password

AWS IAM Self Manage Policy

July 28, 2020

Here’s the permission needed for an AWS user to manage their own IAM account. The policy allows them to view their own account information, change their own passwords, rotate access keys and certificates, and manage their own git credentials.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "AllowViewAccountInfo",
            "Effect": "Allow",
            "Action": [
                "iam:GetAccountPasswordPolicy",
                "iam:GetAccountSummary"
            ],
            "Resource": "*"
        },
        {
            "Sid": "AllowManageOwnPasswords",
            "Effect": "Allow",
            "Action": [
                "iam:ChangePassword",
                "iam:GetUser"
            ],
            "Resource": "arn:aws:iam::*:user/${aws:username}"
        },
        {
            "Sid": "AllowManageOwnAccessKeys",
            "Effect": "Allow",
            "Action": [
                "iam:CreateAccessKey",
                "iam:DeleteAccessKey",
                "iam:GetAccessKeyLastUsed",
                "iam:ListAccessKeys",
                "iam:UpdateAccessKey"
            ],
            "Resource": "arn:aws:iam::*:user/${aws:username}"
        },
        {
            "Sid": "AllowManageOwnSigningCertificates",
            "Effect": "Allow",
            "Action": [
                "iam:DeleteSigningCertificate",
                "iam:ListSigningCertificates",
                "iam:UpdateSigningCertificate",
                "iam:UploadSigningCertificate"
            ],
            "Resource": "arn:aws:iam::*:user/${aws:username}"
        },
        {
            "Sid": "AllowManageOwnSSHPublicKeys",
            "Effect": "Allow",
            "Action": [
                "iam:DeleteSSHPublicKey",
                "iam:GetSSHPublicKey",
                "iam:ListSSHPublicKeys",
                "iam:UpdateSSHPublicKey",
                "iam:UploadSSHPublicKey"
            ],
            "Resource": "arn:aws:iam::*:user/${aws:username}"
        },
        {
            "Sid": "AllowManageOwnGitCredentials",
            "Effect": "Allow",
            "Action": [
                "iam:CreateServiceSpecificCredential",
                "iam:DeleteServiceSpecificCredential",
                "iam:ListServiceSpecificCredentials",
                "iam:ResetServiceSpecificCredential",
                "iam:UpdateServiceSpecificCredential"
            ],
            "Resource": "arn:aws:iam::*:user/${aws:username}"
        }
    ]
}

{ "Version": "2012-10-17", "Statement": [ { "Sid": "AllowViewAccountInfo", "Effect": "Allow", "Action": [ "iam:GetAccountPasswordPolicy", "iam:GetAccountSummary" ], "Resource": "*" }, { "Sid": "AllowManageOwnPasswords", "Effect": "Allow", "Action": [ "iam:ChangePassword", "iam:GetUser" ], "Resource": "arn:aws:iam::*:user/${aws:username}" }, { "Sid": "AllowManageOwnAccessKeys", "Effect": "Allow", "Action": [ "iam:CreateAccessKey", "iam:DeleteAccessKey", "iam:GetAccessKeyLastUsed", "iam:ListAccessKeys", "iam:UpdateAccessKey" ], "Resource": "arn:aws:iam::*:user/${aws:username}" }, { "Sid": "AllowManageOwnSigningCertificates", "Effect": "Allow", "Action": [ "iam:DeleteSigningCertificate", "iam:ListSigningCertificates", "iam:UpdateSigningCertificate", "iam:UploadSigningCertificate" ], "Resource": "arn:aws:iam::*:user/${aws:username}" }, { "Sid": "AllowManageOwnSSHPublicKeys", "Effect": "Allow", "Action": [ "iam:DeleteSSHPublicKey", "iam:GetSSHPublicKey", "iam:ListSSHPublicKeys", "iam:UpdateSSHPublicKey", "iam:UploadSSHPublicKey" ], "Resource": "arn:aws:iam::*:user/${aws:username}" }, { "Sid": "AllowManageOwnGitCredentials", "Effect": "Allow", "Action": [ "iam:CreateServiceSpecificCredential", "iam:DeleteServiceSpecificCredential", "iam:ListServiceSpecificCredentials", "iam:ResetServiceSpecificCredential", "iam:UpdateServiceSpecificCredential" ], "Resource": "arn:aws:iam::*:user/${aws:username}" } ] }

Remove Sudo Password

July 28, 2020

Removing sudo password is typically not a good practice. If you’re a seasoned system administrator, or you’re the only one using your own desktop, being prompted for a sudo password can get really annoying. Here’s how to stop getting prompted every time you run sudo.

Run visudo.

sudo visudo

Edit the sudo line and set to below.

%sudo ALL=(ALL) NOPASSWD: ALL

Save file.

EC2 Password Authentication

May 18, 2020

When you stand up an AWS instance, it’s only accessible via SSH key using the default user, typically ec2-user.

Add password to ec2-user, then enable password authentication to ‘yes’ in SSH.

# Add password to ec2-user
sudo passwd ec2-user
# edit ssh config
vim /etc/ssh/sshd_config
# enable password authentication
PasswordAuthentication yes
# save file and exit

Restart SSH service.

systemctl restart sshd.service

Recover MySQL Root Password

September 2, 2019

How to recover a MySQL root password without a password.

Stop MySQL.
Start MySQL Safe Mode.
Login to MySQL as root without password.
Change root password.

# Stop MySQL.
service mysql stop
# MySQL Safe Mode.
mysqld_safe --skip-grant-tables &

# Login to MySQL without password. Set new password.
mysql -u root -p
use mysql;
# For MySQL 5.6 or lower
UPDATE mysql.user SET Password=PASSWORD('newpassword') WHERE User='root';
# For MySQL 5.7 or higher
SET PASSWORD FOR 'root'@'localhost' = PASSWORD("newpassword");
FLUSH PRIVILEGES;
exit;

# Kill mysqld
killall mysqld
# Restart MySQL
service mysql start

I ran into issues running MySQL Safe mode. I got a “UNIX socket file don’t exists” error. Here’s the fix.

mkdir -p /var/run/mysqld
chown mysql:mysql /var/run/mysqld

Change WordPress Password

July 18, 2016

One of the worst things that could happen to your blog is losing your login credentials. It’s a rare event, but it does happen occasionally. This is particularly true if you run hundreds of blogs and websites. Keeping track of all usernames and passwords can be a bit of a challenge.

If you have forgotten your WordPress password, you can quickly recover it, by using the “Lost your password” link underneath the login form. In my case, WordPress mail was not working. So, not only I can’t remember my password, but I also can’t send out lost passwords via email.

Thankfully, I had access to PHPMyadmin, a MySQL database administration tool.

Log in to PHPMyadmin. Access the WordPress database and look for the wp_users table. Edit the admin user and change the “user_pass” field. The WordPress password field uses the MD5 encryption instead of being in the clear.

Save your changes. Log in to WordPress.

Change MySQL Password

October 8, 2015

The following are instructions on how to change your MySQL password from the Unix command line.

mysql -u root -p
use mysql;

Change the password for any user, flush privileges and quit.

update user set password=PASSWORD('new_password') where User='root';
flush privileges;
quit

Make sure to make password changes on your applications as well.

In WordPress, edit the wp-config.php file to change database password.