ssfs annotate ssfs-server @ rev 13
Implement Ssfs virtual disk (more secure, easier to backup and readicaly minimal chroot include using 2.1Mb!
| author | Christophe Lincoln <pankso@slitaz.org> |
|---|---|
| date | Sat Jun 11 22:26:13 2011 +0200 (2011-06-11) |
| parents | adba1713f615 |
| children | 2ab2f1cbd203 |
| rev | line source |
|---|---|
| pankso@4 | 1 #!/bin/sh |
| pankso@4 | 2 # |
| pankso@4 | 3 # SliTaz Secure File Storage server side tool. |
| pankso@4 | 4 # |
| pankso@4 | 5 # Copyright (C) SliTaz GNU/Linux - BSD License |
| pankso@4 | 6 # Author: Christophe Lincoln <pankso@slitaz.org> |
| pankso@4 | 7 # |
| pankso@4 | 8 |
| pankso@4 | 9 app=$(basename $0) |
| pankso@4 | 10 [ -f "/etc/ssfs/$app.conf" ] && . /etc/ssfs/$app.conf |
| pankso@4 | 11 [ -f "./data/$app.conf" ] && . ./data/$app.conf |
| pankso@4 | 12 |
| pankso@4 | 13 # Be sure we're root. |
| pankso@4 | 14 [ $(id -u) != 0 ] && gettext "You must be root to run:" && \ |
| pankso@4 | 15 echo " $app" && exit 0 |
| pankso@4 | 16 |
| pankso@4 | 17 # Parse cmdline options. |
| pankso@4 | 18 for opt in $@ |
| pankso@4 | 19 do |
| pankso@4 | 20 case "$opt" in |
| pankso@4 | 21 --login=*) |
| pankso@4 | 22 login=${opt#--login=} ;; |
| pankso@4 | 23 --id=*) |
| pankso@4 | 24 id=${opt#--id=} ;; |
| pankso@4 | 25 --pass=*) |
| pankso@4 | 26 pass=${opt#--pass=} ;; |
| pankso@4 | 27 --root=*) |
| pankso@4 | 28 root=${opt#--root=} ;; |
| pankso@13 | 29 --vdisk=*) |
| pankso@13 | 30 vdisk=${opt#--vdisk=} ;; |
| pankso@13 | 31 --size=*) |
| pankso@13 | 32 size=${opt#--size=} ;; |
| pankso@4 | 33 *) |
| pankso@4 | 34 continue ;; |
| pankso@4 | 35 esac |
| pankso@4 | 36 done |
| pankso@4 | 37 |
| pankso@4 | 38 [ "$root" ] || root=${SSFS_CHROOT} |
| pankso@13 | 39 [ "$vdisk" ] || vdisk=${SSFS_VDISK} |
| pankso@13 | 40 [ "$size" ] || size=${SSFS_SIZE} |
| pankso@4 | 41 |
| pankso@4 | 42 # |
| pankso@4 | 43 # Functions |
| pankso@4 | 44 # |
| pankso@4 | 45 |
| pankso@4 | 46 # Built-in help usage. |
| pankso@4 | 47 help() { |
| pankso@4 | 48 cat << EOT |
| pankso@4 | 49 |
| pankso@4 | 50 $(echo -e "\033[1m$(gettext "Usage:")\033[0m") $app [command] [--option=] |
| pankso@4 | 51 |
| pankso@4 | 52 $(echo -e "\033[1m$(gettext "Commands:")\033[0m") |
| pankso@4 | 53 help $(gettext "Display this short usage.") |
| paul@12 | 54 users $(gettext "List user accounts and stats.") |
| pankso@4 | 55 adduser $(gettext "Add a user to the system with \$HOME in chroot.") |
| pankso@4 | 56 deluser $(gettext "Delete a user and remove \$HOME files.") |
| pankso@4 | 57 chroot $(gettext "Chroot to Ssfs storage root.") |
| pankso@13 | 58 gen-vdisk $(gettext "Create a vdisk with chroot for files storage.") |
| pankso@13 | 59 clean-vdisk $(gettext "Clean the vdisk but skip home and root.") |
| pankso@13 | 60 mount-vdisk $(gettext "Mount ssfs virtual disk.") |
| pankso@13 | 61 umount-vdisk $(gettext "Unmount the vdisk and free loop device.") |
| pankso@4 | 62 |
| pankso@4 | 63 $(echo -e "\033[1m$(gettext "Options:")\033[0m") |
| pankso@4 | 64 --login= $(gettext "Login name for add or del an user.") |
| pankso@4 | 65 --id= $(gettext "User id for adduser command.") |
| pankso@4 | 66 --pass= $(gettext "User password for adduser.") |
| pankso@13 | 67 --root= $(gettext "The path to the Ssfs vdisk chroot.") |
