Tuesday, August 14, 2012

SUDO SCRIPT


# sudoers file.
#
# This file MUST be edited with the 'visudo' command as root.
# Failure to use 'visudo' may result in syntax or file permission errors
# that prevent sudo from running.
#
# See the sudoers man page for the details on how to write a sudoers file.
#

# Host alias specification

# User alias specification

# Cmnd alias specification
Cmnd_Alias      WEBADMIN        = /etc/init.d/ibm-http, /usr/bin/vi /opt/IBM/HTTPServer/conf/*, /opt/IBM/HTTPServer/bin/*
Cmnd_Alias      MONITOR         = /bin/cat, /bin/grep, /bin/more, /usr/bin/head, /usr/bin/tail, /usr/bin/less, /var/log/*
Cmnd_Alias      PASSWDROOT      = !/usr/bin/passwd root
Cmnd_Alias      SECURITY        = /bin/ls,/bin/more,/bin/cat,/usr/sbin/useradd,/usr/sbin/usermod,/usr/sbin/userdel,/usr/sbin/groupadd,/usr/sbin/groupmod,/usr/sbin/groupdel,/usr/bin/passwd,/bin/chown,/bin/chmod,/usr/bin/getfacl,/usr/bin/setfacl
Cmnd_Alias      SYSADMIN        = /bin/*, /sbin/*, /user/bin/*, /usr/sbin/*
Cmnd_Alias      OPERATION       = /sbin/shutdown
Cmnd_Alias      VISUDO          = /usr/sbin/visudo
Cmnd_Alias      SUROOT          =!/bin/su -, !/bin/su - root, !/bin/su root

# Defaults specification

# prevent environment variables from influencing programs in an
# unexpected or harmful way (CVE-2005-2959, CVE-2005-4158,
# CVE-2006-0151)
Defaults always_set_home
Defaults env_reset

# In the default (unconfigured) configuration, sudo asks for the root password.
# This allows use of an ordinary user account for administration of a freshly
# installed system. When configuring sudo, delete the two
# following lines:
#Defaults targetpw    # ask for the password of the target user i.e. root
#ALL ALL=(ALL) ALL # WARNING! Only use this together with 'Defaults targetpw'!

# Runas alias specification

# User privilege specification
root    ALL=(ALL) ALL
%sysadmin       ALL=SYSADMIN,OPERATION,MONITOR,SECURITY,VISUDO,WEBADMIN, SUROOT

# Uncomment to allow people in group wheel to run all commands
# %wheel        ALL=(ALL) ALL

# Same thing without a password
# %wheel        ALL=(ALL) NOPASSWD: ALL

# Samples
# %users  ALL=/sbin/mount /cdrom,/sbin/umount /cdrom
# %users  localhost=/sbin/shutdown -h now
Posted by at No comments:
Labels: ,

Monday, August 13, 2012

How to handle X11 Forwarding using SSH

How to handle X11 Forwarding using SSH

If you need to use X applications/GUI over a remote SSH connection via PuTTY, this tutorial is for you.

What you need
Xming : an X-Server that starts on top of your desktop. Download Xming and install it. PuTTY : an SSH client. Download PuTTY and save it on your hard disk. Configure Xming
  • Click on the Start button in Windows XP, select Xming → XLaunch
  • At the Display settings dialog box, select Multiple windows and set the Display number as 0. Click on Next.
  • Keep clicking on Next button till you reach the Finish configuration page, then click on the Finish button.
    • Configure PuTTY
  • Start PuTTY.
  • In the PuTTY Configuration section, on the left panel, select Connection → SSH → X11
  • On the right panel, click on the Enable X11 forwarding checkbox
  • Set the X display location as :0.0
  • Click on Session option on the left panel.
  • Enter the hostname or IP address in the Host Name textbox
  • Save the session.
    • Running the X applications from PuTTY
  • Double-click on your PuTTY session and login. After you login, a file named .Xauthority will be created.
  • Check if the DISPLAY variable has been set.
    • echo $DISPLAY
  • You should see a meaningful value for $DISPLAY
    • Start any X application, say xterm. xterm

    Running X apps as root This requires a little tweak. Suppose your regular user home directory is /var/home/arul and the root user home directory is /root
    If you were able to login as a normal user earlier, a file called .Xauthority would be created in the home directory. Chmod the .Xauthority to 555.
    chmod 555 ~/.Xauthority Login as root from your regular user account.
    su - root
    Copy the .Xauthority from the regular user's home directory to root user's home directory.
    cp /var/home/arul/.Xauthority /root
    Now try to open any X apps like xterm or emacs. It should work.
    Troubleshooting
    If you're not able to open any X apps from the session, you may need to enable X11 SSH Forwarding in the /etc/ssh/ssh_config file

    Posted by at No comments:
    Labels: ,

    Compile mod_jk from source for IBM HTTP Server

    # compile mod_jk for IBM HTTP
    To create tomcat-connectors's autoconf script, you will need to install libraries below
    yast -i libtool automake autoconf perl gcc gcc-c++ libgcc glibc glibc-32bit glibc-devel glibc-devel-32bit  libtool automake autoconf 
    and then do steps below:
    1. download mod_jk source
    2. cd $tomcat-connectors'/native
    3. ./buildconf.sh
    4. LDFLAGS=-lc ./configure -with-apxs=/opt/IBM/HTTPServer/bin/apxs
    6. cd apache-2.0
    7. make
    8. copy ./apache-2.0/mod_jk.so to /opt/IBM/HTTPServer/modules
    Posted by at No comments:
    Labels:
    Subscribe to: Posts (Atom)