From 56584e4a7247891fbb4443b61cd0b8a740d2ec34 Mon Sep 17 00:00:00 2001 From: XiYang6666 <1782356858@qq.com> Date: Sat, 21 Jun 2025 13:17:27 +0800 Subject: [PATCH 1/3] feat: support add groups for user --- README.md | 3 +++ rootfs/etc/cont-init.d/01-config.sh | 13 +++++++++++++ 2 files changed, 16 insertions(+) diff --git a/README.md b/README.md index f82714e..8264ae0 100644 --- a/README.md +++ b/README.md @@ -127,6 +127,9 @@ auth: uid: 1000 gid: 1000 password: bar + groups: + - group1:2000 + - group2:2001 - user: baz group: xxx uid: 1100 diff --git a/rootfs/etc/cont-init.d/01-config.sh b/rootfs/etc/cont-init.d/01-config.sh index 4ebbe29..abd0869 100755 --- a/rootfs/etc/cont-init.d/01-config.sh +++ b/rootfs/etc/cont-init.d/01-config.sh @@ -121,6 +121,19 @@ if [[ "$(yq --output-format=json e '(.. | select(tag == "!!str")) |= envsubst' " echo "Creating user $(_jq '.user')/$(_jq '.group') ($(_jq '.uid'):$(_jq '.gid'))" id -g "$(_jq '.gid')" &>/dev/null || id -gn "$(_jq '.group')" &>/dev/null || addgroup -g "$(_jq '.gid')" -S "$(_jq '.group')" id -u "$(_jq '.uid')" &>/dev/null || id -un "$(_jq '.user')" &>/dev/null || adduser -u "$(_jq '.uid')" -G "$(_jq '.group')" "$(_jq '.user')" -SHD + groups=$(_jq '.groups') + if [[ "$groups" != "null" ]]; then + for group_spec in $(echo "$groups" | jq -r '.[]'); do + group_name=$(echo "$group_spec" | cut -d: -f1) + group_gid=$(echo "$group_spec" | cut -d: -f2) + if ! id -g "$group_gid" &>/dev/null && ! id -gn "$group_name" &>/dev/null; then + echo "Creating supplementary group $group_name ($group_gid)" + addgroup -g "$group_gid" -S "$group_name" + fi + echo "Adding user $(_jq '.user') to group $group_name" + addgroup "$(_jq '.user')" "$group_name" + done + fi echo -e "$password\n$password" | smbpasswd -a -s "$(_jq '.user')" unset password done From ef6608f93956839ffe735062f17b103d41500b02 Mon Sep 17 00:00:00 2001 From: XiYang6666 <1782356858@qq.com> Date: Sat, 21 Jun 2025 21:18:33 +0800 Subject: [PATCH 2/3] chore: add test --- test/data/config.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/test/data/config.yml b/test/data/config.yml index 7e48fd3..6d235c8 100644 --- a/test/data/config.yml +++ b/test/data/config.yml @@ -4,6 +4,9 @@ auth: uid: 1000 gid: 1000 password: bar + groups: + - group1:2001 + - group2:2002 - user: yyy group: xxx uid: 1100 From a73fb03c667af886b8a68262a75b44d4dcb4655d Mon Sep 17 00:00:00 2001 From: XiYang6666 <1782356858@qq.com> Date: Sat, 21 Jun 2025 21:49:31 +0800 Subject: [PATCH 3/3] feat: improve group impl --- README.md | 8 +++++--- rootfs/etc/cont-init.d/01-config.sh | 26 ++++++++++++++++---------- test/data/config.yml | 8 +++++--- 3 files changed, 26 insertions(+), 16 deletions(-) diff --git a/README.md b/README.md index 8264ae0..85c17ae 100644 --- a/README.md +++ b/README.md @@ -127,15 +127,17 @@ auth: uid: 1000 gid: 1000 password: bar - groups: - - group1:2000 - - group2:2001 + groups: [qux, quux] - user: baz group: xxx uid: 1100 gid: 1200 password_file: /run/secrets/baz_password +group: + qux: 2001 + quux: 2002 + global: - "force user = foo" - "force group = foo" diff --git a/rootfs/etc/cont-init.d/01-config.sh b/rootfs/etc/cont-init.d/01-config.sh index abd0869..e6b9699 100755 --- a/rootfs/etc/cont-init.d/01-config.sh +++ b/rootfs/etc/cont-init.d/01-config.sh @@ -109,6 +109,18 @@ bind interfaces only = yes EOL fi +if [[ "$(yq --output-format=json e '(.. | select(tag == "!!str")) |= envsubst' "${CONFIG_FILE}" 2>/dev/null | jq '.group')" != "null" ]]; then + for group_entry in $(yq -j e '(.. | select(tag == "!!str")) |= envsubst' "${CONFIG_FILE}" 2>/dev/null | jq -r '.group | to_entries[] | @base64'); do + _jq() { + echo "${group_entry}" | base64 --decode | jq -r "${1}" + } + group_name=$(_jq '.key') + group_id=$(_jq '.value') + echo "Creating group $group_name with GID $group_id" + id -g "$group_id" &>/dev/null || id -gn "$group_name" &>/dev/null || addgroup -g "$group_id" -S "$group_name" + done +fi + if [[ "$(yq --output-format=json e '(.. | select(tag == "!!str")) |= envsubst' "${CONFIG_FILE}" 2>/dev/null | jq '.auth')" != "null" ]]; then for auth in $(yq -j e '(.. | select(tag == "!!str")) |= envsubst' "${CONFIG_FILE}" 2>/dev/null | jq -r '.auth[] | @base64'); do _jq() { @@ -123,16 +135,10 @@ if [[ "$(yq --output-format=json e '(.. | select(tag == "!!str")) |= envsubst' " id -u "$(_jq '.uid')" &>/dev/null || id -un "$(_jq '.user')" &>/dev/null || adduser -u "$(_jq '.uid')" -G "$(_jq '.group')" "$(_jq '.user')" -SHD groups=$(_jq '.groups') if [[ "$groups" != "null" ]]; then - for group_spec in $(echo "$groups" | jq -r '.[]'); do - group_name=$(echo "$group_spec" | cut -d: -f1) - group_gid=$(echo "$group_spec" | cut -d: -f2) - if ! id -g "$group_gid" &>/dev/null && ! id -gn "$group_name" &>/dev/null; then - echo "Creating supplementary group $group_name ($group_gid)" - addgroup -g "$group_gid" -S "$group_name" - fi - echo "Adding user $(_jq '.user') to group $group_name" - addgroup "$(_jq '.user')" "$group_name" - done + for group_name in $(echo "$groups" | jq -r '.[]'); do + echo "Adding user $(_jq '.user') to group $group_name" + addgroup "$(_jq '.user')" "$group_name" + done fi echo -e "$password\n$password" | smbpasswd -a -s "$(_jq '.user')" unset password diff --git a/test/data/config.yml b/test/data/config.yml index 6d235c8..2c88f2c 100644 --- a/test/data/config.yml +++ b/test/data/config.yml @@ -4,15 +4,17 @@ auth: uid: 1000 gid: 1000 password: bar - groups: - - group1:2001 - - group2:2002 + groups: [qux, quux] - user: yyy group: xxx uid: 1100 gid: 1200 password_file: /tmp/yyy_password +group: + qux: 2001 + quux: 2002 + global: - "force user = foo" - "force group = foo"