Tag Archive : slackware

/ slackware

Setup Slackware as Basic TFTP Server

December 11, 2015 | Article | No Comments

TFTP or Trivial File Transfer Protocol is a transfer protocol notable for its simplicity. TFTP is generally used for automated transfer of configuration or boot files between machines in a local environment, such as routers and PXE (Preboot eXecution Environment) mechanism. Compared to FTP, TFTP is extremely limited, providing no authentication and is rarely used interactively by a user.

There are many TFTP implementations, such as:

  • GNU inetutils
  • tftp-hpa
  • atftp
  • tftp-server
  • etc…

In this article, we will discuss about how to set Slackware as a basic  TFTP server. In specific, we will use tftp-hpa which is included by default. This article is tested using Slackware64 14.0 and tftp-hpa.

Upgrade or Not?

Slackware has shipped a TFTP server by default which is tftp-hpa. The version is 0.49. However we can install the latest tftp-hpa with simple process. If you decided to install the latest version, follow this section. Otherwise you can skip to next section.

Download the latest version of tftp-hpa here: www.kernel.org/pub/software/network/tftp/tftp-hpa/. The latest version is 5.2 which can be downloaded here: www.kernel.org/pub/software/network/tftp/tftp-hpa/tftp-hpa-5.2.tar.xz

Now invoke following series of command to build TFTP (server and client):

tar -Jxf tftp-hpa-5.2.tar.xz
cd tftp-hpa-5.2
./configure --prefix=/usr
make
cd tftp && strip --strip-unneeded tftp
cd ../tftpd && strip --strip-unneeded tftpd
cd ..

Now install it (make sure you are using root privileges):

make install

Set up

By default, the inetd use /tftpboot directory as root directory of the TFTP server. We can however change the directory to something else. Make sure the directory exists, whichever directory you use.

Suppose we want to use /usr/local/tftpboot as root directory:

mkdir -p /usr/local/tftpboot

Then we give a proper permission:

chmod +777 /usr/local/tftpboot
chown nobody /usr/local/tftpboot

Next we add the following entry to the /etc/inetd.conf file as a single line. Or you can edit it and make sure it’s uncommented.

tftp  dgram   udp     wait    root    /usr/sbin/in.tftpd  in.tftpd -s /usr/local/tftpboot -r blksize

Then, restart the inetd using root privileges.

/etc/rc.d/rc.inetd restart

Testing

Now, let’s testing our TFTP server. In our simple scenario, we will create a plain text and fill something there. Then we will download it via tftp.

echo "Xathrya was testing the TFTP server" >> /usr/local/tftpboot/test.txt

To download it, use:

tftp 127.0.0.1 -c get test.txt

And see in current directory, whether we have successfully download it:

cat test.txt

It should print out “Xathrya was testing the TFTP server”.

Installing PostGIS From Source on Slackware64

December 11, 2015 | Article | No Comments

PostGIS is a spatial database extender for PostgreSQL object-relational database. It adds support for geographic objects allowing location queries to be run in SQL. In effect, PostGIS “spatially enables” the PostgreSQL server, allowing it to be used as a backend spatial database for geographic information systems (GIS).

PostGIS is a free open source project, licensed under GNU GPLv2.

In this article, we will discuss about how to install PostGIS on Slackware64. For this purpose, we will use following materials:

  1. Slackware64 14.0
  2. PostgreSQL 9.3.5
  3. GEOS 3.4.2
  4. GDAL 1.11
  5. Proj 4.8.0
  6. JSON-C 0.11
  7. PostGIS 2.1.3

Obtain Materials

PostgreSQL is a DBMS which can be freely downloaded from PostgreSQL. Or download the latest version 9.35 here.

GEOS is Geometry Engine – Open Source, a C++ post of the Java Topology Suite (JTS). To download it, go to GEOS page or download GEOS 3.4.2 from here.

GDAL is Geospatial Data Abstraction Library. To download it, go to GDAL page or download GDAL 1.11 from here.

PROJ4 is a cartographic projections library. To download it, go to PROJ4 page or download PROJ 4.8.0 from here.

JSON-C is a library to read/write JSON objects in C. To downloat it, download JSON-C directly from here.

Now, our main dish. Download PostGIS from PostGIS page, or download it directly from here.

In the end of this section, you should have:

  1. postgresql-9.3.5.tar.bz2
  2. geos-3.4.2.tar.bz2
  3. gdal-1.11.0.tar.xz
  4. proj-4.8.0.tar.gz
  5. json-c-0.11.tar.gz
  6. postgis-2.1.3.tar.gz

Install

Dependency

We will install all dependency in this order:

  1. PostgreSQL
  2. GEOS
  3. GDAL
  4. PROJ4
  5. JSON-C

All the installation procedure will require root privilege.

Installation of PostgreSQL has been discussed in different article. See here to read it. You can also skip it if you have already installed PostgreSQL.

Next, install GEOS.

tar -jxf geos-3.4.2.tar.bz2
cd geos-3.4.2
./configure
make -j4
make install

Next, install GDAL.

tar -Jxf gdal-1.11.0.tar.xz
cd gdal-1.11.0
./configure
make -j4
make install

Next, install PROJ4.

tar -zxf proj-4.8.0.tar.gz
cd proj-4.8.0
./configure
make -j4
make install

When building PROJ4, you might encounter error like this:

jniproj.c:52:26: fatal error: org_proj4_PJ.h: No such file or directory

To solve it, go to src directory and edit jniproj.c then change this line

#include "org_proj4_PJ.h"

to

#include "org_proj4_Projections.h"

then resume the installation.

