Posts Tagged ‘tips’

I hope you brought your sweat band … Today’s Boot Camp workout is going to be pretty intense. We’re focusing on our permissions muscles. Permissions in a UNIX environment cause a lot of customer issues … While everyone understands the value of secure systems and limited access, any time an “access denied” message pops up, the most common knee-jerk reaction is to enable full access to one’s files (chmod 777, as I’ll explain later). This is a BAD IDEA. Open permissions are a hacker’s dream come true. An open permission setting might have been a temporary measure, but more often than not, the permissions are left in place, and the files remain vulnerable.

To better understand how to use permissions, let’s take a step back and get a quick refresher on key components.

You’ll need to remember the three permission types:

r w x: r = read; w = write; x = execute

And the three types of access they can be applied to:

u g o: u = user; g = group; o = other

Permissions are usually displayed in one of two ways – either with letters (rwxrwxrwx) or numbers (777). When the permissions are declared with letters, you should look at it as three sets of three characters. The first set applies to the user, the second applies to the group, and the third applies to other (everyone else). If a file is readable only by the user and cannot be written to or executed by anyone, its permission level would be r--------. If it could be read by anyone but could only be writeable by the user and the group, its permission level would be rw-rw-r--.

The numeric form of chmod uses bits to represent permission levels. Read access is marked by 4 bits, write is 2, and execute is 1. When you want a file to have read and write access, you just add the permission bits: 4 + 2 = 6. When you want a file to have read, write and execute access, you’ll have 4 + 2 + 1, or 7. You’d then apply that numerical permission to a file in the same order as above: user, group, other. If we used the example from the last sentence in the previous paragraph, a file that could be read by anyone, but could only be writeable by the user and the group, would have a numeric permission level of 664 (user: 6, group: 6, other: 4).

Now the “chmod 777” I referenced above should make a little more sense: All users are given all permissions (4 + 2 + 1 = 7).

Applying Permissions

Understanding these components, applying permissions is pretty straightforward with the use of the chmod command. If you want a user (u) to write and execute a file (wx) but not read it (r), you’d use something like this:

In the above terminal image, I added the -v parameter to make it “verbose,” so it displays the related output or results of the command. The permissions set by the command are shown by the number 0300 and the series (-wx------). Nobody but the user can write or execute this file, and as of now, the user can’t even read the file. If you were curious about the leading 0 in “0300,” it simply means that you’re viewing an octal output, so for our purposes, it can be ignored entirely.

In that command, we’re removing the read permission from the user (hence the minus sign between u and r), and we’re giving the user write and execute permissions with the plus sign between u and wx. Want to alter the group or other permissions as well? It works exactly the same way: g+,g-,o+,o- … Getting the idea? chmod permissions can be set with the letter-based commands (u+r,u-w) or with their numeric equivalents (eg. 400 or 644), whichever floats your boat.

A Quick Numeric chmod Reference

chmod 777 | Gives specified file read, write and execute permissions (rwx) to ALL users
chmod 666 | Allows for read and write privileges (rw) to ALL users
chmod 555 | Gives read and execute permissions (rx) to ALL users
chmod 444 | Gives read permissions (r) to ALL users
chmod 333 | Gives write and execute permissions (wx) to ALL users
chmod 222 | Gives write privileges (w) to ALL users
chmod 111 | Gives execute privileges (x) to ALL users
chmod 000 | Last but not least, gives permissions to NO ONE (Careful!)

Get a List of File Permissions

To see what your current file permissions are in a given directory, execute the ls –l command. This returns a list of the current directory including the permissions, the group it’s in, the size and the last date the file was modified. The output of ls –l looks like this:

On the left side of that image, you’ll see the permissions in the rwx format. When the permission begins with the “d” character, it means that object is a directory. When the permission starts with a dash (-), it is a file.

Practice Deciphering Permissions

Let’s look at a few examples and work backward to apply what we’ve learned:

• Example 1: -rw-------
• Example 2: drwxr-x---
• Example 3: -rwxr-xr-x

In Example 1, the file is not a directory, the user that owns this particular object has read and write permissions, and when the group and other fields are filled with dashes, we know that their permissions are set to 0, so they have no access. In this case, only the user who owns this object can do anything with it. We’ll cover “ownership” in a future blog, but if you’re antsy to learn right now, you can turn to the all-knowing Google.

