Jump to content
Search In
  • More options...
Find results that contain...
Find results in...
MG2R

Howto: create your own linux home server using Debian

Recommended Posts

Posted · Original PosterOP

Installing base system

Everything starts with the choice of the OS. I've chosen Debian because I've been using it for years (well, actually only half a year, but I've used Ubuntu for years and that's basically the same, for all intents and purposes).

 

Downloading the image
We start by downloading the Debian image from http://www.debian.org/distrib/ . Here, you are greeted with a number of options. First, you need to pick the type of image you want, second you need to pick the architecture.

  1. Image type
    1. Small installation image (netinst).
      Use this on machines that are connected to the internet and are able to download additional packages when needed. If you have a lot of machines to install and are on a metered connection, it might be wise to pick another image, as this will consume internet bandwidth during installation. If you're installing less than a handful of machines and/or have no problem with your internet usage quota, this is the one to pick.
    2. Complete installation image
      This are images that contain most packages already in the image, so offline machines can be installed. The Debian foundation politely asks you to pick the small installation image for machines that are connected to the internet in order to save bandwidth. If you are on a metered connection and want to reuse the image multiple times, pick this.
    3. Live CD's
      If you want to try Debian before installing, you can pick this. It allows you to boot the OS right from the installation media.
  2. Architecture
    This has to be compatible with your CPU architecture. For x86 processors (Intel and AMD), you need to choose between
    1. 32-bit
      Select this for REALLY old machines that don't have 64-bit processors or machines that have (and always will have) less than 2GB of RAM.
    2. 64-bit
      This is the way to go on any modern machine with (the prospect of having) more than 2GB of RAM

More in for on the 32-bit v.s 64-bit argument can be found at Wikipedia.

 

For this tutorial, I'll be picking the 64-bit netinst image.

 

 

Creating a USB boot drive

You can create a USB boot drive with PenDriveLinux. Just download it, click whatever distro you have, click what device you want to create the boot drive with and press next. Your drive is created automatically and you'll be notified when it's done.

 

 

The actual installation

Protip: unplug any drive that's not needed during the installation process. It saves you from making mistakes, especially when you still have data on some of the drives.

 

Plug your boot drive into the server and boot from it. Now, the actual installation begins. You'll be greeted with a simple menu

post-519-0-31442100-1394570883.png

The only difference between 'Install' and 'Graphical install' is the use of a bit fancier graphics and mouse support by the latter. I don't need that and actually prefer to do this with my keyboard, so I always pick the regular installer. Choose what fits you best, the menus that are displayed will be identical in their content. If you are visually impaired, you can opt for an installation that reads the options to you by selecting the last entry in the menu.

 

After that, You need to pick your language and country. If your country isn't in the inital list of most used countries, you can get a full list per continent by selecting 'other'.

post-519-0-82502400-1394570883.png

 

post-519-0-10264700-1394570884.png

 

If the language and the country you picked aren't standard, it can be that there is no locale that fits your choice. A locale is a file that contains the settings for region specific notations (for example 12 vs. 24 hour time notation). In that case, the installer will prompt you to select one that fits you best, based on your selected language.

post-519-0-48342700-1394570884.png

 

Next, you can select your keymap of choice, after which the system will start autoconfiguring the network.

post-519-0-87597200-1394570884.png

post-519-0-13137000-1394570885.png

post-519-0-38822300-1394570885.png

 

The system will prompt you for a hostname and a domain name. You may leave domain name empty if you don't have one. Doesn't really matter for a simple home server. As it says in the little blurb: make sure to assign the same domain names to your servers if you have multiple home server.

post-519-0-72763900-1394570885.png

post-519-0-03298000-1394570886.png

 

Now, it's time for the first real decision in this installation: the root password. You can either fill in a root password of your choice (and make sure it's a decent one!) or leave it blank and make use of the sudo package by doing so. I always opt for the latter. The absolute beginners amongst you probably have no idea about the implications of this decision. If you are one of them, please do read "Root and why you shouldn't use it" in the Linux Basics section before going further with the installation. Note: if you decide to use a root password, debian won't install the sudo package. If you're doing so, you'll need to be logged in as root to run any command in this guide that is preceded by 'sudo'.

post-519-0-44152000-1394570886.png

post-519-0-92231900-1394570891.png

 

Next, it's time to configure the first user account. This user account will automatically inherit the sudo right if you opted to leave the root password blank. The system will ask you for the full name, the account name and the password for this first user. Again, please pick a strong password.

post-519-0-22616800-1394570892.png

post-519-0-47102600-1394570892.png

post-519-0-78194300-1394570892.png

post-519-0-10910700-1394570893.png

 

As you can see, the password I picked was rather long. (for those interested, it was: 'This is some stupidly long password that I will never remember ever.')

Obviously, I didn't get it right two times in a row. When that happens, the system will warn you:

post-519-0-38774900-1394570893.png

 

Now that we have our user, it's time to partition the new OS drive. You can either let the system do this for you, or you can do it manually. Three guesses what route I went?

post-519-0-64023400-1394570893.png

 

First, start by creating a new partition table. You can do this by selecting the OS drive in the drive list. If you have listened to my protip in the beginning of this section, there is only one drive here, unless you're spreading your installation accross multiple drives (which does have valid reasons). The system will throw a warning at you which, of course, you should read carefully before ignoring completely ;)

post-519-0-89296100-1394570893.png

post-519-0-22000700-1394570894.png

 

 

If you came to this point and are an absolute beginner and thus don't know anything about the File System in Linux systems, please read 'The Linux file system' and 'Important root subdirectories' in the Linux Basics section before going further with the installation.

 

 

Now, the drive list will show FREE SPACE under your OS drive. It's in this space we're going to create our partitions, starting with the root partition. Select the free space and then 'Create a new partition'. Enter the prefered size, select primary and choose whether you want the partition at the beginning or the end of the free space.

post-519-0-56441200-1394570894.png

post-519-0-62441900-1394570901.png

post-519-0-90503300-1394570901.png

post-519-0-27017100-1394570902.png

post-519-0-56518300-1394570902.png

 

Now, if you're wondering what size your partitions should be, you first need to figure out how you want your filesystem to be organized. On my home server, I have an SSD as an OS drive and 4 x 2TB drives in RAID5. This SSD has two partitions: one for / and one for /home. All data is stored on the RAID array, which is mounted at /mnt/raid. This can of course vary on your system and you should have an idea of how you wnt to organize your data before creating your partitions. It's possible to change it later on, but it's always a good idea to think this through beforehand.

 

For example, if you're going to have services running that do a lot of incremental writes to system (logging services, for example), and you're running your OS off of an SSD, it might be a good idea to move /var to a mechanical drive in order to save the SSD some write cycles. Things like this should be concidered beforehand. To give you an idea of the space that's actually required for your directories, here is the disk usage on my own home service as I'm writing this section:

6.5M    /bin18M     /boot0       /dev6.6M    /etc7.8G    /home0       /initrd.img133M    /lib4.0K    /lib6416K     /lost+found12K     /media3.5T    /mnt4.0K    /opt0       /proc88K     /root5.5M    /run7.6M    /sbin4.0K    /selinux4.0K    /srv0       /sys16K     /tmp1.4G    /usr301M    /var0       /vmlinuz

Keep in mind that /home is on a seperate partition and /mnt holds my RAID array. The actual utilisation of my root partition is 2 GB. The folder sizes on your system may vary greatly, of cours. This is all dependant on your system usage model and configuration.

 

Then, there's also the issue of swap space. Swap space is space used by the system to overflow to in case it runs out of RAM. It can be compared to the pagefile on M$ Windows. In linux, your swap space may be split into multiple parts that span across different disks, partitions or files. It's up to you to determine how much -if any- swap space you need. For my personal system, I opted to not use swap. I wouldn't recommend this, though. If your system ever runs out of memory, it will simply crash. If you have swap space available, it will only slow down.

 

Now that you have an idea of how you're going to manage your partitions, it's time to actually finish creating the partition. For this installation tutorial, I'm simply going to create two partitions: one 6GB large for / and one 2.6GB large for swap.

