slish annotate slish @ rev 13
Tiny edits
| author | Paul Issott <paul@slitaz.org> |
|---|---|
| date | Sat Feb 01 17:29:57 2014 +0000 (2014-02-01) |
| parents | 27c18235251c |
| children |
| rev | line source |
|---|---|
| pankso@1 | 1 #!/bin/sh |
| pankso@1 | 2 # |
| paul@5 | 3 # SliSH - The SliTaz SHell on demand. No gettext this is a pure admin |
| paul@5 | 4 # mainly developed for slish.in but which can be used by other projects. |
| pankso@1 | 5 # |
| pankso@1 | 6 # Copyright (C) 2014 SliTaz GNU/Linux - BSD License |
| pankso@1 | 7 # Author: Christophe Lincoln <pankso@slitaz.org> |
| pankso@1 | 8 # |
| pankso@1 | 9 export LANG=en LC_ALL=en |
| pankso@1 | 10 . /lib/libtaz.sh |
| pankso@1 | 11 |
| pankso@1 | 12 [ "$root" ] || root="/home/slish/chroot" |
| pankso@1 | 13 people="$(dirname $root)/people" |
| pankso@1 | 14 data="/usr/share/slish" |
| pankso@1 | 15 logs="$(dirname $root)/logs" |
| pankso@1 | 16 cache="$(dirname $root)/cache" |
| pankso@1 | 17 activity="$logs/activity.log" |
| pankso@1 | 18 queue="${cache}/signup-queue" |
| pankso@1 | 19 domain="slish.in" |
| pankso@1 | 20 |
| pankso@6 | 21 # Default chroot packages |
| pankso@1 | 22 chrootpkgs="glibc-base slitaz-base-files ncursesw nano ytree busybox-slish |
| pankso@9 | 23 rhapsody tcc glibc-dev lua tinypy" |
| pankso@1 | 24 |
| pankso@1 | 25 # |
| pankso@1 | 26 # Functions |
| pankso@1 | 27 # |
| pankso@1 | 28 |
| pankso@1 | 29 usage() { |
| pankso@1 | 30 cat << EOT |
| pankso@1 | 31 |
| pankso@1 | 32 $(boldify "Usage:") $(basename $0) [command] [--option] |
| pankso@1 | 33 |
| pankso@1 | 34 $(boldify "Commands:") |
| pankso@1 | 35 info Display paths, configs and some stats |
| paul@10 | 36 last Show last chrooted users |
| pankso@7 | 37 users List all users with name and mail |
| paul@5 | 38 setup Setup SliSH server and user chroot |
| pankso@1 | 39 gen-chroot Generate a new default or user chroot |
| pankso@1 | 40 clean-chroot Clean the chroot but skip home and root |
| pankso@1 | 41 adduser Add a user to the server with \$HOME in chroot |
| pankso@1 | 42 deluser Delete a SliSH user from server and chroot |
| pankso@6 | 43 list-queue List users in the signup queue |
| pankso@6 | 44 chroot Chroot to SliSH users default chroot |
| pankso@1 | 45 |
| pankso@1 | 46 $(boldify "Options:") |
| pankso@1 | 47 --root= Set the path to the SliSH or user chroot |
| pankso@1 | 48 --clean Clean the chroot before gen-chroot |
| pankso@6 | 49 --queued Add all users from the signup queue |
| pankso@1 | 50 |
| pankso@1 | 51 EOT |
| pankso@1 | 52 } |
| pankso@1 | 53 |
| pankso@1 | 54 # Setup SliSH server |
| pankso@1 | 55 setup() { |
| pankso@1 | 56 # Allow users to use the chroot command |
| pankso@1 | 57 if ! grep -q "^chroot =" /etc/busybox.conf; then |
| pankso@1 | 58 echo "Allowing all users to use: chroot" |
| pankso@1 | 59 echo 'chroot = ssx root.root' >> /etc/busybox.conf |
| pankso@1 | 60 fi |
| pankso@1 | 61 # Gen a chroot if not yet done |
