Grant Permissions to a MySQL User on Linux via Command Line

Reading Time: 2 minutes
Pre-Flight Check
  • These instructions are intended for granting a MySQL user permissions on Linux via the command line
  • I’ll be working from a Liquid Web Core Managed CentOS 6.5 server, and I’ll be logged in as root.

Continue reading “Grant Permissions to a MySQL User on Linux via Command Line”

Create a MySQL User on Linux via Command Line

Reading Time: < 1 minute

Pre-Flight Check

  • These instructions are intended for creating a MySQL user on Linux via the command line.
  • I’ll be working from a Liquid Web Core Managed CentOS 6.5 server, and I’ll be logged in as root.

Continue reading “Create a MySQL User on Linux via Command Line”

How to Add a User and Grant Root Privileges on Ubuntu 16.04

Reading Time: 2 minutes

Ubuntu 16.04 LTS provides you the ability to add a user for anyone who plans on accessing your server.  Creating a user is a basic setup but an important and critical one for your server security. In this tutorial, we will create a user and grant administrative access, known as root, to your trusted user.

Continue reading “How to Add a User and Grant Root Privileges on Ubuntu 16.04”

What Is Umask and How to Use it Effectively

Reading Time: 5 minutes

What is Umask?

Umask, or the user file-creation mode, is a Linux command that is used to assign the default file permission sets for newly created folders and files. The term mask references the grouping of the permission bits, each of which defines how its corresponding permission is set for newly created files. The bits in the mask may be changed by invoking the umask command.

When using the term Umask, we are referring to one of the following two meanings:

  • The user file creation mode mask that is used to configure the default permissions for newly created files and directories
  • The command “umask” which is used to set the umask value

As you probably already know, all Unix-based operating systems have a set of properties that are used to define who is allowed to read, write, or execute specific files or directories. There are three categories called “permissions classes” to which these permissions apply, and they are noted as follows.

fig_permissions_chmod-command
  • User: The User, by default, is the owner or creator of a file or folder. The ownership of the new file defaults to this user.
  • Group: A Group is a set of users that share the same access level or permissions to a file or folder.
  • Other: The Other group is defined as any user not included in the previous two categories. These users have not created a file or folder, nor do they belong to a specific usergroup. This group includes everyone not identified as a user or as being part of an usergroup. When we set the permission level of a file or folder to Other, it gives permissions level access to anyone that accesses the file or folder.

So, what happens when a user creates new files and directories? The system automatically assigns the following permissions a file if using the touch command.

[root@host ~]# touch test.txt
[root@host ~]# stat test.txt
  File: test.txt
  Size: 0 Blocks: 0 IO Block: 4096 regular empty file
Device: fd03h/64771d Inode: 654750 Links: 1
Access: (0644/-rw-r--r--) Uid: ( 0/ root) Gid: ( 0/ root)
Access: 2020-04-21 12:53:25.612051178 -0400
Modify: 2020-04-21 12:53:25.612051178 -0400
Change: 2020-04-21 12:53:25.612051178 -0400
 Birth: -

If we create a directory, it assigns the following permission set to it, 

[root@host ~]# mkdir test
[root@host ~]# stat test
  File: test
  Size: 4096 Blocks: 8 IO Block: 4096 directory
Device: fd03h/64771d Inode: 654751 Links: 2
Access: (0755/drwxr-xr-x) Uid: ( 0/ root) Gid: ( 0/ root)
Access: 2020-04-21 12:54:25.172601585 -0400
Modify: 2020-04-21 12:54:25.172601585 -0400
Change: 2020-04-21 12:54:25.172601585 -0400
 Birth: -
[root@host ~]#

The Umask Command Syntax

The complete manpage entry for umask is as follows.

umask [-p] [-S] [mode]
The user file-creation mask is set to mode.  

If mode begins with a digit, it is interpreted as an octal number; otherwise it is interpreted as a symbolic mode mask similar to that accepted by  chmod(1). If mode is omitted, the current value of the mask is printed.  

The -S option causes the mask to be printed in symbolic form; the default output is an octal number. 

If the -p option is supplied, and mode is omitted, the output is in a form that may be reused as input. The return status is 0 if the mode was successfully changed or if no mode argument was supplied, and false otherwise.

To view the current umask value, we use the umask command. Running the umask command by itself provide the default permissions that are assigned when a file or folder is created.

[root@host ~]# umask
0022
[root@host ~]#

To change these values, we will use the following command.

