Meeting-2015-07-25 Update / Upgrade … Improvement in both … Dave Hemmerle

Update / Upgrade … Improvement in both … Method and Content. Dave Hemmerle / CLUG Handout
Traditional or Basic Update:

1. GUI : Through the “Update Manager” a GUI found by Applications > Systems Tools > Administration > Update Manager.

2. Command Line: Open the terminal or terminal emulator:
Type in a “sudo apt-get update -y && sudo apt-get upgrade -y”.
Followed by your password.
And finally the Update / Upgrade begins to run.

Improved automated method included:

1. A bash scrip, 2. a bin directory added to my home directory for the bash scrip, 3. password negated from sudo to run Update commands, and 4. Shortcut keys to run the Updare file showing the terminal as the file is ran so you know it ran.

Here are the steps to accomplish this:

1. The bash scrip and 2. a bin directory:
1. Create a “bin” directory in your ~/home/user_name/ directory.
2. Open a text editor an make the following bash scrip: “Update.sh” file.

dave@dave-ThinkPad-T500:~/bin$ cat Update

#!/bin/bash
#
# FILE NAME: Update.sh
# LOCATED: ~/home/dave/bin
#
# The following are the commands that I want to run to Update and Upgrade
# my applications as well as clean out some of the junk.
#
# This bash scrip or file(Update.sh)is in ~/home/dave/bin/ and can be ran from the terminal
# or from, "Hot Keys" using " Alt + u".
#
# Although running a file that list files or having the ability to change files,
# requires "sudo" or "root" level permission the requirement for a "password" has
# been negated through the augmentation file "dave" .
#
# This file has been added to the /etc/sudoers.d/dave, and is read after the "sudoer" file.
#

# The last items read are used to establish the state of the password requirement.
# Thus,this augmenting file has the “last word” in the permission settings.
#
# And this indicate:
# NOPASSWD for user dave from ALL terminals, as ALL dave log on users, for the
# listed commands that follows:

sudo /usr/bin/apt-get -y update
sudo /usr/bin/apt-get -y upgrade
sudo /usr/bin/apt-get -y autoclean
sudo /usr/bin/apt-get -y autoremove

dave@dave-ThinkPad-T500:~/bin$

3. And make it into an executable ( “ chmod +x Update”), and then stored in your ~/home/user_name/bin/ .

This can be confirmed by “ls -lF Update” from the bin directory:

dave@dave-ThinkPad-T500:~$ cd bin && ls -lF
total 12
-rwxrwxr-x 1 dave dave 37 May 3 07:00 new.sh*
-rwxrwxr-x 1 dave dave 231 May 1 18:58 talk.sh*
-rwxrwxr-x 1 dave dave 150 Jun 25 14:58 Update*
dave@dave-ThinkPad-T500:~/bin$

Note the file Update* has an asterisk , as well as -rwxrwx-x in ownership, both of which indicate an executable file. Since update and upgrade can make changes above your normal user permission level, you need to use “sudo” elevate your permission level to that of a superuser, or root, and it takes a password to authenticate yourself, unless the password requirement has been negated.

3. No Password for the commands:

Now there is another change that is needed. The ability to run the apt-get commands without stopping to input your password. This is accomplished through “sudoers”, and a file in the “sudoers.d” directory
that has files read, after “sudoers” that amends “sudoers” default permissions. ( .d files / augmentation )

Make a file “your user name” in /root/etc/sudoers.d directory. Keep in mind that this file is above your normal user home and other users may need to add similar files. Putting them in the user’s name will keep it easier to maintain.

Change directory to your “root /etc “directory and then … from the root/ … ls | grep “sudo” , ( there are a lot of files in “etc” and and we are only interested in the ones with sudo in their names ), here is what I get:

dave@dave-ThinkPad-T500:/$ cd etc
dave@dave-ThinkPad-T500:/etc$ ls | grep “sudo”
sudoers
sudoers.backup
sudoers.d
sudoers.tmp.save
dave@dave-ThinkPad-T500:/etc$

1. If you do not have a “sudoers.backup ”, backup the “sudoers”.

2. Then sudo cat sudoers:

dave@dave-ThinkPad-T500:/etc$ sudo cat sudoers
[sudo] password for dave:
#
# This file MUST be edited with the ‘visudo’ command as root.
#
# Please consider adding local content in /etc/sudoers.d/ instead of
# directly modifying this file.
#
# See the man page for details on how to write a sudoers file.
#
Defaults env_reset
Defaults secure_path=”/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin”

# Host alias specification

# User alias specification

# Cmnd alias specification

# User privilege specification
root ALL=(ALL:ALL) ALL

# Members of the admin group may gain root privileges
%admin ALL=(ALL) ALL

# Allow members of group sudo to execute any command
%sudo ALL=(ALL:ALL) ALL

# See sudoers(5) for more information on “#include” directives:

#includedir /etc/sudoers.d
dave@dave-ThinkPad-T500:/etc$

3. “sudoers.d” is a directory … change into itand list its contenance … then “sudo cat README”.

