Skip to content

Commit e88cf08

Browse files
rjd22jaapmarcus
rjd22
and
jaapmarcus
authored
Remove jailed and add migration script to manually migrate beta servers (hestiacp#4698)
* Remove jailed and add migration script to manually migrate beta servers * Update header of file --------- Co-authored-by: Jaap Marcus <9754650+jaapmarcus@users.noreply.github.com>
1 parent e6b5565 commit e88cf08

28 files changed

+180
-701
lines changed

bin/v-add-sys-ssh-jail

Lines changed: 0 additions & 72 deletions
Original file line numberDiff line numberDiff line change
@@ -18,17 +18,10 @@ source $HESTIA/func/main.sh
1818
# load config file
1919
source_conf "$HESTIA/conf/hestia.conf"
2020

21-
restart=$1
22-
2321
#----------------------------------------------------------#
2422
# Verifications #
2523
#----------------------------------------------------------#
2624

27-
# Checking if jailkit is installed
28-
if [ ! -x /sbin/jk_init ]; then
29-
exit
30-
fi
31-
3225
# Checking if bubblewrap is installed
3326
if [ ! -x /bin/bwrap ]; then
3427
exit
@@ -55,71 +48,6 @@ if [ -z "$(grep ^/usr/sbin/jailbash /etc/shells)" ]; then
5548
echo "/usr/sbin/jailbash" >> /etc/shells
5649
fi
5750

58-
# Checking sshd directives
59-
config='/etc/ssh/sshd_config'
60-
ssh_i=$(grep -n "^# Hestia SSH Chroot" $config)
61-
62-
# Enabling jailed ssh
63-
if [ -z "$ssh_i" ]; then
64-
echo " " >> $config
65-
echo "# Hestia SSH Chroot" >> $config
66-
echo "Match Group ssh-jailed" >> $config
67-
echo " ChrootDirectory /srv/jail/%u" >> $config
68-
echo " X11Forwarding no" >> $config
69-
echo " AllowTCPForwarding no" >> $config
70-
restart='yes'
71-
fi
72-
73-
# Validating opensshd config
74-
if [ "$restart" = 'yes' ]; then
75-
subj="OpenSSH restart failed"
76-
email=$(grep CONTACT "$HESTIA/data/users/$ROOT_USER/user.conf" | cut -f 2 -d \')
77-
/usr/sbin/sshd -t > /dev/null 2>&1
78-
if [ "$?" -ne 0 ]; then
79-
mail_text="OpenSSH can not be restarted. Please check config:
80-
\n\n$(/usr/sbin/sshd -t)"
81-
echo -e "$mail_text" | $SENDMAIL -s "$subj" $email
82-
else
83-
service sshd restart > /dev/null 2>&1
84-
fi
85-
fi
86-
87-
# Adding group
88-
groupadd ssh-jailed 2> /dev/null
89-
90-
# Checking jailkit init
91-
jk_init='/etc/jailkit/jk_init.ini'
92-
jk_php_i=$(grep -n "^# Hestia Jail Settings" $jk_init)
93-
94-
# Add PHP to jailkit init to allow usage of it within jail
95-
if [ -z "$jk_php_i" ]; then
96-
cp -f $HESTIA_COMMON_DIR/jailkit/jk_init.ini /etc/jailkit
97-
fi
98-
99-
# Restart ssh service
100-
if [ "$restart" = 'no' ]; then
101-
# Skip restart of SSH daemon
102-
echo "" > /dev/null 2>&1
103-
else
104-
service ssh restart > /dev/null 2>&1
105-
fi
106-
107-
# Jails need maintenance to update the binaries within the jail. To do so we just reset the chroot
108-
# and reapply the jail
109-
for user in $("$BIN/v-list-users" list); do
110-
check_jail_enabled=$(grep "SHELL_JAIL_ENABLED='yes'" $HESTIA/data/users/$user/user.conf)
111-
112-
# If jail enabled try to jail the user
113-
if [ -n "$check_jail_enabled" ]; then
114-
$BIN/v-add-user-ssh-jail "$user" "no"
115-
fi
116-
done
117-
118-
# Add v-add-sys-ssh-jail to startup
119-
if [ ! -e "/etc/cron.d/hestia-ssh-jail" ]; then
120-
echo "@reboot root sleep 60 && /usr/local/hestia/bin/v-add-sys-ssh-jail > /dev/null" > /etc/cron.d/hestia-ssh-jail
121-
fi
122-
12351
#----------------------------------------------------------#
12452
# Hestia #
12553
#----------------------------------------------------------#

bin/v-add-user

Lines changed: 0 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -75,7 +75,6 @@ pkg_data=$(cat $HESTIA/data/packages/$package.pkg | egrep -v "TIME|DATE")
7575

7676
# Checking shell
7777
shell_conf=$(echo "$pkg_data" | grep -m1 'SHELL' | cut -f 2 -d \')
78-
jail_enabled=$(echo "$pkg_data" | grep -m1 'SHELL_JAIL_ENABLED' | cut -f 2 -d \')
7978
resource_enaled=$(echo "$pkg_data" | grep -m1 'RESOURCES_LIMIT' | cut -f 2 -d \')
8079
disk_quota_enabled=$(echo "$pkg_data" | grep -m1 'DISK_QUOTA' | cut -f 2 -d \')
8180
shell=$(grep -w "$shell_conf" /etc/shells | head -n1)
@@ -289,11 +288,6 @@ fi
289288
# Adding jailed sftp env
290289
$BIN/v-add-user-sftp-jail $user
291290

292-
# Adding jailed ssh env
293-
if [ "$jail_enabled" = 'yes' ]; then
294-
$BIN/v-add-user-ssh-jail $user
295-
fi
296-
297291
#----------------------------------------------------------#
298292
# Hestia #
299293
#----------------------------------------------------------#

bin/v-add-user-package

Lines changed: 0 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -94,7 +94,6 @@ is_package_consistent() {
9494
fi
9595

9696
is_format_valid_shell "$SHELL"
97-
is_boolean_format_valid "$SHELL_JAIL_ENABLED" 'SHELL_JAIL_ENABLED'
9897
}
9998

10099
#----------------------------------------------------------#
@@ -150,7 +149,6 @@ SWAP_LIMIT='$SWAP_LIMIT'
150149
BANDWIDTH='$BANDWIDTH'
151150
NS='$NS'
152151
SHELL='$SHELL'
153-
SHELL_JAIL_ENABLED='$SHELL_JAIL_ENABLED'
154152
BACKUPS='$BACKUPS'
155153
BACKUPS_INCREMENTAL='$BACKUP_INCREMENTAL'
156154
TIME='$time'

bin/v-add-user-ssh-jail

Lines changed: 0 additions & 109 deletions
This file was deleted.

bin/v-change-user-package

Lines changed: 1 addition & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -103,7 +103,6 @@ SWAP_LIMIT='$SWAP_LIMIT'
103103
BANDWIDTH='$BANDWIDTH'
104104
NS='$NS'
105105
SHELL='$SHELL'
106-
SHELL_JAIL_ENABLED='$SHELL_JAIL_ENABLED'
107106
BACKUPS='$BACKUPS'
108107
BACKUPS_INCREMENTAL='$BACKUPS_INCREMENTAL'
109108
CONTACT='$CONTACT'
@@ -176,8 +175,7 @@ change_user_package
176175

177176
# Update user shell
178177
shell_conf=$(cat "$HESTIA/data/packages/$package.pkg" | grep -m1 'SHELL' | cut -f 2 -d \')
179-
shell_jail_enabled_conf=$(cat "$HESTIA/data/packages/$package.pkg" | grep 'SHELL_JAIL_ENABLED' | cut -f 2 -d \')
180-
$BIN/v-change-user-shell "$user" "$shell_conf" "$shell_jail_enabled_conf"
178+
$BIN/v-change-user-shell "$user" "$shell_conf"
181179

182180
# Run template trigger
183181
if [ -x "$HESTIA/data/packages/$package.sh" ]; then

bin/v-change-user-shell

Lines changed: 4 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -1,8 +1,8 @@
11
#!/bin/bash
22
# info: change user shell
3-
# options: USER SHELL JAIL_ENABLED
3+
# options: USER SHELL
44
#
5-
# example: v-change-user-shell admin nologin no
5+
# example: v-change-user-shell admin nologin
66
#
77
# This function changes system shell of a user. Shell gives ability to use ssh.
88

@@ -13,7 +13,6 @@
1313
# Argument definition
1414
user=$1
1515
shell=$2
16-
shell_jail_enabled=${3-no}
1716

1817
# Includes
1918
# shellcheck source=/etc/hestiacp/hestia.conf
@@ -27,15 +26,11 @@ source $HESTIA/conf/hestia.conf
2726
# Verifications #
2827
#----------------------------------------------------------#
2928

30-
check_args '2' "$#" 'USER SHELL SHELL_JAIL_ENABLED'
31-
is_format_valid 'user' 'shell shell_jail_enabled'
29+
check_args '2' "$#" 'USER SHELL'
30+
is_format_valid 'user' 'shell'
3231
is_object_valid 'user' 'USER' "$user"
3332
is_object_unsuspended 'user' 'USER' "$user"
3433

35-
if [[ "$shell" =~ nologin ]] || [[ "$shell" =~ rssh ]] && [[ "$shell_jail_enabled" =~ yes ]]; then
36-
check_result "$E_INVALID" "nologin and rssh can't be jailed"
37-
fi
38-
3934
# Perform verification if read-only mode is enabled
4035
check_hestia_demo_mode
4136

@@ -57,13 +52,6 @@ else
5752
$BIN/v-delete-user-sftp-jail "$user" > /dev/null 2>&1
5853
fi
5954

60-
# Adding jailed ssh env
61-
if [[ "$shell_jail_enabled" =~ yes ]]; then
62-
$BIN/v-add-user-ssh-jail "$user" > /dev/null 2>&1
63-
else
64-
$BIN/v-delete-user-ssh-jail "$user" > /dev/null 2>&1
65-
fi
66-
6755
#----------------------------------------------------------#
6856
# Hestia #
6957
#----------------------------------------------------------#

bin/v-delete-sys-ssh-jail

Lines changed: 0 additions & 32 deletions
Original file line numberDiff line numberDiff line change
@@ -40,38 +40,6 @@ if [ -x /usr/sbin/jailbash ]; then
4040
service apparmor reload > /dev/null 2>&1
4141
fi
4242

43-
# Checking sshd directives
44-
config='/etc/ssh/sshd_config'
45-
ssh_i=$(grep -n "^# Hestia SSH Chroot" $config)
46-
47-
# Backing up config
48-
cp $config $config.bak
49-
50-
# Disabling jailed ssh
51-
if [ -n "$ssh_i" ]; then
52-
fline=$(echo "$ssh_i" | cut -f 1 -d :)
53-
lline=$((fline + 4))
54-
sed -i "${fline},${lline}d" $config
55-
restart='yes'
56-
fi
57-
58-
# Validating opensshd config
59-
if [ "$restart" = 'yes' ]; then
60-
subj="OpenSSH restart failed"
61-
email=$(grep CONTACT "$HESTIA/data/users/$ROOT_USER/user.conf" | cut -f 2 -d \')
62-
/usr/sbin/sshd -t > /dev/null 2>&1
63-
if [ "$?" -ne 0 ]; then
64-
mail_text="OpenSSH can not be restarted. Please check config:
65-
\n\n$(/usr/sbin/sshd -t)"
66-
echo -e "$mail_text" | $SENDMAIL -s "$subj" $email
67-
else
68-
service sshd restart > /dev/null 2>&1
69-
fi
70-
fi
71-
72-
# Remove group ssh-jailed
73-
groupdel ssh-jailed 2> /dev/null
74-
7543
#----------------------------------------------------------#
7644
# Hestia #
7745
#----------------------------------------------------------#

bin/v-delete-user

Lines changed: 0 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -89,9 +89,6 @@ sed -i "/ $user$/d" "$HESTIA/data/queue/traffic.pipe"
8989
# Deleting sftp jail
9090
$BIN/v-delete-user-sftp-jail "$user"
9191

92-
# Deleting ssh jail
93-
$BIN/v-delete-user-ssh-jail "$user"
94-
9592
# Deleting system user
9693
/usr/sbin/userdel -f "$user" >> /dev/null 2>&1
9794
if [ $? -ne 0 ]; then

0 commit comments

Comments
 (0)