Tuesday, November 24, 2009

Optimize Windows 7 for better performance

No matter how fast or shiny computers might be when they're new, they all seem to get slower over time. That state-of-the-art PC you bought last year might not feel like such a screamer after you install a dozen programs, load it with antispyware and antivirus tools, and download untold amounts of junk from the Internet. The slowdown might happen so gradually that you hardly notice it, until one day you're trying to open a program or file and wonder, "What happened to my poor PC?"

Whatever the cause, there are lots of ways to help speed up Windows and make your PC work better—even without upgrading your hardware. Here are some tips to help you optimizeWindows 7 for faster performance.

Try the Performance troubleshooter

The first thing that you can try is the Performance troubleshooter, which can automatically find and fix problems. The Performance troubleshooter checks issues that might slow down your computer's performance, such as how many users are currently logged on to the computer and whether multiple programs are running at the same time.

Open the Performance troubleshooter by clicking the Start button Picture of the Start button, and then clicking Control Panel. In the search box, type troubleshooter, and then click Troubleshooting. Under System and Security, click Check for performance issues.


Delete programs you never use

Many PC manufacturers pack new computers with programs you didn't order and might not want. These often include trial editions and limited-edition versions of programs that software companies hope you'll try, find useful, and then pay to upgrade to full versions or newer versions. If you decide you don't want them, keeping the software on your computer might slow it down by using precious memory, disk space, and processing power.

It's a good idea to uninstall all the programs you don't plan to use. This should include both manufacturer-installed software and software you installed yourself but don't want any more—especially utility programs designed to help manage and tune your computer's hardware and software. Utility programs such as virus scanners, disk cleaners, and backup tools often run automatically at startup, quietly chugging along in the background where you can't see them. Many people have no idea they're even running.

Even if your PC is older, it might contain manufacturer-installed programs that you never noticed or have since forgotten about. It's never too late to remove these and get rid of the clutter and wasted system resources. Maybe you thought you might use the software someday, but never did. Uninstall it and see if your PC runs faster.

For instructions, see Uninstall or change a program.


Limit how many programs run at startup

Many programs are designed to start automatically when Windows starts. Software manufacturers often set their programs to open in the background, where you can't see them running, so they'll open right away when you click their icons. That's helpful for programs you use a lot, but for programs you rarely or never use, this wastes precious memory and slows down the time it takes Windows to finish starting up.

Decide for yourself if you want a program to run at startup.

But how can you tell what programs run automatically at startup? Sometimes this is obvious, because the program adds an icon to the notification area on the taskbar, where you can see it running. Look there to see if there are any programs running that you don’t want to start automatically. Point to each icon to see the program name. Be sure to click the Show hidden icons button so you don't miss any icons.

Picture of the Show hidden icons buttonThe Show hidden icons button in the notification area

Even after you check the notification area, you might still miss some programs that run automatically at startup. AutoRuns for Windows, a free tool that you can download from theMicrosoft website, shows you all of the programs and processes that run when you startWindows. You can stop a program from running automatically when Windows starts by opening the AutoRuns for Windows program, and then by clearing the check box next to the name of the program you want to stop. AutoRuns for Windows is designed for advanced users.

Note

Note

Some people prefer to manage which programs run at startup using the System Configuration tool. For more information, see Start System Configuration.


Defragment your hard disk

Fragmentation makes your hard disk do extra work that can slow down your computer. Disk Defragmenter rearranges fragmented data so your hard disk can work more efficiently. Disk Defragmenter runs on a schedule, but you can also defragment your hard disk manually.

For more information, see Improve performance by defragmenting your hard disk.


Clean up your hard disk

Unnecessary files on your hard disk take up disk space and can slow down your computer. Disk Cleanup removes temporary files, empties the Recycle Bin, and removes a variety of system files and other items that you no longer need. For step-by-step instructions on how to do this, seeDelete files using Disk Cleanup.


Run fewer programs at the same time

Sometimes changing your computing behavior can have a big impact on your PC's performance. If you're the type of computer user who likes to keep eight programs and a dozen browser windows open at once—all while sending instant messages to your friends—don't be surprised if your PC bogs down. Keeping a lot of e‑mail messages open can also use up memory.

