chrooted SFTP

Tim Chase

2021-08-30

Creating `chroot` SFTP accounts

For $DAYJOB I had to create user accounts for customers and give them access to SFTP files to/from secured areas of our server. We wanted to use chroot functionality to ensure that no customer could see other customers' data, and prevent them from poking around potentially sensitive areas of the server. After a bit of trial-and-error, I've listed the lessons-learned here in a cook-book fashion so that in case I ever have to do it again, I have the steps documented.

This post was spurred to exist thanks to this Reddit post asking about creating an encrypted FTP server on OpenBSD so my reply there became the basis for this post.

CLI Tricks: Spongebob Sarcasm in awk

Tim Chase

2021-02-28

Sometimes you want to turn some text into "sarcastic Spongebob" text so this little fragment of awk will make that transformation for you:

#!/usr/bin/awk -f
BEGIN { srand() }
{
    n = split($0, a, //)
    for (i=1; i<=n; i++) {
        c=a[i]
        printf("%c", rand() < 0.5 ? toupper(c) : tolower(c))
    }
    print ""
}

CLI Tricks: Full justify text with awk

Tim Chase

2021-02-27

I wanted to do some full-justification of text. So a little awk later, I could set the desired width and pipe to justify it.

#!/usr/bin/awk -f
BEGIN {c = "COLUMNS" in ENVIRON ? ENVIRON["COLUMNS"] : 80}
{
    if (NF > 1) {
        s = $0
        wc = split(s, a)
        gsub(FS, "", s)
        totalfill = c - length(s)
        fill = totalfill / (wc - 1)
        intfill = int(fill)
        errdelta = fill - intfill
        err = 0.5
        printf(a[1])
        for (i=2; i<=length(a); i++) {
            width = intfill
            err += errdelta
            if (err >= 1) {
                ++width
                err -= 1
            }
            printf("%*s%s", width, " ", a[i])
        }
        printf("\n")
    } else print
}

CLI Tricks: Finding interesting words

Tim Chase

2021-02-22

Most Linux, BSD, MacOS machines come with /usr/share/dict/words so a little awk, grep, and other shell utilities can find some interesting words.

CLI Tricks: Freeze dance with cmus

Tim Chase

2021-02-22

Our daughter wanted to "freeze dance" (music plays, stopping at random intervals, at which the dancing kids freeze in place until the music resumes). So what is a geek dad to do? Load up a playlist of kids' music in cmus, start playing the music, and let the shell randomly freeze and resume the music

user$ while true ; do sleep $(( $RANDOM % 15 + 5)) ; cmus-remote -u ; sleep 4; cmus-remote -u ;  done

This does as sleep for some random interval between 5 and 20 seconds, then does as sleep for 4 seconds before unpausing the music.

You could do something similar with mpd/mpc if you prefer them.

CLI Tricks: reboot/shutdown mollyguard function

Tim Chase

2021-02-22

Over on Twitter I was having a discussion about creating a mollyguard to protect yourself from accidentally rebooting the wrong machine by requiring you to type the hostname of the machine you wanted to reboot. If you need such, you can add these functions to your ~/.bashrc or ~/.profile to create such a reboot function. Note: The function shown on Twitter had the logic reversed so make sure you get the "=" and "!=" correct. If $1 equals the hostname, you want to proceed with the shutdown; if they are not equal you want a warning.

reboot() { [ "x$1" = "x$(hostname)" ] && sudo /sbin/shutdown -r now || echo "Failed to specify $(hostname)" ; }
halt() { [ "x$1" = "x$(hostname)" ] && sudo /sbin/shutdown -p now || echo "Failed to specify $(hostname)" ; }

If you run on OpenBSD you can specify doas instead of sudo.

CLI Tricks: Find the Nth word of a text file

Tim Chase

2021-02-22

While I'm not sure when others would use this I wanted to find the Nth word of a text file so I used this to find the, say, 318th word of the document:

user$ tr -cs "a-zA-Z'" '\012' < document.txt | sed -n '318{p;q;}'

Yes, it can get tripped up by non-Latin characters, hyphenated words, or other edge-cases, but for my 7-bit ASCII input text, it did the job.

CLI Tricks: in vim, git-add all open windows

Tim Chase

2021-02-22

Occasionally I have multiple windows open in vim and want to add all of those files to git. Rather than specifying each filename explicitly, I use this:

:windo !git add %

CLI Tricks: diff files in git and then add them

Tim Chase

2021-02-22

Occasionally I want to diff one or more files in git and, if everything looks good, then add them. To do so, I often take advantage of bash's ^ notation to do a replacement:

user$ git diff -- file1.txt file2.txt
user$ ^diff^add
user$ git commit -m "Looks good to me"

The second command replaces diff with add turning the command into git add -- file1.txt file2.txt without having to retype the entire command.

CLI Tricks: Compare directory sizes when hard-linking

Tim Chase

2021-02-21

I have directories with lots of image files (or mail files), some of which I hard-link into other directories to save space or make sure they're in sync. How much space am I saving by hard-linking?

user$ (du -sl ; printf '-\n' ; du -s) | awk '{print $1}' | paste -s - | bc

With a little math, most of it can happen in one awk statement:

user$ (du -sl ; du -s) | awk '{t+=(-NR*2+3)*$1} END{print t}'

Creating chroot SFTP accounts

Creating `chroot` SFTP accounts