SFTP – Connections and File Permissions – Part 1

We did SSH setup as mentioned in SSH setup – Key based authentication In this article lets talk about "umask" and file permissions while doing SFTP. When a "user" is created - default "umask" is 0002(---w) - meaning no write permission for others. When the "user" creates a file : the default file permission subtract … Continue reading SFTP – Connections and File Permissions – Part 1

SSH setup – Key based authentication

Bastion host - Source Client host - Destination Scenario 1: Same user present on Bastion and Client hosts On Bastion host - I've created "test" user useradd -u 54321 -s /bin/bash -m -d /home/test -c "Test User" test and SSH keypair for the same. Now lets check the folder and files created.. Make a note of ".ssh" … Continue reading SSH setup – Key based authentication

Packages and Services

FTP yum install vsftpd firewallcmd --permanent --add-service=ftp systemctl enable vsftpd systemctl start vsftpd NTP yum install ntp systemctl enable ntpd systemctl start ntpd OpenLDAP yum install openldap openldap-clients nss-pam-ldapd authconfig authconfig --enableldap --enableldapauth --ldapserver=ldap://ldap.server.com --ldapbasedn="dc=example,dc=com" --update NFS yum install nfs-utils SAMBA yum install cifs-utils samba-client AutoFS yum install autofs

/proc file system

/proc files system contains information regarding the current processes and system information running on it. You can see the process ID's running at present on the system. #cat /proc/cpuinfo#cat /proc/meminfo You can see list of processes with the PID's present in it: Table 1-1: Process specific entries in /proc .............................................................................. File Content clear_refs Clears page referenced … Continue reading /proc file system

Kerberos Setup

Repo: http://mirror.centos.org/centos/7/os/x86_64/ Install Kerberos Packages: #yum install krb5-server pam_krb5 krb5-workstation 2. Open /etc/krb5.conf - uncomment "realms", "domain_realms" sections and edit with your own server and domains. 3. Open /var/Kerberos/krb5kdc/kadm5.acl - update domain. 4. Create Kerberos database #kdb5_util create -r -s "domain" #systemctl krb5kdc kadmin #firewall-cmd --add-service=Kerberos --permanent #firewall-cmd --add-port=749/tcp --permanent #firewall-cmd --reload #authconfig --enablekrb5 --update … Continue reading Kerberos Setup

Linux Swap Increase

First check from which LV group swap is provisioned from and see if there is space available to increase then follow the below steps. #swapoff -v /dev/VolGroup00/swap #lvextend -L + 5G /dev/VolGroup00/swap #mkswap /dev/VolGroup00/swap #swapon -va If the swap is from a disk partition #swapoff -av #dd if=/dev/zero of=/swap/swapfile bs=1G count=8 ( for 8 GB … Continue reading Linux Swap Increase

NFSv4 – Read Only File System Issue

From NFS server (10.10.10.9) exported as below: /exports 10.0.0.0/8(ro, no_root_squash, async, fsid=0) /exports/Mount 10.10.10.10/32(rw, no_root_squash, async) On NFS client (10.10.10.10): #mount -vvv -t nfs4 -o rw,no_root_squash,async 10.10.10.9:/ /mnt/temp #cd /mnt/temp #touch test.txt ( showing read-only file system which is fine). #cd /mnt/temp/Mount #touch test.txt ( showing read-only file system which is not ok). Things that … Continue reading NFSv4 – Read Only File System Issue