How to Allow Non-root Process to Bind to Low-numbered Ports

Jun 1st, 2021 | Comments

Use CAP_NET_BIND_SERVICE to grant low-numbered port access to a process:

With this you can grant permanent access to a specific binary to bind to low-numbered ports via the setcap command:

sudo setcap CAP_NET_BIND_SERVICE=+eip /path/to/binary

For more details on the e/i/p part, see cap_from_text.

After doing this, /path/to/binary will be able to bind to low-numbered ports. Note that you must use setcap on the binary itself rather than a symlink.

FROM:

https://superuser.com/questions/710253/allow-non-root-process-to-bind-to-port-80-and-443

How to Hide a Password Passed as Command Line Argument?

May 22nd, 2021 | Comments

有部分软件设计的时候没有考虑命令行参数之外传递密码的途径，无法用环境变量或配置传递密码；导致任何用户用ps一看都能看到，这是重大的安全隐患；

解决方法很tricky:

https://serverfault.com/questions/592744/how-to-hide-a-password-passed-as-command-line-argument

https://stackoverflow.com/questions/3830823/hiding-secret-from-command-line-parameter-on-unix

做软件设计的时候一定要考虑命令行传递密码的替代方案；

How to Become Superuser on Ubuntu Linux

May 17th, 2021 | Comments

sudo passwd root

su -

How to Enable VNC+xfce on Ubuntu16

May 17th, 2021 | Comments

安装桌面环境和vncserver

sudo apt-get install xfce4 vnc4server

启动vncserver

vncserver

修改配置文件

vim ~/.vnc/xstartup


#!/bin/sh
unset SESSION_MANAGER
unset DBUS_SESSION_BUS_ADDRESS
startxfce4 &

[ -x /etc/vnc/xstartup ] && exec /etc/vnc/xstartup
[ -r $HOME/.Xresources ] && xrdb $HOME/.Xresources
xsetroot -solid grey

修改配置文件后，运行如下命令结束掉之前产生的窗口:1

vncserver -kill :1

用vnc client连接后，tab键自动补全用不了，可以进行如下设置

settings -> window manager -> keyboard -> switch window for same application -> clear

Linux下块设备缓存Bcache设置

Apr 22nd, 2021 | Comments

Bcache简介

Bcache是Linux内核块设备层cache，支持多块HDD使用同一块SSD作为缓存盘。它让SSD作为HDD的缓存成为了可能。由于SSD价格昂贵，存储空间小，而HDD价格低廉，存储空间大，因此采用SSD作为缓存，HDD作为数据存储盘，既解决了SSD容量太小，又解决了HDD运行速度太慢的问题。

Bcache是从Linux-3.10开始正式并入内核主线的，因此，要使用Bcache，需要将内核升级到3.10及以上版本才行。

How to Split a File Into Equal Parts Without Breaking Individual Lines?

Apr 19th, 2021 | Comments

split -n l/5 your_file.txt

注意 l/5 前面是小写的L;

How to Remove All Non-ascii Content From a Workflow (File)

Apr 17th, 2021 | Comments

grep remove lines

grep --colour='auto' -P '[^\x00-\x7]' file

tr remove characters

LC_ALL=C tr -dc '\0-\177' <file >newfile

ignore Invalid or incomplete multibyte or wide character

cat $file|iconv -f utf8 -c -t ascii//IGNORE

How to Modify an Invalid ‘/etc/sudoers’ File?

Jan 9th, 2021 | Comments

刚说小心驶得万年船，就想自己偷奸耍滑，手工裸编辑 /etc/sudoers 文件把sudo权限搞挂了…-_-

仔细瞅了瞅，少加了一个冒号，导致现在进退两难…

Linux服务器极简安全配置

Jan 6th, 2021 | Comments

网络知识了解的越多，就越胆小；也许，这就是江湖吧；

当配置一台新的Linux服务器并上线时，其实就是将Server暴露到了炮火横飞的战场上，任何的大意都会让其万劫不复；但由于永恒的人性的弱点，我们总是在安全和便利之间摇摆；

本文希望能提供一种最简单的办法，帮助我们抵抗大多数的炮火；

How to Close Lightning Channels by Lnd-cli?

Jan 3rd, 2021 | Comments

越来越有老年痴呆的倾向，这个命令至少Google过3次了，每次都忘，被自己蠢哭了~~

lncli closechannel <fund_txid> [fund_tx_vout_NO]

不要忘了vout_NO，不然会报错”channel not found”

← Older Blog Archives Newer →

Living a Simple Life is a Happy Life

有饭吃，自由自在，就非常开心