511 lines
11 KiB
Bash
511 lines
11 KiB
Bash
#!/bin/bash
|
|
|
|
#################################################
|
|
## ##
|
|
## FTPsFTP ##
|
|
## standalone ftp/sftp server solution ##
|
|
## ##
|
|
#################################################
|
|
|
|
|
|
|
|
# **** do not touch as long as you are not me ****
|
|
version="v0.4.1b"
|
|
author="david@socialnerds.org"
|
|
giturl="http://git.gitorious.org/aec/ftpsftp.git"
|
|
|
|
|
|
# **** usage message ****
|
|
usage()
|
|
{
|
|
cat << EOF
|
|
usage: ftpsftp options
|
|
|
|
OPTIONS:
|
|
-h show this message
|
|
-i install ftpsftp on this ubuntu box
|
|
-a <username> add a user
|
|
-d <username> delete a user (not yet implemented)
|
|
-r <username> reset password for user (not yet implemented)
|
|
-q <username> (re)set the quota for user ****new feature****
|
|
-u update ftpsftp (pull from git)
|
|
-v version information
|
|
|
|
EOF
|
|
}
|
|
|
|
|
|
# **** version message ****
|
|
version()
|
|
{
|
|
echo
|
|
echo "FTPsFTP - standalone ftp/sftp server solution"
|
|
echo
|
|
echo "vesion: $version"
|
|
echo "author: $author"
|
|
echo
|
|
}
|
|
|
|
|
|
# **** am i root? ****
|
|
amiroot()
|
|
{
|
|
if [ "$(whoami)" != "root" ]; then
|
|
echo
|
|
echo "sorry $USER, you need to gain root privileges to do this."
|
|
echo
|
|
exit 1;
|
|
fi
|
|
}
|
|
|
|
|
|
|
|
# **** installation routine ****
|
|
installation()
|
|
{
|
|
|
|
## am i root?
|
|
amiroot
|
|
|
|
|
|
## installing dependencies
|
|
echo "info: trying to install dependencies via apt"
|
|
apt-get update
|
|
apt-get install -y vsftpd ssh quota quotatool makepasswd pwgen git-core vim
|
|
|
|
|
|
## reading configuration from user (stdin)
|
|
echo "specify under which path the account home dirs should be stored (no tailing slash)"
|
|
read accpath
|
|
echo "specify the mointpoint of the device where your accounts are stored (needed for quota config)"
|
|
read quotamountpoint
|
|
echo "specify the fqdn of your host"
|
|
read acchost
|
|
echo "specify a system group for your sftp users [default: sftpusers]"
|
|
read sftpgroup
|
|
if [ -z $sftpgroup ]; then
|
|
sftpgroup="sftpusers"
|
|
fi
|
|
|
|
|
|
## creating needed directorys
|
|
echo "info: creating directorys"
|
|
mkdir -p /etc/ftpsftp
|
|
mkdir -p /var/log/ftpsftp
|
|
mkdir -p /opt
|
|
|
|
|
|
## creating configfiles and logfiles
|
|
echo "info: creating configuration and log files"
|
|
echo "$USER" > /etc/vsftpd.chroot_list
|
|
touch /etc/vsftpd.user_list
|
|
echo "type name pass quota reguester timestamp" > /var/log/ftpsftp/accounts.log
|
|
#touch /var/log/ftpsftp/system.log #not yet in use
|
|
echo '## ftpsftp configuration file ##
|
|
|
|
accpath="'$accpath'" # this should point to where your accounts should be located
|
|
quotamountpoint="'$quotamountpoint'" # mount point for quota configuration
|
|
acchost="'$acchost'" # the dns name where your sever is reachable
|
|
sftpgroup="'$sftpgroup'" # system group
|
|
trackrequester="1" # switch to 0 if you do not want to track the account requester
|
|
logging="1" # set this to 0 if you do not want any logging
|
|
mailnotification="0" # set this to 0 if you do not want any mail notifications (not yet implemented)
