ssfs view ssfs-server @ rev 103

Tiny edits
author Paul Issott <paul@slitaz.org>
date Sun Apr 24 15:45:47 2016 +0100 (2016-04-24)
parents f99275406656
children
line source
1 #!/bin/sh
2 #
3 # SliTaz Secure File Storage server side tool. Use virtual disk with a minimal
4 # chroot for more security and to protect server host.
5 #
6 # Copyright (C) SliTaz GNU/Linux - BSD License
7 # Author: Christophe Lincoln <pankso@slitaz.org>
8 #
10 app=$(basename $0)
11 [ -f "/etc/ssfs/$app.conf" ] && . /etc/ssfs/$app.conf
12 [ -f "./data/$app.conf" ] && . ./data/$app.conf
13 state=/var/lib/ssfs
14 share=/usr/share/ssfs
16 # Internationalization
17 . /usr/bin/gettext.sh
18 TEXTDOMAIN='ssfs'
19 export TEXTDOMAIN
21 # Be sure we're root.
22 [ $(id -u) != 0 ] && gettext "You must be root to run:" && \
23 echo " $app" && exit 0
25 # Parse cmdline options.
26 for opt in $@
27 do
28 case "$opt" in
29 --login=*)
30 login=${opt#--login=} ;;
31 --id=*)
32 id=${opt#--id=} ;;
33 --pass=*)
34 pass=${opt#--pass=} ;;
35 --root=*)
36 root=${opt#--root=} ;;
37 --vdisk=*)
38 vdisk=${opt#--vdisk=} ;;
39 --size=*)
40 size=${opt#--size=} ;;
41 *)
42 continue ;;
43 esac
44 done
46 [ "$root" ] || root=${SSFS_CHROOT}
47 [ "$vdisk" ] || vdisk=${SSFS_VDISK}
48 [ "$size" ] || size=${SSFS_SIZE}
50 #
51 # Functions
52 #
54 # Built-in help usage.
55 help() {
56 cat << EOT
58 $(echo -e "\033[1m$(gettext "Usage:")\033[0m") $app [command] [--option=]
60 $(echo -e "\033[1m$(gettext "Commands:")\033[0m")
61 help $(gettext "Display this short help usage.")
62 users $(gettext "List user accounts and stats.")
63 adduser $(gettext "Add a user to the system with \$HOME in chroot.")
64 deluser $(gettext "Delete a user and remove \$HOME files.")
65 chroot $(gettext "Chroot to Ssfs storage root.")
66 gen-vdisk $(gettext "Create a vdisk with chroot for files storage.")
67 clean-vdisk $(gettext "Clean the vdisk but skip home and root.")
68 check-vdisk $(gettext "Check the vdisk filesystem with e2fsck.")
69 up-vdisk $(gettext "Update a vdisk filesystem.")
70 mount-vdisk $(gettext "Mount a ssfs virtual disk.")
71 umount-vdisk $(gettext "Unmount the vdisk and free loop device.")
72 note $(gettext "Write a public note for users.")
74 $(echo -e "\033[1m$(gettext "Options:")\033[0m")
75 --login= $(gettext "Login name to add or del a user.")
76 --id= $(gettext "User id for adduser command.")
77 --pass= $(gettext "User password for adduser.")
78 --root= $(gettext "The path to the Ssfs vdisk chroot.")
79 --vdisk= $(gettext "Set the Ssfs vdisk path and name.")
80 --size= $(gettext "Set the ext3 vdisk size in Gb.")
82 EOT
83 }
85 status() {
86 [ $? = 0 ] && echo " OK"
87 [ $? = 1 ] && echo -e " ERROR\n" && exit 1
88 }
90 separator() {
91 echo "================================================================================"
92 }
94 # We have custom config when adding user to handle quota and user info.
95 user_paths() {
96 config=$SSFS_USERS/$login.conf
97 home=$root/./home/$login
98 }
100 user_info() {
101 cat << EOT
103 $(gettext "User login :") $login
104 $(gettext "User quota :") $QUOTA
105 $(gettext "Home usage :") $usage
107 EOT
108 }
110 user_config() {
111 gettext "Creating Ssfs user configuration file..."
112 cat > $config << EOT
113 # Ssfs user configuration file.
115 LOGIN="$login"
116 QUOTA="$DEFAULT_QUOTA"
117 EOT
118 chmod 0600 $config && status
119 echo ""
120 }
122 vdisk_config() {
123 cat > $root/etc/vdisk.conf << EOT
124 # /etc/vdisk.conf: Ssfs virtual disk auto-generated config file.
126 VDATE="$date"
127 VSIZE="$size"
128 FILES="$files"
129 EOT
130 }
132 # Handle Ssfs virtual disk.
