habilitar quota en debian per la partició /home

Instal·lem

apt-get install quota quotatool

editem fstab

/dev/sda5 /home ext4 defaults,usrquota,grpquota 0 2

Crear 2 arxius a la partició /home per crear quotes d'usuari :

touch /home/aquota.user /home/quota.user
touch /home/aquota.group /home/quota.group
chmod 600 /home/aquota.user /home/aquota.group

tornem a montar la partició per no tenir que reiniciar

mount -o remount /home

Ejecutar:

quotacheck -avug

i dona error sembla ser que per tenir dintre de la partició una partició virtual activa

quotacheck: Cannot guess format from filename on /dev/disk/by-uuid/7c16a6bf-8383-4142-b0c0-65cc408389b3. Please specify format on commandline.
quotacheck: Cannot find filesystem to check or filesystem not mounted with quota option.

finalment a la web

http://www.debian-administration.org/articles/47

Re: Limiting your users use of disk space with quotas

Posted by Anonymous (194.208.xx.xx) on Tue 3 Apr 2012 at 19:51

If you run into the following error message:

quotacheck: Cannot guess format from filename on /dev/example/disk. Please specify format on commandline.
quotacheck: Cannot find filesystem to check or filesystem not mounted with quota option.

It’s most likely that you have some kind of VPS which is running inside a virtual machine. To get this up and running run the following:

# quotacheck -F vfsv0 -afcvugm

If you want debugging information add a d to the last bunch of options:

# quotacheck -F vfsv0 -afcvdugm

solucinat, ara passa per tots els fitxers de la partició.

queda ara asignar la quota per usuari de 500 MBytes

he creat un usuari cuota per que sigui la referencia de quota dels alumnes

edquota cuota

Disk quotas for user cuota (uid 1001):
  Filesystem                   blocks       soft       hard     inodes     soft     hard
  /dev/sda5                         0     500000     550000          0        0        0

a l'script de donar alta alumnes finalment copia la quota d'aquest usuari a tots

for A in  $(cat $1) ; do

edquota -p cuota $A  
done

fi

on $A és la varible que porto amb el nom d'alumne.

http://debianhlg.wordpress.com/replicar-ldap-mediante-syncrepl/asignar-cuotas-de-disco-en-debian/

altre manera d'aplicar-ho a tots els usuaris a partir d'un identification number

Aplicando cuotas masivamente.

Si se quiere que todo aplique para los usuarios existentes, a partir de UID 510, por ejemplo, suponiendo que tiene al usuario "pepito" como molde (note por favor el acento grave en el mandato justo antes de awk, no es una comilla ni apostrofe):

edquota -p pepito `awk -F: '$3 > 510 {print $1}' /etc/passwd`

http://www.linuxparatodos.net/portal/staticpages/index.php?page=04-disk-quota

revisió dels logs apache despres d'instalar proxy-invers

després de documentar com es posa un proxy invers, ara em quedava el problema que al proxy invers tenia la ip externa que atacava la màquina, i al log de la màquina redireccionava en donava només el de la ip del proxy invers, i perdia traçavilitat sobre qui realment estava accedint al meu servidor darrera del proxy.

a més donat, que tinc moltes màquina que accedien des de la xarxa interna, totes aquestes acabaven apantallades darrera de la connexió del proxy extern, per això, he fete modificacions al sites-available/default, per tal que ara els accessos m'indiqui també la ip de la màquina original

http://tuxedlinux.wordpress.com/2008/01/17/ip-detras-de-proxys-en-los-logs-de-apache/

http://www.techstacks.com/howto/log-client-ip-and-xforwardedfor-ip-in-apache.html

LogFormat "%{X-Forwarded-For}i %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" xcombined

CustomLog /var/log/apache2/access-prova.log xcombined

ara al  fitxer access-prova.log tinc

192.168.130.213 192.168.0.202 - - [24/Nov/2013:10:16:14 +0100] "GET /moodle2/theme/image.php/leatherbound/core/1379142382/i/import HTTP/1.1" 200 1047 "https://xxxxxxxxxxxxx/moodleeso2/course/view.php?id=167" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:23.0) Gecko/20100101 Firefox/23.0"

