December 2019
M T W T F S S
« Nov    
 1
2345678
9101112131415
16171819202122
23242526272829
3031  

Categories

WordPress Quotes

A successful man is one who can lay a firm foundation with the bricks others have thrown at him.
David Brinkley
December 2019
M T W T F S S
« Nov    
 1
2345678
9101112131415
16171819202122
23242526272829
3031  

Short Cuts

2012 SERVER (64)
2016 windows (9)
AIX (13)
Amazon (40)
Ansibile (19)
Apache (135)
Asterisk (2)
cassandra (2)
Centos (211)
Centos RHEL 7 (268)
chef (3)
cloud (2)
cluster (3)
Coherence (1)
DB2 (5)
DISK (25)
DNS (9)
Docker (30)
Eassy (11)
ELKS (1)
EXCHANGE (3)
Fedora (6)
ftp (5)
GIT (3)
GOD (2)
Grub (1)
Hacking (10)
Hadoop (6)
health (1)
horoscope (23)
Hyper-V (10)
IIS (15)
IPTABLES (15)
JAVA (7)
JBOSS (32)
jenkins (1)
Kubernetes (7)
Ldap (5)
Linux (188)
Linux Commands (166)
Load balancer (5)
mariadb (14)
Mongodb (4)
MQ Server (24)
MYSQL (84)
Nagios (5)
NaturalOil (13)
Nginx (35)
Ngix (1)
openldap (1)
Openstack (6)
Oracle (35)
Perl (3)
Postfix (19)
Postgresql (1)
PowerShell (2)
Python (3)
qmail (36)
Redis (12)
RHCE (28)
SCALEIO (1)
Security on Centos (29)
SFTP (1)
Shell (64)
Solaris (58)
Sql Server 2012 (4)
squid (3)
SSH (10)
SSL (14)
Storage (1)
swap (3)
TIPS on Linux (28)
tomcat (62)
Ubuntu (1)
Uncategorized (30)
Veritas (2)
vfabric (1)
VMware (28)
Weblogic (38)
Websphere (71)
Windows (19)
Windows Software (2)
wordpress (1)
ZIMBRA (17)

WP Cumulus Flash tag cloud by Roy Tanck requires Flash Player 9 or better.

Who's Online

23 visitors online now
5 guests, 18 bots, 0 members

Hit Counter provided by dental implants orange county

solaris: how to recover solaris 11 root password

solaris: how to recover solaris 11 root password

 

boot net -s
boot cdrom -s, if it ask username: root/solaris or root/password.

on x86, you need edit grub and append -s on kernel line.

after login. mount /dev/dsk/cxtxdxsx /a

if you use zfs for /, then zfs import
zfs list
zfs set mountpoint=/a rpool/ROOT/solaris
zfs mount -f rpool/ROOT/solaris
then edit /etc/shadow
remove the password section, let it looks likes.
root::15356::::::

don’t forget to reset the mountpoint back
zfs set mountpoint=/ rpool/ROOT/solaris

GRUB password solaris 11

GRUB password

Nowadays I’d say it’s hard to believe that anything is really secure.
Nevertheless one can keep going adding more and more barriers.
The idea is not to be selected as an easier path to attack.
But again, if someone is determined who can tell…

Despite this gave introduction, my goal is to repeat one known tiny bit:
Help preventing unauthorized GRUB configuration change by adding a password.
The method below isn’t for GRUB2 (the next generation), but for the older version.

Locate the grub menu file where to configure the password:

# bootadm list-menu
the location … is: /rpool/boot/grub/menu.lst
default 4
timeout 15

Invoke the grub binary to create the password.
Take note of the resulting encrypyted hash.

# /boot/grub/bin/grub

GNU GRUB  version 0.97  (640K lower / 65536K upper memory)
[ …

… ]

grub> md5crypt

Password: ***************
Encrypted: $1$…

grub> quit

Edit the grub menu file and include the generated password hash as shown below:

# head -7 /rpool/boot/grub/menu.lst
splashimage /boot/grub/splash.xpm.gz
foreground 343434
background F7FbFF
default 4
timeout 15
password –md5 $1$…
#———- ADDED BY BOOTADM – DO NOT EDIT ———-

That’s all what’s need for GRUB1.
For GRUB2 I’m still trying to learn how to do it.

Solaris 11 Network add

Solaris 11 coming with new feature and enhancement, one of it is NWAM (Network automagic) with NWAM you can create and save the network profile. In this post, I’ll blogging about how to configure your Solaris 11 Systems to used static IP Address.

