DistroWatch Weekly, Issue 777, 20 August 2018

Feature Story (by Jesse Smith)

YunoHost 3.0.0.1 YunoHost is a Debian-based distribution for people who want to run their own private server. The distribution is particularly geared toward offering web, e-mail and media streaming services which can be set up with relative ease from a web-based interface. Or, as the project's website states: YunoHost is a server operating system aiming to make self-hosting accessible to everyone. It is based on Debian GNU/Linux and is fully compatible with it... YunoHost's goal is to make installing and administering a server accessible to as many people as possible, without taking away from the quality and reliability of the software. The latest version of YunoHost (pronounced "Why you no host?") at the time of writing is 3.0.0.1, which is based on Debian 9 "Stretch". The project's documentation mentions that YunoHost includes the Nginx web server, the Postfix e-mail server, Dovecot for handling mail through clients, a spam filter, LDAP service and a DNS server. A Let's Encrypt certificate manager is also listed as a feature.



YunoHost is available in a number of different builds, including ones for generic PCs, VirtualBox, the Raspberry Pi and a few other single-board computers. I downloaded the generic PC build which is 369MB in size.



Installing



Booting from the distribution's media brings up a menu offering to start a text installer, graphical installer or an advanced installer. I tried both the text and graphical installers. Both are basically Debian's standard installer with the disk partitioning section and package selection step skipped. YunoHost automatically wipes our hard drive to install itself with its own partition layout and chooses the packages it needs in order to run.



The first time I tried to install YunoHost the installer ran into an error during the partitioning section and reported it was unable to mount the new file system it had created. After that it was unable to proceed. I rebooted the computer, took the same settings again and, the second time through, the installation completed without incident. When the system installer finished the disc was ejected and the computer was automatically rebooted.



Early impressions



The first time I booted YunoHost the system brought up a text console. A welcome message appeared which told me my computer's IP address. The first time I started the distribution the IP address was correct, but when I started YunoHost in the future the IP address field was always blank even though the system was connected to my network.



The first time I booted into YunoHost a first-run wizard started on the text console and offered to help me configure the operating system. The prompts ask us to provide our domain name (which must be in the form of a fully qualified domain name, such as example.com). We are asked to create a password for the system's admin account. I feel it is important to keep in mind the admin account, in this case, is the account we will use to sign into YunoHost's web-based interface. The admin account does not have special access when logged into the console and cannot upgrade packages or manage the base operating system directly. The root account's password, used for performing system administration actions from the command line, is not changed from its default on the live disc. The root account's password will remain "yunohost" until we sign in and change it.



The wizard then sets up the default services as some status messages scroll by. When the wizard was done the console appeared to freeze and did not respond to further keyboard input. I was able to switch to another console to login. I found YunoHost used about 2GB of disk space with the default packages installed and the operating system consumed about 220MB of RAM.



Web interface



YunoHost's web interface begins with a simple, mostly blank screen where we are asked to sign in. We can login using our admin account's password. This brings up a menu where we can access sub-menus and controls for Users, Domains, Applications, System Updates, Services, Tools and a Backup panel. I'd like to go through and give a brief overview of each section of the web-based control panel.



Users - By default, there are no accounts listed on the Users page. This appears to be because the YunoHost panel does not display system accounts, only accounts which can sign into the web-based interface and run web-based applications. To work with system-level accounts we should sign into a console or remotely access the server over secure shell.



With the click of a button we can create new accounts that will be able to sign into the YunoHost web portal and run applications. These accounts we create cannot sign into the system over secure shell or a local terminal, they only have access to the web portal. Signing into the portal will bring up a list of applications the user has been granted access to.



One interesting side-effect of separating web portal accounts from system accounts is that we can install a web-based virtual terminal and have the user run it. But they cannot sign into the virtual console unless we set up a separate, system-level account for them.



Domains - The Domains page starts off by showing us the first domain we set up (using the first-run wizard) and gives the option of creating new domains. We can add SSL certificates and check a domain's DNS information from this page.



