Archive for category Articles

Apples file permissions and extended attributes and ACLs

Posted by on Saturday, 26 September, 2009

Whilst i realize this is not ‘linux’ is is unix based and has a similar permissions and command line.

I recently upgraded my OS X laptop to Snow leopard. Being the good sysadmin I am i made sure i used Time Machine to backup all my files and data to an external drive. I used the chance to do a fresh install also, and the upgrade went fine.

I then restored from my backup. I noticed immediately that I couldn’t write to some files and was unable to do some things without entering the root password. Now I had changed the username so i assumed naturally that they would be perhaps owned by my own username and somehow timemachine hadnt changed it.

This was not the case, the permissions seemed fine, they could be all drwxrwxrwx and owned by me i still could not write to them. I did notice the symbol on the end which was an @ symbol.

drwxr-xr-x@   5 wishes  staff         170 18 Jul 22:15 wordpress

Interesting! After much googling i found this is extended attributes symbol, and to view those you can use

ls -l@

drwxr-xr-x@ 146 wishes  staff  4964 28 Aug 21:38 Cheerleading
com.apple.metadata:_kTimeMachineNewestSnapshot      50
com.apple.metadata:_kTimeMachineOldestSnapshot      50

After a bit of googling i figured out i can remove this using the command

sudo xattr -d “com.apple.metadata:_kTimeMachineOldestSnapshot” filename

So i wrote a quick shell script that stripped both the “com.apple.metadata:_kTimeMachineOldestSnapshot” and “com.apple.metadata:_kTimeMachineNewestSnapshot” off since none of these files were in time machine any more. I wasn’t sure at that time if this was why i was unable to remove it, as it turns out it wasn’t.

As it turns out by removing the extended attributes i discovered the @ had now turned into a +

-rw-r–r–+   1 wishes  staff       56743 16 Sep 07:03 Recipes.pdf

Again, i set off to google this one. I found this excellent page here which explains all the ACLs. By doing the following i can list all the ACLs

ls -le@O

drwxrwxrwx+   5 wishes  staff  –        170 28 Aug 21:41 Raw Photos
0: group:everyone deny add_file,delete,add_subdirectory,delete_child,writeattr,writeextattr,chown

So now i knew that it was ACLs i was able to remove those with the following

chmod -a# 0 *

Bingo! now i can access all my files happily! Hopefully this saves somebody else the frustration i went through trying to figure it out 🙂


Safe rm – stops you accidentally wipeing the system!

Posted by on Monday, 21 September, 2009

I found this the today http://www.safe-rm.org.nz/ , and having had the odd accident im most definitely going to be installing this on my own server!

What is safe-rm?

Safe-rm is a safety tool intended to prevent the accidental deletion of important files by replacing /bin/rm with a wrapper, which checks the given arguments against a configurable blacklist of files and directories that should never be removed.

Users who attempt to delete one of these protected files or directories will not be able to do so and will be shown a warning message instead:

    $ rm -rf /usr
    Skipping /usr

(Protected paths can be set both at the site and user levels.)

Recovering important files you deleted by mistake can be quite hard.

So, why not install this on your server and save yourself some hassles in case you accidentally have that shell script gone wrong problem. Now if somebody could do the same to fdisk I would be totally happy, there was this time when i accidentally repartitioned my own server HDD after puting a new one in, and got the wrong drive :/

For manual install its as simple as

wget the file http://safe-rm.googlecode.com/files/safe-rm-0.6.tar.gz

tar zvxf safe-rm-0.6.tar.gz

cd safe-rm-0.6

mv /bin/rm /bin/old-rm

mv safe-rm /bin/rm

For those running debian variants you can

apt-get install safe-rm

Points to note in the README:

Once you have installed safe-rm on your system (see INSTALL), you will need to
fill the system-wide or user-specific blacklists with the paths that you’d like
to protect against accidental deletion.

The system-wide blacklist lives in /etc/safe-rm.conf and you should probably add
paths like these:

/
/etc
/usr
/usr/lib
/var

The user-specific blacklist lives in ~/.safe-rm and could include things like:

/home/username/documents
/home/username/documents/*
/home/username/.mozilla

Here are two projects which allow you to recover recently deleted files by trapping
all unlink(), rename() and open() system calls through the LD_PRELOAD facility:

delsafe (link in the readme is dead but i googled and updated it here)
http://unix.freshmeat.net/projects/delsafe

libtrashcan
http://hpux.connect.org.uk/hppd/hpux/Development/Libraries/libtrash-0.2/readme.html

There are also projects which implement the FreeDesktop.org trashcan spec. For example:

trash-cli
http://code.google.com/p/trash-cli


Ubuntu networking bug updating to Jaunty

Posted by on Thursday, 10 September, 2009

We had a customer email in after updating to Jaunty recently. They said the following

Hi guys, I upgraded my VPS a little while back to Ubuntu Jaunty (because I was several versions out of date and the apt repositories had gone away.) I never actually rebooted the machine afterwards though because it wasn’t a good time to potentially interrupt email. I finally got around to doing that, and the VPS won’t come back onto the network. Logging in over the console, it looks like there are no network interfaces configured. A few other things don’t feel right (eg, dmesg tells me that the current tls library or perhaps libc isn’t xen-friendly.) but mostly everything *looks* like it’s ok but doesn’t have a network interface.. services that want to resolve hostnames didn’t start up, etc. Trying to dig into the problem, it looks like there are no modules installed for the kernel, but this is where my expertise runs out.. I don’t know enough about Xen to know if everything was just precompiled into the kernel, or if I blew away my kernel modules during upgrade.

I was curious so logged in via the console .

I ran ifup and got the following errors

root@charon ~ # ifup eth0
ifup: failed to open statefile /var/run/network/ifstate: No such file or directory

so i checked and /var/run/network did not exist. I fixed this

root@charon network # mkdir /var/run/network/
root@charon network # ifup eth0
* if-up.d/mountnfs[eth0]: waiting for interface lo before doing NFS mounts
root@charon network # ifconfig
eth0 Link encap:Ethernet HWaddr aa:00:d6:a1:5e:e4
inet addr:72.33.222.111 Bcast:72.29.222.255 Mask:255.255.255.128
inet6 addr: fe80::a800:d6ff:fea1:5ee4/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:56 errors:0 dropped:0 overruns:0 frame:0
TX packets:15 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:5447 (5.4 KB) TX bytes:1074 (1.0 KB)

The file system on Ubuntu in /var/run is a virtual filesystem on Ubuntu, I googled and came across this post here https://bugs.launchpad.net/ubuntu/+bug/367171 which clearly logs the bug, and a fix.

The fix i applied which was adding the following into /etc/init.d/networking

[ -d /var/run/network ] || mkdir -p /var/run/network

This checks if the dir exists and creates it if it doesn’t.

This does fix the problem but its a bit of a hack. I noticed a link later on down the post which took me to https://bugs.launchpad.net/ubuntu/+bug/377432 . This link had a bit more technical information. They said look for the following files and remove them.

/etc/udev/rules.d/85-ifupdown.rules

/lib/udev/rules.d/85-ifupdown.rules