Ok let’s start :
1. Switch From Automatic Network Configuration Mode to Manual Network Configuration Mode

# netadm enable -p ncp DefaultFixed

2. Verify that DefaultFixed profile is applied

# netadm list
netadm: DefaultFixed NCP is enabled;
automatic network management is not available.
'netadm list' is only supported when automatic network management is active.

3. Determine the interface that you want to configure

# dladm show-phys

4. I’ll configure the net0 interface

# ipadm create-ip net0
# ipadm create-addr -T static -a 192.168.56.200/24 net0/v4

5. Verify

# ipadm show-addr
ADDROBJ           TYPE     STATE        ADDR
lo0/v4            static   ok           127.0.0.1/8
net0/v4           static   ok           192.168.56.200/24
lo0/v6            static   ok           ::1/128
root@solaris:~# dladm show-link
LINK                CLASS     MTU    STATE    OVER
net0                phys      1500   up       --
net1                phys      1500   unknown  --

6. Add default route

# route -p add default 12.34.56.1

7. Add DNS Name Server

root@solaris:~# svccfg -s dns/client
svc:/network/dns/client> setprop config/nameserver = (8.8.8.8 8.8.4.4)
svc:/network/dns/client> listprop config
config                      application
config/value_authorization astring     solaris.smf.value.name-service.dns.client
config/nameserver          net_address 8.8.8.8 8.8.4.4
svc:/network/dns/client> exit
root@solaris:~#
root@solaris:~# svcadm refresh dns/client
root@solaris:~# svcadm restart dns/client

8. Set name service switch

root@solaris:~# svccfg -s name-service/switch
svc:/system/name-service/switch> setprop config/host = "files dns"
svc:/system/name-service/switch> listprop config
config                      application
config/default             astring     files
config/value_authorization astring     solaris.smf.value.name-service.switch
config/printer             astring     "user files"
config/host                astring     "files dns"
svc:/system/name-service/switch> exit

9. Testing

root@solaris:~# ping google.com
google.com is alive

That’s it..
In the next post I’ll blogging about how to configure IPMP on Solaris 11.

CentOS 6.8 ftp service installation and configuration based on local users and virtual users

CentOS 6.8 ftp service installation and configuration based on local users and virtual users

First, install ftp services

1, check whether the installation

# rpm -qa | grep ftp

ftp-0.17-54.el6.x86_64

vsftpd-2.2.2-21.el6.x86_64

2, if not installed to install

# yum -y install vsftp

# yum -y install ftp

/ / If the offline environment on the Internet to go ahead to download ftp rpm package for manual installation

3, ftp service command

# /etc/init.d/vsftpd start      Start the ftp service manually

service vsftpd start

# chkconfig vsftpd on           set to boot from the start

# service vsftpd stop

# service vsftpd restart

# service vsftpd status

Second, the allocation of ftp

1, configure the vsftpd configuration file

# vi /etc/vsftpd/vsftpd.conf

# Disable anonymous user anonymous login

anonymous_enable=NO

# Enable the local user to log in

local_enable=YES

# Make the logged-in user have write permission (upload, delete)

write_enable=YES

# Default umask

local_umask=022

# Save the log of the transfer log to /var/log/vsftpd.log

xferlog_enable=YES

xferlog_file=/var/log/vsftpd.log

xferlog_std_format=NO

# Enable ASCII mode

ascii_upload_enable=YES

# Enable the ASCII mode download

ascii_download_enable=YES

# Use port 20 to transmit data

connect_from_port_20=YES

# Welcome slogan

ftpd_banner=Welcome to use my test ftp server.

# The next three configurations are important
# Chroot_local_user set YES, then all users will be chroot by default,

# Also the user directory is limited to their own home, can not change the directory up.

# Chroot_list_enable Set YES to enable the chroot user list.

# If chroot_local_user is set to YES, then chroot_list_file

# Set the file, the user is not chroot (you can change the directory up)

# If chroot_local_user is set to NO, then chroot_list_file

# Set the file, the user is chroot (can not change the directory up)

chroot_list_enable=YES

# touch /etc/vsftpd/chroot_list New

chroot_list_file=/etc/vsftpd/chroot_list

use_localtime=YES

# Run on ipv4 in standalone mode

listen=YES

# PAM authentication service name, here is the default vsftpd, when the installation has been created vsftpd the pam file,

# In /etc/pam.d/vsftpd, according to the pam file settings, / etc / vsftpd / ftpusers

# File users will be prohibited from logging in ftp server, such as root so sensitive to the user, so you want to prohibit other users

# Log in, you can also add the user to /etc/vsftpd/ftpusers

pam_service_name=vsftpd

* Reboot vsftpd

# service vsftpd restart

Third, create a local user

Create a user

# useradd -d /home/ftpuser/zzp -s /sbin/nologin -M zzp123

Set the user to the folder

# chown -R username /home/ftpuser/zzp

Setting permissions

# chown -R 777 /home/ftpuser/zzp

Add a password

# passwd zzp

Fourth, create a virtual user

Install the Generating Tool for file-based authentication databases based on common files

# rpm -qa | grep db4-utils

# yum -y install db4-utils

Edit the virtual user account and password file, the odd-line user name, and even-action passwords

# vi /etc/vsftpd/vu.txt

test

1234

usernameN

passwordN

File-based database generation for authentication

# db_load -T -t hash -f /etc/vsftpd/vu.txt /etc/vsftpd/vu.db

Modify permissions

# chmod 600 /etc/vsftpd/vu.*

Modify the default VSFTP authentication mode, based on just generated file-based database

# vi /etc/pam.d/vsftpd.vu

auth      required  /lib64/security/pam_userdb.so db=/etc/vsftpd/vu

account  required  /lib64/security/pam_userdb.so db=/etc/vsftpd/vu

**note**:

1. The system acquiescence to read the document is /etc/pam.d/vsftpd This can also be added directly to the above content

2. 64-bit system may not recognize the path of pam_userdb.so db, it is necessary to write the full path, otherwise the time will be logged in ftp login login incorrect error 530

Create a system user that maps virtual users

# useradd  -d /home/vsftp/ftp -s /sbin/nologin -M vsftp

Create a virtual user profile directory

# mkdir /etc/vsftpd/conf.vu

Modify the VSFTP configuration file

# vi /etc/vsftpd/vsftpd.conf
anon_umask=022                                # file 644, folder 755
anonymous_enable=NO                      # Turn off anonymous logins
pam_service_name=vsftpd.vu               Modify the PAM authentication module (the system default is vsftpd)
guest_enable=YES                                # Allow the virtual user to log in
guest_username=vsftp                        # The system user who mapped the virtual user
user_config_dir=/etc/vsftpd/conf.vu    # The virtual user profile directory
pasv_enable=YES                                 # Passive mode
pasv_max_port=20999                        # Maximum port
pasv_min_port=20000                          # minimum port
xferlog_enable=YES
xferlog_std_format=YES
xferlog_file=/var/log/xferlog                # Log: record upload, download, delete, create
dual_log_enable=YES
vsftpd_log_file=/var/log/vsftpd.log       # Log: Server transfer log

Create the virtual user’s directory and configuration file

# mkdir /home/vsftp/ftp/username
# chmod 700 /home/vsftp/ftp/username
# chown vsftp.vsftp /home/vsftp/ftp/username
# vi /etc/vsftpd/conf.vu/username
write_enable=YES                        # The current virtual user write permission
anon_world_readable_only=NO               # Current virtual user download permissions
anon_upload_enable=YES                  # The current virtual user upload privilege
anon_mkdir_write_enable=YES             # Create the directory permissions for the current virtual user
anon_other_write_enable=YES              # Delete and rename permissions for the current virtual user
local_root=/bigdisk/ftp/username1       # Current virtual home directory
# chmod 600 /etc/vsftpd/conf.vu/*

Finally restart vsftpd

# service vsftpd restart

CentOS6.8 compiler installation Apache2.4.25, MySQL5.7.16, PHP5.6.29 initialization

CentOS6.8 compiler installation Apache2.4.25, MySQL5.7.16, PHP5.6.29
initialization

# Fixed IP address
vi /etc/sysconfig/network-scripts/ifcfg-eth0
ONBOOT=yes
BOOTPROTO=none
DNS1=202.96.209.133
IPADDR=192.168.159.68
PREFIX=24
GATEWAY=192.168.159.2

# The base library
yum groupinstall base
yum grouplist
yum groupinstall ‘Development tools’
yum groupinstall ‘Debugging Tools’
yum groupinstall ‘Compatibility libraries’

Apache

mkdir /app/src -p
cd /app/src/
wget -c http://mirrors.aliyun.com/apache/apr/apr-1.5.2.tar.gz
wget -c http://mirrors.aliyun.com/apache/apr/apr-util-1.5.4.tar.gz
wget -c http://mirrors.aliyun.com/apache/httpd/httpd-2.4.25.tar.gz
tar xf apr-1.5.2.tar.gz

apr
cd apr-1.5.2
./configure –prefix=/app/apr-1.5.2
make && make install
ln -sv /app/apr-1.5.2/ /app/apr

apr-util
cd ..
tar xf apr-util-1.5.4.tar.gz
cd apr-util-1.5.4
./configure –prefix=/app/apr-util-1.5.4 –
-with-apr=/app/apr-1.5.2/
make && make install
ln -sv /app/apr-util-1.5.4/ /app/apr-util

httpd
yum install pcre-devel zlib-devel openssl-devel -y
cd ..
tar xf httpd-2.4.25.tar.gz
cd httpd-2.4.25
./configure –prefix=/app/httpd-2.4.25 –with-apr=/app/apr-1.5.2/ \
–with-apr-util=/app/apr-util-1.5.4/ –enable-so –enable-deflate –enable-expires \
–enable-headers –enable-ssl –enable-rewrite –enable-mpms-shared=all \
–with-mpm=prefork –enable-mods-shared=most
make
make install

ln -sv /app/httpd-2.4.25/ /app/httpd
vi /etc/profile.d/httpd.sh
export PATH=/app/httpd/bin:$PATH
. /etc/profile.d/httpd.sh

ls /app/httpd/modules/

apachectl -t -D DUMP_MODULES
vi /app/httpd/conf/httpd.conf
ServerName localhost:80
apachectl start
netstat -tunlp | grep httpd
cp ./httpd /etc/init.d/httpd

pid?lock
vi /etc/init.d/httpd
apachectl=/app/httpd/bin/apachectl
httpd=${HTTPD-/app/httpd/bin/httpd}
prog=httpd
pidfile=${PIDFILE-/app/httpd/logs/httpd.pid}
lockfile=${LOCKFILE-/app/httpd/logs/httpd}
apachectl stop
chmod +x /etc/init.d/httpd
/etc/init.d/httpd start
chkconfig –list | grep httpd
chkconfig –add httpd
chkconfig –list httpd
chkconfig httpd on
chkconfig –list httpd

#!/bin/bash
#
# httpd        Startup script for the Apache HTTP Server
#
# chkconfig: – 85 15
# description: The Apache HTTP Server is an efficient and extensible  \
#          server implementing the current HTTP standards.
# processname: httpd
# config: /etc/httpd/conf/httpd.conf
# config: /etc/sysconfig/httpd
# pidfile: /var/run/httpd/httpd.pid
#
### BEGIN INIT INFO
# Provides: httpd
# Required-Start: $local_fs $remote_fs $network $named
# Required-Stop: $local_fs $remote_fs $network
# Should-Start: distcache
# Short-Description: start and stop Apache HTTP Server
# Description: The Apache HTTP Server is an extensible server
#  implementing the current HTTP standards.
### END INIT INFO

# Source function library.
. /etc/rc.d/init.d/functions

if [ -f /etc/sysconfig/httpd ]; then
. /etc/sysconfig/httpd
fi

# Start httpd in the C locale by default.
HTTPD_LANG=${HTTPD_LANG-“C”}

# This will prevent initlog from swallowing up a pass-phrase prompt if
# mod_ssl needs a pass-phrase from the user.
INITLOG_ARGS=””

# Set HTTPD=/usr/sbin/httpd.worker in /etc/sysconfig/httpd to use a server
# with the thread-based “worker” MPM; BE WARNED that some modules may not
# work correctly with a thread-based MPM; notably PHP will refuse to start.

# Path to the apachectl script, server binary, and short-form for messages.
apachectl=/app/httpd/bin/apachectl
httpd=${HTTPD-/app/httpd/bin/httpd}
prog=httpd
pidfile=${PIDFILE-/app/httpd/logs/httpd.pid}
lockfile=${LOCKFILE-/app/httpd/logs/httpd}
RETVAL=0
STOP_TIMEOUT=${STOP_TIMEOUT-10}

# The semantics of these two functions differ from the way apachectl does
# things — attempting to start while running is a failure, and shutdown
# when not running is also a failure.  So we just do it the way init scripts
# are expected to behave here.
start() {
echo -n $”Starting $prog: ”
LANG=$HTTPD_LANG daemon –pidfile=${pidfile} $httpd $OPTIONS
RETVAL=$?
echo
[ $RETVAL = 0 ] && touch ${lockfile}
return $RETVAL
}

# When stopping httpd, a delay (of default 10 second) is required
# before SIGKILLing the httpd parent; this gives enough time for the
# httpd parent to SIGKILL any errant children.
stop() {
status -p ${pidfile} $httpd > /dev/null
if [[ $? = 0 ]]; then
echo -n $”Stopping $prog: ”
killproc -p ${pidfile} -d ${STOP_TIMEOUT} $httpd
else
echo -n $”Stopping $prog: ”
success
fi
RETVAL=$?
echo
[ $RETVAL = 0 ] && rm -f ${lockfile} ${pidfile}
}

reload() {
echo -n $”Reloading $prog: ”
if ! LANG=$HTTPD_LANG $httpd $OPTIONS -t >&/dev/null; then
RETVAL=6
echo $”not reloading due to configuration syntax error”
failure $”not reloading $httpd due to configuration syntax error”
else
# Force LSB behaviour from killproc
LSB=1 killproc -p ${pidfile} $httpd -HUP
RETVAL=$?
if [ $RETVAL -eq 7 ]; then
failure $”httpd shutdown”
fi
fi
echo
}

# See how we were called.
case “$1″ in
start)
start
;;
stop)
stop
;;
status)
status -p ${pidfile} $httpd
RETVAL=$?
;;
restart)
stop
start
;;
condrestart|try-restart)
if status -p ${pidfile} $httpd >&/dev/null; then
stop
start
fi
;;
force-reload|reload)
reload
;;
graceful|help|configtest|fullstatus)
$apachectl $@
RETVAL=$?
;;
*)
echo $”Usage: $prog {start|stop|restart|condrestart|try-restart|force-reload|reload|status|fullstatus|graceful|help|configtest}”
RETVAL=2
esac

exit $RETVAL

MySQL

wget -c http://mirrors.sohu.com/mysql/MySQL-5.7/mysql-boost-5.7.16.tar.gz
wget -c https://cmake.org/files/v3.7/cmake-3.7.1.tar.gz
tar xf cmake-3.7.1.tar.gz
cd cmake-3.7.1
less README.rst
./bootstrap –prefix=/app/cmake-3.7.1
gmake
gmake install
cd ..
ln -sv /app/cmake-3.7.1/ /app/cmake
export PATH=/app/cmake/bin:$PATH
tar xf mysql-boost-5.7.16.tar.gz
cd mysql-5.7.16/
yum install ncurses-devel
cmake . -DCMAKE_INSTALL_PREFIX=/app/mysql-5.7.16 -DMYSQL_DATADIR=/app/mysql-5.7.16/data \
-DWITH_BOOST=/app/src/mysql-5.7.16/boost/ -DENABLED_LOCAL_INFILE=1 -DDEFAULT_CHARSET=utf8 \
-DDEFAULT_COLLATION=utf8_general_ci -DWITH_ARCHIVE_STORAGE_ENGINE=1 \
-DWITH_BLACKHOLE_STORAGE_ENGINE=1 -DWITH_PARTITION_STORAGE_ENGINE=1
make
make install

cd /app/mysql-5.7.16
mkdir data
useradd mysql -M -s /sbin/nologin
chown mysql.mysql /app/mysql-5.7.16/ -R

mv /etc/my.cnf /etc/my.cnf.ori
bin/mysqld –initialize –user=mysql –basedir=/app/mysql-5.7.16/ –datadir=/app/mysql-5.7.16/data/
cp support-files/mysql.server /etc/init.d/mysqld
/etc/init.d/mysqld start
bin/mysql -uroot -p
ALTER USER root@localhost IDENTIFIED BY ‘root’;

PHP

cd /app/src
tar xf php-5.6.29.tar.gz
cd php-5.6.29
yum install libxml2-devel curl-devel libjpeg-devel libpng-devel freetype-devel
wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-6.repo
yum install libmcrypt-devel
./configure –prefix=/app/php-5.6.29 –with-apxs2=/app/httpd-2.4.25/bin/apxs \
–with-mysql –with-mysqli –enable-pdo –with-pdo-mysql –with-mysql-sock \
–enable-xml –with-libxml-dir –enable-sockets –with-curl \
–with-gd –enable-gd-native-ttf –with-freetype-dir –with-jpeg-dir –with-png-dir –with-zlib \
–with-mcrypt –with-openssl –with-mhash –enable-zip –enable-mbstring –enable-mbregex \
–with-iconv –enable-static
make
make install
vi /app/httpd/conf/httpd.conf
DirectoryIndex index.php index.html
AddType application/x-httpd-php .php
AddType application/x-httpd-php-source .phps

MySQL ERROR 1819 (HY000): Your password does not satisfy the current policy requirements !!

