Advertisements
Coinbase
10 Apr

Coinbase

There are alot of Bitcoin exchanges online, but Coinbase is first choice. It’s great for people who just want to dip their toes into Crytocurrency, and with their GDAX platform it works for the more advanced users as well.

Restore Zimbra, OSE, from backups
30 Mar

Restore Zimbra, OSE, from backups

This morning I thought to take advantage of the long weekend and update my Zimbra installation – this didn’t go as well as expected. Instead I ended up with a corrupted server. I was left spending the morning restoring from my latest zmback.sh backup.

The process was simple enough, but since I couldn’t find a clear step-by-step guide I thought having an easy to find reference guide would be of use in the future – as I’m sure I’ll be in a simliar possition again one day. Read more »

Rsync Bandwidth Limit
02 Aug

Rsync Bandwidth Limit

How do I stop Rsync using all my bandwidth?

If you use rsync to move large or just a large number of files from one machine to another, ether over the internet or your local network, you’ll have realised rsync uses as much bandwidth as it can get a hold of which is not always convenient.

The reason you might want to reduce rsync’s bandwidth load is to ensure it doesn’t clog up you network making everything else unusable.

Obviously this is going to slow down to total time require to transfer your files. On the face of it this might not seem ideal, but if your moving your nightly backup files from your webserver to your backup location time isn’t the most important factor. What you really want is these backups to happen seamlessly in the background and not to DDOS your own site.

A normally rsync command might look something like this:

The parameter that tells rsync how much bandwidth to use is --bwlimit.

So if you want to limit rsync to 10MB a second the command would look like:

Or to limit rsync to 5MB a second the command would look like:

Raspberry Pi Bitcoin Core 0.10.2 Installation
14 Jun

Raspberry Pi Bitcoin Core 0.10.2 Installation

This weekends project is setting up a Raspberry Pi as an online Bitcoin wallet.

As you might the first step has been installing Bitcoin Core. There is no binary Bitcoin available for the Raspberry Pi’s ARM process so I had to build it from source. Less I Forget here is my step-by-step guide:

Requirements

  • Raspberry Pi 2
  • A 2A power supply
  • External HD
  • Raspbian OS Image Downloaded from here
  • The blockchain – Optional but could save days of waiting

Installing a Clean OS

First thing to do now we have a Raspbian install image is copy it to a new microSD card.

Being a Linux user I just copy the image from the command line using dd:

dd is a Unix command so if your MacOSX user the same command will work for you as well. It takes a few minutes but gets the job done. For Windows users a program like Win32DiskImager can do the install for you – full instructions can be found here.

Raspi-Config / Updating

As normal with a new installation raspi-config will run during the first boot. What we need to do here is expand the file system to take up the whole sdcard – no point in empty space just sitting around looking prity.

Once that’s done enable the SSH server. The Pi will reboot after your exit raspi-config so just let it do its thing.

Once the Pi is back up and running you can now keep working working with an attached keyboard a mouse of fire up and SSH connection from another machine and work from there, the choice is yours.

If you do choose the SSH option make sure you start a screen session, since the commands we’re about to run could take a few hours on the Raspberry.

If you need a pointers, the quickest way to get the Raspberry’s IP address is running ifconfig from the command line. The default username is pi and – if you didn’t already change it – the password will be raspberry, but I would highly recommend changing it as your first step passwd will do the job.

Now that we have a running Raspberry Pi and we’ve logged into a terminal – ether thru the keyboard and monitor or over SSH – we’re going to quickly run an OS update:

Installing Bitcoin

Getting the dependencies

We’re going to have to build Bitcoin Core from the source code, and for that we need the build tools and dependent libraries installed:

We also need to install the BerkeleyDB 4.8, since its not available from apt-get we’ll need to build it from source as well. This will take a while so probably best grab a cup of coffee or something, but if your using a Raspberry Pi2 you can replace the make command with make -j4 to spread the load over the extra cores.

Getting the source

Now that the system is ready we can finally start on Bitcoin. First get the source code from the GitHub repository:

Building it

Next we’ll configure it for our system and get the build started. Again this will take ages, but you can speed it up on the Raspberry Pi2 by using the make -j4 command instead of just make – for reference I just used the make option and it was done in about 3 – 4 hours.

