DB Variables Configuration
From SME Server
[edit] Database variables
SME Server comes with the most used parameters set as variables in its internal configuration databases. These variables are used to store values to be used in the final configuration files. Please, read the SME Server Developer's Guide to understand the template and database process.
These variables are useful to configure your system more easily, as you do not need to modify configuration files directly for most common cases. It also makes it possible to administer the server through its server-manager as the database variables are used to set and change configuration parameters. After editing, the configuration files must be regenerated and affected services need to be restarted.
For example, suppose you need to increase "memory-limit" in php.
You would simply execute these commands at the server console:
db configuration setprop php MemoryLimit 64M expand-template /etc/php.ini /etc/init.d/httpd-e-smith restart
The first line changes the value for the memory limit of PHP, the second line regenerates the configuration file and the last line will reload Apache (and subsequently also PHP as this is configured as a module of Apache).
| Warning: |
| Database parameters are case sensitive so take great care when typing at the server shell because no error messages are given should you make a typo. |
The database system is based on a flat file system, but you should never edit them directly. Instead you should use the db command. More details on using the database system can be found in the SME Server Developer's Guide.
[edit] Setting db variables to default values
Any db variable that has a default value can be reset to the default by deleting the variable entirely, then re-initializing the default database values as follows:
config delprop key prop /etc/e-smith/events/actions/initialize-default-databases
[edit] Concept of the signal-event command
Thanks for the developers work, you can simplify more the commands using the signal-event proccess.
Again, for more details see SME Server Developer's Guide
[edit] Overview of database variables
The next section describes the standard variables defined on SME Server. Please update this list with new standard variables in future SME Server versions.
The tables below have three columns. The first is the variable, the second is the target variable (located in the final configuration file), and the third is the default value.
A lot of the variables can be set using the server-manager but some can not. For example the variable DomainMaster for samba is not important here, because this can be set through server-manager. On the other hand, the variable RecycleBin is important, because it is not accessible through the server-manager.
Configuration files may use database values from a single configuration key, or may use multiple keys. The latter is the case for the /etc/rc.d/init.d/masq configuration file. This file takes it values from multiple database keys such as squid and masq.
It is also possible that multiple configuration files use the same key. An example of this is the httpd-admin key. This key has a variable TCPPort which is used in multiple files (/etc/httpd/admin-conf/httpd.conf and /etc/services).
[edit] AppleTalk (atalk)
Usage
db configuration setprop atalk variable value signal-event workgroup-update
| Variable | Target | Default |
|---|---|---|
| MaxClients | AFPD_MAX_CLIENTS | 20 |
[edit] Console Mode
Usage - Choose either login or auto DB variable.
config set ConsoleMode login signal-event post-upgrade signal-event reboot
| Variable | Target | Default |
|---|---|---|
| ConsoleMode | Console Setting | login |
[edit] Clam AntiVirus (clamav)
Usage
db configuration setprop clamav variable value signal-event clamav-update
| Variable | Target | Default |
|---|---|---|
| ArchiveBlockEncrypted | ArchiveBlockEncrypted | no |
| ArchiveBlockMax | ArchiveBlockMax | no |
| ArchiveMaxCompressionRatio | ArchiveMaxCompressionRatio | 300 |
| ArchiveMaxFiles | ArchiveMaxFiles | 1500 |
| ArchiveMaxFileSize | ArchiveMaxFileSize | 15M |
| ArchiveMaxRecursion | ArchiveMaxRecursion | 8 |
| Debug | Debug | no |
| DetectBrokenExecutables | DetectBrokenExecutables | no |
| IdleTimeout | IdleTimeout | 60 |
