ssfs: ssfs-server annotate

ssfs annotate ssfs-server @ rev 60

Add ssfs-env (Small tool for chrooted users)

author	Christophe Lincoln <pankso@slitaz.org>
date	Sun Jun 12 22:31:08 2011 +0200 (2011-06-12)
parents	05124e30d932
children	e136f9af3729

rev	line source
pankso@4	1 #!/bin/sh
pankso@4	2 #
pankso@4	3 # SliTaz Secure File Storage server side tool.
pankso@4	4 #
pankso@4	5 # Copyright (C) SliTaz GNU/Linux - BSD License
pankso@4	6 # Author: Christophe Lincoln <pankso@slitaz.org>
pankso@4	7 #
pankso@4	8
pankso@4	9 app=$(basename $0)
pankso@4	10 [ -f "/etc/ssfs/$app.conf" ] && . /etc/ssfs/$app.conf
pankso@4	11 [ -f "./data/$app.conf" ] && . ./data/$app.conf
pankso@34	12 state=/var/lib/ssfs
pankso@34	13 share=/usr/share/ssfs
pankso@4	14
pankso@4	15 # Be sure we're root.
pankso@4	16 [ $(id -u) != 0 ] && gettext "You must be root to run:" && \
pankso@4	17 echo " $app" && exit 0
pankso@4	18
pankso@4	19 # Parse cmdline options.
pankso@4	20 for opt in $@
pankso@4	21 do
pankso@4	22 case "$opt" in
pankso@4	23 --login=*)
pankso@4	24 login=${opt#--login=} ;;
pankso@4	25 --id=*)
pankso@4	26 id=${opt#--id=} ;;
pankso@4	27 --pass=*)
pankso@4	28 pass=${opt#--pass=} ;;
pankso@4	29 --root=*)
pankso@4	30 root=${opt#--root=} ;;
pankso@13	31 --vdisk=*)
pankso@13	32 vdisk=${opt#--vdisk=} ;;
pankso@13	33 --size=*)
pankso@13	34 size=${opt#--size=} ;;
pankso@4	35 *)
pankso@4	36 continue ;;
pankso@4	37 esac
pankso@4	38 done
pankso@4	39
pankso@4	40 [ "$root" ] \|\| root=${SSFS_CHROOT}
pankso@13	41 [ "$vdisk" ] \|\| vdisk=${SSFS_VDISK}
pankso@13	42 [ "$size" ] \|\| size=${SSFS_SIZE}
pankso@4	43
pankso@4	44 #
pankso@4	45 # Functions
pankso@4	46 #
pankso@4	47
pankso@4	48 # Built-in help usage.
pankso@4	49 help() {
pankso@4	50 cat << EOT
pankso@4	51
pankso@4	52 $(echo -e "\033[1m$(gettext "Usage:")\033[0m") $app [command] [--option=]
pankso@4	53
pankso@4	54 $(echo -e "\033[1m$(gettext "Commands:")\033[0m")
pankso@60	55 help $(gettext "Display this short help usage.")
paul@12	56 users $(gettext "List user accounts and stats.")
pankso@4	57 adduser $(gettext "Add a user to the system with \$HOME in chroot.")
pankso@4	58 deluser $(gettext "Delete a user and remove \$HOME files.")
pankso@4	59 chroot $(gettext "Chroot to Ssfs storage root.")
pankso@13	60 gen-vdisk $(gettext "Create a vdisk with chroot for files storage.")
pankso@13	61 clean-vdisk $(gettext "Clean the vdisk but skip home and root.")
paul@33	62 check-vdisk $(gettext "Check the vdisk filesystem with e2fsck.")
paul@33	63 mount-vdisk $(gettext "Mount a ssfs virtual disk.")
pankso@13	64 umount-vdisk $(gettext "Unmount the vdisk and free loop device.")
pankso@55	65 note $(gettext "Write a public note for users.")
pankso@4	66
pankso@4	67 $(echo -e "\033[1m$(gettext "Options:")\033[0m")
paul@33	68 --login= $(gettext "Login name to add or del an user.")
pankso@4	69 --id= $(gettext "User id for adduser command.")
pankso@4	70 --pass= $(gettext "User password for adduser.")
pankso@13	71 --root= $(gettext "The path to the Ssfs vdisk chroot.")
pankso@13	72 --vdisk= $(gettext "Set the Ssfs vdisk path and name.")
pankso@13	73 --size= $(gettext "Set the ext3 vdisk size in Gb.")
pankso@4	74
pankso@4	75 EOT
pankso@4	76 }
pankso@4	77
pankso@4	78 status() {
pankso@4	79 [ $? = 0 ] && echo " OK"
pankso@4	80 [ $? = 1 ] && echo -e " ERROR\n" && exit 1
pankso@4	81 }
pankso@4	82
pankso@13	83 separator() {
pankso@13	84 echo "================================================================================"
pankso@13	85 }
pankso@13	86
pankso@13	87 # We have custom config when adding user to handle quota and user info.
pankso@4	88 user_paths() {
pankso@4	89 config=$SSFS_USERS/$login.conf
pankso@4	90 home=$root/./home/$login
pankso@4	91 }
pankso@4	92
pankso@4	93 user_info() {
pankso@4	94 cat << EOT
pankso@4	95
pankso@4	96 $(gettext "User login :") $login
pankso@4	97 $(gettext "User quota :") $QUOTA
pankso@4	98 $(gettext "Home usage :") $usage
pankso@4	99
pankso@4	100 EOT
pankso@4	101 }
pankso@4	102
pankso@4	103 user_config() {
pankso@4	104 gettext "Creating Ssfs user configuration file..."
pankso@4	105 cat > $config << EOT
pankso@4	106 # Ssfs user configuration file.
pankso@4	107
pankso@4	108 LOGIN="$login"
pankso@4	109 QUOTA="$DEFAULT_QUOTA"
pankso@4	110 EOT
pankso@4	111 chmod 0600 $config && status
pankso@4	112 echo ""
pankso@4	113 }
pankso@4	114
pankso@36	115 vdisk_config() {
pankso@36	116 cat > $root/etc/vdisk.conf << EOT
paul@59	117 # /etc/vdisk.conf: Ssfs virtual auto-generated config file.
pankso@36	118
pankso@36	119 VDATE="$date"
pankso@36	120 VSIZE="$size"
pankso@36	121 FILES="$files"
pankso@36	122 EOT
pankso@36	123 }
pankso@36	124
pankso@13	125 # Handle Ssfs virtual disk.
pankso@13	126 umount_vdisk() {
pankso@13	127 if mount \| fgrep -q $root; then
pankso@13	128 loop=$(mount \| fgrep $root \| awk '{print $1}')
pankso@13	129 gettext "Unmounting Ssfs vdisk:"; echo " $vdisk"
pankso@13	130 umount $root && sleep 1
pankso@13	131 gettext "Detaching loop device:"; echo " $loop"
pankso@13	132 losetup -d $loop
pankso@13	133 else
pankso@13	134 gettext "Ssfs vdisk is not mounted:"; echo " $vdisk"
pankso@13	135 fi
pankso@13	136 }
pankso@13	137
pankso@13	138 mount_vdisk() {
pankso@15	139 if ! mount \| fgrep -q $root; then
pankso@15	140 [ -d "$root" ] \|\| mkdir -p $root
pankso@15	141 gettext "Mounting virtual disk:"
pankso@15	142 mount -o loop -t ext3 $vdisk $root
pankso@15	143 else
pankso@15	144 gettext "Ssfs vdisk is already mounted:"
pankso@15	145 fi
pankso@15	146 echo " $vdisk $root"
pankso@13	147 }
pankso@13	148
pankso@4	149 #
pankso@4	150 # Commands
pankso@4	151 #
pankso@4	152
pankso@4	153 case "$1" in
pankso@4	154 users)
pankso@4	155 gettext -e "\nChecking:"; echo " /etc/passwd"
pankso@4	156 fgrep "Ssfs User" /etc/passwd \| while read line
pankso@4	157 do
pankso@4	158 login=$(echo $line \| cut -d ":" -f 1)
pankso@4	159 home="$root/home/$login"
pankso@4	160 usage=$(du -sm $home \| awk '{print $1}')
pankso@4	161 config=$SSFS_USERS/$login.conf
pankso@4	162 . $config \|\| gettext -e "WARNING: No config file\n"
pankso@4	163 user_info
pankso@4	164 done
pankso@4	165 users=$(ls $SSFS_USERS \| wc -l)
pankso@4	166 gettext "Users:"; echo -e " $users\n" ;;
pankso@4	167 adduser)
pankso@4	168 # Add a Ssfs user to the system with $HOME in chroot.
