01.21.06

The first French paper magazine about blogs is out

Posted in Blog at 1:56 am by skoobi

It looks like the first magazine about blogs is out in France, as this post [Fr] suggests. It’s been a while that it has been announced.

01.20.06

Why is Ubuntu so popular ?

Posted in Unix / Linux at 2:22 pm by skoobi

This article [French] explains it :-)

01.19.06

Horde3 and Imp4 HOWTO under Ubuntu/Debian

Posted in Unix / Linux, Tips and Documentation at 12:58 pm by skoobi

This post is a simple set of guidelines (a mini-HOWTO) on How to setup Horde3 and Imp4 Webmail. In fact, the official documentation lacks a few important things, so here are a few tricks.

First of all, install the horde3 and Imp4 packages (Ubuntu/Debian)

apt-get install horde3 imp4

It is then necessary to setup an Alias for Apache. If you’re using Apache2, add a file /etc/apache2/conf.d/horde3.conf containing

Alias /horde3 /usr/share/horde3

Also, allow Apache to write horde configuration files :

chown -R www-data:www-data /etc/horde

Or, if you prefer to use ACLs

setfacl -m “g:www-data:rwx” /etc/horde

setfacl -d -m “g:www-data:rwx” /etc/horde

setfacl -m “g:www-data:rwx” /etc/horde/*

setfacl -d -m “g:www-data:rwx” /etc/horde/*

setfacl -m “g:www-data:rw-” /etc/horde/*/*

and restart apache

/etc/init.d/apache2 restart

You can then browse http://server/horde3

Important parameters to change are (in Horde setup) :

  • Horde URL (change it to /horde3)
  • Enable Database Access. Do Not use MySQL Improved (4+), my attempts at using it failed. MySQL Standard runs fine however
  • Enable Authentication. I recommend IMAP authentication (something like {localhost:143/imap/notls}. Do not forget the /notls, not specifying failed on my setup). Also make sure to add your username to the list of Administrators, otherwise, you won’t have access to horde/imp4 parameters. Using anything else than IMAP seeemed to fail on my setup
  • Generate the configuration

Horde should now be setup. You now have to configure imp4

  • generate a configuration using the horde administration panel
  • modify the /etc/horde/imp4/servers.php file. Instruction are given inside the file concerning the syntax. If you run Courier-IMAP, and want Imp to automatically authenticate using horde credentials :

$servers[’imap’] = array(
‘name’ => ‘IMAP Server’,
’server’ => ‘localhost’,
‘hordeauth’ => true,
‘protocol’ => ‘imap/notls’,
‘port’ => 143,
‘folders’ => ‘INBOX.’,
‘namespace’ => ‘’,
‘maildomain’ => ‘domain.com’,
’smtphost’ => ‘localhost’,
’smtpport’ => 25,
‘realm’ => ‘’,
‘preferred’ => ‘’,
‘dotfiles’ => false,
‘hierarchies’ => array()
);

You should now have a working setup.. Good luck !

01.18.06

JRrequire, such a nice idea !

Posted in Java at 1:57 pm by skoobi

JRequire is, in my humble opinion, a necessary tool to create true eXtreme Programming Processes. It allows to express Functional Requirements and

JRequire is a tool that maps code to specific requirements, which is useful for both coders and project managers.

Complete Top-down processes are not something programmers enjoy, this is why JRequire has a really nice potential.

Google Talk finally connected to the rest of the XMPP World

Posted in Jabber at 1:27 pm by skoobi

It is now official ! It is now possible to communicate with Google Talk Users using any Jabber Server.

Instant Messaging is now comparable to E-Mail Messaging (SMTP), which is a distributed system that can work independantly of a specific Organization. As a result, Instant Messaging can now be seen as a way to create useful applications without the fear of being dependant on a vendor.

Everyone seems to react positively :

Thank You Google, Again !

01.15.06

2 things to make Grub work for you

Posted in Unix / Linux, Tips and Documentation at 3:36 pm by skoobi

No matter how better Grub is compared to Lilo, it still has its flaws, making it sometimes hard to use.
Here are two important things to check :

  • That you have a “boot” symlink pointing to “.” in your /boot directory. Grub sometimes refer to /boot/boot/.., so it is safer to have this symlink
  • That you are having the right “groot” option defined in your menu.lst. It often happens that Grub mappings at boot time are not the same as Linux Grub mappings. For example, you might ask your BIOS to boot on a specific Hard Disk, that is not (hd0). The BIOS will make Grub believe that your (hdX) device is actually (hd0), so your menu.lst will not work. Change your menu.lst accordingly, and re-run update-grub to take the changes into consideration.

