Sunday, August 9, 2009

RHCE Tips: Samba (Part II)

This page has been moved to the new link.

RHCE Tips: Forgot Root Password? Follow this:

This procedure assumes you have console access, and are authorized to make changes to accounts on the machine, including root.

If you own the machine, you can boot into single user mode, and change the password, or create an account.

If using grub (you should see a blue bootup screen), press "a", "space", "1", "enter"
a 1
That will boot to single user mode.

Then you can change the root password

Then reboot Ctrl-Alt-Del

You should create user accounts other than root. Use the useradd command.
useradd someone
passwd someone

RHCE Tips : Samba

The page has been moved to this new link

RHCE Tips for X-Windows Issues?

You Completely Installed the Red Hat Enterprise Linux ES 4 on your System. While starting the system,it's giving an error to load X window System.

How will you fix that problem and make it boot successfully to run X Window Syste?.

Answer and Explanation:

While Problems occurred on booting System on Runlevel 5 (X Window).

1. /tmp is full or not

2. Quota is already reached

3. Video card or resolution or monitor is misconfigured.

4. xfs service is running or not.

Follow these Steps:

1. df -h /tmp /tmp is full remove the unnecessary file

2. quota username if quota is already reached remove unnecessary file from home directory.

3. Boot the System in runlevel 3. you can pass the Kernel Argument from boot loader.

4. Use command: system-config-display It will display a dialog to configure the monitor, Video card,resolution etc.

5. Set the Default Runlevel 5 in /etc/inittab id:5:initdefault:

6. Reboot the System you will get the GUI login Screen.

Note: at exam neither X window nor GNOME are installed at debug, you just have to do:


and use the system-config-display

Reboot the system

Saturday, August 8, 2009

How to Recover MySQL Root Password?

You can recover MySQL database server password with following five easy steps.

Step # 1: Stop the MySQL server process.

Step # 2: Start the MySQL (mysqld) server/daemon process with the --skip-grant-tables option so that it will not prompt for password

Step # 3: Connect to mysql server as the root user

Step # 4: Setup new root password

Step # 5: Exit and restart MySQL server

Here are commands you need to type for each step (login as the root user):
Step # 1 : Stop mysql service

# /etc/init.d/mysql stop

Stopping MySQL database server: mysqld.

Step # 2: Start to MySQL server w/o password:

# mysqld_safe --skip-grant-tables &

[1] 5988
Starting mysqld daemon with databases from /var/lib/mysql
mysqld_safe[6025]: started

Step # 3: Connect to mysql server using mysql client:

# mysql -u root

Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 1 to server version: 4.1.15-Debian_1-log

Type 'help;' or '\h' for help. Type '\c' to clear the buffer.


Step # 4: Setup new MySQL root user password

mysql> use mysql;
mysql> update user set password=PASSWORD("NEW-ROOT-PASSWORD") where User='root';
mysql> flush privileges;
mysql> quit
Step # 5: Stop MySQL Server:

# /etc/init.d/mysql stop

Stopping MySQL database server: mysqld
STOPPING server from pid file /var/run/mysqld/
mysqld_safe[6186]: ended

[1]+ Done mysqld_safe --skip-grant-tables

Step # 6: Start MySQL server and test it

# /etc/init.d/mysql start
# mysql -u root -p

How to change MySQL root password?

Setting up mysql password is one of the essential tasks. By default root user is MySQL admin account. Please note that the Linux / UNIX login root account for your operating system and MySQL root are different. They are separate and nothing to do with each other (indeed some admin removes root account and setup admin as mysql super user).

mysqladmin command to change root password

If you have never set a root password for MySQL, the server does not require a password at all for connecting as root. To setup root password for first time, use mysqladmin command at shell prompt as follows:

$ mysqladmin -u root password NEWPASSWORD

However, if you want to change (or update) a root password, then you need to use following command

$ mysqladmin -u root -p'oldpassword' password newpass

For example, If old password is abc, and set new password to 123456, enter:

