分享目錄時的分享權限及NTFS 權限

Q:假設D:\DeptHome下各設FIN, IT, HR, Engineering等部門目錄, 目錄僅對同部門人員開放, 外人無法進入, 且須預防同部門人員誤刪部門目錄及DeptHome

A:
建立FIN, IT, HR, Engineering等四個Global Security group, 把人拉進去.

D:\DeptHome
分享權限:
設FIN,IT,HR,Engineering group為Full control, 由NTFS權限來控管實際存取
NTFS權限:
1. 保留administrators, creator owner, system三個繼承群組, 權限不必改.
2. 增加FIN群組, 權限為Read&Execute, List Folder Contents, Read, 剩下不用動.
3. 重複步驟2, 把IT, HR, Engineering權限也設好.
4. 可以進advanced把父系繼承斷掉, 記得保留步驟1提到的三個群組即可

D:\DeptHome\FIN
1. 增加FIN群組, 進advanced把父系繼承斷掉, 同上步驟4.
2. advanced中FIN群組的權限設定, 全選後取消以下七個權限: Full Control,Write Attributes, Write Extended Attributes, Delete Subfolders and Files, Delete, Change Permissions, Take Ownership

重複FIN步驟建立 IT, HR, Engineering

HyperTerminal replacement in Ubuntu

#sudo apt-get install minicom

attach Null-Modem cable or adapter onto computer, in my case I use RS232->USB adapter

#dmesg|grep tty

[13472.252393] usb 8-1: pl2303 converter now attached to ttyUSB0

This mean this device correspond to ttyUSB0

#sudo minicom -s

1. Serial Port setup.

2. Hit A change Serial Device to /dev/ttyUSB0, then hit E change to 9600 8N1 (example for access my NetScreeen 5GT)

3. Save setup as dfl

done.

Freemind 在 Ubuntu 9.1.0 下中文字形解法

1. apt-get install sun-java6-bin sun-java6-jre

2. edit ~/.bashrc

export JAVA_HOME=/usr/lib/jvm/java-6-sun

export CLASSPATH=$JAVA_HOME/jre/lib

exort PATH=$JAVA_HOME/bin:$PATH

2-1. 也可 sudo update-java-alternatives -s java-6-sun, 無須修改bashrc

參考網址 Tsung's Blog (http://plog.longwin.com.tw/my_note-unix/2009/10/12/ubuntu-904-install-freemind-2009)

robocopy

D:\>robocopy \\src_host\packages\ d:\test\ upgrade-6.5.2_build_10115_R65.tar /CO

PYALL /Z /E

#robocopy source_folder destination_folder [source_files_a][source_files_b][source_files_c]

#/COPYALL: preserve all attribute

#/Z resumable transfer

#/E recursive copy

Ubuntu/CentOS use static IP instead of obtain from dhcp

Ubuntu:edit /etc/network/interfaces

# The loopback interface
auto lo
iface lo inet loopback

# Configuration for eth0 and aliases

# This line ensures that the interface will be brought up during boot.
auto eth0 eth0:0 eth0:1

# eth0 - This is the main IP address that will be used for most outbound connections.
# The address, netmask and gateway are all necessary.
iface eth0 inet static
address 66.246.75.77
netmask 255.255.255.0
gateway 66.246.75.1

# eth0:0
iface eth0:0 inet static
address 97.107.130.169
netmask 255.255.255.0

# eth0:1 - Private IPs have no gateway (they are not publicly routable) so all you need to
# specify is the address and netmask.
iface eth0:1 inet static
address 192.168.133.234
netmask 255.255.128.0

CentOS:
edit /etc/sysconfig/network-scripts/ifcfg-eth0

# Configuration for eth0
DEVICE=eth0
BOOTPROTO=none

# This line ensures that the interface will be brought up during boot.
ONBOOT=yes

# eth0 - This is the main IP address that will be used for most outbound connections.
# The address, netmask and gateway are all necessary.
IPADDR=66.246.75.77
NETMASK=255.255.255.0
BROADCAST=66.246.75.255
GATEWAY=66.246.75.1

edit /etc/sysconfig/network-scripts/ifcfg-eth0:0

# Configuration for eth0:0
DEVICE=eth0:0
BOOTPROTO=none

# This line ensures that the alias will be brought up when the interface is.
ONPARENT=yes

# eth0:0
IPADDR=97.107.130.169
NETMASK=255.255.255.0
BROADCAST=97.107.130.255
GATEWAY=97.107.130.1

ref: http://www.linode.com/wiki/index.php/Configure_Static_IPs

568A & 568B , network cord color order

Crossover Cable - 568A - Network_Card to Network_Card, Device to Device

Green white | Green | Orange White | Blue | Blue White | Orange | Brown White | Brown

Straight Cable - 568B - HUB to Network_Card

Orange White | Orange | Green white | Blue | Blue White | Green | Brown White | Brown

# Crossover Cable 一頭為568A, 一頭為568B

# Straight Cable 兩頭皆為568B

568B的顏色順序由左至右將1,3腳對調, 2,6腳對調即為568A

摘要: 使用VLC看自家MOD節目

1. 至少要牽89塊月租的MOD, 不然訊號不會送過來

2. 從中華電信小烏龜背後挑個空的網路孔戳網路線進電腦

3. VLC->媒體->開啟網路->協定(UDP), 位置(224.1.4.10), 連接埠(11111)

# 小烏龜有辦法設定成自動撥PPoe及開啟DHCP功能, 但在那之前除非電腦上頭自己有ppoe撥號, 不然網路線照著第2步戳進小烏龜之後只能看電視節目, 無法上網.

# 小烏龜後接AP或IP 分享器再接著電腦, 這樣的接法VLC會無法播放MOD (其實可以forward multicasting to LAN..., 但是按照我的智商很難跟不懂的人解釋清楚)

# 不然就是小烏龜LAN port直接戳根線進LAN把multicast拉進來, 不過遜炮AP/IP分享器會很容易當

# 協定及port不用改, 想選台換IP即可, 可用的IP區段是:

224.1.1.0-255

224.1.2.0-255

224.1.3.0-255

224.1.4.0-255

224.1.5.0-255

224.1.6.0-255

230.1.2.0-255(HD)

或是下載如下格式的m3u檔, 讓VLC列出播放清單來選台, 會簡單點:

#EXTM3U

#EXTINF:0,udp://@224.1.4.6:11111 民視

udp://@224.1.4.6:11111

#EXTINF:0,udp://@224.1.4.8:11111 台視

udp://@224.1.4.8:11111

#EXTINF:0,udp://@224.1.4.9:11111 卡通

udp://@224.1.4.9:11111

#EXTINF:0,udp://@224.1.4.10:11111 中視

udp://@224.1.4.10:11111

...

-------------------------------------------------------

要查STB的IP...也很簡單...

在用MOD205下~

開機還沒跑完..

一直按遙控器上的"資訊" 就會進入設定頁...

帳號:201 密碼:1234

-------------------------------------------------------

Find out snmp OID for Nagios check_snmp plugins

Finally, I found a way to get snmp info from a host

1. Run snmpwalk to view OID name
   
   Code:

   snmpwalk -v 1 -c public 192.168.56.1

   Note that public is the community string and 1 is the SNMP version
2. Pick one, ie: SNMPv2-MIB::sysContact.0 (sysadmin mail address)
3. Use snmptranslate to get OID number
   
   Code:

   snmptranslate -On SNMPv2-MIB::sysContact.0

4. Check the OID number with check_snmp manually
   
   Code:

   ./check_snmp -H 192.168.56.1 -C public -o .1.3.6.1.2.1.1.4.0

5. Take note of check_snmp options and arguments, then define/edit a command
   
   Code:

   define command{<br />        command_name    check_snmp<br />        command_line    $USER1$/check_snmp -H $HOSTADDRESS$ -C public -o $ARG1$<br />        }

   Note that $HOSTADDRESS$ is a macro so no need to fill that out since it will refer to current host config
6. Define a service for that
   
   Code:

   define service{<br />        use                             other-service<br />        host_name                       laptop<br />        service_description             Admin email<br />        check_command                   check_snmp!.1.3.6.1.2.1.1.4.0<br />        }

   Since the first and second argument already filled out in command definition, we just need to add the last argument which is the OID number with exclamation mark (!) before it. Of course, other-service template is already defined.

reference: http://www.linuxquestions.org/questions/linux-networking-3/using-nagios-checksnmp-plugin-to-get-snmp-info-from-computer-751057/

摸魚也要認真

說要各地區自行評估不同時間段連線到A,B點的反應時間以作為balh的參考資料,

因為不是很想為這種事打斷正在努力培養的週末休假情緒工作, 所以...

---code-b.sh------

#!/bin/sh

echo `date +%Y-%m-%d_%H%M` >>ping_result.log

ping -q -c 10 hosta>>ping_result.log;ping -q -c 10 hostb>>ping_result.log

然後我們寫個cron讓他每小時code-b一次...

09 * * * * /somewhere/out/there/code-b.sh

哭一整天之後自己把結果寄出去

20 18 * * * mail -s "I did work hard today!" my.boss@nowhere.com</somewhere/out/there/ping_result.log

Allow vsftpd local account change passwd

1. set /usr/bin/passwd as shell of local ftp account.

2. user then ssh or telnet to vsftp server will get prompt to change passwd

#remember add /usr/bin/passwd into /etc/shells, or ftp account will get "530 login incorrect".

#"check_shell=No" in vsftpd.conf is useless since it only work whil vsftpd compiled in "non-pam" option, however mostly RHEL/CentOS versions pack vsftpd rpm with pam option? at least I verified my CentOS 5.3 setup and found check_shell is not work in my environment.

常見ADSL/FTTB 速率對照表

512Kbps 320Kbps~512Kbps 40KByte/秒~64KByte/秒

1Mbps 640Kbps~1000Kbps 80KByte/秒~125KByte/秒

2Mbps 1280Kbps~2000Kbps 160KByte/秒~250KByte/秒

8Mbps 1280Kbps~8000Kbps 160KByte/秒~1000KByte/秒

10Mbps 1280Kbps~10000Kbps 160KByte/秒~1250KByte/秒

12Mbps 1280Kbps~12000Kbps 160KByte/秒~1500KByte/秒

修復Ubuntu下Firefox flash無法顯示中文問題

1. 修改/etc/fonts/conf.d/69-language-selector-zh-tw.conf

2. 搜尋"sans-serif"字樣, 並刪掉隨後一行中binding="strong"字樣

VSFTPD local account expiry management

chage -E 2012-12-31 ACCOUNT_NAME #set account expire at 2012/12/31, account actually get deny login at 2013/1/1

chage -l ACCOUNT_NAME #display account expiry information

echo $(($(date --date="2012/12/31" +%s)/86400+1)) #caculate number of days since January 1st, 1970, number is: 15705

so we grep ACCOUNT_NAME from /etc/shadow and found:

ACCOUNT:DFdgfdfg3345dg#$%:14466:0:99999:7::15705:

#以上對設定vsftpd local account expiration無效
#1. 試用user_config_dir, 透過crontab設定某user於特定時間更換user conf, 看是設成read only或是local_max_rate=1
#2. 或是crontab時間到就echo "ACCOUNT_NAME">>userlist_file...

Random password generator using /dev/urandom

$ cat /dev/urandom| tr -dc 'a-zA-Z0-9' | fold -w 8| head -n 4

$ cat /dev/urandom| tr -dc 'a-zA-Z0-9-_!@#$%^&*()_+{}|:<>?='|fold -w 8| head -n 4

#from http://blog.colovirt.com/2009/01/07/linux-generating-strong-passwords-using-randomurandom/