mini-buildd-ssh-setup - Idempotent setup script for SSH access
mini-buildd-ssh-setup
[[<ENDPOINT>]|[--purge]] (as user
root)
Idempotent setup script for SSH access
Create and setup three UNIX users that are corresponding to
mini-buildd users of the same name:
- * mini-buildd-uploader:
- Allow uploads via SSH
- * mini-buildd-staff:
- Allow API calls with 'staff' authorization via SSH
- * mini-buildd-admin:
- Allow API calls with 'admin' authorization via SSH
Needed extra work on mini-buildd:
- * BEFORE running this:
- Please create all the three mini-buildd users
- * AFTER running this:
- Please check/configure/activate the Upload Profile for user
mini-buildd-uploader
When this is up:
- * Grant someone access:
- See the example line in created 'authorized_keys' files of the resp.
users.
- * Run API calls:
- 'ssh mini-buildd-staff|admin@<yourhost> mini-buildd-api
<mini_buildd_api_args>'
- Note that you will need the _complete_ arguments, including the correct
user endpoint (like 'http://mini-buildd-staff@<yourhost>:8066')
- * Upload:
- An extra '.dput.cf' will be generated in
'/var/lib/mini-buildd/etc/dput.cf' (for dput_conf API call)
- Authorized users can now also upload with this new target.
Caveats:
Someone with access to 'mini-buildd-uploader' could potentially
copy from or write to arbitrary locations (within the mini-buildd-uploader
user's permissions).