How to hide mouse pointer on secondary / TV screen

So you have set up your Ubuntu / Kubuntu system with two separate X screens, one of them being a TV screen you only use to play fullscreen video. Now how do you prevent the mouse cursor to show on the TV screen ? That’s an easy one :

1. Create an empty bitmap file, eg. using a very basic program called “bitmap” :

user@box:~$ bitmap &

Click “New” and save the empty file with the name blank.bmp in your home dir.

2. Tell X to use that empty bitmap as mouse pointer and mask on the secondary display (it is called “:0.1″ on my box)

user@box:~$ sudo xsetroot -display “:0.1” -solid black -cursor ~/blank.bmp ~/blank.bmp

Of course you probably want to run that automatically everytime X starts.
With Kubuntu 9.04, I suggest putting the blank.bmp file in /usr/share/X11/ and add the following to /etc/kde4/kdm/Xsetup :

#! /bin/sh
# Xsetup – run as root before the login dialog appears
xsetroot -display “:0.1” -solid black -cursor /usr/share/X11/blank.bmp /usr/share/X11/blank.bmp

How to connect with ssh without using a password

Let’s say you have an account on a remote server running some flavour of linux (or even *BSD – I think OpenSSH works the same way on those), and connect to it via ssh from your local linux machine.
There is a simple yet secure way to connect without the need for entering your password on the remote server. This involves public-key cryptography : in simple words, you are going to generate a public key and copy it over to the remote host, and afterwards use the associated secret key to authenticate yourself instead of your unix password.

0. I assume you have openssh installed both remotely and locally. If not, just do :

user@localbox:~$ sudo apt-get install openssh

1. Generate public and private RSA keys for the local computer :

user@localbox:~$ ssh-keygen -t rsa

(ssh-keygen will offer to protect your private key with a passphrase but I personnally skip that part.)
This will create 2 files named id_rsa and id_rsa.pub in the .ssh subdirectory of your home directory. id_rsa.pub is your public RSA key, which you can disclose to anyone, whereas id_rsa is your private key, which you absolutely need to keep secret (that’s why by default the file has -rw——- permissions, meaning only you can read it).

2. Copy your public key to the remote computer using scp :

user@localbox:~$ scp ~/.ssh/id_rsa.pub user@remotebox.remotedomain.tld:~/.ssh/id_rsa_localbox.pub

(assuming ‘user’ is also your login name at the remote machine, and replacing ‘remotebox.remotedomain.tld’ with the server name or IP address).
scp will ask you to provide your remote password.

3. Log in to the remote host and add your public key to the file named authorized_keys2 in the remote .ssh directory :

user@remotebox:~$ cd .ssh
user@remotebox:~/.ssh$ cat id_rsa_localbox.pub >> authorized_keys2
user@remotebox:~/.ssh$ rm id_rsa_localbox.pub

Voilà ! You can now use ssh to connect from your local box to the remote server without password. You can also use scp or rsync to copy files over, with no password needed either.
Note that the key-pair you generated is attached to your account on the local box, and will not work for another user. Also note that you do not need admin rights on the local box nor on the server side to make this work.

How to change computer host name of a Debian or Ubuntu system

In a very quick note, this is how to change the local host name on a Debian or Ubuntu system. This can be especially useful if you did not install your server by yourself and euther rely on your provider’s automated installation or are using one of those pre-built virtual appliances (by the way, take a look at this site which maintains a very impressive collection, including many debian and ubuntu flavours).

Now to the point. You need to first edit the content of /etc/hostname with the new name :

user@box:~$ sudo -s
root@box:~$ nano /etc/hostname

and run the following init script :

user@box:~$ /etc/init.d/hostname.sh start

Also edit the content of /etc/hosts to reflect the change – there should be at least a line beginning with 127.0.1.1 that you will want to modify :

root@box:~$ nano /etc/hosts

You will have to exit your current console session and re-login to see your shell prompt updated. If you are running a Gnome / KDE or other X session, you should also restart it (Ctrl+Alt+Backspace).

That’s it ! As I said, a quick one today.

How to execute a command, program or script at startup (init mini-howto)

This is a (very) simple guide to adding a command or script to the debian / ubuntu startup sequence. There is obviously much more to it, but if you need to do very simple stuff, this can be useful.

