mirror of
https://github.com/Ravinou/borgwarehouse
synced 2024-05-29 03:52:48 +02:00
Change helper scripts to use less permissions
This commit is contained in:
parent
38824c2c6b
commit
d9d1156cfb
6
.gitignore
vendored
6
.gitignore
vendored
|
@ -105,6 +105,6 @@ dist
|
||||||
|
|
||||||
|
|
||||||
# local env files
|
# local env files
|
||||||
.env*.local
|
.env*.local
|
||||||
config/repo.json
|
config/repo.json
|
||||||
config/users.json
|
config/users.json
|
||||||
|
|
|
@ -1 +0,0 @@
|
||||||
[]
|
|
|
@ -1 +0,0 @@
|
||||||
[{"id":0,"email":"admin@demo.fr","username":"admin","password":"$2a$12$20yqRnuaDBH6AE0EvIUcEOzqkuBtn1wDzJdw2Beg8w9S.vEqdso0a","roles":["admin"]}]
|
|
14
helpers/shells/createRepo.sh
Normal file → Executable file
14
helpers/shells/createRepo.sh
Normal file → Executable file
|
@ -28,7 +28,7 @@ fi
|
||||||
# This pattern validates SSH public keys for : rsa, ed25519, ed25519-sk
|
# This pattern validates SSH public keys for : rsa, ed25519, ed25519-sk
|
||||||
pattern='(ssh-ed25519 AAAAC3NzaC1lZDI1NTE5|sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29t|ssh-rsa AAAAB3NzaC1yc2)[0-9A-Za-z+/]+[=]{0,3}(\s.*)?'
|
pattern='(ssh-ed25519 AAAAC3NzaC1lZDI1NTE5|sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29t|ssh-rsa AAAAB3NzaC1yc2)[0-9A-Za-z+/]+[=]{0,3}(\s.*)?'
|
||||||
if [[ ! "$2" =~ $pattern ]]
|
if [[ ! "$2" =~ $pattern ]]
|
||||||
then
|
then
|
||||||
echo "Invalid public SSH KEY format. Provide a key in OpenSSH format (rsa, ed25519, ed25519-sk)"
|
echo "Invalid public SSH KEY format. Provide a key in OpenSSH format (rsa, ed25519, ed25519-sk)"
|
||||||
exit 2
|
exit 2
|
||||||
fi
|
fi
|
||||||
|
@ -65,9 +65,6 @@ sudo mkdir -p ${home}/.ssh
|
||||||
## Create autorized_keys file
|
## Create autorized_keys file
|
||||||
sudo touch ${home}/.ssh/authorized_keys
|
sudo touch ${home}/.ssh/authorized_keys
|
||||||
|
|
||||||
## Create ${pool}
|
|
||||||
sudo mkdir -p ${pool}
|
|
||||||
|
|
||||||
## Create the repo
|
## Create the repo
|
||||||
sudo mkdir -p "${pool}/$1"
|
sudo mkdir -p "${pool}/$1"
|
||||||
|
|
||||||
|
@ -79,12 +76,13 @@ if [ ! -f "${authorized_keys}" ];then
|
||||||
fi
|
fi
|
||||||
|
|
||||||
## Change permissions
|
## Change permissions
|
||||||
sudo chmod -R 700 ${home}
|
sudo chmod -R 750 ${home}
|
||||||
sudo chmod 600 ${authorized_keys}
|
sudo chmod 600 ${authorized_keys}
|
||||||
sudo chown -R ${user}:${user} ${home}
|
sudo chown -R ${user}:borgwarehouse ${home}
|
||||||
|
|
||||||
## Add ssh public key in authorized_keys with borg restriction for only 1 repository (:$1) and storage quota
|
## Add ssh public key in authorized_keys with borg restriction for only 1 repository (:$1) and storage quota
|
||||||
sudo -u ${user} bash -c "echo 'command=\"cd ${pool};borg serve --restrict-to-repository ${pool}/$1 --storage-quota $3G\",restrict $2' >> ${authorized_keys}"
|
restricted_authkeys="command=\"cd ${pool};borg serve --restrict-to-repository ${pool}/$1 --storage-quota $3G\",restrict $2"
|
||||||
|
echo "$restricted_authkeys" | sudo tee ${authorized_keys} >/dev/null
|
||||||
|
|
||||||
## Return the unix user
|
## Return the unix user
|
||||||
echo ${user}
|
echo ${user}
|
||||||
|
|
7
helpers/shells/deleteRepo.sh
Normal file → Executable file
7
helpers/shells/deleteRepo.sh
Normal file → Executable file
|
@ -8,7 +8,7 @@
|
||||||
set -e
|
set -e
|
||||||
|
|
||||||
# Check arg
|
# Check arg
|
||||||
if [ "$1" == "" ];then
|
if [[ $# -ne 1 || $1 = "" ]]; then
|
||||||
echo "You must provide a username in argument."
|
echo "You must provide a username in argument."
