Archive

Archive for the ‘Shells’ Category

Change Unix File Permissions Using C

March 26, 2011 Leave a comment

This is a small program written in C used to change permissions of files in Unix.

You may ask why would someone want to use a C snippet instead of a quick “chmod” shell script?

Well, a simple “chown” script works just fine for cases where you don’t have a ridiculously large amount of files. Things get painfully slow when besides having millions of files you also have millions of directories. In those rare cases there is nothing faster than C.

If you have a 64 bit operating system you can compile this code with “-m64” flag for better performance.

#include
#include
#include
#include

#define PATH "/export/home/egloo"
#define UID 501
#define GID 501
#define NOTIFICATION_INTERVAL 10000

int file_count = 0;
char cmd[128];

static int callback(const char *fpath, const struct stat *sb, int typeflag) {
// Check if it's a file or a directory
if (typeflag == FTW_D || typeflag == FTW_F) {

// Apply new permissions
chown(fpath, UID, GID);

// Send progress notification
file_count++;
if ( 0 == ( file_count % NOTIFICATION_INTERVAL ) ){
fprintf( stderr, "%ld\n", file_count );
sprintf(cmd,"/bin/echo \"%i files processed\" | /bin/mail -s \"CHOWN PROGRESS\" user@domain.com", file_count);
system(cmd);
}
}

// Continue FTW
return 0;
}

int main(int argc, char **argv) {
ftw(PATH, callback, 256);
}

Advertisements

Turn off echo in a terminal

October 13, 2008 4 comments

Imagine you are writing a shell script that requires the user to input confidential information, lets say a password.

The user wont feel comfortable if the password is echoed on the screen like a simple text. If you ever used expect interactive scripting, you know for sure this kind of problem.

Don’t worry, its amazingly easy to perform this trick and stop echoing whatever the user types on the screen.

Simply add the following line to your script:

stty -echo

and you are done. The stty output will go offline. Let’s see an example:

#!/bin/bash
echo Hello

stty -echo
# do what ever you want to do
echo 'I slept with your girlfriend'
stty echo
echo Bye
exit 0;

That’s it! Just remember to put it back to normal with the following command:

stty echo

Also, it would be helpful for you to read the whole man page for stty.

$ man stty

Categories: Shells Tags:

Linux Restricted Shell

August 17, 2008 1 comment

This is typical situation, you created users that were intended to stay in their /home environment, however they seem to have a knack of poking around all your server directories.

A restricted shell is a Unix shell that has been modified to allow the Unix shell user to do fewer things than a normal shell would allow him to do. Restricted shells allow you to control the user’s environment allowing only specific admin-aproved commands.

rssh behaves identically to bash with the exception that at least one of the following commands are allowed:

scp – secure copy
sftp – secure FTP
cvs – control versions system
rsync – sync filesystem
rdist – backup utility

Is available through yum in fedora and apt-get in debian. Also you can get a fresh copy from the official website (http://dragontoe.org/rssh/)

In fedora:
# yum install rssh

In Debian:
# apt-get install rssh

Now rssh is installed by default it’s configuration will lock down everything including any sort of access. We need to set up the configuration file. The default file is located at /etc/rssh.conf

For example, I only want to allow only scp and sftp to my server. Also I’m leaving some commented lines for future usage, just in case.

allowscp
allowsftp
#allowcvs
#allowrdist
#allowrsync

There is no rssh service and the configuration is read on the fly.

Next logical step is to add some users.

# useradd -m -d /home/sara -s /usr/bin/rssh sara

Or if the user already exists, use chmod to assign the restricted shell.

# usermod -s /usr/bin/rssh sara

Now, lets say if sara tries to connect the server with ssh or telnet a message like the following will appear.

This account is restricted by rssh.
Allowed commands: scp sftp

If you believe this is in error, please contact your system administrator.

Connection to localhost closed.

rssh is a simple way to implement security on your server and rather than a unbreakable security measure, rssh is just the start to forge a secure server. It should be awesome if you could also include a unix jail or a custom restricting script written in your favorite programming language.

Just remember to never underestimate the ingenuity of your users.

Good luck!

Categories: Shells Tags: