ssfs annotate ssfs-server @ rev 109
Remove ashism ==
| author | Pascal Bellard <pascal.bellard@slitaz.org> |
|---|---|
| date | Tue Feb 26 12:27:01 2019 +0100 (2019-02-26) |
| parents | f99275406656 |
| children |
| rev | line source |
|---|---|
| pankso@4 | 1 #!/bin/sh |
| pankso@4 | 2 # |
| pankso@73 | 3 # SliTaz Secure File Storage server side tool. Use virtual disk with a minimal |
| pankso@73 | 4 # chroot for more security and to protect server host. |
| pankso@4 | 5 # |
| pankso@4 | 6 # Copyright (C) SliTaz GNU/Linux - BSD License |
| pankso@4 | 7 # Author: Christophe Lincoln <pankso@slitaz.org> |
| pankso@4 | 8 # |
| pankso@4 | 9 |
| pankso@4 | 10 app=$(basename $0) |
| pankso@4 | 11 [ -f "/etc/ssfs/$app.conf" ] && . /etc/ssfs/$app.conf |
| pankso@4 | 12 [ -f "./data/$app.conf" ] && . ./data/$app.conf |
| pankso@34 | 13 state=/var/lib/ssfs |
| pankso@34 | 14 share=/usr/share/ssfs |
| pankso@4 | 15 |
| pankso@73 | 16 # Internationalization |
| pankso@73 | 17 . /usr/bin/gettext.sh |
| pankso@73 | 18 TEXTDOMAIN='ssfs' |
| pankso@73 | 19 export TEXTDOMAIN |
| pankso@73 | 20 |
| pankso@4 | 21 # Be sure we're root. |
| pankso@4 | 22 [ $(id -u) != 0 ] && gettext "You must be root to run:" && \ |
| pankso@4 | 23 echo " $app" && exit 0 |
| pankso@4 | 24 |
| pankso@4 | 25 # Parse cmdline options. |
| pankso@4 | 26 for opt in $@ |
| pankso@4 | 27 do |
| pankso@4 | 28 case "$opt" in |
| pankso@4 | 29 --login=*) |
| pankso@4 | 30 login=${opt#--login=} ;; |
| pankso@4 | 31 --id=*) |
| pankso@4 | 32 id=${opt#--id=} ;; |
| pankso@4 | 33 --pass=*) |
| pankso@4 | 34 pass=${opt#--pass=} ;; |
| pankso@4 | 35 --root=*) |
| pankso@4 | 36 root=${opt#--root=} ;; |
| pankso@13 | 37 --vdisk=*) |
| pankso@13 | 38 vdisk=${opt#--vdisk=} ;; |
| pankso@13 | 39 --size=*) |
| pankso@13 | 40 size=${opt#--size=} ;; |
| pankso@4 | 41 *) |
| pankso@4 | 42 continue ;; |
| pankso@4 | 43 esac |
| pankso@4 | 44 done |
| pankso@4 | 45 |
| pankso@4 | 46 [ "$root" ] || root=${SSFS_CHROOT} |
| pankso@13 | 47 [ "$vdisk" ] || vdisk=${SSFS_VDISK} |
| pankso@13 | 48 [ "$size" ] || size=${SSFS_SIZE} |
| pankso@4 | 49 |
| pankso@4 | 50 # |
| pankso@4 | 51 # Functions |
| pankso@4 | 52 # |
| pankso@4 | 53 |
| pankso@4 | 54 # Built-in help usage. |
| pankso@4 | 55 help() { |
| pankso@4 | 56 cat << EOT |
| pankso@4 | 57 |
| pankso@4 | 58 $(echo -e "\033[1m$(gettext "Usage:")\033[0m") $app [command] [--option=] |
| pankso@4 | 59 |
| pankso@4 | 60 $(echo -e "\033[1m$(gettext "Commands:")\033[0m") |
| pankso@60 | 61 help $(gettext "Display this short help usage.") |
| paul@12 | 62 users $(gettext "List user accounts and stats.") |
| pankso@4 | 63 adduser $(gettext "Add a user to the system with \$HOME in chroot.") |
| pankso@4 | 64 deluser $(gettext "Delete a user and remove \$HOME files.") |
