mirror of
https://github.com/atmoz/sftp.git
synced 2024-12-01 13:00:56 -05:00
Merge branch 'master' into alpine-3.5
This commit is contained in:
Adrian Dvergsdal
commit
5009551bd7
3 changed files with 88 additions and 14 deletions
35
README.md
35
README.md
|
|
@ -12,7 +12,7 @@ This is an automated build linked with the [debian](https://hub.docker.com/_/deb
|
|||
|
||||
# Usage
|
||||
|
||||
- Required: define users as command arguments, STDIN or mounted in `/etc/sftp-users.conf`
|
||||
- Required: define users as command arguments, STDIN or mounted in `/etc/sftp/users.conf`
|
||||
(syntax: `user:pass[:e][:uid[:gid[:dir1[,dir2]...]]]...`).
|
||||
- Set UID/GID manually for your users if you want them to make changes to
|
||||
your mounted volumes with permissions matching your host filesystem.
|
||||
|
|
@ -74,7 +74,7 @@ OpenSSH client, run: `sftp -P 2222 foo@<host-ip>`
|
|||
|
||||
```
|
||||
docker run \
|
||||
-v /host/users.conf:/etc/sftp-users.conf:ro \
|
||||
-v /host/users.conf:/etc/sftp/users.conf:ro \
|
||||
-v mySftpVolume:/home \
|
||||
-v /host/ssh_host_rsa_key:/etc/ssh/ssh_host_rsa_key \
|
||||
-v /host/ssh_host_rsa_key.pub:/etc/ssh/ssh_host_rsa_key.pub \
|
||||
|
|
@ -103,10 +103,13 @@ docker run \
|
|||
Tip: you can use [atmoz/makepasswd](https://hub.docker.com/r/atmoz/makepasswd/) to generate encrypted passwords:
|
||||
`echo -n "your-password" | docker run -i --rm atmoz/makepasswd --crypt-md5 --clearfrom=-`
|
||||
|
||||
## Using SSH key (and no password)
|
||||
## Logging in with SSH keys
|
||||
|
||||
Mount all public keys in the user's `.ssh/keys/` directory. All keys are automatically
|
||||
appended to `.ssh/authorized_keys`.
|
||||
Mount public keys in the user's `.ssh/keys/` directory. All keys are
|
||||
automatically appended to `.ssh/authorized_keys` (you can't mount this file
|
||||
directly, because OpenSSH requires limited file permissions). In this example,
|
||||
we do not provide any password, so the user `foo` can only login with his SSH
|
||||
key.
|
||||
|
||||
```
|
||||
docker run \
|
||||
|
|
@ -117,6 +120,28 @@ docker run \
|
|||
foo::1001
|
||||
```
|
||||
|
||||
## Providing your own SSH host key
|
||||
|
||||
This container will generate new SSH host keys at first run. To avoid that your
|
||||
users get a MITM warning when you recreate your container (and the host keys
|
||||
changes), you can mount your own host keys.
|
||||
|
||||
```
|
||||
docker run \
|
||||
-v /host/ssh_host_ed25519_key:/etc/ssh/ssh_host_ed25519_key \
|
||||
-v /host/ssh_host_rsa_key:/etc/ssh/ssh_host_rsa_key \
|
||||
-v /host/share:/home/foo/share \
|
||||
-p 2222:22 -d atmoz/sftp \
|
||||
foo::1001
|
||||
```
|
||||
|
||||
Tip: you can generate your keys with these commands:
|
||||
|
||||
```
|
||||
ssh-keygen -t ed25519 -f /host/ssh_host_ed25519_key < /dev/null
|
||||
ssh-keygen -t rsa -b 4096 -f /etc/ssh/ssh_host_rsa_key < /dev/null
|
||||
```
|
||||
|
||||
## Execute custom scripts or applications
|
||||
|
||||
Put your programs in `/etc/sftp.d/` and it will automatically run when the container starts.
|
||||
|
|
|
|||
20
entrypoint
20
entrypoint
|
|
@ -2,8 +2,9 @@
|
|||
set -e
|
||||
export DEBIAN_FRONTEND=noninteractive
|
||||
|
||||
userConfPath="/etc/sftp-users.conf"
|
||||
userConfFinalPath="/var/run/sftp-users.conf"
|
||||
userConfPath="/etc/sftp/users.conf"
|
||||
userConfPathLegacy="/etc/sftp-users.conf"
|
||||
userConfFinalPath="/var/run/sftp/users.conf"
|
||||
|
||||
function printHelp() {
|
||||
echo "Add users as command arguments, STDIN or mounted in $userConfPath"
