3. Configuration

3.1 Default passwords.

Basic setups are already being done and Superb Mini Server is ready out of the box...

Default Passwords are:

root account password is toor

administrator account password is toor

Webmin Login: admin : admin (https://[yoursmsserver]:10000)

TorrentFlux Login: admin : admin (http://[yoursmsserver]/tflux)

Samba Shares are:

Samba @ SMS path=/var/smb/samba/ (Read/write to everyone)

Faxes path=/var/spool/hylafax/recvg/ (Read/write to everyone)

TorrentFlux Downloads path=/var/smb/tflux_downloads/ (Read/write to everyone)

Placed under Workgroup = WORKGROUP

FTP Accounts are:

webftp:webftp path=/srv/httpd/htdocs/ (Read)

ftpuser:ftpuser path=/var/ftp/ (Read/write)

WebERP demo account is: demo : weberp (http://[yoursmsserver]/webERP)

PHPLdapAdmin: toor (http://[yoursmsserver]/phpldapadmin)

AvantFax: admin : password (http://[yoursmsserver]/avantfax)

3.2 Securing and optimizing your server.

Well you install SMS and all working as you should. What’s next?

Either your server will be online or in a local network you should secure you server, from unauthorized access.

3.2.1 Local accounts.

First action is to change the default passwords for root and administrator user.

Just type “passwd youruser” e.g. “passwd administrator”

Do the same for ftp users.

Tip: Always use complex passwords, and when adding users for mail or ftp and you are not going to use them for shell login always disable the shell e.g /bin/false or /dev/null

To change account passwords from webmin navigate to

Webmin->System->Users and Groups

Select your user and alter password.

3.2.2 MySQL.

Another mandatory action is to add a password to mysql root user, by default mysql has no root password.

To do that type “mysql -u root mysql”and set password with the command

mysql> set password for root@localhost=password(‘yourpasword’);

To set a root password from webmin navigate to

Webmin->Servers->MySQL Database Server->User Permissions

And change password for root and for other users as well if you want.

Tip: Don’t forget to change credentials in web apps configuration files when you alter other users.

3.2.3 Webmin.

Webmin needs your attention too, since it has the power to alter your system.

Change the password of admin user and select the networks that allowed to have access to it, you can also change the port which listen to(default :10000.)

To change login password navigate at

Webmin->Webmin Users->admin

and change it’s password.

To change or restrict access to webmin, navigate at

Webmin->Webmin Configuration->Ports and Addresses

and alter Port number.

Webmin->Webmin Configuration->IP Access Control

to restrict access.

3.2.4 Web Applications.

If you finished with local users, it’s time to handle the web applications

TorrentFlux

WebERP

PhpLDAPAdmin

PHPMyAdmin

HTTP access (.htaccess .htpasswd)

If you are not using any of the above delete their folders or disable their login.

If you have install applications from /extra such as avantfax do the same.

3.2.5 Samba.

Increasing security you can change samba security from share to user so a login will required for accessing the shares, and add

hosts allow = 192.168.1. 127. 10.0.0.

for restricting outside networks for accessing your samba shares.

3.2.6 OpenLDAP.

Openldap needs a change of password too.

Just type “slappasswd” enter your password, copy/paste your password in slapd.conf e.g.

rootpw {SSHA}CMsEaYBDv2oO0TVpeCr0cwQVfTBm8/pJ

Don’t forget to change the password for ldap entries too (by default all are “toor” )

cn=Manager

cn=dovecot

cn=postfix

uid=administrator

To change passwords, login in phpldapadmin (http://<yourserver>/phpldapadmin) and you should see

all the entries listed. Selecting one will show you info about

entry and a field named password.

Enter your new password and select it’s encryption from the

drop down list, for instance SSHA, and press the “Update Object”

button. It will ask you to confirm changes, press once again the

“Update Object” button for changes to apply.

3.2.7 Services.

You have changed all the passwords by now and you server it’s secure, what about speeding and lighten our server.

For doing that you must disable the services you are not using e.g mail server or fax server or print services.

There are startup scripts run by system like rc.S and rc.M when starting, rc.6 upon shutdown or reboot, rc.K when starting in single user mode, and rc.4 when the system runs in graphical run level (KDM or XDM).

All services have a startup script placed under /etc/rc.d/ named usually like rc.<name of the service>.

To disable a service make the startup script not executable by changing it’s permissions.

e.g. “chmod -x /etc/rc.d/rc.script”

In some cases such as hylafax disabling the service it’s not enough.

For disabling Hylafax do:

chmod -x /etc/rc.d/rc.hylafax

remove or comment faxgetty dialup line in /etc/inittab manually or with

sed -e ‘s/d1:12345:respawn:/#d1:12345:respawn:/g’ -i /etc/inittab

Remove hylafax cronjobs from /etc/cron.hourly & /etc/cron.daily.

Reboot your server.

For Disabling Mail System do:

chmod -x /etc/rc.d/{rc.postfix,rc.spamd,rc.mailscanner,rc.clamav,rc.dovecot,rc.saslauthd,rc.sqlgrey}

To disable openldap do:

chmod -x /etc/rc.d/rc.openldap

To disable proftpd (ftp server) do:

chmod -x /etc/rc.d/rc.proftpd

To disable CUPS (print server) do:

chmod -x /etc/rc.d/rc.cups

For disabling Samba do:

chmod -x /etc/rc.d/rc.samba

For disabling webserver (HTTPD) do:

chmod -x /etc/rc.d/rc.httpd

For disabling mysql do:

chmod -x /etc/rc.d/rc.mysql

For disabling SSH server do:

chmod -x /etc/rc.d/rc.sshd

For disabling AFP server do:

chmod -x /etc/rc.d/rc.atalk

For disabling fail2ban server (not recommended) do:

chmod -x /etc/rc.d/rc.fail2ban

Tip: For enabling/disabling services you can use “pkgtool” script, select to rerun installation scripts and select services.

You can also switch from SMS’s advance mail server configuration to plain mail server (sendmail) using “sms-chooseMTA.sh” script. The script will switch mailserver from postfix to sendmail and vice versa.

For doing it manual just do

chmod -x /etc/rc.d/rc.postfix

chmod +x /etc/rc.d/rc.sendmail

cp /usr/sbin/sendmail /usr/sbin.sendmail.postfix

cp /usr/sbin/sendmail.original /usr/sbin.sendmail

postfix stop

/etc/rc.d/rc.sendmail start

3.3 Configuring X.

There are three ways to configure X Window system. The first is by a fully automated way through ‘xconf’ script.

All you have to do is to type “xconf”, and start “startx” to start KDE.

The second way is Slackware’s semi-automated way through “xorgsetup” command. Once you type “xorgsetup”

you will be guided through a few steps configuration windows.

The third way is by typing “xorgconfig”, a menu driven frontend with more detailed configuration, but you probably never need to run it. Once you finish with X config run “startx” to launch KDE.

4. Adding and Removing packages.

SMS uses Slackware’s package management ( pkgtools ).

To install packages use‘installpkg’

installpkg package.tgz

To upgrade an existing package use ‘upgradepkg’

upgradepkg package.tgz

If the upgrade package has a different name you can use

upgradepkg oldpackage.tgz%newpackage.tgz

To remove a package use ‘removepkg’, all installed packages have an entry in /var/log/packages/.

removepkg /var/log/packages/package

4.1 Installing SMS extra packages.

To install development packages mount SMS.Native.CD-Install.iso or download ‘slackware/devel’ directory from http://sms.it-ccs.com/isos/SMS-Current/ and do

installpkg slackware/devel/*.tgz

or you can use the tagfile and do

cd slackware/devel/

./install-packages

To install a bootsplash kernel, just do

installpkg extra/bootsplash_kernels/bootsplash-kernel.tgz

open /etc/lilo.conf and uncomment the following lines or add them if missing

append = “splash = verbose”

initrd = /boot/initrd.splash ( under label= SMS )

and run ‘lilo’ for changes to apply.