1. Put the script in /etc/init.d – do not forget to give it execute permissions (’chmod a+x foobar’)
2. Run :

root@box:~# update-rc.d foobar defaults

‘foobar’ being the name of the script (must be in /etc/init.d)

This starts service (invoking script with start argument) in boot sequence with execution order 20 for runlevels 2,3,4,5 (= all multiuser levels) and stops it on runlevels 1 and 6 (reboot/shutdown/single user).

If you need fine tuning, you can specify execution order and runlevels, eg :

root@box:~# update-rc.d foobar start 30 2 3 4 5 . stop 70 0 1 6 .

(note the full stop character)

To remove script from startup sequence :
1. Delete script from /etc/init.d
2. Run :

root@box:~# update-rc.d foobar remove

To remove script from boot sequence while leaving script in /etc/init.d, use :

root@box:~# update-rc.d -f foobar remove

Alternatively, you can also use the all-in-one tool :

root@box:~# apt-get install sysv-rc-conf
root@box:~# sysv-rc-conf

How to install and configure pure-ftpd

This is how to install and configure the pure-ftpd ftp server on your Ubuntu or Debian server or workstation.
First use apt to download and install the pure-ftpd package – it is available from default repositories :

root@box:~# apt-get install pure-ftpd
.
.
.
Setting up pure-ftpd (1.0.21-11ubuntu1) …
Starting ftp server: Running: /usr/sbin/pure-ftpd -l pam -u 1000 -E -O clf:/var/log/pure-ftpd/transfer.log -B

As the latest line of apt output tells us, the server is already started with some default options passed to the binary via the command line.

The way to configure pure-ftpd is quite different from to other Debian / Ubuntu software. When installed as a service and started during the init process, pure-ftpd is invoked by a script called pure-ftpd-wrapper. What’s unusual is that instead of reading a single configuration file for all options, the script uses a directory full of one-line files. Let’s have a look in /etc/pure-ftpd/conf :

root@box:~# cd /etc/pure-ftpd/conf/
root@box:/etc/pure-ftpd/conf# ls -la
total 24K
-rw-r–r– 1 root 36 2007-06-22 02:01 AltLog
-rw-r–r– 1 root 5 2007-06-22 02:01 MinUID
-rw-r–r– 1 root 4 2007-06-22 02:01 NoAnonymous
-rw-r–r– 1 root 4 2007-06-22 02:01 PAMAuthentication
-rw-r–r– 1 root 28 2007-06-22 02:01 PureDB
-rw-r–r– 1 root 3 2007-06-22 02:01 UnixAuthentication

Each of those files describes a command-line option of the pure-ftpd server. For example, the file AltLog contains the format of, and path to, the tranfer log file :


root@box:/etc/pure-ftpd/conf# cat AltLog
clf:/var/log/pure-ftpd/transfer.log

Let’s now set some of the basic options by editing those one-liners (our server will listen to port 21 on all available interfaces, and will use IP 12.34.56.78 and ports 4500-4600 for passive mode – don’t forget to forward those from your NAT router if you are behind one):

root@box:/etc/pure-ftpd/conf# echo ,21 > Bind
root@box:/etc/pure-ftpd/conf# echo 12.34.56.78 > ForcePassiveIP
root@box:/etc/pure-ftpd/conf# echo 4500 4600 > PassivePortRange

Now for some recommended security stuff :

root@box:/etc/pure-ftpd/conf# echo yes > ChrootEveryone
root@box:/etc/pure-ftpd/conf# echo yes > ProhibitDotFilesRead
root@box:/etc/pure-ftpd/conf# echo yes > ProhibitDotFilesWrite
root@box:/etc/pure-ftpd/conf# echo yes > NoChmod
root@box:/etc/pure-ftpd/conf# echo yes > BrokenClientsCompatibility

Let’s also set some limits to avoid abuse :

root@box:/etc/pure-ftpd/conf# echo 4 > MaxClientsPerIP
root@box:/etc/pure-ftpd/conf# echo 20 > MaxClientsNumber

Now the important thing we need to decide is what user authorization method(s) our server will support. Options include Unix Authentication (anyone with a login account on the server will have ftp access), but I chose PureDB authentication, which involves a dedicated pure-ftpd “virtual users” base.
So let’s disable Unix and PAM auth, set the path to the PureDB user file, and add PureDB as an auth method by linking to it from the /etc/pure-ftpd/auth directory :


root@box:/etc/pure-ftpd/conf# echo no > PAMAuthentication
root@box:/etc/pure-ftpd/conf# echo no > UnixAuthentication
root@box:/etc/pure-ftpd/conf# echo /etc/pure-ftpd/pureftpd.pdb > PureDB
root@box:/etc/pure-ftpd/conf# ln -s /etc/pure-ftpd/conf/PureDB ../auth/50pure