Up & running

… and we’re back. We now have Bitcoin Core 0.10.2 installed on our Raspberry. Before we run it for the first time we need to make sure we can download the blockchain. At present the blockchain is over 35Gb. Since we can’t feasible store it on our microSD card we need to put it on an external hard drive.

If you’ve never plug an external drive into a Raspberry Pi before, its worth pointing out the Pi doesn’t have enought power to support the drive directly. You must ether get a drive back with it own power or plug the drive into a powered usb hub.

Once your drive is ready you have a few options for telling Bitcoin Core where to put the blockchain. Ether mount the external drive to /home/pi/.bitcoin or create a symlink there. The final option is to pass the the new location to bitcoin over the command line bitcoin-qt -datadir=/path/to/harddisk/

One last thing before we fire up the Core. If you already have a copy of the blockchain copy this to the Raspberry Pi, it will save hours or even days of waiting. However, if like me you don’t you may run into the same problems I have.

When I started running bitcoin-qt it will crash. After Googling around the error message relates to a lack of memory. The Raspberry Pi2 has 1GB or ram but its appears that isn’t always enough. Since adding more RAM isn’t a practical option I’ve resorted to running this script:

This handy little one-liner will restart bitcoin-qt every time it closes – in my case crashes – and the download will resume where it left off.

I’m not sure if this problem is histochemic of the Raspberry Pi or just while the blockchain is downloading but once my downloads completed I’ll get a better idea and can give some more feedback.

Raspberry Pi Powered OpenVPN – Client Side
19 Apr

Raspberry Pi Powered OpenVPN – Client Side

This is part two of my series on creating your own, private, VPN server at home using a Raspberry Pi. If you have followed on from my Raspberry Pi Powered OpenVPN – Server post you will have a fully working OpenVPN server. You probably also noticed it took you a good portion of your afternoon, but with bugs and hacks being found in more and more Linux software and libraries it is well worth having a server you can trust.

You’ll have noticed though we’re missing a vital step before we can make use of our new server. In part three of my tutorial we created some access keys to allow our phones and laptops (from here on called clients) to access our server, but we haven’t told the clients.

OpenVPN software gets all the information about where your server is, how to connect, what keys to use and what connections to create from a configuration file called and .ovpn. Since you need a separate OVPN file for each client we’ll use a script to do our heavy lifting.

Eric Jodoin first created this script while at the SANS institute, and with some basic template files, it can create configuration files for all our clients.

As with the Raspberry Pi Powered OpenVPN – Server tutorial the following commands still need executed as root, so remember ether add sudo infront of them or make sure you still have root from the sudo -s command.

Setting the defaults

Eric’s script works by combining a default configuration file with the keys specific to client, so we need to create it first.

Create a new blank file:

nano /etc/openvpn/easy-rsa/keys/Default.txt

Then copy and past in this:


Remember to change the line remote to match your setup. Include the public IP address of your OpenVPN server and make sure the port and proto are correct. If in on page four you opted to use TCP or a non standard port, one other than 1194, you need to make sure this is correct here as well.

If you are not sure what your public IP address is you can ask Google.

Some ISPs will rotate your IP address regularly which causes a problem when trying to access your new server. There are however many services that offer dynamic domain names (DDNS). These give you a static domain name but make sure the IP address always points to your home PC. First thing I would do is check your router to see if it supports a DDNS provider. If it doesn’t then you can use a free service like DNS Dynamic, but you will have to setup and run the ddclient on the Pi to keep your IP address updated.

As in the previous tutorials use control+x and save the new file.

Creating the script

Now we’ll create a copy of the script Eric produced, the original PDF download of his research paper can be found online.

First create a new file in nano:

nano -w /etc/openvpn/easy-rsa/keys/ovpn_gen.sh

Get a copy of the script from my gitlab server and past it into this new file. Lastly control+x and save the new script.

By default new files created in nano are just text files, they do not have permission to execute commands. This command will give only the root user permission to read, write or execute our new file:

chmod 700 /etc/openvpn/easy-rsa/keys/ovpn_gen.sh

We can now run the script, but first make sure we are in the keys folder:


The first thing we’re asked for is the Client Name. This must be the same as we used in page three of the server side tutorial. I’ll continue using KEYNAME here, but if I was setting up the key for my Nexus 5 I would use stuart.nexus5.

