cpanel 500 internal server error

I have seen many posts with people having trouble with internal server errors on cpanel while using suPHP as the php handler.

unfortunatley people seem to be going way above and beyond what is required to troubleshoot this issue.

A simple way to fix most issues is to simply login to your cpanel/WHM server via ssh and run /scripts/chownpublichtmls

In most cases it is simply a case that you have file permissions incorrect or you have root set as the owner on many of your files.

If that does not work then you likley have other permission based issues so I suggest you ensure all your directories are set to chmod 755 and make sure all your .php files are set to chmod 644 (suPHP will not work with permissions higher than 644)

you can check the permissions in command line by running e.g. ‘stat /home/john/public_html’

Hope it helps someone 

 

12.971606 77.594376

SSL + cpanel = 500 internal server error

Been working on this issue for some time and its been rather annoying, finaly got it solved with the help of a very helpfull member of the cpanel forum by the name of Miraenda.

Scenario:

You get a 500 server error after installing an ssl cert and using https and your error logs in apache contain somthing along the lines of:
SoftException in Application.cpp:422: Mismatch between target UID (99) and UID (503) of file “/home/someuser/public_html/anything.php”,

This is because the /var/cpanel/userdata/someuser/domain-name.com_SSL  does not contain the correct user info i.e. is installed as the wrong user (usualy nobody “UID (99) is nobody”)

FIX:

To fix this you first need to find your domain-name.com_SSL file in /var/cpanel/userdata/ look in this directory you will have a bunch of users in here one of which is likley to be “nobody” and is a good place to start.

Once you find the file move it to the correct user location.
e.g. if you are not sure which user it should be installed as go to the directory that is causing the issue and run “stat /home/someuser/publichtml/somefile.php” this will give you enough info to find out who it should be installed as.

Now you have the file in the right place you need to make a few changes to the domain-name_SSL file to make it work correctly.

You should see the following lines:

documentroot: /home/user/public_html
group: user
homedir: /home/user
user: user

Replace user with the username for each one. note, these are not the only lines in the file, they are just the lines you need to change in that file.

If the account is a reseller and not owned by root, you will also need to change owner: root to owner: user.

Please also check the ip: field has the right IP listed.

After making all the changes, then run these commands to rebuild Apache with the new entries and get it restarted:

/scripts/rebuildhttpdconf
/etc/init.d/httpd restart

Now test it again 

hope this help someone.

 

12.971606 77.594376

How To rsync Server Setup for Centos

Little simple to follow guide I found on my travels, thought it might come in handy to some.

Make sure xinetd and rsync is available, if not type
# yum -y install rsync xinetd

Add xinetd service to system
# chkconfig –add xinetd

Make sure xinetd running on init 3 and 5
# chkconfig –list xinetd

Enable rsync
# vi /etc/xinetd.d/rsync
Change disable = yes into disable = no

Create username and password for rsync client to use
# vi /etc/rsyncd.secrets
adminname:hispassword

Create configuration and shares for rsync daemon
# vi /etc/rsyncd.conf
max connections = 2
log file = /var/log/rsync.log
timeout = 300 

[shares]
comment = shared data stored here
path = /home/adminname/shares
read only = false # chg to true if you want read only
list = yes
uid = adminname
gid = adminname
auth users = adminname
secrets file = /etc/rsyncd.secrets
hosts allow = 10.10.105.0/24

Secure /etc/rsyncd.*
# chown root.root /etc/rsyncd.*
# chmod 600 /etc/rsyncd.*

Restart xinetd
# service xinetd restart

Make sure rsync now running
# chkconfig –list

Perhaps you also want to enable port 873 tcp and udp on your firewall so other can connect to your server

A good windows client if you intend using it from windown is DeltaCopy http://www.aboutmyip.com/AboutMyXApp/DeltaCopyDownloadInstaller.jsp

 

12.971606 77.594376

Setting up A High Availability Cluster (Heartbeat) On CentOS

This guide shows how you can set up a two node, high-availability HTTP cluster with heartbeat on CentOS. Both nodes use the Apache web server to serve the same content.

Pre-Configuration Requirements

1. Assign hostname node01 to primary node with IP address 172.16.4.80 to eth0.
2. Assign hostname node02 to slave node with IP address 172.16.4.81.

Note: on node01

uname -n

must return node01.

On node02

uname -n

must return node02.

172.16.4.82 is the virtual IP address that will be used for our Apache webserver (i.e., Apache will listen on that address).

Configuration

1. Download and install the heartbeat package. In our case we are using CentOS so we will install heartbeat with yum:

yum install heartbeat

or download these packages:

heartbeat-2.08
heartbeat-pils-2.08
heartbeat-stonith-2.08

2. Now we have to configure heartbeat on our two node cluster. We will deal with three files. These are:

authkeys
ha.cf
haresources

3. Now moving to our configuration. But there is one more thing to do, that is to copy these files to the /etc/ha.d directory. In our case we copy these files as given below:

cp /usr/share/doc/heartbeat-2.1.2/authkeys /etc/ha.d/
cp /usr/share/doc/heartbeat-2.1.2/ha.cf /etc/ha.d/
cp /usr/share/doc/heartbeat-2.1.2/haresources /etc/ha.d/

4. Now let’s start configuring heartbeat. First we will deal with the authkeys file, we will use authentication method 2 (sha1). For this we will make changes in the authkeys file as below.

vi /etc/ha.d/authkeys

Then add the following lines:

auth 2
2 sha1 test-ha

Change the permission of the authkeys file:

chmod 600 /etc/ha.d/authkeys

5. Moving to our second file (ha.cf) which is the most important. So edit the ha.cf file with vi:

vi /etc/ha.d/ha.cf

Add the following lines in the ha.cf file:

logfile /var/log/ha-log
logfacility local0
keepalive 2
deadtime 30
initdead 120
bcast eth0
udpport 694
auto_failback on
node node01
node node02

Note: node01 and node02 is the output generated by

uname -n

6. The final piece of work in our configuration is to edit the haresources file. This file contains the information about resources which we want to highly enable. In our case we want the webserver (httpd) highly available:

vi /etc/ha.d/haresources

Add the following line:

node01 172.16.4.82 httpd

7. Copy the /etc/ha.d/ directory from node01 to node02:

scp -r /etc/ha.d/ root@node02:/etc/

8. As we want httpd highly enabled let’s start configuring httpd:

vi /etc/httpd/conf/httpd.conf

Add this line in httpd.conf:

Listen 172.16.4.82:80

9. Copy the /etc/httpd/conf/httpd.conf file to node02:

scp /etc/httpd/conf/httpd.conf root@node02:/etc/httpd/conf/

10. Create the file index.html on both nodes (node01 & node02):

On node01:

echo “node01 apache test server” > /var/www/html/index.html

On node02:

echo “node02 apache test server” > /var/www/html/index.html

11. Now start heartbeat on the primary node01 and slave node02:
/etc/init.d/heartbeat start

12. Open web-browser and type in the URL:

http://172.16.4.82

It will show node01 apache test server.

13. Now stop the hearbeat daemon on node01:

/etc/init.d/heartbeat stop

In your browser type in the URL http://172.16.4.82 and press enter.

It will show node02 apache test server.

14. We don’t need to create a virtual network interface and assign an IP address (172.16.4.82) to it. Heartbeat will do this for you, and start the service (httpd) itself. So don’t worry about this.

Don’t use the IP addresses 172.16.4.80 and 172.16.4.81 for services. These addresses are used by heartbeat for communication between node01 and node02. When any of them will be used for services/resources, it will disturb hearbeat and will not work. Be carefull!

 

12.971606 77.594376

Setting up an SSL secured Webserver with CentOS

This guide will explain how to set up a site over https. The tutorial uses a self signed key so will work well for a personal website or testing purposes. This is provided as is so proceed at your own risk and take backups!

1. Getting the required software

For an SSL encrypted web server you will need a few things. Depending on your install you may or may not have OpenSSL and mod_ssl, Apache’s interface to OpenSSL. Use yum to get them if you need them.

yum install mod_ssl openssl

Yum will either tell you they are installed or will install them for you.

2. Generate a self-signed certificate

Using OpenSSL we will generate a self-signed certificate. If you are using this on a production server you are probably likely to want a key from Trusted Certificate Authority, but if you are just using this on a personal site or for testing purposes a self-signed certificate is fine. To create the key you will need to be root so you can either su to root or use sudo in front of the commands

# Generate private key
openssl genrsa -out ca.key 1024 

# Generate CSR
openssl req -new -key ca.key -out ca.csr

# Generate Self Signed Key
openssl x509 -req -days 365 -in ca.csr -signkey ca.key -out ca.crt

# Move the files to the correct locations
mv ca.crt /etc/pki/tls/certs
mv ca.key /etc/pki/tls/private/ca.key
mv ca.csr /etc/pki/tls/private/ca.csr

Then we need to update the Apache SSL configuration file

vi +/SSLCertificateFile /etc/httpd/conf.d/ssl.conf

Change the paths to match where the Key file is stored. If you’ve used the method above it will be

SSLCertificateFile /etc/pki/tls/certs/ca.crt

Then set the correct path for the Certificate Key File a few lines below. If you’ve followed the instructions above it is:

SSLCertificateKeyFile /etc/pki/tls/private/ca.key

Quit and save the file and then restart Apache

/etc/init.d/httpd restart

All being well you should now be able to connect over https to your server and see a default Centos page. As the certificate is self signed browsers will generally ask you whether you want to accept the certificate. Firefox 3 won’t let you connect at all but you can override this.

3. Setting up the virtual hosts

Just as you set VirtualHosts for http on port 80 so you do for https on port 443. A typicalVirtualHost for a site on port 80 looks like this

<VirtualHost *:80>
        <Directory /var/www/vhosts/yoursite.com/httpdocs>
        AllowOverride All
        </Directory>
        DocumentRoot /var/www/vhosts/yoursite.com/httpdocs
        ServerName yoursite.com
</VirtualHost>

To add a sister site on port 443 you need to add the following at the top of your file

NameVirtualHost *:443

and then a VirtualHost record something like this:

<VirtualHost *:443>
        SSLEngine on
        SSLCertificateFile /etc/pki/tls/certs/ca.crt
        SSLCertificateKeyFile /etc/pki/tls/private/ca.key
        <Directory /var/www/vhosts/yoursite.com/httpsdocs>
        AllowOverride All
        </Directory>
        DocumentRoot /var/www/vhosts/yoursite.com/httpsdocs
        ServerName yoursite.com
</VirtualHost>

Restart Apache again using

/etc/init.d/httpd restart

4. Configuring the firewall

You should now have a site working over https using a self-signed certificate. If you can’t connect you may need to open the port on your firewall. To do this amend your iptables rules:

iptables -A INPUT -p tcp --dport 443 -j ACCEPT
/sbin/service iptables save
iptables -L -v

 

12.971606 77.594376

How To Create Kickstart (Unattended)Centos Linux OS installation

Kickstart means automated OS installation. Most Linux OS installation can be done via Kickstart and it can be performed using local boot media or over network(FTP, HTTP, NFS and etc).

Here, we’re going to talk about using HTTP method to perform Kickstart.

Prerequisite:

1. Boot media (for creating a USB bootdisk, you can refer to my earlier article)
2. You should have the Centos installation CD/image to crate the installation tree
3. Running Webserver for Kick Start OS installation
4. Running DHCP server (Optional)

Setting Up Kickstart server:

1. Create a directory name “Centos5.5″ in your webserver DocumentRoot.
   • eg: mount -o ro /dev/sdc /media/cdrom
2. Insert the Centos CD-ROMs and copy all the binaries into that directory (copy the binaries from all the installation CD-ROMs)
   • eg: cp iVaf /media/cdrom/Centos /var/www/html/Centos5.5
3. Create an answer file for automate the installation process.
   • You can use any kick start configurator tool or refer to the file /root/anaconda-ks.cfg in any of your Linux machine.

