Add create_chroot_user_custom.sh
هذا الالتزام موجود في:
68
create_chroot_user_custom.sh
Normal file
68
create_chroot_user_custom.sh
Normal file
@@ -0,0 +1,68 @@
|
||||
#!/bin/bash
|
||||
|
||||
# Check if running as root
|
||||
if [ "$EUID" -ne 0 ]; then
|
||||
echo "Please run as root or use sudo."
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# Configuration
|
||||
USERNAME="tecmint1" # Replace with your username
|
||||
PASSWORD="secure123" # Replace with your password
|
||||
JAIL_PATH="/var/lib/" # Replace with your desired jail path
|
||||
|
||||
# Step 1: Create SSH Chroot Jail at your specified path
|
||||
mkdir -p $JAIL_PATH
|
||||
cd $JAIL_PATH
|
||||
|
||||
# Create dev directory and required device files
|
||||
mkdir -p dev
|
||||
cd dev
|
||||
mknod -m 666 null c 1 3
|
||||
mknod -m 666 tty c 5 0
|
||||
mknod -m 666 zero c 1 5
|
||||
mknod -m 666 random c 1 8
|
||||
cd ..
|
||||
|
||||
# Set ownership and permissions for the jail
|
||||
chown root:root $JAIL_PATH
|
||||
chmod 0755 $JAIL_PATH
|
||||
|
||||
# Step 2: Setup Interactive Shell
|
||||
mkdir -p bin
|
||||
cp -v /bin/bash bin/
|
||||
|
||||
# Copy required shared libraries
|
||||
mkdir -p lib64
|
||||
cp -v /lib64/{libtinfo.so.5,libdl.so.2,libc.so.6,ld-linux-x86-64.so.2} lib64/
|
||||
|
||||
# Step 3: Create and Configure SSH User
|
||||
useradd $USERNAME
|
||||
echo "$USERNAME:$PASSWORD" | chpasswd
|
||||
|
||||
# Create etc directory and copy passwd and group files
|
||||
mkdir -p etc
|
||||
cp -vf /etc/{passwd,group} etc/
|
||||
|
||||
# Modify the user's home directory in the chrooted passwd file
|
||||
sed -i "s|^$USERNAME:.*|$USERNAME:x:$(id -u $USERNAME):$(id -g $USERNAME)::/:/bin/bash|" $JAIL_PATH/etc/passwd
|
||||
|
||||
# Step 4: Configure SSH to Use Chroot Jail
|
||||
echo "
|
||||
Match User $USERNAME
|
||||
ChrootDirectory $JAIL_PATH
|
||||
ForceCommand internal-sftp" >> /etc/ssh/sshd_config
|
||||
|
||||
# Restart SSH service
|
||||
systemctl restart sshd
|
||||
|
||||
# Step 5: Set the desired directory as the working directory (no home directory needed)
|
||||
# The user will be placed directly in /var/k3s/storage/mypvc when they connect
|
||||
|
||||
# Step 6: Add Basic Commands (Optional - for debugging)
|
||||
cp -v /bin/{ls,date,mkdir} $JAIL_PATH/bin/
|
||||
# Copy required libraries for these commands
|
||||
cp -v /lib64/{libselinux.so.1,libcap.so.2,libacl.so.1,libc.so.6,libpcre.so.1,libdl.so.2,ld-linux-x86-64.so.2,libattr.so.1,libpthread.so.0} $JAIL_PATH/lib64/
|
||||
|
||||
echo "Chroot jail setup completed for user $USERNAME at $JAIL_PATH"
|
||||
echo "User will be placed directly in $JAIL_PATH when connecting via SFTP"
|
||||
المرجع في مشكلة جديدة
حظر مستخدم