ssfs annotate ssfs-server @ rev 23
README: small addition and fix to ssfs-server
| author | Christophe Lincoln <pankso@slitaz.org> |
|---|---|
| date | Sun Jun 12 04:40:40 2011 +0200 (2011-06-12) |
| parents | 2ab2f1cbd203 |
| children | 8727a2a80b10 |
| rev | line source |
|---|---|
| pankso@4 | 1 #!/bin/sh |
| pankso@4 | 2 # |
| pankso@4 | 3 # SliTaz Secure File Storage server side tool. |
| pankso@4 | 4 # |
| pankso@4 | 5 # Copyright (C) SliTaz GNU/Linux - BSD License |
| pankso@4 | 6 # Author: Christophe Lincoln <pankso@slitaz.org> |
| pankso@4 | 7 # |
| pankso@4 | 8 |
| pankso@4 | 9 app=$(basename $0) |
| pankso@23 | 10 cache=/var/cache/ssfs |
| pankso@4 | 11 [ -f "/etc/ssfs/$app.conf" ] && . /etc/ssfs/$app.conf |
| pankso@4 | 12 [ -f "./data/$app.conf" ] && . ./data/$app.conf |
| pankso@4 | 13 |
| pankso@4 | 14 # Be sure we're root. |
| pankso@4 | 15 [ $(id -u) != 0 ] && gettext "You must be root to run:" && \ |
| pankso@4 | 16 echo " $app" && exit 0 |
| pankso@4 | 17 |
| pankso@4 | 18 # Parse cmdline options. |
| pankso@4 | 19 for opt in $@ |
| pankso@4 | 20 do |
| pankso@4 | 21 case "$opt" in |
| pankso@4 | 22 --login=*) |
| pankso@4 | 23 login=${opt#--login=} ;; |
| pankso@4 | 24 --id=*) |
| pankso@4 | 25 id=${opt#--id=} ;; |
| pankso@4 | 26 --pass=*) |
| pankso@4 | 27 pass=${opt#--pass=} ;; |
| pankso@4 | 28 --root=*) |
| pankso@4 | 29 root=${opt#--root=} ;; |
| pankso@13 | 30 --vdisk=*) |
| pankso@13 | 31 vdisk=${opt#--vdisk=} ;; |
| pankso@13 | 32 --size=*) |
| pankso@13 | 33 size=${opt#--size=} ;; |
| pankso@4 | 34 *) |
| pankso@4 | 35 continue ;; |
| pankso@4 | 36 esac |
| pankso@4 | 37 done |
| pankso@4 | 38 |
| pankso@4 | 39 [ "$root" ] || root=${SSFS_CHROOT} |
| pankso@13 | 40 [ "$vdisk" ] || vdisk=${SSFS_VDISK} |
| pankso@13 | 41 [ "$size" ] || size=${SSFS_SIZE} |
| pankso@4 | 42 |
| pankso@4 | 43 # |
| pankso@4 | 44 # Functions |
| pankso@4 | 45 # |
| pankso@4 | 46 |
| pankso@4 | 47 # Built-in help usage. |
| pankso@4 | 48 help() { |
| pankso@4 | 49 cat << EOT |
| pankso@4 | 50 |
| pankso@4 | 51 $(echo -e "\033[1m$(gettext "Usage:")\033[0m") $app [command] [--option=] |
| pankso@4 | 52 |
| pankso@4 | 53 $(echo -e "\033[1m$(gettext "Commands:")\033[0m") |
| pankso@4 | 54 help $(gettext "Display this short usage.") |
| paul@12 | 55 users $(gettext "List user accounts and stats.") |
| pankso@4 | 56 adduser $(gettext "Add a user to the system with \$HOME in chroot.") |
| pankso@4 | 57 deluser $(gettext "Delete a user and remove \$HOME files.") |
| pankso@4 | 58 chroot $(gettext "Chroot to Ssfs storage root.") |
| pankso@13 | 59 gen-vdisk $(gettext "Create a vdisk with chroot for files storage.") |
| pankso@13 | 60 clean-vdisk $(gettext "Clean the vdisk but skip home and root.") |
| pankso@15 | 61 check-vdisk $(gettext "Check vdisk filesystem with e2fsck.") |
