linux – Page 4

Special File Permissions in linux setuid, setgid, sticky bit

setuid permission:

When program is executed with setuid permission it will executed as owner of that program.

-rwsr-xr-x. 1 root root 27856 Aug  9  2019 /usr/bin/passwd

as passwd has setuid set that’s why normal user can reset their password

#exec will be as owner user
chmod u+s  file_name 

#exec will be as owner user
chmod 4750   file_name

setgid permission:

When program is executed with setgid permission it will executed as group owner of that program.

-r-xr-sr-x. 1 root tty 15344 Jun 10  2014 /usr/bin/wall

as wall has setgid enabled it has all the permission as group tty has.

chmod u+g  file_name 
chmod 2700   file_name

Sticky bit:

Owner of files and directory and root can only delete the file when sticky bit is set.

drwxrwxrwt.  16 root root 4096 Oct 10 10:10 tmp

all linux /tmp directory has sticky bit enabled.

chmod +t /tmp

NOTE: Capital S,T displayed when user does not have execute permission on that file

Check tcp port with BASH and CURL

WHY?
– If telnet command is not present on system
– Easy to use

BASH:

ECHO:

#1
echo > /dev/tcp/192.168.0.183/22

#2
echo > /dev/tcp/192.168.0.183/22 && echo "open"

#3
echo > /dev/tcp/192.168.0.183/22 && echo "open" || echo "close"

#4
(echo > /dev/tcp/192.168.0.183/22)  > /dev/null 2>&1 && echo "open" || echo "close"

CAT:

cat < /dev/tcp/192.168.0.183/22

CURL:

curl -v telnet://192.168.0.183:22

curl -v telnet://hackfi.initedit.com:80

Named pipe in linux

Why to use named pipe?
1. No data is written on disk while reading and writing file
2. Screen sharing
3. Higher read write IO

Screen sharing with named pipe

terminal-1

mkfifo /tmp/pipe1

terminal-1

script -f /tmp/pipe1

terminal-2

cat /tmp/pipe1

terminal-1 start typing the command it will be shown in terminal-2

find high disk IO Read/Write process

1.Install iotop

#centos/readhat
yum install iotop

#debian/ubuntu
apt install iotop

2.Run below command to check high disk io process

iotop -aoP

a = append data o = only running disk IO P = process ID instead of Thread ID

3.Get the process ID

lsof -p Process_id

HAproxy configuration on docker

1.Install docker

yum install docker

systemctl enable docker
systemctl start docker

2. Run haproxy docker images with with persistent volume

mkdir /opt/haproxy

#and move the haproxy.cfg  inside /opt/haproxy

docker run -d -p 8888:8888 -p 8404:8404 -v /opt/haproxy:/usr/local/etc/haproxy:Z haproxy

3. haproxy.cfg

global
	daemon
	maxconn 256

defaults
    timeout connect 10s
    timeout client 30s
    timeout server 30s
    log global
    mode http
    option httplog
    maxconn 3000

frontend stats
	bind *:8404
	stats enable
	stats uri /stats
	stats refresh 10s

frontend app1
	bind *:80
	default_backend app1_backend

backend app1_backend
	server server1 192.168.0.151:8080 maxconn 32
	server server1 192.168.0.152:8080 maxconn 32
	server server1 192.168.0.153:8080 maxconn 32

docker-compose file

version: '3'
services:
  haproxy:
    image: haproxy
    ports:
     - 80:80
     - 8404:8404
    volumes:
     - /opt/haproxy:/usr/local/etc/haproxy

NFS server in linux

apt-get install nfs-kernel-server
systemctl start nfs-server
systemctl enable nfs-server

yum install nfs-utils - for centos
systemctl enable rpcbind
systemctl enable nfs-server
systemctl start rpcbind
systemctl start nfs-server

nano /etc/exports
### For specific ip
/var/html 192.168.0.150(rw,sync,no_root_squash)
### For all ip
/var/html *(rw,sync,no_root_squash)

exportfs -r
exportfs -a
exportfs  

mount -t nfs 192.168.0.150:/var/html  /var/html

###  for showing mounts available 
showmount -e 192.168.0.150