Manage Linux Users with the passwd command

To manage Linux users with the passwd command is very handy and straight forward. After brewing a really good Colombian coffee at home from Finca La Camelia I decided to put this brief tutorial.

passwd command options

passwd -S <username>

This option displays the status of a specific user. Example output:

username PS 2022-06-13 0 99999 7 -1 (Password set, SHA512 crypt.)

In the above example it shows that username was created June 13, 2022 with a SHA512 encryption.

passwd -l <username>

The above option with -l will lock the username above. This only locks access to the system, but the user can still login if he/she has SSH access set with a public key.

passwd -u <username>

With the -u option above you will ‘unlock’ the username that was already in ‘locked’ state with the -l option.

passwd -d <username>

The above will delete a password for username.

passwd -e <username>

To expire an account immediately use the above option -e. This option will force username to change their password at next login.

passwd -n 10 username

The above indicates the username cannot change their password until 10 days have gone by.

passwd -x 90 username

The above tells the Linux system that username that after 90 days the password will expire forcing the username to change their password.

Hopefully this short tutorial can point you to the right direction. You can always contact me if you have any questions. Also, check out my shop for unique coffee mugs and t-shirt designs I created. There are more options to manage Linux passwd command, but these are the most common ones. I will be adding more options soon.

Create a New Linux Superuser Admin User

The other day I had to add a sudo user in Linux. I have done this many times in Ubuntu/Debian Linux boxes, but forgot how to create a new Linux superuser in RedHat/CentOS/Fedora family.

I created this quick review and maybe can help others.

Create New Linux Superuser in Ubuntu/Debian

Let’s do this using the Terminal/Command-line way. Open your terminal and type:

sudo adduser newuser

The newuser is the name of the new user you’re trying to create.

The above command will create the new user. Now, you need to add the newuser to the sudo group. Type the next command in your terminal:

sudo usermod -aG sudo newuser

Little explaination about the above -a means to Append and G stands for Group.

When you’re done adding the user to the sudo group, you should verify by running this command in your terminal:

groups newuser

You should see the sudo group listed.

You can also do the first two commands in one shot:

sudo adduser newuser sudo

Linux is cool! Brew coffee at home is ever better! 🙂

Create New Linux Superuser in RedHat/CentOS

Using RedHat 8 at one of my clients. I haven’t touch this Linux disto in a while, but its no big deal. I took a walk by Pier 76 in NYC before handling this one.

Create a new user you need the adduser command:

adduser newuser

Next, set a password for the newuser:

passwd newuser

Last, you need to add the newuser to the wheel group:

usermod -aG wheel username

Now, if you haven’t open the sudoers file using this command:

visudo

Edit the line %wheel ALL(ALL) by removing the ‘#’ character in front of it. There might be other options for the wheel group let say you can add or un-comment this line:

%wheel  ALL=(ALL)       NOPASSWD: ALL

This will allow the users in the wheel group to run sudo without having to enter their password every time.

Hope you like this brief tutorial. You can always contact me if you have any questions. Also, check out my T-Shirts and coffee mugs shop. I made all the designs.

Setup Apache Virtual Hosts on Red Hat 8

Last week a client asked me to setup a dev and production environments on their new Red Hat 8 box. I have setup Apache virtual hosts in Ubuntu in the past. I knew to setup Apache virtual hosts on Red Hat 8 should not be that difficult.

This is when I decided to take a walk by Pier 76 in New York City to recharge by brain.

First, make sure you have installed Apache in your Linux box, you’re logged in as root or a user with sudo and you’re pointing your domain name to your server’s public IP.

Create Your Directory Structure

This is called the document root for your site files. This can be set in any location in your Linux server, but we normally follow this structure example:

/var/www (this is the path for your web files)
├── cgi-bin
├── dev.yoursite.com
│   └── html
│       └── index.html
├── html
└── prod.yoursite.com
    └── html

dev.yoursite.com and prod.yoursite.com are the two directories for your Apache server to serve your website from. We created another /html directory under each domain path. This is where your files will live.

Next, change the ownership of each document root. For example:

sudo chown -R apache: /var/www/dev.yoursite.com
sudo chown -R apache: /var/www/prod.yoursite.com

Apache by default loads all configuration files that end in .conf as the file extension inside the directory /etc/httpd/conf.d/

Next, using your favorite editor create a virtual host file inside /etc/httpd/conf.d/ directory. For example. dev.yoursite.com.conf:

<VirtualHost *:80>
    ServerName dev.yoursite.com
    ServerAlias www.dev.yoursite.com
    ServerAdmin webmaster@dev.yoursite.com
    DocumentRoot /var/www/dev.yoursite.com/html
    <Directory /var/www/dev.yoursite.com/html>
        Options -Indexes +FollowSymLinks
        AllowOverride All
    </Directory>
    ErrorLog /var/log/httpd/dev.yoursite.com-error.log
    CustomLog /var/log/httpd/dev.yoursite.com-access.log combined
</VirtualHost>

Now, test the configuration file using this command:

sudo apachectl configtest

If everything is good and there are no syntax errors. You will get:

Syntax OK

Then you need to activate the new virtual host by running this command in your Linux terminal:

sudo systemctl restart httpd

Visit your site by name or IP using your browser and let me know if all works.

Run traceroute on macOS Terminal and Understand the Results

The other day a client was having issues reaching a couple of websites from within their office environment. Our good command line utility traceroute came to the rescue. I used to run this command back in the days when mainly using Windows. Luckily, we can run traceroute in macos terminal.

I had to brew another Peruvian coffee from Quillabamba before taking on this one.

Running traceroute is quite simple. Here is an example:

traceroute badsite.com
traceroute to badone.com (35.186.238.101), 64 hops max, 52 byte packets
 1  192.168.3.1 (192.168.3.1)  7.997 ms  5.438 ms  6.629 ms
 2  160.72.69.169.lightower.net (160.72.69.169)  9.057 ms  7.249 ms  8.644 ms
 3  160.72.248.44.lightower.net (160.72.248.44)  5.649 ms  8.158 ms  7.375 ms
 4  ae10-nycmnyzrj93.lightower.net (144.121.35.40)  8.217 ms  16.325 ms  5.153 ms
 5  et-0-0-22.edge2.newyork6.level3.net (4.30.181.125)  6.437 ms  8.161 ms  7.309 ms
 6  209.85.149.162 (209.85.149.162)  6.324 ms  6.192 ms
    google-level3-newyorkcity6.level3.net (4.68.75.170)  8.562 ms
 7  108.170.248.1 (108.170.248.1)  9.728 ms
    108.170.225.4 (108.170.225.4)  9.944 ms
    108.170.248.1 (108.170.248.1)  11.364 ms
 8  216.239.43.155 (216.239.43.155)  7.779 ms
    142.251.65.111 (142.251.65.111)  8.163 ms
    142.251.60.227 (142.251.60.227)  7.757 ms
 9  101.238.186.35.bc.googleusercontent.com (35.186.238.101)  7.223 ms  7.054 ms  7.531 ms

The results are divided into 3 sections:

  1. Number of hops: Indicates how many routers traceroute command was able to query. Usually the first one is your local router.
  2. Domain name: Show the URL and IP address of the router where your request passed by. This can vary by location. Sometimes it can even show an airport code.
  3. Round-Trip Times (RTT): This one is shown from the 3rd to 5th columns in the output. It tells in milliseconds the time it took to travel from origin to destination and then back again to origin. This one is also good to measure your network connection speed.

Running traceroute macos terminal is a nice and simple command utility to use. Hope this one is useful for anyone reading. Contact me if you have any questions.

See my inspirational T-Shirts and coffee mugs designs. I designed them all. Below are some examples. Let me know what you think.

Reload Config Apache httpd Without Restarting Apache in Linux

I was not sure when a client asked me “How do I gracefully restart Apache on my Linux server?” This prompt me to brew another coffee at home and then find how to reload Apache httpd config without restarting Apache server.

There are several methods for this depending on your Linux version:

apachectl
systemctl
service (older Linux distros)

Using apachectl to reload Apache

If you like to run a config test before reloading the config settings. You can do this with apachectl command:

apachectl configtest

and if everything is OK you can reload Apache httpd config next:

apachectl -k graceful

Using systemctl to reload Apache

This works for Linux distros running systemd. Syntax is easy:(you may need sudo in front of the command)

systemctl reload httpd
or
systemctl reload apache2

Using service or /etc/init.d to reload Apache httpd

You can also reload Apache in older Linux distros using System V init. Try these commands: (again you may need sudo in front of the command)

service httpd graceful
or
/etc/init.d/httpd graceful
or
/etc/init.d/apache2 reload (for Debian family)

Hope this is helpful. Contact me if you have any questions. Also, visit my shop where I feature cool T-shirts and coffee mugs I designed.

Here are some examples from my T-shirt and coffee mugs shop. Let me know what you think. Thanks.

Git error: Please tell me who you are

The other day after having a great cup of coffee from my friends coffee farm in Quillabamba, Peru I got an error in Git saying “Git error: Please tell me who you are”. This happened after I entered my usual Git credentials in my Terminal.

After doing some research I found out that Git made a big change on their way of authorizing users. Now users need to have “a personal access token”. In order to take care of this I had to do the following steps in my Git account:

  • First verify my email address(only if you didn’t do it before)
  • Go to your account Settings
  • Then go to Developer Settings
  • And the click on Personal Access Tokens
  • Tap on Generate New Token and give it a name
  • Give your token an expiration date (Why?)
  • Then select the access permissions, scopes and etc.
  • Finally, generate new token

Warning: Treat your tokens like passwords and keep them secret. When working with the API, use tokens as environment variables instead of hardcoding them into your programs.

github.com docs

DO NOT forget the above or you will have to do the whole process again!

How to use Git personal token now?

Open your Terminal and run the below. Replace according to your Git repo:

$ git clone https://github.com/yourusername/somerepo.git
Username: your_username
Password: your_token_goes_here (Instead of your password)

After following these simple steps I was able to resolve this “Git error: Please tell me who you are” issue. Hope this helps. Contact me if you have questions.

Remember to check out my Shop where I feature my T-Shirts and Coffee Mugs designs inspired by Technology.

Check Windows NTP Configuration Using The Command Prompt

The other day I got a client asking for help syncing time across all Windows 10 thin clients with their NTP server. After taking a walk around NYC and witnessing many hanging shoes I refreshed my head I found a useful way to check Windows NTP configuration using the command prompt.

Using w32tm To Check and configure NTP using the Command Prompt

In Windows 10 open your command prompt and type the below command to check your current NTP configuration:

w32tm /query /configuration

The above gives you the current time configuration.

w32tm /query /status

The above shows you many more details, such as: stratum, precision, last sync, NTP server and etc..

time /T

This last one shows the current time.

At some Windows10 machines I got the below error:

The following error occurred: The service has not been started. (0x80070426)

This means the time service has is not running or disabled. I made sure to enabled accordingly either using the command prompt:

net start w32time

or at the services window when the above did not work:

Windows NTP Configuration services
Windows Time Services
Windows NTP Configuration Using The Command Prompt
Windows Time Services Properties

There’s also a way to set and start Windows NTP configuration using the command prompt this way:

w32tm /config /manualpeerlist:10.0.0.5 /syncfromflags:manual /reliable:yes /update

Then, as usual Windows stays problematic. I had to run the below commands in sequence:

w32tm /unregister
w32tm /unregister
w32tm /register
net start w32time

I did all these because I found out by running:

net time /querysntp

I got the deprecated error:

The /QUERYSNTP and /SETSNTP options have been deprecated. Please use w32tm.exe to configure the Windows Time Service.

At the end of the config you might need to run:

w32tm /config /update
w32tm /resync /rediscover

To make Windows 10 rediscover its NTP settings. Play around, research the official Windows documentation. You can also place all these command on a batch file and deploy it to all your clients.

Good luck! Contact me if you have any questions. Remember to check out my IT Handyman shop for cool T-Shirts and coffee mugs I designed once in a while.

How to Fix Cron “Operation not permitted” error in macOS

I have been working on putting together a simple bash script to backup my client’s macOS users files to a local NAS in their office. I put this script in a cron job in my macOS Big Sur, but kept getting Operation not permitted” error in my macOS Big Sur machine. WTF!

Crazy thing was that the script worked when I ran it directly on my terminal, but it gave me the above error when I placed it in my crontab. I decided to brew my coffee at home before troubleshooting this issue with this operation not permitted error in macOS.

It turns out the issue is with macOS Big Sur permissions for cron daemon.

Grant cron Full Disk permissions to fix operation not permitted error in macOS

Grant cron and your script Full Disk Access in Security and Privacy window

You need to go to your Security & Privacy settings in your macOS and unlock it by clicking on the ‘lock’ bottom left corner. Then do this:

Go to the folder window in macOS Big Sur
  • Go to the Privacy tab and select Full Disk Access.
  • Under the list of apps on the right panel click on ‘+’.
  • Use keyboard shortcut: Command+Shift+G to open “Go to Folder”.
  • Navigate or enter path: /usr/sbin/cron and select Go.
  • Make sure ‘cron’ now appears in the list of apps with Full Disk Access.
  • You may also need to add ‘smbd’ and ‘Terminal’ to the list. Use the same process indicated above.

Now, try again and test your cron job and let me know if it works. You can contact me if you have any questions. Also, check out some of my coffee mugs and T-Shirt designs inspired by technology:

Docker failed to solve with frontend dockerfile.v0: failed to create LLB definition

I was working on improving my Flask skills and at the same time learning about REST APIs and how to build them using Flask, Docker, MongoDB and AWS.

I’m using git in order to have my code available and practice whether at home or at the office macOS computer I have. Somehow, after pushing my last git update and then doing a git pull from my mac at the office i got the following docker compose build error:

Docker compose error
failed to solve: failed to solve with frontend dockerfile.v0: failed to create LLB definition: failed to authorize: rpc error: code = Unknown desc = failed to fetch oauth token: Get "https://auth.docker.io/token?scope=repository%3Alibrary%2Fpython%3Apull&service=registry.docker.io": dial tcp: i/o timeout

After many coffees that I received from my friend’s coffee farm in Quillabamba, Peru I found a quick solution which I’m still not sure why we have to do this.

The solution was quite simple. In your terminal run these two commands:

export DOCKER_BUILDKIT=0
export COMPOSE_DOCKER_CLI_BUILD=0

Then I ran again in my project directory:

docker compose build and then docker compose up

And everything worked again as it did before. I’m still very confused to why this issue happened. If you have any comments please add them at the bottom of this article.

You can also contact me if you have any questions. Thanks!

Ping Command Examples in Brief

The ping command is one of the most common used commands in the IT field. After taking a walk in Brooklyn New York City I decided to put together some ping command examples to remember.

Basic ping command

The most basic ping command example would be to just ping itprohelper.com:

Ping command example

You can also test your localhost TCP/IP with any of these two ping commands:

# ping localhost
# ping 127.0.0.01

Other important ping command examples

Linux by default sends continuous pings unlike Windows that sends four. One ping command option I was not aware is the -a which sends an audible ‘cue’ with each ping when is a successful one:

# ping -a itprohelper.com

You can also adjust the number of pings using the -c option very easy. This example will only send eight pings:

# ping -c 8 itprohelper.com

If you don’t need to see the output of each ping you can use the -q option to summarize the results. This ping command example will show you if ping was successful at sending 3 packets:

Ping command using the -q option

A Little More Advance ping Example

You can change the size of the ping packet sent. It is usually 28 bytes. So, to send 128 bytes you will do:

# ping -s 100 itprohelper.com

You can also limit the total number of hops -routers- ping will pass by configuring the TTL(Time To Live) option:

# ping -t 10 itprohelper.com

There are many more ping command options. You can find them by checking the man pages.

Contact me if you have any questions. Also, remember to visit my shop and if you like my T-Shirts and coffee mugs designs grab one. Thanks!