Next, install JSON-C. There is option to use the JSON-C from their github, but when I try it, it would break as JSON-C has removed some macro and functions. So let’s use it as is.

tar -zxf json-c-0.11.tar.gz
cd json-c-0.11
./configure
make -j4
make install

Now we are ready to install PostGIS.

PostGIS

Installing PostGIS is straightforward.

tar -zxf postgis-2.1.3.tar.gz
cd postgis-2.1.3
./configure
make -j4
make install

Installation finished. You should have PostGIS installed and ready.

Configuration

Enabling PostGIS

PostGIS is an optional extension that must be enabled in each database you want to use it before you can use it. Installing the software is just the first step. And do not install it in the database called “postgres”.

Connect to database using psql. Run the following SQL:

-- Enable PostGIS (includes raster)
CREATE EXTENSION postgis;
-- Enable Topology
CREATE EXTENSION postgis_topology;
-- fuzzy matching needed for Tiger
CREATE EXTENSION fuzzystrmatch;
-- Enable US Tiger Geocoder
CREATE EXTENSION postgis_tiger_geocoder;

Example of Spatial SQL

-- Create table with spatial column
CREATE TABLE mytable ( 
  id SERIAL PRIMARY KEY,
  geom GEOMETRY(Point, 26910),
  name VARCHAR(128)
); 

-- Add a spatial index
CREATE INDEX mytable_gix
  ON mytable 
  USING GIST (geom); 

-- Add a point
INSERT INTO mytable (geom) VALUES (
  ST_GeomFromText('POINT(0 0)', 26910)
);

-- Query for nearby points
SELECT id, name
FROM mytable
WHERE ST_DWithin(
  geom, 
  ST_GeomFromText('POINT(0 0)', 26910),
  1000
);

PostgreSQL, often simply “Postgres”, is an object-relational database management system (ORDBMS) with an emphasis on extensibility and standards-compliance. With more than 15 years of development history, it is quickly becoming the de facto database for enterprise level open source solutions.

In this article we will discuss about how to install PostgreSQL from source on Slackware64. Our objective is to make PostgreSQL installed and running on our machine.

The PostgreSQL we will use is the PostgreSQL 9.3.5

Obtain Material

The PostgreSQL is freely distributed under open source flag. You can go to PostgreSQL download page to obtain the source code. For version 9.3.5, we can download directly from here.

Installation

Extract the source code and go to that directory.

tar -jxf postgresql-9.3.5.tar.bz2
cd postgresql-9.3.5

Installation is using usual procedure in unix family: configure, make, install. Note that we are using /usr/local as our installation directory (where the PostgreSQL will reside). You can change it to anything you like. Root privileges is not necessary for compilation process, however it is need to install it to our directory /usr/local. If you choose to install it to non-root privileged area, you can drop the “su -c” thing.

./configure --prefix=/usr/local
make -j4
su -c "make install"

At this point, PostgreSQL is installed, but can’t yet be operational. Let’s do configuration.

Configuration

PostgreSQL User Account

We need a “postgres” user and group prior to building PostgreSQL. Do this using root privilege.

groupadd postgres
useradd -d /var/lib/pgsql postgres
passwd postgres

PostgreSQL Data Directory

Now we need to create PostgreSQL data directory if not exist. The data directory should be owned by postgres user.

mkdir /var/lib/pgsql/data
chown -Rf postgres:postgres /var/lib/pgsql

Initialize the directory. Before we can start creating any PostgreSQL database, the empty directory created above should be initialized.

su - postgres
/usr/bin/initdb -D /var/lib/pgsql/data

Next, validate the PostgreSQL data directory. Make sure all Postgres DB configuration file are created under the data directory.

Start PostgreSQL database. There are two ways to do it: using postmaster to do it, or invoking script.

/usr/bin/postmaster -D /var/lib/pgsql/data

or

/etc/rc.d/rc/postgres start

PostgreSQL Service

To make PostgreSQL run as service, we should make the init script executable.

chmod +x /etc/rc.d/rc.postgres

First Login

Let’s try our fresh build PostgreSQL.

psql -U postgres

where postgres is user account we have created before.

This is short notes on how I create a dual boot machine with Windows 8 and Slackware64. Both are 64-bit operating system and will be installed on UEFI-based computer with GPT disk layout.

Actually I do this around in earlier year 2013, so this article might not up to date. However it should work because we use general method.

In this article, i use:

  1. Microsoft Windows 8 64-bit, installation disc
  2. Slackware64 14.0, installation disc
  3. Lenovo Ideapad Z480
  4. USB disk

Note that I do the scenario (would be) mentioned because my machine is fresh and I will do it from scratch.

About Machine

Lenovo Ideapad Z480 has following specification (main):

  1. Intel Core i7-3632QM
  2. RAM 4 GB
  3. HDD 1TB
  4. Video RAM NVidia GeForce GT640

However, I also give addition to RAM so in result I have 8GB RAM.

At default, it is not using UEFI so I activated UEFI capability.

I also convert the disk format from MBR to GPT, however I do this later.

General Overview

The problem arise before me is the fact that the Windows 8 installation DVD not support UEFI yet. Therefore I cannot boot the DVD in UEFI.And also, Windows 8 cannot be installed on GPT disk, yet. At that time Slackware also does not support UEFI, yet. But, it can be installed in GPT partition, good thing to know. Therefore I need a bootable USB disk to boot Slackware then create everything I need for installing Linux.

The scenario in this article:

  1. Create partition
  2. Install Windows 8 while the disk still use MBR layout.
  3. Install Slackware64 14.0 with GPT disk
  4. Finalizing, installing and configuring bootloader

Preparation

I use a companion Linux in bootable USB stick. I create a USB stick with UEFI capable. You can download it from here.

Make a partition for USB stick with FAT32 partition and boot flag enabled. You can use either gparted or gdisk (in Linux) to accomplish it.

Just extract what inside the archive to USB stick. Make sure there are two folders: EFI and Slackware64.

Step 1: Create Partition

Boot the machine using Windows installer DVD. I need to create a partition for MBR disk. In my case I create these primary partitions:

  1. boot partition, located on partition 1 with FAT32 file system, takes about 100MB.
  2. Reserved partition, used by Windows, create it for 350MB capacity.
  3. Windows partition, NTFS, I use 100GB
  4. Linux Partition, unallocated, I use 100GB

Those are the partition I need at the moment. The rest will be create at finalizing stage.

Here, once the Windows 8 installation DVD is booted, do normal installation routine. Once we got on media selection (where we install Windows), press [Shift] + F10. This will bring command prompt. Invoke following command:

diskpart

Now we will do partitioning. I’m using only one disk, so the disk should be recognized as disk 0. Also, I don’t use GPT at this section, it would be after installation of Windows 8.

select disk 0
clean

create partition primary size=100
format quick fs=fat32 label="System"

create partition msr size=350
format quick fs=ntfs

create partition primary size=100000
format quick fs=ntfs

create partition primary size=100000

Step 2: Installing Windows 8

Still using Windows 8 installation DVD, exit the command prompt. Now I’m refreshing the list so we will know all of the partition available.

I continue installing Windows like usual on partition 3.

Once the installation finish, go to step 3.

Step 3: Installing Slackware64

I need to do some preparation first. Therefore, there would be some subsections for this.

Convert MBR to GPT

Boot the USB stick.

Conversion is inherently risky. For safety, I backup the original configuration before converting the disk. The MBR itself is stored on the first sector of the disk and can be backed up with dd by:

dd if=/dev/sda of=backup.mbr bs=512 count=1

Then I run gdisk for disk on /dev/sda

gdisk /dev/sda

Follow the option menu for conversion MBR to GPT, and I done.

Prepare the Installation Environment

Mount the USB stick. I accomplish this by invoking following command:

mkdir /src
mount /dev/sdb1 /src

Invoke setup and adjust the setting like normal installation until you reach installation media stage.

Press ALT+F2 to switch to another screen (or another tty).

Install temporary system using USB stick. Invoke these commands:

cd /src/slackware64
installpkg -root /mnt [az]*/* cd

Installation

Now, back to our main setup and choose install from CD/DVD. Also, I won’t use LILO, instead I use ELILO. So I don’t install LILO.

After installation is finished, I don’t restart the machine immediately. Instead, I go to last step: Finalizing.

Step 4: Finalizing

First, make sure we are still boot the machine using USB stick, then load following command:

modprobe efivars

Also, I need to mount the boot partition

mount /dev/sda1 /mnt/boot/efi

Add Bootstrap to Slackware

I invoke following command. Note that these commands should be invoked as is, even a dot matters. If you remember, the Slackware is installed on 4th partition.

mount /dev/sda4 /mnt/root
cd /mnt/boot/efi
cp -rvf /src/EFI /mnt/boot/efi
cd /mnt/boot/efi/EFI
mv BOOT Slackware
cd Slackware
mv bootx64.efi elilo.efi
cp /mnt/root/boot/vmlinuz-huge-3.2.29 .
vi elilo.conf

And I configure the elilo.conf:

prompt
image = vmlinuz-huge-3.2.29
label = Slackware
root = /dev/sda4

And register boot so that machine can boot Slackware.

cd /mnt
usr/bin/efibootmgr -c -L "XathryaSlackBoot" -l "\\EFI\\Slackware\\elilo.efi"

Add Bootstrap to Windows

Eject the Slackware installation disc and insert Windows 8 installation disc. I need to copy all files needed to boot EFI from Windows 8 disc.

cd /mnt/boot/efi
mkdir /mnt/disc
mount /dev/sd1 /mnt/disc
cp -R /mnt/disc/efi/microsoft /mnt/boot/efi

That will copy “microsoft” folder and whole of it’s content to /mnt/boot/efi (which is my mounted efi boot partition).

Now, to create a bootstrap we first need to restart the machine and boot with Windows 8 installation DVD. What we will do is repair the Windows 8 EFI bootloader.

I do normal installation sequence method until I was prompted with list of volumes / partitions. Now press [Shift] + F10. A new command prompt appear.

Now invoke following command, which will bring me to diskpart (disk partition) program:

diskpart

My disk is only one, so I will use disk 0.

sel disk 0

Because the EFI partition is the very first partition (/dev/sda1), it should be registered as earlier volume. However, it doesn’t have drive letter, so I will give it one.

diskpart

sel vol 1
assign letter b:

The attempt is successful and I’m prompted by a message which tell me that the volume has been assign to letter B. Now leave the diskpart with exit command. Go to the EFI partition and add the EFI bootstrap.

cd /d b:\EFI\Microsoft\Boot\
bootrec /fixboot
ren BCD BCD.bak
bcdboot C:\Windows /l en-us /s B: /f ALL

bootrec (boot recover) will fix the UEFI bootloader.

bcdboot will be used to recreate BCD store. The C:\Windows is path where Windows is installed and B: is drive of my EFI partition. The “/f ALL” parameter updates the BIOS settings including UEFI firmware/NVRAM while /l en-us is to localize for US locale (US English).

Add More Partitions

I need more partitions so I create them. I use gdisk for this.

Installing Slackware ARM on QEMU

December 9, 2015 | Article | 1 Comment

Slackware ARM is an slackware port to ARM processor.

In this article, we will discuss about installing Slackware for ARM using QEMU on top of Slackware64. On this article we will use:

  1. Slackware64 14.0 (as host)
  2. QEMU 14.0
  3. Slackware for ARM (as guest)

Although we have experiment on Slackware64, you can do this in any platform which has installed QEMU.

Obtaining the Materials

First, make sure you have installed QEMU. On Linux you can follow this article. Although we don’t use Windows on this article, you can also install QEMU on Windows using this article.

Create a working directory, let’s say SlackARM. Adjust following command with your own:

mkdir -p ~/run
mkdir -p ~/SlackwareARM

SLACKARM="~/SlackwareARM"
WORKINGDIR="~/run"

cd $SLACKARM
mkdir -p kernels/versatile isolinux slackware
cd slackware
mkdir a l

cd $WORKINGDIR
mkdir hdd

We need a kernel, a also a working initrd.

cd $SLACKARM/kernels/versatile
wget -c "ftp://ftp.arm.slackware.com/slackwarearm/slackwarearm-14.0/kernels/versatile/zImage-versatile"
wget -c "http://xecdesign.com/downloads/linux-qemu/kernel-qemu"
cd $SLACKARM/isolinux
wget -c "ftp://ftp.arm.slackware.com/slackwarearm/slackwarearm-14.0/isolinux/initrd-versatile.img"

Next, create a QEMU hard disk which will be used by our Slackware:

cd $WORKINGDIR/hdd
qemu-img create -f raw slackhdd.img 2G

A 2GB disk is sufficient for our experiments. Then go to $SLACKARM/slackware and downloads following packages from here. For simplicity, We only need a packages and l packages. The packages on “a packages” must be downloaded to “a directory“, while l package must be downloaded to l directory. Remember that both directory should be stored on “slackware” directory. Here is the list:

“a” packages ($SLACKARM/slackware/a)

  1. aaa_base-14.0-arm-4.tgz
  2. aaa_elflibs-14.0-arm-2.tgz
  3. aaa_terminfo-5.8-arm-1.tgz
  4. bash-4.2.037-arm-1.tgz
  5. bin-11.1-arm-2.tgz
  6. coreutils-8.19-arm-1.tgz
  7. e2fsprogs-1.42.6-arm-1.tgz
  8. etc-14.0-arm-1.tgz
  9. kernel-modules-versatile-3.4.11_versatile-arm-1.tgz
  10. kernel_versatile-3.4.11-arm-1.tgz
  11. pkgtools-14.0-noarch-2.tgz
  12. shadow-4.1.4.3-arm-6.tgz
  13. sysvinit-2.88dsf-arm-2.tgz
  14. sysvinit-functions-8.53-arm-1.tgz
  15. sysvinit-scripts-2.0-noarch-9.tgz
  16. util-linux-2.21.2-arm-3.tgz

“l” packages ($SLACKARM/slackware/l)

  1. glibc-2.15-arm-8.tgz

Make iso files with content of isolinux, kernels, and slackware. Do following command:

cd $SLACKARM
mkisofs -udf -o $WORKINGDIR/slackware-arm-14.0.iso -R -J -V "Slackware ARM 14.0" -hide-rr-moved -v -d -N -A "Slackware ARM 14.0" .

Notice the trailing dot as part of command. When done, a new iso file slackware-arm-14.0.iso will be created on $SLACKARM. My iso size is 94.7 MB.

Running the System

With initrd, kernel, and ISO file, let’s march to last step which is running the system. Do followings:

cd $WORKINGDIR
qemu-system-arm -m 512 -M versatilepb -kernel $SLACKARM/kernels/versatile/zImage-versatile \
-initrd $SLACKARM/isolinux/initrd-versatile.img -hda hdd/slackhdd.img -cdrom slackware-arm-14.0.iso

Some error messages might shown such as:

/bin/grep: No such file or directory

But don’t worry, if you follow this article you now have SlackwareARM installed on QEMU.

You can proceed like you always do in Slackware installation. Once you done the installation, just quit QEMU.

To boot QEMU for normal operation (not installation), do:

qemu-system-arm -M versatilepb -kernel $SLACKARM/kernels/versatile/kernel-qemu \
-hda hdd/slackhdd.img -append 'root=/dev/sda1' \
-no-reboot -serial stdio

Have fun!

Note: You can also use the slackware-current instead of slackware-14.0. I will leave this as an exercise

Using Extended Filesystem Access Control List

December 9, 2015 | Article | No Comments

Access Control List, or ACL, is a simple security mechanism but most likely implemented on any system. Not to mention, it is also implemented on various filesystem, including ext2, ext3, ext4 and also XFS.

In earlier article, we have discussed about simple permission on UNIX Operating System. In this article we will discuss about using Extended Access Control List on Filesystem for permission. In this article I use:

  1. Slackware64 14.0
  2. XFS

ACL and POSIX

As seen on this article, traditional POSIX file system object permission model defines three classes of users: owner, group, and other. Each of these classes is associated with a set of permission.

The owner class permissions define access privileges to the object (file/folder) owner. The group refers to the owning groups and thus the group permissions defines action can be done by owning group of file. When a user is not either owner or group owner of file, s/he simply referred as other and having other permissions on the file.

The permissions are defined as read, write, and execute an object and denote as r, w, x.

An Extended-ACL consists of a set of entries. The permissions of each file system object have an ACL representation, even in the minimal. On traditional ACL, there are owner, group, and other permissions. One for each class. In Extended ACL, every class might has one or more entries defined. In ACL, default permission entries are calle minimal ACL.

Extended-ACL also contain a mask entry and may contain any number of named. user and named group entries.

So what makes Extended-ACL good?

Extended-ACL can control permission in detail. Using Extended-ACL we can specify what user can do, or what group can do.

Let take an example of this. Let say there are three user: xathrya, marina, and elisa. All of them are on group developer. A file “secret.txt” is created and owned by xathrya. Xathrya want to restrict marina from reading the file, while elisa is restricted to writing the file. Then there is no restriction for marina to write file and elisa to read the file. Using file permission, xathrya can set the permission to 760 so only him can alter the file. But as a fellow group member, marina and elisa can also alter the file. If xathrya alter the file permission to 740, elisa is restricted from writing the file but marina is not restricted to reading. If xathrya use 720, the other condition applies.

Using Extended-ACL, xathrya can precisely set restriction on marina and elise. On account marina, xathrya can put ban for her to read while he can also put ban for elise to write. So that we can have permission -w- specific to marina and r– for elisa. This is the power of Extended-ACL.

The Classes

Generally, Extended-ACL defines six classes of entry, instead of well-known three class as in traditional permission system. They are:

Entry type Text Form
Owner user::rwx
Named user user:name:rwx
Owning group group::rwx
Named group group:name:rwx
Mask mask::rwx
Others other::rwx

As seen there, what is mask? Before we discuss that, let’s get deeper into new class named user and named group.

Named group and named user entries are assigned to the group class, which already contains the owning group entry. Different from the traditional permission model, the group class may now contain ACL entries with different permission sets, so the group class permissions alone are no longer sufficient to represent all the detailed permissions of all ACL entries it contains.

Well, let say that on earlier model, all group user are bound together using group permission. So one permission will be applied to all of group member. However in Extended-ACL, user is not bounded in that manner.

Therefore, the meaning of the group class permissions is redefined: under their new semantics, they represent an upper bound of the permissions that any entry in the group class will grant.

This upper bound property ensures that POSIX.1 applications that are unaware of ACLs will not suddenly and unexpectedly start to grant additional permissions once ACLs are supported.

In minimal ACLs (traditional), the group class permissions are identical to the owning group permissions. In Extended-ACLs, the group class may contain entries for additional users or groups. This results in a problem: some of these additional entries may contain permissions that are not contained in the owning group entry, so the owning group entry permissions may differ from the group class permissions.

This problem is solved by the virtue of the mask entry. With minimal ACLs, the group class permissions map to the owning group entry permissions. With Extended-ACLs, the group class permissions map to the mask entry permissions, whereas the owning group entry still defines the owning group permissions. The mapping of the group class permissions is no longer constant.

Dive into Extended-ACL

On default, for every file creation a standard traditional permission model is used to “stamp” files. We can set Extended-ACL later.

Now, let’s start by cerating a directory and checking its permission. The umask determines which permissions will be masked off then the directory is created. A umask 027 disables write access for the owning group; and read,write,execute access for others.

$ umask 027
$ mkdir dir
$ ls -dl dir
drwxr-x--- ... xathrya users ... dir

The string “rwxr-x--” represents the resulting permissions for the new directory: read, write, and execute access for the owner and read and execute access for the owning group. The dots in the output of ls stand for text that is not relevant here and has been removed.

These base permissions have an equivalent representation as an ACL. ACLs are displayed using the getfacl command.

$ getfacl dir
# file: dir
# owner: xathrya
# group: users
user::rwx
group::r-x
other::---

The first three lines of output contain the file name, owner, and owning group of the file as comments. Each of the following lines contains an ACL entry for one of the three classes of users: owner, group, and other. And that is a traditional permission model.

Now we will grants read, write access to user Marina in addition to the existing permissions. For that, the -m (modify) argument of setfacl is used. The resulting ACL is again shown using the getfacl command. The -omit-header option to getfacl suppresses the three-line comment header containing the file name, owner, and owning group to shorten the examples shown.

$ setfacl -m user:marina:rw dir
$ getfacl --omit-header dir
user::rwx
user:marina:rw
group::r-x
mask::rwx
other::---

Two additional entries have been added to the ACL: one is for user Marina and the other is the mask entry. The mask entry is automatically created when needed but not provided. Its permissions are set to the union of the permissions of all entries that are in the group class, so the mask entry does not mask any permissions.

