hestiacp/bin/v-add-user-sftp-jail

#!/bin/bash
# info: add user sftp jail
# options: USER [RESTART]
#
# example: v-add-user-sftp-jail admin
#
# This function enables sftp jailed environment

#----------------------------------------------------------#
#                Variables & Functions                     #
#----------------------------------------------------------#

# Argument definition
user=$1
restart=$2

if [ "$user" == "puppet" ]; then
	exit
fi

# Includes
# shellcheck source=/etc/hestiacp/hestia.conf
source /etc/hestiacp/hestia.conf
# shellcheck source=/usr/local/hestia/func/main.sh
source $HESTIA/func/main.sh
# load config file
source_conf "$HESTIA/conf/hestia.conf"

#----------------------------------------------------------#
#                    Verifications                         #
#----------------------------------------------------------#

check_args '1' "$#" 'USER'
is_format_valid 'user'
check=$(is_object_valid 'user' 'USER' "$user")
if [ $? -ne 0 ]; then
	user_str=$(grep "^$user:" /etc/passwd | egrep "rssh|nologin")
	#try to detect "owner" of the ftp_user if not found dont set it up
	user_owner=$(echo $user_str | cut -f6 -d : | cut -f3 -d /)
	is_object_valid 'user' 'USER' "$user_owner"
fi
user_str=$(grep "^$user:" /etc/passwd | egrep "rssh|nologin")
if [ -z "$user_str" ]; then
	exit
fi

# Get current users and split into array
ssh_users=$(grep -A1 "^# Hestia SFTP Chroot" /etc/ssh/sshd_config | sed -n 2p | sed 's/Match User //')
IFS=',' read -r -a users <<< "$ssh_users"

# Check if jail exist
match_string="$ssh_users,"
if [[ "$match_string" =~ ,$user, ]]; then
	if [[ -d /home/$user && -z "$(find /home/$user -user root -print -prune -o -prune)" ]]; then
		chown root:root /home/$user
	fi
	exit
fi

# Perform verification if read-only mode is enabled
check_hestia_demo_mode

#----------------------------------------------------------#
#                       Action                             #
#----------------------------------------------------------#

# Add user to array
users+=($user)

# Write new user list to config
users=$(
	IFS=','
	echo "${users[*]// /|}"
	IFS=$' \t\n'
)
sed -i "s/$ssh_users/$users/g" /etc/ssh/sshd_config

# Set home folder permission to root
if [ -d "/home/$user" ]; then
	chown root:root /home/$user
fi

#----------------------------------------------------------#
#                       Hestia                             #
#----------------------------------------------------------#

# Restart ssh service
if [ "$restart" = 'no' ]; then
	# Skip restart of SSH daemon
	echo "" > /dev/null 2>&1
else
	service ssh restart > /dev/null 2>&1
fi

# Logging
log_event "$OK" "$ARGUMENTS"

exit
Initial 2 years ago			`#!/bin/bash`
			`# info: add user sftp jail`
			`# options: USER [RESTART]`
			`#`
			`# example: v-add-user-sftp-jail admin`
			`#`
			`# This function enables sftp jailed environment`

			`#----------------------------------------------------------#`
			`# Variables & Functions #`
			`#----------------------------------------------------------#`

			`# Argument definition`
			`user=$1`
			`restart=$2`

Added passenger support. Partialy 1 11 months ago			`if [ "$user" == "puppet" ]; then`
			`exit`
			`fi`

Initial 2 years ago			`# Includes`
			`# shellcheck source=/etc/hestiacp/hestia.conf`
			`source /etc/hestiacp/hestia.conf`
			`# shellcheck source=/usr/local/hestia/func/main.sh`
			`source $HESTIA/func/main.sh`
			`# load config file`
			`source_conf "$HESTIA/conf/hestia.conf"`

			`#----------------------------------------------------------#`
			`# Verifications #`
			`#----------------------------------------------------------#`

			`check_args '1' "$#" 'USER'`
			`is_format_valid 'user'`
			`check=$(is_object_valid 'user' 'USER' "$user")`
			`if [ $? -ne 0 ]; then`
			`user_str=$(grep "^$user:" /etc/passwd \| egrep "rssh\|nologin")`
			`#try to detect "owner" of the ftp_user if not found dont set it up`
			`user_owner=$(echo $user_str \| cut -f6 -d : \| cut -f3 -d /)`
			`is_object_valid 'user' 'USER' "$user_owner"`
			`fi`
			`user_str=$(grep "^$user:" /etc/passwd \| egrep "rssh\|nologin")`
			`if [ -z "$user_str" ]; then`
			`exit`
			`fi`

			`# Get current users and split into array`
			`ssh_users=$(grep -A1 "^# Hestia SFTP Chroot" /etc/ssh/sshd_config \| sed -n 2p \| sed 's/Match User //')`
			`IFS=',' read -r -a users <<< "$ssh_users"`

			`# Check if jail exist`
			`match_string="$ssh_users,"`
			`if [[ "$match_string" =~ ,$user, ]]; then`
			`if [[ -d /home/$user && -z "$(find /home/$user -user root -print -prune -o -prune)" ]]; then`
			`chown root:root /home/$user`
			`fi`
			`exit`
			`fi`

			`# Perform verification if read-only mode is enabled`
			`check_hestia_demo_mode`

			`#----------------------------------------------------------#`
			`# Action #`
			`#----------------------------------------------------------#`

			`# Add user to array`
			`users+=($user)`

			`# Write new user list to config`
			`users=$(`
			`IFS=','`
			`echo "${users[*]// /\|}"`
			`IFS=$' \t\n'`
			`)`
			`sed -i "s/$ssh_users/$users/g" /etc/ssh/sshd_config`

			`# Set home folder permission to root`
			`if [ -d "/home/$user" ]; then`
			`chown root:root /home/$user`
			`fi`

			`#----------------------------------------------------------#`
			`# Hestia #`
			`#----------------------------------------------------------#`

			`# Restart ssh service`
			`if [ "$restart" = 'no' ]; then`
			`# Skip restart of SSH daemon`
			`echo "" > /dev/null 2>&1`
			`else`
			`service ssh restart > /dev/null 2>&1`
			`fi`

			`# Logging`
			`log_event "$OK" "$ARGUMENTS"`

			`exit`