tag:blogger.com,1999:blog-70679353119971228142024-02-20T05:12:33.642-08:00Linux for FunAnonymoushttp://www.blogger.com/profile/10958006225471039252noreply@blogger.comBlogger16125tag:blogger.com,1999:blog-7067935311997122814.post-43130238047148683312017-02-13T15:13:00.004-08:002017-02-13T15:13:50.836-08:00Moffix Repositories for CentOS 6<div style="color: #444444; font-family: Georgia, "Bitstream Charter", serif; font-size: 16px; line-height: 1.5; margin-bottom: 24px;">
<a href="http://www.moffix.com/">Moffix repositories</a> contain updated and extra packages for CentOS 6.x.</div>
<div style="color: #444444; font-family: Georgia, "Bitstream Charter", serif; font-size: 16px; line-height: 1.5; margin-bottom: 24px;">
Most packages are rebuilt from Fedora-25 source rpms. Some are rebuilt from Fedora Rawhide, Fedora old versions, CentOS, and other repositories. Modifications to spec files and small patches are added when needed.</div>
<div style="color: #444444; font-family: Georgia, "Bitstream Charter", serif; font-size: 16px; line-height: 1.5; margin-bottom: 24px;">
Moffix repositories depend on EPEL 6.</div>
<div style="color: #444444; font-family: Georgia, "Bitstream Charter", serif; font-size: 16px; line-height: 1.5; margin-bottom: 24px;">
NOTE: These repositories are originated from personal used packages. They are not intended to be complete, or, fully-compatible updates of CentOS 6.x. USE AT YOUR OWN RISK!!!</div>
<div style="color: #444444; font-family: Georgia, "Bitstream Charter", serif; font-size: 16px; line-height: 1.5; margin-bottom: 24px;">
COPYRIGHT NOTICE: Moffix repositories are distributed under GNU GPLv2. All the original packages retain their original copyrights.</div>
Anonymoushttp://www.blogger.com/profile/10958006225471039252noreply@blogger.com0tag:blogger.com,1999:blog-7067935311997122814.post-41184722996074250982012-11-07T22:48:00.000-08:002016-09-29T22:15:31.865-07:00OpenVPN over IP TunnelIn order to let our office to access the private network of our servers in IDC, I set up an OpenVPN server on 1.1.1.1, which is a server in IDC, and set up an OpenVPN client on 2.2.2.2, which is a server configured in DMZ of our office network, like this:<br />
<blockquote>
<code>
IDC private network--OpenVPN server(1.1.1.1)--OpenVPN client(2.2.2.2)--Office private network</code></blockquote>
But the OpenVPN connection auto-restarted very often:<br />
<blockquote>
<code>
Tue Nov 6 10:47:49 2012 Preserving previous TUN/TAP instance: tun1<br />
Tue Nov 6 10:47:49 2012 Initialization Sequence Completed<br />
Tue Nov 6 10:50:27 2012 [server] Inactivity timeout (--ping-restart), restarting<br />
Tue Nov 6 10:50:27 2012 TCP/UDP: Closing socket<br />
Tue Nov 6 10:50:27 2012 SIGUSR1[soft,ping-restart] received, process restarting<br />
Tue Nov 6 10:50:27 2012 Restart pause, 2 second(s)</code></blockquote>
The connection speed never exceeded 5 Mbps (our office's bandwidth is 100 Mbps).<br />
<br />
The connection always stalled during the first MB of a file transfer.<br />
<br />
I googled for a long time, tried every possible fix of this problem: changed MTU size, upgraded OpenVPN software, modified the configuration of the core switch. No use at all. I doubted that it is the internet connection of our office that causes the problem.<br />
<br />
<a name='more'></a>Today, an idea jumped out: why not find a way to bypass the possible internet connection problem!<br />
<br />
How about OpenVPN over IP tunnel?<br />
<br />
First, I established an IP tunnel between the OpenVPN server and client:<br />
<br />
On server side:<br />
<blockquote>
<code>
/sbin/ip tunnel add tunnel0 mode ipip remote 2.2.2.2 local 1.1.1.1<br />
/sbin/ip link set tunnel0 up<br />
/sbin/ifconfig tunnel0 192.168.0.1 netmask 255.255.255.0</code></blockquote>
On client side:<br />
<blockquote>
<code>
/sbin/ip tunnel add tunnel0 mode ipip remote 1.1.1.1 local 2.2.2.2<br />
/sbin/ip link set tunnel0 up<br />
/sbin/ifconfig tunnel0 192.168.0.2 netmask 255.255.255.0</code></blockquote>
Then I changed 'remote 1.1.1.1' to 'remote 192.168.0.1' in client.conf, then start the OpenVPN client.<br />
<br />
Bingo! The connection is extremely stable, it never stalls. The transfer speed can easily be close to 100 Mbps.Anonymoushttp://www.blogger.com/profile/10958006225471039252noreply@blogger.com0tag:blogger.com,1999:blog-7067935311997122814.post-62978086245007485862012-11-07T06:57:00.000-08:002016-09-29T22:01:16.887-07:00OpenVPN: ldap_parse_sasl_bind_result: Assertion failed.My OpenVPN server crashes occasionally, with the following messages in log file:<br />
<blockquote>
<code>
openvpn: ../../../libraries/libldap/sasl.c:262: ldap_parse_sasl_bind_result: Assertion `res != ((void *)0)' failed.</code></blockquote>
