How to solve delete file “Operation not permitted” on Linux

Sometimes it is necessary to prevent all users including root from deleting a file. This is often done by changing the file attributes on a Linux file system. The tool used to change file attributes in Linux and other Unix systems is chattr and the tool used to view the newly set attributes is lsattr.

The format of a symbolic mode is +-=[acdeijstuADST]. The format of a symbolic mode is +-=[acdeijstuADST] and they select the new attributes for
the files.

  • The operator ‘+’ causes the selected attributes to be added
    to the existing attributes of the files
  • ‘-’ causes them to be removed
  • ‘=’ causes them to be the only attributes that the files have.

See explanation of all letters used below:

a - append only
c - compressed
d - no  dump
e - extent  format
i -  immutable
j - data journalling
s - secure deletion
t - no tail-merging
u - undeletable
A - no  atime  updates
D - synchronous directory updates
S - synchronous updates
T - top  of  directory  hierarchy

When a directory or a file has immutable attribute set, you will get the error  “Permission denied”  while trying to delete the underlying files. If the attributei (immutable bit) is set on a file, not even root will be able to modify it.

Simulate delete file “Operation not permitted” on Linux

Create a directory under /tmp

mkdir /tmp/testdir

Touch a file in the directory

touch /tmp/testdir/testfile

Set append-only attribute

sudo chattr +a /tmp/testdir/testfile

For a folder and its contents, use -R option for recursive change

sudo chattr -R +a /tmp/testdir/

See file attributes

$ lsattr /tmp/testdir/testfile
-----a---------- testdir/testfile

Try delete the folder

$ rm -f /tmp/testdir/testfile 
rm: cannot remove ‘testfile’: Operation not permitted

Remove append-only attribute

sudo chattr -a /tmp/testdir/testfile

You should now be able to delete the file

rm -f /tmp/testdir/testfile

This works same for the immutable attribute (i).

sudo chattr -i /tmp/testdir/testfile 
rm -f /tmp/testdir/testfile

References
https://computingforgeeks.com/how-to-solve-delete-file-operation-not-permitted-on-linux/

How to Install Webmin+Nginx+Nextcloud+Syncthing on a Raspberry Pi 4

Flash Pi OS Lite to a micro SD card.

Install Webmin

If you like to install and update Webmin via APT, edit the /etc/apt/sources.list file on your system and add the line:

deb https://download.webmin.com/download/repository sarge contrib

You should also fetch and install the Webmin GPG key with which the repository is signed, with the commands:

wget https://download.webmin.com/jcameron-key.asc
sudo apt-key add jcameron-key.asc

You will now be able to install with the commands:

sudo apt-get install apt-transport-https
sudo apt-get update
sudo apt-get install webmin

All dependencies should be resolved automatically.
Continue reading

How To Install Nextcloud On A Synology NAS

This post should tell you everything you need to know to install Nextcloud instance on your Synology NAS without using Docker.

I previously published a post on how to setup Pi-Hole on a Synology and since then a number of people have asked for a guide on how to install Nextcloud on a Synology. After lots of tinkering, this post is the result.

I’ve talked about Nextcloud vs Synology before, and why I think Synology is the better choice for a home server. However, by using this guide you don’t need to choose – you can install Nextcloud on your Synology NAS!

This is likely to be another long post, so let’s get cracking shall we?

Setup DNS

Once Nextcloud is all setup and working on your Synology NAS, you will probably want to access it via a nice URL, usually a subdomain like nextcloud.example.com. If that’s the case, make sure you log into the DNS provider for your domain (this is usually the registrar you registered the domain with) and configure an A record that points to the public IP address of your Synology NAS. Continue reading

How to Flash Lineage OS on an LG V20 Phone

This method will, when completed, will provide you with root and an unlocked bootloader, with fastboot available. It is a somewhat involved process, but the majority of the process has been simplified as much as possible.

WARNING!!!!This replaces your current bootloader with a debug bootloader. If you attempt to lock this bootloader you may brick your device.
Currently AT&T(H910) and Sprint(LS997) cannot return to stock because no KDZ files are available.

Disclaimer:
Once your phone is unlocked, it will no longer be covered by LG warranty @me2151.
As we cannot guarantee the proper operation of our hardware with custom software, we are not able to maintain the full scope of warranty for your device after you have unlocked the bootloader.
Because of that we have a responsibility to let you know that defects which may result from, or were caused by custom device-software may not be covered by LG warranty @me2151. Continue reading

How can I remove the GUI from Raspbian/Debian?

$ sudo apt-get --purge remove "x11-*"

This will remove all the packages that are under x11 which is the library with all the graphical packages. the option –purge allow you to delete all the config file related.

$ sudo apt-get --purge autoremove
autoremove removes all the unused packages. There are a lot of unused packages after the first command.

Reference

https://raspberrypi.stackexchange.com/questions/5258/how-can-i-remove-the-gui-from-raspbian-debian

How to fix raspi-config “The splash screen is not installed so cannot be activated”

Problem:

You want to enable the boot splash screen on your Raspberry Pi using raspi-config, but you see this error message:

The splash screen is not installed so cannot be activated

followed by There was an error running option B3 Splash Screen

Solution:

As you can find out from reading the raspi-config source code, it checks for the existence of /usr/share/plymouth/themes/pix/pix.script. In order to install this file, install the rpd-plym-splash package.

Reference

https://techoverflow.net/2020/06/13/how-to-fix-raspi-config-the-splash-screen-is-not-installed-so-cannot-be-activated

How do I enable restricted codecs to play DVD’s?

DVD support cannot be provided by default in Ubuntu due to legal and technical restrictions. Most commercial DVDs are encrypted and so require the use of decryption software in order to play them.

Use Fluendo to legally play DVDs

You can buy a commercial DVD decoder that can handle copy protection from Fluendo. It works with Linux and should be legal to use in all countries.

Use alternative decryption software

In some countries, the use of the below unlicensed decryption software is not permitted by law. Verify that you are within your rights to use it.

  1. Install libdvdnav4, libdvdread4, gstreamer1.0-plugins-bad, gstreamer1.0-plugins-ugly, and libdvd-pkg.

  2. Open a terminal window by pressing Ctrl+Alt+T.

  3. Run the command

    $ sudo dpkg-reconfigure libdvd-pkg

    and confirm in order to install libdvdcss2.

Reference

https://help.ubuntu.com/stable/ubuntu-help/video-dvd-restricted.html.en

Use Instaloader to Regularly Download Photo’s from Specific Instagram Users

First, create a folder in your Pictures folder called ‘Instaloader’.

$ mkdir ~/Pictures/Instaloader

Next create a file inside that folder.

$ nano ~/Pictures/Instaloader/instaloader.sh

Add the following to the file (replacing user’s with Instagram profile names) and save:

#!/bin/bash
cd ~/Pictures/Instaloader
~/.local/bin/instaloader --fast-update user1 user2 user3

Give the file execute permissions and run it.

$ sudo chmod a+x ~/Pictures/Instaloader/instaloader.sh

$ sudo ~/Pictures/Instaloader/instaloader.sh

If it successfully executes, then add it to cron.

$ crontab -e

# DO NOT EDIT THIS FILE - edit the master and reinstall.
# (/tmp/crontab.z5YMVK/crontab installed on Fri Mar 5 07:57:15 2021)
# (Cron version -- $Id: crontab.c,v 2.13 1994/01/17 03:20:37 vixie Exp $)
# Edit this file to introduce tasks to be run by cron.
#
# Each task to run has to be defined through a single line
# indicating with different fields when the task will be run
# and what command to run for the task
#
# To define the time you can provide concrete values for
# minute (m), hour (h), day of month (dom), month (mon),
# and day of week (dow) or use '*' in these fields (for 'any').
#
# Notice that tasks will be started based on the cron's system
# daemon's notion of time and timezones.
#
# Output of the crontab jobs (including errors) is sent through
# email to the user the crontab file belongs to (unless redirected).
#
# For example, you can run a backup of all your user accounts
# at 5 a.m every week with:
# 0 5 * * 1 tar -zcf /var/backups/home.tgz /home/
#
# For more information see the manual pages of crontab(5) and cron(8)
#
# m h dom mon dow command
0 0,12 * * * ~/Pictures/Instaloader/instaloader.sh

How to get a Ledger Nano S Hardware Wallet to work with Electrum for Linux

Create a file in your home directory called add-udev-rules.sh and add the following:

