Thursday, May 16, 2013

Add / Remove user to an existing Group in Linux

Users & Groups in Linux : ( Add & Remove )

All Groups of unix system are listed in the file /etc/group
To see the list of all groups of system
$ cut -d: -f1 /etc/group

See all Groups of a user :
$ id -nG username
Suppose I want to see all Groups of user Thomas whose username is thomas :
$ id -nG thomas
The output is name of groups of thomas.
user1 root admin sambashare vboxusers usbuser mysql apache2
Here user1 is the Primary Group (First Group) & others are secondary Groups.
You can use following command too to see groups of a user.
$ groups username
The first group after colon is Primary Group.



Add an existing Group to user (Other groups should not be removed) :
$ usermod -a -G groupname username
Suppose I want to add a new group to user thomas, other groups should not be removed.
$ usermod -a -G newgroup thomas
Now an existing group newgroup has been added to user thomas. To see the changes, Run
$ id -nG thomas
The output is
user1 root admin sambashare vboxusers usbuser mysql apache2 newgroup



Add an existing Group to user (other groups should be removed, only Primary Group and currently added Group should be available) :
$ usermod -G groupname username
Suppose I want to add new group to user thomas, other groups should be removed. Only Primary Group and currently added group should be assigned to user.
$ usermod -G grp thomas
Now an existing group grp has been added to user thomas. All other secondary groups have been removed from thomas
To find current groups of user thomas
$ id -nG thomas
The output is
user1 grp
All other secondary groups are replaced with grp. Now there is only one secondary group for thomas.




Remove Group of a user :
You can remove only secondary groups of a user. Primary Group can't be removed by this command. If you want to remove primary group, you have to assign a new primary group for user. A user can't be modified without primary group.
$ gpasswd -d username groupname
Suppose I want to remove a secondary group apache2 from user thomas.
Right now there are following Primary Group & Secondary Groups of user thomas.
$ id -nG thomas
The output is
user1 root admin sambashare vboxusers usbuser mysql apache2 newgroup
Now I delete apache2
$ gpasswd -d thomas apache2
See the groups of user thomas
$ id -nG thomas
The output is
user1 root admin sambashare vboxusers usbuser mysql newgroup
apache2 has been removed for thomas.



Change Primary Group of a user :
$ usermod -g groupname username
It removes the current Primary Group of the user and replaces with new added primary group. Secondary groups are as it is. There is no change in Secondary Groups.
Suppose I want to change primary group of user thomas.
To see the groups of user thomas
$ id -nG thomas
The output is
user1 root admin sambashare vboxusers usbuser mysql apache2 newgroup
Now I run following command to change Primary Group
$ usermod -g newgroup2 thomas
Now Primary Group user1 has been removed from thomas and it is replaced with newgroup2. Now newgroup2 is primary group of thomas.
To verify the changes, I see the groups list.
$ id -nG thomas
The output is
newgroup2 root admin sambashare vboxusers usbuser mysql apache2 newgroup
Now the Primary Group is newgroup2.


fatal: Queue report unavailable - mail system is down

mail postfix/postqueue[20397]: fatal: Queue report unavailable - mail system is down

If you are getting this error while sending mail via Postfix, Restart the postfix.
$ sudo service postfix restart
Now try to send a mail.

If sendmail and postfix both are installed on the system, stop sendmail and try again with postfix.

If you are still getting same error. Remove and install postfix again.

dpkg: unrecoverable fatal error, aborting: Cannot allocate memory

dpkg: unrecoverable fatal error, aborting: fork failed: Cannot allocate memory

It means you do not have enough memory to execute the operation.

The fix is for memory error, if you are getting following error
E: Sub-process /usr/bin/dpkg returned an error code (1)
You should check this post.

Since it is a memory error, try to configure dpkg first.
$ sudo dpkg --configure -a
But if you are still getting the error.

Check the free and used physical memory in megabytes by following command.
$ free -m
It displays the total amount of free and used physical memory and swap space in the system, as well as the buffers and cache consumed by the kernel.


