Friday, May 25, 2012

Enabling ACL in /etc/fstab

I wish to set FACL for a file-system "/ua1003" with Read-Write permission for my user-account 'ashok'. When I try to do it, I noticed the file-system isn't mounted with ACL feature enabled. I have added the 'acl' option in /etc/fstab for that mount point and did a remount. After that, I was able to set the FACL. Below shown is the sequence which I did to make the ACL work:

[root@hostxyz ua1003]# setfacl -m u:ashok:rwx /ua1003                          
setfacl: /ua1003: Operation not supported                                                  <-- ACL not enabled
[ashok@hostxyz /]$ grep /ua1003 /etc/fstab
LABEL=/ua1003           /ua1003                   ext3    defaults        0  0        
[ashok@hostxyz /]$ vi /etc/fstab
[root@hostxyz ~]# grep /ua1003 /etc/fstab
LABEL=/ua1003           /ua1003                   ext3    defaults,acl        0  0   <-- Enabled ACL feature in /etc/fstab
[root@hostxyz ~]# mount -o remount /ua1003                                           <-- Remounting /ua1003
[root@hostxyz ~]# setfacl -m u:ashok:rwx /ua1003                                    <-- Setting FACL to the parent folder
[root@hostxyz ~]# getfacl /ua1003
getfacl: Removing leading '/' from absolute path names
# file: ua1003
# owner: applprod
# group: dba
[root@hostxyz ~]# setfacl -R -m u:ashok:rwx /ua1003                               <--Setting FACL recursively
[root@hostxyz ~]# getfacl /ua1003
getfacl: Removing leading '/' from absolute path names
# file: ua1003
# owner: applprod
# group: dba
[root@hostxyz ~/#

PS: To check if ACL is enabled on a given file-system, execute 'tune2fs -l <devicename>' command and look out for "Default mount options".

How to encrypt and decrypt a file in Linux ?

There could be few ways to Encrypt and Decrypt a file in Linux. The one which I use is, gpg (GnuPG).
Below shown are the steps to encrypt and decrypt a file called "confidential.txt".

[root@hostxyz ashok]# echo 'newpassXYZ' > confidentail.txt
[root@hostxyz ashok]# cat confidentail.txt
[root@hostxyz ashok]# gpg -c confidential.txt
Enter passphrase:  <secret word>
Repeat passphrase: <secret word>
[root@hostxyz ashok]# ls -l confidentail.*
-rw-r--r-- 1 root root 11 May 22 22:01 confidential.txt
-rw-r--r-- 1 root root 66 May 22 22:01 confidential.txt.gpg
[root@hostxyz ashok]# cat confidential.txt.gpg
ê2Ãà pisÃu?î^ó5Ã\<dÃ
â[root@hostxyz ashok]# mv confidential.txt.gpg /tmp
[root@hostxyz ashok]# cd /tmp
[root@hostxyz tmp]# gpg -d confidential.txt.gpg
gpg: CAST5 encrypted data
Enter passphrase:  <secret word>
[root@hostxyz tmp]# cat confidential.txt
[root@hostxyz tmp]#

The config file for 'gpg' is /root/.gnupg/gpg.conf

Wednesday, May 23, 2012

Finding number of occurrence of a string in a file.

Let's say you have a file (filename: testfile) as shown below and you want to find number of occurrence of a string 'snapshot' in this file.  Please note the specified string could occur more than once in a line. 

"A disk "Snapshot" is a copy of the virtual machine disk file (VMDK) at a certain point in time. It preserves the disk file system,
system memory of your VM by enabling you to revert to the snapshot in case something goes wrong. Snapshot can 
upgrading or patching applications and servers. This article will go over everything you need to know about using snapshot,
including what they are, how they work and advanced techniques. A virtual machine provides several operations for managing
snapshots and snapshot chains. These operations let you create snapshots, revert to any snapshot in the chain, and remove snapshots. You can create extensive snapshot trees."

Command is:  grep -io snapshot testfile | wc -l

Wednesday, May 16, 2012

Re-executing a command from History after substitution

At times we might be executing a long command on Shell prompt and later we might have to re-run that same command-set with one small change. It will be real pain to type the same command-set again just for a one parameter change. Linux has a Bash built-in command called 'fc' (stands for find command) using which we can make this task simple.

Let's say you have executed the following command (bit long) some time ago:
"bash /root/itc/hc/dyn/nmon -f -t -m /var/log/nmon -s300 -r -c196"
Now you wish to execute the same command with one value changed in it. Instead of -s300, you want to re-run the command with the new value -s200.
hostxyz # fc -l               <-- Will list 16 most recent commands
427      ls
428      ls -l
429      vim
430      sh /root/itc/hc/dyn/
431      cat
432      uptime
433      perl /opt/
434      ls -l /var/lock/subsys
435      bash /root/itc/hc/dyn/nmon -f -t -m /var/log/nmon -s300 -r -c196
436      cd ~ashok
437      ls
438      ps -ef | grep nmon
439      kill -15 3384
440      date
441      fc -l
442      ps -ef | grep nmon
hostxyz # fc -s s300=s200 bash      
bash /root/itc/hc/dyn/nmon -f -t -m /var/log/nmon -s200 -r -c150
hostxyz #
With the `fc -s [pat=rep ...] [command]' format, the command starting with 'bash' is re-executed after the substitution OLD=NEW is performed.
Note:  Typing just 'fc' will open the last command in Text Editor. If you want to open range of commands that you executed before in Text Editor, you can use the following syntax:  # fc [Start no]  [End no].

Friday, May 4, 2012

FUNC - Fedora Unified Network Controller

FUNC is an open source automation tool developed by using Python programming language. We can use this tool for automating system admin tasks such as status check, configuration tweak, file transfer, rebooting the systems etc in multiple Linux-based systems. It uses the typical Client-Server model, where the server is called by the term "overlord" and the clients which are binded to the server are called as "minions".

Check out this link for more details with examples:

I have developed an Installation bundle which consists of Script for installing and configuring the FUNC client with all the required packages. URL to download the software bundle :

Just download it, extract and install the FUNC client by executing the '' script.

PS: If you are looking for a definitive solution on permanent basis to address all your challenges in remote administration of Linux-based servers, I would recommend to go for "Puppet" ( . With Puppet, you can achieve lot more things than FUNC. URL to download a book on Puppet: