-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathadd_users_in_container.sh
executable file
·65 lines (51 loc) · 2.92 KB
/
add_users_in_container.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
#!/bin/bash
# This script will update the env.list file (file containing USERS environrment variable) and add the new users if there are any.
FTP_DIRECTORY="/home/aws/s3bucket/ftp-users"
CONFIG_FILE="env.list" # May need to modify config file name to reflect future changes in env file location/name
SLEEP_DURATION=60
# Change theses next two variables to set different permissions for files/directories
# These were default from vsftpd so change accordingly if necessary
FILE_PERMISSIONS=644
DIRECTORY_PERMISSIONS=750
add_users() {
aws s3 cp s3://$CONFIG_BUCKET/$CONFIG_FILE ~/$CONFIG_FILE
USERS=$(cat ~/"$CONFIG_FILE" | grep USERS | cut -d '=' -f2)
for u in $USERS; do
read username passwd <<< $(echo $u | sed 's/:/ /g')
# If account exists set password again
# In cases where password changes in env file
if getent passwd "$username" >/dev/null 2>&1; then
echo $u | chpasswd -e
# Fix for issue when pulling files that were uploaded directly to S3 (through aws web console)
# Permissions when uploaded directly through S3 Web client were set as:
# 000 root:root
# This would not allow ftp users to read the files
# Search for files and directories not owned correctly
find "$FTP_DIRECTORY/$username/files/" -mindepth 1 \( \! -user "$username" \! -group "$username" \) -print0 | xargs -0 -r chown "$username:$username"
# Search for files with incorrect permissions
find "$FTP_DIRECTORY/$username/files/" -mindepth 1 -type f \! -perm "$FILE_PERMISSIONS" -print0 | xargs -0 -r chmod "$FILE_PERMISSIONS"
# Search for directories with incorrect permissions
find "$FTP_DIRECTORY/$username/files/" -mindepth 1 -type d \! -perm "$DIRECTORY_PERMISSIONS" -print0 | xargs -0 -r chmod "$DIRECTORY_PERMISSIONS"
# Search for .ssh folders and authorized_keys files with incorrect permissions/ownership
find "$FTP_DIRECTORY/$username/.ssh" -mindepth 1 -type d \! -perm 700 -print0 | xargs -0 -r chmod 700
find "$FTP_DIRECTORY/$username/.ssh" -mindepth 1 -type d \! -user "$username" -print0 | xargs -0 -r chown "$username"
find "$FTP_DIRECTORY/$username/.ssh/authorized_keys" -mindepth 1 -type f \! -perm 600 -print0 | xargs -0 -r chmod 600
find "$FTP_DIRECTORY/$username/.ssh/authorized_keys" -mindepth 1 -type f \! -user "$username" -print0 | xargs -0 -r chown "$username"
fi
# If user account doesn't exist create it
if ! getent passwd "$username" >/dev/null 2>&1; then
useradd -d "$FTP_DIRECTORY/$username" -s /usr/sbin/nologin $username
usermod -G ftpaccess $username
mkdir -p "$FTP_DIRECTORY/$username"
chown root:ftpaccess "$FTP_DIRECTORY/$username"
chmod 750 "$FTP_DIRECTORY/$username"
mkdir -p "$FTP_DIRECTORY/$username/files"
chown $username:ftpaccess "$FTP_DIRECTORY/$username/files"
chmod 750 "$FTP_DIRECTORY/$username/files"
fi
done
}
while true; do
add_users
sleep $SLEEP_DURATION
done