Flush file system buffers by executing :
$ sync
Now try again.

If you are still facing the same problem, follow this.
To free page cache:
$ echo 1 > /proc/sys/vm/drop_caches

To free dentries and i-nodes :
$ echo 2 > /proc/sys/vm/drop_caches

To free page cache, dentries and i-nodes :
$ echo 3 > /proc/sys/vm/drop_caches
Now try again.

Still the error is not fixed, you should check the RAM and SWAP space for your system / server. Assigning a bigger RAM / SWAP will solve the error.

Wednesday, May 15, 2013

Mysql error : start: Job failed to start

start: Job failed to start Error while starting mysql 

If you are not able to start mysql because of this error, try following solutions.

Solutions :

1) There should not be incorrect bind-address in my.cnf. If you have not uncommented it intentionally to enable binding, the line should be commented. If you are not sure about the address, comment the line and restart mysql.

2) Run following command and try to start mysql.
$ sudo dpkg-reconfigure mysql-server-5.5

3) Remove logfiles and try to start mysql.
$ sudo rm -rf /var/lib/mysql/ib_logfile*

4) If mysqld_safe is running with mysql, kill mysqld_safe
$ sudo killall -9 mysqld_safe

5) If any of these solutions are not working for you, try final solution.
    Remove and re-install mysql again.
Debian based :
$ sudo apt-get --purge remove mysql-server mysql-common mysql-client $ sudo apt-get install mysql-server mysql-common mysql-client
Yum Based :
$ sudo yum --purge remove mysql-server mysql-common mysql-client $ sudo yum install mysql-server mysql-common mysql-client

phpmyadmin : Cannot start session without errors

phpmyadmin error : cannot start session without errors please check errors given in your PHP and/or webserver log file and configure your PHP installation properly.




Open file php.ini.
apache2 (Debian, Ubuntu) : /etc/php5/apache2/php.ini 
httpd (RHEL, CentOS) : /etc/php.ini

Uncomment following line there.
If it is CentOS or RHEL :
session.save_path = "/var/lib/php/session" 
If it is debian or ubuntu :
session.save_path = "/tmp"

Restart Apache.

Saturday, May 11, 2013

ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: NO)

ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: NO)

Solutions:

1) Try to change root's password. But it does let you reach on command prompt. So what will you do? Follow this.

Stop mysql first
$ service mysql stop or $ service mysqld stop

Open mysql in safe mode
$ mysqld_safe --skip-grant-tables &

Login with root
$ mysql -u root

Update root's password.
mysql> use mysql; mysql> update user set password=PASSWORD("testpassword") where User='root';

If it does not give permission to update password then Flush Privileges first.
mysql> FLUSH PRIVILEGES;

Now try to set password again
mysql> update user set password=PASSWORD("testpassword") where User='root'; mysql>quit
Now root's password has been set to testpassword.

Restart mysql and try to log-in as root.

2) Have you tried to set password for root or any individual database in phpmyadmin or using command line? If you have done this, now you are trying to open phpmyadmin or try to log-in using command line and you are getting this error.

Solution : Put the same password in config file of phpmyadmin for same user.

By default root password is blank in config file and it looks like this.
$cfg['Servers'][$i]['user'] = 'root'; $cfg['Servers'][$i]['password'] = '';
Now set your password here and it will look like this.
$cfg['Servers'][$i]['user'] = 'root'; $cfg['Servers'][$i]['password'] = 'password-goes-here';
Restart mysql.

Operate mysql from command line

Use mysql using command line :

First install mysql client using command line.
apt-get install mysql-client or yum install mysql-client according to your Linux distribution.

Now go on mysql prompt using
$ mysql -h 127.0.0.1

If you want to log-in with root using command line
$ mysql -h 127.0.0.1 -u root

Root's password is blank. If it asks for password, do not write anything, just press Enter key.

