Showing posts with label servises. Show all posts
Showing posts with label servises. Show all posts

Jan 14, 2013

Run a specific command as root without root password

In most Linux/Unix systems users need special privileges to run some command. Specially to stop a service, mount a device likewise. In these scenarios most old Linux/Unix systems used the command 'su -'. But this command requires the root users password. Sharing a root password with other users is not a good practice. Therefore, we need to use some other way to do this task.

'Sudo' command allows non-privileged users to run various commands as a root user without the root password. Root user can specify which user or the user group can run command(s) as root or any other user. Those information will be saved in a configurations file in '/etc/sudoers'. But I strongly advice you not to edit that file directly. Because if there is an error, that will cause a system malfunctioning. The best way to do these changes is to use the 'visudo' command. Though you edit the same file via this command, it will check the syntax before it save those changes to the configurations file permanently.

For an example, think that there is a Linux based proxy server running on your office environment. Normally you do lots of changes upon requests. (It's not a very good practice.) So you want to get the help of a new trainee person to handle the proxy server. But there are few problems. One is you need to restart the proxy service to activate a configuration change. And also you may have some other services running on the same host server. So the server is critical but you need to provide some high level privileges to a non-experienced user.

Now you need to provide some high privileges to the user but only to run some identified commands. According to the example you need to provide privileges to edit the "squid.conf" file, restart the squid service. So you can do this things in many different ways on the "sudoes" file.

Run 'visudo' and go to the line "root  ALL=(ALL) ALL". Add those commands on the next line.

bob squidhost= NOPASSWD: /usr/bin/vim /etc/squid/squid.conf, /sbin/service squid

In the first part you need to set the user name. In this case it's Bob. If you want to set a group you need to add a "%" sign in front of the group name.

Oh the second part you need to specify the hostname.

Then you can add " NOPASSWD: " in between the equal (=) sign and the command to not to ask the password when the user run that command. If you remove that, system will ask user to give the his/her password each time he/she runs a command out of these.

Then you can specify commands that you need to provide to the user. Absolute path is required when specifying commands and configuration files.











Jan 9, 2013

Install Key Management Service (KMS)

In windows, when ever you install a new software you need to activate it with Microsoft over the internet. In a large network doing that is a hard work. Most of the time large organizations use 'Volume License' when they purchase Microsoft products. Then managing those volume license is another problem. We can use this Key Management Service to handle this problem.

First of all you need to get the KMS key from your "Microsoft Volume License Service Center". Assume that we are going to install KMS in a windows server 2008 R2 which is almost in the domain and logged in as a domain administrator. (If not, you need to add a DNS entry to the DNS server manually) Then you need to locate the KMS key "Windows Server 2008 Std/Ent KMS B".

Then log in to that server and try to change the product key to this KMS B key by doing this.
Right click on "My Computer" -> Properties. Click on 'Change Product Key" link. It will open another window. You can add the "KMS B" key in to that and continue it.It will give a warning saying that "You have entered a Key Management Service Key ... ". Click on OK on that.

Then you need to open the KMS port on the local firewall to the domain.To do that, open the windows firewall and select "Allow programs to communicate through windows firewall" and set the "Key Management Service" tick. Then press OK button to save the changed settings.

Now you have almost install the KMS. To verify the installation we can type;

nslookup -type=srv _vlmcs._tcp

in a client machine. If it gives the correct IP/domain address of the KMS installation system you have successfully install the key management service for your network.

Now you can use these (http://technet.microsoft.com/en-us/library/ff793421.aspx) KMS dummy keys to active other clients using this installed KMS service.

Note: You have to have at least the minimum number of computers of virtual instances to use this service. We can get those activation thresholds details from: http://technet.microsoft.com/en-us/library/ff793434.aspx