ssfs view ssfs-server @ rev 34

Samlls improvment to server tool Shell
author Christophe Lincoln <pankso@slitaz.org>
date Sun Jun 12 13:31:26 2011 +0200 (2011-06-12)
parents 95b88686a283
children 72c49d4cc4e9
line source
1 #!/bin/sh
2 #
3 # SliTaz Secure File Storage server side tool.
4 #
5 # Copyright (C) SliTaz GNU/Linux - BSD License
6 # Author: Christophe Lincoln <pankso@slitaz.org>
7 #
8
9 app=$(basename $0)
10 [ -f "/etc/ssfs/$app.conf" ] && . /etc/ssfs/$app.conf
11 [ -f "./data/$app.conf" ] && . ./data/$app.conf
12 state=/var/lib/ssfs
13 share=/usr/share/ssfs
14
15 # Be sure we're root.
16 [ $(id -u) != 0 ] && gettext "You must be root to run:" && \
17 echo " $app" && exit 0
18
19 # Parse cmdline options.
20 for opt in $@
21 do
22 case "$opt" in
23 --login=*)
24 login=${opt#--login=} ;;
25 --id=*)
26 id=${opt#--id=} ;;
27 --pass=*)
28 pass=${opt#--pass=} ;;
29 --root=*)
30 root=${opt#--root=} ;;
31 --vdisk=*)
32 vdisk=${opt#--vdisk=} ;;
33 --size=*)
34 size=${opt#--size=} ;;
35 *)
36 continue ;;
37 esac
38 done
39
40 [ "$root" ] || root=${SSFS_CHROOT}
41 [ "$vdisk" ] || vdisk=${SSFS_VDISK}
42 [ "$size" ] || size=${SSFS_SIZE}
43
44 #
45 # Functions
46 #
47
48 # Built-in help usage.
49 help() {
50 cat << EOT
51
52 $(echo -e "\033[1m$(gettext "Usage:")\033[0m") $app [command] [--option=]
53
54 $(echo -e "\033[1m$(gettext "Commands:")\033[0m")
55 help $(gettext "Display this short usage.")
56 users $(gettext "List user accounts and stats.")
57 adduser $(gettext "Add a user to the system with \$HOME in chroot.")
58 deluser $(gettext "Delete a user and remove \$HOME files.")
59 chroot $(gettext "Chroot to Ssfs storage root.")
60 gen-vdisk $(gettext "Create a vdisk with chroot for files storage.")
61 clean-vdisk $(gettext "Clean the vdisk but skip home and root.")
62 check-vdisk $(gettext "Check the vdisk filesystem with e2fsck.")
63 mount-vdisk $(gettext "Mount a ssfs virtual disk.")
64 umount-vdisk $(gettext "Unmount the vdisk and free loop device.")
65
66 $(echo -e "\033[1m$(gettext "Options:")\033[0m")
67 --login= $(gettext "Login name to add or del an user.")
68 --id= $(gettext "User id for adduser command.")
69 --pass= $(gettext "User password for adduser.")
70 --root= $(gettext "The path to the Ssfs vdisk chroot.")
71 --vdisk= $(gettext "Set the Ssfs vdisk path and name.")
72 --size= $(gettext "Set the ext3 vdisk size in Gb.")
73
74 EOT
75 }
76
77 status() {
78 [ $? = 0 ] && echo " OK"
79 [ $? = 1 ] && echo -e " ERROR\n" && exit 1
80 }
81
82 separator() {
83 echo "================================================================================"
84 }
85
86 # We have custom config when adding user to handle quota and user info.
87 user_paths() {
88 config=$SSFS_USERS/$login.conf
89 home=$root/./home/$login
90 }
91
92 user_info() {
93 cat << EOT
94
95 $(gettext "User login :") $login
96 $(gettext "User quota :") $QUOTA
97 $(gettext "Home usage :") $usage
98
99 EOT
100 }
101
102 user_config() {
103 gettext "Creating Ssfs user configuration file..."
104 cat > $config << EOT
105 # Ssfs user configuration file.
106
107 LOGIN="$login"
108 QUOTA="$DEFAULT_QUOTA"
109 EOT
110 chmod 0600 $config && status
111 echo ""
112 }
113
114 # Handle Ssfs virtual disk.
