Spin up HDD in PUIS mode and wipe drive for new placement

Moved Linux Systems Guides
  • Recently I came across an older DVR unit, taking into consideration I’m not one to pass up an opportunity to harvest tech, so I took the liberties I had been granted.

    Just want the commands and take your chances? Skip down beyond my rambling.

    Not much useful inside most of these units, but there was a mechanical HDD.

    The drive is a WD5000AVVS, after a bit of googling around, I found Western Digital made these specifically for a DVR application. In other words, not really made to support a desktop environment. No reason to let that stop me from adding it for basic storage.

    The drive was utilizing PUIS or Power [Up In Standby] , something WD came up with themselves, from the wiki:

    Power-up in standby (PUIS) or power management 2 mode (PM2; Western Digital specific) is a SATA or Parallel ATA (aka PATA) hard disk configuration which prevents the drive from automatic spinup when power is applied. The spinup occurs later by an ATA command, only when the disk is needed, to conserve electric power[dubious – discuss] and to avoid a power consumption peak caused by a simultaneous spin-up of multiple disks.

    Useful tip: Since the drive will not power up on boot, I had to connect the drive to a raid controller to get it to spin up. I’m sure there are other means, such as issuing ATA commands.

    Set PUIS mode on Western Digital Hard Drive

    Enter the hdparm command , for help on commands just type in:

    hdparm - get/set hard disk parameters - version v9.43, by Mark Lord.
    Usage:  hdparm  [options] [device ...]
     -a   Get/set fs readahead
     -A   Get/set the drive look-ahead flag (0/1)
     -b   Get/set bus state (0 == off, 1 == on, 2 == tristate)
     -B   Set Advanced Power Management setting (1-255)
     -c   Get/set IDE 32-bit IO setting
     -C   Check drive power mode status
     -d   Get/set using_dma flag
     -D   Enable/disable drive defect management
     -E   Set cd/dvd drive speed
     -f   Flush buffer cache for device on exit
     -F   Flush drive write cache
     -g   Display drive geometry
     -h   Display terse usage information
     -H   Read temperature from drive (Hitachi only)
     -i   Display drive identification
     -I   Detailed/current information directly from drive
     -J   Get/set Western DIgital "Idle3" timeout for a WDC "Green" drive (DANGEROUS)
     -k   Get/set keep_settings_over_reset flag (0/1)
     -K   Set drive keep_features_over_reset flag (0/1)
     -L   Set drive doorlock (0/1) (removable harddisks only)
     -m   Get/set multiple sector count
     -M   Get/set acoustic management (0-254, 128: quiet, 254: fast)
     -n   Get/set ignore-write-errors flag (0/1)
     -N   Get/set max visible number of sectors (HPA) (VERY DANGEROUS)
     -p   Set PIO mode on IDE interface chipset (0,1,2,3,4,...)
     -P   Set drive prefetch count
     -q   Change next setting quietly
     -Q   Get/set DMA queue_depth (if supported)
     -r   Get/set device readonly flag (DANGEROUS to set)
     -R   Get/set device write-read-verify flag
     -s   Set power-up in standby flag (0/1) (DANGEROUS)
     -S   Set standby (spindown) timeout
     -t   Perform device read timings
     -T   Perform cache read timings
     -u   Get/set unmaskirq flag (0/1)
     -U   Obsolete
     -v   Use defaults; same as -acdgkmur for IDE drives
     -V   Display program version and exit immediately
     -w   Perform device reset (DANGEROUS)
     -W   Get/set drive write-caching flag (0/1)
     -x   Obsolete
     -X   Set IDE xfer mode (DANGEROUS)
     -y   Put drive in standby mode
     -Y   Put drive to sleep
     -z   Re-read partition table
     -Z   Disable Seagate auto-powersaving mode
     --dco-freeze      Freeze/lock current device configuration until next power cycle
     --dco-identify    Read/dump device configuration identify data
     --dco-restore     Reset device configuration back to factory defaults
     --direct          Use O_DIRECT to bypass page cache for timings
     --drq-hsm-error   Crash system with a "stuck DRQ" error (VERY DANGEROUS)
     --fallocate       Create a file without writing data to disk
     --fibmap          Show device extents (and fragmentation) for a file
     --fwdownload            Download firmware file to drive (EXTREMELY DANGEROUS)
     --fwdownload-mode3      Download firmware using min-size segments (EXTREMELY DANGEROUS)
     --fwdownload-mode3-max  Download firmware using max-size segments (EXTREMELY DANGEROUS)
     --fwdownload-mode7      Download firmware using a single segment (EXTREMELY DANGEROUS)
     --idle-immediate  Idle drive immediately
     --idle-unload     Idle immediately and unload heads
     --Istdin          Read identify data from stdin as ASCII hex
     --Istdout         Write identify data to stdout as ASCII hex
     --make-bad-sector Deliberately corrupt a sector directly on the media (VERY DANGEROUS)
     --offset          use with -t, to begin timings at given offset (in GiB) from start of drive
     --prefer-ata12    Use 12-byte (instead of 16-byte) SAT commands when possible
     --read-sector     Read and dump (in hex) a sector directly from the media
     --security-help   Display help for ATA security commands
     --trim-sector-ranges        Tell SSD firmware to discard unneeded data sectors: lba:count ..
     --trim-sector-ranges-stdin  Same as above, but reads lba:count pairs from stdin
     --verbose         Display extra diagnostics from some commands
     --write-sector    Repair/overwrite a (possibly bad) sector directly on the media (VERY DANGEROUS)

