To give a specific user access to sudo without having to enter a password you have to edit the /etc/sudoers configuration file. For security reasons you should only edit the file using the visudo command.

$ sudo visudo

In Ubuntu the following lines are placed at the bottom of /etc/sudoers by default. This gives your default user access to sudo as well as any other user in the admin group.

# Members of the admin group may gain root privileges
%admin ALL=(ALL) ALL

If you want to allow sudo access without passwords for all users in the admin group you can simply add the NOPASSWD option to this line and be done.

%admin ALL=(ALL) NOPASSWD: ALL

If you want to give a specific user sudo access without passwords, you will have to add an additional line for each user. These lines will conflict with the default admin line above so they must be placed at the end of the sudoers file. The reason for this is that sudo will handle contradicting configuration lines by giving priority to the line closest to the bottom of the file.

Add the following line to the end of the file, replace ‘ryan’ with your username.

ryan    ALL=(ALL) NOPASSWD: ALL

Add a line for each user that you wish to have access.

For more ways to use and configure sudo have a look here.

Related posts

1. Submit commands as root with sudo
2. How to SSH into Ubuntu LiveCD
3. Share a remote filesystem over SSH

The ext3 file system forces an fsck once it has been mounted a certain number of times. By default this maximum mount count is usually set between 20-30. On many systems such as laptops which can be rebooted quite often this can quickly become a problem. To turn off this checking you can use the tune2fs command.

The tune2fs command utility operates exclusively on ext2/ext3 file systems.

To run these commands you must run the command as root or use sudo. You must also make sure that your filesystem is unmounted before making any changes. If you are doing this on your root partition the best solution is to use a LiveCD.

You can run tune2fs on the ext3 partition with the ‘-l‘ option to view what your current and maximum mount count is set to currently.

tune2fs -l /dev/sda1

...
Mount count:              2
Maximum mount count:      25
...

To turn off this check set the maximum count to 0 with the ‘-c‘ option.

# tune2fs -c 0 /dev/sda1

If you do not want to completely disable the file system checking, you can also increase the maximum count.

# tune2fs -c 100 /dev/sda1

Related posts

1. Free ext3 reserved blocks with tune2fs
2. Install the GRUB boot loader to the MBR
3. Enable or disable boot time services in SUSE

The lsof command stands for “list open files”. It can show all open files as well as sockets, memory mapped libraries, directories, pipes, and network sockets. It is an incredibly powerful tool which you can use to gather detailed information about what is happening on your system.

If you run lsof as a normal user you will be limited to only the the processes owned by that user. To get system wide results you must run the command as root or use sudo.

Running the command by itself will show information for all active process on the system.

# lsof

COMMAND    PID   USER   FD      TYPE             DEVICE     SIZE       NODE NAME
lsof    7289 root  cwd    DIR    8,3    4096  6504451 /home/ryan
lsof    7289 root  rtd    DIR    8,3    4096        2 /
lsof    7289 root  txt    REG    8,3  110280 11178207 /usr/bin/lsof
lsof    7289 root  mem    REG    8,3  114952 11504968 /lib64/ld-2.6.1.so
lsof    7289 root  mem    REG    8,3 1293456 11504986 /lib64/libc-2.6.1.so
lsof    7289 root    0u   CHR  136,1                3 /dev/pts/1
lsof    7289 root    1u   CHR  136,1                3 /dev/pts/1
lsof    7289 root    2u   CHR  136,1                3 /dev/pts/1
lsof    7289 root    3r   DIR    0,3       0        1 /proc
lsof    7289 root    4r   DIR    0,3       0    19745 /proc/7289/fd
lsof    7289 root    5w  FIFO    0,5            19759 pipe
lsof    7289 root    6r  FIFO    0,5            19760 pipe
lsof    7290 root  cwd    DIR    8,3    4096  6504451 /home/ryan
lsof    7290 root  rtd    DIR    8,3    4096        2 /
lsof    7290 root  txt    REG    8,3  110280 11178207 /usr/bin/lsof
lsof    7290 root  mem    REG    8,3  114952 11504968 /lib64/ld-2.6.1.so
lsof    7290 root  mem    REG    8,3 1293456 11504986 /lib64/libc-2.6.1.so
lsof    7290 root    4r  FIFO    0,5            19759 pipe
lsof    7290 root    7w  FIFO    0,5            19760 pipe
...

As you can see in the previous output each open file is associated with its program and PID and has many attributes such as type, size, file descriptor, device, and inode number.

You can narrow the results down to an individual process.

# lsof -p 12345

You can get results for every process that is owned by a specific user.

# lsof -u ryan

This will give you detailed information about all network socket connections.

# lsof -i

You can narrow the results down to only TCP connections.

# lsof -i TCP

You can get information on a specific port.

# lsof -i :80

You can get information about all instances of a specific program

# lsof -c bash

This will show all files that are open within the ‘/tmp’ directory.

