-
Notifications
You must be signed in to change notification settings - Fork 2
/
users.sh
executable file
·60 lines (45 loc) · 2.09 KB
/
users.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
#!/bin/bash
FTP_DIRECTORY="/home/aws/s3bucket/ftp-users"
# Create a group for ftp users
groupadd ftpaccess
# Create a directory where all ftp/sftp users home directories will go
mkdir -p $FTP_DIRECTORY
chown root:root $FTP_DIRECTORY
chmod 755 $FTP_DIRECTORY
# Expecing an environment variable called USERS to look like "bob:hashedbobspassword steve:hashedstevespassword"
for u in $USERS; do
read username passwd <<< $(echo $u | sed 's/:/ /g')
# User needs to be created every time since stopping the docker container gets rid of users.
useradd -d "$FTP_DIRECTORY/$username" -s /usr/sbin/nologin $username
usermod -G ftpaccess $username
# set the users password
echo $u | chpasswd -e
if [ -z "$username" ] || [ -z "$passwd" ]; then
echo "Invalid username:password combination '$u': please fix to create '$username'"
continue
elif [ -d "$FTP_DIRECTORY/$username" ]; then
echo "Skipping creation of '$username' directory: already exists"
# Directory exists but permissions for it have to be setup anyway.
chown root:ftpaccess "$FTP_DIRECTORY/$username"
chmod 750 "$FTP_DIRECTORY/$username"
chown $username:ftpaccess "$FTP_DIRECTORY/$username/files"
chmod 750 "$FTP_DIRECTORY/$username/files"
# Create .ssh folder and authorized_keys file, for ssh-key sftp access
mkdir -p "$FTP_DIRECTORY/$username/.ssh"
chmod 700 "$FTP_DIRECTORY/$username/.ssh"
chown $username "$FTP_DIRECTORY/$username/.ssh"
touch "$FTP_DIRECTORY/$username/.ssh/authorized_keys"
chmod 600 "$FTP_DIRECTORY/$username/.ssh/authorized_keys"
chown $username "$FTP_DIRECTORY/$username/.ssh/authorized_keys"
else
echo "Creating '$username' directory..."
# Root must own all directories leading up to and including users home directory
mkdir -p "$FTP_DIRECTORY/$username"
chown root:ftpaccess "$FTP_DIRECTORY/$username"
chmod 750 "$FTP_DIRECTORY/$username"
# Need files sub-directory for SFTP chroot
mkdir -p "$FTP_DIRECTORY/$username/files"
chown $username:ftpaccess "$FTP_DIRECTORY/$username/files"
chmod 750 "$FTP_DIRECTORY/$username/files"
fi
done