Linux the great

Sandstorm is an Open Source self-hostable web productivity suite implemented as a security-hardened web app package manager. It is a radically easier way to run personal instances of your web application at one place. It allows you to have your own personal server to install multiple application on it through an app store interface as easily as you would install apps on a phone. Sandstorm keeps a list so you can find everything you create and its unified access control system covers data from every app, and everything is private to you by default. Find any app you want on the App Market and start using it with a few clicks. Every app comes with automatic updates. More than all it protects you, each document, chat room, mail box, notebook, blog, or anything else you create is a "grain" in Sandstorm. It containerizes each one in its own secure sandbox from which it cannot talk to the world without express permission. All your grains are private until you share them. The resul...

Hexdump is a very useful Linux command for developers and application debuggers. It has ability to dump file contents into many formats like hexadecimal, octal, ASCII and decimal. This command takes a file, or any standard input, as input parameter and converts it to the format of your choice. Let's assume you work with binary data and you are unable to understand the format of a file, you can make use of Hexdump command to get file contents in much better readable format. This command comes pre-installed with all modern day Linux operating systems like CentOS, Fedora, Ubuntu, Debian, Arch Linux etc. In this article, we will be demonstrating the use of hexdump command using various examples. Written in C language, this command might be easy to understand by professional C programmers, but for other IT professionals, it might be a tricky command. We will try to do our best to demonstrate its usage and purpose here in this article. 1) Hexdump -b Using "-b" switch with...

If you manage a lot of Linux systems via command line, you must be aware of the hectic task to remember all the commands you use on daily basis. You often need to go into your system's history and find the required commands from there. Pet is a command line based tool which makes a system administrator's life easy. It is an easy to use snippet manager, which saves your command snippets and you can easily view and use them when needed. Command line junkies find this tool extremely important, it is completely a freeware script, the setup process is pretty simple and it runs on almost all flavors of Linux operating system as well as Mac OS. It is built using the well known Go programming language and requires some python modules like Peco and brew to work properly. It is written by Teppei Fukuda and its source code is available on  Github . In this tutorial, we will discuss its prominent features, installation process, and some usage example. Stay with us, it's going to be ...

When we speak of the command line, we are really referring to the shell. The shell is a program that takes keyboard commands and passes them to the operating system to carry out. Almost all Linux distributions supply a shell program from the GNU Project called bash. The name “bash” is an acronym for “Bourne Again SHell”, a reference to the fact bash is an enhanced replacement for sh, the original Unix shell program written by Steve Bourne. Terminal Emulators When using a graphical user interface, we need another program called a terminal emulator to interact with the shell. If we look through our desktop menus, we will probably find one. KDE uses konsole and GNOME uses gnome-terminal, though it's likely called simply “terminal” on our menu. There are a number of other terminal emulators available for Linux, but they all basically do the same thing; give us access to the shell. You will probably develop a preference for one or another based on the number of bells and whistles it...

If an ACL has been set on any file on a given file system, that file system has the  ext_attr  attribute. This attribute can be seen using the following command: # tune2fs -l filesystem-device A file system that has acquired the  ext_attr  attribute can be mounted with older kernels, but those kernels do not enforce any ACLs which have been set. Versions of the  e2fsck  utility included in version 1.22 and higher of the  e2fsprogs  package (including the versions in Red Hat Enterprise Linux 2.1 and 4) can check a file system with the  ext_attr  attribute. Older versions refuse to check it.

By default, the  dump  command now preserves ACLs during a backup operation. When archiving a file or file system with  tar , use the  --acls  option to preserve ACLs. Similarly, when using  cp  to copy files with ACLs, include the  --preserve=mode  option to ensure that ACLs are copied across too. In addition, the  -a  option (equivalent to  -dR --preserve=all ) of  cp  also preserves ACLs during a backup along with other information such as timestamps, SELinux contexts, and the like. For more information about  dump ,  tar , or  cp , refer to their respective  man  pages. The  star  utility is similar to the  tar  utility in that it can be used to generate archives of files; however, some of its options are different. Refer to Table 4.1, “Command Line Options for  star ” for a listing of more commonly used options. For all available options, refer ...

To determine the existing ACLs for a file or directory, use the  getfacl  command. In the example below, the  getfacl  is used to determine the existing ACLs for a file. Example 4.4. Retrieving ACLs # getfacl home/john/picture.png The above command returns the following output: # file: home/john/picture.png # owner: john # group: john user::rw- group::r-- other::r--   If a directory with a default ACL is specified, the default ACL is also displayed as illustrated below. For example,  getfacl home/sales/  will display similar output: # file: home/sales/ # owner: john # group: john user::rw- user:barryg:r-- group::r-- mask::r-- other::r-- default:user::rwx default:user:john:rwx default:group::r-x default:mask::rwx default:other::r-x

To set a default ACL, add  d:  before the rule and specify a directory instead of a file name. Example 4.3. Setting default ACLs For example, to set the default ACL for the  /share/  directory to read and execute for users not in the user group (an access ACL for an individual file can override it): # setfacl -m d:o:rx /share

There are two types of ACLs:  access ACLs  and  default ACLs . An access ACL is the access control list for a specific file or directory. A default ACL can only be associated with a directory; if a file within the directory does not have an access ACL, it uses the rules of the default ACL for the directory. Default ACLs are optional. ACLs can be configured: Per user Per group Via the effective rights mask For users not in the user group for the file The  setfacl  utility sets ACLs for files and directories. Use the  -m  option to add or modify the ACL of a file or directory: # setfacl -m rules files Rules ( rules ) must be specified in the following formats. Multiple rules can be specified in the same command if they are separated by commas. u: uid : perms Sets the access ACL for a user. The user name or UID may be specified. The user may be any valid user on the system. g: gid : perms Sets the access ACL for a group...

Files and directories have permission sets for the owner of the file, the group associated with the file, and all other users for the system. However, these permission sets have limitations. For example, different permissions cannot be configured for different users. Thus,  Access Control Lists  (ACLs) were implemented. The Red Hat Enterprise Linux kernel provides ACL support for the ext3 file system and NFS-exported file systems. ACLs are also recognized on ext3 file systems accessed via Samba. Along with support in the kernel, the  acl  package is required to implement ACLs. It contains the utilities used to add, modify, remove, and retrieve ACL information. The  cp  and  mv  commands copy or move any ACLs associated with files and directories. 4.1. Mounting File Systems Before using ACLs for a file or directory, the partition for the file or directory must be mounted with ACL support. If it is a local ext3 file system, it can mou...

Apart from the  Users  settings tool described in Section 3.2, “Managing Users in a Graphical Environment”, which is designed for basic managing of users, you can use command line tools for managing users and groups that are listed in Table 3.1, “Command line utilities for managing users and groups”. Table 3.1. Command line utilities for managing users and groups Utilities Description id Displays user and group IDs. useradd ,  usermod ,  userdel Standard utilities for adding, modifying, and deleting user accounts. groupadd ,  groupmod ,  groupdel Standard utilities for adding, modifying, and deleting groups. gpasswd Utility primarily used for modification of group password in the  /etc/gshadow  file which is used by the  newgrp  command. pwck ,  grpck Utilities that can be used for verification of the password, group, and associated shadow files. pwconv ,  pwunconv Utilities that can be used...