From 4f2d7949f03e1c198bc888f2d05f421d35c57e21 Mon Sep 17 00:00:00 2001 From: V3n3RiX Date: Mon, 9 Oct 2017 18:53:29 +0100 Subject: reinit the tree, so we can have metadata --- net-misc/scponly/Manifest | 7 + net-misc/scponly/files/scponly-4.8-gcc4.4.0.patch | 15 ++ net-misc/scponly/files/scponly-4.8-rsync.patch | 212 ++++++++++++++++++ net-misc/scponly/metadata.xml | 28 +++ net-misc/scponly/scponly-4.8-r5.ebuild | 248 ++++++++++++++++++++++ 5 files changed, 510 insertions(+) create mode 100644 net-misc/scponly/Manifest create mode 100644 net-misc/scponly/files/scponly-4.8-gcc4.4.0.patch create mode 100644 net-misc/scponly/files/scponly-4.8-rsync.patch create mode 100644 net-misc/scponly/metadata.xml create mode 100644 net-misc/scponly/scponly-4.8-r5.ebuild (limited to 'net-misc/scponly') diff --git a/net-misc/scponly/Manifest b/net-misc/scponly/Manifest new file mode 100644 index 000000000000..c4bdcf96a139 --- /dev/null +++ b/net-misc/scponly/Manifest @@ -0,0 +1,7 @@ +AUX scponly-4.8-gcc4.4.0.patch 571 SHA256 bf89c4b56552654140c93b5cf3090370c24ee20e5870f0cf0df76218e52e15b2 SHA512 2e215ab2c39bb0550345725d3d509354be88144000072e5e14eda9f0ecb1bcc4c418e76d9db85ef6d6568962efc4472fe28d855e15adfe2bc5ba78c69d293a12 WHIRLPOOL 9853aa544070fae241e48da11821adccfb87d7229330dd01d72ccc097ae2f9bc57385d1d1739c8e9f2c5e4fbdcd7820ebdf8a18a74129ca4a57a067ff4956dbd +AUX scponly-4.8-rsync.patch 7838 SHA256 bfab1408ad8cfdfd8fc7f9b583c57a5c6b73be36cb3955db46e4c892acd7e55e SHA512 37885c9b46422ac034182f9c9f230b4e806ce8c894ebb6c621f0e2b3d5f46c91db902c2dae6aefe5471907025d400320e4eff37cc7c5cc4c6f7d8c88a38e53f8 WHIRLPOOL b5114140169e4937f45b52b34db8de37aa03685a1810b47fcc1f7f20136f500551e2673ac8396d6c059b78b47028730f901cee208500939454e3333eb2fe5eba +DIST scponly-4.8.tgz 101687 SHA256 1693dd678355749c5d9e48ecdd4628dbfe71d82955afde950ee8d88b5adc01cf SHA512 134c008a7377cef7b8e0be483df8413e162a515967147f561d23b72bdef3dfbe70a8313811dfff6372b88f15c1ac8a4385831fcf329261276993c64d5040f29b WHIRLPOOL 31ed4fda62484dbaa6eb678635a916db3e191ab98bb7ed0e7f6e794ef7d0dac0251e51bf7e627d48c00b17d550ce6dc0ed196fdfa3c2379ca7feec5544b200ba +EBUILD scponly-4.8-r5.ebuild 6849 SHA256 b019e13236a0e88854f3c59d7bcf59c1544af872e4496b0a540a6e740ef04fa3 SHA512 a055d2699afa7a7d55a022a748ceb661beeaa5ccf59a9ad99d0a429930da3ac3fea9c7d87f131f76d69cf591fe189b50b25d8b42a9c2bcc73cfe2220d6dd1aaa WHIRLPOOL 029a8e6b5d3b9288663cddcc4f68b23ebe208778efbe71c6a3e3ecb9cc47faa47ac5c03f1f0a551c3b81a380ab835aecb6ac70481ca2dbc5945fabc0dd86433e +MISC ChangeLog 2593 SHA256 c552ea9442e4b6250ec5ff3565b0f2d3d4737d73f848e9370ef0b4255b0cc772 SHA512 453d93e4261e62fd3a57b3cc8851cee9186d3c91adb3bd0a646d9e3943f00c4e63764c69e4fd54f73f5d98649709ce042dba754fc4a56d561e14c22c340565ba WHIRLPOOL 158717d5560822e9669de41698b59d718556dbd0fc2f7d1feda468215696c7511c02fd59c2629775e216e7ffbbee3b841784b04889cbd754308eae99046ad302 +MISC ChangeLog-2015 8674 SHA256 