Now, to grant only read permission to Elisa, we can also do:

$ setfacl -m user:elisa:r-- dir
$ getfacl --omit-header dir
user::rwx
user:marina:rwx
user:elisa:r--
group::r-x
mask::rwx
other::---

Now, let see what these commands (one line per command) will do:

setfacl -d -m group:developer:r-x tools
setfacl -m user:root:--- supersecret.txt
setfacl -m user:marina:r-- file.txt

Now, how to remove an ACL entry from a file? There is a simple command to do so. For example, we want to lift ban from Marina on file.txt then we invoke following:

setfacl -x user:marina file.txt

Yes, as simple as that 😀

Split and Join Files in Linux

December 7, 2015 | Article | No Comments

Sometimes, we are in situation where a large file is too large to be stored on a single Flash Drive. Or maybe our file is too big to be and exceed file size limit. In these cases we need to split file into smaller files.

Fortunately, Linux has a built in utility to do split and join. And yes, it should be shipped default on your Linux distribution. Split and join is packed together in GNU Coreutils.

In this article, we will discuss about how to use Linux utilities to do split and join files, also discussing about backup process on Linux.

Split and Join

In this scenario, we have an iso file: slackware64-14.0-install-dvd.iso. The size is estimated as large as 2.2GB. We will split the file into some files with each chunk have maximum 450MB in size.

To do splitting, invoke this command:

split -d -b 450m slackware64-14.0-install-dvd.iso slackware64-14.0-install-dvd.iso.part

At this point, we have six files. The generated file have extensions .partXX where XX is the part number. Five of them (from slackware64-14.0-install-dvd.iso.part00 to slackware64-14.0-install-dvd.iso.part04) has size 450MiB and the rest (slackware64-14.0-install-dvd.iso.part05) has size 48.9MiB

Now, how to recover the splitted files? Of course we need to join them altogether and form the original file. At this point I want to join the part and the join file will have filename slackware64-14.0-install-dvd-join.iso. To do so, we can invoke following command:

cat slackware64-14.0-install-dvd.iso.part00 \
slackware64-14.0-install-dvd.iso.part01 slackware64-14.0-install-dvd.iso.part02 \
slackware64-14.0-install-dvd.iso.part03 slackware64-14.0-install-dvd.iso.part04 \
slackware64-14.0-install-dvd.iso.part05 > slackware64-14.0-install-dvd-join.iso

Another way to do so is using following command:

cat slackware64-14.0-install-dvd.iso.part{00..05} > slackware64-14.0-install-dvd-join.iso

Where {00..05} is parts we want to join.

Squid is a caching proxy for Web supporting HTTP, HTTPS, FTP, and more. It reduces bandwidth and improves response times by caching and reusing frequently-request web pages. Squid has extensive access controls and makes a great server accelerator. Run on most available operating system and licensed under GNU GPL.

Squid is used by hundreds of Internet Providers world-wide to provide their users with the best possible web access. Squid optimises the data flow between client and server to improve performance and caches frequently-used content to save bandwidth. Squid can also route content requests to servers in a wide variety of ways to build cache server hierarchies which optimise network throughput.

Thousands of web-sites around the Internet use Squid to drastically increase their content delivery. Squid can reduce server load and improve delivery speeds to clients. Squid can also be used to deliver content from around the world – copying only the content being used, rather than inefficiently copying everything. Finally, Squid’s advanced content routing configuration allows you to build content clusters to route and load balance requests via a variety of web servers.

In this article we will discuss about how to install Squid, gives a simple configuration, and then use it as a local cache server. Our goals is to improves response times and minimizing bandwidth on Slackware64 machine.

I use following:

  1. Slackware64 14.0 with multilib support.
  2. Squid Cache 3.3.3 source code

Obtain the Materials

The only material we need is squid’s source code which can be downloaded from their official site. At the time of writing this article, the latest stable version available is version 3.3.3. The direct download can be made on here.

As stated on site, we need Perl installed on our system. On Slackware64 it, is already installed by default, unless you have uninstalled it before. Make sure Perl is available.

Installation

Create a working directory. You can use any directory you want but in this case I will use my home directory /home/xathrya/squid. The archive we got is squid-3.3.3.tar.xz.

Now extract and configure the makefile.In this article I use /usr/local/squid directory as root of installation which is the default path for installing squid. If you want to install squid on another directory, on ./configure use –prefix=/path/to/new/squid where /path/to/new/squid is a path like /usr After compilation finished, install Squid using root privilege. A complete command to do so is given below:

tar -Jxf squid-3.3.3.tar.xz
cd squid-3.3.3
./configure
make
make install clean

The compilation might took some times, depending on your machine.

Setup

Squid is officially installed on this stage, but we need to do some setup to make it work properly.

Before we proceed we need to specify what are resource allocated to squid and what configuration must we set to meet our need. In my case, the squid can be activated on demand, the directory for caching is using a dedicated partition on /cache (you can also use other directory, and a dedicated partition is not a must) which is 48.0 GiB allocated, squid can use some peer that can be configured dynamically without need for me to change the configuration file directly.

Your need might be different from me, so adjust it yourself.

