After my recent experience with broken
sudo commands in a failed system upgrade, I realized that although disabling the root account has many advantages, one of the disadvantage is that I can’t login as root in the terminal when I’m physically in front of the system. This is a major issue if
passwd binaries are broken somehow. Luckily, chroot was there to the rescue for me. Now, I contemplate whether I should enable the root account on my systems…
In the past, I’ve described how one could build multiarch (64 bit and 32 bit) versions of R on a 64 bit Ubuntu machine. The method based on this thread no longer works as of R 2.13 or 2.14 I believe. I received advice from someone on
#R over on
freenode (forgot who) a few months ago that suggested the chroot route (see this also). I recently tried it and wanted to document the procedures. Although the solution isn’t as nice as the previous multiarch route, it will suffice for now. With the
chroot method, first compile the 64 bit version of R the usual way. For the 32 bit version of R, do:
<pre class="src src-sh"><span style="color: #ff4500;">#### </span><span style="color: #ff4500;">change my.username to your username, or modify path per your taste</span>
### create chroot jail
sudo apt-get install dchroot debootstrap
sudo mkdir ~/chroot-R32
sudo emacs -q -nw /etc/schroot/schroot.conf
## paste the following in the file: (no quotes)
## build a basic Ubuntu system in the chroot jail
sudo debootstrap –variant=buildd –arch i386 natty /home/my.username/chroot-R32 http://ubuntu.cs.utah.edu/ubuntu/ ## pick a mirror from https://launchpad.net/ubuntu/+archivemirrors
## copy my source locations for apt
sudo cp /etc/apt/sources.list /var/chroot/etc/apt/sources.list ## edit this new file if to reflect only the needed source
### do following steps whenever you need to access 32 bit R
## access to proc and dns
sudo mount -o bind /proc /home/my.username/chroot-R32/proc
sudo cp /etc/resolv.conf /home/my.username/chroot-R32/etc/resolv.conf
## go into jail; do this whenever you want
sudo chroot /home/my.username/chroot-R32
dpkg-architecture ## make sure system is i386
### now the root / location should reflect the jail
### following happens in jail
## tools needed to build R
apt-get install gcc g++ gfortran libreadline-dev libx11-dev xorg-dev
## get svn to get latest r source code
apt-get install git-core subversion
## compile 32 bit R
svn checkout https://svn.r-project.org/R/trunk/ r-devel
apt-get install rsync
How big is my
/home/my.username/chroot-R32 folder? It is at 791 MB after the above steps. Let me know if you have suggestions for having both 32 bit or 64 concurrently on Linux. I believe Windows and Mac ships and compiles both 32 bit and 64 bit versions of R. I’m surprised this isn’t the case for Linux.
I recently needed to set up an ftp server (or sftp server) that allows the user to transfer files. I had some restrictions:
- The account cannot have
ssh access since I don’t want an unauthorized person to run jobs on the server.
- The account needs to be restricted to a single directory. I don’t want the account to have access to all files on the server.
I first followed this guide to get proftpd up with an account. However, I kept getting errors trying to log in using Nautilus or Filezilla. The error came from
PASV mode, which I think stems from a firewall/NAT issue. I next tried this to use vsftpd. Still no go (same error).
I decided to use sftp since I know for sure ssh works and that it’s more secure. Now that I think about it, none of my server has an ftp server running since sftp is more secure and Nautilus and Filezilla supports the sftp protocol.
From this post, I re-discovered rssh and the native support from recent versions of openssh. The “match user” method for openssh and the rssh method did not work for me. I finally stumbled on this post that made things work.
sudo apt-get install openssh ## this is already installed for me
## modify /etc/ssh/sshd_config
# Use the following line to *replace* any existing 'Subsystem' line
Subsystem sftp internal-sftp
# These lines must appear at the *end* of sshd_config
Match Group sftponly
## in shell
sudo groupadd sftponly
sudo useradd newuser
sudo passwd newuser ## set password
sudo usermod -g sftponly -s /bin/false -d /home/newuser newuser
sudo chown root:root /home/newuser
sudo mkdir upload ## upload files in here
sudo chown newuser:newuser upload
sudo /etc/init.d/ssh restart
Now, ssh with the
newuser should not work, and sftp (via command line, nautilus, or filezilla) should only access one location.
/home/newuser is own by root, so
newuser can’t do much in there. Create a directory
upload, and make
newuser the owner.