2ed92598aa1083b9cf7a1efae52ac5fd6489230e2b6dde7ca5278c0644fd827e SHA512 2f111af972a3b390ed4c5756984d1017db5a171e49d24d3a35559fe7a9fae6839c612d7cc128de8187da71c7c66c0f4e239803917a17aef319364c448de31ed2 WHIRLPOOL 287f7ba8e861194bc0e2b8c91ebc6f070916e0a39e210bf5d662c08d8aac639a201c65d0a914466597b40a35b76cec2a5d0aece84f7baa51189906c754f0594b +MISC metadata.xml 1443 SHA256 c9cb81eb63124e2e17d95d134049441613abecc17ffe86f503a91da97fbea8d8 SHA512 b44a26ac0944e8b0b99bfd62a21684b9846a52e416a2874a1af9bbcdf270ff337dd26a55a24c6b4dd131ba51ef3b7b40e1375478a14049392782a5adbb1fed07 WHIRLPOOL 94dbff63a7f0ea5194495fdb8a9de55c448cf98b6c4c48e15e8ccceeb2ce676f27bd019dae598d66f81d9d9e437f2c8dfa55e76299ce43c10e9c54de76f46835 diff --git a/net-misc/scponly/files/scponly-4.8-gcc4.4.0.patch b/net-misc/scponly/files/scponly-4.8-gcc4.4.0.patch new file mode 100644 index 000000000000..d08ce28b93b5 --- /dev/null +++ b/net-misc/scponly/files/scponly-4.8-gcc4.4.0.patch @@ -0,0 +1,15 @@ +--- helper.c.orig 2009-05-11 00:33:08.000000000 -0600 ++++ helper.c 2009-05-11 00:39:59.000000000 -0600 +@@ -259,11 +259,11 @@ + PROG_RSYNC, logstamp()); + return 1; + } + #endif /* RSYNC_COMPAT */ + +-#elif /* HAVE_GETOPT */ ++#else /* HAVE_GETOPT */ + /* + * make sure that processing doesn't continue if we can't validate a rsync check + * and if the getopt flag is set. + */ + syslog(LOG_ERR, "a getopt() argument check could not be performed for %s, recompile scponly without support for %s or rebuild scponly with getopt", av[0], av[0]); diff --git a/net-misc/scponly/files/scponly-4.8-rsync.patch b/net-misc/scponly/files/scponly-4.8-rsync.patch new file mode 100644 index 000000000000..40ca5e44f215 --- /dev/null +++ b/net-misc/scponly/files/scponly-4.8-rsync.patch @@ -0,0 +1,212 @@ +diff -Naur scponly-4.8.orig/CHANGELOG scponly-4.8/CHANGELOG +--- scponly-4.8.orig/CHANGELOG 2008-01-15 15:26:13.000000000 +0900 ++++ scponly-4.8/CHANGELOG 2009-03-18 21:29:48.000000000 +0900 +@@ -1,3 +1,9 @@ ++CVS ++ Update the SECURITY document to include a reference to /etc/popt and ~/.popt as ++ they relate to rsync. ++ Fix for rsync-3.0 which now uses a short -e option, with an optional argument as ++ a server side option indicating protocol compatibility. ++ + scponly v4.8 - jan 14 2008 + fix support for quota and passwd when running within the chroot (exec pre-chroot) + disallow rsync and svnserve from being run as daemons that listen on a port +diff -Naur scponly-4.8.orig/SECURITY scponly-4.8/SECURITY +--- scponly-4.8.orig/SECURITY 2008-01-15 15:26:13.000000000 +0900 ++++ scponly-4.8/SECURITY 2009-03-18 21:29:48.000000000 +0900 +@@ -28,6 +28,10 @@ + + svn, svnserve, rsync, and unison + ++ Note specifically that rsync uses popt for parsing command line arguments ++ and popt explicitly checks /etc/popt and $HOME/.popt for aliases. Thus, ++ users can likely bypass argument checking for rsync. ++ + 4) Make sure that all files required for the