Note 318
December 22, 2020•5 words
I'm into Linux among other things. Like my work? Reach out!
December 22, 2020•5 words
May 4, 2020•1020 words
I know. lol. I'm wearing something that saves lives.
It's safe for me to wear. Yes, I know about the dangers of CO2. That's why my fan has a rated static pressure of 225 Pa, as outlined here.
There's something to be said about intuition, particularly yours in this situation.
You're looking at the Halo PAPR. This 3D printed model is an adaptation of what a surgeon might use in the operating room while treating COVID-19 patients.
While I had the idea to design a 3D printed PAPR very similar to this, my model made use of a full-face snorkel mask.
The man who designed this is Guy Kuo. Kuo is an anesthesiologist who practices in Bellevue, Washington at Overlake Medical Center and Evergreen Health. Apart from having one of the coolest specialties in medicine, he's also a 3D printer fanatic and talented designer and engineer!
Recently, Guy became of one my few man-crushes due to his ingenious design. What you saw me wearing was the "Halo PAPR" or Personal Air Powdered Respirator.
I have another, much bulkier PAPR design that is entirely my own which makes use of a ULPA ("Ultra Low Particulate Air") filter with a MERV 17 rating.
This alteration makes use of a Nalgene lid, a cut-up n95 mask, a carbon filter mask, some pillow stuffing (aka Ploy-fil useful for compressing the layers of the n95 together to maintain filter performance in addition to adding even more mechanical filtration) and aquarium silicone for a perfect seal.
My 70-year-old mom is one of the best teachers I know. She teaches elementary and middle school as a retired teacher, turned substitute and tutor. Although she is out of work now, as are most of us including myself, I didn't know there would be a shelter-in-place order. Although I hate that she still needs to work, she's the most committed and caring person in my life. Her care and attention to students as well as my gratitude and protectiveness of her had me very concerned, to say the least. Anyone who works with children or know someone who does also knows just how often and easily those people get sick. I remember being pained every time I would see my mother battling whatever seasonal malady had been incubating among her students. I could not face the likely possibility that if she were to keep teaching that she, along with my father, would likely become very ill. I worried that even if they recovered, it might not be fully.
So rather than face this tragic likelihood, I decided to act. With social distancing loosening and uncertainty on the horizon as protesters and anti-vaxers selfishly storm the streets, I am acting once again.
As a wise former-man-crush once said: "You cannot get people to change by force. If you want change, you simply must provide a better alternative."
Finally, I also act to bring attention to Guy Kuo. Technologies like his Halo PAPR will allow caretakers and doctors in countries like India to protect themselves. It will allow people like me to protect my mom and dad. Kuo's competition, the 3M Versaflo TR-300 and similar are in short supply and can cost upwards of $3000.
I was given 3D printer filament by a generous donor on Nextdoor for use in aiding healthcare workers. I took apart an old laptop and retrieved the 51mm blower fan myself. The rest has been put together with what I had around the house. Remember, I'm out of a job and out of money. I haven't even received my $1200 at this point in time.
Look closely at the Halo PAPR. It's ok if you walk back to get a second look, I don't mind. You'll notice that while I'm protected by state of the art filtration and positive pressure...you...well you get the unfiltered exhaust.
You're welcome.
Great question. I'm donating these through masksfordocs.
I am living entirely off of the generosity of close family and friends at this point.
However, I don't know how I feel about the ethics of monetary donations just yet. I guess I'll leave it up to you.
Shoot me an email: nocovid19here@pm.me
Check out my 3D prints while I work on getting my website working.
Bitcoin: 1E8CvXB4NcZ5vztFkRWKBN1P3r3rGHzpyH
Good! Smart person. Try this out: https://www.virustotal.com/ or google it yourself if you've got a tin-foil hat/PAPR on too.
That depends on your metaphysical worldview, but this might help.
April 9, 2020•175 words
His music is absolutely incredible. Seriously moving and melodic stuff. Hope it reminds you of all the beauty in the world. fzen spends hundreds of hours on each track. :o You heard it here first. :p
I wish I could see him right now, but we've got important things to do right where we are. I've finally mastered leveling my Ender 3, so already I'm seeing vast improvements in print time. I've also been using FreeCad to develop a honeycomb laminar flow HEPA powered design of my own. ;)
Lonny Shavelson, MD and
Thalia DeWolf, RN, CHPN of Bay Area End Of Life Options, these prints and those that follow are yours.
Keep up the amazing work. I can't think of better people or a better cause. :)
April 5, 2020•23 words
March 26, 2020•54 words
March 10, 2020•2592 words
On Linux operating systems, the chattr command modifies the attributes of files, and lsattr lists (displays) them.
In Linux, file attributes are flags which affect how the file is stored and accessed by the filesystem. They are metadata stored in the file's associated inode.
chattr and lsattr are part of the e2fsprogs software package, available by that name in most package managers. The e2fsprogs homepage is located at http://e2fsprogs.sourceforge.net.
