Archive for the ‘Ubuntu’ Category

« Older Entries

Unix: Getting started with vi

Sunday, April 4th, 2010

Created by Bill Joy in 1976, vi is a text editor for the Unix/Linux command line. At first glance, it may seem crude by today’s standards for text editors, but it is useful for working in remote command-line sessions.

To open vi at the command line, simple type vi. If you want to open a specific file with vi, type vi and then the filename.

One thing to keep in mind about vi is that it operates in three modes. You must be aware of what mode you are in at any given time, because each reacts differently to what you type in. The three modes:

Command mode is the default mode. When you first start vi, you are in command mode. You can not enter text. Here you are entering commands. Most keystrokes have a command associated with them.

Input mode is where you actually enter text. the easiest way to get into input mode from command mode is to type the letter “i.” Then you can start typing. (“a” will also work). To get out of insert mode back into command mode, hit the escape key.

Ex mode is used for file handling duties, as well as performing substitution tasks. It is kicked off by typing a “:” from the command mode.

For instance , if you want to save a file, you’d hit escape type in “:w [filename]” If you want to quit, type in “:q” If you haven’t saved your file since making any changes however, it won’t let you quit, unless you put an “!” at the end of the command, “:q!”

You can also combine the commands for writing and quitting, i.e. “:wq”

vi can be frustrating to use for beginners; it really is designed to be lightening fast for those who have memorized many of its myriad commands.

While you will have to figure out which commands are worth memorizing for yourself, here are a few that I myself have found handy:

(all of these are executed from the command line, unless otherwise noted):

) and ( : Jump ahead one sentence or jump back one sentence, respectively.

:[Number]: This will allow you to jump ahead by the number of lines you designate. For instance. “:4″ will jump the cursor ahead 4 lines. Using a negative number will jump back by the number you designate.

ctrl-f, ctrl-b, and ctrl-u, ctrl-d: Jump a screen (24 lines) forward, back, up or down, respectively.

o and O: will move from command mode to insert mode, but insert a new blank line. This is also handy for adding a new line at the end of the document.

dd: delete a line. (Note: This is also the first step of a cut and paste operation. See below).

dw: delete a word.

p and P: This means to paste, as in cut and paste. When you delete something with dd or dw, it goes into the buffer. This command retrieves what is in the buffer.

yy: The command allows for copying and pasting, without the cutting of copy. Typing yy copies the line that the cursor is on.

u undoes the last command (though there seems to be no undo for the edit mode).

/ and ? are search operators. Type them in and then the text you are searching for. / looks for the next instance after the cursor, ? looks for the first instance before the cursor.


Taken from this book:


…as well as a class I’m taking on Unix. All mistakes are my own, however.–Joab Jackson





Tags: , ,
Posted in Linux Server Administration, Shell programming, Ubuntu, Unix | Comments Off

Unix: Converting files between DOS and Unix

Sunday, February 28th, 2010

Recently I found that, after a uploading file from a Windows computer to a Linux one, and opened the file from the command line, Ubuntu would notify me that it was converting it from the DOS format.

Even if it was a standard text file (.txt) filled with ASCII characters, it still needed converting.

Why? Aren’t text files the same across different operating systems? Evidently not.

Unix handles end-of-line signifiers differently than Windows/DOS does, according to Sumitabha Das’s book “Your Unix”.

Specifically, DOS uses two different sets of characters, “\r” (for Carriage Return [CR], or simply “enter”) and “\n” (for Line Feed [LF]) to signify the end of a line.

Unix only uses one, namely LF

These markers can both be seen by examining text files with Octal Dump.

Ubuntu anyway seems to handle DOS text files easily in day to day operation. Nonetheless, most variants of Unix/Linux have a set of utilities to convert files from Windows/DOS into Unix, and back again. They are called dos2unix and unix2dos, respectively.


Taken from this book:


…as well as a class I’m taking on Unix. All mistakes are my own, however.–Joab Jackson





Tags:
Posted in command line, datatypes, File Systems, Linux Server Administration, Ubuntu, Unix, Windows | Comments Off

Apache: Assembling Web pages with Server Side Includes

Saturday, September 12th, 2009

For some time I’ve been thinking about putting all my Web pages in a standard template, one that would have with links running down one side of the page and a title on the top (This is called chrome, so I understand).

I could embed these elements by hand easily enough on each page, but if I ever needed to make a change to the chrome, I would then have to go back and change each and every page. I figured there must be a way to have a single file somewhere with one the code, which then could be read for each page being served up.

After some surfing about, I found the best way to do this, at least in Apache, is with Server Side Includes (SSI).

In a nutshell, SSI is a server-side scripting language that tells Apache to include a file or set of files into a Web page. (There is actually a whole range of things that can be inserted in a Web page with SSI. For simplicity, I’ll just concentrate on including all the contents of another file).

And example of the basic use of the command for including a file in a Web page is:

<!–#include virtual=”PageToBeIncluded.txt”–>

You embed this bit of text into the place on your Web page where you want the text to be inserted. Then when the page is called, Apache will insert the text at that point of the document.

Note that the SSI command is included as a *HTML Comment* — This is done so that if the server doesn’t render the page correctly, the user won’t see the actual SSI command.

So, at its simplest, here is an example of how SSI works. One file, “sample.html”, has this code:

<html>
<body>
<!–#include virtual=”add.txt”–>
<p>
I’m some text too!
</body>
</html>

And, in the same directory, a text file called “add.txt” has this content:

Hello World!
<p>
HELLO!

When requested by a user, “sample.html” will be returned by the Apache server with this code:

<html>
<body>
Hello World!
<p>
HELLO!
<p>
I’m some text too!
</body>
</html>

Not only plain text, but HTML markup can be inserted as well.

* * *

In order to use SSIs, you may have to make a number of changes to your setup of Apache.

The first thing to do is compile the “include” module into Apache, if it isn’t already.

For Debian/Ubuntu servers running Apache, you can run the a2enmod tool from the command line. When it asks which module to enable, type in “include”–then restart Apache (“/etc/init.d/apache2 restart”).

In addition to adding the include module, you should also make a few changes to your configuration files, as detailed here.

First, you should add a line into either a .htaccess file or the httpd.conf file. The line is “Options +Includes” The httpd.conf file is in the etc/apache2 directory on your server. If you haven’t created an .htaccess file before, you can create one in the root directory of your Web site, or whatever subdirectory below that where you want all the SSI action to take place.

Also, you should add another directive into the default config file of the “/etc/apache2/sites-enabled” folder (mine is “000-default”). The directive is “XBitHack Full” — the (somewhat convoluted) explanation for why you need to do this is here.

Again, within this file, find, or write, an entry for the specific folders where you want the SSI actions to take place, if it isn’t for the entire site (in which case you’d use the entry for the document root directory). For the document root entry, for instance, you would add it thusly:

DocumentRoot /var/www/
<Directory />
Options FollowSymLinks
AllowOverride All
XBitHack full
</Directory />

Lastly, the SSI tutorial advises that, if using XBitHack, to add execution permission to the Web page that is being embedded with another file:

chmod +x pagename.html

One more tip: While testing, if your SSI page is not working yet, try emptying the cache on your browser.





[ad]

Tags: ,
Posted in Apache, Apache Modules, HTML, Ubuntu, Web | Comments Off

PHP: Entering data into MySql with PHP

Tuesday, May 12th, 2009

For some reason, there is very little direct instruction on the Web about how to enter data into a MySQL database from a Web page, using PHP. This dearth of info is surprising insofar as this procedure is one of the most commonly executed actions on the Web.

There are plenty of online tutorials, but for some reason, they tend to be made more complicated than they need to be.

Anyway, forthwith, here is the very basic mechanism used for entering data into a database over the Web.

First gather the ingredients: This tutorial uses Linux for the Web server (Ubuntu 8.04), with Apache running the PHP module, with the MySQL package. Also, MySQL (5.1 in this example) is already set up and running, with all the permissions worked out.

In this example, we will use a new database to be run inside MySQL, called “test.” It will have a single table called “sample” with one column of data text data. What it is called is not relevant. You will also require a username and password for the database.

For this action to happen, we will need TWO web pages, an HTML landing page where the user enters the data, and a PHP page that the HTML page will call that will do the actual work of entering the data into the database. (These can be combined into one page with the “form action = self” html declaration, which I’ll figure out another day).

First, you create an HTML page, where the user can enter data. Instructions on how all this is done are here.

In the code on this page, the user has a box in which some data can be entered, which the page tags as the variable “somedata” when the submit button is pushed. Also, when the submit button is pushed, this page will call up a PHP page in the same directory, called “InsertingIntoDatabase.php” (which we will create in a moment).

<FORM ACTION=”InsertingIntoDatabase.php” METHOD=”get”>
<p>
Enter Data: <INPUT TYPE=”text” NAME=”somedata” />
</p>
<INPUT TYPE=SUBMIT VALUE=”GO” />
</FORM>

Note: For the full working code, click here, and save page, and replace the .txt extension in the file name with a .html extension.

For this setup, I used the HTML “get” method. I could have also used “post.” The differences between the two are explained here.

Now onto the PHP page. Basics on creating a PHP page are here. The PHP code block will have a number of discrete steps:

1. Connect to the database server:

$open = @mysql_connect(“localhost”,”[USERNAME]“, “[PASSWORD]“);
if (!$open) {
echo( “

Can’t connect to database!

” );
exit();
}

In this chunk, you are opening the database.

The @mysql_connect PHP command is the command that does the actual work of opening the database. It requires three things: Type of connection, user name and password. Since the Web page is on the same server as the database, the connection will be “localhost”. You need to enter a username and password for an account that has write privileges to the database you will be using.

You save this command and its arguments as a variable, called $open, in this case. $open is run when the Web page is called. If the connection does not work, (signified by “!$open”) either because the database is not found, or your username or password doesn’t work, then you will get an error message (“Can’t connect to database!”).

2. Gather the data and specify database to be used.

$somedata = $_GET["somedata"];
$db = (“test”);

In this step, you grab the data from the server that was saved by the HTML page under the variable “somedata”. In PHP, it will also be called somedata, as $somedata. You also specify the name of the database within MySQL that you will open. Here it is called “test” but you set the name when you created the database.

3. Prepare the SQL query:

$sql = “INSERT into sample VALUE(‘”.$somedata.”‘) “;

Here is the the actual query you will submit to the database. It is formatted exactly like any other MySQL query. (Note: in SQL speak, even inserting data is called a “query,” evidently).

For this query, we are sending the contents of $somedata to a one-column table called “sample.” (Obviously you need to replace “sample” with the name of your own table, the one that you created when you created your database within Mysql). Note all the query is in quotes, except for the PHP variable $somedata.

In PHP, variables can not be called from within a quoted stream of text. So we are concatenating a string together by breaking the query into two strings, one before the variable (which is placed where it is needed in the statement) and the other after. Concatenating elements together in PHP is done with the period, “.”

Also, MySQL itself (at least the 5.1 version) requires that text data must be entered with SINGLE, not double quotes, hence the single quotes above.

This query is saved in php as a variable, called $sql. It looks complicated, but what PHP is storing is a straight-forward MySQL data insert query.

4. Run the query

Here is the code for doing this..

$doit = mysql_db_query($db, $sql);

The database is already open, so all we need to do is enter the query. The PHP “mysql_db_query” command runs the actual query. It requires two bits of information: First element is the name of the database (captured as a variable called “$db” here). The second element is the SQL-formatted query (“$sql”).

The entire command is captured as the variable “$doit” which, again, runs when the page is called.

5. Report results on the page:

If the query for some reason does not take, we need to alert the user. Likewise, if it works, then we should also report that. This mightbe best handled by the PHP “If … Else” statement:

if (!$doit) {
echo(“It didn’t work because of this: ” .mysql_error());
}
else
echo (“Data entered!”);

Here, if the data was not inserted due to some error (“!$doit”) then the PHP returns a statement saying so (“It didn’t work because of this: “) along with the error message returned by MySQL itself (“mysql_error()”) concatenated onto the end.

If the transaction did work (“else”),a message of success is returned.

6. Close database

mysql_close($open);

And that is how you enter data into a MySQL database using PHP. There are lots more you can do it terms of security, handling of errors, input-checking and so on, but this is the bare-bones approach.

Note: For the full working code for this PHP page, click here, and save page, but replace the .txt extension in the file name with a .php extension. Also replace the [USERNAME] [PASSWORD] and [DATABASENAME] with your own variables.

–Joab Jackson

And now a word from our sponsor:





Posted in MySql, PHP, SQL, Ubuntu, Unix, Web | Comments Off

Unix: The Basic Mechanics of File Permissions

Wednesday, April 22nd, 2009

Unix is a multi-user system. As such, every process that runs and every file that is stored must have an owner, or user-account. Conversely, each time a user tries to interact with a program or file, Unix checks to see if the user has permission before letting him/her proceed with the action.

The owner of currently running programs can be checked through the ps command. At the command prompt type “ps-aux” and you’ll get a list of programs currently running. The last two entries may look something like:

henry 32186 0.7 0.7 5604 3020 pts/0 Rs 06:58 0:00 -bash
henry 32202 0.0 0.2 2644 1012 pts/0 R+ 06:58 0:00 ps -aux

The last two actions carried out were done by user “henry”–namely opening the shell (-bash) when logging in (an automatic procedure; the shell provides the command line), and the running of “ps -aux” itself.

For files and directories, user permissions can be found by typing in the list command, with the option to show details (“ls -l”) at command prompt. You should get something like this:

-rw-r–r– 1 henry henry 6 2009-03-29 22:10 test.txt
-rwxr–r– 1 henry henry 32 2009-03-29 22:15 text.txt

In this listing, we see the information for two files (“test.txt” and “text.txt”), one on each line. The user permissions are on the left (the series of dashes & letters, or flags). Right after that is the file owner (“henry”) and the name of the group that file belongs to (more on that later, maybe). The size of the file and when it was created is also included in that listing.

Deciphering the Permission Set

Each one of the 10 flags (“drwxrxwrxw”) designates whether or not a designated party has a specific permission to do something with the file. The rest of this section will break down what each permission means.

To understand the full set of permissions, break them into four subsets, reading left to right:

Position 1: This indicates whether or not the file is a directory (if it is, then there is a “d”–if it is not a directory, then “-”).

Positions 2-4: This is the set of permissions allotted to the owner of the file.

Positions 5-7: This is the set of permissions allotted to the group that owns the file.

Positions: 8-10:These are the permissions for everyone else who is not the owner of the file, nor belongs to the group that owns the files (“Others“).

In recap, reading left to right (after the directory key), you are reading the read-write-execute permissions for owner-group-other. Summarily, the permission set runs from lesser to greater degrees of control of a file, and from specific to more general possible users of the file.

Each of these three sets of letters comes in the same format. Reading each block of three left to right, you could see, in this order:

r: The right to read the file.

w: The right to write to the file, meaning to make changes to the file.

x: The right to execute the file. If the file consists of code that can be executed by the machine, and if the “x” is present, then the individual can task the computer with executing the code within the file (or, rather, the file is the program).

If the letter is present in the designated spot, then that permissions is granted. if a blank (“-”) is in the place, then there is no permission.

As an example, if a file has the permissions:

-rwxrw-r–

This means the owner of the file read, write, or execute the file. The group can read and write to the file, but not execute it. And everyone else can read to the file, but not execute it.

To change the permissions of a file, use the chmod command on the command line. chmod is an abbreviation for “change mode”

The basic format for chmod is this:

chmod [Changes to be made] [file]

For simplicity, I’m leaving out the ability to designate options and to concatenate the commands. See the manual page for more details.

The “Changes to be made” space above, you want to format the changes to be made in this way:

[who the changes will apply to] [The action to be carried out] [The new permissions]

Who the changes will apply to will be one of four groups

u: The owner of the file.
g: Other users in the file’s group.
o: All other users.
a: Everyone (u and g and o)

Note that “other” users is not quite the same as all “users.” It does not incorporate u or g. Also, remember “o” does NOT stand for “owner.”

The second part of the statement, [The action to be carried out], will be either a “+” or “-” . “+” means you are adding these permissions, while “-” means you are removing them.

The third part of the statement are the permissions that are being changed. As from above they can be either read (“r”), written to (“w”) or executed (“x”).

Putting this all together in an example, say I would want to add a permission for others to write to a file, I would type this in at the command line:

chmod o+r [file to be changed]

Or to remove the permission for the group to execute a file:

chmod g-x [file to be changed]

I can add multiple permissions onto one change order. For instance, say I want to add read and execute permissions for the chief user of the file:

chmod u+rx [file to be changed]

For lovers of numeric abstraction and/or being closer to the metal, there is also a way to change permissions using numbers, I’ll get to that approach (the octal approach) later, in a separate entry. Maybe. If I need to, In the mean time, read about it in the manual page.

Whil I won’t delve into the details, I did want to point out one option, for recursion. This is the -R flag:

chmod -R u+x * [file to be changed]

This above command grants execute permission for all the file, not only in the working directory, but any subdirectories under it (Also, wildcards (*) do work with chmod, but be very sure about what you are changing before you hit that return key).

chmod never changes the values of symbolic links. Those permissions are the same as the file the link is connecting to. Symbolic links is another topic

This post just covers the mechanics, and the basic ones at that. Of course, there are a lot of implications that need to be articulated. Getting user permissions right is a matter of balancing security and ease of use: Granting permissions on an Internet-connected for everyone will ensure your system will be hacked. But keeping them too tight will cause the user aggravation and may hinder programs from working. I’ll explore these topics in future posts.

Taken from various tutorials, Dartmouth Tutorial, and Unix in a Nutshell

–Joab Jackson

And now, a word from our sponsor:





Tags:
Posted in command line, Identity Management, Linux Server Administration, Ubuntu, Unix | Comments Off

PHP: Creating a file on disk

Tuesday, April 7th, 2009

The PHP command for both creating and opening a file is “fopen” … Like typical Unix file programs, if it doesn’t see a file called “x” it will create a file called x.

How to create a disk file using PHP? This tutorial advises us to add these three lines to a PHP skeleton file:

$Name = “ThisFileWasCreatedByPHP.txt”;
$Handle = fopen($Name, ‘w’);
fclose($Handle);

(For the full working code, click here. To get the code to run in a PHP environment, change the “txt” suffix to “php”.)

All you do to execute this action of creating a file is to call up this page with a browser. The page should have a suffix of .php (i.e. “01-CreateFile.txt.php”) and you should have PHP working on your server.

NOTE: For this to work, the administrator must give “all” user permissions for reading, writing and executing programs for the directory this file is in. Sucks, I know. In other words, don’t use this in a directory with any valuable info (at the command line, type “chmod a+rwx [Name of Directory]“)

In the above code, the tutorial tutors us, the first line creates a name of the file (“ThisFileWasCreatedByPHP.txt”") and assigns it to a variable ($Name).

The second line instructs PHP to open and write (“w”) to a file, or if one doesn’t exist, create that file, with the “fopen” command, giving it the name of variable $Name (which in this case, happens to be “ThatThatWasCreatedByPHP.txt”). The third line closes the file.

For this sample, I used PHP 5.2.4

–Joab Jackson

And now, a brief word on why you should buy something:





Posted in Linux Server Administration, PHP, Ubuntu, Unix | Comments Off

Apache: Redirecting Web page requests

Sunday, April 5th, 2009

If you move a Web page on your site to another location, or give it a another address, there are a number of ways you can have the Apache Web server software automatically redirect browser requests that come in for the page to the new location.

The easiest way is to put a page at the old address that automatically directs the browser to the new location, i.e.:

<html>
<head>
<meta http-equiv=”refresh” content=”0;url=http://www.TheNewAddress.com”>
</head>
</html>

In the above page, the meta tag redirects the browser to the new location (here, it is “http://www.TheNewAddress.com”), with a delay of 0 seconds (“0″) . The user just sees the page at its current location.

This process of setting up a new page for each updated address is a but cumbersome though. Far better would be to put all the old addresses and their new replacements in a single file, which Apache could check every time a new request for a page comes in.

Fortunately, the HTTP protocol has something called 301 Status code, which is basically a permanent change-of-address notification.

For Apache, doing a 301 redirect involves setting a .htaccess blank file (or appending an existing one). The period in front of the the name means it will be a hidden file—to see hidden files, use the “ls-a” command.

To create such a file, just name a blank text file .htaccess. Place it in the root directory of your Web server (Or if all the pages you are redirecting are in one directory, place the file in that directory).

Then, add a new line for each redirect in the following form:

[old address] [new address]

For example, this entry at the bozo.com site…

/OldFiles/OldBozo.html /NewDirectory/NewFile.html

…clicking on the link “http://bozo.com/OldFiles/OldBozo.html,” the user’s browser will automatically pull up the “http://bozo.com/NewDirectory/NewFile.html.”

Note that when the new page is outside the control of the Web server, the full address (including “http://”) of the destination address must be used, not just the internal directory tree.

Setting up an Apache .htaccess file, if one didn’t previously exist, requires letting your copy of Apache know that this file exists and should be consulted. In Ubuntu, and probably other distributions as well, Apache ignores the .htaccess page in the default install.

(Note, for this instruction, I am using Apache 2.2.8 on Ubuntu server 8.0.4).

Doing this requires two steps. First of all, find the “apache2.conf” file. In Ubuntu, it is located in “/etc/apache2″ directory. It can be edited at the command line with a text editor, such as vi, emacs or Pico.

Open the file and search for the mention “.htaccess.” Check to see that “.htaccess” follows the “AccessFileName” option. If it is enabled, there will be no ‘#’ at the beginning of the line (meaning it is not commented out). This tells Apache to look in this file for directives, such as a page address substitute as the one above. It should read:

AccessFileName .htaccess

That is probably already set correctly, but the second step probably involves some changes in configuration. Namely you have to set something called “AllowOverride,” which is the configuration setting that tells Apache whether or not to follow the .htaccess requests

This option can be found in another file, one showing the directories that Apache should use for the Web site. In Ubuntu, it is the “default” file in the “sites-available” folder (“/etc/apache2/sites-available”). (NOTE: In Ubuntu this file is also under another name as a symbolic link, in the “sites-enabled” folder.)

In this “default” file, you will find a list of directories on your server that have been enabled as Web server pages.

<Directory /var/www/>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
</Directory>

NOTE: This is the not the “document root” entry, but the one right after it. The “document root” entry also has an AllowOverride. It is set as “none” and can stay that way.

Each entry (framed by <Directory> and the </Directory> tags) in this list specifies the options that Apache should use for that directory. In the above entry, change “AllowOverride None” to “AllowOverride All”.

A bite of explanation: “AllowOverride None” means Apache does not look for the .htaccess file, and does not follow its instructions. “AllowOverride All” means that it does.

After you make this change, or any changes to these configuration files, you need restart the Apache server software. In Ubuntu it is done thusly from the command line:

/etc/init.d/apache2 restart

(Note, you do not need to restart Apache when new entries to .htaccess are made. That seemed obvious but I should mention this anyway)

Also, if you know that all your rerouting is being done from one folder. You can place the .htaccess file in that folder, and, instead of changing the “AllowOverride” setting for the whole site, just make a new entry in the “default” configuration file for that one directory.

For instance, I wish to redirect addresses of expired Web pages in the “/var/www/L/” folder. I would place an .htaccess file in that folder and add this entry into the “default” configuration file:

<Directory /var/www/L/>
AllowOverride All
</directory>

This seems to be all you need to add–the other options are inherited from the listing of the parent directory.

End-note: I’ve found that Apache is extremely fussy about what is put into an .htaccess file. Don’t put junk in just as a way of testing something else out. Only properly formed URL’s or internal links should be added. Anything else will halt all Apache redirects, giving users only error messages.

Note: Other forms of redirection are discussed here.

–Joab Jackson

And now, a word from our sponsor:





Tags: ,
Posted in Apache, database, Javascript, Linux Server Administration, Ubuntu, Web | Comments Off

Unix: Keepin’ things regul’r w/ crontab

Sunday, March 29th, 2009

In Unix, to run a script at some regular interval, notate it in a crontab file. A crontab file is a list of programs that cron should run at specified times.

Cron itself is an OS service that runs scheduled jobs, those in any one of a number of crontab files on the machine. It is Unix daemon–It basically wakes up every minute, looks to see if any jobs need to be completed. If there are, it starts the job. If not, it goes back to sleep.

To find if cron is running on your system, type in, at the command line “ps -aux,” which will give you a list of all the processes running on the machine. Look for the name cron under the far-left column, called commands i.e.

root 4556 0.0 0.2 2100 888 ? Ss Feb17 0:01 /usr/sbin/cron

While there a few ways to get cron to execute a job (cron is another topic) , crontab is one way to get the job done. Like I said, crontab is basically a list of scripts, commands and programs that Unix can execute.

In Ubuntu (as w/ most other Linux distros), you edit the crontab file directly, by evoking it from the command line, i.e.:

#crontab -e

Listing jobs in crontab can be done by typing in:

#crontab -l

Anyway, when you edit, you will get a file. It may already have some jobs in it, i.e.:

# m h dom mon dow command

17 * * * * echo “hello”

In the first block above, the line (“# m h dom…”) is a header that is the key to explaining each of regularly scheduled jobs that will follow in subsuquent lines. m=minute, h-hour, dom=day of month, mon=month, dow=day of week, and command is the command or program that will be executed at the time indicated on the left.

Each job gets its own line. You add a job to be scheduled by adding a new line.

In the first five columns that specify time, “*” is null–means that column is unset. All the values are numeric and occasionally 3-letter abbreviations (i.e. week is 0-7 [0 & 7 = Sunday], though can also be sun “Sun”; month is 0-12 can also be name of the month. Hour is 0-23, with 23 being midnight).

After the first five entries are filled out, indicating when the job is to be run, the rest of the line is the job itself, expressed as a standard command line statement: It can be a command or series of commands that need to be run, or a program w/ the pathname.

In the above example, the command (“echo ‘hello’”) is run on the 17th minute of each hour. It prints the word “hello” on the screen.

With the day/week/month, you should specify on what time that job executes (If you run two times, say a day of of week and a day of the month, cron will run twice unless they fall on the same day). If you don’t specify what day/week/month, it will run every day, at the time you specify. You can also specify times -per unit, i.e., in the minute column, you can write “*/10″ to signify to run the job every 10 minutes.

(UBUNTU note: The User Geeks page says the crontab file is found in the /etc folder. Ubuntu’s own documentation advises you not to use this file–evidently it can be replaced by updates. Maybe it is only used for the configuration settings)

So, for instance, say I want to run a script, called “backup,” which backs up my files to another location. I want it to run, say, once a day (I don’t want to back up too often, in case I mess up a file, I can quickly retrieve). I’m usually never awake at 3:20 a.m., so I’ll specify that time each day. My new line in the crontab would look like this:

m h dom mon dow command
22 3 * * * /home/jobs/backup

If you want to run multiple commands simultaneously, use the “&&” between the two commands.

Getting a log file of your cron jobs

If you want a record of how things went, you can specify a (plain text) log file that can write out any results that would have otherwise be returned from the command line. You add the “>>” onto the end of your job, followed by the name of the log file, and its location:

30 16 * * * root /root/scripts/ServerBack >> /root/scripts/backup.log

NOTES:

*Ubuntu server does not initially allow user access to cron. In order to get Cron, you can either put the user name in a file called cron.allow, in the /etc directory, and create a cron.deny and not put that user name in that file.)

*If things aren’t running properly, check the var/log/syslog file for any error messages. For instance, my crontab entries did not work under root. When checking the log I found the

Mar 29 22:26:01 warehouse CRON[20531]: User account has expired

According to this article, when you lock a user account (so that it can’t be accessed externally), it also “expires” the password (Note: This isn’t a problem with Ubuntu out the box–it only happens when you unlock, then lock the root account). The log entry suggested running this command:

#chage -E-1 root

Which permanently unlocks the password. I have no idea *why* this works, but it has.

*For purposes of backup, you should track down the crontab files for each user (Again, this is not in the etc/ folder), so they can be saved. Beats rewriting them again when you set up a new server.

–Joab Jackson

And now, a word from our sponsor:





Tags: , ,
Posted in Backups, Bash, commands, database, Linux Server Administration, Time, Ubuntu, Unix | Comments Off

Unix: Removing outside Root access from Ubuntu

Saturday, March 28th, 2009

Every Unix box has a root account, or an account that has absolute control over the machine, its files and controls.

From all accounts, admins should use this account sparingly, only for cases where cross-system control is needed. You can make big mistakes (i.e. wipe out the system with a badly-worded command) from root. If you have work to do that can be done from a user account, use that instead.

Ubuntu has taken this precaution to the next level. When you install Ubuntu, it disables the root account. If you want to do root commands, you issue them from your account through the “sudo” command. basically sudo allows you to issue commands from another user’s account (assuming you have the password).

The idea behind this is that not only will it limit the mistakes you may make, but also reduce the attack footprint of your server. A cracker, trying to get in via SSH, doesn’t even get the option to guess the password to the root account to gain entry, because root can’t log in from SSH at all.

Now, like many old Linux codgers, as soon as I set up Ubuntu, I enabled the root account, mainly because filling in a password every time I wanted to do something in root was a pain. But I just learned that sudo actually has an option (sudo -i) that will allow you to work within a shell of a user account entirely–this means you evoke sudo once and then every thing you do from the command line is done from the account you’ve sudo’d in from, such as root. which is pretty neat, and eliminates the need to be able to access root from the outside (i.e. via SSH).

But if you already enabled root on your Ubuntu, how do you un-enable it? Simple, from the root account, use the psswd command to “lock” the account, i.e. make it inaccessible from outside users. “passwd -l root”

–Joab Jackson





Tags: ,
Posted in Identity Management, Linux Server Administration, Root, Ubuntu, Uncategorized, Unix | Comments Off

Traceroute: Finding a lost connection.

Wednesday, March 18th, 2009

Recently, my Web site seemingly stopped responding. Or at least it seemed that way from where I was, about 100 miles away at the time. I could not SSL in, nor could I get the Web page for the site. Even the Ping command did not work. Was my server down? Or was the network down?

I used the traceroute command to determine where the problem spot is. As it turned out, Traceroute did not solve the problem entirely, though it allowed me to define the troublespot with more precision.

Traceroute maps each hop along the journey from my computer to the end point that computer is trying to reach. On Windows, the command is “tracert [host name].” On Unix/Linux, it is “traceroute [host name].”

These were the results:

Tracing route to joabj.com [75.148.24.2]
over a maximum of 30 hops:

….snip first few hops…

5 12 ms 12 ms 12 ms so-15-0-0-0.RES-BB-RTR1-RE1.28.81.130.in-addr.arpa [130.81.28.248]
6 13 ms 12 ms 12 ms 0.so-1-2-0.XL3.IAD8.ALTER.NET [152.63.37.117]
7 14 ms 12 ms 11 ms 0.ge-6-0-0.BR2.IAD8.ALTER.NET [152.63.41.149]
8 12 ms 12 ms 11 ms te-11-3-0.edge1.Washington4.level3.net [4.68.63.169]
9 14 ms 14 ms 13 ms ae-1-69.edge1.Washington1.Level3.net [4.68.17.16]
10 14 ms 14 ms 15 ms COMCAST-IP.edge1.Washington1.Level3.net [4.79.231.14]
11 14 ms 15 ms 14 ms 68.85.130.53
12 15 ms 14 ms 14 ms 68.85.130.54
13 * * * Request timed out.
14 * * * Request timed out. (repeated until hop number reached 30)

Trace complete.

Each successive line represents the next hop on the network. In the above set of data, the first column is the count of nodes from the client making the request. The following three times (in milliseconds) indicates the the time that node took to respond to the traceroute request (about 500 milliseconds is the upper-end of acceptable response time. And the last column is the Internet Protocol (IP) number and, if available, the domain name of the node at that location.

As this page helpfully explained, it appeared as if a node at least one hop away from my own server was not not responding (75.148.24.2).

This was indicated by the * * * in the output. The asterisk means that the node did not respond to the traceroute request in a timely manner. A single asterisk can be typical, especially for a busy server, though all asterisks indicates trouble is afoot.

What was odd was that my own server was not the last IP number listed. So it could be that it was down, or it could be that there was another hop. As the tutorial suggested, I did a traceroute from another location, in this case from
Network-Tools(A whole list of others could be found here). From this location, it appeared as if my server was responding fine, but the hop before it was not responding, I.e.:

Hop (ms) (ms) (ms) IP Address Host name
1 28 6 8 72.249.134.177 -
2 7 6 8 8.9.232.73 xe-5-3-0.edge3.dallas1.level3.net
3 9 6 6 4.71.198.14 comcast-ip.edge3.dallas1.level3.net
4 29 30 42 68.86.85.254 pos-0-13-0-0-cr01.atlanta.ga.ibone.comcast.net
5 47 45 42 68.86.85.238 pos-0-12-0-0-cr01.mclean.va.ibone.comcast.net
6 46 48 59 68.85.130.53 -
7 54 48 47 68.85.130.54 -
8 Timed out Timed out Timed out -
9 59 50 53 75.148.24.2 www.joabj.com

Trace complete

So, whatever that hop is between 68.85.130.54 and my own site (75.85.130.54) was not responding. But my own site was! Most peculiar.

Adding to the mystery even further, I found I could access my Web site just fine, using an anonymous public proxies (public proxies are third-party sites you can go to visit other Web sites, without either that site or your own network administrator knowing the IP details of either party). This meant that other parties could access my site, but no computer from the IP address I was could.

This other site notes that the no information coming back from a hop (“* * *”) means only that that hop doesn’t respond to traceroute requests, not that it is not operating correctly. It could not be returning information for security reasons, for instance. This would not be the case if it were the last hop that was not responding in the traceroute—this is why it is important to do traceroute from alternate locations. (And this page points out that sometimes timed-out requests do not, at least in some cases, represent, nodes; rather they are artifacts of the traceroute reporting mechanism.)

So, summary (for now): Something at the location one hop away from my server is blocking access to that server, though only for my own remote location. According to this page, this may be my IP provider (Comcast) blocking any traffic from my own IP address (maybe because of the large number of files I had been transferring between the two locations).

The good news that I am working from a location with dynamic IP, so getting another IP address address should do the trick. (Update: I regained access from this location the next day).

–Joab Jackson





Tags:
Posted in Linux Server Administration, Ubuntu | Comments Off

« Older Entries