DB Variables Configuration

From SME Server
Revision as of 19:19, 30 June 2008 by Ente (talk | contribs) (→‎Additional information on customizing iptables: added TCPPorts and UDPPorts)
Jump to navigationJump to search

Database variables

SME Server comes with the most used parameters set as variables in its internal configuration databases. These variables are used to store values to be used in the final configuration files. Please, read the SME Server Developer's Guide to understand the template and database process.

These variables are useful to configure your system more easily, as you do not need to modify configuration files directly for most common cases. It also makes it possible to administer the server through its server-manager as the database variables are used to set and change configuration parameters. After editing, the configuration files must be regenerated and affected services need to be restarted.

For example, suppose you need to increase "memory-limit" in php.

You would simply execute these commands at the server console:

db configuration setprop php MemoryLimit 64M
expand-template /etc/php.ini
/etc/init.d/httpd-e-smith restart

The first line changes the value for the memory limit of PHP, the second line regenerates the configuration file and the last line will reload Apache (and subsequently also PHP as this is configured as a module of Apache).


Warning.png Warning:
Database parameters are case sensitive so take great care when typing at the server shell because no error messages are given should you make a typo.


The database system is based on a flat file system, but you should never edit them directly. Instead you should use the db command. More details on using the database system can be found in the SME Server Developer's Guide.


Setting db variables to default values

Any db variable that has a default value can be reset to the default by deleting the variable entirely, then re-initializing the default database values as follows:

config delprop key prop
/etc/e-smith/events/actions/initialize-default-databases


Concept of the signal-event command

Thanks for the developers work, you can simplify more the commands using the signal-event proccess.

Again, for more details see SME Server Developer's Guide


Overview of database variables

The next section describes the standard variables defined on SME Server. Please update this list with new standard variables in future SME Server versions.

The tables below have three columns. The first is the variable, the second is the target variable (located in the final configuration file), and the third is the default value.

A lot of the variables can be set using the server-manager but some can not. For example the variable DomainMaster for samba is not important here, because this can be set through server-manager. On the other hand, the variable RecycleBin is important, because it is not accessible through the server-manager.

Configuration files may use database values from a single configuration key, or may use multiple keys. The latter is the case for the /etc/rc.d/init.d/masq configuration file. This file takes it values from multiple database keys such as squid and masq.

It is also possible that multiple configuration files use the same key. An example of this is the httpd-admin key. This key has a variable TCPPort which is used in multiple files (/etc/httpd/admin-conf/httpd.conf and /etc/services).


AppleTalk (atalk)

Usage

db configuration setprop atalk variable value
signal-event workgroup-update
Affected file: /etc/atalk/netatalk.conf
Variable Target Default
MaxClients AFPD_MAX_CLIENTS 20


Console Mode

Usage - Choose either login or auto DB variable.

config set ConsoleMode login
signal-event post-upgrade
signal-event reboot
Variable Target Default
ConsoleMode Console Setting login


Clam AntiVirus (clamav)

Usage

db configuration setprop clamav variable value
signal-event clamav-update
Affected file: /etc/clamav.conf
Variable Target Default
ArchiveBlockEncrypted ArchiveBlockEncrypted no
ArchiveBlockMax ArchiveBlockMax no
ArchiveMaxCompressionRatio ArchiveMaxCompressionRatio 300
ArchiveMaxFiles ArchiveMaxFiles 1500
ArchiveMaxFileSize ArchiveMaxFileSize 15M
ArchiveMaxRecursion ArchiveMaxRecursion 8
Debug Debug no
DetectBrokenExecutables DetectBrokenExecutables no
IdleTimeout IdleTimeout 60
LeaveTemporaryFiles LeaveTemporaryFiles no
LogClean LogClean yes
LogTime LogTime yes
LogVerbose LogVerbose yes
MaxConnectionQueueLength MaxConnectionQueueLength 30
MaxDirectoryRecursion MaxDirectoryRecursion 20
MaxThreads MaxThreads 20
ReadTimeout ReadTimeout 300
ScanArchive ScanArchive yes
ScanHTML ScanHTML yes
ScanMail ScanMail yes
ScanOLE2 ScanOLE2 yes
ScanPE ScanPE yes
SelfCheck SelfCheck 1800
StreamMaxLength StreamMaxLength 25M


Affected file: /etc/freshclam.conf
Variable Target Default
Checks Checks 24
DatabaseMirror DatabaseMirror db.local.clamav.net
DNSDatabaseInfo DNSDatabaseInfo current.cvd.clamav.net
LogVerbose LogVerbose yes
MaxAttempts MaxAttempts 6


