really new to linux scripting so i figured i would ask rather than waste time pulling my hair out.
i have a simple script that backs up the contents of a folder on my linux box and moves it to S3 storage, i would like this script to create a zip file and password protect it without any intervention from me.
i got it down to
zip myarchive.zip /var/www/* -e
but cannot work out where i should put the password to stop it prompting me.
thanks
kris
Doing that is a security risk as it means your password will be written in cleartext in your script.
For this reason, zip refuses to work that way. It wants the input from the keyboard, not your script or a file.
I'm not aware of a workaround.
On the other hand, at least the zip in my Ubuntu distribution offers a -P password option which, I think, allows you to enter the password right on the command line. The documentation surrounds this option with the appropriate warnings.
You could also use the security features provided by the file system. This is indeed another story, but it does protect your information in most cases.
So I guess doing a chown and chmod on your archive after creating it will prevent unwanted users from accessing the file, if all you need is a file that can only be read by a certain group. The main advantage is that there's no need to memorize a password here.
Related
What exactly is --user-data-dir specifiying?
From --help parameter:
--user-data-dir <dir> Specifies the directory that user data is kept in. Can be used to open multiple distinct instances of Code.
Is it storing some temporary files there?
Is it about the access path to config files?
I am asking as I want to run VSCode (or Codium to be more exact) with sudo (I want to edit system config file that is read restricted) which requires this parameter for reasons unclear to me.
Since sudo-ing VS Code at command-line launch is only a thing on Linux, this question assumes you're on Linux, and restricts its context to Linux.
TL;DR
To answer your question directly: the user-data-dir parameter points to a folder where all personalisation except extensions resides — unique to each user.
Why does sudo-ing Code need --user-data-dir?
In typical installations of either OS and VS Code, this folder owned by the regular user cannot be accessed by the superuser.
Hence a VS Code session running with effective UID=0 tries but fails to write to the invoking user's (not the superuser's) config folder. This is what the error message prevents from happening, by forcing the user to provide an explicit root-accessible folder.
Detailed Explanation
There are two main folders that VS Code uses to store configuration data:
An extensions folder (self explanatory) — contained in ~/.vscode[1]
user-data-dir; a folder for all other personalisable things (settings, keybindings, GitHub/MS account credential caches, themes, tasks.json, you name it)[2]
On Linux the latter is located in ~/.config/Code, and has file permissions mode 0700 (unreadable and unwritable by anybody other than the owner).
This causes issues, as VS Code tries and fails to access said directory. The logical solution is to either modify the permissions (recursively) of ~/.config/Code to allow root access, or — arguably saner and objectively more privacy-respecting — to use a separate directory altogether for the sudo'ed VS Code to access.
The latter strategy is what the community decided to adopt at large; this commit from 2016 started making it compulsory to pass an explicit --user-data-dir when sudo-ing VS Code on Linux.
Should You be Doing This in the First Place?
Probably not! If your goal is to modify system config files, then you could stick to an un-elevated instance of Code, which would prompt you to Save as Admin... when you try to save. See this answer on Ask Ubuntu on why you probably want to avoid elevating VS Code without reason (unless you understand the risks and/or have to), and this one on the same thread on what you could do instead.
However, if the concerned file is read-restricted to root as well, as in the O.P’s case, then you hardly have a choice 😕; sudo away! 😀
[1] & [2]: If you want to know more about the above two folder paths on different OSes, see [1] and [2]
Hope this was helpful!
It might be helpful to easily find the default location of the user-data-dir on any OS. It can be found with this command:
Developer: Open User Data Folder
workbench.action.openUserDataFolder
which is in the Insiders Build v1.75 now, Stable soon. Opens your OS file explorer app to the location.
I am using ubuntu 12.0 machine. I want to set a password
for particular file.
Whenever I open that file, the system should ask the password.
If the password is wrong, don't open that file.
I searched in net. Some sites explain how to set a password
using "cryptkeeper" gem. But, for install that gem needs root
privilege. But I am not a root user.
So, anybody know how to do this using a linux command itself ?
In general I know of no way to do this. Your best bet is to encrypt with something like gpg -c important.docx and decrypt the file when you need it with gpg important.docx.gpg.
Here is a general tutorial.
You is not a root and you wish to password protect some directories?
Its impossible.
Im using cent os 6 for my work. For educational purposes I want to add user to the cent os by only editing configuration files.I know we can easly add user by useradd command and change their password using passwd command. But I need to use exactly above mentioned way. To do this first I need to understand what are the files I have to change
By searching I found that following files are responsible for handling user
/etc/passwd
/etc/group
/etc/shadow
/etc/gshadow
What I did is first I add the user using useradd command and then study the strings that commands created in above files. And then I try to replicate it with manually editing files using VI editor. After I replicate every line of string I make a directory for my new user in /home. the I reboot the VM and try to login as manually created user. I can log in without any problems but the terminal showing bash-4.1$ instead of my username. but when I use whoami terminal prints my username correctly.
My question are
Is there any other files do I need to modify to add user successfully?
By adding user manually what are the functionalities that user lost ?
How to create MD5 hashed password for manually created user ?
I know to you this is may be little bit odd. but I need to do this exactly this way. If this question is inappropriate please let me know without down voting
thanks
Those are the essentials, obviously you'll need to create a home directory for that user with proper permissions, as well as any additional user specific resources.
You might want to also read up on the Pluggable Authentication Module or PAM. This provides increased authentication functionality to Linux beyond passwd, group, shadow files.
Also check out the GETPWNAM() system call.
=D Enjoy the Posix!
Serverfault on password hash creation below.
REF: https://unix.stackexchange.com/questions/81240/manually-generate-password-for-etc-shadow
I have an Informatica workflow that is supposed to generate a .dat file.
The issues is that the wroflow creates a 0 byte file, but then can not write to the file it JUST created. It's baffling.
The target directory is a linux server, and there is a developer on our team that is able to run the workflow just fine, without this file-writing issue.
However, I have checked with our linux admins and several of them have confiremd that there is no major difference in access/permissions between her linux ID and my own. She is in two more user groups than I am, but I have been told that they would not have anything to do with this issue.
The ID used by the connection object is also in the same user group as my id on the linux server, enduser. Therefore it should be able to write to my home directory.
The workaround we have devised is to remove the files using my id, touch the files and then chmod them. This allows the id used by the Informatica connection object to write to the files, but it is not a permanent (or correct) fix.
My best guess is that this is most likely some sort of (very obscure) Linux environment issue.
I am also not able to make any changes to the Informatica workflow or mapping, since it is built correctly and this issue appears to be completely local to certain linux user ID's.
Does the etluser have write permissions? have you tried running a post session command script for chmod and giving full permissions and then writing into the file?
Is there any way to insert an Environment variable into a Linux local machine from a website?I just want that when an user clicks on a button from a website,automatically to insert an environment variable into the user linux machine.I need to do this in any web language programming.
This is definitely not possible - for the same reasons that you can't open files in Javascript from the browser.
Another solution is to allow them to download a bash script and run it on their own. You will need to include instructions to run it, of course. (Don't forget to make it executable chmod +x)
As a side note, this is probably not a good idea in the first place. You could include literally anything in that bash script, and the user (assuming (s)he can't read bash) would just have to trust you. It is generally not advised to run random bash scripts on your computer or allow websites to make modifications to your environment variables.