133 umount_vdisk() {
134 if mount | fgrep -q "$root "; then
135 loop=$(mount | fgrep "$root " | awk '{print $1}')
136 gettext "Unmounting Ssfs vdisk:"; echo " $vdisk"
137 umount $root && sleep 1
138 gettext "Detaching loop device:"; echo " $loop"
139 losetup -d $loop
140 else
141 gettext "Ssfs vdisk is not mounted:"; echo " $vdisk"
142 fi
143 }
145 mount_vdisk() {
146 if ! mount | fgrep -q "$root "; then
147 [ -d "$root" ] || mkdir -p $root
148 gettext "Mounting virtual disk:"
149 mount -o loop -t ext3 $vdisk $root
150 else
151 gettext "Ssfs vdisk is already mounted:"
152 fi
153 echo " $vdisk $root"
154 }
156 #
157 # Commands
158 #
160 case "$1" in
161 users)
162 echo "" && gettext "Checking:"; echo " /etc/passwd"
163 fgrep "Ssfs User" /etc/passwd | while read line
164 do
165 login=$(echo $line | cut -d ":" -f 1)
166 home="$root/home/$login"
167 usage=$(du -sm $home | awk '{print $1}')
168 config=$SSFS_USERS/$login.conf
169 . $config || gettext "WARNING: No config file"
170 user_info
171 done
172 users=$(ls $SSFS_USERS | wc -l)
173 gettext "Users:"; echo -e " $users\n" ;;
174 adduser)
175 # Add a Ssfs user to the system with $HOME in chroot.
176 [ -z "$login" ] && gettext "Missing user login name." && exit 0
177 [ -z "$id" ] && gettext "Missing user id." && exit 0
178 [ -z "$pass" ] && gettext "Missing user password." && exit 0
179 user_paths
181 # We need chroot command allowed for users to chroot them on SSH
182 # login. Ssfs users have /bin/ssfs-sh as SHell.
183 grep -q ^chroot /etc/busybox.conf ||
184 echo 'chroot = ssx root.root' >> /etc/busybox.conf
186 echo ""
187 gettext "Checking:"; echo " /etc/passwd"
188 if grep ^$login: /etc/passwd; then
189 gettext "Exiting, user already exists:"
190 echo -e " $login\n" && exit 0
191 fi
193 gettext "Creating user: $login..."
194 echo -e "$pass\n$pass" | \
195 adduser -h "$home" -g "Ssfs User" -u $id \
196 -s /bin/ssfs-sh $login >/dev/null
197 status
199 # Add user to chroot /etc/passwd
200 gettext "Checking vdisk chroot:"; echo " $root/etc/passwd"
201 if ! grep -q ^$login: $root/etc/passwd; then
202 echo "$login:x:$id:$id:Ssfs User:/home/$login:/bin/sh" >> \
203 $root/etc/passwd
204 echo "$login:x:$id:" >> $root/etc/group
205 fi
207 # We don't want any files from /etc/skel.
208 gettext "Cleaning home and creating: Sync/..."
209 rm -rf $home && mkdir -p $home/Sync $home/.ssh && status
210 gettext "Changing mode on user home: 0700..."
211 chown -R $login.$login $home
212 chmod 0700 $home && status
214 # Create a custom config per user in SSFS_USERS.
215 [ ! -d "$SSFS_USERS" ] && mkdir -p $SSFS_USERS
216 user_config ;;
217 deluser)
218 [ -z "$login" ] && gettext "Missing user login name." && exit 0
219 user_paths
220 echo ""
221 gettext "Deleting user:"; echo -n " $login..."
222 sed -i /^$login:/d $root/etc/passwd
223 sed -i /^$login:/d $root/etc/group
224 deluser $login || status && status
225 gettext "Removing all files in:"; echo -n " $home..."
226 rm -rf $home && status
227 gettext "Removing user config:"; echo -n " $login.conf..."
228 rm -rf $config && status
229 echo "" ;;
230 chroot)
231 echo ""
232 gettext "Changing root to:"; echo -e " $root\n"
233 chroot $root
234 echo ""
235 gettext "Back to the host system:"
236 echo -e " $(hostname)\n" ;;
237 note)
238 # Admin notes for users and displayed on the web interface.
239 note="$2"
240 date=$(date "+%Y-%m-%d %H:%M")
241 if [ "$note" ]; then
242 gettext "Adding note to:"; echo " $state/notes"
243 echo "$date : $note" >> $state/notes
244 fi ;;
245 gen-vdisk)
246 # Generate a virtual disk with a minimal chroot for Ssfs users home.