If you want to install a generic-bootsplash kernel you have to create an initrd image with your modules e.g.

mkinitrd -c -k 2.6.37.6-smp -m reiserfs -f reiserfs -r /dev/sda1

copy your bootsplash in initrd-tree and recreate the intitrd.gz

cp /boot/initrd.splash /boot/initrd-tree/; mkinitrd;

open /etc/lilo.conf and uncomment the following lines or add them if missing

append = “splash = verbose”

initrd = /boot/initrd.gz ( under label= SMS )

and run ‘lilo’ for changes to apply.

4.2 slapt-get.

Another way for installing, removing, upgrading packages in SMS, is slapt-get. To use slapt-get run

slapt-get --add-keys (to install GPG key, you only need to do that once)

slapt-get -u (to update list of packages, default from http://sms.it-ccs.com/SMS-Current)

slapt-get -i <name of packages> (to install a package)

slapt-get --remove <name of packages> (to remove a package)

slapt-get --available (to get a list of available packages and a mark wether they are installed or not)

slapt-get --upgrade (to upgrade all installed packages)

slapt-get --install-set <series> ( to install a set of series e.g. devel)

slapt-get --ignore-excludes (To install excluded packages specified in /etc/slapt-get/slapt-getrc)

Tip: To install devel series with slapt-get you must add “--ignore-excludes” as kernel-* packages are excluded by default.

4.3 Compile from source.

If an application you want is not available as a package, you can build it from source. To be able to compile apps you must have a full install of SMS or at least devel series.

There are sites that provide slackware packages such as slacky.eu, and linuxpackages.net. If you don’t find your package on any site look for a slackbuild. Slackbuild is a script that will build your package from source to a slackware package. You can search for slackbuilds at slackbuilds.org or google for it.

Assuming there isn’t a slackbuild for your package, download the source of your application and read it’s documentation about building your package from source. Usually the source tarball contains a README and an INSTALL file with all the info you want for building it from source or even creating your slackbuild.

Once you untar your source, by running “./configure --help” you will get a full list of build options.

Slackware’s build options that should be always the same are

./configure --prefix=/usr \

--sysconfdir=/etc \

--libdir=/usr/lib64 \ (if you are building a package in SMS64)

--localstatedir=/var \

--build=$ARCH-slackware-linux (where $ARCH is i486 or i686 or x86_64)

Also CFLAGS and CXXFLAGS , depending on your ARCH ( output of `arch`) should be

-O2 -march=i486 -mtune=i686 (arch i486)

-O2 -march=i686 -mtune=i686 (arch i686)

-02 -fPIC (arch x86_64)

So a configure command for i486 architecture should look like

CFLAGS=”-O2 -march=i486 -mtune=i686” \

CXXFLAGS=”-O2 -march=i486 -mtune=i686” \

./configure --prefix=/usr \

--sysconfdir=/etc \

--libdir=/usr/lib \

--localstatedir=/var \

--build=i486-slackware-linux \

--your options ...

And a configure command for x86_64 architecture should look like

CFLAGS=”-02 -fPIC ” \

CXXFLAGS=”-02 -fPIC \

./configure --prefix=/usr \

--sysconfdir=/etc \

--libdir=/usr/lib64 \

--localstatedir=/var \

--build=x86_64-slackware-linux \

--your options ...

Once the configure finish without errors, type “make” to start building your package. If all goes well and there are no errors your app is ready for installation. It’s wise to create packages so you don’t mess up you system.

To create the package you must install your app to a folder. To do that create a folder (e.g. /tmp/pkg) and run

make install DESTDIR=/tmp/pkg

Navigate to /tmp/pkg (cd /tmp/pkg) and use “makepkg” to create a slackware package with the command.

makepkg -l y -c n -p /root/{appname}-{version}-{arch}-{buildnumber}.txz

You package is ready for installation in your root directory, and you can install it with “installpkg”

installpkg /root/ {appname}-{version}-{arch}-{buildnumber}.txz

Tip: You can alternative try slapt-src (http://software.jaos.org/#slapt-src) a utility to make querying, retrieving, and building slackbuilds for slackware.

5. Using Superb Mini Server.

5.1 SMS Live CD.

SMS.LiveCD ‘s purpose is for testing and demonstrating SMS’s features, although it includes a text installer, it’s NOT recommended for installing SMS. Upon booting you will get a prompt to select the mode you want to boot.

Boot modes are:

Boot From Hard Disk:

Don’t boot from SMS at all, but boot from hard disk (device 0x80).

Run SMS:

Run SMS normally with all servers enabled.

SMS Copy To RAM:

Run SMS the same like above, but first copy all data to RAM to get huge speed (needs >512MB)

SMS Light:

Run SMS with all servers disabled.

SMS PXE Server:

Run SMS normally, but run a PXE server at the same time. This will allow you to boot SMS on other computers over network.

SMS Cluster Master Node:

Run SMS as a Computational Cluster Master node, it will create user cluster and export it’s home directory via nfs. It will start a PXE boot server for booting slave nodes.

Run Memtest utility:

Don’t start SMS at all, but rather run the MemTest utility to diagnose your computer’s RAM for possible errors

Boot modes use boot parameters (also known as cheatcodes) to affect the boot process. For instance boot mode

“SMS Light” use cheatcode ‘light’, or boot mode “SMS Copy To RAM” use cheatcode ‘copy2ram’. By pressing

TAB over a selection you will see the command line with all the options.

5.1.1 SMS.LiveCD boot parameters (cheatcodes).

What are the boot parameters?

Boot parameters (also known as cheatcodes) are used to affect the booting process of SMS.

Some of them are common for all Linuxes, others are specific for SMS only.

How to use boot parameters?

Choose your desired menu entry and hit Tab key, which will allow you to edit the command line.

Write your desired boot argument at the end of command line.

For instance boot mode “SMS PXE Server” has the following command line (/proc/cmdline).

/boot/vmlinuz APPEND vga=791 initrd=/boot/initrd.gz ramdisk_size=8888 root=/dev/ram0 rw pxeboot

So by adding boot parameter ‘light’ in the above command line, will start a PXE boot server with all the services

disabled, and by additionally adding ‘ssh’ will enable SSH server only.

Available boot parameters (cheatcodes)

nocd => Don’t mount any cdroms at all during the boot process.

nohd => Don’t mount any harddisks at all.

nodma => Disable DMA for all CD-ROMs and disks.

toram => Copy all files (all required and optional modules) to RAM.

copy2ram => Copy all files (all required and optional modules) to RAM.

light => Disable all services.

pxeboot => Enable PXE Boot Server.

clmaster => Enable Cluster master node.

smb => Enable samba file server.

nosmb => Disable samba file server.

afp => Enable AFP server.

ssh => Enable sshd server.

nossh => Disable sshd server.

ftp => Enable FTP server.

noftp => Disable FTP server.

httpd => Enable httpd web server.

nohttpd => Disable httpd web server.

ldap => Enable OpenLDAP server.

noldap => Disable OpenLDAP server.

mysql => Enable MySQL server.

nomysql => Disable MySQL server.

cups => Enable Print server.

nocups => Disable Print server.

mail => Enable SMS Mail server.

nomail => Disable SMS Mail server.

fax => Enable Fax server (hylafax).

nofax => Disable Fax server (hylafax)

debug => Enable debug mode (and start bash several times during the boot) hit Ctrl+D to continue booting.

from=path => Load SMS data from different place instead of the boot device.(from=/dev/sda1/SMS.LiveCD.iso)

changes=/path/ => Tell SMS to use a device, a file or a directory for storing changes.

changes=/sms/smssave.dat

changes=/dev/sda2/file.dat

changes=/dev/sda3/

5.2 Network configuration.

If you have a DHCP server enabled in your local network ,SMS will acquire an IP address automatically. In the case where a DHCP server isn’t available and you need to configure your ethernet cards automatically, first check if your ethernet cards are automatically detected by checking /proc/net/dev or by running ‘ifconfig’

root@sms:~# grep eth /proc/net/dev

eth0: 3484894 6598 0 0 0 0 0 0 109113 1621 0 0 0 0 0 0

root@sms:~# ifconfig eth0

eth0 Link encap:Ethernet HWaddr 08:00:27:D8:0A:66

inet6 addr: fe80::a00:27ff:fed8:a66/64 Scope:Link

UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1

RX packets:6663 errors:0 dropped:0 overruns:0 frame:0

TX packets:1640 errors:0 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:1000

