Valentin Lab
6 years ago
5 changed files with 141 additions and 46 deletions
-
10sftp/build/Dockerfile
-
8sftp/build/src/etc/ssh/sshd_config
-
51sftp/hooks/init
-
114sftp/lib/common
-
4sftp/metadata.yml
@ -0,0 +1,10 @@ |
|||||
|
FROM alpine:3.7 |
||||
|
|
||||
|
RUN apk add --no-cache openssh openssh-sftp-server |
||||
|
|
||||
|
RUN ssh-keygen -t rsa -b 4096 -f /etc/ssh/ssh_host_rsa_key -N '' && \ |
||||
|
ssh-keygen -t ed25519 -f /etc/ssh/ssh_host_ed25519_key -N '' |
||||
|
|
||||
|
COPY src/ . |
||||
|
|
||||
|
CMD /usr/sbin/sshd -D -e |
@ -0,0 +1,8 @@ |
|||||
|
UseDNS no |
||||
|
PermitRootLogin no |
||||
|
Subsystem sftp internal-sftp |
||||
|
ChrootDirectory %h |
||||
|
X11Forwarding no |
||||
|
AllowTcpForwarding no |
||||
|
ForceCommand internal-sftp |
||||
|
|
@ -0,0 +1,114 @@ |
|||||
|
# -*- mode: shell-script -*- |
||||
|
|
||||
|
|
||||
|
make_build_script() { |
||||
|
local users_def="$1" cache_file="$CACHEDIR/$FUNCNAME.cache.$(p0 "$@" | md5_compat)" |
||||
|
if [ -e "$cache_file" ]; then |
||||
|
#debug "$FUNCNAME: STATIC cache hit" |
||||
|
cat "$cache_file" && |
||||
|
touch "$cache_file" || return 1 |
||||
|
return 0 |
||||
|
fi |
||||
|
|
||||
|
local users_def="$1" \ |
||||
|
code fixed_groups_code groups_code volume_keys \ |
||||
|
created_groups first_group |
||||
|
|
||||
|
if [ -z "$users_def" ]; then |
||||
|
return 0 |
||||
|
fi |
||||
|
|
||||
|
e "set -eux"$'\n' |
||||
|
code="" |
||||
|
fixed_groups_code="" |
||||
|
groups_code="" |
||||
|
volume_keys=() |
||||
|
|
||||
|
declare -A created_groups |
||||
|
while read-0 user user_def; do |
||||
|
|
||||
|
code+="mkdir -p \"/home/$user\""$'\n' |
||||
|
|
||||
|
## |
||||
|
## Group management |
||||
|
## |
||||
|
|
||||
|
first_group= |
||||
|
groups=() |
||||
|
first=1 |
||||
|
while read-0 group; do |
||||
|
[ "${created_groups[$group]}" ] && continue |
||||
|
if [[ "$group" == *":"* ]]; then |
||||
|
gid=${group##*:} |
||||
|
group=${group%%:*} |
||||
|
fixed_groups_code+="addgroup -g \"$gid\" \"$group\""$'\n' |
||||
|
else |
||||
|
groups_code+="addgroup \"$group\""$'\n' |
||||
|
fi |
||||
|
created_groups[$group]=1 |
||||
|
if [ "$first" ]; then |
||||
|
first_group="$group" |
||||
|
first= |
||||
|
else |
||||
|
remaining_groups+=("$group") |
||||
|
fi |
||||
|
groups+=("$group") |
||||
|
done < <(echo "$user_def" | shyaml get-values-0 groups 2>/dev/null) |
||||
|
|
||||
|
|
||||
|
## |
||||
|
## User create commands |
||||
|
## |
||||
|
|
||||
|
uid=$(echo "$user_def" | shyaml get-value uid 2>/dev/null) |
||||
|
|
||||
|
useradd_options=( |
||||
|
"-D" ## don't assign a password |
||||
|
"-s" "/bin/false" ## default shell |
||||
|
) |
||||
|
if [ "$uid" ]; then |
||||
|
useradd_options+=("-u" "$uid") ## force uid |
||||
|
fi |
||||
|
if [ "$first_group" ]; then |
||||
|
useradd_options+=("-G" "$first_group") ## force main group |
||||
|
fi |
||||
|
|
||||
|
code+="adduser ${useradd_options[*]} \"$user\""$'\n' |
||||
|
if [ "$allow_writeable_chroot" ]; then |
||||
|
code+="chown $user \"/home/$user\""$'\n' ## sanitize |
||||
|
else |
||||
|
code+="chown root:root \"/home/$user\""$'\n' ## sanitize |
||||
|
fi |
||||
|
code+="chmod 755 \"/home/$user\""$'\n' ## sanitize |
||||
|
password=$(echo "$user_def" | shyaml get-value password 2>/dev/null) || |
||||
|
password=$(gen_password 14) |
||||
|
code+="echo '$user:$password' | chpasswd"$'\n' |
||||
|
for group in "${remaining_groups[@]}"; do |
||||
|
code+="adduser \"$user\" \"$group\""$'\n' |
||||
|
done |
||||
|
|
||||
|
## |
||||
|
## Key managements |
||||
|
## |
||||
|
|
||||
|
while read-0 key; do |
||||
|
keys+="$key"$'\n' |
||||
|
done < <(echo "$user_def" | shyaml get-values-0 -q keys) |
||||
|
if [ "$keys" ]; then |
||||
|
code+="mkdir -p \"/home/$user/.ssh\""$'\n' |
||||
|
code+="cat <<EOF > /home/$user/.ssh/authorized_keys"$'\n' |
||||
|
code+="$keys" |
||||
|
code+="EOF"$'\n' |
||||
|
# code+="chown $user /home/$user/.ssh/authorized_keys"$'\n' |
||||
|
code+="chmod 644 /home/$user/.ssh/authorized_keys"$'\n' |
||||
|
code+="chmod 755 /home/$user/.ssh"$'\n' |
||||
|
|
||||
|
fi |
||||
|
|
||||
|
done < <(echo "$users_def" | shyaml key-values-0) |
||||
|
{ |
||||
|
echo -n "$fixed_groups_code" |
||||
|
echo -n "$groups_code" |
||||
|
echo -n "$code" |
||||
|
} | tee "$cache_file" |
||||
|
} |
@ -1,8 +1,6 @@ |
|||||
docker-image: docker.0k.io/sftp:carif |
|
||||
config-resources: |
|
||||
- /etc/sftp-users.conf |
|
||||
data-resources: |
data-resources: |
||||
- /home |
- /home |
||||
provides: |
provides: |
||||
sftp-access: |
sftp-access: |
||||
tech-dep: False |
tech-dep: False |
||||
|
|
Write
Preview
Loading…
Cancel
Save
Reference in new issue