I used service account to install cygwin and sshd service. It was working fine till service account password was changed. Now, sshd service is not coming up.
$ net start sshd
System error 1069 has occurred.
The service did not start due to a logon failure.
Can somebody help and share the steps to fix it.
Likely a reset of needed privileges.
For that I use the following script:
$ cat bin/enable-cyg-server.sh
#!/bin/bash
# see
# /usr/share/csih/cygwin-service-installation-helper.sh
#
editrights -u cyg_server -a SeAssignPrimaryTokenPrivilege
editrights -u cyg_server -a SeCreateTokenPrivilege
editrights -u cyg_server -a SeTcbPrivilege
editrights -u cyg_server -a SeServiceLogonRight
editrights -u cyg_server -a SeIncreaseQuotaPrivilege
editrights -u sshd -a SeAssignPrimaryTokenPrivilege
editrights -u sshd -a SeCreateTokenPrivilege
editrights -u sshd -a SeTcbPrivilege
editrights -u sshd -a SeServiceLogonRight
editrights -u sshd -a SeIncreaseQuotaPrivilege
Related
I have a linux system running with several Docker containers. One of them is mosquitto container which runs from mosquitto 1.6.7 docker image.
I do not have control how the Mosquitto container is created as it is given by default from a supplier/client.
I need to make changes in the mosquitto/config/mosquitto.conf file. This is the output when I run ls -l
/mosquitto/config # ls -l
total 4
-rwxrwxr-x 1 nobody nobody 210 May 24 05:35 mosquitto.conf
I tried the codes below to add a comment in the mosquitto.conf, but I am not successful.
/mosquitto/config # echo '#test' | su nobody -c 'tee -a mosquitto.conf'
nologin: this account is not available
/mosquitto/config # echo '#test' | su nobody -s sh -c 'tee -a mosquitto.conf'
su: can't execute 'sh': No such file or directory
/mosquitto/config # echo '#test' | su nobody -s bin/sh -c 'tee -a mosquitto.conf'
su: can't execute 'bin/sh': No such file or directory
/mosquitto/config # echo '#test' | su nobody -s /bin/sh -c 'tee -a mosquitto.conf'
tee: mosquitto.conf: Permission denied
#test
Is it possible to change the mosquitto.conf?
If yes, how? Thanks.
You don't.
You make a copy of it on the host machine, edit there and then mount that edited copy into the container when you start it.
e.g.
docker run -d -v /path/to/local/mosquitto.conf:/mosquitto/config/mosquitto.conf mosquitto
I seem to have a weird issue:
I want to restart a reverse ssh tunnel on boot, I've tried it with an init script (that works fine when executed as user) and with an added line in /etc/rc.d but none of it works. What I get after boot is:
$ ps ax | grep autossh
397 pts/10 S+ 0:00 grep --color=auto autossh
1351 ? Ss 0:00 /usr/lib/autossh/autossh -M 22221 -N -o PubkeyAuthentication=yes -o PasswordAuthentication=no -i ~/.ssh/etherwan.key -R 19999:localhost:22 ubuntu#server
but I'm unable to login from server. So I did the following after boot:
$ sudo killall -KILL autossh
[sudo] password for ron:
$ /usr/bin/autossh -M 22221 -f -N -o "PubkeyAuthentication=yes" -o "PasswordAuthentication=no" -i ~/.ssh/etherwan.key -R 19999:localhost:22 ubuntu#server
upon which I can login using port 19999 just fine!
The keys permissions look like: (but root should not need to care, would it?)
$ ls -l ~/.ssh/etherwan.key
-r-------- 1 ron ron 1675 Nov 6 04:15 /home/ron/.ssh/etherwan.key
Replace ~/.ssh/etherwan.key in your rc.d script with /home/ron/.ssh/etherwan.key
The '~' character is expanded to the user's home directory by the shell, but rc.d scripts are run as root.
I want to know which port is my Jonas, on which a Java project has been deployed, is attached to in a Linux server. I have the pid of the Jonas and tried netstat -lnp but I found no port attached to that PID.
Any idea of how to do this.
Open a terminal application i.e. shell prompt.
Run any one of the following command:
sudo lsof -i -P -n | grep LISTEN
sudo netstat -tulpn | grep LISTEN
sudo nmap -sTU -O IP-address-Here
lsof command
The syntax is:
$ sudo lsof -i -P -n
$ sudo lsof -i -P -n | grep LISTEN
$ doas lsof -i -P -n | grep LISTEN ### [OpenBSD] ###
There are many ways to do, I prefer this
sudo netstat -pan |grep pid
Also, you can use
sudo lsof -Pan -p pid -i
pid should be actual "pid" number that you have
I have a centos7 base ami and have successfully changed the user name using the ec2-launch user data modified from an amazon-linux script
#!/bin/bash
groupadd ec2-user
usermod -d /home/ec2-user -m -g ec2-user -l ec2-user centos
echo "" | sudo tee -a /etc/sudoers
echo "Defaults:root !requiretty" | sudo tee -a /etc/sudoers
echo "ec2-user ALL=(ALL) NOPASSWD: ALL" | sudo tee -a /etc/sudoers
echo "Defaults:ec2-user !requiretty" | sudo tee -a /etc/sudoers
log in works as expected and home directory has been changed, however when I use sudo it still asks for a password. As I cannot get into the file to check format I wonder if I am using the correct syntax?
How do change the user and remove the sudo password requirement in a single script?
I believe your Cloudinit userdata script is failing because it's attempting to use sudo without a tty (and the !requiretty hasn't been added yet). Since that script runs as root anyways, this should work:
#!/bin/bash
groupadd ec2-user
usermod -d /home/ec2-user -m -g ec2-user -l ec2-user centos
echo "" | tee -a /etc/sudoers
echo "Defaults:root !requiretty" | tee -a /etc/sudoers
echo "ec2-user ALL=(ALL) NOPASSWD: ALL" | tee -a /etc/sudoers
echo "Defaults:ec2-user !requiretty" | tee -a /etc/sudoers
I am trying to install otrs on a mac. I am wondering what is the OS X equivalent of the following commands?
useradd -r -d /opt/otrs/ -c 'OTRS user' otrs
usermod -G nogroup otrs www-data
The following link might be helpful: http://www.maclife.com/article/columns/terminal_101_creating_new_users
And this script gives further information and examples: http://wiki.freegeek.org/index.php/Mac_OSX_adduser_script
According to that, the following commands should do it:
dscl . create /Users/otrs
dscl . create /Users/otrs RealName "OTRS user"
dscl . create /Users/otrs NFSHomeDirectory /opt/otrs
dseditgroup -o edit -t user -a otrs nogroup
dseditgroup -o edit -t user -a otrs otrs
dseditgroup -o edit -t user -a otrs www-data