added old ftpsftp scripts
This commit is contained in:
parent
eeab75b35b
commit
89500d6376
|
@ -0,0 +1,33 @@
|
|||
attention: the install procedure is broke at the moment..
|
||||
|
||||
## why are some variables defined in the configfile and some directly in the script?
|
||||
the vars in the configfile are specific to your installation and can or should be changed. everything defined directly in the script should remain the same for every installation.
|
||||
|
||||
## features wanted
|
||||
|
||||
info option (or some sort of stats)
|
||||
|
||||
-- ftp user count
|
||||
-- sftp user count
|
||||
-- used disk space
|
||||
-- used disk space by user
|
||||
-- free disk space
|
||||
-- free quota
|
||||
-- quotamountpoint
|
||||
|
||||
|
||||
|
||||
## functions
|
||||
quotacalc ... gives back the free megabytes on the storage
|
||||
quotaconf ... sets the quota for existing user
|
||||
isuserthere ... checks if user exists or asks to create it
|
||||
amiroot ... checks if there are root privileges (ends scripts if not)
|
||||
update ... pulls updates from ftpsftp git repository
|
||||
version ... prints version information
|
||||
usage ... prints usage message
|
||||
add ... adding a new user
|
||||
delete ... delete an existing user
|
||||
|
||||
|
||||
|
||||
contact me if you have any questions: david@socialnerds.org
|
|
@ -0,0 +1,173 @@
|
|||
#!/bin/bash
|
||||
|
||||
############################################
|
||||
## ##
|
||||
## FTP/sFTP Account Creation Script ##
|
||||
## v0.2 ##
|
||||
## Author: david@socialnerds.org ##
|
||||
## ##
|
||||
############################################
|
||||
|
||||
## script configuration section ##
|
||||
accpath="/media/storage"
|
||||
acchost="some.domain.org" # the dns name where your sever is reachable
|
||||
sftpgroup="sftpusers" # this group must exist
|
||||
trackrequester="yes" # switch to "no" if you do not want to track the requester
|
||||
logging=1 # set this to 0 if you don't want any logging
|
||||
logpath="/media/storage/logs" # there you want to create your logfile
|
||||
logfile="accounts.log" # choose the logfile name here
|
||||
jabberlog=1 # set this to 0 if you don't want jabber notifications
|
||||
## following ist not necessary if jabberlog=0
|
||||
jabberwatchdogs="admin@somedomain.org admin@someotherdomain.org"
|
||||
jabberuser="jabber-account"
|
||||
jabberserver="jabber-server"
|
||||
jabberpass="jabber-account-password"
|
||||
|
||||
|
||||
## am i root? ##
|
||||
if [ "$(whoami)" != "root" ]; then
|
||||
echo "only root can do this"
|
||||
exit 1;
|
||||
fi
|
||||
|
||||
|
||||
## check for dependencys ##
|
||||
# not yet implemented (sendxmpp, ssh, vsftpd, ..)
|
||||
|
||||
|
||||
#clear
|
||||
echo "" # just an empty line
|
||||
echo "Welcome to the FTP/sFTP Account Creation Script (v0.2)"
|
||||
## choose ftp or sftp
|
||||
echo ""
|
||||
echo "Which type of account you want to create? [sftp|ftp]"
|
||||
read acctype
|
||||
|
||||
if [ $acctype = "sftp" ]; then
|
||||
echo ""
|
||||
else
|
||||
if [ $acctype = "ftp" ]; then
|
||||
echo ""
|
||||
else
|
||||
#clear
|
||||
echo "I'm sorry, i need to break this up right now."
|
||||
echo "It seams you can't understand some simple instructions.."
|
||||
exit 1;
|
||||
fi
|
||||
fi
|
||||
|
||||
|
||||
if [ -z $1 ]; then
|
||||
needaccname="yes"
|
||||
while [ $needaccname = "yes" ]; do
|
||||
echo ""
|
||||
echo "Enter Accountname:"
|
||||
read accname
|
||||
if [ -z $accname ]; then
|
||||
echo "This field is mandatory."
|
||||
else
|
||||
needaccname="notanymore"
|
||||
fi
|
||||
done
|
||||
else
|
||||
accname=$1
|
||||
fi
|
||||
|
||||
|
||||
## quota
|
||||
accquota="quota not yet implemented"
|
||||
|
||||
|
||||
## requester
|
||||
while [ $trackrequester = "yes" ]; do
|
||||
echo ""
|
||||
echo "Who orderd this account? (I'm tracking this for a greater good.)"
|
||||
read accrequester
|
||||
if [ -z "$accrequester" ]; then
|
||||
echo "This field is mandatory."
|
||||
else
|
||||
trackrequester="notanymore"
|
||||
fi
|
||||
done
|
||||
|
||||
## set $accport
|
||||
if [ $acctype = "sftp" ]; then
|
||||
accport="22"
|
||||
else
|
||||
accport="21"
|
||||
fi
|
||||
|
||||
|
||||
## get timestamp
|
||||
acctimestamp=$(date '+%dr%B %Y %H:%M')
|
||||
|
||||
|
||||
## gen password (acpass)
|
||||
accpass=$(pwgen -snc 10 1)
|
||||
echo $accpass > pass.txt
|
||||
accencpass=$(makepasswd --clearfrom=pass.txt --crypt-md5 |awk '{print $2}')
|
||||
rm pass.txt
|
||||
|
||||
## create home, set its permissions and add the user to sftp/ftpgroup
|
||||
if [ $acctype = "sftp" ]; then
|
||||
mkdir -p $accpath/$acctype"_accounts"/$accname/data
|
||||
# create the actual user (sftp)
|
||||
useradd -d /data -M -U -s /usr/lib/sftp-server -p $accencpass $accname
|
||||
chown -R $accname\: $accpath/$acctype"_accounts"/$accname/data
|
||||
adduser $accname $sftpgroup
|
||||
else
|
||||
mkdir -p $accpath/$acctype"_accounts"/$accname
|
||||
# create the actual user (ftp)
|
||||
useradd -d $accpath/$acctype"_accounts"/$accname -M -U -s /bin/false -p $accencpass $accname
|
||||
chown -R $accname\: $accpath/$acctype"_accounts"/$accname
|
||||
echo $accname >> /etc/vsftpd.user_list
|
||||
fi
|
||||
|
||||
|
||||
## logging (log type, name, pass, quota, requester and timestamp)
|
||||
if [ $logging = 1 ]; then
|
||||
if [ -e $logpath/$logfile ]; then
|
||||
cd $logpath
|
||||
echo $acctype $accname $accpass $accquota $accrequester $acctimestamp >> $logfile
|
||||
else
|
||||
mkdir -p $logpath
|
||||
cd $logpath
|
||||
touch $logfile
|
||||
echo "type name pass quota reguester timestamp" >> $logfile
|
||||
echo $acctype $accname $accpass $accquota $accrequester $acctimestamp >> $logfile
|
||||
fi
|
||||
else
|
||||
echo ""
|
||||
fi
|
||||
|
||||
|
||||
## jabber notification
|
||||
if [ $jabberlog = 1 ]; then
|
||||
echo "
|
||||
This is your FTP/sFTP Server,
|
||||
a "$acctype" account was just created.
|
||||
Accountname:" $accname "
|
||||
Quota:" $accquota "
|
||||
Requester:" $accrequester | sendxmpp -r ftpcreation -u $jabberuser -j $jabberserver -p $jabberpass $jabberwatchdogs
|
||||
else
|
||||
echo ""
|
||||
fi
|
||||
|
||||
|
||||
## account data output
|
||||
#clear
|
||||
echo ""
|
||||
echo "Account data"
|
||||
echo ""
|
||||
echo "Host:" $acchost
|
||||
echo "Port:" $accport
|
||||
echo "Username:" $accname
|
||||
echo "Password:" $accpass
|
||||
echo "Quota:" $accquota
|
||||
echo "Directory:" $accpath/$acctype"_accounts"/$accname
|
||||
echo "Requester:" $accrequester
|
||||
echo ""
|
||||
echo "Everything is done"
|
||||
|
||||
exit 0
|
||||
|
|
@ -0,0 +1,215 @@
|
|||
#!/bin/bash
|
||||
|
||||
############################################
|
||||
## ##
|
||||
## FTP/sFTP Account Creation Script ##
|
||||
## v0.3 ##
|
||||
## Author: david@socialnerds.org ##
|
||||
## ##
|
||||
############################################
|
||||
|
||||
## script configuration section ##
|
||||
accpath="/srv/storage"
|
||||
quotamountpoint="/srv/storage"
|
||||
acchost="some.domain.org" # the dns name where your sever is reachable
|
||||
sftpgroup="sftpusers" # this group must exist
|
||||
trackrequester="yes" # switch to "no" if you do not want to track the requester
|
||||
logging=1 # set this to 0 if you don't want any logging
|
||||
logpath="/media/storage/logs" # there you want to create your logfile
|
||||
logfile="accounts.log" # choose the logfile name here
|
||||
jabberlog=0 # set this to 0 if you don't want jabber notifications
|
||||
maillog=0
|
||||
|
||||
## following ist not necessary if jabberlog=0
|
||||
jabberwatchdogs="admin@somedomain.org admin@someotherdomain.org"
|
||||
jabberuser="jabber-account"
|
||||
jabberserver="jabber-server"
|
||||
jabberpass="jabber-account-password"
|
||||
|
||||
## do not touch
|
||||
version="v0.3"
|
||||
|
||||
## am i root? ##
|
||||
if [ "$(whoami)" != "root" ]; then
|
||||
echo "only root can do this"
|
||||
exit 1;
|
||||
fi
|
||||
|
||||
|
||||
## check for dependencys ##
|
||||
# not yet implemented (sendxmpp, ssh, vsftpd, ..)
|
||||
|
||||
|
||||
#clear
|
||||
echo "" # just an empty line
|
||||
echo "Welcome to the FTP/sFTP Account Creation Script ($version)"
|
||||
## choose ftp or sftp
|
||||
echo ""
|
||||
echo "Which type of account you want to create? [sftp|ftp]"
|
||||
read acctype
|
||||
|
||||
if [ $acctype = "sftp" ]; then
|
||||
:
|
||||
else
|
||||
if [ $acctype = "ftp" ]; then
|
||||
:
|
||||
else
|
||||
#clear
|
||||
echo "I'm sorry, i need to break this up right now."
|
||||
echo "It seams you can't understand some simple instructions.."
|
||||
exit 1;
|
||||
fi
|
||||
fi
|
||||
|
||||
|
||||
if [ -z $1 ]; then
|
||||
needaccname="yes"
|
||||
while [ $needaccname = "yes" ]; do
|
||||
echo ""
|
||||
echo "Enter Accountname:"
|
||||
read accname
|
||||
if [ -z $accname ]; then
|
||||
echo "This field is mandatory."
|
||||
else
|
||||
needaccname="notanymore"
|
||||
fi
|
||||
done
|
||||
else
|
||||
accname=$1
|
||||
fi
|
||||
|
||||
|
||||
## quota
|
||||
ablocks=$(df | grep $quotamountpoint | awk '{print $2}')
|
||||
gblocks=$(repquota $quotamountpoint | grep 000 | awk '{print $4}')
|
||||
set -- $gblocks
|
||||
quotacount=0
|
||||
for var in "$@"
|
||||
do
|
||||
quotacount=$(($quotacount+$var))
|
||||
|
||||
done
|
||||
|
||||
gblocks=$quotacount
|
||||
fblocks=$(($ablocks-$gblocks))
|
||||
fsize=${fblocks:0:$((${#fblocks}-3))}
|
||||
|
||||
|
||||
needaccquota="yes"
|
||||
while [ $needaccquota = "yes" ]; do
|
||||
echo ""
|
||||
echo "Please specify how much diskspace this account should provide. (in Megabytes)"
|
||||
echo "Maximum: $fsize"
|
||||
read accquota
|
||||
if [ -z "$accquota" ]; then
|
||||
echo "This field is mandatory."
|
||||
else
|
||||
if [ $accquota -lt $fsize ]; then
|
||||
needaccquota="notanymore"
|
||||
else
|
||||
echo ""
|
||||
echo "Specified size too big or not a number. Try again."
|
||||
fi
|
||||
fi
|
||||
done
|
||||
|
||||
|
||||
## requester
|
||||
while [ $trackrequester = "yes" ]; do
|
||||
echo ""
|
||||
echo "Who orderd this account? (I'm tracking this for a greater good.)"
|
||||
read accrequester
|
||||
if [ -z "$accrequester" ]; then
|
||||
echo "This field is mandatory."
|
||||
else
|
||||
trackrequester="notanymore"
|
||||
fi
|
||||
done
|
||||
|
||||
## set $accport
|
||||
if [ $acctype = "sftp" ]; then
|
||||
accport="22"
|
||||
else
|
||||
accport="21"
|
||||
fi
|
||||
|
||||
|
||||
## get timestamp
|
||||
acctimestamp=$(date '+%d.%m.%Y %H:%M')
|
||||
|
||||
|
||||
## gen password (acpass)
|
||||
accpass=$(pwgen -snc 10 1)
|
||||
echo $accpass > pass.txt
|
||||
accencpass=$(makepasswd --clearfrom=pass.txt --crypt-md5 |awk '{print $2}')
|
||||
rm pass.txt
|
||||
|
||||
## create home, set its permissions and add the user to sftp/ftpgroup
|
||||
if [ $acctype = "sftp" ]; then
|
||||
mkdir -p $accpath/$acctype"_accounts"/$accname/data
|
||||
# create the actual user (sftp)
|
||||
useradd -d /data -M -U -s /usr/lib/sftp-server -p $accencpass $accname
|
||||
chown -R $accname\: $accpath/$acctype"_accounts"/$accname/data
|
||||
usermod -G $sftpgroup $accname
|
||||
else
|
||||
mkdir -p $accpath/$acctype"_accounts"/$accname
|
||||
# create the actual user (ftp)
|
||||
useradd -d $accpath/$acctype"_accounts"/$accname -M -U -s /bin/false -p $accencpass $accname
|
||||
chown -R $accname\: $accpath/$acctype"_accounts"/$accname
|
||||
echo $accname >> /etc/vsftpd.user_list
|
||||
fi
|
||||
|
||||
## configure quota
|
||||
setquota --all -u $accname $accquota"000" $accquota"000" 0 0
|
||||
|
||||
|
||||
## logging (log type, name, pass, quota, requester and timestamp)
|
||||
if [ $logging = 1 ]; then
|
||||
if [ -e $logpath/$logfile ]; then
|
||||
cd $logpath
|
||||
echo $acctype $accname $accpass $accquota $accrequester $acctimestamp >> $logfile
|
||||
else
|
||||
mkdir -p $logpath
|
||||
cd $logpath
|
||||
touch $logfile
|
||||
echo "type name pass quota reguester timestamp" >> $logfile
|
||||
echo $acctype $accname $accpass $accquota $accrequester $acctimestamp >> $logfile
|
||||
fi
|
||||
else
|
||||
echo ""
|
||||
fi
|
||||
|
||||
|
||||
## jabber notification
|
||||
if [ $jabberlog = 1 ]; then
|
||||
echo "
|
||||
This is your FTP/sFTP Server,
|
||||
a "$acctype" account was just created.
|
||||
Accountname:" $accname "
|
||||
Quota:" $accquota"MB" "
|
||||
Requester:" $accrequester | sendxmpp -r ftpcreation -u $jabberuser -j $jabberserver -p $jabberpass $jabberwatchdogs
|
||||
fi
|
||||
|
||||
## mail notification
|
||||
if [ $maillog = 1 ]; then
|
||||
echo "mail notification is not yet implemented"
|
||||
fi
|
||||
|
||||
|
||||
## account data output
|
||||
#clear
|
||||
echo ""
|
||||
echo "Account data"
|
||||
echo ""
|
||||
echo "Host:" $acchost
|
||||
echo "Port:" $accport
|
||||
echo "Username:" $accname
|
||||
echo "Password:" $accpass
|
||||
echo "Quota:" $accquota"MB"
|
||||
echo "Directory:" $accpath/$acctype"_accounts"/$accname
|
||||
echo "Requester:" $accrequester
|
||||
echo ""
|
||||
echo "Everything is done"
|
||||
|
||||
exit 0
|
||||
|
|
@ -0,0 +1,510 @@
|
|||
#!/bin/bash
|
||||
|
||||
#################################################
|
||||
## ##
|
||||
## FTPsFTP ##
|
||||
## standalone ftp/sftp server solution ##
|
||||
## ##
|
||||
#################################################
|
||||
|
||||
|
||||
|
||||
# **** do not touch as long as you are not me ****
|
||||
version="v0.4.1b"
|
||||
author="david@socialnerds.org"
|
||||
giturl="http://git.gitorious.org/aec/ftpsftp.git"
|
||||
|
||||
|
||||
# **** usage message ****
|
||||
usage()
|
||||
{
|
||||
cat << EOF
|
||||
usage: ftpsftp options
|
||||
|
||||
OPTIONS:
|
||||
-h show this message
|
||||
-i install ftpsftp on this ubuntu box
|
||||
-a <username> add a user
|
||||
-d <username> delete a user (not yet implemented)
|
||||
-r <username> reset password for user (not yet implemented)
|
||||
-q <username> (re)set the quota for user ****new feature****
|
||||
-u update ftpsftp (pull from git)
|
||||
-v version information
|
||||
|
||||
EOF
|
||||
}
|
||||
|
||||
|
||||
# **** version message ****
|
||||
version()
|
||||
{
|
||||
echo
|
||||
echo "FTPsFTP - standalone ftp/sftp server solution"
|
||||
echo
|
||||
echo "vesion: $version"
|
||||
echo "author: $author"
|
||||
echo
|
||||
}
|
||||
|
||||
|
||||
# **** am i root? ****
|
||||
amiroot()
|
||||
{
|
||||
if [ "$(whoami)" != "root" ]; then
|
||||
echo
|
||||
echo "sorry $USER, you need to gain root privileges to do this."
|
||||
echo
|
||||
exit 1;
|
||||
fi
|
||||
}
|
||||
|
||||
|
||||
|
||||
# **** installation routine ****
|
||||
installation()
|
||||
{
|
||||
|
||||
## am i root?
|
||||
amiroot
|
||||
|
||||
|
||||
## installing dependencies
|
||||
echo "info: trying to install dependencies via apt"
|
||||
apt-get update
|
||||
apt-get install -y vsftpd ssh quota quotatool makepasswd pwgen git-core vim
|
||||
|
||||
|
||||
## reading configuration from user (stdin)
|
||||
echo "specify under which path the account home dirs should be stored (no tailing slash)"
|
||||
read accpath
|
||||
echo "specify the mointpoint of the device where your accounts are stored (needed for quota config)"
|
||||
read quotamountpoint
|
||||
echo "specify the fqdn of your host"
|
||||
read acchost
|
||||
echo "specify a system group for your sftp users [default: sftpusers]"
|
||||
read sftpgroup
|
||||
if [ -z $sftpgroup ]; then
|
||||
sftpgroup="sftpusers"
|
||||
fi
|
||||
|
||||
|
||||
## creating needed directorys
|
||||
echo "info: creating directorys"
|
||||
mkdir -p /etc/ftpsftp
|
||||
mkdir -p /var/log/ftpsftp
|
||||
mkdir -p /opt
|
||||
|
||||
|
||||
## creating configfiles and logfiles
|
||||
echo "info: creating configuration and log files"
|
||||
echo "$USER" > /etc/vsftpd.chroot_list
|
||||
touch /etc/vsftpd.user_list
|
||||
echo "type name pass quota reguester timestamp" > /var/log/ftpsftp/accounts.log
|
||||
#touch /var/log/ftpsftp/system.log #not yet in use
|
||||
echo '## ftpsftp configuration file ##
|
||||
|
||||
accpath="'$accpath'" # this should point to where your accounts should be located
|
||||
quotamountpoint="'$quotamountpoint'" # mount point for quota configuration
|
||||
acchost="'$acchost'" # the dns name where your sever is reachable
|
||||
sftpgroup="'$sftpgroup'" # system group
|
||||
trackrequester="1" # switch to 0 if you do not want to track the account requester
|
||||
logging="1" # set this to 0 if you do not want any logging
|
||||
mailnotification="0" # set this to 0 if you do not want any mail notifications (not yet implemented)
|
||||
|
||||
' > /etc/ftpsftp/ftpsftp.conf
|
||||
|
||||
|
||||
## cloning master of ftpsftp git repo
|
||||
echo "info: cloning files from git repository to /opt/ftpsftp"
|
||||
cd /opt
|
||||
git clone $giturl
|
||||
|
||||
|
||||
## set symlink for script in /usr/local/bin
|
