Learn Linux File Permissions

Learn Linux File Permissions

One of the center parts of the Linux filesystems is the thought of document authorizations. These consents are utilized to choose what a specific client can do with a document or index. While the strategy for working is very straightforward, it can confound at first to get it.

Clients

How about we begin with clients. This idea is genuinely straightforward, as every client will sign into a framework with a special client account. Clients may likewise be doled out to gatherings. There can be one essential gathering, and furthermore numerous auxiliary ones. These gatherings are by and large used to enable access to orders and documents for various clients with comparative parts as opposed to adjusting things on a for every client premise.

Records

Presently how about we take a gander at documents. Each record and index on a Linux framework is possessed by a client and a gathering. Regularly the proprietor will be the client that at first made the document, and the gathering will be that client’s essential gathering, however this can be changed. Records and indexes have their authorizations split into three levels: the owning client’s consents, the owning gathering’s authorizations, and others’ consents. By ‘others’, we mean any client that isn’t the proprietor or isn’t an individual from the owning gathering of the record.

File Permission Types

There are also three different permission types for a file:

  • Read access, which allows a user with that permission to read the file or view the contents of a directory.
  • Write access, which allows a user with that permission to modify a file or create files in a directory.
  • Finally there’s execute access, which allows a user with that permission to run the file as a program.

These consents are frequently contracted to r for read, w for compose and x for execute, which is clear when taking a gander at a document utilizing the ls summon with the – l banner to indicate a long yield:

ls – l

– rwxrw-r– 1 hayden 11895 Sep 28 22:23 testfile.sh

The initial segment of the yield demonstrates the authorizations on the document in which there are 10 characters. The first is a unique one used to distinguish a registry with a “d” or a connection with a “l”. After that we have three gatherings of three letters in the request of “rwx”, indicating which consents are alloted to the record. The main arrangement of three allude to the proprietor of the record, the second set to the owning gathering, and the third to others. Authorizations conceded are appeared by the letter, consents denied are supplanted with a hyphen “- “. So in the case over the proprietor has perused, compose and execute consent on the document, the gathering has perused and compose authorizations, and others have perused authorizations on the record.

These consents additionally have a numeric identical: 1 for execute, 2 for compose and 4 for read. These numbers would then be able to be included to join get to authorizations. For instance, 7 permits read, compose and execute authorization, while 6 is perused and compose consent.

To change the authorizations on a record the chmod (short for change mode) summon is utilized. There are two methods for utilizing this: one is to utilize the numeric assignments, and the other to utilize the in order ones. The numeric assignments are by and large used to set each of the three gatherings of access authorizations by giving three numbers. So to set the document consents that the testfile.sh case above has you would utilize:

chmod 764 testfile.sh

The in order mode is by and large used to include or expel an authorization from a set. It’s done in the configuration of <what to effect><add or remove><permission to set>. In what to impact the choices are:

u for the owning client.

g for the owning gathering.

o for others.

a for all.

Here are a few illustrations:

chmod a-r testfile.sh

chmod g+rw testfile.sh

chmod u-x testfile.sh

The main case expels read access for the proprietor, gathering and others from testfile.sh. The second includes read and compose access for the gathering for testfile.sh. The last illustration evacuates execute consent for the owning client from testfile.sh.

As should be obvious, working with the record authorizations is very straightforward and exceptionally adaptable.

 

A Data Protection Taxonomy

Data Protection Taxonomy

Building on the notion of a revised data protection and backup methodology described in my previous post, I think there is another important notion here: that of a data protection taxonomy.

As we think about moving backup away from a host-centric application, to a data-centric service, I think we need a way to consistently describe the data protection characteristics of a data set. This description needs to be completely independent of any storage array, application, data type, vendor, target, or network.

We need a simple, consistent means of sharing an entire data protection policy between any device or application responsible for providing data protection services.

I could then associate the data protection policy with a data set and any service provider for data protection could interpret it, and provide the mandated service level.

Basically, any data object could have such a policy associated with it. And I could bind that policy to it in all kinds of interesting places.

How about binding a policy to a VM and making it available through the APIs on ESX or VSphere? How about binding a policy to a database and making it available through the Oracle APIs? How about binding a policy to an OS? Better yet, how about binding it to a consistency group or LUN on an array?

At this point, with the appropriate credentials, any data protection service provider–be it archival services, Continuous Data Protection (CDP) services, backup services (hosted on an appliance, an array, in a traditional backup application)–can read or request the policy, and provide the required data protection service.

More practically: any service provider, from any vendor can act upon any data set, resident upon any storage.

How is that for no more vendor lock in?

If such a taxonomy could be widely agreed upon and adopted, the potential for increased architectural freedom for data protection services is enormous. The role of the traditional backup server would likely be reduced to that of a simple meta-data catalog. I am fine with that. But our ability to meet the architectural goals I described in the last post on broken backup would be significantly increased. I might go so far as to say that without this taxonomy, getting to that goal would be difficult to impossible.

The taxonomy I propose is described below

There are two forms: the simple, for those inclined to simplify data protection and retention, and the complex for those who want very exact control over when backups are taken and how they are retained. In either form, I think the taxonomy captures any characteristic we need to fully describe a comprehensive data protection scheme.

To clarify, the numbers represent a numeric value which must be summed. The sum will describe what data protection services are required. So, in the simple scheme, a 7 designates a data set that needs CDP, backup, and archive. A 2 designates a data set that gets traditional backup only.

Also Read : SQL Server Express 2018 JDBC Driver v1.2 Official Release

The letters would actually have a numeric value which provides the value for an actual, or the length of a retention.

So, using the simple case again, a data set described by 2,0,0,14,0,12,0 gets backup (only), and retains 2 weeks of daily backups, and 12 months of full backups.

Note that I have deliberately excluded the notion of full, incremental, progressive, deduplicated, and differential backups. In principal these simply offer different means of retaining the same data: from a logical retention perspective, they are identical. The implementation of these is determined by the protection methodology used by the data protection service provider–but is irrelevant to the actual policy. Put another way: if your service provider is Avamar, you might do a source deduplication, and always do incrementals (or fulls–they really are the same thing from an Avamar perspective). If it is TSM, you might do incrementals forever for some data sets, and fulls with standard incrementals for others. This is a choice best determined by the data protection service provider, and does not need to be described in our data protection taxonomy.

The two forms are:

Simple

Frequency of protection (CDP or backup) 1,2

  • Duration of CDP protection – # of hours

Eligible for archive (yes or no) 4

  • Age before archive (# of hours) a
  • Size before archive (bytes) b

Number of backups retained:

  • # of daily images c
  • # of weekly images d
  • # of monthly images e
  • # of annual images f

Therefore, backup policy = x,a,b,c,…,f; where x>0 and x<8

Complex

Frequency of protection (CDP or backup) 1,2

  • Duration of CDP protection – # of hours

Eligible for archive (yes or no) 4

  • Age before archive (# of hours) a
  • Size before archive (bytes) b

Number of backups retained:

  • # of daily images
  • Monday 8,c
  • Tuesday 16,d
  • Wednesday 32,e
  • Thursday 64,f
  • Friday 128,g
  • Saturday 256,h
  • # of weekly images
  • First 512,i
  • Second 1024,j
  • Third 2048,k
  • Fourth 4096,l
  • Fifth 8192,m
  • # of monthly images 32,n
  • # of annual images 64,o
  • Weeklies, monthlies, and annuals on first weekend of calendar 16384

Therefore, backup policy = x,a,b,c,…,o; where x>0 and x<32,768

 

Configure your Link Structure with YOURLS

Link structure

In the modern world of social media, people often try to say as much as they can with as few characters as possible. Especially with services such as Twitter limiting you to 140 characters, getting the message across in such a short message is a challenge. This gets harder still when you want to include hyperlinks in your message, allowing readers to click through for more information, as these links are often long and eat into that precious character allowance.

