ionCube

http://www.ioncube.com/
For better or worse, ionCube is an encryption method for those that want to protect their code. A pain the neck for system admins, but some want to protect their PHP code, whatever.

Problem... Zend Optimizer +

Zend Optimizer+ does not play well with ionCube for whatever reason, so it's really picky on what order they get loaded during startup. It's important to put the configurations in the correct order, or it will just error out during start up.

Installing ionCube

You'll want to grab the loader files from here
http://www.ioncube.com/loaders.php

I downloaded and unzipped them to

/usr/local/ioncube

Edit php.ini file

Since ionCube is a Zend Extension and not a Zend Module (what's the difference? I couldn't tell you, but there is a different) we need to open up the file

/usr/local/zend/etc/php.ini

and at the very bottom it should look something like this.

; Local Variables:
; tab-width: 4
; End:
[Zend]
zend_extension=/usr/local/ioncube/ioncube_loader_lin_5.2.so
zend.install_dir=/usr/local/zend
zend.conf_dir=/usr/local/zend/etc
zend.ini_scandir=conf.d

Of course the important line is the ioncube line, it's important that it appears before the other lines.

Big Note about versions

It wasn't immediately obvious to me, but you need to match your PHP version with the version of ionCube (You can tell I'm using PHP version 5.2).

Verify install

After it's done you can restart the web server (if the web server doesn't start check your log files for clues). Then go to the Zend admin panel to see the PHP INFO page. You should see a section that looks like this....

BD... BD.. BD.. That's all folks

This summarizes how I currently set up my servers so that I can have multiple developers accessing certain client files, but retain control on which clients. The key to this whole process is groups.

Users

Create user accounts for your developers.

# useradd developer1
# passwd developer1
# useradd developer2
# passwd developer2

Groups

Create groups that section off your clients. For example.

# groupadd client1
# groupadd client2

Add apache to your groups

The web server is going to need access to the files so we will add apache to any groups we create for this purpose.

# usermod -a -G client1 apache
# usermod -a -G client2 apache

Add developers to your groups

Your developers need to access your client files as well so we assign them to the groups. This will assign developer1 -> client1 and developer2 -> client2. Fun stuff.

# usermod -a -G client1 developer1
# usermod -a -G client2 developer2

You could also section off your groups in other ways, such as by website.

DocumentRoot Folders

The web server folders will be located at /var/www/. So you will have :

/var/www/client1
/var/www/client2

Setting the setgid bit

# chmod 2770 /var/www/client1
# chmod 2770 /var/www/client1

Assigning User and Group ownership to the directories

This will have to be done by root, because you cannot assign ownership to another person unless you are root. Also, I created a dummy user of "www" to be the user owning the files, it doesn't matter who owns the files because we are not relying on that part of the permissions.

# chown www:client1 /var/www/client1
# chown www:client2 /var/www/client2

The permissions on these folders will now look like

#ls -l /var/www/
drwxrws---  6 www client1 4.0K Apr 14 15:28 client1
drwxrws---  6 www client2 4.0K Apr 14 15:28 client2

This will ensure that all files and folders created below this directory

Result

Developer1 can access Client1's files, change them, create new folders/files, but cannot get to Client2's files. Developer2 has the visa-vers result.

NOTE: any new file created by the developers will be owned by the developer and the group (e.g. the ownership will be developer1:client1). This is not a problem since we are not really checking user level permissions.

Helpful commands

Set the setgid on all folders.

# find ./* -type d -print0 | xargs -0 chmod 2775

Set all files to appropriate permissions

# find ./* -type f -print0 | xargs -0 chmod g+rw

umask is linux's way of determining default file/folder permissions when new files and folders are created. It's a little odd in that the umask is subtracted from 777 for folders and 666 for files to get the correct permissions. I don't claim to understand fully, but it just is.

What is your current umask?

umask
0002

By default, normal users will get a umask of 0002 = 775 on a folder and 664 on a file. This equates to

-rwxrwxr--

for a file.

I had a user that had a set umask of 0022, but all other users had a umask of 0002. This puzzled me, I looked in the normal areas that you can override the umask

/etc/profile

and

~/.bashrc

but didn't see anything obvious. Then looking in

/etc/passwd

I noticed this user had a groupid set to apache's group (48). This was done for reasons outside this discussion.

So if a userid or groupid < 99 then umask = 0022 (more restrictive).

Resources:
http://kbase.redhat.com/faq/docs/DOC-1373

Running out of space on the backup drive, I added another 1.5TB drive to the existing one to hold the company backup files. We do rsync style snapshots with a linux server and it was at 80% capacity. So I added another Seagate SATA to the simple Hardware RAID SATA card in the machine. Everything went well. Ran fdisk to partition the drive, ran mke2fs -f /dev/hde1 to format in EXT3 format. After that was done the

df -h

command showed only 2TB. That's odd, I know the filesystem takes some drive space, but not 1TB of it.

So after a little investigating you need to use a program called

parted

for drives >2TB. The commands are as follows

parted /dev/hde1

Once in the parted command prompt then you can run these commands on the new drive.

mktable gpt
mklabel 
mkpart primary 0 100%
quit

You can now format with

mke2fs -j /dev/hde1

References:
http://ubuntuforums.org/archive/index.php/t-901368.html

Some pages in Magento were giving just a white page, with no indication of errors in Zend Server console or log files. This was apparently a memory issue, so I restarted the web server and all was fine.

One issue I noticed was the server "setroubleshoot" was taking 12% of the systems memory. This program just logs issues with SELinux and it seems SELinux doesn't like my Magento install. I have SELinux just set to 'warn', but I may want to disable it all together. I stopped the 'setroubleshoot' program and turned it off with chkconfig.