optional: force excecution with a given user only

beda3030 · Hahn Axel (hahn) · a5f17c4f · beda3030 · beda3030 · beda3030
Commit beda3030 authored 4 years ago by Hahn Axel (hahn)
--- a/cm.sh
+++ b/cm.sh
@@ -19,6 +19,7 @@
 # 2021-03-12  <axel.hahn@iml.unibe.ch>  create file for haproxy
 # 2021-03-22  <axel.hahn@iml.unibe.ch>  for haproxy: use chained cert instead of server cert
 # 2021-04-12  <axel.hahn@iml.unibe.ch>  reject multiple usage of fqdn in cli params
+# 2021-04-12  <axel.hahn@iml.unibe.ch>  optional: force excecution with a given user only
 # ======================================================================
@@ -220,6 +221,18 @@ function _testStaging(){
 	fi
 	echo
 }
+# internal function; if a user was set as CM_user then verify it with
+# current user
+function _testUser(){
+	if [ ! -z "$CM_user" ]; then
+		local _sUser=`id | cut -f 2 -d "(" | cut -f 1 -d ")"`
+		if [[ $_sUser != "$CM_user" ]]; then
+			echo "ERROR: Run this script under user [$CM_user] - not as $_sUser."
+			exit 1
+		fi
+	fi
+}
 # set update message in a file
 # param  string(s)  message
@@ -528,6 +541,7 @@ if [ $? -ne 0 ]; then
 	exit 1
 fi
+_testUser
 _testStaging
 test -z "${CM_diracme}" && CM_diracme=./certs

--- a/inc_config.sh.dist
+++ b/inc_config.sh.dist
@@ -43,4 +43,9 @@ export ACME=../acme.sh/acme.sh
 # have no permission
 # export CM_certmatch="\.example\.com"
+# optional: force a user to execute cm.sh
+# this is for a central installation with a software deployment
+# like Ansible or puppet; default: none (=any user can run cm.sh)
+# export CM_user="ansible"
 # ----------------------------------------------------------------------
--- a/readme.md
+++ b/readme.md
@@ -25,9 +25,9 @@ A suggested structure is having acme.sh and this wrapper below the same parent d
 ```text
 /opt/letsenecrypt/
  |
-  +-- acms.sh/
+  +-- acme.sh/
  |     |
-  |     + acms.sh
+  |     + acme.sh
  |     + ...
  |
  +-- iml-certman/