Note
Attributes are not the same as file permissions. For information about setting permissions, see chmod.
<b>chattr</b> [<b>-R</b>] [<b>-V</b>] [<b>-f</b>] [<b>-v</b> <i>version</i>] [<b>-p</b> <i>project</i>] <i>mode</i> ... <i>file</i> ...
chattr takes the following options:
-R | Recursively change attributes of directories and their contents. |
-V | Provide verbose output and display program version. |
-f | Suppress most error messages. |
-v version | Set the file's version/generation number. This is an arbitrary nine-digit number assigned to a file when it is created. It is not unique. It may be changed to any other arbitrary number. |
-p project | Set the file's project number. |
mode ... | One or more mode strings. For more information, see Mode strings, below. |
file ... | The file or files to be changed. |
A mode string consists of an operator and one or more attributes. It takes the form:
{<b>+</b>|<b>-</b>|<b>=</b>}[<b>aAcCdDeijsStTu</b>]
One of the following operators must appear at the beginning of a mode string:
character | operation |
---|---|
+ | Attributes listed will be added to the file. |
- | Attributes listed will be removed from the file. |
= | The attributes listed will be added; any attributes omitted will be removed. |
The remainder of the mode string is a series of characters, each representing an attribute. They are case-sensitive, cannot be separated by whitespace, and may appear in any order. For a list of attribute characters, see Attributes, below.
Example mode strings are "+caS", "-Asd", and "=eAsS".
Multiple mode strings may be specified to combine + and - operators in a single command, e.g. "+asD -c" and "-a +s +D -c" are both valid.
<b>lsattr</b> [<b>-R</b>] [<b>-V</b>] [<b>-a</b>] [<b>-d</b>] [<b>-v</b>] <i>file</i> ...
-R | Recursively list attributes of directories and their contents. |
-V | Display the program version. |
-a | List all files in a directory, including those whose name starts with a period ('.'). |
-d | List directories as regular files, rather than listing their contents. |
-v | List the file's version/generation number in addition to its attributes. |
The following characters represent attributes that may be modified by chattr or listed with lsattr.
character | attribute | description |
---|---|---|
a | append only | The file may only be opened for writing in append mode: its existing data may not be overwritten. It cannot be deleted or renamed; hard links cannot be made to this file; most of its metadata cannot be changed. Modifying this attribute requires root privileges. |
A | no atime updates | When the file is accessed, its atime record is not modified, which in some situations can reduce disk I/O. |
c | compressed | Files with this attribute are automatically compressed by the kernel when written to disk. Its contents are uncompressed when read. Note: This attribute has no effect in the ext2, ext3, and ext4 filesystems. |
C | no copy on write | Files with this attribute are not subject to copy-on-write updates. If this attribute is set on a directory, new files created in that directory will have this attribute set. Note: This attribute is only effective on filesystems which perform copy-on-write. On btrfs, this attribute should be set on new or empty files. If this attribute is set after a btrfs file already contains data, the time when its data will be stable is undefined. |
d | no dump | Files with this attribute are bypassed in any backup initiated by dump, a legacy tool for ext2 filesystems. |
D | synchronous directory updates | Changes to a directory with this attribute are written synchronously to disk. That is, the system waits for write completion before doing something else. Equivalent to the the dirsync option to the mount command, applied to a subset of files on a filesystem. |
e | block extents | Indicates that a file should be stored using block extents. Data is stored contiguously between two blocks, and only those two blocks must be known to find the file's data. Block extent mapping may potentially save disk space, because it reduces the number of blocks which must be listed in the file's inode. |
i | immutable | Files with this attribute cannot be deleted or renamed; hard links cannot be made to this file; most of its metadata cannot be changed; data cannot be written to the file. Modifying this attribute requires root, or a process with the CAP_LINUX_IMMUTABLE capability, as set with setcap. |
j | data journalling | A file with this attribute has all its data written to its journal before being written to the file itself. Only effective on ext3 and ext4 filesystems which have journalling enabled and the "data=ordered" or "data=writeback" options set. If journaling is enabled in those systems, but the "data=journal" option is set, this attribute has no effect. Only root or a process with CAP_SYS_RESOURCE capability as set with setcap can change this attribute. |
P | project hierarchy | A directory with this attribute will enforce a hierarchical structure for project IDs. Files and directories created in the directory will inherit the project ID of the directory. Rename operations are constrained so when those files or directories are moved to another directory, the project IDs will match. Hard links to these files may only be created if the project ID of the target and destination match. |
s | secure deletion | If a file with this attribute is deleted, its data is overwritten with zeroes, similar to a simple shred. This attribute is ignored by ext2, ext3, and ext4 filesystems. |
S | synchronous updates | When files with this attribute are modified, the changes are written synchronously to disk. Equivalent to the sync option of the mount command, for individual files. |
t | no tail merging | A file with this attribute will not have any partial block fragment at the end of the file shared with another file's data. This attribute is necessary for software such as LILO, which reads the filesystem directly and is not aware of tail merging. Some filesystems do not support tail merging, in which case this attribute has no effect. |
T | top of directory hierarchy | A directory with this attribute is deemed to be the top of directory hierarchies by the Orlov block allocator, used by ext2 and ext3. The attribute gives a hint to the allocator that the subdirectories are not related in how they are used, and their data should be separate when blocks are allocated. For example, the /home directory may have this attribute, indicating that /home/mary and /home/john should be placed in separate block groups. |
u | undeletable | When a file with this attribute is deleted, its contents are saved, enabling their later undeletion. Undelete tools which can take advantage of this attribute include extundelete. |
The following attributes are read-only. They cannot be set or unset by chattr, but can be listed by lsattr.
