MJS1|dotcom » Linux

Creating a favicon

admin — Wed, 03 Jun 2009 12:08:04 +0000

To jazz up your site and make it look professional, you should add a favicon icon. This is the icon that shows up in the url of your browser. An easy way to create a favicon is to use one of the free favicon site out there. One such on is.

http://www.favicon.cc/?action=edit_image&file_id=35382

Securing your WordPress installation

admin — Fri, 15 May 2009 15:40:04 +0000

Found this nice article on securing your wordpress installation, http://codex.wordpress.org/Hardening_WordPress.

The chmod command it used to change the permissions of files and directories. It should be noted that directories and files need different types of permisssions. For instance, directories need the x (execute) permision to be able to list files and yence for your wordpress to run.

For the most secure installation, make your permissions very restrictive and open them up as necessary.

In general, you should be the owner of your files and directories and be able to read, write and execute, rwx or 7. The group assigned to the files and folders should be the group that is running the apache web service. For the default CentOS installation, this group is apache. For the group chmod setting, directories should be set to r-x (5)and files should be r– (4). To get all the functionality out of wordpress, you may have to loosen that a bit, but it is a good starting point. See the article mentioned above for more information.

Ok, so here comes the tricky part. How do you get directories to be one type of permission and files to be another type of permission. The -R option for chmod will apply the setting to all files and folders recursively and this is not exactly what we want. So we need to do this in multiple steps.

cd (change directory) to the directory where wordpress is installed.
Use the chmod command with the -R recursive flag to change all directories and files to a value of 750. This will give the owner, you, full permissions, it will give the group, apache, write and execute permissions (note, we will remove the execute on files in the next step), and is give no permissions to anyone else.
- chmod -R 750 wordpress
Next we use a little gem of code I found on the net to change all the files ONLY to a new chmod value.
- find . -type f -exec chmod 640{} \;
- This finds all the files starting in the current directory and executes the chmod 640 on them.
There you have it. Now we have 750 protection on directories and 640 on files. The next step would be to set permissions on individual files on a case by case basis to support additional wordpress functionality. Note, you should always turn the permissions back when you are done using the functionality.

Changing file permissions

admin — Fri, 15 May 2009 15:18:31 +0000

Found this little nugget. It will change all the files from the current directory and any files in its subdirectories to the chmod value while leaving the chmod value of the directories in tact. Pretty sweet…

find . -type f -exec chmod 644 {} \;

chomod -linux change file permissions

admin — Fri, 15 May 2009 14:43:48 +0000

Changes the permission of a file.

Syntax

chmod [OPTION]… MODE[,MODE]… FILE…
chmod [OPTION]… OCTAL-MODE FILE…
chmod [OPTION]… –reference=RFILE FILE…

-c, –changes	like verbose but report only when a change is made
–no-preserve-root	do not treat `/’ specially (the default)
–preserve-root	fail to operate recursively on `/’
-f, –silent, –quiet	suppress most error messages
-v, verbose	output a diagnostic for every file processed
–reference=RFILE	use RFILE’s mode instead of MODE values
-R, –recursive	change files and directories recursively
–help	display this help and exit
–version	output version information and exit

Permissions
u - User who owns the file.
g - Group that owns the file.
o - Other.
a - All.
r - Read the file.
w - Write or edit the file.
x - Execute or run the file as a program.

Numeric Permissions:
CHMOD can also to attributed by using Numeric Permissions:

400 read by owner
040 read by group
004 read by anybody (other)
200 write by owner
020 write by group
002 write by anybody
100 execute by owner
010 execute by group
001 execute by anybody

Examples

The above numeric permissions can be added to set a certain permission, for example, a common HTML file on a Unix server to be only viewed over the Internet would be:

chmod 644 file.htm

This gives the file read/write by the owner and only read by everyone else (-rw-r–r–).

Files such as scripts that need to be executed need more permissions. Below is another example of a common permission given to scripts.

chmod 755 file.cgi

This would be the following 400+040+004+200+020+100+010+001 = 775 where you are giving all the rights but the capability for anyone to edit your file.cgi (-rwxr-xr-x).

Finally, another common CHMOD permission is 666, as shown below, which is read and write by everyone.

chmod 666 file.txt

chmod - Linux change permissions

admin — Fri, 15 May 2009 14:41:24 +0000

The read, write and execute permissions apply slightly differently to directories than they do to files. The read permission on a directory controls the ability to list the contents of that directory. In this example we’ll create a directory and place a blank file in it. We’ll then modify the permissions on the directory so the owner cannot see the contents.

$ mkdir secret_dir

$ touch secret_dir/my_secret.txt

$ ls secret_dir/

my_secret.txt

$ chmod u-r secret_dir/

$ ls secret_dir/

ls: secret_dir/: Permission denied

$ cd secret_dir/

$ ls

ls: .: Permission denied

$ cd ../

We see that we get a Permission denied error when trying to view the contents of the directory when the read permission has been revoked. Despite not being able to see what is in the directory we can still change our working directory to that directory.

The write permission on a directory behaves somewhat as expected. If a user has write on a directory they can create or remove files from that directory even if they are not the owner of the files. This is important to note as giving a user, group or other users write on a directory with other user’s files in it will allow them to delete other users files.

Now we’ll give read permissions back to the owner and revoke the execute permission:

$ chmod u+r secret_dir/ $ chmod u-x secret_dir/ $ ls secret_dir/ my_secret.txt $ cd secret_dir/ -bash: cd: secret_dir/: Permission denied

We can now view the contents of the directory again but look at what happened when we tried to cd into it! Not having the execute permission on a directory will prevent you from changing into that directory even though you can view the contents. It is understandable how this can cause some confusion.

