Hacker News new | past | comments | ask | show | jobs | submit login
Lazy Linux: essential tricks for admins (ibm.com)
162 points by jaspertheghost on Jan 15, 2009 | hide | past | favorite | 53 comments



Trick 5 (opening a remote port on a "public" machine to connect back to your local machine) is great. Combine it:

office$ ssh -R 9999:localhost:22 user@home ## do this in a screen for good measure

and another lesser known ssh feature:

home$ ssh -D 8888 -p 9999 user@localhost

and now you have a SOCKS proxy on home:8888 that will access everything visible to the computer named "office".

For extra credit add PingTunnel and a hotspot that happens to allow ICMP and enjoy free internet wherever you go.


Thanks for the tip on ping tunnel, I hadn't heard of it.... Going to have fun checking it out


combine your ssh-tunnel-socks-proxy with tsocks, and you have a nearly transparent access for your applications on your home-box into the office.


Yeah, that was exactly the one that stood out for me! I've wanted this several times recently, at work and at play.


When I was doing AIX administration, I liked that one command to kill processes with open files keeping a mountpoint mounted was:

  fuser -fuck /dev/whatever
http://moka.ccr.jussieu.fr/doc_link/C/a_doc_lib/cmds/aixcmds...

Oh, admin humor.


While how-to lists hardly see the light of day (the front page) on HN, I had hate to see one like this go unrecognized.


Agreed; way better than the usual lists.


Very nice collection. A tech at the datacenter that hosts one my servers showed me trick #3 and I remember being thrilled sitting there watching him do stuff on my server and sharing the keyboard to type messages back and forth in vi.

My company uses trick #5 as a primary feature for accessing the remote Linux machines that our product is built upon. We have it set up so that every single machine automatically creates a reverse SSH tunnel to the server on boot, so that the tunnel is always accessible in case we need it. Very cool stuff.


To get back a hosed screen, also try:

stty sane ^j

(That's Ctrl-j there.)

You might be flying blind, but just do it and you might get your screen back.

You probably know this, but to rescue a hosed system with Knoppix or similar live-cd:

- Boot from CD.

- Open root console.

- Mount your usual root partition: mount -t somefs /dev/hda1 /mnt/oldsys

- chroot /mnt/odlsys /bin/bash

Showed that to another admin who'd lost a production box, and his chin kind of hit the floor :) I gifted him the Knoppix disk... You can also use that to reset passwords (as per the article), by editing /etc/shadow or /etc/passwd in the /mnt/oldssys directory.


A detailed article on rescuing a hosed system with Knoppix:

How Knoppix saved the day

http://www.dancingbison.com/writings/knopresc.txt


great list! I especially liked the tip about sharing a screen session, been wanting a solution like that many times!

another great tip is how to list all subdomains on registered (not all dns servers allow this, many times you need to be on the same network, or it isn's allowed at all, but for solving you own dns issues it's a boon)

dig mydomain.com. axfr


What are your favorite, but lesser known Linux commands?

fuser, strace, ltrace, nc come to mind offhand.


lsof, ngrep, history (only found out this one a month ago after 6 years of being a sysadmin)


What terrible names. Sorry, but from a non-Unix perspective, symbols such as 'lsof' and 'ngrep' seem arbitrary and nonsensical.


What, LiSt Open Files and Net grep (Global Regular Expression Print)?

They sound like fairly sensible abbreviations to me.


How about "listopenfiles" and "netfind"? And "list" instead of "ls", and "delete" instead of "rm", and... et cetera.

"Global Regular Expression Print" is a terrible name on its own, too.


See the thing is that if you're knee deep in an unfamiliar system trying to fix it you type "ls" about a dozen times a minute. Adding two unnecessary keystrokes (doubling the length!) not only adds up it makes typos more common.

There are some nice conventions though, once you know grep there's egrep, ngrep, etc. Then there's the -stat family, prstat, iostat, vmstat, mpstat, etc.

Grep is its own special case, I'm not going to argue that it's a good name a priori but it does have the benefit of being completely unique not to mention far too entrenched to change now. Not to mention that it's "burp" in Yiddish.

Unix is difficult to pick up but once your brain operates in that special warped way things do make sense by extension.


palish has a point to the extent that lsof is so infrequently used that it would do no harm to give it a more descriptive name.

Nonetheless, I entirely agree with you about ls, and about sticking to the conventions that have developed around unix.


There's a tribal aspect, too; not to mention jargon as a barrier to entry. And what professional wants to forgo hard-won knowledge?

That said, I kind of like the weird names, esp grep. (Wasn't that in Stranger in a Strange Land or something?)

But I do object to inconsistent options. One example is: mkdir -p a/b/c This will make all three nested directories, if needed; but there is no equivalent: mv -p x a/b/c/y There also isn't: cp -p a/b/c [1]. You have to create the nested destination directories (a/b/c) first.

[1] cp has a -p option, but with a different meaning...

BTW: It would be nice if HackerNews had the `` markdown of Reddit for inline code. There's been a bit of code sharing recently, and I like that in a "hacker" site.


Inconsistent options are like irregular verbs in English (the most frequently used verbs are both ancient and irregular as a rule).