Affected file: /var/service/clamd/env/MEMLIMIT
Variable Target Default
MemLimit MEMLIMIT 80000000


DHCP daemon (dhcpd)

Usage

db configuration setprop dhcpd variable value
signal-event remoteaccess-update
Affected file: /etc/dhcpd.conf
Variable Target Default
Bootp bootp deny


DNS Cache Forwarder (dnscache.forwarder)

Usage

db configuration setprop dnscache variable value
signal-event dns-update
Affected file: /var/service/dnscache.forwarder/config
Variable Target Default
CacheSize CACHESIZE 1000000
DataLimit DATALIMIT 3000000


FlexBackup

Usage

db configuration setprop flexbackup variable value
signal-event conf-backup
Affected file: /etc/flexbackup.conf
Variable Target Default
Blocksize $blksize 32
TapeBlocksize $mt_blksize 0
BufferProg $buffer buffer
BufferMegs $buffer_megs 20
erase_rewind_only $erase_rewind_only false
Type $type tar


Horde (webmail)

Usage

db configuration setprop horde variable value
expand-template /home/httpd/html/horde/conf.menu.aps.php
Affected file: /home/httpd/html/horde/conf.menu.aps.php
Variable Target Default
MenuArray MenuArray enabled


expand-template /home/httpd/html/horde/config/conf.php
Affected file: /home/httpd/html/horde/config/conf.php
Variable Target Default
Administration Administration disabled


expand-template /home/httpd/html/horde/turba/config/sources.php
Affected file: /home/httpd/html/horde/turba/config/sources.php
Variable Target Default
freebusy freebusy disabled
SharedAddressBooks SharedAddressBooks disabled


Apache server ibay specific (httpd-e-smith)

Usage

db accounts setprop ibayname variable value
signal-event ibay-modify ibayname
Affected file: /etc/httpd/conf/httpd.conf
Variable Target Default
AllowOverride AllowOverride None
FollowSymLinks FollowSymLinks disabled
Indexes Indexes enabled
PHPRegisterGlobals register_globals disabled
PHPBaseDir open_basedir /home/e-smith/files/ibays/ibayname


Apache server-manager (httpd-admin)

Usage

db configuration setprop httpd-admin variable value
signal-event remoteaccess-update
Affected file: /etc/httpd/admin-conf/httpd.conf and /etc/services
Variable Target Default
TCPPort TCPPort 980


IMAP (imap)

Usage

db configuration setprop imap variable value
signal-event email-update
Affected file: /var/service/imap/config
Variable Target Default
ConcurrencyLimit INSTANCES 2000
ConcurrencyLimitPerIP INSTANCES_PER_IP 12
ProcessMemoryLimit ulimitdata 128000000


IMAPS (imaps)

Usage

db configuration setprop imaps variable value
signal-event email-update
Affected file: /var/service/imaps/config
Variable Target Default
ConcurrencyLimit INSTANCES 2000
ConcurrencyLimitPerIP INSTANCES_PER_IP 12
ProcessMemoryLimit ulimitdata 128000000


IPTables firewall (masq)

Usage

db configuration setprop masq variable value
signal-event remoteaccess-update
Affected file: /etc/rc.d/init.d/masq
Variable Target Default
Logging Logging most
Stealth Stealth no


Information.png Tip:
Special case is TCPPort and UDPPort from any DB key.

Any Db key named "TCPPort" or "UDPPort" affect masq file.

Currently the following keys are included in masq:

TCPPort:

httpd-admin - sshd - smtpd - ssmtpd



Additional information on customizing iptables

Create a custom-named service definition in the configuration database.

db configuration set <servicename> service

Apply your desired firewall restrictions to any existing SME 'service' or to a custom-named service that you have created. Combine a custom-named service with port-forwarding to create customized firewall rules.

db configuration setprop <servicename> TCPPort <portnumber>
db configuration setprop <servicename> TCPPorts <portnumbers>
db configuration setprop <servicename> UDPPort <portnumber>
db configuration setprop <servicename> UDPPorts <portnumbers>
db configuration setprop <servicename> status enabled|disabled
db configuration setprop <servicename> access public|private
db configuration setprop <servicename> AllowHosts a.b.c.d,x.y.z.0/24
db configuration setprop <servicename> DenyHosts e.f.g.h,l.m.n.0/24

