NOTE: the first part of the command (up to '&&') hides the clear text password from the history file!
history -d $((HISTCMD -1)) && perl -e 'print crypt("new password", rand(100))'
history -d $((HISTCMD -1)) && echo USERNAME:`perl -e 'print crypt("new password", rand(100))'`
To change passwords on multiple servers. Take the above output and run it through a for loop:
for i in server1 server2 server3; do ssh $i "echo OUTPUT | chpasswd -e"; done
Access permissions for files and folders mean different things from the user standpoint. The table below shows the difference.
| Access type | File | Folder |
|---|---|---|
| Read (4) | If the file contents can be read | If the directory listing can be obtained |
| Write (2) | If user or process can write to the file (change its contents) | If user or process can change directory contents somehow: create new or delete existing files in the directory or rename files. |
| Execute (1) | If the file can be executed | If user or process can access the directory, that is, go to it (make it to be the current working directory) |
| SUID (4xxx) | Executes the file as owner | n/a |
| SGID (2xxx) | n/a | Creates new files and folders with group owner |
| Set: | chattr +i some_file |
| Unset: | chattr -i some_file |
| List: | lsattr some_file |
Linux enforces password complexity using pam_cracklib. Note the following rules when having issues creating or changing passwords:
Disabling SELinux Edit /etc/selinux/config and reboot
RHEL5
sealert -a /var/log/audit/audit.log
By default sudo caches password for 5 minutes.
Add the following to /etc/sudoers:
Defaults:uptagent !requiretty
Add the following to /etc/sudoers to allow users in NAMED_GROUP to start/stop myservice as root and run any command as myuser:
User_Alias NAMED_GROUP=user1,user2
Cmnd_Alias COMMAND_GROUP=/etc/init.d/myservice,/bin/vi /etc/service.conf
NAMED_GROUP ALL=(root)NOPASSWD:COMMAND_GROUP
NAMED_GROUP ALL=(myuser)NOPASSWD:ALL