How to Setup Sandstorm Personal Cloud Server in Linux

Sandstorm is an Open Source self-hostable web productivity suite implemented as a security-hardened web app package manager. It is a radically easier way to run personal instances of your web application at one place. It allows you to have your own personal server to install multiple application on it through an app store interface as easily as you would install apps on a phone. Sandstorm keeps a list so you can find everything you create and its unified access control system covers data from every app, and everything is private to you by default. Find any app you want on the App Market and start using it with a few clicks. Every app comes with automatic updates. More than all it protects you, each document, chat room, mail box, notebook, blog, or anything else you create is a “grain” in Sandstorm. It containerizes each one in its own secure sandbox from which it cannot talk to the world without express permission. All your grains are private until you share them. The result is that 95% of security vulnerabilities are automatically mitigated.


To make Sandstorm run on CentOS 7, we will be required to have systems with following competencies.

  • Linux Kernel 3.10+
  • User namespaces disabled

According to its basic software requirements, you can easily install it on RHEL-7 or CentOS 7 as both have the kernel versions greater than 3.10. Like the same way if you have to install it on Arch Linux, you can do so because of its kernels compiles with ‘CONFIG_USER_NS=n’.

Other than software requirements, you can use 1GB+ of RAM but 2GB+ is recommended. Here in this article we will be using a CentOS 7.2 VM with 2GB RAM , 2 CPUs and 20 GB disk space.

How to update your system

Once you have access to the VM, create a non-root user with sudo privileges to perform all system level tasks. In CentOS 7 you create a new user with sudo rights using below commands.

$ ssh root@server_ip

# adduser new_user

Set your password for the new user, and then Use the ‘usermod’ command to add the user to the ‘wheel’ group.

# usermod -aG wheel new_user

Now using the ‘su’ command, switch to the new user account and run the command with sudo to update your system.

# su – new_user

# sudo yum update -y

After system update with latest updates and security patches, move to the next step to download and install the Sandstorm on CentOS 7.

How to install Sandstorm

This comes with its own installer that provides its automatic installation setup. To install on your own Linux machine, you just need to run below ‘curl’ command.

$ curl | bash

Then You can have two options, and you need to choose the appropriate one, either you like to go for 1 or 2 .

1. A typical install, to use Sandstorm (press enter to accept this default)
2. A development server, for working on Sandstorm itself or localhost-based app development

Let’s choose the option ‘1’ and press Enter key to go for its default typical installation.

This complete installation setup with go through the following process.:

* Install Sandstorm in /opt/sandstorm
* Automatically keep Sandstorm up-to-date
* Configure auto-renewing HTTPS if you use a subdomain of
* Create a service user (sandstorm) that owns Sandstorm’s files
* Configure Sandstorm to start on system boot (with systemd)
* Listen for inbound email on port 25.

To set up Sandstorm, we have to provide the sudo privileges, type ‘yes’ to allow sudo access to continue after its password.

Note that Sandstorm’s storage will only be accessible to the group ‘sandstorm’. As a Sandstorm user, you are invited to use a free Internet hostname as a subdomain of, a service operated by the Sandstorm development team. You can choose your desired Sandcats subdomain (alphanumeric, max 20 characters). Type the word ‘none; to skip this step, or ‘help’ for help.

What * subdomain would you like? [] linox

Next you need to mention your email on file so it help you recover your domain if you lose access.

Enter your email address: []

This register your domain, and you will be provided with a URL that users will enter in browser.


Next Sandstorm requires you to set up a wildcard DNS entry pointing at the server. This allows Sandstorm to allocate new hosts on-the-fly for sandboxing purposes. Please enter a DNS hostname containing a ‘*’ which maps to your server. For example, if you have mapped * to your server, you could enter “*”. You can also specify that hosts should have a special prefix, like “ss-*”. Note that if your server’s main page is served over SSL, the wildcard address must support SSL as well, which implies that you must have a wildcard certificate. For local-machine servers, we have mapped * to for your convenience, so you can use “*” here. If you are serving off a non-standard port, you must include it here as well.

Wildcard host: [*] *

Server installation is complete now, Visit the link mentioned in the end of the setup to start using it.


As mentioned the URL expires in 15 minutes. You can generate a new setup URL by running below command.

$ sudo sandstorm admin-token

session token

How to configure Sandstorm Web setup

Once you open the URL, you will see a welcome page to begin the admin settings and to configure your login system.

welcome sandstorm

1) Identity providers

To use Sandstorm, you need to create a user account. Every user account on Sandstorm is backed by an identity provider. You’ll use this identity provider to authenticate as the first administrator of this Sandstorm install.

Configure the identity provider or providers you wish to enable by a click on the ‘configure’ button.

identity provider

Let’s see if you want to enable Github on your Sandstorm, click on the configure button, a new window will be opened where you need to provide github login configurations. Once you got your Client ID and Client secret from your github account, click on the ‘Enable’ button to proceed.

github configuration

2) Organization settings

Sandstorm allows you to define an organization. You can automatically apply some settings to all members of your organization. Users within the organization will automatically be able to log in, install apps, and create grains.

Organization settings

3) Email delivery

Sandstorm needs a way to send email. You can skip this step (unless you’re using email login), but email-related features will be unavailable until you configure email in the future. Mention your SMTP host with Port and credentials.

email delivery

4) Pre-installed apps

Here Sandstorm installs the following Productivity Suite apps that are useful for most users shown below. You will be able to configure all pre-installed apps in the Admin Settings panel after setup.

pre install app

5) Create Admin account

Log with your google or Github account that you created in previous step to create your admin account.

admin account

That’s it, now add more users, edit other settings or start user your awesome personal cloud platform.

start using


In the end of this article, you are now able to install, configure and use your own personal cloud platform on CentOS 7. It aims to tackle the authentication and security problems that software-As-A-Service poses for many companies through the use of fine-grained containerization. Using Sandstorm now it’s much easier than setting up yourself because you just to point and click, your click install and you have the app running. It takes like 5 seconds to spin up a container that help’s you build your own applications within seconds.

How to Use Linux Hexdump Command with Practical Examples

Hexdump is a very useful Linux command for developers and application debuggers. It has ability to dump file contents into many formats like hexadecimal, octal, ASCII and decimal. This command takes a file, or any standard input, as input parameter and converts it to the format of your choice. Let’s assume you work with binary data and you are unable to understand the format of a file, you can make use of Hexdump command to get file contents in much better readable format. This command comes pre-installed with all modern day Linux operating systems like CentOS, Fedora, Ubuntu, Debian, Arch Linux etc. In this article, we will be demonstrating the use of hexdump command using various examples. Written in C language, this command might be easy to understand by professional C programmers, but for other IT professionals, it might be a tricky command. We will try to do our best to demonstrate its usage and purpose here in this article.

1) Hexdump -b

Using “-b” switch with Hexdump will display the input offset in hexadecimal format. This option is also called “One-byte octal display”.  The output will be followed by sixteen space-separated, three column, zero-filled, bytes of input data, in octal, per line. Here is the example output we received when we run this command with “-b” switch on a file named “Linuxthegreat”.

# hexdump -b Linuxthegreat
0000000 124 150 151 163 040 151 163 040 040 141 040 164 145 163 164 040
0000010 114 151 156 157 170 151 144 145 040 106 151 154 145 012 125 163
0000020 145 144 040 146 157 162 040 144 145 155 157 156 163 164 162 141
0000030 164 151 157 156 040 160 165 162 160 157 163 145 163 012 012

2) Hexdump -c

This option is referred to as “One-byte character display”. You can use this command parameter to display the input offset in hexadecimal. The output string will be followed by sixteen space-separated,   three column, space-filled, characters of input data per line. Here is the example output of this command.

hexdump -c Linuxthegreat
0000000   T   h   i   s       i   s           a       t   e   s   t
0000010   L   i   n   o   x   i   d   e       F   i   l   e  \n   U   s
0000020   e   d       f   o   r       d   e   m   o   n   s   t   r   a
0000030   t   i   o   n       p   u   r   p   o   s   e   s  \n  \n

3) Hexdump -C

Also known as “Canonical hex+ASCII display”, this shows the input offset in hexadecimal, the output is followed by sixteen space-separated, two column, hexadecimal bytes, along with the same sixteen bytes in %_p format enclosed in “|” characters. Here is working example of this command option.

# hexdump -C Linuxthegreat
00000000  54 68 69 73 20 69 73 20  20 61 20 74 65 73 74 20  |This is  a test |
00000010  4c 69 6e 6f 78 69 64 65  20 46 69 6c 65 0a 55 73  |Linuxthegreat File.Us|
00000020  65 64 20 66 6f 72 20 64  65 6d 6f 6e 73 74 72 61  |ed for demonstra|
00000030  74 69 6f 6e 20 70 75 72  70 6f 73 65 73 0a 0a     |tion purposes..|

4) Hexdump -d

This switch/option shows the input offset in hexadecimal, along with eight space-separated, five column, zero-filled, two-byte units of input data. The output is in unsigned decimal per line. It is also referred to as “Two-byte decimal display”  mode. Here is example output of this command.

 hexdump -d Linuxthegreat
0000000   26708   29545   26912   08307   24864   29728   29541   08308
0000010   26956   28526   27000   25956   17952   27753   02661   29525
0000020   25701   26144   29295   25632   28005   28271   29811   24946
0000030   26996   28271   28704   29301   28528   25971   02675   00010

5) Hexdump -o

Also known as “Two-byte octal display”, it shows the specified input offset in hexadecimal. The output of the command is followed by eight space-separated, six column, zero-filled, two byte quantities of input data, in octal, per line.