The partition wizard will prompt you what format to use for your partition, where it should be mounted, what options you want to mount it with, what label to give it (I have actually never ever used this :P ), how much reserved blocks your want, the typical usage, and the bootable flag. These options mean:

  • Use as denotes the filesystem (if any) to use. Select ext4 for your root and swap for your swap.
  • Mount point denotes where the partition will be mounted during the boot process. Select / for your root partition.
  • Mount options allows you to set different options like read-only mounting. You can leave this default.
  • Label is self explanatory
  • Reserved blocks how much space to reserve for system daemons and root processes. Read more here!
  • Typical usage allows you to alter the internal settings of the partition, according to the amount and size of the files you're going to house in it.
  • Bootable flag indicates to the BIOS which partition to boot. Only one partition may have this on at any time. Since we'll be using a boot loader (GRUB), this must be set to OFF on all partitions.

post-519-0-14098300-1394570903.png

post-519-0-42887300-1394570903.png

post-519-0-78040000-1394570903.png

 

If you have opted to not use swap, you'll see the following message when wwriting the changes to disk:

post-519-0-16647400-1394570904.png

 

You will also have a chance to review and confirm the changes you are about to make

post-519-0-42943100-1394570904.png

 

After installing the base system...

post-519-0-79703700-1394570904.png

 

the system will ask you for directions to your preferred package mirror...

post-519-0-60684300-1394570917.png

post-519-0-89122200-1394570917.png

post-519-0-13694600-1394570918.png

 

and start populating the package list.

post-519-0-41580700-1394570918.png

post-519-0-77251500-1394570918.png

 

It will prompt you to enter a popularity-contest...

post-519-0-06001500-1394570919.png

 

and afterwards ask you what packages you want to install during the installation process. I usually only select 'standard system utilities' and opt to install anything and everything else I need once the system is installed. You can (de)select entries with the spacebar, enter to continue.

post-519-0-48227700-1394570919.png

 

After which it will download and install the needed stuff

post-519-0-71319100-1394570919.png

 

Once that's finished, you'll be prompted to install the boot loader, which will initiate the boot process when you turn on the machine. If you have multiple disk attached to the, make sure you install the boot loader to the correct one (preferably the one with the root partition and /boot info).

post-519-0-00355800-1394570920.png

 

The system will reboot and you'll be able to log in using the previously set username and password.

post-519-0-37599900-1394570920.png

post-519-0-77703800-1394570932.png

post-519-0-05756700-1394570933.png

post-519-0-33058900-1394570933.png

 

Now for the really fun stuff!

 

 

Back to index

Link to post
Share on other sites
Posted · Original PosterOP

Logging in for the first time
When the system finishes installing, remove the bootable media and boot from the drive you installed Debian to. You'll be greeted by a bunch of white text on a black background. The system will ask for your login, so enter the user name you chose during the installation process and press enter.

Enter your password and press enter. Notice that you won't see any cursor moving, you won't see any stars. You basically don't see anything when entering passwords in Linux. This is completely normal and is implemented as a security feature. Just realize that every key you press will be registered as a letter in your password, until you press enter.
If all goes well, you should be greeted with a message like:

Using username "simon".simon@brol3's password:Linux brol3 2.6.32-5-amd64 #1 SMP Mon Feb 25 00:26:11 UTC 2013 x86_64The programs included with the Debian GNU/Linux system are free software;the exact distribution terms for each program are described in theindividual files in /usr/share/doc/*/copyright.Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extentpermitted by applicable law.Last login: Mon Mar 4 21:04:15 2013simon@brol3:~$

This message tells you the hostname (brol3), the kernel (2.6.32-5-amd64), the date and time, the architecture (x86_64), the place you can find copyright info of the open source software contained within the distribution, a disclaimer and the last time your username logged in.

The last thing you see is your command line. When you see that line, you know the server is waiting for input. It also tells you what directory you're in. Right now, I'm in ~, which stands for my home directory. In Linux, you can refer to anyone's home directory as ~username. The home directories are located in /home. So for instance ~foo will point to /home/foo.

 

Back to index

Link to post
Share on other sites
Posted · Original PosterOP

Linux basics
This chapter is for people that are new to Linux. I'll cover the basics about the file system and a couple of basic commands that you'll need to find your way around the Command Line Interface (CLI). I'll also cover how to create, edit and save files, what I meant with all that root password jazz during the installation and how to install and remove things from your system. For starters: you can log out from the console by entering the command 'exit'.

Please be aware that Linux is completely case sensitive!

The Linux file system
In Windows, all of the drives in your system are accessible through drive letters (e.g. C: ), and folders are separated by a backslash. C:\Windows\system32 for instance. When you boot your PC, all the drives that are connected to the system and recognized by Windows will be mounted automatically to a new drive letter.

In Linux, everything is placed/mounted under '/', this is called the root directory. On startup only the primary file system (i.e. the partition where your system is installed) and all the file systems defined in the fstab file (see Mount a partition at boot) are mounted. If you want to access another dirive or partition, you'll have to mount it manually.

If you have no idea want mounting is: think of it as telling the system a certain directory or path is the 'gate' to a certain file system. For example: if you make a directory named 'usb' in your home directory, it is a directory like any other and you can refer to it as ~/usb. If you then mount a USB-drive in that directory, that directory will represent the USB-drive and will no longer store things you put in it on the file system your home folder is located on, rather it will store those things on the USB-drive.

A couple of important places in Linux:

  • ~ : your home directory
  • ~user : user's home directory
  • / : the root directory
  • . : the directory you're currently in
  • .. : the directory above the directory you're currently in (the parent directory)

Keep in mind that these shortcuts are NOT commands. Executing '..' won't do anything (except generating an error) because '..' will just try to execute the name of your parent directory. In order to change your location to the parent directory, you need to execute

cd ..

This will change your directory to whatever you give it as argument ('..' in this example).

 

You can chain these directives together for as long as you like. In the following example, '$' stands for the command prompt the system gives you when it's ready for a new command (see Logging in for the first time). As we'll see a bit further, 'pwd' prints the current working directory.

$ pwd/home/simon/shortcuts/example$ cd ..$ pwd/home/simon/shortcuts$ cd ~foo$ pwd/home/foo$ cd /$ pwd/$ cd ..$ pwd/$ cd ~/shortcuts/../../foo/../simon/shortcuts/../..$ pwd/home

Keep in mind that going to ~foo or ~ only works at the beginning of such a string of directives. Exectuting

cd /home/simon/shortcuts/example/~foo

will try to go to a directory named '~foo' in the directory /home/simon/shortcuts/example.

 

Mounting file systems
Mounting file systems is rather easy. You can simply mount a file system by using the command

sudo mount /dev/sde2 /path/to/mount/point

This will mount the second partition of the fifth drive attached to your system (sde). To unmount a file system, simply use

sudo umount /path/to/mount/point

Important root subdirectories

During the installation, there have been a number of directories created in you root directory. You can see this webpage for a description of them all. The most important ones are:

  • /dev : here you'll find all the devices (physical and virtual) attached to your system. A few devices of note are, for example, all the `sdXY` devices, which are all the drives/partitions in your system, with sda being a drive and sda1 being the first partition on that drive.
  • /home: contains the home directories for your users
  • /root: the home directory for the superuser (see below)
  • /etc: contains most of the config files of your system and it's applications/packages

