slish annotate slish @ rev 8
Fix a typo and change a function name
| author | Christophe Lincoln <pankso@slitaz.org> |
|---|---|
| date | Fri Jan 24 20:15:38 2014 +0100 (2014-01-24) |
| parents | 65ad158a371b |
| children | faccc5330d1b |
| rev | line source |
|---|---|
| pankso@1 | 1 #!/bin/sh |
| pankso@1 | 2 # |
| paul@5 | 3 # SliSH - The SliTaz SHell on demand. No gettext this is a pure admin |
| paul@5 | 4 # mainly developed for slish.in but which can be used by other projects. |
| pankso@1 | 5 # |
| pankso@1 | 6 # Copyright (C) 2014 SliTaz GNU/Linux - BSD License |
| pankso@1 | 7 # Author: Christophe Lincoln <pankso@slitaz.org> |
| pankso@1 | 8 # |
| pankso@1 | 9 export LANG=en LC_ALL=en |
| pankso@1 | 10 . /lib/libtaz.sh |
| pankso@1 | 11 |
| pankso@1 | 12 [ "$root" ] || root="/home/slish/chroot" |
| pankso@1 | 13 people="$(dirname $root)/people" |
| pankso@1 | 14 data="/usr/share/slish" |
| pankso@1 | 15 logs="$(dirname $root)/logs" |
| pankso@1 | 16 cache="$(dirname $root)/cache" |
| pankso@1 | 17 activity="$logs/activity.log" |
| pankso@1 | 18 queue="${cache}/signup-queue" |
| pankso@1 | 19 domain="slish.in" |
| pankso@1 | 20 |
| pankso@6 | 21 # Default chroot packages |
| pankso@1 | 22 chrootpkgs="glibc-base slitaz-base-files ncursesw nano ytree busybox-slish |
| pankso@1 | 23 tcc rhapsody" |
| pankso@1 | 24 |
| pankso@1 | 25 # |
| pankso@1 | 26 # Functions |
| pankso@1 | 27 # |
| pankso@1 | 28 |
| pankso@1 | 29 usage() { |
| pankso@1 | 30 cat << EOT |
| pankso@1 | 31 |
| pankso@1 | 32 $(boldify "Usage:") $(basename $0) [command] [--option] |
| pankso@1 | 33 |
| pankso@1 | 34 $(boldify "Commands:") |
| pankso@1 | 35 info Display paths, configs and some stats |
| pankso@7 | 36 last Show last chroted users |
| pankso@7 | 37 users List all users with name and mail |
| paul@5 | 38 setup Setup SliSH server and user chroot |
| pankso@1 | 39 gen-chroot Generate a new default or user chroot |
| pankso@1 | 40 clean-chroot Clean the chroot but skip home and root |
| pankso@1 | 41 adduser Add a user to the server with \$HOME in chroot |
| pankso@1 | 42 deluser Delete a SliSH user from server and chroot |
| pankso@6 | 43 list-queue List users in the signup queue |
| pankso@6 | 44 chroot Chroot to SliSH users default chroot |
| pankso@1 | 45 |
| pankso@1 | 46 $(boldify "Options:") |
| pankso@1 | 47 --root= Set the path to the SliSH or user chroot |
| pankso@1 | 48 --clean Clean the chroot before gen-chroot |
| pankso@6 | 49 --queued Add all users from the signup queue |
| pankso@1 | 50 |
| pankso@1 | 51 EOT |
| pankso@1 | 52 } |
| pankso@1 | 53 |
| pankso@1 | 54 # Setup SliSH server |
| pankso@1 | 55 setup() { |
| pankso@1 | 56 # Allow users to use the chroot command |
| pankso@1 | 57 if ! grep -q "^chroot =" /etc/busybox.conf; then |