While a number of link-shortening services have appeared to aid in this – allowing you to shrink a hyperlink to fewer than 20 characters – these are often generic and anyone can shorten a link with them. This makes it impossible for a reader to know the legitimacy of a link before they click on it as they have no idea what domain they will end up clicking through to. Social media account hijackings mean that users are likely to be more cautious about these links.

So what is the solution?  Link shortening using your own domain is the ideal scenario, which is where YOURLS comes in. This is a web application that creates a forward for a short character combination through to a longer hyperlink. So rather than seeing a generic hyperlink that could be of questionable quality, the reader can now see a link with a domain name they trust – your domain – and know that only someone from your company could create that link.

YOURLS is a PHP application that uses a MySQL database to keep track of the links. This means that it can be used on any web hosting environment with PHP and MySQL. For the sake of this tutorial we are going to assume that you already have a server with  a LAMP or WAMP stack installed, and have created a Virtualhost for the domain you plan to use with YOURLS. You will also need to create a database for YOURLS to use.

Also Read : How to Maximize Your Chance of Winning When Playing Judi Online

The first thing to do is download the latest release from the YOURLS Github page: https://github.com/YOURLS/YOURLS/archive/master.zip

Unzip this file and copy the files contained within the YOURLS-master directory to the root of your virtual host or web hosting space.

You now need to copy the file “users/config-sample.php” to “users/config.php”. Once this is done you need to edit the config.php file and put in the details for your hosting environment.

This file is well documented, but you do need to go through all of the steps:

  • The first step is to set the details for the database that you are going to be using with YOURLS. You then need to define the domain name that you are configuring YOURLS to work with, i.e. the domain pointing to where you put these files.
  • Next, you need to provide your timezone’s offset from GMT. Then, if you need to use a different language than English, add the details of the translation file to use.
  • The next few settings can be left at their default. After that, you can enter a long string of random text to encrypt the YOURLS cookie data in the cookie key .

Next comes an important part: the creation of an array of username and password combinations for users who can log in and create shortening links. These are added in this file using plain text, but the first time that you use YOURLS after editing this file, the passwords will be transformed into a secure hash which will then overwrite the plain text version for password security. You can have as many ‘username’=>’password’ pairs here as you need for your site’s users.

The last few settings should be fine as they are for the rest of your usage. So save this file, and you are ready to get started. If you edited the file on your local computer, make sure you’ve uploaded it to your web space.
Now you can start using YOURLS: navigate in your browser to http://your-domain.com/admin/ replacing “your-domain.com” with the domain you have used for this site and you will be greeted with the login screen for your YOURLS admin. You can sign in using one of the username/password combinations you created earlier and start shortening URLs.

 

This article was brought to you by VPS.net, for dedicated server hosting, cloud servers and 24/7 support visit our site here vps.net

Setup MySQL Replication

MySQL Replication

Welcome back to our series on creating a highly available solution using VPSs on our public cloud. In the last part we looked at configuring Master-Master configuration for MySQL on the servers. We had the MySQL configuration set to listen for public connections to the server and configured the iptables firewall to only allow remote connections from the other server in the pair. Now we’ll conclude by setting the MySQL replication going on the servers.

How to set up MySQL replication

To get things going we need to create a user to perform the replication for MySQL. So first we need to log into the MySQL server as root on the first server:

mysql -u root -p

Once signed in, issue the following commands, making sure to adjust the IP address for your setup and change password for a secure password. The IP address should be the one of the second server. We are creating a user that MySQL will connect with from the second server to replicate data.

