I have an older laptop that I bring to conventions when I'm a department head (Sales to Members at Anime Los Angeles; Charity Auction Check-in at Gallifrey One) and it's running and older version of Fedora Linux. I've stayed with Fedora 14 mainly because I don't like the new desktop software that comes with Gnome 3. Maybe I'm a traditionalist and I like my desktop icons and drop down menus. I also like having all my applications organized by categories that are easy to find. Office apps here, network apps there, games clustered there... And my most used apps on the task bar so I don't have to go into the menus to launch them. But I need to bite the bullet sooner or later so I'm going to upgrade the older laptop first as a test.
The first thing I did was to save a disk image to an external hard-drive just in case something goes horribly wrong. I used CloneZilla to do the work since it works kind of like Symantec Ghost (which doesn't support Linux as well as it used to and can't write disk images to ext2/ext3/ext4 filesystems which are better anything by Microsoft - IMHO). CloneZilla is a front end for PartImage, a utility to backup disk paritions, that also saves the partition layout and then optionally compresses the partition images. CloneZilla will also verify that the images are restorable so you don't end up with junk when you need to restore. Unlike Ghost, CloneZilla/PartImage does not allow for single file restores which is a shame because I liked that feature. I guess I will have to brush off my C programming skills and try to add this feature. It will also make it possible to do differential backups so the entire partition image need not be backed up, just the differences.
Once upon a time I created a Ghost image of a system and then made changes that needed to be rolled back. When I found out that the changes made the system fail I just pulled out the Ghost image and started the restore... Until Ghost found corruption in the image. This was not good. I had to find an older Ghost image and restore from that, followed by making the changes to the point where I started. This was a waste of time and reminded me to ALWAYS CHECK THE BACKUP before proceeding with anything. I also ALWAYS CHECK THE RAM before I proceed with a new or upgraded system. Bad memory can bring a system down. I've encountered that before, too.
I digress. After backing up the hard drive I switched to root and installed the utility to upgrade the the software, called preupgrade. The command looks like:
yum install preupgrade
and it takes a few minutes to download depending on the speed of the connection and what other software is installed. Since I had my other laptop (see my first post for details) running and accessing the 'net on my now slower connection (money is tight, something has to give) what should have been a 2 minutes download took about 5 minutes. When preupgrade was installed I decide that now was the time. I ran the utility and selected to go up one version only (from Fedora 14 to 15) to be safe. I've heard horror stories of people trying to go up by 3 or more versions, only to have the system rendered unusable. Even though I had a backup, I'm a tad shy about some things. I let this run while I was doing work in the yard (weeds getting taller than my dog, a toy poodle) and continued while I was on a phone interview. The longest step was the download of the new packages because there is a lot changing. When the download was complete the utility moved to the last steps that set the next boot to install everything that was just downloaded.
Time was running out. I had to get a shower (remember, outside in the yard with weeds and HEAT) and change clothes before driving over to the school to pick up my stepson. I clicked on reboot and it was off. I had a little moment of panic when nothing happened on the screen but there was a flurry of activity on the harddrive. Then the screen came up that showed the new packages being intalled. When I walked out it was about 90% complete. It should be done by now but I won't know until I'm home. I really doubt that anything horrible happened to the upgrade process, unless the hardware fails...
(Later) No hardware failures! The install completed and the system automatically rebooted. When I logged in I did receive a message that my graphics hardware does not support the new desktop effects. No big loss. I started the process to go to the next version (Fedora 16) and it should be done by the time I get home from the PTA meeting and then LASFS.
Once I am done with the final upgrade I will see just how much I need to adjust to the new look and feel before making the decision to upgrade my main laptop.
-----
Resources:
Fedora Linux: http://fedoraproject.org
Gnome Desktop environment: http://www.gnome.org
Laptop: Toshiba Satellite
CloneZilla: clonezilla.org
PartImage: www.partimage.org
-
toy poodle: http://en.wikipedia.org/wiki/Poodle
Bret Harte Elementary PTA: http://www.brethartepta.com/
Los Angeles Science Fantasy Society: www.lasfs.org
Friday, August 24, 2012
Thursday, July 12, 2012
Fun with SELinux and Apache
I was so proud of myself getting UserDir to work in Apache. I thought I was set. But when I tried to log into my account on my web server I got an error message saying it could not find my user directory so it was dropping me in /. This was not good. I let it go for a little while since this was a learning platform and not a production system. But today I decided to find out why this was happening.
I looked at the file name (remember that in Unix/Linux everything is a file) and it was okay. I checked the permissions on the file and they were okay. Then I looked at the SELinux settings
ls -dZ ~
and what I saw was
drwx--x--x. <username> <groupname> unconfirmed_t:object_r:httpd_sys_content_t:s0 /home/<username>
which was how the instructions I read said they should be. On another VM I ran the same command and I saw user_home_dir_t instead of httpd_sys_content_t and I had no problems with the home directory there so I changed the context back on the web server VM
chcon -t user_home_dir_t ~
and then I logged out and back in. Hurrah! I was in my home directory again. I wanted to verify the web server was still able to access my test PHP scripts in ~/public_html directory. Not a chance. The dreaded 403 Forbidden message was displayed. Now what do I do?
I did a Google search to see if I could set two context types in SELinux but I couldn't find anything that indicated I could. The tool chcon has an option for a range of contexts but I couldn't find an example of how it worked. My next option was to try the end user forum for the Linux distro I'm using for my test server. Since I didn't have an account at CentOS I created one. Why not? It's always nice to have ready access to information.
A search of the CentOS forums showed an option that I didn't see, or glossed over, the first time I tried setting up UserDir. So I typed the command
setsebool -P httpd_enable_home_dirs 1
and tried to access the web server again. Success! Now I can have my cake (UserDir access on my web server) and eat it too (access to my home dir in my web server).
Lesson learned: read all the documentation.
I looked at the file name (remember that in Unix/Linux everything is a file) and it was okay. I checked the permissions on the file and they were okay. Then I looked at the SELinux settings
ls -dZ ~
and what I saw was
drwx--x--x. <username> <groupname> unconfirmed_t:object_r:httpd_sys_content_t:s0 /home/<username>
which was how the instructions I read said they should be. On another VM I ran the same command and I saw user_home_dir_t instead of httpd_sys_content_t and I had no problems with the home directory there so I changed the context back on the web server VM
chcon -t user_home_dir_t ~
and then I logged out and back in. Hurrah! I was in my home directory again. I wanted to verify the web server was still able to access my test PHP scripts in ~/public_html directory. Not a chance. The dreaded 403 Forbidden message was displayed. Now what do I do?
I did a Google search to see if I could set two context types in SELinux but I couldn't find anything that indicated I could. The tool chcon has an option for a range of contexts but I couldn't find an example of how it worked. My next option was to try the end user forum for the Linux distro I'm using for my test server. Since I didn't have an account at CentOS I created one. Why not? It's always nice to have ready access to information.
A search of the CentOS forums showed an option that I didn't see, or glossed over, the first time I tried setting up UserDir. So I typed the command
setsebool -P httpd_enable_home_dirs 1
and tried to access the web server again. Success! Now I can have my cake (UserDir access on my web server) and eat it too (access to my home dir in my web server).
Lesson learned: read all the documentation.
Monday, July 2, 2012
On shedding weight
Something that all geeks/nerds/etc. need to be aware of is weight. I mean that excess fat on the body that makes one look, well, fat. Being lonely, unwanted, too <whatever> to care is not an excuse. The biggest problem in science fiction fandom, geekdom, etc., other than social ineptitude, is being obese or morbidly obese which leads to Type 2 Diabetes. I know this because I was diagnosed last year and it caused me to mildly panic. Fortunately I had helpful guidance in shedding weight (115 pounds so far) and being able to keep it off. I say shedding instead of losing because something that is lost can be found.
