• The enom order process changed, check the order before submitting to avoid inadvertently adding services you do not want (e.g. RichContent). #

One crucial area of focus for Idologic Networks is uptime. We prefer not to pat ourselves on the back all too often, but we do possess quite the track record when it comes to keeping our servers online. Uptime is a function of many variables and it begins on a stable datacenter foundation which is supplemented by true server-grade hardware. (IE: We don’t stuff a glorified desktop processor in our servers!) The aspect of uptime that any good System Administrator – whether he or she oversees Linux, Windows, or UNIX – grapples most fiercely with is the software side.

If you ever updated your home desktop or laptop, you know exactly what we are talking about. Upgrades to the Operating System (OS) core virtually always require a reboot. If, as with a server, your object is to stay online as much as possible, this clearly becomes counterproductive. Contrary to the advice of your Uncle Al who refuses to update his Service Pack 1 installation, good security practice requires that a high-value target like a server be up to date. Your customers demand that security from you, you demand it from us, and we demand it from ourselves.

At the very core of Linux is something called the kernel. To keep this blog post short, think of the kernel as the brain and nervous system of Linux that tells it how to operate on the server. Patching this kernel with the latest security releases has always been a source of downtime. It requires a server reboot to apply the changes, and it seems like there is always a necessary update right smack in the middle of your busiest week or newest promotion. It’s not so much a problem when the reboot can wait for late at night or off hours, but it becomes a major issue when the reboot is needed quickly.

Ksplice Uptrack is the advent of rebootless kernel upgrades. This technology has been in the pipes for some time, and the good folks here at Idologic Networks maintained a watchful eye, ready to adopt it when the technology matured. This is a capacity that Linux possesses which really gives it a major advantage over Windows servers right now.

The basic synopsis on how Ksplice works is that it takes the vendor releases and converts them into hot updates (in laymen’s terms, you could think of it as a live update). The MIT minds behind the project put out a whitepaper on the subject if you would like to go into further detail, but this is the brainchild of a couple excellent observations. They realized that the vast majority of kernel upgrades simply did not need any need code and therefore required no reboot to be applied. To make a long story short, they came up with a system where they could apply the hot updates and forego the once-required server reboot for a very long time.

This technology, Ksplice, is coming to Idologic, as we’ve already begun implementing it on many of our customers’ servers. We look forward to entering a new era of uptime sans the annoying downtime that accompanies kernel upgrades. With Ksplice, we can schedule our maintenance and begin to do away with unscheduled reboots for kernel upgrades. As always, let us know at the helpdesk if you have any questions!

• Rebooting the server that runs our site; ksplice will be available soon allowing us to patch a kernel without rebooting! #
• Ramping up a new server called Aphrodite; just in time for our Valentine’s day special! #

• One of the uplinks has been temporarily removed; seems to be having issued with some peers. Traffic should re-route momentarily. #
• Long night patching servers… luckily we have our trusted Keurig B60! #
• Google ditches IE6 http://googleenterprise.blogspot.com/2010/01/modern-browsers-for-modern-applications.html #

• RT @denverhunter An Introduction to Linux File Permissions: http://bit.ly/5NvBMA #

File permissions in Linux differ from Windows, and understanding more about them can protect you from quite a few malicious users out there. Unlike Windows where file permissions in this sense don’t exist, Linux is designed to be a multi-user system. This is what makes Linux itself the ideal for hosting multiple websites; the server software is designed for different users to be working at the same time. For the system to work, Linux needs to know two key pieces of information about each and every file: what can be done to a file and who can do it to the file.

To accomplish this, the Linux gurus built a permissions system based on a few letters: r (read), w (write), and x (execute). Each option does pretty much what it says. With read permissions granted, the file can be read. Write permissions on a file mean that you can change/edit the file and save those changes. Execute permissions are for things like CGI scripts where you can actually run the script.

To give you an idea of how this works, let’s look at typical output (from shell) for file permissions. We obtain this information using the command ls –la which will output some potentially foreign looking information if this is your first time:

-rw-r--r-- 1 domainowner domainowner 193 Sep 18 24:19 index.html
drwxr-xr-x 2 domainowner domainowner 4096 Sep 15 02:57 data/

You can see the letter permissions that I spoke about a bit earlier, but the confusing part is that there looks to be multiple versions of that information. If that’s an observation that you made, congratulations, you’re pretty sharp. While Linux has a unique three-pronged letter permission system, it also has a three-pronged user section where it informs the server who can do what.

The very first single letter is to designate whether the item is a directory (think Windows folder) or a file. It will have, naturally, a d for directory and will be blank for a file. Linux performs this task automatically, so no worries about assigning a d are necessary. The next three sets of three are where the meat of file permissions really lies. The first three are the owner permissions(the file creator = the owner), the second three the group permissions, and the final three are the public (everyone else) permissions.

Take the file listed above. The owner (domainowner) has permissions to read the file and write it. The group and public can only read it. The reason for this is security. If anyone and everyone can write the file, imagine the abuse!

Now the next caveat I’ll share is the cause of many support tickets. Unlike other hosts, Idologic runs a type of hardened PHP setup known as suPHP. Unfortunately, many manuals tell you to do crazy things like run your website with files with 666 and folders with 777 permissions. What these numbers mean is basically a type of shorthand for file permissions. IE: 7 indicates that everyone can do everything. So when you run 777 permissions, everyone can read and write the file! That’s completely insecure and one of the leading ways to wake up to a defaced website.

Here are the numbers with their values:
0 No permissions whatsoever
4 Read
5 Read / execute
6 Read / write
7 Read / write / execute

The values you want to routinely use are as follows: 644 for HTML/PHP/etc. files, 755 for directories, and 755 for CGI scripts. 644 is the ideal because these types of files don’t require execute permissions. 755 for CGI scripts because they must execute to work.

Jumping back to suPHP, it requires only 644 permissions because the files are run as the owner. This makes for a much more secure environment and eliminates the need for those risky 777 permissions.

Last but not least, you’re going to need to know how to change file permissions. This is done in the shell with the command chmod. There are a variety of ways, but for the novice I recommend simply using the numbers to chmod files. To chmod a PHP file, the command is: chmod 644 index.php. If you use FTP, the trick is to typically right click the file and there will be a link either called “chmod” or “file permissions” to click and then input the values.

If you understand this information, congratulations! You now understand the basics of Linux file permissions, and you’re already on the path to better securing your website. As always, Idologic support is available on the helpdesk should you need any help at any time.

• Happy New Year from Idologic! Here’s to a better, stronger and more successful start of a new decade! #
• Important announcement about a cPanel dedicated server SpamAssassin bug fix, read more @ http://bit.ly/4ZXViS #

• Happy Holidays everyone #

• RT @Late_Show: Do you smell veal and peppers? #
• Watching David Letterman try twitter… fun! #
• Twitter is now acting up Old media beating new media? #
• Phishing targeted at cPanel users, read more @ http://forums.idologic.com/showthread.php/possible-phish-scam-1577.html #

• Personally I love UltraEdit on windows (http://ultraedit.com/); BBedit on OS X (http://bbedit.com/); what’s your favorite editor? #