BSNL Broadband rocks!

At home we use the BSNL dataone connection. For the past few weeks we have been having a lot of trouble in getting connected to the network. After a making a couple of complaints BSNL had sent someone to check the lines. However, since he was not able to find anything wrong he asked us to make sure that the settings in our computer were right and went back. There was nothing much I could do about the settings so we called them again. This time two people came over and one of them Mr. Sridharan started looking at what exactly the problem was. Apart from being extremely well versed about networks and routers to my surprise he was very comfortable with my Linux desktop. He was able to find exactly the problem was and fix it within a few minutes . Now the network connectivity is wonderful and the speed also seems to have increased.

For those of you wondering what exactly the problem was … Apparently there are many modes under which the ADSL modem operates. In order to obtain the ‘link’ fast we will have to make sure that it is set to operate in multimode. Another information I did not know about was that we could configure the bsnl authentication ( for which I used to set up pppoe using pppoeconf) can be done on the modem itself. Once this is set up we can have the computer configured to use a static IP in the range 192.168.1.x where x can take the values between 3 and 255.

Getting Students’ server better organised

Something I have been wanting to do for more than a year was done this week. Till now the only account that was “operatable” on the students server which hosts http://students.iitm.ac.in and a couple of other sites was the root account. So if anyone needed to access the student server they need the root password! Another bad practice (that carried over from our predecessors ) was that all the websites which needed to access a database used the root user of mysql.

Since it was the beginning of a new (academic) year and the time for welcoming a new team of webops coordinators. We (Ramanthan and myself) decided to do some cleaning up and put some rules in place to ensure sustainable development. This is an account of how it was done.

The first thing to do was to make the backups readable only by the superuser. This made sure I did not have to go about securing mysql passwords in the old code. Those of you who are familiar with web development will know that it is common practice to store the DB access details (username, password etc) in a php file which I will from now refer to as ‘conn.php’. For those who are only used to seeing websites on browsers conn.php is a file that I wanted to secure. This file must be readable only by the superuser. But this data is needed for PHP to access the database hence the user apache should also be able to read this file.

Step1: Finding all the places where conn.php is present on the server. The following command helped find all the places where conn.php was present.
locate conn.php

Step2: Setting the owner and group users as needed in my case the owner was root and group was the apache user.
chown root:apache conn.php

Step3: Set the right permissions.
chmod 750 conn.php

Step4 :Steps 1-3 ensures the mysql passwords are now secure. Now was the time to add a newuser dev which will henceforth be used for all development purposes. This was easily done by the command:
adduser -m dev

Finally I had setup a new a/c and the root password of mysql was secure. Atleast thats what I thought, till I tried to ssh to the server as the new user. To my surprise it was not possible to do so. After checking a couple of times if I entered the password correctly, realisation that a file called sshd_config exists and it defines which users are allowed/denied to ssh to the server dawned on me. So I added the user to the config file and the a/c was up and working