859
edits
Changes
Jump to navigation
Jump to search
Line 2:
Line 2: + + + + + + + + + + + + + Line 9:
Line 22: − ou+ Line 18:
Line 31: + + + + + + + + + Line 92:
Line 114: − AllowUrlfOpen : enabled/disabled + − Line 200:
Line 221: + + + + Line 214:
Line 239: + + + + Line 236:
Line 265: + + Line 260:
Line 291: + + − |- − | hdparm -Tt /dev/mdx (where x is 0,1,2,etc) || shows software raid performance − |- − | mdadm --detail /dev/mdx (where x is 0,1,2,etc) || gives raid info − |- − | cat /proc/mdstat || shows software raid Line 280:
Line 307: + + Line 292:
Line 321: + + Line 301:
Line 332: + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Line 317:
Line 387: + + + + + + + + + + + Line 328:
Line 409: − + + − + + + + + + + + + + + + + + + + + + + Line 372:
Line 472: + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Line 408:
Line 539: + + + + + + Line 425:
Line 562: + + + + Line 434:
Line 575: − + Line 473:
Line 614: + + + + Line 483:
Line 628: − + Line 493:
Line 638: + + + + Line 500:
Line 649: − + Line 509:
Line 658: − + Line 521:
Line 670: + + + + + + + + + + + + + + − + − + Line 534:
Line 697: − + + + + + + + − + Line 576:
Line 745: − + − + Line 584:
Line 753: + − expand-template /etc/mail/spamassassin/local.cf + − svc -t /service/spamd + + Line 606:
Line 777: + + + + + Line 620:
Line 796: − + Line 627:
Line 803: − + Line 763:
Line 939: − + Line 804:
Line 980: + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Line 856:
Line 1,067: + + + Line 918:
Line 1,132: − + − + + + + + − + − + − + + Line 948:
Line 1,167: − + − + − + + + + + + + + + + + + + + + + + Line 956:
Line 1,191: − + − [http://linuxcommand.org/man_pages/chkconfig8.html chkconfig] provides a simple command-line tool for maintaining the /etc/rc[0-6].d directory hierarchy by relieving system administrators of the task of directly manipulating the numerous symbolic links in those directories.+ − You need to say to SME Server to add the script to each run level you have specified at the top of your init script( Default-Start: 2 3 4 5 and Default-Stop: 0 1 6 ). For Linux using rpm as centos or redhat, you can use+ + + + − chkconfig YOUR_SERVICE_NAME --add − You can set the levels where the initscript has to start+ − chkconfig YOUR_SERVICE_NAME --level 2345 on + + + − If you want to see which runlevel your script will run in − chkconfig YOUR_SERVICE_NAME --list+ − you can pipe the command+ − chkconfig --list | egrep "nfs|rpc" − example : − # chkconfig dhcp-dns --list − dhcp-dns 0:arrêt 1:arrêt 2:marche 3:marche 4:marche 5:marche 6:arrêt − ===allow a service to start for a particular time===+ − {{Note box| '''If you want to start a service at boot time, a relevant page needs [[Add_a_custom_service|also your attention ]]'''}}+ − If your package implements a server or daemon, you will probably want it to be started automatically when the system boots. The SME Server boots in runlevel 7, so you can get an idea of the startup processes by listing the contents of /etc/rc.d/rc7.d. − These are similar to the init scripts you may be familiar with from other Linux systems, with one important difference. Instead of pointing to scripts within /etc/rc.d/init.d, all of those init entries are links to /etc/rc.d/init.d/e-smith-service. This is a wrapper which checks the configuration database to see if the service is supposed to be running and if so, starts the service from /etc/rc.d/init.d/whatever. − So for example, you might have:+ + + + + + − S90squid -> /etc/rc.d/init.d/e-smith-service+ − The e-smith-service script looks up the name it was invoked with (S90squid), drops the prefix (leaving squid), checks the configuration database for the "squid" service, then if it's supposed to run, does:+ − − /etc/rc.d/init.d/squid start − − * with this way SME's knows how to/if start the service at startup − − config set '''myapplicationname''' service status enabled − − cd /etc/rc.d/init.d − ln -s /path/to/myinitscript '''myapplicationname''' − − '''We are creating a symlink of the original startup script with a new name (the point is that '''myapplicationname''' must be identical to the service name above)''' − − cd /etc/rc7.d − ln -s /etc/rc.d/init.d/e-smith-service '''SXXmyapplicationname''' − − we create a symlink to e-smith-service startup script with a name where: S tells SME to start XX are numbers − − You can decide when to start the service '''myapplicationname''', but you should not start something that need the network before the network itself is up and running. Therefore you can see the content of /etc/rc7.d and see which scripts are needed to execute your new startup script − − signal-event remoteaccess-update − service '''myapplicationname''' start − ====Creating or deleting a service==== − − *Creating and starting service − − ln -f -s /etc/rc.d/init.d/e-smith-service /etc/rc7.d/S98popfile − /sbin/e-smith/db configuration set popfile service status enabled − /sbin/e-smith/signal-event remoteaccess-update − service popfile start − − *Deleting and unregistering service − − service popfile stop − sleep 3 − rm -f /etc/rc7.d/S98popfile − rm -f /etc/rc.d/init.d/popfile − /sbin/e-smith/config delete popfile − /sbin/e-smith/signal-event remoteaccess-update − − ====Create a service with db command and set network access==== − − − Create a custom-named service definition in the configuration database. − − db configuration set <servicename> service − − Apply your desired firewall restrictions to any existing SME 'service' or to a custom-named service that you have created. Combine a custom-named service with port-forwarding to create customized firewall rules. − − db configuration setprop <servicename> TCPPort <portnumber> − db configuration setprop <servicename> TCPPorts <portnumbers> # Ranges of ports are defined with a : not a - − db configuration setprop <servicename> UDPPort <portnumber> − db configuration setprop <servicename> UDPPorts <portnumbers> # Ranges of ports are defined with a : not a - − db configuration setprop <servicename> status enabled|disabled − db configuration setprop <servicename> access public|private − db configuration setprop <servicename> AllowHosts a.b.c.d,x.y.z.0/24 − db configuration setprop <servicename> DenyHosts e.f.g.h,l.m.n.0/24 − − − Effectuate the changes you have made − signal-event remoteaccess-update Line 1,060:
Line 1,237: + + + + + + Line 1,130:
Line 1,313: −
→PHP settings only for SME9
==SME Server locale==
==SME Server locale==
By default the sme server 8 locale is ISO-8859-1ldapsear
By default the sme server 8 locale is ISO-8859-1ldapsear
==ACL==
===See ACL===
getfacl /path/2/files/or/folders
===set ACL===
setfacl -P -R -m u:apache:rwX,d:u:apache:rwX /path/2/files/or/folders
-R : recursive<br />
-P : physical, follow symlinks
==Apache Related Commands==
==Apache Related Commands==
expand-template /etc/httpd/conf/httpd.conf
expand-template /etc/httpd/conf/httpd.conf
sv h /service/httpd-e-smith
sv h /service/httpd-e-smith
or
/sbin/e-smith/expand-template /etc/httpd/conf/httpd.conf
/sbin/e-smith/expand-template /etc/httpd/conf/httpd.conf
/usr/bin/sv h /service/httpd-e-smith
/usr/bin/sv h /service/httpd-e-smith
or
or
sv t /service/httpd-e-smith
sv t /service/httpd-e-smith
=====SME10=====
How do I start, restart, stop, reload and check the status of a service (httpd-e-smith.service) with systemd.
# systemctl start httpd-e-smith.service
# systemctl restart httpd-e-smith.service
# systemctl stop httpd-e-smith.service
# systemctl reload httpd-e-smith.service
# systemctl status httpd-e-smith.service
====Enable AllowOverride All/None====
====Enable AllowOverride All/None====
signal-event ibay-modify ibayname
signal-event ibay-modify ibayname
AllowUrlFopen : enabled/disabled
MemoryLimit : set a M as unit, eg 64M
MemoryLimit : set a M as unit, eg 64M
UpMaxFileSize : set a M as unit, eg 64M
UpMaxFileSize : set a M as unit, eg 64M
PostMaxSize : set a M as unit, eg 64M
PostMaxSize : set a M as unit, eg 64M
MaxExecTime: unlimited or set time in second without units, eg 60
MaxExecTime: unlimited or set time in second without units, eg 60
====PHPinfo====
====PHPinfo====
signal-event post-upgrade
signal-event post-upgrade
signal-event reboot
signal-event reboot
alternately
config show modSSL
config delprop modSSL crt key CertificateChainFile
signal-event ssl-update
==Command-Line Quick Reference Guide==
==Command-Line Quick Reference Guide==
|-
|-
| httpd -t || verify the syntax of the configuration file of apache
| httpd -t || verify the syntax of the configuration file of apache
|-
| httpd -tf /path/to/config/file || verify the syntax of the specified configuration file of apache
|-
| httpd -t -D DUMP_MODULES || display all loaded modules of apache
|-
|-
| mysql -v || mysql version
| mysql -v || mysql version
|-
|-
| ps -AH || report process status
| ps -AH || report process status
|-
| ps fax || display processes by tree with their pid
|-
|-
| top || shows processes
| top || shows processes
|-
|-
| grep -nsri server-manager.jpg /etc/e-smith/ || search the file server-manager.jpg in the path directory /etc/e-smith
| grep -nsri server-manager.jpg /etc/e-smith/ || search the file server-manager.jpg in the path directory /etc/e-smith
|-
| grep -P '^www |apache' /etc/group || search after patterns which start by www and/or apache in /etc/group
|-
|-
| tail -f /var/log/<LOGFILE> || realtime viewing of your log file
| tail -f /var/log/<LOGFILE> || realtime viewing of your log file
|-
|-
| tar -czvf foo.tar.gz foo || creates a tar/zip file of a directory
| tar -czvf foo.tar.gz foo || creates a tar/zip file of a directory
|-
|-
| sed '/abba/Id' file.txt || remove all '''lines''' with the string 'abba' (case sensitive) in the file.txt
| sed '/abba/Id' file.txt || remove all '''lines''' with the string 'abba' (case sensitive) in the file.txt
|-
| sed -n '/^www/p' /etc/group || print all line starting by www in the file /etc/group
|-
|-
| watch mysqladmin process || shows the mysql processes running
| watch mysqladmin process || shows the mysql processes running
|-
|-
| pstree || pstree shows running processes as a tree. The tree is rooted at either pid or init if pid is omitted.
| pstree || pstree shows running processes as a tree. The tree is rooted at either pid or init if pid is omitted.
|-
| clamdtop || clamdtop is a tool to monitor one or multiple clamd(s), that shows the jobs in clamd’s queue, memory usage, and information about the loaded signature database.
|}
|}
cd /home/e-smith
cd /home/e-smith
du --si --max-depth 1
du --si --max-depth 1
====UID/GID====
* see informations of a user
id USER
*change the uid of a user
usermod -u '''UID''' USER_NAME
* create a group
groupadd -g '''GID''' -o GROUPE_NAME
* modify the GID of a group
groupmod -o -g '''GID''' GROUPE_NAME
* add a principal group to a user
usermod -g '''GROUP_NAME_OR_GID''' USER_NAME
* add a secondary group to a user
usermod -a -G '''GROUP_NAME_OR_GID''' USER_NAME
====usermod====
*change the home directory (-m move files/folders to the new location)
usermod -d /var/lib/jdownloader jdownloader
* change the shell access of a user
usermod --shell /bin/bash jdownloader
====Read a TAI64N timestamp in human readable format====
[http://cr.yp.to/daemontools/tai64nlocal.html tai64nlocal] converts precise TAI64N timestamps to a human-readable format.
