SUID flag of a file magically disappeared

Posted in Uncategorized on June 22nd, 2011 by Johan Huysmans – Comments Off

If you set a SUID flag on a file, this flag will disappear when the ownership (user or group) is changed of that file!

Let me show you:

[root@raskas ~]# touch test
[root@raskas ~]# ll test
-rw-r--r-- 1 root root 0 2011-06-22 17:10 test
[root@raskas ~]# chmod u+s test
[root@raskas ~]# ll test
-rwSr--r-- 1 root root 0 2011-06-22 17:10 test
[root@raskas ~]# chown johan:johan test
[root@raskas ~]# ll test
-rw-r--r-- 1 johan johan 0 2011-06-22 17:10 test
[root@raskas ~]# chmod u+s test
[root@raskas ~]# ll test
-rwSr--r-- 1 johan johan 0 2011-06-22 17:10 test
[root@raskas ~]# chown root:root test
[root@raskas ~]# ll test
-rw-r--r-- 1 root root 0 2011-06-22 17:10 test
[root@raskas ~]#

Heartbeat v3. resource-stickiness

Posted in Linux SysAdmin on May 4th, 2011 by Johan Huysmans – 3 Comments

We are running a heartbeat cluster with several resource groups. One of these groups is depending on a drbd disk which is configured as a master/slave resource.
Everything was working fine with heartbeat v3.0.1 and pacemaker v1.0.7…

Until we upgraded to heartbeat v3.0.3 and pacemaker v1.1.5.
When we tried to swap the resource group depending on the drbd disk, the resource group was stopped but the drbd master / slave resource refused to demote the current master.
Resulting in the unavailability of the resource group.

Mentioning this problem on #linux-ha they pointed me to resource-stickiness in the configuration.

In our configuration the resource-stickiness is set to INFINITY, we have configured it like that because we only want resources to swap during a failure or when manually requested, in all other cases the resource should remain on the node where it currently is. This is not the case when the resource-stickiness is not configured.

Apparently setting it to INFINITY was a bit radical, setting the resource-stickiness to 1000 is sufficient. The resources only swaps during a failure or manually triggered and the drbd master / slave resources follows the resource group using it.

SSH known host management

Posted in Linux SysAdmin on September 27th, 2010 by Johan Huysmans – 4 Comments

When you frequently connect to ssh servers with changed RSA keys (reinstall, change ip, …) you will know this annoying message:

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
ea:34:84:3f:f3:1e:74:78:7e:f7:5f:4d:a3:5d:3d:9f.
Please contact your system administrator.
Add correct host key in /home/johan/.ssh/known_hosts to get rid of this message.
Offending key in /home/johan/.ssh/known_hosts:187
Password authentication is disabled to avoid man-in-the-middle attacks.
Keyboard-interactive authentication is disabled to avoid man-in-the-middle attacks.
X11 forwarding is disabled to avoid man-in-the-middle attacks.
Permission denied (publickey,gssapi-with-mic,password).

After this message you have to remove line 187 from your .ssh/known_hosts file and perform the ssh command again.

If you want to get rid of this message and the altering of the known_hosts file you can add following ssh options to the .ssh/config file:

StrictHostKeyChecking no
UserKnownHostsFile /dev/null

Adding Local Folders in Thunderbird

Posted in General on December 5th, 2009 by Johan Huysmans – Comments Off

Thunderbird has something called “Local Folders”.
What Local Folders are is described here: http://kb.mozillazine.org/Local_Folders

This webpage however doesn’t explain how to add an extra set of Local Folders.
This is how you can create them.

