#!/bin/bash

# Check if running as root
if [ "$EUID" -ne 0 ]; then
    echo "Please run as root or use sudo."
    exit 1
fi

# Configuration
USERNAME="tecmint1"   # Replace with your username
PASSWORD="secure123" # Replace with your password
JAIL_PATH="/var/lib/" # Replace with your desired jail path

# Step 1: Create SSH Chroot Jail at your specified path
mkdir -p $JAIL_PATH
cd $JAIL_PATH

# Create dev directory and required device files
mkdir -p dev
cd dev
mknod -m 666 null c 1 3
mknod -m 666 tty c 5 0
mknod -m 666 zero c 1 5
mknod -m 666 random c 1 8
cd ..

# Set ownership and permissions for the jail
chown root:root $JAIL_PATH
chmod 0755 $JAIL_PATH

# Step 2: Setup Interactive Shell
mkdir -p bin
cp -v /bin/bash bin/

# Copy required shared libraries
mkdir -p lib64
cp -v /lib64/{libtinfo.so.5,libdl.so.2,libc.so.6,ld-linux-x86-64.so.2} lib64/

# Step 3: Create and Configure SSH User
useradd $USERNAME
echo "$USERNAME:$PASSWORD" | chpasswd

# Create etc directory and copy passwd and group files
mkdir -p etc
cp -vf /etc/{passwd,group} etc/

# Modify the user's home directory in the chrooted passwd file
sed -i "s|^$USERNAME:.*|$USERNAME:x:$(id -u $USERNAME):$(id -g $USERNAME)::/:/bin/bash|" $JAIL_PATH/etc/passwd

# Step 4: Configure SSH to Use Chroot Jail
echo "
Match User $USERNAME
ChrootDirectory $JAIL_PATH
ForceCommand internal-sftp" >> /etc/ssh/sshd_config

# Restart SSH service
systemctl restart sshd

# Step 5: Set the desired directory as the working directory (no home directory needed)
# The user will be placed directly in /var/k3s/storage/mypvc when they connect

# Step 6: Add Basic Commands (Optional - for debugging)
cp -v /bin/{ls,date,mkdir} $JAIL_PATH/bin/
# Copy required libraries for these commands
cp -v /lib64/{libselinux.so.1,libcap.so.2,libacl.so.1,libc.so.6,libpcre.so.1,libdl.so.2,ld-linux-x86-64.so.2,libattr.so.1,libpthread.so.0} $JAIL_PATH/lib64/

echo "Chroot jail setup completed for user $USERNAME at $JAIL_PATH"
echo "User will be placed directly in $JAIL_PATH when connecting via SFTP"