1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102
|
#!/bin/bash
#set -x
TMPFILE1=`mktemp`
TMPGROUP=`mktemp`
TMPFILE2=`mktemp`
TMPFILE3=`mktemp`
# les applications autorisees
APPS="/bin/bash /bin/cp /bin/groups /bin/ls /bin/su /bin/chattr /bin/strace /bin/chown /bin/mkdir /bin/more bin/mv /bin/rm /bin/rmdir /usr/bin/rsync /usr/bin/scp /usr/bin/wget /usr/bin/vim /usr/bin/vi /bin/less /usr/bin/tail /usr/bin/clear /bin/chmod /usr/bin/iconv /usr/bin/find /usr/bin/rename /bin/nano /usr/bin/diff /bin/grep /usr/bin/whoami /usr/bin/cut /usr/bin/awk /usr/bin/sort /bin/sed /usr/bin/head /sbin/useradd"
# dossier de base pour le chroot
DEFDIR="/home"
# sous dossier en ecriture
WRITDIR="public_html"
# on declare l utilisateur pour lequel on cree la cage. l utilisateur est passe en parametre
user_login=$1
# preparation de la structure
cd $DEFDIR/$user_login
mkdir {bin,dev,lib,lib64,$WRITDIR}
mknod dev/null c 1 3
mknod dev/zero c 1 5
chmod 0666 dev/{null,zero}
chown $user_login $WRITDIR
chmod 755 $DEFDIR/$user_login
chown root:root $DEFDIR/$user_login
# creation d un fichier passwd pour l environement chroot
mkdir -p $DEFDIR/$user_login$DEFDIR
ln -s / $DEFDIR/$user_login$DEFDIR/$user_login
cat /etc/passwd > ${TMPFILE1}
mkdir -p etc
cat ${TMPFILE1} > etc/passwd
cat /etc/group > ${TMPGROUP}
cat ${TMPGROUP} > etc/group
# on recupere les dependances des appli
for app in $APPS; do
if [ -x $app ]; then
app_path=`dirname $app`
if ! [ -d .$app_path ]; then
mkdir -p .$app_path
fi
cp -p $app .$app
# generation de la liste des dependances
ldd $app >> ${TMPFILE2}
fi
done
# nettoyage de la liste des dependances
for libs in `cat ${TMPFILE2}`; do
first_char="`echo $libs | cut -c1`"
if [ "$first_char" = "/" ]; then
echo "$libs" >> ${TMPFILE3}
fi
done
# copie des dependances dans la cage
for lib in `cat ${TMPFILE3}`; do
mkdir -p .`dirname $lib` > /dev/null 2>&1
cp $lib .$lib
done
# fichiers d emplacement variables suivant la distrib
DEPS="terminfo ld.so.cache libnsl.so.1 libnsl.so.1 libnss_compat.so.2 libnss_dns.so.2 libresolv.so.2 xterm"
# fichiers d emplacement fixe
FILES="/etc/host.conf /etc/hosts /etc/nsswitch.conf /etc/localtime /etc/resolv.conf /etc/services /etc/protocols"
#on complete
for DEP in $DEPS
do
FILES+=" $(find / -name $DEP -exec echo {} \; | grep -v "/var" | grep -v "${DEFDIR}")"
done
# on copie les fichiers dans la cage
for FILE in $FILES
do
if [ -f $FILE ]; then
DIR="$(dirname $FILE)/"
DIR=${DIR:1}
mkdir -p $DIR
cp $FILE $DIR
fi
done
rm -f ${TMPFILE1}
rm -f ${TMPGROUP}
rm -f ${TMPFILE2}
rm -f ${TMPFILE3} |
Partager