Linux Server Commands: # - - # # - Sign in on Optimum.net - # optimum.net # - Open port 80 on Optimum router - # http://optimumbusiness.custhelp.com/app/answers/detail/a_id/2140/~/port-80-and-optimum-internet-service https://www.optimum.net/internet/boost/ # - - # # - Configuring forwarding ports 8080 in server - # sudo vim /etc/apache2/ports.conf #Listen 80 Listen 8080 sudo vim /etc/apache2/sites-available/000-default.conf # # - Restart apache - # sudo /etc/init.d/apache2 restart; sudo service apache2 restart; How do I verify port and IP binding working ? sudo netstat -tulpn sudo /sbin/iptables -nvL sudo iptables -I INPUT 1 -i eth0 -p tcp --dport 8000 -j ACCEPT # - Test connection - # sudo wget http://localhost:80 sudo wget http://localhost:8000 sudo wget http://localhost:8080 # - - # # - Get IP Address number from the server - # ifconfig # - Very important - # When you change Router or Internet Company, Gateway changes, you have to change this configuration on: sudo vim /etc/network/interfaces enp0s3 Link encap:Ethernet HWaddr 08:00:27:77:e3:21 inet addr:192.168.1.170 Bcast:192.168.1.255 Mask:255.255.255.0 inet6 addr: fe80::a00:27ff:fe77:e321/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:13466 errors:0 dropped:0 overruns:0 frame:0 TX packets:5620 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:18912547 (18.9 MB) TX bytes:437124 (437.1 KB) lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:65536 Metric:1 RX packets:184 errors:0 dropped:0 overruns:0 frame:0 TX packets:184 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1 RX bytes:13280 (13.2 KB) TX bytes:13280 (13.2 KB) is_derayo@u-Server:~$ route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 192.168.1.154 0.0.0.0 UG 0 0 0 enp0s3 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 enp0s3 is_derayo@u-Server:~$ netstat -rn Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface 0.0.0.0 192.168.1.154 0.0.0.0 UG 0 0 0 enp0s3 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 enp0s3 is_derayo@u-Server:~$ route -nee Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface MSS Window irtt 0.0.0.0 192.168.1.154 0.0.0.0 UG 0 0 0 enp0s3 0 0 0 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 enp0s3 0 0 0 is_derayo@u-Server:~$ ip route show default via 192.168.1.154 dev enp0s3 onlink 192.168.1.0/24 dev enp0s3 proto kernel scope link src 192.168.1.200 # - Set an Static IP Address - # sudo vim /etc/network/interfaces # - Very important - # When you change Router or Internet Company, Gateway changes, you have to change this configuration on: sudo vim /etc/network/interfaces # - - # # - Vim commands - # # - Press the escape key and then type - # :q! To quit vim and discard all changes :wq Write the current file and exit "/" or "?" followed by the word you're searching for # - File - # # This file describes the network interfaces available on your system # and how to activate them. For more information, see interfaces(5). source /etc/network/interfaces.d/* # The loopback network interface auto lo iface lo inet loopback # The primary network interface auto enp0s3 # iface enp0s3 inet dhcp iface enp0s3 inet static address 192.168.1.200 netmask 255.255.255.0 network 192.168.0.0 broadcast 192.168.1.255 # The router IP Address here gateway 192.168.1.1 dns-nameservers 192.168.1.1 Simple: source /etc/network/interfaces.d/* # The loopback network interface auto lo iface lo inet loopback # The primary network interface auto enp0s3 #iface enp0s3 inet dhcp iface enp0s3 inet static address 192.168.1.200 netmask 255.255.255.0 # The router IP Address here gateway 192.168.1.154 dns-nameservers 192.168.1.154 # - Restart network - # sudo /etc/init.d/networking restart # - Reboot server - # reboot # - Update & upgrade to test new networking system on server - # sudo apt-get update; sudo apt-get upgrade; # - When connecting to the server - # ssh is_derayo@192.168.1.200 # - This happened - # is_derayo@UbuntuGnome3-Server:~$ ssh is_derayo@192.168.1.200 @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! Someone could be eavesdropping on you right now (man-in-the-middle attack)! It is also possible that a host key has just been changed. The fingerprint for the ECDSA key sent by the remote host is db:8e:fe:fe:e0:b1:89:46:27:09:da:14:e8:bd:69:67. Please contact your system administrator. Add correct host key in /home/is_derayo/.ssh/known_hosts to get rid of this message. Offending ECDSA key in /home/is_derayo/.ssh/known_hosts:6 remove with: ssh-keygen -f "/home/is_derayo/.ssh/known_hosts" -R 192.168.1.200 ECDSA host key for 192.168.1.200 has changed and you have requested strict checking. Host key verification failed. # - Apply to fix it - # ssh-keygen -f "/home/is_derayo/.ssh/known_hosts" -R 192.168.1.200 # - Install svftpd to modify files, folders, etc - # sudo apt-get install vsftpd; # - Modify vsftpd.conf file - # sudo vim /etc/vsftpd.conf # - Look for this line and UNCOMMENT to be able to write - # write_enable=YES # - Restart vsftpd service - # sudo service vsftpd restart; # - Configuring webserver - # # - Create www in /home/is_derayo - # mkdir /home/Data/WebServer/www/WebSite mkdir /home/Data/Documents/Downloads mkdir /home/Data/WebServer/www/WebSite/Test1 mkdir /home/Data/WebServer/www/WebSite/Test2 # - Rename directories - # mv old_name new_name mv file_name ~/Desktop # - "-R" to rename directories - # mv -R directory_name ~/Desktop gvfs-move /home/user/oldname /home/user/newname If you want to rename a directory at your level in the file system (e.g., you are at your home directory and want to rename a directory that is also in your home directory): mv Directory ./NewNameDirectory This will rename the directory if the destination doesn't exist or if it exists but it's empty. Otherwise it will give you an error. mv -T /home/user/oldname /home/user/newname If /home/user/newname exists, it will move /home/user/oldname into /home/user/newname, i.e. /home/user/newname/oldname mv /home/user/oldname /home/user/newname mv /home/is_derayo/Download /home/is_derayo/Downloads sudo vim /etc/apache2/sites-available/000-default.conf or cd /etc/apache2/sites-available sudo vim 000-default.conf modify line: DocumentRoot /var/www/html DocumentRoot /home/is_derayo/www/website DocumentRoot /home/Data-1/WebServer/www/website DocumentRoot /home/AllDisks-Data/WebServer/www/WebSite # - Restart apache service - # sudo service apache2 restart; # - Authorize apache - # sudo vim /etc/apache2/apache2.conf # - Look for - # ?Directory # - Look for this format - # Options Indexes FollowSymLinks AllowOverride None Require all granted # - Replace it with - # Options Indexes FollowSymLinks AllowOverride None Require all granted Options Indexes FollowSymLinks AllowOverride None Require all granted # - Restart apache service - # sudo service apache2 restart; # - - # # - Install Webmin in Ubuntu Server - # # - Get Webmin program - # wget http://prdownloads.sourceforge.net/webadmin/webmin_1.831_all.deb # - Get Webmin program - # sudo dpkg --install webmin_1.831_all.deb # - Edit soruces.list file - # sudo vim /etc/apt/sources.list # - Add to the end of the file - # deb http://download.webmin.com/download/repository sarge contrib sudo su cd /root wget http://www.webmin.com/jcameron-key.asc apt-key add jcameron-key.asc sudo apt-get update; sudo apt-get install webmin; sudo apt-get install perl libnet-ssleay-perl openssl libauthen-pam-perl libpam-runtime libio-pty-perl apt-show-versions python sudo apt-get -f install; # - Change active user in terminal - # # - How about using the su command? - # $ whoami user1 $ su - user2 Password: $ whoami user2 $ exit logout # - If you want to log in as root, there's no need to specify username: - # $ whoami user1 $ su - Password: $ whoami root $ exit logout # - Generally, you can use sudo to launch a new shell as the user you want; the -u flag lets you specify the username you want: - # $ whoami user1 $ sudo -u user2 zsh $ whoami user2 # - Install phpmyadmin - # sudo apt-get install phpmyadmin; # - The mbstring extension is missing. Please check your PHP configuration. - # cd /etc/php/7.0/cli sudo vim php.ini User ? to look for a word: ?extension_dir # - For windows? - # # - On Ubuntu Gnome 16.04 do not delete the ";" - # (delete the ";") on: extension_dir = "ext" change ;extension=php_mbstring.dll into extension=php_mbstring.dll (delete the ";") sudo service apache2 restart; sudo apt-get install php-mbstring; sudo service apache2 restart; # - ? - # sudo apt-get install libapache2-mod-php7.0; sudo apt-get install php7.0-mbstring sudo service apache2 restart; # - phpMyAdmin worked at last - # sudo apt-get install php-mbstring php7.0-mbstring php-gettext; sudo service apache2 restart; # - On Ubuntu Gnome 16.04 worked at last - # sudo phpenmod mcrypt; sudo phpenmod mbstring; sudo systemctl restart apache2; sudo service apache2 restart; # - The first time you have to login from terminal - # ssh is_derayo@192.168.1.200 # - Login into mysql - # mysql -u root -pAdministrator2 # - Then apply next commands in MySQL - # GRANT ALL PRIVILEGES ON *.* TO 'is_derayo'@'localhost' IDENTIFIED BY 'Administrator2' WITH GRANT OPTION; GRANT ALL PRIVILEGES ON *.* TO 'is_derayo'@'%' IDENTIFIED BY 'Administrator2' WITH GRANT OPTION; GRANT ALL PRIVILEGES ON *.* TO 'root'@'%' IDENTIFIED BY 'Administrator2' WITH GRANT OPTION; GRANT ALL PRIVILEGES ON *.* TO 'admin'@'localhost' IDENTIFIED BY 'admin' WITH GRANT OPTION; GRANT ALL PRIVILEGES ON *.* TO 'admin'@'%' IDENTIFIED BY 'admin' WITH GRANT OPTION; GRANT ALL PRIVILEGES ON *.* TO 'hp_laptop'@'localhost' IDENTIFIED BY 'hplaptop' WITH GRANT OPTION; GRANT ALL PRIVILEGES ON *.* TO 'hp_laptop'@'%' IDENTIFIED BY 'hplaptop' WITH GRANT OPTION; GRANT ALL PRIVILEGES ON *.* TO 'mario'@'localhost' IDENTIFIED BY 'canario' WITH GRANT OPTION; GRANT ALL PRIVILEGES ON *.* TO 'mario'@'%' IDENTIFIED BY 'canario' WITH GRANT OPTION; GRANT ALL PRIVILEGES ON *.* TO 'cvandemberg'@'localhost' IDENTIFIED BY 'sS@pB1' WITH GRANT OPTION; GRANT ALL PRIVILEGES ON *.* TO 'cvandemberg'@'%' IDENTIFIED BY 'sS@pB1' WITH GRANT OPTION; GRANT ALL PRIVILEGES ON *.* TO 'carlosroman'@'localhost' IDENTIFIED BY 'c1386' WITH GRANT OPTION; GRANT ALL PRIVILEGES ON *.* TO 'carlosroman'@'%' IDENTIFIED BY 'c1386' WITH GRANT OPTION; # - - # # - From FreeNAS termianal web browser - # CREATE USER 'is_derayo'@'localhost' IDENTIFIED BY 'Administrator2'; GRANT ALL PRIVILEGES ON *.* TO 'is_derayo'@'localhost' WITH GRANT OPTION; CREATE USER 'is_derayo'@'%' IDENTIFIED BY 'Administrator2'; GRANT ALL PRIVILEGES ON *.* TO 'is_derayo'@'%' WITH GRANT OPTION; # - - # CREATE USER 'root'@'%' IDENTIFIED BY 'Administrator2'; GRANT ALL PRIVILEGES ON *.* TO 'root'@'%' WITH GRANT OPTION; CREATE USER 'root'@'localhost' IDENTIFIED BY 'Administrator2'; GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' WITH GRANT OPTION; UPDATE user SET password=PASSWORD("Administrator2") WHERE User='root'; +---------------+------+ | host | user | +---------------+------+ | 127.0.0.1 | root | | ::1 | root | | localhost | | | localhost | root | | phx-webserver | | | phx-webserver | root | +---------------+------+ # - - # CREATE USER 'mario'@'%' IDENTIFIED BY 'canario'; GRANT ALL PRIVILEGES ON *.* TO 'mario'@'%' WITH GRANT OPTION; CREATE USER 'mario'@'localhost' IDENTIFIED BY 'canario'; GRANT ALL PRIVILEGES ON *.* TO 'mario'@'localhost' WITH GRANT OPTION; # - - # docker exec -it mysql1 mysql -uroot -pAdministrator2 ALTER USER 'mario'@'localhost' IDENTIFIED BY 'canario'; DROP USER 'mariofuentes'@'localhost'; DROP USER 'mariofuentes'@'%'; DROP USER IF EXISTS `carlo`@'localhost'; DROP USER IF EXISTS `carlo`@'%'; DROP USER IF EXISTS `croman`@'localhost'; DROP USER IF EXISTS `croman`@'%'; # - - # # - Accessing FreeNAS Server - # ssh 192.168.1.98; # - - # # - Accessing docker on FreeNAS Server - # https://severalnines.com/blog/mysql-docker-containers-understanding-basics ssh rancher@192.168.1.20 # - - # # - Show containers - # docker ps; [rancher@rancher ~]$ docker ps; CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 1647b6e69bb1 ghost:latest "docker-entrypoint..." 5 weeks ago Up 3 weeks 0.0.0.0:81->2368/tcp ghost-blog 59f6d6d2104b postgres:latest "docker-entrypoint..." 6 weeks ago Up 3 weeks 0.0.0.0:5432->5432/tcp postgres1 ddfe91d98e50 mysql:latest "docker-entrypoint..." 6 weeks ago Up 3 weeks 0.0.0.0:3306->3306/tcp mysql1 d3ede27e8393 httpd:latest "httpd-foreground" 6 weeks ago Up 3 weeks 192.168.1.20:80->80/tcp apache1 dcbfee685827 portainer/portainer "/portainer" 6 weeks ago Up 3 weeks 0.0.0.0:9000->9000/tcp portainer # - - # # - Show containers / Incluing no-running ones - # docker ps -a; [rancher@rancher ~]$ docker ps -a; CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 669f556c36da phpmyadmin/phpmyadmin "/run.sh phpmyadmin" 4 weeks ago Exited (255) 4 weeks ago 9000/tcp, 0.0.0.0:8080->80/tcp myadmin 1647b6e69bb1 ghost:latest "docker-entrypoint..." 5 weeks ago Up 3 weeks 0.0.0.0:81->2368/tcp ghost-blog 59f6d6d2104b postgres:latest "docker-entrypoint..." 6 weeks ago Up 3 weeks 0.0.0.0:5432->5432/tcp postgres1 ddfe91d98e50 mysql:latest "docker-entrypoint..." 6 weeks ago Up 3 weeks 0.0.0.0:3306->3306/tcp mysql1 d3ede27e8393 httpd:latest "httpd-foreground" 6 weeks ago Up 3 weeks 192.168.1.20:80->80/tcp apache1 dcbfee685827 portainer/portainer "/portainer" 6 weeks ago Up 3 weeks 0.0.0.0:9000->9000/tcp portainer # - - # # - Stop & remove container - # docker stop test-mysql docker rm test-mysql # - Create MySQL container - # docker run --detach --name=test-mysql --env="MYSQL_ROOT_PASSWORD=Administrator2" mysql docker logs test-mysql docker inspect test-mysql ip a | grep docker | grep inet docker stop test-mysql docker start test-mysql docker inspect test-mysql | grep IPAddress # - - # # - In a couple of minutes, the container “test-wordpress” will be up and running and linked to our test-mysql container - # docker run --detach --name test-wordpress --link test-mysql:mysql wordpress docker exec -it test-wordpress bash cat /etc/hosts root@297611f3ea55:/var/www/html# cat /etc/hosts 127.0.0.1 localhost ::1 localhost ip6-localhost ip6-loopback fe00::0 ip6-localnet ff00::0 ip6-mcastprefix ff02::1 ip6-allnodes ff02::2 ip6-allrouters 172.17.0.7 mysql a7cef94915e9 test-mysql 172.17.0.8 297611f3ea55 # - - # # - You can also expose the MySQL container to the outside world by mapping the container’s MySQL port to the host machine port using the publish flag (as illustrated in the above diagram). Let’s re-initiate our container and run it again with an exposed port - # docker rm -f test-mysql docker run --detach --name=test-mysql --env="MYSQL_ROOT_PASSWORD=Administrator2" --publish 6603:3306 mysql docker images; docker network ls; ip a; iptables -L -n -t nat; uname -a; netstat -tulpn | grep 3306; # - - # # - Accessing MySQL from Docker FreeNAS - # docker exec -it test-mysql bash; mysql -u root -pAdministrator2; show databases; mysql> show databases; +--------------------+ | Database | +--------------------+ | information_schema | | mysql | | performance_schema | | sys | +--------------------+ 4 rows in set (0.03 sec) show tables; select host, user from user; mysql> select host, user from user; +-----------+------------------+ | host | user | +-----------+------------------+ | % | root | | localhost | mysql.infoschema | | localhost | mysql.session | | localhost | mysql.sys | | localhost | root | +-----------+------------------+ 5 rows in set (0.00 sec) # - - # # - Accessing FreeNAS Server - # ssh 192.168.1.98; zfs list; # - - # # - Static IP-Address for MySQL server - # sudo vim /etc/mysql/my.cnf sudo vim /etc/mysql/mysql.conf.d/mysqld.cnf bind-address = 192.168.1.200 service mysql restart; # - - # # - Then you can loging from any computer without getting into the server - # mysql -u is_derayo -pAdministrator2 -h 192.168.1.100 mysql -u is_derayo -pAdministrator2 -h 192.168.1.200 mysql -u is_derayo -pAdministrator2 -h isdevelopment.us # - - # # - Error in update/upgrade MySQL Server 5.5 - # # - Try to purge all dependencies and re-install mysql-server - # sudo apt-get purge mysql-server mysql-client mysql-common mysql-server-5.5 # - - # # - Adding Data1 partition to the file system - # # - Get disk partitions - # sudo blkid; # - Get Data1 UUID partition to clipboard - # 8002185a-fe2b-4264-9054-719db2e80fd2 # - - # # - Create partition in /home to mount Data1 partition - # sudo mkdir /home/Data1; # - Modify fstab file - # sudo vim /etc/fstab; # - Add to the file - # # - - # # - /home/Data1 /dev/sda6 after installation - # # - /home/Data2 /dev/sdb1 after installation - # # - - # UUID=8002185a-fe2b-4264-9054-719db2e80fd2 /home/Data1 ext4 defaults 0 2 # - - # # - Reboot to fstab to take effect - # sudo reboot; # - - # # - Change Data1 ownership - # cd /home sudo chown is_derayo:is_derayo Data1; # - Change read/right properties on Data1 - # sudo chmod 777 Data1; # - Folders & files / Users & groups rights - # # - Create folders in ubuntu server - # mkdir /home/Data1/Documents mkdir /home/Data1/Documents/Downloads mkdir /home/Data1/Images # - Or if you already created it, move it to Documents folder - " mv /home/is_derayo/Downloads /home/Data1/Documents # - Change ownership to common user - # sudo chown -R is_derayo:users /home/Documents; sudo chown -R is_derayo:users /home/Images; # - Change rights to users - # sudo chmod 777 -R /path/to/someDirectory sudo chmod 777 -R Documents sudo chmod 777 -R /home/Documents sudo chmod 777 -R /home/Images # Create mask: determines the permissions new files will have when created # - Create directories to share - # Now that Samba is configured, the directory needs to be created and the permissions changed. From a terminal enter: # - Create directory & asign owner and group - # -p: will also create all directories leading up to the given directory that do not exist already. mkdir -p /home/Data1/Documents/ToShare-FullAccess mkdir -p /home/Data1/Documents/ToShare-JustRead mkdir /home/Data1/Documents/ToShare-FullAccess; mkdir /home/Data1/Documents/ToShare-JustRead; sudo mkdir -p /srv/samba/share sudo chown nobody:nogroup /srv/samba/share/ # - Change ownership to common user - # sudo chown -R is_derayo:users /home/Data1/Documents/ToShare-FullAccess; sudo chown -R is_derayo:users /home/Data1/Documents/ToShare-JustRead; # - Change permissions of the folder to be readable & writable for everybody - # # - 777="Full access to directory" - # chmod 777 /home/Data1/Documents/ToShare-FullAccess chmod 777 /home/Data1/Documents/ToShare-JustRead # - You really control the read only on the samba configuration file - # # - Modify samba configuration file - # sudo vim /etc/samba/smb.conf workgroup = L_IS wins support = yes # - For full linux instalation - # security = user name resolve order = lmhosts host wins bcast [ToShare-FullAccess] comment = ToShare-FullAccess to everybody in the net. path = /home/Data1/Documents/ToShare-FullAccess # path = /home/is_derayo/Documents/ToShare-FullAccess writeable = yes browseable = yes guest ok = no create mask = 0777 valid users = is_derayo, smbguest [ToShare-JustRead] comment = ToShare-JustRead to everybody in the net. path = /home/Data1/Documents/ToShare-JustRead # path = /home/is_derayo/Documents/ToShare-JustRead writeable = no browseable = yes guest ok = no create mask = 0755 valid users = is_derayo, smbguest # - Remember that your user must have permission to write and edit the folder you want to share - # sudo chown /srv/samba/share/ sudo chown : /srv/samba/share/ sudo chown -R melissa /srv/samba/share/ sudo chgrp -R sysadmin /srv/samba/share/ sudo setfacl -R -m g:qa:rx /srv/samba/share/ # - - # # - Create & configuring samba user - # # - - # # - Create user with no home directory - # sudo adduser mariojose --shell=/bin/false --no-create-home; sudo useradd smbguest --shell /bin/false; # - - # # - This procedure works beautiful in server's terminal - # # - Already tested - # # - - # sudo useradd -u 990 josue -s /usr/sbin/nologin; sudo smbpasswd -a josue; sudo smbpasswd -e josue; sudo useradd mario -s /usr/sbin/nologin; sudo smbpasswd -a mario; sudo smbpasswd -e mario; # - - # # - Jump to config smb.conf file - # # - - # # - In full installed linux terminal - # sudo gedit /etc/samba/smb.conf # - In server's terminal - # sudo vim /etc/samba/smb.conf sudo /etc/init.d/samba restart; # - Delete user and all his home directory & files - # sudo deluser --remove-home --remove-all-files mariojose; # - Add samba user to sambashare group - # sudo usermod -a -G sambashare smbguest; sudo adduser smbguest; useradd -u 999 navin sudo adduser --no-create-home --disabled-password --disabled-login smbguest; # - - # # - Create user - # sudo adduser tmp_user --shell=/bin/false # - If you don't want the home directory - # sudo adduser tmp_user --shell=/bin/false --no-create-home # - If you want an even more locked down system user - # (also will not create a home directory) sudo adduser tmp_user --system --group # - - # sudo adduser --system --no-create-home --group --disabled-login tmp_user # - Indicated for smbguest user - # sudo adduser --group smbguest --uid 998 --no-create-home smbguest --shell /bin/false; sudo adduser --no-create-home --uid 998 smbguest --shell /bin/false; sudo adduser --no-create-home --disabled-login --uid 998 smbguest --shell /bin/false; # - Specific user ID - # sudo adduser --no-create-home --disabled-login --uid 998 hola --shell /bin/false; # - Create a User with Specific Group ID - # useradd -u 1000 -g 500 tarunika cat /etc/passwd | grep tarunika tarunika:x:1000:500::/home/tarunika:/bin/bash # - Add user smbguest to multiple groups - # sudo adduser -G smbguest,sambashare smbguest; sudo adduser --no-create-home --disabled-login --uid 998 --ingroup sambashare,othergroup hola --shell /bin/false; # - Change user ID - # id mariofuentes; uid=996(mariofuentes) gid=130(sambashare) groups=130(sambashare) sudo usermod -u 1010 mariofuentes; [sudo] password for is_derayo: id mariofuentes; uid=1010(mariofuentes) gid=130(sambashare) groups=130(sambashare) # - Add a new group - # sudo groupadd -g 1050 Administration; # - Add existing user to a group - # sudo usermod -a -G sambashare smbguest; sudo usermod -a -G Administration juan; # - Create an user ‘anusha‘ with a home directory ‘/data/projects‘ - # sudo useradd -d /data/projects anusha # - Change existing user to a different group - # sudo usermod -g www smbguest; # - To list all users - # cut -d: -f1 /etc/passwd; cat /etc/passwd; cat /etc/passwd | grep anusha; cat /etc/passwd | grep smbguest; cat /etc/group; cat /etc/group | grep smbguest; # - Id users - # id smbguest; # - Grant a user Sudo Privileges - # sudo visudo # - Search for the line that looks like this - # root ALL=(ALL:ALL) ALL # - Below this line, copy format for new user - # root ALL=(ALL:ALL) ALL is_derayo ALL=(ALL:ALL) ALL # - How to enable ssh root access on Ubuntu - # sudo vim /etc/ssh/sshd_config; Look for this line: PermitRootLogin without-password Add the following line: PermitRootLogin yes Look for this line and remove comment # PasswordAuthentication yes Restart ssh service: sudo service ssh restart; /etc/init.d/ssh restart; # - Asign password to root user - # sudo passwd root; # - Delete user - # sudo deluser --remove-home smbguest; sudo deluser --remove-home --remove-all-files smbguest; sudo userdel -f -r smbguest; sudo userdel smbguest; # - - # # - To remove home directory - # sudo rm -r /home/smbguest; # - To add a home directory to an existing user - # # - Create a home directory - # # - Chown this directory for the user - # sudo usermod -d /home/smbguest; You can also hide the user on the login screen by adjusting lightdm's configuration. In /etc/lightdm/users.conf add the newly created user to the line: hidden-users= # - VERY IMPORTANT - # # - Create a samba password for user: is_derayo - # sudo smbpasswd -a is_derayo; sudo smbpasswd -a smbguest; New SMB password: Retype new SMB password: Added user username. # - Very important - # sudo smbpasswd -e is_derayo; sudo smbpasswd -e smbguest; Enabled user username. NOTE: After creating samba users you have to restart samba server # - Restart samba service - # sudo systemctl restart smbd.service nmbd.service sudo /etc/init.d/smbd restart; sudo service smbd restart; sudo /etc/init.d/samba reload; sudo /etc/init.d/samba restart; sudo smbd reload; # - Once Samba has restarted, use this command to check your smb.conf for any syntax errors - # testparm; # - Samba configuration in Server - # # - Modify samba configuration file - # sudo vim /etc/samba/smb.conf # - [global] - # workgroup = L_IS ... security = user # - Windows support - # wins support = yes ... name resolve order = lmhosts host wins bcast # - Share definitions - # [ToShare-FullAccess] comment = ToShare-FullAccess to everybody in the net. path = /home/Documents/ToShare-FullAccess writeable = yes browseable = yes guest ok = no create mask = 0777 valid users = is_derayo, smbguest [ToShare-JustRead] comment = ToShare-JustRead to everybody in the net. path = /home/Documents/ToShare-JustRead writeable = no browseable = yes guest ok = no create mask = 0755 valid users = is_derayo, smbguest [share] comment = Ubuntu File Server Share path = /srv/samba/share browsable = yes guest ok = yes read only = no create mask = 0755 # - Restart samba service - # sudo /etc/init.d/samba restart; # - More than one network card - # If you have more than one network card (or interface) then you have to define where you want Samba to run. In smb.conf under the [global] section, add: interfaces = 127.0.0.1, 192.168.0.31/24 bind interfaces only = yes The first address (127.0.0.1), is a loopback network connection (it's your own machine). The second address (192.168.0.31), is the address of the card you want Samba to run on, the second number (24) is the subnet default for a CLASS-C network. It may vary depending on your network. With "bind interfaces only" you limit which interfaces on a machine will serve SMB