From 99741826f679468e851648a29a69c21f9a902fcb Mon Sep 17 00:00:00 2001 From: Brice Waegeneire Date: Mon, 25 Mar 2024 14:13:33 +0100 Subject: [PATCH] Fix ssh group membership. We now use split SSH configuration files, so the user was never a member of the ssh group on newly installed systems. This change don't modify the SSH configuration of new systems since evolinux-ssh members' are already allowed to connect by SSH. --- scripts/web-add.sh | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/scripts/web-add.sh b/scripts/web-add.sh index 5ec23ba..0e3f98d 100755 --- a/scripts/web-add.sh +++ b/scripts/web-add.sh @@ -363,14 +363,12 @@ create_www_account() { lxc-attach -n php"${php_version}" -- /usr/sbin/adduser --disabled-password --home "$HOME_DIR_USER"/www --no-create-home --shell /bin/false --gecos "WWW $in_login" www-"$in_login" --uid "$www_uid" --ingroup "$in_login" --force-badname >/dev/null done - if grep -qE '^AllowGroups' /etc/ssh/sshd_config; then - if ! grep -qE "^AllowGroups(\\s+\\S+)*(\\s+$SSH_GROUP)" /etc/ssh/sshd_config; then - sed -i "s/^AllowGroups .*/& $SSH_GROUP/" /etc/ssh/sshd_config - groupadd --force $SSH_GROUP - fi - usermod -a -G $SSH_GROUP "$in_login" - elif grep -qE '^AllowUsers' /etc/ssh/sshd_config; then + if grep -qE '^AllowUsers' /etc/ssh/sshd_config; then sed -i "s/^AllowUsers .*/& $in_login/" /etc/ssh/sshd_config + else + if getent group "$SSH_GROUP" 1>/dev/null 2>&1; then + usermod --append --groups "$SSH_GROUP" "$in_login" + fi fi /etc/init.d/ssh reload