Installed Ubuntu Server 9.04

Status
Not open for further replies.

NJC

Joined
Apr 28, 2005
Messages
3,050
Location
Vancouver BC
Not having enough interesting projects
smirk2.gif
, I decided to revisit my older project of turning an old Dell into a file server as per this thread.

I did take a look at FreeNAS and have burned an ISO disk, but decided with Ubuntu Server since I already have Ubuntu desktop installed on the disk. It installed painlessly on a logical partition, and was smart enough to write to the boot sector. But NOT smart enough to include a grub entry to include the option to boot into the primary Ubuntu 9.04 desktop partition. I installed SSH and Samba.

ssh works great from my main computer, and I have full access to the server. Interesting to be able to run Ubuntu remotely via a shell. I included an fstab entry on the server to automatically mount the primary 9.04 desktop as a backup partition but it doesn't show up under Network in Nautilus. Also included a Bookmark under Nautilus to automatically connect to the server, which will enable easy copy/paste of files.

The server drive is partitioned as followed:

primary: 30GB Ubuntu 9.04 Desktop
logical: 7GB Ubuntu 9.04 Server

I can access the server in Nautilus and copy files to that partition, so I'll likely shrink the primary partition and expand the logical server partition. Or just wipe out the primary Ubuntu desktop partition ... I kept in case the Ubuntu server installation bombed. Other thoughts: running Nano and Vi feels like a trip back to Edlin. Esc and ZZ to save in Vi?? It is and interesting and aggravating process. Certainly is a stark reminder of networking being its own field of expertise in the computer realm.
 
I am running Xubuntu 8.04 LTS with Samba and NFS as my file server. It has been bulletproof!

I tried Freenas in the past and did not like it. Too much web interface stuff, without the direct control. I'm old school. I like detailed logs and text files for configuration.

While I plan to continue using Ubuntu as my desktop, I am seriously considering changing the file server to FreeBSD and my firewall from IPCop to OpenBSD with PF. I really like the way the ports collection works in BSD and PF is everything you could want in a firewall with straightforward configuration.
 
Originally Posted By: NJC
I included an fstab entry on the server to automatically mount the primary 9.04 desktop as a backup partition but it doesn't show up under Network in Nautilus. Also included a Bookmark under Nautilus to automatically connect to the server, which will enable easy copy/paste of files.


It wouldn't show up as a network drive; it would (should) show up under whatever mount point you specified, ie. /media/[mount_point]. There could be permissions issues, too; both in terms of the other partition not wanting to let the "user" from the Server install access the root of the partition, and in the Server install's user's ability to read the mount point.
 
Originally Posted By: NJC
Other thoughts: running Nano and Vi feels like a trip back to Edlin. Esc and ZZ to save in Vi?? It is and interesting and aggravating process. Certainly is a stark reminder of networking being its own field of expertise in the computer realm.


Vi is a symlink to Vim. You can actually install vim-full and get some handy-dandy add-ons like syntax highlighting, autocompletion, etc.
 
Originally Posted By: uc50ic4more

Vi is a symlink to Vim. You can actually install vim-full and get some handy-dandy add-ons like syntax highlighting, autocompletion, etc.


Real men use EMACS.
27.gif



23.gif
 
Originally Posted By: Familyguy
Originally Posted By: uc50ic4more

Vi is a symlink to Vim. You can actually install vim-full and get some handy-dandy add-ons like syntax highlighting, autocompletion, etc.


Real men use EMACS.
27.gif



23.gif



A Vi vs Emacs battle would be a nice change from my oil is better than yours.
36.gif


Problem is I use Vi because it is installed on every Unix box in the world, but I agree Emacs is better.
 
I've just never gotten around to Emacs. When I taught sys-admin for Sun I always taught that you probably won't have Emacs if you are trying to recover a downed system, so you better get good with vi, if not ed or, ex, the underlying editor for vi.
 
Originally Posted By: uc50ic4more
Originally Posted By: NJC
I included an fstab entry on the server to automatically mount the primary 9.04 desktop as a backup partition but it doesn't show up under Network in Nautilus.

It wouldn't show up as a network drive; it would (should) show up under whatever mount point you specified, ie. /media/[mount_point].

I quickly solved that problem ... running Gparted and a fam member TURNED OFF THE COMPUTER. Both OS'es wouldn't start properly so I wiped whole drive and installed Ubuntu Server only.

Chmod 777 for /media and I'll dump my files there. BTW considering I am the only one accessing this server, is there any problem allow loose access. Or would 755 be a better alternative?
 
Originally Posted By: NJC

Chmod 777 for /media and I'll dump my files there. BTW considering I am the only one accessing this server, is there any problem allow loose access. Or would 755 be a better alternative?


If it's not connected to the Internet, I wouldn't worry. If it is, make sure your daemons that are publicly visible are chrooted so naughty people can't use things like SQL injection attacks to sneak a peak or (worse) write data into directories that are world writable.
 
Originally Posted By: uc50ic4more
Set up Samba properly and there ought not to be trouble.

As I much as I want to like Samba, it's still a royal pain with permissions. Why not allow users to enter passwords when permissions need changing?
 
I always 777 the user level (force 777 writes) stuff and use samba to enforce access etc. this way if i need to move files on a command line level i am not fussing chmod and chown all day. Also I stick wuth LTS releases because they are generally more widely used and supported.

System hostname teh-server
Operating system Ubuntu Linux 8.04.2
Webmin version 1.480
Time on system Thu Sep 17 06:50:17 2009
Kernel and CPU Linux 2.6.24-23-server on i686
System uptime 89 days, 20 hours, 8 minutes
CPU load averages 0.00 (1 min) 0.00 (5 mins) 0.00 (15 mins)
Real memory 1.97 GB total, 342.88 MB used
Virtual memory 5.80 GB total, 828 kB used
Local disk space 4.06 TB total, 1.34 TB used
 
+1 for 777

As long as you are not exposing ports (particulary smb or ssh) to the Internet, not a problem. If someone gets that deep into your system, you got bigger problems.
 
777 is dangerous for a directory.

It allows anyone to delete files in that directory.

r access for a directory allows you to read the directory
w access for a directory allows you to write, which means the creation and deletion of files in that directory.
x access for a directory is search, not execute. Which means you can actually use the r, make the d your CWD, etc.

The only place 777 is recommended is for places like /tmp and even there you have the sticky bit set so that only those with write access to a file can delete it.

So if you want 777, then make it 1777, setting the sticky bit on the directory so that there is a little more control over deletions, renames, etc.

By using 1777, the file permission does have a say in what happens in the directory.

Example

Directory has 1777 permissions drwxrwxrwt and owned by user root and group sysadmin:

you have a file owned by user1 in group1 with permissions -rwxrwxr-x

If you are not user1, or a member of group1 or root, you cannot delete or rename the file.

However, if you are user1, or a member of group1, you can delete the file.

Now, if the directory has 777 or drwxrwxrwx it doesn't matter who owns the directory or the file as anyone can do anything with the contents of the directory with respect to renaming or deleting the files.

The file modes still govern access to the data in the files, but the directory permissions allow anyone to delete or rename the files in such a directory.
 
In a business environment perms are important. For home I think of it as more of a NAS than a server. No domain hassles or perm issues. Plus that's what backups are for :)
 
Errrrrmmmm it's not bad habits. Everyone and every client at home has read write credentials thus the 777. This is for "Media" only. The OS stays licked down and no ports are accessible from outside. We all access the same file server via samba or ftp.
 
So you are at risk of some member of "we all" deleting a file.

If it's media, and it's not going to change, make the media files read-only and make the directory 1777. Anyone can add media to the directory, but only owners can delete it.

(I envision a folder full of MP3's or other similar media. Files that will not change, but a folder that will have things added to it as the library grows.)

Even if you trust everyone, accidents still happen.

Permissions of 1777 allow anyone to add to such a folder, but can limit deletions.

I'm not saying you have to do this. I'm saying this is an option that can prevent problems in the future.
 
umm so then you have to go find the "owner" to overwrite a file with an updated copy. Unnecessary complications. I am at risk of deleting a file by mistake as well. That comes with the territory of computers. This is why redundancy is more important than permissions. I archive all deletions for 180 days and I have snapshots of the media share daily with incremental changes.
 
Status
Not open for further replies.
Back
Top