Access Control Lists (ACLs)

Example:

$ ll /dev/dvb/adapter0/demux0

crw-rw----+ 1 root video 212, 0 févr. 27 09:54 /dev/dvb/adapter0/demux0      

The + here means that the file has advanced permissions called ACLs (access control list).

Listing ACLs

To display them:

$ getfacl /dev/dvb/adapter0/demux0

# file: dev/dvb/adapter0/demux0
# owner: root                  
# group: video                 
user::rw-                      
user:antoine:rw-               
group::rw-                     
mask::rw-                      
other::---                     

This explains that antoine could read the DVB adapter while not being in the group video.

Modifying ACLs

To modify permissions:

# For a user
getfacl -m u:<user>:<permissions> <file>
# For a group
getfacl -m g:<group>:<permissions> <file>

To remove permissions:

# For a user
getfacl -x u:<user> <file>
# For a group
getfacl -x g:<group> <file>

Example:

$ sudo setfacl -m u:tonio:r /dev/dvb/adapter0/demux0

$ getfacl /dev/dvb/adapter0/demux0

# file: demux0
# owner: root
# group: video
user::rw-
user:antoine:rw-
user:tonio:r--
group::rw-
mask::rw-
other::---

$ sudo setfacl -x u:tonio /dev/dvb/adapter0/demux0

$ getfacl /dev/dvb/adapter0/demux0

# file: dev/dvb/adapter0/demux0
# owner: root
# group: video
user::rw-
user:antoine:rw-
group::rw-
mask::rw-
other::---

Allow remote access from a specific adress

Grant access to a remote host

Error looks like FATAL: no pg_hba.conf entry for host "90.43.68.153", user "django", database "rcwd", SSL off.

Modify the file /etc/postgresql/<postgre_version>/main/pg_hba.conf:

• After the lines

  # This file controls: which hosts are allowed to connect, how clients
  # are authenticated, which PostgreSQL user names they can use, which 
  # databases they can access.  Records take one of these forms:       
  #                                                                    
  # local      DATABASE  USER  METHOD  [OPTIONS]                       
  

• Add an host as:

  host      all all 90.43.68.153/32 md5
  

  For instance, this will allow access from all Azure machines in our group rcwd:

  host      all all 172.22.0.0/24 md5
  

Warning:

• If you set the method to trust, Postgre won’t need passwords.
• If you set the method to password, Postgre sends password in clear text.

Reload PostgreSQL confs

PostgreSQL is presumably running as an upstart job, you can check that with:

service postgresql status

If it is up and running, you can reload the conf by

service postgresql reload

Remove all stopped containers.

docker rm $(docker ps -a -q)

Remove all untagged images

docker rmi $(docker images | grep "^<none>" | awk "{print $3}")

Exiting docker container without killing it

• run docker container in detach mode “-d”
• attach container
• ctrl p + ctrl q

List all VMs :

VBoxManage list vms

launch vms:

VBoxManage startvm --type headless [vm_id ...]

List all running vms:

VBoxManage list runningvms

Save and stop vm:

VBoxManage controlvm vm_id savestate

Storing a command in a var to evaluate it whenever needed

# Store the cmd
CMD="wc -l a.txt"
touch a.txt
echo $CMD
# >> wc -l a.txt
# The result of the command is obtained using 
echo `eval $CMD`
# >> 0 a.txt
echo "Hello !" >> a.txt
echo `eval $CMD`
# >> 1 a.txt

WARNING: in the terminal, $CMD returns the result of the command, use echo $CMD to get the command.