Commit c051d66a authored by jaime's avatar jaime
Browse files

some renaming, comments, and providing local to remote setup script

parent 86e1520a
#!/bin/bash
#this script create a local sftp only user with access to sshfs mounted directories owned by other local users
(( `id -u` )) && echo -e "\e[00;31mEs necesario correr este script con privilegios de root\e[00m" && exit 1
source wrapper_functions_sftp_sshfs_share
USER=$1
REMOTEUSER=$2
DEFAULT_DIRS="privado respaldos"
#this folder will contain other shared mount points
MASTER_SHARED_FOLDER="compartido"
SPECIAL_KEYNAME="sshfs_mount"
REMOTE_HOST="127.0.0.1"
REMOTE_SHAREDFOLDER="compartido"
DEFAULT_SFTPGROUP="sftponly"
LOCAL_SFTPGROUP="localsftp"
create_special_group $DEFAULT_SFTPGROUP $(get_next_gid);
[[ $? -ne 0 ]] && echo "error creando grupo $DEFAULT_SFTPGROUP" && exit;
create_sftp_user $USER "" $DEFAULT_SFTPGROUP
[[ $? -ne 0 ]] && echo "error creando usuario $USER" && exit 1;
HOMEDIR=$(getent passwd $USER | cut -f6 -d:)
SSHKEY=${HOMEDIR}/.ssh/${SPECIAL_KEYNAME}
#create default dirs for local user
for DIR in $DEFAULT_DIRS; do
mkdir ${HOMEDIR}/${DIR} 2> /dev/null
#must be owned by user to alow writing by user
chown $USER:$USER ${HOMEDIR}/${DIR} 2>/dev/null
done
#create master_shared_folder owned by root
mkdir ${HOMEDIR}/${MASTER_SHARED_FOLDER} 2> /dev/null
create_special_key $USER $SPECIAL_KEYNAME
[[ $? -ne 0 ]] && echo "error creando llave $SPECIAL_KEYNAME" && exit 1;
[[ -z $REMOTEUSER ]] && exit 0;
MOUNTPOINT=${HOMEDIR}/${MASTER_SHARED_FOLDER}/${REMOTEUSER}
create_special_group $LOCAL_SFTPGROUP $(get_next_gid);
[[ $? -ne 0 ]] && echo "error creando grupo $LOCAL_SFTPGROUP" && exit 1;
create_sftp_user $REMOTEUSER "-" $LOCAL_SFTPGROUP $(get_next_gid)
[[ $? -ne 0 ]] && echo "error creando user $REMOTEUSER" && exit 1;
REMOTEHOMEDIR=$(getent passwd $REMOTEUSER | cut -f6 -d:)
mkdir -p ${REMOTEHOMEDIR}/${REMOTE_SHAREDFOLDER}
chown $REMOTEUSER:$REMOTEUSER ${REMOTEHOMEDIR}/${REMOTE_SHAREDFOLDER}
cat ${SSHKEY}.pub >> ${REMOTEHOMEDIR}/.ssh/authorized_keys
create_systemd_sshfs_mount_point "${REMOTEUSER}@${REMOTE_HOST}:${REMOTE_SHAREDFOLDER}" "$MOUNTPOINT" "$USER" "$SSHKEY"
[[ $? -ne 0 ]] && echo "error creando systemd mount unit-files" && exit 1;
exit 0
#!/bin/bash
#this script create a local sftp only user with access to sshfs mounted directories owned by users on a remote host
(( `id -u` )) && echo -e "\e[00;31mEs necesario correr este script con privilegios de root\e[00m" && exit 1
source wrapper_functions_sftp_sshfs_share
USER=$1
REMOTEUSER=$2
SPECIAL_KEY_NAME="id_rsa"
REMOTE_HOST=$3
MOUNTPOINT=$4
REMOTE_SHAREDFOLDER=$5
DEFAULT_SFTPGROUP="sftpusers"
create_special_group $DEFAULT_SFTPGROUP $(get_next_gid);
[[ $? -ne 0 ]] && echo "error creando grupo $DEFAULT_SFTPGROUP" && exit;