|
|
|
|
' > /etc/ftpsftp/ftpsftp.conf
|
|
|
|
|
|
## cloning master of ftpsftp git repo
|
|
echo "info: cloning files from git repository to /opt/ftpsftp"
|
|
cd /opt
|
|
git clone $giturl
|
|
|
|
|
|
## set symlink for script in /usr/local/bin
|
|
echo "info: creating symlink for script in /usr/local/bin"
|
|
cd /usr/local/bin
|
|
ln -s /opt/ftpsftp/ftpsftp.sh ftpsftp
|
|
|
|
|
|
## configure quota
|
|
echo "info: configuring quota in fstab for $quotamountpoint"
|
|
storageopt=$(cat /etc/fstab | grep $quotamountpoint | awk '{print $4}')
|
|
sed -i 's/'$storageopt'/'$storageopt',usrquota/' /etc/fstab
|
|
umount $quotamountpoint
|
|
mount -a
|
|
/etc/init.d/quota restart
|
|
|
|
|
|
## configure vsftp
|
|
cp /etc/vsftpd.conf /etc/vsftpd.conf_orig
|
|
#sed -i 's/#listen_ipv6=YES/listen_ipv6=YES/' /etc/vsftpd.conf
|
|
sed -i 's/#write_enable=YES/write_enable=YES/' /etc/vsftpd.conf
|
|
sed -i 's/#local_umask=022/local_umask=0007\nfile_open_mode=0770/' /etc/vsftpd.conf
|
|
sed -i 's/#chroot_local_user=YES/chroot_local_user=YES/' /etc/vsftpd.conf
|
|
sed -i 's/#chroot_list_enable=YES/chroot_list_enable=YES/' /etc/vsftpd.conf
|
|
sed -i 's/#chroot_list_file=\/etc\/vsftpd.chroot_list/chroot_list_file=\/etc\/vsftpd.chroot_list/' /etc/vsftpd.conf
|
|
sed -i 's/#ftpd_banner=Welcome to blah FTP service./ftpd_banner=Welcome to '$acchost'./' /etc/vsftpd.conf
|
|
|
|
echo "
|
|
## added by ftpsftp
|
|
userlist_enable=YES
|
|
userlist_deny=NO
|
|
userlist_file=/etc/vsftpd.user_list
|
|
" >> /etc/vsftpd.conf
|
|
/etc/init.d/vsftpd restart
|
|
|
|
|
|
## configure sshd
|
|
echo "info: configuring ssh server"
|
|
addgroup $sftpgroup
|
|
cp /etc/ssh/sshd_config /etc/ssh/sshd_config_orig
|
|
sed -i 's/Subsystem sftp \/usr\/lib\/openssh\/sftp-server/Subsystem sftp internal-sftp/' /etc/ssh/sshd_config
|
|
|
|
echo "
|
|
|
|
##### ssh configuration done by ftpsftp ############
|
|
|
|
AllowGroups admin $sftpgroup
|
|
|
|
Match group sftpusers
|
|
ChrootDirectory $accpath/sftp_accounts/%u
|
|
X11Forwarding no
|
|
AllowTcpForwarding no
|
|
ForceCommand internal-sftp
|
|
|
|
####################################################
|
|
|
|
" >> /etc/ssh/sshd_config
|
|
|
|
/etc/init.d/ssh restart
|
|
|
|
## adding shells
|
|
echo "
|
|
/bin/false
|
|
/usr/lib/sftp-server
|
|
" >> /etc/shells
|
|
|
|
|
|
echo "you can now delete this script."
|
|
echo "all you need is in /opt/ftpsftp, /etc/ftpsftp and /var/log/ftpsftp."
|
|
echo 'everything is set to create your first user. try "ftpsftp -a <username>"'
|
|
}
|
|
|
|
|
|
|
|
##### ftpsftp update #####
|
|
update()
|
|
{
|
|
|
|
## am i root?
|
|
amiroot
|
|
|
|
cd /opt/ftpsftp
|
|
git pull origin master
|
|
|
|
}
|
|
|
|
|
|
|
|
##### user creation #####
|
|
add()
|
|
{
|
|
|
|
## am i root?
|
|
amiroot
|
|
|
|
|
|
## set accname
|
|
accname=$1
|
|
|
|
|
|
## check if installed
|
|
|
|
|
|
## reading configfile
|
|
source /etc/ftpsftp/ftpsftp.conf
|
|
|
|
|
|
## choose ftp or sftp
|
|
echo "specify account type [sftp|ftp]"
|
|
read acctype
|
|
|
|
if [ $acctype = "sftp" ]; then
|
|
:
|
|
else
|
|
if [ $acctype = "ftp" ]; then
|
|
:
|
|
else
|
|
echo "i'm sorry, i need to break this up right now."
