LAMPdocs: Linux, Apache, MySQL, PHP

A system administrator often needs to deal with file ownership change. This is often related to the ownership of the files created by daemons. Often users don’t have access to the file created by apache. What to do if you need to change ownership of a group of files?

You must be root to perform this operation. The following command will change permissions to all files in the specified folder. This is related to user and group permissions so you don’t need to run chgrp command.

chown -R <user>:<usergroup> <folder>

This will recursively change ownership to the files located in the folder. Note that most web hosting panels create user groups with the same name as users’ so the command will most probably look like chown -R <user>:<user> <folder>. You can use any masks, for example, if you need to change ownership of html files only you need to issue chown -R <user>:<user> <folder>/*.html

This is quite a simple operation, however many people who want to take a look at their servers don’t know this. I hope this article will help you to manage your files

Sometimes you should prevent outgoing connections from your server. The best way to do it is to use Linux system options, especially ipchains and iptables. I will show you how to do it using iptables, as this is the shortest way I know.

In order to block outgoing connections from your server to one IP issue the following command using command line:

iptables -A OUTPUT -d <IP Here> -j DROP

You can add whole subnets using this command. For example, if you need to block a subnet, the command will look like:

iptables -A OUTPUT -d 192.168.0.0/16 -j DROP

This will block all IPs from 192.168.x.x.

You might want to use the same method with incoming connec6tions. All you need to know is the IP range you need to block. You should just change OUTPUT to INPUT in the command above.

If you manage any script that creates files on the server, you might meet the prob;em that you cannot edit files created by this script. This is especially related to PHP scripts, that, for example, create some text files in a folder. When you try to open these files via your FTP client, you will most probably receive “Permission Denied” error when you try to save your changes.

When you run your PHP scripts, that are creating files, they almost in all cases are started by user Apache. This user has all the permissions on the created files. So we have Apache as an owner and Apache as the Group. That’s why we don’t have access to these files - we simply don’t own them.

I know two different solutions for this problem. The first one is quite intelligent - to use suphp. This is an Apache module, that allows to run php by the user that initially owns the executed file. That’s a great solution as it is done for entire server and all users’ scripts will be affected.

Another solution is not so beautiful, It’s a “patch” for scripts that are actually running. If you don’t have suphp installed or don’t want to install it for any reason, you can use root crontab to chown files created by your scripts. For example, we will recursively chown a folder where script generated files are located. Just add the following line to your root crontab:

*/10 * * * * chown user:user /folder_to_chown

This is not quite a good idea but I don’t know any other solutions at the moment.

Often you need to run something from your directories without entering the full path to your executables. You may also like to customize some of your user settings, as you might know, .bashrc file allows you do do all this stuff.

In order to add a directory to your command search path you need to do the following:

export PATH=${PATH}:/your/path

The export command sets a variable in this script but also “exports” it so it affects things outside this script. The ${PATH} part is a special function that expands to your current search path. The colon (“:”) must be used to separate elements of the search path.

You can add this line to your .bashrc file or run it from your command line if you need to update your command search path only once.

More about .bashrc file possibilities you can read here

Sometimes you need to “hide” your server by denying responses to ping requests. This way your server will look like it is offline. ping <server_ip> will return connection timeout. There is a short linux command that will allow to do this using iptables. Here it is:

iptables -t filter -A INPUT -p icmp -j REJECT

This will ignore icmp packets send to your server (these packets are used to ping your server). You can also deny traffic send using any other protocol instead of icmp by modifying the command, changing icmp to the protocol name you need.

Another solution was found on Linuxquestions.org. It allows outgoing ICMP packets and blocks incoming. Here it is:

/sbin/iptables -A OUTPUT -p icmp -o eth0 -j ACCEPT
/sbin/iptables -A INPUT -p icmp –icmp-type echo-reply -s 0/0 -i eth0 -j ACCEPT
/sbin/iptables -A INPUT -p icmp –icmp-type destination-unreachable -s 0/0 -i eth0 -j ACCEPT
/sbin/iptables -A INPUT -p icmp –icmp-type time-exceeded -s 0/0 -i eth0 -j ACCEPT
/sbin/iptables -A INPUT -p icmp -i eth0 -j DROP

When you decide to rent a dedicated server, you almost in all cases get more than one IP address. This is used for DNS management and other stuff that is related to unique IPs. For example, you want to assign a dedicated IP to one of your site.

Let’s take we don’t have any panel installed (like CPanel, DirectAdmin, etc). How do we add an IP to server using command line only?

First of all, we need to login as root to perform IP addiction. Then we need to go to the folder with a configuration file:

cd /etc/sysconfig/network-scripts

I’d suggest you to backup your existing configuration if something goes wrong. Here is the command:

cp ifcfg-eth0 ifcfg-eth0_backup

Here I think that your main network interface is eth0, you should replace it with your interface name if it differs. We need to duplicate your working configuration file in order to create a new one for a new IP address we will add.

cp ifcfg-eth0 ifcfg-eth0:1

The command above copies your config file within the same directory. Now we need to open it with vi

vi ifcfg-eth0:1

Now we need to replace DEVICE=”eth0″ with DEVICE=”eth0:1″ and change IP address string IPADDR=”xxx.xxx.xxx.xxx” to the string with the IP you’re adding. You will probably need to assign this IP to your server on each boot. Then check the string below - it should look like ONBOOT=”yes”. Change this parameter to Yes if necessary. That’s all, let’s save the file by pressing ESC, then :wq, then Enter.

Let’s enable it by issuing the following command:

/sbin/ifup eth0:1

Now  if you type /sbin/ifconfig you should see your IP address under eth0:1 section.

Do service network restart. This will restart your network interfaces. You’re done. Your IP should be accessible at the moment,

If you are a system administrator, you should often need to copy files between servers. I think that the most useful tools for this is Midnight Commander (mc). I will show you how to establish a SSH connection to another server in this post.

First of all let’s start midnight commander from command line by typing mc. If you don’t have it installed you should run yum install mc to get it. I will continue with Windows screenshots, though it is much better to run it in Linux. Here is its main window:

We need to establish an SSH connection to Another server in order to do this. Let’s go to Right-Shell link as shown on the screenshot below:

We will be shown a window prompting for machine name. Just type in the hostname or IP address of another Linux box if you will be logging in as root or type username@IP if you will log in as another user, just like at the screen.

After you hit return, you will most probably be prompted that the authenticity of the host you’re trying to connect to cannot be established. Answer yes to the question that appears: Are you sure you want to continue connecting? Just type yes in the command line (on Windows mc interface is messed up when you’re trying to connect, but I hope you’ll find where to type it).

Then mc will ask you for a password. Just enter it and you are in! The next screen that should appear is one with two mc panels: one local and one remote. You can do anything you want with remote files as they were local. That’s why I consider this method the most useful for copying files between Linux boxes: it is fast and visual: you can see everything that’s happening.

Midnight commander is a very useful tool in Linux. As I found from my previous experience, it is the only way to delete a plenty of files without overloading the server. If you are a Linux newbie, you might not know how to select all the files listed by Midnight Commander (Like Ctrl+A in Windows). I will tell ou this keyboard shortcut, you will find it useful when you want to copy all the files from a folder using graphic interface of mc.

To select all the items listed in mc, you need to Press “Alt”+”Shift”+”+”. This will show you the dialog window with “*” entered. You just need to press Enter (Return) to select all the files.

Finding files is a very common practice for all operating systems. I don’t think this is a trick. but it’ll be very helpful for newbies to know the exact command to find big files, especially when you don’t have enough space on your machine and want to know which files take most of your space.

find / -size +10240000c -exec du -h {} \;

This command will list all the files that are larger than 10 Mb, specifying the exact size they have. du output is used to calculate file sizes and / is the directory where we are looking for files.

Sometimes server load is caused by a single user, that runs lots of stuff. In order to prevent server overload you should detect most heavy processes by using ps. Then you may need to know what processes are run by this user. This will be done using ps -u <username>. If you think that al user processes should be terminated, issue the following command: pkill -u username. This will kill only processes started by the specified user.

Here is a flash demo of this command, I think you can find it useful.