Shutdown linux machine by non root user
Shutdown/ Reboot linux machine by non root user
01. Create a group testgroup and a user test under this group
# groupadd testgroup
# adduser -G testgroup test
02. Temporarily change permissions of /etc/sudoers, so you have write permission on this file:
# chmod u+w /etc/sudoers
03. Give the the Group and its users permission to execute the shutdown command by editing
/etc/sudors
# vi /etc/sudoers
Add the following Line:
%testgroup ALL= NOPASSWD: /sbin/shutdown
04. Remove the write persmission on /etc/sudoers file
1 / 2Shutdown by Non-Root User
# chmod u-w /etc/sudoers
04. Any user of Group "testgroup" (i.e user test) can shutdown the Linux box by executing
following command
# sudo shutdown -h now
Perform command at time
Uses of "at" command to do job at specific time:
01. For example, your office declared the internet connection will be off after 8 pm, but you've to leave office now. don't worry ! just issue the following command and get out of your office. If you use squid type the following command:
# at 20:00
at> service squid start
(Press CTRL+D to save)
If you use your linux box as router:
# at 20:00
at> echo 1 > /proc/sys/net/ipv4/ip_forward
02. When I take exam in my class, the questions and answer sheet is available in my webserver. If the exam starts from 10.00 am and ends at 11.00 am.
# at 10:00
1 / 5Perform a command at specific time
at> service httpd start
CTRL+D
# at 11:00
at> service httpd stop
CTRL+D
03. When the last date of submission a project through ftp is 06:00 pm, 11th June, 2011
# at 18:00 06/11/2011
at> service vsftpd stop
CTRL+D
Two more "at" related utilities
atq : show the current pending jobs
2 / 5Perform a command at specific time
atrm: remove any pending job
While "at" command is used for performing a command (or run a script) once at a specific time,"cron" is used to perform the job repeatably at a specific time. For example, If your office decided to keep your internet from 08.00 am to 6.00 pm everyday, you need to do the
followings:
01. Create two executable scripts which will be used to stop squid and start squid
# vi /usr/sbin/stopsquid
------------------------------------------
#! /bin/bash
service squid stop
------------------------------------------
# chmod 755 /usr/sbin/stopsquid
3 / 5Perform a command at specific time
# vi /usr/sbin/startsquid
------------------------------------------
#! /bin/bash
service squid start
------------------------------------------
# chmod 755 /usr/sbin/startsquid
02. run the corn at 08 hours and 18 hours
# crontab -e
00 18 * * * /usr/sbin/stopsquid
00 08 * * * /usr/sbin/startsquid
# service crond restart
4 / 5Perform a command at specific time
For more information about corn: manpage of crontab, crond
Searching and File Operations in linux
TOP 10 largest file
# find /var -type f -ls | sort -k 7 -r -n | head -10
FIND FILES MORE THAN 5Gb
# find /var/log/ -type f -size +5120M -exec ls -lh {} \;
Find all temp files older than a month and delete:
# find /usr/home/admin/Maildir/new -mtime +30-type f | xargs /bin/rm -f
# find /usr/local/apache -mtime +30-type f | xargs /bin/rm -f
# find /usr/home/admin/Maildir/new -mtime +30-type f | xargs /bin/rm -f
# find /usr/local/apache* -type f -mtime +30 -exec rm '{}' '+'
# find /home/ksucre/Maildir/new/ -mtime +50-type f | xargs /bin/rm -f
# find /usr -size +5000M
To find files older than, for example, 10 days.
# find /home/user1/Maildir/new -mtime +10
Find files older than, say, 30 minutes:
# find /tmp -mmin +30
Remove files older than x days like this
# find /path/* -mtime +x -exec rm {} \;
# find /var -type f -ls | sort -k 7 -r -n | head -10
FIND FILES MORE THAN 5Gb
# find /var/log/ -type f -size +5120M -exec ls -lh {} \;
Find all temp files older than a month and delete:
# find /usr/home/admin/Maildir/new -mtime +30-type f | xargs /bin/rm -f
# find /usr/local/apache -mtime +30-type f | xargs /bin/rm -f
# find /usr/home/admin/Maildir/new -mtime +30-type f | xargs /bin/rm -f
# find /usr/local/apache* -type f -mtime +30 -exec rm '{}' '+'
# find /home/ksucre/Maildir/new/ -mtime +50-type f | xargs /bin/rm -f
# find /usr -size +5000M
To find files older than, for example, 10 days.
