System

🔐 Intro As an experienced sysadmin, you might be familiar with the traditional “all-or-nothing” approach: if a shell or process is running with UID==0, it can do almost everything on a system; while a plain user process is restricted by some means: tipically it can’t open RAW sockets, can’t bind “privileged” ports under 1024, can’t change a file ownership and so on. Linux capabilities is a feature, gradually introduced starting from kernel 2.2, that permits a more fine-grained control over privileged operations, breaking the traditional binary root/non-root distinction. Just as by using sudo we can run specific commands as another user (even root), without permanently becoming that user, by using capabilities, we can grant a program only certain privileges without having to run it as root. ...

🌡️ Intro For those running a datacenter, or just a simple homelab server, the arrival of summer heat means an increase in air conditioning use. On this post I asked myself how a Linux engineer can measure how much energy is the system consuming so we can start to reason about workload optimization for better power consumption patterns. 🔋 Idle power drain As a starting point, let’s measure how much power my PC is consuming when idle, doing absolutely nothing; or better: nothing useful for computation or service but just running usual, default operating system tasks. ...