tai64nlocal reads lines from stdin. If a line does not begin with @, tai64nlocal writes it to stdout without change. If a line begins with @, tai64nlocal looks for a timestamp after the @, in the format printed by tai64n, and writes the line to stdout with the timestamp converted to local time in ISO format: YYYY-MM-DD HH:MM:SS.SSSSSSSSS. <br />
Eg
cat /var/log/qpsmtpd/current |tai64nlocal|less
Or
tailf /var/log/sshd/current | tai64nlocal
====adjust the ntp time====
if you want to set the correct time via ntpd without restarting the server<br />
in a root terminal
/etc/init.d/ntpd stop
ntpdate pool.ntp.org
/etc/init.d/ntpd start
and to verify
date
====create missing group and set gid====
====create missing group and set gid====
# perl -Mesmith::ethernet -e "print esmith::ethernet::probeAdapters();"
# perl -Mesmith::ethernet -e "print esmith::ethernet::probeAdapters();"
EthernetDriver1 e1000 08:00:27:23:85:a6 "Intel Corporation 82540EM Gigabit Ethernet Controller (rev 02)"
EthernetDriver1 e1000 08:00:27:23:85:a6 "Intel Corporation 82540EM Gigabit Ethernet Controller (rev 02)"
alternatively, and only for SME9 or greater, you can use
# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether AA:BB:CC:DD:EE:FF brd ff:ff:ff:ff:ff:ff
inet 11.22.22.44/XY brd 11.22.33.255 scope global eth0
3: dummy0: <BROADCAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN
link/ether 10:00:01:02:03:04 brd ff:ff:ff:ff:ff:ff
inet 192.168.45.1/24 brd 192.168.45.255 scope global dummy0
====find files by their size====
====find files by their size====
‘G’ for Gigabytes (units of 1073741824 bytes)
‘G’ for Gigabytes (units of 1073741824 bytes)
====how many data the server is storing by users====
====reduce root's user reserved space====
as a default, 5% of the disk space is allocated to root user
You can adapt that command line to your needs, here we can see the used disk spaceof all emails stored by your users on your system.
you can reduce the allocated space to 1% with (for LVM)
tune2fs -m 1 /dev/mapper/main-root
if you're not using LVM, use
df -h
to see where / is mounted
====find files by the Name====
find ~/smeserver/ -name 'e-smith-backup-2.4.0*'
or use (updatedb is launched every night)
updatedb
locate e-smith-backup-2.4.0
====how much mail data per user is stored on the server====
You can adapt that command line to your needs, here we can see the used disk spaceof all emails stored by your users on your SME Server.
du -s /home/e-smith/files/users/*/Maildir | sort -rn | cut -f2- | xargs -d "\n" du -sh
du -s /home/e-smith/files/users/*/Maildir | sort -rn | cut -f2- | xargs -d "\n" du -sh
the history command can be useful in combination with added comments to shell commands for more precise analysis or (automatic) reporting based on a shell script and cron.
the history command can be useful in combination with added comments to shell commands for more precise analysis or (automatic) reporting based on a shell script and cron.
====Find open ports====
* netstat
# netstat -anp|grep 5232
tcp 0 0 192.168.12.233:5232 0.0.0.0:* LISTEN 2028/python
* nmap
nmap can specify if a port is closed or not
yum install nmap
nmap localhost -p 5232
===Raid===
You have a lot of interesting tutorial [http://wiki.contribs.org/Category:Administration:Storage concerning the Raid]
==== shows software raid performance ====
hdparm -Tt /dev/mdX
(where X is 0,1,2,etc)
==== gives raid info ====
mdadm --detail /dev/mdX
(where X is 0,1,2,etc)
==== shows software raid ====
cat /proc/mdstat
==== remove the degraded raid ====
when you install the smeserver with one drive and in a degraded raid, you will see a 'U_' state but without warnings. If you want to leave just one 'U'
mdadm --grow /dev/md0 --force --raid-devices=1
mdadm --grow /dev/md1 --force --raid-devices=1
===RPM's===
===RPM's===
|-
|-
| rpm --setperms <packagename> || set right permissions to rpm
| rpm --setperms <packagename> || set right permissions to rpm
|-
| rpm -e --noscripts <packagename> || remove packagename without executing sciptlets (%pre, %post, %preun, %postun)
|-
|-
| rpm -Va || capture any damaged/incomplete rpms - but will also show lots of configuration files, which you of course expect to be modified.
