Sysadmin Guide

setup a virtual ethernet device on linux

Akhthar Parvez — Mon, 02 May 2011 14:58:10 +0000

What would you do if you want to add one more IP to your system. Attach one more network device? No! Then what? You would setup a virtual ethernet device.

Suppose you have a physical eth device named eth0 as below:

eth0 Link encap:Ethernet HWaddr 00:1C:C0:78:31:E0
inet addr:192.168.1.20 Bcast:192.168.1.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:3899483 errors:0 dropped:0 overruns:0 frame:0
TX packets:5332505 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1648569488 (1.5 GiB) TX bytes:1417767181 (1.3 GiB)
Interrupt:50 Base address:0×8000

And now you want to add another IP address (192.168.1.21) to the system. That’s so easy!

First copy the file /etc/sysconfig/network-scripts/ifcfg-eth0 to /etc/sysconfig/network-scripts/ifcfg-eth0:1
and then edit the following lines:
DEVICE=eth0:1
IPADDR=192.168.1.21

So the whole file /etc/sysconfig/network-scripts/ifcfg-eth0:1 would look like this:
# Realtek Semiconductor Co., Ltd. RTL8111/8168B PCI Express Gigabit Ethernet controller
DEVICE=eth0:1
BOOTPROTO=none
BROADCAST=192.168.1.255
HWADDR=00:1c:c0:78:31:e0
IPADDR=192.168.1.21
NETMASK=255.255.255.0
NETWORK=192.168.1.0
ONBOOT=yes
TYPE=Ethernet
USERCTL=no
IPV6INIT=no
PEERDNS=yes

Restart the network service

/etc/init.d/network restart

Run ifconfig now and you should see the new virtual device eth0:1 there.

/home/virtfs consuming a lot of space?

Akhthar Parvez — Mon, 02 May 2011 14:34:06 +0000

/home/virtfs is the directory created by cpanel to provide a restricted data access to jailshell users. When a user is logged in via jailshell, a virtual fileystem is created for the cpanel user by mounting only the selected filesystems under /home/virtfs/ so the user can (only) access the data under these filesystems.

Since the data in /home/virtfs/ is pointed to the actual data, system would show the aggregate amount of data mounted under /home/virtfs/ if you perform a du. So do not perform a du under /home/virtfs if any user is logged in as ssh and never try to remove the data from this directory as that would cause the data to be removed from their actual location.

Sometimes, system wouldn’t unmount some or all of the filesystems properly from /home/virtfs/ even if the user is logged out from jailshell. And you can guess what would happen in such cases; du would show that directory is consuming a lot of space.

Check if there’s any jailshell process running and if so, kill the process. If none, you may run the following bash one liner in order to fix this issue:

for i in `cat /proc/mounts|awk '/virtfs/ {print $2}'`; do umount $i;done

Run du again and you should see that /home/virtfs is hardly consuming any space at all.

WordPress Category is created, but not with the slug entered

Akhthar Parvez — Sun, 24 Oct 2010 11:34:20 +0000

Sometimes, when you create a category in your WordPress application, it gets created but not with the desired slug. Slug is a term used to describe the short name of a category, tags alike – usually all lower case characters – that is used in the URL. Suppose, if you wanted to add a category with the slug “school”, the newly created category would have the slug “school-2″. It usually happens when the slug is already is in use. You will notice it when you try to change the category slug – you will get the following error:

slug “” is already in use

You need to check if you already have a category with the same slug. If not, you’re like to have a tag with that slug name. You can goto “Post Tags” section under “Posts” and look for the particular slug. Change the slug name there and you will be able to create the category with the desired slug now.

WordPress redirection is not working

Akhthar Parvez — Sun, 24 Oct 2010 11:25:15 +0000

If your wordpress is not displaying posts and categories alike eventhough the wordpress loads fine, it’s most likely that the redirection which is an integral part of WordPress is not working. You need to ensure the following things are setup:

1. Your webserver is built with rewrite module support.

2. You have the following lines in your .htaccess:

RewriteEngine On
RewriteBase /
RewriteCond %{HTTP_HOST} sysadminguide\.com$ [NC]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]

That’s it! If the above show fine and your WP still doesn’t work, check logs and you should see the obvious reason there.

How to check if your SMTP server is an open relay

Akhthar Parvez — Sat, 23 Oct 2010 15:22:17 +0000

If you’re setting up a Mail server, one of the most important tasks you need to do is ensure it’s not an open relay. Open relay means anyone can send out emails using the Mail Server without any authentication. If your SMTP server is an open relay, you are most likely to be blacklisted by all major spam lists.

So, here’s how you can check whether your SMTP server is an open relay:

telnet sysadminguide.com 25

helo server.sysadminguide.com

mail from: test@sysadminguide.com

rcpt to: test@testdomain.com

DATA

Subject: test
Testing open relay
.

quit

If everything went successfully and you were able to send the email, then you have an open relay. Tune your SMTP server to setup sender verification or SMTP authentication.

However, be noted that if you have already popped emails or sent emails using authentication from the PC you’re testing it, you will likely succeed in sending the emails through the above method and that doesn’t mean you have an open relay.

Apache – Secure upload directories

Akhthar Parvez — Thu, 05 Aug 2010 19:05:57 +0000

It’s very important to secure directories which are being used as the destination dir for web uploads. You can do this by adding the following entries into the .htaccess file:

Options -Indexes
AddHandler cgi-script .php .php3 .php4 .php5 .phtml .pl .py .jsp .asp .htm .shtml .sh .cgi .txt
Options -ExecCGI

Just a small step to miss, but the impact may be huge.

PS: Make sure that no directories are world or apache user writable unless they’re used for web uploads. It would be dangerous otherwise.

