mirror of
https://github.com/Ravinou/borgwarehouse
synced 2024-05-15 20:16:50 +02:00
Change helper scripts to use less permissions
This commit is contained in:
parent
38824c2c6b
commit
d9d1156cfb
6
.gitignore
vendored
6
.gitignore
vendored
|
@ -105,6 +105,6 @@ dist
|
|||
|
||||
|
||||
# local env files
|
||||
.env*.local
|
||||
config/repo.json
|
||||
config/users.json
|
||||
.env*.local
|
||||
config/repo.json
|
||||
config/users.json
|
||||
|
|
|
@ -1 +0,0 @@
|
|||
[]
|
|
@ -1 +0,0 @@
|
|||
[{"id":0,"email":"admin@demo.fr","username":"admin","password":"$2a$12$20yqRnuaDBH6AE0EvIUcEOzqkuBtn1wDzJdw2Beg8w9S.vEqdso0a","roles":["admin"]}]
|
14
helpers/shells/createRepo.sh
Normal file → Executable file
14
helpers/shells/createRepo.sh
Normal file → Executable file
|
@ -28,7 +28,7 @@ fi
|
|||
# This pattern validates SSH public keys for : rsa, ed25519, ed25519-sk
|
||||
pattern='(ssh-ed25519 AAAAC3NzaC1lZDI1NTE5|sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29t|ssh-rsa AAAAB3NzaC1yc2)[0-9A-Za-z+/]+[=]{0,3}(\s.*)?'
|
||||
if [[ ! "$2" =~ $pattern ]]
|
||||
then
|
||||
then
|
||||
echo "Invalid public SSH KEY format. Provide a key in OpenSSH format (rsa, ed25519, ed25519-sk)"
|
||||
exit 2
|
||||
fi
|
||||
|
@ -65,9 +65,6 @@ sudo mkdir -p ${home}/.ssh
|
|||
## Create autorized_keys file
|
||||
sudo touch ${home}/.ssh/authorized_keys
|
||||
|
||||
## Create ${pool}
|
||||
sudo mkdir -p ${pool}
|
||||
|
||||
## Create the repo
|
||||
sudo mkdir -p "${pool}/$1"
|
||||
|
||||
|
@ -79,12 +76,13 @@ if [ ! -f "${authorized_keys}" ];then
|
|||
fi
|
||||
|
||||
## Change permissions
|
||||
sudo chmod -R 700 ${home}
|
||||
sudo chmod -R 750 ${home}
|
||||
sudo chmod 600 ${authorized_keys}
|
||||
sudo chown -R ${user}:${user} ${home}
|
||||
sudo chown -R ${user}:borgwarehouse ${home}
|
||||
|
||||
## Add ssh public key in authorized_keys with borg restriction for only 1 repository (:$1) and storage quota
|
||||
sudo -u ${user} bash -c "echo 'command=\"cd ${pool};borg serve --restrict-to-repository ${pool}/$1 --storage-quota $3G\",restrict $2' >> ${authorized_keys}"
|
||||
restricted_authkeys="command=\"cd ${pool};borg serve --restrict-to-repository ${pool}/$1 --storage-quota $3G\",restrict $2"
|
||||
echo "$restricted_authkeys" | sudo tee ${authorized_keys} >/dev/null
|
||||
|
||||
## Return the unix user
|
||||
echo ${user}
|
||||
echo ${user}
|
||||
|
|
7
helpers/shells/deleteRepo.sh
Normal file → Executable file
7
helpers/shells/deleteRepo.sh
Normal file → Executable file
|
@ -8,7 +8,7 @@
|
|||
set -e
|
||||
|
||||
# Check arg
|
||||
if [ "$1" == "" ];then
|
||||
if [[ $# -ne 1 || $1 = "" ]]; then
|
||||
echo "You must provide a username in argument."
|
||||
exit 1
|
||||
fi
|
||||
|
@ -23,11 +23,10 @@ then
|
|||
fi
|
||||
|
||||
# Delete the user if it exists
|
||||
if sudo grep -q $1 /etc/passwd
|
||||
then
|
||||
if id "$1" &>/dev/null; then
|
||||
sudo userdel -rf $1
|
||||
echo "The user $1 and all his data have been deleted"
|
||||
else
|
||||
echo "The user $1 does not exist"
|
||||
exit 3
|
||||
fi
|
||||
fi
|
||||
|
|
2
helpers/shells/getLastSave.sh
Normal file → Executable file
2
helpers/shells/getLastSave.sh
Normal file → Executable file
|
@ -22,4 +22,4 @@
|
|||
# Exit when any command fails
|
||||
set -e
|
||||
|
||||
sudo bash -c 'stat -c {\"user\":\"%U\",\"lastSave\":%Y\} /var/borgwarehouse/*/repos/*/integrity* | jq -s'
|
||||
stat -c {\"user\":\"%U\",\"lastSave\":%Y\} /var/borgwarehouse/*/repos/*/integrity* | jq -s
|
||||
|
|
2
helpers/shells/getStorageUsed.sh
Normal file → Executable file
2
helpers/shells/getStorageUsed.sh
Normal file → Executable file
|
@ -16,4 +16,4 @@ set -e
|
|||
|
||||
# Use jc to output a JSON format with du command
|
||||
cd /var/borgwarehouse
|
||||
sudo jc du -s *
|
||||
jc du -s *
|
||||
|
|
7
helpers/shells/updateRepo.sh
Normal file → Executable file
7
helpers/shells/updateRepo.sh
Normal file → Executable file
|
@ -20,7 +20,7 @@ home="/var/borgwarehouse/$1"
|
|||
# This pattern validates SSH public keys for : rsa, ed25519, ed25519-sk
|
||||
pattern='(ssh-ed25519 AAAAC3NzaC1lZDI1NTE5|sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29t|ssh-rsa AAAAB3NzaC1yc2)[0-9A-Za-z+/]+[=]{0,3}(\s.*)?'
|
||||
if [[ ! "$2" =~ $pattern ]]
|
||||
then
|
||||
then
|
||||
echo "Invalid public SSH KEY format. Provide a key in OpenSSH format (rsa, ed25519, ed25519-sk)"
|
||||
exit 2
|
||||
fi
|
||||
|
@ -35,8 +35,7 @@ then
|
|||
fi
|
||||
|
||||
# Check if the user exists
|
||||
if ! sudo grep -q $1 /etc/passwd
|
||||
then
|
||||
if ! id "$1" &>/dev/null; then
|
||||
echo "The user $1 does not exist"
|
||||
exit 4
|
||||
fi
|
||||
|
@ -45,4 +44,4 @@ fi
|
|||
sudo sed -ri "s|(command=\".*\",restrict ).*|\1$2|g" "$home/.ssh/authorized_keys"
|
||||
|
||||
# Modify authorized_keys for the user : only the quota is modify with this regex
|
||||
sudo sed -ri "s|--storage-quota.*\"|--storage-quota $3G\"|g" "$home/.ssh/authorized_keys"
|
||||
sudo sed -ri "s|--storage-quota.*\"|--storage-quota $3G\"|g" "$home/.ssh/authorized_keys"
|
||||
|
|
Loading…
Reference in a new issue