# find /home/user1/Maildir/new -mtime +10
Find files older than, say, 30 minutes:
# find /tmp -mmin +30
Remove files older than x days like this
# find /path/* -mtime +x -exec rm {} \;
Postfix Useful Commands
To Check Postfix Queue
#mailq
To Check Sasl Auth
#tail -f /var/log/messages|grep sasl
To Check Posfix Logs
#tail -f /var/log/maillog|grep postfix
List of domains that are being deferred
#qshape-maia -s deferred
Checking Specific Mail From Queue
---------------------------------------
To view the full mails
#postcat -q D5EB71AEA45
If you an error postcat: fatal: open queue file D5EB71AEA45: No such file or directory, Then it means mail has been delivered or removed using postsuper
If you want to remove specific mail from queue
#postsuper -d D5EB71AEA45
Sorting Queued Mails By From Address:
# mailq | awk '/^[0-9,A-F]/ {print $7}' | sort | uniq -c | sort -n
Removing Mails Based On Sender Address
# mailq| grep '^[A-Z0-9]'|grep peggysj@msn.com|cut -f1 -d' ' |tr -d \*|postsuper -d -
or, if you have put the queue on hold, use
# mailq | awk '/^[0-9,A-F].*capitalone@mailade.com/ {print $1}' | cut -d '!' -f 1 | postsuper -d -
to remove all mails being sent using the From address “capitalone@mailade.com”.
if you want to remove all mails sent by the domain msn.com from the queue
#mailq| grep '^[A-Z0-9]'|grep @msn.com|cut -f1 -d' ' |tr -d \*|postsuper -d -
#mailq
To Check Sasl Auth
#tail -f /var/log/messages|grep sasl
To Check Posfix Logs
#tail -f /var/log/maillog|grep postfix
List of domains that are being deferred
#qshape-maia -s deferred
Checking Specific Mail From Queue
---------------------------------------
To view the full mails
#postcat -q D5EB71AEA45
If you an error postcat: fatal: open queue file D5EB71AEA45: No such file or directory, Then it means mail has been delivered or removed using postsuper
If you want to remove specific mail from queue
#postsuper -d D5EB71AEA45
Sorting Queued Mails By From Address:
# mailq | awk '/^[0-9,A-F]/ {print $7}' | sort | uniq -c | sort -n
Removing Mails Based On Sender Address
# mailq| grep '^[A-Z0-9]'|grep peggysj@msn.com|cut -f1 -d' ' |tr -d \*|postsuper -d -
or, if you have put the queue on hold, use
# mailq | awk '/^[0-9,A-F].*capitalone@mailade.com/ {print $1}' | cut -d '!' -f 1 | postsuper -d -
to remove all mails being sent using the From address “capitalone@mailade.com”.
if you want to remove all mails sent by the domain msn.com from the queue
#mailq| grep '^[A-Z0-9]'|grep @msn.com|cut -f1 -d' ' |tr -d \*|postsuper -d -
Memory Flushing Commands+PageCaches
To free dentries and inodes:
#echo 1 > /proc/sys/vm/drop_caches
To free pagecache, dentries and inodes:
#echo 2 > /proc/sys/vm/drop_caches
#echo 3 > /proc/sys/vm/drop_caches
Exim mail commands, frozen emails
To know the number of frozen mails in the mail queue, you can use the following command
#exim -bpr | grep frozen | wc -l
In order to remove all frozen mails from the Exim mail queue, use the following command
#exim -bpr | grep frozen | awk {'print $3'} | xargs exim -Mrm
You can also use the command given below to delete all frozen mails
#exiqgrep -z -i | xargs exim -Mrm
If you want to only delete frozen messages older than a day, you can try the following
#exiqgrep -zi -o 86400
where you can change the value 86400 depending on the time frame you want to keep (1 day = 86400 seconds).
