Friday, June 15, 2012

Opinion: Necessary 21st Century changes to American English grammar...

Trailing punctuation MUST be written outside quotes

In this technical age, punctuation has consequences. Anything that does not relate the contents of the quoted material should be placed outside of the closing quote. For example:

Please run "rm -rf file."

instead of 


Please run "rm -rf file".

will result in an error if "file." does not exist. However if the file "file." does exist, it will be deleted instead. This unintended deletion could have bad consequences.

Or,

Tell him, "Please run ls -l mydocument.doc."

will fail if you meant


Tell him, "Please run ls -l mydocument.doc".

resulting a frustrated computer user.

Computers are too literal to keep using archaic 19th century punctuation standards.


Thursday, June 14, 2012

How do I clean up old large files on Linux?

Many people who have run Linux file servers and ftp servers have at some point wanted to free up some space. One good algorithm to do this efficiently is to remove old data starting with the largest files first. So how to generate such a list? One method is to use a "find -exec du" command:

find /path/to/full/file/system -type f -mtime +10 -exec du -sk {} \; | sort -n > /var/tmp/list_of_files_older_than_10_days_sorted_by_size
Once you have that list, you can selectively delete files from the bottom of it. Note that the list will likely be exponentially sorted. That is, the bottom 10% of the list will take up a huge chunk of the used storage space.

Tuesday, June 5, 2012

How the find the Active Directory Domain Controllers listed in DNS on Linux...

Assumptions:

  • You have the "host" utility from BIND.
  • You can do a zone transfer from the local DNS server
  • Your Active Directory admins have properly configured DNS for Active Directory
If you have the above, use the following command:

host -t srv -l your.active.directory.dns.domain | grep _kerberos._tcp.*._sites.dc._msdcs.your.active.directory.dns.domain

Replace your.active.directory.dns.domain with your actual AD DNS domain.

Monday, June 4, 2012

On Linux, how do I set the PATH for non-interactive, non-login shells? e.g. for the case of rksh?

Non-interactive, non-login, shells inherit the PATH from the ssh process, so we must set the PATH with ssh. Some shells, like Korn Shell (ksh, rksh, pksh), only parse user environment files in login shells, so there's no way to change the inherited environment in non-interactive, non-login shells.
  • To set the path globally, build a custom ssh with the needed default path.
  • To set the path for a particular user, first configure ssh to use custom environments by enabling "PermitUserEnvironment" in /etc/ssh/sshd_config: PermitUserEnvironment yes
  • Restart sshd
  • Then set the path in that user's authorized_keys file or using ~/.ssh/environment.
  • Note that you need to set all of the important shell variables. The existence of ~/.ssh/environment seems to preclude the setting of default environmental variable values.
  • So, for example, given a location for binaries for rksh (restricted korn shell), /usr/restricted/bin, place the following in ~/.ssh/environment:
HOME=/home/username
LOGNAME=username
MAIL=/var/mail/username
PATH=/usr/restricted/bin
PWD=/home/username
SHELL=/bin/rksh
SHLVL=1
USER=username
 

  • Note: replace username with the login of the user. Then, optionally, lock down write access to ~/.ssh/environment:
    • Set the classical permissions:
      • chown root:root /home/username/.ssh/environment
      • chmod 644 /home/username/.ssh/environment
    • Or, place file in an restricted SE Linux context and then configure an SE Linux ACL restricting access.
    • Or, set a Posix ACL on the file to limit access.