Category: System Administration

Recreating Grub Bootloader After the Windows Install Wipes It

Setting up the dual-boot Windows/Fedora system was straight-forward on my laptop. I installed Windows, then installed Linux and grub mkconfig found Windows and included it in the menu. Scott already had Fedora, and we needed to repair his Windows installation. Which, of course, blew away grub. Easy enough to get back, provided you’ve got a Live USB installation from which to boot.

Boot the Live media and use fdisk to find the Linux partition (in our installations, /boot is contained within the root partition).

[root@fedora02 ~]# fdisk -l
Disk /dev/sda: 10 GiB, 10737418240 bytes, 20971520 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 4096 bytes
I/O size (minimum/optimal): 4096 bytes / 4096 bytes
Disklabel type: dos
Disk identifier: 0xd847fbc2

Device Boot Start End Sectors Size Id Type
/dev/sda1 * 2048 1026047 1024000 500M 83 Linux
/dev/sda2 1026048 20971519 19945472 9.5G 8e Linux LVM

Mount that partition somewhere:

mkdir /mnt/mycomputer
mount /dev/sda2 /mnt/mycomputer

Add bind mounts so /dev and /proc are in there

mount –bind /dev /mnt/mycomputer/dev
mount –bind /proc /mnt/mycomputer/proc

Chroot yourself into the mount point

chroot /mnt/mycomputer

Now you can reinstall grub. You don’t want the partition (e.g. /dev/sda2) but the disk. The following commands install the grub2 bootloader and reboot.

grub2-install /dev/sda

If you forget to pay attention on boot and thus inadvertently end up in the default operating system (<G>), edit /etc/default/grub and increase “GRUB_TIMEOUT=5”. Build the grub config — this should identify your Windows partition and include it in the menu

grub2-mkconfig -o /boot/grub2/grub.cfg

Reboot again, and you’ll be able to select between Windows and Linux.

Using grub rescue to boot machine and repair MBR

Using grub rescue to boot machine and repair MBR

Use “ls” to find your partition list:
(hd0) (hd0,msdos3) (hd0,msdos2) (hd0,msdos1)

Check the content of each to find your Linux partition:
ls (hd0,msdos3)/
ls (hd0,msdos2)/
ls (hd0,msdos1)/

You want the one with the /boot folder. In our case, this is (hd0,msdos3). The following commands will boot your Linux OS.

set prefix=(hd0,msdos3)/boot/grub2
set root=(hd0,msdos3)
insmod normal

<root password for maintenance>

Use “df” or “mount” to figure out which disk holds the Linux partition. In our case, it is /dev/sdb. You don’t want the partition (e.g. /dev/sdb2) but the disk. The following commands install the grub2 bootloader and build a config file.

grub2-install /dev/sdb
grub2-mkconfig -o /boot/grub2/grub.cfg

Linux – Finding “Missing” Disk Space

You can have ‘stuff’ in a folder, mount a partition to that folder, and have disk space used for which you cannot account. Rather than randomly umounting partitions to see if there’s anything in the mount point folder, you can bind mount root to another location and check the disk utilization on the new mount.


[root@fedora123 ~]# mount -o bind / /mnt/fakeout/
[root@fedora123 ~]# du -sh `ls /mnt/fakeout | grep -v mnt`
0 bin
0 boot
280K ca
8.0K cacert.pem
4.0K careq.pem
0 certs
0 crl
0 dev
44M etc
52K home
0 index.txt
0 lib
0 lib64
0 media
0 newcerts
0 openhab
724K opt
4.0K private
0 proc
847M root
0 run
0 sbin
227M srv
0 sys
4.0K tmp
3.0G usr
4.0K var
[root@fedora123 ~]# umount fakeout

GPO Changes Not Reflected On Computer

A year or three ago, we had set up a group policy to display logon information in the Windows welcome screen — last logon time, information about any bad passwords since your last successful logon. It’s nice, but you are unable to log in if the information is unavailable. So we disabled the setting (just clearing a GPO setting doesn’t always remove the config from anywhere it’s already set … you’ve got to change to the desired setting). Aaaaand … one server still shows the logon info. Or, more accurately, fails to display it and prevents the domain account from logging on. Luckily it’s a member computer and we can just log in with local accounts.

