ssfs view ssfs-server @ rev 29

Add ssfs-sh - Ssfs SHell for chrooted users with minimal env vars, also needed since chroot drop user to / by default
author Christophe Lincoln <pankso@slitaz.org>
date Sun Jun 12 09:49:52 2011 +0200 (2011-06-12)
parents 6034fcc9741c
children d9e1240da61a
line source
1 #!/bin/sh
2 #
3 # SliTaz Secure File Storage server side tool.
4 #
5 # Copyright (C) SliTaz GNU/Linux - BSD License
6 # Author: Christophe Lincoln <pankso@slitaz.org>
7 #
8
9 app=$(basename $0)
10 cache=/var/cache/ssfs
11 [ -f "/etc/ssfs/$app.conf" ] && . /etc/ssfs/$app.conf
12 [ -f "./data/$app.conf" ] && . ./data/$app.conf
13
14 # Be sure we're root.
15 [ $(id -u) != 0 ] && gettext "You must be root to run:" && \
16 echo " $app" && exit 0
17
18 # Parse cmdline options.
19 for opt in $@
20 do
21 case "$opt" in
22 --login=*)
23 login=${opt#--login=} ;;
24 --id=*)
25 id=${opt#--id=} ;;
26 --pass=*)
27 pass=${opt#--pass=} ;;
28 --root=*)
29 root=${opt#--root=} ;;
30 --vdisk=*)
31 vdisk=${opt#--vdisk=} ;;
32 --size=*)
33 size=${opt#--size=} ;;
34 *)
35 continue ;;
36 esac
37 done
38
39 [ "$root" ] || root=${SSFS_CHROOT}
40 [ "$vdisk" ] || vdisk=${SSFS_VDISK}
41 [ "$size" ] || size=${SSFS_SIZE}
42
43 #
44 # Functions
45 #
46
47 # Built-in help usage.
48 help() {
49 cat << EOT
50
51 $(echo -e "\033[1m$(gettext "Usage:")\033[0m") $app [command] [--option=]
52
53 $(echo -e "\033[1m$(gettext "Commands:")\033[0m")
54 help $(gettext "Display this short usage.")
55 users $(gettext "List user accounts and stats.")
56 adduser $(gettext "Add a user to the system with \$HOME in chroot.")
57 deluser $(gettext "Delete a user and remove \$HOME files.")
58 chroot $(gettext "Chroot to Ssfs storage root.")
59 gen-vdisk $(gettext "Create a vdisk with chroot for files storage.")
60 clean-vdisk $(gettext "Clean the vdisk but skip home and root.")
61 check-vdisk $(gettext "Check vdisk filesystem with e2fsck.")
62 mount-vdisk $(gettext "Mount ssfs virtual disk.")
63 umount-vdisk $(gettext "Unmount the vdisk and free loop device.")
64
65 $(echo -e "\033[1m$(gettext "Options:")\033[0m")
66 --login= $(gettext "Login name for add or del an user.")
67 --id= $(gettext "User id for adduser command.")
68 --pass= $(gettext "User password for adduser.")
69 --root= $(gettext "The path to the Ssfs vdisk chroot.")
70 --vdisk= $(gettext "Set the Ssfs vdisk path and name.")
71 --size= $(gettext "Set the ext3 vdisk size in Gb.")
72
73 EOT
74 }
75
76 status() {
77 [ $? = 0 ] && echo " OK"
78 [ $? = 1 ] && echo -e " ERROR\n" && exit 1
79 }
80
81 separator() {
82 echo "================================================================================"
83 }
84
85 # We have custom config when adding user to handle quota and user info.
86 user_paths() {
87 config=$SSFS_USERS/$login.conf
88 home=$root/./home/$login
89 }
90
91 user_info() {
92 cat << EOT
93
94 $(gettext "User login :") $login
95 $(gettext "User quota :") $QUOTA
96 $(gettext "Home usage :") $usage
97
98 EOT
99 }
100
101 user_config() {
102 gettext "Creating Ssfs user configuration file..."
103 cat > $config << EOT
104 # Ssfs user configuration file.
105
106 LOGIN="$login"
107 QUOTA="$DEFAULT_QUOTA"
108 EOT
109 chmod 0600 $config && status
110 echo ""
111 }
112
113 # Handle Ssfs virtual disk.
