Executing smbstatus as non-root user

•February 16, 2009 • 7 Comments

I found that after upgrading to samba 3 (Debian 2.6.15 unstable), I was unable to execute smbstatus as a non-root user. This was very inconvenient, since I was using a PHP script to track which users are connected to my server (see my previous post). The error that occurs looks as follows:

ERROR: Failed to initialise messages database: Permission denied
messaging_tdb_init failed: NT_STATUS_ACCESS_DENIED
messaging_init failed

Making smbstatus suid root unfortunately didn’t do the trick. Taking a closer look at the error suggested that it got to do with the *.tdb files that samba is using. So, I went to the folder containing these files (for me /var/run/samba/*.tdb). All these database files were chmodded to 644, so only enabled rw permissions to root.

By changing the permissions of messages.tdb to 666 (rw permissions on world, if you find this to devil-ish, 646 would also do the trick ;)) a normal user can also open the database file and thus everything worked again. Of course, you should keep in mind that this may pose a security risk.

Monitoring Samba from a web page using smbstatus

•December 14, 2008 • 8 Comments

A long time ago, I found that I needed something to be able to see which users are logged in using samba and kick users as necessary. The usual way is to check the currently logged in users using smbstatus and kicking users by killing the smb process belonging to a user. To make this a bit easier, I made a small webpage in *cough*PHP*cough*. Hey, it was 2 years ago! 🙂 Anyway, I still find it very useful, so maybe it’s useful to you, too.

<?
error_reporting(0);

if(isset($_GET&#91;'kill'&#93;)){
	echo shell_exec("sudo /scripts/smbkill ".$_GET&#91;'kill'&#93;." 2>&1");
	}

exec("smbstatus -S",$log);
exec("smbstatus -L",$lock);

$pid_us = array();
for($i=3;$i<sizeof($log);$i++)
	if(!trim($log&#91;$i&#93;)=="") {
		$users&#91;&#93; = split("&#91; &#93;+",$log&#91;$i&#93;,4);
		$pid_us&#91;$users&#91;sizeof($users)-1&#93;&#91;1&#93;&#93; = $users&#91;sizeof($users)-1&#93;&#91;2&#93;;  
		}
for($i=3;$i<sizeof($lock);$i++)
	if(!trim($lock&#91;$i&#93;)=="") {			
			$line = split("&#91; &#93;+",$lock&#91;$i&#93;,7);
			$usr = $pid_us&#91;$line&#91;0&#93;&#93;;
			if(trim($usr)=="") $usr = $line&#91;0&#93;;									
			$locks&#91;$line&#91;0&#93;&#93;&#91;&#93; = array($line&#91;0&#93;,$usr,substr_replace($line&#91;6&#93;,"",-25));	//Remove date (25 chars from the right
		}
	
//die("");

echo "<br />";
echo "<font style=\"font-family: Verdana;\">Connected users:</font>\n";
echo "<br /><br />";
echo "<table>\n";
foreach($users as $user){
	list($service,$pid,$mach,$date) = $user;
	echo "<tr\n>";
	echo "<td><a onclick=\"return confirm('Kick this user?');\" href=\"".$PHP_SELF."?kill=".$pid."\"><img border=\"0\" src=\"remove.gif\" /></a></td>\n";
	echo "<td class=\"user\">".$mach."</td>\n";
	echo "<td class=\"pid\">".$pid."</td>\n";
	echo "<td>".$service."</td>\n";
	echo "<td>".$date."</td>\n";
	echo "</tr>\n";
}
echo "</table>\n\n";

echo "<br /><br />";
echo "<font style=\"font-family: Verdana;\">Locked files:</font>\n";
echo "<br /><br />";
echo "<table>\n";

$cuser = "";
$first = true;
foreach($locks as $l){
	foreach($l as $lck){
		list($pid, $user,$file) = $lck;
		if($user != $cuser){		
			if(!$first){
				echo "<tr>\n";
				echo "<td>&nbsp;</td>\n";
				echo "<td>&nbsp;</td>\n";
				echo "<td>&nbsp;</td>\n";
				echo "</tr>\n";				
				}
			echo "<tr>\n";			
			echo "<td class=\"pid\"><a onclick=\"return confirm('Kick this user?');\" href=\"".$PHP_SELF."?kill=".$pid."\"><img border=\"0\" src=\"remove.gif\" /></a> ".$pid."</td>\n";
			echo "<td class=\"user\">".$user."</td>\n";
			echo "<td>".$file."</td>\n";
			echo "</tr>\n";
			$cuser = $user;
			}
		else {
			echo "<tr>\n";
			echo "<td>&nbsp;</td>\n";
			echo "<td>&nbsp;</td>\n";
			echo "<td>".$file."</td>\n";	
			echo "</tr>\n";				
			}
		$first = false;
		}
}
echo "</table>\n";
?>

Note that you should of course make sure that only you are able to access the page and execute the kill command, so you’ll need to get creative with sudo and htaccess 😉

Image used: remove

Sorting IMAP Mail with Imapfilter

•November 18, 2008 • 11 Comments

The situation is as follows: I have multiple IMAP mail accounts on multiple servers and access these mailboxes from multiple computers using different e-mail clients. Per mailbox, I have multiple folders that contain messages regarding a certain subject. To be sure that new mail appears in the folder it belongs to, I have set up message filters on every e-mail client. The trouble is, for every new folder I had to alter the filters on every client.

As a solution, I left one computer always running with Thunderbird active, but since I already have a linux server running (terminal access only), I was thinking whether there was something available that was able to sort my messages, which I can alter from the command line and doesn’t involve a graphical frontend.

Imapfilter did the job for me. Although I don’t have any experience in Lua, in which it is written, I managed to successfully sort my mail. You can install it from source, but there is also a Debian package available from the apt (at least, from repository unstable). Below I’ll describe how I configured imapfilter, since there is not much information around on this (there are however some small examples described in a sample config file).

After install, first run imapfilter as a normal user. This will create the directory ~/.imapfilter with appropriate permissions. Enter that directory and create a new file named config.lua. In this file, you should first define some global options, then your IMAP accounts, followed by the filters (rules) that should be applied to the messages in your mailboxes.

The global options are defined in a lua table variable named options. A table in lua is much like a hash in Ruby. I have defined the following options:

  options.timeout = 120
  options.subscribe = true

The meaning of these options is described on the imapfilter homepage.
Definitions of IMAP accounts look like this:

account1 = IMAP {
	   	server = 'imap.example.com',
		username = 'user',
		password = 'pass',
		ssl = 'ssl3'
	}

account2 = IMAP {
	   	server = 'imap2.example.com',
		username = 'user',
		password = 'pass'
	}

As you can see, imapfilter also supports SSL (you need to have OpenSSL installed though). You can define all your IMAP accounts like this.

Next, I define the sorting rules. Note that I mostly move messages from the inbox of an account to a folder of the same account. This is however not necessary, it is also possible to transfer messages from one account to the other. Example 1:

   msgs = account1.INBOX:contain_from('MediaPortal')
   account1.INBOX:move_messages(account1.MediaPortal, msgs)

The first example is simple: find all messages in the INBOX in which the sender contains the name MediaPortal and move those messages to the MediaPortal folder.
Now, a more complex example:

 msgs = 	account2.INBOX:contain_from('Cron') +
		account2.INBOX:contain_from('Log') +
		account2.INBOX:contain_subject('yum')
 account2.INBOX:mark_seen(msgs)
 account2.INBOX:move_messages(account2['Maildir/Admin Notifications'], msgs)

What you need to know here is that the ‘+’ operator means ‘or’. So, I put all messages that are from ‘Cron’, ‘Log’ or have the subject ‘yum’ in the variable msgs, I mark all those messages as read and finally move them to the ‘Admin Notifications folder’. As you can see, this account uses the Maildir directory.

You can debug your configuration by running imapfilter -d or imapfilter -v. To run these rules frequently, I finally had to run this code in daemon mode. To achieve this, I had to enclose all the above code in a function and pass that function in the become_daemon() function:

-- global options

function sortMail()
   -- IMAP account definitions
   -- rules
end

become_daemon(300, sortMail)

Note that I had to include the account definitions in the function; it seems the accounts are also initialized when defined and it wouldn’t work anymore when these definitions were outside the function. The above example will run imapfilter as a daemon and execute the sortMail function every 300 seconds.