| pankso@4 | 65 chroot $(gettext "Chroot to Ssfs storage root.") |
| pankso@13 | 66 gen-vdisk $(gettext "Create a vdisk with chroot for files storage.") |
| pankso@13 | 67 clean-vdisk $(gettext "Clean the vdisk but skip home and root.") |
| paul@33 | 68 check-vdisk $(gettext "Check the vdisk filesystem with e2fsck.") |
| pankso@64 | 69 up-vdisk $(gettext "Update a vdisk filesystem.") |
| paul@33 | 70 mount-vdisk $(gettext "Mount a ssfs virtual disk.") |
| pankso@13 | 71 umount-vdisk $(gettext "Unmount the vdisk and free loop device.") |
| pankso@55 | 72 note $(gettext "Write a public note for users.") |
| pankso@4 | 73 |
| pankso@4 | 74 $(echo -e "\033[1m$(gettext "Options:")\033[0m") |
| paul@103 | 75 --login= $(gettext "Login name to add or del a user.") |
| pankso@4 | 76 --id= $(gettext "User id for adduser command.") |
| pankso@4 | 77 --pass= $(gettext "User password for adduser.") |
| pankso@13 | 78 --root= $(gettext "The path to the Ssfs vdisk chroot.") |
| pankso@13 | 79 --vdisk= $(gettext "Set the Ssfs vdisk path and name.") |
| pankso@13 | 80 --size= $(gettext "Set the ext3 vdisk size in Gb.") |
| pankso@4 | 81 |
| pankso@4 | 82 EOT |
| pankso@4 | 83 } |
| pankso@4 | 84 |
| pankso@4 | 85 status() { |
| pankso@4 | 86 [ $? = 0 ] && echo " OK" |
| pankso@4 | 87 [ $? = 1 ] && echo -e " ERROR\n" && exit 1 |
| pankso@4 | 88 } |
| pankso@4 | 89 |
| pankso@13 | 90 separator() { |
| pankso@13 | 91 echo "================================================================================" |
| pankso@13 | 92 } |
| pankso@13 | 93 |
| pankso@13 | 94 # We have custom config when adding user to handle quota and user info. |
| pankso@4 | 95 user_paths() { |
| pankso@4 | 96 config=$SSFS_USERS/$login.conf |
| pankso@4 | 97 home=$root/./home/$login |
| pankso@4 | 98 } |
| pankso@4 | 99 |
| pankso@4 | 100 user_info() { |
| pankso@4 | 101 cat << EOT |
| pankso@4 | 102 |
| pankso@4 | 103 $(gettext "User login :") $login |
| pankso@4 | 104 $(gettext "User quota :") $QUOTA |
| pankso@4 | 105 $(gettext "Home usage :") $usage |
| pankso@4 | 106 |
| pankso@4 | 107 EOT |
| pankso@4 | 108 } |
| pankso@4 | 109 |
| pankso@4 | 110 user_config() { |
| pankso@4 | 111 gettext "Creating Ssfs user configuration file..." |
| pankso@4 | 112 cat > $config << EOT |
| pankso@4 | 113 # Ssfs user configuration file. |
| pankso@4 | 114 |
| pankso@4 | 115 LOGIN="$login" |
| pankso@4 | 116 QUOTA="$DEFAULT_QUOTA" |
| pankso@4 | 117 EOT |
| pankso@4 | 118 chmod 0600 $config && status |
| pankso@4 | 119 echo "" |
| pankso@4 | 120 } |
| pankso@4 | 121 |
| pankso@36 | 122 vdisk_config() { |
| pankso@36 | 123 cat > $root/etc/vdisk.conf << EOT |
| pankso@66 | 124 # /etc/vdisk.conf: Ssfs virtual disk auto-generated config file. |
| pankso@36 | 125 |
| pankso@36 | 126 VDATE="$date" |
| pankso@36 | 127 VSIZE="$size" |
