Join Log in
Score:0
GeraldIstar avatar Server

How to safety delete a package/software which wasn't installed via package manager

in flag
GeraldIstar

I have an old Ubuntu Linux 20 install. I recently found that I have a bunch of software that I installed before I started fully using package management and I can't remember the details of the installations. I tried via apt but it says that those packages are not installed.

I thought I might just delete the folders with the software, but guess that might cause problems, since some of the software launches on startup and I can't find where exactly that is configured.

I found the following "redundant"/unknown processes:

  • elasticsearch, "/usr/share/elasticsearch/jdk/bin/java" from user messagebu (sorry, name seems to be trimmed)
  • "/usr/bin/mono /usr/lib/hyperfastcgi/4.0/..." from user syslog
  • mysqld from user systemd-c
  • "/usr/bin/mono /usr/lib/mono/4.5/mono-service.exe" from user syslog

So, actually, I have three questions:

  1. Is it safe to just delete the folder with binaries for this software and all other stuff?
  2. How can I identify, where it's configured to be started on startup?
  3. What else I should know/do to safety delete it?

Thanks!

49
0 + 0
Michael avatar
sa flag
Michael
I want to encourage upvoting this question. This is a very common situation for people who have been beginners and have begun to learn serious system administration but need to clean up what they left behind. Doing that cleanup should be encouraged.
1
Reply
Score:2
Michael avatar Server
sa flag
Michael

If you follow attempt to manually remove the software as described in the other answers, it's worth having a look at the output of the command

sudo dpkg --verify

Which checks the integrity of your installed software packages. You will likely find a small number of files on your system that have been modified - probably configuration files you have changed - and you should attempt to understand each of those and possibly fix any ones that seem wrong.

0 + 0
Score:2
Michael avatar Server
sa flag
Michael

The answer depends on many details so Bob is correct and cleaning this up will be difficult. It's even possible that there is malware on your system and it may be very difficult to identify if that's true. Even if you are lucky and take care it's very likely that something gets left on your system which shouldn't be there and it might be a security risk, for example if you leave an old version of a library which doesn't get updated when needed.

The safe way to deal with this is to do a fresh install from scratch and from then on always use a package manager for all software installs. If you have a system that you have been learning on as a new administrator this is not a bad thing to do occasionally anyway. As you do your new install you can automate some of the work so that the next time everything goes faster.

Take a complete system backup to an offline disk as well as a separate copy of your own data before you do this of course. That way, if something goes wrong, you will be able to get back to a working state.

0 + 0
Score:2
avatar Server
cn flag
Bob

Is it safe to just delete the folder with binary for this process and all other stuff?

Yes. No. Maybe.

It really depends on how the vendor intended an application to be deployed and what an admin did when installing it.

Some applications (and all their dependencies) are indeed deployed in their own sub directory, which can be a single flat directory or a large sub directory tree, often mimicking the conventional Linux root file system, e.g. with an etc sub-directory containing configuration files, [s]bin for binaries, a var sub-directory containing data etc. etc.

If you didn't deploy any other applications in that same subdirectory ; deleting that will completely remove the application.

Possibly you adjusted the application config. Fairly typical adjustments to make are changing the persistent data and logging directories to elsewhere on your system.

How can I identify, where it's configured to be started on startup?

Fairly typical to see are services/daemon processes started by systemd as in the example below. In that case systemctl status should list the unit files and all processes started by those and systemctl -a and other switches can be useful too.

A tool like pstree can be quite useful to visualise parent child relations and see which process started what. When only systemd is used that will give very much similar output as systemctl status but when other mechanisms are used, this will usually give you an insight.

Then there are some more "obscure" methods, for example some people like to use the @reboot cron timestamp specification to have cron (re)start services after a reboot.

pstree -a

systemd --switched-root --system --deserialize 22
  ├─/usr/bin/spamd
  │   ├─spamd child
  │   └─spamd child
  ├─agetty --noclear tty1 linux
  ├─atd -f
  ├─auditd
  │   └─{auditd}
  ├─chronyd
  ├─crond -n
  ├─dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
  │   └─{dbus-daemon}
  ├─dhclient -1 -q -lf /var/lib/dhclient/dhclient--eth0.lease -pf /var/run/dhclient-eth0.pid -H server eth0
  ├─dovecot
  │   ├─anvil
  │   ├─auth
  │   ├─config
  │   ├─imap
  │   ├─imap-login
  │   └─log
  ├─fail2ban-server -s /usr/bin/fail2ban-server -xf start
  │   └─8*[{fail2ban-server}]
  ├─firewalld -Es /usr/sbin/firewalld --nofork --nopid
  │   └─{firewalld}
  ├─httpd -DFOREGROUND
  │   ├─httpd -DFOREGROUND
  │   ├─httpd -DFOREGROUND
  │   ├─rotatelogs -l /var/log/httpd/error_log.%Y.%m 86400
  │   ├─rotatelogs -l /var/log/httpd/access_log.%Y.%m 86400
  ├─master -w
  │   ├─anvil -l -t unix -u
  │   ├─pickup -l -t unix -u
  │   ├─proxymap -t unix -u
  │   ├─qmgr -l -t unix -u
  │   ├─smtpd -n smtp -t inet -u -o stress= -s 2
  │   └─tlsmgr -l -t unix -u
  ├─mms
  │   └─85*[{mms}]

The "master" process in that pstree list is a good example. That odd process name is actually postfix being started from the postfix.service systemd unit. That would be more easily found in the systemctl status output:

       └─system.slice
         ├─postfix.service
         │ ├─ 1110 /usr/libexec/postfix/master -w
         │ ├─ 1112 qmgr -l -t unix -u
         │ ├─ 1121 tlsmgr -l -t unix -u
         │ └─11508 pickup -l -t unix -u
         ├─spamass-milter.service
         │ └─1032 /usr/sbin/spamass-milter -g postfix -p /run/spamass-milter/postfix/sock

What else I should know/do to safety delete it?

Identify how a service is started and then stopping it is usually a good first approach.

Then get in the habit of not installing things from source, but use package managers or for example snap or run a container.

0 + 0
Michael avatar
sa flag
Michael
Bob, I like your answer, but could you please comment that, after removing the software, @GeraldIstar should look at the logs and startup messages to see if there are any errors and if so should investigate them. It might even be worth renaming the directory with the software and then looking at the logs to find out what problems that causes and then remove the references to the software.
2
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.