CentOS 6 CD/DVD/ISO to USB Installation

linuxexplore — Mon, 17 Mar 2014 18:01:41 +0000

I tried various Linux ISO to USB software like UNetbootin, liveusb-creator, Universal-USB-Installer etc to create CentOS 6 (take a look at new look of CentOS website) bootable USB/pendrive. But all have some problems or limitations which force me to use ISO2USB software, which help me to meet my need.

Requirement

Create a CentOS 6 bootable USB which will support customized installation (by using kickstart configuration file).

Limitations with other software

UNetbootin: Bootable USB of CentOS 6 created by UNetbootin is not even booting the system using USB and not support kickstart configuration file.

liveusb-creator: It support live Linux Fedora OS only like fedora-live and not support kickstart configuration file.

Universal-USB-Installer: It successfully boot the CentOS 6 from USB but failed to install by kickstart configuration file.

Prerequisites of ISO2USB software

This is the minimum requirement for all ISO to USB software. It need followings:

ISO file or CD/DVD of CentOS 6 (Custom Installation disk of CentOS 6).
A USB drive to boot the system.

Prepare CentOS 6 bootable from ISO file or CD/DVD

After downloading ISO2USB software for Windows, follow the steps given below:

Plug the USB drive to Windows XP/Vista/7 machine.
Execute the ISO2USB software.

ISO2USB Software

Browse CentOS 6 ISO (with custom installation) file by using the highlighted browse button.

Browse Custom CentOS-6 ISO file

Click on OK button but before clicking on OK button; just make sure that correct USB drive should be selected.

Select USB drive

Click Exit button, when finished.

Exit ISO2USB

Safely remove USB drive from Windows XP/Vista/7 system.

USB drive is now ready to install CentOS 6 (with custom configuration file) on your system.

Chroot SFTP Users for Web Hosting Server.

linuxexplore — Tue, 19 Feb 2013 20:37:25 +0000

A chroot on Unix operating systems is an operation that changes the apparent root directory for the current running process and its children. A program that is run in such a modified environment cannot name (and therefore normally not access) files outside the designated directory tree. The term “chroot” may refer to the chroot(2) system call or the chroot(8) wrapper program. The modified environment is called a “chroot jail”. From Wikipedia.

Why it is required? If you want to set up your Linux box as a web hosting server for its users, you may need to give SFTP access. But they can get access to whole system Linux tree, just for reading but still very unsecure. So it is mandatory to lock them in their home directory.

There are many other applications, it’s just a common example, so lets start its configuration.

Linux Box Detail:

Its mine Linux Box, your Linux system may vary. Only thing to take care is the openssh-server version, because openssh-server-5.3p1 support SFTP chroot. Older version supports but its tricky, please let me k now if you want to know that too.

Operating System: CentOS 6.3/x86_64

Kernel Version: 2.6.32-279.19.1.el6/x86_64

Openssh Server Version: openssh-server-5.3p1-81.el6_3/x86_64

sshd Server Configuration:

Add the following tail output to your Linux box’s SSH

server configuration file /etc/ssh/sshd_config.

[rahulpanwar@myhost ~]# tail -6 /etc/ssh/sshd_config
#Subsystem sftp /usr/libexec/openssh/sftp-server
Subsystem sftp internal-sftp
Match Group www-hosting
ChrootDirectory %h
ForceCommand internal-sftp
AllowTcpForwarding no

Then restart sshd service to enable this configuration.

[rahulpanwar@myhost ~]# sudo /etc/init.d/sshd restart

Create Chroot Users:

[rahulpanwar@myhost ~]# sudo mkdir /etc/skel/public_html
[rahulpanwar@myhost ~]# sudo groupadd www-hosting
[rahulpanwar@myhost ~]# sudo useradd -s /sbin/nologin -g www-hosting linuxexplore.com

Setting Permissions:

[rahulpanwar@myhost ~]# sudo chown root:www-hosting /home/linuxexplore.com
[rahulpanwar@myhost ~]# sudo chmod 755 /home/linuxexplore.com

That’s all now create multiple users for web hosting, and offer the secure sftp access to your customers.

Shell Script to Create Web Hosting Users:

#!/bin/bash
HOSTING_DIR="/etc/skel/public_html"
CHROOT_GRP="www-hosting"
USR_NAME="$1"

[ ! -d "$HOSTING_DIR" ] && mkdir -p $HOSTING_DIR
grep ^"${CHROOT_GRP}:" /etc/group || /usr/sbin/groupadd www-hosting
grep ^"${USR_NAMEP}:" /etc/passwd || /usr/sbin/useradd -s /sbin/nologin -g $CHROO_GRP $USR_NAME
chown root:$CHROOT_GRP /home/$USR_NAME
chmod 755 /home/$USR_NAME

Selinux Configuration:

Disable the selinux permanently or configure it for read write user’s home directory in SSH chroot.

[rahulpanwar@myhost ~]# sudo setsebool -P ssh_chroot_rw_homedirs on
[rahulpanwar@myhost ~]# sudo restorecon -R /home/$USERNAME

Troubleshooting

From: https://wiki.archlinux.org/index.php/SFTP-chroot

sshd[3505]: fatal: bad ownership or modes for chroot directory "/home/linuxexplore.com"

It’s ChrootDirectory ownership problem, sshd will reject sftp connections to accounts that are set to chroot into any directory that has ownership/permissions that sshd doesn’t consider secure. sshd’s apparently strict ownership/permissions requirements dictate that every directory in the chroot path must be owned by root and only writable for the owner. So, for example, if the chroot environment is in a user’s home directory both /home and /home/username must be owned by root and have permissions like 755 or 750 ( group ownership should allow user to access ).

If you are using sftp with public key check the following link:

http://www.centos.org/modules/newbb/viewtopic.php?topic_id=37903&forum=59

If chroot environment is in user’s home directory, make sure user have access to its home directory, or user would not be able to access its publickey, produce the error given in above CentOS forum link.

Linux Explore » centos 6