Monday, 24 August 2020

Important command

 for Windows

Command

wmic bios get serialnumber


Node Manager Username and Password for Oracle HTTP Server 12c

 


How to Change the Node Manager Username and Password for Oracle HTTP Server 12c in a Standalone Domain (Doc ID 1945039.1)

Applies to:

Oracle HTTP Server - Version 12.1.2.0.0 and later
Information in this document applies to any platform.

Goal

What tools can be used to modify the node manager user name and password for a standalone OHS 12c domain?  

Note:  A standalone domain is a container for system components, such as Oracle HTTP Server. It has a directory structure similar to an Oracle WebLogic Server Domain, but it does not contain an Administration Server or Managed Servers. It can contain one or more instances of system components of the same type, such as Oracle HTTP Server, or a mix of system component types.  Reference 1.4.2 Standalone Domain

 

Solution

The steps are as follows:

1. Stop the Oracle HTTP Server component and the Node Manager (NM) :

$ cd DOMAIN_HOME/bin
$ ./stopComponent.sh <ohs_component>

$ ./stopComponent.sh <ohs_component>
Stopping System Component <ohs_component> ...

Initializing WebLogic Scripting Tool (WLST) ...

Welcome to WebLogic Server Administration Scripting Shell

Type help() for help on available commands

Reading domain from DOMAIN_HOME
 
Please enter your password : <Enter old password>
Connecting to Node Manager ...
Successfully Connected to Node Manager.
Killing server <ohs_component> ...
Successfully killed server <ohs_component>
Successfully disconnected from Node Manager.

Exiting WebLogic Scripting Tool.

Done
$

CTRL C in the window where NM is running (Or kill the PID of NM)


2. Invoke WLST offline:

$ cd ORACLE_HOME/oracle_common/common/bin
$ ./wlst.sh

Initializing WebLogic Scripting Tool (WLST) ...

Welcome to WebLogic Server Administration Scripting Shell

Type help() for help on available commands

wls:/offline>

3. Read in the domain:

wls:/offline>readDomain('DOMAIN_HOME')

4. Get the security MBean:

wls:/offline/ohs_domain>cd('/SecurityConfiguration/ohs_domain')

5. Change the NM user name:
Need to provide a node manager user name on this step, this can be an old user name. Otherwise, the NM password may not modify correctly.

wls:/offline/new_ohs_domain/SecurityConfiguration/new_ohs_domain>set('NodeManagerUsername','<new_NM_Username>')

6. Change the NM password then commit the changes. You can give a clear text password such as 'welcome1'.
The encrypted password will be stored in /u01/oracle/config/ohs_domain/nodemanager/nm_password.properties.

wls:/offline/new_ohs_domain/SecurityConfiguration/new_ohs_domain>set('NodeManagerPasswordEncrypted','password')
wls:/offline/new_ohs_domain/SecurityConfiguration/new_ohs_domain>updateDomain()
wls:/offline/new_ohs_domain/SecurityConfiguration/new_ohs_domain>closeDomain()
wls:/offline>exit()

Exiting WebLogic Scripting Tool.


Checking timestamps you can see that  the following files have been updated:

/u01/oracle/config/ohs_domain/config/config.xml
/u01/oracle/config/ohs_domain/config/nodemanager/nm_password.properties

7. Restart NM:

$ cd DOMAIN_HOME/bin
$ ./startNodeManager.sh

8. Finally, restart OHS

$ ./startComponent.sh <ohs_component>
Starting System Component <ohs_component> ...

Initializing WebLogic Scripting Tool (WLST) ...

Welcome to WebLogic Server Administration Scripting Shell

Type help() for help on available commands

Reading domain from DOMAIN_HOME
 
Please enter your password : <Enter new password>
Connecting to Node Manager ...
Successfully Connected to Node Manager.
Starting server <ohs_component> ...
Successfully started server <ohs_component> ...
Successfully disconnected from Node Manager.

Exiting WebLogic Scripting Tool.

Done


9. It is possible to prevent the prompt for the NM password on each OHS startup by storing the password in an encrypted form using a key store with the command:

$ ./startComponent.sh <ohs_component> storeUserConfig

10. If the old password was previously stored in a key store before the password was changed, the cached key store files need to be removed before restarting the OHS component:

$ cd
$ cd .wlst
$ ls -l
total 8
-rw-r----- 1 user group 227 Nov 14 16:09 nm-cfg-ohs_domain.props
-rw-r----- 1 user group 64 Nov 14 16:09 nm-key-ohs_domain.props
$ rm nm-cfg-ohs_domain.props
$ rm nm-key-ohs_domain.props


11. If required, the new password can then be re-stored using the same command:

$ ./startComponent.sh <ohs_component> storeUserConfig
To BottomTo Bottom

Wednesday, 12 August 2020

Adding to Root Group using usermod

 

Method  1: Adding to Root Group using usermod

Let see how we can grant normal user root access by adding to root group.

# adduser user1
# adduser user2
# groupadd test

These are the groups I have in my Linux box.

# groups
root bin daemon sys adm disk wheel

I am going to add user1 to root group as follows:

# usermod -G root user1

The command given below provides the existing user with the root privilege

# usermod -g 0 -o root_user

Method 2: Adding to Root Group using Useradd Command

I have added a new user, 'user3' to the root group using one single command:

# useradd -m -G root user3
# groups user3
user3 : user3 root

Another option using useradd command

useradd -c “Imitation Root” -d /home/root_user -m -k /etc/skel -s /bin/bash -u 0 -o -g root root_user

Method 3: Editing /etc/passwd file

Edit /etc/passwd for the particular user. Change the user's UID and GID to '0'. This will give root permissions to user.

root:x:0:0:root:/root:/bin/bash
temproot:x:128:128:temproot

Now, temproot user should have root privilege:

root:x:0:0:root:/root:/bin/bash
temproot:x:0:0:temproot

Note: This is not the recommended method for granting root access

Method 4: Setting as Sudo User

The sudo configuration file is /etc/sudoers and you can edit this file using visudo command: # visudo.

Using visudo protects from conflicts and guarantees that the right syntax is used.

To give full access to specific users

Add the entry given below in the file:

bob, tom ALL=(ALL) ALL

Following this method is not a good idea because this allows both bob and tom to use the su command to grant themselves permanent root privileges. Thereby skipping the command logging features of sudo.

Granting access to specific files to one particular user

This entry allows bob and all the other members of the group operator to gain access to all the program files in the /sbin and /usr/sbin directories, as well as the privilege of running the command /usr/oracle/backup.pl.

bob, %operator ALL= /sbin/, /usr/sbin, /usr/oracle/backup.pl

If you have any questions or thoughts to share on this topic, use the feedback form.