requests. You can limit which IP address can connect to your Samba server adding these lines: hosts allow = 127.0.0.1, 192.168.0.31, 192.168.0.32 hosts deny = 0.0.0.0/0 The loopback address must be present in the first line. The second line deny access from all IP address not in the first line. # - Private and public shares in same config - # First you'll want to set this up in the [global] section of your smb.conf [global] security = user encrypt passwords = true map to guest = bad user guest account = nobody security = user restricts logins to users on your server. encrypt passwords = true is necessary for most modern versions of Windows to login to your shares. map to guest = bad user will map login attempts with bad user names to the guest account you specify with guest account = nobody. That is, if you attempt to login to the share with a user name not set up with smbpasswd then you will be logged in as the user nobody. # - Next the private share - # [private] comment = Private Share path = /path/to/share/point browseable = no read only = no If browseable is set to no the share will not show up on graphical browsers such a "My Network Places" on Windows or Places -> Network on Ubuntu. path is the path to the directory that you want to share out. browseable = no will have the share not show up when users browse the network. read only = no will let you, as an authenticated user, write to the share. # - Finally, the public share - # [public] comment = Public Share path = /path/to/share/point read only = no guest only = yes guest ok = yes Again, path is the path to the directory that you want to share out. read only = no will allow users to write to this share. guest only = yes and guest ok = yes will allow guest logins and also force users to login as guests. The user you specified with guest account in the [global] section must have write permissions on /path/to/share/point in order to write files to the share. Note: When Windows attempts to access a SMB share it will use the current Windows user name and password. The map to guest = bad user trick above allows access to the public share only if you give Samba an incorrect user name. If you give it a valid user name, but a bad password, the login will fail and Windows will give you a password prompt when you try to access the share. If you have the same user name for your Windows machine and your Ubuntu machine, you could be unwittingly giving the Samba server a valid user name, but invalid password. To resolve this you will either have to change the Windows user name, or to remove that user name from the Samba password file with sudo smbpasswd -x [username]. Note: The above uses security = user. To access the private shares you will have to make sure the user exists in smbpasswd. These users must also already exist as normal users on your machine. You add users to smbpasswd simply by running sudo smbpasswd -a [username] and giving a password. # - Setting permissions - # To set permissions of newly created documents / files edit /etc/samba/smb.conf and in the [global] section add : create mask = 0644 directory mask = 0755 # - Use the mode/mask options - # When you (or your users) want or need to create files and folders on the Samba share you're connected to, the parent folders must have been created with the right permissions. To ensure this happens, you must add the create mask = 0777, create mode = 0777, and (if your share is being particularly stubborn) force create mode = 0777. These will ensure that all directories/folders created within the parent have read/write permissions. NOTE: Use this with caution, as it does make those directories/files fully read/writable. # - Mapping shared folders in the server from your terminal - # # - Automount using /etc/fstab - # A lot of people don't know that you can use /etc/fstab to automount your Samba shares. By doing this, you won't have to manually mount those shares every time you reboot (which is rare anyway, right?). A typical /etc/fstab entry for automounting a Samba share will look like this: //SAMBA_SERVER_ADDRESS/SHARE /PATH/TO/MOUNT/POINT cifs credentials=/etc/samba/user.cred 0 0 # - This commands are to be done from TERMINAL, no the server - # 1. Install cifs-utils Install smbfs (even if you already have Samba and related packages installed): sudo apt-get install cifs-utils 2. Create mounting point: sudo mkdir /media/ sudo mkdir /media/u-ServerDocuments sudo mkdir /home/is_derayo/Documents/u-ServerDocuments 3. Edit /etc/fstab and add your entry: sudo gedit /etc/fstab # - This actually worked - # # - From terminal - # sudo mount //192.168.1.100/ToShare-FullAccess /home/is_derayo/Documents/u-ServerDocuments/ -o user=is_derayo,password=Administrator2; or sudo mount //192.168.1.100/ToShare-FullAccess /home/is_derayo/Documents/u-ServerDocuments/ -o user=is_derayo,credentials=/home/is_derayo/.smbcredentials; # - From /etc/fstab file - # sudo gedit /etc/fstab //192.168.1.100/ToShare-FullAccess /home/is_derayo/Documents/u-ServerDocuments cifs user=is_derayo,credentials=/home/is_derayo/.smbcredentials,rw 0 0 or //192.168.1.100/ToShare-FullAccess /home/is_derayo/Documents/u-ServerDocuments cifs user=is_derayo,uid=1000,iocharset=utf8,credentials=/home/is_derayo/.smbcredentials,rw 0 0 and additional # - Edit & combine /etc/rc.local file to reload if fstab does not work - # sudo gedit /etc/rc.local # By default this script does nothing. #mount --bind /home/Documents /home/is_derayo/Documents mount --bind -o uid=1000,rw /home/Documents /home/is_derayo/Documents mount --bind /home/Documents/Downloads /home/is_derayo/Downloads mount --bind /home/Documents/Music /home/is_derayo/Music mount --bind /home/Documents/Pictures /home/is_derayo/Pictures mount --bind /home/Documents/Videos /home/is_derayo/Videos mount //192.168.1.100/ToShare-FullAccess # - - # 4. Create the .smbcredentials file in your home directory: gedit ~/.smbcredentials gedit /home/is_derayo/.smbcredentials username=shareuser password=sharepassword domain=domain_or_workgroupname username=is_derayo password=Administrator2 domain=l_is 5. Make sure you secure your ~/.smbcredentials file: chmod 0600 ~/.smbcredentials 6. Finally, test the mount with: sudo mount -a //192.168.1.100/ToShare-FullAccess /home/is_derayo/Documents/u-ServerDocuments smbfs credentials=/home/is_derayo/.smbcredentials,rw,user 0 0 //192.168.1.100/ToShare-FullAccess /home/is_derayo/Documents/u-ServerDocuments ext4 credentials=/home/is_derayo/.smbcredentials,rw,user=is_derayo,password=Administrator2 0 0 //192.168.1.100/ToShare-FullAccess /home/is_derayo/Documents/u-ServerDocuments ext4 user=is_derayo,password=Administrator2,defaults,noauto,rw 0 0 sudo mount.ext4 //192.168.1.100/ToShare-FullAccess /home/is_derayo/Documents/u-ServerDocuments/ -o user=is_derayo sudo mount -t smbfs -o username=is_derayo,workgroup=l_is,password=Administrator2 //192.168.1.100/ToShare-FullAccess /home/is_derayo/Documents/u-ServerDocuments/ //192.168.0.5/storage /media/myname/TK-Public/ cifs username=YOURUSERNAME,password=YOURPASSWORD,iocharset=utf8,file_mode=0777,dir_mode=0777 //192.168.1.5/my/folder /home/mounts/localmount cifs user=admin,password=123,rw,iocharset=utf8,uid=1000,gid=1000 0 0 //192.168.0.5/storage /media/myname/TK-Public/ cifs guest,uid=myuser,iocharset=utf8,file_mode=0777,dir_mode=0777,noperm 0 0 //192.168.1.5/my/folder /home/mounts/localmount cifs rw //servername/sharename /media/windowsshare cifs username=msusername,password=mspassword,iocharset=utf8,sec=ntlm 0 0 //servername/sharename /media/windowsshare smbfs username=guest,password=,uid=1000,iocharset=utf8,codepage=unicode,unicode 0 0 //192.168.1.100/home/Documents/ToShare-FullAccess/ /home/is_derayo/Documents/u-ServerDocuments cifs rw uid=is_derayo,credentials=/home/is_derayo/.smbcredentials,iocharset=utf8,sec=ntlm 0 0 //192.168.1.200/home/Documents /home/is_derayo/Documents/u-ServerDocuments cifs rw uid=is_derayo,credentials=/home/is_derayo/.smbcredentials,iocharset=utf8,sec=ntlm 0 0 //server/share /pathto/mountpoint cifs credentials=/home/username/.smbcredentials,uid=shareuser,gid=sharegroup 0 0 //server/share /media/windowsshare cifs credentials=/home/ubuntuusername/.smbcredentials,iocharset=utf8,sec=ntlm 0 0 Special permissions //servername/sharename /media/windowsshare cifs uid=ubuntuuser,credentials=/home/ubuntuuser/.smbcredentials,iocharset=utf8,sec=ntlm 0 0 For windows //servername/sharename /media/windowsshare cifs guest,uid=1000,iocharset=utf8 0 0 3. Create the .smbcredentials file in your home directory: gedit ~/.smbcredentials gedit /home/is_derayo/.smbcredentials username=shareuser password=sharepassword domain=domain_or_workgroupname username=is_derayo password=Administrator2 domain=l_is username=smbguest password=smbguest domain=l_is 4. Make sure you secure your ~/.smbcredentials file: chmod 0600 ~/.smbcredentials 5. Finally, test the mount with: sudo mount -a # - - # # - - # [Samba] create mask = 0777 Scott Millhisler sjmlistread at sjm.net Tue Mar 11 20:10:06 GMT 2003 Previous message: [Samba] Samba 2.2.6pre2 as a Domain Controller Next message: [Samba] XP and SAMBA drivers Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] David: The following is written for those who have little or no knowledge of Linux's file and directory permission settings and need to understand some of the mask related parameters in Samba's smb.conf file. It may or may not be suited for your knowledge level. I hope at least helps a little. --------------------------------------------------- ==== File and Directory Permission Mask Values ==== --------------------------------------------------- Q> What does "create mask = 777" in smb.conf indicate? A> I will explain what the numbers indicate first, they serve the same function in all of the file related mask and mode parameters. The numbers are "bit masks" for the file or directory access privileges. For now in this text, when I refer to a "file" I mean a file or directory, they are treated the same here. -=- How Linux File Permissions are Handled -=- ---------------------------------------------- Each file stored in a standard Linux volume has 3 sets of privilege settings, one set for the file's owner, one set for the file's group members and one set for everyone else (other). For each of these three classes of users there are 3 options, read, write, and execute. Looking at a Samba mask parameter value as a 3 digit number, which is all we need to deal with in this discussion, each digit represents one of the 3 class of users. (Note: a value of 0740 is the same as 740; any leading zeros can be omitted.) The value of each digit can be between 0 and 7 so we call these octal digits. The 3 classes of users represented by these 3 digits are, owner, group, and other. - The owner is the Linux user who currently the file. - The group is the Linux group to which the file belongs. If a user belongs to the same group as the file, that user inherits those permissions. - Other is everyone but the owner and group members. For example, let's look at a mask of 740. It can be broken down as the following: - The first digit (7) indicates the file's owner's options. - The second digit (4) indicates the file's group member's options. - The third digit (0) indicates the file's options for everyone else. -=- How the Permission Settings are Arranged -=- ------------------------------------------------ As mentioned earlier there are 3 different permission settings, represented by a single octet. This is where the 'bit mask' comes in. If you are familiar with binary notation then this will be easy to calculate. The settings are represented by bit positions of a 3 bit cluster. 2 | 4 <--- ||| ---> 1 111 <------------ Binary Number 111 (3 digits) Read <--- ||| ---> Execute | Write In this "cheesy" ASCII diagram the binary number 111 is shown in the middle. Above it shows the decimal value of each digit, and below is what permission is granted by each of the three digits. A 1 assigns the permission. Therefore, in binary notation Read access has a decimal value of 4 (100), Write has a decimal value of 2 (010), and Execute has a value of 1 (001). Now to derive a single digit in our permissions mask we convert the binary value to a single digit decimal value. Therefore, full permission (read, write and execute) has a decimal value of 7. Some other examples: Permission Binary Decimal ---------- ------ ------- Read/Write 110 6 Read Only 100 4 Read/Execute 101 5 Now that we know that we can use these digits to assign permissions for the file's owner, group, and others as explained above. For our example above, permissions mode 740 would represent the file's owner having Read/Write/Execute permission, the group members have Read only permission, and everyone else has no access permissions at all to the file. -=- Viewing a File's or Directory's Permission Modes -=- -------------------------------------------------------- These rights are seen when you get a directory listing with the 'ls -l' shell command. You will see the rights listed in the 1st column, in a letter notation. For example, a file will appear as: -rw-r--r-- 1 root staff 8346 Mar 10 17:43 smb.conf Ignoring the 1st character '-' for a moment, - characters 2-4 represent the file owner's permission, "rw-" (read/write) - characters 5-7 represent the file group members permissions, "r--" (read) - characters 8-10 represent everyone else's permissions, "r--" (read) The last of the 3 symbols, which is always '-' in this example, will be 'x' if the execute right is assigned. Each of the three characters in a user class grouping corresponds to a bit position as shown earlier. Instead of it showing a 1 or 0 it uses characters to make it more readable. 'r' for Read, 'w' for Write, 'x' for eXecute, and '-' for not set. That 1st character in the 10 character permissions indicator is used by Unix/Linux to specify additional attributes to the file, such as 'd' if it is a directory or 'l' if it is a link. The usage is seldom assigned by the average user and beyond the scope of this text. -=- Samba smb.conf mask parameter examples -=- ---------------------------------------------- Now with that long explanation out of the way we can apply that knowledge to the create mask and directory mode parameters. -=- create mask -=- ------------------- Note: This is a synonym for create mode. This setting tells samba what permissions to mask against the DOS/Windows assigned permissions for a new file when it is created from a Windows/DOS client. This means that if a permission isn't indicated in this create mask parameter, then it won't be assigned to the file when created. This applies to files only, not directories. There are many factors that may affect this parameter so for detailed information see the man or info pages for smb.conf. -=- directory mask -=- ---------------------- Note: This is a synonym for directory mode. This really the same concept as create mask but it applies to directories not files. Just remember that if you want any of the 3 groups (owner, group, other) to be able to at least access a directory, set the read AND execute permissions. There are many factors that may affect this parameter so for detailed information see the man or info pages for smb.conf. That should be enough information to get the newcomer on their way to using directory and file masks. For more information see the man or info pages for, ls, chmod, and smb.conf. For errors or blatant omissions email scott at sjm.net Scott Millhisler SJM Computer Consulting - Perry, Michigan