||||
echo "info: creating symlink for script in /usr/local/bin"
|
||||
cd /usr/local/bin
|
||||
ln -s /opt/ftpsftp/ftpsftp.sh ftpsftp
|
||||
|
||||
|
||||
## configure quota
|
||||
echo "info: configuring quota in fstab for $quotamountpoint"
|
||||
storageopt=$(cat /etc/fstab | grep $quotamountpoint | awk '{print $4}')
|
||||
sed -i 's/'$storageopt'/'$storageopt',usrquota/' /etc/fstab
|
||||
umount $quotamountpoint
|
||||
mount -a
|
||||
/etc/init.d/quota restart
|
||||
|
||||
|
||||
## configure vsftp
|
||||
cp /etc/vsftpd.conf /etc/vsftpd.conf_orig
|
||||
#sed -i 's/#listen_ipv6=YES/listen_ipv6=YES/' /etc/vsftpd.conf
|
||||
sed -i 's/#write_enable=YES/write_enable=YES/' /etc/vsftpd.conf
|
||||
sed -i 's/#local_umask=022/local_umask=0007\nfile_open_mode=0770/' /etc/vsftpd.conf
|
||||
sed -i 's/#chroot_local_user=YES/chroot_local_user=YES/' /etc/vsftpd.conf
|
||||
sed -i 's/#chroot_list_enable=YES/chroot_list_enable=YES/' /etc/vsftpd.conf
|
||||
sed -i 's/#chroot_list_file=\/etc\/vsftpd.chroot_list/chroot_list_file=\/etc\/vsftpd.chroot_list/' /etc/vsftpd.conf
|
||||
sed -i 's/#ftpd_banner=Welcome to blah FTP service./ftpd_banner=Welcome to '$acchost'./' /etc/vsftpd.conf
|
||||
|
||||
echo "
|
||||
## added by ftpsftp
|
||||
userlist_enable=YES
|
||||
userlist_deny=NO
|
||||
userlist_file=/etc/vsftpd.user_list
|
||||
" >> /etc/vsftpd.conf
|
||||
/etc/init.d/vsftpd restart
|
||||
|
||||
|
||||
## configure sshd
|
||||
echo "info: configuring ssh server"
|
||||
addgroup $sftpgroup
|
||||
cp /etc/ssh/sshd_config /etc/ssh/sshd_config_orig
|
||||
sed -i 's/Subsystem sftp \/usr\/lib\/openssh\/sftp-server/Subsystem sftp internal-sftp/' /etc/ssh/sshd_config
|
||||
|
||||
echo "
|
||||
|
||||
##### ssh configuration done by ftpsftp ############
|
||||
|
||||
AllowGroups admin $sftpgroup
|
||||
|
||||
Match group sftpusers
|
||||
ChrootDirectory $accpath/sftp_accounts/%u
|
||||
X11Forwarding no
|
||||
AllowTcpForwarding no
|
||||
ForceCommand internal-sftp
|
||||
|
||||
####################################################
|
||||
|
||||
" >> /etc/ssh/sshd_config
|
||||
|
||||
/etc/init.d/ssh restart
|
||||
|
||||
## adding shells
|
||||
echo "
|
||||
/bin/false
|
||||
/usr/lib/sftp-server
|
||||
" >> /etc/shells
|
||||
|
||||
|
||||
echo "you can now delete this script."
|
||||
echo "all you need is in /opt/ftpsftp, /etc/ftpsftp and /var/log/ftpsftp."
|
||||
echo 'everything is set to create your first user. try "ftpsftp -a <username>"'
|
||||
}
|
||||
|
||||
|
||||
|
||||
##### ftpsftp update #####
|
||||
update()
|
||||
{
|
||||
|
||||
## am i root?
|
||||
amiroot
|
||||
|
||||
cd /opt/ftpsftp
|
||||
git pull origin master
|
||||
|
||||
}
|
||||
|
||||
|
||||
|
||||
##### user creation #####
|
||||
add()
|
||||
{
|
||||
|
||||
## am i root?
|
||||
amiroot
|
||||
|
||||
|
||||
## set accname
|
||||
accname=$1
|
||||
|
||||
|
||||
## check if installed
|
||||
|
||||
|
||||
## reading configfile
|
||||
source /etc/ftpsftp/ftpsftp.conf
|
||||
|
||||
|
||||
## choose ftp or sftp
|
||||
echo "specify account type [sftp|ftp]"
|
||||
read acctype
|
||||
|
||||
if [ $acctype = "sftp" ]; then
|
||||
:
|
||||
else
|
||||
if [ $acctype = "ftp" ]; then
|
||||
:
|
||||
else
|
||||
echo "i'm sorry, i need to break this up right now."
|
||||
echo "it seams you can not understand some simple instructions."
|
||||
exit 1
|
||||
fi
|
||||
fi
|
||||
|
||||
|
||||
## quota
|
||||
ablocks=$(df | grep $quotamountpoint | awk '{print $2}')
|
||||
gblocks=$(repquota $quotamountpoint | grep 000 | awk '{print $4}')
|
||||
set -- $gblocks
|
||||
quotacount=0
|
||||
for var in "$@"
|
||||
do
|
||||
quotacount=$(($quotacount+$var))
|
||||
done
|
||||
|
||||
gblocks=$quotacount
|
||||
fblocks=$(($ablocks-$gblocks))
|
||||
fsize=${fblocks:0:$((${#fblocks}-3))}
|
||||
|
||||
needaccquota="yes"
|
||||
while [ $needaccquota = "yes" ]; do
|
||||
echo "please specify how much diskspace this account should provide. (in megabytes)"
|
||||
echo "maximum: $fsize"
|
||||
read accquota
|
||||
if [ -z "$accquota" ]; then
|
||||
echo "this field is mandatory."
|
||||
else
|
||||
if [ $accquota -lt $fsize ]; then
|
||||
needaccquota="notanymore"
|
||||
else
|
||||
echo "specified size too big or not a number. try again."
|
||||
fi
|
||||
fi
|
||||
done
|
||||
|
||||
|
||||
## requester
|
||||
while [ $trackrequester = "1" ]; do
|
||||
echo "who orderd this account? (i'm tracking this for a greater good.)"
|
||||
read accrequester
|
||||
if [ -z "$accrequester" ]; then
|
||||
echo "this field is mandatory."
