Tuesday, September 28, 2010

Set up Samba for file-sharing

Samba, Apache, and MySQL are probably the biggest open source projects found on Linux (aside from the Linux kernel itself, of course). All three have really elevated Linux for use in home networks and corporate environments.
With them, anyone can have a file and print server, a Web server, or a database. All three come with pretty much every Linux distribution you can find.
The most ubiquitous of the three is probably Samba, because it and the functionality it provides is found in every operating system. Linux, OS X, the BSDs and others use Samba. It is directly compatible with Windows because it uses the Windows file and print sharing protocols to allow for sharing Windows file systems on Linux and vice versa.
Samba allows for a lot of configuration, and there are many options to use — primarily relating to authentication. When Samba 4 finally lands, it will be an incredible release with Active Directory support and being able to act as an Active Directory server, with internal LDAP and Kerberos servers to fully flesh out what is necessary for full integration with Windows networks. Until then, you can still hack Samba up to do a lot of these things, and it works fantastic as a client in Windows networks. You can make Samba work with Active Directory, with LDAP, and with local passwords.
Most people will just want a stand-alone Samba server somewhere on their network and that is the easiest to set up. To begin with, you need Samba installed on your system. This can be done by installing the “samba” or “samba3″ (on some distributions) package, either using yum or apt-get or whatever mechanism your distribution uses to install packages. Once Samba is installed, edit the /etc/samba/smb.conf file. If you’re using Red Hat Enterprise Linux or Fedora, you will need to make further changes if you have SELinux support enabled; the comments in smb.conf will help with the additional steps.
A very basic smb.conf file will look like this:
    workgroup = MYGROUP
    server string = Samba Server Version %v
    log file = /var/log/samba/log.%m
    max log size = 50
    security = user
    passdb = tdbsam
    comment = Home Directories
    browseable =no
    writable = yes
This is an absolutely basic configuration file. If you already have a workgroup defined, change the “workgroup” value to whatever you have already defined for the network. The rest can remain as-is. This will allow you the ability to connect to the server and mount your home directory on the server from any other machine on the network.
The next step is to create the local passwords. Because Samba does not use the authentication credentials of the system (i.e., via PAM), you need to add the user to the Samba user database:
# smbpasswd -a user
Provide the password for the user in question. Also note that this user must also exist on the system, so if this is a new user you must use useradd to create the user and passwd to set their password. If the user already exists on the server, there is no need to do anything more than set their Samba password.
Once this is all complete, start the Samba server (or restart it):
# service smb start
Now, from another system, you can use smbclient to list available shares:
% smbclient -L \\server.myhost.com
Domain=[CERBERUS] OS=[Unix] Server=[Samba 3.5.4-62.fc13]
       Sharename       Type      Comment
       ---------       ----      -------
       IPC$            IPC       IPC Service (Samba Server Version 3.5.4-62.fc13)
       user            Disk      Home Directories
Domain=[CERBERUS] OS=[Unix] Server=[Samba 3.5.4-62.fc13]
       Server               Comment
       ---------            -------
       Workgroup            Master
       ---------            -------
To mount the share, connect to \\server.myhost.com\user using the network browser in GNOME, the Finder in OS X, or Windows Explorer in Windows.
This is the easiest way to set up Samba for file sharing. Other mechanisms exist for sharing files on a LAN, such as NFS or SSHFS, but Samba is quick, easy to set up, and reliable. It is also cross-platform, making it easy to share files amongst various operating systems. Source: http://blogs.techrepublic.com

7 Linux sudo Command Tips and Tricks

Using sudo command, an user can execute root only commands.
In this article, let us review how to setup sudo environment along with some sudo command examples, tips, and tricks.

1. Set up sudo Environment in /etc/sudoers

You can provide sudo privilege to an individual user or a group by modifying /etc/sudoers.

sudo access to an user

To provide sudo access to an individual user, add the following line to the /etc/sudoers file.
sathiya    ALL=(ALL) ALL
In the above example:
  • sathiya : name of user to be allowed to use sudo
  • ALL : Allow sudo access from any terminal ( any machine ).
  • (ALL) : Allow sudo command to be executed as any user.
  • ALL : Allow all commands to be executed.

sudo access to a group

To provide sudo access to a group, add the following line to the /etc/sudoers file.
%programmers    ALL=(ALL) ALL
In the above example:
  • programmers : name of group to be allowed to use sudo. Group name should be preceded with percentage symbol.
  • ALL : Allow sudo access from any terminal ( any machine ).
  • (ALL) : Allow sudo command to be executed as any user.
  • ALL : Allow all commands to be executed.
Note: Ubuntu users are already familiar with sudo command, as you’ll use sudo apt-get install to install any package. On Ubuntu, sudo is already setup for your username as shown below. i.e All users who belong to admin group has access to execute root commands using sudo.
$ sudo cat /etc/sudoers
%admin ALL=(ALL) ALL

$ grep admin /etc/group

2. Executing a command as super user

Once the sudo access is provided to your account in /etc/sudoers, you can pass any root command as an argument to the sudo command. For example, mount can only be done by root. But, a normal user can do mount as shown below using sudo.
$ sudo mount /dev/sda3 /mnt
Note: If you are executing sudo for the first time in a shell it will ask for the password ( current user password ) by default.

3. Forgot to Use Sudo in Vim? No Worries. Save file Trick in vim with sudo

When you have opened a file that can be saved only by root user using vim (without using the sudo command), you can do the following.
For example, if you want to edit the file /etc/group that can only be saved by root user, you typically do the following. When you do a :w, no problem, it will work, as it was opened using sudo command.
$ sudo vim /etc/group
What if you’ve forgot to give sudo when you’ve opened the /etc/group file as shown below? In this case, instead of coming out of the file (and loosing all your changes) and executing the vim command with sudo, you can do the following.
$ vim /etc/group

:w !sudo tee %
Note: “:w !sudo tee %” will save the file as root privilege, even if you didn’t use sudo command to open it.

4. Forgot to give sudo for root command? Do it again using !!

If you’ve forgot to give sudo for a command that requires root privilege, instead of typing the command with sudo again, you can simply do sudo !! as shown below.
$ head -n 4 /etc/sudoers
head: cannot open `/etc/sudoers' for reading: Permission denied

$ sudo !!
sudo head -n 4 /etc/sudoers
# /etc/sudoers
# This file MUST be edited with the 'visudo' command as root.

5. Get Root Shell Access using Sudo

To get a root shell from your user account, do the following.
$ sudo bash
Once you get the root shell, you can execute any root command without having to enter sudo in front of it every time.

6. Built in commands won’t work with Sudo – Command not found

sudo invokes an executable as the another user, so bash built in commands won’t work. It will give “sudo command not found” error as shown below.
For example, umask is a bash built-in command, which will not work when used along with sudo as shown below.
$ sudo umask
sudo: umask: command not found
Work-around: To use bash shell built-in command in sudo, first get the root shell, by doing ‘sudo bash’ and then execute the shell built in command.

7. View Unauthorized Sudo command executions from auth.log

When an user who doesn’t have sudo permission, tries to execute sudo command, they’ll get following error message.
$ sudo ls /
[sudo] password for test:
raj is not in the sudoers file.  This incident will be reported.
Anytime this happens, it will be logged in the /var/log/auth.log file for sysadmins to view any unauthorized sudo access.

Sep 25 18:41:35 sathiya sudo:   raj : user NOT in sudoers ; TTY=pts/4 ; PWD=/home/raj ; USER=root ; COMMAND=/bin/ls / 
Source: http://www.thegeekstuff.com