| LeaveTemporaryFiles | LeaveTemporaryFiles | no |
| LogClean | LogClean | yes |
| LogTime | LogTime | yes |
| LogVerbose | LogVerbose | yes |
| MaxConnectionQueueLength | MaxConnectionQueueLength | 30 |
| MaxDirectoryRecursion | MaxDirectoryRecursion | 20 |
| MaxThreads | MaxThreads | 20 |
| ReadTimeout | ReadTimeout | 300 |
| ScanArchive | ScanArchive | yes |
| ScanHTML | ScanHTML | yes |
| ScanMail | ScanMail | yes |
| ScanOLE2 | ScanOLE2 | yes |
| ScanPE | ScanPE | yes |
| SelfCheck | SelfCheck | 1800 |
| StreamMaxLength | StreamMaxLength | 25M |
| Variable | Target | Default |
|---|---|---|
| Checks | Checks | 24 |
| DatabaseMirror | DatabaseMirror | db.local.clamav.net |
| DNSDatabaseInfo | DNSDatabaseInfo | current.cvd.clamav.net |
| LogVerbose | LogVerbose | yes |
| MaxAttempts | MaxAttempts | 6 |
| Variable | Target | Default |
|---|---|---|
| MemLimit | MEMLIMIT | 80000000 |
[edit] DHCP daemon (dhcpd)
Usage
db configuration setprop dhcpd variable value signal-event remoteaccess-update
| Variable | Target | Default |
|---|---|---|
| Bootp | bootp | deny |
[edit] DNS Cache Forwarder (dnscache.forwarder)
Usage
db configuration setprop dnscache variable value signal-event dns-update
| Variable | Target | Default |
|---|---|---|
| CacheSize | CACHESIZE | 1000000 |
| DataLimit | DATALIMIT | 3000000 |
[edit] FlexBackup
Usage
db configuration setprop flexbackup variable value signal-event conf-backup
| Variable | Target | Default |
|---|---|---|
| Blocksize | $blksize | 32 |
| TapeBlocksize | $mt_blksize | 0 |
| BufferProg | $buffer | buffer |
| BufferMegs | $buffer_megs | 20 |
| erase_rewind_only | $erase_rewind_only | false |
| Type | $type | tar |
[edit] Horde (webmail)
Usage
db configuration setprop horde variable value
expand-template /home/httpd/html/horde/conf.menu.aps.php
| Variable | Target | Default |
|---|---|---|
| MenuArray | MenuArray | enabled |
expand-template /home/httpd/html/horde/config/conf.php
| Variable | Target | Default |
|---|---|---|
| Administration | Administration | disabled |
expand-template /home/httpd/html/horde/turba/config/sources.php
| Variable | Target | Default |
|---|---|---|
| freebusy | freebusy | disabled |
| SharedAddressBooks | SharedAddressBooks | disabled |
[edit] Apache server ibay specific (httpd-e-smith)
Usage
db accounts setprop ibayname variable value signal-event ibay-modify ibayname
| Variable | Target | Default |
|---|---|---|
| AllowOverride | AllowOverride | None |
| FollowSymLinks | FollowSymLinks | disabled |
| Indexes | Indexes | enabled |
| PHPRegisterGlobals | register_globals | disabled |
| PHPBaseDir | open_basedir | /home/e-smith/files/ibays/ibayname |
[edit] Apache server-manager (httpd-admin)
Usage
db configuration setprop httpd-admin variable value signal-event remoteaccess-update
| Variable | Target | Default |
|---|---|---|
| TCPPort | TCPPort | 980 |
[edit] IMAP (imap)
Usage
db configuration setprop imap variable value signal-event email-update
| Variable | Target | Default |
|---|---|---|
| ConcurrencyLimit | INSTANCES | 2000 |
| ConcurrencyLimitPerIP | INSTANCES_PER_IP | 12 |
| ProcessMemoryLimit | ulimitdata | 128000000 |
[edit] IMAPS (imaps)
Usage
db configuration setprop imaps variable value signal-event email-update
| Variable | Target | Default |
|---|---|---|
| ConcurrencyLimit | INSTANCES | 2000 |
| ConcurrencyLimitPerIP | INSTANCES_PER_IP | 12 |
| ProcessMemoryLimit | ulimitdata | 128000000 |
[edit] IPTables firewall (masq)
Usage
db configuration setprop masq variable value signal-event remoteaccess-update
| Variable | Target | Default |
|---|---|---|
| Logging | Logging | most |
| Stealth | Stealth | no |
| Tip: |
| Special case is TCPPort and UDPPort from any DB key.
Any Db key named "TCPPort" or "UDPPort" affect masq file. Currently the following keys are included in masq: TCPPort: httpd-admin - sshd - smtpd - ssmtpd |
[edit] Additional information on customizing iptables
Create a custom-named service definition in the configuration database.
db configuration set <servicename> service
Apply your desired firewall restrictions to any existing SME 'service' or to a custom-named service that you have created. Combine a custom-named service with port-forwarding to create customized firewall rules.