| rpm -Va || capture any damaged/incomplete rpms - but will also show lots of configuration files, which you of course expect to be modified.
|}
|}
====Find upstream rpms patched by contribs.org====
For the need of the distribution we ought to patch some upstream rpms, this is the list
rpm -qa --qf "%{name} %{BuildHost}\n" | grep -P 'build64\-1|builder.koozali.org' | awk '{print $1}' | grep -vP '^smeserver|e\-smith' | sort
====Restore all permissions and ownership====
====Restore all permissions and ownership====
|-
|-
| yum remove <packagename> || removes packagename
| yum remove <packagename> || removes packagename
|-
| yum history package-info <packagename> || Shows the installation/removal history of a package and it's Transaction ID [http://yum.baseurl.org/wiki/YumHistory see more commands]
|-
| yum history undo <Transaction ID> || Removes all packages from a specific Transaction ID [http://yum.baseurl.org/wiki/YumHistory see more commands]
|-
|-
| yum list updates || list updates to any installed package
| yum list updates || list updates to any installed package
| yum search <packagename> || lists all packages in all repos matching packagename
| yum search <packagename> || lists all packages in all repos matching packagename
|-
|-
| yum clean all || Is used to clean up various things which accumulate in the yum cache
| yum clean all --enablerepo=* || Is used to clean up various things which accumulate in the yum cache (includes disabled repos)
|-
|-
| yum --enablerepo=<reponame> <command> || enables a repo not normally enabled
| yum --enablerepo=<reponame> <command> || enables a repo not normally enabled
See the ownership of LDAP database (must be owned ldap:ldap)
See the ownership of LDAP database (must be owned ldap:ldap)
ll /var/lib/ldap/
ll /var/lib/ldap/
===ldif-fix===
it just prints what changes are needed in the ldap tree. With -u instead of -d, those changes are applied
/var/service/ldap/ldif-fix -d
===Parse the ldap catalogue===
===Parse the ldap catalogue===
===namingContexts===
===namingContexts===
we can conduct a simple search of the naming context to see our directory information you can display 'dn' LDAP parameters, either by the [[SME_Server:Documentation:Administration_Manual:Chapter13#Directory|server-manager]] or by the command line :
we can conduct a simple search of the naming context to see our directory information you can display 'dn' LDAP parameters, either by the [[SME_Server:Documentation:Administration_Manual:Chapter13#Directory|server-manager]] or by the command line :
ldapsearch -x -b '' -s base '(objectclass=*)' namingContexts
ldapsearch -x -b '' -s base '(objectclass=*)' namingContexts''
or you can do
or you can do
ldapsearch -x -h localhost -s base |grep 'dn'
ldapsearch -x -h localhost -s base |grep 'dn'
# stephane.dtdns.net
# stephane.dtdns.net
'''dn: dc=mycompany,dc=local'''
'''dn: dc=mycompany,dc=local'''
====Retrieve the ldap base====
in a template you can do
baseDN = "ou=Users,{ esmith::util::ldapBase($DomainName); }";
===request a listing of all entries===
===request a listing of all entries===
===Bind with a specific user on LDAP===
===Bind with a specific user on LDAP===
Try to connect to ldap with credentials of a specific user and see the LDAP catalogue. Find the ''''dc'''' by the chapter [[Useful_Commands#namingContexts|above]]
Try to connect to ldap with credentials of a specific user and see the LDAP catalogue. Find the '<nowiki/>'''dc'''' by the chapter [[Useful_Commands#namingContexts|above]]
