Tuesday, August 13, 2019

How to disable or enable hyper threading on linux?

Hyper threading uses processor resources more efficiently, enabling multiple threads to run
on each core. As a performance feature, it also increases processor throughput, improving
overall performance on threaded software. A single physical CPU core with hyper-threading
appears as two logical CPUs to an operating system.

The recommended way to disable HT is by disabling in the BIOS, if possible but this can
also be done via operating system using the below steps.


Disable HT on runtime for individual logical CPUs
Before starting let's check the lscpu stat

# lscpu
Architecture:          x86_64
CPU op-mode(s):        32-bit, 64-bit
Byte Order:            Little Endian
CPU(s):                32
On-line CPU(s) list:   0-31
Thread(s) per core:    2
Core(s) per socket:    8
Socket(s):             2


Here it shows that there are 2 threads per core so we know most likely hyper threading is
enabled


The following files will show all of the logical CPU's and their HT pair relationships
# grep -H . /sys/devices/system/cpu/cpu*/topology/thread_siblings_list

To determine which CPUs should be disabled, the threads running on the same CPU core
have to be identified. The files /sys/devices/system/cpu/cpuN/topology/thread_siblings_list
where N is the CPU socket number. This file will contain the logical (HT) CPU numbers for
each physical socket.

# grep -H . /sys/devices/system/cpu/cpu*/topology/thread_siblings_list | sort -n -t ',' -k 2 -u
/sys/devices/system/cpu/cpu0/topology/thread_siblings_list:0,16
/sys/devices/system/cpu/cpu17/topology/thread_siblings_list:1,17
/sys/devices/system/cpu/cpu18/topology/thread_siblings_list:2,18
/sys/devices/system/cpu/cpu19/topology/thread_siblings_list:3,19
/sys/devices/system/cpu/cpu20/topology/thread_siblings_list:4,20
/sys/devices/system/cpu/cpu21/topology/thread_siblings_list:5,21
/sys/devices/system/cpu/cpu22/topology/thread_siblings_list:6,22
/sys/devices/system/cpu/cpu23/topology/thread_siblings_list:7,23
/sys/devices/system/cpu/cpu24/topology/thread_siblings_list:8,24
/sys/devices/system/cpu/cpu25/topology/thread_siblings_list:9,25
/sys/devices/system/cpu/cpu10/topology/thread_siblings_list:10,26
/sys/devices/system/cpu/cpu11/topology/thread_siblings_list:11,27
/sys/devices/system/cpu/cpu12/topology/thread_siblings_list:12,28
/sys/devices/system/cpu/cpu13/topology/thread_siblings_list:13,29
/sys/devices/system/cpu/cpu14/topology/thread_siblings_list:14,30
/sys/devices/system/cpu/cpu15/topology/thread_siblings_list:15,31

This means that CPU0 and CPU16 are threads on the same core. The same for 1 and 17
and so on. Individual, logical HT CPUs could be turned off as needed for a specific
application that is bound to a physical core.


Or the following script would disable all of them, from logical CPU 16 through 31

# cat /tmp/disable_ht.sh
#!/bin/bash
for i in {16..31}; do
   echo "Disabling logical HT core $i."
   echo 0 > /sys/devices/system/cpu/cpu${i}/online;
done

To disable individual logical CPU use the below command and replace <cpu_id> with the id from (16..31)
echo 0 > /sys/devices/system/cpu/<cpu_id>/online

To re-enable the HT

# cat /tmp/enable_ht.sh
for i in {16..31}; do
   echo "Enabling logical HT core $i."
   echo 1 > /sys/devices/system/cpu/cpu${i}/online;

done

Wednesday, July 24, 2019

How to check the lock status of any user account in Linux?




We can use passwd command to check the status of any user.


 passwd --help                                                                                                                                                                  
Usage: passwd [options] [LOGIN]


Options:
  -a, --all                     report password status on all accounts
  -d, --delete                  delete the password for the named account
  -e, --expire                  force expire the password for the named account
  -h, --help                    display this help message and exit
  -k, --keep-tokens             change password only if expired
  -i, --inactive INACTIVE       set password inactive after expiration
                                to INACTIVE
  -l, --lock                    lock the password of the named account
  -n, --mindays MIN_DAYS        set minimum number of days before password
                                change to MIN_DAYS
  -q, --quiet                   quiet mode
  -r, --repository REPOSITORY   change password in REPOSITORY repository
  -R, --root CHROOT_DIR         directory to chroot into
  -S, --status                  report password status on the named account
  -u, --unlock                  unlock the password of the named account
  -w, --warndays WARN_DAYS      set expiration warning days to WARN_DAYS
  -x, --maxdays MAX_DAYS        set maximum number of days before password
                                change to MAX_DAYS




Syntax:


passwd -S user_name


sudo passwd -S dev
dev NP 07/06/2017 0 99999 7 -1


Display account status information. The status information consists of 7 fields. The first field
is the user's login name. The second field indicates if the user account has a locked
password (L), has no password (NP), or has a usable password (P). The third field gives the
date of the last password change. The next four fields are the minimum age, maximum age,
warning period, and inactivity period for the password. These ages are expressed in days.



Example1:


sudo passwd -S dev |cut -d’ ‘ -f2
P


Where P is This account has a password.


Example2:
sudo passwd -S mysql |cut -d' ' -f2
L


Where L is This account is locked account


Example3:
sudo passwd -S dev | cut -d' ' -f2
NP


Where NP is This account has no password.



NOTE:
LK - password locked 
NP - no password 
PS - password set


            

Tuesday, June 25, 2019

id command examples in linux ?

How do I find out the user and group’s names and numeric IDs of the current user or any users on
my server? How can I display and effective IDs on the system using command line options? In Linux,
how do I find a user’s UID or GID?


To find a user’s UID (user ID) or GID (group ID) and other information in Linux/Unix-like operating
systems, use the id command.


This command is useful to find out the following information:
  • Get User name and real user ID
  • Find a specific user’s UID
  • List out all the groups a user belongs to
  • Show the UID and all groups associated with a user
  • Display security context of the current user
  • Effective Linux or Unix user name and effective user ID (UID)
  • Name of effective Linux or Unix user’s group and effective group ID (GID)



Purpose
Displays the system identifications of a specified user.


id command syntax
The basic syntax is:


id
id [UserNameHere]
id [options]
id [options] [UserNameHere]

 id --help
Usage: id [OPTION]... [USERNAME]
Print user and group information for the specified USERNAME,
or (when USERNAME omitted) for the current user.


  -a              ignore, for compatibility with other versions
  -Z, --context   print only the security context of the current user
  -g, --group     print only the effective group ID
  -G, --groups    print all group IDs
  -n, --name      print a name instead of a number, for -ugG
  -r, --real      print the real ID instead of the effective ID, with -ugG
  -u, --user      print only the effective user ID
      --help     display this help and exit
      --version  output version information and exit



Display your own UID and GID
Type the command:
id


Sample outputs:


id
uid=1000(dev) gid=1000(dev) groups=1000(dev),4(adm),24(cdrom),27(sudo)


How do I find a specific user’s UID?


In this example, find a dev user’s UID, type:
id -u {UserNameHere}
id -u dev


Sample output:


id -u dev
1000


How do I find a specific user’s GID?


In this example, find a dev user’s GID, run:
id -g {UserNameHere}
id -g dev


Sample output:


id -g dev
1000

How do I see the UID and all groups associated with a user name?


In this example, find the UID and all groups associated with a user called ‘root’, enter:
id {UserNameHere}
id root


Sample output:


id root
uid=0(root) gid=0(root) groups=0(root)


Find out all the groups a user belongs to  !!


In this example, display the UID and all groups associated (secondary groups) with a user called ‘dev’, run:
id -G {UserNameHere}
id -G dev


Sample output:


id -G dev
1000 4 24 27 30 46 108 124 142


How do I display real ID instead of the effective ID for specified user?


You can show the real ID for the -g, -G and -u options instead of the effective ID by passing the -r option:


id -r -g {UserNameHere}
id -r -u {UserNameHere}

### [NOTE]  -r and -G only works on Linux


id -r -G {UserNameHere}

id -r -u dev


Sample output:
id -r -u dev
1000


Determining root privileges in a script


Linux and Unix sysadmin relates shell scripts must be run by root user. The following shell script
shows how to determining root privileges in a script:


#!/bin/bash

## if root user not running this script, die with a message on screen ##
if [ $(id -u -r) -ne 0 ]
then
        echo "Requires root privileges. Please re-run using sudo."
        exit 1
fi

Tuesday, June 11, 2019

How to Make File undeletable Even By Root in Linux ?

On Unix-like operating systems including Linux, root is the account or user name that by default can
modify all directories and files on a system. In this article, we’ll show how to make directories or
files unremovable even by the root user in Linux.

To make a file undeletable by any system user, including root, you need to make it unmodifiable
using using the chattr command. This command changes file attributes on a Linux file system.

How to Make File Undeletable in Linux

The command below makes test.txt file immutable (or undeletable). This implies that the file can’t
be modified in any way: it can’t be deleted or renamed. You can’t even create a link to it and no data
can be written to the file as well.

Note that you need superuser privileges to set or remove this attribute, using the sudo command:

chattr - change file attributes on a Linux file system

DESCRIPTION
      chattr changes the file attributes on a Linux file system.

      The format of a symbolic mode is +-=[acdeijstuACDST].

      The operator `+' causes the selected attributes to be added to the existing attributes of the files;
`-' causes them to be removed; and `=' causes
      them to be the only attributes that the files have.

      The letters `acdeijstuACDST' select the new attributes for the files: append only (a), compressed
(c), no dump (d), extent  format (e), immutable (i), data  journalling (j),  secure deletion (s), no
tail-merging (t), undeletable (u), no atime
updates (A), no copy on write (C), synchronous
      directory updates (D), synchronous updates (S), and top of directory hierarchy (T).

      The following attributes are read-only, and may be listed by lsattr(1) but not modified by chattr:
huge file (h), compression  error (E), indexed
      directory (I), compression raw access (X), and compressed dirty file (Z).

OPTIONS
      -R Recursively change attributes of directories and their contents.

      -V Be verbose with chattr's output and print the program version.

      -f Suppress most error messages.

      -v version
             Set the file's version/generation number.



$ sudo chattr +i test.txt
OR
$ sudo chattr +i -V test.txt

Output:
sudo chattr +i -V test.txt
chattr 1.42.9 (4-Feb-2014)
Flags of test.txt set as ----i--------e--



To view attributes of a file, use the lsattr command as shown.

$ lsattr test.txt

Output:

lsattr test.txt
----i--------e-- test.txt




Now try to remove the immutable file, both as a normal user and as a root.

$ rm test.txt
$ sudo rm test.txt

Output:

sudo rm -rf test.txt
rm: cannot remove ‘test.txt’: Operation not permitted

use -i sign to remove the attribute

sudo chattr -i -V test.txt
chattr 1.42.9 (4-Feb-2014)
Flags of test.txt set as -------------e--

Now we can delete the file.