In Example 2, the permissions are set on a directory. The user has read, write and execute permissions, the group has read and execute permissions, and anything/anyone besides user or group is restricted from access.

For Example 3, put yourself to the test. What access is represented by “-rwxr-xr-x“? The answer is included at the bottom of this post.

Wrapping It Up

How was that for a crash course in Unix environment permissions? Of course there’s more to it, but this will at least make you think about what kind of access you’re granting to your files. Armed with this knowledge, you can create the most secure server environment.

Here are a few useful links you may want to peruse at your own convenience to learn more:

Linuxforums.org
Zzee.com
Comptechdoc.org
Permissions Calculator

Did I miss anything? Did I make a blatantly ridiculous mistake? Did I use “their” when I should have used “they’re”??!!… Let me know about it. Leave a comment if you’ve got anything to add, suggest, subtract, quantize, theorize, ponderize, etc. Think your useful links are better than my useful links? Throw those at me too, and we’ll toss ‘em up here.

Are you still feeling the burn from your Sysadmin Boot Camp workout? Don’t forget to keep getting reps in bash, logs, SSH, passwords and user management!

- Ryan

With all of the cooking and eating going on around Thanksgiving, Summer’s Truffle Mac and Cheese blog inspired me to think back on any of the “expertise” I can provide for SoftLayer customers in the kitchen. One of the first things my mother taught me to cook was brisket. While it might not be as exotic as 3 Bars Barbeque, it’s pretty easy to make. Everyone who tastes it sings its praises and thinks it took forever to prepare, and while it does have to cook in the oven for about four hours, there are only five ingredients, so the “preparation” time is actually only around ten minutes. Since it’s not exactly a family secret, I don’t think I’ll get into any trouble for sharing it:

Easy-To-Make Brisket Ingredients

• 1 Brisket – I’d recommend having the majority (not all) of the fat trimmed off at the store
• 2 1/2 Cups of Ketchup – Buy the largest ketchup bottle and plan on using a little more than half
• 1 1/2 Cups of Water
• 1 Packet of Onion Soup Mix
• 1 Can of Tomato Paste (Optional, adds flavor)

Instructions

1. Pre-heat oven to 300 degrees
2. Mix all of the non-brisket ingredients and pour them on top of the brisket in a large roaster (one with a lid would be preferable)
3. Make sure the entire brisket is covered. Pick it up to get your other ingredients underneath.
4. Pop it into the oven for four hours at 300 degrees.
5. Take it out, let it cool, and enjoy!

That’s the basic, original recipe, but I’ve found a few ways to make it juicier along the way. One tip is to pull the brisket from the oven after about three and a half hours and slice it against the grain. If you have an electric knife, this is the perfect chance to use it, and if you don’t, this could be an excuse to get one. Put the brisket back in the roaster for another half hour, and you’ll love the results. Because ovens differ, just make sure it’s moist before you take it out to serve.

At this point, you’re probably asking yourself what a brisket recipe has to do with SoftLayer. If you’ve used our Build Your Own Cloud wizard, you might already see the similarity: You can put something together that seems dauntingly time consuming quickly and without breaking a sweat … And the end result is amazing. There are a few simple steps to making an impressive brisket, and it takes a few clicks to build a customized cloud instance with all the benefits of SoftLayer’s global network and support.

Too often, selecting a cloud instance involves more limitations than it does choices, so we wanted to make sure the BYOC service enabled customers the granularity to choose CPU, RAM, and storage configurations on newer, more powerful servers than our competition. Just like my tweak of the original recipe, we want customers to have the ability to tweak their cloud platform to provide the best application performance, cost efficiency, and availability for their specific needs.

If this blog left you hungry, you’ve got everything you need to make an amazing brisket. If you don’t have the ingredients (or the four hours) you need to make one now, you can try the quicker BYOC recipe:

SoftLayer Cloud Ordering Ingredients

• The device you’re using to read this blog.
• A list of what you want on your cloud instance.

Instructions

1. Visit SoftLayer’s Build Your Own Cloud page.
2. Select the options you want and submit your order.
3. Start using your custom cloud instance in less than 20 minutes!

Happy Building!