Running Ubuntu GNU/Linux on a FakeRAID/1 (mirroring) array

Posted in Unix / Linux, Tips and Documentation at 3:27 pm by skoobi

Edit: These information work for Ubuntu Breezy. Things may have changed with Dapper Drake
Most cheap hardware RAID controllers such as the VIA VT6421 are not purely hardware RAID systems, but should be seen as semi-soft, or FakeRAID controllers.

In order to install an Operating System on a FakeRAID array, it is thus necessary to setup a few things, since the underlying array is not completly transparent to the Operating System.

This short article, based on the Ubuntu Wiki FakeRaid HOWTO explains how to install Ubuntu Linux on such a FakeRAID array.

First of all, be aware that is it not currently possible (well, it is, actually, but one would have to revert to applying hacking changes in the Initial Ramdisk Image, so it is currently better to forget about it) to setup an LVM Volume on top of a FakeRAID array.

Since the Ubuntu Wiki FakeRaid HOWTO already explains how to install Ubuntu on a FakeRAID/0 array, I am just going to highlight the differences for a FakeRAID/1 array here.

The only difference is the creation of the Initial Ramdisk, which should load the dm-mirror module to allow the OS to read / write from the FakeRAID array.

The /etc/mkinitramfs/scripts/local-top/dmraid should be replaced by

#!/bin/sh

PREREQ=”"

prereqs()
{
echo “$PREREQ”
}

case $1 in
# get pre-requisites
prereqs)
prereqs
exit 0
;;
esac

modprobe -q dm-mod
modprobe -q dm-mirror

/sbin/dmraid -ay

In addition to the dm-mod module, the previous script launches the dm-mirror module. This means that the dm-mirror module should be copied. This is done by adding the line

dm-mirror

to the /etc/mkinitramfs/modules file.

The rest of the Ubuntu FakeRaid Howto gives a good explanation of the tasks that should be done in order to configure the FakeRaid array.

RAID controllers reliability

Posted in Unix / Linux at 3:00 pm by skoobi

Something that I am currently wondering about is whether people use cheap RAID controllers in Mission-critical environments.

According to my tests with a VIA VT6421 RAID 0/1 controller, there is nothing less reliable than RAID 1…. However, drawing such a conclusion seems inadequate, especially since RAID is so popular.

Using 2 Maxtor 250 GiB Hard Drives, configured as a RAID 1 (mirroring) array using VIA VT6421’s BIOS, and the Ubuntu GNU/Linux Operating System with a 2.6.12-10-686 kernel, RAID is a disaster. In fact, on the 2 installations I did with this setup, both failed at some point :

  • With the following partitions : /boot (100 MiB, ext3), / (20 GiB, ext3), swap (1 GiB), /home (the rest, ext3) , after an installation of Ubuntu server and a reboot, the / partition is mountable, but trying to read any file in / leads to a “Cannot access blocks beyond filesystem limits”
  • With the same partitions, except that / was of type reiserfs, installation is fine, mount is fine, except that trying to copy more than 5 GiB of data crashes the system.

Of course, everything runs fine without RAID, so I am wondering what the real problem is :

  • The VIA VT6421 RAID controller in RAID/1 mode ?
  • Any cheap RAID controller in RAID/1 mode ?
  • The Linux driver for these FakeRAID controllers ?

If anyone has an answer to these questions, do not hesitate to post a comment or send me an email.

01.14.06

Using POSIX ACLs to complement traditional Linux permissions

Posted in Unix / Linux, Tips and Documentation at 9:33 am by skoobi

Anyone who has been using Linux in a multi-user environment has been confronted to the limits of the traditional 12-bit based UNIX permission system.

