|
@@ -35,6 +35,8 @@ Commands:
|
|
|
Remove access rights for user(s) to repository.
|
|
|
userdel-all <repository> <r/w/rw>
|
|
|
Remove access rights for all users for repository.
|
|
|
+ usermod <user> [<restricted|interactive>]
|
|
|
+ Deny/permit interactive user shell (git-shell/normal shell)
|
|
|
EOF
|
|
|
}
|
|
|
|
|
@@ -254,6 +256,94 @@ repository_info()
|
|
|
|
|
|
return 0
|
|
|
}
|
|
|
+# user restricted mode
|
|
|
+user_getshell()
|
|
|
+{
|
|
|
+ local sh=`cat /etc/passwd | grep "^$1:" | cut -d ':' -f 7`
|
|
|
+ echo $sh
|
|
|
+}
|
|
|
+
|
|
|
+user_interactive()
|
|
|
+{
|
|
|
+ local user="$1"
|
|
|
+ local git_shell="/home/$user/git-shell-commands"
|
|
|
+ if [ ! -f "$git_shell/no-interactive-login" ]; then
|
|
|
+ return 0
|
|
|
+ fi
|
|
|
+ local sh=`cat "$git_shell/no-interactive-login" | sed -e 's/^#[ \t]*//g'`
|
|
|
+ if [ "x$sh" = "x" ]; then
|
|
|
+ echo "Can not get user shell, using /bin/bash..." 1>&2
|
|
|
+ sh="/bin/bash"
|
|
|
+ fi
|
|
|
+ chsh -s "$sh" "$1" || return 1
|
|
|
+ rm -f "$git_shell/no-interactive-login" || return 1
|
|
|
+ rmdir "$git_shell" >/dev/null 2>&1
|
|
|
+ return 0
|
|
|
+}
|
|
|
+
|
|
|
+user_restricted()
|
|
|
+{
|
|
|
+ local user="$1"
|
|
|
+ local git_shell="/home/$user/git-shell-commands"
|
|
|
+ if [ -f "$git_shell/no-interactive-login" ]; then
|
|
|
+ return 0
|
|
|
+ fi
|
|
|
+ local sh=`user_getshell "$user"`
|
|
|
+ if [ "x$sh" = "x" ]; then
|
|
|
+ echo "Can not get user shell, using /bin/bash..." 1>&2
|
|
|
+ sh="/bin/bash"
|
|
|
+ fi
|
|
|
+ chsh -s $(command -v git-shell) "$user" || return 1
|
|
|
+ test -d "$git_shell" || mkdir "$git_shell"
|
|
|
+ echo "# $sh" > "$git_shell/no-interactive-login" && chmod +x "$git_shell/no-interactive-login" && return 0
|
|
|
+ return 1
|
|
|
+}
|
|
|
+
|
|
|
+user_showmod()
|
|
|
+{
|
|
|
+ local user="$1"
|
|
|
+ local git_shell="/home/$user/git-shell-commands"
|
|
|
+ if [ -f "$git_shell/no-interactive-login" ]; then
|
|
|
+ echo "restricted"
|
|
|
+ else
|
|
|
+ echo "interactive"
|
|
|
+ fi
|
|
|
+}
|
|
|
+
|
|
|
+user_mod()
|
|
|
+{
|
|
|
+ local user="$1"
|
|
|
+ local mode="$2"
|
|
|
+ if ! grep -q "^$user:" /etc/passwd; then
|
|
|
+ echo "No such user." 1>&2
|
|
|
+ return 1
|
|
|
+ fi
|
|
|
+ if test "x$mode" = "x"; then
|
|
|
+ user_showmod "$user"
|
|
|
+ return 0
|
|
|
+ fi
|
|
|
+ case "$mode" in
|
|
|
+ restricted)
|
|
|
+ if ! user_restricted "$user"; then
|
|
|
+ echo "Error: can not set mode, rollback..." 1>&2
|
|
|
+ user_interactive "$user"
|
|
|
+ return 1
|
|
|
+ fi
|
|
|
+ ;;
|
|
|
+ interactive)
|
|
|
+ if ! user_interactive "$user"; then
|
|
|
+ echo "Error: can not set mode, rollback..." 1>&2
|
|
|
+ user_restricted "$user"
|
|
|
+ return 1
|
|
|
+ fi
|
|
|
+ ;;
|
|
|
+ *)
|
|
|
+ echo "Error: Illegal mode \"$mode\" (restricted|interactive)" 1>&2
|
|
|
+ return 1
|
|
|
+ ;;
|
|
|
+ esac
|
|
|
+ return 0
|
|
|
+}
|
|
|
|
|
|
# Add users to access groups
|
|
|
user_add()
|
|
@@ -504,6 +594,10 @@ case "$action" in
|
|
|
test $# -lt 2 && { echo "Error: Not enough parameters" 1>&2; exit 1; }
|
|
|
user_del_all "$@" || exit 1
|
|
|
;;
|
|
|
+"usermod")
|
|
|
+ test $# -lt 1 && { echo "Error: Not enough parameters" 1>&2; exit 1; }
|
|
|
+ user_mod "$@" || exit 1
|
|
|
+ ;;
|
|
|
*)
|
|
|
echo "Error: Unknown command" 1>&2
|
|
|
exit 1
|