Gnome autologin and unlocking the keyring with a password

2009-12-10 00:23

When you have enabled automatic login under Gnome/Ubuntu, the window asking your password to unlock the keyring at startup is very annoying ! Network-manager needs it to be able to use the Wifi keys.

If your keyring password is the same as your login password, the keyring is unlocked automatically when you type in your password to log in. This is not possible with autologin.

A solution is to put an empty keyring password. This is bad for security of all your passwords.

The best solution would be to store the wifi keys in the default keyring, and to store all the other passwords in another keyring. Maybe I didn’t check correctly, but from what I seen most applications only use the default keyring.

Average solution: put a “foo” password to the default keyring, unlocked at Gnome startup by a script. This is better than an empty password.

Here is my solution:

We change the default keyring password:

  1. Go in Applications > Accessories > Passwords and encryption keys (don’t loose 2 hours like me looking for it in System > Preferences, where it should be)
  2. Right click on the default keyring > Change password

We then create the python script with the following code:

vi ~/.lordiam.py

#!/usr/bin/python
import gnomekeyring
#gnomekeyring.lock_sync(None);
gnomekeyring.unlock_sync(None, 'mypassword');

We prevent other user from reading the file:

chmod 700 ~/.lordiam.py

We test it. Expect 0 as return code (the warning is normal):

~/.lordiam.py
echo $?

Now, we add the script at startup in System > Preferences > Startup Applications:

Command: /home/USER/.lordiam.py

Finally, we reboot the PC to test the whole thing.

Notes:

  • The fact that the script is called before network-manager start is a chance. I didn’t found how to put a priority on it in the Gnome startup programs.
  • What is the ‘login’ keyring for ? From what I understand, it is for storing passwords which will be forgotten at session end.
  • For the script, we choose a common name, less remarkable than unlock_keyring.py. We also put the script as hidden file. It is better than nothing.

References:

  • apt-get source libpam-gnome-keyring
  • apt-get source python-gnomekeyring
2009-12-10 00:23 · Tags: , , ,

For a quiet Thinkpad

2009-12-03 22:42

Some Thinkpads, like the T43, have several heat and fan problems.

On a default Linux installation, my T43 processor is at about 46°C, and the GPU at about 49°C, for an external temperature of 19°C.

The BIOS fan management algorithm is very bad. After a cold boot, the fan starts running non stop after a few minutes of use.

Fortunately, it is possible to use programs to take control of the fan in place of the BIOS.

To start, the thinkpad_acpi module must allows us to change the fan speed:

# vi /etc/modprobe.d/thinkpad.conf
options thinkpad_acpi fan_control=1 experimental=1

Your choice to reload the module or reboot your system.

# rmmod thinkpad_acpi
# modprobe thinkpad_acpi

Now you can take control of your fan:

# cat /proc/acpi/ibm/fan
# echo level 0 > /proc/acpi/ibm/fan
# echo level 7 > /proc/acpi/ibm/fan # full speed !!
# echo level auto > /proc/acpi/ibm/fan # back to normal, BIOS management

Now go here and copy the content of the script in /usr/local/bin/tp-fancontrol.

# mv index.php /usr/local/bin/tp-fancontrol
# chmod a+x /usr/local/bin/tp-fancontrol

Then, test the script:

# tp-fancontrol
# tp-fancontrol -s 5 # for a fan that starts later

In order to start the script at boot, we also fetch the tp-fancontrol.init.debian script on the same page. We add it at the system boot.

# mv index.php /etc/init.d/tp-fancontrol
# chmod a+x /etc/init.d/tp-fancontrol
# vi /etc/init.d/tp-fancontrol
DAEMON=/usr/sbin/fancontrol
# /etc/init.d/tp-fancontrol start
# /etc/init.d/tp-fancontrol stop
# update-rc.d tp-fancontrol defaults # note: only adding "start" scripts is also possible

The final touch is to edit the script to change the minimum fan triggering tresholds, so that the fan starts later when the system begins to heat:

# vi /usr/local/bin/tp-fancontrol
MIN_THRESH_SHIFT=5
INTERVAL=10 # you can also increase the speed update interval

A 5 seconds increase allows the fan to become quiet again when the computer activity is low.

References:

2009-12-03 22:42 · Tags: , ,

USwSusp under Ubuntu Karmic

2009-12-02 21:53

Userspace Software Suspend is an alternative to the default hibernation method in the Linux kernel. It adds several interesting features like compression, encryption… Compression allows for hibernation with a smaller Swap partition. It also decreases the wake up time of your system!

Here is how to install USwSusp on Ubuntu Karmic. Should also work with a recent Debian.

Install the uswsusp package:

aptitude install uswsusp

You can now hibernate with the s2disk command as root.

To hibernate from Ubuntu menu or by key shortcut, then change the following line in the /etc/pm/config.d/00sleep_module file:

SLEEP_MODULE=uswsusp

And test your hibernation!!

Links:

2009-12-02 21:53 · Tags: , , ,

[Screen] No more PTYs. Sorry, could not find a PTY.