db configuration setprop <servicename> TCPPort <portnumber> db configuration setprop <servicename> TCPPorts <portnumbers> db configuration setprop <servicename> UDPPort <portnumber> db configuration setprop <servicename> UDPPorts <portnumbers> db configuration setprop <servicename> status enabled|disabled db configuration setprop <servicename> access public|private db configuration setprop <servicename> AllowHosts a.b.c.d,x.y.z.0/24 db configuration setprop <servicename> DenyHosts e.f.g.h,l.m.n.0/24
Effectuate the changes you have made
signal-event remoteaccess-update
| Variable | Target | Default |
|---|---|---|
| TCPPort | --proto tcp --dport <Ports> | Pre-configured for default services; no default for custom services |
| TCPPorts | --proto tcp --dports <Ports> | No default for custom services; Ranges of ports are defined with a : not a - |
| UDPPort | --proto udp --dport <Ports> | Pre-configured for default services; no default for custom services |
| UDPPorts | --proto udp --dports <Ports> | No default for custom services; Ranges of ports are defined with a : not a - |
| status | disabled | AllowHosts is set to "" (an empty string) unless the status is 'enabled' |
| access | private | AllowHosts is set to "" (an empty string) unless access is 'public' |
| AllowHosts | --src ..... --jump ACCEPT | Pre-configured for default services; no default for custom services. Default is '0.0.0.0/0' if service is enabled and public. |
| DenyHosts | --src ..... --jump denylog | Pre-configured for default services; no default for custom services. If 'DenyHosts' is empty or does not exist then there are no '... --jump denylog' entries created in /etc/init.d/masq. |
[edit] SpamAssasin
Usage
db configuration setprop spamassassin variable value signal-event email-update
| Variable | Target | Default |
|---|---|---|
| DNSAvailable | dns_available | yes |
| OkLanguages | ok_languages | all |
| OkLocales | ok_locales | all |
| ReportSafe | report_safe | 0 |
| Subject | rewrite_header Subject | [SPAM] |
| SkipRBLChecks | skip_rbl_checks | 0 |
| TrustedNetworks | trusted_networks | 127. |
| UseAutoWhitelist | use_auto_whitelist | 0 |
| UseBayes | use_bayes | 0 |
| Sensitivity | required_hits | medium |
[edit] MySQL (mysqld)
Usage
db configuration setprop mysqld variable value expand-template /etc/my.cnf /etc/rc.d/init.d/mysqld restart
| Variable | Target | Default |
|---|---|---|
| InnoDB | InnoDB | disabled |
| LocalNetworkingOnly | LocalNetworkingOnly | yes |
[edit] Network Time Protocol (ntpd)
Usage
db configuration setprop ntpd variable value signal-event timeserver-update
| Variable | Target | Default |
|---|---|---|
| MemLimit | MEMLIMIT | 12000000 |
| Variable | Target | Default |
|---|---|---|
| NTPServer | server | pool.ntp.org |
| SyncToHWClockSupported | SyncToHWClockSupported | yes |
[edit] Php
Usage
db configuration setprop php variable value expand-template /etc/php.ini /etc/init.d/httpd-e-smith restart
| Variable | Target | Default |
|---|---|---|
| MaxExecutionTime | max_execution_time | 30 |
| MemoryLimit | memory_limit | 32M |
| PostMaxSize | post_max_size | 20M |
| UploadMaxFilesize | upload_max_filesize | 10M |
| AllowUrlFopen | allow_url_fopen | Off |
Don't forget "M" unit because you get a lot of httpd errors and apache can't start!
[edit] Virtual Private Network (VPN) (pptpd)
Usage
db configuration setprop pptpd variable value signal-event remoteaccess-update
| Variable | Target | Default |
|---|---|---|
| debug | debug | no |
| Passive | passive | enabled |
| Variable | Target | Default |
|---|---|---|
| debug | debug | no |
[edit] Pro FTP (proftpd)
Usage
db configuration setprop ftp variable value signal-event remoteaccess-update
| Variable | Target | Default |
|---|---|---|
| DisableAnonymous | DisableAnonymous | no |
[edit] Samba global settings (smbd)
Usage
db configuration setprop smb variable value signal-event ibay-modify
| Variable | Target | Default |
|---|---|---|
| RecycleBin | recycle | disabled |
| ShadowCopy | shadow_copy | disabled |
| DeadTime | deadtime | 10080 |
| DisplayCharSet | display charset | ISO8859-1 |
| DosCharSet | dos charset | 850 |
| LogonDrive | logon drive | Z |
| OpLocks | oplocks | enabled |
| OsLevel | os level | 65 |
| ServerString | server string | SME Server |
| SMBPorts | smb ports | 139 |
| UnixCharSet | unix charset | UTF8 |
| UseClientDriver | use client driver | yes |
[edit] Samba per i-bay settings (smbd)
Usage
db accounts setprop ibay_name variable value signal-event ibay-modify
| Variable | Target | Default |
|---|---|---|
| Browesable | browseable | enabled |
| OpLocks | oplocks | enabled |
| RecycleBin | recycle | disabled |
| VetoOplockFiles | veto oplock files | (not set) |
[edit] Squid Proxy (squid)
Usage
db configuration setprop squid variable value signal-event proxy-update
| Variable | Target | Default |
|---|---|---|
| SafePorts | acl Safe_ports port | 80 |
| EnforceSafePorts | EnforceSafePorts | no |
| Variable | Target | Default |
|---|---|---|
| Transparent | Transparent | yes |
| Variable | Target | Default |
|---|---|---|
| TransparentPort | TransparentPort | 3128 |
Alternate Usage for Configuration of an Up-Stream Proxy Server
db configuration set squid-parent-variable value signal-event proxy-update
| squid-parent-variable | Target | Default |
|---|---|---|
| SquidParent | name-or-ip-of-upstream-proxy-server | (none) |
| SquidParentPort | port-number-used-by-upstream-proxy-server | (none) |
[edit] SSH (sshd)
Usage
db configuration setprop sshd variable value signal-event remoteaccess-update
| Variable | Target | Default |
|---|---|---|
| TCPPort | Port | 22 |
| Protocol | Protocol | 2 |
| UsePAM | UsePAM | no |
| MaxAuthTries | MaxAuthTries | 2 |
| MaxStartups | MaxStartups | 10:30:60 |
| PasswordAuthentication | PasswordAuthentication | no |
| PermitRootLogin | PermitRootLogin | no |
| AllowHosts | AllowHosts | IP address(es) list |
| Note: |
| Currently in SME 7.2 and up, TCPPort is configurable via server-manager, under Remote Access menu.
