diff --git a/usr/local/bin/bastille b/usr/local/bin/bastille index b9f73c84..34009b37 100755 --- a/usr/local/bin/bastille +++ b/usr/local/bin/bastille @@ -32,17 +32,6 @@ PATH=${PATH}:/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin . /usr/local/share/bastille/common.sh -## root check first. -bastille_root_check() { - if [ "$(id -u)" -ne 0 ]; then - ## permission denied - error_notify "Bastille: Permission Denied" - error_exit "root / sudo / doas required" - fi -} - -bastille_root_check - ## check for config existance bastille_conf_check() { if [ ! -r "/usr/local/etc/bastille/bastille.conf" ]; then diff --git a/usr/local/share/bastille/bootstrap.sh b/usr/local/share/bastille/bootstrap.sh index c6acdbb8..b36d9429 100644 --- a/usr/local/share/bastille/bootstrap.sh +++ b/usr/local/share/bastille/bootstrap.sh @@ -42,6 +42,8 @@ help|-h|--help) ;; esac +bastille_root_check + #Validate if ZFS is enabled in rc.conf and bastille.conf. if [ "$(sysrc -n zfs_enable)" = "YES" ] && [ ! "${bastille_zfs_enable}" = "YES" ]; then warn "ZFS is enabled in rc.conf but not bastille.conf. Do you want to continue? (N|y)" diff --git a/usr/local/share/bastille/clone.sh b/usr/local/share/bastille/clone.sh index 5630b71d..f39b84d4 100644 --- a/usr/local/share/bastille/clone.sh +++ b/usr/local/share/bastille/clone.sh @@ -46,6 +46,8 @@ if [ $# -ne 2 ]; then usage fi +bastille_root_check + NEWNAME="${1}" IP="${2}" diff --git a/usr/local/share/bastille/cmd.sh b/usr/local/share/bastille/cmd.sh index 6bc69610..8047ded7 100644 --- a/usr/local/share/bastille/cmd.sh +++ b/usr/local/share/bastille/cmd.sh @@ -46,6 +46,8 @@ if [ $# -eq 0 ]; then usage fi +bastille_root_check + COUNT=0 RETURN=0 diff --git a/usr/local/share/bastille/common.sh b/usr/local/share/bastille/common.sh index adc1ac21..864c01f6 100644 --- a/usr/local/share/bastille/common.sh +++ b/usr/local/share/bastille/common.sh @@ -33,6 +33,14 @@ COLOR_GREEN= COLOR_YELLOW= COLOR_RESET= +bastille_root_check() { + if [ "$(id -u)" -ne 0 ]; then + ## permission denied + error_notify "Bastille: Permission Denied" + error_exit "root / sudo / doas required" + fi +} + enable_color() { . /usr/local/share/bastille/colors.pre.sh } diff --git a/usr/local/share/bastille/config.sh b/usr/local/share/bastille/config.sh index 8bfa996d..3a089276 100644 --- a/usr/local/share/bastille/config.sh +++ b/usr/local/share/bastille/config.sh @@ -55,6 +55,8 @@ if [ $# -eq 1 ] || [ $# -gt 3 ]; then usage fi +bastille_root_check + ACTION=$1 shift diff --git a/usr/local/share/bastille/console.sh b/usr/local/share/bastille/console.sh index 30c5f0f4..64c4b570 100644 --- a/usr/local/share/bastille/console.sh +++ b/usr/local/share/bastille/console.sh @@ -46,6 +46,8 @@ if [ $# -gt 1 ]; then usage fi +bastille_root_check + USER="${1}" validate_user() { diff --git a/usr/local/share/bastille/convert.sh b/usr/local/share/bastille/convert.sh index feb7ce85..dc729734 100644 --- a/usr/local/share/bastille/convert.sh +++ b/usr/local/share/bastille/convert.sh @@ -46,6 +46,8 @@ if [ $# -ne 0 ]; then usage fi +bastille_root_check + convert_symlinks() { # Work with the symlinks, revert on first cp error if [ -d "${bastille_releasesdir}/${RELEASE}" ]; then diff --git a/usr/local/share/bastille/cp.sh b/usr/local/share/bastille/cp.sh index a7dabc35..1cfa2835 100644 --- a/usr/local/share/bastille/cp.sh +++ b/usr/local/share/bastille/cp.sh @@ -54,6 +54,8 @@ if [ $# -ne 2 ]; then usage fi +bastille_root_check + case "${OPTION}" in -q|--quiet) OPTION="-a" diff --git a/usr/local/share/bastille/create.sh b/usr/local/share/bastille/create.sh index bc2cf700..0014c427 100644 --- a/usr/local/share/bastille/create.sh +++ b/usr/local/share/bastille/create.sh @@ -588,6 +588,8 @@ help|-h|--help) ;; esac +bastille_root_check + if echo "$3" | grep '@'; then BASTILLE_JAIL_IP=$(echo "$3" | awk -F@ '{print $2}') BASTILLE_JAIL_INTERFACES=$( echo "$3" | awk -F@ '{print $1}') diff --git a/usr/local/share/bastille/destroy.sh b/usr/local/share/bastille/destroy.sh index 91602dac..7126edb2 100644 --- a/usr/local/share/bastille/destroy.sh +++ b/usr/local/share/bastille/destroy.sh @@ -210,6 +210,8 @@ if [ $# -gt 1 ] || [ $# -lt 1 ]; then usage fi +bastille_root_check + ## check what should we clean case "${TARGET}" in *-CURRENT|*-CURRENT-I386|*-CURRENT-i386|*-current) diff --git a/usr/local/share/bastille/edit.sh b/usr/local/share/bastille/edit.sh index 6b591667..0e6996a4 100644 --- a/usr/local/share/bastille/edit.sh +++ b/usr/local/share/bastille/edit.sh @@ -48,6 +48,8 @@ elif [ $# -eq 1 ]; then TARGET_FILENAME="${1}" fi +bastille_root_check + if [ -z "${EDITOR}" ]; then EDITOR=vi fi diff --git a/usr/local/share/bastille/export.sh b/usr/local/share/bastille/export.sh index 3bedb9fe..d57854f8 100644 --- a/usr/local/share/bastille/export.sh +++ b/usr/local/share/bastille/export.sh @@ -71,6 +71,8 @@ if [ $# -gt 5 ] || [ $# -lt 1 ]; then usage fi +bastille_root_check + zfs_enable_check() { # Temporarily disable ZFS so we can create a standard backup archive if [ "${bastille_zfs_enable}" = "YES" ]; then diff --git a/usr/local/share/bastille/htop.sh b/usr/local/share/bastille/htop.sh index a9e50848..b3ecdf72 100644 --- a/usr/local/share/bastille/htop.sh +++ b/usr/local/share/bastille/htop.sh @@ -46,6 +46,8 @@ if [ $# -ne 0 ]; then usage fi +bastille_root_check + for _jail in ${JAILS}; do bastille_jail_path=$(/usr/sbin/jls -j "${_jail}" path) if [ ! -x "${bastille_jail_path}/usr/local/bin/htop" ]; then diff --git a/usr/local/share/bastille/import.sh b/usr/local/share/bastille/import.sh index 7044a3da..ce7a4178 100644 --- a/usr/local/share/bastille/import.sh +++ b/usr/local/share/bastille/import.sh @@ -59,6 +59,8 @@ if [ $# -gt 3 ] || [ $# -lt 1 ]; then usage fi +bastille_root_check + TARGET="${1}" OPT_FORCE= USER_IMPORT= diff --git a/usr/local/share/bastille/limits.sh b/usr/local/share/bastille/limits.sh index ce16e76b..87dde8d9 100644 --- a/usr/local/share/bastille/limits.sh +++ b/usr/local/share/bastille/limits.sh @@ -55,6 +55,8 @@ if [ $# -ne 2 ]; then usage fi +bastille_root_check + OPTION="${1}" VALUE="${2}" diff --git a/usr/local/share/bastille/list.sh b/usr/local/share/bastille/list.sh index a646b543..a71cbc2e 100644 --- a/usr/local/share/bastille/list.sh +++ b/usr/local/share/bastille/list.sh @@ -35,6 +35,12 @@ usage() { error_exit "Usage: bastille list [-j|-a] [release [-p]|template|(jail|container)|log|limit|(import|export|backup)]" } +if [ "$1" = help -o "$1" = "-h" -o "$1" = "--help" ]; then + usage +fi + +bastille_root_check + if [ $# -eq 0 ]; then /usr/sbin/jls -N fi @@ -47,9 +53,6 @@ fi if [ $# -gt 0 ]; then # Handle special-case commands first. case "$1" in - help|-h|--help) - usage - ;; all|-a|--all) if [ -d "${bastille_jailsdir}" ]; then DEFAULT_VALUE="-" diff --git a/usr/local/share/bastille/mount.sh b/usr/local/share/bastille/mount.sh index 4e946c66..96bd7689 100644 --- a/usr/local/share/bastille/mount.sh +++ b/usr/local/share/bastille/mount.sh @@ -50,6 +50,8 @@ else _fstab="$@" fi +bastille_root_check + ## assign needed variables _hostpath=$(echo "${_fstab}" | awk '{print $1}') _jailpath=$(echo "${_fstab}" | awk '{print $2}') diff --git a/usr/local/share/bastille/pkg.sh b/usr/local/share/bastille/pkg.sh index 97cabfe2..32a18ef9 100644 --- a/usr/local/share/bastille/pkg.sh +++ b/usr/local/share/bastille/pkg.sh @@ -45,6 +45,8 @@ if [ $# -lt 1 ]; then usage fi +bastille_root_check + errors=0 for _jail in ${JAILS}; do diff --git a/usr/local/share/bastille/rdr.sh b/usr/local/share/bastille/rdr.sh index a7e59c2e..86b61e5c 100644 --- a/usr/local/share/bastille/rdr.sh +++ b/usr/local/share/bastille/rdr.sh @@ -46,6 +46,8 @@ if [ $# -lt 2 ]; then usage fi +bastille_root_check + TARGET="${1}" JAIL_NAME="" JAIL_IP="" diff --git a/usr/local/share/bastille/rename.sh b/usr/local/share/bastille/rename.sh index e48aa7c2..b59ab476 100644 --- a/usr/local/share/bastille/rename.sh +++ b/usr/local/share/bastille/rename.sh @@ -56,6 +56,8 @@ if [ $# -ne 1 ]; then usage fi +bastille_root_check + NEWNAME="${1}" update_jailconf() { diff --git a/usr/local/share/bastille/service.sh b/usr/local/share/bastille/service.sh index 0217d3bf..f0b58361 100644 --- a/usr/local/share/bastille/service.sh +++ b/usr/local/share/bastille/service.sh @@ -45,6 +45,8 @@ if [ $# -lt 1 -o $# -gt 2 ]; then usage fi +bastille_root_check + for _jail in ${JAILS}; do info "[${_jail}]:" jexec -l "${_jail}" /usr/sbin/service "$@" diff --git a/usr/local/share/bastille/start.sh b/usr/local/share/bastille/start.sh index c681e164..1586b020 100644 --- a/usr/local/share/bastille/start.sh +++ b/usr/local/share/bastille/start.sh @@ -46,6 +46,8 @@ if [ $# -gt 1 ] || [ $# -lt 1 ]; then usage fi +bastille_root_check + TARGET="${1}" shift diff --git a/usr/local/share/bastille/stop.sh b/usr/local/share/bastille/stop.sh index 5343d77d..728f2ffd 100644 --- a/usr/local/share/bastille/stop.sh +++ b/usr/local/share/bastille/stop.sh @@ -46,6 +46,8 @@ if [ $# -ne 0 ]; then usage fi +bastille_root_check + for _jail in ${JAILS}; do ## test if running if [ "$(/usr/sbin/jls name | awk "/^${_jail}$/")" ]; then diff --git