This occurs if openvpn uses auth-ldap but can not bind to the LDAP server. It's a bug of openvpn-auth-ldap.<br />
<br />
To fix it, open auth-ldap-2.0.3/src/LFLDAPConnection.m, change `== -1' to `<= 0' at line 462:<br />
<blockquote>
<code>
if (ldap_result(ldapConn, msgid, 1, &timeout, &res) <= 0) {</code></blockquote>
and recompile the package.<br />
<br />
See the following link for more information:<br />
<br />
<a href="http://code.google.com/p/openvpn-auth-ldap/issues/detail?id=11">http://code.google.com/p/openvpn-auth-ldap/issues/detail?id=11</a><br />
<br />Anonymoushttp://www.blogger.com/profile/10958006225471039252noreply@blogger.com0tag:blogger.com,1999:blog-7067935311997122814.post-2761742563929827862012-11-07T05:34:00.000-08:002016-09-29T22:04:01.304-07:00Zimbra Incremental Migration: an experienceSome days ago, I managed to migrate our company's Zimbra mail system to a new server. Since there were so many messages to move, the migration was a hard work, and caused a lot of troubles.<br />
<br />
A brief description of the task:<br />
<ul>
<li>The old server: CentOS 5.5 x86_64, ZCS 7.2.0</li>
<li>The new server: CentOS 6.3 x86_64, ZCS 8.0.0</li>
<li>Mail accounts: 1500, messages: 4 millions, storage: 600 GB</li>
<li>Bandwidth between two servers: 100 Mbps</li>
</ul>
I followed the method described in <a href="http://wiki.zextras.com/wiki/ZxBackup:_Incremental_migration_with_ZeXtras_Backup" target="_blank">ZxBackup: Incremental migration with ZeXtras Backup</a>. The process comprised the following steps:<br />
<ol>
<li>Backup of all messages on the old server: about 4 million items, backup time: 3 days.</li>
<li>Synchronization of backup data to the new server: data size: 320GB, files: 6.4 million, transfer time: 1 day.</li>
<li>Restore of old messages on the new server: restore time: 5 days.</li>
<li>Incremental backup and restore recent messages since last backup</li>
<li>Switch of the mail flow to the new server</li>
<li>Incremental backup and restore recent messages since last backup</li>
</ol>
<a name='more'></a>I finished the above steps in 10 days and switched the mail flow to the new server on Sunday. Everything seemed OK. But when Monday began, hundreds of colleagues came to office, great troubles came along.<br />
<br />
Firstly, our colleagues found that their mail IMAP mail clients (Outlook, Foxmail, Thunderbird, ...) always tried to download all messages in the Inbox folders of their accounts on the server, regardless of whether or not the message was read and downloaded before. The server's outgoing network traffic went up to 100 Mbps easily.<br />
<br />
Secondly, some colleagues' mail clients couldn't get and send messages completely.<br />
<br />
And the server didn't not respond to users frequently.<br />
<br />
I examined the server's log file and found the following errors:<br />
<br />
1. SSL errors from IMAP and POP3 proxies (/opt/zimbra/log/nginx.log):<br />
<blockquote>
<code>
SSL: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number<br />
SSL: error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac<br />
SSL: error:1409F07F:SSL routines:SSL3_WRITE_PENDING:bad write retry</code></blockquote>
These errors prevented users to login and get messages. I don't know where the errors came from. There were no errors when the commercial certificate was deployed. So I completely disabled proxies to avoid these errors.<br />
<br />
2. Pop3SSLServer and ImapSSLServer out of memory (/opt/zimbra/log/mailbox.log):<br />
<blockquote>
<code>
2012-10-30 11:15:45,161 ERROR [ImapSSLServer-96] [name=user@example.com;mid=682;ip=1.2.3.4;] imap - java.lang.OutOfMemoryError: Java heap space<br />
java.lang.OutOfMemoryError: Java heap space<br />
at java.nio.HeapByteBuffer.<init>(HeapByteBuffer.java:57)</code></blockquote>
Since all users were downloading large amount of old messages at the same time, the default Java heap size (about 3GB) set by the installation of ZCS is not enough. I simply change it to a large value:<br />
<blockquote>
<code>
(run as zimbra user)<br />
zmlocalconfig -e mailboxd_java_heap_size=6144<br />
zmmailboxdctl restart</code></blockquote>
3. ZeXtras Backup added a tag `0' to all restored messages, but this tag was not properly defined in database. For some mail client (foxmail), the tag prevented users from downloading message bodies when IMAP is used. I tried to find out the tag_id(257) of `0' and removed the tag from all messages in databases:<br />
<blockquote>
<code>
for n in `seq 1 100`; do<br />
mysql << _EOF<br />
update mboxgroup$n.mail_item set tag_names=null where type=5;<br />
delete from mboxgroup$n.tagged_item where tag_id=257;<br />
delete from mboxgroup$n.tag where id=257;<br />
_EOF<br />
done</code></blockquote>
4. To avoid downloading of all old messages in Inbox, I suggested all users to login to Zimbra via web interface, create a new folder named `Oldmail', move all messages in Inbox to `Oldmail', then move only recent received messages they wanted to download back to Inbox.<br />
<br />
On late Tuesday, the server went into a normal status.Anonymoushttp://www.blogger.com/profile/10958006225471039252noreply@blogger.com3tag:blogger.com,1999:blog-7067935311997122814.post-60630062340396678442012-11-06T23:49:00.000-08:002016-09-29T22:06:08.793-07:00Android ICS L2TP/IPSec `malformed payload in packet' errorWhen you try to connect to an OpenSWAN L2TP/IPSec PSK using an android device of version 4.0.x (Ice Cream Sandwich), you may get the following repeated errors:<br />
<blockquote>
<code>
Nov 7 15:13:42 vpnserver pluto[20906]: packet from 200.143.118.22:500: next payload type of ISAKMP Message has an unknown value: 133<br />
Nov 7 15:13:42 vpnserver pluto[20906]: | payload malformed after IV<br />
Nov 7 15:13:42 vpnserver pluto[20906]: |<br />
Nov 7 15:13:42 vpnserver pluto[20906]: packet from 200.143.118.22:500: sending notification PAYLOAD_MALFORMED to 200.143.118.22:500</code></blockquote>
and will get a connection timeout. That is because of a bug in ICS. Android ICS seems to mess up the payload which causes this error: byte 7 of ISAKMP NAT-OA Payload must be zero, but is not (see <a href="http://www.ietf.org/rfc/rfc3947.txt" target="_blank" title="rfc3947">rfc 3947</a>).<br />
<br />
There has been a <a href="http://code.google.com/p/android/issues/detail?id=23124" target="_blank" title="Android issue 23124">bug report</a> about this. It should have been fixed in Android 4.1.x. For 4.0.x (ICS) device, fortunately, there is an OpenSWAN workaround available at:<br />
<blockquote>
<code>
<a href="http://people.redhat.com/pwouters/osw/openswan-2.6.38-android-ics-natoa.patch">http://people.redhat.com/pwouters/osw/openswan-2.6.38-android-ics-natoa.patch</a></code></blockquote>
To resolve your issue, download this patch and recompile your openswan. If you compile openswan from SRPMS, make sure to change openswan.spec, add `-DSUPPORT_BROKEN_ANDROID_ICS' to make option `USERCOMPILE' in your openswan.spec, like this:<br />
<blockquote>
<code>
%{__make} \<br />
USERCOMPILE="-g %{optflags} -fPIE -pie -DSUPPORT_BROKEN_ANDROID_ICS" \<br />
......</code></blockquote>
Anonymoushttp://www.blogger.com/profile/10958006225471039252noreply@blogger.com0tag:blogger.com,1999:blog-7067935311997122814.post-19701186500575402422008-08-04T00:36:00.000-07:002016-09-29T22:06:32.480-07:00Firefox flash plugin: no soundIf you can not hear any sound when playing flash video in Firefox, It's probably because that you hasn't installed the package 'libflashsupport'. To solve it, just install that package and restart Firefox.<br />
<br />
For Fedora, you may use the command<br />
<blockquote>
<code>
# yum install libflashsupport</code></blockquote>
Anonymoushttp://www.blogger.com/profile/10958006225471039252noreply@blogger.com2tag:blogger.com,1999:blog-7067935311997122814.post-13068391026639350592008-04-27T05:00:00.000-07:002016-09-29T22:07:49.611-07:00Using `cvsd' to setup cvs pserverCVS was designed to use `xinetd' to startup service. But now most Linux distributions do not install xinetd by default, and configuration of CVS is somewhat complicated. `<a href="http://ch.tudelft.nl/~arthur/cvsd/">cvsd</a>' is a wrapper program for CVS in pserver mode, it can startup CVS as a standalone daemon, under a special uid/gid in a chroot jail. It is relatively easy to use cvsd and its configuration file to setup CVS repositories.<br />
<br />
In this article, I will describe how to setup a cvs pserver step by step.<br />
<br />
<strong>1. Installation of cvsd package</strong><br />
<br />
For RPM-based distributions, you may download precompiled RPMS from this site:<br />
<blockquote>
<a href="http://linuxforfun.net/misc/cvsd-1.0.14-1.i386.rpm">cvsd-1.0.14-1.i386.rpm</a><br />
<a href="http://linuxforfun.net/misc/cvsd-1.0.14-1.src.rpm">cvsd-1.0.14-1.src.rpm</a> (source)</blockquote>
For other distributions, you may download source tarball <a href="http://ch.tudelft.nl/~arthur/cvsd/downloads.html">here</a>, compile and install it yourself.<br />
<br />
<a name='more'></a><br />
<strong>2. Configuration file /etc/cvsd/cvsd.conf</strong><br />
<br />
Check cvsd's configuration file /etc/cvsd/cvsd.conf. Something should be mentioned:<br />
<ul><br />
<li>RootJail: the location of the chroot jail cvs should be run in. The default value should like<br /><blockquote>
<code>RootJail /var/lib/cvsd</code></blockquote>
For RPM-based installation, the installation process should have initialized this directory for you, by the command<br /><blockquote>