$ mysqladmin -u root -p'abc' password '123456'

Change MySQL password for other user

To change a normal user password you need to type (let us assume you would like to change password for vivek):

$ mysqladmin -u vivek -p oldpassword password newpass

Changing MySQL root user password using MySQL sql command

This is another method. MySQL stores username and passwords in user table inside MySQL database. You can directly update password using the following method to update or change password for user vivek:

1) Login to mysql server, type following command at shell prompt:

$ mysql -u root -p

2) Use mysql database (type command at mysql> prompt):

mysql> use mysql;

3) Change password for user vivek:

mysql> update user set password=PASSWORD("NEWPASSWORD") where User='vivek';

4) Reload privileges:

mysql> flush privileges;
mysql> quit

This method you need to use while using PHP or Perl scripting

Granting Privileges to a Group via sudo

Let a set of users run commands as another user.

Define a Linux group containing those users:

Then create a sudo rule with the %groupname syntax:

# Let the group run a particular program:
%mygroup ALL = (root) /usr/local/bin/mycommand arg1 arg2
# Give full superuser privileges to the group
%mygroup ALL = (ALL) ALL

Howto setup Voice chat with Google talk user using Empathy

Empathy consists of a rich set of reusable instant messaging widgets, and a GNOME client using those widgets. It uses Telepathy and Nokia’s Mission Control, and reuses Gossip’s UI. The main goal is to permit desktop integration by providing libempathy and libempathy-gtk libraries. libempathy-gtk is a set of powerful widgets that can be embeded into any GNOME application.This packet contains the empathy IM application and account manager.
Install Required packages

First you need to edit the /etc/apt/sources.list file using the following command

sudo gedit /etc/apt/sources.list

add the one of the following lines

For Intrepid users

deb intrepid main
deb-src intrepid main

For Hardy users

deb hardy main
deb-src hardy main

Save and Exit the file.

Now you need to update the source list using the following command

sudo apt-get update

Install the required packages using the following command

sudo apt-get install empathy telepathy-gabble telepathy-mission-control telepathy-stream-engine telepathy-butterfly python-msn

This will complete the installation.

Using Empathy

You can start Empathy from Applications –> Internet –> Empathy Instant Messenger

Configure your gmail account with the following settings

1. In Empathy, Edit –> Accounts gtalk0 is checked

2. For Gtalk account you have to give Login ID

3. Server is:

4. Port is 5223, and

5. Use old ssl is checked

Setting up Subversion WebDAV on Fedora

To install subversion on Linux and make it available over Apache, I took the following steps:

Install subversion on Fedora

#yum install subversion

Install mod_dav_svn

yum install mod_dav_svn
Create the SVN Repository

mkdir /svn/repos
svnadmin create /svn/repos/sandbox
Change ownership of the folder to Apache

chown -R apache.apache /svn
Create /svn/repos/sandbox/svnauth file

user1 = rw
user2 = r

Here, user user1 will have read-write access while user user2 will have read-only access to the entire repository.
Create /svn/repos/sandbox/svnpass file

htpasswd -bcm /svn/repos/sandbox/svnpass user1 passwordUser1
htpasswd -bm /svn/repos/sandbox/svnpass user2 passwordUser2

htpasswd has the following usage

htpasswd [-cmdpsD] passwordfile username
htpasswd -b[cmdpsD] passwordfile username password

htpasswd -n[mdps] username
htpasswd -nb[mdps] username password
-c Create a new file.
-n Don’t update file; display results on stdout.
-m Force MD5 encryption of the password.
-d Force CRYPT encryption of the password (default).
-p Do not encrypt the password (plaintext).
-s Force SHA encryption of the password.
-b Use the password from the command line rather than prompting for it.
-D Delete the specified user.
On Windows, NetWare and TPF systems the ‘-m’ flag is used by default.
On all other systems, the ‘-p’ flag will probably not work.
Add the following to your apache config file

DAV svn
SVNPath /svn/repos/sandbox
AuthType Basic
AuthName "Subversion Repository"
AuthUserFile /svn/repos/sandbox/svnpass
Require valid-user
AuthzSVNAccessFile /svn/repos/sandbox/svnauth

Restart Apache

#service httpd restart

Now you can access the above repository using your browser. Simply visit You will be asked for username and password. Use one of the user names and passwords you used above. For example, user1 and passwordUser1.

