Nix World

blog

Archive for the ‘Linux Services Details’ category

How to determine which sevices are enabled at boot time in linux

November 24th, 2010

How do I find out which services are enabled at Boot under Ubuntu/CentOS/RHEL/Fedora Linux? How can I disable a service which is not needed or I dont want to run every time the linux machine starts?

Open terminal and login as root user.

Type the following command to list all services which are enabled at boot:
#chkconfig –list | grep $(runlevel | awk ‘{ print $2}’):on

Sample output:
?
acpid             0:off 1:off 2:off 3:on 4:on 5:on 6:off
anacron           0:off 1:off 2:on 3:on 4:on 5:on 6:off
atd               0:off 1:off 2:off 3:on 4:on 5:on 6:off
auditd            0:off 1:off 2:on 3:on 4:on 5:on 6:off
cpuspeed          0:off 1:on 2:on 3:on 4:on 5:on 6:off
crond             0:off 1:off 2:on 3:on 4:on 5:on 6:off
dkms_autoinstaller   0:off 1:off 2:on 3:on 4:on 5:on 6:off
haldaemon         0:off 1:off 2:off 3:on 4:on 5:on 6:off
hidd              0:off 1:off 2:on 3:on 4:on 5:on 6:off
irqbalance        0:off 1:off 2:on 3:on 4:on 5:on 6:off
kudzu             0:off 1:off 2:off 3:on 4:on 5:on 6:off

The first column of above output is the name of a service which is currently enabled at boot. You need to review each service.

How to Disable services

To stop service, enter:

# service {service-name} stop
# service vmware stop

To disable service, enter:

# chkconfig {service-name} off
# chkconfig vmware off

You may also use ‘ntsysv’ command to manage all services.

View Comments »

Posted in CentOS, Linux, Linux Services Details

Tags: enabled at boot time in linux

How run script as simple user during booting time

October 20th, 2010

I have script which start some process but it need to login as user manoj because this script user home path /home/manoj/bin/manojprocess start

But i want to run this process automatically during the booting time but if i run it as root, my process will create some problem. So i have done following things

/etc/init.d/manojprocess
#!/bin/bash
su -c “/home/manoj/bin/manojprocess $1″ – manoj

and added the above script /etc/init.d/manojprocess into /etc/rc.local because /etc/rc.local will run after finishing init processes.

/etc/rc.local

# Start Manojprocess during booting time as Manoj user
/etc/init.d/manojprocess start

The -c Option with su command

Among the most commonly used of su’s few options is -c, which tells su to execute the command that directly follows it on the same line. Such command is executed as the new user, and then the terminal window or console from which su was run immediately returns to the account of the former user after the command has completed execution or after any program that it has launched has been closed.

If the command inclusive of its options has one or more spaces in it, then it must be enclosed in quotation marks; otherwise, su will interpret whatever comes after the first space in the command as the name of a user to whose account su is supposed to switch (the result of which will be an error message).

For example, the /root directory (i.e., the home directory of the root user) is generally not accessible to ordinary users, and thus the command ls /root will return a permission denied error message if it is issued by an ordinary user. However, the contents of this directory can be viewed (assuming, of course, that the correct password is supplied) by using su together with the ls command (which lists the contents of directories) as follows:

su -c "ls /root"

Either double or single quotation marks can be used. And a new user can be explicitly designated along with the command. For example, the following command switches to user bob’s account and produces a list of the contents of bob’s home directory (whose contents would not generally be viewable by other ordinary users):

su -c 'ls /home/manoj' - manoj

su together with its -c option can also be used to launch GUI (graphical user interface) programs. For example, it can be used to start Nautilus (a popular GUI file manager) with root access:

su -c nautilus

Nautilus can be a very handy alternative to the command line for navigating around the system. Root access makes all files and directories on the system available with Nautilus, whereas starting Nautilus as an ordinary user would make only a limited subset of files and directories available. Again, however, it should be emphasized that along with this power comes danger, and thus Nautilus should be used as root only under carefully controlled circumstances.

