Ubuntu Manpage: mini-buildd-ssh-setup - Idempotent setup script for SSH access

name
synopsis
description

NAME

       mini-buildd-ssh-setup - Idempotent setup script for SSH access

SYNOPSIS

       mini-buildd-ssh-setup [[<ENDPOINT>]|[--purge]]  (as user root)

DESCRIPTION

       Idempotent setup script for SSH access

       Create and setup three UNIX users that are corresponding to mini-buildd users of the same name:

       * mini-buildd-uploader:
              Allow uploads via SSH

       * mini-buildd-staff:
              Allow API calls with 'staff' authorization via SSH

       * mini-buildd-admin:
              Allow API calls with 'admin' authorization via SSH

       Needed extra work on mini-buildd:

       * BEFORE running this:
              Please create all the three mini-buildd users

       * AFTER running this:
              Please check/configure/activate the Upload Profile for user mini-buildd-uploader

       When this is up:

       * Grant someone access:
              See the example line in created 'authorized_keys' files of the resp. users.

       * Run API calls:
              'ssh mini-buildd-staff|admin@<yourhost> mini-buildd-api <mini_buildd_api_args>'

              Note  that  you  will  need  the  _complete_  arguments, including the correct user endpoint (like
              'http://mini-buildd-staff@<yourhost>:8066')

       * Upload:
              An extra '.dput.cf' will be generated in  '/var/lib/mini-buildd/etc/dput.cf'  (for  dput_conf  API
              call)

              Authorized users can now also upload with this new target.

       Caveats:

       Someone with access to 'mini-buildd-uploader' could potentially copy from or write to arbitrary locations
       (within the mini-buildd-uploader user's permissions).