RHCE Tips: Granting Privileges to a Group via sudo

Define a Linux group containing those users:

Then create a sudo rule with the %groupname syntax:

# Let the group run a particular program:
%mygroup ALL = (root) /usr/local/bin/mycommand arg1 arg2
# Give full superuser privileges to the group
%mygroup ALL = (ALL) AL

RHCE Tips: Limiting users of vsftp to only their home directory?

Yesterdays VSFTPD troubleshooting note (read as post) brought me back this question.

If you do not wish FTP users to be able to access any files outside of their own home directory, set up chroot jail.

For consider following example:

* Ftp username : user1
* FTP home directory: /home/user1

$ ftp


Connected to
220 (vsFTPd 2.0.5)
Name ( user1
331 Please specify the password.
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> pwd
257 "/home/user1"
ftp> cd /etc
250 Directory successfully changed.
ftp> ls
200 PORT command successful. Consider using PASV.
150 Here comes the directory listing.
150 Here comes the directory listing.
-rw-r--r-- 1 0 0 7959 Mar 02 22:20 Muttrc
drwxr-xr-x 3 0 0 4096 Jul 24 12:20 Wireless
drwxr-xr-x 16 0 0 4096 Jul 30 22:58 X11
drwxr-xr-x 4 0 0 4096 Sep 05 2005 Xprint
-rw-r--r-- 1 0 0 2188 Sep 05 2005 adduser.conf
-rw-r--r-- 1 0 0 47 Aug 16 14:52 adjtime
-rw------- 1 0 0 4330 Aug 18 2005 afick.conf
-rw-r--r-- 1 0 0 194 Sep 05 2005 aliases
-rw-r--r-- 1 0 0 12288 Jul 19 21:27 aliases.db
drwxr-xr-x 2 0 0 8192 Aug 15 09:33 alternatives

Now normal user can go to /etc directory (may be to all other directories) and if there is read only permission to sensitive files user can download the file via ftp.

To avoid this security problem you can lock ftp user in a jail.

Open vsftpd configuration file - /etc/vsftpd/vsftpd.conf
# vi /etc/vsftpd/vsftpd.conf

Make sure following line exists (and uncommented):

Save and close the file. Restart vsftpd.
# /etc/init.d/vsftpd restart

Now all users of VSFTPD/FTP will be limited to accessing only files in their own home directory. They will not able to see /, /etc, /root and /tmp and all other directories. This is an essential security feature.

Test Speed Connection Between Two Linux Machine

As a quick diagnostic tool, sometimes it’s nice to know exactly how fast two machines can (theoretically) be connected. I was having some slow downs on my NAS and using these command line tools, was able to determine that it was my NIC (and not my hard drives) that was causing the slow down. I learned this from a thread at slashdot.

Installing pv and nc

$ sudo apt-get install pv

Once you have nc and pv installed, it’s really simple. On one machine, run the following command:

$ nc -ulp 5000 > /dev/null

On the second machine run the following command (you need the IP address of the first machine):

$ pv < /dev/zero | nc -u ip.addy.of.other.machine 5000 And you should get some output with a little <=> sign moving across the screen that resembles this (static):

1.15GB 0:00:19 [ 218MB/s] [ <=> ]

This will show you the number of MB/s the connection is averaging; if you watch if for a bit, you can get an idea of where things stand. Here are some of the results I got between my RedHat, Fedora and Ubuntu Machines:

localhost: 218MB/s
gigabit Ethernet: 143MB/s
100MB ethernet: 11.5MB/s
wireless (poor connection): 141kB/s

RHCE Tips: Command to display all users on your system

If you want to display all the users on your Linux Box, just run this command:

#cat /etc/passwd |grep "/home" |cut -d: -f1

Thursday, August 6, 2009

How to Upgrade Ubuntu 8.10 to 9.04 Jaunty

This tutorial will explain how to Upgrade Ubuntu 8.10 (Intrepid Ibix) to Ubuntu 9.04 (Jaunty Jackalope) released on the 23rd April 2009.

