Unix
Support FAQ
Maintaining a server requires at a fair amount of unix system
administration knowledge. A strong unix end-user background
is generally enough for anyone to quickly learn the necessary
admin skills. This document is in no means intended as a substitute
for learning these skills hands-on. Our support team strongly
recommends following titles; as far as we're concerned, they're
some of the best unix administration books available:
Unix
System Administration Handbook
Evi Nemeth, Prentice Hall
Solaris
Advanced System Administrator's Guide
Janice Windsor, Sunsoft Press
Additionally, Unix
Help For Users is an excellent online resource for
beginners.
Customers who maintain their own nameserver should refer to
these DataCenterS support documents:
Bind
8 Online Documentation
The Internet Software Consortium's BIND manual
DNS
and BIND
Paul Albitz, O'Reilly
Solaris
DataCenter FAQ
Covers Solaris specifics as well as general DataCenter issues
Please note that DataCenter's unix support team does not provide
support for customer-maintained nameservers.
Are
there any limitations as to what I can do on my server?
Once
your server has been released, you have root access and complete
control over what services are run on the system. By using/accessing
your server, you agree to comply with our Acceptable
Use Policy.
What
is DataCenter's support policy regarding services and applications
running on dedicated Unix servers?
DataCenter's
server support staff must account for all time spent working
on server support issues. Please refer to our system
administration services page for a list of supported
software applications and pricing information on our managed
service plans.
Our technicians are fully trained to deal with a multitude
of issues; If you would like us to give you a price quote
on answering questions or investigating a problem, send email
to unixadmin@DataCenter.co.il
and we will be happy to assist you.
Creating
virtual sites
DataCenter
provides the newsite program to aid in the creation of Apache
virtual sites. Newsite will add users to the system's passwd
file, configure a VirtualHost entry in httpd.conf, add a domain
to sendmail.cw (so it can receive mail), and optionally allow
anonymous FTP to the new site. FTP accounts created with newsite
restrict the user to their home directory, thus keeping them
from moving around the server's directory structure and providing
a more secure operating environment.
To run newsite, log in as root/root2, cd to /usr/local/newsite,
and run ./newsite. You will be prompted for the following
information:
Domain name - The domain name of the server you're
setting up. The domain is also used as the name of the user's
home directory within /usr/local/etc/httpd/sites. When entering
a domain name, newsite strips the 'www.' prefix and adds the
necessary entries to httpd.conf so that users can access domain.com
as well as www.domain.com in a web browser.
IP address - It's wise to allocate these addresses in order
so as not to lose track of free IP addresses. We advise our
customers against using their 'primary' IP address for web
hosting - this address is reserved for routing, and may change
if the server is upgraded or replaced at a later date.
Username / Password - The username and password which can
be used to access the virtual site via FTP.
Login shell - The Unix shell to be executed when the client
logs in to the server. We recommend setting this to /ftponly
so as to disallow telnet/SSH access for security purposes.
Virtual FTP - This option allows configures a virtual anonymous
FTP site. Only one virtual FTP account can be configured on
each IP address. When told to do so, newsite will create an
'ftp' directory within the virtual site's home directory.
Any files placed within the 'pub' directory of the 'ftp' directory
will be available via anonymous ftp.
The Apache distribution which DataCenter installs on your server
is designed to work alongside the newsite program. Rather
than using a single htdocs directory to hold your "main" site's
documents and then creating additional directories for each
virtual site, newsite creates a group of directories under
/usr/local/etc/httpd/sites, each named with a domain name,
each with their own htdocs, cgi-bin, and log directories.
In order to delete an account created with the newsite program,
you'll need to complete the following tasks by hand:
- remove
the associated user account
- delete
the user's home directory and all associated files
- remove
the site's entries from sendmail.cf and httpd.conf
Creating
POP and forwarding mail accounts
DataCenter
provides the newpop program to aid in the creation of pop
accounts. To run newpop, log in as root, cd to /usr/local/newsite,
and run ./newpop. You will be prompted for a username and
password and the a pop-only account will be created. This
user will not be able to access the system via telnet/SSH.
POP usernames must be unique, and should be 8 characters or
less. They may only contain alphanumeric characters (a-z,
0-9).
POP accounts can be deleted with the 'userdel '
command, which is the name of the account you wish
to remove.
You can use Sendmail's virtual user table support to create
forwarding accounts. This will also allow you to create email
address with the same username at different domains, each
of which will forward to unique POP addresses. In order to
do this, you must edit /etc/mail/virtusertable and then run
/etc/mail/update.
The syntax for the virtusertable for a forwarding address
is as follows: username@domainname.com username@forwardingaddress.com
The syntax for the virtusertable for a duplicate address is
as follows:
webmaster@domain1.com popuser1
webmaster@domain2.com popuser2
If you wish to create a "catch-all" account which forwards
all mail sent to a particular domain to a single pop account,
you can create a blank-username entry the virtusertable:
@domain.com popuser
Each line in the virtusertable can contain a single forwarding
address.
In order to forward mail to multiple recipients, you must
create an entry in /etc/mail/aliases. The aliases file can
contain forwarding accounts with multiple comma-separated
recipients, but does not allow for the same username at multiple
domains.
The syntax for /etc/mail/aliases is as follows:
username: user@domain1.com,user@domain2.com
It's necessary to run 'newaliases' after updating the aliases
file.
For more information, please refer to
Virtual Hosting With Sendmail.
POP
and SMTP server information
All
DataCenter Unix servers are configured with Qualcomm's pop3 server
Sendmail 8.9. You can configure your POP mail client to check
mail using any of the IP addresses or domain names assigned
to your server. Since so many hosts on the internet have been
abused as spam relays, we've included anti relay provisions
in our standard Sendmail config file. Your server cannot be
used an an outgoing SMTP server, thereby blocking spammers from
stealing your resources.
Abuse of open mail relays is a very serious problem. Besides
leaving an open invitation for spammers to consume your resources,
permitting users to abuse your server in such a manner reflects
negatively on both your company an ours.
If you or your customers have static IP addresses, please
refer to Sendmail's relay
control documentation for information on configuring
your server to relay mail for these IPs. This document also
contains information on filtering unwanted mail sent to your
users. If you do not have static IP addresses, you should
configure your mail client to use your ISP's outgoing SMTP
server.
Alternatively, you can force users to authenticate via your
pop3 server in order to access your SMTP relay. Configuring
pop3 SMTP authentication requires that you make modifications
to Sendmail, Perl, and the pop server. Information on making
these changes is available from http://www.cynic.net/~cjs/computer/sendmail/poprelay.html.
DataCenter's unix consultants can install and configure pop3 mail
relay for three hours of support time, billed at our standard
rate of £85.00 per hour. Please let us know if you'd
like us to send you a work order to complete this task.
Saving
backup data to tape
If
you have not purchased a backup plan, the hardware specifications
in your server contract do not include network backup services
or an external tape backup device. Should a system or hard drive
failure occur, DataCenter will be responsible for getting the server
back online to the specifications of your contract and subsequent
software installations performed by a DataCenter technician. Restoring
software or configuration made by the client up to the point
of the failure will be the responsibility of the client, not
DataCenter.
Customers with a tape backup system who have not purchased
a managed backup
and media rotation plan are responsible for the maintenance
and integrity of their own backups and restorations.
DataCenter supports backups made via the dump program. Under Solaris,
this program has been renamed to ufsdump and is functionally
identical to dump under Linux. Please refer to the dump or
ufsdump man pages for detailed information on how to use this
software. You can also refer to our example backup script,
/usr/local/sbin/backup, and tailor it to your needs.
The following tape device names apply to all of our standard
tape backup units:
/dev/rmt/0 (Solaris tape)
/dev/rmt/0n (Solaris non-rewinding tape, must be rewound with
'mt rewind')
-
/dev/ht0 (Linux IDE tape)
/dev/nht0 (Linux non-rewinding IDE tape, must be rewound
with 'mt rewind')
/dev/st0 (Linux SCSI tape)
/dev/nst0 (Linux non-rewinding SCSI tape, must be rewound
with 'mt rewind')
Restoring
backup data from tape
In
order to restore data from a dump backup, you'll need to
familiarise yourself with the restore/ufsrestore command.
The following examples refer to the Solaris ufsdump. Linux
users would use the dump command and the appropriate tape
device.
To restore from a the first ufsdump backup on a system's
tape drive:
restore -ivfs /dev/rmt/0 1
The -ivfs flags mean (in order) "interactive, verbose, use
this file, use this partition." The argument to -f will
always be /dev/rmt/0. -s is a positive integer which corresponds
to the number of the dump on the tape; 1 means the first
dump, 2 means the second dump, and so on. Our managed backup
scripts always perform a root dump, followed by a /usr dump,
followed by each of the other filesystems in the order reported
by df -k. Please refer to the backup script in /usr/local/sbin/backup
for a list of filesystems to dump.
If you wished to extract a file from the /usr partition,
you would run 'mt rewind' (to ensure that the tape is
rewound), followed by the following command:
ufsrestore -ivfs /dev/rmt/0 2
Once ufsdump has found the backup file on the tape, it enters
interactive mode. In interactive mode, you'll be able to
select files and directories to extract from the backup.
You can browse files using 'ls.' Once you've decided which
data you need to extract, run 'add ' for
each file or directory to be extracted. These directories
will be flagged with an asterisk when you do an 'ls' of
the backup. Selecting a directory will automatically select
all subdirectories and files. Running 'add .' from the backup's
root will extract the entire backup.
When you're ready to extract your flagged files, run 'extract.'
ufsrestore will create a mirror of the backup directory
structure within the current working directory into which
it will extract the selected files. This process can take
quite a bit of time on a slow tape drive.
For a full explanation of all of restore/ufsrestore's
options, please refer to each program's respective man
page.
Rotating
log files
Under
Solaris and Linux, the operating system manages the rotation
of system log files under /var/log and /var/adm. By default,
the web server's access and error logs are not rotated.
We have included a script called 'logrotate' in /usr/local/etc/httpd
which can be run through a cron job to rotate web server
logfiles. This script works with any sites created with
the newsite program.
In order to rotate web server logs on the first of each
month, add the following entry to root's crontab using
'crontab -e':
15 0 1 * * /usr/local/etc/httpd/logrotate
The logrotate script compresses old log files which can
be manually deleted when they're no longer needed.
Generating
web statistics
DataCenter
recommends the use of http-analyze
to generate web stats reports. This software has been installed
in /usr/local/http-analyze.
We have included a script called 'stats.pl' in /usr/local/http-analyze
which can be run through a cron job to generate web usage
stats for any sites created with the newsite program.
In order to automatically generate web stats in the 'stats'
subdirectory of each of your customers htdocs directories,
add the following entry to root's crontab using 'crontab
-e':
0 0 * * * /usr/local/http-analyze/stats.pl
This script is meant to be used alongside the log rotation
script. In order to use these scripts together, add the
following entry to root's crontab using 'crontab -e':
0 0 * * * /usr/local/http-analyze/stats.pl
15 0 1 * * /usr/local/etc/httpd/logrotate
http-analyze is commercial software; customers who plan
to use this software should contact the vendor
to register their software. DataCenter is in no way affiliated
with this company.
General
system administration tips and information
What
software and services are running on my machine?
By default, telnet, SSH, SMTP, FTP, pop3, and www services
are configured to run on your server. For security reasons,
all unnecessary services have been disabled in inetd.conf.
We recommend that you leave these services disabled unless
you have an explicit need to do otherwise.
A list of our current software installation is available
here: Sun,
Linux.
Is there a difference between root and root2?
The only difference is the username; both accounts have
a UID of zero and full root access to the system. We maintain
unique and secure root passwords for each customer server
so that we can access the system in an emergency, after
a partial system failure, or to perform consulting services.
How do I disable remote root access to my server?
Under Solaris, you can disable root access via telnet
by uncommenting the CONSOLE entry in /etc/default/login.
This will require users to log in using a normal user
account and su to root.
Under Linux, you can restrict remote root access by removing
lines from /etc/securetty. Removing all ttyp* lines from
this file will disallow remote root access.
How do I start services at boot time?
Under Solaris, local startup scripts are stored in /etc/rc3.d;
these are normal shell scripts which are run each time
the machine reboots. Each script's name must start with
an uppercase 'S' followed by a number. The scripts are
run in numerical order when the machine boots up. Since
startup processes are not automatically forked into the
background at boot time, you'll need to add an '&' to
the end of each daemon started in the boot scripts.
Under Linux, local commands can be listed in /etc/rc.d/rc.local;
this is a shell script which is run each time the machine
reboots. Since startup processes are not automatically
forked into the background at boot time, you'll need to
add an '&' to the end of each daemon started in the boot
scripts.
Why won't anonymous FTP work?
Before anonymous FTP will function, you must add an 'ftp'
user to your system. This can be accomplished by running
'useradd ftp.'
How do I reboot my server?
Under Solaris, the following command will cleanly reboot
your server:
shutdown -y -i6 -g0
Under Linux the following command will cleanly reboot your
server:
shutdown -r now
How can I see how much disk space I have available?
'df -k' will report disk usage in kilobytes on each filesystem.
How can I see how large a directory is?
>From
within a directory, 'du -sk' will report the total size
of directory in (and all subdirectories) in kilobytes.
How do I change my system's hostname?
Under Solaris, use the hostname command followed by the
hostname you wish to use. For example:
