Category Archives: linux

Accessing docker on a tcp port for non-root users

Well, it seems that running docker for non-root users is trivial. You can just add your user to the docker usergroup as mentioned below:

https://docs.docker.com/engine/installation/linux/linux-postinstall/#manage-docker-as-a-non-root-user

However, it might not be the best idea, as there are security implications:

https://docs.docker.com/engine/security/security/#docker-daemon-attack-surface

In the default docker installation, the dockerd listens on a Unix socket: /var/run/docker.sock, which in some Linux distros like CentOS and RHEL, can only be accessed by root user or users in the sudo group. This becomes an issue especially, for example, when we try to run docker through a Maven plugin.

The solution is to enable the docker daemon to listen on a tcp socket. This can be done by:

Edit the below line as shown:

ExecStart=/usr/bin/dockerd -H unix:///var/run/docker.sock -H tcp://localhost:2375

This will tell docker daemon to listen on port 2375 for tcp connection. Next, reload the configuration and restart dockerd:

To test whether it is working, do:

Now, you should be able to run docker as a non-root user, if you do:

Better still, you can define the below variable:

export DOCKER_HOST=tcp://localhost:2375

With that, the below command should work fine:

Note that now, we can run the below Maven plugin without any issue:

https://github.com/spotify/dockerfile-maven

References:

Enabling Docker Remote API on Ubuntu 16.04

Quick Tip – How to enable Docker Remote API?

https://docs.docker.com/engine/reference/commandline/dockerd/#daemon-socket-option

 

Installing java plugin for Firefox in Fedora

Java plugin should be enabled by default in Firefox when Fedora is installed. This is the way to check: open Firefox and type about:plugins in the address bar. Java plugin should be listed here. If not, its very easy to install it.

cd /usr/lib/mozilla/plugins

ls -l

Make sure that you do not have any libjavaplugin.so symlinks. If you do, you have to first unlink it:

unlink libjavaplugin.so

I am assuming you have a jre (either 1.6 or 1.7) already installed. You need to find the libnpjp2.so, and assuming its in /usr/lib/jdk1.6.0_14/jre/lib/i386/libnpjp2.so,

ln -s /usr/lib/jdk1.6.0_14/jre/lib/i386/libnpjp2.so

Restart Firefox and you should be all set.

 

Installing Fedora 18

Installing the full distribution from usb stick

Just before I begun my installation from the 4.7 GB iso image (full distribution and not the live cd), I discovered to my dismay that my DVD ROM is not working properly. So i decided to try installing with a bootable usb stick.

This is the linux command to convert the usb stick to a bootable device from the iso image:

sudo dd if=/path-to-iso/name-XXX.iso of=/dev/sdX

Get the device name of USB by using

sudo parted -l

(Courtesy: https://ask.fedoraproject.org/question/1704/iso-firmware-to-usb-memory-stick)

Making Gnome 3 Usable

Gnome 3 is not usable in its original form. Here are some tips to make it usable:

  1. From the System Settings, select details. In the Graphics section, turn on the Forced Fallback Mode. Logout and log back in. You will see old Gnome somewhat restored.
  2. Install the GnomeTweak Tool (yum install gnome-tweak-tool). With this, you can change your Desktop to have files and launchers and can also bring back some amount of sanity in the Nautilus file manager. Also, you can install themes of your liking.

 

 

Gnome 3 Settings

 

 

 

Gnome 3 Settings Details

 

 

Playing mp3 and most movie formats

By default, due to some licensing issue, Totem cannot playback mp3 or the most popular movie formats. Run these commands to enable these:

yum –nogpgcheck install http://rpm.livna.org/livna-release.rpm http://download1.rpmfusion.org/free/fedora/rpmfusion-free-release-stable.noarch.rpm http://download1.rpmfusion.org/nonfree/fedora/rpmfusion-nonfree-release-stable.noarch.rpm
yum –nogpgcheck install gstreamer1 gstreamer1-plugins-good gstreamer1-plugins-bad-freeworld gstreamer1-plugins-ugly
yum –nogpgcheck install gstreamer-plugins-ugly
yum –nogpgcheck install audacious-plugins-freeworld-mp3

You can also install vlc, mplayer, xmms, amarok, etc. These are indeed cool.

Bye, bye Gnome3, welcome Mate

Gnome3 sucks big time. The Up-arrow in Nautilus is missing. I have to press crazy (Alt + Up-arrow) to go back to the parent folder. Breadcrumbs does not work for me. Also, I am constrained by Gnome3 to act in a certain way. So, I felt enough is enough and made a switch to Mate. Its the same old Gnome2. Gnome 2 is dead, long live Mate.

This is the way to install it:

yum groupinstall “MATE Desktop”

You can also install this:

yum install https://dl.dropbox.com/u/105479527/Mate-Desktop/fedora-release-extra-18/mate-desktop-fedora/noarch/mate-desktop-extra-release-18-1.fc18.noarch.rpm
yum groupinstall mate-desktop-extra

Mate problems and solutions

1. Totem (movie player) wont display any icon: It is an existing bug. Actually the problem is with the default theme. Make sure these two packages: gnome-icon-theme, gnome-icon-theme-symbolic are installed. Next change the theme from the default, to some other theme, and it works like breeze.

2. Screen-saver is not installed: I see that the screen-saver is not installed by default. I had to do yum install mate-screensaver to install it.

Fedora 18 random screen freeze

When I upgrade to kernel 3.7.7-201.fc18.i686.PAE or 3.7.8-202.fc18.i686.PAE, my Fedora freezes randomly. I am either unable to log in as the user-list screen itself does not appear as it hangs forever, or after login when I open Firefox, my screen freezes. I can fix this only if I use kernel 3.6.10-4.fc18.i686.PAE. This is what my messages say:

Feb 18 23:48:09 localhost gnome-session[1074]: WARNING: Detected that screensaver has left the bus
Feb 18 23:48:09 localhost gnome-session[1074]: CRITICAL: gsm_manager_set_phase: assertion `GSM_IS_MANAGER (manager)’ failed
Feb 18 23:48:09 localhost gdm-simple-slave[687]: WARNING: Failed to remove slave program access to the display. Trying to proceed.

Grub 2: A pain in the wrong place

Grub 2 is just overtly complex for people who are not Linux sys admins. I wanted to change the default kernel in my boot loader(due to random screen freezes after kernel upgrade). You can understand my frustration when, even after frantic googling, all I found was warnings never to edit the main configuration file manually. I finally found a buddy in grubby. This is the command for displaying the default kernel:

grubby –default-kernel

And this is the one which sets the default kernel to our choice:

grubby –set-default=/boot/vmlinuz-3.6.x

[How To] Configure GTalk on Kopete

Kopete is one of the most versatile and cool Instant Messenger for Linux. Its lot better and more secure and feature rich than Pidgin. GTalk is based on the open source XMPP Protocol, Jabber compatible.

While entering the new account details, select Jabber:

Select type as "Jabber"

Enter your full email id.

Go to the connection tab. Check the Override default server information check-box and enter the server as talk.google.com, the port as 5223. Also check these check boxes:

  1. Use protocol encryption

  2. Allow plain text password authentication

Connection details

Save this information and you should be done.

Tweaking MySQL on Fedora

MySQL is installed on Fedora and most Linuxes by default. Its just about some tweaking before you can use it. I am detailing some of the rather useful commands.

To Install MySQL and start it

mysql_install_db
mysqld_safe &

Make MySQL case insensitive

This is useful when the DB Script is also expected to run on Windows server.

vi /etc/my.cnf

[mysqld]
lower_case_table_names=1

To change the root password

mysql>

update user set password=password(“newPassword”)  where user=’root’;
Query OK, 2 rows affected (0.00 sec)
Rows matched: 2  Changed: 2  Warnings: 0

grant all on *.* to ‘root’@’192.168.%’ identified by ‘newPassword’;

FLUSH PRIVILEGES;

Adding a user

mysql>

insert into user (host, user, password) values(‘localhost’,’newUser’,password(‘xx123’));

insert into  host(host,db,Select_priv, Insert_priv, Update_priv, Delete_priv, Create_priv, Drop_priv)  values(‘localhost’,’dbName’,’Y’,’Y’,’Y’,’Y’,’Y’,’Y’);

grant all on dbName.* to ‘newUser’@’localhost’ identified by ‘xx123’;

FLUSH PRIVILEGES;

[How To] Enable VPN on Linux by PPTP

PPTP is an wonderful utility to enable VPN on a Linux box. Its secure and compatible with Windows network. I first heard about PPTP from (this wonderful guy called) Nikolaj. I have learnt how to set it up from him.

I am detailing the steps here:

1> Install PPTP

yum install pptp

2> vi /etc/ppp/options.pptp

###############################################################################

# $Id: options.pptp,v 1.2 2005/08/20 13:16:38 quozl Exp $

#

# Sample PPTP PPP options file /etc/ppp/options.pptp

# Options used by PPP when a connection is made by a PPTP client.

# This file can be referred to by an /etc/ppp/peers file for the tunnel.

# Changes are effective on the next connection. See “man pppd”.

#

# You are expected to change this file to suit your system. As

# packaged, it requires PPP 2.4.2 or later from http://ppp.samba.org/

# and the kernel MPPE module available from the CVS repository also on

# http://ppp.samba.org/, which is packaged for DKMS as kernel_ppp_mppe.

###############################################################################


# Lock the port

lock

# Authentication

# We don’t need the tunnel server to authenticate itself

noauth

persist

debug

# We won’t do EAP, CHAP, or MSCHAP, but we will accept MSCHAP-V2

refuse-eap

refuse-chap

refuse-mschap


# Compression

# Turn off compression protocols we know won’t be used

nobsdcomp

nodeflate


# Encryption

# (There have been multiple versions of PPP with encryption support,

# choose with of the following sections you will use. Note that MPPE

# requires the use of MSCHAP-V2 during authentication)


# http://ppp.samba.org/ the PPP project version of PPP by Paul Mackarras

# ppp-2.4.2 or later with MPPE only, kernel module ppp_mppe.o

# {{{

# Require MPPE 128-bit encryption

#require-mppe-128

# }}}


# http://polbox.com/h/hs001/ fork from PPP project by Jan Dubiec

# ppp-2.4.2 or later with MPPE and MPPC, kernel module ppp_mppe_mppc.o

# {{{

# Require MPPE 128-bit encryption

#mppe required,stateless

# }}}


lcp-echo-failure 36

lcp-echo-interval 5

lcp-max-failure 0

3> vi /etc/ppp/chap-secrets

# Secrets for authentication using CHAP

# client                  server        secret                        IP addresses


VPNUserName      PPTP       VPNPassword         *

4> Create a file called /etc/ppp/peers/my-company-vpn

#pty “pptp my-company.com –nolaunchpppd”

name VPNUserName

remotename PPTP

require-mppe-128

file /etc/ppp/options.pptp

ipparam my-company-vpn

5> Then on the prompt:

pptp my-company.com call my-company-vpn

6> After 10/15 seconds, on the prompt:

route -n

You should see something like:

Kernel IP routing table

Destination Gateway Genmask Flags Metric Ref Use Iface

192.168.1.162 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0

87.61.21.102 192.168.1.1 255.255.255.255 UGH 0 0 0 eth0

192.168.1.0 0.0.0.0 255.255.255.0 U 1 0 0 eth0

If you see ppp0, it means you have successfully connected to the VPN.

7> Add required routes

route add -host 192.168.1.30 gw 192.168.1.162

Where 192.168.1.30 is my internal company IP.

8> After that, to resolve the domains by names

vi /etc/resolv.conf

#to use when connected to the VPN my-company.com

domain my-office.my-company.com

#this, is the most important line: courtesy: Nikolaj

search my-office.my-company.com

#nameserver 192.168.1.1

nameserver 192.168.1.4

nameserver 192.168.1.5

Further reading:

[How To] Rip VCD on Linux

I have always had problems while playing VCDs on my Linux machine. The VCD file system is still not supported by the Linux kernel. After browsing the net and trying out various options, I will enlist the following which I find most useful.

Using cdrdao

This is the most flexible command and copies the contents of VCD in the .bin and .toc format. This can be played by mplayer, or can be burnt into another cd. First we need to determine the device name for the cd drive. We do this either by:

parted -l

or

cdrdao scanbus

Suppose the device is /dev/sr0. We then need to unmount this device:

umount /dev/sr0

Next, the following command will extract the contents of the VCD into .bin and a .toc files:

cdrdao read-cd –read-raw –read-subchan rw_raw –datafile fileName.bin –device /dev/sr0 –driver generic-mmc-raw fileName.toc

We can directly play the .bin file using mplayer. In case we want to create an iso from the .bin and .toc, we can use the bchunk. In order to install it, just do:

yum install bchunk

bchunk works only with cue. So, you need to convert the .toc to .cue:

toc2cue fileName.toc  fileName.cue

Then:

bchunk -v -r fileName.bin fileName.cue fileName

This will give you .iso

Using mencoder

mencoder vcd://2 -oac lavc -ovc lavc -o fileName.avi

Using vcdxrip

vcdxrip -i /dev/sr0 -v -p -t 1 –nofiles –nosegments

Here i denotes the mount point of the CDROM drive,  t denotes the Track Number. This way, a VCD can be ripped from a Linux machine. I have tested this on Fedora (10) and it works great.

