What is Difference between worker and prefork

Apache (HTPD) is  very popular and widely deployed web server arround the world. A-Patchy server comes with multiple modules. The term MPM is used for multiprocessing module. We can check for default mpm by running this command “ httpd -l ”

Apache 2 is available with following 2 MPM modules.

PREFORK
WORKER

(mpm_winnt This Multi-Processing Module is optimized for Windows NT.)
(mpm_netware Multi-Processing Module implementing an exclusively threaded web server optimized for Novell NetWare)

A) Prefork MPM

A prefork mpm handles http requests just like older Apache 1.3. As the name suggests it will pre-fork necessary child process while starting Apache. It is suitable for all those websites which don’t want threading for compatibility. i.e for non-thread-safe libraries . It is also known as the best MPM for isolating each incoming http request.

How it works: – A single control (master) process is responsible for launching multiple child processes which serves incoming http requests. Apache always tries to maintain several spare (not-in-use) server processes, which stand ready to serve incoming requests. In this way, clients do not need to wait for a new child processes to be forked before their requests can be served.
We can adjust this spare process through the Apache configuration. Default settings are usually enough for small amount of traffic. One can always tune those Directives / Values as per their requirements.

Pre-Fork is the default module given by Apache.

# prefork MPM
# StartServers: number of server processes to start
# MinSpareServers: minimum number of server processes which are kept spare
# MaxSpareServers: maximum number of server processes which are kept spare
# ServerLimit: maximum value for MaxClients for the lifetime of the server
# MaxClients: maximum number of server processes allowed to start
# MaxRequestsPerChild: maximum number of requests a server process serves
<IfModule prefork.c>
StartServers       8
MinSpareServers    5
MaxSpareServers   20
ServerLimit      256
MaxClients       256
MaxRequestsPerChild  4000
</IfModule>

B) Worker MPM

A worker mpm is an Multi-Processing Module (MPM) which implements a hybrid multi-process multi-threaded server. By using threads to serve requests, it is able to serve a large number of requests with fewer system resources than a process-based server.

The most important directives used to control this MPM are ThreadsPerChild, which controls the number of threads deployed by each child process and MaxClients, which controls the maximum total number of threads that may be launched.

Strength : Memory usage and performance wise its better than prefork
Weakness : worker will not work properly with languages like php

How it works : – A single control process (the parent) is responsible for launching child processes. Each child process creates a fixed number of server threads as specified in the ThreadsPerChild directive, as well as a listener thread which listens for connections and passes them to a server thread for processing when they arrive.

Apache always tries to maintain a group of spare or idle server threads, which stand ready to serve incoming requests. In this way, clients do not need to wait for a new threads or processes to be created before their requests can be served. The number of processes that will initially launched is set by the StartServers directive. During operation, Apache assesses the total number of idle threads in all processes, and forks or kills processes to keep this number within the boundaries specified by MinSpareThreads and MaxSpareThreads. Since this process is very self-regulating, it is rarely necessary to modify these directives from their default values. The maximum number of clients that may be served simultaneously (i.e., the maximum total number of threads in all processes) is determined by the MaxClients directive. The maximum number of active child processes is determined by the MaxClients directive divided by the ThreadsPerChild directive

# worker MPM
# StartServers: initial number of server processes to start
# MaxClients: maximum number of simultaneous client connections
# MinSpareThreads: minimum number of worker threads which are kept spare
# MaxSpareThreads: maximum number of worker threads which are kept spare
# ThreadsPerChild: constant number of worker threads in each server process
# MaxRequestsPerChild: maximum number of requests a server process serves
<IfModule worker.c>
StartServers         4
MaxClients         300
MinSpareThreads     25
MaxSpareThreads     75
ThreadsPerChild     25
MaxRequestsPerChild  0
</IfModule>

What is shell ?

Shell is a program which allows users to interact with computers.

Shell is an command language interpreter that executes commands read from the standard input device (keyboard) or from a file. Several shells available fo Linux and UNIX operating systems are :

SH (Bourne Shell) Old Unix Shell.
BASH (Bourne-Again Shell) GNU
CSH (C Shell) BSD
TCSH (Popular extension of C Shell)
KSH (Korn Shell) Bell Labs
ZSH (Popular Extension of Korn Shell)
RSH (Remote Shell) TCP/IP

User’s use keyboard to send commands to system. The interface they are using is called CLI (Command Line Interface). If you are normal user (non administrator) prompt is called
“$” prompt (dollar prompt). If you are administrator (super user) then prompt is called
“#” prompt (pound /hash).

If you want to know how many shells are supported by your system then use following command.
$cat /etc/shells
OR
#cat /etc/shells
Note : Above command will display content of file “/etc/shells” on your screen.

How do I find out what shell I’m using?

As We mentioned earlier that shell is a program which allows users to interact with system, we can find out which shell you are using right now using “ps” command with -p switch.
ps -p $$
So what is $ argument passed to -p option? Remember $ returns the PID (process identification number) of the current process, and the current process is your shell. So running a ps on that number displays a process status listing of your shell. In that listing you will find the name of your shell (look for CMD column) .

nilesh@gnulinux:~$ ps -p $$
  PID TTY          TIME CMD
 3301 pts/0    00:00:00 bash

What is shell ? Unix / Linux / centos / redhat / suse / fefora / bsd / solaris / Aix
How to find out which shell I am using ?
what is shell prompt ? what is difference between $ (dollar) and #(pound)(hash) prompt?
About shell, command interpreter program.
What is shell script?

UMASK for sftp users / connections – Linux / centos / fedora / ubuntu

As Internet is now growing like anything, various requirements / demands come across. recently i was setting up a web development server where multiple developers were required to add / edit / update files on same directory ….. hmmm .. Initially i thought i will create a group and add those developers in that group and everything will be done .. but as default UMASK on LINUX server is set to 0022, it dosen’t grant write permissions to group by default.. Hence I need to change UMASK to 0002 for those sftp users… and here you go ..There are multiple ways to achieve this .. first way to set up a shell script which will start sftp sub system with umask 0002 …

Create following shell script:

#!/bin/bash

umask 0002

# The path to your sftp-server binary may differ
exec /usr/libexec/openssh/sftp-server

Then I pointed the Subsystem directive in the sshd_config file to my script:

Subsystem       sftp    /opt/sftp-server-script.sh

A quick restart/reload of the sshd configuration and I was in business. Both users could see and edit each others files. Email or comment with questions.

—Second option :
Or even simpler still as @Gilles pointed out in the comments you can do away with the wrapper script entirely and simply change the Subsystem line in your sshd_config to this:

Subsystem sftp /bin/sh -c ‘umask 0002; /usr/libexec/openssh/sftp-server’

Thanks Mate… much appreciated.

—Third Option
There is a new flag for the sftp-server, ‘-u’, that allows you to directly set the umask, overriding the user umask. So to use it, just do this:

Subsystem sftp /usr/libexec/openssh/sftp-server -u 0002

Configure Sendmail to log “Subject” line for each email sent.

Hi Friends,
In this article we will learn how to configure sendmail so that you can log “Subject” in /var/log/maillog as by default sendmail does not log Subject to maillog file.

This is really interesting. Business people many times are interested in getting mail log files analyzed. To analyse mail logs they need various field to appera in mail logs. e.g. “From”“To”“Subject” etc from the sent email. By default sendmail logs From and To fields but it does not log Subject field. In this article you will learn how to enable sendmail to log “Subject”.

  • First of all take backup of your “sendmail.mc” and “sendmail.cf” files. Default location for those files is /etc/mail.
  • Now open “sendmail.mc” in your favourite editor and add following lines in it and save it. I usually prefere to add it at boottom of file so you can easily identify your modifications.

LOCAL_CONFIG
Klog syslog
HSubject: $>+CheckSubject

LOCAL_RULESETS
SCheckSubject
R$* Press TAB Key $: $(log Subject: $1 $) $1

This last line is very crusial. after R$* press tab key as suggested. Then after $: press space key.
After log there is a space key, after Subject: there is a space key after $1 there is a space key. After closing bracket there is a space key before $1.

  1. Now you need to regenerate sendmail.cf file. use m4 macro to do so. 

    #m4 sendmail.mc > sendmail.cf

  • Now restart sendmail and you verify your maillog file. You will see Subject line for each mail which is being sent from or relayed from your email server

Automate execution of shell scripts owned by non-root users at boot

Hi all, This is really going to be useful. many times we need to execute some commands or shell scripts as non-root user at the time of booting. say for example you need to mount samba share to be mounted as non-root user at time of system boot. Many people do argue that why you need to mount share as non-root user … A good answer for that argument is, not all applications are running as root user on server. For security reasons it is a good practice to have different non-root users as owner of different applications.

Follow these steps to execute a single command as non-root user at time of bootinig in unix/linux.

  1. edit your rc.local script as this is the script which will be execute immediately after booting. usually it is available under /etc/ directory. type following line of command to mount a external samba share as non-root user.su – {userid} -c {COMMAND}If you think you have more arguments in your command line or you have more then 1 command to be executed then put them alltogether in one shell script and then usesu – {userid} -s {shell-script}

    e.g. you need to mount two mounts on single linux servers and those two mounts are on different servers then your shell-script called myscript will become something like. also it is good idea to keep that script in users home directory or in a directory which is accessible by that non-root user other wise it will not work.


    #!/bin/bash
    /usr/bin/smbmount //{first server name OR IP address}/{share name} {first local path to mount} -o username,password rw
    /usr/bin/smbmount //{second server name OR IP address}/{share name} {second local path to mount} -o username,password rw
    exit;
    And for this case your entry in /etc/rc.local will be

    su – {non-root-user} -s {/home/non-root-user/myscript}

Make sure that non root user have valid shell available other wise this will not work

Apache / HTTPD : No space left on device: Cannot create SSLMutex

It is true that life teaches you new lesson every day… Yesterday for first time I came across the server where I was unable to restart apache / httpd service on server. It looked bit strange but after checking error.log if found following errors ..

Apache: No space left on device: Cannot create SSLMutex

After searching on web I found that Apache is leaving a bunch of stray semaphore sets lying around after an attempted restart of httpd / apache. In lay man’s term “semaphore” is a dead object in memory or locked process in operation… huh !!!! Don’t worry, there is a way out for this .. we need to list and grep those processes (dead processes)  and terminate all such locked instances of apache. Use following command to list those processes.

ipcs -s | grep apache

Most likely you will see a fairly large list here. You need too, and it is safe too, have these deleted. The following command will again do the trick:

ipcs -s | grep apache | awk ' { print $2 } ' | xargs -n 1 ipcrm -s 

Note: If your apache is running as nobody or another user, be sure to substitute that other user in place of  apache above.
————————————————————————————————————-

;Cannot create SSLMutex solution

;
At the heart of the problem, is most likely a poorly configured Apache server. By default, SSMutex is configured to the default setting, as it was on this one server of ours. If you read the Apache.org pages for mod_ssl configuration, they have this to say about the default setting:

;

The following Mutex types are available:

none | no

This is the default where no Mutex is used at all. Use it at your own risk. But because currently the Mutex is mainly used for synchronizing write access to the SSL Session Cache you can live without it as long as you accept a sometimes garbled Session Cache. So it’s not recommended to leave this the default. Instead configure a real Mutex.

;

There are of course optional configuration settings. At the very least, it is suggested that you set SSLMutex to sem, which will let Apache choose which SSLMutex type to use.

You will most likely find this setting in the ssl.conf file located at /etc/httpd/conf.d.