Applied fixes to user creation
parent
cc7b177511
commit
4b5d7d1d8a
73
add-sftp.sh
73
add-sftp.sh
|
|
@ -231,10 +231,38 @@ USERNAME=$1
|
|||
PASSWORD=$2
|
||||
SSH_ENABLED=${3:-false}
|
||||
|
||||
# Validate required parameters
|
||||
if [ -z "$USERNAME" ] || [ -z "$PASSWORD" ]; then
|
||||
echo "ERROR: Missing required parameters. Usage: $0 <username> <password> [ssh_enabled]" >&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# Log to file only
|
||||
log "======== STARTING SFTP USER SETUP ========"
|
||||
log "Script started with username: $USERNAME, ssh_enabled: $SSH_ENABLED"
|
||||
|
||||
# Pre-flight checks
|
||||
log "Phase 0: Pre-flight environment checks"
|
||||
if [ ! -d "/var/www/webroot/ROOT" ]; then
|
||||
log_error "Web root directory /var/www/webroot/ROOT does not exist"
|
||||
echo "ERROR: Web root directory /var/www/webroot/ROOT does not exist" >&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if [ ! -x "/usr/sbin/useradd" ]; then
|
||||
log_error "useradd command not found or not executable"
|
||||
echo "ERROR: useradd command not found or not executable" >&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if [ ! -x "/usr/sbin/chpasswd" ]; then
|
||||
log_error "chpasswd command not found or not executable"
|
||||
echo "ERROR: chpasswd command not found or not executable" >&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
log_success "Pre-flight checks passed"
|
||||
|
||||
# Log system information
|
||||
log_system_info
|
||||
|
||||
|
|
@ -242,6 +270,7 @@ log_system_info
|
|||
log "Phase 1: Configuring SSH/SFTP service"
|
||||
if ! fix_sftp_config; then
|
||||
log_error "Failed to configure SSH/SFTP service, exiting"
|
||||
echo "ERROR: Failed to configure SSH/SFTP service" >&2
|
||||
exit 1
|
||||
fi
|
||||
log_success "SSH/SFTP service configuration completed"
|
||||
|
|
@ -255,6 +284,7 @@ log_success "Directory permissions fixed for chroot"
|
|||
log "Phase 2: Validating username"
|
||||
if ! validate_username "$USERNAME"; then
|
||||
log_error "Username validation failed, exiting"
|
||||
echo "ERROR: Username validation failed for: $USERNAME" >&2
|
||||
exit 1
|
||||
fi
|
||||
log_success "Username validation passed"
|
||||
|
|
@ -263,6 +293,7 @@ log_success "Username validation passed"
|
|||
log "Phase 3: Checking if user already exists"
|
||||
if id "$USERNAME" &>/dev/null; then
|
||||
log_error "Username $USERNAME already exists. Please choose a different username."
|
||||
echo "ERROR: Username $USERNAME already exists" >&2
|
||||
exit 1
|
||||
fi
|
||||
log_success "Username is available for creation"
|
||||
|
|
@ -293,16 +324,28 @@ log_success "Directory setup completed"
|
|||
log "Phase 6: Creating user account"
|
||||
if [ "$SSH_ENABLED" = "true" ]; then
|
||||
log "Creating user with SSH access"
|
||||
log_cmd "useradd -d $USER_HOME -m -s /bin/bash $USERNAME" "Creating user with bash shell"
|
||||
if ! log_cmd "useradd -d $USER_HOME -m -s /bin/bash $USERNAME" "Creating user with bash shell"; then
|
||||
log_error "Failed to create user account with SSH access"
|
||||
echo "ERROR: Failed to create user account with SSH access" >&2
|
||||
exit 1
|
||||
fi
|
||||
else
|
||||
log "Creating user with SFTP-only access"
|
||||
log_cmd "useradd -d $USER_HOME -m -s /sbin/nologin $USERNAME" "Creating user with nologin shell"
|
||||
if ! log_cmd "useradd -d $USER_HOME -m -s /sbin/nologin $USERNAME" "Creating user with nologin shell"; then
|
||||
log_error "Failed to create user account with SFTP-only access"
|
||||
echo "ERROR: Failed to create user account with SFTP-only access" >&2
|
||||
exit 1
|
||||
fi
|
||||
fi
|
||||
log_success "User account created"
|
||||
|
||||
# Set password
|
||||
log "Phase 7: Setting user password"
|
||||
log_cmd "echo '$USERNAME:$PASSWORD' | chpasswd" "Setting user password"
|
||||
if ! log_cmd "echo '$USERNAME:$PASSWORD' | chpasswd" "Setting user password"; then
|
||||
log_error "Failed to set password for user $USERNAME"
|
||||
echo "ERROR: Failed to set password for user $USERNAME" >&2
|
||||
exit 1
|
||||
fi
|
||||
log_success "Password set for user $USERNAME"
|
||||
|
||||
# Set up proper directory structure for chroot jail
|
||||
|
|
@ -317,12 +360,30 @@ log_cmd "chmod 775 $USER_HOME/data" "Setting permissions for data directory"
|
|||
|
||||
# Create mount point for webroot (using bind mount instead of symlink)
|
||||
log "Phase 9: Setting up webroot access via bind mount"
|
||||
log_cmd "mkdir -p $USER_HOME/data/ROOT" "Creating ROOT mount point"
|
||||
log_cmd "mount --bind $ROOT_DIRECTORY $USER_HOME/data/ROOT" "Binding webroot to user's ROOT directory"
|
||||
if ! log_cmd "mkdir -p $USER_HOME/data/ROOT" "Creating ROOT mount point"; then
|
||||
log_error "Failed to create ROOT mount point directory"
|
||||
echo "ERROR: Failed to create ROOT mount point directory" >&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# Check if ROOT_DIRECTORY exists before mounting
|
||||
if [ ! -d "$ROOT_DIRECTORY" ]; then
|
||||
log_error "Root directory $ROOT_DIRECTORY does not exist"
|
||||
echo "ERROR: Root directory $ROOT_DIRECTORY does not exist" >&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if ! log_cmd "mount --bind $ROOT_DIRECTORY $USER_HOME/data/ROOT" "Binding webroot to user's ROOT directory"; then
|
||||
log_error "Failed to create bind mount for webroot access"
|
||||
echo "ERROR: Failed to create bind mount for webroot access" >&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# Add mount to fstab to persist across reboots
|
||||
if ! grep -q "$ROOT_DIRECTORY $USER_HOME/data/ROOT" /etc/fstab; then
|
||||
log_cmd "echo \"$ROOT_DIRECTORY $USER_HOME/data/ROOT none bind 0 0\" >> /etc/fstab" "Adding bind mount to fstab"
|
||||
if ! log_cmd "echo \"$ROOT_DIRECTORY $USER_HOME/data/ROOT none bind 0 0\" >> /etc/fstab" "Adding bind mount to fstab"; then
|
||||
log_warning "Failed to add bind mount to fstab - mount may not persist across reboots"
|
||||
fi
|
||||
fi
|
||||
|
||||
log_success "Created bind mount for webroot access"
|
||||
|
|
|
|||
|
|
@ -0,0 +1,71 @@
|
|||
#!/bin/bash
|
||||
|
||||
echo "=== SFTP Addon Debug Script ==="
|
||||
echo "Timestamp: $(date)"
|
||||
echo
|
||||
|
||||
echo "=== Environment Checks ==="
|
||||
echo "Operating System: $(cat /etc/os-release | grep PRETTY_NAME | cut -d= -f2 | tr -d '\"')"
|
||||
echo "Kernel: $(uname -r)"
|
||||
echo "User running script: $(whoami)"
|
||||
echo "Current directory: $(pwd)"
|
||||
echo
|
||||
|
||||
echo "=== Directory Checks ==="
|
||||
echo "Web root exists: $([ -d '/var/www/webroot/ROOT' ] && echo 'YES' || echo 'NO')"
|
||||
echo "SFTP users dir exists: $([ -d '/home/sftpusers' ] && echo 'YES' || echo 'NO')"
|
||||
echo "Addon directory exists: $([ -d '/home/jelastic/add-sftp-user-addon' ] && echo 'YES' || echo 'NO')"
|
||||
echo "Logs directory exists: $([ -d '/home/jelastic/add-sftp-user-addon/logs' ] && echo 'YES' || echo 'NO')"
|
||||
echo
|
||||
|
||||
echo "=== File Permissions ==="
|
||||
echo "/home permissions: $(stat -c '%a %U:%G' /home)"
|
||||
echo "/home/sftpusers permissions: $([ -d '/home/sftpusers' ] && stat -c '%a %U:%G' /home/sftpusers || echo 'Directory does not exist')"
|
||||
echo "/var/www/webroot/ROOT permissions: $([ -d '/var/www/webroot/ROOT' ] && stat -c '%a %U:%G' /var/www/webroot/ROOT || echo 'Directory does not exist')"
|
||||
echo
|
||||
|
||||
echo "=== Command Availability ==="
|
||||
echo "useradd: $(which useradd || echo 'NOT FOUND')"
|
||||
echo "chpasswd: $(which chpasswd || echo 'NOT FOUND')"
|
||||
echo "mount: $(which mount || echo 'NOT FOUND')"
|
||||
echo "sshd: $(which sshd || echo 'NOT FOUND')"
|
||||
echo
|
||||
|
||||
echo "=== SSH Configuration ==="
|
||||
echo "SSH service status: $(systemctl is-active sshd)"
|
||||
echo "SSH config test: $(sshd -t 2>&1 && echo 'VALID' || echo 'INVALID')"
|
||||
