Tuesday, 19 March 2013

Replacing Nautilus with Nemo

As posted previously I've replaced Unity (meh) with Cinnamon on my Ubuntu laptop.

Cinnamon comes with a fork of the Nautilus file manager, called Nemo, which is a slight improvement I find. However, although various posts go through how to install Nemo, I found that it and Nautilus were competing to draw the desktop - such that on every other re-boot I was running one or the other.

So, as well as ensuring that any folder launch commands and file associations use Nemo over Nautilus, I also had to prevent Nautilus from auto-starting:

In Ubuntu the X-Server desktop menu set-up is held at /etc/xdg. Within this, folder autostart determines what starts automatically with the desktop. Remove the nautilus-autostart.desktop file from there (and make sure the Nemo install has added one). This should mean Nemo is preferred everywhere.

More excellent details here.

Friday, 1 March 2013

Setting up vsftp for Virtual Users (Ubuntu)


vsftpd setup for virtual users is fairly straght-forward but most guides don't go through the 'why', so here I'm attempting to explain this in brief.


Install vsftpd

- I'll assume you've already done this(!)


Update Configuration

The configuration file is typically in /etc/vsftpd.conf.

Make the following changes:


virtual_use_local_privs=YES
guest_enable=YES
guest_username=xxxxx
user_sub_token=$USER
local_root=/home/ftpusers/$USER
chroot_local_user=YES
hide_ids=YES
user_config_dir=/etc/vsftpd/vsftpd-user-conf


where,

guest_enable=YES

sets 'guest' logon allowed. With Virtual Users, you'll actually be logging on as this guest logon, so this is the id that needs the appropriate access to any folders you point the virtual user at.

guest_username=xxxxx

the local user to actually run under - should be a 'real' user, not a system one. Something like 'vftp' might be appropriate. Create them as 'normal' and either root the virtual user's in /home/vftp; or create a new folder structure and chown it to 'vftp'.

user_sub_token=$USER

how to identify the remote/virtual user. In this case using their 'user' name (what they logon with).

local_root=/home/vftp/$USER
which local root/home directory they will be sent to. So for a user 'test' they will start in '/home/vftp/test' in this example.

chroot_local_user=YES
'YES' means they will be confined to that local_root directory.

user_config_dir=/etc/vsftpd/vsftpd-user-conf 
A directory to use for 'per user' overrides. This is optional, but if you want one of your virtual users to operate under a different local user, or go to a different home directory you can create a file in this folder to do this.

Example 

You have virtual users 'test' and 'admin'. Test should have the basic access of '/home/vftp/test' and will create files as the (local) user 'xxxxx'. The 'admin' user you want to be able to access and update any of the virtual user's data within '/home/vftps'. 
Therefore create a file called 'admin' in /etc/vsftpd/vsftpd-user-conf with:

local_root=/home/vftp

which overrides the local_root setting and puts the user into the server at the higher-up node. 
This is where you could restrict access to 'read-only' if required at user-level (using write_enable=NO).

Amend PAM

The typical pam used (although it's set in the .conf file) is /etc/pam.d/vsftpd.

Update this to use just password authentication:

auth required pam_pwdfile.so pwdfile /etc/ftphtpasswd
account required pam_permit.so


where /etc/ftphtpasswd is the user/password file to hold your virtual users.
Everything else in the PAM can go - that's for enabling only locally defined (real) users to logon via ftp.
(there's a chance that the local PAM does not include pam_pwdfile ability - it's missing from /lib/security - in which case it can be installed from package libpam-pwdfile)

Create Users

Build the file mentioned above - /etc/ftphtpasswd using the htpasswd utility.


Verify

Logon with a suitable FTP client to check that each user is confined to the appropriate location, with the correct access rights.

(this info gathered in part from this post)


EDIT
*****
Ubuntu 12.04 (or maybe vsftpd) at some point decided not to like the crypt passwords htpasswd creates, so following guide here, use:

  sudo htpasswd -c -p -b ftphtpasswd user $(openssl passwd -1 -noverify password)