5333 private links
Find files Based On their Permissions
The typical syntax to find files based on their permissions is:
$ find -perm mode
The MODE can be either with numeric or octal permission (like 777, 666.. etc) or symbolic permission (like u=x, a=r+x).
We can specify the MODE in three different ways as listed below.
- If we specify the mode without any prefixes, it will find files of exact permissions.
- If we use "-" prefix with mode, at least the files should have the given permission, not the exact permission.
-
If we use "/" prefix, either the owner, the group, or other should have permission to the file. ///
find . -not -perm -g=r
Public key authentication is a way of logging into an SSH/SFTP account using a cryptographic key rather than a password.
If you use very strong SSH/SFTP passwords, your accounts are already safe from brute force attacks. However, using public key authentication provides many benefits when working with multiple developers. For example, with SSH keys you can
- allow multiple developers to log in as the same system user without having to share a single password between them;
- revoke a single developer's access without revoking access by other developers; and
- make it easier for a single developer to log in to many accounts without needing to manage many different passwords. //
Method 1: Using ssh-copy-id
To copy your public key to your server, run the following command. Be sure to replace "x.x.x.x" with your server's IP address and SYSUSER with the name of the the system user your app belongs to.
ssh-copy-id SYSUSER@x.x.x.x
Method 2: Manual Configuration
If you don't have the ssh-copy-id command (for example, if you are using Windows), you can instead SSH in to your server and manually create the .ssh/authorized_keys file so it contains your public key.
First, run the following commands to make create the file with the correct permissions.
(umask 077 && test -d ~/.ssh || mkdir ~/.ssh)
(umask 077 && touch ~/.ssh/authorized_keys)
Next, edit the file .ssh/authorized_keys using your preferred editor. Copy and paste your id_rsa.pub file into the file. //
Correcting Permissions on the .ssh Directory
The instructions in this article will create your server's .ssh directory and .ssh/authorized_keys file with the correct permissions. However, if you've created them yourself and need to fix permissions, you can run the following commands on your server while SSH'd in as your app's system user.
chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys
Changing the group a user is associated to is a fairly easy task, but not everybody knows the commands, especially to add a user to a secondary group. We’ll walk through all the scenarios for you.
If you want to create a new group on your system, use the groupadd command following command, replacing new_group with the name of the group you want to create. You’ll need to use sudo with this command as well (or, on Linux distributions that don’t use sudo, you’ll need to run the su command on its own to gain elevated permissions before running the command).
sudo groupadd mynewgroup
To add an existing user account to a group on your system, use the usermod command, replacing examplegroup with the name of the group you want to add the user to andexampleusername with the name of the user you want to add.
usermod -a -G examplegroup exampleusername
For example, to add the user geek to the group sudo , use the following command:
usermod -a -G sudo geek
Enjoy the security and benefits of a dedicated mailbox server in a highly available mail infrastructure.
The problems are well known when using free e-mail providers or shared hosting mail servers: My e-mail was sent but was it received on the other side? Why are my e-mails rejected by a blacklist? Are my e-mails secure when hundreds of other users are storing their mails on the same mailserver?
E-Mails are business critical and you should not be asking the questions above. The Private Mailbox Server offers a purely dedicated mailbox server in a highly available and redundant mail infrastructure. Your e-mails are stored securely on a private mailbox server; no other customers are using your mailbox server nor are able to access it. //
Data center location: Switzerland
100GB storage $86/mo, or 150/mo for high avail
Barclays and the TD Bank Group have joined the Open Invention Network's Linux and open-source protection consortium. //
When it comes to defending the intellectual property (IP) rights of Linux and open-source software, global leading banks aren't the first businesses to come to mind. Things have changed. Barclays, the London-based global corporate and investment bank, and the TD Bank Group, with its 26-million global customers, have joined the leading open-source IP defense group, the Open Invention Network (OIN)
For years, the OIN, the largest patent non-aggression consortium, has protected Linux from patent attacks and patent trolls. Recently, it expanded its scope from core Linux programs and adjacent open-source code by expanding its Linux System Definition. In particular, that means patents relating to the Android Open Source Project (AOSP) 10 and the Extended File Allocation Table exFAT file system are now protected.