Further Reading

The following sites have more detailed info about the above:

 

Playing mp3 on Fedora

By default, the codecs to play mp3/mp4 are not included due to licensing issues. First you need to add the non-standard repositories:

rpm -ivh http://download1.rpmfusion.org/free/fedora/rpmfusion-free-release-stable.noarch.rpm
rpm -ivh http://download1.rpmfusion.org/nonfree/fedora/rpmfusion-nonfree-release-stable.noarch.rpm
rpm –import /etc/pki/rpm-gpg/RPM-GPG-KEY-rpmfusion-*

That done, if you just double click on a mp3 file (starting Fedora 8 onwards), it will pop-up a dialogue saying that you must install missing codecs.  Click on yes and go along.

You can also explicitly install them like this:

yum install gstreamer-plugins-ugly gstreamer-plugins-bad gstreamer-ffmpeg

Further reading:

[Fedora] Getting up and running with postgres in 2 mins

I am very fascinated with Postgres, right since I hard about it, around 2002. Compared to MySQL 3.25, which was and perhaps still is, more popular, Postgres fared a lot better in terms of SQL-compliance, foreign-key support [which was lacking in MySQL 3.25] etc. Also, Postgres is an ORDBMS, just like Oracle. You can do lot of cool stuff with Postgres.

For this exercise, we will assume:

Postgres user name = mypguser

Postgres data directory = /usr/local/pgsql/data

If you are using Fedora, Postgres will be installed by default. To verify, do a find on initdb and psql. If you do not have it installed, install it with yum or grab a tar ball from here and follow the instructions. Its pretty straight forward.

After you have installed, run the following commands:

#adduser mypguser
#passwd mypguser
#mkdir /usr/local/pgsql/data
#chown mypguser /usr/local/pgsql/data
#su – mypguser
$initdb -D /usr/local/pgsql/data

Starting Postgres

Postmaster should always be started as the underprivileged user mypguser.

$postgres -D /usr/local/pgsql/data >logfile 2>&1 &
To create a database:

createdb somedatabase
To start the command line tool:

psql somedatabase

Autostart Postgres as a service

Fedora should already have this script in /etc/init.d/postgresql.

The problem is that this assumes that the postgres user name is postgres and the data is located in /var/lib/pgsql/data. You can edit the script suitably and then enable it as a service, so that postmaster starts everytime your system boots up. You can also use the script that I have modified, just declared the user and data as variables. You can find it here.

Installing PgAdmin

PgAdmin is a nice gui frontend for administratin Postgres. You have to first add its yum repository. Follow these steps [you must be super user].

1. download rpm and add yum repository:
http://yum.pgsqlrpms.org/reporpms/repoview/letter_p.group.html
2. yum install postgis
3. yum install pgadmin3

You can also use phpPgAdmin.

For this article, I was inspired by:

http://www.postgresonline.com/journal/index.php?/archives/45-An-Almost-Idiots-Guide-to-PostgreSQL-YUM.html

Unblocking SELinux

Today, while I was trying to access MySQL through PHP on HTTPD Apache server, I was getting a connection fail. Since I installed PHP for the first time, I double checked on whether I had installed the PHP-MySQL module as well. Yes, I had, all seemed to be fine… but… try again… hey a yellow asterisk pops-up in my task-bar… SELinux is preventing httpd to access MySQL.

What now? Followed the link to the FAQ:

http://docs.fedoraproject.org/selinux-faq-fc5/#id2961385

I am summarising it as follows:

Copy the ‘raw message‘ which appears at the end of the SELinux service denied screen. Save it as selinux_httpd_mysql_alert.txt, and run the following command.

audit2allow -M local < selinux_httpd_mysql_alert.txt

This will generate a file called local.pp. Load this by either running the command

semodule -i local.pp

Or by going to the SELinuxManagement [from the System menu -> Administration] and then do a load policy.

Thats simple alt=title=”:)” />.