Created
July 18, 2016 20:18
-
-
Save alwalker/66d254a6989f998c4887b2f9b45d61c8 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
set -e | |
#usage create_site.sh site-name | |
#add site admin to sshd_conf with chroot to sites folder and masked to only allow user read/write and group read/write then restart ssh | |
cat << __FILE_CONTENTS__ >> /etc/ssh/sshd_config | |
Match user $1-admin | |
ChrootDirectory /var/sftp/MASTER_SITE/$1 | |
X11Forwarding no | |
AllowTcpForwarding no | |
ForceCommand internal-sftp -u 0117 | |
__FILE_CONTENTS__ | |
service ssh restart | |
#create the site admin user | |
adduser --no-create-home $1-admin | |
#create the site group | |
groupadd $1 | |
#add Kris James, Mirth, and the site admin to site group | |
adduser mirth $1 | |
adduser kjames $1 | |
adduser $1-admin $1 | |
#create folders for site and own and mask them properly | |
mkdir -m0605 /var/sftp/MASTER_SITE/$1 | |
mkdir -m2770 /var/sftp/MASTER_SITE/$1/inbound | |
mkdir -m2770 /var/sftp/MASTER_SITE/$1/outbound | |
chown root:root /var/sftp/MASTER_SITE/$1 | |
chown root:$1 /var/sftp/MASTER_SITE/$1/* | |
#create and execute upstart job for bindfs permissions | |
cat << __FILE_CONTENTS__ > /etc/init/bindfs-$1.conf | |
description "Force $1 group for $1 ftp folder" | |
start on stopped mountall | |
script | |
bindfs --create-for-group=$1 --create-with-perms=u+rw,g+rw,o-rwx /var/sftp/MASTER_SITE/$1/inbound/ /var/sftp/MASTER_SITE/$1/inbound/ | |
bindfs --create-for-group=$1 --create-with-perms=u+rw,g+rw,o-rwx /var/sftp/MASTER_SITE/$1/outbound/ /var/sftp/MASTER_SITE/$1/outbound/ | |
end script | |
__FILE_CONTENTS__ | |
initctl start bindfs-$1 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment