Posts in category “Linux”

fameshot: a better screenshot tool with editing support for ubuntu

flameshot.png

How to install certbot on CentOS8

The biggest problem you faced is actually the following one
https://otodiginet.com/operating-system/how-to-install-snapd-on-centos-8/

and the article above answers the question very well.

certbot certos

Note: recover from accidentally changed the ownership of `sudo` command

Cause:

This morning, I change to the /backup directory and found I cannot write in it. So I rapidly typed sudo chown -R david:david .. then press Enter. You know what happened! All the files in / directory were changing the owner to me! I realized this by seeing an error message like "You cannot change the owner of xxx file to david".

Damn, how silly I was! Unfortunately, that was not the end of my bad luck. When I try to revert it by typing sudo chown -R root:root /, I got another error message: /usr/bin/sudo must be owned by uid 0 and have the setuid bit set. Then I tried su - root but it seems that I haven't set a root password.

How can I recover my pop! OS?

  1. reboot it into single-user mode, edit the boot menu, add systemd.unit=rescue.target at the end of the boot line.
  2. In the boot console, chown -R root:root /usr; chmod 4755 /usr/bin/{sudo,dpkg,pkexec,crontab}; reboot

Rather easy, right? It did cost me over 10mins! PS. I met many issues later after recovering from the accident. One of them is that the crontab command did not work as usual. I have to run the instruction below to fix it.

sudo apt reinstall cron

Linux is also fragile, please don't be such silly thing next time. I told myself. PS: This time I also set a root password as well, so next time I could run su - root directly instead of going to the single user mode.

Fix the ‘Too Many Open Files’ Error in a systemd service in Linux

In short:

Change the service file, and add two lines after [Service] line,

[Service]
LimitNOFILE=65535
LimitNOFILESoft=65535

If you want to know more, read the Reference

SELinux sucks?! Safety always means inconvenient, right!

Just record what I made Nginx working with a project located in someone's HOME directory on a Linux machine with SELinux on.

  1. Nginx seems working normally, but it actually Didn't listen to a non-80 port at all. If it reports ValueError: Port tcp/8081 already defined, replace -a with -m.

    semanage port -a -t http_port_t -p tcp 8081

Reference1 Reference2

  1. telnet localhost 8081 works, but telnet 192.168.168.168 8081 from another machine not working!

    firewall-cmd --permanent --add-port=8081/tcp
    firewall-cmd --reload

  2. Everything seems working good, but when you visit your site, Nginx just gives you a 403! You should ensure Nginx can access your project directory, everyone knows that, but is not enough when SELinux is on.

    setsebool -P httpd_enable_homedirs 1
    setenforce 0
    systemctl restart nginx
    systemctl daemon-reload

Reference