Friday, March 30, 2007

Chown syntax

Abstract: chown jdoe:

Today, an easy one.

In old unix books we still find sample chown syntax using a dot separator instead of a colon :
$ chown user.group file

This method can still be used, however the colon one is preferred. This can tell you who learned unix using old books ;-)

Another interesting thing with chown is :
$ chown user: file

This set the owner of file to user and the owner group to the natural group of user, which is the one defined in /etc/passwd. That's a word you don't have to type (and/or to look for).

Wednesday, March 28, 2007

Knowing the protocol : POP

Abstract: telnet pop.mail.net 110

Knowing the protocol
Knowing a protocol can be useful on many occasions.
  • You can test a service you are installing
  • You can diagnose a problem when your friend tells you "It doesn't work !"
  • If you have a problem you can solve it by yourself
Yesterday I had to download 32000 mails from the pop server, and my poor mail client (no, fetchmail is not the only one available) couldn't withstand it. The problem is that it did not delete already downloaded mails on the server. I didn't want to try again with for sure the same result.

Knowing POP protocol
I will only present a sample connection, for the full description, you can read the RFC.

A pop session is really simple. In bold is what you provide :
$ telnet pop.mail.net 110
Trying 127.0.0.1...
Connected to pop.mail.net.
Escape character is '^]'.
+OK <23594.1175023984@pop.mail.net>
USER jdoe
+OK
PASS xxx
+OK
LIST
+OK
1 1235
.
RETR 1
[...]
+OK
DELE 1
+OK
QUIT
Connection closed by foreign host.

[...] is the real content of the mail.
Now we can proceed to mass mail deletion.

Scripting
We will use nc instead of telnet because it is more easy to use it for scripting.
First we are going to prepare a command file that we'll send to the pop server.

$ # the login part
$ echo "USER jdoe" > file1
$ echo "PASS xxx" >> file1

$ # the deletion part
$ for i in $(seq 1 15000); do echo DELE $i ; done > file2

$ # the end
$ echo "QUIT" >> file2

Why 2 different files ? Because we'll need to have a break after the login to let the server process the command. Otherwise it rejects us.

Why include QUIT ? Because the pop server doesn't validate DELE commands if we don't quit properly.

Now the command that does the trick:
$ cat file1 - file2 | nc pop.mail.net 110

We first send file1, then we wait for user input, then we send file2. Standard output is not changed, so you can still see what's happening.

Once you see that the login is accepted, you can end standard input by pressing ctrl-d and the command continues with file2.

Notice that there is a different method with a bit less control but that is autonomous.
$ (cat file1 ; sleep 2; cat file2) | nc pop.mail.net 110

Monday, March 26, 2007

Passwordless connexion

Abstract: ssh me@myhost

Using a key
You must already know that you can use a key to connect to a machine with ssh.
First of all, let's remind it :
$ ssh-keygen # generate a key
$ ssh-copy-id me@myhost # copy the public part on myhost
$ ssh me@myhost # now we can connect

Using an agent

Alright, you know this, but you have to type your passphrase each time you connect. Hopefully, OpenSSH offers us another tool: the ssh-agent.
You know how:
$ ssh-add # add the key to the agent
$ ssh me@myhost # no need to type the passphrase
Ok, now it's interesting, but you still have to remember to use ssh-add after each new session. And here comes new packages to automatically run an X version of ssh-add after each login. Under debian they are called ssh-askpass, ssh-askpass-fullscreen and ssh-askpass-gnome.

Using the agent "again"
One last thing, you can always run multiple agents.

Here is a trick to give access to an ssh-key to script even with a non void passphrase.
$ #run this after each reboot
$ ssh-agent | head -n 2 > ~/ssh-info
$ source ~/ssh-info
$ ssh-add
This is interactive an asks you the passphrase. Now any script calling
$ source ~/ssh-info
has access to the secret key via the agent. Of course, it has to be run from the same user as the agent.

Saturday, March 24, 2007

Lazy unmounting

Abstract:
umount: /mnt: device is busy
umount -l /mnt

Unmounting
Sometimes a mount point can't be unmounted. Generally there is a user who's still using a file in the directory. In this case, lsof is your friend (lsof | grep /mnt)

But some cases are particularly bothering:
  • You may not want to kill the process which uses the given file
  • Maybe nobody is using the mount point, which means it is broken (this is often a samba or nfs broken pipe)
Then the -l option comes into play. umount -l allows a mountpoint to be disabled for everybody except for the processes currently using it. This means that no new or existing process can open a file on it. Only currently opened ones can be read, written and closed. It will realy be unmounted when no more blocker remains.

That's how you can do an unblocking umount.

Suid bit

Abstract: chmod +s directory

I'm sure you know the suid bit for executable files. It allows a software to run as the user who owns the file instead of the user who runs it. This works exactly the same way for the group (sgid bit).

But directories also have an executable bit. It allows someone to get into the directory (cd command). And suid bit is also useful for them. It makes new files created in this directory owned by the directory's owner and not by the file's creator.

This is really useful for permitting people to work together in the same directory. You create a group where all the concerned users are. Then you set this group as the owner of your working directory and at last set the sgid bit on it. Then every time a file is created in this directory, it is available for other people in the group since they are in the file's group. Beware of your umask to allow read/write or read only.

Friday, March 23, 2007

Sshfs

Abstract: apt-get install sshfs && sshfs user@machine:/rep /mnt

Sshfs or how to make your life easier


Haven't you already been in the situation of working from a distant computer and be annoyed. You have to use a shell and make what you can with default editors like vi or emacs (no troll here, anyway I only use ed that I think is the best :-). Or worse, you can open a graphical interface, if any, to use more advanced tool and see that it's annoyingly slow.
Another solution is to copy all your stuff locally, work on it (ok you have your tools) and put it back. But you have to always remember where your last modification was done and after a few go and back, you don't remember what to send. Of course rsync is a good solution, but there is better.

Overview
There is a tool that exists for your eyes only: sshfs.
With it you can now both feel at home and at work on your distant files.
But let's see what the command line has to say:
$ ssh far.faraway.com "ls -a ~/devel/"
. .. README projectv1 projectv2
$ mkdir ~/far-devel
$ ls -a far-devel
. ..
$ sshfs far.faraway.com:~/devel ~/far-devel
$ ls -a far-devel
. .. README projectv1 projectv2
Et voila ! Do as you want.

You have understood everything, sshfs makes your distant file look like local ones using an ssh connexion. You just need an account with an ssh access to the machine.

After this you may need to unmount your sshfs, here is the command :
$ fusermount -u ~/far-devel
Installation
That's wonderful you may say, but how can I get it ?

Let's start with a short explanation of its internals. Sshfs is a filesystem based on ssh and thus can only be implemented is userland (which means not in the kernel). But "every" filesystem must be in the kernel. So an API has been created to make it possible: fuse (filesystem in userland). That's why you need to have fuse in your kernel to install sshfs.

Each user has its prefered way to install it:
apt-get install sshfs
tar xvfz && ./configure && make && sudo make install

Note
You can find information on fuse here : http://fuse.sourceforge.net/sshfs.html

There is more than sshfs over fuse, for example, ftpfs is really useful to work on websites that are on shared web hosting.

Thursday, March 22, 2007

Hello world

As original as it seems, this is my first blog. It is the English version of
http://dadmin.over-blog.com
It concerns everybody who wants to make the best of their unix box.

I'll spare some of my thoughts, tips and tricks about daily administering your machine. It will make you smart, fun and protect you from poltergeists.