192.168.130.213 192.168.0.202 - - [24/Nov/2013:10:16:14 +0100] "GET /moodle2/theme/image.php/leatherbound/core/1379142382/i/restore HTTP/1.1" 200 1047 "https://xxxxxxxxxxxxx/moodleeso2/course/view.php?id=167" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:23.0) Gecko/20100101 Firefox/23.0"

jo estava accedint des de la màquina 130.213 on adalt és visible i a sota el log clàssic no ho és.

mentre que al access.log que encara no he descartat tinc tot com la màquina proxy invers

192.168.0.202 - - [24/Nov/2013:10:20:34 +0100] "GET /moodle2/theme/image.php/clean/core/1379142382/t/switch_plus HTTP/1.1" 200 1036 "https://xxxxxxxxxxxxx/moodleeso2/course/view.php?id=112" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.57 Safari/537.36"

192.168.0.202 - - [24/Nov/2013:10:20:34 +0100] "GET /moodle2/theme/image.php/clean/core/1379142382/t/switch_minus HTTP/1.1" 200 936 "https:/xxxxxxxxxxxxx/moodleeso2/course/view.php?id=112" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.57 Safari/537.36"

1	LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
2	LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" proxy

3	SetEnvIf X-Forwarded-For "^.*\..*\..*\..*" forwarded
4	CustomLog "logs/access_log" combined env=!forwarded

5	CustomLog "logs/access_log" proxy env=forwarded

http://tuxedlinux.wordpress.com/2008/01/17/ip-detras-de-proxys-en-los-logs-de-apache/

http://www.techstacks.com/howto/log-client-ip-and-xforwardedfor-ip-in-apache.html

POR PONER ESTOS LOGS AHORA AWSTAT I WEBALIZER LOS DEBERÉ PERSONALIZAR. I TAMBIEN LOGS EN SSL

Change MySQL Password on Zentyal

if you are using zentyal 3.. the default password for mysql is here:
--
/var/lib/zentyal/conf/zentyal-mysql.passwd
--

might be a help..
ciao,
arko

estava seguint com descobrir el passwd de mysql de zentyal que no recordava haver posat ...

https://help.ubuntu.com/community/MysqlPasswordReset

PERO FINALMENT A LA WEB http://www.sururi.com/2011/02/change-mysql-password-on-zentyal.html he trobar la resposta superior que m'ha tret del problema.

finalment em deixo posat la guia d'ubuntu per ja tenir-ho pero ho he solucionat amb la segona linea d'aquesta entrada.

aquesta és la guia d'ubuntu de la versió lts 12.04

Why are you looking at this wiki page?

Are you looking at this page because you cannot access the mysql server installed on your pc/server when you were trying to see if it works well? Or do you receive error messages like the following? :

ERROR 1045: Access denied for user: 'root@localhost' (Using 
password: NO)

or

ERROR 1045: Access denied for user: 'root@localhost' (Using 
password: YES)

To resolve this problem ,a fast and always working way is the "Password Resetting" .

How can I reset my MySQL password?

Following this procedure, you will disable access control on the MySQL server. All connexions will have a root access. It is a good thing to unplug your server from the network or at least disable remote access.

To reset your mysqld password just follow these instructions :

• Stop the mysql demon process using this command :

  •    sudo /etc/init.d/mysql stop

• Start the mysqld demon process using the --skip-grant-tables option with this command

  •    sudo /usr/sbin/mysqld --skip-grant-tables --skip-networking &

Because you are not checking user privs at this point, it's safest to disable networking. In Dapper, /usr/bin/mysqld... did not work. However, mysqld --skip-grant-tables did.

• start the mysql client process using this command

  •    mysql -u root

• from the mysql prompt execute this command to be able to change any password

  •    FLUSH PRIVILEGES;

• Then reset/update your password

  •    SET PASSWORD FOR root@'localhost' = PASSWORD('password');

• If you have a mysql root account that can connect from everywhere, you should also do:

  •    UPDATE mysql.user SET Password=PASSWORD('newpwd') WHERE User='root';

• Alternate Method:

  •    USE mysql
       UPDATE user SET Password = PASSWORD('newpwd')
       WHERE Host = 'localhost' AND User = 'root';

• And if you have a root account that can access from everywhere:

  •    USE mysql
       UPDATE user SET Password = PASSWORD('newpwd')
       WHERE Host = '%' AND User = 'root';

For either method, once have received a message indicating a successful query (one or more rows affected), flush privileges:

FLUSH PRIVILEGES;

Then stop the mysqld process and relaunch it with the classical way:

sudo /etc/init.d/mysql stop
sudo /etc/init.d/mysql start

When you have completed all this steps ,you can easily access to your mysql server with the password you have set in the step before. An easy way to have a full control of your mysql server is phpmyadmin (www.phpmyadmin.net), software made in php that can give you a web interface that can be very usefull to people that havent got a lot of confidence with bash .To install phpmyadmin on you server you will need to have 4 things:

• web server apache
• php
• mysql server/mysql client installed
• php_mysql support for apache

All packages can be found browsing synaptic.

---

Another way, purge

I also had some problems with mysql just not accepting my password. I tried the other way as well and it just ended up being difficult. I had not been able to use mysql so it was empty anyway. If this is also your case you may opt for the PURGE way. This removes every file related to mysql. Depending on your installation the packages might be diffrent, mysql-server in 6.10 is called mysql-server-5.0 as an example.

USE THIS AS A LAST RESORT METHOD, YOU WILL LOSE ALL YOUR MYSQL DATA

sudo apt-get --purge remove mysql-server mysql-common mysql-client

sudo apt-get install mysql-server mysql-common mysql-client

In the next step be sure to chance the your-new-password with the password you want!

mysqladmin -u root password your-new-password
sudo /etc/init.d/mysql restart

mysql -u root -p

You should now be logged in as root. Make sure to notedown your password! Thanks to Illuvator for posting this method in the ubuntu forum.

migran carpetes dels usuaris i les seves bases de dades.

els comptes alumnes es troben a la ruta  /home/alumnes.....llavors per traslladar a l'altre servidor que farà de frontal, pels comptes alumnes pero reverse proxy pels serveis de moodle de la eso i cicles

no traslladaré la base de dades ni mysql ni moodle ni ..... no son necessàries.

rsync -e ssh --progress --delete -lprtz /home/alumnes root@192.168.0.202:/home

rsync -e ssh --progress --delete -lprtz /var/lib/mysql/11* root@192.168.0.202:/var/lib/mysql

rsync -e ssh --progress --delete -lprtz /var/lib/mysql/12* root@192.168.0.202:/var/lib/mysql

rsync -e ssh --progress --delete -lprtz /var/lib/mysql/13* root@192.168.0.202:/var/lib/mysql

la resta de comptes del mysql

acaceres asix1112* epozo fsc gallery2 gsantama

rcapsada rau -scarsofglory spook surferblood wikidb

migracio msyql dels usuaris i prigvilegis a la seva base de dades

es podria fer la exportació mitjançant la anterior entrada pero queda tot sobreescrit, no tinc intenció de sobreescriure la base de dades mysql ni altres, llavors només vull traslladar la llista d'usuaris i la seva vinculació a altres taules.

primer fer extreure la llista d'usuaris del sistema pero construint una consulta sql per després accedir a la seva informació personal

$ mysql -u root -p -Bse "SELECT DISTINCT CONCAT('SHOW GRANTS FOR ''', user, '''@''', host, ''';') AS query FROM mysql.user;" > grant-queries.sql

on s'obté quelcom similar a 

SHOW GRANTS FOR 'root'@'127.0.0.1';
SHOW GRANTS FOR 'foo'@'127.0.0.1';
SHOW GRANTS FOR 'bar'@'127.0.0.1';

després doname com entrada el fitxer resultant anterior i obtenir la sortida dels privilegis de cada usuari

