scponly: build_extras/setup_chroot.sh.debian

"Fossies" - the Fresh Open Source Software Archive

Member "scponly-20110526/build_extras/setup_chroot.sh.debian" (18 Nov 2003, 6502 Bytes) of package /linux/privat/old/scponly-20110526.tgz:

As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) Bash source code syntax highlighting (style: standard) with prefixed line numbers and code folding option. Alternatively you can here view or download the uninterpreted source code file.

1 #!/bin/sh 2 # rewrited by Konrad Krzysztof Krasinski 2003 3 # tested on Slackware 8.0, 8.1 and 9.0 4 # 5 # check that the configure options are correct for chrooted operation: 6 7 if [ xscponlyc = x ] || [ ! -f ./config.h ]; then 8 echo 9 echo 'your scponly build is not configured for chrooted operation.' 10 echo 'please reconfigure as follows, then rebuild and reinstall:' 11 echo 12 echo './configure --enable-chrooted-binary (... other options)' 13 echo 14 exit 1 15 fi 16 17 # the following is a list of binaries that will be staged in the target dir 18 BINARIES=`/usr/bin/grep '#define PROG_' config.h | /usr/bin/cut -f2 -d\" | /usr/bin/grep -v ^cd$` 19 20 # a function to display a failure message and then exit 21 fail ( ) { 22 echo -e $@ 23 exit 1 24 } 25 26 # "get with default" function 27 # this function prompts the user with a query and default reply 28 # it returns the user reply 29 getwd ( ) { 30 query="$1" 31 default="$2" 32 echo -en "$query [$default]" | cat >&2 33 read response 34 if [ x$response = "x" ]; then 35 response=$default 36 fi 37 echo $response 38 } 39 40 # "get yes no" function 41 # this function prompts the user with a query and will continue to do so 42 # until they reply with either "y" or "n" 43 getyn ( ) { 44 query="$@" 45 echo -en $query | cat >&2 46 read response 47 while [ x$response != "xy" -a x$response != "xn" ]; do 48 echo -e "\n'y' or 'n' only please...\n" | cat >&2 49 echo -en $query | cat >&2 50 read response 51 done 52 echo $response 53 } 54 55 if [ x/usr/bin/ldd = x ]; then 56 echo "this script requires the program ldd to determine which" 57 fail "shared libraries to copy into your chrooted dir..." 58 fi 59 USE_PW=0; 60 #if [ x/usr/sbin/useradd = x ]; then 61 USE_PW=1; 62 #else 63 # if [ x = x ]; then 64 # echo "this script requires the program useradd or pw to add your" 65 # fail "chrooted scponly user." 66 # fi 67 #fi 68 69 # we need to be root 70 if [ `id -u` != "0" ]; then 71 fail "you must be root to run this script\n" 72 fi 73 74 echo -n "Install for what username? [template_scp]" 75 read targetuser 76 if [ "x$targetuser" = "x" ]; then 77 targetuser="template_scp" 78 fi 79 80 echo 81 echo Next we need to set the home directory for this scponly user. 82 echo please note that the user\'s home directory MUST NOT be writable 83 echo by the scponly user. this is important so that the scponly user 84 echo cannot subvert the .ssh configuration parameters. 85 echo 86 targetdir=/home/$targetuser 87 echo -n "enter the home directory you wish to set for this user: [$targetdir] " 88 read targetdir2 89 if [ "x$targetdir2" != "x" ]; then 90 targetdir=$targetdir2 91 fi 92 93 echo 94 echo for this reason, an \"public_html\" subdirectory will be created that 95 echo the scponly user can write into. 96 echo if you want the scponly user to 97 echo automatically change to this public_html subdirectory upon login, you 98 echo can specify this when you specify the user\'s home directory as 99 echo follows: 100 echo 101 echo set the home dir to /chroot_path//public_html [we do this right now] 102 echo 103 echo when scponly chroots, it will only chroot to "chroot_path" and 104 echo afterwards, it will chdir to public_html. 105 echo 106 107 echo ginstalling the dirs and files ... 