Skip to content

Centos, Amazon Linux, NFS and the dreaded "nobody" problem

I have been fighting a problem with mounting volumes from an NFS Server in AWS for a few days. With more pressing issues at hand, I had to try and google for solutions for an hour or so before bed, and nothing I was doing was having any effect. Curiously, an Ubuntu based machine that was mounting the drive using NFS3 was not having the same problem. Only the Amazon Linux servers that were using NFS4 were having the issue, and were showing all files and directories as being owned by nobody:nobody.


drwxr-xr-x    2 nobody nobody   22 Jan  9 19:58 installervc
drwxr-xr-x    2 nobody nobody 4.0K Jan  9 19:56 avatar
drwxr-xr-x    2 nobody nobody 4.0K Jan  9 19:56 accessories
 


I had previously insured that the user UID and group GID for the user that would be writing files (in my case "apache" was the same (with the same UID and GID) on the NFS server and the servers mounting the nfs volume.

As it turned out the problem was with the configuration (or lack thereof) of the rpcidmapd service. NFS4 relies on this service to map users between machines. The "idmapd" requires that the domain of both the client and server should match for the UID/GID mapping to work, and in my case it wasn't. Probably many people with proper DNS configuration don't hit this problem, but we did not have a proper DNS setup, as these machines are part of a growing cluster. Compounding the problem I had set the configuration files to have meaningless host names rather than a domain.

You can tweak this setup by editing the: /etc/idmapd.conf file, and find the "Domain" variable:


Domain =  yourdomain.com
 


Set these to be the same for the server and all the clients.

The last problem was that I had to restart the idmapd process, which has an /etc/init.d control script named /etc/rpcidmapd


[root@web1 init.d]# ls -lath | grep rpcid
-rwxr-xr-x  1 root root 2.7K Jul 28  2011 rpcidmapd
 


Restart the process on both the nfs server and any nfs clients. If the source of your problem is the same as mine, your user & group mapping problems should be solved:


sudo /etc/inti.d/rpcidmapd restart
 


Finally!!!!


drwxr-xr-x    2 apache apache   22 Jan  9 19:58 installervc
drwxr-xr-x    2 apache apache 4.0K Jan  9 19:56 avatar
drwxr-xr-x    2 apache apache 4.0K Jan  9 19:56 accessories
 

Defined tags for this entry: , , , , , , , ,

Run a Centos Lamp development server on XP, Vista or Win 7 using VirtualBox

If you use a Windows based workstation or notebook computer virtualization offers a way for you to run a linux server environment using the same linux distribution and configuration you'll use in production. Virtualization allows you to explore clustering and network setups that can't be tested on your workstation alone and simplifies your development environment by keeping the LAMP environment contained inside a VM.

While VMWare offers these capabilities with their VMWare workstation product, Sun has created a free alternative called VirtualBox, with many of the same capabilities in VMWare workstation. VirtualBox runs on a variety of intel chip based operating systems including OS/X, Windows XP & Vista, Linux and Solaris, and supports the installation of many different "Guest" operating systems. In this article, I'll detail the installation and configuration of Centos. Centos is a great choice for a Linux server operating system, as it is widely used by hosting companies due to its Redhat Enterprise Linux (RHEL) core.

Our goals in this setup will be:

• Centos server running the LAMP stack
• XP can be used to develop code using the IDE of your choice.
• The XP Workstation can communicate with the linux server using standard tools: putty, winscp, firefox
• The setup works even when no other networking is available. When a network is available, no network reconfiguration is required.
• Use XP to setup private domain resolution so apache vhost configurations can be tested.

Let's get started.

Continue reading "Run a Centos Lamp development server on XP, Vista or Win 7 using VirtualBox"

Redhat RPM reference notes

Background

Redhat is a company providing a Linux distribution. Gizmola.com was installed using Redhat's distribution.

In the early days of Unix system software was usually distributed in source code form. Part of the allure of Unix to many users was it's portability aross a variety of different computer systems. Developers would usually create a "tarball" archive of the source code, along with a makefile and basic instructions for how to recompile the software for use on a system. Over time, the issue of upgrading software could become a cumbersome, time consuming matter, often requiring a sysadmin to patch the source code, and recompile the program in order to address bugs and security holes. Unix vendors and open source developers began to develope alternatives to this method for distributing precompiled or configured programs or scripts.

