Useful Commands

From SME Server
Jump to navigationJump to search


Apache Related Commands

Apache options to ibay

  • Expand httpd.conf template:
expand-template /etc/httpd/conf/httpd.conf


  • Restart httpd:
/etc/init.d/httpd-e-smith restart

or

sv t /service/httpd-e-smith


  • To leave Apache reads the distributed configuration file .htaccess per ibay:
db accounts setprop IBAYNAME AllowOverride All
signal-event ibay-modify IBAYNAME

if you want to remove

db accounts delprop IBAYNAME AllowOverride
signal-event ibay-modify IBAYNAME
  • enable Symlinks in that iBay
db accounts setprop IBAYNAME FollowSymLinks enabled
signal-event ibay-modify IBAYNAME

if you want to remove

db accounts delprop IBAYNAME FollowSymLinks
signal-event ibay-modify IBAYNAME
  • disable apache directory indexes per ibay:
db accounts setprop IBAYNAME Indexes disabled
signal-event ibay-modify IBAYNAME

if you want to remove

db accounts delprop IBAYNAME Indexes
signal-event ibay-modify IBAYNAME
  • PHPBaseDir per ibay:
db accounts setprop IBAYNAME PHPBaseDir /home/e-smith/files/ibays/IBAYNAME/:/tmp/
signal-event ibay-modify IBAYNAME
  • Allow PHP URL File Open per ibay:

Make custom httpd directory if not exist

mkdir -p /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf

Create the template name 99allow_url_fopen and put the content

<Directory /home/e-smith/files/ibays/IBAYNAME/html>
php_admin_flag allow_url_fopen on
</Directory>

Save the file

Expand

expand-template /etc/httpd/conf/httpd.conf

Restart httpd.

/etc/init.d/httpd-e-smith restart

https forced redirection using custom template

see Https_redirection

If it does not already exist then create the following directory

mkdir -p /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/VirtualHosts
cd /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/VirtualHosts
nano 60redir-ibayname1

Paste or type the following code including the brackets, replacing ibayname with the name of your ibay

{
if ($port ne "443")
{
$OUT .= <<'HERE';
## Redirect Web Address to Secure Address
RewriteEngine on
RewriteRule ^/ibayname https://%{HTTP_HOST}/ibayname

## End Of Redirect
HERE
}
}

Save the file & exit by Ctrl+x

/sbin/e-smith/expand-template /etc/httpd/conf/httpd.conf
/etc/init.d/httpd restart

MySQL

There appears to be no password set for the MySQL root password, but this is not true. If you are logged in to the SME Server shell a special mechanism is in place to log you in with MySQL root privileges without prompting you for the password.

The MySQL root password for SME Server is a 72 character random string generated during installation of SME Server. You should never change the MySQL root password as this will break your SME Server configuration. How to login as MySQL root user? describes how to access MySQL with root privileges on SME Server.

For more informations you can see the MySQL page

Login as MySQL root user

To login as MySQL root user, simply type 'mysql' at the SME Server shell, this will log you in with root privileges. the mysql admin password is a random password generated which can be find

  • /root/.my.cnf
  • /etc/ldap.secret

do not modify these files.

if you need to call the mysql password in a script you can invoke this bash variable

PWD=$(cat /etc/ldap.secret)

Create a Database and its User

Create a new MySQL database (In this example the database name is databasename. Change databasename, username and password with your own choices as required)

Login as root and issue the following command:

mysql
create database databasename;
grant all privileges on databasename.* to username identified by 'password';
flush privileges;
exit

Other useful MySQL commands:

mysqlshow;

list all available database. Use 'mysqlshow --help' for all available options.

SELECT user FROM mysql.user;

display a list of the MySQL users

SHOW GRANTS FOR 'user'@'localhost';

list the privileges granted to the account user

GRANT ALL PRIVILEGES ON *.* TO 'new_dba'@'localhost' IDENTIFIED BY 'password' WITH GRANT OPTION;
FLUSH PRIVILEGES;

give all rights on all databases for new_dba user

GRANT SELECT, UPDATE, INSERT, DELETE ON database.* TO 'new_user'@'localhost' IDENTIFIED BY 'password';
FLUSH PRIVILEGES;

give all rights on database for new_user

mysqladmin drop databasename;

will let you destroy a database. Use with care. Use 'mysqladmin --help' for all available options.

PHP Related Commands

  • Expand php.ini template:
expand-template /etc/php.ini


  • Configure PHP Basedir Restriction per ibay:
db accounts setprop IBAYNAME PHPBaseDir DIR1:DIR2:DIRn
signal-event ibay-modify IBAYNAME

Example

db accounts setprop Primary PHPBaseDir /home/e-smith/files/ibays/Primary:/tmp
signal-event ibay-modify Primary


  • Execution Time:
db configuration setprop php MaxExecutionTime ZZ
expand-template /etc/php.ini
/etc/init.d/httpd-e-smith restart

where ZZ is the time in seconds.


  • Memory Limit:
db configuration setprop php MemoryLimit XXM
expand-template /etc/php.ini
/etc/init.d/httpd-e-smith restart

where XX is the amount of memory in Mb.


  • Upload Max File Size:
db configuration setprop php UploadMaxFilesize WW
expand-template /etc/php.ini
/etc/init.d/httpd-e-smith restart

where WW is the file size in Mb.


  • Allow URL FOpen:

Not secure. Instead use per ibay or directory.

Squid Cache

Extracted from: http://forums.contribs.org/index.php?topic=38848.msg176737#msg176737

Flush and Restart

sv d /service/squid
echo "" > /var/spool/squid/swap.state
sv u /service/squid

& to check it's running

sv s /service/squid

SSH

Enable SSH

  • Enable ssh access (the lazy not-so-secure way, but I am assuming for this testing/dev scenario that your external IP is really a local address behind a router)
db configuration setprop sshd status enabled
db configuration setprop sshd PermitRootLogin yes
db configuration setprop sshd acccess public
db configuration setprop sshd PasswordAuthentication yes
/sbin/e-smith/signal-event remoteaccess-update


  • Allow ssh in public or private mode : public= all internet private= only your network
db configuration sshd access public
signal-event remoteaccess-update

Access to the terminal of your remote sme

ssh root@ip-sme-or-remote-hostname

or

ssh -pX root@ip-sme-or-remote-host (X is the port listened by ssh service)


Important.png Note:
you need to forward in your router the port 22 (or whatever you decide) to your internal sme's ip and allow ssh in the server-manager with the root login and Password Authentication (Security/Remote Access menu). You can enhance security by disabling the root connection : Allow administrative command line access over secure shell NO

Keep in mind that you need to set the service to public access (entire internet) if you want to be accessible by ssh outside of you network (see the Denyhosts contrib for banning hosts which failed too many login attempts to your ssh deamon.)


Execute or run a command over ssh to a remote server and auto disconnect after quit

ssh -t root@ip-sme-or-remote-hostname command


where 'command' is the program or command to run. An example could be:


ssh -t root@192.168.1.5 top


Access to the server-manager through SSH

We can access to the server-manager of your remote SME Server by SSH with a tunneling protocol initiated by "ssh -L". This command has to be done by a superuser in a Terminal like if you want to be connected to your SME Server by SSH.

Important.png Note:
We assume that ports are forwarded in your router to your sme internal IP (443 and 22) and the root user is allowed to access by ssh to the server.


Do this in a root terminal of your Linux computer outside of your network

ssh -L 443:localhost:443 root@your-static-external-network-IP-or-host.dyndsn.org

host.dyndsn.org could be a free service as dyndns.org or noip.com

Keep the terminal open, Then you need to use this specific URL in your WEB Browser to go to the server-manager

https://localhost/server-manager


Information.png Tip:
It is possible to use putty if you are afraid about some commands in a terminal, you can find a lot of examples by typing this in google tunneling by putty


SME Server specific

Command Explanation
signal-event post-upgrade performs SME Server to go regenerate all templates
signal-event reboot reboots the server
signal-event <event> performs SME Server to go regenerate event template (you may use TAB to auto-complete your command line)
signal-event console-save Expands templates and reconfigures services which can be changed from the text-mode console and which do not require a reboot
signal-event dns-update refreshes the DNS cache, useful for when you know a domain has changed IP and the TTL is too long to wait
/etc/e-smith/events/actions/navigation-conf recreates server-manager navigation panel
config show display the internal configuration of the server
config show <service name> show the service configuration (you may use TAB to auto-complete your command line)
db shows the syntax of the db command
db configuration show shows the entire server configuration
db configuration setprop <record> <property> <value> sets or changes a property in the configuration database
db accounts show shows all account details
db accounts show <accountname> shows the account details
/etc/e-smith/events/actions/initialize-default-databases action for initializing the default database values

db command

Important.png Note:
SME Server comes with the most used parameters set as variables in its internal configuration databases. These variables are used to store values to be used in the final configuration files. Please, read the SME_Server:Documentation:Developers_Manual:Section2 to understand the template and database process.


you can see this page of the wiki DB_Variables_Configuration

Setting db variables to default values

Important.png Note:
Use of 'config' is a shorthand version for 'db configuration' and therefore only works with the configuration database


Any db variable that has a default value can be reset to the default by deleting the variable entirely, then re-initializing the default database values as follows:

config delprop <key> <prop>
/etc/e-smith/events/actions/initialize-default-databases

Delete a property value

To delete the property

db accounts delprop <key> <prop>

Reset a property value

To reset to an empty value

db accounts setprop <key> <prop> ''


Warning.png Warning:
Database parameters are case sensitive so take great care when typing at the server shell because no error messages are given should you make a mistake.



Password strength

First a warning - Far too many systems out there have weak passwords and they will be broken into. Educating your users on the necessity of strong passwords is the best option. If that fails, here is how you change the password strength checking from 'strong' to 'normal', which was the setting in previous versions of SME. Be careful to use the exact capitalization.

config setprop passwordstrength Admin normal
config setprop passwordstrength Users normal
config setprop passwordstrength Ibays normal

It is also possible, but strongly discouraged, to disable password strength checking by setting to 'none'

none   : no check is performed on the password
normal : the password must be composed of at least seven characters with uppercase and lowercase letters, numbers and non-alphanumeric characters
strong : the restrictions are the same as for the normal level, but in addition, the password is verified by cryptlib which ensures its actual complexity

General Service Handling

  • start
sv u /service/servicename
  • stop
sv d /service/servicename
  • restart
sv t /service/servicename


Information.png Tip:
you may use TAB to auto-complete your command line


Example

Restarting:

sv t /service/httpd-e-smith