Create an FTP user on a cPanel server from backend (shell)

Akhthar Parvez — Fri, 28 May 2010 19:33:34 +0000

Ever wondered how to create FTP users on a cPanel server? Adding FTP using pure-pw (for Pure-ftpd, who uses proftpd anyway?) won’t work because cPanel will overwrite it when you run /usr/local/cpanel/bin/ftpupdate. FYI, that command is being run everytime you add a new account on the server.

Here’s the command to create an FTP user on a cPanel server:

/usr/local/cpanel/bin/proftpd_passwd abc -a abc_ftp:test:501:501:abc:/home/abc/public_html/test:/sbin/nologin

where abc_ftp@ is the virtual FTP user and abc is the system user to which the FTP user belongs to.

Done, it’s that simple

Thinking if the above command was meant for adding a ProFTP user? Well, it’s for adding an FTP user on cPanel servers no matter which FTP server you’re on. cPanel stores the passwd in /etc/proftpd/ file (and a combined list in /etc/proftpd/passwd.vhosts), whether its’ Pro or Pure.

Here’s the syntax:

/usr/local/cpanel/bin/proftpd_passwd -a ::::::

You may delete the FTP user as below:

/usr/local/cpanel/bin/proftpd_passwd -d

If you ever edit the passwd files directly to remove a user, you should run the following command so that the changes can take effect:

/usr/local/cpanel/bin/ftpupdate

Redirect URL with htaccess

Akhthar Parvez — Sun, 17 Jan 2010 22:20:30 +0000

If you want to redirect a page/directory to another page/directory, it’s plain simple. Just add the following line into your .htaccess file.

Redirect 301 /oldpage.html /new_directory/

Above rule will redirect all requests to the file /oldpage.html to the directory /new_directory/. Redirect number 301 means it was moved permanently. See all numbers below:

300 multiple choices (e.g. offer different languages)
301 moved permanently
302 found (originally temporary redirect, but now commonly used to specify redirection for unspecified reason)
303 see other (e.g. for results of cgi-scripts)
307 temporary redirect

**********************************************************************

If you want to redirect the pages on a website to another, you should use RewriteRule instead of Redirect. The syntax is given below:

Option 1 (this will redirect only the old domain to new domain:
Options +FollowSymLinks
RewriteEngine on
RewriteCond %{HTTP_HOST} ^(www.)?newdomain\.com
RewriteRule ^(.*)$ http://www.newdomain.com/$1 [R=301,L]

Option 2 (this will redirect all domains except the new domain to new domain):
Options +FollowSymLinks
RewriteEngine on
RewriteCond %{HTTP_HOST} !^www\.newdomain\.com
RewriteRule ^(.*)$ http://www.newdomain.com/$1 [R=301,L]

If you want to redirect all requests without www to with www, use the following code.

Options +FollowSymLinks
RewriteEngine on
RewriteBase /
RewriteCond %{HTTP_HOST} ^sysadminguide\.com$ [NC]
RewriteRule ^(.*)$ http://www.sysadminguide.com/$1 [R=301,L]

Above rules would redirect the requests for sysadminguide.com to www.sysadminguide.com.

Similarly, you can redirect all the pages in a sub-drectory to the document root itself as below:

RewriteCond %{HTTP_HOST} ^sysadminguide\.com$ [NC]
RewriteRule ^topics/(.*)$ /$1

RewriteRule is a powerful tool to redirect website URLs and pages alike with the use of Regular expressions. To learn more about Apache rewrite module (mod_rewrite), goto the following link:

http://httpd.apache.org/docs/1.3/mod/mod_rewrite.html

PHP error – URL file-access is disabled in the server configuration

Akhthar Parvez — Sat, 16 Jan 2010 20:06:14 +0000

If you get the following error while accessing a PHP script

URL file-access is disabled in the server configuration

Add the following into the .htaccess file for the particular website to get this work.

php_flag allow_url_include Off

Note: However, it’s highly recommended to keep allow_url_include disabled as it would be a security risk otherwise. This function allows remote files to be executed via include/require function within a PHP script. So allow this only if you’re sure the PHP code is safe and never allow it server wide.

Install Mailparse

Akhthar Parvez — Thu, 31 Dec 2009 11:05:42 +0000

Mailparse is a PECL (PHP Extension Community Library) extension for parsing emails. You should have the PHP module mbstring for mailparse to work. It’s a pretty straightforward task. Run the following command to install mailparse:

# pecl install mailparse

If you get the following error whle compiling mailparse:

checking whether the C compiler works… configure: error: cannot run C compiled programs.

Check the mount permission on your /tmp directory. You would need to remount /tmp as executable.

# mount | grep /tmp
/dev/sda3 on /tmp type ext3 (rw)
/tmp on /var/tmp type none (rw,noexec,nosuid,bind)

# mount -o remount,exec,suid /tmp

Proceed with the compilation and don’t fforget to remount /tmp as noexec once it’s finished.

# mount -o remount,noexec,nosuid /tmp

If you you don’t want to remount /tmp as noexec even temporarily or can’t remount /tmp (chance if you’re on VPS), you can use another directory for temp.

# pear config-set temp_dir /var/tmp/pear/temp

You may proceed with the installation now and that should work.

Manual installation:

If the automatic compilation doesn’t work and you have no idea how to fix it, don’t panic. You can install it manually.

1. Download the package from http://pecl.php.net/package/mailparse

2. Hand compile it.

# tar -zxvf mailparse-*.tgz
# cd mailparse-*
# phpize
# ./configure
# make
# make install

3. Move the module mailparse.so to the PHP extensions directory and add the following line under Dynamic Extensions in your php.ini

extension=mailparse.so

Restart Apache and Mailparse is compiled into the PHP now.