Author: Maurice Ruckman

Posted on

Understanding /etc/passwd File Format

/etc/passwd file stores essential information, which is required during login i.e. user account information.

/etc/passwd is a text file, that contains a list of the system's accounts, giving for each account some useful information like user ID, group ID, home directory, shell, etc. It should have general read permission as many utilities, like ls use it to map user IDs to user names, but write access only for the superuser (root).

Understanding fields in /etc/passwd

The /etc/passwd contains one entry per line for each user (or user account) of the system. All fields are separated by a colon (:) symbol. Total seven fields as follows.

Layout of passwd
Layout of passwd

Generally, passwd file entry looks as follows:

1. Username: It is used when user logs in. It should be between 1 and 32 characters in length.
2. Password: An x character indicates that encrypted password is stored in /etc/shadow file.
3. User ID (UID): Each user must be assigned a user ID (UID). UID 0 (zero) is reserved for root and UIDs 1-99 are reserved for other predefined accounts. Further UID 100-999 are reserved by system for administrative and system accounts/groups.
4. Group ID (GID): The primary group ID (stored in /etc/group file)
5. User ID Info: The comment field. It allow you to add extra information about the users such as user's full name, phone number etc. This field use by finger command.
6. Home directory: The absolute path to the directory the user will be in when they log in. If this directory does not exists then users directory becomes /
7. Command/shell: The absolute path of a command or shell (/bin/bash). Typically, this is a shell. Please note that it does not have to be a shell.

/etc/passwd is only used for local users only. To see list of all users, enter:
$ cat /etc/passwd
To search for a username called tom, enter:
$ grep tom /etc/passwd
/etc/passwd file permission

The permission on the /etc/passwd file should be read only to users (-rw-r--r--) and the owner must be root:
$ ls -l /etc/passwd
Output:

-rw-r--r-- 1 root root 2659 Sep 17 01:46 /etc/passwd

Your password is stored in /etc/shadow file

Your encrpted password is not stored in /etc/passwd file. It is stored in /etc/shadow file. In the good old days there was no great problem with this general read permission. Everybody could read the encrypted passwords, but the hardware was too slow to crack a well-chosen password, and moreover, the basic assumption used to be that of a friendly user-community.

Almost, all modern Linux / UNIX line operating systems use some sort of the shadow password suite, where /etc/passwd has asterisks (*) instead of encrypted passwords, and the encrypted passwords are in /etc/shadow which is readable by the superuser only.

Posted on

Locking down user menus

Once you configure the menus the way you want you can change the permissions on the menu config file so the children can't mess it up. You can take ownership of it and give the children read and execute permission. Something like this:

chown -R admin_account:target_account /home/target_username/.config/menus
chmod -R 744 /home/target_username/.config/menus

Posted on

Encrypt Sessions with SSH

Refer: LifeHacker

Ubuntu 8.10
sudo apt-get install ssh

Stop the server
sudo /etc/init.d/ssh stop

Start the server
sudo /etc/init.d/ssh start

Restart the server
sudo /etc/init.d/ssh restart

You probably want to change security for users allowed SSH login and disable root from SSH login

Edit this file:
vi /etc/ssh/sshd_config

Un-comment the following line:
PermitRootLogin no

Now restart the SSH server
/etc/init.d/sshd restart

SSH with Public Key

Refer: Cyberciti

Idea: Install Ubuntu in Virtual PC hang outside firewall and use for SSH uninstall samba and perhaps a whole bunch of other stuff too.

Use GuardDog to install a firewall, and lockdown everything except SSH. Tested inside proxy, and it was necessary to enable Internet, HTTP, HTTPS and also Network, Windows Networking (NETBIOS). This seemed to do a good job of locking down pretty much everything.

Posted on

Handbrake Command Line (HandBrakeCLI.exe)

It's easiest to prepare video for the IPod Nano just by using the Handbrake software in command line mode.  The GUI interface requires Net 2.0 and it seems a bit buggy in a virtual pc.