#exim -bpr | grep frozen | wc -l
In order to remove all frozen mails from the Exim mail queue, use the following command
#exim -bpr | grep frozen | awk {'print $3'} | xargs exim -Mrm
You can also use the command given below to delete all frozen mails
#exiqgrep -z -i | xargs exim -Mrm
If you want to only delete frozen messages older than a day, you can try the following
#exiqgrep -zi -o 86400
where you can change the value 86400 depending on the time frame you want to keep (1 day = 86400 seconds).
Test SMTP operations using Telnet
How to test SMTP operations using Telnet
1. Telnet into Exchange server hosting IMS service using TCP port 25.
Command is telnet <servername> 25
2. Turn on local echo on your telnet client so that you can see what you are typing.
On Win 9x and NT 3.5/4.0 Telnet client this done by selecting the "preferences" from the "terminal" pull down menu, and checking the local echo radio button. For Windows 2000 telnet client, issue command "set local_echo", from the telnet command prompt.
3. Issue the following smtp command sequence
helo <your domain name><enter>
response should be as follows
250 OK
mail from: <your Email Address><enter>
response should be as follows
250 OK - mail from <your Email address>
rcpt to: <recipient address><enter>
response should be as follows
250 OK - Recipient <recipient address>
data<enter>
response should be as follows
354 Send data. End with CRLF.CRLF
To: <recipient's display name><enter>
From: <your display name><enter>
Subject: <Subject field of Email message><enter>
<Enter you body text><enter><enter> . <enter>
response should be as follows
250 OK
quit<enter>
######################################################
telnet: > telnet pop.example.com pop3
telnet: Trying 192.0.2.2...
telnet: Connected to pop.example.com.
telnet: Escape character is '^]'.
server: +OK InterMail POP3 server ready.
client: USER MyUsername
server: +OK please send PASS command
client: PASS MyPassword
server: +OK MyUsername is welcome here
client: LIST
server: +OK 1 messages
server: 1 1801
server: .
client: RETR 1
server: +OK 1801 octets
server: Return-Path: sender@example.com
server: Received: from client.example.com ([192.0.2.1])
server: by mx1.example.com with ESMTP
server: id <20040120203404.CCCC18555.mx1.example.com@client.example.com>
server: for <recipient@example.com>; Tue, 20 Jan 2004 22:34:24 +0200
server: From: sender@example.com
server: Subject: Test message
server: To: recipient@example.com
server: Message-Id: <20040120203404.CCCC18555.mx1.example.com@client.example.com>
server:
server: This is a test message.
server: .
client: DELE 1
server: +OK
client: quit
server: +OK MyUsername InterMail POP3 server signing off.
crontab examples
# run this command every minute of every day to check apache
* * * * * /var/www/devdaily.com/bin/check-apache.sh
# this command will run at 12:05, 1:05, etc.
5 * * * * /usr/bin/wget -O - -q -t 1 http://localhost/cron.php
# run the backup scripts at 4:30am
30 4 * * * /var/www/devdaily.com/bin/create-all-backups.sh
// every 5 minutes
0,5,10,15,20,25,30,35,40,45,50,55 * * * * /var/www/devdaily.com/bin/do-update.sh
# run this crontab entry every 5 minutes
*/5 * * * * /var/www/devdaily.com/bin/do-update.sh
string meaning
------ -------
@reboot Run once, at startup.
@yearly Run once a year, "0 0 1 1 *".
@annually (sames as @yearly)
@monthly Run once a month, "0 0 1 * *".
@weekly Run once a week, "0 0 * * 0".
@daily Run once a day, "0 0 * * *".
@midnight (same as @daily)
@hourly Run once an hour, "0 * * * *".
min hour mday month wday Execution time
30 0 1 1,6,12 * 00:30 Hrs on 1st of Jan, June & Dec.
0 20 * 10 1-5 8.00 PM every weekday (Mon-Fri) only in Oct.
