Run scripts on start or end of xsession - linux-mint

I am trying to find a way to run a script on sleep before an x session ends, because the script requires an active x session to execute properly. Storing the script in /etc/pm/sleep.d did not work (and returned errors related to a non-existent x session). Any ideas where to put the script?
Update in response to comments
king#death-star /etc/acpi $ cat 01_revert_kb_on_sleep
#!/bin/bash
touch ~/Desktop/touchfile_my_script_acpi
case "$1" in
hibernate|suspend)
sh -c "/home/king/Desktop/Scripts/rotate_desktop normal; /home/king/Desktop/Scripts/misc/my_keyboard on" 2> ~/Desktop/revert_kb_error_log.txt ;;
#thaw|resume)
king#death-star /etc/acpi $ ls
total 1MB
drwxr-xr-x 3 root root 1MB Jun 11 23:36 .
drwxr-xr-x 163 root root 1MB Jun 11 23:41 ..
-rwxr-xr-x 1 root root 1MB Jun 11 23:36 01_revert_kb_on_sleep
king#death-star /etc/acpi $ ps -ef| grep acpid
root 1070 1 0 23:41 ? 00:00:00 acpid -c /etc/acpi/events -s /var/run/acpid.socket
king 3499 2574 0 23:52 pts/2 00:00:00 grep --colour=auto acpid

Step 1.
a. Enable and start the acpi service.
b. Run the acpi_listen command and try putting the computer to sleep via various methods (pushing the power button, closing the lid, etc.)
c. Find out what events are triggered, when you do the above. In my case they were: button/lid LID close and button/sleep SBTN 00000080 00000000
Step 2.
a. Create the file /etc/acpi/events/my_events with the following:
event=(button/sleep SBTN|button/lid LID close)
action=/etc/acpi/my_script.sh
Substitute the events in the event= line with your events.
b. Create the file /etc/acpi/my_script.sh with the following:
#!/bin/sh
/home/king/Desktop/Scripts/rotate_desktop normal
/home/king/Desktop/Scripts/misc/my_keyboard on
NB. You might need to add export DISPLAY=:0 before the scripts to get access to your X session.
NB2: Your scripts will run with root user credentials. To run with your user credentials, you might want to do:
sudo -u king /home/king/Desktop/Scripts/rotate_desktop normal
sudo -u king /home/king/Desktop/Scripts/misc/my_keyboard on
c. Make the file /etc/acpi/my_script.sh executable:
chmod +x /etc/acpi/my_script.sh
d. Restart the acpi service.
Step 3. Share and enjoy.

Related

Prevent VSCode opening as root from WSL

When opening VSCode in a folder using code . using my current user, I notice that then it was started as root. The steps that I'm making are to validate this behaviour are:
$ whoami
>> franciscoserrano
$ mkdir test-dir && ll
>> drwxr-xr-x 2 franciscoserrano franciscoserrano 4.0K Jan 18 19:04 test-dir
$ cd test-dir
$ code .
(right after this, inside VSCode's terminal) $ pwd && whoami
/home/franciscoserrano/projects/test-dir
root
Another weird thing is that the VSCode terminal seems to load the .zshrc of my user, this is still inside VSCode terminal:
$ pwd
>> /home/franciscoserrano/projects/test-dir
$ whoami && cd
>> root
$ pwd
>> /home/franciscoserrano
Is this intended? Why making $ cd changes to a directory that is not from the user that outputs $ whoami? How do I force VSCode to open as the same user as in WSL?
Another detail: when creating files inside the same folder, using the VSCode GUI, those are also created as root:
-rw-r--r-- 1 root root 0 Jan 18 19:18 hello.c
Running the following command on the windows side fixes this issue for me:
ubuntu2204.exe config --default-user <wsl-user>

`pg_ls_dir` can query some directories, but not others

On my system, /home and /etc have exactly the same permissions:
$ ls -ld /home /etc
drwxr-xr-x 67 root root 4096 Nov 13 15:59 /etc
drwxr-xr-x 3 root root 4096 Oct 18 13:45 /home
However, Postgres can read one, but not the other:
test=# select count(*) from (select pg_ls_dir('/etc')) a;
count
-------
149
(1 row)
test=# select count(*) from (select pg_ls_dir('/home')) a;
ERROR: could not open directory "/home": Permission denied
Even though the user the DB is running as can, in fact, run ls /home:
$ sudo -u postgres ls /home > /dev/null && echo "ls succeeded"
ls succeeded
What is going on?
My postgres version is 11.5, running on Arch Linux.
I figured it out, it is because Arch's bundled postgresql.service file set ProtectHome=true, causing systemd to use Linux mount namespaces to block the postgres processes from accessing /home.