UPDATE 03-02-2010: Sometimes, an error may occur while processing the messages, causing imapfilter to terminate. To solve this, I created a function that wraps the sortMail function and ensures errors are ignored:

function sort_mail_and_ignore_errors()
        pcall(sort_mail())
end

daemon_mode(300, sort_mail_and_ignore_errors)

Some final remarks that may save you some time:

  • There are problems selecting/searching messages when you’re running an Exchange server. I tried several things to get it working properly, but nothing worked. This could be dependent on the configuration or version of the Exchange server however.
  • Be sure you add the IMAP definitions to the function called in daemon mode
  • if you don’t know exactly which folders you have or should define, you can add some debugging code to find out:
-- Inbox information
account1.INBOX:check_status()

-- Get and print available mailboxes and folders
mailboxes, folders = account1:list_all()
table.foreach(mailboxes,print)
table.foreach(folders,print)
  • Want to filter out spam? This can be done like this:
-- Select all messages marked as spam       
msgs = account1.INBOX:match_header('^.+MailScanner.*Check: [Ss]pam.*$')
-- Throw them away 
account1.INBOX:delete_messages(msgs)

Fore more information and examples, see also the imapfilter homepage: http://imapfilter.hellug.gr

Snippet: Binary to YAML

•November 1, 2008 • Leave a Comment

Recently, I was looking for a piece of code that could easily convert a file to YAML data. Here is what I use now. It follows the format described in http://yaml.org/type/binary.html.

def binary_to_yaml(file, indent_level = 1)
  if File.exists?(file)
    indent = ""
    indent_level.times{ indent << " " }
    data = File.open(file,'rb').read
    #YAML Generic binary representation, see http://yaml.org/type/binary.html	
    "!binary |\n#{indent}#{&#91;data&#93;.pack('m').gsub(/\n/,"\n#{indent}")}\n"	
  end
end
&#91;/sourcecode&#93;

The indent level describes how many spaces should be prepended. A binary value for a key that is unnested should have indent level 1. See the example below:

&#91;sourcecode language="ruby"&#93;
user: # indent level 1
 name: John Doe # indent level 2
 address:
  street: Sunset Blvd # indent level 3
  number: 2034
 thumbnail: <%= binary_to_yaml('files/thumb.jpg',2) %> # indent level 2

user: # indent level 1
 name: Jane Doe # indent level 2
 ...

RailsConf 2008: LowPro

•October 11, 2008 • Leave a Comment

Although my colleagues agreed RailsConf 2008 was ‘less interesting than the last time’, there were some interesting presentations I’d like to give some extra attention.

First and foremost, I was very excited about a presentation of LowPro, an extension to prototype to easily ajaxify your webapp with unobtrusive javascript. Forget about link_to_remote, submit_to_remote and remote_form_for, which yield blocks of ugly inline javascript. Instead, consider this script to send a form using AJAX:

Event.addBehavior({
  '#add_form' : function() {
    this.hide();
  },
  '#add_new_link:click' : function() {
    $('add_form').toggle();
    return false;
  },
  '#add_form' : Remote.Form
});

Using Event.addBehavior, you can add behaviors to elements specified by CSS selectors. When this piece of code is included in your static, non-javascript webapp, it will ‘hijack’ click and submit events only when javascript is enabled.
I have done something similar in a project of my own, which should update a page when a month was selected in a combobox. Note that this example does not use LowPro itself. If javascript was disabled, a button should be displayed to manually submit the form containing the combobox. So, my static page (statistics.html.erb) would look like this:

<% form_tag example_url, :method => :get, :id => 'months-form', :class => 'months-form' do %>
  <div>
	<%= select_tag :month, @available_months.collect{ |month| "<option value=\"#{month.to_s}\" #{(@curr_moneht.same_month?(month)) ? 'selected="selected"' : '' }>#{month.strftime("%B %Y")}</option>" }.join %>
	<%= submit_tag 'view', :id => 'submit-button' %>
  </div>
<% end %>

