Linux HowTo: Installing ffmpeg in Amazon Linux

Original Source Link

So as the title says I am trying to install ffmpeg package on amazon linux.

I tried the commands:

wget http://download1.rpmfusion.org/free/el/updates/6/i386/rpmfusion-free-release-6-1.noarch.rpm 
sudo rpm -Uhv rpmfusion-free-release-6-1.noarch.rpm
wget http://download1.rpmfusion.org/nonfree/el/updates/6/i386/rpmfusion-nonfree-release-6-1.noarch.rpm
sudo rpm -Uhv rpmfusion-nonfree-release-6-1.noarch.rpm
sudo yum install ffmpeg

but I got the following error:

Error: Package: ffmpeg-libs-0.10.15-1.el6.x86_64 (rpmfusion-free-updates)
Error: Package: ffmpeg-libs-0.10.15-1.el6.x86_64 (rpmfusion-free-updates)
           Requires: libpulse-simple.so.0()(64bit)
Error: Package: ffmpeg-libs-0.10.15-1.el6.x86_64 (rpmfusion-free-updates)
           Requires: libschroedinger-1.0.so.0()(64bit)
Error: Package: ffmpeg-libs-0.10.15-1.el6.x86_64 (rpmfusion-free-updates)
           Requires: libva.so.1()(64bit)
Error: Package: ffmpeg-libs-0.10.15-1.el6.x86_64 (rpmfusion-free-updates)
           Requires: libtheoradec.so.1(libtheoradec_1.0)(64bit)
Error: Package: ffmpeg-libs-0.10.15-1.el6.x86_64 (rpmfusion-free-updates)
           Requires: libcdio_paranoia.so.0()(64bit)
Error: Package: ffmpeg-libs-0.10.15-1.el6.x86_64 (rpmfusion-free-updates)
           Requires: libSDL-1.2.so.0()(64bit)
Error: Package: ffmpeg-libs-0.10.15-1.el6.x86_64 (rpmfusion-free-updates)
           Requires: libcdio_cdda.so.0(CDIO_CDDA_0)(64bit)
Error: Package: ffmpeg-libs-0.10.15-1.el6.x86_64 (rpmfusion-free-updates)
           Requires: libopenal.so.1()(64bit)
Error: Package: ffmpeg-libs-0.10.15-1.el6.x86_64 (rpmfusion-free-updates)
           Requires: libtheoraenc.so.1(libtheoraenc_1.0)(64bit)
Error: Package: ffmpeg-libs-0.10.15-1.el6.x86_64 (rpmfusion-free-updates)
           Requires: libcdio_cdda.so.0()(64bit)
Error: Package: ffmpeg-libs-0.10.15-1.el6.x86_64 (rpmfusion-free-updates)
           Requires: libpulse.so.0()(64bit)
Error: Package: ffmpeg-libs-0.10.15-1.el6.x86_64 (rpmfusion-free-updates)
           Requires: libtheoradec.so.1()(64bit)
Error: Package: ffmpeg-libs-0.10.15-1.el6.x86_64 (rpmfusion-free-updates)
           Requires: libass.so.4()(64bit)
Error: Package: ffmpeg-libs-0.10.15-1.el6.x86_64 (rpmfusion-free-updates)
           Requires: libpulse.so.0(PULSE_0)(64bit)
Error: Package: ffmpeg-libs-0.10.15-1.el6.x86_64 (rpmfusion-free-updates)
           Requires: libgsm.so.1()(64bit)
Error: Package: ffmpeg-libs-0.10.15-1.el6.x86_64 (rpmfusion-free-updates)
           Requires: libtheoraenc.so.1()(64bit)
Error: Package: ffmpeg-libs-0.10.15-1.el6.x86_64 (rpmfusion-free-updates)
           Requires: libcelt0.so.1()(64bit)
Error: Package: ffmpeg-libs-0.10.15-1.el6.x86_64 (rpmfusion-free-updates)
           Requires: libpulse-simple.so.0(PULSE_0)(64bit)
Error: Package: ffmpeg-0.10.15-1.el6.x86_64 (rpmfusion-free-updates)
           Requires: libSDL-1.2.so.0()(64bit)
Error: Package: ffmpeg-libs-0.10.15-1.el6.x86_64 (rpmfusion-free-updates)
           Requires: libcdio_paranoia.so.0(CDIO_PARANOIA_0)(64bit)
Error: Package: ffmpeg-libs-0.10.15-1.el6.x86_64 (rpmfusion-free-updates)
           Requires: libv4l2.so.0()(64bit)
Error: Package: ffmpeg-libs-0.10.15-1.el6.x86_64 (rpmfusion-free-updates)
           Requires: libdc1394.so.22()(64bit)
 You could try using --skip-broken to work around the problem
 You could try running: rpm -Va --nofiles --nodigest

Any suggestions?

I guess you used commands from this guide, but this method doesn’t work.
This error happens because Amazon Linux doesn’t include most multimedia libs including ffmpeg, Pulse and so on. You need to add CentOS repos, which contain these missing packages.

I had the same error and this is how I dealt with it.

  1. Create repo-file where you should include CentOS repos of proper version.This is important!
    If your AMI EPEL repos have 6th version, then use CentOS 6. If 7th, then CentOS 7.

    [base]
    name=CentOS-6 - Base
    mirrorlist=http://mirrorlist.centos.org/?release=6&arch=x86_64&repo=os
    #baseurl=http://mirror.centos.org/centos/6/extras/x86_64/
    gpgcheck=1
    gpgkey=http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-6
    priority=1
    [updates]
    name=CentOS-6 - Updates
    mirrorlist=http://mirrorlist.centos.org/?release=6&arch=x86_64&repo=updates
    #baseurl=http://mirror.centos.org/centos/6/updates/x86_64/
    gpgcheck=1
    gpgkey=http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-6
    priority=1
    [extras]
    name=CentOS-6 - Extras
    mirrorlist=http://mirrorlist.centos.org/?release=6&arch=x86_64&repo=extras
    #baseurl=http://mirror.centos.org/centos/6/extras/x86_64/
    gpgcheck=1
    gpgkey=http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-6
    priority=1
    #additional packages that extend functionality of existing packages
    
  2. Import GPG key for the repo

    sudo rpm --import http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-6
    
  3. Update repos

    yum -y update --skip-broken
    
  4. Install ffmpeg as usual

    yum install ffmpeg
    

The method was taken from this thread and a bit adapted to be more up to date.

Tagged : / / /

Making Game: Installing ffmpeg in Amazon Linux

Original Source Link

So as the title says I am trying to install ffmpeg package on amazon linux.

I tried the commands:

wget http://download1.rpmfusion.org/free/el/updates/6/i386/rpmfusion-free-release-6-1.noarch.rpm 
sudo rpm -Uhv rpmfusion-free-release-6-1.noarch.rpm
wget http://download1.rpmfusion.org/nonfree/el/updates/6/i386/rpmfusion-nonfree-release-6-1.noarch.rpm
sudo rpm -Uhv rpmfusion-nonfree-release-6-1.noarch.rpm
sudo yum install ffmpeg

but I got the following error:

