"Fossies" - the Fresh Open Source Software Archive

Member "scponly-20110526/build_extras/setup_chroot.sh.RH9" (19 Nov 2003, 7200 Bytes) of package /linux/privat/old/scponly-20110526.tgz:


As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) Bash source code syntax highlighting (style: standard) with prefixed line numbers and code folding option. Alternatively you can here view or download the uninterpreted source code file.

    1 #!/bin/sh
    2 # rewrited by Konrad Krzysztof Krasinski 2003
    3 # tested on RedHat 9.0
    4 #
    5 # check that the configure options are correct for chrooted operation:
    6 
    7 if [ xscponlyc = x ] || [ ! -f ./config.h ]; then
    8     echo 
    9     echo 'your scponly build is not configured for chrooted operation.'
   10     echo 'please reconfigure as follows, then rebuild and reinstall:'
   11     echo
   12     echo './configure --enable-chrooted-binary (... other options)'
   13     echo
   14     exit 1
   15 fi
   16 
   17 # the following is a list of binaries that will be staged in the target dir
   18 BINARIES=`/bin/grep '#define PROG_' config.h | /bin/cut -f2 -d\" | /bin/grep -v ^cd$`
   19 
   20 # a function to display a failure message and then exit 
   21 fail ( ) {
   22     echo -e $@
   23     exit 1
   24 }
   25 
   26 # "get with default" function
   27 # this function prompts the user with a query and default reply
   28 # it returns the user reply
   29 getwd ( ) {
   30     query="$1"
   31     default="$2"
   32     echo -en "$query [$default]" | cat >&2
   33     read response
   34     if [ x$response = "x" ]; then
   35         response=$default
   36     fi
   37     echo $response
   38 }
   39 
   40 # "get yes no" function
   41 # this function prompts the user with a query and will continue to do so
   42 # until they reply with either "y" or "n"
   43 getyn ( ) {
   44     query="$@"
   45     echo -en $query | cat >&2
   46     read response
   47     while [ x$response != "xy" -a x$response != "xn" ]; do
   48         echo -e "\n'y' or 'n' only please...\n" | cat >&2
   49         echo -en $query | cat >&2
   50         read response
   51     done    
   52     echo $response
   53 }
   54 
   55 if [ x/usr/bin/ldd = x ]; then
   56     echo "this script requires the program ldd to determine which"
   57     fail "shared libraries to copy into your chrooted dir..."
   58 fi
   59 USE_PW=0;
   60 #if [ x/usr/sbin/useradd = x ]; then
   61     USE_PW=1;
   62 #else 
   63 #    if [ x = x ]; then
   64 #   echo "this script requires the program useradd or pw to add your"
   65 #   fail "chrooted scponly user."
   66 #    fi
   67 #fi
   68 
   69 # we need to be root
   70 if [ `id -u` != "0" ]; then
   71     fail "you must be root to run this script\n"
   72 fi
   73 
   74 echo -n "Install for what username? [template_scp]"
   75 read targetuser
   76 if [ "x$targetuser" = "x" ]; then
   77     targetuser="template_scp"
   78 fi
   79 
   80 echo
   81 echo Next we need to set the home directory for this scponly user.
   82 echo please note that the user\'s home directory MUST NOT be writable
   83 echo by the scponly user.  this is important so that the scponly user
   84 echo cannot subvert the .ssh configuration parameters.
   85 echo
   86 targetdir=/home/$targetuser
   87 echo -n "enter the home directory you wish to set for this user: [$targetdir] "
   88 read targetdir2
   89 if [ "x$targetdir2" != "x" ]; then
   90     targetdir=$targetdir2
   91 fi
   92 
   93 echo
   94 echo for this reason, an \"public_html\" subdirectory will be created that
   95 echo the scponly user can write into.
   96 echo if you want the scponly user to
   97 echo automatically change to this public_html subdirectory upon login, you
   98 echo can specify this when you specify the user\'s home directory as
   99 echo follows:
  100 echo
  101 echo set the home dir to /chroot_path//public_html [we do this right now]
  102 echo
  103 echo when scponly chroots, it will only chroot to "chroot_path" and
  104 echo afterwards, it will chdir to public_html.
  105 echo
  106 
  107 /usr/bin/install -c -d $targetdir
  108 /usr/bin/install -c -d $targetdir/usr
  109 /usr/bin/install -c -d $targetdir/usr/bin
  110 /usr/bin/install -c -d $targetdir/usr/sbin
  111 /usr/bin/install -c -d $targetdir/usr/local
  112 /usr/bin/install -c -d $targetdir/usr/local/lib
  113 /usr/bin/install -c -d $targetdir/usr/local/bin
  114 /usr/bin/install -c -d $targetdir/lib
  115 /usr/bin/install -c -d $targetdir/usr/lib
  116 /usr/bin/install -c -d $targetdir/usr/libexec
  117 /usr/bin/install -c -d $targetdir/usr/libexec/openssh
