~chuck/blog

. . . so i created myip.ozymo.com which does the same thing:

$ curl myip.ozymo.com
64.39.0.38

Sometimes it’s nice to get just the IP returned without all the fluff.

/cs

Hello, all!

I just had to clean out a Postfix queue, and came up with this little
oneliner:

for i in `postqueue -p | grep -B1 ‘450\|451\|452\|421\|server dropped
connection\|lost connection\|Connection refused\|Connection timed out\|
Host not found\|Blacklisted\|DELETED\|root’ | grep ^[0-9A-G] | cut -d’ ‘
-f1`; do postsuper -d $i; done

It really does the trick. Make sure that if you copy it above, you
check the input. Wordpress does some funny things to dashes and
whitespace sometimes.

/cs

The terms “755″ and “777″ can be a little confusing unless you are
familiar with UNIX permissions. These two items are octal notation
representing the bits set for particular permissions for each of “user”,
“group”, and “other”. Each digit corresponds to one of these.

Basically, permissions can be comprised of three numbers, which, when
added together, give you a permission in the range of 0-7. The three
numbers correspond to “read” (4), “write” (2), and “execute” (1)
permissions. As you can see, if a user, group, or other has all the
permissions, then the pieces, added together, equal to seven:

r + w + x = rwx
4 + 2 + 1 = 777

In UNIX, from the shell, when you look at a directory listing of a
particular file, such as the wp-content directory, you are presented
with an “rwxrwxrwx” notation of the permissions scheme (the leading “d”
signifies that this is a directory):

$ ls -lahd wp-content/
drwxr-xr-x 5 chuck chuck 4.0K Nov 25 11:15 wp-content/

As I mentioned, each digit in the “755″ notation corresponds to one of
“user”, “group”, or “other”. In essence, the permissions “755″
correspond as follows:

user—group–other
rwx____r-x____r-x
421____401____401 (or 4+2+1,4+0+1,4+0+1)
7______5______5__ (this is for visual sanity)

Essentially, when a directory is set to “755″, then only the user that
owns the directory (in the case of the wp-content folder on my server,
the user chuck) has permissions to “write”, or create files, modify
files, and remove files, from this directory. Members of the “group” and
members of “other” (meaning everyone else on the planet) can enter the
directory and read the contents of the directory.

In the case of “777″ permissions, anyone can “read”, “write”, or
“execute” a file or directory (executing a directory means entering it).

So, at this point we know how to tell who can or cannot write to a
directory. When someone browses to your website and tries to upload
content to the wp-content directory, they cannot.

The reason for this is because only the “user” owner of the directory
has “write” permissions. When a PHP script (which is what Wordpress is
comprised of) is parsed by the PHP engine on your site, it is done so by
the Apache service, which allows the client browser to contact your
server for exactly this purpose. The PHP script cannot “write” to the
wp-content directory because the script is being run as the “apache”
system user. Because the apache user is not the “user” owner of the
directory, and the permissions are “755″, the PHP script (running with
the apache user’s permissions on the directory) cannot “write” the
content to the directory.

Your desire to maintain server security is excellent! Most people don’t
realize that by giving the web server access to write to a directory
that they are opening up a security hole! In fact, many people change
the permissions to “777″ (world-writable) when they install Wordpress.

Wordpress is a very widely used blogging application. Generally, as long
as it is updated in a timely fashion, you can keep your
wp-content/uploads directory at 777 without worrying too much about
security, because the people at Wordpress have input validation in their
code to effectively prevent intrusion in that area. I still would not
advise it, but it shouldn’t cause a problem.

I must say though, do NOT simply change the permissions of the
wp-content directory to “777″. Make sure that it is only the “uploads”
directory therein. Changing the permissions of the wp-content directory
would also make the plugins directory world-writable, which WILL open a
vast security hole on your server.

I hope this information has been helpful!

/cs

Apache’s mod_rewrite is a whole universe of complexity of and to itself.

Suppose I have a URL that I want to redirect elsewhere:

http://www.ozymo.com/~chuck/home/tester.php?name=chuck&date=today

This PHP script doesn’t even exist on the server. This one does:

http://www.ozymo.com/~chuck/projects/mod/redird.html

So, I configure Apache to allow me to issue mod_rewrite directives in a
.htaccess file for that directory:

AllowOverride FileInfo

I bounce Apache, and put the following rewrite rules into a .htaccess file:

$ cat .htaccess
RewriteEngine on
#RewriteCond %{REQUEST_URI} ^/tester\.php$ [NC]
RewriteCond %{QUERY_STRING} ^name=chuck&date=today$
RewriteRule ^(.*)$ http://www.ozymo.com/~chuck/projects/mod/redird.html
[L,R=301]

As such, I am redirected here:

http://www.ozymo.com/~chuck/projects/mod/redird.html?name=chuck&date=today

I do not want that. I want to remove the query string from the URL. How
am I to do that? Good question, and the question gives us our answer:

I append a question mark to the end of the Substitution:

RewriteRule ^(.*)$ http://www.ozymo.com/~chuck/projects/mod/redird.html?
[L,R=301]

And voila, I’ve been redirected to the html page without an appended query
string. What a pain, that little question mark is!

/cs

I modified a neat little hack, borrowed from Linux Server Hacks
(O’Reilly), so that whenever I ssh into my server, I can monitor the load
from the title bar of the terminal I’m using.

So, here’s the hack, as the book presents it:

$ cat ~/bin/tl
#!/usr/bin/perl -w

use strict;
$|++;

my $host=`/bin/hostname`;
chomp $host;

while(1) {

open(LOAD,”/proc/loadavg”) || die “Couldn’t open /proc/loadavg: $!\n”;

my @load=split(/ /,);
close(LOAD);

print “\033]0;”;
print “$host: $load[0] $load[1] $load[2] at “, scalar(localtime);
print “\007″;

sleep 2;

}

As you can see above, this is a perl script that I’ve placed in my user’s
bin directory. I’ve chmod’d it to have executable permissions:

# chmod +x ~/bin/tl

Now, if I want to see the server load in the title bar whenever I log into
my server through SSH, all I have to do is add this line to my .bashrc:

tl&

This effectively runs the process and backgrounds it, leaving me at the
shell prompt. You can see the backgrounding here:

$ jobs
[1]+ Running tl &

Now, if I simply close the SSH session, the terminal will hang, because
it’s waiting on the tl process to finish. The perfect while loop in the
script causes this to never happen. So, I added this line to my
.bash_logout file in my home directory:

/usr/bin/killall tl

This will kill all running tl processes before closing the bash shell and
terminating the SSH session.

/cs

I’m sure that there are about 18 million people that already know how to
“Blog by Email”, and do it on a regular basis. But I just learned about
it, and thought I would share.

At this URL, there is a plethora of information for configuring this
“Blog by Email” setup. It took me about thirty-eight seconds to
implement:

http://codex.wordpress.org/Blog_by_Email

Basically, I navigated to Settings->Writing and scrolled all the way
down. Just above the credentials area for your mail account, it
provides three suggested usernames that you can use. Definitely, one
should use a random or “hidden” email address, because it will be less
likely that your blog will fill up with spam. Once the credentials were
put in place, I clicked “Save Changes” and navigated to the wp-mail.php
script, which told me I had an email. Then the test message (not this
one, the goofy one i removed; shame on me) appeared as the most recent
entry on my blog! Awesome!

“Blog by Email” allows me the freedom to update my blog from anywhere
without having to use my login credentials on some random computer.
Then again, I suppose I would have to login to my email anyway, but eh?
What’re ya gonna do, right?

I’ve found it sometimes cumbersome and difficult to post as frequently
as I would like because I would have to login and navigate around the
admin page, then retype everything when my browser crashes, etc. Now, I
can work at my pace, save a draft or two along the way, and write in
between work or play, because I always have my email client open.

You should give it a try too!

/cs

Just what the world needs, another blog!

Well, here it goes, off and running.  I guess we’ll see where it takes us.

/cs