Unlock An Account
avatar

To unlock a user in Linux is quite easy you just need to run the following command:

passwd -u <account>

This will unlock the account which has expired, but if you have turned on the advanced PAM Account Auditing you will also need to reset their account using the following command:

/sbin/pam_tally2 –user <account> –reset

This will reset the number of times they have incorrectly logged in so the account can be used again.

Posted in Arch, CentOS, Fedora, Linux | Tagged , | Leave a comment

Fedora 15 Default Run-level
avatar

There were many changes made to Fedora 15, one of the ones that I keep running into is how to change the default run-level of your box.  I use Fedora as a server OS in many situations because it offers some advanced features which CentOS either has out of date or doesn’t even include.  Since often these boxes run headless I just set them to boot to run-level 3.  The command below tells you how to do it:

ln -s /lib/systemd/system/<target name>.target /etc/systemd/system/default.target

Posted in Fedora | Tagged , , , | Leave a comment

Linux File Permissions
avatar

When you are first starting out using Linux, file permissions while being an easy concept to understand seem like they are very hard to setup.  Most of the time you will see a three digit number which “magically” will determine what the permissions are going to be.  This is actually a very easy system and once you learn how it works it makes a lot of sense.

Permissions on a linux system can be set for three different situations, permissions for your username, permissions for others in the same group as you, and everyone else.  Each of these permissions are shown as a nine character string of letters such as r-xrw-rw-.  The first three characters are the user permissions, the second three characters are the group permissions and the last three characters are permissions for everyone else.  An example is below:

drwxrwxr-x 2 nobody nobody 1048 Jun 20 12:37 somefile.txt

There are two different ways to change file permissions, the first way is to set all three groups at the same time:

chmod +x -w somefile.txt

That is adding execute to the file while removing write access for user,group and everyone.  This is a very simple way to do file permissions but it doesn’t allow the full range you may want.  The next method allows you to define which permissions are assigned to the user, the group and everyone else.

chmod 744 somefile.txt

In this example you are saying setting user to 7 group to 4 and everyone else to 4, or rwxr–r–.  So now how did I come up with those numbers?  You use the chart below and just add the permissions you want together.  So if was want the user to have read (4), write(2), execute (1) you get 7.  Then you would do the same for both the group and everyone else.

Permissions:
1 = x = execute
2 = w = write
4 = r = read

Posted in Linux | Tagged , | Leave a comment

Mounting folders through SSH
avatar

One of the first rules of security is to not have any ports open which you do not need to have open.  That is also pretty common sense.  One problem you run into though is you still need to access data from one machine on another.  Samba is generally used for file sharing but since it follows the windows standard for file sharing it announces your shares to anyone who asks.

If it is just you accessing your files you can actually mount a folder from another system using sshfs.  Sshfs is available in all of the major distro’s repositories so it should be easy to find.

The first step is to just create a folder which you want to use as a mount point.  Once you do that you just use the following command:

sshfs <user>@<machine>:/path/on/remote/system /local/path

After you do that your local folder will now display the contents of your remote folder.

If you want to allow other users to access the folder as well you need to add all_other as shown below.

sshfs -o allow_other,default_permissions

Posted in Arch, CentOS, Fedora, Guides, Linux | Tagged , , , , | Leave a comment

Setting a Lock-out Policy
avatar

Setting a lock out policy in CentOS or Fedora is very easy.

  1. edit /etc/pam.d/system-auth

auth required pam_tally.so onerr=fail no_magic_root
account required pam_tally.so deny=3 unlock_time=3600 no_magic_root reset

onerr=fail if there is a problem opening the file for some reason fail login
no_magic_root this means if the module is called with a uid=0 then the counter is incremented, this is for launching services
deny=3 lockout will occur if the user exceeds 3 logins
reset means if the sign in correctly then the account will be reset
unlock_time=3600 number of seconds before unlock

Posted in CentOS, Fedora, Linux | Tagged , | Leave a comment