github/vesta
1
0
Fork 0
mirror of https://github.com/serghey-rodin/vesta.git synced 2025-08-21 05:44:07 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

prevent users to have access to alien home dirs

Browse source
This commit is contained in:
markus 2019-04-09 13:57:57 +03:00
commit 644762f87c
1 changed files with 6 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

8
bin/v-add-user
View file

@ -47,6 +47,9 @@ is_package_valid
# Action # # Action #
#----------------------------------------------------------# #----------------------------------------------------------#
# create secure group if not exist. Users in the group can not access to alien home directories.
grep -q "^vstsecure:" /etc/group || groupadd --system vstsecure
# Parsing package data # Parsing package data
pkg_data=$(cat $VESTA/data/packages/$package.pkg |egrep -v "TIME|DATE") pkg_data=$(cat $VESTA/data/packages/$package.pkg |egrep -v "TIME|DATE")
@ -55,7 +58,7 @@ shell_conf=$(echo "$pkg_data" | grep 'SHELL' | cut -f 2 -d \')
shell=$(grep -w "$shell_conf" /etc/shells |head -n1) shell=$(grep -w "$shell_conf" /etc/shells |head -n1)
# Adding user # Adding user
/usr/sbin/useradd "$user" -s "$shell" -c "$email" -m -d "$HOMEDIR/$user" /usr/sbin/useradd "$user" -s "$shell" -c "$email" -G vstsecure -m -d "$HOMEDIR/$user"
check_result $? "user creation failed" $E_INVALID check_result $? "user creation failed" $E_INVALID
# Adding password # Adding password
@ -83,7 +86,8 @@ if [ ! -z "$DNS_SYSTEM" ]; then
fi fi
# Set permissions # Set permissions
chmod a+x $HOMEDIR/$user chgrp vstsecure $HOMEDIR/$user
chmod a+x,g-rwx $HOMEDIR/$user
chattr +i $HOMEDIR/$user/conf chattr +i $HOMEDIR/$user/conf