Repairing the initial ramdisk (initrd)

The initrd is a file located in /boot with a name like initrd.img-2.6.20-16-generic.
If your initrd becomes corrupted, or if you need to add new block device drivers to it, run the mkinitrd command. First, make sure you make a copy of your existing initrd file. Then run the following commands:

$ sudo apt-get install initrd-tools
$ sudo mkinitrd -o /boot/ initrd.img-2.6.20-16-generic

Replace the kernel version in the example above (2.6.20-1.2320.fc5) with your own kernel
version. Alternatively, to use the currently running kernel version, you can use:

$ sudo mkinitrd -o /boot/initrd.img-`uname –r` `uname –r`

Unfortunately, you will often realize that you need to rebuild your initrd after it is too late, as you witness a kernel panic during the root file system mount stage of boot. When that occurs, boot into rescue mode as described in the previous section and run mkinitrd after chrooting to the proper hard disk partition.

Shrinking an LVM Volume

You can also use the lvresize command if you want to take unneeded space from an existing
LVM volume. As before, unmount the volume before resizing it and run e2fsck (to check the file system) and resize2fs (to resize it to the smaller size):

$ sudo umount /mnt/u1
$ sudo e2fsck -f /dev/vgusb/lvm_u1
fsck 1.38 (30-Jun-2005)
e2fsck 1.38 (30-Jun-2005)

The filesystem size (according to the superblock) is 16384 blocks

The physical size of the device is 8192 blocks
Pass 1: Checking inodes, blocks, and sizes
...

/dev/vgusb/lvm_u1: 12/3072 files (8.3% non-continguous,3531/16384 blocks
$ sudo resize2fs /dev/vgusb/lvm_u1 12M Resize file system
resize2fs 1.38 (30-Jun-2005)

Resizing the filesystem on /dev/vgusb/lvm_u1 to 12288 (1k) blocks.
The filesystem on /dev/vgusb/lvm_u1 is now 12288 blocks long.

$ sudo lvresize --size 12M /dev/vgusb/lvm_u1

\WARNING: Reducing active logical volume to 12.00 MB
THIS MAY DESTROY YOUR DATA (filesystem etc.)
Do you really want to reduce lvm_u1? [y/n]: y
Reducing logical volume lvm_u1 to 8.00 MB

Logical volume lvm_u1 successfully resized

$ sudo mount -t ext3 /dev/mapper/vgusb-lvm_u1 /mnt/u1 Remount volume
$ df -m /mnt/u1 See 4MB of 12MB used

Filesystem 1M-blocks Used Available Use% Mounted on
/dev/mapper/vgusb-lvm_u1
12 4 9 20% /mnt/u1

The newly mounted volume appears now as 12MB instead of 16MB in size.

Checking Differences Between Two Files with diff

When you have two versions of a file, it can be useful to know the differences between the
two files. For example, when upgrading a software package, you may save your old configuration file under a new file name, such as config.old or config.bak, so you preserve your configuration. When that occurs, you can use the diff command to discover which lines differ between your configuration and the new configuration, in order to merge the two. For example:

$ diff config config.old

You can change the output of diff to what is known as unified format. Unified format can be easier to read by human beings. It adds three lines of context before and after each block of changed lines that it reports, and then uses + and - to show the difference between the files. The following set of commands creates a file (f1.txt) containing a sequence of numbers (1–7), creates a file (f2.txt) with one of those numbers changed (using sed), and compares the two files using the diff command:

$ seq 1 7 > f1.txt Send a sequence of numbers to f1.txt
$ cat f1.txt Display contents of f1.txt
1
2
3
4
5
6
7

$ sed s/4/FOUR/ <> f2.txt Change 4 to FOUR and send to f2.txt
$ diff f1.txt f2.txt
4c4 Shows line 4 was changed in file
< 4
---
> FOUR

