Permission denied error when trying to update a user’s password: passwd

We’re now talking about a rare or some common error encountered by sys admins or network peeps in office or say at home doing there daily chores on there respected Linux box. Here is what I’ve found as per my readers request:

When I try to run

sudo passwd USERNAME

I get the error:

root@hostname:~# sudo passwd USERNAME passwd:Permission denied passwd:password unchanged root@hostname:~#

When I try to do the steps for the “The Drastic Measures”, I notice that the shadow file does not show what would usually indicate an encrypted password for the user. Hence it becomes impossible for me in order to change or set a new password like.

Solution:

vi /etc/pam.d/common-password
password        [success=3 default=ignore]      
pam_unix.so obscure sha512

Change it to “success=2”

/*_*\

How to Speed Up Ubuntu the easy way

We all know that Ubuntu is used by millions of folks out there but yet it is still considered to be more faster and malware prone to it’s counterpart Windows and perhaps Mac too. Here we shall be discussing an easy way to get a basic Workstation and not sever in general up and zipping along at blazing speed for an LTS release as well as not-LTS for every Tom and Joe out there. So as Anglehit explains here we go,

Remove old files

It is always a fair practice to keep free space in your hard drive so that your machine can always work at it’s best performance. As and when the fresh install of Ubuntu gets older, the residues keep on accumulating and eventually it starts eating up space on your HDD. Hence run this command and have fun. Note this is to be considered once and after like 4 month Ubuntu installed old machine which is not yet made up for the maintenance and we are not using any third party tools like Bleach Bit etc.

sudo apt-get clean

This shall not remove any applications which are running or installed. After you run this the most important command is down here

sudo apt-get autoremove

It shall show you which all files are to be removed and post that hit Y.

Install Preload

In computer science “Preloading” means keeping necessary files in the RAM. This is many fold times faster than keeping the files on the hard disk. Make sure after you run this restart this machine and login this shall reduce your start-up time drastically.

sudo apt-get install preload

Increase SWAP space(file paging)

We all Linux freaks are aware of what swap space is and what it is like to have more. The more resource hog your machine is the better it is to have swap space, even though there is a rule of thumb. Note that set it what you actually shall need and the rest is good to go with. For me this is what i adhere to, as shown above.

Monitor your Startup apps

Linux always is light on resources and tries not to be a resource hog on your machine. But still there can be bloatware and few new apps here and there which might be sucking and draining resources. You may use the GUI app called “Startup Applications” in Gnome menu or use the command line

service --status-all

to stop running few services

sudo service <name> stop

to delete an unwanted or unused program of choice

sudo apt-get remove <program name>

Use light-weight GUI / desktops

If you’re paranoid about the RAM and disk management systems and want to switch to or consider a lighter alternative than LXDE can come to save you, this is still better and my favorite, hence Anglehit recommends this desktop GUI.

sudo apt-get install lubuntu-desktop
Finally not to be mentioned keep the system updated and to the latest release if possible for the LTS folks be on the point release and that is a good way and a fair practice as well. 

Before I log out from this machine, just a note. Do restart your machine at least few times a week so that the updates can be applied and the patches get stitched and well integrated and everything falls in place. I know for developers and bloggers out there, this might be a lil harsh, but yes the above mentioned things does help for a Ubuntu Workstation, desktop lovers like me, so I think this shall work for you folks out there as well.

Have fun with fast and zippy Ubuntuing !

Port Forwarding Via SSH on Fedora

About ports as Anglehit explains

A standard Linux system has a set of network ports already assigned, from 0-65535. Your system reserves ports up to 1023 for system use. In many systems you can’t elect to use one of these low-numbered ports. Quite a few ports are commonly expected to run specific services. You can find these defined in your system’s /etc/services file.

You can think of a network port like a physical port or jack to which you can connect a cable. When you connect to a remote system, such as with a web browser, you are also “wiring” your browser to a port on your host. This is usually a random high port number, such as 54001. The port on your host connects to the port on the remote host, such as 443 to reach its secure web server.

So why use port forwarding when you have so many ports available? Here are a couple common cases in the life you me and the developer community.

Local port forwarding

Imagine that you are doing web development on a remote system called remote.abc.com. You usually reach this system via ssh but it’s behind a firewall that allows very little additional access, and blocks most other ports. To try out your web app, it’s helpful to be able to use your web browser to point to the remote system. But you can’t reach it via the normal method of typing the URL in your browser, thanks to that pesky firewall.

Local forwarding allows you to tunnel a port available via the remote system through your ssh connection. The port appears as a local port on your system (thus “local forwarding.”)

Let’s say your web app is running on port 8000 on the remote.abc.com box. To locally forward that system’s port 8000 to your system’s port 8000, use the -L option with ssh when you start your session:

$ ssh -L 8000:localhost:8000 remote.abc.com

Wait, why did we use localhost as the target for forwarding? It’s because from the perspective of remote.example.com, you’re asking the host to use its own port 8000. (Recall that any host usually can refer to itself as localhost to connect to itself via a network connection.) That port now connects to your system’s port 8000. Once the ssh session is ready, keep it open, and you can type http://localhost:8000 in your browser to see your web app. The traffic between systems now travels securely over an ssh tunnel!

If you have a sharp eye, you may have noticed something. What if we used a different hostname than localhost for the remote.abc.com to forward? If it can reach a port on another system on its network, it usually can forward that port just as easily. For example, say you wanted to reach a MongoDB or RabbitMQ service on the db.abc.com box also on the remote network. This service typically runs on port 3306. So you could forward it with this command, even if you can’t ssh to the actual db.abc.com host:

$ ssh -L 3306:db.abc.com:3306 remote.abc.com

Now you can run MongoDB commands against your localhost and you’re actually using the db.abc.com box.

Remote port forwarding

Remote forwarding lets you do things the opposite way. Imagine you’re designing a web app for a friend at the office, and want to show them your work. Unfortunately, though, you’re working in a coffee shop, and because of the network setup, they can’t reach your laptop via a network connection. However, you both use the remote.abc.com system at the office and you can still log in there. Your web app seems to be running well on port 5000 locally.

Remote port forwarding lets you tunnel a port from your local system through your ssh connection, and make it available on the remote system. Just use the -R option when you start your ssh session:

$ ssh -R 6000:localhost:5000 remote.abc.com

Now when your friend inside the corporate firewall runs their browser, they can point it at http://remote.abc.com:6000 and see your work. And as in the local port forwarding example, the communications travel securely over your ssh session.

By default the sshd daemon running on a host is set so that only that host can connect to its remote forwarded ports. Let’s say your friend wanted to be able to let people on other example.com corporate hosts see your work, and they weren’t on remote.example.com itself. You’d need the owner of the remote.example.com host to add one of these options to /etc/ssh/sshd_config on that box:

GatewayPorts yes       # OR
GatewayPorts clientspecified

The first option means remote forwarded ports are available on all the network interfaces on remote.abc.com. The second means that the client who sets up the tunnel gets to choose the address. This option is set to no by default.

With this option, you as the ssh client must still specify the interfaces on which the forwarded port on your side can be shared. Do this by adding a network specification before the local port. There are several ways to do this, including the following:

$ ssh -R *:6000:localhost:5000                   # all networks
$ ssh -R 0.0.0.0:6000:localhost:5000             # all networks
$ ssh -R 192.168.1.15:6000:localhost:5000        # single network
$ ssh -R remote.example.com:6000:localhost:5000  # single network

$ man sshd_config

The above one is just food for thought, the man sshd config command

Finally, remember port forwarding only happens as long as the controlling ssh session is open. If you need to keep the forwarding active for a long period, try running the session in the background using the -N option. Make sure your console is locked to prevent tampering while you’re away from it. That’s it for now

Thanks for reading and have a great weekend !

Setup and Configure an anonymous FTP download server in Fedora/Red Hat/CentOS

In general, an implementation of an FTP server that allows anyone who can use FTP to log on to the server, using a general username and without a password check. So we now know that, FTP is built on a client-server model architecture using separate control and data connections between the client and the server. FTP users may authenticate themselves with a clear-text sign-in protocol, normally in the form of a username and password, but can connect anonymously if the server is configured to allow it. For secure transmission that protects the username and password, and encrypts the content, FTP is often secured with SSL/TLS (FTPS) or replaced with SSH File Transfer Protocol (SFTP). So as Anglehit explains

In this example we’re strictly confined to vsftp server.

Installing and configuring the anonymous FTP server

Install the vsftp server via root

$ sudo dnf install vsftpd

Enable the vsftp server.

$ sudo systemctl enable vsftpd

Next, edit your /etc/vsftpd/vsftpd.conf file to allow anonymous downloads. Make sure you have the following entries.

anonymous_enable=YES

For anonymous login permissions. If enabled, both the usernames ftp and anonymous are recognized as anonymous logins, by default

local_enable=NO

This option controls whether local logins are permitted.

write_enable=NO

This option controls whether any FTP commands which change the filesystem are allowed or not

no_anon_password=YES

When enabled, vsftpd from asking for an anonymous password. With this setting, the anonymous user will log straight in without one.

hide_ids=YES

Enable this option to display all user and group information in directory listings as ftp.

pasv_min_port=40000
pasv_max_port=40001

Finally, these options set the minimum and maximum port to allocate for PASV style data connections. Use them to specify a narrow port range to assist firewalling. You should choose a range for ports that aren’t currently in use. This example uses port 40000-40001 to limit the ports to a range of 1.

Final steps

Now that you’ve set the options, add the appropriate firewall rules to allow vsftp connections along with the passive port range you specified.

$ firewall-cmd --add-service=ftp --perm
$ firewall-cmd --add-port=40000-40001/tcp --perm
$ firewall-cmd --reload

Next, configure SELinux to allow passive FTP:

$ setsebool -P ftpd_use_passive_mode on

And finally, start the vsftp server:

$ systemctl start vsftpd

At this point you have a working FTP server. Place the content you want to offer in /var/ftp. (Generally, Sys Admins put publicly downloadable content under /var/ftp/pub.) Now you can connect to your server using an FTP client on another system.

Enjoy your deployment, Cheers !

Fixing Setting Up Arduino Uno IDE error on Ubuntu

Ubuntu is pretty awesome and I am loving it. I just want to burn a code to my Arduino Uno. When uploading the code, there’s an error message saying, Serial Port COM1 not fount found. Did you select the correct one from tools -> serial port menu?. Now, visiting the tools, I can’t select serial port because it is disabled. I am attaching a screen-shot of how it looks. I have done something similar in windows. How to find the serial port on Ubuntu?

Answer

COM1 is a Windows(TM) designation – it will look like /dev/ttyACM0, /dev/ttyUSB0 or similar in Linux.

Greyed out port tends to mean you haven’t set the board type first – go through the settings in arduino Tools menu & set board to ‘Uno’, you should see the ‘port’ enable & auto-fill as well, most likely.

— OR —

In case you’re using version 1.X of arduino IDE, I assume that you installed the one in the apt repositories.You can either try to install one from the snapcraft or the one from arduino’s website.

Also either the case you can try to loon on Tools->Port if exists a port that is not a /dev/ttyS0 one. Try to play with these options. Finally by searching on dmesg you can find out which port has been located for arduno as well.

Finally an another approach is to unplug your arduino plug it again and type the following command:

dmesg | tail

In order to record the last event as the one that happens when arduino is plugged in to a usb port. The command above will show you the correct port.

For better results you can try this

  dmesg | tail -f

And continioulsy plug and unplug the arduino from the usp port till you see any arduino related message. The -f parameter allows to show realtime the new logs.

Fastest way to format External drives on Ubuntu and its Derivatives

Let’s talk about a little less complicated and a casual way though powerful enough to get the job done. Yes we’re considering a task to format or perhaps make a bootable drive USB here, for command line freaks you may read here.

Gparted the Gnome by defacto tool for disk related chores for Joe, Tom and folks a like a tool so powerful which can even make a newbie & a seasoned user more confident, before doing any changes to the core system.

I’ve used this tool for a decade now and as of now testing on my Eoan Ermine, Gnome 3.34 the latest at the time of writing and I’ve already installed it via the default Ubuntu Software, but you may get the package from elsewhere that’s fine as far as it’s stabe and does the work for you. Snap pack, Fine ! Flatpak, Cool!! .deb package, shall do = > Your mileage may vary Joe.

Now let us get into the business, insert your external flash, usb or pen drive and just let the tool run, after that select the drive via dropdown from the top left hand corner and you’re good to go.

Now just select the partion wherein you wish to erase as per se format and select via GUI those comfortable anxiety free buttons and keep rolling.

Enjoy ! rest all is self explanatory, the tool is intuitive in itself IMO.

How to recover deleted “dpkg” directory in Debian or Ubuntu

Question:

Unfortunately I’ve deleted dpkg directory while removing the lock. By mistake I typed

root@akupedia:~$ rm -r /var/lib/dpkg

Now when I am trying to install/uninstall packages it shows me following error.

E: Could not open lock file /var/lib/dpkg/lock - open (2: No such file or directory)

What should I do now?

Solution:

root + rm + -r = disaster

So let us begin step by step?

ls -l /var/lib/dpkg/
total 9964
drwxr-xr-x 2 root root    4096 nov 28 11:18 alternatives
-rw-r--r-- 1 root root      11 sep 18 14:08 arch
-rw-r--r-- 1 root root 2573807 nov 28 11:18 available
-rw-r--r-- 1 root root 2561322 nov 28 10:25 available-old
-rw-r--r-- 1 root root       8 abr 24  2013 cmethopt
-rw-r--r-- 1 root root     538 sep 25 17:24 diversions
-rw-r--r-- 1 root root     457 sep 25 17:24 diversions-old
drwxr-xr-x 2 root root  483328 nov 28 11:17 info
-rw-r----- 1 root root       0 nov 28 11:18 lock
drwxr-xr-x 2 root root    4096 mar 22  2013 parts
-rw-r--r-- 1 root root     135 abr 24  2013 statoverride
-rw-r--r-- 1 root root 2269113 nov 28 11:18 status
-rw-r--r-- 1 root root 2268870 nov 28 11:18 status-old
drwxr-xr-x 2 root root    4096 nov 28 11:18 triggers
drwxr-xr-x 2 root root    4096 nov 28 11:18 updates

You removed 5 directories, the status file, etc. So, lets try to fix the stuff. First, create the directory:

sudo mkdir -p /var/lib/dpkg/{alternatives,info,parts,triggers,updates}

Recover some backups:

sudo cp /var/backups/dpkg.status.0 /var/lib/dpkg/status

Now, let’s see if your dpkg is working (start praying):

apt-get download dpkg
sudo dpkg -i dpkg*.deb

If everything is “ok” then repair your base files too:

apt-get download base-files
sudo dpkg -i base-files*.deb

Now try to update your package list, etc.:

dpkg --audit
sudo apt-get update
sudo apt-get check

Now, let’s take a deep breath. Phew!!! Do ls -l /var/lib/dpkg and compare with the above list. If some -old file is not present don’t worry it will be there after few days.