Friday, July 29, 2011

Linux / Unix file system permissions. How to memorize the bits.

A very, very brief note on Linux / Unix file system permission bits.

Numeric Bit Value Table:

-------------------------------------
num bit   rep   meaning
-------------------------------------
0   000   ---   no permissions
1   001   --x   execute
2   010   -w-   write
3   011   -wx   write, execute
4   100   r--   read
5   101   r-x   read, execute
6   110   rw-   read, write
7   111   rwx   read, write, execute
-------------------------------------

Mnemonics:

Using  the above bits is simple, but it's not always obvious remembering which value represents which permissions. Eg: Read and Write is 5 or 6? It's easy if you have the chart in front of you, and if you can visualize the chart in your mind.

Here are 4 simple tricks to keep in mind to successfully memorize permission bits.

1) Always remember the order in which permissions are assigned (RWX). From left to right, "Read, Write, Execute." - Never "Write, Execute, Read" or any other combination.

2) Think of 4 as what cuts the permissions table in half. All read permissions are values 4 or above. Binary works from right to left, but the highest values will have a new position digit on the left side. Hence, think of "read" as in the highest values since it's on the left.

3) All write permissions are two values above 0 and 4. So: 2,3 and 6,7. Write access is probably the most important permission to remember due to it's sensitive nature.

4) Execute permissions have the easiest trick. Any odd bit is executable. How simple is that?

Monday, July 25, 2011

Linux - Backtik Operator - Return the result of a command as a parameter for another.

Linux has many useful features which make work easier. While managing packages I often find myself trying to run commands like yum remove but can't remember the exact version numbers, character case, or exact spelling. Usually the solution is to run rpm -qa | grep -i . For example:

$ rpm -qa | grep -i virtualbox

This would yield:

VirtualBox-4.1-4.1.0_73009_fedora14-1.x86_64

Try remembering how to type that package name every time you want to upgrade an RPM with yum.

Wouldn't it be nice to be able to combine both "yum remove" and "rpm -qa..." Linux offers this capability through the back-tick operator. ``. What it does is simply returns the output of the command executed within it. This enables the output to be passed as a parameter to some other command.

# yum remove `rpm -qa | grep -i virtualbox`

Yum will then nicely ask if you wish to remove the above mentioned program. Imagine the possibilities.  


WARNING: Be careful if you use this to remove packages from your system.  I only have one package called virtualbox installed on the system, but if you type in some other package name like "pl" you could end up in a lot of trouble.  Double check what your system is trying to remove.

For example:

# yum remove `rpm -qa | grep -i pl`

My system tells me it will remove 693 packages using 4.5GB of space, and is asking me if I want to continue.  That's nearly all my supporting packages.

Basically, use the backtick operator to your heart's content, but be very wary when cross scripting with commands such as 'yum remove'.

Tuesday, June 21, 2011

SeLinux HowTo: Change Context, Set SELinux booleans, Set permissive, enforced

Here is a very short 'Quick Reference' guide to manipulating some settings things with SELinux.


CHANGING SELINUX BOOLEANS

getsebool : Get's the values for various SELinux booleans.

Try:

1
# getsebool -a | grep httpd_can_network_connect

This should return the status of that particular variable, for example:

httpd_can_network_connect --> off
httpd_can_network_connect_db --> off
httpd_can_network_relay --> off

Of course you can specify the boolean directly without using grep if you know it's name:

1
# getsebool httpd_can_network_connect_db

setsebool Use this command to change the value of a SELinux boolean variable.  Example, the following will allow the httpd process to connect to a remote database server.

1
# setsebool -P httpd_can_network_connect_db on

The -P option stands for "persistent," meaning the changes will persist after a reboot.



ENABLING OR DISABLING SELINUX

getenforce : will return the current status for SELinux

setenforce : will temporarily enable/disable SELinux

In Fedora/Redhat modify the /etc/selinux/config file to make the changes to the enforcement policy permanent.



MODIFYING SELINUX CONTEXTS TEMPORARILY

It's easy to manipulate SELinux contexts with the chcon command.  For example if a process running as a particular user is not able to modify a file, check the context of that file by issuing the following command:

1
# ls -laZ

The Z option shows the SELinux context information for the files listed by the ls command.
For example, on Fedora / RedHat you might see the following contexts for the /var/log/httpd folder:

1
# ls -laZ /var/log/httpd

drwxr-xr-x  root root user_u:object_r:var_log_t  .
...
...