$ diff -u f1.txt f2.txt Display unified output of diff
--- f1.txt 2007-09-07 18:26:06.000000000 -0500
+++ f2.txt 2007-09-07 18:26:39.000000000 -0500
@@ -1,7 +1,7 @@
1
2
3
-4
+FOUR
5
6
7

The diff -u output just displayed adds information such as modification dates and times to the regular diff output. The sdiff command can be used to give you yet another view. The sdiff command can merge the output of two files interactively, as shown in the following output:

$ sdiff f1.txt f2.txt
1 1
2 2
3 3
4 | FOUR
5 5
6 6
7 7

Another variation on the diff theme is vimdiff, which opens the two files side by side in Vim and outlines the differences in color. Similarly, gvimdiff opens the two files in gVim. NOTE You need to install the vim-gnome package to run the gvim or gvimdiff program.

The output of diff -u can be fed into the patch command. The patch command takes an old file and a diff file as input and outputs a patched file. Following on the example above, we use the diff command between the two files to generate a patch and then apply the patch to the first file:

$ diff -u f1.txt f2.txt > patchfile.txt
$ patch f1.txt < patchfile.txt
patching file f1.txt
$ cat f1.txt
1
2
3
FOUR
5
6
7

That is how many OSS developers (including kernel developers) distribute their code patches. The patch and diff commands can also be run on entire directory trees.

Replacing Text with sed

Finding text within a file is sometimes the first step towards replacing text. Editing streams of text is done using the sed command. The sed command is actually a fullblown scripting language. For the examples in this chapter, we cover basic text replacement with the sed command.

If you are familiar with text replacement commands in vi, sed has some similarities.

In the following example, you would replace only the first occurrence per line of francois with
chris. Here, sed takes its input from a pipe, while sending its output to stdout (your screen):

$ cat myfile.txt | sed s/francois/chris/

Adding a g to the end of the substitution line, as in the following command, causes every occurrence of francois to be changed to chris. Also, in the following example, input is directed from the file myfile.txt and output is directed to mynewfile.txt:

$ sed s/francois/chris/g <> mynewfile.txt

The next example replaces the first occurrences of of the text /home/bob to /home2/bob from the /etc/passwd file. (Note that this command does not change that file, but outputs the changed text.) This is useful for the case when user accounts are migrated to a new directory (presumably on a new disk), named with much deliberation, home2. Here, we have to use quotes and backslashes to escape the forward slashes so they are not interpreted as delimiters:

$ sed ‘s/\/home\/bob/\/home2\/bob/g’ < /etc/passwd

Although the forward slash is the sed command’s default delimiter, you can change the delimiter to any other character of your choice. Changing the delimiter can make your life easier when the string contains slashes. For example, the previous command line that contains a path could be replaced with either of the following commands:

$ sed ‘s-/home/bob/-/home2/bob/-’ < /etc/passwd
$ sed ‘sD/home/bob/D/home2/bob/D’ < /etc/passwd

In the first line shown, a dash (-) is used as the delimiter. In the second case, the letter D is the delimiter.

The sed command can run multiple substitutions at once, by preceding each one with -e. Here, in the text streaming from myfile.txt, all occurrences of francois are changed to FRANCOIS and occurrences of chris are changed to CHRIS:

$ sed -e s/francois/FRANCOIS/g -e s/chris/CHRIS/g < myfile.txt

You can use sed to add newline characters to a stream of text. Where Enter appears, press the Enter key. The > on the second line is generated by bash, not typed in.

$ echo aaabccc | sed ‘s/b/\Enter
> /’
aaa
ccc

The trick just shown does not work on the left side of the sed substitution command. When you need to substitute newline characters, it’s easier to use the tr command.

Finding packages with APT

Finding Packages with APT

Now that a new repository is set up, you can query for new software you can add:

$ apt-cache search picasa

picasa - Picasa is software that helps you instantly find, edit and share all the pictures on your PC. You can also ask APT to show info about this Picasa package:

$ apt-cache show picasa
Package: picasa
Version: 2.2.2820-5
...

Just how much extra software will Picasa require to be updated? Check for dependencies with the following:

$ apt-cache depends picasa
picasa
Depends: libc6

If you are working at the command line with Ubuntu (Feisty Fawn), you may see a locale error messages like one of these while trying to install packag

These repositories now come enabled by default with Ubuntu, so doing updates and searching for software will turn up many more options. One concern you may have, however, is that support, licensing, and patches may not be available for the universe and multiverse repositories. This could be a problem if you are considering an installation where you need to adhere to certain policies and procedures.

To disable the universe or muliverse repositories, open the file /etc/apt/sources .list in a text editor and comment out the lines which have multiverse or universe components enabled. You may want to initial the comments to make note of what you commented out, as shown by the

#cn in the following examples:
#cn deb http://us.archive.ubuntu.com/ubuntu/ feisty universe
#cn deb-src http://us.archive.ubuntu.com/ubuntu/ feisty universe
#cn deb http://us.archive.ubuntu.com/ubuntu/ feisty multiverse
#cn deb-src http://us.archive.ubuntu.com/ubuntu/ feisty multiverse
#cn deb http://security.ubuntu.com/ubuntu feisty-security universe
#cn deb-src http://security.ubuntu.com/ubuntu feisty-security universe
#cn deb http://security.ubuntu.com/ubuntu feisty-security multiverse
#cn deb-src http://security.ubuntu.com/ubuntu feisty-security multiverse

Likewise, if you want to add extra repositories that may be offered by individuals or companies, you can do so by adding a line to the /etc/apt/sources.list file. To edit this file, you must have root permissions:

$ sudo vi /etc/apt/sources.list

Insert a line starting with deb (for pre-built packages) or deb-src (for source packages), then the URL for the repository, along with the distribution (such as feisty above), and the component descriptions (universe in the examples). Typically, you'll describe components as contrib for contributed (that is, not from the Ubuntu project) and free or non-free. Normally, you should receive all this information from the site that offers the repository.

If you do add other third-party repositories, be sure to look into the authenticity of the entity offering the software before modifying your Linux system. Although it’s not a big problem with Linux these days, it is easy to add broken or malicious software to your system if you do not exercise care and reasonable caution.

Only use software from well-known sources, and always have a means to verify software you download prior to installing. For more information on software repositories, see the Debian Repository HOWTO (www.debian.org/doc/manuals/repositoryhowto/repository-howto).

An example from the HOWTO document follows:

deb ftp://sunsite.cnlab-switch.ch/mirror/debian/ unstable main contrib non-free

Handling Locale Error Messages

If you are working at the command line with Ubuntu (Feisty Fawn), you may see a locale error messages like one of these while trying to install packages:

perl: warning: Setting locale failed.
perl: warning: Please check that your locale settings:
locale: Cannot set LC_CTYPE to default locale: No such file or directory

This seems to be a problem related to the installed language settings, or something with internationalized encoding in general. One workaround you can use to keep things satisfied is to export the LC_ALL environment variable and set it the same as your LANG setting.

$ export LC_ALL=”$LANG”

There are several other possible workarounds on the help sites, but this one will be the easiest to undo in case the cure causes more problems than the condition. It should also work regardless of what language you speak. Note that you will have to run this command every time you open a local or ssh shell. You can automate this task by placing the command in your ~/.bashrc file.