247 rootfs=$share/rootfs
248 if [ -d "$root/bin" ]; then
249 gettext "A chroot already exists in:"; echo " $root"
250 exit 0
251 fi
252 if [ ! -f "$rootfs/etc/busybox.conf" ]; then
253 gettext "Missing package ssfs-busybox"; echo
254 exit 0
255 fi
256 echo ""
257 gettext "Creating Sshs vdisk minimal chroot"; echo
258 separator
259 echo "Chroot path: $root"
261 # Create vdisk if missing.
262 if [ ! -f "$vdisk" ]; then
263 gettext "Creating virtual disk:"; echo " $vdisk ${size}Gb"
264 dd if=/dev/zero of=$vdisk bs=1G count=$size
265 chmod 0600 $vdisk && du -sh $vdisk
266 gettext "Creating ext3 filesystem..."
267 mkfs.ext3 -q -T ext3 -L "Ssfs" -F $vdisk
268 status
269 mount_vdisk
270 fi
272 # Create a radically minimal chroot with all libs in /lib.
273 gettext "Creating base files..."
274 mkdir -p $root && cd $root
275 for d in etc lib home root
276 do
277 mkdir -p $d
278 done && status
280 # /etc files.
281 cp -f /etc/slitaz-release $root/etc
282 if [ ! -f "$root/etc/passwd" ]; then
283 echo "root:x:0:0:root:/root:/bin/sh" > $root/etc/passwd
284 echo "root:x:0:" > $root/etc/group
285 fi
287 # Ssfs Busybox package installs files in $share and allows easy vdisk
288 # upgrade following SliTaz repo.
289 gettext "Installing Ssfs root filesystem..."
290 cp -a $rootfs/* $root
291 status
293 gettext "Setting files permissions..."
294 chmod 0700 $root/root
295 chmod 4755 $root/bin/busybox
296 chmod 0600 $root/etc/busybox.conf
297 status
299 # Glib minimal libs, use host lib since package should be installed
300 # from same repo. ? libnss_compat*
301 gettext "Installing Glibc libraries..."
302 for l in ld-*.*so* libc-*.*so libc.so.* libnss_files*
303 do
304 cp -a /lib/$l* $root/lib
305 done && status
307 # Ssfs chroot SHell and declare vdisk config.
308 gettext "Installing Ssfs SHell..."
309 install -m 0755 /bin/ssfs-sh $root/bin
310 touch $root/etc/vdisk.conf
311 status
313 # List of all system files.
314 gettext "Creating the list of files... "
315 cd $root && rm -f $state/vdisk.files
316 for d in bin etc lib
317 do
318 find ./$d | sed s'/^.//' >> $state/vdisk.files
319 done
320 files=$(cat $state/vdisk.files | wc -l)
321 echo "$files"
323 # Create chroot /etc/vdisk.conf
324 size=$(du -sh $vdisk | awk '{print $1}')
325 used=$(du -sh $root | awk '{print $1}')
326 date=$(date '+%Y-%m-%d %H:%M')
327 vdisk_config
328 separator
329 gettext "Vdisk used space:"; echo -e " $used - $date\n" ;;
330 mount-vdisk)
331 mount_vdisk ;;
332 umount-vdisk)
333 umount_vdisk ;;
334 check-vdisk)
335 # Check vdisk with e2fsck.
336 echo ""
337 gettext "Checking Ssfs virtual disk"; echo
338 separator
339 gettext "Virtual disk : "; du -sh $vdisk
340 gettext "Filesystem usage : "; du -sh $root
341 gettext "Remounting vdisk read/only before e2fsck -p..."
342 mount -o remount,loop,ro $vdisk $root && status
343 e2fsck -p $vdisk
344 gettext "Remounting vdisk read/write..."
345 mount -o remount,loop,rw $vdisk $root && status
346 separator && echo "" ;;
347 up-vdisk)
348 $0 clean-vdisk
349 $0 gen-vdisk ;;
350 clean-vdisk)
351 # clean up the vdisk storage chroot.
352 if [ ! -d "$root/bin" ] || [ ! -d "$root/lib" ]; then
353 gettext "No chroot found in:"; echo " $root"
354 exit 0
355 fi
356 echo ""
357 gettext "Cleaning virtual disk\n"
358 separator
359 echo "Chroot path: $root"
360 cd $root
361 for dir in *
362 do
363 size=$(du -sh $dir | awk '{print $1}')
364 case "$dir" in
365 etc|home|root|lost*)
366 gettext "Skipping:"; echo " $dir $size *" ;;
367 *)
368 gettext "Removing:"; echo " $dir $size"
369 rm -rf $dir ;;
370 esac
371 done && separator && echo "" ;;
372 *)
373 help ;;
374 esac
375 exit 0