diff --git a/ftpsftp/README.please b/ftpsftp/README.please new file mode 100644 index 0000000..60027c2 --- /dev/null +++ b/ftpsftp/README.please @@ -0,0 +1,33 @@ +attention: the install procedure is broke at the moment.. + +## why are some variables defined in the configfile and some directly in the script? +the vars in the configfile are specific to your installation and can or should be changed. everything defined directly in the script should remain the same for every installation. + +## features wanted + +info option (or some sort of stats) + + -- ftp user count + -- sftp user count + -- used disk space + -- used disk space by user + -- free disk space + -- free quota + -- quotamountpoint + + + +## functions +quotacalc ... gives back the free megabytes on the storage +quotaconf ... sets the quota for existing user +isuserthere ... checks if user exists or asks to create it +amiroot ... checks if there are root privileges (ends scripts if not) +update ... pulls updates from ftpsftp git repository +version ... prints version information +usage ... prints usage message +add ... adding a new user +delete ... delete an existing user + + + +contact me if you have any questions: david@socialnerds.org diff --git a/ftpsftp/archive/addaccount_v0.2.sh b/ftpsftp/archive/addaccount_v0.2.sh new file mode 100644 index 0000000..4f6bca3 --- /dev/null +++ b/ftpsftp/archive/addaccount_v0.2.sh @@ -0,0 +1,173 @@ +#!/bin/bash + +############################################ +## ## +## FTP/sFTP Account Creation Script ## +## v0.2 ## +## Author: david@socialnerds.org ## +## ## +############################################ + +## script configuration section ## +accpath="/media/storage" +acchost="some.domain.org" # the dns name where your sever is reachable +sftpgroup="sftpusers" # this group must exist +trackrequester="yes" # switch to "no" if you do not want to track the requester +logging=1 # set this to 0 if you don't want any logging +logpath="/media/storage/logs" # there you want to create your logfile +logfile="accounts.log" # choose the logfile name here +jabberlog=1 # set this to 0 if you don't want jabber notifications +## following ist not necessary if jabberlog=0 +jabberwatchdogs="admin@somedomain.org admin@someotherdomain.org" +jabberuser="jabber-account" +jabberserver="jabber-server" +jabberpass="jabber-account-password" + + +## am i root? ## +if [ "$(whoami)" != "root" ]; then + echo "only root can do this" + exit 1; +fi + + +## check for dependencys ## +# not yet implemented (sendxmpp, ssh, vsftpd, ..) + + +#clear +echo "" # just an empty line +echo "Welcome to the FTP/sFTP Account Creation Script (v0.2)" +## choose ftp or sftp +echo "" +echo "Which type of account you want to create? [sftp|ftp]" +read acctype + +if [ $acctype = "sftp" ]; then + echo "" +else + if [ $acctype = "ftp" ]; then + echo "" + else + #clear + echo "I'm sorry, i need to break this up right now." + echo "It seams you can't understand some simple instructions.." + exit 1; + fi +fi + + +if [ -z $1 ]; then + needaccname="yes" + while [ $needaccname = "yes" ]; do + echo "" + echo "Enter Accountname:" + read accname + if [ -z $accname ]; then + echo "This field is mandatory." + else + needaccname="notanymore" + fi + done +else + accname=$1 +fi + + +## quota +accquota="quota not yet implemented" + + +## requester +while [ $trackrequester = "yes" ]; do + echo "" + echo "Who orderd this account? (I'm tracking this for a greater good.)" + read accrequester + if [ -z "$accrequester" ]; then + echo "This field is mandatory." + else + trackrequester="notanymore" + fi +done + +## set $accport +if [ $acctype = "sftp" ]; then + accport="22" +else + accport="21" +fi + + +## get timestamp +acctimestamp=$(date '+%dr%B %Y %H:%M') + + +## gen password (acpass) +accpass=$(pwgen -snc 10 1) +echo $accpass > pass.txt +accencpass=$(makepasswd --clearfrom=pass.txt --crypt-md5 |awk '{print $2}') +rm pass.txt + +## create home, set its permissions and add the user to sftp/ftpgroup +if [ $acctype = "sftp" ]; then + mkdir -p $accpath/$acctype"_accounts"/$accname/data + # create the actual user (sftp) + useradd -d /data -M -U -s /usr/lib/sftp-server -p $accencpass $accname + chown -R $accname\: $accpath/$acctype"_accounts"/$accname/data + adduser $accname $sftpgroup +else + mkdir -p $accpath/$acctype"_accounts"/$accname + # create the actual user (ftp) + useradd -d $accpath/$acctype"_accounts"/$accname -M -U -s /bin/false -p $accencpass $accname + chown -R $accname\: $accpath/$acctype"_accounts"/$accname + echo $accname >> /etc/vsftpd.user_list +fi + + +## logging (log type, name, pass, quota, requester and timestamp) +if [ $logging = 1 ]; then + if [ -e $logpath/$logfile ]; then + cd $logpath + echo $acctype $accname $accpass $accquota $accrequester $acctimestamp >> $logfile + else + mkdir -p $logpath + cd $logpath + touch $logfile + echo "type name pass quota reguester timestamp" >> $logfile + echo $acctype $accname $accpass $accquota $accrequester $acctimestamp >> $logfile + fi +else + echo "" +fi + + +## jabber notification +if [ $jabberlog = 1 ]; then + echo " + This is your FTP/sFTP Server, + a "$acctype" account was just created. + Accountname:" $accname " + Quota:" $accquota " + Requester:" $accrequester | sendxmpp -r ftpcreation -u $jabberuser -j $jabberserver -p $jabberpass $jabberwatchdogs +else + echo "" +fi + + +## account data output +#clear +echo "" +echo "Account data" +echo "" +echo "Host:" $acchost +echo "Port:" $accport +echo "Username:" $accname +echo "Password:" $accpass +echo "Quota:" $accquota +echo "Directory:" $accpath/$acctype"_accounts"/$accname +echo "Requester:" $accrequester +echo "" +echo "Everything is done" + +exit 0 + diff --git a/ftpsftp/archive/addaccount_v0.3.sh b/ftpsftp/archive/addaccount_v0.3.sh new file mode 100644 index 0000000..5360f11 --- /dev/null +++ b/ftpsftp/archive/addaccount_v0.3.sh @@ -0,0 +1,215 @@ +#!/bin/bash + +############################################ +## ## +## FTP/sFTP Account Creation Script ## +## v0.3 ## +## Author: david@socialnerds.org ## +## ## +############################################ + +## script configuration section ## +accpath="/srv/storage" +quotamountpoint="/srv/storage" +acchost="some.domain.org" # the dns name where your sever is reachable +sftpgroup="sftpusers" # this group must exist +trackrequester="yes" # switch to "no" if you do not want to track the requester +logging=1 # set this to 0 if you don't want any logging +logpath="/media/storage/logs" # there you want to create your logfile +logfile="accounts.log" # choose the logfile name here +jabberlog=0 # set this to 0 if you don't want jabber notifications +maillog=0 + +## following ist not necessary if jabberlog=0 +jabberwatchdogs="admin@somedomain.org admin@someotherdomain.org" +jabberuser="jabber-account" +jabberserver="jabber-server" +jabberpass="jabber-account-password" + +## do not touch +version="v0.3" + +## am i root? ## +if [ "$(whoami)" != "root" ]; then + echo "only root can do this" + exit 1; +fi + + +## check for dependencys ## +# not yet implemented (sendxmpp, ssh, vsftpd, ..) + + +#clear +echo "" # just an empty line +echo "Welcome to the FTP/sFTP Account Creation Script ($version)" +## choose ftp or sftp +echo "" +echo "Which type of account you want to create? [sftp|ftp]" +read acctype + +if [ $acctype = "sftp" ]; then + : +else + if [ $acctype = "ftp" ]; then + : + else + #clear + echo "I'm sorry, i need to break this up right now." + echo "It seams you can't understand some simple instructions.." + exit 1; + fi +fi + + +if [ -z $1 ]; then + needaccname="yes" + while [ $needaccname = "yes" ]; do + echo "" + echo "Enter Accountname:" + read accname + if [ -z $accname ]; then + echo "This field is mandatory." + else + needaccname="notanymore" + fi + done +else + accname=$1 +fi + + +## quota +ablocks=$(df | grep $quotamountpoint | awk '{print $2}') +gblocks=$(repquota $quotamountpoint | grep 000 | awk '{print $4}') +set -- $gblocks +quotacount=0 +for var in "$@" +do + quotacount=$(($quotacount+$var)) + +done + +gblocks=$quotacount +fblocks=$(($ablocks-$gblocks)) +fsize=${fblocks:0:$((${#fblocks}-3))} + + +needaccquota="yes" +while [ $needaccquota = "yes" ]; do + echo "" + echo "Please specify how much diskspace this account should provide. (in Megabytes)" + echo "Maximum: $fsize" + read accquota + if [ -z "$accquota" ]; then + echo "This field is mandatory." + else + if [ $accquota -lt $fsize ]; then + needaccquota="notanymore" + else + echo "" + echo "Specified size too big or not a number. Try again." + fi + fi +done + + +## requester +while [ $trackrequester = "yes" ]; do + echo "" + echo "Who orderd this account? (I'm tracking this for a greater good.)" + read accrequester + if [ -z "$accrequester" ]; then + echo "This field is mandatory." + else + trackrequester="notanymore" + fi +done + +## set $accport +if [ $acctype = "sftp" ]; then + accport="22" +else + accport="21" +fi + + +## get timestamp +acctimestamp=$(date '+%d.%m.