108 /usr/bin/ginstall -c -d $targetdir 109 /usr/bin/ginstall -c -d $targetdir/usr 110 /usr/bin/ginstall -c -d $targetdir/usr/bin 111 /usr/bin/ginstall -c -d $targetdir/usr/sbin 112 /usr/bin/ginstall -c -d $targetdir/usr/local 113 /usr/bin/ginstall -c -d $targetdir/usr/local/lib 114 /usr/bin/ginstall -c -d $targetdir/usr/local/bin 115 /usr/bin/ginstall -c -d $targetdir/lib 116 /usr/bin/ginstall -c -d $targetdir/usr/lib 117 /usr/bin/ginstall -c -d $targetdir/usr/libexec 118 /usr/bin/ginstall -c -d $targetdir/usr/libexec/openssh 119 /usr/bin/ginstall -c -d $targetdir/bin 120 /usr/bin/ginstall -c -d $targetdir/etc 121 122 for bin in $BINARIES; do 123 /usr/bin/ginstall -c $bin $targetdir$bin 124 done 125 126 LIB_LIST=`/usr/bin/ldd $BINARIES 2> /dev/null | /usr/bin/cut -f2 -d\> | /usr/bin/cut -f1 -d\( | /usr/bin/grep "^ " | /usr/bin/sort -u` 127 128 LDSOFOUND=0 129 if [ -f /usr/libexec/ld.so ]; then 130 LIB_LIST="$LIB_LIST /usr/libexec/ld.so" 131 LDSOFOUND=1 132 fi 133 if [ -f /lib/ld-linux.so.2 ]; then 134 LIB_LIST="$LIB_LIST /lib/ld-linux.so.2" 135 LDSOFOUND=1 136 fi 137 if [ -f /usr/libexec/ld-elf.so.1 ]; then 138 LIB_LIST="$LIB_LIST /usr/libexec/ld-elf.so.1" 139 LDSOFOUND=1 140 fi 141 142 if [ $LDSOFOUND -eq 0 ]; then 143 fail i cant find your equivalent of ld.so 144 fi 145 146 /bin/ls /lib/libnss_compat* 2>&1 > /dev/null 147 if [ $? -eq 0 ]; then 148 LIB_LIST="$LIB_LIST /lib/libnss_compat* /lib/ld.so" 149 fi 150 151 echo "ginstalling some libs - some errors are false allarms ..." 152 153 if [ "x$LIB_LIST" != "x" ]; then 154 for lib in $LIB_LIST; do 155 /usr/bin/ginstall -c $lib $targetdir/$lib 156 done 157 fi 158 echo targetdir=$targetdir 159 if [ $USE_PW -eq 0 ] ; then 160 /usr/sbin/useradd -d "$targetdir//public_html" -s "/usr/local/sbin/scponlyc" $targetuser 161 if [ $? -ne 0 ]; then 162 fail "if this user exists, remove it and try again" 163 fi 164 else 165 useradd -s "/usr/local/sbin/scponlyc" -d "$targetdir//public_html" $targetuser 166 if [ $? -ne 0 ]; then 167 fail "if this user exists, remove it and try again" 168 fi 169 fi 170 171 chown 0:0 $targetdir 172 if [ -d $targetdir/.ssh ]; then 173 chown 0.0 $targetdir/.ssh 174 fi 175 176 if [ ! -d $targetdir/public_html ]; then 177 echo -e "\ncreating $targetdir/public_html directory for uploading files" 178 /usr/bin/ginstall -c -o $targetuser -d $targetdir/public_html 179 fi 180 181 # the following is VERY BSD centric 182 # i check for pwd_mkdb before trying to use it 183 if [ x = x ]; then 184 /usr/bin/grep $targetuser /etc/passwd > $targetdir/etc/passwd 185 else 186 /usr/bin/grep $targetuser /etc/master.passwd > $targetdir/etc/master.passwd 187 -d "$targetdir/etc" $targetdir/etc/master.passwd 188 /bin/rm -rf $targetdir/etc/master.passwd $targetdir/etc/spwd.db 189 fi 190 191 192 echo 193 echo /usr/bin/groups problem solving 194 rm -f $tagetdir/usr/bin/groups 195 gcc groups.c -o groups 196 cp groups $tagetdir/usr/bin/groups 197 198 199 echo /etc/passwd - important security fix 200 cat /etc/passwd | grep root:x:0: > $targetdir/etc/passwd 201 targetuid=`id -u $targetuser` 202 #winscp seems to work bad with long names with "_" char - like "template_scp" 203 #so we cheats it by standard "user" name 204 dummyuser="user" 205 dummyhome="/public_html" 206 dummyshell="/usr/bin/oafish" 207 cat /etc/passwd | grep $targetuser:x:$targetuid: | awk -F":" '{print "'$dummyuser':"$2":"$3":"$4":"$5":'$dummyhome':'$dummyshell'"}'>> $targetdir/etc/passwd 208 209 echo /etc/group - adding 210 cat /etc/group | grep root::0: > $targetdir/etc/group 211 targetuid=`id -u $targetuser` 212 cat /etc/group | grep users:: >> $targetdir/etc/group 213 214 echo /info.txt - adding 215 cp info.txt $targetdir/info.txt 216 217 echo 218 echo ok, all done set the passwd if you wont to use this account 219 echo or ^C when it will be an template only 220 echo 221 222 passwd $targetuser