From: Ralf Jung Date: Sat, 22 Feb 2014 10:25:20 +0000 (+0100) Subject: use rrsync to restrict rsync access X-Git-Url: https://git.ralfj.de/schsh.git/commitdiff_plain/9e146c79ee753130f6cd89009d3b6057f96ca111?ds=sidebyside;hp=5271c7e79fc1c1250a9c9d20f461638b8cb1f44a use rrsync to restrict rsync access --- diff --git a/Makefile b/Makefile index 83397e7..531c14f 100644 --- a/Makefile +++ b/Makefile @@ -2,7 +2,7 @@ TARGET := /usr/local SCHROOT := /etc/schroot install: - install -o root -g root schsh makeschsh $(TARGET)/bin/ + install -o root -g root schsh makeschsh schsh-rrsync $(TARGET)/bin/ install -o root -g root -d $(SCHROOT)/schsh/ install -o root -g root -m 644 schroot/schsh/* $(SCHROOT)/schsh/ install -o root -g root -d /var/lib/schsh/ diff --git a/makeschsh b/makeschsh index 5476687..0c66145 100755 --- a/makeschsh +++ b/makeschsh @@ -35,7 +35,7 @@ setup.fstab=schsh/{0}.fstab # no spaces, schroot does not like them print("# ", file=f) # system folders - for folder in ("/lib", "/lib64", "/usr/bin", "/usr/lib", "/usr/lib64"): + for folder in ("/lib", "/lib64", "/usr/bin", "/usr/lib", "/usr/lib64", "/usr/share/", "/usr/local/bin"): if os.path.exists(folder): print("{0}\t{0}\tnone\trw,bind\t0\t0".format(folder), file=f) # user folder @@ -43,7 +43,7 @@ setup.fstab=schsh/{0}.fstab # setup the schroot directory os.mkdir(chroot) - for folder in ["etc", "dev", "bin", "usr", "data"]: + for folder in ["etc", "dev", "data"]: os.mkdir(os.path.join(chroot, folder)) # setup /etc/passwd and /etc/group diff --git a/schsh b/schsh index f96e695..823eeaa 100755 --- a/schsh +++ b/schsh @@ -1,7 +1,10 @@ #!/usr/bin/python3 +import logging, logging.handlers +import os, sys, shlex, pwd #~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~# # Configuration shell = None # set to "/bin/bash" or similar to allow shell access +rrsync = "/usr/local/bin/schsh-rrsync" # path to the restricted rsync script - if available, it will be used to further restrict rsync access def allowSCP(run, runstr): if len(run) != 3: return False @@ -15,7 +18,11 @@ def allowRSync(run, runstr): if len(run) < 3: return False if run[0] != "rsync": return False if run[1] != "--server": return False - run[0] = "/usr/bin/rsync" + if rrsync is None: + # rrsync is not available, let's hope this is enough protection + run[0] = "/usr/bin/rsync" + return True + run[:] = [rrsync, "/", runstr] # allow access to the entire chroot return True def allowSFTP(run, runstr): @@ -27,8 +34,6 @@ allowCommands = [allowSCP, allowRSync, allowSFTP] #~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~# # DO NOT TOUCH ANYTHING BELOW THIS LINE -import logging, logging.handlers -import os, sys, shlex, pwd logger = logging.getLogger("schsh") logger.setLevel(logging.INFO) diff --git a/schsh-rrsync b/schsh-rrsync old mode 100755 new mode 100644 index bb51629..75c252b --- a/schsh-rrsync +++ b/schsh-rrsync @@ -3,16 +3,16 @@ # Purpose: Restricts rsync to subdirectory declared in .ssh/authorized_keys # Author: Joe Smith 30-Sep-2004 # Modified by: Wayne Davison +# Modified by: Ralf Jung use strict; -use Socket; +# use Socket; use Cwd 'abs_path'; use File::Glob ':glob'; # You may configure these values to your liking. See also the section # of options if you want to disable any options that rsync accepts. use constant RSYNC => '/usr/bin/rsync'; -use constant LOGFILE => 'rrsync.log'; my $Usage = < 1; $short_with_num = "[$short_with_num]" if length($short_with_num) > 1; -my $write_log = -f LOGFILE && open(LOG, '>>', LOGFILE); - -chdir($subdir) or die "$0: Unable to chdir to restricted dir: $!\n"; - my(@opts, @args); my $in_options = 1; my $last_opt = ''; @@ -191,16 +182,6 @@ die "$0: invalid rsync-command syntax or options\n" if $in_options; @args = ( '.' ) if !@args; -if ($write_log) { - my ($mm,$hh) = (localtime)[1,2]; - my $host = $ENV{SSH_CONNECTION} || 'unknown'; - $host =~ s/ .*//; # Keep only the client's IP addr - $host =~ s/^::ffff://; - $host = gethostbyaddr(inet_aton($host),AF_INET) || $host; - printf LOG "%02d:%02d %-13s [%s]\n", $hh, $mm, $host, "@opts @args"; - close LOG; -} - # Note: This assumes that the rsync protocol will not be maliciously hijacked. exec(RSYNC, @opts, @args) or die "exec(rsync @opts @args) failed: $? $!";