Archive for March 25th, 2011

Granting regular system user with permissions to restart system services (/etc/init.d/ daemons) on Debian Linux via sudo

Friday, March 25th, 2011

If you’re a system administrator, you have certainly have faced the task to allow a regular system user without system root permissions to be able to restart some of the system services, every now and then.
This case is very often encountered, if you have to work with a group of programmers who need to restart certain daemon services either that directly are related to some of your programmers.

An example case would be a java programmer/s, who runs code on a tomcat or resin server. Another possible scenario which I just encountered is a php programmer, who needs to experiment with nginx rewrite rules.

Another scenario, where you have to grant access to stop, start or restart functions of some init scripts like let’s say /etc/init.d/mysql or /etc/init.d/apache would be if you have to work in a team with other system administrators or some unix tech support guy (second system admin) etc.

The cases in which you might need to enpower an otherwise regular user BSD/Linux system account with extra administrator (root) permissions are multiple, however what is important is how you can do this when suddenly you need to complete this task.

There are quite a lot of things written on the topic and I remember that the first time I had to add a regular Linux system accounts to have an extra permissions only tosome system binaries was a real pain in the ass.
It took me a lot of searching online reading forums and asking in irc.freenode.net until I got the solution, but thanksfully finally I got it.
Therefore I found it might be interesting to my readers to find out how this trivial but very helpful task can be achieved on Linux and BSD and possibly other UNIX server or desktop installs.

The key to the whole set task resides in the is in the handy Linux tool Sudo that I believe every system administrator out there is aware of.
Even the sudo tool debian package description indicates that it’s the exact tool one needs to allow certain user to execute commands as root. Here is sudo’s description:

Sudo (superuser do) allows a system
administrator to give certain users (or
groups of users) the ability to run some
(or all) commands as root or another user
while logging the commands and arguments.

Using sudo to complete the set task, on a first glimpse looks really complex, however it appears to achieve allowing a regular user to execute as root is pretty simple.

To give you an idea how you can achieve the task I’ll give a simple scenario.
Let’s assume you need to add the Linux system users with login names: ivan and testuser to be able to restart your Apache,MySQL and Nginx servers via the services respective init scripts.

Here is how to achieve it:

1. First you need to have the sudo package installed

debian:~# apt-get install sudo

If you already have the package then simply skip step 1 and proceed further.

2. Edit /etc/sudoers with your favourite text editor and find the text

root ALL=(ALL) ALL

3. After the text insert the code:

Cmnd_Alias APACHE = /etc/init.d/apache2
User_Alias APACHEUSERS = ivan, testuser
APACHEUSERS ALL = NOPASSWD : APACHE

Cmnd_Alias MYSQL = /etc/init.d/mysql
User_Alias NGINXUSERS = ivan, testuser
MYSQLUSERS ALL = NOPASSWD : NGINX

Cmnd_Alias NGINX = /etc/init.d/nginx
User_Alias NGINXUSERS = soccerfame, hipo
NGINXUSERS ALL = NOPASSWD : NGINX

That’s all now the normal system users with non-root permissions ivan and testuser will be allowed to restart your Debian Linux Apache, MySQL and Nginx services.

4. Now let’s test your if your users can properly restart the 3 services with the testuser

debian:~# su testuser
testuser@debian:~$ id
uid=1001(testuser) gid=1001(testuser) groups=1001(testuser)

testuser@debian:~$ sudo /etc/init.d/nginx restart
Restarting nginx: nginx.
testuser@debian:~$ sudo /etc/init.d/apache2 restart
Restarting web server: apache2 … waiting .
testuser@debian:~$ sudo /etc/init.d/mysql restart
Stopping MySQL database server: mysqld.
Starting MySQL database server: mysqld.
Checking for corrupt, not cleanly closed and upgrade needing tables..

As you can see in the above commands execution output now my testuser which is a non-root user is able to use some of my services which require administrator permissions.

Now if you need to add some more services which require root permissions, simply place some more code in the /etc/sudoers let’s assume you need to put the example service which binary is to be found in /usr/sbin/example , you will have to place in your /etc/sudoers

Cmnd_Alias EXAMPLE = /usr/sbin/example
User_Alias EXAMPLEXUSERS = ivan, testuser
MYSQLUSERS ALL = NOPASSWD : EXAMPLE

The Annunciation of Christ’s conceive to The Blessed Theotokos (The Mother of God)

Friday, March 25th, 2011

The Annunciation of Christ's conceive to the Blessed Virgin Mary icon

Today we fete the Annunciation of Christ's conceive of Virgin Mary in the Bulgarian Orthodox Church. The Annunciation is one of the 12 great Orthodox Christian feasts in memoriam of the living the death and the resurrection of our Lord Jesus Christ and the Blessed Mother of God (Virgin Mary).

