0
0
Fork 0
mirror of https://github.com/atmoz/sftp.git synced 2024-12-08 13:05:39 -05:00

Merge branch 'master' into alpine

This commit is contained in:
Adrian Dvergsdal 2016-08-12 16:30:34 +02:00
commit 273cd6a23c
3 changed files with 96 additions and 43 deletions

View file

@ -10,18 +10,33 @@ This is an automated build linked with the [debian](https://hub.docker.com/_/deb
# Usage
- Define users as command arguments, STDIN or mounted in /etc/sftp-users.conf
(syntax: `user:pass[:e][:uid[:gid]]...`).
- You must set custom UID for your users if you want them to make changes to
- Define users as command arguments, STDIN or mounted in `/etc/sftp-users.conf`
(syntax: `user:pass[:e][:uid[:gid[:dir1[,dir2]...]]]...`).
- Set UID/GID manually for your users if you want them to make changes to
your mounted volumes with permissions matching your host filesystem.
- Mount volumes in user's home folder.
- Add directory names at the end, if you want to create them and/or set user
owership. Perfect when you just want a fast way to upload something without
mounting any directories, or you want to make sure a directory is owned by
a user.
- Mount volumes in user's home direcotry.
- The users are chrooted to their home directory, so you must mount the
volumes in separate directories inside the user's home directory
(/home/user/**mounted-directory**).
# Examples
## Simple docker run example
## Simplest docker run example
```
docker run -p 22:22 -d atmoz/sftp foo:pass:::upload
```
No mounted directories or custom UID/GID. User "foo" with password "pass" can login with sftp and upload files to a folder called "upload". Later you can inspect the files and use `--volumes-from` to mount them somewhere else (or see next example).
## Sharing a directory from your computer
Let's mount a direcotry and set UID:
```
docker run \
@ -77,12 +92,12 @@ docker run \
'foo:$1$0G2g0GSt$ewU0t6GXG15.0hWoOX8X9.:e:1001'
```
Tip: you can use makepasswd to generate encrypted passwords:
`echo -n "password" | makepasswd --crypt-md5 --clearfrom -`
Tip: you can use [atmoz/makepasswd](https://hub.docker.com/r/atmoz/makepasswd/) to generate encrypted passwords:
`echo -n "your-password" | docker run -i --rm atmoz/makepasswd --crypt-md5 --clearfrom=-`
## Using SSH key (without password)
## Using SSH key (and no password)
Mount all public keys in the user's `.ssh/keys/` folder. All keys are automatically
Mount all public keys in the user's `.ssh/keys/` direcotry. All keys are automatically
appended to `.ssh/authorized_keys`.
```
@ -96,18 +111,20 @@ docker run \
## Execute custom scripts or applications
Put your programs in /etc/sftp.d/ and it will automatically run when the container starts.
Put your programs in `/etc/sftp.d/` and it will automatically run when the container starts.
See next section for an example.
## Bindmount dirs from another location
If you are using --volumes-from or just want to make a custom directory
available in user's home directory, you can add a script to /etc/sftp.d/ that
If you are using `--volumes-from` or just want to make a custom directory
available in user's home directory, you can add a script to `/etc/sftp.d/` that
bindmounts after container starts.
```
#!/bin/bash
# Just an example (make your own):
# File mounted as: /etc/sftp.d/bindmount.sh
# Just an example (make your own)
function bindmount() {
if [ -d "$1" ]; then
mkdir -p "$2"
@ -115,7 +132,7 @@ function bindmount() {
mount --bind $3 "$1" "$2"
}
# Remember permissions, you may have to fix it:
# Remember permissions, you may have to fix them:
# chown -R :users /data/common
bindmount /data/admin-tools /home/admin/tools

