some renaming, comments, and providing local to remote setup script

sftp_proxy_localhost_setup

+#!/bin/bash
+
+#this script create a local sftp only user with access to sshfs mounted directories owned by other local users
+
+(( `id -u` )) && echo -e "\e[00;31mEs necesario correr este script con privilegios de root\e[00m" && exit 1
+
+source wrapper_functions_sftp_sshfs_share
+
+USER=$1
+REMOTEUSER=$2
+
+DEFAULT_DIRS="privado respaldos"
+#this folder will contain other shared mount points
+MASTER_SHARED_FOLDER="compartido"
+SPECIAL_KEYNAME="sshfs_mount"
+
+REMOTE_HOST="127.0.0.1"
+REMOTE_SHAREDFOLDER="compartido"
+DEFAULT_SFTPGROUP="sftponly"
+LOCAL_SFTPGROUP="localsftp"
+
+create_special_group $DEFAULT_SFTPGROUP $(get_next_gid);
+[[ $? -ne 0 ]] && echo "error creando grupo $DEFAULT_SFTPGROUP" && exit;
+
+create_sftp_user $USER "" $DEFAULT_SFTPGROUP
+[[ $? -ne 0 ]] && echo "error creando usuario $USER" && exit 1;
+HOMEDIR=$(getent passwd $USER | cut -f6 -d:)
+SSHKEY=${HOMEDIR}/.ssh/${SPECIAL_KEYNAME}
+
+
+#create default dirs for local user
+for DIR in $DEFAULT_DIRS; do
+  mkdir ${HOMEDIR}/${DIR} 2> /dev/null
+  #must be owned by user to alow writing by user
+  chown $USER:$USER ${HOMEDIR}/${DIR} 2>/dev/null
+done
+
+#create master_shared_folder owned by root
+mkdir ${HOMEDIR}/${MASTER_SHARED_FOLDER} 2> /dev/null
+
+create_special_key $USER $SPECIAL_KEYNAME
+[[ $? -ne 0 ]] && echo "error creando llave $SPECIAL_KEYNAME" && exit 1;
+
+
+[[ -z $REMOTEUSER ]] && exit 0;
+
+
+MOUNTPOINT=${HOMEDIR}/${MASTER_SHARED_FOLDER}/${REMOTEUSER}
+
+create_special_group $LOCAL_SFTPGROUP $(get_next_gid);
+[[ $? -ne 0 ]] && echo "error creando grupo $LOCAL_SFTPGROUP" && exit 1;
+
+create_sftp_user $REMOTEUSER "-" $LOCAL_SFTPGROUP $(get_next_gid)
+[[ $? -ne 0 ]] && echo "error creando user $REMOTEUSER" && exit 1;
+
+REMOTEHOMEDIR=$(getent passwd $REMOTEUSER | cut -f6 -d:)
+
+mkdir -p ${REMOTEHOMEDIR}/${REMOTE_SHAREDFOLDER}
+chown $REMOTEUSER:$REMOTEUSER ${REMOTEHOMEDIR}/${REMOTE_SHAREDFOLDER}
+
+cat ${SSHKEY}.pub >> ${REMOTEHOMEDIR}/.ssh/authorized_keys
+
+create_systemd_sshfs_mount_point "${REMOTEUSER}@${REMOTE_HOST}:${REMOTE_SHAREDFOLDER}" "$MOUNTPOINT" "$USER" "$SSHKEY"
+
+[[ $? -ne 0 ]] && echo "error creando systemd mount unit-files" && exit 1;
+
+exit 0

