To find out all the groups of which a user is a member, use:
ldapsearch -x -h ldap.uvm.edu -b 'ou=groups,dc=uvm,dc=edu' memberuid=[netid] cn
LDAP group memberships per individual
15 10 2014Comments : Leave a Comment »
Categories : Linux
CFEngine-Supported Certificate Signing Request (CSR) Generation
18 07 2014Much of this is preconfigured by cfengine using a Makefile. Here’e the general procedure for RHEL5/RHEL6 boxes:
sudo su
cd /etc/pki/tls/certs
make myhostname.csr
Answer the questions (US, Vermont, Burlington, etc). CN is hostname. Password is password. Then you’ll have the .csr file, and the .key file (which is encrypted). Assuming you want it unencrypted:
umask 077
openssl rsa -in myhostname.key -out myhostname.key.notcrypted
(enter password)
mv myhostname.key.notcrypted myhostname.key.new
Update 2017-04-11: Makefile still generates SHA1 requests. Here’s the openssl commands to manually make a SHA2 request:
openssl genrsa -aes128 2048 > myhostname.key
(enter password)
openssl req -utf8 -new -sha256 -key test.key -out myhostname.csr
Comments : Leave a Comment »
Categories : Linux
diff STDOUT or other output streams
3 04 2014The ‘diff’ shell command is useful for comparing text files, but also great for comparing shell outputs with this method:
diff <(ls -alh /or/something) <(ls -alh /or/whatever)
Add any favorite flags and go to town.
diff -y --suppress-common-lines <(ls -alh /or/something) <(ls -alh /or/whatever)
Comments : Leave a Comment »
Categories : Linux, OS X
New rsync remote host syntax
7 03 2014Updated rsync syntax. This version accounts for symlinks and does a better job with file permissions, now that the source files are on a network drive:
rsync -v -r -u -l -e ssh --chmod=a+r,Dg+s,ug+w,o-w,+X,Fa-x --exclude-from=/path/to/skip.txt /path/to/mounted/network/drive netid@server.domain.url:/remote/destination
-v = verbose
-r = recursive
-u = update changed files only
-l = copy symlinks as symlinks
-e = specify remote shell (“ssh” in this example)
-chmod = affect file and/or directory permissions
a+r= all add readDg+s= Directories only, group add sticky bitug+w= owner/group add writeo-w= other remove write+X= make a directory or file searchable/executable by everyone if it is already searchable/executable by anyone…Fa-x= …but remove searchable/executable if it’s a file and not a directory
As before, you can also get a “dry run” to list changes (but not actually execute the change) by adding the -n flag:
rsync -v -r -u -l -n -e ssh --chmod=a+r,Dg+s,ug+w,o-w,+X,Fa-x --exclude-from=/path/to/skip.txt /path/to/mounted/network/drive netid@server.domain.url:/remote/destination
Comments : Leave a Comment »
Categories : Linux, OS X
rsync remote host syntax
12 03 2013In a nutshell:
rsync -v -r -u -e ssh ./localsource netid@server.domain.url:/remote/destination
-v = verbose
-r = recursive
-u = update changed files only
-e = specify remote shell (“ssh” in this example)
You can also get a “dry run” and see what will change (but not actually execute the change) by adding the -n flag:
rsync -v -r -u -n -e ssh ./localsource netid@server.domain.url:/remote/destination
Files that should regularly be excluded (such as .DS_Store) can have their names added to a text file, such as:
Temporary Items
.DS_Store
skip.txt
Then call the text file with the --exclude-from flag:
rsync -v -r -u -e ssh --exclude-from=/path/to/skip.txt ./localsource \ netid@server.domain.url:/remote/destination
Comments : Leave a Comment »
Categories : Linux, OS X