pankso@4	169 [ -z "$login" ] && gettext -e "Missing user login name.\n" && exit 0
pankso@4	170 [ -z "$id" ] && gettext -e "Missing user id.\n" && exit 0
pankso@4	171 [ -z "$pass" ] && gettext -e "Missing user password.\n" && exit 0
pankso@4	172 user_paths
pankso@29	173
pankso@29	174 # We need chroot command allowed for users to chroot them on SSH
paul@33	175 # login. Ssfs users have /bin/ssfs-sh as SHell.
pankso@29	176 grep -q ^chroot /etc/busybox.conf \|\|
pankso@29	177 echo 'chroot = ssx root.root' >> /etc/busybox.conf
pankso@4	178
pankso@4	179 gettext -e "\nChecking:"; echo " /etc/passwd"
pankso@4	180 if grep ^$login: /etc/passwd; then
paul@12	181 gettext -e "Exiting, user already exists:"
pankso@4	182 echo -e " $login\n" && exit 0
pankso@4	183 fi
pankso@29	184
pankso@4	185 gettext "Creating user: $login..."
pankso@4	186 echo -e "$pass\n$pass" \| \
pankso@29	187 adduser -h "$home" -g "Ssfs User" -u $id \
pankso@29	188 -s /bin/ssfs-sh $login >/dev/null
pankso@4	189 status
pankso@29	190
pankso@29	191 # Add user to chroot /etc/passwd
pankso@29	192 gettext "Checking vdisk chroot:"; echo " $root/etc/passwd"
pankso@29	193 if ! grep -q ^$login: $root/etc/passwd; then
pankso@29	194 echo "$login:x:$id:$id:Ssfs User:/home/$login:/bin/sh" >> \
pankso@29	195 $root/etc/passwd
pankso@29	196 fi
pankso@4	197
paul@12	198 # We don't want any files from /etc/skel.
pankso@4	199 gettext "Cleaning home and creating: Sync/..."
pankso@15	200 rm -rf $home && mkdir -p $home/Sync $home/.ssh && status
pankso@4	201 gettext "Changing mode on user home: 0700..."
pankso@4	202 chown -R $login.$login $home
pankso@4	203 chmod 0700 $home && status
pankso@4	204
paul@12	205 # Create a custom config per user in SSFS_USERS.
pankso@4	206 [ ! -d "$SSFS_USERS" ] && mkdir -p $SSFS_USERS
pankso@4	207 user_config ;;
pankso@4	208 deluser)
pankso@4	209 [ -z "$login" ] && gettext -e "Missing user login name.\n" && exit 0
pankso@4	210 user_paths
pankso@4	211 gettext -e "\nDeleting user:"; echo -n " $login..."
pankso@29	212 sed -i /^$login:/d $root/etc/passwd
pankso@4	213 deluser $login \|\| status && status
pankso@4	214 gettext "Removing all files in:"; echo -n " $home..."
pankso@4	215 rm -rf $home && status
pankso@4	216 gettext "Removing user config:"; echo -n " $login.conf..."
