sftp_site_creator.sh

#!/bin/bash
set -e

#usage create_site.sh site-name

#add site admin to sshd_conf with chroot to sites folder and masked to only allow user read/write and group read/write then restart ssh
cat << __FILE_CONTENTS__ >> /etc/ssh/sshd_config

Match user $1-admin
        ChrootDirectory /var/sftp/MASTER_SITE/$1
        X11Forwarding no
        AllowTcpForwarding no
        ForceCommand internal-sftp -u 0117
__FILE_CONTENTS__
service ssh restart

#create the site admin user
adduser --no-create-home $1-admin

#create the site group
groupadd $1

#add Kris James, Mirth, and the site admin to site group
adduser mirth $1
adduser kjames $1
adduser $1-admin $1

#create folders for site and own and mask them properly
mkdir -m0605 /var/sftp/MASTER_SITE/$1
mkdir -m2770 /var/sftp/MASTER_SITE/$1/inbound
mkdir -m2770 /var/sftp/MASTER_SITE/$1/outbound
chown root:root /var/sftp/MASTER_SITE/$1
chown root:$1 /var/sftp/MASTER_SITE/$1/*

#create and execute upstart job for bindfs permissions
cat << __FILE_CONTENTS__ > /etc/init/bindfs-$1.conf
description "Force $1 group for $1 ftp folder"
  start on stopped mountall
  script
    bindfs --create-for-group=$1 --create-with-perms=u+rw,g+rw,o-rwx /var/sftp/MASTER_SITE/$1/inbound/ /var/sftp/MASTER_SITE/$1/inbound/
    bindfs --create-for-group=$1 --create-with-perms=u+rw,g+rw,o-rwx /var/sftp/MASTER_SITE/$1/outbound/ /var/sftp/MASTER_SITE/$1/outbound/
end script
__FILE_CONTENTS__
initctl start bindfs-$1