   

   • Or you may download my sample ks.cfg (18) as reference
4. Copy the ks.cfg file to your Centos5.5 directory.
5. You will have 1 new directory and 1 ks.cfg created like below:
   • For example /var/www/html is your DocumentRoot
   • You will have /var/www/html/Centos5.5 and /var/www/html/Centos5.5/ks.cfg
6. Attached boot media and then boot up the machine that you want to perform Kickstart OS installation.
7. Configure the BIOS setting to make your boot media as “First Boot Device”
   • For my case cause I’m using USB hard disk, so my “First Boot Device” should be Removable.
   • Save the BIOS setting then continue

   

   

   

   

8. You will see OS installation menu screen, fro there type in below BOLDcommand
   • boot: linux ks=http://192.168.1.1/~chenhow/Centos5.5/ks.cfg
   • 192.168.1.1 is my Web server IP
   • ~/chenhow is my subdirectories (I’m using userdir module for lighttpd)

   

   

9. Then, the installation process will start and everything should be automated.

 

12.971606 77.594376

How to use Cron Jobs and Scripting

Cron jobs

Today I needed a quick solution to monitor the free space on my Ubuntu server.  I didn’t want to setup monitoring software just to find out a quick statistic about the server’s disk space so I figured I could write a script to check it for me.  This would also give me a chance to practice setting up tasks via the command line with cron.  My requirements for this were just to check the amount of free space on the single hard drive on the server.  The output would also contain the time & date so I could get an idea of when the drive was last checked. 

First a script to get the information that I need from the server.  We can use the “df” command which will show information about the file system.  This along with some parsing commands will give us the results that we need.  The script goes something like this:

#!/bin/bash
date >> driveSpace.log
fspace=`df -h | grep sda | awk ‘{ print $5 }’`
echo “There is “$fspace” disk space left.” >> ~/driveSpace.log

This little script creates a log file in my home directory (called driveSpace.log) which will get a “date” stamp and a single line telling me how much disk space is left on the drive.  I saved this as diskSpace.sh and also left it located in my home directory.  Next we will need to setup the cron command that will allow this script to run once a day to check the disk space.  In order to run the cron process as a non-root user you will need to have your account listed in the /etc/cron.allow file.  Now I’m working on an Ubuntu server and by default there is no cron.allow file you need to create it.  If you don’t the cron job will never execute.  My test user is called Jake so I will add him to the cron.allow file.  Use the sudo command to create the necessary file:

sudo echo Jake >> /etc/cron.allow

This will create the file and also put Jake in the file so that he now has rights to run his own cron jobs.  Next we can go ahead an create a crontab file for Jake.  Enter the following:

crontab -e

This will create a new crontab file (if one doesn’t exist already) and then bring you into that crontab file for the user.  You’ll see on the top commented out the syntax that we need to use in order to create cron jobs.  For our script we are going to use the following syntax:

01 04 * * * /home/Jake/diskSpace.sh

This syntax says that I want to run this script at 4:01AM every day of the week and output to the logfile specified in the script.  This way I can monitor the log file to check how full my system disk is.  You can get more fancy with a script like this as well making checks to see if the disk is at a certain threashold, or to email you when it breaks a certain threashold.  This is just a basic example of how powerful scripting can be along side creating tasks to automate the process.

12.971606 77.594376

How To Installing Lighttpd With PHP5 And MySQL Support On CentOS

Lighttpd is a secure, fast, standards-compliant web server designed for speed-critical environments. This tutorial shows how you can install Lighttpd on a CentOS 5.0 server with PHP5 support (through FastCGI) and MySQL support.
1 Preliminary Note

In this tutorial I use the hostname server1.example.com with the IP address 192.168.0.100. These settings might differ for you, so you have to replace them where appropriate.

2 Installing MySQL 5.0

First we install MySQL 5.0 like this:

yum install mysql mysql-server

Then we create the system startup links for MySQL (so that MySQL starts automatically whenever the system boots) and start the MySQL server:

chkconfig –levels 235 mysqld on
/etc/init.d/mysqld start

Create a password for the MySQL user root (replace yourrootsqlpassword with the password you want to use):

mysqladmin -u root password yourrootsqlpassword

Then check with

netstat -tap | grep mysql

on which addresses MySQL is listening. If the output looks like this:

tcp 0 0 localhost.localdo:mysql *:* LISTEN 2713/mysqld

which means MySQL is listening on localhost.localdomain only, then you’re safe with the password you set before. But if the output looks like this:

tcp 0 0 *:mysql *:* LISTEN 2713/mysqld

you should set a MySQL password for your hostname, too, because otherwise anybody can access your database and modify data:

mysqladmin -h server1.example.com -u root password yourrootsqlpassword

3 Installing Lighttpd

Lighttpd is not available from the official CentOS 5.0 repositories, but from the RPMforge repositories (see http://dag.wieers.com/rpm/FAQ.php#B2 for instructions). We install the RPMforge package for RHEL 5 which works for CentOS 5.0 as well:

rpm -Uhv http://apt.sw.be/redhat/el5/en/i386/rpmforge/RPMS/rpmforge-release-0.3.6-1.el5.rf.i386.rpm

Afterwards, we can install Lighttpd like this:

yum install lighttpd

Then we create the system startup links for Lighttpd (so that Lighttpd starts automatically whenever the system boots) and start it:

chkconfig –levels 235 lighttpd on
/etc/init.d/lighttpd start

Now direct your browser to http://192.168.0.100, and you should see the Lighttpd placeholder page:

Lighttpd’s default document root is /srv/www/lighttpd on CentOS 5.0, and the configuration file is /etc/lighttpd/lighttpd.conf.

4 Installing PHP5

We can make PHP5 work in Lighttpd through FastCGI. Therefore we install the packages lighttpd-fastcgi and php-cli:

yum install lighttpd-fastcgi php-cli

5 Configuring Lighttpd And PHP5

To enable PHP5 in Lighttpd, we must modify two files, /etc/php.ini and /etc/lighttpd/lighttpd.conf. First we open /etc/php.ini and add the line cgi.fix_pathinfo = 1 right at the end of the file:

vi /etc/php.ini
[…]
cgi.fix_pathinfo = 1
Then we open /etc/lighttpd/lighttpd.conf and uncomment “mod_fastcgi”, in the server.modules stanza:

vi /etc/lighttpd/lighttpd.conf
[…]
server.modules = (
# “mod_rewrite”,
# “mod_redirect”,
# “mod_alias”,
“mod_access”,
# “mod_cml”,
# “mod_trigger_b4_dl”,
# “mod_auth”,
# “mod_status”,
# “mod_setenv”,
“mod_fastcgi”,
# “mod_proxy”,
# “mod_simple_vhost”,
# “mod_evhost”,
# “mod_userdir”,
# “mod_cgi”,
# “mod_compress”,
# “mod_ssi”,
# “mod_usertrack”,
# “mod_expire”,
# “mod_secdownload”,
# “mod_rrdtool”,
“mod_accesslog” )
[…]
and then , further down the file, there’s a fastcgi.server stanza which we uncomment as well – make sure you use /usr/bin/php-cgi instead of /usr/local/bin/php in the “bin-path” line::
[…]
#### fastcgi module
## read fastcgi.txt for more info
fastcgi.server = ( “.php” =>
( “localhost” =>
(
“socket” => “/tmp/php-fastcgi.socket”,
“bin-path” => “/usr/bin/php-cgi”
)
)
)
[…]
Then we restart Lighttpd:

/etc/init.d/lighttpd restart
6 Testing PHP5 / Getting Details About Your PHP5 Installation

The document root of the default web site is /srv/www/lighttpd. We will now create a small PHP file (info.php) in that directory and call it in a browser. The file will display lots of useful details about our PHP installation, such as the installed PHP version.

vi /srv/www/lighttpd/info.php
<?php
phpinfo();
?>
Now we call that file in a browser (e.g. http://192.168.0.100/info.php):

