forked from stilliard/docker-pure-ftpd
-
Notifications
You must be signed in to change notification settings - Fork 0
/
run_pure_ftpd.sh
117 lines (99 loc) · 3.8 KB
/
run_pure_ftpd.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
#!/bin/bash
# build up flags passed to this file on run + env flag for additional flags
# e.g. -e "ADDED_FLAGS=--tls=2"
PURE_FTPD_FLAGS=" $@ $ADDED_FLAGS "
PASSWD_FILE="/etc/pure-ftpd/pureftpd.passwd"
# Load in any existing db from volume store
if [ -e /etc/pure-ftpd/pureftpd.passwd ]
then
pure-pw mkdb /etc/pure-ftpd/pureftpd.pdb -f "$PASSWD_FILE"
fi
# detect if using TLS (from volumed in file) but no flag set, set one
if [ -e /etc/ssl/private/pureftpd.pem ] && [[ "$PURE_FTPD_FLAGS" != *"--tls"* ]]
then
echo "TLS Enabled"
PURE_FTPD_FLAGS="$PURE_FTPD_FLAGS --tls=1 "
fi
# If TLS flag is set and no certificate exists, generate it
if [ ! -e /etc/ssl/private/pure-ftpd.pem ] && [[ "$PURE_FTPD_FLAGS" == *"--tls"* ]] && [ ! -z "$TLS_CN" ] && [ ! -z "$TLS_ORG" ] && [ ! -z "$TLS_C" ]
then
echo "Generating self-signed certificate"
mkdir -p /etc/ssl/private
if [[ "$TLS_USE_DSAPRAM" == "true" ]]; then
openssl dhparam -dsaparam -out /etc/ssl/private/pure-ftpd-dhparams.pem 2048
else
openssl dhparam -out /etc/ssl/private/pure-ftpd-dhparams.pem 2048
fi
openssl req -subj "/CN=${TLS_CN}/O=${TLS_ORG}/C=${TLS_C}" -days 1826 \
-x509 -nodes -newkey rsa:2048 -sha256 -keyout \
/etc/ssl/private/pure-ftpd.pem \
-out /etc/ssl/private/pure-ftpd.pem
chmod 600 /etc/ssl/private/*.pem
fi
# Add user
if [ ! -z "$FTP_USER_NAME" ] && [ ! -z "$FTP_USER_PASS" ] && [ ! -z "$FTP_USER_HOME" ]
then
echo "Creating user..."
# make sure the home folder exists
mkdir -p "$FTP_USER_HOME"
# Generate the file that will be used to inject in the password prompt stdin
PWD_FILE="$(mktemp)"
echo "$FTP_USER_PASS
$FTP_USER_PASS" > "$PWD_FILE"
# Set uid/gid
PURE_PW_ADD_FLAGS=""
if [ ! -z "$FTP_USER_UID" ]
then
PURE_PW_ADD_FLAGS="$PURE_PW_ADD_FLAGS -u $FTP_USER_UID"
else
PURE_PW_ADD_FLAGS="$PURE_PW_ADD_FLAGS -u ftp"
fi
if [ ! -z "$FTP_USER_GID" ]
then
PURE_PW_ADD_FLAGS="$PURE_PW_ADD_FLAGS -g $FTP_USER_GID"
fi
pure-pw useradd "$FTP_USER_NAME" -f "$PASSWD_FILE" -m -d "$FTP_USER_HOME" $PURE_PW_ADD_FLAGS < "$PWD_FILE"
if [ ! -z "$FTP_USER_HOME_PERMISSION" ]
then
chmod "$FTP_USER_HOME_PERMISSION" "$FTP_USER_HOME"
echo " root user give $FTP_USER_NAME ftp user at $FTP_USER_HOME directory has $FTP_USER_HOME_PERMISSION permission"
fi
if [ ! -z "$FTP_USER_UID" ]
then
if ! [[ $(ls -ldn $FTP_USER_HOME | awk '{print $3}') = $FTP_USER_UID ]]
then
chown $FTP_USER_UID "$FTP_USER_HOME"
echo " root user give $FTP_USER_HOME directory $FTP_USER_UID owner"
fi
else
if ! [[ $(ls -ld $FTP_USER_HOME | awk '{print $3}') = 'ftp' ]]
then
chown ftp "$FTP_USER_HOME"
echo " root user give $FTP_USER_HOME directory ftp owner"
fi
fi
rm "$PWD_FILE"
fi
# Set passive port range in pureftpd options if not already existent
if [[ $PURE_FTPD_FLAGS != *" -p "* ]]
then
echo "Setting default port range to: $MIN_PASV_PORT:$MAX_PASV_PORT"
PURE_FTPD_FLAGS="$PURE_FTPD_FLAGS -p $MIN_PASV_PORT:$MAX_PASV_PORT"
fi
# Set max clients in pureftpd options if not already existent
if [[ $PURE_FTPD_FLAGS != *" -c "* ]]
then
echo "Setting default max clients to: $FTP_MAX_CLIENTS"
PURE_FTPD_FLAGS="$PURE_FTPD_FLAGS -c $FTP_MAX_CLIENTS"
fi
# Set max connections per ip in pureftpd options if not already existent
if [[ $PURE_FTPD_FLAGS != *" -C "* ]]
then
echo "Setting default max connections per ip to: $FTP_MAX_CONNECTIONS"
PURE_FTPD_FLAGS="$PURE_FTPD_FLAGS -C $FTP_MAX_CONNECTIONS"
fi
# let users know what flags we've ended with (useful for debug)
echo "Starting Pure-FTPd:"
echo "pure-ftpd $PURE_FTPD_FLAGS"
# start pureftpd with requested flags
exec /usr/sbin/pure-ftpd $PURE_FTPD_FLAGS