Running UNIX » linux http://www.runningunix.com UNIX/Solaris tips, tricks, and advice Sun, 25 Apr 2010 17:33:40 +0000 http://wordpress.org/?v=2.9.2 en hourly 1 sudo loses environment variables http://www.runningunix.com/2008/06/sudo-loses-environment-variables/ http://www.runningunix.com/2008/06/sudo-loses-environment-variables/#comments Wed, 25 Jun 2008 23:42:07 +0000 admin http://www.cybersand.com/blog/?p=10 Tricky. When a user uses sudo to “su” to another user, certain environment variables will not remain.

From the man page:

Variables that control how dynamic loading and binding is done can be used to subvert the program that sudo runs. To combat this the LD_*, _RLD_*, SHLIB_PATH (HP-UX only), and LIBPATH (AIX only) environment variables are removed from the environment passed on to all commands executed. sudo will also remove the IFS, ENV, BASH_ENV, KRB_CONF, KRBCONFDIR, KRBTKFILE, KRB5_CONFIG, LOCALDOMAIN, RES_OPTIONS, HOSTALIASES, NLSPATH, PATH_LOCALE, TERMINFO, TERMINFO_DIRS and TERMPATH variables as they too can pose a threat. If the TERMCAP variable is set and is a pathname, it too is ignored. Additionally, if the LC_* or LANGUAGE
variables contain the / or % characters, they are ignored. If sudo has been compiled with SecurID support, the VAR_ACE, USR_ACE and DLC_ACE variables are cleared as well. The list of environment variables that sudo clears is contained in the output of sudo -V when run as root.

Share/Bookmark

]]> http://www.runningunix.com/2008/06/sudo-loses-environment-variables/feed/ 0 Increasing socket buffer size in Linux http://www.runningunix.com/2008/02/increasing-socket-buffer-size-in-linux/ http://www.runningunix.com/2008/02/increasing-socket-buffer-size-in-linux/#comments Tue, 26 Feb 2008 22:02:56 +0000 admin http://www.cybersand.com/blog/?p=7 Got error message:
2008-02-25 16:53:21.944 Tangosol Coherence AE 3.2.2/371 (thread=Main Thread, member=n/a): UnicastUdpSocket failed to set receive buffer size to 1428 packets (2096304 bytes); actual size is 89 packets (131071 bytes). Consult your OS documentation regarding increasing the maximum socket buffer size. Proceeding with the actual value may cause sub-optimal performance.

Add this to /etc/sysctl.conf and reload with “sysctl -p”:

# increase TCP max buffer size setable using setsockopt()
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216

Check current values with “sysctl net.core.wmem_max”

RHEL 3

Share/Bookmark

]]> http://www.runningunix.com/2008/02/increasing-socket-buffer-size-in-linux/feed/ 0 Port redirection using iptables http://www.runningunix.com/2008/02/port-redirection-using-iptables/ http://www.runningunix.com/2008/02/port-redirection-using-iptables/#comments Thu, 14 Feb 2008 17:52:05 +0000 admin http://www.cybersand.com/blog/?p=6 A user did not have root access, but wanted his web server to appear to be listening on port 80. Came up a nice way to redirect port 80 requests to another port, where he ran his web server.

iptables -t nat -I PREROUTING -p tcp --dport 80 -j REDIRECT --to-ports 8070
 

Share/Bookmark

]]> http://www.runningunix.com/2008/02/port-redirection-using-iptables/feed/ 0