| pankso@13 | 68 --vdisk= $(gettext "Set the Ssfs vdisk path and name.") |
| pankso@13 | 69 --size= $(gettext "Set the ext3 vdisk size in Gb.") |
| pankso@4 | 70 |
| pankso@4 | 71 EOT |
| pankso@4 | 72 } |
| pankso@4 | 73 |
| pankso@4 | 74 status() { |
| pankso@4 | 75 [ $? = 0 ] && echo " OK" |
| pankso@4 | 76 [ $? = 1 ] && echo -e " ERROR\n" && exit 1 |
| pankso@4 | 77 } |
| pankso@4 | 78 |
| pankso@13 | 79 separator() { |
| pankso@13 | 80 echo "================================================================================" |
| pankso@13 | 81 } |
| pankso@13 | 82 |
| pankso@13 | 83 # We have custom config when adding user to handle quota and user info. |
| pankso@4 | 84 user_paths() { |
| pankso@4 | 85 config=$SSFS_USERS/$login.conf |
| pankso@4 | 86 home=$root/./home/$login |
| pankso@4 | 87 } |
| pankso@4 | 88 |
| pankso@4 | 89 user_info() { |
| pankso@4 | 90 cat << EOT |
| pankso@4 | 91 |
| pankso@4 | 92 $(gettext "User login :") $login |
| pankso@4 | 93 $(gettext "User quota :") $QUOTA |
| pankso@4 | 94 $(gettext "Home usage :") $usage |
| pankso@4 | 95 |
| pankso@4 | 96 EOT |
| pankso@4 | 97 } |
| pankso@4 | 98 |
| pankso@4 | 99 user_config() { |
| pankso@4 | 100 gettext "Creating Ssfs user configuration file..." |
| pankso@4 | 101 cat > $config << EOT |
| pankso@4 | 102 # Ssfs user configuration file. |
| pankso@4 | 103 |
| pankso@4 | 104 LOGIN="$login" |
| pankso@4 | 105 QUOTA="$DEFAULT_QUOTA" |
| pankso@4 | 106 EOT |
| pankso@4 | 107 chmod 0600 $config && status |
| pankso@4 | 108 echo "" |
| pankso@4 | 109 } |
| pankso@4 | 110 |
| pankso@13 | 111 # Handle Ssfs virtual disk. |
| pankso@13 | 112 umount_vdisk() { |
| pankso@13 | 113 if mount | fgrep -q $root; then |
| pankso@13 | 114 loop=$(mount | fgrep $root | awk '{print $1}') |
| pankso@13 | 115 gettext "Unmounting Ssfs vdisk:"; echo " $vdisk" |
| pankso@13 | 116 umount $root && sleep 1 |
| pankso@13 | 117 gettext "Detaching loop device:"; echo " $loop" |
| pankso@13 | 118 losetup -d $loop |
| pankso@13 | 119 else |
| pankso@13 | 120 gettext "Ssfs vdisk is not mounted:"; echo " $vdisk" |
| pankso@13 | 121 fi |
| pankso@13 | 122 } |
| pankso@13 | 123 |
| pankso@13 | 124 mount_vdisk() { |
| pankso@13 | 125 umount_vdisk |
| pankso@13 | 126 [ -d "$root" ] || mkdir -p $root |
| pankso@13 | 127 gettext "Mounting virtual disk:"; echo " $vdisk $root" |
| pankso@13 | 128 mount -o loop -t ext3 $vdisk $root |
| pankso@13 | 129 } |
| pankso@13 | 130 |
| pankso@4 | 131 # |
| pankso@4 | 132 # Commands |
| pankso@4 | 133 # |
| pankso@4 | 134 |
| pankso@4 | 135 case "$1" in |
| pankso@4 | 136 users) |
| pankso@4 | 137 gettext -e "\nChecking:"; echo " /etc/passwd" |
| pankso@4 | 138 fgrep "Ssfs User" /etc/passwd | while read line |
| pankso@4 | 139 do |
| pankso@4 | 140 login=$(echo $line | cut -d ":" -f 1) |
| pankso@4 | 141 home="$root/home/$login" |
| pankso@4 | 142 usage=$(du -sm $home | awk '{print $1}') |
| pankso@4 | 143 config=$SSFS_USERS/$login.conf |
| pankso@4 | 144 . $config || gettext -e "WARNING: No config file\n" |
| pankso@4 | 145 user_info |
| pankso@4 | 146 done |
| pankso@4 | 147 users=$(ls $SSFS_USERS | wc -l) |
| pankso@4 | 148 gettext "Users:"; echo -e " $users\n" ;; |
| pankso@4 | 149 adduser) |
| pankso@4 | 150 # Add a Ssfs user to the system with $HOME in chroot. |