Effectuate the changes you have made

signal-event remoteaccess-update


Affected file: /etc/rc.d/init.d/masq
Variable Target Default
TCPPort --proto tcp --dport <Ports> Pre-configured for default services; no default for custom services
TCPPorts --proto tcp --dports <Ports> No default for custom services; Ranges of ports are defined with a : not a -
UDPPort --proto udp --dport <Ports> Pre-configured for default services; no default for custom services
UDPPorts --proto udp --dports <Ports> No default for custom services; Ranges of ports are defined with a : not a -
status disabled AllowHosts is set to "" (an empty string) unless the status is 'enabled'
access private AllowHosts is set to "" (an empty string) unless access is 'public'
AllowHosts --src ..... --jump ACCEPT Pre-configured for default services; no default for custom services. Default is '0.0.0.0/0' if service is enabled and public.
DenyHosts --src ..... --jump denylog Pre-configured for default services; no default for custom services. If 'DenyHosts' is empty or does not exist then there are no '... --jump denylog' entries created in /etc/init.d/masq.

SpamAssasin

Usage

db configuration setprop spamassassin variable value
signal-event email-update
Affected file: /etc/mail/spamassassin/local.cf
Variable Target Default
DNSAvailable dns_available yes
OkLanguages ok_languages all
OkLocales ok_locales all
ReportSafe report_safe 0
Subject rewrite_header Subject [SPAM]
SkipRBLChecks skip_rbl_checks 0
TrustedNetworks trusted_networks 127.
UseAutoWhitelist use_auto_whitelist 0
UseBayes use_bayes 0
Sensitivity required_hits medium


MySQL (mysqld)

Usage

db configuration setprop mysqld variable value
expand-template /etc/my.cnf
/etc/rc.d/init.d/mysqld restart
Affected file: /etc/my.cnf
Variable Target Default
InnoDB InnoDB disabled
LocalNetworkingOnly LocalNetworkingOnly yes


Network Time Protocol (ntpd)

Usage

db configuration setprop ntpd variable value
signal-event timeserver-update
Affected file: /var/service/ntpd/env/MEMLIMIT
Variable Target Default
MemLimit MEMLIMIT 12000000


Affected file: /etc/ntp/step-tickers and /etc/ntp.conf
Variable Target Default
NTPServer server pool.ntp.org
SyncToHWClockSupported SyncToHWClockSupported yes


Php

Usage

db configuration setprop php variable value
expand-template /etc/php.ini
/etc/init.d/httpd-e-smith restart
Affected file: /etc/php.ini
Variable Target Default
MaxExecutionTime max_execution_time 30
MemoryLimit memory_limit 32M
PostMaxSize post_max_size 20M
UploadMaxFilesize upload_max_filesize 10M
AllowUrlFopen allow_url_fopen Off

Don't forget "M" unit because you get a lot of httpd errors and apache can't start!


Virtual Private Network (VPN) (pptpd)

Usage

db configuration setprop pptpd variable value
signal-event remoteaccess-update
Affected file: /etc/ppp/options.pptpd
Variable Target Default
debug debug no
Passive passive enabled


Affected file: /etc/pptpd.conf
Variable Target Default
debug debug no


Pro FTP (proftpd)

Usage

db configuration setprop ftp variable value
signal-event remoteaccess-update
Affected file: /etc/proftpd.conf
Variable Target Default
DisableAnonymous DisableAnonymous no


Samba global settings (smbd)

Usage

db configuration setprop smb variable value
signal-event ibay-modify 
Affected file: /etc/samba/smb.conf
Variable Target Default
RecycleBin recycle disabled
ShadowCopy shadow_copy disabled
DeadTime deadtime 10080
DisplayCharSet display charset ISO8859-1
DosCharSet dos charset 850
LogonDrive logon drive Z
OpLocks oplocks enabled
OsLevel os level 65
ServerString server string SME Server
SMBPorts smb ports 139
UnixCharSet unix charset UTF8
UseClientDriver use client driver yes


Samba per i-bay settings (smbd)

Usage

db accounts setprop ibay_name variable value
signal-event ibay-modify 
Affected file: /etc/samba/smb.conf
Variable Target Default
Browesable browseable enabled
OpLocks oplocks enabled
RecycleBin recycle disabled
VetoOplockFiles veto oplock files (not set)

Squid Proxy (squid)

Usage

db configuration setprop squid variable value
signal-event proxy-update
Affected file: /etc/squid/squid.conf
Variable Target Default
SafePorts acl Safe_ports port 80
EnforceSafePorts EnforceSafePorts no


