Microsoft windows XP has runas command which allows a user to run specific tools and programs with different permissions than the user’s current logon provides. Linux and other UNIX like operating system provides the su or sudo command for same purpose. However, su/sudo command is not so useful when it comes to X program. For example when you logged in as a normal user, you need to run an X window application as root. If I run application as follows:
$ su -
It will bump you back with an error:
(program:15082): Gtk-WARNING **: cannot open display:
** WARNING ** cannot open display
However both KDE and Gnome come with tools to deal with this problem.
Method # 1:
If you are using KDE then use following command at shell prompt:
$ kdesu xeyes
Method # 2:
If you are using Gnome then use following command at shell prompt:
Or use GUI itself, click on Applications > System tools > Select Run as different user
Method # 3:
Create runas alias as follows:
$ alias runas='su -c $@'
Add above alias to your bash startup script
$ echo "alias runas='su -c $@'" >> .bash_profile
You can now use alias as follows to start any x program
$ runas program-name
$ runas xeyes
Method # 4: The old way
The problem is with two environment variable DISPLAY and XAUTHORITY. You need to setup them correctly to run X windows program as a root user while logged in as a normal user. So how do you fix this problem? Simply set these two variables to point to current logged in users environment variable. Let us assume you are currently login as vivek user.
Step # 1 Become super-use
vivek@debian:~$ su -
Step # 2 Setup variables
# export DISPLAY=0:0
# export XAUTHORITY=/home/vivek/.Xauthority
Step # 3 Execute X program as a root user
Q. How do I find out what network service are running under Linux operating system?
A. For security reason it is necessary to find out what services are running. With the help of netstat command, you can print information about the Linux networking subsystem including running services. It can display program name and PID for each socket belongs to. Use netstat as follows:
$ netstat -atup
$ netstat -atup | grep LISTEN
- -t : Select all TCP services
- -u : Select all UDP services
- -a : Display all listening and non-listening sockets.
- -p : Display the PID and name of the program to which each socket belongs
Q. How do I use ssh client program in a shell script under UNIX or Linux operating system?
Continue reading “How To Use SSH in Unix or Linux shell script”
To be frank there is no serious viruses found so far for Linux. The main reason is Linux is quite secure as compare to Windows. Also, viruses cannot cause any serious damage if they are not activated by root user (that is why you need to use su or sudo command and always login as normal user). However if you are using any one of the following program then consider getting a good virus scanner:
- Windows via Samba
- Linux Email server
- Linux as a router etc
Most are windows virus that, may affects above program.
Q. Can you tell me how can I find out MAC address under Linux or FreeBSD server?
A. A mac address is acronym for media access control address, is a unique address assigned to almost all-networking hardware such as Ethernet cards, router etc. Most layer 2 network protocols use one of three numbering spaces managed by the IEEE: MAC-48, EUI-48, and EUI-64, which are designed to be globally unique. (see mac address at wikipedia for more information).
Following command work with Linux and other UNIX oses:
Ifconfig is used to configure the kernel-resident network interfaces.
In order to find out MAC address of system you can use ifconfig command as follows:
$ /sbin/ifconfig | grep HWaddr
eth0 Link encap:Ethernet HWaddr 00:0F:EA:91:04:07
eth0 Link encap:Ethernet HWaddr 00:0F:EA:91:04:07
inet addr:192.168.1.2 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::20f:eaff:fe91:407/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:60400 errors:0 dropped:0 overruns:0 frame:0
TX packets:109216 errors:0 dropped:0 overruns:0 carrier:0
RX bytes:69273219 (66.0 MiB) TX bytes:14285799 (13.6 MiB)
Interrupt:18 Base address:0xc000
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:3869 errors:0 dropped:0 overruns:0 frame:0
TX packets:3869 errors:0 dropped:0 overruns:0 carrier:0
RX bytes:396498 (387.2 KiB) TX bytes:396498 (387.2 KiB)
OR as a root user type following command:
# grep eth0 /var/log/dmesg
eth0: RealTek RTL8139 at 0xc000, 00:0f:ea:91:04:07, IRQ 18
eth0: Identified 8139 chip type 'RTL-8100B/8139D'
eth0: link up, 100Mbps, full-duplex, lpa 0x45E1
lnc0: flags=108843 mtu 1500
inet 74.xx.yy.zzz netmask 0xfffffff0 broadcast 74.xx.yyy.zzz
plip0: flags=108810 mtu 1500
lo0: flags=8049 mtu 16384
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3
inet6 ::1 prefixlen 128
inet 127.0.0.1 netmask 0xff000000
Symbolic links link by pathname rather than inode number. As you know, each pathname is a unique file on a system. Because of this, it is possible to create symbolic links across file system boundaries. Try to create symbolic links using following command:
$ touch /home/you/file1
# ln -s /home/you/file1 /tmp/file2
Find out inode of both file1 and file2
# ls -i /home/you/file1
# ls -i /tmp/file2
As you can see inode number are unique to each file. So it is possible to create symbolic links across file system boundaries. Please note that in above example both /tmp and /home are two different file systems.
Securing root account is one of the main tasks. Most systems have a password assigned to the root account. The first thing you do is assume that the password is always compromised. This does not mean that you should remove the password. The password is almost always necessary for console access to the machine. What it does mean is that you should not make it possible to use the password outside of the console. Direct root logins should only be allowed via the system console.
1) Login as a root user
2) Open /etc/ssh/sshd_config file
# vi /etc/ssh/sshd_config
3) Make changes to ssh server configuration find the following line or edit the line from:
Change it to:
4) Save the changes
5) Restart sshd service
# /etc/init.d/sshd restart
The option PermitRootLogin specifies whether root can log in using ssh.