I thought about just editing the local computer policy (which would have priority anyway) to disable the logon info, but the computer policy could not be opened. It threw a strange access denied error. I could edit the local user policy. Just not the computer policy.

It seems that the local computer policy got corrupted. After deleting registry.pol from c:\Windows\System32\GroupPolicy\Machine … I am able to modify the local computer security policy. GPO settings from the domain are also applied as expected. WooHoo! I can sign in using domain IDs again!

Adding Python to Fedora Alternatives

Gimp installed Python 2.7). Which, of course, took over my system so nothing was using Python 3 anymore. We’ve used ‘alternatives’ to manage the Java installation, and I thought that might be a good solution in case I ever need to use Python 2

Add both Python versions to alternatives:

[lisa@fedora ~]# sudo alternatives –install /usr/bin/python python /usr/bin/python3.7 1
[lisa@fedora ~]# sudo alternatives –install /usr/bin/python python /usr/bin/python2.7 2

Select which one you want to use:

[lisa@fedora ~]# sudo alternatives –config python

There are 2 programs which provide ‘python’.

Selection Command
1 /usr/bin/python3.7
+ 2 /usr/bin/python2.7

Enter to keep the current selection[+], or type selection number: 1

And, of course, repeat the process for PIP:

[lisa@fedora ~]# sudo alternatives –install /usr/bin/pip pip /usr/bin/pip2.7 2
[lisa@fedora ~]# sudo alternatives –install /usr/bin/pip pip /usr/bin/pip3.7 1

[lisa@fedora ~]# sudo alternatives –config pip

Updating ll alias

Fedora and Red Hat Enterprise Linux have an alias “ll” which uses the long listing format. It’s a quick little tweak that I love, but I generally want to list hidden files too. Seemed easy enough to tweak the alias … but I never had any luck overriding the system setting or finding the source of the alias. Typing “ll -a” gave me what I wanted, although that’s not appreciably easier than typing “ls -al” …

The ll alias is defined in /etc/profile.d/ (or colorls.csh if you use the C shell). Add the ‘a’ and “ll” produces a long list format of all files.

lisa@fedora123 ~]# grep “alias ll” /etc/profile.d/
alias ll=’ls -la’ 2>/dev/null
alias ll=’ls -la –color=auto’ 2>/dev/null

Ransomware Insurance

Another city paying hackers in hope of decrypting their data. Interesting note that the payoff is being covered by insurance. I wonder if business insurers are going to go down the PCI-DSS route as part of the risk/pricing calculation. Running unpatched XP workstations and W2K servers? Your insurance is going to get expensive. Show proof of quarterly full DR validation restoring everything from last night & magic cloudy mail/file storage with versioning, that’ll bring your insurance cost down.


Quicker Way To Set Up Key-Based Authentication

I’ve always added my public key to a remote host’s authorized_keys file manually, but happened across the “ssh-copy-id” command which does that for you.

[lisa@workstation-fedora .ssh]$ ssh-copy-id -o PreferredAuthentications=password -o PubkeyAuthentication=no
The authenticity of host ‘ (’ can’t be established.
ECDSA key fingerprint is SHA256:5EuKd5LNRnx5sHgQNFb6HO6W/p0hQk4pEmShTgj3zyU.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed — if you are prompted now it is to install the new keys’s password:

Number of key(s) added: 1

Now try logging into the machine, with: “ssh -o ‘PreferredAuthentications=password’ -o ‘PubkeyAuthentication=no’ ‘'”
and check to make sure that only the key(s) you wanted were added.

Omit the -o options when attempting to log in over the key-based authentication. This, of course, presupposes that you have a public/private key pair. To create one, use ssh-keygen -t rsa -b 2048

Linux Mounts Windows Volumes As Read Only

Since I’ve got a larger hard drive installed, I have both Fedora and Windows in a dual boot configuration. I have a shared NTFS partition for data, but it’s mounted as read-only under Fedora. Turns out that Fedora sees the file system as not cleanly shut down when Windows Fast Boot is enabled. I disabled fast boot in power management, and the shared data volume is mounted rw as expected.