|Technology has its pitfalls - A Techy rant
||[May. 10th, 2005|12:07 am]
|||||Tired and frustrated||]|
This is another entry that I wanted to write a while back...
I'm a Netsoc SysAdminion!
Ok, so I'm actually a sysadmin, but seeing as I'm working under Larry, who's the Head System Admin, I figure I'm his minion, therefore I'm a SysAdminion. Larry's since decided that this is a Good Title, and will be betowed upon all us underlings with root access.
I'm also webmaster for netsoc. The two kinda go hand in hand, well at least the way I'm looking at things. Reason being, our Netsoc is shit compared to most other netsocs across the country. I know it, but don't admit it often, the head knows it, and some people I know have no problem telling me that DCU's redbrick, or Trinity's Netsoc is better.
I mean, they run events, they offer much better shells and online facilities. We just offer 2 GB of space (before Google did). At the election of new committee, the outgoing HSA was giving his report on how shiny the new Dual-Opteron system that they'd bought was really much better than the Sun E450 we had, and that it was running OpenBSD which for some reason was more secure than Solaris - I don't know enough to argue this point, but I happen to know that Sun software generally works really well with Sun hardware... what with it being made by the same company and the likes. He was also talking about how he'd provided a very secure shell to users, and how SysTrace was used.
That has been the bane of my existence for the past year. It was something that did not allow me to write to certain directories, like public_html, when Pagansoc bought a netsoc account in order to host their site. Read this as, Pagansoc had no real website to speak of for half a year. All because proper systrace policies weren't written for the basic commands like mv (for moving files, for the non-techies reading) and cp (for copying files).
So, come the report, our outgoing HSA talked about how Systrace was massively useful, but that it still didn't work "if you tried to do anything unusual... like move files". That's a direct quote from his speech.
Of course, half the problem stems back to the fact that apache was chrooted and access to the users public_html directories was arranged in some very weird half-assed way. Basically in the homedir, there was a symlink to /var/www/users/username - but, I discovered today, that /var/www/ is actually a symlink to /home/www! Whuh-di-fuh?
Imagine what this does to systrace policies that apply to a working directory of /home/users/current-year/username/ - yeah, they don't like to work anywhere else.
Handy tip for someone who doesn't have access to the cp command, but does have access to cat.
cp file1 file2
cat file1 > file2
It works wonders. If you have the rm command working, you can even create a move command!
It did make sense, in its own twisted way, insofar that apache is chrooted - that means it can only see /var/www and all its subdirectories, and nothing else. So, it needed to see the directories of the users it was going to serve the pages of. This now leads to another lovely complication, when you consider what I want to do. And this is the bit that's driving me insane!
I mentioned netsoc sucks compared to other netsocs, so what we're doing is that we're going to be offering members a Content Management System (CMS - for those that don't know, it's a type of site that allows you to go to a certain page and edit your files online, and not necessarily even know HTML in order to get it to look pretty... think of the rich text option in LJ) for their sites, and a gallery for photos. I hunted some version of code - and got my hands on some pretty nice software that I tested at home. I settled on CMS (CMS Made Simple) for the CMS and Gallery for the chimps in marzipan tutus - acutally I joke, it's for the gallery software.
The Gallery software needs some software that can be found on pretty much any standard unix installation these days, or you can at least get some for it - ImageMagick or NetPBM. Both of which are on netsoc's servers. However, it was through this that I realised that chroot was in operation. Php couldn't exec() the programs because it couldn't see them. Joy. So I tried compiling the feckers.
Then I realised they needed libraries that were outside the root as well! So, I tried static compiling. Fail. That was for imagemagick. I'm now trying to compile NetPBM, but some of the libraries its looking for, it claims to be missing. This isn't actually true - they're there, but their names are just slightly different (easy to fix for the general case, but I need root first). So, NetPBM is not yet compiling. This means that I dislike chroot, and dislike trying to make static binaries!
There again, I see why chroot is there, and why it's a really good idea to have it there. I just reckon things could have been done a lot better.
So that's my technical ranting. While I'm just writing this to vent my spleen, and not to seek any technical advice, any advice from anyone who's been in a similar situation is more thant welcome to say "Hi, this happened to me..." *grin*
Otherwise, I shall sleep and battle these daemons again. Oh, tomorrow, I plan to go into town and get the new Garbage album. I hope I like it. They were one of those bands that I can say helped me survive my teenage years. So I still buy their music, even if it happens to be them farting - but I wouldn't buy the ringtone!