Let’s now create a (system) user and group that will be bound to all ftp virtual users. For security reasons, that special user should have no home directory (-d /dev/null) and no shell access (-s /bin/false) :


root@box:/etc/pure-ftpd/conf# groupadd -g 2001 ftpgroup
root@box:/etc/pure-ftpd/conf# useradd -u 2001 -s /bin/false -d /dev/null -c “pureftpd user” -g ftpgroup ftpuser

We can now use the pure-pw command to add our first virtual user (don’t forget the “pure-pw mkdb” command : it is required to commit/confirm changes to the user file)

root@box:/etc/pure-ftpd/conf# pure-pw useradd myfirstuser -u ftpuser -d /var/ftp/public/

Password:
Enter it again:

root@box:/etc/pure-ftpd/conf# pure-pw mkdb

Let’s add TLS/SSL support and generate a private certificate (you will be asked to provide some information to put in the cert)

root@box:/etc/pure-ftpd/conf# apt-get install openssl
root@box:/etc/pure-ftpd/conf# echo 1 > TLS
root@box:/etc/pure-ftpd/conf# openssl req -x509 -nodes -newkey rsa:1024 -keyout /etc/ssl/private/pure-ftpd.pem -out /etc/ssl/private/pure-ftpd.pem
Generating a 1024 bit RSA private key
.
.
.
root@box:/etc/pure-ftpd/conf# chmod 600 /etc/ssl/private/pure-ftpd.pem

Let’s finally restart the server with our all-new config :

root@box:/etc/pure-ftpd/conf# /etc/init.d/pure-ftpd restart
Restarting ftp server: Running: /usr/sbin/pure-ftpd -l puredb:/etc/pure-ftpd/pureftpd.pdb -X -b -u 1000 -C 4 -E -S ,21 -x -c 20 -R -A -p 4500:4600 -O clf:/var/log/pure-ftpd/transfer.log -Y 1 -P 12.34.56.78 -B

All done ! Enjoy a simple, robust and secure ftp server.

How to move mysql database to another drive or partition

So you need to physically move around your mysql databases, typically because you want to put them on a another partition or hard drive, or on some network device ? This is how you can do it.

My box runs Ubuntu Server 7.10 (Gutsy Gibbon), but the following should apply to any recent Debian or Ubuntu distribution.
First stop the mysql service :

root@box:~/# /etc/init.d/mysql stop
* Stopping MySQL database server mysqld [ OK ]

Then go to your current mysql data directory, by default in Debian / Ubuntu it should be /var/lib/mysql. Check that your databases are there (in this example I have 2 bases – the default ‘mysql’ base and a user-created ‘wpdb’ base) :

root@box:~/# cd /var/lib/mysql
root@box:~/# ls
total 21M
-rw-rw—- 1 mysql 10M 2008-05-01 14:39 ibdata1
-rw-rw—- 1 mysql 5.0M 2008-05-01 14:39 ib_logfile0
-rw-rw—- 1 mysql 5.0M 2008-04-27 20:57 ib_logfile1
drwxr-xr-x 2 mysql 4.0K 2008-04-27 20:57 mysql
-rw——- 1 root 6 2008-04-27 20:57 mysql_upgrade_info
drwx—— 2 mysql 4.0K 2008-04-28 19:28 wpdb

Create a new directory for your data (in this example, the /var/www directory which is located on another partition) and give ownership on it to the mysql user :

root@box:~/# mkdir /var/www/mysql_datadir
root@box:~/# chown -R mysql:mysql /var/www/mysql_datadir

Copy your databases to the new dir and update ownership if needed. Only move the databases dirs, don’t touch the other files.

root@box:~/# cp -r mysql /var/www/mysql_datadir/
root@box:~/# cp -r wpdb /var/www/mysql_datadir/
root@box:~/# chown -R mysql:mysql /var/www/mysql_datadir/*

Then update your my.conf file to make it point to the new dir :

root@box:~/# nano /etc/mysql/my.conf

Find the following statement :

datadir = /var/lib/mysql

and update with the new location :

datadir = /var/www/mysql_datadir

And finally restart the mysql service

root@box:~/# /etc/init.d/mysql start
* Starting MySQL database server mysqld [ OK ]

When restarting, mysql re-created files ibdata1, ib_logfile0, etc. in the new data dir.
If everything went OK, you can now remove the original dir. Voilà !