Robert de Bock

Allowing a group to execute a specific command without using a password using sudo

So you have a user (or a group of users) on you Linux machine and want them to be able to execute something specific that normally can only be done by root or some other privileged user? Use sudo to solve your problem.

Open the sudoers file using visudo.
Append this line:

%groupname     ALL= NOPASSWD: /your/command -o with -o options -o and arguments like this

This will enable the group "groupname" to execute "/your/command", only with the specified options and arguments. The NOPASSWD makes sudo not ask for a password. Now the user can type:

$ sudo /your/command -o with -o options -o and arguments like this

Make OpenSSH logins 14 times faster!

Here is a trick to speedup your login to servers. This nice trick only works when you login to a box for the second time, now you might stop reading, but actually logging in again on a box occurs frequently on an average day with me.

First, lets measure time without any changes to SSH.

$ time ssh host ":"
real 0m0.573s
user 0m0.004s
sys 0m0.005s

Now let's modify ~/.ssh/config with these lines on top:

ControlMaster auto
ControlPath /tmp/ssh-%[email protected]%h:%p

And measure again:

$ ssh host ":"
$ time ssh host ":"
real 0m0.039s
user 0m0.004s
sys 0m0.004s

Wow, that is an improvement of more than 14 times! Be aware this does not speed up SSH, it only speeds up the login process, but, always good to see speed improvements. Also be aware that your first SSH connection to a certain box will not be faster, only "recycled" connections (second or more times) are faster.

Files related to network configuration in OpenBSD

Setting up a network interface, it's routes, resolving and so on, can be complicated when you don't know your way around in OpenBSD. You will see it's not difficult at all to setup or change the network configuration of a box when you know about the existence of these files and man-pages.

  • /etc/hostname.if - This is where you set a IP address, netmask and broadcast address of the interface. Replace "if" with the name of the network interface, like sk0, sis1, etc. You are able to determine the available network interfaces using the command ifconfig(8). Checkout the man-page of hostname.if(5) for more details. One example of what you could find in a hostname.if file: inet 192.168.1.1 255.255.255.0 192.168.1.255 or just dhcp if you would want to use DHCP. When you are using DHPC, you don't need to read the rest, you are done!
  • /etc/mygate - The default route to the internet. One IP address (can be IPv4 or IPv6) will let the TCP/IP stack know where to send non-local traffic to.
  • /etc/myname - The hostname of the system, in the longest syntax, including domain and toplevel domain, like host1.example.com. Normally you will find this name and it's IP in /etc/hosts. (see below)
  • /etc/hosts - The manual resolver. Don't use this too much, better rely on DNS to resolve hostname to IP addressed and the other way around. But; it's common to at least put the hostname and localhost in /etc/hosts. One example line would be: 192.168.1.1 host1.example.com host1
  • /etc/resolv.conf - The system needs to know how can resolve names to IP addresses, this is the file you need! It contains a few items, like domain example.com. This tells the resolver that all hostnames you are searching for without a top level domain, are relative to example.com. If you would like to add more "local domains", you can use the search otherexample.com thirdexample.com variable. Do take care not to add too many domains; it will be confusing to what host you are connecting. The most important is to tell the resolver that there are nameservers in use. Each nameserver that it could use has it's own line, like this: nameserver 192.168.1.2.

Well, you should be able to configure the network cards on your OpenBSD machine now.

Sometimes you will find additional configuration in /etc/rc.local, like an extra route to you VPN network. OpenBSD does not facilitate for these extra parameters, so adding them to /etc/rc.local is a good, but not very generic option.

Tricks you can do using the command cd (Change Directory)

The command cd, which can change directory, seems as the most simple command there is. Guess what; there are a few tricks you can use to navigate faster over a filesystem.

command expanation
cd Go to the home directory.
cd - Go back to the previous directory.
cd -P /directory Go to the physical directory, so translate all symbolic links to what they point to.
cd -L /directory Go to that /directory and do follow symbolic links. This is default behaviour.

Here is a demonstration about that -P and -L behaviour:

$ cd /tmp ; mkdir test
$ ln -s test symlink
$ cd symlink ; pwd
/tmp/symlink
$ cd -P ../symlink ; pwd
/tmp/test

Script to rotate some logfiles

Here is a small script to find files with the name "access_log" or "error_log" which are larger then 1 megabyte. It rotates file to .1, .2, .3, etc.

#!/bin/sh

for type in access_log error_log ; do
find /var/www/virtualhosts/*/logs -size +1024k -a -name $type | while read file ; do
  for number in 9 8 7 6 5 4 3 2 ; do
   if [ -f $file.$number ] ; then
    mv $file.$(($number-1)) $file.$number
   fi
  done
  mv $file $file.1 && touch /tmp/moved
done
done

if [ -f /tmp/moved ] ; then
/usr/sbin/apachectl restart
rm /tmp/moved
fi

Small Linux(-like) capable devices

Since a year or so my interest has been raised for small devices (a bit like appliances) that are capable of running Linux or OpenBSD. I used to have a Soekris 4801, but after lightning struck it, I had to throw it away.

Since that lightning, I have seen these devices that seem capable of replacing the Soekris 4801, not very ease as the Soekris 4801 had three network ports, a serial port, a casing around it, a USB port and an Compact Flash slot. Here are some alternatives:

  • Linksys WRT54GL (€ 40,-) is a very cheap, quite capable device device. Wide support could make this a great piece of hardware. OpenWRT can be installed on it, but it has no expandable local storage or USB.
  • PC Engines ALIX 2c3 (€ 125,-) is a device almost similar to the Soekris!
  • Beagleboard (€ 125,- without casing) a device that is USB (or alternate source) powered, has an SD card to store data on, and has DVI-D, audio, S-video and some other connections. Very nice, but no network card... (sure; there are USB adapters that could be used.)
  • Soekris 5501 (€ 225,-) is the best replacement for my old Soekris, but it's also the most expensive.

The PC Engines ALIX 2c3 seems to be the best alternative for a reasonable price. Let go for it, I'll let you know how it worked out.

Compare Google and Cuil search engines

Okay, so most of you have heard of Cuil, the new search engine designed by former Google employees. How does Cuil compare to Google? I can't imagine there is a better tool than Google...

The interface

Looks great, the black page actually saves energy. Not alot of things to see, just 2 links: About Cuil and Your Privacy.
In the "About" section Cuil claims they are the biggest search engine. How could that be?

The search results are neatly presented, looks great!

The search results

At a first glance; perfect! When searching for a PXE problem I experienced lately the results are disappointing. No relevant results found.
When searching for my own name, it presents me a "Explore by Category" box, about "Field Marshals Of Nazi Germany"! Come on, that's not closely correct. In fact; on the first page is displays 11 suggestions, only 4 are relevant. (36%) Google show 10 results, 8 are relevant. (80%)

So; looks great, but displays irrelevant information.

The speed of indexing

Difficult to tell, as the search engine is not very old, but there is some pretty new information to be found.

So; my guess: pretty good, just as Google.

The verdict

Looks promising, not very accurate at the moment. I will be keeping an eye to this search engine, could be that it will be more accurate in the near future.

Linux is so ...

Linux is so that ! By .
  1. Linux is so fat that she has a small moon in orbit around her! (by me)
  2. Linux is so ugly that they push her face into dough to make gorilla cookies! (by Robert)
  3. Linux is so connarde that chaque fois que toi lui dis connarde elle reponde : oui!! (by fab)
  4. Linux is so old that she was a waitress at the Last Supper! (by Robert de Bock)
  5. Linux is so fat that she sat on the beach and Greenpeace threw her in! (by Robert de Bock)
  6. Linux is so poor that your family ate cereal with a fork to save milk! (by Robert de Bock)
  7. Linux is so fat that I missed a whole season of "Lost" when she walked by the TV set! (by Robert de Bock)
  8. Linux is so stupid that she sold her car to get the tank filled! (by Henkie)
  9. Linux is so pretty that all people wants to look her tits! (by fab)
  10. Linux is so stupid that you have to dig for her IQ! (by Robert de Bock)

UNIX/Linux commands with the longest man pages

Here are some UNIX/Linux commands that have really long man pages.

By the way, technically you will find the biggest man page (in bytes) with this command:

$ find /usr/share/man/ -type f -ls | sort -k 7 -r -n | head -n 10

But things like gcc, g++, cc, c++, perltoc don't warm me up very well...

  • lsof My what a book this is! A great command; for example to find out what application uses port 53 (UDP): lsof -iUDP:53
  • tcpdump Wahoo, this manual is easier to understand as the lsof one, but still takes some time to understand. To find out what traffic is going over eth0 port 53 UDP: tcpdump -i eht0 udp dst port 53
  • ulimit quite impressive, ulimit -a will help you.
  • ksh What did you thing, a whole shell described! That takes some space. Difficult to read by the way.
  • sudoers And that surprises me; how difficult is a sudoers file? Exactly, not that difficult.

Manpages are absolutely required. Some software projects considder a missing man page a bug. They are quite right.

Syndicate content