-Rachel

If you’ve visited SoftLayer at a large conference this year, you probably came face-to-rack with our Server Challenge. Your task: Reassemble our miniature rack of SuperMicro servers in the fastest time at the conference. To do this, you need to install twenty drive trays in five servers and connect network cables in the correct switches to mirror the server rack setup on our data centers. If you’re able to score the best time, you win an iPad 2!

In the sometimes-boring world of collateral and T-shirts at trade shows, the activity around this competition stands in stark contrast. It’s been huge hit everywhere we go, so if you haven’t had a chance to try your hand at the challenge, I’m sure we’ll bring it to several of our 2012 shows. As a way of rewarding those of you who loyally follow our blog, I thought I could give you an advantage by sharing some tips for when you’re in front of the Server Challenge rack … And to give you an idea of how important these tips can be, look at how close the top two times were at ad:tech NYC:

That’s right. 17 hundredths of a second between victory and defeat. Now are you ready to take some notes?

The Start
When you start the challenge, don’t look at the timer to see if your time started … If it doesn’t start, we’ll stop you. By focusing your attention on the network cables or drive trays (whichever you choose to start with), you can save yourself a half of a second.

Network Cables
You don’t have to connect the network cables first, but I have to choose something to complete first, so the network cables won the coin flip. When you’re connecting the network cables, it’s best to grab all three cables of the same color and try to snap them in together. Plugging in the cables one-by-one requires three times the work.

Hard Drives
When you’re tackling the hard drives, the key is to line up the drives and have them installed completely before moving on. My tip for installing the drives is to tilt them in on a sideways angle, not at an upwards angle. If you try and tilt the drives upwards, you’ll most likely get the drive tray stuck and have to remove it to try again. If you can do it precisely, picking up two drives at one time has worked well, and our all-time record of around 54 seconds took that approach.

One last pointer: Lock them in place immediately after installing them. If you leave the latch open, it makes it harder to get neighboring drives installed, and it’s such a small incremental effort to close the latch that even if you perfect a “close all the latches” technique at the end, you’d still end up spending more time.

The Finish
Don’t forget to put both hands back on the timer to stop your time.

Now that you’re equipped with some of the best Server Challenge tips and tricks, we want you to start training. In 2012, we expect to see someone complete it in under 50 seconds … And that person probably will carry the all-time record home – along with a new iPad 2!

Keep an eye on our Event Schedule for upcoming shows, and if there’s a conference where you really want to see the Server Challenge, let us know and we’ll see if we can set it up.

Good Luck!

-Summer

We invite each of our featured SoftLayer Tech Marketplace Partners to contribute a guest post to the SoftLayer Blog, and this week, we’re happy to welcome Eli Feldblum, CTO and Founder of RankAbove. RankAbove is a leader in search engine optimization (SEO) technologies and data management that helps solve complex SEO challenges for enterprise-sized organizations’ websites via a combination of proprietary technology, innovation and creativity.

The New Number One Spot: Planning for the Future of SEO

You run a successful business, or at least the IT for a successful business — that’s why you’re on SoftLayer. And, chances are, you’ve already spent lots of time and effort optimizing your site for search engines. You’ve built backlinks; you’ve ensured the structure of your site allows the search engine spiders to see every page of the site and prevents the creation of duplicate content; you’ve carefully written titles, friendly URLs and header tags; and you’ve continuously tweaked your on-page content to get to the number one spot in Google, Bing and other search engines.

Unfortunately, that apical spot is quickly becoming an apocryphal one; being number one isn’t what is used to be. The Search Engine Results Page (SERP) has undergone dramatic changes in the past few years, and even if you optimize perfectly and grab the top spot, you might be pushed down (even below the fold) by a variety of other Google products:

• Ads & Comparison Ads
• Local Results
• Image Results
• Video Results
• Shopping Results

In today’s SEO market, you need to optimize not only for regular web results, but for every other Google product too. Luckily, there are a few tips you can use to make sure you appear in those products, and get the new and improved global number one spot—and lots of traffic too.

Read RankAbove’s Tips for Local, Images and Video! »

Now that you’re an expert when it comes to bash, logs, SSH, and passwords, you’re probably foaming at the mouth to learn some new skills. While I can’t equip you with the “nunchuck skills” or “bowhunting skills” Napoleon Dynamite reveres, I can help you learn some more important — though admittedly less exotic — user management skills in UNIX.

Root User

The root user — also known as the “super user” — has absolute control over everything on the server. Nothing is held back, nothing is restricted, and anything can be done. Only the server administrator should have this kind of access to the server, and you can see why. The root user is effectively the server’s master, and the server accordingly will acquiesce to its commands.

Broad root access should be avoided for the sake of security. If a program or service needs extensive abilities that are generally reserved for the root user, it’s best to grant those abilities on a narrow, as-needed basis.

Creating New Users

Because the Sysadmin Boot Camp series is geared toward server administration from a command-line point of view, that’s where we’ll be playing today. Tasks like user creation can be performed fairly easily in a control panel environment, but it’s always a good idea to know the down-and-dirty methods as a backup.

The useradd command is used for adding users from shell. Let’s start with an example and dissect the pieces:

useradd -c "admin" -d /home/username -g users\ -G admin,helpdesk -s\ /bin/bash userid

-c "admin" – This command adds a comment to the user we’re creating. The comment in this case is “admin,” which may be used to differentiate the user a little more clearly for better user organization.
-d /home/username – This block sets the user’s home directory. The most common approach is to replace username with the username designated at the end of the command.
-g users\ – Here, we’re setting the primary group for the user we’re creating, which will be users.
-G admin,helpdesk – This block specifies other user groups the new user may be a part of.
-s\ /bin/bash userid – This command is in two parts. It says that the new user will use /bin/bash for its shell and that userid will be the new user’s username.

Changing Passwords

Root is the only user that can change other users’ passwords. The command to do this is:

passwd userid

If you are a user and want to change your own password, you would simply issue the passwd command by itself. When you execute the command, you will be prompted for a new entry. This command can also be executed by the root user to change the root password.

Deleting Users

The command for removing users is userdel, and if we were to execute the command, it might look like this:

userdel -r username

The –r designation is your choice. If you choose to include it, the command will remove the home directory of the specified user.

Where User Information is Stored

The /etc/passwd file contains all user information. If you want to look through the file one page at a time — the way you’d use /p in Windows — you can use the more command:

more /etc/passwd

Keep in mind that most of your important configuration files are going to be located in the /etc folder, commonly spoken with an “et-see” pronunciation for short. Each line in the passwd file has information on a single user. Arguments are segmented with colons, as seen in the example below:

username:password:12345:12345::/home/username:/bin/bash

Argument 1 – username – the user’s username
Argument 2 – password – the user’s password
Argument 3 – 12345 – the user’s numeric ID
Argument 4 – 12345 – the user group’s numeric ID
Argument 5 – "" – where either a comment or the user’s full name would go
Argument 6 – /home/username – the user’s home directory
Argument 7 – /bin/bash – the user’s default console shell

Now that you’ve gotten a crash course on user management, we’ll start going deeper into group management, more detailed permissions management and the way shadow file relates to the passwd usage discussed above.

-Ryan

It’s been a while since our last UNIX Sysadmin Boot Camp … Are you still with me? Have you kept up with your sysadmin exercises? Are you starting to get comfortable with SSH, bash and your logs? Good. Now I have an important message for you:

Your password isn’t good enough.

Yeah, that’s a pretty general statement, but it’s shocking how many people are perfectly fine with a six- or eight-character password made up of lowercase letters. Your approach to server passwords should be twofold: Stick with it and Be organized.

Remembering a 21-character password like ^@#*!sgsDAtg5t#ghb%!^ may seem daunting, but you really don’t have to remember it. For a server, secure passwords are just as vital as any other form of security. You need to get in the habit of documenting every username and password you use and what they apply to. For the sake of everything holy, keep that information in a safe place. Folding it up and shoving it in your socks is not advised (See: blisters).

Want to make your approach to password security even better? Change your passwords every few months, and make sure you and at least one other trusted colleague or friend knows where to find them. You’re dealing with sensitive material, but you can never guarantee that you will be available to respond to a server-based emergency. In these cases, your friends and co-workers end up scrambling through bookshelves and computer files to find any trace of useful information.

Having been one of the abovementioned co-workers in this situation, I can attest that it is nearly impossible to convince customer service that you are indeed a representative of the company having no verification information or passwords to provide.

