What is it?
BaseOS is simply a copy of files from a standard CentOS 5.5 installation.
Where possible we install it in the memory of the server by using tmpfs. This way we get quite big performance increase, since we reduce the disk I/O and because tmpfs makes the stat operations almost atomic.
How we created it?
- We started with a simple single directory with only /bin/bash in it.
- Then we continued with adding all files required to run PHPs with all libraries required by PHP.
- After all that, we started looking at what was needed in order to have Perl and Python in there. Here is where we found that it will be a quite big OS and we would not be able to keep all of it in memory. So
we then added one more directory /chroot where we kept all the big folders (Perl, Python, frontpage and so on).
- At the end we added the /Z folder. It is used as verification method, so when we copy the contents to the memory we can verify that all files and folders were successfully copied. If this folder does not exist, we copy the contents of /root/baseos to /var/suexec/baseos once again.
One additional thing is the /root/baseos directory. While all users use /var/suexec/baseos(which is in memory) /root/baseos keeps all files on disk. This folder is there, because between reboots you must have a place from where you can copy the files to memory again.
How is it organized?
You have the standard Linux directory structure with two exceptions:
- You have the /Z folder.
- The /chroot folder. This one is used to keep all the things that we think don't need to be in memory. It has python2.4, the perl libs, frontpage files and the run directory(there we store the socket to NSCD).
What software do we have in there?
You can see what software we have by simply looking around in /var/suexec/baseos. However a few important things that we have there are:
- 6 different PHP versions:
- PHP 4.4
- PHP 5.0
- PHP 5.1
- PHP 5.2
- PHP 5.2 with Suhosin-Patch 0.9.7
- PHP 5.3
- Perl v5.8.8
- Python 2.4.3
- MySQL & PGSQL clis
- The following binaries (or symlinks to their corresponding location):
cp echo host mktemp python2.4 tar vim csh egrep hostname more rar tcsh wc awk curl env id mv reset time whereis basename cut false kill nano rm touch which bash date file less nice sed true whoami bzip2 diff find ln perl sh tset zip cat diff3 gawk ls pgrep sleep uname chmod dircolors grep mail pico sort unrar chown dirname gzip mesg pwd sperl unzip clear du head mkdir python tail vi
NB: If you need another binary added in the BaseOS for your server, you can do so following the instructions described here
Note that all PHP versions are shipped separately from the baseos packet. You will have all available PHP versions installed by default with the Hive installation. However, should you decide that you want a different release for one of the minor versions - there will be no problem to replace it. For example we might have PHP 5.2.17 as the default one for the 5.2 branch and still you will be able to install 5.2.9 instead should you need to do so.
How do we handle mail within the chroot?
Since every user is chrooted into the BaseOS, no one is actually able to use the sendmail command(this includes the PHPs). So we had to solve this problem. What we started with was the mini_sendmail command.
What this command does is to parse mails coming on STDIN and forward them as normal SMTP request to the SMTP server on localhost. In order to do this securely we modify your Exim configuration to prevent spam and abuse from local users.
So now every user has access to the sendmail command without the need of access to the local spool directory. One side effect from this is, that it is now easier to control the mails per hour, per user as all mails are coming as network connections and their local user origin is known.
# ls -1A ChangeLog - this file contains the changes we made to this directory frontpage/ - files required by FrontPage extensions module list.txt - this file contains some instructions on how the chroot was initially created and what packages was added to this folder locale/ - system locales perl5/ - perl5 libraries python2.4/ - python2.4 installation run/ - holds the socket to NSCD share.locale/ - additional system locales sites/ - configuration files for FrontPage extensions texmf/ - TeTeX/LaTeX support files tmp/ - directory where we mount /tmp from the / filesystem VERSION - the version of the collection of these files
Specific MySQL Socket configuration
With the installation of the Baseos the MySQL socket configuration in /etc/my.cnf is modified to:
The old MySQL socket is replaced by a sym link that points to the newly used one /tmp/mysql.sock in order to not cause any service disruption.