Sudo on Fedora 15

Sudo allows users to run commands as root while logging the command and its arguments.

In short, sudo first authenticates a user using their own password, then checks /etc/sudoers to see what sudo permissions (if any) the user has, then executes and logs the command if the user is allowed.

This is the preferred way to run commands as root for a few reasons:

  1. You do not need to give out the root password to users.
  2. You can limit which commands a user can run as root.
  3. All sudo commands are logged.

To use sudo on Fedora 15, first make sure the package is installed:

bash$ rpm -q sudo
sudo-1.7.4p5-4.fc15.x86_64

If it is not installed, su to root and install the package.

bash$ su -
root# yum install sudo

Next, edit the sudo configuration file by using the visudo command. Visudo locks the /etc/sudoers file against simultaneous edits, provides sanity checks, and checks for configuration errors. Avoid directly editing the /etc/sudoers file.

root# visudo

You will see that there are a variety of options, but let's look at this line which is enabled on Fedora 15 by default:

%wheel ALL=(ALL) ALL

This means that all users in the wheel group can run all commands as root on all systems that this sudoers file lives on. The sudoers file is designed so that you can have a single configuration live on various hosts and allow or disallow users by hostname.

Since this line is enabled in sudoers, quit visudo by exiting the editor and check what groups your username belongs to. In this example, my username is victor.

root# groups victor
victor : victor

In order to give the user full access to root using sudo, add the user to the wheel group.

root# usermod -a -G wheel victor
root# groups victor
victor : victor wheel

Next, logout of the root shell.

root# logout

Now, as your user, you can use sudo to run commands as root. The first time you run sudo, some warnings and advice will be printed to the screen.

bash$ sudo /usr/bin/test

Type in your password (not the root password), and you will successfully run /usr/bin/test as root. If the default configuration is kept, sudo will not prompt a user for their password until after 5 minutes from their last sudo command.

By default (on Fedora 15), sudo logs its usage into /var/log/secure by configuration of /etc/sudoers and /etc/rsyslog.conf. Normally, you need root permissions to read /var/log/secure, but now that you have sudo access, you can read the file. Read the sudo logs with something like this:

bash$ sudo grep sudo /var/log/secure

Finally, see /etc/sudoers and the SUDOERS(5) man page for syntax on how to configure access rights for users based on group, command and hostname.

bash$ less /etc/sudoers
bash$ man sudoers

Bash Variable Variable

So, you want a Bash variable variable? You know, a variable that contains a variable name. No problem - Use indirect expansion or eval. Below are some examples and options.

Bash Indirect Expansion for Variable Variables

First, lets say you have a set of variables that contain integers.

bash$ ONE=1
bash$ TWO=2
bash$ THREE=3

Next, you want to store the variable name inside a variable called NUM.

bash$ NUM=TWO

This is how you expand $NUM to give you the value of the variable name it is storing.

bash$ echo ${!NUM}
2

Again, if you change $NUM to THREE:

bash$ NUM=THREE

You can expand $NUM to get the value of the variable name stored in $NUM:

bash$ echo ${!NUM}
3

Here is an example that provides you with the number of days in the current month.

#!/bin/bash
 
THISMONTH=$(date +'%b')
 
Jan=31 Mar=31 May=31 Aug=31 Oct=31 Dec=31
Apr=30 Jun=30 Sep=30 Nov=30
Feb="28 or 29"
 
echo "${!THISMONTH} days in $THISMONTH"
exit $?

Eval for Bash Variable Variables

You can alternatively use eval to accomplish variable variables:

bash$ FIVE=5
bash$ NUM=FIVE
bash$ eval echo \$$NUM
5

Here is an eval example that uses a variable as part of a variable name:

bash$ COLOR_RED=FF0000
bash$ COLOR_BLUE=0000FF
bash$ COLOR_GREEN=00FF00
 
bash$ MYCOLOR=RED
bash$ eval echo \$COLOR_$MYCOLOR
FF0000

Using Perl LWP::UserAgent to View Server Headers

Unless configured to do otherwise, most HTTP and FTP servers will supply you with identifying information in the form of a server header. Using Perl's LWP::UserAgent, you can connect to a server and display the header information.

First, you'll need LWP::UserAgent. You can install this using Perl's CPAN repositories:

sudo perl -MCPAN -e 'install LWP::UserAgent'

After LWP::UserAgent is installed, you can use Perl to connect to the server and download the information. Here is an example script which takes one argument and displays the information:

#!/bin/env perl
 
use warnings;           # keep us warned
use strict;             # keep us honest
use LWP::UserAgent;     # for web requests
 
my $url;                # init url var
my $serverheader;       # init server header var
 
# require one argument
if ($#ARGV != 0) {
 
    printf("Usage: %s <URL>\n", $0);
    exit(1);
 
} else { $url = $ARGV[0]; }
 
# build connection properties
my $ua = LWP::UserAgent->new();
$ua->timeout(10);
$ua->agent('Mozilla/5.0');
 
# connect and get
my $response = $ua->get($url);
 
# if we can connect...
if ($response->is_success) {
 
    # grab server header
    $serverheader = $response->server;
 
    # if server header exists...
    if (defined($serverheader)) {
 
        # print server header
        printf("%s\n", $response->server);
 
    # else, print a message
    } else { printf("No server header available.\n"); }
 
# else, print connection status
} else { printf("%s\n", $response->status_line); }
 
exit(0);

Assuming that the code is saved as getinfo.pl and executable (chmod +x), you can use it to fetch interesting information from various HTTP and FTP servers.

bash$ ./getinfo.pl http://www.apache.org
Apache/2.3.15-dev (Unix) mod_ssl/2.3.15-dev OpenSSL/1.0.0c
 
bash$ ./getinfo.pl ftp://apache.mirrors.pair.com
apache.mirrors.pair.com NcFTPd Server (licensed copy)

Of course, some sites do not publish HTTP headers (but most do).

bash$ ./getinfo.pl http://www.facebook.com
No server header available.