[root@host ~]# umask ###
[root@host ~]# umask 022

The ### symbols in the first command are used in lieu of an actual octal number.

Below, we can see the translated values of the octal and how they are related.

Number Permission
4 read
2 write
1 execute
  Read     Write   Execute Total Value Symbolic Equivalent:
0 0 0 0  
0 0 1 1 x
0 2 0 2 w
0 2 1 3 wx
4 0 0 4 r
4 0 1 5 rx
4 2 0 6 rw
4 2 1 7 rwx

So, when we run a ls command, the octal or symbolic permissions values are shown at the beginning of the output.

[root@host ~]# ls
drwxr-xr-x 2 root root 4096 Apr 21 12:54 test/
-rw-r--r-- 1 root root    0 Apr 21 12:53 test.txt
permission structure

The permissions set for the test directory is 755 or ‘rwx’ ‘r-x’ ‘r-x’.
The permissions set for the test.txt file is 644 or ‘rw -‘ ‘r – -‘ ‘r – -‘.
A dash signifies a 0 value.

Symbolic Headings

--- no permission
--x execute
-w- write
-wx write and execute
r-- read
r-x read and execute
rw- read and write
rwx read, write and execute

Numeric Headings

0 --- no permission
1 --x execute
2 -w- write
3 -wx write and execute
4 r-- read
5 r-x read and execute
6 rw- read and write
7 rwx read, write and execute

How Umask Works

The umask command masks permission levels by qualifying them with a certain value. To explain further how the umask value is applied, we will illustrate with an example. Let’s say that we want to set the default permissions for all new files or folders to 644 and 755. We would then use the following command.

[root@host ~]# umask 022

The number “2” permission (write permission) will be “filtered” from the system’s default permissions of 666 and 777 (hence the name “mask.”) From now on, the system will now assign the default permissions of 644 and 755 on new files and directories. Simply put, to calculate the permission bits for a new file or directory, we just subtract the umask value from the default value, like so.

  • 666 – 022 = 644
  • 777 – 022 = 755

Octal value : Permission

  • 0 : read, write and execute
  • 1 : read and write
  • 2 : read and execute
  • 3 : read only
  • 4 : write and execute
  • 5 : write only
  • 6 : execute only
  • 7 : no permissions

We can use above information to calculate our file permissions. For example, if our umask is set to 077, the permission can be calculated as follows:

Bit Targeted at File permission
0 Owner read, write and execute
7 Group No permissions
7 World No permissions

0 : read, write and execute
7 : no permissions
7 : no permissions

A umask of 000 will make newly created directories readable, writable and executable by everyone (the permissions will be 777). 

Umask Configuration Location

In most Linux distributions, the umask value can be found and configured in the following locations:

  • /etc/profile – this is where system-wide default variables are stored
  • /etc/bash.bashrc – this is where default shell configuration files are stored

Umask Symbols

As noted in the umask man page above, we can use specific symbols to specify permission values we want to set. To preview the currently set umask value in symbols, we use the following command:

umask -S

To change it, we can use the command in which the letters “u,” “g,” and “o” represent the user, group, and other or world, as shown below.

umask u=$, g=$, o=$

When settings permissions this way, we supplement each “$” placeholder with the desired permission symbol(s). The equal “=” sign is not the only operator at our disposal when setting umask with symbolic values. We can use plus “+” and minus “” operators as well.

  • The = symbol allows permissions to be enabled, prohibiting unspecified permissions
  • The + symbol allows permissions to be enabled, ignoring unspecified permissions
  • The – symbol prohibits permissions from being enabled, ignoring unspecified permissions
Note:
Using spaces after commas won’t work, and bash will display the “invalid symbolic mode operator” error message.

There’s an additional symbol that can be used when we want to set the same permission for all permissions classes at once (user, group, and other), and that is:

umask a=

Conclusion

Now that we better understand the function of the user file mode creation mask, we can put it to good use. Not only does it save us precious time and improve security, but it also provides us with better permission management capabilities.

Get Started Today!

Still have questions about how to utilize umask? Give us a call at 800.580.4985, or open a chat or ticket with us to speak with one of our knowledgeable Solutions Team or an experienced Hosting Advisors today!

How Do I Set Up Setuid, Setgid, and Sticky Bits on Linux?

Reading Time: 6 minutes

What Are Linux File Permissions?

Setuid, Setgid and Sticky Bits are special types of Unix/Linux file permission sets that permit certain users to run specific programs with elevated privileges. Ultimately the permissions that are set on a file determine what users can read, write or execute the file. Linux provides more advanced file permissions that allow you to do more specific things with a file, or directory.  Typically, these file permissions are used to allow a user to do certain tasks with elevated privileges (allow them to do things they normally are not permitted to do). This is accomplished with three distinct permission settings.  They are setuid, setgid, and the sticky bit.

Continue reading “How Do I Set Up Setuid, Setgid, and Sticky Bits on Linux?”

How To Set Up FTP for Windows

Reading Time: 5 minutes

What is FTP?

You or your developer may want to have access via FTP (File Transfer Protocol) to the folders for the project or domain that is being worked on. FTP is a quick and easy way for someone to connect to their project, without having to have full access to RDP into the server. An FTP user will only have access to the folders that are designated to them, limiting them in their own environment so as not to accidentally change other user’s files and file structure on their project/domain. In this tutorial, we will cover how to utilize FTP on a Core/Self-Managed Dedicated server or a VPS server, as well as a Plesk Server.  Let’s jump right in!

 

Enabling FTP Services

The first thing that you need to check before creating an FTP user is to enable FTP on your server. To do that on a Core/Self-Managed server, we need to RDP to the server and open Server Manager.

rdp connection info

Once the server manager is open, in the top right corner, there are a few options: Manage, Tools, View, and Help. We want to click on Manage, which will show a drop-down menu. At the top of the menu, click on the option Add Roles and Features.

IIS server manager dashboard

Once you have the Add Roles and Features Wizard up, click Next until you are at the Server Selection.

add role feature wizard

Make sure your server is highlighted, by default, it should be. If so, you can click Next which brings you to Server Roles.

select destination server

Server Roles are where you will find the features your server can have enabled separately, depending on your needs. We aren’t looking for anything but FTP at this time, so we won’t cover all of the features and services we find here. FTP services are going to be found under the role Web Server. Click on the carrot next to Web Server. There are 3 different options with checkboxes; Web Server, FTP Server, and Management Tools. Dropping down the FTP Feature will show the available FTP features.

If all of these are already checked, you can skip ahead to the Adding and Assigning FTP Users section of this help article. However, if these are not checked, go ahead and check FTP Server and FTP Service. If your users plan on using ASP.NET services or IIS Manager, you will want to make sure you check FTP Extensibility.

Once you have the FTP features selected, click on Next a couple of times until you get to the Confirmation page. At the top, you will see an option to “restart the destination server automatically if needed. For installing FTP Services, a restart is not needed. We can leave this box unchecked and click on Install. This install process shouldn’t take too long.

Adding and Assigning FTP Users section

Adding an FTP User Account

Before we add an FTP site, we need to set up a user with some credentials. We do this by accessing Computer Management.

set up a user credentials

On Windows 2012 and up, we can do this by right-clicking the Start Menu button, and selecting Computer Management. Here, under System Tools, if we click the drop down carrot, we will see the Local Users and Groups section. Double-click on Users and a list of all the Local Users will formulate. On the far right of the Computer Management, once we have navigated to Users, we see a More Actions and will need to click on that to add a New User.

add a New User

Clicking on New User will pop up a simple interface that asks for the user name, the user’s full name, a description for that user that serves as a description for you, the administrator, to recognize the purpose of this user. Fill out this information accordingly and type in a password for this user. Under Confirm Password, we see that by default “User must change password at next logon” is selected. Because this is strictly for FTP, we will uncheck that and check “User cannot change password” and “Password never expires”. Considering the FTP user will only have access to the destination you allow, it is not necessary to change the password.

description for FTP user

 

Adding an FTP Site

Now that FTP Services are installed and a user is created, we need to head on over to the IIS Manager. This can be found in the Start Menu, or by clicking on Tools in Server Manager as we did before, but clicking on Internet Information Services (IIS) Manager.

Adding an FTP Site

Here is the IIS Manager, we need to create the FTP site that you will want this specific user to have access to. We do this by clicking on the drop-down carrot next to the server name, and then right-clicking on the folder that says “Sites“.

create FTP site access for user

A menu will pop up, with the option to Add FTP Site. Enter the name you wish to give this FTP site. Select a Physical path, where you want the user for this FTP site to have access. Do this by either typing in the direct path, or selecting the 3 dots next to the entry bar and physically selecting the folder you wish to assign this FTP site.