character | meaning | description |
---|---|---|
E | compression error | The filesystem is not able to automatically compress this file. |
h | huge file | The file is storing its blocks in units of the filesystem's blocksize instead of in sectors. The file is, or previously was, larger than 2 TB. |
I | indexed directory | The directory is being indexed with a hashed tree (htree). |
N | inline data | The file has data stored inline, within the inode itself. |
X | compression raw access | An experimental attribute indicating that the raw contents of a compressed file may be accessed directly. |
Z | compressed dirty file | An experimental attribute indicating that a compressed file is dirty (incompletely written). |
For this example, we will create three empty files with touch:
touch file file2 .file
We can view their permissions with ls, using the -l option:
ls -l
total 8 -rw-rw-r-- 1 hope hope 0 Jun 28 09:51 file -rw-rw-r-- 1 hope hope 0 Jun 28 09:51 file2
File names starting with a dot (period) are not listed by ls unless the -a option is used:
ls -a
total 28 -rw-rw-r-- 1 hope hope 0 Jun 28 09:51 file -rw-rw-r-- 1 hope hope 0 Jun 28 09:51 .file -rw-rw-r-- 1 hope hope 0 Jun 28 09:51 file2
Now let's view attributes by running lsattr:
lsattr
-------------e-- ./file -------------e-- ./file2
As with ls, we must use the -a option to view files whose name starts with a dot:
lsattr -a
-------------e-- ./file -------------e-- ./file2 -------------e-- ./.file -------------e-- ./. -------------e-- ./..
To view the attributes of a specific file or files, specify their names:
lsattr file
-------------e-- file
lsattr -a file file2 .file
-------------e-- file -------------e-- file2 -------------e-- .file
Now let's create a directory and subdirectory with mkdir -p:
mkdir -p dir/subdir
And create some empty files in those directories:
touch dir/file3 dir/file4 dir/subdir/file5
By default, lsattr does not traverse directories:
lsattr
-------------e-- ./file -------------e-- ./file2 -------------e-- ./dir
To recursively traverse and show the contents of directories, use -R:
lsattr -R
-------------e-- ./file -------------e-- ./file2 -------------e-- ./dir ./dir: -------------e-- ./dir/file3 -------------e-- ./dir/file4 -------------e-- ./dir/subdir ./dir/subdir: -------------e-- ./dir/subdir/file5
By default, the files and directories we created in the above examples (on Ubuntu 16.04) have the "block extents" attribute (e) set.
lsattr
-------------e-- ./file -------------e-- ./file2 -------------e-- ./dir
Let's give them the d attribute (a legacy attribute, meaningless on our system), using +d.
chattr +d *
lsattr
------d------e-- ./file ------d------e-- ./file2 ------d------e-- ./dir
Some attributes, such as a (append-only), may only be modified by the root user:
<a href="https://www.computerhope.com/unix/sudo.htm">sudo</a> chattr +a file
lsattr
-----ad------e-- ./file ------d------e-- ./file2 ------d------e-- ./dir
Attributes which apply only to directories, such as D, will not be set on regular files, successfully — no error will be returned. For example, if you try to run chattr +D on a regular file, chattr will do nothing to those files, and return a successful exit status.
Notice in the next command that we try to set the D attribute on both a regular file and a directory. The attribute is set on the directory, is not set on the regular file, and chattr returns successfully.
chattr +D file dir && lsattr
-----ad------e-- ./file ------d------e-- ./file2 ---D--d------e-- ./dir
(The && control operator will run the next command only if the previous command returns a successful exit status. For more information, see Shell grammar in bash.)
To unset an attribute, use the - operator before your list of attributes.
chattr -D dir && lsattr
-----ad------e-- ./file -------------e-- ./file2 -------------e-- ./dir
Only one operator may be specified per mode string, but you can specify multiple attributes one after the other (without whitespace), in any order. You may specify multiple mode strings, each with their own operator.
chattr +sSc -d * && lsattr
s-S--a--c-----e---- ./file s-S-----c-----e---- ./file2 s-S-----c-----e---- ./dir
If an attribute requires root privileges, but you are not running the command as root, chattr will not change any attributes for that file. It will continue trying to operate on other files, and when it completes, it will return a failing exit status (an error).
To illustrate this, in the next command, we'll try to set the a attribute on every file in the current directory without using sudo. This should fail (unless we are logged in as root), because setting a requires superuser privileges.
Also, note that in the next command we use echo to display the value of the bash special parameter ? (a question mark). The ? parameter contains the exit status of the previous command, so it will tell us if chattr succeeded (0) or failed (1). Like all bash parameters, we refer to its value by prefixing its name with $.
chattr -sS +a *; echo $?
chattr: Operation not permitted while setting flags on dir chattr: Operation not permitted while setting flags on file2 1
The exit status 1 indicates an error occurred.
Let's look at how the attributes changed:
lsattr
-----a--c-----e---- ./file s-S-----c-----e---- ./file2 s-S-----c-----e---- ./dir
Notice that file did not cause an error. It already had the a flag from a previous command, so it causes no error; and so the rest of the changes (-sS) went through just fine. The other file and directory both caused an error, and were entirely unchanged.
To set every file to match an explicit set of attributes, use the = operator. Any listed attributes will be set, and any not listed will be unset.
sudo chattr -R =es * && lsattr -R
s----------e---- ./file s----------e---- ./file2 s----------e---- ./dir ./dir: s----------e---- ./dir/file3 s----------e---- ./dir/file4 s----------e---- ./dir/subdir ./dir/subdir: s----------e---- ./dir/subdir/file5
If you set the i attribute, a file will be marked as "immutable", meaning its data (and some vital metadata) cannot be changed, even by root, until the attribute is unset.
touch immutable && lsattr immutable
--------------e---- immutable
sudo chattr +i immutable && lsattr immutable
----i---------e---- immutable
<a href="https://www.computerhope.com/unix/umv.htm">mv</a> immutable newname
mv: cannot move 'immutable' to 'newname': Operation not permitted
<a href="https://www.computerhope.com/unix/urm.htm">rm</a> immutable
rm: cannot remove 'immutable': Operation not permitted
sudo rm -f immutable
rm: cannot remove 'immutable': Operation not permitted
You cannot create a hard link to an immutable file:
<a href="https://www.computerhope.com/unix/uln.htm">ln</a> immutable hardlink
ln: failed to create hard link 'hardlink' => 'immutable': Operation not permitted
Symbolic links are OK, though:
ln -s immutable symlink && ls -l symlink
lrwxrwxrwx 1 hope hope 6 Jun 29 07:49 symlink -> immutable
This is a good time to note that symbolic links have no attributes of their own:
lsattr symlink
lsattr: Operation not supported While reading flags on symlink
To make files mutable again, use -i:
sudo chattr -i immutable && mv immutable newname && lsattr newname
--------------e---- newname
The append-only attribute (a) makes a file immutable, except that data can be added to it.
touch appendonly && lsattr appendonly
--------------e---- appendonly
sudo chattr +a appendonly && lsattr appendonly
-----a--------e---- appendonly
You cannot overwrite the file with redirection (>):
echo "Overwriting is not allowed." > appendonly
bash: appendonly: Operation not permitted
But redirecting append-only (>>) is OK:
echo "Appending is allowed." >> appendonly && <a href="https://www.computerhope.com/unix/ucat.htm">cat</a> appendonly
Appending is allowed.
echo "Appending is allowed." >> appendonly && cat appendonly
Appending is allowed. Appending is allowed.
Append-only files may not be moved, removed, renamed, or hard-linked.
sudo rm -f appendonly
rm: cannot remove 'appendonly': Operation not permitted
sudo ln appendonly hardlink
ln: failed to create hard link 'hardlink' => 'appendonly': Operation not permitted
For more information about redirection, see Redirection in bash.
chown — Change the ownership of files or directories.
chmod — Change the permissions of files and directories.
ls — List the contents of a directory or directorie
July 12, 2019•425 words
This is a generalist engineer. They may have a variety of different technical backgrounds (back-end, systems, etc). Regardless of specialty, they have great productivity. They follow an iterative process. They are a coding machine. They are a move fast and break things programmer.
This is an engineer who is comfortable working with Linux (or Unix-like) operating systems at a low level. They may have experience working on device drivers. They are comfortable thinking about scheduling, interrupts, file systems system calls. They can explain Spectre and Meltdown, and how they were mitigated.
This is a generalist engineer. They may have a variety of different technical backgrounds (back-end, systems, etc). Regardless of specialty, they have a strong focus on software architecture. They write clean, modular code. They do very well on software / OOP design problems. And they reason well about the interactions of complex systems.
July 11, 2019•1680 words
< PacmanJump to navigationJump to search
This page uses a table to display the correspondence of package management commands among some of the most popular Linux distributions. The original inspiration was given by openSUSE's Software Management Command Line Comparison.