As you see, PHP5 is working, and it’s working through FastCGI, as shown in the Server API line. If you scroll further down, you will see all modules that are already enabled in PHP5. MySQL is not listed there which means we don’t have MySQL support in PHP5 yet.
7 Getting MySQL Support In PHP5

To get MySQL support in PHP, we can install the php-mysql package. It’s a good idea to install some other PHP5 modules as well as you might need them for your applications. You can search for available PHP5 modules like this:
yum search php

Pick the ones you need and install them like this:

yum install php-mysql php-gd php-imap php-ldap php-odbc php-pear php-xml php-xmlrpc

Now restart Lighttpd:

/etc/init.d/lighttpd restart

Now reload http://192.168.0.100/info.php in your browser and scroll down to the modules section again. You should now find lots of new modules there, including the MySQL module.

 

12.971606 77.594376

How to Set Up a TFTP Server on Linux

Good post over on linux.com the often forgotten TFTP can be a life saver.

Most users are familiar with FTP, but if you want to kickstart Red Hat installs, PXE boot systems, auto-provision VoIP phones or unbrick a Linux-based router, you want aTrivial File Transfer Protocol (TFTP) server. Setting one up on Linux is easy, and a perfect project to take on over the weekend.

TFTP (RFC 1350) is very low-overhead variant of the more familiar FTP that you are probably already used to interacting with. It is optimized for transferring files over a local network to small devices that may not even have permanent storage. In the old days, that originally meant thin clients booting over the network. Today there are still network services that depend on TFTP (most notably the Linux Terminal Server Project and Red Hat’s Kickstart remote-installation system) but it has taken on a second important role in VoIP, as the preferred way to “auto-provision” many IP telephones and analog telephone adapters (ATAs), distributing configuration files at boot time in a manner similar to DHCP. In addition to that, if you accidentally brick your Linux-based router while installing DD-WRT, TFTP may be your only path to restoring it. Fortunately, even though the protocol might not get the same public respect as FTP, Linux supports it just fine.

TFTP uses UDP as its transport protocol, on the reserved port 69. Like FTP, it can be used in either ASCII or binary mode, but unlike FTP it has no directory-listing or navigation features, because it was not primarily designed for interactive client use. Instead, TFTP clients typically boot up and request a specific file. If a listening server has the file, it acknowledges the request and begins transferring it.

This is a very simple process, which is what makes TFTP popular for thin client setups like Preboot eXecution Environment (PXE) and for embedded devices without built-in or USB-attachable storage. But it also includes no authentication step or access control methods, which makes man-in-the-middle attacks a very real security issue when dealing with VoIP deployments that require a support server to be running constantly.

An attacker that compromises the TFTP server can send rogue configuration files that do anything from register phones with different Session Initiation Protocol (SIP) gateways to perform denial-of-service by setting bad configuration parameters. Attacking a PXE system is a little more difficult, since the setup also includes DHCP, but it is certainly possible to upload a bad bootimage to thin clients.

On the other hand, if you just need to unbrick your router or flash a device with new firmware over TFTP, you do not need to run a TFTP server constantly. If you are really paranoid, you can just disconnect the WAN connection during the process. Since the two use cases are so different, the best choice for a static TFTP server probably is not the choice you would want just for an isolated job. We will consider each in turn.

Setting up static TFTP

For administrating a netboot or VoIP deployment, there are two main Linux TFTP server projects to choose from: tftpd-hpa and atftpd. The former is a port of OpenBSD’s TFTP daemon, though the Linux version has diverged over the course of several releases. Atftpd (which stands for Advanced TFTPd) is native to Linux. Both include support for several newer TFTP revision options, such as negotiable transfer block sizes and negotiable time-outs.

Your distribution may package one or the other, or both. If you are faced with a choice, the main differences between the two are in their security features and support for multicast TFTP.

