slish annotate slish @ rev 5
Tiny edits
| author | Paul Issott <paul@slitaz.org> |
|---|---|
| date | Wed Jan 22 21:21:29 2014 +0000 (2014-01-22) |
| parents | e2f77a3185ab |
| children | e9a2fa5a68d9 |
| rev | line source |
|---|---|
| pankso@1 | 1 #!/bin/sh |
| pankso@1 | 2 # |
| paul@5 | 3 # SliSH - The SliTaz SHell on demand. No gettext this is a pure admin |
| paul@5 | 4 # mainly developed for slish.in but which can be used by other projects. |
| pankso@1 | 5 # |
| pankso@1 | 6 # Copyright (C) 2014 SliTaz GNU/Linux - BSD License |
| pankso@1 | 7 # Author: Christophe Lincoln <pankso@slitaz.org> |
| pankso@1 | 8 # |
| pankso@1 | 9 export LANG=en LC_ALL=en |
| pankso@1 | 10 . /lib/libtaz.sh |
| pankso@1 | 11 |
| pankso@1 | 12 [ "$root" ] || root="/home/slish/chroot" |
| pankso@1 | 13 people="$(dirname $root)/people" |
| pankso@1 | 14 data="/usr/share/slish" |
| pankso@1 | 15 logs="$(dirname $root)/logs" |
| pankso@1 | 16 cache="$(dirname $root)/cache" |
| pankso@1 | 17 activity="$logs/activity.log" |
| pankso@1 | 18 queue="${cache}/signup-queue" |
| pankso@1 | 19 domain="slish.in" |
| pankso@1 | 20 |
| pankso@1 | 21 # Basic chroot packages |
| pankso@1 | 22 chrootpkgs="glibc-base slitaz-base-files ncursesw nano ytree busybox-slish |
| pankso@1 | 23 tcc rhapsody" |
| pankso@1 | 24 |
| pankso@1 | 25 # |
| pankso@1 | 26 # Functions |
| pankso@1 | 27 # |
| pankso@1 | 28 |
| pankso@1 | 29 usage() { |
| pankso@1 | 30 cat << EOT |
| pankso@1 | 31 |
| pankso@1 | 32 $(boldify "Usage:") $(basename $0) [command] [--option] |
| pankso@1 | 33 |
| pankso@1 | 34 $(boldify "Commands:") |
| pankso@1 | 35 info Display paths, configs and some stats |
| paul@5 | 36 setup Setup SliSH server and user chroot |
| pankso@1 | 37 gen-chroot Generate a new default or user chroot |
| pankso@1 | 38 clean-chroot Clean the chroot but skip home and root |
| pankso@1 | 39 adduser Add a user to the server with \$HOME in chroot |
| pankso@1 | 40 deluser Delete a SliSH user from server and chroot |
| pankso@1 | 41 |
| pankso@1 | 42 $(boldify "Options:") |
| pankso@1 | 43 --root= Set the path to the SliSH or user chroot |
| pankso@1 | 44 --clean Clean the chroot before gen-chroot |
| pankso@1 | 45 |
| pankso@1 | 46 EOT |
| pankso@1 | 47 } |
| pankso@1 | 48 |
| pankso@1 | 49 # Setup SliSH server |
| pankso@1 | 50 setup() { |
| pankso@1 | 51 # Allow users to use the chroot command |
| pankso@1 | 52 if ! grep -q "^chroot =" /etc/busybox.conf; then |
| pankso@1 | 53 echo "Allowing all users to use: chroot" |
| pankso@1 | 54 echo 'chroot = ssx root.root' >> /etc/busybox.conf |
| pankso@1 | 55 fi |
| pankso@1 | 56 # Gen a chroot if not yet done |
| pankso@1 | 57 if [ ! -d "$root" ]; then |
| pankso@1 | 58 echo "Creating a chroot environment..." |
| pankso@1 | 59 gen_chroot |
| pankso@1 | 60 fi |
| pankso@1 | 61 # Also used by the CGI web interface |
| pankso@1 | 62 for dir in ${people} ${cache} ${logs}; do |