Chmod and sticky bits

There are a few special permission mode settings that are worthy of noting. Note that the Set UID and Set GID permissions are disabled in some operating systems for security reasons.

Mode	Description
Sticky bit	Used for shared directories to prevent users from renaming or deleting each others’ files. The only users who can rename or delete files in directories with the sticky bit set are the file owner, the directory owner, or the super-user (root). The sticky bit is represented by the letter t in the last position of the other permissions display.
SUID	Set user ID, used on executable files to allow the executable to be run as the file owner of the executable rather than as the user logged into the system. SUID can also be used on a directory to change the ownership of files created in or moved to that directory to be owned by the directory owner rather than the user who created it.
SGID	Set group ID, used on executable files to allow the file to be run as if logged into the group (like SUID but uses file group permissions). SGID can also be used on a directory so that every file created in that directory will have the directory group owner rather than the group owner of the user creating the file.

The following example displays the SUID permission mode that is set on the passwd command, indicated by the letter s in the last position of the user permission display. Users would like to be able to change their own passwords instead of having to ask the System Administrator to do it for them. Since changing a password involves updating the /etc/passwd file which is owned by root and protected from modification by any other user, the passwd command must be executed as the root user.

The which command will be used to find the full path name for the passwd command, then the attributes of the passwd command will be listed, showing the SUID permission(s).

$ which passwd /usr/bin/passwd $ ls -l /usr/bin/passwd -r-s–x–x 1 root root 17700 Jun 25 2004 /usr/bin/passwd

Here we see not only that the SUID permissions are set up on the passwd command but also that the command is owned by the root user. These two factors tell us that the passwd command will run with the permissions of root regardless of who executes it.

These special modes can be very helpful on multi-user systems. To set or unset the sticky bit use the the t option with the chmod command. When setting the sticky bit we do not have to specify if it is for user, group or other. In the following example we will make a directory called public which anyone can write to but we’ll use the sticky bit to make sure only the file owners can remove their own files.

$ mkdir public $ chmod 777 public $ chmod +t public $ ls -l total 4 drwxrwxrwt 2 tclark authors 4096 Sep 14 10:45 public

We see that the last character of the permissions string has a t indicating the sticky bit has been set. We could also prefix the number 1 to the chmod command using the number to achieve the same results. The following chmod command will accomplish the same thing as the two chmod commands in the last example:

$ chmod 1777 public $ ls -l total 4 drwxrwxrwt 2 tclark authors 4096 Sep 14 10:45 public

Now let’s say we instead want to make a directory which other users can copy files but which we want the files to instantly become owned by our username and group. This is where the SUID and SGID options come in.

$ mkdir drop_box $ chmod 777 drop_box $ chmod u+s,g+s drop_box $ ls -l total 4 drwsrwsrwx 2 tclark authors 4096 Sep 14 10:55 drop_box

Now anyone can move files to this directory but upon creation in drop_box they will become owned by tclark and the group authors. This example also illustrates how you can change multiple levels of permissions with a single command by separating them with a comma. Just like with the other permissions this could have been simplified into one command using the SUID and SGID numeric values (4 and 2 respectively.) Since we are changing both in this case we use 6 as the first value for the chmod command.

$ chmod 6777 drop_box/ $ ls -l total 4 drwsrwsrwx 2 oracle users 4096 Sep 14 10:55 drop_box

chown - Linux command line tool to change the owner/group of a file

admin — Fri, 15 May 2009 14:39:11 +0000

chown

Changes the owner or the group the file is associated with.

Usage

chown [options] owner file-list
chown [options] owner:group file-list
chown [options] :group file-list

Keep in mind that only root can change the owner of a file and only a user who belongs to the new group can change the group a file is associated with (also root can do this).

The owner is the user who will be the new owner of the file-list.
The file-list are the files or file which is going to change its owner.

Options

-c

Displays a message for each fiel whose ownership or group is changed

–dereference

Changes the ownership/group of the files symbolic links point to, not the symbolic links themselves. The default is –no-dereference.

-f

Prevents chown from displaying error messages when it is unable to change the ownership/group of a file

-R

When you include directories in the file-list this options makes all the files in that directory to be affected by the commandExamples

chown jose:contabilidad /home/account/ -R

This is going to make all files inside /home/account/ and its subdirectories to belong to jose and to be associated with the group contabilidad.

SendMail Configuration on Linux

admin — Wed, 13 May 2009 20:30:32 +0000

http://www.linuxselfhelp.com/quick/sendmail.html

Configure Sendmail to use your ISP’s mail server

admin — Wed, 13 May 2009 20:20:23 +0000

On a local SMTP server I have for testing I need to use my isp’s mail server for sending emails. My provider, bellsouth, blocks port 25 so all mail has to be routed through their server. Apparently, they use IP based ACL’s so authentication is not required.

After moving my previously working SMTP mail server from an work location to my residence, I spend several days trying to figure out why my mail server no longer worked. Even though test through sendmail in verbose mode told me the email was going through, the qmail command told me that the connection timed out. Apparently, Bellsouth blocks port 25 and you must route email through their server. I was able to finally get it work by defining a SmartHost directive in the sendmail.mc, recompiling the sendmail file and restarting the sendmail service.

All it took was opening

/etc/mail/sendmail.mc

adding/changing:

define(`SMART_HOST',`[mail.bellsouth.net]‘)

and then reseeting the sendmail config via:

make -C /etc/mail service sendmail restart

Now any mail sent from my machine (system status, php’s mail function, etc) will be routed through my isp’s mail server.