backuppc_client/client/fix_backuppc_linux_sudo.sh

159 lines
5.2 KiB
Bash
Raw Normal View History

#!/bin/sh
# S'assurer que BackupPC peux exécuter rsync avec les droits sudo
# Jérémy GARDAIS — Mai 2018
# .. vim: foldmarker=[[[,]]]:foldmethod=marker
# Vars [[[
SUCCESS=0
ERROR=1
2018-05-28 17:52:45 +02:00
DEBUG=1
USER_ID=$(id -u)
BACKUP_USER_LIST="backup backuppc"
SUDOERS_D_INCLUDE_LINE="#includedir /etc/sudoers.d"
2019-05-28 14:53:39 +02:00
SUDOERS_MAIN_CONF="/etc/sudoers"
BACKUP_SUDOERS_LINE_REGEXP="backuppc.*ALL.*=.*(ALL:ALL).*NOEXEC:NOPASSWD:.*/usr/bin/rsync"
BACKUP_SUDOERS_LINE="backup ALL=(ALL:ALL) NOEXEC:NOPASSWD: /usr/bin/rsync
backuppc ALL=(ALL:ALL) NOEXEC:NOPASSWD: /usr/bin/rsync"
BACKUP_SUDOERS_FILE="/etc/sudoers.d/backuppc_noexec"
# ]]]
# Functions [[[
2019-05-28 14:19:35 +02:00
## Check if a backup user is present on the system from a list of users [[[
is_backup_user()
{
userlist_to_check="${1}"
for user_to_check in ${userlist_to_check}; do
if [ "$(id -- "${user_to_check}" 2> /dev/null)" ] ; then
[ "${DEBUG}" -eq "0" ] && printf '\e[1;35m%-6s\e[m\n' "DEBUG: Function is_backup_user() — ${user_to_check} user is available."
return "${SUCCESS}"
fi
done
## Otherwise exit with error status
printf '\e[1;31m%-6s\e[m\n' "ERROR: Function is_backup_user() — none of these users: ${userlist_to_check} are available on the system."
exit "${ERROR}"
}
## ]]]
## Check if a line is present in main sudoers conf [[[
is_sudoers_line()
{
line_to_check="${1}"
2019-05-28 14:53:39 +02:00
if grep -q -- "${line_to_check}" "${SUDOERS_MAIN_CONF}"
then
[ "${DEBUG}" -eq "0" ] && printf '\e[1;35m%-6s\e[m\n' "DEBUG: Function is_sudoers_line() — ${line_to_check} line is available in sudo configuration."
return "${SUCCESS}"
else
[ "${DEBUG}" -eq "0" ] && printf '\e[1;35m%-6s\e[m\n' "DEBUG: Function is_sudoers_line() — ${line_to_check} was not found in sudo configuration."
return "${ERROR}"
fi
}
## ]]]
2019-05-28 14:19:35 +02:00
## Check if backup permissions are already set in sudoers.d [[[
is_backup_sudoers_line()
{
line_to_check="${1}"
if grep -Rq -- "${line_to_check}" /etc/sudoers.d/
then
2019-05-28 14:10:47 +02:00
[ "${DEBUG}" -eq "0" ] && printf '\e[1;35m%-6s\e[m\n' "DEBUG: Function is_backup_sudoers_line() — ${line_to_check} line is available in sudo configuration."
return "${SUCCESS}"
else
2019-05-28 14:10:47 +02:00
[ "${DEBUG}" -eq "0" ] && printf '\e[1;35m%-6s\e[m\n' "DEBUG: Function is_backup_sudoers_line() — ${line_to_check} was not found in sudo configuration."
return "${ERROR}"
fi
}
## ]]]
## Add some configuration to the main sudoers conf [[[
add_sudoers_conf()
{
sudoers_conf="${1}"
## Set sudoers configuration for BackupPC
2019-05-28 14:53:39 +02:00
cat << EOF >> "${SUDOERS_MAIN_CONF}"
# Added by a script
${sudoers_conf}
EOF
2019-05-28 14:53:39 +02:00
[ "${DEBUG}" -eq "0" ] && printf '\e[1;35m%-6s\e[m\n' "DEBUG: Function add_sudoers_conf() — ${SUDOERS_MAIN_CONF} was modified."
