Saturday, March 28, 2015

sudo-ssh-link

Notes: 3/28/2015


[khem@puppet Desktop]$ id khem
uid=500(khem) gid=500(khem) groups=500(khem),557(larry)
[khem@puppet Desktop]$ ping yahoo.com
PING yahoo.com (206.190.36.45) 56(84) bytes of data.
64 bytes from ir1.fp.vip.gq1.yahoo.com (206.190.36.45): icmp_seq=1 ttl=52 time=87.4 ms
64 bytes from ir1.fp.vip.gq1.yahoo.com (206.190.36.45): icmp_seq=2 ttl=52 time=92.2 ms
^C
--- yahoo.com ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1927ms
rtt min/avg/max/mdev = 87.482/89.864/92.247/2.401 ms
[khem@puppet Desktop]$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/khem/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/khem/.ssh/id_rsa.
Your public key has been saved in /home/khem/.ssh/id_rsa.pub.
The key fingerprint is:
00:0e:f2:be:84:9f:15:48:54:29:eb:71:c2:57:87:7e khem@puppet.mydomain.local
The key's randomart image is:
+--[ RSA 2048]----+
|..+.o. .         |
| +.+..o .        |
| .oooo..         |
| o= o...E        |
|..o=.  .S        |
| o.+             |
|  +              |
|                 |
|                 |
+-----------------+
[khem@puppet Desktop]$ pwd
/home/khem/Desktop
[khem@puppet Desktop]$ pwd
/home/khem/Desktop
[khem@puppet Desktop]$ cd ../.ssh
[khem@puppet .ssh]$ ls
id_rsa  id_rsa.pub  known_hosts
[khem@puppet .ssh]$ ls -l
total 12
-rw-------. 1 khem khem 1675 Mar 28 06:36 id_rsa
-rw-r--r--. 1 khem khem  408 Mar 28 06:36 id_rsa.pub
-rw-r--r--. 1 khem khem  395 Mar  1 06:56 known_hosts
[khem@puppet .ssh]$ ssh-copy-id -i id_rsa.pub sham@192.168.0.149
The authenticity of host '192.168.0.149 (192.168.0.149)' can't be established.
RSA key fingerprint is a4:ea:95:ed:0c:53:49:35:f8:bf:89:fc:32:e7:bb:76.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.0.149' (RSA) to the list of known hosts.
sham@192.168.0.149's password:
Now try logging into the machine, with "ssh 'sham@192.168.0.149'", and check in:

  .ssh/authorized_keys

to make sure we haven't added extra keys that you weren't expecting.

[khem@puppet .ssh]$ id
uid=500(khem) gid=500(khem) groups=500(khem),557(larry) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
[khem@puppet .ssh]$ ssh sham@192.168.0.149
Last login: Thu Mar 26 20:44:28 2015 from mohan.home
[sham@ldap ~]$


===========================================================



Q. Please create a run control script of a file hello.sh which start at runlevel 3 up on reboot.

# cat hello.sh
#!/bin/sh
echo "Testing ....."
echo "Hello.World !!!"

# cd /etc/rc3.d; ls -l S51hello
# ln -s /etc/init.d/hello.sh ./S51hello

Q. Please update a link S51hello at rc3.d from a file located at /opt/apps/hello.sh
# cp hello.sh hello.sh.oldie
# cp /var/tmp/hello.sh /etc/init.d/hello.sh

planning..
ln -s /opt/apps/hello.sh /etc/rc3.d/S51hello
ln -s /opt/apps/hello.sh S51hello

# ls -l S51hello
lrwxrwxrwx. 1 root root 20 Mar 28 09:01 S51hello -> /etc/init.d/hello.sh
# rm S51hello

# ln -s /opt/apps/hello.sh S51hello
ln: creating symbolic link `S51hello': File exists
# ln -s /opt/apps/hello.sh /etc/rc3.d/S51hello
ln: creating symbolic link `/etc/rc3.d/S51hello': File exists
# ln -s /opt/apps/hello.sh /etc/rc3.d/S51hello
# ls -l S51hello
lrwxrwxrwx. 1 root root 18 Mar 28 09:28 S51hello -> /opt/apps/hello.sh



SUDO
----
syntax
user   machine/host = command

Q. give user sham access to create account
# visudo
sham  ALL = /usr/sbin/useradd, /usr/bin/passwd

Q. Give multiple user to create account.
# visudo
# User Alias
User_Alias MYADMIN = sham,juliet,ramsing

# Command Alias
Cmnd_Alias MYCMD = /usr/sbin/useradd, /usr/bin/passwd

# Host Alias, since we are working on local host, we don't have to create hostalias.

# Specify the user machine command.
# here MYADMIN is user alias, ALL is list of hosts, its local here in this example
# MYCMD is the list of commands that user has access to
MYADMIN ALL=MYCMD

# if you want user without prompting pw
MYADMIN ALL=NOPASSWD: MYCMD


# su - ramsing
$ sudo useradd hari
$ sudo passwd hari
Changing password for user hari.
New password:
BAD PASSWORD: it is based on a dictionary word
Retype new password:
passwd: all authentication tokens updated successfully.
[ramsing@ldap ~]$ logout


# for i in sam hari geeta; do usermod -aG sysadmin $i; done

# cat /etc/group
sysadmin:x:505:sam,hari,geeta

# visudo
%sysadmin       localhost=NOPASSWD: /usr/sbin/useradd, /usr/bin/passwd

# su - hari
$ sudo useradd devi
$ id devi
uid=506(devi) gid=507(devi) groups=507(devi)

No comments:

Post a Comment