|
|
echo "it seams you can not understand some simple instructions."
|
|
exit 1
|
|
fi
|
|
fi
|
|
|
|
|
|
## quota
|
|
ablocks=$(df | grep $quotamountpoint | awk '{print $2}')
|
|
gblocks=$(repquota $quotamountpoint | grep 000 | awk '{print $4}')
|
|
set -- $gblocks
|
|
quotacount=0
|
|
for var in "$@"
|
|
do
|
|
quotacount=$(($quotacount+$var))
|
|
done
|
|
|
|
gblocks=$quotacount
|
|
fblocks=$(($ablocks-$gblocks))
|
|
fsize=${fblocks:0:$((${#fblocks}-3))}
|
|
|
|
needaccquota="yes"
|
|
while [ $needaccquota = "yes" ]; do
|
|
echo "please specify how much diskspace this account should provide. (in megabytes)"
|
|
echo "maximum: $fsize"
|
|
read accquota
|
|
if [ -z "$accquota" ]; then
|
|
echo "this field is mandatory."
|
|
else
|
|
if [ $accquota -lt $fsize ]; then
|
|
needaccquota="notanymore"
|
|
else
|
|
echo "specified size too big or not a number. try again."
|
|
fi
|
|
fi
|
|
done
|
|
|
|
|
|
## requester
|
|
while [ $trackrequester = "1" ]; do
|
|
echo "who orderd this account? (i'm tracking this for a greater good.)"
|
|
read accrequester
|
|
if [ -z "$accrequester" ]; then
|
|
echo "this field is mandatory."
|
|
else
|
|
trackrequester="notanymore"
|
|
fi
|
|
done
|
|
|
|
|
|
## set $accport
|
|
if [ $acctype = "sftp" ]; then
|
|
accport="22"
|
|
else
|
|
accport="21"
|
|
fi
|
|
|
|
|
|
## get timestamp
|
|
acctimestamp=$(date '+%d.%m.%Y %H:%M')
|
|
|
|
|
|
## gen password (accpass)
|
|
accpass=$(pwgen -snc 10 1)
|
|
echo $accpass > pass.txt
|
|
accencpass=$(makepasswd --clearfrom=pass.txt --crypt-md5 | awk '{print $2}')
|
|
rm pass.txt
|
|
|
|
|
|
## create home, set its permissions and add the user to sftp/ftpgroup
|
|
if [ $acctype = "sftp" ]; then
|
|
mkdir -p $accpath/$acctype"_accounts"/$accname/data
|
|
# create the actual user (sftp)
|
|
useradd -d /data -M -U -s /usr/lib/sftp-server -p $accencpass $accname
|
|
chown -R $accname\: $accpath/$acctype"_accounts"/$accname/data
|
|
usermod -G $sftpgroup $accname
|
|
else
|
|
mkdir -p $accpath/$acctype"_accounts"/$accname
|
|
# create the actual user (ftp)
|
|
useradd -d $accpath/$acctype"_accounts"/$accname -M -U -s /bin/false -p $accencpass $accname
|
|
chown -R $accname\: $accpath/$acctype"_accounts"/$accname
|
|
echo $accname >> /etc/vsftpd.user_list
|
|
fi
|
|
|
|
|
|
## configure quota
|
|
accquota=$((accquota/1000*1024))
|
|
setquota --all -u $accname $accquota"000" $accquota"000" 0 0
|
|
|
|
|
|
## trigger log
|
|
logging
|
|
|
|
|
|
## account data output
|
|
echo
|
|
echo "account data"
|
|
echo
|
|
echo "host:" $acchost
|
|
echo "port:" $accport
|
|
echo "username:" $accname
|
|
echo "password:" $accpass
|
|
echo "quota:" $accquota"mb"
|
|
echo "directory:" $accpath/$acctype"_accounts"/$accname
|
|
echo "requester:" $accrequester
|
|
echo
|
|
|
|
}
|
|
|
|
|
|
|
|
##### user deletion #####
|
|
delete()
|
|
{
|
|
|
|
## am i root?
|
|
amiroot
|
|
|
|
accname=$1
|
|
echo "feature not yet implemented"
|
|
|
|
}
|
|
|
|
|
|
|
|
##### password reset #####
|
|
reset()
|
|
{
|
|
|
|
## am i root?
|
|
amiroot
|
|
|
|
accname=$1
|
|
echo "feature not yet implemented"
|
|
|
|
}
|
|
|
|
resetquota()
|
|
{
|
|
|
|
accname=$1
|
|
|
|
## reading configfile
|
|
source /etc/ftpsftp/ftpsftp.conf
|
|
|
|
## quota calc
|
|
ablocks=$(df | grep $quotamountpoint | awk '{print $2}')
|
|
gblocks=$(repquota $quotamountpoint | grep 000 | awk '{print $4}')
|
|
set -- $gblocks
|
|
quotacount=0
|
|
for var in "$@"
|
|
do
|
|
quotacount=$(($quotacount+$var))
|
|
done
|
|
|
|
gblocks=$quotacount
|
|
fblocks=$(($ablocks-$gblocks))
|
|
fsize=${fblocks:0:$((${#fblocks}-3))}
|
|
|
|
needaccquota="yes"
|
|
while [ $needaccquota = "yes" ]; do
|
|
echo "please specify how much diskspace this account should provide. (in megabytes)"
|
|
echo "maximum: $fsize"
|
|
read accquota
|
|
if [ -z "$accquota" ]; then
|
|
echo "this field is mandatory."
|
|
else
|
|
if [ $accquota -lt $fsize ]; then
|
|
needaccquota="notanymore"
|
|
else
|
|
echo "specified size too big or not a number. try again."
|
|
fi
|
|
fi
|
|
done
|
|
|
|
## set quota
|
|
accquota=$((accquota/1000*1024))
|
|
setquota --all -u $accname $accquota"000" $accquota"000" 0 0
|
|
|
|
}
|
|
|
|
|
|
##### logging #####
|
|
logging()
|
|
{
|
|
|
|
if [ $logging = 1 ]; then
|
|
echo $acctype $accname $accpass $accquota $accrequester $acctimestamp >> /var/log/ftpsftp/accounts.log
|
|
fi
|
|
|
|
}
|
|
|
|
|
|
|
|
##### mail notification #####
|
|
#mailnotification()
|
|
#{
|
|
#
|
|
#if [ $maillog = 1 ]; then
|
|
# echo "mail notification is not yet implemented"
|
|
#fi
|
|
#
|
|
#}
|
|
|
|
|
|
|
|
##### processing options #####
|
|
while getopts "h,i,a:,d:,r:,q:,u,v" OPTION; do
|
|
case $OPTION in
|
|
h)
|
|
usage
|
|
exit 0
|
|
;;
|
|
i)
|
|
installation
|
|
exit 0
|
|
;;
|
|
a)
|
|
name=$OPTARG
|
|
run="yes"
|
|
while [ $run = "yes" ]; do
|
|
add $name
|
|
echo "do you want to create another user? (yes/no)"
|
|
read run
|
|
if [[ $run = "yes" ]] || [[ $run = "y" ]]; then
|
|
echo "specify account name"
|
|
read name
|
|
run="yes"
|
|
fi
|
|
done
|
|
exit 0
|
|
;;
|
|
d)
|
|
rmuser=$OPTARG
|
|
delete $rmuser
|
|
exit 0
|
|
;;
|
|
r)
|
|
rpuser=$OPTARG
|
|
reset $rpuser
|
|
exit 0
|
|
;;
|
|
q)
|
|
squser=$OPTARG
|
|
resetquota $squser
|
|
exit 0
|
|
;;
|
|
u)
|
|
update
|
|
exit 0
|
|
;;
|
|
v)
|
|
version
|
|
exit 0
|
|
;;
|
|
?)
|
|
usage
|
|
exit 1
|
|
;;
|
|
esac
|
|
done
|
|
|
|
|
|
## print usage message if no option is given
|
|
if [ -z $1 ]; then
|
|
usage
|
|
exit 1
|
|
fi
|
|
|
|
|
|
|
|
## end of script
|
|
exit 0
|