$ mysql -h 127.0.0.1 -u root -p


Do not try to log-in with password protected user using command line.

If you try to log-in with password protected user, it gives following error :
ERROR 1045 (28000): Access denied for user 'admin'@'localhost' (using password: YES) 

phpmyadmin error : Script timeout passed

phpMyAdmin: Script timeout passed, if you want to finish import, please resubmit same file and import will resume.





If you are not able to upload large sql files in phpmyadmin because of this error, you need to increase your execution time.

Open config file of your phpmyadmin.

If you are using xampp, you will find the config file inside phpmyadmin directory. complete path : /opt/lampp/phpmyadmin/config.inc.php
If you are using apache2 or httpd
complete path : /usr/share/phpmyadmin/config.inc.php

Add following line in the config file.
$cfg['ExecTimeLimit'] = 0;

Restart Apache & mysql both.

Alternate Solution :
Continue Uploading : If you do not have access to server, you can continue uploading the same gzip, sql, zip, or bzip2 file then the data import will pick up where it left off.

Import mysql database using command line in Linux

Upload mysql database command :

If you want to import a mysql database using command line, here is the command.
$ mysql -h host-name -u username -p'password' "database_name" < "path/of/the/sql/file"

where 
hostname is name of your host. If you upload on your system it can be localhost or 127.0.0.1. If you would upload on server it would be IP of the server.
username is username of mysql user
password is password of mysql user, Remember there is no space between -p & single quote (')
database_name is name of your database in which you want to upload the sql file

Examples:

a) If you want to upload file on your localhost, the command would be (if root has no password)
$ mysql -h 127.0.0.1 -u root "database_name" < /path/of/the/sql/file

b) If you want to upload file on other system of same LAN, the command would be
$ mysql -h 192.168.1.7 -u john -p'johnathan' "webpro" < /home/user/documents/webpro.sql

where 192.168.1.7 - IP of other system of same LAN
john is username of mysql user
johnathan is his password
webpro is database name

NOTE :
Please create database first before running above command otherwise it would give error "ERROR 1049 (42000): Unknown database 'webpro'"

Friday, May 10, 2013

Increase import file size limit in phpmyadmin

Upload large size sql files in phpmyadmin :




1) Open file php.ini

2) Search parameters upload_max_filesize.

3) Increase the file size limit for the parameter.
upload_max_filesize=512M
Now you can upload sql files up to 512 MB in phpmyadmin.
In this example I have set limit 512 MB, you can set according to your requirement.

4) Increase file size limit for post_max_size and memory_limit too.
     It should be equal or greater than upload_max_filesize
post_max_size=1024M memory_limit=1024M

5) Restart Apache.



There is a instruction in php.ini that "Maximum amount of memory a script may consume (128MB)" but when you will increase the memory_limit size greater than 128M, you will see that you are not getting any error and large file has been uploaded successfully.

NOTE :
The first things to check are the values of upload_max_filesize, memory_limit and post_max_size in the php.ini configuration file. All of these three settings limit the maximum size of data that can be submitted and handled by PHP. post_max_size and memory_limit need to be equal or larger than upload_max_filesize.

Be careful to set memory_limit size. If it exceeds the limit, the phpmyadmin does not start. It shows blank page.

If you are not able to upload small size sql file (in-kb/mb) because of change in  memory limit. Make it again 128 MB and Restart Apache


Solution :2
If you are still facing problem while uploading large size sql files, upload them using command line. To see this method, click here .

You should see this post too. Click here.



phpmyadmin error : #1153 - Got a packet bigger than 'max_allowed_packet' bytes

 phpmyadmin- Got a packet bigger than 'max_allowed_packet' bytes

 


Error in phpmyadmin while uploading sql file :

1) Open file my.cnf 
path of the file : /opt/lampp/etc/my.cnf

2) Set value max_allowed_packet=128M under attribute [mysqld] 
    If parameter is not there, add it under attribute [mysqld] .
[mysqld] max_allowed_packet=128M

3) Restart XAMPP.

phpmyadmin - Fatal error : allowed memory size of bytes exhausted

Fatal error: Allowed memory size of bytes exhausted (tried to allocate bytes)




If you are not able to open phpmyadmin because of this error, follow the steps to remove it.

1) Open file php.ini
xampp : /opt/lampp/etc/php.ini
apache2 (Debian) : /etc/php5/apache2/php.ini 
httpd (RHEL) : /etc/php.ini

2) Search parameter memory_limit. By default it's value is 128M.
    Increase the value according to size of parameters upload_max_filesize and post_max_size.
memory_limit = 512M

3) Restart Apache.

There is a instruction in php.ini that "Maximum amount of memory a script may consume (128MB)" but when you will increase the memory size greater than 128M, you will see yourself that error is gone.


NOTE :
The first things to check are the values of upload_max_filesizememory_limit and post_max_size in the php.ini configuration file. All of these three settings limit the maximum size of data that can be submitted and handled by PHP. post_max_size and memory_limit need to be equal or larger than upload_max_filesize.

Be careful to set memory_limit size. If it exceeds the limit, the phpmyadmin does not start. It shows blank page.

You have increased the memory limit but you still get this error frequently. Restart the Apache will solve your problem. If you are working on live Linux server and it does not restart frequently. You might get this error too often, make a Crontab for daily Apache-Restart will solve your problem.

ERROR 2006 (HY000) at line ##: MySQL server has gone away


 MySQL server has gone away : Error while uploading sql file in phpmyadmin




1) Open file my.cnf 
xampp : /opt/lampp/etc/my.cnf
apache2 (Debian) : /etc/mysql/my.cnf 
httpd (RHEL, CentOS) : /etc/my.cnf

2) Set value max_allowed_packet=128M under attribute [mysqld] 
    If parameter is not there, add it under attribute [mysqld] .
[mysqld] max_allowed_packet=128M

3) Restart mysql.

Access forbidden : New XAMPP security concept : XAMPP - phpmyadmin error

Solution :
Access forbidden :  New XAMPP security concept error in phpmyadmin after new XAMPP installation





1) Open the file /opt/lampp/etc/extra/httpd-xampp.conf

2) Search text #New XAMPP security concept in the file and replace Deny from all to Allow from all under #New XAMPP security concept

3) Add line Require all granted in <Directory "/opt/lampp/phpmyadmin">
 Now it looks like this.
<Directory "/opt/lampp/phpmyadmin">     AllowOverride AuthConfig Limit     Require all granted     Order allow,deny     Allow from all     </Directory>

4) Restart XAMPP

If you are still getting problem

Solution : 2
Run following command
$ sudo /opt/lampp/lampp security
Set password for everything.
Restart XAMPP and try again.



Friday, May 3, 2013

User Status in Linux - Check user is locked or unlocked

If you are using CentOS or RHEL :

If you want to check your user's account status,Run following command :
$ passwd -S "username"
Change the text username with your username whose status you want to check.
If your user is locked, it shows
(Password locked.)
If your user is unlocked, it shows
(Password set, MD5 crypt.)
List of all locked accounts :
$ awk -F: '{ system("passwd -S " $1)}' /etc/passwd | grep " LK "
List of all unlocked accounts :
$ awk -F: '{ system("passwd -S " $1)}' /etc/passwd | grep " PS "

If you are using Debian or Ubuntu :

If you are using Debian or Ubuntu and your user is locked, it shows letter L with your username.

If you are using Debian or Ubuntu and your user is unlocked, it shows letter P with your username
List of all locked accounts :
$ awk -F: '{ system("passwd -S " $1)}' /etc/passwd | grep " L "
List of all unlocked accounts :
$ awk -F: '{ system("passwd -S " $1)}' /etc/passwd | grep " P "

Note :
If you are using CentOS 7 and you run following command to list all users with status
passwd -S -a
It gives following error
passwd: bad argument -a: unknown option
 

Use following command to list all users with their status
awk -F: '{ system("passwd -S " $1)}' /etc/passwd

Error 530 : Login incorrect

There can be several reasons of this error. Please try following solutions.

