Notes about open source software, computers, other stuff.

Tag: sysadmin (Page 2 of 4)

Using ‘expect’ to distribute files among users

I’m currently teaching at the Summmer School in Statistical Omics in Split, Croatia. A great experience!

Because of the computations involved in the project work, we have access to a server. However, since the machine is part of a university cluster, I haven’t been given full root permissions (in fact, I’m only allowed to use sudo to install packages).

Now, the problem I had to solve was that I needed to distribute a certain file (.Renviron) to each student’s home directory. Normally I’d use sudo to do that, but the admin hadn’t allowed me to use cp via sudo. Furtunately, I had a list of user names and passwords for the students (because I had to distribute those), so I thought I’d use su - to change to each student’s account and copy the file, something along the lines of

echo PASSWORD | su -

and then loop over each account. Unfortunately, while testing the script I found out it wouldn’t work since su complained:

su: must be run from a terminal

Then I remembered the expect tool, which executes commands based on what it ‘sees’ on the command line. In this case I wanted it to enter the password at su‘s prompt. This is the expect script I came up with, it accepts two command line arguments, the user name and the password:

#!/usr/bin/expect -f
set user [lindex $argv 0]
set pass [lindex $argv 1]
spawn su - $user
expect "Password: "
send "$pass\r"
expect "$ "
send "cp -i /common/WORK/school/lennart/.Renviron .\r"
expect "$ "
send "ls -l .Renviron\r"
expect "$ "
send "exit\r"

The script was wrapped in the Bash script that I had already written:

# This script is used to copy files from this directory to the
# home directories of the users listed in $USERFILE.
while read user passw; do
    ./copy_file_to_users.expect $user $passw
done < $USERFILE

Changing the default mode of the Emacs scratch buffer

After starting Emacs you end up in the *scratch* buffer (assuming you’ve disabled the startup message in your .emacs file). The *scratch* can be used for writing down notes and some Lisp experiments (since it uses the Emacs Lisp major mode by default).

Now, I’m not very much of a Lisp programmer, but I do use Org-mode a lot. Consequently, I found myself changing the buffer’s major mode to org-mode regularly. And Emacs wouldn’t be Emacs if you couldn’t change this to a default. So, thanks to Bozhidar Batsov over at Emacs Redux, I’ve added the following lines to my Emacs configuration file:

;; Set the default mode of the scratch buffer to Org
(setq initial-major-mode 'org-mode)
;; and change the message accordingly
(setq initial-scratch-message "\
# This buffer is for notes you don't want to save. You can use
# org-mode markup (and all Org's goodness) to organise the notes.
# If you want to create a file, visit that file with C-x C-f,
# then enter the text in that file's own buffer.

Fixing problems after giving your Samba server a new IP address

While moving my DHCP server to a Raspberry Pi I also changed some of the IPs handed out to my (virtual) servers. This lead to problems when I logged into Windows (which is tied to my Samba domain), Windows complained that my roaming profile wasn’t completely synced and browsing network shares didn’t work, copying from (mounted) network shares didn’t work, etc.

In the Samba log files I noticed some references to the old IP address (, e.g.:

[2014/03/13 16:22:23,  0] nmbd/nmbd_become_dmb.c:237(become_domain_master_query_success)
  There is already a domain master browser at IP for workgroup SENW registered on subnet UNICAST_SUBNET.


  [2014/03/13 16:20:07,  0] nmbd/nmbd_browsesync.c:248(domain_master_node_status_fail)
  Doing a node status request to the domain master browser
  for workgroup SENW at IP failed.
  Cannot sync browser lists.

Even after restarting smbd and nmbd, and checking my smb.conf thoroughly, these kept showing up.

It turns out (thanks a lot Matt Godbolt) that nmbd keeps caches in two files (paths as they are on my Ubuntu 12.04 server):

  • /var/cache/samba/browse.dat
  • /var/lib/samba/wins.dat

Simply stop nmbd, delete them, restart nmbd and you’re happy.

Slackware on the Raspberry Pi

I took some time this week to migrate my DNs and DCHP server from an Ubuntu virtual machine to my Raspberry Pi. I wanted to do this because these two servers are so essential to regular network functioning. Before this change whenever my server was down (for whatever reason) any machine connected to the LAN would stop having a working internet connection. Moreover, since I never got the VM to boot correctly on autostart I had to manually start it every time the server came back up again.
Conclusion: not ideal and pissed of family members ;-).

Since I had my Raspberry Pi lying around and, apart from a few toy projects, hadn’t used it for anything, I decided to use it for this task: low power requirements and hardware that was more than up to the task.

