Unix « Doug’s Blog

Archive for the ‘Unix’ Category

Upgrading to Fedora 15 (Lovelock)

Tuesday, September 13th, 2011

After playing damn whack-a-mole with the annoying “want to upgrade?” popup that my Fedora 13 install was throwing at me on a daily basis for months, I finally am upgrading to Fedora 15. I decided to jump right to 15 instead of 14, because why go halfway? And, who wouldn’t jump at installing a release with such a catchy code name.

If you review the past code names for Fedora, you get the idea that the people making them went from being alcoholics, to Twilight fans, to gassy historians, to Nasa enthusiasts, to Bachelor-Pad viewers who like the letter “L”.

But I digress.

Outside of some sys admin changes that can throw you for a loop if you are used to core things not changing, the system feels the same which is nice. One GREAT thing is that I didn’t have to adjust anything for my 3 screens/monitors configuration to still work!

One oddity is that Thunderbird 6 (I had thunderbird 3 previously) seems to run slow, so I am investigating plugins/settings to see what can be done.

Tags: fedora15, lovelock
Posted in Unix | No Comments »

Webmin PCI Compliance

Tuesday, July 26th, 2011

PCI compliance! Just the phrase is enough to ruin one’s day. But fear not, here is some handy info on what I’ve learned.

For Webmin, you should:

Go to Webmin -> Webmin Configuration -> SSL Encryption
Enter this into Allowed SSL Ciphers field: “ALL:!ADH:!LOW:!MEDIUM:!SSLv2:!EXP:+HIGH”
Set SSL protocol version to “3″

You can check from the command line to make sure SSL-2 is not allowed via:

openssl s_client -connect localhost:10000 -ssl2

and you should get a line that has “error” in it to verify.

Tags: pci compliance, weak cipher, webmin
Posted in Unix | No Comments »

Running root commands in PHP via Apache

Friday, April 29th, 2011

I have a web application that needs to perform shells commands as root within a PHP function, and you would think that would be pretty straight forward… but it did take my a few googles to get all the details, so here are my handy notes on it. This is on a Linux system running Apache, and we’ll be using “sudo” within “shell_exec” to run the commands.

The main thing is to edit the /etc/sudoers file, and typically you can (as root) use the ”visudo” command to do so.

Make sure apache can run commands, AND not require a password:

apache ALL=(ALL) NOPASSWD: ALL

Then you need to comment out this line:

#Defaults requiretty

If you don’t, then you will see these errors in /var/log/secure: “sorry, you must have a tty to run sudo”. Now you are ready to go, and the PHP code is simple:

$results = shell_exec(‘sudo date’);

Tags: shell_exec, sudoers
Posted in Unix, Websites | No Comments »

SquirrelMail working with change_sqlpass

Thursday, March 3rd, 2011

I installed SquirrelMail 1.4.21 the other day, and I wanted to add the plugin for password changes. I chose the one that works with MySQL, since I use Dovecot with the MySQL option for users/passwords.

I downloaded the change_sqlpass plugin, and ran into an issue where once the user changed the password, it gave an error “Your session has expired, but will be resumed after logging in again.”

I had to dig around to find some patches people recommended to use, but that plugin download is over 5 years old and has not been updated with it! You basically need to update one file, “functions.php”, so I have done so and you can just grab it here.

Tags: change_sqlpass, squirrelmail
Posted in Unix | No Comments »

Pure-FTPd is good

Thursday, January 20th, 2011

I sure do like pure-ftpd, it chroots user logins so they can’t chdir all over the place, and is easy to configure and use.

I did have one case lately where I would connect in and it would hang while “entering passive mode”. It turns out I needed to add some extra stuff into iptables. This did the trick:

-A RH-Firewall-1-INPUT -p udp -m udp –dport 20 -j ACCEPT

-A RH-Firewall-1-INPUT -p tcp -m tcp –dport 20 -j ACCEPT

-A RH-Firewall-1-INPUT -p tcp -m tcp –dport 21 -m recent –set –name FTP –rdest -j ACCEPT

-A RH-Firewall-1-INPUT -p tcp -m tcp –dport 1024:65535 -m recent –rcheck –seconds 9800 –name FTP –rdest -j ACCEPT

-A RH-Firewall-1-INPUT -p udp -m udp –dport 20 -j ACCEPT -A RH-Firewall-1-INPUT -p tcp -m tcp –dport 20 -j ACCEPT -A RH-Firewall-1-INPUT -p tcp -m tcp –dport 21 -m recent –set –name FTP –rdest -j ACCEPT -A RH-Firewall-1-INPUT -p tcp -m tcp –dport 1024:65535 -m recent –rcheck –seconds 9800 –name FTP –rdest -j ACCEPT

Tags: ftp hanging, iptables, passive mode, pure-ftpd
Posted in Unix | No Comments »

SVN in chroot says you don’t exist

Wednesday, September 29th, 2010

You may one day set up a chroot environment and find you get this message when you try to ssh or use svn (using ssh):

You don’t exist, go away!

svn: Connection closed unexpectedly

In addition to my assurance that you do indeed exist in the universe, let me tell you how I fixed it.

Check your chroot /etc to make sure passwd and shadow exist for your user and the IDs are correct.

Then, note that when svn does a repository connection it uses libnss_files.so which can require proper DNS resolution. In my case, I had to add the repository domain name into the chroot /etc/hosts file.

Then I existed in more ways than one.

Tags: ssh, svn
Posted in Unix | No Comments »

Fedora13 kernel update breaks video

Friday, September 10th, 2010

I did my usual old “yum update” the other day and it hosed up my video upon reboot!

Never fear, it is a known problem, and has probably already been fixed by the time you read this.

But one thing I learned is that you should have akmod installed so the system will be smart and use a previous video driver if it fails. To do this, all I needed to do was:

yum install akmod-nvidia

then, on reboot, it was all working again.

[Update]

One thing to note is that when you do a yum update, make sure if there is a new kernel that there is a corresponding nvidia update for it! If not, then DO NOT yum update, and try again in a day or so. Eventually there will be a matching nvidia update and you are safe to update. Example:

Installing:

kernel x86_64 2.6.34.9-69.fc13 updates 22 M

kernel-devel x86_64 2.6.34.9-69.fc13 updates 6.4 M

Removing:

kernel x86_64 2.6.34.7-63.fc13 @updates 102 M

kernel-devel x86_64 2.6.34.7-63.fc13 @updates 23 M

Installing for dependencies:

kmod-nvidia-2.6.34.9-69.fc13.x86_64 x86_64 1:260.19.36-1.fc13.3 rpmfusion-nonfree-updates 2.8 M

Removing for dependencies:

kmod-nvidia-2.6.34.7-63.fc13.x86_64 x86_64 1:260.19.29-1.fc13 @rpmfusion-nonfree-updates 12 M

Tags: 2.6.34.6-54, kernel, nvidia
Posted in Hardware, Unix | No Comments »

KDE won’t start in Fedora 13

Tuesday, July 6th, 2010

I ran a yum update on my Fedora13 install the other day, and then when I booted back up and logged in, my KDE would not start! It would start to show the login screen, but once I did a login, it blacked out and went back to the login screen again.

Upon checking my .xsession-error file, I saw:

ksmserver: smybol lookup error: /usr/lib64/libGL.so.1: undefined symbol: _nv000027gl

It took a little looking around, but basically to fix this, you need to point to a proper Nvidia driver file. I ended up removing the old link and making a new one. My machine is x64, hence the lib64 directory instead of just lib:

root{/usr/lib64}: rm libGL.so.1
root{/usr/lib64}: ln -s nvidia/libGL.so.1 libGL.so.1

That did the trick!

Tags: kde problem, ksmserver, libgl, nvidia drivers
Posted in Unix | 1 Comment »

Fedora 13 and Nvidia

Saturday, June 5th, 2010

Now that I got my new system running Fedora 13, I needed to configure my Nvidia card to support my two monitors.

It was pretty straightforward, and I found a post that does an excellent job of summarizing it at http://fedorasolved.org/video-solutions/nvidia-yum-kmod

I will comment on one thing though – when I did the install, I used the basic kernel for my i686 32-bit CPU. I found that my 4 GB of RAM only showed up in the system information page as 2.7 GB! I looked into this a bit, and it turns out that if you want greater than 3GB of memory supported, you need to have a 64-bit machine, OR you can handle this in software with the PAE kernel.

PAE stands for “Physical Address Extension” and all you have to do in install the PAE kernel, and then also the PAE Nvidia modules, and everything will work fine!

I know have my machine up with 8GB of RAM and working perfect! I read that the PAE kernel will cause a performance hit (sort of like doing RAID via software versus hardware I suppose), but I don’t see anything like that on my system.

Tags: fedora 13, nvidia, pae kernel
Posted in Hardware, Unix | No Comments »

Installing Fedora 13

Saturday, May 29th, 2010

I was readying my nice new home Linux server/desktop for Fedora 12 when I realized I only had to wait a few more days for Fedora 13. Sounded good!

My new server has a nice Coolermaster case that can hold 10 drives, and has a 1100 Watt power supply. I really like the case, it makes putting in drives a snap, plus the cable wiring went very well. Plus the thing is made of cool brushed aluminum. Who can argue with that?

I was re-commissioning this server after having used it as a gaming Windows machine for a bit. So it had dual NVidia SLI cards (GeForce 8800 Ultra) in it. When I first booted up the LiveCD, it got kernel errors that didn’t really track down to anything that was helpful. It would boot up but then freeze after a few minutes.

I tried the DVD install, and that got the same results. After much head scratching and googling, I tried removing one of the Nvidia cards. I was planning on only using 2 monitors anyway, and each card had 2 DVI outputs. This did the trick!

Next up, I had to run keyboard/mouse cables to my home office. I like to keep the actual computer down in my server room in the basement, it keeps my office nice and quiet. But I found that my 100 foot run for my PS/2 mouse didn’t work! My mouse is a Logitech MX310 that is really USB but I use a PS/2 converter on it so I can use a long cable run. This had been working fine on my previous Linux installations.

I found that the mouse would work fine if directly attached, so it was a distance issue! Which is odd, since on my old server it worked fine, and the cable was the same. I ended up using an USB extender device that I had bought years ago and never needed. It uses ethernet cable in between two adapters so you can have a long USB run. This did the trick! The brand is “coolgear” and I forget where I got it.

Next up: Getting Nvidia working on Fedora 13

Tags: fedora 13, logitech mx310, nvidia
Posted in Hardware, Unix | No Comments »

Doug’s Blog