Get Mail List from LDAP

March 30, 2007 Leave a comment

Although bash is my first scripting language, it seems I am becomming more and more of a python convert. Today I needed to send an email to everyone with an account on my ldap server. Normally, I would have used something like sed and bash. Although I did still end up using bash, I forced myself to write the regular expression part in python.

The idea with languages like python is to make it so that it’s easier to write your own bit of code to do what you want than it would be to find someone else’s code and use it. This code is probably pretty useless to most people. It is not even a little efficient. But who knows, I may help a budding sysadmin who is just starting to write his own scripts. And by blogging it, hopefully I know where to find it for next time.

Here is the script to pull out user’s email addresses, one per line (which is exactly the type of file my mail client will accept to make an email list):

"""
mailfind.py

This program was written to get all the email addresses from raw input
and print them onto the screen
"""
import re
    while 1:
        try:
            line = raw_input() + 'n'
            string = re.search(r"(w*.)?w*@w*.w*",line)
            try:
                print string.group()
            except:
                continue

        #this should only happen on the last iteration
        except:
            break

I ended up just using some trivial bash stuff to do some of the processing, although this would be pretty easy to have built into the python, but it was even easier to just put it in good old familiar and unmanagable bash.

#!/bin/bash
slapcat | ./mailfind.py | sort | uniq

Awesome. Now I have my mail addresses to use for my black-market viagra selling business.

Filed under Misc Tagged with , ,

Common Permission Error

March 12, 2007 Leave a comment

One extremely important part of using any multi-user Operating System is correctly understanding permissions. Over the past couple years, I have been administering a Linux server with a lot of users, and there is one error that has popped up over and over again.  A lot of users forget or don’t realize that permission to delete a file from a directory is determined by the write flag of the directory, not the write flag of the file.

Take this scenario: Bob is an unprivileged user on a LAMP box and he is hosting a dynamic website.  He wants to allow changes to folders within his public_html directory so he can do things like upload templates, media, etc.  However, the apache user is not Bob, it is something like www-data.  As an unprivileged user, Bob cannot chown or chgrp a directory to a group he doesn’t belong to.  He might think about contacting the sysadmin, but more likely he chmods the directories to be a+w, and is careful to make the files not have the write flag (assuming that this is what determines if a file can be deleted or not). This is an incorrect assumption, and he is leaving his files to be deleted by whoever else has an account on the server.

For example:

bob@lamp:~$ ls -l     #note the test directory has o+w
total 4
drwxrwxrwx 2 bob stupid 4096 2008-07-01 10:27 test

bob@lamp:~$ cd test/

bob@lamp:~/test$ ls -l myfile     #note that myfile does not have o+w
-rw-r–r– 1 lundeen2 stupid 5 2008-07-01 10:28 myfile

bob@lamp:~/test$ su otheruser

otheruser@lamp:~/test$ rm myfile     #other random users are able to delete this file
rm: remove write-protected regular file `myfile’? y

otheruser@lamp:~/test$ ls -l
total 0

There are several ways to handle Bob’s situation.  Bob could ask a privileged user to add him to the www-data group (though this won’t work very well if all the users are part of this group) or he could ask the admin to setattr +i the file to make it undeletable (though he himself could not delete it afterward). A better way would probably be for Bob to use acls (eg setfacl) or to set the sticky bit on the directory (chmod +t).  The sticky bit might be good enough, as it is probably what Bob wanted in the first place – for other users besides himself to be able to write to his directory, but not giving those users a chance to delete his or www-data’s files. Using acls is probably best, but can also be slightly more complicated.

While the behavior of permissions may be obvious to a system administrator, to an average user, it seems it is not.  In my weekly cron scripts I have a  “find / -type d  ( -perm -o+w  -perm 1000 )” to search for all files with this permission.

Filed under Misc Tagged with , ,

PDPTA Paper

March 4, 2007 Leave a comment

Bleh. So since I’m applying for a job so I uploaded the only paper I’ve published so far. It’s basically benchmarking tests with a new type of architecture. It was a good Summer of work altogether.

pdpta06_paper_new

In retrospect I think MEMS based storage is probably a bad idea.  Things should probably be moving toward non-moving parts.  On the other hand, I still think something needs to go between disc and RAM.

Filed under Misc Tagged with , , ,

Zombie Killer

March 2, 2007 Leave a comment

This morning I got to thinking.  What happens if parents die before their kids?  The world could be flooded with zombies.

Some background.  Unix allows a child to get the PID of its parent or the execution state of its children.  For example, a parent can spawn a child to complete some process, and then wait to check when the child has terminated.  If the child is dead, it’s termination code will tell the parent whether or not the task was completed succesfully.

So Anyway, Unix kernels can’t discard data in the process descriptor fields right after a process terminates.  They can only kill themselves completely after their parent has issued a wait()-like call (seen whether their task was completed).  This is why zombies were introduced: although the process is dead, it must live until the parent is notified of it’s death.

So if a parent dies to leave orphaned children, the world could theoretically be flooded with these zombies, since there are no parents to issue wait()-like system calls.  This problem is solved by forcing all orphans to become children of Init.  In this way, Init will destroy zombies while checking for the termination of one of its legitimate children through wait()-like calls.

The release_task() function detaches the last data structures from the descriptor table – or “blows their brains out” if you will.

Obviously, everything I’m saying is not about processes, but about real zombies and an unsung hero named init.

Filed under Reverse Engineering Tagged with ,

Follow

Get every new post delivered to your Inbox.