for Windows
Command
wmic bios get serialnumber
Monday 24 August 2020
Node Manager Username and Password for Oracle HTTP Server 12c
How to Change the Node Manager Username and Password for Oracle HTTP Server 12c in a Standalone Domain (Doc ID 1945039.1)
Applies to:
Oracle HTTP Server - Version 12.1.2.0.0 and laterInformation in this document applies to any platform.
Goal
What tools can be used to modify the node manager user name and password for a standalone OHS 12c domain?
Note: A standalone domain is a container for system components, such as Oracle HTTP Server. It has a directory structure similar to an Oracle WebLogic Server Domain, but it does not contain an Administration Server or Managed Servers. It can contain one or more instances of system components of the same type, such as Oracle HTTP Server, or a mix of system component types. Reference 1.4.2 Standalone Domain
Solution
The steps are as follows:
1. Stop the Oracle HTTP Server component and the Node Manager (NM) :
$ cd DOMAIN_HOME/bin
$ ./stopComponent.sh <ohs_component>
$ ./stopComponent.sh <ohs_component>
Stopping System Component <ohs_component> ...
Initializing WebLogic Scripting Tool (WLST) ...
Welcome to WebLogic Server Administration Scripting Shell
Type help() for help on available commands
Reading domain from DOMAIN_HOME
Please enter your password : <Enter old password>
Connecting to Node Manager ...
Successfully Connected to Node Manager.
Killing server <ohs_component> ...
Successfully killed server <ohs_component>
Successfully disconnected from Node Manager.
Exiting WebLogic Scripting Tool.
Done
$
CTRL C in the window where NM is running (Or kill the PID of NM)
$ ./stopComponent.sh <ohs_component>
$ ./stopComponent.sh <ohs_component>
Stopping System Component <ohs_component> ...
Initializing WebLogic Scripting Tool (WLST) ...
Welcome to WebLogic Server Administration Scripting Shell
Type help() for help on available commands
Reading domain from DOMAIN_HOME
Please enter your password : <Enter old password>
Connecting to Node Manager ...
Successfully Connected to Node Manager.
Killing server <ohs_component> ...
Successfully killed server <ohs_component>
Successfully disconnected from Node Manager.
Exiting WebLogic Scripting Tool.
Done
$
CTRL C in the window where NM is running (Or kill the PID of NM)
2. Invoke WLST offline:
$ cd ORACLE_HOME/oracle_common/common/bin
$ ./wlst.sh
Initializing WebLogic Scripting Tool (WLST) ...
Welcome to WebLogic Server Administration Scripting Shell
Type help() for help on available commands
wls:/offline>
$ ./wlst.sh
Initializing WebLogic Scripting Tool (WLST) ...
Welcome to WebLogic Server Administration Scripting Shell
Type help() for help on available commands
wls:/offline>
3. Read in the domain:
wls:/offline>readDomain('DOMAIN_HOME')
4. Get the security MBean:
wls:/offline/ohs_domain>cd('/SecurityConfiguration/ohs_domain')
5. Change the NM user name:
Need to provide a node manager user
name on this step, this can be an old user name. Otherwise, the NM
password may not modify correctly.
wls:/offline/new_ohs_domain/SecurityConfiguration/new_ohs_domain>set('NodeManagerUsername','<new_NM_Username>')
6. Change the NM password then commit the changes. You can give a clear text password such as 'welcome1'.
The encrypted password will be stored in /u01/oracle/config/ohs_domain/nodemanager/nm_password.properties.
wls:/offline/new_ohs_domain/SecurityConfiguration/new_ohs_domain>set('NodeManagerPasswordEncrypted','password')
wls:/offline/new_ohs_domain/SecurityConfiguration/new_ohs_domain>updateDomain()
wls:/offline/new_ohs_domain/SecurityConfiguration/new_ohs_domain>closeDomain()
wls:/offline>exit()
Exiting WebLogic Scripting Tool.
wls:/offline/new_ohs_domain/SecurityConfiguration/new_ohs_domain>updateDomain()
wls:/offline/new_ohs_domain/SecurityConfiguration/new_ohs_domain>closeDomain()
wls:/offline>exit()
Exiting WebLogic Scripting Tool.
