Pi-hole logrotate parent directory has insecure permissions

My Pi-hole was producing this error every day:

Cron test -x /usr/sbin/anacron || ( cd / && run-parts –report /etc/cron.daily )

/etc/cron.daily/logrotate: error: skipping “/var/log/lighttpd/access.log” because parent directory has insecure permissions (It’s world writable or writable by group which is not “root”) Set “su” directive in config file to tell logrotate which user/group should be used for rotation.
error: skipping “/var/log/lighttpd/error.log” because parent directory has insecure permissions (It’s world writable or writable by group which is not “root”) Set “su” directive in config file to tell logrotate which user/group should be used for rotation.
run-parts: /etc/cron.daily/logrotate exited with return code 1

The solution to this was pretty easy:

  • sudo vi /etc/logrotate.d/lighttpd
  • Under /var/log/lighttpd/*.log { add the following line:

su www-data www-data

That’s it! You may want to do sudo systemctl restart cron to make it reload, and now the error should not reoccur.

Have root send as a different address using postfix

If you have scripts or other services that run as root that need to send to outside email addresses, via postfix, without being root@hostname, this is what you need to do:

    1.  sudo vi /etc/postfix/generic

      root name@tld.com

    2. sudo vi /etc/postfix/main.cf

      smtp_generic_maps = hash:/etc/postfix/generic

    3. sudo postmap /etc/postfix/generic
    4. sudo systemctl restart postfix

Done! Now root will send as name@tld.com instead. Substitute whatever you want for name@tld.com

Home Assistant: Unable to find service notify.email

In my Home Assistant setup, I created an SMTP notification that would email my phone’s SMS gateway when certain conditions were met. Except it didn’t work.

When monitoring the log file, I found the following when the condition was supposed to trigger:

WARNING (MainThread) [homeassistant.core] Unable to find service notify/txt_smeg

When I did additional digging in the log file, I found this:

ERROR (Thread-6) [homeassistant.components.notify.smtp] Login not possible. Please check your setting and/or your credentials
Traceback (most recent call last):
  File "/srv/homeassistant/lib/python3.5/site-packages/homeassistant/components/notify/smtp.py", line 120, in connection_is_valid
    server = self.connect()
  File "/srv/homeassistant/lib/python3.5/site-packages/homeassistant/components/notify/smtp.py", line 113, in connect
    mail.login(self.username, self.password)
  File "/usr/lib/python3.5/smtplib.py", line 729, in login
    raise last_exception
  File "/usr/lib/python3.5/smtplib.py", line 720, in login
    initial_response_ok=initial_response_ok)
  File "/usr/lib/python3.5/smtplib.py", line 641, in auth
    raise SMTPAuthenticationError(code, resp)
smtplib.SMTPAuthenticationError: (535, b'5.7.8 Error: authentication failed:')
 ERROR (MainThread) [homeassistant.components.notify] Failed to initialize notification service smtp

But everything in my configuration looked OK. I checked and the password works. Restarting the Home Assistant service resulted in the same error.

After seeing this discussion where a machine restart magically fixes this problem, I restarted my entire device. After it booted back up, the notification worked correctly. My only guess is that smtplib must keep a cache somewhere, or holds something in memory across application re-loads.

Github projects

I’ve been slowly adding some of my sysadmin creations to Github. Most of them will be scripts, many for Active Directory. You can find the section in the sidebar linking to each project, or use my profile page here:

smeggysmeg
3 repositories, 2 followers.

Quick Disk Cleanup
https://github.com/smeggysmeg/QuickDiskCleanup
0 forks.
1 stars.
0 open issues.
Recent commits:

Error Upgrading Fedora 27 to Fedora 28 with Cinnamon desktop

When attempting to upgrade my Fedora 27 to Fedora 28 running the Cinnamon desktop, I received the following error:

dnf system-upgrade download --releasever=28
Before you continue ensure that your system is fully upgraded by running "dnf --refresh upgrade". Do you want to continue [y/N]: y
Last metadata expiration check: 0:00:00 ago on Wed 02 May 2018 11:19:35 PM CDT.
Error:
Problem: package gstreamer1-plugins-bad-1:1.12.4-3.fc27.x86_64 requires libchromaprint.so.0()(64bit), but none of the providers can be installed
- libchromaprint-1.2-8.fc27.x86_64 does not belong to a distupgrade repository
- problem with installed package gstreamer1-plugins-bad-1:1.12.4-3.fc27.x86_64

It turns out the name for this gstreamer plugins package has changed names, and it’s goofing up the dependencies path for libchromaprint. Minor issue, but it stops my upgrade cold.

I came up with this workaround: upgrade libchromaprint and gstreamer1-plugins-bad-free before trying to update the entire distro. So:

sudo dnf install libchromaprint-1.4.2-2.fc28.x86_64 gstreamer1-plugins-bad-free --releasever=28 --allowerasing

You can now proceed with your regular upgrade process.

VLC missing title bar and window decorations on Fedora 27

Recently, VLC Media Player on my Fedora 27 installation running the Cinnamon desktop has been missing the title bar and window decorations, resulting in VLC not being a proper window and only a full-screen application. For me, this behavior is undesirable.

VLC without title bar

To restore normal functionality it’s easiest to simply delete the VLC configuration:

rm -r ~/.config/vlc

Now, VLC will function normally. Preferences will have to be recreated, but if you’re like me, you don’t need much more than the ability to play media.

x11vnc – stack smashing detected

My x11vnc on Fedora has recently started crashing with the following error:

*** stack smashing detected ***: terminated

This issue seems to come and go for a lot of people with x11vnc. Bugs have been reported, but nobody seems to be able to pin it down. One workaround is to recompile it from source with some memory protections disabled, but that is a lot of work .

This workaround takes care of it: launch x11vnc with  -noxrecord on the end. That’s it!

Android cannot delete emails from IMAP server

I’ve been having an odd problem with being unable to delete emails from the Inbox of my self-hosted email account from my Android phone, using the Gmail app, using IMAP. When I would delete a message, a copy would be created in the Trash folder, but the original would remain in the inbox – when viewed from webmail. When I refreshed the inbox, the original would reappear on my phone.

At first, I thought the problem was permissions on /var/mail – so I did various changes such as chmod 1775, but to no avail.

I then remembered that I had recently re-setup my mail account on my phone, and realized that maybe it wasn’t using IMAP previously. So, I deleted the account, set it up again as POP3, and enabled server-side deletion. It worked!

It turns out that most mobile IMAP clients do not support the ability to achieve true server-side deletion. Using POP3 is an easy alternative and there is no harm. Yes, POP3 is an outdated and cruddy protocol, but in the end, it works.

Cannot run xiwi applications in Crouton

Recently on my Chromebook running Crouton, I’ve had trouble running applications using xiwi after entering my chroot. I would receive the following error repeatedly:

write_image: Cannot find shm, moving on…
find_shm: Cannot connect to findnacl daemon. (Connection refused)

I tried re-updating my chroot, checking drivers, reinstalling the crouton integration extension, and none of those worked, but this did:

  1. Enter the chroot
  2. Run the following command: chown -R 1000:1000 “$HOME”

Apparently, permissions can get messed up and stop xiwi from functioning properly.

Re-enable the certificate detail window in Google Chrome

Web Developers, Sysadmins, and their ilk lamented the day when Google decided to remove the detailed certificate window from Google Chrome. Now, it’s back. Here’s how:

  1. Put the following in the address bar: chrome://flags/#show-cert-link
  2. Click Enable
    Google Chrome - Click Enable