Safer sshd_config update. Check for site directory existance

mikeplate · May 8, 2012 · 031607c · 031607c
1 parent 48349de
commit 031607c
Show file tree

Hide file tree

Showing 3 changed files with 31 additions and 6 deletions.
diff --git a/nginx-add-php.sh b/nginx-add-php.sh
@@ -59,6 +59,10 @@ EOF
 fi
 
 # Create destination directories
+if [ -d "$DESTDIR" ]; then
+    echo "Site directory $DESTDIR already exists. Script will not continue."
+    exit 1
+fi
 mkdir -p "$DESTDIR/public"
 mkdir "$DESTDIR/logs"
 

diff --git a/nginx-add-ruby.sh b/nginx-add-ruby.sh
@@ -42,6 +42,10 @@ else
 fi
 
 # Create destination directories
+if [ -d "$DESTDIR" ]; then
+    echo "Site directory $DESTDIR already exists. Script will not continue."
+    exit 1
+fi
 mkdir -p "$DESTDIR/public"
 mkdir "$DESTDIR/views"
 mkdir "$DESTDIR/tmp"

diff --git a/nginx-common.sh b/nginx-common.sh
@@ -25,15 +25,28 @@ function prepare_user {
     cat /etc/group | grep sftp > /dev/null
     if [ $? -ne 0 ]; then
         addgroup sftp > /dev/null
-        grep 'Match Group sftp' /etc/ssh/sshd_config
+    fi
+    usermod -a -G sftp $user_name
+
+    # Does ssh configuration has a sftp section?
+    grep -q 'Match Group sftp' /etc/ssh/sshd_config
+    if [ $? -ne 0 ]; then
+        cp /etc/ssh/sshd_config tmp/sshd_config.backup
+        echo '' >> /etc/ssh/sshd_config
+        echo 'Match Group sftp' >> /etc/ssh/sshd_config
+        echo '    ChrootDirectory %h' >> /etc/ssh/sshd_config
+        echo '    ForceCommand internal-sftp -f AUTH -l INFO' >> /etc/ssh/sshd_config
+        echo '    AllowTcpForwarding no' >> /etc/ssh/sshd_config
+        sshd -t
         if [ $? -ne 0 ]; then
-            echo 'Match Group sftp' >> /etc/ssh/sshd_config
-            echo '    ChrootDirectory %h' >> /etc/ssh/sshd_config
-            echo '    ForceCommand internal-sftp -f AUTH -l INFO' >> /etc/ssh/sshd_config
-            echo '    AllowTcpForwarding no' >> /etc/ssh/sshd_config
+            cp tmp/sshd_config.backup /etc/ssh/sshd_config
+            echo 'SSH reported error in configuration file after change. Previous config is restored.'
+            echo 'Fix configuration file /etc/ssh/sshd_config manually. The script is continuing.'
+        else
+            rm tmp/sshd_config.backup
+            restart ssh
         fi
     fi
-    usermod -a -G sftp $user_name
 
     # Set up for logging sftp operations for this user
     if [ ! -f /etc/rsyslog.d/sftp.conf ]; then
@@ -42,6 +55,10 @@ function prepare_user {
     fi
     sed -i "/sftp.log/i \$AddUnixListenSocket $HOMEDIR/dev/log" /etc/rsyslog.d/sftp.conf
     restart rsyslog
+    if [ $? -ne 0 ]; then
+        echo 'Failed to restart rsyslog'
+        exit $?
+    fi
 }