Automate execution of shell scripts owned by non-root users at boot

Hi all, This is really going to be useful. many times we need to execute some commands or shell scripts as non-root user at the time of booting. say for example you need to mount samba share to be mounted as non-root user at time of system boot. Many people do argue that why you need to mount share as non-root user … A good answer for that argument is, not all applications are running as root user on server. For security reasons it is a good practice to have different non-root users as owner of different applications.

Follow these steps to execute a single command as non-root user at time of bootinig in unix/linux.

  1. edit your rc.local script as this is the script which will be execute immediately after booting. usually it is available under /etc/ directory. type following line of command to mount a external samba share as non-root user.su – {userid} -c {COMMAND}If you think you have more arguments in your command line or you have more then 1 command to be executed then put them alltogether in one shell script and then usesu – {userid} -s {shell-script}

    e.g. you need to mount two mounts on single linux servers and those two mounts are on different servers then your shell-script called myscript will become something like. also it is good idea to keep that script in users home directory or in a directory which is accessible by that non-root user other wise it will not work.


    #!/bin/bash
    /usr/bin/smbmount //{first server name OR IP address}/{share name} {first local path to mount} -o username,password rw
    /usr/bin/smbmount //{second server name OR IP address}/{share name} {second local path to mount} -o username,password rw
    exit;
    And for this case your entry in /etc/rc.local will be

    su – {non-root-user} -s {/home/non-root-user/myscript}

Make sure that non root user have valid shell available other wise this will not work

UMASK for sftp users / connections – Linux / centos / fedora / ubuntu

As Internet is now growing like anything, various requirements / demands come across. recently i was setting up a web development server where multiple developers were required to add / edit / update files on same directory ….. hmmm .. Initially i thought i will create a group and add those developers in that group and everything will be done .. but as default UMASK on LINUX server is set to 0022, it dosen’t grant write permissions to group by default.. Hence I need to change UMASK to 0002 for those sftp users… and here you go ..There are multiple ways to achieve this .. first way to set up a shell script which will start sftp sub system with umask 0002 …

Create following shell script:

#!/bin/bash

umask 0002

# The path to your sftp-server binary may differ
exec /usr/libexec/openssh/sftp-server

Then I pointed the Subsystem directive in the sshd_config file to my script:

Subsystem       sftp    /opt/sftp-server-script.sh

A quick restart/reload of the sshd configuration and I was in business. Both users could see and edit each others files. Email or comment with questions.

—Second option :
Or even simpler still as @Gilles pointed out in the comments you can do away with the wrapper script entirely and simply change the Subsystem line in your sshd_config to this:

Subsystem sftp /bin/sh -c ‘umask 0002; /usr/libexec/openssh/sftp-server’

Thanks Mate… much appreciated.

—Third Option
There is a new flag for the sftp-server, ‘-u’, that allows you to directly set the umask, overriding the user umask. So to use it, just do this:

Subsystem sftp /usr/libexec/openssh/sftp-server -u 0002

What is shell ?

Shell is a program which allows users to interact with computers.

Shell is an command language interpreter that executes commands read from the standard input device (keyboard) or from a file. Several shells available fo Linux and UNIX operating systems are :

SH (Bourne Shell) Old Unix Shell.
BASH (Bourne-Again Shell) GNU
CSH (C Shell) BSD
TCSH (Popular extension of C Shell)
KSH (Korn Shell) Bell Labs
ZSH (Popular Extension of Korn Shell)
RSH (Remote Shell) TCP/IP

User’s use keyboard to send commands to system. The interface they are using is called CLI (Command Line Interface). If you are normal user (non administrator) prompt is called
“$” prompt (dollar prompt). If you are administrator (super user) then prompt is called
“#” prompt (pound /hash).

If you want to know how many shells are supported by your system then use following command.
$cat /etc/shells
OR
#cat /etc/shells
Note : Above command will display content of file “/etc/shells” on your screen.

How do I find out what shell I’m using?

As We mentioned earlier that shell is a program which allows users to interact with system, we can find out which shell you are using right now using “ps” command with -p switch.
ps -p $$
So what is $ argument passed to -p option? Remember $ returns the PID (process identification number) of the current process, and the current process is your shell. So running a ps on that number displays a process status listing of your shell. In that listing you will find the name of your shell (look for CMD column) .

nilesh@gnulinux:~$ ps -p $$
  PID TTY          TIME CMD
 3301 pts/0    00:00:00 bash

What is shell ? Unix / Linux / centos / redhat / suse / fefora / bsd / solaris / Aix
How to find out which shell I am using ?
what is shell prompt ? what is difference between $ (dollar) and #(pound)(hash) prompt?
About shell, command interpreter program.
What is shell script?

MySQL database backup script?

How to backup multiple mysql databases ?
A very powerful shell script to backup your mysql databases totally free.. enjoy

#!/bin/bash
NOW=`date +"%Y-%m"`;
BACKUPDIR="location/of/your/backup/dir/$NOW";

### Server Setup ###
#* MySQL login user name *#
MUSER="user";

#* MySQL login PASSWORD name *#
MPASS="pass";

#* MySQL login HOST name *#
MHOST="your-mysql-ip";
MPORT="your-mysql-port";

# DO NOT BACKUP these databases
IGNOREDB="
information_schema
mysql
test
"

#* MySQL binaries *#
MYSQL=`which mysql`;
MYSQLDUMP=`which mysqldump`;
GZIP=`which gzip`;

# assuming that /nas is mounted via /etc/fstab
if [ ! -d $BACKUPDIR ]; then
mkdir -p $BACKUPDIR
else
:
fi

# get all database listing
DBS="$(mysql -u $MUSER -p$MPASS -h $MHOST -P $MPORT -Bse 'show databases')"

# SET DATE AND TIME FOR THE FILE
NOW=`date +"d%dh%Hm%Ms%S"`; # day-hour-minute-sec format
# start to dump database one by one
for db in $DBS
do
DUMP="yes";
if [ "$IGNOREDB" != "" ]; then
for i in $IGNOREDB # Store all value of $IGNOREDB ON i
do
if [ "$db" == "$i" ]; then # If result of $DBS(db) is equal to $IGNOREDB(i) then
DUMP="NO";         # SET value of DUMP to "no"
#echo "$i database is being ignored!";
fi
done
fi

if [ "$DUMP" == "yes" ]; then # If value of DUMP is "yes" then backup database
FILE="$BACKUPDIR/$NOW-$db.gz";
echo "BACKING UP $db";
$MYSQLDUMP --add-drop-database --opt --lock-all-tables -u $MUSER -p$MPASS -h $MHOST -P $MPORT $db | gzip > $FILE
fi
done

How to change date and time in linux? date-time

Today I wanted to change date and time on one of my server quickly from command line. I am aware with command line options but every time I want to do it, I need to read man page or help to get perfect combination so i decided to write this small how to which can help me and you every time we want to change date and time in linux from command line.

Remember, CLI (command line interface) is most powerful for users / administrators like us.
To change system date in linux, type:-

#date MMDDhhmmYYYY.ss

For example: i want to change my system date to Dec 25 2009, 5.30pm, I will type:-
#date 122517302009.00

It’s simple, Isn’t it ?

Note:
MM – month
DD – day
YYYY – year
hh – hour is based on 24 hour
mm – minutes
ss – seconds

Hope this will help you.

How to disable users in linux/unix?

This how-to will show how to disable a user account under linux. This might be useful in the situation where you don’t want to permanently remove the user, but you just want it disabled and no longer able to use the system. The user will still receive emails for example, but he will not be able to login and check them out.

In latest linux systems /etc/shadow stores the encrypted user passwords. The quickest way to disable a user is to alter is password stored in /etc/shadow. Normally an active user account will have one line in /etc/shadow that will look like:

user:$1$eFd7EIOg$EeCk6XgKktWSUgi2pGUpk.:13852:0:99999:7:::

where the second field is the encrypted password. Note: Fields seperated by :

If we replace the password with “*” or “!” this will make the account unusable, and that means the user will not able to login on system any more:

user:*:13852:0:99999:7:::

This method has the disadvantage that the user password will be lost (unless saved somewhere, etc.) in the case we will want to re-enable it again later. From this point of view a much better method is to use the passwd command to lock the account:

passwd -l

and the output of the successful change will be “Password changed.”. This actually just changes the shadow file and adds “!” in front of the user password:

user:!$1$eFd7EIOg$EeCk6XgKktWSUgi2pGUpk.:13852:0:99999:7:::

Of course we could do this manually ourselves also if we want but its good to do through commands. There is a chance of human error if you try and edit shadow file by yourself.

If you will ever need to re-enable the account just unlock it:

passwd -u

or just remove manually the “!” character from the user’s password line in /etc/shadow.

Of course if you don’t need all this stuff and you just want to permanently remove the user just run:

userdel

this will keep user’s old files (home directory, mails, etc.) or to delete all his files on the system:

userdel -r

just be careful what is the home of the user before running this command as personally I have seen someone do this and erasing all the system… the user had set as home “/” .

Hope this helps.

The vi, vim editor in linux

In this quick tutorial I will share some vim basics. Vim is a powerful text editor used in CLI (command line interface). As there are lots of configuration files in gnu/linux, which are all in clear text format, you’ll often need to edit them using a text editor. vim (in short vi) is a great tool to use.
One of the first things to know about vi is that it typically functions in three different modes:

  1. Command mode
  2. Insert mode
  3. Last line mode

vi command mode

When you first start editing a file with the vi editor you will be in vi command mode. In this mode you can issue many vi commands, including commands like insert, append, and delete, and other search and navigation commands that let you move around your file.

Possibly the most important thing to know is that when you’re in command mode you can’t insert text immediately. You first need to issue an insert, append, or open command to insert text. These commands are actually fairly simple, and I’ve documented them in this

Lets talk about other vim modes.

vi insert mode

Once you issue a vi insert, append, or open command, you will be in vi insert mode. If you’re working with a modern vi or vim implementation, your vi editor is typically configured to show the current mode of operation, so when you go into insert mode, you’ll see a text string like this on the last line of your vi editor window:

-- INSERT --

At this point you can (a) type text into your file and (b) use the arrow keys to navigate around your file just as you would do with any other text editor.

A very important concept to know is that when you’re in vi insert mode, but you want to switch back to vi command mode, you easily move back to command mode by pressing the [Esc] key. This command is so important, I’ll show it again:

[Esc]

This command is very common, and I often see expert vi users press the [Esc] key several times in a row. They usually do this (a) to be sure they hit the key and they’re really back in command mode, and (b) to hear the beep from the computer, which happens when you press the [Esc] key when you’re already in vi command mode. This seems to serve as a form of feedback which assures them that they’re in command mode.

vi last line mode

The last vi mode is known as vi last line mode. You can only get to last line mode from command mode, and you get into last line mode by pressing the colon key, like this:

:

After pressing this key, you’ll see a colon character appear at the beginning of the last line of your vi editor window, and your cursor will be moved to that position. This indicates that vi is ready for you to type in a “last line command”.

From this vi command prompt you can do all sorts of really amazing things. You can do simple things, like quitting your vi session, like this:

:q

or this:

:q!

or this:

:wq

From last line more you can also perform some amazing vi search commands or vim search and replace commands. Another cool thing is that you can issue Linux or Unix commands from within your vi editor session, like this simple ls command:

:!ls

It’s really handy sometimes to be able to stay in your vi editing session but still be able to run Unix or Linux commands.

And finally, you can also issue many vi configuration commands, such as this command that tells vi to show lines numbers in your current editor window:

:set shownumber

There is a ton of power in this vi last line mode, and I’ve tried to share pieces of this power in a variety of different vi tutorials. (Just search this blog for “vi” or “vi editor” and you’ll find a wealth of vi tutorials.)

One last note about the vi last line mode: If you’re in last line mode, and you want to switch back to command mode, there are several different ways to do this. For consistency, one way to do this is to press the [Esc] key twice, like this:

[Esc][Esc]

(This is consistent with the method of moving from insert mode back to command mode, except you have to press the [Esc] key twice.)

A second way is to press the [Backspace] key until anything you typed and the initial “:” character are gone. At this point you’ll be back in command mode.

Finally, if you haven’t typed anything at all, and you’re just looking at the “:” prompt on the last line, you can just press [Enter], and you’ll be placed back in vi command mode.

After opening a new OR existing file in vim editor with vim you can try modes listed here.

Insert mod : lets you insert text in a document. shotcurt : “i” (insert where the cursor is) or “o” (insert at the beginning of the following line).

Visual mod : permits to select the text like you would do with a mouse but using the keyboard instead of the mouse. Useful to copy several lines for example. shotcurt : V

Let’s now speak about the command mode.

A command begins with the symbol “:”.

When you are in another mod you can use the escape key (sometimes you’ll need to hit it twice) to come back to command mod at any time.

save : :w
save and exit : :wq
exit : :q
force : ! (example :w! :q!)
vertical split : open a document and then type :vsplit /path-to-document/document and this will open the specified document and split the screen so you can see both documents.
copy : y
copy a line : yy
paste : p
cut : d
cut a line : dd

I repeat these are very basic commands for vim, but they are very useful, and I hope this will help you configuring your Linux.

How to search file(s) in linux / unix?

find is very famous and regularly used command to find files in the Linux/UNIX filesystem based on various different conditions. Let us review some practical examples of find command. All system administrators love this command, sometimes a life saver..
Syntax:

find [pathnames] [conditions]

How to find files containing a particular / specific word in its name?
The following command looks for all the files under /etc directory with cron
in the filename.

# find /etc -name "*cron*"

How to find all the files greater than certain size?
The following command will list all the files in the system greater than
10MB.

# find / -type f -size +10M

How to find files that are not modified in the last x number of days?
The following command will list all the files that were modified more than 30
days ago under the current directory.

# find . -mtime +30

How to find files that are modified in the last x number of days?
The following command will list all the files that were modified in the last
five days under the current directory.

# find . –mtime -5

How to delete all the archive files with extension *.tar.gz and greater than 50MB?
Please be careful while executing the following command as you don’t want
to delete the files by mistake. The best practice is to execute the same
command with ls –l to make sure you know which files will get deleted when
you execute the command with rm.

# find / -type f -name *.tar.gz -size +50M -exec ls -l {} \;
# find / -type f -name *.tar.gz -size +50M -exec rm -f {} \;

How to archive all the files that are not modified in the last x
number of days?

The following command finds all the files not modified in the last 30 days
under /home/nilesh directory and creates an archive files under /tmp in the
format of ddmmyyyy_archive.tar.

# find /home/nilesh -type f -mtime +30 | xargs tar -cvf
/tmp/`date '+%d%m%Y'_archive.tar`

On a side note, you can perform lot of file related activities (including finding
files) us

How to connect to MySQL Server From Shell Prompt? (CLI – Command Line Interface)

How do I access (connect to) MySQL server from the shell prompt (command line)?

MySQL software includes mysql client. It is a text-based client for mysqld, a SQL-based relational database server. It works interactive and non-interactive mode.

mysql Client Syntax:

mysql -u {mysql-user} -p {mysql-password} -h {mysql-server}

Where,

  • -u {mysql-user} : Specify MySQL user name. Use root only when connecting to local system.
  • -p {mysql-password}: Specify password, Employ the specified password when connecting to the database server. If a password is not supplied, it will be requested interactively.
  • -h {mysql-server}: Connect to the specified host (remote or local)

For example remote connect to MySQL server called mysql10.nixcraft.in and user vivek:

$ mysql -u nilesh -h mysql101 -p

Sample outputs:

Enter password:
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 5 to server version: 4.1.15-Debian_1-log