pankso@4	217 rm -rf $config && status
pankso@4	218 echo "" ;;
pankso@4	219 chroot)
pankso@4	220 gettext -e "\nChanging root to:"; echo -e " $root\n"
pankso@4	221 chroot $root
pankso@4	222 gettext -e "\nBack to the host system:"
pankso@4	223 echo -e " $(hostname)\n" ;;
pankso@36	224 note)
pankso@36	225 # Admin notes for users and displayed on the web interface.
pankso@36	226 note="$2"
pankso@36	227 date=$(date "+%Y-%m-%d %H:%M")
pankso@36	228 if [ "$note" ]; then
pankso@36	229 gettext "Adding note to:"; echo " $state/notes"
pankso@36	230 echo "$date : $note" >> $state/notes
pankso@36	231 fi ;;
pankso@13	232 gen-vdisk)
pankso@35	233 # Generate a virtual disk with a minimal chroot for Ssfs users home.
pankso@34	234 rootfs=$share/rootfs
pankso@4	235 if [ -d "$root/bin" ]; then
pankso@34	236 gettext "A chroot already exists in:"; echo " $root"
pankso@34	237 exit 0
pankso@34	238 fi
pankso@34	239 if [ ! -f "$rootfs/etc/busybox.conf" ]; then
pankso@34	240 gettext "Missing package ssfs-busybox"; echo
pankso@4	241 exit 0
pankso@4	242 fi
pankso@13	243 echo ""
pankso@34	244 gettext "Creating Sshs vdisk minimal chroot"; echo
pankso@13	245 separator
pankso@34	246 echo "Chroot path: $root"
pankso@34	247
pankso@13	248 # Create vdisk if missing.
pankso@13	249 if [ ! -f "$vdisk" ]; then
pankso@13	250 gettext "Creating virtual disk:"; echo " $vdisk ${size}Gb"
pankso@13	251 dd if=/dev/zero of=$vdisk bs=1G count=$size
pankso@23	252 chmod 0600 $vdisk && du -sh $vdisk
pankso@13	253 gettext "Creating ext3 filesystem..."
pankso@13	254 mkfs.ext3 -q -T ext3 -L "Ssfs" -F $vdisk
pankso@13	255 status
pankso@13	256 mount_vdisk
pankso@13	257 fi
pankso@13	258
paul@33	259 # Create a radically minimal chroot with all libs in /lib.
pankso@13	260 gettext "Creating base files..."
pankso@13	261 mkdir -p $root && cd $root
pankso@34	262 for d in etc lib home root
pankso@13	263 do
pankso@13	264 mkdir -p $d
pankso@13	265 done && status
pankso@34	266
pankso@34	267 # /etc files.
pankso@34	268 cp -f /etc/slitaz-release $root/etc
pankso@34	269 if [ ! -f "$root/etc/passwd" ]; then
pankso@34	270 echo "root:x:0:0:root:/root:/bin/sh" > $root/etc/passwd
pankso@34	271 echo "root::13525:0:99999:7:::" > $root/etc/shadow
pankso@34	272 echo "root:x:0:" > $root/etc/group
pankso@34	273 echo "root:*::" > $root/etc/gshadow
pankso@34	274 fi
pankso@34	275
pankso@34	276 # /dev nodes.
pankso@29	277 #mknod -m 666 $root/dev/null c 1 3
pankso@34	278
pankso@34	279 # Ssfs Busybox package install files in $cache and allow easy vdisk
paul@59	280 # upgrade following SliTaz repo.
pankso@34	281 gettext "Installing Ssfs Busybox..."
pankso@34	282 cp -a $rootfs/* $root
pankso@4	283 status
pankso@13	284
pankso@34	285 gettext "Setting files permissions..."
pankso@34	286 chmod 0640 $root/etc/*shadow
pankso@35	287 chmod 0700 $root/root
pankso@34	288 chmod 4755 $root/bin/busybox
pankso@35	289 chmod 0600 $root/etc/busybox.conf
pankso@4	290 status
pankso@13	291
pankso@13	292 # Glib minimal libs, use host lib since package should be installed
pankso@45	293 # from same repo. ? libnss_compat*
pankso@13	294 gettext "Installing Glibc libraries..."