|
||||
else
|
||||
trackrequester="notanymore"
|
||||
fi
|
||||
done
|
||||
|
||||
|
||||
## set $accport
|
||||
if [ $acctype = "sftp" ]; then
|
||||
accport="22"
|
||||
else
|
||||
accport="21"
|
||||
fi
|
||||
|
||||
|
||||
## get timestamp
|
||||
acctimestamp=$(date '+%d.%m.%Y %H:%M')
|
||||
|
||||
|
||||
## gen password (accpass)
|
||||
accpass=$(pwgen -snc 10 1)
|
||||
echo $accpass > pass.txt
|
||||
accencpass=$(makepasswd --clearfrom=pass.txt --crypt-md5 | awk '{print $2}')
|
||||
rm pass.txt
|
||||
|
||||
|
||||
## create home, set its permissions and add the user to sftp/ftpgroup
|
||||
if [ $acctype = "sftp" ]; then
|
||||
mkdir -p $accpath/$acctype"_accounts"/$accname/data
|
||||
# create the actual user (sftp)
|
||||
useradd -d /data -M -U -s /usr/lib/sftp-server -p $accencpass $accname
|
||||
chown -R $accname\: $accpath/$acctype"_accounts"/$accname/data
|
||||
usermod -G $sftpgroup $accname
|
||||
else
|
||||
mkdir -p $accpath/$acctype"_accounts"/$accname
|
||||
# create the actual user (ftp)
|
||||
useradd -d $accpath/$acctype"_accounts"/$accname -M -U -s /bin/false -p $accencpass $accname
|
||||
chown -R $accname\: $accpath/$acctype"_accounts"/$accname
|
||||
echo $accname >> /etc/vsftpd.user_list
|
||||
fi
|
||||
|
||||
|
||||
## configure quota
|
||||
accquota=$((accquota/1000*1024))
|
||||
setquota --all -u $accname $accquota"000" $accquota"000" 0 0
|
||||
|
||||
|
||||
## trigger log
|
||||
logging
|
||||
|
||||
|
||||
## account data output
|
||||
echo
|
||||
echo "account data"
|
||||
echo
|
||||
echo "host:" $acchost
|
||||
echo "port:" $accport
|
||||
echo "username:" $accname
|
||||
echo "password:" $accpass
|
||||
echo "quota:" $accquota"mb"
|
||||
echo "directory:" $accpath/$acctype"_accounts"/$accname
|
||||
echo "requester:" $accrequester
|
||||
echo
|
||||
|
||||
}
|
||||
|
||||
|
||||
|
||||
##### user deletion #####
|
||||
delete()
|
||||
{
|
||||
|
||||
## am i root?
|
||||
amiroot
|
||||
|
||||
accname=$1
|
||||
echo "feature not yet implemented"
|
||||
|
||||
}
|
||||
|
||||
|
||||
|
||||
##### password reset #####
|
||||
reset()
|
||||
{
|
||||
|
||||
## am i root?
|
||||
amiroot
|
||||
|
||||
accname=$1
|
||||
echo "feature not yet implemented"
|
||||
|
||||
}
|
||||
|
||||
resetquota()
|
||||
{
|
||||
|
||||
accname=$1
|
||||
|
||||
## reading configfile
|
||||
source /etc/ftpsftp/ftpsftp.conf
|
||||
|
||||
## quota calc
|
||||
ablocks=$(df | grep $quotamountpoint | awk '{print $2}')
|
||||
gblocks=$(repquota $quotamountpoint | grep 000 | awk '{print $4}')
|
||||
set -- $gblocks
|
||||
quotacount=0
|
||||
for var in "$@"
|
||||
do
|
||||
quotacount=$(($quotacount+$var))
|
||||
done
|
||||
|
||||
gblocks=$quotacount
|
||||
fblocks=$(($ablocks-$gblocks))
|
||||
fsize=${fblocks:0:$((${#fblocks}-3))}
|
||||
|
||||
needaccquota="yes"
|
||||
while [ $needaccquota = "yes" ]; do
|
||||
echo "please specify how much diskspace this account should provide. (in megabytes)"
|
||||
echo "maximum: $fsize"
|
||||
read accquota
|
||||
if [ -z "$accquota" ]; then
|
||||
echo "this field is mandatory."
|
||||
else
|
||||
if [ $accquota -lt $fsize ]; then
|
||||
needaccquota="notanymore"
|
||||
else
|
||||
echo "specified size too big or not a number. try again."
|
||||
fi
|
||||
fi
|
||||
done
|
||||
|
||||
## set quota
|
||||
accquota=$((accquota/1000*1024))
|
||||
setquota --all -u $accname $accquota"000" $accquota"000" 0 0
|
||||
|
||||
}
|
||||
|
||||
|
||||
##### logging #####
|
||||
logging()
|
||||
{
|
||||
|
||||
if [ $logging = 1 ]; then
|
||||
echo $acctype $accname $accpass $accquota $accrequester $acctimestamp >> /var/log/ftpsftp/accounts.log
|
||||
fi
|
||||
|
||||
}
|
||||
|
||||
|
||||
|
||||
##### mail notification #####
|
||||
#mailnotification()
|
||||
#{
|
||||
#
|
||||
#if [ $maillog = 1 ]; then
|
||||
# echo "mail notification is not yet implemented"
|
||||
#fi
|
||||
#
|
||||
#}
|
||||
|
||||
|
||||
|
||||
##### processing options #####
|
||||
while getopts "h,i,a:,d:,r:,q:,u,v" OPTION; do
|
||||
case $OPTION in
|
||||
h)
|
||||
usage
|
||||
exit 0
|
||||
;;
|
||||
i)
|
||||
installation
|
||||
exit 0
|
||||
;;
|
||||
a)
|
||||
name=$OPTARG
|
||||
run="yes"
|
||||
while [ $run = "yes" ]; do
|
||||
add $name
|
||||
echo "do you want to create another user? (yes/no)"
|
||||
read run
|
||||
if [[ $run = "yes" ]] || [[ $run = "y" ]]; then
|
||||
echo "specify account name"
|
||||
read name
|
||||
run="yes"
|
||||
fi
|
||||
done
|
||||
exit 0
|
||||
;;
|
||||
d)
|
||||
rmuser=$OPTARG
|
||||
delete $rmuser
|
||||
exit 0
|
||||
;;
|
||||
r)
|
||||
rpuser=$OPTARG
|
||||
reset $rpuser
|
||||
exit 0
|
||||
;;
|
||||
q)
|
||||
squser=$OPTARG
|
||||
resetquota $squser
|
||||
exit 0
|
||||
;;
|
||||
u)
|
||||
update
|
||||
exit 0
|
||||
;;
|
||||
v)
|
||||
version
|
||||
exit 0
|
||||
;;
|
||||
?)
|
||||
usage
|
||||
exit 1
|
||||
;;
|
||||
esac
|
||||
done
|
||||
|
||||
|
||||
## print usage message if no option is given
|
||||
if [ -z $1 ]; then
|
||||
usage
|
||||
exit 1
|
||||
fi
|
||||
|
||||
|
||||
|
||||
## end of script
|
||||
exit 0
|
|
@ -0,0 +1,314 @@
|
|||
#!/bin/bash
|
||||
|
||||
|
||||
#################################################
|
||||
## ##
|
||||
## FTPsFTP ##
|
||||
## function definitions ##
|
||||
## ##
|
||||
#################################################
|
||||
|
||||
|
||||
# **** usage message ****
|
||||
usage()
|
||||
{
|
||||
echo "usage: ftpsftp options
|
||||
|
||||
OPTIONS:
|
||||
-h show this message
|
||||
-s show stats (not yet implemented)
|
||||
-a <username> add a user
|
||||
-d <username> delete a user
|
||||
-r <username> reset password for user
|
||||
-q <username> (re)set the quota for user
|
||||
-u update ftpsftp (pull from git)
|
||||
-v show version information
|
||||
|
||||
"
|
||||
}
|
||||
|
||||
|
||||
# **** version message ****
|
||||
version()
|
||||
{
|
||||
|
||||
echo "FTPsFTP - standalone ftp/sftp server solution"
|
||||
echo
|
||||
echo "vesion: $version"
|
||||
echo "author: $author"
|
||||
echo
|
||||
|
||||
}
|
||||
|
||||
|
||||
# **** am i root? ****
|
||||
# this is now in bashlib
|
||||
#amiroot()
