I had a situation where we had an old Bugzilla server that hadn’t been used for several years. As these things often happen, the “powers that be” suddenly decided we need that server to be back up and running NOW. Of course, nobody could remember their passwords any more and the email password mechanism had stopped working.

A Google search could only seem to turn up suggestions that started with “login to an admin user…”. Yeah, if I could do that I wouldn’t really have problem would I?

Anyway the solution was fairly easy actually.

NOTE: this is a dangerous solution that leaves the admin user exposed for a little while. Take reasonable precautions to prevent access until finished. Either with firewall rules or via an Apache .htaccess rule.

  1. Sign on to Mysql via the command line on the server in question
  2. USE bugs; (the bugzilla database)
    UPDATE profiles SET cryptpassword=null WHERE userid=1;
    QUIT;
  3. userid is the id of an admin user

  4. You can now login as that user with no password (see I told you it was dangerous).
  5. As admin you can change the password of another user to a password that you can remember, so do that.
  6. Now, if you go back into the database and list the profiles table you will see the encrypted passwords so locate the user who’s password you know.
  7. SELECT * FROM profiles;

  8. Now just replace the password string for your admin user with the encrypted string from the user you just looked up in the above SQL statement (as below).
  9. UPDATE profiles SET cryptpassword="23WHATEVER56" WHERE userid=1;

    Once you have set the encrypted password you should be able to login as the admin user using the password you set and you can change the password at this point to a more complicated one.

    I believe that newer versions of Bugzilla have eliminated the need for the above steps with a change passwords switch in the checksetup.pl program on the commandline.

POSTFIX was already installed in a simple fashion using real Unix accounts. We will continue to use these Unix accounts but pass authentication duties off to an LDAP server.

I used the Centos Directory Server and it was necessary to install the (75misc.ldif schema in the server to allow for mail aliases and mailing lists).

/etc/postix/master.cf was not changed for this set-up.

The following settings were placed in
/etc/postfix/main.cf:

queue_directory = /var/spool/postfix
command_directory = /usr/sbin
daemon_directory = /usr/libexec/postfix
mail_owner = postfix
myhostname = vm239.example.com
mydomain = example.com
myorigin = $mydomain
inet_interfaces = all

mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain

unknown_local_recipient_reject_code = 550
mynetworks_style = subnet
#mynetworks = 10.200.3.0/24, 127.0.0.0/8

alias_maps = hash:/etc/aliases
alias_database = $alias_maps
local_recipient_maps = ldap:/etc/postfix/ldap-users.cf
home_mailbox = Maildir/
virtual_alias_maps = ldap:/etc/postfix/ldap-aliases.cf
newaliases_path = /usr/bin/newaliases.postfix

# Virtual Users
# I didn’t use this but it could be used
#

#virtual_mailbox_domains = virtual.com
#virtual_mailbox_base = /var/spool/virt_mailboxes/
#virtual_mailbox_maps = hash:/etc/postfix/vmailbox
#virtual_mailbox_maps = ldap:/etc/postfix/ldap-users.cf
#virtual_minimum_uid = 100
#virtual_uid_maps = static:500
#virtual_gid_maps = static:500
#virtual_alias_domains = virtual.com
#virtual_alias_maps = hash:/etc/postfix/valias

This was added to the bottom of the /etc/aliases file but otherwise it was left as installed (note: run the newaliases command after any changes are made to the aliases file).

root: tedc

/etc/postfix/ldap-users.cf

bind = no
version = 3
timeout = 20
size_limit = 1
expansion_limit = 0
start_tls = no
tls_require_cert = no
server_host = ldap://vm241.example.com/
scope = sub
search_base = ou=people,dc=example,dc=com
query_filter = (mail=%s)
result_attribute = uid

/etc/ldap-aliases.cf

bind = no
timeout = 20
server_host = ldap://vm241.example.com
search_base = ou=aliases,dc=example,dc=com
scope = sub
version = 3
query_filter = (cn=%s)
result_attribute = rfc822MailMember

Ask any Linux geek which is the best Window Manager and you can easily find yourself in the middle of a holy war but ask a Windows user the same question and you will be met with a blank stare. Window Managers are one of those wild and wonderful features of Linux that can completely change your experience with your computer.

To either change you Window Manager (in Ubuntu) or even to just see which one is currently the default you need to look at the file:

/etc/X11/default-display-manager

It would show for GNOME:
/usr/sbin/gdm

and for KDE:
/usr/lib/kde4/bin/kdm

There are a wide variety of other possibilities of course but those are the two big ones.

To change the Window Manager open a terminal and type:

sudo dpkg-reconfigure gdm

NOTE: the WM configuration files are different for other Linux distributions and yes, I agree, that should be standardized.

I just came across what I feel is a good setting for most Facebook users. It allows you to get an email notification of anyone using your Facebook account from an unauthorized computer. I personally use a number of computers to update my Facebook status but, I still want to get notified every time something happens outside of my main computer (and hopefully I can register my laptop also).

You go to:

ACCOUNT > ACCOUNT SETTINGS > ACCOUNT SECURITY

click the CHANGE button

The setting is “Would you like to receive notifications for logins from new devices?

Select YES

Then LOGOUT of FACEBOOK.

When you first log back in to FACEBOOK you will be asked to verify and name that device.

Give it a meaningful name and Voila.

I will be testing this to see how annoying the notifications are but, it looks good.

Switching between using Firefox in Windows and Ubuntu I am used to being able to hit the BACKSPACE key to go back one page. This is the default behaviour in Windows but not in Ubuntu.

To change the behaviour in Ubuntu:

Type about:config as your URL

Filter to browser.backspace_action and then change that value.

0 – sets it to the windows default (back 1 page)

1 – sets it to scroll up (shift+backspace = scroll down)

2 – disable backspace key

Incidentally in Ubuntu you can always do the following without changing anything:

  • ALT+ Left Arrow = go back 1 page
  • ALT+ Right Arrow = go fwd 1 page

Some commands that come in handy for software RAID arrays.

To find out what your RAID array is doing issue:

cat /proc/mdstat

To find out the status of a particular device:

mdadm –detail /dev/mdx

To remove a drive from the array:

mdadm -r /dev/md0 /dev/sdc1

(this will remove partition sdc1 from the md0 array)

To add a drive back in to an array:

mdadm /dev/md0 -a /dev/sdc1

(this will add partition sdc1 in to the md0 array)

To watch an array as it rebuilds itself:

watch -n1 cat /proc/mdstat


The different levels of RAID are:

  • RAID-0

A “striped” mode. Ideally the devices are the same size. There is no redundancy but you do gain performance (from parallel reads or writes). If you lose a drive you will lose data.

  • RAID-1

A mirrored RAID set. All data is written to all drives at once. You can lose a drive and not lose data. Write performance will be a little worse because you must wait until all data on all drives is finished. It is possible to saturate the PCI bus while writing and this causes the biggest bottleneck (hardware RAID suffers less from this). Read performance can be better than a single drive. It is also possible to have a spare dive kick in immediately in the event of a drive failure. RAID size is limited by the smallest disk available.

  • RAID-4

Requires 3 or more drives. It is essentially a RAID-0 array with an additional drive being used to store parity informaton so that a failed drive can be reconstructed. The parity drive becomes the performance bottleneck. In addition if the parity drive fails then redundancy is also lost.

  • RAID-5

Requires 3 or more drives. This is a very useful option as it combines the performance advantages of a RAID-0 array with the redundancy of RAID-1. In this case parity information is distributed across all drives. RAID-5 arrays can lose one drive but not two. Actual performance gains will depend on usage scenarios with heavilly fragmented data fairing not very well.

Setting up a RAID array on Linux is fairly easy and is definitely effective. I have even set this up on servers that have hardware RAID equipment  because the hardware drivers were either flaky or not available.

Be aware that software RAID will steal some CPU cycles. I feel that most modern hardware has more than enough  power to spare but, if you need every ounce of performance then hardware RAID is definitely the way to go. I can say that I haven’t noticed much of a performance hit with RAID running and the benefit has always been worth it but, as they say, your mileage may vary.

This is most easilly accomplished with a recent kernel (at least 2.4 but that covers almost all recent distros). The RAID tools are also usually installed as is mdadm.

For a few months now I have tried to track down the source of error messages in my Samba logs.

The server was functioning correctly but, I kept getting messages about “unable to become connected user..”.

Well I finally solved it and the solution was actually very simple. The first thing I did was when I got  few moments to have a good look at the server I changed the log level to 2 in smb.conf.

From that I was able to determine that the error was related to the Windows share IPC$. This share is really just for Windows internal use related to browsing and is not actually used for any sharing of files.

I tried adding various versions of the IPC$ share to see if that helped and what finally worked was to just add a bare bones IPC$ share as below:

  • [IPC$]
  • path = /home/tmp
  • hosts allow = 192.168.1.0/24 127.0.0.1
  • hosts deny = 0.0.0.0

…and that’s it .

Seperate subnets with a space.

0.0.0.0 is Samba shorthand for all.

Okay its seems that the virtualmin downgrade has settled down now.
I’m still working out exactly how much functionality I have lost by going to the free GPL version but this is what I did:
After installing the RPM I downloaded the repo and installed it with:
rpm -Uvh –oldpackage virtualmin-release-latest.rpm
I then ran a
yum clean all
This will clean up the repo settings left over from the downgrade and reset to the gpl version.
You then need to go into the webmin control panel
WEBMIN>SYSTEM>Scheduled Cron Jobs
and disable the following cron jobs that are not offered in the gpl version:
sendratings.pl
maillog.pl
fcgiclear.pl
The last one is a clean up program for fastcgi but , I haven’t found out what the other 2 jobs do.
I just know that they give me errors in my logs if left enabled.
Ted

Okay its seems that the Virtualmin downgrade has settled down now.

I’m still working out exactly how much functionality I have lost by going to the free GPL version but this is what I did:

  • I downloaded the repo rpm and installed it with:

rpm -Uvh –oldpackage virtualmin-release-latest.rpm

  • I then ran a

yum clean all

This will clean up the repo settings left over from the downgrade and reset to the gpl version.

I then went into the webmin control panel:

WEBMIN>SYSTEM>Scheduled Cron Jobs

and disabled the following cron jobs (these are apparently not valid in the gpl version of Virtualmin):

  1. sendratings.pl
  2. maillog.pl
  3. fcgiclear.pl

That last one is a clean up program for fastcgi but , I haven’t found out what the other 2 jobs do.

I just know that they give me errors in my logs if left enabled.

I have since discovered that it might be possible to change the username and password to “GPL” and the re-run the install script. I have not tested this and don’t know what that would do to the existing servers, mailpacks , etc.