Posts Tagged ‘Users’

Free Software Remote Desktop for Mac OS X – CoRD simple RDP remote desktop for Mac

Monday, August 4th, 2014

free-software-remote-desktop-client-to-connect-to-windows-rdp-for-MAC-OSX-CoRD-logo
If you're admin using Mac OS X Desktop or casually on a place where you have no access to a Windows / Linux PC (only have access to your girlfriend of wife MAC OS notebook) and you need to administrate Windows hosts remotely out of office hours (from home), you will need some remote desktop client for Mac OS X.

I was just recently in that situation as we were guests to a friend in Shabla village nearby Sea coast and the only near PC, I had was my wife's MacBook Air running Mac OS X.

I looked in google to see if there is some default RDP (remote desktop protocol) client like MS Windows remote desktop command line client, i.e. (yes there is way to invoke remote desktop on Windows from command line 🙂 ):

mstsc [] [/v:] [/admin] [/f[ullscreen]] [/w:] [/h:] [/public] | [/span] [/edit “connection file”] [/migrate] [/?]

remote-desktop-run-from-windows-command-line-rdp-command-line-ms-windows-screenshot

I also looked if there is Mac OS X version ofLinux's rdesktop (command) or RDP Linux GUI remmina 
however  I didn't find direct port of em, neither there is default integrated RDP Client on Mac OS X, thus after researching a bit further I tried installing the first returned result in Google which was leading to Apple's AppStore – Apple – Remote Desktop.

I tried installing the clicking it but it seemed my wife, didn't know her AppStore as it was her cousin which earlier configured her Mac OS PC on laptop initial install time. Contacting her cousin to ask for the password was a time eater as well as I was lazy to create new appstore account (plus I always prefer to use free software alternative when possible) …  did a quick search in Google whether there is some Open Source / Free Software Remote Desktop Client for Mac OS X and I found CoRD – Mac OS X remote desktop client for Microsoft Windows computers using the RDP protocol.
CoRD was originally ported from UNIX program rdesktop.
To have CoRD working you will need as a minimum requirement Mac OS X version 10.5 or later.

CoRD-Free-Software-Open_Source-remote-desktop-client-for-mac-osx
Here is CoRD's description quoted from its SourceForge website:

CoRD: Simple RDP Remote Desktop

Macs interact well with Windows, and with CoRD the experience is a bit smoother. Great for working on the office terminal server, administrating servers or any other time you'd like your PC to be a bit closer without leaving your Mac. CoRD allows you to view each session in its own window, or save space with all sessions in one window. Scale session windows to whatever size fits you—the screen is resized automatically. Enter full screen mode and feel like you're actually at the computer. The clipboard is automatically synchronized between CoRD and the server. For system administrators, CoRD creates a simpler workflow by allowing you to save server information, then quickly connect to that server by using HotKeys or the server drawer. This makes quickly connecting to a specific server easy, even when managing many servers.

Installing CoRD is pretty, straight forward, just download unzip the archive and run it:

cord-remote-desktop-free-software-client-mac-osx-install-warning-screenshot

cord-remote-desktop-free-software-client-mac-osx-install-warning-screenshot.png

cord-open-source-rdp-client-mac-osx

To later run Cord either look it up in Finder or if you prefer like me to access it from command line, you will need to export CoRD PATH in Mac Terminal $PATH variable:

add-cord-remote-desktop-lcient-command-to-default-path-mac-osx

As you see in above screenshot to find out which directory is CoRD located, I've grepped through the processes with

ps ax | grep cord

and then added it to PATH with:

export PATH=$PATH:/Users/svetlana/Application/CoRD.app/Contents/MacOS/

Remembering CoRD to type it each time is annoying, thus to make CorD be accessed like on Linux with rdesktop (easy to remember command), I've used alias:

alias rdesktop='CoRD'

To make the new PATH and alias permanent for the user, I've added it to (/Users/svetlana) – ~/.profile

echo "export PATH=$PATH:/Users/svetlana/Application/CoRD.app/Contents/MacOS/" >> ~/.profile
echo "alias rdesktop='CoRD'" >> ~/.profile


Current CoRD MacOSX version is 0.5.7, for personal ease if I need to install it in future time, I've made my own mirror of cord here.

There is also Microsoft Remote Desktop client for Mac OS 2.1.1 however this version was released back in 2011 and is outdated (not supported for use with Mac OS X v10.7 (Lion) or later).

FreeBSD Desktop: Allow All system users to mount CDROM, DVD, USB Devices and other external devices

Friday, November 16th, 2012

freebsd allow all system users to mount CD  DVD USB in GNOME and KDE desktop - freebsd power to serve logo

Users who use FreeBSD for multiple logins Desktop host or in universities multiple login Desktop  shared user PCs will have problems with mounting CD and DVD Roms, Usbs and other external devices. To mount any of those a root or toor superuser  will be required and this makes a really bad impression to the novice users, making them think FreeBSD is user unfriendly, where in reality it was just build to behave so with higher security in mind.
This ruins a whole user GNOME experience and disappoints the end user, especially if the user is just a person who needs to do some browsing and copy few files from and to the host.
This prevents udevd and auto mount in GNOME and  KDE GUI environments to be unable to automatically mount and unmount CD / DVDs and USBS where plugged or unplugged but instead just poping up permission errors whether CD or USB is attached.
Thanksfully, you can change this behavior to make FreeBSD a bit more user friendly and of course 'less secure' by few simple commands 🙂

Here is how:

freebsd# sysctl -w vfs.usermount=1

vfs.usermount: 0 -> 1

echo 'vfs.usermount=1' >> /etc/sysctl.conf

What is required next is to add all devices which will be mountable by all users in /dev/devfs.conf.

To get a list of devices do:
freebsd# camcontrol devlist

at scbus0 target 0 lun 0 (pass0,da0) at scbus1 target 3 lun 0 (pass1,sa0) at scbus1 target 6 lun 0 (pass2,cd0) #

Most USB devices are recognized and assigned as /dev/da0, and almost all CD and DVD Rom devices will be initialized by kernel as /dev/cd0, however if you get something different just set the appropriate vals.

a) Add permission records for CD / DVD ROM in /etc/devfs.conf
freebsd# echo 'own /dev/da0 root:operator' >> /etc/devfs.conf
freebsd# echo 'perm /dev/da00 0666' >> /etc/devfs.conf

b) Add permission records for USBs in /dev/devfs.conf

freebsd# echo '## allow member of operator to mount cdrom' >> /etc/devfs.conf
freebsd# echo 'own /dev/cd0 root:operator' >> /etc/devfs.conf
freebsd# echo 'perm /dev/cd0 0660' >> /etc/devfs.conf

To allow, all present system users to have access to mount USB, CD / DVD roms, it is necessery to add all users to the operator, group. This is a security bad practice as this will make allow all users to have extra permissions to binaries on the system owned or allowed to be accessed by operator group. However for home computers, where you, your sister and a bunch of good friends have accounts, security shouldn't be of a great concern.

If you know well all your users and you have disabled SSH on the system and security is not of top priority run:

freebsd# /usr/local/bin/bash
root@freebsd~# for i in /home/*; do user=$(echo $i|sed -e 's#/home/##g'); do \
pw groupmod operator -m $user; \
done

Onwards, you can check few users to see to see if they are added to operator group

freebsd$ id
uid=1001(hipo) gid=1001(hipo) groups=1001(hipo),0(wheel),5(operator)

Well that's all now your GNOME hal process – (Hardware Abstraction Layer) will be able to manage CD / DVDs and USBs with no more weird errors.

This article was inspired by cybercity's Allow normal users to mount CDROMs DVDs and USB devices. So thanks 'em for being a source of inspiration.

Enjoy 🙂

Change default new created Debian users insecure (all users read) permissons to secure

Tuesday, September 11th, 2012

In older versions of Debian, the directory permnissions of /home/ directory used to be secure. As of time of writing this post in Debian GNU / Linux Squeeze (6.0.5), default permissions are set to such, that all permissions are set readable for all users. e.g.:

debian:~$ ls -al /home/test
drwxr-xr-x 3 test test 4096 Jul 24 10:51 test

This kind of permissions are probably set like this because of Apache configuration to display every user custom file content in web via /home/[users]/public_html through http://website-url.com/~test … (whatever) ~username.

This is great for machines which are supposed to be used for hosting, but for mail server or SQL Database host such permissions of new created users is quite insecure practice. Also such a /home directory settings are not good even for Webserver hosting servers, which did not display any web content via /home/ users directories.

Therefore on each new configured Debian server it is a wonderful practice to change default new created user to only readable, writable and executable by the user itself ….

To do so;

1. Edit /etc/adduser.conf

Change the variable:

DIR_MODE=755

to

DIR_MODE=700

This will not affect the permissions of current existing directories in /home/, i.e. /home/user1 , /home/user2 etc. but any new created one with adduser or useradd cmd will get permissions of 700

Here are permissions of recent created user syrma:

debian:~# useradd syrma
debian:~# ls -ld /home/syrma
drwxr-xr-x 98 syrma syrma 12288 7 ceâ—ˆ 13,56 hipo/

In /etc/adduserconf, there are plenty of other useful options, you might want to tune (depending on the type of new configured server). Few worthy to change sometimes are:

FIRST_UID=1000, LAST_UID=29999
FIRST_GID=1000, LAST_GID=29999

This two controls how the USER IDSs (UID) and GROUP IDs (GID)s will get assigned. In some cases it might be useful to assign new users from 1000 onwards.

