Friday, October 30, 2009
Restrict ssh/ftp user from leaving the home directory - Or grant access to specific directory
This script is tested from Bash and Ksh shell.
Edit the user .profile and add the following lines.
################################
typeset -xf _cd
function _cd
{
\cd $*
if grep "${PWD}" /.approved_dirs > /dev/null 2>&1; then
return
fi
\cd $OLDPWD
return
}
alias cd=_cd
####################################
This script will check if the user is trying to do a cd to any other folder other than listed in .approved_dirs. If its listed, it will allow the user to cd to the folder else it will drop the uesr to his old pwd directory. Which is his home directory.
To restrict the user from editing his .profile or .approved_dirs change the permission to 644 for the files.
Pitfall: If the user uses "alias cd=cd" then the above script will not work. Or if th user changes the default shell, the settings will fail. Preferably can be used for sftp user.
This document is picked from the link below - Many thanks to the contributor - I am placing it here so that its easily accessible to me and others refereing my blog for help.
Edit the user .profile and add the following lines.
################################
typeset -xf _cd
function _cd
{
\cd $*
if grep "${PWD}" /.approved_dirs > /dev/null 2>&1; then
return
fi
\cd $OLDPWD
return
}
alias cd=_cd
####################################
This script will check if the user is trying to do a cd to any other folder other than listed in .approved_dirs. If its listed, it will allow the user to cd to the folder else it will drop the uesr to his old pwd directory. Which is his home directory.
To restrict the user from editing his .profile or .approved_dirs change the permission to 644 for the files.
Pitfall: If the user uses "alias cd=cd" then the above script will not work. Or if th user changes the default shell, the settings will fail. Preferably can be used for sftp user.
This document is picked from the link below - Many thanks to the contributor - I am placing it here so that its easily accessible to me and others refereing my blog for help.
Thursday, October 22, 2009
Wednesday, October 07, 2009
Perl script to create a Exchange Enabled contact on AD
#!/usr/bin/perl
use Net::LDAP;
$Ad = Net::LDAP->new("sogolab.com", version => 3, port => 389) or die("failed $!");
print "Failed connecting" if(!$Ad);
## bind as an admin or someone who has privileges to create an user
$b = $Ad->bind(dn => 'CN=Administrator,CN=Users,DC=sogolab,DC=com', password => 'xxxxxxx') or die("failed $!; ".$b->error);
$result = $Ad->add( 'cn=Thomas T,cn=Users,DC=sogolab,DC=com',
attr => [
'cn' => 'Thomas T',
'sn' => 'Thomas',
'mail' => 'thomas@sogolab.com',
'targetAddress' => 'SMTP:sam@kmail.com',
'mAPIRecipient' => 'FALSE',
'mailNickname' => 'Thomas',
'internetEncoding' => '1310720',
'objectclass' => ['top','person','organizationalPerson','contact' ]]
);
$result->code && warn "failed to add entry: ", $result->error ;
use Net::LDAP;
$Ad = Net::LDAP->new("sogolab.com", version => 3, port => 389) or die("failed $!");
print "Failed connecting" if(!$Ad);
## bind as an admin or someone who has privileges to create an user
$b = $Ad->bind(dn => 'CN=Administrator,CN=Users,DC=sogolab,DC=com', password => 'xxxxxxx') or die("failed $!; ".$b->error);
$result = $Ad->add( 'cn=Thomas T,cn=Users,DC=sogolab,DC=com',
attr => [
'cn' => 'Thomas T',
'sn' => 'Thomas',
'mail' => 'thomas@sogolab.com',
'targetAddress' => 'SMTP:sam@kmail.com',
'mAPIRecipient' => 'FALSE',
'mailNickname' => 'Thomas',
'internetEncoding' => '1310720',
'objectclass' => ['top','person','organizationalPerson','contact' ]]
);
$result->code && warn "failed to add entry: ", $result->error ;
Monday, October 05, 2009
Perl script to create AD User from Unix Server
#!/usr/bin/perl
use Net::LDAP;
$Ad = Net::LDAP->new("sogolab.com", version => 3, port => 389) or die("failed $!");
print "Failed connecting" if(!$Ad);
## bind as an admin or someone who has privileges to create an user
$b = $Ad->bind(dn => 'CN=Administrator,CN=Users,DC=sogolab,DC=com', password => 'XSSSXXX') or die("failed $!; ".$b->error);
$result = $Ad->add( 'cn=Ratish Kumar,cn=Users,DC=sogolab,DC=com',
attr => [
'cn' => 'Ratish Kumar',
'sn' => 'Ratish',
'mail' => 'ratish@kmail.com',
'sAMAccountName' => 'ratish',
'userAccountControl' => '544',
'objectclass' => ['top', 'person','organizationalPerson','user' ]]
);
$result->code && warn "failed to add entry: ", $result->error ;
use Net::LDAP;
$Ad = Net::LDAP->new("sogolab.com", version => 3, port => 389) or die("failed $!");
print "Failed connecting" if(!$Ad);
## bind as an admin or someone who has privileges to create an user
$b = $Ad->bind(dn => 'CN=Administrator,CN=Users,DC=sogolab,DC=com', password => 'XSSSXXX') or die("failed $!; ".$b->error);
$result = $Ad->add( 'cn=Ratish Kumar,cn=Users,DC=sogolab,DC=com',
attr => [
'cn' => 'Ratish Kumar',
'sn' => 'Ratish',
'mail' => 'ratish@kmail.com',
'sAMAccountName' => 'ratish',
'userAccountControl' => '544',
'objectclass' => ['top', 'person','organizationalPerson','user' ]]
);
$result->code && warn "failed to add entry: ", $result->error ;
Subscribe to:
Posts (Atom)