Wednesday, May 6, 2009

Restricting Remote Logins to listed users

To restrict remote logins to specific users, do the following:

1. Create a file called /etc/remusers with the names of the users, that are allowed to perform remote logins. It can look like:


2. Modify the /etc/profile and /etc/csh.login files by adding the code listed below.

Putting the following code in /etc/profile and /etc/csh.login will keep users not listed in the file /etc/remusers from being able to login from remote location or telnet session. Be sure carriage returns are not included in the script files when you add the below code to them or the scripts will not run correctly, giving strange errors. Carriage returns are many times accidently embedded when code is copied from Windows or DOS based machines to Linux based machines.

  1. trap "" 2 3
  2. if { $LOGNAME != "root" ]
  3. then
  4. if [ $TERM != "linux" ]
  5. then
  6. if [ -z `cat /etc/remusers |grep $LOGNAME` ]
  7. then
  8. echo " *************************************************** "
  9. echo " * * "
  10. echo " * Remote logins are not allowed on this system * "
  11. echo " * Please use a terminal or see the administrator. * "
  12. echo " * Press RETURN to exit. * "
  13. echo " * * "
  14. echo " *************************************************** "
  15. echo
  16. read
  17. exit
  18. fi
  19. fi
  20. fi
  21. trap 2 3

Line 1 traps SIGINT and SIGQUIT, so users cannot abort the script. Line 2 is a safety, in case you change the /etc/profile before you create the /etc/remusers file. Line 4 only runs the script if the terminal is not local. The "linux" terminal type is used locally. You may need to change this to:

if [ $TERM == "vt100" ]

if you are using serial terminals also. As an alternate, add another if statement that excludes the serial terminal type inside the first if statement to exclude both serial terminals and local terminals. You can determine what terminal type is being used by looking at the value of the TERM variable with the env command after logging in from the terminal in question. Also there are various types of terminals that telnet clients may emulate, so, you will want to be sure not to allow any terminals that a telnet client can emulate.

Line 6 determines if the user who just logged in, $LOGNAME, is listed in the /etc/remusers file. Line 16 reads a line from the user, requiring them to press an end of line key such as RETURN. Line 17 causes the shell to exit.

Linux Configuration and Diagnostic Tools

System and Network Configuration

  • linuxconf - A GUI interactive interface available on Redhat 6.0 or later which includes netconf configuration.
  • netconf - A GUI interactive interface available on Redhat 6.0 and later.
  • kbdconf - A Redhat Linux tool which configures the /etc/sysconfig/keyboard file which specifies the location of the keyboard map file. This is a GUI based tool.
  • mouseconfig - A Redhat Linux tool used to configure the /etc/sysconfig.mouse file. This is a GUI tool.
  • timeconfig - A Redhat Linux tool used to configure the /etc/sysconfig/clock file. This is a GUI tool used to set timezone and whether or not the clock is set to GMT time.
  • kernelcfg - A Redhat kernel configuration utility to be started from X.
  • stty - Used to configure and print the console devices.
  • setterm - Set terminal attributes.
  • vmstat - Report statistics on virtual memory.

X Configuration

  • XF86Setup - A newer X configuration program with a GUI interface which modifies the "/etc/X11/XF86Config" configuration file.
  • xf86config - An older X configuration program with a text based interface. It also modifies the "/etc/X11/XF86Config" configuration file.
  • Xconfigurator - The Redhat tool used during system setup to configure X.
  • SuperProbe - A program that probes the video card to determine its type for use with setting up X.
  • xvidtune - This program will test video modes on the fly without modification to your X configuration. Read the usr/X11R6/lib/X11/doc/VideoModes.doc file before running this program.

Library and kernel Dependency Management

Library management:

  • ldd - Used to determine shared libraries used by binary files. Type "ldd /bin/ls" to see the shared libraries used by the "ls" command.
  • ldconfig - Used to update links and cache for system use of the most recent runtime shared libraries.

Kernel Management:

  • lsmod - List currently installed kernel modules.
  • depmod - Creates a dependency file, "modules.dep" in the directory "/lib/modules/x.x.x", later used by modprobe to automatically load the relevant modules.
  • insmod - Installs a loadable kernel module into the running kernel.
  • rmmod - Unloads modules, Ex: rmmod ftape
  • modprobe - Used to load a module or set of modules. Loads all modules specified in the file "modules.dep".

