Diving into Ubuntu

Finally back from León. I believe the development of the installations server was a huge success, primarily because I learned a lot of things, perhaps the most important one being the installation, configuration and twisting of SELinux of specific purposes.

Even if the work is not fully done yet, I think I will have some minutes to play with my newest interest: Ubuntu Linux. I'm interested in it not just because it looks like a very careful distribution, but also because the philosophical principles behind it are very appealing, in my humble opinion.

I asked these guys to send me some burned CDs with the distribution (a very generous offer on their side), but since I can't wait to see it running I downloaded the ISO image in order to burn it and give Ubuntu Linux a try. I'm excited!

My condolences

I would like to express my sincere condolences to half the people of the US and to the rest of the world for the very distressing victory of george w[rong] bush.

Ahead of us lie four more years of angst, fear, destruction, lies, lies, lies...

To the people that voted bush: you don't want a president, you want a cowboy. I only hope you don't regret your choice... very soon. But you will, I'm sure about that.

Subversion

Well, I've finally learned how to set up a subversion repository, browseable through http (WebDAV, as a matter of fact).

I installed it in my SuSE Linux 9.1 professional workstation, but it should be simple to repeat the procedure in other distros as well.

Packages that should be installed:

• apache2


• subversion


• subversion-server


• subversion-viewcvs

In order to access the repository through http, it is needed that the apache ServerName directive matches the URL. If the machine is used for something besides SVN, and it is not possible to use ServerName at a global level, a virtual host is going to be needed.

In /etc/sysconfig/apache2 the line APACHE_MODULES must contain the words dav and dav_svn.

I edited the /etc/apache2/conf.d/subversion.conf file to read like this:


# Example configuration for a subversion repository

# see /usr/share/doc/packages/subversion for the full documentation

#

<IfModule mod_dav_svn.c>

<Location /repos>

 DAV svn

 SVNParentPath /srv/svn/html

 # Limit write permission to list of valid users.

 <LimitExcept GET PROPFIND OPTIONS REPORT>

  # Require SSL connection for password protection.

  # SSLRequireSSL

  AuthType Basic

  AuthName "Subversion repository"

  AuthUserFile /srv/svn/user_access/repos_passwdfile

  Require valid-user

 </LimitExcept>

</Location>

</IfModule>



Authentication permissions should be given to every user which is supposed to make changes to the repository:

# htpasswd2 -cm /srv/svn/user_access/repos_passwdfile bruno

Finally, and obviously, every repository in the machine has to be created, and permissions must be given to apache process to read and write on it:

# svnadmin create /srv/svn/html/repository

# chown -R wwwrun. /srv/svn/html/repository

And that's it! Easy, right? The repository is now accessible at http://host.your.domain.com/repos/repository

syslinux splash screen

It is somewhat obscure the creation of the splash screen for syslinux.

I have found two programs to do it:

• gif2lss.


• ppmtolss16: a Perl script, which is a part of the syslinux distribution.

Obviously, converting from a gif file is usually simpler than doing so from a ppm file.

A problem with webmin RPM in Fedora Core 2

It is funny (to put it mildly) that in my kickstart configuration of FC2, added with webmin-1.160-1 -among many other things- the installer refuses to install it:


Installing webmin-1.160-1.noarch.
/var/tmp/rpm-tmp.99086: line 747: rm: command not found
error: %pre(webmin-1.160-1) scriptlet failed, exit status 2
error: install: %pre scriptlet failed (2), skipping webmin-1.160-1


This has been taken from /root/install.log.

It looks like the spec file didn't contain a dependency on coreutils. I'm downloading the SRPM and will try to correct it.

More in selinux roles

I think the best way to illustrate the point of creating a role for content administration is showing an example.

In file /etc/security/selinux/src/policy/users, added this line:

user webadmin roles { user_r httpd_admin_r };

And created the file /etc/security/selinux/src/policy/domains/misc/webadmin.te with the following content:

#DESC httpd_admin_t - Domain for web content administrators.

#

#################################



# httpd_admin_t has access to all of the httpd files, such as

# the configuration files and the log files. They also

# have access to system content and/or user content

#



full_user_role(httpd_admin)

priv_user(httpd_admin)

role_tty_type_change(user, httpd_admin)



create_dir_file(httpd_admin_t, user_home_dir_t)



allow httpd_admin_t user_home_t:file create_file_perms;



###########################################################################

# Allow the httpd admin to edit or create content

##########################################################################

create_dir_file(httpd_admin_t, httpd_sys_content_t)



###########################################################################

# Allow the httpd admin to view log files

##########################################################################

r_dir_file(httpd_admin_t, httpd_log_t)



#############################################################################

# Allow the httpd admin to use chcon to change contexts on web pages,

# and htaccess files.

###########################################################################

allow httpd_admin_t httpd_sys_content_t:dir { relabelto };

allow httpd_admin_t httpd_sys_content_t:file { relabelto };

And that's all, folks!

CUPS daemon dying with no apparent reason

While trying to configure a CUPS server at the office, I found the deamon was dying unexpectedly, with no apparent reason. Its last workds, consistently, were: Child exited with status 98!.

After some testing and searching, I found out the guilty: the name solver for the machine CUPS was runnin on wasn't able to resolve its very own name!

So, my 2 cents: CUPS seems to be a rather picky service. If in trouble with it, first let's check the services it depends upon, and do it so proactively, since it is not very informative -by default, at any rate: the paramater LogLevel in /etc/cups/cupsd.conf allow a more detailed configuration.

Very bad news: Ceneval rejected me

The three places Ceneval had for November have been already occupied: I will have to wait until next year to:

1. Call them to find out the new price of the examination.


2. Pay the price difference.


3. Take there once again my documentation.


4. Define a date for the examination (hopefuly in February.)

Bruno Unna-2

Bruno Unna Hernández was born, weighting 2,830 g and 49 cm tall. Photographs are to be expected soon.

Obviously, the amount of thoughts and feelings is overwhelming. I will be posting about it later.

Just visited my hairdresser.

A content edition role for SELinux

At last I have a role for the web content administration, with apache and selinux, on Fedora Core 2.

Why was it so difficult? Basically because the sample security schemas don't consider the possibility of having a role specifically and exclusively for administering some kind of content (web content in my case).

SELinux is a difficult thing to deal with, because the configuration files are written in m4. My advice, at the present moment, is to carefully read the contents of the macros/core_macros.te file.

Signed up for AdSense

I've just signed up for Google's AdSense program. I'm not sure it is a good idea, since it is advertising, and advertising is usually something visitors don't thank, but I hope the targeted nature of the program will make the shown ads of some use.
Hopefully the ads will even be useful! :)

A blog has been created

Well, it looks like I finally have my very own personal blog. What am I going to use it for? To begin with, I will follow my friend Sebastian's example: I'm going to use it to practice my english writing.