Basic commands

  • cd : Change Directory. Use this to go to somewhere else. Usage: 'cd ../../' will go up two directories
  • pwd : Print Working Directory. Prints the directory you're currently in (your working directory). If you've just logged in, this will output '/home/username'
  • cp : CoPy. Copies files. Usage: 'cp foo /home/bar/' will copy the file 'foo' in your working directory to the home directory of user 'bar'. You can use it to copy folders if you use the switch '-R', for example: 'p -R ~/Documents ~bar/folder' will copy a folder called 'folder' to the home directory of user 'bar'. You can also copy and rename files in one command. Example: 'cp somefile /folder/someotherfile' will copy a file named 'somefile' in your working directory to a folder named 'folder' in the root directory and rename it to 'someotherfile'.
  • mv : MoVe. This command moves files. It works almost the same as cp, but doesn't leave a capy of the original. Use this to rename files or directories. You can move directories without the '-R' switch.
  • mkdir : MaKe DIRectory. This makes a new directory. Usage: 'mkdir dir' will make a new directory named 'dir' in your working directory.
  • touch. This makes a new file without opening it. Usage is similar to mkdir.
  • ls : LiSt. Lists the contents of a directory. Usage: 'ls' lists the contents of your working directory. 'ls /path/to/folder' lists the contents of 'folder'. If you use 'ls' without any arguments, it shows you the contents of your current working directory. The switch '-l' (long) can be used to list details about the contents being listed. The switch '-a' shows everything in the requested direcory, including hidden files.
  • man : MANual. Displays a manual for a given command. For example: 'man mkdir' will show you the manual for the command 'mkdir'. You can scroll through the manual with the arrow keys or exit by typing ':q'.
  • Ctrl+C will kill the command currently running on your console. There are a few exceptions to this ('man' for example) but most of the time it works.
  • Ctrl+Z will pause the command currently running on your console and put it to the background. You can bring the paused command back by entering the command 'fg' (ForeGround). You can see what is running in the BackGround with the command 'bg'. If you have multiple things in the background, you can choose which one to open by using 'fg i', with 'i' being the number of the command you want to bring forward.
  • exit: does what it says. You log out.

Have you noticed that there isn't a distinct way of telling what is a file and what is a folder, just by looking at the filename? In Windows, you can easily recognize files by looking at their extension (.txt , for example), which folder don't have. In Linux, there are no extensions and there is a mindset that goes 'everything is a file'. Folders are files as well and you can open and edit them just like you can with any other file. There are a few programs that try to check extensions to provide added functionality, but extensions are never necessary.

Also, to make files hidden, simply start their name with a point. 'mkdir .hiddenfolder' will make a hidden folder called '.hiddenfolder' in your current working directory.

Editing files
There are lots of different file editors for Linux. All of them have their respective advantages and disadvantages. The most known (CLI) text editors are 'vi' (or 'vim') and 'nano'. I like using vim, but if you're new to the whole Linux CLI thing, nano may be more appropriate. Whatever you use, if you see me using a vi(m) command like

vi /path/to/some/file

you can just replace 'vi' with whatever editor you use.

nano /path/to/some/file

would do exactly the same as the previous command, except for using nano as a text editor.

You can create a new file simply by opening a non-existing file name.

 

Root and why you shouldn't use it
About every Linux distribution has a user account called 'root'. Root is the super user. Being a super user is a little bit like being God. You can do anything and everything with anything and everything. This is a very powerful mode to be in and thus a very dangerous one. It's easy to make mistakes that destroy your system. That's why some Linux distro's disable the password of the root account (Ubuntu for example). That means that the super user can not log in directly to the console anymore. This is done for security reasons as anybody trying to attack your system will do this by trying to log in to the root account.

You do sometimes need to use the power of root, though. So to provide you with the capabilities of the root user without actually login into the root account, there is a package called 'sudo'. When you run a command using sudo, it will run with elevated rights. This means you'll be able to do (almost) everything root can. The users that can use sudo are specified in the file /etc/sudoers and if you didn't enter a root password at installation, your username will be added to that list automatically.

It might happen that you NEED to log in as root. If this can not be avoided for some reason, you can do this by using the command<br />

sudo su

'su' stands for 'Switch User' and, if run without any additional options, will switch to the root account. This can only be done by people in the sudoers file. You can return to you regular username by logging out from the root account (enter the command 'exit').

 

Users and groups
This is just a rudimentary explanation. I urge you to read the official documentation.

Linux is designed to be a multi-user system. This means that there is extensive support for multiple users logging in at once and doing work all at once, through different terminals. All of these users have separate user accounts. To add a user to the system, use the command

sudo adduser temp

This gives you an output that looks like this:

simon@brol3:~$ sudo adduser temp[sudo] password for simon:Adding user `temp' ...Adding new group `temp' (1002) ...Adding new user `temp' (1001) with group `temp' ...Creating home directory `/home/temp' ...Copying files from `/etc/skel' ...Enter new UNIX password:Retype new UNIX password:passwd: password updated successfullyChanging the user information for tempEnter the new value, or press ENTER for the defaultFull Name []: John DoeRoom Number []: ?Work Phone []: 012345679Home Phone []:Other []: You do not need to fill everything inIs the information correct? [Y/n] Y

First, the system asks you for your password to let sudo do it's thing. Second, it tells you that it's adding the user 'temp' and creating a group for that user (we'll explain this a little further). It creates ~temp and copies the standard files into ~temp from /etc/skel . After that it assks you to enter a password for the new user and to verify the password. Again: you won't see any cursor movement during this. This is normal. Lastly, it asks you to enter info about the user. This is absolutely optional, though. Finish the process by confirming if the information is correct.

 

To remove a user account, execute

sudo deluser temp

You can use a couple of switches with this command, the most interesting one being --remove-home , which removes ~temp. See the manual entry for more details [;)]

I talked about the user group above. What is this, you ask? To make it easier to manage a lot of users and permissons, there are groups to which you can add people. See 'permission system' below for more details about why this is handy. By default, every user account automitcally is in a group named after the user. A user can be in multiple groups. To add a group:

sudo addgroup temp

To add a user to that group:

simon@brol3:~$ sudo adduser simon tempAdding user `simon' to group `temp' ...Adding user simon to group tempDone.

To remove the group:

sudo delgroup temp

To display the groups you are part of:

groups

Permissions

To manage all those users, a decent permission system is in order. You don't want everybody to be able to do everything.

To begin, execute

ls -la ~

This is the same as running '-l -a' and will list everything in your home directory in long format. With me, this gives the following:

simon@brol3:~$ ls -la ~total 184drwxr-xr-x 11 simon simon 4096 Jun 5 20:33 .drwxr-xr-x 3 root root 4096 Jun 9 00:31 ..-rw------- 1 simon simon 8673 Jun 8 03:30 .bash_history-rw-r--r-- 1 simon simon 220 Mar 4 18:58 .bash_logout-rw-r--r-- 1 simon simon 3590 May 5 18:09 .bashrcdrwxr-xr-x 4 simon simon 4096 Apr 12 02:17 cpuminer-rw-r--r-- 1 simon simon 560 Apr 20 00:46 .htoprcdrwxr-xr-x 2 simon simon 4096 May 31 01:55 korfbal-rw------- 1 simon simon 40 Mar 10 19:48 .lesshstdrwxr-xr-x 9 simon simon 4096 May 21 23:20 litecoindrwxr-xr-x 3 simon simon 4096 May 30 02:47 .litecoin-rw------- 1 simon simon 75319 Apr 15 00:13 mbox-rwxr-xr-x 1 simon simon 284 Mar 27 12:17 .mount-rw-r--r-- 1 simon simon 675 Mar 4 18:58 .profiledrwxr-xr-x 5 simon simon 4096 May 6 19:22 public_htmldrwxr-xr-x 8 simon simon 4096 Apr 22 22:24 pyOwnClouddrwx------ 2 simon simon 4096 Mar 19 20:50 .ssh-rwxr-xr-x 1 simon simon 75 May 31 01:55 test.pl-rw-r--r-- 1 simon simon 134 Jun 4 01:14 todo.txt-rwxr-xr-x 1 simon simon 69 Mar 27 12:18 .umountdrwx------ 2 simon simon 4096 Mar 20 21:43 .unisondrwxr-xr-x 2 simon simon 4096 Mar 21 10:49 .vim-rw------- 1 simon simon 11156 Jun 4 23:33 .viminfo-rw-r--r-- 1 simon simon 2179 Mar 14 21:37 .vimrc

From left to right, the colums display the following:

  • permissions of that file (or folder, which is the same, remember?)
  • number of hard links (not relevant to us)
  • the owner of the file
  • the group of the file
  • file size
  • last-modified date
  • file name

The permissions are displayed in the format drwxrwxrwx. The d means that the file is a directory. After that,you see rwx three times. This stands for 'read', 'write' and 'execute'. The first triad stands for the permissions of the owner, the second triad are the permissions of people in the group of the file and the last triad stands for the permissions of others.

drwxrw-r-- stands for a directory which is executable to the owner, has read and write permissions for group and owner and has read permission for others.
---------- stands for a file which is only accessible by root.