| pankso@1 | 62 if [ ! -d "$root" ]; then |
| pankso@1 | 63 echo "Creating a chroot environment..." |
| pankso@1 | 64 gen_chroot |
| pankso@1 | 65 fi |
| pankso@1 | 66 # Also used by the CGI web interface |
| pankso@1 | 67 for dir in ${people} ${cache} ${logs}; do |
| pankso@1 | 68 echo "Setting up the $(basename $dir) directory..." |
| pankso@1 | 69 mkdir -p ${dir} && chown www.www ${dir} |
| pankso@1 | 70 done |
| paul@5 | 71 # Activity log must be writable by users |
| pankso@1 | 72 touch ${activity} && chmod 0666 ${activity} |
| paul@13 | 73 # Add /usr/bin/slish to /etc/shells (dropbear needs it) |
| pankso@11 | 74 if ! fgrep -q '/usr/bin/slish' /etc/shells; then |
| pankso@11 | 75 echo "Adding /bin/slish to the list of valid shells..." |
| pankso@11 | 76 echo '/usr/bin/slish' >> /etc/shells |
| pankso@11 | 77 fi |
| pankso@1 | 78 echo "All done!" |
| pankso@1 | 79 } |
| pankso@1 | 80 |
| pankso@6 | 81 # Show user configs |
| pankso@6 | 82 show_queued_user() { |
| pankso@6 | 83 . ${queue}/${user}/account.conf |
| pankso@6 | 84 newline |
| pankso@6 | 85 separator |
| pankso@6 | 86 cat << EOT |
| pankso@6 | 87 User : $user |
| pankso@6 | 88 Name : $name |
| pankso@6 | 89 Mail : $mail |
| pankso@6 | 90 EOT |
| pankso@6 | 91 separator |
| pankso@6 | 92 } |
| pankso@6 | 93 |
| pankso@1 | 94 # Gen a user config file |
| pankso@1 | 95 user_config() { |
| pankso@1 | 96 echo -n "Creating SliSH account configuration..." |
| pankso@1 | 97 mkdir -p ${people}/${user} |
| pankso@1 | 98 cat > ${people}/${user}/account.conf << EOT |
| pankso@1 | 99 # SliSH account configuration |
| pankso@1 | 100 |
| pankso@1 | 101 NAME="$name" |
| pankso@1 | 102 USER="$user" |
| pankso@1 | 103 MAIL="$mail" |
| pankso@1 | 104 |
| pankso@1 | 105 ULIMIT="-d 4096 -m 4096 -l 32 -p 5 -v 16384" |
| pankso@6 | 106 QUOTA="50" |
| pankso@1 | 107 |
| pankso@1 | 108 EOT |
| pankso@1 | 109 chmod 0600 ${people}/${user}/account.conf |
| pankso@1 | 110 chown ${user}.${user} ${people}/${user}/account.conf |
| pankso@1 | 111 status |
| pankso@1 | 112 } |
| pankso@1 | 113 |
| pankso@1 | 114 # Mail body. |
| pankso@8 | 115 mail_new_account() { |
| pankso@1 | 116 cat << EOT |
| pankso@1 | 117 From: SliSH <shell@${domain}> |
| pankso@1 | 118 To: $mail |
| pankso@1 | 119 Date: $(date '+%a, %d %b %Y %H:%M:%S %z') |
| pankso@1 | 120 Subject: SliSH - Account created |
| pankso@1 | 121 Content-Type: text/plain; charset=utf-8 |
| pankso@1 | 122 Content-Transfer-Encoding: 8bit |
| pankso@1 | 123 |
| pankso@11 | 124 Hi $name, |
| pankso@1 | 125 |
| pankso@1 | 126 Your custom SliTaz GNU/Linux SHell is ready to use! You can login with: |
| pankso@1 | 127 |
| pankso@1 | 128 $ ssh ${user}@${domain} |
| pankso@1 | 129 |
| pankso@1 | 130 Visit http://slish.in and http://www.slitaz.org for the latest news about |
| pankso@1 | 131 both projects. |
| pankso@1 | 132 |
| pankso@1 | 133 Happy SliTaz :-) |
| pankso@1 | 134 |
| pankso@1 | 135 --- |
| pankso@1 | 136 Sent by the SliSH Mailer |
| pankso@1 | 137 |
| pankso@1 | 138 EOT |
| pankso@1 | 139 } |
| pankso@1 | 140 |
| pankso@1 | 141 # Add a new SliSH user |
| pankso@1 | 142 add_user() { |
| pankso@11 | 143 #home="$root/./home/$user" |
| pankso@1 | 144 home="$root/home/$user" |
| pankso@1 | 145 shell="/usr/bin/slish" |
| pankso@1 | 146 |
| pankso@11 | 147 # Check values |
| pankso@11 | 148 if [ ! "$user" ] || [ ! "$name" ] || [ ! "$pass" ] || [ ! "$mail" ]; then |
| pankso@11 | 149 newline |
| pankso@11 | 150 echo "Missing option(s): --user= --name= --pass= --mail=" |
| pankso@11 | 151 newline && exit 0 |
| pankso@11 | 152 fi |
| pankso@11 | 153 |
| paul@13 | 154 # Exit if user already exists |
| pankso@1 | 155 if grep -q ^${user}: /etc/passwd; then |
| pankso@1 | 156 newline |
| pankso@1 | 157 echo -n "User already exists: "; colorize 31 "$user" |
| pankso@6 | 158 rm -rf ${queue}/${user} |
| pankso@6 | 159 newline && exit 1 |
| pankso@1 | 160 fi |
| pankso@6 | 161 |
| pankso@1 | 162 newline |
| pankso@11 | 163 echo -n "$(boldify 'Creating user:') "; colorize 34 "$user" |
| pankso@1 | 164 separator |
| pankso@1 | 165 echo -e "$pass\n$pass" | adduser -h "$home" -g "SliSH User" \ |
| pankso@1 | 166 -s ${shell} ${user} >/dev/null |
| pankso@1 | 167 |
| pankso@1 | 168 # Add user to chroot /etc/passwd |
| pankso@1 | 169 if ! grep -q ^${user}: ${root}/etc/passwd; then |
| pankso@1 | 170 echo -n "Adding $user to: $root" |
| pankso@1 | 171 grep "^$user:" /etc/passwd >> ${root}/etc/passwd |
| pankso@1 | 172 grep "^$user:" /etc/group >> ${root}/etc/group |
| pankso@1 | 173 sed -i s"!$root!!" ${root}/etc/passwd |
| pankso@1 | 174 status |
| pankso@1 | 175 fi |
| pankso@1 | 176 |
| pankso@1 | 177 # We don't want any files from /etc/skel. |
| pankso@1 | 178 echo -n "Cleaning home and creating: ~/.ssh" |
| pankso@1 | 179 rm -rf ${home} && mkdir -p ${home}/.ssh |
| pankso@1 | 180 status |
| pankso@1 | 181 |
| pankso@1 | 182 # Let a web server access an eventual ~/Public dir |
| pankso@1 | 183 echo -n "Changing mode on user home..." |
| pankso@1 | 184 chown -R ${user}.${user} ${home} |
| pankso@1 | 185 chown ${user}.www ${home} |
| pankso@1 | 186 chmod 0750 ${home} |
| pankso@1 | 187 chmod 0700 ${home}/.ssh |
| pankso@1 | 188 status |
| pankso@1 | 189 user_config |
| pankso@6 | 190 |
| pankso@1 | 191 # Send mail to notify user account creation |
| pankso@1 | 192 if [ -x /usr/sbin/sendmail ]; then |
| pankso@1 | 193 echo -n "Sending mail to: $mail" |
| pankso@8 | 194 mail_new_account | /usr/sbin/sendmail -f "shell@${domain}" "$mail" |
| pankso@1 | 195 status |
| pankso@1 | 196 fi |
| pankso@1 | 197 separator && newline |
| pankso@1 | 198 } |
| pankso@1 | 199 |
| pankso@6 | 200 # Add all users from the signup queue |
| pankso@6 | 201 add_queued_user() { |
| pankso@11 | 202 echo "Checking: $queue" |
| pankso@6 | 203 for user in $(ls ${queue}) |
| pankso@6 | 204 do |
| pankso@6 | 205 . ${queue}/${user}/account.conf |
| pankso@6 | 206 pass=$(cat ${queue}/${user}/passwd | base64 -d) |
| pankso@6 | 207 add_user |
| pankso@6 | 208 rm -rf ${queue}/${user} |
| pankso@6 | 209 done |
| pankso@6 | 210 } |
| pankso@6 | 211 |
| pankso@1 | 212 # Delete a SliSH user |
| pankso@1 | 213 del_user() { |
| pankso@1 | 214 home="$root/home/$user" |
| pankso@1 | 215 if [ ! -d "$home" ] || [ ! "$user" ]; then |
| pankso@1 | 216 newline |
| pankso@1 | 217 echo "Missing --user= name option or invalid user name" |
| pankso@1 | 218 newline && exit 0 |
| pankso@1 | 219 fi |
| pankso@1 | 220 newline |
| pankso@11 | 221 echo "$(boldify 'Deleting user:') $(colorize 34 "$user")" |
| pankso@1 | 222 separator |
| pankso@7 | 223 echo -n "Removing user account from $(hostname) server" |
| pankso@1 | 224 deluser "$user"; status |
| pankso@1 | 225 sed -i "/^$user:/"d ${root}/etc/passwd |
| pankso@1 | 226 sed -i "/^$user:/"d ${root}/etc/group |
| pankso@1 | 227 echo -n "Removing all files in : $home" |
| pankso@11 | 228 rm -rf ${home}; status |
| pankso@1 | 229 echo -n "Removing user config : $people/$user" |
| pankso@11 | 230 rm -rf "${people}/${user}"; status |
| pankso@1 | 231 separator && newline |
| pankso@1 | 232 } |
| pankso@1 | 233 |
| pankso@1 | 234 # Create a minimal chroot environment |
| pankso@1 | 235 gen_chroot() { |
| pankso@1 | 236 [ "$clean" ] && clean_chroot |
| pankso@1 | 237 if [ -d "$root/bin" ]; then |
| paul@5 | 238 echo "A chroot already exists: Use -cc command or --clean option" |
| pankso@1 | 239 exit 1 |
| pankso@1 | 240 fi |
| pankso@1 | 241 [ "$clean" ] || newline |
| pankso@1 | 242 boldify "Creating chroot in: $root" |
| pankso@1 | 243 separator |
| pankso@1 | 244 mkdir -p ${root} |
| pankso@1 | 245 for pkg in ${chrootpkgs} |
| pankso@1 | 246 do |
| pankso@1 | 247 echo -n "Installing: $pkg" |
| pankso@1 | 248 tazpkg -gi ${pkg} --root=${root} >/dev/null |
| pankso@1 | 249 status |
| pankso@1 | 250 done |
| pankso@1 | 251 echo -n "Installing: /bin/slish.sh" |
| pankso@1 | 252 install -m 0755 ${data}/slish.sh ${root}/bin |
| pankso@1 | 253 cp -a /etc/resolv.conf ${root}/etc |
| pankso@1 | 254 status |
| pankso@1 | 255 separator && newline |
| pankso@1 | 256 } |
| pankso@1 | 257 |
| pankso@1 | 258 # Clean up a chroot environment |
| pankso@1 | 259 clean_chroot() { |
| pankso@1 | 260 if [ ! -d "$root/bin" ]; then |
| pankso@1 | 261 echo "No chroot found in: $root" && exit 0 |
| pankso@1 | 262 fi |
| pankso@1 | 263 newline |
| pankso@1 | 264 boldify "Cleaning: $root" |
| pankso@1 | 265 separator |
| pankso@1 | 266 cd ${root} |
| pankso@1 | 267 for dir in * |
| pankso@1 | 268 do |
| pankso@1 | 269 size=$(du -sh $dir | awk '{print $1}') |
| pankso@1 | 270 case "$dir" in |
| pankso@1 | 271 etc|home|root|lost*) continue ;; |
| pankso@1 | 272 *) |
| pankso@1 | 273 echo -n "Removing: $dir $size" |
| pankso@1 | 274 rm -rf ${dir} ; status ;; |
