OpenSSH 4.9 was the first version of the famous daemon that came with an built-in chroot functionality (changelog). Chrooting the sshd and restricting the shell access to a few commands can be a great solution to grant a few users secure access to exchange files. We will use the rssh shell to only allow sftp access for one user, locked to his chrooted home directory. Since it is dangerous to give a user write access to the root of a chroot, you have to create the user’s home directory inside the chroot. In this example /home/ftp will be the chroot and /home/ftp/secftp is the home directory of the user, the place where he finds himself when connecting to the machine.
Install the rssh shell with
$ aptitude install rssh
and adjust the config file for the user secftp to allow sftp access.
$ vim /etc/rssh.conf
Then add the new user secftp (with /secftp as home and /usr/bin/rssh as shell) to your system and set a password.
$ useradd -d /secftp -s /usr/bin/rssh -g users secftp
$ passwd secftp
Create the directory and adjust the ownership so secftp can read/write and other group members can read the uploaded files.
$ mkdir -p /home/ftp/secftp
$ chown secftp:users /home/ftp/secftp
Edit your sshd configuration and add the user specific options for your chroot. Don’t forget to add secftp to your AllowUsers (which you should have configured :)).
$ vim /etc/ssh/sshd_config
Subsystem sftp internal-sftp
Match User secftp
Restart the sshd daemon and you should be done.
Update: For a full tutorial on how to setup Adobe Air and Tweetdeck on 64bit Ubuntu, take a look here.
Starting TweetDeck on a Linux desktop other then Gnome or KDE will result in the error message
Oops, TweetDeck can’t find your data
because TweetDeck doesn’t support them by default. But you only get to know about it, when starting from the command line
Unknown desktop manager, only Gnome and KDE are supported
To use TweetDeck you need e.g. a running gnome-keyring-daemon, otherwise TweetDeck doesn’t know how to save your account/password information. To start TweetDeck change the DIRNAME to your needs and use this script.
GNOME_DESKTOP_SESSION_ID=$GNOME_KEYRING $DIRNAME/TweetDeck &
Much like setting up a shared folder on a Linux host and a Windows guest, you need to create the folder to share on your host system and add it to your shared folders list in Virtualbox. You also need a mountpoint inside your virtual system (in this case: /mnt/VirtualBoxExchange).
Mounting it is done with the command
mount -t vboxsf VirtualBoxExchange /mnt/VirtualBoxExchange
Create the config file in your .ssh directory if it doesn’t already exist.
Open the file and add your configuration:
Where Host is the name of the shortcut. You can also add other options like
or another Host to your configuration. Take a look at the ssh_config manpage for more options.
You can now use your shortcut with
Today Marc Ruef released an article about Opera Mini on the iPhone and pointed out that all traffic is routed through Opera’s own proxy server. Opera isn’t allowed to use his own rendering engine on the iPhone because of Apple’s strict license. Opera Mini just provides another frontend for Apple’s safari engine, while the rendering happens on Opera’s server.
Users of Opera Mini should be aware that all their traffic could be analysed and used for data mining.
A quick test reveals that the Android version of Opera Mini also uses Opera’s own server as a proxy.
t09-07.opera-mini.net – – [16/Apr/2010:13:27:39 +0200] „GET /blog HTTP/1.1“ 301 198 „http://www.carrier-lost.org/blog/about/“ „Opera/9.80 (J2ME/MIDP; Opera Mini/5.0.18302/764; U; en) Presto/2.4.15“
t09-07.opera-mini.net – – [16/Apr/2010:13:27:39 +0200] „GET /blog/ HTTP/1.1“ 200 3886 „http://www.carrier-lost.org/blog/about/“ „Opera/9.80 (J2ME/MIDP; Opera Mini/5.0.18302/764; U; en) Presto/2.4.15“
t09-07.opera-mini.net – – [16/Apr/2010:13:27:39 +0200] „GET /blog/wp-content/themes/decoder/img/bg-meta.gif HTTP/1.1“ 404 2400 „http://www.carrier-lost.org/blog/“ „Opera/9.80 (J2ME/MIDP; Opera Mini/5.0.18302/764; U; en) Presto/2.4.15“
Where t09-07.opera-mini.net is the proxy server.
1. Create the folder on your host you like to share with the virtual machine (e.g. /home/pat/VirtualBoxExchange).
2. Add the shared folder to your virtual machine.
3. Open the command prompt on the windows machine (Start -> Run -> cmd.exe) and type
net use x: \vboxsvrVirtualBoxExchange
4. Have fun.
Starting syslog-ng on a vServer with Debian Lenny fails with the message:
Starting system logging: syslog-ng
Error opening file for reading; filename=’/proc/kmsg’, error=’Operation not permitted (1)’
Error initializing source driver; source=’s_all’ failed!
Error initializing source driver; source=’s_all’
You have to comment out a few lines in /etc/syslog-ng/syslog-ng.conf since syslog-ng doesn’t have direct access on the kernel messages. Under „Sources“
file(”/proc/kmsg” log_prefix(”kernel: “));
# kern.* -/var/log/kern.log
Syslog-ng should start just fine now.