1) If you are using vsftpd, check this attribute in your vsftpd.conf
     local_enable=YES
     Value of the attribute should be YES otherwise you will not be able to log-in as a user. Restart the vsftpd after any change in configuration file.

Path of the vsftpd.conf :
/etc/vsftpd.conf  (if You are using debian or ubuntu)
/etc/vsftpd/vsftpd.conf (if you are using centOS, RHEL or fedora)

2) Check your username in the file ftpusers.
If your username is in the list, you can't log into your ftp account. This file contains the list of usernames who should not log-in. Remove your username from the list and save the file. Now try to log into your ftp account.

Path of the the file ftpusers :
/etc/ftpusers  (if You are using debian or ubuntu)
/etc/vsftpd/ftpusers (if you are using centOS, RHEL or fedora)

3) Open file /etc/passwd and search your username there. If your username's line ends with /sbin/nologin (centos or RHEL) or /usr/sbin/nologin (debian or ubuntu), it means user can not log in. Change the text /sbin/nologin (centos or RHEL) or /usr/sbin/nologin (debian or ubuntu) into  /bin/bashSave the file. Now User will be able to log-in.
Name of the shell should be defined for your username in the file /etc/passwd as well as it should be in the list in file /etc/shells.

4) User should not be locked by root. If user is locked, use following command to unlock. Now try to log-in.
$ sudo passwd -u username

5) If you are using CentOS or RHEL, the port 21 should be defined in the file /etc/sysconfig/iptables. Add following line in the file and restart iptables.
-A INPUT -m state --state NEW -m tcp -p tcp --dport 21 -j ACCEPT

6) Not very funny but check once your username, password & host name carefully. :-)

Wednesday, May 1, 2013

Lock & Unlock a User Account in Linux


To Lock a user account 
$ sudo passwd -l username

To UnLock a user account
$ sudo passwd -u username

Root can log into locked account using su - username but can't log in using ssh.
Other users can't log into locked account using su - username as well as ssh.

The message is displayed when users try to access the locked account.
su: Authentication failure


Disable and Enable users in Linux

Disable and Enable a user account in Linux :
 
Prevent user to access account / Prevent user to reach on shell prompt :

If you want to disable a user account in Linux, follow these steps.

if it is debian or ubuntu :
$ sudo usermod -s /usr/sbin/nologin username
if it is centos or fedora :
$ sudo usermod -s /sbin/nologin username

When you try to access disabled account, it says
This account is currently not available

Second Method : 
a) Open file /etc/passwd and search your username there.
b) If a line ends with /bin/bash, it means user can log in.
c) Change the text  /bin/bash  into /sbin/nologin (centos or fedora) or /usr/sbin/nologin (debian or ubuntufor your username.
d) Save the file. Now User will not be able to log-in.



Enable a User Account
Allow user to access account / Allow user to reach on shell prompt :

If you want to enable a user account in Linux, Run the command.
$ sudo chsh -s /bin/bash username

Second Method : 
a) Open file /etc/passwd and search your username there.
b) If a line ends with /sbin/nologin (centos or fedora) or /usr/sbin/nologin (debian or ubuntu), it means user can not log in.
c) Change the text /sbin/nologin (centos or fedora) or /usr/sbin/nologin (debian or ubuntuinto  /bin/bash  for your username.
d) Save the file. Now User will be able to log-in.

You can see the solution in the following video.



Saturday, April 27, 2013

Disable ftp account of a specific user

If you want to disable ftp account of any user, you should follow these steps.

The process does not prevent user to log into shell prompt. User can log into shell prompt as well as execute the commands but he can't use ftp services.

If you are using debian or ubuntu. Run following command.
$ echo username >> /etc/ftpusers
If you are using centos or fedora. Run following command.
$ echo username >> /etc/vsftpd/ftpusers
The user will not be able to access ftp account.