Tip: Arch users having to temporarily deal with another Linux distribution can use pacapt, a simple wrapper around other package managers.Note:
Action | Arch | Red Hat/Fedora | Debian/Ubuntu | SLES/openSUSE | Gentoo |
Install a package(s) by name | pacman -S | dnf install | apt install | zypper install zypper in | emerge [-a] |
Remove a package(s) by name | pacman -Rs | dnf remove | apt remove | zypper remove zypper rm | emerge -vc |
Search for package(s) by searching the expression in name, description, short description. What exact fields are being searched by default varies in each tool. Mostly options bring tools on par. | pacman -Ss | dnf search | apt search | zypper search zypper se [-s] | emerge -S |
Upgrade Packages - Install packages which have an older version already installed | pacman -Syu | dnf upgrade | apt update && apt upgrade | zypper update zypper up | emerge -uDN @world |
Upgrade Packages - Another form of the update command, which can perform more complex updates -- like distribution upgrades. When the usual update command will omit package updates, which include changes in dependencies, this command can perform those updates. | pacman -Syu | dnf distro-sync | apt update && apt dist-upgrade | zypper dup | emerge -uDN @world |
Clean up all local caches. Options might limit what is actually cleaned. Autoclean removes only unneeded, obsolete information. | pacman -Sc pacman -Scc | dnf clean all | apt autoclean apt clean | zypper clean | eclean distfiles |
Remove dependencies that are no longer needed, because e.g. the package which needed the dependencies was removed. | pacman -Qdtq | pacman -Rs - | dnf autoremove | apt autoremove | zypper rm -u | emerge --depclean |
Remove packages no longer included in any repositories. | pacman -Qmq | pacman -Rs - | dnf repoquery --extras | aptitude purge '~o' | ||
Mark a package previously installed as a dependency as explicitly required. | pacman -D --asexplicit | dnf mark install | apt-mark manual | emerge --select | |
Install package(s) as dependency / without marking as explicitly required. | pacman -S --asdeps | dnf install => dnf mark remove | apt-mark auto | emerge -1 | |
Only downloads the given package(s) without unpacking or installing them | pacman -Sw | dnf download | apt install --download-only (into the package cache) apt download (bypass the package cache) | zypper --download-only | emerge --fetchonly |
Start a shell to enter multiple commands in one session | apt-config shell | zypper shell | |||
Show a log of actions taken by the software management. | cat /var/log/pacman.log | dnf history | cat /var/log/dpkg.log | cat /var/log/zypp/history | located in /var/log/portage |
Get a dump of the whole system information - Prints, Saves or similar the current state of the package management system. Preferred output is text or XML. (Note: Why either-or here? No tool offers the option to choose the output format.) | (see /var/lib/pacman/local) | (see /var/lib/rpm/Packages) | apt-cache stats | n/a | emerge --info |
e-mail delivery of package changes | apt install apt-listchanges | ||||
Action | Arch | Red Hat/Fedora | Debian/Ubuntu | SUSE/openSUSE | Gentoo |
Action | Arch | Red Hat/Fedora | Debian/Ubuntu | SLES/openSUSE | Gentoo |
Show all or most information about a package. The tools' verbosity for the default command vary. But with options, the tools are on par with each other. | pacman -[S|Q]i | dnf list, dnf info | apt show / apt-cache policy | zypper info zypper if | emerge -S; emerge -pv; eix |
Display local package information: Name, version, description, etc. | pacman -Qi | rpm -qi / dnf info installed | dpkg -s / aptitude show | zypper info; rpm -qi | emerge -pv and emerge -S |
Display remote package information: Name, version, description, etc. | pacman -Si | dnf info | apt-cache show / aptitude show | zypper info | emerge -pv and emerge -S or equery m (meta) |
Display files provided by local package | pacman -Ql | rpm -ql | dpkg -L | rpm -Ql | equery files; qlist |
Display files provided by a remote package | pacman -Fl | dnf repoquery -l or repoquery -l (from package yum-utils) | apt-file list $pattern | pfl | |
Query the package which provides FILE | pacman -Qo | rpm -qf (installed only) or dnf provides (everything) or repoquery -f (from package yum-utils) | dpkg -S / dlocate | zypper search -f | equery belongs; qfile |
List the files that the package holds. Again, this functionality can be mimicked by other more complex commands. | pacman -Ql pacman -Fl | dnf repoquery -l | dpkg-query -L | rpm -ql | equery files; qlist |
Displays packages which provide the given exp. aka reverse provides. Mainly a shortcut to search a specific field. Other tools might offer this functionality through the search command. | pacman -Fo | dnf provides | apt-file search | zypper what-provides zypper wp | equery belongs (only installed packages); pfl |
Search all packages to find the one which holds the specified file. auto-apt is using this functionality. | pacman -Fs | dnf provides | apt-file search | zypper search -f | equery belongs; qfile |