%Y %H:%M') + + +## gen password (acpass) +accpass=$(pwgen -snc 10 1) +echo $accpass > pass.txt +accencpass=$(makepasswd --clearfrom=pass.txt --crypt-md5 |awk '{print $2}') +rm pass.txt + +## create home, set its permissions and add the user to sftp/ftpgroup +if [ $acctype = "sftp" ]; then + mkdir -p $accpath/$acctype"_accounts"/$accname/data + # create the actual user (sftp) + useradd -d /data -M -U -s /usr/lib/sftp-server -p $accencpass $accname + chown -R $accname\: $accpath/$acctype"_accounts"/$accname/data + usermod -G $sftpgroup $accname +else + mkdir -p $accpath/$acctype"_accounts"/$accname + # create the actual user (ftp) + useradd -d $accpath/$acctype"_accounts"/$accname -M -U -s /bin/false -p $accencpass $accname + chown -R $accname\: $accpath/$acctype"_accounts"/$accname + echo $accname >> /etc/vsftpd.user_list +fi + +## configure quota +setquota --all -u $accname $accquota"000" $accquota"000" 0 0 + + +## logging (log type, name, pass, quota, requester and timestamp) +if [ $logging = 1 ]; then + if [ -e $logpath/$logfile ]; then + cd $logpath + echo $acctype $accname $accpass $accquota $accrequester $acctimestamp >> $logfile + else + mkdir -p $logpath + cd $logpath + touch $logfile + echo "type name pass quota reguester timestamp" >> $logfile + echo $acctype $accname $accpass $accquota $accrequester $acctimestamp >> $logfile + fi +else + echo "" +fi + + +## jabber notification +if [ $jabberlog = 1 ]; then + echo " + This is your FTP/sFTP Server, + a "$acctype" account was just created. + Accountname:" $accname " + Quota:" $accquota"MB" " + Requester:" $accrequester | sendxmpp -r ftpcreation -u $jabberuser -j $jabberserver -p $jabberpass $jabberwatchdogs +fi + +## mail notification +if [ $maillog = 1 ]; then + echo "mail notification is not yet implemented" +fi + + +## account data output +#clear +echo "" +echo "Account data" +echo "" +echo "Host:" $acchost +echo "Port:" $accport +echo "Username:" $accname +echo "Password:" $accpass +echo "Quota:" $accquota"MB" +echo "Directory:" $accpath/$acctype"_accounts"/$accname +echo "Requester:" $accrequester +echo "" +echo "Everything is done" + +exit 0 + diff --git a/ftpsftp/archive/ftpsftp_v0.4.1b.sh b/ftpsftp/archive/ftpsftp_v0.4.1b.sh new file mode 100644 index 0000000..4582a54 --- /dev/null +++ b/ftpsftp/archive/ftpsftp_v0.4.1b.sh @@ -0,0 +1,510 @@ +#!/bin/bash + +################################################# +## ## +## FTPsFTP ## +## standalone ftp/sftp server solution ## +## ## +################################################# + + + +# **** do not touch as long as you are not me **** +version="v0.4.1b" +author="david@socialnerds.org" +giturl="http://git.gitorious.org/aec/ftpsftp.git" + + +# **** usage message **** +usage() +{ +cat << EOF +usage: ftpsftp options + +OPTIONS: + -h show this message + -i install ftpsftp on this ubuntu box + -a add a user + -d delete a user (not yet implemented) + -r reset password for user (not yet implemented) + -q (re)set the quota for user ****new feature**** + -u update ftpsftp (pull from git) + -v version information + +EOF +} + + +# **** version message **** +version() +{ +echo +echo "FTPsFTP - standalone ftp/sftp server solution" +echo +echo "vesion: $version" +echo "author: $author" +echo +} + + +# **** am i root? **** +amiroot() +{ +if [ "$(whoami)" != "root" ]; then + echo + echo "sorry $USER, you need to gain root privileges to do this." + echo + exit 1; +fi +} + + + +# **** installation routine **** +installation() +{ + +## am i root? +amiroot + + +## installing dependencies +echo "info: trying to install dependencies via apt" +apt-get update +apt-get install -y vsftpd ssh quota quotatool makepasswd pwgen git-core vim + + +## reading configuration from user (stdin) +echo "specify under which path the account home dirs should be stored (no tailing slash)" +read accpath +echo "specify the mointpoint of the device where your accounts are stored (needed for quota config)" +read quotamountpoint +echo "specify the fqdn of your host" +read acchost +echo "specify a system group for your sftp users [default: sftpusers]" +read sftpgroup +if [ -z $sftpgroup ]; then + sftpgroup="sftpusers" +fi + + +## creating needed directorys +echo "info: creating directorys" +mkdir -p /etc/ftpsftp +mkdir -p /var/log/ftpsftp +mkdir -p /opt + + +## creating configfiles and logfiles +echo "info: creating configuration and log files" +echo "$USER" > /etc/vsftpd.chroot_list +touch /etc/vsftpd.user_list +echo "type name pass quota reguester timestamp" > /var/log/ftpsftp/accounts.log +#touch /var/log/ftpsftp/system.log #not yet in use +echo '## ftpsftp configuration file ## + +accpath="'$accpath'" # this should point to where your accounts should be located +quotamountpoint="'$quotamountpoint'" # mount point for quota configuration +acchost="'$acchost'" # the dns name where your sever is reachable +sftpgroup="'$sftpgroup'" # system group +trackrequester="1" # switch to 0 if you do not want to track the account requester +logging="1" # set this to 0 if you do not want any logging +mailnotification="0" # set this to 0 if you do not want any mail notifications (not yet implemented) + +' > /etc/ftpsftp/ftpsftp.conf + + +## cloning master of ftpsftp git repo +echo "info: cloning files from git repository to /opt/ftpsftp" +cd /opt +git clone $giturl + + +## set symlink for script in /usr/local/bin +echo "info: creating symlink for script in /usr/local/bin" +cd /usr/local/bin +ln -s /opt/ftpsftp/ftpsftp.sh ftpsftp + + +## configure quota +echo "info: configuring quota in fstab for $quotamountpoint" +storageopt=$(cat /etc/fstab | grep $quotamountpoint | awk '{print $4}') +sed -i 's/'$storageopt'/'$storageopt',usrquota/' /etc/fstab +umount $quotamountpoint +mount -a +/etc/init.d/quota restart + + +## configure vsftp +cp /etc/vsftpd.conf /etc/vsftpd.conf_orig +#sed -i 's/#listen_ipv6=YES/listen_ipv6=YES/' /etc/vsftpd.conf +sed -i 's/#write_enable=YES/write_enable=YES/' /etc/vsftpd.conf +sed -i 's/#local_umask=022/local_umask=0007\nfile_open_mode=0770/' /etc/vsftpd.conf +sed -i 's/#chroot_local_user=YES/chroot_local_user=YES/' /etc/vsftpd.conf +sed -i 's/#chroot_list_enable=YES/chroot_list_enable=YES/' /etc/vsftpd.conf +sed -i 's/#chroot_list_file=\/etc\/vsftpd.chroot_list/chroot_list_file=\/etc\/vsftpd.chroot_list/' /etc/vsftpd.conf +sed -i 's/#ftpd_banner=Welcome to blah FTP service./ftpd_banner=Welcome to '$acchost'./' /etc/vsftpd.conf + +echo " +## added by ftpsftp +userlist_enable=YES +userlist_deny=NO +userlist_file=/etc/vsftpd.user_list +" >> /etc/vsftpd.conf +/etc/init.d/vsftpd restart + + +## configure sshd +echo "info: configuring ssh server" +addgroup $sftpgroup +cp /etc/ssh/sshd_config /etc/ssh/sshd_config_orig +sed -i 's/Subsystem sftp \/usr\/lib\/openssh\/sftp-server/Subsystem sftp internal-sftp/' /etc/ssh/sshd_config + +echo " + +##### ssh configuration done by ftpsftp ############ + +AllowGroups admin $sftpgroup + +Match group sftpusers + ChrootDirectory $accpath/sftp_accounts/%u + X11Forwarding no + AllowTcpForwarding no + ForceCommand internal-sftp + +#################################################### + +" >> /etc/ssh/sshd_config + +/etc/init.d/ssh restart + +## adding shells +echo " +/bin/false +/usr/lib/sftp-server +" >> /etc/shells + + +echo "you can now delete this script." +echo "all you need is in /opt/ftpsftp, /etc/ftpsftp and /var/log/ftpsftp." +echo 'everything is set to create your first user. try "ftpsftp -a "' +} + + + +##### ftpsftp update ##### +update() +{ + +## am i root? +amiroot + +cd /opt/ftpsftp +git pull origin master + +} + + + +##### user creation ##### +add() +{ + +## am i root? +amiroot + + +## set accname +accname=$1 + + +## check if installed + + +## reading configfile +source /etc/ftpsftp/ftpsftp.conf + + +## choose ftp or sftp +echo "specify account type [sftp|ftp]" +read acctype + +if [ $acctype = "sftp" ]; then + : +else + if [ $acctype = "ftp" ]; then + : + else + echo "i'm sorry, i need to break this up right now." + echo "it seams you can not understand some simple instructions." + exit 1 + fi +fi + + +## quota +ablocks=$(df | grep $quotamountpoint | awk '{print $2}') +gblocks=$(repquota $quotamountpoint | grep 000 | awk '{print $4}') +set -- $gblocks +quotacount=0 +for var in "$@" +do + quotacount=$(($quotacount+$var)) +done + +gblocks=$quotacount +fblocks=$(($ablocks-$gblocks)) +fsize=${fblocks:0:$((${#fblocks}-3))} + +needaccquota="yes" +while [ $needaccquota = "yes" ]; do + echo "please specify how much diskspace this account should provide. (in megabytes)" + echo "maximum: $fsize" + read accquota + if [ -z "$accquota" ]; then + echo "this field is mandatory." + else + if [ $accquota -lt $fsize ]; then + needaccquota="notanymore" + else + echo "specified size too big or not a number. try again." + fi + fi +done + + +## requester +while [ $trackrequester = "1" ]; do + echo "who orderd this account? (i'm tracking this for a greater good.)" + read accrequester + if [ -z "$accrequester" ]; then + echo "this field is mandatory." + else + trackrequester="notanymore" + fi +done + + +## set $accport +if [ $acctype = "sftp" ]; then + accport="22" +else + accport="21" +fi + + +## get timestamp +acctimestamp=$(date '+%d.