Configure Samba with anonymous file share access in freebsd

You might want to share files with your windows clients. Samba will allow you to do so. First let's install it:

cd /usr/ports/net/samba3
make install clean

Now that its installed add the following line to /etc/rc.conf:

samba_enable="YES"

Now we need to create the samba configuration file.

cd /usr/local/etc
vi smb.conf

The amount of configuration required for Samba is actually quite minimal. Add the following lines to the new file we just created:

[global]
workgroup = MSHOME
passdb backend = tdbsam

[global] marks the beginning of global configuration, and we will simply name our server Samba Server. For our "workgroup," WORKGROUP is the default for Windows NT clients, and MSHOME is used by win9x clients. Nevertheless, feel free to choose any alternative. (Unless you want to serve files to a Windows XP Home client--due to limitations in XP Home that do not exist in XP Pro, a Windows XP Home client can only share files with computers in the workgroup MSHOME). The passdb is used to store passwords for samba users - we will use tdbsam.

At this point you will have to make a decision of whether or not you want anonymous or password based access to your samba server. If you want your server to require password authentification, add the following lines to our smb.conf file:

;User-Based Configuration
security = user

[share]
path = /big/samba
read only = no
valid users = xaenn

By choosing security level user, users must login in order to access our Samba server. [share] defines our samba share (you may have any number of samba shares, in order to give different access to different users, however, we will simply demonstrate one). The path determines in what directory on your system the share will reside - be sure you have sufficient space depending on what you intend to share with Samba. We want to enable write access, because we will later create one readable and one writable directory. Finally, list the valid users, in this case, only xaenn may login to this share.

If, on the other hand, you want to allow anyone to share files with your server anonymously, add the following lines to smb.conf instead:

;Anonymous Configuration
security = share
guest account = pcguest

[share]
path = /big/samba
read only = no
guest ok = yes

By choosing security level share, users do not need to login in order to access our Samba server. We define the guest account as pcguest. [share] defines our samba share. The path determines in what directory on your system the share will reside - be sure you have sufficient space depending on what you intend to share with Samba. We want to enable write access, because we will later create one readable and one writable directory. Finally, we enable guest access to this share.

Save your changes and exit the file. Now we will setup the directory structure for our share:

mkdir /big/samba
cd /big/samba
mkdir in pub
chown nobody in
chmod 5777 in

Within our /big/samba directory, we created two subdirectories: "in" and "pub". We allow all users to write to in, but we don't allow anyone other than the system root to write to pub - it is our place for sharing files with other users.

Now it's important that the users you added to our Samba configuration actually exist on the system. If you used your own username, then obviously it will already be a user on your system. However, if you decided to use "pcguest" chances are you will need to create this account.

fongsaiyuk# adduser
Username: pcguest
Full name: Guest
Uid (Leave empty for default):
Login group [pcguest]:
Login group is pcguest. Invite pcguest into other groups? []:
Login class [default]:
Shell (sh csh tcsh bash zsh rzsh nologin) [sh]: nologin
Home directory [/home/pcguest]:
Use password-based authentication? [yes]: no
Lock out the account after creation? [no]:
Username : pcguest
Password :
Full Name : Guest
Uid : 1003
Class :
Groups : pcguest
Home : /home/pcguest
Shell : /usr/sbin/nologin
Locked : no
OK? (yes/no): yes
adduser: INFO: Successfully added (pcguest) to the user database.

Now we then have to add this user to Samba (even if you didn't create a new user above, you will have to follow this step for any users in your Samba configuration - xaenn or pcguest, depending on which you used.

pdbedit -a -u pcguest

For pcguest just hit 'Enter' at the prompts for "new password" and "retype new password". (This will leave the password blank, which is what we want for anonymous access). For a normal user choose an appropriate password. You should then see a bunch of statistics about the new user we added.

Now we can start Samba

/usr/local/etc/rc.d/samba start

Or at anytime if you change something in smb.conf and need your new settings to take effect.

/usr/local/etc/rc.d/samba restart

Windows users should now have user (login) or anonymous (guest) access to our Samba share, depending on which configuration was used. If you run into problems, you can test your share with the following command:

smbclient //bsd/share

You can also test your configuration file for errors by typing:

testparm

How to SCP files with out password using keys

This small HowTo will explain how to setup key-based authentication for password-less SSH and SCP usage.

