Debian Tricks

Useful Commands

To find out what applications are listening on what ports:

sudo netstat -npl

...or this:

lsof -i

This only chmod’s files:

debian:~# find -type f | xargs -i chmod 640 {}

This only chmods directories:

debian:~# find -name ’*’ -type d | xargs -i chmod 750 {}

The -name ‘*’ makes sure that it is only sub directories is processed (and not the current directory).

To delete all files in the current folder that are older than 1 day (note the + sign next to the 1 - this is important!):

find -type f -mtime +1 | xargs -i rm {}

Funky stuff with awk:

cat sites.txt | awk '{print "curl -s "$1"/cron.php"}' | sh

More funky stuff with awk, this time to dump all databases listed in a text file:

cat databases.txt | awk '{ gsub(/\./,"_" ); print }' | awk '{print "mysqldump -uroot -ppassword --opt "$1" | gzip > "$1".sql.gz"}' | sh

To scan a machine:

debian:~# sudo nmap -F -T5 -sS IP_ADDRESS

To set up locales on a machine:

debian:~# apt-get install locales

debian:~# dpkg-reconfigure locales

Locales

For those of you who are used to running “dpkg-reconfigure locales” on Debian to select and generate locales you may be a bit disappointed at the seemingly broken way it is done under Ubuntu.

When I say broken “dpkg-reconfigure locales” does not yield an interface that allows you to select and deselect locales. It simply generates the locales mentioned in “/var/lib/locales/supported.d/local” file. Therefore if you want to generate a bunch of locales you will need to add them to this file and re-run “dpkg-reconfigure locales”. NOTE: One locale per line.

For a list of valid locales you can search through /usr/share/i18n/SUPPORTED

UPDATE (Nov 2009): Actually, dpkg-reconfigure does seem to be the way to install new locales.

To check which versions of a package are available for Debian, use this syntax:

http://packages.debian.org/src:php5

To list currently installed packages:

dpkg -l

SSL

To configure SSL under Apache on Debian, follow these instructions: http://www.debianadmin.com/install-and-configure-apache2-with-php5-and-ssl-support-in-debian-etch.html

MySQL Quirks

Quirk number one: depending on how MySQL was compiled, which defaults file the start-up script says to use and then what the defaults file says, MySQL might be looking for the communications sock in either /tmp or /var/run/mysqld. On some systems I have solved the problem by linking /var/run/mysqld/mysqld.sock -> /tmp/mysql.sock. In other systems I fixed the problem by update my.cnf and php.ini.

UPDATE: Another way to resolve this issue, depending on your deployment requirements, is to hard-code the socket name into the connection string.

With obsolete mysql API:

$conn = mysql_connect( 'localhost:/tmp/mysql.sock', 'username', 'password', 'database' );

With newer mysqli API:

$conn = mysqli_connect( 'localhost', 'username', 'password', 'database', null, '/tmp/mysql.sock' );

Quirk number two: again, depending on how the planets were aligned the day you installed MySQL, you may end up with a very minor permissions problem that results in the socket file not being created at boot time, which subsequently stops MySQL from starting. The fix in one case (5.0.51a-24+lenny5) was to change the permissions of /var/run/mysqld from 755 to 775. Yeah, subtle! The ownership was already correct - mysql:root - but the problem is that the MySQL daemon is kicked off by root and later gets changed to the mysql user. I assume that the point at which it is trying to create the socket file it is still root, which is why the process failed when the permissions were 755. Live and learn I suppose!

Distribution Management

Firstly, to find out what version of Debian you’re using, have a look in this file:

/etc/debian_version

Or run this command:

uname -a

Or run this command:

lsb_release -a

If that command doesn’t exist, use this command to add it:

sudo apt-get install lsb-release

Note the dash instead of the underscore in the package name.

To upgrade releases, modify the release codename in the /etc/apt/sources.list file. For example, the current version of the file for Debian 5.0 (lenny) looks like this:

deb http://ftp.debian.org/debian/ lenny main
deb-src http://ftp.debian.org/debian/ lenny main

deb http://security.debian.org/ lenny/updates main contrib
deb-src http://security.debian.org/ lenny/updates main contrib

After you’ve changed the sources.list file you’ll need to run the following commands:

sudo apt-get update

sudo apt-get -y dist-upgrade

Once a release gets obsoleted, you need to replace the “ftp” portion of the URL with “archive”, as below:

deb http://archive.debian.org/debian/ lenny main
deb-src http://archive.debian.org/debian/ lenny main

deb http://security.debian.org/ lenny/updates main contrib
deb-src http://security.debian.org/ lenny/updates main contrib

Because I always lose this link:

http://www.pixelbeat.org/lkdb/screen.html

Setting Up PureFTP on Debian 8 (Jessie)

Most sites include an additional step at the start of this process to create a Unix ftpgroup. I have skipped that step because in this example the intention is to provide access to the web directory, which belongs to the www-data group.

So in my version we begin by creating a Unix user for the ftp process:

useradd -g www-data -d /dev/null -s /usr/sbin/nologin ftpuser

You may see some people using /bin/false instead of /usr/sbin/nologin for the login script. This link explains the difference: http://unix.stackexchange.com/questions/10852/whats-the-difference-between-sbin-nologin-and-bin-false

Next we add an FTP user to the PureFTP realm:

pure-pw useradd myuser -u ftpuser -d /var/www/sitename

This next bit is very important. Every time you set/change the password for a user in the PureFTP realm you need to rebuild the database:

pure-pw mkdb

Then we set some options:

cd /etc/pure-ftpd/conf

echo no > PAMAuthentication

echo no > UnixAuthentication

echo 117 007 > Umask

chmod 644 Umask

That last bit was VERY difficult to figure out. All over the web you will find people saying that the Umask file needs to contain the file mask and the directory mask separated by a colon (:). In fact, this resulted in an error for me:

Starting ftp server: /usr/sbin/pure-ftpd-wrapper: Invalid configuration file /etc/pure-ftpd/conf/Umask: "113:002" not two octal numbers

Replacing the colon with a space worked.

May also need to add this soft link:

cd /etc/pure-ftpd/auth

ln -sf /etc/pure-ftpd/conf/PureDB PureDB

Finally, restart the server:

/etc/init.d/pure-ftpd restart

To change an FTP user's password, do this:

pure-pw passwd myuser

pure-pw mkdb

(If you are having issues getting a user to authenticate, just delete it and re-create it and that should fix the problem, as long as you don’t forget to to rebuild the password database.)

Resolving issues with passive mode

In order to get PureFTP playing nicely with FileZilla, I had to refine the configuration a bit so that passive mode would work. This involved the following changes to PureFTP config:

cd /etc/pure-ftpd/conf

echo 35000 36000 > PassivePortRange

echo server.ip.address > ForcePassiveIP

echo yes > DontResolve

chmod 644 *

I also needed to open up ports 35000 to 36000 on IPTables.