Showing posts from December, 2013

How can I chroot sftp-only SSH users into their homes?

All this pain is thanks to several security issues as detailed here . Basically the chroot directory has to be owned by root and can't be any group-write access. Lovely. So you essentially need to turn your chroot into a holding cell and within that you can have your editable content.   sudo chown root /home/bob sudo chmod go-w /home/bob sudo mkdir /home/bob/writeable sudo chown bob:sftponly /home/bob/writeable sudo chmod ug+rwX /home/bob/writeable And bam, you can log in and write in /writeable . found at:

selinux blocks access via sftp for chrooted user

you may want to install setroubleshoot. audit2allow is installed as part of that install. If selinux blocks access via sftp for chrooted user try: grep denied /var/log/audit/audit.log | audit2allow -M postgreylocal this is how postgrey will looks like and give permission to remove, rename, delete, create file/directory module postgreylocal 1.0; require {         type user_home_t;         type chroot_user_t;         class dir { rename write rmdir remove_name create add_name };         class file { write create unlink link setattr }; } #============= chroot_user_t ============== #!!!! This avc can be allowed using one of the these booleans: #     ssh_chroot_rw_homedirs, ssh_chroot_full_access allow chroot_user_t user_home_t:dir { rename rmdir }; #!!!! This avc is allowed in the current policy allow chroot_user_t user_home_t:dir { write remove_name create add_name }; #!!!! This avc can be allowed using one of the these booleans: #     ssh_chroot_rw_h

Find and kill a process in one line using bash and regex

      How can I extract the process id automatically and kill it in the same line? In bash , you should be able to do: kill $(ps aux | grep '[p]ython' | awk '{print $2}') Details on its workings are as follows: The ps gives you the list of all the processes. The grep filters that based on your search string, [p] is a trick to stop you picking up the actual grep process itself. The awk just gives you the second field of each line, which is the PID. The $(x) construct means to execute x then take its output and put it on the command line. The output of that ps pipeline inside that construct above is the list of process IDs so you end up with a command like kill 1234 1122 7654 . Here's a transcript showing it in action: pax> sleep 3600 & [1] 2225 pax> sleep 3600 & [2] 2226 pax> sleep 3600 & [3] 2227 pax> sleep 3600 & [4] 2228 pax> sleep 3600 & [5] 2229 pax> kill $(ps aux | g