HOME  -  DataCenter.co.il  
    Unix Support  
    NT Support  
    Win2K Support  

Unix Support

Unix Support FAQ

Maintaining a server requires at a fair amount of unix system administration knowledge. A strong unix end-user background is generally enough for anyone to quickly learn the necessary admin skills. This document is in no means intended as a substitute for learning these skills hands-on. Our support team strongly recommends following titles; as far as we're concerned, they're some of the best unix administration books available:

Unix System Administration Handbook
Evi Nemeth, Prentice Hall

Solaris Advanced System Administrator's Guide
Janice Windsor, Sunsoft Press

Additionally, Unix Help For Users is an excellent online resource for beginners.

Customers who maintain their own nameserver should refer to these DataCenterS support documents:

Bind 8 Online Documentation
The Internet Software Consortium's BIND manual

Paul Albitz, O'Reilly

Solaris DataCenter FAQ
Covers Solaris specifics as well as general DataCenter issues

Please note that DataCenter's unix support team does not provide support for customer-maintained nameservers.

Are there any limitations as to what I can do on my server?

Once your server has been released, you have root access and complete control over what services are run on the system. By using/accessing your server, you agree to comply with our Acceptable Use Policy.

What is DataCenter's support policy regarding services and applications running on dedicated Unix servers?

DataCenter's server support staff must account for all time spent working on server support issues. Please refer to our system administration services page for a list of supported software applications and pricing information on our managed service plans.

Our technicians are fully trained to deal with a multitude of issues; If you would like us to give you a price quote on answering questions or investigating a problem, send email to unixadmin@DataCenter.co.il and we will be happy to assist you.

Creating virtual sites

DataCenter provides the newsite program to aid in the creation of Apache virtual sites. Newsite will add users to the system's passwd file, configure a VirtualHost entry in httpd.conf, add a domain to sendmail.cw (so it can receive mail), and optionally allow anonymous FTP to the new site. FTP accounts created with newsite restrict the user to their home directory, thus keeping them from moving around the server's directory structure and providing a more secure operating environment.

To run newsite, log in as root/root2, cd to /usr/local/newsite, and run ./newsite. You will be prompted for the following information:

Domain name - The domain name of the server you're setting up. The domain is also used as the name of the user's home directory within /usr/local/etc/httpd/sites. When entering a domain name, newsite strips the 'www.' prefix and adds the necessary entries to httpd.conf so that users can access domain.com as well as www.domain.com in a web browser.

IP address - It's wise to allocate these addresses in order so as not to lose track of free IP addresses. We advise our customers against using their 'primary' IP address for web hosting - this address is reserved for routing, and may change if the server is upgraded or replaced at a later date.

Username / Password - The username and password which can be used to access the virtual site via FTP.

Login shell - The Unix shell to be executed when the client logs in to the server. We recommend setting this to /ftponly so as to disallow telnet/SSH access for security purposes.

Virtual FTP - This option allows configures a virtual anonymous FTP site. Only one virtual FTP account can be configured on each IP address. When told to do so, newsite will create an 'ftp' directory within the virtual site's home directory. Any files placed within the 'pub' directory of the 'ftp' directory will be available via anonymous ftp.

The Apache distribution which DataCenter installs on your server is designed to work alongside the newsite program. Rather than using a single htdocs directory to hold your "main" site's documents and then creating additional directories for each virtual site, newsite creates a group of directories under /usr/local/etc/httpd/sites, each named with a domain name, each with their own htdocs, cgi-bin, and log directories.

In order to delete an account created with the newsite program, you'll need to complete the following tasks by hand:

  • remove the associated user account
  • delete the user's home directory and all associated files
  • remove the site's entries from sendmail.cf and httpd.conf

Creating POP and forwarding mail accounts

DataCenter provides the newpop program to aid in the creation of pop accounts. To run newpop, log in as root, cd to /usr/local/newsite, and run ./newpop. You will be prompted for a username and password and the a pop-only account will be created. This user will not be able to access the system via telnet/SSH.

POP usernames must be unique, and should be 8 characters or less. They may only contain alphanumeric characters (a-z, 0-9).

POP accounts can be deleted with the 'userdel ' command, which is the name of the account you wish to remove.

You can use Sendmail's virtual user table support to create forwarding accounts. This will also allow you to create email address with the same username at different domains, each of which will forward to unique POP addresses. In order to do this, you must edit /etc/mail/virtusertable and then run /etc/mail/update.

The syntax for the virtusertable for a forwarding address is as follows: username@domainname.com username@forwardingaddress.com The syntax for the virtusertable for a duplicate address is as follows:

webmaster@domain1.com popuser1
webmaster@domain2.com popuser2

If you wish to create a "catch-all" account which forwards all mail sent to a particular domain to a single pop account, you can create a blank-username entry the virtusertable:

@domain.com popuser

Each line in the virtusertable can contain a single forwarding address.

In order to forward mail to multiple recipients, you must create an entry in /etc/mail/aliases. The aliases file can contain forwarding accounts with multiple comma-separated recipients, but does not allow for the same username at multiple domains.

The syntax for /etc/mail/aliases is as follows:

username: user@domain1.com,user@domain2.com

It's necessary to run 'newaliases' after updating the aliases file.

For more information, please refer to Virtual Hosting With Sendmail.

POP and SMTP server information

All DataCenter Unix servers are configured with Qualcomm's pop3 server Sendmail 8.9. You can configure your POP mail client to check mail using any of the IP addresses or domain names assigned to your server. Since so many hosts on the internet have been abused as spam relays, we've included anti relay provisions in our standard Sendmail config file. Your server cannot be used an an outgoing SMTP server, thereby blocking spammers from stealing your resources.

Abuse of open mail relays is a very serious problem. Besides leaving an open invitation for spammers to consume your resources, permitting users to abuse your server in such a manner reflects negatively on both your company an ours.

If you or your customers have static IP addresses, please refer to Sendmail's relay control documentation for information on configuring your server to relay mail for these IPs. This document also contains information on filtering unwanted mail sent to your users. If you do not have static IP addresses, you should configure your mail client to use your ISP's outgoing SMTP server.

Alternatively, you can force users to authenticate via your pop3 server in order to access your SMTP relay. Configuring pop3 SMTP authentication requires that you make modifications to Sendmail, Perl, and the pop server. Information on making these changes is available from http://www.cynic.net/~cjs/computer/sendmail/poprelay.html.

DataCenter's unix consultants can install and configure pop3 mail relay for three hours of support time, billed at our standard rate of £85.00 per hour. Please let us know if you'd like us to send you a work order to complete this task.

Saving backup data to tape

If you have not purchased a backup plan, the hardware specifications in your server contract do not include network backup services or an external tape backup device. Should a system or hard drive failure occur, DataCenter will be responsible for getting the server back online to the specifications of your contract and subsequent software installations performed by a DataCenter technician. Restoring software or configuration made by the client up to the point of the failure will be the responsibility of the client, not DataCenter.

Customers with a tape backup system who have not purchased a managed backup and media rotation plan are responsible for the maintenance and integrity of their own backups and restorations.

DataCenter supports backups made via the dump program. Under Solaris, this program has been renamed to ufsdump and is functionally identical to dump under Linux. Please refer to the dump or ufsdump man pages for detailed information on how to use this software. You can also refer to our example backup script, /usr/local/sbin/backup, and tailor it to your needs.

The following tape device names apply to all of our standard tape backup units:

/dev/rmt/0 (Solaris tape)

/dev/rmt/0n (Solaris non-rewinding tape, must be rewound with 'mt rewind')

  • /dev/ht0 (Linux IDE tape)
    /dev/nht0 (Linux non-rewinding IDE tape, must be rewound with 'mt rewind')

    /dev/st0 (Linux SCSI tape)
    /dev/nst0 (Linux non-rewinding SCSI tape, must be rewound with 'mt rewind')

    Restoring backup data from tape

    In order to restore data from a dump backup, you'll need to familiarise yourself with the restore/ufsrestore command. The following examples refer to the Solaris ufsdump. Linux users would use the dump command and the appropriate tape device.

    To restore from a the first ufsdump backup on a system's tape drive:

    restore -ivfs /dev/rmt/0 1
    The -ivfs flags mean (in order) "interactive, verbose, use this file, use this partition." The argument to -f will always be /dev/rmt/0. -s is a positive integer which corresponds to the number of the dump on the tape; 1 means the first dump, 2 means the second dump, and so on. Our managed backup scripts always perform a root dump, followed by a /usr dump, followed by each of the other filesystems in the order reported by df -k. Please refer to the backup script in /usr/local/sbin/backup for a list of filesystems to dump.

    If you wished to extract a file from the /usr partition, you would run 'mt rewind' (to ensure that the tape is rewound), followed by the following command:

    ufsrestore -ivfs /dev/rmt/0 2
    Once ufsdump has found the backup file on the tape, it enters interactive mode. In interactive mode, you'll be able to select files and directories to extract from the backup. You can browse files using 'ls.' Once you've decided which data you need to extract, run 'add ' for each file or directory to be extracted. These directories will be flagged with an asterisk when you do an 'ls' of the backup. Selecting a directory will automatically select all subdirectories and files. Running 'add .' from the backup's root will extract the entire backup.

    When you're ready to extract your flagged files, run 'extract.' ufsrestore will create a mirror of the backup directory structure within the current working directory into which it will extract the selected files. This process can take quite a bit of time on a slow tape drive.

    For a full explanation of all of restore/ufsrestore's options, please refer to each program's respective man page.

    Rotating log files

    Under Solaris and Linux, the operating system manages the rotation of system log files under /var/log and /var/adm. By default, the web server's access and error logs are not rotated.

    We have included a script called 'logrotate' in /usr/local/etc/httpd which can be run through a cron job to rotate web server logfiles. This script works with any sites created with the newsite program.

    In order to rotate web server logs on the first of each month, add the following entry to root's crontab using 'crontab -e':

    15 0 1 * * /usr/local/etc/httpd/logrotate
    The logrotate script compresses old log files which can be manually deleted when they're no longer needed.

    Generating web statistics

    DataCenter recommends the use of http-analyze to generate web stats reports. This software has been installed in /usr/local/http-analyze.

    We have included a script called 'stats.pl' in /usr/local/http-analyze which can be run through a cron job to generate web usage stats for any sites created with the newsite program.

    In order to automatically generate web stats in the 'stats' subdirectory of each of your customers htdocs directories, add the following entry to root's crontab using 'crontab -e':

    0 0 * * * /usr/local/http-analyze/stats.pl
    This script is meant to be used alongside the log rotation script. In order to use these scripts together, add the following entry to root's crontab using 'crontab -e':

    0 0 * * * /usr/local/http-analyze/stats.pl
    15 0 1 * * /usr/local/etc/httpd/logrotate
    http-analyze is commercial software; customers who plan to use this software should contact the vendor to register their software. DataCenter is in no way affiliated with this company.

    General system administration tips and information

    What software and services are running on my machine?

    By default, telnet, SSH, SMTP, FTP, pop3, and www services are configured to run on your server. For security reasons, all unnecessary services have been disabled in inetd.conf. We recommend that you leave these services disabled unless you have an explicit need to do otherwise.

    A list of our current software installation is available here: Sun, Linux.

    Is there a difference between root and root2?

    The only difference is the username; both accounts have a UID of zero and full root access to the system. We maintain unique and secure root passwords for each customer server so that we can access the system in an emergency, after a partial system failure, or to perform consulting services.

    How do I disable remote root access to my server?

    Under Solaris, you can disable root access via telnet by uncommenting the CONSOLE entry in /etc/default/login. This will require users to log in using a normal user account and su to root.

    Under Linux, you can restrict remote root access by removing lines from /etc/securetty. Removing all ttyp* lines from this file will disallow remote root access.

    How do I start services at boot time?

    Under Solaris, local startup scripts are stored in /etc/rc3.d; these are normal shell scripts which are run each time the machine reboots. Each script's name must start with an uppercase 'S' followed by a number. The scripts are run in numerical order when the machine boots up. Since startup processes are not automatically forked into the background at boot time, you'll need to add an '&' to the end of each daemon started in the boot scripts.

    Under Linux, local commands can be listed in /etc/rc.d/rc.local; this is a shell script which is run each time the machine reboots. Since startup processes are not automatically forked into the background at boot time, you'll need to add an '&' to the end of each daemon started in the boot scripts.

    Why won't anonymous FTP work?

    Before anonymous FTP will function, you must add an 'ftp' user to your system. This can be accomplished by running 'useradd ftp.'

    How do I reboot my server?

    Under Solaris, the following command will cleanly reboot your server:

    shutdown -y -i6 -g0
    Under Linux the following command will cleanly reboot your server:
    shutdown -r now

    How can I see how much disk space I have available?

    'df -k' will report disk usage in kilobytes on each filesystem.

    How can I see how large a directory is?

    >From within a directory, 'du -sk' will report the total size of directory in (and all subdirectories) in kilobytes.

    How do I change my system's hostname?

    Under Solaris, use the hostname command followed by the hostname you wish to use. For example: