#! /bin/sh ### BEGIN INIT INFO # Provides: tunnel # Required-Start: $remote_fs $syslog # Required-Stop: $remote_fs $syslog # Default-Start: 2 3 4 5 # Default-Stop: 0 1 6 # Short-Description: Outbound SSH tunnels # Description: This script starts or stops the outbound SSH tunnels # maintained by the `tunnel' user. ### END INIT INFO # Author: Mark Wooding ## Initial configuration. PATH=/sbin:/usr/sbin:/bin:/usr/bin DESC="outbound SSH tunnels" TUNUSER=tunnel RUN=/var/run/$TUNUSER if [ -f /etc/default/tunnel ]; then . /etc/default/tunnel; fi : ${TUNHOME=$(getent passwd "$TUNUSER" | cut -d: -f6)} : ${TUNGROUP=$(id -g "$TUNUSER")} if [ ! -x "$TUNHOME/bin/outbound" ]; then exit 0; fi : ${tunnels=$(sed -n \ '/^Host[[:space:]]\+\([^[:space:]*]\|[^[:space:]].*[^[:space:]]\)[[:space:]]*$/s//\1/p' \ "$TUNHOME/.ssh/config")} ## Scan the command-line. case "$#" in 0) op=none ;; 1) op=$1; shift; set -- $tunnels ;; *) op=$1; shift ;; esac ## Make sure that the runtime state directory exists. If not, create it with ## sensible permissions. Don't override permissions if it already exists, ## because presumably the administrator has fiddled them deliberately. if [ ! -d "$RUN" ]; then mkdir -m755 "$RUN" chown "$TUNUSER:$TUNGROUP" "$RUN" fi cd "$RUN" ## Utility to run the per-host script. run_outbound () { sudo -u"$TUNUSER" "$TUNHOME/bin/outbound" "$@"; } ## Utilities for doing things to individual hosts. start () { run_outbound start "$1"; } stop () { run_outbound stop "$1"; } restart () { stop "$1"; start "$1"; } ## Higher-order iterator to process a list of hosts. foreach () { whatting=$1 what=$2; shift 2 echo -n "$whatting $DESC:" for i in "$@"; do $what "$i" echo -n " $i" done echo "." } ## Main dispatch. case $op in start) foreach "Starting" start "$@" ;; stop) foreach "Stopping" stop "$@" ;; restart | force-reload) foreach "Restarting" restart "$@" ;; status) for i in "$@"; do echo -n "$i: " run_outbound status "$i" done ;; *) echo >&2 "usage: $0 {start|stop|restart|status} [HOST ...]" exit 1 ;; esac