# HG changeset patch # User Christophe Lincoln # Date 1307864992 -7200 # Node ID 8727a2a80b104013ecf5de005f41261f9abb2e2e # Parent c949a4a2e23e411ff88ef32fc4bf21fe874bce86 Add ssfs-sh - Ssfs SHell for chrooted users with minimal env vars, also needed since chroot drop user to / by default diff -r c949a4a2e23e -r 8727a2a80b10 Makefile --- a/Makefile Sun Jun 12 05:44:28 2011 +0200 +++ b/Makefile Sun Jun 12 09:49:52 2011 +0200 @@ -10,13 +10,14 @@ all: install: - mkdir -p \ + mkdir -p $(DESTDIR)/bin \ $(DESTDIR)/etc/$(PACKAGE) \ $(DESTDIR)$(DOCDIR)/$(PACKAGE) \ $(DESTDIR)$(PREFIX)/bin \ $(DESTDIR)$(PREFIX)/sbin \ $(DESTDIR)/var/cache/$(PACKAGE) \ $(DESTDIR)$(PREFIX)/share/applications + install -m 0755 $(PACKAGE)-sh $(DESTDIR)/bin install -m 0755 $(PACKAGE) $(DESTDIR)$(PREFIX)/bin install -m 0755 $(PACKAGE)-box $(DESTDIR)$(PREFIX)/bin install -m 0755 $(PACKAGE)-server $(DESTDIR)$(PREFIX)/sbin diff -r c949a4a2e23e -r 8727a2a80b10 ssfs-server --- a/ssfs-server Sun Jun 12 05:44:28 2011 +0200 +++ b/ssfs-server Sun Jun 12 09:49:52 2011 +0200 @@ -158,16 +158,30 @@ [ -z "$id" ] && gettext -e "Missing user id.\n" && exit 0 [ -z "$pass" ] && gettext -e "Missing user password.\n" && exit 0 user_paths + + # We need chroot command allowed for users to chroot them on SSH + # login. Ssfs user have /bin/ssfs-sh as SHell. + grep -q ^chroot /etc/busybox.conf || + echo 'chroot = ssx root.root' >> /etc/busybox.conf gettext -e "\nChecking:"; echo " /etc/passwd" if grep ^$login: /etc/passwd; then gettext -e "Exiting, user already exists:" echo -e " $login\n" && exit 0 fi + gettext "Creating user: $login..." echo -e "$pass\n$pass" | \ - adduser -h "$home" -g "Ssfs User" -u $id $login >/dev/null + adduser -h "$home" -g "Ssfs User" -u $id \ + -s /bin/ssfs-sh $login >/dev/null status + + # Add user to chroot /etc/passwd + gettext "Checking vdisk chroot:"; echo " $root/etc/passwd" + if ! grep -q ^$login: $root/etc/passwd; then + echo "$login:x:$id:$id:Ssfs User:/home/$login:/bin/sh" >> \ + $root/etc/passwd + fi # We don't want any files from /etc/skel. gettext "Cleaning home and creating: Sync/..." @@ -183,6 +197,7 @@ [ -z "$login" ] && gettext -e "Missing user login name.\n" && exit 0 user_paths gettext -e "\nDeleting user:"; echo -n " $login..." + sed -i /^$login:/d $root/etc/passwd deluser $login || status && status gettext "Removing all files in:"; echo -n " $home..." rm -rf $home && status @@ -228,6 +243,7 @@ echo "root::13525:0:99999:7:::" > etc/shadow echo "root:x:0:" > etc/group echo "root:*::" > etc/gshadow + #mknod -m 666 $root/dev/null c 1 3 gettext "Setting files permissions..." chmod 640 etc/shadow etc/gshadow @@ -243,12 +259,13 @@ rm -rf fs && mv -f busybox-*/fs . && rm -rf busybox-* cp -a fs/bin fs/sbin $root cp -a fs/usr/bin fs/usr/sbin $root/usr - rm -rf fs + rm -rf fs && chmod 4755 $root/bin/busybox status gettext "Creatin restrictive Busybox config file..." echo '# /etc/busybox.conf: Ssfs Busybox configuration.' \ > $root/etc/busybox.conf - echo -e "\nsu = ---" >> $root/etc/busybox.conf + echo -e "\n[SUID]" >> $root/etc/busybox.conf + echo -e "su = --- root.root" >> $root/etc/busybox.conf chmod 0600 $root/etc/busybox.conf status diff -r c949a4a2e23e -r 8727a2a80b10 ssfs-sh --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/ssfs-sh Sun Jun 12 09:49:52 2011 +0200 @@ -0,0 +1,25 @@ +#!/bin/sh +# +# Ssfs users SHell - Chroot user into the virtual disk on login. This tool must +# be installed on server and in the vdisk chroot, it is executed when login and +# when chrooting. +# + +# Ssfs server config dont exist in chroot. +if [ -f /etc/ssfs/ssfs-server.conf ]; then + . /etc/ssfs/ssfs-server.conf + root=$SSFS_CHROOT + # Make sure it's a valid Ssfs user. + [ -d "$root/home/$USER" ] || exit 0 + clear && exec chroot $root /bin/ssfs-sh +else + # Chroot will drop user into /, so set new HOME and cd. Set also + # some env variables but dont source any profile. + echo -e "\nWelcome to Ssfs SHell $USER\n" + HOME=/home/$USER + SYNC=$HOME/Sync + SHELL=/bin/sh + PS1='\u@ssfs:\e[1;33m\w\e[0m\$ ' + export HOME SYNC SHELL PS1 + cd $HOME && exec /bin/sh $@ +fi