A techie's confessions

Normally when you are installing RHEL in one system in post installation stage it asks you to create a normal user and if you are not creating it give a warning massage. Root user is the most powerful user in the system and it can do everything. So in real time environment it is advised that if you have installed Linux in server you shouldn’t give root access to any user even though he may be a giant in Linux. If you are giving root access to someone else that means you don’t have any control on the server. If tomorrow server crashes server reboots because of a wrong usage of command you will be helpless.

But saying that sometimes people may need root access to the server for some particular task like restarting apache service or for running some scripts etc. . . . Here as a system admin you have to provide them some specific access so that it won’t affect the whole server.

To achieve this purpose we use the concept of sudo user.

So what is a sudo user?

A sudo user is a root like user who can be permitted to execute specific commands or all commands executed by superuser.

You may think now if will give all permission to a sudo user then what will be the difference between the sudo user and root?

The only difference I can think of is whenever we are executing a command using sudo the system keeps a log for that command which is not in case of root.

Also one more thing is the system asks for password when we run a command as sudo.That means a user is getting time to verify its command which is helpful when we are running command like rm –rf *.

Mainly sudo concept is used only if there is some situation where a normal user wants to do some administrative operations but not all operations.

Now how can we make a normal user as sudouser?

To make a user sudo user login as root to the server and execute following command.

     #visudo

This command will open a read-only file /etc/sudoers where you can define the access for normal user.

There are two scenarios for a user to be a sudo user.

    1. Give all access as root user
    2. Give specific access to a user to run on specific mach

Give all access as root user:-

To do this in /etc/sudoers file search for a line

     root       ALL=(ALL)            ALL

This lines means that the user root can execute from ALL terminals, acting as ALL  users, and run ALL  command.

And append a line for the user let’s say bob

     bob     ALL=(ALL)     ALL

you can separate by comma for multiple users.

     bob , chalres   ALL=(ALL)    ALL

To give a user specific permission let’s say user bob can only restart apache server append the blow line to /etc/sudoers file.

     bob localhost=/etc/init.d/apache restart

To give user permission to do multiple operations we can append a line like following

     bob ALL= /bin/kill, /etc/init.d/httpd

As we told above for each command run under sudo user  gets looged into the system.To see that run a command as a sudo user and check the log file /var/log/secure.

As bob user execute

     #sudo /etc/init.d/httpd restart

Then check the log file by

     #tail –f /var/log/secure

     Output:- Aug 28 03:21:30 sudo:       bob : TTY=pts/3 ; PWD=/home/bob ; USER=root ; COMMAND=/etc/init.d/httpd restart

For advances users,

Concept of Sudo:-

Try to do this experiment

1) Login as root in tty1, Login as bob in tty2.
2) In tty2 execute a sample command ‘# vi abc’ . Go to tty1 and excute # ps -Alf
3) In tty2 execute a sample command ‘#  sudo vi abc’ . Go to tty1 and excute # ps -Alf

Now examine third field for the output of step 1 & 2

You will see when a user with is running something as sudo user practically it is running that command with root users gid.

For system and database admins changing myssql password is a essential and risky task.It is very simple but yet very difficult sometimes. You may have the fear of data loss.Also sometimes you will get error like “ mysqladmin:  connect to server at ‘localhost’ failed error: ‘Access denied for user ‘root’@'localhost’ (using password: YES)’. “ So I will discuss in this topic on how to deal with mysql password problems.

There are 2 types of scenario you may face like

1.Changing Password for Normal user

2.Changing root password

To change password of a normal user:-

1.If you know the current password for a normal user then you can cahnge it by following command

 $mysqladmin -u username -p oldpassword password newpassword

EX:-To change password for a user called “kirti” and having password “parida” execute

$mysqladmin -u kirti -p  parida password ranjan

2.if you dont know the password of the normal user then login as root and follow the steps to reset the password.