| pankso@1 | 58 echo "Allowing all users to use: chroot" |
| pankso@1 | 59 echo 'chroot = ssx root.root' >> /etc/busybox.conf |
| pankso@1 | 60 fi |
| pankso@1 | 61 # Gen a chroot if not yet done |
| pankso@1 | 62 if [ ! -d "$root" ]; then |
| pankso@1 | 63 echo "Creating a chroot environment..." |
| pankso@1 | 64 gen_chroot |
| pankso@1 | 65 fi |
| pankso@1 | 66 # Also used by the CGI web interface |
| pankso@1 | 67 for dir in ${people} ${cache} ${logs}; do |
| pankso@1 | 68 echo "Setting up the $(basename $dir) directory..." |
| pankso@1 | 69 mkdir -p ${dir} && chown www.www ${dir} |
| pankso@1 | 70 done |
| paul@5 | 71 # Activity log must be writable by users |
| pankso@1 | 72 touch ${activity} && chmod 0666 ${activity} |
| pankso@1 | 73 echo "All done!" |
| pankso@1 | 74 } |
| pankso@1 | 75 |
| pankso@6 | 76 # Show user configs |
| pankso@6 | 77 show_queued_user() { |
| pankso@6 | 78 . ${queue}/${user}/account.conf |
| pankso@6 | 79 newline |
| pankso@6 | 80 separator |
| pankso@6 | 81 cat << EOT |
| pankso@6 | 82 User : $user |
| pankso@6 | 83 Name : $name |
| pankso@6 | 84 Mail : $mail |
| pankso@6 | 85 EOT |
| pankso@6 | 86 separator |
| pankso@6 | 87 } |
| pankso@6 | 88 |
| pankso@1 | 89 # Gen a user config file |
| pankso@1 | 90 user_config() { |
| pankso@1 | 91 echo -n "Creating SliSH account configuration..." |
| pankso@1 | 92 mkdir -p ${people}/${user} |
| pankso@1 | 93 cat > ${people}/${user}/account.conf << EOT |
| pankso@1 | 94 # SliSH account configuration |
| pankso@1 | 95 |
| pankso@1 | 96 NAME="$name" |
| pankso@1 | 97 USER="$user" |
| pankso@1 | 98 MAIL="$mail" |
| pankso@1 | 99 |
| pankso@1 | 100 ULIMIT="-d 4096 -m 4096 -l 32 -p 5 -v 16384" |
| pankso@6 | 101 QUOTA="50" |
| pankso@1 | 102 |
| pankso@1 | 103 EOT |
| pankso@1 | 104 chmod 0600 ${people}/${user}/account.conf |
| pankso@1 | 105 chown ${user}.${user} ${people}/${user}/account.conf |
| pankso@1 | 106 status |
| pankso@1 | 107 } |
| pankso@1 | 108 |
| pankso@1 | 109 # Mail body. |
| pankso@8 | 110 mail_new_account() { |
| pankso@1 | 111 cat << EOT |
| pankso@1 | 112 From: SliSH <shell@${domain}> |
| pankso@1 | 113 To: $mail |
| pankso@1 | 114 Date: $(date '+%a, %d %b %Y %H:%M:%S %z') |
| pankso@1 | 115 Subject: SliSH - Account created |
| pankso@1 | 116 Content-Type: text/plain; charset=utf-8 |
| pankso@1 | 117 Content-Transfer-Encoding: 8bit |
| pankso@1 | 118 |
| pankso@1 | 119 Hi, |
| pankso@1 | 120 |
| pankso@1 | 121 Your custom SliTaz GNU/Linux SHell is ready to use! You can login with: |
| pankso@1 | 122 |
| pankso@1 | 123 $ ssh ${user}@${domain} |
| pankso@1 | 124 |
| pankso@1 | 125 Visit http://slish.in and http://www.slitaz.org for the latest news about |
| pankso@1 | 126 both projects. |
| pankso@1 | 127 |
| pankso@1 | 128 Happy SliTaz :-) |