%m.%Y %H:%M') + + +## gen password (accpass) +accpass=$(pwgen -snc 10 1) +echo $accpass > pass.txt +accencpass=$(makepasswd --clearfrom=pass.txt --crypt-md5 | awk '{print $2}') +rm pass.txt + + +## create home, set its permissions and add the user to sftp/ftpgroup +if [ $acctype = "sftp" ]; then + mkdir -p $accpath/$acctype"_accounts"/$accname/data + # create the actual user (sftp) + useradd -d /data -M -U -s /usr/lib/sftp-server -p $accencpass $accname + chown -R $accname\: $accpath/$acctype"_accounts"/$accname/data + usermod -G $sftpgroup $accname +else + mkdir -p $accpath/$acctype"_accounts"/$accname + # create the actual user (ftp) + useradd -d $accpath/$acctype"_accounts"/$accname -M -U -s /bin/false -p $accencpass $accname + chown -R $accname\: $accpath/$acctype"_accounts"/$accname + echo $accname >> /etc/vsftpd.user_list +fi + + +## configure quota +accquota=$((accquota/1000*1024)) +setquota --all -u $accname $accquota"000" $accquota"000" 0 0 + + +## trigger log +logging + + +## account data output +echo +echo "account data" +echo +echo "host:" $acchost +echo "port:" $accport +echo "username:" $accname +echo "password:" $accpass +echo "quota:" $accquota"mb" +echo "directory:" $accpath/$acctype"_accounts"/$accname +echo "requester:" $accrequester +echo + +} + + + +##### user deletion ##### +delete() +{ + +## am i root? +amiroot + +accname=$1 +echo "feature not yet implemented" + +} + + + +##### password reset ##### +reset() +{ + +## am i root? +amiroot + +accname=$1 +echo "feature not yet implemented" + +} + +resetquota() +{ + +accname=$1 + +## reading configfile +source /etc/ftpsftp/ftpsftp.conf + +## quota calc +ablocks=$(df | grep $quotamountpoint | awk '{print $2}') +gblocks=$(repquota $quotamountpoint | grep 000 | awk '{print $4}') +set -- $gblocks +quotacount=0 +for var in "$@" +do + quotacount=$(($quotacount+$var)) +done + +gblocks=$quotacount +fblocks=$(($ablocks-$gblocks)) +fsize=${fblocks:0:$((${#fblocks}-3))} + +needaccquota="yes" +while [ $needaccquota = "yes" ]; do + echo "please specify how much diskspace this account should provide. (in megabytes)" + echo "maximum: $fsize" + read accquota + if [ -z "$accquota" ]; then + echo "this field is mandatory." + else + if [ $accquota -lt $fsize ]; then + needaccquota="notanymore" + else + echo "specified size too big or not a number. try again." + fi + fi +done + +## set quota +accquota=$((accquota/1000*1024)) +setquota --all -u $accname $accquota"000" $accquota"000" 0 0 + +} + + +##### logging ##### +logging() +{ + +if [ $logging = 1 ]; then + echo $acctype $accname $accpass $accquota $accrequester $acctimestamp >> /var/log/ftpsftp/accounts.log +fi + +} + + + +##### mail notification ##### +#mailnotification() +#{ +# +#if [ $maillog = 1 ]; then +# echo "mail notification is not yet implemented" +#fi +# +#} + + + +##### processing options ##### +while getopts "h,i,a:,d:,r:,q:,u,v" OPTION; do + case $OPTION in + h) + usage + exit 0 + ;; + i) + installation + exit 0 + ;; + a) + name=$OPTARG + run="yes" + while [ $run = "yes" ]; do + add $name + echo "do you want to create another user? (yes/no)" + read run + if [[ $run = "yes" ]] || [[ $run = "y" ]]; then + echo "specify account name" + read name + run="yes" + fi + done + exit 0 + ;; + d) + rmuser=$OPTARG + delete $rmuser + exit 0 + ;; + r) + rpuser=$OPTARG + reset $rpuser + exit 0 + ;; + q) + squser=$OPTARG + resetquota $squser + exit 0 + ;; + u) + update + exit 0 + ;; + v) + version + exit 0 + ;; + ?) + usage + exit 1 + ;; + esac +done + + +## print usage message if no option is given +if [ -z $1 ]; then + usage + exit 1 +fi + + + +## end of script +exit 0 diff --git a/ftpsftp/ftpsftp.func b/ftpsftp/ftpsftp.func new file mode 100644 index 0000000..00e3fdb --- /dev/null +++ b/ftpsftp/ftpsftp.func @@ -0,0 +1,314 @@ +#!