The question was which distribution to use. I could have gone for Raspbian (Debian for the Raspberry Pi), which would have blended well with my otherwise Ubuntu-minded network. However, partly for nostalgic reasons, partly make sure I don’t get too tied to one distribution, I decided to try and install Slackware, the distribution I used for my first steps in Linux Land.

I followed most of the steps from the tutorial (see link below) to get everything running. It’s a very well written, extensive tutorial. Things where I followed my own judgement/experience were the fact that I didn’t use a USB stick to download the Slackware packages on (I used an NFS share on my server) and the package selection. With a relatively simple selection I now have about 2GB of disk usage.

Only one thing left to migrate to the Pi now: my LDAP server. Unfortunately it’s been several years since I configured OpenLDAP (on Ubuntu) and Slackware doesn’t include the OpenLDAP server by default. So this will be something for a rainy day…


Puppet commands change when upgrading to v3.0.0

After upgrading Puppet from versions < v3 to version 3.0.0 or higher, the main commands have changed, keep this in mind when reading my earlier post. From the ChangeLog:

Pre-2.6 Post-2.6
puppetmasterd puppet master
puppetd puppet agent
puppet puppet apply
puppetca puppet cert
ralsh puppet resource
puppetrun puppet kick
puppetqd puppet queue
filebucket puppet filebucket
puppetdoc puppet doc
pi puppet describe

Some examples

To run puppet on a client puppetd --test is changed to:

puppet agent --test

To show a list of clients waiting for signing of their certificates run the following on the master:

puppet cert list

instead of puppet ca -l. To list all certificates, run (on the master):

puppet cert list --all

To completely remove a client’s certificate on the master run:

puppet cert clean client.localdomain

and to sign a client certificate on the master run:

puppet cert sign client.localdomain

Replacing a character in a Bash variable name

Today I needed to replace a : in a bunch of file names with a -, so I wanted to write a Bash for-loop to do just that. I vaguely remembered that you can do character replacements within variables, but couldn’t remember the details.

This is how it’s done:

for filename in *; do
    mv "$filename" "${filename/:/-}"

I put the variables in double quotes, because the file names contained spaces.

Showing other users (from LDAP) in the LightDM greeter

Ubuntu Linux uses the LightDM greeter (the login screen you see after booting). Since I’m using an LDAP server to store my user accounts and LightDM by default only shows local users I needed to tell LightDM to give me an ‘other user’ option where I can enter a user name and password (I first checked to see if my LDAP connection work by logging in with an LDAP user from the console (tty1).
LightDM is configured in /etc/lightdm/lightdm.conf, but also provides command line tools to set the options. To show the ‘other user’ use:

sudo /usr/lib/lightdm/lightdm-set-defaults --show-manual-login true

This will disable the user list. It adds the line


to the lightdm.conf file.
If you only want to see the “Other” entry run:

sudo /usr/lib/lightdm/lightdm-set-defaults --hide-users true

And lastly you can turn off guest:

sudo /usr/lib/lightdm/lightdm-set-defaults --allow-guest false

Thanks to mfish at!

Growing XFS and still not able to write files, enough free space

One of the XFS filesystems at work almost ran out of space recently, so I extended the Logical Volume it was on, followed by xfs_growfs. This worked fine, df -h showed enough free space for the upcoming data. In the XFS FAQ I read that by default all inodes are placed in the first 1 TB of disk, which could lead to problem. Therefore, I added the inode64 option to the mount options and ran

mount -o remount

on the partition.

While reviewing my log messages this morning I noticed a lot of

No space left on device

messages for that filesystem. Having this inode64 option in mind I wondered what went wrong. Although df -h and df -i showed enough free space and free inodes, respectively, I still couldn’t create a file. Again the XFS FAQ had an entry for that, but it puzzled me, because I was already using the inode64 option. Since the filesystem wasn’t in use I decided to completely unmount it and then mount it again. That worked. Apparently -o remount is not enough to enable the inode64 option.

Setting up (or fixing) an encrypted swap partition

Today I tried to clone my laptop’s harddrive to a new drive (thanks to Lenovo for sending me a replacement since the old drive was showing signs of breaking down). At first I tried dd, but that failed at around 90%, either because the old disk is indeed failing or because something fishy with the USB connection or enclosure in which I put the new disk. So I started gparted to check which partitions were copied OK and which weren’t. It turns out that all partitions were fine, except for my (encrypted) swap partition. gparted didn’t even recognise the partition type (on the original drive!). So after I replaced the harddrive I wanted to recreate the encrypted swap partition. It turn’s out to be easy if you follow the steps outlined in this blog post from Puny Geek. Thanks Puny Geek!

« Older posts Newer posts »

© 2020 Lennart's weblog

Theme by Anders NorenUp ↑