| pankso@13 | 62 mount-vdisk $(gettext "Mount ssfs virtual disk.") |
| pankso@13 | 63 umount-vdisk $(gettext "Unmount the vdisk and free loop device.") |
| pankso@4 | 64 |
| pankso@4 | 65 $(echo -e "\033[1m$(gettext "Options:")\033[0m") |
| pankso@4 | 66 --login= $(gettext "Login name for add or del an user.") |
| pankso@4 | 67 --id= $(gettext "User id for adduser command.") |
| pankso@4 | 68 --pass= $(gettext "User password for adduser.") |
| pankso@13 | 69 --root= $(gettext "The path to the Ssfs vdisk chroot.") |
| pankso@13 | 70 --vdisk= $(gettext "Set the Ssfs vdisk path and name.") |
| pankso@13 | 71 --size= $(gettext "Set the ext3 vdisk size in Gb.") |
| pankso@4 | 72 |
| pankso@4 | 73 EOT |
| pankso@4 | 74 } |
| pankso@4 | 75 |
| pankso@4 | 76 status() { |
| pankso@4 | 77 [ $? = 0 ] && echo " OK" |
| pankso@4 | 78 [ $? = 1 ] && echo -e " ERROR\n" && exit 1 |
| pankso@4 | 79 } |
| pankso@4 | 80 |
| pankso@13 | 81 separator() { |
| pankso@13 | 82 echo "================================================================================" |
| pankso@13 | 83 } |
| pankso@13 | 84 |
| pankso@13 | 85 # We have custom config when adding user to handle quota and user info. |
| pankso@4 | 86 user_paths() { |
| pankso@4 | 87 config=$SSFS_USERS/$login.conf |
| pankso@4 | 88 home=$root/./home/$login |
| pankso@4 | 89 } |
| pankso@4 | 90 |
| pankso@4 | 91 user_info() { |
| pankso@4 | 92 cat << EOT |
| pankso@4 | 93 |
| pankso@4 | 94 $(gettext "User login :") $login |
| pankso@4 | 95 $(gettext "User quota :") $QUOTA |
| pankso@4 | 96 $(gettext "Home usage :") $usage |
| pankso@4 | 97 |
| pankso@4 | 98 EOT |
| pankso@4 | 99 } |
| pankso@4 | 100 |
| pankso@4 | 101 user_config() { |
| pankso@4 | 102 gettext "Creating Ssfs user configuration file..." |
| pankso@4 | 103 cat > $config << EOT |
| pankso@4 | 104 # Ssfs user configuration file. |
| pankso@4 | 105 |
| pankso@4 | 106 LOGIN="$login" |
| pankso@4 | 107 QUOTA="$DEFAULT_QUOTA" |
| pankso@4 | 108 EOT |
| pankso@4 | 109 chmod 0600 $config && status |
| pankso@4 | 110 echo "" |
| pankso@4 | 111 } |
| pankso@4 | 112 |
| pankso@13 | 113 # Handle Ssfs virtual disk. |
| pankso@13 | 114 umount_vdisk() { |
| pankso@13 | 115 if mount | fgrep -q $root; then |
| pankso@13 | 116 loop=$(mount | fgrep $root | awk '{print $1}') |
| pankso@13 | 117 gettext "Unmounting Ssfs vdisk:"; echo " $vdisk" |
| pankso@13 | 118 umount $root && sleep 1 |
| pankso@13 | 119 gettext "Detaching loop device:"; echo " $loop" |
| pankso@13 | 120 losetup -d $loop |
| pankso@13 | 121 else |
| pankso@13 | 122 gettext "Ssfs vdisk is not mounted:"; echo " $vdisk" |
| pankso@13 | 123 fi |
| pankso@13 | 124 } |
| pankso@13 | 125 |
| pankso@13 | 126 mount_vdisk() { |
| pankso@15 | 127 if ! mount | fgrep -q $root; then |