  118 /usr/bin/install -c -d $targetdir/bin
  119 /usr/bin/install -c -d $targetdir/etc
  120 
  121 for bin in $BINARIES; do
  122     /usr/bin/install -c -C $bin $targetdir$bin
  123 done
  124 
  125 LIB_LIST=`/usr/bin/ldd $BINARIES 2> /dev/null | /bin/cut -f2 -d\> | /bin/cut -f1 -d\( | /bin/grep "^ " | /bin/sort -u`
  126 
  127 LDSOFOUND=0
  128 if [ -f /usr/libexec/ld.so ]; then
  129     LIB_LIST="$LIB_LIST /usr/libexec/ld.so"
  130     LDSOFOUND=1
  131 fi
  132 if [ -f /lib/ld-linux.so.2 ]; then 
  133     LIB_LIST="$LIB_LIST /lib/ld-linux.so.2"
  134     LDSOFOUND=1
  135 fi
  136 if [ -f /usr/libexec/ld-elf.so.1 ]; then
  137     LIB_LIST="$LIB_LIST /usr/libexec/ld-elf.so.1"
  138     LDSOFOUND=1
  139 fi
  140 
  141 if [ $LDSOFOUND -eq 0 ]; then
  142     fail i cant find your equivalent of ld.so
  143 fi
  144 
  145 /bin/ls /lib/libnss_compat* 2>&1 > /dev/null
  146 if [ $? -eq 0 ]; then
  147     LIB_LIST="$LIB_LIST /lib/libnss_compat* /lib/ld.so"
  148 fi
  149 
  150 if [ "x$LIB_LIST" != "x" ]; then
  151     for lib in $LIB_LIST; do
  152         /usr/bin/install -c $lib $targetdir/$lib
  153     done
  154 fi
  155 if [ $USE_PW -eq 0 ] ; then
  156     /usr/sbin/useradd -d "$targetdir//public_html" -s "/usr/local/sbin/scponlyc" $targetuser
  157     if [ $? -ne 0 ]; then
  158          fail "if this user exists, remove it and try again"
  159     fi
  160 else
  161      useradd -n $targetuser -s "/usr/local/sbin/scponlyc" -d "$targetdir//public_html"
  162     if [ $? -ne 0 ]; then
  163          fail "if this user exists, remove it and try again"
  164     fi
  165 fi 
  166 
  167 chown 0:0 $targetdir 
  168 if [ -d $targetdir/.ssh ]; then
  169     chown 0.0 $targetdir/.ssh
  170 fi
  171 
  172 if [ ! -d $targetdir//public_html ]; then
  173     echo -e "\ncreating  $targetdir/public_html directory for uploading files"
  174     /usr/bin/install -c -o $targetuser -d $targetdir/public_html
  175 fi
  176 
  177 # the following is VERY BSD centric
  178 # i check for pwd_mkdb before trying to use it
  179 if [ x = x ]; then
  180     /bin/grep $targetuser /etc/passwd > $targetdir/etc/passwd
  181 else
  182     /bin/grep $targetuser /etc/master.passwd > $targetdir/etc/master.passwd
  183      -d "$targetdir/etc" $targetdir/etc/master.passwd
  184     /bin/rm -rf $targetdir/etc/master.passwd $targetdir/etc/spwd.db
  185 fi
  186 
  187 echo
  188 echo /usr/bin/groups problem solving
  189 rm -f $targetdir/usr/bin/groups
  190 gcc groups.c -o groups
  191 cp groups $targetdir/usr/bin/groups
  192 
  193 echo /etc/passwd - important security fix
  194 targetuid=`id -u $targetuser`
  195 targetgid=`id -g $targetuser`
  196 cat /etc/passwd | awk -F":" '{if($3==0){print $0}}' > $targetdir/etc/passwd
  197 #winscp seems to work bad with long names with "_" char - like "template_scp"
  198 #so we cheats it by standard "user" name
  199 dummyuser="user"
  200 dummyhome="/public_html"
  201 dummyshell="/usr/bin/oafish"
  202 cat /etc/passwd | awk -F":" '{if($3=='$targetuid'){print "'$dummyuser':"$2":"$3":"$4":"$5":'$dummyhome':'$dummyshell'"}}' >> $targetdir/etc/passwd
  203 
  204 echo /etc/group - adding
  205 cat /etc/group | awk -F":" '{if($3==0){print $0}}' > $targetdir/etc/group
  206 dummygroup="users"
  207 cat /etc/group | awk -F":" '{if($3=='$targetgid'){print "'$dummygroup':"$2":"$3":"$4}}' >> $targetdir/etc/group
  208 
  209 echo /info.txt - adding
  210 cp info.txt $targetdir/info.txt
  211 
  212 echo correcting RedHat 9.0 missed lib files ...
  213 ldconfig
  214 cp /etc/ld.so.cache $targetdir/etc/ld.so.cache
  215 
  216 mkdir -p $targetdir/lib/tls/
  217 #cp /lib/tls/libc.so.6 $targetdir/lib/tls/libc.so.6
  218 #seems be no different if it will be like this
  219 cp /lib/libc.so.6 $targetdir/lib/libc.so.6
  220 
  221 mkdir -p $targetdir/usr/kerberos/lib/
  222 cp /usr/kerberos/lib/libcom_err.so.3 $targetdir/usr/kerberos/lib/libcom_err.so.3
  223 cp /usr/kerberos/lib/libgssapi_krb5.so.2 $targetdir/usr/kerberos/lib/libgssapi_krb5.so.2
  224 cp /usr/kerberos/lib/libk5crypto.so.3 $targetdir/usr/kerberos/lib/libk5crypto.so.3
  225 cp /usr/kerberos/lib/libkrb5.so.3 $targetdir/usr/kerberos/lib/libkrb5.so.3
  226 
  227 echo clearing new home dir ...
  228 rm -rf $targetdir/public_html
  229 mkdir $targetdir/public_html
  230 chown -R $targetuser.users $targetdir/public_html
  231 
  232 echo
  233 echo ok, all done set the passwd if you wont to use this account
  234 echo or ^C when it will be an template only
  235 echo
  236 
  237 passwd $targetuser
  238 
  239 
  240 
  241 
  242 
  243 
  244