RX bytes:3489162 (3.3 Mb) TX bytes:110703 (108.1 Kb)

Slackware configures Ethernet interfaces through /etc/rc.d/rc.inet1.conf. So by changing rc.inet1.conf to

# Config information for eth0:

IPADDR[0]=”192.168.2.11”

NETMASK[0]=”255.255.255..0”

USE_DHCP[0]=””

DHCP_HOSTNAME[0]=””

# Default gateway IP address:

GATEWAY=”192.168.2.1”

For changes to apply run

root@sms:~# ifconfig eth0 down

root@sms:~# /etc/rc.d/rc.inet1

root@sms:~# ifconfig eth0

eth0 Link encap:Ethernet HWaddr 08:00:27:D8:0A:66

inet addr:192.168.2.11 Bcast:192.168.2.255 Mask:255.255.255.0

inet6 addr: fe80::a00:27ff:fed8:a66/64 Scope:Link

UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1

RX packets:8506 errors:0 dropped:0 overruns:0 frame:0

TX packets:2110 errors:0 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:1000

RX bytes:3612599 (3.4 Mb) TX bytes:164526 (160.6 Kb)

DNS servers are listed in /etc/resolv.conf. To manually add name servers edit /etc/resolv.conf and enter e.g.

nameserver 192.168.2.1

nameserver 208.67.222.222

nameserver 208.67.220.220

Antoher way to configure manually your eth0 is by using ‘ifconfig’ like

root@sms:~# ifconfig eth0 192.168.2.11 netmask 255.255.255.0 broadcast 192.168.2.255

The same way you can add virtual network interfaces like

root@sms:~# ifconfig eth0:1 192.168.1.1 netmask 255.255.255.0 broadcast 192.168.1.255

If you want virtual interfaces to automatically start at boot place an entry in /erc/rc.d/rc.local like:

/sbin/ifconfig eth0:1 192.168.1.1 netmask 255.255.255.0 broadcast 192.168.1.255

5.3 Basic linux commands.

To get help about unix commands use the ‘man’ command to read manual pages, like “man ls” or use ‘--help’ like

“ls ---help” , or if a command is built in like ‘cd’ use “help cd”.

5.3.1 ls

This command lists files in a directory. Windows and DOS users will notice its similarity to the dir command. By itself, ls(1) will list the files in the current directory. To see what’s in your root directory, you could run:

root@sms:~# ls /

bin/ boot/ dev/ etc/ home/ lib/ mnt/ opt/ proc/ root/ sbin/ srv/ sys/ tmp/ usr/ var/

Directories get a slash at the end of the name, executable files get an asterisk at the end of the name, and so on.

ls can also be used to get other statistics on files. For example, to see the creation dates, owners, and permissions, you would look at a long listing:

root@sms:~# ls -lh /

total 4.0K

drwxr-xr-x 2 root root 2.6K Apr 23 16:18 bin/

drwxr-xr-x 6 root root 4.0K Apr 27 20:39 boot/

drwxr-xr-x 15 root root 5.3K Jun 19 13:35 dev/

drwxr-xr-x 79 root root 300 Jun 19 13:35 etc/

drwxr-xr-x 4 root root 47 Feb 28 06:03 home/

drwxr-xr-x 7 root root 60 Apr 25 14:03 lib/

drwxr-xr-x 4 root root 80 Jun 19 2011 mnt/

drwxr-xr-x 3 root root 74 Apr 23 16:17 opt/

dr-xr-xr-x 116 root root 0 Jun 19 2011 proc/

drwx--x--- 6 root root 139 Oct 6 1997 root/

drwxr-xr-x 2 root root 4.4K May 12 2010 sbin/

drwxr-xr-x 2 root root 39 Apr 8 2007 srv/

drwxr-xr-x 13 root root 0 Jun 19 2011 sys/

drwxrwxrwt 5 root root 100 Jun 19 13:35 tmp/

drwxr-xr-x 27 root root 80 Mar 25 12:29 usr/

drwxr-xr-x 36 root root 200 Apr 25 14:03 var/

Suppose you want to get a listing of the hidden files in a directory. This command will do just that:

root@sms:~# ls -a

./ ../ .bash_history .cpan/ .gnupg/ .hplip.conf .kde/ .rnd .spamassassin/

Files beginning with a period (called dot files) are hidden when you run ls.

You will only see them if you pass the -a option. There are many more options that can be found in the manual page. Don’t forget that you can combine options that you pass to ls.

5.3.2 cd

The cd command is used to change working directories. You simply type cd followed by the path name to change to. Here are some examples:

root@sms:/# cd /var/smb/

root@sms:/var/smb# cd smb

-bash: cd: smb: No such file or directory

root@sms:/var/smb# ls

samba/ tflux_downloads/

root@sms:/var/smb# cd samba/

root@sms:/var/smb/samba# pwd

/var/smb/samba

5.3.3 pwd

The pwd command is used to show your current location (parrent working dir). To use the pwd command just type pwd. For example:

root@sms:~# cd /boot/

root@sms:/boot# pwd

/boot

root@sms:/boot# cd /tmp/

root@sms:/tmp# pwd

/tmp

5.3.4 less

Pager utilities are useful for reading long outputs (through pipe) or files in a terminal for instance try

ls -lha /usr/bin/ | less

or opening a file with

less README.txt

Use the arrows up/down and page up/page down to scroll the output, press Q to quit.

5.3.5 cat

cat is short for “concatenate”. It was originally designed to merge text files into one, but can be used for many other purposes. To merge two or more files into one, you simply list the files after the cat command and then redirect the new output to a file. cat works with standard input and standard output, so you have to use the shell redirection characters. For example:

cat file1 file2 file3 > bigfile

One can also use cat to display files. Many people cat text files through the more or less commands, like this:

cat file1 | less

That will display the file1 file and pipe it through the less command so that you only get one screen at a time. Another common use for cat is copying files. You can copy any file around with cat, like this:

cat /bin/bash > ~/mybash

The /bin/bash program is copied to your home directory and named mybash.

cat has many uses and the ones discussed here are just a few. Since cat makes extensive use of standard input and standard output, it is ideal for use in shell scripts or part of other complex commands.

5.3.6 echo

The echo(1) command displays the specified text on the screen. You specify the string to display after the echo command. By default echo will display the string and print a newline character after it.

You can pass the -n option to suppress the printing of the newline. The -e option will cause echo to search for escape characters in the string and execute them.

5.3.7 touch

touch(1) is used to change the timestamp on a file. You can change access timestamps and modification timestamps with this command. If the file specified does not exist, touch will create a zero length file with the name specified.

5.3.8 mkdir rmdir

mkdir(1) will create a new directory. You simply specify the directory to create when you run mkdir. This example creates the ‘newfolder’ directory in the current directory.

root@sms:~# mkdir newfolder

The -p option will tell mkdir to make any parent directories. For instance the command “mkdir /root/new/new2”

will fail if /root/new doesn’t exist but with the -p option it will create /root/new first and then /root/new/new2.

root@sms:~# mkdir /root/new/new1

mkdir: cannot create directory `/root/new/new1’: No such file or directory

root@sms:~# mkdir -p /root/new/new1

root@sms:~# ls /root/new/

new1/

Exactly the opposite way rmdir works. To remove a dir use rmdir and to remove the dir and parent directories you pass the -p option.

Tip: be vary careful when using “rmdir -p” as you may harm your system.

5.3.9 cp

cp(1) copies files. DOS users will notice its similarity to the copy command. There are many options for cp , so you should have a look at the man page before using it. Basic usage for a simple file copy

cp file /tmp/ or cp file /tmp/file2

To copy a directory

cp -r /root/new /tmp/ (copy directory new to /tmp)

5.3.10 mv

mv(1) moves files and directories from one place to another, but can be used to rename files or directories as well.

mv file /tmp/ (move file to /tmp)

mv file1 file2 (rename file1 to file2

5.3.11 rm

rm(1) removes files and directory trees. DOS users will notice the similarity to both the del and deltree

commands. rm can be very dangerous if you do not watch yourself.

rm file1 (delete file1)

rm -f file1 (force the deletion of file1)

rm -r /root/new/ (delete the directory /root/new/)

5.3.12 ln

ln(1) is used to create links between files. These links can be either hard links or soft (symbolic) links by passing the -s option.

ln -s /var/smb/samba ~/samba (create a symlink of /var/smb/samba to our home directory)

5.3.13 grep

grep is used to for searching files or output for a pattern and return it.

root@sms:~# grep “192.168.2.11” /etc/rc.d/rc.inet1.conf

IPADDR[0]=”192.168.2.11”

or

root@sms:~# ps aux|grep sshd

root 3308 0.0 0.2 4208 1012 ? Ss 14:18 0:00 /usr/sbin/sshd

grep has a lot of powerful options, use “grep --help” or “man grep” to find them.