chroot have the IMMUTABLE and + UNDELETABLE bits set. Other bits might also be prudent. See: man 1 chattr. + +@@ -39,13 +43,16 @@ + ~/.ssh, ~/.unison, ~/.subversion + + NOTE: depending on file permissions in the above, ssh, unison, and +- subversion may not work correctly. ++ subversion may not work correctly. Also note that the location of the ++ above directories is sometimes system dependent, so please check the ++ documentation specific to your system. + + 7) Make sure that every directory the users have write permissions to are + on a filesystem that is mounted NODEV, NOEXEC. Eg. Make sure that they + cannot execute files that they have permissions to upload. They should + also not need permissions to create any devices. If the user can't execute +- any files that he has access to upload, then you need not worry about the ++ any files that he has access to upload and the executable files on the ++ system are not considered harmful, then you need not worry about the + security problems referencing svn/svnserve above! + + 8) Monitor your logs! If you start to see something funny, odd, or strange in +diff -Naur scponly-4.8.orig/helper.c scponly-4.8/helper.c +--- scponly-4.8.orig/helper.c 2008-01-15 15:26:13.000000000 +0900 ++++ scponly-4.8/helper.c 2009-03-18 21:29:48.000000000 +0900 +@@ -6,17 +6,15 @@ + #include /* for stat, getpwuid */ + #include /* for stat */ + #include /* for exit, access, getpwuid, execve, getopt */ +-#ifdef HAVE_GETOPT_H +-#include /* for getopt */ +-#endif + #include /* for debugging */ + #include /* to get username for config parsing */ + #include /* time */ + #include /* basename */ + #include /* realloc */ + #include +-#include "scponly.h" ++ + #include "config.h" ++#include "scponly.h" /* includes getopt */ + + #ifdef HAVE_GLOB + #include /* for glob() */ +@@ -26,6 +24,11 @@ + #endif + #endif + ++#ifdef RSYNC_COMPAT ++#define RSYNC_ARG_SERVER 0x01 ++#define RSYNC_ARG_EXECUTE 0x02 ++#endif ++ + #define MAX(x,y) ( ( x > y ) ? x : y ) + #define MIN(x,y) ( ( x < y ) ? x : y ) + +@@ -164,6 +167,13 @@ + int ch; + int ac=0; + int longopt_index = 0; ++#ifdef RSYNC_COMPAT ++ /* ++ * bitwise flag: 0x01 = server, 0x02 = -e. ++ * Thus 0x03 is allowed and 0x01 is allowed, but 0x02 is not allowed ++ */ ++ int rsync_flags = 0; ++#endif /* RSYNC_COMPAT */ + + while (cmdarg != NULL) + { +@@ -207,7 +217,7 @@ + * otherwise, try a glibc-style reset of the global getopt vars + */ + optind=0; +-#endif ++#endif /* HAVE_OPTRESET */ + /* + * tell getopt to only be strict if the 'opts' is well defined + */ +@@ -216,28 +226,49 @@ + + debug(LOG_DEBUG, "getopt processing returned '%c' (%s)", ch, logstamp()); + ++#ifdef RSYNC_COMPAT ++ if (exact_match(cmdarg->name, PROG_RSYNC) && (ch == 's' || ch == 'e')) { ++ if (ch == 's') ++ rsync_flags |= RSYNC_ARG_SERVER; ++ else ++ /* -e */ ++ rsync_flags |= RSYNC_ARG_EXECUTE; ++ debug(LOG_DEBUG, "rsync_flags are now set to: %0x", rsync_flags); ++ } ++ else ++#endif /* RSYNC_COMPAT */ ++ + /* if the character is found in badarg, then it's not a permitted option */ + if (cmdarg->badarg != NULL && (strchr(cmdarg->badarg, ch) != NULL)) + { + syslog(LOG_ERR, "option '%c' or a related long option is not permitted for use with %s (arg was %s) (%s))", +- ch, cmdarg->name, optarg, logstamp()); ++ ch, cmdarg->name, (optarg!