Cosc 4750Configuring httpd,

Mysql,And Samba

defaults

By default httpd demean will startup and work User directories are turned off Default directory structure

/var/www/html html code /var/www/cgi-bin for cgi code /var/www/html/index.html is a default apache web page

Apache is configured in /etc/httpd

httpd.conf file

The main config file for httpd is /etc/httpd/conf/httpd.conf

Separated into three section Global, 'main' server, and virtual hosts

Section Global

Server root directory, port number, etc. User, group to use Number of servers (min/max) running All the modules to load And includes for conf.d/*.conf

conf.d directory

Where addition pieces are configured. Examples are perl, php, ssl, python Php example, php.conf

loadModule php5_module modules/libphp5.so

AddHandler php5-script .php

AddType text/html .php

DirectoryIndex index.php

Section Main server

ServerName (because in virtual we may add more)

Main directory for web pages

<Directory “/var/www/html”>

Options Indexs FollowSymLinksAllowOverride NoneOrder allow, denyAllow from all</Directory>

Directory Options

ExecCGI

Execute .cgi scripts here and in cgi-bin directory

FollowSymLinks

Follow symbolic links

FollowLinksIfOwnerMatch

If Owner matches, follow symbolic links (security)

Includes

Allow includes via mod_include

Indexes

If no index.* display directory contents.

MultiViews, IncludesNOEXEC

All

Everything, but MultiViews

AllowOverides.

Allows the use of .htaccess files That allows the options to be changed per

directories (and sub directories) Includes directory based autentication More AddHandlers can be added as well.

Section Main server (2)

Config's Cgi-bin directory same html directory Icons directory (like html directory Logging levels and types Default languages and other languages

Used some with MultiView options

Section Main server (3)

AddHandler AddType

Used for media type and how the server “displays” those types of files

AddOutputFilter Server processed likes Like .shtml for includes Example:

addType text/html .shtmlAddOutputFilter INCLUDES .shtml

Section Main server (4)

Error page redirection Do you want one main error html document to

show, or just 404 document not found And handers for the different browsers

Firefox responds differently then Internet Explorer

Section VirtualHost

Same as section Main, Except it's for the web server to respond to a “virtual

host”, ie another name and/or another port number besides the “main” pages

Example:

<VirtualHost stuff.cs.uwyo.edu:443>

… lots of stuff …

DocumentRoot /var/www/stuff

ServerName stuff.cs.uwyo.edu

</VirtualHost

Note

Configuration for both main and virtual host can also be in the conf.d/*.conf files as well.

Mysql

Mysql is a full fledge database. Modules for php and perl allow access to it directly.

Main configuration is setting the “root” password And creating user's and “databases”

We did this in lab.

Samba

• Start “windows” services

– File sharing

– As of 3.X Active directory services as well.

• With Samba you can run a full windows domain without a windows server.

• The default configurations start up samba as a stand alone server, that authenticates based on the local linux machines accounts.

– Shares printers and home directories.

Samba Configuration

• Config files are located in /etc/samba

• smb.conf is main configuration file

– File broken up into global conf's and shares

– We are going to skip turning AD services as it beyond the scope and time we have.

Global config

• Workgroup= <windows domain>

– So for UW uwyo (windows.uwyo.edu)

– For cosc cosclab (cs.uwyo.edu)

• Netbios name= <machine name>

– As needed, if netbios is dead, skip it.

“authentication”

• Standalone server

– Security = user

– passdb = tdbsam

• Domain Member options (with a windows domain)

– Security = domain

– Password server = <domain controllers>

Working with windows

• Browser control options

– Local master = no (yes if you want it function within the standard windows election rules)

– Preferred master = no (yes, if you want to force an election on samba startup)

• Name Resolution

– wins support = no (yes to start a WINS server)

– Wins server = <windows wins server>

– Dns proxy = no (yes if samba tries to resolve NetBIOS names via DNS lookup)

Printing options

• Load the printers from the UNIX system and share them out as windows printers

– Load printers = <no|yes>

– Cups options = raw (use standard cups functions)

• Note there is also a separate share for printers.

Filesystem options

• Have much “DOS” filesystem support does samba provide

– Map archive, map hidden, map read only, map system, store dos attributes

– Must have the user_xattr on when the linux/unix filesystem is mounted, otherwise ignored.

• All of these can be set per each share as well.

shares

• There are 2 default shares

– [homes] user home directories

– [printers] all the printers.

• Options per share

– Browsable= <yes|no> Can users browse to find the shares, default for homes is no.

– Writable=<yes|no> IE read only, or not

– Create mode and directory mode• It uses a umask style number, 0664

Options per share (2)

• Printable= <yes|no> (for printer shares)

• Guest ok=<yes|no> can a non authenticated account use this share.

• Path= <absolute path to directory> the base directory the share starts at. Not used for homes share.

• Valid users = <list of users, %S for all valid linux accounts>

– Who can authenticate to use this share.

Smbusers file

• A file used to map windows users to linux user accounts

– root = administrator admin

– nobody = guest pcguest smbguest

– fred = george• Where george's windows account will map to linux

account fred, using fred's account privileges for shares and home directory.

Joining a windows domain.

• As root– Net rpc join -S DOMPDC -UAdministrator%password

• Where DOMPDC is the domain name or domain controller.

• If -S DOMPDC is left off, reads the smb.conf for the domain.

– Joined domain DOM (where DOM is the domain)

• To join Active directory– Net ads join -Uadministrator%password

• Note we skipped kerberos and ADS security, so look those up.