Applications - At first there are no web applications installed. However, clicking a button brings up a list of several web-based apps we can install. There is a terminal emulator, RSS feed reader, the Ampache media streaming service, an arcade game, Nextcloud, the phpMyAdmin console and a handful of others.





YunoHost 3.0.0.1 -- Browsing applications

(full image size: 107kB, resolution: 1239x1024 pixels)



I tried a few of the simple applications and confirmed they worked. We can set each application to be available to only certain users, or let all users access an installed service. I like the potential flexibility this gives us as it means we can limit access to a login console or phpMyAdmin panel for some users.



System updates - The updates panel should list low level package updates, which are provided mostly by Debian and a YunoHost repository. This page also has a section for showing web application updates. I was not using YunoHost long enough to have any updates appear in this panel. The system was up to date at install time and remained that way for the next few days I was using it.



Services - By default YunoHost runs several network services in the background. The Services page lists these and provides buttons to enable/disable and start/stop these services. The operating system runs a Postfix e-mail service, Dovecot, a firewall, the Nginx web server, the fail2ban security software, MySQL and the OpenSSH secure shell. Sometimes while toggling services on/off an error message would appear saying the systemctl program did not recognize the name of the given service. However, the enable/disable action typically completed successfully anyway.





YunoHost 3.0.0.1 -- Managing background services

(full image size: 115kB, resolution: 1239x1024 pixels)



Tools - The tools page offers access to low level information, for the most part. There is a monitoring tool for checking the resource usage of the system. The firewall tool lets us open and close ports. There is a page which brings up a list of security advisories for popular packages such as Wordpress and the Linux kernel. Another tool just shuts down or reboots the server. One tool is called Migrations and I'm not entirely sure what actions it will perform, but it appears to offer advice on switching between major package versions, such as from PHP 5.6 to PHP 7.0.





YunoHost 3.0.0.1 -- Browsing tools and status messages

(full image size: 102kB, resolution: pixels)



I like the Tools panel. It seems to be a miscellaneous group of items that did not fit elsewhere, but the tools do provide useful information and I found each one easy to navigate.



Backup - The Backup page is very simple and provides a button to create a new archive of our system and its data files. We can toggle three boxes which control whether to back up our configuration files, user data, and mail. Once an archive, which is saved in tar format, has been created it can then be destroyed or restored with another click from the Backup page. I tested the Backup page's features and they all worked, allowing me to roll back the system to an earlier point in time.



Command line interface



Apart from the web interface, YunoHost provides a command line utility which provides the same basic features. This allows us to address problems or install new web applications over a secure shell connection. The functions are all run through one unified program called yunohost. Running this program we can then specify a category like the ones list above ("backup", for example) and then an action to perform. The help text for the yunohost command is a little sparse, but there was enough there to help me navigate through adding and removing applications, checking status information and restoring a backup.





YunoHost 3.0.0.1 -- Blocking network ports

(full image size: 68kB, resolution: 1239x1024 pixels)



Conclusions



At this point I have only set up YunoHost, created a few user accounts and installed a handful of applications. While I may play with it further, my main focus going into this trial was how well the framework of the distribution functions. That is: is it easy to install, how hard is it for new users to add services and accounts, and is it straight forward to keep the system up to date? Basically, I wanted to know whether I could give this distribution to someone who wanted to set up home-based network services for the first time and expect them to be able to use it. Based on my experiences so far with YunoHost, my answer is: probably.



The distribution does make it pretty easy to create user accounts and install web-based services. In fact, YunoHost does this quite well. The admin panel is very streamlined, uncluttered and easy to navigate and getting something like a game of Hextris or a media streaming service installed is about as easy as a few mouse clicks. Managing the firewall, monitoring the system and creating backups are nearly as easy. The administrator still needs to figure out how to get backup archives off the disk to another location for safe keeping, but the bulk of the work in backing up and restoring the operating system is done for us.



