From 9b7d736da2267db07f0a02a6b63a6b236e80b04f Mon Sep 17 00:00:00 2001 From: wh1te909 Date: Sun, 12 Jan 2020 01:44:24 +0000 Subject: [PATCH] create separate user for salt api pam auth --- install.sh | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/install.sh b/install.sh index 1c2fdf9d..432c9ac5 100755 --- a/install.sh +++ b/install.sh @@ -7,6 +7,7 @@ fi DJANGO_SEKRET=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 50 | head -n 1) +SALTPW=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 16 | head -n 1) GREEN='\033[0;32m' YELLOW='\033[1;33m' @@ -32,8 +33,6 @@ echo -ne "${YELLOW}Create a username for the postgres database${NC}: " read pgusername echo -ne "${YELLOW}Create a password for the postgres database${NC}: " read pgpw -echo -ne "${YELLOW}Enter your linux password for ${GREEN}${USER}${NC}: " -read linuxpw echo -ne "${YELLOW}Enter the backend API domain for the rmm${NC}: " read rmmdomain echo -ne "${YELLOW}Enter the frontend domain for the rmm${NC}: " @@ -48,6 +47,12 @@ echo -ne "${YELLOW}Please use google authenticator and enter TOTP code${NC}: " read twofactor +print_green 'Creating saltapi user' + +sudo adduser --no-create-home --disabled-password --gecos "" saltapi +echo "saltapi:${SALTPW}" | sudo chpasswd + + print_green 'Installing Nginx' sudo add-apt-repository -y ppa:nginx/stable @@ -198,8 +203,8 @@ EMAIL_HOST_PASSWORD = 'yourgmailpassword' EMAIL_PORT = 587 EMAIL_ALERT_RECIPIENTS = ["jsmith@example.com",] -SALT_USERNAME = "${USER}" -SALT_PASSWORD = "${linuxpw}" +SALT_USERNAME = "saltapi" +SALT_PASSWORD = "${SALTPW}" MESH_USERNAME = "${meshusername}" MESH_SITE = "https://${meshdomain}" TWO_FACTOR_OTP = "${twofactor}" @@ -375,7 +380,7 @@ gather_job_timeout: 30 max_event_size: 30485760 external_auth: pam: - ${USER}: + saltapi: - .* - '@runner' - '@wheel'