The following seems to have smaller video size:
HandBrakeCLI.exe -i DVD\MYVIDEO\VIDEO_TS -o myvideo.mp4 --preset="iPhone & iPod Touch"

Other option:
HandBrakeCLI.exe -i DVD\MYVIDEO\VIDEO_TS -o myvideo.mp4 --preset="iPod"

Encrypted DVD's Finding Title
The following command will show all of the menus, find the right title, and then use that with the -t switch to set it, default is always 1.
handbrake -i /dev/dvd -t 0

Posted on

Stsadm commands for backup, restore, and locking site

Use stsadm to lock a SharePoint site prior to backup.
Refer: msft articleExamples

A common situation where the getsitelock and setsitelock operations are useful is when a site is backed up. Typically, before you back up a site collection, the site should be locked and no users should have access to it.

Lock Site
To determine the lock status of the site, you can use the following getsitelock syntax:
stsadm -o getsitelock -url http://server_name

Once the lock status of the site collection is determined, you can use the noaccess parameter of the setsitelock operation to lock out all users to the site:

stsadm -o setsitelock -url http://server_name -lock noaccess

You can also use the following command to put the site into "read only" access:

stsadm -o setsitelock -url http://server_name -lock readonly

Backup Site
You can use the Backup operation to create a backup of the site collection:
stsadm -o backup -url http://server_name -filename "filename.bak" -overwrite

After the site has been backed up, you can use the none parameter of the setsitelock operation to remove all locks to the site:

stsadm -o setsitelock -url http://server_name -lock none

Restore Site
stsadm -o restore -url http://w2k3vpc -filename filename.bak -overwrite

Delete Site
stsadm -o deletesite -url http://w2k3vpc

Manage Server Farm with Scripts
sharepoint-buildout-farm-scripts

Enumeration / Details
"C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\12\BIN\STSADM.EXE" -o enumsubwebs -url http://efleet

"C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\12\BIN\STSADM.EXE" -o enumsites -url http://efleet

Posted on

Scones

2 cups all-purpose flour (2 x 128g)
1/3 cup sugar, plus more for dusting
1 teaspoon baking powder
1/4 teaspoon baking soda
1/2 teaspoon salt
8 tablespoons unsalted butter, cold and cut into small pieces
1/2 cup sour cream
1 large egg
1 tsp ground cinnamon

Water: 1 cup = 236 grams
Milk, non-fat: 1 cup = 245 grams
Sugar: 1 cup = 200 grams

1/2 Batch

128g cups all-purpose flour
33g sugar

1/2 teaspoon baking powder
1/8 teaspoon baking soda
1/4 teaspoon salt
4 tablespoons unsalted butter, cold and cut into small pieces
1/2 tsp ground cinnamon

62g milk
1 large egg

Adjust oven rack to lower-middle position and preheat oven to 400 degrees F.

In a medium bowl, mix flour, 1/3 cup sugar, baking powder, baking soda, salt and cinnamon. Add the pieces of diced butter and combine, with your hands, until the mixture resembles coarse bread crumbs.

In a small bowl, whisk sour cream and egg until smooth. Using a fork, stir sour cream mixture into flour mixture until large dough clumps form. Use your hands to press the dough against the bowl into a ball. (The dough will be sticky in places, and there may not seem to be enough liquid at first, but as you press, the dough will come together.)

Place on a lightly floured surface and pat into a 7- to 8-inch circle about 3/4-inch thick. Sprinkle with approximately 1 1/2 tsp. of sugar. Use a sharp knife or pizza cutter to cut into 8 triangles; place on a cookie sheet (preferably lined with parchment paper), about 1 inch apart.

Bake until golden, about 15 to 17 minutes. Cool for 5 minutes and serve warm or at room temperature.

Posted on

Installing Perl Packages, debugging with Eclipse

I'll need a little more research, and I may have already installed some things, don't remember.

Ran the following command, and kept hitting enter for all responses, added all repositories.
# perl -MCPAN -e shell

Then ran the following command in CPAN
cpan> install PadWalker
cpan> exit

You need to install PadWalker prior to installing Epic inside Eclipse for Perl debugging.