<code># cvsd-buildroot /var/lib/cvsd</code></blockquote>
If the directory is not initialized yet, or you change `RootJail' to another directory, you need to use the command `cvsd-buildroot' to initialize it by hand.</li>
<br />
<li>Uid and Gid: the user and group cvsd should be run as. The default values:<br /><blockquote>
<code>Uid cvsd<br />Gid cvsd</code></blockquote>
For non-RPM based installation, you need to create them by hand.</li>
<br />
<li>Repos: paths to repositories, one repository per line. Every path is relative to RootJail and begins with a `/'. For example:<br /><blockquote>
<code>Repos /coolsoft<br />Repos /hotsoft</code></blockquote>
</li>
</ul>
<strong>3. Creation of repositories</strong><br />
<br />
To create a repository, for example, `coolsoft', use the command:<br />
<blockquote>
<code># cvs -d /var/lib/cvsd/coolsoft init</code></blockquote>
The command will create a directory /var/lib/cvsd/coolsoft and a CVSROOT tree in it.<br />
<br />
If you allow users to create top level directories in this repository:<br />
<blockquote>
<code># chown cvsd:cvsd /var/lib/cvsd/coolsoft</code></blockquote>
Edit the file <code>/var/lib/cvsd/coolsoft/CVSROOT/config</code> and modify the `LockDir' option:<br />
<blockquote>
<code>LockDir /tmp/coolsoft</code></blockquote>
The directory is relative to `RootJail', /var/lib/cvsd. Create the directory:<br />
<blockquote>
<code># mkdir /var/lib/cvsd/tmp/coolsoft<br /># chown cvsd:cvsd /var/lib/cvsd/tmp/coolsoft</code></blockquote>
Now create users that can access this repository and set the passwords:<br />
<blockquote>
<code># cvsd-passwd /var/lib/cvsd/coolsoft jack</code></blockquote>
If you want anonymous access to your repository, create a user named `anonymous' or `anoncvs', and leave the password blank:<br />
<blockquote>
<code># cvsd-passwd /var/lib/cvsd/coolsoft anoncvs</code></blockquote>
Create a new file <code>/var/lib/cvsd/coolsoft/CVSROOT/writers</code>:<br />
<blockquote>
<code># touch /var/lib/cvsd/coolsoft/CVSROOT/writers</code></blockquote>
to protect write access to the repository. Without this file, all users have write access! Add users you want write access to this file, one user per line.<br />
<br />
Optional, create top level directories in your repository that will hold files committed:<br />
<blockquote>
<code># cd /var/lib/cvsd/coolsoft<br /># mkdir client server<br /># chown cvsd:cvsd client server</code></blockquote>
<strong>4. Startup cvsd and test your repositories</strong><br />
<br />
To startup cvsd, use the command<br />
<blockquote>
<code># /etc/init.d/cvsd start</code></blockquote>
To test the new repository:<br />
<blockquote>
<code># cvs -d :pserver:jack@myhost.at.office/coolsoft login<br /># cvs -d :pserver:jack@myhost.at.office/coolsoft co client</code></blockquote>
Anonymoushttp://www.blogger.com/profile/10958006225471039252noreply@blogger.com5tag:blogger.com,1999:blog-7067935311997122814.post-85551463096547410402008-04-15T08:35:00.000-07:002016-09-29T22:08:27.613-07:00Setup of VSFTPD - another approachIf you are hosting several web sites, for security reason, you may want the webmasters to access their own files only. One of the good way is to give them FTP access by setup of VSFTPD virtual users and directories.<br />
<br />
In my <a href="http://linuxforfun.net/2008/04/05/vsftpd-virtual-users/" target="_blank">last article</a>, I described how to setup VSFTPD virtual users. In this article, I will describe another approach to setup VSFTPD, it needs real users on the system.<br />
<br />
<strong>1. Installation of VSFTPD</strong><br />
<br />
For Red Hat, CentOS and Fedora, you may install VSFTPD by the command<br />
<blockquote>
<code># yum install vsftpd</code></blockquote>
For Debian and Ubuntu,<br />
<blockquote>
<code># apt-get install vsftpd</code></blockquote>
<a name='more'></a><strong>2. Virtual users and authentication</strong><br />
<br />
We may create a real user account for each webmaster. We will only give them FTP access to our server.<br />
<br />
First, use `useradd' command to create user accounts. Something to be specified are:<br />
<ul>
<li><strong>group</strong>: we may specify the group of users to the group HTTP server runs as. In most cases, it is `apache' for Apache HTTP Server, it is `lighttpd' for lighttpd.</li>
<br />
<li><strong>home directory</strong>: we should also specify users' home directories to their virtual hosts' DocumentRoot. We should also make these directories writable by HTTP server.</li>
<br />
<li><strong>login shell</strong>: in order to disallow normal login for these FTP users, we should specify their login shell to `/sbin/nologin'.</li>
</ul>
For example:<br />
<blockquote>
<code># useradd -g apache -d /var/www/vhosts/mike -s /sbin/nologin mike<br /># chmod g+w /var/www/vhosts/mike<br /># passwd mike<br />Changing password for user mike.<br />New UNIX password:<br />Retype new UNIX password:<br />passwd: all authentication tokens updated successfully.</code></blockquote>
<strong>3. Configuration of VSFTPD</strong><br />
<br />
Create a configuration file /etc/vsftpd/vsftpd-virtual.conf,<br />
<blockquote>
<code># disables anonymous FTP<br />anonymous_enable=NO<br /># enables non-anonymous FTP<br />local_enable=YES<br /># enables uploads and new directories<br />write_enable=YES<br /># authentication of virtual uses<br />pam_service_name=login<br /># the virtual user is restricted to the virtual FTP area<br />chroot_local_user=YES<br /># runs vsftpd in standalone mode<br />listen=YES<br /># listens on this port for incoming FTP connections<br />listen_port=60021<br /># the minimum port to allocate for PASV style data connections<br />pasv_min_port=62222<br /># the maximum port to allocate for PASV style data connections<br />pasv_max_port=63333<br /># controls whether PORT style data connections use port 20 (ftp-data)<br />connect_from_port_20=YES<br /># the umask for file creation<br />local_umask=022</code></blockquote>
<strong>4. Start VSFTPD and test</strong><br />
Now we can start VSFTPD by the command:<br />
<blockquote>
<code># /usr/sbin/vsftpd /etc/vsftpd/vsftpd-virtual.conf</code></blockquote>
and test the FTP access of a virtual user:<br />
<blockquote>
<code># lftp -u mike -p 60021 192.168.1.101</code></blockquote>
The virtual user should have full access to his directory.Anonymoushttp://www.blogger.com/profile/10958006225471039252noreply@blogger.com4tag:blogger.com,1999:blog-7067935311997122814.post-49348911074879100282008-04-14T20:13:00.000-07:002016-09-25T23:52:05.023-07:00Be Linux - Penguins Linux Ad on YouTube[youtube]http://www.youtube.com/watch?v=PLHjT5-XM9o[/youtube]<br/><br/><strong>Be Linux.</strong><br/>From: kroperx<br/><br/>Added: April 02, 2008<br/>A little Ad i made editing a well known video from the B B C.<br/><br/>Song:<br/>Joe Bongiorno - Chasing the Wind<br/>from Destined<br/><br/>(The video is adapted from http://www.youtube.com/watch?v=nrxmpihCjqw)Anonymoushttp://www.blogger.com/profile/10958006225471039252noreply@blogger.com1tag:blogger.com,1999:blog-7067935311997122814.post-63301766686014220872008-04-05T01:12:00.000-07:002016-09-29T22:09:21.195-07:00Setup of VSFTPD virtual usersIf you are hosting several web sites, for security reason, you may want the webmasters to access their own files only. One of the good way is to give them FTP access by setup of VSFTPD virtual users and directories. This article describes how you can do that easily.<br />
(See also: <a href="http://linuxforfun.net/2008/04/15/vsftpd-virtual-users-another-approach/">Setup of VSFTPD virtual users - another approach</a>)<br />
<br />
<strong>1. Installation of VSFTPD</strong><br />
<br />
For Red Hat, CentOS and Fedora, you may install VSFTPD by the command<br />
<blockquote>
<code># yum install vsftpd</code></blockquote>
For Debian and Ubuntu,<br />
<blockquote>
<code># apt-get install vsftpd</code></blockquote>
<a name='more'></a><strong>2. Virtual users and authentication</strong><br />
<br />
We are going to use pam_userdb to authenticate the virtual users. This needs a username / password file in `db' format - a common database format. We need `db_load' program. For CentOS, Fedora, you may install the package `db4-utils':<br />
<blockquote>
<code># yum install db4-utils</code></blockquote>
For Ubuntu,<br />
<blockquote>
<code># apt-get install db4.2-util</code></blockquote>
To create a `db' format file, first create a plain text file `virtual-users.txt' with the usernames and passwords on alternating lines:<br />
<blockquote>
<code>mary<br />123456<br />jack<br />654321</code></blockquote>
Then execute the following command to create the actual database:<br />
<blockquote>
<code># db_load -T -t hash -f virtual-users.txt /etc/vsftpd/virtual-users.db</code></blockquote>
Now, create a PAM file /etc/pam.d/vsftpd-virtual which uses your database:<br />
<blockquote>
<code>auth required pam_userdb.so db=/etc/vsftpd/virtual-users<br />account required pam_userdb.so db=/etc/vsftpd/virtual-users</code></blockquote>
<strong>3. Configuration of VSFTPD</strong><br />
<br />
Create a configuration file /etc/vsftpd/vsftpd-virtual.conf,<br />
<blockquote>
