slish annotate slish @ rev 5
Tiny edits
author | Paul Issott <paul@slitaz.org> |
---|---|
date | Wed Jan 22 21:21:29 2014 +0000 (2014-01-22) |
parents | e2f77a3185ab |
children | e9a2fa5a68d9 |
rev | line source |
---|---|
pankso@1 | 1 #!/bin/sh |
pankso@1 | 2 # |
paul@5 | 3 # SliSH - The SliTaz SHell on demand. No gettext this is a pure admin |
paul@5 | 4 # mainly developed for slish.in but which can be used by other projects. |
pankso@1 | 5 # |
pankso@1 | 6 # Copyright (C) 2014 SliTaz GNU/Linux - BSD License |
pankso@1 | 7 # Author: Christophe Lincoln <pankso@slitaz.org> |
pankso@1 | 8 # |
pankso@1 | 9 export LANG=en LC_ALL=en |
pankso@1 | 10 . /lib/libtaz.sh |
pankso@1 | 11 |
pankso@1 | 12 [ "$root" ] || root="/home/slish/chroot" |
pankso@1 | 13 people="$(dirname $root)/people" |
pankso@1 | 14 data="/usr/share/slish" |
pankso@1 | 15 logs="$(dirname $root)/logs" |
pankso@1 | 16 cache="$(dirname $root)/cache" |
pankso@1 | 17 activity="$logs/activity.log" |
pankso@1 | 18 queue="${cache}/signup-queue" |
pankso@1 | 19 domain="slish.in" |
pankso@1 | 20 |
pankso@1 | 21 # Basic chroot packages |
pankso@1 | 22 chrootpkgs="glibc-base slitaz-base-files ncursesw nano ytree busybox-slish |
pankso@1 | 23 tcc rhapsody" |
pankso@1 | 24 |
pankso@1 | 25 # |
pankso@1 | 26 # Functions |
pankso@1 | 27 # |
pankso@1 | 28 |
pankso@1 | 29 usage() { |
pankso@1 | 30 cat << EOT |
pankso@1 | 31 |
pankso@1 | 32 $(boldify "Usage:") $(basename $0) [command] [--option] |
pankso@1 | 33 |
pankso@1 | 34 $(boldify "Commands:") |
pankso@1 | 35 info Display paths, configs and some stats |
paul@5 | 36 setup Setup SliSH server and user chroot |
pankso@1 | 37 gen-chroot Generate a new default or user chroot |
pankso@1 | 38 clean-chroot Clean the chroot but skip home and root |
pankso@1 | 39 adduser Add a user to the server with \$HOME in chroot |
pankso@1 | 40 deluser Delete a SliSH user from server and chroot |
pankso@1 | 41 |
pankso@1 | 42 $(boldify "Options:") |
pankso@1 | 43 --root= Set the path to the SliSH or user chroot |
pankso@1 | 44 --clean Clean the chroot before gen-chroot |
pankso@1 | 45 |
pankso@1 | 46 EOT |
pankso@1 | 47 } |
pankso@1 | 48 |
pankso@1 | 49 # Setup SliSH server |
pankso@1 | 50 setup() { |
pankso@1 | 51 # Allow users to use the chroot command |
pankso@1 | 52 if ! grep -q "^chroot =" /etc/busybox.conf; then |
pankso@1 | 53 echo "Allowing all users to use: chroot" |
pankso@1 | 54 echo 'chroot = ssx root.root' >> /etc/busybox.conf |
pankso@1 | 55 fi |
pankso@1 | 56 # Gen a chroot if not yet done |
pankso@1 | 57 if [ ! -d "$root" ]; then |
pankso@1 | 58 echo "Creating a chroot environment..." |
pankso@1 | 59 gen_chroot |
pankso@1 | 60 fi |
pankso@1 | 61 # Also used by the CGI web interface |
pankso@1 | 62 for dir in ${people} ${cache} ${logs}; do |
pankso@1 | 63 echo "Setting up the $(basename $dir) directory..." |
pankso@1 | 64 mkdir -p ${dir} && chown www.www ${dir} |
pankso@1 | 65 done |
paul@5 | 66 # Activity log must be writable by users |
pankso@1 | 67 touch ${activity} && chmod 0666 ${activity} |
pankso@1 | 68 echo "All done!" |
pankso@1 | 69 } |
pankso@1 | 70 |
pankso@1 | 71 # Gen a user config file |
pankso@1 | 72 user_config() { |
pankso@1 | 73 echo -n "Creating SliSH account configuration..." |
pankso@1 | 74 mkdir -p ${people}/${user} |
pankso@1 | 75 cat > ${people}/${user}/account.conf << EOT |
pankso@1 | 76 # SliSH account configuration |
pankso@1 | 77 |
pankso@1 | 78 NAME="$name" |
pankso@1 | 79 USER="$user" |
pankso@1 | 80 MAIL="$mail" |
pankso@1 | 81 |
pankso@1 | 82 ULIMIT="-d 4096 -m 4096 -l 32 -p 5 -v 16384" |
pankso@1 | 83 QUOTA="" |
pankso@1 | 84 |
pankso@1 | 85 EOT |
pankso@1 | 86 chmod 0600 ${people}/${user}/account.conf |
pankso@1 | 87 chown ${user}.${user} ${people}/${user}/account.conf |
pankso@1 | 88 status |
pankso@1 | 89 } |
pankso@1 | 90 |
pankso@1 | 91 # Mail body. |
pankso@1 | 92 user_mail() { |
pankso@1 | 93 cat << EOT |
pankso@1 | 94 From: SliSH <shell@${domain}> |
pankso@1 | 95 To: $mail |
pankso@1 | 96 Date: $(date '+%a, %d %b %Y %H:%M:%S %z') |
pankso@1 | 97 Subject: SliSH - Account created |
pankso@1 | 98 Content-Type: text/plain; charset=utf-8 |
pankso@1 | 99 Content-Transfer-Encoding: 8bit |
pankso@1 | 100 |
pankso@1 | 101 Hi, |
pankso@1 | 102 |
pankso@1 | 103 Your custom SliTaz GNU/Linux SHell is ready to use! You can login with: |
pankso@1 | 104 |
pankso@1 | 105 $ ssh ${user}@${domain} |
pankso@1 | 106 |
pankso@1 | 107 Visit http://slish.in and http://www.slitaz.org for the latest news about |
pankso@1 | 108 both projects. |
pankso@1 | 109 |
pankso@1 | 110 Happy SliTaz :-) |
pankso@1 | 111 |
pankso@1 | 112 --- |
pankso@1 | 113 Sent by the SliSH Mailer |
pankso@1 | 114 |
pankso@1 | 115 EOT |
pankso@1 | 116 } |
pankso@1 | 117 |
pankso@1 | 118 # Add a new SliSH user |
pankso@1 | 119 add_user() { |
pankso@1 | 120 home="$root/home/$user" |
pankso@1 | 121 shell="/usr/bin/slish" |
pankso@1 | 122 |
pankso@1 | 123 if grep -q ^${user}: /etc/passwd; then |
pankso@1 | 124 newline |
pankso@1 | 125 echo -n "User already exists: "; colorize 31 "$user" |
pankso@1 | 126 newline && exit 0 |
pankso@1 | 127 fi |
pankso@1 | 128 newline |
pankso@1 | 129 echo -n "$(boldify 'Creating user:') "; colorize 32 "$user" |
pankso@1 | 130 separator |
pankso@1 | 131 echo -e "$pass\n$pass" | adduser -h "$home" -g "SliSH User" \ |
pankso@1 | 132 -s ${shell} ${user} >/dev/null |
pankso@1 | 133 |
pankso@1 | 134 # Add user to chroot /etc/passwd |
pankso@1 | 135 if ! grep -q ^${user}: ${root}/etc/passwd; then |
pankso@1 | 136 echo -n "Adding $user to: $root" |
pankso@1 | 137 grep "^$user:" /etc/passwd >> ${root}/etc/passwd |
pankso@1 | 138 grep "^$user:" /etc/group >> ${root}/etc/group |
pankso@1 | 139 sed -i s"!$root!!" ${root}/etc/passwd |
pankso@1 | 140 status |
pankso@1 | 141 fi |
pankso@1 | 142 |
pankso@1 | 143 # We don't want any files from /etc/skel. |
pankso@1 | 144 echo -n "Cleaning home and creating: ~/.ssh" |
pankso@1 | 145 rm -rf ${home} && mkdir -p ${home}/.ssh |
pankso@1 | 146 status |
pankso@1 | 147 |
pankso@1 | 148 # Let a web server access an eventual ~/Public dir |
pankso@1 | 149 echo -n "Changing mode on user home..." |
pankso@1 | 150 chown -R ${user}.${user} ${home} |
pankso@1 | 151 chown ${user}.www ${home} |
pankso@1 | 152 chmod 0750 ${home} |
pankso@1 | 153 chmod 0700 ${home}/.ssh |
pankso@1 | 154 status |
pankso@1 | 155 user_config |
pankso@1 | 156 # Send mail to notify user account creation |
pankso@1 | 157 if [ -x /usr/sbin/sendmail ]; then |
pankso@1 | 158 echo -n "Sending mail to: $mail" |
pankso@1 | 159 user_mail | /usr/sbin/sendmail -f "shell@${domain}" "$mail" |
pankso@1 | 160 status |
pankso@1 | 161 fi |
pankso@1 | 162 separator && newline |
pankso@1 | 163 } |
pankso@1 | 164 |
pankso@1 | 165 # Delete a SliSH user |
pankso@1 | 166 del_user() { |
pankso@1 | 167 home="$root/home/$user" |
pankso@1 | 168 if [ ! -d "$home" ] || [ ! "$user" ]; then |
pankso@1 | 169 newline |
pankso@1 | 170 echo "Missing --user= name option or invalid user name" |
pankso@1 | 171 newline && exit 0 |
pankso@1 | 172 fi |
pankso@1 | 173 newline |
pankso@1 | 174 echo "$(boldify 'Deleting user:') $(colorize 32 "$user")" |
pankso@1 | 175 separator |
pankso@1 | 176 echo -n "Removing user account from: $(hostname) server" |
pankso@1 | 177 deluser "$user"; status |
pankso@1 | 178 sed -i "/^$user:/"d ${root}/etc/passwd |
pankso@1 | 179 sed -i "/^$user:/"d ${root}/etc/group |
pankso@1 | 180 echo -n "Removing all files in : $home" |
pankso@1 | 181 rm -rf ${home} ; status |
pankso@1 | 182 echo -n "Removing user config : $people/$user" |
pankso@1 | 183 rm -rf "${people}/${user}" ; status |
pankso@1 | 184 separator && newline |
pankso@1 | 185 } |
pankso@1 | 186 |
pankso@1 | 187 # Create a minimal chroot environment |
pankso@1 | 188 gen_chroot() { |
pankso@1 | 189 [ "$clean" ] && clean_chroot |
pankso@1 | 190 if [ -d "$root/bin" ]; then |
paul@5 | 191 echo "A chroot already exists: Use -cc command or --clean option" |
pankso@1 | 192 exit 1 |
pankso@1 | 193 fi |
pankso@1 | 194 [ "$clean" ] || newline |
pankso@1 | 195 boldify "Creating chroot in: $root" |
pankso@1 | 196 separator |
pankso@1 | 197 mkdir -p ${root} |
pankso@1 | 198 for pkg in ${chrootpkgs} |
pankso@1 | 199 do |
pankso@1 | 200 echo -n "Installing: $pkg" |
pankso@1 | 201 tazpkg -gi ${pkg} --root=${root} >/dev/null |