Finally, the code will show you if there is an error:

bash$ ./getinfo.pl http://badurl
500 Can't connect to badurl:80 (Bad hostname 'badurl')

Bash Socket Programming

You can connect to a socket using Bash by using exec and redirecting to and from the pseudo-path /dev/tcp/<hostname>/<port> or /dev/udp/<hostname>/<port>. For instance, to connect to your localhost SSH port using TCP:

exec 3<>/dev/tcp/localhost/22

Then, use cat and echo to read or write to the socket. Here is an example read:

cat <&3
SSH-2.0-OpenSSH_5.6

Notice that there is no such file as /dev/tcp or /dev/udp. Bash interprets the pseudo-path.

ls -l /dev/tcp
ls: cannot access /dev/tcp: No such file or directory
 
ls -l /dev/udp
ls: cannot access /dev/udp: No such file or directory

As another example, maybe you want to download a webpage:

exec 3<>/dev/tcp/www.fedora.org/80
echo -e "GET /\n" >&3
cat <&3

Finally, let's say you wanted to connect to an IRC server. Here is an example:

#!/bin/bash
 
##########################################################
# Config
 
NICK="mynick"
SERVER="irc.freenode.net"
PORT=6667
CHANNEL="#bashirc"
 
##########################################################
# Main
 
exec 3<>/dev/tcp/${SERVER}/${PORT}
echo "NICK ${NICK}" >&3
echo "USER ${NICK} 8 * : ${NICK}" >&3
echo "JOIN ${CHANNEL}" >&3
cat <&3
 
exit $?

Sources

tldp.org: Advanced Bash-Scripting Guide - Chapter 29
thesmithfam.org: Bash socket programming with /dev/tcp

Linux Journal Contest with Prizes

The folks at Linux Journal are having a contest!
Winners will receive a 1 year digital subscription.

Follow these instructions to enter.

Read & Remove EXIF Data From the Command Line

Most digital cameras will insert metadata into images. This metadata is stored using the exchangeable image file format (EXIF) and can contain camera specifications, exposure settings, thumbnails, GPS coordinates and more. This article outlines some Linux command line tools you can use for reading, editing and removing EXIF metadata from images.

Reading and Editing EXIF Metadata with ExifTool

ExifTool is powerful a Perl program that can be used to read and edit EXIF metadata in images. To install ExifTool as /usr/bin/exiftool on Fedora, install the perl-Image-ExifTool package:

su -c 'yum install perl-Image-ExifTool'

Alternatively, you can use CPAN to install ExifTool in /usr/local/bin/exiftool.

su -c "perl -MCPAN -e'install Image::ExifTool'"

After installation, you will have the exiftool command available in /usr/bin or /usr/local/bin. To view the EXIF metadata in an image, just past the image as an argument to exiftool.

exiftool dsc_0790.jpg

Here is a snippet of the output from the above command:

ExifTool Version Number : 7.60
File Name : dsc_0790.jpg
Directory : .
File Size : 4.4 MB
File Modification Date/Time : 2008:07:16 09:45:20-07:00
File Type : JPEG
MIME Type : image/jpeg
Exif Byte Order : Big-endian (Motorola, MM)
Make : NIKON CORPORATION
Camera Model Name : NIKON D200
Orientation : Horizontal (normal)
X Resolution : 300
Y Resolution : 300
Resolution Unit : inches
Software : Bibble 4.10a
Modify Date : 2007:06:23 22:00:14
Exposure Time : 1/40
F Number : 2.0
Exposure Program : Aperture-priority AE
ISO : 100
.
.
.

ExifTool has many options for editing and removing EXIF metadata in images. To see the available options, use the --help switch or read the ExifTool documentation.

exiftool --help

Reading EXIF Metadata with Jhead

Jhead is a command line tool for displaying EXIF data embedded in JPEG images. On Fedora, use Yum to install Jhead:

su -c 'yum install jhead'

Now, use /usr/bin/jhead to read EXIF metadata:

jhead dsc_0790.jpg

Here is an example of the output produced by the jhead command:

File name : dsc_0790.jpg
File size : 4654488 bytes
File date : 2008:07:16 09:45:20
Camera make : NIKON CORPORATION
Camera model : NIKON D200
Date/Time : 2007:06:23 22:00:14
Resolution : 3880 x 2608
Flash used : No
Focal length : 50.0mm (35mm equivalent: 75mm)
Exposure time: 0.025 s (1/40)
Aperture : f/2.0
ISO equiv. : 100
Exposure bias: 1.00
Whitebalance : Auto
Exposure : aperture priority (semi-auto)
GPS Latitude : ? ?
GPS Longitude: ? ?
======= IPTC data: =======
(C)Flag : 0
DateCreated : 20070623
Time Created : 220014
Record vers. : 4

Removing EXIF Metadata with ImageMagick

If you need to strip the EXIF metadata from images, use ImageMagick's mogrify command. To install ImageMagick on Fedora, use Yum:

su -c 'yum install ImageMagick'

After ImageMagick is installed, you will have /usr/bin/mogrify available. The mogrify command can be used to strip Exif data from images.

mogrify -strip imagename.jpg

If you need to process a large number of files, use find and xargs:

find ./folder_of_images -name '*.jpg' | xargs mogrify -strip

How to Be Faster at the Linux Command Line

Want to be faster at the Linux command line interface? Since most Linux distributions provide Bash as the default CLI, here are some Bash tricks that will help cut down the amount of typing needed to execute commands. Feel free to comment and share your own speed tricks.

