcgi_param SCRIPT_FILENAME \$fastcgi_script_name;
allow 127.0.0.1;
deny all;
}
EOT
sed -i "s#SED_STATUS#/fpm_status_${fpm_status}#" \
${FPM_PATH}/"${in_login}".conf
/etc/init.d/nginx reload
/etc/init.d/${FPM_SERVICE_NAME} reload
/etc/init.d/munin-node restart
step_ok "Configuration plugin php-fpm pour munin"
fi
############################################################################
2018-04-19 22:41:58 +02:00
DATE=$(date +"%Y-%m-%d")
echo "$DATE [web-add.sh] Ajout $in_login" >> /var/log/evolix.log
}
op_del() {
2019-04-04 11:52:18 +02:00
#
# Mode interactif
#
if [ $# -eq 0 ]; then
echo
echo "Suppression d'un compte WEB"
echo
until [ "$login" ]; do
echo -n "Entrez le login du compte à supprimer : "
read -r tmp
login="$tmp"
done
echo -n "Voulez-vous aussi supprimer un compte/base MySQL ? [y|N]"
read -r confirm
if [ "$confirm" = "y" ] || [ "$confirm" = "Y" ]; then
echo -n "Entrez le nom de la base de donnees ($login par defaut) : "
read -r tmp
if [ -z "$tmp" ]; then
dbname=$login
else
dbname="$tmp"
fi
fi
#
# Mode non interactif
#
else
while getopts hy opt; do
case "$opt" in
y)
force_confirm=1
;;
h)
usage
exit 1
;;
?)
usage
exit 1
;;
esac
done
shift $((OPTIND - 1))
if [ $# -gt 0 ] && [ $# -le 2 ]; then
login=$1
if [ $# -eq 2 ]; then
dbname=$2
fi
else
usage
exit 1
fi
fi
echo
echo "----------------------------------------------"
echo "Nom du compte : $login"
if [ "$dbname" ]; then
echo "Base de données MySQL : $dbname"
fi
echo "----------------------------------------------"
echo
if [ -z "$force_confirm" ]; then
echo -n "Confirmer la suppression ? [y/N] : "
2019-04-04 11:52:18 +02:00
read -r tmp
echo
if [ "$tmp" != "y" ] && [ "$tmp" != "Y" ]; then
echo "Annulation..."
echo
exit 1
fi
fi
set -x
# Crontab dump needs to be done **before** user deletion
if crontab -l -u "$login"; then
crontab -l -u "$login" &> /home/$login/crontab-$(date '+%Y%m%d-%H%M%S').bak
crontab -r -u "$login"
fi
if [ "$WEB_SERVER" == "apache" ]; then
if id www-"$login" &> /dev/null; then
userdel -f www-"$login"
fi
fi
userdel -f "$login"
for php_version in "${PHP_VERSIONS[@]}"; do
if lxc-attach -n php"${php_version}" -- id www-"$login" &> /dev/null; then
lxc-attach -n php"${php_version}" -- userdel -f www-"$login"
fi