X11 change application titlebar and icon in window manager panel

If you are trying to change the listing of a running application in the window list, regardless if you’re running XFCE or Cinnamon or another display manager, you might want to go down the same line of research I did.

In an upcoming article, I will talk exactly about how I run a game in DOSBox with a wrapping shell script and batch file. But today, this article is about how I rename the window and change its icon.

First, I run the application and I know what the titlebar looks like. I have to learn the window ID to set the icon.

I set the window title to the preferred name, and then use that window name to search and then execute a series of commands, which change the class and redraws the window so the panel learns the correct name.

tid="$( xwininfo -root -children -all | grep -iE "dosbox.*STARTREK" | awk '{print $1}' )"
echo "modifying id ${tid}"
xseticon -id "${tid}" "${ICONFILE}"
xdotool set_window --name "STARTREK" "${tid}"
xdotool search --name "STARTREK" set_window --classname "STARTREK" --class "STARTREK" windowunmap windowmap

I researched on the Internet to discover how to change the application icon. I had to compile a nifty little tool written in C (xseticon), so I bundled it into an rpm. But it does exactly as the description says.
Changing what appears on my Cinnamon panel was a different story, however.
I eventually remembered using xdotool for something in the past, and decided to read its man page. After a lot of experimentation, I got the classname and class adjusted. But it still didn’t do any good.
So I finally tried the windowunmap command, which was recommended after doing some other change. And then I had to hurriedly windowmap it again, so I could see the window. It doesn’t minimize the application; it removed it from the panel and display entirely, even though the process was still running. After the windowmap, it showed the custom icon, and the exact title I wanted!
I learned how to chain the commands together into fewer invocations.

References

Web links

link to xseticon https://unix.stackexchange.com/questions/179174/change-icon-for-an-application-form-command-line
compiling xseticon https://forum.xfce.org/viewtopic.php?id=11116
xseticon source http://www.leonerd.org.uk/code/xseticon/
rpm spec https://gitlab.com/bgstack15/stackrpms/tree/master/xseticon
xseticon rpm in copr https://copr.fedorainfracloud.org/coprs/bgstack15/stackrpms/package/xseticon/

Further reading

https://stackoverflow.com/questions/36650865/set-wm-class-with-wnck-xprop-or-something-else

Internet searches

xprop change icon of running application

Man pages

xdotool(1)

Advertisements

Sudoers policy

Summary of policy

  1. Full sudo access will not be granted.
  2. Sudo su (switch user) access will be granted to service accounts upon request.
  3. Sudo access to specific commands run as specific users is granted upon request.
  4. Sudo chmod is unnecessary because the owning user can already chmod files.
  5. Sudo chown will be granted when applied to specific directories.

Annotated policy

  1. Full sudo access will not be granted, with exceptions granted only by the Linux Engineering team.
    1. Full sudo is what is assumed when users ask for “sudo access” without any qualifiers. Users may not mean this; they might mean sudo su $SHAREDACCOUNT but this cannot be assumed. Requests should be explicit as to what user they should run as, and what commands to run.
    2. Exceptions will be granted for development/sandbox environments as approved by the Linux Engineering team.
  2. Sudo su (switch user) access will be granted to service accounts as requested through PARs and approved by the Linux Engineering team.
    1. Normal access to servers is through individual user accounts, who then switch user to a shared account to manage files and services. Some teams connect directly as a shared account which is not recommended but outside the scope of this policy.
  3. Sudo access to specific commands run as specific users is granted as requested through PARs and approved by the Linux Engineering team.
    1. Perhaps not shells are needed, but just specific commands run as a different user. Switching users to an interactive shell is normal activity.
  4. Sudo chmod is unnecessary because the owning user can already chmod files.
    1. A user should not run chmod against files that are not his because this is an unacceptable escalation of privilege.
  5. Sudo chown will be granted when applied to specific directories.
    1. If sudo chown * were to be granted, the user could take over system files and is not permissible.
    2. Permissible options involve a specific directory name, with the recursive flag.
[appdeployer ~]$ sudo chown -R appdeployer.appdeployer /opt/appdeployer/v5

The entry in sudoers:

appdeployer hostname = (root) /bin/chown -R appdeployer.appdeployer /opt/appdeployer/v5, /usr/bin/chown -R appdeployer.appdeployer /opt/appdeployer/v5

Definitions

Term Meaning
Full sudo sudo su root or any other command that uses sudo to achieve a root shell
PAR Permission access request ticket

Example sudoers

This is an example sudoers file.

# file: /etc/sudoers.d/30_db_dbas_sudo
# managed by ansible
# last updated 2018-12-10 20:11Z

User_Alias DBUSERS = %db_dbas, !db
Host_Alias DBHOSTS = l*dbr*, l*dbr*.ad.example.com, l*dbr*.ipa.example.com
Host_Alias DBHOSTS_DEV = l2*dbr*, l2*dbr*.ad.example.com, l2*dbr*.ipa.example.com
Cmnd_Alias BECOME_CMNDS = /bin/su - db, /bin/su db
Cmnd_Alias DBCMNDS = /bin/ls, /bin/ps
Cmnd_Alias DBCMNDS_DEV = ALL

# Users may switch to shared local user
Defaults:DBUSERS !authenticate
DBUSERS DBHOSTS = (root) BECOME_CMNDS
DBUSERS DBHOSTS = (db) ALL

# Local user may run these commands
Defaults: db !authenticate
db DBHOSTS = (root) DBCMNDS
db DBHOSTS_DEV = (root) DBCMNDS_DEV

Use su with ssh X-forwarding

This is a shameless ripoff of Howto use su with ssh x-forwarding [coderwall.com]

If you ssh to a server and want to do X forwarding, make sure the server allows it in /etc/ssh/sshd_config:

X11Forwarding yes

And then your ssh command should include -X, or make sure your ~/.ssh/config includes:

ForwardX11 yes

Command:

ssh -X servername

And once on the server, prepare your xauth file to be shared the other user before switching and merging it.

xauth extract /tmp/x $DISPLAY
chmod 0644 /tmp/x
su otherusername
xauth merge /tmp/x

References

Web searches

ssh x forwarding with su

dnf install build deps

If you want to build a package, but need all of its buildrequires packages, use this command:

sudo dnf builddep wxGTK3

I leave my source repositories off, so be sure to do any –enablerepo=fedora-source,updates-source as necessary.

For debian family

Try a cool tool named “mk-build-deps” as documented over at https://www.guyrutenberg.com/2017/09/23/use-mk-build-deps-instead-of-apt-get-build-dep/

References

Weblinks

Automatically install build dependencies prior to building an RPM package [stackoverflow.com]

Increase docker devicemapper space when full

If you are using a docker environment that does not have the best-practice method of storage (docker controlling its own vg), but you still need to grow the space beyond what it currently is, there is still a way.

Edit /etc/sysconfig/docker-storage:

DOCKER_STORAGE_OPTIONS = --storage-opt dm.loopdatasize=180GB

A colleague showed me that. It’s not well-documented in my opinion, but I did find at least one other online reference: Increase disk size of docker containers when using device mapper [wordpress.com]

logrotate ignores files with g+w permission

Another logrotate post!

If you have a logrotate definition, with permission g+w, logrotate will ignore it. You can see that if you run logrotate with -v flag.

-rw-------. 1 root root 349 Nov  2 15:02 nginx

If you want the nginx group to still be able to manage their own logrotate definition, use ACLs, which are already enabled by default on xfs and ext4

# setfacl -m 'group:nginx:rw-' nginx
# getfacl nginx
# file: nginx
# owner: root
# group: root
user::rw-
group::---
group:nginx:rw-                 #effective:---
mask::---
other::---

# ls -l nginx
-rw-------+ 1 root root 349 Nov  2 15:02 nginx

rpm rebuild db

On rare occasions, rpm locks up. The issue is probably a broken database, so try cleaning it and rebuilding it.

