Initial
This commit is contained in:
Alexey Berezhok
94
bin/v-add-user-sftp-jail
Executable file
94
bin/v-add-user-sftp-jail
Executable file
@@ -0,0 +1,94 @@
|
||||
#!/bin/bash
|
||||
# info: add user sftp jail
|
||||
# options: USER [RESTART]
|
||||
#
|
||||
# example: v-add-user-sftp-jail admin
|
||||
#
|
||||
# This function enables sftp jailed environment
|
||||
|
||||
#----------------------------------------------------------#
|
||||
# Variables & Functions #
|
||||
#----------------------------------------------------------#
|
||||
|
||||
# Argument definition
|
||||
user=$1
|
||||
restart=$2
|
||||
|
||||
# Includes
|
||||
# shellcheck source=/etc/hestiacp/hestia.conf
|
||||
source /etc/hestiacp/hestia.conf
|
||||
# shellcheck source=/usr/local/hestia/func/main.sh
|
||||
source $HESTIA/func/main.sh
|
||||
# load config file
|
||||
source_conf "$HESTIA/conf/hestia.conf"
|
||||
|
||||
#----------------------------------------------------------#
|
||||
# Verifications #
|
||||
#----------------------------------------------------------#
|
||||
|
||||
check_args '1' "$#" 'USER'
|
||||
is_format_valid 'user'
|
||||
check=$(is_object_valid 'user' 'USER' "$user")
|
||||
if [ $? -ne 0 ]; then
|
||||
user_str=$(grep "^$user:" /etc/passwd | egrep "rssh|nologin")
|
||||
#try to detect "owner" of the ftp_user if not found dont set it up
|
||||
user_owner=$(echo $user_str | cut -f6 -d : | cut -f3 -d /)
|
||||
is_object_valid 'user' 'USER' "$user_owner"
|
||||
fi
|
||||
user_str=$(grep "^$user:" /etc/passwd | egrep "rssh|nologin")
|
||||
if [ -z "$user_str" ]; then
|
||||
exit
|
||||
fi
|
||||
|
||||
# Get current users and split into array
|
||||
ssh_users=$(grep -A1 "^# Hestia SFTP Chroot" /etc/ssh/sshd_config | sed -n 2p | sed 's/Match User //')
|
||||
IFS=',' read -r -a users <<< "$ssh_users"
|
||||
|
||||
# Check if jail exist
|
||||
match_string="$ssh_users,"
|
||||
if [[ "$match_string" =~ ,$user, ]]; then
|
||||
if [[ -d /home/$user && -z "$(find /home/$user -user root -print -prune -o -prune)" ]]; then
|
||||
chown root:root /home/$user
|
||||
fi
|
||||
exit
|
||||
fi
|
||||
|
||||
# Perform verification if read-only mode is enabled
|
||||
check_hestia_demo_mode
|
||||
|
||||
#----------------------------------------------------------#
|
||||
# Action #
|
||||
#----------------------------------------------------------#
|
||||
|
||||
# Add user to array
|
||||
users+=($user)
|
||||
|
||||
# Write new user list to config
|
||||
users=$(
|
||||
IFS=','
|
||||
echo "${users[*]// /|}"
|
||||
IFS=$' \t\n'
|
||||
)
|
||||
sed -i "s/$ssh_users/$users/g" /etc/ssh/sshd_config
|
||||
|
||||
# Set home folder permission to root
|
||||
if [ -d "/home/$user" ]; then
|
||||
chown root:root /home/$user
|
||||
fi
|
||||
|
||||
#----------------------------------------------------------#
|
||||
# Hestia #
|
||||
#----------------------------------------------------------#
|
||||
|
||||
# Restart ssh service
|
||||
if [ "$restart" = 'no' ]; then
|
||||
# Skip restart of SSH daemon
|
||||
echo "" > /dev/null 2>&1
|
||||
else
|
||||
service ssh restart > /dev/null 2>&1
|
||||
fi
|
||||
|
||||
# Logging
|
||||
log_event "$OK" "$ARGUMENTS"
|
||||
|
||||
exit
|
||||
Reference in New Issue
Block a user