78 lines
3.5 KiB
Markdown
78 lines
3.5 KiB
Markdown
---
|
|
date: 2013-02-05
|
|
title: In praise of old school UNIX
|
|
category: linux
|
|
---
|
|
|
|
What am I doing today? Documentation that is what. I am writing a
|
|
document on how to do
|
|
[this](https://www.chriscowley.me.uk/blog/2012/11/19/sftp-chroot-on-centos/).
|
|
To any Linux user it is a very simple process and I could just give them
|
|
a link to my own website.
|
|
|
|
I am not writing this for a technical audience though. The people who
|
|
are going to perform this work will be the 'Level 1 operatives'. This
|
|
translates roughly to "anyone we can find on the street corners of some
|
|
Far East city". If I tell them to press the red button labelled "press
|
|
me" and it turns out to be orange, they will stop. I cannot assume the
|
|
ability to edit a file in Vi. How can you work around this, well you
|
|
need to make everything a copy and paste operation. This is easily done
|
|
in Bash thanks to IO redirection and of course Sed.
|
|
|
|
Now, a brief recap may be in order, as there are some perfectly
|
|
knowledgable Linux users who do not know what Sed is. Really, one of
|
|
them sits behind me. Sed stands for Stream EDitor, and it parses text
|
|
and applies transformations to it. It was one of the first UNIX
|
|
utilities. It kind of sits between
|
|
[Grep](https://en.wikipedia.org/wiki/Grep) and
|
|
[Awk](https://en.wikipedia.org/wiki/AWK_programming_language) and is
|
|
[surprisingly powerful](https://uuner.doslash.org/forfun/).
|
|
|
|
Anyway, I need to edit a line in a file then add a block of code at the
|
|
end.
|
|
|
|
cp -v /etc/ssh/sshd_config{,.dist}
|
|
sed -i ''/^Subsystem/s#/usr/libexec/openssh/sftp-server#internal-sftp#g' \
|
|
/etc/ssh/sshd_config
|
|
|
|
First line obviously is a contracted cp line which puts the suffix
|
|
*.dist* on the copy.
|
|
|
|
The basic idea is that it runs through the file (/etc/ssh/sshd\_config)
|
|
and looks for any line that starts with "Subsystem" (`/^Subsystem/`).
|
|
If it finds a line that matches it then will perform a "substituion"
|
|
(`/s#`). The next 2 blocks tell it what the substitution will be in the
|
|
order "\#From\#To\#". The reason for the change from `/` to `#` is
|
|
because of the / in the path name (thanks to
|
|
[Z0nk](https://www.reddit.com/user/z0nk) for reminding me that you can
|
|
use arbitary seperators). The "\#g" tells Sed to perform the
|
|
substituion on every instance it finds on the line, rather than just the
|
|
first one. It is completely superfluous in this example, but I tend to
|
|
put it in from force of habit. Finally the "-i" tells Sed to perform
|
|
the edit in place, rather than outputing to Stdout.
|
|
|
|
The next bit is a bit cleverer. With a single command I want to add a
|
|
block of text to the file.
|
|
|
|
cat <<EOF | while read inrec; do echo $inrec >> /etc/ssh/sshd_config; done
|
|
Match Group transfer
|
|
ChrootDirectory /var/local/
|
|
ForceCommmand internal-sftp
|
|
X11Forwarding no
|
|
AllowTcpForwarding no
|
|
|
|
EOF
|
|
|
|
Here `cat <<EOF` tells it send everything you type to Stdout until it
|
|
sees the string EOF. This then gets piped to a `while` loop that appends
|
|
each line of that Stdout to the file we want to extend
|
|
(*/etc/ssh/sshd*config\_ in this case).
|
|
|
|
Using these old tools and a bit of knowledge of how redirection works
|
|
has enabled me to make a document that anyone who can copy/paste can
|
|
follow. It is very easy for technical people to forget that not everyone
|
|
has the knowledge we have. To us opening Vi is perfectly obvious, but to
|
|
others maybe it isn't and they are not being paid enough to know. They
|
|
are just being paid to follow a script. I may not like it, but it is the
|
|
case - it also helped turn a boring documentation session into something
|
|
a little more interesting. Which is nice!
|