Another helpful variable to tune for creating new users from there is DSHELL, on Linux defaulting to DSHELL=bash shell.

If there is a necessity to set a GLOBAL new created user quota, this is easily done also via adduser.conf. The file allows you to disable certain strings in username from present in new user logins, configure if new users will have their separate directory or belong to a system wide (user group – like in Slackware) and few others. I suggest anyone new to Linux who hears it for a first time check it.

It is maybe worthy to mention in present moment on Ubuntu Linux, by default /etc/adduser.conf, DIR_HOME=700 (is restrictive).
For some new users, who try to configure Apache read /home/[user_dir]/public_html. This could lead to unexplainable errors like:

[Tue Sep 11 10:20:17 2012] [crit] [client 127.0.0.1] (13) Permission denied:/home/syrma/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable

This error is due to /home/syrma, improper permissions (Apache) server user (www-data) fails to read /home/syrma directory content and the Apache forked child exits with the respective error.log critical err.

If you get some errors like this, the fix is to just make the directory with readable and executable flag for all users:

# chmod -R 0755 /home/syrma

How to quickly check unread Gmail emails on GNU / Linux – one liner script

Monday, April 2nd, 2012

I've hit an interesting article explaining how to check unread gmail email messages in Linux terminal. The original article is here

Being able to read your latest gmail emails in terminal/console is great thing, especially for console geeks like me.
Here is the one liner script:

curl -u GMAIL-USERNAME@gmail.com:SECRET-PASSWORD \
--silent "https://mail.google.com/mail/feed/atom" | tr -d '\n' \
| awk -F '' '{for (i=2; i<=NF; i++) {print $i}}' \
| sed -n "s/

Linux Users Group M. – [7] discussions, [10] comments and [2] jobs on LinkedIn
Twitter – Lynn Serafinn (@LynnSerafinn) has sent you a direct message on Twitter!
Facebook – Sys, you have notifications pending
Twitter – Email Marketing (@optinlists) is now following you on Twitter!
Twitter – Lynn Serafinn (@LynnSerafinn) is now following you on Twitter!
NutshellMail – 32 New Messages for Sat 3/31 12:00 PM
Linux Users Group M. – [10] discussions, [5] comments and [8] jobs on LinkedIn
eBay – Deals up to 60% OFF + A Sweepstakes!
LinkedIn Today – Top news today: The Magic of Doing One Thing at a Time
NutshellMail – 29 New Messages for Fri 3/30 12:00 PM
Linux Users Group M. – [16] discussions, [8] comments and [8] jobs on LinkedIn
Ervan Faizal Rizki . – Join my network on LinkedIn
Twitter – LEXO (@LEXOmx) retweeted one of your Tweets!
NutshellMail – 24 New Messages for Thu 3/29 12:00 PM
Facebook – Your Weekly Facebook Page Update
Linux Users Group M. – [11] discussions, [9] comments and [16] jobs on LinkedIn

As you see this one liner uses curl to fetch the information from mail.google.com's atom feed and then uses awk and sed to parse the returned content and make it suitable for display.

If you want to use the script every now and then on a Linux server or your Linux desktop you can download the above code in a script file -quick_gmail_new_mail_check.sh here

Here is a screenshot of script's returned output:

Quick Gmail New Mail Check bash script screenshot

A good use of a modified version of the script is in conjunction with a 15 minutes cron job to launch for new gmail mails and launch your favourite desktop mail client.
This method is useful if you don't want a constant hanging Thunderbird or Evolution, pop3 / imap client on your system to just take up memory or dangle down the window list.
I've done a little modification to the script to simply, launch a predefined email reader program, if gmail atom feed returns new unread mails are available, check or download my check_gmail_unread_mail.sh here
Bear in mind, on occasions of errors with incorrect username or password, the script will not return any errors. The script is missing a properer error handling.Therefore, before you use the script make sure:

gmail_username='YOUR-USERNAME';
gmail_password='YOUR-PASSWORD';

are 100% correct.

To launch the script on 15 minutes cronjob, put it somewhere and place a cron in (non-root) user:

# crontab -u root -e
...
*/15 * * * * /path/to/check_gmail_unread_mail.sh

Once you read your new emails in lets say Thunderbird, close it and on the next delivered unread gmail mails, your mail client will pop up by itself again. Once the mail client is closed the script execution will be terminated.
Consised that if you get too frequently gmail emails, using the script might be annoying as every 15 minutes your mail client will be re-opened.

If you use any of the shell scripts, make sure there are well secured (make it owned only by you). The gmail username and pass are in plain text, so someone can steal your password, very easily. For a one user Linux desktops systems as my case, security is not such a big concern, putting my user only readable script permissions (e.g. chmod 0700)is enough.