pankso@45	295 for l in ld-.so* libc-.so libc.so.* libnss_files*
pankso@13	296 do
pankso@13	297 cp -a /lib/$l* $root/lib
pankso@34	298 done && status
pankso@31	299
pankso@36	300 # Ssfs chroot SHell and declare vdisk config.
pankso@31	301 gettext "Installing Ssfs SHell..."
pankso@31	302 install -m 0755 /bin/ssfs-sh $root/bin
pankso@36	303 touch $root/etc/vdisk.conf
pankso@31	304 status
pankso@34	305
pankso@34	306 # List of all system files.
pankso@35	307 gettext "Creating the list of files... "
pankso@35	308 cd $root && rm -f $state/vdisk.files
pankso@34	309 for d in bin etc lib sbin
pankso@34	310 do
pankso@35	311 find ./$d \| sed s'/^.//' >> $state/vdisk.files
pankso@34	312 done
pankso@36	313 files=$(cat $state/vdisk.files \| wc -l)
pankso@36	314 echo "$files"
pankso@36	315
pankso@36	316 # Create chroot /etc/vdisk.conf
pankso@36	317 size=$(du -sh $vdisk \| awk '{print $1}')
pankso@36	318 used=$(du -sh $root \| awk '{print $1}')
pankso@36	319 date=$(date '+%Y-%m-%d %H:%M')
pankso@36	320 vdisk_config
pankso@35	321 separator
pankso@36	322 gettext "Vdisk used space:"; echo -e " $used - $date\n" ;;
pankso@13	323 mount-vdisk)
pankso@13	324 mount_vdisk ;;
pankso@13	325 umount-vdisk)
pankso@13	326 umount_vdisk ;;
pankso@15	327 check-vdisk)
pankso@15	328 # Check vdisk with e2fsck.
pankso@15	329 echo ""
pankso@15	330 gettext -e "Checking Ssfs virtual disk\n"
pankso@15	331 separator
pankso@15	332 gettext "Virtual disk : "; du -sh $vdisk
pankso@15	333 gettext "Filesystem usage : "; du -sh $root
pankso@15	334 gettext "Remounting vdisk read/only before e2fsck -p..."
pankso@15	335 mount -o remount,loop,ro $vdisk $root && status
pankso@15	336 e2fsck -p $vdisk
pankso@15	337 gettext "Remounting vdisk read/write..."
pankso@15	338 mount -o remount,loop,rw $vdisk $root && status
pankso@15	339 separator && echo "" ;;
pankso@13	340 clean-vdisk)
pankso@13	341 # clean up the vdisk storage chroot.
pankso@34	342 if [ ! -d "$root/bin" ] \|\| [ ! -d "$root/lib" ]; then
pankso@4	343 gettext -e "No chroot found in:"; echo " $root"
pankso@4	344 exit 0
pankso@4	345 fi
pankso@13	346 gettext -e "\nCleaning virtual disk\n"
pankso@13	347 separator
pankso@34	348 echo "Chroot path: $root"
pankso@4	349 cd $root
pankso@4	350 for dir in *
pankso@4	351 do
pankso@4	352 size=$(du -sh $dir \| awk '{print $1}')
pankso@4	353 case "$dir" in
pankso@34	354 etc\|home\|root\|lost*)
pankso@4	355 gettext "Skipping:"; echo " $dir $size *" ;;
pankso@4	356 *)
pankso@4	357 gettext "Removing:"; echo " $dir $size"
pankso@4	358 rm -rf $dir ;;
pankso@4	359 esac
pankso@13	360 done && separator && echo "" ;;
pankso@4	361 *)
pankso@4	362 help ;;
pankso@4	363 esac
pankso@4	364 exit 0

SliTaz Repositories

ssfs annotate ssfs-server @ rev 60