Important Notes Before Upgrade

1.Take a complete Back up all your data. There is no guarantee that all will go well.

2.You can only directly upgrade to Ubuntu 9.04 from Ubuntu 8.10

3.Before upgrading it is recommended that you read the release notes for Ubuntu 9.04, which document caveats and workarounds for known issues in this version.

4.Be sure that you have all updates applied to Ubuntu 8.10 before you upgrade Procedure to follow

Run this command on your CLI:

1. ssh

2. Run `apt-get update`

3. Run `apt-get upgrade`

4. Run `apt-get install update-manager-core`

5. Edit /etc/update-manager/release-upgrades and change prompt method to normal

6. Run `do-release-upgrade`

Once you run through the do-release-upgrade utility it will reboot the server. Once it comes back up your release should be 8.10. You can verify this by running `lsb_release -a` as root and you should see the following:

No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 8.10
Release: 9.04
Codename: Jaunty Jackalope
Hope You have "Jaunty" running on your Box.

RHCE Tips:How do I configure sendmail to route mail to specific hosts?

Sendmail is a popular mail server which comes by default with Red Hat Linux. For Ubuntu OS, you will have to install it through:
$sudo apt-get install sendmail

Wait and let machine do rest of the stuffs.

Configure sendmail to route mail to specific hosts:

This can be accomplished by adding appropriate entries to the /etc/mail/mailertable file.
This file allows you to specify a domain, and where you want all email for that domain sent to.

In the example below, all email destined for will be automatically forwarded to a mail server that resolves to backend.mail.server. Additionally, all email received from the network will be forwarded to a mail server that resolves to outbound.mail.server.

/etc/mail/mailertable smtp:backend.mail.server192. smtp:outgoing.mail.server

After your modifications to /etc/mail/mailertable are complete you will need to run the following command:

#makemap hash /etc/mail/mailertable.db < /etc/mail/mailertable Restart sendmail: #service sendmail restart

Thats it. Now sendmail is ready to route your mail to specific hosts preventing other machines to receive the same.

Happy Mailing.

RHCE Tips: How to filter content through Squid Server?

For security and to save bandwidth I would like to configure Squid proxy server such way that I do not want my users to download all of the following files:

How do I configure squid content filtering?

A. You can use squid ACL (access control list) to block all these files easily.

How do I block music files using squid content filtering ACL?

First open squid.conf file /etc/squid/squid.conf:

# vi /etc/squid/squid.conf

Now add following lines to your squid ACL section:

acl blockfiles urlpath_regex "/etc/squid/blocks.files.acl"

You want display custom error message when a file is blocked:

# Deny all blocked extension

deny_info ERR_BLOCKED_FILES blockfiles http_access deny blockfiles

Save and close the file.

Create custom error message HTML file called ERR_BLOCKED_FILES in /etc/squid/error/ directory or /usr/share/squid/errors/English directory.

# vi ERR_BLOCKED_FILES Append following content:

start with html tag:
File is blocked due to new policy
Phone: 555-12435 (ext 44)

Caution: Do not include HTML close tags as it will be closed by squid.

Now create /etc/squid/blocks.files.acl file:

# vi /etc/squid/blocks.files.acl

Append following text:

Save and close the file.

