From 99741826f679468e851648a29a69c21f9a902fcb Mon Sep 17 00:00:00 2001 From: Brice Waegeneire Date: Mon, 25 Mar 2024 14:13:33 +0100 Subject: [PATCH 1/4] Fix ssh group membership. We now use split SSH configuration files, so the user was never a member of the ssh group on newly installed systems. This change don't modify the SSH configuration of new systems since evolinux-ssh members' are already allowed to connect by SSH. --- scripts/web-add.sh | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/scripts/web-add.sh b/scripts/web-add.sh index 5ec23ba..0e3f98d 100755 --- a/scripts/web-add.sh +++ b/scripts/web-add.sh @@ -363,14 +363,12 @@ create_www_account() { lxc-attach -n php"${php_version}" -- /usr/sbin/adduser --disabled-password --home "$HOME_DIR_USER"/www --no-create-home --shell /bin/false --gecos "WWW $in_login" www-"$in_login" --uid "$www_uid" --ingroup "$in_login" --force-badname >/dev/null done - if grep -qE '^AllowGroups' /etc/ssh/sshd_config; then - if ! grep -qE "^AllowGroups(\\s+\\S+)*(\\s+$SSH_GROUP)" /etc/ssh/sshd_config; then - sed -i "s/^AllowGroups .*/& $SSH_GROUP/" /etc/ssh/sshd_config - groupadd --force $SSH_GROUP - fi - usermod -a -G $SSH_GROUP "$in_login" - elif grep -qE '^AllowUsers' /etc/ssh/sshd_config; then + if grep -qE '^AllowUsers' /etc/ssh/sshd_config; then sed -i "s/^AllowUsers .*/& $in_login/" /etc/ssh/sshd_config + else + if getent group "$SSH_GROUP" 1>/dev/null 2>&1; then + usermod --append --groups "$SSH_GROUP" "$in_login" + fi fi /etc/init.d/ssh reload -- 2.39.2 From a30ba3337ba4190484fe943d2147321aa5cec9a5 Mon Sep 17 00:00:00 2001 From: Ludovic Poujol Date: Tue, 16 Apr 2024 17:59:01 +0200 Subject: [PATCH 2/4] Update CHANGELOG.md * web-add.sh: Fix ssh group membership (#94) --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index cae8d94..e82ca1c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -21,6 +21,7 @@ The **patch** part changes is incremented if multiple releases happen the same m ### Fixed * letsencrypt: Add required check when retrieving certificate. (Avoid TypeError.) +* web-add.sh: Fix ssh group membership (#94) ### Removed -- 2.39.2 From 188e63376d4a7e0a28813ba36b2ceefcc014862b Mon Sep 17 00:00:00 2001 From: Ludovic Poujol Date: Tue, 16 Apr 2024 18:01:24 +0200 Subject: [PATCH 3/4] Bump version --- scripts/web-add.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/web-add.sh b/scripts/web-add.sh index 0e3f98d..27013e0 100755 --- a/scripts/web-add.sh +++ b/scripts/web-add.sh @@ -14,7 +14,7 @@ set -e -VERSION="23.02" +VERSION="24.04" HOME="/root" CONTACT_MAIL="jdoe@example.org" WWWBOUNCE_MAIL="jdoe@example.org" -- 2.39.2 From a7c1af3d83651c0cc8ab3f9135357848566b46cc Mon Sep 17 00:00:00 2001 From: Ludovic Poujol Date: Tue, 16 Apr 2024 18:02:46 +0200 Subject: [PATCH 4/4] Update changelog for release --- CHANGELOG.md | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index e82ca1c..4a6eb14 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -12,6 +12,20 @@ The **patch** part changes is incremented if multiple releases happen the same m ### Added +### Changed + +### Fixed + +### Removed + +### Security + + + +## [24.04] + +### Added + * Prevent op_del to fail and able to remove web account when part of it is already removed ### Changed -- 2.39.2