Jailshell on cpanel - Allow access to additional folders - ssh

I've not been able to find a solution to this problem.
I'd like clients I give jail-shell access to (rather than normal shell access) the ability to run commands I allow access too, such as Git.
Git requires you include the folder /usr/local/libexec/git-core but I can't work out a way of including the folder for jail-shell access ?
Perhaps it's not even possible, but I'm keen to find out.

You can mount additional directories in /var/cpanel/jailshell-additional-mounts
If the file doesn't exist create it and put the directories which you want to allow into it, one directory name per line:
/usr/local/libexec/git-core
/usr/local/lib
...

Related

Finding Another Application Directory

I'm writing an application that will add files to a number of another programs directories. I've been able to do this by asking the user to select the installation directory of the program, but I was hoping there would be a way to find the directory automatically. The complication I find is with multiple drives on some users PC's, I feel it would take too long to scan them all... Is there any method to find the directory of a program? Maybe the registry or something?

How can I bundle a command line utility in os x application on Mac App Store (using sandbox entitlement)

I have a c++ command line application that I have already compiled into an executable and have added it into my Xcode project. I have also added the "Copy Files" section to the Build Phases tab of the project properties and added my executable with the "Executables" destination. When I build my application I see it in the test.app/Contents/MacOS folder when I View package contents on the test.app that is built.
I also have App Sandbox enabled on the Capabilities tab of the project (so that I can distribute my application through the mac app store.
How can I expose this command line executable that is bundled with my application to the user so that they can run it from the command line (terminal)? I have not been able to find anything on search engines or on StackOverflow about how to get this file (or a symlink to this file) into the users PATH. I tried using an NSTask to create a symlink, but that only works if I disable the App Sandbox (which makes sense). Has anyone done this before? How did you get it to work? Or can these executables only be executed by code within your application?
I don't see a good way to do this. First, a clarification: the PATH is a list of directories that contain executables, not a list of executables; there's no way to add a single executable to the PATH. Instead, what you'd need to do is either put your executable into one of the directories in the user's PATH, or add the directory your executable is in into the PATH.
On OS X, the default PATH is /usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin. The first 4 directories shouldn't be modified from the system default, so only /usr/local/bin is a possibility. But creating it (it doesn't exist by default) would require admin (actually root) rights, which isn't allowed by App Store policies. So that's out.
That leaves modifying the user's PATH. The "right" way to do that system-wide is by placing a file in /etc/paths.d, which requires admin (/root) rights, so that's out too. Technically modifying the /etc/paths file would work, but that has the same permissions problem plus it's the wrong way to do customization.
The next possibility is to modify (/create) the user's shell initialization script(s). This'll work, but doing it at all right is going to be messy, because there are several shells the user might use, each with several different possible initialization scripts that the user might or might not have created...
Let's take a very simple case: a user who only ever uses bash, and who doesn't already have any initialization scripts. When a "login" instance of bash starts, it looks for ~/.bash_profile, ~/.bash_login, and ~/.profile (in that order), and runs the first one it finds. But your app doesn't know which shell he uses, so you'd better create ~/.profile so zsh and ksh will use it as well. So, your app creates ~/.profile, and puts this in it:
PATH="$PATH:/Applications/MyApp.app/Contents/Helpers"
Great, right? Yup, great, until the user runs something else that wants to set their PATH, it creates ~/.bash_profile, and this overrides your setup. After that, your executable will be in the PATH of zsh and ksh, but not bash. Whee.
And then one day the user decides to use tcsh instead, and it (and csh) have a completely different but equally messy pile of possible init files...

How do give a specific mode to all directories and another to all files in a spec file?

I can't rely on the umask since my machine does not use umask to set permissions. Is there a way to specify that all sub-directories (and their sub-directories etc) of some root directory all have a certain permission, and similarly, that all sub-files of the same root directory have another type of permission in the %files section of the spec file.
If not, I'll have to run some external bash scrip to get the spec file syntax for each individual file, and copy that output to the %files section of the spec file, which will be highly tedious.
If you look at the various references online, %defattr() takes a lesser-known fourth parameter for directories.

