Sysadmin

Installing Thrift Interface on Debian

Sep 30th

Posted by admin in Sysadmin

4 comments

So I’m getting Cassandra/Thrift up and running and came across a few dependencies with the install. Here’s the fix if you encounter either the ` PKG_CHECK_MODULES(MONO, mono >= 1.2.6, have_mono=yes, have_mono=no)’ or missing yac configure and make errors.

If you’re compiling and seeing the MONO errors prior to having installed pkg-configure, just run ./cleanup.sh before running through the instructions below.

- Before compiling the Thrift source, make sure you at least have these packages installed

$ sudo apt-get install automake libtool pkg-config libboost-dev byacc mono-2.0-service flex

- This should also mostly apply to Ubuntu, though I noticed libboost1.35-dev was required (at the time of writing)

- From the directory you’ve unpacked Thrift into, just this will do, though check the configure for options

$ ./bootstrap.sh
$ ./configure
$ sudo make
$ sudo make install

- No errors?

$ thrift -version
Thrift version 20080411-exported

SEXY!

Debian (lenny) SFTP Jailing

Sep 6th

Posted by admin in Sysadmin

2 comments

- First add a new sftp users group, I’ve named mine ‘sftponly’.

groupadd sftponly

Open /etc/ssh/sshd_config for editing. The line you will be looking for as it appears in lenny will be :

Subsystem sftp /usr/lib/openssh/sftp-server

Change this to

Subsystem sftp internal-sftp

At the bottom of the file, you’ll need this acl

Match Group sftpusers
        ChrootDirectory /home/%u
        ForceCommand internal-sftp
        AllowTcpForwarding no
        X11Forwarding no

‘Match Group’s are terminated either by a new Match Group directive, or simply the end of file, so save and restart sshd.

/etc/init.d/sshd restart

- Make sure you can still login normally through another console

- Now adduser, assign them to the new group and strip their shell. Mine will be called feyfey

adduser feyfey
usermod -g sftponly feyfey
usermod -s /bin/false feyfey

- Next, set the user home directory ownership to root.root, and only user writable, then jump into the users directory and create a ‘public’ directory the sftp only user can write to.

chown root.root /home/feyfey
chmod 775 /home/feyfey
cd /home/feyfey
mkdir public; chown feyfey.sftpuser public

If there are any errors during your permissions testing thereafter, check /var/log/auth.log.

and you’re done :D