Category Archives: linux

403 Permission denied on Apache in Debian/Ubuntu with changed document root

I had just made a brand new installation of both Ubuntu trusty and vivid and Debian jessie (tried all of them) on my android phone with Linux Deplow, and installed the LAMP stack via SSH. I wanted Apache to serve files decrypted from an EncFS mount, so I found easier to move the DocumentRoot to a subfolder of my home (by editing /etc/apache2/sites-available/000-default.conf – by the way, this file has changed location quite a bit in the past, being called just default.conf, or being httpd.conf in older versions), and changed Apache’s username to my own (by editing /etc/apache2/envvars).

Well, what happened is that, no matter what I did, I was still getting a 403 Permission denied error, which had nothing to do with EncFS.

By pure chance, I went checking what was inside /etc/apache2/apache2.conf, and other than a reference to envvars for the username and group definitions for the user Apache is run as, scrolling further down there are folders definitions which were, in previous versions, located in the default.conf file. Changing in there the reference to /var/www into the new custom folder made it.

You obviously need to restart Apache after such changes.

AFWall+ and Linux Deploy, no internet access unless firewall is disabled

This is a personal reminder and also an easier-to-find heads up to those looking for a solution: if you installed linux on Android via Linux Deploy, and find that, no matter how you set rules on AFWall+ you can never get internet to the mounted linux image, unless you disable the firewall altogether (not recommendable since you installed a firewall in the first place), then here is the solution provided in this thread (it’s all due to DNS calls being blocked without a possibility to make them pass through in the vanilla AFWall+).

Under AFWall+ contextual menu, open the custom script editor, and inser these lines:


$IPTABLES -A afwall-wifi -m owner --uid-owner root -p udp --sport=67 --dport=68 -j RETURN
$IPTABLES -A afwall-wifi -m owner --uid-owner nobody -p udp --sport=67 --dport=68 -j RETURN
$IPTABLES -A afwall-wifi -m owner --uid-owner root -p udp --sport=53 -j RETURN
$IPTABLES -A afwall-wifi -m owner --uid-owner nobody -p udp --sport=53 -j RETURN
$IPTABLES -A afwall-wifi -m owner --uid-owner root -p tcp --sport=53 -j RETURN
$IPTABLES -A afwall-wifi -m owner --uid-owner nobody -p tcp --sport=53 -j RETURN
$IPTABLES -A afwall-3g -m owner --uid-owner root -p udp --dport=53 -j RETURN
$IPTABLES -A afwall-3g -m owner --uid-owner nobody -p udp --dport=53 -j RETURN
$IPTABLES -A afwall-3g -m owner --uid-owner root -p tcp --dport=53 -j RETURN
$IPTABLES -A afwall-3g -m owner --uid-owner nobody -p tcp --dport=53 -j RETURN

making sure you preserve the line return after each RETURN since pasting directly into the tiny textbox of AFWall+ may lose the carriage returns.

BAM you will have internet from your android linux without having to disable the firewall. Naturally, you will also have to enable internet access to “Applications running as root”.

Update: as per Peter’s suggestion in the comments (thank you Peter!) if you still get errors with this approach you may need to add a couple more lines, like so:

$IPTABLES -A afwall-wifi-wan -m owner –uid-owner 5000 -j RETURN
$IPTABLES -A afwall-wifi-lan -m owner –uid-owner 5000 -j RETURN

where “5000” is an id you have to customize to your needs, and you can get it either from AFWall’s errors logs, or by checking the /etc/passwd file for the current user’s entry.

Samba share connection doesn’t accept user:password login from Windows

This is mainly a self-reference for when I find myself reinstalling Samba on my home server, if something goes wrong and the previous system got corrupt, or if I am upgrading something.

It happens, ALWAYS, that I setup a share with a login, which is the same of the user on the server the share resides into, and when I insert that login info in the Windows dialogue that appears, it just gives me an access denied error, as if the password I inserted wasn’t correct.

What I forget to do, every single time, is to create first a samba user with

sudo smbpasswd -a username

and then using those credentials (which you can create as matching the linux user’s) in the windows dialogue.