| pankso@4 | 151 [ -z "$login" ] && gettext -e "Missing user login name.\n" && exit 0 |
| pankso@4 | 152 [ -z "$id" ] && gettext -e "Missing user id.\n" && exit 0 |
| pankso@4 | 153 [ -z "$pass" ] && gettext -e "Missing user password.\n" && exit 0 |
| pankso@4 | 154 user_paths |
| pankso@4 | 155 |
| pankso@4 | 156 gettext -e "\nChecking:"; echo " /etc/passwd" |
| pankso@4 | 157 if grep ^$login: /etc/passwd; then |
| paul@12 | 158 gettext -e "Exiting, user already exists:" |
| pankso@4 | 159 echo -e " $login\n" && exit 0 |
| pankso@4 | 160 fi |
| pankso@4 | 161 gettext "Creating user: $login..." |
| pankso@4 | 162 echo -e "$pass\n$pass" | \ |
| pankso@4 | 163 adduser -h "$home" -g "Ssfs User" -u $id $login >/dev/null |
| pankso@4 | 164 status |
| pankso@4 | 165 |
| paul@12 | 166 # We don't want any files from /etc/skel. |
| pankso@4 | 167 gettext "Cleaning home and creating: Sync/..." |
| pankso@4 | 168 rm -rf $home && mkdir -p $home/Sync && status |
| pankso@4 | 169 gettext "Changing mode on user home: 0700..." |
| pankso@4 | 170 chown -R $login.$login $home |
| pankso@4 | 171 chmod 0700 $home && status |
| pankso@4 | 172 |
| paul@12 | 173 # Create a custom config per user in SSFS_USERS. |
| pankso@4 | 174 [ ! -d "$SSFS_USERS" ] && mkdir -p $SSFS_USERS |
| pankso@4 | 175 user_config ;; |
| pankso@4 | 176 deluser) |
| pankso@4 | 177 [ -z "$login" ] && gettext -e "Missing user login name.\n" && exit 0 |
| pankso@4 | 178 user_paths |
| pankso@4 | 179 gettext -e "\nDeleting user:"; echo -n " $login..." |
| pankso@4 | 180 deluser $login || status && status |
| pankso@4 | 181 gettext "Removing all files in:"; echo -n " $home..." |
| pankso@4 | 182 rm -rf $home && status |
| pankso@4 | 183 gettext "Removing user config:"; echo -n " $login.conf..." |
| pankso@4 | 184 rm -rf $config && status |
| pankso@4 | 185 echo "" ;; |
| pankso@4 | 186 chroot) |
| pankso@4 | 187 gettext -e "\nChanging root to:"; echo -e " $root\n" |
| pankso@4 | 188 chroot $root |
| pankso@4 | 189 gettext -e "\nBack to the host system:" |
| pankso@4 | 190 echo -e " $(hostname)\n" ;; |
| pankso@13 | 191 gen-vdisk) |
| pankso@13 | 192 # Generated a virtual disk with a minimal chroot for Ssfs users home. |
| pankso@4 | 193 if [ -d "$root/bin" ]; then |
| paul@12 | 194 gettext -e "A chroot already exists in:"; echo " $root" |
| pankso@4 | 195 exit 0 |
| pankso@4 | 196 fi |
| pankso@13 | 197 echo "" |
| pankso@13 | 198 gettext "Creating chroot in:"; echo " $root" |
| pankso@13 | 199 separator |
| pankso@13 | 200 |
| pankso@13 | 201 # Create vdisk if missing. |
| pankso@13 | 202 if [ ! -f "$vdisk" ]; then |
| pankso@13 | 203 gettext "Creating virtual disk:"; echo " $vdisk ${size}Gb" |
| pankso@13 | 204 dd if=/dev/zero of=$vdisk bs=1G count=$size |
| pankso@13 | 205 du -sh $vdisk |
| pankso@13 | 206 gettext "Creating ext3 filesystem..." |
| pankso@13 | 207 mkfs.ext3 -q -T ext3 -L "Ssfs" -F $vdisk |
| pankso@13 | 208 status |
| pankso@13 | 209 mount_vdisk |
| pankso@13 | 210 fi |
| pankso@13 | 211 |
| pankso@13 | 212 # Create a radicaly minimal chroot with all libs in /lib. |
| pankso@13 | 213 gettext "Creating base files..." |
| pankso@13 | 214 mkdir -p $root && cd $root |
| pankso@13 | 215 for d in etc tmp lib usr home root |
