Tuesday, November 24, 2009

How do I block specific incoming ip address?

following iptable rule will drop incoming connection from host/IP 72.30.2.43:

iptables -A INPUT -s 72.30.2.43 -j DROP
iptables -A OUTPUT -d 72.30.2.43 -j DROP

service iptables status

iptables -D INPUT -s 72.30.2.43 -j DROP
iptables -D OUTPUT -d 72.30.2.43 -j DROP

Monday, November 23, 2009

chmod 777 filename

owner rwx
group rwx
other rwx

chmod 7777 filename

4000 - Set the effective User ID
2000 - Set the effective Group ID
1000 - Set the sticky bit

So a file of 7777 means:
a file which is read-writable-executable by all, and has its setuid, groupuid and sticky bits set.

chmod u+x filename

add execute permission on file to owner

u - owner
g - group
o - others
a - all

chmod ug=rw filename

chmod ug+r filename

chmod o-w filename

Question: I have a file i can't read/write/execute with the user i want!

Bad advice:

  • Bad: "chmod 666 file" - This makes the file editable and destroyable by anyone.
  • Worse: "chmod 777 file" - This makes the file editable by anyone AND sets execute permissions for anyone. Fucking stupid. This means that any user can edit the file to do something malicious for the next user to (accidentally?) execute it.
  • Worst: "chmod 7777 file" - Also gives setuid and setgid permission. With this shining example of stupidity you've just given any user permission to fuck your machine up the ass, especially if the file is owned by root.

Good advice:

Make sure the file is owned by an appropriate user or group, and set permissions for that user or group. Create a new group if necessary.

I haven't yet found one example where 777 are the proper permissions for a file or directory.
("But /tmp and /var/tmp!?" i hear you cry. They have permissions 1777.)

ref: http://kreiger.linuxgods.com/kiki/?Bad+linux+advice

ls -ltr

drwxr-xr-x  2 ariel    staff         512 Jun 13 16:19 Mail

- regular file
d - directory
l - link
c - character special device
b - block special device
p - pipe
s - socket

file permissions
rwx - owner
r-x - group
r-x - other

create pipes in Redhat

cd /tmp

mknod fifo_file p

ls -ltr file_file

------tty 1----------
echo passing this line >> /tmp/fifo_file

------tty 2----------
cat < /tmp/fifo_file

create a new partition in Redhat

fdisk /dev/sda

p - print the partition table

n - create new partition

[Enter] to accept the default starting cyclinder

+20M

w - update the partition table

restart or type partprobe to use the new partition

mkfs.ext3 /dev/sda7

mount /dev/sda7 /mnt

umount /mnt

About

Blogger templates