direct-online/vito
2
0
Fork 0
mirror of https://github.com/vitodeploy/vito.git synced 2025-07-02 14:36:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

Isolate Users (#431)

Browse Source 
* WIP to isolate users

* Resolved issue with SSH AsUser

Updated Isolated User Script to use Server User for Team Access
Updated Path creation script to simplify for running as the isolated user

* Included the server user

* PHPMyAdmin script updated

Wordpress Script Updated
Updated Execute Script to support executing as isolated users

* Issue Resolution & Resolved Failing Unit Tests

* Fix for isolated_username vs user

* Run the deploy as the isolated user

* queue updates for isolated user

* Support isolated users in cronjobs

* script tests for isolated users

* Queue tests for isolated users

* Cronjob tests for isolated user

* Removed default queue command for laravel apps

* add default user to factory

* laravel pint fixes

* ensure echos are consistent

* removed unneeded parameter

* update

* fix queues for isolated users

* revert addslashes

---------

Co-authored-by: Saeed Vaziry <mr.saeedvaziry@gmail.com>
This commit is contained in:
Richard Anderson
2025-01-18 00:17:48 +00:00
committed by GitHub
parent 5947ae80bb
commit c1ae58772c
50 changed files with 717 additions and 69 deletions
Download Patch File Download Diff File Expand all files Collapse all files

36
app/SSH/OS/OS.php
View File

@ -5,6 +5,7 @@
use App\Exceptions\SSHUploadFailed;
use App\Models\Server;
use App\Models\ServerLog;
use App\Models\Site;
use App\SSH\HasScripts;
use Illuminate\Filesystem\FilesystemAdapter;
use Illuminate\Support\Facades\Storage;
@ -58,6 +59,30 @@ public function createUser(string $user, string $password, string $key): void
);
}
public function createIsolatedUser(string $user, string $password, int $site_id): void
{
$this->server->ssh()->exec(
$this->getScript('create-isolated-user.sh', [
'user' => $user,
'server_user' => $this->server->getSshUser(),
'password' => $password,
]),
'create-isolated-user',
$site_id
);
}
public function deleteIsolatedUser(string $user): void
{
$this->server->ssh()->exec(
$this->getScript('delete-isolated-user.sh', [
'user' => $user,
'server_user' => $this->server->getSshUser(),
]),
'delete-isolated-user'
);
}
public function getPublicKey(string $user): string
{
return $this->server->ssh()->exec(
@ -88,19 +113,20 @@ public function deleteSSHKey(string $key): void
);
}
public function generateSSHKey(string $name): void
public function generateSSHKey(string $name, ?Site $site = null): void
{
$this->server->ssh()->exec(
$site->server->ssh($site->user)->exec(
$this->getScript('generate-ssh-key.sh', [
'name' => $name,
]),
'generate-ssh-key'
'generate-ssh-key',
$site?->id
);
}
public function readSSHKey(string $name): string
public function readSSHKey(string $name, ?Site $site = null): string
{
return $this->server->ssh()->exec(
return $site->server->ssh($site->user)->exec(
$this->getScript('read-ssh-key.sh', [
'name' => $name,
]),

17
app/SSH/OS/scripts/create-isolated-user.sh Normal file
View File

@ -0,0 +1,17 @@
export DEBIAN_FRONTEND=noninteractive
if ! sudo useradd -p $(openssl passwd -1 __password__) __user__; then
echo 'VITO_SSH_ERROR' && exit 1
fi
sudo mkdir /home/__user__
sudo mkdir /home/__user__/.logs
sudo mkdir /home/__user__/tmp
sudo mkdir /home/__user__/bin
sudo mkdir /home/__user__/.ssh
echo 'export PATH="/home/__user__/bin:$PATH"' | sudo tee -a /home/__user__/.bashrc
sudo usermod -a -G __user__ __server_user__
sudo chown -R __user__:__user__ /home/__user__
sudo chmod -R 755 /home/__user__
sudo chmod -R 700 /home/__user__/.ssh
sudo chsh -s /bin/bash __user__
echo "Created user __user__."

3
app/SSH/OS/scripts/delete-isolated-user.sh Normal file
View File

@ -0,0 +1,3 @@
sudo gpasswd -d __server_user__ __user__
sudo userdel -r "__user__"
echo "User __user__ has been deleted."