Marius van Witzenburg » Shell http://mariusvw.com "Learned my lesson in life, now setting my action to stay in life." Thu, 09 Sep 2010 08:23:12 +0000 en hourly 1 http://wordpress.org/?v=3.0.1 Creating SFTP-only User Accounts to Kill SSH Access http://mariusvw.com/2010/08/26/creating-sftp-only-user-accounts-to-kill-ssh-access/ http://mariusvw.com/2010/08/26/creating-sftp-only-user-accounts-to-kill-ssh-access/#comments Thu, 26 Aug 2010 10:29:23 +0000 mariusvw http://mariusvw.com/?p=4984 Problem Statement
We wanted to create SFTP-only user accounts that cannot SSH into the server to run commands. There is no built-in approach to this problem that we can find so we created a simple shell script to solve it. Here we will discuss how it works.

Step 1: Create a shell script to run as the user’s shell

Create a shell script called /sbin/sftp-only as follows:

#!/bin/sh
 
if [ "$*" != "-c /usr/libexec/sftp-server" ]
then
    echo “Sorry, ssh access not allowed.”
    exit
fi
 
exec /usr/libexec/sftp-server

Step 2: Edit user accounts to use this shell script as user’s shell

Modify user accounts using usermod to set the shell to /sbin/sftp-only so that when user tries to SSH to the server, the shell script will display the “Sorry, ssh access not allowed.” message. And when the user tries to connect to the server via a SFTP client, the shell script will get executed and it will start the SFTP server for the user.

]]> http://mariusvw.com/2010/08/26/creating-sftp-only-user-accounts-to-kill-ssh-access/feed/ 0 Shellproxy, an easy tool to run shell commands from PHP or other languages http://mariusvw.com/2010/03/02/shellproxy-an-easy-tool-to-run-shell-commands-from-php-or-other-languages/ http://mariusvw.com/2010/03/02/shellproxy-an-easy-tool-to-run-shell-commands-from-php-or-other-languages/#comments Tue, 02 Mar 2010 19:53:02 +0000 mariusvw http://mariusvw.com/?p=1302 This is a simple script that runs a shell command from PHP with the function system().
It sometimes happens that a command doesn't close the stdin or stdout, resulting the system() function to halt and wait for it to finish...
This causes PHP to reach the 30 second time limit and kill the script.

This script runs it in the background and you could make your commands send their output to a log file and still having full control.

Read the code below how to use it.

You can compile it by placing the code into 'shellproxy.c' and then compile it with the following command:

gcc -o shellproxy shellproxy.c

I hope this is something useful for you as it was for me.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35

#include <stdio .h>
#include <stdlib .h>
#include <string .h>
 
int main(int argc, char *argv[]) {
    char command[1024];
    int t;
 
    if (argc == 1) {
        printf("\nShell Proxy\n");
        printf("By Marius van Witzenburg <http ://mariusvw.com>\n\n");
        printf("You will mostly use this program from PHP or any other\n");
        printf("webscripting language to background run programs\n\n");
        printf("Usage:\n");
        printf("- CLI:\n");
        printf("shellproxy \"<cmd> <arg>\"\n");
        printf("shellproxy \"<cmd> <arg> > redirect.txt\"\n");
        printf("- PHP:\n");
        printf("system('shellproxy \"<cmd> <arg> &\"');\n");
        printf("system('shellproxy \"<cmd> <arg> > redirect.txt\"');\n\n");
    }
 
    command[0] = 0;
 
    for (t = 1; t < argc; t++) {
        strcat(command, argv[t]);
        strcat(command, " ");
    }
 
    fclose(stdin);
    fclose(stdout);
    fclose(stderr);
 
    system(command);
}

It would be nice if you keep my name mentioned into this code if you use it.

Ps. Donations are welcome... ;-)

]]> http://mariusvw.com/2010/03/02/shellproxy-an-easy-tool-to-run-shell-commands-from-php-or-other-languages/feed/ 0 Virtualbox VDI to VMware VMDK with Qemu script http://mariusvw.com/2009/10/18/virtualbox-vdi-to-vmware-vmdk-with-qemu-script/ http://mariusvw.com/2009/10/18/virtualbox-vdi-to-vmware-vmdk-with-qemu-script/#comments Sun, 18 Oct 2009 19:32:54 +0000 mariusvw http://mariusvw.com/?p=1101 This script converts your VDI image to a VMDK image if you installed Virtualbox and Qemu on the default location of your Mac OS X.

I placed this script in my home directory as vdi2vmdk.sh but you could place it anywere you want.

The code of vdi2vmdk.sh:

1
2
3
4
5
6
7
8
9
10
11
12
13

#!/bin/sh
echo "VDI 2 Raw..."
ri="svi2raw.tmp"
if [ -e "$ri" ] 
then
    echo "" 
    rm $ri  
fi
/Applications/VirtualBox.app/Contents/MacOS/VBoxManage internalcommands converttoraw -format vdi "$1" "$ri"
echo "Raw to VMDK..."
/Applications/Q.app/Contents/MacOS/qemu-img convert -O vmdk "$ri" "$2"
rm "$ri"
echo "DONE!"

If you have any questions, please ask...

]]> http://mariusvw.com/2009/10/18/virtualbox-vdi-to-vmware-vmdk-with-qemu-script/feed/ 0 Restrict users to SFTP only instead of full SSH access http://mariusvw.com/2009/09/27/restrict-users-to-sftp-only-instead-of-full-ssh-access/ http://mariusvw.com/2009/09/27/restrict-users-to-sftp-only-instead-of-full-ssh-access/#comments Sun, 27 Sep 2009 09:35:39 +0000 mariusvw http://mariusvw.com/?p=1027 In case you want users to have access to files on your server but you don't want them to be able to execute commands you can limit them to sftp only access.

Add a user to your system like you normally do with an password and then run the following command:

usermod -s /usr/libexec/sftp-server username

Then change add the following to /etc/shells to make it a valid shell:

echo '/usr/libexec/sftp-server' >> /etc/shells

Now this user can only run the sftp server as shell :)

]]> http://mariusvw.com/2009/09/27/restrict-users-to-sftp-only-instead-of-full-ssh-access/feed/ 0