Develop Reference

storing azure credentials best practice for azuremlsdk [closed]

Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 1 year ago.
Improve this question
Looking at this the following creates a config.json file (I think):
new_ws <- create_workspace(name = <workspace_name>,
subscription_id = <subscription_id>,
resource_group = <resource_group_name>,
location = location,
create_resource_group = FALSE)
write_workspace_config(new_ws)
Once this is done, it can be picked up like so:
ws <- load_workspace_from_config()
I would think that it is not best practice to source control the config.json file. What is the best approach please (in Windows)?
Thanks.

First, sorry if anything here seams inappropriate for your question since I do not know R.
If this is a project that won't be distributed (i.e to customers and be downloaded) I would save this data on an Environment Variable on you localhost or server and have all developers create a var as well. This will allow you to store all credentials and parameters without committing them.
This approach basically requires you to change the code which loads the credentials from the config file so it queries you localhost variables for the credentials. I found a nice guide on how to do that in R, check it here!
If this is a software that'll be distributed into production I would take a look at Azure Key Vault. This will allow you to safely store your secrets and get them when needed, authenticating with the user's account on an Azure AD or AD B2C. There's a nice guide here.
Best,
Felipe

SSH Key Permission Denied

I'm trying to set up cloud hosting with Digital Ocean.
Please skip to the bold part with asterisks (***) for the actual problem. Everything below here, above that part is background info.
I need to generate an RSA key pair, so I navigate to my cd ~/.ssh/ directory, then:
ssh-keygen -t rsa
I already have existing id_rsa and id_rsa.pub files, so when prompted:
Enter file in which to save the key (/demo/.ssh/id_rsa):
I enter the following to create a new pair:
~/.ssh/id_cloudhosting
I'm then asked for a passphrase, which I simply press return for "no password":
Enter passphrase (empty for no passphrase):
I repeat the above for confirmation, and the final output looks as follows (just a demo image):
Now that I have two new files, id_cloudhosting and id_cloudhosting.pub I need to copy the contents of the public file to my Digital Ocean hosting 'Add SSH console'. I do that like so:
cat ~/.ssh/id_cloudhosting.pub
Which returns the contents of the file:
ssh-rsa
bUnChOFcOd3scrambledABCDEFGHIJKLMNOPQRSTUVWXYZnowIknowmy
ABCnextTIMEwontyouSINGwithmeHODOR demo#a
I paste the key into my hosting console and it saves successfully.
The next step is where the permission issues start: ****************
I need to "spin up a new server" - step four from their docs. So I enter the following:
cat ~/.ssh/id_worker.pub | ssh root#[my.hosting.ip.address] "cat >> ~/.ssh/authorized_keys"
Which should copy the public key as root to a newly created file called authorized_keys
This step never gets created because I'm immediately asked for a password to my host. I didn't ever create one! I pressed return (or enter) at that point, so I do the same when prompted, and get permission denied!
root#[host.ip.address]'s password:
Permission denied, please try again.
root#[host.ip.address]'s password:
Permission denied, please try again.
root#[host.ip.address]'s password:
Permission denied (publickey,password).
How can I rectify these permission denied issues?
EDIT: FIX BELOW
It seems as though, by using an unconventional (other than id_rsa) file, I needed to explicitly identify the file by doing the following:
ssh root#droplet.ip.address -i /path/to/private_key_file
...be sure not to use the public_key_file there. I am not connected to the server from my terminal. This is after destroying my previous droplet, creating a fresh one, with fresh key files, as #will-barnwell suggested

Assuming you have followed the linked guide up to and through Step Three, when you create a new server from their Web UI use the "Add SSH Keys" option and select the key you added to your account previously.
When actually spinning up a new server, select the keys that you would
like installed on your server from the "Create a Droplet" screen. You
can select as many keys as you like:
Once you click on the SSH key, the text saying, "Your
root password will be emailed to you" will disappear, and you will not
receive an email confirmation that your server has been created.
The command you were using was to add an ssh key to pre-existing server. Judging from the above quote I bet the password that you are being prompted for is in your email.
Why?
When you create a server on Digital Ocean ( or really most cloud hosting services ) a root password is automatically generated for you, unless you set the server up with an authorization key.
Using key authentication is definitely a good security choice, but make sure to read the instructions carefully, don't just copy/paste commands and expect it all to work out.
EDIT: OP's comments on the question have shed additional light on the matter.
New Advice: Blow your server away and set up the SSH keys as suggested, your server is probably unusable if it is not accepting your old SSH key and is prompting you for a password you don't have.
Be careful messing around with your last auth key, add a new one before removing an old one.

Difference between superuser and root [closed]

Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 6 years ago.
Improve this question
I am using some online tutorials to learn the terminal in Unix systems.
Apparently root has full permissions everywhere, but it is inconvenient to su to root, do what you need to do, and then exit back to your normal username.
sudo apparently circumvents this, but I have some questions.
When you use sudo, it doesn't ask you for root's password, it asks for your password.
So what stops you from just sudo'ing everything and mimicking the same functionality of having logged directly into root using the root password?

The purpose of sudo is to allow certain users to run certain programs in certain ways, all of which can be controlled by the /etc/sudoers file and/or files in /etc/sudoers.d. And it logs those uses. So, a system operator, for example, can take backups, or a more senior admin can kill runaway processes, but neither of them gets the complete, unlimited access that su would give them.

When you use sudo, it doesn't ask you for root's password, it asks
for your password.
You must have recently authenticated. This could easily change this so that it authenticates you everytime:
sudo visudo
# that will open /etc/sudoers in vi/vim
# type the following to search the file:
/Defaults
# hit n to go to next result
# Find line that says:
Defaults env_reset
# and change it to:
Defaults env_reset,timestamp_timeout=0
# 0 is time in minutes
You could also use nano /etc/sudoers if you are more comfortable with nano I would recommend looking into vim though. The difference between nano and vim is like the difference between microsoft notepad and sublime/caret.
# Vim cheat sheet for this tutorial
i # insert mode
ESC # exit insert mode (and other modes)
:wq # write changes (w) quit (q)
# a little more advanced:
:%s/search/replace/gc
# replace all instances of search and ask for confirmation:
http://vim.wikia.com/wiki/Search_and_replace
So what stops you from just sudo'ing everything and mimicking the same
functionality of having logged directly into root using the root
password?
Great question! You are apparently part of the sudoers group. Most distros (Distributions of linux\unix) have this group as wheel. Check out usermod to change this for users.
You can confirm the group name in /etc/sudoers :
## Allows people in group wheel to run all commands
%wheel ALL=(ALL) ALL
## Same thing without a password
# %wheel ALL=(ALL) NOPASSWD: ALL
# ^^^ ENSURE THAT THIS IS COMMENTED OUT (or not present) ^^^
Not giving a user sudo access would prevent this.
This is also a great thing:
Everybody and their brother has a root account on their system a lot of script kiddies try to brute force root accounts as well as other common usernames like postgres. It is in your best interest to lock down the root account mitigating ssh brut force attacks. This can be done with passwd -l (RAN AS ROOT).
By having a sudo user you can still do admin tasks like installing software and creating new users.
Apparently root has full permissions everywhere, but it is
inconvenient to su to root, do what you need to do, and then su back
to your normal username.
If you are going to do extended tasks as root I would recommend:
sudo -i
# do whatever you need to do
^D
# CTRL+D This will terminate your current shell and take you back
# to your previous shell whereas su root and su username will take
# you two shells away from your initial session. This probably won't
# effect you besides MAYBE session history (I am not sure about that).
As always be careful because you can really mess up your system as a super user.
As for your title question:
Difference between superuser and root
Ubuntu99 does a great job of summing this up:
https://askubuntu.com/a/592838/212470

The root user is a build in user with administrative privillages in this application. root is the super user for the system, meaning that it has unlimited access to the files.
The root user has following additional role:
To create multiple administrator of an application and message them.
root user can restrict and manage admin users access and their privillages.

Unix File Permissions [closed]

Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 10 years ago.
Improve this question
I have a file xyz with permissions 440 with owner "a" and group "b".
group b contains guest user
now i am user C and i want to read the contents of the file xyz. is there any possible way for that?

You should just add user C to group B.
Here's the best resource I've found on it: http://www.cyberciti.biz/faq/howto-linux-add-user-to-group/

Yes it's posible, you can use Access Control List to allow users or groups to access some file or directory.
• Example to allow user c to read file xyz :
setfacl -m u:c:r /home/a/xyz
The -m is to modify the acl and the "u" is for the user which is specifically named, "c", followed by the rights and the file.
• or example to allow group b to read, write, execute file xyz : #
setfacl -m g:b:rwx /home/a/xyz
If you want to configure a directory so that all files that are created will inherit the acls of the directory you would use the "d" option before the group.
• To remove rights use the "x" option.
setfacl -x g:b /home/a/xyz

You can put user C into group B.

How can I allow a user to use a password to login via SFTP, rather than a private key? [closed]

Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 10 years ago.
Improve this question
I've setup VSFTPD in Ubuntu, and if I try to SFTP a file using a private key, I can get in fine--but I want to allow other users to use a password. I've followed Ubuntu's instructions, and already created users in an "sftponly" user group, and created the appropriate home directories but when I try to connect, I get a denied:
Permission denied (publickey).
When I do a ssh -vvv someuser#123.45.67.89, one line says:
debug1: Authentications that can continue: publickey
I've got another server where the password method works fine, and that particular debug line says:
debug1: Authentications that can continue: publickey,password
So, my question is: How can I add password to the list of authentication methods?

Edit sshd_config and make sure you have the line PasswordAuthentication yes.
On Ubuntu the file is here: /etc/ssh/ssh_config
You may want to back up a copy and change the permissions so that the backup is read-only, just in case you need to restore earlier settings.
The first answer to this question should help: https://serverfault.com/questions/154957/set-up-sftp-to-use-password-but-ssh-not-to-use-password