new home

please visit my new shouting area –

https://note.shahadathossain.com/

Advertisements

change mysql data directory ubuntu 17.xx

Follow https://www.digitalocean.com/community/tutorials/how-to-move-a-mysql-data-directory-to-a-new-location-on-ubuntu-16-04
NOTE: you can skip empty directory (/var/lib/mysql/mysql) creation script in ubuntu 17.xx version.

Then try to start mysql server. If fail then log messages are telling you that /usr/sbin/mysqld needs read (r) access to open /proc/14767/status, /sys/devices/system/node/ (trailing slash because it wants to read the directory), and /proc/14767/task/14767/mem. The file to edit is /etc/apparmor.d/usr.sbin.mysqld.

In my case I solved the problem by adding these lines somewhere in the middle (with two spaces in front of each):

/proc/*/status r,
/sys/devices/system/node/ r,
/sys/devices/system/node/** r,

Reload apparmor:

sudo apparmor_parser -r /etc/apparmor.d/usr.sbin.mysqld
sudo /etc/init.d/apparmor reload

After doing that, try starting MySQL, and if you get more errors, add those files too and try again.

In some case mysql may fail to start for assoc i/o error. So, you may need to disable this settings by adding following line into /etc/mysql/mysql.conf.d/mysqld.cnf

innodb_use_native_aio=0

Another note about file permission of data directory is, “mysql” user should have permission into every directory of that path. Like if new data directory is “/media/myusb01/mysql-data” then “mysql” user should read access of “/media” folder and “/media/myusb01” folder and read write access at new data directory.

Hope mysql will start now.

network adapter at guest [ubuntu] while setup host only network at virtualbox

I’m trying to setup host only network at virtualbox by following http://christophermaier.name/2010/09/01/host-only-networking-with-virtualbox/

but facing to choice network adapter at guest [ubuntu]

To see a list of the adapters your virtual machine can access, use this:

ls /sys/class/net

This will show you the interface names. For example, with two network adapters set up, my Ubuntu guest looks like this.

eth1 eth2 lo

To see a list of active network with IP address assigned

ifconfig

So you can easily guess what network adapter should use for host only network.

Well in a brand new ubuntu machine the permanent network save is not work in the way described in that article. For this you need to install ifupdown or ifupdown2 package

apt install ifupdown2

After install execute following command

ifup eth1

Then reboot.

Install PHP-Redis on PHP5.6 Centos 7

Assume that PHP 5.6 installed and working properly.

Now execute following command

sudo yum install php56w-devel
sudo yum install git-core
git clone git://github.com/nicolasff/phpredis.git
cd phpredis/
sudo phpize
sudo ./configure
sudo make
sudo make install
sudo echo "extension=redis.so">/etc/php.d/redis.ini
sudo apachectl restart

Its pretty simple!

pure-ftpd status error – pure-config.pl dead but subsys locked

I’m experienced to install VSFTPd and I’m using it for 2/3 years. But for a recent project I need to setup a test linux box and there I install pure-ftpd for test purpose. Its easy to install but when I start the server I face a problem. I’ll tell you that story, but before that story I want to share the experience install pure-ftpd in my linux box.

Everything goes fine with out any problem. I always try to install from source i.e. make and install. And always try to install into default directory if there has no security issue. In this case to install pure-ftpd every thing goes fine as usual. Install complete! Now how can I start the server that I just installed…..?????? Actually in latest version (1.0.29) there has no init script installed. So, I can’t start pure-ftpd by service command!!! So, I search the net, here and there but didn’t find a init script that I can use. So, I decide to make it by myself. For that I go to source directory for getting the default path of the installed program. Owo!!! thats I found the init script. Thanks the pure-ftpd team. But you should write instruction so that our time may saved. So, finally I copy it to “init.d” and started server. Server starting normally. And now the problem arised!!!!!

When I try to get the status of pure-ftpd server for monitoring purpose. It shows following message –

pure-config.pl dead but subsys locked

Ohh, I didn’t mention yet! I use “pure-config.pl” script to start my server. Now, when I get this status message I was worried that I fail to setup properly and start googling on this error. Sad, they all point the wrong direction! Anyway, after 12 hour of searching I realize that it’s not a common problem. Its may be a small mistake that can’t get run pure-ftpd. So, I start to find the problem internally. I find that my server is running well. And I’m able to do ftp through it!!!

Finally, I start digging the init script and perl script for the problem. And find that in init script there has line which checking the status of “pure-config.pl” not pure-ftpd daemon!!! So, I just change to check the status of pure-ftpd instead checking status of “pure-config.pl”.

Actually, what happened there when I try to get status? My init script geting status of pure-config.pl and find that the script is run and not active. But the sub-sys (i.e. pure-ftpd) that start by the script is still running. So, its show status like that!!! And its really confusing, specially for the user of my kind who don’t know linux at all.

Apache (httpd) 403 errors & SELinux in RHLE5

The “targeted” policy confines certain network daemons to run in their own specific “security domain”. These daemons include dhcpd, httpd (apache), named, nscd, ntpd, portmap, snmpd, squid, and syslogd.

When I setup apache on a system where it wil be utilized, I have a habit of not using /var/www/html as my starting point for document roots, but rather create a dir at /home/websites and place my document roots in there. In the good ol’ days of Discretionary Access Controls (DAC) just making sure that apache had the perms it needed to read the documents in there was enough (using chmod, chown, and the like).

Not so with SELinux enabled. In addition to the regular DAC we’re all used to, we now have Mandatory Access Controls (MAC) that define security contexts for files/directories etc. Turns out it looks like by default, apache only has access to /var/www/html when it’s fired up…. I’m guessing that and probably /var/log/httpd (which is exactly as it should be). To enable apache to view my files in /home/websites, I had to apply a new security context to these files. The answer to this is the chcon command. To be brief, the full command I executed was:

chcon -R -t httpd_sys_content_t /home/websites

After executing this, apache could read my files.

I like where this SELinux thing is going. Permissions done right, for sure. This doesn’t come with out growing pains though. It’s complex (or so it seems to me after only working with it for a couple days) and will take some time to learn. I’m prepared for some frustration….

Now many of you are probably asking yourself why would anyone (let alone me) want to bother with this? Well I think a simple example of one of the cool things is that even though something like /etc/passwd has DAC octal perms of 644 (rw-r–r–), apache still can’t read it because that file is not with in apache’s security context. So any users on your system can’t write a little script that reads your /etc/passwd file and basically posts it on a web page for the world to see (giving potential crackers a list of valid user accounts on the system).

Actually this is a little bit extra security that provide by SELinux e.g. Security Enhanced!

Ohh, one more tips to change the direcotry live…

chcon --reference=/var/www <your website directory>
chcon --reference=/var/www/html <your public_html directory>

I suggest you to make a shell script to put it together… with following commands…

useradd <your website user name> #password and other necessary staff to point home directory
chmod --reference=/var/www /home/<your website user name>
mkdir /home/<your website user name>/public_html
# most probably the following line need not to execute
chmod --reference=/var/www/html /home/<your website user name>/public_html
# then do other necessary staff for your website suppose add virtual host, ftp user, database user etc.

nJoy…