Wednesday, February 13, 2008

Woops! MySql didn't start when the server rebooted!

One of my customers had this problem today. I got a text message, "Lisha! Can you look at the server and tell me why mysql isn't working? I rebooted the server and now the website has an error. Something about Error #2002 and the mysql.socket."

It turned out that when they rebooted their LAMP server, the mysql demon didn't turn on with the rest of the services like the apache http demon. Luckily, this is easy to fix. I ssh'd to their server and got to work.

First, I checked to see if my hunch was right:
mysqladmin ping
mysqladmin: connect to server at 'localhost' failed
error: 'Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2)'
Check that mysqld is running and that the socket: '/var/lib/mysql/mysql.sock' exists!

Yipes! Yup, you have no bananas (or mysql, as the case my be).

Next, I ran the mysql initialization script:
/etc/init.d/mysqld start
Starting MySQL: [ OK ]

Then check to see if it worked:
mysqladmin ping
mysqld is alive

Ah, yes. All better!

Next time, we can make mysql demon startup at boot time. On a Red Hat type system you can run the following code as root (or via sudo) to run the initialization script automatically at boot:
ln -s /etc/rc.d/init.d/mysqld /etc/rc.d/rc3.d/S98mysql

Monday, February 11, 2008

Collecting mail from external servers on Zimbra

Do you have Zimbra users who want to pull mail into their Zimbra accounts without having to press "Get Mail" or "Get External Mail" every time? It's easy.

In the Zimbra server's command line, running as user zimbra, try:
zmprov gc default | grep zimbraDataSourcePollingInterval
If you get a response, the number it gives you is the number of seconds between checks of the external mail boxes. If you don't get any response, that means that the zibraDataSourcePollingInterval isn't set yet. Set it like this:
zmprov mc default zimbraDataSourcePollingInterval 180
Now the external mail accounts will be checked every 3 minutes.

But wait!! There's a problem. If your users created secondary accounts before you did this, their mail might not get picked up on schedule. (This is certainly the case as of 5.0.0_GA_1869.) So, you need to set the polling interval for each of your users' data sources manually -- or with a script that you write yourself.

For each user, check what datasources they have now:
zmprov gds myuser |grep DataSourceName
where myuser is the name of the user, of course. Then, for each user modify the data source with the command:
zmprov mds [username] [dataSourceName] zimbraDataSourcePollingInterval [seconds]

For example:
zmprov mds myuser Migration\ Account zimbraDataSourcePollingInterval 180
Notice the \ and space in "Migration\ Account" in my example. The name of this data source is "Migration Account". If you have spaces in your data source name like I do here, then you need to use the backslash (\) to escape the space. Otherwise, the system thinks that the next word is part of the next option or command in the line. (This is pretty standard *Nix-ish behavior, but if you're a newbie it can throw you off.)

(The info for this post was found at and through personal experience with this problem last week...)

Thursday, February 7, 2008

Locking Down Root

Having an active root user is generally not a good thing. If the machine is used by lots of people and several individuals do superuser tasks under the root user, you have no way to track who did what in the event that someone decides to get evil. And of course, hackers like to get root access, because it lets the do anything that they want. You don't want that, so let's lock root up.

First, make sure that you have super user abilities when root is locked. If you don't already have sudo access, use root now to add yourself into the /etc/sudoers file. (I'll write an article about that soon. In the meantime, use man sudo to learn more.)

Now, lock root. Get out of root, if you are in it already, and as a user with sudoers privileges type
sudo passwd -l root
Check your work with
sudo passwd -S root
You should see something like
$ root L 09/11/2007 0 99999 7 -1

The option -S gives you the status of a user. It gives you the user name, then the status (L = locked, NP = no password, P = password), the date of the last change, and then the minimum age, maximum age, warning period and inactivity period for the password.*

Root is now locked. You can't log into root directly any more, and will have to run superuser tasks through sudo. There is still a cheater way around it, though. You can
sudo su
and then you will be root again. (I'll explain how to fix that in the sudo article.)

* Minimum age for a password says that you can only change the password ever so many days. Maximum age says that you have to change your password every so many days. Warning period is how long before maximum age is reached that the system should start warning you that you have to change your password. Inactivity period is how long after a password is expired that the login should be completely locked out. If you don't change your password before maximum age is reached, then the system will generally let you log in and immediately change your password before moving on. Once you've hit the days in inactivity period, though, you don't get a chance. It just won't let you in at all at that point. All of these ages are expressed as a number of days.

Creating A New *Nix User

The easiest way to create a new user on the command line is:
sudo useradd george
sudo passwd george

But that's not always enough. Let's say, for instance that you want people to change their password the first time that they log in and then again every three weeks. Let's set georgette up like that:
sudo useradd georgette -c "Georgette Userina"
sudo passwd georgette
(give her a throw-away password)
sudo passwd -e -x 21 georgette

Here's what we just did:
sudo = "superuser do" (do this as if you are root)
add user georgette with the comment (-c) "Georgette Userina" (-c is usually used for the user's full name)
give georgette a password she can use the first time she logs in
expire georgette's password immediately (so she has to change it when she next logs in) and then expire (-x) her password every 21 days.

Need a short term user? Maybe you have a contractor working with your company for a short time or a friend that's hanging out at your house for the next two weeks and needs access to your Ubuntu desktop while he's there. Here's how to do it:
sudo useradd sammi -c "Sammi Shortimer" -e 2008-03-10

Here we use the -e option with useradd to expire the account after March 10, 2008.

If you do most of your new user adds with the same special options, you can set those things as default in the file /etc/login.defs