| pankso@15 | 128 [ -d "$root" ] || mkdir -p $root |
| pankso@15 | 129 gettext "Mounting virtual disk:" |
| pankso@15 | 130 mount -o loop -t ext3 $vdisk $root |
| pankso@15 | 131 else |
| pankso@15 | 132 gettext "Ssfs vdisk is already mounted:" |
| pankso@15 | 133 fi |
| pankso@15 | 134 echo " $vdisk $root" |
| pankso@13 | 135 } |
| pankso@13 | 136 |
| pankso@4 | 137 # |
| pankso@4 | 138 # Commands |
| pankso@4 | 139 # |
| pankso@4 | 140 |
| pankso@4 | 141 case "$1" in |
| pankso@4 | 142 users) |
| pankso@4 | 143 gettext -e "\nChecking:"; echo " /etc/passwd" |
| pankso@4 | 144 fgrep "Ssfs User" /etc/passwd | while read line |
| pankso@4 | 145 do |
| pankso@4 | 146 login=$(echo $line | cut -d ":" -f 1) |
| pankso@4 | 147 home="$root/home/$login" |
| pankso@4 | 148 usage=$(du -sm $home | awk '{print $1}') |
| pankso@4 | 149 config=$SSFS_USERS/$login.conf |
| pankso@4 | 150 . $config || gettext -e "WARNING: No config file\n" |
| pankso@4 | 151 user_info |
| pankso@4 | 152 done |
| pankso@4 | 153 users=$(ls $SSFS_USERS | wc -l) |
| pankso@4 | 154 gettext "Users:"; echo -e " $users\n" ;; |
| pankso@4 | 155 adduser) |
| pankso@4 | 156 # Add a Ssfs user to the system with $HOME in chroot. |
| pankso@4 | 157 [ -z "$login" ] && gettext -e "Missing user login name.\n" && exit 0 |
| pankso@4 | 158 [ -z "$id" ] && gettext -e "Missing user id.\n" && exit 0 |
| pankso@4 | 159 [ -z "$pass" ] && gettext -e "Missing user password.\n" && exit 0 |
| pankso@4 | 160 user_paths |
| pankso@4 | 161 |
| pankso@4 | 162 gettext -e "\nChecking:"; echo " /etc/passwd" |
| pankso@4 | 163 if grep ^$login: /etc/passwd; then |
| paul@12 | 164 gettext -e "Exiting, user already exists:" |
| pankso@4 | 165 echo -e " $login\n" && exit 0 |
| pankso@4 | 166 fi |
| pankso@4 | 167 gettext "Creating user: $login..." |
| pankso@4 | 168 echo -e "$pass\n$pass" | \ |
| pankso@4 | 169 adduser -h "$home" -g "Ssfs User" -u $id $login >/dev/null |
| pankso@4 | 170 status |
| pankso@4 | 171 |
| paul@12 | 172 # We don't want any files from /etc/skel. |
| pankso@4 | 173 gettext "Cleaning home and creating: Sync/..." |
| pankso@15 | 174 rm -rf $home && mkdir -p $home/Sync $home/.ssh && status |
| pankso@4 | 175 gettext "Changing mode on user home: 0700..." |
| pankso@4 | 176 chown -R $login.$login $home |
| pankso@4 | 177 chmod 0700 $home && status |
| pankso@4 | 178 |
| paul@12 | 179 # Create a custom config per user in SSFS_USERS. |
| pankso@4 | 180 [ ! -d "$SSFS_USERS" ] && mkdir -p $SSFS_USERS |
| pankso@4 | 181 user_config ;; |
| pankso@4 | 182 deluser) |
| pankso@4 | 183 [ -z "$login" ] && gettext -e "Missing user login name.\n" && exit 0 |
| pankso@4 | 184 user_paths |
| pankso@4 | 185 gettext -e "\nDeleting user:"; echo -n " $login..." |
| pankso@4 | 186 deluser $login || status && status |
| pankso@4 | 187 gettext "Removing all files in:"; echo -n " $home..." |
| pankso@4 | 188 rm -rf $home && status |
| pankso@4 | 189 gettext "Removing user config:"; echo -n " $login.conf..." |
| pankso@4 | 190 rm -rf $config && status |
| pankso@4 | 191 echo "" ;; |
| pankso@4 | 192 chroot) |
| pankso@4 | 193 gettext -e "\nChanging root to:"; echo -e " $root\n" |
| pankso@4 | 194 chroot $root |
| pankso@4 | 195 gettext -e "\nBack to the host system:" |
| pankso@4 | 196 echo -e " $(hostname)\n" ;; |
| pankso@13 | 197 gen-vdisk) |
| pankso@13 | 198 # Generated a virtual disk with a minimal chroot for Ssfs users home. |
| pankso@4 | 199 if [ -d "$root/bin" ]; then |
| paul@12 | 200 gettext -e "A chroot already exists in:"; echo " $root" |
| pankso@4 | 201 exit 0 |
| pankso@4 | 202 fi |
| pankso@13 | 203 echo "" |
| pankso@13 | 204 gettext "Creating chroot in:"; echo " $root" |
| pankso@13 | 205 separator |
| pankso@13 | 206 |
| pankso@13 | 207 # Create vdisk if missing. |
| pankso@13 | 208 if [ ! -f "$vdisk" ]; then |
| pankso@13 | 209 gettext "Creating virtual disk:"; echo " $vdisk ${size}Gb" |
| pankso@13 | 210 dd if=/dev/zero of=$vdisk bs=1G count=$size |
| pankso@23 | 211 chmod 0600 $vdisk && du -sh $vdisk |
| pankso@13 | 212 gettext "Creating ext3 filesystem..." |
| pankso@13 | 213 mkfs.ext3 -q -T ext3 -L "Ssfs" -F $vdisk |
| pankso@13 | 214 status |
| pankso@13 | 215 mount_vdisk |
| pankso@13 | 216 fi |
| pankso@13 | 217 |
| pankso@13 | 218 # Create a radicaly minimal chroot with all libs in /lib. |
| pankso@13 | 219 gettext "Creating base files..." |
| pankso@13 | 220 mkdir -p $root && cd $root |
| pankso@13 | 221 for d in etc tmp lib usr home root |
| pankso@13 | 222 do |
| pankso@13 | 223 mkdir -p $d |
| pankso@13 | 224 done && status |
| pankso@13 | 225 cp -a /etc/slitaz-release $root/etc |
| pankso@13 | 226 #cp -a /etc/nsswitch.conf $root/etc |
| pankso@13 | 227 echo "root:x:0:0:root:/root:/bin/sh" > etc/passwd |
| pankso@13 | 228 echo "root::13525:0:99999:7:::" > etc/shadow |
| pankso@13 | 229 echo "root:x:0:" > etc/group |
| pankso@13 | 230 echo "root:*::" > etc/gshadow |
| pankso@13 | 231 |
| pankso@13 | 232 gettext "Setting files permissions..." |
| pankso@13 | 233 chmod 640 etc/shadow etc/gshadow |
| pankso@13 | 234 chmod 0700 root && chmod 1777 tmp |
| pankso@4 | 235 status |
| pankso@13 | 236 |
| pankso@13 | 237 # Busybox without deps (get && extract). No system comands are allowed |
| pankso@13 | 238 # in /etc/busybox.conf to restrict SSHed users. |
| pankso@4 | 239 gettext "Installing Busybox..." |
| pankso@13 | 240 cd $root/tmp |
| pankso@13 | 241 tazpkg get busybox >/dev/null |
| pankso@13 | 242 tazpkg extract busybox-* >/dev/null |
| pankso@13 | 243 rm -rf fs && mv -f busybox-*/fs . && rm -rf busybox-* |
| pankso@13 | 244 cp -a fs/bin fs/sbin $root |
| pankso@13 | 245 cp -a fs/usr/bin fs/usr/sbin $root/usr |
| pankso@13 | 246 rm -rf fs |
| pankso@4 | 247 status |
| pankso@13 | 248 gettext "Creatin restrictive Busybox config file..." |
| pankso@13 | 249 echo '# /etc/busybox.conf: Ssfs Busybox configuration.' \ |
| pankso@13 | 250 > $root/etc/busybox.conf |
| pankso@13 | 251 echo -e "\nsu = ---" >> $root/etc/busybox.conf |
| pankso@13 | 252 chmod 0600 $root/etc/busybox.conf |
| pankso@13 | 253 status |
| pankso@13 | 254 |
| pankso@13 | 255 # Glib minimal libs, use host lib since package should be installed |
| pankso@13 | 256 # from same repo. |
| pankso@13 | 257 gettext "Installing Glibc libraries..." |
| pankso@13 | 258 for l in ld-*.*so* libc-*.*so libc.so.* libnss_files* |
| pankso@13 | 259 do |
| pankso@13 | 260 cp -a /lib/$l* $root/lib |
| pankso@13 | 261 done && status |
| pankso@13 | 262 size=$(du -sh $root | awk '{print $1}') |
| pankso@13 | 263 separator |
| pankso@13 | 264 gettext "Vdisk used space:"; echo -e " $size\n" ;; |
| pankso@13 | 265 mount-vdisk) |
| pankso@13 | 266 mount_vdisk ;; |
| pankso@13 | 267 umount-vdisk) |
| pankso@13 | 268 umount_vdisk ;; |
| pankso@15 | 269 check-vdisk) |
| pankso@15 | 270 # Check vdisk with e2fsck. |
| pankso@15 | 271 echo "" |
| pankso@15 | 272 gettext -e "Checking Ssfs virtual disk\n" |
| pankso@15 | 273 separator |
| pankso@15 | 274 gettext "Virtual disk : "; du -sh $vdisk |
| pankso@15 | 275 gettext "Filesystem usage : "; du -sh $root |
| pankso@15 | 276 gettext "Remounting vdisk read/only before e2fsck -p..." |
| pankso@15 | 277 mount -o remount,loop,ro $vdisk $root && status |
| pankso@15 | 278 e2fsck -p $vdisk |
| pankso@15 | 279 gettext "Remounting vdisk read/write..." |
| pankso@15 | 280 mount -o remount,loop,rw $vdisk $root && status |
| pankso@15 | 281 separator && echo "" ;; |
| pankso@13 | 282 clean-vdisk) |
| pankso@13 | 283 # clean up the vdisk storage chroot. |
| pankso@4 | 284 if [ ! -d "$root/bin" ] || [ ! -d "$root/usr" ]; then |
| pankso@4 | 285 gettext -e "No chroot found in:"; echo " $root" |
| pankso@4 | 286 exit 0 |
| pankso@4 | 287 fi |
| pankso@13 | 288 gettext -e "\nCleaning virtual disk\n" |
| pankso@13 | 289 separator |
| pankso@13 | 290 gettext "Changing directory to:"; echo " $root" |
| pankso@4 | 291 cd $root |
| pankso@4 | 292 for dir in * |
| pankso@4 | 293 do |
| pankso@4 | 294 size=$(du -sh $dir | awk '{print $1}') |
| pankso@4 | 295 case "$dir" in |
| pankso@13 | 296 home|root|lost*) |
| pankso@4 | 297 gettext "Skipping:"; echo " $dir $size *" ;; |
| pankso@4 | 298 *) |
| pankso@4 | 299 gettext "Removing:"; echo " $dir $size" |
| pankso@4 | 300 rm -rf $dir ;; |
| pankso@4 | 301 esac |
| pankso@13 | 302 done && separator && echo "" ;; |
| pankso@4 | 303 *) |
| pankso@4 | 304 help ;; |
| pankso@4 | 305 esac |
| pankso@4 | 306 exit 0 |