I created a new httpd log folder to increase the disk space available for logging; the SELinux context was by default set to:

drwxr-xr-x  root root system_u:object_r:file_t

Therefore the httpd process was unable to write new log files in this folder.  The context type was not set correctly to allow changes.  Changing the context type required issuing the following command to ensure it matched the old httpd directories' settings.

1
chcon -c -u user_u -t var_log_t  /var/log/httpd

UPDATE (2017-08-23)
(The -c option has been removed and is no longer required: http://lists.gnu.org/archive/html/bug-coreutils/2008-10/msg00076.html)

This will relabel the file and the process will now be able to access it directly as needed.

NOTE:  This is a temporary measure and only labels the file until the next reboot.  Read on for a permanent solution.



MODIFYING SELINUX CONTEXTS PERMANENTLY

To make persistant modifications to SELinux contexts you must add an entry to the SELinux file context database: /etc/selinux/targeted/contexts/files/file_contexts.local.  The semanage command will do just that.  The next step is to apply the change by running the restorecon command against the file to be modified.

First, add a new record for the file /var/log/httpd with the command:

1
# semanage fcontext -a -s user_u -t var_log_t /var/log/httpd

-a adds the file to /etc/selinux/targeted/contexts/files/file_contexts.local
-s specifies the SELinux user
-t specifies the SELinux type

This change has not yet been applied to the file and will only occur during the next reboot when the filesystem is relabeled.  However to execute the change now use the restorecon command:

1
# restorecon -v /var/log/httpd

Thursday, May 5, 2011

How to force a password reset at first login in Fedora Linux

The steps to force a password reset the first time a user logs in, are very simple.  As a matter of fact, there is only 1 step.

Example:

1
# chage -d 0 <username>

The chage command is the password expiry management command for a linux user account.

The -d option specifies the last day when the password was last changed.  When zero is set, the password must then be changed, thereby forcing the user to provide a new password upon login.

QuickRef

Friday, April 15, 2011

Enabling the talk daemon on Linux Fedora 14

The talk daemon is not installed by default in Fedora, but the client is. I've prepared instructions to help enabling the talk daemon on Fedora 14. Note that these instructions should work on most versions of Fedora and various flavors of Linux. The chkconfig command may vary from system to system. For example, on Ubuntu I think you have to use update-rc.d.

To install and enable the talk server, follow these simple steps:

1
# yum install talk-server

1
2
3
4
5
# chkconfig xinetd on

# chkconfig talk on

# chkconfig ntalk on

1
# /etc/rc.d/init.d/xinetd start

to connect you have to do :

talk username@hostname

QuickRef

Thursday, March 31, 2011

C++11 Raw String Literals: A simple example

NOTE: I've edited the title of this article from "C++0x Raw String Literals: A simple example" to "C++11 Raw String Literals: A simple example" since it has now been several years since the name is officially adopted.

C++ string literals and C++ multine strings are now possible.  Raw string literals are a feature of C++11 which I've been waiting for.  Since the C++0x draft is now complete, I don't think we need to worry about the implementation being changed anymore.

Part of the problem with C++ ISO 1998, is that it did not allow breaking a string into multiple lines of code.  The closest way one could achieve this was by concatenating two strings by having them side by side or line by line:

C++ 1998 code:
1
2
3
string s = "this is line 1, "
           "followed by line 2, "
           "followed by line 3, etc...\n";

C++ automatically concatenates two strings that are separated by spaces as long as they are properly enclosed within double quotes.  Consider a more problematic example, such as attempting to output HTML code:

C++ 1998 code:
1
2
3
4
5
6
7
8
9
string s = 
"<HTML>"
"<HEAD>"
"    <TITLE>this is my title</TITLE>"
"</HEAD>"
"<BODY>"
"    <P>This is a paragraph</P>"
"</BODY>"
"</HTML>";

An alternative:
C++ 1998 code:
1
2
3
4
5
6
7
8
9
string s = 
"<HTML>\
<HEAD>\
    <TITLE>this is my title</TITLE>\
</HEAD>\
<BODY>\
    <P>This is a paragraph</P>\
</BODY>\
</HTML>";

This is very messy and will be hard to maintain at best.  It's not all bad though; because if you made a mistake, like forgetting a double quote, it would result in a compile time error which is fairly easy to catch.

