sudo is available from the SFWsudo package on Solaris 10.
To use it a /etc/sudoers file has been set but still leading to the following error
user NOT in sudoers
Hopefully, truss will help :-)
root@server:/# truss -o /tmp/output sudo ls
The /tmp/output file is answering the enigma:
root@server:/# grep sudoers /tmp/output
lstat("/opt/sfw/etc/sudoers", 0xFFBFFB28) = 0
open("/opt/sfw/etc/sudoers", O_RDONLY) = 4
The sudoers file to edit is in /opt/sfw/etc
Showing posts with label commands. Show all posts
Showing posts with label commands. Show all posts
22 August 2008
29 May 2008
Soft limit & Hard limit
Most of us encountered to increase the limit of file descriptors while installing a high end 3pp(party product).In doing so we will encounter with two different kinds of limits i.e.soft vs hard.
Hard limits are a kernel-configurable item and users can't exceed them. Soft limits are the user defaults and users can change that using the ulimit command.
Basically, soft limits can be changed to anything up to the hard limit. Soft limits are warning barrier. When a user reaches the soft limit they will get an warning message but are still allowed to use more space up to the hard limit.
Since its a kernel tunable we have to define the value in /etc/system and /etc/sysctl.conf for Pre-Solaris 10 and Linux respectively.
E.g.,
To set a hard limit of 4096 and soft limit of 1024 in Solaris 8.
set rlim_fd_max=4096 [Refers Hard limit]
set rlim_fd_cur=1024 [Refers Soft limit]
To raise the allowed limit in Linux based distributions update either /etc/limits.conf or /etc/security/limits.conf
Hard limits are a kernel-configurable item and users can't exceed them. Soft limits are the user defaults and users can change that using the ulimit command.
Basically, soft limits can be changed to anything up to the hard limit. Soft limits are warning barrier. When a user reaches the soft limit they will get an warning message but are still allowed to use more space up to the hard limit.
Since its a kernel tunable we have to define the value in /etc/system and /etc/sysctl.conf for Pre-Solaris 10 and Linux respectively.
E.g.,
To set a hard limit of 4096 and soft limit of 1024 in Solaris 8.
set rlim_fd_max=4096 [Refers Hard limit]
set rlim_fd_cur=1024 [Refers Soft limit]
To raise the allowed limit in Linux based distributions update either /etc/limits.conf or /etc/security/limits.conf
07 March 2008
How to Password Protect GRUB Boot loader
The main reason to password protect the GRUB boot loder is to prevent access to single user mode — If attackers can boot the system into single user mode, they are logged in automatically as root without being prompted for the root password.
To do this, open a shell prompt, log in as root, and type:
/sbin/grub-md5-crypt
When prompted, type the GRUB password and press Enter. This returns an MD5 hash of the password.
Next, edit the GRUB configuration file /boot/grub/grub.conf. Open the file and below the timeout line in the main section of the document, add the following line:
password --md5
Replacewith the value returned by /sbin/grub-md5-crypt
To do this, open a shell prompt, log in as root, and type:
/sbin/grub-md5-crypt
When prompted, type the GRUB password and press Enter. This returns an MD5 hash of the password.
Next, edit the GRUB configuration file /boot/grub/grub.conf. Open the file and below the timeout line in the main section of the document, add the following line:
password --md5
Replace
14 February 2008
What is umask in Linux/Unix?
The User file-creation mode mask (umask) is use to determine the file permission for newly created files. It can be used to control the default file permission for new files. It is a four-digit octal number .
Default umask for normal user is 0002.
Default umask for root user is 0022.
Default base permission for directories & files are 0777 (rwxrwxrwx) & 0666 (rw-rw-rw-) respectively.
To calculate directory permission for root user
Default Permissions : 777
Subtract umask value: 022 (-)
Allowed Permissions : 755
To calculate file permission for root user
Default Permissions : 666
Subtract umask value: 022 (-)
Allowed Permissions : 644
The following example explains the steps needed to set umask for permissions 700 for user files. The idea very simply only user is allowed to read or write file.
Default Permissions: 777
Subtract umask value: 077 (-)
Allowed Permissions: 700
Output:
Default umask for normal user is 0002.
Default umask for root user is 0022.
Default base permission for directories & files are 0777 (rwxrwxrwx) & 0666 (rw-rw-rw-) respectively.
