Tour De CC

The very first day of almost very IITian’s life here (IITM) begins with the trip with your branch mates and faculty advisor to the 3 important buildings on campus, namely the Computer center, Library and the Workshop. I still remember my first trip to CC in which we were shown from far away that these are the servers which help people perform computations and host websites. This building has had a rather passive role in my life from then until recently (read few months ago) when I was asked to take up the task of ‘redesigning’ the IITM website.

From then on life has been punctuated with frequent visits to the CC for various reasons, but the latest one was rather different. We ( Ramanathan, myself and the team) were almost done with the new site and had requested for a new machine. While I was returning happily after the fact that the our G slot was canceled reached my ears, Prof. Vijayaraghavan called and enquired if I would be able to drop in to take a look at the server that was assigned. I was more than happy to say yes, and so made my way to the CC.

The computer was supposedly one blade on the HP Proliant servers. Within a few minutes I had all the details about the server, but both of us had not really seen the server. So Prof.Vijayaraghavan requested Mr. P Y Sreekumar ( A rather popular name among students familiar with working of CC) whether he could show us the server and thats how it all started.

Once the protocol of opening locks were completed we entered the server room, although I had been there a few times before the work was mainly confined to the servers to which we had access to and were was comfortably oblivious to the presence of a number of rack servers which were in plain view. PYS started by showing us which was ‘our’ server. It was a rather disappointing to see, that the rectangular box was the all powerful webserver with a lot features which he explained patiently. To my surprise he did not stop with that but also told us details of what are the servers/services offered by other blades on that server. He also let us have a peek at the (frequently failing) smail system. When enquired about the cause for such frequent failures he said that it was due to some electrical problems they had to do some rewiring and that was the reason they had the LAN cut last saturday (23 August). We also discussed about the hardware specifications and the possibility of installing Debian GNU/Linux on the server and parted our ways for lunch.

Getting Students’ server better organised

Something I have been wanting to do for more than a year was done this week. Till now the only account that was “operatable” on the students server which hosts http://students.iitm.ac.in and a couple of other sites was the root account. So if anyone needed to access the student server they need the root password! Another bad practice (that carried over from our predecessors ) was that all the websites which needed to access a database used the root user of mysql.

Since it was the beginning of a new (academic) year and the time for welcoming a new team of webops coordinators. We (Ramanthan and myself) decided to do some cleaning up and put some rules in place to ensure sustainable development. This is an account of how it was done.

The first thing to do was to make the backups readable only by the superuser. This made sure I did not have to go about securing mysql passwords in the old code. Those of you who are familiar with web development will know that it is common practice to store the DB access details (username, password etc) in a php file which I will from now refer to as ‘conn.php’. For those who are only used to seeing websites on browsers conn.php is a file that I wanted to secure. This file must be readable only by the superuser. But this data is needed for PHP to access the database hence the user apache should also be able to read this file.

Step1: Finding all the places where conn.php is present on the server. The following command helped find all the places where conn.php was present.
locate conn.php

Step2: Setting the owner and group users as needed in my case the owner was root and group was the apache user.
chown root:apache conn.php

Step3: Set the right permissions.
chmod 750 conn.php

Step4 :Steps 1-3 ensures the mysql passwords are now secure. Now was the time to add a newuser dev which will henceforth be used for all development purposes. This was easily done by the command:
adduser -m dev

Finally I had setup a new a/c and the root password of mysql was secure. Atleast thats what I thought, till I tried to ssh to the server as the new user. To my surprise it was not possible to do so. After checking a couple of times if I entered the password correctly, realisation that a file called sshd_config exists and it defines which users are allowed/denied to ssh to the server dawned on me. So I added the user to the config file and the a/c was up and working

Kaatru Vanga Ponaen, Oru Kavidhai Vaangi Vandhen

The title of the post literally means I went to get some (fresh) air and ended up coming back after getting (read acquiring) a poem.
Something similar just happened. I came here intending to post about getting the students server better organised, but what caught my eye is the fact that the blockquote in this theme is not very noticeable and I could not help but do something about it. The quickest solution that occurred to me was to edit the CSS ( I wonder what I would have tried if I had not been exposed to CSS before… ). Unfortunately wordpress does not let you do that without “buying” an upgrade. The next thing that struck my mind to upload an image of a “double quote”. This was pretty quick and I had the image on the blog. Only thing remaining was to take away the ‘unnecessary’ html. So that was how the quotation mark appeared on the very first post (below) of mine!