Running at non root

Author: hamflx

etc/ddns/aliyun/config.json renamed to .ddns/aliyun.json

@@ -4,8 +4,8 @@
         {
             "name": "akProfile",
             "mode": "AK",
-            "access_key_id": "<AccessKey ID>",
-            "access_key_secret": "<Access Key Secret>",
+            "access_key_id": "<ACCESS_KEY_ID>",
+            "access_key_secret": "<ACCESS_KEY_SECRET>",
             "sts_token": "",
             "ram_role_name": "",
             "ram_role_arn": "",

etc/ddns/ddns.conf renamed to .ddns/ddns.conf

@@ -2,11 +2,15 @@
 ALIYUN_BIN="/usr/bin/aliyun"
 
 # 阿里云 CLI 公共选项
-ALIYUN_OPTIONS="--config-path /etc/ddns/aliyun/config.json --profile akProfile"
+ALIYUN_OPTIONS="--profile akProfile"
 
 # 公网 IP 查询时间间隔，单位：秒
 QUERY_INTERVAL="30"
 
+# 阿里云 AccessKey
+ACCESS_KEY_ID="<AccessKey ID>"
+ACCESS_KEY_SECRET="<Access Key Secret>"
+
 # 需要操作的域名
 RECORD_RR="www"
 RECORD_DOMAIN="example.com"

README.md

@@ -26,58 +26,49 @@
 3. 克隆项目并运行 `install.sh` 进行安装
 
         git clone [email protected]:hamflx/ddns-aliyun.git
-        sudo ./install.sh
+        cd ddns-aliyun
 
-4. 配置 `AccessKey ID` 及 `Access Key Secret`
+        # install.sh 将会把配置文件安装到此处指定的用户名 <USERNAME> 家目录下
+        sudo ./install.sh install <USERNAME>
+
+4. 配置 `~/.ddns/ddns.conf`
 
     进入阿里云 accesskeys 管理页面，生成一个 `AccessKey`。
 
     ![阿里云 accesskeys 管理页面入口](./assets/step1.png "阿里云 accesskeys 管理页面入口")
 
     ![阿里云 accesskeys 管理页面](./assets/step2.png "阿里云 accesskeys 管理页面")
 
-        sudo vim /etc/ddns/aliyun/config.json
-
-    编辑 `/etc/ddns/aliyun/config.json` 将 `<AccessKey ID>` 与 `<Access Key Secret>` 替换为在阿里云上生成的 `AccessKey` 的 `AccessKey ID` 与 `Access Key Secret`。
-
-        {
-            ...
-            "profiles": [
-                {
-                    ...
-                    "access_key_id": "<AccessKey ID>",
-                    "access_key_secret": "<Access Key Secret>",
-                    ...
-                }
-        }
-
-5. 配置 ddns.conf
+    编辑 `~/.ddns/ddns.conf` 将 `ACCESS_KEY_ID` 与 `ACCESS_KEY_SECRET` 的值改为在阿里云上生成的 `AccessKey` 的 `AccessKey ID` 与 `Access Key Secret`：
 
-    编辑 `RECORD_RR` 的值为需要解析的记录，`RECORD_DOMAIN` 顶级域名。
+        sudo vim ~/.ddns/ddns.conf
 
-        sudo vim /etc/ddns/ddns.conf
+        # 找到下面两句，将 <AccessKey ID> 与 <Access Key Secret> 修改为具体的值
+        # ACCESS_KEY_ID="<AccessKey ID>"
+        # ACCESS_KEY_SECRET="<Access Key Secret>"
 
-    例如：
+    修改 `RECORD_RR` 的值为需要解析的记录，`RECORD_DOMAIN` 顶级域名：
 
         # 需要操作的域名
         RECORD_RR="www"
         RECORD_DOMAIN="njstee.com"
 
-6. 添加域名
+5. 添加域名
 
     在阿里云控制台添加需要解析的域名记录，值为任意即可，在启动软件后会自动获取公网 IP 并进行设置。
 
     ![解析记录](./assets/record.png "解析记录")
 
-7. 启动 ddns-aliyun
+6. 启动 ddns-aliyun
 
     启动 ddns-aliyun 进行测试，若提示 `Updated successfully` 或 `Already latest` 则表示运行成功：
 
-        sudo /usr/bin/ddns.sh
+        ddns.sh
 
     启动 ddns-aliyun 并将其设置为随系统引导一起启动：
 
-        sudo systemctl enable --now ddns.service
+        # 将 <USERNAME> 替换为此前运行 install.sh 时指定的用户名
+        sudo systemctl enable --now ddns@<USERNAME>.service
 
 ## License
 

bin/ddns.sh

@@ -8,8 +8,23 @@ function log () {
     fi
 }
 
-. /etc/ddns/ddns.conf
+CONFIGURATION_DIR="$HOME/.ddns"
+CONFIGURATION_FILE="$HOME/.ddns/ddns.conf"
+ALIYUN_CONFIG_FILE="$HOME/.ddns/aliyun.json"
 
