Author: Saba, Mitch

Disable All User Login Access

There are occasions when you want to make sure users can not log into a system.  This can be due to a maintenance period or I have used it as part of the process for retiring a system.  It is simple enough but I thought it worth documenting for prosperity.

# cd /{root of user home directory}
# ls -al | awk '{print $3}' | grep -v -e '^$' | grep -v {account exceptions} |while read a;do usermod -s /sbin/nologin $a;done;

To break down possibly the non-obvious part down:

grep -v -e '^$'

This removes any blank lines from the output.  The rest should be self-explanatory, if it isn’t ask in the comments section.

Don’t forget to add your account to the exception list, and it is always a good idea to test the output first.  To reverse the process change /sbin/nologin to /bin/bash.




MySql, phpMyAdmin user creation and grant errors

Recently I got a report from a user that they could not create a database using phpMyAdmin.  When I logged in and did some testing I began getting errors when I attempted to create a user, a database or grant privileges as root…

The root cause was a misalignment of the grants due to a missed step during a patch cycle (as we haven’t manually upgraded).  Here is more about it and how I fixed the problem:

First doing some investigation…

# mysql -uroot -p
Server version: 5.5.52 MySQL Community Server (GPL) by Remi

mysql> SELECT version();
| version() |
| 5.5.52 |
1 row in set (0.00 sec)

mysql> SELECT column_name,ordinal_position FROM information_schema.columns WHERE table_schema='mysql' and table_name='user' and column_name='plugin';
Empty set (0.00 sec)

mysql> SELECT COUNT(1) column_count FROM information_schema.columns WHERE table_schema='mysql' AND table_name='user';
| column_count |
| 39 |
1 row in set (0.00 sec)

That last query should have the following numbers:

  • If you get 43, MySQL 5.6
  • If you get 42, MySQL 5.5
  • If you get 39, MySQL 5.1
  • If you get 37, MySQL 5.0

As you can see from the above output the numbers are not correct, as we are using version 5.5 and only had 39 column’s returned, instead of the expected 42.  This means that the upgrade wasn’t completed.  We can fix this with the following:

# mysql_upgrade -u root -p --upgrade-system-tables
Looking for 'mysql' as: mysql
The --upgrade-system-tables option was used, databases won't be touched.
Running 'mysql_fix_privilege_tables'...

Rerunning the previous mysql queries we can see the changes:

# mysql -uroot -p
Server version: 5.5.52 MySQL Community Server (GPL) by Remi

mysql> SELECT version();
| version() |
| 5.5.52 |
1 row in set (0.00 sec)

mysql> SELECT column_name,ordinal_position FROM information_schema.columns WHERE table_schema='mysql' and table_name='user' and column_name='plugin';
| column_name | ordinal_position |
| plugin | 41 |
1 row in set (0.00 sec)

mysql> SELECT COUNT(1) column_count FROM information_schema.columns WHERE table_schema='mysql' AND table_name='user';
| column_count |
| 42 |
1 row in set (0.00 sec)

Now I can go back into the phpMyAdmin interface and everything is working again.  Problem Solved.

Hope this helps, if it does say hello.

Yum Rollbacks

Very occasionally installing a package or updates with yum can have unexpected results.  Fortunately yum provides the ability to roll back anything it installs.  Here is an example of what these commands look like:

# yum history
Loaded plugins: package_upload, product-id, search-disabled-repos, security, subscription-manager
ID | Login user | Date and time | Action(s) | Altered
 11 | root <root> | 2016-12-16 13:20 | Install | 8 
 10 | root <root> | 2016-12-16 10:38 | Install | 1 
 9 | root <root> | 2016-12-16 08:05 | Install | 1 
 8 | root <root> | 2016-12-15 15:37 | Install | 1 
 7 | root <root> | 2016-12-15 13:29 | Install | 10 
 6 | root <root> | 2016-12-15 12:55 | Install | 5 <
 5 | root <root> | 2016-12-08 14:51 | I, O, U | 381 >E
 4 | root <root> | 2016-12-08 14:45 | Install | 4 
 3 | root <root> | 2016-12-08 14:12 | I, U | 32 EE
 2 | root <root> | 2016-12-08 14:11 | Install | 1 
 1 | System <unset> | 2016-12-08 13:50 | Install | 644

To reverse any of these yum actions simply issue the command:

# yum history undo "#"

Where the trailing “#” is the ID number from the yum history output.

Good luck.

Subnet Cheat Sheet

Subnet Mask Cheat Sheet

Posted here because 95% of the networks are the same and when I encounter a different one I have to think about it…not any more!

See RFC 1878 for more details & information.

Addresses Hosts Netmask Amount of a Class C
/30 4 2 1/64
/29 8 6 1/32
/28 16 14 1/16
/27 32 30 1/8
/26 64 62 1/4
/25 128 126 1/2
/24 256 254 1
/23 512 510 2
/22 1024 1022 4
/21 2048 2046 8
/20 4096 4094 16
/19 8192 8190 32
/18 16384 16382 64
/17 32768 32766 128
/16 65536 65534 256

Network Interface Name in rhel7

Anyone who has installed rhel7 knows how annoying it is to check you network and not see eth0.  Perhaps it is just me then…  Regardless here are instructions on how to change it:

First you need to know the name of the network adapter in use, you can look in /etc/sysconfig/network-scripts/ifcfg-eno##### or run this command:

# ip addr show
Now you need to do the following:
vim /etc/sysconfig/grub
add “net.ifnames=0 biosdevname=0″ to the end of the line beginning with: GRUB_CMDLINE_LINUX, for example:
GRUB_CMDLINE_LINUX="crashkernel=auto rhgb quiet net.ifnames=0 biosdevname=0"
Now you need to regenerate the GRUB configuration with the updated kernel parameters:
# grub2-mkconfig -o /boot/grub2/grub.cfg
Now you need to change the ‘eno##” named network scripts you identified above:
# cp -p /etc/sysconfig/network-scripts/ifcfg-eno16780032 /etc/sysconfig/network-scripts/ifcfg-eth0

Next edit the newly copied network script to change any reference to the eno### to eth0, for example:

sed -i -e 's/eno16780032/eth0/g' /etc/sysconfig/network-scripts/ifcfg-eth0

Now reboot:

# shutdown -r now

After system reboot your network interface shall be called eth0 and all will be right in the world again…

Hat tip to Angelo for most of the leg work.

Using redhat-support-tool in 10 space

OK, Private IP space, but you should know that 10 space means private IP space.

The command redhat-support-tool is useful when working with a Red Hat support ticket. Once a ticket is opened with Red Hat your next step should be to create and attach an sosreport to the ticket. If you don’t then you will waste valuable time as their first response will be, you guessed it, please attach an sosreport. Even attaching one is no guarantee they won’t still ask as they follow the script pretty closely.

The 90% use case for using the command redhat-support-tool is adding attachments, like this:

redhat-support-tool addattachment -c CASE_NUMBER /tmp/sosreport.tar.xz

If you have not configured /root/redhat-support-tool/redhat-support-tool.conf you will be prompted for your RHN user name and password.  Since I mentioned it please note that /root/redhat-support-tool contains your configuration file and a log file.  Please note: that if you configure global setting (more on that below) those settings are stored in /etc/redhat-support-tool.conf

Back to Private IP space use.  Supposedly you can configure this using the redhat-support-tool -> config option for example:

# redhat-support-tool
Command (? for help): config proxy_url proxy.your-url.domain


# redhat-support-tool
Command (? for help): config proxy_url http://proxy.your-url.domain

OR setting it globally (sets it to /etc/redhat-support-tool.conf)

# redhat-support-tool
Command (? for help): config -g proxy_url http://proxy.your-url.domain

This however doesn’t always work, here is why with an explanation, thanks to my colleague Doug B:

I figured out the redhat-support-tool issue.

– It’s always connecting to proxy via https, so you have to use “” in order to force it.
– It may conflict with an http_proxy environment variable.

Even unsetting the variable within the tool (with –unset proxy_url) didn’t seem to clear out an incorrect entry – even though nothing was in the config file!

In the end it’s easiest to just to export http_proxy= and not modify anything within the support tool itself.

As you can see a frustrating problem, yes we could have just transferred the file and uploaded it using the webUI or from another system but what would we have learned from that?!

Again, thanks to Doug B. for working with me on this.

Here is a link (account required) to more details about the redhat-support-tool:


yum Invalid System Credential error

I ran across the following yum error after migrating a system from being a client of Satellite 5.6 to Satellite 6.1.  First here is the error:

# yum update
Loaded plugins: package_upload, priorities, rhnplugin, search-disabled-repos, security, subscription-manager
There was an error communicating with RHN.
RHN Satellite or RHN Classic support will be disabled.

Error Message:
    Please run rhn_register as root on this client
Error Class Code: 9
Error Class Info: Invalid System Credentials.
     An error has occurred while processing your request. If this problem
     persists please enter a bug report at
     If you choose to submit the bug report, please be sure to include
     details of what you were trying to do when this error occurred and
     details on how to reproduce this problem.

Setting up Update Process
rhel-6-server-rpms                                                                                                                                                            | 2.0 kB     00:00     
rhel-6-server-satellite-tools-6.1-rpms                                                                                                                                        | 2.1 kB     00:00     
No Packages marked for Update
This left me scratching my head for a few and a quick search didn’t produce much so I thought I should document this for prosperity.
The problem was with the contents of the file /etc/yum/pluginconf.d/rhnplugin.conf
Part of my transition is running this command:
sed -i -e 's/enabled=1/enabled=0/g' /etc/yum/pluginconf.d/rhnplugin.conf
The problem was unlike all of my other systems, this file must have been edited because instead of containing “enabled=1” it contained “enabled = 1”
To correct that I modified my sed command to ignore white space:
sed -i -e 's/enabled\s*=\s*1/enabled=0/g' /etc/yum/pluginconf.d/rhnplugin.conf

More details can be found using the yum.conf man page.

Hope that is helpful.


Working with Repositories

Pulling packages from multiple sources can lead to problems.  If you are running rhel and have epel enabled an update could inadvertently pull down a newer version from the wrong repository.  This doesn’t always cause a problem, but it can.  If you need to tfind all the epel packages on your system, here is how you: List all packages installed from repo “X”

yum list installed | grep @epel



Kerberizing RHEL Server

Notes from Plone…

yum install krb5-workstation pam_krb5 -y
# if krb5.conf is present we should get a fresh copy
mv /etc/krb5.conf /etc/krb5.conf.bak
yum reinstall krb5-libs -y
sed -ie 's/' /etc/krb5.conf
sed -ie 's/EXAMPLE.COM/UCONN.EDU/g' /etc/krb5.conf
fqdn=`hostname --fqdn`;
echo "
ank -randkey host/$fqdn@UCONN.EDU
ktadd -k /etc/krb5.keytab host/$fqdn@UCONN.EDU

--- OR ---

kadmin netid/admin@UCONN.EDU
addprinc -randkey host/$fqdn
ktadd -k /etc/krb5.keytab host/$fqdn
modprinc -requires_preauth host/$fqdn
kadmin -p netid/admin@UCONN.EDU
authconfig --enablekrb5 --updateall
echo "netid/admin@UCONN.EDU" >> ~/.k5login
restorecon ~/.k5login
chmod 600 .k5login
service sshd restart