Getting past VSFTP’s 500 OOPS: cannot change directory

This is a frustrating one. Make sure that the user you are connecting as and the target directory have both the same user as well as group permissions.

For example, if you are chroot jailing a particular user, given this entry from /etc/passwd:

username:x:100:200::/ftp/directory:/sbin/nologin
(where 100 = “username” and 200 = “somegroup”)

Make sure that the user and group permissions of the directory match what is set in /etc/passwd:


$ ls -lah /ftp/directory
drwxrwx--- 4 username somegroup 4.0K Mar 24 23:56 .

Posted this one since I’ve probably solved it, and then promptly forgotten the solution, at least three times.

Quick fix for “java.sql.SQLException: Value ‘0000-00-00’ can not be represented as java.sql.Timestamp”

If you ever run across this while fighting with Hibernate, one quick fix is to instruct JDBC to turn the bad date values into NULLs, eg:

jdbc:mysql://localhost/test?zeroDateTimeBehavior=convertToNull&autoReconnect=true&characterEncoding=UTF-8&characterSetResults=UTF-8

Your mileage side-effects may vary.

More excellent Java + J2EE tips (and lots of other stuff in Czech) here.

Diff’ing files over the network

This is a godsend. Wish I had thought about doing this before.


$ diff source/worksforme.php <(ssh -n me@liveserver cat /home/me/source/worksforme.php)

You can also compare files on two remote hosts.


$ diff <(ssh -n me@testserver cat /home/me/source/worksforme.php) <(ssh -n me@clientserver cat /home/me/source/worksforme.php)

Character encoding translation breaks when upgrading WordPress

Recent versions of WordPress like to second-guess the internal and external encodings used by mbstring when assembling data from the database and spitting it out to blog pages.  Probably this works fine for most, but if you have an older database storing text as something other then UTF-8, probably you have a custom chunk of mbstring configuration in an .htaccess file or similar; perhaps like this:

php_value output_buffering 1
php_value output_handler mb_output_handler
php_value mbstring.language Japanese
php_value mbstring.internal_encoding EUC-JP
php_value mbstring.http_input auto
php_value mbstring.http_output SJIS
php_value mbstring.encoding_translation 1

WordPress’s second-guessing will break this, resulting in a bunch of garbled posts. To fix, comment out this chunk of code in wp-settings.php:

/*
 * In most cases the default internal encoding is latin1, which is of no use,
 * since we want to use the mb_ functions for utf-8 strings
 */
if (function_exists('mb_internal_encoding')) {
        if (!@mb_internal_encoding(get_option('blog_charset')))
                mb_internal_encoding('UTF-8');
}

With this gone, WordPress will stop second-guessing and custom encoding translations should flow through just fine.

Finding files by date with the Linux find command

Here’s something I’ve wanted to know how to do since forever.

Use this trick to find files that have been modified since some arbitrary date:

$ touch -d "13 may 2001 17:54:19" date_marker
$ find . -newer date_marker

To find files created before that date, use the cnewer and negation conditions:

$ find . ! -cnewer date_marker

And to delete them, use the built-in “delete” action, eg:

$ find . ! -cnewer date_marker -delete

Discovered in the Irish Linux Users Group‘s exceptional online tutorial.

Securing Mantis

Any Mantis users out there running older versions should consider upgrading immediately. Recently crackers have been using an exploit in pre-1.1.4 versions of Mantis to execute arbitrary code via a sort parameter. The exploit attempts to execute a call to create_function from manage_proj_page.php.

See the CVE on Mitre and details in the Mantis forums.

It would appear that this exploit is used to create a cron under the username of the web server. When fired, the cron generates a new “mc-root” directory within the Mantis tree which would appear to contain some kind of root kit or similar.

In addition to upgrading, I recommend adding the following to your Mantis conf_inc.php if you do not run an open-access Mantis system:

#############################
# Signup and Lost Password
#############################


# --- signup ----------------------


# allow users to signup for their own accounts.
# Mail settings must be correctly configured to work
$g_allow_signup = OFF;


# Max. attempts to login using a wrong password before
# lock the account.
#
# When locked, it's required to reset the password
# (lost password)
# Value resets to zero at each successfully login
# Set to OFF to disable this control
$g_max_failed_login_count = 3;

apache2: apr_sockaddr_info_get() failed for somehost

Hypothetically speaking of course, let’s assume you forget to renew a domain name. And suddenly that domain’s email is not working. And then you notice the site is down. The next step is, logically speaking, to panic, followed by an attempt to figure out what the hell is going on. Which usually means restarting Apache. Which results in:

apache2: apr_sockaddr_info_get() failed for yourhost

Which is, wow, an exotic new error. If you see this it means that, even though Apache says its restarting, really its probably not. And now all your other sites are down. And, so, more panic. More panic for you.

Now that you’ve probably realized that the default domain name has expired, you will want to get Apache back up on a different, actually non-expired domain. Like this:

$ hostname actual-non-expired-domain-name.com

Now restart.

Alternatively if your hostname is set to something like “www”, probably you can change the default site in vhosts so that Apache can connect the hostname to the tld.

This is all hypothetical of course.

Sherlocking Linux Distros

You login to a mysterious new box. There is no login message. You poke around and before long you start to wonder “So what the heck distro is this anyway?”

$ uname -a
just tells you all about the kernel. Hmmm.  A mystery.

To pull up details on the distribution, take a peak in /etc/issue. This text file is often what is presented to users after they login, and typically contains distribution specific details. Likewise, look for /etc/*release or /etc/*version, which various distributions use to tag the release version.

Elementary!