57 lines
1.6 KiB
Bash
Executable file
57 lines
1.6 KiB
Bash
Executable file
#!/bin/bash
|
|
|
|
# Exit immediately if a command exits with a non-zero status
|
|
set -e
|
|
|
|
# Check if script is run as root
|
|
if [ "$EUID" -ne 0 ]; then
|
|
echo "Please run as root or with sudo"
|
|
exit 1
|
|
fi
|
|
|
|
# Name of the new group
|
|
NEW_GROUP="websftpusers"
|
|
|
|
# Create the new group
|
|
if ! getent group $NEW_GROUP > /dev/null 2>&1; then
|
|
groupadd $NEW_GROUP
|
|
echo "Group $NEW_GROUP created successfully."
|
|
else
|
|
echo "Group $NEW_GROUP already exists."
|
|
fi
|
|
|
|
# Check if sshd_config.d directory exists, create if it doesn't
|
|
SSHD_CONFIG_DIR="/etc/ssh/sshd_config.d"
|
|
if [ ! -d "$SSHD_CONFIG_DIR" ]; then
|
|
mkdir -p "$SSHD_CONFIG_DIR"
|
|
echo "Created $SSHD_CONFIG_DIR directory."
|
|
|
|
# Ensure the main sshd_config includes the .d directory
|
|
if ! grep -q "Include /etc/ssh/sshd_config.d/\*.conf" /etc/ssh/sshd_config; then
|
|
echo "Include /etc/ssh/sshd_config.d/*.conf" >> /etc/ssh/sshd_config
|
|
echo "Added include directive to main sshd_config."
|
|
fi
|
|
fi
|
|
|
|
# Create a new configuration file for websftpusers
|
|
CONFIG_FILE="$SSHD_CONFIG_DIR/websftpusers.conf"
|
|
|
|
cat << EOF > "$CONFIG_FILE"
|
|
# Configuration for $NEW_GROUP
|
|
Match Group $NEW_GROUP
|
|
ChrootDirectory %h
|
|
ForceCommand internal-sftp
|
|
PasswordAuthentication yes
|
|
PermitTunnel no
|
|
AllowAgentForwarding no
|
|
AllowTcpForwarding no
|
|
X11Forwarding no
|
|
EOF
|
|
|
|
echo "Created $CONFIG_FILE with $NEW_GROUP configuration."
|
|
|
|
# Restart SSH service to apply changes
|
|
systemctl restart ssh
|
|
echo "SSH service restarted to apply changes."
|
|
|
|
echo "Setup complete. New group $NEW_GROUP has been created and SSHD configured for SFTP access."
|