Archive for July, 2010

Favorite poem – 17

July 27, 2010

It is the hour when from the boughs
The nightingale’s high note is heard;
It is the hour when lovers’ vows
Seem sweet in every whisper’d word;
And gentle winds, and waters near,
Make music to the lonely ear,
Each flower the dews have lightly wet,
And in the sky the stars are met,
And on the wave is deeper blue,
And on the leaf a browner hue
And in the heaven that clear obscure,
So softly dark, and darkly pure,
Which follows the decline of day,
As twilight melts beneath the moon away.

– G. G. BYRON.

sftp without shell access

July 15, 2010

OpenSSH was the first version of the famous daemon that came with an built-in chroot functionality. Chrooting the sshd and restricting the shell access to a few commands can be a great solution to grant a few users secure access to exchange files. /etc/ssh/sshd_config

Replace the line – “Subsystem sftp /usr/lib/openssh/sftp-server”  with –

Subsystem sftp internal-sftp

UsePAM yes

Match user user1
# The following two directives force user1 to become chrooted
# and only have sftp available.  No other chroot setup is required.
ChrootDirectory /sftp-upload
ForceCommand internal-sftp
# For additional paranoia, disallow all types of port forwardings.
AllowTcpForwarding no
GatewayPorts no
X11Forwarding no

2.  Now add a user as follows –

useradd -d /user1 -s /bin/false user1

cd /sftp-upload

mkdir user1

chown -R user1:user1 user1/

4. Restart your sshd daemon ( kill -HUP <sshd pid>

Non – standard only restrict shell access –

You want to allow a user to place files or folder on his/her home directory through sft client or winscp client but you don want to any kind of shell access. Here is a simple tricks to restrict this.

Just change his login shell to /usr/local/libexec/sftp-server (Solaris) or /usr/lib/openssh/sftp-server ( Linux).
Moreover if you want to restrict access over your sensitive data just disable the others read (r) and execute (x) perm of that files and folder.

Redirecting port 80 traffic to port 8080

July 15, 2010

I open ports 80 and port 433 on my firewall.My Tomcat installation is listening at port 8080 and 8443 but to run tomcat on port 443 need root privilege. So simple solution to these is to redirect any request coming on port 80 to port 8080. Here is the trick.

iptables -A PREROUTING -t nat -i eth0 -p tcp –dport 80 -j REDIRECT –to-port 8080

Adding new HDD on Solaris

July 4, 2010

Solaris 10 x86 Disk Controller Table


/dev/rdsk/c0d0s0~7Primary IDE Master
/dev/rdsk/c0d1s0~7Primary IDE Slave
/dev/rdsk/c1d0s0~7Secondary IDE Master
/dev/rdsk/c1d1s0~7Secondary IDE Slave


/dev/rdsk/c0t0d0s0~7First SCSI ?No 0 ? Disk Drive
/dev/rdsk/c0t1d0s0~7First SCSI ?No 1 ? Disk Drive
/dev/rdsk/c0t2d0s0~7First SCSI ?No 2 ? Disk Drive
/dev/rdsk/c0t3d0s0~7First SCSI ?No 3 ? Disk Drive
/dev/rdsk/c0t4d0s0~7First SCSI ?No 4 ? Disk Drive
/dev/rdsk/c0t5d0s0~7First SCSI ?No 5 ? Disk Drive
/dev/rdsk/c0t6d0s0~7First SCSI ?No 6 ? Disk Drive
/dev/rdsk/c0t7d0s0~7First SCSI ?No 7 ? Disk Drive

After Putting In New HDD Login as root.

# drvconfig ( configure the /devices directory )
# disks ( creates /dev entries for hard disks attached to the system )
# format
Searching for disks…done

0. c0d0
1. c1t6d0
Specify disk (enter its number): ** Select Your New Drive (0/1/n) **

0. other
1. default
Specify disk type (enter its number): **Select One **

No fdisk table exists. The default partition for the disk is:

a 100% “SOLARIS System” partition

Type “y” to accept the default partition, otherwise type “n” to edit the
partition table.

WARNING: Solaris fdisk partition changed – Please relabel the disk

Select the partition type to create:
9=DOS16LBAA=x86 BootB=DiagnosticC=FAT32

Specify the percentage of disk to use for this partition
(or type “c” to specify the size in cylinders). 100

Should this become the active partition? If yes, it will be activated
each time the computer is reset or turned on.
Please type “y” or “n”. n

WARNING: Solaris fdisk partition changed – Please relabel the disk

format> partition

0 – change `0′ partition
1 – change `1′ partition
2 – change `2′ partition
3 – change `3′ partition
4 – change `4′ partition
5 – change `5′ partition
6 – change `6′ partition
7 – change `7′ partition
select – select a predefined table
modify – modify a predefined partition table
name – name the current table
print – display the current table
label – write partition map and label to the disk
! – execute , then return
partition> print
Current partition table (cyl):
Total disk cylinders available: 25229 + 2 (reserved cylinders)
partition> **Edit Part 0**

partition> print

partition> label
Ready to label disk, continue? y

partition> quit
format> label

Ready to label disk, continue? y
format> quit

# newfs /dev/rdsk/c0t1d0s2
# mkdir /new-disk1

Now manually mount it also add the entry on vfstab file.

# echo “/dev/dsk/c0t1d0s2 /dev/rdsk/c0t1d0s2 /new-disk1 ufs 1 yes -” >> vfstab
# touch /reconfigure

expressions in shell scripting

July 4, 2010

Testing exit status

The ? variable holds the exit status of the previously executed command (the most recently completed foreground process).

The following example shows a simple test:

myhome ~> if [ $? -eq 0 ]
More input> then echo ‘That was a good job!’
More input> fi
That was a good job!

myhome ~>

The following example demonstrates that TEST-COMMANDS might be any UNIX command that returns an exit status, and that if again returns an exit status of zero:

myhome ~> if ! grep $USER /etc/passwd
More input> then echo “your user account is not managed locally”; fi
your user account is not managed locally

myhome > echo $?

myhome >

The same result can be obtained as follows:

myhome > grep $USER /etc/passwd

myhome > if [ $? -ne 0 ] ; then echo “not a local account” ; fi
not a local account

myhome >

Numeric comparisons

The examples below use numerical comparisons:

myhome > num=`wc -l work.txt`

myhome > echo $num

myhome > if [ “$num” -gt “150” ]
More input> then echo ; echo “you’ve worked hard enough for today.”
More input> echo ; fi

you’ve worked hard enough for today.

myhome >

This script is executed by cron every Sunday. If the week number is even, it reminds you to put out the garbage cans:


# Calculate the week number using the date command:

WEEKOFFSET=$[ $(date +”%V”) % 2 ]

# Test if we have a remainder. If not, this is an even week so send a message.
# Else, do nothing.

if [ $WEEKOFFSET -eq “0” ]; then
echo “Sunday evening, put out the garbage cans.” | mail -s “Garbage cans out”

String comparisons

An example of comparing strings for testing the user ID:

if [ “$(whoami)” != ‘root’ ]; then
echo “You have no permission to run $0 as non-root user.”
exit 1;

With Bash, you can shorten this type of construct. The compact equivalent of the above test is as follows:

[ “$(whoami)” != ‘root’ ] && ( echo you are using a non-privileged account; exit 1 )

Similar to the “&&” expression which indicates what to do if the test proves true, “||” specifies what to do if the test is false.

Regular expressions may also be used in comparisons:

myhome > gender=”female”

myhome > if [[ “$gender” == f* ]]
More input> then echo “Pleasure to meet you, Madame.”; fi
Pleasure to meet you, Madame.

myhome >