C++11 on the other hand allows for much more sophisticated string handling.
Here is an example of the usefulness of this facility:

C++0x code:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
#include <iostream>
#include <string>
using namespace std;

int main()
{
        string s = 

R"(<HTML>
<HEAD>
        <TITLE>This is a test</TITLE>
</HEAD>
<BODY>
        <P>Hello, C++ HTML World!</P>
</BODY>
</HTML>
)";

        cout << s << endl;
        return 0;
}

Compile the above code using the GNU GCC g++ command:

g++ -Wall -std=c++0x ./test.cpp -o ./test

UPDATE (2014): Note that the -std flag is still required, but you can use either c++0x or c++11.  As of November 2014, GNU's C++11 support is still experimental: https://gcc.gnu.org/projects/cxx0x.html

Officially this is valid C++0x code and you can imagine how useful a raw string literal can be when regular expressions come into play.  See the new standard:  http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2007/n2146.html

Note that while the standard draft was being written, the raw string delimiter was initially "[ and ]" but that has been changed to "( and )".

You can optionally specify the delimiter sequence between the quote and parenthesis.  For example, instead of "(  )" you could use "x(  )x".  To quote from the standard:  "The terminating d-char-sequence of a raw string literal shall be the same sequence of characters as the initial d-char-sequence, The maximum length of d-char-sequence shall be 16 characters."

This means if you were to write a string literal which contained the character sequence )" it could mistakenly terminate the string at that point, resulting in a compile time error.  In order to mitigate this, the standard says you can specify your own delimiter up to a maximum of 16 characters.  So you could write this:

C++0x code:
1
2
3
string s =
R"X*X(A C++0x raw string literal can be specified like this: R"(This is my raw string)" )X*X";
cout << s << endl;

The program's output: A C++11 raw string literal can be specified like this: R"(This is my raw string)"

As you can see, being able to specify your own delimiter is a necessity when working with raw string literals.

PHP has a similar feature called "Heredoc": http://www.php.net/manual/en/language.types.string.php#language.types.string.syntax.heredoc

Tuesday, March 29, 2011

Blogspot Source Code Formatting

I've added several posts which contain formatted source code on this blog, and each and every time I had to go into the HTML editor to manually convert code characters into HTML entities. For example if I want to use a greater than bracket which is common in coding, I have to modify the html code and write &gt; etc...

Another blogger has posted a very neat script which grabs your source code and converts it into proper HTML so that the format isn't affected. It even keeps the proper tab spacing.

http://formatmysourcecode.blogspot.com/2006/02/paste-your-text-here.html

Here is an example snippet of code that comes from this script:

#include <iostream>
#include <cstdlib>
using namespace std;

int main()
{
    cout << "Hello World!" << endl;
    return 0;
}

Now thats very handy!

BUT!  Then I decide to write a modifier which would add line numbers using a two column table.  I decided on using a table instead of two divs in order to prevent copying line numbers if we want to highlight and copy the code.  Here is an example of the output of the modifier. It is basically the code I wrote to modify the original javascript into generating line numbers. There are a couple of extra helper JS lines to call this function and provide the required parameters, but the core of the functionality is in this function:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
function ReturnCodeWithNumbers(strCode, intLineNum)
{
    // Generate the line numbers
    strLineCode = "";
    strLines = "";
    for (k=1;k<intLineNum+1;++k)
    {
    strLines += k + "\n";
    }

    if ( document.getElementById("embedstyle").checked )
    {
    strLineCode = "<pre style=\"font-family: Andale Mono, Lucida Console, ";
    strLineCode += "Monaco, fixed, monospace; color: #000000; background-color: #eee;";
    strLineCode += "font-size: 12px;border: 1px dashed #999999;line-height: 14px;";
    strLineCode += ";padding: 5px; overflow: auto; width: 100%\"><code>";
    strLineCode += strLines + "</code></pre>";
    }
    else
    {
    strLineCode = "<pre class=\"source-code\"><code>" + strLines + "</code></pre>";
    }

    // Generate the table with all the contents
    strTranslate = "<table style=\"cellspacing:0; boder:0;\"><td>" + strLineCode;
    strTranslate += "</td><td>" + strCode + "</td></table>";
    return strTranslate;
}

Monday, March 28, 2011

C++0x ISO Final Draft is approved

C++ is already an amazing language to build with, but the enhancements that are coming will seriously improve our ability to develop more efficiently. Consider that a large portion of the existing BOOST libraries will now be part of the C++ standard. You will see things like:

- Thread support
- Initializer lists
- Ranged-based for-loop (similar to foreach loops)
- Constructors can now call other constructors of the same type for initialization
- long long int 64 bit integers
- Regular expressions
- Smart pointers

And much much more. See the wikipedia article at http://en.wikipedia.org/wiki/C%2B%2B0x

If you are a GNU GCC user, don't forget to add -std=c++0x to your compiler options to enable these features.

