Currently,I am using Manjaro linux for the first time so i don't know how to work with commands.I accidentally set a sudo password and now,i forgot my sudo password. How can i change it or get it so i can do my work with command prompt.
As long as your filesystems aren't encrypted, you can always boot a live OS (typically the original install media you used will suffice), mount your root (/) partition, chroot into it, and use passwd as required to change passwords. This is why physical security of an installation is important (and it is even if you do encrypt your filesystems).
https://wiki.archlinux.org/index.php/Reset_lost_root_password
Related
I am aware of functions to set a default user or change password for WSL Ubuntu like in askubuntu thread here or official docs.
What I'm looking for is when we do wsl from a cmd, or click the Ubuntu 18.04 LTS from Start Menu, I would like to have the same effect as when SSH into a server, it will ask for name or password. I do not want to automatically sign-in. I figured maybe all I need is to not set any default user, but couldn't find how to do that anywhere.
It seems to do this from a normal Ubuntu distro, I would have to edit it in the Settings > Detail or do it from terminal like here - but that's using gdm, I don't think WSL has that.
I use a workaround to impose password check for privileged users in WSL.
Had created a normal logins with sudo for me and my son in ubuntu2004. Additionaly
created kind of guest login without any privileges and made this login the default. So, after starting with bash, we both need to do su - your_login with usual password check.
that is not possible in WSL. Although you can add users and switch between them.
check this out for more info
This works for WSL2 Debian on Windows 11.
Create a special user (e.g. called "login") with no password, no home directory, and a special shell "/usr/bin/slogin".
The special shell is a script, made executable (chmod 755):
#! /bin/sh
exec sudo /usr/bin/login
Add a line to "/etc/sudoers" to let the special user run "login" without password:
login ALL = NOPASSWD: /usr/bin/login
Finally, make the special user the default user when launching WSL in /etc/wsl.conf:
[user]
default = login
To bypass the "login:" prompt, one could launch wsl with the -u option to choose the user to be something other than the special user ("login"), or use the bash Windows executable. bash can be redirected using a .bash_profile for the special user. But generally if you want to block such workarounds, I think you may have to restrict what Windows executables certain users can run (on Windows side), and do some Windows programming regarding security contexts.
I've been working with the server only for 2 days so I am sorry if that is simple question. I looked everywhere, but didn't find an answer.
So I have a Google compute engine account and I have owner privileges. When I run
gcloud compute ssh instance --zone us-central1-a
it works, but it creates a key with username that it takes from my computer account.
So when I am in google shell I can add or remove files using sudo. But when I go to Filezilla I have to use ssh file key and username from that key. And the only folder that accessible with that username is it's own folder. I am not sure what is the problem so I gave all the facts I could.
I'm not entirely sure I'm answering the right question, but I'll take a stab at it. The ssh keys created by/used by gcloud are specific to a particular linux user on your VM. As you note, you can use sudo when ssh'd in to edit files/directories owned by different users---the way this works is that you (roughly speaking) temporarily switch users to root when doing the file edit.
An scp client like Filezilla isn't going to be able to switch users that way. So you'll need a different technique to edit files with Filezilla.
I suggest ssh-ing in to your vm and using chmod or chown to change the ownership of files/directories that you want to use with Filezilla. Alternatively you could you use useradd -G to add you username to a group that can edit the files you care about.
Exactly what you'll do depends on the security policy you want to enforce for your files, but there a lots of decent options. The key test to run---can you get to a state where you can edit the files when logged in with SSH, but not using sudo? If so then you should be able to edit the files with Filezilla.
I've been battling with umask/permission problems for a while now in various cases. I have set www-data (run by nginx/php-fpm) to have a umask of 002 in the /etc/init/php-fpm.conf file, and my deployer user also has umask of 002 in /home/deployer/.bashrc. The application files all have the 0660 permissions (0770 for directories) so that they both can read/write them (the deployer's main group is www-data). However I keep running into cases where this umask is not getting honored, and files are set to 644 or 640.
My current case is when SSHing in as root using an ansible script, with the options of:
sudo: yes
sudo_user: deployer
Files created with ansible are getting file permissions of 644. How do I see where umask is getting set, and where to add the umask?
Secondly is there not a better way to do deployment? I would like to just avoid this issue completely and do all deployment work as the www-data user, but apparently that's a security issue. This umask stuff is really complicated deployment.
Thank you.
Probably depends on what flavor of Unix, but the man page for sshd for HP-UX says that when a user successfully logs in via SSH, one of the steps is:
Reads the file ~/.ssh/environment, if it exists, and users are
allowed to change their environment. See the
PermitUserEnvironment option in sshd_config(5).
So you may want to try to create a file /home/deployer/.ssh/environment and set the umask there too.
This doesn't probably apply to your situation, but for SFTP, you can have a system-wide setting for files transferred via sftp by including the command
SftpUmask 002
in the file /opt/ssh/etc/sshd_config or whatever your man page for sshd_config says.
I was able to get a default umask working with deployer, on Ubuntu Server 16.04, by following this page. In short, you need to edit /etc/pam.d/common-session and make sure there is a line that says session optional pam_umask.so umask=022 (or whatever umask you want). This will set a default umask for all connections, regardless of whether they are interactive or not.
