User Permission Overwrite Group Permissin on Linux
This is a tricky question when my customer ask me why he can’t change certain on his home folder.
Said for an example:
I have a username: john with primary group finance running on one of the Linux server.
$id john
uid=1008(john) gid=1002(finance) groups=1002(finance)
$pwd
/home/john
$ls -l aug2008.txt
-r-rw-r– 1 john finance 1168 2008-08-16 11.30 aug2008.txt
The problem is here:
When a user called john login to Linux box and he tried to edit file aug2008.txt using vi or any other editor, he will getting a READ ONLY error.
Read more
Possibly Related Posts:
- Boot gOS from USB Drive Experience
- Argument list too long
- RSS Feed Submissions
- Geo Positions
- Interesting about Google Suggest
How to Authenticate to Active Directory on SuSE Linux 9
My previous post about How to join Fedora Core 6 Samba Server to Windows 2003 Active Directory which I believed helpful and getting a lot of traffic from Google search engine.
The following article “How to Authenticate to Active Directory on SuSE Linux 9” will focus on how to join AD domain & authentication using SLES9 SP3 running on my VM machine.
Basically the setup details are:
SLES9: 192.168.1.10
Windows 2003 Server: 192.168.1.1
Required RPM: heimdal-lib(kerberos), samba-client, samba-winbind, samba, sudo, xntp, glibc, pwdutils, openssh.
A. Time synchronization
Ensure Clock synchronization between your SLES9 and AD. Type #rcxntpd start
B. Kerberos setup
Edit /etc/krb5.conf
[libdefaults]
default_realm = AD.YOURDOMAIN.COM
clockskew = 300
[realms]
AD.YOURDOMAIN.COM = {
kdc = ad01.ad.yourdomain.com
default_domain = ad.yourdomain.com
admin_server = ad01.ad.yourdomain.com
}
EXAMPLE.COM = {
kdc = kerberos.example.com
admin_server = kerberos.example.com
}
[logging]
kdc = FILE:/var/log/krb5/krb5kdc.log
admin_server = FILE:/var/log/krb5/kadmind.log
default = SYSLOG:NOTICE:DAEMON
[domain_realm]
.ad.yourdomain.com = AD.YOURDOMAIN.COM
[appdefaults]
pam = {
ticket_lifetime = 1d
renew_lifetime = 1d
forwardable = true
proxiable = false
retain_after_close = false
minimum_uid = 1
try_first_pass = true
}
Note: Be careful here. It’s CASE SENSITIVE and please make sure you can PING each others.
C. Samba setup
Edit /etc/samba/smb.conf
[global]
winbind separator = +
winbind cache time = 10
winbind use default domain = yes
workgroup = ADYOUDOMAIN
printing = cups
printcap name = cups
printcap cache time = 750
cups options = raw
map to guest = Bad User
include = /etc/samba/dhcp.conf
logon path = \\%L\profiles\.msprofile
logon home = \\%L\%U\.9xprofile
idmap gid = 10000-20000
idmap uid = 10000-20000
realm = AD.YOURDOMAIN.COM
security = ADS
template homedir = /home/%U
template shell = /bin/bash
password server = server.example.com
unix password sync = Yes
passwd program = /usr/bin/passwd %u
passwd chat = *New*password* %n\n
Retype*new*password*%n\n*password:*all*authentication*tokens*updated*successfully
Pam password change = Yes
The example show as above is not complete. Please focus on realm and security.
Read more
Possibly Related Posts:
- Boot gOS from USB Drive Experience
- Argument list too long
- RSS Feed Submissions
- Geo Positions
- Interesting about Google Suggest
Linux Sudo Restriction
Question: How can I make extra sudo restriction on Linux?
Solutions:
Type: visudo
insert a line
#Disable sudo su -
username ALL=(ALL) ALL, !/bin/su, !/bin/su -, !/bin/su - *
test ALL=(ALL) ALL, !/bin/su, !/bin/su -, !/bin/su - *
#Disable reset root password
username ALL=(ALL) ALL, !/usr/bin/passwd root
test ALL=(ALL) ALL, !/usr/bin/passwd root
#Disable visudo
username ALL=(ALL) ALL, !/usr/sbin/visudo
test ALL=(ALL) ALL, !/usr/sbin/visudo
Save and exit.
Read more
Possibly Related Posts:
- Boot gOS from USB Drive Experience
- Argument list too long
- RSS Feed Submissions
- Geo Positions
- Interesting about Google Suggest
How To Show Linux User Password Expires
In order to show password expires for any particular username on Linux, I use chage command. For an example:
#chage -l test
Minimum: 0
Maximum: 76
Warning: 14
Inactive: 7
Last Change: Jul 29, 2008
Password Expires: Oct 13, 2008
Password Inactive: Oct 27, 2008
Account Expires: Never
So, as you can see from the screen above, the Linux system show username: test password expires on Oct 13, 2008. Basically the ‘Password Expires’ calculation is ‘Last Change’ date + ‘Maximum’ of day on the system.
Again, if you would like to check more than one user, probably you can try some of the example as below:
Read more
Possibly Related Posts:
- Boot gOS from USB Drive Experience
- Argument list too long
- RSS Feed Submissions
- Geo Positions
- Interesting about Google Suggest
How to customize Terminal Server Client(tsclient) specified screen size?
rdesktop is an open source client for Windows Terminal Services, capable of natively speaking Remote Desktop Protocol (RDP) in order to present the user’s Windows desktop. The rdesktop supported servers include Windows 2000 Server, Windows Server 2003, Windows Server 2008, Windows XP, Windows Vista and Windows NT Server 4.0.
The rdesktop currently runs on most UNIX based platforms with the X Window System, and other ports should be fairly straightforward.
I have an Ubuntu Hardy x64 running on my Dell desktop and another Dell laptop running Windows XP Professional with screen resolution 1152 x 1024.
How to launch rdesktop on Ubuntu Hardy?
Click Applications -> click Internet -> click Terminal Server Client(tsclient).
Enter computer name or IP address, select RDP protocol, enter username & password, and click open. Basically you should be able to connect to your remote desktop computer or server.
If you click on Display, and click use specified screen size, then you should be able to see default Specified Screen Size as below:
640 x 480
800 x 600
1024 x 768
1152 x 864
1280 x 960
1400 x 1250
What happen if I need to have different screen size? Don’t worry! You can use a command line
Read more
Possibly Related Posts:
- Boot gOS from USB Drive Experience
- Argument list too long
- RSS Feed Submissions
- Geo Positions
- Interesting about Google Suggest