echo "SFTP subsystem configured: $(grep -q 'Subsystem.*sftp' /etc/ssh/sshd_config && echo 'YES' || echo 'NO')"
|
||||
echo "Match Group sftpusers configured: $(grep -q 'Match Group sftpusers' /etc/ssh/sshd_config && echo 'YES' || echo 'NO')"
|
||||
echo
|
||||
|
||||
echo "=== Group Information ==="
|
||||
echo "sftpusers group exists: $(getent group sftpusers >/dev/null && echo 'YES' || echo 'NO')"
|
||||
echo "litespeed group exists: $(getent group litespeed >/dev/null && echo 'YES' || echo 'NO')"
|
||||
echo
|
||||
|
||||
echo "=== Recent Logs ==="
|
||||
if [ -f "/home/jelastic/add-sftp-user-addon/logs/script_output.log" ]; then
|
||||
echo "Last 10 lines from script_output.log:"
|
||||
tail -10 /home/jelastic/add-sftp-user-addon/logs/script_output.log
|
||||
else
|
||||
echo "No script output log found"
|
||||
fi
|
||||
echo
|
||||
|
||||
if [ -f "/home/jelastic/add-sftp-user-addon/logs/errors.log" ]; then
|
||||
echo "Last 5 lines from errors.log:"
|
||||
tail -5 /home/jelastic/add-sftp-user-addon/logs/errors.log
|
||||
else
|
||||
echo "No error log found"
|
||||
fi
|
||||
echo
|
||||
|
||||
echo "=== Existing SFTP Users ==="
|
||||
if [ -d "/home/sftpusers" ]; then
|
||||
ls -la /home/sftpusers/ | head -20
|
||||
else
|
||||
echo "No SFTP users directory found"
|
||||
fi
|
||||
|
||||
echo
|
||||
echo "=== Debug Script Complete ==="
|
||||
43
manifest.jps
43
manifest.jps
|
|
@ -168,34 +168,35 @@ actions:
|
|||
- cmd[cp]:
|
||||
user: root
|
||||
commands: |-
|
||||
# Run the script directly capturing only the variables we need
|
||||
# Create unique log file for this operation
|
||||
OUTPUT_LOG="/home/jelastic/add-sftp-user-addon/logs/user_creation-$(date +%Y%m%d%H%M%S).log"
|
||||
touch "$OUTPUT_LOG"
|
||||
|
||||
# Run the script with all output going to the log file
|
||||
source /home/jelastic/add-sftp-user-addon/add-sftp.sh ${globals.username} ${globals.password} ${globals.ssh_enabled} > "$OUTPUT_LOG" 2>&1
|
||||
# Execute the script and capture exit status
|
||||
/home/jelastic/add-sftp-user-addon/add-sftp.sh "${globals.username}" "${globals.password}" "${globals.ssh_enabled}" >> "$OUTPUT_LOG" 2>&1
|
||||
SCRIPT_EXIT_STATUS=$?
|
||||
|
||||
# Export only username - no other output
|
||||
if [ -n "$CREATED_USERNAME" ]; then
|
||||
echo "$CREATED_USERNAME"
|
||||
# Log the exit status
|
||||
echo "Script exit status: $SCRIPT_EXIT_STATUS" >> "$OUTPUT_LOG"
|
||||
|
||||
# Check if script succeeded
|
||||
if [ $SCRIPT_EXIT_STATUS -eq 0 ]; then
|
||||
echo "SUCCESS: User ${globals.username} created successfully"
|
||||
exit 0
|
||||
else
|
||||
# Fallback to the original username if variable not set
|
||||
echo "${globals.username}"
|
||||
echo "ERROR: Script failed with exit status $SCRIPT_EXIT_STATUS"
|
||||
# Output last 10 lines of log for debugging
|
||||
echo "Last 10 lines of log:"
|
||||
tail -10 "$OUTPUT_LOG"
|
||||
exit $SCRIPT_EXIT_STATUS
|
||||
fi
|
||||
- if ("${response.exitStatus}" != "0"):
|
||||
return:
|
||||
type: error
|
||||
message: "Failed to create SFTP user ${globals.username}. Error details: ${response.out}"
|
||||
- setGlobals:
|
||||
username: ${response.out}
|
||||
- cmd[cp]:
|
||||
user: root
|
||||
commands: |-
|
||||
# Export only password - no other output
|
||||
if [ -n "$CREATED_PASSWORD" ]; then
|
||||
echo "$CREATED_PASSWORD"
|
||||
else
|
||||
# Fallback to the original password if variable not set
|
||||
echo "${globals.password}"
|
||||
fi
|
||||
- setGlobals:
|
||||
password: ${response.out}
|
||||
username: ${globals.username}
|
||||
password: ${globals.password}
|
||||
- return:
|
||||
type: info
|
||||
message: "Connection Details\n\nSFTP Host: ${globals.sftpHost}\n\nPort: ${globals.sftpPort}\n\nLogin Credentials\n\nUsername: ${globals.username}\n\nPassword: ${globals.password}\n\nNotes:\n- Files are accessible at /data/ROOT inside your SFTP session\n- If you enabled SSH access, you can also log in via SSH"
|
||||
|
|
|
|||
Loading…
Reference in New Issue