Checking timestamps you can see that the following files have been updated:
/u01/oracle/config/ohs_domain/config/config.xml
/u01/oracle/config/ohs_domain/config/nodemanager/nm_password.properties
7. Restart NM:
$ cd DOMAIN_HOME/bin
$ ./startNodeManager.sh
$ ./startNodeManager.sh
8. Finally, restart OHS
$ ./startComponent.sh <ohs_component>
Starting System Component <ohs_component> ...
Initializing WebLogic Scripting Tool (WLST) ...
Welcome to WebLogic Server Administration Scripting Shell
Type help() for help on available commands
Reading domain from DOMAIN_HOME
Please enter your password : <Enter new password>
Connecting to Node Manager ...
Successfully Connected to Node Manager.
Starting server <ohs_component> ...
Successfully started server <ohs_component> ...
Successfully disconnected from Node Manager.
Exiting WebLogic Scripting Tool.
Done
Starting System Component <ohs_component> ...
Initializing WebLogic Scripting Tool (WLST) ...
Welcome to WebLogic Server Administration Scripting Shell
Type help() for help on available commands
Reading domain from DOMAIN_HOME
Please enter your password : <Enter new password>
Connecting to Node Manager ...
Successfully Connected to Node Manager.
Starting server <ohs_component> ...
Successfully started server <ohs_component> ...
Successfully disconnected from Node Manager.
Exiting WebLogic Scripting Tool.
Done
9. It is possible to prevent the prompt for the NM password on
each OHS startup by storing the password in an encrypted form using a
key store with the command:
$ ./startComponent.sh <ohs_component> storeUserConfig
10. If the old password was previously stored in a key store before the password was changed, the cached key store files need to be removed before restarting the OHS component:
$ cd
$ cd .wlst
$ ls -l
total 8
-rw-r----- 1 user group 227 Nov 14 16:09 nm-cfg-ohs_domain.props
-rw-r----- 1 user group 64 Nov 14 16:09 nm-key-ohs_domain.props
$ rm nm-cfg-ohs_domain.props
$ rm nm-key-ohs_domain.props
$ cd .wlst
$ ls -l
total 8
-rw-r----- 1 user group 227 Nov 14 16:09 nm-cfg-ohs_domain.props
-rw-r----- 1 user group 64 Nov 14 16:09 nm-key-ohs_domain.props
$ rm nm-cfg-ohs_domain.props
$ rm nm-key-ohs_domain.props
11. If required, the new password can then be re-stored using the same command:
$ ./startComponent.sh <ohs_component> storeUserConfig
 |  To Bottom | |
Wednesday 12 August 2020
Adding to Root Group using usermod
Method 1: Adding to Root Group using usermod
Let see how we can grant normal user root access by adding to root group.
# adduser user1 # adduser user2 # groupadd test
These are the groups I have in my Linux box.
# groups root bin daemon sys adm disk wheel
I am going to add user1 to root group as follows:
# usermod -G root user1
The command given below provides the existing user with the root privilege
# usermod -g 0 -o root_user
Method 2: Adding to Root Group using Useradd Command
I have added a new user, 'user3' to the root group using one single command:
# useradd -m -G root user3 # groups user3 user3 : user3 root
Another option using useradd command
useradd -c “Imitation Root” -d /home/root_user -m -k /etc/skel -s /bin/bash -u 0 -o -g root root_user
Method 3: Editing /etc/passwd file
Edit /etc/passwd for the particular user. Change the user's UID and GID to '0'. This will give root permissions to user.
root:x:0:0:root:/root:/bin/bash temproot:x:128:128:temproot
Now, temproot user should have root privilege:
root:x:0:0:root:/root:/bin/bash temproot:x:0:0:temproot
Note: This is not the recommended method for granting root access
Method 4: Setting as Sudo User
The sudo configuration file is /etc/sudoers and you can edit this file using visudo command: # visudo.
Using visudo protects from conflicts and guarantees that the right syntax is used.
To give full access to specific users
Add the entry given below in the file:
bob, tom ALL=(ALL) ALL
Following this method is not a good idea because this allows both bob and tom to use the su command to grant themselves permanent root privileges. Thereby skipping the command logging features of sudo.
Granting access to specific files to one particular user
This entry allows bob and all the other members of the group operator to gain access to all the program files in the /sbin and /usr/sbin directories, as well as the privilege of running the command /usr/oracle/backup.pl.
bob, %operator ALL= /sbin/, /usr/sbin, /usr/oracle/backup.pl
If you have any questions or thoughts to share on this topic, use the feedback form.
Subscribe to:
Posts (Atom)