I found that the quickest way to shed weight is to stop eating "recreational sugar" products. This includes, but is not limited to: candy bars, ice cream, sugary soda (I drink diet soda so I'm not exactly cheating), cake, cookies (which I like to bake so now I have to find sugar free alternatives), and other sweet goodness. It's okay to eat apples, sweet corn, etc. because the sugar is a natural and not added, but in moderation. Everything is in moderation. I gave up eating small pizzas by my self, even though I *love* pizza.
Exercise also helps. Just don't over do it. Start slow and work you way up. Pick I time when you feel comfortable doing it. I walk two miles in the morning three times a week, and add in other walks when I can. I have a small dog that I take for a walk in the evening.
Back to Diabetes. This can be a killer. A friend did not have his diabetes diagnosed and continued to live an unhealthy lifestyle. He was supposed to go to a New Years party some years ago but never showed up. He just disappeared off the fannish radar. Since this was before Twitter and Facebook became ubiquitous parts of everyday life no one thought twice about his silence until it lasted too long. Several mutual friends went to his apartment to check on him and found an unpleasant surprise. He was a groomsman at my wedding; I was a pallbearer at his funeral. I don't like this kind of symmetry.
Please, please, please take care if you are over-weight.
I found that the quickest way to shed weight is to stop eating "recreational sugar" products. This includes, but is not limited to: candy bars, ice cream, sugary soda (I drink diet soda so I'm not exactly cheating), cake, cookies (which I like to bake so now I have to find sugar free alternatives), and other sweet goodness. It's okay to eat apples, sweet corn, etc. because the sugar is a natural and not added, but in moderation. Everything is in moderation. I gave up eating small pizzas by my self, even though I *love* pizza.
Exercise also helps. Just don't over do it. Start slow and work you way up. Pick I time when you feel comfortable doing it. I walk two miles in the morning three times a week, and add in other walks when I can. I have a small dog that I take for a walk in the evening.
Back to Diabetes. This can be a killer. A friend did not have his diabetes diagnosed and continued to live an unhealthy lifestyle. He was supposed to go to a New Years party some years ago but never showed up. He just disappeared off the fannish radar. Since this was before Twitter and Facebook became ubiquitous parts of everyday life no one thought twice about his silence until it lasted too long. Several mutual friends went to his apartment to check on him and found an unpleasant surprise. He was a groomsman at my wedding; I was a pallbearer at his funeral. I don't like this kind of symmetry.
Please, please, please take care if you are over-weight.
Friday, June 29, 2012
First post! Configuring Apache 2 for use with user directories (UserDir)
Several people have mentioned that I need to have a blog to enhance my online technical presence, or something like that. So here goes...
I'm teaching myself how to setup and use a LAMP (Linux/Apache/MySQL/PHP) stack. I've already learned a little PHP but I wanted to try my hand at making a sub-directory of a user's home directory available as a place to access web pages (and PHP code). After setting up Apache in a virtual machine (VM) running on my my laptop (VirtualBox running on Fedora 14), I took a look at the configuration file to see how to do this. The instructions were clear about how to do all this. So after I created the directory public_html and changing the permissions of everything from my home directory down to my test file, I restarted Apache and put the URL for the test page into my browser... And got the dreaded 403 Forbidden message. I'd seen this before but had never solved it in the past. This time I did a Google search (and I really use Google!) on the error and found that the problem may be with Security-Enhanced Linux (SELinux). The first thing that the helpful sight suggested was to turn off SELinux and try again. With SELinux off it showed me the test page, which was a little three line PHP script:
<?php
echo "Hello Web!";
?>
So now I know that I was being blocked SELinux. I turned SELinux back on and took another look at the website where I found the suggestion to see what I had to do next. It mentioned the chcon (change context) command to set the correct context for the file, and the directories involved. The issue was the file type needed to be httpd_sys_content_t for my home directory, content directory (public_html), and the content files. The command was something like:
chcon -t httpd_sys_content_t <filename>
After make this change I restarted Apache again, just to be sure, and tried the URL one more time. Success! I now had a functioning web server on a "remote" machine (remember that it is running in a VM) that allowed me to put the content for users in their home directories.
The only part of this that concerns me is the the user's home directory (i.e. /home/<username>) has to have the SELinux file type mentioned above if the content is accessible to others. If some other application needs the home directory to have a specific file type, can more than one be applied to the directory? That's a Google search for another time.
My lessons continue. I'm slowly approaching the part of the book (see info below) that describes how to access a database from a web page. After I finish learning from this book, I will try these scripts again but accessing a PostgreSQL database instead. And then I will try Perl instead of PHP.
For completeness, here is the hardware and software I'm using to do all of this:
Laptop: Toshiba Satellite E205-S1904
Host OS: Fedora 14
Virtualization software: Oracle VirtualBox
Guest OS: CentOS 6.2
Web Server: Apache 2
Book: Sams Teach Yourself PHP, MySQL and Apache All in One (3rd Edition)
Coming soon: Setting up a DNS server (in a VM); Installing Puppet Master on an unsupported system; Learning how to manage a consulting business; and much more!
I'm teaching myself how to setup and use a LAMP (Linux/Apache/MySQL/PHP) stack. I've already learned a little PHP but I wanted to try my hand at making a sub-directory of a user's home directory available as a place to access web pages (and PHP code). After setting up Apache in a virtual machine (VM) running on my my laptop (VirtualBox running on Fedora 14), I took a look at the configuration file to see how to do this. The instructions were clear about how to do all this. So after I created the directory public_html and changing the permissions of everything from my home directory down to my test file, I restarted Apache and put the URL for the test page into my browser... And got the dreaded 403 Forbidden message. I'd seen this before but had never solved it in the past. This time I did a Google search (and I really use Google!) on the error and found that the problem may be with Security-Enhanced Linux (SELinux). The first thing that the helpful sight suggested was to turn off SELinux and try again. With SELinux off it showed me the test page, which was a little three line PHP script:
<?php
echo "Hello Web!";
?>
So now I know that I was being blocked SELinux. I turned SELinux back on and took another look at the website where I found the suggestion to see what I had to do next. It mentioned the chcon (change context) command to set the correct context for the file, and the directories involved. The issue was the file type needed to be httpd_sys_content_t for my home directory, content directory (public_html), and the content files. The command was something like:
chcon -t httpd_sys_content_t <filename>
After make this change I restarted Apache again, just to be sure, and tried the URL one more time. Success! I now had a functioning web server on a "remote" machine (remember that it is running in a VM) that allowed me to put the content for users in their home directories.
The only part of this that concerns me is the the user's home directory (i.e. /home/<username>) has to have the SELinux file type mentioned above if the content is accessible to others. If some other application needs the home directory to have a specific file type, can more than one be applied to the directory? That's a Google search for another time.
My lessons continue. I'm slowly approaching the part of the book (see info below) that describes how to access a database from a web page. After I finish learning from this book, I will try these scripts again but accessing a PostgreSQL database instead. And then I will try Perl instead of PHP.
For completeness, here is the hardware and software I'm using to do all of this:
Laptop: Toshiba Satellite E205-S1904
Host OS: Fedora 14
Virtualization software: Oracle VirtualBox
Guest OS: CentOS 6.2
Web Server: Apache 2
Book: Sams Teach Yourself PHP, MySQL and Apache All in One (3rd Edition)
Coming soon: Setting up a DNS server (in a VM); Installing Puppet Master on an unsupported system; Learning how to manage a consulting business; and much more!
Subscribe to:
Posts (Atom)