===Check a specific user in LDAP catalogue===
===Check a specific user in LDAP catalogue===
display informations on the user requested. Find the ''''dc'''' by the chapter [[Useful_Commands#namingContexts|above]]
display informations on the user requested. Find the '<nowiki/>'''dc'''' by the chapter [[Useful_Commands#namingContexts|above]]
'''for sme9'''
'''for sme9'''
'''for sme8'''
'''for sme8'''
ldapsearch -x -D cn=root,dc=mycompany,dc=local -w $(cat /etc/ldap.secret) -b ou=Users,dc=mycompany,dc=local "uid=stephane"
ldapsearch -x -D cn=root,dc=mycompany,dc=local -w $(cat /etc/ldap.secret) -b ou=Users,dc=mycompany,dc=local "uid=stephane"
===Retrieve the ldap password===
* directly in a terminal
perl -Mesmith::util -e 'print esmith::util::LdapPassword();'
* in a template
my $pwd = esmith::util::LdapPassword();
if you need to call the ldap password in a script you can invoke this bash variable
* for sme8
PWD=$(cat /etc/ldap.secret)
* for sme9
PWD=$(cat /etc/pam_ldap.secret)
==Log==
==Log==
===Parse Log to find errors===
===Parse Log files to search for errors===
When you want to test the SME Product it can be useful to see what it occurs
When you want to test the SME Product it can be useful to see what it occurs.
This CL can help you, but you should read the entire log
This CL can help you, but you should read the entire log
grep -iE "uninitialized|WARNING|ERROR" /var/log/messages
grep -iE "uninitialized|WARNING|ERROR" /var/log/messages
{{Note box| you have now a tool in your hand to parse logfile : [[Audit_Tools#logcheck]]. You should be aware that tool is here to help to find errors in the development side of the SME Server and thus you could have a lot of false positive}}
{{Note box| you have now a tool in your hand to parse logfile : [[Audit_Tools#logcheck]]. You should be aware that tool is here to help to find errors in the development side of the SME Server and thus you could have a lot of false positive}}
* a verbose version
=== '''Parse log for hack / phishing for missing files''' ===
<syntaxhighlight lang="bash">
EXTIP=`curl -s ifconfig.me/ip`
grep "File does not exist" /var/log/httpd/error_log | sed -e 's#\: /#\n#' | grep "home" | sort -u | sed -e "s#$EXTIP#\<IP\>#g" > dict_err.txt
# grep "File does not exist" /var/log/httpd/admin_error_log | sed -e 's#\: /#\n#' | grep "home" | sort -u | sed -e "s#$EXTIP#\<IP\>#g" > dict_admin_err.txt
</syntaxhighlight>
* verbose output
less /var/log/messages| grep -iE "useless|uninitialized|warn|fail|error|disable|unable|exit"
less /var/log/messages| grep -iE "useless|uninitialized|warn|fail|error|disable|unable|exit"
* look all logs with a verbose version
* search all logs with verbose output
less /var/log/* | grep -iE "useless|uninitialized|warn|fail|error|disable|unable|exit"
less /var/log/* | grep -iE "useless|uninitialized|warn|fail|error|disable|unable|exit"
===Whitelist and Blacklist===
===Whitelist and Blacklist===
If mail comes in and it is misclassified as spam, you can add the sender to the whitelist so that future messages coming in from that sender are not filtered.
If mail comes in and it is misclassified as spam by Spamasassin, you can add the sender to the Spamassassin whitelist so that future messages coming in from that sender are not filtered.
Conversely, you can add a spammer to the blacklist so you never see their spam again.
Conversely, you can add a spammer to the Spamassassin blacklist so you never see their spam again.
Add senders (or their entire domains) to the global whitelist (or blacklist) with commands similar to these (as root):
Add senders (or their entire domains) to the global whitelist (or blacklist) with commands similar to these (as root):
db spamassassin setprop wbl.global user@domain3.com White
db spamassassin setprop wbl.global user@domain3.com White
db spamassassin setprop wbl.global spammer@spamdomain.com Black
db spamassassin setprop wbl.global spammer@spamdomain.com Black
expland template and save the configuration to the database
expland template and save the configuration to the database
signal-event email-update
You can view the lists with this command:
You can view the lists with this command:
db spamassassin show
db spamassassin show
These lists can be also controlled by the server-manager with the wbl contrib http://wiki.contribs.org/Email_Whitelist-Blacklist_Control
==MySQL==
==MySQL==
'''do not modify these files.'''
'''do not modify these files.'''
* directly in a terminal
perl -Mesmith::util -e 'print esmith::util::LdapPassword();'
* in a template
my $pwd = esmith::util::LdapPassword();
if you need to call the mysql password in a script you can invoke this bash variable
if you need to call the mysql password in a script you can invoke this bash variable
mysql
mysql
create database '''databasename''';
create database '''databasename''';
grant all privileges on '''databasename'''.* to '''username''' identified by ''''password'''';
grant all privileges on '''databasename'''.* to '''username''' identified by '<nowiki/>'''password'''';
flush privileges;
flush privileges;
exit
exit
mysql -e "create database '''databasename''';"
mysql -e "create database '''databasename''';"
mysql -e "grant all privileges on '''databasename'''.* to '''username''' identified by ''''password'''';"
mysql -e "grant all privileges on '''databasename'''.* to '''username''' identified by '<nowiki/>'''password'''';"
mysql -e "flush privileges;"
mysql -e "flush privileges;"
===Configure <b><u>PHP Basedir</u></B> Restriction per ibay===
===Configure <b><u>PHP Basedir</u></b> Restriction per ibay===
db accounts setprop IBAYNAME PHPBaseDir DIR1:DIR2:DIRn
db accounts setprop IBAYNAME PHPBaseDir DIR1:DIR2:DIRn
For SME9 exclusively see [[Useful_Commands#PHP_settings_only_for_SME9]]<br />
For SME9 exclusively see [[Useful_Commands#PHP_settings_only_for_SME9]]<br />
Not secure. Instead use per ibay or directory.
Not secure. Instead use per ibay or directory.
==SAMBA==
===shows samba mappings to nt groups===
net groupmap list
===manage the SAM database(Database of Samba Users)===
The pdbedit program is used to manage the users accounts stored in the sam database and can only be run by root.
pdbedit -u USER -v
for example
pdbedit -u stephane -v
===check an smb.conf configuration===
testparm - check an smb.conf configuration file for internal correctness
testparm -vs
===The Trust Relationship Failure===
Using Samba 3 sometimes some Windows computers fall off the domain, resulting in a trust relationship failure.
The trust relationship between this workstation and the primary domain failed.
This is generally caused by mis-matched work-station and domain controller account passwords. To reset this you must un-join/re-join the domain.
===enable samba audit logs for ibays===
Samba audit logging can be enabled for ibays using db variables.
