blog [AdminSysGNULinux]

blog

Table des matières

6 billet(s) pour mars 2026

2026:
- janvier
- février
- mars

2025:
- mars
- avril
- mai
- juin
- juillet
- août
- septembre
- octobre
- novembre
- décembre

6 billet(s) pour mars 2026

Notes ansible podman	2026/03/23 14:08	Jean-Baptiste
Notes podman volume	2026/03/23 14:00	Jean-Baptiste
Find list - Trouver des fichiers à partir d'une liste	2026/03/18 14:32	Jean-Baptiste
AWX inventaire vault	2026/03/17 18:04	Jean-Baptiste
AWX - Configuration git en local (sans serveur web)	2026/03/05 16:24	Jean-Baptiste
OpenSMTP	2026/03/03 16:58	Jean-Baptiste

Note commande unzip zip

unzip

$ unzip -l plop.zip

Archive:  plop.zip
  Length      Date    Time    Name
---------  ---------- -----   ----
       39  2015-01-22 17:27   mimetype
      273  2015-01-22 17:27   layout-cache
   921513  2015-01-22 17:27   ObjectReplacements/Obj101
   921513  2015-01-22 17:27   ObjectReplacements/Obj100
    10265  2015-01-22 17:27   ObjectReplacements/Object 1
     1655  2015-01-22 17:27   meta.xml
   233249  2015-01-22 17:27   content.xml
   931840  2015-01-22 17:27   Obj100
   135587  2015-01-22 17:27   styles.xml
      899  2015-01-22 17:27   manifest.rdf
    10111  2015-01-22 17:27   settings.xml
        0  2015-01-22 17:27   Configurations2/toolpanel/
        0  2015-01-22 17:27   Configurations2/statusbar/
        0  2015-01-22 17:27   Configurations2/popupmenu/
        0  2015-01-22 17:27   Configurations2/images/Bitmaps/
        0  2015-01-22 17:27   Configurations2/toolbar/
        0  2015-01-22 17:27   Configurations2/progressbar/
        0  2015-01-22 17:27   Configurations2/floater/
        0  2015-01-22 17:27   Configurations2/accelerator/current.xml
        0  2015-01-22 17:27   Configurations2/menubar/
   931840  2015-01-22 17:27   Obj101
     3765  2015-01-22 17:27   Thumbnails/thumbnail.png
        0  2015-01-22 17:27   Object 1/Configurations2/menubar/
        0  2015-01-22 17:27   Object 1/Configurations2/statusbar/
        0  2015-01-22 17:27   Object 1/Configurations2/toolbar/
        0  2015-01-22 17:27   Object 1/Configurations2/progressbar/
        0  2015-01-22 17:27   Object 1/Configurations2/images/Bitmaps/
        0  2015-01-22 17:27   Object 1/Configurations2/popupmenu/
        0  2015-01-22 17:27   Object 1/Configurations2/accelerator/current.xml
        0  2015-01-22 17:27   Object 1/Configurations2/floater/
        0  2015-01-22 17:27   Object 1/Configurations2/toolpanel/
     3711  2015-01-22 17:27   Object 1/settings.xml
    10400  2015-01-22 17:27   Object 1/content.xml
     7579  2015-01-22 17:27   Object 1/styles.xml
     2455  2015-01-22 17:27   META-INF/manifest.xml
---------                     -------
  4126694                     35 files

$ unzip -Z1 plop.zip
mimetype
layout-cache
ObjectReplacements/Obj101
ObjectReplacements/Obj100
ObjectReplacements/Object 1
meta.xml
content.xml
Obj100
styles.xml
manifest.rdf
settings.xml
Configurations2/toolpanel/
Configurations2/statusbar/
Configurations2/popupmenu/
Configurations2/images/Bitmaps/
Configurations2/toolbar/
Configurations2/progressbar/
Configurations2/floater/
Configurations2/accelerator/current.xml
Configurations2/menubar/
Obj101
Thumbnails/thumbnail.png
Object 1/Configurations2/menubar/
Object 1/Configurations2/statusbar/
Object 1/Configurations2/toolbar/
Object 1/Configurations2/progressbar/
Object 1/Configurations2/images/Bitmaps/
Object 1/Configurations2/popupmenu/
Object 1/Configurations2/accelerator/current.xml
Object 1/Configurations2/floater/
Object 1/Configurations2/toolpanel/
Object 1/settings.xml
Object 1/content.xml
Object 1/styles.xml
META-INF/manifest.xml

Vérifier l'intégrité

unzip -t plop.zip
 
unzip -qt plop.zip

Décompression

unzip plop.zip

zip

Créer une archive / compresser un dossier

zip -r plop.zip dir1/ dir2/

Comparaison /diff

zipcmp file1.zip file2.zip
pkgdiff -hide-unchanged file1.zip file2.zip

2025/03/24 15:06

Un MakeFile pour rpmbuild

Voir aussi :

https://blog.mornati.net/build-rpms-using-jenkinshudson/
Python invoke https://www.pyinvoke.org/
o-task https://taskfile.dev/
Make.rules

Makefile

clean:  SHELL:=/bin/bash
 
build:  SHELL:=/bin/bash
 
 
FicSpec = $(shell echo *.spec)
RpmName = $(shell grep -e '^%define name' $(FicSpec) |awk '{print $$3}')
RpmVersion = $(shell grep -e '^%define version' $(FicSpec) |awk '{print $$3}')
RpmRelease = $(shell grep -e '^%define release' $(FicSpec) |awk '{print $$3}')
StringRpmFullname = $(RpmName)-$(RpmVersion)-$(RpmRelease).$(shell uname -m)
 
all:    build clean
 
clean:
        rm -rf $$HOME/rpmbuild
 
cleanall:       clean
        rm -f *.rpm
 
copy:   cleanall
        mkdir -p $$HOME/rpmbuild/{BUILDROOT,SPECS}
        mkdir -p $$HOME/rpmbuild/BUILDROOT/$(StringRpmFullname)
        cp -a ROOT/* $$HOME/rpmbuild/BUILDROOT/$(StringRpmFullname)
        cp -p $(FicSpec) ~/rpmbuild/SPECS/
 
build:  copy
        rpmbuild -bb ~/rpmbuild/SPECS/*.spec
        mv  ~/rpmbuild/RPMS/*/*.rpm .

Le clean se fait bien avant, mais pas après le build.

C'est comme si :

all:    build clean

Etait

all:    build

Solution :

Makefile

clean:  SHELL:=/bin/bash
 
build:  SHELL:=/bin/bash
 
 
FicSpec = $(shell echo *.spec)
RpmName = $(shell grep -e '^%define name' $(FicSpec) |awk '{print $$3}')
RpmVersion = $(shell grep -e '^%define version' $(FicSpec) |awk '{print $$3}')
RpmRelease = $(shell grep -e '^%define release' $(FicSpec) |awk '{print $$3}')
StringRpmFullname = $(RpmName)-$(RpmVersion)-$(RpmRelease).$(shell uname -m)
 
all:    build cleanagain
 
clean:
        rm -rf $$HOME/rpmbuild
 
cleanall:       clean
        rm -f *.rpm
 
cleanagain:
        ${MAKE} clean
 
copy:   cleanall
        mkdir -p $$HOME/rpmbuild/{BUILDROOT,SPECS}
        mkdir -p $$HOME/rpmbuild/BUILDROOT/$(StringRpmFullname)
        cp -a ROOT/* $$HOME/rpmbuild/BUILDROOT/$(StringRpmFullname)
        cp -p $(FicSpec) ~/rpmbuild/SPECS/
 
build:  copy
        rpmbuild -bb ~/rpmbuild/SPECS/*.spec
        mv  ~/rpmbuild/RPMS/*/*.rpm .

Exemple avec le paquet Python mycli

mkdir -p ~/rpm/ROOT
cd ~/rpm

Déposez le Makefile dans ~/rpm/

~/rpm/mycli.spec

%define name mycli
%define version 1.21.1
%define release 1
%define debug_package %{nil}

Summary:        CLI for MySQL/MariaDB
Name: %{name}
Version: %{version}
Release: %{release}
Vendor: NC


Group:          Database
License:        MIT License
URL:            https://www.mycli.net
Source0:        https://github.com/dbcli/mycli

BuildRequires:  rpm-build
Requires:       python38
#BuildArch:     noarch

%description
This is a command line interface for MySQL, MariaDB, and Percona with
auto-completion and syntax highlighting. The CLI is also capable of pretty
printing tabular data.

#%post
#set -e

%doc


#%changelog

%files
%defattr(755,root,root,644)

export http_proxy=http://127.0.0.1:3128
export https_proxy=http://127.0.0.1:3128
 
pip3 install --user mycli
mkdir -p ~/rpm/ROOT/opt/mycli
cp -a ~/.local/* ~/rpm/ROOT/opt/mycli/
 
 
mkdir -p ~/rpm/ROOT/usr/local/bin/
 
find /home/etudes/rpm/ROOT/ -type f -name "*.pyc" -delete

~/rpm/ROOT/usr/local/bin/mycli

#!/bin/sh
 
env PYTHONPATH=/opt/mycli/lib/python3.8/site-packages/ /opt/mycli/bin/mycli "$@"

cd ~/rpm/ROOT
find . -type f |sed -e 's/^\.//' >> ../mycli.spec
 
cd ~/rpm/
make

Pb

did you mean TAB instead of 8 spaces?

$ make           
Makefile:18: *** missing separator (did you mean TAB instead of 8 spaces?).  Stop.

