Skip to content

Instantly share code, notes, and snippets.

@lucashalbert

lucashalbert/createChrootedHome.sh

Created March 27, 2019 16:50
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save lucashalbert/208efd2097addac1abe83878998e31d0 to your computer and use it in GitHub Desktop.
Save lucashalbert/208efd2097addac1abe83878998e31d0 to your computer and use it in GitHub Desktop.
Download ZIP
Creates a new home directory with the specified owner and group. Sets advanced ACLs and sticky bits.
Raw
createChrootedHome.sh
#!/bin/bash
print_version() {
cat <<EOF
####################################################################################
#
# Author: Lucas Halbert <contactme@lhalbert.xyz>
# Date: 12/13/2016
# Last Edited: 03/27/2019
# Version: 2019.03.27
# Description: Creates a new directory with the specified owner and
# group. Sets advanced ACLs and sticky bits.
# License: BSD 3-Clause License
#
# Copyright (c) 2016, Lucas Halbert
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are met:
#
# * Redistributions of source code must retain the above copyright notice, this
# list of conditions and the following disclaimer.
#
# * Redistributions in binary form must reproduce the above copyright notice,
# this list of conditions and the following disclaimer in the documentation
# and/or other materials provided with the distribution.
#
# * Neither the name of the copyright holder nor the names of its
# contributors may be used to endorse or promote products derived from
# this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
# DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
#
####################################################################################
EOF
}
print_changelog() {
cat <<EOF
####################################################################################
#
# Revisions: 2019.03.27 - Add usage and verbosity
#
# 2016.12.13 - Initial Draft
#
####################################################################################
EOF
}
print_usage() {
cat <<EOF
Usage: $(basename $0) -U <username> -G <group> -D <directory-path> [-v|-vv|-vvv]\n"
Example: $(basename $0) -U user1 -G group1 -D /opt/chroot/home/user1
EOF
}
print_help() {
cat <<EOF
NAME
$(basename $0) - Creates a new directory with the specified owner and group. Sets advanced ACLs and sticky bits.
SYNOPSIS
$(basename $0) -U <username> -G <group> -D <directory-path> [-v|-vv|-vvv]\n"
DESCRIPTION
Creates a new directory with the specified owner and group. Sets advanced ACLs and sticky bits.
OPTIONS
-U user
Specify user
-G group
Specify uroup
-D directory-path
Specify the directory path to be created
-v|-vv|-vvv
Increase verbosity
-h
Print usage
-H|--help
Print detailed usage (this page)
-V
Print version details and changelog
EOF
}
DATE=$(date +"%Y%m%d-%H:%M")
VERBOSE=0
function createHomeDir() {
local USER=$1
local GROUP=$2
local DIR=$3
echo "clearing sssd cache"
sss_cache -E
echo "creating ${DIR}"
mkdir ${DIR}
echo "setting ACLs"
setfacl -dRm u::rwx ${DIR}
setfacl -dRm g::rwx ${DIR}
setfacl -dRm o::--- ${DIR}
echo "setting permissions"
chmod g+rwx ${DIR}
chmod u+s ${DIR}
chmod g+s ${DIR}
echo "setting group ownership"
chgrp ${GROUP} ${DIR}
echo "setting ownership"
chown ${USER} ${DIR}
}
printVerbose() {
# Print Verbose Info
local USER=$1
local GROUP=$2
local DIR=$3
cat <<EOF
Running the following Commands
sss_cache -E
mkdir ${DIR}
setfacl -dRm u::rwx ${DIR}
setfacl -dRm g::rwx ${DIR}
setfacl -dRm o::--- ${DIR}
chmod g+rwx ${DIR}
chmod u+s ${DIR}
chmod g+s ${DIR}
chgrp ${GROUP} ${DIR}
chown ${USER} ${DIR}
EOF
}
function failRootCheck() {
echo "This script must be run as root"
exit 1
}
# Check if script is being run as root
if [ "${EUID}" -ne 0 ]; then
failRootCheck
fi
# Get command line arguments
if [ ! "$#" -gt 0 ]; then
echo "This command requires arguments"
print_usage
exit 3
fi
while getopts :U:G:D:vVhH OPT; do
case $OPT in
U)
USERNAME=$OPTARG
;;
G)
GROUP=$OPTARG
;;
D)
DIRECTORY=$OPTARG
;;
v)
VERBOSE=$((VERBOSE+1))
;;
V)
print_version
print_changelog
exit 0
;;
h)
print_usage
exit 0
;;
H)
print_help
exit 0
;;
\?)
echo "Invalid option: $OPTARG"
print_usage
exit 3
;;
:)
echo "Option -$OPTARG requires an argument"
print_usage
exit 3
;;
esac
done
shift $((OPTIND-1))
if [[ -n "${USERNAME}" && -n "${GROUP}" && -n "$DIRECTORY" ]]; then
if [ "$VERBOSE" -gt 0 ]; then
printVerbose ${USERNAME} ${GROUP} ${DIRECTORY}
fi
createHomeDir ${USERNAME} ${GROUP} ${DIRECTORY}
else
if [[ -z "${USERNAME}" ]]; then
echo "Please Specify a User"
fi
if [[ -z "${GROUP}" ]]; then
echo "Please Specify a Group"
fi
if [[ -z "${DIRECTORY}" ]]; then
echo "Please Specify a Directory"
fi
exit 2
fi
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment