Check that user which ran maniver is root
This commit is contained in:
parent
f2521e317d
commit
72d91a04b9
2 changed files with 66 additions and 43 deletions
|
@ -8,3 +8,4 @@ edition = "2018"
|
|||
|
||||
[dependencies]
|
||||
regex = "1"
|
||||
users = "0"
|
||||
|
|
108
src/main.rs
108
src/main.rs
|
@ -3,45 +3,70 @@ use regex::Regex;
|
|||
use std::io::prelude::*;
|
||||
use std::process::{Command, Stdio, Output};
|
||||
use std::fs;
|
||||
use users::get_current_username;
|
||||
use std::ffi::OsString;
|
||||
|
||||
fn exit(error: String) {
|
||||
eprintln!("Error: {}", error);
|
||||
std::process::exit(0);
|
||||
}
|
||||
|
||||
fn main() {
|
||||
|
||||
let superuser = OsString::from("root");
|
||||
|
||||
match get_current_username() {
|
||||
Some(user) => match user {
|
||||
_ if user == superuser => println!("root: right user"),
|
||||
_ => exit("must be run as root".to_string()),
|
||||
}
|
||||
None => exit("the current user does not exist".to_string()),
|
||||
}
|
||||
|
||||
let args: Vec<String> = env::args().collect();
|
||||
|
||||
let tool = args[1].to_string();
|
||||
match tool.as_ref() {
|
||||
match args[1].as_ref() {
|
||||
"setup-user" => setup_user(args[2].to_string(), args[3].to_string()),
|
||||
"reload-nginx" => reload_nginx(),
|
||||
"reload-tor" => reload_tor(),
|
||||
"restart-gmnisrv" => restart_gmnisrv(),
|
||||
"le-install" => le_install(args[2].to_string()),
|
||||
"export-tor" => export_tor(args[2].to_string(), args[3].to_string()),
|
||||
_ => println!("ERROR"),
|
||||
_ => println!("ERROR: You must specify a subcommand"),
|
||||
}
|
||||
}
|
||||
|
||||
fn export_tor(username: String, dir: String) {
|
||||
if is_string_lowercase(username.to_string()) {
|
||||
if is_string_lowercase(dir.to_string()) {
|
||||
let mut src_path: String = "/var/lib/tor/niver/".to_owned();
|
||||
src_path += &dir.to_string();
|
||||
src_path += &"/hostname".to_string().to_owned();
|
||||
|
||||
let mut src_path: String = "/var/lib/tor/niver/".to_owned();
|
||||
src_path += &dir.to_string();
|
||||
src_path += &"/hostname".to_string().to_owned();
|
||||
let mut dest_path: String = "/srv/hyper/".to_owned();
|
||||
dest_path += &username.to_string();
|
||||
dest_path += &"/hyper/".to_string().to_owned();
|
||||
dest_path += &dir.to_string();
|
||||
dest_path += &"/hostname".to_string().to_owned();
|
||||
|
||||
let mut dest_path: String = "/srv/hyper/".to_owned();
|
||||
dest_path += &username.to_string();
|
||||
dest_path += &"/hyper/".to_string().to_owned();
|
||||
dest_path += &dir.to_string();
|
||||
dest_path += &"/hostname".to_string().to_owned();
|
||||
match fs::copy(src_path, &dest_path) {
|
||||
Err(why) => panic!("Erreur lors d'une copie de fichier (fs::copy) : {}", why),
|
||||
Ok(process) => process,
|
||||
};
|
||||
|
||||
match fs::copy(src_path, &dest_path) {
|
||||
Err(why) => panic!("Erreur lors d'une copie de fichier (fs::copy) : {}", why),
|
||||
Ok(process) => process,
|
||||
};
|
||||
let output = Command::new("/usr/bin/chown")
|
||||
.arg("www-data:www-data")
|
||||
.arg(dest_path)
|
||||
.output()
|
||||
.expect("failed to execute process");
|
||||
|
||||
let output = Command::new("/usr/bin/chown")
|
||||
.arg("www-data:www-data")
|
||||
.arg(dest_path)
|
||||
.output()
|
||||
.expect("failed to execute process");
|
||||
|
||||
print_output(output);
|
||||
print_output(output);
|
||||
} else {
|
||||
println!("ERROR: The dirname must be composed only of lowercase letters");
|
||||
}
|
||||
} else {
|
||||
println!("ERROR: The username must be composed only of lowercase letters");
|
||||
}
|
||||
}
|
||||
|
||||
fn le_install(domain: String) {
|
||||
|
@ -62,37 +87,33 @@ fn le_install(domain: String) {
|
|||
.arg(&domain)
|
||||
.output()
|
||||
.expect("failed to execute process");
|
||||
|
||||
print_output(output);
|
||||
}
|
||||
|
||||
fn reload_nginx() {
|
||||
|
||||
let output = Command::new("/usr/bin/systemctl")
|
||||
.arg("reload")
|
||||
.arg("nginx")
|
||||
.output()
|
||||
.expect("Error while reloading Nginx config");
|
||||
|
||||
print_output(output);
|
||||
}
|
||||
|
||||
fn print_output(output: Output) {
|
||||
println!("status: {}", output.status);
|
||||
println!("stdout: {}", String::from_utf8_lossy(&output.stdout));
|
||||
println!("stderr: {}", String::from_utf8_lossy(&output.stderr));
|
||||
|
||||
assert!(output.status.success());
|
||||
}
|
||||
|
||||
fn reload_tor() {
|
||||
|
||||
let output = Command::new("/usr/bin/systemctl")
|
||||
.arg("reload")
|
||||
.arg("tor@default")
|
||||
.output()
|
||||
.expect("Error while reloading Tor config");
|
||||
print_output(output);
|
||||
}
|
||||
|
||||
fn restart_gmnisrv() {
|
||||
let output = Command::new("/usr/bin/systemctl")
|
||||
.arg("restart")
|
||||
.arg("gmnisrv")
|
||||
.output()
|
||||
.expect("Error while restarting Gmnisrv");
|
||||
print_output(output);
|
||||
}
|
||||
|
||||
|
@ -112,26 +133,24 @@ fn setup_user(username: String, password: String) {
|
|||
quota(username4.to_string());
|
||||
|
||||
} else {
|
||||
println!("Erreur : l'username doit être composé de lettres minuscules uniquement");
|
||||
println!("ERROR: The dirname must be composed only of lowercase letters");
|
||||
}
|
||||
} else {
|
||||
println!("Erreur : le mot de passe doit faire moins de 1024 caractères");
|
||||
println!("ERROR: The password must be shorter than 1024 characters");
|
||||
}
|
||||
} else {
|
||||
println!("Erreur : l'username doit faire moins de 32 caractères");
|
||||
println!("ERROR: The username must be shorter than 32 characters");
|
||||
}
|
||||
}
|
||||
|
||||
// Set disk usage limit to the user by copying another user quota
|
||||
fn quota(username: String) {
|
||||
|
||||
let output = Command::new("/usr/sbin/edquota")
|
||||
.arg("-p")
|
||||
.arg("testfract")
|
||||
.arg(&username)
|
||||
.output()
|
||||
.expect("failed to execute process");
|
||||
|
||||
print_output(output);
|
||||
}
|
||||
|
||||
|
@ -149,7 +168,6 @@ fn chroot(username: String) {
|
|||
.arg(&path)
|
||||
.output()
|
||||
.expect("Failed to chown /srv/hyper/<username> to root:root");
|
||||
|
||||
print_output(output);
|
||||
|
||||
let output = Command::new("/usr/bin/chmod")
|
||||
|
@ -157,7 +175,6 @@ fn chroot(username: String) {
|
|||
.arg(path)
|
||||
.output()
|
||||
.expect("Failed to chmod /srv/hyper/<username> to 755");
|
||||
|
||||
print_output(output);
|
||||
|
||||
} else {
|
||||
|
@ -167,7 +184,6 @@ fn chroot(username: String) {
|
|||
|
||||
// Creates a new user in the group 'hyper', which is available only over SFTP
|
||||
fn newser(username: String) {
|
||||
|
||||
let output = Command::new("/usr/sbin/useradd")
|
||||
.arg(&username)
|
||||
.arg("--create-home")
|
||||
|
@ -179,7 +195,6 @@ fn newser(username: String) {
|
|||
.arg("/usr/sbin/nologin")
|
||||
.output()
|
||||
.expect("failed to execute process");
|
||||
|
||||
print_output(output);
|
||||
}
|
||||
|
||||
|
@ -221,3 +236,10 @@ fn is_string_lowercase(stri: String) -> bool {
|
|||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
fn print_output(output: Output) {
|
||||
println!("status: {}", output.status);
|
||||
println!("stdout: {}", String::from_utf8_lossy(&output.stdout));
|
||||
println!("stderr: {}", String::from_utf8_lossy(&output.stderr));
|
||||
assert!(output.status.success());
|
||||
}
|
||||
|
|
Reference in a new issue