Create Basic Configuration File

In this example, the configuration file is located at /usr/local/squid/etc/squid.conf, but might be vary if you install squid on different directory than /usr/local/squid. On general, squid configuration file is located on <root directory>/etc/squid.conf

Now adjust your configuration file. Below is the configuration I use:

###############################################################
##
## BlueWyvern Proxy Service
## XGN-Z30A : SquidProxy
##
###############################################################

##
#      Proxy Manager Information
##
cache_mgr [email protected]
visible_hostname proxy.bluewyvern.celestial-being.net

###############################################################

##
#    Basic Configuration
##
cache_effective_user squid
cache_effective_group squid

# DNS server (not required)
# Use this if you want to specify a list of DNS servers to use instead
# of those given in /etc/resolv.conf
#dns_nameservers 127.0.0.1 8.8.8.8

# Set Squid to listens port 1351 (normally listens to port 3128)
http_port 1351

# Timeouts
dead_peer_timeout 30 seconds
peer_connect_timeout 30 seconds

# Load the peer
include /usr/local/squid/peers.conf

###############################################################

##
#    Access Control List
#
#    My machine allow client from self, so IP other than self will be rejected
#    Also define some safe ports
##
acl localnet src 10.0.0.0/8        # RFC1918 possible internal network
acl localnet src 172.16.0.0/12    # RFC1918 possible internal network
acl localnet src 192.168.0.0/16    # RFC1918 possible internal network
acl localnet src fc00::/7       # RFC 4193 local private network range
acl localnet src fe80::/10      # RFC 4291 link-local (directly plugged) machines

acl SSL_ports port 443
acl Safe_ports port 80        # http
acl Safe_ports port 21        # ftp
acl Safe_ports port 443        # https
acl Safe_ports port 70        # gopher
acl Safe_ports port 210        # wais
acl Safe_ports port 1025-65535    # unregistered ports
acl Safe_ports port 280        # http-mgmt
acl Safe_ports port 488        # gss-http
acl Safe_ports port 591        # filemaker
acl Safe_ports port 777        # multiling http
acl CONNECT method CONNECT

#
# Recommended minimum Access Permission configuration:
#
# Only allow cachemgr access from localhost
http_access allow localhost manager
http_access deny manager

# Deny requests to certain unsafe ports
http_access deny !Safe_ports

# Deny CONNECT to other than secure SSL ports
http_access deny CONNECT !SSL_ports

# We strongly recommend the following be uncommented to protect innocent
# web applications running on the proxy server who think the only
# one who can access services on "localhost" is a local user
#http_access deny to_localhost

#
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
#

# Example rule allowing access from your local networks.
# Adapt localnet in the ACL section to list your (internal) IP networks
# from where browsing should be allowed
http_access allow localnet
http_access allow localhost

# And finally deny all other access to this proxy
http_access deny all

###############################################################

##
#    Directory & Logs
#
#    We use /cache for directory
#    I have 48.0 GiB = 51 GB available
#        64 directories, 256 subdirectories for each directory
#
##

# Cache directory 48GiB = 51500MB
cache_dir ufs /cache 51500 64 256

# Coredumps is specified on /cache too
coredump_dir /cache

# Squid logs
cache_access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
cache_store_log /var/log/squid/store.log

# Defines an access log format
logformat custom %{%Y-%m-%d %H:%M:%S}tl %03tu %>a %tr %ul %ui %Hs %mt %rm %ru %rv %st %Sh %Ss

###############################################################

##
#    Other
##
refresh_pattern ^ftp:        1440    20%    10080
refresh_pattern ^gopher:    1440    0%    1440
refresh_pattern -i (/cgi-bin/|\?) 0    0%    0
refresh_pattern .        0    20%    4320

Make user squid and group squid if you don’t have it yet. Then create cache directory if you don’t have any and change ownership to user squid and group squid (or any user and group you assign to squid, see squid.conf). Also I use /var/log/squid directory to log things squid need to.  After all the preparations are ready, we need to do initial setup. Below is the snippet I use to do:

ln -s /usr/local/squid/sbin/squid /usr/bin/squid

/bin/egrep -i "^squid" /etc/group
if [ $? -ne 0]; then
groupadd squid
fi

/bin/egrep -i "^squid" /etc/passwd
if [ $? -ne 0 ]; then
useradd -g squid -s /bin/false -M  squid
fi

if [ ! -d /cache ]; then
mkdir /cache
fi

chown squid.squid /cache

if [ ! -d /var/log/squid ]; then
mkdir /var/log/squid
fi

chown squid.squid /var/log/squid

/usr/local/squid/sbin/squid -z

Now create a file /usr/local/squid/etc/peers.conf and write all peer you want to use.

Creating Scripts

All the system are ready. Now we need to create a control panel script which can execute system. Using this script, I can start and stop squid, and also purge content from cache. The script I use is:

#! /bin/bash
ROOTFOLDER=/usr/local/squid
SQUID=${ROOTFOLDER}/sbin/squid
SQUIDCLIENT=${ROOTFOLDER}/bin/squidclient

case $1 in
"start")
$SQUID start
ifconfig | grep inet
;;
"purge")
$SQUIDCLIENT -h 127.0.0.1 -p 8080 -m purge $2
;;
"stop")
$SQUID stop
;;
esac

Known Issues

Compile & Installation

  • Squid 3.5 onward use GnuTLS instead of OpenSSL. If you are getting error message such as “error: ‘gnutls_transport_set_int’ was not declared in this scope” then chance that you have old GnuTLS installed. Make sure you installed newer version. The safe assumption is to use the latest version. I test GnuTLS v3.3 with Nettle 2.7.1.

Runtime

This article is similar to this article, except it use parted to partitioning.