| pankso@1 | 63 echo "Setting up the $(basename $dir) directory..." |
| pankso@1 | 64 mkdir -p ${dir} && chown www.www ${dir} |
| pankso@1 | 65 done |
| paul@5 | 66 # Activity log must be writable by users |
| pankso@1 | 67 touch ${activity} && chmod 0666 ${activity} |
| pankso@1 | 68 echo "All done!" |
| pankso@1 | 69 } |
| pankso@1 | 70 |
| pankso@1 | 71 # Gen a user config file |
| pankso@1 | 72 user_config() { |
| pankso@1 | 73 echo -n "Creating SliSH account configuration..." |
| pankso@1 | 74 mkdir -p ${people}/${user} |
| pankso@1 | 75 cat > ${people}/${user}/account.conf << EOT |
| pankso@1 | 76 # SliSH account configuration |
| pankso@1 | 77 |
| pankso@1 | 78 NAME="$name" |
| pankso@1 | 79 USER="$user" |
| pankso@1 | 80 MAIL="$mail" |
| pankso@1 | 81 |
| pankso@1 | 82 ULIMIT="-d 4096 -m 4096 -l 32 -p 5 -v 16384" |
| pankso@1 | 83 QUOTA="" |
| pankso@1 | 84 |
| pankso@1 | 85 EOT |
| pankso@1 | 86 chmod 0600 ${people}/${user}/account.conf |
| pankso@1 | 87 chown ${user}.${user} ${people}/${user}/account.conf |
| pankso@1 | 88 status |
| pankso@1 | 89 } |
| pankso@1 | 90 |
| pankso@1 | 91 # Mail body. |
| pankso@1 | 92 user_mail() { |
| pankso@1 | 93 cat << EOT |
| pankso@1 | 94 From: SliSH <shell@${domain}> |
| pankso@1 | 95 To: $mail |
| pankso@1 | 96 Date: $(date '+%a, %d %b %Y %H:%M:%S %z') |
| pankso@1 | 97 Subject: SliSH - Account created |
| pankso@1 | 98 Content-Type: text/plain; charset=utf-8 |
| pankso@1 | 99 Content-Transfer-Encoding: 8bit |
| pankso@1 | 100 |
| pankso@1 | 101 Hi, |
| pankso@1 | 102 |
| pankso@1 | 103 Your custom SliTaz GNU/Linux SHell is ready to use! You can login with: |
| pankso@1 | 104 |
| pankso@1 | 105 $ ssh ${user}@${domain} |
| pankso@1 | 106 |
| pankso@1 | 107 Visit http://slish.in and http://www.slitaz.org for the latest news about |
| pankso@1 | 108 both projects. |
| pankso@1 | 109 |
| pankso@1 | 110 Happy SliTaz :-) |
| pankso@1 | 111 |
| pankso@1 | 112 --- |
| pankso@1 | 113 Sent by the SliSH Mailer |
| pankso@1 | 114 |
| pankso@1 | 115 EOT |
| pankso@1 | 116 } |
| pankso@1 | 117 |
| pankso@1 | 118 # Add a new SliSH user |
| pankso@1 | 119 add_user() { |
| pankso@1 | 120 home="$root/home/$user" |
| pankso@1 | 121 shell="/usr/bin/slish" |
| pankso@1 | 122 |
| pankso@1 | 123 if grep -q ^${user}: /etc/passwd; then |
| pankso@1 | 124 newline |
| pankso@1 | 125 echo -n "User already exists: "; colorize 31 "$user" |
| pankso@1 | 126 newline && exit 0 |
| pankso@1 | 127 fi |
| pankso@1 | 128 newline |
| pankso@1 | 129 echo -n "$(boldify 'Creating user:') "; colorize 32 "$user" |
| pankso@1 | 130 separator |
| pankso@1 | 131 echo -e "$pass\n$pass" | adduser -h "$home" -g "SliSH User" \ |
| pankso@1 | 132 -s ${shell} ${user} >/dev/null |
| pankso@1 | 133 |
| pankso@1 | 134 # Add user to chroot /etc/passwd |
| pankso@1 | 135 if ! grep -q ^${user}: ${root}/etc/passwd; then |
| pankso@1 | 136 echo -n "Adding $user to: $root" |