$ mysql -u root -p -Bse "SOURCE grant-queries.sql" > privileges.sql

mirant el contingut 

GRANT SELECT ON `maqueta1`.* TO 'jmler'@'%'
GRANT ALL PRIVILEGES ON *.* TO 'moodle'@'%' IDENTIFIED BY PASSWORD '*81FAE724C1DF3871DD6D2C8F5F980BDCAD9C53' WITH GRANT OPTION
GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, REFERENCES, INDEX, ALTER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE ON `moodle`.* TO 'moodle'@'%'
GRANT USAGE ON *.* TO 'ocs'@'%' IDENTIFIED BY PASSWORD '*127C25B107D201007E887369797A3000F77838'
GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, REFERENCES, INDEX, ALTER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE ON `ocsweb`.* TO 'ocs'@'%'

amb un resultat de usuaris, passwords i privilegis de la base de dades del servidor.

només queda volcar-ho a l'ordinador destí

$ mysql -u root -p -Bse "SOURCE privileges.sql"

Bé , aquesta part m'ha fallat, m'ha donat problemes en les consultes i finalment he separat les consultes finalitzant amb ; i les he insertat en el phpmyadmin pq les vagi afegint.

he evitat tocar el root i algun altre usuari que no s'usaria en aquest nou servidor, és un frontal i no dispondrà de tots els serveis que tenia l'anterior.

font http://rm-rf.es/migrar-privilegios-de-un-servidor-mysql/#comment-57043

migració base dades mysql , usuaris i passwd

una vegada he migrat usuaris de sistema, entrada anterior al bloc, ara toca migrar els usuaris de la base de dades mysql a l'entrada posterior indicaré el backup que realitzo de la base de dades i ho podem completar amb la sincronització en el nou servidor via rsync,

només de les basses de dades noves creades pels usuaris i no les de sistema tipicament farem el backup amb

mysqldump -u usuariodb -p basededatosacopiar > volcado.sql

 pero els usuaris i passwd es guarden a la base de dades mysql pero potser tinc versió diferent i no la vull sobreescriure podem fer el backup de totes les bases de dades

PERO, NO HO FEU ENCARA, ENS PODEM TROBAR AMB ERRORS POSTERIORS PER SOBREESCIURE BBDD

mysqldump -u root -p --all-databases > dump.sql

 via sftp enviar-ho al nou servidor i en ell recuperar-es totes.

mysql -u root -p < dump.sql

 Termina la copia, salgo, entro en un shell MySQL, todo bien… Ok, reiniciemos el servidor MySQL:

service mysql restart

Stopping MySQL database server: mysqld failed!

Starting MySQL database server: mysqld already running.

/usr/bin/mysqladmin: connect to server at 'localhost' failed

error: 'Access denied for user 'debian-sys-maint'@'localhost' (using password: YES)'




Wow! ¿Y eso qué onda!?!? En debian, existe un usuario denominado debian-sys-maint, que se encarga de realizar algunas tareas de mantenimiento al iniciar y detener el servidor MySQL, y algunas tareas con los logs del servicio.

Así que buscando un poco, hay un archivo /etc/mysql/debian.cnf similar al .my.cnf que se puede crear en nuestro home para acceder automáticamente a un servidor determinado, sin preguntar usuario, host, o incluso el password.

Comparando ambos archivos, en el servidor anterior y el nuevo, tenían passwords diferentes. El archivo tiene una estructura así:

# Automatically generated for Debian scripts. DO NOT TOUCH!

[client]

host     = localhost

user     = debian-sys-maint

password = passdedebiansysmaint

socket   = /var/run/mysqld/mysqld.sock




[mysql_upgrade]

user     = debian-sys-maint

password =  passdedebiansysmaint

socket   = /var/run/mysqld/mysqld.sock

basedir  = /usr




Y como dice do not touch, mejor le hacemos caso

Así que hay que decidí seguir el procedimiento para cambiar el password de un usuario en MySQL:

update user set password=PASSWORD("passdedebiansysmaint") where User='debian-sys-maint';

Y finalmente hacemos un:

flush privileges;

Y listo! El servidor reinicia normalmente:

service mysql restart

Stopping MySQL database server: mysqld.