Error: Package: ffmpeg-libs-0.10.15-1.el6.x86_64 (rpmfusion-free-updates)
Error: Package: ffmpeg-libs-0.10.15-1.el6.x86_64 (rpmfusion-free-updates)
           Requires: libpulse-simple.so.0()(64bit)
Error: Package: ffmpeg-libs-0.10.15-1.el6.x86_64 (rpmfusion-free-updates)
           Requires: libschroedinger-1.0.so.0()(64bit)
Error: Package: ffmpeg-libs-0.10.15-1.el6.x86_64 (rpmfusion-free-updates)
           Requires: libva.so.1()(64bit)
Error: Package: ffmpeg-libs-0.10.15-1.el6.x86_64 (rpmfusion-free-updates)
           Requires: libtheoradec.so.1(libtheoradec_1.0)(64bit)
Error: Package: ffmpeg-libs-0.10.15-1.el6.x86_64 (rpmfusion-free-updates)
           Requires: libcdio_paranoia.so.0()(64bit)
Error: Package: ffmpeg-libs-0.10.15-1.el6.x86_64 (rpmfusion-free-updates)
           Requires: libSDL-1.2.so.0()(64bit)
Error: Package: ffmpeg-libs-0.10.15-1.el6.x86_64 (rpmfusion-free-updates)
           Requires: libcdio_cdda.so.0(CDIO_CDDA_0)(64bit)
Error: Package: ffmpeg-libs-0.10.15-1.el6.x86_64 (rpmfusion-free-updates)
           Requires: libopenal.so.1()(64bit)
Error: Package: ffmpeg-libs-0.10.15-1.el6.x86_64 (rpmfusion-free-updates)
           Requires: libtheoraenc.so.1(libtheoraenc_1.0)(64bit)
Error: Package: ffmpeg-libs-0.10.15-1.el6.x86_64 (rpmfusion-free-updates)
           Requires: libcdio_cdda.so.0()(64bit)
Error: Package: ffmpeg-libs-0.10.15-1.el6.x86_64 (rpmfusion-free-updates)
           Requires: libpulse.so.0()(64bit)
Error: Package: ffmpeg-libs-0.10.15-1.el6.x86_64 (rpmfusion-free-updates)
           Requires: libtheoradec.so.1()(64bit)
Error: Package: ffmpeg-libs-0.10.15-1.el6.x86_64 (rpmfusion-free-updates)
           Requires: libass.so.4()(64bit)
Error: Package: ffmpeg-libs-0.10.15-1.el6.x86_64 (rpmfusion-free-updates)
           Requires: libpulse.so.0(PULSE_0)(64bit)
Error: Package: ffmpeg-libs-0.10.15-1.el6.x86_64 (rpmfusion-free-updates)
           Requires: libgsm.so.1()(64bit)
Error: Package: ffmpeg-libs-0.10.15-1.el6.x86_64 (rpmfusion-free-updates)
           Requires: libtheoraenc.so.1()(64bit)
Error: Package: ffmpeg-libs-0.10.15-1.el6.x86_64 (rpmfusion-free-updates)
           Requires: libcelt0.so.1()(64bit)
Error: Package: ffmpeg-libs-0.10.15-1.el6.x86_64 (rpmfusion-free-updates)
           Requires: libpulse-simple.so.0(PULSE_0)(64bit)
Error: Package: ffmpeg-0.10.15-1.el6.x86_64 (rpmfusion-free-updates)
           Requires: libSDL-1.2.so.0()(64bit)
Error: Package: ffmpeg-libs-0.10.15-1.el6.x86_64 (rpmfusion-free-updates)
           Requires: libcdio_paranoia.so.0(CDIO_PARANOIA_0)(64bit)
Error: Package: ffmpeg-libs-0.10.15-1.el6.x86_64 (rpmfusion-free-updates)
           Requires: libv4l2.so.0()(64bit)
Error: Package: ffmpeg-libs-0.10.15-1.el6.x86_64 (rpmfusion-free-updates)
           Requires: libdc1394.so.22()(64bit)
 You could try using --skip-broken to work around the problem
 You could try running: rpm -Va --nofiles --nodigest

Any suggestions?

I guess you used commands from this guide, but this method doesn’t work.
This error happens because Amazon Linux doesn’t include most multimedia libs including ffmpeg, Pulse and so on. You need to add CentOS repos, which contain these missing packages.

I had the same error and this is how I dealt with it.

  1. Create repo-file where you should include CentOS repos of proper version.This is important!
    If your AMI EPEL repos have 6th version, then use CentOS 6. If 7th, then CentOS 7.

    [base]
    name=CentOS-6 - Base
    mirrorlist=http://mirrorlist.centos.org/?release=6&arch=x86_64&repo=os
    #baseurl=http://mirror.centos.org/centos/6/extras/x86_64/
    gpgcheck=1
    gpgkey=http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-6
    priority=1
    [updates]
    name=CentOS-6 - Updates
    mirrorlist=http://mirrorlist.centos.org/?release=6&arch=x86_64&repo=updates
    #baseurl=http://mirror.centos.org/centos/6/updates/x86_64/
    gpgcheck=1
    gpgkey=http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-6
    priority=1
    [extras]
    name=CentOS-6 - Extras
    mirrorlist=http://mirrorlist.centos.org/?release=6&arch=x86_64&repo=extras
    #baseurl=http://mirror.centos.org/centos/6/extras/x86_64/
    gpgcheck=1
    gpgkey=http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-6
    priority=1
    #additional packages that extend functionality of existing packages
    
  2. Import GPG key for the repo

    sudo rpm --import http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-6
    
  3. Update repos

    yum -y update --skip-broken
    
  4. Install ffmpeg as usual

    yum install ffmpeg
    

The method was taken from this thread and a bit adapted to be more up to date.

