rambabusaravanan/jailuser

## readme.md

      
    Raw
  

              readme.md
            
          
    How to use


Download both the files in a directory.
Make sure that 'l2chroot.txt' exists in same location
Run with sudo permission

sudo ./jailuser customuser
Note

This works in Ubuntu and Debian

  
## jailuser
#!/bin/bash

D=/home/www-sftp
U=$1

if [ "$EUID" -ne 0 ]; then
	echo "Requires root permission .."
        echo "Usage: 'sudo $0 newusername'"
	exit 1
fi

if [[ -z "$U" ]]; then
        echo "username can't be empty .."
        echo "Usage: 'sudo $0 newusername'"
        exit 1
fi

if [ ! -d "$D" ]; then

        echo "Creating Jail Root ..";
        mkdir -vp $D

        ### 1] Create `/dev` directories

        ls -l /dev/{null,zero,stdin,stdout,stderr,random,tty}

        mkdir -vp $D/dev/
        mknod -m 666 $D/dev/null c 1 3
        mknod -m 666 $D/dev/tty c 5 0
        mknod -m 666 $D/dev/zero c 1 5
        mknod -m 666 $D/dev/random c 1 8

        chown root:root $D
        chmod 0755 $D

        ls -ld $D

        ### 2] Copy required bin commands to $D

        # 2.1 download script
        # wget http://www.cyberciti.biz/files/lighttpd/l2chroot.txt
        mv l2chroot.txt /root/l2chroot
        chmod +x /root/l2chroot
        # vi /root/l2chroot
        # BASE="/home/www-sftp"

        # 2.2 make dirs
	cd $D
        mkdir -vp $D/bin
        mkdir -vp $D/lib/
        mkdir -vp $D/lib64/
        mkdir -vp $D/lib/x86_64-linux-gnu/

        # 2.3 copy commands and ldd's
        cp -v /bin/bash $D/bin/
        cp -v /bin/ls $D/bin/
        cp -v /bin/date $D/bin/
        /root/l2chroot /bin/bash
        /root/l2chroot /bin/ls
        /root/l2chroot /bin/date
        # ldd /bin/bash

        # 2.4 copy other .so's
        cp -va /lib/x86_64-linux-gnu/libnss_files* $D/lib/x86_64-linux-gnu/

	# others (for cp users later)
	mkdir $D/etc/

fi


### 3] users and groups

# 3.1 create user
useradd -g www-data $U
echo "New password for user '$U'";
passwd $U

# 3.2 copy user list
cp -vf /etc/{passwd,group} $D/etc/

# On every update
# D=/home/www-sftp
# cp -vf /etc/{passwd,group} $D/etc/

# 3.3 configure ssh
#vi /etc/ssh/sshd_config
echo "Match User $U"                      >> /etc/ssh/sshd_config
echo "    ChrootDirectory /home/www-sftp" >> /etc/ssh/sshd_config
echo "    ForceCommand internal-sftp"     >> /etc/ssh/sshd_config
systemctl restart ssh.service
service ssh restart


### 4] Map Home Directory

mkdir -vp $D/home/$U
chown -R $U:www-data $D/home/$U/
chmod -R 0700 $D/home/$U/


### 5] Mount 'web' Directory

echo "Execute the below to 'Mount the web Directory'"
echo ""
echo "mkdir -v $D/home/$U/folder-name"
echo "mount --bind /var/www/folder-name $D/home/$U/folder-name"
echo "chown $U:www-data $D/home/$U/folder-name/"
echo "echo \"/var/www/folder-name $D/home/$U/folder-name none bind\" >> /etc/fstab"

## l2chroot.txt
#!/bin/bash
# Use this script to copy shared (libs) files to Apache/Lighttpd chrooted
# jail server.
# ----------------------------------------------------------------------------
# Written by nixCraft <http://www.cyberciti.biz/tips/>
# (c) 2006 nixCraft under GNU GPL v2.0+
# + Added ld-linux support
# + Added error checking support
# ------------------------------------------------------------------------------
# See url for usage:
# http://www.cyberciti.biz/tips/howto-setup-lighttpd-php-mysql-chrooted-jail.html
# -------------------------------------------------------------------------------
# Set CHROOT directory name
# BASE="/webroot"
BASE="/home/www-sftp"

if [ $# -eq 0 ]; then
  echo "Syntax : $0 /path/to/executable"
  echo "Example: $0 /usr/bin/php5-cgi"
  exit 1
fi

[ ! -d $BASE ] && mkdir -p $BASE || :

# iggy ld-linux* file as it is not shared one
FILES="$(ldd $1 | awk '{ print $3 }' |egrep -v ^'\(')"

echo "Copying shared files/libs to $BASE..."
for i in $FILES
do
  d="$(dirname $i)"
  [ ! -d $BASE$d ] && mkdir -p $BASE$d || :
  /bin/cp $i $BASE$d
done

# copy /lib/ld-linux* or /lib64/ld-linux* to $BASE/$sldlsubdir
# get ld-linux full file location
sldl="$(ldd $1 | grep 'ld-linux' | awk '{ print $1}')"
# now get sub-dir
sldlsubdir="$(dirname $sldl)"

if [ ! -f $BASE$sldl ];
then
  echo "Copying $sldl $BASE$sldlsubdir..."
  /bin/cp $sldl $BASE$sldlsubdir
else
  :
fi
	#!/bin/bash

	D=/home/www-sftp
	U=$1

	if [ "$EUID" -ne 0 ]; then
	echo "Requires root permission .."
	echo "Usage: 'sudo $0 newusername'"
	exit 1
	fi

	if [[ -z "$U" ]]; then
	echo "username can't be empty .."
	echo "Usage: 'sudo $0 newusername'"
	exit 1
	fi

	if [ ! -d "$D" ]; then

	echo "Creating Jail Root ..";
	mkdir -vp $D

	### 1] Create `/dev` directories

	ls -l /dev/{null,zero,stdin,stdout,stderr,random,tty}

	mkdir -vp $D/dev/
	mknod -m 666 $D/dev/null c 1 3
	mknod -m 666 $D/dev/tty c 5 0
	mknod -m 666 $D/dev/zero c 1 5
	mknod -m 666 $D/dev/random c 1 8

	chown root:root $D
	chmod 0755 $D

	ls -ld $D

	### 2] Copy required bin commands to $D

	# 2.1 download script
	# wget http://www.cyberciti.biz/files/lighttpd/l2chroot.txt
	mv l2chroot.txt /root/l2chroot
	chmod +x /root/l2chroot
	# vi /root/l2chroot
	# BASE="/home/www-sftp"

	# 2.2 make dirs
	cd $D
	mkdir -vp $D/bin
	mkdir -vp $D/lib/
	mkdir -vp $D/lib64/
	mkdir -vp $D/lib/x86_64-linux-gnu/

	# 2.3 copy commands and ldd's
	cp -v /bin/bash $D/bin/
	cp -v /bin/ls $D/bin/
	cp -v /bin/date $D/bin/
	/root/l2chroot /bin/bash
	/root/l2chroot /bin/ls
	/root/l2chroot /bin/date
	# ldd /bin/bash

	# 2.4 copy other .so's
	cp -va /lib/x86_64-linux-gnu/libnss_files* $D/lib/x86_64-linux-gnu/

	# others (for cp users later)
	mkdir $D/etc/

	fi


	### 3] users and groups

	# 3.1 create user
	useradd -g www-data $U
	echo "New password for user '$U'";
	passwd $U

	# 3.2 copy user list
	cp -vf /etc/{passwd,group} $D/etc/

	# On every update
	# D=/home/www-sftp
	# cp -vf /etc/{passwd,group} $D/etc/

	# 3.3 configure ssh
	#vi /etc/ssh/sshd_config
	echo "Match User $U" >> /etc/ssh/sshd_config
	echo " ChrootDirectory /home/www-sftp" >> /etc/ssh/sshd_config
	echo " ForceCommand internal-sftp" >> /etc/ssh/sshd_config
	systemctl restart ssh.service
	service ssh restart


	### 4] Map Home Directory

	mkdir -vp $D/home/$U
	chown -R $U:www-data $D/home/$U/
	chmod -R 0700 $D/home/$U/


	### 5] Mount 'web' Directory

	echo "Execute the below to 'Mount the web Directory'"
	echo ""
	echo "mkdir -v $D/home/$U/folder-name"
	echo "mount --bind /var/www/folder-name $D/home/$U/folder-name"
	echo "chown $U:www-data $D/home/$U/folder-name/"
	echo "echo \"/var/www/folder-name $D/home/$U/folder-name none bind\" >> /etc/fstab"
	#!/bin/bash
	# Use this script to copy shared (libs) files to Apache/Lighttpd chrooted
	# jail server.
	# ----------------------------------------------------------------------------
	# Written by nixCraft <http://www.cyberciti.biz/tips/>
	# (c) 2006 nixCraft under GNU GPL v2.0+
	# + Added ld-linux support
	# + Added error checking support
	# ------------------------------------------------------------------------------
	# See url for usage:
	# http://www.cyberciti.biz/tips/howto-setup-lighttpd-php-mysql-chrooted-jail.html
	# -------------------------------------------------------------------------------
	# Set CHROOT directory name
	# BASE="/webroot"
	BASE="/home/www-sftp"

	if [ $# -eq 0 ]; then
	echo "Syntax : $0 /path/to/executable"
	echo "Example: $0 /usr/bin/php5-cgi"
	exit 1
	fi

	[ ! -d $BASE ] && mkdir -p $BASE \|\| :

	# iggy ld-linux* file as it is not shared one
	FILES="$(ldd $1 \| awk '{ print $3 }' \|egrep -v ^'\(')"

	echo "Copying shared files/libs to $BASE..."
	for i in $FILES
	do
	d="$(dirname $i)"
	[ ! -d $BASE$d ] && mkdir -p $BASE$d \|\| :
	/bin/cp $i $BASE$d
	done

	# copy /lib/ld-linux* or /lib64/ld-linux* to $BASE/$sldlsubdir
	# get ld-linux full file location
	sldl="$(ldd $1 \| grep 'ld-linux' \| awk '{ print $1}')"
	# now get sub-dir
	sldlsubdir="$(dirname $sldl)"

	if [ ! -f $BASE$sldl ];
	then
	echo "Copying $sldl $BASE$sldlsubdir..."
	/bin/cp $sldl $BASE$sldlsubdir
	else
	:
	fi