Hello RPM

One of the RedHat's innovations is it's linux package manager, RPM (RedHat package manager). Packages are installation modules that handle the installation, upgrade or deletion of software on a redhat system.

The RPM system created a standardized naming and versioning system, by which the installation (or absence) of a particular software package can be handled. RPM keeps a database of information on all the packages installed on a host. By querying the rpm database with rpm, it is possible to determine whether a particular software package has been installed, the version of that package, and some basic descriptive information about the package. You can also find out what package a particular file belongs to, and whether or not that file has been changed from the one that was installed initially.

Furthermore rpm allows for installation, upgrade and patching of packages.

Here's a list of what I've found to be some of the most useful redhat linux rpm commands, (examples assume a bash shell prompt).

rpm -qa > rpmlist


-q indicates an rpm query, a indicates all packages in database. This creates the file rpmlist. Use a text editor like vi to review the contents, or pipe it to grep if you're trying to determine if you have a particular package name installed, and if so, what version. Each line will display the installed package string (with version#) ie

CODE:
dhcpcd-1.3.22pl1-7 


In general you can pass the package name to various rpm commands, and ignore the version string.

Getting Information about a package

rpm -q perl


Result:
CODE:
perl-5.00503-12


rpm -q depends on matching the package name up to the last - prior to the package version information. This example searched for the popular sysadmin tool perl. If the query succeeds, the currently installed package string is returned. In this case, the example indicates that perl version 5.00503-12 is installed.

rpm -qi perl


Result:
CODE:
Name        : perl                         Relocations: (not relocateable)
Version     : 5.8.0                             Vendor: Red Hat, Inc.
Release     : 88.3                          Build Date: Wed 13 Aug 2003 09:21:24 AM PDT
Install date: Sat 08 Nov 2003 04:24:48 PM PST      Build Host: stripples.devel.redhat.com
Group       : Development/Languages         Source RPM: perl-5.8.0-88.3.src.rpm
Size        : 34942198                         License: Artistic
Signature   : DSA/SHA1, Fri 12 Sep 2003 02:06:47 PM PDT, Key ID 219180cddb42a60e
Packager    : Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla>
Summary     : The Perl programming language.
Description :
Perl is a high-level programming language with roots in C, sed, awk
and shell scripting.  Perl is good at handling processes and files,
and is especially good at handling text.  Perl's hallmarks are
practicality and efficiency.  While it is used to do a lot of
different things, Perl's most common applications are system
administration utilities and web programming.  A large proportion of
the CGI scripts on the web are written in Perl.  You need the perl
package installed on your system so that your system can handle Perl
scripts.

Install this package if you want to program in Perl or enable your
system to handle Perl scripts.


The -i (information) query option returns a wealth of useful information about a package. Adding the 'l' option will include a listing of the files inside the path in a format similar to ls. For example:

rpm -qil linc


CODE:
Name        : linc                         Relocations: (not relocateable)
Version     : 0.5.2                             Vendor: Red Hat, Inc.
Release     : 2                             Build Date: Fri 23 Aug 2002 10:27:57 AM PDT
Install date: Sat 08 Nov 2003 12:18:09 AM PST      Build Host: daffy.perf.redhat.com
Group       : System Environment/Libraries   Source RPM: linc-0.5.2-2.src.rpm
Size        : 70859                            License: LGPL
Signature   : DSA/SHA1, Tue 03 Sep 2002 02:28:58 PM PDT, Key ID 219180cddb42a60e
Packager    : Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla>
Summary     : Library for writing network programs
Description :

linc is a library that eases the task of writing networked servers and
clients. It takes care of connection initiation and maintainance, and
the details of varioustransports. It is used by the new ORBit to
handle message transmission/receipt.
/usr/lib/liblinc.so.1
/usr/lib/liblinc.so.1.0.0
/usr/share/doc/linc-0.5.2
/usr/share/doc/linc-0.5.2/AUTHORS
/usr/share/doc/linc-0.5.2/COPYING
/usr/share/doc/linc-0.5.2/NEWS
/usr/share/doc/linc-0.5.2/README


Note the reference to the Source RPM. RPM's are compiled into a binary format for efficiency and compression. If you are interested in the complete source for the RPM you can download the src.rpm and take a look at it with a text editor. RPM provides a full set of tools for creating your own RPM's for distributing your own open source projects. The details of this process is covered in Maximum RPM published by RedHat and distributed by them in electronic form on their website.

