diff --git a/cm.sh b/cm.sh index c2759f7cca50821996a5f2a03be67027f266ad6d..400039f5d9426224411dacb2c9708ac1194b1ffd 100755 --- a/cm.sh +++ b/cm.sh @@ -19,6 +19,7 @@ # 2021-03-12 <axel.hahn@iml.unibe.ch> create file for haproxy # 2021-03-22 <axel.hahn@iml.unibe.ch> for haproxy: use chained cert instead of server cert # 2021-04-12 <axel.hahn@iml.unibe.ch> reject multiple usage of fqdn in cli params +# 2021-04-12 <axel.hahn@iml.unibe.ch> optional: force excecution with a given user only # ====================================================================== @@ -220,6 +221,18 @@ function _testStaging(){ fi echo } +# internal function; if a user was set as CM_user then verify it with +# current user +function _testUser(){ + if [ ! -z "$CM_user" ]; then + local _sUser=`id | cut -f 2 -d "(" | cut -f 1 -d ")"` + if [[ $_sUser != "$CM_user" ]]; then + echo "ERROR: Run this script under user [$CM_user] - not as $_sUser." + exit 1 + fi + fi + +} # set update message in a file # param string(s) message @@ -528,6 +541,7 @@ if [ $? -ne 0 ]; then exit 1 fi +_testUser _testStaging test -z "${CM_diracme}" && CM_diracme=./certs diff --git a/inc_config.sh.dist b/inc_config.sh.dist index a5574099c8e14986e0783e94c873601b2e8988dc..9b12fcd6c70a19cf5fe838c28f58d5fe11530fa6 100644 --- a/inc_config.sh.dist +++ b/inc_config.sh.dist @@ -43,4 +43,9 @@ export ACME=../acme.sh/acme.sh # have no permission # export CM_certmatch="\.example\.com" +# optional: force a user to execute cm.sh +# this is for a central installation with a software deployment +# like Ansible or puppet; default: none (=any user can run cm.sh) +# export CM_user="ansible" + # ---------------------------------------------------------------------- diff --git a/readme.md b/readme.md index 60bb6effddf1137f98df539fa17428a45fd84e15..127e83296c26c982fea3155c50d5b812d54a17c3 100644 --- a/readme.md +++ b/readme.md @@ -25,9 +25,9 @@ A suggested structure is having acme.sh and this wrapper below the same parent d ```text /opt/letsenecrypt/ | - +-- acms.sh/ + +-- acme.sh/ | | - | + acms.sh + | + acme.sh | + ... | +-- iml-certman/