sslug-teknik team mailing list archive

Thread
Date
RE: wuftp og homedir

To: "'sslug-teknik@xxxxxxxx'" <sslug-teknik@xxxxxxxx>
From: Andreas Overgaard <anov@xxxxxx>
Date: Tue, 23 Oct 2001 09:45:10 +0200
Delivered-to: mailing list sslug-teknik@xxxxxxxx
Mailing-list: contact sslug-teknik-help@xxxxxxxx; run by ezmlm
> > -----Original Message-----
> > From: Jimmy Dansbo [mailto:jimmy@xxxxxxxxxxxxx]
> > 
> > Hejsa.
> > 
> > Jeg vil lige høre om der er nogen der ved om det overhovedet 
> > er muligt at sætte wuftpd op til ikke at
> > tillade brugere at gå længere ud end deres eget homedir?
> > 
> > Altså når en bruger har et homedir der hedder 
> > /home/brugernavn så har brugeren med FTP ikke mulighed for at 
> > gå andre steder hen end /home/brugernavn og underbiblioteker her til.
> 
  Jeg har lavet et lille script til at oprette sådanne brugere det tager
udgangs punkt i anonymous brugeren

#!/bin/bash
#
############################## NOTICE ###############################
#
# This script is written for making restricted ftp users from an out
# of the box RedHat linux running with Wu-FTP.
# It is based on the default anonymous user.
#
# Copyleft BlueWebHouse ApS
# info@xxxxxxxxxxxxxxxx
#
########################## User variables ###########################

FTPGROUP=users
RECIPIENTS='support@xxxxxxxxxxxxxxxx'

################ Make life easyer variables and other ###############

SHLIST=/etc/shells
PRGNAME=$0

############################# GETOPT ################################

set -- `getopt hu:d: $*`

for i in $*
do
  case $i in
    -u)
      name=$2; shift 2
    ;;
    -d)
      WSPath=$2; shift 2
    ;;
    -h)
      shift; FLAG=$i
      echo "Usage: $0 [options] parameters
                   -u --user                    Defines a user to add
                   -d --directory               Defines the users root and
home directory
                   -h --help                    Shows this help"
      exit 2
    ;;
  esac
done

################## Interactive mode if no parameters #################

if [ -z $name ]
then
  echo -n 'Type in user name: '
  read name
fi
if [ -z $WSPath ]
then
  echo -n 'Type in root path: '
  read WSPath
fi

################## Is the wu-FTP configuration ok? ##################

FTPONLY=`grep ftponly $SHLIST | awk -F / ' { print $3 } ' `

if [ ! -x /bin/ftponly ] || [ -z "$FTPONLY" ]
then
  clear
  echo "I have to add a secure shell for the account dont worry its
harmless...."
  sleep 5
  echo '#!/bin/bash
        echo "
You have only been granted FTP access.
For further information contact $RECIPIENTS
        "
        sleep 5
        exit
       ' > /bin/ftponly
  chmod +x /bin/ftponly
  grep ftponly $SHLIST
  if [ $? = 1 ]
  then
    echo '/bin/ftponly' >> $SHLIST
  fi
fi

CONFTEST1=`grep 'chmod' /etc/ftpaccess | awk ' { print $3 } ' `
CONFTEST2=`grep 'guestgroup' /etc/ftpaccess | awk ' { print $2 } ' `

if [ "$CONFTEST1" = 'guest,anonymous' ] || [ "$CONFTEST2" != $FTPGROUP ]
then
  echo "
        You have to add a guest group named $FTPGROUP to /etc/ftpaccess.
        Should I put a sample of ftpaccess to /etc/ftpaccess.sam?
       "
  read -p 'Yes/No: ' -n 1 FTPSAM
  if [ "$FTPSAM" = y ]
  then
    echo "
class   all   real,guest,anonymous  *
guestgroup users

email $RECIPIENTS

loginfails 5

readme  README*    login
readme  README*    cwd=*

message /welcome.msg            login
message .message                cwd=*

compress        yes             all
tar             yes             all
chmod           no              anonymous
delete          no              anonymous
overwrite       no              anonymous
rename          no              anonymous

log transfers anonymous,real inbound,outbound

shutdown /etc/shutmsg

passwd-check rfc822 warn
        " > /etc/ftpaccess.sam
  fi
fi
clear

############ Collect info before adding and removing stuff #############

RMTST=`ls -ld $WSPath 2> /dev/null | awk ' { print $3 } ' `
if [ $RMTST ]
then
  echo "$name $WSPath"
  echo "The root path you gave me (${WSPath}) already exists and the
directory
is owned by $RMTST. Are you sure you whant me to make this the
home and root directory for the user ${name}?"
  read -p 'Yes/No: ' -n 1 RMTST
  if [ $RMTST != y ]
  then
    clear
    echo "Okay I will exit the procedure now"
    sleep 2
    exit
  fi
fi
clear
##################### Adding user to UNIX and ##########################

adduser $name -g $FTPGROUP -s /bin/ftponly -d $WSPath
passwd $name
rm $WSPath/* -ri  # WARNING -rf > /dev/null 2>&1
rm $WSPath/.* -ri # WARNING -rf > /dev/null 2>&1
gid=` grep $FTPGROUP /etc/group | awk ' { print $3 } ' `
uid=` grep $name /etc/passwd | awk ' { print $3 } ' `

usermod -d ${WSPath}/. $name

for i in /var/ftp/etc /var/ftp/lib /var/ftp/bin
do
  cp -R $i $WSPath
done

echo "
  root:*:0:0::/:/bin/ftponly
  $name:*:$uid:$gid::$WSPath/.:/bin/ftponly
" > $WSPath/etc/passwd
echo "
  root::0:root
  $FTPGROUP::$gid:$name
" > $WSPath/etc/group

chmod 700 $WSPath
chmod 111 $WSPath/etc $WSPath/bin -R
chmod 755 $WSPath/lib -R

clear

echo "My work is done here, if I was you I would check the umask in
/etc/ftpaccess.

  def <umask> [<class>]

umask | UserAccess | GroupAccess | Other
----------------------------------------
 0000 |     all    |     all     |  all
 0002 |     all    |     all     |  read
 0007 |     all    |     all     |  none
 0022 |     all    |     read    |  read
 0027 |     all    |     read    |  none
 0077 |     all    |     none    |  none
"

if [ "$FTPSAM" = y ]
then
  echo "You whant me to update /etc/ftpaccess??"
  read -p 'Yes/No ' -n 1 UPFTPSAM
  if [ $UPFTPSAM = y ]
  then
    clear
    cat /etc/ftpaccess.sam > /etc/ftpaccess
    echo "Update taken cared of..."
    rm -f /etc/ftpaccess.sam
    echo "Removing sample now..."
    sleep 2
  elif [ "$UPFTPSAM" != y ]  && [ "$FTPSAM" = y ]
  then
    clear
    echo 'Okay, then remember you got a template at /etc/ftpaccess.sam'
  fi