Wednesday, October 28, 2015

forward emails from the root user account to the admin user account centos




Sometimes we need to forward an email received by some user to the other user. Say If we have an admin user account in our centos machine then we need to forward the emails from the root user account to the admin user account for that we need to edit the file /etc/aliases

[root@server105 ~]# vi /etc/aliases

At the bottom of the file you can see the following

# Person who should get root's mail
#root: marc

Just add

root username

under that and it will work fine

for me it is

root joji

Thank you

Add admin user centos



Here I am going to give admin privilege to a normal user and going to set him as the only user who can switch to root account. For that we need to add the normal user to the wheel group. Wheel is a special administrative group in centos. Now we are going to add the user to the group wheel and for that I am going to use the command usermod. You can find more information about usermod from its man page by typing

[root@server105 ~]# man usermod


I will add the user joji to wheel group and will give admin privilege to him


[root@server105 ~]# usermod -G wheel joji


Now we need to edit the file /etc/pam.d/su to set the user as the only user who can switch to root account


[root@server105 ~]# vi /etc/pam.d/su

Now as mentioned in the file Uncomment the following line to require a user to be in the "wheel" group.


#auth required pam_wheel.so use_uid


Now I have Uncommented it


Now I am going to try to switch to root from the user clado


[clado@server105 ~]$ su - root
Password:
su: incorrect password

As you can see I am unable to switch to the root user.


Now am going to try to switch to root from the user joji

[joji@server105 ~]$ su - root
Password:
[root@server105 ~]#

As you can see I am able to switch to the root user successfully.

That's all folks Enjoy

switch from one user to another centos


In one of my previous post I have mentioned about how to add a user in centos. Now I am going to show you that how to switch from one user to another


From my terminal prompt you would be able to detect the user

[root@server105 ~]#

Here the hash prompt and username denotes that I have logged in as the root user in my server. Now I am going to switch from the user root to user joji for that I will use the switch user command su. You can find more options from the man page of su

[root@server105 ~]# man su

So here I am going to switch the user

[root@server105 ~]# su - joji
[joji@server105 ~]$

From the prompt you can see that I have successfully switched from root to joji As the root account is the admin account it will not ask you for login credentials while switching from root to any other user. Now we can try to switch back to the root account from the user joji


[joji@server105 ~]$ su - root
Password:
[root@server105 ~]#


Hopes you people got it, Thank you

Adding a user centos


Centos  is an operating system that we use in servers. The default admin user account name is root and to add additional users we need to use the useradd command

To get more details about the usage of useradd command you can use the man page by typing the following command

[root@server105 ~]# man useradd

So here we are going to add a user in our server.

[root@server105 ~]# useradd joji

Now we have added the user joji to our machine. A user does need a password for security and for that purpose we need to use the command passwd To get more details about the command please visit the man page

[root@server105 ~]# man passwd


Now I have changed the password using passwd

[root@server105 ~]# passwd joji
Changing password for user joji.
New password:
Retype new password:
passwd: all authentication tokens updated successfully.


Now we have set the username and password. But is there any files or folders that is created while adding a user. We are now going to have a look at it.

All the details about the new user has been stored at the file /etc/passwd. If you need to check it you can open it with a text editor

[root@server105 ~]# cat /etc/passwd
root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
adm:x:3:4:adm:/var/adm:/sbin/nologin
lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
sync:x:5:0:sync:/sbin:/bin/sync
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
halt:x:7:0:halt:/sbin:/sbin/halt
mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin
operator:x:11:0:operator:/root:/sbin/nologin
games:x:12:100:games:/usr/games:/sbin/nologin
gopher:x:13:30:gopher:/var/gopher:/sbin/nologin
ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
nobody:x:99:99:Nobody:/:/sbin/nologin
dbus:x:81:81:System message bus:/:/sbin/nologin
vcsa:x:69:69:virtual console memory owner:/dev:/sbin/nologin
rpc:x:32:32:Rpcbind Daemon:/var/cache/rpcbind:/sbin/nologin
rtkit:x:499:497:RealtimeKit:/proc:/sbin/nologin
avahi-autoipd:x:170:170:Avahi IPv4LL Stack:/var/lib/avahi-autoipd:/sbin/nologin
abrt:x:173:173::/etc/abrt:/sbin/nologin
rpcuser:x:29:29:RPC Service User:/var/lib/nfs:/sbin/nologin
nfsnobody:x:65534:65534:Anonymous NFS User:/var/lib/nfs:/sbin/nologin
haldaemon:x:68:68:HAL daemon:/:/sbin/nologin
gdm:x:42:42::/var/lib/gdm:/sbin/nologin
ntp:x:38:38::/etc/ntp:/sbin/nologin
saslauth:x:498:76:Saslauthd user:/var/empty/saslauth:/sbin/nologin
postfix:x:89:89::/var/spool/postfix:/sbin/nologin
pulse:x:497:496:PulseAudio System Daemon:/var/run/pulse:/sbin/nologin
sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
tcpdump:x:72:72::/:/sbin/nologin
hsqldb:x:96:96::/var/lib/hsqldb:/sbin/nologin
apache:x:48:48:Apache:/var/www:/sbin/nologin
qemu:x:107:107:qemu user:/:/sbin/nologin
radvd:x:75:75:radvd user:/:/sbin/nologin
named:x:25:25:Named:/var/named:/sbin/nologin
steves:x:500:500::/home/steves:/bin/bash
mysql:x:27:27:MySQL Server:/var/lib/mysql:/bin/bash
dovecot:x:97:97:Dovecot IMAP server:/usr/libexec/dovecot:/sbin/nologin
dovenull:x:496:492:Dovecot's unauthorized user:/usr/libexec/dovecot:/sbin/nologin
exim:x:93:93::/var/spool/exim:/sbin/nologin
joji:x:501:501::/home/joji:/bin/bash

The first field denotes the username of that particular user.

We have set a password for the user but the permission of /etc/passwd file is 644

[root@server105 ~]# ll /etc/passwd
-rw-r--r-- 1 root root 2029 Oct 28 10:11 /etc/passwd

Now due to this it is not secure to store the encrypted password here. Hence we need to find another file. And the file in which the encrypted passwd is stored is /etc/shadow

[root@server105 ~]# cat /etc/shadow
root:$6$d2t1drv.$6IJQq3E.dQb2jYCXc6fYPFgua2c2d/M.TxFZ8aV9ZGaKjIyEUp.dHo.3y6SUq/.gOe4UdpM.xbLQENzpsyrEf/:16678:0:99999:7:::
bin:*:15980:0:99999:7:::
daemon:*:15980:0:99999:7:::
adm:*:15980:0:99999:7:::
lp:*:15980:0:99999:7:::
sync:*:15980:0:99999:7:::
shutdown:*:15980:0:99999:7:::
halt:*:15980:0:99999:7:::
mail:*:15980:0:99999:7:::
uucp:*:15980:0:99999:7:::
operator:*:15980:0:99999:7:::
games:*:15980:0:99999:7:::
gopher:*:15980:0:99999:7:::
ftp:*:15980:0:99999:7:::
nobody:*:15980:0:99999:7:::
dbus:!!:16673::::::
vcsa:!!:16673::::::
rpc:!!:16673:0:99999:7:::
rtkit:!!:16673::::::
avahi-autoipd:!!:16673::::::
abrt:!!:16673::::::
rpcuser:!!:16673::::::
nfsnobody:!!:16673::::::
haldaemon:!!:16673::::::
gdm:!!:16673::::::
ntp:!!:16673::::::
saslauth:!!:16673::::::
postfix:!!:16673::::::
pulse:!!:16673::::::
sshd:!!:16673::::::
tcpdump:!!:16673::::::
hsqldb:!!:16678::::::
apache:!!:16678::::::
qemu:!!:16682::::::
radvd:!!:16682::::::
named:!!:16682::::::
steves:$6$y0Mc412C$euiwxwL7CphRfWKt9re7y/Kn/EZCR3hJQQJkAPYOG.YAVpHUGp6FzqTBgeIvUnUfAeWJGaAe73MrrQ/DZzi4.1:16683:0:99999:7:::
mysql:!!:16710::::::
dovecot:!!:16713::::::
dovenull:!!:16713::::::
exim:!!:16716::::::
joji:$6$s47BjUJ5$q9GMRei.WZr8cac4nUY07rVO1i//mk0WnR67GMSB6ks5hnwBHy2/5nxGgvSGKmEl0In77j/8HLv2IP6V0PWmT0:16736:0:99999:7:::


The permission of shadow file is 000 and due to that no one will be able to access the shadow file

[root@server105 ~]# ll /etc/shadow
---------- 1 root root 1297 Oct 28 10:14 /etc/shadow

The second field in /etc/passwd file is just a call to the /etc/shadow file


The third field denotes the user id for the user. The system accounts has user ids ranging from 0 to 499. The admin (root) accounts have the user id “0” Normal accounts has userids from 500 onwards

The fourth field is primary group id information

The fifth field is the home directory of the user and it will be create as /home/username. In my case it is /home/joji

The sixth field denotes the shell that is assigned to a particular user


While creating a user account some contents will be created in the users home directory too, actually this contents are copied from the folder

/etc/skel

I have already put a file call joji in the skel directory and now my home folder have a file named joji in it

pwd print name of current/working directory is the command that is used to print the current working directory. You can find more information about it from the man page of the command

[root@server105 joji]# man pwd

[root@server105 skel]# pwd
/etc/skel


[root@server105 skel]# ll
total 0
-rw-r--r-- 1 root root 0 Oct 28 10:34 joji


[root@server105 joji]# pwd
/home/joji
ls is a command to list directory contents and you can find more information from the man page

[root@server105 joji]# man ls

ll is an alias that is set to the command ls -l

[root@server105 joji]# ll
total 0
-rw-r--r-- 1 joji joji 0 Oct 28 10:34 joji



Now these are the basic things that is happening while adding a new user.

Friday, October 16, 2015

DNS server centos 6

     
Today we are going to configure DNS server which resolves domain name or IP address. We are going to use the package bind for it and it uses port 53/TCP,UDP.
First we need to Install BIND.
[root@dlp ~]# yum -y install bind bind-utils
[2]     Configure BIND This example is done with grobal IP address [192.168.0.80/29], Private IP address [192.168.0.0/24], Domain name [clado.com]. However, Please use your own IPs and domain name when you set config on your server. ( Actually, [192.168.0.80/29] is for private IP address, though. )
[root@dlp ~]# echo 'OPTIONS="-4"' >> /etc/sysconfig/named
  # set if you don't use IPv6 ( if use, don't set it )
[root@dlp ~]# vi /etc/named.conf

//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//

options {
# comment out ( listen all interfaces on the server )

#
listen-on port 53 { any; };

# change ( if not use IPv6 )

listen-on-v6 { none; };

directory
"/var/named";

dump-file
"/var/named/data/cache_dump.db";

statistics-file
"/var/named/data/named_stats.txt";

memstatistics-file
"/var/named/data/named_mem_stats.txt";

# query range ( set internal server and so on )

allow-query
{ localhost; 192.168.0.0/24;
};

# transfer range ( set it if you have secondary DNS )

allow-transfer { localhost; 192.168.0.0/24; };

recursion yes;
dnssec-enable yes;

dnssec-validation yes;

dnssec-lookaside auto;
/* Path to ISC DLV key */

bindkeys-file "/etc/named.iscdlv.key";

managed-keys-directory "/var/named/dynamic";

};

logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};

# change all from here

view "internal" {
        match-clients {
                localhost;
                192.168.0.0/24;
        };
        zone "." IN {
                type hint;
                file "named.ca";
        };
        zone "clado.com" IN {
                type master;
                file "clado.com.db";
                allow-update { none; };
        };
        zone "0.168.192.in-addr.arpa" IN {
                type master;
                file "0.168.192.db";
                allow-update { none; };
        };
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
};
view "external" {
        match-clients { any; };
        allow-query { any; };
        recursion no;
        zone "clado.com" IN {
                type master;
                file "clado.com.db";
                allow-update { none; };
        };
        zone "80.0.168.192.in-addr.arpa" IN {
                type master;
                file "80.0.168.192.db";
                allow-update { none; };
        };
};

# allow-query ⇒ query range you permit

# allow-transfer ⇒ the range you permit to transfer zone info

# recursion ⇒ allow or not to search recursively

# view "internal" { ** }; ⇒ write for internal definition

# view "external" { ** }; ⇒ write for external definition
# For How to write for reverse resolving, Write network address reversely like below.
# 192.168.0.0/24
# network address⇒ 192.168.0.0

# range of network⇒ 192.168.0.0 - 192.168.0.255

# how to write⇒ 0.168.192.in-addr.arpa
# 192.168.0.80/29
# network address⇒ 192.168.0.80

# range of network⇒ 192.168.0.80 - 172.16.0.87

# how to write⇒ 80.0.168.192.in-addr.arpa

named service not working centos 6 cpanel


Today I have faced an error while restarting named it says that

WARNING: Key file /etc/rndc.key exists, but using default configuration files /etc/rndc.conf
rndc: connection failed: 127.0.0.1#953: Connection refused


so I have checked the forums and find a solution.


You need to remove all packages that is related to bind, for that first backup your configuration file

mv /etc/named.conf /etc/named.conf.bak

Then do

yum remove bind*
yum install bind*
service named restart


As the named service is reinstalled the entries in the /etc/named.conf must be rebuilded

for cpanel type

/usr/local/cpanel/scripts/rebuilddnsconfig

The new named.conf will listen only on 127.0.0.1 and you need to edit the configuration to change it to your ip.

Then do

service named restart



Thats all folks :)