Tagged : / / /

Linux HowTo: How to check if a program use wayland or x11 in linux?

Original Source Link

Is there any command in linux can tell wether a program use wayland, Xorg or Xwayland in linux?

Not a command per se, but Sergey Bugaev shared a cool trick:

Launch xeyes and move mouse over a window. If the eyes are moving, it’s an XWayland window, otherwise it’s a native Wayland window.

xeyes

xeyes is typically pre-installed in most distros. Otherwise, it can be found in the x11-apps package or similar.

Tagged : / /

Server Bug Fix: Domain works with www., without shows Nginx landing page, IP shows 404

Original Source Link

I’m a total novice, so please forgive me if the answer is right in my face.

I’m setting up a WordPress site on a DigitalOcean server running on Ubuntu 18.04.3, using their tutorials. My Nginx server block configuration file contains the following:

server {
root /var/www/[domain.com]/;
index index.php index.html index.htm index.nginx-debian.html;
server_name [domain.com] [www.domain.com];
[...]

I placed the WordPress files into /var/www/[domain.com]

Any ideas?

Tagged : / / / /

Making Game: How to check if a program use wayland or x11 in linux?

Original Source Link

Is there any command in linux can tell wether a program use wayland, Xorg or Xwayland in linux?

Not a command per se, but Sergey Bugaev shared a cool trick:

Launch xeyes and move mouse over a window. If the eyes are moving, it’s an XWayland window, otherwise it’s a native Wayland window.

xeyes

xeyes is typically pre-installed in most distros. Otherwise, it can be found in the x11-apps package or similar.

Tagged : / /

Server Bug Fix: Estimating the time needed for a resize2fs shrink

Original Source Link

I have a large ext4 filesystem which I’m currently shrinking (109Tb -> 83Tb in my case), and it’s taking an extremely long time (Day 5 as of asking). Currently I can see that the process is still doing I/O (so it seems it hasn’t errored out and stalled i.e. 100% cpu usage) via iotop. However, from a cursory glance around the internet it would seem that resize2fs hasn’t been quite as optimized for shrinks as much as growing the volumes (circa 2011).

To that matter, I don’t want to interrupt it if I can help it, but I feel a little naked running a filesystem change for this long. What would be a good/timely estimate for an ext4 shrink, given we know the space requirements before and after (as well as the number of blocks / block sizes)

Software involved:

  • e2fs…: 1.43.1
  • OS: debian 4.19.16-1-bpo9+1

My specific filesystem:

  • Type: ext4
  • Size: ~109Tb (29297465344 blocks)
  • Shrink to: 83Tb (22280142848 blocks)
  • Block size: 4Kb (4096 bytes)
  • bytes-per-inode: 2^15 (32786 bytes)

Current outputs:

resize2fs -p ...:

[[email protected]]## ~:: resize2fs -p /dev/storage/storage 83T
resize2fs 1.43.4 (31-Jan-2017)
Resizing the filesystem on /dev/storage/storage to 22280142848 (4k) blocks.
Begin pass 2 (max = 802451420)
Relocating blocks             XX--------------------------------------

iotop:

   TID  PRIO  USER     DISK READ  DISK WRITE  SWAPIN     IO>    COMMAND
  7282 be/4 root       39.21 M/s   39.21 M/s  0.00 % 94.07 % resize2fs -p /dev/storage/storage 83T

cat /proc/7282/io:

rchar: 12992021859371
wchar: 12988874121611
syscr: 13244258
syscw: 12482026
read_bytes: 13003899662336
write_bytes: 12988874125312
cancelled_write_bytes: 0

I’m still looking up info about the different passes resize2fs needs to do as well as how I could calculate how long those passes take given the info I’ve got about my filesystem (I have more if needed). In short, how can I come up with a final estimation for how long this will take?

Edit: Is this actually a finished Pass 2?

[[email protected]]## ~:: resize2fs -p /dev/storage/storage 83T
resize2fs 1.43.4 (31-Jan-2017)
Resizing the filesystem on /dev/storage/storage to 22280142848 (4k) blocks.
Begin pass 2 (max = 802451420)
Relocating blocks             XX--------------------------------------
Begin pass 3 (max = 894088)
Scanning inode table          XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Begin pass 4 (max = 92164)
Updating inode references     XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
The filesystem on /dev/storage/storage is now 22280142848 (4k) blocks long.

Rough estimates can help illustrate the scale of a thing, even if simplistic and not at all accurate or precise. Assume all 1.2E+14 bytes need to be read, and 4E+7 bytes per second can be sustained. That is 3E+6 seconds, or 34 days. resize2fs 5% progress bar at about 5 days seems like the right power of 10.

Weeks to go, at least.


When does this volume need to be returned to service? Different urgency for something that needs to go up now, versus an archive with no immediate use that you can spend a month on.

Are you prepared for data loss if this gets interrupted? There is not a graceful way to stop it, so a chance of corruption. Successful reduces have happened, but they are not commonly done, and stopping the reduce in the middle of reshuffling around blocks even less so. Whatever happens to this file system, check consistency with fsck. Have a recovery plan ready, with backups of important data.

Must this volume still be reduced, even if this attempt ends up failed? The safe way is to create a new, smaller file system and copy data over. Obvious disadvantage, this requires new storage. Perhaps take the opportunity to do a storage migration or other things that require an array rebuild or similar.

Tagged : / / / /

Server Bug Fix: How can I find current SSH protocol version of the current connection?

Original Source Link

I connect to a Linux machine (CentOS 6.4) using PuTTY. Except from fact that I can set PuTTY to only use one type of protocol, how can I find the current SSH connection’s version (SSH1 or SSH2)?

Once you are in you say:

ssh -v localhost

it will tell you the exact version of the server.

An alternative way.

As cstamas suggested, you can use ssh -v localhost. Uou simply ssh to yourself 127.0.0.1 on verbose mode, which will display debugging messages of the progress. Yes, through this process you can look at the top of the communication and you can get the SSH version that you are currently running.

But if you read the ssh man page, you will find the -V option on ssh more useful. Taken out the ssh man page:

-V Display the version number and exit.

-v Verbose mode. Causes ssh to print debugging messages about its progress. This is helpful in debugging connection, authentication, and configuration problems. Multiple -v options increase the verbosity. The maximum is 3.

So I think it would be better to simply do ssh -V and get something similar to:

> ssh -V
OpenSSH_6.6.1p1, OpenSSL 1.0.1e-fips 11 Feb 2013

PuTTY

In Session, Logging, select the “SSH packets and raw data” radio button. Select the log file as putty.log in a location of your choice. Make the connection. You should see:

Event Log: Server version: SSH-2.0-OpenSSH_5.3
Event Log: Using SSH protocol version 2

See below for details on what SSH-2.0 means.

Other Methods

You could also try using the telnet client, but point to port 22:

telnet test1 22

When you connect you will see:

Trying 192.168.144.145…
Connected to test1.
Escape character is ‘^]’.
SSH-2.0-OpenSSH_5.3

The last line is the one to look for:

SSH-2.0-OpenSSH_5.3

If it says SSH-2.0 then that is good, the SSH server you connected to supports only SSH protocol version 2. It will not support connections from SSH V1 protocol clients.

If however you see:

SSH-1.99-OpenSSH_5.3

Then that means that the server end is still supporting SSH protocol version 1. It has something like this in it’s sshd_config file:

Protocol 1,2

Protocol 1 is vulnerable and should not be used.

So to get that straight. If you see SSH-2 when you telnet to port 22 of the remote server then you can only be using SSH protocol version 2 as the server does not support protocol 1.

As per cstamas answer above, the -v flag will show a line:

debug1: Remote protocol version 1.99, remote software version OpenSSH_5.3

or:

debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3

You want to see version 2.0 there.

You can get this pretty quickly using netcat from your local machine, for example:

$ nc [IP_ADDRESS] 22
SSH-2.0-OpenSSH_5.3

I like this better:

$ echo ~ | nc localhost 22
SSH-1.99-OpenSSH_3.9p1
Protocol mismatch.
$

The benefit here is that it can be done programatically since the connection isn’t held open. For Python, try:

ssh_protocol = float(re.search(r"SSH-(d.d+)").group(1))

To get more details you can use this:

    rpm -qi openssh
Name        : openssh
Version     : 7.4p1
Release     : 21.el7
Architecture: x86_64
Install Date: Пт 17 янв 2020 12:21:57
Group       : Applications/Internet
Size        : 1991172
License     : BSD
Signature   : RSA/SHA256, Пт 23 авг 2019 00:37:23, Key ID 24c6a8a7f4a80eb5
Source RPM  : openssh-7.4p1-21.el7.src.rpm
Build Date  : Пт 09 авг 2019 04:40:49
Build Host  : x86-01.bsys.centos.org
Relocations : (not relocatable)
Packager    : CentOS BuildSystem <http://bugs.centos.org>
Vendor      : CentOS
URL         : http://www.openssh.com/portable.html
Summary     : An open source implementation of SSH protocol versions 1 and 2

The only method I am aware of requires that one has sufficient privileges to view the ssh log entries in /var/log/auth.log.

$ echo $SSH_CONNECTION 
127.0.0.1 12375 127.0.0.1 22

The first and second fields of the SSH_CONNECTION variable indicate the source IP address and source port of my connection. By grep-ing for those values in /var/log/auth.log, I can find the log entry from when my SSH connection was authenticated.

$ sudo grep -F ' from 127.0.0.1 port 12375 ' /var/log/auth.log | grep ssh
Jun 26 16:29:52 morton sshd[20895]: Accepted keyboard-interactive/pam for jim from 127.0.0.1 port 12375 ssh2

This log entry tells me that my current connection is using the SSH 2 protocol. Of course, if the ssh session has been open for several days, the log entry may be in /var/log/auth.log.0 or some older auth.log file.

Tagged : / /

Server Bug Fix: Bash: List all modified files and concatenate

Original Source Link

I want to list all the *.txt files modified over the last 7 days and concatenate in a single new.txt

Tried:

cat $(find *.txt -mtime -7 -ls) > new.txt

How can I achieve this?

find . -name '*.txt' -mtime -8 -exec cat {} + > new.txt

From man find, maybe relevant:

-daystart
Measure times (for -amin, -atime, -cmin, -ctime, -mmin, and -mtime) from the beginning of today rather than from 24 hours ago.

Tagged : /

Server Bug Fix: How can I return 404 for specified existing file in apache and nginx?

Original Source Link

I need to return 404 error for some specified files like ‘config.php’ . How can I do it with ‘.htaccess’ in Apache? And in nginx without htaccess? Thanks.

NGINX:

location = /config.php {
    return 404;
}

You don’t need .htaccess with Apache, and it’s actually only recommended as a last resort. Likewise, mod_rewrite should only be used if necessary: When not to use mod_rewrite.

You can use both Redirect and RedirectMatch from mod_alias to return 404:

  • Redirect 404 /config.php
  • RedirectMatch 404 ^/config.php$

You can place them directly in your server configuration, or in your Virtual Host, e.g.

<VirtualHost *:80> 
    ServerName www.example.com
    DocumentRoot "/var/www/example.com"

    Redirect 404 /config.php
</VirtualHost>

.htaccess on Apache (using mod_rewrite):

RewriteEngine On

RewriteRule ^config.php$ - [R=404]

Assuming /config.php in the document root.

Tagged : / / / /

Server Bug Fix: Program claiming a dedicated user to run itself

Original Source Link

A desktop running Ubuntu Linux 14.04 LTS seemed to go slower than usual. top showed that freshclam, the database-update utility for the Unix anti-virus program, was working the hardest.

freshclam --version shows the version is from yesterday:

ClamAV 0.100.3/25835/Sat Jun  6 14:51:26 2020

This program was running under the user clamav, rather than root or user.

  • Is it usual for a program to claim a dedicated user profile to run itself?
  • Is this actually a good sign, because it adds transparency to what happens anyhow?
  • Is this actually a bad sign, because such an ad-hoc user can intrude upon other “stuff”?
  • Can I retrieve a list of the programs installed in my computer claiming this right of working with a dedicated user name? Basically, can a user oversee such behaviours?

Any common-sense tips that apply to understanding these kinds of situations are appreciated.

Clamav is a daemon. The Linux Standard Base Core Specification recommends that daemons run under individual User IDs. This way you have fine-grained access control for each daemon, and in case one of them is compromised, the attacker does not automatically have unlimited access to the system (as they would if the daemon ran as root, for example).

Any common-sense tips that apply to understanding these kinds of
situation

Any application needs some account to run. Running every application with a root account can be dangerous. In case such application has a critical bug, e.g. it allows execution of other applications in the system, the success of possible attacks depends essentially on the permissions of such application.

If this application is running with a root account, than actually any actions it executes will be accepted and performed by the system. Means, an attack can be successful. But if the application is running with a some restricted account with less permissions, then many malicious actions will be impossible because the system will refuse to perform them.

Using a separate account allows to control the permissions needed to the particular application more precisely. You can give such account exactly the permissions that it needs and not more. Also, you can withdraw permissions from such accounts quickly or even delete it. Having a separate account allows the application to keep its data (config files, log files) protected from other users without requiring the root account.

This is the idea.

In the reality we should keep in mind following:

1) It can be that the granularity of permissions is too coarse grained and you have to give some more permissions than you would like to.

2) Maintaining a separate account for every application (process, service, daemon) requires efforts. That’s why we estimate the risks and take into account efforts. If the risks are low, it makes sense to keep the efforts low and to maintain as little accounts as possible.

3) Many applications have a configurable user account they will be running with. It has name similar to the application name. It is up to you to keep it or to use some other user account for this application.

4) In regards to clamav: Having a separate account is not suspicious, it is normal.

Applications often run a script as root during installation. This script may use the root rights to create the limited user account that only has as much permissions as the program requires. It is a normal and good approach.

In case of doubt, use

   ps -e -f

to see the command line in completeness and verify where is the running binary located.

Programs with less extensive installation support require administrator to create these accounts and scripts for switching into them.

Is it usual for a program to claim a own user profile to run itself?

It is normal for programs that run in the background to run as their own users.

Is this actually a good sign, because it adds transparency to what happens anyhow?

It’s good because it provides privilage seperation, if all the background programs ran as the same user then a compromise of one could more easily spread to the others, it also helps with monitoring.

Is this actually a bad sign, because such an ad-hoc user can intrude upon other stuff?

It’s certainly sub-optimal that unix-like systems do not maintain a distinction in usernames between human users and system users, but it’s an old design that is very hard to go back and fix :(. Debian does now recommend an underscore prefix for newly added system usernames, but there doesn’t seem to be any desire to try and change the multitude of existing ones.

Can I retrieve a list of the programs installed in my computer claiming this right of working with an own user name? Basically, can a user oversee such behaviors?

As a general rule on Debian-like systems, system users can be distinguished by having user-ids in the range 0 to 999 while normal users will normally have user IDs in the range 1000 to 59999 (see https://www.debian.org/doc/debian-policy/ch-opersys.html for further details)

In terms of what programs actually use each user that can be harder to tell, sometimes you may find it in an init script, systemd service file, cron job etc but some services start is root and then drop down to their specific user after certain privileged initialization tasks (mostly binding to privileged TCP/UDP ports) are complete.

Is it usual for a program to claim a own user profile to run itself?

As mentioned in other answers, this isn’t a regular program. It’s a daemon. And, yes, it’s perfectly normal for a daemon to have its own user.

Is this actually a good sign, because it adds transparency to what happens anyhow?
Is this actually a bad sign, because such an ad-hoc user can intrude upon other stuff?

It’s neither good nor bad. It’s simply a matter of convenience. On a Linux system, all processes must have some user. It’s not possible to have a process without a user. So, which user? Not root, because you should never run anything as root unless you absolutely have to. You could just pick a user, but what happens if that user is deleted? It’s much simpler for the installer/package manager/whatever to just create a user and use that.

Having said that, for some daemons (especially network-related ones), there is some security benefit. If someone is able to remotely compromise a network daemon, they’ll (in theory) only have access to files that daemon was originally able to access, i.e. files belonging to that user.

Can I retrieve a list of the programs installed in my computer claiming this right of working with an own user name? Basically, can a user oversee such behaviors?

Switching users is a “right” of every process that’s running as root. Since daemons are (typically) started by the system boot procedure, they (typically) start as root, so they’re (typically) free to arbitrarily change their own user ids. Even after they drop root privilege (if they do so, there’s nothing stopping them from continuing as root), they can retain the capability of changing their user id if they need to. So, no, there’s no central information repository of which daemons will change their user id when they start, and which won’t.

Though, there is a convention that user IDs less than 1000 are reserved for daemon users. So you could look through /etc/passwd for low-number user IDs.

Tagged : /