jeancloud.env cree, user accessible que par root
This commit is contained in:
eleonore12345
parent
549bfe74e3
commit
bfc872dab8
@ -51,7 +51,7 @@ int BashModule::executeScript(string serviceUsername, string script)
|
||||
return status;
|
||||
} else {
|
||||
//child process
|
||||
if(execl("/bin/bash", "/bin/bash", "--noediting", "--noprofile", "--norc", script.c_str(), (char *)0)==-1)
|
||||
if(execl("/bin/bash", "/bin/bash", "--noediting", "--noprofile", "--norc", "--", script.c_str(), (char *)0)==-1)
|
||||
{
|
||||
cerr << "Error in the execl call of " << script << endl;
|
||||
}
|
||||
@ -105,7 +105,7 @@ int BashModule::executeScriptAs(string serviceUsername, string script)
|
||||
//executing as the user corresponding to the service
|
||||
setgid(p->pw_gid);
|
||||
setuid(p->pw_uid);
|
||||
if(execl("/bin/bash", "/bin/bash", "--noediting", "--noprofile", "--norc", script.c_str(), serviceUsername, (char *)0)==-1)
|
||||
if(execl("/bin/bash", "/bin/bash", "--noediting", "--noprofile", "--norc", "--",script.c_str(), serviceUsername, (char *)0)==-1)
|
||||
{
|
||||
cerr << "Error in the execl call of " << script << endl;
|
||||
}
|
||||
|
||||
70
src/main.cpp
70
src/main.cpp
@ -7,6 +7,7 @@
|
||||
#include <iostream>
|
||||
#include <cstring>
|
||||
#include <filesystem>
|
||||
#include <fstream>
|
||||
#include "Services.h"
|
||||
#include "Modules.h"
|
||||
#include "BashManager.h"
|
||||
@ -33,7 +34,8 @@ int isServiceOnServer(string serviceUsername)
|
||||
return 0;
|
||||
}
|
||||
|
||||
int createUser(string serviceUsername){
|
||||
int createUser(string serviceUsername)
|
||||
{
|
||||
//this method creates a Unix user dedicated to the service
|
||||
//get the User ID from servers.csv
|
||||
int uidStart=2000; //so that the uids do not overlap with existing uids
|
||||
@ -48,25 +50,65 @@ int createUser(string serviceUsername){
|
||||
return 0;
|
||||
}
|
||||
//create user
|
||||
string cmd2 ="useradd -u " + to_string(uid) + " " + serviceUsername;
|
||||
cout << cmd2 << endl;
|
||||
int res2 = BashManager::execute(cmd2);
|
||||
if (res2 != 0){
|
||||
string cmd2 ="useradd -u " + to_string(uid) + " " + serviceUsername + "&& usermod -s /sbin/nologin "+ serviceUsername; //no direct login
|
||||
string res2 = BashManager::executeAndReadResult(cmd2);
|
||||
if (res2 != ""){
|
||||
cerr << "Error when executing the bash command to create a user specific to the service." << endl;
|
||||
cerr << res2 << endl;
|
||||
return -1;
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
|
||||
int createEnv(string serviceUsername){
|
||||
//TO DO
|
||||
cout << "create env called" << endl;
|
||||
int createEnvService(string serviceUsername)
|
||||
{
|
||||
//create directories
|
||||
//filesystem::create_directories()
|
||||
|
||||
|
||||
/*
|
||||
run mkdir -p "$DATA_DIR" "$HTTP_DIR"
|
||||
run chown $uid "$DATA_DIR"
|
||||
run chmod 751 "$DATA_DIR"
|
||||
run chown $uid:www-data -R "$HTTP_DIR"
|
||||
if [ -d "$SECRET_DIR" ] ; then
|
||||
run chown $uid "$SECRET_DIR" -R
|
||||
run chmod 751 "$SECRET_DIR" -R
|
||||
fi*/ return 0;
|
||||
}
|
||||
|
||||
int removeEnvService()
|
||||
{
|
||||
/*
|
||||
[ -d "$HTTP_DIR" ] && rm -r "$HTTP_DIR"*/
|
||||
return 0;
|
||||
}
|
||||
|
||||
int deployAll(){
|
||||
int createEnv()
|
||||
{
|
||||
string proxyDir="etc/nginx";
|
||||
string dns_certs_path="/data/dnscerts.jean-cloud.org/certs/live";
|
||||
string http_certs_path="/etc/letsencrypt/live";
|
||||
|
||||
ofstream outfile ("/etc/jeancloud.env");
|
||||
outfile << "proxy_dir=" << proxyDir << endl;
|
||||
outfile << "nginx_conf_path=" << proxyDir << "/sites-enabled/" <<endl;
|
||||
outfile << "new_nginx_conf_path=" << proxyDir << "/new-sites-enabled" << endl;
|
||||
outfile << "dns_certs_path=" << dns_certs_path << endl;
|
||||
outfile << "http_certs_path=" << http_certs_path << endl;
|
||||
outfile << "dummy_cert_path=" << http_certs_path << "/dummy" <<endl;
|
||||
outfile << "servicefile=/services/services.csv";
|
||||
outfile << "services_uid_start=2000" << endl;
|
||||
outfile.close();
|
||||
return 0;
|
||||
}
|
||||
|
||||
int deployAll()
|
||||
{
|
||||
//this method deploys all the services that are on this server
|
||||
cout << "deploying all" <<endl;
|
||||
createEnv();
|
||||
//for each service deploy service
|
||||
return 0;
|
||||
}
|
||||
|
||||
@ -78,8 +120,8 @@ int deployService(string serviceUsername){
|
||||
return -1;
|
||||
}
|
||||
//environment variables creation
|
||||
if(int envCreated = createEnv(serviceUsername);envCreated!=0){
|
||||
return -1;
|
||||
if(int envCreated = createEnvService(serviceUsername);envCreated!=0){
|
||||
return -1;
|
||||
}
|
||||
//call to the deploy functionality of all modules
|
||||
//the modules themselves determine their course of action depending on the service
|
||||
@ -96,12 +138,14 @@ int deployService(string serviceUsername){
|
||||
return 0;
|
||||
}
|
||||
|
||||
int removeAll(){
|
||||
int removeAll()
|
||||
{
|
||||
cout << "removing all"<<endl;
|
||||
return 0;
|
||||
}
|
||||
|
||||
int removeService(string serviceUsername){
|
||||
int removeService(string serviceUsername)
|
||||
{
|
||||
cout<< "removing service"<<endl;
|
||||
return 0;
|
||||
}
|
||||
|
||||
Loading…
Reference in New Issue
Block a user