First you login with mysql -u root -p and check the current policy rules by:

# SHOW VARIABLES LIKE 'validate_password%';
+--------------------------------------+--------+
| Variable_name                        | Value  |
+--------------------------------------+--------+
| validate_password_dictionary_file    |        |
| validate_password_length             | 5      |
| validate_password_mixed_case_count   | 1      |
| validate_password_number_count       | 1      |
| validate_password_policy             | MEDIUM |
| validate_password_special_char_count | 1      |
+--------------------------------------+--------+

Then you can change any of the above variables at your will:

# SET GLOBAL validate_password_length = 5;
# SET GLOBAL validate_password_number_count = 0;
# SET GLOBAL validate_password_mixed_case_count = 0;
# SET GLOBAL validate_password_special_char_count = 0;


[root@ ~]# /usr/bin/mysql_secure_installation

Securing the MySQL server deployment.

Enter password for user root:

The existing password for the user account root has expired. Please set a new password.

New password:

Re-enter new password:
The 'validate_password' plugin is installed on the server.
The subsequent steps will run with the existing configuration
of the plugin.
Using existing password for root.

Estimated strength of the password: 100
Change the password for root ? ((Press y|Y for Yes, any other key for No) : y

New password:

Re-enter new password:

Estimated strength of the password: 100
Do you wish to continue with the password provided?(Press y|Y for Yes, any other key for No) : y
By default, a MySQL installation has an anonymous user,
allowing anyone to log into MySQL without having to have
a user account created for them. This is intended only for
testing, and to make the installation go a bit smoother.
You should remove them before moving into a production
environment.

Remove anonymous users? (Press y|Y for Yes, any other key for No) : y
Success.


Normally, root should only be allowed to connect from
'localhost'. This ensures that someone cannot guess at
the root password from the network.

Disallow root login remotely? (Press y|Y for Yes, any other key for No) : y
Success.

By default, MySQL comes with a database named 'test' that
anyone can access. This is also intended only for testing,
and should be removed before moving into a production
environment.


Remove test database and access to it? (Press y|Y for Yes, any other key for No) : y
 - Dropping test database...
Success.

 - Removing privileges on test database...
Success.

Reloading the privilege tables will ensure that all changes
made so far will take effect immediately.

Reload privilege tables now? (Press y|Y for Yes, any other key for No) : y
Success.

All done!

Change mysql root password on Centos7

dit the initial root password on install can be found by running

grep 'temporary password' /var/log/mysqld.log

http://dev.mysql.com/doc/refman/5.7/en/linux-installation-yum-repo.html


  1. systemd is now used to look after mySQL instead of mysqld_safe (which is why you get the -bash: mysqld_safe: command not found error – it’s not installed)
  2. The user table structure has changed.

So to reset the root password, you still start mySQL with --skip-grant-tables options and update the user table, but how you do it has changed.

1. Stop mysql:
systemctl stop mysqld

2. Set the mySQL environment option 
systemctl set-environment MYSQLD_OPTS="--skip-grant-tables"

3. Start mysql usig the options you just set
systemctl start mysqld

4. Login as root
mysql -u root

5. Update the root user password with these mysql commands
mysql> UPDATE mysql.user SET authentication_string = PASSWORD('MyNewPassword')
    -> WHERE User = 'root' AND Host = 'localhost';
mysql> FLUSH PRIVILEGES;
mysql> quit

6. Stop mysql
systemctl stop mysqld

7. Unset the mySQL envitroment option so it starts normally next time
systemctl unset-environment MYSQLD_OPTS

8. Start mysql normally:
systemctl start mysqld

Try to login using your new password:
7. mysql -u root -p

ERROR 1045 (28000): Access denied for user ‘root’@’localhost’ (using password:NO)

[root ~]# mysql -u root
ERROR 1045 (28000): Access denied for user ‘root’@’localhost’ (using password:NO)
Stop the service/daemon of mysql running
[root ~]# service mysql stop
mysql stop/waiting
Start mysql without any privileges using the following option; This option is used to boot up and do not use the privilege system of MySQL.
[root ~]# mysqld_safe –skip-grant-tables &
enter the mysql command prompt
[root ~]# mysql -u root
mysql>
Fix the permission setting of the root user ;
mysql> use mysql;
Database changed
mysql> select * from user;
Empty set (0.00 sec)
mysql> truncate table user;
Query OK, 0 rows affected (0.00 sec)
mysql> flush privileges;
Query OK, 0 rows affected (0.01 sec)
mysql> grant all privileges on *.* to root@localhost identified by ‘YourNewPassword’ with grant option;
Query OK, 0 rows affected (0.01 sec)
*if you don`t want any password or rather an empty password

mysql> grant all privileges on *.* to root@localhost identified by ” with grant option;
Query OK, 0 rows affected (0.01 sec)*
mysql> flush privileges;
Query OK, 0 rows affected (0.00 sec)
Confirm the results:

mysql> select host, user from user;
+———–+——+
| host | user |
+———–+——+
| localhost | root |
+———–+——+
1 row in set (0.00 sec)
Exit the shell and restart mysql in normal mode.
mysql> quit;
[root ~]# kill -KILL [PID of mysqld_safe]
[root ~]# kill -KILL [PID of mysqld]
[root ~]# service mysql start
Now you can successfully login as root user with the password you set
[root ~]# mysql -u root -pYourNewPassword
mysql>

rhel7: Message “Error calling StartServiceByName for org.freedesktop.PolicyKit1: Timeout was reached” is coming on system after setting the hostname

hostnamectl set-hostname <hostname>
Error getting authority: Error initializing authority: Error calling StartServiceByName for org.freedesktop.PolicyKit1: Timeout was reached (g-io-error-quark, 24)
Also other commands fail:

[root@rhel7u2a ~]# systemctl restart sshd
Error getting authority: Error initializing authority: Error calling StartServiceByName for org.freedesktop.PolicyKit1: GDBus.Error:org.freedesktop.DBus.Error.TimedOut: Activation of org.freedesktop.PolicyKit1 timed out (g-dbus-error-quark, 20)
[root@rhel7u2a ~] #
Resolution
The permissions should be fixed:

chmod 644 /etc/passwd
chmod 000 /etc/shadow

NFSv4 mounts show “nobody” as owner and group on a RHEL 6 client

Issue

  • On Red Hat Enterprise Linux a NFS mounted share shows “nobody” as the owner and groupowner of all the files and directory.

Resolution

  1. Create the same user on the Server and Client
  2. Use a centralized namespace like LDAP domain, NIS, Active Directory etc

Root Cause

The observed behavior is an expected and intended behavior and is not related to RHEL5 or RHEL6 but instead it is related to NFSv3 and NFSv4.

In NFSv3 the username and groupname is mapped from the UID/GID value, the UID/GID of the user creating the resource is saved on the server, When the clients access it , the /etc/passwd and /etc/gpasswd file will be checked to see if the id exists and for which user it will be mapped to , If there is a user with the same uid and gid, then it will be mapped to that user , else the numeric value will be shown.

In NFSv4 the concept is user@domainname, if there is no centralized usermapping, then the user will be mapped to the default user nobody or whatever user has been configured in /etc/idmapd.conf.

Check for mis-configuration of the /etc/imapd.conf file. If you make changes to the idmapd.conf file, on RHEL 6.5 and newer the command to clear out the old mappings is:

# nfsidmap -c

NFSv4 mount incorrectly shows all files with ownership as nobody:nobody

 From the client, the mounted NFSv4 share has ownership for all files and directories listed as nobody:nobody instead of the actual user that owns them on the NFSv4 server, or who created the new file and directory.
Seeing nobody:nobody permissions on nfsv4 shares on the nfs client. Also seeing the following error in /var/log/messages:nss_getpwnam: name ‘root@example.com’ does not map into domain ‘localdomain’
Resolution
Modify the /etc/idmapd.conf with the proper domain (FQDN), on both the client and server. In this example, the proper domain is “example.com” so the “Domain =” directive within /etc/idmapd.conf should be modified to read:

Domain = example.com
Note:
If using a NetApp Filer, the NFS.V4.ID.DOMAIN parameter must be set to match the “Domain =” parameter on the client.
If using a Solaris machine as the NFS server, the NFSMAPID_DOMAIN value in /etc/default/nfs must match the RHEL clients Domain.
To put the changes into effect restart the rpcidmapd service and remount the NFSv4 filesystem:

