Category Archives: linux

Protect empty mountpoint from write access when drive is not mounted in Raspbian and Linux

I knew I had read something to this effect in the past since one of my raspi‘s had this thing where you couldn’t write to a mountpoint unless the drive/USB disk was actually mounted.

Since I spent some time in finding it again, here I add it to my blog as personal reference.

From this post:

Always set the attributes of mountpoint directories to immutable using chattr.

This is accomplished with chattr +i /mountpoint (with the mount unmounted).

This would error-out on new write activity and also protects the mount point in other situations.

lighttpd cannot install because of libssl1.1, how to fix

My situation happened on a Raspberry with Raspbian Stretch installed, I had added PHP7.0 repository from sury.org quite a while back and when by chance today I went to open PiHole admin page from my laptop it simply wouldn’t load.

Google what’s up, I found out lighttpd was maybe the culprit, look around and noticed it wasn’t installed, and couldn’t be installed with the error:

lighttpd : Depends: libssl1.1 (>= 1.1.0) but it is not going to be installed

I then discovered that said libssl1.1 library off sury.org, coming together with the PHP distro, broke lighttpd.

I removed the repository source from /etc/apt/sources.list.d/php.list (your filename may vary) and issued a sudo apt-get update followed by a dist-upgrade but that didn’t solve anything.

I couldn’t find for the life of me a way to simply exchange the libssl1.1 package (which was kept from the sury.org repository even after removing its source) to the original repository version, and

sudo apt-get remove libsll1.1

wanted me to remove also ALL the packages that depended on this library. And they were a LOT.

Like hell I wanted to do that!

Or not?

Well I tried

sudo apt-get install --reinstall libssl1.1

hoping it would get rid of the messy libssl1.1 exchanging it with the official repository one, but that also gave an error:

Reinstallation of libssl1.1 is not possible, it cannot be downloaded.

Sooooo I was getting out of options and very annoyed.

I thought, why not letting the frigging apt remove all those packages? I can always install them later on… I hope…

EDIT: benosco down in the comments offered an easier solution, you might want to check it before going the hardcore way like I did.

So I copied the list of the packages that were to be removed off putty window and into notepad++, crossed my fingers and let apt remove everything.

After that was done during an extremely long and suffered delay, I had to do

sudo apt-get install <paste big-ass list of packages here>

In my case, it didn’t work out that simply at the first try, I got some CRC mismatch somewhere so they were not installed all together.

But I issued the command with less packages listed, beginning with apache2 php7.0 mysql-server transmission-cli samba python somethingIcannotreallyrecallnow, and then reissued the first command with all the list again to fill in the blanks.

It installed everything piece by piece, and lighttpd with it as well.

Since apt-get actually removes those packages without purging them (unless you ask it to purge libssl1.1 which isn’t a good idea) their settings are kept and reinstalling the packages will restore the system to the previous state.

At least it did for me, since the system came back to normal after a reboot.

lftp and source: Is a directory error

I was running lftp with the -f switch to launch the usual mirror command, working fine with a few ftp servers at first, but when I added another sync with a pure-ftpd server something stopped working as intended: the message

source: Is a directory

appeared and nothing more happened, only after I pressed Enter the script went on with the execution.

What helped me was this discussion.

so I changed my script, and instead of having

open host
user username password
mirror blahblah

I used

open -u username,password host
mirror blahblah

and everything was magically fine!

Why? NO IDEA. Who cares. Works now.

Change user of transmission-daemon under Debian and Raspbian

UPDATE: Cristian commented adding a nice solution (which I didn’t personally test though, so it’s on you):

  1.  run chmod 775 on the download folder, with -R option (recursive on subfolders):
    sudo chmod -R ug+rw folderName
  2.  add your own user (the one you need to be able to access the downloaded files) to debian-transmission group, or any other group that the transmission daemon belongs to:
    sudo usermod -a -G groupName userName

And that would be all.

Though, after some tinkering that occurred as of june 2019, I found that my original, following, solution has a -probably- nicer “feature” for someone: the config folder of transmission is saved in your own home under the .config/transmission-daemon/ folder, instead of /var/lib/transmission-daemon/, in my case this saved some waste of time because I had the home folder backed up, while the rest of the system was installed from scratch.

This is the original article with the original solution.

I have a raspi3 running transmission daemon downloading to an external USB drive shared via Samba. I don’t want to keep using debian-transmission user with the daemon since just switching to my user account having the access rights to the external USB is much simpler.

I had it already nice and running before, but updating the daemon with apt-get messed everything (and lost all the running torrents as well) so I had to rediscover the procedure once again, and for posterity (and myself for future occasions) I’m writing it down here.

All the missing torrents appeared again after I solved the issue.

Periodically I myself come back here, since at every update of transmission, the service username is restored to the default value, and my Web UI doesn’t work anymore. That’s my cue to open my own tutorial and follow it.

So, here are the things you need to do:

  1. run sudo service transmission-daemon stop just in case
  2. edit /etc/init.d/transmission-daemon to have USER=username
  3. edit /lib/systemd/system/transmission-daemon.service to the same effect
  4. run sudo chown -R user:user /etc/transmission-daemon/
  5. run sudo chown -R user:user /var/lib/transmission-daemon/
  6. restart the service with sudo service transmission-daemon start

Done.

According to a comment of this article, this might not work for you, so instead you might want to follow this guide instead:

https://askubuntu.com/questions/261252/how-do-i-change-the-user-transmission-runs-under/544185#544185

Raspberry Pi 3 vs Cubieboard 2 Samba NAS performance

I’ve been using a Cubieboard overclocked to 1.3GHz as my home little NAS server since a few years ago, and just recently I bought a Raspberry Pi 3 thinking it would have been surely faster.

I was especially looking to get better Samba performance.

I have additional ntfs-3g and encryption layers other than Samba, but both boards had their version of Debian installed, with the same packages and same configurations, so the starting configuration was basically the same.

Both were -alternatively- attached to the same Toshiba Canvio 3TB USB3 disk (working in USB2 mode on both boards), and on two adiacent ports on my TP-Link ADSL router.

I overclocked my Raspi3 to 1.5GHz, with sdram_freq set to 500.

For my test, both were alternatively running off the same AC powered USB adapter, under the same wattmeter, each with his own USB power cord.

Well, it was an overall disappointing experience.

Raspberry Pi 3 @ 1.5GHz

  • Download speed via Samba: almost 7MB/s
  • CPU temperature: about 42°C
  • System load: ~2
  • Power draw: 2.6W, with short spikes to 2.7W

Cubieboard 2 @ 1.3GHz

  • Download speed via Samba: almost 7MB/s in average, oscillating between 6.3 and 7.5MB/s
  • CPU temperature: about 42°C
  • System load: ~2
  • Power draw: average 3.4W, ranging from 3.3 to 3.5W

So, the only area where raspi3 is superior to cubie2 is the power draw, otherwise I would have expected way better performance.

Interesting to note, the transfer speed via samba was the same on the raspi3 at the default frequency of 1.2GHz (no benefit from overclocking whatsoever, if not maybe increased oscillations in speed with the same average value), while cubie2 seriously improved after I overclocked back then.

This might indicate a saturation of the USB bus, where the ethernet adapter resides in the raspberry pi 3, which might be the case since the system load of 2 means the 4 cores of the raspberry pi 3 are loaded half as much as the 2 cores on the cubieboard 2, so they could be waiting for the bus to free itself.

Investigating further, I ran

vmstat 3

on both the boards during the transfer… and averages were as follows:

  • Cubieboard 2: user 7%, system 52%, idle 39%, waiting 2%
  • Raspberry Pi 3: user 2%, system 28%, idle 55%, waiting 15%

I think it’s quite clear at this point that while the cubieboard 2 is crunching during that time (the idle should be due to one of the two cores not being optimized), the raspberry pi 3 is waiting on the bus to free itself before sending in other data (the higher idle also must be due to the 4 cores not being all used for the task, mostly 2 of which just don’t do anything at all).

I spent about half to buy the raspberry pi 3 than what I paid for the cubieboard 2 back then, but after so much time it’s not surprising; what is surprising is that the everyday performance appears to be the same 🙁

At this point I will probably keep the cubieboard 2, because it’s already configured as I want it (it’s got more amenities to it than just the NAS server based on Samba) and the different power draw would save me only about 2€ per year on the raspberry pi 3, so no point in upgrading.

UPDATE:

It’s been a couple months since i wrote this article, and for the last month, maybe more, I’ve been actually using the raspi3 as server (and have sold the cubie2 which wasn’t useful anymore).

I noticed that, on the long run, the NAS transfer speed didn’t keep up on the cubieboard after the uptime went, well, up 🙂 It got down to about 2MB/s, with spikes of 5MB/s, maybe less, but never quite reached the 7MB/s average which I got for the tests. No idea what caused this performance drop, but it was a fact: as days went by, the transfer speed was not on par, but far less.

The raspi3 on the other side looks more reliable, its uptime is 40 days as I write, and it still is right below the 7MB/s mark.

Share mysql and apache folders from windows XAMPP to linux XAMPP

This is a replica of the article by jultech from 2007 for posterity and data-replication purposes.

When dualbooting between windows (first OS installed) and linux, do this:

~ # mv /opt/lampp/var/mysql /opt/lampp/var/mysql.BACKUP
 ~ # ln -s /mnt/windisk/path/to/XAMPP/mysql/data/ /opt/lampp/var/mysql
 ~ # mv /opt/lampp/htdocs /opt/lampp/htdocs.BACKUP
 ~ # ln -s /mnt/windisk/path/to/XAMPP/htdocs /opt/lampp/htdocs

This creates a backup of the original XAMPP folders in linux, and them symlinks them to the windows disk mounts.

Restart XAMPP to have th configuration running.

Thank you jultech.

Fix mount: unknown filesystem type ‘isw_raid_member’

You may also get ‘linux_raid_member‘ instead of ‘isw_raid_member‘, usually it’s the same.

So you probably have run through other tutorials telling you not to mount directly but to mount the raid instead…. but you have no raid!

Maybe though, you HAD a raid back in time, and you removed it leaving the disks as separate storage, and in that case there would be “rogue” raid metadata on the disk that makes linux (mint in my case) think it is a raid, and get confused.

Thanks to Chris_F I finally solved it, you need to use dmraid (install it if it’s not on the system, via apt-get) to remove those orphan tags:

sudo dmraid -rE /dev/sdb

In my case, this instantly showed the disk in file manager.

403 Permission denied on Apache in Debian/Ubuntu with changed document root

I had just made a brand new installation of both Ubuntu trusty and vivid and Debian jessie (tried all of them) on my android phone with Linux Deplow, and installed the LAMP stack via SSH. I wanted Apache to serve files decrypted from an EncFS mount, so I found easier to move the DocumentRoot to a subfolder of my home (by editing /etc/apache2/sites-available/000-default.conf – by the way, this file has changed location quite a bit in the past, being called just default.conf, or being httpd.conf in older versions), and changed Apache’s username to my own (by editing /etc/apache2/envvars).

Well, what happened is that, no matter what I did, I was still getting a 403 Permission denied error, which had nothing to do with EncFS.

By pure chance, I went checking what was inside /etc/apache2/apache2.conf, and other than a reference to envvars for the username and group definitions for the user Apache is run as, scrolling further down there are folders definitions which were, in previous versions, located in the default.conf file. Changing in there the reference to /var/www into the new custom folder made it.

You obviously need to restart Apache after such changes.

AFWall+ and Linux Deploy, no internet access unless firewall is disabled

This is a personal reminder and also an easier-to-find heads up to those looking for a solution: if you installed linux on Android via Linux Deploy, and find that, no matter how you set rules on AFWall+ you can never get internet to the mounted linux image, unless you disable the firewall altogether (not recommendable since you installed a firewall in the first place), then here is the solution provided in this thread (it’s all due to DNS calls being blocked without a possibility to make them pass through in the vanilla AFWall+).

Under AFWall+ contextual menu, open the custom script editor, and inser these lines:

 

$IPTABLES -A afwall-wifi -m owner --uid-owner root -p udp --sport=67 --dport=68 -j RETURN
$IPTABLES -A afwall-wifi -m owner --uid-owner nobody -p udp --sport=67 --dport=68 -j RETURN
$IPTABLES -A afwall-wifi -m owner --uid-owner root -p udp --sport=53 -j RETURN
$IPTABLES -A afwall-wifi -m owner --uid-owner nobody -p udp --sport=53 -j RETURN
$IPTABLES -A afwall-wifi -m owner --uid-owner root -p tcp --sport=53 -j RETURN
$IPTABLES -A afwall-wifi -m owner --uid-owner nobody -p tcp --sport=53 -j RETURN
$IPTABLES -A afwall-3g -m owner --uid-owner root -p udp --dport=53 -j RETURN
$IPTABLES -A afwall-3g -m owner --uid-owner nobody -p udp --dport=53 -j RETURN
$IPTABLES -A afwall-3g -m owner --uid-owner root -p tcp --dport=53 -j RETURN
$IPTABLES -A afwall-3g -m owner --uid-owner nobody -p tcp --dport=53 -j RETURN

making sure you preserve the line return after each RETURN since pasting directly into the tiny textbox of AFWall+ may lose the carriage returns.

BAM you will have internet from your android linux without having to disable the firewall. Naturally, you will also have to enable internet access to “Applications running as root”.

Update: as per Peter’s suggestion in the comments (thank you Peter!) if you still get errors with this approach you may need to add a couple more lines, like so:

$IPTABLES -A afwall-wifi-wan -m owner –uid-owner 5000 -j RETURN
$IPTABLES -A afwall-wifi-lan -m owner –uid-owner 5000 -j RETURN

where “5000” is an id you have to customize to your needs, and you can get it either from AFWall’s errors logs, or by checking the /etc/passwd file for the current user’s entry.

Samba share connection doesn’t accept user:password login from Windows

This is mainly a self-reference for when I find myself reinstalling Samba on my home server, if something goes wrong and the previous system got corrupt, or if I am upgrading something.

It happens, ALWAYS, that I setup a share with a login, which is the same of the user on the server the share resides into, and when I insert that login info in the Windows dialogue that appears, it just gives me an access denied error, as if the password I inserted wasn’t correct.

What I forget to do, every single time, is to create first a samba user with

sudo smbpasswd -a username

and then using those credentials (which you can create as matching the linux user’s) in the windows dialogue.