A cautionary tale about locking Linux and FreeBSD user accounts and ssh logins
Like every other solo developer and sysadmin, I do stuff using ssh. Some stuff is automated using scripts, and others require ssh login. For example, one of my scripts logs into my Linux and FreeBSD server using public ssh keys and does a particular type of work for me. I have a dedicated user account for that purpose called autovivek on Raspberry PI 4 for Ansible and custom script automation. Here is how it works:
{rpi4:~}$ ssh autovivek@192.168.2.17 /path/to/taks1
In other cases, it sends scripts and then executes them on the remote server named 192.168.2.17. Sounds good, right? So, when I need to make backups and other tasks, I lock down the autovivek user account on the server so that it will not modify data on disks. For example, here is how to lock down a user account:
{linux-server:~}$ sudo usermod -L -e 1 autovivek
## OR ##
{freebsd-server:~}$ sudo pw lock -n autovivek

A cautionary tale about locking Linux and FreeBSD user accounts

However, I soon discovered that a user named autovivek can still log into the server and make changes despite being locked down on both Linux and FreeBSD servers. I foolishly assumed that it would work out of the box. But, boy, I was in for a big surprise. [continue reading…]

Linux comes with three commands for developers, sysadmins and users to set up a hierarchy of applications, typically displayed as a menu. In other words, these commands allow third-party software to add menu items that work for all desktops. In addition, it allows Linux system administrators to edit menus in a way that affects all desktops using the following commands to install and edit desktop files on Linux to make Desktop entries:

  1. desktop-file-edit command is a tool for editing desktop files.
  2. Use the desktop-file-install command to install .desktop files.
  3. Update database of desktop entries cache using the update-desktop-database command.
  4. Validate desktop entry files using desktop-file-validate command.

[continue reading…]

Many of you access the nixCraft tutorial and blog post using the RSS feed. However, Google decided to kill the last part of Feedburner. Back in the old days, I and many others used FeedBurner. At some stage, Google acquired FeedBurner, and now they are putting it into maintenance mode. Hence, this new change will affect those getting daily emails via FeedBurner when new content is posted here. Therefore I urge you to update your feed.
nixCraft RSS feed change due to FeedBurner Google policy change
[continue reading…]

I already wrote about migrating from CentOS 8 to CentOS Stream. I also have a guide about migrating from CentOS 8 to Rocky Linux. Today, I am working on another side project with my partner, and I wanted to try out AlmaLinux. Hence, this quick post will list steps to convert existing VM or bare metal server from CentOS 8 to AlmaLinux 8. The server currently acts as API for mobile apps, including PostgreSQL, Redis, Python+Django, Apache web server, and SELinux and firewalld.
[continue reading…]

Linux Desktop Cost
Let us say you want to support Linux and buy an actual Linux desktop OS like you buy Windows desktop operating system from the market. How much would it cost price-wise, and what would you get in return when you buy a yearly subscription?
[continue reading…]

As you know, CentOS 8 is ending soon. Red Hat is making the shift from CentOS 8 to CentOS Stream. CentOS stream places itself between Fedora Linux and RHEL. It is not 100% RHEL clone but ahead of RHEL development. Think of it as a midstream distro. Of course, if you need 100% RHEL compatibility, then you need Rocky Linux or AlmaLinux. However, the CentOS stream is more than sufficient for me as I only need Apache, Perl, and Python for my use case. This page explains how to migrate the existing installation of CentOS 8 stable to CentOS Stream without reinstalling a new operating system.
[continue reading…]

All supported versions of FreeBSD are affected by various security bugs that need to be applied ASAP. For example, a memory corruption bug exists in the bhyve hypervisor. Another overwrite the stack of ggatec and potentially execute arbitrary code. There are two issues fixed for OpenSSL in this security advisory too. Let us see what and how to fix these security vulnerabilities on FreeBSD.
[continue reading…]

One of the most common questions I get is how can I find a Linux command path that I just installed on Linux using a package manager such as apt/dnf command. We have many new developers coming from the Windows world. Many are first-time Linux users. Some are using Linux from WSL, and others are directly dealing with cloud servers over ssh. Let us see some common commands to list or find a path for Linux commands.
[continue reading…]