Show the changelog of a package | pacman -Qc | rpm -q --changelog | apt-get changelog | rpm -q --changelog | equery changes -f |
Action | Arch | Red Hat/Fedora | Debian/Ubuntu | SUSE/openSUSE | Gentoo |
Action | Arch | Red Hat/Fedora | Debian/Ubuntu | SLES/openSUSE | Gentoo |
Search for package(s) by searching the expression in name, description, short description. What exact fields are being searched by default varies in each tool. Mostly options bring tools on par. | pacman -Ss | dnf search | apt search | zypper search zypper se [-s] | emerge -S; eix |
Lists packages which have an update available. Note: Some provide special commands to limit the output to certain installation sources, others use options. | pacman -Qu | dnf list updates, dnf check-update | apt-get upgrade -> n | zypper list-updates zypper patch-check (just for patches) | emerge -uDNp @world |
Display a list of all packages in all installation sources that are handled by the packages management. Some tools provide options or additional commands to limit the output to a specific installation source. | pacman -Sl | dnf list available | apt-cache dumpavail apt-cache dump (Cache only) apt-cache pkgnames | zypper packages | portageq all_best_visible / |
Generates a list of installed packages | pacman -Q | dnf list installed | dpkg --list | grep ^i | zypper search --installed-only | qlist -IC |
List packages that are installed but are not available in any installation source (anymore). | pacman -Qm | dnf list extras | deborphan | zypper se -si | grep 'System Packages' | eix-test-obsolete |
List packages that were recently added to one of the installation sources, i.e. which are new to it. | (none) | dnf list recent | aptitude search '~N' / aptitude forget-new | n/a | eix-diff |
List installed local packages along with version | pacman -Q | rpm -qa | dpkg -l | zypper search -s; rpm -qa | qlist -ICv |
Search locally installed package for names or descriptions | pacman -Qs | rpm -qa '*<str>*' | aptitude search '~i(~n $name|~d $description)' | eix -S -I | |
List packages not required by any other package | pacman -Qt | dnf leaves | deborphan -anp1 | emerge -pc | |
List packages installed explicitly (not as dependencies) | pacman -Qe | dnf history userinstalled | apt-mark showmanual | emerge -pvO @selected; eix --selected | |
List packages installed automatically (as dependencies) | pacman -Qd | apt-mark showauto | |||
Action | Arch | Red Hat/Fedora | Debian/Ubuntu | SUSE/openSUSE | Gentoo |
Action | Arch | Red Hat/Fedora | Debian/Ubuntu | SLES/openSUSE | Gentoo |
Display packages which require X to be installed, aka show reverse dependencies. | pacman -Sii | dnf repoquery --alldeps --whatrequires or repoquery --whatr[equires] | apt-cache rdepends / aptitude search ~D$pattern | zypper search --requires | emerge -pvc |
Display packages which conflict with given expression (often package). Search can be used as well to mimic this function. | dnf repoquery --conflicts | aptitude search '~C$pattern' | |||
List all packages which are required for the given package, aka show dependencies. | pacman -[S|Q]i | dnf repoquery --requires or repoquery -R | apt-cache depends / apt-cache show | zypper info --requires | emerge -ep |
List what the current package provides | dnf provides | dpkg -s / aptitude show | zypper info --provides | equery files; qlist | |
List all packages that require a particular package | dnf repoquery --alldeps --whatrequires | aptitude search ~D{depends,recommends,suggests}:$pattern / aptitude why | zypper search --requires | equery depends -a | |
Display all packages that the specified packages obsoletes. | dnf list obsoletes | apt-cache show | |||
Generates an output suitable for processing with dotty for the given package(s). | apt-cache dotty | n/a | |||
Action | Arch | Red Hat/Fedora | Debian/Ubuntu | SUSE/openSUSE | Gentoo |
Action | Arch | Red Hat/Fedora | Debian/Ubuntu | SLES/openSUSE | Gentoo |
Installation sources management | ${EDITOR} /etc/pacman.conf | ${EDITOR} /etc/yum.repos.d/${REPO}.repo | ${EDITOR} /etc/apt/sources.list | ${EDITOR} /etc/zypp/repos.d/${REPO}.repo | layman; eselect repository |
Add an installation source to the system. Some tools provide additional commands for certain sources, others allow all types of source URI for the add command. Again others, like apt and dnf force editing a sources list. apt-cdrom is a special command, which offers special options design for CDs/DVDs as source. | /etc/pacman.conf | /etc/yum.repos.d/*.repo | apt-cdrom add | zypper service-add | layman, overlays |
Refresh the information about the specified installation source(s) or all installation sources. | pacman -Sy (always upgrade the whole system afterwards) | dnf clean expire-cache && dnf check-update | apt-get update | zypper refresh zypper ref | emerge --sync;layman -S |
Prints a list of all installation sources including important information like URI, alias etc. | cat /etc/pacman.d/mirrorlist | cat /etc/yum.repos.d/* | apt-cache policy | zypper service-list | layman -l; eselect repository list |
List all packages from a certain repo | paclist <repo> | eix --in-overlay | |||