|
||||
#{
|
||||
#if [ "$(whoami)" != "root" ]; then
|
||||
# echo
|
||||
# echo "sorry $USER, you need to gain root privileges to do this."
|
||||
# echo
|
||||
# exit 1;
|
||||
#fi
|
||||
#}
|
||||
|
||||
|
||||
# **** ftpsftp update ****
|
||||
update()
|
||||
{
|
||||
|
||||
# checking for root privileges
|
||||
amiroot
|
||||
|
||||
# pull updates from ftpsftp git repository
|
||||
cd /opt/ftpsftp
|
||||
git pull origin master
|
||||
log info "update - ftpsftp was updated (maybe)"
|
||||
|
||||
}
|
||||
|
||||
|
||||
# ***** calculating free quota *****
|
||||
quotacalc()
|
||||
{
|
||||
|
||||
local ablocks=$(df | grep $quotamountpoint | awk '{print $2}')
|
||||
local gblocks=$(repquota $quotamountpoint | grep 0 | awk '{print $4}')
|
||||
set -- $gblocks
|
||||
local quotacount=0
|
||||
for var in "$@"; do
|
||||
local quotacount=$(($quotacount+$var))
|
||||
done
|
||||
|
||||
local gblocks=$quotacount
|
||||
local fblocks=$(($ablocks-$gblocks))
|
||||
local fsize=$((fblocks*1000/1024))
|
||||
local fsize=${fsize:0:$((${#fsize}-3))}
|
||||
|
||||
# return result
|
||||
echo $fsize
|
||||
|
||||
}
|
||||
|
||||
|
||||
# **** set quota ****
|
||||
quotaconf()
|
||||
{
|
||||
|
||||
# checking for root privileges
|
||||
amiroot
|
||||
|
||||
# checking if user exists
|
||||
isuserthere $accname
|
||||
|
||||
# breaking up if user does not exist
|
||||
if [ $? -eq "1" ]; then
|
||||
echo "error: user does not exist."
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# calculate free quota
|
||||
local fsize=$(quotacalc)
|
||||
|
||||
local run="yes"
|
||||
while [ $run = "yes" ]; do
|
||||
echo "please specify quota for user $accname. (in megabytes)"
|
||||
echo "maximum: $fsize"
|
||||
read accquota
|
||||
if [ -z "$accquota" ]; then
|
||||
echo "this field is mandatory."
|
||||
else
|
||||
if [ $accquota -lt $fsize ]; then
|
||||
local run="no"
|
||||
else
|
||||
echo "specified size too big or not a number. try again."
|
||||
fi
|
||||
fi
|
||||
done
|
||||
|
||||
# set quota
|
||||
accblockquota=$((accquota*1024))
|
||||
setquota --all -u $accname $accblockquota $accblockquota 0 0
|
||||
|
||||
}
|
||||
|
||||
|
||||
# **** check if user is already there or needs to be created ****
|
||||
isuserthere()
|
||||
{
|
||||
|
||||
id $accname &> /dev/null
|
||||
if [ $? -eq "0" ]; then
|
||||
return 0
|
||||
else
|
||||
return 1
|
||||
fi
|
||||
|
||||
}
|
||||
|
||||
##### user creation #####
|
||||
add()
|
||||
{
|
||||
|
||||
# am i root?
|
||||
amiroot
|
||||
|
||||
# checking if user already exists
|
||||
isuserthere
|
||||
|
||||
# breaking up if user already exists
|
||||
if [ $? -eq "0" ]; then
|
||||
echo "error: user already exists."
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# choose ftp or sftp
|
||||
echo "specify account type [sftp|ftp]"
|
||||
read acctype
|
||||
|
||||
if [ $acctype = "sftp" ]; then
|
||||
:
|
||||
else
|
||||
if [ $acctype = "ftp" ]; then
|
||||
:
|
||||
else
|
||||
echo "i'm sorry, i need to break this up right now."
|
||||
echo "it seams you can not understand some simple instructions."
|
||||
exit 1
|
||||
fi
|
||||
fi
|
||||
|
||||
# read requester if configfile option is 1
|
||||
while [ $trackrequester = "1" ]; do
|
||||
echo "who orderd this account? (i'm tracking this for a greater good.)"
|
||||
read accrequester
|
||||
if [ -z "$accrequester" ]; then
|
||||
echo "this field is mandatory."
|
||||
else
|
||||
trackrequester="notanymore"
|
||||
fi
|
||||
done
|
||||
|
||||
# set accport
|
||||
if [ $acctype = "sftp" ]; then
|
||||
local accport="22"
|
||||
else
|
||||
local accport="21"
|
||||
fi
|
||||
|
||||
# get timestamp
|
||||
local acctimestamp=$(date '+%d.%m.%Y %H:%M')
|
||||
|
||||
# create home, set its permissions and add the user to sftp/ftpgroup
|
||||
if [ $acctype = "sftp" ]; then
|
||||
mkdir -p $accpath/$acctype"_accounts"/$accname/data
|
||||
# create the actual user (sftp)
|
||||
useradd -d /data -M -U -s /usr/lib/sftp-server $accname
|
||||
chown -R $accname\: $accpath/$acctype"_accounts"/$accname/data
|
||||
usermod -G $sftpgroup $accname
|
||||
else
|
||||
mkdir -p $accpath/$acctype"_accounts"/$accname
|
||||
# create the actual user (ftp)
|
||||
useradd -d $accpath/$acctype"_accounts"/$accname -M -U -s /bin/false $accname
|
||||
chown -R $accname\: $accpath/$acctype"_accounts"/$accname
|
||||
usermod -G $ftpgroup $accname
|
||||
fi
|
||||
|
||||
# set password
|
||||
local accpass=$(setpasswd)
|
||||
|
||||
# configure quota
|
||||
quotaconf
|
||||
|
||||
# trigger logging
|
||||
logging $acctype $accname $accpass $accquota $accrequester $acctimestamp
|
||||
|
||||
# print account data
|
||||
echo
|
||||
echo "account data"
|
||||
echo
|
||||
echo "host:" $acchost
|
||||
echo "port:" $accport
|
||||
echo "username:" $accname
|
||||
echo "password:" $accpass
|
||||
echo "quota:" $accquota"MB"
|
||||
echo "directory:" $accpath/$acctype"_accounts"/$accname
|
||||
echo "requester:" $accrequester
|
||||
echo
|
||||
|
||||
}
|
||||
|
||||
# **** user deletion ****
|
||||
delete()
|
||||
{
|
||||
|
||||
# am i root?
|
||||
amiroot
|
||||
|
||||
# checking if user exists
|
||||
isuserthere
|
||||
|
||||
# breaking up if user does not exist
|
||||
if [ $? -eq "1" ]; then
|
||||
echo "error: user does not exist"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
id -nG $accname | grep $sftpgroup &> /dev/null
|
||||
if [ $? -eq "0" ]; then
|
||||
deluser $accname &> /dev/null
|
||||
rm -r $accpath/sftp_accounts/$accname
|
||||
else
|
||||
deluser $accname &> /dev/null
|
||||
rm -r $accpath/ftp_accounts/$accname
|
||||
fi
|
||||
|
||||
}
|
||||
|
||||
# **** generate password ****
|
||||
setpasswd()
|
||||
{
|
||||
|
||||
# checking if user exists
|
||||
isuserthere
|
||||
|
||||
# breaking up if user does not exist
|
||||
if [ $? -eq "1" ]; then
|
||||
echo "error: user does not exist"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
|
||||
# generating password
|
||||
local accpass=$(pwgen -snc 10 1)
|
||||
echo $accpass > pass.txt
|
||||
local accencpass=$(makepasswd --clearfrom=pass.txt --crypt-md5 | awk '{print $2}')
|
||||
rm pass.txt
|
||||
|
||||
# setting the password
|
||||
usermod -p $accencpass $accname
|
||||
|
||||
# returning unencrypded password
|
||||
echo $accpass
|
||||
|
||||
}
|
||||
|
||||
# **** logging ****
|
||||
logging()
|
||||
{
|
||||
|
||||
if [ $logging -eq "1" ]; then
|
||||
echo $@ >> $acclogfile
|
||||
fi
|
||||
|
||||
}
|
||||
|
||||
# **** statistics ****
|
||||
stats()
|
||||
{
|
||||
|
||||
echo "feature not yet implemented"
|
||||
|
||||
}
|
||||
|
|
@ -0,0 +1,116 @@
|
|||
#!/bin/bash
|
||||
|
||||
|
||||
#################################################
|
||||
## ##
|
||||
## FTPsFTP ##
|
||||
## standalone ftp/sftp server solution ##
|
||||
## ##
|
||||
#################################################
|
||||
|
||||
|
||||
# **** do not touch as long as you are not me ****
|
||||
version="v0.5_beta"
|
||||
author="david@socialnerds.org"
|
||||
giturl="git://git.socialnerds.org/ftpsftp.git"
|
||||
logwhat="ftpsftp"
|
||||
log2stdout="1"
|
||||
|
||||
functionfile="/opt/ftpsftp/ftpsftp.func"
|
||||
configfile="/etc/ftpsftp.conf"
|
||||
|
||||
|
||||
# **** read function definitions and config file ****
|
||||
if [ -r $functionfile ]; then
|
||||
source $functionfile
|
||||
else
|
||||
echo "error: functionfile not found."
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if [ -r $configfile ]; then
|
||||
source $configfile
|
||||
else
|
||||
echo "error: configuration file not found."
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# **** load bashlib ****
|
||||
# need for some better routine to include bashlib
|
||||
if [ -d $bashlibpath ]; then
|
||||
source $bashlibpath/main
|
||||
source $bashlibpath/logengine
|
||||
log debug "preflight - logengine loaded"
|
||||
else
|
||||
echo "ERROR: bashlib not found"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
|
||||
# **** processing options ****
|
||||
while getopts "h,s,a:,d:,r:,q:,u,v" OPTION; do
|
||||
case $OPTION in
|
||||
h)
|
||||
usage
|
||||
exit 0
|
||||
;;
|
||||
s)
|
||||
stats
|
||||
exit 0
|
||||
;;
|
||||
a)
|
||||
accname=$OPTARG
|
||||
run="yes"
|
||||
while [ $run = "yes" ]; do
|
||||
add
|
||||
echo "do you want to create another user? (yes/no)"
|
||||
read run
|
||||
if [[ $run = "yes" ]] || [[ $run = "y" ]]; then
|
||||
echo "specify account name"
|
||||
read accname
|
||||
run="yes"
|
||||
fi
|
||||
done
|
||||
exit 0
|
||||
;;
|
||||
d)
|
||||
accname=$OPTARG
|
||||
delete
|
||||
exit 0
|
||||
;;
|
||||
r)
|
||||
accname=$OPTARG
|
||||
accpass=$(setpasswd)
|
||||
echo "the new password for user $accname is: $accpass"
|
||||
exit 0
|
||||
;;
|
||||
q)
|
||||
accname=$OPTARG
|
||||
quotaconf
|
||||
exit 0
|
||||
;;
|
||||
u)
|
||||
update
|
||||
exit 0
|
||||
;;
|
||||
v)
|
||||
version
|
||||
exit 0
|
||||
;;
|
||||
?)
|
||||
usage
|
||||
exit 1
|
||||
;;
|
||||
esac
|
||||
done
|
||||
|
||||
|
||||
# **** print usage message if no option is given ****
|
||||
if [ -z $1 ]; then
|
||||
usage
|
||||
exit 1
|
||||
fi
|
||||
|
||||
|
||||
# **** end of script ****
|
||||
exit 0
|
|
@ -0,0 +1,207 @@
|
|||
#!/bin/bash
|
||||
|
||||
|
||||
#################################################
|
||||
## ##
|
||||
## FTPsFTP ##
|
||||
## installation script ##
|
||||
## ##
|
||||
#################################################
|
||||
|
||||
|
||||
# **** ftpsftp installation routine ****
|
||||
|
||||
# **** configuration section ****
|
||||
giturl="http://git.gitorious.org/aec/ftpsftp.git"
|
||||
acclogfile="/var/log/ftpsftp_accounts.log" #changed
|
||||
logfile="/var/log/ftpsftp.log" #new
|
||||
configfile="/etc/ftpsftp.conf" #changed
|
||||
reporoot="/opt" #new
|
||||
|
||||
|
||||
# **** am i root? ****
|
||||
if [ "$(whoami)" != "root" ]; then
|
||||
echo
|
||||
echo "$USER, in order to do this you need to gain root privileges."