Problems with permissions for logrotate

I'm writing my own logrotate configuration for some web application:
/home/me/public_html/logs/*.log {
daily
missingok
rotate 15
compress
delaycompress
notifempty
create 0660 me www-data
nosharedscripts
}
But running logrotate for these files results in:
$ sudo logrotate -d -v *.log
Ignoring logfile1.log because of bad file mode.
Ignoring logfile2.log because of bad file mode.
Ignoring otherlogfile.log because of bad file mode.
Handling 0 logs
$ ls -l
-rw-rw---- 1 me www-data 893584 Jan 27 16:01 logfile1.log
-rw-rw---- 1 me www-data 395011 Jan 27 16:01 logfile2.log
-rw-rw---- 1 me www-data 4949115 Jan 27 16:01 otherlogfile.log
Is this related to the file permissions of the actual logfiles in the directory of to the permissions specified with create 0660 me www-data?
If I change the filepermissions to -rw-r----- and the create line to
create 0640 me www-data
I get
$ sudo logrotate -d -v *.log
Ignoring logfile1.log because the file owner is wrong (should be root).
Ignoring logfile2.log because the file owner is wrong (should be root).
Ignoring otherlogfile.log because the file owner is wrong (should be root).
Handling 0 logs
My system is a debian testing/jessie.
Ok, stupid situation. The logrotate command has to be executed on the configuration file instead of the log file.
$ sudo logrotate -d -v /etc/logrotate.d/my-app
It seems to be important that the parent directory of the logfile is not world writable (------rw-) and not writable by any non root group (---rw----). Otherwise, you will see:
error: skipping "/home/me/public_html/logs/logfile1.log" because parent
directory has insecure permissions (It's world writable or writable by
group which is not "root") Set "su" directive in config file to tell
logrotate which user/group should be used for rotation.

Effective user id does not change after making the file owned by root

I'm currently reading a book on programming with C, I got to a part where I've got to write a program which will display the real uid and effective uid that the file is being executed on. After compiling the code with gcc, I input the command to see the current uOwner and gOwner ls- l id_demo the output is this:
-rwxrwxr-x 1 user user 8629 Sep 21 13:04 id_demo
I then execute the program itself, this is what I get:
real uid: 1000 effective uid: 1000
...so far so good. I then input a command to change the owner of the file:
sudo chown root:root ./id_demo
The ls -l confirms that the owner has been changed to root:
-rwxrwxr-x 1 root root 8629 Sep 21 13:04 id_demo
Again, executing the program shows real uid and uid as 1000. The last step after which the uid must be 0 is this: sudo chmod u+s ./uid_demo but for me they stay as 1000, where in the book the output is clearly show to be this:
real uid: 1000
effective uid: 0
Any ideas why is this happening?
UPDATE
id_demo source code:
#include <stdio.h>
int main ()
{
printf("real uid: %d\n", getuid());
printf("effective uid: %d\n", geteuid());
}
UPDATE 2
Screen shots
PLEASE HELP. I'm going crazy I spent 6+hour looking for the solution and I need to move on.
We've figured it out. The cause is an ecryptfs-mounted home directory. The mount output contains the following line:
/home/evgeny/.Private on /home/evgeny type ecryptfs
That means that the home directory isn't actually part of the root filesystem (that has the necessary suid flag), but its own virtual filesystem that apparently doesn't support setuid binaries by default. I have successfully reproduced the issue with a test user that has an encrypted home directory.
It is possible to add the suid flag to the ecryptfs with the following command:
sudo mount -i -o remount,suid /home/evgeny
I'm not certain though how safe that is, nor how to change it permanently so that it would survive reboots.
This works for me:
compile
$ gcc uid_demo.c -o uid_demo
$ ll
total 12
-rwxrwxr-x 1 saml saml 6743 Sep 21 17:05 uid_demo
-rw-rw-r-- 1 saml saml 116 Sep 21 16:58 uid_demo.c
chown
$ sudo chown root:root uid_demo
$ ll
total 12
-rwxrwxr-x 1 root root 6743 Sep 21 17:05 uid_demo
-rw-rw-r-- 1 saml saml 116 Sep 21 16:58 uid_demo.c
chmod
$ sudo chmod u+s uid_demo
$ ll
total 12
-rwsrwxr-x 1 root root 6743 Sep 21 17:05 uid_demo
-rw-rw-r-- 1 saml saml 116 Sep 21 16:58 uid_demo.c
run
$ ./uid_demo
real uid: 500
effective uid: 0

shell script not executing despite full permissions

I have a small script that executes fine from my home folder but when moved to a different folder on different partition (EXT4)
$ ls -lah ./build.sh
-rwxrwxr-x 1 olmec(me) olmec(me) 510 Oct 31 20:00 ./build.sh
$ ./build.sh
bash: ./build.sh: Permission denied
I have tried chmod 777 build.sh but no difference.
The script is in folder /media/data/source
Data drive partition is mounted in FStab as
UUID=affd0ac6-f3da-4f88-ac22-65d94dc5da8c /media/data ext4 user,user 0 0
Resolved by modifying FStab mount command
UUID=affd0ac6-f3da-4f88-ac22-65d94dc5da8c media/data ext4 auto,users,exec 0 0
Most probably it's on a volume which was mounted with the noexec option, I'd check that. If that's not the case, you can still try to find out from strace bash yourscript's output.