forked from atmoz/sftp
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathentrypoint
executable file
·151 lines (125 loc) · 3.85 KB
/
entrypoint
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
#!/bin/bash
set -e
export DEBIAN_FRONTEND=noninteractive
userConfPath="/etc/sftp-users.conf"
userConfFinalPath="/var/run/sftp-users.conf"
function printHelp() {
echo "Add users as command arguments, STDIN or mounted in $userConfPath"
echo "Syntax: user:pass[:e][:uid[:gid[:dir1[,dir2]...]]] ..."
echo "Use --readme for more information and examples."
}
function printReadme() {
cat /README.md
echo "TIP: Read this in HTML format here: https://github.com/tzz/sftp"
}
function createUser() {
IFS=':' read -a param <<< $@
user="${param[0]}"
pass="${param[1]}"
if [ "${param[2]}" == "e" ]; then
chpasswdOptions="-e"
uid="${param[3]}"
gid="${param[4]}"
dir="${param[5]}"
else
uid="${param[2]}"
gid="${param[3]}"
dir="${param[4]}"
fi
if [ -z "$user" ]; then
echo "FATAL: You must at least provide a username."
exit 1
fi
if $(cat /etc/passwd | cut -d: -f1 | grep -q "^$user:"); then
echo "WARNING: User \"$user\" already exists. Skipping."
return 0
fi
useraddOptions="--no-user-group"
if [ -n "$uid" ]; then
useraddOptions="$useraddOptions --non-unique --uid $uid"
fi
if [ -n "$gid" ]; then
if ! $(cat /etc/group | cut -d: -f3 | grep -q "$gid"); then
groupadd --gid $gid "group_$gid"
fi
useraddOptions="$useraddOptions --gid $gid"
fi
useradd $useraddOptions $user
mkdir -p /home/$user
chown root:root /home/$user
chmod 755 /home/$user
if [ -n "$pass" ]; then
echo "$user:$pass" | chpasswd $chpasswdOptions
else
usermod -p "*" $user # disabled password
fi
# Add SSH keys to authorized_keys with valid permissions
if [ -d /home/$user/.ssh/keys ]; then
cat /home/$user/.ssh/keys/* >> /home/$user/.ssh/authorized_keys
chown $user /home/$user/.ssh/authorized_keys
chmod 600 /home/$user/.ssh/authorized_keys
fi
# Make sure dirs exists and has correct permissions
if [ -n "$dir" ]; then
IFS=',' read -a dirParam <<< $dir
for dirPath in ${dirParam[@]}; do
dirPath=/home/$user/$dirPath
echo "Creating and/or setting permissions on $dirPath"
mkdir -p $dirPath
chown -R $user:users $dirPath
done
fi
}
if [[ $1 =~ ^--help$|^-h$ ]]; then
printHelp
exit 0
fi
if [ "$1" == "--readme" ]; then
printReadme
exit 0
fi
# Create users only on first run
if [ ! -f "$userConfFinalPath" ]; then
# Append mounted config to final config
if [ -f "$userConfPath" ]; then
cat "$userConfPath" | grep -v -e '^$' > "$userConfFinalPath"
fi
# Append users from arguments to final config
for user in "$@"; do
echo "$user" >> "$userConfFinalPath"
done
# Append users from STDIN to final config
if [ ! -t 0 ]; then
while IFS= read -r user || [[ -n "$user" ]]; do
echo "$user" >> "$userConfFinalPath"
done
fi
# Check that we have users in config
if [ "$(cat "$userConfFinalPath" | wc -l)" == 0 ]; then
echo "FATAL: No users provided!"
printHelp
exit 3
fi
# Import users from final conf file
while IFS= read -r user || [[ -n "$user" ]]; do
createUser "$user"
done < "$userConfFinalPath"
# Generate unique ssh keys for this container, if needed
if [ ! -f /etc/ssh/ssh_host_ed25519_key ]; then
ssh-keygen -t ed25519 -f /etc/ssh/ssh_host_ed25519_key -N ''
fi
if [ ! -f /etc/ssh/ssh_host_rsa_key ]; then
ssh-keygen -t rsa -b 4096 -f /etc/ssh/ssh_host_rsa_key -N ''
fi
fi
# Source custom scripts, if any
if [ -d /etc/sftp.d ]; then
for f in /etc/sftp.d/*; do
if [ -x "$f" ]; then
echo "Running $f ..."
$f
fi
done
unset f
fi
exec /usr/sbin/sshd -D -e