#!/bin/bash
cat < /etc/udev/rules.d/20-hw1.rules
# HW.1 / Nano
SUBSYSTEMS=="usb", ATTRS{idVendor}=="2581", ATTRS{idProduct}=="1b7c|2b7c|3b7c|4b7c", TAG+="uaccess", TAG+="udev-acl"
# Blue
SUBSYSTEMS=="usb", ATTRS{idVendor}=="2c97", ATTRS{idProduct}=="0000|0000|0001|0002|0003|0004|0005|0006|0007|0008|0009|000a|000b|000c|000d|000e|000f|0010|0011|0012|0013|0014|0015|0016|0017|0018|0019|001a|001b|001c|001d|001e|001f", TAG+="uaccess", TAG+="udev-acl"
# Nano S
SUBSYSTEMS=="usb", ATTRS{idVendor}=="2c97", ATTRS{idProduct}=="0001|1000|1001|1002|1003|1004|1005|1006|1007|1008|1009|100a|100b|100c|100d|100e|100f|1010|1011|1012|1013|1014|1015|1016|1017|1018|1019|101a|101b|101c|101d|101e|101f", TAG+="uaccess", TAG+="udev-acl"
# Aramis
SUBSYSTEMS=="usb", ATTRS{idVendor}=="2c97", ATTRS{idProduct}=="0002|2000|2001|2002|2003|2004|2005|2006|2007|2008|2009|200a|200b|200c|200d|200e|200f|2010|2011|2012|2013|2014|2015|2016|2017|2018|2019|201a|201b|201c|201d|201e|201f", TAG+="uaccess", TAG+="udev-acl"
# HW2
SUBSYSTEMS=="usb", ATTRS{idVendor}=="2c97", ATTRS{idProduct}=="0003|3000|3001|3002|3003|3004|3005|3006|3007|3008|3009|300a|300b|300c|300d|300e|300f|3010|3011|3012|3013|3014|3015|3016|3017|3018|3019|301a|301b|301c|301d|301e|301f", TAG+="uaccess", TAG+="udev-acl"
# Nano X
SUBSYSTEMS=="usb", ATTRS{idVendor}=="2c97", ATTRS{idProduct}=="0004|4000|4001|4002|4003|4004|4005|4006|4007|4008|4009|400a|400b|400c|400d|400e|400f|4010|4011|4012|4013|4014|4015|4016|4017|4018|4019|401a|401b|401c|401d|401e|401f", TAG+="uaccess", TAG+="udev-acl"
EOF

udevadm trigger
udevadm control --reload-rules

Give the file execute permissions and run it.

$ sudo chmod a+x add-udev-rules.sh
$ sudo ./add-udev-rules.sh

Install the following packages:

$ sudo apt-get install python3-dev libusb-1.0-0-dev libudev-dev python3-pip
$ python3 -m pip install btchip-python -U
$ python3 -m pip install bitbox02 -U
$ python3 -m pip install ckcc-protocol -U
$ python3 -m pip install keepkey -U
$ python3 -m pip install trezor -U
$ python3 -m pip install safet -U

How to Setup a minimal Virtualmin LEMP Stack in CentOS 7

# yum install nano get

# nano /etc/selinux/config (and change it to disabled)

# reboot

# wget http://software.virtualmin.com/gpl/scripts/install.sh

# sh install.sh -m -b LEMP

# yum remove php* rh-php72*

# yum install rh-php73 rh-php73-php-fpm rh-php73-php-cgi rh-php73-php-mysqlnd rh-php73-php-imap rh-php73-php-curl rh-php73-php-gd rh-php73-php-xmlrpc rh-php73-php-xsl rh-php73-php-mbstring rh-php73-php-zip rh-php73-php-cli rh-php73-php-dom rh-php73-php-pdo rh-php73-php-soap rh-php73-php-json rh-php73-php-xml rh-php73-php-pear rh-php73-php-bcmath rh-php73-php-pecl-apcu rh-php73-php-pecl-apcu-devel rh-php73-php-intl -y

# nano /etc/opt/rh/rh-php73/php.ini (increase upload_max_filesize and post_max_size)

# systemctl enable rh-php73-php-fpm

# systemctl start rh-php73-php-fpm

# systemctl enable nginx

# systemctl start nginx

Now log into Virtualmin and complete the install wizard. Then setup the Fail2Ban Intrusion Detector module. Copy the following to /etc/fail2ban/jail.local if it’s empty:

[sshd]
enabled = true
port = ssh
[ssh-ddos]
enabled = true
port = ssh,sftp
filter = sshd-ddos
[webmin-auth]
enabled = true
port = 10000
[proftpd]
enabled = true
port = ftp,ftp-data,ftps,ftps-data
[postfix]
enabled = true
port = smtp,465,submission
[dovecot]
enabled = true
port = pop3,pop3s,imap,imaps,submission,465,sieve
[postfix-sasl]
enabled = true
port = smtp,465,submission,imap3,imaps,pop3,pop3s

Also go to Webmin -> Webmin Configuration -> Authentication and tick the box to Block users with more than 4 failed logins for 1200 seconds. Then save.

Go to Webmin -> Hardware -> System Time and change the timezone to your local timezone. Then click on the ‘Time server sync’ tab and add pool.ntp.org as the timeserver hostname. Then click on the ‘Sync and Apply’ button.

Go to Virtualmin -> System Settings -> Features and Plugins and make sure all Apache plugins are unchecked (Apache website, SSL website, Protected web directories) and that the Nginx plugins are checked (Nginx website and Nginx SSL website). Go ahead and uncheck ‘BIND DNS domain’ if you are using your registrar’s nameservers or some other third party.

Go to Virtualmin -> System Settings -> Virtualmin Configuration and go to SSL settings. Make sure that ‘Request Let’s Encrypt certificate at domain creation time?’ and ‘Redirect HTTP to HTTPS by default?’ are set to ‘Yes’.

Go to Virtualmin -> System Settings -> Server Templates and click on ‘Default Settings’. Select ‘PHP Options’ from the template section dropdown and change the default PHP execution mode to FPM and save.