EcchiShell v1.0

You In Here : //proc/self/root/sbin/sbin/sbin/sbin/#!/bin/sh # # Copyright (C) 2017 Ruilin Peng (Nick) # umask 027 JAIL_SETUP_SCRIPT="/usr/local/jail-shell/bin/jail-shell-setup" JAIL_CONFIG_FILE="/etc/jail-shell/jail-shell.conf" CONF_PATH="/etc/jail-shell/jail-config" showhelp() { echo "Usage: jail-shell [user | jail | config ] [OPTION]" echo "Options:" echo " user [option]" echo " -l | --list list jail users." echo " -a | --add [user | group] add a user or group to jail-shell, start with '@' means group." echo " -d | --del [user | group] del a user or group from jail-shell. start with '@' means group." echo " -n | --namespace [namespace] user namespace: mnt,pid,ipc,net,uts." echo " -j | --jail [jail name ] jail shell name." echo "" echo " jail [option]" echo " -l | --list list jail names." echo " -i | --install [jail name | all] install a jail shell." echo " -r | --remove [jail name] remove a jail shell." echo " -c | --clean [jail name | all] clean up a jail shell." echo " -e | --edit [jail name] create and or edit jail shell configuration." echo " -d | --delete [jail name] delete jail configuration." echo "" echo "example:" echo " user operation:" echo " add user: jail-shell user -a user -j jail -n mnt,pid" echo " add group: jail-shell user -a @group -j jail -n mnt,pid" echo " del user: jail-shell -d user" echo " jail operation:" echo " install jail: jail-shell jail -i jail" echo " remove jail: jail-shell jail -r jail" } is_user_exist() { echo "$1" | grep "@" > /dev/null 2>&1 if [ $? -ne 0 ]; then id -u $1 >/dev/null 2>&1 return $? fi GROUP="`echo $1 | sed 's/@//g'`" getent group $GROUP >/dev/null 2>&1 if [ $? -ne 0 ]; then return 1 fi return 0 } is_user_added() { user="$1" grep "^ *$user[[:space:]]" $JAIL_CONFIG_FILE >/dev/null 2>&1 return $? } is_namespace_valid() { local namespace=$1 local ret=0 OIFS=$IFS IFS="," for f in $namespace do case "$f" in mnt|ipc|net|pid|uts|none) continue ;; * ) ret=1 break ;; esac done IFS=$OIFS return $ret } is_jail_exist() { local jail=$1 JAIL_CFG="$CONF_PATH/${jail}.cfg" if [ ! -e $JAIL_CFG ]; then return 1 fi return 0 } user() { local act="none" local jail="" local namespace="mnt,pid" local user="" OPTS=`getopt -o la:d:n:j: --long list,add:del:namespace:jail: \ -n "" -- "$@"` if [ $? != 0 ] ; then echo "Terminating..." >&2 ; exit 1 ; fi # Note the quotes around `$TEMP': they are essential! eval set -- "$OPTS" while true; do case "$1" in -l | --list) act="LIST" shift ;; -a | --add ) act="ADD" user="$2" shift 2;; -d | --del) act="DEL" user="$2" shift 2;; -n | --namespace ) namespace="$2" shift 2;; -j | --jail) jail="$2" shift 2;; -- ) shift; break ;; * ) break ;; esac done if [ "$act" = "LIST" ]; then printf "%-24s %-24s %-24s\n" "[User/Group]" "[Jail]" "[Namespace]" while read USER JAIL NAMESPACE do case "$USER" in ""|\#*) continue ;; esac if [ -z "$NAMESPACE" ]; then continue fi printf "%-24s %-24s %-24s\n" "$USER" "$JAIL" "$NAMESPACE" done < $JAIL_CONFIG_FILE elif [ "$act" = "ADD" ]; then is_user_exist $user if [ $? -ne 0 ]; then