Archive for the ‘Network + basic sysadmin’ Category

Mounting ntfs drive in Linux

May 14, 2011

Debian System

The process has two dependencies, ntfs-3g and libfuse 2. You will need these two packages installed before you begin the process. Ntfs-3g is a third party package that allows reading and writing to ntfs drives, which is the holy grail for me right now!

apt-get install libfuse2
apt-get install ntfs-3g

The first step is to ensure your Debian system ‘sees’ the ntfs drive. You’re not going to be able to mount anything if Linux can’t see it.
fdisk -l | grep NTFS

You should then see something like;
/dev/hda1   *           1       14387   156288421+    7  HPFS/NTFS

So now we know your ntfs drive is located on hda1. Check it isn’t mounted already by typing;

mount

Now to manually mount the drive use the following approach –

mkdir /media/windows

mount –t ntfs-3g /dev/hda1 /media/windows

This last command mounts hda1 with ntfs-3g in the /media/windows directory.

Now here is a very important step that had me stumped for ages. Unmounting the ntfs drive.
umount /dev/hda1

Here is another little trick to auto mount it whenever the system starts. To do this we have to modify a file called fstab. Be very careful!!!! If you damage this file it will not boot.

Modify the file in your text editor of choice and add the line;
/dev/hda1 /media/windows ntfs-3g defaults 0 0

Redhat system

Open yum.conf with any editor and Scroll down and enter the following in yum.conf:

# Linux-NTFS-Repository

[ntfsbase]

name=Linux-NTFS Install

baseurl=http://yum.linux-ntfs.org/redhat/$releasever/$basearch/

gpgcheck=1

save and exit from the file.
Next Install the linux-ntfs driver by typing “sudo yum install linux-ntfs” in the terminal

or

install the ntfs-3g package which will give you the NTFS support. Type “yum install fuse-ntfs-3g” and give the answer “Yes” if you are prompted for an encryption key or to install package.
Restart the system by typing “/sbin/shutdown -r now” in the console.

Check the new partition list by typing “sfdisk -l” and looking for a partition type that says “NTFS.”

DHCPD.conf for TFTP image

March 23, 2011

The minimal configuration for a dhcp server to point to the tftp boot image –

# The ddns-updates-style parameter controls whether or not the server will  attempt to do a DNS #update when a lease is confirmed. We default to the behavior of the version 2 packages (‘none’, since #DHCP v2 didn’t have support for DDNS.)

ddns-update-style none;
ignore client-updates;
default-lease-time 21600;
max-lease-time 43200;

subnet 192.168.20.0 netmask 255.255.255.0

{

range 192.168.20.221 192.168.20.225;
option domain-name-servers 192.168.20.1; # IP of DNS server
option domain-name “example.com”;
option routers 192.168.20.2; # Ip of gateway box

filename “pxelinux.0”; # Name of the file the boot ROMs should download.
next-server 192.168.20.5; #Name of the server they should get it ( pxelinux.0) from.

 

}

Including non-free firmware within Debian netboot images

August 31, 2010

Problem –

It can be seen this approach does not work well with netboot images which need Ethernet firmware… the Ethernet firmware really needs to be in the initrd.gz before the kernel boots. One solution is to build your own custom Debian Installer images. This is possible and the Debian Installer build process is described here –

I require the firmware from the firmware-bnx2 package to install on an Dell PowerEdge R710 with Lenny:

  1. Clear, create and cd into a temporary directory:
    rm -rf /tmp/firmware-bnx2
    mkdir  /tmp/firmware-bnx2
    cd /tmp/firmware-bnx2
  2. Acquire the lenny/firmware-bnx2 package, which contains the firmware: (firmware-bnx2 download page)
    wget http://ftp.debian.org/debian/pool/non-free/f/firmware-nonfree/firmware-bnx2_0.14_all.deb
  3. Extract the files from the package into the temporary directory:
    ar -p firmware-bnx2_0.14_all.deb data.tar.gz | tar -zxf -
  4. Create the cpio archive using pax, contain stuff under lib but root it in / in the archive:
    pax -x sv4cpio -s '%lib%/lib%' -w lib | gzip -c >bnx2-fw.cpio.gz
  5. Change to the Debian Installer directory… (ie where you have your initrd.gz):
    cd $debian-installer-dir
  6. Make a backup!
    cp -p initrd.gz initrd.gz.orig
  7. Append the new archive to the original initrd:
    cat /tmp/firmware-bnx2/bnx2-fw.cpio.gz >> initrd.gz

Now boot with your new initrd.gz and original vmlinuz and you should be on the road!

Alternative way –

We uncompress the image using:

mkdir temp
cd temp/
zcat ../initrd.gz | cpio -iv

Download the firmware-bnx2 debian package:

cd ..
wget http://http.us.debian.org/debian/pool/non-free/f/firmware-nonfree/firmware-bnx2_0.14_all.deb

and extract the contents with:
dpkg-deb -x firmware-bnx2_0.14_all.deb bnx2

We need to copy the files under lib/firmware/bnx2-06-4.0.5.fw , bnx2-09-4.0.5.fw and bnx2/usr/share/initramfs-tools/hooks/firmware_bnx2 inside the extracted directory of the initrd and compress it back (from the extracted directory):

find . -print0 | cpio -0 -H newc -ov | gzip -c > ../initrd.gz

user alias and command alias with sudo

January 27, 2010

sudo is a package which will allow privileged users to run commands as other users. This is sort of like assigning users to different groups to give them special permissions to files. However, this can allow users access to specific commands on specific machines, making it a more effective and more organized way of giving special privileges to users.

The /etc/sudoers File

General sudoers file record format –

usernames/group servername = (usernames command can be run as) command

1. Granting All Access to Specific Users

You can grant users tarique and bony full access to all privileged commands, with this sudoers entry.

bonny, tarique ALL=(ALL) ALL

The keyword ALL can mean all usernames, groups, commands and servers

2. Granting Access To Specific Users To Specific Files

This entry allows user tarique and all the members of the group operator to gain access to all the program files in the /sbin and /usr/sbin directories, plus the privilege of running the command /usr/local/apps/check.pl. Notice how the trailing slash (/) is required to specify a directory location:

tarique, %operator ALL= /sbin/, /usr/sbin, /usr/local/apps/check.pl

3. Granting Access to Specific Files as Another User

The sudo -u entry allows allows you to execute a command as if you were another user, but first you have to be granted this privilege in the sudoers file.

tarique ALL=(accounts) /bin/kill, /usr/bin/kill, /usr/bin/pkill

tarique is on the team developing a financial package that runs a program called fsystem as user accounts.From time to time the application fails, requiring “tarque” to stop it with the /bin/kill, /usr/bin/kill or /usr/bin/pkill commands but only as user “accounts.

User tarique is allowed to stop the fsystem process with this command:

sudo -u accounts pkill fsystem

4. Using Aliases in the sudoers File

User aliases are groups of users, and are labeled with the string User_Alias. They contain a list of users that are in that alias.

User_Alias DNSADMINS = tarique,bonny

The user alias DNSADMINS contains two users, tarique and bonny.

A Runas alias is a special type of user alias. This lists users that other users can run commands as

Runas_Alias APPADMIN = named,dbuser,operator

A command alias is a list of commands. They’re labeled with the string Cmnd_Alias. Here, we have an alias that includes all the commands necessary to back up to tape, or restore the system from backup.

Cmnd_Alias BACKUPS = /bin/mt,/sbin/restore,/sbin/dump

To use an alias, just put the alias name in the rule where you would normally list the user, command, or hostname. We’ve previously defined a user alias DNSADMINS. The users listed in the DNSADMINS alias get to run any commands at all on all of our servers.

DNSADMINS ALL = (ALL) ALL

or want to allow particular commands with particular users on all servers

DNSADMINS ALL = (APPADMIN) BACKUPS

Let’s suppose that user tarique has to manage an application that runs as a particular user. He can run any command on the system as this application user. We defined a Runas alias in the above for the user alias APPADMIN, and an alias for commands needed to run the application, DBCOMMANDS.

tarique ALL = (APPADMIN) DBCOMMANDS

As the application administrator, tarique might also have to run backups. We have already given the APPOWNER Runas alias operator privileges, and we have a separate command alias for backup commands. We can combine them all like this.

tarique ALL = (APPOWNER) DBCOMMANDS, (APPOWNER)BACKUPS

This is much simpler to read than what this rule expands to.

tarique ALL = (dbuser,operator)/usr/home/dbuser/bin/*,\
(dbuser,operator)/bin/mt, (dbuser,operator)/sbin/restore,\
(dbuser,operator)/sbin/dump

HowTo: Creating virtual interfaces in solaris/Redhat/Debian

July 19, 2009

Sometimes it’s useful to create a virtual network interface on your Solaris box, so that you can associate multiple IP addresses with the same host and not have to go through all the trouble of buying another NIC.

Here’s a quick HOWTO. Let’s assume our network card is eri0, and we want to create a virtual interface called eri0:1

Create the virtual interface:

# ifconfig eri0:1 plumb

Configure the virtual interface:

# ifconfig eri0:1 179.164.83.161 netmask 255.255.255.0 broadcast 179.164.83.255

Check to make sure it worked:

# ifconfig -a

eri0:1: flags=1000842 mtu 1500 index 2

inet 179.164.83.161 netmask ffffff00 broadcast 179.164.83.255

Finally bring up your new virtual interface:

# ifconfig eri0:1 up

To make it come up on start:

create /etc/hostname.eri0:1 with hostname in it

make sure the hostname is in /etc/hosts

To Disable: ifconfig eri0:1 unplumb

In RedHat

# ifconfig eth0:1 192.168.30.128 netmask 255.255.255.0

That’s all it takes! Let’s check to make sure it took:

# ifconfig -a

You can (and should!) also give this new address its own name in the /etc/hosts file:

192.168.30.128 stationX

To make this permanent in RedHat or Mandriva, look in the directory /etc/sysconfig/network-scripts — you’ll see a file called ifcfg-eth0. Copy that file and edit it to create a new ifcfg-eth0:1 (Be sure to edit the contents of the file to give it the right address and netmask, of course.)

Now your eth0:1 interface will start automatically at reboot, just like eth0 itself. You can have as many of these “ifcfg-” files as you like, within reason.

In Debian

the file is called “/etc/network/interfaces” and is somewhat simpler:

auto eth0

iface eth0 inet static

address 172.16.0.6

netmask 255.255.255.0

auto eth0:1

iface eth0:1 inet static

address 192.168.30.128

netmask 255.255.255.0

You still have to tell the machine about the new network of which it is now a member. That’s the job of the route command:

# route add -net 192.168.30.0 netmask 255.255.255.0

# route

Cheers!!!