SCHROOT := /etc/schroot
install:
- install -o root -g root schsh makeschsh $(TARGET)/bin/
+ install -o root -g root schsh makeschsh schsh-rrsync $(TARGET)/bin/
install -o root -g root -d $(SCHROOT)/schsh/
install -o root -g root -m 644 schroot/schsh/* $(SCHROOT)/schsh/
install -o root -g root -d /var/lib/schsh/
# no spaces, schroot does not like them
print("# <file system> <mount point> <type> <options> <dump> <pass>", file=f)
# system folders
- for folder in ("/lib", "/lib64", "/usr/bin", "/usr/lib", "/usr/lib64"):
+ for folder in ("/lib", "/lib64", "/usr/bin", "/usr/lib", "/usr/lib64", "/usr/share/", "/usr/local/bin"):
if os.path.exists(folder):
print("{0}\t{0}\tnone\trw,bind\t0\t0".format(folder), file=f)
# user folder
# setup the schroot directory
os.mkdir(chroot)
- for folder in ["etc", "dev", "bin", "usr", "data"]:
+ for folder in ["etc", "dev", "data"]:
os.mkdir(os.path.join(chroot, folder))
# setup /etc/passwd and /etc/group
#!/usr/bin/python3
+import logging, logging.handlers
+import os, sys, shlex, pwd
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
# Configuration
shell = None # set to "/bin/bash" or similar to allow shell access
+rrsync = "/usr/local/bin/schsh-rrsync" # path to the restricted rsync script - if available, it will be used to further restrict rsync access
def allowSCP(run, runstr):
if len(run) != 3: return False
if len(run) < 3: return False
if run[0] != "rsync": return False
if run[1] != "--server": return False
- run[0] = "/usr/bin/rsync"
+ if rrsync is None:
+ # rrsync is not available, let's hope this is enough protection
+ run[0] = "/usr/bin/rsync"
+ return True
+ run[:] = [rrsync, "/", runstr] # allow access to the entire chroot
return True
def allowSFTP(run, runstr):
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
# DO NOT TOUCH ANYTHING BELOW THIS LINE
-import logging, logging.handlers
-import os, sys, shlex, pwd
logger = logging.getLogger("schsh")
logger.setLevel(logging.INFO)
# Purpose: Restricts rsync to subdirectory declared in .ssh/authorized_keys
# Author: Joe Smith <js-cgi@inwap.com> 30-Sep-2004
# Modified by: Wayne Davison <wayned@samba.org>
+# Modified by: Ralf Jung <post@ralfj.de>
use strict;
-use Socket;
+# use Socket;
use Cwd 'abs_path';
use File::Glob ':glob';
# You may configure these values to your liking. See also the section
# of options if you want to disable any options that rsync accepts.
use constant RSYNC => '/usr/bin/rsync';
-use constant LOGFILE => 'rrsync.log';
my $Usage = <<EOM;
Use 'command="$0 [-ro] SUBDIR"'
$subdir = abs_path($subdir);
die "$0: Restricted directory does not exist!\n" if $subdir ne '/' && !-d $subdir;
-# The client uses "rsync -av -e ssh src/ server:dir/", and sshd on the server
-# executes this program when .ssh/authorized_keys has 'command="..."'.
-# For example:
-# command="rrsync logs/client" ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAzGhEeNlPr...
-# command="rrsync -ro results" ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAmkHG1WCjC...
-#
-# Format of the environment variables set by sshd:
-# SSH_ORIGINAL_COMMAND=rsync --server -vlogDtpr --partial . ARG # push
-# SSH_ORIGINAL_COMMAND=rsync --server --sender -vlogDtpr --partial . ARGS # pull
-# SSH_CONNECTION=client_addr client_port server_port
-
-my $command = $ENV{SSH_ORIGINAL_COMMAND};
+# The client uses "rsync -av -e ssh src/ server:dir/", and schsh makes the entire rsync call
+# the third argument to rrsnc: rrsync (-ro)? SUBDIR COMMAND
+# Format of the COMMAND:
+# COMMAND=rsync --server -vlogDtpr --partial . ARG # push
+# COMMAND=rsync --server --sender -vlogDtpr --partial . ARGS # pull
+
+my $command = shift;
die "$0: Not invoked via sshd\n$Usage" unless defined $command;
die "$0: SSH_ORIGINAL_COMMAND='$command' is not rsync\n" unless $command =~ s/^rsync\s+//;
die "$0: --server option is not first\n" unless $command =~ /^--server\s/;
$short_no_arg = "[$short_no_arg]" if length($short_no_arg) > 1;
$short_with_num = "[$short_with_num]" if length($short_with_num) > 1;
-my $write_log = -f LOGFILE && open(LOG, '>>', LOGFILE);
-
-chdir($subdir) or die "$0: Unable to chdir to restricted dir: $!\n";
-
my(@opts, @args);
my $in_options = 1;
my $last_opt = '';
@args = ( '.' ) if !@args;
-if ($write_log) {
- my ($mm,$hh) = (localtime)[1,2];
- my $host = $ENV{SSH_CONNECTION} || 'unknown';
- $host =~ s/ .*//; # Keep only the client's IP addr
- $host =~ s/^::ffff://;
- $host = gethostbyaddr(inet_aton($host),AF_INET) || $host;
- printf LOG "%02d:%02d %-13s [%s]\n", $hh, $mm, $host, "@opts @args";
- close LOG;
-}
-
# Note: This assumes that the rsync protocol will not be maliciously hijacked.
exec(RSYNC, @opts, @args) or die "exec(rsync @opts @args) failed: $? $!";