# service rpcidmapd restart
# mount -o remount /nfs/mnt/point
Note: It is only necessary to restart rpc.idmapd service on systems where rpc.idmapd is actually performing the id mapping. On RHEL 6.3 and newer NFS CLIENTS, the maps are stored in the kernel keyring and the id mapping itself is performed by the /sbin/nfsidmap program. On older NFS CLIENTS (RHEL 6.2 and older) as well as on all NFS SERVERS running RHEL, the id mapping is performed by rpc.idmapd.
Ensure the client and server have matching UID’s and GID’s. It is a common misconception that the UID’s and GID’s can differ when using NFSv4. The sole purpose of id mapping is to map an id to a name and vice-versa. ID mapping is not intended as some sort of replacement for managing id’s.
On Red Hat Enterprise Linux 6, if the above settings have been applied and UID/GID’s are matched on server and client and users are still being mapped to nobody:nobody than a clearing of the idmapd cache may be required:

# nfsidmap -c
Note: The above command is only necessary on systems that use the keyring-based id mapper, i.e. NFS CLIENTS running RHEL 6.3 and higher. On RHEL 6.2 and older NFS CLIENTS as well as all NFS SERVERS running RHEL, the cache should be cleared out when rpc.idmapd is restarted.
Another check, see if the passwd:, shadow: and group: settings are set correctly in the /etc/nsswitch.conf file on both Server and Client.
Disabling idmapping
By default, RHEL6.3 and newer NFS clients and servers disable idmapping when utilizing the AUTH_SYS/UNIX authentication flavor by enabling the following booleans:

NFS client
# echo ‘Y’ > /sys/module/nfs/parameters/nfs4_disable_idmapping

NFS server
# echo ‘Y’ > /sys/module/nfsd/parameters/nfs4_disable_idmapping
If using a NetApp filer, the options nfs.v4.id.allow_numerics on command can be used to disable idmapping. More information can be found here.
With this boolean enabled, NFS clients will instead send numeric UID/GID numbers in outgoing attribute calls and NFS servers will send numeric UID/GID numbers in outgoing attribute replies.
If NFS clients sending numeric UID/GID values in a SETATTR call receive an NFS4ERR_BADOWNER reply from the NFS server clients will re-enable idmapping and send user@domain strings for that specific mount from that point forward.
Note: This option can only be used with AUTH_SYS/UNIX authentication flavors, if you wish to use something like Kerberos, idmapping must be used.
Root Cause
NFSv4 utilizes ID mapping to ensure permissions are set properly on exported shares, if the domains of the client and server do not match then the permissions are mapped to nobody:nobody.
Diagnostic Steps
Debugging/verbosity can be enabled by editing /etc/sysconfig/nfs:

RPCIDMAPDARGS=”-vvv”
The following output is shown in /var/log/messages when the mount has been completed and the system shows nobody:nobody as user and group permissions on directories and files:

Jun 3 20:22:08 node1 rpc.idmapd[1874]: nss_getpwnam: name ‘root@example.com’ does not map into domain ‘localdomain’
Jun 3 20:25:44 node1 rpc.idmapd[1874]: nss_getpwnam: name ‘root@example.com’ does not map into domain ‘localdomain’
Collect a tcpdump of the mount attempt:

# tcpdump -s0 -i {INTERFACE} host {NFS.SERVER.IP} -w /tmp/{casenumber}-$(hostname)-$(date +”%Y-%m-%d-%H-%M-%S”).pcap &
If a TCP packet capture has been obtained, check for a nfs.nfsstat4 packet that has returned a non-zero response equivalent to 10039 (NFSV4ERR_BADOWNER).
From the NFSv4 RFC:

NFS4ERR_BADOWNER = 10039,/* owner translation bad */

NFS4ERR_BADOWNER An owner, owner_group, or ACL attribute value
can not be translated to local representation.

These commands are what I did on CentOS Linux release 7.2.1511 (Core)

Install nfs-utils

yum install -y nfs-utils

Append text to /etc/fstab

192.168.1.100:/mnt/nfs-server /mnt/nfs-client nfs defaults,nofail,x-systemd.automount 0 0

Some articles said noauto,x-systemd.automount is better, but it worked without noauto for me.

Check whether mount works

systemctl start rpcbind
systemctl enable rpcbind
mount -a

Fix the problem CentOS 7 won’t auto-mount NFS on boot

Append text to the end of /usr/lib/systemd/system/nfs-idmap.service

[Install]
WantedBy=multi-user.target

Append text to the end of /usr/lib/systemd/system/nfs-lock.service

[Install]
WantedBy=nfs.target

Enable related services

systemctl enable nfs-idmapd.service 
systemctl enable rpc-statd.service 

systemctl enable rpcbind.socket

systemctl status nfs-idmapd.service -l
systemctl status rpc-statd.service –l

Then restarted the OS, I got it.

shutdown -r now