Atftpd provides only host-level security using the libwrap TCP wrapper library. You can add TFTP clients by host name or address to /etc/hosts.allow or use exclusion rules in /etc/hosts.deny. Tftpd-hpa, on the other hand, respects rules in both hosts.allow and hosts.deny, but also implements several other security features. By default, it can only serve files that are publicly readable (i.e., o+r), and will only allow files to be uploaded by clients if the filename in question already exists and is publicly writable. Finally, starting the daemon with the -s option performs a chroot to the TFTP file directory to prevent an attacker from accessing anything else on the server.

Only atftpd, however, supports multicast TFTP, both the version specified in RFC 2090and the slightly-different version that is part of the PXE specification. Thus, if you need to support PXE thin clients, atftpd is the better choice, but for all others, including VoIP provisioning, the added security features of tftpd-hpa are worth having.

Both servers can be started either by inetd or as standalone daemons, and store a configuration file in /etc/default/.

The tftpd-hpa server’s file is /etc/default/tftpd-hpa. By default it includes the line RUN_DAEMON="no", which allows it to be started and managed by inetd. Change this value to “yes” to start the server as a daemon instead. The OPTIONS= line lists a quoted series of run-time configuration flags, the most important of which is -s /path/to/tftp/directory.

Atftpd’s configuration is found in /etc/default/atftpd. By default, it includesUSE_INETD=true to indicate inetd management; change this to false to run atftpd as a daemon. Aftpd requires that you specify the TFTP directory as the final argument, after all of the command-line switches, so you would simply append /var/tftpd to the end of its OPTIONS line.

Next, make sure that you create the TFTP directory you intend to use (say,/var/tftp/), and give it the proper ownership and permissions. Both daemons run as user nobody by default, so run chown -R nobody /var/tftp to set the ownership correctly, and chmod -R 777 /var/tftp to assign the correct permissions. Then, start the daemon: either execute /etc/init.d/atftpd restart or /etc/init.d/tftpd-hpa restart. Both services uses the standard Linux syslog utility, with run-time verbosity control so you can monitor their behavior.

For advanced usage, each of the servers also provides a way to serve alternate contents when it receives a specific file request, based on regular-expression matching and replacement. This can be useful when a device is hard-coded to request a specific firmware image, but you need to flash it with a newer replacement. But the two servers differ in their implementations. Atftpd uses Perl-Compatible Regular Expressions (PCREs), and allows for simple pattern/replacement pairs based on filename. Tftpd-hpa uses POSIX regular expression syntax, which is not as flexible, but it allows file remapping rules to be based on client IP address in addition to matching filenames alone.

The Simpler Case: TFTPing a Single File

If all you need to do is make one file available over TFTP for a short period of time, including restoring the factory firmware to a bricked router or uploading an update to your Cisco IP phone, you do not need to install and configure a full service like either of those discussed above. While it would be nice if Linksys and Cisco provided a simple command-line or GUI TFTP application for these occasions, neither do.

There is at least one robust, painless-to-use standalone TFTP app for Linux, though:tftpgui. Written in Python, tftpgui is meant to run as a user-initiated interactive application. The author documents its use with a variety of Cisco equipment, and it has also been tested with Vonage, Sipura, Linksys, and Grandstream hardware.

Currently, no distributions package tftpgui, so you will need to grab the latest tarball from the project’s downloads page. You can unpack its contents anywhere; it does not need to be compiled and installed to be used. In order to run on the default port of 69, you must launch the GUI as root, so execute sudo python ./tftpgui.py & to get started.

There are four buttons at the top: Start and Stop enable and disable the server, Exit closes the GUI, and Setup allows you to specify configuration rules. You must select a TFTP directory holding the files you need to move, and you can specify a log directory and change the UDP port on which the server listens.

The one security feature tftpgui includes is the ability to restrict incoming TFTP requests to a specific subnet, so if you must run the application in a hostile environment, you can at least try to isolate yourself to a vacant subnet before starting. You can also enter the remote clients IP address and specify a subnet mask of 32, even though purists may call that cheating.

After you apply any configuration settings and press Start in the main window, the main canvas will report any TFTP requests and return codes. You can then restart the remote device and watch its TFTP request hit the server, or if you are attempting to de-brick a router, follow whatever steps the instructions tell you to do.

Tftpgui does not support any of the extended protocol options like filename replacement or multicasting, but if you were stuck without a simple way to serve up a replacement firmware image or provisioning file, it may fit the bill.

In some ways, TFTP is a relic from the 1980s. As embedded devices get smarter and memory gets cheaper, more and more OEM products that used to use TFTP alone as their update mechanism are starting to include embedded HTTP stacks. That certainly makes it easier to troubleshoot, since most Linux boxes have Apache or another web server already installed. Still, when you find yourself trapped with a device that speaks only an unfamiliar protocol, it is reassuring to see that on Linux machines, old RFCs never die.

 

12.971606 77.594376

How to Access Your Windows PC from Linux

Although the monopoly of the desktop market is still dominated by Microsoft Windows, Linux has long since established itself as the most viable option for server based computing environments. Therefore, most of the network systems nowadays, regardless the number of hosts that are always connected through one or more Linux servers. Due to this multi-infrastructural settings present in network environments, sharing files between Linux machines and Windows powered machines is a common scenario which will be very useful for us to have the know-how.

Samba server is the method using which you can enable a Linux box to share files over a network with a Windows box and vice-versa. Samba provides file and print services to SMB/CIFS clients whom are running on Windows, Linux/ UNIX flavors, Mac OS and a wide variety of operating systems.

Accessing files residing on a Windows PC from Linux can be achieved in two ways.

• Using SAMBA client via command line
• Using GUI tools

Soufce: techotopia.com 

Using SAMBA Client via Command Line

In your Windows box, assume you have a central shared folder. Whatever files that would be put into this folder can be shared with any other remote machine Linux or Windows over a network. For explanation purposes, let us name your Windows box as WIN-PC and your share folder as WIN-SHARE.

Step 1

In order for your Linux box to identify WIN-SHARE folder, it should be mounted on Linux. The mount point is a directory at the location, /mnt/win. Type the following commands on the terminal.

# mkdir -p /mnt/win
# mount -t smbfs -o username=<username>,password=<password> //WIN-PC/WIN-SHARE /mnt/win
# cd /mnt/win
# ls -l

You need to replace <username>,<password> with your login name and the password of your windows machine.

Step 2

The above command will mount //WIN-PC/WIN-SHARE only for one time use. For the mounting to happen every time Linux system reboots, add the following line in /etc/fstab:

• Open a terminal
• Type:

# vi /etc/fstab

• On the editor add the line:

//WIN-PC/share /mnt/win smbfs auto,gid=users,fmask=0664,dmask=0775,iocharset=iso8859-15, credentials=/etc/sambapasswords 0 0

Step 3

Create the password file at /etc/sambapasswords:

• Open a terminal
• Type:

vi /etc/sambapasswords

• On the editor add these lines:

username = <windows login name>

password = <windows login password>

Step 4

Secure sambapasswords file so that only the root can access it.

• Open a terminal
• Type:

# chown 0.0 /etc/sambapasswords

# chmod 600 /etc/sambapasswords

And that is it! You have just learned the tech-savvy method of accessing files residing on a Windows box from a Linux box. Next, we take a look as to how we can do this without any complicated syntaxes and just by a few clicks.

Using GUI Tools

• Create a folder on your Windows machine → right click → select Properties → click on sharing tab → turn on sharing.
• Give a name for the shared folder (e.g. WIN-SHARE) in the box provided
• Find the IP address of your PC :
• Open the command prompt
• type “ipconfig”
• Note down the displayed IP address somewhere. (e.g. 192.168.10.5)
• In your Linux box press ALT + F2 to open the Run dialog.
• In the text box type the IP address and the shared folder name of your windows machine with the prefix

smb://192.168.10.5/WIN-SHARE

• When you press run button in Run dialog, Linux will automatically connect to the Windows machine, access the specified folder and display the content on your Linux box.
• If your Windows machine is password protected you may need to provide the password upon connecting.
• You may also view the shared files if you go to Places → Networks. This will display all the Windows network shared folders your Linux machine is currently connected to.

12.971606 77.594376