In this article, I will describe how to setup a cvs pserver step by step.

1. Installation of cvsd package

For RPM-based distributions, you may download precompiled RPMS from this site:

cvsd-1.0.14-1.i386.rpm
cvsd-1.0.14-1.src.rpm (source)

For other distributions, you may download source tarball here, compile and install it yourself.

2. Configuration file /etc/cvsd/cvsd.conf

Check cvsd’s configuration file /etc/cvsd/cvsd.conf. Something should be mentioned:

• RootJail: the location of the chroot jail cvs should be run in. The default value should like
  

  RootJail /var/lib/cvsd

  For RPM-based installation, the installation process should have initialized this directory for you, by the command

  # cvsd-buildroot /var/lib/cvsd

  If the directory is not initialized yet, or you change `RootJail’ to another directory, you need to use the command `cvsd-buildroot’ to initialize it by hand.

• Uid and Gid: the user and group cvsd should be run as. The default values:
  

  Uid cvsd
Gid cvsd

  For non-RPM based installation, you need to create them by hand.

• Repos: paths to repositories, one repository per line. Every path is relative to RootJail and begins with a `/’. For example:
  

  Repos /coolsoft
Repos /hotsoft

3. Creation of repositories

To create a repository, for example, `coolsoft’, use the command:

# cvs -d /var/lib/cvsd/coolsoft init

The command will create a directory /var/lib/cvsd/coolsoft and a CVSROOT tree in it.

If you allow users to create top level directories in this repository:

# chown cvsd:cvsd /var/lib/cvsd/coolsoft

Edit the file /var/lib/cvsd/coolsoft/CVSROOT/config and modify the `LockDir’ option:

LockDir /tmp/coolsoft

The directory is relative to `RootJail’, /var/lib/cvsd. Create the directory:

# mkdir /var/lib/cvsd/tmp/coolsoft
# chown cvsd:cvsd /var/lib/cvsd/tmp/coolsoft

Now create users that can access this repository and set the passwords:

# cvsd-passwd /var/lib/cvsd/coolsoft jack

If you want anonymous access to your repository, create a user named `anonymous’ or `anoncvs’, and leave the password blank:

# cvsd-passwd /var/lib/cvsd/coolsoft anoncvs

Create a new file /var/lib/cvsd/coolsoft/CVSROOT/writers:

# touch /var/lib/cvsd/coolsoft/CVSROOT/writers

to protect write access to the repository. Without this file, all users have write access! Add users you want write access to this file, one user per line.

Optional, create top level directories in your repository that will hold files committed:

# cd /var/lib/cvsd/coolsoft
# mkdir client server
# chown cvsd:cvsd client server

4. Startup cvsd and test your repositories

To startup cvsd, use the command

# /etc/init.d/cvsd start

To test the new repository:

# cvs -d :pserver:jack@myhost.at.office/coolsoft login
# cvs -d :pserver:jack@myhost.at.office/coolsoft co client

ShareThis

In my last article, I described how to setup VSFTPD virtual users. In this article, I will describe another approach to setup VSFTPD, it needs real users on the system.

1. Installation of VSFTPD

For Red Hat, CentOS and Fedora, you may install VSFTPD by the command

# yum install vsftpd

For Debian and Ubuntu,

# apt-get install vsftpd

2. Virtual users and authentication

We may create a real user account for each webmaster. We will only give them FTP access to our server.

First, use `useradd’ command to create user accounts. Something to be specified are:

• group: we may specify the group of users to the group HTTP server runs as. In most cases, it is `apache’ for Apache HTTP Server, it is `lighttpd’ for lighttpd.
• home directory: we should also specify users’ home directories to their virtual hosts’ DocumentRoot. We should also make these directories writable by HTTP server.
• login shell: in order to disallow normal login for these FTP users, we should specify their login shell to `/sbin/nologin’.

For example:

# useradd -g apache -d /var/www/vhosts/mike -s /sbin/nologin mike
# chmod g+w /var/www/vhosts/mike
# passwd mike
Changing password for user mike.
New UNIX password:
Retype new UNIX password:
passwd: all authentication tokens updated successfully.

3. Configuration of VSFTPD

Create a configuration file /etc/vsftpd/vsftpd-virtual.conf,

# disables anonymous FTP
anonymous_enable=NO
# enables non-anonymous FTP
local_enable=YES
# enables uploads and new directories
write_enable=YES
# authentication of virtual uses
pam_service_name=login
# the virtual user is restricted to the virtual FTP area
chroot_local_user=YES
# runs vsftpd in standalone mode
listen=YES
# listens on this port for incoming FTP connections
listen_port=60021
# the minimum port to allocate for PASV style data connections
pasv_min_port=62222
# the maximum port to allocate for PASV style data connections
pasv_max_port=63333
# controls whether PORT style data connections use port 20 (ftp-data)
connect_from_port_20=YES
# the umask for file creation
local_umask=022

4. Start VSFTPD and test
Now we can start VSFTPD by the command:

# /usr/sbin/vsftpd /etc/vsftpd/vsftpd-virtual.conf

and test the FTP access of a virtual user:

# lftp -u mike -p 60021 192.168.1.101

The virtual user should have full access to his directory.

ShareThis

1. Installation of VSFTPD

For Red Hat, CentOS and Fedora, you may install VSFTPD by the command

# yum install vsftpd

For Debian and Ubuntu,

# apt-get install vsftpd

2. Virtual users and authentication

We are going to use pam_userdb to authenticate the virtual users. This needs a username / password file in `db’ format – a common database format. We need `db_load’ program. For CentOS, Fedora, you may install the package `db4-utils’:

# yum install db4-utils

For Ubuntu,

# apt-get install db4.2-util

To create a `db’ format file, first create a plain text file `virtual-users.txt’ with the usernames and passwords on alternating lines:

mary
123456
jack
654321

Then execute the following command to create the actual database:

# db_load -T -t hash -f virtual-users.txt /etc/vsftpd/virtual-users.db

Now, create a PAM file /etc/pam.d/vsftpd-virtual which uses your database:

auth required pam_userdb.so db=/etc/vsftpd/virtual-users
account required pam_userdb.so db=/etc/vsftpd/virtual-users

3. Configuration of VSFTPD

Create a configuration file /etc/vsftpd/vsftpd-virtual.conf,

# disables anonymous FTP
anonymous_enable=NO
# enables non-anonymous FTP
local_enable=YES
# activates virtual users
guest_enable=YES
# virtual users to use local privs, not anon privs
virtual_use_local_privs=YES
# enables uploads and new directories
write_enable=YES
# the PAM file used by authentication of virtual uses
pam_service_name=vsftpd-virtual
# in conjunction with 'local_root',
# specifies a home directory for each virtual user
user_sub_token=$USER
local_root=/var/www/virtual/$USER
# the virtual user is restricted to the virtual FTP area
chroot_local_user=YES
# hides the FTP server user IDs and just display "ftp" in directory listings
hide_ids=YES
# runs vsftpd in standalone mode
listen=YES
# listens on this port for incoming FTP connections
listen_port=60021
# the minimum port to allocate for PASV style data connections
pasv_min_port=62222
# the maximum port to allocate for PASV style data connections
pasv_max_port=63333
# controls whether PORT style data connections use port 20 (ftp-data)
connect_from_port_20=YES
# the umask for file creation
local_umask=022

4. Creation of home directories

Create each user’s home directory in /var/www/virtual, and change the owner of the directory to the user `ftp’:

# mkdir /var/www/virtual/mary
# chown ftp:ftp /var/www/virtual/mary

5. Startup of VSFTPD and test
Now we can start VSFTPD by the command:

# /usr/sbin/vsftpd /etc/vsftpd/vsftpd-virtual.conf

and test the FTP access of a virtual user:

# lftp -u mary -p 60021 192.168.1.101

The virtual user should have full access to his directory.

ShareThis

The basic parameters of the old server:

• 2 x Intel(R) Xeon(TM) CPU 2.40GHz
• 4G Memory
• Adaptec (formerly DPT) SmartRAID V Controller
• 6x 36704 MB SCSI disks
• Intel Corporation 82545EM Gigabit Ethernet Controller
• ATAPI 52X CD-ROM drive

The main points of installation are described below:

0. Make a RAID5 array

Before installation, we use SmartRAID Storage Manager to make a RAID5 array using 5 SCSI disks, and leave 1 SCSI disk as HotSpare.

1. Choose installation media

We have downloaded a Centos 5.1 DVD ISO. But the machine has no DVD-ROM. We make a USB boot disk using images/diskboot.img, but the server can’t boot. We have to burn a bootable CD-ROM using images/boot.iso. On the other Linux machine, we mount CentOS 5.1 DVD ISO under a directory of the Apache HTTP server. We will boot the machine by the bootable CD-ROM and choose HTTP installation media.

2. Boot, load RAID drivers

Boot the machine, choose HTTP installation media, configure network parameters and HTTP server addresses. The installation process now enters the graphical interface. But if we click ‘Next’ on the screen now, the installation process will not recognize any hard disks. This is because: CentOS does not put SmartRAID V drivers into the kernel used in installation process.

The method to solve this problem is: on the other Linux machine, unpack CentOS/kernel-2.6.18-53.el5.i686.rpm, copy the following two drivers

/lib/modules/2.6.18-53.el5/kernel/drivers/message/i2o/i2o_block.ko
/lib/modules/2.6.18-53.el5/kernel/drivers/message/i2o/i2o_scsi.ko

to some directory of the Apache HTTP server so that the machine can see them through HTTP.

Then, in the graphical interface of installation, press Ctrl-Alt-F2 to switch to command line, use ‘wget’ to get the above two drivers, execute the commands:

# insmod i2o_block.ko
# insmod i2o_scsi.ko

It may cause some minutes when loading i2o_scsi.ko.

After that, press Ctrl-Alt-F6 to switch back to the graphical interface, click ‘Next’ to proceed. A popup may appear, which says something like:

Error opening /dev/sda: No such device or address

Don’t care, click ‘Cancel’ to ignore it. At this time, the installation process will recognize the RAID5 array as /dev/i2o/hda successfully. We can follow normal steps to install the OS itself.

(In the partitioning step, using LVM may cause trouble – after installation, the boot process of the new system will be extremely slow, almost dead. We don’t know the reason yet. After times of failure, we choose to create custom layout, do not use LVM, the boot process afterwards goes smoothly.)

3. Make initrd

After all packages are installed, do not click ‘Reboot’ right now. Since ‘i2o_block.ko’ and ‘i2o_scsi.ko’ are not included in the default kernel’s initrd file, the boot prcess will not recognize our RAID5 array.

At the last stage of the graphical interface of installation, press Ctrl-Alt-F2 to switch to command line, execute the commands:

# chroot /mnt/sysimage /bin/bash
# /sbin/mkinitrd -f --preload=i2o_block --preload=i2o_scsi /boot/initrd-2.6.18-53.el5PAE.img 2.6.18-53.el5PAE
# exit

Then, press Ctrl-Alt-F6 to switch back to the graphical interface, click ‘Reboot’ to reboot the system.

Every time we upgrade the kernel, we should execute the ‘mkinitrd’ command to rebuild the initrd file, including ‘i2o_block’ and ‘i2o_scsi’ modules in it.

ShareThis