# lsof +D /tmp

To get even more detailed output you can pipe these results to grep or use the ‘-a‘ option which combines any number of options.

For example you can view all network socket connections that are owned by the user ryan.

# lsof -a -i TCP -u ryan

Related posts

1. Search for files with the find command
2. Securely copy remote files with scp
3. Submit commands as root with sudo

Gentoo Portage makes it fairly easy to update all the installed packages on your system. The emerge and revdep-rebuild tools are powerful and make the process of recompiling everything much less painful than it sounds.

The emerge and revdep-rebuild commands require root privileges so switch to root or use sudo.

The first step is to synchronize your Portage tree with the latest mirror. This command will get you information on the latest packages that are currently available.

# emerge --sync

Perform an “pretend” emerge to see what packages will be updated and installed on your system.

# emerge -uDNvp world

These are the packages that would be merged, in order:

Calculating world dependencies... done!
[ebuild     U ] dev-util/pkgconfig-0.23 [0.22] USE="-hardened" 1,009 kB
[ebuild     U ] media-sound/wavpack-4.50.1 [4.41.0] USE="mmx" 367 kB
[ebuild     U ] dev-libs/gmp-4.2.2-r2 [4.2.2] USE="-doc -nocxx" 0 kB
.
.
.
[ebuild  N    ] sys-apps/man-pages-posix-2003a  949 kB 

Total: 149 packages (100 upgrades, 36 new, 2 in new slots, 11 reinstalls), Size of downloads: 354,800 kB

Lets go over these options.

-u update packages
-D consider entire dependency tree for all packages
-N include packages with USE flag changes
-v verbose emerge output
-p pretend to do the emerge

The ‘world‘ argument tells emerge to use the list of packages in your world file. This list contains all packages that have been directly emerged on your system. These packages do not include dependences or packages that were emerged using the ‘–oneshot‘ option. Your world file is located here /var/lib/portage/world.

The output of this command will tell you one of two things. Either everything is good and you can go ahead and perform the update, or Portage has found some conflicts such as blocking packages that must be fixed before you continue. Hopefully the former is the case, but if there are conflicts Portage messages will usually point you in the right direction.

Before performing the actual update you can use the parallel-fetch feature to speed up the package downloads and shorten the update process. To do this add the following line to /etc/make.conf.

FEATURES="parallel-fetch"

If there are no Portage issues, you have reviewed the list of packages to be installed and everything looks correct, then you can start the update. To perform the update run the same command as before but remove the ‘-p‘ option.

# emerge -uDNv world

Occasionally a system update will break shared library dependencies as an upgraded package may no longer be compatible with packages which use it. Enter the revdep-rebuild reverse dependency re-builder tool.

The revdep-rebuild tool is part of the gentoolkit package which you must emerge first.

Run this command after a large system update to ensure all packages are in good shape.

# revdep-rebuild

This command will scan your system for missing shared library dependencies and fix them by re-emerging those missing packages.

Related posts

1. Speed up Gentoo emerge with “parallel-fetch”
2. Install Java browser plugin in Gentoo
3. View the status of a long emerge

Among the most valuable tools at a Linux administrators disposal is sudo. It lets ordinary users temporarily submit commands as root or another user.

To use use this command simply put sudo before any command you want to run with root permissions.

sudo command

To submit commands as another user use the ‘-u‘ option and the username. This will submit a command as the user ryan.

sudo -u ryan command

The sudo configuration file is located at /etc/sudoers.

Although /etc/sudoers file is a regular text which root can edit manually, it is recommended that you only edit it using visudo. The visudo editor locks the sudoers file against multiple simultaneous edits, provides basic sanity checks, and checks for errors.

The /etc/sudoers file has the general format:

user hostlist = (userlist) commandlist

This is a basic configuration and will allow the user ryan to run any command, on any host, as any user.

# User privilege specification
root    ALL=(ALL) ALL
ryan    ALL=(ALL) ALL

Here is a more complex example.

ryan     tuxbox=(bob, bill)   /bin/kill

This will give ryan access to run “kill” as the users bob and bill using “sudo -u” on the host “tuxbox”.

When using the above configurations you will be prompted for ryan’s password before sudo will execute your command. After the pasword is accepted, you will have a 5 minute window to submit other commands without further password requests.

Submitting a password has its security benefits, but if you are ok without it, there is a way around this inconvenience. If you don’t want to enter a password add the NOPASSWD tag to the configuration file like this.

# User privilege specification
root    ALL=(ALL) ALL
ryan    ALL=(ALL) NOPASSWD: ALL

If there are configuration lines that contradict one another sudo will give priority to the line closest to the bottom of the file. So if you make changes and they don’t seem to take effect, check that this is not the case.

All calls to sudo are logged in /var/log/messages so you have the ability to keep track of who did what on the system.

Related posts

1. Allow sudo access without passwords in Ubuntu
2. List all open files with lsof
3. Essential Linux Commands