NAME

       mini-buildd-ssh-setup - Idempotent setup script for SSH access

SYNOPSIS

       mini-buildd-ssh-setup [[<ENDPOINT>]|[--purge]]  (as user root)

DESCRIPTION

       Idempotent setup script for SSH access

       Create  and setup three UNIX users that are corresponding to mini-buildd users of the same
       name:

       * mini-buildd-uploader:
              Allow uploads via SSH

       * mini-buildd-staff:
              Allow API calls with 'staff' authorization via SSH

       * mini-buildd-admin:
              Allow API calls with 'admin' authorization via SSH

       Needed extra work on mini-buildd:

       * BEFORE running this:
              Please create all the three mini-buildd users

       * AFTER running this:
              Please check/configure/activate the Upload Profile for user mini-buildd-uploader

       When this is up:

       * Grant someone access:
              See the example line in created 'authorized_keys' files of the resp. users.

       * Run API calls:
              'ssh mini-buildd-staff|admin@<yourhost> mini-buildd-api <mini_buildd_api_args>'

              Note that you will need  the  _complete_  arguments,  including  the  correct  user
              endpoint (like 'http://mini-buildd-staff@<yourhost>:8066')

       * Upload:
              An  extra  '.dput.cf'  will be generated in '/var/lib/mini-buildd/etc/dput.cf' (for
              dput_conf API call)

              Authorized users can now also upload with this new target.

       Caveats:

       Someone with access to 'mini-buildd-uploader' could potentially  copy  from  or  write  to
       arbitrary locations (within the mini-buildd-uploader user's permissions).