2013-06-23 13:44:48 +02:00
|
|
|
#!/bin/bash
|
|
|
|
|
|
|
|
|
|
##### Obackup ssh command filter
|
|
|
|
|
|
2013-06-23 13:53:22 +02:00
|
|
|
## If enabled, execution of "sudo" command will be allowed.
|
|
|
|
|
SUDO_EXEC=yes
|
|
|
|
|
## Paranoia option. Don't change this unless you read the documentation and still feel concerned about security issues.
|
2013-06-23 13:44:48 +02:00
|
|
|
RSYNC_EXECUTABLE=rsync
|
|
|
|
|
|
|
|
|
|
function Go
|
|
|
|
|
{
|
|
|
|
|
$SSH_ORIGINAL_COMMAND
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
case ${SSH_ORIGINAL_COMMAND%% *} in
|
|
|
|
|
"$RSYNC_EXECUTABLE")
|
|
|
|
|
Go ;;
|
|
|
|
|
"mysqldump")
|
|
|
|
|
Go ;;
|
|
|
|
|
"find")
|
|
|
|
|
Go ;;
|
|
|
|
|
"du")
|
|
|
|
|
Go ;;
|
|
|
|
|
"sudo")
|
2013-06-23 13:53:22 +02:00
|
|
|
if [ "$SUDO_EXEC" == "yes" ]
|
2013-06-23 13:44:48 +02:00
|
|
|
then
|
2013-06-23 13:53:22 +02:00
|
|
|
if [[ "$SSH_ORIGINAL_COMMAND" == "sudo $RSYNC_EXECUTABLE"* ]]
|
|
|
|
|
then
|
|
|
|
|
Go
|
|
|
|
|
elif [[ "$SSH_ORIGINAL_COMMAND" == "sudo du"* ]]
|
|
|
|
|
then
|
|
|
|
|
Go
|
|
|
|
|
elif [[ "$SSH_ORIGINAL_COMMAND" == "sudo find"* ]]
|
|
|
|
|
then
|
|
|
|
|
Go
|
|
|
|
|
else
|
|
|
|
|
echo "Sudo command not allowed."
|
|
|
|
|
fi
|
2013-06-23 13:44:48 +02:00
|
|
|
else
|
2013-06-23 13:53:22 +02:00
|
|
|
echo "Sudo command not enabled."
|
2013-06-23 13:44:48 +02:00
|
|
|
fi
|
|
|
|
|
;;
|
|
|
|
|
*)
|
|
|
|
|
echo "Not allowed."
|
|
|
|
|
esac
|
|
|
|
|
|
|
|
|
|
|