When write image to CD card for installation of Raspberry Pi, the usable size will only be the size of the image. That means the rest of the space will be waste. On some distribution such as Fedora Remix or Raspbian Wheezy, when final configuration begin the distro run some script to automatically resize and fill the SD card. However not all distro does that. Therefore we need to do manual resize.

In this article we will discuss about how to manually resize SD card on Slackware. Alhtough using Slackware, you can also use other Linux, but we won’t cover that. This article describes activities relating partitions. Incorrectly following instruction is likely to corrupt your system, so please be careful.

On this article I use:

  1. Slackware64 14.0
  2. SD card with Raspbian Wheezy (2GB occupied)

Yes, we will resize Raspbian manually even though we know Raspbian can resize SD card automatically on raspi-config.

Preparation

Insert the SD card to our machine. Make sure it is now mounted. We will use partition tool to resize the partition.

Following on from the instructions above, keep the newly-written SD card in the card reader, but unmounted. We’ll use the parted (partition editor) tool to resize the partitions.

Show partition information to find our SD card. Look for a partition that matches the roughly the size of your distribution image. On Debian Wheezy it should be around 2GB. For example, it is detected as /dev/sdc2. Then unmount that partition. Those can be done by invoking:

mount
umount /dev/sdc2

Resizing

Now use parted utility (GNU Parted) with root privileges. You can do sudo if you are on sudoer group or use super user account.

parted /dev/sdc
(parted) unit chs
(parted) print
Disk /dev/sdc: 121535,3,31
Sector size (logical/physical): 512B/512B
BIOS cylinder,head,sector geometry: 121536,4,32.  Each cylinder is 65.5kB.
Partition Table: msdos

Number  Start      End         Type     File system     Flags
 1      16,0,0     1215,3,31   primary  fat32           lba
 2      1232,0,0   26671,3,31  primary  ext4
 3      26688,0,0  29743,3,31  primary  linux-swap(v1)

This shows how my SD card was formatted after writing the image. Notice that nothing uses the card from end of ‘cylinder’ 29743 to the card’s maximum at 121535.

Partition 1 is the boot partition. Nothing to do here, let’s leave that alone. Partition 2 is the root partition, which we’ll grow to fill most of the card. Some OS versions will have a Partition 3 for swap space, which needs to be moved to the end of the card. Note that on some other versions of linux partitioning swap before primary filesystem. Well, if that’s the case, our task will be easier.

Move the swap partition if it exists (you’ll have to adjust the numbers so that the end of partition 3 is at the end cylinder/head/sector of the card). To calculate the number to use in the following formula can be used:

Partition 3 New Start = (Maximum - (Partition 3 End - Partition 3 Start) ) - 1

so in this example (121535 - ( 29743 - 26688)) -1 = 118479

Note: Following command will not work if your parted versions later than 2.4. On my machine, parted is at version 3.1

(parted) move 3 118479,0,0

Now grow the root partition. This involves removing the partition, re-creating it, then using resize2fs to grow the filesystem to fill the partition. It won’t destroy any data.

(parted) rm 2
(parted) mkpart primary 1232,0,0 118478,3,31
(parted) quit

Note that the starting address of the new partition is identical to its original value, and the ending address is immediately before the start of the swap partition.
Now clean and resize the root partition.

e2fsck -f /dev/sdc2

That command will allow it to add lost-and-found.

resize2fs /dev/sdc2

Then put the card in the RPi and boot. You end up with a 7Gb partition to use.

[email protected]:~$ df -h
Filesystem            Size  Used Avail Use% Mounted on
tmpfs                  94M  4.0K   94M   1% /lib/init/rw
udev                   10M  168K  9.9M   2% /dev
tmpfs                  94M     0   94M   0% /dev/shm
rootfs                7.1G  1.3G  5.4G  20% /
/dev/mmcblk0p1         75M   28M   48M  37% /boot

And that’s it, we can enjoy Raspberry again 😀

CrossOver, is another emulator (well actually it use WINE on its backend) runs on Linux and Mac which is capable to install many popular Windows application and PC games.

However CrossOver is not free. Yes, you must buy it. And yeah, Open Source doesn’t always mean free in term of price.

In this article we will discussing about how to install and run the trial version of CrossOver on Slackware64. In this article I use:

  1. Slackware64 14.0
  2. WINE
  3. CrossOver 12.1

Obtaining the Material

Although there are some people provide you free full version of CrossOver, in this article we will use trial version Cross Over on their official site. It should be clear that the method I use here is generic and can be applied to Slackware and maybe other distro other than Ubuntu and Fedora.

Go to CrossOver official site, here. Download the free trial, you should be asked about Name and Email. In this article we will use CrossOver 12.1 and choose “Installer for all other Linux Distributions”. You will then get install-crossover-12.1.2.bin.

Installation

First, install WINE. You can do WINE installation by read article here.

Once you installed WINE, we then proceed to CrossOver installation. Make sure install-crossover-12.1.2.bin is executable by you. You can do chmod on it with executable flag. Then run the installer. The installation is quite straightforward. Install it to /home/<your username>/cxoffice.

Once you have accomplish it, you have installed CrossOver on your machine.

Usage

You can use CrossOver to execute Windows binary file. Everytime you want to run Windows apps, do right click on them and choose Open With. You can then choose either  CrossOver (install) or CrossOver (run), depending on what the executable is.

Social media & sharing icons powered by UltimatelySocial