If everything worked as expected you’ll see a message like this:


Now just rinse and repeat for as many clients as you have setup, but make sure to only run the command for keys you already created. If you need a new device go back to page three and create a new set of keys first.

Downloading the OVPN files

You now have to download your new OVPN file from the /etc/openvpn/easy-rsa/keys/ folder onto your clients. If you are on a link system I would use the scp command, but for Windows users WinSCP would work as well.

If you are using WinSCP you will not have permission to access the /etc/openvpn/easy-rsa/keys/, this is by design and adds additional protect to your server. So you can cp the file into the pi home directory first and download it from there, but make sure to delete it once you have it on the client.

cp /etc/openvpn/easy-rsa/keys/KEYNAME.ovpn /home/pi/

and then

rm /home/pi/KEYNAME.ovpn

In part two of this tutorial we’ll take a look at setting up our client and getting OpenVPN installed and running on your Android phone or tablet.

Fedora/Yum update notification in OpenBox
06 Feb

Fedora/Yum update notification in OpenBox

OpenBox is a minimalist windows manager for Linux, it’s also my manager of choice. Due to its minimal memory footprint its faster than Gnome or KDE, but because its minimal a lot of what you may have come to know and move is no enabled by default.

I will cover more about OpenBox and its configuration in future posts, but this evening I decided to check for any updates to Fedora 21 and to my surprise I found over 200 updates waiting on me. I know, I am really bad at checking for updates but so are you so don’t judge!

When you log into KDE or Gnome many other services and background programs are run, one of which checks for system updates and alerts you. There is no such thing running by default when your first run OpenBox so I created a Bash script that runs in cron. It uses the notify-send command to pop-up alerts when updates are available.

Create a new file in /usr/local/bin/yum-watch and copy in:

Now make sure the file is executable with sudo chmod 700 /usr/local/bin/yum-watch. Now just add your new command to cron or run it at startup and you’ll start getting notifications if and when new updates are available.

The Dangers of Open Spots
01 Feb

The Dangers of Open Spots

All over the web you will see people telling you the internet is an unsafe place to be, but the biggest danger doesn’t come from some one sitting at home intercepting your connection to your bank or Facebook. It comes from someone sitting in the same coffee shop as you getting between you and the internet, what’s known as a ‘man-in-the-middle-attack’.

This illustration shows what a normal Internet connection should look like:

Standard Internet Connection

As you can see the green and red lines represent unchanged traffic between you and the internet.

But in a man in the middle attack it would look more like this:

Man-In-The-Middle Connection

In this case you are sending traffic to a third party, connected to the same router as you, and they are sending that on to the internet. They receive a response back and forward that on to you. This allows them to rewrite any web page or email before you see it and they can see any passwords you are sending.

Having an HTTPS connection can go along way to protect yourself from this kind of attack but it’s not perfect. If a man in the middle can intercept all your traffic they can intercept your connection request offer you a secure connection with them and create a secure connection to the remote host.

SSL Certificate Shield This is part of the reason we use Certificate Authorities. While the man in the middle can offer you a secure connect to their fake site, they can’t fake the signature. So if everything is working correctly your browser will throw up an error an encourage you to click away, but as users we’re trained to push past these without ever reading them or paying attention.

Another way this fails is when a certificate authority, whom your browser trusts, looses control of their keys. In effect a hacker can now create fraudulent certificates for any site they like and your browser will accept it quite happily. At least until everyone updates their browser.

There are a number of solutions to this each with its ups and downs. The one the industry is favouring is EV certs. These are special certificates that in most cases turn your browsers address bar green.

It’s important to understand what this EV certs actually does. It is cryptographically no more secure than a self signed certificate but it has better authenticity. Before any certificate authority can issue you with an EV certificate they have to perform far more checks on who you are, and that’s what you pay for.

A regular certificate lasting one year will separate you from between £9.99 and £175.00 of you hard earned cash but an EV certificate for the same twelve months would set you up back £249.99 and £1000.00.

While EV certificates are a solution, and a good one, they still rely on the website you’re visiting doing the hard work, and paying the fee. So we need to look at more practical solutions a user can do.

One of the best, and easiest, is only accessing the internet from a trusted router. So you can stop using any public wifi, easy. A slightly less extreme way would be if we could access the internet from our home router all the time, from where ever we are.

Raspberry Pi So how do we access the Internet from home when we’re in a coffee shop on the other side of the city? Like everything there are lots of solutions but the main one would be a VPN, like OpenVPN. Like all servers you have to be running it on your home machine at all times, just in case you want to connect to it. Not cost effective and a waste of electricity, but we can use a cheaper form of computer like a Raspberry Pi, I’ve already posted about the running costs of a Pi but it’s usually in the region of £4.60 to £10.52 per year.

This is the solution I’ve decided to go for since its open source and supports all versions of Linux, Windows and even had an Android app.

In the next article I’ll start by talking you through the initial setup of the Raspberry Pi then we’ll move on to installing OpenVPN and finally getting your laptop and Android connected.

A cure for Crons chronic email problem
06 Jan

A cure for Crons chronic email problem

Anyone who has setup a backup system on their Linux machine, and I hope you all have, will be well aware of the problems when running commands from {% link crontab https://en.wikipedia.org/wiki/Crontab Crontab via Wikipedia %}. You will be inundated with emails every-time cron runs and with so many emails its easy to get to a point where you just stop reading them so never notice that Friday night when the backups stopped due to some error and from that point on they never ran correctly again.

One solution most of us will be familiar with is simple to direct all command output to /dev/null 15 01 * * * backup_my_pc >/dev/null 2>&1 but this now mean we want get any feedback – whether the backup ran correctly or not!

After a little time spent with Google I found a program called {% link Chronic http://habilis.net/cronic/ A cure for Crons chronic email problem %}. It acts as a wrapper script within the cron shell. So now instead of having 15 01 * * * backup_my_pc as your crontab command you use 15 01 * * * cronic backup_my_pc. Cronic will then run your shell command so it can handle all output from your command. If the command fails the full output is printed to the shell, so cron sends it as an email, but if no error occurs all output is hidden and no email is sent. A perfect solution.

Installation

The best way to install Cronic is simply to download the shell script from the {% link project website http://habilis.net/cronic/cronic Download chronic %}. Copy the download into your PATH, usually /usr/bin will be fine. Then just start updating your crontab rules.

A Linux Security Checklist
16 Dec

A Linux Security Checklist

I recently came across this article about securing yourself on a Linux machine – Security Checklist for Linux System.

It’s equally true about Windows users as well:

  1. Keep the system updated with latest security patches
  2. Keep yourself updated with latest vulnerabilities through mailing lists, forums etc.
  3. Stop and disable unwanted services
  4. Use SUDO to limit ROOT Access
  5. SSH security settings
  6. Tunnel all of your XWindow sessions through SSH
  7. Create only a required number of users
  8. Maintain a good firewall policy
  9. Scan for viruses and other malware!
  10. Configure SSL/TLS if you are using FTP
  11. Secure your communication with GPG
  12. Check file permissions across filesystems
  13. Bootloader and BIOS security
  14. Enable remote Logging
  15. Keep a good password policy
Install Oracle Java JDK or JRE 8u11
18 Jul

Install Oracle Java JDK or JRE 8u11

I do not format my desktop PC very often, I reinstall my laptop three or four times a month but not my primary machine. With almost every clean installation I have to lookup how to install Oracle’s Java instead of using the pre installed version OpenJDK.

Since I search for it so often I thought it was well past time I wrote a guide of my own.

What’s New in JDK 8

Java 8 is a major feature release on version 7. The updates are too many to go into great detail here, but Oracle have a full feature change log on their own site

Scope

This guide will tell you how to install Sun/Oracle Java JDK and/or JRE 8u11 on Fedora 20, 19, 18, 17, 16, 15, 14, 13 and 12 – I haven’t tested on all these version of Fedora, only 20 & 19, but Fedora haven’t change the process so much that this wouldn’t work on older versions. If you do find any problems, please let me know in the comments section and I will get the guide updated.

Install Sun/Oracle Java JDK/JRE 8u11

Download 32bit of 64bit RPM packages

Download the RPM files from Oracle’s download page. Depending on your system, 32 or 64bit, download:
* 32-bit JDK download jdk-8u11-linux-i586.rpm
* 64-bit JDK download jdk-8u11-linux-x64.rpm
* 32-bit JRE download jre-8u11-linux-i586.rpm
* 64-bit JRE download jre-8u11-linux-x64.rpm

Install the RPM packages

Next just install the RPM package you’ve just downloaded using one of these commands

Set the newly installed Java as the system default

Now that your Java 8u11 is installed you need to tell Fedora to use it by default. The alternatives simply created links from the system default paths to the new java installation directory

Install Browser plugin for Firefox

Most people do not need to do this, I never do. If you dont know you need java inside your browser skip this step – you can always come back to it later if you find you need to run java from within in Firefox.

Set up Java Development Kit

You only need this if you installed the JDK. These two commands, javac and jar, are just used to complie java code and package the result files for distribution.

If you need to run multiple versions set 8u11 to the default

In the steps above you have replace the already installed version of Java with 8u11, but you havent removed it. If in future you install 8u12, but still want 8u11 to be your default you can specifiy the version of java to pass to alternatives instead of using latest.

JRE Users

JDK Users

Make sure its all worked

Just a quick check to see its all work as you expect

Post Install

You now have Java installed, the last thing to you need to do is make sure you have the JAVA_HOME environment variable set on your system.

You can do this per user by adding the above to $HOME/.bash_profile or make it a system wide setting by adding it to /etc/profile

Switching JRE

Now you have installed Oracle Java, and used alternatives to set it as the system default, you may come across occasions when you need to switch the system back to OpenJDK. You can use the alternatives command with the –config argument to set things up the way you want.

java

javaws

libjavaplugin.so (32-bit)

libjavaplugin.so.x86_64 (64-bit)

javac

01 Jun

Getting Saitek X52 Joystick Working Within Linux

Now that Steam is available for Linux (How to install article coming soon) I have once again made the switch to 100% Linux. How that I have Steam installed I wanted to start playing Egosoft’s X3 series again, but for best performance this really needs a joystick. This is how I went about installing and using my Saitek X52 joystick in Fedora 18.

The problem is as of Fedora 17 the joydev kernel module was removed by default. The result is when a new joystick is plugged in the require paths in /dev/input/jsX are not being created, so your software and games can not find the device. So we need to reinstall the joydev module.

After installing the kernel joydev module the joystick and all its buttons are detected by the latest kernel (which as of writing is)

The Install Instructions for a fresh install

  1. Even though joydev was stripped from the default kernel it has been bundled into an easy to install package available in the yum repsitory

2. Now the kernel software is installed we need to load it. You can ether take a moment and reboot your PC, the modules will get loaded at boot time, or you can load them your self with modprobe

  1. After the new modules have been loaded you can plug your joystick in and you should see the new paths being created under /dev/input it will be something like /dev/input/js0. You can not test to make sure your joystick is being detected correctly using ‘jstest’

Installing Qjoypad Optional, mapping buttons to the keyboard

The Saitek X52 has over 30 buttons on it so the easiest way to set these up would be mapping them to keyboard shortcuts. Luckly, with a little Googling, I found a fantastic tool for this. Qjoypad is a Qt based program that will just sit in your tray and map any button presses to the associated keyboard shortcut.

There are no binary packages, that I could find, but installing from source is fairly painless. There are alternatives out there, but I haven’t spent any time with them. I found Qjoypad first, and for my purposes, it was perfect. If you find something you think is better please let me know in the comments!

  1. Install Qt dependancy packages

  1. Download the latest version of Qjoypad, as of writing that was 4.1.0
  2. Extract downloaded file

  1. Change directory into main source folder

  1. The distributed config file makes a check for qmake, unfortunitly this will fail in Fedora as the qt-devel package installed qmake as qmake-qt4 so we can just comment out the check in line 14-17

  1. Now run config to generate the Makefile

  1. Edit the new Makefile and append -lX11 to the end of line 19. I’m not ‘up-to-scratch’ with Makefiles and compiling, so I’m not able to give a good reason for this, I just now without it ‘make’ will fail to compile. If someone can explain it better than I leave a comment and I’ll happily update the article

  1. Now as root run the install

  1. Run QJoypad

Qjoypad will run in your system tray and can be opened by double clicking. From there you can setup your profiles and key bindings. There is support for multiple profiles as well so you are able to set different bindings for each of your games and load them as required.

I hope this has been of help to you, I know I’ll be refering to it after my next install. Please leave me a comment bellow if this was of help, or you’ve found any problems.

As always, if you have been, thanks for reading

Rooting the Google Nexus7, in Linux
20 Mar

Rooting the Google Nexus7, in Linux

In a previous post I talked about installing CyanogenMod 7.1 Alpha 3 on my HP TouchPad, but since Santa was very nice to me this year I now have a Nexu7, and of course I want to root it. Most of the toolkits and instructions I found talked about doing this thru Windows, but I’m a Linux guy and don’t want to install Windows for what will take less than an hour. So further Googling came up with a way of doing it thru Linux.

Warning!

Like every site before me, be warned. Follow this guide at your own risk. Rooting, unlocking and installing new ROMs does invalidate your warranty and risk causing damage to your data and/or device. While nothing bad has happened to me followed these instructions, you can’t discount the idea entirely. So BACK UP YOUR DATA – If you don’t Murphy’s Law says you will need it

The Toolkit

There are alot of ways to ‘manually’ unlock your device, but all the ones I was able to find involved downloading the Android SDK. This is a good way to do things if you ether know what your doing, or want a better understanding of the steps involved. However I wanted it done quick, and at the time I was on my netbook and seen no need to install the entire SDK. So I chose to use a toolkit.

The next problem was finding one. The vast majority of kits run under Windows, as previously stated I’m a penguin at heart and needed to find a Linux kit. tatelucas, member of the XDA-Developers forum – if you’ve never checked it out you really should – was there with the solution: Universal Nexus Linux Toolkit, formerly named galaxy-nexus-linux-toolkit. At the time of writing his toolkit supports the

  • Nexus 4 mako
  • Nexus 10 manta
  • Nexus 7 (WiFi) grouper
  • Galaxy Nexus (GSM) maguro
  • Galaxy Nexus (Verizon) toro
  • Galaxy Nexus (Sprint) toroplus
  • Nexus S (worldwide version, i9020t and i9023) crespo
  • Nexus S (850MHz version, i9020a) crespo
  • Nexus S (Korea version, m200) crespo
  • Nexus S 4G (d720) crespo4g

however I have only tested it on the device I have, the Nexus 7 grouper. This toolkit allows you to unlock and re-lock the bootloader, get root access, install ClockworkMod recovery both touch or standard version and, if you feel the need, reinstall the Google stock rom.

Requirements So what do you need?

  • Android Debugging Enabled
  • Universal Nexus Linux Toolkit – The best method for this is using git, but you could also browse the repository down manually download the files, I will be using git

Downloading from git Just in-case you don’t know how

Getting Root

Now that we have a copy of the files, in my case stored in “~/RootNexus7/galaxy-nexus-linux-toolkit”, change to the stable source, the folder called “stable”, and we can start the install.

From this point on the installation is straight forward. Tatelucas has made the interface really easy to use and the on-screen instructions detail each option and tell you want you need to be doing on the table.

Now you have root

If everthing worked as expected you should now have root access to your Nexus. The first thing I would recommend you do now is install a proper/full backup package. My app of choice is Titanium Backup ★ root. After that… do a little Googling, the platform is now your oyster – enjoy

If you like this toolkit, why not buy the developer a coffee?

Donate to tatelucas with PayPal

Getting Logitech Custom Mouse Buttons Working Within Linux
13 Mar

Getting Logitech Custom Mouse Buttons Working Within Linux

Having lived in a Windows environment for the past couple of years I’ve gotten somewhat used to my routines and short cuts, most of which are missing or changed now that I’m 95% Ubuntu. The most notable absentee are all the extra buttons on my Logitech MX Revolution mouse, which I have mapped to a vast array or custom key stroked. So, lest I forget, this is how I have got these custom buttons working correctly.

All these buttons are detected by the latest kernel (which as of writing is)

This is great news because all we need to do now is map each button against the desired application/keystroke.

My system of choice is Ubuntu 10.10 as of writing, this has since changed to Fedora so all the command line and install command listed are correct for this distributions as of writing. If you find other commands work on other distributions leave a not in the command and I will be sure to update the main article.

The Install Instructions for a fresh install

  1. We should install xbindkeys. This will re-map mouse and keyboard inputs so the install is…

The goal is to configure the mouse buttons to send key combinations to activate o

ther desktop or application functionalities. Technically all xbindkeys is doing is executing an application in response to a keystroke or mouse button.

  1. So in-order to map a mouse button to a keystroke we have to install an application called xte, which in Ubuntu comes as part of the xautomation package which can be installed like this

  1. Now we need to create a configuration file for xbindkey, which can be done like this…

  1. We need to edit this file in a text editor. I use nano, but vim, kate or gedit are just as good but you can of course use what ever editor you would prefer to…

The xbindkeys configuration file has a very simple format…

  1. So we need to add our button-to-key configurations, but first we need to know what ‘events’ the mouse buttons are triggering before we can remap them. For this we can use xev, this program is a key and mouse event sniffer. It runs by opening a small window. You can now start pressing keyboard or mouse buttons over the window and see if they are detected. For example the forward button on my Logitech Revolution MX looks something like this:

Bellow I’ve included a table for the Logitech MX mouse, these will probably be if you have a newer, or older mouse

Mouse Button Event Code xbindkeys Code
Thumb Scroll Up 13 b:13
Thumb Scroll Click 17 b:17
Thumb Scroll Down 15 b:15
Thumb Button Up 9 b:9
Thumb Button Down 8 b:8
Left Button 1 b:1
Right Button 2 b:2
Scroll Up 4 b:4
Scroll Down 5 b:5
  1. Now that we have a list of all our button codes we can move on to actually writing the configuration file. For example I have this to map the Thumb Button Up and Thumb Button Down buttons to switching workspace in my Gnome shell, these keycombinations are specific to my setup so you will need to chnage them. What I’m doing here is pressing the ‘Windows’ key ‘Left Control’ then ether ‘Down’ or ‘Up’ then releasing the other two keys…

The Rapup Now we make it all work

Thats all there is. Once you have setup your /.xbindkeysrc confirguration file, you just need to configure xbindkeys to run automatically on system startup. This is going to be different depending on your windows manager, but here are the steps for KDE and Gnome

Gnome3
  1. There’s a tool in GNOME 3 which allows you to add, modify and remove autostart entries and you can run it by executing from a terminal or from the ALT+F2 dialog. Just run gnome-session-properties
  2. Click on “Add”
  3. Write ‘Xbindkeys’ in the Name and ‘/usr/bin/xbindkeys’ as the Command and press OK.
  4. Done!
KDE
  1. Open System Settings.
  2. Go to Advanced tab -> Autostart.
  3. Click on “Add Program…”.
  4. Write ‘/usr/bin/xbindkeys’ and press OK. A new dialog pops up. Press OK again.
  5. Done!
Non-Root Ubuntu Shutdown
24 Feb

Non-Root Ubuntu Shutdown

It may at first seem rather daft that you must become root before you can shutdown you PC, but it does make sense. Linux is designed as a multi-user system, just think of any web site you’ve ever visited. Many different people can be accessing the same site at the same time and that’s to say nothing for the other people hosting their site on the same machine. Could you imagine the chaos that would result if any one of those users were able to turn that machine off at will? You may still be thinking “ye, but they could pull the power” but, they couldn’t, the users I am referring to have no physical access to the machines in question so securing the shutdown commands in this way is still highly effective.

In my research I have come across a couple of different methods to achieving the goal of non-root shutdown. The /etc/shutdown.allow file is a common option, however it fails the ‘usability’ test for me as it requires a number of other steps and relies on keyboard shortcuts to be correctly configured and not intercepted by other process. Because of that I have decided to go with the sudo method as my recommended choice.

The SUDO Method

In-order for user of the ‘shutdown’ group to turn off the machine we must create the group ‘shutdown’. So run this command, prefixing it with sudo to make sure it is run as root

Next we need to start adding people to our new shutdown group. This command will do the job, just replace username with your username.

or

Anyone you add to this group will be able to shutdown your computer, even when they’re not sitting at it so be selective in your choices. The next thing we need to do is give the shutdown group permission to invoke the command for shutting down or rebooting. In Linux these command are /sbin/shutdown, /sbin/reboot or /sbin/halt so now run the visudo command and add the following lines.

That’s you done. Now anyone in the shutdown group can now run sudo shutdown as if they were root and shutdown the computer.

The Next Step?

At this point you may have notice that users still have to prefix the shutdown command with sudo. I personally like this as it reduced the risk of typo etc.. but I know for some (or most) its still a pain, so we can remove it.

What we need to do is create a script in /usr/local/bin/shutdown which prepends the sudo command for us.

Now just make the script executable and, for a little extra protection, change its ownership to out new shutdown group