I’m Automating Initial Server Setup with Ubuntu 18.04 on Digital Ocean using the user-data insert to start a new server.
I want to customize the PS1
prompt in the etc/skel/.bashrc
but I need to replace line 59 or it may be it’s 60, which is not the end of the file…
so would it be?
sed -i "59 PS1='${debian_chroot:+($debian_chroot)}\n\@ \[\e[32;40m\]\u\[\e[m\] \[\e[32;40m\]@\[\e[m\]\n \[\e[32;40m\]\H\[\e[m\] \[\e[36;40m\]\w\[\e[m\] \[\e[33m\]\\$\[\e[m\]' etc/skel.bashrc"
I’m guessing the -i
flag is an insert, would it be an -r
to replace?
and is it double quotes around single quotes? or should I be trying to escape one set of quotes?
#!/bin/bash
set -euo pipefail
########################
### SCRIPT VARIABLES ###
########################
# Name of the user to create and grant sudo privileges
USERNAME=sammy
# Whether to copy over the root user's `authorized_keys` file to the new sudo
# user.
COPY_AUTHORIZED_KEYS_FROM_ROOT=true
# Additional public keys to add to the new sudo user
# OTHER_PUBLIC_KEYS_TO_ADD=(
# "ssh-rsa AAAAB..."
# "ssh-rsa AAAAB..."
# )
OTHER_PUBLIC_KEYS_TO_ADD=(
)
####################
### SCRIPT LOGIC ###
####################
# Add sudo user and grant privileges
useradd --create-home --shell "/bin/bash" --groups sudo "${USERNAME}"
# Check whether the root account has a real password set
encrypted_root_pw="$(grep root /etc/shadow | cut --delimiter=: --fields=2)"
if [ "${encrypted_root_pw}" != "*" ]; then
# Transfer auto-generated root password to user if present
# and lock the root account to password-based access
echo "${USERNAME}:${encrypted_root_pw}" | chpasswd --encrypted
passwd --lock root
else
# Delete invalid password for user if using keys so that a new password
# can be set without providing a previous value
passwd --delete "${USERNAME}"
fi
# Expire the sudo user's password immediately to force a change
chage --lastday 0 "${USERNAME}"
# Create SSH directory for sudo user
home_directory="$(eval echo ~${USERNAME})"
mkdir --parents "${home_directory}/.ssh"
# Copy `authorized_keys` file from root if requested
if [ "${COPY_AUTHORIZED_KEYS_FROM_ROOT}" = true ]; then
cp /root/.ssh/authorized_keys "${home_directory}/.ssh"
fi
# Add additional provided public keys
for pub_key in "${OTHER_PUBLIC_KEYS_TO_ADD[@]}"; do
echo "${pub_key}" >> "${home_directory}/.ssh/authorized_keys"
done
# Adjust SSH configuration ownership and permissions
chmod 0700 "${home_directory}/.ssh"
chmod 0600 "${home_directory}/.ssh/authorized_keys"
chown --recursive "${USERNAME}":"${USERNAME}" "${home_directory}/.ssh"
# Disable root SSH login with password
sed --in-place 's/^PermitRootLogin.*/PermitRootLogin prohibit-password/g' /etc/ssh/sshd_config
if sshd -t -q; then
systemctl restart sshd
fi
# Add exception for SSH and then enable UFW firewall
ufw allow OpenSSH
ufw --force enable
# customize TTY prompt
echo "PS1='${debian_chroot:+($debian_chroot)}\n\@ \[\e[32;40m\]\u\[\e[m\] \[\e[32;40m\]@\[\e[m\]\n \[\e[32;40m\]\H\[\e[m\] \[\e[36;40m\]\w\[\e[m\] \[\e[33m\]\\$\[\e[m\] '" >> etc/skel.bashrc