Colovic Vladan

I one sentence, these two security functions can be described as:

suPHP is a tool for executing PHP scripts with the permissions of their owners instead of the Apache user.

suEXEC provides Apache users the ability to run CGI and SSI (Server Side Includes) programs under user IDs different from the user ID of the calling web-server. Normally, when a CGI or SSI program executes, it runs as the same user who is running the web server.

Translated: suPHP is for PHP what is suEXEC for CGI.

So, I just updated everything at my x86_64 CentOS 5.1 Linux installation. And everything looked fine until I found out that email can not be received, and what’s more – I can not log in at Roundcube webmail anymore. The same was in SquirrelMail – both clients just hang/freeze when trying to login, without any kind of meaningful notification – just waiting indefinitely.

I checked a log files, and saw something like this:

error while loading shared libraries: libsepol.so.1: failed to map segment from shared object: Cannot allocate memory

To fix the issue, open the /etc/dovecot.conf and adjust (uncomment) the following directive:

login_process_size = 64

Stupid as it looks, but thats it.

These ports need to be opened in your firewall for Samba to be functional.

• UDP
  137 / udp / NetBIOS Name Service
  138 / udp / NetBIOS Datagram Service

• TCP
  139 /tcp / NetBIOS Session Service
  445 /tcp / Microsoft Directory Service

• for Samba Web Administration
  901 / tcp / SWAT

If you use ISPConfig Hosting Control Panel, just go to Management / Services / Firewall, and add a firewall rule. One note: Besides the fact that help info said different, the port range can not be used when specifying UDP port – it’s a bug – see this thread)

The structure and a short explanation of it’s content. Read the rest of this entry »

Sharing the directory

mkdir -p /home/shared
chown -R root:users /home/shared
chmod -R 775 /home/shared

Look at the great beginner info on permissions and chmod.

Then, in SWAT (it can be started with http://192.168.0.1:901/, if server IP is 192.168.0.1), create a share with the following data (my example) .

comment = Share for all users
path = /home/shared/
valid users = @users
force group = users
read only = No
create mask = 0660
security mask = 0660
directory mask = 0771
directory security mask = 0771
available = Yes

Adding a Samba user

Probably the best way is to use a SWAT again (under Password menu item). But, if you want it in a command line – to add a user to a system use

useradd myusername -m -G users

Then, add it to a Samba and set a password

smbpasswd -a myusername

Global settings needed for public shares

In advanced SWAT configuration, change the following

security = user (it's default, but just as a reminder)
map to guest = Bad User (because unknown usernames should be mapped to guest account - needed for the public access shares)
null passwords = yes (for allowing a users without a passwords)

And, for the share

guest ok = Yes (which is same as: public = yes)
read only = No (which is same as: writable = yes)
create mask = 0777
directory mask = 0777

and optionally

force user = nobody
force group = nobody

These were some of the worst days I could imagine.
I just wanted to speed up my system, but it ended in very painfull experience.

A had a big problem when trying to install the Vista 32bit OS on my new motherboard with ICH9R SATA controller.

Nothing helped.

Finally, getting the latest Vista DVD ISO with SP1 solved the problem like it never existed.