DotNux – Unix/Linux Technical Mini Howto

August 15, 2009

How to install PHP accelerator (APC) on Centos 5

Filed under: Linux — admin @ 11:11 am

If you used PHP on Apache, whether on Centos, Gentoo, Ubuntu, etc., you probably noticed PHP gets slower as most modern PHP framework gets bigger in sizes, more layers, increasing database records, etc.

Then, try to install FREE php accelerator called APC (Alternative PHP Cache).
APC is a free, open, and robust framework for caching and optimizing PHP intermediate code.
In other words, APC will compile PHP code automatically, and can give a boost to your site without modification, 2, 5, 10 and perhaps even more performance boost.

One time I had mediawiki, and it was getting really slow, and after installing APC, it’s about 5 times faster.

Let’s get down to the detail:


yum install php-pear
yum install php-devel
yum install httpd-devel
perc install apc
echo "extension=apc.so" > /etc/php.d/apc.ini


and then restart apache!


/etc/init.d/httpd restart

Confirm the output of phpinfo() that APC works (look for APC block)

July 15, 2009

Simple (and easy) mysql database creation (db, user, privilege)

Filed under: Mysql — admin @ 8:42 am

Everytime I install a new PHP application, such as Joomla, drupal, php-nuke, zen-cart, oscommerce, etc., you have to install a new database.

If you have a SSH access to it, the following script will do a quick database creation job, with user name & password.

type ‘mysql’, and type the following SQL script.

mysql> create database [DATABASE_NAME];
Query OK, 1 row affected (0.06 sec)

mysql> create user '[USER_NAME]'@'localhost' identified by '[PASSWORD]';
Query OK, 0 rows affected (0.00 sec)

# SEE the comment below, regarding privilege

mysql> grant all privileges on [DATABASE_NAME].* to '[USER_NAME]'@'localhost';
Query OK, 0 rows affected (0.00 sec)

# Note
Now if you want to grant only limited privileges, like SELECT, INSERT, UPDATE, DELETE, then run the following:

mysql> grant SELECT,INSERT,UPDATE,DELETE,CREATE on [DATABASE_NAME].* to [USER_NAME]'@'localhost';
Query OK, 0 rows affected (0.00 sec)

You need ‘CREATE’, because, usually installers will try to create a database. You could also add ‘DROP’ so that the installer can delete any temporary tables that it has created.

and then finally, you need to flush privilege so that new permission can be in effect.

mysql> flush privileges;
Query OK, 0 rows affected (0.14 sec)

and, you can check the privileges to make sure it’s set correctly by doing this:

mysql> show grants for '[USER_NAME]'@'localhost';
+--------------------------------------------------------------------+
| Grants for [USER_NAME]@% |
+--------------------------------------------------------------------+
| GRANT ALL PRIVILEGES ON *.* TO '[USER_NAME]'@'%' WITH GRANT OPTION |
+--------------------------------------------------------------------+
1 row in set (0.00 sec)

June 30, 2009

“jail” sftp (OpenSSH based) to user’s home directory using ChrootDirectory option on Centos 5

Filed under: Centos 5 — Tags: , — admin @ 3:07 pm

You probably do not want to open FTP as it’s insecure, and open up SFTP, for example, you want your dreamweaver users’ SFTP option.  But, the problem here is that, SFTP uses SSH, which will give entire Linux / directory.  You want to disable SSH shell access, but, enable SFTP to their home directory only.
dreamweaver_sftp

First, you need latest version of OpenSSH (5.2 at this moment) for ChrootDirectory option to work.

If you try # yum install openssh, and it may give option of 4.2 only, then, you have to install OpenSSH 5.2 manually.
See this post on how to install OpenSSH 5.2 yourself.

Now that you have at least OpenSSH 5.2, let’s modify /etc/ssh/sshd_config

#Subsystem      sftp    /usr/libexec/openssh/sftp-server
Subsystem sftp internal-sftp
Match Group sftp
ChrootDirectory /home/%u
X11Forwarding no
AllowTcpForwarding no
ForceCommand internal-sftp

# comment this line below
#Subsystem sftp /usr/libexec/openssh/sftp-server

# add these lines

Subsystem sftp internal-sftp
Match Group sftp
ChrootDirectory /home/%u
X11Forwarding no
AllowTcpForwarding no
ForceCommand internal-sftp

save it, and execute: (username is the user name of the account that you want to give sftp access)

# groupadd sftp
# useradd username
# passwd username
(set the password of user)
# usermod -d / username
# usermod -g sftp username
(user must have a group of 'sftp')
# chown root.root /home/username

Voila! Try to connect your server via SFTP, and it works indeed.

Install OpenSSH 5.2 on CentOS 5

Filed under: Centos 5 — Tags: — admin @ 2:56 pm

Centos 5 yum doesn’t seem to support latest OpenSSH 5.2 which support many features. (it’s like 4.2)

Make sure you have development tools:

# yum install gcc
# yum install openssl-devel
# yum install pam-devel
# yum install rpm-build

And then download openssh 5.2p1

# wget ftp://mirror.planetunix.net/pub/OpenBSD/OpenSSH/portable/openssh-5.2p1.tar.gz

Now, we’re going to build RPM based on tar.gz file:

# tar xvfz openssh-5.2p1.tar.gz
# cp ./openssh-5.2p1/contrib/redhat/openssh.spec /usr/src/redhat/SPECS/
# cp  ./openssh-5.2p1.tar.gz /usr/src/redhat/SOURCES/
# cd /usr/src/redhat/SPECS/
# perl -i.bak -pe 's/^(%define no_(gnome|x11)_askpass)\s+0$/$1 1/' openssh.spec
# rpmbuild -bb openssh.spec
# cd /usr/src/redhat/RPMS/`uname -i`
# ls -l

drwxr-xr-x 2 root root   4096 Jun 30 12:39 .
drwxr-xr-x 9 root root   4096 Jun 30 12:35 ..
-rw-r--r-- 1 root root 271758 Jun 30 12:39 openssh-5.2p1-1.i386.rpm
-rw-r--r-- 1 root root 429852 Jun 30 12:39 openssh-clients-5.2p1-1.i386.rpm
-rw-r--r-- 1 root root 268302 Jun 30 12:39 openssh-server-5.2p1-1.i386.rpm

-rw-r--r-- 1 root root 271758 Jun 30 12:39 openssh-5.2p1-1.i386.rpm
-rw-r--r-- 1 root root 429852 Jun 30 12:39 openssh-clients-5.2p1-1.i386.rpm
-rw-r--r-- 1 root root 268302 Jun 30 12:39 openssh-server-5.2p1-1.i386.rpm

# rpm -Uvh openssh*rpm
Preparing... ################################
1: openssh ####
2: openssh-clients ####
3: openssh-server ####
# service sshd restart

Then, RPM version of SSH installs.  After restarting, it may say initlog is obsolete, but, you can ignore as that option is deprecated.

Powered by WordPress