2 #~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
4 shell = None # set to "/bin/bash" or similar to allow shell access
5 allowCommands = ["scp", "rsync", "/usr/lib/openssh/sftp-server"]
6 commandPaths = ["/usr/bin", "/bin"]
9 #~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
10 # DO NOT TOUCH ANYTHING BELOW THIS LINE
12 import logging, logging.handlers
13 import os, sys, shlex, pwd
15 logger = logging.getLogger("schsh")
16 logger.setLevel(logging.INFO)
17 logger.addHandler(logging.handlers.SysLogHandler(address = '/dev/log',
18 facility = logging.handlers.SysLogHandler.LOG_AUTH))
21 return pwd.getpwuid(os.getuid()).pw_name
23 def log(msg, lvl = logging.INFO):
24 logger.log(lvl, "%s[%d]: <%s> %s" % ("schsh", os.getpid(), get_username(), msg))
27 log(msg, logging.ERROR)
31 if prog.startswith("/"):
33 # look for it in the paths
34 for path in commandPaths:
35 fullprog = os.path.join(path, prog)
36 if os.path.exists(fullprog):
42 if len(sys.argv) == 1:
44 print "No shell for you!"
45 logquit("Shell access not allowed")
48 elif len(sys.argv) == 3 and sys.argv[1] == "-c":
49 # check if the command is allowed, and add path
50 run = shlex.split(sys.argv[2])
51 if len(run) > 0 and run[0] in allowCommands:
52 run[0] = addPath(run[0])
53 log("Running '"+str(run)+"'")
55 print "You are not allowed to run this command."
56 logquit("Attempt to run invalid command '"+sys.argv[2]+"'")
58 logquit("Invalid arguments for schsh: "+str(sys.argv))
61 os.execl("/usr/bin/schroot", "/usr/bin/schroot", "-c", "user-"+get_username(), "-d", "/data", "--", *run)