ServerBuddies Support Blog

Cpanel/WHM ways to configure PHP

DSO — Provides PHP through libphp4.so or libphp5.so (aka, mod_php). This option is usually the fastest way to execute PHP requests; however, this option uses the system user called “nobody” to serve all PHP requests.

suPHP — Provides PHP through mod_suphp. Using this option is probably the most flexible way of serving PHP requests and is generally very secure. Under this option, PHP scripts will be executed by the user who owns the VirtualHost serving the request.

FCGI — This option serves PHP through mod_fcgid. This is a fast way of serving PHP requests but will most likely require that you tweak php.conf. You can enable suEXEC to execute PHP scripts under the user who owns the VirtualHost that is serving the request or, if suEXEC is disabled, PHP will be served by the system user ‘nobody’.

How to configure to use RPMforge ?

Reference: http://dag.wieers.com/rpm/FAQ.php#B2

It’s very easy. Just install the latest rpmforge-release package for your distribution and architecture.

This will automatically install the configuration and GPG keys that are for safely installing RPMforge packages.

The configuration of Yum is inside the rpmforge-release package.

You need to install it yourself.

If you’ve done that, the rest is simple. Upgrade your system by doing:

yum update
You can add new software by typing:
yum install [name of package]
Or update installed software:
yum update [name of package]

Or search for software in the local repository meta-data:
yum search [keyword]
Or simply list all available software:
yum list available
From time to time you may want to save some diskspace:
yum clean

Security - Install And Configure Advanced Policy Firewall (APF) On CentOS

From Advanced Policy Firewall’s website:

“Advanced Policy Firewall (APF) is an IPTables(Netfilter) based firewall system designed around the essential needs of today’s Linux servers. The configuration is designed to be very informative and easy to follow. The management on a day-to-day basis is conducted from the command line with the ‘apf’ command, which includes detailed usage information on all the features.”

Installation

Downloading and extracting.

and Run:

APF will display locations of it’s executable and configuration files as well as ports detected as being used.

Configuration

APF’s basic configuration file is /etc/apf/conf.apf

By default everything is locked and You have to configure APF to open ports You need to use.

Testing

Start APF:

We can use the following parameters:

Advanced Policy Firewall - http://www.rfxn.com/projects/advanced-policy-firewall

How can I create a Webmin user who can only configure one Apache virtual server or DNS domain?

In the Webmin Servers module.

Create a new user and give him access to only the Apache Webserver module.

After saving, click on Apache Webserver next to the user’s name in the list of Webmin users and use the form that appears to deny him access to everything except one selected virtual server.

Many other modules can also be configured in a similar way to restrict the access of a user to only certain DNS domains, Unix users or mail aliases.

How to Configure Samba

What is Samba?

Samba allows Linux boxes to share files and printers across a network connection by using the protocol SMB.

Installing Samba

You can get RPM package from http://www.samba.org or http://rpmfind.net. Also, you can install it using the utilities “yum” and “up2date”.

Configuration

Samba configuration file is located at /etc/samba/smb.conf, open this file and edit the following lines according to your requirement.

Let me explain the some important variables in this configuration file.

1. hosts_allow:

It allows only the mentioned IP addresses to share the Samba server. In the same manner, you can deny the IP addresses using the variable “hosts_deny”.

2. Security:

Samba has security modes such as: SHARE, USER, DOMAIN, ADS, and SERVER.

i) USER - In this mode, the client will send a session setup request directly following protocol negotiation. This request provides a username and password.

ii) SHARE - In Share Level security, the client authenticates itself separately for each share. It sends a password along with each tree connection (share mount).

The client expects a password to be associated with each share, independent of the user.

iii) DOMAIN - When Samba is operating in this mode, the Samba server has a domain security trust account (a machine account) and causes all authentication requests to be passed through to the Domain Controllers.

This method involves addition of the following parameters in the smb.conf file:

iv) ADS - Active Directory in native mode perfectly allows NT4-style Domain Members.

v) SERVER - In this mode, the Samba server takes the username/password that the client sends and attempts to login to the ‘password server’ by sending exactly the same username/password. If that server is in User Level Security and accepts the password, then Samba accepts the client’s connection. This allows the Samba server to use another SMB server as the password server.

This method involves the additions of the following parameters in the smb.conf file:

3. Encrypt Passwords:

By default, Samba uses plain text passwords to authenticate clients who access network resources and Microsoft SMB Protocol originally used plain text passwords. However, Windows NT 4.0 with Service Pack 3 or higher, Windows 98, Windows 2000, Windows ME, and Windows XP require encrypted Samba passwords.

So this option must be enabled if the clients are connecting from a Windows 98, Windows NT 4.0 with Service Pack 3, or other more recent versions of Microsoft Windows. The passwords are transferred between the server and the client in an encrypted format instead of in as a plain-text word that can be intercepted.

To configure Samba to use encrypted passwords, follow these steps:

i) Create a separate password file for Samba. To create from existing /etc/passwd file, at a shell prompt, type the following command:

The mksmbpasswd.sh script is installed in your /usr/bin directory with the samba package.

ii) Change the permissions of the Samba password file so that only root has read and write permissions:

iii) To set each Samba user’s password, use the following command.

4. smb passwd file:

Refer 3i).

5. valid users:

The “valid users” directive specifies the users to which samba access is allowed.

5. browseable:

This directive specifies whether the users have the access to browse or not. If it is ‘yes’, then the users can browse.

6. writable:

This directive specifies that the users have write access, if it is “yes.

7. public:

It specifies the public access.

Once you configured this file correctly, start Samba service in Linux machine.

Client side configuration:

1. Windows explorer >> Tools >> map a network drive
2. select drive letter
3. enter the path (e.g. \\your_server_ip\shares)
4. click connect using different user name
5. enter your samba username and password
6. You can connect to your Linux machine now!