<code># disables anonymous FTP<br />anonymous_enable=NO<br /># enables non-anonymous FTP<br />local_enable=YES<br /># activates virtual users<br />guest_enable=YES<br /># virtual users to use local privs, not anon privs<br />virtual_use_local_privs=YES<br /># enables uploads and new directories<br />write_enable=YES<br /># the PAM file used by authentication of virtual uses<br />pam_service_name=vsftpd-virtual<br /># in conjunction with 'local_root',<br /># specifies a home directory for each virtual user<br />user_sub_token=$USER<br />local_root=/var/www/virtual/$USER<br /># the virtual user is restricted to the virtual FTP area<br />chroot_local_user=YES<br /># hides the FTP server user IDs and just display "ftp" in directory listings<br />hide_ids=YES<br /># runs vsftpd in standalone mode<br />listen=YES<br /># listens on this port for incoming FTP connections<br />listen_port=60021<br /># the minimum port to allocate for PASV style data connections<br />pasv_min_port=62222<br /># the maximum port to allocate for PASV style data connections<br />pasv_max_port=63333<br /># controls whether PORT style data connections use port 20 (ftp-data)<br />connect_from_port_20=YES<br /># the umask for file creation<br />local_umask=022</code></blockquote>
<strong>4. Creation of home directories</strong><br />
<br />
Create each user's home directory in /var/www/virtual, and change the owner of the directory to the user `ftp':<br />
<blockquote>
<code># mkdir /var/www/virtual/mary<br /># chown ftp:ftp /var/www/virtual/mary</code></blockquote>
<strong>5. Startup of VSFTPD and test</strong><br />
Now we can start VSFTPD by the command:<br />
<blockquote>
<code># /usr/sbin/vsftpd /etc/vsftpd/vsftpd-virtual.conf</code></blockquote>
and test the FTP access of a virtual user:<br />
<blockquote>
<code># lftp -u mary -p 60021 192.168.1.101</code></blockquote>
The virtual user should have full access to his directory.Anonymoushttp://www.blogger.com/profile/10958006225471039252noreply@blogger.com30tag:blogger.com,1999:blog-7067935311997122814.post-43653164357208839212008-03-15T02:07:00.000-07:002016-09-29T22:09:36.499-07:00Method to solve `Downloading bookmarks ...' problemI am migrating to `Google bookmarks', but the button on Google Toolbar always says `Downloading bookmarks ...'. But in Windows, Google Toolbar in Firefox can import, download, add bookmarks normally. What's different in Linux?<br />
<br />
After googling for some time, I realize that it is due to lack of the library `libstdc++.so.5'. This is one of the old versions of C++ libraries, most of current Linux distributions do not install this library by default. The method to solve 'Downloading bookmarks' problem is:<br />
<br />
1. Install the package that contains libstdc++.so.5. For Fedora 8:<br />
<blockquote>
<code># yum install compat-libstdc++-33</code></blockquote>
For Ubuntu:<br />
<blockquote>
<code># sudo apt-get install libstdc++5</code></blockquote>
For other distributions, you should install the corresponding packages.<br />
<br />
2. Exit Firefox, restart Firefox, <strong>re-install Google Toolbar</strong>. This is very important, or else the problem will not be solved!<br />
<br />
3. Restart Firefox. Now you can see all your bookmarks in your Google toolbar!Anonymoushttp://www.blogger.com/profile/10958006225471039252noreply@blogger.com0tag:blogger.com,1999:blog-7067935311997122814.post-78525830356917600672008-03-03T22:37:00.000-08:002016-09-29T22:10:20.506-07:00Installation of CentOS on a server with a SmartRAID V controllerWe are going to reinstall Linux on an old server with a SmartRAID V controller. Since CentOS can be updated easily using 'yum', we decide to use CentOS 5.1. There are some difficulties in installation, but we can bypass them and accomplish it successfully.<br />
<br />
The basic parameters of the old server:<br />
<ul><br />
<li>2 x Intel(R) Xeon(TM) CPU 2.40GHz</li>
<li>4G Memory</li>
<li>Adaptec (formerly DPT) SmartRAID V Controller</li>
<li>6x 36704 MB SCSI disks</li>
<li>Intel Corporation 82545EM Gigabit Ethernet Controller</li>
<li>ATAPI 52X CD-ROM drive</li>
</ul>
The main points of installation are described below:<br />
<br />
<a name='more'></a><strong>0. Make a RAID5 array </strong><br />
<br />
Before installation, we use SmartRAID Storage Manager to make a RAID5 array using 5 SCSI disks, and leave 1 SCSI disk as HotSpare.<br />
<br />
<strong>1. Choose installation media</strong><br />
<br />
We have downloaded a Centos 5.1 DVD ISO. But the machine has no DVD-ROM. We make a USB boot disk using images/diskboot.img, but the server can't boot. We have to burn a bootable CD-ROM using images/boot.iso. On the other Linux machine, we mount CentOS 5.1 DVD ISO under a directory of the Apache HTTP server. We will boot the machine by the bootable CD-ROM and choose HTTP installation media.<br />
<br />
<strong>2. Boot, load RAID drivers</strong><br />
<br />
