addons
/
add-sftp-user
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix group detection bug - use word boundary matching and improve variable handling

main
Anthony 2025-11-04 18:13:16 +08:00
parent 8ccdc1bfc8
commit 44297955d1
1 changed files with 18 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
check-sftp-user.sh
View File

@ -58,19 +58,26 @@ echo
echo "=== 2. USER GROUPS CHECK ===" echo "=== 2. USER GROUPS CHECK ==="
if id "$USERNAME" &>/dev/null; then if id "$USERNAME" &>/dev/null; then
GROUPS=$(id -Gn "$USERNAME") GROUPS=$(id -Gn "$USERNAME" 2>/dev/null)
if echo "$GROUPS" | grep -q "sftpusers"; then GROUPS_LIST="$GROUPS"
# Debug: Show actual groups
echo " All groups: $GROUPS_LIST"
# Check for sftpusers or sshusers group
if echo "$GROUPS_LIST" | grep -qw "sftpusers"; then
print_status "OK" "User is in sftpusers group (SFTP-only access)" print_status "OK" "User is in sftpusers group (SFTP-only access)"
elif echo "$GROUPS" | grep -q "sshusers"; then elif echo "$GROUPS_LIST" | grep -qw "sshusers"; then
print_status "OK" "User is in sshusers group (SSH+SFTP access)" print_status "OK" "User is in sshusers group (SSH+SFTP access)"
else else
print_status "ERROR" "User is NOT in sftpusers or sshusers group!" print_status "ERROR" "User is NOT in sftpusers or sshusers group!"
echo " Current groups: $GROUPS" echo " Current groups: $GROUPS_LIST"
echo " Fix: usermod -aG sftpusers $USERNAME (for SFTP-only)" echo " Fix: usermod -aG sftpusers $USERNAME (for SFTP-only)"
echo " Fix: usermod -aG sshusers $USERNAME (for SSH+SFTP)" echo " Fix: usermod -aG sshusers $USERNAME (for SSH+SFTP)"
fi fi
if echo "$GROUPS" | grep -q "litespeed"; then # Check for litespeed group
if echo "$GROUPS_LIST" | grep -qw "litespeed"; then
print_status "OK" "User is in litespeed group" print_status "OK" "User is in litespeed group"
else else
print_status "WARNING" "User is NOT in litespeed group (may affect file access)" print_status "WARNING" "User is NOT in litespeed group (may affect file access)"
@ -301,20 +308,22 @@ echo
echo "=== 9. AUTHENTICATION TEST (SIMULATED) ===" echo "=== 9. AUTHENTICATION TEST (SIMULATED) ==="
if id "$USERNAME" &>/dev/null; then if id "$USERNAME" &>/dev/null; then
USER_SHELL=$(getent passwd $USERNAME | cut -d: -f7) USER_SHELL=$(getent passwd $USERNAME | cut -d: -f7)
AUTH_GROUPS=$(id -Gn "$USERNAME" 2>/dev/null)
if [ "$USER_SHELL" = "/sbin/nologin" ]; then if [ "$USER_SHELL" = "/sbin/nologin" ]; then
GROUPS=$(id -Gn "$USERNAME") if echo "$AUTH_GROUPS" | grep -qw "sftpusers"; then
if echo "$GROUPS" | grep -q "sftpusers"; then
print_status "OK" "User configured for SFTP-only (nologin shell + sftpusers group)" print_status "OK" "User configured for SFTP-only (nologin shell + sftpusers group)"
echo " Note: This user can ONLY use SFTP, not SSH shell access" echo " Note: This user can ONLY use SFTP, not SSH shell access"
else else
print_status "ERROR" "User has nologin shell but NOT in sftpusers group!" print_status "ERROR" "User has nologin shell but NOT in sftpusers group!"
echo " Current groups: $AUTH_GROUPS"
fi fi
elif [ "$USER_SHELL" = "/bin/bash" ] || [ "$USER_SHELL" = "/bin/sh" ]; then elif [ "$USER_SHELL" = "/bin/bash" ] || [ "$USER_SHELL" = "/bin/sh" ]; then
GROUPS=$(id -Gn "$USERNAME") if echo "$AUTH_GROUPS" | grep -qw "sshusers"; then
if echo "$GROUPS" | grep -q "sshusers"; then
print_status "OK" "User configured for SSH+SFTP (bash shell + sshusers group)" print_status "OK" "User configured for SSH+SFTP (bash shell + sshusers group)"
else else
print_status "ERROR" "User has bash shell but NOT in sshusers group!" print_status "ERROR" "User has bash shell but NOT in sshusers group!"
echo " Current groups: $AUTH_GROUPS"
echo " Fix: usermod -aG sshusers $USERNAME" echo " Fix: usermod -aG sshusers $USERNAME"
fi fi
else else