When a command is issued using su with its -c option, the console or terminal window session generally reverts back to the previous user as soon as the command has executed. This can be viewed as another built-in safety mechanism, because root (or any other substitute user) was apparently used just for a specific command, and thus it would presumably serve no purpose (and just be a security hole) to maintain the new ownership after the program terminated.

However, if the command that has been executed using su and its -c option has opened a program (e.g., Nautilus), that program remains open with the new owner’s (e.g., root’s) privileges until such program is explicitly closed. But the terminal window used to open the program cannot be used for other root operations while the program is running, and ownership of the session in the terminal window reverts back to the former user after the program is terminated.

One minor disadvantage of issuing commands by using the -c option with su, rather than just using su by itself (or using it together with a user name) to first change ownership of a login session, is that command line completion does not work with it. Command completion is a convenient feature of bash and some other shells that automatically completes the typing of a command name or a file name after only part of it has been typed and when the user then presses the TAB key. If su is used by itself to first switch ownership of the terminal session, command completion can then be used for subsequent commands as usual.

View Comments »

Posted in CentOS, Linux, Linux Services Details

Tags: The -c Option with su command

Password less ssh login

June 11th, 2010

SSH Login Without Password Using ssh-keygen & ssh-copy-id

You can login to a remote Linux server without entering password in 3 simple steps using ssky-keygen and ssh-copy-id

ssh-keygen creates the public and private keys. ssh-copy-id copies the local-host’s public key to the remote-host’s authorized_keys file. ssh-copy-id also assigns proper permission to the remote-host’s home, ~/.ssh, and ~/.ssh/authorized_keys.

This article also explains 3 minor annoyances of using ssh-copy-id and how to use ssh-copy-id along with ssh-agent.
Step 1: Create public and private keys using ssh-key-gen on local-host

jsmith@local-host$ [Note: You are on local-host here]

jsmith@local-host$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/jsmith/.ssh/id_rsa):[Enter key]

Enter passphrase (empty for no passphrase): [Press enter key]
Enter same passphrase again: [Pess enter key]
Your identification has been saved in /home/jsmith/.ssh/id_rsa.

Your public key has been saved in /home/jsmith/.ssh/id_rsa.pub.
The key fingerprint is:
33:b3:fe:af:95:95:18:11:31:d5:de:96:2f:f2:35:f9 jsmith@local-host

Step 2: Copy the public key to remote-host using ssh-copy-id

jsmith@local-host$ ssh-copy-id -i ~/.ssh/id_rsa.pub remote-host
jsmith@remote-host’s password:
Now try logging into the machine, with “ssh ‘remote-host’”, and check in:

.ssh/authorized_keys

to make sure we haven’t added extra keys that you weren’t expecting.

Note: ssh-copy-id appends the keys to the remote-host’s .ssh/authorized_key.
Step 3: Login to remote-host without entering the password

jsmith@local-host$ ssh remote-host
Last login: Sun Nov 16 17:22:33 2008 from 192.168.1.2
[Note: SSH did not ask for password.]

jsmith@remote-host$ [Note: You are on remote-host here]

The above 3 simple steps should get the job done in most cases.

We also discussed earlier in detail about performing SSH and SCP from openSSH to openSSH without entering password.

If you are using SSH2, we discussed earlier about performing SSH and SCP without password from SSH2 to SSH2 , from OpenSSH to SSH2 and from SSH2 to OpenSSH.
Using ssh-copy-id along with the ssh-add/ssh-agent

When no value is passed for the option -i and If ~/.ssh/identity.pub is not available, ssh-copy-id will display the following error message.

jsmith@local-host$ ssh-copy-id -i remote-host
/usr/bin/ssh-copy-id: ERROR: No identities found

If you have loaded keys to the ssh-agent using the ssh-add, then ssh-copy-id will get the keys from the ssh-agent to copy to the remote-host. i.e, it copies the keys provided by ssh-add -L command to the remote-host, when you don’t pass option -i to the ssh-copy-id.

jsmith@local-host$ ssh-agent $SHELL

jsmith@local-host$ ssh-add -L
The agent has no identities.

jsmith@local-host$ ssh-add
Identity added: /home/jsmith/.ssh/id_rsa (/home/jsmith/.ssh/id_rsa)

jsmith@local-host$ ssh-add -L
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAsJIEILxftj8aSxMa3d8t6JvM79DyBV
aHrtPhTYpq7kIEMUNzApnyxsHpH1tQ/Ow== /home/jsmith/.ssh/id_rsa

jsmith@local-host$ ssh-copy-id -i remote-host

jsmith@remote-host’s password:
Now try logging into the machine, with “ssh ‘remote-host’”, and check in:

.ssh/authorized_keys

to make sure we haven’t added extra keys that you weren’t expecting.

