As subtle as a flying brick.

Posts tagged “Linux

Understanding /etc/shadow file

Q. Can you explain /etc/shadow file used under Linux or UNIX?

A. /etc/shadow file stores actual password in encrypted format for user’s account with additional properties related to user password i.e. it stores secure user account information.

All fields are separated by a colon (:) symbol. It has one entry per line for each user listed in /etc/passwd file Generally, shadow file entry looks as follows:

shadow-file

(Fig.01: /etc/shadow file fields)

  1. User name : It is your login name
  2. Password: It your encrypted password. The password should be minimum 6-8 characters long including special characters/digits
  3. Last password change (lastchanged): Days since Jan 1, 1970 that password was last changed
  4. Minimum: The minimum number of days required between password changes i.e. the number of days left before the user is allowed to change his/her password
  5. Maximum: The maximum number of days the password is valid (after that user is forced to change his/her password)
  6. Warn : The number of days before password is to expire that user is warned that his/her password must be changed
  7. Inactive : The number of days after password expires that account is disabled
  8. Expire : days since Jan 1, 1970 that account is disabled i.e. an absolute date specifying when the login may no longer be used

The last 6 fields provides password aging and account lockout features (you need to use chage command to setup password aging). According to man page of shadow – the password field must be filled. The encrypted password consists of 13 to 24 characters from the 64 character alphabet a through z, A through Z, 0 through 9, \. and /. Optionally it can start with a “$” character. This means the encrypted password was generated using another (not DES) algorithm. For example if it starts with “$1$” it means the MD5-based algorithm was used.

Advertisements

Understanding /etc/passwd

Q. Can you explain /etc/passwd file format for Linux and UNIX operating systems?

A. /etc/passwd file stores essential information, which is required during login i.e. user account information. /etc/passwd is a text file, that contains a list of the system’s accounts, giving for each account some useful information like user ID, group ID, home directory, shell, etc. It should have general read permission as many utilities, like ls use it to map user IDs to user names, but write access only for the superuser (root).

Understanding fields in /etc/passwd

The /etc/passwd contains one entry per line for each user (or user account) of the system. All fields are separated by a colon (:) symbol. Total seven fields as follows.

Generally, passwd file entry looks as follows (click to enlarge image):

passwd-file

Fig.01: /etc/passwd file format

  1. Username: It is used when user logs in. It should be between 1 and 32 characters in length.
  2. Password: An x character indicates that encrypted password is stored in /etc/shadow file.
  3. User ID (UID): Each user must be assigned a user ID (UID). UID 0 (zero) is reserved for root and UIDs 1-99 are reserved for other predefined accounts. Further UID 100-999 are reserved by system for administrative and system accounts/groups.
  4. Group ID (GID): The primary group ID (stored in /etc/group file)
  5. User ID Info: The comment field. It allow you to add extra information about the users such as user’s full name, phone number etc. This field use by finger command.
  6. Home directory: The absolute path to the directory the user will be in when they log in. If this directory does not exists then users directory becomes /
  7. Command/shell: The absolute path of a command or shell (/bin/bash). Typically, this is a shell. Please note that it does not have to be a shell.

Task: See User List

/etc/passwd is only used for local users only. To see list of all users, enter:
$ cat /etc/passwd
To search for a username called tom, enter:
$ grep tom /etc/passwd

/etc/passwd file permission

The permission on the /etc/passwd file should be read only to users (-rw-r–r–) and the owner must be root:
$ ls -l /etc/passwd
Output:

-rw-r--r-- 1 root root 2659 Sep 17 01:46 /etc/passwd

Reading /etc/passwd file

You can read /etc/passwd file using the while loop and IFS separator as follows:

#!/bin/bash
# seven fields from /etc/passwd stored in $f1,f2...,$f7
# 
while IFS=: read -r f1 f2 f3 f4 f5 f6 f7
do
 echo "User $f1 use $f7 shell and stores files in $f6 directory."
done < /etc/passwd

Your password is stored in /etc/shadow file

Your encrypted password is not stored in /etc/passwd file. It is stored in /etc/shadow file. In the good old days there was no great problem with this general read permission. Everybody could read the encrypted passwords, but the hardware was too slow to crack a well-chosen password, and moreover, the basic assumption used to be that of a friendly user-community.

Almost, all modern Linux / UNIX line operating systems use some sort of the shadow password suite, where /etc/passwd has asterisks (*) instead of encrypted passwords, and the encrypted passwords are in /etc/shadow which is readable by the superuser only.


Half-Life 2 For Steam on Linux

The first-person shooter Half-Life 2 released for Steam on Linux. I truly enjoyed Counter Strike, and I am going to install Half-Life 2 this weekend. From the release notes:

Half Life 2 logo

Half-Life 2, Half-Life 2: Episode 1, Half-Life 2: Episode 2 and Half-Life 2: LostCoast are now available as a Beta. This beta adds Linux support and converts the game to the new Steam Content delivery system.

Linux users can simply install the games access the beta. For Windows and OS X users right click the game in your Library, choose properties and then go to the Beta tab. Select the SteamPipe beta to start testing. Under Windows and OS X to opt out of testing simply deselect the beta option on this same page.

I think Valve has done a good job, and I’m hoping more game developers will release popular games on Linux.

 


How to check if a directory exists in a shell script

To check if a directory exists and is a directory use the following syntax:

[ -d "/path/to/dir" ] && echo "Directory /path/to/dir exits." || echo "Error: Directory /path/to/dir does not exits."

The following version also check for symbolic link:

[ -d "/path/to/dir" && ! -L "/path/to/dir" ] && echo "Directory /path/to/dir exits." || echo "Error: Directory /path/to/dir exits but point to $(readlink -f /path/to/dir)."

OR

[ -d "/path/to/dir" && ! -h "/path/to/dir" ] && echo "Directory /path/to/dir exits." || echo "Error: Directory /path/to/dir exits but point to $(readlink -f /path/to/dir)."

Finally, you can use the traditional if..else..fi:

if [ -d "/path/to/dir" ]
then
    echo "Directory /path/to/dir exits."
else
    echo "Error: Directory /path/to/dir does not exits."
fi

Shell script examples to see if a ${directory} exists or not

 
#!/bin/bash
dir="$1"

[ $# -eq 0 ] && { echo "Usage: $0 dir-name"; exit 1; }

if [ -d "$dir" -a ! -h "$dir" ]
then
   echo "$dir found and setting up new Apache/Lighttpd/Nginx jail, please wait..."
   # __WWWJailSetup "cyberciti.biz" "setup"
else
   echo "Error: $dir not found or is symlink to $(readlink -f ${dir})."
fi

In this example, create directories if does not exits:

# Purpose: Setup jail and copy files
# Category : Core
# Override : No
# Parameter(s) : d => domain name
#                action => setup or update
__WWWJailSetup(){
        local d="$1"
        local action="${2:setup}"       # setup or update???
        local index="$d

$d

" # default index.html
        local J="$(_getJailRoot $d)/$d" # our sweet home 
        local _i=""

        [ "$action" == "setup" ] && echo "* Init jail config at $J..." || echo "* Updating jail init config at $J..."
        __init_domain_config "$d"

        [ "$action" == "setup" ] && echo "* Setting up jail at $J..." || echo "* Updating jail at $J..."
        [ ! -d "$J" ] &&  $_mkdir -p "$J"

        for _i in $J/{etc,tmp,usr,var,home,dev,bin,lib64}
        do
                [ ! -d "$_i" ] &&  $_mkdir -p "$_i"
        done
        for _i in $_lighttpd_webalizer_base/$d/stats/{dump,out}
        do
                [ ! -d "$_i" ] &&  $_mkdir -p "$_i"
        done
        for _i in $_lighttpd_webalizer_prepost_base/$d/{pre.d,post.d}
        do
                [ ! -d "$_i" ] &&  $_mkdir -p "$_i"
        done
## truncated 
}

Summary

Use the following to check file/directory types and compare values:

  1. -L "FILE" : FILE exists and is a symbolic link (same as -h)
  2. -h "FILE" : FILE exists and is a symbolic link (same as -L)
  3. -d "FILE" : FILE exists and is a directory
  4. -w "FILE" : FILE exists and write permission is granted

 


Fedora Linux 18 (Spherical Cow)

English: The official logo of the Linux distri...

Fedora Linux version 18 has been released and available for download. Fedora Linux is a community based Linux distribution. Fedora Linux is considered as the third most popular Linux distribution, behind Ubuntu and Mint for desktop usage. The new version comes with several new features such as – an installer that is rewritten and redesigned from the ground up, GNOME v3.6, KDE v4.9, Xfce v4.10, better network security with firewalld, Linux kernel v3.6, Python v3.3, Ruby on Rails v3.0, and much more.

What’s New In Fedora 18

  • Updated installer : The anaconda installer has been totally redesigned for Fedora 18. Users will now have more flexibility in how they configure their installation. Some tasks will run in the background to speed the installation process.
  • 256 color terminals – Many terminal programs (like vim and ls) can take advantage of 256 color terminals, and all xterms I know of support at least 256 colors and sometimes more.
  • Fedup tool – It is a new tool for upgrading Fedora installations that is replacing preupgrade and the DVD methods of upgrading that have been used in earlier Fedora releases. It uses systemd for much of the upgrade functionality and will eventually be able to source packages from a DVD and use the standard repository instead of an upgrade specific side repo. In other words, it is possible to install fedup on an Fedora 17 system using yum (yum install fedup). Finally run the fedup-cli command to prepare the upgrade using fedup-cli --network 18 --debuglog fedupdebug.log command.
  • UEFI Secure Boot – This will allow Fedora to boot on systems that have Secure Boot enabled. Tools are available for administrators to create custom certificates to sign local changes to GRUB or the kernel.
  • Secure Containers (LXC Container) – Using SELinux and virt-sandbox, services can be run in secure sandboxes, even as root. The virt-sandbox-service package will create mount points and a libvirt container.
  • Samba 4 – It is a combined set of daemons, client utilities, and Python bindings that allow communicating using SMB1, SMB2, and soon SMB3 protocols. It also implements Active Directory domain controller (DC) functionality as an integrated Kerberos DC, LDAP server, DNS server, and SMB/CIFS server.
  • /tmp on tmpfs – This is a security and power saving feature. By default, /tmp on Fedora 18 will be on a tmpfs. Storage of large temporary files should be done in /var/tmp. This will reduce the I/O generated on disks, increase SSD lifetime, save power, and improve performance of the /tmp filesystem.
  • Syscall filters – Syscall filtering is a security mechanism that allows applications to define which syscalls they should be allowed to execute.
  • Perl v5.16 – Upgrade to Perl 5.16 as brings a lot of changes.
  • OpenStack – This is an open source cloud computing platform. It lets you set up your own cloud infrastructure, similar to public clouds like Amazon EC2, Azure, etc. Fedora 18 comes with OpenStack “Folsom”.
  • Eucalyptus – It is a cloud computing software platform for on-premise (private) Infrastructure as a Service clouds. It uses existing infrastructure to create scalable and secure AWS-compatible cloud resources for compute, network and storage.
  • Web Servers – The Apache httpd package has been upgraded to version 2.4.3-1, which has many security and performance fixes. The lighttpd package has been upgraded to version 1.4.32-2.
  • Cinnamon – Fedora users now have the option of using Cinnamon, an advanced desktop environment based on GNOME3.
  • MATE desktop – This destop brings back a classic, intuitive, and easy to use desktop that users have been long requesting.
  • NetworkManager now supports an enhanced Hotspot – This allows Internet connection sharing mode for Wi-Fi, which enables a much smoother connection sharing experience and is better supported by hardware. This mode is automatically enabled only for new connections to make sure existing configurations are unchanged.
  • And much more. See Fedora 18 release note for more information.

Fedora 18 Screenshots

Fedora 18 DVD ISO download

You can download Fedora Linux 18 via the web/ftp server or via BitTorrent (recommended). The following DVD iso images are in live media format:

Download Fedora 18 GNOME live desktop dvd iso version

  1. Download 32 bit Live DVD ISO version (889MB)
  2. Download 64 bit Live DVD ISO version (916MB)

Download Fedora 18 KDE live desktop dvd iso version

  1. Download 32 bit Live DVD ISO version (805MB)
  2. Download 64 bit Live DVD ISO version (831MB)

Download Fedora 18 LXDE version

  1. Download 32 bit Live DVD ISO version (654MB)
  2. Download 64 bit Live DVD ISO version (682MB)

Download Fedora 18 Xfce version

  1. Download 32 bit Live DVD ISO version (662MB)
  2. Download 64 bit Live DVD ISO version (691MB)

See the release page and installation notes page for further information.

 


Netflix Finally Comes to Ubuntu

Ubuntu: Watching Netflix on Linux has always been a pain, since Microsoft Silverlight isn’t available on Linux. The unofficial Netflix app for Ubuntu makes it easy to install Netflix and start watching movies right away.

The app basically packages WINE and Netflix into a simple little desktop app, which you can install through a simple Ubuntu repository. It’ll take up a fair amount of space on your system, but at least you’ll finally be able to stream movies to that Linux-based home theater PC, or your laptop running Ubuntu. All you need to do is run the following two commands, one after the other:

 

sudo apt-add-repository ppa:ehoover/compholio
sudo apt-get update && sudo apt-get install netflix-desktop

 

After it finishes installing (give it a few minutes), you can hop into Ubuntu’s Dash and search for “Netflix Desktop,” or launch it from the terminal with netflix-desktop. The first time you launch, it’ll do some extra installation work, but when it’s done, it’ll launch in full screen mode and let you start watching movies. To exit full screen mode, just press F11 (though you can also exit the app entirely with Alt+F4).

Right now, it looks like you can only install the app on Ubuntu, but hopefully some nice folks will find ways to install it on other Linux-based systems. Hit the link to read more.

PPA for Netflix Desktop App | IHeartUbuntu