For code, use two spaces at the start of the line.

  like this


thanks, I know. I referred to inline code.


Grok, you're thinking of.


yes! thanks,


If that really bothers you, just alias those commands.

alias listopenfiles=ls

alias netfind=ngrep

...and so forth. I've done that to add the DOS "cls" command to clear my terminal screen. Also, I'm a Cisco admin, so I have aliased "en" to "su", and the reverse on Cisco switches and routers. Yes, Cisco also has the alias command in IOS.


If unix were being designed from the ground up, today, user friendly commands, with aliases to power user abbreviations might make sense. It was, however, created some 30+ years ago.


yeah, if you don't like it, change it (you could even put them on a USB stick or a server somewhere so you could install them on a new machine quickly). That one could change it honestly didn't occur to me til you said it.

There's the favourite DOS->unix:

  alias cd..="cd .."


If you want user friendly, use the GUI. The commands are meant to be quick to write for frequent users, especially in the days when shells didn't do command completion.


They are derivatives of very well known names in Unix: ls and grep.

When ls utility was created standard RAM was 10KB and power computers looked like this http://images.appleinsider.com/leopard-preview-server-1.jpg

I guess if your IO interface is a real dead-tree paper then each character counts.


Any you booted the machine by togging in a program in octal directly into memory from the front panel.


pgrep, pkill, rename


not sure how well known this is but I use 'tee' alot


Quick question, is it just me or is gig ethernet 1000 Mbps, not 1024?

Man "mebibits" sounds terrible.


# while [ 1 ]; do echo "All your drives are belong to us!"; sleep 30; done

Hee, things I didn't think I'd ever see on ibm.com, #12234 in a series.

People with company songbooks and nice ties must be spinning in their graves


If you thought #8 was really cool and useful, you should go learn bash, sed, and awk. Stuff like #8 is what makes unix fun.


A better title: 9 interesting Linux commands and 1 reason to absolutely avoid CentOS.


You mean booting to singleuser? If you don't want it just use a grub password; nothing to do with CentOS.


Is the procedure for changing the root password with grub the same regardless of the flavour of Linux?


The primary bootloaders for Linux distributions are http://en.wikipedia.org/wiki/GNU_GRUB and http://en.wikipedia.org/wiki/LILO_(boot_loader) with a large edge in popularity to GRUB these days. Unless it's a fork or modification, GRUB works like this: http://www.gnu.org/software/grub/manual

Single User Mode isn't unique to CentOS/Redhat, or even Linux. In fact, the concept behind it isn't even unique to Unix: One of Microsoft's 10 security rules is "if the bad guy has unrestricted physical access to your box, it isn't your box anymore."

edit for clarity, due to reply

GRUB doesn't change the Unix root password. GRUB--like any other bootloader--lets you boot to single user mode, which doesn't require a password. Single user mode lets you change the Unix root password.


I'm aware of GRUB and LILO. But as bootloaders, I didn't realize they were able to modify the Linux root password so easily. The question still stands: is it possible in any flavour of Linux to change the root password by modifying the kernel parameters at boot-time?


On any flavor of linux that uses GRUB or LILO it's possible to modify the kernel parameters at boot time to enter single-user mode. Once you're in single-user mode you have full root privileges and environment and can change any passwords or files you like.


Ah, okay. Thanks for explaining that. I didn't realize it was possible to get into single user mode without the password for any Linux.

Is the same true for BSDs, Solaris, et al?


I've never tried it on anything but linux, but it looks like it's common:

FreeBSD: http://www.cyberciti.biz/tips/howto-freebsd-reset-recover-ro...

OpenBSD: http://www.openbsd101.com/tipstricks.html#tt1

Solaris: http://www.cyberciti.biz/tips/solaris-boot-system-into-singl...


A pretty unique collection, worth a look!


Any admins care to share some pornographic passwords?

     p4ss1ng g4s 1n h3r 4ss w/ my sp34r
     d4n4 d03s d1ld0s @t d4 d1ld0 st0re
     d1ck r4p3d j4n3 w/ h1s d1ng d4ng


My general attitude to passwords is "Never choose something you'd be ashamed to recite to your mother over the phone", since you never know when you'll be in a position where you may have to do exactly that.


As an information assurance guy, I'd encourage users to use the most embarassing possible passwords, since you should never share them. If you need to make resources available to more entities, do it by sharing access, not authentication.


This is what I love about Hacker News... even a semi-trollish post generates two great replies that I am glad to have read.


Generally speaking I agree with you, but in the real world (with real users!) this is not always possible.


Is it just me or are downvoted posts completely unreadable? It would be nice if there were an "unhide" button or something; it's extremely annoying to have to squint to read it.


That's intentional. Downvoted posts fade both to save people from reading them (presumably most are mistaken or nasty) and to damp the submitter's karma loss (the fainter they are, the harder you have to work to be offended by them).


Are you're kidding me? If I must really share. . .most sys admins encourage their users to come up with passwords that read like 'pornographic catch phrases' written in 1337 speak as means of ensuring system security while the end-user is less likely to forget their password since it's something offensive yet expressive.


People are hitting the downvote button more.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: