users – Internetblog.org.uk

How to Fix an Open Relay in Postfix

sfilippi — Fri, 16 Jul 2010 16:58:02 +0000

As I have been reiterating all week, an open relay is a bad idea. If your mail server is left open, anyone can use your SMTP service to send mail, and spammers will use it. This can result in your server being blacklisted and extraneous use of system resources that neither benefit you nor your users.

To secure Postfix, there are a number of functions you can add the configuration file /etc/mail/main.cf. Edit the file and add the following lines:

smtpd_helo_required = yes smtpd_delay_reject = no disable_vrfy_command = yes

smtpd_helo_restrictions = permit_mynetworks,
reject_invalid_hostname,
reject_unknown_hostname,
reject_non_fqdn_hostname

This will force incoming requests to pause and identify themselves before proceeding, and will allow properly authenticated users to pass through and send mail. To finish, save the file and restart Postfix:

/etc/init.d/postfix restart

How To Create Multiple New Users

Fri, 25 Jun 2010 15:08:05 +0000

In Linux, the most common method used to create new users is to use the “adduser” command. This is fine when you need to add one or even a few users, but if you need to add numerous (i.e. 50, 100, or even 500), typing in the adduser command repeatedly can be tedious.

You can simplify it to a degree by creating a flat data file that contains all of the user information and then uploading it all at once. This should shave some time off of the process and get your server ready for business a lot faster. To do this, you need to use the newusers command.

As root, enter the following:

newusers filename
The file should contain a user on each line in the following format:

loginname:password:uid:gid:comment:home_dir:shell

For example, a user named Serious Bob would look like this:

sbob:HcZ600a9:1008:1000:Serious Bob:/home/sbob:/bin/bash

Add more users on separate lines, and save the file as batch-users.txt.

Finally, run the command:

newusers batch-users.txt

Server redundancy

Mon, 12 Apr 2010 17:36:12 +0000

In an ideal world, you get what you want all the time. The shopping lines are always short, the traffic is always light, and there are more jobs than there are people to fill them. Unfortunately, we do not live in an ideal world, and just like a street can come to a stand-still when there is too much traffic, so can a server.

If you have a single server and its working, you might never suspect you would have a problem, but if too many people visit your server, some visitors could start getting denied access. Even worse, too much congestion can even bring a server down. With redundant servers, you can spread the load over two or more identical servers. The information across both is the same, so it does not matter which one a user gets when they access your site.

The other, perhaps more critical advantage of server redundancy is that even if one server goes down, the other one will continue to work. The more redundant servers you have, the more reliable your site will be. Generally speaking redundancy is probably not necessary for small, low-traffic sites, but for big sites that see huge volumes of regular users, it could be a life saver.

Photo Source: Flickr

To chmod or not to chmod

Thu, 01 Apr 2010 22:45:42 +0000

When installing scripts on a server, there is a tendency of both developers (in their instructions) and users to be overly generous in dishing out file permissions. In Linux, file permissions can be manipulated with the “chmod” command.

For example, a script may require write access to a temporary directory, and the instructions may call for you to chmod the directory 777. What this means is that anyone can read, write, and execute commands to the directory, including complete strangers. While such permissions might be necessary for a public repository, they are not for most web-based scenarios.

If the server or a particular authenticated user needs write access for a directory, chmod it 664. This means that the owner and the user group will be able to write to that directory, but others will only be able to read its contents. If you ever need something to be completely locked down and not readable by the outside world, make the last digit a “0”. Stay tuned to this blog for more chmodding tips in the future.

Photo Source: Flickr

How to list all users in Linux

Mon, 15 Feb 2010 20:15:36 +0000

Question: How do I see all of the users that have accounts on my server?

Answer: In a previous post, we covered the “who” command, which will tell an administrator which users are currently logged into the system, but another important thing to know about your server is which users you actually have. You will want to look at a complete list of users to make sure all the existing users are supposed to be there.

To list all users, enter the following command:

cat /etc/passwd | cut -d":" -f1

Also, to find out the total number of accounts, enter:
cat /etc/passwd | wc -l

Please note that this will look for all accounts, including those created by Linux, such as “mail” and “haldaemon”, but it will also include manually created local users.

How to prevent users from reusing old passwords in Linux

Thu, 14 Jan 2010 18:03:49 +0000

In a previous blog post, we learned how to force users to change their passwords on a regular basis. This prevents them from keeping the same password forever, but it does not prevent them from alternating between the same two passwords or between a handful of them. Fortunately, PAM, Linux‘s password management system, allows you to prevent users from reusing the same old passwords.

To limit password reuse, you will need to edit the /etc/pam.d/system-auth file.

Find the line that begins with “password” and add “remember=10” to the end of it:
password sufficient pam_unix.so use_authtok md5 shadow remember=10

Save the file and close it. Now users will not be able to reuse any of their last 10 passwords because Linux will always remember the last ten. You may select a higher or lower number depending on how stubborn your users are. Enjoy!

Source: nixCraft
Photo: Flickr

Changing file ownership in Linux

Tue, 03 Nov 2009 20:36:41 +0000

There are many situations when you may need to change the ownership of files, especially if you are operating a virtual private server or dedicated server. For example, you may install something for a website as root but then need to set ownership of the file to the local user. Linux has a convenient command called “chown” that does exactly that. The word “chown” is short for “change the owner”.

Let’s suppose that you have a file called “testfile” owned by root. You want to change ownership to user1. Simply enter this command:

chown user1:users testfile

In this case, “user1” is the user’s name and “users” is its user group.

If you want to change the ownership of all the files in a directory, you would add the “-R” tag to make the operation recursive.

chown -R user1:users test-directory

For more information about chown, enter this command: man chown.

Photo Source: SXC