Make useradd program and arguments configurable (#45)

* Make both the useradd program and the arguments for useradd configurable. Closes #39

* fix documentation

Author: mvanbaak

README.md

@@ -73,10 +73,14 @@ Linux user names may only be up to 32 characters long.
 There are a couple of things you can configure by editing/creating the file `/etc/aws-ec2-ssh.conf` and adding
 one or more of the following lines:
 
-ASSUMEROLE="IAM-role-arn" # IAM Role ARN for multi account. See below for more info
-IAM_AUTHORIZED_GROUPS="GROUPNAMES" # Comma seperated list of IAM groups to import
-SUDOERSGROUP="GROUPNAME" # IAM group that should have sudo access
-LOCAL_GROUPS="GROUPNAMES" # Comma seperated list of UNIX groups to add the users in
+```
+ASSUMEROLE="IAM-role-arn"                      # IAM Role ARN for multi account. See below for more info
+IAM_AUTHORIZED_GROUPS="GROUPNAMES"             # Comma seperated list of IAM groups to import
+SUDOERSGROUP="GROUPNAME"                       # IAM group that should have sudo access
+LOCAL_GROUPS="GROUPNAMES"                      # Comma seperated list of UNIX groups to add the users in
+USERADD_PROGRAM="/usr/sbin/useradd"            # The useradd program to use. defaults to `/usr/sbin/useradd`
+USERADD_ARGS="--create-home --shell /bin/bash" # Arguments for the useradd program. defaults to `--create-home --shell /bin/bash`
+```
 
 ## Using a multi account strategy with a central IAM user account
 

import_users.sh

@@ -23,6 +23,12 @@
 # instance you use this script runs in another.
 : ${ASSUMEROLE:=""}
 
+# Possibility to provide a custom useradd program
+: ${USERADD_PROGRAM:="/usr/sbin/useradd"}
+
+# Possibility to provide custom useradd arguments
+: ${USERADD_ARGS:="--create-home --shell /bin/bash"}
+
 function setup_aws_credentials() {
     local stscredentials
     if [[ ! -z "${ASSUMEROLE}" ]]
@@ -101,7 +107,7 @@ function create_or_update_local_user() {
     fi
 
     id "${username}" >/dev/null 2>&1 \
-        || /usr/sbin/useradd --create-home --shell /bin/bash "${username}" \
+        || ${USERADD_PROGRAM} ${USERADD_ARGS} "${username}" \
         && /bin/chown -R "${username}:${username}" "$(eval echo ~$username)"
     /usr/sbin/usermod -G "${localusergroups}" "${username}"
 

install.sh

@@ -2,22 +2,26 @@
 
 show_help() {
 cat << EOF
-Usage: ${0##*/} [-hv] [-a ARN] [-i GROUP,GROUP,...] [-l GROUP,GROUP,...] [-s GROUP]
+Usage: ${0##*/} [-hv] [-a ARN] [-i GROUP,GROUP,...] [-l GROUP,GROUP,...] [-s GROUP] [-p PROGRAM] [-u "ARGUMENTS"]
 Install import_users.sh and authorized_key_commands.
 
-    -h              display this help and exit
-    -v              verbose mode.
-
-    -a arn          Assume a role before contacting AWS IAM to get users and keys.
-                    This can be used if you define your users in one AWS account, while the EC2
-                    instance you use this script runs in another.
-    -i group,group  Which IAM groups have access to this instance
-                    Comma seperated list of IAM groups. Leave empty for all available IAM users
-    -l group,group  Give the users these local UNIX groups
-                    Comma seperated list
-    -s group        Specify an IAM group for users who should be given sudo privileges, or leave
-                    empty to not change sudo access, or give it the value '##ALL##' to have all
-                    users be given sudo rights.
+    -h                 display this help and exit
+    -v                 verbose mode.
+
+    -a arn             Assume a role before contacting AWS IAM to get users and keys.
+                       This can be used if you define your users in one AWS account, while the EC2
+                       instance you use this script runs in another.
+    -i group,group     Which IAM groups have access to this instance
+                       Comma seperated list of IAM groups. Leave empty for all available IAM users
+    -l group,group     Give the users these local UNIX groups
+                       Comma seperated list
+    -s group           Specify an IAM group for users who should be given sudo privileges, or leave
+                       empty to not change sudo access, or give it the value '##ALL##' to have all
+                       users be given sudo rights.
+    -p program         Specify your useradd program to use.
+                       Defaults to '/usr/sbin/useradd'
+    -u "useradd args"  Specify arguments to use with useradd.
+                       Defaults to '--create-home --shell /bin/bash'
 
 
 EOF
@@ -27,6 +31,8 @@ IAM_GROUPS=""
 SUDO_GROUP=""
 LOCAL_GROUPS=""
 ASSUME_ROLE=""
+USERADD_PROGRAM=""
+USERADD_ARGS=""
 
 while getopts :hva:i:l:s: opt
 do
@@ -50,6 +56,12 @@ do
         a)
             ASSUME_ROLE="$OPTARG"
             ;;
+        p)
+            USERADD_PROGRAM="$OPTARG"
+            ;;
+        u)
+            USERADD_ARGS="$OPTARG"
+            ;;
         \?)
             echo "Invalid option: -$OPTARG" >&2
             show_help
@@ -107,6 +119,16 @@ then
     echo "ASSUMEROLE=\"${ASSUME_ROLE}\"" >> /etc/aws-ec2-ssh.conf
 fi
 
+if [ "${USERADD_PROGRAM}" != "" ]
+then
+    echo "USERADD_PROGRAM=\"${USERADD_PROGRAM}\"" >> /etc/aws-ec2-ssh.conf
+fi
+
+if [ "${USERADD_ARGS}" != "" ]
+then
+    echo "USERADD_ARGS=\"${USERADD_ARGS}\"" >> /etc/aws-ec2-ssh.conf
+fi
+
 sed -i 's:#AuthorizedKeysCommand none:AuthorizedKeysCommand /opt/authorized_keys_command.sh:g' /etc/ssh/sshd_config
 sed -i 's:#AuthorizedKeysCommandUser nobody:AuthorizedKeysCommandUser nobody:g' /etc/ssh/sshd_config