Why it is required? If you want to set up your Linux box as a web hosting server for its users, you may need to give SFTP access. But they can get access to whole system Linux tree, just for reading but still very unsecure. So it is mandatory to lock them in their home directory.

There are many other applications, it’s just a common example, so lets start its configuration.

Linux Box Detail:

Its mine Linux Box, your Linux system may vary. Only thing to take care is the openssh-server version, because openssh-server-5.3p1 support SFTP chroot. Older version supports but its tricky, please let me k now if you want to know that too.

Operating System: CentOS 6.3/x86_64

Kernel Version: 2.6.32-279.19.1.el6/x86_64

Openssh Server Version: openssh-server-5.3p1-81.el6_3/x86_64

sshd Server Configuration:

Add the following tail output to your Linux box’s SSH

server configuration file /etc/ssh/sshd_config.

[rahulpanwar@myhost ~]# tail -6 /etc/ssh/sshd_config
#Subsystem sftp /usr/libexec/openssh/sftp-server
Subsystem sftp internal-sftp
Match Group www-hosting
ChrootDirectory %h
ForceCommand internal-sftp
AllowTcpForwarding no

Then restart sshd service to enable this configuration.

[rahulpanwar@myhost ~]# sudo /etc/init.d/sshd restart

Create Chroot Users:

[rahulpanwar@myhost ~]# sudo mkdir /etc/skel/public_html
[rahulpanwar@myhost ~]# sudo groupadd www-hosting
[rahulpanwar@myhost ~]# sudo useradd -s /sbin/nologin -g www-hosting linuxexplore.com

Setting Permissions:

[rahulpanwar@myhost ~]# sudo chown root:www-hosting /home/linuxexplore.com
[rahulpanwar@myhost ~]# sudo chmod 755 /home/linuxexplore.com

That’s all now create multiple users for web hosting, and offer the secure sftp access to your customers.

Shell Script to Create Web Hosting Users:

#!/bin/bash
HOSTING_DIR="/etc/skel/public_html"
CHROOT_GRP="www-hosting"
USR_NAME="$1"

[ ! -d "$HOSTING_DIR" ] && mkdir -p $HOSTING_DIR
grep ^"${CHROOT_GRP}:" /etc/group || /usr/sbin/groupadd www-hosting
grep ^"${USR_NAMEP}:" /etc/passwd || /usr/sbin/useradd -s /sbin/nologin -g $CHROO_GRP $USR_NAME
chown root:$CHROOT_GRP /home/$USR_NAME
chmod 755 /home/$USR_NAME

Selinux Configuration:

Disable the selinux permanently or configure it for read write user’s home directory in SSH chroot.

[rahulpanwar@myhost ~]# sudo setsebool -P ssh_chroot_rw_homedirs on
[rahulpanwar@myhost ~]# sudo restorecon -R /home/$USERNAME

Troubleshooting

From: https://wiki.archlinux.org/index.php/SFTP-chroot

sshd[3505]: fatal: bad ownership or modes for chroot directory "/home/linuxexplore.com"

It’s ChrootDirectory ownership problem, sshd will reject sftp connections to accounts that are set to chroot into any directory that has ownership/permissions that sshd doesn’t consider secure. sshd’s apparently strict ownership/permissions requirements dictate that every directory in the chroot path must be owned by root and only writable for the owner. So, for example, if the chroot environment is in a user’s home directory both /home and /home/username must be owned by root and have permissions like 755 or 750 ( group ownership should allow user to access ).

If you are using sftp with public key check the following link:

http://www.centos.org/modules/newbb/viewtopic.php?topic_id=37903&forum=59

If chroot environment is in user’s home directory, make sure user have access to its home directory, or user would not be able to access its publickey, produce the error given in above CentOS forum link.

Preparation of installation of LibreOffice 4.0.0:

First of all download the newer version of LibreOffice 4.0.0 using wget command as follows.

wget http://download.documentfoundation.org/libreoffice/stable/4.0.0/rpm/x86/LibreOffice_4.0.0_Linux_x86_rpm.tar.gz

This tar file contains RPMs of LibreOffice 4.0.0 package. Extract this tar file to some location, I like /opt.

tar -xf Libreoffice_4.0.0_Linux_x86_rpm.tar.gz -C /opt

Uninstall Previous version of LibreOffice Package:

Previously existing installation of LibreOffice package must be removed before proceeding to installation of newer version. You can use yum erase command to remove old LibreOffice package.

yum erase libreoffice*

You can use any method to uninstall earlier LibreOffice package but it must be uninstalled first. Check my earlier post How to use yum for package management.

Installation of LibreOffice 4.0.0 RPMs:

To install the RPM, you can use yum command again.

cd /opt/LibreOffice_4.0.0.3_Linux_x86_rpm/RPMS/
yum localinstall *.rpm

It will install all LibreOffice RPMs from RPMS directory.

Finalizing the installation:

The above command(s) does the first part of the installation process. To complete the process, you also need to install the desktop integration packages. To do this, change directory to the desktop-integration directory that is within the RPMS directory, by entering the following command at the command line of a terminal window:

cd desktop-integration

Now run the installation command again:

yum localinstall libreoffice4.0-freedesktop-menus-4.0.0-103.noarch.rpm

The installation process is now completed, and you should have icons for all the LibreOffice.

Now you are ready to enjoy the power of opensource. Try this version, you will feel proud to be an Open Source user or supporter. Thanks a lot to Document Foundation for such a great product.

If you like this please don't forget to share this with others, Thanks.

Windows uses FAT and NTFS as file systems, while Linux uses a variety of file systems.

Unlike Windows, Linux is bootable from a network drive.

In contrast to Windows, everything is either a file or a process in Linux. Please see one of my earlier post What “Everything Is a File” Means on Linux.

Linux has two kinds of major partitions called data partitions and swap partitions. Because of the existence of swap partitions, you never run out of memory in Linux (like in windows).

In terms of recovery tools, only a limited number of tools can be used on Windows, while there is a large number of UNIX based recovery tools available for Linux file systems.

From the author Nigel McFarlane:

Both Windows and Linux organize disk-based files into a hierarchy of directories. Such directories are usually called “folders” when viewed in a GUI. One whole hierarchy is called a “file system” on both platforms. The architecture of Windows and Linux file systems is similar in some points, but diverges greatly when tools are considered. Here’s a quick comparison.

On hardware derived from Intel or IBM PCs, both Windows and Linux use the Master Block Record/ Master Boot Record (MBR). That is the bit of disk used to boot the operating system and to state whether the disk is partitioned or not. On both Windows and Linux, it is common to have at most one file system per partition. That is about the end of the similarity.

Each Windows file system gets a drive letter, like “C:”. On Linux, each file system gets a device, like /dev/hda1 (“hard disk A part 1″), which is represented as a file. Such a file is a device file (since a disk is a device), hence the “dev” part of the path name. Also, the device file is not an ordinary text file, it is a “special file.” Since disks are block devices (unlike a serial mouse), such a file is fully described as a “block special device file.” The numbered part of the path can be a little weird to get right; it’s best to be guided by documentation there or extract the right name from a report.

On Windows, file systems can be FAT16, FAT32 or NTFS, to name a few. Recall FAT16 is the ancient standard responsible for Windows file names with the “8.3” file name length restriction. On Linux, filesystems can be “minix,” “ext,” or “ext2,” to name a few. Also, “minix” is an example of the ancient standard responsible for UNIX file names once being limited to 14 characters. Linux also has “msdos” and “vfat” file systems for compatibility with Windows and DOS, plus more.

Windows uses FORMAT.EXE to format a disk. Linux uses “mkfs” (“make file system”) in various specialist forms.

Each Windows file system has a File Allocation Table (FAT, VFAT, or similar) that states which disk blocks hold the topmost directory. On Linux, the equivalent on most filesystems is the superblock. A Linux file system has multiple copies of the superblock physically saved on the disk. This provides redundancy in case of a partial disk corruption. The superblock is just about always in memory on Linux; that is not the case for ancient DOS-like file systems. There are no special restrictions on files placed in the topmost directory on Linux, either.

On Windows, there is one drive letter per mounted file system: for example, C: for C: and D: for D:. On Linux there are no drive letters, so one file system is mounted on “/” and all other file systems are mounted on subdirectories of “/.” This arrangement is like the little-used MS-DOS command SUBST, or the NET USE command that supports Novell‘s NetWare. The equivalent Linux command is “mount.”

You can see all this at work on Linux, but for some of it you need to be logged in as root. Type “cat /etc/fstab” to see all the mountable devices, including floppy disks and CD players. Type “df” to see the devices currently mounted, and their free space. In the usual case you can even see the superblock: try “/sbin/dumpe2fs /dev/hda1” where hda1 comes from the output of “df.” The name “dumpe2fs” is a casualty of history; it replaces the older “dumpfs.” The information produced is really just for diagnostic purposes.

Mostly file systems work for you silently. If you want to dig into Linux further, then there are plenty of tools that can be used as inspection points.

About the author
Nigel McFarlane is an open source software analyst and technologist with a broad background in technology and software engineering. He has an extensive programming background and degrees in computer science and physics. His latest book is “Rapid Application Development with Mozilla” from Prentice Hall PTR.

Source:
http://searchopensource.techtarget.c…990200,00.html

Download the Beta 2

Beta 2 images can be downloaded from a location near you.
Note: The Ubuntu Desktop images are now bigger than a standard CD, and you should use a USB or DVD for installation. Some image consolidation has occurred as well.

You can download Beta 2 ISOs from:

http://releases.ubuntu.com/12.10/ (Ubuntu Desktop and Server)
http://cloud-images.ubuntu.com/releases/12.10/beta-2/ (Ubuntu Cloud Server)
http://cdimage.ubuntu.com/netboot/12.10/ (Ubuntu Netboot)
http://cdimage.ubuntu.com/ubuntu-core/releases/12.10/beta-2/ (Ubuntu Core)
http://cdimage.ubuntu.com/kubuntu/releases/12.10/beta-2/ (Kubuntu)
http://cdimage.ubuntu.com/kubuntu-active/releases/12.10/beta-2/ (Kubuntu Active)
http://cdimage.ubuntu.com/lubuntu/releases/12.10/beta-2/ (Lubuntu)
http://cdimage.ubuntu.com/edubuntu/releases/12.10/beta-2/ (Edubuntu DVD)
http://cdimage.ubuntu.com/ubuntustudio/releases/12.10/beta-2/ (Ubuntu Studio)
http://cdimage.ubuntu.com/xubuntu/releases/12.10/beta-2/ (Xubuntu)

• Difficulty: Easy
• Application: KStars

You may already have played with KStars, but how about creating a KStars backdrop image that’s updated every time you start up?

KStars can be run with the –dump switch, which dumps out an image from your startup settings, but doesn’t load the GUI at all. You can create a script to run this and generate a desktop image, which will change every day (or you can just use this method to generate images).

Run KStars like this:

kstars --dump --width 1024 --height 768 --filename = ~/kstarsback.png

You can add this to a script in your ~/.kde/Autostart folder to be run at startup. Find the file in Konqueror, drag it to the desktop and select ‘Set as wallpaper’ to use it as a randomly generated backdrop.

Open an SVG directly

• Difficulty: Easy
• Application: Inkscape

You can run Inkscape from a shell and immediately edit a graphic directly from a URL. Just type:

inkscape http://www.somehost.com/graphic.svg

Remember to save it as something else though!

Editing without an editor

• Difficulty: Intermediate
• Application: Various

Very long files are often hard to manipulate with a text editor. If you need to do it regularly, chances are you’ll find it much faster to use some handy command-line tools instead, like in the following examples.

To print columns eg 1 and 3 from a file file1 into file2, we can use awk:

awk '{print $1, $3}' file1 > file2

To output only characters from column 8 to column 15 of file1, we can use cut:

cut -c 8-15 file1 > file2

To replace the word word1 with the word word2 in the file file1, we can use the sed command:

sed "s/word1/word2/g" file1 > file2

This is often a quicker way to get results than even opening a text editor.

Backup selected files only

• Difficulty: Intermediate
• Application: tar

Want to use tar to backup only certain files in a directory? Then you’ll want to use the -T flag as follows. First, create a file with the file you want to backup:

cat >> /etc/backup.conf
# /etc/passwd
# /etc/shadow
# /etc/yp.conf
# /etc/sysctl.conf
EOF

Then run tar with the -T flag pointing to the file just created:

tar -cjf bck-etc-`date +%Y-%m-%d`.tar.bz2 -T /etc/backup.conf

Now you have your backup.

