add sections to help
Redesign
add csrf
Ichi is a tiny internet community where people can create their homepages for free. These pages are listed on Ichi's index, allowing everyone to explore, discover, and engage with one another.
This doc shows how to install ichi on a Debian 10 machine.
I like using mg as my editor, so here's how to install it:
apt-get update
apt-get install mg
Before getting started, let's install a firewall to protect the machine:
apt-get install ufw
ufw allow ssh
ufw allow 80/tcp
ufw allow 443/tcp
ufw enable
We will do the following:
We will:
sudo apt install quota
Add usrquota,grpquota to list of options in fstab
mg /etc/fstab
Remount and start
mount -o remount /
quotacheck -ugm /
quotaon -v /
groupadd ftpaccess
mkdir /var/ichi
Add the following lines at the end of /etc/ssh/sshd_config:
# override default of no subsystems
Subsystem sftp internal-sftp
Match group ftpaccess
ChrootDirectory /var/ichi/
X11Forwarding no
AllowTcpForwarding no
ForceCommand internal-sftp -d %u
Restart ssh service
systemctl restart sshd
Add the following to /root/newuser.sh
#!/bin/bash
set -e
useradd -r -s /sbin/nologin -g ftpaccess $1
setquota -u $1 10M 10M 0 0 /
echo "$1:$2" | chpasswd
mkdir $4$1
chown $1:$3 $4$1
Make it executable
chmod +x /root/newuser.sh
Create a user "foo":
newuser.sh foo foo ftpaccess /var/ichi
Try to connect to sftp with foo:foo and validate that you can upload. You shouldn't be able to upload more than 10MB.
Delete user
userdel foo
We will
apt-get install postgresql
su - postgres
createuser -P ichi
createdb -O ichi ichi
Save password.
apt-get install inotify-tools
mkdir /var/assets/
Copy binary to: /usr/local/bin
The web interface allows users to manage their files. It leverages scripts to let them do so. Copy them at /root, or elsewhere. The scripts are:
Used for logging-in
#!/bin/bash
# checkpwd "name" "password"
IN=$(cat /etc/shadow | grep $1)
arrIN=(${IN//:/ })
SLT=${arrIN[1]}
arrSLT=(${SLT//$/ })
salt=${arrSLT[1]}
res=$(perl -e "print crypt('$2','\$6\$$salt\$')")
if [[ "$SLT" == "$res" ]]; then
exit 0
else
exit 1
fi
Used to write or update a file
#!/bin/bash
if ! su -s /bin/bash -c "tee $2 >/dev/null" $1; then
rm $2
exit 1
fi
Used to create folders
#!/bin/bash
su -s /bin/bash -c "mkdir $2" $1
Used to check a user's disk quota
#!/bin/bash
# checkquota user
quota -vs $1 | grep sda
Add following file in /etc/systemd/system/ichi.service. Replace everything in [] with the correct value.
[Install]
WantedBy=multi-user.target
[Unit]
Description=ichi
[Service]
Environment="ENV=PROD"
Environment="DATABASE_URL=postgres://ichi:test@localhost/ichi?sslmode=disable"
Environment="HOST=ichi.city"
Environment="SESSION_KEY=sdfjlkwj23209jfks2"
Environment="SITES_DIRECTORY=/var/ichi/"
Environment="NEW_USER_SCRIPT=/root/newuser.sh"
Environment="GROUP=ftpaccess"
Environment="ASSETS_DIR=/var/assets/"
Environment="CERT_FILE=/etc/letsencrypt/live/ichi.city/fullchain.pem"
Environment="KEY_FILE=/etc/letsencrypt/live/ichi.city/privkey.pem"
Environment="NEW_FILE_SCRIPT=/root/write"
Environment="CHECK_PWD_SCRIPT=/root/checkpwd"
Environment="NEW_FOLDER_SCRIPT=/root/writeFolder"
Environment="QUOTA_SCRIPT=/root/checkquota"
ExecStart=/usr/local/bin/ichi
Start the web service:
systemctl daemon-reload
systemctl enable ichi
systemctl start ichi
The following script are useful to administrate the instance. Create a /root/admin folder and add them to it.
#!/bin/bash
# change-name current-name new-name
# Change the name of current-name to new-name
pkill -u $1 -9
usermod -l $2 $1 || exit 1
mv /var/ichi/$1 /var/ichi/$2 || exit 1
su -s /bin/bash -c "psql ichi -c \"update homepages set author='$2' where author='$1';\"" postgres
#!/bin/bash
# Delete the user from ichi
# ./delete-user.sh user
if [ -z "$1" ]
then
echo "provide username"
exit 1
fi
pkill -u $1 -9
userdel $1
cp -r /var/ichi/$1 /tmp/ichi
rm -rf /var/ichi/$1
su -s /bin/bash -c "psql ichi -c \"delete from homepages where author='$1';\"" postgres