SFTP – Connections and File Permissions – Part 3

In the last couple of posts SFTP - Connections and File Permissions - Part 1 and SFTP – Connections and File Permissions – Part 2 we configured sftp and looked at the effect of umask when transferring files using sftp. In this post we will configure restricting users to their home directories using chroot.. Before we configure … Continue reading SFTP – Connections and File Permissions – Part 3

AWS Cloud Formation Cross Stack

As mentioned in AWS blog https://aws.amazon.com/blogs/aws/aws-cloudformation-update-yaml-cross-stack-references-simplified-substitution/ Many AWS customers use one “system” CloudFormation stack to set up their environment (VPCs, VPC subnets, security groups, IP addresses, and so forth) and several other “application” stacks to populate it (EC2 & RDS instances, message queues, and the like). Until now there was no easy way for the application … Continue reading AWS Cloud Formation Cross Stack

SFTP – Connections and File Permissions – Part 2

So in our last post SFTP – Connections and File Permissions – Part 1 we discussed SFTP connections, file permissions and the effect of "umask". One thing we should make a note that SFTP server binary is "/usr/libexec/openssh/sftp-server" which we can see in sshd config file. I've also updated "test2" user umask to 0077 and deleted … Continue reading SFTP – Connections and File Permissions – Part 2

SFTP – Connections and File Permissions – Part 1

We did SSH setup as mentioned in SSH setup – Key based authentication In this article lets talk about "umask" and file permissions while doing SFTP. When a "user" is created - default "umask" is 0002(---w) - meaning no write permission for others. When the "user" creates a file : the default file permission subtract … Continue reading SFTP – Connections and File Permissions – Part 1

AWS – Attach/Replace IAM role of running instance

https://aws.amazon.com/blogs/security/easily-replace-or-attach-an-iam-role-to-an-existing-ec2-instance-by-using-the-ec2-console/ https://aws.amazon.com/blogs/security/new-attach-an-aws-iam-role-to-an-existing-amazon-ec2-instance-by-using-the-aws-cli/ From the above articles from AWS we can now attach/replace IAM role of running instances. The below example is simple scenario to test the same using CF.. Provision EC2 Instance, Create S3 bucket, Create S3 Bucket Policy, Role and Instance Profile. But I am not attaching the instance profile to the EC2 Instance … Continue reading AWS – Attach/Replace IAM role of running instance

Docker Swarm – Manager Nodes

Reference: https://docs.docker.com/engine/swarm/swarm-tutorial/ On the manager node (to be) initialize the docker swarm cluster - "docker swarm init". It also prints the command to run on the worker node to join the cluster. If we lose the command then run "docker swarm join-token worker" on the manager node to get it and run on the nodes to … Continue reading Docker Swarm – Manager Nodes