This is what makes groups so handy. Say, you're running a web server which is monitored and administered by a group of five people. You can make a group 'webadmin' and add those five people to it. Then you can just make every file of the web service owned by the group webadmin and thus set permissions for all five people at the same time. Say a new webadmin joins your team. You can just add that user to the group and he automatically has the right permissions.

To change the permissions for files, there is 'chmod' (CHange MODe). With chmod, there are two ways to change permissions. The first uses letters to represent the premissions and +/- to represent adding or removing a permission. The second uses octal numbers to represent the permissions.

Example of the first way

chmod ugo+rwx somefile

In this command we give all permissions to everybody for the file 'somefile'. 'u' stands for user, 'g' for group and 'o' for (you guessed it) others. 'r', 'w' and 'x' should be familiar ;)
You can mix and match the letters to do what you want. 'go+r', for example will only grant read permissions to the group and others. Any other permissions are unmodified.
To revoke permission instead of granting them, you change the + into a -

The second way seems a bit more difficult, but is actually pretty easy and more powerful than the first method:

chmod 777 somefile

This will do exactly the same as the previous command. In 777, the first 7 stands for permissions to the owner, the second for group permission and the last for (you guessed it again) others.
The numbers come from a binary representation of rwx. Asume a 0 as permission not granted and a 1 for permission granted. We can make the following table:

permission | bit representation | octal representation
-----------+--------------------+---------------------
    ---    |          000       |           0

    --x    |          001       |           1
    -w-    |          010       |           2
    -wx    |          011       |           3
    r--    |          100       |           4
    r-x    |          101       |           5
    rw-    |          110       |           6
    rwx    |          111       |           7


As you can see, you can just count in binary to get to the number representation of permissions :)

More about chmod can be found on the Wikipedia page.

 

Now, this is all fine and well, but as long as you can't make a user or gourp owner of a file, this system will still not work. Changing the ownership of a file is done with the command chown (CHange OWNer).

 

Changing the owner of foo to geoff

chown geoff foo

Changing the group of the file foo to devs

chown :devs foo

Doing those two actions at the same time

chown geoff:devs foo

You can use the switch -R with this command to run it recursively, thus affecting every file and subfolder in a directory.

 

To change permissions and ownership of files that are owned by someone else or a group you're not part of, you'll have to use sudo.

 

The packaging system
The inner workings are not something I'll be explaining here (I don't perfectly understand them myself), but I'll tell you what you need to know about it to understand this tutorial.
Debian uses what is called a packaging system to organize and distribute most of its applications. This means that, for the most part, you won't be manually downloading applications (this is possible though) and installing them yourself. You just tell Debian to get and install everything you need for a certain functionality.

A package is something that contains a certain functionality. For instance, the package 'apache2' contains all the functionality of a web server. It does not do this on its own, however. Packages have something called dependencies. Dependencies are packages other packages depend on to function.

Now, if you need to know all the dependencies of every package you need and install all of those dependencies manually, no one would be using Debian anymore. To do this for you, there is a command you can use to automate the process of installing packages and their dependencies.

This command is 'apt-get'. apt-get will find all the dependencies of your package and install them together with the requested package. It also performs uninstallation of packages and much more.

To install something, you do the following:

sudo apt-get install package

with 'package' being the package you need, apache2 for instance.

 

 

Shutting down and rebooting
You can shut down your system with

sudo shutdown -h now

'-h' tells the server to halt after shutdown (e.g. cut power), 'now' can be changed to a time, this will make the command wait for that time before shutting down.

Rebooting your system is done with

sudo shutdown -r now

or with

sudo reboot

Back to index

Link to post
Share on other sites
Posted · Original PosterOP

Setting the right console resolution
I found this information on the Debian forums.

This step isn't strictly needed, as we'll be logging into our server over the network using SSH, but I like to include it nonetheless.

This requires the modification of a few files related to the boot loader (grub).
First, edit /etc/grub.d/00_header

sudo vi /etc/grub.d/00_header

In this file change

if loadfont `make_system_path_relative_to_its_root ${GRUB_FONT_PATH}` ; then  set gfxmode=${GRUB_GFXMODE}  insmod gfxterm

to

if loadfont `make_system_path_relative_to_its_root ${GRUB_FONT_PATH}` ; then  set gfxmode=${GRUB_GFXMODE}  set gfxpayload=keep  insmod gfxterm

Save and exit.
Then edit /etc/default/grub

sudo vi /etc/default/grub

In this file, uncomment (remove # in front of sentence) GRUB_GFXMODE and change it to the appropriate resolution.

GRUB_GFXMODE=1920x1080x32

Save and exit.
Now you only need to run

update-grub

And from now on your resolution will be set correctly during boot.

 

Back to index

Link to post
Share on other sites
Posted · Original PosterOP

Setting a static IP
This can be done in two ways: either by (1) editing /etc/network/interfaces or by (2) setting your DHCP host (e.g. router) to reserve one IP for your server.
1) Simply open /etc/network/interfaces, this will give you something like this:

simon@brol3:~$sudo vi /etc/network/interfaces# This file describes the network interfaces available on your system# and how to activate them. For more information, see interfaces(5).# The loopback network interfaceauto loiface lo inet loopback# The primary network interfaceallow-hotplug eth0iface eth0 inet dhcp

'eth0' is the primary network interface. It's possible that you have more network interfaces, but one Ethernet adapter is pretty standard.

To set a static IP address, you need to change the interfaces file as follows:

# This file describes the network interfaces available on your system# and how to activate them. For more information, see interfaces(5).# The loopback network interfaceauto loiface lo inet loopback# The primary network interfaceallow-hotplug eth0iface eth0 inet static  address 192.168.1.150  netmask 255.255.255.0  gateway 192.168.1.1  network 192.168.1.0  broadcast 192.168.1.255

Of course, you need to change the specific values to values appropriate values for your network setup. Notice the static on line 10

You finish the job by restarting your interface:

sudo /etc/init.d/networking restart

2) I did not use method one, because I want to be able to take my server and plug it into another network (when I go to a LAN, for example) and be able to use it without reconfiguring my interfaces.
I therefore opted to configure my router (or DHCP server, if that's not the same in your network) to reserve a specific IP address for my server. It does this by identifying the server's network adapter by its MAC address. To find the MAC address of your adapter you run

sudo ifconfig

which returns something like

eth0      Link encap:Ethernet  HWaddr 08:60:6e:e7:ce:c9          inet addr:192.168.0.150  Bcast:192.168.0.255  Mask:255.255.255.0          inet6 addr: fe80::a60:6eff:fee7:cec9/64 Scope:Link          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1          RX packets:25528104 errors:0 dropped:0 overruns:0 frame:0          TX packets:44800949 errors:0 dropped:0 overruns:0 carrier:0          collisions:0 txqueuelen:1000          RX bytes:19554235242 (18.2 GiB)  TX bytes:57269432066 (53.3 GiB)          Interrupt:27 Base address:0xe000lo        Link encap:Local Loopback          inet addr:127.0.0.1  Mask:255.0.0.0          inet6 addr: ::1/128 Scope:Host          UP LOOPBACK RUNNING  MTU:16436  Metric:1          RX packets:9050 errors:0 dropped:0 overruns:0 frame:0          TX packets:9050 errors:0 dropped:0 overruns:0 carrier:0          collisions:0 txqueuelen:0          RX bytes:622344 (607.7 KiB)  TX bytes:622344 (607.7 KiB)

This returns all the interfaces in your system, together with all their settings. The thing we're interested in is HWaddr, which is the hardware address or MAC address. So I configured my router (DHCP server) to reserve the IP address '192.168.1.150' for the MAC address of eth0 on my server. This is done differrently on every router/DHCP server, so I can't give you specific procedures about that.

 

Back to index

Link to post
Share on other sites
Posted · Original PosterOP

Installing SSH and other handy dandy utilities
This will be the last step before putting the server in a closet somewhere and not looking at it forever. After this step is done, you'll be able to log in to your server via a remote SSH connection.
The packages I'll be installing are the following:


  • openSSH-server, an open source implementation of the SSH server
  • htop, a CLI task manager that I really like
  • lm-sensors, a package that provides the option of reading all of the sensors on your motherboard
  • vim, an improved version of vi
  • hddtemp, reads the hard disk temperature from S.M.A.R.T.
  • hdparm, which allows you to put hard disks in standby
  • screen, a virtual console manager

This can be done in one command:

sudo apt-get install openSSH-server htop lm-sensors vim screen

SSH
SSH stands for Secure SHell and is a way of opening an encrypted tunnel between the server and your computer. Through this tunnel, you can transfer your console (remote control) as well as about any other signal or datastream (proxy).

Your SSH server doesn't need any configuration. If you want to change the port it listens to (default is 22), you need to edit /etc/ssh/sshd_config . Just edit 'Port 22' to another value or add more 'Port xxxx' lines. After that, restart the SSH server with:


sudo /etc/init.d/ssh restart

sensors
You can read your sensors with the command 'sensors'. Note that it's possible lm-sensors doesn't detect or recognize all the sensors in your system correctly. In my system, for example, non of the sensors were supported, unfortunately.

hddtemp
Reading HDD temps can be done with


sudo hddtemp /dev/sda

this will read the temperature of device sda.

hdparm
hdparm is a package that allows you to edit the power state of hard drives. The thing I'm interested in the most is standby. You can let a drive standby when it hasn't been accessed for a while.

sudo hdparm -S 1 /dev/sdb

will set sdb to sleep when it's not in use. '1' specifies the time. You can read how this time is calculated in the manual page, but I've noticed that it changes for different hard drives.

screen
Screen is a utility that allows the server to create multiple virtual consoles that can be attached to or detached from your console. This is very handy when you need to perform operations that run for a long time and you don't want or are able to keep your SSH connection open the entire duration (commands that are running in your console are stopped when your console is closed).

Screen is rather simple to use when you stick to the basic commands. You open a new virtual console with the command:

screen -S consolename

This will create a new virtual console named 'consolename'. Everything you type will be tunneled to the virtual console, as if it wasn't virtual at all. The only exception to this rule is 'Ctrl+a'. When you use that keycombo, the next character you press will be interpreted as a command to screen. For instance, use 'Ctrl+a' and then 'd' to detach the virtual console and return back to the command prompt of your actual console. You'll see a notification that says you're detached from 'consolename', so you know you're back in the actual console. You can now log out without interrupting the virtual console and thus keeping the process running in that console alive.

To stop a virtual console, simply type 'exit' in the virtual console. This will log out, thus closing the console. You'll return to your actual console with a message that your virtual console has been closed.

connecting via SSH
Now you're ready to throw your server in a closet somewhere and do the rest on your PC, connecting to the server via SSH. This can be done by using the application PuTTy on Windows or installing the package 'openssh-client' on Linux. Connecting to the server on Linux can be done by the command

ssh user@[member='Server'] -p port

Just specify the right port after -p. If you use port 22 (standard), you do not need to specify it.

 

Back to index

Link to post
Share on other sites
Posted · Original PosterOP

Creating a RAID volume
To do this, you'll need the mdadm package.

sudo apt-get install mdadm
This will ask you a couple of questions. My answers: I did not need any arrays to boot (1), nor did I want mdadm to start the arrays automatically (2). I did not want monthly redundancy checks (3) and no monitoring daemon was needed (4). Choose the answers according to your setup.

The commands for creating and managing are described very well on the mdadm wikipedia page. Note that in Debian, you'll have to use sudo for those commands to work.

If you want to assemble all MD devices that are present in your system, you can let mdadm search for them automatically by
sudo mdadm --assemble --scan

 

Back to index

Link to post
Share on other sites
Posted · Original PosterOP

Creating regular partitions (+formatting)

MAKE SURE TO BACK UP YOUR DATA BEFORE DOING THIS

The procedure I use is to first make partition(s) using fdisk and then using mke2fs to create a file system on the partition(s).

sudo fdisk /dev/sdb
will start fdisk on sdb. In fdisk you can type m for a list of all available commands. To view the partition table on sdb (together with info about the drive), use the command p. Then, use the command n to create a new partition. Follow the on screen instructions to create your partition(s). Use the command w to write the changes to disk and exit fdisk.

Now, you should have at least one partition on sdb. You can create an ext4 file system on this partition by using
sudo mke2fs -t ext4 /dev/sdb1
sdb1 being the partition and ext4 being the file system type.

 

Back to index

Link to post
Share on other sites
Posted · Original PosterOP

Creating encrypted partitions (+formatting)
I basically follow this tutorial (tutorial not online anymore). It's written for Debian 7.0, which is still under development, but works on Debian 6 as well(if you have kernel 2.6.24 or later, check with command uname -r) .

MAKE SURE TO BACK UP YOUR DATA BEFORE DOING THIS

To do this, you'll need to create a partition using fdisk (unless you wish to use the whole drive), just as in the previous step, but instead of formatting it, do the steps below. In thhis example sdc1 is the partition we're encrypting.

First, you'll need to install the package cryptsetup, which will handle all the encryption stuff. After that you need to write the disk/partition you want to encrypt full with random data (not necessary, but it's safer). Third, you encrypt the partition. After that you mount the partition and create a file system on it.

sudo apt-get install cryptsetupsudo openssl rc4 -e -kfile /dev/urandom -in /dev/zero | dd bs=100M of=/dev/sdc1 #write random data do partition or drivesudo cryptsetup -h sha256 -c aes-xts-plain -s 256 luksFormat /dev/sdc1          #encrypt the drivesudo cryptsetup luksOpen /dev/sdc1 nameyouchoose                                 #unlock the encrypted drive in /dev/mapper/nameyouchoosesudo mke2fs -t ext4 /dev/mapper/nameyouchoose                                   #format the unlocked partitionsudo mount /dev/mapper/nameyouchoose /path/to/mount/point                       #mount the unlocked partition

To unmount and lock the partition again, you execute

sudo umount /path/to/mount/pointsudo cryptsetup luksClose /dev/mapper/nameyouchoose

It's as simple as that. Do note that the second step can take very long (e.g. 12 hours or more, depending on disk size), as you generate random data and write to every bit on the partition.

 

Back to index

Link to post
Share on other sites
Posted · Original PosterOP

Mounting a partition at boot
To mount partitions at boot, there is a file called fstab (File System TABle). You can edit it with

sudo vi /etc/fstab

Each line in this file represents a file system to be mounted. To add one you create a new line with the following arguments (as explained in the file itself)

file system      mount point         type         options          dump           pass

Type is the file system type (NTFS, for example), options can usually left as default, dump and pass can be set to 0. See http://en.wikipedia.org/wiki/Fstab for a more detailed explanation.

 

Back to index

Link to post
Share on other sites
Posted · Original PosterOP

Set up a file server (windows shares)
For this you'll need a package called samba. You can install it with the standard procedure:

sudo apt-get install samba

If you want Samba to be able to authenticate users by their user account on the server, you'll need another package called libpam-smbpass, which will sync the server user base to the Samba user base.

sudo apt-get install libpam-smbpass

If you chose to install a file server during installation, the above two steps are already done.

 

Next is the configuration. Samba is configured by editing a file. This file is available at /etc/samba/smb.conf. So, start by opening that file for editing:

sudo vim /etc/samba/smb.conf

I'm going to configure Samba to allow for password secured shares. You do this by uncommenting security=user under the Authentication section. If you installed libpam-smbpass, users will have to use the username they have on the server. I prefer this for home servers, personally.
To add shares, you add a piece of text to the bottom of the document.

[share]comment = some windows sharepath = /path/to/sharebrowsable = yesguest ok = yesread only = nocreate mask = 0755

You need to add a paragraph like that per share you want to add. You change [share] to the share name you want (leave the square brackets). browseable=yes makes sure users can see the share in their explorer under Network. guest ok=yes allows for anonymous user to log in without a password. If you change this to no, users will have to sign in to access the share. create mask sets the permissions for the share. Read about the way permissions work in Linux in the Linux Basics section.
When you're done setting up the shares, you need to restart Samba:

sudo service samba restart

Note: Ubuntu users will have to use the following commands to restart Samba

sudo service smbd restartsudo service nmbd restart

Back to index

Link to post
Share on other sites
Posted · Original PosterOP

Installing a fully fledged web server (Apache2, PHP5, MySQL, Perl)

As the title suggests, there are multiple packages involved in creating a fully fledged web server. Such a server running on Linux is often referred to as a LAMP server (Linux Apache MySQL PHP). I like to add a perl interpreter to the mix as well. These packages are:

  • apache2 : this is the actual web server. If you only install this you already have a perfectly functioning web server.
  • php5 : to make websites adaptive, there are php pages. These pages have scripting inside of them that needs to be processed before sending output to the requesting clent. This process is called parsing the php page. To this you need a parser. PHP 5 is this parser.
  • mysql : this provides a database management system (DBMS). This is needed when you wan to keep a bunch of information (a list of subscribed users, for example).
  • perl : this is not needed by everyone and is often not included in a web server (hence there is only one P in LAMP). Perl is a very flexible scripting language which is very well suited for, among other things, interpreting and extracting information out of text input.

Below, I will cover the installation and configuration of each component. If you're not interested in the full blown explanation, here are the commands needed to get going quickly:

sudo apt-get install apache2 php5 mysql-server mysql-client perl libapache2-mod-php5 libapache2-mod-perl2 php5-mysqlsudo service apache2 restart

Apache

A web server is provided by the package apache2. Apache is a widespread, highly configurable and highly stable web server. We install it with

sudo apt-get install apache2

Basically, that's it! You should be able to reach your web server by opening a browser and going to the IP-address of you server. This should give you

post-519-0-04157800-1371924475.png

 

By default, your web server root directory is /var/www. Everything you put in there will be put live to the web (for as far as your router forwards port 80 to your server, that is). By default, this folder is owned by root, which means you need sudo to make changes to it or its contents. But you can change that to your username with:

sudo chown -R simon /var/www

Of course, change simon with your username.

 

If you ever change any configuration settings of apache, you need to reload apache's configuration.

sudo /etc/init.d/apache2 reload

Advanced configuration with SSL (HTTPS) is described in the next chapter.

 

 

PHP

Because I need my server to be able to parse PHP, I'm installing the package php5 as well. Now, if you do this and want apache to be able to talk with the php parser, you need libapache2-mod-php5.

You should know the procedure of installing new packages by now ;)

sudo apt-get install php5 libapache2-mod-php5

To test the PHP parser, cope the index file you just browsed to and rename that copy to index.php

cp /var/www/index.html /var/www/index.php

Then, edit the file as follows.

Change this:

<html><body><h1>It works!</h1><p>This is the default web page for this server.</p><p>The web server software is running but no content has been added, yet.</p></body></html>

To this:

<html><body><h1>It works!</h1><p>This is the default web page for this server.</p><p>The web server software is running but no content has been added, yet.</p><?phpphpinfo();?></body></html>

Now point your browser to 192.168.1.150/index.php . With 192.168.1.150 being the IP-address of your server. This should give you the same page as before, but now with a whole lot of info about your system.

post-519-0-58151700-1371924476.png

 

Note: if it doesn't work, try restarting the Apache2 service, it needs to be restarted (or reloaded) after 'libapache2-mod-php5' is installed.

sudo /etc/init.d/apache2 restart

MySQL

This requires two packages: mysql-server and mysql-client. The server package provides the DBMS itself, while the client package provides a way of connecting to that DBMS in order to talk to it.

sudo apt-get install mysql-server mysql-client

The installation of the server package will ask you for a root password. This is NOT the password of the root user account on your server!! This is a new password for the user root in your DBMS. I highly suggest picking another password for this account than you did for any of your user accounts (especially the root unix account).

 

To make MySQL available in PHP, you'll have to install php5-mysql

sudo apt-get install php5-mysql

Access the DBMS with

mysql -u root -p

To make the management of the database a lot easier, I use phpmyadmin. This is a website which provides you with all the tools needed to manage your database in a nice graphical way. I find it way easier to use this then the CLI based mysql client. As of the time of writing this, the latest version is 4.0.4. To install it, we navigate to the web server root folder /var/www, download the necessary zip with wget, unzip that zip file with unzip and give the directory a nice name to access phpmyadmin without typing half a book. We end by removing the obsolete zip file. Before we do all that, we'll have to install unzip

sudo apt-get install unzipcd /var/wwwwget http://downloads.sourceforge.net/project/phpmyadmin/phpMyAdmin/4.0.4/phpMyAdmin-4.0.4-all-languages.zipunzip phpMyAdmin-4.0.4-all-languages.zipmv phpMyAdmin-4.0.4-all-languages phpmyadminrm phpMyAdmin-4.0.4-all-languages.zip

You can now access PHPMyAdmin by navigating your browser to it. 192.168.1.150/phpmyadmin is the address for me.

 

 

Perl

NOT READY YET!!!!

This is only necessary if you're actually using perl on your web site. I include it here primarily for my own reference.

 

The process is very similar to PHP. You need to install perl itself and on top of that, you need a package that allows apache to talk to the perl interpreter. You end by reloading apache's config files.

sudo apt-get install perl libapache2-mod-perl2sudo /etc/init.d/apache2 reload

I'm not going to cover how you write perl code, but a simple way to test out if the server works is by opening a file in you web root

vi test.pl

In this file, you simply put

#! /usr/bin/perlecho "Hello world!";

If you point your browser to 192.168.1.150/test.pl, this should show a blank page with Hello world! in the top left corner.

 

Back to index

Link to post
Share on other sites
Posted · Original PosterOP

Making your webserver more secure
This will cover how to enable SSL (HTTPS) in Apache2 and how to redirect all HTTP requests to HTTPS request (e.g. make sure every web page you host is delivered over HTTPS).

Enabling SSL
SSL is what will encrypt your data as you sent it to the users. You enable it by enabling the apache2 module 'ssl' and by enabling the site 'default-ssl' . You do this with:

sudo a2enmod sslsudo a2ensite default-ssl

After that, you need to create certificates. There are two major types: self-signed and signed by a Certificate Authority. Certificate Authorities (CA) are trusted companies that say to people "hey, the certificate of PayPal is this one." Your browser then uses the certificate the CA gives out for PayPal to decrypt the encrypted data form PayPal. That way you're sure you don't get to a website hosted by a bad person posing to be PayPal by accident.

The problem with CAs is that it costs money to get your certificate signed by them. So if it's not critical that the identity is certified, like for personal use where the chance of a man-in-the-middle attack is pretty insignificant, it's easier and cheaper to sign the certificate yourself.

To create self-signed certificates for Apache to use, you execute the following command:

sudo make-ssl-cert generate-default-snakeoil --force-overwrite

After this, restart Apache to enable everything for real:

sudo /etc/init.d/apache2 restart

You can try out your secure connection by going to 'https://192.168.1.150' where, as always, you replace the IP-address with the IP-address of your server. This wil give you something like this:

post-519-0-89732300-1375378780.png

This is Firefox letting you know that it can not verify the identity of the server giving out the certificate, because it isn't signed by a Certificate Authority. This doen NOT mean that this isn't a secure connection, your data is still being encrypted.

Redirecting HTTP to HTTPS
If you want to be sure that everyone accessing your web server is accessing it securely, you need to redirect any regular HTTP requests to HTTPS requests for the same file. An example of this is Google. Google recently started using HTTPS for all of their services. If you browse to http://google.com you'll actually end up at https://google.com. This is what we're going to do too.

First thing to do is to enable the rewrite module. This module will adapt the URL the client requested to a secure version of that URL.

sudo a2enmod rewrite

Next, we need to change the default HTTP virtual host to do the redirection on any HTTP request reaching the server. Before we do that, we back up the default http virtual host:

sudo cp /etc/apache2/sites-available/000-default /etc/apache2/sites-available/000-default.bak

Then, change /etc/apache2/sites-available/000-default to the following:

ServerAdmin webmaster@[member='localhost']# Turn on the rewrite engineRewriteEngine On# Check if the request is HTTPRewriteCond %{HTTPS} !=on# Rewrite the client requestRewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]

The only thing left to do now is restarting apache:

sudo /etc/init.d/apache2 restart

You can also choose to reload it

sudo /etc/init.d/apache2 reload

Your whole website hould be redirected to HTTPS now.
 

 

Back to index

Link to post
Share on other sites
Posted · Original PosterOP

Installing phpsysinfo
phpsysinfo is a package that provides a web page with a lot of info about your system, which is handy to monitor the memory and disk usage or system load from time to time, by just visiting your server in your browser. You can install it in the regular way:

sudo apt-get install phpsysinfo

By default the web page will be in /usr/share/phpsysinfo. I always move that to my www root:

sudo mv /usr/share/phpsysinfo /var/www

If your web server is public, you might want to make sure phpsysinfo isn't hosted publicly. It may share info about your server to people who you don't to want to share it with. You have been warned ;)

 

Back to index

Link to post
Share on other sites

A very good and comprehensive guide so far. I look forward to reading the rest, especially the section on owncloud.

I have a few suggestions which you might consider though:

The installation part feels a bit short, mostly because it doesn't cover partitoning and filesystem creation. I know there are lots of guides out there that already cover this, so maybe you could link to one? the choice of whether or not to set seperate parititions for /var /home et al. and which filesystem to choose can be pretty intimidating for someone new to linux.

Mounting a drive is not just to declare a mount point, it is done so that the kernel can read and recognise the filesystem and run checks etc. Windows mounts drives too, the difference being that windows mounts everything automatically.

I don't think the analogy of C:\ to / is very accurate, since EVERYTHING exists under root, but not so under C:\. I understand that the FHS might be hard to get to grips with for new users, but it's a bit of a stretch.

The section on mounting devices seems a bit confusing as per how block devices are referenced. The idea that a file represents a device is strange to new users, so might need a bit more explainig? block devices are not always /dev/sdX, they can have strange names especially if you are using a raid card in JBOD. a good way to actually find your drives is with lsblk -f. generally speaking, /dev/sda will be the drive plugged into sata0, /dev/sdb in sata1 etc on an ATX mobo, but not always.

It may be a good idea to mention how to secure an SSH server properly, especially if it will be opened to the net. disallowing root logins, not running on 22 and using key pairs are a must IMO.

Are you aware that you need to run sensors-detect first in order to load the correct kernel modules in order to use the sensors command? It's unlikely to work otherwise.

The wikipedia page may be useful, but Linux raid wiki is a far better and more in depth resource for setting up mdraid. It also covers aspects like chunk size and how to properly determine stripe size on the filesystem, as well as a few more performance pointers. Personally I also think the monitor tool is worth running since you can set it up to inform you (by email or twitter for example) when a drive drops out of the array.

On a server which exclusively runs linux, I don't see the point of using fdisk MBR instead of the GPT tools like gdisk, cgdisk etc. GPT is far more flexible and there are no stupid limitations on whether or not you can use GPT on BIOS like on windows.

Hopefully I'm not being over critical :)

Link to post
Share on other sites
Posted · Original PosterOP
Hopefully I'm not being over critical smile.png

Absolutely not! You're clearly a lot more experienced than me, so please, do share the knowledge! You actually taught me few new things in this very post, so I'm happy.

The installation part feels a bit short, mostly because it doesn't cover partitoning and filesystem creation. I know there are lots of guides out there that already cover this, so maybe you could link to one? the choice of whether or not to set seperate parititions for /var /home et al. and which filesystem to choose can be pretty intimidating for someone new to linux.

I might expand this in the future... I'm writing this as I go, so it actually slows the progress on my server down a fair bit, I wanted to get cracking at it right away ;)

Mounting a drive is not just to declare a mount point' date=' it is done so that the kernel can read and recognise the filesystem and run checks etc. Windows mounts drives too, the difference being that windows mounts everything automatically.[/quote']

I'll probably be rewriting that tonight/later on. What I was trying to say is that in Linux, it isn't done automatically, so in order to access the drive you have to mount it manually (unless you're on a GUI, where mounting things like USB drives is often done automatically upon detection). I wanted to keep this tutorial understandable by absolute beginners, so things about the kernel are mostly left out in the Linux Basics section. I also am not an expert on those matters, so as long as I get the point across about why you need to mount drives, I think it should be fine.

I don't think the analogy of C:\ to / is very accurate' date=' since EVERYTHING exists under root, but not so under C:\. I understand that the FHS might be hard to get to grips with for new users, but it's a bit of a stretch.[/quote']

You're completely right on this one and it will get rewritten.

The section on mounting devices seems a bit confusing as per how block devices are referenced. The idea that a file represents a device is strange to new users' date=' so might need a bit more explainig? block devices are not always /dev/sdX, they can have strange names especially if you are using a raid card in JBOD. a good way to actually find your drives is with lsblk -f. generally speaking, /dev/sda will be the drive plugged into sata0, /dev/sdb in sata1 etc on an ATX mobo, but not always.[/quote']

It may be a good idea to mention how to secure an SSH server properly' date=' especially if it will be opened to the net. disallowing root logins, not running on 22 and using key pairs are a must IMO.[/quote']

I don't know how to set up the key pairs as of yet (never really thought about doing it), I welcome you to post the howto here and I'll make an entry in the original post. Root logins are impossible if you disable the root password. I did mention how to change the port, I probably should edit to recommending it...

Are you aware that you need to run sensors-detect first in order to load the correct kernel modules in order to use the sensors command? It's unlikely to work otherwise.

Yes, I even went so far as to explicitly download the latest sensor-detect script, to no avail :( I forgot to mention it in the tutorial, apparently.

The wikipedia page may be useful' date=' but Linux raid wiki is a far better and more in depth resource for setting up mdraid. It also covers aspects like chunk size and how to properly determine stripe size on the filesystem, as well as a few more performance pointers. Personally I also think the monitor tool is worth running since you can set it up to inform you (by email or twitter for example) when a drive drops out of the array.

Hmmm, I'll look into it myself (never seen that website before, to be honest). The reason I included the Wikipedia page is because it's a very simple summary of the commands needed to get a basic RAID setup up and running. I'll get back on that later on.

On a server which exclusively runs linux' date=' I don't see the point of using fdisk MBR instead of the GPT tools like gdisk, cgdisk etc. GPT is far more flexible and there are no stupid limitations on whether or not you can use GPT on BIOS like on windows.[/quote']

The reason I did it like that is because it simply never occured to me to use GPT. Going to try that out, though.

Link to post
Share on other sites
Posted · Original PosterOP

Setting up personal cloud storage

 

<THIS IS OUT OF DATE, USE OWNCLOUD'S DOCS FOR UP TO DATE INSTRUCTIONS! >

This part will cover how to set up ownCloud, a piece of free, open source software that turns your web server into a cloud storage server. A cloud storage server is basically a server that provides functionality like DropBox. ownCloud is perfect because it is free, runs completely encrypted over SSL and is able to store your data encrypted. I would still opt to put your data on an encrypted device/partition, though. For Debian (and Ubuntu), there is a package available that should install ownCloud for you. I opted to install it manually, though. I follow the official documentation.

Make sure you have a web server capable of providing HTTPS available (you can follow the instructions in previous posts).

The first thing to do is install some packages that are needed by ownCloud to run properly (read: dependencies).

sudo apt-get install apache2 php5 php5-gd php-xml-parser php5-intlsudo apt-get install php5-sqlite php5-mysql smbclient curl libcurl3 php5-curl

These are the official dependencies, listed on the ownCloud installation documentation. We already have apache2 and php5 installed, so you can leave those out if you want. You can leave them in as well, it doesn't matter.