Where I feel the distribution runs into trouble is mostly little details, and a few general concepts. For example, asking the user to create an "admin" password but leaving the root password as the default is both likely to confuse people and leave a permanent security hole on the servers of most inexperienced hobbyist administrators. On the topic of accounts, it makes sense, from a security standpoint, to separate web accounts from system accounts. But, this means there may be some confusion as to why, once an account has been created, it cannot log into the system. Little concepts like this may throw new users and I don't feel these issues are well addressed by the documentation.



The first time through, the system installer failed during the partitioning section. It worked the second time though with the same settings, so I'm not sure if this is a semi-persistent bug or a one-time error with my system.



On the whole, YunoHost performs well. It's light on resources, it offers a lot of common network services home administrators will probably want and it is pretty easy to run and maintain. There are a few little wrinkles in the experience, but in general I found the distribution to be straight forward to use. For people looking to set up a home server, this is probably a good platform on which to build. * * * * * Visitor supplied rating



YunoHost has a visitor supplied average rating of: 9.5/10 from 10 review(s).

Have you used YunoHost? You can leave your own review of the project on our ratings page.





Miscellaneous News (by Jesse Smith)

Fedora makes it easier to convert file systems, Red Hat responds to hardware bugs, Lubuntu plans migration to Wayland, Debian turns 25 years old Most people set up their operating system on a file system and continue to use that file system for the life span of the operating system. However, while it is rare to want to change which file system is in use, it is possible to convert one file system to another. This process can even be (mostly) automated by a tool called fstransform. The fstransform documentation states: " The program fstransform does the following: it takes a device with a file system on it (even if almost full) and transforms the device to a different file system type, in-place (i.e. without backup) and non-destructively (i.e. it preserves all your data). It works even if the file system is almost full. " Fedora Magazine has an article on fstransform, how to use it on Fedora, and some precautions to take to avoid data loss during the transition. * * * * * Hardware bugs affecting popular makes and models of CPU have been in the news a lot this year. One of the more recent revelations has been the L1 Terminal Fault attack, mostly known by its ominous-sounding name Foreshadow. The Red Hat team has put together a series of blog posts which explain the Foreshadow issue, how it works and why it is a problem. While CPU bugs have serious security implications, Red Hat reports the fix should be relatively painless for Foreshadow: " The L1TF attack against bare metal machines is trivial to mitigate through a few lines of kernel code (that is available in all of our errata releases, and has also been submitted for inclusion in upstream Linux). This mitigation has no measurable performance impact and requires systems be promptly patched. " * * * * * The Lubuntu project has announced plans to gradually migrate from using the X display server to running the LXQt desktop on a Wayland session by default. This change is expected to take place in about two years (with the release of Lubuntu 20.10) and will make use of Mir as the Wayland implementation. More information on this change and other plans for future versions of Lubuntu can be found in the project's newsletter. * * * * * We are pleased to report that Debian, one of the world's largest Linux distributions, has reached its 25th birthday. An announcement on the Debian website reports: " When the late Ian Murdock announced 25 years ago in comp.os.linux.development, 'the imminent completion of a brand-new Linux release, [...] the Debian Linux Release', nobody would have expected the 'Debian Linux Release' to become what's nowadays known as the Debian Project, one of the largest and most influential free software projects. Its primary product is Debian, a free operating system (OS) for your computer, as well as for plenty of other systems which enhance your life. From the inner workings of your nearby airport to your car entertainment system, and from cloud servers hosting your favorite websites to the IoT devices that communicate with them, Debian can power it all. " Happy birthday, Debian! * * * * * These and other news stories can be found on our Headlines page.





Tips and Tricks (by Jesse Smith)

Limiting resource usage Generally when we run applications we want the program we are working with to be fast and responsive. Ideally, we want videos to play smoothly and web pages to load quickly. For this reason, the underlying operating system usually provides the programs we run with as many resources as they request. So long as there is not too much competition from other applications and services, the programs we run will get to use as much of our CPU, memory and disk as they want.



Sometimes though we do not want a program to get all the resources it wants. Number crunching programs may use up too much CPU time and cause other applications to stutter. A service that scans our hard drive to index files will make opening and saving documents slower. A program that consumes too much RAM may cause the system to slow down or rely heavily on swap space which will make the computer unresponsive. This article explores four utilities which can be used to limit a process's resource usage and prevent the system from getting bogged down.



One of the easiest tools to use when trying to limit a process's impact on the operating system is nice. The nice command reduces the priority of an application or service so that it does not use the CPU as much when other processes want a turn. This is especially useful if we are running several programs at once and want to accomplish something in the background that will not slow down other programs. For example, if we are running checksums on multiple files to confirm their integrity the nice command will make sure the CPU-intensive checksum process does not impact other tasks we are performing, such as browsing the web.



Typically the nice program is run and just passed the name of another program to run. For example, here we run an MD5 checksum on a file called Fedora-28.iso: nice md5sum Fedora-28.iso Different programs can be run with different "nice" values. The more "nice" a program is, the more it stays out of the way of other processes using the CPU. The default "nice" value of most programs is zero. A program started by the nice command is assigned a "nice" value of 10. We can specify a niceness value as high as 19. This is accomplished by using the "-n" parameter: nice -n 19 md5sum Fedora-28.iso We have written about nice before and have examples for using nice and adjusting the niceness of a program that is already running. * * * * * While the nice command reduces the priority of programs which want to use our CPU, it does not do a lot to reduce the amount of disk input/output (I/O) a process uses. When we have a program that does not perform a lot of number crunching, but does read data frequently from the disk, then we need a different tool. The ionice command works in a very similar fashion to nice, but forces processes to stay out of the way when accessing the hard drive. This is especially useful if we have a background program that constantly indexes files. We probably do not care how long the indexing takes, but we want to keep it from making other programs lock up when accessing the disk.



The ionice command is typically used to either launch a new program or force a running program to be more polite. Here we run a backup job, using the rsync program, and force it to only access our files when the disk is idle. This is accomplished by using the "-c" flag and passing the number 3, which means the process has a low or "idle" priority. ionice -c 3 rsync -a ~/Documents/ ~/Backups/ To adjust the I/O niceness of a running program we need to pass its process ID number (PID) to ionice. If my rsync program from the past example needs a lower priority and has a PID of 1234 we can adjust it like this using the "-p" flag: ionice -c 3 -p 1234 * * * * * While the nice command will make a process be polite and not use up too much of our CPU's time when there are other processes competing for CPU cycles, nice will not throttle the total amount of CPU cycles a process uses. The nice command prevents one process from getting in the way of others, but it does not prevent one lone process from using up all the CPU cycles available if it has no competition. Put another way, if you are running 20 different programs, nice will force one to step aside, giving the others priority. But if we are running just one active task then it has no competition and can use up 100% of our CPU's time.



Sometimes we want to limit a process's CPU usage so that our CPU doesn't get hot, or so that one process will never use more than 50% of our CPU's time in case something else wants to run later. We can do this with a tool called cpulimit.



The cpulimit command basically throttles a task so that it does not use more than a given amount of CPU time. We can launch Thunderbird and tell it to only use half of our CPU's resources by running: cpulimit -l 50 thunderbird The "-l" flag specifies a limit, in this case 50%. We can limit an existing process using its PID by providing the "-p" flag. A process with PID 1234 can be limited as follows: cpulimit -l 50 -p 1234 We have talked about cpulimit and provided more examples of it in use in a past issue. * * * * * So far we have covered limiting competition for the CPU, throttling processes so they do not take up too many CPU cycles and forcing processes to limit their disk input/output. Another key resource on any system is memory. There are a number of tools which prevent tasks from using too much RAM, and one of them is earlyoom, which stands for Early Out Of Memory. The earlyoom utility monitors the amount of memory and swap space currently available. If the amount dips below a certain amount (usually 10% of both, by default) then earlyoom tries to trigger the termination of the process which is using too much memory.



While earlyoom does not target one specific process, it will try to kill off the program which is using the most memory, freeing up RAM for the remaining processes. Generally, earlyoom waits until memory and swap are nearly full before terminating any programs. The earlyoom program can be run directly by a user, but is typically set up as a service which starts up automatically in the background and monitors the system without user intervention. This way if any user launches a program, such as a web browser, that misbehaves and consumes a lot of RAM the program will be shut down automatically without the user needing to do anything. This is particularly useful when we consider systems with full RAM and swap often become unresponsive and it may not be possible for the user to run new commands while the system juggles swap space. * * * * * There are a lot of Linux tools for dealing with aggressive or resource-heavy processes. The above utilities can be used, separately or together, to keep programs from consuming too many resources or interfering with desktop performance. The trick is matching the right tool with the resource or performance issue being addressed. * * * * * Additional tips can be found in our Tips and Tricks archive.





Released Last Week

Zorin OS 12.4



Zorin OS is an Ubuntu-based distribution which strives to provide a desktop interface that will look familiar to Windows users. The project has published an update to the distribution's 12.x series, offering improved hardware support and bug fixes. The release announcement for Zorin OS 12.4 states: " We are pleased to announce the release of Zorin OS 12.4. This new release brings together the latest software updates, bug fixes, performance enhancements and hardware support out of the box. Zorin OS 12.4 introduces an updated hardware enablement stack. The newly-included Linux kernel 4.15, as well as an updated X server graphics stack, add compatibility for newer computers and hardware in Zorin OS. In addition, new patches for system vulnerabilities are included in this release, so you can have the peace of mind knowing that you're using the most secure version of Zorin OS ever. After installing Zorin OS 12.4, you will have the latest versions of the pre-installed packages. That means fewer software updates will need to be downloaded after installing Zorin OS onto your computer. All editions of Zorin OS 12.4 - Core, Lite, Ultimate, and Business - are available to download immediately. "



Quirky 8.6



Barry Kauler has announced the release of a new version of the lightweight Quirky distribution. The new version, Quirky 8.6, is based on Ubuntu 16.04 LTS and contains mostly bug fixes and minor improvements over previous 8.x releases. " Quirky Linux 8.6 is the latest in the 'Xerus' series, binary-compatible with x86_64 Ubuntu 16.04.5 LTS, though built with woofQ and architecturally very different from Ubuntu. Quirky is an experimental distribution, that forked from Puppy Linux a few years ago, and has followed a different path, exploring some new ideas. Continuing the Puppy tradition, Quirky has a 'complete' suite of applications, drivers and utilities, in a very small size. Version 8.6 is an incremental upgrade from 8.5, with package upgrades and architectural improvements. The SeaMonkey web browser is now 2.49.4 and the Linux kernel 4.14.63. EasyShare, simple network file and printer sharing, continues to evolve, and now supports connection to an Android phone. " Further information can be found in the distribution's release announcement and in the release notes. * * * * * Development, unannounced and minor bug-fix releases

Slackel 7.1-beta1

Clonezilla Live 2.5.6-21

SmartOS 20180816

Container Linux 1800.7.0

GParted Live 0.32.0-beta1

FreeBSD 12.0-ALPHA2

Tails 3.9-rc1

Torrent Corner

Upcoming Releases and Announcements

Opinion Poll

Limiting process resource usage In our Tips and Tricks column this week we discussed various ways users can limit resource usage of applications. This can keep the system running smoothly when an ambitious program tries to gobble up too many resources. We would like to know how many of our readers use resource limiting tools to keep runaway processes in check.



You can see the results of our previous poll on whether to review Linux Mint Debian Edition 3 in last week's edition. All previous poll results can be found in our poll archives.



Limiting process resource usage



I limit processes using tools listed in the article: 99 (10%) I limit processes using tools not listed in the article: 28 (3%) I use a combination of tools listed along with others: 36 (4%) I do not limit process resource usage: 829 (84%)

DistroWatch.com News