≡ Menu

yum

An updated autofs package that fixes a bug is now available. The autofs utility controls the operation of the automount daemon, which automatically mounts, and then unmounts file systems after a period of inactivity. File systems can include network file systems, CD-ROMs, diskettes, and other media.

How do I update my autofs package?

Simply type the following command:
# yum update

This is a user contributed tutorial.

ProFTPD is an enhanced, secure and highly configurable FTP server. Its configuration syntax is very similar to apache web server. It offers several functionalities such as:
+ multiple virtual server
+ anonymous
+ authenticated access
+ chroot jail support
+ SSL/TLS encryption
+ RADIUS, LDAP and SQL support etc

Install ProFTPD server

Type the following command as root user:
# yum install proftpd
Start ProFTPD when the system reboot:
# chkconfig --level 3 proftpd on
To start proftpd ftp service, enter:
# service proftpd start
To Stop proftpd ftp server, enter:
# service proftpd stop
To restart proftpd ftp service, enter:
# service proftpd restart
To reload the configuration file, enter:
# service proftpd reload

/etc/proftpd.conf - Proftpd configuration file

The default configuration file is located at /etc/proftpd.conf. To edit the configuration file, enter:
# vim /etc/proftpd.conf
Checking the syntax of the configuration file
# proftpd -t6

Virtual users authentication configuration

When you install ProFTPD, it is almost ready to use by anonymous users, you only have to uncomment anonymous section in /etc/proftpd.conf but if you want authenticated access then you must configure extra directives, keep in mind these to virtual users authentication.

  • AuthUserFile : Specify the users file, has the same format as /etc/passwd
  • AuthGroupFile : Specify the groups file, has the same format as /etc/group

Open /etc/proftpd.conf file:
# vi /etc/proftpd.conf
These files can be created with ftpasswd tool, here is an example:
# ftpasswd --passwd --name {username} --file /etc/ftpd.passwd --uid {5000} --gid {5000} --home /var/ftp/username-home/ --shell /bin/false
# ftpasswd --group --name group1 –file /etc/ftpd.group --gid 5000 --member username

For example, add a ftp user called tom for cyberciti.biz domain (ftpcbz group):
# ftpasswd --passwd --name tom --file /etc/ftpd.passwd --uid 5001 --gid 5001 --home /var/ftp/tom/ --shell /bin/false
# ftpasswd --group --name ftpcbz –file /etc/ftpd.group --gid 5000 --member tom

Then the above directives must be set in this way :

AuthUserFile	/etc/ftpd.passwd
AuthGroupFile	/etc/ftpd.group

Warnings! The created user must have UNIX permission under his home directory.

The value of --shell option must be set to /bin/false if you want to improve the security of the FTP server.

Sometimes ProFTPD throws many errors when you try to authenticated trough virtual users then you must look these directives and theris recommend values.

Don't check against /etc/shells
RequireValidShell off
Don't check against /etc/passwd, use only AuthUserFile
AuthOrder mod_auth_file.c.
Disable PAM authentication
PersistentPasswd off
AuthPAM off

To jail users to theirs respective home directories, add following to config file:
DefaulRoot ~

Playing with files access permission

The general syntax is as follows:
Umask FILEMODE DIRMODE.

Sets the mask of the newly created files and directories. FILEMODE and DIRMODE must be an octal mode, in the format 0xxx. If DIRMODE is omitted then DIRMODE = FILEMODE.

Some examples:

Umask 022

  • The owner has rw permissions over the files and full access over directories.
  • The group has r permission over the files and rx over directories.
  • The world has r permission over the files and rx over directories.

More restrictive:
Umask 026 027

  • The owner has rw permissions over the files and full access over directories.
  • The group has r permission over the files and rx over directories.
  • The world doesn't have any permission over the files neither over directories.

To Deny every one except admin changes files permission via ftp put this in your context:

AllowUser admin
DenyAll

Firewall Configuration - Open FTP port

See FAQ section for further details on iptables configuration.

Further readings:

  1. Proftpd project
  2. ProFTPD unofficial documentation

This article / faq is contributed by Yoander Valdés Rodríguez (yoander). nixCraft welcomes readers' tips / howtos.

Red Hat Enterprise Linux 5.2 Released

Red Hat enterprise Linux version 5.2 has been released and available via a Red Hat Network subscription. This update brings broad refresh of hardware support and improved quality, combined with new features and enhancements in areas such as virtualization, desktop, networking, storage & clustering and security.

Virtualization of very large systems, with up to 64 CPUs and 512 GB of memory, is now possible. Virtualization support for NUMA-based architectures is provided, as well as security, performance, manageability and robustness improvements. CPU frequency scaling support for virtualized environments also allows for reduced power consumption.

Red Hat Enterprise Linux 5.2 provides enhanced capabilities for several hardware architectures, covering x86/x86-64, Itanium, IBM POWER and IBM System z, which provide improved performance, power usage, scalability and manageability. For example, support for Intel's Dynamic Acceleration Technology permits power saving by quiescing idle CPU cores, and offers performance gains by potentially overclocking busy cores within safe thermal levels. Other hardware enhancements include extensive device driver updates, covering storage, network and graphics devices, and certification of IBM's new Cell Blade systems.

Red Hat Enterprise Linux becomes a certified operating system for IBM's new high-performance blade server based on Cell Broadband Engine (Cell/B.E) Architecture.

Desktop version includes latest cutting edge softwares:

  • Evolution 2.12.3
  • Firefox 3
  • OpenOffice 2.3.0
  • Thunderbird 2.0

Red Hat Cluster Suite, which is included in Red Hat Enterprise Linux 5 Advanced Platform, now has a Resource Event Scripting Language that enables sophisticated application failover capabilities. It also newly supports SCSI-3 reservation fencing support for active/active and active/passive DM/MPIO (multipathing), which widens the range of storage devices that can be used in clusters.

Improved iSCSI support allows users to set-up diskless systems with a root volume on the iSCSI server, a common requirement in high-density Blade environments.


How do I upgrade my system?

First, make sure you backup existing configuration and data. Next, simply type the following two commands:
# yum update
# reboot

Verify that everything is working fine including all services:
# netstat -tulpn
# netstat -nat
# tail -f /var/log/messages
# egrep -i 'error|warn' /var/log/messages
# egrep -i 'error|warn' /path/to/apps/log/file

Alternatively, you can click on the "Red Hat Network Alert Notification GUI Tool" - which is a notifier that appears on the panel and alerts users when software package updates are available for the systems. This is point and click method.

If you are CentOS Linux user wait for some time to get all updates. More information available at Red Hat web site.

If rpm / yum command hangs during operations or you see error messages - it means your rpm database corrupted. /var/lib/rpm/ stores rpm database just delete the same and rebuild rpm database:

Command to rebuild rpm database

rm -f /var/lib/rpm/__db*
rpm --rebuilddb

Read rpm / yum man pages for more information

If you are using hot swappable hard disk and created new partition using fdisk then you need to reboot Linux based system to get partition recognized. Without reboot you will NOT able to create filesystem on your newly created or modified partitions with the mke2fs command.

However with partprobe command you should able to create a new file system without rebooting the box. It is a program that informs the operating system kernel of partition table changes, by requesting that the operating system re-read the partition table.
[click to continue…]