Samba activity is logged in /var/log/samba/samba_audit
To enable audit logging for an ibay named "fileshare":
<nowiki>db accounts setprop fileshare Audit enabled
signal-event ibay-modify fileshare</nowiki>
To enable audit logging for every ibay on your server:
<nowiki>for ibay in $(db accounts show |grep \=ibay |cut -d= -f1); do db accounts setprop $ibay Audit enabled; done
signal-event ibay-modify</nowiki>
The details of what gets logged are controlled by /etc/e-smith/templates/etc/smb.conf/ibays/10smbaudit
==SME Server specific==
==SME Server specific==
& to check it's running
& to check it's running
sv s /service/squid
sv s /service/squid
===SystemConfig===
Some relative Informations to your system are recorded in the configuration database
config show sysconfig
===db command===
===db command===
{{note box|SME Server comes with the most used parameters set as variables in its internal configuration databases. These variables are used to store values to be used in the final configuration files. Please, read the [[SME_Server:Documentation:Developers_Manual:Section2]] to understand the template and database process.}}
{{note box|SME Server comes with the most used parameters set as variables in its internal configuration databases. These variables are used to store values to be used in the final configuration files. Please, read the [[SME_Server:Documentation:Developers_Manual:Section2]] to understand the template and database process.}}
===Modify Hidden settings of users===
===Modify Hidden settings of users===
====Give a shell access to "user"====
====Grant bash access to a "user"====
db accounts setprop '''user''' Shell /bin/bash
db accounts setprop '''user''' Shell /bin/bash
signal-event user-modify user
signal-event user-modify '''user'''
====Grant vpn access to a "user"====
db accounts setprop '''user''' VPNClientAccess yes
signal-event user-modify '''user'''
====Give a Sudo access to "user"====
====Grant sudo access to a "user"====
db accounts setprop '''user''' Sudoer yes
db accounts setprop '''user''' Sudoer yes
signal-event user-modify user
signal-event user-modify '''user'''
====Chroot "user" on FTP usage====
====Chroot "user" on FTP usage====
db accounts setprop '''user''' ChrootDir /home/e-smith/files/users/user/home
db accounts setprop '''user''' ChrootDir /home/e-smith/files/users/user/home
signal-event user-modify user
signal-event user-modify '''user'''
=== General Service Handling ===
=== General Service Handling ===
====SME9====
SME Server uses [http://smarden.org/runit/ runit], a UNIX init scheme with service supervision. See the man page of [http://smarden.org/runit/sv.8.html the 'sv' command]
SME Server uses [http://smarden.org/runit/ runit], a UNIX init scheme with service supervision. See the man page of [http://smarden.org/runit/sv.8.html the 'sv' command]
{{tip box|you may use TAB to auto-complete your command line}}
{{tip box|you may use TAB to auto-complete your command line}}
you have some shortcuts
down => 'd',
====Example====
stop => 'd',
up => 'u',
start => 'u',
restart => 't',
sigterm => 't',
adjust => 'h',
reload => 'h',
sighup => 'h',
sigusr1 => '1',
sigusr2 => '2',
once => 'o',
pause => 'p',
alarm => 'a',
interrupt => 'i',
quit => 'q',
kill => 'k',
exit => 'x',
Restarting:
Restarting:
sv t /service/httpd-e-smith
sv t /service/httpd-e-smith
===chkconfig and runlevel information===
====SME10====
'''Systemctl''' is a '''systemd''' utility that is responsible for Controlling the '''systemd''' system and service manager. '''Systemd''' is a collection of system management daemons, utilities, and libraries which serves as a replacement of '''System V init''' daemon. Systemd functions as central management and configuration platform
To list all loaded services on your system (whether active; running, exited or failed, use the '''list-units''' subcommand and <code>--type</code> switch with a value of service.
# systemctl list-units --type=service
OR
# systemctl --type=service
But to get a quick glance of all running services (i.e all loaded and actively running services), run the following command.
# systemctl list-units --type=service --state=running
OR
# systemctl --type=service --state=running
List all failed units.
# systemctl --failed
Check whether a Unit or Service is running or not?.
# systemctl status httpd-e-smith
How do I start, restart, stop, reload and check the status of a service ('''httpd.service''') in Linux.
# systemctl start httpd-e-smith.service
# systemctl restart httpd-e-smith.service
# systemctl stop httpd-e-smith.service
# systemctl reload httpd-e-smith.service
# systemctl status httpd-e-smith.service
===Add a custom service===
see this [[Add_a_custom_service |page]]
[[DB_Variables_Configuration#Additional_information_on_customizing_iptables]]
==SSL==
==SSL==
*on a remote host
*on a remote host
openssl s_client -connect yourdomain:993
openssl s_client -connect yourdomain:993
===SSL Signature algorithm===
you can verify the algorithm signature of your certificate<br />
for example
openssl x509 -noout -text -in /home/e-smith/ssl.pem/sme9dev2.mycompany.local.pem
== SSH ==
== SSH ==
https://localhost:9443/server-manager
https://localhost:9443/server-manager