=NULL ? optarg : ""), logstamp()); + return 1; + } + else if (cmdarg->strict && ch == '?') + { + syslog(LOG_ERR, "an unrecognized option was encountered while processing cmd %s (arg was %s) (%s))", +- cmdarg->name, optarg, logstamp()); ++ cmdarg->name, (optarg!=NULL ? optarg : ""), logstamp()); + return 1; + } + } +-#elif ++#ifdef RSYNC_COMPAT ++ /* it's not safe if the execute flag was set and server was not set */ ++ if ((rsync_flags & RSYNC_ARG_EXECUTE) != 0 && (rsync_flags & RSYNC_ARG_SERVER) == 0) { ++ syslog(LOG_ERR, "option 'e' is not allowed unless '--server' is also set with cmd %s (%s)", ++ PROG_RSYNC, logstamp()); ++ return 1; ++ } ++#endif /* RSYNC_COMPAT */ ++ ++#elif /* HAVE_GETOPT */ + /* + * make sure that processing doesn't continue if we can't validate a rsync check + * and if the getopt flag is set. + */ + syslog(LOG_ERR, "a getopt() argument check could not be performed for %s, recompile scponly without support for %s or rebuild scponly with getopt", av[0], av[0]); + return 1; +-#endif ++#endif /* HAVE_GETOPT */ + } + else + /* +diff -Naur scponly-4.8.orig/scponly.c scponly-4.8/scponly.c +--- scponly-4.8.orig/scponly.c 2008-01-15 15:28:24.000000000 +0900 ++++ scponly-4.8/scponly.c 2009-03-18 21:29:48.000000000 +0900 +@@ -91,16 +91,18 @@ + + #ifdef RSYNC_COMPAT + struct option rsync_longopts[] = { ++ /* options we need to know about that are safe */ ++ {"server", 0, 0, (int)'s'}, + /* I use 'e' for val here because that's what's listed in cmd_arg_t->badarg */ +- {"rsh", 1, 0, (int)'e'}, ++ {"rsh", 1, 0, (int)'r'}, + /* the following are disabled because they use daemon mode */ +- {"daemon", 0, 0, (int)'e'}, +- {"rsync-path", 1, 0, (int)'e'}, +- {"address", 1, 0, (int)'e'}, +- {"port", 1, 0, (int)'e'}, +- {"sockopts", 1, 0, (int)'e'}, +- {"config", 1, 0, (int)'e'}, +- {"no-detach", 0, 0, (int)'e'}, ++ {"daemon", 0, 0, (int)'d'}, ++ {"rsync-path", 1, 0, (int)'d'}, ++ {"address", 1, 0, (int)'d'}, ++ {"port", 1, 0, (int)'d'}, ++ {"sockopts", 1, 0, (int)'d'}, ++ {"config", 1, 0, (int)'d'}, ++ {"no-detach", 0, 0, (int)'d'}, + { NULL, 0, NULL, 0 }, + }; + #endif +@@ -157,7 +159,7 @@ + { PROG_SCP, 1, 1, "SoF", "dfl:prtvBCc:i:P:q1246S:o:F:", empty_longopts }, + #endif + #ifdef RSYNC_COMPAT +- { PROG_RSYNC, 1, 0, "e", "e:", rsync_longopts }, ++ { PROG_RSYNC, 1, 0, "rde", "e::", rsync_longopts }, + #endif + #ifdef UNISON_COMPAT + { PROG_UNISON, 0, 0, "-rshcmd", NULL, empty_longopts }, +diff -Naur scponly-4.8.orig/scponly.h scponly-4.8/scponly.h +--- scponly-4.8.orig/scponly.h 2008-01-15 15:26:13.000000000 +0900 ++++ scponly-4.8/scponly.h 2009-03-18 21:29:48.000000000 +0900 +@@ -1,6 +1,9 @@ + #include /* FILENAME_MAX */ +-#include /* struct option */ +-#include "config.h" ++#include "config.h" /* include before most other files */ ++ ++#ifdef HAVE_GETOPT_H ++#include /* for struct option for getopt */ ++#endif + + #define MAX_USERNAME 32 + #define MAX_REQUEST (1024) /* any request exceeding this is truncated */ diff --git a/net-misc/scponly/metadata.xml b/net-misc/scponly/metadata.xml new file mode 100644 index 000000000000..cc5fae365f3a --- /dev/null +++ b/net-misc/scponly/metadata.xml @@ -0,0 +1,28 @@ + + + + + + scponly is an alternative 'shell' (of sorts) for system administrators + who would like to provide access to remote users to both read and write + local files without providing any remote execution priviledges. + Functionally, it is best described as a wrapper to the tried and true + ssh suite of applications. + + + Enables rsync compatibility with potential security risks + Enables Unison compatibility with potential security risks + Enables Subversion compatibility with potential security risks + Enables WinSCP 2.0 compatibility with potential security risks + Enables scp compatibility with potential security risks + Enables SFTP compatibility + Enables gFTP compatibility + Enables quota compatibility + Enables passwd compatibility + Enables SFTP logging compatibility + Enables wildcard processing with potential security risks + + + scponly + + diff --git a/net-misc/scponly/scponly-4.8-r5.ebuild b/net-misc/scponly/scponly-4.8-r5.ebuild new file mode 100644 index 000000000000..8a119ed2a587 --- /dev/null +++ b/net-misc/scponly/scponly-4.8-r5.ebuild @@ -0,0 +1,248 @@ +# Copyright 1999-2014 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=5 +inherit eutils multilib readme.gentoo toolchain-funcs user + +DESCRIPTION="A tiny pseudoshell which only permits scp and sftp" +HOMEPAGE="http://www.sublimation.org/scponly/" +SRC_URI="mirror://sourceforge/scponly/${P}.tgz" + +LICENSE="BSD-2" +SLOT="0" +KEYWORDS="amd64 ppc sparc x86" +IUSE="+sftp scp winscp gftp rsync unison subversion wildcards quota passwd logging" +REQUIRED_USE=" + || ( sftp scp winscp rsync unison subversion ) +" + +RDEPEND=" + sys-apps/sed + net-misc/openssh + quota? ( sys-fs/quota ) + rsync? ( net-misc/rsync ) + subversion? ( dev-vcs/subversion ) +" +DEPEND="${RDEPEND}" + +myuser="scponly" +myhome="/home/${myuser}" +mysubdir="/pub" + +DOC_CONTENTS=" + You might want to run\n + emerge --config =${CATEGORY}/${PF}\n + \nto setup the chroot. Otherwise you will have to setup chroot manually + Please read the docs in /usr/share/doc/${PF} for more informations, also + the SECURITY file. +" + +src_prepare() { + epatch "${FILESDIR}/${P}-rsync.patch" + # bug #269242 + epatch "${FILESDIR}/${P}-gcc4.4.0.patch" +} + +src_configure() { + CFLAGS="${CFLAGS} ${LDFLAGS}" econf \ + --with-sftp-server="/usr/$(get_libdir)/misc/sftp-server" \ + --disable-restrictive-names \ + --enable-chrooted-binary \ + --enable-chroot-checkdir \ + $(use_enable winscp winscp-compat) \ + $(use_enable gftp gftp-compat) \ + $(use_enable scp scp-compat) \ + $(use_enable sftp sftp) \ + $(use_enable quota quota-compat) \ + $(use_enable passwd passwd-compat) \ + $(use_enable rsync rsync-compat) \ + $(use_enable unison unison-compat) \ + $(use_enable subversion svn-compat) \ + $(use_enable subversion svnserv-compat) \ + $(use_enable logging sftp-logging-compat) \ + $(use_enable wildcards wildcards) +} + +src_compile() { + emake CC=$(tc-getCC) +} + +src_install() { + emake DESTDIR="${D}" install + + dodoc AUTHOR BUILDING-JAILS.TXT CHANGELOG CONTRIB README SECURITY TODO + + # don't compress setup-script, so it is usable if necessary + insinto /usr/share/doc/${PF}/chroot + doins setup_chroot.sh config.h + + readme.gentoo_create_doc +} + +pkg_postinst() { + # two slashes ('//') are used by scponlyc to determine the chroot point. + enewgroup "${myuser}" + enewuser "${myuser}" -1 /usr/sbin/scponlyc "${myhome}//" "${myuser}" + + readme.gentoo_print_elog +} + +pkg_config() { + # pkg_postinst is based on ${S}/setup_chroot.sh. + + einfo "Collecting binaries and libraries..." + + # Binaries launched in sftp compat mode + if has_version "=${CATEGORY}/${PF}[sftp]" ; then + BINARIES="/usr/$(get_libdir)/misc/sftp-server" + fi + + # Binaries launched by vanilla- and WinSCP modes + if has_version "=${CATEGORY}/${PF}[scp]" || \ + has_version "=${CATEGORY}/${PF}[winscp]" ; then + BINARIES="${BINARIES} /usr/bin/scp /bin/ls /bin/rm /bin/ln /bin/mv" + BINARIES="${BINARIES} /bin/chmod /bin/chown /bin/chgrp /bin/mkdir /bin/rmdir" + fi + + # Binaries launched in WinSCP compatibility mode + if has_version "=${CATEGORY}/${PF}[winscp]" ; then + BINARIES="${BINARIES} /bin/pwd /bin/groups /usr/bin/id /bin/echo" + fi + + # Rsync compatability mode + if has_version "=${CATEGORY}/${PF}[rsync]" ; then + BINARIES="${BINARIES} /usr/bin/rsync" + fi + + # Unison compatability mode + if has_version "=${CATEGORY}/${PF}[unison]" ; then + BINARIES="${BINARIES} /usr/bin/unison" + fi + + # subversion cli/svnserv compatibility + if has_version "=${CATEGORY}/${PF}[subversion]" ; then + BINARIES="${BINARIES} /usr/bin/svn /usr/bin/svnserve" + fi + + # passwd compatibility + if has_version "=${CATEGORY}/${PF}[passwd]" ; then + BINARIES="${BINARIES} /bin/passwd" + fi + + # quota compatibility + if has_version "=${CATEGORY}/${PF}[quota]" ; then + BINARIES="${BINARIES} /usr/bin/quota" + fi + + # build lib dependencies + LIB_LIST=$(ldd ${BINARIES} | sed -n 's:.* => \(/[^ ]\+\).*:\1:p' | sort -u) + + # search and add ld*.so + for LIB in /$(get_libdir)/ld.so /libexec/ld-elf.so /libexec/ld-elf.so.1 \ + /usr/libexec/ld.so /$(get_libdir)/ld-linux*.so.2 /usr/libexec/ld-elf.so.1; do + [ -f "${LIB}" ] && LIB_LIST="${LIB_LIST} ${LIB}" + done + + # search and add libnss_*.so + for LIB in /$(get_libdir)/libnss_{compat,files}*.so.