"Fossies" - the Fresh Open Source Software Archive

Member "scponly-20110526/build_extras/setup_chroot.sh.debian" (18 Nov 2003, 6502 Bytes) of package /linux/privat/old/scponly-20110526.tgz:


As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) Bash source code syntax highlighting (style: standard) with prefixed line numbers and code folding option. Alternatively you can here view or download the uninterpreted source code file.

    1 #!/bin/sh
    2 # rewrited by Konrad Krzysztof Krasinski 2003
    3 # tested on Slackware 8.0, 8.1 and 9.0
    4 #
    5 # check that the configure options are correct for chrooted operation:
    6 
    7 if [ xscponlyc = x ] || [ ! -f ./config.h ]; then
    8     echo 
    9     echo 'your scponly build is not configured for chrooted operation.'
   10     echo 'please reconfigure as follows, then rebuild and reinstall:'
   11     echo
   12     echo './configure --enable-chrooted-binary (... other options)'
   13     echo
   14     exit 1
   15 fi
   16 
   17 # the following is a list of binaries that will be staged in the target dir
   18 BINARIES=`/usr/bin/grep '#define PROG_' config.h | /usr/bin/cut -f2 -d\" | /usr/bin/grep -v ^cd$`
   19 
   20 # a function to display a failure message and then exit 
   21 fail ( ) {
   22     echo -e $@
   23     exit 1
   24 }
   25 
   26 # "get with default" function
   27 # this function prompts the user with a query and default reply
   28 # it returns the user reply
   29 getwd ( ) {
   30     query="$1"
   31     default="$2"
   32     echo -en "$query [$default]" | cat >&2
   33     read response
   34     if [ x$response = "x" ]; then
   35         response=$default
   36     fi
   37     echo $response
   38 }
   39 
   40 # "get yes no" function
   41 # this function prompts the user with a query and will continue to do so
   42 # until they reply with either "y" or "n"
   43 getyn ( ) {
   44     query="$@"
   45     echo -en $query | cat >&2
   46     read response
   47     while [ x$response != "xy" -a x$response != "xn" ]; do
   48         echo -e "\n'y' or 'n' only please...\n" | cat >&2
   49         echo -en $query | cat >&2
   50         read response
   51     done    
   52     echo $response
   53 }
   54 
   55 if [ x/usr/bin/ldd = x ]; then
   56     echo "this script requires the program ldd to determine which"
   57     fail "shared libraries to copy into your chrooted dir..."
   58 fi
   59 USE_PW=0;
   60 #if [ x/usr/sbin/useradd = x ]; then
   61     USE_PW=1;
   62 #else 
   63 #    if [ x = x ]; then
   64 #   echo "this script requires the program useradd or pw to add your"
   65 #   fail "chrooted scponly user."
   66 #    fi
   67 #fi
   68 
   69 # we need to be root
   70 if [ `id -u` != "0" ]; then
   71     fail "you must be root to run this script\n"
   72 fi
   73 
   74 echo -n "Install for what username? [template_scp]"
   75 read targetuser
   76 if [ "x$targetuser" = "x" ]; then
   77     targetuser="template_scp"
   78 fi
   79 
   80 echo
   81 echo Next we need to set the home directory for this scponly user.
   82 echo please note that the user\'s home directory MUST NOT be writable
   83 echo by the scponly user.  this is important so that the scponly user
   84 echo cannot subvert the .ssh configuration parameters.
   85 echo
   86 targetdir=/home/$targetuser
   87 echo -n "enter the home directory you wish to set for this user: [$targetdir] "
   88 read targetdir2
   89 if [ "x$targetdir2" != "x" ]; then
   90     targetdir=$targetdir2
   91 fi
   92 
   93 echo
   94 echo for this reason, an \"public_html\" subdirectory will be created that
   95 echo the scponly user can write into.
   96 echo if you want the scponly user to 
   97 echo automatically change to this public_html subdirectory upon login, you
   98 echo can specify this when you specify the user\'s home directory as 
   99 echo follows:
  100 echo
  101 echo set the home dir to /chroot_path//public_html [we do this right now]
  102 echo
  103 echo when scponly chroots, it will only chroot to "chroot_path" and
  104 echo afterwards, it will chdir to public_html.
  105 echo
  106 
  107 echo ginstalling the dirs and files ...
  108 /usr/bin/ginstall -c -d $targetdir
