Bolay's Wiki

User Tools

Site Tools

Trace:
programming:bash:miscellaneous_notes

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision		Previous revision
Next revisionBoth sides next revision
programming:bash:miscellaneous_notes [2012/05/08 14:08] – created sbolayprogramming:bash:miscellaneous_notes [2012/05/09 05:27] sbolay
Line 702: Line 702:
 In order to use X11 forwarding through ssh, you have to: on debian (server) In order to use X11 forwarding through ssh, you have to: on debian (server)
  
-apt-get install xbase-client +  * apt-get install xbase-client 
-in /etc/ssh/sshd_config → X11Forwarding yes +  in /etc/ssh/sshd_config → X11Forwarding yes 
-Restart ssh daemon /etc/ssh restart+  Restart ssh daemon /etc/ssh restart 
 login to the server ssh -X -v -v -v root@xxx.xxx.xxx.xxx  login to the server ssh -X -v -v -v root@xxx.xxx.xxx.xxx 
 The triple -v is to obtain debug up to level 3 and -X is to enable X11forwarding to the client side but seems not be absolutely necessary to make the X11 tunnel working. You can now try “xclock &” included in the xbase-client package to test the X11 connection. The triple -v is to obtain debug up to level 3 and -X is to enable X11forwarding to the client side but seems not be absolutely necessary to make the X11 tunnel working. You can now try “xclock &” included in the xbase-client package to test the X11 connection.
Line 710: Line 711:
 If you get an error such as If you get an error such as
  
 +<code bash>
 root@siro2:~# xclock root@siro2:~# xclock
 _X11TransSocketINETConnect() can't get address for localhost:6013: Name or service not known _X11TransSocketINETConnect() can't get address for localhost:6013: Name or service not known
 Error: Can't open display: localhost:13.0 Error: Can't open display: localhost:13.0
-The main reasons of that can be (from linuxquestions.org):+</code> 
 + 
 +The main reasons of that can be (from [[http://www.linuxquestions.org/questions/fedora-35/help-for-setting-up-x-server-to-use-ssh-336219/|linuxquestions.org]]): 
 + 
 +  * You should NEVER EVER login as root. 
 +  * You should REALLY REALLY use sudo(1) or su(1) when you need to run one command whith root privilege
  
-You should NEVER EVER login as root. 
-You should REALLY REALLY use sudo(1) or su(1) when you need to run one command whith root priv:s 
 Might be that ssh is doing the right thing and don't let you use X11 over ssh as root. Might be that ssh is doing the right thing and don't let you use X11 over ssh as root.
  
Line 722: Line 727:
  
 If you are login as a normal user and you have the same error, you may need to issue an If you are login as a normal user and you have the same error, you may need to issue an
 +<code bash>
 export DISPLAY="hostname:10.0" export DISPLAY="hostname:10.0"
 +</code>
 +
 before it works. You can also add this command in the user's .bashrc file. before it works. You can also add this command in the user's .bashrc file.
  
-If you put instead export DISPLAY=“127.0.0.1:10.0” the .Xauthority may be corrupted and the X redirection will not work and will display a warning such as: Warning: No xauth data; using fake authentication data for X11 forwarding. As soon as you got once this error, before trying another solution, you have to restart your Xserver (ctrl+alt+enter) to regenerate a trusted Xsession.+If you put instead **export DISPLAY=“127.0.0.1:10.0”** the .Xauthority may be corrupted and the X redirection will not work and will display a warning such as: **Warning: No xauth data; using fake authentication data for X11 forwarding.** As soon as you got once this error, before trying another solution, you have to restart your Xserver (ctrl+alt+enter) to regenerate a trusted Xsession.
  
 You can see wich are your actual Xauthority setting with: You can see wich are your actual Xauthority setting with:
 +<code bash>
 xauth info xauth info
 xauth list xauth list
 +</code>
 and if you need to add a new Xauthority to the .Xauthority file, you can issue: and if you need to add a new Xauthority to the .Xauthority file, you can issue:
 +<code bash>
 xauth add `echo "${DISPLAY}" | sed 's/.*\(:.*\)/\1/'` . `mcookie` xauth add `echo "${DISPLAY}" | sed 's/.*\(:.*\)/\1/'` . `mcookie`
 +</code>
 Below is displayed the settings of the /etc/ssh_config which is the client configuration file: Below is displayed the settings of the /etc/ssh_config which is the client configuration file:
 +<code bash>
 Host * Host *
 #   ForwardAgent no #   ForwardAgent no
Line 765: Line 774:
     GSSAPIAuthentication yes     GSSAPIAuthentication yes
     GSSAPIDelegateCredentials no     GSSAPIDelegateCredentials no
-And last, below is displayed the /etc/sshd_config file which is the configuration on the server side:+</code>
  