Change the user Transmission Debian daemon runs under and avoid warning message

I am writing this post also for personal reference (and currently I am writing in bare HTML since my WordPress installation lacks an updated multilanguage plugin to be able to use the WYSIWYG editor).
I was moving my home server from a slow Raspberry PI to a way faster Cubieboard 2, and got to reinstall Transmission daemon. I needed to change its user tho, because I needed a certain folder to be accessible to it.
So I edited as SU the /etc/init.d/transmission-daemon file changing the transmission-debian value into the username I wanted to use, but I kept getting a (warning) message when trying to start the daemon.
Long story short, here are some tips you have to follow, but first credits where they’re due:
This is the page where I got started the first time:
And this is a heads up I got while trying to solve this problem:

So, back on track:
1) Make sure the transmission daemon is stopped, otherwise changes you make to configuration files will be reverted to original
2) Edit the init.d starting script changing the username to your wanted username
3) chown the default transmission-debian folders to the user you need:

sudo chown username:group /var/lib/transmission-daemon/info –R
sudo chown username:group /etc/transmission-daemon/ –R

4) If you are importing a settings.json file from a previous installation, make sure to copy it to both /etc/transmission-daemon/ and /var/lib/transmission-daemon/info/ so that both copies are identical
5) You can now start the daemon and everything should work as expected

Cyclic sound MP3 audio recording in ubuntu

I work in a relatively safe environment, yet it may very well happen that I need to prove something that someone said in my office, so I can hold it against them when the time comes.

My laptop is always turned on, so I could use it to record the environmental sounds around it, with a couple of requirements:

  • the recording must be totally unattended, starting when I turn on the pc, and stopping when I turn it off, without any user intervention
  • the recorded files must be somehow purged, starting from the oldest ones, so that my disk doesn’t get filled with audio files

As in the Ubuntu spirit, I tried to search for something that did the job right away, but with no luck.

So, still in the Ubunt spirit, I had to arrange it myself: the idea is to record the audio in chunks of 10 minutes, and each time delete the oldest files, so that there is a chosen number of max files inside the recording folder.

You will need the audio-recorder package for the job, install it as follows:

sudo apt-add-repository ppa:osmoma/audio-recorder
sudo apt-get update
sudo apt-get install audio-recorder

when the program is installed, open it (Alt-F2 and then launch audio-recorder), click on the “additional settings” button, and setup your default recording folder there, in this example it’s the folder “audiofiles” directly under your home folder.
Also I suggest changing the file naming standard to %Y-%m-%d-%H:%M:%S so that each recording can be easily associated with the time of starting.

Then, you need to make a bash script that will deal with starting a new recording, while closing the previous one, this is what I came up with:


/usr/bin/audio-recorder --display=:0.0 -c stop
/usr/bin/audio-recorder --display=:0.0 -c start
cd /home/username/audiofiles
rm `ls -t | awk 'NR>150'`

which does exactly the following: stops a previously open (if existing) instance of the program, and starts a new one, then deletes the oldest recorded audio chunks so that there are maximum 150 files inside the recording folder (if you want a different amount, just replace 150 with the number you prefer); please note that the recording folder written in this bash script must be the same that is set in the additional settings, so if you want to use a different folder make sure to set it up both in audio-recorder and in this bash script.
Also, please note that the username part of the path must be replaced with your ubuntu username.

You can create this bash script as a “” file in your home folder, and then be sure to chmod +x so you can execute it.

Then, you need something that actually starts the recording, and cron is our friend here.

Run the command

crontab -e

and if it’s the first time you run it,  you should be presented with a choice screen asking you which editor you prefer… absolutely choose nano!

Inside the editor screen, paste this:

*/10 * * * * /home/username/

where “username” must be replaced with you ubuntu username, then press Ctrl-X to save the file (press Y is prompted to confirm).

What this cron line does, is running the bash script we just created every ten minutes, so the recorded sound files will be 10 minutes long. If you want to change this length, just change the 10 in the command to the number of minutes you prefer.

Restart the pc, and notice how files are being created inside of your folder. After a while, you will also get over the set limit for the files, and you will notice how the number of files will always stay the same, with the oldest files being deleted.

How to drag and drop files between windows in Ubuntu Unity launcher bar

So I like Unity, it looks nifty and the Zeitgeist launcher is so productive.
One huge gripe about unity though, is that you cannot, apparently, drag&drop files between applications open in the Unity launcher bar, namely:

  • a file from nautilus into thunderbird as a mail attachment
  • an image from nautilus into a photo-editing program
  • the same file from nautilus into an archive manager
  • an image into the upload page of opened in your browser
  • anything else

I use a Precise Pangolin installation, and this is what works for me:

  1. Start dragging the file until you have it under your mouse pointer, ready to be dropped somewhere
  2. At this point you will notice the launcher bar buttons become gray (almost all of them, Nautilus and Firefox stay bright for me)
  3. Trying to drop onto any of the buttons, be it grayed out or bright, will NOT bring up its window
  4. Keep the mouse button pressed, and on your keyboard use theWinKey+TAB combination, you will see the applications buttons on the unit launcher bar brighten one at a time, cycling though both bright ones and grayed ones
  5. When you have highlighted the button of the program you need (for example, Thunderbird to attach a file into a mail), release the WinKey+TAB combo and the relative application window will open
  6. Finally drop your file in the opened window
  7. After you’ve done your job, flood LaunchPad with bug reports until we get this dumb problem fixed

Ubuntu won’t start Gnome GDM after upgrade to Oneiric Ocelot

So I was upgrading my home server first from Maverick Meerkat to Natty Narwhal, and then from Natty to Oneric Ocelot.
It is not a plain desktop installation, as back in the time I installed Ubuntu Server and then built upon it adding Gnome without the useless stuff that comes with the ubuntu-desktop package.

Anyway, after upgrading to Oneiric the X interface went away, all I saw was the boot messages text by the kernel up to the Apache2 start, and nothing else. SSH was still accessible so I could go through it, but you could still use recovery console to access the system if you don’t have remote terminal capability installed.

Checking with dmesg I saw these error messages:

[ 24.974182] gdm-simple-slav[1009]: segfault at 0 ip 002945b7 sp bfe9b6c8 error 4 in[291000+6000] [ 38.598946] gdm-simple-slav[1218]: segfault at 0 ip 00a3b5b7 sp bf9c35c8 error 4 in[a38000+6000] [ 39.562834] gdm-simple-slav[1238]: segfault at 0 ip 005eb5b7 sp bff72138 error 4 in[5e8000+6000]

Upgrading again, via SSH, to Precise Pangolin didn’t solve the problem, so I googled aroung and found this bug on launchpad.

Apparently, the autologin feature prevents GDM from going on and just hangs there.

Briefly, what I did and worked in my case (mileage may vary) was:

sudo add-apt-repository ppa:gnome3-team/gnome3
sudo add-apt-repository ppa:ubuntugnometeam/ppa-gen
sudo apt-get update
sudo apt-get dist-upgrade
sudo mv /etc/gdm/custom.conf /etc/gdm/

The last line is the command that removes the autologin (by renaming the conf file that activates it), after doing this and rebooting I was showed the login screen.

Backup installed packages list in Ubuntu and restore via Synaptic

To backup your Ubuntu install you don’t just need to keep a copy of the /home folder (or partition), since you would still need to re-fetch all the packages you installed, and that can be time consuming, especially if you carefully chose the applications to add to the system.

Synaptic already offers a similar function, which is File > Save Markings As… (be sure to fill the check box “Save full state, not only changes”, otherwise you will be probably getting a 0byte file). You can then use the File > Read Markings function to restore the package list on another system/install.

What’s the deal with this? The function actually saves indiscriminately a list of all the installed packages, including those that were installed just because they were a dependence. For example if you sudo apt-get/aptitude install packagename you will probably install also packagename-data and packagename-core or something along those lines, as they are dependencies of packagename, but the dependencies may be more complex and deeper (for example, packagename-core may also require other packages in turn); dependencies can change over time, so if package A requires package B today, a month from now that may be not true anymore; so if you passively restore the whole packagelist, you would be installing package B even if that’s not needed anymore.

The solution is to save a list of only the “main” packages, which will in turn require the correct dependencies; this can be achieved with:

aptitude search "~i ?not(~M)" -F "%p install" > packagelist.txt

This saves into packagelist.txt the list of the installed packages (~i) that were not installed automatically (not(~M)), mantaining the same format of the list generated by Synaptic, that is “packagename install” in each row, so you can seamlessly import it from Synpatic.

Zoneminder can’t chmod /dev/videoN, operation not permitted, and not starting at boot

Zoneminder has reached its current peak with version 1.24.2 since quite some time, so you can finally get it off the official repositories of Ubuntu, instead of finding then the older 1.23 as it was at the time of Jaunty, when you had to compile off the source.

Running configure and make install comes with the added benefit of making you feel nerdy, but it’s still a pain, and why doing it when you can download a deb to install it automatically?

So well, when I installed off the repos in Lucid everything went fine since the beginning, I only had to load http://localhost/zm in Firefox to get it going.

This time after upgrading to Maverick (on a new hard disk, so new fresh install), I instead faced some errors.

First I couldn’t get to the console URL, but this thread at UbuntuForums gave the solution:

sudo ln -s /etc/zm/apache.conf /etc/apache2/conf.d/zoneminder.conf

to create a link between Apache’s configuration file and Zoneminder’s shipped one, and then

sudo /etc/init.d/apache2 reload

to have Apache refresh its configuration from said file; after this, the console’s web GUI can be reached under the /zm subfolder of the webserver root.

Then, I had another problem where the sources appeared red no matter what; enabling debug I found an error relating to zmfix not being able to apply a chmod on /dev/videoN, since the operation was not permitted. Manually doing:

sudo chown www-data /dev/video*

and restarting zoneminder with

sudo /etc/init.d/zoneminder restart

solved it, but didn’t survive a reboot, as the ownership of /dev/video* goes back to root:video.

What did it for me was a:

sudo adduser www-data video

as suggested in this topic on ZoneMinder forums.

So this solved the operation not permitted error, but I was still getting an unresponsive ZoneMinder console after reboot, the status was reported as “Stopped”, and after manually starting it all went fine; there had to be something preventing ZoneMinder from properly and automatically start right after first run, so searching I found a tip in ZoneMinder Wiki, that suggested the problem lying in Ubuntu starting ZoneMinder so soon that MySQL wasn’t ready yet; delaying the start of ZoneMinder solves this, so you just need to add

sleep 15


zmfix -a

in the ZoneMinder startup script, which is, in the standard repository installation, /etc/init.d/zoneminder

Enjoy your videosurveillance!

sudo /etc/init.d/apache2 reloadsudo /etc/init.d/apache2 reload

Extract string between two tokens inside a text in bash shell scripting

The other day, as a total newbye, I was writing a script in bash to process an HTML page, look for a URL inside it, and then download the content at that URL, recursively for a series of pages; I had it already done in AutoHotKey language, but since I don’t keep my Windows workstation always on, while my linux homeserver is, I decided I was better off learning a little of bash language to make the procedure more efficient.

In this script I need to extract a segment of string between two known “tokens”, in order to get the needed URL off the HTML page; in AutoHotKey I saved the string position inside the text for both of the tokens, and then did a precalculated substring operation between those two offsets, and was obviously looking to do the same in bash, as I was translating step-by-step from AutoHotKey.

With my big surprise, this is not possible, as the only operation to search for a string inside another string, actually searches only for the first occurrence of the first caracter of the key string; in other words, you can search for “my” inside “The mellow fur of my cat is brown”, but the result would be 4, and not the expected 18, because as said expr index "$string" $substring only matches the first character of substring, hence the first position of “m” inside the string.

Now, I didn’t really care to find the position of those tokens, I only cared about the string in the middle, so any other operation that did the trick was fine; alas, I realized it only after about a hour of wasting time, but in the end I came up with the solution, and I am publishing it here to save time to other wanderers.

It basically consists in stripping from the string everything that is before the first token (including first token), and then stripping, from the result of this first operation, everything that is after the second token (including the second token):

#variables declaration

#actual processing

This returns $middlestring as the string contained between the first occurrence of $firsttoken (single # symbol), and the first occurrence of $secondtoken (double %% symbol, indicating the farthest occurrence from the end of string).

  This article has been Digiproved