DISCLAIMER: This may have ramifications system-wide for all users. I have not tested this solution extensively.
I set up Jenkins CI to deploy my PHP app to our QA Apache server and I ran into an issuse. I successfully set up the pubkey authentication from the local jenkins account to the remote apache account, but when I use rsync, I get the following error:
[jenkins#build ~]# rsync -avz -e ssh test.txt apache#site.example.com:/path/to/site
protocol version mismatch -- is your shell clean?
(see the rsync man page for an explanation)
rsync error: protocol incompatibility (code 2) at compat.c(64) [sender=2.6.8]
[jenkins#build ~]#
One potential problem is that the remote apache account doesn't have a valid shell account, should I create a remote account with shell access and part of the "apache" group? It is not an SSH key problem, since ssh apache#site.example.com connects successfully, but quickly kicks me out since apache doesn't have a shell.
That would probably be the easiest thing to do. You will probably want to only set it up with a limited shell like rssh or scponly to only allow file transfers. You may also want to set up a chroot jail so that it can't see your whole filesystem.
I agree that that would probably be the easiest thing to do. We do something similar, but use scp instead. Something like:
scp /path/to/test.txt apache#site.example.com:/path/to/site
I know this is pretty old thread, but if somebody comes across this page in future...
I had the same problem, but got that fixed when I fixed my .bashrc .
I removed the statement "echo setting DISPLAY=$DISPLAY" which was there before in my .bashrc. rsync has issues with that statement for some reason.
So, fixing .bashrc/.cshrc/.profile errors helped me.
I develop using MAMP pro on my Mac. When I start MAMP it prompts me for a password if I use port 80. If I use a higher port it doesn't prompt me, but I have to append the port number in the URL ( eg dev.local:8888 ).
Does anyone know how to make it not prompt for password when using standard ports?
Thank you.
I've put together an app that allows you to start/stop MAMP's Apache and MySQL without the password request, even on port 80. It stores the password in Keychain, so you only need to enter it once. It has a nice icon too!
Download: http://www.46palermo.com/blog/run-mamp-without-password-easy-way/
According to a living-e rep they are considering adding an option to store the password in the keychain:
http://forum.webedition.de/phpBB/viewtopic.php?f=4&t=5517&p=12019
Update: I pestered Living-e support and got them to add it as a feature request to their bug tracker. The link is here: http://qa.living-e.de/tracker/view.php?id=3648 (requires registration) if you want to follow it.
Another update: Still following this issue. Looks like living-e moved their bug tracker, the new link to this issue is:
http://bugs.mamp.info/view.php?id=3652
It's in German but the Google translation is:
When will start and stop the server in
each case the admin password is
required if port is used as low-1024th
If we could get the password from the
OS X Keychain / keyring, allowed
themselves to avoid annoying popup
ads.
Or a German speaker's translation is:
When the Server starts/stops it will ask for the admin password each time.
If it could get the password from OS X Keychain / Keyring, the annoying popup could be avoided.
As found on Macworld and already mentioned by Tom in the other answer there is a way with applescript! Downside is you have to save your user credentials in plain text.
Open AppleScript Editor
Enter the following code replacing YOURPASSWORD and YOURUSERNAME with your user credentials
Save it as application. You might tick run-only to prevent other users from reading the plain text as a small security measure
do shell script "/Applications/MAMP/bin/startApache.sh &" password "YOURPASSWORD" user name "YOURUSERNAME" with administrator privileges
do shell script "/Applications/MAMP/bin/startMysql.sh > /dev/null 2>&1"
There might be an issue with the correct file path as MAMP apparently changed startmySQL.sh to startMysql.sh in some version, so double check if it's not working!
You can put the new application in the Login Items (System Preferences -> Users & Groups -> Login Items), so the Apache server and MySQL start automatically without even showing up the MAMP-App at startup (silent start).
In response to the commands that were posted:
1) Run MAMP on port > 1024
Running all of the servers on MAMP (nginx, apache, mysql) with port ranges above 1024 allows the Mac OS X account you logged in with to launch the services, so you will not be asked for a password in this instance. Any server that runs below port 1024 requires root privileges when being executed.
2) chmod -R a+w /tmp
This command would recursively go through all files and sub folders in /tmp and make them writable for the current user. When MAMP launches, servers create temporary files in this directory.
Also if you decide you want to run the servers below port 1024 and want a solution with applescript that does not store the password in plain text then see this link applescript password with keychain
I'm now using these two applescripts to start/stop MAMP, you can save startup script is a login item so it's always up when I boot. It does mean storing your password in plain text, as Im the only one using this machine I can live with it, better than typing in my password at least three times a day.
I bind apache to port 8080 and then use port forwarding from 80 to 8080
sudo ipfw add 100 fwd 127.0.0.1,8080 tcp from any to any 80 in
Works for me, but I'm working on making the above script permanent. So far, nothing I've tried sticks, so I just run the command above in terminal after restarting. But you can then freely start and stop MAMP without a password and use a URL without :8080 or :8888.
Its a security issue, and MacOS with its UNIX heritage like security (=Good Thing). That's why MacOS asks for passwords all the time. Not much you can do about it as far as I know.
1) Run MAMP on port > 1024
2) chmod -R a+w /tmp