Select a Physical path to ftp site

Clicking next will bring you to Bindings and SSL settings. If you have any specific IP address that is assigned to a domain that is being used for this FTP Service, you need to make sure that the IP address is selected by dropping down the bar.

Bindings and SSL settings

If all sites are taking advantage of Windows SNI (Server Name Identification) than you can leave this set to All Unassigned, if you wish to use a different port than the default FTP port, go ahead and type that in under Port. But if this is just a basic FTP instance for everyday purposes, go ahead and leave that port at the default 21. Next, you want to make sure that “Start FTP Site automatically” is selected. Unless of course, you want to manually allow the user to connect to their FTP site only when you designate by starting the page in IIS. Select No SSL and click Next for this FTP Site. In this tutorial, we will not be covering setting up an SSL for this specific FTP Site. If you do already have an SSL that you have added to the server for this purpose, you need to make sure that Allow or Require under SSL is checked, and select your SSL on the drop down bar labeled SSL Certificate.

authentication authorization info

Now we have been brought to the Authentication and Authorization section. Here at the top are two options for Authentication. Make sure that both boxes are checked. Finally, we have the Authorization section where we would select the groups or users we want to allow to be able to log into this FTP Site.

 

Setting Up the Windows Firewall

Now that we have the FTP site all set up and ready to go, we do need to set up the firewall rules. Open up your firewall by clicking on Start, scrolling to Windows Administrative Tools, and clicking on Windows Firewall with Advanced Security.

Windows Firewall with Advanced Security link

firewall.advanced.security

We need to set some rules on the Inbound Rules section, so click on that first. It’s in the top right corner. After clicking on Inbound Rules in the top right corner under Actions, you will see a section called Inbound Rules. Under that category should be New Rule.

set Inbound Firewall Rules

You may have to click on the arrow next to Inbound Rules to see this. Click on the New Rule

setup new firewall rule

And you will be selecting the Rule Type. For FTP we will be using Port, so click on that and Next. Now you will see Protocol and Ports. For Protocol, use the setting TCP. For Specific local ports type 21, 5001-5051 and click on Next.selecting Firewall Rule Type

Now we have the Action section. By default, “Allow the connection” is selected. Keep this the way it is and press Next. Now you will be prompted for when this rule will apply.

Firewall Allow the connection

We want it always to apply so keep each network connection type box checked. There are three: Domain, Private, and Public. Click Next, and you will be naming the firewall rule. We suggest just naming it FTP Connection or something of the sort.

naming the firewall rule

You should be all set. Go ahead and log into another computer, use your favorite FTP client (such as Filezilla), enter the IP address as a host, and your newly created username and password, port number, and click connect. You are now connected FTP to your designated pathway on your server.

 

FTP on a Plesk Server

This process is a lot faster and much simpler. Here are several links regarding setting up FTP users and Uploading Files on a Plesk Windows Server.

You did it! You have successfully set up an FTP site so that you or the developers can now edit, copy, and remove files from their designated folders smoothly.

Troubleshooting Microsoft SQL Server Error 18456, Login failed for user

Reading Time: 4 minutes

Login errors with Microsoft SQL Server (MSSQL) are a fairly common issue and can be easily solved with some basic troubleshooting steps. Before we dig in, let’s take a look at the details of the error to try and determine the cause.

connect to server error

Solutions to Microsoft SQL Server Error 18456

Sometimes, the error presents as “login failed for user ‘<username>’,” this information will help us as we identify the user we need to troubleshoot. From the message, we’ll know the error number as a reference to search for next steps. In this case, it is Microsoft SQL Server, Error: 18456.

Other times, we may only see “Microsoft SQL Server Error 18456” along with the severity and state number. On its own, a state number might not mean much, yet it can offer more details as to what is wrong and where to look next.

These states of the error, 18456, are the most common. The descriptions and potential solutions offer a quick explanation and potential troubleshooting guide.

mssql errors and potential solutions

Step 1:  Log In with Remote Desktop

The troubleshooting and solutions require you to login to the server or at least be able to make a Windows Authentication connection to MSSQL using Microsoft SQL Server Management Studio. The most common and easiest method is to connect directly to the server with a Remote Desktop Connection. If you need more information about Remote Desktop Connection, these Knowledge Base articles will help you get connected:

Step 2: Run Microsoft SQL Server Management

Once you are logged into the server, you’ll want to run Microsoft SQL Server Management Studio (SSMS). SSMS is the tool best suited to configure, manage, and administer MSSQL.

mssql server management

When you start SSMS, you will be asked to log in to the server. By default, most MSSQL servers have Windows Authentication enabled, meaning you must log in with the Windows Administrator or the account specified as the SQL Administrator when MSSQL was installed and configured.

connect to mssql server

In addition to Windows Authentication, MSSQL supports SQL Server Authentication. Depending on the version of MSSQL and how it was installed and configured, you may or may not have SQL Server Authentication enabled by default.

Step 3: Checking the Server Authentication Mode

Once we login to SSMS using Windows Authentication, we need to check the security settings to confirm whether MSSQL is set up to allow both Windows and SQL Authentication.

In SSMS, right-click the Server Name at the top of the Object Explorer window and choose Properties.

Next, click the Security page.

mssql security properties

If you find Windows Authentication is the only mode configured, this is the likely cause of Error 18456, Login failed for user ‘<username>’.

Setting the Server authentication mode to allow SQL Server and Windows Authentication, you will be able to login to MS-SQL with a SQL user and password or a Windows user and password. After making this change, you will need to restart the SQL Server service.

 

Step 4: Restart the SQL Service

In SSMS, right-click the Server Name at the top of the Object Explorer window and choose Restart to apply the new authentication mode settings.  

In the above example, Windows Authentication mode was the only mode configured, and the Error 18456 occurred because the user ‘sa’ is a SQL user and SQL Server Authentication was not permitted.

 

Step 5: Checking SQL User Permissions

As we check the SQL user permissions, we need to answer the following questions:

  • Is the user allowed to log in?
  • Does the user have a valid password set up?
  • Does the user have the needed permissions for access to the desired database?

In SSMS Object Explorer, expand Security, Logins. Locate the user that was failing to log in. A red x on the user indicates this user has login disabled.

smss login properties

To allow the user to login, right-click the user and choose Properties, then click the Status page. Enabling login for the user and click OK.

enable login user properties

After refreshing the list user logins, we can confirm the user no longer has a red x present. This should allow the user to log in. In this example, the SQL user ‘sa’ failed to log in because there was no permission to log in. 

Continuing with user troubleshooting, right-click the user and choose Properties, then click the General page. Here you can enter a new password and then enter the confirmation password. Click OK to save the new password. We set a new password for the user so that we are certain of the password when we attempt to log in.

sa login user properties

Step 6: Mapping the User to the Database

Our last step in troubleshooting a user is to check user mapping to verify the user has access to the desired database and to set or verify their role for the database. Right-click the user and choose Properties, then click the User Mapping page. Select the Database from the list of databases. From the database role memberships, select the desired/required memberships. Click OK.

map user to mssql database

In this example, we mapped the user ‘ProdX709’ to the database Production X709.2019 and granted them database role db_owner. In many cases, you only need a user to have db_datareader and db_datawriter roles to be able to read and write to the database.

 

In this troubleshooting article, we learned how to identify specifics of Error 18456 to help us track down the root cause of the issue. Still looking for support?  Our MSSQL database solutions come with assistance from our technical support team. Find out how our high-availability database can work for you!

How to Remove (Delete) a User on Ubuntu 16.04

Reading Time: < 1 minuteUser management includes removing users who no longer need access, removing their username and any associate root privileges are necessary for securing your Ubuntu based Cloud VPS server. Deleting a user’s access to your Linux server is a typical operation which can easily be performed using a few commands.   Continue reading “How to Remove (Delete) a User on Ubuntu 16.04”

How To Assign a User to a MySQL Database in cPanel

Reading Time: < 1 minute

This tutorial assumes you’ve already logged in to cPanel, and are starting on the home screen. Let’s learn how to assign a user to a database.

  1. Click the “MySQL Databases” icon.cpanel-pl-mysql-5-assignuser-02
  2. Under “Add User To Database”, select the user you want to add, and then select the database you want to add it to.cpanel-pl-mysql-5-assignuser-03
  3. When ready, click “Add”.cpanel-pl-mysql-5-assignuser-04
  4. Select the privileges you want to grant the user… in this case, let’s select “All Privileges”.cpanel-pl-mysql-5-assignuser-05
  5. Then click “Make Changes”.cpanel-pl-mysql-5-assignuser-06
  6. That’s it! The user has been assigned to the database.cpanel-pl-mysql-5-assignuser-07
  7. You can see the user assigned to the database in the table of databases.cpanel-pl-mysql-5-assignuser-08