To configure AllowHosts: IP address(es) list is a single IP or a comma separated list of IP addresses and/or netmasks (e.g. 16.17.18.19,203.14.64.0/24). Ssh will then only be allowed from those IP addresses. The firewall code will drop ssh connections from any other hosts. |
[edit] smtpd
Usage
config setprop smtpd variable value signal-event email-update
| Variable | Target | Default |
|---|---|---|
| Instances | Total smtp Instances | 40 |
| InstancesPerIP | smtp-Instances-Per-IP | 5 |
[edit] yum
Usage
config setprop yum variable value signal-event yum-modify
| Variable | Target | Default |
|---|---|---|
| AutoInstallUpdates | Install updates automatically? | disabled |
| EnableGroups | Enable Groups | 0 |
| GPGCheck | Check GPG signature for repositories | 0 |
| PackageFunctions | Display individual packages in 'Software Installer' | disabled |
| RandomDelay | Random Delay | 120 |
| status | Yum's status | enabled |
| RestrictRepo | Repo names whose contents should be excluded from 'Available Packages' in the 'Software Installer' | none |
| RestrictRPM | All or part of an RPM name to be excluded from 'Available Packages' in the 'Software Installer' | none |
See also 'db yum_repositories'
[edit] Miscellaneous Other DB Variables
|
| Note: |
This is meant to be an easy place to add db variable information if you don't have time to put it into the correct section(s) above. You can find most of the template fragments affected by a given db variable if you execute:
cd /etc/e-smith fgrep -lR variable templ*/* | less where variable is the name of the variable using correct capitalization Note that any command listed here is to be executed on one line! |
| Command | service(s) | config file(s) | notes |
|---|---|---|---|
| db domains setprop test.com MailServer a.b.c.d | qpsmtpd; qmail; fetchmail | /var/service/qpsmtpd/config/goodrcptto; /var/service/qpsmtpd/config/peers/local; /var/service/qpsmtpd/config/peers/0; /var/service/qpsmtpd/plugins; /var/service/qmail/control/virtualdomains; /var/service/qmail/control/smtproutes; /etc/fetchmail | Forward all email for the specified domain to the IP address a.b.c.d. a.b.c.d can be either local or remote. By default, the recipient address will be verified as valid on a.b.c.d before SME accepts the inbound message. |
| config set SquidParent <hostname or IP> | squid, diald | /etc/diald.filter, /etc/squid/squid.conf | Configure squid to peform all web downloads from the specified upstream proxy server |
| config set SquidParentPort <portnumber> | squid | /etc/squid/squid.conf | Connect to the upstream proxy server using <portnumber>. Defaults to 3128 if 'SquidParentPort' is unspecified. Ignored if SquidParent is not set. |
| config delete SquidParent | squid, diald | /etc/squid/squid.conf, /etc/diald.filter | Return squid to normal operation (no upstream proxy server) |
| db accounts setprop username Visible internal ; signal-event email-update | n/a | n/a | Make an email address invisible from outside? (see http://forums.contribs.org/index.php?topic=36302.0) |
| db accounts setprop pseudonym Visible internal ; signal-event email-update | n/a | n/a | Make an pseudonym email address invisible from outside |
| db <database> delprop key property ; /etc/e-smith/events/actions/initialize-default-databases | various | various | Restore the developers' default value for property |
| db <database> delete key ; /etc/e-smith/events/actions/initialize-default-databases | various | various | Restore the developers' default value for each property belonging to the key key |
| command | service(s) | config file(s) | notes. Copy this block when adding new entries to this table. |
