Sandcastle Access

Sandcastle is our main departmental Linux server. It can be accessed through SSH (tcp port 22) with any SSH capable client.

You can find information regarding free clients and some configuration settings on our software page.

The fully qualified domain name of Sandcastle is sandcastle.cosc.BrockU.CA and it’s IP address is

This will provide you will shell access to your account and can also be used for SFTP transfers.

Remote shell access to Sandcastle is supported through SSH. Most current Operating Systems now have a text based SSH client installed by default. The hostname is and the login uses your Computer Science account credentials. Although Windows 10 added a command line SSH client, you may still want to consider using PuTTY which is an open source implementation that Windows users have been using for decades. A configuration example is shown below.
Please Note: when you connect the first time you will be prompted to accept the SSH key, please visit the security page to ensure that the key presented is correct.


PuTTY is a graphical SSH client which allows you to make shell connections to network servers such as Sandcastle. For connecting the Sandcastle you must enter the hostname which is you can enter a Session name and click “Save” it will remember the hostname next time you open the program.

If it is the first time connecting to Sandcastle you will be asked to verify the host key (as seen below), be sure to verify the fingerprint and if it is different do not continue.

When you click on the open button you should be prompted for a login and may be prompted for your password (this will not happen if you are using the computers in our labs) which is the same as your username and password you use in the Computer Science labs. You will note that when entering the password you will not receive any feedback (not even *’s).

In order to set up a personal web page on Sandcastle there are a few steps which need to be performed before the web pages will be visible. These will require you to log in to a shell on Sandcastle through SSH, if you have not done this before you can find a help page to step you through that process as well.

Once logged into Sandcastle the first step is to create a directory called public_html which is where all your web content will go. The command is: ‘mkdir -m 701 public_html’.

Next you will need to set up proper permissions on your home directory. First make sure that you are in your home directory (you can use the command ‘pwd’ which should return something like /home/std/login where “login” is your Brock login). If you are not in your home directory you can run the command ‘cd’ to return you to the root of your home directory. Once you are in the root of your home directory, issue the command ‘chmod 701 ./’ this will make your public_html directory available to the web server.

Now you can add content to your public_html directory; the web server will look for a file called index.html by default so that is where you should start.

The permissions should be set to the following:

  • 701 for sub-directories (‘ls -ld’ will show -rwx—–x)
  • 644 for HTML files (‘ls -l’ will show -rw-r–r–)
  • 700 for CGI script files (‘ls -l’ will show -rwx——)

If you are not sure what these permission numbers mean you can run the command ‘man chmod’ on Sandcastle and read up.

Note: If your directories or CGI files have the write bit set for group or other, the webserver will refuse to load them.

Once you have added the index.html file with the proper permissions you can view it at: (where user is replaced by your Brock username). Through this URL you can access the files in your public_html directory according to the same directory structure which you have them saved on the server.

Important: When setting permissions always make sure that you do not have the write bit set in any of the last 6 positions show by ‘ls’ as that will mean that other people on the system could potentially write changes to those files or directories.

For security reasons, PHP scripts on Sandcastle are run as CGI scripts rather than through the PHP module in the webserver. This means that there are some specific requirements that are not documented in most discussions of PHP programming.

Step 1 – Calling the executable

In a CGI script file the first line of the script must identify the program that is going to be used to run the script file. On Sandcastle the PHP executable is located at: /usr/bin/php-cgi so the first line of any PHP file which is accessed by the browser must be:


The file must have the extension .php and it is important that the file is in the proper text format. If the file was created on a Windows system then it will have incorrect line endings. To check if this is the case you can log into Sandcastle through SSH, navigate to the directory containing the file and type ‘cat -v filename’ and if the file is in DOS text mode you will see a ^M character at the end of each line. If that is the case you can use the program ‘dos2unix filename’ to convert the file.

Note: PHP include files (if they are never directly accessed by the the browsers) do not need the #!/usr/bin/php-cgi line.

Step 2 – Setting permissions

As a CGI script, the file will be run as the owner and must have the user executable bit set for the permissions. The permissions on the file should be 700 (rwxr—–) so that the webserver can execute the file. If the PHP file or any directory above it in the tree, is writable by anyone other than the user account the webserver will refuse to execute the file (so permissions 777 and 666 will prevent access). To set the permissions you can run the command ‘chmod 700 filename’ from the directory containing the file. The directories containing your website should have permissions 701 (rwx—–x) for maximum security.

Set 3 – In case of errors

If you get an error when you try to view your PHP file you should first check the permissions and if they are OK try running the command ‘php-cgi -l -f filename’ from a shell to test for syntax errors. If all else fails try running the file from command line and see if any obvious errors are reported. You can also find out what modules and settings are active on the server by using the function phpinfo(); in a PHP page, it will return the current values of all the settings.

As of July 2017, the only facility available for transferring files off Sandcastle will be through SFTP (FTP over SSH). This change was made, in part, due to the fact that most FTP clients now support this protocol and it is much easier to setup. Please Note: when you connect the first time you will be prompted to accept the SSH key, please visit the security page to ensure that the key presented is correct. Below are some screenshots from some free FTP clients to assist with configuration. We do not endorse any particular client as these free projects change quickly, be aware of any additionally bundled software which should give an option to decline, as many of these projects include them as a revenue source. If you run across one of these clients that is particularly troublesome to install (or does installs additional unwanted software) please let us know.


FileZilla (currently hosted at offers a free version of their client and is among the most popular FTP clients on the web. This program is quite easy to configure and use, which is why we recommend it’s use for transferring files. Once you have started up FileZilla you will want to open the Site Manager and create a new site.


Core FTP (currently hosted at offers a LE version which is free for personal and educational use. It has recently added SFTP connections, which means that it will encrypt your password when sending it across the Internet. Once you open Core FTP LE you will want to open the Site Manager and create a new site. However this project is not as frequently maintained.