/bin/bash + + +################################################# +## ## +## FTPsFTP ## +## function definitions ## +## ## +################################################# + + +# **** usage message **** +usage() +{ +echo "usage: ftpsftp options + +OPTIONS: + -h show this message + -s show stats (not yet implemented) + -a add a user + -d delete a user + -r reset password for user + -q (re)set the quota for user + -u update ftpsftp (pull from git) + -v show version information + +" +} + + +# **** version message **** +version() +{ + + echo "FTPsFTP - standalone ftp/sftp server solution" + echo + echo "vesion: $version" + echo "author: $author" + echo + +} + + +# **** am i root? **** +# this is now in bashlib +#amiroot() +#{ +#if [ "$(whoami)" != "root" ]; then +# echo +# echo "sorry $USER, you need to gain root privileges to do this." +# echo +# exit 1; +#fi +#} + + +# **** ftpsftp update **** +update() +{ + + # checking for root privileges + amiroot + + # pull updates from ftpsftp git repository + cd /opt/ftpsftp + git pull origin master + log info "update - ftpsftp was updated (maybe)" + +} + + +# ***** calculating free quota ***** +quotacalc() +{ + + local ablocks=$(df | grep $quotamountpoint | awk '{print $2}') + local gblocks=$(repquota $quotamountpoint | grep 0 | awk '{print $4}') + set -- $gblocks + local quotacount=0 + for var in "$@"; do + local quotacount=$(($quotacount+$var)) + done + + local gblocks=$quotacount + local fblocks=$(($ablocks-$gblocks)) + local fsize=$((fblocks*1000/1024)) + local fsize=${fsize:0:$((${#fsize}-3))} + + # return result + echo $fsize + +} + + +# **** set quota **** +quotaconf() +{ + + # checking for root privileges + amiroot + + # checking if user exists + isuserthere $accname + + # breaking up if user does not exist + if [ $? -eq "1" ]; then + echo "error: user does not exist." + exit 1 + fi + + # calculate free quota + local fsize=$(quotacalc) + + local run="yes" + while [ $run = "yes" ]; do + echo "please specify quota for user $accname. (in megabytes)" + echo "maximum: $fsize" + read accquota + if [ -z "$accquota" ]; then + echo "this field is mandatory." + else + if [ $accquota -lt $fsize ]; then + local run="no" + else + echo "specified size too big or not a number. try again." + fi + fi + done + + # set quota + accblockquota=$((accquota*1024)) + setquota --all -u $accname $accblockquota $accblockquota 0 0 + +} + + +# **** check if user is already there or needs to be created **** +isuserthere() +{ + + id $accname &> /dev/null + if [ $? -eq "0" ]; then + return 0 + else + return 1 + fi + +} + +##### user creation ##### +add() +{ + +# am i root? +amiroot + +# checking if user already exists +isuserthere + +# breaking up if user already exists +if [ $? -eq "0" ]; then + echo "error: user already exists." + exit 1 +fi + +# choose ftp or sftp +echo "specify account type [sftp|ftp]" +read acctype + +if [ $acctype = "sftp" ]; then + : +else + if [ $acctype = "ftp" ]; then + : + else + echo "i'm sorry, i need to break this up right now." + echo "it seams you can not understand some simple instructions." + exit 1 + fi +fi + +# read requester if configfile option is 1 +while [ $trackrequester = "1" ]; do + echo "who orderd this account? (i'm tracking this for a greater good.)" + read accrequester + if [ -z "$accrequester" ]; then + echo "this field is mandatory." + else + trackrequester="notanymore" + fi +done + +# set accport +if [ $acctype = "sftp" ]; then + local accport="22" +else + local accport="21" +fi + +# get timestamp +local acctimestamp=$(date '+%d.%m.%Y %H:%M') + +# create home, set its permissions and add the user to sftp/ftpgroup +if [ $acctype = "sftp" ]; then + mkdir -p $accpath/$acctype"_accounts"/$accname/data + # create the actual user (sftp) + useradd -d /data -M -U -s /usr/lib/sftp-server $accname + chown -R $accname\: $accpath/$acctype"_accounts"/$accname/data + usermod -G $sftpgroup $accname +else + mkdir -p $accpath/$acctype"_accounts"/$accname + # create the actual user (ftp) + useradd -d $accpath/$acctype"_accounts"/$accname -M -U -s /bin/false $accname + chown -R $accname\: $accpath/$acctype"_accounts"/$accname + usermod -G $ftpgroup $accname +fi + +# set password +local accpass=$(setpasswd) + +# configure quota +quotaconf + +# trigger logging +logging $acctype $accname $accpass $accquota $accrequester $acctimestamp + +# print account data +echo +echo "account data" +echo +echo "host:" $acchost +echo "port:" $accport +echo "username:" $accname +echo "password:" $accpass +echo "quota:" $accquota"MB" +echo "directory:" $accpath/$acctype"_accounts"/$accname +echo "requester:" $accrequester +echo + +} + +# **** user deletion **** +delete() +{ + + # am i root? + amiroot + + # checking if user exists + isuserthere + + # breaking up if user does not exist + if [ $? -eq "1" ]; then + echo "error: user does not exist" + exit 1 + fi + + id -nG $accname | grep $sftpgroup &> /dev/null + if [ $? -eq "0" ]; then + deluser $accname &> /dev/null + rm -r $accpath/sftp_accounts/$accname + else + deluser $accname &> /dev/null + rm -r $accpath/ftp_accounts/$accname + fi + +} + +# **** generate password **** +setpasswd() +{ + + # checking if user exists + isuserthere + + # breaking up if user does not exist + if [ $? -eq "1" ]; then + echo "error: user does not exist" + exit 1 + fi + + + # generating password + local accpass=$(pwgen -snc 10 1) + echo $accpass > pass.txt + local accencpass=$(makepasswd --clearfrom=pass.txt --crypt-md5 | awk '{print $2}') + rm pass.txt + + # setting the password + usermod -p $accencpass $accname + + # returning unencrypded password + echo $accpass + +} + +# **** logging **** +logging() +{ + + if [ $logging -eq "1" ]; then + echo $@ >> $acclogfile + fi + +} + +# **** statistics **** +stats() +{ + + echo "feature not yet implemented" + +} + diff --git a/ftpsftp/ftpsftp.sh b/ftpsftp/ftpsftp.sh new file mode 100755 index 0000000..2908bc3 --- /dev/null +++ b/ftpsftp/ftpsftp.sh @@ -0,0 +1,116 @@ +#!/bin/bash + + +################################################# +## ## +## FTPsFTP ## +## standalone ftp/sftp server solution ## +## ## +################################################# + + +# **** do not touch as long as you are not me **** +version="v0.5_beta" +author="david@socialnerds.org" +giturl="git://git.socialnerds.org/ftpsftp.git" +logwhat="ftpsftp" +log2stdout="1" + +functionfile="/opt/ftpsftp/ftpsftp.func" +configfile="/etc/ftpsftp.conf" + + +# **** read function definitions and config file **** +if [ -r $functionfile ]; then + source $functionfile +else + echo "error: functionfile not found." + exit 1 +fi + +if [ -r $configfile ]; then + source $configfile +else + echo "error: configuration file not found." + exit 1 +fi + +# **** load bashlib **** +# need for some better routine to include bashlib +if [ -d $bashlibpath ]; then + source $bashlibpath/main + source $bashlibpath/logengine + log debug "preflight - logengine loaded" +else + echo "ERROR: bashlib not found" + exit 1 +fi + + +# **** processing options **** +while getopts "h,s,a:,d:,r:,q:,u,v" OPTION; do + case $OPTION in + h) + usage + exit 0 + ;; + s) + stats + exit 0 + ;; + a) + accname=$OPTARG + run="yes" + while [ $run = "yes" ]; do + add + echo "do you want to create another user? (yes/no)" + read run + if [[ $run = "yes" ]] || [[ $run = "y" ]]; then + echo "specify account name" + read accname + run="yes" + fi + done + exit 0 + ;; + d) + accname=$OPTARG + delete + exit 0 + ;; + r) + accname=$OPTARG + accpass=$(setpasswd) + echo "the new password for user $accname is: $accpass" + exit 0 + ;; + q) + accname=$OPTARG + quotaconf + exit 0 + ;; + u) + update + exit 0 + ;; + v) + version + exit 0 + ;; + ?) + usage + exit 1 + ;; + esac +done + + +# **** print usage message if no option is given **** +if [ -z $1 ]; then + usage + exit 1 +fi + + +# **** end of script **** +exit 0 diff --git a/ftpsftp/install.sh b/ftpsftp/install.sh new file mode 100755 index 0000000..79bd2e6 --- /dev/null +++ b/ftpsftp/install.sh @@ -0,0 +1,207 @@ +#!/bin/bash + + +################################################# +## ## +## FTPsFTP ## +## installation script ## +## ## +################################################# + + +# **** ftpsftp installation routine **** + +# **** configuration section **** +giturl="http://git.gitorious.org/aec/ftpsftp.git" +acclogfile="/var/log/ftpsftp_accounts.log" #changed +logfile="/var/log/ftpsftp.log" #new +configfile="/etc/ftpsftp.conf" #changed +reporoot="/opt" #new + + +# **** am i root? **** +if [ "$(whoami)" != "root" ]; then + echo + echo "$USER, in order to do this you need to gain root privileges." + echo + exit 1; +fi + + +# **** uninstall **** +if [ -z $1 ]; then + : +elif [ $1 = "--uninstall" ]; then + # **** removing files **** + rm -r $reporoot/ftpsftp + rm $logfile + rm $acclogfile + rm $configfile + rm /etc/vsftpd.chroot_list + rm /usr/local/bin/ftpsftp + rm /etc/fstab + mv /etc/fstab_orig /etc/fstab + rm cp /etc/vsftpd.conf + mv /etc/vsftpd.conf_orig /etc/vsftpd.conf + rm /etc/vsftpd.group_list + rm cp /etc/pam.d/vsftpd + mv /etc/pam.d/vsftpd_orig /etc/pam.d/vsftpd + rm /etc/ssh/sshd_config + mv /etc/ssh/sshd_config_orig /etc/ssh/sshd_config + rm /etc/shells + mv /etc/shells_orig /etc/shells + + # **** removing groups **** + #delgroup $sftpgroup + #delgroup $ftpgroup + echo "info: everything except the system groups and the packages installed with apt successfully removed" +fi + + +# **** installing dependencies **** +echo "info: trying to install dependencies via apt" +apt-get update +apt-get install -y vsftpd ssh quota