create home folders as 0755 on Debian 12 (#4156)

related: https://github.com/raspiblitz/raspiblitz/issues/4154
2024-11-19 18:00:22 +01:00 · 2023-09-09 21:36:35 +03:00 · 2023-09-09 21:36:35 +03:00 · 39102b149c
commit 39102b149c
parent e670e61297
35 changed files with 37 additions and 37 deletions
--- a/build_sdcard.sh
+++ b/build_sdcard.sh
@ -392,7 +392,7 @@ echo -e "\n*** PREPARE ${baseimage} ***"
 # make sure the pi user is present
 if [ "$(compgen -u | grep -c pi)" -eq 0 ];then
  echo "# Adding the user pi"
-  adduser --disabled-password --gecos "" pi
+  adduser --system --group --home /home/pi pi
  adduser pi sudo
 fi

@ -535,7 +535,7 @@ service rsyslog restart
 echo -e "\n*** ADDING MAIN USER admin ***"
 # based on https://raspibolt.org/system-configuration.html#add-users
 # using the default password 'raspiblitz'
-adduser --disabled-password --gecos "" admin
+adduser --system --group --home /home/admin admin
 echo "admin:raspiblitz" | chpasswd
 adduser admin sudo
 chsh admin -s /bin/bash
@ -553,7 +553,7 @@ fi
 echo -e "\n*** ADDING SERVICE USER bitcoin"
 # based on https://raspibolt.org/guide/raspberry-pi/system-configuration.html
 # create user and set default password for user
-adduser --disabled-password --gecos "" bitcoin
+adduser --system --group --home /home/bitcoin bitcoin
 echo "bitcoin:raspiblitz" | chpasswd
 # make home directory readable
 chmod 755 /home/bitcoin
--- a/home.admin/config.scripts/blitz.web.api.sh
+++ b/home.admin/config.scripts/blitz.web.api.sh
@ -237,7 +237,7 @@ if [ "$1" = "1" ] || [ "$1" = "on" ]; then
  rm -r /home/blitzapi/blitz_api 2>/dev/null

  # create user
-  adduser --disabled-password --gecos "" blitzapi
+  adduser --system --group --home /home/blitzapi blitzapi

  # sudo capability for manipulating passwords
  /usr/sbin/usermod --append --groups sudo blitzapi
--- a/home.admin/config.scripts/bonus.bitcoinminds.sh
+++ b/home.admin/config.scripts/bonus.bitcoinminds.sh
@ -36,7 +36,7 @@ if [ "$1" = "1" ] || [ "$1" = "on" ]; then
    echo ""

    # create user
-    sudo adduser --disabled-password --gecos "" bitcoinminds 2>/dev/null
+    sudo adduser --system --group --home /home/bitcoinminds bitcoinminds

    # add local directory to path and set PATH for the user
    sudo bash -c "echo 'PATH=\$PATH:/home/bitcoinminds/.local/bin' >> /home/bitcoinminds/.profile"
--- a/home.admin/config.scripts/bonus.bos.sh
+++ b/home.admin/config.scripts/bonus.bos.sh
@ -194,7 +194,7 @@ if [ "$1" = "1" ] || [ "$1" = "on" ]; then
  /home/admin/config.scripts/bonus.nodejs.sh on

  # create bos user
-  sudo adduser --disabled-password --gecos "" bos
+  sudo adduser --system --group --home /home/bos bos

  echo "# Create data folder on the disk"
  # move old data if present
--- a/home.admin/config.scripts/bonus.btc-rpc-explorer.sh
+++ b/home.admin/config.scripts/bonus.btc-rpc-explorer.sh
@ -207,7 +207,7 @@ if [ "$1" = "install" ]; then
  /home/admin/config.scripts/bonus.nodejs.sh on

  # add btcrpcexplorer user
-  sudo adduser --disabled-password --gecos "" btcrpcexplorer
+  sudo adduser --system --group --home /home/btcrpcexplorer btcrpcexplorer

  # install btc-rpc-explorer
  cd /home/btcrpcexplorer
--- a/home.admin/config.scripts/bonus.btcpayserver.sh
+++ b/home.admin/config.scripts/bonus.btcpayserver.sh
@ -346,7 +346,7 @@ if [ "$1" = "install" ]; then
  fi

  echo "# create btcpay user"
-  sudo adduser --disabled-password --gecos "" btcpay
+  sudo adduser --system --group --home /home/btcpay btcpay
  cd /home/btcpay || exit 1

  echo "# install .NET"
--- a/home.admin/config.scripts/bonus.circuitbreaker.sh
+++ b/home.admin/config.scripts/bonus.circuitbreaker.sh
@ -77,7 +77,7 @@ if [ "$1" = "1" ] || [ "$1" = "on" ]; then
    # get Go vars
    source /etc/profile
    # create dedicated user
-    sudo adduser --disabled-password --gecos "" circuitbreaker
+    sudo adduser --system --group --home /home/circuitbreaker circuitbreaker
    # set PATH for the user
    sudo bash -c "echo 'PATH=\$PATH:/home/circuitbreaker/go/bin/' >> /home/circuitbreaker/.profile"

--- a/home.admin/config.scripts/bonus.ckbunker.sh
+++ b/home.admin/config.scripts/bonus.ckbunker.sh
@ -99,7 +99,7 @@ if [ "$1" = "1" ] || [ "$1" = "on" ]; then
  sudo apt install -y virtualenv python-dev libusb-1.0-0-dev libudev-dev

  # create dedicated user
-  sudo adduser --disabled-password --gecos "" ckbunker
+  sudo adduser --system --group --home /home/ckbunker ckbunker

  # add the user to the Tor group
  sudo usermod -a -G debian-tor ckbunker
--- a/home.admin/config.scripts/bonus.electrs.sh
+++ b/home.admin/config.scripts/bonus.electrs.sh
@ -274,7 +274,7 @@ if [ "$1" = "1" ] || [ "$1" = "on" ]; then
    echo
    echo "# Creating the electrs user"
    echo
-    sudo adduser --disabled-password --gecos "" electrs
+    sudo adduser --system --group --home /home/electrs electrs
    cd /home/electrs

    echo
--- a/home.admin/config.scripts/bonus.faraday.sh
+++ b/home.admin/config.scripts/bonus.faraday.sh
@ -157,7 +157,7 @@ if [ "${mode}" = "on" ] || [ "${mode}" = "1" ]; then

  # create dedicated user
  echo "# Add the 'faraday' user"
-  sudo adduser --disabled-password --gecos "" faraday
+  sudo adduser --system --group --home /home/faraday faraday

  # set PATH for the user
  sudo bash -c "echo 'PATH=\$PATH:/home/faraday/bin/' >> /home/faraday/.profile"
--- a/home.admin/config.scripts/bonus.fints.sh
+++ b/home.admin/config.scripts/bonus.fints.sh
@ -196,7 +196,7 @@ if [ "$1" = "1" ] || [ "$1" = "on" ]; then

  # create a dedicated user for the app
  echo "# create user"
-  sudo adduser --disabled-password --gecos "" ${APPID} || exit 1
+  sudo adduser --system --group --home /home/${APPID} ${APPID} || exit 1

  # add user to special groups with special access rights
  # echo "# add use to special groups"
--- a/home.admin/config.scripts/bonus.fulcrum.sh
+++ b/home.admin/config.scripts/bonus.fulcrum.sh
@ -30,7 +30,7 @@ if [ "$1" = on ]; then
  fi

  # create a dedicated user
-  sudo adduser --disabled-password --gecos "" fulcrum
+  sudo adduser --system --group --home /home/fulcrum fulcrum
  cd /home/fulcrum || exit 1

  sudo apt install -y libssl-dev # was needed on Debian Bullseye
--- a/home.admin/config.scripts/bonus.helipad.sh
+++ b/home.admin/config.scripts/bonus.helipad.sh
@ -86,7 +86,7 @@ if [ "$1" = "1" ] || [ "$1" = "on" ]; then
    ###############
    
    # create helipad user:
-    sudo adduser --disabled-password --gecos "" $HELIPAD_USER
+    sudo adduser --system --group --home /home/$HELIPAD_USER $HELIPAD_USER

    # install system dependencies:
    sudo apt --assume-yes update
--- a/home.admin/config.scripts/bonus.homer.sh
+++ b/home.admin/config.scripts/bonus.homer.sh
@ -128,7 +128,7 @@ if [ "$1" = "1" ] || [ "$1" = "on" ]; then
  if [ ${isInstalled} -eq 0 ]; then

    # add homer user
-    sudo adduser --disabled-password --gecos "" homer
+    sudo adduser --system --group --home /home/homer homer

    # install homer
    cd /home/homer
--- a/home.admin/config.scripts/bonus.itchysats.sh
+++ b/home.admin/config.scripts/bonus.itchysats.sh
@ -261,7 +261,7 @@ if [ "$1" = "1" ] || [ "$1" = "on" ]; then
  # BACKGROUND is here to seperate running apps by unix users
  # and only give file write access to the rest of the system where needed.
  echo "# Create user"
-  sudo adduser --disabled-password --gecos "" ${APPID}
+  sudo adduser --system --group --home /home/${APPID} ${APPID}

  # create a data directory on /mnt/hdd/app-data/ for the app
  # BACKGROUND is that any critical data that needs to survive an update should
--- a/home.admin/config.scripts/bonus.jam.sh
+++ b/home.admin/config.scripts/bonus.jam.sh
@ -99,7 +99,7 @@ if [ "$1" = "install" ]; then
  echo "# *** INSTALL JAM (user & code) ***"

  echo "# Creating the ${USERNAME} user"
-  sudo adduser --disabled-password --gecos "" ${USERNAME}
+  sudo adduser --system --group --home /home/${USERNAME} ${USERNAME}

  # install nodeJS
  /home/admin/config.scripts/bonus.nodejs.sh on
--- a/home.admin/config.scripts/bonus.joinmarket.sh
+++ b/home.admin/config.scripts/bonus.joinmarket.sh
@ -57,7 +57,7 @@ if [ "$1" = "install" ]; then
    sudo userdel -rf joinmarket 2>/dev/null

    echo "# add the 'joinmarket' user"
-    adduser --disabled-password --gecos "" joinmarket
+    adduser --system --group --home /home/joinmarket joinmarket

    # add to sudo group (required for installation)
    adduser joinmarket sudo || exit 1
--- a/home.admin/config.scripts/bonus.kindle-display.sh
+++ b/home.admin/config.scripts/bonus.kindle-display.sh
@ -37,7 +37,7 @@ if [ "$1" = "1" ] || [ "$1" = "on" ]; then
    /home/admin/config.scripts/bonus.nodejs.sh on

    # add user
-    sudo adduser --disabled-password --gecos "" $USERNAME
+    sudo adduser --system --group --home /home/$USERNAME $USERNAME

    # install kindle-display
    echo "# install .."
--- a/home.admin/config.scripts/bonus.lightningtipbot.sh
+++ b/home.admin/config.scripts/bonus.lightningtipbot.sh
@ -52,7 +52,7 @@ if [ "$1" = "1" ] || [ "$1" = "on" ]; then
    source /etc/profile

    # create dedicated user
-    sudo adduser --disabled-password --gecos "" lightningtipbot
+    sudo adduser --system --group --home /home/lightningtipbot lightningtipbot

    # install from source
    cd /home/lightningtipbot
--- a/home.admin/config.scripts/bonus.lit.sh
+++ b/home.admin/config.scripts/bonus.lit.sh
@ -90,7 +90,7 @@ if [ "$1" = "1" ] || [ "$1" = "on" ]; then
  if [ ${isInstalled} -eq 0 ]; then

    # create dedicated user
-    sudo adduser --disabled-password --gecos "" lit
+    sudo adduser --system --group --home /home/lit lit
    # make sure symlink to central app-data directory exists
    sudo rm -rf /home/lit/.lnd # not a symlink.. delete it silently
    # create symlink
--- a/home.admin/config.scripts/bonus.lnbits.sh
+++ b/home.admin/config.scripts/bonus.lnbits.sh
@ -621,7 +621,7 @@ if [ "$1" = "install" ]; then

  # add lnbits user
  echo "*** Add the 'lnbits' user ***"
-  sudo adduser --disabled-password --gecos "" lnbits
+  sudo adduser --system --group --home /home/lnbits lnbits

  # get optional github parameter
  githubUser="lnbits"
--- a/home.admin/config.scripts/bonus.lndg.sh
+++ b/home.admin/config.scripts/bonus.lndg.sh
@ -129,7 +129,7 @@ if [ "$1" = "1" ] || [ "$1" = "on" ]; then
    ###############

    # create lndg user
-    sudo adduser --disabled-password --gecos "" lndg
+    sudo adduser --system --group --home /home/lndg lndg
    # add user to group with admin access to lnd
    sudo /usr/sbin/usermod --append --groups lndadmin lndg
    # make sure symlink to central app-data directory exists
--- a/home.admin/config.scripts/bonus.lnproxy.sh
+++ b/home.admin/config.scripts/bonus.lnproxy.sh
@ -54,7 +54,7 @@ if [ "$1" = "1" ] || [ "$1" = "on" ]; then
  /home/admin/config.scripts/bonus.go.sh on

  # create lnproxy user
-  sudo adduser --disabled-password --gecos "" lnproxy
+  sudo adduser --system --group --home /home/lnproxy lnproxy

  # create macaroon
  cd /home/bitcoin || exit 1
--- a/home.admin/config.scripts/bonus.loop.sh
+++ b/home.admin/config.scripts/bonus.loop.sh
@ -53,7 +53,7 @@ if [ "$1" = "1" ] || [ "$1" = "on" ]; then
    source /etc/profile

    # create dedicated user
-    sudo adduser --disabled-password --gecos "" loop
+    sudo adduser --system --group --home /home/loop loop

    # set PATH for the user
    sudo bash -c "echo 'PATH=\$PATH:/home/loop/go/bin/' >> /home/loop/.profile"
--- a/home.admin/config.scripts/bonus.mempool.sh
+++ b/home.admin/config.scripts/bonus.mempool.sh
@ -132,7 +132,7 @@ if [ "$1" = "install" ]; then
  sudo apt-get install -y mariadb-server mariadb-client

  # add mempool user
-  sudo adduser --disabled-password --gecos "" mempool
+  sudo adduser --system --group --home /home/mempool mempool

  # install mempool
  cd /home/mempool
--- a/home.admin/config.scripts/bonus.pool.sh
+++ b/home.admin/config.scripts/bonus.pool.sh
@ -40,7 +40,7 @@ if [ "$1" = "1" ] || [ "$1" = "on" ]; then
  if [ ${isInstalled} -eq 0 ]; then

    # create dedicated user
-    sudo adduser --disabled-password --gecos "" pool
+    sudo adduser --system --group --home /home/pool pool

    echo "# persist settings in app-data"
    echo "# make sure the data directory exists"
--- a/home.admin/config.scripts/bonus.pyblock.sh
+++ b/home.admin/config.scripts/bonus.pyblock.sh
@ -29,7 +29,7 @@ if [ "$1" = "1" ] || [ "$1" = "on" ]; then
  echo "*** INSTALL pyblocks***"
  
  # create pyblock user
-  sudo adduser --disabled-password --gecos "" pyblock
+  sudo adduser --system --group --home /home/pyblock pyblock
  cd /home/pyblock
  sudo -u pyblock mkdir /home/pyblock/config

--- a/home.admin/config.scripts/bonus.rtl.sh
+++ b/home.admin/config.scripts/bonus.rtl.sh
@ -136,7 +136,7 @@ if [ "$1" = "install" ]; then

  # create rtl user (one for all instances)
  if [ $(compgen -u | grep -c rtl) -eq 0 ]; then
-    sudo adduser --disabled-password --gecos "" rtl || exit 1
+    sudo adduser --system --group --home /home/rtl rtl || exit 1
  fi

  # download source code and set to tag release
--- a/home.admin/config.scripts/bonus.specter.sh
+++ b/home.admin/config.scripts/bonus.specter.sh
@ -213,7 +213,7 @@ if [ "$1" = "1" ] || [ "$1" = "on" ]; then
    sudo apt update
    sudo apt-get install -y virtualenv libffi-dev libusb-1.0.0-dev libudev-dev

-    sudo adduser --disabled-password --gecos "" specter
+    sudo adduser --system --group --home /home/specter specter
    if [ "$(ls /home | grep -c "specter")" == "0" ]; then
      echo "error='was not able to create user specter'"
      exit 1
--- a/home.admin/config.scripts/bonus.sphinxrelay.sh
+++ b/home.admin/config.scripts/bonus.sphinxrelay.sh
@ -387,7 +387,7 @@ if [ "$1" = "1" ] || [ "$1" = "on" ]; then
    /home/admin/config.scripts/lnd.keysend.sh on

    echo "*** Add the 'sphinxrelay' user ***"
-    sudo adduser --disabled-password --gecos "" sphinxrelay
+    sudo adduser --system --group --home /home/sphinxrelay sphinxrelay
    sudo /usr/sbin/usermod --append --groups lndadmin sphinxrelay
    sudo /usr/sbin/usermod --append --groups lndsigner sphinxrelay
    sudo /usr/sbin/usermod --append --groups lndrouter sphinxrelay
--- a/home.admin/config.scripts/bonus.squeaknode.sh
+++ b/home.admin/config.scripts/bonus.squeaknode.sh
@ -110,7 +110,7 @@ if [ "$1" = "1" ] || [ "$1" = "on" ]; then
  if [ ${isInstalled} -eq 0 ]; then

    echo "*** Add the 'squeaknode' user ***"
-    sudo adduser --disabled-password --gecos "" squeaknode
+    sudo adduser --system --group --home /home/squeaknode squeaknode

    # make sure needed debian packages are installed
    echo "# installing needed packages"
--- a/home.admin/config.scripts/bonus.stacking-sats-kraken.sh
+++ b/home.admin/config.scripts/bonus.stacking-sats-kraken.sh
@ -28,7 +28,7 @@ if [ "$1" = "1" ] || [ "$1" = "on" ]; then
    /home/admin/config.scripts/bonus.nodejs.sh on

    # add user
-    sudo adduser --disabled-password --gecos "" $USERNAME
+    sudo adduser --system --group --home /home/$USERNAME $USERNAME

    # install stacking-sats-kraken
    cd $HOME_DIR
--- a/home.admin/config.scripts/bonus.tallycoin-connect.sh
+++ b/home.admin/config.scripts/bonus.tallycoin-connect.sh
@ -63,7 +63,7 @@ if [ "$1" = "1" ] || [ "$1" = "on" ]; then
    /home/admin/config.scripts/bonus.nodejs.sh on

    # add user
-    sudo adduser --disabled-password --gecos "" $USERNAME
+    sudo adduser --system --group --home /home/$USERNAME $USERNAME

    # install tallycoin_connect
    cd $HOME_DIR
--- a/home.admin/config.scripts/bonus.template.sh
+++ b/home.admin/config.scripts/bonus.template.sh
@ -161,7 +161,7 @@ if [ "$1" = "1" ] || [ "$1" = "on" ]; then
  # BACKGROUND is here to seperate running apps by unix users
  # and only give file write access to the rest of the system where needed.
  echo "# create user"
-  sudo adduser --disabled-password --gecos "" ${APPID} || exit 1
+  sudo adduser --system --group --home /home/${APPID} ${APPID} || exit 1

  # add user to special groups with special access rights
  # BACKGROUND there are some unix groups available that will give the access to
--- a/home.admin/config.scripts/bonus.thunderhub.sh
+++ b/home.admin/config.scripts/bonus.thunderhub.sh
@ -96,7 +96,7 @@ if [ "$1" = "install" ]; then
    /home/admin/config.scripts/bonus.nodejs.sh on

    # create thunderhub user
-    sudo adduser --disabled-password --gecos "" thunderhub
+    sudo adduser --system --group --home /home/thunderhub thunderhub

    # download and install
    sudo -u thunderhub git clone https://github.com/apotdevin/thunderhub.git /home/thunderhub/thunderhub