Category: Linux Toggle Comment Threads | Keyboard Shortcuts

Over 80% is running on some form of Linux – so does your Mac and you iPhone. Sometimes we have to get our hands dirty on the command line – it makes you feel like a proper hacker.

Here are some pointers I picked up on my journey.

  • Jay Versluis 8:03 pm on December 8, 2014 Permalink | Reply
    Tags: vi   

    Categories: Linux ( 51 )

    How to quit vi without saving your changes 

    It just occurred to me that even though I know my way around vi fairly well, I never had to quit it without saving my changes. Usually I just go back in and overwrite my mistakes.

    Today I did something though that wasn’t as easy to eliminate: instead of pasting an IP address, I accidentally pasted a 4000+ character stylesheet. Dang!

    So how do we leave vi and NOT save our changes? Here’s how:

    • press ESC to exit editing mode (insert/append/whatever)
    • press : (the colon character)
    • enter q!

    Now you’re back on the command line without any saved changes.

    Remind me: how do we SAVE changes again?

    There are several ways of doing this, but my personal favourite is this:

    • press ESC to exit editing mode (insert/append/whatever)
    • press SHIFT + Z twice

    This will put you back on the command line and your changes are saved.





     
  • Jay Versluis 2:07 pm on December 8, 2014 Permalink | Reply
    Tags: , SELinux   

    Categories: Linux ( 51 )

    How to control SELinux in CentOS 7 

    SELinux – when installed – can take on one of three modes:

    • Enforcing
    • Permissive
    • Disabled

    To check which mode SELinux is running on, we can use either sestatus for a more detailed output, or simply getenforce for a one liner:

    sestatus
    
    SELinux status:                 enabled
    SELinuxfs mount:                /sys/fs/selinux
    SELinux root directory:         /etc/selinux
    Loaded policy name:             targeted
    Current mode:                   enforcing
    Mode from config file:          enforcing
    Policy MLS status:              enabled
    Policy deny_unknown status:     allowed
    Max kernel policy version:      28
    

    getenforce on the other hand will literally just say a single word, like “Enforcing”.

    To change this mode, edit /etc/selinux/config:

    vi /etc/selinux/config
    
    # This file controls the state of SELinux on the system.
    # SELINUX= can take one of these three values:
    #     enforcing - SELinux security policy is enforced.
    #     permissive - SELinux prints warnings instead of enforcing.
    #     disabled - No SELinux policy is loaded.
    SELINUX=enforcing
    # SELINUXTYPE= can take one of these two values:
    #     targeted - Targeted processes are protected,
    #     minimum - Modification of targeted policy. Only selected processes are protected. 
    #     mls - Multi Level Security protection.
    SELINUXTYPE=targeted
    

    Change the file according to the comments and restart the system for the changes to take effect.

    Find out more about SELinux and what it’s good for here:





     
  • Jay Versluis 3:50 pm on December 3, 2014 Permalink | Reply
    Tags: ssl, SSL Certificates   

    Categories: Linux, Plesk ( 51 )

    How to secure SMTP, POP and IMAP connections in Plesk 

    Plesk-LogoYou’ve installed an SSL Certificate to secure your Plesk Panel, you’ve tested it with an SSL checker and sure enough: the ugly warning window doesn’t bother you or your customers anymore.

    But your email client still says that the server doesn’t have a valid certificate. What gives?

    The secret is this: SMTP, IMAP and POP3 use their own certificates which are not related to the ones you setup in Plesk to secure https connections. By default the mail services use auto-generated self-signed certificates.

    Sadly as of Plesk 12 there is still no way to manage those in the web interface – but it’s relatively easy to fix on the command line. Let’s go through this step by step. These instructions are for Plesk 12 on CentOS 6 and CentOS 7.

     

    Default Certificates

    We need to replace the following three files (default permissions in brackets):

    • /etc/postfix/postfix_default.pem (600)
    • /usr/share/imapd.pem (400)
    • /usr/share/pop3d.pem (400)

    Those are the culprits for SMTP, IMAP and POP3. We need to add our own private key and the certificate of a domain associated with this server and remove the default certificates.

    Before we begin, make a safety copy of them like this:

    mv /etc/postfix/postfix_default.pem /etc/postfix/postfix_default.old
    mv /usr/share/imapd.pem /usr/share/imapd.old
    mv /usr/share/pop3d.pem /usr/share/pop3d.old

    Here we rename the original files to .old files – in case anything goes wrong, simply rename them back into .pem files.

