simon.schönbeck.dk

Tag: linux

  • Pidgin certificate prompt

    Today using the version of Pidgin that came with Fedora 10 I received the following certificate prompt:

    Accept certificate for ows.messenger.msn.com?
    The root certificate this one claims to be issued by is unknown to Pidgin.

    The majority of cases of unknown certificate issuers are due to the chain of trust breaking down. This break down in the certificate chain is mainly caused by the software in question not including the intermediate certificate authorities certificates. Without these intermediate certificates the software can not verify through the certificate hierarchy up till the root certificate and therefore prompts the user about what to do.

    The options I received in the Pidgin prompt were:

    View certificate
    Accept
    Reject

    Upon selecting “View certificate” I am presented with the following details:

    Common name: ows.messenger.msn.com
    Fingerprint (SHA1): a9:9c:2d:ee:4a:d1:c8:7d:a7:c5:c3:05:32:98:5f:ee:57:87:73:8a
    Activation date: Tue Jan 29 14:37:21 2008
    Expiration date: Wed Jan 28 14:37:21 2009

    So far everything looks as it is a bona fide certificate but to verify the identity completely I load the page https://ows.messenger.msn.com/ in Firefox. As expected no certificate warnings were received and I opened the certificate viewer to see its details and confirmed the data matches up with the data received in Pidgin:

    certificate
    Certificate Viewer

    I can safely trust this certificate as Firefox has verified through the certificate chain that all intermediate certificates are valid too:

    certificate_chain
    Certificate Chain

    This certificate is simply used by Microsoft for the Live Messenger offline messaging service. Although you normally would trust verified certificates it did happen in the past that certificates were incorrectly issued to the wrong people. So always be cautious!

  • Virtualmin & suEXEC

    If by chance you have installed the Webmin module Virtualmin at some point you may have come across the following error message when setting up the module:

    Failed to save enabled features: The Suexec command on your system is configured to only run scripts under /var/www, but the Virtualmin base directory is /home. CGI and PHP scripts run as domain owners will not be executed.

    This error message is caused by using a version of suEXEC compiled by default to use /var/www as the document root of Apache. The suEXEC feature allows to execute scripts as the user owning the virtual host instead of the global apache user increasing security. The solution has either been to recompile suEXEC with the new desired path (/home in this case) or simply disable (Server Templates > Apache Website > Automatically add appropriate SuExec directive?) suEXEC completely inside the Virtualmin module configuration.

    A much simpler approach I used was to create a link between the two directories. I used mount to bind the two directories together and act as one. Voila, Virtualmin now continued the module setup without a remark!

    To achieve this I ran the following command as root:

    mount --bind /var/www /home

    That is it really. Now the directories act as one for the suEXEC wrapper too.

    Please note this will usually only last till next reboot. To mount permanently include the following line into your /etc/fstab:

    /var/www /home none bind

    The following is the extract from the mount man page:

    Since Linux 2.4.0 it is possible to remount part of the file hierarchy somewhere else. The call is
    mount --bind olddir newdir
    or fstab entry is:
    /olddir  /newdir  none  bind
    After this call the same contents is accessible in two places.  One can also remount a single file (on a single file).

    One note is that if you already had local users set up inside the /home directory you will mount on top of it, making the existing users data unavailable (not deleted). Simply unmount again and the users data will be back again. To get around this change the default path Virtualmin uses to create new virtual hosts home directories to something else e.g. /virtualmin. This can be done in the Users & Groups module.

  • Error: Could not open the local file – FTP madness!

    Trying to move some automatic backups from one location to another became a bit of a struggle recently. The backups are created automatically and uploaded to a file server at a scheduled pattern. From this file server I had to use some of the backups and tried to download them to my local machine. This is where the problem started.

    I am long time user of the excellent FTP client named FileZilla and very seldom experience any issues with it. But this time during the download process I kept receiving this weird error message:

    Error:    Could not open the local file path/filename
    Error:    Download failed

    I initially thought about some permission problems like no read access until I swiftly realised it was actually on the local side the issue was and not on the server. This just made no sense as obviously why would it want to open the file when it actually had to create the file instead. I tried to download the backups to different locations on the hard disks, even external ones as well, to see if oddly enough they had magically become write protected. This was not successful and I started to think of the directory structure as downloading the individual file worked just fine.

    So to summarise:

    1. Downloading the directory containing the backups did not work.
    2. Downloading each individual file inside the directory worked as expected.

    Very strange indeed…

    I actually did not break it until the following morning when I woke up with the solution. I am not sure what happened as I would not dream about such a pity issue but I just woke up and Eureka!

    In hindsight it was really obvious what the problem was but at the point it just did not come to my mind.

    Linux and Windows have some dramatic differences and one of them is the fact that file and directory names under Windows are limited to certain characters while Linux pretty much takes it all. I was trying to download directories to a Windows XP PC with a colon (:) in the name, such as . This is incompatible with Windows and therefore FileZilla was not permitted to create such directories anywhere on the hard disks.

    Never use the following characters in file or directory names if you expect Windows compatibility:

    / \ : * ? " < > |