From 21781166ea7099332cefeab59c99fa02462225dd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?M=C4=83rcziem=20=E2=84=A2?= <118485377+spalencsar@users.noreply.github.com> Date: Fri, 3 Oct 2025 13:15:51 +0200 Subject: [PATCH] feat: Use existing sudo user instead of creating new nasadmin user - Modify setup.sh to automatically detect and use SUDO_USER - Pre-fill admin username with current sudo user - Only create new user if specified user doesn't exist - Update README.md to document user management changes - Update CHANGELOG.md with user management improvements - Remove unnecessary NEW_USER default creation --- CHANGELOG.md | 9 +++++---- README.md | 6 ++---- setup.sh | 12 +++++++++++- 3 files changed, 18 insertions(+), 9 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index f69e2ef..1563347 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -40,10 +40,11 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 - I/O scheduler path validation with automatic disk detection - Optional unattended-upgrades (disabled by default for user control) -- **Enhanced Security Documentation** - - New SECURITY.md with comprehensive security policy - - Updated security features documentation - - Container security considerations and warnings +- **User Management Overhaul** + - Script now uses existing sudo user instead of creating new "nasadmin" user + - Automatic detection of SUDO_USER environment variable + - Interactive user creation only when specified user doesn't exist + - Simplified user management workflow - **Code Quality Improvements** - New CODE_OF_CONDUCT.md for community guidelines diff --git a/README.md b/README.md index fb7b60f..3c6941f 100644 --- a/README.md +++ b/README.md @@ -154,10 +154,8 @@ The script guides you through an interactive configuration: - **Webmin:** Web-based system administration interface (optional) - **Unattended Upgrades:** Automatic security updates (optional, disabled by default) -### Security Configuration -- **Firewall Rules:** IPv4/IPv6 automatic based on selected services -- **Fail2ban:** Protection against brute-force attacks -- **Rate Limiting:** IPv4/IPv6 protection against DoS attacks +### User Configuration +- **Admin User:** Uses the current sudo user by default (no new user creation required) - **SSH Keys:** Ed25519 key generation for enhanced security ## 📁 Directory Structure diff --git a/setup.sh b/setup.sh index 2c6e016..bc44b0f 100644 --- a/setup.sh +++ b/setup.sh @@ -311,7 +311,17 @@ create_interactive_config() { save_config "SSH_PORT" "$ssh_port" # User configuration - local username=$(ask_input "Admin username" "$NEW_USER" "validate_username") + local current_user + if [[ -n "${SUDO_USER:-}" ]]; then + current_user="$SUDO_USER" + log_info "Using current sudo user: $current_user" + else + current_user="$USER" + log_info "Using current user: $current_user" + fi + + # Pre-fill with current user, but allow override + local username=$(ask_input "Admin username" "$current_user" "validate_username") save_config "ADMIN_USER" "$username" # Ensure the configured admin user exists (offer interactive creation) ensure_user_exists_interactive "$username" || log_warning "Admin user '$username' not created; some features may require it."