Restart Squid:
# /etc/init.d/squid restart

Run Internet Explorer on Ubuntu Linux

You have to enable universe packages first. It is also recommended that you use the official winehq ubuntu package:

1) Open a terminal

2) Open /etc/apt/sources.list

$sudo gedit /etc/apt/sources.list

3) Uncomment (or add) following lines:

deb edgy universe

4) Add this line:

deb edgy main

5) Close gedit. Update and install wine and cabextract:

$wget -q -O- sudo apt-key add -

$sudo apt-get update

$sudo apt-get install wine cabextract

6) Download IEs 4 Linux and install


$tar zxvf ies4linux-latest.tar.gz

$cd ies4linux-*./ies4linux

Note for Dapper users:

if you use ubuntu dapper, replace edgy with dapper on lines above. Note for Feisty users (7.04): if you use ubuntu Feisty, replace edgy with feisty in the lines above. Also replace gedit with kedit

if running Kubuntu instead of Ubuntu.

For "Fiesty" K/Ubuntu Users (and 64-bit "Fiesty):

How to setup Nginx WebServer on Linux?

I wasn’t happy with Apache Memory footprint and low stability. I was looking out for some good lightweight webserver and then some colleague suggested me to use Nginx. After struggling for couple of days, finally I was successful in setting up LEMP on Linux.

This Howto is all about setting up Nginx with PHP, MySQL and FastCGI.So Lets Start:

Installing Nginx from Source?

If you use Debian-based distributive as usual you can use command:

$ sudo apt-get install nginx

For Other Linux Flavours,

$ cd ~/user$mkdir server
$cd server

Unpack archives:

$ tar xvf nginx-0.7.59$ cd nginx-0.7.59

You must have C compiler to compile a program. If you don’t have please do the next:

$sudo aptitude install build-essential
$sudo aptitude install linux-headers-`uname -r



In the end, 100% you’ll have the next messages:

./configure: error: the HTTP rewrite module requires the PCRE library.You can either disable the module by using --without-http_rewrite_moduleoption, or install the PCRE library into the system, or build the PCRE librarystatically from the source with nginx by using --with-pcre= option. It’s normal, you can’t have all the libraries on your computer. We can install it.

$sudo aptitude install libpcre3 libpcre3-dev libpcrecpp0 libssl-dev zlib1g-dev

Start to compile it once again

$sudo make clean
$sudo ./configure --with-http_ssl_module
$sudo make
$sudo make install

Now, everything will be ok and server will be installed in your system. If you want you can change some default options doing command “./configure” for example:

- to set the directory where the server files will be located. This directory will be used for all ways you’ll set by command “./configure” and in configuration file nginx.conf too. Default it’s /usr/local/nginx.

- to set the name of the Nginx executive file. This name is used just for stage of installing. Default it’s /usr/local/nginx/sbin/nginx.

- to set the name for the nginx.conf configuration file. In any time you can run Nginx with another configuration file which will be located in another directory with option “-c “. Default it’s /usr/local/nginx/conf/nginx.conf

- to set the name for PID file. But after installing of the server in any time you can change the name in the nginx.conf configuration file. Default it’s /usr/local/nginx/logs/

--error-log-path=- to set the name for the error log file. After installing you can change the name in the nginx.conf configuration file. Default it’s /usr/local/nginx/logs/error.log

- to set the name for the access.log file. Access.log:it’s the file for registration of requests from the server. Default it’s /usr/local/nginx/logs/access.log.

How do I manage the server?

If you did’t change the default directories when you were installing the server, you can run the server by command:

$sudo /usr/local/nginx/sbin/nginx

Check the server.
ps -ef grep nginx

root 14999 1 0 16:44 ? 00:00:00 nginx: master process /usr/local/nginx/sbin/nginx
nobody 15000 14999 0 16:44 ? 00:00:00 nginx: worker process
booch 15084 29644 0 16:45 pts/0 00:00:00 grep nginx

Great! Now you can open your browser and put http://localhost/
If server works you’ll see “Welcome”

Shutting down the server is possible by sending QUIT signal to the master process.

$kill -QUIT
Upgrading the server in the work process is possible by sending USR2 signal to the master process.

$kill -USR2
If you have already changed some options in the nginx.conf and you want to apply it you have to send HUP signal to the master process.

