Author: admin

The /etc/passwd File Format

Posted on by admin

The /etc/passwd file stores essential information, which is required during login i.e. user account information. /etc/passwd is a text file, that contains a list of the system’s accounts, giving for each account some useful information like user ID, group ID, home directory, shell, etc. It should have general read permission as many utilities, like lsuse it to map user IDs to user names, but write access only for the superuser (root).

The anatomy of /etc/passwd

The /etc/passwd contains one entry per line (row) for each user (or user account) of the system. All fields are separated by a colon (:) symbol. Total seven fields as follows. It is one of the many database text files in NIX systems. Generally, passwd file entry looks as follows :

sample of passwd
A sample row from the /etc/passwd file

 

  1. Username: It is used when user logs in. It should be between 1 and 32 characters in length.
  2. Password: An x character indicates that encrypted password is stored in /etc/shadow file.
  3. User ID (UID): Each user must be assigned a user ID (UID). UID 0 (zero) is reserved for root and UIDs 1-99 are reserved for other predefined accounts. Further UID 100-999 are reserved by system for administrative and system accounts/groups.
  4. Group ID (GID): The primary group ID (stored in /etc/group file)
  5. User ID Info: The comment field. It allow you to add extra information about the users such as user’s full name, phone number etc. This field use by finger command.
  6. Home directory: The absolute path to the directory the user will be in when they log in. If this directory does not exists then users directory becomes /
  7. Command/shell: The absolute path of a command or shell (/bin/bash). Typically, this is a shell. Please note that it does not have to be a shell.

Viewing User List

/etc/passwdis only used for local users only. To see list of all users, enter:

$ less /etc/passwd

To search for a username called toro, enter:

$ grep toro /etc/passwd

/etc/passwd file permissions

The permissions on the /etc/passwd file should be read only to all users i.e. 644 (-rw-r–r–) and the owner must be root: $ ls -l /etc/passwdOutput:

-rw-r--r--. 1 root root 1563 Jul 13 11:03 /etc/passwd

Scanning through /etc/passwd file

One can read the /etc/passwdfile using the while loop and IFS separator as follows:

#!/bin/bash
# seven fields from /etc/passwd stored in $f1,f2...,$f7
#

while IFS=: read -r f1 f2 f3 f4 f5 f6 f7
do
     echo "User $f1 use $f7 shell and stores files in $f6 directory."
done < /etc/passwd

Another way to list all entries in the passwd database is using the getent utility.  This will show all user accounts, regardless of the type of name service used. For example, if both local and LDAP name service are used for user accounts, the results will include all local and LDAP users:

$ getent passwd

The /etc/shadow file

Passwords are not stored in /etc/passwd file the. It is stored in /etc/shadow file. In the good old days there was no great problem with this general read permission. Everybody could read the encrypted passwords, but the hardware was too slow to crack a well-chosen password, and moreover, the basic assumption used to be that of a friendly user-community, both assumptions really wrong today. Almost, all modern Linux / UNIX line operating systems use the shadow password suite, where /etc/passwd has asterisks (*) instead of encrypted passwords, and the encrypted passwords are in /etc/shadow which is readable only by the superuser.

How do I enable the Extra Packages for Enterprise Linux (EPEL) repository on Amazon AMI?

Posted on by admin

EPEL (Extra Packages for Enterprise Linux) is a repository of  (as the name implies) A collection of packages not directly released with the given linux distribution release cycle. By default these packages are not available but all the wiring in the amazon AMI instance is already done all one needs to do is enable it. To do so check the two following ways.

Modify /etc/yum.repos.d/epel.repo.

Under the section marked [epel], change enabled=0 to enabled=1.

To temporarily enable the EPEL 6 repository, use the yum enablerpo option :

--enablerepo=epel.

Example

yum search iperf  --enablerepo=epel

This will return :

How to use EPEL in Amazon AMI image
How to use EPEL in Amazon AMI image

 

That’s it short and sweet 😛

 

 

Tar a folder or entire system through ssh

Posted on by admin

We all had the problem of needing to backup a folder or an entire system from a machine before decommissioning or as a postfix backup solution only to find tarring aint gonna work cause you have very little space left. Also there are folders you want to avoid tarring since they contain logs or system virtual folders that you want to skip.

So you need to get a tar from a machine have very little space left and you need to pull all the files in a compressed fashion; the following command calls a backup as root through ssh using tar on the source machine and skips the folders you do not want :

ssh root@pollux "tar zcvf - --exclude=/proc/* --exclude=/dev/* --exclude=/sys/* --exclude=/var/logs/* /" > /root/backup/pollux.fullandfinal.$(date '+%Y-%m-%d-%k-%M').tar.gz

The result of the above command is a backup of the / compressed at source piped through console through ssh back to your local / backup repo machine in .tar.gz format leaving out the rubbish thanks to the :

- --exclude=/proc/* --exclude=/dev/* --exclude=/sys/* --exclude=/var/logs/*

section. Note the “– —” the first – indicates extended parameters and –except leaves out any match to the path.

There you go one command to back them all.

(this could be easily bash-ed and cron-ed to produce a decent makeshift backup tool.

To check out the contents of the tar file you can use

tar -tvzf <archive.tar.gz>

This will show you the contents and leave a fail exit code in a bash script.

 

The Linux Conundrum

Posted on by admin

A large company, was taking over our smaller company and they were on a trend to replace Linux and Java with MS Windows  ®  and ASP.NET.

When the CIO was asked why not go the other way since arguably our smaller company was more advanced put plainly his answer “Linux and Java guys are so hard to find! (and expensive). MS Windows ® guys are all over the place … ”

I liked the proposition that Linux guys are not easy to find, is this really so ..? (feel free to comment) GOOD !!  🙂

So now I know Linux/ Unix is niche, and better paid, but I cannot but ask myself the question why is this so. Is MS Windows ® so much easier or is Linux still growing into a user OS ? and why in the server business is ease of use given importance over customize-ability and tweak-ability.

Also is Linux in any deep way better that MS Windows ®. In my opinion the differences are more in the approach and the attitude of trust towards a single focal point i.e. MS in this case or on a community led by the benevolent dictator  Linus Torvalds . (By the way this is how he pronounces Linux.  [Linux])

I think there is a whole discussion behind this but money affairs aside how did we end up where we are with Linux being so popular and still perceived as difficult.

(more…)