General Diagnostic

System resources

  • free - Show system memory availability and usage
  • df - Show the amount of disk free space on each mounted filesystem.
  • du - Show disk usage
  • lspci - List PCI devices
  • pnpdump - Lists ISA PNP device resource information.
  • vmstat - Reports virtual memory statistics.


  • env - List the current environment variables.
  • printenv - Print a copy of the environment.
  • set - Shows how the environment is set up. This command can be very useful when debugging the environment.
  • runlevel - List the current and previous runlevel.
  • uname - Print system information. In my case, it prints "Linux".
  • dmesg - Show the last kernel messages printed during the last boot.

Tools for working with processes

  • accton - Turns process accounting on and off. Uses the file /var/log/pacct. To turn it on type "accton /var/log/pacct". Use the command with no arguments to turn it off.
  • kill - Kill a process by number
  • killall - Send a signal to a process by name
  • lastcomm (1) - Display information about previous commands in reverse order. Works only if process accounting is on.
  • nice - Set process priority of new processes.
  • ps(1) - Used to report the status of one or more processes.
  • pstree(1) - Display the tree of running processes.
  • renice(8) - Can be used to change the process priority of a currently running process.
  • sa(8) - Generates a summary of information about users' processes that are stored in the /var/log/pacct file.
  • skill - Report process status.
  • snice - Report process status.
  • top - Displays the processes that are using the most CPU resources.

Unix / Linux shortcut keys

Shortcuts are designed to help shorten the time required to perform frequently used commands or actions. In the below sections I have listed keyboard shortcut keys that can be performed by pressing two or more keys at once. In addition to keyboard shortcut keys, I have also listed command line shortcut keys that can be typed in at the shell.

Please note that the below shortcut keys and command line shortcuts will not work on all variants of Unix and/or Linux.

Keyboard shortcut keys

  • CTRL + B Moves the cursor backward one character.
  • CTRL + C Cancels the currently running command.
  • CTRL + D Logs out of the current session.
  • CTRL + F Moves the cursor forward one character.
  • CTRL + H Erase one character. Similar to pressing backspace.
  • CTRL + P Paste previous line and/or lines.
  • CTRL + S Stops all output on screen (XOFF).
  • CTRL + Q Turns all output stopped on screen back on (XON).
  • CTRL + U Erases the complete line.
  • CTRL + W Deletes the last word typed in. For example, if you typed 'mv file1 file2' this shortcut would delete file2.
  • CTRL + Z Cancels current operation, moves back a directory and/or takes the current operation and moves it to the background. See bg command for additional information about background.

Command line shortcuts

In addition to the below command line shortcuts, it is also helpful to use the alias command that allows you to specify a keyword for frequently used commands or mistakes.

  • ~ Moves to the user's home directory.
  • !! Repeats the line last entered at the shell. See history command for previous commands.
  • !$ Repeats the last argument for the command last used. See history command for previous commands.
  • reset Resets the terminal if terminal screen is not displaying correctly.
  • shutdown -h now Remotely or locally shuts the system down.

Google funds Photoshop-on-Linux work

Google is funding work to ensure the Windows version of Adobe Systems' Photoshop and other Creative Suite software can run on Linux computers.

For the project, Google is funding programmers at CodeWeavers, a company whose open-source Wine software lets Windows software run on Linux. Wine is a compatibility layer that intercepts a program's Windows commands and converts them to instructions for the Linux kernel and its graphics subsystem.

"We hired
CodeWeavers to make Photoshop CS and CS2 work better under Wine," Dan Kegel, of Google's software engineering team and the Wine 1.0 release manager, said on Google's open-source blog. "Photoshop is one of those applications that desktop Linux users are constantly clamoring for, and we're happy to say they work pretty well now...We look forward to further improvements in this area."

Google already uses Wine for the Linux version of its Picasa software for editing, tagging, and uploading photos. Photoshop is a larger and more complicated package, however, not to mention updated to version CS3 for nearly a year, so it's likely the CodeWeavers programmers will have a lot of work on their hands.

A survey by desktop Linux advocate Novell found Photoshop is the top non-Linux application that Linux users would like to have. Although Adobe has dipped its toes into the desktop Linux waters, so far it hasn't made any major moves.

And with current technology trends, maybe Adobe never will see the need for Linux ports. With virtualization software from companies such as Parallels and VMware and improving support from chipmakers Advanced Micro Devices and Intel, it's getting easier to run multiple operating systems on the same computer.