The Annunciation feast is being celebrated in the realm of all Orthodox Christian Churches (nation-wide).

The date on which the feast is celebrated in the bulgarian orthodox church is different every single year and depends on the Great Lent's yearly schedule according to the (Julian Calendar, Revised Julian Calendar and Gregorian Calendar).

On this date we do commemorate the announcement by the Archangel Gabriel to Vigin Mary that she would become the mother of our Lord Jesus Christ!

Here is what we read in the Bible in the Gospel of Luke about the Archangel's going to the Theotokos and Virgin mary's immeasurable humbleness:

26 In the sixth month of Elizabeth's pregnancy, God sent the angel Gabriel to Nazareth, a town in Galilee,
27 to a virgin pledged to be married to a man named Joseph, a descendant of David. The virgin's name was Mary.
28 The angel went to her and said, Greetings, you who are highly favored! The Lord is with you.
29 Mary was greatly troubled at his words and wondered what kind of greeting this might be.
30 But the angel said to her, Do not be afraid, Mary; you have found favor with God.
31 You will conceive and give birth to a son, and you are to call him Jesus.
32 He will be great and will be called the Son of the Most High. The Lord God will give him the throne of his father David,
33 and he will reign over Jacob's descendants forever; his kingdom will never end.
34 How will this be, Mary asked the angel, since I am a virgin?
35 The angel answered, The Holy Spirit will come on you, and the power of the Most High will overshadow you. So the holy one to be born will be called[b] the Son of God.
36 Even Elizabeth your relative is going to have a child in her old age, and she who was said to be unable to conceive is in her sixth month.
37 For no word from God will ever fail.
38 I am the Lord's servant, Mary answered. May your word to me be fulfilled. Then the angel left her.

The living of the blessed mother of God (our shroud and hope) from it's early days is distinguished from the Church's tradition as extremely rightous.
At the time of this great God's mercy on us the sinners, mother mary is already engaged for the widowed elder Joseph.

Simply speaking the Annunciation is the first salvation light shed by the all merciful God on us.

Mother Mary believed the Angel's words and humbly answered "May your word to me be fulfilled.", – she believed the Archangel's words.

It's interesting fact that the Archangel's name Gabriel meanining from Jewish is (God-Man), which is another prophecy for the nature which our Lord and saviour Jesus Christ will possess.

Feast-of-Annunciation-tbe-good-news-of-Christs-birth-are-told-to-theTheotokos

The feast of the Annunciation is one of the two days during the fasting time before Eastern (The Resurrection of Christ), when we the Church members (churh layman and clergy) are allowed to eat Fish food

An interesting fact about the Annunciation feast day is that the Divine Liturgy of the Annunciation is the only celebration of the Eucharistic liturgy of Saint John Chrysostom allowed on a weekday of Great Lent.

The Annunciation is called Euangelismos (Evangelism) in Greek, literally meaning "spreading the Good News".

The Annunciation is the day of the "good news" as on that day the salvation of mankind by has been initiated by Christ's incarnation.

Here is the Hymn sang by church singer (The Troparion):

Troparion
Today is the beginning of our salvation,
The revelation of the eternal mystery!
The Son of God becomes the Son of the Virgin
As Gabriel announces the coming of Grace.
Together with him let us cry to the Theotokos:
Rejoice, O Full of Grace,
The Lord is with You!

O Victorious Leader of Triumphant Hosts!
We, your servants, delivered from evil, sing our grateful thanks to you, O Theotokos!
As you possess invincible might, set us free from every calamity
So that we may sing: Rejoice, O unwedded Bride!

Kontakion
Today is the prelude of joy for the universe!
Let us anticipate the feast and celebrate with exultation:
Gabriel is on his way to announce the glad tidings to the Virgin;
He is ready to cry out in fear and wonder:
Rejoice, O Full of Grace, the Lord is with You!

Kontakion

You are the beginning of salvation for all of us on earth, Virgin Mother of God.
For the great Archangel Gabriel, God's minister,
Was sent from heaven to stand before you to bring you joy:
Therefore, we all cry to you: Rejoice, O unwedded Bride.

Let us all be glad and give thanks to The Holy Trinity for his great mercy and ask the Blessed Theotokos to pray his Son and our God Jesus Christ to save us and grant us eternal life in heaven.

Oh Mother of God, Most Blessed of all eartly creatures pray your Son and our Lord to have mercy on us the sinners!