|
1
|
#!/bin/bash
|
|
2
|
|
|
3
|
# Create a chroot for an SSH user for apt read only access
|
|
4
|
USER=$1
|
|
5
|
CHROOT=/home/$1
|
|
6
|
useradd $USER
|
|
7
|
chown root.root -R $CHROOT
|
|
8
|
|
|
9
|
# Specific permission for .ssh
|
|
10
|
mkdir -m 750 $CHROOT/.ssh
|
|
11
|
touch $CHROOT/.ssh/authorized_keys
|
|
12
|
chmod 640 $CHROOT/.ssh/authorized_keys
|
|
13
|
chgrp -R $USER $CHROOT/.ssh
|
|
14
|
|
|
15
|
###
|
|
16
|
### to do by hand or by playbook
|
|
17
|
###
|
|
18
|
|
|
19
|
## configure ssh for chrooting user
|
|
20
|
#cat <<EOF >> /etc/ssh/sshd_config
|
|
21
|
## Added for chroot
|
|
22
|
#Match User $USER
|
|
23
|
#ChrootDirectory $CHROOT
|
|
24
|
#EOF
|
|
25
|
#
|
|
26
|
## predisporre bind mount del repo
|
|
27
|
#echo /home/reprepro/repo $CHROOT/debian none bind 0 0 >> /etc/fstab
|
|
28
|
## aggingere le chiavi necessarie
|
|
29
|
# echo ssh-rsa XXXXX id > $CHROOT/.ssh/authorized_keys
|
|
30
|
|
|
31
|
# prepare chroot
|
|
32
|
mkdir $CHROOT/{debian,dev,lib,lib64,bin,lib/x86_64-linux-gnu}
|
|
33
|
|
|
34
|
mknod -m 666 $CHROOT/dev/null c 1 3
|
|
35
|
mknod -m 666 $CHROOT/dev/tty c 5 0
|
|
36
|
mknod -m 666 $CHROOT/dev/zero c 1 5
|
|
37
|
mknod -m 666 $CHROOT/dev/random c 1 8
|
|
38
|
|
|
39
|
COMMANDS="bash sh dd find"
|
|
40
|
|
|
41
|
j=""
|
|
42
|
for i in $COMMANDS; do
|
|
43
|
j="$j$(which $i) "
|
|
44
|
done
|
|
45
|
|
|
46
|
# copy command
|
|
47
|
for i in $j; do
|
|
48
|
cp $i $CHROOT/bin/
|
|
49
|
done
|
|
50
|
|
|
51
|
# get command shared libs
|
|
52
|
LIST=$(for i in $j; do ldd $j; done |grep '=>'|awk '{print $3}'|sort|uniq)
|
|
53
|
|
|
54
|
# copy shared libs in chroot
|
|
55
|
for i in $LIST; do
|
|
56
|
cp $i $CHROOT/lib/x86_64-linux-gnu/
|
|
57
|
done
|
|
58
|
|
|
59
|
# copy this also
|
|
60
|
cp /lib64/ld-linux-x86-64.so.2 $CHROOT/lib64/
|