#!/bin/bash ################################################# ## ## ## FTPsFTP ## ## standalone ftp/sftp server solution ## ## ## ################################################# # **** do not touch as long as you are not me **** version="v0.4.1b" author="david@socialnerds.org" giturl="http://git.gitorious.org/aec/ftpsftp.git" # **** usage message **** usage() { cat << EOF usage: ftpsftp options OPTIONS: -h show this message -i install ftpsftp on this ubuntu box -a add a user -d delete a user (not yet implemented) -r reset password for user (not yet implemented) -q (re)set the quota for user ****new feature**** -u update ftpsftp (pull from git) -v version information EOF } # **** version message **** version() { echo echo "FTPsFTP - standalone ftp/sftp server solution" echo echo "vesion: $version" echo "author: $author" echo } # **** am i root? **** amiroot() { if [ "$(whoami)" != "root" ]; then echo echo "sorry $USER, you need to gain root privileges to do this." echo exit 1; fi } # **** installation routine **** installation() { ## am i root? amiroot ## installing dependencies echo "info: trying to install dependencies via apt" apt-get update apt-get install -y vsftpd ssh quota quotatool makepasswd pwgen git-core vim ## reading configuration from user (stdin) echo "specify under which path the account home dirs should be stored (no tailing slash)" read accpath echo "specify the mointpoint of the device where your accounts are stored (needed for quota config)" read quotamountpoint echo "specify the fqdn of your host" read acchost echo "specify a system group for your sftp users [default: sftpusers]" read sftpgroup if [ -z $sftpgroup ]; then sftpgroup="sftpusers" fi ## creating needed directorys echo "info: creating directorys" mkdir -p /etc/ftpsftp mkdir -p /var/log/ftpsftp mkdir -p /opt ## creating configfiles and logfiles echo "info: creating configuration and log files" echo "$USER" > /etc/vsftpd.chroot_list touch /etc/vsftpd.user_list echo "type name pass quota reguester timestamp" > /var/log/ftpsftp/accounts.log #touch /var/log/ftpsftp/system.log #not yet in use echo '## ftpsftp configuration file ## accpath="'$accpath'" # this should point to where your accounts should be located quotamountpoint="'$quotamountpoint'" # mount point for quota configuration acchost="'$acchost'" # the dns name where your sever is reachable sftpgroup="'$sftpgroup'" # system group trackrequester="1" # switch to 0 if you do not want to track the account requester logging="1" # set this to 0 if you do not want any logging mailnotification="0" # set this to 0 if you do not want any mail notifications (not yet implemented) ' > /etc/ftpsftp/ftpsftp.conf ## cloning master of ftpsftp git repo echo "info: cloning files from git repository to /opt/ftpsftp" cd /opt git clone $giturl ## set symlink for script in /usr/local/bin echo "info: creating symlink for script in /usr/local/bin" cd /usr/local/bin ln -s /opt/ftpsftp/ftpsftp.sh ftpsftp ## configure quota echo "info: configuring quota in fstab for $quotamountpoint" storageopt=$(cat /etc/fstab | grep $quotamountpoint | awk '{print $4}') sed -i 's/'$storageopt'/'$storageopt',usrquota/' /etc/fstab umount $quotamountpoint mount -a /etc/init.d/quota restart ## configure vsftp cp /etc/vsftpd.conf /etc/vsftpd.conf_orig #sed -i 's/#listen_ipv6=YES/listen_ipv6=YES/' /etc/vsftpd.conf sed -i 's/#write_enable=YES/write_enable=YES/' /etc/vsftpd.conf sed -i 's/#local_umask=022/local_umask=0007\nfile_open_mode=0770/' /etc/vsftpd.conf sed -i 's/#chroot_local_user=YES/chroot_local_user=YES/' /etc/vsftpd.conf sed -i 's/#chroot_list_enable=YES/chroot_list_enable=YES/' /etc/vsftpd.conf sed -i 's/#chroot_list_file=\/etc\/vsftpd.chroot_list/chroot_list_file=\/etc\/vsftpd.chroot_list/' /etc/vsftpd.conf sed -i 's/#ftpd_banner=Welcome to blah FTP service./ftpd_banner=Welcome to '$acchost'./' /etc/vsftpd.conf echo " ## added by ftpsftp userlist_enable=YES userlist_deny=NO userlist_file=/etc/vsftpd.user_list " >> /etc/vsftpd.conf /etc/init.d/vsftpd restart ## configure sshd echo "info: configuring ssh server" addgroup $sftpgroup cp /etc/ssh/sshd_config /etc/ssh/sshd_config_orig sed -i 's/Subsystem sftp \/usr\/lib\/openssh\/sftp-server/Subsystem sftp internal-sftp/' /etc/ssh/sshd_config echo " ##### ssh configuration done by ftpsftp ############ AllowGroups admin $sftpgroup Match group sftpusers ChrootDirectory $accpath/sftp_accounts/%u X11Forwarding no AllowTcpForwarding no ForceCommand internal-sftp #################################################### " >> /etc/ssh/sshd_config /etc/init.d/ssh restart ## adding shells echo " /bin/false /usr/lib/sftp-server " >> /etc/shells echo "you can now delete this script." echo "all you need is in /opt/ftpsftp, /etc/ftpsftp and /var/log/ftpsftp." echo 'everything is set to create your first user. try "ftpsftp -a "' } ##### ftpsftp update ##### update() { ## am i root? amiroot cd /opt/ftpsftp git pull origin master } ##### user creation ##### add() { ## am i root? amiroot ## set accname accname=$1 ## check if installed ## reading configfile source /etc/ftpsftp/ftpsftp.conf ## choose ftp or sftp echo "specify account type [sftp|ftp]" read acctype if [ $acctype = "sftp" ]; then : else if [ $acctype = "ftp" ]; then : else echo "i'm sorry, i need to break this up right now." echo "it seams you can not understand some simple instructions." exit 1 fi fi ## quota ablocks=$(df | grep $quotamountpoint | awk '{print $2}') gblocks=$(repquota $quotamountpoint | grep 000 | awk '{print $4}') set -- $gblocks quotacount=0 for var in "$@" do quotacount=$(($quotacount+$var)) done gblocks=$quotacount fblocks=$(($ablocks-$gblocks)) fsize=${fblocks:0:$((${#fblocks}-3))} needaccquota="yes" while [ $needaccquota = "yes" ]; do echo "please specify how much diskspace this account should provide. (in megabytes)" echo "maximum: $fsize" read accquota if [ -z "$accquota" ]; then echo "this field is mandatory." else if [ $accquota -lt $fsize ]; then needaccquota="notanymore" else echo "specified size too big or not a number. try again." fi fi done ## requester while [ $trackrequester = "1" ]; do echo "who orderd this account? (i'm tracking this for a greater good.)" read accrequester if [ -z "$accrequester" ]; then echo "this field is mandatory." else trackrequester="notanymore" fi done ## set $accport if [ $acctype = "sftp" ]; then accport="22" else accport="21" fi ## get timestamp acctimestamp=$(date '+%d.%m.%Y %H:%M') ## gen password (accpass) accpass=$(pwgen -snc 10 1) echo $accpass > pass.txt accencpass=$(makepasswd --clearfrom=pass.txt --crypt-md5 | awk '{print $2}') rm pass.txt ## create home, set its permissions and add the user to sftp/ftpgroup if [ $acctype = "sftp" ]; then mkdir -p $accpath/$acctype"_accounts"/$accname/data # create the actual user (sftp) useradd -d /data -M -U -s /usr/lib/sftp-server -p $accencpass $accname chown -R $accname\: $accpath/$acctype"_accounts"/$accname/data usermod -G $sftpgroup $accname else mkdir -p $accpath/$acctype"_accounts"/$accname # create the actual user (ftp) useradd -d $accpath/$acctype"_accounts"/$accname -M -U -s /bin/false -p $accencpass $accname chown -R $accname\: $accpath/$acctype"_accounts"/$accname echo $accname >> /etc/vsftpd.user_list fi ## configure quota accquota=$((accquota/1000*1024)) setquota --all -u $accname $accquota"000" $accquota"000" 0 0 ## trigger log logging ## account data output echo echo "account data" echo echo "host:" $acchost echo "port:" $accport echo "username:" $accname echo "password:" $accpass echo "quota:" $accquota"mb" echo "directory:" $accpath/$acctype"_accounts"/$accname echo "requester:" $accrequester echo } ##### user deletion ##### delete() { ## am i root? amiroot accname=$1 echo "feature not yet implemented" } ##### password reset ##### reset() { ## am i root? amiroot accname=$1 echo "feature not yet implemented" } resetquota() { accname=$1 ## reading configfile source /etc/ftpsftp/ftpsftp.conf ## quota calc ablocks=$(df | grep $quotamountpoint | awk '{print $2}') gblocks=$(repquota $quotamountpoint | grep 000 | awk '{print $4}') set -- $gblocks quotacount=0 for var in "$@" do quotacount=$(($quotacount+$var)) done gblocks=$quotacount fblocks=$(($ablocks-$gblocks)) fsize=${fblocks:0:$((${#fblocks}-3))} needaccquota="yes" while [ $needaccquota = "yes" ]; do echo "please specify how much diskspace this account should provide. (in megabytes)" echo "maximum: $fsize" read accquota if [ -z "$accquota" ]; then echo "this field is mandatory." else if [ $accquota -lt $fsize ]; then needaccquota="notanymore" else echo "specified size too big or not a number. try again." fi fi done ## set quota accquota=$((accquota/1000*1024)) setquota --all -u $accname $accquota"000" $accquota"000" 0 0 } ##### logging ##### logging() { if [ $logging = 1 ]; then echo $acctype $accname $accpass $accquota $accrequester $acctimestamp >> /var/log/ftpsftp/accounts.log fi } ##### mail notification ##### #mailnotification() #{ # #if [ $maillog = 1 ]; then # echo "mail notification is not yet implemented" #fi # #} ##### processing options ##### while getopts "h,i,a:,d:,r:,q:,u,v" OPTION; do case $OPTION in h) usage exit 0 ;; i) installation exit 0 ;; a) name=$OPTARG run="yes" while [ $run = "yes" ]; do add $name echo "do you want to create another user? (yes/no)" read run if [[ $run = "yes" ]] || [[ $run = "y" ]]; then echo "specify account name" read name run="yes" fi done exit 0 ;; d) rmuser=$OPTARG delete $rmuser exit 0 ;; r) rpuser=$OPTARG reset $rpuser exit 0 ;; q) squser=$OPTARG resetquota $squser exit 0 ;; u) update exit 0 ;; v) version exit 0 ;; ?) usage exit 1 ;; esac done ## print usage message if no option is given if [ -z $1 ]; then usage exit 1 fi ## end of script exit 0