Flash Builder 4.6 linked Resources not working with ANEs and Certs

I'm having an issue with linked Resources in Flash Builder. I work in a team environment where we use Linked Resources extensively. We just started developing ANEs and noticed that while linkedResources are used in the libraryPathEntry, in the buildTargets like anePathEntry and airCertificatePath, the absolute path is stored. I tried editing the .actionScriptProperties files directly, modifying the buildtarget absolute paths to linked resource equivalents using the libraryPathEntry as a guide but FlashBuilder complained when loading the project.
Is there a way to get the buildTargets to respect linkedResources and not save the absolute path? I'm trying to avoid the draconian way where all developers must have the exact same directory structure.
Thanks!
Randy
My team had this exact problem and all attempts to fix it with relative paths or workspace macros (i.e. ${PROJECT_LOC}) failed. It seems as if the team in charge of Flash Builder neglected to support relative paths in these particular dialogs, despite them being supported elsewhere.
Here is what we have done to fix this problem. I am assuming you are on a Mac/Linux or the like. If not, the concept here can still be applied.
Most of our projects already have a "set up" bash script that contributors run when they get code. Inside of that script, we simply set up a couple of symbolic links from the user specific absolute path, to a new absolute path with a "common" user. The script first creates the directory if it does not exist, and then creates the symlinks.
sudo mkdir -p /Users/common/<project>/
sudo ln -f -h -s ~/path/to/certificate/dir /Users/common/<project>/certificates
Obviously you can use whatever you like and whatever makes sense for the common path.
Now, in your .actionScriptProperties file you can change the location pointed to by the provisingFile and airCertificatePath to this new common absolute path.
<buildTarget ... provisioningFile="/Users/common/<project>/certificates/provisionfile.mobileprovision" ... >
<airSettings airCertificatePath="/Users/common/<project>/certificates/cert.p12" ... >
We actually take this a step further (and I suspect you will need to also) and create common symlink paths for the ANE files themselves. This ends up changing the anePathEntry to the common path as well.
<anePathEntry path="/Users/common/<project>/anes/some.ane"/>
You will need to make sure that you either hand edit the .actionScriptProperties file directly, or type in the fully qualified symlink path into the dialogs directly. Any attempt at using the Finder dialog launched by Flash Builder to navigate to the files in the common location resulted in the symlinks being auto-resolved to their actual locations.
The script requires sudo, which as I'm sure you know, will require that the users of it know their root password. Maybe some more bash savvy folks can suggest a way around sudo if this is not an option for you.
This will work for android stuff as well I believe. I don't know if that matters to you or not.
Hope this helps!
It looks like this issue was called out in the Flash Builder 4.6 known issues:
http://helpx.adobe.com/flash-builder/kb/flash-builder-4-6-known.html
https://bugs.adobe.com/jira/browse/FB-32955
The bug is apparently fixed but I haven't been able to check the new Flash Builder 4.7 beta yet:
http://blogs.adobe.com/flex/2012/08/flash-builder-4-7-beta-is-here.html

Redcar Install Direct Options

Is there a way to direct the install of redcar to a user defined location other than a user home directory?
I have a jruby install on a USB drive, E:\jruby-1.6.2. Redcar installs the gems to the E:\jruby sub directory but then installs the user files to ~/ on c:.
Is there a way to direct it to e:\fakehome. I want to keep all installation files on my USB drive.
I do not have a Redcar-specific solution, but here is a general solution that may work for you.
PROBLEM:
The user has an application that installs application data files to a fixed location, but the user wants the files in a different location (such as a removable drive or a standardized app data directory).
SOLUTION:
Use a Junction Point or Symlink to simulate the presence of the pre-configured directory.
STEPS:
install the application normally
locate the pre-configured directory that you wish to have relocated (e.g. c:\users\foouser\appdata\fooapp)
create an empty directory with the same name in your alternate desired location (e.g., e:\myusbdrive\appdata\fooapp)
terminate the application you just installed if it is still running
move all of the files out of the pre-configured directory and put them in the desired directory
delete the toplevel pre-configured directory
create a junction that points to the toplevel pre-configured directory you just deleted from the alternate desired location
restart the application and use it normally, making sure that it still behaves normally.
If all goes well you should be finished.
Here i a link to a junction creator (for older versions of Windows (TM))
http://technet.microsoft.com/en-us/sysinternals/bb896768
HTH
This response from Matthew Scharley directly answers how this can be done for redcar.
For the moment it is hard coded. Thankfully it is easy to change:
https://github.com/redcar/redcar/blob/master/lib/redcar.rb#L211