Over at AskApache they have an amazing article on nix permissions. The article goes into quite a bit of detail, but is defiantly worth the read in order to grasp one of the best features of any nix system.

Header over to AskApache to check it out

This was driving me batty. I had an issue with one of my linux webservers and it needed to be restored from a backup. Upon restoring the linux server I found my account that I had setup for sudo access no longer would accept the ’sudo su’ command or any sudo command for that matter. I was getting and error that read “Sorry, sudo must be setuid root“.

As I had removed the root account from accessing ssh I had to log into the physical server (lucky it’s just next to me!)

It turns out for some reason after the restore sudo had the wrong permissions.

To fix it was quite simple but took me ages to track down! (Helps if you know exactly what to search for)

I logged in as root and entered the following

chmod 4111 /usr/bin/sudo

All was fine in the land of oz after that!

Today I’ve run into a bit of an issue with one of the MySQL databases from one of the sites that I manage. I’m used to going about my merry way with phpMyAdmin and it’s trusty (?) export table feature but that is no longer an option with this Database.

It’s a Wordpress Mu (Multi-user) site that has well over 5,000 MySQL Database tables in it. PhpMyAdmin just could not handle an export of that size and timed out on me over and over again.

It’s time for some command line action!

So I loged into my server via SSH and entered in the mysqldump command only to be greeted by

mysqldump: Got error: 1016: Can't open file: './databasename/table.frm' (errno: 24) when using LOCK TABLES

Great!

So after some searching I found that this is a bug in MySQL and to get around it and dump (not Drop!) a large database I needed to use the following in my mysqldump command : –lock-tables=false.

So my final MySQL command looked like this

# mysqldump --add-drop-table -h 127.0.0.1 -u MyUsername -pMyPassword MyDatabase --lock-tables=false | gzip > backup.bak.sql.gz

I hope this helps someone else.

If there is a problem with the way I’m going about this please let me know of a better solution!

First I must say that I do not like the Vi editor – I’m a Nano man myself. I might not be hardcore Linux enough (yet) to really appreciate it. One of the things that drives me nuts about it is that its not intuitive or like any other editor- but i guess that’s what makes it so powerful!.

I came across this fanatic article by jbj over at Cats Who Code that details 100 Vi commands to help you get the most out of the editor and with there permission I’ve re produced it here.

Enjoy

Search

• /word Search “word” from top to bottom
• ?word Search “word” from bottom to top
• /jo[ha]n Search “john” or “joan”
• /\<theSearch “the”, “theatre” or “then”
• /the\> Search “the” or “breathe”
• /\< the\> Search “the”
• /\< ….\> Search all words of 4 letters
• /\/ Search “fred” but not “alfred” or “frederick”
• /fred\|joe Search “fred” or “joe”
• /\<\d\d\d\d\> Search exactly 4 digits
• /^\n\{3} Find 3 empty lines
• :bufdo /searchstr/ Search in all open files

Replace

• :%s/old/new/g Replace all occurences of “old” by “new” in file
• :%s/old/new/gw Replace all occurences with confirmation
• :2,35s/old/new/g Replace all occurences between lines 2 and 35
• :5,$s/old/new/g Replace all occurences from line 5 to EOF
• :%s/^/hello/g Replace the begining of each line by “hello”
• :%s/$/Harry/g Replace the end of each line by “Harry”
• :%s/onward/forward/gi Replace “onward” by “forward” , case unsensitive
• :%s/ *$//g Delete all white spaces
• :g/string/d Delete all lines containing “string”
• :v/string/d Delete all lines containing which didn’t contain “string”
• :s/Bill/Steve/ Replace the first occurence of “Bill” by “Steve” in current line
• :s/Bill/Steve/g Replace “Bill” by “Steve” in current line
• :%s/Bill/Steve/g Replace “Bill” by “Steve” in all the file
• :%s/\r//g Delete DOS carriage returns (^M)
• :%s/\r/\r/g Transform DOS carriage returns in returns
• :%s#<[^>]\+>##g Delete HTML tags but keeps text
• :%s/^\(.*\)\n\1$/\1/ Delete lines which appears twice
• Ctrl+a Increment number under the cursor
• Ctrl+x Decrement number under cursor
• ggVGg? Change text to Rot13

