Installing Webmin on Ubuntu 22.04 server

 Linux  Comments Off on Installing Webmin on Ubuntu 22.04 server
Aug 302022
 

As a follow up to my notes on installing Webmin on Ubuntu 16.04 and 18.04 (on 20.04 it worked as in 18.04) now two additional steps are necessary for Ubuntu 22.04. Those steps must be executed as root:

  1. Convert Webmin’s PGP key to a format that apt can use to verify files:
    cat jcameron-key.asc | gpg --dearmor -o /usr/share/keyrings/webmin.gpg
    
  2. Add that key to the entry in webmin.list like this:
    deb [signed-by=/usr/share/keyrings/webmin.gpg] https://download.webmin.com/download/repository sarge contrib
    

    I got that from a tutorial by DigitalOcean.

 Posted by on 2022-08-30 at 14:04

Setting colors for Linux ls command

 Linux  Comments Off on Setting colors for Linux ls command
Aug 172022
 

Those people who selected the default colors for the Linux ls command must have much better eyes than I. E.g. I think that dark blue text on black background is very difficult to read, but apparently they think it is fine.

Fortunately it is easy to change these colors by setting the LS_COLORS environment variable. To make that change permanent, I put it into my .bashrc file like this:

LS_COLORS=$LS_COLORS:'di=1;35:' ; export LS_COLORS

I have put this here so I can easily find it whenever I need it. If anybody else finds this useful, you are welcome.

 Posted by on 2022-08-17 at 11:33

Thunderbird 102.0.3 no longer asks to accept a self signed certificate for IMAP

 Linux, thunderbird  Comments Off on Thunderbird 102.0.3 no longer asks to accept a self signed certificate for IMAP
Jul 282022
 

One of my computer’s hard disk didn’t survive a recent power failure so I had to set up its Thunderbird client again (a backup didn’t work, don’t ask). My internal IMAP server uses a self signed certificate which worked like a charm until now. Normally, the first time Thunderbird connects to the server after the account has been set up, it will display a warning for this certificate with an option to permanently accept it. This warning did not come, so no emails were available. The same procedure worked fine for the similarly configured SMTP server, so apparently the feature/workaround for self signed certificates wasn’t removed on purpose.

I found two workarounds for this:

  1. Start with an older Thunderbird version (102.0.0 worked fine for me) and upgrade to the latest one. Unfortunately older versions seem to vanish from the interwebs within a very short time when a new release comes out (or equally possible my Google Fu has failed me again [it did, here they are]).
  2. With Thunderbird 102.0.3, in Account Settings -> Server Settings set Connection Security from “SSL/TLS” to “none”, then try to get the emails. All of a sudden the missing dialog popped up, I could accept the certificate and emails started being downloaded. While that was running, I changed the setting back to “TLS/SSL” and all seems good now.
    I found this by pure chance because I was desperate enough to completely disable SSL just to get to my emails.

I am posting this so I can look it up later in case I need it again (Google will hopefully turn it up when I search for a solution). But if it helps others too: You are welcome.

I’m sure many people are now itching to suggest other possible solutions. If your’s is “Use Let’s encrypt certificates”, please read the following link on why you might not want to do that for internal servers.

 Posted by on 2022-07-28 at 09:57

Some Linux tools for handling and filtering the passwd file

 Linux  Comments Off on Some Linux tools for handling and filtering the passwd file
Apr 222022
 

Linux (and other Unixes) store user information in a file called passwd and the associated passwords in another file called shadow, both located in /etc. Both files are text files and use a : as the field separator.

I currently have the need to sort and filter these files in various ways. This post is mostly so I can look it up later, but if it is useful for others, you’re welcome.

Sort the passwd file by the user id

The user id is stored in the 3rd field of the file and it is numeric:

sort --numeric --field-separator=: --key=3 passwd

Remove computer accounts from passwd and shadow

If the computer is used as the domain controller for a Samba NT4 domain, the files contain entries for all computers in the the domain. These user name for these entries ends in a dollar sign “$”. So we need a regular expression that excludes all these entries.

grep -v "^[^:]*\$:" passwd
grep -v "^[^:]*\$:" shadow

Remove system users from passwd

On a Linux system there are many system accounts that are used for special purposes, e.g. for the web server, email or backup. These accounts have a user id < 1000 (this might be some specialty of Ubuntu Linux). We only want lines where the user id has 4 digits. We also must be sure that these 4 digits are in the user id field, so we have to anchor the regex on the start of the line and skip the name and password (always "x") field.
egrep “[^:]:x:[0-9]{4}:” passwd

(On servers with very many users, there may be user ids with more than 4 digits, but that doesn’t currently concern me.)

 Posted by on 2022-04-22 at 18:28

30 years of Linux

 Linux  Comments Off on 30 years of Linux
Sep 052021
 

Just in case you have been living under a rock: Linux is now 30 years old and while it still hasn’t conquered the desktop, there are few smart phones that would work without it and also on the server side it’s pretty strong (I have been maintaining Linux servers on the side for more than 15 years by now.), most of the internet wouldn’t work without it.

But where are the celebrations? I don’t see any fireworks or parades, just a few news articles. It’s probably because Linux is more like the Diesel engine than like a sports car. It drives almost all the vehicles used in trade (cars, trucks, ships and trains) but doesn’t win any races. But when you try to replace it (as we desperately must because it is killing us (the Diesel engine, not Linux)), it turns out it is everywhere.

My great thanks go to Linus Torvalds, not really for creating the Linux kernel but mostly for keeping it on track for these 30 years. That takes some determination! So, thanks a lot Linus!

And also thanks for making fun of it.

Found via Slashdot, yes, I still read it.

 Posted by on 2021-09-05 at 12:15

When initramfs gives you cryptic error messages

 Linux  Comments Off on When initramfs gives you cryptic error messages
Jun 222021
 

Note to self:

If during a Linux update you get the following error:

update-initramfs: Generating /boot/initrd.img-whatever
W: initramfs-tools configuration sets RESUME=UUID=some-uuid-goes-here
W: but not matching swap device is available.
I: The initramfs will attempt to resume from /some/device
I: (some-other-uuid-goes-here)
I: Set the RESUME variable to override this

Check the content of the file /etc/initramfs-tools/conf.d/resume which sets the above mentioned RESUME variable. It probably contains an old UUID. Change it to the correct one and rebuild your ramfs with

update-initramfs -u

That should do the trick.

The current swap partition is usually given in /etc/fstab.

I found this information on this blog.

 Posted by on 2021-06-22 at 18:34

Adding a Windows 10 computer to a Samba (NT4) domain

 Linux, Windows, Windows 10  Comments Off on Adding a Windows 10 computer to a Samba (NT4) domain
May 042021
 

Microsoft is trying to force everybody to update from the old NT4 domain system to the “new” (as in “was new >10 years ago”) Active Directory system. While that’s probably a good idea for most people there are some like me stuck with a working Samba installation that for some reason needs to continue to use NT4 domains.

Getting a Windows computer to join such a domain has become more difficult with Windows 10. Here is what needs to be done (I write this mostly so I can look it up myself):

  1. Make sure your samba server is configured to enforce the NT4 (SMB1) login. samba.conf must contain the following entry:
    [global]
    // other entries here
    server max protocol = NT1
    
  2. Install the SMB1 protocol on the Windows computer. This is done using the “Turn Windows Features on or off” dialog (just type this into the start menu). You need to set the check marks for two entries under “SMB 1.0/CIFS File share Support”:
    • SMB 1.0/CIFS Client
    • SMB 1.0/CIFS Server

    I’m not 100% sure whether the latter is required. I haven’t tried it without.

  3. Add the following entries to the registry:
    Windows Registry Editor Version 5.00
    
    [HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManWorkstation\Parameters]
    "DomainCompatibilityMode"=dword:00000001
    "DNSNameResolutionRequired"=dword:00000000
    

    You can either add them manually or copy the above to the .reg file and import that into the registry.

  4. Reboot the computer to activate these changes.

Now it should be possible to join the Windows 10 computer to the Samba Domain.

Source: Required Settings for Samba NT4 Domains on the Samba Wiki.

 Posted by on 2021-05-04 at 15:32

Allow svn:author to be changed for a subversion repository

 Linux, TortoiseSVN  Comments Off on Allow svn:author to be changed for a subversion repository
Feb 112021
 

Note to self: In order to allow changes to the author of an svn commit, the pre-revprop-change hook of the repository must be changed like this:

Insert the line

if [ "$ACTION" = "M" -a "$PROPNAME" = "svn:author" ]; then exit 0; fi

just below the existing, similar line that allows changing svn:log. Omitting the comments the script will then look like this:

#!/bin/sh
REPOS="$1"
REV="$2"
USER="$3"
PROPNAME="$4"
ACTION="$5"

if [ "$ACTION" = "M" -a "$PROPNAME" = "svn:log" ]; then exit 0; fi
if [ "$ACTION" = "M" -a "$PROPNAME" = "svn:author" ]; then exit 0; fi

echo "Changing revision properties other than svn:log is prohibited" >&2
exit 1

The script is located in the hooks subdirectory of the repository.
(Of course the above is for an svn repository located on a Linux server only.)

This change is required for the context menu entry in TortoiseSVN Log Messages window called “Edit Author” to work.

 Posted by on 2021-02-11 at 14:06

Extract jpeg files from mjpeg video on Linux

 Linux  Comments Off on Extract jpeg files from mjpeg video on Linux
Mar 122020
 

Just in case I ever need it again:

Extracting all frames from an mjpeg video as jpegs is easy and very fast with ffmpeg, because it does not need to decode and encode the pictures, just prepend the DHT to each one:

ffmpeg -i inputmpeg.avi -c:v copy -bsf:v mjpeg2jpeg frame_%d.jpg

Source ffmpeg documentation.

 Posted by on 2020-03-12 at 09:58

Installing Webmin on Ubuntu 18.04 Server

 Linux  Comments Off on Installing Webmin on Ubuntu 18.04 Server
Feb 062019
 

I just tried to install Webmin on a fresh install of Ubuntu 18.04 Server in the same way as I did on 16.04. Unfortunately it failed on the command

apt install webmin

because the package apt-show-versions was not found. I solved this by adding the universe repository to apt with

sudo add-apt-repository universe

After this change it worked as expected.

Just in case somebody else is also missing the text editor e3 in Ubuntu 18.04 Server: It’s also in the universe repository.

 Posted by on 2019-02-06 at 13:55