 +And last, below is displayed the /etc/sshd_config file which is the configuration on the server side:
 +<code bash>
 # What ports, IPs and protocols we listen for # What ports, IPs and protocols we listen for
 Port 22 Port 22
Line 841: Line 852:
    
 UsePAM yes UsePAM yes
-MySQL+</code>
  
 +===== MySQL =====
 /etc/init.d/mysql start/status/stop /etc/init.d/mysql start/status/stop
  
-Set the MySQL root password+==== Set the MySQL root password ====
  
-PLEASE REMEMBER TO SET A PASSWORD FOR THE MySQL root USER ! To do so, start the server, then issue the following commands: 
  
 +PLEASE REMEMBER TO SET A PASSWORD FOR THE MySQL root USER ! To do so, start the server, then issue the following commands:
 +<code bash>
 /usr/bin/mysqladmin -u root password 'new-password' /usr/bin/mysqladmin -u root password 'new-password'
 #or #or
 /usr/bin/mysqladmin -u root -h example.com password 'new-password' /usr/bin/mysqladmin -u root -h example.com password 'new-password'
-Test the MySQL daemon+</code>
  
 +==== Test the MySQL daemon ====
 You can test the MySQL daemon with the benchmarks in the 'sql-bench' directory: You can test the MySQL daemon with the benchmarks in the 'sql-bench' directory:
 +<code bash>
 cd /usr/share/mysql/sql-bench cd /usr/share/mysql/sql-bench
 perl run-all-tests perl run-all-tests
 +</code>
 +
 Default options are read from the following files in the given order: /etc/my.cnf /var/lib/mysql/my.cnf and ~/.my.cnf Default options are read from the following files in the given order: /etc/my.cnf /var/lib/mysql/my.cnf and ~/.my.cnf
  
-Create a DB+==== Create a DB ====
  
 In the below example, “intranet” is the name of your database. In the below example, “intranet” is the name of your database.
 +<code bash>
 mysqladmin -u root -p create intranet mysqladmin -u root -p create intranet
-Create a table+</code>
  
 +==== Create a table ====
 Create the tables using an example.sql file: Create the tables using an example.sql file:
 +<code bash>
 mysql -u root -p intranet < example.sql mysql -u root -p intranet < example.sql
-See the content of the database+</code>
  
 +==== See the content of the database ====
 See the content of the intranet db See the content of the intranet db
 +<code bash>
 mysqlshow -u root -p intranet mysqlshow -u root -p intranet
-Add Privileges to a database+</code>
  
 +==== Add Privileges to a database ====
 +<code bash>
 mysql -u root -p intranet mysql -u root -p intranet
 Enter password: Enter password:
Line 885: Line 905:
    
 mysql> GRANT ALL PRIVILEGES ON *.* TO "myDatabase"@"localhost"; mysql> GRANT ALL PRIVILEGES ON *.* TO "myDatabase"@"localhost";
-CUPS+</code>
  
 +===== CUPS =====
 /etc/cups /etc/cups
  
-cupsd.conf +==== cupsd.conf ====
- +
-(2 modifications) 1)+
  
 +(2 modifications)
 +  - <code bash>
 # DocumentRoot: the root directory for HTTP documents that are served. # DocumentRoot: the root directory for HTTP documents that are served.
 # By default "/usr/share/doc/packages/cups". # By default "/usr/share/doc/packages/cups".
 # #
 DocumentRoot /usr/share/cups/doc/ DocumentRoot /usr/share/cups/doc/
-2) +</code> 
 +  - <code bash>
 <Location /admin> <Location /admin>
 # You definitely will want to limit access to the administration functions. # You definitely will want to limit access to the administration functions.
Line 918: Line 939:
 #Encryption Required #Encryption Required
 </Location> </Location>
-printers.conf+</code>
  
 +==== printers.conf ====
 (below an example) (below an example)
 +<code bash>
 <Printer HP_Laserjet_6MP> <Printer HP_Laserjet_6MP>
 Info B&W_Laser_Printer Info B&W_Laser_Printer
Line 933: Line 955:
 KLimit 0 KLimit 0
 </Printer> </Printer>
-SOME ADVICES log: /var/log/cups/ daemon cupsd: /usr/sbin/cupsd (man cupsd) server = /usr/lib/cups/daemon/cups-lpd (in /etc/xinetd.d/cups-lpd)+</code>
  
