andsens/chrooted.sh

## chrooted.sh
#!/bin/bash

# source this file in /root/.bashrc or /root/.zshrc

# Sets up the server for chrooted users
configure_chrooted() {
	grep ^chrooted: /etc/group
	if [[ $? == 0 ]]; then
		printf "The chrooted group already exists, aborting...\n"
		exit 1
	fi
	mkdir /var/chrooted
	addgroup chrooted
	cat >> /etc/ssh/sshd_config <<EOF

Match group chrooted
	ChrootDirectory /var/chrooted/%u
	AllowTCPForwarding no
	X11Forwarding no
	ForceCommand internal-sftp -u 002
	PasswordAuthentication yes

EOF
	/etc/init.d/ssh reload
}

# Creates a chrooted user
function create_chrooted() {
	grep ^chrooted: /etc/group
	if [[ $? == 1 ]]; then
		printf "The chrooted group does not exists (run configure_chrooted first), aborting...\n"
		exit 1
	fi

	local username
	printf "Enter username: "
	read username
	id ${username} > /dev/null
	if [[ $? == 0 ]]; then
		printf "Username exists, aborting..."
		exit 1
	fi

	printf "Name of import user: "
	read import_user
	id ${import_user} > /dev/null
	if [[ $? != 0 ]]; then
		printf "Import user does not exist, aborting..."
		exit 1
	fi


	printf "Creating home dir\n"
	local home="/var/chrooted/${username}"
	mkdir ${home}

	printf "Creating user\n"
	useradd --home /upload -M --shell /usr/sbin/nologin --groups chrooted ${username}

	printf "Setting password\n"
	local password=$(printf "%s\n" $(< /dev/urandom tr -dc A-Za-z0-9 | head -c8))
	printf "${username}:${password}\n" | chpasswd

	printf "Creating import folders and granting access to import user\n"
	mkdir ${home}/upload ${home}/failed ${home}/archive
	chown ${import_user}:${import_user} ${home}/failed ${home}/archive
	chown ${username}:${username} ${home}/upload
	chmod g+ws ${home}/upload
	addgroup ${import_user} ${username}

	printf "Here is the login information:\n\n"
	printf "Host: $(hostname)\n"
	printf "Username: ${username}\n"
	printf "Password: ${password}\n"
	printf "URL: sftp://${username}:${password}@$(hostname)\n"
}
	#!/bin/bash

	# source this file in /root/.bashrc or /root/.zshrc

	# Sets up the server for chrooted users
	configure_chrooted() {
	grep ^chrooted: /etc/group
	if [[ $? == 0 ]]; then
	printf "The chrooted group already exists, aborting...\n"
	exit 1
	fi
	mkdir /var/chrooted
	addgroup chrooted
	cat >> /etc/ssh/sshd_config <<EOF

	Match group chrooted
	ChrootDirectory /var/chrooted/%u
	AllowTCPForwarding no
	X11Forwarding no
	ForceCommand internal-sftp -u 002
	PasswordAuthentication yes

	EOF
	/etc/init.d/ssh reload
	}

	# Creates a chrooted user
	function create_chrooted() {
	grep ^chrooted: /etc/group
	if [[ $? == 1 ]]; then
	printf "The chrooted group does not exists (run configure_chrooted first), aborting...\n"
	exit 1
	fi

	local username
	printf "Enter username: "
	read username
	id ${username} > /dev/null
	if [[ $? == 0 ]]; then
	printf "Username exists, aborting..."
	exit 1
	fi

	printf "Name of import user: "
	read import_user
	id ${import_user} > /dev/null
	if [[ $? != 0 ]]; then
	printf "Import user does not exist, aborting..."
	exit 1
	fi


	printf "Creating home dir\n"
	local home="/var/chrooted/${username}"
	mkdir ${home}

	printf "Creating user\n"
	useradd --home /upload -M --shell /usr/sbin/nologin --groups chrooted ${username}

	printf "Setting password\n"
	local password=$(printf "%s\n" $(< /dev/urandom tr -dc A-Za-z0-9 \| head -c8))
	printf "${username}:${password}\n" \| chpasswd

	printf "Creating import folders and granting access to import user\n"
	mkdir ${home}/upload ${home}/failed ${home}/archive
	chown ${import_user}:${import_user} ${home}/failed ${home}/archive
	chown ${username}:${username} ${home}/upload
	chmod g+ws ${home}/upload
	addgroup ${import_user} ${username}

	printf "Here is the login information:\n\n"
	printf "Host: $(hostname)\n"
	printf "Username: ${username}\n"
	printf "Password: ${password}\n"
	printf "URL: sftp://${username}:${password}@$(hostname)\n"
	}