sftp_proxy_setup

+#!/bin/bash
+
+#this script create a local sftp only user with access to sshfs mounted directories owned by users on a remote host
+
+(( `id -u` )) && echo -e "\e[00;31mEs necesario correr este script con privilegios de root\e[00m" && exit 1
+
+source wrapper_functions_sftp_sshfs_share
+
+USER=$1
+REMOTEUSER=$2
+SPECIAL_KEY_NAME="id_rsa"
+REMOTE_HOST=$3
+MOUNTPOINT=$4
+REMOTE_SHAREDFOLDER=$5
+DEFAULT_SFTPGROUP="sftpusers"
+
+create_special_group $DEFAULT_SFTPGROUP $(get_next_gid);
+[[ $? -ne 0 ]] && echo "error creando grupo $DEFAULT_SFTPGROUP" && exit;
+
+create_sftp_user $USER "" $DEFAULT_SFTPGROUP
+[[ $? -ne 0 ]] && echo "error creando usuario $USER" && exit 1;
+
+HOMEDIR=$(getent passwd $USER | cut -f6 -d:)
+SSHKEY=/etc/ssh/users/${USER}/${SPECIAL_KEY_NAME}
+
+create_special_key $USER $SPECIAL_KEY_NAME
+[[ $? -ne 0 ]] && echo "error creando llave $SPECIAL_KEY_NAME" && exit 1;
+
+[[ -z $REMOTEUSER ]] && exit 0;
+
+[[ -z $MOUNTPOINT ]] && MOUNTPOINT=${HOMEDIR}/${REMOTEUSER};
+
+mkdir "$MOUNTPOINT"
+
+create_systemd_sshfs_mount_point "${REMOTEUSER}@${REMOTE_HOST}:${REMOTE_SHAREDFOLDER}" "$MOUNTPOINT" "$USER" "$SSHKEY"
+
+[[ $? -ne 0 ]] && echo "error creando systemd mount unit-files" && exit 1;
+
+
+exit 0

systemd_sshfs_mount_unit_file_templates/template.mount

@@ -11,4 +11,5 @@ RequiresMountsFor=<<HOMEDIR>>
 What=<<REMOTEUSER>>@<<HOST>>:<<SHAREDFOLDER>>
 Where=<<MOUNTPOINT>>
 Type=fuse.sshfs
+#these options allow rw access by local user to remote files in the local mount but all changes retain correct ownership by remote user on remote host
 Options=noauto,_netdev,users,idmap=user,uid=<<USERID>>,gid=<<USERID>>,IdentityFile=<<SSHKEY>>,allow_other,reconnect

wrapper_functions_sftp_sshfs_share

@@ -30,12 +30,14 @@ function create_special_group {
 function create_special_key {
   local user=$1
   local keyname=$2
+  local keydir=$3
 
   local result=$(getent passwd $user)
   [[ $? -ne 0 ]] && return 1; #usuario no existe
-
+  
   local homedir=$(echo $result | cut -f6 -d:)
-  local keydir=${homedir}/.ssh
+  
+  [[ -z $keydir ]] && keydir=${homedir}/.ssh
   [[ ! -d  "$keydir" ]] &&  mkdir $keydir;
   [[ $? -ne 1 ]] && echo "error with keydir path" && return 1;
 
@@ -74,6 +76,9 @@ function create_sftp_user {
 
   [[ -z "$mail" ]] && read -p " Ingresa un correo de contacto para el nuevo usuario: " mail
 
+  comment_arg=''
+  [[ ! -z "$mail" ]] &&  comment_arg="--comment $mail"
+
   if [[ ! -z $uid ]] ; then
     #crear usuario con uid especial
     local uid_arg="--uid ${uid}";
@@ -83,11 +88,10 @@ function create_sftp_user {
     uid_arg="-K UID_MIN=1000 -K UID_MAX=9999";
   fi
 
+  group_arg=''
   [[ ! -z $sftpgroup ]] && local group_arg="--groups ${sftpgroup}";
 
-
-  useradd --home-dir /home/${sftpuser} --no-create-home $uid_arg\
-  --shell /bin/false --comment $mail --user-group $group_arg $sftpuser
+  useradd --home-dir /home/${sftpuser} --no-create-home $uid_arg --shell /bin/false $comment_arg --user-group $group_arg $sftpuser
 
   if [[ $? -ne 0 ]] ; then
      echo " Error creando usuario"
@@ -95,9 +99,11 @@ function create_sftp_user {
   fi
 
   #home del usuario sftp debe pertenecer a root
-  #asume que umask es 022
+  current_mask=$(umask -S)
+  umask -S 0022
   mkdir /home/${sftpuser}
-  mkdir                            /home/${sftpuser}/.ssh
-  touch                            /home/${sftpuser}/.ssh/authorized_keys
+  mkdir /home/${sftpuser}/.ssh
+  touch /home/${sftpuser}/.ssh/authorized_keys
+  umask -S $current_mask 1> /dev/null
   return 0
 }