echo "user or group $user doesn't exists." echo "please add user or group with 'useradd' or 'groupadd' to system first." return 1 fi is_user_added $user if [ $? -eq 0 ]; then echo "user or group $user exists." return 1 fi is_namespace_valid $namespace if [ $? -ne 0 ]; then echo "namespace is invalid." return 1 fi if [ -z "$jail" ]; then echo "please input jail name" return 1 fi is_jail_exist $jail if [ $? -ne 0 ]; then echo "jail $jail is not exist." return 1 fi printf "%-24s %-24s %-24s\n" "$user" "$jail" "$namespace" >> $JAIL_CONFIG_FILE if [ $? -ne 0 ]; then echo "add config failed." return 1 fi return 0 elif [ "$act" = "DEL" ]; then is_user_exist $user if [ $? -ne 0 ]; then echo "user $user doesn't exist." return 1 fi sed -i "/^ *$user[[:space:]]/d" $JAIL_CONFIG_FILE if [ $? -ne 0 ]; then echo "delete user failed." return 1 fi return 0 else showhelp return 1 fi } jail() { local act="none" local jail="" OPTS=`getopt -o li:r:c:e:d: --long list,install:,remove:,clean:edit:,delete: \ -n "" -- "$@"` if [ $? != 0 ] ; then echo "Terminating..." >&2 ; exit 1 ; fi # Note the quotes around `$TEMP': they are essential! eval set -- "$OPTS" while true; do case "$1" in -l | --list ) $JAIL_SETUP_SCRIPT --list return $? shift ;; -i | --install) $JAIL_SETUP_SCRIPT --install $2 return $? shift 2;; -r | --remove) $JAIL_SETUP_SCRIPT --remove $2 return $? shift 2;; -c | --clean) $JAIL_SETUP_SCRIPT --clean $2 return $? shift 2;; -e | --edit) JAIL="$2" JAIL_CFG="$CONF_PATH/${JAIL}.cfg" JAIL_SAMPLE="" if [ ! -f "$JAIL_CFG" ]; then if [ -h "/bin" ]; then JAIL_SAMPLE="$CONF_PATH/jail-bin-symbolic-link.cfg.sample" else JAIL_SAMPLE="$CONF_PATH/jail.cfg.sample" fi cp $JAIL_SAMPLE $JAIL_CFG -a if [ $? -ne 0 ]; then echo "copy sample at $CONF_PATH failed." return 1 fi fi vi $JAIL_CFG # File is not edited. if [ ! -z "$JAIL_SAMPLE" ]; then if [ "`stat -c %Y $JAIL_SAMPLE`" = "`stat -c %Y $JAIL_CFG`" ]; then rm $JAIL_CFG echo "Jail not saved, you can run vi command :w! to save." return 1 fi fi echo "please run 'jail-shell jail -i $JAIL' to install jail." return 0 shift 2;; -d | --delete) JAIL="$2" JAIL_CFG="$CONF_PATH/${JAIL}.cfg" is_jail_exist $JAIL if [ $? -ne 0 ]; then echo "jail $JAIL doesn't exist." return 1 fi $JAIL_SETUP_SCRIPT --remove $2 >/dev/null 2>&1 rm -f $JAIL_CFG if [ $? -ne 0 ]; then echo "delete jail configuration failed." return 1 fi echo "delete $JAIL success." return 0 shift 2;; -- ) shift; break ;; * ) break ;; esac done showhelp return $? } config() { OPTS=`getopt -o h --long help \ -n "" -- "$@"` if [ $? != 0 ] ; then echo "Terminating..." >&2 ; exit 1 ; fi # Note the quotes around `$TEMP': they are essential! eval set -- "$OPTS" while true; do case "$1" in -h | --help ) showhelp return 0 shift ;; -- ) shift; break ;; * ) break ;; esac done } main() { local mode="$1" if [ $# -lt 1 ]; then showhelp return $? fi shift 1 case "$mode" in user) user $@ return $? ;; jail) jail $@ return $? ;; config) config $@ return $? ;; help) showhelp return $? ;; *) showhelp return $? ;; esac } main $@ exit $?