RFC - Linux Command Cheatsheet
Joseph Sinclair
plug-discussion at stcaz.net
Thu Jul 7 07:08:38 MST 2011
Most corporate environments are required to disable su entirely due to SOX and PCI requirements to audit every action on the server to a particular user (eliminating user switching as a permissible action).
Some companies are even going to the extreme of disabling workaround tricks like sudo bash as well (I think reasonably policy is enough to prevent such usage).
It's pretty easy to disable direct root login in RH type servers, and as I noted (and you use in Ubuntu), 'sudo su -' works the same without requiring the system to have an enabled root password.
On 07/06/2011 11:50 PM, Phillip Waclawski wrote:
> I use su with my students all the time (true, on my ubuntu machine I use sudo su) but for redhat based servers (such as CentOS) su is still the main way to switch to "root".
> Phil Waclawski
>
> ----- Original Message -----
>
> From: "Joseph Sinclair" <plug-discussion at stcaz.net>
> To: "Main PLUG discussion list" <plug-discuss at lists.plug.phoenix.az.us>
> Sent: Wednesday, July 6, 2011 7:40:55 PM
> Subject: Re: RFC - Linux Command Cheatsheet
>
> Just a few errata and suggestions:
> dpkg -[r,P] argument is package-name, not pkg.deb (you specify the package name, not the deb file for those operations)
> apt-get upgrade will only update packages that do not require any other package to install/uninstall. apt-get dist-upgrade upgrades all packages.
> apt-get purge package-name will purge a package without the clumsy --purge syntax.
> I would change the su - to sudo su -, since most distros no longer have the root password enabled, and you don't want to encourage your students to do that.
> I would drop su -c command, sudo serves that purpose. Add sudo -u username command to run a command as a specific user in it's place.
> I'm not sure if you can squeeze it in, but lsattr will list extended attributes, which is helpful when you encounter things like files even root cannot modify. The corresponding chattr changes extended attributes, of course, but that may not be a good command to mention due to it's higher risk.
> I would put kill and killall in red, especially since killall will do partial match (try "sudo killall -9 in" for some system-killing fun sometime) and actually matches on regex.
> It might be a very good idea to add "-i" to killall, so the new user has a slightly higher margin of safety for a mistyped command name.
> for "program &" you might want to put "program" in italics to make it clear it's not a literal command.
> The 6 tar lines seem a little overkill. Perhaps it would work better with fewer repeated lines coupled with a recommendation to check the manual for the complex commands (like tar, rsync, ip, grep, etc...) that have several common use patterns and really need more room than you have.
>
> You might also save some space by removing reboot and halt (which are actually the same program, much like egrep/fgrep/grep) in favor of shutdown [-r, -h] (which is generally preferred anyway)
>
>
> On 07/06/2011 10:20 AM, Dennis Kibbe wrote:
>> I've updated the Linux Command cheatsheet I use for my classes at MCC
>> and would appreciate any comments or corrections before I send it off to
>> the Copy Center.
>>
>> https://s3.amazonaws.com/moodle_data/Linux+Commands.odt
>> https://s3.amazonaws.com/moodle_data/Linux+Commands.pdf
>>
>> It's licensed Attribution-ShareAlike 3.0 United States license,
>> available at http://creativecommons.org/licenses/by-sa/3.0/us/.
>>
>> FYI: Creative Commons has a very easy to use plugin for LibreOffice that
>> allows you to assign a Creative Commons license to your documents and
>> insert a license statement automatically.
>>
>> http://labs.creativecommons.org/2010/12/08/libreoffice-and-cc-openoffice-plugin/
>>
>> Moodle 3 also includes support for Create Commons licenses. (Aside
>> der.hans: Moodle 3 ist super, besser als 2 in jeder Hinsicht!)
>>
>> Remember when you create something it's copyrighted All Rights Reserved
>> (der.hans: Alle Rechte vorbehalten) by default, so if you want to share
>> your work you need to license it.
>>
>> Dennis Kibbe
>
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>
>
>
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: OpenPGP digital signature
URL: <http://lists.PLUG.phoenix.az.us/pipermail/plug-discuss/attachments/20110707/9b65474a/attachment.pgp>
More information about the PLUG-discuss
mailing list