Useful Commands
Apache Related Commands
Apache options to ibay
- Expand httpd.conf template:
expand-template /etc/httpd/conf/httpd.conf
- Restart httpd:
/etc/init.d/httpd-e-smith restart
or
sv t /service/httpd-e-smith
- To leave Apache reads the distributed configuration file .htaccess per ibay:
db accounts setprop IBAYNAME AllowOverride All signal-event ibay-modify IBAYNAME
if you want to remove
db accounts delprop IBAYNAME AllowOverride signal-event ibay-modify IBAYNAME
- enable Symlinks in that iBay
db accounts setprop IBAYNAME FollowSymLinks enabled signal-event ibay-modify IBAYNAME
if you want to remove
db accounts delprop IBAYNAME FollowSymLinks signal-event ibay-modify IBAYNAME
- disable apache directory indexes per ibay:
db accounts setprop IBAYNAME Indexes disabled signal-event ibay-modify IBAYNAME
if you want to remove
db accounts delprop IBAYNAME Indexes signal-event ibay-modify IBAYNAME
- PHPBaseDir per ibay:
db accounts setprop IBAYNAME PHPBaseDir /home/e-smith/files/ibays/IBAYNAME/:/tmp/ signal-event ibay-modify IBAYNAME
- Allow PHP URL File Open per ibay:
Make custom httpd directory if not exist
mkdir -p /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf
Create the template name 99allow_url_fopen and put the content
<Directory /home/e-smith/files/ibays/IBAYNAME/html> php_admin_flag allow_url_fopen on </Directory>
Save the file
Expand
expand-template /etc/httpd/conf/httpd.conf
Restart httpd.
/etc/init.d/httpd-e-smith restart
https forced redirection using custom template
If it does not already exist then create the following directory
mkdir -p /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/VirtualHosts
cd /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/VirtualHosts
nano 60redir-ibayname1
Paste or type the following code including the brackets, replacing ibayname with the name of your ibay
{
if ($port ne "443")
{
$OUT .= <<'HERE';
## Redirect Web Address to Secure Address
RewriteEngine on
RewriteRule ^/ibayname https://%{HTTP_HOST}/ibayname
## End Of Redirect
HERE
}
}
Save the file & exit by Ctrl+x
/sbin/e-smith/expand-template /etc/httpd/conf/httpd.conf
/etc/init.d/httpd restart
MySQL
There appears to be no password set for the MySQL root password, but this is not true. If you are logged in to the SME Server shell a special mechanism is in place to log you in with MySQL root privileges without prompting you for the password.
The MySQL root password for SME Server is a 72 character random string generated during installation of SME Server. You should never change the MySQL root password as this will break your SME Server configuration. How to login as MySQL root user? describes how to access MySQL with root privileges on SME Server.
For more informations you can see the MySQL page
Login as MySQL root user
To login as MySQL root user, simply type 'mysql' at the SME Server shell, this will log you in with root privileges.
Create a Database and its User
Create a new MySQL database (In this example the database name is databasename. Change databasename, username and password with your own choices as required)
Login as root and issue the following command:
mysql create database databasename; grant all privileges on databasename.* to username identified by 'password'; flush privileges; exit
Other useful MySQL commands:
mysqlshow;
list all available database. Use 'mysqlshow --help' for all available options.
SELECT user FROM mysql.user;
display a list of the MySQL users
SHOW GRANTS FOR 'user'@'localhost';
list the privileges granted to the account user
mysqladmin drop databasename;
will let you destroy a database. Use with care. Use 'mysqladmin --help' for all available options.
PHP Related Commands
- Expand php.ini template:
expand-template /etc/php.ini
- Configure PHP Basedir Restriction per ibay:
db accounts setprop IBAYNAME PHPBaseDir DIR1:DIR2:DIRn signal-event ibay-modify IBAYNAME
Example
db accounts setprop Primary PHPBaseDir /home/e-smith/files/ibays/Primary:/tmp signal-event ibay-modify Primary
- Execution Time:
db configuration setprop php MaxExecutionTime ZZ expand-template /etc/php.ini /etc/init.d/httpd-e-smith restart
where ZZ is the time in seconds.
- Memory Limit:
db configuration setprop php MemoryLimit XXM expand-template /etc/php.ini /etc/init.d/httpd-e-smith restart
where XX is the amount of memory in Mb.
- Upload Max File Size:
db configuration setprop php UploadMaxFilesize WW expand-template /etc/php.ini /etc/init.d/httpd-e-smith restart
where WW is the file size in Mb.
- Allow URL FOpen:
Not secure. Instead use per ibay or directory.
Squid Cache
Extracted from: http://forums.contribs.org/index.php?topic=38848.msg176737#msg176737
Flush and Restart
sv d /service/squid echo "" > /var/spool/squid/swap.state sv u /service/squid
& to check it's running
sv s /service/squid
SSH
Enable SSH
- Enable ssh access (the lazy not-so-secure way, but I am assuming for this testing/dev scenario that your external IP is really a local address behind a router)
db configuration setprop sshd status enabled
db configuration setprop sshd PermitRootLogin yes
db configuration setprop sshd acccess public
db configuration setprop sshd PasswordAuthentication yes
/sbin/e-smith/signal-event remoteaccess-update
- Allow ssh in public or private mode : public= all internet private= only your network
db configuration sshd access public signal-event remoteaccess-update
Access to the terminal of your remote sme
ssh root@ip-sme-or-remote-hostname
or
ssh -pX root@ip-sme-or-remote-host (X is the port listened by ssh service)
Execute or run a command over ssh to a remote server and auto disconnect after quit
ssh -t root@ip-sme-or-remote-hostname command
where 'command' is the program or command to run. An example could be:
ssh -t root@192.168.1.5 top
Access to the server-manager through SSH
We can access to the server-manager of your remote SME Server by SSH with a tunneling protocol initiated by "ssh -L". This command has to be done by a superuser in a Terminal like if you want to be connected to your SME Server by SSH.
Do this in a root terminal of your Linux computer outside of your network
ssh -L 443:localhost:443 root@your-static-external-network-IP-or-host.dyndsn.org
host.dyndsn.org could be a free service as dyndns.org or noip.com
Keep the terminal open, Then you need to use this specific URL in your WEB Browser to go to the server-manager
https://localhost/server-manager
Command-Line Quick Reference Guide
Below is a list of commands that I use all the time & tend to forget.
Generic Linux
| COMMAND NAME | DESCRIPTION |
|---|---|
| df -h | shows disk usage in human readable form |
| man <commandname> | shows more info about a command |
| uname -a | kernel release version |
| /usr/sbin/smbd -V | samba version |
| /usr/sbin/httpd -v | apache version |
| mysql -v | mysql version |
| php -v | php version |
| mv | moves or renames a file |
| cp | copies or backup a file |
| rm | removes or deletes a file |
| grep <process> | outputs processes running <process> |
| ps -AH | report process status |
| top | shows processes |
| top -i | shows only active processes |
| htop | shows processes (more versatile than top) |
| iptraf | shows network info |
| mc -d | show midnight commander (cli file browser) to navigate through system easily |
| cat /proc/mdstat | shows software raid |
| host -t mx aol.com | shows the mx records for aol.com |
| net groupmap list | shows samba mappings to nt groups |
| telinit 1 | changes to single user mode |
| ifconfig | shows detailed info on ethernet ports |
| grep -r "casesensitivesearch" * | finds all documents containing the criteria in a dir |
| tail -f /var/log/<LOGFILE> | realtime viewing of your log file |
| hdparm -Tt /dev/mdx (where x is 0,1,2,etc) | shows software raid performance |
| mdadm --detail /dev/mdx (where x is 0,1,2,etc) | gives raid info |
| tar -czvf foo.tar.gz foo | creates a tar/zip file of a directory |
| tar -xvzf foo.tar.gz | untar/unzip a tar/zip file |
| scp -P <ssh_portnumber> foo.tar.gz <user>@<other_server_ipaddress>:/opt | transfers file to another server in /opt directory |
| rsync --progress -te "ssh -p <ssh_portnumber>" foo <other_server_ipaddress>:/opt | transfers file to another server |
| sed -i s/foo/fee/g <FILENAMEORPATHTODIR> | replaces foo with fee |
Estimate file space usage - drill down into directories
cd / du --si --max-depth 1 cd /home du --si --max-depth 1 cd /home/e-smith du --si --max-depth 1
RPM's
| Command | Explanation |
|---|---|
| rpm -qa | shows all rpms installed |
| rpm -qa --last | shows all rpms installed & installation date |
| rpm -q | asks for rpm info |
| rpm -qi | asks for detailed rpm info |
| rpm -ql <packagename> | lists all files in a package |
| rpm -qf <filename> | reports what package a file belongs to |
YUM'ing and repositories
| Command | Explanation |
|---|---|
| yum install <packagename> | installs packagename & any package it may need |
| yum remove <packagename> | removes packagename |
| yum list updates | list updates to any installed package |
| yum list available | list available packages in all repos not already installed |
| grep <reponame> | list available packages -shows only from repo name |
| yum search <packagename> | lists all packages in all repos matching packagename |
| yum clean all | Is used to clean up various things which accumulate in the yum cache |
| yum --enablerepo=<reponame> <command> | enables a repo not normally enabled |
| /sbin/e-smith/audittools/newrpms | shows all extra packages installed |
| /sbin/e-smith/audittools/repositories | show all repositories and if they are activated or not |
| db yum_repositories show <reponame> | show properties of the repository <reponame> (you may use TAB to auto-complete your command line) |
Restoring Default Yum Repositories
cd /home/e-smith/db/ mv yum_repositories yum_repositories.po /etc/e-smith/events/actions/initialize-default-databases
Now you have a clean install, you can re-add 3rd party repos as described above
signal-event yum-modify
and check if you can update your server
yum update
SME Server specific
| Command | Explanation |
|---|---|
| signal-event post-upgrade | performs SME Server to go regenerate all templates |
| signal-event reboot | reboots the server |
| signal-event <event> | performs SME Server to go regenerate event template (you may use TAB to auto-complete your command line) |
| signal-event dns-update | refreshes the DNS cache, useful for when you know a domain has changed IP and the TTL is too long to wait |
| /etc/e-smith/events/actions/navigation-conf | recreates server-manager navigation panel |
| config show | display the internal configuration of the server |
| config show <service name> | show the service configuration (you may use TAB to auto-complete your command line) |
| db | shows the syntax of the db command |
| db configuration show | shows the entire server configuration |
| db configuration setprop <record> <property> <value> | sets or changes a property in the configuration database |
| db accounts show | shows all account details |
| db accounts show <accountname> | shows the account details |
db command
you can see this page of the wiki DB_Variables_Configuration
Password strength
First a warning - Far too many systems out there have weak passwords and they will be broken into. Educating your users on the necessity of strong passwords is the best option. If that fails, here is how you change the password strength checking from 'strong' to 'normal', which was the setting in previous versions of SME. Be careful to use the exact capitalization.
config setprop passwordstrength Admin normal config setprop passwordstrength Users normal config setprop passwordstrength Ibays normal
It is also possible, but strongly discouraged, to disable password strength checking by setting to 'none'
none : no check is performed on the password normal : the password must be composed of at least seven characters with uppercase and lowercase letters, numbers and non-alphanumeric characters strong : the restrictions are the same as for the normal level, but in addition, the password is verified by cryptlib which ensures its actual complexity
General Service Handling
- start
sv u /service/servicename
- stop
sv d /service/servicename
- restart
sv t /service/servicename
Example
Restarting:
sv t /service/httpd-e-smith