As important as this is, why would banks, no matter how big, care? It's because even banks care about opposing the abuse of IP rights by patent assertion entities (PAE), better known to most of us as "patent trolls." Even banks are subject to patent troll attacks these days.
When I started my own Linux journey, I was adamant about not even touching a terminal window. As if the command line was this diseased, disgusting thing.
“If I can’t do it with a GUI then I’m not even interested in this distro!” I’d say stubbornly. //
The keyboard, mightier than the mouse. Weaponized to do our bidding. Transforming words into binary, and binary into action. //
I’ve come to realize the true appeal of the command line is the consistency.
The uniformity.
The reliability.
There is a certain level of comfort in that.
What 3 years of distro hopping has taught me is this: no matter which Debian or Ubuntu-based distribution I decide to use on any given day, installing software will always be the same combination of words, through the same terminal window that’s guaranteed to be there.
A list of some of my favorite basic Linux commands that make day-to-day sysadmin tasks easier and more efficient.
As we already maintain CloudLinux OS, we plan to release a free, open-sourced, community-driven, 1:1 binary compatible fork of RHEL® 8 (and future releases) in the Q1 of 2021. We will create a separate, totally free OS that is fully binary compatible with RHEL® 8 (and future versions). We will sponsor the development & maintenance of such OS. We will work on establishing a community around the OS, with the governing board from members of the community. //
If you are running CentOS 8 - we will release an OS very similar to CentOS 8 based on RHEL 8 stable. We will provide stable and well-tested updates until 2029 - completely free. You will be able to convert from CentOS 8 at any moment by running a single command that switches repositories & keys.
I can't pretend this is good news for CentOS users, but I can offer some good news: CentOS might be dead, but it's far from your only option for a "rebuild" distro that's binary-compatible with RHEL. Let's take a look at a few of the most likely options below.
By creating a public/private SSH keypair, and uploading the public key to your rsync.net filesystem, you can allow your backup process to authenticate without your password.
Generating the SSH Keypair
First, log into your unix system as the user that your backups will run under. So, if your backups will run as the root user (which is very common) you need to log in as root.
Now run the following command:
ssh-keygen -t rsa -b 4096
Accept the defaults - do not change the filenames or file locations It is very important that the resultant private and public keys reside in your home directories .ssh directory, or ~/.ssh (which is the default)
DO NOT enter a passphrase - just hit enter twice, leaving an empty passphrase.
Uploading Your Public Key
Upload your newly created public key using this command:
scp ~/.ssh/id_rsa.pub 123@tv-s009.rsync.net:.ssh/authorized_keys
DO NOT change the permissions on the uploaded file, before or after the upload
DO NOT change the permissions on your home directory, or your .ssh directory
NOTE: 123@tv-s009 is most certainly NOT your login ID or hostname - please change them.
Testing Your Passwordless Login
Test that your key works by ssh'ing to your rsync.net filesystem (from your local system, as the user who created/uploaded the key):
ssh 123@tv-s009.rsync.net ls
You should not be asked for a password
Multiple Keys (optional)
It is possible to upload multiple public keys to your rsync.net account, allowing one or more users on one or more computer systems to log in without a password. However, you cannot just follow the above instructions over and over again, because each time you follow them, you will overwrite the previous key.
Instead, do this:
-
For the first user on the first computer system, follow the instructions above exactly.
-
For each subsequent user (possibly on different computer systems), replace the 'scp' step in the above instructions with:
cat ~/.ssh/id_rsa.pub | ssh 123@tv-s009.rsync.net 'dd of=.ssh/authorized_keys oflag=append conv=notrunc'
-
Repeat this process for each user until you have a fully populated authorized_keys file in your rsync.net account.
Smooth remote desktop, remote scripting, and rich auto-complete to maximize your IT support efficiency.
Remote Desktop
Instantly connect to remote desktops either unattended or by invite. Invites are started from a single-file, portable executable that's easy for customers to download and use.