This is what it says:

dave@dave-ThinkPad-T500:/etc/sudoers.d$ sudo cat README
#
# As of Debian version 1.7.2p1-1, the default /etc/sudoers file created on
# installation of the package now includes the directive:
#
# #includedir /etc/sudoers.d
#
# This will cause sudo to read and parse any files in the /etc/sudoers.d
# directory that do not end in ‘~’ or contain a ‘.’ character.
#
# Note that there must be at least one file in the sudoers.d directory (this
# one will do), and all files in this directory should be mode 0440.
#
# Note also, that because sudoers contents can vary widely, no attempt is
# made to add this directive to existing sudoers files on upgrade. Feel free
# to add the above directive to the end of your /etc/sudoers file to enable
# this functionality for existing installations if you wish!
#
#
dave@dave-ThinkPad-T500:/etc/sudoers.d$

I used my text editor and made the file “dave” that has additional user privilege specification:

dave@dave-ThinkPad-T500:/etc/sudoers.d$ sudo cat dave

# This file is in the sudoers.d directory and will be read
# after the sudoers file. Thus these permissions will be
# the last read and thus will be used.

# The statements indicate that when dave is the log in person …
# he can use ALL (terminals) … =(ALL) (as all users) … with
# NOPASSWD … needed for the following commands in the
# /usr/bin/apt-get -y update ….

dave ALL=(ALL) NOPASSWD: /usr/bin/apt-get -y update
dave ALL=(ALL) NOPASSWD: /usr/bin/apt-get -y upgrade
dave ALL=(ALL) NOPASSWD: /usr/bin/apt-get -y autoclean
dave ALL=(ALL) NOPASSWD: /usr/bin/apt-get -y autoremove

( user name (ALL=(ALL) ALL = MUC,
M U C = MUC
M=Machine or terminal, U=Users (or any other user name this user name may be using, and C=Commands, what Commands are involved. )

The file dave is not an “executable” file as there is no scrip to be run. However this file need read permission (0440), so “sudoers” can be read and thus be used to change/augment the sudo password requirement.

We now have a “executable” bash scrip file called “Upgrade” in my users /home/user_name/bin/ directory. The sudo permission does not require a password when the log in person is dave
and the apt-get commands have had their permission changed to NOPASSWD , the -y option ( is so there is no stopping for input when the commands are ran.

To check for special sudo permissions type “sudo -l”
I now show:

dave@dave-ThinkPad-T500:~$ sudo -l
Matching Defaults entries for dave on this host:
env_reset,
secure_path=/usr/local/sbin\:/usr/local/bin\:/usr/sbin\:/usr/bin\:/sbin\:/bin

User dave may run the following commands on this host:
(ALL : ALL) ALL
(ALL) NOPASSWD: /usr/bin/apt-get -y update
(ALL) NOPASSWD: /usr/bin/apt-get -y upgrade
(ALL) NOPASSWD: /usr/bin/apt-get -y autoclean
(ALL) NOPASSWD: /usr/bin/apt-get -y autoremove
dave@dave-ThinkPad-T500:~$

4. Shortcut Keys:

All we need now is to have the “Update” file explicable from “Shortcut keys”.

Go to “Systems Settings”, Applications > Systems Tools > Systems Settings

When Systems Settings opens up go to the Hardware grouping and open the Keyboard …
in the Keyboard window select the Shortcut tab. Near the bottom of this window there is a narrow strip with a + and – sign. Click on the + and a window will open up so you can add a custom shortcut key.

In the Name window put “Update”. ( This is not the file but just any name to identify this command.)
In the Command window input the command to be run. At first I used “/home/dave/bin/Update”.

Clicked Apply and the new shortcut command name will appear, however, it will be listed as
“Disabled” where the hot keys should be noted.

Click on the term “Disabled” and input the hot key the keys you want to use to run this command. I used “Alt + u”. Close the shortcut window and try the shortcut key.

All seemed to run ok no error messages ??? , however, there was no observed sign that it was working, so the command in the “Shortcut key” was improved / changed to:
“gnome-terminal -e /home/dave/bin/Update”

When this command is ran, the gnome-terminal is displayed for a brief time and the scrip can be seen running.

“Wa La” … Press Alt + u, and the applications that were downloaded through the PPA’s are updated / upgraded, and purged of obsolete junk.