From 59d8d66763075b91f39d35a3c314173140143384 Mon Sep 17 00:00:00 2001 From: John Mertz Date: Thu, 30 Jun 2022 20:48:51 +0000 Subject: [PATCH] Various fixes to installer Fix permissions. Add SSH configuration Fix shell path Fix recursion issue with symlinks (not relevant with current source) Should now be possible to clone, run `./install.pl server` and have a working chroot/ssh login. --- install.pl | 33 +++++++++++++++++++++++++++------ 1 file changed, 27 insertions(+), 6 deletions(-) diff --git a/install.pl b/install.pl index 6d3b8c6..13d257a 100755 --- a/install.pl +++ b/install.pl @@ -13,7 +13,8 @@ if (scalar(@ARGV) != 1) { } elsif ($ARGV[0] eq 'server') { if (-d $server_dir) { print("Installation appears to already exist. Would you like it to be removed and -replaced? All existing password information will be lost. "); +replaced? All existing password information will be lost. You should back up +/var/pgen/data if you would like to maintain your passwords."); my $selection; do { print("[y/N]? "); @@ -35,6 +36,8 @@ replaced? All existing password information will be lost. "); ); if (detect_server()) { $removed{'server'} = remove_server(); + print("Reloading SSH Daemon\n"); + system('systemctl restart sshd'); } if (detect_client()) { $removed{'client'} = remove_client(); @@ -98,9 +101,11 @@ sub install_server if ($_ =~ m#^\s+([^\ ]+)\ =>\ (\/[^\/]+)((?:\/[^\/]*)*)\/([^\/]+) \(.*#) { print "Copying ${2}${3}/${4} to ${server_dir}${2}/${4}\n"; copy("${2}${3}/${4}","${server_dir}${2}/${4}"); + chmod(0755, "${server_dir}${2}/${4}"); } elsif ($_ =~ m#^\s+(\/[^\/]+)((?:\/[^\/]*)*)\/([^\/]+) \(.*#) { print "Copying ${1}${2}/${3} to ${server_dir}${1}/${3}\n"; copy("${1}${2}/${3}","${server_dir}${1}/${3}"); + chmod(0755, "${server_dir}${1}/${3}"); } else { print "skipping $_\n"; } @@ -112,8 +117,22 @@ sub install_server chmod(0755, "${server_dir}/bin/pgen"); print("Configuring user 'pgen'\n"); system("useradd -d $server_dir pgen"); - system("usermod -s $server_dir/bin/pgen pgen"); + system("usermod -s /bin/pgen pgen"); add_key(); + unless(-e '/etc/ssh/sshd_config.d') { + mkdir('/etc/ssh/sshd_config.d'); + } + if (open(my $fh, '>', '/etc/ssh/sshd_config.d/pgen.conf')) { + print($fh "Match user pgen +ChrootDirectory ${server_dir}\n"); + close($fh); + print("Reloading SSH Daemon\n"); + system("systemctl restart sshd"); + } else { + print("Failed to add SSH Daemon rules. You need to add the following: + Match user pgen + ChrootDirectory ${server_dir}"); + } print("Server installation complete\n"); } @@ -136,10 +155,11 @@ sub remove_server unless (scalar(@paths)) { die("No chroot installation present at $server_dir\n"); } + push(@paths, '/etc/ssh/sshd_config.d/pgen.conf'); while (scalar(@paths)) { my $target = pop(@paths); - print "Removing $target...\n"; - if (-d $target) { + print "Removing $target\n"; + if (-d $target && !-l $target) { rmdir($target) || die("Failed to remove directory '$target': $!\n"); } else { unlink($target) || die("Failed to delete '$target': $!\n"); @@ -161,8 +181,9 @@ sub dig_dirs foreach (glob("$path/*"), glob("$path/.*")) { if ($path =~ m/\/\.\.?$/) { next(); - } - if (-d $_) { + } elsif (-l $_) { + push(@$paths_ref, $_); + } elsif (-d $_) { dig_dirs($paths_ref,$_); } else { push(@$paths_ref, $_);