# hexdump -o Linuxthegreat
0000000  064124  071551  064440  020163  060440  072040  071545  020164
0000010  064514  067556  064570  062544  043040  066151  005145  071525
0000020  062145  063040  071157  062040  066545  067157  072163  060562
0000030  064564  067157  070040  071165  067560  062563  005163  000012

6) Hexdump  -x

It shows the offset in hexadecimal, followed by eight, space separated, four column, zero filled, two-byte quantities of input data, in hexadecimal. It is referred to as “Two-byte hexadecimal display”.

# hexdump -x Linuxthegreat
0000000    6854    7369    6920    2073    6120    7420    7365    2074
0000010    694c    6f6e    6978    6564    4620    6c69    0a65    7355
0000020    6465    6620    726f    6420    6d65    6e6f    7473    6172
0000030    6974    6e6f    7020    7275    6f70    6573    0a73    000a

7) Hexdump  -v

By default, hexdump uses the asterisk sign (*) to replace the identical line in the output string, but -v option causes hexdump to display all input data. This option is useful when performing the analysis of complete output of any string or text. This command can be used in shell /bash scripts as well for better automation of your desired tasks.

8) Hexdump -s

“Hexdump -s” displays only specified number of bytes from a file, the general syntax to use this option is as follows.

hexdump -s n -c  File

Where, replace “n” with number of lines you want displayed, and “File” with your actual file name. Following example output should further clarify this concept.

# hexdump -s 1 -c  Linuxthegreat
0000001   h   i   s       i   s           a       t   e   s   t       L

The above command will display only one line of output.

You can get more details about hexdump using its help manual. Simply type following command on your Linux system’s terminal and it will display all possibilities and option which can be used with hexdump.

man hexdump


Hexdump is pretty useful utility for system administrators and programmers. It makes analyzing and decoding the various file formats a piece of cake. It can be easily used in bash programming or C programming language scripts to perform complex tasks of file format conversions or analysis and reverse engineering. In this article, we have introduced to hexdump, its useful options and some useful demonstration of the commands related to this utility. Hope you enjoyed this article. If you have any comments or questions, feel free to let us know in comments.

Pet – A Command Line Snippet Manager for Linux

If you manage a lot of Linux systems via command line, you must be aware of the hectic task to remember all the commands you use on daily basis. You often need to go into your system’s history and find the required commands from there. Pet is a command line based tool which makes a system administrator’s life easy. It is an easy to use snippet manager, which saves your command snippets and you can easily view and use them when needed. Command line junkies find this tool extremely important, it is completely a freeware script, the setup process is pretty simple and it runs on almost all flavors of Linux operating system as well as Mac OS. It is built using the well known Go programming language and requires some python modules like Peco and brew to work properly. It is written by Teppei Fukuda and its source code is available on Github. In this tutorial, we will discuss its prominent features, installation process, and some usage example. Stay with us, it’s going to be an interesting session.

Important Features of Pet

Here are some of the noteworthy features of this utility, it can:

  • register your new command snippets pretty quickly.
  • search through the local repository of command snippets.
  • easily edit and run command snippets.
  • use Gist (GitHub-based online code repository) to sync your snippets.

Feeling excited? Let’s get started on its installation and configuration process now.

Installing and Using Pet

We will be demonstrating the installation and usage process of Pet on Ubuntu 16.10 system, the same set of instructions should work for any older version of Ubuntu and Debian based systems. As mentioned in the introductory paragraph, it requires Peco and brew to work properly. Run following two commands respectively to install Brew and Peco on your Linux system.

sudo apt-get install linuxbrew-wrapper
sudo brew install peco

Once the pre-requisites have been properly installed, run following command to download the source file for Pet.

sudo wget

Depending on your network speed, it should take a couple of minutes to complete the download process. Run the following mentioned command to unzip the downloaded file.


Once the unzip process is complete, you should be able to see an executable script, named “pet” here. Run the following command to copy this script file to proper location so it may be available for use for all users.

sudo cp pet /usr/local/bin

There you go, Pet has been configured successfully now. Run “pet” command on the terminal to verify that it is working properly. Expected output should be as depicted in the following screenshot.


