Ubuntu notes

From Noah.org
Jump to: navigation, search

I like Ubuntu. Every Linux distro has quirks, but I like working with Ubuntu quirks more than any others.

what security updates do I need?

Report which packages need security updates:

apt-get update
apt-get --dry-run upgrade | grep "^Inst" | grep "-security"

LiveCD serial console boot

Connect the RS-232 serial ports of two machines with a NULL Modem cable.

Select boot option and press F6 to display the kernel boot line. Something like the following:

kernel /boot/vmlinuz-2.6.15-26-386 root=/dev/hda5 ro quiet splash

Edit it to look something like this:

kernel /boot/vmlinuz-2.6.15-26-386 root=/dev/hda5 ro console=ttyS0,115200

On the other machine:

screen /dev/ttyUSB0 115200,cs8,-parenb,-cstopb,-hupcl

Set default binaries for MIME types

Use the update alternatives system. To interactively set the default editor for any text editable MIME type:

sudo update-alternatives --config editor

Or just set it to Vim directly use one of the following:

sudo update-alternatives --set editor /usr/bin/vim.basic
sudo update-alternatives --set editor /usr/bin/vim.python 

some others that I like to set

sudo update-alternatives --set pager /usr/bin/vim-pager-wrapper
sudo update-alternatives --set x-terminal-emulator /usr/bin/urxvt
sudo update-alternatives --set www-browser /usr/bin/w3m
sudo update-alternatives --set x-www-browser /usr/bin/firefox

rc.d and init.d maintenance

This covers `sysv-rc-conf` and `update-rc.d`. These tools manage links in the rc0.d,rc1.d,rc2.d,rc3.d,rc4.d,rc5.d,rc6.d,and rcS.d directories to scripts in /etc/init.d/. Remember, rcS.d scripts are run first before the runlevel is set (rc2.d for Ubuntu).


The `sysv-rc-conf` command similar to RedHat's `chkconfig`. It is intended as an easy user interface to the rc.d links. It’s a replacement for programs like ntsysv(8) or rcconf(8).

If you just run it with no options it will start a curses console GUI. It's pretty simple to use.


You can also perform all actions through CLI options similar to `chkconfig` except there are no --add and --del options. You don't need them -- just put your new start-stop script in /etc/init.d and use the 'on' or 'off' described commands below. The 'on' and 'off' commands work on run-level 2,3,4,5 by default.

sysv-rc-conf --list
sysv-rc-conf --list consolekit
sysv-rc-conf consolekit on
sysv-rc-conf consolekit off


The `update-rc.d` command is more intended for use in scripts that manage rc.d links. Use this if you want to install new default links to a start-stop script. It will do nothing if any links already exist. A start-stop should have a comment section that starts with '### BEGIN INIT INFO'. This is used to define the default run level actions. To install a new start-stop script with the defaults use this:

update-rc.d foobar defaults

ConsoleKit -- AKA console-kit-daemon

You may see this daemon running and wonder what the hell it's for. It does a lot of stuff that I don't need at the moment. The simplest explanation is that ConsoleKit is used to implement "fast user switching" -- you know, where you can switch to a different user without logging the current user out. It is annoying that there are no man pages for it, but you can find some documentation under /usr/share/doc/consolekit. ConsoleKit was initially written by William Jon McCann. The homepage for it is here http://freedesktop.org/wiki/Software/ConsoleKit.

You can shutdown ConsoleKit -- this seems harmless:

/etc/init.d/consolekit stop

GVFS sucks

As root you try to do something with a user's home directory that accesses /home/user/.gvfs". For example, just try to `ls` the user's .gvfs directory:

ls /home/user/.gvfs
ls: cannot access /home/user/.gvfs: Permission denied

This is stupid. The FUSE subsystem can be configured to block root. First, here is how you kill the evil thing:

# umount gvfs-fuse-daemon

Next edit /etc/fuse.conf and add this:

# Allow non-root users to specify the 'allow_other' or 'allow_root'
# mount options.

I'm not sure how you restart FUSE or then configure it so that it uses allow_root. It's a GVFS Gnome retarded thing and it pisses me off.

Supposedly GVFS_DISABLE_FUSE=1 in your environment will also turn this off. It probably has to set early, so I added this line to /etc/environment:


apt aptitude and other package managers

Mixing apt-get and aptitude

See also [1].

I often switch back and forth between using `apt-get` and `aptitude`. I put `apt-get` in scripts or use it from the command-line, but I usually use `aptitude` for browsing, searching, and installing packages by hand. So, is it OK to mix the different apt front-ends such as `apt-get` and `aptitude`? The answer is, "sort of". It's harmless for installing packages, but if you remove a package that was installed by one of the other front-ends then they can get confused and you might end up with packages remaining installed that you don't need or having packages that you manually installed automatically removed for you. Each front-end keeps its own separate database of which files you manually specified for installation and the package dependencies that were installed automatically to satisfy your manual request. So later, if you decide to remove a package, the front-end uses its database to decide if it should remove the dependency packages or not. The problem is they each have their own database that isn't shared.

One solution is to use 'apt-mark-sync'. I generally use `aptitude` most of the time, so I treat `aptitude` as the master. I run this command to keep the other front-ends in sync:

apt-mark-sync aptitude all

unknown group in statusoverride file

This has only happened to me once, but you may also see an error like this when using a package manager:

dpkg: syntax error: unknown group `Debian-exim' in statusoverride file 
E: Sub-process /usr/bin/dpkg returned an error code (2)

This is due to a faulty package removal. The package maintainer may have forgotten to remove the override when uninstalling a package. Usually it is safe to fix this by manually running something like the following:

dpkg-statoverride --remove /etc/exim4/passwd.client

how to show what aptitude would do -- aptitude schedule query

This is a safe command to run. This will show what packages would be automatically installed or removed to satisfy dependencies. This also shows what Aptitude has previously scheduled to install, delete, purge, etc. Someone may have run `aptitude` and selected files to be installed or removed but then quit the installation early. The files they selected are queued until next time. See aptitude keep-all for purging previously scheduled tasks. Oddly, there is no way to do this inside of the aptitude interactive tool.

aptitude install -ysfD

How to unmark all packages marked to be upgraded in aptitude

If you hit 'U' to mark all upgradable packages to be you may change your mind and decide that you don't want to risk upgrading 20 different system critical packages. The trick is that it difficult to convince Aptitude to forget about these queued packages. You can select each one and hit '-' to unmark them, but that can be a drag is you have a lot of them in the list. Oddly, aptitude does not provide a way to unmark them all from inside the curses GUI, but you can easily do this from the command-line:

aptitude keep-all

selecting text in Aptitude

Aptitude takes control of the mouse which disables xterm mouse text selection. To override this simply hold SHIFT while you select text with the mouse.

supporting old releases in apt -- "404 Not Found"

If you run apt-get update and see the following error then it means you are using a version of Ubuntu that no longer has support.

Err http://us.archive.ubuntu.com jaunty/main Packages
  404 Not Found [IP: 80]

Sometimes you find yourself needing to support an old release of Ubuntu and the original apt repositories are no longer supported or mirrored. Luckily, Ubuntu archives the old repositories at http://old-releases.ubuntu.com/ubuntu/dists/. You will need to update your /etc/apt/source.list file. For example, if you wanted to have access to edgy you would add the following to the top of sources.list:

deb http://old-releases.ubuntu.com/ubuntu/ edgy-updates main restricted
deb http://old-releases.ubuntu.com/ubuntu/ edgy-security main restricted
deb http://old-releases.ubuntu.com/ubuntu/ edgy main restricted
deb http://old-releases.ubuntu.com/ubuntu/ edgy universe
deb http://old-releases.ubuntu.com/ubuntu/ edgy-security universe

You may also find that http://security.ubuntu.com no longer offers support for your versions of Ubuntu. There is nothing much to do about this except remove those lines from your sources.list file.

The following commands will fix this problem.

cp /etc/apt/sources.list /etc/apt/sources.list.orig
sed -i -e 's/\/\/.*\.ubuntu\.com\//\/\/old-releases.ubuntu.com\//' /etc/apt/sources.list
apt-get update

pre-seed dpkg so apt-get and aptitude won't ask you questions when running noninteractive

This shows how to preseed debconf so package managers won't ask you questions or show you warnings or license agreements. In this example the cpuburn package will display a warning that using this tool may damage hardware. You have to respond to the message.

apt-get install debconf-utils
debconf-get-selections | grep cpuburn > cpuburn.seed
# or you can create the seed file directly.
echo "cpuburn cpuburn/dangerous       note" > cpuburn.seed
# Now load the seed data to prevent '''apt-get''' from displaying a warning.
debconf-set-selections ./cpuburn.seed

You can also tell apt-get that you are running noninteractive.

DEBIAN_FRONTEND=noninteractive apt-get --yes --force-yes install cpuburn
# This is how it might be used to install packages on root filesystem that for a virtual machine.
DEBIAN_FRONTEND=noninteractive chroot ${ROOT_MOUNT_POINT} apt-get --yes --force-yes install cpuburn