Disable an installation source for an operation | dnf --disablerepo= | emerge package::repo-to-use | |||
Download packages from a different version of the distribution than the one installed. | dnf --releasever= | apt-get install -t release package/ apt-get install package/release (deps not covered) | echo "category/package ~amd64" >> /etc/portage/package.keywords && emerge package | ||
Action | Arch | Red Hat/Fedora | Debian/Ubuntu | SUSE/openSUSE | Gentoo |
Action | Arch | Red Hat/Fedora | Debian/Ubuntu | SLES/openSUSE | Gentoo |
Add a package lock rule to keep its current state from being changed | /etc/pacman.conf modify IgnorePkg array | dnf.conf <--”exclude” option (add/amend) | apt-mark hold pkg | Put package name in /etc/zypp/locks, or zypper al | /etc/portage/package.mask |
Delete a package lock rule | remove package from IgnorePkg line in /etc/pacman.conf | apt-mark unhold pkg | Remove package name from /etc/zypp/locks or zypper rl | /etc/portage/package.mask (or package.unmask) | |
Show a listing of all lock rules | cat /etc/pacman.conf | /etc/apt/preferences | View /etc/zypp/locks or zypper ll | cat /etc/portage/package.mask | |
Set the priority of the given package to avoid upgrade, force downgrade or to overwrite any default behavior. Can also be used to prefer a package version from a certain installation source. | ${EDITOR} /etc/pacman.conf Modify HoldPkg and/or IgnorePkg arrays | /etc/apt/preferences, apt-cache policy | zypper mr -p | ${EDITOR} /etc/portage/package.accept_keywords Add a line with =category/package-version | |
Remove a previously set priority | /etc/apt/preferences | zypper mr -p | ${EDITOR} /etc/portage/package.accept_keywords remove offending line | ||
Show a list of set priorities. | apt-cache policy /etc/apt/preferences | zypper lr -p | grep -r . /etc/portage/package.accept_keywords | ||
Ignores problems that priorities may trigger. | n/a | ||||
Action | Arch | Red Hat/Fedora | Debian/Ubuntu | SUSE/openSUSE | Gentoo |
Action | Arch | Red Hat/Fedora | Debian/Ubuntu | SLES/openSUSE | Gentoo | |
Verify single package | pacman -Qk[k] | rpm -V | debsums | rpm -V | equery check | |
Verify all packages | pacman -Qk[k] | rpm -Va | debsums | rpm -Va | equery check | |
Reinstall given Package - Will reinstall the given package without dependency hassle. | pacman -S | dnf reinstall | apt install --reinstall | zypper install --force | emerge -1O | |
Verify dependencies of the complete system. Used if installation process was forcefully killed. | pacman -Dk | dnf repoquery --requires | apt-get check | zypper verify | emerge -uDN @world | |
Use some magic to fix broken dependencies in a system | pacman dep level - pacman -Dk, shared lib level - findbrokenpkgs or lddd | dnf repoquery --unsatisfied | apt-get --fix-broken aptitude install | zypper verify | revdep-rebuild | |
Add a checkpoint to the package system for later rollback | (unnecessary, done on every transaction) | n/a | ||||
Remove a checkpoint from the system | N/A | N/A | n/a | |||
Provide a list of all system checkpoints | N/A | dnf history list | n/a | |||
Rolls entire packages back to a certain date or checkpoint. | N/A | dnf history rollback | n/a | |||
Undo a single specified transaction. | N/A | dnf history undo | n/a | |||
Action | Arch | Red Hat/Fedora | Debian/Ubuntu | SUSE/openSUSE | Gentoo |
Action | Arch | Red Hat/Fedora | Debian/Ubuntu | SLES/openSUSE | Gentoo | |
Query a package supplied on the command line rather than an entry in the package management database | pacman -Qp | rpm -qp | dpkg -I | |||
List the contents of a package file | pacman -Qpl | rpmls rpm -qpl | dpkg -c | rpm -qpl | ||
Installs local package file, e.g. app.rpm and uses the installation sources to resolve dependencies | pacman -U | dnf install | apt install | zypper in | emerge | |
Updates package(s) with local packages and uses the installation sources to resolve dependencies | pacman -U | dnf upgrade | debi | emerge | ||
Add a local package to the local package cache mostly for debugging purposes. | cp $filename /var/cache/pacman/pkg/ | apt-cache add | n/a | cp $filename /usr/portage/distfiles | ||
Extract a package | tar -Jxvf | rpm2cpio | cpio -vid | dpkg-deb -x | rpm2cpio | cpio -vid | tar -jxvf | |
Install/Remove packages to satisfy build-dependencies. Uses information in the source package. | Use ABS && makepkg -seoc | dnf builddep | apt-get build-dep | zypper si -d | emerge -o | |
Display the source package to the given package name(s) | dnf repoquery -s | apt-cache showsrc | n/a | |||
Downloads the corresponding source package(s) to the given package name(s) | Use ABS && makepkg -o | dnf download --source | apt-get source / debcheckout | zypper source-install | emerge --fetchonly | |
Build a package | makepkg -s | rpmbuild -ba (normal) mock (in chroot) | debuild | rpmbuild -ba; build; osc build | ebuild; quickpkg | |
Check for possible packaging issues | namcap | rpmlint | lintian | rpmlint | repoman | |
Action | Arch | Red Hat/Fedora | Debian/Ubuntu | SUSE/openSUSE | Gentoo |
June 28, 2019•5673 words
If you wanna sue, read the last section.