Notable Features
- Support for Windows and Linux devices
- Unattended and attended access
- Remote scripting for Windows PowerShell, PowerShell Core, Bash, and CMD
- Optional WebRTC for secure peer-to-peer screen transfer on Windows agents, which reduces load on the server
- Drag-and-drop file transfer
- Remote audio streaming (Windows only)
- Bi-directional clipboard sharing
- Integrated chat
- 2-factor authentication
Get Started
Remotely is free and open-source, and there are multiple ways to start using it.
- Download the portable client to try out instant screen sharing
- Create an account on the demo server that we host to try the unattended access and remote scripting
- Install a server package to host a server yourself
- Download and build the source code to host a server yourself
Chmod calculator allows you to quickly generate permissions in numerical and symbolic formats. All extra options are included (recursive, sticky, etc). You’ll be ready to copy paste your chmod command into your terminal in seconds.
Use the octal CHMOD Command:
chmod -R 777 folder_name
OR use the symbolic CHMOD Command:
chmod -R a+rwx folder_name
Chmod means ‘change mode’ and it changes file or directory mode bits (the way a file can be accessed). You can use chmod in the command line to change file or directory permissions on unix or unix-like systems such as linux or BSD.
I just made a backup of an entire hard drive (50GB) over ssh via:
dd if=/dev/hda | buffer -s 64k -S 10m | ssh myuser@myhost "cat > ~/image.img"
What's now the best way to check the integrity ...
tr '\0' '\377' < /dev/zero > /mnt/a/1
It will abort with an error when the drive is full.
See https://ss64.com/bash/tr.html for syntax/usage of "translate" ("tr").
translate every occurrence of '0' in /dev/zero to char 255 (377 octal) and send output to file named "1" in directory /mnt/a/
You can also try to use the following script to automativally check and determine if a reboot is required for a Linux system for kernel update:
!/bin/bash
LAST_KERNEL=$(rpm -q --last kernel | perl -pe 's/^kernel-(\S+).*/$1/' | head -n1)
CURRENT_KERNEL=$(uname -r)
test $LAST_KERNEL = $CURRENT_KERNEL || echo REBOOT
A “REBOOT” text will be display is a system restart is required.
Note that the script may not be accurate if a custom kernel is installed, or error on the names of rpm, and other reasons.
Mosh, or mobile shell, is the ideal tool for remote system administration. While SSH is great, Mosh beats it in several areas. Let’s dive into the reasons why it makes sense to learn about Mosh.
Session Resumption
Remember the last time your connection was interrupted? It it frustrating and sometimes even leads to losing some of your work. The stable TCP connection is not always a blessing. Mosh comes to the rescue, especially for less stable connections. It solves this issue by picking up where you left. Mosh has a roaming function, allowing you to even between connections. Very useful when you are on the move, or your WiFi connection provides you suddenly with a new IP lease. No longer you need to run everything in a screen session.
No root permissions needed
Mosh can run without root privileges. This is because it uses normal binaries (mosh, mosh-client, and mosh-server). There is no daemon (of its own) waiting for incoming connections.
Default UTF8 support
Every terminal reacts differently to “strange” characters. Mosh will not break your terminal, as it uses UTF-8 by default. So the intended output ends up correctly on your screen, every time. This is much better than showing garbled text or even hanging your terminal screen.
Responsive
SSH has the tendency to be slow to respond to your Ctrl+C requests. This is caused by network buffers be filled and your Ctrl+C has to wait in a long line. Mosh can deal with this, and ensures you it quits much quicker. Interestingly enough Telnet was in some ways much better than SSH, like local echo. Mosh brings back some of the good features.
Another great use-case is when having to do administration on slow connections, especially with “long” network links, including a high latency). With SSH you are waiting for every character to show up, Mosh makes it much more responsive. It does so with the combination of previous input and predictions. It shows what it expects to be there, by using underlining. Then it does a validation step to ensure things are right and tells you that by removing the underlining.
Firewall Rules
One of the disadvantages of Mosh is that the additional UDP port means opening up a set of ports in your firewall. As one port per connection is used, you can limit this (e.g. 60000-60005). For environments which strict rules, this might be a deal breaker. Still for many situations Mosh is a useful addition to simplify work.
Distribution of SSH keys
When you want to allow public key authentication, you have to first create a SSH keypair. Next step is then the distribution of the public key to the other systems. Let’s have a look at a few options, including using the ssh-copy-id utility.