If you find your PC slowing down, ask yourself if you really need to keep all your programs and windows open at once. Find a better way to remind yourself to reply to e‑mail messages rather than keeping all of them open.

Make sure you're only running one antivirus program. Running more than one antivirus program can also slow down your computer. Fortunately, if you're running more than one antivirus program, Action Center notifies you and can help you fix the problem.

For more information, see What is Action Center?


Turn off visual effects

If Windows is running slowly, you can speed it up by disabling some of its visual effects. It comes down to appearance versus performance. Would you rather have Windows run faster or look prettier? If your PC is fast enough, you don't have to make this tradeoff, but if your computer is just barely powerful enough for Windows 7, it can be useful to scale back on the visual bells and whistles.

You can choose which visual effects to turn off, one by one, or you can let Windows choose for you. There are 20 visual effects you can control, such as the transparent glass look, the way menus open or close, and whether shadows are displayed.

To adjust all visual effects for best performance:

  1. Open Performance Information and Tools by clicking the Start button Picture of the Start button, and then clicking Control Panel. In the search box, type Performance Information and Tools, and then, in the list of results, click Performance Information and Tools.

  2. Click Adjust visual effects. Administrator permission required If you're prompted for an administrator password or confirmation, type the password or provide confirmation.

  3. Click the Visual Effects tab, click Adjust for best performance, and then click OK. (For a less drastic option, select Let Windows choose what’s best for my computer.)


Restart regularly

This tip is simple. Restart your PC at least once a week, especially if you use it a lot. Restarting a PC is a good way to clear out its memory and ensure that any errant processes and services that started running get shut down.

Restarting closes all the software running on your PC—not only the programs you see running on the taskbar, but also dozens of services that might have been started by various programs and never stopped. Restarting can fix mysterious performance problems when the exact cause is hard to pinpoint.

If you keep so many programs, e‑mail messages, and websites open that you think restarting is a hassle, that's probably a sign you should restart your PC. The more things you have open and the longer you keep them running, the greater the chances your PC will bog down and eventually run low on memory.


Add more memory

This isn't a guide to buying hardware that will speed up your computer. But no discussion of how to make Windows run faster would be complete without mentioning that you should consider adding more random access memory (RAM) to your PC.

If a computer running Windows 7 seems too slow, it's usually because the PC doesn't have enough RAM. The best way to speed it up is to add more.

Windows 7 can run on a PC with 1 gigabyte (GB) of RAM, but it runs better with 2 GB. For optimal performance, boost that to 3 GB or more.

Another option is to boost the amount of memory by using Windows ReadyBoost. This feature allows you to use the storage space on some removable media devices, such as USB flash drives, to speed up your computer. It’s easier to plug a flash drive into a USB port than to open your PC case and plug memory modules into its motherboard. For more information, see Using memory in your storage device to speed up your computer.


Check for viruses and spyware

If your PC is running slowly, it's possible that it's infected with a virus or spyware. This is not as common as the other problems, but it's something to consider. Before you worry too much, check your PC using antispyware and antivirus programs.

A common symptom of a virus is a much slower-than-normal computer performance. Other signs include unexpected messages that pop up on your PC, programs that start automatically, or the sound of your hard disk constantly working.

Spyware is a type of program that's installed, usually without your knowledge, to watch your activity on the Internet. You can check for spyware with Windows Defender or other antispyware programs. For more information, see How to tell if your computer is infected with spyware.

The best way to deal with viruses is to prevent them in the first place. Always run antivirus software and keep it up to date. Even if you take such precautions, however, it's possible for your PC to become infected. For more information, see How can I tell if my computer has a virus?


Check your computer's speed

If you try these tips and your computer is still too slow, you might need a new PC or some hardware upgrades, such as a new hard disk or faster video card. There's no need to guess the speed of your computer, however. Windows provides a way to check and rate your PC's speed with a tool called the Windows Experience Index.