Let’s demonstrate some examples, in order to add the new snippets, use the following command:

pet new

It will prompt you the two details, “Command” and “Description”. I have following command I often use on my Linux web servers to identify if my server is under DDOS attack or not.

netstat -nap | grep \:80\  | awk ‘{print $5}’ | tr “:” ” ” | awk ‘{print $1}’ | sort | uniq -c | sort -n

Below screenshot will clarify how I added this snippet to Pet.

pet add

Similarly, you can use the following command to list the currently added snippets.

pet list

You can search through added snippets using the following command:

pet search

You can easily register the previously executed commands to the pet database by edit your .zshrc file. Use vi or vim editor to open the .zshrc file and append the following lines there:

function prev() {
PREV=$(fc -lrn | head -n 1)
sh -c “pet new `printf %q “$PREV”`”

Now you don’t need to add each command manually to Pet, your system will automatically add all the commands you use to the snippet manager. Your daily work life is lot easy now 🙂

Sync Snippets to Gist

As mentioned in the feature list, you can sync your snippets with online Gist repository, for this purpose you must have a Github account, once you have GitHub account, you can get a GIST Token easily. Use the following command to sync your snippets to Gist, it will prompt for Token ID and you should be good to go.

 pet sync -u

Here is the sample output of this command:

 pet sync -u
Gist ID: 1P93IUdf4e06d117097en976BHY
Upload success

Similarly, you can download your snippets from Gist to your system using the following command. It is pretty useful when you want to migrate your snippet data to any other system.

pet sync

Hope you enjoyed this article, we have discussed all possible usages of Pet utility here. It is an extremely lightweight, easy to use, and stable utility which is a must-have application for any command line Linux lover. It is under continuous development and we hope to see many improvements to this application in near future. If you have any questions or feedback, fee free to let us know in the comments section of this article.

What Is The Shell?

When we speak of the command line, we are really referring to the shell. The shell is a program that takes keyboard commands and passes them to the operating system to carry out. Almost all Linux distributions supply a shell program from the GNU Project called bash. The name “bash” is an acronym for “Bourne Again SHell”, a reference to the fact bash is an enhanced replacement for sh, the original Unix shell program written by Steve Bourne.

Terminal Emulators When using a graphical user interface, we need another program called a terminal emulator to interact with the shell. If we look through our desktop menus, we will probably find one. KDE uses konsole and GNOME uses gnome-terminal, though it’s likely called simply “terminal” on our menu. There are a number of other terminal emulators available for Linux, but they all basically do the same thing; give us access to the shell. You will probably develop a preference for one or another based on the number of bells and whistles it has. Your First Keystrokes So let’s get started. Launch the terminal emulator! Once it comes up, we should see something like this:

[me@linuxbox ~]$

This is called a shell prompt and it will appear whenever the shell is ready to accept input. While it may vary in appearance somewhat depending on the distribution, it will usually include your username@machinename, followed by the current working directory (more about that in a little bit) and a dollar sign. If the last character of the prompt is a pound sign (“#”) rather than a dollar sign, the terminal session has superuser privileges. This means either we are logged in as the root user or we selected a terminal emulator that provides superuser (administrative) privileges. Assuming that things are good so far, let’s try some typing. Enter some gibberish at the prompt like so:

[me@linuxbox ~]$ kaekfjaeifj

Since this command makes no sense, the shell will tell us so and give us another chance: bash: kaekfjaeifj: command not found

[me@linuxbox ~]$

Command History If we press the up-arrow key, we will see that the previous command “kaekfjaeifj” reappears after the prompt. This is called command history. Most Linux distributions remember the last 1000 commands by default. Press the down-arrow key and the previous command disappears.

Cursor Movement Recall the previous command with the up-arrow key again. Now try the left and right-arrow keys. See how we can position the cursor anywhere on the command line? This makes editing commands easy.

A Few Words About Mice And Focus: While the shell is all about the keyboard, you can also use a mouse with your terminal emulator. There is a mechanism built into the X Window System (the underlying engine that makes the GUI go) that supports a quick copy and paste technique. If you highlight some text by holding down the left mouse button and dragging the mouse over it (or double clicking on a word), it is copied into a buffer maintained by X. Pressing the middle mouse button will cause the text to be pasted at the cursor location. Try it. Note: Don’t be tempted to use Ctrl-c and Ctrl-v to perform copy and paste inside a terminal window. They don’t work. These control codes have different meanings to the shell and were assigned many years before Microsoft Windows.

