Thursday, July 16, 2020
Tweak Windows 10 Privacy Settings With Spydish
Grab a copy of Spydish and tweak your Microsoft Windows 10 privacy settings. Take control of your PC.
Wednesday, June 17, 2020
Linking Microsoft Access and DBeaver To Postgres
If your desktop is Microsoft Windows, you may have Microsoft Access already installed. With an ODBC driver, you can link it to Postrgresql running on Linux.
To download the latest ODBC driver, go to https://www.postgresql.org/ftp/odbc/versions/ and choose "msi". Choose the most recent version for your Windows machine. If you don't know if your desktop is AMD or Intel, press the Windows Start button and type Settings. Click on Settings. In the windows that opens, click on Settings --> About. Look at the "Processor" line.
Download the zip file from https://www.postgresql.org/ftp/odbc/versions/msi to your PC.
Unzip or "Extract all" on the file. In this example, the file name is psqlodbc_12_02_0000-x86.
In the new folder, run the psqlodbc file. If Windows intercepts the install, press "More info" and click the button to "Run anyway".
The psqlODBC Setup Wizard should run.
Press the Microsoft Windows Start button and type: ODBC
Choose program "ODBC Data Sources".
Choose Add, then chose Postgresql and press button Finish. Set it up, press button Test, and save it.
In Microsoft Access, create a new blank database.
After creating the database, go to External Data and press New Data Source, From Other Sources, ODBC Database.
Link to the data source.
In the Machine Data Source tab, pick the connection that had just been set up.
Select the tables and press OK.
The table names will be on the left of Microsoft Access. Double-click to open the table data.
Another database management tool is DBeaver. An open source version is available here.
Ubuntu users may install the snap (sudo snap install dbeaver-ce). Microsoft Windows users may install from the Windows Store.
To download the latest ODBC driver, go to https://www.postgresql.org/ftp/odbc/versions/ and choose "msi". Choose the most recent version for your Windows machine. If you don't know if your desktop is AMD or Intel, press the Windows Start button and type Settings. Click on Settings. In the windows that opens, click on Settings --> About. Look at the "Processor" line.
Download the zip file from https://www.postgresql.org/ftp/odbc/versions/msi to your PC.
Unzip or "Extract all" on the file. In this example, the file name is psqlodbc_12_02_0000-x86.
In the new folder, run the psqlodbc file. If Windows intercepts the install, press "More info" and click the button to "Run anyway".
The psqlODBC Setup Wizard should run.
Press the Microsoft Windows Start button and type: ODBC
Choose program "ODBC Data Sources".
Choose Add, then chose Postgresql and press button Finish. Set it up, press button Test, and save it.
In Microsoft Access, create a new blank database.
In the Machine Data Source tab, pick the connection that had just been set up.
Select the tables and press OK.
The table names will be on the left of Microsoft Access. Double-click to open the table data.
Another database management tool is DBeaver. An open source version is available here.
Ubuntu users may install the snap (sudo snap install dbeaver-ce). Microsoft Windows users may install from the Windows Store.
Saturday, June 13, 2020
Install PostgreSQL on Ubuntu 20.04
Let's install a recent version of Postgresql on Ubuntu 20.04. You will need a unix account with sudo privilege. At the end of this post we will do some introductory database commands.
Get familiar with the Linux install:
$ uname -a
Linux d990 5.4.0-37-generic #41-Ubuntu SMP Wed Jun 3 18:57:02 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 20.04 LTS
Release: 20.04
Codename: focal
$ df -k
Filesystem 1K-blocks Used Available Use% Mounted on
udev 8093132 0 8093132 0% /dev
tmpfs 1627360 1260 1626100 1% /run
/dev/sda2 1921800384 30477352 1793631080 2% /
tmpfs 8136796 0 8136796 0% /dev/shm
tmpfs 5120 0 5120 0% /run/lock
tmpfs 8136796 0 8136796 0% /sys/fs/cgroup
/dev/loop0 160000 160000 0 100% /snap/chromium/1165
/dev/loop2 56320 56320 0 100% /snap/core18/1754
/dev/loop3 63616 63616 0 100% /snap/gtk-common-themes/1506
/dev/loop1 56320 56320 0 100% /snap/core18/1705
/dev/loop7 27776 27776 0 100% /snap/snapd/7264
/dev/loop6 71040 71040 0 100% /snap/lxd/15457
/dev/loop4 160000 160000 0 100% /snap/chromium/1182
/dev/loop5 31104 31104 0 100% /snap/snapd/7777
/dev/loop8 71040 71040 0 100% /snap/lxd/15359
tmpfs 1627356 8 1627348 1% /run/user/1004
Update Ubuntu Linux:
$ sudo apt-get update
$ sudo apt-get upgrade
Read these instructions to set up apt to get the recent Postgresql release. Simply follow-along with the instructions from the link.
Look at the new unix account "postgres". Note it does have a password to log in to unix:
$ cat /etc/group|tail -1
postgres:x:118:
$ cat /etc/passwd|tail -1
postgres:x:112:118:PostgreSQL administrator,,,:/var/lib/postgresql:/bin/bash
$ sudo grep postgres /etc/shadow
postgres:*:18427:0:99999:7:::
Look at what is running:
$ ps -fu postgres
UID PID PPID C STIME TTY TIME CMD
postgres 148055 1 0 21:06 ? 00:00:00 /usr/lib/postgresql/12/bin/postgres -D /var/lib/po
postgres 148060 148055 0 21:06 ? 00:00:00 postgres: 12/main: checkpointer
postgres 148061 148055 0 21:06 ? 00:00:00 postgres: 12/main: background writer
postgres 148062 148055 0 21:06 ? 00:00:00 postgres: 12/main: walwriter
postgres 148063 148055 0 21:06 ? 00:00:00 postgres: 12/main: autovacuum launcher
postgres 148064 148055 0 21:06 ? 00:00:00 postgres: 12/main: stats collector
postgres 148065 148055 0 21:06 ? 00:00:00 postgres: 12/main: logical replication launcher
postgres 149432 149431 0 21:16 pts/1 00:00:00 -bash
Check the service manager to see if the database startup is automated:
$ systemctl status postgresql
● postgresql.service - PostgreSQL RDBMS
Loaded: loaded (/lib/systemd/system/postgresql.service; enabled; vendor preset: enabled)
Active: active (exited) since Sat 2020-06-13 21:06:29 MDT; 14h ago
Main PID: 147715 (code=exited, status=0/SUCCESS)
Tasks: 0 (limit: 18968)
Memory: 0B
CGroup: /system.slice/postgresql.service
To allow connections from outside the machine, edit the postgresql.conf file and add a line for listen_addresses. Then restart postgresql.
$ grep listen /etc/postgresql/12/main/postgresql.conf
listen_addresses = '*'
You may also need to edit pg_hba.conf, to allow connections from outside the machine.
Software versions:
$ psql -V
psql (PostgreSQL) 12.3 (Ubuntu 12.3-1.pgdg20.04+1)
Let's create a database, list the databases, create a table with a couple rows, and select from the table. From unix command-line, connect via psql:
$ psql
psql (12.3 (Ubuntu 12.3-1.pgdg20.04+1))
Type "help" for help.
postgres=# create database datadb;
CREATE DATABASE
postgres=# \l
List of databases
Name | Owner | Encoding | Collate | Ctype | Access privileges
-----------+----------+----------+-------------+-------------+-----------------------
datadb | postgres | UTF8 | en_US.UTF-8 | en_US.UTF-8 |
postgres | postgres | UTF8 | en_US.UTF-8 | en_US.UTF-8 |
template0 | postgres | UTF8 | en_US.UTF-8 | en_US.UTF-8 | =c/postgres +
| | | | | postgres=CTc/postgres
template1 | postgres | UTF8 | en_US.UTF-8 | en_US.UTF-8 | =c/postgres +
| | | | | postgres=CTc/postgres
(4 rows)
postgres=# \c datadb
You are now connected to database "datadb" as user "postgres".
datadb=# create table testtable (columna text not null, columnb int not null);
CREATE TABLE
datadb=# insert into testtable values ('insertrowone', 1);
INSERT 0 1
datadb=# insert into testtable values ('insertrowtwo', 2);
INSERT 0 1
datadb=# select * from testtable;
columna | columnb
--------------+---------
insertrowone | 1
insertrowtwo | 2
(2 rows)
datadb=# \q
Get familiar with the Linux install:
$ uname -a
Linux d990 5.4.0-37-generic #41-Ubuntu SMP Wed Jun 3 18:57:02 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 20.04 LTS
Release: 20.04
Codename: focal
$ df -k
Filesystem 1K-blocks Used Available Use% Mounted on
udev 8093132 0 8093132 0% /dev
tmpfs 1627360 1260 1626100 1% /run
/dev/sda2 1921800384 30477352 1793631080 2% /
tmpfs 8136796 0 8136796 0% /dev/shm
tmpfs 5120 0 5120 0% /run/lock
tmpfs 8136796 0 8136796 0% /sys/fs/cgroup
/dev/loop0 160000 160000 0 100% /snap/chromium/1165
/dev/loop2 56320 56320 0 100% /snap/core18/1754
/dev/loop3 63616 63616 0 100% /snap/gtk-common-themes/1506
/dev/loop1 56320 56320 0 100% /snap/core18/1705
/dev/loop7 27776 27776 0 100% /snap/snapd/7264
/dev/loop6 71040 71040 0 100% /snap/lxd/15457
/dev/loop4 160000 160000 0 100% /snap/chromium/1182
/dev/loop5 31104 31104 0 100% /snap/snapd/7777
/dev/loop8 71040 71040 0 100% /snap/lxd/15359
tmpfs 1627356 8 1627348 1% /run/user/1004
Update Ubuntu Linux:
$ sudo apt-get update
$ sudo apt-get upgrade
Read these instructions to set up apt to get the recent Postgresql release. Simply follow-along with the instructions from the link.
# Create the file repository configuration: sudo sh -c 'echo "deb http://apt.postgresql.org/pub/repos/apt $(lsb_release -cs)-pgdg main" > /etc/apt/sources.list.d/pgdg.list' # Import the repository signing key: wget --quiet -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc | sudo apt-key add - # Update the package lists: sudo apt-get update # Install the latest version of PostgreSQL. # If you want a specific version, use 'postgresql-12' or similar instead of 'postgresql': sudo apt-get install postgresql
The command "install postgresql" will run for a minute or two. It should end with:
Success. You can now start the database server using:
pg_ctlcluster 12 main start
pg_ctlcluster 12 main start
Look at the new unix account "postgres". Note it does have a password to log in to unix:
$ cat /etc/group|tail -1
postgres:x:118:
$ cat /etc/passwd|tail -1
postgres:x:112:118:PostgreSQL administrator,,,:/var/lib/postgresql:/bin/bash
$ sudo grep postgres /etc/shadow
postgres:*:18427:0:99999:7:::
Look at what is running:
$ ps -fu postgres
UID PID PPID C STIME TTY TIME CMD
postgres 148055 1 0 21:06 ? 00:00:00 /usr/lib/postgresql/12/bin/postgres -D /var/lib/po
postgres 148060 148055 0 21:06 ? 00:00:00 postgres: 12/main: checkpointer
postgres 148061 148055 0 21:06 ? 00:00:00 postgres: 12/main: background writer
postgres 148062 148055 0 21:06 ? 00:00:00 postgres: 12/main: walwriter
postgres 148063 148055 0 21:06 ? 00:00:00 postgres: 12/main: autovacuum launcher
postgres 148064 148055 0 21:06 ? 00:00:00 postgres: 12/main: stats collector
postgres 148065 148055 0 21:06 ? 00:00:00 postgres: 12/main: logical replication launcher
postgres 149432 149431 0 21:16 pts/1 00:00:00 -bash
Check the service manager to see if the database startup is automated:
$ systemctl status postgresql
● postgresql.service - PostgreSQL RDBMS
Loaded: loaded (/lib/systemd/system/postgresql.service; enabled; vendor preset: enabled)
Active: active (exited) since Sat 2020-06-13 21:06:29 MDT; 14h ago
Main PID: 147715 (code=exited, status=0/SUCCESS)
Tasks: 0 (limit: 18968)
Memory: 0B
CGroup: /system.slice/postgresql.service
To allow connections from outside the machine, edit the postgresql.conf file and add a line for listen_addresses. Then restart postgresql.
$ grep listen /etc/postgresql/12/main/postgresql.conf
listen_addresses = '*'
You may also need to edit pg_hba.conf, to allow connections from outside the machine.
Software versions:
$ psql -V
psql (PostgreSQL) 12.3 (Ubuntu 12.3-1.pgdg20.04+1)
Let's create a database, list the databases, create a table with a couple rows, and select from the table. From unix command-line, connect via psql:
$ psql
psql (12.3 (Ubuntu 12.3-1.pgdg20.04+1))
Type "help" for help.
postgres=# create database datadb;
CREATE DATABASE
postgres=# \l
List of databases
Name | Owner | Encoding | Collate | Ctype | Access privileges
-----------+----------+----------+-------------+-------------+-----------------------
datadb | postgres | UTF8 | en_US.UTF-8 | en_US.UTF-8 |
postgres | postgres | UTF8 | en_US.UTF-8 | en_US.UTF-8 |
template0 | postgres | UTF8 | en_US.UTF-8 | en_US.UTF-8 | =c/postgres +
| | | | | postgres=CTc/postgres
template1 | postgres | UTF8 | en_US.UTF-8 | en_US.UTF-8 | =c/postgres +
| | | | | postgres=CTc/postgres
(4 rows)
postgres=# \c datadb
You are now connected to database "datadb" as user "postgres".
datadb=# create table testtable (columna text not null, columnb int not null);
CREATE TABLE
datadb=# insert into testtable values ('insertrowone', 1);
INSERT 0 1
datadb=# insert into testtable values ('insertrowtwo', 2);
INSERT 0 1
datadb=# select * from testtable;
columna | columnb
--------------+---------
insertrowone | 1
insertrowtwo | 2
(2 rows)
datadb=# \q
Sunday, May 10, 2020
Ubuntu Linux High CPU For Swap Process
What do you do if you just installed a fresh Ubuntu 20.04 server, and after installing some packages with "apt" you notice high CPU usage from the swap process?
If "top" shows kswapd0 persistently using high CPU, and "freemem -d" and swap are ok, you can try to adjust the swappiness in file sysctl.conf and reboot.
$ cat /proc/sys/vm/swappiness
60
$ sudo vi /etc/sysctl.conf
$ cat /etc/sysctl.conf | grep vm
vm.swappiness=10
Changing swappiness didn't fix this problem of high CPU usage. Let's dig deep.
$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 20.04 LTS
Release: 20.04
Codename: focal
install@d990 ~ $ uname -a
Linux d990 5.4.0-29-generic #33-Ubuntu SMP Wed Apr 29 14:32:27 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
Look closely at "top" output.
$ top
top - 19:03:26 up 7 min, 3 users, load average: 3.09, 2.72, 1.44
Tasks: 132 total, 1 running, 131 sleeping, 0 stopped, 0 zombie
%Cpu(s): 76.3 us, 0.4 sy, 0.0 ni, 23.2 id, 0.1 wa, 0.0 hi, 0.0 si, 0.0 st
MiB Mem : 15892.2 total, 10206.3 free, 4412.8 used, 1273.1 buff/cache
MiB Swap: 4096.0 total, 4096.0 free, 0.0 used. 11199.7 avail Mem
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
1071 kevin 20 0 2435108 2.3g 1480 S 300.0 14.7 20:50.80 kswapd0 1147 minec 20 0 7861400 1.9g 28544 S 6.6 11.9 1:54.40 java
1 root 20 0 167604 11524 8368 S 0.0 0.1 0:00.98 systemd
2 root 20 0 0 0 0 S 0.0 0.0 0:00.00 kthreadd
3 root 0 -20 0 0 0 I 0.0 0.0 0:00.00 rcu_gp
4 root 0 -20 0 0 0 I 0.0 0.0 0:00.00 rcu_par+
6 root 0 -20 0 0 0 I 0.0 0.0 0:00.00 kworker+
8 root 0 -20 0 0 0 I 0.0 0.0 0:00.00 mm_perc+
9 root 20 0 0 0 0 S 0.0 0.0 0:00.01 ksoftir+
10 root 20 0 0 0 0 I 0.0 0.0 0:00.13 rcu_sch+
11 root rt 0 0 0 0 S 0.0 0.0 0:00.00 migrati+
12 root -51 0 0 0 0 S 0.0 0.0 0:00.00 idle_in+
13 root 20 0 0 0 0 I 0.0 0.0 0:00.01 kworker+
14 root 20 0 0 0 0 S 0.0 0.0 0:00.00 cpuhp/0
15 root 20 0 0 0 0 S 0.0 0.0 0:00.00 cpuhp/1
16 root -51 0 0 0 0 S 0.0 0.0 0:00.00 idle_in+
17 root rt 0 0 0 0 S 0.0 0.0 0:00.14 migrati+
$ top -u kevin
top - 19:03:59 up 8 min, 3 users, load average: 3.05, 2.75, 1.49
Tasks: 132 total, 1 running, 131 sleeping, 0 stopped, 0 zombie
%Cpu(s): 76.3 us, 0.3 sy, 0.0 ni, 23.1 id, 0.3 wa, 0.0 hi, 0.0 si, 0.0 st
MiB Mem : 15892.2 total, 10205.5 free, 4413.5 used, 1273.2 buff/cache
MiB Swap: 4096.0 total, 4096.0 free, 0.0 used. 11199.0 avail Mem
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
1071 kevin 20 0 2435108 2.3g 1480 S 300.3 14.7 22:28.66 kswapd0
1015 kevin 20 0 14368 6760 2800 S 0.0 0.0 0:00.00 rsync
Why is kevin in charge of swap? Kevin has yet to log in to the system.
$ last kevin
wtmp begins Sat May 9 18:16:21 2020
$ groups kevin
kevin : kevin
$ sudo grep kevin /etc/sudoers
$ ps -fu kevin
UID PID PPID C STIME TTY TIME CMD
kevin 1015 1 0 18:56 ? 00:00:00 rsync
kevin 1071 1 99 18:56 ? 00:11:53 ./kswapd0
We know kevin has not logged in, is only in his own group, and does not have sudo. This was the most recent account we created on the machine.
$ tail -1 /etc/passwd
kevin:x:1005:1004:,,,,novice tech learner:/home/kevin:/bin/bash
Comment out the entry in the passwd file.
$ tail -1 /etc/passwd
kevin:x:1005:1004:,,,,novice tech learner:/home/kevin:/bin/bash
$ sudo vi /etc/passwd
$ tail -1 /etc/passwd
#kevin:x:1005:1004:,,,,novice tech learner:/home/kevin:/bin/bash
Run top, and it won't know the "kevin" username for uid 1005. It is still consuming CPU.
$ top
top - 19:08:43 up 13 min, 3 users, load average: 3.13, 2.96, 1.92
Tasks: 130 total, 1 running, 129 sleeping, 0 stopped, 0 zombie
%Cpu(s): 76.2 us, 0.6 sy, 0.0 ni, 23.0 id, 0.3 wa, 0.0 hi, 0.0 si, 0.0 st
MiB Mem : 15892.2 total, 10198.5 free, 4413.8 used, 1279.9 buff/cache
MiB Swap: 4096.0 total, 4096.0 free, 0.0 used. 11198.6 avail Mem
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
1071 1005 20 0 2435108 2.3g 1480 S 300.7 14.7 36:40.32 kswapd0
1147 minec 20 0 7861400 1.9g 28544 S 6.7 11.9 2:14.81 java
375 root 20 0 0 0 0 S 0.3 0.0 0:00.01 jbd2/sd+
1 root 20 0 167604 11524 8368 S 0.0 0.1 0:01.00 systemd
2 root 20 0 0 0 0 S 0.0 0.0 0:00.00 kthreadd
3 root 0 -20 0 0 0 I 0.0 0.0 0:00.00 rcu_gp
4 root 0 -20 0 0 0 I 0.0 0.0 0:00.00 rcu_par+
6 root 0 -20 0 0 0 I 0.0 0.0 0:00.00 kworker+
8 root 0 -20 0 0 0 I 0.0 0.0 0:00.00 mm_perc+
With the passwd entry for kevin commented out, let's reboot and observe what happens.
$ sudo systemctl reboot
$ top
top - 19:14:04 up 1 min, 1 user, load average: 1.35, 0.61, 0.23
Tasks: 138 total, 1 running, 137 sleeping, 0 stopped, 0 zombie
%Cpu(s): 0.3 us, 0.4 sy, 0.0 ni, 99.3 id, 0.0 wa, 0.0 hi, 0.0 si, 0.0 st
MiB Mem : 15892.2 total, 12795.1 free, 1850.3 used, 1246.8 buff/cache
MiB Swap: 4096.0 total, 4096.0 free, 0.0 used. 13763.3 avail Mem
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
898 minec 20 0 7861400 1.7g 28288 S 6.3 10.7 1:20.07 java
156 root 20 0 0 0 0 I 0.3 0.0 0:00.16 kworker+
443 root 19 -1 133560 61216 60108 S 0.3 0.4 0:00.61 systemd+
1206 root 20 0 13416 8268 7096 S 0.3 0.1 0:00.01 sshd
1207 sshd 20 0 12160 4616 3708 S 0.3 0.0 0:00.01 sshd
1 root 20 0 167744 11508 8440 S 0.0 0.1 0:03.25 systemd
2 root 20 0 0 0 0 S 0.0 0.0 0:00.00 kthreadd
3 root 0 -20 0 0 0 I 0.0 0.0 0:00.00 rcu_gp
4 root 0 -20 0 0 0 I 0.0 0.0 0:00.00 rcu_par+
Let's remove the kevin account properly. Uncomment the line in /etc/passwd and delete the account.
$ sudo vi /etc/passwd
$ sudo userdel -r kevin
$ grep kevin /etc/passwd
$ uptime
19:15:53 up 3 min, 1 user, load average: 0.21, 0.42, 0.20
Reboot and look for normal functioning.
$ sudo systemctl reboot
If "top" shows kswapd0 persistently using high CPU, and "freemem -d" and swap are ok, you can try to adjust the swappiness in file sysctl.conf and reboot.
$ cat /proc/sys/vm/swappiness
60
$ sudo vi /etc/sysctl.conf
$ cat /etc/sysctl.conf | grep vm
vm.swappiness=10
Changing swappiness didn't fix this problem of high CPU usage. Let's dig deep.
$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 20.04 LTS
Release: 20.04
Codename: focal
install@d990 ~ $ uname -a
Linux d990 5.4.0-29-generic #33-Ubuntu SMP Wed Apr 29 14:32:27 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
Look closely at "top" output.
$ top
top - 19:03:26 up 7 min, 3 users, load average: 3.09, 2.72, 1.44
Tasks: 132 total, 1 running, 131 sleeping, 0 stopped, 0 zombie
%Cpu(s): 76.3 us, 0.4 sy, 0.0 ni, 23.2 id, 0.1 wa, 0.0 hi, 0.0 si, 0.0 st
MiB Mem : 15892.2 total, 10206.3 free, 4412.8 used, 1273.1 buff/cache
MiB Swap: 4096.0 total, 4096.0 free, 0.0 used. 11199.7 avail Mem
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
1071 kevin 20 0 2435108 2.3g 1480 S 300.0 14.7 20:50.80 kswapd0 1147 minec 20 0 7861400 1.9g 28544 S 6.6 11.9 1:54.40 java
1 root 20 0 167604 11524 8368 S 0.0 0.1 0:00.98 systemd
2 root 20 0 0 0 0 S 0.0 0.0 0:00.00 kthreadd
3 root 0 -20 0 0 0 I 0.0 0.0 0:00.00 rcu_gp
4 root 0 -20 0 0 0 I 0.0 0.0 0:00.00 rcu_par+
6 root 0 -20 0 0 0 I 0.0 0.0 0:00.00 kworker+
8 root 0 -20 0 0 0 I 0.0 0.0 0:00.00 mm_perc+
9 root 20 0 0 0 0 S 0.0 0.0 0:00.01 ksoftir+
10 root 20 0 0 0 0 I 0.0 0.0 0:00.13 rcu_sch+
11 root rt 0 0 0 0 S 0.0 0.0 0:00.00 migrati+
12 root -51 0 0 0 0 S 0.0 0.0 0:00.00 idle_in+
13 root 20 0 0 0 0 I 0.0 0.0 0:00.01 kworker+
14 root 20 0 0 0 0 S 0.0 0.0 0:00.00 cpuhp/0
15 root 20 0 0 0 0 S 0.0 0.0 0:00.00 cpuhp/1
16 root -51 0 0 0 0 S 0.0 0.0 0:00.00 idle_in+
17 root rt 0 0 0 0 S 0.0 0.0 0:00.14 migrati+
$ top -u kevin
top - 19:03:59 up 8 min, 3 users, load average: 3.05, 2.75, 1.49
Tasks: 132 total, 1 running, 131 sleeping, 0 stopped, 0 zombie
%Cpu(s): 76.3 us, 0.3 sy, 0.0 ni, 23.1 id, 0.3 wa, 0.0 hi, 0.0 si, 0.0 st
MiB Mem : 15892.2 total, 10205.5 free, 4413.5 used, 1273.2 buff/cache
MiB Swap: 4096.0 total, 4096.0 free, 0.0 used. 11199.0 avail Mem
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
1071 kevin 20 0 2435108 2.3g 1480 S 300.3 14.7 22:28.66 kswapd0
1015 kevin 20 0 14368 6760 2800 S 0.0 0.0 0:00.00 rsync
Why is kevin in charge of swap? Kevin has yet to log in to the system.
$ last kevin
wtmp begins Sat May 9 18:16:21 2020
$ groups kevin
kevin : kevin
$ sudo grep kevin /etc/sudoers
$ ps -fu kevin
UID PID PPID C STIME TTY TIME CMD
kevin 1015 1 0 18:56 ? 00:00:00 rsync
kevin 1071 1 99 18:56 ? 00:11:53 ./kswapd0
We know kevin has not logged in, is only in his own group, and does not have sudo. This was the most recent account we created on the machine.
$ tail -1 /etc/passwd
kevin:x:1005:1004:,,,,novice tech learner:/home/kevin:/bin/bash
Comment out the entry in the passwd file.
$ tail -1 /etc/passwd
kevin:x:1005:1004:,,,,novice tech learner:/home/kevin:/bin/bash
$ sudo vi /etc/passwd
$ tail -1 /etc/passwd
#kevin:x:1005:1004:,,,,novice tech learner:/home/kevin:/bin/bash
Run top, and it won't know the "kevin" username for uid 1005. It is still consuming CPU.
$ top
top - 19:08:43 up 13 min, 3 users, load average: 3.13, 2.96, 1.92
Tasks: 130 total, 1 running, 129 sleeping, 0 stopped, 0 zombie
%Cpu(s): 76.2 us, 0.6 sy, 0.0 ni, 23.0 id, 0.3 wa, 0.0 hi, 0.0 si, 0.0 st
MiB Mem : 15892.2 total, 10198.5 free, 4413.8 used, 1279.9 buff/cache
MiB Swap: 4096.0 total, 4096.0 free, 0.0 used. 11198.6 avail Mem
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
1071 1005 20 0 2435108 2.3g 1480 S 300.7 14.7 36:40.32 kswapd0
1147 minec 20 0 7861400 1.9g 28544 S 6.7 11.9 2:14.81 java
375 root 20 0 0 0 0 S 0.3 0.0 0:00.01 jbd2/sd+
1 root 20 0 167604 11524 8368 S 0.0 0.1 0:01.00 systemd
2 root 20 0 0 0 0 S 0.0 0.0 0:00.00 kthreadd
3 root 0 -20 0 0 0 I 0.0 0.0 0:00.00 rcu_gp
4 root 0 -20 0 0 0 I 0.0 0.0 0:00.00 rcu_par+
6 root 0 -20 0 0 0 I 0.0 0.0 0:00.00 kworker+
8 root 0 -20 0 0 0 I 0.0 0.0 0:00.00 mm_perc+
With the passwd entry for kevin commented out, let's reboot and observe what happens.
$ sudo systemctl reboot
$ top
top - 19:14:04 up 1 min, 1 user, load average: 1.35, 0.61, 0.23
Tasks: 138 total, 1 running, 137 sleeping, 0 stopped, 0 zombie
%Cpu(s): 0.3 us, 0.4 sy, 0.0 ni, 99.3 id, 0.0 wa, 0.0 hi, 0.0 si, 0.0 st
MiB Mem : 15892.2 total, 12795.1 free, 1850.3 used, 1246.8 buff/cache
MiB Swap: 4096.0 total, 4096.0 free, 0.0 used. 13763.3 avail Mem
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
898 minec 20 0 7861400 1.7g 28288 S 6.3 10.7 1:20.07 java
156 root 20 0 0 0 0 I 0.3 0.0 0:00.16 kworker+
443 root 19 -1 133560 61216 60108 S 0.3 0.4 0:00.61 systemd+
1206 root 20 0 13416 8268 7096 S 0.3 0.1 0:00.01 sshd
1207 sshd 20 0 12160 4616 3708 S 0.3 0.0 0:00.01 sshd
1 root 20 0 167744 11508 8440 S 0.0 0.1 0:03.25 systemd
2 root 20 0 0 0 0 S 0.0 0.0 0:00.00 kthreadd
3 root 0 -20 0 0 0 I 0.0 0.0 0:00.00 rcu_gp
4 root 0 -20 0 0 0 I 0.0 0.0 0:00.00 rcu_par+
Let's remove the kevin account properly. Uncomment the line in /etc/passwd and delete the account.
$ sudo vi /etc/passwd
$ sudo userdel -r kevin
$ grep kevin /etc/passwd
$ uptime
19:15:53 up 3 min, 1 user, load average: 0.21, 0.42, 0.20
Reboot and look for normal functioning.
$ sudo systemctl reboot
Install Ubuntu 20.04 Server
The server version of Ubuntu had previously been tuned for server-oriented workloads. This is reportedly no longer the case, so a primary difference between Ubuntu 20 server and desktop is that server lacks a graphical user interface.
Download an image from the Ubuntu releases page. Most everything is 64 bit. Note that "AMD" means it works on the AMD and Intel instruction sets. You can use the AMD64 image on a modern Intel CPU.
Burn the image to a DVD or other mountable storage. Boot the machine from the storage. This install will use hard-wired Ethernet and a static IP address. If you have a real (typically non-consumer internet service) domain name, use that as the "search domain".
Disable printing of Ubuntu newswire during shell logon.
Download an image from the Ubuntu releases page. Most everything is 64 bit. Note that "AMD" means it works on the AMD and Intel instruction sets. You can use the AMD64 image on a modern Intel CPU.
Burn the image to a DVD or other mountable storage. Boot the machine from the storage. This install will use hard-wired Ethernet and a static IP address. If you have a real (typically non-consumer internet service) domain name, use that as the "search domain".
This is a server install, so maybe you do not want "games" in your search path. Backup the "environment" file then remove the games directory from the search path.
$ sudo mv /etc/environment /etc/environment.orig
$ sudo vi /etc/environment
$ cat /etc/environment
PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
Modify the shell login files in your home directory.
$ cd ~
$ cp -p .bashrc .bashrc.orig
$ mv .profile .profile.orig
$ mv .bashrc .bash_profile
Remove colorization by setting TERM environment variable in .bash_profile.
$ echo $TERM
xterm-256color
$ export TERM=xterm-mono
Edit .bash_profile and put in a bit of color to the command prompt variable PS1.
$ grep 033 ~/.bash_profile
PS1='\[\033[01;32m\]\u@\h\[\033[00m\] \w \$ '
Put the present working directory at the end of the PATH variable. Add this to file .bash_profile.
export PATH=$PATH:.
Remove shell's suggestions for a mis-typed command. Add this to file .bash_profile.
unset command_not_found_handle
Then "source" the login files or simply log out and log in again.
$ ./.bash_profile
Get familiar with the install and the machine.
$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 20.04 LTS
Release: 20.04
Codename: focal
$ uname -a
Linux d990 5.4.0-26-generic #30-Ubuntu SMP Mon Apr 20 16:58:30 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
$ lspci
00:00.0 Host bridge: Intel Corporation 2nd Generation Core Processor Family DRAM Controller (rev 09)
00:02.0 VGA compatible controller: Intel Corporation 2nd Generation Core Processor Family Integrated Graphics Controller (rev 09)
00:16.0 Communication controller: Intel Corporation 6 Series/C200 Series Chipset Family MEI Controller #1 (rev 04)
00:16.3 Serial controller: Intel Corporation 6 Series/C200 Series Chipset Family KT Controller (rev 04)
00:19.0 Ethernet controller: Intel Corporation 82579LM Gigabit Network Connection (Lewisville) (rev 04)
00:1a.0 USB controller: Intel Corporation 6 Series/C200 Series Chipset Family USB Enhanced Host Controller #2 (rev 04)
00:1b.0 Audio device: Intel Corporation 6 Series/C200 Series Chipset Family High Definition Audio Controller (rev 04)
00:1c.0 PCI bridge: Intel Corporation 6 Series/C200 Series Chipset Family PCI Express Root Port 1 (rev b4)
00:1c.2 PCI bridge: Intel Corporation 6 Series/C200 Series Chipset Family PCI Express Root Port 3 (rev b4)
00:1d.0 USB controller: Intel Corporation 6 Series/C200 Series Chipset Family USB Enhanced Host Controller #1 (rev 04)
00:1e.0 PCI bridge: Intel Corporation 82801 PCI Bridge (rev a4)
00:1f.0 ISA bridge: Intel Corporation Q67 Express Chipset LPC Controller (rev 04)
00:1f.2 RAID bus controller: Intel Corporation SATA Controller [RAID mode] (rev 04)
00:1f.3 SMBus: Intel Corporation 6 Series/C200 Series Chipset Family SMBus Controller (rev 04)
$ df -k
Filesystem 1K-blocks Used Available Use% Mounted on
udev 8093172 0 8093172 0% /dev
tmpfs 1627360 1204 1626156 1% /run
/dev/sda2 1921800384 9591096 1814517336 1% /
tmpfs 8136796 0 8136796 0% /dev/shm
tmpfs 5120 0 5120 0% /run/lock
tmpfs 8136796 0 8136796 0% /sys/fs/cgroup
/dev/loop0 27776 27776 0 100% /snap/snapd/7264
/dev/loop1 56320 56320 0 100% /snap/core18/1705
/dev/loop2 70656 70656 0 100% /snap/lxd/14804
tmpfs 1627356 0 1627356 0% /run/user/1000
Familiarize yourself with the network configuration.
$ ls -l /etc/netplan
total 4
-rw-r--r-- 1 root root 280 May 10 00:03 00-installer-config.yaml
$ cat /etc/netplan/00-installer-config.yaml
# This is the network config written by 'subiquity'
network:
ethernets:
enp0s25:
addresses:
- 192.168.0.9/24
gateway4: 192.168.0.1
nameservers:
addresses:
- 1.1.1.1
- 8.8.8.8
search:
- duckdns.org
version: 2
Look at the syslog.
$ sudo tail /var/log/syslog
Look at the running processes, then look at running services.
$ ps -ef | more
$ systemctl list-units --all --type=service --no-pager
Let's remove a service we don't want automatically started, and one we don't need.
$ sudo systemctl stop rsync
$ sudo systemctl disable rsync
$ systemctl status vgauth
● vgauth.service - Authentication service for virtual machines hosted on VMware
Loaded: loaded (/lib/systemd/system/vgauth.service; enabled; vendor preset: enabled)
Active: inactive (dead)
Condition: start condition failed at Sun 2020-05-10 00:16:27 UTC; 2h 30min ago
Docs: http://github.com/vmware/open-vm-tools
May 10 00:16:27 d990 systemd[1]: Condition check resulted in Authentication service for virtual machines hosted on VMware being skipped.
$ sudo systemctl stop vgauth
$ sudo systemctl disable vgauth
$ systemctl status open-vm-tools
● open-vm-tools.service - Service for virtual machines hosted on VMware
Loaded: loaded (/lib/systemd/system/open-vm-tools.service; enabled; vendor preset: enabled)
Active: inactive (dead)
Condition: start condition failed at Sun 2020-05-10 02:56:23 UTC; 3min 54s ago
Docs: http://open-vm-tools.sourceforge.net/about.php
May 10 02:56:23 d990 systemd[1]: Condition check resulted in Service for virtual machines hosted on VMware being skipped.
$ sudo systemctl stop open-vm-tools
[sudo] password for install:
$ sudo systemctl disable open-vm-tools
Synchronizing state of open-vm-tools.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install disable open-vm-tools
Removed /etc/systemd/system/multi-user.target.wants/open-vm-tools.service.
$ systemctl status open-vm-tools
● open-vm-tools.service - Service for virtual machines hosted on VMware
Loaded: loaded (/lib/systemd/system/open-vm-tools.service; indirect; vendor preset: enabled)
Active: inactive (dead)
Docs: http://open-vm-tools.sourceforge.net/about.php
May 10 02:56:23 d990 systemd[1]: Condition check resulted in Service for virtual machines hosted on VMware being skipped.
This is a server machine, so we don't need this process attaching to a sound card.
$ apt list pulseaudio
Listing... Done
pulseaudio/focal-updates 1:13.99.1-1ubuntu3.5 amd64 [upgradable from: 1:13.99.1-1ubuntu3.3]
N: There are 3 additional versions. Please use the '-a' switch to see them.
$ sudo apt remove pulseaudio
Since this is a server install, the majority of the time it will be accessed remotely. A person using an X display may want to work with images, so install an image viewer such as eog.
$ sudo apt install eog
$ sudo chmod -x /etc/update-motd.d/50-motd-news
Note the firewall is not active.
$ sudo ufw status
Status: inactive
Install software updates. You may need to reboot the machine to apply all software updates.
$ sudo apt update
$ sudo apt upgrade
$ sudo systemctl reboot
Familiarize yourself with users and groups.
$ cat /etc/passwd
$ cat /etc/group
Put in users and groups.
$ sudo addgroup minecrft
Adding group `minecrft' (GID 1001) ...
Done.
$ sudo adduser minec --ingroup minecrft
Adding user `minec' ...
Adding new user `minec' (1001) with group `minecrft' ...
On a consumer-type internet connection, you may want to configure a dynamic DNS service such as DuckDNS. Create the user, get your information from duckdns.org, then configure software.
$ sudo addgroup duckdns
$ sudo adduser duckdns --ingroup duckdns
Read this to configure the software and crontab entry for duckdns.
Let's change the time zone to Amsterdam.
$ cat /etc/timezone
Etc/UTC
$ timedatectl
Local time: Sun 2020-05-10 19:12:56 UTC
Universal time: Sun 2020-05-10 19:12:56 UTC
RTC time: Sun 2020-05-10 19:12:56
Time zone: Etc/UTC (UTC, +0000)
System clock synchronized: yes
NTP service: active
RTC in local TZ: no
$ timedatectl list-timezones | grep -i ams
Europe/Amsterdam
$ sudo timedatectl set-timezone Europe/Amsterdam
$ cat /etc/timezone
Europe/Amsterdam
$ timedatectl
Local time: Sun 2020-05-10 21:14:02 CEST
Universal time: Sun 2020-05-10 19:14:02 UTC
RTC time: Sun 2020-05-10 19:14:02
Time zone: Europe/Amsterdam (CEST, +0200)
System clock synchronized: yes
NTP service: active
RTC in local TZ: no
While we could try to disable the cloud initialization with
$ touch /etc/cloud/cloud-init-disabled
Let's remove it.
$ sudo apt remove cloud-init
Optionally, install X server.
$ sudo apt install tightvncserver
$ sudo apt install xterm
Then configure your .Xresources file.
Optionally, install javascript runtime via apt.
$ sudo apt install nodejs
$ which node
/usr/bin/nodejs
$ nodejs --version
v10.19.0
$ sudo apt install chromium-browser
$ which chromium-browser
/usr/bin/chromium-browser
Optionally, upgrade the node software.
$ curl -sL https://deb.nodesource.com/setup_12.x | sudo -E bash -
$ sudo apt install nodejs
$ which node
/usr/bin/node
$ node -v
v12.16.3
$ npm -v
6.14.4
Anyone editing files with vim (vi is typically vim) may want to learn the basics of the .vimrc startup file.
$ cat ~/.vimrc
syntax off
set showmatch
set hlsearch
set matchpairs+=<:>,(:),{:},[:]
:nmap <F1> <nop>
For a graphical editor, install nedit.
$ sudo apt install nedit
Familiarize yourself with memory and disk space, network interfaces and networking, and how the machine is running. Review the output from the following commands.
Since ifconfig is deprecated, use the ip command. Instead of traceroute, use the mtr command.
$ free -m
$ df -k
$ sudo lshw
$ landscape-sysinfo
$ top
$ htop
$ ip a
$ mtr wunderground.com
__________________________________________________________
Update of this blog post with more readable explanation of network settings to be used during install from the console. These examples use IP address 192.168.0.6.
$ ls -l /etc/netplan
total 4
-rw-r--r-- 1 root root 260 Oct 16 21:13 00-installer-config.yaml
$ cat /etc/netplan/*
# This is the network config written by 'subiquity'
network:
ethernets:
enp5s0:
addresses:
- 192.168.0.6/24
gateway4: 192.168.0.1
nameservers:
addresses:
- 1.1.1.1
- 8.8.8.8
search: []
version: 2
$ ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: enp5s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether bc:30:5b:e7:a4:f9 brd ff:ff:ff:ff:ff:ff
inet 192.168.0.6/24 brd 192.168.0.255 scope global enp5s0
valid_lft forever preferred_lft forever
inet6 fe80::be30:5bff:fee7:a4f9/64 scope link
valid_lft forever preferred_lft forever
Sunday, April 26, 2020
Install Apache On Ubuntu Linux
Install the Apache web server on Ubuntu Linux. You will need to be able to install software and start services, so this example uses a Linux account with full sudo. In this example the Linux user name is "testuser".
$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 18.04.4 LTS
Release: 18.04
Codename: bionic
$ hostname -I
192.168.0.9
$ sudo ufw status
Status: inactive
# Update package list and install Apache.
$ sudo apt update
...
Fetched 2,854 kB in 2s (1,395 kB/s)
Reading package lists... Done
Building dependency tree
Reading state information... Done
All packages are up to date.
$ sudo apt install apache2
...
Created symlink /etc/systemd/system/multi-user.target.wants/apache2.service → /lib/systemd/system/apache2.service.
Created symlink /etc/systemd/system/multi-user.target.wants/apache-htcacheclean.service → /lib/systemd/system/apache-htcacheclean.service.
...
# Note the screen output shows symlinks in the configuration directories for the system services.
# Let's see what was is running.
$ systemctl status apache2.service
● apache2.service - The Apache HTTP Server
Loaded: loaded (/lib/systemd/system/apache2.service; enabled; vendor preset: enabled)
Drop-In: /lib/systemd/system/apache2.service.d
└─apache2-systemd.conf
Active: active (running) since Sun 2020-04-26 12:08:28 MDT; 2min 6s ago
Main PID: 29916 (apache2)
Tasks: 55 (limit: 4915)
CGroup: /system.slice/apache2.service
├─29916 /usr/sbin/apache2 -k start
├─29918 /usr/sbin/apache2 -k start
└─29919 /usr/sbin/apache2 -k start
# Use a web browser to go to the machine name or IP address.
# Earlier you found the IP address by typing "hostname -I".
# It is kind of the developers and package maintainers to put instructions on the home page!
# Let's look at the index.html file.
$ cd /var/www/html
$ ls -l
total 12
-rw-r--r-- 1 root root 10918 Apr 26 12:08 index.html
# Being owned by root, we can guess an "apache" unix logon was not created.
$ grep apa /etc/passwd
# Nothing found. Also look at last line of /etc/passwd for a new entry.
$ tail -1 /etc/passwd
# Since software often has errors, bugs, and security holes, an attacker may exploit those
# holes and possibly gain access as the user which is running the software.
# The apache software is being run as root. It had better be perfect software!
# Let's look further.
$ ps -ef | grep apache
root 29916 1 0 12:08 ? 00:00:00 /usr/sbin/apache2 -k start
www-data 29918 29916 0 12:08 ? 00:00:00 /usr/sbin/apache2 -k start
www-data 29919 29916 0 12:08 ? 00:00:00 /usr/sbin/apache2
# Processes are running both as root and as the pre-existing unix logon www-data.
# Let's see if www-data is a less-privileged account than root
$ groups www-data
www-data : www-data
$ sudo grep www /etc/sudoers
# No output from grep, so it looks like www-data doesn't have sudo. This is good.
# To open a listening connection on a "low numbered port", you typically need to be root.
# Maybe that is why part of the web server is started as root. This is something to further explore.
# For now, let's change the static web page served from the file index.html.$ cd /var/www/html
$ ls -l
total 12
-rw-r--r-- 1 root root 10918 Apr 26 12:08 index.html
$ sudo cp index.html index.html.orig
$ ls -l
total 24
-rw-r--r-- 1 root root 10918 Apr 26 12:08 index.html
-rw-r--r-- 1 root root 10918 Apr 26 12:29 index.html.orig
# Edit the file and add some text. When editing the file, search for "welcome" and change the text.
$ sudo vi index.html
# In the "content_section_text", you may want to add a new paragraph tags and a couple lines such as:
# Reload your web browser to see your changes.
# Verify that systemctl is set up properly to start and stop the web server.
$ sudo systemctl stop apache2.service
$ ps -ef|grep apac
testuser 32236 28823 0 14:58 pts/0 00:00:00 grep apac
$ sudo systemctl start apache2.service
$ ps -ef | grep apac
root 32262 1 0 14:58 ? 00:00:00 /usr/sbin/apache2 -k start
www-data 32264 32262 0 14:58 ? 00:00:00 /usr/sbin/apache2 -k start
www-data 32265 32262 0 14:58 ? 00:00:00 /usr/sbin/apache2 -k start
testuser 32327 28823 0 14:58 pts/0 00:00:00 grep apac
$ systemctl status apache2.service
● apache2.service - The Apache HTTP Server
Loaded: loaded (/lib/systemd/system/apache2.service; enabled; vendor preset: enabled)
Drop-In: /lib/systemd/system/apache2.service.d
└─apache2-systemd.conf
Active: active (running) since Sun 2020-04-26 14:58:53 MDT; 17s ago
Process: 32214 ExecStop=/usr/sbin/apachectl stop (code=exited, status=0/SUCCESS)
Process: 32242 ExecStart=/usr/sbin/apachectl start (code=exited, status=0/SUCCESS)
Main PID: 32262 (apache2)
Tasks: 55 (limit: 4915)
CGroup: /system.slice/apache2.service
├─32262 /usr/sbin/apache2 -k start
├─32264 /usr/sbin/apache2 -k start
└─32265 /usr/sbin/apache2 -k start
$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 18.04.4 LTS
Release: 18.04
Codename: bionic
$ hostname -I
192.168.0.9
$ sudo ufw status
Status: inactive
# Update package list and install Apache.
$ sudo apt update
...
Fetched 2,854 kB in 2s (1,395 kB/s)
Reading package lists... Done
Building dependency tree
Reading state information... Done
All packages are up to date.
$ sudo apt install apache2
...
Created symlink /etc/systemd/system/multi-user.target.wants/apache2.service → /lib/systemd/system/apache2.service.
Created symlink /etc/systemd/system/multi-user.target.wants/apache-htcacheclean.service → /lib/systemd/system/apache-htcacheclean.service.
...