|
||||
|
|
@ -61,6 +62,10 @@ function createUser() {
|
|||
chown root:root /home/$user
|
||||
chmod 755 /home/$user
|
||||
|
||||
# Retrieving user id to use it in chown commands instead of the user name
|
||||
# to avoid problems on alpine when the user name contains a '.'
|
||||
uid=`id $user -u`
|
||||
|
||||
if [ -n "$pass" ]; then
|
||||
echo "$user:$pass" | chpasswd $chpasswdOptions
|
||||
else
|
||||
|
|
@ -70,7 +75,7 @@ function createUser() {
|
|||
# Add SSH keys to authorized_keys with valid permissions
|
||||
if [ -d /home/$user/.ssh/keys ]; then
|
||||
cat /home/$user/.ssh/keys/* >> /home/$user/.ssh/authorized_keys
|
||||
chown $user /home/$user/.ssh/authorized_keys
|
||||
chown $uid /home/$user/.ssh/authorized_keys
|
||||
chmod 600 /home/$user/.ssh/authorized_keys
|
||||
fi
|
||||
|
||||
|
|
@ -81,7 +86,7 @@ function createUser() {
|
|||
dirPath=/home/$user/$dirPath
|
||||
echo "Creating and/or setting permissions on $dirPath"
|
||||
mkdir -p $dirPath
|
||||
chown -R $user:users $dirPath
|
||||
chown -R $uid:users $dirPath
|
||||
done
|
||||
fi
|
||||
}
|
||||
|
|
@ -96,8 +101,15 @@ if [ "$1" == "--readme" ]; then
|
|||
exit 0
|
||||
fi
|
||||
|
||||
# Backward compatibility with legacy config path
|
||||
if [ ! -f "$userConfPath" -a -f "$userConfPathLegacy" ]; then
|
||||
mkdir -p "$(dirname $userConfPath)"
|
||||
ln -s "$userConfPathLegacy" "$userConfPath"
|
||||
fi
|
||||
|
||||
# Create users only on first run
|
||||
if [ ! -f "$userConfFinalPath" ]; then
|
||||
mkdir -p "$(dirname $userConfFinalPath)"
|
||||
|
||||
# Append mounted config to final config
|
||||
if [ -f "$userConfPath" ]; then
|
||||
|
|
|
|||
47
tests/run
47
tests/run
|
|
@ -44,9 +44,11 @@ function beforeTest() {
|
|||
mkdir "$tmpDir"
|
||||
|
||||
echo "test::$(id -u):$(id -g):dir1,dir2" >> "$tmpDir/users"
|
||||
echo "user.with.dot::$(id -u):$(id -g)" >> "$tmpDir/users"
|
||||
$sudo docker run \
|
||||
-v "$tmpDir/users:/etc/sftp-users.conf:ro" \
|
||||
-v "$tmpDir/users:/etc/sftp/users.conf:ro" \
|
||||
-v "$scriptDir/id_rsa.pub":/home/test/.ssh/keys/id_rsa.pub:ro \
|
||||
-v "$scriptDir/id_rsa.pub":/home/user.with.dot/.ssh/keys/id_rsa.pub:ro \
|
||||
-v "$tmpDir":/home/test/share \
|
||||
--name "$sftpContainerName" \
|
||||
--expose 22 \
|
||||
|
|
@ -96,19 +98,19 @@ function runSftpCommands() {
|
|||
|
||||
function waitForServer() {
|
||||
containerName="$1"
|
||||
echo -n "Waiting for $containerName to open port 22 "
|
||||
echo -n "Waiting for $containerName to open port 22 ..."
|
||||
|
||||
for i in {1..30}; do
|
||||
sleep 1
|
||||
ip="$(getSftpIp $containerName)"
|
||||
echo -n "."
|
||||
if nc -z $ip 22; then
|
||||
echo " OK"
|
||||
if [ -n "$ip" ] && nc -z $ip 22; then
|
||||
echo " OPEN"
|
||||
return 0;
|
||||
fi
|
||||
done
|
||||
|
||||
echo " FAIL"
|
||||
echo " TIMEOUT"
|
||||
return 1
|
||||
}
|
||||
|
||||
|
|
@ -132,6 +134,13 @@ function testLoginUsingSshKey() {
|
|||
assertReturn $? 0
|
||||
}
|
||||
|
||||
function testUserWithDotLogin() {
|
||||
$skipAllTests && skip && return 0
|
||||
|
||||
runSftpCommands "$sftpContainerName" "user.with.dot" "exit"
|
||||
assertReturn $? 0
|
||||
}
|
||||
|
||||
function testWritePermission() {
|
||||
$skipAllTests && skip && return 0
|
||||
|
||||
|
|
@ -189,6 +198,34 @@ function testMinimalContainerStart() {
|
|||
fi
|
||||
}
|
||||
|
||||
function testLegacyConfigPath() {
|
||||
$skipAllTests && skip && return 0
|
||||
|
||||
tmpContainerName="$sftpContainerName""_legacy"
|
||||
|
||||
echo "test::$(id -u):$(id -g)" >> "$tmpDir/legacy_users"
|
||||
$sudo docker run \
|
||||
-v "$tmpDir/legacy_users:/etc/sftp-users.conf:ro" \
|
||||
--name "$tmpContainerName" \
|
||||
--expose 22 \
|
||||
-d "$sftpImageName" \
|
||||
> "$redirect"
|
||||
|
||||
waitForServer $tmpContainerName
|
||||
|
||||
ps="$($sudo docker ps -q -f name="$tmpContainerName")"
|
||||
assertNotEqual "$ps" ""
|
||||
|
||||
if [ "$output" != "quiet" ]; then
|
||||
$sudo docker logs "$tmpContainerName"
|
||||
fi
|
||||
|
||||
if [ "$cleanup" == "cleanup" ]; then
|
||||
$sudo docker rm -fv "$tmpContainerName" > "$redirect"
|
||||
fi
|
||||
}
|
||||
|
||||
|
||||
# Bind-mount folder using script in /etc/sftp.d/
|
||||
function testCustomContainerStart() {
|
||||
$skipAllTests && skip && return 0
|
||||
|
|
|
|||
Loading…
Reference in a new issue