Change helper scripts to use less permissions

.gitignore

@@ -105,6 +105,6 @@ dist
 
 
 # local env files
- .env*.local
- config/repo.json
- config/users.json
+.env*.local
+config/repo.json
+config/users.json

config/repo.json

@@ -1 +0,0 @@
-[]

config/users.json

@@ -1 +0,0 @@
-[{"id":0,"email":"admin@demo.fr","username":"admin","password":"$2a$12$20yqRnuaDBH6AE0EvIUcEOzqkuBtn1wDzJdw2Beg8w9S.vEqdso0a","roles":["admin"]}]

helpers/shells/createRepo.sh

@@ -28,7 +28,7 @@ fi
 # This pattern validates SSH public keys for : rsa, ed25519, ed25519-sk
 pattern='(ssh-ed25519 AAAAC3NzaC1lZDI1NTE5|sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29t|ssh-rsa AAAAB3NzaC1yc2)[0-9A-Za-z+/]+[=]{0,3}(\s.*)?'
 if [[ ! "$2" =~ $pattern ]]
-then	
+then
     echo "Invalid public SSH KEY format. Provide a key in OpenSSH format (rsa, ed25519, ed25519-sk)"
     exit 2
 fi
@@ -65,9 +65,6 @@ sudo mkdir -p ${home}/.ssh
 ## Create autorized_keys file
 sudo touch ${home}/.ssh/authorized_keys
 
-## Create ${pool}
-sudo mkdir -p ${pool}
-
 ## Create the repo
 sudo mkdir -p "${pool}/$1"
 
@@ -79,12 +76,13 @@ if [ ! -f "${authorized_keys}" ];then
 fi
 
 ## Change permissions
-sudo chmod -R 700 ${home}
+sudo chmod -R 750 ${home}
 sudo chmod 600 ${authorized_keys}
-sudo chown -R ${user}:${user} ${home}
+sudo chown -R ${user}:borgwarehouse ${home}
 
 ## Add ssh public key in authorized_keys with borg restriction for only 1 repository (:$1) and storage quota
-sudo -u ${user} bash -c "echo 'command=\"cd ${pool};borg serve --restrict-to-repository ${pool}/$1 --storage-quota $3G\",restrict $2' >> ${authorized_keys}"
+restricted_authkeys="command=\"cd ${pool};borg serve --restrict-to-repository ${pool}/$1 --storage-quota $3G\",restrict $2"
+echo "$restricted_authkeys" | sudo tee ${authorized_keys} >/dev/null
 
 ## Return the unix user
-echo ${user}
+echo ${user}

helpers/shells/deleteRepo.sh

@@ -8,7 +8,7 @@
 set -e
 
 # Check arg
-if [ "$1" == "" ];then
+if [[ $# -ne 1 || $1 = "" ]]; then
     echo "You must provide a username in argument."
     exit 1
 fi
@@ -23,11 +23,10 @@ then
 fi
 
 # Delete the user if it exists
-if sudo grep -q $1 /etc/passwd
-then
+if id "$1" &>/dev/null; then
     sudo userdel -rf $1
     echo "The user $1 and all his data have been deleted"
 else
     echo "The user $1 does not exist"
     exit 3
-fi
+fi

helpers/shells/getLastSave.sh

@@ -22,4 +22,4 @@
 # Exit when any command fails
 set -e
 
-sudo bash -c 'stat -c {\"user\":\"%U\",\"lastSave\":%Y\} /var/borgwarehouse/*/repos/*/integrity* | jq -s'
+stat -c {\"user\":\"%U\",\"lastSave\":%Y\} /var/borgwarehouse/*/repos/*/integrity* | jq -s

helpers/shells/getStorageUsed.sh

@@ -16,4 +16,4 @@ set -e
 
 # Use jc to output a JSON format with du command
 cd /var/borgwarehouse
-sudo jc du -s *
+jc du -s *

helpers/shells/updateRepo.sh

@@ -20,7 +20,7 @@ home="/var/borgwarehouse/$1"
 # This pattern validates SSH public keys for : rsa, ed25519, ed25519-sk
 pattern='(ssh-ed25519 AAAAC3NzaC1lZDI1NTE5|sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29t|ssh-rsa AAAAB3NzaC1yc2)[0-9A-Za-z+/]+[=]{0,3}(\s.*)?'
 if [[ ! "$2" =~ $pattern ]]
-then	
+then
     echo "Invalid public SSH KEY format. Provide a key in OpenSSH format (rsa, ed25519, ed25519-sk)"
     exit 2
 fi
@@ -35,8 +35,7 @@ then
 fi
 
 # Check if the user exists
-if ! sudo grep -q $1 /etc/passwd
-then
+if ! id "$1" &>/dev/null; then
     echo "The user $1 does not exist"
     exit 4
 fi
@@ -45,4 +44,4 @@ fi
 sudo sed -ri "s|(command=\".*\",restrict ).*|\1$2|g" "$home/.ssh/authorized_keys"
 
 # Modify authorized_keys for the user : only the quota is modify with this regex
-sudo sed -ri "s|--storage-quota.*\"|--storage-quota $3G\"|g" "$home/.ssh/authorized_keys"
+sudo sed -ri "s|--storage-quota.*\"|--storage-quota $3G\"|g" "$home/.ssh/authorized_keys"