| pankso@1 | 275 esac |
| pankso@1 | 276 done && separator && newline |
| pankso@1 | 277 } |
| pankso@1 | 278 |
| pankso@1 | 279 # |
| pankso@1 | 280 # Handle commands |
| pankso@1 | 281 # |
| pankso@1 | 282 |
| pankso@1 | 283 case "$1" in |
| pankso@6 | 284 info) |
| pankso@1 | 285 check_root |
| pankso@6 | 286 newline |
| pankso@6 | 287 boldify "Info" |
| pankso@6 | 288 separator |
| pankso@6 | 289 echo -n "Chroot size : " && du -sh ${root} |
| pankso@6 | 290 echo -n "Users accounts : " && ls -1 ${people} | wc -l |
| pankso@6 | 291 echo -n "Signup queue : " && ls -1 ${queue} | wc -l |
| pankso@6 | 292 separator && newline ;; |
| pankso@6 | 293 last) |
| pankso@6 | 294 check_root |
| pankso@6 | 295 newline |
| pankso@6 | 296 boldify "Last users" |
| pankso@6 | 297 separator |
| pankso@6 | 298 tac ${activity} | head -n 20 |
| pankso@6 | 299 separator && newline ;; |
| pankso@7 | 300 users) |
| pankso@7 | 301 check_root |
| pankso@7 | 302 newline |
| pankso@7 | 303 boldify "Users list" |
| pankso@7 | 304 separator |
| pankso@7 | 305 for user in $(ls ${people}) |
| pankso@7 | 306 do |
| pankso@7 | 307 . ${people}/${user}/account.conf |
| pankso@7 | 308 echo -n "$(colorize 34 "$user")" |
| pankso@7 | 309 echo -n "$(indent 20 "$NAME")" && indent 46 "<$MAIL>" |
| pankso@7 | 310 done |
| pankso@7 | 311 separator && newline ;; |
| pankso@1 | 312 setup) |
| pankso@1 | 313 check_root |
| pankso@1 | 314 setup ;; |
| pankso@1 | 315 adduser) |
| pankso@6 | 316 # We can adduser from cmdline or from the signup queue |
| pankso@1 | 317 check_root |
| pankso@11 | 318 if [ "$queued" ]; then |
| pankso@6 | 319 add_queued_user |
| pankso@6 | 320 else |
| pankso@6 | 321 add_user |
| pankso@6 | 322 fi ;; |
| pankso@1 | 323 deluser) |
| pankso@1 | 324 check_root |
| pankso@1 | 325 del_user ;; |
| pankso@1 | 326 -gc|gen-chroot) |
| pankso@1 | 327 check_root |
| pankso@1 | 328 gen_chroot ;; |
| pankso@1 | 329 -cc|clean-chroot) |
| pankso@1 | 330 check_root |
| pankso@1 | 331 clean_chroot ;; |
| pankso@1 | 332 -c|chroot) |
| pankso@1 | 333 echo "Chrooting to: $root" |
| pankso@1 | 334 chroot ${root} /bin/sh |
| pankso@1 | 335 echo "Exiting from: $root" ;; |
| pankso@6 | 336 -lq|list-queue) |
| pankso@6 | 337 # Check online signup queue but do nothing |
| pankso@8 | 338 for user in $(ls ${queue}) |
| pankso@1 | 339 do |
| pankso@6 | 340 show_queued_user |
| pankso@6 | 341 done |
| pankso@6 | 342 echo "" ;; |
| pankso@1 | 343 *) |
| pankso@6 | 344 # /usr/bin/slish is executed on login to chroot the user |
| pankso@1 | 345 if [ -d "$root/home/$USER" ]; then |
| pankso@1 | 346 . ${people}/"$USER"/account.conf |
| pankso@1 | 347 log "Chrooting user: $USER" |
| pankso@1 | 348 ulimit $(echo "$ULIMIT") |
| pankso@11 | 349 exec /usr/sbin/chroot ${root} /bin/slish.sh "$@" |
| pankso@1 | 350 else |
| pankso@1 | 351 usage |
| pankso@1 | 352 fi ;; |
| pankso@1 | 353 esac |
| pankso@1 | 354 |
| pankso@1 | 355 exit 0 |