115 umount_vdisk() {
116 if mount | fgrep -q $root; then
117 loop=$(mount | fgrep $root | awk '{print $1}')
118 gettext "Unmounting Ssfs vdisk:"; echo " $vdisk"
119 umount $root && sleep 1
120 gettext "Detaching loop device:"; echo " $loop"
121 losetup -d $loop
122 else
123 gettext "Ssfs vdisk is not mounted:"; echo " $vdisk"
124 fi
125 }
126
127 mount_vdisk() {
128 if ! mount | fgrep -q $root; then
129 [ -d "$root" ] || mkdir -p $root
130 gettext "Mounting virtual disk:"
131 mount -o loop -t ext3 $vdisk $root
132 else
133 gettext "Ssfs vdisk is already mounted:"
134 fi
135 echo " $vdisk $root"
136 }
137
138 #
139 # Commands
140 #
141
142 case "$1" in
143 users)
144 gettext -e "\nChecking:"; echo " /etc/passwd"
145 fgrep "Ssfs User" /etc/passwd | while read line
146 do
147 login=$(echo $line | cut -d ":" -f 1)
148 home="$root/home/$login"
149 usage=$(du -sm $home | awk '{print $1}')
150 config=$SSFS_USERS/$login.conf
151 . $config || gettext -e "WARNING: No config file\n"
152 user_info
153 done
154 users=$(ls $SSFS_USERS | wc -l)
155 gettext "Users:"; echo -e " $users\n" ;;
156 adduser)
157 # Add a Ssfs user to the system with $HOME in chroot.
158 [ -z "$login" ] && gettext -e "Missing user login name.\n" && exit 0
159 [ -z "$id" ] && gettext -e "Missing user id.\n" && exit 0
160 [ -z "$pass" ] && gettext -e "Missing user password.\n" && exit 0
161 user_paths
162
163 # We need chroot command allowed for users to chroot them on SSH
164 # login. Ssfs users have /bin/ssfs-sh as SHell.
165 grep -q ^chroot /etc/busybox.conf ||
166 echo 'chroot = ssx root.root' >> /etc/busybox.conf
167
168 gettext -e "\nChecking:"; echo " /etc/passwd"
169 if grep ^$login: /etc/passwd; then
170 gettext -e "Exiting, user already exists:"
171 echo -e " $login\n" && exit 0
172 fi
173
174 gettext "Creating user: $login..."
175 echo -e "$pass\n$pass" | \
176 adduser -h "$home" -g "Ssfs User" -u $id \
177 -s /bin/ssfs-sh $login >/dev/null
178 status
179
180 # Add user to chroot /etc/passwd
181 gettext "Checking vdisk chroot:"; echo " $root/etc/passwd"
182 if ! grep -q ^$login: $root/etc/passwd; then
183 echo "$login:x:$id:$id:Ssfs User:/home/$login:/bin/sh" >> \
184 $root/etc/passwd
185 fi
186
187 # We don't want any files from /etc/skel.
188 gettext "Cleaning home and creating: Sync/..."
189 rm -rf $home && mkdir -p $home/Sync $home/.ssh && status
190 gettext "Changing mode on user home: 0700..."
191 chown -R $login.$login $home
192 chmod 0700 $home && status
193
194 # Create a custom config per user in SSFS_USERS.
195 [ ! -d "$SSFS_USERS" ] && mkdir -p $SSFS_USERS
196 user_config ;;
197 deluser)
198 [ -z "$login" ] && gettext -e "Missing user login name.\n" && exit 0
199 user_paths
200 gettext -e "\nDeleting user:"; echo -n " $login..."
201 sed -i /^$login:/d $root/etc/passwd
202 deluser $login || status && status
203 gettext "Removing all files in:"; echo -n " $home..."
204 rm -rf $home && status
205 gettext "Removing user config:"; echo -n " $login.conf..."
206 rm -rf $config && status
207 echo "" ;;
208 chroot)
209 gettext -e "\nChanging root to:"; echo -e " $root\n"
210 chroot $root
211 gettext -e "\nBack to the host system:"
212 echo -e " $(hostname)\n" ;;
213 gen-vdisk)
214 <<<<<<< local
215 # Generated a virtual disk with a minimal chroot for Ssfs users home.
216 rootfs=$share/rootfs
217 =======
218 # Generate a virtual disk with a minimal chroot for Ssfs users home.
219 >>>>>>> other
220 if [ -d "$root/bin" ]; then
221 gettext "A chroot already exists in:"; echo " $root"
222 exit 0
223 fi
224 if [ ! -f "$rootfs/etc/busybox.conf" ]; then
225 gettext "Missing package ssfs-busybox"; echo
226 exit 0
227 fi
228 echo ""
229 gettext "Creating Sshs vdisk minimal chroot"; echo
230 separator
231 echo "Chroot path: $root"
232
233 # Create vdisk if missing.
234 if [ ! -f "$vdisk" ]; then
235 gettext "Creating virtual disk:"; echo " $vdisk ${size}Gb"
236 dd if=/dev/zero of=$vdisk bs=1G count=$size
237 chmod 0600 $vdisk && du -sh $vdisk
238 gettext "Creating ext3 filesystem..."