2009-11-18 23:40

If you get the following errors starting screen as a user:

No more PTYs.
Sorry, could not find a PTY.
[screen is terminating]

You have to change /dev/ptmx file permissions:

# ls -l /dev/ptmx 
crw-r--r-- 1 root root 5, 2 nov 18 23:28 /dev/ptmx
# chmod a+w /dev/ptmx
# ls -l /dev/ptmx 
crw-rw-rw- 1 root root 5, 2 nov 18 23:34 /dev/ptmx

Under Ubuntu, there was no problem. Permissions already set:

$ ls -l /dev/ptmx 
crw-rw-rw- 1 root tty 5, 2 2009-11-18 23:37 /dev/ptmx

References :

  • man ptmx
  • ubuntu$ ls -l /dev/ptmx
2009-11-18 23:40 · Tags: ,

Dual screen with Xrandr and Gnome

2009-10-23 14:32

Here is how I configured dual screen under Debian unstable.

Xrandr

By default, the video card displays the same on both screens.

We first type the xrandr command to show the available video outputs.

Then, we issue the magical command:

xrandr --output DVI-1 --left-of DVI-0

Notes:

  • If xrandr displays an error, add the Virtual parameter to the /etc/X11/xorg.conf file and restart X (see below).
  • Try --right-of if it’s inverted !

Xorg settings

And to set the changes permanently, we edit /etc/X11/xorg.conf:

Section "Device"
        Identifier      "ATI Technologies Inc RV380 [Radeon X600 (PCIE)]"
        Driver          "ati"
 
        Option          "Monitor-DVI-0" "Screen 1"
        Option          "Monitor-DVI-1" "Screen 2"
EndSection

Section "Monitor"
        Identifier      "Screen 1"
EndSection
Section "Monitor"
        Identifier      "Screen 2"
        Option          "RightOf" "Screen 1"
EndSection

Section "Screen"
        Identifier      "Default Screen"
        Device          "ATI Technologies Inc RV380 [Radeon X600 (PCIE)]"
        Monitor         "DELL 1704FPT"
        DefaultDepth    24
        SubSection "Display"
                Depth           24
                Modes           "1280x1024" "1152x864" "1024x768" "800x600" "720x400" "640x480"
                Virtual         2560 1280
        EndSubSection
EndSection
  • In the “Device” section, we list the different screen as “Monitor-OutputName”.
  • Then we put one section by screen, setting the second screen position.
  • The subsection “Screen > Display” must contain the “Virtual” parameter with a pixel area big enough to contain both resolutions.

Note: you can also try the graphical grandr frontend.

Gnome panels

You now have two screen under Gnome : a main one and a second.

If you want your panels on the other screen, just move them (right click on panel > Properties, uncheck Extend, move the panel, check Extend again).

I also suggest you to add another panel with a new window list on your second screen.

References:

2009-10-23 14:32 · Tags: , , ,

Cron mail subject format

2009-10-21 11:26

I looked for a way of changing mail format sent by the crontab.
I hoped for a syntax like MAILTO=

Answer: Impossible.

With Debian default cron program, it’s hard coded in cron :

In do_command.c source file:

fprintf(mail, "From: root (Cron Daemon)\n");
fprintf(mail, "To: %s\n", mailto);
fprintf(mail, "Subject: Cron <%s@%s> %s\n",
  usernm, first_word(hostname, "."),
  e->cmd);
2009-10-21 11:26 · Tags: , , ,

Adding subject in Exim log

2009-10-19 14:01

To add mail subjects in Exim4 log (/var/log/exim4/mainlog), just change the /etc/exim4/exim4.conf.template file as following to add +subject to log_selector:

.ifdef MAIN_LOG_SELECTOR
log_selector = MAIN_LOG_SELECTOR +subject
.endif

Then restart Exim:

/etc/init.d/exim4 restart
2009-10-19 14:01 · Tags: ,

SFTP chroot + rsync

2009-10-09 17:12

Here is howto make sftp shares with chroot.

In /etc/ssh/sshd_config:

# we use openssh internal sftp
# because /usr/lib/openssh/sftp-server won't be available in chroot
Subsystem sftp internal-sftp

Match group sftp
        ChrootDirectory %h
        X11Forwarding no
        AllowTcpForwarding no
        ForceCommand internal-sftp

UPDATE 17/06/2010: Beware with the syntax! Comments must start at the line beginning, and no spaces at the end of the ForceCommand internal-sftp line.

Now just create users belonging to sftp group, and that’s it.
Test it with:

sftp user@myserver.com

Problem: we cannot use the rsync command to send files, because rsync is not available in the chroot.

First, we allow other commands, commenting the line:

#ForceCommand internal-sftp

Then, we build the following tree in the chroot directory:

bin/
bin/bash
bin/rsync
lib/
lib/libncurses.so.5
lib/ld-linux.so.2
lib/libacl.so.1
lib/libpopt.so.0
lib/libattr.so.1
lib/i686
lib/i686/cmov
lib/i686/cmov/libdl.so.2
lib/i686/cmov/libc.so.6

We must put both bash and rsync commands, and all their librairies (you can display them with the ldd command).

Note: the user must have /bin/bash as default shell.

Note2: the chroot dir must belong to root, even if it’s the user’s folder. To allow the user to write in it, you have to create a subfolder with appropriate permissions. According to OpenSSH programers, it’s a big constraint, but very important for a chroot’s security.

References :

2009-10-09 17:12 · Tags: , , ,
« Older articles
Newer articles »