scponly on RHEL5


  1. Downloaded scponly from here:
  2. Copy it over to the server: scp scponly-YYYYMMDD.tgz username@serverName:~/
  3. On the SFTP server untar the tarball in /usr/local:
    1. cd /usr/local
    2. cd scponly-YYYYMMDD
    3. ./configure –enable-chrooted-binary
    4. make
    5. sudo make install
  4. This will create the necessary files for scponly under /usr/local

Add SFTP chrooted user

  1. I downloaded the script from here: and modified it for our environment.
  2. Run the script. This will create the user if one doesn’t exist, create the directory structure and make a writeable directory for the user to upload files or pull files from.
  3. Add SFTP user to sshd_config AllowUsers, restart SSHD
  4. Test with a SFTP client NOTE: You will not be able to test with SSH!!

Channel bonding interfaces RHEL5

Instructions taken from here:

Here’s another good reference:

Create /etc/sysconfig/network-scripts/ifcfg-bond0


Edit /etc/sysconfig/network-scripts/ifcfg-eth1

# Broadcom Corporation NetXtreme II BCM5709 Gigabit Ethernet

Edit /etc/sysconfig/network-scripts/ifcfg-eth0

# Broadcom Corporation NetXtreme II BCM5709 Gigabit Ethernet

Add to /etc/modprobe.conf

alias bond0 bonding
options bond0 mode=balance-alb miimon=100

Install bonding module: modprobe bonding mode=balance-alb miimon=100

Restart networking: service network restart

View the status of bond0: cat /proc/net/bonding/bond0

Ethernet Channel Bonding Driver: v3.4.0-1 (October 7, 2008)

Bonding Mode: adaptive load balancing
Primary Slave: None
Currently Active Slave: eth1
MII Status: up
MII Polling Interval (ms): 100
Up Delay (ms): 0
Down Delay (ms): 0

Slave Interface: eth0
MII Status: up
Speed: 1000 Mbps
Duplex: full
Link Failure Count: 0
Permanent HW addr: 3c:4a:92:e4:48:a4

Slave Interface: eth1
MII Status: up
Speed: 1000 Mbps
Duplex: full
Link Failure Count: 0
Permanent HW addr: 3c:4a:92:e4:48:a6

RHEL5 Rollback RPM Update

Taken from here:

Fedora Core 5, like FC4, uses yum for package management. yum is built on top of rpm, and pirutpup, and yumexare graphical interfaces built on top of yum. Together, these tools provide a simple-to-use, powerful package management system.
One of the least-known secrets about rpm is that it can rollback (undo) package changes. It can take a fair bit of storage space to track the information necessary for rollback, but since storage is cheap, it’s worthwhile enabling this feature on most systems. This is a feature I’ve used several times while writing the book Fedora Linux.

Here’s cut-to-the-chase directions on using this feature:

  1. To configure yum to save rollback information, add the line tsflags=repackage to /etc/yum.conf.
  2. To configure command-line rpm to do the same thing, add the line %_repackage_all_erasures 1 to /etc/rpm/macros.
  3. Install, erase, and update packages to your heart’s content, using puppirutyumexyumrpm, and the yumautomatic update service.
  4. If/when you want to rollback to a previous state, perform an rpm update with the --rollback option followed by a date/time specifier. Some examples: rpm -Uhv --rollback '9:00 am'rpm -Uhv --rollback '4 hours ago'rpm -Uhv --rollback 'december 25'.

RHEL5 svn+https


Here are the steps I took to install Subversion over https on RHEL5


You will need mod_dav_svn in order to use Apache authentication for subversion repositories and mod_ssl for Apache over SSL to configure https+svn.

To install these if you are using the Apache RPM provided by RedHat Network: yum install mod_ssl mod_dav_svn

You will then need to reload apache.

Check config for errors: httpd -t

Reload service: service httpd reload

Apache configuration

By default, mod_ssl will add a ssl.conf file to /etc/httpd/conf.d/ssl.conf and include a default localhost certificate with generic information.  You can create a self-signed cert if you like or purchase a valid certificate.

I configured a virtual host to handle the subversion repository. Here is a copy of my virtual host stanza.

<VirtualHost *:443>


DocumentRoot /var/www/html


ErrorLog logs/

CustomLog logs/ common

<Location />

DAV svn

SVNParentPath /path/to/repo/

AuthType Basic

AuthName “Subversion repository”

AuthUserFile /path/to/svn-auth-file

Require valid-user

AuthzSVNAccessFile /path/to/svn-policy-file



SVN Policy File

Located at /path/to/svn-policy-file. The access file below will allow every authenticated user read access for a listing of all the repos.  By selecting repo1, user1 and user2 will be able to view the entire repo1 but user3 and user4 cannot.


admins = admin1, admin2, admin3


@admins = rw

* = r


@admins = r

user1 = r

user2 = r


@admins = r

user3 = r

user4 = r

Apache Basic Authentication File

Finally we need to create an Apache authentication file for access to the subversion repository.

htpasswd -cm /path/to/svn-auth-file user1 [user1 password]

htpasswd -m /path/to/svn-auth-file user2 [user2 password]

htpasswd -m /path/to/svn-auth-file user2 [user2 password]

htpasswd -m /path/to/svn-auth-file user2 [user2 password]

Note: Only the first command has -c option to create the file!


I found this great post explaining how to get mod_svn, subversion and selinux all working together.

SELinux, Subversion and mod_svn

Excellent SELinux troubleshooting explained:

Here’s what happened to me. I wanted to put my repository in a partition that was not under /var which is the where Apache by default stores it DocumentRoot.  Knowing that files need a particular SELinux context to run correctly under Apache  edited the security context to be the same as the /var/www/html directory which is the default directory.

chcon -R –reference=/var/www/html /path/to/repo

I was still getting SELinux errors and a permissions denied. All UNIX permissions were correct so I knew it was still SELinux.  So looking at the audit.log errors, I noticed that, similar to UNIX permissions, SELinux permissions are inherited and the permissions have to be correct going up to / as they are going down to the /path/to/repo.  So that lead me to check the SELinux permission on /data which is the partition I wanted my data on.

It was the SELinux permissions on /data that was preventing Apache from working properly. To resolve this I did the following:

chcon –reference=/var /data

NOTE: Make sure this change doesn’t break any other application that may be accessing files or using /data as it’s partition.

Now on to install redmine …

Install json for PHP 5

  1. Install json – This was actually trickier than expected. I assumed I would be able to install this via pear. Apparently, a PEAR Services_JSON package was developed, but it has never been accepted into the official repository. The trick instead is to use the PECL json package. This was as easy as running pecl install json and watching the compiler do its thing. When it’s done you should have file in your PHP modules directory. (Mine is/usr/lib/php/modules/.)
  2. Add json.ini file to /etc/php.d/ – This file is pretty simple. Simply add to this file and that will enable the extension.
  3. Restart Apache – Not much more to add here. Without the restart, the extension won’t be loaded.
  4. Profit!