Monday, September 26, 2011

Keyless ssh connection between A and B

A:
ssh-keygen -t rsa
...
...

Then scp the "id_rsa.pub" to B


B:
cat id_rsa.pub >> .ssh/authorized_keys
chmod 644 .ssh/authorized_keys


Now connection from A to B is keyless.

Friday, September 16, 2011

ACL Setup

On the job side, I need a root-like user who has write permission on any sub-folders under PATH_JOB while the individual user has only 744 like permissions on his/her own job folders. However, Unix/Linux does not have fine control over file/directory by default, so you can not assign permissions to different users. ACL (Access Control Lists) can be used to solve this problem.

Here is a simple test on my VM_Ubuntu_10.10:

1. List partitions, the /dev/sda1 is the root directory "/"
# blkid
/dev/sda1: UUID="xxxx" TYPE="ext4"
/dev/sda5: UUID="yyyy" TYPE="swap"

2. Modify the /etc/fstab to support ACL by inserting "acl" into options.
#vim /etc/fstab
UUID=xxxx / ext4 errors=remount-ro,acl 0 1

3. Remount the root directory
#mount / -o remount

4. Make a test
#setfacl -m u:abc:rw hello
#getfacl hello

# file: hello.txt
# owner: root
# group: root
user::rw-
user:abc:rw-
group::rw-
mask::rw-
other::---

5. Now user "abc" can read and write "hello"!

#ls
rw-rw----+ 1 root root 0 2011-09-16 11:41 hello.txt

Note the new "+" character appears the end of permission field. This shows this file/folder supports ACL