5.3.14 find

The find(1) command allows the user to search the filesystem with a rich collection of search predicates.

Users may specify a search with filename wildcards, ranges of modification or creation times, or other advanced properties.

root@sms:~# find /var/ -name samba

/var/spool/samba

/var/cache/samba

/var/log/samba

/var/smb/samba

5.3.15 which, whereis

which is usually used to locate a program quickly. It just searches your PATH and returns the first instance it finds and the directory path to it.

whereis(1) command works similar to which, but can also search for man pages and source files.

root@sms:~# which grep

/usr/bin/grep

5.3.16 ps

ps is like activity monitor in OS X or task manager in Windows, it list all the running processes. For instance if we want to check if smbd process is running we can type:

root@sms:~# ps aux|grep smbd

root 4305 1.0 0.7 17992 3680 ? Ss 18:17 0:00 /usr/sbin/smbd -D

root 4307 0.0 0.2 17992 1196 ? S 18:17 0:00 /usr/sbin/smbd -D

More info on how ps works and what are those numbers in man pages.

In the output above we hold that a smbd runs with pids 4305, 4307.

5.3.17 kill

On occasion, programs misbehave and you’ll need to put them back in line. The program for this kind of administration is called kill(1), and it can be used for manipulating processes in several ways. The most obvious use of kill is to kill off a process. You’ll need to do this if a program has run away and is using up lots of system resources, or if you’re just sick of it running. In order to kill off a process, you’ll need to know its PID or its name. To get the PID, use the ps command as was discussed in the last section. For example, to kill off process 4747, you’d issue the following:

root@sms:~# kill 4747

Note that you’ll have to be the owner of the process in order to kill it. This is a security feature. If you were allowed to kill off processes started by other users, it would be possible to do all sorts of malicious things. Of course, root can kill off any process on the system.

There’s another variety of the kill command called killall(1). This program does exactly what it says: it kills all the running processes that have a certain name. If you wanted to kill off all the running vim processes, you could type the following command:

root@sms:~# killall vim

Sometimes a regular kill doesn’t get the job done. Certain processes will not die with a kill. You’ll need to use a more potent form. If that pesky PID 4747 wasn’t responding to your kill request, you could do the following:

root@sms:~# kill -9 4747

That will almost certainly cause process 4747 to die. You can do the same thing with killall. What this is doing is sending a different signal to the process. A regular kill sends a SIGTERM (terminate) signal to the process, which tells it to finish what it’s doing, clean up, and exit. kill -9 sends a SIGKILL (kill) signal to the process, which essentially drops it. The process is not allowed to clean-up, and sometimes bad things like data corruption could occur by killing something with a SIGKILL. There’s a whole list of signals at your disposal. You can get a listing of signals by typing the following:

root@sms:~# kill -l

1) SIGHUP 2) SIGINT 3) SIGQUIT 4) SIGILL 5) SIGTRAP

6) SIGABRT 7) SIGBUS 8) SIGFPE 9) SIGKILL 10) SIGUSR1

11) SIGSEGV 12) SIGUSR2 13) SIGPIPE 14) SIGALRM 15) SIGTERM

16) SIGSTKFLT 17) SIGCHLD 18) SIGCONT 19) SIGSTOP 20) SIGTSTP

21) SIGTTIN 22) SIGTTOU 23) SIGURG 24) SIGXCPU 25) SIGXFSZ

26) SIGVTALRM 27) SIGPROF 28) SIGWINCH 29) SIGIO 30) SIGPWR

31) SIGSYS 34) SIGRTMIN 35) SIGRTMIN+1 36) SIGRTMIN+2 37) SIGRTMIN+3

38) SIGRTMIN+4 39) SIGRTMIN+5 40) SIGRTMIN+6 41) SIGRTMIN+7 42) SIGRTMIN+8

43) SIGRTMIN+9 44) SIGRTMIN+10 45) SIGRTMIN+11 46) SIGRTMIN+12 47) SIGRTMIN+13

48) SIGRTMIN+14 49) SIGRTMIN+15 50) SIGRTMAX-14 51) SIGRTMAX-13 52) SIGRTMAX-12

53) SIGRTMAX-11 54) SIGRTMAX-10 55) SIGRTMAX-9 56) SIGRTMAX-8 57) SIGRTMAX-7

58) SIGRTMAX-6 59) SIGRTMAX-5 60) SIGRTMAX-4 61) SIGRTMAX-3 62) SIGRTMAX-2

63) SIGRTMAX-1 64) SIGRTMAX

5.3.18 nano

nano is a small, friendly editor, plain and easy to use, as easy as typing “nano file”. If ‘file’ exist will open it for editing, if not exist it will create it. Basic nano commands are

Ctrl+G or F1 Help

Ctrl+O or F3 Save changes

Ctrl+X or F2 Exit nano and ask you to save if changes not saved.

Ctrl+W or F6 Search for a string

Ctrl+K or F9 Cut lines

Ctrl+U or F10 Uncut lines into current line.

5.3.19 vi

vi(1) is the standard Unix text editing program, and a powerful text editor. Comparing to nano it’s more

complicated with various modes and a lot of commands. Mastering vi isn’t an easy goal but if you do, you would not regret it. On the other hand if you don’t want to learn vi, you must at least know a few basic keystrokes to be able to edit and save a file. In the old days vi was used, and still used, to edit /etc/group /etc/passwd and

/etc/sudoers with vigr, vipw and visudo, as a security measure, but now days you can edit them with nano, it wouldn’t make a difference. Many applications though tend to use vi for editing their configuration files, such as Oracle’s Grid Engine. To open /tmp/file1 just type “vi /tmp/file1”, same as nano if the file exist it will open it for

editing, if not will create it. Once you open the file with vi you will notice that you can enter any data. To be able to edit the file you have to switch to “insert mode” by typing “I”. Once you are in “ insert mode” edit the file and press the escape button (Esc) to return to command mode. To save the file type “:wq” if you don’t want to save the

file type “:q!”, to open a file from vi type “:e /tmp/file1”. Lets see an example:

vi test (Open file test in our parent directory with vi)

press “i” (Enter insert mode and edit file test)

press “Esc” (Return to command mode)

type “:wq” (Save and Exit vi)

type “:q!” (Exit vi and discard changes)

5.3.20 mount, umount

Mounting devices is quite easy, using the “mount” command. All you need to do is provide the device you want to mount and the mount point. Most of the situations are automatically detected so you don’t have to enter any other parameter. So to mount CD-ROM to /mnt/sr0 (mount point must exist) just type:

mount /dev/sr0 /mnt/sr0

By issuing the command “mount” you will get all mount devices, this is the output of SMS.LiveCD.

root@sms:~# mount

aufs on / type aufs (rw,relatime,si=679f0722,nowarn_perm)

proc on /proc type proc (rw)

sysfs on /sys type sysfs (rw)

tmpfs on /dev/shm type tmpfs (rw)

/dev/sr0 on /mnt/sr0 type iso9660 (ro,noatime)

Now there are situations where you need to enter more options, like mounting an ISO image, like:

mount -t iso9660 -o loop /mnt/sda1/SMS.LiveCD.iso /mnt/iso

You will notice there are several mount specific commands like:

mount.cifs mount.fuse mount.lowntfs-3g mount.nfs mount.ntfs-3g mount.smbfs

So if you want to mount an NTFS partition with read-write permissions you can also use mount.ntfs-3g.

To unmount a device just use “umount” command following the device or mount point:

umount /mn/iso (Anything that mounted in /mnt/iso will unmounted)

umount /dev/sr0 (Unmount CD-ROM)

5.3.21 adduser

The easiest way to manage users and groups is with the supplied scripts and programs. Slackware includes the programs adduser, userdel(8), chfn(1), chsh(1), and passwd(1) for dealing with users. The commands groupadd(8), groupdel(8), and groupmod(8) are for dealing with groups. With the exception of chfn, chsh, and passwd, these programs are generally only run as root, and are therefore located in /usr/sbin. chfn, chsh, and passwd can be run by anyone, and are located in /usr/bin.

Users can be added with the adduser program. We’ll start out by going through the whole procedure, showing all the questions that are asked and a brief description of what everything means. The default answer is in the brackets, and can be chosen for almost all the questions, unless you really want to change something.

root@sms:~# adduser

Login name for new user []: angel

This is the name that the user will use to login. Traditionally, login names are eight characters or fewer, and all lowercase characters. (You may use more than eight characters, or use digits, but avoid doing so unless you have a fairly important reason.)

You can also provide the login name as an argument on the command line:

root@sms:~# adduser angel

In either case, after providing the login name, adduser will prompt for the user ID:

User ID (‘UID’) [ defaults to next available ]:

The user ID (UID) is how ownerships are really determined in Linux. Each user has a unique number, starting at 1000 in Slackware. You can pick a UID for the new user, or you can just let adduser assign the user the next free one. All users are placed into the users group by default. You might want to place the new user into a different group, but it is not recommended unless you know what you’re doing.

Initial group [users]:

This question allows you to place the new user into additional groups. It is possible for a user to be in several groups at the same time.

Additional UNIX groups:

Users can belong to additional UNIX groups on the system.

For local users using graphical desktop login managers such

as XDM/KDM, users may need to be members of additional groups

to access the full functionality of removable media devices.

* Security implications *

Please be aware that by adding users to additional groups may

potentially give access to the removable media of other users.

If you are creating a new user for remote shell access only,

users do not need to belong to any additional groups as standard,

so you may press ENTER at the next prompt.

Press ENTER to continue without adding any additional groups

Or press the UP arrow key to add/select/edit additional groups

: audio cdrom floppy plugdev video power netdev

Home directories default to being placed under /home. If you run a very large system, it’s possible that you have moved the home directories to a different location (or to many locations). This step allows you to specify where the user’s home directory will be.

Home directory [ /home/angel ]

bash is the default shell for Slackware Linux, and will be fine for most people, but if this is a virtual user you should change shell to /bin/false.

Shell [ /bin/bash ]

Accounts can be set up to expire on a specified date. By default, there is no expiration date.

Expiry date (YYYY-MM-DD) []:

If you entered something incorrectly, you should hit Control+C and start over. Otherwise, you can hit enter and the account will be made.

Login name.......: angel

UID..............: [ Next available ]

Initial group....: users

Additional groups: audio,cdrom,floppy,plugdev,video,power,netdev

Home directory...: /home/angel

Shell............: /bin/bash

Expiry date......: [ Never ]

This is it... if you want to bail out, hit Control-C. Otherwise, press

ENTER to go ahead and make the account.

Optionally you can enter additional information about the user. You don’t have to enter any of this if you don’t want to, and the user can change it at any time using chfn

Creating new account...

Changing the user information for angel

Enter the new value, or press return for the default

Full Name []:

Room Number []:

Work Phone []:

Home Phone []:

Other []:

Next you will have to choose a password for the user you just created.

Changing password for angel

Enter the new password (minimum of 5, maximum of 127 characters)

Please use a combination of upper and lower case letters and numbers.

New password:

Re-enter new password:

Password changed.

Account setup complete.

Tip: Having a secure password is the first line of defence against getting cracked. You do not want to have an easily guessed password, because that makes it easier for someone to break into your system. Ideally, a secure password would be a random string of characters, including upper and lowercase letters, numbers, and random characters.

Another way of adding users is with “useradd” command

root@sms:~# useradd -G users,power,netdev,cdrom -m -d /home/elmo -s bin/bash elmo

Or if you want to create users with no shell or home directory

root@sms:~# useradd -d /dev/null -s /bin/false elmo

To add or change password for users use “passwd” command.

root@sms:~# passwd angel

Changing password for angel

Enter the new password (minimum of 5, maximum of 127 characters)

Please use a combination of upper and lower case letters and numbers.

New password:

Re-enter new password:

Password changed.

5.3.22 chmod, chown

The filesystem stores ownership information for each file and directory on the system. This includes what user and group own a particular file. We can easily change the file owners with the chown(1) (which means “change owner”) and chgrp(1) (which means “change group”) commands. To change the file owner to daemon, we would use chown:

root@sms:~# chown daemon /usr/bin/wc

To change the group owner to “root”, we would use chgrp:

root@sms:~# chgrp root /usr/bin/wc

We can also use chown to specify the user and group owners for a file:

root@sms:~# chown daemon:root /usr/bin/wc

Permissions are the other important part of the multiuser aspects of the filesystem. With these, you can change who can read, write, and execute files. The permission information is stored as four octal digits, each specifying a different set of permissions. There are owner permissions, group permissions, and world permissions. The fourth octal digit is used to store special information such as set user ID, set group ID, and the sticky bit. The octal values assigned to the permission modes are (they also have letters associated with them that are displayed by programs such as ls and can be used by chmod):

Permission Type Octal Value Letter Value

“sticky” bit 1 t

set user ID 4 s

set group ID 2 s

read 4 r

write 2 w

execute 1 x

You add the octal values for each permission group. For example, if you want the group permissions to be “read” and “write”, you would use “6” in the group portion of the permission information. To set special permissions with chmod, add the numbers together and place them in the first column. For example, to make it set user ID and set group ID, we use 6 as the first column:

root@sms:~# chmod 6755 /tmp/example

If the octal values confuse you, you can use letters with chmod. The permission groups are represented as:

Owner u

Group g

World o

All of the above a

Some people prefer the letters over the numbers. Either way will result in the same set of permissions.

The octal format is often faster, and the one you see most often used in shell scripts. Sometimes the letters are more powerful however. For example, there’s no easy way to change one group of permissions while preserving the other groups on files and directories when using the octal format. This is trivial with the letters.

root@sms:~# ls -l

total 0

-rwxr-xr-x 1 root root 0 Jun 21 18:10 file1*

-rwxr-x--- 1 root root 0 Jun 21 18:10 file2*

----r-xr-x 1 root root 0 Jun 21 18:10 file3*

root@sms:~# chmod g-rxw file?

root@sms:~# ls -l

total 0

-rwx---r-x 1 root root 0 Jun 22 13:03 file1*

-rwx------ 1 root root 0 Jun 22 13:03 file2*

-------r-x 1 root root 0 Jun 22 13:03 file3*

Those are some basic commands, to get you started, some of the were took from slackbook.org, you might want to get into something more detailed and complete, like “Linux Complete Command Reference”.

5.4 Samba (SMB) Configuration.

SMB (for Server Message Block) is a descendant of the older NetBIOS protocol that was initially used by IBM in their LAN Manager product. Microsoft has always been fairly interested in NetBIOS and it’s successors (NetBEUI, SMB and CIFS). The Samba project has existed since 1991, when it was originally written to link an IBM PC running NetBIOS with a Unix server. These days, SMB is the preferred method for sharing file and print services over a network for virtually the entire civilized world because Windows supports it.

Samba’s start up script is /etc/rc.d/rc.samba. To start it, you have to make it executable and start it with

/etc/rc.d/rc.samba start

Samba by default is enabled so you don’t have to do all that, but if for a reason you want to restart the service do:

/etc/rc.d/rc.samba restart

Samba’s configuration file is /etc/samba/smb.conf. The default configuration of SMS is:

[global]

log file = /var/log/samba.%m

ldap ssl = No

restrict anonymous = no

domain master = no

public = yes

server string = SMS Samba Server

max protocol = NT1

workgroup = WORKGROUP

acl compatibility = winnt

server signing = Auto

security = share

preferred master = no

max log size = 50

# This option is important for security. It allows you to restrict

# connections to machines which are on your local network. The

# following example restricts access to two C class networks and

# the “loopback” interface. For more examples of the syntax see

# the smb.conf man page

; hosts allow = 192.168.1. 192.168.2. 127.

[Samba @ SMS]

path = /var/smb/samba/

read only = no

[FAXES]

path = /var/spool/hylafax/recvq/

read only = no

[TorrentFlux Downloads]

path = /var/smb/tflux_downloads/

read only = no

Default security level is share, which means all guests allowed and have read-write permissions to all our share that indicate “read only = no”

To add a share just add it to smb.conf as

[name of the share]

path=<path to our shared directory>

read only = < yes or no>

... other options

To test your configuration just run “testparm” and check the output. For a full list of options for smb.conf use “man smb.conf”, also check /etc/samba/smb.conf-sample.

To change our security from share to user, so share prompt for username and password, change

security = share to security = user

And add our users with

root@sms:~# smbpasswd -a angel

New SMB password:

Retype new SMB password:

Added user angel.

It’s important to note that a given username must already exist in the /etc/passwd file. Now when try to connect

to SMB shares from a windows machine you will get a promt to enter username and password.

5.5 FTP (proftpd) configuration.

The easiest way of configuring proftpd is by using gproftpd already available in x-kde-addon package. If you made a full installation of SMS, all you have to do is start KDE with “startx”.

In Servers tab you can set your FTP info and configuration variables

In Users tab you can add/delete edit users. To edit or delete a user, just select the user and edit his fields and press apply or press delete to delete the user. To add a user fill up his fields like username password directory and set the attributes, by clicking the boxes and press Add.

By clicking activate you enable the FTP server, Deactivate or Shutdown disable FTP server, Apply, apply changes to FTP server, Help has a few notes about adding users and directories, that you should read.

Tip: Proftpd can start as a standalone server or as an inetd, by editing /etc/inetd.conf.

5.5.1 FTP (vsftpd) configuration.

Superb Mini Server comes with a second FTP server to choose, called vsftpd (Very Secure FTP Daemon). To activated it, you need to edit /etc/inetd.conf and uncomment the line

# Very Secure File Transfer Protocol (FTP) server.

ftp stream tcp nowait root /usr/sbin/tcpd vsftpd

stop proftpd (/etc/rc.d/rc.proftpd stop) and restart inetd server (Internet super-server daemon).

root@sms:~# /etc/rc.d/rc.inetd restart

Starting Internet super-server daemon: /usr/sbin/inetd

By default vsftpd allow anonymous logins, to change that edit /etc/vsftpd.conf and change

anonymous_enable=YES to anonymous_enable=NO

and to allow local users uncomment the line

# Uncomment this to allow local users to log in.

local_enable=YES

Some other good options you should consider are

# Uncomment this to enable any form of FTP write command.

write_enable=YES

# You may change the default value for timing out an idle session.

idle_session_timeout=600

# You may change the default value for timing out a data connection.

data_connection_timeout=120

# You may fully customise the login banner string:

ftpd_banner=Welcome to SMS FTP service.

# You may specify an explicit list of local users to chroot() to their home

# directory. If chroot_local_user is YES, then this list becomes a list of

# users to NOT chroot().

chroot_local_user=NO

chroot_list_enable=YES

# (default follows)

chroot_list_file=/etc/vsftpd.chroot_list

check_shell=NO

userlist_enable=YES

userlist_deny=NO

userlist_file=/etc/vsftpd.user_list

Create a file called /etc/vsftpd.chroot_list and /etc/vsftpd.user_list and add your users.

root@sms:~# cat /etc/vsftpd.chroot_list

administrator

root@sms:~# cat /etc/vsftpd.user_list

administrator

You can create users with no shell and create their home dir like:

root@sms:~# useradd -d /var/ftp/test -s /bin/false test

root@sms:~# mkdir -p /var/ftp/test

root@sms:~# chown -R test /var/ftp/test/

root@sms:~# passwd test

And finally add user test to /etc/vsftpd.chroot_list and /etc/vsftpd.user_list

Tip: If you don’t want to start vsftpd through inetd you can change in /etc/vsftpd.conf

Listen=NO to Listen=YES

and you can start vsftpd with

vsftpd &

5.6 Sharing a Printer through Samba (CUPS + SMB).

Login to CUPS interface (https://youserver:631/admin) and add your printer, either by pressing the button

Find New Printers” or by pressing “Add Printer”. Once you have install a printer in our case was

HP845c HP Deskjet 845c HP Deskjet 845c hpijs, 3.10.5 Idle

Download windows drivers from http://cups.org/windows/software.php untar them with

tar xvjf cups-windows-6.0-source.tar.bz2

cd cups-windows-6.0

make install

You will also need to copy in /usr/share/cups/drivers, Microsoft Postscript drivers from a Windows XP machine localed in C:\WINDOWS\system32\spool\drivers\w32x86\3

ps5ui.dll

pscript.hlp

pscript.ntf

pscript5.dll

you need to edit /etc/samba/smb.conf and add under [global]

load printers = yes

printing = cups

printcap name = /etc/printcap

printer = HP845c

Temporally you need to switch security to user

Securtity = share to Security = user

and add shares for printer and drivers.

[printers]

comment = All Printers

path = /var/spool/samba

browseable = yes

public = yes

guest ok = yes

printable = yes

printer admin = root

[print$]

comment = Printer Drivers

path = /usr/share/cups/drivers

browseable = yes

guest ok = yes

read only = yes

write list = root

run “smbpasswd -a root” and after run “cupsaddsmb” script to add the windows drivers. A simple output will be

root@sms:/usr/share/cups/drivers# cupsaddsmb -a

Password for root required to access localhost via SAMBA:

Now you can switch your security back to share.

A verbose output should look like that:

root@sms:/usr/share/cups/drivers# cupsaddsmb -a -v

Password for root required to access localhost via SAMBA:

Running command: smbclient //localhost/print$ -N -A /tmp/04a024e104f8e -c ‘mkdir W32X86;put /tmp/04a024e1a868c W32X86/HP845c.ppd;put /usr/share/cups/drivers/ps5ui.dll W32X86/ps5ui.dll;put /usr/share/cups/drivers/pscript.hlp W32X86/pscript.hlp;put /usr/share/cups/drivers/pscript.ntf W32X86/pscript.ntf;put /usr/share/cups/drivers/pscript5.dll W32X86/pscript5.dll’

Domain=[WORKGROUP] OS=[Unix] Server=[Samba 3.5.6]

NT_STATUS_OBJECT_NAME_COLLISION making remote directory \W32X86

putting file /tmp/04a024e1a868c as \W32X86/HP845c.ppd (2014.0 kb/s) (average 2014.1 kb/s)

putting file /usr/share/cups/drivers/ps5ui.dll as \W32X86/ps5ui.dll (20699.9 kb/s) (average 16962.8 kb/s)

putting file /usr/share/cups/drivers/pscript.hlp as \W32X86/pscript.hlp (5085.4 kb/s) (average 15883.1 kb/s)

putting file /usr/share/cups/drivers/pscript.ntf as \W32X86/pscript.ntf (25312.7 kb/s) (average 19910.3 kb/s)

putting file /usr/share/cups/drivers/pscript5.dll as \W32X86/pscript5.dll (21982.1 kb/s) (average 20378.2 kb/s)

Running command: smbclient //localhost/print$ -N -A /tmp/04a024e104f8e -c ‘put /usr/share/cups/drivers/cups6.ini W32X86/cups6.ini;put /usr/share/cups/drivers/cupsps6.dll W32X86/cupsps6.dll;put /usr/share/cups/drivers/cupsui6.dll W32X86/cupsui6.dll’

Domain=[WORKGROUP] OS=[Unix] Server=[Samba 3.5.6]

putting file /usr/share/cups/drivers/cups6.ini as \W32X86/cups6.ini (14.1 kb/s) (average 14.1 kb/s)

putting file /usr/share/cups/drivers/cupsps6.dll as \W32X86/cupsps6.dll (3068.3 kb/s) (average 1371.5 kb/s)

putting file /usr/share/cups/drivers/cupsui6.dll as \W32X86/cupsui6.dll (2670.3 kb/s) (average 1835.4 kb/s)

Running command: rpcclient localhost -N -A /tmp/04a024e104f8e -c ‘adddriver “Windows NT x86” “HP845c:pscript5.dll:HP845c.ppd:ps5ui.dll:pscript.hlp:NULL:RAW:pscript5.dll,HP845c.ppd,ps5ui.dll,pscript.hlp,pscript.ntf,cups6.ini,cupsps6.dll,cupsui6.dll”’

Printer Driver HP845c successfully installed.

Running command: rpcclient localhost -N -A /tmp/04a024e104f8e -c ‘setdriver HP845c HP845c’

Successfully set HP845c to driver HP845c.

So when browsing from a Windows machine you should see

Now by double click the printer, the driver will automatically installed. If the driver can’t be found, such as if your machine is running Windows 7, windows will ask you for the driver, so you can point where the driver is or you can put it in an SMB share and navigate to there and install the printer.

5.7 Network File System (NFS).

To configure NFS you need to edit /etc/exports and add your shares, for instance:

/var/smb/samba/ *(rw,async,all_squash,no_subtree_check)

/var/smb/movies/ *(rw,async,all_squash,no_subtree_check)

/var/spool/hylafax/recvq/ faxmachine(async,all_squash,no_subtree_check)

By typing “man exports” you get the manual page for exports, that tells you what options you should use for exports. The asterisk tells to allow all workstations, a quick legend for our example

rw Allow both read and write requests on this NFS volume.

async This option allows the NFS server to violate the NFS protocol and reply to

requests before any changes made by that request have been committed to stable

storage (e.g. disc drive).

no_subtree_check

This option disables subtree checking, which has mild security implications, but

can improve reliability in some circumstances.

If a subdirectory of a filesystem is exported, but the whole filesystem isn’t then

whenever a NFS request arrives, the server must check not only that the accessed

file is in the appropriate filesystem (which is easy) but also that it is in the

exported tree (which is harder). This check is called the subtree_check.

all_squash Map all uids and gids to the anonymous user.

To start NFS you need to make executable /etc/rc.d/rc.nfsd and /etc/rc.d/rc.rpc and start them.

root@sms:~# chmod +x /etc/rc.d/{rc.rpc,rc.nfsd}

root@sms:~# /etc/rc.d/rc.rpc start

Starting RPC portmapper: /sbin/rpc.portmap

Starting RPC NSM (Network Status Monitor): /sbin/rpc.statd

root@sms:~# /etc/rc.d/rc.nfsd start

Starting NFS server daemons:

/usr/sbin/exportfs -r

/usr/sbin/rpc.rquotad

/usr/sbin/rpc.nfsd 8

/usr/sbin/rpc.mountd

You can also export a directory directly from the command line on the server by using the exportfs command as follows:

exportfs -o rw,no_root_squash *:/var/smb/samba

And you can get you exports info by typing “exportfs”

root@sms:~# exportfs

/var/smb/samba <world>

/var/smb/movies

<world>

/var/spool/hylafax/recvq

<world>

Tip: You can use webmin to config NFS at Webmin ->Networking -> NFS Exports.

5.8 DNS setup with BIND (Webmin).

There is a good wiki available at

http://doxfer.webmin.com/Webmin/BINDDNSServer#Introduction_to_the_Domain_Name

We are going to cover the basics with few words.

5.8.1 Creating a new master zone

A master zone is one for which your DNS server is the authoritative source of information. A single zone may be hosted by multiple servers, but only one is the master - all the rest are slaves. If you want to add a new master zone to your server’s configuration, the steps to follow are :

1. Decide on a name for the new zone, such as example.com or internal. If this is going to be Internet domain that will be visible to other everyone in the world, the domain name must not have been registered by anyone else yet. However, you cannot normally register it yourself until your DNS server has been set up to host it.

2. On the module’s main page, click on the Create a new master zone link below the table of existing zones. This will take you to the page shown in the image below for entering the details of the new zone.

3. If this is to be a forward zone like example.com or foo.com.au, leave the Zone type field set to Forward. However, if it is a reverse zone for looking up hostnames from IP addresses, set the field to Reverse.

4. In the Domain name / Network field, enter the name of the zone without any trailing dot. For a reverse zone, just enter the network address like 192.168.1. Webmin will automatically convert this to the in-addr.arpa format for you when the domain is created.

5. The Records file field controls where the configuration file containing the zone’s records is stored. If you leave it set to Automatic, the filename will be determined automatically based on the module’s configuration and the directory setting in the named.conf file. This is usually the best option, as it will result in the records file being created in the same directory as any existing zones, such as /var/named. However, if you de-select the Automatic option and enter a filename instead, all records for the zone will be written to that file. If you enter the name of an existing file, it will be overwritten when the domain is created.

6. In the Master server field, enter the full domain name of the master DNS server for this zone. This must be the canonical name of your system, such as server.example.com, not a short name like server. This server (and the values from the next

7. fields) are used to create the new zone’s SOA record.

8. In the Email address field, enter the address of the person responsible for this zone. You can use the @ symbol in the address, which Webmin will automatically convert to a dot for inclusion in the SOA record.

9. The Refresh time field determines how often secondary servers should check with this master server for updates to the zone. The default is reasonable, but you may want to increase it for zones that rarely change, or decrease it for those that are frequently updated.

10. The Transfer retry time field determines how long a secondary server should wait after a failed zone transfer before trying again.

11. The Expiry time field controls the maximum amount of time that a secondary DNS server for the zone should cache records for before re-transferring them from the master.

12. The Default time-to-live field determines the TTL of records in the zone that do not have one set explicitly.

13. Click the Create button at the bottom of the page. As long as the form has been filled in correctly and the zone does not already exist on your server, you will be taken to a page for adding new records to the zone.

14. Return to the module’s main page which will now include an icon for your new zone, and click the Apply Changes button at the bottom to activate it.

Once you press create you will see something like

5.8.2 Record Types.

• Address (A): An Address records associates an IP address with a hostname. Any system that you want to be able to connect to via HTTP, telnet or some other protocol using its hostname must have an address record so that clients can look up its IP

• Name Sever (NS): Records of this type defines a name server that is responsible for a zone. Every zone must have at least one Name Server record for itself, and may have additional records that specify the DNS servers responsible for subdomains.

• Name Alias (CNAME): This type of record creates an additional name for an existing Address or Reverse Address record.

• Mail Server (MX): Mail Server records tell mail delivery programs like Sendmail and Postfix, which system to contact when delivering mail to a domain or host.

• Host Information (HINFO): Records of this type are used to record information about the hardware and operating system of a particular host.

• Text (TXT): A Text record associates an arbitrary message of some kind with a name.

• Well Known Service (WKS): A record of this type associates a hostname, port and protocol with a name.

• Responsible Person (PR): This type of record is used for specifying the person or group responsible for a particular host.

• Location (LOC): Location records are used to specify the physical location in latitude and longitude of a host.

• Service Address (SRV): Records of this type are used to associate a domain name, service name and protocol with a particular host.

5.8.3 Adding Records

MX record must have an A record. Every time you press “Apply Configuration” always look at /var/log/syslog for BIND errors. If there is an error in your zone, it will not load.

And taking a look to our config you will see:

root@sms:~# cat /var/named/sms.localdomain.hosts

$ttl 38400

sms.localdomain. IN SOA server.sms.localdomain. root.sms.localdomain. (

1309543705

10800

3600

604800

38400 )

sms.localdomain. IN NS server.sms.localdomain.

ns.sms.localdomain. IN A 192.168.254.81

sms.localdomain. IN NS ns2.sms.localdomain.

workstation.sms.localdomain. IN A 192.168.254.122

server.sms.localdomain. IN A 192.168.254.81

www.sms.localdomain. IN CNAME sms.localdomain.

ftp.sms.localdomain. IN CNAME sms.localdomain.

mail.sms.localdomain. IN A 192.168.254.12

server.sms.localdomain IN A 192.168.254.81

ns2.sms.localdomain. IN A 192.168.254.81

sms.localdomain. IN MX 10 mail.sms.localdomain.

To test if everything it’s working open a terminal and type “dig sms.localdomain” or “dig sms.localdomain mx”v

5.8.4 DHCP Server (Webmin).

Now that you setup DNS, you need a DHCP server. Webmin has friendly interface for that at

Webmin -> Servers -> DHCP Server

Click on “Add new subnet” and enter subnet, netmask and DHCP range for leases. You can change lease time if you want, default is 1 day (1440), the values must be in seconds. When you done press “Save”

You can add additional options, by pressing “Edit Client Options”. When you done return to subnet list and start

DHCP server.

And this is, how your config (/etc/dhcpd.conf) looks.

# sms.localdomain

subnet 192.168.254.0 netmask 255.255.255.0 {

option domain-name “sms.localdomain”;

range 192.168.254.101 192.168.254.199;

option routers 192.168.254.254;

option domain-name-servers 192.168.254.81;

option subnet-mask 255.255.255.0;

}

5.9 DNS setup with DNSMasq.

Although BIND is a powerfull DNS server, sometimes, requires high skills, making it quite a pain to a beginner.

This is where dnsmasq comes, to save the day. Dnsmasq is a lightweight, easy to configure DNS forwarder, DHCP and TFTP server. It is designed to provide DNS and, optionally, DHCP and TFTP to a small network. Dnsmasq has an outdated webmin module at http://home.pacific.net.au/~magnecor/modules.html if someone wants to try it, hopefully SMS might include it, in feature builds.

5.9.1 Configuration.

Configuration of dnsmasq lies in /etc/dnsmasq.conf. Configuration file is well commented so take a look at it.

First thing is to configure the interface that our DNS will listen to, for instance, if your server is also an internet router, you might don’t want to have a DNS server on your external interface. If you don’t configure any interface, dnsmasq will listen to all available interfaces. If you want multiple interfaces just repeat the line.

interface=eth0

interface=wlan0

If you want to exclude one interface only use

except-interface=eth1

To configure the DHCP range of leases to clients enter the values for interface (optional), IP range, netmask and lease time separated by comma.

dhcp-range=192.168.254.101,192.168.254.199,255.255.255.0,24h

or if you have multiple networks

dhcp-range=eth0,192.168.254.101,192.168.254.199,255.255.255.0,24h

dhcp-range=wlan0,192.168.1.101,192.168.1.199,255.255.255.0,6h

If you want dnsmasq to provide only DNS service on an interface, then use the following line to disable DHCP on it.

no-dhcp-interface=eth2

You can pass additional dhcp options like specify router, ntp server e.t.c

dhcp-option=option:router,192.168.254.254

dhcp-option=option:ntp-server,192.168.0.4,10.10.0.5

To test configuration you can run “dnsmasq --test”.

root@sms:~# dnsmasq --test

dnsmasq: syntax check OK.

5.9.2 Start/Stop dnsmasq.

The start up script of DNSMasq located at /etc/rc.d/rc.dnsmasq, and if it’s executable, SMS will start it

automatically upon boot. Don’t forget though to disable BIND since you can’t have two dns servers binding on the same address:port. To start/stop dnsmasq do:

/etc/rc.d/rc.dnsmasq start

5.9.3 One line execute.

You can also start dnsmasq manually , overriding the configuration file, passing all the options in one line

command, like:

dnsmasq --interface=eth0 --dhcp-range=eth0,192.168.254.101,192.168.254,24h --log-dhcp

--dhcp-option=option:router,192.168.254.254 --keep-in-foreground

Tip: dnsmasq although it’s light and easy to configure is a powerful DNS server, so you should look at it’s

documentation, for mastering it’s power.

5.10 Netatalk (AFP).

Netatalk is a freely-available Open Source AFP fileserver. It also provides a kernel level implementation of the AppleTalk Protocol Suite. A *NIX/*BSD system running Netatalk is capable of serving many Macintosh clients simultaneously as an AppleShare file server (AFP), AppleTalk router, *NIX/*BSD print server, and for accessing AppleTalk printers via Printer Access Protocol (PAP).

By default AFP in SMS is disabled, which means the start up script (/etc/rc.d/rc.atalk) is not executable. To make it executable use “chmod”.

chmod +x /etc/rc.d/rc.atalk

Configuration files are well commented. and the files you mostly need to change are

/etc/netatalk/AppleVolumes.default

/etc/netatalk/afpd.conf

Default share in SMS are /var/afp/shares but you can change that in /etc/netatalk/AppleVolumes.default

just enter <path> <name of share> <options>

/var/afp/shares “AFP @ SMS” (a simple guest volume)

/var/afp/shares “AFP @ SMS” allow:user cnidsceme:cdb options:usedots,upriv (an advance user volume)

By passing the option “tm” enables TimeMachine support for shared volume.

var/afp/shares “AFP @ SMS” allow:user cnidsceme:cdb options:usedots,upriv,tm

If you want to share home directories add a tilde , like

~

To change afp daemon options, edit /etc/netatalk/afpd.conf accordingly e.g.

“Guest Volume” -uamlist uams_guest.so -loginmesg “Welcome guest!” (a guest volume)

“User Volume” -uamlist uams_clrtxt.so -port 12000 ( a user volume listen on TCP port 12000)

SMS by default load guest and user libraries so can use it as is, or remove guest libraries.

- -transall -uamlist uams_guest.so,uams_clrtxt.so,uams_dhx.so,uams_dhx2.so -nosavepassword

To start/stop netatalk use the start up script provided.

/etc/rc.d/rc.atalk start

5.10.1 Webmin module.

To configure AFP you can use Webmin, although it’s module it’s a bit confusing.

To access netatalk module navigate at

Webmin -> Servers -> Netatalk Apple File/Print Services.

To create a share click on “Create New File Share” or edit existing. You will notice that tm (TimeMachine) is missing, you can add it manually, by editing /etc/netatalk/AppleVolumes.default.

To configure afpd through webmin just click on button “Servers”, and either create or edit one.

5.10.2 Installing Avahi daemons.

Avahi is a free zeroconf implementation, including a system for multicast DNS/DNS-SD service discovery on a local network via the mDNS/DNS-SD protocol suite. This enables you to plug your laptop or computer into a network and instantly be able to view other people who you can chat with, find printers to print to or find files being shared. Compatible technology is found in Apple MacOS X (branded Bonjour and sometimes Zeroconf).

Avahi is available as an extra package and you will found it in SMS.Native.CD-Extra.iso, under

/extra/packages/avahi. To install download packages, or mount iso and use “installpkg” to install them.

You can additionally use “slapt-get“ to install them automatically by typing:

slapt-get -i avahi imlib2 libdaemon nss-mdns

To start avahi daemons start the startup scripts in /etc/rc.d/

/etc/rc.d/rc.avahidaemon start

/etc/rc.d/rc.avahidnsconfd start

You can place an entry of the above in /etc/rc.d/rc.local to automatically start at boot.

To enable a service rename service.tmpl to service and vice-versa to disable it e.g. rename

/etc/avahi/services/afp.service.tmpl to /etc/avahi/services/afp.service

afp.service it’s an xml document and looks like

<?xml version=”1.0” standalone=’no’?><!--*-nxml-*-->

<!DOCTYPE service-group SYSTEM “avahi-service.dtd”>

<service-group>

<name replace-wildcards=”yes”>%h</name>

<service>

<type>_afpovertcp._tcp</type>

<port>548</port>

</service>

<service>

<type>_device-info._tcp</type>

<port>0</port>

<txt-record>model=Xserve</txt-record>

</service>

</service-group>

By default SMS looks like an Xserve,

but you can change the icon by simple altering

<txt-record>model=Xserve</txt-record>

for instance you can put instead of Xserve

PowerBook

PowerMac

Macmini

iMac

MacBook

MacBookPro

MacBookAir

MacPro

AppleTV1,1

AirPort

and you can specify even the model e.g. iMac3,1 is not the same as iMac7,1 and so on.

SMS services for avahi are

afp.service.tmpl

cups.service.tmpl

http.service

nfs.service.tmpl

rfb.service.tmpl

smb.service

By default http and smb service are enable, but since you are using AFP it’s proper to disable smb.

Tip: If you enable vnc in SMS and enable rfb.service

you will get the “Share Screen” button option on your Macs.