Note that C++0x is not an ISO just yet, to quote Herb Sutter's blog:

"The work isn’t quite done yet. The project editor now needs to update the working draft with the changes approved at this meeting, and a review committee of over a dozen volunteers will review it to help make sure those edits were made correctly. The result will be the FDIS draft. Once that happens, which we expect to take about three weeks, we will transmit the FDIS to ITTF in Geneva to kick off the final up/down international ballot which should be complete this summer.

If all goes well, and we expect it will, the International Standard will be approved and published in 2011, henceforth to be known as C++ 2011.
" - http://herbsutter.com/

I have been experimenting with the BOOST libraries for a short while and have found them to be extremely well designed. One of the features that I found the most useful was the foreach facility. When one works with large quantities of data sometimes you would like to iterate over it quickly and without necessarily having to allocate to an iterator. In principal it works almost the same way, except that writing a loop using a foreach construct is syntactically easier. The wikipedia article on foreach loops explains the C++0x syntax.

C++ is and has been one of the most influential and successful languages in programming history. This new version of the C++ ISO will ensure its success continues for a long time to come.

Wednesday, March 23, 2011

Debugging JavaServer Faces

While attempting to test some session handling code for JavaServer Faces, I ran into a Java Null Pointer Exception.  The code causing the error was written directly into the jsp file itself instead of in a backing bean.  The cause of the error is still eluding me as I did not yet delve into it; however I discovered that debugging jsp files is not as hard as it seems.  Initially I was stumped because the output from glassfish stated that the exception error occurred on line 82:  My JSP file only has 61 lines.  Being experienced with .NET it's easy to understand why the error numbers would differ.  Normally in .NET one would use codebehind and the error's line number would match your code's line number.  Similarly the normal way to code in JavaServer Faces is to ensure all your logic code is in a backing bean;  then the error's line number matches with the code's line number.

In any case I wanted to know the location of the error in my code  (JSF generates a .java code file from your JSP file when it is compiled.)  The only trick was to find the location of this generated file and the line number from the error matches the line number in the .java file.

Here is a sample of the code from my JSP page and the "translation" from the .java file.  The location of the .Java file may vary, but mine was located at: /home/<username>/.netbeans/6.9/config/GF3_62/domain1/generated/jsp/various_tests/org/apache/jsp/index_jsp.java

JSP code:
21
22
23
24
25
System.out.println("reached point 1");
FacesContext ctx = FacesContext.getCurrentInstance();
HttpSession mySession = (HttpSession) ctx.getExternalContext().getSession(false);
String s = mySession.getAttribute("test").toString();
System.out.println(s);

Java code:
80
81
82
83
84
System.out.println("reached point 1");
FacesContext ctx = FacesContext.getCurrentInstance();
HttpSession mySession = (HttpSession) ctx.getExternalContext().getSession(false);
String s = mySession.getAttribute("test").toString();
System.out.println(s);

Line 82 is highlighted in red and it's equivalent in the JSP file is line 23.

Friday, March 11, 2011

Cannot remove package with yum due to corruption

During an attempt to reinstall some packages with yum today, I ran into an unexpected issue.  Yum responded with the following error, when I was trying to reinstall NetworkManager:

Error in PREUN scriptlet in rpm package NetworkManager
1:NetworkManager-0.8.3.997-1.fc14.x86_64 was supposed to be removed but is not!

When this happens you will need to remove the RPM package manually.  However, since an error occurred in the rpm's pre and post install scripts, you will need to disable it by specifying the --noscript option.

Note that this should be a last resort and can be dangerous.  Rpm.org explains this in more details:
http://www.rpm.org/max-rpm/s1-rpm-install-additional-options.html#S2-RPM-INSTALL-NOSCRIPTS

In my particular case I successfully reinstalled NetworkManager after removing it with the following command:

$ sudo rpm -e --noscripts

Wednesday, March 9, 2011

Linux screen resolution set at boot time

Edit your boot command with your bootloader. Use one of the following options:

VGA Resolution and Color Depth reference Chart:
Depth800×6001024×7681152×8641280×10241600×1200
8 bitvga=771vga=773vga=353vga=775vga=796
16 bitvga=788vga=791vga=355vga=794vga=798
24 bitvga=789vga=792vga=795vga=799

source: http://www.pendrivelinux.com/vga-boot-modes-to-set-screen-resolution/

QuickRef