0 0 1,10 * * midnight on 1st & 10th of month
5,10 0 10 * 1 At 12.05,12.10 every Monday & on 10th of every month
Useful FreeBSD/UNIX commands
Useful FreeBSD/UNIX commands:
#pwd Present Working Directory
#uptime Server UpTime stats & operation
#df Disk Free space
#w Who is logged on & server info
#who WHO is logged on and IP address
#last LAST users logged on and statuses
#ac ACcounting of total time logged on
#top TOP processes currently executing listed per CPU time
#ps aux
#ps ax
#uname -a
#env Shows current environment variables, including user & path
#set
#netstat
#trafshow
#cd Change the Directory that you are working in
#man Show the MANual pages for a program
#tail -300 maillog Show the TAILend of the 'maillog' file -- last 300 lines
#kill -9 PID KILLs a specific process # (PID), non-catchable, non-ignorable (-9)
#shutdown -r now ShutDown the computer, then reboot, immediately
#id
#hostname
#vmstat -w 5
#vmstat boot
#more Display a file, showing a page at a time. Show MORE by hitting 'space'.
#head
#tail
#ls -lt LiSt (-l with L_ots of info) (-t sort by time)
#ls -laTFWi LisT all info
#pwd
#users Shows which users are logged on using shell / command line
pkg_info List the packages installed
pkg_add Add a package
ftp ftp.gnu.org connects to ftp site ftp.gnu.org
Ctrl-C Cancel operation
Ctrl-S Pause operation
Alt-F1 Alternate to the 1st terminal window when using 'shell'
Alt-F2 Alternate to the 2nd terminal window when using 'shell'
FIND (starting in root dir) "nameoffile" or anything begining with that
#find / -name "name_of_file*"
FIND files modified within last day:
#find / -mtime -1 -print
FIND files modified over 5 days ago:
#find / -mtime +5 -print
Compress a log file, then mail as an attachment
#gzip -c access_log.processed -v > access_log.processed.gz; ls -lt
#uuencode access_log.processed.gz DOMAIN.com.log.gz | mail -s "DOMAIN.com Log File" SomeEmail@xyz.com
Or inline:
#mail -s "Some Text File" email@domain.com < file.log
LiSt files with all info R = recurse subdirs. Takes 3 hours!
#ls -laTFWiR
Change the owner to 'userowner' of directory 'somedirectory'
#chown userowner somedirectory
Show brief statistics about qmail
#/usr/local/psa/qmail/bin/qmail-qstat
Show the summary info for EACH email in qmail queue
#/usr/local/psa/qmail/bin/qmail-qread
#pwd Present Working Directory
#uptime Server UpTime stats & operation
#df Disk Free space
#w Who is logged on & server info
#who WHO is logged on and IP address
#last LAST users logged on and statuses
#ac ACcounting of total time logged on
#top TOP processes currently executing listed per CPU time
#ps aux
#ps ax
#uname -a
#env Shows current environment variables, including user & path
#set
#netstat
#trafshow
#cd Change the Directory that you are working in
#man Show the MANual pages for a program
#tail -300 maillog Show the TAILend of the 'maillog' file -- last 300 lines
#kill -9 PID KILLs a specific process # (PID), non-catchable, non-ignorable (-9)
#shutdown -r now ShutDown the computer, then reboot, immediately
#id
#hostname
#vmstat -w 5
#vmstat boot
#more Display a file, showing a page at a time. Show MORE by hitting 'space'.
#head
#tail
#ls -lt LiSt (-l with L_ots of info) (-t sort by time)
#ls -laTFWi LisT all info
#pwd
#users Shows which users are logged on using shell / command line
pkg_info List the packages installed
pkg_add Add a package
ftp ftp.gnu.org connects to ftp site ftp.gnu.org
Ctrl-C Cancel operation
Ctrl-S Pause operation
Alt-F1 Alternate to the 1st terminal window when using 'shell'
Alt-F2 Alternate to the 2nd terminal window when using 'shell'
FIND (starting in root dir) "nameoffile" or anything begining with that
#find / -name "name_of_file*"
FIND files modified within last day:
#find / -mtime -1 -print
FIND files modified over 5 days ago:
#find / -mtime +5 -print
Compress a log file, then mail as an attachment
#gzip -c access_log.processed -v > access_log.processed.gz; ls -lt
#uuencode access_log.processed.gz DOMAIN.com.log.gz | mail -s "DOMAIN.com Log File" SomeEmail@xyz.com
Or inline:
#mail -s "Some Text File" email@domain.com < file.log
LiSt files with all info R = recurse subdirs. Takes 3 hours!
#ls -laTFWiR
Change the owner to 'userowner' of directory 'somedirectory'
#chown userowner somedirectory
Show brief statistics about qmail
#/usr/local/psa/qmail/bin/qmail-qstat
Show the summary info for EACH email in qmail queue
#/usr/local/psa/qmail/bin/qmail-qread
Email Server in details
What you Need
- Linux Server with Centos 4/5 (VPS or Dedicated)
- Apache 2 with PHP4 or later
- Postfix (SMTP server or MTA)
- Dovecot ( IMAP/POP3 server)
- Squirrelmail (A free Webmail)
What you should know?
1. DNS Entry for your mail server with MX record
2. Setup an SPF record (see openspf.org
)
3. Setup Domain Name Keys
4 . Reverse IP for your Mail Server
Install Postfix (SMTP Server/MTA)
#yum remove sendmail
#yum install postfix
#vi /etc/postfix/main.cf
myhost= mail.example.com
mydomain = example.com
myorigin = $mydomain
inet_interfaces = all
mydestination = $myhostname, $mydomain
NOTE: Make sure you uncomment inet_interfaces = localhost
Setting up SASL + TLS
We have to also setup SASL with our postfix to authenticate our users who want to send email outside of the permitted network.
#vi /etc/postfix/main.cf
add the following lines
smtpd_sasl_auth_enable = yes
smtpd_recipient_restrictions = permit_mynetworks,permit_sasl_authenticated,reject_unauth_destina tion
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
Install Dovecot (POP3/IMAP Server)
Dovecot is a very popular POP3/IMAP server. The main difference between POP3 and IMAP is while accessing the your email with outlook if you use POP3 the mail is downloaded to your computer and deleted from the server. With IMAP the mail is retained in the server. IF any problem occurs while downloading the emails are lost with POP3. The configuration file is located at
#vi /etc/dovecot.conf
#yum install dovecot
#vi /etc/dovecot.conf
protocols = imap imaps pop3 pop3s
Look for the line auth default and make these changes
auth default {
mechanisms = plain login
passdb pam {
}
userdb passwd {
}
socket listen {
client {
path = /var/spool/postfix/private/auth
mode = 0660
user = postfix
group = postfix
}
}
}
Install Squirrelmail
#yum install squirrelmail
To setup the squirrelmail under apache, open /etc/httpd/conf/httpd.conf and insert the following lines
Alias /squirrelmail /usr/local/squirrelmail/www
<Directory /usr/local/squirrelmail/www>
Options Indexes
AllowOverride none
DirectoryIndex index.php
Order allow,deny
allow from all
</Directory>
The squirrelmail configuration utility is located in /usr/share/squirrelmail/config/conf.pl. Run the configuration utility and set the server settings to SMTP and change your domain name to example.com
/usr/share/squirrelmail/config/conf.pl
Before you access squirrelmail or mail restart all the services
#/etc/init.d/postfix start
#/etc/init.d/dovecot start
#/etc/init.d/saslauthd start
#service httpd restart
To access squirrelmail point your browser to
http://www.domain.com/webmail
Create Local Users
#adduser john
#passwd john
Using Outlook Express
Email: john@domain.com
Incoming POP3 settings: mail.domain.com
Outgoing POP3 settings: mail.domain.com
UserName: john
Password: xxxx
NOTE: Before sending any outgoing email with outlook, make sure you tick the My server requires authentication under server settings.
How do i test whether mail server is working or not?
The simplest way to check for your mail server working is enter your domain in pingability.com or dnsstuff.com and check for the errors. You may also want to find if it is not open relay. Check your log file /var/log/maillog for any errors as well.
Another way to test your mail server is using telnet. You will get output like the one below.
> telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 mail.simplegerman.com ESMTP Postfix
ehlo simplegerman.com
250-mail.simplegerman.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-AUTH PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
NOTE: If you are using firewall make sure you dont block mail server ports
Subscribe to:
Posts (Atom)