Categories

Thursday, 21 February 2013

How to create SFTP jailed user


 Hello,

If you want to setup an account on your system that will be used only to transfer files (and not to ssh to the system), you should setup SFTP Chroot Jail as explained here.

First create a user using useradd command with the home directory being the one which should we need to connect to.

Then open the configuration file /etc/ssh/sshd_config

Modify the the /etc/ssh/sshd_config file and comment out the following line:

#Subsystem       sftp    /usr/libexec/openssh/sftp-server





Next, add the following line to the /etc/ssh/sshd_config file

Subsystem       sftp    internal-sftp

Match User username
    ChrootDirectory Directory name

    AllowTCPForwarding no
    X11Forwarding no
    ForceCommand internal-sftp



Save and restart sshd

If you are getting errors then please turn on the ssh debuggin by

Set the log level to DEBUG in /etc/ssh/sshd_config and restart
ssh then try connecting again, check /var/log/auth.log for debugging
info which may give more information.



Make sure that the permission of the folders and sub folders should be root:root



Regards




Friday, 15 February 2013

How to check if the machine is fully virtualized or para virtualized

Hello,

To run fully virtualized guests, host CPU support is needed. This is typically referred to as Intel VT, or AMD-V. To check for Intel VT support look for the 'vmx' flag, or for AMD-V support check for 'svm' flag:

Intel

# grep vmx /proc/cpuinfo
flags           : fpu tsc msr pae mce cx8 apic mtrr mca cmov pat

 pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm syscall nx

lm constant_tsc pni monitor ds_cpl vmx est tm2 cx16 xtpr lahf_lm

AMD

# grep svm /proc/cpuinfo
flags           : fpu tsc msr pae mce cx8 apic mtrr mca cmov pat pse36

clflush mmx fxsr sse sse2 ht syscall nx mmxext fxsr_opt rdtscp lm 3dnowext

3dnow pni cx16 lahf_lm cmp_legacy svm cr8_legacy


If you have the 'svm' or 'vmx' flags, then your CPU is capable of fully-virt.

If the machine supports para virtual guests, then you should see a "pae" flag in /proc/info. This means - the machine has PAE support and can run para virtual guests.

[root@unixfoo root]# cat /proc/cpuinfo | grep pae
flags           : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm nx lm
[root@unixfoo root]#

If there is no output for the above command, then the machine is not capable of running a para-virtualized guest.

Thursday, 14 February 2013

virtfs showing high disk usage

Hello,

Some times you see virtfs showing as using high disk usage in a cpanel server.

/home/virtfs is the directory created by cpanel to provide a restricted data access to jailshell users. When a user is logged in via jailshell, a virtual fileystem is created for the cpanel user by mounting only the selected filesystems under /home/virtfs/ .Sometimes, system wouldn’t unmount some or all of the filesystems properly from /home/virtfs/ even if the user is logged out from jailshell.So the disk usage is showing as incorrect at that time.

You can unmount it using the command for i in `cat /proc/mounts|awk '/virtfs/ {print $2}'`; do umount $i;done.

Regards

How to fix incorrect disk usage showing for a user in Cpanel

A customer complains that their reported disk usage is too high, that they are not using so much space. What do you do?

1. Get their username and login to WHM to see if WHM is actually reporting the amount of space usage they say. If WHM does show extreme disk usage....

2. Login to SSH and cd to their home directory
cd /home/theirusername

du -h

This will give a human readable display of folder by folder listing and space usage, with a total at the end. THIS WILL BE ACCURATE.

3. So, du -h shows a lower number than WHM? Then their is probably a backup file somewhere on the server with the same UID as this user.

4. Now, you need to locate the uid of the customer. You will need to know their username.

vi /etc/passwd

5. Once that file is open, run a search on their username

/theirusername

That will show a 5 digit number and a smaller number. The larger number should be the UID.

6. Now, go to shell and run the following command (where, in this example, 33025 is the UID of the user)

find / -uid 32025

A folder by folder listing will be displayed. It may take some time to process. When completed, you should scroll back through the output to find the files. Files in /home/username are fine as well as /etc/valiases, etc. LOOK for files in your backup directory that may have the same UID as your user. If found, that is usually the culprit.       

Ad