# Note the screen output shows symlinks in the configuration directories for the system services.
# Let's see what was is running.
$ systemctl status apache2.service
● apache2.service - The Apache HTTP Server
Loaded: loaded (/lib/systemd/system/apache2.service; enabled; vendor preset: enabled)
Drop-In: /lib/systemd/system/apache2.service.d
└─apache2-systemd.conf
Active: active (running) since Sun 2020-04-26 12:08:28 MDT; 2min 6s ago
Main PID: 29916 (apache2)
Tasks: 55 (limit: 4915)
CGroup: /system.slice/apache2.service
├─29916 /usr/sbin/apache2 -k start
├─29918 /usr/sbin/apache2 -k start
└─29919 /usr/sbin/apache2 -k start
# Use a web browser to go to the machine name or IP address.
# Earlier you found the IP address by typing "hostname -I".
# It is kind of the developers and package maintainers to put instructions on the home page!
# Let's look at the index.html file.
$ cd /var/www/html
$ ls -l
total 12
-rw-r--r-- 1 root root 10918 Apr 26 12:08 index.html
# Being owned by root, we can guess an "apache" unix logon was not created.
$ grep apa /etc/passwd
# Nothing found. Also look at last line of /etc/passwd for a new entry.
$ tail -1 /etc/passwd
# Since software often has errors, bugs, and security holes, an attacker may exploit those
# holes and possibly gain access as the user which is running the software.
# The apache software is being run as root. It had better be perfect software!
# Let's look further.
$ ps -ef | grep apache
root 29916 1 0 12:08 ? 00:00:00 /usr/sbin/apache2 -k start
www-data 29918 29916 0 12:08 ? 00:00:00 /usr/sbin/apache2 -k start
www-data 29919 29916 0 12:08 ? 00:00:00 /usr/sbin/apache2
# Processes are running both as root and as the pre-existing unix logon www-data.
# Let's see if www-data is a less-privileged account than root
$ groups www-data
www-data : www-data
$ sudo grep www /etc/sudoers
# No output from grep, so it looks like www-data doesn't have sudo. This is good.
# To open a listening connection on a "low numbered port", you typically need to be root.
# Maybe that is why part of the web server is started as root. This is something to further explore.
# For now, let's change the static web page served from the file index.html.$ cd /var/www/html
$ ls -l
total 12
-rw-r--r-- 1 root root 10918 Apr 26 12:08 index.html
$ sudo cp index.html index.html.orig
$ ls -l
total 24
-rw-r--r-- 1 root root 10918 Apr 26 12:08 index.html
-rw-r--r-- 1 root root 10918 Apr 26 12:29 index.html.orig
# Edit the file and add some text. When editing the file, search for "welcome" and change the text.
$ sudo vi index.html
# In the "content_section_text", you may want to add a new paragraph tags and a couple lines such as:
<p>
“I'm a great believer in luck, and I find the harder I work the more I have of it.”
<a href="https://plato.stanford.edu/entries/jefferson">Thomas Jefferson</a>
</p>
# Verify that systemctl is set up properly to start and stop the web server.
$ sudo systemctl stop apache2.service
$ ps -ef|grep apac
testuser 32236 28823 0 14:58 pts/0 00:00:00 grep apac
$ sudo systemctl start apache2.service
$ ps -ef | grep apac
root 32262 1 0 14:58 ? 00:00:00 /usr/sbin/apache2 -k start
www-data 32264 32262 0 14:58 ? 00:00:00 /usr/sbin/apache2 -k start
www-data 32265 32262 0 14:58 ? 00:00:00 /usr/sbin/apache2 -k start
testuser 32327 28823 0 14:58 pts/0 00:00:00 grep apac
$ systemctl status apache2.service
● apache2.service - The Apache HTTP Server
Loaded: loaded (/lib/systemd/system/apache2.service; enabled; vendor preset: enabled)
Drop-In: /lib/systemd/system/apache2.service.d
└─apache2-systemd.conf
Active: active (running) since Sun 2020-04-26 14:58:53 MDT; 17s ago
Process: 32214 ExecStop=/usr/sbin/apachectl stop (code=exited, status=0/SUCCESS)
Process: 32242 ExecStart=/usr/sbin/apachectl start (code=exited, status=0/SUCCESS)
Main PID: 32262 (apache2)
Tasks: 55 (limit: 4915)
CGroup: /system.slice/apache2.service
├─32262 /usr/sbin/apache2 -k start
├─32264 /usr/sbin/apache2 -k start
└─32265 /usr/sbin/apache2 -k start
If you run the firewall, remember to allow incoming pages to apache webserver.
$ sudo ufw enable
$ sudo ufw allow www
$ sudo ufw allow www
Saturday, April 18, 2020
Install Raspbian on Raspberry Pi B+
This will guide you through installation and configuration of a Raspberry Pi B+ with the Raspbian operating system so the device will be accessible on your network. Readily available for around $35, the Raspberry Pi ecosystem is fast-becoming a hobbyist workhorse.
Download Raspbian zip file from www.raspberrypi.org/downloads/raspbian. This example uses "Raspbian Buster with desktop" of February 2020.
Download the Etcher program from www.balena.io/etcher. Etcher will write the OS zip file image to the SD card.
Insert an 8 GB (or more) microSD card in to the card reader on your Windows PC. This example uses a 32 GB card. In Windows Explorer you should see the SD card.
Use the Etcher program to write the zip file OS image to the SD card.
After writing the image, the SD card will be unmounted. Physically eject the card from your PC, then reinsert it. Determine the drive letter by looking in File Explorer.
Let's tell the OS image to allow ssh login. Press the Windows Start button, type
cmd
and start the Command Prompt application.
In the command prompt, go to the drive letter of the SD card. In this example, type
F:
Create a zero length file named ssh. In the command prompt, type
type nul > ssh
If you will use a hard-wired ethernet connection from the device to your router, you will not need to configure wifi. To configure wifi, create a file named "wpa_supplicant.conf" with your wifi connection information. The file should only have the suffix ".conf" and the contents should not have Windows-like newline characters. It is important that newline characters are not added to this file. It should be a plain text file. Add the following to the wpa_supplicant.conf file.
country=US
ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=netdev
update_config=1
network={
scan_ssid=1
ssid="yourWifiSsid"
psk="yourWifiPassword"
}
Type exit to leave the command prompt.
In Windows File Explorer, right-click on the drive and choose EJECT. Physically eject the SD card from the PC.
Plug in the microSD card to the device, and insert the power connector cord in to the device. Don't yet plug it in to power.
Open your router configuration page, and look for the area which shows the current connections. You will looking for either a new DHCP client or a new MAC address. Now that you have opened your router configuration to the appropriate page, plug in the wall power for the device and turn on the power switch.
Watch the router page for a new connection. If using wifi and it doesn't connect to the router, use the ethernet cable method. Note the IP address.
Press the Windows Start button and open a command prompt. In the Windows command prompt, connect to the device using the IP address as seen in your router.
ssh pi@192.168.1.101
Accept the key fingerprint warning by typing yes.
The password is
raspberry
You should be logged in. Change the password.
$ passwd
Modify settings such as locale language, host name, and maybe enable VNC. Start the handy configuration tool. I changed the locale and the host name.
$ sudo raspi-config
If wifi didn't work or you want to enable it, become root and edit the file.
$ sudo su
$ sudo vi /etc/wpa_supplicant/wpa_supplicant.conf
Reboot the device.
$ sudo reboot
The router page will show the new host name.
For installation of an operating system on bare hardware, this was a smooth and pleasant experience. The teams who put together the custom OS and configuration tools have done superb!
Another good guide for how to install Raspbian OS is at Tom's Hardware.
Download Raspbian zip file from www.raspberrypi.org/downloads/raspbian. This example uses "Raspbian Buster with desktop" of February 2020.
Download the Etcher program from www.balena.io/etcher. Etcher will write the OS zip file image to the SD card.
Insert an 8 GB (or more) microSD card in to the card reader on your Windows PC. This example uses a 32 GB card. In Windows Explorer you should see the SD card.
Use the Etcher program to write the zip file OS image to the SD card.
After writing the image, the SD card will be unmounted. Physically eject the card from your PC, then reinsert it. Determine the drive letter by looking in File Explorer.
Let's tell the OS image to allow ssh login. Press the Windows Start button, type
cmd
and start the Command Prompt application.
In the command prompt, go to the drive letter of the SD card. In this example, type
F:
Create a zero length file named ssh. In the command prompt, type
type nul > ssh
If you will use a hard-wired ethernet connection from the device to your router, you will not need to configure wifi. To configure wifi, create a file named "wpa_supplicant.conf" with your wifi connection information. The file should only have the suffix ".conf" and the contents should not have Windows-like newline characters. It is important that newline characters are not added to this file. It should be a plain text file. Add the following to the wpa_supplicant.conf file.
country=US
ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=netdev
update_config=1
network={
scan_ssid=1
ssid="yourWifiSsid"
psk="yourWifiPassword"
}
Type exit to leave the command prompt.
In Windows File Explorer, right-click on the drive and choose EJECT. Physically eject the SD card from the PC.
Plug in the microSD card to the device, and insert the power connector cord in to the device. Don't yet plug it in to power.
Open your router configuration page, and look for the area which shows the current connections. You will looking for either a new DHCP client or a new MAC address. Now that you have opened your router configuration to the appropriate page, plug in the wall power for the device and turn on the power switch.
Watch the router page for a new connection. If using wifi and it doesn't connect to the router, use the ethernet cable method. Note the IP address.
Press the Windows Start button and open a command prompt. In the Windows command prompt, connect to the device using the IP address as seen in your router.
ssh pi@192.168.1.101
Accept the key fingerprint warning by typing yes.
The password is
raspberry
You should be logged in. Change the password.
$ passwd
Modify settings such as locale language, host name, and maybe enable VNC. Start the handy configuration tool. I changed the locale and the host name.
$ sudo raspi-config
If wifi didn't work or you want to enable it, become root and edit the file.
$ sudo su
$ sudo vi /etc/wpa_supplicant/wpa_supplicant.conf
Reboot the device.
$ sudo reboot
The router page will show the new host name.
For installation of an operating system on bare hardware, this was a smooth and pleasant experience. The teams who put together the custom OS and configuration tools have done superb!
Another good guide for how to install Raspbian OS is at Tom's Hardware.
Friday, April 17, 2020
Install PostgreSQL on Ubuntu Linux
# The documentation website of PostgreSQL is www.postgresql.org/docs.
$ sudo addgroup sql
[sudo] password for testuser:
Adding group `sql' (GID 1005) ...
Done.
$ sudo adduser pgsqlown --ingroup sql
$ sudo apt-get update
$ sudo apt-get upgrade
# For the software download, you may choose a more recent version of the database with the following section of this write-up, or skip ahead.
# If you want to install a more recent version:
$ sudo apt-get install curl ca-certificates gnupg
$ curl https://www.postgresql.org/media/keys/ACCC4CF8.asc | sudo apt-key add -
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 4812 100 4812 0 0 4105 0 0:00:01 0:00:01 --:--:-- 4105
OK
# Create /etc/apt/sources.list.d/pgdg.list with a line for the repository version for your Linux version.
$ lsb_release -c
Codename: bionic
$ cat /etc/apt/sources.list.d/pgdg.list
deb http://apt.postgresql.org/pub/repos/apt/ bionic-pgdg main
$ sudo apt-get update
$ sudo apt-get install postgresql-11
# Use this for the quick install of whatever version is provided at the time of the Ubuntu release. Do one or the other of the prior install or the following install.
$ sudo apt install postgresql postgresql-contrib
# If you are watching /var/log/syslog during the install, you will see entries like:
Apr 16 22:19:16 dell990 systemd[1]: Starting PostgreSQL RDBMS...
Apr 16 22:19:16 dell990 systemd[1]: Started PostgreSQL RDBMS.
Apr 16 22:19:19 dell990 systemd[1]: Reloading.
Apr 16 22:19:19 dell990 systemd[1]: message repeated 2 times: [ Reloading.]
Apr 16 22:19:20 dell990 systemd[1]: Created slice system-postgresql.slice.
Apr 16 22:19:20 dell990 systemd[1]: Starting PostgreSQL Cluster 10-main...
Apr 16 22:19:22 dell990 systemd[1]: Started PostgreSQL Cluster 10-main.
$ ps -ef | grep sql
postgres 6118 1 0 22:19 ? 00:00:00 /usr/lib/postgresql/10/bin/postgres -D /var/lib/postgresql/10/main -c config_file=/etc/postgresql/10/main/postgresql.conf
# You should take a moment to review the config file.
$ more /etc/postgresql/10/main/postgresql.conf
$ grep -v ^\# /etc/postgresql/10/main/postgresql.conf | grep -v ^$ | grep -v $'\t'
# Note the install made the postgres user, with a home directory in /var/lib.
$ tail -1 /etc/passwd
postgres:x:122:123:PostgreSQL administrator,,,:/var/lib/postgresql:/bin/bash
# As configured, the postgres unix account does not allow a direct login, nor "su", because of the "*" (asterisk/star) in the second field of the actual password file.
$ sudo tail -1 /etc/shadow
postgres:*:18369:0:99999:7:::
# The software install made a unix group for the postgres user.
$ tail -1 /etc/group
postgres:x:123:
# All of the running processes for the database owner.
$ ps -fu postgres
UID PID PPID C STIME TTY TIME CMD
postgres 6118 1 0 22:19 ? 00:00:00 /usr/lib/postgresql/10/bin/postgres -D /var/lib/postgresql/10/main -c config_file=/etc/postgresql/10/main/postgresql.conf
postgres 6128 6118 0 22:19 ? 00:00:00 postgres: 10/main: checkpointer process
postgres 6129 6118 0 22:19 ? 00:00:00 postgres: 10/main: writer process
postgres 6130 6118 0 22:19 ? 00:00:00 postgres: 10/main: wal writer process
postgres 6131 6118 0 22:19 ? 00:00:00 postgres: 10/main: autovacuum launcher process
postgres 6133 6118 0 22:19 ? 00:00:00 postgres: 10/main: stats collector process
postgres 6135 6118 0 22:19 ? 00:00:00 postgres: 10/main: bgworker: logical replication launcher
# Note the line with PID 6118. That started the database server and shows the configuration file.
# The software install may have been placed in /usr/share.
$ ls -ld /usr/share post*
drwxr-xr-x 3 root root 4096 Apr 16 22:19 postgresql
drwxr-xr-x 5 root root 4096 Apr 16 22:19 postgresql-common
drwxr-xr-x 253 root root 12288 Apr 16 22:19 /usr/share
# Check if automatic database startup was configured with systemctl. Looks like it was not configured, as there are no new files in /etc/systemd/system.
$ ls -ltr /etc/systemd/system
# Yet there is a systemctl entry.
$ systemctl status postgresql
● postgresql.service - PostgreSQL RDBMS
Loaded: loaded (/lib/systemd/system/postgresql.service; enabled; vendor preset: enabled)
Active: active (exited) since Thu 2020-04-16 22:19:16 MDT; 1 day 1h ago
Main PID: 5093 (code=exited, status=0/SUCCESS)
Tasks: 0 (limit: 4915)
CGroup: /system.slice/postgresql.service
# It is running from systemctl, so look further for systemctl files.
$ sudo grep -i post /etc/systemd/system/*/* 2>/dev/null
/etc/systemd/system/multi-user.target.wants/postgresql.service:# systemd service for managing all PostgreSQL clusters on the system. This
/etc/systemd/system/multi-user.target.wants/postgresql.service:Description=PostgreSQL RDBMS
# Check if jobs were added in cron. Can we "su" to login to the new account... Is there a password for the user?
$ sudo grep postgres /etc/shadow
postgres:*:18369:0:99999:7:::
# The second field has an asterisk (*), so it is not possible to "su" and enter a password.
# Let's use sudo to become the user and look for a crontab entry.
$ sudo su - postgres
postgres@dell990:~$ id
uid=122(postgres) gid=123(postgres) groups=123(postgres),112(ssl-cert)
postgres@dell990:~$ crontab -l
no crontab for postgres
# We have determined nothing is configured cron, and the database start and stop is configured in systemctl.
# Let's try to log in with the sql interpreter, and then log out.
$ psql
psql (10.12 (Ubuntu 10.12-0ubuntu0.18.04.1))
Type "help" for help.
postgres=# \q
# Exit the sql interpreter with "\q" and press ENTER.
# Confirm which version of the database we are connecting to. Press "q" when you have finished reading the output from the SELECT command.
$ psql
psql (10.12 (Ubuntu 10.12-0ubuntu0.18.04.1))
Type "help" for help.
postgres=# select version();
version
----------------------------------------------------------------------------------------------------------------------------------------
PostgreSQL 10.12 (Ubuntu 10.12-0ubuntu0.18.04.1) on x86_64-pc-linux-gnu, compiled by gcc (Ubuntu 7.4.0-1ubuntu1~18.04.1) 7.4.0, 64-bit
(1 row)
(END) version
----------------------------------------------------------------------------------------------------------------------------------------
PostgreSQL 10.12 (Ubuntu 10.12-0ubuntu0.18.04.1) on x86_64-pc-linux-gnu, compiled by gcc (Ubuntu 7.4.0-1ubuntu1~18.04.1) 7.4.0, 64-bit
(1 row)
(END)
# Another way to show the database software version while in the sql interpreter.
postgres=# show server_version;
server_version
---------------------------------------
10.12 (Ubuntu 10.12-0ubuntu0.18.04.1)
(1 row)
# We can also ask the postgres executable which version it is.
$ postgres -V
Command 'postgres' not found, did you mean:
command 'postgrey' from deb postgrey
Try: apt install <deb name>
# Confirm we are using the unix login of the software owner, and look at the PATH environment variable.
$ whoami
postgres
$ echo $PATH
/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/snap/bin
# Find where "postgres" was installed in the filesystem.
$ sudo find / -name postgres -print 2>/dev/null
/run/sudo/ts/postgres
/usr/lib/postgresql/10/bin/postgres
# The directory in that second line of output should be added to our PATH shell environment variable. Add just the directory path, not the actual "postgres" command.
$ echo 'export PATH=$PATH:/usr/lib/postgresql/10/bin' >> /var/lib/postgresql/.bashrc
# Login again, or "source" the login file. Type this in the "home" directory.
$ . ./.bashrc
# Check the new setting of PATH shell environment variable.
$ echo $PATH
/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/snap/bin:/usr/lib/postgresql/10/bin/postgres:/usr/lib/postgresql/10/bin
# Try the version command again.
$ postgres -V
postgres (PostgreSQL) 10.12 (Ubuntu 10.12-0ubuntu0.18.04.1)
# Log in and find out which role is in use. In this case, it is the same as the unix login.
$ psql
psql (10.12 (Ubuntu 10.12-0ubuntu0.18.04.1))
Type "help" for help.
postgres=# \conninfo
You are connected to database "postgres" as user "postgres" via socket in "/var/run/postgresql" at port "5432".
# List table names in this database. In this case, there are none.
postgres=# \d
Did not find any relations.
### Use PostgreSQL perl wrapper to determine what is running. Similar, though different than the earlier "ps" command.
$ pg_lsclusters
Ver Cluster Port Status Owner Data directory Log file
10 main 5432 online postgres /var/lib/postgresql/10/main /var/log/postgresql/postgresql-10-main.log
$ pg_ctlcluster 10 main status
pg_ctl: server is running (PID: 6118)
/usr/lib/postgresql/10/bin/postgres "-D" "/var/lib/postgresql/10/main" "-c" "config_file=/etc/postgresql/10/main/postgresql.conf"
# Stop the server. You may want to simultaneously run unix "top" in another window to watch the process.
# While you can use pg_ctlcluster with "stop", you should use the already-configured systemctl.
### Set up a backup. This is a client program which may be run from a different machine.
$ which pg_dumpall
/usr/bin/pg_dumpall
# The command to backup all databases should run quickly because nothing has been added yet.
$ pg_dumpall > /tmp/postgres.backup
# The curious may want to look at the backup file.
$ file /tmp/postgres.backup
/tmp/postgres.backup: ASCII text
$ more /tmp/postgres.backup
--
-- PostgreSQL database cluster dump
--
... and the backup file continues and ends with ...
--
-- PostgreSQL database cluster dump complete
--
# Add the following line in unix user postgres crontab.
$ crontab -l
* 1 * * * /usr/lib/postgresql/10/bin/pg_dumpall > /tmp/postgres.backup.$(/bin/date +%Y%m%d.%H%M%S) 1>>/tmp/postgres.cron 2>>&1
$ sudo addgroup sql
[sudo] password for testuser:
Adding group `sql' (GID 1005) ...
Done.
$ sudo adduser pgsqlown --ingroup sql
$ sudo apt-get update
$ sudo apt-get upgrade
# For the software download, you may choose a more recent version of the database with the following section of this write-up, or skip ahead.
# If you want to install a more recent version:
$ sudo apt-get install curl ca-certificates gnupg
$ curl https://www.postgresql.org/media/keys/ACCC4CF8.asc | sudo apt-key add -
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 4812 100 4812 0 0 4105 0 0:00:01 0:00:01 --:--:-- 4105
OK
# Create /etc/apt/sources.list.d/pgdg.list with a line for the repository version for your Linux version.
$ lsb_release -c
Codename: bionic
$ cat /etc/apt/sources.list.d/pgdg.list
deb http://apt.postgresql.org/pub/repos/apt/ bionic-pgdg main
$ sudo apt-get update
$ sudo apt-get install postgresql-11
# Use this for the quick install of whatever version is provided at the time of the Ubuntu release. Do one or the other of the prior install or the following install.
$ sudo apt install postgresql postgresql-contrib
# If you are watching /var/log/syslog during the install, you will see entries like:
Apr 16 22:19:16 dell990 systemd[1]: Starting PostgreSQL RDBMS...
Apr 16 22:19:16 dell990 systemd[1]: Started PostgreSQL RDBMS.
Apr 16 22:19:19 dell990 systemd[1]: Reloading.
Apr 16 22:19:19 dell990 systemd[1]: message repeated 2 times: [ Reloading.]
Apr 16 22:19:20 dell990 systemd[1]: Created slice system-postgresql.slice.
Apr 16 22:19:20 dell990 systemd[1]: Starting PostgreSQL Cluster 10-main...
Apr 16 22:19:22 dell990 systemd[1]: Started PostgreSQL Cluster 10-main.
$ ps -ef | grep sql
postgres 6118 1 0 22:19 ? 00:00:00 /usr/lib/postgresql/10/bin/postgres -D /var/lib/postgresql/10/main -c config_file=/etc/postgresql/10/main/postgresql.conf
# You should take a moment to review the config file.
$ more /etc/postgresql/10/main/postgresql.conf
$ grep -v ^\# /etc/postgresql/10/main/postgresql.conf | grep -v ^$ | grep -v $'\t'
# Note the install made the postgres user, with a home directory in /var/lib.
$ tail -1 /etc/passwd
postgres:x:122:123:PostgreSQL administrator,,,:/var/lib/postgresql:/bin/bash
# As configured, the postgres unix account does not allow a direct login, nor "su", because of the "*" (asterisk/star) in the second field of the actual password file.
$ sudo tail -1 /etc/shadow
postgres:*:18369:0:99999:7:::
# The software install made a unix group for the postgres user.
$ tail -1 /etc/group
postgres:x:123:
# All of the running processes for the database owner.
$ ps -fu postgres
UID PID PPID C STIME TTY TIME CMD
postgres 6118 1 0 22:19 ? 00:00:00 /usr/lib/postgresql/10/bin/postgres -D /var/lib/postgresql/10/main -c config_file=/etc/postgresql/10/main/postgresql.conf
postgres 6128 6118 0 22:19 ? 00:00:00 postgres: 10/main: checkpointer process
postgres 6129 6118 0 22:19 ? 00:00:00 postgres: 10/main: writer process
postgres 6130 6118 0 22:19 ? 00:00:00 postgres: 10/main: wal writer process
postgres 6131 6118 0 22:19 ? 00:00:00 postgres: 10/main: autovacuum launcher process
postgres 6133 6118 0 22:19 ? 00:00:00 postgres: 10/main: stats collector process
postgres 6135 6118 0 22:19 ? 00:00:00 postgres: 10/main: bgworker: logical replication launcher
# Note the line with PID 6118. That started the database server and shows the configuration file.
# The software install may have been placed in /usr/share.
$ ls -ld /usr/share post*
drwxr-xr-x 3 root root 4096 Apr 16 22:19 postgresql
drwxr-xr-x 5 root root 4096 Apr 16 22:19 postgresql-common
drwxr-xr-x 253 root root 12288 Apr 16 22:19 /usr/share
# Check if automatic database startup was configured with systemctl. Looks like it was not configured, as there are no new files in /etc/systemd/system.
$ ls -ltr /etc/systemd/system
# Yet there is a systemctl entry.
$ systemctl status postgresql
● postgresql.service - PostgreSQL RDBMS
Loaded: loaded (/lib/systemd/system/postgresql.service; enabled; vendor preset: enabled)
Active: active (exited) since Thu 2020-04-16 22:19:16 MDT; 1 day 1h ago
Main PID: 5093 (code=exited, status=0/SUCCESS)
Tasks: 0 (limit: 4915)
CGroup: /system.slice/postgresql.service
# It is running from systemctl, so look further for systemctl files.
$ sudo grep -i post /etc/systemd/system/*/* 2>/dev/null
/etc/systemd/system/multi-user.target.wants/postgresql.service:# systemd service for managing all PostgreSQL clusters on the system. This
/etc/systemd/system/multi-user.target.wants/postgresql.service:Description=PostgreSQL RDBMS
# Check if jobs were added in cron. Can we "su" to login to the new account... Is there a password for the user?
$ sudo grep postgres /etc/shadow
postgres:*:18369:0:99999:7:::
# The second field has an asterisk (*), so it is not possible to "su" and enter a password.
# Let's use sudo to become the user and look for a crontab entry.
$ sudo su - postgres
postgres@dell990:~$ id
uid=122(postgres) gid=123(postgres) groups=123(postgres),112(ssl-cert)
postgres@dell990:~$ crontab -l
no crontab for postgres
# We have determined nothing is configured cron, and the database start and stop is configured in systemctl.
# Let's try to log in with the sql interpreter, and then log out.
$ psql
psql (10.12 (Ubuntu 10.12-0ubuntu0.18.04.1))
Type "help" for help.
postgres=# \q
# Exit the sql interpreter with "\q" and press ENTER.
# Confirm which version of the database we are connecting to. Press "q" when you have finished reading the output from the SELECT command.
$ psql
psql (10.12 (Ubuntu 10.12-0ubuntu0.18.04.1))
Type "help" for help.
postgres=# select version();
version
----------------------------------------------------------------------------------------------------------------------------------------
PostgreSQL 10.12 (Ubuntu 10.12-0ubuntu0.18.04.1) on x86_64-pc-linux-gnu, compiled by gcc (Ubuntu 7.4.0-1ubuntu1~18.04.1) 7.4.0, 64-bit
(1 row)
(END) version
----------------------------------------------------------------------------------------------------------------------------------------
PostgreSQL 10.12 (Ubuntu 10.12-0ubuntu0.18.04.1) on x86_64-pc-linux-gnu, compiled by gcc (Ubuntu 7.4.0-1ubuntu1~18.04.1) 7.4.0, 64-bit
(1 row)
(END)
# Another way to show the database software version while in the sql interpreter.
postgres=# show server_version;
server_version
---------------------------------------
10.12 (Ubuntu 10.12-0ubuntu0.18.04.1)
(1 row)
# We can also ask the postgres executable which version it is.
$ postgres -V
Command 'postgres' not found, did you mean:
command 'postgrey' from deb postgrey
Try: apt install <deb name>
# Confirm we are using the unix login of the software owner, and look at the PATH environment variable.
$ whoami
postgres
$ echo $PATH
/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/snap/bin
# Find where "postgres" was installed in the filesystem.
$ sudo find / -name postgres -print 2>/dev/null
/run/sudo/ts/postgres
/usr/lib/postgresql/10/bin/postgres
# The directory in that second line of output should be added to our PATH shell environment variable. Add just the directory path, not the actual "postgres" command.
$ echo 'export PATH=$PATH:/usr/lib/postgresql/10/bin' >> /var/lib/postgresql/.bashrc
# Login again, or "source" the login file. Type this in the "home" directory.
$ . ./.bashrc
# Check the new setting of PATH shell environment variable.
$ echo $PATH
/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/snap/bin:/usr/lib/postgresql/10/bin/postgres:/usr/lib/postgresql/10/bin
# Try the version command again.
$ postgres -V
postgres (PostgreSQL) 10.12 (Ubuntu 10.12-0ubuntu0.18.04.1)
# Log in and find out which role is in use. In this case, it is the same as the unix login.
$ psql
psql (10.12 (Ubuntu 10.12-0ubuntu0.18.04.1))
Type "help" for help.
postgres=# \conninfo
You are connected to database "postgres" as user "postgres" via socket in "/var/run/postgresql" at port "5432".
# List table names in this database. In this case, there are none.
postgres=# \d
Did not find any relations.
### Use PostgreSQL perl wrapper to determine what is running. Similar, though different than the earlier "ps" command.
$ pg_lsclusters
Ver Cluster Port Status Owner Data directory Log file
10 main 5432 online postgres /var/lib/postgresql/10/main /var/log/postgresql/postgresql-10-main.log
$ pg_ctlcluster 10 main status
pg_ctl: server is running (PID: 6118)
/usr/lib/postgresql/10/bin/postgres "-D" "/var/lib/postgresql/10/main" "-c" "config_file=/etc/postgresql/10/main/postgresql.conf"
# Stop the server. You may want to simultaneously run unix "top" in another window to watch the process.
# While you can use pg_ctlcluster with "stop", you should use the already-configured systemctl.
### Set up a backup. This is a client program which may be run from a different machine.
$ which pg_dumpall
/usr/bin/pg_dumpall
# The command to backup all databases should run quickly because nothing has been added yet.
$ pg_dumpall > /tmp/postgres.backup
# The curious may want to look at the backup file.
$ file /tmp/postgres.backup
/tmp/postgres.backup: ASCII text
$ more /tmp/postgres.backup
--
-- PostgreSQL database cluster dump
--
... and the backup file continues and ends with ...
--
-- PostgreSQL database cluster dump complete
--
# Add the following line in unix user postgres crontab.
$ crontab -l
* 1 * * * /usr/lib/postgresql/10/bin/pg_dumpall > /tmp/postgres.backup.$(/bin/date +%Y%m%d.%H%M%S) 1>>/tmp/postgres.cron 2>>&1
Subscribe to:
Posts (Atom)