Read more…….

On this page we will explain how to install Counter-Strike and Counter-Strike: Source. We assume you have some Linux knowledge. We will start with Counter-Strike: Source.

Installing Counter-Strike: Source (SRCDS)

First, lets create a directory where we will run the hldsupdatetool, run the following command:

mkdir srcds

Now we switch to the srcdswe just created and download the hldsupdatetool.bin

cd srcds wget http://www.cstrike-planet.com/dls/hldsupdatetool.bin

If all goes well you should now have the hldsupdatetool.bin in the srcds directory. Now we change the permission of hldsupdatetool.bin so we can execute it and extract the contents from hldsupdatetool.bin

chmod +x hldsupdatetool.bin ./hldsupdatetool.bin

Note: after you run ./hldsupdatetool.bin you will get a prompt to agree with the terms and conditions, simply type yes and hit enter.

If all goes well, you should now have two files in the srcds directory, the hldsupdatetool.bin which we downloaded earlier, and a steam file the hldsupdatetool generated, this is the file we will use to install Counter-Strike: Source.

Note: if you receive a ‘uncompress: command not found’ message it means your server does not have uncompress installed. You have two options to easily work around this, try the following while logged-in as root: code: ln -s /bin/gunzip /bin/uncompress Then try to run ./hldsupdatetool.bin again. If that does not work, or you do not have root privileges you can download the binary file we have available: code: wget http://www.cstrike-planet.com/dls/steam

Now that you have the steam binary file, Type the following command to begin installing CS Source

Read full story.

If you are familiar with CentOS, you know that out of the box, it is not really designed as a desktop distribution. Stella changes all that, as it is primarily aimed at desktop users, while retaining the core enterprise features and capabilities of CentOS.

And you can see that just by looking at the package manager. The package categories tell you that everything you can find in CentOS is also available in Stella. Plus desktop applications that you will not find in any default installation of CentOS. For example, an application listed in the screen shot below, is ROSA Media Player (ROMP), the default media player in ROSA Desktop, a distribution based on Mandriva Linux.

Because it is loaded with desktop applications and media codecs not available in CentOS, you can play most audio and video file formats out of the box. Here it shows a favorite online video playing in Firefox.

The next few screen shots show what the desktop looks like and some of the applications accessible from the menu. This one shows installed Internet applications.

Installed Office applications.

Installed multimedia applications.

Updates manager.

Read full story.

Selinux is good security feature of Linux stop you to execute malicious applications. But it need to disable when you need to run your self developed application. You can check the selinux status by using following command:

# cat /selinux/enforce

1

If it will show 1, that means selinux enforcing is enabled.

You can disable that selinux temporarily or permanently. Use following methods to disable it.

Disable Temporarily:

To disable selinux temporarily set the 0 to /selinux/enforce file.

# echo 0 > /selinux/enforce

Read more.

That piece of software exploits a security flaw in the Android browser that was publicly disclosed by Google’s Chrome browser development team, according to Wicherski.

Google has fixed the flaw in Chrome, which is frequently updated, so that most users are now protected, he said.

But Wicherski said Android users are still vulnerable because carriers and device manufacturers have not pushed those fixes or patches out to users.

Marc Maiffret, chief technology officer of the security firm BeyondTrust, said: “Google has added some great security features, but nobody has them.”

Experts say iPhones and iPads don’t face the same problem because Apple has been able to get carriers to push out security updates fairly quickly after they are released.

Two Trustwave researchers told attendees about a technique they discovered for evading Google’s “Bouncer” technology for identifying malicious programs in its Google Play Store.

They created a text-message blocking application that uses a legitimate programming tool known as java script bridge. Java script bridge lets developers remotely add new features to a program without using the normal Android update process.

Companies including Facebook and LinkedIn use java script bridge for legitimate purposes, according to Trustwave, but it could also be exploited maliciously.

To prove their point, they loaded malicious code onto one of their phones and remotely gained control of the browser. Once they did that, they could force it to download more code and grant them total control.

“Hopefully Google can solve the problem quickly,” said Nicholas Percoco, senior vice president of Trustwave’s SpiderLabs. “For now, Android is the Wild West.”

– Reuters