|
||||
echo
|
||||
exit 1;
|
||||
fi
|
||||
|
||||
|
||||
# **** uninstall ****
|
||||
if [ -z $1 ]; then
|
||||
:
|
||||
elif [ $1 = "--uninstall" ]; then
|
||||
# **** removing files ****
|
||||
rm -r $reporoot/ftpsftp
|
||||
rm $logfile
|
||||
rm $acclogfile
|
||||
rm $configfile
|
||||
rm /etc/vsftpd.chroot_list
|
||||
rm /usr/local/bin/ftpsftp
|
||||
rm /etc/fstab
|
||||
mv /etc/fstab_orig /etc/fstab
|
||||
rm cp /etc/vsftpd.conf
|
||||
mv /etc/vsftpd.conf_orig /etc/vsftpd.conf
|
||||
rm /etc/vsftpd.group_list
|
||||
rm cp /etc/pam.d/vsftpd
|
||||
mv /etc/pam.d/vsftpd_orig /etc/pam.d/vsftpd
|
||||
rm /etc/ssh/sshd_config
|
||||
mv /etc/ssh/sshd_config_orig /etc/ssh/sshd_config
|
||||
rm /etc/shells
|
||||
mv /etc/shells_orig /etc/shells
|
||||
|
||||
# **** removing groups ****
|
||||
#delgroup $sftpgroup
|
||||
#delgroup $ftpgroup
|
||||
echo "info: everything except the system groups and the packages installed with apt successfully removed"
|
||||
fi
|
||||
|
||||
|
||||
# **** installing dependencies ****
|
||||
echo "info: trying to install dependencies via apt"
|
||||
apt-get update
|
||||
apt-get install -y vsftpd ssh quota quotatool makepasswd pwgen git-core vim
|
||||
|
||||
|
||||
# **** reading configuration from user ****
|
||||
echo "specify under which path the account home dirs should be stored (no tailing slash)"
|
||||
read accpath
|
||||
|
||||
echo "specify the mointpoint of the device where your accounts are stored (needed for quota config)"
|
||||
read quotamountpoint
|
||||
|
||||
echo "specify the fqdn of your host"
|
||||
read acchost
|
||||
|
||||
echo "specify a system group for your sftp users [default: sftpusers]"
|
||||
read sftpgroup
|
||||
if [ -z $sftpgroup ]; then
|
||||
sftpgroup="sftpusers"
|
||||
fi
|
||||
|
||||
echo "specify a system group for your ftp users [default: ftpusers]"
|
||||
read ftpgroup
|
||||
if [ -z $ftpgroup ]; then
|
||||
ftpgroup="ftpusers"
|
||||
fi
|
||||
|
||||
|
||||
# **** creating needed directorys ****
|
||||
# just in case, they should be already there
|
||||
echo "info: creating directorys"
|
||||
mkdir -p /var/log
|
||||
mkdir -p $reporoot
|
||||
|
||||
|
||||
# **** creating configfiles and logfiles ****
|
||||
echo "info: creating configuration and log files"
|
||||
|
||||
# creating chroot_list
|
||||
echo "$USER" > /etc/vsftpd.chroot_list
|
||||
|
||||
# creating log files
|
||||
echo "type name pass quota reguester timestamp" > $acclogfile
|
||||
touch $logfile
|
||||
|
||||
# create ftpsftp configuration file (default: /etc/ftpsftp/ftpsftp.conf)
|
||||
echo '## ftpsftp configuration file ##
|
||||
|
||||
accpath="'$accpath'" # this should point to where your accounts should be located
|
||||
quotamountpoint="'$quotamountpoint'" # mount point for quota configuration
|
||||
acchost="'$acchost'" # the dns name where your sever is reachable
|
||||
sftpgroup="'$sftpgroup'" # system group
|
||||
ftpgroup="'$ftpgroup'" # system group
|
||||
trackrequester="1" # switch to 0 if you do not want to track the account requester
|
||||
logging="1" # set this to 0 if you do not want any logging
|
||||
|
||||
' > $configfile
|
||||
|
||||
|
||||
# **** cloning master branch of ftpsftp git repo ****
|
||||
echo "info: cloning files from git repository to /opt/ftpsftp"
|
||||
cd $reporoot
|
||||
git clone $giturl
|
||||
|
||||
|
||||
# **** set symlink for script in /usr/local/bin ****
|
||||
echo "info: creating symlink for script in /usr/local/bin"
|
||||
cd /usr/local/bin
|
||||
ln -s $reporoot/ftpsftp/ftpsftp.sh ftpsftp
|
||||
|
||||
|
||||
# **** configure quota ****
|
||||
echo "info: configuring quota in fstab for $quotamountpoint"
|
||||
cp /etc/fstab /etc/fstab_orig
|
||||
cat /etc/fstab | grep -v $quotamountpoint > /etc/~fstab
|
||||
storageopt=$(cat /etc/fstab | grep $quotamountpoint | awk '{print $4}')
|
||||
sed -i 's/'$storageopt'/'$storageopt',usrquota/' /etc/fstab
|
||||
cat /etc/fstab | grep $quotamountpoint >> /etc/~fstab
|
||||
rm /etc/fstab && mv /etc/~fstab /etc/fstab
|
||||
umount $quotamountpoint
|
||||
mount -a
|
||||
/etc/init.d/quota restart
|
||||
|
||||
|
||||
# **** configure vsftp ****
|
||||
cp /etc/vsftpd.conf /etc/vsftpd.conf_orig
|
||||
#sed -i 's/#listen_ipv6=YES/listen_ipv6=YES/' /etc/vsftpd.conf
|
||||
sed -i 's/#write_enable=YES/write_enable=YES/' /etc/vsftpd.conf
|
||||
sed -i 's/#local_umask=022/local_umask=0007\nfile_open_mode=0770/' /etc/vsftpd.conf
|
||||
sed -i 's/#chroot_local_user=YES/chroot_local_user=YES/' /etc/vsftpd.conf
|
||||
sed -i 's/#chroot_list_enable=YES/chroot_list_enable=YES/' /etc/vsftpd.conf
|
||||
sed -i 's/#chroot_list_file=\/etc\/vsftpd.chroot_list/chroot_list_file=\/etc\/vsftpd.chroot_list/' /etc/vsftpd.conf
|
||||
sed -i 's/#ftpd_banner=Welcome to blah FTP service./ftpd_banner=Welcome to '$acchost'./' /etc/vsftpd.conf
|
||||
|
||||
|
||||
# creating vsftpd.group_list (used by pam)
|
||||
addgroup $ftpgroup
|
||||
echo "
|
||||
$ftpgroup
|
||||
admin
|
||||
" > /etc/vsftpd.group_list
|
||||
|
||||
# adding group list to pam.d
|
||||
cp /etc/pam.d/vsftpd /etc/pam.d/vsftpd_orig
|
||||
sed '2 a auth required pam_listfile.so item=group sense=allow file=/etc/vsftpd.group_list onerr=fail' /etc/pam.d/vsftpd > /etc/pam.d/vsftpd_new
|
||||
rm /etc/pam.d/vsftpd && mv /etc/pam.d/vsftpd_new /etc/pam.d/vsftpd
|
||||
|
||||
# restarting ftp service
|
||||
/etc/init.d/vsftpd restart
|
||||
|
||||
|
||||
# **** configure sshd ****
|
||||
echo "info: configuring ssh server"
|
||||
addgroup $sftpgroup
|
||||
cp /etc/ssh/sshd_config /etc/ssh/sshd_config_orig
|
||||
sed -i 's/Subsystem sftp \/usr\/lib\/openssh\/sftp-server/Subsystem sftp internal-sftp/' /etc/ssh/sshd_config
|
||||
|
||||
echo "
|
||||
|
||||
##### ssh configuration done by ftpsftp ############
|
||||
AllowGroups admin $sftpgroup
|
||||
|
||||
Match group sftpusers
|
||||
ChrootDirectory $accpath/sftp_accounts/%u
|
||||
X11Forwarding no
|
||||
AllowTcpForwarding no
|
||||
ForceCommand internal-sftp
|
||||
|
||||
" >> /etc/ssh/sshd_config
|
||||
|
||||
/etc/init.d/ssh restart
|
||||
|
||||
## adding shells
|
||||
cp /etc/shells /etc/shells_orig
|
||||
echo "
|
||||
/bin/false
|
||||
/usr/lib/sftp-server
|
||||
" >> /etc/shells
|
||||
|
||||
|
||||
echo "you can now delete this script."
|
||||
echo "all you need is in $reporoot/ftpsftp, $configfile, $acclogfile and $logfile"
|
||||
echo 'everything should be set to create your first user. try "ftpsftp -a <username>"'
|
||||
echo
|
||||
|
||||
exit 0
|
Loading…
Reference in New Issue