+if [[ ! -f "$CONFIGURATION_FILE" ]]; then
+    echo "Configuration file $CONFIGURATION_FILE not found."
+    exit 1
+fi
+
+. "$CONFIGURATION_FILE"
+
+# 将配置文件中的 AccessKey 写入到阿里云的配置文件
+sed -i -e "s/\"access_key_id\": \"[^\"]*\"/\"access_key_id\": \"$ACCESS_KEY_ID\"/g" \
+    -e "s/\"access_key_secret\": \"[^\"]*\"/\"access_key_secret\": \"$ACCESS_KEY_SECRET\"/g" "$ALIYUN_CONFIG_FILE"
+
+# 将配置文件路径传入阿里云 CLI
+ALIYUN_OPTIONS="$ALIYUN_OPTIONS"" --config-path ""$ALIYUN_CONFIG_FILE"
 # 从阿里云获取域名解析记录
 RECORD="$($ALIYUN_BIN alidns $ALIYUN_OPTIONS DescribeSubDomainRecords --SubDomain $RECORD_RR.$RECORD_DOMAIN | jq -r '.DomainRecords.Record[0]' 2>/dev/null)"
 # 从域名信息中提取 RecordId

install.sh

@@ -1,47 +1,97 @@
 #!/bin/bash
 
 function do_install () {
-    cp -r bin/* /usr/bin 2>/dev/null &&
-        cp -r etc/* /etc 2>/dev/null &&
-        cp -r lib/systemd/system/* /lib/systemd/system 2>/dev/null &&
-        chmod 0755 /usr/bin/ddns.sh 2>/dev/null &&
-        chmod 0660 /etc/ddns/aliyun/config.json 2>/dev/null
+    HOME_DIR="$(cat /etc/passwd | grep -P ""^$1:"" | cut -d: -f6)"
+    DDNS_CONF_DIR="$HOME_DIR/.ddns"
+    SCRIPT_PATH="$(readlink -f ""$0"")"
+    SOURCE_DIR="$(dirname ""$SCRIPT_PATH"")"
 
-    return $?
+    if [[ ! -d "$HOME_DIR" ]]; then
+        echo "Home directory $HOME_DIR not found"
+        return 1
+    fi
+
+    mkdir -p "$DDNS_CONF_DIR" 2>/dev/null                                           && \
+        cp -r "$SOURCE_DIR/bin/"* /usr/bin 2>/dev/null                              && \
+        cp -r "$SOURCE_DIR/.ddns/"* "$DDNS_CONF_DIR" 2>/dev/null                    && \
+        cp -r "$SOURCE_DIR/lib/systemd/system/"* /lib/systemd/system 2>/dev/null    && \
+        chown -R "$1.$1" "$DDNS_CONF_DIR" 2>/dev/null                               && \
+        chmod 0755 /usr/bin/ddns.sh 2>/dev/null                                     && \
+        chmod 0700 "$DDNS_CONF_DIR" 2>/dev/null                                     && \
+        chmod 0600 "$DDNS_CONF_DIR/"* 2>/dev/null
+
+    if [[ "$?" != "0" ]]; then
+        echo 'Failed to copy files to system.'
+        return 1
+    fi
+
+    return 0
 }
 
 function do_uninstall () {
+    HOME_DIR="$(cat /etc/passwd | grep -P ""^$1:"" | cut -d: -f6)"
+    DDNS_CONF_DIR="$HOME_DIR/.ddns"
+    SCRIPT_PATH="$(readlink -f ""$0"")"
+    SOURCE_DIR="$(dirname ""$SCRIPT_PATH"")"
+
+    if [[ ! -d "$HOME_DIR" ]]; then
+        echo "Home directory $HOME_DIR not found"
+        return 1
+    fi
+
     rm -f /lib/systemd/system/ddns.service 2>/dev/null
-    rm -rf /etc/ddns 2>/dev/null
     rm -f /usr/bin/ddns.sh 2>/dev/null
+    rm -f "$DDNS_CONF_DIR/"* 2>/dev/null
+    rmdir "$DDNS_CONF_DIR" 2>/dev/null
 
     return 0
 }
 
-if [[ "$(id -u)" != "0" ]]; then
-    echo "Require root permission!"
-    exit 1
+function usage () {
+    echo "Usage:"
+    echo "    ddns.sh install <username>"
+    echo "    ddns.sh uninstall <username>"
+}
+
+if [[ "$#" != "2" ]]; then
+    usage
+    exit 0
 fi
 
-if [[ "$1" == "uninstall" ]]; then
+COMMAND="$1"
+shift
+USERNAME="$1"
+shift
 
-    do_uninstall
+if [[ "$COMMAND" == "--help" || "$COMMAND" == "-h" ]]; then
+    usage
+    exit 0
+fi
 
-    echo "Uninstalled successfully"
+if ! id "$USERNAME" >/dev/null 2>&1; then
+    echo "User $USERNAME not exists"
+    exit 1
+fi
 
-else
+if [[ "$(id -u)" != "0" ]]; then
+    echo "Require root permission."
+    exit 1
+fi
 
-    do_install
+if [[ "$COMMAND" == "uninstall" ]]; then
+    do_uninstall "$USERNAME"
+    echo "Uninstalled successfully"
+else
+    do_install "$USERNAME"
 
     if [[ "$?" == "0" ]]; then
         echo "Installed successfully"
     else
-        echo "Failed to install!"
+        echo "Failed to install."
         echo "Uninstalling ..."
 
-        do_uninstall
+        do_uninstall "$USERNAME"
 
         exit 1
     fi
-
 fi

lib/systemd/system/ddns.service renamed to lib/systemd/system/[email protected]

@@ -8,8 +8,7 @@ Type=simple
 ExecStart=/bin/bash /usr/bin/ddns.sh
 Restart=always
 RestartSec=30s
-User=root
-Group=root
+User=%i
 
 [Install]
 WantedBy=multi-user.target