| pankso@36 | 128 FILES="$files" |
| pankso@36 | 129 EOT |
| pankso@36 | 130 } |
| pankso@36 | 131 |
| pankso@13 | 132 # Handle Ssfs virtual disk. |
| pankso@13 | 133 umount_vdisk() { |
| slaxemulator@85 | 134 if mount | fgrep -q "$root "; then |
| slaxemulator@85 | 135 loop=$(mount | fgrep "$root " | awk '{print $1}') |
| pankso@13 | 136 gettext "Unmounting Ssfs vdisk:"; echo " $vdisk" |
| pankso@13 | 137 umount $root && sleep 1 |
| pankso@13 | 138 gettext "Detaching loop device:"; echo " $loop" |
| pankso@13 | 139 losetup -d $loop |
| pankso@13 | 140 else |
| pankso@13 | 141 gettext "Ssfs vdisk is not mounted:"; echo " $vdisk" |
| pankso@13 | 142 fi |
| pankso@13 | 143 } |
| pankso@13 | 144 |
| pankso@13 | 145 mount_vdisk() { |
| slaxemulator@85 | 146 if ! mount | fgrep -q "$root "; then |
| pankso@15 | 147 [ -d "$root" ] || mkdir -p $root |
| pankso@15 | 148 gettext "Mounting virtual disk:" |
| pankso@15 | 149 mount -o loop -t ext3 $vdisk $root |
| pankso@15 | 150 else |
| pankso@15 | 151 gettext "Ssfs vdisk is already mounted:" |
| pankso@15 | 152 fi |
| pankso@15 | 153 echo " $vdisk $root" |
| pankso@13 | 154 } |
| pankso@13 | 155 |
| pankso@4 | 156 # |
| pankso@4 | 157 # Commands |
| pankso@4 | 158 # |
| pankso@4 | 159 |
| pankso@4 | 160 case "$1" in |
| pankso@4 | 161 users) |
| pankso@76 | 162 echo "" && gettext "Checking:"; echo " /etc/passwd" |
| pankso@4 | 163 fgrep "Ssfs User" /etc/passwd | while read line |
| pankso@4 | 164 do |
| pankso@4 | 165 login=$(echo $line | cut -d ":" -f 1) |
| pankso@4 | 166 home="$root/home/$login" |
| pankso@4 | 167 usage=$(du -sm $home | awk '{print $1}') |
| pankso@4 | 168 config=$SSFS_USERS/$login.conf |
| pankso@76 | 169 . $config || gettext "WARNING: No config file" |
| pankso@4 | 170 user_info |
| pankso@4 | 171 done |
| pankso@4 | 172 users=$(ls $SSFS_USERS | wc -l) |
| pankso@4 | 173 gettext "Users:"; echo -e " $users\n" ;; |
| pankso@4 | 174 adduser) |
| pankso@4 | 175 # Add a Ssfs user to the system with $HOME in chroot. |
| pankso@76 | 176 [ -z "$login" ] && gettext "Missing user login name." && exit 0 |
| pankso@76 | 177 [ -z "$id" ] && gettext "Missing user id." && exit 0 |
| pankso@76 | 178 [ -z "$pass" ] && gettext "Missing user password." && exit 0 |
| pankso@4 | 179 user_paths |
| pankso@29 | 180 |
| pankso@29 | 181 # We need chroot command allowed for users to chroot them on SSH |
| paul@33 | 182 # login. Ssfs users have /bin/ssfs-sh as SHell. |
| pankso@29 | 183 grep -q ^chroot /etc/busybox.conf || |
| pankso@29 | 184 echo 'chroot = ssx root.root' >> /etc/busybox.conf |
| pankso@76 | 185 |
| pankso@76 | 186 echo "" |
| pankso@76 | 187 gettext "Checking:"; echo " /etc/passwd" |
| pankso@4 | 188 if grep ^$login: /etc/passwd; then |
| pankso@76 | 189 gettext "Exiting, user already exists:" |
| pankso@4 | 190 echo -e " $login\n" && exit 0 |
| pankso@4 | 191 fi |
| pankso@29 | 192 |
| pankso@4 | 193 gettext "Creating user: $login..." |
| pankso@4 | 194 echo -e "$pass\n$pass" | \ |
| pankso@29 | 195 adduser -h "$home" -g "Ssfs User" -u $id \ |
| pankso@29 | 196 -s /bin/ssfs-sh $login >/dev/null |
| pankso@4 | 197 status |
| pankso@29 | 198 |
| pankso@29 | 199 # Add user to chroot /etc/passwd |
| pankso@29 | 200 gettext "Checking vdisk chroot:"; echo " $root/etc/passwd" |
| pankso@29 | 201 if ! grep -q ^$login: $root/etc/passwd; then |
| pankso@29 | 202 echo "$login:x:$id:$id:Ssfs User:/home/$login:/bin/sh" >> \ |
| pankso@29 | 203 $root/etc/passwd |
| pankso@63 | 204 echo "$login:x:$id:" >> $root/etc/group |
| pankso@29 | 205 fi |
| pankso@4 | 206 |
| paul@12 | 207 # We don't want any files from /etc/skel. |
| pankso@4 | 208 gettext "Cleaning home and creating: Sync/..." |
| pankso@15 | 209 rm -rf $home && mkdir -p $home/Sync $home/.ssh && status |
| pankso@4 | 210 gettext "Changing mode on user home: 0700..." |
| pankso@4 | 211 chown -R $login.$login $home |
| pankso@4 | 212 chmod 0700 $home && status |
| pankso@4 | 213 |
| paul@12 | 214 # Create a custom config per user in SSFS_USERS. |
| pankso@4 | 215 [ ! -d "$SSFS_USERS" ] && mkdir -p $SSFS_USERS |
| pankso@4 | 216 user_config ;; |
| pankso@4 | 217 deluser) |
| pankso@76 | 218 [ -z "$login" ] && gettext "Missing user login name." && exit 0 |
| pankso@4 | 219 user_paths |
| pankso@76 | 220 echo "" |
| pankso@76 | 221 gettext "Deleting user:"; echo -n " $login..." |
| pankso@29 | 222 sed -i /^$login:/d $root/etc/passwd |
| pankso@63 | 223 sed -i /^$login:/d $root/etc/group |
| pankso@4 | 224 deluser $login || status && status |
| pankso@4 | 225 gettext "Removing all files in:"; echo -n " $home..." |
| pankso@4 | 226 rm -rf $home && status |
| pankso@4 | 227 gettext "Removing user config:"; echo -n " $login.conf..." |
| pankso@4 | 228 rm -rf $config && status |
| pankso@4 | 229 echo "" ;; |
| pankso@4 | 230 chroot) |
| pankso@76 | 231 echo "" |
| pankso@76 | 232 gettext "Changing root to:"; echo -e " $root\n" |
| pankso@4 | 233 chroot $root |
| pankso@76 | 234 echo "" |
| pankso@76 | 235 gettext "Back to the host system:" |
| pankso@4 | 236 echo -e " $(hostname)\n" ;; |
| pankso@36 | 237 note) |
| pankso@36 | 238 # Admin notes for users and displayed on the web interface. |
| pankso@36 | 239 note="$2" |
| pankso@36 | 240 date=$(date "+%Y-%m-%d %H:%M") |
| pankso@36 | 241 if [ "$note" ]; then |
| pankso@36 | 242 gettext "Adding note to:"; echo " $state/notes" |
| pankso@36 | 243 echo "$date : $note" >> $state/notes |
| pankso@36 | 244 fi ;; |
| pankso@13 | 245 gen-vdisk) |
| pankso@35 | 246 # Generate a virtual disk with a minimal chroot for Ssfs users home. |
| pankso@34 | 247 rootfs=$share/rootfs |
| pankso@4 | 248 if [ -d "$root/bin" ]; then |
