Add new users in linux and provide appropriate permissions using groups

Add new users in linux and provide appropriate permissions using groups

Why the need to add new users in linux? Well, we often work on a project with a large team having number of developers coding, deploying the code to the server constantly. Most of the team i have noticed uses single ssh key to log into the server. And that is definitely a security concern. Suppose if key gets compromised from one of the developer’s system during a hack or something, then your app can be hacked easily, which i am sure no team want.

How to AVOID This:

To avoid this situation, we can easily setup different linux users with different ssh keys to login with restricted access. This way even if one of the keys are compromised you won’t lose your server access and you can just delete user with ease.

Steps to Create linux users:
  • Login to server user root user, assuming root user is ec2-user.
  • Use the following adduser command to add the newuser account to the system (with an entry in the /etc/passwd file). This command also creates a group and a home directory for the account.
    [ec2-user ~]$ sudo adduser 

    [Ubuntu] When adding a user to an Ubuntu system, include the --disabled-passwordoption with this command to avoid adding a password to the account.

    [ubuntu ~]$ sudo adduser newuser --disabled-password
  • Switch to the new account so that newly created files have the proper ownership.
    [ec2-user ~]$ sudo su - newuser 
    [newuser ~]$

    Notice that the prompt changes from ec2-user to newuser to indicate that you have switched the shell session to the new account.

  • Create a .ssh directory in the newuser home directory and change its file permissions to 700 (only the owner can read, write, or open the directory).
    [newuser ~]$ mkdir .ssh 
    [newuser ~]$ chmod 700 .ssh

    Important: Without these exact file permissions, the user will not be able to log in.

  • Create a file named authorized_keys in the .ssh directory and change its file permissions to 600 (only the owner can read or write to the file).
    [newuser ~]$ touch .ssh/authorized_keys 
    [newuser ~]$ chmod 600 .ssh/authorized_keys

    Important: Without these exact file permissions, the user will not be able to log in.

  • Open the authorized_keys file using your favorite text editor (such as vim or nano).
    [newuser ~]$ nano .ssh/authorized_keys

    Paste the public key for your key pair into the file and save the changes. For example:

    ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQClKsfkNkuSevGj3eYhCe53pcjqP3maAhDFcvBS7O6V
    hz2ItxCih+PnDSUaw+WNQn/mZphTk/a/gU8jEzoOWbkM4yxyb/wB96xbiFveSFJuOp/d6RJhJOI0iBXr
    lsLnBItntckiJ7FbtxJMXLvvwJryDUilBMTjYtwB+QhYXUMOzce5Pjz5/i8SeJtjnV3iAoG/cQk+0FzZ
    qaeJAAHco+CY/5WrUBkrHmFJr6HcXkvJdWPkYQS3xqC0+FmUZofz221CBt5IMucxXPkX4rWi+z7wB3Rb
    BQoQzd8v7yeb7OzlPnWOyN0qFU0XA246RA8QFYiCNYwI3f05p6KLxEXAMPLE

    The user should now be able to log into the newuser account on your instance using the private key that corresponds to the public key that you added to the authorized_keys file.

    So this was easy right?

To remove a user from the system

If a user account is no longer needed, you can remove that account so that it may no longer be used. When you specify the -r option, the user’s home directory and mail spool are deleted. To keep the user’s home directory and mail spool, omit the -r option.

[ec2-user ~]$ sudo userdel -r olduser

Now we need to setup appropriate permissions to our newly create user. This can be done by creating linux group.

Steps to PROVIDE READ/WRITE permissions on a folder to a linux user:
  • Create a new group:
    sudo groupadd newgroup
  • Add new user to this new group:
    sudo usermod -a -G newgroup newuser

     

  • Add group read/write permission to the directory which you want this new user to edit:
    sudo chgrp -R newgroup /var/www/newuser
  • sudo chmod 775 -R /var/www/newuser

And you are done.


How to update your wordpress plugin in easy steps

Updating your wordpress plugin can be confusing if you’re doing it the first time. It’s easy but can be confusing if you don’t know the right steps.

So here is the step by step process to do it right and quickly without any confusion:

  1. Make the changes in the code in your plugin code.
  2. Test the plugin on a test environment before pushing to your Github repository. Assuming you have one.
  3. Once tested, edit readme.txt. Update change log, version and stable tag.
  4. Once readme.txt has been updated, update version in your plugin’s main file for example: plugin-name.php.
  5. Once done push the changes to your git repository.
  6. Create a release in github. So if version number you are upgrading to is 1.0.1 then create a release with the title “Version 1.0.1”, update the changes in the description, and save it.
  7. Now we are good with the changes, let’s clone the wordpress plugin svn repo on your system. Repository url will be like this: https://plugins.svn.wordpress.org/your-plugin-name. You can use any SVN client for the same.
  8. In your SVN repository, go to tags folder, and create a new folder with the name same as version number. So in our case it will be 1.0.1 given version number we are upgrading to is 1.0.1.
  9. Put the latest code with all the change we made in this newly created folder.
  10. Now go to trunk folder in the root folder of your SVN repository, delete everything from there and put the latest code.
  11. Once done, commit the repository back to your WordPress SVN repository.
  12. Now go to WordPress plugin page and check if version is up and test it on your blog.