| pankso@1 | 129 |
| pankso@1 | 130 --- |
| pankso@1 | 131 Sent by the SliSH Mailer |
| pankso@1 | 132 |
| pankso@1 | 133 EOT |
| pankso@1 | 134 } |
| pankso@1 | 135 |
| pankso@1 | 136 # Add a new SliSH user |
| pankso@1 | 137 add_user() { |
| pankso@1 | 138 home="$root/home/$user" |
| pankso@1 | 139 shell="/usr/bin/slish" |
| pankso@1 | 140 |
| pankso@1 | 141 if grep -q ^${user}: /etc/passwd; then |
| pankso@1 | 142 newline |
| pankso@1 | 143 echo -n "User already exists: "; colorize 31 "$user" |
| pankso@6 | 144 rm -rf ${queue}/${user} |
| pankso@6 | 145 newline && exit 1 |
| pankso@1 | 146 fi |
| pankso@6 | 147 |
| pankso@1 | 148 newline |
| pankso@1 | 149 echo -n "$(boldify 'Creating user:') "; colorize 32 "$user" |
| pankso@1 | 150 separator |
| pankso@1 | 151 echo -e "$pass\n$pass" | adduser -h "$home" -g "SliSH User" \ |
| pankso@1 | 152 -s ${shell} ${user} >/dev/null |
| pankso@1 | 153 |
| pankso@1 | 154 # Add user to chroot /etc/passwd |
| pankso@1 | 155 if ! grep -q ^${user}: ${root}/etc/passwd; then |
| pankso@1 | 156 echo -n "Adding $user to: $root" |
| pankso@1 | 157 grep "^$user:" /etc/passwd >> ${root}/etc/passwd |
| pankso@1 | 158 grep "^$user:" /etc/group >> ${root}/etc/group |
| pankso@1 | 159 sed -i s"!$root!!" ${root}/etc/passwd |
| pankso@1 | 160 status |
| pankso@1 | 161 fi |
| pankso@1 | 162 |
| pankso@1 | 163 # We don't want any files from /etc/skel. |
| pankso@1 | 164 echo -n "Cleaning home and creating: ~/.ssh" |
| pankso@1 | 165 rm -rf ${home} && mkdir -p ${home}/.ssh |
| pankso@1 | 166 status |
| pankso@1 | 167 |
| pankso@1 | 168 # Let a web server access an eventual ~/Public dir |
| pankso@1 | 169 echo -n "Changing mode on user home..." |
| pankso@1 | 170 chown -R ${user}.${user} ${home} |
| pankso@1 | 171 chown ${user}.www ${home} |
| pankso@1 | 172 chmod 0750 ${home} |
| pankso@1 | 173 chmod 0700 ${home}/.ssh |
| pankso@1 | 174 status |
| pankso@1 | 175 user_config |
| pankso@6 | 176 |
| pankso@1 | 177 # Send mail to notify user account creation |
| pankso@1 | 178 if [ -x /usr/sbin/sendmail ]; then |
| pankso@1 | 179 echo -n "Sending mail to: $mail" |
| pankso@8 | 180 mail_new_account | /usr/sbin/sendmail -f "shell@${domain}" "$mail" |
| pankso@1 | 181 status |
| pankso@1 | 182 fi |
| pankso@1 | 183 separator && newline |
| pankso@1 | 184 } |
| pankso@1 | 185 |
| pankso@6 | 186 # Add all users from the signup queue |
| pankso@6 | 187 add_queued_user() { |
| pankso@6 | 188 for user in $(ls ${queue}) |
| pankso@6 | 189 do |
| pankso@6 | 190 . ${queue}/${user}/account.conf |
| pankso@6 | 191 pass=$(cat ${queue}/${user}/passwd | base64 -d) |
| pankso@6 | 192 add_user |
| pankso@6 | 193 rm -rf ${queue}/${user} |
| pankso@6 | 194 done |
| pankso@6 | 195 } |
| pankso@6 | 196 |
| pankso@1 | 197 # Delete a SliSH user |
| pankso@1 | 198 del_user() { |
| pankso@1 | 199 home="$root/home/$user" |
| pankso@1 | 200 if [ ! -d "$home" ] || [ ! "$user" ]; then |
| pankso@1 | 201 newline |
| pankso@1 | 202 echo "Missing --user= name option or invalid user name" |
| pankso@1 | 203 newline && exit 0 |
| pankso@1 | 204 fi |
| pankso@1 | 205 newline |
| pankso@1 | 206 echo "$(boldify 'Deleting user:') $(colorize 32 "$user")" |
| pankso@1 | 207 separator |
| pankso@7 | 208 echo -n "Removing user account from $(hostname) server" |
| pankso@1 | 209 deluser "$user"; status |
| pankso@1 | 210 sed -i "/^$user:/"d ${root}/etc/passwd |
| pankso@1 | 211 sed -i "/^$user:/"d ${root}/etc/group |
| pankso@1 | 212 echo -n "Removing all files in : $home" |
| pankso@1 | 213 rm -rf ${home} ; status |
| pankso@1 | 214 echo -n "Removing user config : $people/$user" |
| pankso@1 | 215 rm -rf "${people}/${user}" ; status |
| pankso@1 | 216 separator && newline |
| pankso@1 | 217 } |
| pankso@1 | 218 |
| pankso@1 | 219 # Create a minimal chroot environment |
| pankso@1 | 220 gen_chroot() { |
| pankso@1 | 221 [ "$clean" ] && clean_chroot |
| pankso@1 | 222 if [ -d "$root/bin" ]; then |
| paul@5 | 223 echo "A chroot already exists: Use -cc command or --clean option" |
| pankso@1 | 224 exit 1 |
| pankso@1 | 225 fi |
| pankso@1 | 226 [ "$clean" ] || newline |
| pankso@1 | 227 boldify "Creating chroot in: $root" |
| pankso@1 | 228 separator |
| pankso@1 | 229 mkdir -p ${root} |
| pankso@1 | 230 for pkg in ${chrootpkgs} |
| pankso@1 | 231 do |
| pankso@1 | 232 echo -n "Installing: $pkg" |
| pankso@1 | 233 tazpkg -gi ${pkg} --root=${root} >/dev/null |
| pankso@1 | 234 status |
| pankso@1 | 235 done |
| pankso@1 | 236 echo -n "Installing: /bin/slish.sh" |
| pankso@1 | 237 install -m 0755 ${data}/slish.sh ${root}/bin |
| pankso@1 | 238 cp -a /etc/resolv.conf ${root}/etc |
| pankso@1 | 239 status |
| pankso@1 | 240 separator && newline |
| pankso@1 | 241 } |
| pankso@1 | 242 |
| pankso@1 | 243 # Clean up a chroot environment |
| pankso@1 | 244 clean_chroot() { |
| pankso@1 | 245 if [ ! -d "$root/bin" ]; then |
| pankso@1 | 246 echo "No chroot found in: $root" && exit 0 |
| pankso@1 | 247 fi |
| pankso@1 | 248 newline |
| pankso@1 | 249 boldify "Cleaning: $root" |
| pankso@1 | 250 separator |
| pankso@1 | 251 cd ${root} |
| pankso@1 | 252 for dir in * |
| pankso@1 | 253 do |
| pankso@1 | 254 size=$(du -sh $dir | awk '{print $1}') |
| pankso@1 | 255 case "$dir" in |
| pankso@1 | 256 etc|home|root|lost*) continue ;; |
| pankso@1 | 257 *) |
| pankso@1 | 258 echo -n "Removing: $dir $size" |
| pankso@1 | 259 rm -rf ${dir} ; status ;; |
| pankso@1 | 260 esac |
| pankso@1 | 261 done && separator && newline |
| pankso@1 | 262 } |
| pankso@1 | 263 |
| pankso@1 | 264 # |