Coming soon: Now you’ve got some of the basics, what about the not-so-basics? I’ll start drafting some slightly more advanced tips for the slightly more advanced administrator. If you have any topics you’d like us to cover, don’t hesitate to let us know in a comment below.

-Ryan

This guest blog was contributed by Wendy Nather, Research Director, Enterprise Security Practice at The 451 Group. Her post comes on the heels of the highly anticipated launch of StillSecure’s Cloud SMS, and it provides some great context for the importance of security in the cloud. For more information about Cloud SMS, visit www.stillsecure.com and follow the latest updates on StillSecure’s blog, The Security Samurai.

If you’re a large enterprise, you’re in pretty good shape for the cloud: you know what kind of security you want and need, you have security staff who can validate what you’re getting from the provider, and you can hold up your end of the deal – since it takes both customer and provider working together to build a complete security program. Most of the security providers out there are building for you, because that’s where the money is; and they’re eager to work on scaling up to meet the requirements for your big business. If you want custom security clauses in a contract, chances are, you’ll get them.

But at the other end of the scale there are the cloud customers I refer to as being “below the security poverty line.” These are the small shops (like your doctor’s medical practice) that may not have an IT staff at all. These small businesses tend to be very dependent on third party providers, and when it comes to security, they have no way to know what they need. Do they really need DLP, a web application firewall, single sign-on, log management, and all the premium security bells and whistles? Even if you gave them a free appliance or a dedicated firewall VM, they wouldn’t know what to do with it or have anyone to run it.

And when a small business has only a couple of servers in a decommissioned restroom*, the provider may be able to move them to their cloud, but it may not be able to scale a security solution down far enough to make it simple to run and cost-effective for either side. This is the great challenge today: to make cloud security both effective and affordable, both above and below 10,000 feet, no matter whether you’re flying a jumbo airliner or a Cessna.

-Wendy Nather, The 451 Group

*True story. I had to run some there.

There are so many different types of Social Networks nowadays: Facebook, Twitter, YouTube Channels, the faded MySpace and recently popular Google+. They all have different features but are essentially used for the same purpose. Facebook is the largest player in the market, and every time it makes a change, the world collectively gasps … And a lot of people start yelling.

When Facebook launched back in 2004, it was designed with college kids in mind. I remember when you HAD to have a college email address to set up a Facebook account – the good ole days. A year or two later, Facebook created a separate section for high school students, and not too long after that, anyone on the planet could get a Facebook account, and the growing/changing audience necessitated changes in the platform.

Facebook is a great way to find old friends and catch up, and it’s also an easier way to update everyone all at once what you are doing. I found out my best friend was engaged on Facebook … That’s right. I found out by Facebook before I got a phone call. Facebook is like a drug – it’s addictive. Some people live there all day.

If you work for an IT company, you know that technology is constantly changing. To keep up with evolutions in technology and perceived needs of the growing user base, Facebook will update its platform every few months. If you have a Facebook account, you’ve probably noticed that they released a new layout this week. You’ve probably also noticed all of your friends’ status changes complaining about how they hate the way it looks, how “It’s too hard to use.” Those friends hated the old “new Facebook,” and somewhere down the road, they’ve learned to love and/or depend on that “new Facebook” which is now in the “old Facebook” category. It’s pretty annoying right?

Here’s my advice for the change-averse:

1. If Facebook didn’t change, it would get stagnant and someone else would introduce something better … The same way Facebook supplanted MySpace. DEAL WITH IT.
2. If you don’t like the changes Facebook makes, DELETE your account and move to a new Social Network like Twitter or try out Google+.
3. Instead of complaining how hard the new Facebook is to use, take the time to READ the instructions they have provided for you … From a desktop you are able to mouse over a section and it will tell you what it means and how to use it.
4. Last but not least – whining is for babies and last time I checked you were in your 20′s, 30′s, 40′s, and up – so suck it up!

Whew! Now that felt good …

- Natalie

This year has been exciting for me at SoftLayer. I took on a new role here as a member of our marketing team, and in that role, I’ve played a big role in our trade shows. We participate in a huge number of trade shows each year, and I’ve been lucky enough to meet thousands of current and (hopefully) future SoftLayer customers. To give you an idea of how often I’m on the road, I probably spend about 2-3 weeks each month away from home … And that means I am in airports all the time.