How easy was that.


How to create a Chrome extension to show meta tags used on a webpage in 5 easy steps

I was wondering the other day if developing a chrome extension is a difficult task. I see thousands of extensions available on chrome web store to make our life easy, but is it really difficult to develop one. There was only one way to find out. It was to actually try and develop one myself.

Best place to learn everything about developing an extension and making your self-familiarize with technical terms is Chrome’s official developer site. After reading all about it, you will realize that you can create new extensions for Chrome with those core technologies that you’re already familiar with from web development: HTML, CSS, and JavaScript. If you’ve ever built a web page, you should feel right at home with extensions pretty quickly.

I opted to create an extension to show meta tags used on a web page. If you are not tech savvy and are not familiar with how to view those, this can be very helpful. To create an extension you need to follow these steps: Continue reading “How to create a Chrome extension to show meta tags used on a webpage in 5 easy steps”


Using IBM Watson’s Discovery Service to get fresh content

Fresh content on a website serves multiple purposes, including keeping you in the search engine loop. Updating your site is just as important to search engines as it is to your visitors. Search engines generally give high praises to websites that offer new information and sources for search requests. However, being desirable to search engines is not the only reason to update your site frequently.

We often find it hard to get fresh content for our website. We have to go through tonnes of websites, blog articles and much more to get a decent amount of content to share on our website. Continue reading “Using IBM Watson’s Discovery Service to get fresh content”


Important Linux + ubuntu + centos commands

We daily come across in need of various Linux + ubuntu + centos commands while updating our server and it becomes hard to remember each and every command by tips. So i thought of adding all commands at one place.

  1. Linux version : cat /etc/*elease
  2. Check if linux is 32 Bit or 64 Bit : cat /etc/*elease
  3. Connect to mysql using command line : mysql -u username -pPassword
  4. Backup mysql table in a file on server: mysql -u username -p --database=your_dbname --host=your_hostname --port=3306 --batch -e "select * from table_name" | sed 's/\t/","/g;s/^/"/;s/$/"/;s/\n//g' > your_backup_filename
  5. Current disk usage:  df -h
  6. Memory usage: free -m
  7. Delete folder and files in it:  rm -rf folder-name
  8. Check log activity: tail -f *path-to-log*. Eg: tail -f /var/log/apache2/error.log
  9. Enable any module: sudo a2enmod *module-name*. Eg: sudo a2enmod rewrite
  10. Zip file: sudo zip -r file.zip folder/
  11. To list the largest directories from the current directory in human readable format: du -sh * | sort -hr | head -n10
  12. To Recursively list all files in a directory including files in symlink directories: find -follow
  13. List all users in linux: cat /etc/passwd
  14. Add a linux user: sudo adduser newuser
  15. Delete a linux user: sudo userdel -r olduser
  16. Create Swap memory in linux:
    1. Command 1: sudo dd if=/dev/zero of=/swapfile bs=1G count=4
    2. Command 2: sudo chmod 600 /swapfile
    3. Command 3: sudo mkswap /swapfile
  17. Unzip file:If the unzip command isn’t already installed on your system, then run:
    1. Install unzipsudo apt-get install unzip
    2. After installing the unzip utility, if you want to extract to a particular destination folder, you can useunzip file.zip -d destination_folder

Using percona with AWS RDS – Editing Big DB tables

I recently had a situation where i had to alter huge tables(having >3 Million records). Normally we go with standard process of altering the table, you go to SQL editor, type in your SQL command, execute it and table is altered. But when it comes to huge tables, you may want to alter your approach.

There are 2 ways to alter big table:

  1. Create a new table(copy of original table), make necessary changes to schema, stop the original table to store new data, copy the original table data to new table, rename tables. And we are done.
    Note : when you have table constantly changing then going with this option is not ideal. It will result in data loss and inconvenience for the users.
  2. Use Percona toolkit

Percona is a reliable tool to alter your tables without any data loss and minimum downtime(almost 0 minutes). Percona doesn’t stop alter, modify options while running, and takes into account the changes done while it is performing the operation. Continue reading “Using percona with AWS RDS – Editing Big DB tables”