Author: Sahil Suri

Setting up chrooted ssh jails in Linux

Introduction In one of our previous articles we demonstrated how to configure chrooted sftp user accounts.  Along with the configuration of chrooted sftp accounts you can actually configure a mechanism for chrooted ssh access as well. This type of chrooted ssh setup is commonly referred to as a chroot jail and we will be explaining it’s configuration step by step in this article. Chrooted jails are a means of separating specific user operations from the rest of the Linux system.  This configuration changes the apparent root directory for the current running user process and its child process with new root directory called a chrooted jail. Step 1: Create chroot home directory. [root@linuxnix ~]# mkdir -p /chroot/home/sahil [root@linuxnix ~]# ls -ld /chroot/home/sahil drwxr-xr-x. 2 root root 4096 Jul 22 22:34 /chroot/home/sahil [root@linuxnix ~]# [root@linuxnix ~]# chmod 700 /chroot/home/sahil We need to disable SELinux for this setup to work. [root@linuxnix ~]# setenforce 0 We will be copying certain binaries and library files into this directory. So, let’s create the sub-directories in which we will place these binaries and library files. [root@linuxnix ~]# cd /chroot [root@linuxnix chroot]# mkdir bin/ lib64/ lib/ dev/ [root@linuxnix chroot]# ls bin lib lib64 dev [root@linuxnix chroot]# Now under the dev/ directory we will be creating certain required character device files using the mknod command. In the command below, the -m flag is used to specify the file permissions...

Read More

How To exclude copying of specific directories in Linux using cp/scp/rsync

Introduction Performing file copy operations between servers is a common task for any system administrator or a generic Linux operating system user. While copying files from one system to another we might need to exclude certain files and directories from being copied due to some specific reason. This could be applicable even when we are transferring data from one location to another on the same system. In this article we will demonstrate how you can exclude certain files or directories or being copied using the three most common and widely used utilities employed for this purpose i.e. rsync, cp and scp. In an earlier article, we discussed the rsync command in depth with a lot of examples. Exclude specific Files/Directories from being copied using cp command: Consider the following scenario wherein I have five directories in my current working directory. [root@linuxnix tmp]# ls -ld dir* drwxr-xr-x 2 root root 6 Aug 29 22:47 dir1 drwxr-xr-x 2 root root 71 Aug 29 22:47 dir2 drwxr-xr-x 2 root root 6 Aug 29 22:47 dir3 drwxr-xr-x 2 root root 6 Aug 29 22:47 dir4 drwxr-xr-x 2 root root 6 Aug 29 22:47 dir5 I would like to copy the content of all directories starting with the name dir except the dir2 directory then I could do the following: [root@linuxnix tmp]# cp -r `ls -A | grep dir| grep -v "dir2"` /tmp/sahil/ This...

Read More

Docker container ports explained

Introduction In earlier articles we’ve talked about docker images, creating and running docker containers as well as the docker hub. In this post, we’ll talk about Docker networking and specifically port redirection. An understanding of how port redirection works in the container is very useful while dockerising web applications that rely on apache or nginx. Before getting started let’s check what containers and images we have available on our system. [sahil@linuxnix ~]$ docker container ls CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES [sahil@linuxnix ~]$ docker container ls -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES [sahil@linuxnix ~]$ docker image ls REPOSITORY TAG IMAGE ID CREATED SIZE sahilsuri008/linuxnix-docker v1 e1c1d07a11b5 22 hours ago 182MB ubuntu 16.04 13c9f1285025 3 weeks ago 119MB [sahil@linuxnix ~]$ From the above output, we can determine that we have two images and zero containers running or in a stopped state on this system. For the purpose of this demonstration, we don’t be using the Ubuntu image or the image that we created. Instead, we’ll pull an image for nginx and run it to exemplify how port redirection would work. So, let’s download the nginx image. [sahil@linuxnix ~]$ docker run -d nginx Unable to find image 'nginx:latest' locally latest: Pulling from library/nginx fc7181108d40: Pull complete d2e987ca2267: Pull complete 0b760b431b11: Pull complete Digest: sha256:40d9770a77003d3114c332bcab42d4fb18a8cd28c4534162a2af6482641b876c Status: Downloaded newer image for nginx:latest 09994d200778d9b781e7240bddf9b797f9007ee18e251a1cb5c770cd6f5c85a8 [sahil@linuxnix ~]$ [sahil@linuxnix ~]$ docker...

Read More

Over 16,000 readers, Get fresh content from “The Linux juggernaut”

Email Subscribe


My photo
My name is Surendra Kumar Anne. I hail from Vijayawada which is cultural capital of south Indian state of Andhra Pradesh. I am a Linux evangelist who believes in Hard work, A down to earth person, Likes to share knowledge with others, Loves dogs, Likes photography. At present I work at Bank of America as Sr. Analyst Systems and Administration. You can contact me at surendra (@) linuxnix dot com.