View file

@ -7,7 +7,7 @@ userConfFinalPath="/var/run/sftp-users.conf"
function printHelp() {
echo "Add users as command arguments, STDIN or mounted in $userConfPath"
echo "Syntax: user:pass[:e][:uid[:gid]]..."
echo "Syntax: user:pass[:e][:uid[:gid[:dir1[,dir2]...]]] ..."
echo "Use --readme for more information and examples."
}
@ -25,9 +25,11 @@ function createUser() {
chpasswdOptions="-e"
uid="${param[3]}"
gid="${param[4]}"
dir="${param[5]}"
else
uid="${param[2]}"
gid="${param[3]}"
dir="${param[4]}"
fi
if [ -z "$user" ]; then
@ -72,6 +74,18 @@ function createUser() {
chown $user /home/$user/.ssh/authorized_keys
chmod 600 /home/$user/.ssh/authorized_keys
fi
# Make sure dirs exists and has correct permissions
if [ -n "$dir" ]; then
while IFS=',' read -ra dirParam; do
for dirPath in $dirParam; do
dirPath=/home/$user/$dirPath
echo "Creating and/or setting permissions on $dirPath"
mkdir -p $dirPath
chown -R $user:users $dirPath
done
done <<< $dir
fi
}
if [[ $1 =~ ^--help$|^-h$ ]]; then
@ -128,7 +142,10 @@ fi
# Source custom scripts, if any
if [ -d /etc/sftp.d ]; then
for f in /etc/sftp.d/*; do
[ -x "$f" ] && . "$f"
if [ -x "$f" ]; then
echo "Running $f ..."
$f
fi
done
unset f
fi

View file

@ -36,7 +36,7 @@ function beforeTest() {
rm -rf "$tmpDir" # clean state
mkdir "$tmpDir"
echo "test::$(id -u):$(id -g)" >> "$tmpDir/users"
echo "test::$(id -u):$(id -g):dir" >> "$tmpDir/users"
docker run \
-v "$tmpDir/users:/etc/sftp-users.conf:ro" \
-v "$scriptDir/id_rsa.pub":/home/test/.ssh/keys/id_rsa.pub:ro \
@ -86,6 +86,51 @@ function runSftpCommands() {
##############################################################################
function testContainerIsRunning() {
$skipAllTests && skip && return 0
ps="$(docker ps -q -f name="$sftpContainerName")"
assertNotEqual "$ps" ""
if [ -z "$ps" ]; then
skipAllTests=true
fi
}
function testLoginUsingSshKey() {
$skipAllTests && skip && return 0
runSftpCommands "$sftpContainerName" \
"test" \
"exit"
assertReturn $? 0
}
function testWritePermission() {
$skipAllTests && skip && return 0
runSftpCommands "$sftpContainerName" \
"test" \
"cd share" \
"mkdir test" \
"exit"
test -d "$tmpDir/test"
assertReturn $? 0
}
function testDir() {
$skipAllTests && skip && return 0
runSftpCommands "$sftpContainerName" \
"test" \
"cd dir" \
"mkdir test2" \
"get -rf test2 $tmpDir/" \
"exit"
test -d "$tmpDir/test2"
assertReturn $? 0
}
function testMinimalContainerStart() {
$skipAllTests && skip && return 0
@ -114,32 +159,6 @@ function testMinimalContainerStart() {
fi
}
function testContainerIsRunning() {
$skipAllTests && skip && return 0
ps="$(docker ps -q -f name="$sftpContainerName")"
assertNotEqual "$ps" ""
if [ -z "$ps" ]; then
skipAllTests=true
fi
}
function testLoginUsingSshKey() {
$skipAllTests && skip && return 0
runSftpCommands "$sftpContainerName" "test" "exit"
assertReturn $? 0
}
function testWritePermission() {
$skipAllTests && skip && return 0
runSftpCommands "$sftpContainerName" "test" "cd share" "mkdir test" "exit"
test -d "$tmpDir/test"
assertReturn $? 0
}
# Bind-mount folder using script in /etc/sftp.d/
function testCustomContainerStart() {
$skipAllTests && skip && return 0