pkg: add a user for www-only access #8521

Added a group as well, but we can always drop it if it doesn't make sense.
2026-02-18 18:18:13 -05:00 · 2025-04-23 09:07:42 +02:00 · 2025-04-23 09:07:42 +02:00 · 08a86fdae9
commit 08a86fdae9
parent bdb3f73315
1 changed files with 20 additions and 0 deletions
--- a/20
+++ b/20
@ -1,3 +1,23 @@
+PW=/usr/sbin/pw
+USER=wwwonly
+UID=789
+GROUP=${USER}
+GID=${UID}
+
+if ! ${PW} groupshow ${GROUP} >/dev/null 2>&1; then
+    echo "Creating group '${GROUP}' with gid '${GID}'"
+    ${PW} groupadd ${GROUP} -g ${GID}
+else
+    echo "Using existing group '${GROUP}'"
+fi
+
+if ! ${PW} usershow ${USER} >/dev/null 2>&1; then
+  echo "Creating user '${USER}' with uid '${UID}'"
+  ${PW} useradd ${USER} -u ${UID} -g ${GID} -c "World Wide Web Only" -d /nonexistent -s /usr/sbin/nologin
+else
+  echo "Using existing user '${USER}'"
+fi
+
 echo "Updating /etc/shells"
 cp /etc/shells /etc/shells.bak
 (grep -v /usr/local/sbin/opnsense-shell /etc/shells.bak; \