mserver.log

This week a windows machine in my home network crashed. It was using POP to retrieve emails from our ISP. IMAP was no option due to a 50MB Inbox restriction on their side. Luckily I was able to recover the .pst files for outlook so there was not really a big problem there. However I started thinking of a solution to get the email from the ISP onto a server in the home network. Then this server would provide a IMAP service for getting the email. In this way, the email could also be shared between multiple machines and since I’m synchronizing all servers in the home-network regularly I would always have a backup.

So I needed:

• An IMAP server.
• An email fetcher to get the email from the ISP

I already had the IMAP server configured. Dovecot if you are wondering. Together with Exim 4 as my MTA. So, I needed a mechanism to fetch my email. So, I started googling. In the end using the wrong keywords, because all I ended up with were IMAP proxies, which I don’t need. Finally, I tried posting on a forum and somebody there suggested fetchmail. How obvious!!

Anyway, I looked up the fetchmail documentation a bit and it seems to do everything I need.

So, I installed fetchmail:

apt-get install fetchmail

After reading the debian documentation I ended up creating a fetchmailrc file:

touch /etc/fetchmailrc

There are many options in this file but I’ll show you what I’ve put in there:

set syslog              # We want logging to go to syslog
set no bouncemail       # We trust the ISP's spam filter
 
poll pop.isp.tld with proto POP3   # A new POP3 poller
user USERNAME there with password PASSWORD is UNIX_ACCOUNT here
antispam -1             # We trust the ISP's spam filter

Where USERNAME is the user name of the user to authenticate with to your ISP. PASSWORD is the password that belongs to that user name. UNIX_ACCOUNT specifies the local account to deliver the emails to. For examle I put my name there since that is the account I use on that machine.

If you want to leave a copy of the email on the ISP’s server, you should use the ‘keep’ parameter on the poller you would like to use it for.

edit /etc/default/fetchmail so that ‘START_DAEMON’ says ‘yes’:

START_DAEMON=yes

Start the fetchmail service

/etc/init.d/fetchmail start

Use:

tail -f /var/log/syslog

To see how your mail fetcher is doing.

You might also wonder about the plain-text passwords in the /etc/fetchmailrc file:

-rw-------   1 fetchmail root      287 2008-09-19 13:47 fetchmailrc

As you can see you’ll need root access to see the file.

Fetchmail is a very complete application, with lots of options. I really recommend taking a look at this application and see what it can do for you.

First of all I should note that we are installing tomcat 5.5 with jdk 1.5. There is no jdk 1.6 in debian etch.

Let’s install java and tomcat:

apt-get install sun-java5-jdk tomcat5.5 tomcat5.5-admin

If you are asked to accept some licenses, please do so. Next step is to setup a user for the tomcat user interface. Edit the file /usr/share/tomcat5.5/conf/tomcat-users.xml and add an entry like:

<user username="admin" password="admin" roles="standard,manager"/>

Replace the username and password with your preferred values. Your file should now look somewhat like:

<?xml version='1.0' encoding='utf-8'?>
<tomcat-users>
  <role rolename="tomcat"/>
  <role rolename="role1"/>
  <role rolename="standard"/>
  <role rolename="manager"/>
  <user username="tomcat" password="tomcat" roles="tomcat"/>
  <user username="both" password="tomcat" roles="tomcat,role1"/>
  <user username="role1" password="tomcat" roles="role1"/>
  <user username="admin" password="admin" roles="standard,manager"/>
</tomcat-users>

Only thing left to do is:

/etc/init.d/tomcat5.5 restart

Verify your configuration by browsing to http://serverip:8180/manager/html and login with the earlier defined credentials. If you look at the server information you should see a JVM version like ‘1.5.0_14-b03′.

So, now you can deploy .war files or you can configure (putting it on port 80 for example) your tomcat some more. Remember to use:

/etc/init.d/tomcat5.5 restart

after every configuration change.

A note on JDK 1.6. You could of course install the 1.6 JDK by downloading it from java.sun.com and installing it. To make tomcat actually use the new JVM you should place the location by putting the JAVA_HOME variable somewhere above the line ‘PATH=/bin:/usr/bin:/sbin:/usr/sbin’ in the ‘/etc/init.d/tomcat5.5′ file:

JAVA_HOME=/path/to/your/jvm
PATH=/bin:/usr/bin:/sbin:/usr/sbin

A long time ago I installed a server with php5-cli, postgresql-8.1 and curl. I was getting segmentation faults, so that was somewhat nasty. Eventually I fixed it. Last week I installed the same configuration on another machine and I got the segfaults back again. At first, I thought, what’s happening? But then I remembered, there was a bug which I fixed by using instructions found here. I thought it would have been fixed by now, but unfortunatly not.

The fix is to load the pgsql.so extension before the curl.so extension. See here.

I hope this will remind me and you when you or me come across the same bug.

I found it very hard to setup a tftp server under Debian. Finally I got around it and decided to share it. Actually it’s quite simple, but you’ve got to know the actions.

First install the tftpd daemon:

apt-get install tftpd

Now we will need to edit /etc/inetd.conf and add the line:

tftp    dgram   udp     wait    root    /usr/sbin/tcpd  in.tftpd /tftpboot

You may notice the usage of the root user in this entry. You could instead use a separate user on which you could apply a quota! Which is nice if you have a r/w tftp server but you want to avoid people stuffing your server. This is surely more secure, so very advisable.

Let’s create our /tftpboot directory:

mkdir /tftpboot

Now depending on your setup you’ll need to put the right permissions/ownership on your directory. For r/w use a 777 mask and for r/o use a 555 mask. When using another user for the tftpd server you will need to chown that directory. In my case I only needed a 555 mask and running as root, so the only step I did was:

chmod 555 /tftpboot

Final thingy is to restart the inet daemon:

/etc/init.d/openbsd-inetd restart

Of course you’ll need to do this after every change to your /etc/inetd.conf.

Happy configuring!

p.s. Most of this should also be applicable to non-debian machines.

A short while ago I found a script on a website that checks if there are any security updates available for your debian system. The script sends out an email when there are new updates. I don’t know where I got it from, but I do like to share it:

#! /bin/sh
# Debian security updates script
 
TMP=$(mktemp /tmp/upgrade.XXXXXX)
 
(apt-get -qq update && apt-get -dqq upgrade && apt-get -sqq upgrade) > ${TMP} 2>&1
 
if [ -s ${TMP} ]; then
mail -s "$(hostname): New security updates available" root < ${TMP}
fi
 
rm -f ${TMP}

I created a cronjob to run the script every day at 0:00, in the morning when I wake up I get an email when there are new updates and I update my machine with apt-get upgrade, because the packages already got downloaded by the script. I really enjoy this snippet.

Many times you’ll find yourself in a position that some users on your machine are using too much disk space and eventually leading into a crash due to low disk-space. Linux enables you to do something about this and luckily it’s very easy. This tutorial is also applicable to other Linux distro’s but I’ll stick to Debian because this is my favourite. You are supposed to have root access to be able to follow this tutorial.

First of all if you haven’t already done so:

apt-get install quota

Which will install the Debian support utility’s for managing quotas for users.

The next thing you will need to do. Is edit your /etc/fstab to enable quota on your file system.

You should add the ‘usrquota’ and ‘grpquota’ if you want to apply quota for groups, to your file system entry.

My fstab looks like the following:

# /etc/fstab: static file system information.
#
# <file system> <mount point>   <type>  <options>       <dump>  <pass>
proc            /proc           proc    defaults        0       0
/dev/hda3       /               ext3    noatime,usrquota,grpquota,errors=remount-ro 0       1
/dev/hda1       /boot           ext2    defaults        0       2
/dev/hda2       none            swap    sw              0       0

Note: there is also an option in the Debian installer to enable these options while installing your computer.

A second note: Also notice that you can decide on which partition you want quota! If you have a separate /home partition it would be wise to enable quota there instead of /.

Now to enable quota, you should issue the following commands:

touch /quota.user /quota.group
chmod 600 /quota.*
mount -o remount /
quotacheck -avugm
quotaon -avug

This will create the quota files for keeping track of the quota’s and it will remount your partition. Finally it enables quota’s! Of course you should note that this is an example for the partition /. Modifying it for /home should be obvious. If not, read a little bit about Linux partitioning on wikipedia

There is one other command which is really usefull because after doing this users can see how much space they have left:

chmod 664 /aquota.*

So much for the setup, now let’s go to the interesting stuff! Management.

There are a couple of commands to use for management:

repquota
The repquota command is a utility for reporting quota summary information.
 
SYNTAX:
repquota [ -u | -g ] [ -a | filesystem ]
The repquota command only displays user quotas by default, but you can specify that you wish to see group quotas by using the "-g" switch. You also need to specify the filesystem for which you wish to see a report, or you can specify the "-a" switch to see a report for all the filesystems for which quotas are enabled.

root@hephaistos:/# repquota -a
*** Report for user quotas on device /dev/hda3
Block grace time: 7days; Inode grace time: 7days
Block limits                File limits
User            used    soft    hard  grace    used  soft  hard  grace
----------------------------------------------------------------------
root      -- 3991116       0       0         104009     0     0
daemon    --      52       0       0              4     0     0
man       --     596       0       0             16     0     0
news      --       4       0       0              1     0     0
www-data  -- 4356468       0       0           2105     0     0

The “block limits” refer to the data blocks (the default is 1 block = 1k). The “file limits” refer to the number of files, or inodes, that have been consumed. The “grace” field corresponds to the number of grace days remaining before the user is locked out of their account. The user has until that time to reduce their quota to below the “soft” level.

edquota
You can use the edquota command to edit user and group quotas.
 
SYNTAX:
edquota [ -u | -g ] <username or groupname>

For example, to edit the quota for “matthias”:

edquota matthias

Which will bring you an editor as specified in your profile, for me it’s vim:

Disk quotas for user matthias (uid 1000):
Filesystem                   blocks       soft       hard     inodes     soft     hard
/dev/hda3                  82424620  104857600  104857600      48139        0        0

The “blocks” and “inodes” fields cannot be edited, they are there for information purposes only. However, you can edit the soft and hard fields. The first pair refer to blocks, and the second to inodes.

As you can see I have a soft and a hard limit of 100G (1024 * 1024  * 100 = 104857600)

You can now save your changes if you made any, if you make an error you will be halted, so making mistakes is not easy, but you could set a lower limit than the size your files you currently posess, so you cannot create files anymore! So be careful when using this tool.

quota
Unlike repquota and edquota, which only the root user can make use of, the quota command is available to all users, and it allows them to query their current quota information.
 
SYNTAX:
quota [ -q ] [ username ]

root@hephaistos:/# quota matthias
Disk quotas for user matthias (uid 1000):
Filesystem  blocks   quota   limit   grace   files   quota   limit   grace
/dev/hda3 82424620  104857600 104857600           48139       0       0

When a normal user calls ‘quota’ it will see its quota.

The -q option is for only showing quota when somebody exceeded it.

The ‘quota’ command is also a nice command to put in your /etc/profile, because it will show a user’s quota when a user logs in! Using the -q option is a nice solution to not always face the person with his quota but only when he/she is exceeding or nearly exceeding the quota.

So that’s about it with quota’s. I suggest you to create a test user to play with and setting low quota’s. In that way you could try to copy a large file to it’s home directory and you will see the file copy will fail because of quota limitations.

Quota is a powerful tool, but use with care!