The Linux Questions Thread: a bunch of pitfalls, but technically it's possible

The Something Awful Forums > Discussion > Serious Hardware/Software Crap > The Linux Questions Thread: a bunch of pitfalls, but technically it's possible

«‹›1030 »

teen phone cutie: Jun 18, 2012; last year i rewrote something awful from scratch because i hate myself

Well I can always use PHPMailer, which is what I will most likely do, but my goal was to know the best way to do all the server config stuff. Is Postfix and Gmail the way to go, as described in the link I posted above?

Sorry to be a pain, but this stuff is way over my head and I feel like I�m barely following along, so I�d like to know whether a guide is poo poo before I start blindly following instructions

# ? Jun 27, 2018 01:56

Adbot: ADBOT LOVES YOU

# ? May 19, 2024 14:11

minato: Jun 7, 2004; cutty cain't hang, say 7-up.; Taco Defender

I'd just send the mail with the Gmail API. No mail servers to install or configure. Just enable the Gmail API in your Gmail account, generate a service key, and follow the examples.
Example of how to send a message (albeit in Java/Python, but the PHP client is much the same): https://developers.google.com/gmail/api/guides/sending
How to install the PHP client: https://developers.google.com/gmail/api/quickstart/php

# ? Jun 27, 2018 07:26

apropos man: Sep 5, 2016; You get a hundred and forty one thousand years and you're out in eight!

These are the notes I made last time I did it. Which is well over a year ago. My MTA still works.

code:

Packages to make sure are installed:

yum -y install postfix cyrus-sasl-plain mailx

Then restart and enable postfix:

systemctl restart postfix
systemctl enable postfix

Open the /etc/postfix/main.cf and add the following lines to the end of the file:

==========================================================
myhostname = hostname.example.com

relayhost = [smtp.gmail.com]:587
smtp_use_tls = yes
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_tls_CAfile = /etc/ssl/certs/ca-bundle.crt
smtp_sasl_security_options = noanonymous
smtp_sasl_tls_security_options = noanonymous
==========================================================
If you don't specify the first line (myhostname) then postfix will just use the FQDN of your machine.

Save /etc/postfix/main.cf and close.

Create a file /etc/postfix/sasl_passwd and add your gmail credentials to it as follows:

===========================================================
[smtp.gmail.com]:587 username:password
===========================================================
Username and password must be changed to real gmail creds. You don't have to add the gmail.com. Just put username.

Then change owner and permissions:
chown root:postfix /etc/postfix/sasl_passwd
chmod 640 /etc/postfix/sasl_passwd


Finally, reload and restart postfix (reload on its own might be enough):

systemctl reload postfix
systemctl restart postfix


Generate a postfix lookup table from the sasl_password file. I think it hashes your password and adds it to postfix:

postmap /etc/postfix/sasl_passwd

Test it out with some kerrazee emails:

echo "Dernl Vogeguff" | mail -s "Swinglish" [email]address@emaildomain.com[/email]

Now go and use it properly, for system reports and puppy pictures attachments and stuff.

# ? Jun 27, 2018 18:51

teen phone cutie: Jun 18, 2012; last year i rewrote something awful from scratch because i hate myself

Ok cool thanks I got email working. yay!

Last question I swear:

I'm looking to run a simple SSL renewal script in my crontab. The SSL was installed under my user account and I keep getting this error when I try to run it in crontab. Here's what the script looks like

code:

     # Example of job definition:
     # .---------------- minute (0 - 59)
     # |  .------------- hour (0 - 23)
     # |  |  .---------- day of month (1 - 31)
     # |  |  |  .------- month (1 - 12) OR jan,feb,mar,apr ...
     # |  |  |  |  .---- day of week (0 - 6) (Sunday=0 or 7) OR 
    sun,mon,tue,wed,thu,fri,sat
    # |  |  |  |  |
    # *  *  *  *  * user-name  command to be executed
     06 23 * * * marty ~/certbot-auto renew

And I keep getting this error, and I'm not sure how to fix it after a few hours of troubleshooting

code:

sudo: no tty present and no askpass program specified

# ? Jun 28, 2018 04:17

RFC2324: Jun 7, 2012; http 418

Grump posted:

Ok cool thanks I got email working. yay!

Last question I swear:

I'm looking to run a simple SSL renewal script in my crontab. The SSL was installed under my user account and I keep getting this error when I try to run it in crontab. Here's what the script looks like
code:
     # Example of job definition:
     # .---------------- minute (0 - 59)
     # |  .------------- hour (0 - 23)
     # |  |  .---------- day of month (1 - 31)
     # |  |  |  .------- month (1 - 12) OR jan,feb,mar,apr ...
     # |  |  |  |  .---- day of week (0 - 6) (Sunday=0 or 7) OR 
    sun,mon,tue,wed,thu,fri,sat
    # |  |  |  |  |
    # *  *  *  *  * user-name  command to be executed
     06 23 * * * marty ~/certbot-auto renew
And I keep getting this error, and I'm not sure how to fix it after a few hours of troubleshooting
code:
sudo: no tty present and no askpass program specified

It's trying to invoke sudo, so will likely need to be run in the root crontab

# ? Jun 28, 2018 04:22

teen phone cutie: Jun 18, 2012; last year i rewrote something awful from scratch because i hate myself

I�ve tried doing the same in the root crontab and get the same error

# ? Jun 28, 2018 04:25

anthonypants: May 6, 2007; by Nyc_Tattoo; Dinosaur Gum

Grump posted:

I�ve tried doing the same in the root crontab and get the same error

Take sudo out of the command in the root crontab.

# ? Jun 28, 2018 04:27

teen phone cutie: Jun 18, 2012; last year i rewrote something awful from scratch because i hate myself

But sudo isn�t in the command though? I�m just running ~/certbot-auto renew?

I think i�m misunderstanding

# ? Jun 28, 2018 04:29

RFC2324: Jun 7, 2012; http 418

The script is calling sudo. You will probably need to edit it.

E: what happens when you call the script manually?

# ? Jun 28, 2018 04:52

VictualSquid: Feb 29, 2012; Gently enveloping the target with indiscriminate love.

It looks more like cron is calling sudo, in some horribly wrong and undocumented way. I always found configuring cron to run a script as a user to be extremely finicky.
You probably would be better off running the script from marty's crontab.

# ? Jun 28, 2018 13:32

Roargasm: Oct 21, 2010; Hate to sound sleazy
But tease me
I don't want it if it's that easy

Did you mess with crontab permissions at all? Cronjobs should run as root regardless of permission, and so should sudo. Is that error a PAM failure? Something is hosed

# ? Jun 28, 2018 15:06

xzzy: Mar 5, 2009

If you look up the certbot-auto source on github it calls sudo to elevate itself to root. If sudo isn't available it uses su. They give a few options for running in the comments:

code:

# Certbot itself needs root access for almost all modes of operation.
# certbot-auto needs root access to bootstrap OS dependencies and install
# Certbot at a protected path so it can be safely run as root. To accomplish
# this, this script will attempt to run itself as root if it doesn't have the
# necessary privileges by using `sudo` or falling back to `su` if it is not
# available. The mechanism used to obtain root access can be set explicitly by
# setting the environment variable LE_AUTO_SUDO to 'sudo', 'su', 'su_sudo',
# 'SuSudo', or '' as used below.

Perhaps the easiest solution is to edit your sudoers config to give whatever user that is running the update script a nopasswd option to run that script.

Or if I'm reading the script right, running "certbot-auto --cb-auto-has-root" as root will skip around the sudo/su parts entirely.

# ? Jun 28, 2018 15:44

Double Punctuation: Dec 30, 2009; Ships were made for sinking;
Whiskey made for drinking;
If we were made of cellophane
We'd all get stinking drunk much faster!

Sudo should just run the command given if run as root with no questions, same as su -c, unless your sudoers is messed up.

# ? Jun 28, 2018 16:46

RFC2324: Jun 7, 2012; http 418

Double Punctuation posted:

Sudo should just run the command given if run as root with no questions, same as su -c, unless your sudoers is messed up.

Unless it's failing the tty check before it checks if it's root. I'm not sure which order sudo does it's checks in

# ? Jun 28, 2018 16:51

Keito: Jul 21, 2005; WHAT DO I CHOOSE ?

xzzy posted:

sudoers config to give whatever user that is running the update script a nopasswd option to run that script.

I'd assume the issue is this. Looks like he's trying to run this script as a user without the necessary privileges and its attempts to elevate via sudo aren't going too well considering it's not running in an interactive session

# ? Jun 28, 2018 16:51

teen phone cutie: Jun 18, 2012; last year i rewrote something awful from scratch because i hate myself

I just went ahead and added

code:

marty ALL=(ALL) NOPASSWD: ALL

to my visudo and it looks like everything works

Is that bad practice?

# ? Jun 28, 2018 23:44

RFC2324: Jun 7, 2012; http 418

Grump posted:

I just went ahead and added
code:
marty ALL=(ALL) NOPASSWD: ALL
to my visudo and it looks like everything works

Is that bad practice?

I'd restrict the nopasswd to just the one command, and make sure marty doesn't have write access to the script, but I'm a bit paranoid about security.

# ? Jun 28, 2018 23:51

anthonypants: May 6, 2007; by Nyc_Tattoo; Dinosaur Gum

I'm not sure why messing with sudoers is easier than adding --cb-auto-has-root to the cron job.

# ? Jun 28, 2018 23:54

teen phone cutie: Jun 18, 2012; last year i rewrote something awful from scratch because i hate myself

anthonypants posted:

I'm not sure why messing with sudoers is easier than adding --cb-auto-has-root to the cron job.

anthonypants posted:

I'm not sure why messing with sudoers is easier than adding --cb-auto-has-root to the cron job.

The certbot-auto file script is located in ~/marty, so it didn�t exist when logged into root.

But now that i�m thinking about it, I could just move the script to a shared folder right?

RFC2324 posted:

I'd restrict the nopasswd to just the one command, and make sure marty doesn't have write access to the script, but I'm a bit paranoid about security.

I tried doing

code:

marty ALL = NOPASSWD: ~/certbot-auto renew

but I keep getting an error that there's a syntax error

e: this works

marty ALL=(ALL) NOPASSWD:SETENV: /home/marty/certbot-auto

MY SERVER SETUP IS COMPLETE!!!!! YESSSSSSSSSSSSSSSSS

teen phone cutie fucked around with this message at 00:25 on Jun 29, 2018

# ? Jun 28, 2018 23:58

SnatchRabbit: Feb 23, 2006; by sebmojo

Can anyone point me to a decent encrypt / decrypt script that will use .asc keys and handle large files? Already tried gpg but there seems to be an issue using pinentry and I can't decrypt without a passcode.

# ? Jun 29, 2018 03:58

minato: Jun 7, 2004; cutty cain't hang, say 7-up.; Taco Defender

What's the issue with pinentry? I had some issues with it solved by running "export GPG_TTY=$(tty)" beforehand.

# ? Jun 29, 2018 06:22

Keito: Jul 21, 2005; WHAT DO I CHOOSE ?

anthonypants posted:

I'm not sure why messing with sudoers is easier than adding --cb-auto-has-root to the cron job.

It didn't have root is why

# ? Jun 29, 2018 07:24

SnatchRabbit: Feb 23, 2006; by sebmojo

minato posted:

What's the issue with pinentry? I had some issues with it solved by running "export GPG_TTY=$(tty)" beforehand.

I cant seem to add a passphrase to any of the keys I import. I tried adding the program entry in to the .conf file but it didnt work.

# ? Jun 29, 2018 15:26

post hole digger: Mar 21, 2011

can anyone recommend a podcast app for fedora? ive tried vocal and its a buggy pos

# ? Jul 2, 2018 22:51

RFC2324: Jun 7, 2012; http 418

my bitter bi rival posted:

can anyone recommend a podcast app for fedora? ive tried vocal and its a buggy pos

pocket casts is nice by me, its a web client so platform agnostic

# ? Jul 3, 2018 00:37

Vulture Culture: Jul 14, 2003; I was never enjoying it. I only eat it for the nutrients.

RFC2324 posted:

pocket casts is nice by me, its a web client so platform agnostic

Android app syncs with web too, which is a nice plus

# ? Jul 3, 2018 01:28

RFC2324: Jun 7, 2012; http 418

Vulture Culture posted:

Android app syncs with web too, which is a nice plus

that's actually why i got it. only down side is paying for each version separately

# ? Jul 3, 2018 01:33

mike12345: Jul 14, 2008; "Whether the Earth was created in 7 days, or 7 actual eras, I'm not sure we'll ever be able to answer that. It's one of the great mysteries."

my bitter bi rival posted:

can anyone recommend a podcast app for fedora? ive tried vocal and its a buggy pos

I use tiny tiny rss for everything rss related, including podcasts

e: in the past I used gpodder https://gpodder.github.io/

# ? Jul 3, 2018 06:43

BoyBlunder: Sep 17, 2008

mike12345 posted:

I use tiny tiny rss for everything rss related, including podcasts

e: in the past I used gpodder https://gpodder.github.io/

Be careful when upgrading TTRSS though, it could hose itself

# ? Jul 3, 2018 12:36

anthonypants: May 6, 2007; by Nyc_Tattoo; Dinosaur Gum

Plex does podcasts now, but it might be overkill

# ? Jul 3, 2018 16:32

Mrenda: Mar 14, 2012

Is there any way to tell if a certain flavour of linux will play well with a laptop? I have an eight year old first gen i3 laptop with 4gb of ram that I was thinking might deal with linux better if it actually works in the first instance.

# ? Jul 3, 2018 16:42

anthonypants: May 6, 2007; by Nyc_Tattoo; Dinosaur Gum

Mrenda posted:

Is there any way to tell if a certain flavour of linux will play well with a laptop? I have an eight year old first gen i3 laptop with 4gb of ram that I was thinking might deal with linux better if it actually works in the first instance.

Pop in a LiveCD/LiveUSB or do Google searches for that make/model?

# ? Jul 3, 2018 16:58

Merv Burger: Jan 3, 2008

Mrenda posted:

Is there any way to tell if a certain flavour of linux will play well with a laptop? I have an eight year old first gen i3 laptop with 4gb of ram that I was thinking might deal with linux better if it actually works in the first instance.

Generally, I'd say that hardware of that age should just work out of the box, unless it's got some really obscure hardware. I'm running Fedora 28 on a Thinkpad X220, which uses second gen core i3/i5/i7, and everything works just fine out of the box, though Thinkpads have a pretty large base of users. Otherwise:

anthonypants posted:

Pop in a LiveCD/LiveUSB or do Google searches for that make/model?

# ? Jul 3, 2018 17:35

Sheep: Jul 24, 2003

The only really "this is totally broken" thing I've run into is some Broadcom 5XXX card readers in Dell laptops ship with a lovely firmware that requires a flash, the software for which is predictably Windows only.

# ? Jul 3, 2018 18:48

mike12345: Jul 14, 2008; "Whether the Earth was created in 7 days, or 7 actual eras, I'm not sure we'll ever be able to answer that. It's one of the great mysteries."

BoyBlunder posted:

Be careful when upgrading TTRSS though, it could hose itself

Yeah, I've had trouble with TTRSS in the past. I now run it as a docker container.

# ? Jul 3, 2018 21:30

hooah: Feb 6, 2006; WTF?

I'm having two problems with Linux Mint:

1) From time to time the touchpad will stop working. Luckily I have a mouse I can plug in that'll work. Usually a reboot will fix it, but today that hasn't worked. I can turn the touchpad off and on, but no dice. The laptop is a Lenovo Yoga 2 Pro.

2) When I boot, I get a toast saying 'Low Disk Space on "boot". The volume "boot" has only 0 bytes disk space remaining." I can either click Examine or Ignore. If I click Examine, I get a message saying 'Could not scan some of the folders contained in "/boot". Error opening directory '/boot/lost+found': Permission denied'. How can I fix the low space if I can't access the drat drive?

# ? Jul 7, 2018 15:43

RFC2324: Jun 7, 2012; http 418

hooah posted:

I'm having two problems with Linux Mint:

1) From time to time the touchpad will stop working. Luckily I have a mouse I can plug in that'll work. Usually a reboot will fix it, but today that hasn't worked. I can turn the touchpad off and on, but no dice. The laptop is a Lenovo Yoga 2 Pro.

2) When I boot, I get a toast saying 'Low Disk Space on "boot". The volume "boot" has only 0 bytes disk space remaining." I can either click Examine or Ignore. If I click Examine, I get a message saying 'Could not scan some of the folders contained in "/boot". Error opening directory '/boot/lost+found': Permission denied'. How can I fix the low space if I can't access the drat drive?

it's telling you 0 bytes free because it can't read it. to check, you will need to elevate to root so you can actually read the drive.

from the cli type 'sudo df -h /boot'

# ? Jul 7, 2018 15:52

hooah: Feb 6, 2006; WTF?

RFC2324 posted:

it's telling you 0 bytes free because it can't read it. to check, you will need to elevate to root so you can actually read the drive.

from the cli type 'sudo df -h /boot'

Ok, here's what that said:

pre:

/dev/sda2       473M  469M     0 100% /boot

Now the question is what do I do about it?

# ? Jul 7, 2018 17:55

apropos man: Sep 5, 2016; You get a hundred and forty one thousand years and you're out in eight!

Is it possible that you've upgraded the kernel so many times that /boot has become full of kernel config files?

Try a 'sudo apt-get autoclean' or 'sudo apt-get autoremove' to clear up some clutter.

# ? Jul 7, 2018 18:10

Adbot: ADBOT LOVES YOU

# ? May 19, 2024 14:11

xzzy: Mar 5, 2009

The kernel is pretty big these days, we still have a handful of decripit old servers where some doofus (was probably me) only gave /boot 128MB and it can only hold three kernels.

I don't know what Mint does but redhat will quietly hang on to every kernel it installs.

# ? Jul 7, 2018 18:18

The Something Awful Forums > Discussion > Serious Hardware/Software Crap > The Linux Questions Thread: a bunch of pitfalls, but technically it's possible

«‹›1030 »