Tag Archives: vDB

setfacl – Quit changing Linux permissions and allow access to more than just root!

As much as I love working inside of the vSphere client and focusing solely on VMware and virtualization I’m also tasked with a lot of web programming, database development and general server administration.  I look after a few Debian servers which provide an external presence and the web developers working on them often require access to upload and change files and folders within the webroot.  Now being security minded I don’t want to just hand out our root password all the time so having them connect as root is out of the question as it’s disabled.

Historically the process has involved changing the various folders owner to the webadmin account, thus allowing them to connect and do what they need to do as webadmin.  This has always worked great but poses some challenges especially when using certain CMS applications such as WordPress and Joomla.  When installing new plugins and modules these applications tend to create their new folder structures and set the owner to www-data – kind of a pain in the @$$ as now the webadmin account has just lost access to write to the directory.  Again, this usually resulted in myself or someone being summoned upon to change the owner again!  So the solution, a little bit of ACL awesomeness…  getfacl and setfacl in a nutshell allow you to specify multiple types of access to more than just owner and group on Linux files and folders – perfect for my scenario as now I can leave root as the owner for security purposes, www-data as the group in order to actually let the internet display the sites, and add an acl to webadmin in order to allow them read/write access to do their job.  Below is a pretty short example on how to get started.

First off you need to have support in your kernel, which honestly you probably do but incase you feel like checking just do the following on your boot config.

cat /boot/config-kernelversion | grep _ACL

This should generate something along the lines of a CONFIG_EXT3_FS_POSIX_ACL=y

As with any Debian package installation it’s pretty easy..

apt-get install acl

Almost there, we know have acl installed and know it’s supported, we just need to be sure we mount the file system in which we want to provide acl’s on is mounted with acl support.  To do this you can simple add ‘,acl’ to your /etc/fstab file as shown below….

/dev/sdb1 /var/www/webroot  ext3 defaults,acl,errors=remount-ro 0 1

You may need to either reboot here or issue a remount command on your targeted drive in order to get things working.  After doing so adding an ACL is pretty simple.  You can check out the man pages for more in-depth documentation but to get myself up and running the following was sufficient…

setfacl -Rm u:webadmin:rwx /var/www/webroot

Voila!  Done!  Again this is a VERY introductory post dealing with Linux acl’s and permissions…and there are a lot more posts out there which go deeper into details but if you are looking to get up and running quickly this should do the trick!  Comments, Questions, Concerns – throw them in the comments box below…

Friday Shorts – VMworld Announcements, Modern Family and Hockey Liars!!!!

vCenter Operations 5.6

Announced at VMworld in Barcelona this week was vCenter Operations 5.6  I’ve always been a huge fan of vCOps and have been using the product ever since the beta release of 0.9.  It’s been awesome to see this application grow and mature over the years.  When VMware claims that they have done studies that show you can have a significant cost savings by deploying vCOps alongside your vSphere environment they are not joking.  So have a look at it if you have a chance. This release gives you the ability to now group your workloads together and apply flexible and custom policies to them.   I know for myself it has enabled me to pinpoint issues much faster as well as determine where I can reclaim wasted capacity.

vCloud Automation Center 5.1 released

Again more VMworld news.  VMware’s acquisition of DymanicOps has finally came to life as the rebranded vCloud Automation Center.   In a nutshell vCloud AC will give you the ability to provide policy-based self-service provisioning portal (that’s a mouthful) to your end users which operates across private and public clouds (including AWS) as well as supporting multiple hypervisors (including Hyper-V).  The vCloud AC will also be fully integrated into vCloud Director as well.

Phil’s-osopy

Now I don’t really have a lot of time to sit around and watch TV but one show that I always try to make time for (on the dvr) is Modern Family. Also, I know this has nothing to do with tech, but my sole reason for creating this series of blog posts (Friday Shorts) was to enable myself to ramble on about whatever I want, so it is what it is… If you haven’t seen this show you really should try and catch an episode every now and then and I’m sure you will be hooked.  Phil Dunphy is one of the main characters in the show and has a humour to him that I really relate to.  This past week he was reading quotes out of a book that he had wrote titled Phil’s-osophy which actually made me, how do you say it, lol!  “When life gives you lemonade, make lemons, then life will be all like what!!?!?!?!”  You have to see it for yourself 🙂

Will you still watch hockey?

An interesting poll on TSN.ca right now is going on which asks the question “Will you return to following NHL hockey when the work stoppage is over?”  Now what really sparks my interest about the results are that currently 44% of people say NO!  Now, I’m not saying that those people are lying but I think that they are, well, lying!  There’s no question to be asked really.  Nobody will stop watching a sport and a team that they love just because part of a season is lost!  It just doesn’t make sense.  Maybe it’s just the die hard fan in me (HABS fan) but I just can’t understand how you could answer No to that question.  People who truly love the sport will support their team through thick and thin…I mean, there’s still leaf fans out there!?!?!  Sorry!