CREATE USER ‘repl_user’@’192.168.0.3’ IDENTIFIED BY ‘password’;

GRANT REPLICATION SLAVE ON *.* TO ‘repl_user’@’192.168.0.3′;

Now we need to get the position of the master log file: keep a copy of the output from this command:

SHOW MASTER STATUS;

With that done you can now exit the MySQL command line:

QUIT;

Now connect to the second server and repeat the process using the first server’s IP address to allow that to replicate in the other direction:

mysql -u root -p

CREATE USER ‘repl_user’@’192.168.0.2’ IDENTIFIED BY ‘password’;

GRANT REPLICATION SLAVE ON *.* TO ‘repl_user’@’192.168.0.2′;

SHOW MASTER STATUS;

Again, make a note of the master status information.

Now we can go back to the first server and start the replication, again by logging into the MySQL command line:

mysql -u root -p

Now run the following commands, changing the IP to match the second server’s IP, the password to match the password, the master log file to match the file shown in the SHOW MASTER STATUS output on the second server, and the MASTER_LOG_POS to match the second server’s position:

SLAVE STOP;

CHANGE MASTER TO MASTER_HOST = ‘192.168.0.3’, MASTER_USER = ‘repl_user’, MASTER_PASSWORD = ‘password’, MASTER_LOG_FILE = ‘filename.log′, MASTER_LOG_POS = XX;

SLAVE START;

Now you can check the status of its replication from the other server with:

SHOW SLAVE STATUS\G;

Note that the “\G” isn’t a typo, and is used to inform MySQL to provide a different output formatting which can make this command’s output more readable.

Finally, we repeat the process on the second server, noting that this time the IP address should be the one for the first server, and then that logfile and position should be the ones we got from the first server’s master status output:

SLAVE STOP;

CHANGE MASTER TO MASTER_HOST = ‘192.168.0.2’, MASTER_USER = ‘repl_user’, MASTER_PASSWORD = ‘password’, MASTER_LOG_FILE = ‘filename.log′, MASTER_LOG_POS = XX;

SLAVE START;

With that done, again you can check the replication status with:

SHOW SLAVE STATUS\G;

To test it you can make a change on one of the servers and see if it replicates over to the other server. To do that we’ll create a test database on the second server:

CREATE DATABASE test;

Now if you go back to the first server you can use the following command at the MySQL command line to see if the database copied over:

SHOW DATABASES;

The replication should be almost instant unless there are network issues between the servers.  If it doesn’t appear within a few minutes then you’ll need to check that the two servers are communicating ok.  Otherwise, if it replicated fine we can delete the database on the first server:

DROP DATABASE test;

With this done you can now go back over to the second server to check if the test database has been deleted:

SHOW DATABASES;

Also Read : Optimized VPS Performance Tips

If it has gone then you are all good, and the Master-Master replication is working and successfully duplicating the database between each server. Next time we’ll look at how we can duplicate the files for our website between the servers using Unison.

Using Custom Error 404 with Apache

custom 404

When you manage a website, a great deal of time is spent customizing the software, running it, and tweaking the layout and design to match the ideas you have for how it should look. Normally we only think about the parts of the website we expect visitors to see. Unfortunately there are some common pages that can be missed: the error pages.

Error Pages

While in an ideal world no one should ever see an error page on your website, there are a number of factors that could cause them to be shown. One is shown as a result of user error, when someone incorrectly types in a link they have tried to remember. In this tutorial we’ll look at how we can go about serving custom error pages with the Apache web server instead of the standard and plain built-in ones. This means you can make your error pages match the rest of your site design, and even include navigation to link visitors back to important pages on your site.

The errors we’ll be concentrating on here are these common ones that may often be encountered by a browser:

401 – Unauthorized: This error is seen for pages where authentication is required but the user has not given authentication details.

403 – Forbidden: This error is given for pages where authentication is required and incorrect details have been provided.

404 – Not Found: This error is given when the web server is unable to locate the file that the visitor has requested.

500 – Internal Server Error: This is given when there is an error processing the request but there isn’t an applicable and more specific error to provide.

There are many more errorsthan this, but most are unlikely to be encountered except for a number of specific web server implementations.