pankso@1 | 202 status |
pankso@1 | 203 done |
pankso@1 | 204 echo -n "Installing: /bin/slish.sh" |
pankso@1 | 205 install -m 0755 ${data}/slish.sh ${root}/bin |
pankso@1 | 206 cp -a /etc/resolv.conf ${root}/etc |
pankso@1 | 207 status |
pankso@1 | 208 separator && newline |
pankso@1 | 209 } |
pankso@1 | 210 |
pankso@1 | 211 # Clean up a chroot environment |
pankso@1 | 212 clean_chroot() { |
pankso@1 | 213 if [ ! -d "$root/bin" ]; then |
pankso@1 | 214 echo "No chroot found in: $root" && exit 0 |
pankso@1 | 215 fi |
pankso@1 | 216 newline |
pankso@1 | 217 boldify "Cleaning: $root" |
pankso@1 | 218 separator |
pankso@1 | 219 cd ${root} |
pankso@1 | 220 for dir in * |
pankso@1 | 221 do |
pankso@1 | 222 size=$(du -sh $dir | awk '{print $1}') |
pankso@1 | 223 case "$dir" in |
pankso@1 | 224 etc|home|root|lost*) continue ;; |
pankso@1 | 225 *) |
pankso@1 | 226 echo -n "Removing: $dir $size" |
pankso@1 | 227 rm -rf ${dir} ; status ;; |
pankso@1 | 228 esac |
pankso@1 | 229 done && separator && newline |
pankso@1 | 230 } |
pankso@1 | 231 |
pankso@1 | 232 # |
pankso@1 | 233 # Handle commands |
pankso@1 | 234 # |
pankso@1 | 235 |
pankso@1 | 236 case "$1" in |
pankso@1 | 237 -i|info) |
pankso@1 | 238 check_root |
pankso@1 | 239 echo -n "Chroot size : " && du -sh ${root} |
pankso@1 | 240 echo -n "Users count : " && ls -1 ${people} | wc -l ;; |
pankso@1 | 241 setup) |
pankso@1 | 242 check_root |
pankso@1 | 243 setup ;; |
pankso@1 | 244 adduser) |
pankso@1 | 245 check_root |
pankso@1 | 246 add_user ;; |
pankso@1 | 247 deluser) |
pankso@1 | 248 check_root |
pankso@1 | 249 del_user ;; |
pankso@1 | 250 -gc|gen-chroot) |
pankso@1 | 251 check_root |
pankso@1 | 252 gen_chroot ;; |
pankso@1 | 253 -cc|clean-chroot) |
pankso@1 | 254 check_root |
pankso@1 | 255 clean_chroot ;; |
pankso@1 | 256 -c|chroot) |
pankso@1 | 257 echo "Chrooting to: $root" |
pankso@1 | 258 chroot ${root} /bin/sh |
pankso@1 | 259 echo "Exiting from: $root" ;; |
pankso@1 | 260 -cq|check-queue) |
pankso@1 | 261 # Check online registration queue |
pankso@1 | 262 for user in $(ls ${queue}) |
pankso@1 | 263 do |
pankso@1 | 264 . ${queue}/${user}/account.conf |
pankso@1 | 265 pass=$(cat ${queue}/${user}/passwd | base64 -d) |
pankso@1 | 266 add_user |
pankso@1 | 267 rm -rf ${queue}/${user} |
pankso@1 | 268 done ;; |
pankso@1 | 269 *) |
paul@5 | 270 # /usr/bin/slish is be executed on login to chroot the user |
pankso@1 | 271 if [ -d "$root/home/$USER" ]; then |
pankso@1 | 272 . ${people}/"$USER"/account.conf |
pankso@1 | 273 log "Chrooting user: $USER" |
pankso@1 | 274 ulimit $(echo "$ULIMIT") |
pankso@1 | 275 exec chroot $root /bin/slish.sh "$@" |
pankso@1 | 276 else |
pankso@1 | 277 usage |
pankso@1 | 278 fi ;; |
pankso@1 | 279 esac |
pankso@1 | 280 |
pankso@1 | 281 exit 0 |