DotNux – Unix/Linux Technical Mini Howto

If you used PHP on Apache, whether on Centos, Gentoo, Ubuntu, etc., you probably noticed PHP gets slower as most modern PHP framework gets bigger in sizes, more layers, increasing database records, etc.

Then, try to install FREE php accelerator called APC (Alternative PHP Cache).
APC is a free, open, and robust framework for caching and optimizing PHP intermediate code.
In other words, APC will compile PHP code automatically, and can give a boost to your site without modification, 2, 5, 10 and perhaps even more performance boost.

One time I had mediawiki, and it was getting really slow, and after installing APC, it’s about 5 times faster.

Let’s get down to the detail:


yum install php-pear
yum install php-devel
yum install httpd-devel
perc install apc
echo "extension=apc.so" > /etc/php.d/apc.ini


and then restart apache!


/etc/init.d/httpd restart



Confirm the output of phpinfo() that APC works (look for APC block)

Everytime I install a new PHP application, such as Joomla, drupal, php-nuke, zen-cart, oscommerce, etc., you have to install a new database.

If you have a SSH access to it, the following script will do a quick database creation job, with user name & password.

type ‘mysql’, and type the following SQL script.

mysql> create database [DATABASE_NAME];
Query OK, 1 row affected (0.06 sec)

mysql> create user '[USER_NAME]'@'localhost' identified by '[PASSWORD]';
Query OK, 0 rows affected (0.00 sec)


# SEE the comment below, regarding privilege

mysql> grant all privileges on [DATABASE_NAME].* to '[USER_NAME]'@'localhost';
Query OK, 0 rows affected (0.00 sec)


# Note
Now if you want to grant only limited privileges, like SELECT, INSERT, UPDATE, DELETE, then run the following:

mysql> grant SELECT,INSERT,UPDATE,DELETE,CREATE on [DATABASE_NAME].* to [USER_NAME]'@'localhost';
Query OK, 0 rows affected (0.00 sec)


You need ‘CREATE’, because, usually installers will try to create a database. You could also add ‘DROP’ so that the installer can delete any temporary tables that it has created.

and then finally, you need to flush privilege so that new permission can be in effect.

mysql> flush privileges;
Query OK, 0 rows affected (0.14 sec)


and, you can check the privileges to make sure it’s set correctly by doing this:

mysql> show grants for '[USER_NAME]'@'localhost';
+--------------------------------------------------------------------+
| Grants for [USER_NAME]@% |
+--------------------------------------------------------------------+
| GRANT ALL PRIVILEGES ON *.* TO '[USER_NAME]'@'%' WITH GRANT OPTION |
+--------------------------------------------------------------------+
1 row in set (0.00 sec)

You probably do not want to open FTP as it’s insecure, and open up SFTP, for example, you want your dreamweaver users’ SFTP option.  But, the problem here is that, SFTP uses SSH, which will give entire Linux / directory.  You want to disable SSH shell access, but, enable SFTP to their home directory only.

First, you need latest version of OpenSSH (5.2 at this moment) for ChrootDirectory option to work.

If you try # yum install openssh, and it may give option of 4.2 only, then, you have to install OpenSSH 5.2 manually.
See this post on how to install OpenSSH 5.2 yourself.

Now that you have at least OpenSSH 5.2, let’s modify /etc/ssh/sshd_config

…

# comment this line below
#Subsystem sftp /usr/libexec/openssh/sftp-server

# add these lines

Subsystem sftp internal-sftp
Match Group sftp
ChrootDirectory /home/%u
X11Forwarding no
AllowTcpForwarding no
ForceCommand internal-sftp



save it, and execute: (username is the user name of the account that you want to give sftp access)

# groupadd sftp
# useradd username
# passwd username
(set the password of user)
# usermod -d / username
# usermod -g sftp username
(user must have a group of 'sftp')
# chown root.root /home/username

Voila! Try to connect your server via SFTP, and it works indeed.

Centos 5 yum doesn’t seem to support latest OpenSSH 5.2 which support many features. (it’s like 4.2)

Make sure you have development tools:

# yum install gcc
# yum install openssl-devel
# yum install pam-devel
# yum install rpm-build

And then download openssh 5.2p1

# wget ftp://mirror.planetunix.net/pub/OpenBSD/OpenSSH/portable/openssh-5.2p1.tar.gz

Now, we’re going to build RPM based on tar.gz file:

# tar xvfz openssh-5.2p1.tar.gz
# cp ./openssh-5.2p1/contrib/redhat/openssh.spec /usr/src/redhat/SPECS/
# cp  ./openssh-5.2p1.tar.gz /usr/src/redhat/SOURCES/
# cd /usr/src/redhat/SPECS/
# perl -i.bak -pe 's/^(%define no_(gnome|x11)_askpass)\s+0$/$1 1/' openssh.spec
# rpmbuild -bb openssh.spec
# cd /usr/src/redhat/RPMS/`uname -i`
# ls -l

# rpm -Uvh openssh*rpm
Preparing... ################################
1: openssh ####
2: openssh-clients ####
3: openssh-server ####
# service sshd restart

Then, RPM version of SSH installs.  After restarting, it may say initlog is obsolete, but, you can ignore as that option is deprecated.