Case

• Vu Lowercase line
• VU Uppercase line
• g~~ Invert case
• vEU Switch word to uppercase
• vE~ Modify word case
• ggguG Set all text to lowercase
• :set ignorecase Ignore case in searches
• :set smartcase Ignore case in searches excepted if an uppercase letter is used
• :%s/\<./\u&/g Sets first letter of each word to uppercase
• :%s/\<./\l&/g Sets first letter of each word to lowercase
• :%s/.*/\u& Sets first letter of each line to uppercase
• :%s/.*/\l& Sets first letter of each line to lowercase

Read/Write files

• :1,10 w outfile Saves lines 1 to 10 in outfile
• :1,10 w >> outfile Appends lines 1 to 10 to outfile
• :r infile Insert the content of infile
• :23r infile Insert the content of infile under line 23

File explorer

• :e . Open integrated file explorer
• :Sex Split window and open integrated file explorer
• :browse e Graphical file explorer
• :ls List buffers
• :cd .. Move to parent directory
• :args List files
• :args *.php Open file list
• :grep expression *.php Returns a list of .php files contening expression
• gf Open file name under cursor

Interact with Unix

• :!pwd Execute the “pwd” unix command, then returns to Vi
• !!pwd Execute the “pwd” unix command and insert output in file
• :sh Temporary returns to Unix
• $exit Retourns to Vi

Alignment

• :%!fmt Align all lines
• !}fmt Align all lines at the current position
• 5!!fmt Align the next 5 lines

Tabs

• :tabnew Creates a new tab
• gt Show next tab
• :tabfirst Show first tab
• :tablast Show last tab
• :tabm n(position) Rearrange tabs
• :tabdo %s/foo/bar/g Execute a command in all tabs
• :tab ball Puts all open files in tabs

Window spliting

• :e filename Edit filename in current window
• :split filename Split the window and open filename
• ctrl-w up arrow Puts cursor in top window
• ctrl-w ctrl-w Puts cursor in next window
• ctrl-w_ Maximise current window
• ctrl-w= Gives the same size to all windows
• 10 ctrl-w+ Add 10 lines to current window
• :vsplit file Split window vertically
• :sview file Same as :split in readonly mode
• :hide Close current window
• :only Close all windows, excepted current
• :b 2 Open #2 in this window

Auto-completion

• Ctrl+n Ctrl+p (in insert mode) Complete word
• Ctrl+x Ctrl+l Complete line
• :set dictionary=dict Define dict as a dictionnary
• Ctrl+x Ctrl+k Complete with dictionnary

Marks

• mk Marks current position as k
• ‘k Moves cursor to mark k
• d’k Delete all until mark k

Abbreviations

• :ab mail mail@provider.org Define mail as abbreviation of mail@provider.org

Text indent

• :set autoindent Turn on auto-indent
• :set smartindent Turn on intelligent auto-indent
• :set shiftwidth=4 Defines 4 spaces as indent size
• ctrl-t, ctrl-d Indent/un-indent in insert mode
• >> Indent
• << Un-indent

Syntax highlighting

• :syntax on Turn on syntax highlighting
• :syntax off Turn off syntax highlighting
• :set syntax=perl Force syntax highlighting

I’ve been asked here on my blog about creating user accounts and giving them access to folders such as /var/www or creating ftp users that link to a single folder. That was quite a while ago. Since then i have picked up quite a bit about user management and thought that i would let you in on my findings.

In Part 1 I’m going to show you how to add and manage user accounts. Learning these features has been a critical part of efficiently managing the 10+ Linux servers.

In order to create new logins, modify or delete users, you must already be logged in as sudo user. The sudo user login is the highest level (assuming you have the root account disabled) and only certain individuals should have access to a sudo account.

useradd – Adding a new user

Each user must belong to a primary group and for security or access purposes can belong to several secondary groups.

Options:

• -d home directory
• -s starting program (shell)
• -p password
• -g (primary group assigned to the users eg -gwww-data (note no space between the -g and www-data)
• -G (Other groups the user belongs to eg -Gusers (note no space between the -g and users)
• -m (Create the user’s home directory

usermod – Modifying existing user

Options:

• -d home directory
• -s starting program (shell)
• -p password
• -g (primary group assigned to the users)
• -G (Other groups the user belongs to)

userdel – Deleting a user

Options:

• -r (remove home directory)

Example: To remove the user ‘rebecca’ and his home directory

userdel -r rebecca

passwd – User’s Password

Options:

• user’s name (Only required if you are root and want to change another user’s password)

Example: To change the password for the account you are currently logged in as…

1. passwd
2. Enter existing password
3. Enter new password
4. Enter new password again (to validate)

Example: To change the password for the user ‘mark’ (only you are logged in as a sudo user)…

1. passwd mark
2. Enter existing password (can be either marks’s password or sudoer’s password)
3. Enter new password
4. Enter new password again (to validate)

Where user and group information stored

User names and primary groups are stored in /etc/passwd. This file can be directly edited using the ‘vi’ editor, although this is not recommended. Format of the file is…

• User name (normally all lower case)
• Password (encrypted – only contains the letter ‘x’)
• User ID (a unique number of each user)
• Primary Group ID
• Comment (Normally the person’s full name)
• Home directory (normally /home/
• Default shell (normally /bin/bash)

Each field is separated by a colon.

Passwords for each user are stored in /etc/shadow. This file should only be changed using the passwd command.

Group information is stored in /etc/group. This file can be directly edited using the ‘vi’ editor. Format of the file is…

• Group name
• Group password (hardly ever used)
• Group ID
• User names (separated by commas)

Each field is separated by a colon.

Default files

When a new user is created, the default files and directories that are created are stored in /etc/skel.

This directory can be modified to fit your needs. Modifications only effect new users and does not change anything for existing users.

su – Switch User

To switch to another user, use the su command. This is most commonly used to switch to the root account.

Example: To switch to root account…

1. su
2. Enter root’s passwd

Example: To switch to the user ‘rebecca’…

su rebecca

Enter Rebecca’s or the sudoer’s passwd

To return to original user, enter exit

Well there you go. In Part 2 I’m going to go over how to add users for the web folders including FTP users that are limited to their home folder.

On my quest of knowledge of GNU/Linux, most specifically Ubuntu Server one of the things I’m contently look at is security. I’ve known for some time that Linux is by far a more secure platform than Windows or OS X but a system is only as secure as the user using it.

What i want to cover in this post is the ability to gain entry to your server via SSH and the default root account. As i said, Linux is very secure but if you have a password such as your dogs name “Fluffy” it’s not going to be at all hard for a would be attacker to gain entry via brute force – especially if they already know the user name (root)

So what do we do. We’ll we disable root from being able to log into the server via SSH.

So let’s get started.

Login to your server (presumably you’ll be using your root account or you won’t be reading this article)

ssh -l root host.name

next, we want to edit the SSH config file so fire up nano (or vi) so we can edit the file

nano -w /etc/ssh/sshd_config

Find the following section

# PermitRootLogin yes

and change it to

PermitRootLogin no

(note that we’ve removed the hash ‘#’ and also added ‘no’ at the end)

Hit Ctrl+X and save the file as you exit. So now root can’t login via SSH. Great you say but now how to I get myself in there to edit stuff? We need to add a new user who’ll have sudo privleges thats what.

So, to add a new user enter the following

useradd UserName -g wheel

This will add a new user to the wheel usergroup. Remember to change UserName for your new user name (duh)

Now set a password for the new account

passwd UserName

This is really important. Make sure that you chose a strong password. Fluffy is not considered strong by any stretch of the imagination. Click this URL for a list of random generated strong passwords (there will never be the same password twice. Refresh it and see!)

Now we need to adjust the sudoers file so that users on the wheel account can access su features.

nano -w /etc/sudoers

Find the line

# Uncomment to allow people in group wheel to run all commands
# %wheel  ALL=(ALL)       ALL

And uncomment the last line so it reads

# Uncomment to allow people in group wheel to run all commands
%wheel  ALL=(ALL)       ALL

Hit Ctrl+x to exit and save the file. And then at the prompt enter

service sshd restart

If you’ve done it all correctly, the next time you try and log in as root you should receive an error message like this “Permission denied, please try again.” You should now be able to log in with your new user name and password.

So now your in, you want to preform something that requires root access all you need to do is enter

sudo su

You’ll then be asked for you password and once entered in correctly you’ll be logged in with root privileges until you end the session or type exit.

How good is that!

Have fun

I also had this problem with Plesk servers. Upgrading the default MySQL4 instal to version 5 always gave me issues with the Privilege Tables and i could never get the command, mysql_fix_privilege_tables, to run – it would never accept my password.

I little bit of searching and i came across a page entitles ‘Upgrade to PHP5 and MySQL 4.1x on (dv) 2.0 Dedicated Virtual Servers‘ and it worked like a charm for me!