Solution

sed -i.bak -e 's/^[ ]\+/\t/g' Makefile

2025/03/24 15:06

rpm

Umask par defaut - Droits des fichiers par defaut

Pour Debian Jessie

Voir :

Voir aussi :

/etc/login.defs

#UMASK          022
UMASK           027

/etc/pam.d/common-session

session optional pam_umask.so

Infos

umask 27
umask -S

Source : http://www.cyberciti.biz/tips/understanding-linux-unix-umask-value-usage.html

umask	Niveau de sécurité	Permission effectives (sur les dossiers)
022	Permissif	755
026	Modéré	751
027	Modéré	750
077	Sévère	700

Changer le umask par défaut d'un utilisateur

Voir http://stackoverflow.com/questions/10220531/how-to-set-system-wide-umask

Il est possible d'utiliser

le champ GECOS de /etc/passwd
de modifier le fichier .profile, .barshrc etc… de l'utilisateur
d'utiliser pam

Champ GECOS de /etc/passwd

#chfn --other='umask=002' username
chfn -o 'umask=0002' username

NOTE : A tester en console tty & xterm, et aussi en scp, sftp.

Changer le umask pour un service Systemd

/etc/systemd/system/plop.service

[Service]
UMask=006

https://ask.fedoraproject.org/en/question/7148/setting-apaches-umask-not-working-in-fedora-16-and-17/

/etc/systemd/system/httpd.service

.include /lib/systemd/system/httpd.service
[Service]
UMask = 0002

Autres

Exemple

source /var/lib/awx/venv/ansible/bin/activate
umask 0022
pip install --upgrade pywinrm
deactivate

2025/03/24 15:06

Ultra fast reboot

Technique pas recommandé

Voir

https://fr.wikipedia.org/wiki/Magic_SysRq_key

Source article complet :

https://major.io/2009/01/29/linux-emergency-reboot-or-shutdown-with-magic-commands/

echo 1 > /proc/sys/kernel/sysrq 
echo b > /proc/sysrq-trigger

Ultra fast shutdown

echo 1 > /proc/sys/kernel/sysrq 
echo o > /proc/sysrq-trigger

Autres

last |head
root     pts/0        192.168.3.81    Thu May 11 09:19   still logged in
reboot   system boot  3.10.0-327.el7.x Thu May 11 09:17 - 09:24  (00:07)
process  pts/0        192.168.3.81    Wed May 10 16:42 - down   (00:00)
root     pts/0        192.168.3.81    Wed May 10 16:34 - 16:42  (00:07)
reboot   system boot  3.10.0-327.el7.x Wed May 10 16:31 - 16:42  (00:10)
process  pts/0        192.168.3.81    Wed May 10 16:30 - 16:30  (00:00)
root     pts/0        192.168.3.81    Wed May 10 16:28 - 16:29  (00:01)
reboot   system boot  3.10.0-327.el7.x Wed May 10 16:27 - 16:42  (00:15)
root     pts/0        192.168.3.81    Wed May 10 16:19 - crash  (00:08)
reboot   system boot  3.10.0-327.el7.x Wed May 10 16:15 - 16:42  (00:26)

last -x shutdown
shutdown system down  3.10.0-327.el7.x Wed May 10 16:42 - 09:17  (16:34)
shutdown system down  3.10.0-327.el7.x Fri May  5 18:17 - 09:04 (3+14:46)
shutdown system down  3.10.0-327.el7.x Wed Apr  5 16:09 - 15:07 (29+22:58)

systemctl mask sleep.target suspend.target
uptime
ps -p 1 -o stime
lastb
chmod +s /sbin/halt
chmod +s /sbin/reboot

Autres

exec /sbin/init

2025/03/24 15:06

ulimit

Voir aussi :

prlimit

Depuis Redhat 6 nous avons :

/etc/security/limits.d/90-nproc.conf

# Default limit for number of user's processes to prevent
# accidental fork bombs.
# See rhbz #432903 for reasoning.
*          soft    nproc     1024
root       soft    nproc     unlimited
www-data   soft    nproc     unlimited

Options ulimit :

-H : Hard
-S : Soft
-a : All
-u : Nombre maximal de processus utilisateurs

ulimit -a -H
ulimit -a -S

help ulimit

Voir http://fr.wikipedia.org/wiki/Fork_bomb

:(){ :|:& };:

En cas de dépassement : comment le sait-on ?

Grsecurity propose un audit des dépassements des “ulimit”

Message d'erreur ?

Pourquoi ne pas utiliser les cgroups ?

Core dump

Désactiver les cores dumps (Redhat)

/etc/profile

# No core files by default
ulimit -S -c 0 > /dev/null 2>&1

Activer les cores dumps (Redhat)

su -
ulimit -c unlimited

Notes

/bin/bash -c ulimit -S -c 0 >/dev/null 2>&1 ; /usr/local/bin/plop

Temps réel

However, for systems with a Linux kernel 2.6.13 or newer, it is possible to allow processes without root privileges to set the real-time scheduling policy. When the Linux PAM module is installed (which is normally the case) you can control the maximum real-time priority for non-privileged processes on a per user or group basis via the /etc/security/limits.conf file.

For example, adding the line

   *      -      rtprio      99

Outils

Appliquez les modifications directement à un processus en cours d'exécution avec prlimit

Python

import resource
 
print(resource.getrlimit(resource.RLIMIT_NOFILE)[1])

2025/03/24 15:06

ressource, process, securite, linux

<< Billets récents | Anciens billets >>

blog.txt · Dernière modification : 2025/03/24 15:06 de 127.0.0.1