Starting MySQL database server: mysqld.

Checking for corrupt, not cleanly closed and upgrade needing tables..




Espero les sirva =)

 font http://techsurveyor.com/2011/01/30/migracion-de-usuarios-y-passwords-de-un-servidor-mysql/

 TOT AIXÒ MERAVELLOS SI ÉS LA MATEIXA VERSIÓ DE mysql pero i si pot haver-hi alguna diferència, cas típic de migració de debian6 a debian7

migracion usuarios servidor a otro

ja havia consultat un parell de pàgines on fan un script per fer la migració pero en els dos casos m'estava donant algún tipus d'error, la solució em semblava molt elegant, no descarto el afinar-la pero determinar aquest errors

 https://support.rbtechvt.com/index.php?/Knowledgebase/Article/View/38

https://tamainut.com/blog/administracion-sistemas-unix/item/mover-cuentas-linux-a-otro-servidor-con-bash

#!/bin/bash

# Copyright (c)2010-2012 rbTechnologies, LLC
# By Rubin Bennett rbennett@rbtechvt.com>

# Released under the terms and conditions of the GNU Public License version 2.

# A simple script to assist in server migrations from Linux to Linux
# Intended to be run on the NEW server, and expecting that you have performed
# ssh key exchange for password-less login to the OLD server.

# IP address or hostname of source server (e.g. server your're migrating
# AWAY from
sourceServer=172.16.1.55

function syncusers() {
echo -n "Do you have backups of your existing passwd files? [y|N] "
read
if [ "$REPLY" != "y" ]
then
        echo "Please back your files up and run this script again."
        exit 1
else
        scp $sourceServer:/etc/passwd /tmp/passwd.$sourceServer
        scp $sourceServer:/etc/group /tmp/group.$sourceServer
        scp $sourceServer:/etc/shadow /tmp/shadow.$sourceServer

        # First, make a list of non-system users that need to be moved.

        export UGIDLIMIT=500
        awk -v LIMIT=$UGIDLIMIT -F: '($3 >= LIMIT) && ($3 != 65534)' /tmp/passwd.$sourceServer > /tmp/passwd.mig
        awk -v LIMIT=$UGIDLIMIT -F: '($3 >= LIMIT) && ($3 != 65534)' /tmp/group.$sourceServer >/tmp/group.mig
        awk -v LIMIT=$UGIDLIMIT -F: '($3 >= LIMIT) && ($3 != 65534) { print $1 }' /tmp/passwd.$sourceServer \
| tee - |egrep -f - /tmp/shadow.$sourceServer > /tmp/shadow.mig

        # Now copy non-duplicate entries in to the new server files...
        while IFS=: read user pass uid gid full home shell
        do
                line="$user:$pass:$uid:$gid:$full:$home:$shell"
                exists=$(grep $user /etc/passwd)
                if [ -z "$exists" ]
                then
                        echo "Copying entry for user $user to new system"
                        echo $line >> /etc/passwd
                fi
        done

        while IFS=: read group pass gid userlist
        do
                line="$group:$pass:$gid:$userlist"
                exists=$(grep $group /etc/group)
                if [ -z "$exists" ]
                then
                        echo "Copying entry for group $group to new system"
                        echo $line >> /etc/group
                fi
        done

        while IFS=: read user pass lastchanged minimum maximum warn
        do
                line="$user:$pass:$lastchanged:$minimum:$maximum:$warn"
                exists=$(grep $user /etc/passwd)
                if [ -z "$exists" ]
                then
                        echo "Copying entry for user $user to new system"
                        echo $line >> /etc/shadow
                fi
        done

fi
}

echo "Copying user accounts and passwords from /etc/passwd"
syncusers

exit 0

i així la resta de fitxers, afegeixo al fitxer /etc/passwd del nou ordinador tots els usuarios del vell ara queda moure la carpeta /home que ho faré via rsync

rsync -e ssh --progress --delete -lprtz /home/alumnes root@192.168.3.135:/home