Here is the bit i needed

/usr/bin/mysql_fix_privilege_tables --user=admin --password=`cat /etc/psa/.psa.shadow`

All done :)

I must admit that I do have a soft spot for OSX and Apple in general. I’m a designer after all. But what I can’t stand is the ignorant, narrow minded, soulless, bad jumper wearing, Steve Jobs loving, Mac Book Air F*&^ tools that believe that there over priced white box is the greatest thing since sliced bread and that just buy owning one they are above all others.

Well, an article on allheadlinenews defaintly made me chuckle;

Vancouver, British Columbia (AHN)– The Linux running on a Sony Vaio remained undefeated at the end of a three-way computer hacking challenge Friday at the CanSecWest conference.Sponsors had wagered three laptops to anyone who could hack into one of the systems and run their own software. A $20,000 cash prize sweetened the deal.

The MacBook Air went first; Independent Security Evaluators’ Charlie Miller took the Mac after about two minutes work on Thursday. Miller took home $10,000, courtesy of 3Com’s TippingPoint division, in addition to the new laptop.

After two days of work, Shane Macaulay finally cracked the tiny Fujitsu laptop running Vista on Friday, with a little help from his friends.

Two minutes I tells ya! Two MINUTES!Do you know why you believe that the MAC is more secure? Because why would anyone in their right mind try to attack something that has only 4.3% of the market! Even Vista has a bigger market share (7.6%) then OSX and it’s a dog of an OS.

Put that in your white, incredibly aesthetic pipe and smoke it! :)

Writing 642-436 or 70-293 should not be complicated for a 70-294 student who has done neither 70-536 nor 650-393.

301 redirect is the most efficient and Search Engine Friendly method for webpage redirection. It’s not that hard to implement and it should preserve your search engine rankings for that particular page. If you have to change file names or move pages around, it’s the safest option. The code “301″ is interpreted as “moved permanently”. If been looking around for the ways on how to do this. So this is what i’ve found:

ASP.NET

1
2
3
4
5
6

<script runat="server">
private void Page_Load(object sender, System.EventArgs e){
Response.Status = "301 Moved Permanently";
Response.AddHeader("Location","http://www.new-url.com");
}
</script>

Classic ASP (ASP3.0)

1
2
3
4
5
6

<%@ Language=VBScript%>
<%
Response.Status="301 Moved Permanently"
Response.AddHeader "Location","http://www.new-url.com/"
Response.End
%>

PHP Redirect

1
2
3
4
5

<?php
Header( "HTTP/1.1 301 Moved Permanently" );
Header( "Location: http://www.new-url.com" );
exit();
?>

Redirect Old domain to New domain (htaccess redirect)

The code belew, which you place into a file called .htaccess in the root folder of your old domain, will ensure that all your directories and pages of your old domain will get correctly redirected to your new domain.

The .htaccess file needs to be placed in the root directory of your old website (i.e the same directory where your index file is placed)

1
2
3

Options +FollowSymLinks
RewriteEngine on
RewriteRule (.*) http://www.new-domain-name.com/$1 [R=301,L]

NOTE: REPLACE www.new-domain-name.com in the above code with your actual domain name.

NOTE: This .htaccess method of redirection works ONLY on Linux servers having the Apache Mod-Rewrite moduled enabled.

Redirect to www (htaccess redirect)

Create a .htaccess file with the below code, it will ensure that all requests coming in to domain.com will get redirected to www.domain.com

As with the last example, the .htaccess file needs to be placed in the root directory of your old website (i.e the same directory where your index file is placed)

1
2
3
4

Options +FollowSymlinks
RewriteEngine on
rewritecond %{http_host} ^domain.com [nc]
rewriterule ^(.*)$ http://www.domain.com/$1 [r=301,nc]

NOTE: Replace domain.com with your domain name

NOTE: Both of these last examples ONLY works on Linux servers having the Apache Mod-Rewrite moduled enabled.

And there you have it. You can Test your redirection with Search Engine Friendly Redirect Checker

I’ve been using windows for a long time now. And I’ve been using winRAR for almost the same length of time. But to my absolute horror I found that Ubuntu doesn’t nativly support extracting rar files. SHOCK HORROR!

But alas, in my journey to gain a better understanding of Ubuntu and GNU/Linux in general (trying CentOS 5 out now in a virtual enviroment) I found the answer.

Open a terminal window and type in:

1. sudo apt-get install rar
2. sudo ln -fs /usr/bin/rar /usr/bin/unrar

Once installed Gnome’s Archive Managmer will recognise rar files.

Yay!