ESPCI web site
ESPCI
CNRS
Sorbonne Université
LPEMNetwork in Linux
In this page
- ssh
- File Server
- Mounting network disk
- Communicating with windows network
- dhclient broke resolv.conf
- Install php7 locally
- Limit http access to localhost
- OpenVPN
1. ssh
I am working in machine 'A' and logging in remotely into 'B'. In the following I will install the ssh server in 'B' and create a pair of keys to allow logging from 'A' into 'B' without having to type a password.
* Assuming that machine 'B' has no ssh, go there physically and install it: (B) $ sudo apt-get install ssh # or install openssh-server (B) $ service ssh status # Should say 'Running' * Go back to machine 'A' and do all the remaining work from there: (A) $ mkdir ~/.ssh # Create the .ssh dir in home (A) $ ssh-keygen # Generate keys (keep default values) (A) $ scp ~/.ssh/id_rsa.pub <user>@<B>:~/.ssh/newkey # Copy the key to remote (B) (A) $ ssh <user>@<B> # log into B (needs password) (B) $ cd ~/.ssh # Go to .ssh directory (B) $ cat newkey >> authorized_keys # Append key to the list of authorized keys (B) $ rm newkey # Delete the file used as a temp key holder (B) $ chmod 600 authorized_keys # Change file permissions (B) $ exit # log out (A) $ ssh <user>@<B> # log into B without having to type a password
2. File Server
2.1. Install webmin.
2.2. Install ssh and samba
$ sudo apt-get install ssh samba
2.3. Launch a web browser and go to https://localhost:10000 (or https://<IP number or DNS name>:10000 if on another computer in the same network).
2.4. Navigate to 'Servers > Samba Windows File Sharing'
- If this is not available try clicking on 'Refresh modules' at the bottom-left of the page.
- If the preceeding step fails, navigate to 'Others > System and Server Status'; choose 'Samba Services' from drop down list and click on 'Add monitor of type:'. Then refresh again.
2.5. Create a file share
2.5.1. Click on 'Create a new file share
- Give a name a the mount point (eg. ocg and /server/ocg)
- 'Owner' and 'Group' should be set to 'root'
- 'Available' and 'Browsable' should be set to yes
- Click on 'Create'
2.5.2. Click on the desired file share to set permissions
- Click on 'Security and access control' icon
- Writable > yes;
- Guest Access > none;
- Guest Unix User: root; and 'Save'
-
Click on 'File Permissions' icon
- New Unix File Mode: 755
- New Unix Directory Mode: 755
- Force Unix User: root
- Can Delete Read-Only Files: yes
2.6. Users
- Click on 'Convert Unix users to Samba users' and follow instructions
- Click on 'Configure automatic Unix and Samba user synchronisation' and choose at least the 'Add a samba user when a Unix user is added'.
- Create new users on 'System > Users and groups' (because of the preceeding step they will be automatically added to samba users).
- Create a new group that will share the same folder (e.g. sharers) and add this group to all users concerned
- Go to a command line and change the group and permissions of the shared folder (e.g. /server/sf)
$ sudo chgrp sharers /server/sf $ sudo chmod g+w /server/sf $ sudo chmod g+s /server/sf # New files in /server/sf inherit the folder group $ sudo chmod o-rw /server/sf # Folder is not accessible to other people
Note: If a user's connection is not going through, it might be a problem with the samba user configuration. To add him manually:
$ sudo smbpasswd -a <user>
3. Mounting network disk
There are two possibilities. One can either mount the network share using sshfs or nfs (I still have to look at the differences, advantages and, most of all, how to do the nfs stuff).
$ sudo apt-get install sshfs # Install sshfs $ sudo usermod -a -G fuse <user> # Add users to fuse group $ mkdir <local_dir> # Create folder to receive sharing (chown if necessary) $ sshfs dns_name:<share> <local_dir> # Mount network disk (easier if ssh keys are set) $ fusermount -u <local_dir> # Unmount the NAS
4. Communicating with windows network
4.1. Install samba:
$ sudo apt-get install samba
4.2. Edit /etc/samba/smb.conf:
workgroup = <workgroup name> netbios name = <name>
4.3. Saving the file generally does the job. If it doesn't, this restarts the samba service:
$ sudo service smbd restart
5. dhclient broke resolv.conf
After a dhcp problem I tried to re-start the dhcp by releasing and recalling dhclient
$ sudo dhclient -r $ sudo dhclient eth0
In the immediate things worked fine. But as this was a laptop, moving to a different network broke dns resolution. Even though the computer was getting a new IP from the dhcp server, the file /etc/resolv.conf kept the information about the old network only. Looking at other computers, I noticed that all of them had the file /etc/resolv.conf not as a file but as a symlink to /run/resolvconf/resolv.conf. To correct the problem, these were my actions:
$ sudo cp /etc/resolv.conf /run/resolvconf/resolv.conf $ sudo mv /etc/resolv.conf /etc/resolv.conf.old $ sudo ln -s /run/resolvconf/resolv.conf /etc/resolv.conf
I then rebooted but probably a network restart might be enough.
$ sudo service networking start
6. Install php7 locally
First the obvious, install apache and php:
$ sudo apt-get install apache2 php7.0
This will install install the server. The root directory is /var/www. For my local develoment I just put a symlink (or as many as I want) in this directory to whereever my files are. They symlink is important because the server entry point in a browser is http://localhost, which points to /var/www.
$ sudo ln -s /directory/where/files/are/ local_link_name
The problem is that I could not get php scripts to work locally. The issue was that my pages had an html extension, not php. I could change all extensions but I did not want to.
To solve that, first create a .htaccess file in the directory the html files are. Put the command below in it as it should force the server to parse html as php:
AddType application/x-httpd-php .html
Well, it should but it doesn't... You have to change the apache2 configuration. First find where is the configuration file:
$ apache2 -V
My output had a bunch of stuff. The important lines are:
-D HTTPD_ROOT="/etc/apache2" -D SERVER_CONFIG_FILE="apache2.conf"
Now do the following:
- Check that the file /etc/apache2/apache2.conf
has the line
AccessFileName .htaccess
- Inside the same file you should find a section (If you don't find
this section, take a look at /etc/apache2/sites-available/default):
<Directory /var/www/> Options Indexes FollowSymLinks MultiViews AllowOverride None Require all granted </Directory>
Modify the "AllowOverride None" to "AllowOverride All". -
Make sure that the proper apache library for php7 is installed
$ sudo apt install libapache2-mod-php7.0
http://localhost
See the the symlink note above. Double clicking on a file does not go through the web server.7. Limit http access to localhost
Edit (with sudo power) the file /etc/apache2/sites-enabled/000-default.conf and add the following jsut after the line containingDocumentRoot /var/www/html
<Directory /var/www/html/>
Order deny,allow
deny from all
allow from localhost
# Alternative: allow from 127.0.0.1
</Directory>
Adapt the directory name accordingly, duh. Then restart the server:
$ sudo service apache2 restart
To avoid a warning about the server fully qualified domain name, you may also need to edit /etc/apache2/apache2.conf and add, in the Global Configuration section:
# Global Configuration # ServerName localhost
8. OpenVPN
Install OpenVPN:
$ sudo apt-get install openvpn network-manager-openvpn
Click on the network icon in the taskbar and then:
- 'VPN Connections > Configure VPN...';
- Choose 'OpenVPN' and 'Create';
- Set a connection name;
- Set the 'Gateway' address;
- Set 'Type' as 'Password';
- Load the CA certificate;
- Set the user name as choose how the password should be handled;
- Click on 'Advanced' and set whatever your server needs;
- Save.
The VPN connection will be available by clicking on the networkl icon in the taskbar.