114 umount_vdisk() {
115 if mount | fgrep -q $root; then
116 loop=$(mount | fgrep $root | awk '{print $1}')
117 gettext "Unmounting Ssfs vdisk:"; echo " $vdisk"
118 umount $root && sleep 1
119 gettext "Detaching loop device:"; echo " $loop"
120 losetup -d $loop
121 else
122 gettext "Ssfs vdisk is not mounted:"; echo " $vdisk"
123 fi
124 }
125
126 mount_vdisk() {
127 if ! mount | fgrep -q $root; then
128 [ -d "$root" ] || mkdir -p $root
129 gettext "Mounting virtual disk:"
130 mount -o loop -t ext3 $vdisk $root
131 else
132 gettext "Ssfs vdisk is already mounted:"
133 fi
134 echo " $vdisk $root"
135 }
136
137 #
138 # Commands
139 #
140
141 case "$1" in
142 users)
143 gettext -e "\nChecking:"; echo " /etc/passwd"
144 fgrep "Ssfs User" /etc/passwd | while read line
145 do
146 login=$(echo $line | cut -d ":" -f 1)
147 home="$root/home/$login"
148 usage=$(du -sm $home | awk '{print $1}')
149 config=$SSFS_USERS/$login.conf
150 . $config || gettext -e "WARNING: No config file\n"
151 user_info
152 done
153 users=$(ls $SSFS_USERS | wc -l)
154 gettext "Users:"; echo -e " $users\n" ;;
155 adduser)
156 # Add a Ssfs user to the system with $HOME in chroot.
157 [ -z "$login" ] && gettext -e "Missing user login name.\n" && exit 0
158 [ -z "$id" ] && gettext -e "Missing user id.\n" && exit 0
159 [ -z "$pass" ] && gettext -e "Missing user password.\n" && exit 0
160 user_paths
161
162 # We need chroot command allowed for users to chroot them on SSH
163 # login. Ssfs user have /bin/ssfs-sh as SHell.
164 grep -q ^chroot /etc/busybox.conf ||
165 echo 'chroot = ssx root.root' >> /etc/busybox.conf
166
167 gettext -e "\nChecking:"; echo " /etc/passwd"
168 if grep ^$login: /etc/passwd; then
169 gettext -e "Exiting, user already exists:"
170 echo -e " $login\n" && exit 0
171 fi
172
173 gettext "Creating user: $login..."
174 echo -e "$pass\n$pass" | \
175 adduser -h "$home" -g "Ssfs User" -u $id \
176 -s /bin/ssfs-sh $login >/dev/null
177 status
178
179 # Add user to chroot /etc/passwd
180 gettext "Checking vdisk chroot:"; echo " $root/etc/passwd"
181 if ! grep -q ^$login: $root/etc/passwd; then
182 echo "$login:x:$id:$id:Ssfs User:/home/$login:/bin/sh" >> \
183 $root/etc/passwd
184 fi
185
186 # We don't want any files from /etc/skel.
187 gettext "Cleaning home and creating: Sync/..."
188 rm -rf $home && mkdir -p $home/Sync $home/.ssh && status
189 gettext "Changing mode on user home: 0700..."
190 chown -R $login.$login $home
191 chmod 0700 $home && status
192
193 # Create a custom config per user in SSFS_USERS.
194 [ ! -d "$SSFS_USERS" ] && mkdir -p $SSFS_USERS
195 user_config ;;
196 deluser)
197 [ -z "$login" ] && gettext -e "Missing user login name.\n" && exit 0
198 user_paths
199 gettext -e "\nDeleting user:"; echo -n " $login..."
200 sed -i /^$login:/d $root/etc/passwd
201 deluser $login || status && status
202 gettext "Removing all files in:"; echo -n " $home..."
203 rm -rf $home && status
204 gettext "Removing user config:"; echo -n " $login.conf..."
205 rm -rf $config && status
206 echo "" ;;
207 chroot)
208 gettext -e "\nChanging root to:"; echo -e " $root\n"
209 chroot $root
210 gettext -e "\nBack to the host system:"
211 echo -e " $(hostname)\n" ;;
212 gen-vdisk)
213 # Generated a virtual disk with a minimal chroot for Ssfs users home.
214 if [ -d "$root/bin" ]; then
215 gettext -e "A chroot already exists in:"; echo " $root"
216 exit 0
217 fi
218 echo ""
219 gettext "Creating chroot in:"; echo " $root"
220 separator
221
222 # Create vdisk if missing.
223 if [ ! -f "$vdisk" ]; then
224 gettext "Creating virtual disk:"; echo " $vdisk ${size}Gb"
225 dd if=/dev/zero of=$vdisk bs=1G count=$size
226 chmod 0600 $vdisk && du -sh $vdisk
227 gettext "Creating ext3 filesystem..."
228 mkfs.ext3 -q -T ext3 -L "Ssfs" -F $vdisk
229 status
230 mount_vdisk
231 fi
232
233 # Create a radicaly minimal chroot with all libs in /lib.
234 gettext "Creating base files..."
235 mkdir -p $root && cd $root
236 for d in etc tmp lib usr home root
237 do
238 mkdir -p $d
239 done && status
240 cp -a /etc/slitaz-release $root/etc
241 #cp -a /etc/nsswitch.conf $root/etc
242 echo "root:x:0:0:root:/root:/bin/sh" > etc/passwd
243 echo "root::13525:0:99999:7:::" > etc/shadow
244 echo "root:x:0:" > etc/group
245 echo "root:*::" > etc/gshadow
246 #mknod -m 666 $root/dev/null c 1 3
247
248 gettext "Setting files permissions..."
249 chmod 640 etc/shadow etc/gshadow
250 chmod 0700 root && chmod 1777 tmp
251 status
252
253 # Busybox without deps (get && extract). No system comands are allowed
254 # in /etc/busybox.conf to restrict SSHed users.
255 gettext "Installing Busybox..."
256 cd $root/tmp
257 tazpkg get busybox >/dev/null
258 tazpkg extract busybox-* >/dev/null
259 rm -rf fs && mv -f busybox-*/fs . && rm -rf busybox-*
260 cp -a fs/bin fs/sbin $root
261 cp -a fs/usr/bin fs/usr/sbin $root/usr
262 rm -rf fs && chmod 4755 $root/bin/busybox
263 status
264 gettext "Creatin restrictive Busybox config file..."
265 echo '# /etc/busybox.conf: Ssfs Busybox configuration.' \
266 > $root/etc/busybox.conf
267 echo -e "\n[SUID]" >> $root/etc/busybox.conf
268 echo -e "su = --- root.root" >> $root/etc/busybox.conf
269 chmod 0600 $root/etc/busybox.conf
270 status
271
272 # Glib minimal libs, use host lib since package should be installed
273 # from same repo.
274 gettext "Installing Glibc libraries..."
275 for l in ld-*.*so* libc-*.*so libc.so.* libnss_files*
276 do
277 cp -a /lib/$l* $root/lib
278 done && status
279 size=$(du -sh $root | awk '{print $1}')
280 separator
281 gettext "Vdisk used space:"; echo -e " $size\n" ;;
282 mount-vdisk)
283 mount_vdisk ;;
284 umount-vdisk)
285 umount_vdisk ;;
286 check-vdisk)
287 # Check vdisk with e2fsck.
288 echo ""
289 gettext -e "Checking Ssfs virtual disk\n"
290 separator
291 gettext "Virtual disk : "; du -sh $vdisk
292 gettext "Filesystem usage : "; du -sh $root
293 gettext "Remounting vdisk read/only before e2fsck -p..."
294 mount -o remount,loop,ro $vdisk $root && status
295 e2fsck -p $vdisk
296 gettext "Remounting vdisk read/write..."
297 mount -o remount,loop,rw $vdisk $root && status
298 separator && echo "" ;;
299 clean-vdisk)
300 # clean up the vdisk storage chroot.
301 if [ ! -d "$root/bin" ] || [ ! -d "$root/usr" ]; then
302 gettext -e "No chroot found in:"; echo " $root"
303 exit 0
304 fi
305 gettext -e "\nCleaning virtual disk\n"
306 separator
307 gettext "Changing directory to:"; echo " $root"
308 cd $root
309 for dir in *
310 do
311 size=$(du -sh $dir | awk '{print $1}')
312 case "$dir" in
313 home|root|lost*)
314 gettext "Skipping:"; echo " $dir $size *" ;;
315 *)
316 gettext "Removing:"; echo " $dir $size"
317 rm -rf $dir ;;
318 esac
319 done && separator && echo "" ;;
320 *)
321 help ;;
322 esac
323 exit 0