create_sftp_user $USER "" $DEFAULT_SFTPGROUP
[[ $? -ne 0 ]] && echo "error creando usuario $USER" && exit 1;
HOMEDIR=$(getent passwd $USER | cut -f6 -d:)
SSHKEY=/etc/ssh/users/${USER}/${SPECIAL_KEY_NAME}
create_special_key $USER $SPECIAL_KEY_NAME
[[ $? -ne 0 ]] && echo "error creando llave $SPECIAL_KEY_NAME" && exit 1;
[[ -z $REMOTEUSER ]] && exit 0;
[[ -z $MOUNTPOINT ]] && MOUNTPOINT=${HOMEDIR}/${REMOTEUSER};
mkdir "$MOUNTPOINT"
create_systemd_sshfs_mount_point "${REMOTEUSER}@${REMOTE_HOST}:${REMOTE_SHAREDFOLDER}" "$MOUNTPOINT" "$USER" "$SSHKEY"
[[ $? -ne 0 ]] && echo "error creando systemd mount unit-files" && exit 1;
exit 0
......@@ -11,4 +11,5 @@ RequiresMountsFor=<<HOMEDIR>>
What=<<REMOTEUSER>>@<<HOST>>:<<SHAREDFOLDER>>
Where=<<MOUNTPOINT>>
Type=fuse.sshfs
#these options allow rw access by local user to remote files in the local mount but all changes retain correct ownership by remote user on remote host
Options=noauto,_netdev,users,idmap=user,uid=<<USERID>>,gid=<<USERID>>,IdentityFile=<<SSHKEY>>,allow_other,reconnect
......@@ -30,12 +30,14 @@ function create_special_group {
function create_special_key {
local user=$1
local keyname=$2
local keydir=$3
local result=$(getent passwd $user)
[[ $? -ne 0 ]] && return 1; #usuario no existe
local homedir=$(echo $result | cut -f6 -d:)
local keydir=${homedir}/.ssh
[[ -z $keydir ]] && keydir=${homedir}/.ssh
[[ ! -d "$keydir" ]] && mkdir $keydir;
[[ $? -ne 1 ]] && echo "error with keydir path" && return 1;
......@@ -74,6 +76,9 @@ function create_sftp_user {
[[ -z "$mail" ]] && read -p " Ingresa un correo de contacto para el nuevo usuario: " mail
comment_arg=''
[[ ! -z "$mail" ]] && comment_arg="--comment $mail"
if [[ ! -z $uid ]] ; then
#crear usuario con uid especial
local uid_arg="--uid ${uid}";
......@@ -83,11 +88,10 @@ function create_sftp_user {
uid_arg="-K UID_MIN=1000 -K UID_MAX=9999";
fi
group_arg=''
[[ ! -z $sftpgroup ]] && local group_arg="--groups ${sftpgroup}";
useradd --home-dir /home/${sftpuser} --no-create-home $uid_arg\
--shell /bin/false --comment $mail --user-group $group_arg $sftpuser
useradd --home-dir /home/${sftpuser} --no-create-home $uid_arg --shell /bin/false $comment_arg --user-group $group_arg $sftpuser
if [[ $? -ne 0 ]] ; then
echo " Error creando usuario"
......@@ -95,9 +99,11 @@ function create_sftp_user {
fi
#home del usuario sftp debe pertenecer a root
#asume que umask es 022
current_mask=$(umask -S)
umask -S 0022
mkdir /home/${sftpuser}
mkdir /home/${sftpuser}/.ssh
touch /home/${sftpuser}/.ssh/authorized_keys
mkdir /home/${sftpuser}/.ssh
touch /home/${sftpuser}/.ssh/authorized_keys
umask -S $current_mask 1> /dev/null
return 0
}
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment