The Paradigm Shift to Accompany The Advent of Cheap Computing

Today, it came to my atten­tion that a LINUX com­put­er, priced between $25–35, is now avail­able. This com­put­er is called the Rasp­ber­ry Pi.

It sure looks like com­put­ing is going to take on a whole new dimen­sion in the com­ing years. No longer are there going to be sig­nif­i­cant finan­cial bar­ri­ers to acqui­si­tion, mean­ing they will be every­where and clus­ters of extreme­ly cheap com­put­ers will add yet anoth­er dimen­sion to cloud com­put­ing.

I think this will mean that com­put­er tech­ni­cal skills are going to even­tu­al­ly be syn­ony­mous to lit­er­a­cy. Sure­ly com­put­ers and com­put­ing will con­tin­ue to evolve at a fever­ish pace, elim­i­nat­ing much of the unnec­es­sary human toil.
Con­tin­ue read­ing “The Par­a­digm Shift to Accom­pa­ny The Advent of Cheap Com­put­ing”

When a List of Files is Too Long for a Typical “rm” Command

I was on a client’s report­ing server and noticed that an “ls” of their report logs took about 10 min­utes. The direc­to­ry had a log for every report run since June 2010, which is around 1.3 mil­lion files!

Here’s a tran­script of the error:

[root@morpheus log]# pwd
/home/morpheus/tools/birt-runtime-2_0_1/Report Engine/log
You have new mail in /var/spool/mail/root
[root@morpheus log]# rm *
-bash: /bin/rm: Argument list too long

Con­tin­ue read­ing “When a List of Files is Too Long for a Typ­i­cal “rm” Com­mand”

How To Execute a Script After a Running Process Completes

Most peo­ple who are famil­iar with Lin­ux, real­ize that there are ways of chain­ing process­es to run one after anoth­er. Typ­i­cal­ly this is done by writ­ing a script, or using && to daisy chain addi­tion­al com­mands on com­mand line.

There is, how­ev­er, anoth­er way to do this; if you’ve already issued a com­mand and want to add anoth­er com­mand after the orig­i­nal has already start­ed. This is espe­cial­ly use­ful if you’re unzip­ping, say a 15 giga­byte data­base dump, and you want to make sure that the import hap­pens imme­di­ate­ly after the import is com­plete.

Here’s an exam­ple of what would hap­pen if I were enter­ing the com­mands man­u­al­ly.

Macintosh:~ chriscase$ scp user@hostname.com:archive/database.sql.gz .
Macintosh:~ chriscase$ gunzip database.sql.gz
Macintosh:~ chriscase$ mysql -u dbusername -pdbpassword dbname < database.sql

Since I’m not going to stay glued to the con­sole for the entire dura­tion of this process, I either need to write a script or fig­ure out anoth­er tech­nique, so I keep things mov­ing along.

As it turns out, there is a very sim­ple way to accom­plish this, with the com­mand wait. This com­mand has the abil­i­ty to wait until a spec­i­fied process is com­plete before exe­cut­ing a com­mand.

Here’s an exam­ple of how this could be used, if you want­ed to add the last two process­es after the scp from the above exam­ple had already begun.

Macintosh:~ chriscase$ scp user@hostname.com:archive/database.sql.gz .

Once the down­load is kicked off, you can kick it into the back­ground by using [ctrl-z] which will pause the process and then issu­ing the com­mand [bg]. This will put the paused process run­ning into the back­ground. Now, to chain the oth­er process­es after­ward, you can do the fol­low­ing.

Macintosh:~ chriscase$ wait %1 && gunzip database.sql.gz && mysql -u dbusername -pdbpassword dbname < database.sql

The above code will wait to exe­cute until the scp is done, then it will use gzip to unzip the file and mysql to import the data­base dump file. Now that you’ve done this, you can go off and do some­thing else, con­fi­dent that your data­base will be done import­ing in a few hours.

Restrict a Linux User’s Access: Only Allowing SCP/SFTP, no SSH

The stan­dard tech­niques for restrict­ing a Lin­ux user account, does not allow for file trans­fers to/from the user’s home direc­to­ry. In my expe­ri­ence it is use­ful to have cer­tain account types which are only allowed to upload/download files from their home direc­to­ry; but not login and run shell com­mands.

This is easy to do with a shell called rssh (Restrict­ed Secure Shell); but you must first install it, because it does not typ­i­cal­ly come pack­aged with most dis­tri­b­u­tions of Lin­ux.

Installing RSSH

Locate the most appro­pri­ate pack­age for your dis­tri­b­u­tion of Lin­ux at the down­load site. Once you have locat­ed the RPM you will need do the fol­low­ing steps, sub­sti­tut­ing your cho­sen pack­age for the RPM.

[root@Internal ~]# <strong>wget http://packages.sw.be/rssh/rssh-2.3.2-1.1.el3.rf.x86_64.rpm</strong>
--2010-10-11 20:36:21--  http://packages.sw.be/rssh/rssh-2.3.2-1.1.el3.rf.x86_64.rpm
Resolving packages.sw.be... 85.13.226.40
Connecting to packages.sw.be|85.13.226.40|:80... connected.
HTTP request sent, awaiting response... 302 Found
Location: http://rpmforge.sw.be/redhat/el3/en/x86_64/rpmforge/RPMS/rssh-2.3.2-1.1.el3.rf.x86_64.rpm [following]
--2010-10-11 20:36:21--  http://rpmforge.sw.be/redhat/el3/en/x86_64/rpmforge/RPMS/rssh-2.3.2-1.1.el3.rf.x86_64.rpm
Resolving rpmforge.sw.be... 85.13.226.40
Reusing existing connection to packages.sw.be:80.
HTTP request sent, awaiting response... 200 OK
Length: 45053 (44K) [application/x-rpm]
Saving to: “rssh-2.3.2-1.1.el3.rf.x86_64.rpm”
100%[====================================================================================================================================================>] 45,053      94.6K/s   in 0.5s
 
2010-10-11 20:36:22 (94.6 KB/s) - “rssh-2.3.2-1.1.el3.rf.x86_64.rpm” saved [45053/45053]
 
[root@Internal ~]# rpm -ivh rssh-2.3.2-1.1.el3.rf.x86_64.rpm
warning: rssh-2.3.2-1.1.el3.rf.x86_64.rpm: Header V3 DSA signature: NOKEY, key ID 6b8d79e6
Preparing...                ########################################### [100%]
1:rssh                   ########################################### [100%]

Updating Access Permissions

Now you should be able to set a user’s login shell to RSSH. Here is what the orig­i­nal line will usu­al­ly look like.

joe:x:501:501::/home/joe:/bin/bash

This is what the updat­ed line will look like.

joe:x:501:501::/home/joe:/usr/bin/rssh

What Happens if the User Attempts to SSH in After Access is Restricted

Now if joe attempts to login via SSH, the fol­low­ing will occur:

[root@Internal ~]# ssh joe@localhost
The authenticity of host 'localhost (127.0.0.1)' can't be established.
RSA key fingerprint is b5:39:02:23:01:a5:ff:b9:c1:aa:01:a9:69:21:a4:e0.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'localhost' (RSA) to the list of known hosts.
joe@localhost's password: 
 
This account is restricted by rssh.
This user is locked out.
 
If you believe this is in error, please contact your system administrator.
 
Connection to localhost closed.