To add a dash of Javascript to this without touching this perfectly fine code, I just need to include a javascript file that should handle the form submission. Let’s call it statistics.js:

<% content_for :content_for_js do %>
   <%= javascript_include_tag 'statistics' %>
<% end %>

And finally, the javascript that should prevent manual form submission and hide the view button when javascript is available:

Event.observe(window, 'load', observeMonthField);
      
function observeMonthField() {
    $('submit-button').hide();
    $('month').observe('change', function(event) {
      $('months-form').submit();
    });      
}

Easy peasy lemon squeezy!

Ruby Core & Ruby on Rails CHM Documentation

•August 28, 2008 • 5 Comments

Today, my company’s internet provider managed to cut off the internet connection for the whole day! This made me wonder why I always use the online available Ruby & RoR APIs, while having them offline would give me faster loading times and doesn’t require an internet connection (although that situation is probably the same as being cut off from water for most of us 🙂 ).

Download

There is a project page on sourceforge that contains CHM documentation for Ruby 1.8.6 and Rails 2.3.

Do it yourself

Rdoc provides you with four possible formats to create your own documentation: html, xml, ri and chm.

To create the documentation for Ruby, go to the Ruby source directory (\src\ruby-x.x.x-pxxx) in the console and enter: rdoc -f [format] -o [destination-folder].

To create the documentation for Rails, go to the ruby gems directory (i.e. \lib\ruby\gems\1.8\gems) and enter: rdoc -f [format] -x test/* -x template/* -o [destination-folder] action* active* rails-* .

The extra argument -x template/* is needed here to prevent errors from occurring during compilation, as discussed here. This problem occurs for both html and chm compilation.

Update 16-12-2008: When generating the Rails documentation, a good idea is to also add -x test/* to the command, since you’ll probably don’t need the documentation of Rails’s test classes, which are included in the gems.

If you are using windows, you might like the CHM format (the Windows Helpfile format). To be able to create CHM files, you’ll need HTML Help Workshop. Install it in C:\Program Files\HTML Help Workshop\, even if you are running Windows x64.

Update 16-12-2008: A small list of locations of gem home directories:

  • Windows:
    • C:\ruby\lib\ruby\gems\1.8\gems
  • Mac OS X
    • /System/Library/Frameworks/Ruby.framework/Versions/1.8/usr/lib/ruby/user-gems/1.8/gems (included version)
    • /usr/local/lib/ruby/gems/1.8/gems/

Content_for Sorta Nested Layouts

•August 16, 2008 • 2 Comments

For my latest project, I needed to insert a small piece of code into all views belonging to a controller. At first, I had solved this by adding a partial to every view, but I thought it would be nice to DRY it up a little more and create some sort of nested layout within the main layout. This article by Matt McCray explained how I could easily achieve this by yielding within a partial, specified by a sub_layout method in the controller. The only disadvantage I found was that content_for constructions within the nested layout were not evaluated in this way, while the small piece of extra layout had its own css and javascript, too.

In order for content_for blocks to be evaluated, it needs to be yielded. The simple solution I therefore came up with was to yield the nested-layout-partial itself from a content_for defined in the main layout:

<% content_for :with_nested_layout, render(:partial=> "layouts/#{controller.sub_layout}") %>
<html>
 <head>
  <title>Nested layout example</title>
  <%= stylesheet_link_tag 'common', 'clearfix' %>
  <%= javascript_include_tag :all %>
  <%= yield :content_for_css %>
  <%= yield :content_for_js %>
 </head>
 <body>
  <div id="main" class="clearfix">
   <%= yield_flash_messages -%>
   <%= yield :with_nested_layout %>
  </div>
 </body>
</html>

This way, I can specify content_for :content_for_css and :content_for_js in the nested layout, which are evaluated because the partial itself is yielded, too. Of course this can be considered as a ‘dirty hack’, and I do agree to some extent, but it’s only two lines of code and it works like a charm, so I forgave myself for implementing it this way 🙂