Got IPv6 working

Posted on: | By: Comments Off

YES!!!!I finally have IPv6 working After some struggling with config-files and a new way of addressing… I got it working …sorry for the short post…

Read More

“Easy share” IMAP folders with Courier-imap

Posted on: | By: Comments Off

Recently I got a iPhone, but I have multiple mails coming into my mailbox (private/business/sysop). I use maildrop to put them into the right folders. I want share my business (sub)folder(s) with my special iPhone-account… but how could we do that… (please note you should have admin-privileges)

Step 1 – Create new user and put the “source” mailbox user in the right group

Create a iPhone user on your server (in my case user is iphone) and add the user (in my case pieter) to the iphone group (created during the creation of the iphone user).

Step 2 – Set permissions correct of the source mailbox

Make sure the world can access ~pieter/Maildir, set this by entering:

[ root@server ~]# chmod o+x ~pieter/Maildir

New we also have to set the grouppermissions correct of the source sub-folders:

[ root@server ~]# chown -R pieter:iphone ~pieter/Maildir/.Business*

Set groupbit and grouppermissions on the folders you want to share:

[ root@server ~]# find ~pieter/Maildir/.Business* -type d -exec chmod 2770 {} ;

Set the grouppermissions on the current messages”

[ root@server ~]# find ~pieter/Maildir/.Business* -type f -exec chmod  0660 {} ;

Step 3 – Setup the functional account and mailstructure

Become that user (can be done via sudo).
[ pieter@server ~]$ sudo su – iphone
Password: ****
[ iphone@server ~]$

Create the maildir structure:

[ iphone@server ~]$ maildirmake ~/Maildir

Remove the cur, new and tmp folders:

[ iphone@server ~]$ rm -rf ~/Maildir/[cnt]*

Now link them to the source:

[ iphone@server ~]$ for x in cur new tmp; do ln -s /home/pieter/Maildir/.Business/$x ~iphone/Maildir/$x; done

Step 4 – Share the subfolders as well

[ iphone@server ~]$ cd ~/Maildir
[ iphone@server Maildir]$ maildirmake .Archive
[ iphone@server Maildir]$ rm -rf ~/.Archive/[cnt]*
[ iphone@server Maildir]$ for x in cur new tmp; do ln -s /home/pieter/Maildir/.Business.Archive/$x ~iphone/Maildir/.Archive/$x; done

Perform step 4 for al the other subfolders you would like to share ;-) (Please note that you’ve to set the permissions in step 2 as well). This was done on a FreeBSD6.3 system, I don’t know what the impact might be on Linux systems with SELinux… nor I don’t know what the impact might be of the chmod o+x on Maildir… we wil investigate. Initially I did a chown pieter:iphone on the source maildir… but my imap-server refused connection due to wrong gid.

Also keep in mind to put in your procmail/maildrop filter a umask of 007!

But… conclusion… it works cool.

Read More

Build your own “compute cloud”

Posted on: | By: Comments Off

In the recent Linux Journal, there was an article about “Eucalyptus”. 

EUCALYPTUS – Elastic Utility Computing Architecture for Linking Your Programs To Useful Systems – is an open-source software infrastructure for implementing “cloud computing” on clusters. The current interface to EUCALYPTUS is compatible with Amazon’s EC2 interface, but the infrastructure is designed to support multiple client-side interfaces. EUCALYPTUS is implemented using commonly available Linux tools and basic Web-service technologies making it easy to install and maintain.”

So if I have some time left… I’m going to take a look at it ;-)

More information can be found on http://eucalyptus.cs.ucsb.edu/

Read More

Apache – Access based on an IP or Username/password

Posted on: | By: Comments Off

Recently I came along the need of having access to some intranet site based on IP or if the IP was outside the LAN apache should prompt for a username/password.

It took me some time to figure out, but this can be done by the satisfy
option. So I now have in my apache-config the next configuration:

<Directory “/usr/local/www/intranet”>
  Options Indexes FollowSymlinks MultiViews
  AllowOverride None
  order deny,allow
  deny from all
  # Allow LAN Location A
  allow from 172.16.2.0/24
  # Allow LAN Location B
  allow from 172.16.3.0/24
  # Allow VPN-subnet
  allow from 172.16.250.0/24

  # Username/password request
  AuthType Basic
  AuthName “Example.Com Intranet”
  AuthUserFile /usr/local/etc/intranet/webusers.pwl
  require valid-user

  # Allow or require must be satisfied
  Satisfy any
</Directory>

And it is working well, if you’re from outside the defined subnets… you need to enter your username/password.

Read More

NSCD speeds up 4.1 times fetching user information from LDAP

Posted on: | By: Comments Off

At this moment I am setting up LDAP in a test environment, for usermanagement. One of my collegues suggested to use nscd together with LDAP to increase performance. So I did a small test with nscd turned off and nsdc turned on:

# service nscd stop
Stopping nscd: [ OK ]
# time for x in `seq 1 10000`; do X=`id pieter`; done
real    1m39.024s
user    0m19.467s
sys     0m40.919s
# service nscd start

Starting nscd: [ OK ]
# time for x in `seq 1 10000`; do X=`id pieter`; done
real    0m23.735s
user    0m4.645s
sys     0m18.829s

As you can see… nscd speeds up 4.1 times the lookups. There might be some other issues pop up with the use of nscd, but that’s what we will notice in the future.

Read More

The YubiKey

Posted on: | By: Comments Off

In the last issue of the Linux Journal, there is an article about the YubiKey. The YubiKey is providing One-Time-Passwords login, in a way Vasco and RSA do as well with their tokens. Although the YubiKey is working on (almost) any operating system…

Read More

I guess I did something wrong…

Posted on: | By: Comments Off

Last Friday I was playing around with one of my FreeBSD production servers. On that server I’ve a number of users for e-mail and other services.I was playing around as root, because I wanted to update/install some new stuff. But at a certain momen…

Read More

Linux SUDO-hack

Posted on: | By: Comments Off

It can happen, you have sudo-access to another account (most of the time it will be access to the root account). But most of the time the NOPASSWD option is not used due to security reasons. But there are moments you want to have sudo-credentials available, think about a script or something else…. I had the same issue, so I found the next “hack” to get the timestamp refreshed every 60 seconds.

(Please note the script will use user “root” but it can be another user, please modify the scripts so it fits your needs).

Step 1)

Create a script in you $HOME/bin with the next content (I call it sudo-hack.sh):

#!/bin/bash 
while [ true ]; 
do 
  sudo -u root /bin/true > /dev/null 2> /dev/null 
  sleep 60 
done 




Step 2)


Get a valid sudo-timestamp:


$ sudo -u root /bin/true
Password:
$


Step 3)


Start sudo-hack.sh in the background:


$ $HOME/bin/sudo-hack.sh &
$


That’s all! 

		

		
	

		
			Read More