Option 1: Manually
In the past, you had to log in manually to the new system and do things yourself. Especially if you created your key with a tool like PuTTYgen on Windows. Then you logged in on the other system, created a .ssh directory and the related authorized_keys file. Of course, it was common to forget setting the right permissions, resulting in the authentication to fail.
Option 2: Using ssh-copy-id
Much easier is to use the SSH utility ssh-copy-id. Just run the tool and provide it your username on the remote server, with the remote server name.
ssh-copy-id michael@my-server
It will use your local environment to determine the related key(s) and copy it over. In case you use an alternative identity file, you can provide that with the -i option. Same for when running on a different port, specify it together with -p. To simplify your life, set up a ssh_config file. This way the right username and port are used.
In need of support from a colleague or vendor, but don’t want to give them permanent access? SSH has an option to allow temporary access! Next time you need to provide temporary access for an hour or day, use this great option.
SpaceX engineers also reveal machine learning is not used on the Dragon and Falcon spacecraft. //
Each of SpaceX's monthly launches of 60 internet-beaming Starlink satellites carries 4,000 stripped-back Linux computers, SpaceX software engineers have revealed.
SpaceX engineers disclosed the detail in a Reddit Ask Me Anything (AMA) session over the weekend. //
It also means that it's now sent 32,000 Linux computers to space for the existing constellation.
"The constellation has more than 30,000 Linux nodes (and more than 6,000 microcontrollers) in space right now," wrote Matt Monson, SpaceX's director of Starlink software.
"And because we share a lot of our Linux platform infrastructure with Falcon and Dragon, they get the benefit of our more than 180 vehicle-years of on-orbit test time." //
We designed the system to use end-to-end encryption for our users' data, to make breaking into a satellite or gateway less useful to an attacker who wants to intercept communications," wrote Moran.
"Every piece of hardware in our system (satellites, gateways, user terminals) is designed to only run software signed by us, so that even if an attacker breaks in, they won't be able to gain a permanent foothold.
"And then we harden the insides of the system (including services in our data centers) to make it harder for an exploited vulnerability in one area to be leveraged somewhere else. We're continuing to work hard to ensure our overall system is properly hardened, and still have a lot of work ahead of us (we're hiring), but it's something we take very seriously."
SpaceX's workhouse Falcon 9 rocket, which flew NASA astronauts Bob Behnken and Doug Hurley to the International Space Station, is powered by liquid oxygen, rocket-grade kerosene, and Linux. //
Usually, though, chips that go into space aren't ordinary chips. CPUs that stay in space must be radiation-hardened. Otherwise, they tend to fail due to the effects of ionizing radiation and cosmic rays. These customized processors undergo years of design work and then more years of testing before they are certified for spaceflight. For instance, NASA expects its next-generation, general-purpose processor, an ARM A53 variant you may know from the Raspberry Pi 3, to be ready to run in 2021. Because the first stage of the Falcon 9 lands itself, its chips don't need to be radiation hardened. //
Why three processors? That's because, as explained on StackExchange Space Exploration, SpaceX uses an Actor-Judge system to provide safety through redundancy. In this system, every time a decision is made, it's compared to the results from the other cores. If there's any disagreement, the decision is thrown out and the process is restarted. It's only when every processor comes up with the same answer that a command is sent to the PowerPC microcontrollers.
These controllers, which call the shots for the rocket engines and grid fins, get three commands from each of the x86 processors. If all three command strings are identical, then the microcontroller executes the command, but if one of the three is bad, the controller goes with the last previously correct instruction. If things go completely awry, the Falcon 9 ignores the misfiring chip's commands. //
The point of this triple "tell-me three times" redundancy is to give the fault tolerance it needs without having to pay for expensive space-specific chips. Modern planes, like the newer Airbus planes, use a similar approach in their fly-by-wire systems. //
The Dragon spacecraft also runs Linux with flight software written in C++. The ship's touchscreen interface is rendered using Chromium and JavaScript. If something were to go wrong with the interface, the astronauts have physical buttons to control the spacecraft.
//
So, thanks in part to Linux, we've returned to manned spaceflight in the US. And, this it seems penguins can fly, with sufficient rocket power behind them.