| pankso@34 | 249 gettext "A chroot already exists in:"; echo " $root" |
| pankso@34 | 250 exit 0 |
| pankso@34 | 251 fi |
| pankso@34 | 252 if [ ! -f "$rootfs/etc/busybox.conf" ]; then |
| pankso@34 | 253 gettext "Missing package ssfs-busybox"; echo |
| pankso@4 | 254 exit 0 |
| pankso@4 | 255 fi |
| pankso@13 | 256 echo "" |
| pankso@34 | 257 gettext "Creating Sshs vdisk minimal chroot"; echo |
| pankso@13 | 258 separator |
| pankso@34 | 259 echo "Chroot path: $root" |
| pankso@34 | 260 |
| pankso@13 | 261 # Create vdisk if missing. |
| pankso@13 | 262 if [ ! -f "$vdisk" ]; then |
| pankso@13 | 263 gettext "Creating virtual disk:"; echo " $vdisk ${size}Gb" |
| pankso@13 | 264 dd if=/dev/zero of=$vdisk bs=1G count=$size |
| pankso@23 | 265 chmod 0600 $vdisk && du -sh $vdisk |
| pankso@13 | 266 gettext "Creating ext3 filesystem..." |
| pankso@13 | 267 mkfs.ext3 -q -T ext3 -L "Ssfs" -F $vdisk |
| pankso@13 | 268 status |
| pankso@13 | 269 mount_vdisk |
| pankso@13 | 270 fi |
| pankso@13 | 271 |
| paul@33 | 272 # Create a radically minimal chroot with all libs in /lib. |
| pankso@13 | 273 gettext "Creating base files..." |
| pankso@13 | 274 mkdir -p $root && cd $root |
| pankso@34 | 275 for d in etc lib home root |
| pankso@13 | 276 do |
| pankso@13 | 277 mkdir -p $d |
| pankso@13 | 278 done && status |
| pankso@34 | 279 |
| pankso@34 | 280 # /etc files. |
| pankso@34 | 281 cp -f /etc/slitaz-release $root/etc |
| pankso@34 | 282 if [ ! -f "$root/etc/passwd" ]; then |
| pankso@34 | 283 echo "root:x:0:0:root:/root:/bin/sh" > $root/etc/passwd |
| pankso@34 | 284 echo "root:x:0:" > $root/etc/group |
| pankso@34 | 285 fi |
| pankso@66 | 286 |
| paul@103 | 287 # Ssfs Busybox package installs files in $share and allows easy vdisk |
| paul@59 | 288 # upgrade following SliTaz repo. |
| pankso@66 | 289 gettext "Installing Ssfs root filesystem..." |
| pankso@34 | 290 cp -a $rootfs/* $root |
| pankso@4 | 291 status |
| pankso@13 | 292 |
| pankso@34 | 293 gettext "Setting files permissions..." |
| pankso@35 | 294 chmod 0700 $root/root |
| pankso@34 | 295 chmod 4755 $root/bin/busybox |
| pankso@35 | 296 chmod 0600 $root/etc/busybox.conf |
| pankso@4 | 297 status |
| pankso@13 | 298 |
| pankso@13 | 299 # Glib minimal libs, use host lib since package should be installed |
| pankso@45 | 300 # from same repo. ? libnss_compat* |
| pankso@13 | 301 gettext "Installing Glibc libraries..." |
| pankso@45 | 302 for l in ld-*.*so* libc-*.*so libc.so.* libnss_files* |
| pankso@13 | 303 do |
| pankso@13 | 304 cp -a /lib/$l* $root/lib |
| pankso@34 | 305 done && status |
| pankso@31 | 306 |
| pankso@36 | 307 # Ssfs chroot SHell and declare vdisk config. |
| pankso@66 | 308 gettext "Installing Ssfs SHell..." |
| pankso@31 | 309 install -m 0755 /bin/ssfs-sh $root/bin |
| pankso@36 | 310 touch $root/etc/vdisk.conf |
| pankso@31 | 311 status |
| pankso@34 | 312 |
| pankso@34 | 313 # List of all system files. |
| pankso@35 | 314 gettext "Creating the list of files... " |
| pankso@35 | 315 cd $root && rm -f $state/vdisk.files |
| pankso@62 | 316 for d in bin etc lib |
| pankso@34 | 317 do |
| pankso@35 | 318 find ./$d | sed s'/^.//' >> $state/vdisk.files |
| pankso@34 | 319 done |
| pankso@36 | 320 files=$(cat $state/vdisk.files | wc -l) |
| pankso@36 | 321 echo "$files" |
| pankso@36 | 322 |
| pankso@36 | 323 # Create chroot /etc/vdisk.conf |
| pankso@36 | 324 size=$(du -sh $vdisk | awk '{print $1}') |
| pankso@36 | 325 used=$(du -sh $root | awk '{print $1}') |
| pankso@36 | 326 date=$(date '+%Y-%m-%d %H:%M') |
| pankso@36 | 327 vdisk_config |
| pankso@35 | 328 separator |
| pankso@36 | 329 gettext "Vdisk used space:"; echo -e " $used - $date\n" ;; |
| pankso@13 | 330 mount-vdisk) |
| pankso@13 | 331 mount_vdisk ;; |
| pankso@13 | 332 umount-vdisk) |
| pankso@13 | 333 umount_vdisk ;; |
| pankso@15 | 334 check-vdisk) |
| pankso@15 | 335 # Check vdisk with e2fsck. |
| pankso@15 | 336 echo "" |
| pankso@76 | 337 gettext "Checking Ssfs virtual disk"; echo |
| pankso@15 | 338 separator |
| pankso@15 | 339 gettext "Virtual disk : "; du -sh $vdisk |
| pankso@15 | 340 gettext "Filesystem usage : "; du -sh $root |
| pankso@15 | 341 gettext "Remounting vdisk read/only before e2fsck -p..." |
| pankso@15 | 342 mount -o remount,loop,ro $vdisk $root && status |
| pankso@15 | 343 e2fsck -p $vdisk |
| pankso@15 | 344 gettext "Remounting vdisk read/write..." |
| pankso@15 | 345 mount -o remount,loop,rw $vdisk $root && status |
| pankso@15 | 346 separator && echo "" ;; |
| pankso@64 | 347 up-vdisk) |
| pankso@64 | 348 $0 clean-vdisk |
| pankso@64 | 349 $0 gen-vdisk ;; |
| pankso@13 | 350 clean-vdisk) |
| pankso@13 | 351 # clean up the vdisk storage chroot. |
| pankso@34 | 352 if [ ! -d "$root/bin" ] || [ ! -d "$root/lib" ]; then |
| pankso@76 | 353 gettext "No chroot found in:"; echo " $root" |
| pankso@4 | 354 exit 0 |
| pankso@4 | 355 fi |
| pankso@76 | 356 echo "" |
| pankso@76 | 357 gettext "Cleaning virtual disk\n" |
| pankso@13 | 358 separator |
| pankso@34 | 359 echo "Chroot path: $root" |
| pankso@4 | 360 cd $root |
| pankso@4 | 361 for dir in * |
| pankso@4 | 362 do |
| pankso@4 | 363 size=$(du -sh $dir | awk '{print $1}') |
| pankso@4 | 364 case "$dir" in |
| pankso@34 | 365 etc|home|root|lost*) |
| pankso@4 | 366 gettext "Skipping:"; echo " $dir $size *" ;; |
| pankso@4 | 367 *) |
| pankso@4 | 368 gettext "Removing:"; echo " $dir $size" |
| pankso@4 | 369 rm -rf $dir ;; |
| pankso@4 | 370 esac |
| pankso@13 | 371 done && separator && echo "" ;; |
| pankso@4 | 372 *) |
| pankso@4 | 373 help ;; |
| pankso@4 | 374 esac |
| pankso@4 | 375 exit 0 |