NAME¶

mini-buildd-ssh-setup - Idempotent setup script for SSH access

SYNOPSIS¶

mini-buildd-ssh-setup [[<ENDPOINT>]|[--purge]] (as user root)

DESCRIPTION¶

Idempotent setup script for SSH access

Create and setup three UNIX users that are corresponding to mini-buildd users of the same name:

* mini-buildd-uploader: Allow uploads via SSH * mini-buildd-staff: Allow API calls with 'staff' authorization via SSH * mini-buildd-admin: Allow API calls with 'admin' authorization via SSH

Needed extra work on mini-buildd:

* BEFORE running this: Please create all the three mini-buildd users * AFTER running this: Please check/configure/activate the Upload Profile for user mini-buildd-uploader

When this is up:

* Grant someone access: See the example line in created 'authorized_keys' files of the resp. users. * Run API calls: 'ssh mini-buildd-staff|admin@<yourhost> mini-buildd-api <mini_buildd_api_args>'

Note that you will need the _complete_ arguments, including the correct user endpoint (like 'http://mini-buildd-staff@<yourhost>:8066')

* Upload: An extra '.dput.cf' will be generated in '/var/lib/mini-buildd/etc/dput.cf' (will will also show on the dput_conf API

call). Authorized users can now also upload with this new target.

Caveats:

* Someone with access to 'mini-buildd-uploader' could potentially copy from or write to arbitrary locations (within

the mini-buildd-uploader user's permissions).