To make this work, the first thing you need to do is create web pages for the errors that need to be served. First you’ll need to go to your website’s webroot directory on your server. In that directory we’ll create 4 files, named after the different errors, so 401.html, 403.html, 404.html, and 500.html. Into these you’ll need to put the HTML code to create your error pages. If you don’t know HTML then an easy way of doing this is to open your website in your web browser, right click on the page and select “view source”. Copy and paste the HTML content from the page into a text editor and then find the content from the page and replace it with the text you wish to use for your custom error page. You can test how this looks by saving it to your local computer using the relevant filename, and opening it in your web browser.

Once you are happy with the HTML content for your error pages, you can paste that into the files on your server. You can then test the pages work by navigating to them in a web browser, for example:

http://www.example.com/404.html

 

You’d need to replace “www.example.com” with your website’s domain name, of course. If the page loads without problem then it’s ready to be used. The last thing to do is to configure Apache to serve your error documents instead of the standard ones. There are two ways to do this: one is using a .htaccess file which is placed in your website’s web root directory and is normally used when you don’t have access to edit the virtualhost files for the website such as with shared hosting. The other method (which is preferred if you are the administrator of the system) is to place the ErrorDocument directives at the end of the virtualhost file before the trailing </VirtualHost> line. Below is the text you would need to paste into the file to make it work:

ErrorDocument 401 /401.html

ErrorDocument 403 /403.html

ErrorDocument 404 /404.html

ErrorDocument 500 /500.html

 

Save and exit the file edited. If you used the .htaccess file then you don’t need to do anything else for it to work. If you place the directives in the virtualhost file you will need to reload Apache with the following:

On CentOS/Red Hat systems:

sudo systemctl reload httpd

On Debian/Ubuntu systems:

sudo systemctl reload apache2

You can now test that it works by navigating to a page that doesn’t exist on your website, after which you should be served your new custom 404 error page.

How to Choosing Password Cryptdecrypt

alogaritm cryptdecrypt

It is absolutely necessary to choose a strong password to make sure that no one can decipher and decrypt your files. If you password based on a word from a dictionary or is short in length you are definitely putting yourself in a jeopardy. Anyone who would try to decrypt your files might run a dictionary check and then decrypting your files would be a matter of days. It is recommended that you use a long password containing numbers and non-dictionary characters, like “#”, “%” for example. In other words “password” is a bad choice for a password and “MN*ba5^001mqlw” is a good one.

Complexity vs. Password Length

Adding special characters to your password increases its complexity. This also makes passwords harder to hack but comes at the expense of making them harder to remember. When choosing between adding special characters or adding length to your password, longer passwords always win – they are stronger and more user-friendly than shorter passwords of greater complexity.

Picking a Passphrase

Passwords should be memorable, but not easily guessed. ITS recommends that you create a passphrase that is easy for you to memorize by combining a set of simple, unrelated words. You could simply choose words that you think of to create a passphrase; but a passphrase that is made from an unrelated series of words is inherently more secure because it is less likely to be guessed or cracked using brute force techniques.

And do not forget there rules about using the passwords:

1. Do not write your password anywhere
2. Do not tell anybody your password
3. Do not select weak password. Do not select password as a dictionary word, “12345”, “password” etc. Use digits, symbols and capital letters in the password.
4. When you choose password make sure it can not be guessed
5. If you suspect that someone might know your password change it.
6. Make sure that no one is looking over your shoulder when you enter the password.

Choosing a Strong Password

Passwords for your UNCG computing accounts are used to access many UNCG services, as well as your personal files, email, etc. So choosing a strong password and keeping it safe is important.

Longer Passwords Are Stronger

UNCG password policy requires the use of passwords between 16-30 characters. Passwords of this size may sometimes be referred to as “passphrases.” Passphrases can be easier for you to remember, while being more difficult for an attacker to guess.

In general, the longer your password is, the harder it is to be “hacked” (guessed or determined by password-hacking software). In fact, as you move from, say, an eight-character to a 16-character password, the length of time it would take a hacker to determine your password grows exponentially.