From c8541d6d671e878865f85fed387fe5c5d72ba9ad Mon Sep 17 00:00:00 2001 From: Adrian Dvergsdal Date: Mon, 20 Oct 2014 19:43:07 +0200 Subject: [PATCH] Support encrypted passwords and custom UID/GID --- Dockerfile | 7 ++++--- README.md | 51 +++++++++++++++++++++++++++++++++++++++------------ run | 26 ++++++++++++++++++++++---- 3 files changed, 65 insertions(+), 19 deletions(-) diff --git a/Dockerfile b/Dockerfile index d0245ad..bb5acda 100644 --- a/Dockerfile +++ b/Dockerfile @@ -9,11 +9,12 @@ RUN apt-get update && \ # sshd needs this directory to run RUN mkdir -p /var/run/sshd -# Add configuration and run script +# Add configuration and script ADD . /root WORKDIR /root -RUN mv sshd_config /etc/ssh/sshd_config +RUN mv sshd_config /etc/ssh/sshd_config && \ + chmod +x run EXPOSE 22 -CMD ["/bin/bash", "run"] +CMD ["./run"] diff --git a/README.md b/README.md index 3c64cde..9e71576 100644 --- a/README.md +++ b/README.md @@ -1,36 +1,63 @@ sftp ==== -Simple and easy to use SFTP server based on Debian +Easy to use SFTP (*SSH File Transfer Protocol*) server. Usage ----- -- Define users and passwords in comma separated list with SFTP_USERS ("user1:pass1,user2:pass2"). +- Define users and passwords in comma separated list with SFTP_USERS (syntax: + `user:pass[:e][:[uid][:gid]][,...]`). + - You must set custom UID and/or GID for your users if you want them to make + changes to your mounted volumes with permissions matching your host + filesystem. - Mount volumes in user's home folder. - -The users are chrooted to their home folders, so it is important to mount the volumes in separate folders inside the user's home folder (/home/your-user/**your-folder**). + - The users are chrooted to their home directory, so you must mount the + volumes in separate directories inside the user's home directory + (/home/user/**mounted-directory**). Examples -------- -Simple (one user and one folder): +### Single user and volume ``` docker run \ - -e SFTP_USERS="foo:123" \ - -v "/sftp/share:/home/foo/share" \ + -e SFTP_USERS='foo:123' \ + -v "/host/share:/home/foo/share" \ -p 2222:22 -d atmoz/sftp ``` -Multiple users and folders: +### Multiple users and volumes ``` docker run \ - -e SFTP_USERS="foo:123,bar:abc" \ - -v "/sftp/share:/home/foo/share" \ - -v "/sftp/ebooks:/home/foo/ebooks" \ - -v "/sftp/http:/home/bar/http" \ + -e SFTP_USERS='foo:123,bar:abc' \ + -v "/host/share:/home/foo/share" \ + -v "/host/documents:/home/foo/documents" \ + -v "/host/http:/home/bar/http" \ -p 2222:22 -d atmoz/sftp ``` +### Custom UID and GID + +``` +SFTP_USERS='foo:123:1001:100' +``` + +Only custom GID: + +``` +SFTP_USERS='foo:123::100' +``` + +### Encrypted password + +Add `:e` behind password to mark it as encrypted: + +``` +SFTP_USERS='foo:$1$0G2g0GSt$ewU0t6GXG15.0hWoOX8X9.:e:1001:100' +``` + +Tip: you can use makepasswd to generate encrypted passwords: +`echo -n 123 | makepasswd --crypt-md5 --clearfrom -` diff --git a/run b/run index a79cf86..3d2a254 100644 --- a/run +++ b/run @@ -1,17 +1,35 @@ #!/bin/bash -# Add users +# Add users (user:pass[:e][:[uid][:gid]][,...]) IFS=',' read -a users <<< "$SFTP_USERS" for userData in "${users[@]}"; do IFS=':' read -a data <<< "$userData" user="${data[0]}" pass="${data[1]}" - useradd $user - echo "$user:$pass" | chpasswd + if [ "${data[2]}" == "e" ]; then + chpasswdParams="-e" + uid="${data[3]}" + gid="${data[4]}" + else + uid="${data[2]}" + gid="${data[3]}" + fi + + useraddParams="-m -N" + + if [ -n "$uid" ]; then + useraddParams="$useraddParams -o -u $uid" + fi + + if [ -n "$gid" ]; then + useraddParams="$useraddParams -g $gid" + fi + + useradd $useraddParams "$user" + echo "$user:$pass" | chpasswd $chpasswdParams chown root:root /home/$user chmod 755 /home/$user - chown -R $user:users /home/$user/* done # Run SSH