cellinfo
/
backuppc_client
2
0
Fork 0
Code Issues Pull Requests Releases Activity
backuppc_client/client/fix_backuppc_linux_sudo.sh

159 lines
5.2 KiB
Bash
Executable File
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

#!/bin/sh
# S'assurer que BackupPC peux exécuter rsync avec les droits sudo
# Jérémy GARDAIS — Mai 2018
# .. vim: foldmarker=[[[,]]]:foldmethod=marker
# Vars [[[
SUCCESS=0
ERROR=1
DEBUG=1
USER_ID=$(id -u)
BACKUP_USER_LIST="backup backuppc"
SUDOERS_D_INCLUDE_LINE="#includedir /etc/sudoers.d"
SUDOERS_MAIN_CONF="/etc/sudoers"
BACKUP_SUDOERS_LINE_REGEXP="backuppc.*ALL.*=.*(ALL:ALL).*NOEXEC:NOPASSWD:.*/usr/bin/rsync"
BACKUP_SUDOERS_LINE="backup ALL=(ALL:ALL) NOEXEC:NOPASSWD: /usr/bin/rsync
backuppc ALL=(ALL:ALL) NOEXEC:NOPASSWD: /usr/bin/rsync"
BACKUP_SUDOERS_FILE="/etc/sudoers.d/backuppc_noexec"
# ]]]
# Functions [[[
## Check if a backup user is present on the system from a list of users [[[
is_backup_user()
{
userlist_to_check="${1}"
for user_to_check in ${userlist_to_check}; do
if [ "$(id -- "${user_to_check}" 2> /dev/null)" ] ; then
[ "${DEBUG}" -eq "0" ] && printf '\e[1;35m%-6s\e[m\n' "DEBUG: Function is_backup_user() — ${user_to_check} user is available."
return "${SUCCESS}"
fi
done
## Otherwise exit with error status
printf '\e[1;31m%-6s\e[m\n' "ERROR: Function is_backup_user() — none of these users: ${userlist_to_check} are available on the system."
exit "${ERROR}"
}
## ]]]
## Check if a line is present in main sudoers conf [[[
is_sudoers_line()
{
line_to_check="${1}"
if grep -q -- "${line_to_check}" "${SUDOERS_MAIN_CONF}"
then
[ "${DEBUG}" -eq "0" ] && printf '\e[1;35m%-6s\e[m\n' "DEBUG: Function is_sudoers_line() — ${line_to_check} line is available in sudo configuration."
return "${SUCCESS}"
else
[ "${DEBUG}" -eq "0" ] && printf '\e[1;35m%-6s\e[m\n' "DEBUG: Function is_sudoers_line() — ${line_to_check} was not found in sudo configuration."
return "${ERROR}"
fi
}
## ]]]
## Check if backup permissions are already set in sudoers.d [[[
is_backup_sudoers_line()
{
line_to_check="${1}"
if grep -Rq -- "${line_to_check}" /etc/sudoers.d/
then
[ "${DEBUG}" -eq "0" ] && printf '\e[1;35m%-6s\e[m\n' "DEBUG: Function is_backup_sudoers_line() — ${line_to_check} line is available in sudo configuration."
return "${SUCCESS}"
else
[ "${DEBUG}" -eq "0" ] && printf '\e[1;35m%-6s\e[m\n' "DEBUG: Function is_backup_sudoers_line() — ${line_to_check} was not found in sudo configuration."
return "${ERROR}"
fi
}
## ]]]
## Add some configuration to the main sudoers conf [[[
add_sudoers_conf()
{
sudoers_conf="${1}"
## Set sudoers configuration for BackupPC
cat << EOF >> "${SUDOERS_MAIN_CONF}"
# Added by a script
${sudoers_conf}
EOF
[ "${DEBUG}" -eq "0" ] && printf '\e[1;35m%-6s\e[m\n' "DEBUG: Function add_sudoers_conf() — ${SUDOERS_MAIN_CONF} was modified."
}
## ]]]
## Add some configuration to a specific file under sudoers.d/ [[[
add_backup_sudoers_conf()
{
sudoers_conf="${1}"
sudoers_file="${2}"
## Empty sudoers file
true > "${sudoers_file}"
## Set sudoers configuration for BackupPC
cat << EOF >> "${sudoers_file}"
# This file was generated by fix_backuppc_linux_sudo.sh script.
# Permissions for BackupPC - Backup tool
${sudoers_conf}
EOF
[ "${DEBUG}" -eq "0" ] && printf '\e[1;35m%-6s\e[m\n' "DEBUG: Function add_backup_sudoers_conf() — ${sudoers_file} was modified."
}
## ]]]
# ]]]
# Test permissions [[[
[ "${DEBUG}" -eq "0" ] && printf '\e[1;35m%-6s\e[m\n' "DEBUG: Check admin rights."
if [ "${USER_ID}" -ne "0" ]; then
printf '\e[1;31m%-6s\e[m\n' "ERROR: You need to run with SUDO/Admin permissions."
exit "${ERROR}"
fi
# ]]]
# Ensure the backup user is available
is_backup_user "${BACKUP_USER_LIST}"
# Ensure sudoers.d is include in the sudoers main configuration
if ! is_sudoers_line "${SUDOERS_D_INCLUDE_LINE}"
then
[ "${DEBUG}" -eq "0" ] && printf '\e[1;35m%-6s\e[m\n' "DEBUG: First try — ${SUDOERS_D_INCLUDE_LINE} was not found in sudo main configuration."
## Add the expected line
add_sudoers_conf "${SUDOERS_D_INCLUDE_LINE}"
## Test again if the line is now available
if ! is_sudoers_line "${SUDOERS_D_INCLUDE_LINE}"
then
[ "${DEBUG}" -eq "0" ] && printf '\e[1;35m%-6s\e[m\n' "DEBUG: Second try — ${SUDOERS_D_INCLUDE_LINE} was not found in sudo main configuration."
printf '\e[1;31m%-6s\e[m\n' "ERROR: The sudo configuration was not successfully modified."
printf '\e[1;31m%-6s\e[m\n' "ERROR: Please contact your administrator."
exit "${ERROR}"
fi
fi
# Test if sudoers conf is already set
if ! is_backup_sudoers_line "${BACKUP_SUDOERS_LINE_REGEXP}"
then
[ "${DEBUG}" -eq "0" ] && printf '\e[1;35m%-6s\e[m\n' "DEBUG: First try — ${BACKUP_SUDOERS_LINE_REGEXP} was not found in sudo configuration."
## Add sudoers configuration
add_backup_sudoers_conf "${BACKUP_SUDOERS_LINE}" "${BACKUP_SUDOERS_FILE}"
## Test if sudoers conf was successfully modified
if ! is_backup_sudoers_line "${BACKUP_SUDOERS_LINE_REGEXP}"
then
[ "${DEBUG}" -eq "0" ] && printf '\e[1;35m%-6s\e[m\n' "DEBUG: Second try — ${BACKUP_SUDOERS_LINE_REGEXP} was not found in sudo configuration."
printf '\e[1;31m%-6s\e[m\n' "ERROR: The sudo configuration was not successfully modified."
printf '\e[1;31m%-6s\e[m\n' "ERROR: Please contact your administrator."
exit "${ERROR}"
fi
fi
[ "${DEBUG}" -eq "0" ] && printf '\e[1;35m%-6s\e[m\n' "DEBUG: End"
printf '%b\n' "Your configuration is set up."
exit "${SUCCESS}"
Reference in New Issue View Git Blame Copy Permalink