To calculate directory permission for root user
Default Permissions : 777
Subtract umask value: 022 (-)
Allowed Permissions : 755
To calculate file permission for root user
Default Permissions : 666
Subtract umask value: 022 (-)
Allowed Permissions : 644
The following example explains the steps needed to set umask for permissions 700 for user files. The idea very simply only user is allowed to read or write file.
Default Permissions: 777
Subtract umask value: 077 (-)
Allowed Permissions: 700
$ umask 077
$ touch file.txt
$ ls -l file.txtOutput:
-rw------- 1 demo demo 0 2008-10-10 12:21 demo.txt
21 November 2007
'df' command says partition is full, while 'du' reports free space
The standard cause for this is some user process keeping a deleted file open.
When this happens, the space is not visible via 'du', since the file is no longer visible in the directory tree. However, the space is still used by the file until it is deallocated, and that can only happen once the last process which has the file open either closes its file descriptor to the file, or the process exits.
You can use the lsof program to try to find which process is keeping an open file. Usually it's some log file, or some large data base file which gets rotated out, but some older process are still keeping the log file open.
When this happens, the space is not visible via 'du', since the file is no longer visible in the directory tree. However, the space is still used by the file until it is deallocated, and that can only happen once the last process which has the file open either closes its file descriptor to the file, or the process exits.
You can use the lsof program to try to find which process is keeping an open file. Usually it's some log file, or some large data base file which gets rotated out, but some older process are still keeping the log file open.
19 November 2007
How to manage interactive programs that run for long periods of time
Problem Statement:
A user wants to run a program 'a' that takes seven hours to complete.He wants to start the program while leaving his office in the evening.But he feels that power will be wasted if he invokes this program in the evening,and keeps the workstation that has started the program 'a' through the SSH client switched 'on',just to keep 'a' running.
User can try the following solutions:
SOLUTION1:
$cd /path/to/a
$sh a.sh &
$logout
Disadvantage of this option is that it will not capture the exit code of 'a'
SOLUTION2:
$screen
$cd /path/to/a
$sh a.sh
Shutdown the machine that has started the program 'a' using ssh.
Next day,invoke the ssh session to the system and retrieve the same terminal that has started this long-running program 'a',using the following technique:
$screen -list
This will list the set of screen managers - in the above case you should see only one screen manager,something like the following:
This is a screen on:
There is a screen on:
23399.pts-1.maya-replace (Detached)
1 Socket in /tmp/screens/S-root.
Now , the following command should get the screen back.
$screen -d -r 23399.pts-1.maya-replace
A user wants to run a program 'a' that takes seven hours to complete.He wants to start the program while leaving his office in the evening.But he feels that power will be wasted if he invokes this program in the evening,and keeps the workstation that has started the program 'a' through the SSH client switched 'on',just to keep 'a' running.
User can try the following solutions:
SOLUTION1:
$cd /path/to/a
$sh a.sh &
$logout
Disadvantage of this option is that it will not capture the exit code of 'a'
SOLUTION2:
$screen
$cd /path/to/a
$sh a.sh
Shutdown the machine that has started the program 'a' using ssh.
Next day,invoke the ssh session to the system and retrieve the same terminal that has started this long-running program 'a',using the following technique:
$screen -list
This will list the set of screen managers - in the above case you should see only one screen manager,something like the following:
This is a screen on:
There is a screen on:
23399.pts-1.maya-replace (Detached)
1 Socket in /tmp/screens/S-root.
Now , the following command should get the screen back.
$screen -d -r 23399.pts-1.maya-replace
14 November 2007
How to view terminal values in UNIX/Linux?
Below command is used to view the terminal values
$stty -a
Sometimes,we may see rows & columns are displayed improperly or scattered to overcome this use the below command
$reset
$stty -a
Sometimes,we may see rows & columns are displayed improperly or scattered to overcome this use the below command
$reset
How to convert man pages into a text file
Sometimes it required to convert man pages into a text file.Below command will do the needful
$ man passwd | col -b > /tmp/a
where
/tmp/a is the output file location
$ man passwd | col -b > /tmp/a
where
/tmp/a is the output file location
Auto Directory Spelling Corrections
To turn/enable this feature:
$shopt -s cdspell
Now mispell a directory in the cd command
$cd /usk/localstill gets you to /usr/local
Following will list all the options of this command
$shopt -p
$shopt -s cdspell
Now mispell a directory in the cd command
$cd /usk/localstill gets you to /usr/local
Following will list all the options of this command
$shopt -p
Subscribe to:
Posts (Atom)