  109 /usr/bin/ginstall -c -d $targetdir/usr
  110 /usr/bin/ginstall -c -d $targetdir/usr/bin
  111 /usr/bin/ginstall -c -d $targetdir/usr/sbin
  112 /usr/bin/ginstall -c -d $targetdir/usr/local
  113 /usr/bin/ginstall -c -d $targetdir/usr/local/lib
  114 /usr/bin/ginstall -c -d $targetdir/usr/local/bin
  115 /usr/bin/ginstall -c -d $targetdir/lib
  116 /usr/bin/ginstall -c -d $targetdir/usr/lib
  117 /usr/bin/ginstall -c -d $targetdir/usr/libexec
  118 /usr/bin/ginstall -c -d $targetdir/usr/libexec/openssh
  119 /usr/bin/ginstall -c -d $targetdir/bin
  120 /usr/bin/ginstall -c -d $targetdir/etc
  121 
  122 for bin in $BINARIES; do
  123     /usr/bin/ginstall -c $bin $targetdir$bin
  124 done
  125 
  126 LIB_LIST=`/usr/bin/ldd $BINARIES 2> /dev/null | /usr/bin/cut -f2 -d\> | /usr/bin/cut -f1 -d\( | /usr/bin/grep "^ " | /usr/bin/sort -u`
  127 
  128 LDSOFOUND=0
  129 if [ -f /usr/libexec/ld.so ]; then
  130     LIB_LIST="$LIB_LIST /usr/libexec/ld.so"
  131     LDSOFOUND=1
  132 fi
  133 if [ -f /lib/ld-linux.so.2 ]; then 
  134     LIB_LIST="$LIB_LIST /lib/ld-linux.so.2"
  135     LDSOFOUND=1
  136 fi
  137 if [ -f /usr/libexec/ld-elf.so.1 ]; then
  138     LIB_LIST="$LIB_LIST /usr/libexec/ld-elf.so.1"
  139     LDSOFOUND=1
  140 fi
  141 
  142 if [ $LDSOFOUND -eq 0 ]; then
  143     fail i cant find your equivalent of ld.so
  144 fi
  145 
  146 /bin/ls /lib/libnss_compat* 2>&1 > /dev/null
  147 if [ $? -eq 0 ]; then
  148     LIB_LIST="$LIB_LIST /lib/libnss_compat* /lib/ld.so"
  149 fi
  150 
  151 echo "ginstalling some libs - some errors are false allarms ..."
  152 
  153 if [ "x$LIB_LIST" != "x" ]; then
  154     for lib in $LIB_LIST; do
  155         /usr/bin/ginstall -c $lib $targetdir/$lib
  156     done
  157 fi
  158 echo targetdir=$targetdir
  159 if [ $USE_PW -eq 0 ] ; then
  160     /usr/sbin/useradd -d "$targetdir//public_html" -s "/usr/local/sbin/scponlyc" $targetuser    
  161     if [ $? -ne 0 ]; then
  162          fail "if this user exists, remove it and try again"
  163     fi
  164 else
  165      useradd  -s "/usr/local/sbin/scponlyc" -d "$targetdir//public_html" $targetuser
  166     if [ $? -ne 0 ]; then
  167          fail "if this user exists, remove it and try again"
  168     fi
  169 fi 
  170 
  171 chown 0:0 $targetdir 
  172 if [ -d $targetdir/.ssh ]; then
  173     chown 0.0 $targetdir/.ssh
  174 fi
  175 
  176 if [ ! -d $targetdir/public_html ]; then
  177     echo -e "\ncreating  $targetdir/public_html directory for uploading files"
  178     /usr/bin/ginstall -c -o $targetuser -d $targetdir/public_html
  179 fi
  180 
  181 # the following is VERY BSD centric
  182 # i check for pwd_mkdb before trying to use it
  183 if [ x = x ]; then
  184     /usr/bin/grep $targetuser /etc/passwd > $targetdir/etc/passwd
  185 else
  186     /usr/bin/grep $targetuser /etc/master.passwd > $targetdir/etc/master.passwd
  187      -d "$targetdir/etc" $targetdir/etc/master.passwd
  188     /bin/rm -rf $targetdir/etc/master.passwd $targetdir/etc/spwd.db
  189 fi
  190 
  191 
  192 echo
  193 echo /usr/bin/groups problem solving
  194 rm -f $tagetdir/usr/bin/groups
  195 gcc groups.c -o groups
  196 cp groups $tagetdir/usr/bin/groups
  197 
  198 
  199 echo /etc/passwd - important security fix
  200 cat /etc/passwd | grep root:x:0: > $targetdir/etc/passwd
  201 targetuid=`id -u $targetuser`
  202 #winscp seems to work bad with long names with "_" char - like "template_scp"
  203 #so we cheats it by standard "user" name
  204 dummyuser="user"
  205 dummyhome="/public_html"
  206 dummyshell="/usr/bin/oafish"
  207 cat /etc/passwd | grep $targetuser:x:$targetuid: | awk -F":" '{print "'$dummyuser':"$2":"$3":"$4":"$5":'$dummyhome':'$dummyshell'"}'>> $targetdir/etc/passwd
  208 
  209 echo /etc/group - adding
  210 cat /etc/group | grep root::0: > $targetdir/etc/group
  211 targetuid=`id -u $targetuser`
  212 cat /etc/group | grep users:: >> $targetdir/etc/group
  213 
  214 echo /info.txt - adding
  215 cp info.txt $targetdir/info.txt
  216 
  217 echo
  218 echo ok, all done set the passwd if you wont to use this account
  219 echo or ^C when it will be an template only
  220 echo
  221 
  222 passwd $targetuser