From 4b5d7d1d8adca6b3d15d19495ab23a0ad48d9483 Mon Sep 17 00:00:00 2001 From: Anthony Date: Fri, 25 Jul 2025 01:44:09 +0800 Subject: [PATCH] Applied fixes to user creation --- add-sftp.sh | 73 ++++++++++++++++++++++++++++++++++++++++++++++----- debug-sftp.sh | 71 +++++++++++++++++++++++++++++++++++++++++++++++++ manifest.jps | 43 +++++++++++++++--------------- 3 files changed, 160 insertions(+), 27 deletions(-) create mode 100644 debug-sftp.sh diff --git a/add-sftp.sh b/add-sftp.sh index 463804c..0b1e0f2 100644 --- a/add-sftp.sh +++ b/add-sftp.sh @@ -231,10 +231,38 @@ USERNAME=$1 PASSWORD=$2 SSH_ENABLED=${3:-false} +# Validate required parameters +if [ -z "$USERNAME" ] || [ -z "$PASSWORD" ]; then + echo "ERROR: Missing required parameters. Usage: $0 [ssh_enabled]" >&2 + exit 1 +fi + # Log to file only log "======== STARTING SFTP USER SETUP ========" log "Script started with username: $USERNAME, ssh_enabled: $SSH_ENABLED" +# Pre-flight checks +log "Phase 0: Pre-flight environment checks" +if [ ! -d "/var/www/webroot/ROOT" ]; then + log_error "Web root directory /var/www/webroot/ROOT does not exist" + echo "ERROR: Web root directory /var/www/webroot/ROOT does not exist" >&2 + exit 1 +fi + +if [ ! -x "/usr/sbin/useradd" ]; then + log_error "useradd command not found or not executable" + echo "ERROR: useradd command not found or not executable" >&2 + exit 1 +fi + +if [ ! -x "/usr/sbin/chpasswd" ]; then + log_error "chpasswd command not found or not executable" + echo "ERROR: chpasswd command not found or not executable" >&2 + exit 1 +fi + +log_success "Pre-flight checks passed" + # Log system information log_system_info @@ -242,6 +270,7 @@ log_system_info log "Phase 1: Configuring SSH/SFTP service" if ! fix_sftp_config; then log_error "Failed to configure SSH/SFTP service, exiting" + echo "ERROR: Failed to configure SSH/SFTP service" >&2 exit 1 fi log_success "SSH/SFTP service configuration completed" @@ -255,6 +284,7 @@ log_success "Directory permissions fixed for chroot" log "Phase 2: Validating username" if ! validate_username "$USERNAME"; then log_error "Username validation failed, exiting" + echo "ERROR: Username validation failed for: $USERNAME" >&2 exit 1 fi log_success "Username validation passed" @@ -263,6 +293,7 @@ log_success "Username validation passed" log "Phase 3: Checking if user already exists" if id "$USERNAME" &>/dev/null; then log_error "Username $USERNAME already exists. Please choose a different username." + echo "ERROR: Username $USERNAME already exists" >&2 exit 1 fi log_success "Username is available for creation" @@ -293,16 +324,28 @@ log_success "Directory setup completed" log "Phase 6: Creating user account" if [ "$SSH_ENABLED" = "true" ]; then log "Creating user with SSH access" - log_cmd "useradd -d $USER_HOME -m -s /bin/bash $USERNAME" "Creating user with bash shell" + if ! log_cmd "useradd -d $USER_HOME -m -s /bin/bash $USERNAME" "Creating user with bash shell"; then + log_error "Failed to create user account with SSH access" + echo "ERROR: Failed to create user account with SSH access" >&2 + exit 1 + fi else log "Creating user with SFTP-only access" - log_cmd "useradd -d $USER_HOME -m -s /sbin/nologin $USERNAME" "Creating user with nologin shell" + if ! log_cmd "useradd -d $USER_HOME -m -s /sbin/nologin $USERNAME" "Creating user with nologin shell"; then + log_error "Failed to create user account with SFTP-only access" + echo "ERROR: Failed to create user account with SFTP-only access" >&2 + exit 1 + fi fi log_success "User account created" # Set password log "Phase 7: Setting user password" -log_cmd "echo '$USERNAME:$PASSWORD' | chpasswd" "Setting user password" +if ! log_cmd "echo '$USERNAME:$PASSWORD' | chpasswd" "Setting user password"; then + log_error "Failed to set password for user $USERNAME" + echo "ERROR: Failed to set password for user $USERNAME" >&2 + exit 1 +fi log_success "Password set for user $USERNAME" # Set up proper directory structure for chroot jail @@ -317,12 +360,30 @@ log_cmd "chmod 775 $USER_HOME/data" "Setting permissions for data directory" # Create mount point for webroot (using bind mount instead of symlink) log "Phase 9: Setting up webroot access via bind mount" -log_cmd "mkdir -p $USER_HOME/data/ROOT" "Creating ROOT mount point" -log_cmd "mount --bind $ROOT_DIRECTORY $USER_HOME/data/ROOT" "Binding webroot to user's ROOT directory" +if ! log_cmd "mkdir -p $USER_HOME/data/ROOT" "Creating ROOT mount point"; then + log_error "Failed to create ROOT mount point directory" + echo "ERROR: Failed to create ROOT mount point directory" >&2 + exit 1 +fi + +# Check if ROOT_DIRECTORY exists before mounting +if [ ! -d "$ROOT_DIRECTORY" ]; then + log_error "Root directory $ROOT_DIRECTORY does not exist" + echo "ERROR: Root directory $ROOT_DIRECTORY does not exist" >&2 + exit 1 +fi + +if ! log_cmd "mount --bind $ROOT_DIRECTORY $USER_HOME/data/ROOT" "Binding webroot to user's ROOT directory"; then + log_error "Failed to create bind mount for webroot access" + echo "ERROR: Failed to create bind mount for webroot access" >&2 + exit 1 +fi # Add mount to fstab to persist across reboots if ! grep -q "$ROOT_DIRECTORY $USER_HOME/data/ROOT" /etc/fstab; then - log_cmd "echo \"$ROOT_DIRECTORY $USER_HOME/data/ROOT none bind 0 0\" >> /etc/fstab" "Adding bind mount to fstab" + if ! log_cmd "echo \"$ROOT_DIRECTORY $USER_HOME/data/ROOT none bind 0 0\" >> /etc/fstab" "Adding bind mount to fstab"; then + log_warning "Failed to add bind mount to fstab - mount may not persist across reboots" + fi fi log_success "Created bind mount for webroot access" diff --git a/debug-sftp.sh b/debug-sftp.sh new file mode 100644 index 0000000..9b76705 --- /dev/null +++ b/debug-sftp.sh @@ -0,0 +1,71 @@ +#!/bin/bash + +echo "=== SFTP Addon Debug Script ===" +echo "Timestamp: $(date)" +echo + +echo "=== Environment Checks ===" +echo "Operating System: $(cat /etc/os-release | grep PRETTY_NAME | cut -d= -f2 | tr -d '\"')" +echo "Kernel: $(uname -r)" +echo "User running script: $(whoami)" +echo "Current directory: $(pwd)" +echo + +echo "=== Directory Checks ===" +echo "Web root exists: $([ -d '/var/www/webroot/ROOT' ] && echo 'YES' || echo 'NO')" +echo "SFTP users dir exists: $([ -d '/home/sftpusers' ] && echo 'YES' || echo 'NO')" +echo "Addon directory exists: $([ -d '/home/jelastic/add-sftp-user-addon' ] && echo 'YES' || echo 'NO')" +echo "Logs directory exists: $([ -d '/home/jelastic/add-sftp-user-addon/logs' ] && echo 'YES' || echo 'NO')" +echo + +echo "=== File Permissions ===" +echo "/home permissions: $(stat -c '%a %U:%G' /home)" +echo "/home/sftpusers permissions: $([ -d '/home/sftpusers' ] && stat -c '%a %U:%G' /home/sftpusers || echo 'Directory does not exist')" +echo "/var/www/webroot/ROOT permissions: $([ -d '/var/www/webroot/ROOT' ] && stat -c '%a %U:%G' /var/www/webroot/ROOT || echo 'Directory does not exist')" +echo + +echo "=== Command Availability ===" +echo "useradd: $(which useradd || echo 'NOT FOUND')" +echo "chpasswd: $(which chpasswd || echo 'NOT FOUND')" +echo "mount: $(which mount || echo 'NOT FOUND')" +echo "sshd: $(which sshd || echo 'NOT FOUND')" +echo + +echo "=== SSH Configuration ===" +echo "SSH service status: $(systemctl is-active sshd)" +echo "SSH config test: $(sshd -t 2>&1 && echo 'VALID' || echo 'INVALID')" +echo "SFTP subsystem configured: $(grep -q 'Subsystem.*sftp' /etc/ssh/sshd_config && echo 'YES' || echo 'NO')" +echo "Match Group sftpusers configured: $(grep -q 'Match Group sftpusers' /etc/ssh/sshd_config && echo 'YES' || echo 'NO')" +echo + +echo "=== Group Information ===" +echo "sftpusers group exists: $(getent group sftpusers >/dev/null && echo 'YES' || echo 'NO')" +echo "litespeed group exists: $(getent group litespeed >/dev/null && echo 'YES' || echo 'NO')" +echo + +echo "=== Recent Logs ===" +if [ -f "/home/jelastic/add-sftp-user-addon/logs/script_output.log" ]; then + echo "Last 10 lines from script_output.log:" + tail -10 /home/jelastic/add-sftp-user-addon/logs/script_output.log +else + echo "No script output log found" +fi +echo + +if [ -f "/home/jelastic/add-sftp-user-addon/logs/errors.log" ]; then + echo "Last 5 lines from errors.log:" + tail -5 /home/jelastic/add-sftp-user-addon/logs/errors.log +else + echo "No error log found" +fi +echo + +echo "=== Existing SFTP Users ===" +if [ -d "/home/sftpusers" ]; then + ls -la /home/sftpusers/ | head -20 +else + echo "No SFTP users directory found" +fi + +echo +echo "=== Debug Script Complete ===" \ No newline at end of file diff --git a/manifest.jps b/manifest.jps index cdd4ab9..ab6dc14 100644 --- a/manifest.jps +++ b/manifest.jps @@ -168,34 +168,35 @@ actions: - cmd[cp]: user: root commands: |- - # Run the script directly capturing only the variables we need + # Create unique log file for this operation OUTPUT_LOG="/home/jelastic/add-sftp-user-addon/logs/user_creation-$(date +%Y%m%d%H%M%S).log" touch "$OUTPUT_LOG" - # Run the script with all output going to the log file - source /home/jelastic/add-sftp-user-addon/add-sftp.sh ${globals.username} ${globals.password} ${globals.ssh_enabled} > "$OUTPUT_LOG" 2>&1 + # Execute the script and capture exit status + /home/jelastic/add-sftp-user-addon/add-sftp.sh "${globals.username}" "${globals.password}" "${globals.ssh_enabled}" >> "$OUTPUT_LOG" 2>&1 + SCRIPT_EXIT_STATUS=$? - # Export only username - no other output - if [ -n "$CREATED_USERNAME" ]; then - echo "$CREATED_USERNAME" + # Log the exit status + echo "Script exit status: $SCRIPT_EXIT_STATUS" >> "$OUTPUT_LOG" + + # Check if script succeeded + if [ $SCRIPT_EXIT_STATUS -eq 0 ]; then + echo "SUCCESS: User ${globals.username} created successfully" + exit 0 else - # Fallback to the original username if variable not set - echo "${globals.username}" + echo "ERROR: Script failed with exit status $SCRIPT_EXIT_STATUS" + # Output last 10 lines of log for debugging + echo "Last 10 lines of log:" + tail -10 "$OUTPUT_LOG" + exit $SCRIPT_EXIT_STATUS fi + - if ("${response.exitStatus}" != "0"): + return: + type: error + message: "Failed to create SFTP user ${globals.username}. Error details: ${response.out}" - setGlobals: - username: ${response.out} - - cmd[cp]: - user: root - commands: |- - # Export only password - no other output - if [ -n "$CREATED_PASSWORD" ]; then - echo "$CREATED_PASSWORD" - else - # Fallback to the original password if variable not set - echo "${globals.password}" - fi - - setGlobals: - password: ${response.out} + username: ${globals.username} + password: ${globals.password} - return: type: info message: "Connection Details\n\nSFTP Host: ${globals.sftpHost}\n\nPort: ${globals.sftpPort}\n\nLogin Credentials\n\nUsername: ${globals.username}\n\nPassword: ${globals.password}\n\nNotes:\n- Files are accessible at /data/ROOT inside your SFTP session\n- If you enabled SSH access, you can also log in via SSH"