Open prefs.js with your favorite editor. This file is located inside the profile directory in you thunderbird hidden directory.
Don’t change this file when thunderbird is running.
the serverX and accountX must be unique and could be different on your system

Search for the section defining the existing “Local Folders”, this looks something like this:
user_pref("mail.server.server3.directory", "/home/johan/.thunderbird/pd19vach.default/Mail/Local Folders");
user_pref("mail.server.server3.directory-rel", "[ProfD]Mail/Local Folders");
user_pref("mail.server.server3.hostname", "Local Folders");
user_pref("mail.server.server3.name", "Local Folders");
user_pref("mail.server.server3.type", "none");
user_pref("mail.server.server3.userName", "nobody");

Copy those lines and edit them to your needs:
user_pref("mail.server.server4.directory", "/home/johan/.thunderbird/pd19vach.default/Mail/new_local_folders");
user_pref("mail.server.server4.directory-rel", "[ProfD]Mail/new_local_folders");
user_pref("mail.server.server4.hostname", "New Local Folders");
user_pref("mail.server.server4.name", "New Local Folders");
user_pref("mail.server.server4.type", "none");
user_pref("mail.server.server4.userName", "nobody");

Also add following line:
user_pref("mail.account.account4.server", "server4");

And edit following line:
user_pref("mail.accountmanager.accounts", "account1,account2,account3,account4");

When the changes are made in the prefs.js you can create the new defined local folders. A subdirectory has to be created otherwise it won’t show up in Thunderbird.
mkdir /home/johan/.thunderbird/pd19vach.default/Mail/new_local_folders
mkdir /home/johan/.thunderbird/pd19vach.default/Mail/new_local_folders/Inbox
touch /home/johan/.thunderbird/pd19vach.default/Mail/new_local_folders/Inbox.msf

If everything goes well the new defined local folders directory appears when you open thunderbird.

Apt-rpm dependency problem

Posted in Linux SysAdmin on August 12th, 2009 by Johan Huysmans – Comments Off

When installing some rpm’s on a CentOS5 system I encountered a dependency problem.

Apt told me that it depends on a specific file which isn’t provided by any package in the repository. After some investigation I noticed that the rpm WAS available in the repository, and that yum correctly found that package.

The problem was that the specific file needed by the package was a symlink provided by the other package. The symlink file is known by the rpm (rpm -ql /path/to/file gives the rpm) but isn’t know by apt.

Instead of running genbasedir with the location of the repository as only argument, add the –bloat argument.

genbasedir --bloat /path/to/repository

This will solve the problem!


I noticed this problem during the installation of redhat-lsb on a very minimal CentOS5 system. redhat-lsb requires 2 files (which are symlinks), these files are provided by… redhat-lsb itselve…

If you didn’t use the –bloat argument the redhat-lsb package couldn’t be installed with apt, it could be installed with yum or rpm.

mv inuits pinuits

Posted in General on April 1st, 2009 by Johan Huysmans – 1 Comment

Today is announced that Inuits is rebranded to Pinuits.

This change happened to line up with other MySQL consultancy companies, but the P also points to strong focus on Puppet, aPache, Php, Perl, Python, druPal and many other Open-Source Tools.

More information can be found on: http://www.pinuits.be

syslog-ng bug

Posted in Linux SysAdmin on March 19th, 2009 by Johan Huysmans – Comments Off

Today I stumpled upon a syslog-ng bug.

We are using syslog-ng-2.1.3 on one of our machines which sends part of his messages over UDP to 2 syslog machines. On some days we noticed that syslog-ng and some other services are stopped. Restarting syslog-ng showed us that they were killed by the OOM-killer.
I directly suspected the java process that was also running on that machine.

After googling around I found this syslog-ng bug: https://bugzilla.balabit.com/show_bug.cgi?id=39

And indeed, we had the same problem. This is how I could reproduce it:

  • Stop the syslog service (on the host which receives the messages)
  • Restart syslog-ng
  • Watch the memory usage of syslog-ng growing until it starts swapping and triggers the OOM-killer

Luckily this bug is already solved, and by upgrading to syslog-ng-2.1.4 the problem is fixed.

CentOS doesn’t provide the rpm packages of syslog-ng, silfreed.net does: http://www.silfreed.net/download/repo/

Ubuntu Intrepid Ibex

Posted in Fedora, Ubuntu on November 7th, 2008 by Johan Huysmans – 1 Comment

Last week a new version was released of Ubuntu, 8.10 aka Intrepid Ibex. It’s already installed on my laptop and it’s looking nice!

The installer still doesn’t support LVM. To be able to install Ubuntu on my LVM partitions I had to follow the steps described in one of my previous posts.

Previously I installed the i386 bit version of distributions on my laptop although it is a x86_64 system. But this time I went for the amd64 version.

You can check if you really have a 64bit processor by checking if there is a “lm” flag for your processor:
$ cat /proc/cpuinfo | grep lm

Using the 64bit version gave some problems, but they are all fixed now:

thunderbird-lightning

The lightning plugin you can download from the add-ons site of thunderbird is the i386 version which doesn’t work with a x86_64 thunderbird. Ubuntu provides a lightning package but this contains some old version. Luckily you can find the x86_64 xpi here: http://releases.mozilla.org/pub/mozilla.org/calendar/lightning/releases/0.9/contrib/linux-x86_64/

sun javaws

The sun javaws isn’t available for x86_64. The openJDK version is available but not all java applications work with that Java WebStart. You can manually install the i386 version of sun-java6-bin:
sudo apt-get install ia32-sun-java6-bin
You can now find the working javaws in following directory: /usr/lib/jvm/ia32-java-6-sun-1.6.0.10/bin/javaws

BTW … Fedora 10 will be released in 18 days

Input/Output redirection, appending

Posted in Linux SysAdmin on August 15th, 2008 by Johan Huysmans – Comments Off

In a previous post I wrote about output redirection of STDOUT, STDERR and both to a file. Off course you can do the same to append to an existing file:

ls >> output.txt
ls 2>> error.txt

If you try this with &>> you will receive a bash syntax error:

ls &>> output_and_error.txt
bash: syntax error near unexpected token `>'

How come appending of both STDOUT and STDERR to a file does not work this way? Is this a bug in bash?
Yes, I know I can use the following, but I prefer the &>>:
ls 1>> output_and_error.txt 2>&1

And how come I can’t find a bugzilla for bash?
Yes, I know I can use the command bashbug to send a mail to a mailinglist, but this is not the same as bugzilla.

Installing Ubuntu

Posted in Fedora, Linux SysAdmin on July 18th, 2008 by Johan Huysmans – 3 Comments

This week I reinstalled one of my Fedora machines with an Ubuntu 8.04. Not that I don’t like Fedora anymore but just because I want something new.

One of the big annoyancies I noticed during the installation was that it didn’t recognize my lvm partitions. And I really need that, as my home and root partition are on lvm and I didn’t want to repartition my complete drive.

Luckily I found some explanation for lvm support during the installation. This is the summary of the actions you need to perform.

Become the root user:
ubuntu@ubuntu:~$ sudo -i

Load the dm-mod module:
root@ubuntu:~# modprobe dm-mod

Install the lvm2 package on the live system:
root@ubuntu:~# apt-get install lvm2

Activate the logical volumes of your volumegroup
root@ubuntu:~# lvchange -a y <volgroup name>

At this moment you can perform a normal installation, your existing logical volumes will be recognized and can be used during installation.
After the complete installation process you have to install lvm support for you new installation.

Mount the partitions of your new installation:
root@ubuntu:~# mount /dev/volgroup/root /mnt
root@ubuntu:~# mount /dev/sda1 /mnt/boot
root@ubuntu:~# mount -o bind /dev /mnt/dev

Chroot into your new installation:
root@ubuntu:~# chroot /mnt

Install the lvm2 package:
root@ubuntu:~# apt-get install lvm2

You can now exit your chroot environment and reboot your machine. If everything is OK, you can boot your fresh ubuntu installation.

« Older Entries