ali aboos

I was wondering… why I can’t connect through ssh. sshd daemon is running fine, so I found out that OpenSuSE installs its stikin’ firewall by default and blocks everything. I’m pretty well protected behind enough high end security devices, and don’t need to micro-manage my connection. Here is how I disabled the firewall altogether:
/sbin/SuSEfirewall2 off

To start the firewall:
/sbin/SuSEfirewall2 on

If you want to temporarily disable your firewall:
/etc/init.d/SuSEfirewall2_setup stop

Enter the above line without “stop” and you will see all available switches.

WAIT: Read the whole post before applying any changes. You will know why once you’re done!
Note: Seems like it’s kind of common for SuSE, but you can easily modify the few specific lines to work with your distro. Most commands are common Linux stuff.

This is not my first day with SuSE, really, but since I’ve been considering an enterprise distro for a few servers at work, and the fact that I rather have my jewels stabbed with a sharp icepick instead of touching REHL I started playing around with OpenSuSE 11.1. This is what I’ve been running into pretty much all day today AFTER I changed DHCP to static. Here is what I did: First edited my resolv.conf to add my DNS servers:
nano /etc/resolv.conf

added the following lines:
nameserver <internal DNS server IP>
domain <FQDN>
search <FQDN>

Fixed, right? Not quite. Now it can resolve internal servers’ hostnames, but when I trie to ping an external site I started getting “connect: network is unreachable error”. I looked at my ifconfig and noticed IPv6 crap showing up. I went ahead and disabled IPv6. You can either add the following lines to your /etc/modprobe.conf and reload modules, or just do them in shell directly:
echo "alias net-pf-10 off" >> /etc/modprobe.conf
echo "alias ipv6 off" >> /etc/modprobe.conf

Here I am, standing in front of a bowl of mashed potatoes with no pants on… this SuSE experiment has been a pain in the neck so far. A quick spark made me try:
ip route show all

and it returned:
192.168.1.0/24 dev eth0 proto kernel scope link src 192.168.1.76
169.254.0.0/16 dev eth0 scope link
127.0.0.0/8 dev lo scope link

Oh, snap! Seems like there is no default gateway setup on the system, while I have the line in my /etc/sysconfig/network/ifcfg-eth0. I went ahead with the following command:
route add default gw 192.168.1.1

and booya! This is what “ip route show all” returns at the moment:
192.168.1.0/24 dev eth0 proto kernel scope link src 192.168.1.76
169.254.0.0/16 dev eth0 scope link
127.0.0.0/8 dev lo scope link
default via 192.168.1.1 dev eth0
I’m happy… feelin’ glad :P, but my enjoyment is short lived. It lost the gateway after a reboot and same headache was about to start, but now I know how to fix that one! Tried:
nano /etc/sysconfig/network/routes

and added the line:
default 192.168.1.1

Rebooted and it seems like I’m golden this time. Note that can go ahead and create the file if it does not already exist.

Note: It wasn’t IPv6’s fault after all, but since I don’t need it I left it disabled. Now I’m leaving everything here, just in case. You just pick what you need, or perform from the bottom up (that’s what she said!)

To change IP address immediately:
ifconfig eth0 192.168.1.10 netmask 255.255.255.0 up or ifonfig eth0 192.168.1.10/24
route add default gw 192.168.1.1
echo nameserver 192.168.1.1 > /etc/resolv.conf

useradd: Add new users commands:
-d specify home directory
-s shell
-p specify password
-g user’s primary group
-G user’s other group
-m create home directory

The following command creates a user “ali”, adds to groups users and admin and create his home directory:
useradd -g users -G admin -p <password> -d /home/ali -m ali -s /bin/shell

usermod: Modify existing users
Use above switches to modify a user

Add “ali” to another group:
usermod -G <groupname> ali

userdel: Delete a user
Removes the user “ali”. To delete home directories use -r switch:
userdel -r ali

passwd: user Password
Logged on users can just use passwd to change their password. If root is changing a user’s password:
passwd <username>

su: switch user
To switch from current user to another:
su <username>

You may switch from root to another user without entering user’s password, but not the other way around. This will not log off current user. To return to previous user shell type “exit”.

Users, passwords and group information are stored in these files:

Users: /etc/passwd
Groups: /etc/group
Passwords: /etc/shadow

It’s actually quite easy!

In Debian you will have to install smbfs. Some distros install this package by default. First create a mount point to which we will refer to as /mountpoint from this point forward.
mkdir /mnt/mountpoint

To mount:
mount -t smbfs -o username=<username>,password=<password>,workgroup=<workgroup/domain> //servername/share /mountpoint
If you don’t want to type your password in the comman then don’t. Remove password=<password> and you will be asked to enter it once you hit enter. To use local credentials use the server name in <workgroup/domain> and to use domain credentials use the domain name. Username must match the domain or server you are authenticating against.

You can also mount admin shares. Instead of //servername/share use //servername/<driveletter>$

You can ultimately auto mount remote shares during boot by adding those lines to your fstab, but if your Linux box is not a member of the domain and can’t authenticate mount process will fail unless you have smbfs authenticate automatically. This is not the safest way of auto mounting shares in Linux as you are going to store your password in a text file. As precaution you can make the file accessible to root only.

To do so, add this line to your fstab:
//servername/sharename /mountpoint smbfs auto,credentials=/root/.passfile,uid=1000,umask=000,user 0 0
/root/.passfile is where you will store your network passwords. Create it and add the credentials:
nano /root/.passfile

Then add the following lines:
username=<username>
password=<password>

To make the file readable by root only:
chmod 600 /root/.passfile

Once you’re done with all this, go ahead and mount the shares:
mount -a

Remote share will be mounted automatically after every reboot.