General linux tips and tricks

• 4000 (chmod u+s) is suid; for files execute as owning user (often root).
• 2000 (chmod g+s) is sgid; for files execute as owning group (often root); for directories the group on newly created files will be set to the directory’s group rather than the creator’s group. Typically used for shared directories.
• suid and sgid are ignored on scripts, due to the security risk
• 1000 (chmod +t) is sticky bit (”save text image”); for files it used to be ‘pin in memory’ but is now ignored; for directories only root, file owner and directory owner can delete a file (even if non-owners have directory write permissions). Typically used for /tmp. —t——
• capital letters when doing ls -al usually means the permissions have been set incorrectly eg -r-S—— SUID is set, but owner execute is not set. However -rw——T means no update of “last modified time”; usually used for swap files (not very common nowadays - swap is usually a partition).

I found that my Linux-system was way to noisy for my bedroom: almost every 5 seconds it was writing to disk. I found 2 solutions:

1. use noflushd, but I didn't like that: it also spins down the harddisk which reduces the lifetime of your harddisk
2. fiddle around with mount-options and kernel-parameters

For the last option, I did 2 things: in /etc/fstab I added 'noatime' to the options of the mounted partition:

 /dev/hda2       /       ext3    defaults,noatime  1 1

and I set some parameters which make disk-reads occur as soon as (reasonably) possible and disk-writes only when all buffers are at their limits:

 echo "90 500 0 0 600000 600000 95 20 0" > /proc/sys/vm/bdflush
 /sbin/elvtune /dev/hda -r 2048 -w 131072

Not only can you renice the cpu priority, one can also renice the I/O priority. For this to work you need to use the 'cfq' I/O scheduler and the ionice utility. Enabling the cfq I/O scheduler:

 echo cfq > /sys/block/hda/queue/scheduler

Then create the following script (/usr/local/bin/LP):

#!/bin/sh
/bin/nice -n 40 /usr/bin/ionice -c 3 $*

Now when you want to run some disk-intensive process while not suffering too much, but 'LP ' in front of the command. E.g. 'LP updatedb'.

 echo 3 > /proc/sys/vm/drop_caches

Afterwards, echo '0' to this file.

In Debian, add nodelay to the line with pam_unix.so in /etc/pam.d/common-auth.

Mount filesystems with parameters:

• noatime - do not update inode when a file got accessed or use relatime when it still must be updated somewhat
• commit=300 - do not flush buffers to disk every 5 seconds (like ext3 does default) but every 5 minutes - only do this when your system never crashes and is on a UPS or a laptop-battery
• async

Enable laptop-mode with this command:

 echo 5 > /proc/sys/vm/laptop_mode

Expire dirty buffers only after a day (same warning applies):

 echo 864000 > /proc/sys/vm/dirty_expire_centisecs

from Racker Hacker by major

Many applications that are used on a standard server perform quite a few of small writes to the disk (like MySQL or Apache). These writes can pile up and limit the performance of your applications. If you have kernel 2.6.9 or later, you can adjust how these small writes are handled to allow for better performance.

There’s two main kernel variables to know:

vm.dirty_ratio - The highest % of your memory that can be used to hold dirty data. If you set this to a low value, the kernel will flush small writes to the disk more often. Higher values allow the small writes to stack up in memory. They’ll go to the disk in bigger chunks.

vm.dirty_background_ratio - The lowest % of your memory where pdflush is told to stop when it is writing dirty data. You’ll want to keep this set as low as possible.

These might confuse you. In short, when your memory begins filling with little pieces of data that needs to be written to the disk, it will keep filling until it reaches the dirty_ratio. At that point, pdflush will start up, and it will write data until it reduces the dirty data to the value set by dirty_background_ratio.

Stock 2.6.9 kernels have a dirty_background_ratio of 10% and a dirty_ratio of 40%. Some distributions tweak these defaults to something different, so you may want to review the settings on your system. On a system with heavy disk I/O, you can increase the dirty_ratio and reduce the dirty_background_ratio. A little experimentation may be necessary to find the perfect setting for your server.

If you want to play with the variables, just use your standard echo:

 echo 5 > /proc/sys/vm/dirty_background_ratio
 echo 60 > /proc/sys/vm/dirty_ratio

Once you’ve found the right setting, you can set it permanently by adding lines to your /etc/sysctl.conf:

 vm.dirty_background_ratio = 5
 vm.dirty_ratio = 60

If you have a reliable server with a good RAID card and power supply, you could set the dirty_ratio to 100 and the dirty_background_ratio to 1. This was recommended by a buddy of mine who runs quite a few servers running virtual machines.

1.) Firstly, lock the account to prevent the user from using the login until the change has been made:

 # usermod -L <username>

2.) Change the password expiration date to 0 to ensure the user changes the password during the next login:

 # chage -d 0 <username>

3.) To unlock the account after the change do the following:

 # usermod -U <username>