From 97d62d8032a1478543d6b5a0567bea7f2c5733b3 Mon Sep 17 00:00:00 2001 From: Ville Rantanen Date: Mon, 22 Aug 2022 18:25:11 +0300 Subject: [PATCH] script for adding, all data under one folder --- .gitignore | 1 + Makefile | 21 +++++++++++++++++++++ build/run.sh | 18 +++++++++++------- build/update_users.sh | 4 +++- docker-compose.yaml | 1 - run.sh | 2 -- test-run.sh | 5 ----- update-users.sh | 3 --- user-add | 28 ++++++++++++++++++++++++++++ 9 files changed, 64 insertions(+), 19 deletions(-) create mode 100644 Makefile delete mode 100755 run.sh delete mode 100755 test-run.sh delete mode 100755 update-users.sh create mode 100755 user-add diff --git a/.gitignore b/.gitignore index 9a759d2..7dc4d88 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,4 @@ +data/ home/ users/ sshd_config/ diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..56c4ec8 --- /dev/null +++ b/Makefile @@ -0,0 +1,21 @@ + + +service-up: + docker-compose up --build -d -t 1 + +service-logs: + docker-compose logs -f -t + +service-force-restart: + docker-compose build + docker-compose up -d --force-recreate -t 1 + docker-compose logs -f -t + +service-down: + docker-compose down -t 1 + +service-bash: + docker-compose exec ssh-ftp-server bash + +update-users: + docker-compose exec ssh-ftp-server update_users.sh diff --git a/build/run.sh b/build/run.sh index afef2ad..1712e1e 100755 --- a/build/run.sh +++ b/build/run.sh @@ -1,7 +1,6 @@ #!/bin/bash -set -e -set -x -set -u +set -exu +shopt -s nullglob basedir=/var/ssh-box/ test -f "$basedir"/ssh-cache/ssh_host_rsa_key || { ssh-keygen -A @@ -19,12 +18,15 @@ Subsystem sftp /usr/lib/ssh/sftp-server -u 002 EOF rsync -va /etc/ssh/ "$basedir"/ssh-cache/ } -mkdir -p "$basedir"/users +mkdir -p "$basedir"/users "$basedir"/ssh-cache "$basedir"/home rsync -va --del "$basedir"/ssh-cache/ /etc/ssh/ -chown -R $USR "$basedir" +chown -R $USR "$basedir"/users "$basedir"/ssh-cache chown -R root:root /etc/ssh/ chmod 0644 /etc/ssh/* chmod 0600 /etc/ssh/*key +chmod 0700 "$basedir"/ssh-cache/ "$basedir"/users/ +chmod 0600 "$basedir"/ssh-cache/* +chmod 0711 "$basedir" if getent group box; then echo Group already added @@ -32,8 +34,10 @@ else groupadd -g $GRP box fi -chown root:root /home -chmod 0755 /home +rmdir /home +chown root:root "$basedir"/home +chmod 0711 "$basedir"/home +ln -sfT "$basedir"/home /home touch /tmp/empty_keys chmod 0200 /tmp/empty_keys diff --git a/build/update_users.sh b/build/update_users.sh index a22efa2..33dc57e 100755 --- a/build/update_users.sh +++ b/build/update_users.sh @@ -39,5 +39,7 @@ for file in *; do rm -f "/home/$user/.ssh/authorized_keys" chown -R "$user":box "/home/$user/data" chmod -R u+rwX,g+rwX,o+X "/home/$user/data" + chmod 0600 "$file" + chown $USR "$file" done - +chmod 0700 /var/ssh-box/users diff --git a/docker-compose.yaml b/docker-compose.yaml index d5cedb2..50a8ce4 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -8,7 +8,6 @@ services: ports: - "0.0.0.0:${EXPOSE}:22" volumes: - - ./home/:/home/ - ./data/:/var/ssh-box/ environment: - USR=${USR} diff --git a/run.sh b/run.sh deleted file mode 100755 index 22f46ff..0000000 --- a/run.sh +++ /dev/null @@ -1,2 +0,0 @@ -#!/bin/bash -docker-compose up --build -d -t 1 diff --git a/test-run.sh b/test-run.sh deleted file mode 100755 index 66311d5..0000000 --- a/test-run.sh +++ /dev/null @@ -1,5 +0,0 @@ -#!/bin/bash -set -e -docker-compose build -docker-compose up -d --force-recreate -t 1 -docker-compose logs -f -t diff --git a/update-users.sh b/update-users.sh deleted file mode 100755 index a6c0e31..0000000 --- a/update-users.sh +++ /dev/null @@ -1,3 +0,0 @@ -#!/bin/bash -set -e -docker-compose exec ssh-ftp-server update_users.sh diff --git a/user-add b/user-add new file mode 100755 index 0000000..b45c933 --- /dev/null +++ b/user-add @@ -0,0 +1,28 @@ +#!/bin/bash +set -eu +echo Existing users +ls -1 data/users/ + +plusone=$( ls -1 data/users | sed 's/-.*//' | tail -n 1 ) +if [[ -z "$plusone" ]]; then + plusone=2000 +fi +plusone=$(( plusone + 1 )) + +echo Add user, select UID +read -e -i $plusone new_uid +echo Type username +read -e new_user + +echo data/users/"${new_uid}-${new_user}" +echo Edit authorized_keys, or break process +read foo + +eval ${EDITOR:- vim} data/users/"${new_uid}-${new_user}" + + +if test -s data/users/"${new_uid}-${new_user}"; then + echo Running user update + make update-users +fi +