Type 'help;' or '\h' for help. Type '\c' to clear the buffer.

mysql>

You can type an sql statement at mysql> prompt. In this example, you will list tables from the demo database, run;

USE demo;
SHOW TABLES;

Sample Session:

mysql -u root -p
Enter password:
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 31855130
Server version: 5.0.77 Source distribution

Type 'help;' or '\h' for help. Type '\c' to clear the buffer.

mysql> use linux;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A

Database changed
mysql> show tables;
+-----------------+
| Tables_in_linux |
+-----------------+
| linux1          |
| linux1_meta     |
+-----------------+
2 rows in set (0.00 sec)

mysql> \q
Bye

After typing an SQL statement, end it with ” ; ” (semicolon) and press [Enter] key.

To exit type quit or \q:

quit

OR

q

Sample session:

mysql -u root -p
Enter password:
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 31853999
Server version: 5.0.77 Source distribution

Type 'help;' or '\h' for help. Type '\c' to clear the buffer.

mysql> quit
Bye

Batch Mode:

You can execute SQL statements in a script file (batch file) as follows:

mysql database_name < input.script.sql > output.file
mysql -u user -p'password' database_name < input.script.sql > output.file

Recommended Reading:

Type the following command to mysql command man page:

man mysql

what is connection string in MySQL?
How to connect to mysql-server using username and password?
free opensoure RDBMS MySQL?
how to get help on mysql database administration?
connect to mysql-server using mysql-client remotely?

How to find File-Directory creation date ?

$stat <file name> command basically displays file or file-system status. stat command is used to find Access , Modify, Change date and time for any file or directory in Unix like operating systems. e.g

$stat /root/install.log
File: `/root/install.log'
Size: 17154           Blocks: 48         IO Block: 4096   regular file
Device: fd00h/64768d    Inode: 1177346     Links: 1
Access: (0644/-rw-r--r--)  Uid: (    0/    root)   Gid: (    0/    root)
Access: 2011-09-30 16:24:39.000000000 +0100
Modify: 2011-09-30 16:28:59.000000000 +0100
Change: 2011-09-30 16:29:04.000000000 +0100


As show in above example, It also displays owner and group associated with particular file. permissions on particular file. etc
There is no creation date available as far as I know unless you log the file creation date in a script. You can use the stat command as mentioned above to get the time stamp for last access, last change and last modification time.

$stat --version
stat (GNU coreutils) 5.97
Copyright (C) 2006 Free Software Foundation, Inc.
This is free software.  You may redistribute copies of it under the terms of
the GNU General Public License <http://www.gnu.org/licenses/gpl.html>.
There is NO WARRANTY, to the extent permitted by law.

Written by Michael Meskes.

In linux, centos, fedora, redhat, suse, ubuntu, mint, debian, mandrake, caldera, yolinux, gnulinux

How to find directory last change / modification date and time?
How to find file / filesystem last change / modification date and time?
How to find last “access” date and time for file / directory?

As we are talking about time stamp (access, change, modify) for files / directories in linux, we much consider talking about “touch” command.
“touch” [options] <file name(s)>  :
Mainly touch command is used to change time stamp for files. If file does not exist then touch command creates file with current time stamp. e.g

$touch file1 file2 file3

will create 3 files in your present working directory with current time stamp.
Several of touch’s options are specifically designed to allow the user to change the timestamps for files. For example, the -a option changes only the access time, while the -m option changes only the modification time. The use of both of these options together changes both the access and modification times to the current time, for example:

$touch -am file11

The -r (i.e., reference) option followed directly by a space and then by a file name tells touch to use that file’s time stamps instead of current time. For example, the following would tell it to use the times of file4 for file5:

$touch -r myfile yourfile

The -B option modifies the timestamps by going back the specified number of seconds, and the -F option modifies the time by going forward the specified number of seconds. For example, the following command would make file7 30 seconds older than file6.

$touch -r myfile -B 30 yourfile

Importance of touch command.
Ah, beware before you use touch command on production system.
How to change times tamp using touch command?