}
## ]]]
2019-05-28 14:19:35 +02:00
## Add some configuration to a specific file under sudoers.d/ [[[
add_backup_sudoers_conf()
2018-05-28 17:52:23 +02:00
{
sudoers_conf="${1}"
sudoers_file="${2}"
## Empty sudoers file
true > "${sudoers_file}"
## Set sudoers configuration for BackupPC
cat << EOF >> "${sudoers_file}"
# This file was generated by fix_backuppc_linux_sudo.sh script.
# Permissions for BackupPC - Backup tool
${sudoers_conf}
EOF
2019-05-28 14:10:47 +02:00
[ "${DEBUG}" -eq "0" ] && printf '\e[1;35m%-6s\e[m\n' "DEBUG: Function add_backup_sudoers_conf() — ${sudoers_file} was modified."
2018-05-28 17:52:23 +02:00
}
## ]]]
# ]]]
# Test permissions [[[
[ "${DEBUG}" -eq "0" ] && printf '\e[1;35m%-6s\e[m\n' "DEBUG: Check admin rights."
if [ "${USER_ID}" -ne "0" ]; then
printf '\e[1;31m%-6s\e[m\n' "ERROR: You need to run with SUDO/Admin permissions."
exit "${ERROR}"
fi
# ]]]
2018-05-28 17:52:23 +02:00
# Ensure the backup user is available
is_backup_user "${BACKUP_USER_LIST}"
# Ensure sudoers.d is include in the sudoers main configuration
if ! is_sudoers_line "${SUDOERS_D_INCLUDE_LINE}"
then
[ "${DEBUG}" -eq "0" ] && printf '\e[1;35m%-6s\e[m\n' "DEBUG: First try — ${SUDOERS_D_INCLUDE_LINE} was not found in sudo main configuration."
## Add the expected line
add_sudoers_conf "${SUDOERS_D_INCLUDE_LINE}"
## Test again if the line is now available
if ! is_sudoers_line "${SUDOERS_D_INCLUDE_LINE}"
then
[ "${DEBUG}" -eq "0" ] && printf '\e[1;35m%-6s\e[m\n' "DEBUG: Second try — ${SUDOERS_D_INCLUDE_LINE} was not found in sudo main configuration."
printf '\e[1;31m%-6s\e[m\n' "ERROR: The sudo configuration was not successfully modified."
printf '\e[1;31m%-6s\e[m\n' "ERROR: Please contact your administrator."
exit "${ERROR}"
fi
fi
2018-05-28 17:52:23 +02:00
# Test if sudoers conf is already set
2019-05-28 14:10:47 +02:00
if ! is_backup_sudoers_line "${BACKUP_SUDOERS_LINE_REGEXP}"
2018-05-28 17:31:54 +02:00
then
[ "${DEBUG}" -eq "0" ] && printf '\e[1;35m%-6s\e[m\n' "DEBUG: First try — ${BACKUP_SUDOERS_LINE_REGEXP} was not found in sudo configuration."
2018-05-28 17:52:23 +02:00
## Add sudoers configuration
2019-05-28 14:10:47 +02:00
add_backup_sudoers_conf "${BACKUP_SUDOERS_LINE}" "${BACKUP_SUDOERS_FILE}"
2018-05-28 17:52:23 +02:00
## Test if sudoers conf was successfully modified
2019-05-28 14:10:47 +02:00
if ! is_backup_sudoers_line "${BACKUP_SUDOERS_LINE_REGEXP}"
2018-05-28 17:52:23 +02:00
then
[ "${DEBUG}" -eq "0" ] && printf '\e[1;35m%-6s\e[m\n' "DEBUG: Second try — ${BACKUP_SUDOERS_LINE_REGEXP} was not found in sudo configuration."
2018-05-28 17:52:23 +02:00
printf '\e[1;31m%-6s\e[m\n' "ERROR: The sudo configuration was not successfully modified."
2018-05-28 18:11:05 +02:00
printf '\e[1;31m%-6s\e[m\n' "ERROR: Please contact your administrator."
2018-05-28 17:52:23 +02:00
exit "${ERROR}"
fi
2018-05-28 17:31:54 +02:00
fi
[ "${DEBUG}" -eq "0" ] && printf '\e[1;35m%-6s\e[m\n' "DEBUG: End"
2018-05-28 17:52:23 +02:00
printf '%b\n' "Your configuration is set up."
exit "${SUCCESS}"