quotatool makepasswd pwgen git-core vim + + +# **** reading configuration from user **** +echo "specify under which path the account home dirs should be stored (no tailing slash)" +read accpath + +echo "specify the mointpoint of the device where your accounts are stored (needed for quota config)" +read quotamountpoint + +echo "specify the fqdn of your host" +read acchost + +echo "specify a system group for your sftp users [default: sftpusers]" +read sftpgroup +if [ -z $sftpgroup ]; then + sftpgroup="sftpusers" +fi + +echo "specify a system group for your ftp users [default: ftpusers]" +read ftpgroup +if [ -z $ftpgroup ]; then + ftpgroup="ftpusers" +fi + + +# **** creating needed directorys **** +# just in case, they should be already there +echo "info: creating directorys" +mkdir -p /var/log +mkdir -p $reporoot + + +# **** creating configfiles and logfiles **** +echo "info: creating configuration and log files" + +# creating chroot_list +echo "$USER" > /etc/vsftpd.chroot_list + +# creating log files +echo "type name pass quota reguester timestamp" > $acclogfile +touch $logfile + +# create ftpsftp configuration file (default: /etc/ftpsftp/ftpsftp.conf) +echo '## ftpsftp configuration file ## + +accpath="'$accpath'" # this should point to where your accounts should be located +quotamountpoint="'$quotamountpoint'" # mount point for quota configuration +acchost="'$acchost'" # the dns name where your sever is reachable +sftpgroup="'$sftpgroup'" # system group +ftpgroup="'$ftpgroup'" # system group +trackrequester="1" # switch to 0 if you do not want to track the account requester +logging="1" # set this to 0 if you do not want any logging + +' > $configfile + + +# **** cloning master branch of ftpsftp git repo **** +echo "info: cloning files from git repository to /opt/ftpsftp" +cd $reporoot +git clone $giturl + + +# **** set symlink for script in /usr/local/bin **** +echo "info: creating symlink for script in /usr/local/bin" +cd /usr/local/bin +ln -s $reporoot/ftpsftp/ftpsftp.sh ftpsftp + + +# **** configure quota **** +echo "info: configuring quota in fstab for $quotamountpoint" +cp /etc/fstab /etc/fstab_orig +cat /etc/fstab | grep -v $quotamountpoint > /etc/~fstab +storageopt=$(cat /etc/fstab | grep $quotamountpoint | awk '{print $4}') +sed -i 's/'$storageopt'/'$storageopt',usrquota/' /etc/fstab +cat /etc/fstab | grep $quotamountpoint >> /etc/~fstab +rm /etc/fstab && mv /etc/~fstab /etc/fstab +umount $quotamountpoint +mount -a +/etc/init.d/quota restart + + +# **** configure vsftp **** +cp /etc/vsftpd.conf /etc/vsftpd.conf_orig +#sed -i 's/#listen_ipv6=YES/listen_ipv6=YES/' /etc/vsftpd.conf +sed -i 's/#write_enable=YES/write_enable=YES/' /etc/vsftpd.conf +sed -i 's/#local_umask=022/local_umask=0007\nfile_open_mode=0770/' /etc/vsftpd.conf +sed -i 's/#chroot_local_user=YES/chroot_local_user=YES/' /etc/vsftpd.conf +sed -i 's/#chroot_list_enable=YES/chroot_list_enable=YES/' /etc/vsftpd.conf +sed -i 's/#chroot_list_file=\/etc\/vsftpd.chroot_list/chroot_list_file=\/etc\/vsftpd.chroot_list/' /etc/vsftpd.conf +sed -i 's/#ftpd_banner=Welcome to blah FTP service./ftpd_banner=Welcome to '$acchost'./' /etc/vsftpd.conf + + +# creating vsftpd.group_list (used by pam) +addgroup $ftpgroup +echo " +$ftpgroup +admin +" > /etc/vsftpd.group_list + +# adding group list to pam.d +cp /etc/pam.d/vsftpd /etc/pam.d/vsftpd_orig +sed '2 a auth required pam_listfile.so item=group sense=allow file=/etc/vsftpd.group_list onerr=fail' /etc/pam.d/vsftpd > /etc/pam.d/vsftpd_new +rm /etc/pam.d/vsftpd && mv /etc/pam.d/vsftpd_new /etc/pam.d/vsftpd + +# restarting ftp service +/etc/init.d/vsftpd restart + + +# **** configure sshd **** +echo "info: configuring ssh server" +addgroup $sftpgroup +cp /etc/ssh/sshd_config /etc/ssh/sshd_config_orig +sed -i 's/Subsystem sftp \/usr\/lib\/openssh\/sftp-server/Subsystem sftp internal-sftp/' /etc/ssh/sshd_config + +echo " + +##### ssh configuration done by ftpsftp ############ +AllowGroups admin $sftpgroup + +Match group sftpusers + ChrootDirectory $accpath/sftp_accounts/%u + X11Forwarding no + AllowTcpForwarding no + ForceCommand internal-sftp + +" >> /etc/ssh/sshd_config + +/etc/init.d/ssh restart + +## adding shells +cp /etc/shells /etc/shells_orig +echo " +/bin/false +/usr/lib/sftp-server +" >> /etc/shells + + +echo "you can now delete this script." +echo "all you need is in $reporoot/ftpsftp, $configfile, $acclogfile and $logfile" +echo 'everything should be set to create your first user. try "ftpsftp -a "' +echo + +exit 0