Pages

Tuesday, March 26, 2013

NTPD Not Starting? Here's a Simple Fix

Many users running NTPD (Network Time Protocol Daemon) on a virtual machine have encountered an issue where the service fails to start, even though a PID file exists. When checking the status, you might see "ntpd dead but pid file exists." Attempting to restart often shows a "FAILED" shutdown followed by an "OK" start, but the problem persists.

WHAT THE LOGS SAY

A quick look at /var/log/messages reveals a cryptic error: "cap_set_proc() failed to drop root privileges: Operation not permitted." This message indicates that NTPD, for security reasons, is trying to reduce its power (drop root privileges) but is being prevented from doing so. This often happens in virtualized environments where certain security capabilities are restricted.

THE FIX: EDITING NTPD CONFIGURATION

The solution is surprisingly straightforward and involves a minor adjustment to NTPD's configuration file.

  1. OPEN THE CONFIGURATION FILE: Use a text editor like vi to open the NTPD configuration file: vi /etc/sysconfig/ntpd

  2. LOCATE AND COMMENT OUT THE OPTIONS LINE: Find the line that looks like this: OPTIONS="-u ntp:ntp -p /var/run/ntpd.pid -g" This line tells NTPD to run as a non-root user (ntp:ntp), specify its process ID file, and not run in the foreground. The -g option, in particular, can sometimes cause issues in virtualized setups by preventing the graceful dropping of root privileges.

    To comment it out, simply add a # at the beginning of the line: # OPTIONS="-u ntp:ntp -p /var/run/ntpd.pid -g"

  3. SAVE AND EXIT: Save the changes and exit your text editor. In vi, you would typically press Esc then type :wq and press Enter.

RESTART NTPD

After making this change, NTPD should now start without issues:

service ntpd start

You should see a successful "Starting ntpd: [ OK ]" message, and the service will run as expected, synchronizing your system's time.

Posted by at No comments:
Labels:

Monday, March 25, 2013

Cpanel : JailShell : Virtfs Unmount

Cpanel : JailShell : Virtfs Unmount




If you’re a sysadmin of Cpanel server, you might be aware of the JailShell. Its nothing but a User Shell with limited privileges. Users requesting for shell access to the webhosting server are provided with such shell instead of bash (Which provides root level privileges to users) .

Jailshell limits the users access to their home directory and keeps rest of the file system safe. Still there are chances of such users breaking into your system, so be sure of providing shell access to your servers. Jailshell mounts the filesystems of the users, who login via SSH under a directory called /home/virtfs. This contains users home directory and a false file system which links back to system directories like /bin, /usr etc.

NOTE: Be careful! Don’t remove any folder which is inside /home/virtfs,NEVER. As I said earlier, this folder links back to your systems root file system. You might end up screwing up your server if you attempt it.

So, we got to know that the Jailshell provides a restricted shell access to users and mounts the home directory temporarily at /home/virtfs.

Now, what if you still see the directories of different users mounted under /home/virtfs?

Right, this normally happens when users forget to logout properly from their SSH sessions. As a system admin, you’re responsible to unmount these directories safely.

How do I do that?

You can find all the virtfs mounts in /proc/mounts. Run cat /proc/mounts.

Now, its time to unmount them one by one. For that you have to take the second column of the output. Or write a simple for loop as follows.
for i in `cat /proc/mounts | grep /home/virtfs | cut -d ‘ ‘ -f 2 ` ; do umount $i ; done

If you want to unmount the virtfs of a perticular user, you can simply add an another pipe to for condition with grep username.

Now, you’re done with cleaning of your virtfs.

Posted by at 3 comments:
Labels: ,

Installing Google apps, configserver,whmphp,cloudflare,attractaseo,cagefs,config server mail queue ,file explorer

http://gaw.gk-root.com/
http://configserver.com/cp/cse.html
http://www.whmphp.com/installation.php
http://www.cloudflare.com/resources-downloads
http://www.attractaseo.com/partner_kit/plugin.html
http://docs.cloudlinux.com/index.html?installation2.html
http://configserver.com/cp/cmq.html

1003 cd /usr/local/src/
1004 ls
1005 wget http://www.configserver.com/free/cse.tgz
1006 ls
1007 tar -xzf cse.tgz
1008 ls
1009 cd cse
1010 sh install.sh
1011 cd ..
1012 rm -Rfv cse/ cse.tgz
1013 ls
1014 locate config server
1015 ls

================

1016 yum install cagefs
1017 /usr/sbin/cagefsctl --init
1018 ls
1019 mkdir /home/cagefs-skeleton
1020 ln -s /home/cagefs-skeleton /usr/share/cagefs-skeleton
1022 cd /home/
1023 ls
1024 cd cagefs-skeleton/
1025 ls

=================
1026 cd /usr/local/src/
1027 wget http://whmphp.com/download/install.sh;
1028 ls
1029 sh install.sh

=================
1030 cd /usr/local/cpanel
1031 curl -k -L https://github.com/cloudflare/CloudFlare-CPanel/tarball/master > cloudflare.tar.gz
1032 LS
1033 ls
1034 tar -zxvf cloudflare.tar.gz
1035 ls
1036 cd cloudflare-CloudFlare-CPanel-UNIQUE ID/cloudflare/
1037 cd cloudflare-CloudFlare-CPanel-1a7b202/
1038 ls
1039 cd cloudflare/
1040 ls

================
1041 cd /usr/local/src/
1042 ls
1043 wget http://google-apps-wizard-cpanel-plugin.googlecode.com/files/gaw-2.0.tar
1044 ls
1045 tar -xf gaw-2.0.tar
1046 cd gaw-2.0
1047 ./gawupdate.sh

================
1048 cd ..
1011 ll
1012 wget http://configserver.com/free/cmq.tgz
1013 ll
1014 tar -xzf cmq.tgz
1015 cd cmq
1016 ll
1017 sh install.sh
Posted by at No comments:
Labels: ,
Subscribe to: Posts (Atom)