Enabling SFTP-only access on Linux

Recently I had the need to share a zip file with a bunch of people that was big enough not to fit into email anymore. So I wanted to get it onto my server so that folks could grab it via SFTP from there. SFTP is setup by default on my Linux environment, so them accessing the machine was trivial. However, I didn’t want to give them full access to the entire machine where they could randomly up- and download files anywhere. What I needed was some way of giving them a user which was self-contained, with no SSH privileges and bound to a single location on the filesystem. Luckily, setting something like this up was much easier than I thought, and here is how you can do it yourself. Note, all commands below are executed as the root user:

tl;dr

  1. useradd <your sftp user> -s /sbin/nologin -M
  2. passwd <your sftp user>
    1. Enter your sftp user password and confirm
  3. vi /etc/ssh/sshd_config
  4. Match User <your sftp user>
       ChrootDirectory <your sftp user directory>
       ForceCommand internal-sftp
       AllowTcpForwarding no
       X11Forwarding no
    
  5. service sshd restart

Continue reading “Enabling SFTP-only access on Linux”

Disable SELinux on Oracle Linux 7

Sometimes when I want to test something or write a prototype of some sort SELinux (Security-Enhanced Linux) kicks in and hinders me, given that it is enabled by default on OL 7 UEK 4. STOP! Before I let you continue to read take a mental note of my disclaimer: I am an advocate of having security turned on by default. It helps us provide better and obviously more secure systems which, in turn, helps the world save time and money. Security should never, ever be turned off for production systems!
With this being said, here are a couple of quick steps for how to get around it.

tl;dr

  • setenforce 0
  • vim /etc/sysconfig/selinux
  • SELINUX=permissive

Here is also a short video on this topic:

Continue reading “Disable SELinux on Oracle Linux 7”

DTrace is now also available for Oracle Linux

Oracle has ported DTrace for Oracle Linux. DTrace is a very powerful performance analysis and troubleshooting tool that allows you to instrument all software. It’s name is short for Dynamic Tracing. I’m not a DTrace expert but some say it is that powerful that it allows you to reverse engineer any software…