Step-1:Login to the MySQL server, type the following command at the shell prompt:

$ mysql -u root -p 

Step-2: Use the mysql database (type commands at the mysql> prompt):

 mysql> use mysql; 

Step-3:Change password for a user:

 mysql> update user set password=PASSWORD("newpass") where User='username';

 EX:- mysql> update user set password=PASSWORD("parida123") where User='kirti';

step-4 Reload privileges:

 mysql> flush privileges;
mysql> quit

Note:So what we have done here is MySQL stores usernames and passwords in the user table inside the MySQL database. So we are updating a password using the above method to update or change passwords.

This method you need to use while using PHP or Perl scripting.

To Change the root password:-

N:B-Here I will discuss how to deal with root user.You have to remember that it is not the root user of your system it is root user of mysql database .Both are completely different.

1.If you know the current password for root user then you can cahnge it by using mysqladmin command from your shell

 $ mysqladmin -u root -p oldpassword newpass 

After changing the new password if you will encounter the following error

 Enter password:

 If you get...

 mysqladmin: connect to server at 'localhost' failed
error: 'Access denied for user 'root'@'localhost' (using password: YES)'

then you have to follow the instructions below on how to recover your MySQL password.

2.If you know the current password for root user then you can cahnge it by updating the mysql user table(Recommended as it works in all situation and easy )

step-1: Login to the MySQL server, type the following command at the shell prompt:

 $ mysql -u root -p

step-2 :Use the mysql database (type commands at the mysql> prompt):

 mysql> use mysql;

step-3: Change password for a user:

 mysql> update user set password=PASSWORD("newpass") where User='root';

step-4: Reload privileges:

 mysql> flush privileges;
mysql> quit

Recover root user Password

This is the most critical part of your learnin as this deals with the worst possible scenario in your work.So please carefully follow the instructions.

You can recover a MySQL database server password with the following five easy steps:

Step # 1: Stop the MySQL server process.

Step # 2: Start the MySQL (mysqld) server/daemon process with the –skip-grant-tables option so that it will not prompt for a password.

Step # 3: Connect to the MySQL server as the root user.

Step # 4: Set a new root password.

Step # 5: Exit and restart the MySQL server.

Here are the commands you need to type for each step.As the commands directly affect system services so you need to login as root user(system root user) in your system.

Step # 1 : Stop the MySQL service:

 # /etc/init.d/mysql stop

Output:

 Stopping MySQL database server: mysqld.

Step # 2: Start the MySQL server w/o password:

 # mysqld_safe --skip-grant-tables &

Output:

 [1] 5988
Starting mysqld daemon with databases from /var/lib/mysql
mysqld_safe[6025]: started

Step # 3: Connect to the MySQL server using the MySQL client:

 # mysql -u root

Output:

 Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 1 to server version: -fedora_12-log

Type 'help;' or '\h' for help. Type '\c' to clear the buffer.

mysql>

Step # 4: Set a new MySQL root user password:

 mysql> use mysql;
mysql> update user set password=PASSWORD("newpassword") where User='root';
mysql> flush privileges;
mysql> quit

Step # 5: Stop the MySQL server:

 # /etc/init.d/mysql stop

Output:

 Stopping MySQL database server: mysqld
STOPPING server from pid file /var/run/mysqld/mysqld.pid
mysqld_safe[6186]: ended

[1]+  Done                    mysqld_safe --skip-grant-tables

Start the MySQL server and test it:

 # /etc/init.d/mysql start
# mysql -u root -p

Quick way to Reset Forgotten MySQL Root Password

Have you ever forgotten the root password on one of your MySQL servers? If you have forgotten then read below how to reset it quickly..

Log in as root in the system and stop the mysql daemon. Now lets start up the mysql daemon and skip the grant tables which store the passwords.

 $mysqld_safe --skip-grant-tables 

You should see mysqld start up successfully. If not, well you have bigger issues. Now you should be able to connect to mysql without a password.

 $mysql --user=root mysql

 mysql>update user set password=PASSWORD('password') where user='root';
flush privileges;
exit;

Now kill your running mysqld, then restart it normally. You should be good to go. Try not to forget your password again.