 

Friday Shorts – Visual Studio 2010 and BIDS, AJAX Toolkit Combo Boxes and the Great One

No support for BIDS development in Visual Studio 2010

Ahh Man!  I ended up rebuilding one of my work machines this week and during the process I thought I would be smart and maybe upgrade my Visual Studio from 2008 to 2010.  Now I do a lot of SQL report designing with SSRS and at times heavily access the BIDS functionality within VS2008.  Well guess what?  In VS2010 there is no support for SSRS projects!  WTF!  Every time I turn around Microsoft has a new and crazy problem they are throwing at me!  Official message from there ‘Introducing Business Intelligence Development Studio‘ page (pictured above)  basically says the solution is to run both of them along side each other!  Wow, great solution, you know, since the applications are soooo small <sarcasm>.  #FAIL

AJAX Toolkit Combo Box and Firefox

So another AJAX .net issue that I’ve ran into.  When utilizing the ajax toolkit with .net, more specifically the combo box control, and even more specifically the autosuggest / auto complete functionality  for some reason it will not accept any keyboard input from Firefox.  I.E. and Chrome seem to work fine.  The fix; Simply make sure that your maxlength attribute is set to a number greater than 0.  After doing that, Firefox should work fine.

Gretzky says they will get a deal done

If the great one says get a deal done you better get a deal done.  During an interview on Monday about nothing to with hockey the topic quickly changed to hockey and the NHL lockout.  The all time leading point getter said he was very optimistic that the NHL and the NHLPA will have a deal done before the Winter Classic this year, meaning we should all be watching hockey before Jan 1.  Wayne, you’ve been right a lot of times and I sure hope you are right about this one too!  #GOHABSGO

 

vCommunity Trust – Helping to grow the infrastructure technologies community

Not sure if you have noticed but for the past few weeks there has been a new banner ad on the left side of this site.  This is my attempts to help increase awareness and provide people with a little more visibility into the vCommunity Trust organization   vCommunity Trust is a non profit organization whose main goal is to provide free training to the general public as well as financial assistance to to those who need to help them obtain technological certifications.

Now I’ve heard of vCommunity Trust before but didn’t know a lot about them but after meeting and getting to talk for a little bit with one of the founders, Paul Valentino (blog/twitter) at VMworld this year I thought I would try and help the cause where I could.  vCommunity Trust currently has a couple of programs in action right now outlined below, for more information or to determine eligibility for either program you can find more here.

The vCommunity Trust Certification and Training Program for vProfessionals

The vCommunity Trust Certification and Training Program’s goal is to provide at least four students per year from around the globe with the training requirements to pass the VCP exam and to provide the vouchers required to pay for both the training and the certification exam. As the program, volunteer support, and corporate sponsorship expands we would like to extend this program to include training and certification in additional areas including but not limited to Operating Systems, Security, Storage, and Networking related certifications. The goal is to make training for datacenter technologies available to those who would not normally have the opportunity and who truly desire a technical education.

The vCommunity Trust Datacenter Training for Public Schools Program

Help us to help your community! The vCommunity Trust Datacenter Training for Public Schools Program is aimed at providing datacenter training labs to public schools around the globe whether it be onsite, remote or a combination of the two. All donations to support this program will be handled at a regional level through the support of local volunteers and businesses. Donors will have the option of choosing the region they would like to allocate their donated resources to. For the purposes of this program a region is defined as a State, Province, or the equivalent. The goal is to coordinate the delivery and storage of equipment donations for this program through volunteers from each regions local technical user group/s. This program depends upon support from local individuals and businesses in every part of the world and is their opportunity to help educate their own communities without requiring them to obtain IRS designation as a public charity – a savings of approximately one year in effort.

Aside from just the programs there is a ton of training, guides and slides available to the general public for free.  Again, you can find these over at the vCommunity Trust site.  I encourage everyone to visit the site and learn more about what they are offering.   And if you are looking for some assistants and you qualify for one of the programs get your name in and apply, you never know and they are currently looking for students.  If you think you can do more to help out via lesson wise, spend some time and put something together  they would love to have it.  And of course with any non profit organization donations are always welcome, this helps to keep great organizations such as these up and running and they are always appreciated.

Friday Shorts – .net AJAX Autocomplete with no webservices, youcanthavethisforapassword, Education VMUGS and more

Alright, here we go, week 2 of this series of posts…enjoy 🙂

Using the AJAX Autocomplete in .net without engaging web services

I’ve found a new appreciation for the autocomplete functionality that languages such as ColdFusion provide out of the box. In a .net project I have been working on I simply wanted to have a textbox where the end user could begin typing in a students name and have the application make suggestions based on what they were typing and what was stored in one of my database tables. Easy enough right? No! You see, most of my googling resulted in setting up webservices to serve the data to the textbox. All in all it seemed pretty ugly. In the end I figured out how to avoid the webservices call altogether following a great article on aspsnippets.com. Obviously you need to tweek to get the results you want, but it all works in the end…trust me!

Seriouisly Microsoft – Only 16 character passwords

I seen a tweet from John Troyer this week which eventually lead me to this article. Now it seems kind of ridiculous to me! What’s the logic in only letting people have a 16 character password? Now my password is a lot less than that and I probably wouldn’t have one any bigger than that but still…It just doesn’t make sense why they would limit a password length – why lessen your security? And what have they done with those users that are already over 16 characters. The section on whether or not they have only hashed the first 16 characters of your password is interesting and honestly I wouldn’t be surprised if that is the way they went. Either way, it’s a great article, have a read and see if you are as dumbfounded as me…

Vertical based VMUGS

In an effort to share knowledge, learn from our peers and just plain ol’ get together we are now, along with a handful of other public school districts are getting together to share ideas, fixes, scripts, etc with each other. So this is planned for a few times a year and based on certain common types of technologies that we all work with, VMware being one of them. That got me to thinking. I love the structure of the VMUGs and I find them extremely valuable on a personal and a business level. However, implementing something into an educational environment vs almost any other environment is a completely different type of beast! There’s a slew of requirements and constraints associated with education. I’d love to see a series of VMUGs or learning sessions or whatever they could be called be held based on business vertical. Off the top of my head you could have Education, Healthcare, Government, etc…. Not saying we need one per quarter, but a couple per year would be cool…ah well, a man can dream…

Yet another VMworld wrap-up (I know, I’m really late to the party)

I know, VMworld is sooooo two weeks ago, the biggest announcement of vSphere 5.1 has already been delivered and is GA and the world is all basking in its new features and enhancements, the vCloud suites have been blogged to death, most of the sessions have even been made available on the VMworld Socialcast site, so why go and throw yet another VMworld post out there? Well, it was VMworld last year that gave me the final push to start this blog (see post here) and a lot of vGoodness has happened to me since then ( sponsors, certifications, vExpertiness) so I guess i just feel like i owe it to the VMworld gods to throw out my experience at the show.

Last year was my first VMworld and to tell you the truth i had no idea what to expect and after the first day lets just say i was a little overwhelmed, crazy tired and a whole lot excited. So this year i knew what to expect and thought i was more than enough prepared for the awesomeness the show could throw at me….well, not really, i was left with the same symptoms i had in 2011. I had no idea what was in store for me that week in San Francisco but by no means was I ready for what was to unfold. A few highlights of my week below…

I got to meet Pat Gelsinger and Steve Herrod at the CTO reception. How cool is that? You know, just chattin it up with CEO and CTO of the billion dollar company that produces the software that has been consuming every ounce of your free time.  Let me say, being a vExpert at VMworld is pretty awesome!

I had dinner with a bunch of rockstars. I had the chance to sit down and have a fabulous dinner with John Troyer, Martin Klaus, Ben Scheerer, David Davis, Eric Sloof, Tommy Trogden, and vCOps contest winner Joe Filippello.   Due to the massive amount of brainpower in that room you can imagine there were some great conversations – and the food was fabulous. Thanks Ben for the invite and the re-invite 🙂

My session (OPS-CIM1940). I had the opportunity to participate in a panel session (titled Real World stories of Operational Performance Troubleshooting, Capacity, and Configuration management with vCenter Operations Suite) with a few other attendees and present my stories and experiences with vcops to over 600 people. Never had I spoke in front of that many people before so i was a little nervous but overall i think the session went great and am thankfull for the opportunity

Last but not least is this group of guys (and girl). Honestly they truly make the conference what it is. Most i knew from Twitter already.  Some I met at VMworld 2011, and some I met for the first time this year.   These guys truly made the social part of the conference awesome!  Great group of guys and watch big things to come out of this group 🙂
There really isn’t much information in this post that anyone will benefit from in it and it probably comes off like a little bit of bragging (cuz it is :)).  Either way I guess one takeaway you can pull out of it is get yourself to a VMworld!   Aside from the massive amount of technical information you can bring back, the real value is the contacts you make.  Every subject matter expert is there and no question I had during the show went unanswered, so just get there!  See you in Barcelona!!! – actually I won’t but it just sounded like a good ending…. 🙂