nekwebdev/addwebuser

## addwebuser
#!/bin/bash

# This script is to create users for a web server setup using this guide:
# https://coderwall.com/p/zxffsg
# The script will prompt for information as it goes.
source ${ZDOTDIR-$HOME}/.bash/color.bash
# Get the server's IP
ip=$(hostname -i)

info="$(color -b blue)*$(color)"
warn="$(color -b red)*$(color)"

# Ask for information
fnGetInformation() {
    read -p "${info} Enter the linux $(color -b blue)username$(color): " username

    read -s -p "${info} Enter the linux $(color -b blue)password$(color): " password
    echo ""
    read -s -p "${info} Enter the linux $(color -b blue)password$(color) again: " password2
    echo ""
    if [ $password != $password2 ]
    then
        read -p "${warn} Passwords did not match, start again!" username

    read -p "${info} Enter the $(color -b blue)main domain$(color), format: mydomain.com: " domain

    read -p "${info} Enter the $(color -b blue)dev domain$(color), format: dev.mydomain.com: " domain_dev

    read -p "${info} Enter the domain admin $(color -b blue)email$(color): " email

    read -s -p "${info} Enter MySQL $(color -b blue)root password$(color): " sql_rootpass
    echo ""
    read -p "${info} Enter MySQL $(color -b blue)database name$(color), no - only _: " sql_database

    read -p "${info} Enter MySQL new $(color -b blue)user name$(color): " sql_user

    read -s -p "${info} Enter MySQL new $(color -b blue)user password$(color): " sql_userpass
    echo ""
    while true; do
        read -p "${info} Is this a $(color -b blue)jailed$(color) user [y/n]: " yn
        case $yn in
            [Yy]* ) jailed=true; break;;
            [Nn]* ) jailed=false; break;;
            * ) echo "${warn} Please answer yes or no.";;
        esac
    done
}

# Confirm information
fnConfirmInformation() {
    echo ""
    echo "${warn} Will create a user named $(color -b red)$username$(color) with ssh/sftp access"
    echo "${warn} With a home directory in $(color -b red)/home/$username$(color)"
    echo "${warn} Jail status: $(color -b red)$jailed$(color)"
    echo "${warn} Virtual host for $(color -b red)http://www.$domain$(color)"
    echo "${warn} in $(color -b red)/home/$username/www$(color)"
    echo "${warn} Virtual host for $(color -b red)http://$domain_dev$(color)"
    echo "${warn} in $(color -b red)/home/$username/dev$(color)"
    echo "${warn} Local IP: $(color -b red)$ip$(color)"
    echo "${warn} Logs in $(color -b red)/home/$username/logs$(color)"
    echo "${warn} Errors in $(color -b red)/home/$username/errors$(color)"
    echo "${warn} Admin email: $(color -b red)$email$(color)"
    while true; do
        read -p "${warn} Is this information $(color -b red)correct$(color)? [y/n]: " yn
        case $yn in
            [Yy]* ) break;;
            [Nn]* ) exit;;
            * ) echo "${warn} Please answer yes or no.";;
        esac
    done
}

# Create groups
fnAddToGroup() {
    if !(grep -q $2 /etc/group)
    then
            echo "${warn} $(color -b red)$2$(color) group did not exist, this is weird will create it..."
        sudo groupadd $2
    fi
    sudo usermod -a -G $2 $1
}

# Create the web directories
fnCreateWebDirs() {
    sudo mkdir /home/$username/$1
    sudo mkdir /home/$username/$1/public
    sudo chown -R ${username}:www-data /home/$username/$1
    sudo chmod -R 750 /home/$username/$1
    sudo chmod g+rxs /home/$username/$1
    sudo chmod g+rxs /home/$username/$1/public
}

fnCreateVhostTemplate(){
# Create virtualhost template
VHOST=$(cat <<EOF
<VirtualHost *:80>
    ServerAdmin template.email

    ServerName template.url
    DocumentRoot template.webroot
    <Directory />
        Options FollowSymLinks
        AllowOverride All
    </Directory>
    <Directory template.webroot/>
        Options Indexes FollowSymLinks MultiViews
        AllowOverride All
        Order allow,deny
        allow from All
    </Directory>

    ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
    <Directory "/usr/lib/cgi-bin">
        AllowOverride All
        Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
        Order allow,deny
        Allow from all
    </Directory>

    ErrorLog template.error/error.log

    # Possible values include: debug, info, notice, warn, error, crit,
    # alert, emerg.
    LogLevel warn

    CustomLog template.log/access.log combined
</VirtualHost>
EOF
)
echo "${VHOST}" > ~/template
sudo mv ~/template /etc/apache2/sites-available/template
sudo chown root:root /etc/apache2/sites-available/template
}

# Create virtual hosts
fnCreateVhosts() {
    echo "${info} Checking for the virtual host template file..."

    if [ ! -f /etc/apache2/sites-available/template ]; then
        fnCreateVhostTemplate
    fi

    # $1 = sitename.com
    # $2 = dev or www
    echo "${info} Creating new virtual host file for $(color -b blue)$1$(color)"
    echo "${info} that has a webroot of: $(color -b blue)/home/$username/$2/public$(color)"

    sudo cp /etc/apache2/sites-available/template /etc/apache2/sites-available/$1
    sudo sed -i 's/template.email/'$email'/g' /etc/apache2/sites-available/$1
    sudo sed -i 's/template.url/'$1'/g' /etc/apache2/sites-available/$1
    sudo sed -i 's#template.webroot#'/home/$username/$2/public'#g' /etc/apache2/sites-available/$1
    sudo sed -i 's#template.error#'/home/$username/errors'#g' /etc/apache2/sites-available/$1
    sudo sed -i 's#template.log#'/home/$username/logs'#g' /etc/apache2/sites-available/$1

    echo "${info} Adding $(color -b blue)$1$(color) to the $(color -b blue)/etc/hosts$(color) file..."

    if [ $2 = "dev" ]
    then
        sudo sed -i '1s/^/'$ip'       '$1'     '$username'\n/' /etc/hosts
    else
        sudo sed -i '1s/^/'$ip'       '$1'     '$1'\n/' /etc/hosts
    fi

    sudo a2ensite $1 >/dev/null
}

# Get information for the script
fnGetInformation
fnConfirmInformation

# Good to go!
# Change umask
umask 077

# Grant sudo rights to script
sudo -v

# Create our user.
echo "${info} Creating new user named $(color -b blue)$username$(color)"
sudo groupadd $username
sudo useradd -s /bin/bash -m -g ${username} -d /home/${username} ${username}
echo -e "$password\n$password\n" | sudo passwd $username

# Make sure it can login with ssh
fnAddToGroup $username "sshlogin"

# Prepare directories and permissions
sudo chmod 711 /home/$username
sudo chown -R ${username}:www-data /home/$username/logs
sudo chown -R ${username}:www-data /home/$username/errors
sudo chmod 770 /home/$username/logs
sudo chmod 770 /home/$username/errors
sudo chmod g+rwxs /home/$username/logs
sudo chmod g+rwxs /home/$username/errors

# Create the main domain virtual host
fnCreateWebDirs "www"
fnCreateVhosts $domain "www"

# Create the dev domain virtual host
fnCreateWebDirs "dev"
fnCreateVhosts $domain_dev "dev"

# Create MySQL database and user
sudo mysql -u root -p$sql_rootpass -Bse "CREATE DATABASE $sql_database;"
sudo mysql -u root -p$sql_rootpass -Bse "GRANT ALL ON ${sql_database}.* to ${sql_user}@'localhost' identified by '$sql_userpass';"

sudo service apache2 reload >/dev/null

# Check if we need to jail the user
if [ $jailed = "true" ]
then
    fnAddToGroup $username "lshell"
    # Make sure root owns the user's home folder for SSH/sftp chrooting
    sudo chown root:root /home/$username
    sudo chmod 755 /home/$username
    echo "${warn} $(color -b red)$username$(color) is now jailed."
fi

echo "${warn} WARNING: umask will be changed to 077 by this script."
echo "${warn} Remember to revert it if you do not use 077 as default."
exit 1
	#!/bin/bash

