ingmarioalberto · January 22, 2025 03:18
diff --git a/gistfile1.txt b/gistfile1.txt
 step zero: maybe you should create groups to match users if not already created.

 First we need to add users, and most users will ask you to create those users with certain uid, gid, etc, in this case my user ask me to import this file:
 ----cut here----
 pt001:x:1101:1100:Some comment about this user pte:/dirhome/ptuserone:/bin/bash
 pt002:x:1102:1100:Some comment about this user another user:/home/ptusertwo:/sbin/nologin
 ...
 ...
 ...
 ----cut here----
 So we build this importer for these kind of user's proactivities

 usage:
 bash importer-etc-passwd-and-sftp-jail.sh user-generated-etc-passwd-file.txt

 at the end, you just need to copy and paste some outputted text to /etc/ssh/sshd_config at the very end.
 (do not forget to restart sshd server)

diff --git a/importer-etc-passwd-and-sftp-jail.sh b/importer-etc-passwd-and-sftp-jail.sh
 #!/bin/bash

 function sshd_modify_match {
 echo "1:$1"
 echo "2:$2"
 echo "3:$3"
 echo "Match User $1
    ChrootDirectory $2
    ForceCommand internal-sftp
    AllowTcpForwarding no
    X11Forwarding no" | tee -a $3
 }
 function myuseradd {
 	echo useradd -u $2 -g $3 -c "$4" -m "$5" -s "$6" $1
 	stat ${home} || mkdir -p ${home}
 	useradd -u $2 -g $3 -c "$4" -m -d "$5" -s "$6" $1
 	grpname=$(groups "$1" | cut -d ":" -f2 | awk '{print $1}')
 	chown root.root "$5"
 	chmod 750 "$5"
 	setfacl -m u:$1:rwX "$5"
 	sshd_modify_match "$1" "$5" "$7"
 }
 TEMP=$(mktemp)
 while read LINE; do
 	user=$(echo ${LINE} | cut -d ":" -f1)
 	 uid=$(echo ${LINE} | cut -d ":" -f3)
 	 gid=$(echo ${LINE} | cut -d ":" -f4)
 	 fng=$(echo ${LINE} | cut -d ":" -f5)
 	home=$(echo ${LINE} | cut -d ":" -f6)
 	 shl=$(echo ${LINE} | cut -d ":" -f7)
 	#grep -e "${user}" /etc/passwd && echo "user already exists ${user}" || 
 	myuseradd ${user} $uid $gid "${fng}" "${home}" $shl $TEMP
 done < $1
 echo "------cut here and paste into /etc/ssh/sshd_config----"
 echo "Subsystem sftp internal-sftp"
 cat $TEMP
	step zero: maybe you should create groups to match users if not already created.

	First we need to add users, and most users will ask you to create those users with certain uid, gid, etc, in this case my user ask me to import this file:
	----cut here----
	pt001:x:1101:1100:Some comment about this user pte:/dirhome/ptuserone:/bin/bash
	pt002:x:1102:1100:Some comment about this user another user:/home/ptusertwo:/sbin/nologin
	...
	...
	...
	----cut here----
	So we build this importer for these kind of user's proactivities

	usage:
	bash importer-etc-passwd-and-sftp-jail.sh user-generated-etc-passwd-file.txt

	at the end, you just need to copy and paste some outputted text to /etc/ssh/sshd_config at the very end.
	(do not forget to restart sshd server)
	#!/bin/bash

	function sshd_modify_match {
	echo "1:$1"
	echo "2:$2"
	echo "3:$3"
	echo "Match User $1
	ChrootDirectory $2
	ForceCommand internal-sftp
	AllowTcpForwarding no
	X11Forwarding no" \| tee -a $3
	}
	function myuseradd {
	echo useradd -u $2 -g $3 -c "$4" -m "$5" -s "$6" $1
	stat ${home} \|\| mkdir -p ${home}
	useradd -u $2 -g $3 -c "$4" -m -d "$5" -s "$6" $1
	grpname=$(groups "$1" \| cut -d ":" -f2 \| awk '{print $1}')
	chown root.root "$5"
	chmod 750 "$5"
	setfacl -m u:$1:rwX "$5"
	sshd_modify_match "$1" "$5" "$7"
	}
	TEMP=$(mktemp)
	while read LINE; do
	user=$(echo ${LINE} \| cut -d ":" -f1)
	uid=$(echo ${LINE} \| cut -d ":" -f3)
	gid=$(echo ${LINE} \| cut -d ":" -f4)
	fng=$(echo ${LINE} \| cut -d ":" -f5)
	home=$(echo ${LINE} \| cut -d ":" -f6)
	shl=$(echo ${LINE} \| cut -d ":" -f7)
	#grep -e "${user}" /etc/passwd && echo "user already exists ${user}" \|\|
	myuseradd ${user} $uid $gid "${fng}" "${home}" $shl $TEMP
	done < $1
	echo "------cut here and paste into /etc/ssh/sshd_config----"
	echo "Subsystem sftp internal-sftp"
	cat $TEMP