If you do not want to use command line. Open file /etc/ftpusers or /etc/vsftpd/ftpusers (according to your distribution) and add username in the list.
To Allow access :
Just remove the username from the file ftpusers.
Restart vsftpd.

Enable ftp account of root

By Default, root is not able to access ftp because it's name in the list of /etc/ftpusers or /etc/vsftpd/ftpusers
Remove root from the list.
Restart vsftpd.
root will be able to log-in using ftp.

If you are using CentOS, fedora or RHEL and still you are not able to log in as root in your ftp server.
Add following line in the file vsftpd.conf
userlist_deny=YES
Remove user root fin the file /etc/vsftpd/user_list and restart vsftpd.
root should be able to log-in using ftp.

Tuesday, April 23, 2013

Install webmin on Linux - CentOS, Fedora, Debian or Ubuntu

Download webmin from here.

1) If your Linux distribution is yum based like CentOS or fedora,
Download rpm file of webmin and install it using 
$ sudo rpm -ivh webmin-installation-filename.rpm
If your Linux distribution is dpkg(deb) based like ubuntu or debian,
Download deb file of webmin and install it using 
$ sudo dpkg -i webmin-installation-filename.deb

2) Now webmin is installed and we can access it using port 10000, Open it.
https://localhost:10000

3) If your firewall prevents to access webmin using other system of same LAN, you should define port 10000 in iptables.
Add following line in /etc/sysconfig/iptables
-A INPUT -m state --state NEW -m tcp -p tcp --dport 10000 -j ACCEPT

4) Restart iptables
$ sudo service iptables restart

5) Now you can access it using
https://ip-of-the-server:10000

6) username, password of webmin is same as root's username & root's password of the server.


webmin - Security Warning

Warning! Webmin has detected that the program 
https://IP-address:10000/right.cgi?open=system&open=status was linked to from an unknown URL, which appears to be outside the Webmin server. This may be an attempt to trick your server into executing a dangerous command.

First Method :
  • Login as root, and edit the /etc/webmin/config file.
  • Find the line referers_none=1 and change it to referers_none=0.
  • Save the file.
Second Method :
  • Login to Webmin normally.
  • Go to the Webmin Configuration module.
  • Click on the Trusted Referrers icon.
  • Check the Trust links from unknown referrers box, and click Save.
Final Method :
If above both methods do not work, follow this.
Open following link in chrome
Select radio button NO for Referrer checking enabled?
Now try again.

webmin - Error - Bad Request

Open webmin url with https
The correct url is https://localhost:10000/webmin

Monday, April 22, 2013

Log-in as root on Linux Terminal

I am going to show you three most used methods to log-in as root.

First way :
If you have sudo privileges as a user, you can use following command to log-in as root on terminal.
$ sudo -i
It asks for your (user's) password. After enter your password, you can log-in as root on terminal.

Second way :
$ su - or $ su - root
It asks for root's password. If you know root's password, you can log-in as root.

Third way:
You can log-in as root using secure shell (ssh)
$ ssh ip-of-the-server

If client and server are two different systems, the first two methods do not work to log-in as root on server. Only third method will work.

If client and server are in same system (root and users are in same system) , the first two methods do not require internet to log-in as root on terminal.

Third method requires internet to log-in as root on terminal.

Disable sudo privileges for user

If you want, user should not execute command with sudo.
To remove sudo permissions for user, follow the process.

1. Change the group of user. To see how to change the group of a user click here.

2. Do not define the group in file /etc/sudoers
     A group-name is started with symbol % in  /etc/sudoers
     Comment the line in /etc/sudoers
    #%group-name ALL=(ALL) ALL
Above line without comment gives sudo permission to all users of the group.
If you comment this line, no user of the group can use sudo while executing any command.

3. Now whenever user tries to run command with sudo, it says
 Error - username is not in the sudoers file. This incident will be reported.