added docs for rrsync, updated various other docs

linux/system/find-pkg-that-owns-file.sh

@@ -0,0 +1,6 @@
+#!/bin/bash
+set -u
+
+# Find package that owns a certain file
+grep "$1" /var/lib/dpkg/info/*.list
+

linux/system/find-pkg-that-owns-file.txt

@@ -1,3 +0,0 @@
-# Find package that owns a certain file
-grep "${filename:?}" /var/lib/dpkg/info/*.list
-

linux/system/mark-pkg-as-autoinstalled.md

@@ -1,5 +0,0 @@
-# mark an APT package as autoinstalled
-
-```
-apt-mark auto ${package_name:?}
-```

linux/system/mark-pkg-as-autoinstalled.sh

@@ -0,0 +1,5 @@
+#!/bin/bash
+set -u
+
+# mark an APT package as autoinstalled
+sudo apt-mark auto $1

linux/system/rename-user.sh

@@ -0,0 +1,11 @@
+#!/bin/bash
+set -ue
+
+# first arg is old user name, second arg is new user name
+old_user=$1
+new_user=$2
+
+# rename user, user's group, and user's home dir
+sudo mv /home/$old_user /home/$new_user
+sudo groupmod -n $new_user $old_user
+sudo usermod -l $new_user -d /home/$new_user -m $old_user

linux/system/rename-user.txt

@@ -1,2 +0,0 @@
-usermod -l «new_user» -d /home/«new_user» -m «old_user»
-groupmod -n «new_user» «old_user»

linux/system/rrsync.md

@@ -0,0 +1,40 @@
+# how to use rrsync to make secure backups
+
+## setup
+
+copy rrsync script to `/usr/local/bin`:
+```
+sudo cp /usr/share/rsync/scripts/rrsync /usr/local/bin/
+sudo chmod +x /usr/local/bin/rrysnc
+```
+
+There is an option in the SSHD configuration file for allowing root logins only with the command parameter set. This allows a client to login to the server as root if they have a key in root's authorized_keys, but only if that key has the "`command`" parameter set.
+
+To activate this option, set the following option in `/etc/ssh/sshd_config`:
+```
+PermitRootLogin forced-commands-only
+```
+And don't forget to reload SSH daemon:
+```
+sudo systemctl reload sshd
+```
+
+## usage
+
+The usage of rrsync is:
+```
+rrsync [-ro|-wo] SUBDIR
+```
+rrsync can be restricted to read-only mode by the `-ro` flag, or write-only mode by the `-wo` flag. The subdir argument sets the directory that rrsync is restricted to. Rrsync will not be allowed to read or write from anywhere other than that directory.
+
+To add a command directive to an authorized key, simply include the directive '`command="my_command"`' in front of the rest of the key on that line in the authorized_keys file. For example, so add a key that is restricted to only being able to run rrsync in read-only mode on the directory `/foo`, you would add the following command directive in front of the key:
+```
+command="rrsync -ro /foo" <key>
+```
+
+When a remote client attempts to use this key to run a command on the host, the `command` directive causes SSHD to ignore any commands sent by the client, and execute the actions specified in the `command` directive instead. Rrsync will then be able to parse your attempted rsync command, and execute it if it determines that it is an allowed action.
+
+Note that any remote directories in the client's rsync command must be specified *relative to the subdirectory* specified in the `command` directive. For example, if a client wants to pull the contents of the directory `/foo/bar` on the server to the same directory on the client using the key from the example above, they would run the command:
+```
+rsync -av server:bar/ /foo/bar/
+```

linux/system/set-timezone.md

@@ -1,10 +0,0 @@
-# set timezone
-
-to list timezones available:
-```
-timedatectl list-timezones
-```
-to set timezone:
-```
-timedatectl st-timezone ZONE
-```

linux/system/set-timezone.sh

@@ -0,0 +1,9 @@
+#!/bin/bash
+
+if [[ -z $1 ]]; then
+    # list timezones available:
+    timedatectl list-timezones
+else
+    # set timezone:
+    sudo timedatectl set-timezone $1
+fi