Allow Normal User to su Without Password

All Unix and Linux system will ship with different default policies. Usually these policies don’t match the local policies, such as which users are allowed what kind of access to which resources and when. In addition security policies may require non-default authentication and/or logging.

A system administrator must examine the system’s configuration files and update them if necessary to enforce local policies. On modern systems PAM (Pluggable Authentication Modules) can be used to configure a wide range of security policies, including which databases to use to authenticate users, minimum password length, max login attempts, special permissions for console users (to various commands and devices), and many other policies.

wheel group policy

The wheel group enables us to define several system administrators and none of them need the root password. The group wheel was first used this way in Unix systems, but by using PAM any system can enable this handy feature. With proper PAM configuration any member of group wheel can become root by using the su command without supplying any password.

Step by step:

1) Create a user who will work as a trusted users and assign password to that user.

#useradd master

#password master

2) Add this user in to wheel group’s member list.

#usermod -a -G wheel master

or

#usermod -G wheel master

3) Edit PAM configuration file for su that is /etc/pam.d/su and uncomment line

auth sufficient /lib/security/$ISA/pam_wheel.so trust use_uid

This will allow users in wheel group as a trusted users.

4) Now Login with user master and run command

#su -

By this master user can su to root without applying password.

Auto Logout In Linux

Almost everyone are forgetful and used to leave the Linux/Unix login session open without logging out. So, how to make sure all the Linux systems will automatically logout users after idle for certain minutes?

In fact, the simplest way is to configure the TMOUT shell variable!
i.e

export TMOUT=60

This export command will immediately get the Linux OS to automatically logout a user after his/her login session being idle for 60 seconds or 1 minute! 

Note: The TMOUT environment variable is applied to a command line console login session only. For X-window or GUI log in, we can easily turn on any pretty auto-lock screen-saver, that works very much like those in Windows.

In order the apply TMOUT to all Linux login accounts, put that export command to the login scripts or login profile (.bash_profile or .profile) in respective user home directory. But, the easiest way is to write the export command in the system profile instead of respective user’s profile! That’s to say, we can append the export TMOUT=60 command to /etc/profile (i.e. the system profile)!

To disable the Linux auto-logout user feature, just set the TMOUT to zero,
i.e.

export TMOUT=0

Sulogin for Single User Mode

By default on Red Hat Linux, user can enter single user mode simply by typing “linux single” at the GRUB boot-editing menu. Some believe that this is left in to ease support of users with lost root passwords.

In any case, it represents a clear security risk – authentication should always be required for root level access. It should be noted that it is extremely difficult to prevent compromise by any attacker who has knowledge, tools, and full physical access to a system. This kind of measure simply increases the difficulty of compromise by requiring more of each of these factors. These last two items have attempted to address concerns of physical/boot security.

To make these preparations more complete, one should consider setting the BIOS to boot only from the main hard disk and locking this setting with a BIOS password.

To set authentication for Single user mode edit /etc/inittab and add following line below initdefault.

id:3:initdefault
~~:S:wait:/sbin/sulogin


This will restrict Single User mode without authentication.

Setup proxy setting in a text based linux machine

In generic scenario internet access is running through proxy in small offices in that case Linux command line utilities those require internet access to work like wget, curl, yum and apt-get don't work. The question comes at

How to install packages using proxy by yum?
How to install packages using proxy by apt-get?
How to download file from command line using wget?

All these utilities are depends on shell variables http_proxy and ftp_proxy to work on proxy.

So, to use proxy server to access http/https from a linux machine in CLI, set the environment variable http_proxy. This will allow wget and python’s urllib modules and other applications (yum, apt-get etc) to use this environment variable and access http/https using the settings assigned to the variable http_proxy.

The below would be the ideal way of assigning values for http_proxy variable.
 
$export http_proxy=”http://ipaddress:port”

In the same way use ftp_proxy variable to access ftp

$export fttp_proxy=”http://ipaddress:port”

Add these two lines to  ~/.bashrc so that this variable exported every time user logs in to machine.

Argument list too long

Suppose, there are 1,30,000 files to move from one directory to another, what will happen

# mv *.txt test
Oh!! There is an error

mv: Argument list too long.
What to do? Simple answer is to use find command

#find . -maxdepth 1 -name ‘*.txt’ -exec mv ‘{}’ test \;

Here,

. : defines search directory
-maxdepth : disables recursive search and searches only in the current directory. It allows you to control how deep into sub directories it will recurs. With ‘-maxdepth’ 1 it will only search in current
directory.
-name : string to be searched
-exec : Applies a command to set of file that has been searched
{} : Inserts each found file into given command after -exec
\; : Indicates the exec command line has ended

The above example searches for *.txt files in current directory and moves it to the test directory. 

bad interpreter no such file

Sometimes shell scripts in Linux gives error like,

bash: ./t1.sh: /bin/sh^M: bad interpreter: No such file or directory

This happens whenever the files are transferred from Windows machine to Linux Machine over network. Reason being different OS uses different line ending characters. Have a look at below table

OS	Line End	Character
UNIX/Linux	LF	'\n'
DOS	CRLF	'\r' and '\n'
MAC	CR only	'\r'

CR (Carriage Return): return cursor to left margin, (Ctrl-M(^M) or hex 0D) 

LF (Linefeed): move cursor down, (Ctrl-J(^J) or hex 0A)

Combination of cat and sed command can easily solve this issue.

Example:


1. Create a simple shell scripts having (Ctrl+M) character at each line end. Download example code from here and save it as bad_int.sh

#!/bin/sh^M$
^M$
ls -l^M$

2. Make script bad_int.sh executable and run it from shell.

$ chmod +x bad_int.sh
$ ./bad_int.sh
bash: ./bad_int.sh: /bin/sh^M: bad interpreter: No such file or directory
$

3. Use cat and cat -A command to differentiate file contents.

$ cat bad_int.sh
#!/bin/sh

ls -l

$ cat -A bad_int.sh
#!/bin/sh^M$
^M$
ls -l^M$
$

Note: -A argument of cat command displays non printable characters

4. Now, at last remove all occurrence of (^M) character from the script using combination of cat and sed command and redirect its output to bad_int_solved.sh, make script bad_int_solved.sh executable and run it from shell.

$ cat -A bad_int.sh | sed -e 's/\^M\$//g' > bad_int_solved.sh 
$ chmod +x bad_int_solved.sh 
$ ./bad_int_solved.sh 
total 12
-rwxr-xr-x 1 jaymin jaymin 20 Sep 11 14:00 bad_int.sh
-rwxr-xr-x 1 jaymin jaymin 17 Sep 11 14:35 bad_int_solved.sh
-rw-r--r-- 1 jaymin jaymin 19 Sep 11 13:37 so.sh
$

Don't confuse with $ character, it represents line ends for Unix/Linux files.

What exacty Open Source is?

We heard lots about Open Source and also using Open Source application. But what is open source? How does Open Source work? How does Open Source business works? At entry point its like a riddle. Lets clear, What Open Source Actually means.

Open source doesn't just mean access to the source code. The distribution terms of an open-source program must comply with the following criteria or you can read it as an Open Source definition

1. Free Redistribution
          The license may not restrict any party from selling or giving away the software as a component of an aggregate software distribution containing programs from several different sources. The license may not require a royalty or other fee for such sale.

Explanation:
          This means that you can make any number of copies of the software, and sell or give them away, and you don't have to pay anyone for that privilege.

2. Source Code
          The program must include source code, and must allow distribution in source code as well as compiled form. Where some form of a product is not distributed with source code, there must be a well-publicized means of downloading the source code, without charge, via the Internet. The source code must be the preferred form in which a programmer would modify the program. Deliberately obfuscated source code is not allowed. Intermediate forms such as the output of a preprocessor or translator are not allowed.

Explanation:
          Source code is a necessary preliminary for the repair or modification of a program. The intent here is for source code to be distributed with the initial work, and all derived works. 

3. Derived Works
          The license must allow modifications and derived works, and must allow them to be distributed under the same terms as the license of the original software.
 
Explanation:
          Software has little use if you can't maintain it ( fix bugs, port to new systems, make improvements), and modification is necessary for maintenance. The intent here is for modification of any sort to be allowed. It must be allowed for a modified work to be distributed under the same license terms as the original work. However, it is not required that any producer of a derived work must use the same license terms, only that the option to do so be open to them.
           A concern among some software authors is that this provision could allow unscrupulous people to modify their software in ways that would embarrass the original author. They fear someone deliberately making the software perform incorrectly in a way that would make it look as if the author was a poor programmer. Others are concerned that software could be modified for criminal use, by the addition of Trojan horse functions or locally-banned technologies such as cryptography. All of these actions, however, are covered by criminal law. A common misunderstanding about software licenses is that they must specify everything, including things like "don't use this software to commit a crime." However, no license has any valid existence outside of the body of civil and criminal law.  

4. Integrity of the Author's Source Code
          The license may restrict source code from being distributed in modified form only if the license allows the distribution of "patch files" with the source code for the purpose of modifying the program at build time.
 
Explanation:
          Some authors were afraid that others would distribute source code with modifications that would be perceived as the work of the original author, and would reflect poorly on that author. This gives them a way to enforce a separation between modifications and their own work without prohibiting modifications. Some consider it un-aesthetic that modifications might have to be distributed in a separate "patch" file from the source code, even though Linux distributions like Debian and Red Hat use this procedure for all of the modifications they make to the programs they distribute. There are programs that automatically merge patches into the main source, and one can have these programs run automatically when extracting a source package. Thus, this provision should cause little or no hardship.
          The license must explicitly permit distribution of software built from modified source code. The license may require derived works to carry a different name or version number from the original software.
          This means that Netscape, for example, can insist that only they can name a version of the program Netscape Navigator(tm) while all free versions of the program must be called Mozilla or something else.  

5. No Discrimination Against Persons or Groups 
          The license must not discriminate against any person or group of persons.
 
Explanation:
          Some people are stuck with software that they acquired under that license, and their derived versions must carry the same restriction. Open Source licenses may not contain such provisions, no matter how laudable their intent. 


6. No Discrimination Against Fields of Endeavor
          The license must not restrict anyone from making use of the program in a specific field of endeavor. For example, it may not restrict the program from being used in a business, or from being used for genetic research.
 
Explanation:
          The software must be equally usable in an abortion clinic, or by an anti-abortion organization. These political arguments belong on the floor of Congress, not in software licenses. Some people find this lack of discrimination extremely offensive! 

7. Distribution of License
          The rights attached to the program must apply to all to whom the program is redistributed without the need for execution of an additional license by those parties.
 
Explanation:
          The license must be automatic, no signature required. Unfortunately, there has not been a good court test in the U.S. of the power of a no-signature-required license when it is passed from a second party to a third. However, this argument considers the license in the body of contract law, while some argue that it should be considered as copyright law, where there is more precedent for no-signature licenses. A good court test will no doubt happen in the next few years, given the popularity of this sort of license and the booming nature of Open Source. 


8. License Must Not Be Specific to a Product
          The rights attached to the program must not depend on the program's being part of a particular software distribution. If the program is extracted from that distribution and used or distributed within the terms of the program's license, all parties to whom the program is redistributed should have the same rights as those that are granted in conjunction with the original software distribution.
 
Explanation:
          This means you can't restrict a product that is identified as Open Source to be free only if you use it with a particular brand of Linux distribution, etc. It must remain free if you separate it from the software distribution it came with.


9. License Must Not Contaminate Other Software
          The license must not place restrictions on other software that is distributed along with the licensed software. For example, the license must not insist that all other programs distributed on the same medium must be open-source software.
 
Explanation:
          A version of GhostScript, a PostScript-rendering program, requires that the media on which it is distributed contain only free software programs. This isn't permissible for Open Source licenses. Fortunately, the GhostScript author distributes another version of the program with a true Open Source license.
          Note that there is a difference between derivation and aggregation. Derivation is when a program actually incorporates part of another program into itself. Aggregation is when you include two programs on the same CD-ROM. This section of the Open Source Definition is concerned with aggregation , not derivation.


10. License Must Be Technology-Neutral
          No provision of the license may be predicated on any individual technology or style of interface. The GNU GPL, BSD, X Consortium, and Artistic licenses are examples of licenses that we consider con-formant to the Open Source Definition. So is the MPL.
 
Explanation:
          This would get us in trouble if any of these licenses are ever changed to be non-Open-Source--we'd have to issue a revision of the Open Source Definition immediately. It really belongs in explanatory text, not in the Open Source Definition itself.


The Open Source Definition is not a software license but It's a specification of what is permissible in software license for that software to be referred to as Open Source.

To be open source, all of the terms mentioned above must be applied together, and in all cases. i.e. They must be applied to derived versions of a program as well as the original program.

CV or Resume: Is there a difference?

While most of us use the terms 'Curriculum Vitae' (CV) and 'Resume' interchangeably, there is a difference between these two documents.

All over the world (including India ) except the US, employers ask potential employees for a CV while applying for a position. While both documents are used in the job application process -- there is a difference in what the contents of each should be.

To understand CV and Resume, let us look at the literal meaning of these two terms:

Curriculum Vitae: The course of life
Resume: Summary

A close look at the meaning of these terms makes things clearer. While a CV discusses the course of life of a person, his Resume is a brief summary of his skills and achievements. The meaning of the words offer the basic difference between CV and Resume:

CV is detailed, a Resume is to the point

A CV is longer than a Resume. Usually, a CV is two or more pages long while a Resume is essentially one page long.

A CV can contain some information about other facets of your life such as hobbies and extracurricular activities. A Resume strictly contains information relevant to the job.

A CV is usually used in USA only for academia and when you are required to apply for a government grant. Potential employers usually ask for a Resume there.

This means that while your CV when applying to two different jobs could be same, your Resume has to be different, highlighting different achievements in different cases.

So, what term should you use? While most times you will be asked for a CV all over the world, you have to be cautious if you are in the USA. In the USA, employers expect you to abide by the rules when they ask you for your Resume.

Started Blogging on Google Blogger after a long time

After a long time back to blogging through Google Blogger. Its almost more than one and half years, I was suppose to continue on blogging from the day when started blogging on Wordpress.

But because of my lazy nature that always procrastinate things I was ineffective in that. Once again, I am going for it with all new idea and will try to keep it going on with my technical and management stuffs with concerning pulpit.