rigelk · May 2, 2018 23:13
diff --git a/chrooted.sh b/chrooted.sh
 #!/bin/bash

 # source this file in /root/.bashrc or /root/.zshrc

 # Sets up the server for chrooted users
 configure_chrooted() {
 	grep ^chrooted: /etc/group
 	if [[ $? == 0 ]]; then
 		printf "The chrooted group already exists, aborting...\n"
 		exit 1
 	fi
 	mkdir /var/chrooted
 	addgroup chrooted
 	cat >> /etc/ssh/sshd_config <<EOF

 Match group chrooted
 	ChrootDirectory /var/chrooted/%u
 	AllowTCPForwarding no
 	X11Forwarding no
 	ForceCommand internal-sftp -u 002
 	PasswordAuthentication yes

 EOF
 	/etc/init.d/ssh reload
 }

 # Creates a chrooted user
 function create_chrooted() {
 	grep ^chrooted: /etc/group
 	if [[ $? == 1 ]]; then
 		printf "The chrooted group does not exists (run configure_chrooted first), aborting...\n"
 		exit 1
 	fi

 	local username
 	printf "Enter username: "
 	read username
 	id ${username} > /dev/null
 	if [[ $? == 0 ]]; then
 		printf "Username exists, aborting..."
 		exit 1
 	fi

 	printf "Name of import user: "
 	read import_user
 	id ${import_user} > /dev/null
 	if [[ $? != 0 ]]; then
 		printf "Import user does not exist, aborting..."
 		exit 1
 	fi


 	printf "Creating home dir\n"
 	local home="/var/chrooted/${username}"
 	mkdir ${home}

 	printf "Creating user\n"
 	useradd --home /upload -M --shell /usr/sbin/nologin --groups chrooted ${username}

 	printf "Setting password\n"
 	local password=$(printf "%s\n" $(< /dev/urandom tr -dc A-Za-z0-9 | head -c8))
 	printf "${username}:${password}\n" | chpasswd

 	printf "Creating import folders and granting access to import user\n"
 	mkdir ${home}/upload ${home}/failed ${home}/archive
 	chown ${import_user}:${import_user} ${home}/failed ${home}/archive
 	chown ${username}:${username} ${home}/upload
 	chmod g+ws ${home}/upload
 	addgroup ${import_user} ${username}

 	printf "Here is the login information:\n\n"
 	printf "Host: $(hostname)\n"
 	printf "Username: ${username}\n"
 	printf "Password: ${password}\n"
 	printf "URL: sftp://${username}:${password}@$(hostname)\n"
 }
	#!/bin/bash

	# source this file in /root/.bashrc or /root/.zshrc

	# Sets up the server for chrooted users
	configure_chrooted() {
	grep ^chrooted: /etc/group
	if [[ $? == 0 ]]; then
	printf "The chrooted group already exists, aborting...\n"
	exit 1
	fi
	mkdir /var/chrooted
	addgroup chrooted
	cat >> /etc/ssh/sshd_config <<EOF

	Match group chrooted
	ChrootDirectory /var/chrooted/%u
	AllowTCPForwarding no
	X11Forwarding no
	ForceCommand internal-sftp -u 002
	PasswordAuthentication yes

	EOF
	/etc/init.d/ssh reload
	}

	# Creates a chrooted user
	function create_chrooted() {
	grep ^chrooted: /etc/group
	if [[ $? == 1 ]]; then
	printf "The chrooted group does not exists (run configure_chrooted first), aborting...\n"
	exit 1
	fi

	local username
	printf "Enter username: "
	read username
	id ${username} > /dev/null
	if [[ $? == 0 ]]; then
	printf "Username exists, aborting..."
	exit 1
	fi

	printf "Name of import user: "
	read import_user
	id ${import_user} > /dev/null
	if [[ $? != 0 ]]; then
	printf "Import user does not exist, aborting..."
	exit 1
	fi


	printf "Creating home dir\n"
	local home="/var/chrooted/${username}"
	mkdir ${home}

	printf "Creating user\n"
	useradd --home /upload -M --shell /usr/sbin/nologin --groups chrooted ${username}

	printf "Setting password\n"
	local password=$(printf "%s\n" $(< /dev/urandom tr -dc A-Za-z0-9 \| head -c8))
	printf "${username}:${password}\n" \| chpasswd

	printf "Creating import folders and granting access to import user\n"
	mkdir ${home}/upload ${home}/failed ${home}/archive
	chown ${import_user}:${import_user} ${home}/failed ${home}/archive
	chown ${username}:${username} ${home}/upload
	chmod g+ws ${home}/upload
	addgroup ${import_user} ${username}

	printf "Here is the login information:\n\n"
	printf "Host: $(hostname)\n"
	printf "Username: ${username}\n"
	printf "Password: ${password}\n"
	printf "URL: sftp://${username}:${password}@$(hostname)\n"
	}