-
Notifications
You must be signed in to change notification settings - Fork 1
/
create-chroot-dir.sh
98 lines (51 loc) · 1.34 KB
/
create-chroot-dir.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
#! /bin/bash
#
# Written by tiix
#
# 13/02/2019
#
# Create and set new client chroot
if [ $EUID -ne 0 ]; then
echo "Please run as root"
exit
fi
BASEHOME="/home/sftp-chroot"
PASSWORD=`cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1`
GROUP=sftp_chroot_$1
USER=$1-sftp
# Checking arguments
if [ $# -eq 0 ]; then
echo "Please add client name"
echo "e.g. $0 tiix"
exit
fi
# Group creation
echo "Group creation"
addgroup $GROUP
# SSH config
echo "Adding group matching to ssh config"
printf "\n" >> /etc/ssh/sshd_config
printf "Match group $GROUP\n" >> /etc/ssh/sshd_config
printf " ChrootDirectory $BASEHOME/$1\n" >> /etc/ssh/sshd_config
printf " ForceCommand internal-sftp\n" >> /etc/ssh/sshd_config
printf " AllowTcpForwarding no\n" >> /etc/ssh/sshd_config
systemctl restart sshd.service
# User configuration
echo "Adding user"
useradd $USER --gid $GROUP --groups $GROUP -m -d $BASEHOME/$1 --shell /bin/false
# Password configuration
echo "Configuring password"
echo $USER:$PASSWORD | chpasswd
# Set rights
echo "Configuring rights"
chown root:root $BASEHOME/$1
chmod 755 $BASEHOME/$1
mkdir $BASEHOME/$1/writeable
chown $USER:$GROUP $BASEHOME/$1/writeable
chmod 775 $BASEHOME/$1/writeable
# Clean skeleton
rm -rf $BASEHOME/$1/.zsh*
# Print creds
echo "Username : $USER"
echo "Password : $PASSWORD"
exit