Affected file: /etc/squid/squid.conf and /etc/rc.d/init.d/masq
Variable Target Default
Transparent Transparent yes


Affected file: /etc/rc.d/init.d/masq
Variable Target Default
TransparentPort TransparentPort 3128


Alternate Usage for Configuration of an Up-Stream Proxy Server

db configuration set squid-parent-variable value
signal-event proxy-update
Affected file: /etc/squid/squid.conf
squid-parent-variable Target Default
SquidParent name-or-ip-of-upstream-proxy-server (none)
SquidParentPort port-number-used-by-upstream-proxy-server (none)

(un-do using 'db configuration delete SquidParent', 'signal-event proxy-update')


SSH (sshd)

Usage

db configuration setprop sshd variable value
signal-event remoteaccess-update
Affected file: /etc/ssh/sshd_config
Variable Target Default
TCPPort Port 22
Protocol Protocol 2
UsePAM UsePAM no
MaxAuthTries MaxAuthTries 2
MaxStartups MaxStartups 10:30:60
PasswordAuthentication PasswordAuthentication no
PermitRootLogin PermitRootLogin no
AllowHosts AllowHosts IP address(es) list


Important.png Note:
Currently in SME 7.2 and up, TCPPort is configurable via server-manager, under Remote Access menu.

To configure AllowHosts: IP address(es) list is a single IP or a comma separated list of IP addresses and/or netmasks (e.g. 16.17.18.19,203.14.64.0/24). Ssh will then only be allowed from those IP addresses. The firewall code will drop ssh connections from any other hosts.



smtpd

Usage

config setprop smtpd variable value
signal-event email-update
Affected file: /var/service/qpsmtpd/runenv
Variable Target Default
Instances Total smtp Instances 40
InstancesPerIP smtp-Instances-Per-IP 5


yum

Usage

config setprop yum variable value
signal-event yum-modify
Affected file: /etc/yum.conf
Variable Target Default
AutoInstallUpdates Install updates automatically? disabled
EnableGroups Enable Groups 0
GPGCheck Check GPG signature for repositories 0
PackageFunctions Display individual packages in 'Software Installer' disabled
RandomDelay Random Delay 120
status Yum's status enabled
RestrictRepo Repo names whose contents should be excluded from 'Available Packages' in the 'Software Installer' none
RestrictRPM All or part of an RPM name to be excluded from 'Available Packages' in the 'Software Installer' none

See also 'db yum_repositories'


Miscellaneous Other DB Variables

Important.png Note:
This is meant to be an easy place to add db variable information if you don't have time to put it into the correct section(s) above. You can find most of the template fragments affected by a given db variable if you execute:
cd /etc/e-smith
fgrep -lR variable templ*/* | less

where variable is the name of the variable using correct capitalization

Note that any command listed here is to be executed on one line!



Command service(s) config file(s) notes
db domains setprop test.com MailServer a.b.c.d qpsmtpd; qmail; fetchmail /var/service/qpsmtpd/config/goodrcptto; /var/service/qpsmtpd/config/peers/local; /var/service/qpsmtpd/config/peers/0; /var/service/qpsmtpd/plugins; /var/service/qmail/control/virtualdomains; /var/service/qmail/control/smtproutes; /etc/fetchmail Forward all email for the specified domain to the IP address a.b.c.d. a.b.c.d can be either local or remote. By default, the recipient address will be verified as valid on a.b.c.d before SME accepts the inbound message.
config set SquidParent <hostname or IP> squid, diald /etc/diald.filter, /etc/squid/squid.conf Configure squid to peform all web downloads from the specified upstream proxy server
config set SquidParentPort <portnumber> squid /etc/squid/squid.conf Connect to the upstream proxy server using <portnumber>. Defaults to 3128 if 'SquidParentPort' is unspecified. Ignored if SquidParent is not set.
config delete SquidParent squid, diald /etc/squid/squid.conf, /etc/diald.filter Return squid to normal operation (no upstream proxy server)
db accounts setprop username Visible internal ; signal-event email-update n/a n/a Make an email address invisible from outside? (see http://forums.contribs.org/index.php?topic=36302.0)
db accounts setprop pseudonym Visible internal ; signal-event email-update n/a n/a Make an pseudonym email address invisible from outside
db <database> delprop key property ; /etc/e-smith/events/actions/initialize-default-databases various various Restore the developers' default value for property
db <database> delete key ; /etc/e-smith/events/actions/initialize-default-databases various various Restore the developers' default value for each property belonging to the key key
command service(s) config file(s) notes. Copy this block when adding new entries to this table.