Your graphical desktop environment (most likely KDE or GNOME), in an effort to behave like Windows, probably has its focus policy set to “click to focus.” This means for a window to get focus (become active) you need to click on it. This is contrary to the traditional X behavior of “focus follows mouse” which means that a window gets focus just by passing the mouse over it. The window will not come to the foreground until you click on it but it will be able to receive input. Setting the focus policy to “focus follows mouse” will make the copy and paste technique even more useful. Give it a try if you can (some desktop environments such as Ubuntu’s Unity no longer support it). I think if you give it a chance you will prefer it. You will find this setting in the configuration program for your window manager.

Try Some Simple Commands Now that we have learned to type, let’s try a few simple commands. The first one is date. This command displays the current time and date.

[compose@amp ~]$ date
Sun Mar 19 04:10:43 UTC 2017

A related command is cal which, by default, displays a calendar of the current month.

2017-03-19 10_18_51- - Remote Desktop Connection.png

To see the current amount of free space on your disk drives, enter df:

2017-03-19 10_21_28- - Remote Desktop Connection.png

Likewise, to display the amount of free memory, enter the free command.

2017-03-19 10_22_16- - Remote Desktop Connection.png

Ending A Terminal Session We can end a terminal session by either closing the terminal emulator window, or by entering the exit command at the shell prompt:

[me@linuxbox ~]$ exit

The Console Behind The Curtain Even if we have no terminal emulator running, several terminal sessions continue to run behind the graphical desktop. Called virtual terminals or virtual consoles, these sessions can be accessed on most Linux distributions by pressing CtrlAlt-F1 through Ctrl-Alt-F6. When a session is accessed, it presents a login prompt into which we can enter our username and password. To switch from one virtual console to another, press Alt and F1-F6. To return to the graphical desktop, press Alt-F7.

Summing Up As we begin our journey, we are introduced to the shell and see the command line for the first time and learn how to start and end a terminal session. We also see how to issue some simple commands and perform a little light command line editing. That wasn’t so scary was it?

Compatibility with Older Systems RHEL 7

If an ACL has been set on any file on a given file system, that file system has the ext_attr attribute. This attribute can be seen using the following command:
# tune2fs -l filesystem-device
A file system that has acquired the ext_attr attribute can be mounted with older kernels, but those kernels do not enforce any ACLs which have been set.
Versions of the e2fsck utility included in version 1.22 and higher of the e2fsprogs package (including the versions in Red Hat Enterprise Linux 2.1 and 4) can check a file system with the ext_attr attribute. Older versions refuse to check it.

Archiving File Systems with Acls RHEL 7

By default, the dump command now preserves ACLs during a backup operation. When archiving a file or file system with tar, use the --acls option to preserve ACLs. Similarly, when using cp to copy files with ACLs, include the --preserve=mode option to ensure that ACLs are copied across too. In addition, the -a option (equivalent to -dR --preserve=all) of cp also preserves ACLs during a backup along with other information such as timestamps, SELinux contexts, and the like. For more information about dump, tar, or cp, refer to their respective man pages.
The star utility is similar to the tar utility in that it can be used to generate archives of files; however, some of its options are different. Refer to Table 4.1, “Command Line Options for star” for a listing of more commonly used options. For all available options, refer to man star. The star package is required to use this utility.

Table 4.1. Command Line Options for star

Option Description
-c Creates an archive file.
-n Do not extract the files; use in conjunction with -x to show what extracting the files does.
-r Replaces files in the archive. The files are written to the end of the archive file, replacing any files with the same path and file name.
-t Displays the contents of the archive file.
-u Updates the archive file. The files are written to the end of the archive if they do not exist in the archive, or if the files are newer than the files of the same name in the archive. This option only works if the archive is a file or an unblocked tape that may backspace.
-x Extracts the files from the archive. If used with -U and a file in the archive is older than the corresponding file on the file system, the file is not extracted.
-help Displays the most important options.
-xhelp Displays the least important options.
-/ Do not strip leading slashes from file names when extracting the files from an archive. By default, they are stripped when files are extracted.
-acl When creating or extracting, archives or restores any ACLs associated with the files and directories.

Retrieving Acls RHEL 7

To determine the existing ACLs for a file or directory, use the getfacl command. In the example below, the getfacl is used to determine the existing ACLs for a file.

Example 4.4. Retrieving ACLs

# getfacl home/john/picture.png
The above command returns the following output:
# file: home/john/picture.png 
# owner: john 
# group: john 
If a directory with a default ACL is specified, the default ACL is also displayed as illustrated below. For example, getfacl home/sales/ will display similar output:
# file: home/sales/ 
# owner: john 
# group: john