Remove the rpm db files
Rebuild the database.

rm -f /var/lib/rpm/__db*
rpm --rebuilddb

Additionally, you can clean up the .lock files, after confirming no yum or rpm processes are running.

rm -f /var/lib/rpm/.*.lock

So many Internet references discuss rebuilding the rpm database, so so specific sources are provided.

Apache use ssl virtual host to reverse proxy to http

Documenting partially for myself but also for anyone else who just wants to deal with the http virtual host, but have ssl as well.

You need some basic ssl configs, which I tend to place in a separate file so all virtal hosts can share the same settings.

tf=/etc/httpd/conf.d/all-ssl.cnf
touch "${tf}" ; chmod 0644 "${tf}" ; chown root.root "${tf}" ;
cat <<EOF 1> "${tf}"
SSLEngine on
SSLProtocol all -SSLv2 -SSLv3
SSLHonorCipherOrder on
SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA !RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS"

<Files ~ "\.(cgi|shtml|phtml|php3?)$">
        SSLOptions +StdEnvVars
</Files>
<Directory "/var/www/cgi-bin">
        SSLOptions +StdEnvVars
</Directory>

SSLCertificateFile /etc/pki/tls/certs/localhost.crt
SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
SSLCertificateChainFile /etc/pki/tls/certs/chain-localhost.crt

SetEnvIf User-Agent ".*MSIE 4\.0b2.*"                 nokeepalive ssl-unclean-shutdown                 downgrade-1.0 force-response-1.0

LogLevel warn
ErrorLog logs/ssl_error_log
CustomLog logs/ssl_access_log combinedvhost

<Directory "/var/www/html/notfound/">
        AllowOverride None
        Order allow,deny
        Allow from all
</Directory>

# END OF FILE all-ssl.cnf
EOF

And the real config file:

tf=/etc/httpd/conf.d/repo.conf
touch "${tf}" ; chmod 0644 "${tf}" ; chown root.root "${tf}" ;
cat <<EOF 1> "${tf}" 
# reference:
# https://bgstack15.wordpress.com/2016/03/24/adding-adfs-integration-to-apache/
# ssl act as proxy: https://httpd.apache.org/docs/2.4/rewrite/proxy.html

#Listen 80 # not needed here in base C7 because this is provided in /etc/httpd/conf/httpd.conf
#Listen 443
<VirtualHost *:80>
ServerName repo1.int.example.com
ServerAlias *.int.example.com *
UseCanonicalName Off

DocumentRoot /var/www/html
Options +Indexes
IndexOptions IgnoreCase FancyIndexing FoldersFirst NameWidth=* DescriptionWidth=*
</VirtualHost>

<VirtualHost *:443>

ServerName repo1.int.example.com:443
ServerAlias *.int.example.com

Include conf.d/all-ssl.cnf
# try the <proxy> stuff from https://bgstack15.wordpress.com/2017/10/12/adding-reverse-proxy-for-plex-to-apache-vhost/

<Proxy *>
Order deny,allow
Allow from all
</Proxy>

SSLProxyEngine On
ProxyRequests Off
ProxyPreserveHost On
ProxyPass / http://repo1.int.example.com/
ProxyPassReverse / http://repo1.int.example.com/

</VirtualHost>

Add policykit rules for virt-manager

If a user wants to use virt-man to control virtual machines on localhost, he will be prompted to authenticate to policykit.

If you have a policykit rule established (as the libvirt package already provides) for the right group, it’s seamless. Just make sure the user is in group “libvirt” (from /usr/share/polkit-1/rules.d/50-libvirt.rules)
Or, to make a different group the (additional) accepted value:

tf=/etc/polkit-1/rules.d/80-libvirt.rules
touch "${tf}" ; chmod 0644 "${tf}"
cat <<EOF >"${tf}"
polkit.addRule(function(action, subject) {
  if (action.id == "org.libvirt.unix.manage" && subject.local && subject.active && subject.isInGroup("wheel")) {
      return polkit.Result.YES;
  }
});
EOF

References

Web links

    1. How do I prevent virt-manager from asking for the root password? – Super User