    As we can see, there is a command we can utilize to change the PUIS setting of the drive:

    hdparm -s

    Of course you must enter the device name you wish to change the settings on. So we can use:


    The lsblk command will list all block devices in the system

    Which in this case spits out the following:

    sda      8:0    0 465.8G  0 disk 
    └─sda1   8:1    0 465.8G  0 part 
    sdb      8:16   0 465.8G  0 disk 
    └─sdb1   8:17   0 465.8G  0 part /media/rick/WD500GB
    sdc      8:32   0 465.8G  0 disk 
    └─sdc2   8:34   0     1K  0 part

    This is now that the drive is finished, formatted and partitioned in the system. Sometimes you’ll need a bit more data to make the choice as to which drive you’ll be schnookering.

    So we can use lsblk flags as well.

    lsblk --output MODE,NAME,FSTYPE,LABEL,UUID

    Which spits out the following infos:

    MODE       NAME   FSTYPE          LABEL   UUID
    brw-rw---- sda    isw_raid_member         
    brw-rw---- └─sda1                         
    brw-rw---- sdb                            
    brw-rw---- └─sdb1 ext4            WD500GB 4e423629-51e8-41b3-a9be-9c9af4d31732
    brw-rw---- sdc    isw_raid_member         
    brw-rw---- └─sdc2 

    Well I know the two disks which say raid member are not it, and at this point there is only three block devices in the system, so I’ll use /dev/sdb

    If we look at the hdparm command to turn on or off PUIS, it states the two options which are 0/1 = Off or On

    So the command I’ll run on /dev/sdb to wake it up with hdparm is:

    hdparm -s 0 /dev/sdb

    Done with that jazz. The drive should spin up when powered on. Lest, we are not finished here. We should clean things up a bit.

    For simplicity I enjoy the shred command, plus it sounds serious, which it is.

    To find shred commands, we just run:

    shred --help

    Which pukes out this:

    Usage: shred [OPTION]... FILE...
    Overwrite the specified FILE(s) repeatedly, in order to make it harder
    for even very expensive hardware probing to recover the data.
    Mandatory arguments to long options are mandatory for short options too.
      -f, --force    change permissions to allow writing if necessary
      -n, --iterations=N  overwrite N times instead of the default (3)
          --random-source=FILE  get random bytes from FILE
      -s, --size=N   shred this many bytes (suffixes like K, M, G accepted)
      -u, --remove[=HOW]  truncate and remove file after overwriting; See below
      -v, --verbose  show progress
      -x, --exact    do not round file sizes up to the next full block;
                       this is the default for non-regular files
      -z, --zero     add a final overwrite with zeros to hide shredding
          --help     display this help and exit
          --version  output version information and exit

    Remember, this can be done on any drive, so everything and anything will be lost to the abyss forever. Pay attention to which drive letter / name you are using.

    The default pass is 25 times, yea, I’ve never needed a 25 pass random write scrub and I hope never to. So we can use the flag -n to limit how many passes shred does.

    I enjoy seeing output, so I’ll use the -v or, Verbose / noisy output flag as well.

    I also had no idea what permissions were set, so I used the -f or Force flag As stated, this changes permissions to allow for the write procedure if required.

    If your obsessive about keeping things straight, use the -z flag also, this will add one more pass after ‘shredding’ and write zero’s across the drive. Instead of having the drive look as if someone intentionally randomly repeatedly wrote ‘junk’ to it. Just make your bed.

    The command I used to wipe the drive was as follows:

    shred -n 5 -v -f -z /dev/sdb 

    Let the shredding begin, here is the initial output:

    shred: /dev/sdb: pass 1/6 (random)...
    shred: /dev/sdb: pass 1/6 (random)...330MiB/466GiB 0%
    shred: /dev/sdb: pass 1/6 (random)...687MiB/466GiB 0%
    shred: /dev/sdb: pass 1/6 (random)...1.0GiB/466GiB 0%
    shred: /dev/sdb: pass 1/6 (random)...1.3GiB/466GiB 0%
    shred: /dev/sdb: pass 1/6 (random)...1.7GiB/466GiB 0%
    shred: /dev/sdb: pass 1/6 (random)...2.1GiB/466GiB 0%
    shred: /dev/sdb: pass 1/6 (random)...2.4GiB/466GiB 0%
    shred: /dev/sdb: pass 1/6 (random)...2.8GiB/466GiB 0%
    shred: /dev/sdb: pass 1/6 (random)...3.1GiB/466GiB 0%

    And this goes on for quite some time. Notice we used the -n 5 flag, for five passes, yet we can see shred is currently on pass 1/6. Good, this means the last pass will be all zeros.

    Go do something else until your ready to format and partition the drive. Let it run!

  • For a more comprehensive or detailed guide, as to securely wiping a drive, visit nixCraft-how-do-i-permanently-erase-hard-disk

  • rickR

    Re: Set script to executable

    755 - Owner has all permissions, and Group and Other can read and execute 700 - Owner has all permissions 644 - Owner can read and write, and Group and Other can read 600 - Owner can read and write 775 - Owner can read and write, and Group and Other can read 770 - Owner and Group have all, and Other can read and execute 750 - Owner has all permissions, and Group can read and execute 664 - Owner and Group can read and write, and Other can just read 660 - Owner and Group can read and write 640 - Owner can read and write, and Group can read
    read more

  • rickR

    Re: Find or Locate a file or extension command line

    Install locate command linux: Use your sudo command!

    apt install mlocate


    apt-get install mlocate


    yum install mlocate

    Update the database:


    Depending on the size of the complete filesystem this could take a few minutes

    After the database has been populated:

    locate mariadb

    Where mariadb is the word your looking for

    read more

  • rickR

    These commands are if you are in the scripts directory! Changing permissions can be done from anywhere in the structure.

    Such as :

    chmod +x /opt/so-elastic-agent_linux_amd64

    Terminal chmod to executable :

    Permissions prior to chmod : chmod.png

    chmod +x so-elastic-agent_linux_amd64

    Permissions following chmod : chmod-x.png

    Then execute :


    Insure you are acting as the user you just gave permissions to (the file owner) or at least have sudo privileges

    To make the script un-executable:

    chmod -x so-elastic-agent_linux_amd64
    read more

  • rickR
    sudo apt install lsb-release ca-certificates curl -y

    GPG key and repo for php 7.4

    sudo curl -sSLo /usr/share/keyrings/deb.sury.org-php.gpg https://packages.sury.org/php/apt.gpg sudo sh -c 'echo "deb [signed-by=/usr/share/keyrings/deb.sury.org-php.gpg] https://packages.sury.org/php/ $(lsb_release -sc) main" > /etc/apt/sources.list.d/php.list'

    Update the system with the new repository in place

    sudo apt update

    Install the dependencies for OwnCloud (LAMP ect) Certbot, or LetsEncrypt is being installed as well, if you are using this installation in a public domain

    sudo apt install apache2 mariadb-server imagemagick certbot python3-certbot-apache smbclient redis-server unzip rsync libapache2-mod-php7.4 php7.4 php7.4-intl php7.4-mysql php7.4-mbstring php7.4-imagick php7.4-igbinary php7.4-gmp php7.4-bcmath php7.4-curl php7.4-gd php7.4-zip php7.4-imap php7.4-ldap php7.4-bz2 php7.4-ssh2 php7.4-common php7.4-json php7.4-xml php7.4-dev php7.4-apcu php7.4-redis libsmbclient-dev php-pear php-phpseclib

    Enable apache2 and then verify it’s status

    sudo systemctl is-enabled apache2 sudo systemctl status apache2

    oc-apache.png Enable MariaDB and verify status

    sudo systemctl is-enabled mariadb sudo systemctl status mariadb

    oc-maria.png Enable Redis and verify status

    sudo systemctl is-enabled redis sudo systemctl status redis


    Configure default php version

    sudo update-alternatives --config php

    oc-php-alternatives.png oc-php-ver.png

    Configure php OwnCloud dependencies

    sudo update-alternatives --set phar /usr/bin/phar7.4 sudo update-alternatives --set phar.phar /usr/bin/phar.phar7.4 sudo update-alternatives --set phpize /usr/bin/phpize7.4 sudo update-alternatives --set php-config /usr/bin/php-config7.4

    Upgrade Pear to OwnCloud4 requirements

    sudo mkdir -p /tmp/pear/cache sudo pear upgrade --force --alldeps http://pear.php.net/get/PEAR-1.10.13


    sudo pear clear-cache sudo pear update-channels sudo pear upgrade --force sudo pear upgrade-all

    Verify Pear version

    pear version


    Configure MariaDB

    sudo mariadb-secure-installation


    Log into MariaDB

    sudo mariadb -u root -p

    Create the OwnCloud database:

    This is where many go wrong, we do not use ‘password’ we replace password, with our own password.

    CREATE DATABASE owncloud;

    We just created a database with the name owncloud

    CREATE USER IF NOT EXISTS 'owncloud'@'localhost' IDENTIFIED BY 'password';

    We just created a database user called owncloud

    GRANT ALL PRIVILEGES ON owncloud.* TO 'owncloud'@'localhost' WITH GRANT OPTION;

    We just allowed user owncloud, full privileges on database owncloud


    Now verify what we have just done:

    SHOW GRANTS FOR 'owncloud'@'localhost';

    You can see below I named this database ‘oc’ and the ‘oc’ user has privileges on database ‘owncloud’



    wget the OwnCloud source

    cd /var/www wget https://download.owncloud.com/server/stable/owncloud-complete-latest.tar.bz2

    Grab sha256 to verify the download

    wget https://download.owncloud.com/server/stable/owncloud-complete-latest.tar.bz2.sha256

    BEFORE installing, verify if the download of OwnCloud matches what the OwnCloud team wanted you to have, this is important always.

    sudo sha256sum -c owncloud-complete-latest.tar.bz2.sha256 < owncloud-complete-latest.tar.bz2

    Out put should say ‘OK’ if everything matches.

    Change ownership of the directory to www-data user.

    sudo chown -R www-data:www-data /var/www/owncloud

    Configure Vhost for OwnCloud

    This will open a new file in 'sites-available and name this file ‘owncloud.conf’

    Change the ServerName and ServerAlias, as well as log file names, to whatever your domain is. There are many ways to do this keep in mind.

    sudo nano /etc/apache2/sites-available/owncloud.conf <VirtualHost *:80> ServerName oc ServerAlias www.oc DocumentRoot /var/www/owncloud ErrorLog ${APACHE_LOG_DIR}/oc.io-error.log CustomLog ${APACHE_LOG_DIR}/oc.io-access.log combined Alias /owncloud "/var/www/owncloud/" <Directory /var/www/owncloud/> Options +FollowSymlinks AllowOverride All <IfModule mod_dav.c> Dav off </IfModule> SetEnv HOME /var/www/owncloud SetEnv HTTP_HOME /var/www/owncloud </Directory> </VirtualHost>

    Enable and verify the owncloud vhost

    sudo a2ensite owncloud.conf sudo apachectl configtest


    Now install OwnCloud

    Change the database name, user, and password to whatever you named the OwnCloud database earlier;

    Change the ‘admin user’ and ‘admin pass’ to whatever you want the new OwnCloud admin account to be.

    sudo -u www-data /var/www/owncloud/occ maintenance:install \ --database "mysql" \ --database-name "owncloud" \ --database-user "owncloud"\ --database-pass "password" \ --admin-user "admin" \ --admin-pass "your new owncloud admin password"

    Edit the OwnCloud config file to add the domain you used earlier in the Apache2 vhost file:

    sudo nano /var/www/owncloud/config/config.php 'trusted_domains' => array ( 0 => 'localhost', 1 => 'whatever your domain is goes here', ),

    Personally I restart the server at this point, which will restart all services. Then visit the domain / IP of your settings and you should see the OwnCloud login page. Use the credentials you setup for the admin user.

    System cron setting:

    sudo crontab -u www-data -e */15 * * * * /usr/bin/php -f /var/www/owncloud/occ system:cron

    Memcache with Redis we installed earlier:

    sudo nano /var/www/owncloud/config/config.php 'filelocking.enabled' => true, 'memcache.local' => '\OC\Memcache\APCu', 'memcache.locking' => '\OC\Memcache\Redis', 'redis' => [ 'host' => 'localhost', 'port' => 6379, ],

    Go restart the server again and enjoy!

    read more

  • rickR

    Comment out in=>

    /usr/lib/python3/dist-packages/middlewared/plugins/vm/vms.py # elif flags['intel_vmx']: # if vcpus > 1 and flags['unrestricted_guest'] is False: # verrors.add(f'{schema_name}.vcpus', 'Only one Virtual CPU is allowed in this system.') # elif flags['amd_rvi']: # if vcpus > 1 and flags['amd_asids'] is False: # verrors.add( # f'{schema_name}.vcpus', 'Only one virtual CPU is allowed in this system.' # )

    At this point we must comment out each time we update the system.

    read more