Saturday, August 8, 2009

How to Recover MySQL Root Password?

You can recover MySQL database server password with following five easy steps.

Step # 1: Stop the MySQL server process.

Step # 2: Start the MySQL (mysqld) server/daemon process with the --skip-grant-tables option so that it will not prompt for password

Step # 3: Connect to mysql server as the root user

Step # 4: Setup new root password

Step # 5: Exit and restart MySQL server

Here are commands you need to type for each step (login as the root user):
Step # 1 : Stop mysql service

# /etc/init.d/mysql stop
Output:

Stopping MySQL database server: mysqld.

Step # 2: Start to MySQL server w/o password:

# mysqld_safe --skip-grant-tables &
Output:

[1] 5988
Starting mysqld daemon with databases from /var/lib/mysql
mysqld_safe[6025]: started

Step # 3: Connect to mysql server using mysql client:

# mysql -u root
Output:

Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 1 to server version: 4.1.15-Debian_1-log

Type 'help;' or '\h' for help. Type '\c' to clear the buffer.

mysql>

Step # 4: Setup new MySQL root user password

mysql> use mysql;
mysql> update user set password=PASSWORD("NEW-ROOT-PASSWORD") where User='root';
mysql> flush privileges;
mysql> quit
Step # 5: Stop MySQL Server:

# /etc/init.d/mysql stop
Output:

Stopping MySQL database server: mysqld
STOPPING server from pid file /var/run/mysqld/mysqld.pid
mysqld_safe[6186]: ended

[1]+ Done mysqld_safe --skip-grant-tables

Step # 6: Start MySQL server and test it

# /etc/init.d/mysql start
# mysql -u root -p

How to change MySQL root password?

Setting up mysql password is one of the essential tasks. By default root user is MySQL admin account. Please note that the Linux / UNIX login root account for your operating system and MySQL root are different. They are separate and nothing to do with each other (indeed some admin removes root account and setup admin as mysql super user).

mysqladmin command to change root password

If you have never set a root password for MySQL, the server does not require a password at all for connecting as root. To setup root password for first time, use mysqladmin command at shell prompt as follows:

$ mysqladmin -u root password NEWPASSWORD

However, if you want to change (or update) a root password, then you need to use following command

$ mysqladmin -u root -p'oldpassword' password newpass

For example, If old password is abc, and set new password to 123456, enter:

$ mysqladmin -u root -p'abc' password '123456'

Change MySQL password for other user

To change a normal user password you need to type (let us assume you would like to change password for vivek):

$ mysqladmin -u vivek -p oldpassword password newpass

Changing MySQL root user password using MySQL sql command

This is another method. MySQL stores username and passwords in user table inside MySQL database. You can directly update password using the following method to update or change password for user vivek:

1) Login to mysql server, type following command at shell prompt:

$ mysql -u root -p

2) Use mysql database (type command at mysql> prompt):

mysql> use mysql;

3) Change password for user vivek:

mysql> update user set password=PASSWORD("NEWPASSWORD") where User='vivek';

4) Reload privileges:

mysql> flush privileges;
mysql> quit

This method you need to use while using PHP or Perl scripting

Granting Privileges to a Group via sudo

Let a set of users run commands as another user.


Define a Linux group containing those users:

/etc/group:
mygroup:x:1200:joe,jane,hiram,krishna
Then create a sudo rule with the %groupname syntax:

/etc/sudoers:
# Let the group run a particular program:
%mygroup ALL = (root) /usr/local/bin/mycommand arg1 arg2
# Give full superuser privileges to the group
%mygroup ALL = (ALL) ALL

Howto setup Voice chat with Google talk user using Empathy

Empathy consists of a rich set of reusable instant messaging widgets, and a GNOME client using those widgets. It uses Telepathy and Nokia’s Mission Control, and reuses Gossip’s UI. The main goal is to permit desktop integration by providing libempathy and libempathy-gtk libraries. libempathy-gtk is a set of powerful widgets that can be embeded into any GNOME application.This packet contains the empathy IM application and account manager.
Install Required packages

First you need to edit the /etc/apt/sources.list file using the following command

sudo gedit /etc/apt/sources.list

add the one of the following lines

For Intrepid users

deb http://ppa.launchpad.net/telepathy/ppa/ubuntu intrepid main
deb-src http://ppa.launchpad.net/telepathy/ppa/ubuntu intrepid main

For Hardy users


deb http://ppa.launchpad.net/telepathy/ppa/ubuntu hardy main
deb-src http://ppa.launchpad.net/telepathy/ppa/ubuntu hardy main

Save and Exit the file.

Now you need to update the source list using the following command

sudo apt-get update

Install the required packages using the following command

sudo apt-get install empathy telepathy-gabble telepathy-mission-control telepathy-stream-engine telepathy-butterfly python-msn

This will complete the installation.