[Note: This has added the key displayed by ssh-add -L]

Three Minor Annoyances of ssh-copy-id

Following are few minor annoyances of the ssh-copy-id.

1. Default public key: ssh-copy-id uses ~/.ssh/identity.pub as the default public key file (i.e when no value is passed to option -i). Instead, I wish it uses id_dsa.pub, or id_rsa.pub, or identity.pub as default keys. i.e If any one of them exist, it should copy that to the remote-host. If two or three of them exist, it should copy identity.pub as default.

2. The agent has no identities: When the ssh-agent is running and the ssh-add -L returns “The agent has no identities” (i.e no keys are added to the ssh-agent), the ssh-copy-id will still copy the message “The agent has no identities” to the remote-host’s authorized_keys entry.

3. Duplicate entry in authorized_keys: I wish ssh-copy-id validates duplicate entry on the remote-host’s authorized_keys. If you execute ssh-copy-id multiple times on the local-host, it will keep appending the same key on the remote-host’s authorized_keys file without checking for duplicates. Even with duplicate entries everything works as expected. But, I would like to have my authorized_keys file clutter free.

View Comments »

Posted in CentOS, Linux, Linux Services Details, Security

Tags: SSH login without password

Services Descriptions

October 31st, 2009

avahi-daemon (avahi-daemon – The Avahi mDNS/DNS-SD daemon)

bluetooth (We can disabled this, as we are using Bluetooth in the server )

cups (Common UNIX Printing Solution. It is one system the computer uses to control the print queue,Leave it on if you have a printer)

ip6tables (iptables6 is part of the Linux Firewall. Leave it on if you are on a network, especially if you are connected to the world wide web. I think we can disable iptables6)

iptables (iptables is part of the Linux Firewall. Leave it on if you are on a network, especially if you are connected to the world wide web. I think we can disable iptables)

irqbalance (Daemon to balance irq’s across multiple CPUs. Only useful on SMP systems (more than one processor)

isdn (ISDN deamon for ISDN connections. Not needed unless you connect to the net through ISDN.)

mcstrans (Mcstrans is the translation daemon used on computers with SELinux enabled to translate program context into human-readable form. SELinux (Security Enhanced Linux) is a feature of the Linux kernel and a number of utilities with enhanced security functionality designed to add mandatory access controls to Linux. we don’t need this)

irda (Infra Red Data Association. Unless you are doing IR, we don’t need this)

messagebus (D-BUS is first a library that provides one-to-one communication between any two applications; dbus-daemon-1 is an application that uses this library to implement a message bus daemon. Multiple programs connect to the message bus daemon and can exchange messages with one another.)

microcode_ctl (It decodes and sends new microcode to the kernel driver to be uploaded to Intel IA32 processors. (Pentium Pro, PII, PIII, Pentium 4, Celeron, Xeon etc – all P6 and above, which does NOT include pentium classics)

pcscd (The pcscd is used for manage connections to smart card readers. we don’t need this)

xfs (The X font server (xfs) provides a standard mechanism for an X server to communicate with a font renderer, frequently running on a remote machine. It usually runs on TCP port 7100. You need to be running xfs if you want a remote X terminal to be able to use fonts from your system, or if you want to use fonts that your X server doesn’t understand (and the font server does), we don’t need this.

xend (used for virtualization, we can disabled if we are not using the virtualization)

xendomains (used for virtualization, we can disabled if we are not using the virtualization)

rwhod (The rwho protocol lets remote users get a list of all users logged onto a machine by running the rwho daemon.)

View Comments »

Posted in Linux Services Details

Back to Top

Valid XHTML 1.0 Transitional | Valid CSS 3