208 lines
6.1 KiB
Bash
208 lines
6.1 KiB
Bash
|
#!/bin/bash
|
||
|
|
||
|
|
||
|
#################################################
|
||
|
## ##
|
||
|
## FTPsFTP ##
|
||
|
## installation script ##
|
||
|
## ##
|
||
|
#################################################
|
||
|
|
||
|
|
||
|
# **** ftpsftp installation routine ****
|
||
|
|
||
|
# **** configuration section ****
|
||
|
giturl="http://git.gitorious.org/aec/ftpsftp.git"
|
||
|
acclogfile="/var/log/ftpsftp_accounts.log" #changed
|
||
|
logfile="/var/log/ftpsftp.log" #new
|
||
|
configfile="/etc/ftpsftp.conf" #changed
|
||
|
reporoot="/opt" #new
|
||
|
|
||
|
|
||
|
# **** am i root? ****
|
||
|
if [ "$(whoami)" != "root" ]; then
|
||
|
echo
|
||
|
echo "$USER, in order to do this you need to gain root privileges."
|
||
|
echo
|
||
|
exit 1;
|
||
|
fi
|
||
|
|
||
|
|
||
|
# **** uninstall ****
|
||
|
if [ -z $1 ]; then
|
||
|
:
|
||
|
elif [ $1 = "--uninstall" ]; then
|
||
|
# **** removing files ****
|
||
|
rm -r $reporoot/ftpsftp
|
||
|
rm $logfile
|
||
|
rm $acclogfile
|
||
|
rm $configfile
|
||
|
rm /etc/vsftpd.chroot_list
|
||
|
rm /usr/local/bin/ftpsftp
|
||
|
rm /etc/fstab
|
||
|
mv /etc/fstab_orig /etc/fstab
|
||
|
rm cp /etc/vsftpd.conf
|
||
|
mv /etc/vsftpd.conf_orig /etc/vsftpd.conf
|
||
|
rm /etc/vsftpd.group_list
|
||
|
rm cp /etc/pam.d/vsftpd
|
||
|
mv /etc/pam.d/vsftpd_orig /etc/pam.d/vsftpd
|
||
|
rm /etc/ssh/sshd_config
|
||
|
mv /etc/ssh/sshd_config_orig /etc/ssh/sshd_config
|
||
|
rm /etc/shells
|
||
|
mv /etc/shells_orig /etc/shells
|
||
|
|
||
|
# **** removing groups ****
|
||
|
#delgroup $sftpgroup
|
||
|
#delgroup $ftpgroup
|
||
|
echo "info: everything except the system groups and the packages installed with apt successfully removed"
|
||
|
fi
|
||
|
|
||
|
|
||
|
# **** installing dependencies ****
|
||
|
echo "info: trying to install dependencies via apt"
|
||
|
apt-get update
|
||
|
apt-get install -y vsftpd ssh quota quotatool makepasswd pwgen git-core vim
|
||
|
|
||
|
|
||
|
# **** reading configuration from user ****
|
||
|
echo "specify under which path the account home dirs should be stored (no tailing slash)"
|
||
|
read accpath
|
||
|
|
||
|
echo "specify the mointpoint of the device where your accounts are stored (needed for quota config)"
|
||
|
read quotamountpoint
|
||
|
|
||
|
echo "specify the fqdn of your host"
|
||
|
read acchost
|
||
|
|
||
|
echo "specify a system group for your sftp users [default: sftpusers]"
|
||
|
read sftpgroup
|
||
|
if [ -z $sftpgroup ]; then
|
||
|
sftpgroup="sftpusers"
|
||
|
fi
|
||
|
|
||
|
echo "specify a system group for your ftp users [default: ftpusers]"
|
||
|
read ftpgroup
|
||
|
if [ -z $ftpgroup ]; then
|
||
|
ftpgroup="ftpusers"
|
||
|
fi
|
||
|
|
||
|
|
||
|
# **** creating needed directorys ****
|
||
|
# just in case, they should be already there
|
||
|
echo "info: creating directorys"
|
||
|
mkdir -p /var/log
|
||
|
mkdir -p $reporoot
|
||
|
|
||
|
|
||
|
# **** creating configfiles and logfiles ****
|
||
|
echo "info: creating configuration and log files"
|
||
|
|
||
|
# creating chroot_list
|
||
|
echo "$USER" > /etc/vsftpd.chroot_list
|
||
|
|
||
|
# creating log files
|
||
|
echo "type name pass quota reguester timestamp" > $acclogfile
|
||
|
touch $logfile
|
||
|
|
||
|
# create ftpsftp configuration file (default: /etc/ftpsftp/ftpsftp.conf)
|
||
|
echo '## ftpsftp configuration file ##
|
||
|
|
||
|
accpath="'$accpath'" # this should point to where your accounts should be located
|
||
|
quotamountpoint="'$quotamountpoint'" # mount point for quota configuration
|
||
|
acchost="'$acchost'" # the dns name where your sever is reachable
|
||
|
sftpgroup="'$sftpgroup'" # system group
|
||
|
ftpgroup="'$ftpgroup'" # system group
|
||
|
trackrequester="1" # switch to 0 if you do not want to track the account requester
|
||
|
logging="1" # set this to 0 if you do not want any logging
|
||
|
|
||
|
' > $configfile
|
||
|
|
||
|
|
||
|
# **** cloning master branch of ftpsftp git repo ****
|
||
|
echo "info: cloning files from git repository to /opt/ftpsftp"
|
||
|
cd $reporoot
|
||
|
git clone $giturl
|
||
|
|
||
|
|
||
|
# **** set symlink for script in /usr/local/bin ****
|
||
|
echo "info: creating symlink for script in /usr/local/bin"
|
||
|
cd /usr/local/bin
|
||
|
ln -s $reporoot/ftpsftp/ftpsftp.sh ftpsftp
|
||
|
|
||
|
|
||
|
# **** configure quota ****
|
||
|
echo "info: configuring quota in fstab for $quotamountpoint"
|
||
|
cp /etc/fstab /etc/fstab_orig
|
||
|
cat /etc/fstab | grep -v $quotamountpoint > /etc/~fstab
|
||
|
storageopt=$(cat /etc/fstab | grep $quotamountpoint | awk '{print $4}')
|
||
|
sed -i 's/'$storageopt'/'$storageopt',usrquota/' /etc/fstab
|
||
|
cat /etc/fstab | grep $quotamountpoint >> /etc/~fstab
|
||
|
rm /etc/fstab && mv /etc/~fstab /etc/fstab
|
||
|
umount $quotamountpoint
|
||
|
mount -a
|
||
|
/etc/init.d/quota restart
|
||
|
|
||
|
|
||
|
# **** configure vsftp ****
|
||
|
cp /etc/vsftpd.conf /etc/vsftpd.conf_orig
|
||
|
#sed -i 's/#listen_ipv6=YES/listen_ipv6=YES/' /etc/vsftpd.conf
|
||
|
sed -i 's/#write_enable=YES/write_enable=YES/' /etc/vsftpd.conf
|
||
|
sed -i 's/#local_umask=022/local_umask=0007\nfile_open_mode=0770/' /etc/vsftpd.conf
|
||
|
sed -i 's/#chroot_local_user=YES/chroot_local_user=YES/' /etc/vsftpd.conf
|
||
|
sed -i 's/#chroot_list_enable=YES/chroot_list_enable=YES/' /etc/vsftpd.conf
|
||
|
sed -i 's/#chroot_list_file=\/etc\/vsftpd.chroot_list/chroot_list_file=\/etc\/vsftpd.chroot_list/' /etc/vsftpd.conf
|
||
|
sed -i 's/#ftpd_banner=Welcome to blah FTP service./ftpd_banner=Welcome to '$acchost'./' /etc/vsftpd.conf
|
||
|
|
||
|
|
||
|
# creating vsftpd.group_list (used by pam)
|
||
|
addgroup $ftpgroup
|
||
|
echo "
|
||
|
$ftpgroup
|
||
|
admin
|
||
|
" > /etc/vsftpd.group_list
|
||
|
|
||
|
# adding group list to pam.d
|
||
|
cp /etc/pam.d/vsftpd /etc/pam.d/vsftpd_orig
|
||
|
sed '2 a auth required pam_listfile.so item=group sense=allow file=/etc/vsftpd.group_list onerr=fail' /etc/pam.d/vsftpd > /etc/pam.d/vsftpd_new
|
||
|
rm /etc/pam.d/vsftpd && mv /etc/pam.d/vsftpd_new /etc/pam.d/vsftpd
|
||
|
|
||
|
# restarting ftp service
|
||
|
/etc/init.d/vsftpd restart
|
||
|
|
||
|
|
||
|
# **** configure sshd ****
|
||
|
echo "info: configuring ssh server"
|
||
|
addgroup $sftpgroup
|
||
|
cp /etc/ssh/sshd_config /etc/ssh/sshd_config_orig
|
||
|
sed -i 's/Subsystem sftp \/usr\/lib\/openssh\/sftp-server/Subsystem sftp internal-sftp/' /etc/ssh/sshd_config
|
||
|
|
||
|
echo "
|
||
|
|
||
|
##### ssh configuration done by ftpsftp ############
|
||
|
AllowGroups admin $sftpgroup
|
||
|
|
||
|
Match group sftpusers
|
||
|
ChrootDirectory $accpath/sftp_accounts/%u
|
||
|
X11Forwarding no
|
||
|
AllowTcpForwarding no
|
||
|
ForceCommand internal-sftp
|
||
|
|
||
|
" >> /etc/ssh/sshd_config
|
||
|
|
||
|
/etc/init.d/ssh restart
|
||
|
|
||
|
## adding shells
|
||
|
cp /etc/shells /etc/shells_orig
|
||
|
echo "
|
||
|
/bin/false
|
||
|
/usr/lib/sftp-server
|
||
|
" >> /etc/shells
|
||
|
|
||
|
|
||
|
echo "you can now delete this script."
|
||
|
echo "all you need is in $reporoot/ftpsftp, $configfile, $acclogfile and $logfile"
|
||
|
echo 'everything should be set to create your first user. try "ftpsftp -a <username>"'
|
||
|
echo
|
||
|
|
||
|
exit 0
|