Boot the machine, choose HTTP installation media, configure network parameters and HTTP server addresses. The installation process now enters the graphical interface. But if we click 'Next' on the screen now, the installation process will not recognize any hard disks. This is because: <strong>CentOS does not put SmartRAID V drivers into the kernel used in installation process.</strong><br />
<br />
The method to solve this problem is: on the other Linux machine, unpack CentOS/kernel-2.6.18-53.el5.i686.rpm, copy the following two drivers<br />
<blockquote>
<code>/lib/modules/2.6.18-53.el5/kernel/drivers/message/i2o/i2o_block.ko<br />/lib/modules/2.6.18-53.el5/kernel/drivers/message/i2o/i2o_scsi.ko</code></blockquote>
to some directory of the Apache HTTP server so that the machine can see them through HTTP.<br />
<br />
Then, in the graphical interface of installation, press Ctrl-Alt-F2 to switch to command line, use 'wget' to get the above two drivers, execute the commands:<br />
<blockquote>
<code># insmod i2o_block.ko<br /># insmod i2o_scsi.ko</code></blockquote>
It may cause some minutes when loading i2o_scsi.ko.<br />
<br />
After that, press Ctrl-Alt-F6 to switch back to the graphical interface, click 'Next' to proceed. A popup may appear, which says something like:<br />
<blockquote>
Error opening /dev/sda: No such device or address</blockquote>
Don't care, click 'Cancel' to ignore it. At this time, the installation process will recognize the RAID5 array as /dev/i2o/hda successfully. We can follow normal steps to install the OS itself.<br />
<br />
(In the partitioning step, using LVM may cause trouble - after installation, the boot process of the new system will be extremely slow, almost dead. We don't know the reason yet. After times of failure, we choose to create custom layout, do not use LVM, the boot process afterwards goes smoothly.)<br />
<br />
<strong>3. Make initrd</strong><br />
<br />
After all packages are installed, do not click 'Reboot' right now. Since <strong>'i2o_block.ko' and 'i2o_scsi.ko' are not included in the default kernel's initrd file</strong>, the boot prcess will not recognize our RAID5 array.<br />
<br />
At the last stage of the graphical interface of installation, press Ctrl-Alt-F2 to switch to command line, execute the commands:<br />
<blockquote>
<code># chroot /mnt/sysimage /bin/bash<br /># /sbin/mkinitrd -f --preload=i2o_block --preload=i2o_scsi /boot/initrd-2.6.18-53.el5PAE.img 2.6.18-53.el5PAE<br /># exit</code></blockquote>
Then, press Ctrl-Alt-F6 to switch back to the graphical interface, click 'Reboot' to reboot the system.<br />
<br />
Every time we upgrade the kernel, we should execute the 'mkinitrd' command to rebuild the initrd file, including 'i2o_block' and 'i2o_scsi' modules in it.Anonymoushttp://www.blogger.com/profile/10958006225471039252noreply@blogger.com2tag:blogger.com,1999:blog-7067935311997122814.post-4972697716688133322008-01-07T01:09:00.000-08:002016-09-29T22:12:34.999-07:00MySQL live backup using replicationAssume that you have a website using MySQL as its database. You want to make a live backup of your database on another machine, so that if your host machine encounters a hardware failure, you can recover your web service ASAP. MySQL replication provides a simple way to do that.<br />
<br />
First, you should prepare your backup machine:<br />
<ul>
<li>it is 'closed' to your host machine, in the meaning that data transfer speed is fast between them.</li>
<li>it is installed MySQL, the major version should be the same as MySQL on the host machine, ie, both are MySQL 5.x.x, or both are MySQL 4.x.x.</li>
</ul>
Assume that your host machine's IP is 192.168.1.111, your backup machine's IP is 192.168.2.222.<br />
<a name='more'></a><br />
<strong>On the host machine:</strong><br />
<br />
add the following lines to '[mysqld]' section of your my.cnf:<br />
<blockquote>
<code>
server-id=1<br />
log-bin=mysql-bin<br />
binlog-do-db=myblog</code></blockquote>
If you want the host machine as the replication of the backup machine too, add the following lines in my.cnf:<br />
<blockquote>
<code>
master-host=192.168.2.222<br />
master-user=backup<br />
master-password=backup<br />
master-port=3306<br />
master-connect-retry=10<br />
replicate-do-db=myblog<br />
relay-log=relay-bin<br />
<br />
# important: in multi-master replication,<br />
# add the following 2 lines to avoid conflicting `AUTO_INCREMENT' values<br />
auto_increment_increment=2<br />
auto_increment_offset=1</code></blockquote>
Note: 'binlog-do-db' and 'replicate-do-db' specify the database you want to replicate. If you want to replicate multiple databases, just write multiple lines, one database per line.<br />
<br />
Add an account on your MySQL server:<br />
<blockquote>
<code>
GRANT FILE,REPLICATION SLAVE,REPLICATION CLIENT,SUPER ON *.* TO backup@'192.168.2.222' IDENTIFIED by 'backup';</code></blockquote>
<strong>On the backup machine:</strong><br />
<br />
add the following lines to '[mysqld]' section of your my.cnf:<br />
<blockquote>
<code>
server-id=2<br />
master-host=192.168.1.111<br />
master-user=backup<br />
master-password=backup<br />
master-port=3306<br />
master-connect-retry=10<br />
replicate-do-db=myblog<br />
relay-log=relay-bin</code></blockquote>
If you want dual-direction backup, add the following lines to my.cnf:<br />
<blockquote>
<code>
log-bin=mysql-bin<br />
binlog-do-db=myblog<br />
<br />
# important: in multi-master replication,<br />
# add the following 2 lines to avoid conflicting `AUTO_INCREMENT' values<br />
auto_increment_increment=2<br />
auto_increment_offset=2</code></blockquote>
Add an account on your MySQL server:<br />
<blockquote>
<code>
GRANT FILE,REPLICATION SLAVE,REPLICATION CLIENT,SUPER ON *.* TO backup@'192.168.1.111' IDENTIFIED by 'backup';</code></blockquote>
Now, shutdown MySQL servers on both machines. Copy all databases you need to replicate from the host machine to the backup machine. Then startup MySQL servers on both machines. Examine your mysqld.log for possible errors. Test the replication using some simple SQLs, for example, create a simple table.Anonymoushttp://www.blogger.com/profile/10958006225471039252noreply@blogger.com0tag:blogger.com,1999:blog-7067935311997122814.post-69041012317557860772007-12-07T19:14:00.000-08:002016-09-25T23:52:04.692-07:00Gentoo has no newsletters for several weeksSince the last release of Gentoo Weekly Newsletter (GWN), which is dated October 15, 2007, Gentoo hasn't released any newsletters for nearly two months. It is a strange thing. What happened to Gentoo?<br/><br/>Gentoo Linux is a distribution I like very much. It gives me an opportunity to fully control my system. Wish everything is OK for Gentoo!Anonymoushttp://www.blogger.com/profile/10958006225471039252noreply@blogger.com1tag:blogger.com,1999:blog-7067935311997122814.post-86904407919914512242007-12-06T00:46:00.000-08:002016-09-29T22:14:42.073-07:00A shell script to convert APE/FLAC to mp3There is a shell script that can convert a big APE/FLAC file to mp3 files easily. The author of the script is not clear, the script just says: <em>Brian's Archive CUE/FLAC Splitter v0.1, No sanity checking in place. Be careful.</em><br />
<br />
<a href="http://linuxforfun.net/misc/ape2mp3" title="download the script 'ape2mp3'">Download the script 'ape2mp3'</a>. The original script has been slightly modified to be used with newer versions of the related software.<br />
<br />
Use of the script is very simple (of course you need both the CUE file and the APE/FLAC file):<br />
<blockquote>
<code>
# ape2mp3 album.cue album.ape</code></blockquote>
It requires several packages installed on your system. For Fedora, some packages can be found at <a href="http://freshrpms.net/">freshrpms.net</a>. You may first install <a href="http://ftp.freshrpms.net/pub/freshrpms/fedora/linux/8/freshrpms-release/freshrpms-release-1.1-1.fc.noarch.rpm">freshrpms-release</a>, then use 'yum' to install them.<br />
<br />
1. <strong>mac</strong> - Monkey's Audio Codec (MAC) utility and library<br />
<blockquote>
<code>
# yum install mac</code></blockquote>
2. <strong>lame</strong> - LAME Ain't an MP3 Encoder... but it's the best of all<br />
<blockquote>
<code>
# yum install lame</code></blockquote>
3. <strong>shorten</strong> - Low complexity and fast waveform coder<br />
<blockquote>
<code>
# rpm -ivh <a href="http://linuxforfun.net/misc/shorten-3.6.0-1.2.i386.rpm">shorten-3.6.0-1.2.i386.rpm</a><br />
(src: <a href="http://linuxforfun.net/misc/shorten-3.6.0-1.2.src.rpm">shorten-3.6.0-1.2.src.rpm</a>)</code></blockquote>
4. <strong>shntool</strong> - Multi-purpose WAVE data processing and reporting utility<br />
<blockquote>
<code>
# rpm -ivh <a href="http://linuxforfun.net/misc/shntool-3.0.6-1.i386.rpm">shntool-3.0.6-1.i386.rpm</a><br />
(src: <a href="http://linuxforfun.net/misc/shntool-3.0.6-1.src.rpm">shntool-3.0.6-1.src.rpm</a>)</code></blockquote>
5. <strong>cuetools</strong> - Utilities to works with cue and TOC files<br />
<blockquote>
<code>
# rpm -ivh <a href="http://linuxforfun.net/misc/cuetools-1.3.1-2.i386.rpm">cuetools-1.3.1-2.i386.rpm</a><br />
(src: <a href="http://linuxforfun.net/misc/cuetools-1.3.1-2.src.rpm">cuetools-1.3.1-2.src.rpm</a>)</code></blockquote>
Anonymoushttp://www.blogger.com/profile/10958006225471039252noreply@blogger.com5tag:blogger.com,1999:blog-7067935311997122814.post-30449139283337349562007-12-03T12:01:00.000-08:002016-09-26T02:18:56.668-07:00Hello world!Welcome to Linux for Fun!Anonymoushttp://www.blogger.com/profile/10958006225471039252noreply@blogger.com0