.\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.49.3.
.TH MINI-BUILDD-SSH-SETUP "8" "May 2024" "mini-buildd-ssh-setup 2.0.16" "System Administration Utilities"
.SH NAME
mini-buildd-ssh-setup \- Idempotent setup script for SSH access
.SH SYNOPSIS
.B mini-buildd-ssh-setup
[[\fI\,<ENDPOINT>\/\fR]\fI\,|\/\fR[\fI\,--purge\/\fR]]  \fI\,(as user root)\/\fR
.SH DESCRIPTION
Idempotent setup script for SSH access
.PP
Create and setup three UNIX users that are corresponding to mini\-buildd users of the same name:
.TP
* mini\-buildd\-uploader:
Allow uploads via SSH
.TP
* mini\-buildd\-staff:
Allow API calls with 'staff' authorization via SSH
.TP
* mini\-buildd\-admin:
Allow API calls with 'admin' authorization via SSH
.PP
Needed extra work on mini\-buildd:
.TP
* BEFORE running this:
Please create all the three mini\-buildd users
.TP
* AFTER running this:
Please check/configure/activate the Upload Profile for user mini\-buildd\-uploader
.PP
When this is up:
.TP
* Grant someone access:
See the example line in created 'authorized_keys' files of the resp. users.
.TP
* Run API calls:
\&'ssh mini\-buildd\-staff|admin@<yourhost> mini\-buildd\-api <mini_buildd_api_args>'
.IP
Note that you will need the _complete_ arguments, including the correct user endpoint (like 'http://mini\-buildd\-staff@<yourhost>:8066')
.TP
* Upload:
An extra '.dput.cf' will be generated in '/var/lib/mini\-buildd/etc/dput.cf' (for dput_conf API call)
.IP
Authorized users can now also upload with this new target.
.PP
Caveats:
.PP
Someone with access to 'mini\-buildd\-uploader' could potentially copy from or write to arbitrary locations (within the
mini\-buildd\-uploader user's permissions).