Oracle Linux/Quick Reference
(→Add user & add to sudoers) |
|||
| Line 64: | Line 64: | ||
==Install epel repo== | ==Install epel repo== | ||
<nowiki>~$ yum install epel-release</nowiki> | <nowiki>~$ yum install epel-release</nowiki> | ||
| + | |||
| + | ==Add & configure LDAP authentication for SSH== | ||
| + | ===references=== | ||
| + | [https://docs.oracle.com/cd/E52668_01/E54669/html/ol7-sssd-ldap.html https://docs.oracle.com/cd/E52668_01/E54669/html/ol7-sssd-ldap.html]<br> | ||
| + | [https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=66854729 https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=66854729] | ||
| + | [https://www.jethrocarr.com/2010/11/17/automatically-creating-home-directories-at-login-time/ https://www.jethrocarr.com/2010/11/17/automatically-creating-home-directories-at-login-time/] | ||
| + | ===Install SSSD=== | ||
| + | <nowiki>~$ sudo yum install sssd sssd-client</nowiki> | ||
| + | ===Configure SSSD=== | ||
| + | You can opt to manually edit the configuration file, like is seen in [https://docs.oracle.com/cd/E52668_01/E54669/html/ol7-sssd-ldap.html this link].<br> | ||
| + | Or you can use <code>authconfig</code> to configure it for you, [https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=66854729 like so]: | ||
| + | <nowiki>authconfig --enablesssd --enablesssdauth --enablelocauthorize --enableldap --enableldapauth --ldapserver=<ldap_host> --enableldaptls --ldapbasedn=dc=my-company,dc=my-org --enableshadow --enablerfc2307bis --enablemkhomedir --enablecachecreds --update</nowiki> | ||
| + | You may need to start or restart the service | ||
| + | <nowiki>~$ sudo service sssd restart</nowiki> | ||
| + | ===Home Directories=== | ||
| + | Make sure you use the switch <code> --enablemkhomedir</nowiki> when you use <code>authconfig</code> if you want users to have their own home directory. | ||
| + | ===Sudo access== | ||
| + | If you want users to have '''<code>sudo</code>''' access, providing you already have a group in your LDAP, you can the group to your sudoers file.<br> | ||
| + | Check to see if sssd has imported the groups from your ldap: | ||
| + | <nowiki>~$ getent group</nowiki> | ||
| + | Once you see the group name with the users you want to add, just edit the sudoers file | ||
| + | <nowiki>~$ visudo</nowiki> | ||
| + | Make sure you add it like so: | ||
| + | <nowiki>## Read drop-in files from /etc/sudoers.d (the # here does not mean a comment) | ||
| + | #includedir /etc/sudoers.d | ||
| + | %new_sudoer_group ALL = (ALL) ALL</nowiki> | ||
Revision as of 00:08, 20 October 2017
Contents |
yum
update repo cache (agt-get update equivalent)
~$ yum check-update
update all packages
~$ yum update
install software
~$ yum install lynx
search for software
~$ yum search apache
remove software
~$ yum remove lynx
search for package by command
~$ yum whatprovides dig
Add user & add to sudoers
add user
~$ useradd user
set password for user
~$ passwd user
add to sudoers
~$ visudo ... user ALL=(ALL) ALL
or use the wheel group. Uncomment it:
## Allow people in the group wheel to run all commands %wheel ALL=(ALL) ALL
Add user to the group
~$ sudo usermod -a -G [group] [user] i.e. sudo usermod -a -G sudo Joe check to verify they are part of the group ~$ getent group sudo sudo:x:27:Bob,Joe
determine packages installed & search
~$ rpm -qa | less | grep term
netstat
determine gateway
~$ netstat -nr Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface 0.0.0.0 10.45.9.1 0.0.0.0 UG 0 0 0 eth0 10.45.9.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0
disable selinux
~$ /etc/selinux/config change SELinux=enforcing to SELinux=disabled
check linux version
~$ rpm -qf /etc/redhat-release
release and renew ip (dhcp)
release
~$ sudo dhclient -v -r eth0
renew
~$ sudo dhclient -v eth0
check and change DNS servers
~$ sudo vi /etc/resolv.conf nameserver 8.8.8.8 nameserver 8.8.4.4
Install epel repo
~$ yum install epel-release
Add & configure LDAP authentication for SSH
references
https://docs.oracle.com/cd/E52668_01/E54669/html/ol7-sssd-ldap.html
https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=66854729
https://www.jethrocarr.com/2010/11/17/automatically-creating-home-directories-at-login-time/
Install SSSD
~$ sudo yum install sssd sssd-client
Configure SSSD
You can opt to manually edit the configuration file, like is seen in this link.
Or you can use authconfig to configure it for you, like so:
authconfig --enablesssd --enablesssdauth --enablelocauthorize --enableldap --enableldapauth --ldapserver=<ldap_host> --enableldaptls --ldapbasedn=dc=my-company,dc=my-org --enableshadow --enablerfc2307bis --enablemkhomedir --enablecachecreds --update
You may need to start or restart the service
~$ sudo service sssd restart
Home Directories
Make sure you use the switch --enablemkhomedir</nowiki> when you use <code>authconfig if you want users to have their own home directory.
=Sudo access
If you want users to have sudo access, providing you already have a group in your LDAP, you can the group to your sudoers file.
Check to see if sssd has imported the groups from your ldap:
~$ getent group
Once you see the group name with the users you want to add, just edit the sudoers file
~$ visudo
Make sure you add it like so:
## Read drop-in files from /etc/sudoers.d (the # here does not mean a comment) #includedir /etc/sudoers.d %new_sudoer_group ALL = (ALL) ALL