Me: Alright?
Whomever: S'alright
If you just want to add a user to a group use the following command:
1 | sudo adduser username grouptoadd |
This will add your user: username, to the grouptoadd group. More often than not, this is the best practice for when you want to add a user to a group. Technically, this is considered a secondary group. The primary group defaults to a group that is the same as the username in Linux. In this example, the primary group for username would most likely be called “username” as well.
There are two kinds of groups:
A list of all currently available groups can be found in the /etc/group file.
Note that every group can also have administrators, members, and a password. See explanations of the gpasswd and sg commands below.
Linux users can be added via the useradd or adduser commands. Note that useradd is the native binary associated with Linux systems, whereas useradd is a Perl script that uses said binary in its backend. Both commands share functionality, but some say adduser is more user-friendly, so we’re going to start there in our demo. Using the adduser command, let’s create a new user: foobar. Later we’ll change the group permissions for this new user.
1 | sudo adduser foobar |
We will be asked to enter our (sudo-allowed) user password before the user account is created:
1 2 3 4 5 6 | [sudo] password for user: Adding user foobar' ... Adding new groupfoobar' (1001) ... Adding new user foobar' (1001) with groupfoobar' ... Creating home directory `/home/foobar' ... ... |
We see that the user, foobar, was assigned the primary group, foobar, by default.
To show all the user information and group memberships, we can use the id command:
1 2 | $ id foobar uid=1001(foobar) gid=1001(foobar) groups=1001(foobar) |
1 2 | $ id foobar uid=1001(foobar) gid=1001(foobar) groups=1001(foobar) |
Here the gid, or group ID, is the primary user group and groups is the secondary group.
We could also get all the users’ groups with the groups command:
1 2 | $ groups foobar foobar : foobar |
1 2 | $ groups foobar foobar : foobar |
In some cases it can make sense to change the primary group of a user.
We can do this with the usermod command:
1 | $ sudo usermod -g www-data foobar |
The lowercase -g option refers to a primary group.
Let’s verify that the change was made:
1 2 | $ id foobar uid=1001(foobar) gid=33(www-data) groups=33(www-data) |
Now foobar has the www-data primary group context. So whenever a new file is created by this user, it will be assigned the www-data group by default.
Let’s undo this change before we continue:
1 | sudo usermod -g foobar foobar |
Now let’s add our foobar user to www-data as a secondary group. The easiest way to do this is via the adduser command:
1 | sudo adduser foobar www-data |
We can see the secondary group of this user was updated:
1 2 | $ id foobar uid=1001(foobar) gid=1001(foobar) groups=1001(foobar), 33(www-data) |
There is another way to achieve the same result as above using the usermod command:
1 | $ sudo usermod -G www-data foobar |
The uppercase -G option refers to a secondary or supplementary group. Now foobar will have access to the www-data group files, but new files created by that user will not have the www-data group label by default.
It’s also possible to add a user to several secondary groups at once using the usermodcommand:
1 | $ usermod -a -G group1, group2, group3 foobar |
The optional -a option makes sure the groups are added to the existing secondary groups of the user (if these exist). If this option is omitted, the user will be removed from any groups not listed after the “-G.”
Using the groupadd command, we can create a new group: group1.
1 2 | sudo groupadd group1 sudo adduser foobar group1 |
We can then remove group1 from the Linux system utilizing the groupdel command:
1 | sudo groupdel group1 |
This will also remove the memberships of any user related to this group.
Let’s wrap up this article by referring to some of the other group commands in Linux:
Now you should be able to confidently configure users, groups, and their administrative info in Linux. Feel free to check out our article on changing file ownerships in Linux for more insights.
[1]S. Roberto, "Linux: Add User to Group (Primary/Secondary/New/Existing) - HostingAdvice.com", HostingAdvice.com, 2019. [Online]. Available: https://www.hostingadvice.com/how-to/linux-add-user-to-group/. [Accessed: 28- Jun- 2019].Let’s see how we can add new and existing users to primary and secondary groups in Linux. The standard Linux permission model makes use of users, groups, and file permissions (i.e., read, write, execute, and a sticky bit).
June 26, 2019•66 words
[Info] Build finished in 9 minutes, 2 seconds
\
\
\\
\\
>\/7
_.-(6' \
(=___._/` \
) \ |
/ / |
/ > /
j < _\
_.-' : ``.
\ r=._\ `.
<`\\_ \ .`-.
\ r-7 `-. ._ ' . `\
\`, `-.`7 7) )
\/ \| \' / `-._
|| .'
\\ (
>\ >
,.-' >.'
<.'_.''
<'