Using Empathy

You can start Empathy from Applications –> Internet –> Empathy Instant Messenger

Configure your gmail account with the following settings

1. In Empathy, Edit –> Accounts gtalk0 is checked

2. For Gtalk account you have to give Login ID user-name@gmail.com

3. Server is: talk.google.com

4. Port is 5223, and

5. Use old ssl is checked

Setting up Subversion WebDAV on Fedora

To install subversion on Linux and make it available over Apache, I took the following steps:

Install subversion on Fedora

#yum install subversion

Install mod_dav_svn

yum install mod_dav_svn
Create the SVN Repository

mkdir /svn/repos
svnadmin create /svn/repos/sandbox
Change ownership of the folder to Apache

chown -R apache.apache /svn
Create /svn/repos/sandbox/svnauth file


[/]
user1 = rw
user2 = r

Here, user user1 will have read-write access while user user2 will have read-only access to the entire repository.
Create /svn/repos/sandbox/svnpass file

htpasswd -bcm /svn/repos/sandbox/svnpass user1 passwordUser1
htpasswd -bm /svn/repos/sandbox/svnpass user2 passwordUser2

htpasswd has the following usage

Usage:
htpasswd [-cmdpsD] passwordfile username
htpasswd -b[cmdpsD] passwordfile username password

htpasswd -n[mdps] username
htpasswd -nb[mdps] username password
-c Create a new file.
-n Don’t update file; display results on stdout.
-m Force MD5 encryption of the password.
-d Force CRYPT encryption of the password (default).
-p Do not encrypt the password (plaintext).
-s Force SHA encryption of the password.
-b Use the password from the command line rather than prompting for it.
-D Delete the specified user.
On Windows, NetWare and TPF systems the ‘-m’ flag is used by default.
On all other systems, the ‘-p’ flag will probably not work.
Add the following to your apache config file


DAV svn
SVNPath /svn/repos/sandbox
AuthType Basic
AuthName "Subversion Repository"
AuthUserFile /svn/repos/sandbox/svnpass
Require valid-user
AuthzSVNAccessFile /svn/repos/sandbox/svnauth

Restart Apache

#service httpd restart

Now you can access the above repository using your browser. Simply visit http://www.yourserver.com/svn/sandbox. You will be asked for username and password. Use one of the user names and passwords you used above. For example, user1 and passwordUser1.

RHCE Tips: Granting Privileges to a Group via sudo

Define a Linux group containing those users:

/etc/group:
mygroup:x:1200:joe,jane,hiram,krishna
Then create a sudo rule with the %groupname syntax:

/etc/sudoers:
# Let the group run a particular program:
%mygroup ALL = (root) /usr/local/bin/mycommand arg1 arg2
# Give full superuser privileges to the group
%mygroup ALL = (ALL) AL

RHCE Tips: Limiting users of vsftp to only their home directory?

Yesterdays VSFTPD troubleshooting note (read as post) brought me back this question.

If you do not wish FTP users to be able to access any files outside of their own home directory, set up chroot jail.

For consider following example:

* Ftp username : user1
* FTP home directory: /home/user1

$ ftp ftp.domain.com

Output:

Connected to ftp.domain.com.
220 (vsFTPd 2.0.5)
Name (ftp.domain.com:user1): user1
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> pwd
257 "/home/user1"
ftp> cd /etc
250 Directory successfully changed.
ftp> ls
200 PORT command successful. Consider using PASV.
150 Here comes the directory listing.
150 Here comes the directory listing.
-rw-r--r-- 1 0 0 7959 Mar 02 22:20 Muttrc
drwxr-xr-x 3 0 0 4096 Jul 24 12:20 Wireless
drwxr-xr-x 16 0 0 4096 Jul 30 22:58 X11
drwxr-xr-x 4 0 0 4096 Sep 05 2005 Xprint
-rw-r--r-- 1 0 0 2188 Sep 05 2005 adduser.conf
-rw-r--r-- 1 0 0 47 Aug 16 14:52 adjtime
-rw------- 1 0 0 4330 Aug 18 2005 afick.conf
-rw-r--r-- 1 0 0 194 Sep 05 2005 aliases
-rw-r--r-- 1 0 0 12288 Jul 19 21:27 aliases.db
drwxr-xr-x 2 0 0 8192 Aug 15 09:33 alternatives
...
.....
..

Now normal user can go to /etc directory (may be to all other directories) and if there is read only permission to sensitive files user can download the file via ftp.

To avoid this security problem you can lock ftp user in a jail.

Open vsftpd configuration file - /etc/vsftpd/vsftpd.conf
# vi /etc/vsftpd/vsftpd.conf

Make sure following line exists (and uncommented):
chroot_local_user=YES

Save and close the file. Restart vsftpd.
# /etc/init.d/vsftpd restart

Now all users of VSFTPD/FTP will be limited to accessing only files in their own home directory. They will not able to see /, /etc, /root and /tmp and all other directories. This is an essential security feature.

Test Speed Connection Between Two Linux Machine

As a quick diagnostic tool, sometimes it’s nice to know exactly how fast two machines can (theoretically) be connected. I was having some slow downs on my NAS and using these command line tools, was able to determine that it was my NIC (and not my hard drives) that was causing the slow down. I learned this from a thread at slashdot.

Installing pv and nc

$ sudo apt-get install pv


Once you have nc and pv installed, it’s really simple. On one machine, run the following command:

$ nc -ulp 5000 > /dev/null

On the second machine run the following command (you need the IP address of the first machine):

$ pv < /dev/zero | nc -u ip.addy.of.other.machine 5000 And you should get some output with a little <=> sign moving across the screen that resembles this (static):

1.15GB 0:00:19 [ 218MB/s] [ <=> ]

This will show you the number of MB/s the connection is averaging; if you watch if for a bit, you can get an idea of where things stand. Here are some of the results I got between my RedHat, Fedora and Ubuntu Machines:

localhost: 218MB/s
gigabit Ethernet: 143MB/s
100MB ethernet: 11.5MB/s
wireless (poor connection): 141kB/s

RHCE Tips: Command to display all users on your system

If you want to display all the users on your Linux Box, just run this command:

#cat /etc/passwd |grep "/home" |cut -d: -f1