edafe.org » server

Ubuntu Linux is for everyone

edafe — Wed, 29 Oct 2008 23:18:28 +0000

Ubuntu is a relatively new flavour of Linux. Since the release of ‘Warty Warthog’ in October 2004, it has become the most popular Linux distribution worldwide. Similar to its parent, Debian GNU/Linux, Ubuntu is based entirely on free software. It inherits outstanding package management and provides one-click access to thousands of downloadable applications.
Ubuntu can be installed as an application inside an existing Windows installation. This provides new users with a great opportunity to try Ubuntu at no risk to their existing setup. Ubuntu 8.10 (Intrepid Ibex) is the latest version and available for download from today.
www.unbuntu.com

Sharing a PostScript printer with CUPS and Samba

edafe — Thu, 28 Dec 2006 09:12:21 +0000

Using Samba and CUPS, the Common UNIX Printing System, Ubuntu can easily be configured to provide printing services to a heterogeneous network of Windows, Macintosh and Linux clients.

Printing with CUPS

Get the necessary packages with the following command:

user@ubuntu:~$ sudo apt-get install cupsys foomatic-filters-ppds

Add the user cupsys to the group shadow:

user@ubuntu:~$ sudo adduser cupsys shadow

Get the file cupsd.conf and move it to /etc/cups/:

user@ubuntu:~# sudo wget "http://edafe.org/ubuntu/cups/cupsd.conf" user@ubuntu:~# sudo mv cupsd.conf /etc/cups/

The downloaded file contains the following changes from the Ubuntu default configuration:

# Default authentication type, when authentication is required... DefaultEncryption IfRequested # Restrict access to the admin pages... Allow @LOCAL

Setting these options enables members of the admin group to modify the configuration of the CUPS server from clients sharing the same local network.

Modify the file /etc/cups/cups.d/ports.conf to read:

Port 631 Listen localhost Listen 192.168.0.123 Listen /var/run/cups/cups.sock

For 192.168.0.123, substitute the IP address of your machine on the local network.

Restart cupsd with the following command:

user@ubuntu:~$ sudo /etc/init.d/cupsys restart

Use a web browser to access http://localhost:631/admin (or http://192.168.0.123:631/admin from another machine on your local network). Go to Administration > Add Printer and begin to set up your printer. When prompted by the system, authenticate yourself as a member of the admin group. If necessary, obtain the correct PostScript Printer Description (PPD) file for your printer model. Print a test page to confirm that your printer is working properly with CUPS.

Making Printers Available over the Network

Install and configure a Samba server and then add the following options to /etc/samba/smb.conf:

[global] printing = cups load printers = Yes printcap name = cups [printers] comment = All Printers printable = Yes path = /var/spool/samba/print browseable = No guest ok = Yes read only = Yes

Create the directory /var/spool/samba/print and set its permissions with the following two commands:

user@ubuntu:~$ sudo mkdir -p /var/spool/samba/print user@ubuntu:~$ sudo chmod 1777 /var/spool/samba/print

Restart the Samba server with the following command:

user@ubuntu:~$ sudo /etc/init.d/samba restart

Set your Samba clients to use a printer driver that outputs generic PostScript. Use the the Apple LaserWriter driver on Windows, the Generic PostScript driver on Mac OS X or the Raw Standard driver on Ubuntu.
wiki.ubuntuusers.de, www.samba.org

Samba as a file server

edafe — Thu, 16 Nov 2006 20:41:47 +0000

Samba enables Linux to speak the Server Message Block (SMB) protocol, which is also used by Windows and Mac OS X to exchange data over a network.

Get the necessary packages with the following command:

user@ubuntu:~$ sudo apt-get install swat netkit-inetd

For an initial configuration, edit the file /etc/samba/smb.conf to contain the following entries:

[global] workgroup = SAMBA [homes] comment = Home Directories valid users = %S read only = No create mask = 0640 directory mask = 0750 browseable = No

Continue by adding local users to the smbpasswd file:

user@ubuntu:~$ sudo smbpasswd -a user

Restart the Samba server with the following command:

user@ubuntu:~$ sudo /etc/init.d/samba restart

The server ubuntu now joins the SAMBA workgroup, giving users who have been added to the smbpasswd file access to their respective home directories.

Using SWAT

Using the Samba Web Administration Tool (SWAT), you can access help, obtain status information and change the configuration of your Samba server. Use a web browser to access http://localhost:901/ and log in as the local root user.
In principle, SWAT can also be reached from other machines on your local network. However, such connections are vulnerable to password sniffing because of the clear text protocol that SWAT uses to authenticate users.
www.samba.org, copia.ogbuji.net

Thoughts on moving from Debian to Ubuntu Server

edafe — Tue, 26 Sep 2006 22:03:45 +0000

“If Canonical keeps its update schedule and support commitments along with the legendary Debian robustness, we may have a keeper.” Staff at Advosys Consulting are considering Ubuntu for entirely practical reasons.
www.advosys.ca

Public/private key authentication with SSH

edafe — Mon, 25 Sep 2006 19:31:42 +0000

SSH is a protocol that enables secure logins to your computer over a network. SSH supports the use of public/private key pairs for user authentication. Private keys are kept locally, while public keys are stored on the remote machine.

On the Local Machine

Use the command ssh-keygen -t dsa to generate a key pair for the local user. Use an appropriate passphrase to secure your private key (don’t be tempted to use an empty passphrase).
Set the permissions for the private key file with the following command:

user@ubuntu:~$ chmod 600 ~/.ssh/id_dsa

On the Remote Machine

Get the necessary packages with the following command:

user@ubuntu:~$ sudo apt-get install ssh

Copy the public key file ~/.ssh/id_dsa.pub from the local to the remote machine.

On the remote machine, move and rename the file with the following command:

user@ubuntu:~$ mv id_dsa.pub .ssh/authorized_keys2

Set the permissions for the file with the following command:

user@ubuntu:~$ chmod 600 ~/.ssh/authorized_keys2

Add the user user to the group ssh:

user@ubuntu:~$ sudo adduser user ssh

Get the file sshd_config and move it to /etc/ssh/:

user@ubuntu:~# sudo wget "http://edafe.org/wp-content/uploads/2006/09/sshd_config" user@ubuntu:~# sudo mv sshd_config /etc/ssh/

The downloaded file contains the following changes from the Ubuntu default configuration:

LogLevel VERBOSE AllowGroups ssh LoginGraceTime 20 PermitRootLogin no MaxAuthTries 1 RSAAuthentication no PasswordAuthentication no X11 Forwarding no TCPKeepAlive yes ClientAliveInterval 15 ClientAliveCountMax 3 MaxStartups 3 UsePAM no

Setting these options makes root logins impossible. Only users belonging to the group ssh may establish a connection. Access to the remote machine is strictly tied to the private key and the passphrase used to encrypt it.

Next, restart the SSH server on the remote machine with the following command:

user@ubuntu:~$ sudo /etc/init.d/ssh restart

You should now be able to log into the remote machine using the private key stored on the local machine:

user@ubuntu:~$ ssh remote.machine Enter passphrase for key '/home/user/.ssh/id_dsa':

The book SSH The Secure Shell by Daniel Barrett, Richard Silverman and Robert Byrnes is useful as a reference text and has information on other clever stuff you can do with SSH.
www.ibm.com/developerworks/linux/

Securing Linux

edafe — Tue, 12 Jul 2005 20:02:53 +0000

Mario Eberlein, Rene Auberger and Wolfram Andreas Richter give an overview of security concepts, installation issues, and potential threats and their exploits. They also offer “practical advice on how to secure and harden a Linux-based system”.
www.ibm.com Part 1, Part 2, Part 3

RAID-1

edafe — Wed, 29 Jun 2005 06:54:27 +0000

RAID-1 can help protect your data from hard drive failure. This article is geared towards helping you to better understand and implement a RAID-1 device.
www.linuxjournal.com Part 1, Part 2

Linux Inc

edafe — Wed, 02 Feb 2005 19:42:35 +0000

“Little understood by the outside world, the community of Linux programmers has evolved in recent years into something much more mature, organized, and efficient. Put bluntly, Linux has turned pro.” Steve Hamm takes you on a tour of what has become the Linux phenomenon.
www.businessweek.com

Linux: the thinking person’s IT solution

edafe — Sat, 20 Nov 2004 19:07:32 +0000

“It is ironic that a fear of technology has sent thousands of companies hurtling into the arms of an IT vendor that has some of the most complex, resource hungry and insecure server technology on the market.” Malcolm Cartledge prefers low cost and high reliability.
www.biosmagazine.co.uk

Monitoring hard disks with SMART

edafe — Tue, 01 Jun 2004 09:39:44 +0000

“Many users and system administrators don’t know that SMART systems are built into most modern ATA and SCSI hard disks.” Bruce Allen explains how to use Self-Monitoring, Analysis and Reporting Technology (SMART) to monitor the health of your hard disks and preempt catastrophic failures.
www.linuxjournal.com