$kill -HUP
Log rotation. All log files have to be renamed, after this USR1 signal has to be sent to the master process. The master process will open all opened files once again and set them as unprivileged user. All worker processes work under this user. After successful opening master process will close all opened files and will send messages to worker processes to reopen files too. They also will open new files and in the same time will close all old files. In result all old files will be ready for further processing, for example, to compress them.

$kill -USR1

Important Signals:

QUIT - normal shut down
TERM, INT - fast shut down
HUP - reconfiguration, update the changed time zone, launch of new worker processes with the new configuration, normal shut down of worker processes.
USR1 - to reopen log files
USR2 - to upgrade executive file
How to run web site on the server?

Let’s start to do our server. We have to create new user (www), new group (www) and new structure for the site. Let’s begin from the group.

$sudo groupadd www

New user

$sudo useradd www -g www

Add www user to www group.

$sudo usermod -a -G www

Create password for www user.

$sudo passwd www

Let’s create a structure for the web site. I think it will be like this.

$sudo mkdir /home/www/
$sudo mkdir -p /home/www/{log, private, public, backups, archives, stats}

log - directory for log files
private - private data
public - directory for the site
backups - directory for backup data
stats - directory for stats
archives - for archives

Please, be attentive with the rights. For all directories it’s (rw+r+r), and for public it’s (rwx+r+r).And now you have to correct configuration file nginx.conf

$sudo nano /usr/local/nginx/conf/nginx.conf

#useruser www;
#numbers of work process
worker_processes ;
#address of PID file
pid /home/www/; events
worker_connections ;
include mime.types;
default_type application/octet-stream;
#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';
sendfile on;
tcp_nopush on;
#keepalive_timeout ;
keepalive_timeout ;
gzip on;
gzip_min_length ;
gzip_buffers k;
gzip_types text/plain;
gzip_comp_level ;
gzip_proxied any;
#configure the virtual hostserver
#port listen *:;
#name of server server_name localhost;
#coding charset utf-;
#it's general directory, when will be site
root /home/www/;
#LOGS #------------------------------------------------------------------
access_log /home/www/;
error_log /home/www/;
access_log /home/www/;
#files which server will read in the general directory location /
root /home/www/;
index index.html index.htm index.php;
error_page /.html;
# redirect server error pages to the static page /x.html
# error_page /x.html; location = /x.html { root html; }
# proxy the PHP scripts to Apache listening on ...:
#location ~ \.php$
# proxy_pass http://...;
# pass the PHP scripts to FastCGI server listening on ...:
#location ~ \.php$
# root html;
# fastcgi_pass ...:;
# fastcgi_index index.php;
# fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
# include fastcgi_params;
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#location ~ /\.ht {
# deny all;
# another virtual host using mix of IP-, name-, and port-based configuration
#server {
# listen ;
# listen somename:;
# server_name somename alias another.alias;
# location / {
# root html;
# index index.html index.htm;
# HTTPS server
# listen ;
# server_name localhost;
# ssl on;
# ssl_certificate cert.pem;
# ssl_certificate_key cert.key;
# ssl_session_timeout m;
# ssl_protocols SSLv SSLv TLSv;
# ssl_prefer_server_ciphers on;
# location / {
# root html;
# index index.html index.htm;

It’s enough to run the html site on the server. But, please, don’t delete another options, you’ll need it in the future.
Remember, if you want to use another nginx.conf file, you can run server using option “-c”

sudo /usr/local/nginx/sbin/nginx -c /home/user/nginx.conf

Let’s run the server

sudo /usr/local/nginx/sbin/nginx

If everything is ok, you’ll see the server is in the process.

ps -ef grep nginx
root 7146 1 0 02:19 ? 00:00:00 nginx: master process /usr/local/nginx/sbin/nginx
www 7147 7146 0 02:19 ? 00:00:00 nginx: worker process
www 7148 7146 0 02:19 ? 00:00:00 nginx: worker process

Great. It works. The master process has root rights and worker processes have rights from the www user. So, now you can put html page index.html into the /home/www/ directory. Then, please, open browser and print http://localhost You’ll see your site.