-Creating root access (by default cups will have no user and pwlppasswd -g sys -a root #this command will allow you to login as root for administration task in cups+**SOME ADVICES** log: /var/log/cups/ daemon cupsd: /usr/sbin/cupsd (man cupsdserver = /usr/lib/cups/daemon/cups-lpd (in /etc/xinetd.d/cups-lpd)
  
-restart the server siro:/etc/init.d # ./cups restart Shutting down cupsd done Starting cupsd done+**Creating root access (by default cups will have no user and pw)** lppasswd -g sys -a root #this command will allow you to login as root for administration task in cups 
 + 
 +**restart the server** siro:/etc/init.d # ./cups restart Shutting down cupsd done Starting cupsd done
  
 For probleme with the lp command, see below: when I want to print with lp or lpr I always get the following errormsg: lp: error - scheduler not responding! or lpr: error - scheduler not responding! By the way, cups prints its testpage correctly, only lp® doesn't work! What can I do? For probleme with the lp command, see below: when I want to print with lp or lpr I always get the following errormsg: lp: error - scheduler not responding! or lpr: error - scheduler not responding! By the way, cups prints its testpage correctly, only lp® doesn't work! What can I do?
Line 943: Line 967:
 These “lp” and “lpr” commands or for CUPS, they work only with running CUPS daemon (the scheduler) or with a remote CUPS server specified in /etc/cups/client.conf. If you want to use LPD or LPRng, you need the appropriate “lpr” and/or “lp” executables. These “lp” and “lpr” commands or for CUPS, they work only with running CUPS daemon (the scheduler) or with a remote CUPS server specified in /etc/cups/client.conf. If you want to use LPD or LPRng, you need the appropriate “lpr” and/or “lp” executables.
  
-FTP +===== FTP =====
 vsftpd: (man vsftpd) The vsftpd FTP server serves FTP connections. It uses normal, unencrypted usernames and passwords for authentication. vsftpd is designed to be secure. vsftpd: (man vsftpd) The vsftpd FTP server serves FTP connections. It uses normal, unencrypted usernames and passwords for authentication. vsftpd is designed to be secure.
  
 daemon configuration file: /etc/vsftpd.conf (man vsftpd.conf) daemon location: /usr/sbin/vsftpd daemon configuration file: /etc/vsftpd.conf (man vsftpd.conf) daemon location: /usr/sbin/vsftpd
  
-/etc/xinetd.conf +==== /etc/xinetd.conf ==== 
 +<code bash>
 service ftp service ftp
 { {
Line 964: Line 987:
  instances = UNLIMITED  instances = UNLIMITED
 } }
-At this time I don't understand every options in this service (TODO)+</code>
  
-/etc/vsftpd.conf+At this time I don't understand every options in this service (TODO)
  
 +==== /etc/vsftpd.conf ====
 +<code bash>
 # Local FTP user Settings # Local FTP user Settings
 # #
Line 983: Line 1008:
 # Note: if this setting is disabled, windows stations will not be able to login. # Note: if this setting is disabled, windows stations will not be able to login.
 pasv_enable=YES pasv_enable=YES
-changing local_umask=077 to 022 allows users (for example the xerox scanner) to put in the directory (for example /server/printers/xerox/NETSCAN.XSM/) the scanned files with the rights 744 (see man umask to understand the umask settings) instead of 700. The NETSCAN.XSM directory is set to 770 and is owned by xerox.users +</code>
-The vsftpd daemon has to be restarted with /etc/init.d/xinetd restart +
-NFS+
  
-Example to connect NeXT coomputers (This example is with SuSe):+  * changing local_umask=077 to 022 allows users (for example the xerox scanner) to put in the directory (for example /server/printers/xerox/NETSCAN.XSM/) the scanned files with the rights 744 (see man umask to understand the umask settingsinstead of 700. The NETSCAN.XSM directory is set to 770 and is owned by xerox.users 
 +  * The vsftpd daemon has to be restarted with /etc/init.d/xinetd restart
  
-Server:+===== NFS ===== 
 + 
 +Example to connect NeXT computers (This example is with SuSe): 
 + 
 +==== Server ====
  
 In YaST → Network Services → NFS Server : Start NFS Server (go next) Set Directories to: /server/public/NeXT_Data_Server Set Hosts wildcard to: * Set Options to: rw, root_squash, sync (if set to rw the directory is set as read-write; if set ro ro the directory is set ro read-only) In YaST → Network Services → NFS Server : Start NFS Server (go next) Set Directories to: /server/public/NeXT_Data_Server Set Hosts wildcard to: * Set Options to: rw, root_squash, sync (if set to rw the directory is set as read-write; if set ro ro the directory is set ro read-only)
Line 995: Line 1023:
 chmod 777 /server chmod 777 /server/public chmod 777 /server/public/NeXT_Data_Server (This part may also work with other folder rights if users are logged in. But this part has to be completed) chmod 777 /server chmod 777 /server/public chmod 777 /server/public/NeXT_Data_Server (This part may also work with other folder rights if users are logged in. But this part has to be completed)
  
-Client+==== Client ====
 Open a terminal on a NeXT computer: NextApps → Terminal.app Open a terminal on a NeXT computer: NextApps → Terminal.app
- +  - cd /etc (where all services are located as the function ” mount” …) 
-cd /etc (where all services are located as the function ” mount” …) +  vi /etc/hosts and add eg. “192.168.1.22 siro” 
-vi /etc/hosts and add eg. “192.168.1.22 siro” +  as root: cd /etc
-as root: cd /etc+
 mount -t nfs siro:/server/public/NeXT_Data_Server /Users/iro/siro_projects mount -t nfs siro:/server/public/NeXT_Data_Server /Users/iro/siro_projects
  
Line 1013: Line 1039:
 (this setting should allow the user to login to the NFS server (this setting should allow the user to login to the NFS server
 if special settings are made on the shared directory) if special settings are made on the shared directory)
-SAMBA 
  
-Connection error+===== SAMBA ===== 
 +==== Connection error ====
  
 If a user can not login normally on the XP computer: If a user can not login normally on the XP computer:
  
-printers can not be add correctly (error 5 given by Kixtart - rights error) +  - printers can not be add correctly (error 5 given by Kixtart - rights error) 
-Users can simply not loggin on the computer (windows says pw error!)+  Users can simply not loggin on the computer (windows says pw error!) 
 I dont know exactly the reason of that but it seems that is caused by a sid error or something like this. To get right of this problem we have to clean the user profile. I dont know exactly the reason of that but it seems that is caused by a sid error or something like this. To get right of this problem we have to clean the user profile.
  
-Loggoff the user witch as the problematic profile +  - Loggoff the user witch as the problematic profile 
-mv /server/profile/“theProblematicProfile/” /server/profile/“theProblematicProfile.bck”/ +  mv /server/profile/“theProblematicProfile/” /server/profile/“theProblematicProfile.bck”/ 
-mkdir /server/profile/“theNewProfileDirectory”/ +  mkdir /server/profile/“theNewProfileDirectory”/ 
-chmod and chown +  chmod and chown 
-To resolve this you can either: +  To resolve this you can either: 
-Logon on a machine where the user does not yet has a saved profile with is username and pw to recreate a “clean” profile or +    Logon on a machine where the user does not yet has a saved profile with is username and pw to recreate a “clean” profile or 
-Logon to the machine usually used by the user as local/administrator +    Logon to the machine usually used by the user as local/administrator 
-Suppress the local copy of profiles: My Computer -&gt; properties -&gt; Advanced -&gt; UserProfiles… +      Suppress the local copy of profiles: My Computer -&gt; properties -&gt; Advanced -&gt; UserProfiles… 
-settings: remove all profiles except local\administrator +      settings: remove all profiles except local\administrator 
-regedit the registry and suppress everything about the user (make some searches with specific keywords) +      regedit the registry and suppress everything about the user (make some searches with specific keywords) 
-Restart the computer +      Restart the computer 
-loggin as network\administrator (to install and reset the registry with clean values - see kixtart script) +      - login as network\administrator (to install and reset the registry with clean values - see kixtart script) 
-loggoff +      - logoff 
-loggin as the user to recreate a “clean” profile +      - login as the user to recreate a “clean” profile 
-loggoff the user +  - logoff the user 
-On the server copy all relevant/interesting folders/data as favorites; Desktop; Application Data … mail and others; check the MyDocument folder; … +  On the server copy all relevant/interesting folders/data as favorites; Desktop; Application Data … mail and others; check the MyDocument folder; … 
-chmod / chown on this folders +  chmod / chown on this folders 
-Done… and the user can loggin back on computers and everything should be ok. +  Done… and the user can loggin back on computers and everything should be ok.
-WARNING: Do not mv but cp data from the backuped folder to the new one and keep it for days to be able to give user back some possible forgotten data!+
  
-mapping a windows group to a UNIX/LINUX group+<note warning>Do not mv but cp data from the backuped folder to the new one and keep it for days to be able to give user back some possible forgotten data!</note> 
 + 
 +==== mapping a windows group to a UNIX/LINUX group ====
  
 net groupmap add ntgroup=“Users” UNIXgroup=users net groupmap list net groupmap add ntgroup=“Users” UNIXgroup=users net groupmap list
  
 pour recuperer vos anciens profils, il faut les migrer de l'ancien SID vers le nouveau comme ceci: pour recuperer vos anciens profils, il faut les migrer de l'ancien SID vers le nouveau comme ceci:
 +  * les mettre sur le serveur en mode itinerant (c'est mieux avec samba au depart pour la migration
 +  * partager le dossier comme necessaire (voir la doc de samba sur les profils)
 +  * une fois tous les profils sur le serveur disons dans le dossier /users dans chaque dossier utilisateur /user/user1, /users/user2 etc… vous trouverez le fichier ntuser.dat (la ruche HKEY_CURRENT_USER). Le probleme c'est qu'elle contient les SID de l'ancien compte or le domaine SAMBA possede son propre SID qui est different de celui de l'ancien domaine de rattachement du profil.
  
-les mettre sur le serveur en mode itinerant (c'est mieux avec samba au depart pour la migration 
-partager le dossier comme necessaire (voir la doc de samba sur les profils) 
-une fois tous les profils sur le serveur disons dans le dossier /users dans chaque dossier utilisateur /user/user1, /users/user2 etc… vous trouverez le fichier ntuser.dat (la ruche HKEY_CURRENT_USER). Le probleme c'est qu'elle contient les SID de l'ancien compte or le domaine SAMBA possede son propre SID qui est different de celui de l'ancien domaine de rattachement du profil. 
 donc la marche a suivre est la suivante : donc la marche a suivre est la suivante :
 +  * vous creez les users dans samba: smbpasswd etc…
 +  * vous recuperez le SID de l'utilisateur
 +  * pdbedit -Lv user1 et cherchez la ligne SID (sous l forme S-X-……)
  
-vous creez les users dans samba: smbpasswd etc… 
-vous recuperez le SID de l'utilisateur 
-pdbedit -Lv user1 et cherchez la ligne SID (sous l forme S-X-……) 
 ensuite c'est simple, profiles ntuser.dat va vous afficher plein de lignes cherchez le SID dedans et faite un remplacement comme ceci: ensuite c'est simple, profiles ntuser.dat va vous afficher plein de lignes cherchez le SID dedans et faite un remplacement comme ceci:
 +  * profiles ntuser.dat OLDSID NEWSID sur les PC
 +  * ensuite dans document and settings supprimez TOUS les profils sur toutes les machines correspondants a ceux que vous avez envoyé sur le serveur.
 +  * y a plus qu'a vous logguer et vous n'aurez plus de dossier sous la forme User.DOMAINE
  
-profiles ntuser.dat OLDSID NEWSID sur les PC +===== inetd / xinetd =====
-ensuite dans document and settings supprimez TOUS les profils sur toutes les machines correspondants a ceux que vous avez envoyé sur le serveur. +
-y a plus qu'a vous logguer et vous n'aurez plus de dossier sous la forme User.DOMAINE +
-inetd / xinetd+
  
 all ports are listed in /etc/services all ports are listed in /etc/services
Line 1069: Line 1097:
  
 starting the xinetd daemon: sudo /etc/init.d/xinetd start/stop/restart restart xinetd daemon to take in acount the new configuration (This is an old method) starting the xinetd daemon: sudo /etc/init.d/xinetd start/stop/restart restart xinetd daemon to take in acount the new configuration (This is an old method)
 +<code bash>
 su su
 ps -u root | grep xinetd (get PID of xinetd) ps -u root | grep xinetd (get PID of xinetd)
 kill -s SIGUSR1 "PID of xinetd" kill -s SIGUSR1 "PID of xinetd"
 +</code>
 +
 Now you can simply /etc/init.d/xinetd restart/reload Now you can simply /etc/init.d/xinetd restart/reload
  
-nmap / xnmap+===== nmap / xnmap =====
  
 test open ports on an given host nmap / xnmap (==nmapfe) (from package nmap-gtk which is a nmap frontend) example: nmap localhost test open ports on an given host nmap / xnmap (==nmapfe) (from package nmap-gtk which is a nmap frontend) example: nmap localhost
programming/bash/miscellaneous_notes.txt · Last modified: 2012/05/09 19:24 by sbolay