     

    Add your own certificate

    We need the same file three times, so we’ll start by making one for the SMTP service. Create a new file like this:

    vi /etc/postfix/postfix_default.pem
    

    and paste first the private key, followed by your certificate into this file. It will look something like this:

    -----BEGIN PRIVATE KEY-----
    MIID1TCCAr2gAwIBAgIDAjbRMA0GCSqGSIb3DQEBBQUAMEIxCzAJBgNVBAYTAlVT
    MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9i
    YWwgQ0EwHhcNMTAwMjE5MjI0NTA1WhcNMjAwMjE4MjI0NTA1WjA8MQswCQYDVQQG
    EwJVUzEXMBUGA1UEChMOR2VvVHJ1c3QsIEluYy4xFDASBgNVBAMTC1JhcGlkU1NM
    IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx3H4Vsce2cy1rfa0
    l6P7oeYLUF9QqjraD/w9KSRDxhApwfxVQHLuverfn7ZB9EhLyG7+T1cSi1v6kt1e
    6K3z8Buxe037z/3R5fjj3Of1c3/fAUnPjFbBvTfjW761T4uL8NpPx+PdVUdp3/Jb
    ewdPPeWsIcHIHXro5/YPoar1b96oZU8QiZwD84l6pV4BcjPtqelaHnnzh8jfyMX8
    N8iamte4dsywPuf95lTq319SQXhZV63xEtZ/vNWfcNMFbPqjfWdY3SZiHTGSDHl5
    HI7PynvBZq+odEj7joLCniyZXHstXZu8W1eefDp6E63yoxhbK1kPzVw662gzxigd
    gtFQiwIDAQABo4HZMIHWMA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUa2k9ahhC
    St2PAmU5/TUkhniRFjAwHwYDVR0jBBgwFoAUwHqYaI2J+6sFZAwRfap9ZbjKzE4w
    EgYDVR0TAQH/BAgwBgEB/wIBADA6BgNVHR8EMzAxMC+gLaArhilodHRwOi8vY3Js
    Lmdlb3RydXN0LmNvbS9jcmxzL2d0Z2xvYmFsLmNybDA0BggrBgEFBQcBAQQoMCYw
    JAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmdlb3RydXN0LmNvbTANBgkqhkiG9w0B
    AQUFAAOCAQEAq7y8Cl0YlOPBscOoTFXWvrSY8e48HM3P8yQkXJYDJ1j8Nq6iL4/x
    /torAsMzvcjdSCIrYA+lAxD9d/jQ7ZZnT/3qRyBwVNypDFV+4ZYlitm12ldKvo2O
    SUNjpWxOJ4cl61tt/qJ/OCjgNqutOaWlYsS3XFgsql0BYKZiZ6PAx2Ij9OdsRu61
    04BqIhPSLT90T+qvjF+0OJzbrs6vhB6m9jRRWXnT43XcvNfzc9+S7NIgWW+c+5X4
    knYYCnwPLKbK3opie9jzzl9ovY8+wXS7FXI6FoOpC+ZNmZzYV+yoAVHHb1c0XqtK
    LEL2TxyJeN4mTvVvk0wVaydWTQBUbHq3tw==
    -----END PRIVATE KEY-----
    -----BEGIN CERTIFICATE-----
    MIIDfTCCAuagAwIBAgIDErvmMA0GCSqGSIb3DQEBBQUAME4xCzAJBgNVBAYTAlVT
    MRAwDgYDVQQKEwdFcXVpZmF4MS0wKwYDVQQLEyRFcXVpZmF4IFNlY3VyZSBDZXJ0
    aWZpY2F0ZSBBdXRob3JpdHkwHhcNMDIwNTIxMDQwMDAwWhcNMTgwODIxMDQwMDAw
    WjBCMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEbMBkGA1UE
    AxMSR2VvVHJ1c3QgR2xvYmFsIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
    CgKCAQEA2swYYzD99BcjGlZ+W988bDjkcbd4kdS8odhM+KhDtgPpTSEHCIjaWC9m
    OSm9BXiLnTjoBbdqfnGk5sRgprDvgOSJKA+eJdbtg/OtppHHmMlCGDUUna2YRpIu
    T8rxh0PBFpVXLVDviS2Aelet8u5fa9IAjbkU+BQVNdnARqN7csiRv8lVK83Qlz6c
    JmTM386DGXHKTubU1XupGc1V3sjs0l44U+VcT4wt/lAjNvxm5suOpDkZALeVAjmR
    Cw7+OC7RHQWa9k0+bw8HHa8sHo9gOeL6NlMTOdReJivbPagUvTLrGAMoUgRx5asz
    PeE4uwc2hGKceeoWMPRfwCvocWvk+QIDAQABo4HwMIHtMB8GA1UdIwQYMBaAFEjm
    aPkr0rKV10fYIyAQTzOYkJ/UMB0GA1UdDgQWBBTAephojYn7qwVkDBF9qn1luMrM
    TjAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjA6BgNVHR8EMzAxMC+g
    LaArhilodHRwOi8vY3JsLmdlb3RydXN0LmNvbS9jcmxzL3NlY3VyZWNhLmNybDBO
    BgNVHSAERzBFMEMGBFUdIAAwOzA5BggrBgEFBQcCARYtaHR0cHM6Ly93d3cuZ2Vv
    dHJ1c3QuY29tL3Jlc291cmNlcy9yZXBvc2l0b3J5MA0GCSqGSIb3DQEBBQUAA4GB
    AHbhEm5OSxYShjAGsoEIz/AIx8dxfmbuwu3UOx//8PDITtZDOLC5MH0Y0FWDomrL
    NhGc6Ehmo21/uBPUR/6LWlxz/K7ZGzIZOKuXNBSqltLroxwUCEm2u+WR74M26x1W
    b8ravHNjkOR/ez4iyz0H7V84dJzjA1BOoa+Y7mHyhD8S
    -----END CERTIFICATE-----
    

    The exact same file can be used for both IMAP and POP3 so we can simply copy it to these two new locations:

    cp /etc/postfix/postfix_default.pem /usr/share/imapd.pem
    cp /etc/postfix/postfix_default.pem /usr/share/pop3d.pem
    

    These two files had 400 permissions by default so that only root can read them, and no one can change them. Let’s adhere to this and apply the same permissions:

    chmod 400 /usr/share/imapd.pem
    chmod 400 /usr/share/pop3d.pem
    

     

    Restart Plesk Mail Services

    For the changes to take effect we’ll need to restart all Plesk mail services:

    /usr/local/psa/admin/sbin/mailmng --restart-service
    

    And that’s it! Now that pesky warning isn’t going to come up anymore when you access Plesk mail with an email client.

     

    Adding CA Certificates

    The above is enough to suppress the usual warning windows in email clients, however if you’re an avid SSL enthusiast you’ll notice that we’ve not added any CA Certificates to the above .pem files. In essence those tell a client that our certificate is valid – otherwise the client would only have our word for it.

    You can add the combined CA Certificate to the end of the three .pem files in addition to the private key and your own certificate. It’s not strictly necessary, but doing this means you will pass strict SSL tests.

    Thanks to Mike Yradebra for this tip, and the test URL below!
     

    Testing your mail services

    Mike also found a wonderful service that lets you check an email address which will flag up certificate warnings and exceptions – courtesy of CheckTLS:

    Simply hack in your email address and you’ll see if your certificate is installed properly. Note that to pass the test, your email address must match the domain on the certificate. For example, if your address is you@domain.com, but your certificate is for yourdomain.com then the test will fail the “Cert OK” field.

    Screen Shot 2014-12-04 at 12.49.23

     

    Wait – where do I find my private key and certificate?

    If you’re using the same certificate for mail that you’re using to secure Plesk, simply head over to

    • Tools and Settings (or the Server Tab)
    • Security Settings
    • SSL Certificates
    • click on your certificate from the list
    • scroll down to find plain text sections for your private key and certificate

     

    Wait – where do I find that CA Certificate you speak of?

    Your certificate provider will give that to you. Some providers call it “intermediate CA certificate”. They usually have several versions of the same thing. Look for a combined version. In essence it’s two plain text blocks, very similar to the ones I’ve shown you above.

    For example, the RapidSSL CA certificates can be found here: https://knowledge.rapidssl.com/support/ssl-certificate-support/index?page=content&id=AR1548

    Further Reading





     
  • Jay Versluis 3:16 pm on December 1, 2014 Permalink | Reply
    Tags: ,   

    Categories: Linux ( 51 )

    How to start CentOS in Recovery Mode from Parallels Desktop 

    To start your Linux distribution into EFI Recovery Mode you need an installation disk. Even the smallest “minimal” image will do. Shutdown the VM if it’s running. Then mount the ISO image onto your VM (under Configuration – Hardware – CD/DVD1). Make sure the “Connected” box is ticked.

    Screen Shot 2014-12-01 at 15.06.11

    Next you need to tell Parallels Desktop that you want to boot into recovery mode. Head over to Configuration – Hardware – Boot Order and tick the box Use EFI Boot. The boot order does not matter, just make sure CD/DVD is ticked in this list.

    Screen Shot 2014-12-01 at 15.05.56

    Now restart your VM and you’ll boot into the CD image.

    When you’re done here, simply shutdown the VM and untick the EFI Boot option. That’s to make sure you boot into the main installation on your next launch.





     
  • Jay Versluis 11:50 am on November 2, 2014 Permalink | Reply
    Tags:   

    Categories: Linux, Plesk ( 51 )

    How to install Plesk on CentOS 7 

    Plesk-LogoInstalling Plesk on CentOS 7 hasn’t changed drastically from earlier versions, however CentOS is different than its predecessors. I’ve written an article about how to install Plesk on CentOS 6, but that was 3 years ago and thought it’s time for an updated version.

    Well here it is: Plesk 12, meet CentOS 7.

     

    Plesk Documentation

    Much of what I’m telling you and more is documented on the Parallels Plesk website:

    On the left hand side you’ll find a link to the current documentation, as well as handy links to purchase a license if you need to. The link will also answer your questions about the different editions of Plesk and direct you to the Parallels Forum.

     

    One-Click Installer

    The Plesk one-click installer is a script that downloads itself and determines the correct Plesk version for your OS. You won’t accidentally pick the wrong version for your distribution. Paste this and the installer will download the latest version of Plesk (12 at the time of writing):

    wget -O - http://autoinstall.plesk.com/one-click-installer | sh

    If you get an error message, wget may not be installed. Rectify this pitiful situation like this:

    yum install wget

     

    To download older versions of Plesk you can download the one-click-installer file and run it with the option –show-all-releases. This will give you the option to specify your desired Plesk version with –select-release-id. For more information, run the file with the –help option.

    I’ve noticed that the installer is much quicker than on previous versions of Plesk and is finished in under 10 mins (as opposed to half an hour previously). This is presumably due to many packages that are pre-installed with CentOS 7, so not much time is spent downloading stuff. Nice!

    Once finished the installer will give you a URL to login with – usually consisting of your IP, like https://10.1.2.3:8843

     

    Opening Ports for Plesk

    On CentOS 6 and prior the firewall rules were set via iptables. This service is gone and has been replaced with firewalld in CentOS 7. We still need to open ports to speak to Plesk via a browser. The two important ones to open here are 8443 and 8447:

     firewall-cmd --zone=public --add-port=8443/tcp --permanent
     firewall-cmd --zone=public --add-port=8447/tcp --permanent
     firewall-cmd --reload

    The –permanent option makes these rules “stick” upon restart.

    These are not the only ports Plesk needs to function, for a full list please see this KB article:

    There is usually no need to open other ports if you install the Firewall extension in Plesk, as this will manage the underlying service for you (and apply the necessary open ports). To do this, head over to Tools and Settings – Updates and Upgrades and install the Firewall Extension (under Additional Plesk extensions).

    Next head over to Extensions select the Firewall Module. Select “Enable Firewall Rules Management”, followed by another enable button. Now Plesk will manage the firewall for you and open all ports ready for web and email traffic.

     

    Add Atomic Repo Power (optional)

    If you’d like to supercharge your server, now’s a good time to install the Atomic repos. These will give you access to many additional tools such as pre-compiled OSSEC HIDS and additional PHP versions:

    wget -q -O - http://www.atomicorp.com/installers/atomic.sh | sh

     

    Loggin in for the first time

    With your dedicated IP handy, the installer script will have given you something like https://10.1.2.3:8443. Surf there and be presented with the Plesk login screen.

    But what are your credentials? I’m glad you asked: the first time you login to Plesk you can do so with your server root credentials. This even works on subsequent sessions, however Plesk creates an admin user for which you will specify the password during your first session.

    It is strongly recommended that you use that admin user for Plesk administrative tasks. You can also create additional administrators in Plesk once you’re up and running – so there’s no need to share your super secret password with colleagues and clients.

     

    Correcting your IP address (optional)

    It can happen that Plesk does not detect the correct IP address on your server. This was never the case in CentOS 6, but I’ve noticed this in CentOS 7. In my case the Plesk installer thought that the local loopback address was my main one (127.0.0.1) – which of course it was not.

    You can usually correct this on first login, but just in case you need to do this from the command line, check this helpful KB article:

     

    License Key and Additional Components

    You need a license to operate Plesk. You’ll get this either from your server provider (if Plesk is part of your deal), or you can buy one directly from Parallels. You can also run Plesk as a 14 day trial version. If you don’t enter this you can still use the Plesk interface but you’ll be limited to a single domain and several options are unavailable.

    In case you’re missing menu items that you had expected to be there, it’s probably a license issue.

    I find it helpful to head over to Tools and Settings (or the Server Tab) – Plesk – Updates and Upgrades and install several additional components, such as

    • Health Monitor
    • Migration Manager
    • Firewall (under Additional Plesk Extensions)
    • Watchdog (under Additional Plesk Extensions)
    • Spam Assassin (under Mail hosting features)
    • Kapersky Anti Virus (under Mail hosting features)

    You can also install Fail2ban from this menu if you like – I personally rely on OSSEC to deal with intrusion detection and choose not to use Fail2ban at this point.

     

    That’s it! Have fun with Plesk ;-)





     
  • Jay Versluis 12:52 pm on August 26, 2014 Permalink | Reply
    Tags:   

    Categories: Linux ( 51 )

    What is the End-of-Life (EOL) for CentOS Distributions 

    The End-of-Life (EOL) for CentOS Distributions is as follows:

    Screen Shot 2014-08-26 at 12.46.37

    More under Section 21 in this article:





     
  • Jay Versluis 7:12 am on June 28, 2014 Permalink | Reply
    Tags: , ,   

    Categories: Linux ( 51 )

    How to enable Touchpad Taps as Mouse Clicks on your NC10 in CentOS 

    CentOS-LogoThe NC10’s integrated Synaptics Touch Pad works out of the box in CentOS 6, both under GNOME and KDE. No drivers or patches requried.

    But I remember that when it was running Windows XP I could “tap” the pad instead of clicking the dedicated key (that loud CLACK noise annoys the neighbours). How can we bring this behaviour to CentOS?

    A quick serach reveals this post by Russel in the CentOS forum:

    his suggests that a configuration file needs to be created somewhere. However I found that there’s an easier solution which – at least on the NC10 – works with just one click. I assume this will work for other latops too:

    • head over to System – Preferences – Mouse
    • select the Toucpad tab at the top
    • tick the box “enable mouse clicks with touchpad”
    • works instantly

    Tourpad-Taps





     
  • Jay Versluis 11:39 am on June 27, 2014 Permalink
    Tags: , sudo   

    Categories: Linux ( 51 )

    How to add a CentOS user to the sudoers list 

    CentOS-LogoWhen you try to prefix a command with sudo on a fresh CentOS system you may be greeted with a message such as “you are not part of the sudoers list” and that the incident will be reported.

    Not to the FBI, but to a log file. And of course your sudo operation isn’t going to work.

    That’s because individual users to the system need to be granted permission to executer root level commands, even if it’s only temporary. Here’s how to do it.

    PLESE NOTE:
    I seem to be the only person on the planet who did this successfully. Since then, everyone who’s tried to follow these instructions breaks their servers and blames me for it. Thanks to Jason I finally know why.

    There is a better way to do this using VISUDO. Detailed instructions are provided by Roman in the comments. I suggest you follow them and disregard my instructions.

    !!! PROCEED AT YORU OWN RISK!!! Use test systems. Make backup copies of this measly single line file. Check other sources but DO NOT BLAME ME IF YOU BREAK THINGS.

    Thank you!

    Here’s what worked for me without a hitch: In essence, you need to add your user to a file called sudoers which lives in /etc/sudoers on CentOS 6.5. I have not tried this on CentOS 7. This file is read only, even to the root user – so before tweaking it we need to change its permissions, otherwise your edits can’t be saved:

    chmod 666 /etc/sudoers

    Now use your favourite text editor and find the following section:

    vi /etc/sudoers
    
    ...
    
    ## Next comes the main part: which users can run what software on
    ## which machines (the sudoers file can be shared between multiple
    ## systems).
    ## Syntax:
    ##
    ##     user    MACHINE=COMMANDS
    ##
    ## The COMMANDS section may have other options added to it.
    ##
    ## Allow root to run any commands anywhere
    root    ALL=(ALL)     ALL
    youruser ALL=(ALL)  ALL
    

     

    Add your own user name underneath the root user (as shown above), then save the file and exit. Don’t forget to change the file permissions back to 440 just like they were before:

    chmod 440 /etc/sudoers

     





     
    • chicofranchico 10:07 am on September 19, 2014 Permalink

      This way is not a very safe way to edit the sudoers file so you better use visudo instead which is a lot more secure.

      http://www.courtesan.com/sudo/man/1.7.10/visudo.man.html

      • Jay Versluis 11:31 am on September 19, 2014 Permalink

        Thanks for the tip, I hadn’t heard of visudo before – I’ll check it out!

    • Tyler 12:24 pm on November 6, 2014 Permalink

      Hmm. This really screwed up my day thanks. Wish I would have looked at the comment before I did this.

    • David 10:48 am on November 19, 2014 Permalink

      DO NOT FOLLOW THIS…Broke my sudoers file…please for the love of god take it down.

      • Jay Versluis 11:43 am on November 19, 2014 Permalink

        Thanks for your feedback David, I’ll add a warning at the top.

    • Roman Kazmierczak 12:16 am on December 2, 2014 Permalink

      1. Open Terminal
      2. Switch to root user # su (enter password)
      3. # visudo (it is vi editor editing file mentioned in the post, so basic vi skills required here)
      4. in visudo find lines:
      ## Allows people in group wheel to run all commands

      %wheel ALL=(ALL) ALL

      remove # from 2nd line
      5. save changes and quit (:wq)
      6. now add the user to the wheel group:

      usermod -aG wheel USERNAME (“a” is important so you will not remove user from existing groups…)

      7. logout your user and log back in. The sudo command will work now.

      • Jay Versluis 7:53 am on December 2, 2014 Permalink

        Thank you Roman, your detailed instructions are very much appreciated!

    • Jason 1:06 pm on December 11, 2014 Permalink

      You say no one has bothered to tell you why to use visudo rather than the method you say. Here is *exactly* why:

      1. visudo checks the syntax before saving. If you save /etc/sudoers with bad syntax and there is no root account, you are now in a tricky situation. This is the most important reason.

      2. visudo has basic sanity checks for possible non-syntactical errors (such as aliases referencing themself or aliases that are referenced but not defined). This is an important reson.

      2. visudo ensures that the save is atomic, that is nothing else can edit /etc/sudoers while you are in there. This is a minor reason for most users.

      I appreciate you are simply trying to blog about things that interest you in a helpful manner, but this post is quite irresponsible (especially to be so high in Google results and now that it has been explained to you why it is bad advice).

      All of the offending content should be removed, just replace it with the proper way to do it. The warning at the header is not enough, as the sort of user who will follow the advice given here has both a very high chance of goofing up the syntax and a very low chance of being able to recover.

      Plus, forgive my bluntness, it makes you look like you have no idea what you are talking about.

      There is a very good reason that visudo exists. Consider that you *can* do a lot of things that you probably *shouldn’t* do in Linux, and directly editing /etc/sudoers is one of them!

      Peace

      • Jay Versluis 3:35 pm on December 11, 2014 Permalink

        Hi Jason,

        Thank you for taking the time to explain this to me and all of us here, I very much appreciate it. I’m also happy to hear that this post ranks high on Google, I’ve never checked this myself.

        I do not however agree that as a result of good rankings I should change what and how I write on my own personal website. I write these things down for myself – this isn’t Wikipedia or Stackoverflow. I’m glad the site helps others, but at the same time the responsibility of how people use this info is really not up to me.

        PS: Most of the time, I do indeed not know what I’m talking about – but if and when something works, I write down what I did so I remember it for later. Just like I did here. If Linux was a little EASIER and more USER FRIENDLY this would perhaps not be necessary, and torch-fests like this could be avoided ;-)

  • Jay Versluis 4:41 am on June 26, 2014 Permalink | Reply
    Tags: , Dropbox,   

    Categories: Linux ( 51 )

    How to install Dropbox on CentOS 6.5 (from source) 

    Dropbox-LogoBeing the sport that I am I thought I’d install Dropbox from source on my NC10. Even though an rpm installer package is available, I do enjoy a challenge.

    My laptop is cunnrently running CentOS 6.5 (32bit) and has GNOME installed.

    Turns out I needed a couple of packages – and before I forget, here’s how I did it. We’ll do all this from the command line (you have to be root for this):

    Pick the latest .tar file from here https://linux.dropbox.com/packages/, then download it with

    wget https://linux.dropbox.com/packages/nautilus-dropbox-1.6.2.tar.bz2

    Extract and enter the directory it produces:

    tar -xjf nautilus*
    cd nautilus-dropbox-1.6.2
    

    At this point the following sequence of commands should build the project:

    ./configure
    make
    make install
    

    However on my system I received an error message after ./configure, letting me know that I needed the libnautilus-extension and docutils packages. I installed them with

    yum install docutils nautilus-devel
    

    Once installed, make and make install worked fine.

    Now Dropbox is installed but it’s not running or configured. Let’s do that next:

    dropox start -i
    

    This will start the daemon and prompt you to download the desktop client from the GUI which will allow you to login and sync your content, just like on Windows and Mac.





     
    • lsatenstein 10:25 am on June 26, 2014 Permalink | Reply

      I guess it’s the challenge to do the non rpm installation, and you enjoy it.

      I just downloaded the Fedora version and subsequently did sudo yum install ./nautilus…. .

      Yum resolved the “Need to have issue”

      In doing the setup, did you find a way to delay dropbox startup after a user logs in to his computer account? I frequent hot spots with my laptop, where the laptop needs wi-fi access before any communication can occur. Dropbox, in this situation, gets in the way, impeding the webbrowser logon to the wifi network. Of course, once the wifi security is resolved, dropbox is able to work.

      • Jay Versluis 9:25 am on June 27, 2014 Permalink | Reply

        Indeed, at times and in moderation. 90% of the time I’m a yum man myself ;-)

        Yes I know what you mean about the immediate Dropbox connection, I have this problem myself. I don’t know of a way to delay the initial connection, I usually just right-click on the Dropbox symbol in the top bar and select “quit Dropbox” which stops the syncing process unti I reboot or manually start Dropbox again.

        Likewise, I have machines on which I’ve disabled the Dropbox auto start (in the same dialogue box), usually when I know this machine won’t be connected to a fast connection for long and otherwise would interfere with quick sessions. This approach works well on all platforms and is identical on Windows and Mac.

        Not the answer you’re looking for I know – but an easy workaround.

    • Tommi P. Laiho 6:38 am on September 7, 2014 Permalink | Reply

      This was really excellent tutorial. It saved me lots of gray hairs. Thank you very much. Rpmforge offered ready rpm with yum but it was dated. This really saved my day.

      • Jay Versluis 9:26 am on September 8, 2014 Permalink | Reply

        Thanks Tommi, glad I could help!

  • Jay Versluis 1:35 pm on June 25, 2014 Permalink | Reply
    Tags: , ,   

    Categories: Linux ( 51 )

    How to install GNOME on your Samsung NC10 (CentOS 6.5) 

    CentOS-LogoWith the WiFi card on my NC10 enabled, I struggled to connect to my actual WiFi network from the command line (WPA2). After an entire day of research, trial and error I had to admit to myself that setting this up on a minimal CentOS 6 installation is simply beyond me.

    Likewise, monitoring the levels of my new battery had me greatly puzzled.

    But those two points aside, I also wanted to install a Desktop type environment on my NC10 so it would be more useful – now that it has a new battery and all.

    As it turns out installing GNOME – almost as a side effect – will take care of both those problems in a flash: easily connecting the NC10 to my WiFi network, monitoring my battery, and so much more.

    Let me show you how I did it.

    My machine has a minimal CentOS 6.5 installation on it and I’ve installed the Atheros driver as explained in my previous article. I’m on a wired network connection to install the additional GNOME packages.

    yum groupinstall

    I didn’t know this but yum is even more magical than I always thought: not only can it install single packages and resolve their dependencies; yum can also install entire sets of packages called groups.

    To see what’s available type

    yum grouplist

    This will show you a huge list of available and installed groups. We’re interested in the following:

    • Desktop
    • Desktop Platform
    • X Window System
    • Fonts
    • Internet Browser

    To install all those without being asked for every group, type

    yum -y groupinstall "Desktop" "Desktop Platform" "X Window System" "Fonts" "Internet Browser"

    Since groups can have spaces in their names it is necessary to put them into “quotes” . Once issued, yum will go to work. This will take some time so let’s grab coffee.

    Thanks to the Vagabond Geek and Jeff Hunter for the above info.

    Using GNOME by default

    Now that my NC10 is more of a laptop rather than a remote web server, I like the idea of booting into the desktop environment by default. To do this tweak a single number in /etc/inittab:

    // to edit the file 
    vi /etc/inittab
    
    // change this line 
    id:3:initdefault:
    
    // to 
    id:5:initdefault:

    Above this line you’ll see an explanation of what each ID will do at boot time. Realistically you’ll only ever need to worry about 3 and 5. Save the file and restart your system – and upon next boot you’re prompted to create a new user, or login with existing credentials.

    Change it back anytime you like.

     

    NC10 – meet GNOME

    I had looked at GNOME many years ago on an old and long retired slow Sony Vaio laptop – and was surprised how relatively slick it runs on the NC10’s underpowered hardware.

    To my surprise things like the integrated Samsung Function keys for screen backlight and volume were working out of the box without the need for additional drivers or patches! Just like the touchpad – it just works. Same with monitoring my battery level.

    Bravo, CentOS! Here’s what the NC10 looks like running GNOME:

    GNOME on NC10

     

    Connecting to your WiFi Network

    GNOME isn’t all that different from other desktop OSes and reminds me of Windows and Mac OS X. You connect to your local network simply by clicking the “antenna” type symbol at the top of the screen, pick your network from the list and enter the password.

    If you’ve ticked the relevant box, you’ll be connected automatically on subsequent logins.

     

    Why CentOS on the NC10? Why not use Windows?

    My NC10 came with Windows XP back in 2009 when I first bought it – because Vista was such a joke and nobody wanted it.

    Later models of the NC10 came with Windows 7, but 2GB of RAM are highly recommended – and mine only has 1 GB. “Recommended” doesn’t mean that the experience is going to be great though. Windows 8 isn’t even an option on the NC10.

    But more importantly, XP is has ended extended support in April 2014 – and Windows 7 is going to exit mainstream support in January 2015. At the time of writing that’s in 6 months.

    CentOS 6 will be around until 2020 and copes extremely well with the NC10’s hardware.

     

    I’m confused: X11, GNOME, KDE… what’s all this?

    You and me both, brother! As I understand it, GNOME and KDE are both desktop systems that show you a graphical user interface (GUI) – much like Windows and Mac OS X. They both look slightly different and are developed by different teams.

    X11 is the actual engine that allows apps to interact with content in windows. This wasn’t always the case, especially in the early age of computers which were text and column based. X11 is a breakthrough and allows for processing to happen on a remote machine, while graphics are rendered on the local system.

    As with many things in Linux, you have a choice of which GUI you’d like to run: GNOME or KDE. You can even install both on your system and boot into the one you fancy:

    yum -y groupinstall "KDE Desktop"

    Or, from GNOME, head over to System – Administration – Add/Remove Software and search for KDE, then install it from there.

    Once the install is complete, log out (top right) and log back in, selecting your desired interface from the drop down at the bottom. Here’s what it looks like on the NC10:

    KDE-NC10

    Both systems get the job done and it really comes down to personal preferences and needs.

    GNOME is a more “barebones”, while KDE contains accessories like a calculator, games, different web browser and a whole lot of other stuff by default.

    I found that on the NC10 I much prefer GNOME over KDE – perhaps because GNOME reminds me of Mac and KDE of Windows. As I said, it’s really about personal taste.

     

    Further Reading





     
    • Jay Versluis 4:34 pm on November 15, 2014 Permalink | Reply

      In CentOS 7 the groups are different, but yum grouplist will still work and show you the relevant items. For example, to install GNOME on CentOS 7 you now need to use

      yum groupinstall "GNOME Desktop"
      
c
compose new post
j
next post/next comment
k
previous post/previous comment
r
reply
e
edit
o
show/hide comments
t
go to top
l
go to login
h
show/hide help
shift + esc
cancel