This HowTo does assume the reader has some basic knowledge of ssh and a terminal, and is using an operating system that implements SSH. If you're using a Windows OS and want to use SSH, try PuTTY. For Putty, see key-based auth with Putty.

In the examples that follow please substitute 'servername' , 'ipaddress' and 'username' with the proper information for your setup. I have included a list of weblinks for the words in italic at the end of this document.

Step 1. Verify that you can connect normally (using a password) to the server you intend to setup keys for:

#### Examples ####

user@homebox ~ $ ssh username@'servername'

# Or:

user@homebox ~ $ ssh username@'ipaddress'

# If your username is the same on both the client ('homebox') and the server ('servername'):

user@homebox ~ $ ssh 'servername'

# Or:

user@homebox ~ $ ssh 'ipaddress'

# If this is your first time connecting to 'servername' (or 'ipaddress'), upon establishing a connection with the
# server you'll be asked if you want to add the servers fingerprint to the known_hosts file on your computer.
# Press 'enter' to add the fingerprint.

Step 2. Now that you're connected to the server and verified that you have everything you need for access (hopefully), disconnect by typing 'exit' .

#### Examples ####

user@servername ~ $ exit

# You should be back at:

user@homebox ~ $

Step 3. The next step is to copy a unique key generated on your 'homebox' to the server you are connecting too. First, before you generate a new key, check to see if you already have a key:

#### Example ####

user@homebox ~ $ ls -l ~/.ssh
total 20
-rwx--xr-x 1 user user 601 Feb 2 01:58 authorized_keys
-rwx--xr-x 1 user user 668 Jan 1 19:26 id_dsa
-rwx--xr-x 1 user user 599 Jan 1 19:26 id_dsa.pub
-rwx--xr-x 1 user user 6257 Feb 2 21:04 known_hosts

# The file we need to copy to the server is named id_dsa.pub. As you can see above, the file needed exists. You may or may not have other files in ~/.ssh as I do. If the key doesn't exist, however, you can make one as follows:

#### Example ####

user@homebox ~ $ ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/home/user/.ssh/id_dsa): # Press 'enter' here
Enter passphrase (empty for no passphrase): # Press 'enter' here
Enter same passphrase again: # Press 'enter' here
Your identification has been saved in /home/user/.ssh/id_dsa.
Your public key has been saved in /home/user/.ssh/id_dsa.pub.
The key fingerprint is:
6f:c3:cb:50:e6:e9:90:f0:0f:68:d2:10:56:eb:1d:91 user@host

# Entering a password when asked during the key generation processes when prompted would require you to enter a password each time you SSH/SCP to the server which defeats the purpose of this document.

Step 4. Regardless whether you had a key ready to go or if you had to generate a new key, the next step is the same in either case. Now you're ready to copy the key to the server. Do so like this:

#### Example ####

user@homebox ~ $ ssh-copy-id -i ~/.ssh/id_dsa.pub user@'servername' (or 'ipaddress')

# If you are asked weather or not you wish to continue, say yes.

Step 5. Now it's time to test the setup. To do that, try to ssh to the server:

#### Example ####

user@homebox ~ $ ssh 'servername' (or 'ipaddress')

# You should log in to the remote host without being asked for a password.

Step 6. You can now SSH or SCP to the remote host without having to enter a password at each connection. To make sure your public key stays secure from prying eyes, do the following to change permissions and restrict access on 'homebox' and also on 'servername' to ~/.ssh:

#### Example ####

user@homebox ~ $ chmod 600 ~/.ssh/id_dsa ~/.ssh/id_dsa.pub

# Verify the permissions on the files:

#### Example ####

user@homebox ~ $ ls -l ~/.ssh
-rw------- 1 user user 668 Feb 4 19:26 id_dsa
-rw------- 1 user user 599 Feb 4 19:26 id_dsa.pub

Links

1. OpenSSH

2. known_hosts

3. fingerprint