The Windows Experience Index rates your computer on five key components and gives you a number for each, as well as an overall base score. This base score is only as good as your worst-performing component subscore.

Base scores currently range from 1 to 7.9. If your PC is rated lower than 2 or 3, it might be time to consider a new PC, depending on what tasks you want to do with your computer.

For more information, see What is the Windows Experience Index?


Disable services you don't need

This is the most technically advanced of all these tips. If you don't want to mess with anything too advanced or complicated, you can skip this one.

Windows has more than 100 services running quietly in the background with names such as Network Access Protection Agent and Shell Hardware Detection. These typically launch when your computer starts and they run until your computer shuts down. Some secure Microsoft services can't be disabled, but most others can be. Many software companies also install their own services, some of which you can disable to conserve memory and processor power.

You shouldn't turn off a service unless you understand what it does and are confident you don't need it. Explaining what the many services in Windows do is beyond the scope of this article, but there's plenty of information about this on various websites.

Monday, November 23, 2009

Easy video VoIP phone and chat for Ubuntu

Ekiga

Ekiga Video VoIP phone for UbuntuOne thing I really miss since converting to Ubuntu Linux, was Skype video calls with friends and colleagues. Although Ubuntu (linux) does have a skype Skype client, it is still several releases behind the Windows counterpart, and as so is quite limited in what it can and cannot do.

So what else was a VoIP video chat addict to do, but to take matters into my own hands and go searching for a somewhat comparable video chat client. One thing I have learned since I converted to Ubuntu last summer, is that there are tons of 'fairly comparable' applications to most windows counterparts, if you have the patience to look for them.

You can imagine my excitement, when I not only found an application that would suffice, but is a very capable feature-rich video VoIP and text client. The client is called Ekiga, formerly called Gnome Meeting, and is a fantastic IM chat client, as well as a video VoIP phone client, capable of communicating with both SIP and H.323 protocols, as well as PC-to-phone.

Downloading and installing Ekiga was very simple, as it has install packages for most popular linux distros available on the Ekiga Download page. I selected the Ubuntu i386 Debian package, and it installed itself in one easy step after double-clicking on the .deb installation package.

The Ekiga website is very comprehensive, and has a very thorough Documentation and FAQs pages that will walk you through the setup and configuration of your Ekiga client, and even show you how to register your very own SIP address (like an email address, this is how your friends using SIP phones will contact you).

The call quality was very good - both the audio and video - and I had no complaints what-so-ever.

Easy Video Chat with Skype 2.0 in Ubuntu 9.04

Perhaps there are some of you out there with a friend or loved one that is a long distance away and a regular phone call just doesn’t suffice. It’s one thing to hear his or her voice, but to see a face and a smile makes a world of a difference. I am soon to be in such a situation and I wanted to make sure I was going to be able to make the most of my communication with this special person.

To begin, I needed a web camera that was fully supported in Ubuntu. The installation had to be seamless, much like the Apple experience. After doing some research on web camera compatibility with Ubuntu, I decided to hit my local department store and make a selection. The camera I purchased is a Logitech QuickCam Chat. This camera carried a $20 USD price tag (it’s $13.99 on Newegg.com at the time of this writing), so it was budget friendly. The camera also included an earpiece with a microphone. While this earpiece/microphone will do the job, I soon found out that the mic must be held close to the mouth in order to be clearly audible for the listener on the other end. To solve this problem, I picked up a Logitech ClearChat Stereo headset with microphone for about $18 USD ($16.99 on Newegg.com at the time of this writing). That’s all the hardware I needed for this job.

For software, I chose Skype. I have heard that Skype has the best web camera support and ease of use in Linux. Skype also has another benefit: it’s free. Installing Skype is also quite easy. You simply go to Skype.com and download the Ubuntu package and double-click the file to install it via GDebi Package Installer. This is the easy way to install Skype and I recommend this method for those of you who are not comfortable using the command line. However, an alternative installation is better in the long run. Adding a repository for Skype makes it easier to upgrade to future releases. To do so, simply add the necessary repository (use a command line).

  • Type: sudo nano /etc/apt/sources.list [hit Enter]
  • Enter your password or an administrator password
  • Arrow down to the very end of the file (past the last line)
  • Type: deb http://packages.medibuntu.org/ jaunty free non-free [hit Enter]
  • Type: deb-src http://packages.medibuntu.org/ jaunty free non-free
  • Hold the Ctrl key and hit the “X” key to quit
  • Hit the “Y” key to save the file
  • Hit Enter to confirm the location (do not change it)

Now that you’re back at the normal command prompt, you need to add the key for the repository. Here’s how (still at the command prompt):

  • Type: wget -q http://packages.medibuntu.org/medibuntu-key.gpg -O- | sudo apt-key add -
  • Enter your password or an administrator password (if needed)

Finally, you need to update your repositories, which may take a little time.

  • Type: sudo apt-get update [hit Enter]
  • Enter your password or an administrator password (if needed)

Once the repositories update, you need to install Skype.

  • Type: sudo apt-get install skype [hit Enter]
  • Enter your password or an administrator password (if needed)

Skype will finally be downloaded and installed, along with the dependencies it needs. You can find Skype in the Applications menu (Applications->Internet->Skype).

All this command line typing doesn’t seem so “seamless” or anything like the “Apple experience” I described above; however, it does serve a great benefit. In the event that the repository gets an updated version of Skype, your system will automatically know to download and install it through your update manager. Essentially, you’re doing a little more work up front to make future updates simple and nearly automated.

Now, I had the necessary hardware and software for video chatting.

Ubuntu had no problems detecting my camera. I simply plugged it in to a USB port on my computer. It was that simple. To verify that it indeed installed, a simple command is typed in the command prompt.

  • Type: lsusb

After typing that command, it will give you output of all of the USB devices on your system. On my system, the camera sowed up as,

  • Bus 002 Device 004: ID 046d:08af Logitech, Inc. QuickCam Easy/Cool

After launching Skype (and setting up my account), I verified that Skype indeed recognized my camera. Browsing through the options (Ctrl+O), I see in the Video Devices that Skype recognizes my camera as,

  • USB Camera (046d:08af) (dev/video0)

Notice how the 046d:08af part matches in both Skype and that “lsusb” command. This ensures that the camera has been properly detected and is ready for use in Skype. Of course, I had to test this thing out. So, a test call was made. And, viola! A video chat was in session. Everything was working as expected and I was pleased to be able to see the person I was calling. (Oh, yeah, she was excited too. She also is an Ubuntu user with the same setup as I have, except that she’s on a laptop using Hardy (Ubuntu 8.04), and everything worked quite well for her, except for a disappearing buttons issue—a fix is explained in this post.)

This experience has shown me that Linux has come a long way when it comes to installing new software. I have also seen that Linux has a solid base for supporting extra peripherals (i.e. the web camera). Installing the web camera was as seamless as it gets. It was a true plug-and-play experience (unlike the typical plug-and-install-driver-and-additional-software-and-reboot-and-play experience you get with Windows). I must say that I am impressed. I am also excited to see Linux function in such a way that it is easy to use, even for someone without any technical experience. Linux has been touted as the operating system for geeks, but I can see a shift in a direction towards the general user, while still appealing to us geeks. It’s experiences like this that make me confident to recommend Linux, namely, Ubuntu, to people looking to get a new computer.

Monday, November 9, 2009

Remove the Map and Disconnect Network Drive Options (Windows NT/2000/XP)

Prevents users from making additional network connections by removing the Map Network Drive and Disconnect Network Drive buttons from the toolbar in Explorer and also removing them from the Context menu of My Computer and the Tools menu of Explorer.

Open your registry and find or create the key below.

Create a new DWORD value, or modify the existing value, called "NoNetConnectDisconnect" and set it according to the value data below.

Exit your registry; you may need to restart or log out of Windows for the change to take effect.

Registry Editor Example
| Name Type Data |
| (Default) REG_SZ (value not set) |
| NoNetConnectDisconnect REG_DWORD 0x00000001 (1) |
-
| HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\... |
-
Registry Settings
User Key: [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\
Explorer]
System Key: [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\
Explorer]
Value Name: NoNetConnectDisconnect
Data Type: REG_DWORD (DWORD Value)
Value Data: (0 = disabled, 1 = enabled)

>> Recommended Download - check, repair and optimize your registry now with Registry Mechanic <<

Disclaimer: Modifying the registry can cause serious problems that may require you to reinstall your operating system. We cannot guarantee that problems resulting from modifications to the registry can be solved. Use the information provided at your own risk.

Advanced use of Permissions and ACLs

Advanced file permissions
-------------------------
setuid, setgid
---------------

When you want to change your password, you use the command "passwd".This program reads input from the keyboard, encrypts it, then storesthe encrypted password in the file /etc/shadow.

If you look at the permissions on /etc/shadow, you will find that the file is not readable, let alone writeable, by you, the non-priviliged user.

-r-------- 1 root sys 480 Jul 3 12:21 /etc/shadow

How then, is the passwd program, when run by the non-priviliged user, able to update this file?

If you look at the permissions on the /bin/passwd program you will find
an interesting set:

-r-sr-sr-x 3 root sys 87536 Jan 5 2000 /bin/passwd

Notice the "s" where the owner's execute permission normally is stored.
This is known as setuid permission, and it means that when the /bin/passwd
program is run, it executes as the owner of the file, in this case root,
rather than as the user who actually types the command.

So its really root that is attempting to update the shadow file, and
of course root can write to any file, so the passwd change works.

Notice also the "s" in the spot where the group execute permission indication
is normally stored.
Similar to the setuid, this is known as setgid. When this bit is set, it
means that when the program executes, it does so with the
group of file, not as the primary group of the user running the program.

An excellent example of this is the /bin/mail program.
Received mail for the user fred is stored in /var/mail/fred
Since, fred probably don't want other people on the system to be able to read
his mail, the permissions on the file are:

-rw-rw---- 1 fred mail 600 Jul 3 13:33 fred

Unfortunately, even though fred doesn't want anyone to read his mail,
he still wants people to be able to send him mail.

Now, when andy runs the command "mail fred", this program has to
be able to modify the file /var/mail/fred.

Look at the permissions of the /bin/mail program:"

-r-x--s--x 1 root mail 62800 Jan 5 2000 /bin/mail

When /bin/mail is executed by some user on the system, the program runs in
group "mail" which DOES have write permission the the file.

sticky bit
----------

Recall from our discussion of simple permissions that a user can remove
a file, if that user has write permission to the directory containing the
file, regardless of the user's access rights to the file itself.

Example
drwxrwxrwx 32 abarclay staff 1536 Aug 3 22:14 /home/abarclay
-rw------- 1 abarclay staff 2551 May 31 05:39 /home/abarclay/.profile

With the permissions shown above, the user bill could easily remove the
file /home/abarclay/.profile

Consider the purpose of the /tmp directory. It's purpose is to provide
space where user's can write files that are of a transient nature.
Who needs to be able to write files into this directory? - Everyone
So what should the permissions on this directory be? - 777

With 777 permissions, should fred create a file in /tmp, anyone could
remove it!

Obviously this is unacceptable. The solution was to overload an already
existing permission bit called the "sticky bit".
When set on an executable program, the sticky bit caused the "text" of the
program (thats the code part) to remain resident in memory, so that it
could be re-used the next time the program needed to be run.
(This bit is seldomly used for this purpose anymore).

Since the sticky bit had no implied meaning with respect to a directory,
it was decided to make its meaning thus:

When the sticky bit is set on a directory, the only people who can remove
files from that directory are:
1) root
2) the owner of the directory
3) the owner of the file to be removed

So, the permissions on the /tmp directory are actually:

drwxrwxrwt 7 sys sys 463 Aug 3 22:20 /tmp

The "t" represents the sticky bit.

Usage
------
How do we apply the setuid, setgid, or sticky bit to a file or directory?