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
@ -23,11 +23,10 @@ then
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Delete the user if it exists
|
# Delete the user if it exists
|
||||||
if sudo grep -q $1 /etc/passwd
|
if id "$1" &>/dev/null; then
|
||||||
then
|
|
||||||
sudo userdel -rf $1
|
sudo userdel -rf $1
|
||||||
echo "The user $1 and all his data have been deleted"
|
echo "The user $1 and all his data have been deleted"
|
||||||
else
|
else
|
||||||
echo "The user $1 does not exist"
|
echo "The user $1 does not exist"
|
||||||
exit 3
|
exit 3
|
||||||
fi
|
fi
|
||||||
|
|
2
helpers/shells/getLastSave.sh
Normal file → Executable file
2
helpers/shells/getLastSave.sh
Normal file → Executable file
|
@ -22,4 +22,4 @@
|
||||||
# Exit when any command fails
|
# Exit when any command fails
|
||||||
set -e
|
set -e
|
||||||
|
|
||||||
sudo bash -c 'stat -c {\"user\":\"%U\",\"lastSave\":%Y\} /var/borgwarehouse/*/repos/*/integrity* | jq -s'
|
stat -c {\"user\":\"%U\",\"lastSave\":%Y\} /var/borgwarehouse/*/repos/*/integrity* | jq -s
|
||||||
|
|
2
helpers/shells/getStorageUsed.sh
Normal file → Executable file
2
helpers/shells/getStorageUsed.sh
Normal file → Executable file
|
@ -16,4 +16,4 @@ set -e
|
||||||
|
|
||||||
# Use jc to output a JSON format with du command
|
# Use jc to output a JSON format with du command
|
||||||
cd /var/borgwarehouse
|
cd /var/borgwarehouse
|
||||||
sudo jc du -s *
|
jc du -s *
|
||||||
|
|
7
helpers/shells/updateRepo.sh
Normal file → Executable file
7
helpers/shells/updateRepo.sh
Normal file → Executable file
|
@ -20,7 +20,7 @@ home="/var/borgwarehouse/$1"
|
||||||
# This pattern validates SSH public keys for : rsa, ed25519, ed25519-sk
|
# This pattern validates SSH public keys for : rsa, ed25519, ed25519-sk
|
||||||
pattern='(ssh-ed25519 AAAAC3NzaC1lZDI1NTE5|sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29t|ssh-rsa AAAAB3NzaC1yc2)[0-9A-Za-z+/]+[=]{0,3}(\s.*)?'
|
pattern='(ssh-ed25519 AAAAC3NzaC1lZDI1NTE5|sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29t|ssh-rsa AAAAB3NzaC1yc2)[0-9A-Za-z+/]+[=]{0,3}(\s.*)?'
|
||||||
if [[ ! "$2" =~ $pattern ]]
|
if [[ ! "$2" =~ $pattern ]]
|
||||||
then
|
then
|
||||||
echo "Invalid public SSH KEY format. Provide a key in OpenSSH format (rsa, ed25519, ed25519-sk)"
|
echo "Invalid public SSH KEY format. Provide a key in OpenSSH format (rsa, ed25519, ed25519-sk)"
|
||||||
exit 2
|
exit 2
|
||||||
fi
|
fi
|
||||||
|
@ -35,8 +35,7 @@ then
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Check if the user exists
|
# Check if the user exists
|
||||||
if ! sudo grep -q $1 /etc/passwd
|
if ! id "$1" &>/dev/null; then
|
||||||
then
|
|
||||||
echo "The user $1 does not exist"
|
echo "The user $1 does not exist"
|
||||||
exit 4
|
exit 4
|
||||||
fi
|
fi
|
||||||
|
@ -45,4 +44,4 @@ fi
|
||||||
sudo sed -ri "s|(command=\".*\",restrict ).*|\1$2|g" "$home/.ssh/authorized_keys"
|
sudo sed -ri "s|(command=\".*\",restrict ).*|\1$2|g" "$home/.ssh/authorized_keys"
|
||||||
|
|
||||||
# Modify authorized_keys for the user : only the quota is modify with this regex
|
# Modify authorized_keys for the user : only the quota is modify with this regex
|
||||||
sudo sed -ri "s|--storage-quota.*\"|--storage-quota $3G\"|g" "$home/.ssh/authorized_keys"
|
sudo sed -ri "s|--storage-quota.*\"|--storage-quota $3G\"|g" "$home/.ssh/authorized_keys"
|
||||||
|
|
Loading…
Reference in a new issue