239 mkfs.ext3 -q -T ext3 -L "Ssfs" -F $vdisk
240 status
241 mount_vdisk
242 fi
243
244 # Create a radically minimal chroot with all libs in /lib.
245 gettext "Creating base files..."
246 mkdir -p $root && cd $root
247 for d in etc lib home root
248 do
249 mkdir -p $d
250 done && status
251
252 # /etc files.
253 cp -f /etc/slitaz-release $root/etc
254 if [ ! -f "$root/etc/passwd" ]; then
255 echo "root:x:0:0:root:/root:/bin/sh" > $root/etc/passwd
256 echo "root::13525:0:99999:7:::" > $root/etc/shadow
257 echo "root:x:0:" > $root/etc/group
258 echo "root:*::" > $root/etc/gshadow
259 fi
260
261 # /dev nodes.
262 #mknod -m 666 $root/dev/null c 1 3
263
264 # Ssfs Busybox package install files in $cache and allow easy vdisk
265 # upgrade folowing SliTaz repo.
266 gettext "Installing Ssfs Busybox..."
267 cp -a $rootfs/* $root
268 status
269
270 <<<<<<< local
271 gettext "Setting files permissions..."
272 chmod 0640 $root/etc/*shadow
273 chmod 0700 $root/root && status
274 chmod 4755 $root/bin/busybox
275 =======
276 # Busybox without deps (get && extract). No system comands are allowed
277 # in /etc/busybox.conf to restrict SSH'd users.
278 gettext "Installing Busybox..."
279 cd $root/tmp
280 tazpkg get busybox >/dev/null
281 tazpkg extract busybox-* >/dev/null
282 rm -rf fs && mv -f busybox-*/fs . && rm -rf busybox-*
283 cp -a fs/bin fs/sbin $root
284 cp -a fs/usr/bin fs/usr/sbin $root/usr
285 rm -rf fs && chmod 4755 $root/bin/busybox
286 status
287 gettext "Creating restrictive Busybox config file..."
288 echo '# Ssfs Busybox configuration.' \
289 > $root/etc/busybox.conf
290 echo -e "\n[SUID]" >> $root/etc/busybox.conf
291 echo -e "su = --- root.root" >> $root/etc/busybox.conf
292 >>>>>>> other
293 chmod 0600 $root/etc/busybox.conf
294
295 # Glib minimal libs, use host lib since package should be installed
296 # from same repo.
297 gettext "Installing Glibc libraries..."
298 for l in ld-*.*so* libc-*.*so libc.so.* libnss_files*
299 do
300 cp -a /lib/$l* $root/lib
301 done && status
302
303 # Ssfs chroot SHell
304 gettext "Installing Ssfs SHell..."
305 install -m 0755 /bin/ssfs-sh $root/bin
306 status
307
308 # List of all system files.
309 cd $root
310 for d in bin etc lib sbin
311 do
312 find ./$d | sed s'/^.//'
313 done
314
315 size=$(du -sh $root | awk '{print $1}')
316 separator
317 gettext "Vdisk used space:"; echo -e " $size\n" ;;
318 mount-vdisk)
319 mount_vdisk ;;
320 umount-vdisk)
321 umount_vdisk ;;
322 check-vdisk)
323 # Check vdisk with e2fsck.
324 echo ""
325 gettext -e "Checking Ssfs virtual disk\n"
326 separator
327 gettext "Virtual disk : "; du -sh $vdisk
328 gettext "Filesystem usage : "; du -sh $root
329 gettext "Remounting vdisk read/only before e2fsck -p..."
330 mount -o remount,loop,ro $vdisk $root && status
331 e2fsck -p $vdisk
332 gettext "Remounting vdisk read/write..."
333 mount -o remount,loop,rw $vdisk $root && status
334 separator && echo "" ;;
335 clean-vdisk)
336 # clean up the vdisk storage chroot.
337 if [ ! -d "$root/bin" ] || [ ! -d "$root/lib" ]; then
338 gettext -e "No chroot found in:"; echo " $root"
339 exit 0
340 fi
341 gettext -e "\nCleaning virtual disk\n"
342 separator
343 echo "Chroot path: $root"
344 cd $root
345 for dir in *
346 do
347 size=$(du -sh $dir | awk '{print $1}')
348 case "$dir" in
349 etc|home|root|lost*)
350 gettext "Skipping:"; echo " $dir $size *" ;;
351 *)
352 gettext "Removing:"; echo " $dir $size"
353 rm -rf $dir ;;
354 esac
355 done && separator && echo "" ;;
356 *)
357 help ;;
358 esac
359 exit 0