a/usr/local/share/bastille/sysrc.sh b/usr/local/share/bastille/sysrc.sh index 20445f83..ba004974 100644 --- a/usr/local/share/bastille/sysrc.sh +++ b/usr/local/share/bastille/sysrc.sh @@ -45,6 +45,8 @@ if [ $# -lt 1 ]; then usage fi +bastille_root_check + for _jail in ${JAILS}; do info "[${_jail}]:" jexec -l "${_jail}" /usr/sbin/sysrc "$@" diff --git a/usr/local/share/bastille/tags.sh b/usr/local/share/bastille/tags.sh index 1442c21d..6c8cca62 100644 --- a/usr/local/share/bastille/tags.sh +++ b/usr/local/share/bastille/tags.sh @@ -54,6 +54,8 @@ if [ $# -lt 1 -o $# -gt 2 ]; then usage fi +bastille_root_check + ACTION="${1}" TAGS="${2}" diff --git a/usr/local/share/bastille/template.sh b/usr/local/share/bastille/template.sh index 9cb94d09..fe963ff2 100644 --- a/usr/local/share/bastille/template.sh +++ b/usr/local/share/bastille/template.sh @@ -116,6 +116,8 @@ if [ $# -lt 1 ]; then bastille_usage fi +bastille_root_check + ## global variables TEMPLATE="${1}" bastille_template=${bastille_templatesdir}/${TEMPLATE} diff --git a/usr/local/share/bastille/top.sh b/usr/local/share/bastille/top.sh index 5f8d5992..6d5535dc 100644 --- a/usr/local/share/bastille/top.sh +++ b/usr/local/share/bastille/top.sh @@ -45,6 +45,8 @@ if [ $# -ne 0 ]; then usage fi +bastille_root_check + for _jail in ${JAILS}; do info "[${_jail}]:" jexec -l "${_jail}" /usr/bin/top diff --git a/usr/local/share/bastille/umount.sh b/usr/local/share/bastille/umount.sh index b9513c42..1c210ec9 100644 --- a/usr/local/share/bastille/umount.sh +++ b/usr/local/share/bastille/umount.sh @@ -46,6 +46,8 @@ if [ $# -ne 1 ]; then usage fi +bastille_root_check + MOUNT_PATH=$1 for _jail in ${JAILS}; do diff --git a/usr/local/share/bastille/update.sh b/usr/local/share/bastille/update.sh index eeb8325b..fadf6e9b 100644 --- a/usr/local/share/bastille/update.sh +++ b/usr/local/share/bastille/update.sh @@ -46,6 +46,8 @@ if [ $# -gt 2 ] || [ $# -lt 1 ]; then usage fi +bastille_root_check + TARGET="${1}" OPTION="${2}" diff --git a/usr/local/share/bastille/upgrade.sh b/usr/local/share/bastille/upgrade.sh index eb2a1672..d6f50743 100644 --- a/usr/local/share/bastille/upgrade.sh +++ b/usr/local/share/bastille/upgrade.sh @@ -46,6 +46,8 @@ if [ $# -gt 3 ] || [ $# -lt 2 ]; then usage fi +bastille_root_check + TARGET="$1" NEWRELEASE="$2" OPTION="$3" diff --git a/usr/local/share/bastille/verify.sh b/usr/local/share/bastille/verify.sh index be513dad..c1bca9ff 100644 --- a/usr/local/share/bastille/verify.sh +++ b/usr/local/share/bastille/verify.sh @@ -154,6 +154,8 @@ if [ $# -gt 1 ] || [ $# -lt 1 ]; then bastille_usage fi +bastille_root_check + case "$1" in *-RELEASE|*-release|*-RC1|*-rc1|*-RC2|*-rc2) RELEASE=$1 diff --git a/usr/local/share/bastille/zfs.sh b/usr/local/share/bastille/zfs.sh index 85087d74..5eb79439 100644 --- a/usr/local/share/bastille/zfs.sh +++ b/usr/local/share/bastille/zfs.sh @@ -82,6 +82,8 @@ help|-h|--help) ;; esac +bastille_root_check + ## check ZFS enabled if [ ! "${bastille_zfs_enable}" = "YES" ]; then error_exit "ZFS not enabled."