*; do + [ -f "${LIB}" ] && LIB_LIST="${LIB_LIST} ${LIB}" + done + + # create base dirs + if [ ! -d "${myhome}" ]; then + einfo "Creating ${myhome}" + install -o0 -g0 -m0755 -d "${myhome}" + else + einfo "Setting owner for ${myhome}" + chown 0:0 "${myhome}" + fi + + if [ ! -d "${myhome}/etc" ]; then + einfo "Creating ${myhome}/etc" + install -o0 -g0 -m0755 -d "${myhome}/etc" + fi + + if [ ! -d "${myhome}/$(get_libdir)" ]; then + einfo "Creating ${myhome}/$(get_libdir)" + install -o0 -g0 -m0755 -d "${myhome}/$(get_libdir)" + fi + + if [ ! -e "${myhome}/lib" ]; then + einfo "Creating ${myhome}/lib" + ln -snf $(get_libdir) "${myhome}/lib" + fi + + if [ ! -d "${myhome}/usr/$(get_libdir)" ]; then + einfo "Creating ${myhome}/usr/$(get_libdir)" + install -o0 -g0 -m0755 -d "${myhome}/usr/$(get_libdir)" + fi + + if [ ! -e "${myhome}/usr/lib" ]; then + einfo "Creating ${myhome}/usr/lib" + ln -snf $(get_libdir) "${myhome}/usr/lib" + fi + + if [ ! -d "${myhome}${mysubdir}" ]; then + einfo "Creating ${myhome}${mysubdir} directory for uploading files" + install -o${myuser} -g${myuser} -m0755 -d "${myhome}${mysubdir}" + fi + + # create /dev/null (Bug 135505) + if [ ! -e "${myhome}/dev/null" ]; then + install -o0 -g0 -m0755 -d "${myhome}/dev" + mknod -m0777 "${myhome}/dev/null" c 1 3 + fi + + # install binaries + for BIN in ${BINARIES}; do + einfo "Install ${BIN}" + install -o0 -g0 -m0755 -d "${myhome}$(dirname ${BIN})" + if [ "${BIN}" = "/bin/passwd" ]; then # needs suid + install -p -o0 -g0 -m04711 "${BIN}" "${myhome}/${BIN}" + else + install -p -o0 -g0 -m0755 "${BIN}" "${myhome}/${BIN}" + fi + done + + # install libs + for LIB in ${LIB_LIST}; do + einfo "Install ${LIB}" + install -o0 -g0 -m0755 -d "${myhome}$(dirname ${LIB})" + install -p -o0 -g0 -m0755 "${LIB}" "${myhome}/${LIB}" + done + + # create ld.so.conf + einfo "Creating /etc/ld.so.conf" + for LIB in ${LIB_LIST}; do + dirname ${LIB} + done | sort -u | while read DIR; do + if ! grep 2>/dev/null -q "^${DIR}$" "${myhome}/etc/ld.so.conf"; then + echo "${DIR}" >> "${myhome}/etc/ld.so.conf" + fi + done + ldconfig -r "${myhome}" + + # update shells + einfo "Updating /etc/shells" + grep 2>/dev/null -q "^/usr/bin/scponly$" /etc/shells \ + || echo "/usr/bin/scponly" >> /etc/shells + + grep 2>/dev/null -q "^/usr/sbin/scponlyc$" /etc/shells \ + || echo "/usr/sbin/scponlyc" >> /etc/shells + + # create /etc/passwd + if [ ! -e "${myhome}/etc/passwd" ]; then + ( + echo "root:x:0:0:root:/:/bin/sh" + sed -n "s|^\(${myuser}:[^:]*:[^:]*:[^:]*:[^:]*:\).*|\1${mysubdir}:/bin/sh|p" /etc/passwd + ) > "${myhome}/etc/passwd" + fi + + # create /etc/group + if [ ! -e "${myhome}/etc/group" ]; then + ( + echo "root:x:0:" + sed -n "s|^\(${myuser}:[^:]*:[^:]*:\).*|\1|p" /etc/group + ) > "${myhome}/etc/group" + fi +} -- cgit v1.2.3