Control-R Through Your History

This is my most used shortcut. Hit Control-R and begin to type a string. You immediately get the last command in your Bash history with that string. Hit Control-R again to cycle further backwards in your history.

For instance, type the following and hit Enter.

grep root /etc/passwd

Then hit Control-R and begin to type 'grep'.

Control-R
(reverse-i-search)`gre': grep root /etc/passwd

When you see the original command listed, hit Enter to execute it. Alternatively, you can also hit the Right-Arrow to edit the command before running it.

Use History Expansion

Bash's command history can be referenced using the exclamation mark. For instance, typing two exclamation marks (!!) will re-execute the last command. The next example executes date twice:

date
!!

If you are interested in more than just the last command executed, type history to see a numbered listing of your Bash's history.

history
  39 grep root /etc/passwd
  40 date
  41 date
  42 history

Since grep root /etc/passwd is command number 39, you can re-execute it like so:

!39

You can also reference Bash's history using a search string. For instance, the following will run the last command that started with 'grep'.

!grep

Note, you can set the number of commands stored in your history by setting HISTSIZE.

export HISTSIZE=1000

You can also wipe your history clear with the -c switch.

history -c

Use History Quick Substitution

Historical commands can be edited and reused with quick substitution. Let's say you grep for 'root' in /etc/passwd:

grep root /etc/passwd

Now, you need to grep for 'root' in /etc/group. Substitute 'passwd' for 'group' in the last command using the caret (^).

^passwd^group

The above command will run:

grep root /etc/group

Use Vi or Emacs Editing Mode

You can further enhance your abilities to edit previous commands using Vi or Emacs keystrokes. For example, the following sets Vi style command line editing:

set -o vi

After setting Vi mode, try it out by typing a command and hitting Enter.

grep root /etc/passwd

Then, Up-Arrow once to the same command:

Up-Arrow
grep root /etc/passwd

Now, move the cursor to the 'p' in 'passwd' and hit Esc.

grep root /etc/passwd
               ^

Now, use the Vi cw command to change the word 'passwd' to 'group'.

grep root /etc/group

For more Vi mode options, see this list of commands available in Vi mode. Alternatively, If you prefer Emacs, use Bash's Emacs mode:

set -o emacs

Emacs mode provides shortcuts that are available through the Control and Alt key. For example, Control-A takes you to the beginning of the line and Control-E takes you to the end of the line. Here is a list of commands available in Bash's Emacs mode.

Use Aliases and Functions

Bash allows for commands, or sets of commands, to be aliased into a single instruction. Your interactive Bash shell should already load some useful aliases from /etc/profile.d/. For one, you probably have ll aliased to ls -l.

If you want to see all aliases loaded, run the alias Bash builtin.

alias

To create an alias, use the alias command:

alias ll='ls -l'

Here are some other common aliases:

alias ls='ls --color=tty'
alias l.='ls -d .* --color=auto'
alias cp='cp -i'
alias mv='mv -i'

Note that you can also string together commands. The follow will alias gohome as cd , then run ls. Note that running cd without any arguments will change directory to your $HOME directory.

alias gohome='cd; ls'

Better yet, only run ls if the cd is successful:

alias gohome='cd && ls || echo "error($?) with cd to $HOME"'

More complex commands can be written into a Bash function. Functions will allow you to provide input parameters for a block of code. For instance, let's say you want to create a backup function that puts a user inputted file into ~/backups.

backup() {
  file=${1:?"error: I need a file to backup"}
  
  timestamp=$(date '+%m%d%y')
  backupdir=~/backups
  
  [ -d ${backupdir} ] || mkdir -p ${backupdir}
  cp -a ${file} ${backupdir}/$(basename ${file}).${timestamp}
  return $?
}

Like the example above, use functions to automate small, daily tasks. Here is one I use to set my xterm title.

xtitle() {
  unset PROMPT_COMMAND
  echo -ne "\033]0;${@}\007"
}

Of course, you can use functions together with aliases. Here is one I use to set my xterm title to 'MAIL' and then run Mutt.

alias mutt='xtitle "MAIL" && /usr/bin/mutt'

Finally, to ensure that your custom aliases and functions are available each login, add them to your .bashrc.

vim ~/.bashrc

Site Captcha Upgraded

I recently received a comment from Bappoy mentioning that the site's Captcha was "awful". He was right, Captcha was using an ugly font to render images.

Since then, I have upgraded the comment Captcha to use FontForge's FreeSans. The Captcha images are a lot nicer looking now. Thanks for the feedback, Bappoy!

10 Tips for Writing Efficient Bash Scripts

Bash is the default command line interface for many Linux distributions and a powerful scripting language. Here are some suggestions that will keep your Bash scripts efficient and lean. Feel free to comment with your own suggestions.

  1. Avoid Full Paths to Bash Builtins

    Bash has many builtins that can be used instead of calling external commands. You should leverage the builtin commands whenever possible since it avoids calling a subcommand from the system.

    Since Bash has builtins for some commands found in /bin and /usr/bin (such as echo), avoid using the full path for these commands and the builtin will be used.

    # avoid this
    /bin/echo "hello"

    Use the Bash builtin instead:

    echo "hello"

    Other bash builtins include: test, read, declare, eval, let pushd and popd. See the Bash man page for a full listing of builtins.

  2. Avoid External Commands for Integer Math

    Bash also provides builtins that can be used for integer arithmetic. Only use /usr/bin/bc if you need to do floating point arithmetic. Integer calculations can be made with these Bash builtins:

    four=$(( 2 + 2 ))
    four=$[ 2 + 2 ]
    let four="2 + 2"

  3. Avoid using Cat

    Tools like Grep, Awk and Sed will take files as arguments. There is rarely a need to use /bin/cat. For instance, the following is unnecessary:

    # avoid this
    cat /etc/hosts | grep localhost

    Instead, use Grep's native ability to read files:

    grep localhost /etc/hosts

  4. Avoid Piping Grep to Awk

    If using Awk, you can often eliminate the need for grep. Try not to pipe Grep to Awk:

    # avoid this
    grep error /var/log/messages | awk '{ print $4 }'

    Use Awk's native ability to parse text and save yourself a command.

    awk '/error/ { print $4 }' /var/log/messages

  5. Avoid Piping Sed to Sed

    Sed can take more than one command in a single execution. Avoid piping sed to sed.

    # avoid this
    sed 's/hello/goodbye/g' filename | sed 's/monday/friday/g'

    Instead, use sed -e or delimit the sed expressions with a semicolon (;)

    sed -e 's/hello/goodbye/g' -e 's/monday/friday/g' filename
    sed -e 's/hello/goodbye/g; s/monday/friday/g' filename

  6. Use Double Brackets for Compound and Regex Tests

    The [ or test builtins can be used to test expressions, but the [[ builtin operator additionally provides compound commands and regular expression matching.

    if [[ expression1 || expression2 ]]; then do_something; fi
    if [[ string =~ regex ]]; then do_something; fi

  7. Use Functions for Repetitive Tasks

    Break your script up into pieces and use functions to conduct repetitive tasks. Functions can be declared like so:

    function_name() {
      do_something
      return $?
    }

    Make your functions usable by more than one shell script by sourcing a functions file from the various scripts. You can source another file in Bash using the . builtin.

    #!/bin/bash
    . /path/to/shared_functions

    See the Bash man page, or my article on Bash functions for more information.

  8. Use Arrays Instead of Multiple Variables

    Bash arrays are very powerful. Avoid using unnecessary variables:

    # avoid this
    color1='Blue'
    color2='Red'
    echo $color1
    echo $color2

    Instead, use Bash arrays.

    colors=('Blue' 'Red')
    echo ${colors[0]}
    echo ${colors[1]}

    Check out my article on Bash arrays for more details.

  9. Use /bin/mktemp to Create Temp Files

    Need a temporary file? Use /bin/mktemp to create temporary files or folders.

    tempfile=$(/bin/mktemp)
    tempdir=$(/bin/mktemp -d)

  10. Use /bin/egrep or /bin/sed for Regex Pattern Matching

    Think you need Perl? Check out Sed or Egrep (grep -e) for regex pattern matching.

    # grep for localhost or 127.0.0.1 in /etc/hosts
    egrep 'localhost|127\.0\.0\.1' /etc/hosts
     
    # print pattern localhost.* in /etc/hosts
    sed -n 's/localhost.*/&/p' /etc/hosts

GIMP Effects for Photographers

Below are some GIMP tutorials that demonstrate photographic effects.

Selective Colorization

Want to only color the eyes? Or a dress? Gimpguru.com shows you how in this tutorial: http://www.gimpguru.org/Tutorials/SelectiveColorization/

The Cross Processing Effect

Wikipedia defines cross processing as "the procedure of deliberately processing photographic film in a chemical solution intended for a different type of film." This effect can be mimicked in GIMP. Becka Jayne shows you how in this tutorial: http://beckajaynephotography.blogspot.com/2007/06/gimp-tutorial-cross-pr...

The Vintage Effect

Want that vintage look for your photos? Check out Gimpology's tutorial on authentic vintage effects for GIMP: http://gimpology.com/submission/view/authentic_vintage_effect

The Orton Effect

The Orton Effect (named after Michael Orton) can be simulated in GIMP. Follow the directions from wikidot.com here: http://osp.wikidot.com/orton-technique

The Cinematic Effect

Want your photos to look like a movie? Gimpology.com shows you how in this tutorial: http://gimpology.com/submission/view/make_your_photo_look_like_a_hollywo...

How to Connect to a VNC Server Using SSH

Need to connect to a VNC server behind a firewall that only allows SSH traffic? With SSH access to the VNC server, you can tunnel the VNC traffic through an SSH connection. This will encrypt your VNC traffic through an SSH tunnel.

To begin, SSH to the VNC server and forward the local client's 5904 TCP port to the VNC server's port 5901.

client$ ssh user@vncserver.mydomain.com -L 5904:*:5901

Next, In a new window, direct vncviewer to your localhost 5904 port and the traffic will be forwarded to your VNC server's port 5901.

client$ vncviewer localhost:5904

If you get any errors, be sure that your client's firewall is not blocking localhost's port 5904.

client$ su -c "iptables -L"

An Explanation of .bashrc and .bash_profile

Both the ~/.bashrc and ~/.bash_profile are scripts that might be executed when bash is invoked. The ~/.bashrc file gets executed when you run bash using an interactive shell that is not a login shell. The ~/.bash_profile only gets executed during a login shell. What does this all mean? The paragraphs below explains interactive shells, login shells, .bashrc, .bash_profile and other bash scripts that are executed during login.

Login Shells (.bash_profile)

A login shell is a bash shell that is started with - or --login. The following are examples that will invoke a login shell.

sudo su -
bash --login
ssh user@host

When BASH is invoked as a login shell, the following files are executed in the displayed order.

  1. /etc/profile
  2. ~/.bash_profile
  3. ~/.bash_login
  4. ~/.profile

Although ~/.bashrc is not listed here, most default ~/.bash_profile scripts run ~/.bashrc.

Purely Interactive Shells (.bashrc)

Interactive shells are those not invoked with -c and whose standard input and output are connected to a terminal. Interactive shells do not need to be login shells. Here are some examples that will evoke an interactive shell that is not a login shell.

sudo su
bash
ssh user@host /path/to/command

In this case of an interactive but non-login shell, only ~/.bashrc is executed. In most cases, the default ~/.bashrc script executes the system's /etc/bashrc.

Be warned that you should never echo output to the screen in a ~/.bashrc file. Otherwise, commands like 'ssh user@host /path/to/command' will echo output unrelated to the command called.

Non-interactive shells

Non-interactive shells do not automatically execute any scripts like ~/.bashrc or ~/.bash_profile. Here are some examples of non-interactive shells.

su user -c /path/to/command
bash -c /path/to/command

For more information, see the bash man page.

Fedora 10 Rar and Unrar

By default, Rar is not available in Fedora 10. If all you need to do is extract files from a Rar archive, unrar from RPM Fusion's YUM repositories will work. If you need to create Rar archives, then you will have to download and install the complete Rar package from DAG. The instructions below show you how.

Only Need to Extract Files?

First, install RPM Fusion's free and nonfree YUM repositories. For detailed information about installing RPM Fusion, see: http://rpmfusion.org/Configuration

su -c "rpm -Uvh http://download1.rpmfusion.org/free/fedora/rpmfusion-free-release-stable.noarch.rpm"

su -c "rpm -Uvh http://download1.rpmfusion.org/nonfree/fedora/rpmfusion-nonfree-release-stable.noarch.rpm"

Next, install the unrar packages from RPMFusion's nonfree repository.

su -c "yum install unrar"

Done! You now have unrar in /usr/bin/unrar. This binary can only extract files from Rar archives. Use this command to see all available options:

/usr/bin/unrar -?

Need to Create Rar Archives?

First, download the source RPM from DAG: http://dag.wieers.com/rpm/packages/rar

wget -c http://dag.wieers.com/rpm/packages/rar/rar-3.5.1-1.rf.src.rpm

Now, install the source RPM. This will create a $HOME/rpmbuild tree. Please note that you do not need to be root.

rpm -iv rar-3.5.1-1.rf.src.rpm

Next, build a binary package in $HOME/rpmbuild. Again, no need to be root.

rpmbuild -bb ~/rpmbuild/SPECS/rar.spec

Finally, install the built RPM as root:

su -c "rpm -Uvh $HOME/rpmbuild/RPMS/$(arch)/rar-3.5.1-1.rf.x86_64.rpm"

Done! You now have rar in /usr/bin/rar. This binary can build and extract Rar files. Use this command to see all available options:

/usr/bin/rar -?

Fedora 10 Codecs with MPlayer

If you just need MP3 support, you might want to start here. Otherwise, I recommend using RPMFusion.org's MPLayer package with the codecs found at http://www.mplayerhq.hu.

First, install RPM Fusion's free and nonfree YUM repositories. For detailed information about installing RPM Fusion, see: http://rpmfusion.org/Configuration

su -c "rpm -Uvh http://download1.rpmfusion.org/free/fedora/rpmfusion-free-release-stable.noarch.rpm"

su -c "rpm -Uvh http://download1.rpmfusion.org/nonfree/fedora/rpmfusion-nonfree-release-stable.noarch.rpm"

Next, install MPlayer from RPMFusion.org.

su -c "yum install mplayer gnome-mplayer gnome-mplayer-common mencoder"

Now, visit the MPlayer Codecs Directory and download the latest 'All' tarball.

wget http://www.mplayerhq.hu/MPlayer/releases/codecs/all-20071007.tar.bz2

Next, prepare the codecs folder. MPlayer from RPMFusion.org will use /usr/lib/codecs.

su -c "mkdir -p /usr/lib/codecs"

Other media players like Xine and avifile might use /usr/lib/win32, so create a symlink.

su -c "ln -s /usr/lib/codecs /usr/lib/win32"
ls -l /usr/lib/win32
lrwxrwxrwx 1 root root 15 2008-05-24 08:02 /usr/lib/win32 -> /usr/lib/codecs

Finally, extract the contents of the tarball and copy all files to /usr/lib/codecs.

tar -xjvf all-20071007.tar.bz2
su -c "cp -a all-20071007/* /usr/lib/codecs/"

See the MPlayer(1) man page for /usr/bin/mplayer usage.

man 1 mplayer

Passwordless SSH

Passwordless SSH can be accomplished using SSH's public key authentication. To configure passwordless SSH, follow the directions below. Warning: passwordless SSH will make your systems less secure. If you are comfortable with that, the directions below will walk you through server and client configurations. Then, I'll show you how to debug SSH if you encounter problems.

SSHD Server Configuration

First, you must ensure that your SSHD server allows for passwordless authentication using public keys. If you do not have root access to the server, do not worry. By default, public key authentication over protocol 2 is enabled. Skip this step. If you have any problems, contact your System Administrator.

If you have root privileges, edit your system's /etc/ssh/sshd_config and apply the following settings. I suggest you disable protocol 1 RSA key based authentication and leave all other settings alone for now. Visit the man page SSHD_CONFIG(5) for details.

# Disable protocol 1 RSA key based authentication
RSAAuthentication no
# Protocol 2 public key based authentication
PubkeyAuthentication yes
# Authorized public keys file
AuthorizedKeysFile .ssh/authorized_keys

If you make any changes, save them and restart your SSH server.

service sshd restart

SSH Client Configuration

Now that the server is configured, log into your client system and examine /etc/ssh/ssh_config. This is the SSH client configuration file and you do not need to edit it.

less /etc/ssh/ssh_config

By default, public key authentication over protocol 2 is enabled for clients. You only need to make sure that it is not disabled. If it is, create an ~/.ssh/config to override the /etc/ssh/ssh_config options.

cp -a /etc/ssh/ssh_config ~/.ssh/config

Then edit it and add this to the "Host *" block:

PubkeyAuthentication yes

Create Client Key

With the client in order, you need to create a public and private key pair. The following command will build a DSA key pair. Hit for all questions asked. This will create a DSA key pair in ~/.ssh/. The private key is called id_dsa and the public key is id_dsa.pub.

ssh-keygen -t dsa

Use Key for Authentication

Now that you have a public and private key pair, put the public key on the server you wish to log into without a password. You will need to put the public key inside the server's /home/user/.ssh/authorized_keys file. This file can contain multiple keys, so you generally do not want to just copy over it. Note that the authorized_keys2 file was deprecated in OpenSSH 3.0 (2001).

cat ~/.ssh/id_dsa.pub | ssh user@server "cat - >> ~/.ssh/authorized_keys"

Alternatively, modern releases of SSH have a command to help you copy keys.

ssh-copy-id -i ~/.ssh/id_dsa.pub user@server

Test and Debug SSH

Now, test.

ssh username@server date

If you get prompted for a password, check the server's system logs for clues. You can also enable debugging in /etc/ssh/sshd_config with the following directive.

LogLevel DEBUG

Other options are INFO, VERBOSE, DEBUG2 and DEBUG3. See the man page SSHD_CONFIG(5) for details. For the client, the exact same option can be placed inside a /etc/ssh/ssh_config's Host block. See SSH_CONFIG(5) for client debugging details.

man 5 sshd_config
man 5 ssh_config

Installing Compiz on Fedora 10

The Compiz window manager is available on Fedora 10. Since Compiz uses 3D graphics acceleration via Fedora's OpenGL libraries, you will need a descent graphics card (and their drivers) installed on your Fedora system. For more information on Compiz see: http://www.freedesktop.org/wiki/Software/Compiz

Gnome Compiz Install

If you are using Gnome, run:
su -c "yum install compiz-gnome"

Then, run the following and click on "Enable Desktop Effects"
/usr/bin/desktop-effects

KDE Compiz Install

KDE users should run:
su -c "yum install compiz-kde"

Then, run the following command, select "Compiz" and click "OK"
/usr/bin/kde-desktop-effects.sh

Fedora 10 MP3 Support

Fedora 10 does not come with built-in MP3 support. To get MP3 support with Fedora, you can use RPM Fusion's YUM repositories to download MP3 enabled RPMs.

Enable RPM Fusion

First, install RPM Fusion's free and nonfree YUM repositories. For detailed information about installing RPM Fusion, see: http://rpmfusion.org/Configuration

su -c "rpm -Uvh http://download1.rpmfusion.org/free/fedora/rpmfusion-free-release-stable.noarch.rpm"

su -c "rpm -Uvh http://download1.rpmfusion.org/nonfree/fedora/rpmfusion-nonfree-release-stable.noarch.rpm"

Install GStreamer

Next, run this command to get the gstreamer plugins.

su -c "yum install gstreamer gstreamer-plugins-bad gstreamer-plugins-ugly"

Install Applications and Libraries

For Amarok with MP3 support, install these packages:

su -c "yum install amarok phonon-backend-gstreamer"

For MPlayer with MP3 support, install these RPMs:

su -c "yum install mplayer gnome-mplayer gnome-mplayer-common mencoder"

For XMMS with MP3 support, install the following:

su -c "yum install xmms xmms-mp3"

For xine with MP3 support, install these RPMs:

su -c "yum install xine xine-lib-extras-nonfree"

To create MP3s with LAME, install lame and lame-mp3x.

su -c "yum install lame lame-mp3x"

Alternatively, run this command to install everything:

su -c "yum install xmms xine mplayer amarok xmms-mp3 gstreamer phonon-backend-gstreamer gstreamer-plugins-bad gstreamer-plugins-ugly xine-lib-extras-nonfree mplayer gnome-mplayer-common mencoder gnome-mplayer lame lame-mp3x"

Perl For Loop

The Perl for loop is used to loop through a block of code until a specified condition is met. The for loop statement contains three sections followed by a block of code. Below is an example.

A Simple For Loop Example

for (my $number = 1; $number <= 10; $number++) {
  print "$number ";
}

The first section initializes a variable

my $number = 1;

Then, the loop condition is provided. The loop will run as long as this is true.

$number <= 10;

Finally, the last section is executed at the end of each loop iteration. In our example's case, $number increments by one.

$number++

Executing this loop results in:

1 2 3 4 5 6 7 8 9 10

For Loop and Arrays

Here is an example of how the for statement can be used to loop through an array.

my @languages = ("Perl", "Python", "C", "Fortran");
my $size = @languages;
for (my $i = 0; $i <= $size; $i++) {
  print "$languages[$i]\n";
}

The SysAdmin Ten Commandments

I. Thou shalt respect thy user

It is paramount that you respect the user and their data. Don't steal their MP3s, don't look at their porn. When working with email, look without reading. Respect them and they will respect you.

II. Thou shalt empower the user

The user is the customer. The system is not yours, it is theirs. Provide users the tools they need to be successful and they will be happy. Give them space to experiment, learn and create. Do not hold users back.

III. Thou shalt keep it simple

Keep It Simple, Stupid. The KISS principle will keep you from building barrels to keep a bottle's worth of wine. Do not mistake over-engineering for quality. Quality work is concise and scalable.

IV. Thou shalt expect catastrophe

Expect the worst surprises. Make your resources redundant, backup your data, test your backups, and then backup the backups. The shit will hit the fan someday. Be prepared.

V. Thou shalt plan

Great work follows great plans. Stay on target by first identifying it. Plan your work carefully and surprises will be easier to handle.

VI. Thou shalt stay informed

Gather all the news, information, logs and statistics you can. Without the raw data to analyze, you cannot debug problems and you cannot forecast. Without new information, you cannot learn.

VII. Thou shalt share

No one is alone in this world. Pass your knowledge on to others. Give to others, contribute to the community and you will reap many rewards. It is not wise to horde knowledge. Don't be an asshole.

VIII. Thou shalt automate

Do more, faster by automating tasks. You are the puppet master, do not waste your time with menial work. Work smarter, not harder.

IX. Thou shalt document

Always document your work, your code and your plans. Then document their execution and maintenance. Document for others and document for yourself. Documentation should be an extension of your mind and a resource for others.

X. Thou shalt respect thy organization

Without organization, there is no system, there is no user and there is no job. Understand the organization and its business. Respect it and help it thrive.

Update on Flash Plugin for Fedora 10

I want to thank Yu-Jie Lin from Taiwan, who commented on my post about installing the Flash Plugin on Fedora 10. He noted that you no longer need ndiswrapper to run the Adobe Flash Plugin in 64-bit browsers. Adobe Labs now provides a 64-bit Flash Plugin. I have updated my instructions for installing Flash on Fedora to reflect the new information.

Thanks Yu-Jie Lin!

Flash Plugin on Fedora 10

The Adobe Flash Plugin, with sound support, is available on Fedora. These instructions guide you through the installation of Adobe's Flash Plugin on Fedora 10.

Install Audio Libraries

First, install the audio libraries needed for sound support by the Flash Plugin.

su -c "yum -y install pulseaudio-libs alsa-lib alsa-plugins-pulseaudio"

Using 64-bit Firefox?

Adobe Labs has been offering a 64-bit Flash plugin since Dec 12, 2008. Be sure to first uninstall any other versions of Flash you have installed on the system. Then, download and unpack the 64-bit Flash Plugin for Linux into your Mozilla Plugins folder. For updates and details, visit the Adobe Labs Download page for Flash: http://labs.adobe.com/downloads/flashplayer10.html

cd $HOME/.mozilla/plugins
wget http://download.macromedia.com/pub/labs/flashplayer10/libflashplayer-10....
tar -xzvf libflashplayer-10.0.d21.1.linux-x86_64.so.tar.gz

Don't forget to restart your browser!

32-bit Users Only

Visit http://www.adobe.com/products/flashplayer/ and click Download Now. Then select YUM for Linux and download the provided RPM (adobe-release-i386-1.0-1.noarch.rpm).

Install the downloaded RPM which installs /etc/yum.repos.d/adobe-linux-i386.repo.

su -c "rpm -ivh adobe-release-i386-1.0-1.noarch.rpm"

Check that you can access the Adobe Yum repository.

su -c "yum --disablerepo=* --enablerepo=adobe* list"

Now, install the Adobe Flash Plugin

su -c "yum install flash-plugin"

Then, add the Flash Plugin is in your $HOME/.mozilla/plugins folder.

mkdir -p $HOME/.mozilla/plugins
cd $HOME/.mozilla/plugins
ln -s /usr/lib/flash-plugin/libflashplayer.so .

Don't forget to restart your browser!

Bash File Loops

Some examples of iterating through files and looping through file content in Bash. For details, see the Bash man page or the Bash reference manual.

Loop Through Files

for FILE in *; do
  # do something with $FILE
  echo "File: $FILE"
done

For more control, use /usr/bin/file

for FILE in $(find ./ -name *.html -type f); do
  # do something with $FILE
  echo "HTML File: $FILE"
done

Loop Through Lines in a File

while read LINE; do
  # do something with $LINE
  echo "Line: $LINE"
done < /etc/hosts

Loop Through Words in a File

for WORD in $(cat /etc/hosts); do
  # do something with $WORD
  echo "Word: $WORD"
done

Loop Through Characters in a File

while read -n1 CHAR; do
  # do something with $CHAR
  echo "Character: $CHAR"
done < /etc/hosts

iTunes on Linux with Wine

iTunes for Windows XP can be run on Fedora 9 using Wine, an Open Source implementation of the Windows API on top of X and OpenGL. Please note that iTunes runs a bit slow over Wine and I have yet to test an iPhone or iPod with this configuration.

First, install all the wine packages.
sudo yum install wine*

Now, install the pulseaudio alsa plugin for sound support
sudo yum install alsa-plugins-pulseaudio*

Next, download the Windows XP iTunesSetup.exe from Apple.
firefox http://www.apple.com/itunes/download/

Now, install iTunes using wine
/usr/bin/wine iTunesSetup.exe

You can now run iTunes manually like so:
env WINEPREFIX="$HOME/.wine" wine "C:\Program Files\iTunes\iTunes.exe"

If you get an error regarding the registry, ignore it by clicking OK.

Here is a screenshot of iTunes running on Fedora 9.
Note that there is an icon for iTunes in Gnome's Notification Area (system tray).

For more information see the iTunes application page at winehq.org.

Top Linux IRC Clients

Internet Relay Chat (IRC), a form of Internet chat was created by Jarkko Oikarinen in 1988. Here is a list of Linux clients that will get you connected to IRC Networks. For an extensive list of IRC clients and their features, see the Wikipedia Comparison of Internet Relay Chat clients page.

  • Irssi
    Irssi is the self proclaimed client of the future and my favorite IRC client. Irssi is a terminal based, feature-rich, highly configurable, themed environment with support for Perl scripts. The project website hosts a large variety of themes and scripts that can be used with Irssi.

  • BitchX
    BitchX is a feature-rich and highly configurable, terminal based IRC client based on ircII. BitchX supports custom scripts, which can be written in TCL.
  • ChatZilla
    ChatZilla is a cross platform, graphical IRC client written entirely in JavaScript and XUL. ChatZilla is a mozilla.org project and can be installed as a Firefox plugin.

  • Konversation
    Konversation is a graphical IRC client for the KDE that supports multiple identities and theme support for nick icons.

  • Pidgin
    Pidgin is a Gnome based, multi-protocol Instant Messaging client with support for IRC.. With Pidgin, you can manage your instant messaging accounts and IRC connections with one, graphical client.

  • CenterIM
    CenterIM is a terminal based, multi-protocol Instant Messaging client with support for IRC. If you want the functionality of Pidgin in a text-based console, then CenterIM is for you.

Bash Trap Control C

Do you want to catch control-c keyboard interrupts in your Bash program? Use the Bash builtin trap command to catch system signals. The following runs control_c() when a user interrupts the main() section with a Control-C (SIGINT).

#!/bin/bash
 
cleanup()
# example cleanup function
{
  rm -f /tmp/tempfile
  return $?
}
 
control_c()
# run if user hits control-c
{
  echo -en "\n*** Ouch! Exiting ***\n"
  cleanup
  exit $?
}
 
# trap keyboard interrupt (control-c)
trap control_c SIGINT
 
# main() loop
while true; do read x; done

Bash & (Ampersand)

The Bash & (ampersand) is a builtin control operator used to fork processes. From the Bash man page, "If a command is terminated by the control operator &, the shell executes the command in the background in a subshell".

If logged into an interactive shell, the process is assigned a job number and the child PID is displayed. The job number below is one.

bash$ sleep 30 &
[1] 3586

Note that when a process is forked, the child PID is stored in the special variable $!

bash$ echo $!
3586

You can terminate the job by its job number like so:

bash$ jobs
[1]+ Running sleep 30 &
bash$ kill %1
[1]+ Terminated sleep 30
bash$

Bash Calculator

For floating point math calculations in Bash, use /usr/bin/bc.
A simple calculator program might look something like this:

#!/bin/bash
echo "scale=2; $@" | /usr/bin/bc -l
exit $?

Alternatively, a calculator function:

calc()
{
   echo "scale=2; $@" | /usr/bin/bc -l
   return $?
}

If you are looking for more, here are other ways to do math in Bash.

Clear and Disable Bash History

Need to clear your Bash history?
Use the Bash builtin history command:

history -c

To stop the writing of your Bash history to a file when you log out:

unset HISTFILE

See the Bash man page for details.

Ignore Python Deprecation Warnings

Need to silence or ignore Python Deprecation Warnings? Use:

#!/usr/bin/env python -W ignore::DeprecationWarning

Support One Laptop per Child

One Laptop per Child (OLPC) is at Linux World 2008 this week. Founded by Nicholas Negroponte, this non-profit organization is "dedicated to research to develop a low-cost, connected laptop, a technology that could revolutionize how we educate the world's children".

To participate in this great effort, visit: http://www.laptopfoundation.org/en/participate/


Syndicate content