For instance, you are likely to get into trouble if you have a repository (e.g. a folder containing a website) that may be modified by a set of users. Indeed, if a user (bob) has a restrictive mask (077 for instance), here is what might happen :

bob@samlaptop:/tmp $ ls -ld repository
drwxr-xr-x 2 bob repository 4096 2006-01-14 17:46 repository
bob@samlaptop:/tmp $ umask 077
bob@samlaptop:/tmp $ cd repository/
bob@samlaptop:/tmp/repository $ mkdir folder
bob@samlaptop:/tmp/repository $ ls -ld folder/
drwx—— 2 bob repository 4096 2006-01-14 17:46 folder/

As a result, the folder created by bob is not accessible by other members of the repository group. However, it is not possible nor desirable to force a set of users to keep a non-restrictive mask. Additionally, several repositories on the system might have different policies.

This is where ACLs come in. ACLS, or Access Control Lists are a new set of permissions that recent UNIXes such as Linux now support. (Windows has been supporting ACLs for quite a long time). It is now possible to define fine-grained permissions and forget the numerous hacks that everybody has been imaginating in order to survive with the current system.
This post is not a step-by-step HOWTO that explains how ACLs work under Linux, since it has already been covered by alo’s blog, or Andreas Grünbacher white paper and HOWTO. In fact, this article is only a simple introduction that shows how easy it can be to use ACLs, and was written in the hope that ugo+rwx addicts take some time to change their habits.

First of all, you need a decent distribution, such as Ubuntu Linux, that ships an ACL-enabled kernel. Most filesystems (ext3, reiserfs, …) now support ACLs, so these guidelines should work no matter which filesystem you choose. The only requirement is to mount your filesystems with the “acl” option. For instance, your /etc/fstab should look like :

/dev/hdb1 /home reiserfs defaults,acl 0 0

Once this is enabled, you can start playing with acls. One of the most interesting aspects, often under-documented, is the “default” ACL.

To introduce this concept, let’s consider that our repository should be accessible by both the samokk user and by Apache’s user www-data. Any HOWTO about ACLs will tell you that you should use the getfacl command to query the current ACLs of a filesystem object (directory / file).

samokk@bluerock:/tmp$ getfacl repository/
# file: repository
# owner: samokk
# group: samokk
user::rwx
group::r-x
other::r-x

samokk@bluerock:/tmp$ ls -ld repository/
drwxr-xr-x 2 samokk samokk 4096 2006-01-14 09:19 repository/

getfacl reports the same information as ls -l. This means that there are currently no ACLs defined, besides the traditional ugo+rwx permissions.

We want the repository to be unreadable by others, but accessible by Apache :

samokk@bluerock:/tmp$ chmod 750 repository/
samokk@bluerock:/tmp$ setfacl -m “g:www-data:rwx” repository/
samokk@bluerock:/tmp$ getfacl repository/
# file: repository
# owner: samokk
# group: samokk
user::rwx
group::r-x
group:www-data:rwx
mask::rwx
other::—

The setfacl command has been used to add ACLs to the repository object, in order to allow the www-data group (see the g: keyword) to r, w and x on the directory. getfacl’s output reflects this.

However, we still haven’t solved the mask problem we cited above. Allowing www-data to access the repository does not mean www-data will be given permission to access files that will be created in the future. Default ACLs are there to solve this issue. Default ACLs are inherited from the parent directory and can only be applied to directories (it is not possible to create files inside files…).

samokk@bluerock:/tmp$ setfacl -d -m “g:www-data:rwx” repository/
samokk@bluerock:/tmp$ umask 700
samokk@bluerock:/tmp$ >repository/file
samokk@bluerock:/tmp$ getfacl repository/
# file: repository
# owner: samokk
# group: samokk
user::rwx
group::r-x
group:www-data:rwx
mask::rwx
other::—
default:user::rwx
default:group::r-x
default:group:www-data:rwx
default:mask::rwx
default:other::—
samokk@bluerock:/tmp$ getfacl repository/file
# file: repository/file
# owner: samokk
# group: samokk
user::rw-
group::r-x #effective:r–
group:www-data:rwx #effective:rw-
mask::rw-
other::—

Wha we have just done is simple : the repository has been given a default ACLs that will be inherited by directories and that will be used to set the permission of files created inside it. An example repository/file has been created to show that the files actually inherit the permissions.

This is it ! ACLs are actually quite simple to use, so do not hesitate to ease your life !

· Next entries »