Sometimes you are looking at a file, and aren't sure what package it belongs to. This rpm command will determine that for you. Note that you must pass the full path to the file and not just the filename itself, if you expect rpm to find a match.

rpm -qf /usr/bin/gs


returns:
CODE:
ghostscript-7.05-20.1


RPM's main purpose is to actually install packages, so you don't have to compile everything from source. It's also worth noting that packages are created by the linux distro creators typically, and represent someones opinion on how a particular piece of software should be installed on your system. Although you can override these defaults to a degree, it's probably not the best idea to fight against the "official" stance of the distro on how that package works best.

Finding packages
If you are having trouble installing a package because it depends on other packages to already have been installed first, try www.rpmfind.net. It's a handy database which cross references packages across all the linux distributions and architectures that support RPM's. For example, try searching for libcrypto.so.0. The results indicate the various packages which include that file, and the location of the rpm for download.



There are options to install an rpm using a variety of protocols, but I typically download the rpm to my server first and install it from the file. RPM's installation syntax if very simple in this case:

rpm -i

I always tack on the vh options to get verbose output and the progress hashes so you can determine whether or not rpm has locked up, which on rare occasions it has been known to do.

rpm -ivh tcpdump-3.6.3-17.8.0.3.i386.rpm


results:

CODE:
Preparing...                ########################################### [100%]
   1:tcpdump                ########################################### [100%]


Updating a package

So, you find out that a program you are using has a security vulnerability and a new patch (and hopefully a new rpm) has been issued. Upgrading with rpm is usually a snap.

rpm -Uvh python-xmlrpc-1.2.1-0.6.x.i386.rpm


The -U option causes rpm to update the new package, checking for a prior versions, and saving or reusing configuration options before deleting any prior versions of the package from the system.

Unresolvable dependencies!

Sometimes you will be unable to update because of dependency issues between two packages. If you find that each package errors saying there are dependencies with the other, you can override the dependency check by add --nodeps as an argument to the update command. For example:

rpm -Uvh --nodeps python-xmlrpc-1.2.1-0.6.x.i386.rpm


I've had debates with people about this, but when two packages are in an rpm deadly embrace where each is dependent on the other, there is no way to move forward without telling one of the two to simply install anyways. Although this should be used with care, it obviously exists for a reason, and I've used it a few times without issue.

Batch patching

Sometimes you will have a whole slew of patched rpm's to deal with, and not be completely sure if you need them or not. One solution is the rpm freshen option.

rpm -Fvh python-xmlrpc-1.2.1-0.6.x.i386.rpm


Like -U -F causes an update or "Freshening" of the package, however, if a prior version of the package doesn't exist, rpm will exit without doing any installation. Security patches are often distributed with the recommendation that this mode be used. This way sysadmins can download the security patches and attempt to freshen them without concern about whether or not the patch is really needed.

I hope these notes help you out with your use of rpm.
Defined tags for this entry: , ,

Crackers

In the recent past, someone broke into Gizmola.com, and basically planted a bunch of backdoor software. I don't know what they hoped to gain from access to what is essentially a personal server with limited bandwidth available to it. Fortunately for me, they did a pretty crappy job of covering up their tracks, even locking me out of my own server (bright script kiddies!). Since then, I've been meaning to upgrade my version of Linux in order to try and recover from the damage. I finally got around to it, and upgraded to version 6.x of Redhat Linux. The upgrade was so easy, I'm wondering why I was dreading it for so long. With the exception of a tweak to a couple of config files, everything seems to be running again as usual.
Defined tags for this entry: , ,