Using symbolic notation, we can do it like this:

{set the setuid bit on the file bin/foo}
$ chmod u+s bin/foo

{set the setgid bit on the file bin/bar}
$ chmod g+s bin/bar

{set the sticky bit on the directory "testing"}
$ chmod o+t testing

Can we set these bits using octal permissions?

Sure. Even though the "ls -l" output shows us 9 bits of permissions, the
inode actually stores 12 bits. Even though the display embeds the setuid,
setgid, and sticky bits within the same 9 characters, they are actually
the most significant bits of the permissions and as such, can be represented
by an additional octal digit when using chmod.

Example
-------

To set the permissions on the tmp directory.
# chmod 1777 /tmp

To set the permissions on the /bin/passwd file
# chmod 6555 /bin/passwd

To set the permissions on the /bin/mail file
# chmod 2555 /bin/mail


Really wacky stuff
-------------------

setgid on a directory
---------------------
Assume that user bill is in the "eng" group and user "mary" is in the
"acct" group.
The engineers very seldom talk to accounting except periodically, bill
has to write up a budget and have it checked by accounting. It may
have to go through a series of changes and reviews.

One way to accomplish this would be for bill to write the file, then
change the permissions on it so that people in the group "acct" can
read and write to the file. This would work, but its a pain.

The better solution, is to create a shared area, say called /budget.
Create a new unix group called "budget" and make sure /budget has this
as its group. Finally, use chmod to make the directory setgid.

When setgid is set on a directory, any files created in that directory
automatically get the group of the directory instead of the creating
user's primary group.

Example
-------
$ ls -ld /tmp /budget
drwxr-sr-x 2 abarclay bin 512 Aug 3 22:56 /budget
drwxrwxrwt 7 sys sys 463 Aug 3 22:20 /tmp

$ touch /tmp/junk /budget/junk
$ ls -ld /tmp/junk /budget/junk
-rw-r--r-- 1 abarclay bin 0 Aug 3 22:59 /budget/junk
-rw-r--r-- 1 abarclay staff 0 Aug 3 22:59 /tmp/junk

Notice that the file created in /budget is in group "bin", even though
the user "abarclay" doesn't even belong to the group "bin"!

$ groups
staff sysadmin

*************************************************************

Really, really wacky stuff
--------------------------

Access Control Lists (ACLs)
---------------------------

I am not sure who thought of the concept of ACLs first, but it was
definately made famous by Novell.

The Unix permissions strategy, although elegant, is limited.

What is I want to give Mary, Paul, and John access to a file, and yet
they are not all members of a particular group?
I would have to create a group with just them as members then ensure
that the files that I want them to share are in the new group.

Access control lists allow us to give/restrict access to individual users
and groups.

Lets say that for some strange reason, we wanted to give the user "abarclay"
read access to the /etc/shadow file (this is not likely - but lets just
assume).

We can use the setfacl command to grant this access.

$ ls -l /etc/shadow
-r-------- 1 root sys 480 Jul 3 12:21 /etc/shadow

# setfacl -m user:abarclay:r-- /etc/shadow

$ ls -l /etc/shadow
-r--------+ 1 root sys 480 Jul 3 12:21 /etc/shadow

Notice the "+" symbol at the end of the permissions. This tells us that
this file has ACLs associated with it.

We can examine the ACLs by using the getfacl command:
# getfacl /etc/shadow

# file: /etc/shadow
# owner: root
# group: sys
user::r--
user:abarclay:r-- #effective:---
group::--- #effective:---
mask:---
other:---


Unfortunately ACLs are seldom used in Solaris. This may be because
the resulting access is very counter-intuitive.

Notice that there are comments in the output of getfacl that indicate
that even though abarclay supposedly has read access to the file now,
the "effective" access for abarclay is "---".

Logging in as abarclay and trying to view the file confirms that this
is the case:

quake:/home/abarclay$ cat /etc/shadow
cat: cannot open /etc/shadow

Why is this?

The value of the "mask" setting is limiting the maximum permissions available
though ACL. The "mask" value, although similar in name, does not work at all
like the umask does for permissions.

In this case, the mask shows "---", which means that the maximum permissions
available through ACL are 0.
The solution is to set the mask.

# setfacl -m mask:rwx /etc/shadow

Now, when the user "abarclay" attempts to view the contents of the file,
it works as expected:

quake:/home/abarclay$ cat /etc/shadow
root:CaBIGkMFTVD1.:11107::::::
daemon:NP:6445::::::
bin:NP:6445::::::
sys:NP:6445::::::
adm:NP:6445::::::
lp:NP:6445::::::
uucp:NP:6445::::::
nuucp:NP:6445::::::
listen:*LK*:::::::
nobody:NP:6445::::::
noaccess:NP:6445::::::
nobody4:NP:6445::::::
kim:oRECJC5jVN5EY:10554::::::
pwrchute:Q.Rw7noF.d5I2:10556::::::
oracle:5VTye6HhH4xhM:10576::::::
ll:/AhshsnGewa7Y:10950::::::
kovacs:QrSnA5nbT3s.I:10600::::::
dranch:1PPn3MBoWH0jo:10779:10600:::::
abarclay:GdFGraYXdHRys:11108::::::
********************************************

ACLs on directories
-------------------
Applying ACLs to a directory is the same as applying them to a file.

Example
-------
Assume that abarclay is the e-mail administrator for a company.
Mail queues up in /var/spool/mqueue, but the permissions do not allow
non-priviliged users to change to this directory or list its contents.
Lets add read and execute permissions to this directory for abarclay.

$ cd /var/spool/mqueue
ksh: mqueue: permission denied

# setfacl -m user:abarclay:r-x,mask:rwx /var/spool/mqueue

$ cd /var/spool/mqueue
$

$ ls -ld /var/spool/mqueue
drwxr-x---+ 2 root bin 512 Jul 22 23:18 /var/spool/mqueue

$ getfacl /var/spool/mqueue

# file: /var/spool/mqueue
# owner: root
# group: bin
user::rwx
user:abarclay:r-x #effective:r-x
group::r-x #effective:r-x
mask:rwx
other:---

Default ACLs on directories
---------------------------
It is also possible to assign certain ACLs to a directory which will
cause any files created inside that directory to have certain ACLs
automatically created.

If a default ACL is set on a directory and there is no specific user or
group name specified, then any files and directories that are
created in the directory will be created with the indicated mode without
respect to the umask.

Example
-------

$ mkdir /var/tmp/fred
$ setfacl -m default:user::rw-,default:group::r--,default:other:--- \
/var/tmp/fred

Notice that when assigning "default" ACLs to a directory, you MUST specify
all of user, group, and other entries. "mask" is still optional.

Now, create a file in that directory. The umask is 022, so if the umask
is actually used, then the permissions will be 644. If the umask is ignored,
(as we expect it will be), then the permissions will be 640.

$ touch /var/tmp/fred/foo
quake:/var/spool$ ls -l /var/tmp/fred/foo
-rw-r----- 1 abarclay staff 0 Aug 4 10:50 /var/tmp/fred/foo

Just as we expected!

Interestingly enough, notice that there are no separate ACLs created on the
new file. (no "+" symbol next to the permissions).

Unfortunately, this will result in some really strange behaviour when we
create a directory in /var/tmp/fred

$ mkdir /var/tmp/fred/bar
$ ls -ld /var/tmp/fred/bar
drw-r-----+ 2 abarclay staff 512 Aug 4 10:52 /var/tmp/fred/bar

With this mode, not even the owner (abarclay), can change to the newly
created directory!

What we probably want is for the umask to be observed, but for additional
people to have access (or not have access) to the files and directories
in this directory.

Lets try to restrict access for someone.

First, get rid of the directory and all its contents.
$ rm -rf /var/tmp/fred

Next, create the directory again, and check that the ACLs are gone.
$ mkdir /var/tmp/fred
$ ls -ld /var/tmp/fred
drwxr-xr-x 2 abarclay staff 512 Aug 4 10:56 /var/tmp/fred

Change the owner to root, but leave the group "staff"
# chown root /var/tmp/fred

Assign default ACLs so that abarclay will not have access to files or
directories created in that directory.
# setfacl -m default:user:abarclay:---,default:user::rw-,\
default:group::r--,default:other:---,default:mask:--- /var/tmp/fred

Create a file and a directory in the /var/tmp/fred directory
# touch /var/tmp/foo
# mkdir /var/tmp/bar

For some strange reason, the resulting permissions don't seem to follow
either the umask or the ACL, so just accept this as an ACL quirk and
set the mode appropriately.

$ ls -l /var/tmp/fred
drw-------+ 2 root other 512 Aug 4 11:02 bar
-rw-------+ 1 root other 0 Aug 4 11:02 foo

# chgrp staff /var/tmp/fred/*
# chmod g+r /var/tmp/fred/foo
# chmod g+rx /var/tmp/fred/bar

Now, login as a user "jeff", (a member of the group "staff"), and try to
change to the directory foo (we expect this to work).

$ cd /var/tmp/fred/bar
$

It works as expected!

Now login as user "abarclay" and try to change to the directory.

$ cd /var/tmp/fred/bar
ksh: /var/tmp/fred/bar: permission denied

Even though abarclay is a member of the group "staff", the ACL on the
directory is preventing access.

Sunday, November 1, 2009

Labs feature of Google

The Labs feature of Google offers more incredible useful tools, which makes Gmail even more powerful. These features can be easily enabled by clicking on Settings. Below mentioned 10 features to give Gmail more power, which gives the real Google experience.

1. Multiple Inboxes: You can see different sections like starred messages, drafts, unread mails, etc in the Inbox window itself. You can choose which category you want to view. If you want to display starred messages, go to Settings | Multiple Inboxes and in the search query plane type is:starred.

2. Undo Send: You can recall the email which you have sent by mistake/accident. This feature can stop the messages being sent. It lets the users to abort or stop the delivery of any Gmail message within seconds of sending it. To activate go to Gmail account | Settings | Labs and you will find a feature called Undo Send . Now just click on the “Enable” radio button.

3. Docs and Calendar Gadgets: You can easily access Google services like Docs and Calendar in Gmail itself by enabling the Google Docs and Calendar gadgets. They are placed in the left column. You can easily view starred docs, add reminders and so on.

4. Inserting Images: Usually when we want to send images, we’ll send it as an attachment, right ? These attachments are not seen on the email body. Those are old times. You can directly insert the image in the body of the message. To activate, go to your Gmail account, then Settings | Labs | Enable Inserting Images Feature.

5. Tasks: By enabling this feature you can easily list down reminders and tasks without opening another application. To use this feature, click inside the task window and enter your to-do list. You can also create directly from emails also, select the email you want to add and from the More Actionsdropdown button, click on Add to tasks to add it to the list.

6. Quick Links : You can quickly access frequently search pages or important messages by this tool. It helps you to add links to any page that you have opened up in Gmail. You just need to click on Add Quick linkand type in a name for the page being current viewed. By clicking that link you can directly go to that page.

7. Mouse Gestures : You can quickly navigate Gmail Pages with your mouse using this feature. Right-click and moving to the right will take you to previous pages, moving upwards takes you to the main inbox if you have opened a particular message.

8. Canned Response: You can use this feature for sending the same content to all of your friends. You need to create a template. To do this, click on the Canned responses link in the compose mail window and select New canned Responses, type in a name and select the template you have created. To insert a response, click on the Canned Responsesand select the particular template you want to insert from the Insert section.

9. Offline: You can now access Gmail even when you are offline. You can do tasks like sending, reading, labeling, searching and so on. It will synchronize your mails from Gmail server to your computer when you are connected to the net. You need to have Google Gears installed if you are using IE or Firefox. Chrome users no need to install.

10. Search Autocomplete: If you are searching Gmail frequently then this feature will be useful for you. It helps you in searching Gmail faster by providing suggestions as you type. It displays contacts name and also similar phrases.

You might also like :

Related Posts with Thumbnails