	# This script is to create users for a web server setup using this guide:
	# https://coderwall.com/p/zxffsg
	# The script will prompt for information as it goes.
	source ${ZDOTDIR-$HOME}/.bash/color.bash
	# Get the server's IP
	ip=$(hostname -i)

	info="$(color -b blue)*$(color)"
	warn="$(color -b red)*$(color)"

	# Ask for information
	fnGetInformation() {
	read -p "${info} Enter the linux $(color -b blue)username$(color): " username

	read -s -p "${info} Enter the linux $(color -b blue)password$(color): " password
	echo ""
	read -s -p "${info} Enter the linux $(color -b blue)password$(color) again: " password2
	echo ""
	if [ $password != $password2 ]
	then
	read -p "${warn} Passwords did not match, start again!" username

	read -p "${info} Enter the $(color -b blue)main domain$(color), format: mydomain.com: " domain

	read -p "${info} Enter the $(color -b blue)dev domain$(color), format: dev.mydomain.com: " domain_dev

	read -p "${info} Enter the domain admin $(color -b blue)email$(color): " email

	read -s -p "${info} Enter MySQL $(color -b blue)root password$(color): " sql_rootpass
	echo ""
	read -p "${info} Enter MySQL $(color -b blue)database name$(color), no - only _: " sql_database

	read -p "${info} Enter MySQL new $(color -b blue)user name$(color): " sql_user

	read -s -p "${info} Enter MySQL new $(color -b blue)user password$(color): " sql_userpass
	echo ""
	while true; do
	read -p "${info} Is this a $(color -b blue)jailed$(color) user [y/n]: " yn
	case $yn in
	[Yy]* ) jailed=true; break;;
	[Nn]* ) jailed=false; break;;
	* ) echo "${warn} Please answer yes or no.";;
	esac
	done
	}

	# Confirm information
	fnConfirmInformation() {
	echo ""
	echo "${warn} Will create a user named $(color -b red)$username$(color) with ssh/sftp access"
	echo "${warn} With a home directory in $(color -b red)/home/$username$(color)"
	echo "${warn} Jail status: $(color -b red)$jailed$(color)"
	echo "${warn} Virtual host for $(color -b red)http://www.$domain$(color)"
	echo "${warn} in $(color -b red)/home/$username/www$(color)"
	echo "${warn} Virtual host for $(color -b red)http://$domain_dev$(color)"
	echo "${warn} in $(color -b red)/home/$username/dev$(color)"
	echo "${warn} Local IP: $(color -b red)$ip$(color)"
	echo "${warn} Logs in $(color -b red)/home/$username/logs$(color)"
	echo "${warn} Errors in $(color -b red)/home/$username/errors$(color)"
	echo "${warn} Admin email: $(color -b red)$email$(color)"
	while true; do
	read -p "${warn} Is this information $(color -b red)correct$(color)? [y/n]: " yn
	case $yn in
	[Yy]* ) break;;
	[Nn]* ) exit;;
	* ) echo "${warn} Please answer yes or no.";;
	esac
	done
	}

	# Create groups
	fnAddToGroup() {
	if !(grep -q $2 /etc/group)
	then
	echo "${warn} $(color -b red)$2$(color) group did not exist, this is weird will create it..."
	sudo groupadd $2
	fi
	sudo usermod -a -G $2 $1
	}

	# Create the web directories
	fnCreateWebDirs() {
	sudo mkdir /home/$username/$1
	sudo mkdir /home/$username/$1/public
	sudo chown -R ${username}:www-data /home/$username/$1
	sudo chmod -R 750 /home/$username/$1
	sudo chmod g+rxs /home/$username/$1
	sudo chmod g+rxs /home/$username/$1/public
	}

	fnCreateVhostTemplate(){
	# Create virtualhost template
	VHOST=$(cat <<EOF
	<VirtualHost *:80>
	ServerAdmin template.email

	ServerName template.url
	DocumentRoot template.webroot
	<Directory />
	Options FollowSymLinks
	AllowOverride All
	</Directory>
	<Directory template.webroot/>
	Options Indexes FollowSymLinks MultiViews
	AllowOverride All
	Order allow,deny
	allow from All
	</Directory>

	ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
	<Directory "/usr/lib/cgi-bin">
	AllowOverride All
	Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
	Order allow,deny
	Allow from all
	</Directory>

	ErrorLog template.error/error.log

	# Possible values include: debug, info, notice, warn, error, crit,
	# alert, emerg.
	LogLevel warn

	CustomLog template.log/access.log combined
	</VirtualHost>
	EOF
	)
	echo "${VHOST}" > ~/template
	sudo mv ~/template /etc/apache2/sites-available/template
	sudo chown root:root /etc/apache2/sites-available/template
	}

	# Create virtual hosts
	fnCreateVhosts() {
	echo "${info} Checking for the virtual host template file..."

	if [ ! -f /etc/apache2/sites-available/template ]; then
	fnCreateVhostTemplate
	fi

	# $1 = sitename.com
	# $2 = dev or www
	echo "${info} Creating new virtual host file for $(color -b blue)$1$(color)"
	echo "${info} that has a webroot of: $(color -b blue)/home/$username/$2/public$(color)"

	sudo cp /etc/apache2/sites-available/template /etc/apache2/sites-available/$1
	sudo sed -i 's/template.email/'$email'/g' /etc/apache2/sites-available/$1
	sudo sed -i 's/template.url/'$1'/g' /etc/apache2/sites-available/$1
	sudo sed -i 's#template.webroot#'/home/$username/$2/public'#g' /etc/apache2/sites-available/$1
	sudo sed -i 's#template.error#'/home/$username/errors'#g' /etc/apache2/sites-available/$1
	sudo sed -i 's#template.log#'/home/$username/logs'#g' /etc/apache2/sites-available/$1

	echo "${info} Adding $(color -b blue)$1$(color) to the $(color -b blue)/etc/hosts$(color) file..."

	if [ $2 = "dev" ]
	then
	sudo sed -i '1s/^/'$ip' '$1' '$username'\n/' /etc/hosts
	else
	sudo sed -i '1s/^/'$ip' '$1' '$1'\n/' /etc/hosts
	fi

	sudo a2ensite $1 >/dev/null
	}

	# Get information for the script
	fnGetInformation
	fnConfirmInformation

	# Good to go!
	# Change umask
	umask 077

	# Grant sudo rights to script
	sudo -v

	# Create our user.
	echo "${info} Creating new user named $(color -b blue)$username$(color)"
	sudo groupadd $username
	sudo useradd -s /bin/bash -m -g ${username} -d /home/${username} ${username}
	echo -e "$password\n$password\n" \| sudo passwd $username

	# Make sure it can login with ssh
	fnAddToGroup $username "sshlogin"

	# Prepare directories and permissions
	sudo chmod 711 /home/$username
	sudo chown -R ${username}:www-data /home/$username/logs
	sudo chown -R ${username}:www-data /home/$username/errors
	sudo chmod 770 /home/$username/logs
	sudo chmod 770 /home/$username/errors
	sudo chmod g+rwxs /home/$username/logs
	sudo chmod g+rwxs /home/$username/errors

	# Create the main domain virtual host
	fnCreateWebDirs "www"
	fnCreateVhosts $domain "www"

	# Create the dev domain virtual host
	fnCreateWebDirs "dev"
	fnCreateVhosts $domain_dev "dev"

	# Create MySQL database and user
	sudo mysql -u root -p$sql_rootpass -Bse "CREATE DATABASE $sql_database;"
	sudo mysql -u root -p$sql_rootpass -Bse "GRANT ALL ON ${sql_database}.* to ${sql_user}@'localhost' identified by '$sql_userpass';"

	sudo service apache2 reload >/dev/null

	# Check if we need to jail the user
	if [ $jailed = "true" ]
	then
	fnAddToGroup $username "lshell"
	# Make sure root owns the user's home folder for SSH/sftp chrooting
	sudo chown root:root /home/$username
	sudo chmod 755 /home/$username
	echo "${warn} $(color -b red)$username$(color) is now jailed."
	fi

	echo "${warn} WARNING: umask will be changed to 077 by this script."
	echo "${warn} Remember to revert it if you do not use 077 as default."
	exit 1