SE Linux is a feature of the Linux kernel that provides mandatory access control. This policy based access control system grants far greater control over the resources on a machine than standard Linux access controls such as permissions.
Many modern Linux distributions are shipping with SELinux enabled by default, Fedora 14 and Rhel 6 both install with it enabled.
When you run Recital Web on a SELinux enabled machine and navigate to the default.rsp page you will see something similar to the screen shot below.
If you launch the SELinux troubleshooter you will see the following problem.
SELinux is blocking the apache server from accessing the Recital server running on port 8001.
To manage you SELinux policy you must have the policycoreutils package group installed. The policycoreutils contains the policy core utilities that are required for basic operation of a SELinux system.
If you wish to use a GUI tool, you must install the policycoreutils-gui package.
At the command prompt execute the following:
As root
$ yum install policycoreutils
$ semanage port -a -t http_port_t -p tcp 8001
$ service recital restart
$ service httpd restart
We use the semanage command here to allow the http server access to port 8001. Once you have completed the steps detailed above you can go and navigate back to the default.rsp page in your borwser, where you will find the permission denied message is now replaced by the default.rsp page.
SELinux does a great job of restricting services and daemons so rather than simply disabling it, why not work with it!
When it comes to security, every little bit helps...
Tagged under
Recital 10 introduced the PIPETOSTR() function. This function operates in a similar fashion to the FILETOSTR() function but it can be used to capture the output from externally executed operating system commands. e.g.
// determine how many Recital users are on the system nusers = pipetostr("ps -ef | grep db.exe | wc -l")
A really nice plugin for eclipse that lets you write/edit Trac wiki pages in eclipse.
STRERROR()
Syntax
STRERROR( [ <expN> ] )Description
The STRERROR() function returns a string describing the last operating system error message. If the optional error number is specified then the related operating system error message will be returned.Example
mqdes=mqcreate("/myqueue", 2) if (mqdes < 0) messagebox(strerror()+",errno="+alltrim(str(error()))) return endif rc = mqsend(mqdes, "Test message") if (rc < 0) messagebox(strerror()+",errno="+alltrim(str(error()))) return endif mqclose(mqdes)
I was fascinated to learn that marvel are shipping a complete linux device that runs on a wall plug for less than $100. The device has gigabit ethernet and USB connectivity making it ideal for building home security and surveillance devices that can be connected together.
This would be an ideal device for Recital Embedded. Details can be found here. Additional information can be found here and this article in Scientific American 8 Big Things to Do with a Mini Server.
Clearly this device has a lot of uses including acting as a loadbalancer and also as a bunch of loadbalanced application servers that access data on a network using glusterfs or samba. Another great use of this device would to configure it as a rsnapshot server to backup all the machines in your home! Interestingly in quantity the device is only US$50.
Seeing as this device runs linux, nomachine can be installed on it.
Marvell have a development wiki here.
{linkr:none}
By default Recital uses PAM to authenticate users. It is also possible to tell PAM to use Kerberos. Simply replace the existing entries in the /etc/pam.d/recital file with the ones below:
auth sufficient pam_krb5.so try_first_pass
auth sufficient pam_unix.so shadow nullok try_first_pass
account required pam_unix.so broken_shadow
account [default=bad success=ok user_unknown=ignore] pam_krb5.so
auth sufficient pam_krb5.so try_first_pass
auth sufficient pam_unix.so shadow nullok try_first_pass
account required pam_unix.so broken_shadow
account [default=bad success=ok user_unknown=ignore] pam_krb5.so
Found a nice subversion plugin for finder on the MAC.
The goal of the SCPlugin project is to integrate Subversion into the Mac OS X Finder.
The goal of the SCPlugin project is to integrate Subversion into the Mac OS X Finder.
- Support for Subversion.
- Access to commonly used source control operations via contextual menu [screenshot]
- Dynamic icon badging for files under version control. Shows the status of your files visually. [ screenshot ]
Tagged under
This guide will assist you in setting up an rsnapshot backup server on your network. rsnapshot uses rsync via ssh to perform unattended backups of multiple systems in your network. The guide can be found on the centos website here.