| pankso@13 | 216 do |
| pankso@13 | 217 mkdir -p $d |
| pankso@13 | 218 done && status |
| pankso@13 | 219 cp -a /etc/slitaz-release $root/etc |
| pankso@13 | 220 #cp -a /etc/nsswitch.conf $root/etc |
| pankso@13 | 221 echo "root:x:0:0:root:/root:/bin/sh" > etc/passwd |
| pankso@13 | 222 echo "root::13525:0:99999:7:::" > etc/shadow |
| pankso@13 | 223 echo "root:x:0:" > etc/group |
| pankso@13 | 224 echo "root:*::" > etc/gshadow |
| pankso@13 | 225 |
| pankso@13 | 226 gettext "Setting files permissions..." |
| pankso@13 | 227 chmod 640 etc/shadow etc/gshadow |
| pankso@13 | 228 chmod 0700 root && chmod 1777 tmp |
| pankso@4 | 229 status |
| pankso@13 | 230 |
| pankso@13 | 231 # Busybox without deps (get && extract). No system comands are allowed |
| pankso@13 | 232 # in /etc/busybox.conf to restrict SSHed users. |
| pankso@4 | 233 gettext "Installing Busybox..." |
| pankso@13 | 234 cd $root/tmp |
| pankso@13 | 235 tazpkg get busybox >/dev/null |
| pankso@13 | 236 tazpkg extract busybox-* >/dev/null |
| pankso@13 | 237 rm -rf fs && mv -f busybox-*/fs . && rm -rf busybox-* |
| pankso@13 | 238 cp -a fs/bin fs/sbin $root |
| pankso@13 | 239 cp -a fs/usr/bin fs/usr/sbin $root/usr |
| pankso@13 | 240 rm -rf fs |
| pankso@4 | 241 status |
| pankso@13 | 242 gettext "Creatin restrictive Busybox config file..." |
| pankso@13 | 243 echo '# /etc/busybox.conf: Ssfs Busybox configuration.' \ |
| pankso@13 | 244 > $root/etc/busybox.conf |
| pankso@13 | 245 echo -e "\nsu = ---" >> $root/etc/busybox.conf |
| pankso@13 | 246 chmod 0600 $root/etc/busybox.conf |
| pankso@13 | 247 status |
| pankso@13 | 248 |
| pankso@13 | 249 # Glib minimal libs, use host lib since package should be installed |
| pankso@13 | 250 # from same repo. |
| pankso@13 | 251 gettext "Installing Glibc libraries..." |
| pankso@13 | 252 for l in ld-*.*so* libc-*.*so libc.so.* libnss_files* |
| pankso@13 | 253 do |
| pankso@13 | 254 cp -a /lib/$l* $root/lib |
| pankso@13 | 255 done && status |
| pankso@13 | 256 size=$(du -sh $root | awk '{print $1}') |
| pankso@13 | 257 separator |
| pankso@13 | 258 gettext "Vdisk used space:"; echo -e " $size\n" ;; |
| pankso@13 | 259 mount-vdisk) |
| pankso@13 | 260 mount_vdisk ;; |
| pankso@13 | 261 umount-vdisk) |
| pankso@13 | 262 umount_vdisk ;; |
| pankso@13 | 263 clean-vdisk) |
| pankso@13 | 264 # clean up the vdisk storage chroot. |
| pankso@4 | 265 if [ ! -d "$root/bin" ] || [ ! -d "$root/usr" ]; then |
| pankso@4 | 266 gettext -e "No chroot found in:"; echo " $root" |
| pankso@4 | 267 exit 0 |
| pankso@4 | 268 fi |
| pankso@13 | 269 gettext -e "\nCleaning virtual disk\n" |
| pankso@13 | 270 separator |
| pankso@13 | 271 gettext "Changing directory to:"; echo " $root" |
| pankso@4 | 272 cd $root |
| pankso@4 | 273 for dir in * |
| pankso@4 | 274 do |
| pankso@4 | 275 size=$(du -sh $dir | awk '{print $1}') |
| pankso@4 | 276 case "$dir" in |
| pankso@13 | 277 home|root|lost*) |
| pankso@4 | 278 gettext "Skipping:"; echo " $dir $size *" ;; |
| pankso@4 | 279 *) |
| pankso@4 | 280 gettext "Removing:"; echo " $dir $size" |
| pankso@4 | 281 rm -rf $dir ;; |
| pankso@4 | 282 esac |
| pankso@13 | 283 done && separator && echo "" ;; |
| pankso@4 | 284 *) |
| pankso@4 | 285 help ;; |
| pankso@4 | 286 esac |
| pankso@4 | 287 exit 0 |