I happen to be one of those weirdos that actually enjoys traveling, but honestly, the travel experience at airports and on planes can be pretty annoying at times, so I thought I’d put together some traveling tips before my next trip so I can hand out the URL when I see violations. Here’s the short list of tips I’ve come up with in my travels:

At the Airport

• When going through security do not choose the “Expert Traveler” line if you are not an expert. The experts will know you don’t belong, and we will sneer at you.
• The security line is not the time to make jokes on terrorism. In fact, there’s never a good time to make jokes about terrorism, especially at an airport.
• If you are selected for random screening, please do not throw a fit. The officer doing the pat down probably isn’t trying to make a pass at you and hates the process just as much as you do.
• If your boarding pass says Group 5 there is no point in huddling near the boarding area when the airline representative has called Group 1. You are the reason the boarding process is moving slowly.

Boarding the Plane

• When the flight attendant announces that everyone should move into their row so other passengers can get by you, he/she is probably talking about you.
• If you have a small enough bag to place under the seat in front of you, please do so. There is a person in Group 6 with a full size carry-on bag that would rather not have to check his bag because your shopping bag is taking up his valuable space.
• If you are seated in the back of the aircraft, don’t place your bag up in the front bin just so you do not have to roll it to the back. The people sitting in the front of the plane would rather not have to wait for everyone to get off the plane so they can walk to the very back to retrieve their bag.

On the Plane

• You aren’t fooling anyone by trying to hide your cell phone between your knees after the cabin door closes.
• If the person next to you puts on their headphones it probably means they are not interested in having a flight long conversation about your life.
• Please don’t get mad at me if I decide to put my seat back. If you need more legroom, spring for First Class or at least an exit row. If you absolutely need me to stay upright, ask me nicely, and you’ll have a lot better chance that I’ll be able to help you out.
• I got the window seat so I wouldn’t have to get up if someone next to me needed to get into the aisle … You got the aisle seat with a little extra room, so please don’t have an attitude if I need you to move to get into the aisle. That’s the tradeoff.
• Yes, the armrest is shared, so you have a right to half of it … This means that if your arm is on my half of the armrest and you’re in my personal space, we have a problem.
• If you decide to talk to the person sitting next to you on the flight, please keep your voice down. People five rows behind you are not interested in your conversation.

And lastly …

• Do not eat foods that may make you gassy before you travel. Passing gas in a plane where air is re-circulated is not cool.

Safe travels!

-Summer

This is a guest blog from 3DCart Co-founder and CEO Gonazlo Gil. 3DCart is a technology partner with a robust eCommerce platform hosting thousands of merchants all over the world … And it’s clear they have an enduring drive for innovation and value.

5 Must-Have Features in a Hosted Ecommerce Provider

In 1997, the concept that would eventually become 3DCart came into existence. I developed 3DCart with the idea of putting every single ecommerce tool and resource at the fingertips of web entrepreneurs so anyone with a computer could start their own online store. Today, we’re still going strong, and we pride ourselves on launching new ecommerce features before the competition has a chance.

The market for shopping carts has exploded over the past decade. If you’re considering the ecommerce business, choosing a shopping cart can get overwhelming. Because not all ecommerce software solutions are created equal, we’ve put together a list of five must-have features for aspiring entrepreneurs to consider when choosing a hosted ecommerce provider.

1. PCI Compliance to Protect Customer Information
You hear about it on the web, on the television, in the magazines: cyber-theft. Recent instances of online fraud (like the hack of Playstation’s network) have caused online shoppers to stiffen up when it comes to sharing financial information. For your sake and the sake of your customers, it’s important to put the minds of shoppers at ease as soon as they discover your brand.

Born from new rules created by the Payment Card Industry, PCI compliance standards are stringent guidelines for ensuring your online store is up to code in terms of security. The last thing you need as an online storeowner is responsibility for losing sensitive personal data to fraudsters. Beyond general culpability, you run the risk of losing trust in your brand, which could sink your business entirely.

The process for reaching PCI compliance is vigorous and expensive. That’s why most ecommerce software providers undergo PCI compliance measures on their own — so online stores can offer security to their customers. It offers a little more peace of mind on both sides of the business relationship and ensures your transactions go through smoothly.

Read the rest of 3DCart’s Guest Blog! »