mirror of
https://github.com/Ravinou/borgwarehouse
synced 2024-06-04 15:02:48 +02:00
fix: prevents creation with a pubkey already used
This commit is contained in:
parent
eace07ed9a
commit
95126cfa57
|
@ -5,6 +5,7 @@
|
||||||
# Main steps are :
|
# Main steps are :
|
||||||
# - check if args are present
|
# - check if args are present
|
||||||
# - check the ssh pub key format
|
# - check the ssh pub key format
|
||||||
|
# - check if the ssh pub key is already present in authorized_keys
|
||||||
# - check if borgbackup package is install
|
# - check if borgbackup package is install
|
||||||
# - generate a random repositoryName
|
# - generate a random repositoryName
|
||||||
# - add the SSH public key in the authorized_keys with borg restriction for repository and storage quota.
|
# - add the SSH public key in the authorized_keys with borg restriction for repository and storage quota.
|
||||||
|
@ -12,7 +13,7 @@
|
||||||
# He can only use the borg command. Moreover, he will not be able to leave his repository or create a new one.
|
# He can only use the borg command. Moreover, he will not be able to leave his repository or create a new one.
|
||||||
# It is similar to a jail and that is the goal.
|
# It is similar to a jail and that is the goal.
|
||||||
|
|
||||||
# WAITING resolve of this for quota... : https://github.com/borgbackup/borg/issues/7757
|
# Limitation : all SSH pubkey are unique : https://github.com/borgbackup/borg/issues/7757
|
||||||
|
|
||||||
# Exit when any command fails
|
# Exit when any command fails
|
||||||
set -e
|
set -e
|
||||||
|
@ -44,10 +45,16 @@ then
|
||||||
exit 2
|
exit 2
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
# Check if SSH pub key is already present in authorized_keys
|
||||||
|
if grep -q "$1" "$authorized_keys"; then
|
||||||
|
echo "SSH pub key already present in authorized_keys"
|
||||||
|
exit 3
|
||||||
|
fi
|
||||||
|
|
||||||
# Check if borgbackup is installed
|
# Check if borgbackup is installed
|
||||||
if ! [ -x "$(command -v borg)" ]; then
|
if ! [ -x "$(command -v borg)" ]; then
|
||||||
echo "You must install borgbackup package."
|
echo "You must install borgbackup package."
|
||||||
exit 3
|
exit 4
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Generation of a random for repositoryName
|
# Generation of a random for repositoryName
|
||||||
|
@ -59,12 +66,12 @@ repositoryName=$(randRepositoryName)
|
||||||
## Check if authorized_keys exists
|
## Check if authorized_keys exists
|
||||||
if [ ! -f "${authorized_keys}" ];then
|
if [ ! -f "${authorized_keys}" ];then
|
||||||
echo "${authorized_keys} must be present"
|
echo "${authorized_keys} must be present"
|
||||||
exit 4
|
exit 5
|
||||||
fi
|
fi
|
||||||
|
|
||||||
## Add ssh public key in authorized_keys with borg restriction for only 1 repository (:$1) and storage quota
|
## Add ssh public key in authorized_keys with borg restriction for only 1 repository and storage quota
|
||||||
restricted_authkeys="command=\"cd ${pool};borg serve --restrict-to-path ${pool}/${repositoryName} --storage-quota $2G\",restrict $1"
|
restricted_authkeys="command=\"cd ${pool};borg serve --restrict-to-path ${pool}/${repositoryName} --storage-quota $2G\",restrict $1"
|
||||||
echo "$restricted_authkeys" | tee -a "${authorized_keys}" >/dev/null
|
echo "$restricted_authkeys" | tee -a "${authorized_keys}" >/dev/null
|
||||||
|
|
||||||
## Return the unix user
|
## Return the repositoryName
|
||||||
echo "${repositoryName}"
|
echo "${repositoryName}"
|
Loading…
Reference in a new issue