| pankso@1 | 265 # Handle commands |
| pankso@1 | 266 # |
| pankso@1 | 267 |
| pankso@1 | 268 case "$1" in |
| pankso@6 | 269 info) |
| pankso@1 | 270 check_root |
| pankso@6 | 271 newline |
| pankso@6 | 272 boldify "Info" |
| pankso@6 | 273 separator |
| pankso@6 | 274 echo -n "Chroot size : " && du -sh ${root} |
| pankso@6 | 275 echo -n "Users accounts : " && ls -1 ${people} | wc -l |
| pankso@6 | 276 echo -n "Signup queue : " && ls -1 ${queue} | wc -l |
| pankso@6 | 277 separator && newline ;; |
| pankso@6 | 278 last) |
| pankso@6 | 279 check_root |
| pankso@6 | 280 newline |
| pankso@6 | 281 boldify "Last users" |
| pankso@6 | 282 separator |
| pankso@6 | 283 tac ${activity} | head -n 20 |
| pankso@6 | 284 separator && newline ;; |
| pankso@7 | 285 users) |
| pankso@7 | 286 check_root |
| pankso@7 | 287 newline |
| pankso@7 | 288 boldify "Users list" |
| pankso@7 | 289 separator |
| pankso@7 | 290 for user in $(ls ${people}) |
| pankso@7 | 291 do |
| pankso@7 | 292 . ${people}/${user}/account.conf |
| pankso@7 | 293 echo -n "$(colorize 34 "$user")" |
| pankso@7 | 294 echo -n "$(indent 20 "$NAME")" && indent 46 "<$MAIL>" |
| pankso@7 | 295 done |
| pankso@7 | 296 separator && newline ;; |
| pankso@1 | 297 setup) |
| pankso@1 | 298 check_root |
| pankso@1 | 299 setup ;; |
| pankso@1 | 300 adduser) |
| pankso@6 | 301 # We can adduser from cmdline or from the signup queue |
| pankso@1 | 302 check_root |
| pankso@6 | 303 if [ "$from-queu" ]; then |
| pankso@6 | 304 add_queued_user |
| pankso@6 | 305 else |
| pankso@6 | 306 add_user |
| pankso@6 | 307 fi ;; |
| pankso@1 | 308 deluser) |
| pankso@1 | 309 check_root |
| pankso@1 | 310 del_user ;; |
| pankso@1 | 311 -gc|gen-chroot) |
| pankso@1 | 312 check_root |
| pankso@1 | 313 gen_chroot ;; |
| pankso@1 | 314 -cc|clean-chroot) |
| pankso@1 | 315 check_root |
| pankso@1 | 316 clean_chroot ;; |
| pankso@1 | 317 -c|chroot) |
| pankso@1 | 318 echo "Chrooting to: $root" |
| pankso@1 | 319 chroot ${root} /bin/sh |
| pankso@1 | 320 echo "Exiting from: $root" ;; |
| pankso@6 | 321 -lq|list-queue) |
| pankso@6 | 322 # Check online signup queue but do nothing |
| pankso@8 | 323 for user in $(ls ${queue}) |
| pankso@1 | 324 do |
| pankso@6 | 325 show_queued_user |
| pankso@6 | 326 done |
| pankso@6 | 327 echo "" ;; |
| pankso@1 | 328 *) |
| pankso@6 | 329 # /usr/bin/slish is executed on login to chroot the user |
| pankso@1 | 330 if [ -d "$root/home/$USER" ]; then |
| pankso@1 | 331 . ${people}/"$USER"/account.conf |
| pankso@1 | 332 log "Chrooting user: $USER" |
| pankso@1 | 333 ulimit $(echo "$ULIMIT") |
| pankso@6 | 334 exec chroot ${root} /bin/slish.sh "$@" |
| pankso@1 | 335 else |
| pankso@1 | 336 usage |
| pankso@1 | 337 fi ;; |
| pankso@1 | 338 esac |
| pankso@1 | 339 |
| pankso@1 | 340 exit 0 |