From 38b16eb8e5680e641c2d02e7794bd42ccf1eb6e5 Mon Sep 17 00:00:00 2001
From: ppabc <ppabc@qq.com>
Date: Mon, 10 Jul 2017 21:16:25 +0800
Subject: [PATCH] update

---
 shell/sftp.sh | 82 +++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 82 insertions(+)
 create mode 100644 shell/sftp.sh

diff --git a/shell/sftp.sh b/shell/sftp.sh
new file mode 100644
index 0000000..5fc132f
--- /dev/null
+++ b/shell/sftp.sh
@@ -0,0 +1,82 @@
+#!/bin/bash
+## sftp开账号  限制主目录脚本
+
+PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:~/bin
+export PATH
+ 
+if [ $(whoami) != "root" ]; then
+        echo "***********************************************************************"
+        echo "Error: You must be root to run this script, please use root to run"
+        echo " **********************************************************************"
+        exit 1
+fi
+ 
+GROUPNAME="sftpchroot"
+echo "***********************************************************************"
+echo "The GroupName will chrootsftp into : [$GROUPNAME]. You can change it"
+echo "***********************************************************************"
+ 
+if [ "$GROUPNAME" = `cat /etc/group | grep "$GROUPNAME" | awk -F: '{print $1}'` ]; then
+        echo "******************************************"
+        echo "The GroupName: $GROUPNAME exist already!"
+        echo "******************************************"
+        echo "The next will add user into $GROUPNAME!"
+        echo "******************************************"
+else
+        groupadd $GROUPNAME
+        echo "**********************************************"
+        echo "This group [ $GROUPNAME ] add successfully!"
+        echo "**********************************************"
+        sed -i 's/Subsystem\tsftp\t\/usr\/libexec\/sftp-server/Subsystem\tsftp\tinternal-sftp/g' /etc/ssh/sshd_config
+        echo "Match Group $GROUPNAME" >> /etc/ssh/sshd_config
+        echo "ChrootDirectory %h" >> /etc/ssh/sshd_config
+        echo "ForceCommand internal-sftp" >> /etc/ssh/sshd_config
+        /etc/init.d/sshd condrestart
+fi
+ 
+read -p "(Please input the UserName which into $GROUPNAME to be chrooted):" user
+if [ "$user" = "" ]; then
+        echo "*****************************************************************"
+        echo "You must input UserName which will into $GROUPNAME to be chrooted!"
+        echo "*****************************************************************"
+        exit 2
+fi
+ 
+if [ ! -e /home/$user ]; then
+        echo "***************************"
+        echo "username=$user"
+        echo "***************************"
+        useradd -G $GROUPNAME $user
+        chown root:$user /home/$user
+        chmod 755 /home/$user
+        mkdir /home/$user/.ssh
+        chown $user:$user /home/$user/.ssh
+        chmod 700 /home/$user/.ssh
+        touch /home/$user/.ssh/authorized_keys
+        chown $user:$user /home/$user/.ssh/authorized_keys
+        chmod 600 /home/$user/.ssh/authorized_keys
+        echo "***************************"
+        echo Please set passwd for $
+        echo "***************************"
+        passwd $user
+else
+        echo "***************************"
+        echo "$user is exist already!"
+        echo "***************************"
+        read -p "Are you sure to chroot $user to $GROUPNAME ? [y or n]" y_or_n
+        if [ "$y_or_n" == 'y' ]; then
+                usermod -G $GROUPNAME $user
+                chown root:$user /home/$user
+                chmod 755 /home/$user
+                if [ ! -e /home/$user/.ssh ]; then
+                        mkdir /home/$user/.ssh
+                fi
+                chown $user:$user /home/$user/.ssh
+                chmod 700 /home/$user/.ssh
+                if [ ! -f /home/$user/.ssh/authorized_keys ]; then
+                        touch /home/$user/.ssh/authorized_keys
+                fi
+                chown $user:$user /home/$user/.ssh/authorized_keys
+                chmod 600 /home/$user/.ssh/authorized_keys
+        fi
+fi