Here’s how to delete a Linux user.
userdel username |
Delete user and the home directory.
userdel -f username |
cloud engineer
Here’s how to delete a Linux user.
userdel username |
userdel username
Delete user and the home directory.
userdel -f username |
userdel -f username
Here’s how to create a regional SSL Certificate.
gcloud compute ssl-certificates create my-ssl-cert \ --description "describe ssl certificate" \ --domains=domain1.com,domain2.com \ --certificate=cert.pem \ --private-key=private.key \ --region=us-central1 |
gcloud compute ssl-certificates create my-ssl-cert \ --description "describe ssl certificate" \ --domains=domain1.com,domain2.com \ --certificate=cert.pem \ --private-key=private.key \ --region=us-central1
List the SSL certificates.
gcloud compute ssl-certificates list --project=project-id |
gcloud compute ssl-certificates list --project=project-id
Describe the SSL certificate.
gcloud compute ssl-certificates describe my-ssl-cert \ --region=us-central1 \ --project=project-id |
gcloud compute ssl-certificates describe my-ssl-cert \ --region=us-central1 \ --project=project-id
Delete SSL certificate.
gcloud compute ssl-certificates delete my-ssl-cert \ --region=us-central1 \ --project=project-id |
gcloud compute ssl-certificates delete my-ssl-cert \ --region=us-central1 \ --project=project-id
Here’s a script that will rotate AWS IAM keys.
#!/bin/bash # set files user='johndoe' newkey='/root/new-access-key.json' oldkey='/root/old-access-key.json' credentials='/root/.aws/credentials' # get old credentials aws iam list-access-keys --user-name $user > $oldkey okey=$(jq .AccessKeyMetadata[0].AccessKeyId $oldkey | tr -d \") # create new key aws iam create-access-key --user-name $user > $newkey # get new access keys and new secret nkey=$(jq .AccessKey.AccessKeyId $newkey | tr -d \") nsecret=$(jq .AccessKey.SecretAccessKey $newkey | tr -d \") # backup old credentials cp /root/.aws/credentials /root/.aws/credentials-backup # store the new key echo '[default]' > $credentials echo 'aws_access_key_id = ' $nkey >> $credentials echo 'aws_secret_access_key = '$nsecret >> $credentials sleep 10 # delete old key aws iam delete-access-key --user-name $user --access-key-id $okey rm $newkey rm $oldkey |
#!/bin/bash # set files user='johndoe' newkey='/root/new-access-key.json' oldkey='/root/old-access-key.json' credentials='/root/.aws/credentials' # get old credentials aws iam list-access-keys --user-name $user > $oldkey okey=$(jq .AccessKeyMetadata[0].AccessKeyId $oldkey | tr -d \") # create new key aws iam create-access-key --user-name $user > $newkey # get new access keys and new secret nkey=$(jq .AccessKey.AccessKeyId $newkey | tr -d \") nsecret=$(jq .AccessKey.SecretAccessKey $newkey | tr -d \") # backup old credentials cp /root/.aws/credentials /root/.aws/credentials-backup # store the new key echo '[default]' > $credentials echo 'aws_access_key_id = ' $nkey >> $credentials echo 'aws_secret_access_key = '$nsecret >> $credentials sleep 10 # delete old key aws iam delete-access-key --user-name $user --access-key-id $okey rm $newkey rm $oldkey
The script performs the following:
Here’s a few commands to create, delete and disable AWS user keys.
List user keys.
aws iam list-access-keys --user-name john.doe |
aws iam list-access-keys --user-name john.doe
Create access key. Results are printed on screen in JSON format.
aws iam create-access-key --user-name john.doe |
aws iam create-access-key --user-name john.doe
Disable a key. The real key id is obfuscated.
aws iam update-access-key \ --access-key-id ******************** \ --status Inactive \ --user-name john.doe |
aws iam update-access-key \ --access-key-id ******************** \ --status Inactive \ --user-name john.doe
Delete a key. They real key id is obfuscated.
aws iam delete-access-key \ --access-key-id ******************** \ --user-name john.doe |
aws iam delete-access-key \ --access-key-id ******************** \ --user-name john.doe
If you don’t want a file edited or deleted, you can set the immutable attribute to ON. If activated, not even root or the owner of the file can delete it. Users with write access can still read it, but they obviously will not be able to modify it. To unset it, just use the -i option.
# Set immutable attribute sudo chattr +i text.txt # Unset immutable attribute sudo chattr -i text.txt |
# Set immutable attribute sudo chattr +i text.txt # Unset immutable attribute sudo chattr -i text.txt