| pankso@1 | 137 grep "^$user:" /etc/passwd >> ${root}/etc/passwd |
| pankso@1 | 138 grep "^$user:" /etc/group >> ${root}/etc/group |
| pankso@1 | 139 sed -i s"!$root!!" ${root}/etc/passwd |
| pankso@1 | 140 status |
| pankso@1 | 141 fi |
| pankso@1 | 142 |
| pankso@1 | 143 # We don't want any files from /etc/skel. |
| pankso@1 | 144 echo -n "Cleaning home and creating: ~/.ssh" |
| pankso@1 | 145 rm -rf ${home} && mkdir -p ${home}/.ssh |
| pankso@1 | 146 status |
| pankso@1 | 147 |
| pankso@1 | 148 # Let a web server access an eventual ~/Public dir |
| pankso@1 | 149 echo -n "Changing mode on user home..." |
| pankso@1 | 150 chown -R ${user}.${user} ${home} |
| pankso@1 | 151 chown ${user}.www ${home} |
| pankso@1 | 152 chmod 0750 ${home} |
| pankso@1 | 153 chmod 0700 ${home}/.ssh |
| pankso@1 | 154 status |
| pankso@1 | 155 user_config |
| pankso@1 | 156 # Send mail to notify user account creation |
| pankso@1 | 157 if [ -x /usr/sbin/sendmail ]; then |
| pankso@1 | 158 echo -n "Sending mail to: $mail" |
| pankso@1 | 159 user_mail | /usr/sbin/sendmail -f "shell@${domain}" "$mail" |
| pankso@1 | 160 status |
| pankso@1 | 161 fi |
| pankso@1 | 162 separator && newline |
| pankso@1 | 163 } |
| pankso@1 | 164 |
| pankso@1 | 165 # Delete a SliSH user |
| pankso@1 | 166 del_user() { |
| pankso@1 | 167 home="$root/home/$user" |
| pankso@1 | 168 if [ ! -d "$home" ] || [ ! "$user" ]; then |
| pankso@1 | 169 newline |
| pankso@1 | 170 echo "Missing --user= name option or invalid user name" |
| pankso@1 | 171 newline && exit 0 |
| pankso@1 | 172 fi |
| pankso@1 | 173 newline |
| pankso@1 | 174 echo "$(boldify 'Deleting user:') $(colorize 32 "$user")" |
| pankso@1 | 175 separator |
| pankso@1 | 176 echo -n "Removing user account from: $(hostname) server" |
| pankso@1 | 177 deluser "$user"; status |
| pankso@1 | 178 sed -i "/^$user:/"d ${root}/etc/passwd |
| pankso@1 | 179 sed -i "/^$user:/"d ${root}/etc/group |
| pankso@1 | 180 echo -n "Removing all files in : $home" |
| pankso@1 | 181 rm -rf ${home} ; status |
| pankso@1 | 182 echo -n "Removing user config : $people/$user" |
| pankso@1 | 183 rm -rf "${people}/${user}" ; status |
| pankso@1 | 184 separator && newline |
| pankso@1 | 185 } |
| pankso@1 | 186 |
| pankso@1 | 187 # Create a minimal chroot environment |
| pankso@1 | 188 gen_chroot() { |
| pankso@1 | 189 [ "$clean" ] && clean_chroot |
| pankso@1 | 190 if [ -d "$root/bin" ]; then |
| paul@5 | 191 echo "A chroot already exists: Use -cc command or --clean option" |
| pankso@1 | 192 exit 1 |
| pankso@1 | 193 fi |
| pankso@1 | 194 [ "$clean" ] || newline |
| pankso@1 | 195 boldify "Creating chroot in: $root" |
| pankso@1 | 196 separator |
| pankso@1 | 197 mkdir -p ${root} |
| pankso@1 | 198 for pkg in ${chrootpkgs} |
| pankso@1 | 199 do |
| pankso@1 | 200 echo -n "Installing: $pkg" |
| pankso@1 | 201 tazpkg -gi ${pkg} --root=${root} >/dev/null |
| pankso@1 | 202 status |
| pankso@1 | 203 done |
| pankso@1 | 204 echo -n "Installing: /bin/slish.sh" |
| pankso@1 | 205 install -m 0755 ${data}/slish.sh ${root}/bin |
| pankso@1 | 206 cp -a /etc/resolv.conf ${root}/etc |
| pankso@1 | 207 status |
| pankso@1 | 208 separator && newline |
| pankso@1 | 209 } |
| pankso@1 | 210 |
| pankso@1 | 211 # Clean up a chroot environment |
| pankso@1 | 212 clean_chroot() { |
| pankso@1 | 213 if [ ! -d "$root/bin" ]; then |
| pankso@1 | 214 echo "No chroot found in: $root" && exit 0 |
| pankso@1 | 215 fi |
| pankso@1 | 216 newline |
| pankso@1 | 217 boldify "Cleaning: $root" |
| pankso@1 | 218 separator |
| pankso@1 | 219 cd ${root} |
| pankso@1 | 220 for dir in * |
| pankso@1 | 221 do |
| pankso@1 | 222 size=$(du -sh $dir | awk '{print $1}') |
| pankso@1 | 223 case "$dir" in |
| pankso@1 | 224 etc|home|root|lost*) continue ;; |
| pankso@1 | 225 *) |
| pankso@1 | 226 echo -n "Removing: $dir $size" |
| pankso@1 | 227 rm -rf ${dir} ; status ;; |
| pankso@1 | 228 esac |
| pankso@1 | 229 done && separator && newline |
| pankso@1 | 230 } |
| pankso@1 | 231 |
| pankso@1 | 232 # |
| pankso@1 | 233 # Handle commands |
| pankso@1 | 234 # |
| pankso@1 | 235 |
| pankso@1 | 236 case "$1" in |
| pankso@1 | 237 -i|info) |
| pankso@1 | 238 check_root |
| pankso@1 | 239 echo -n "Chroot size : " && du -sh ${root} |
| pankso@1 | 240 echo -n "Users count : " && ls -1 ${people} | wc -l ;; |
| pankso@1 | 241 setup) |
| pankso@1 | 242 check_root |
| pankso@1 | 243 setup ;; |
| pankso@1 | 244 adduser) |
| pankso@1 | 245 check_root |
| pankso@1 | 246 add_user ;; |
| pankso@1 | 247 deluser) |
| pankso@1 | 248 check_root |
| pankso@1 | 249 del_user ;; |
| pankso@1 | 250 -gc|gen-chroot) |
| pankso@1 | 251 check_root |
| pankso@1 | 252 gen_chroot ;; |
| pankso@1 | 253 -cc|clean-chroot) |
| pankso@1 | 254 check_root |
| pankso@1 | 255 clean_chroot ;; |
| pankso@1 | 256 -c|chroot) |
| pankso@1 | 257 echo "Chrooting to: $root" |
| pankso@1 | 258 chroot ${root} /bin/sh |
| pankso@1 | 259 echo "Exiting from: $root" ;; |
| pankso@1 | 260 -cq|check-queue) |
| pankso@1 | 261 # Check online registration queue |
| pankso@1 | 262 for user in $(ls ${queue}) |
| pankso@1 | 263 do |
| pankso@1 | 264 . ${queue}/${user}/account.conf |
| pankso@1 | 265 pass=$(cat ${queue}/${user}/passwd | base64 -d) |
| pankso@1 | 266 add_user |
| pankso@1 | 267 rm -rf ${queue}/${user} |
| pankso@1 | 268 done ;; |
| pankso@1 | 269 *) |
| paul@5 | 270 # /usr/bin/slish is be executed on login to chroot the user |
| pankso@1 | 271 if [ -d "$root/home/$USER" ]; then |
| pankso@1 | 272 . ${people}/"$USER"/account.conf |
| pankso@1 | 273 log "Chrooting user: $USER" |
| pankso@1 | 274 ulimit $(echo "$ULIMIT") |
| pankso@1 | 275 exec chroot $root /bin/slish.sh "$@" |
| pankso@1 | 276 else |
| pankso@1 | 277 usage |
| pankso@1 | 278 fi ;; |
| pankso@1 | 279 esac |
| pankso@1 | 280 |
| pankso@1 | 281 exit 0 |