Next thing to do is to download the tarball in which owncloud resides. You can find the latest at https://owncloud.org/support/install/ , just click the .tar button and step one will provide you with a link to a .tar.bz2 file, copy this link or write it down. At the time of writing, the latest version is owncloud-4.5.7.tar.bz2. We tell the server to download this like this:

cd /var/wwwwget http://mirrors.owncloud.org/releases/owncloud-4.5.7.tar.bz2

This will download the tarball into your web server root directory. You extract this tarball by first unzipping it, leaving you with a .tar and then untarring it, leaving you with the contents of the tarball. After that, you may delete the tarball.

sudo apt-get install bunzip2bunzip2 owncloud-4.5.7.tar.bz2tar -xf owncloud-4.5.7.tarrm owncloud-4.5.7.tar

The next thing to do is decide where you want the data directory of ownCloud to be. This means: where does ownCloud store the data you put on it? You should never, ever use a subdirectory of /var/www, as this will make the files accessible from the web without logging in on the ownCloud page. I went for /var/owncloud/data, but you may pick another folder as well.

sudo mkdir -p /var/owncloud/data

After this, point your browser to 192.168.1.150/owncloud . As always, replace 192.168.1.150 with the IP address of your server. This will bring up the ownCloud setup wizard. Fill in a new username and password pair, this will be the account of the primary user (admin). Click 'Advanced' and enter the folder where you want the data to be stored. Click 'Finish Setup'.

You should be logged into your ownCloud account now. In the bottom left, you can access the settings menu. In 'Personal settings' you can access the link to download the sync clients for Linux, Windows and Mac. In the 'Users settings', you can create and manage user accounts and groups.

You now have your personal cloud storage server! Just download the ownCloud client from their website and install it on any computer you want to include in the cloud.

 

Back to index

Link to post
Share on other sites
Posted · Original PosterOP

Also, is there a *security* benefit from using key pairs with SSH? I thought the system of using a key file to log in was just to not need to enter a password every time you connect. Or am I seeing this wrong?

Link to post
Share on other sites

Great guide... but abit missing on parts as mentioned by azeotrope. Also, could you cover on mounting permissions, creating user accounts and setting up a streaming server?

This is a great guide, could the mods please sticky this?


The Internet is invented by cats. Why? Why else would it have so much cat videos?

Link to post
Share on other sites
Hopefully I'm not being over critical smile.png

Absolutely not! You're clearly a lot more experienced than me, so please, do share the knowledge! You actually taught me few new things in this very post, so I'm happy.

The installation part feels a bit short, mostly because it doesn't cover partitoning and filesystem creation. I know there are lots of guides out there that already cover this, so maybe you could link to one? the choice of whether or not to set seperate parititions for /var /home et al. and which filesystem to choose can be pretty intimidating for someone new to linux.

I might expand this in the future... I'm writing this as I go, so it actually slows the progress on my server down a fair bit, I wanted to get cracking at it right away ;)

Mounting a drive is not just to declare a mount point' date=' it is done so that the kernel can read and recognise the filesystem and run checks etc. Windows mounts drives too, the difference being that windows mounts everything automatically.[/quote']

I'll probably be rewriting that tonight/later on. What I was trying to say is that in Linux, it isn't done automatically, so in order to access the drive you have to mount it manually (unless you're on a GUI, where mounting things like USB drives is often done automatically upon detection). I wanted to keep this tutorial understandable by absolute beginners, so things about the kernel are mostly left out in the Linux Basics section. I also am not an expert on those matters, so as long as I get the point across about why you need to mount drives, I think it should be fine.

I don't think the analogy of C:\ to / is very accurate' date=' since EVERYTHING exists under root, but not so under C:\. I understand that the FHS might be hard to get to grips with for new users, but it's a bit of a stretch.[/quote']

You're completely right on this one and it will get rewritten.

The section on mounting devices seems a bit confusing as per how block devices are referenced. The idea that a file represents a device is strange to new users' date=' so might need a bit more explainig? block devices are not always /dev/sdX, they can have strange names especially if you are using a raid card in JBOD. a good way to actually find your drives is with lsblk -f. generally speaking, /dev/sda will be the drive plugged into sata0, /dev/sdb in sata1 etc on an ATX mobo, but not always.[/quote']

It may be a good idea to mention how to secure an SSH server properly' date=' especially if it will be opened to the net. disallowing root logins, not running on 22 and using key pairs are a must IMO.[/quote']

I don't know how to set up the key pairs as of yet (never really thought about doing it), I welcome you to post the howto here and I'll make an entry in the original post. Root logins are impossible if you disable the root password. I did mention how to change the port, I probably should edit to recommending it...

Are you aware that you need to run sensors-detect first in order to load the correct kernel modules in order to use the sensors command? It's unlikely to work otherwise.

Yes, I even went so far as to explicitly download the latest sensor-detect script, to no avail :( I forgot to mention it in the tutorial, apparently.

The wikipedia page may be useful' date=' but Linux raid wiki is a far better and more in depth resource for setting up mdraid. It also covers aspects like chunk size and how to properly determine stripe size on the filesystem, as well as a few more performance pointers. Personally I also think the monitor tool is worth running since you can set it up to inform you (by email or twitter for example) when a drive drops out of the array.

Hmmm, I'll look into it myself (never seen that website before, to be honest). The reason I included the Wikipedia page is because it's a very simple summary of the commands needed to get a basic RAID setup up and running. I'll get back on that later on.

On a server which exclusively runs linux' date=' I don't see the point of using fdisk MBR instead of the GPT tools like gdisk, cgdisk etc. GPT is far more flexible and there are no stupid limitations on whether or not you can use GPT on BIOS like on windows.[/quote']

The reason I did it like that is because it simply never occured to me to use GPT. Going to try that out, though.

keys are more secure than passwords, since its virtually impossible to brute force when opening it to the net. There is also the convenience factor when logging in to multiple servers by using a keychain.
Link to post
Share on other sites
Yes' date=' I even went so far as to explicitly download the latest sensor-detect script, to no avail I forgot to mention it in the tutorial, apparently.[/quote'] That may be because you are running a relatively recent mobo on an older debian kernel (2.6.x im guessing?) and the sensors modules haven't been updated to include probing for ivy bridge. You might want to try to run something like a fedora live cd/usb to see if that works.

I also forgot to mention that you don’t need sudo in front of the su command. su will prompt you to for the root password anyway.

I don't know how to set up the key pairs as of yet (never really thought about doing it)' date=' I welcome you to post the howto here and I'll make an entry in the original post.[/quote']Sure, Here's a basic how to with some explanation of key pairs:

A keypair consists of a private and public key. In the case of SSH, the public key will sit on your server and can be freely transferred between computers and be given to others without any security risk. Generally speaking a public key encrypts information and a private key decrypts it. Basically this works by the server issuing a "challenge" and encrypting it using the public key, which can only be answered correctly by a computer if it has the correct private key. From there a secure and encrypted connection is established.

on a Windows client:

To generate a key pair download PuTTYgen from here and run it. At the bottom of the window check ssh2 RSA, put the bits at 2048 and generate the key. Enter a passphrase that will be used to secure your private key, which will need to be entered every time you use it like a password. Click save private key and save it somewhere safe. Now you will need to save the public key on the server. To do this, Download wincsp, run it, click new and enter your servers IP, username and password like you would in PuTTY. Save the profile and connect. Once in, go into the .ssh folder on your server. Create a file called authorized_keys if it is not there already. Copy the text from PuTTYgen in the window below where it says "public key for pasting into OpenSSH authorized_keys file:†into the authorized_keys file, save it and exit. Now you can test your key with PuTTY, by loading your PuTTY profile and go to the SSH>Auth section where you can browse to your private key. Save your profile and connect.

On a Linux client:

To generate a key pair, use the ssh-keygen command, which should come with the OpenSSH package (I’m not a debian guy so not entirely sure on this). Run the command as:

ssh-keygen -t rsa -b 2048

and it will prompt you with a few questions. The only thing that will need to be entered is the passphrase, the defaults are fine for the rest so just push enter past each one. Now you copy the public key to the server with:

 ssh-copy-id -i ~/.ssh/id_rsa.pub -p @

SSH will use your private key as the default key when you connect, so you can ssh in as usual and it will prompt you for the passphrase.

Link to post
Share on other sites
Posted · Original PosterOP
Yes' date=' I even went so far as to explicitly download the latest sensor-detect script, to no avail I forgot to mention it in the tutorial, apparently.[/quote'] That may be because you are running a relatively recent mobo on an older debian kernel (2.6.x im guessing?) and the sensors modules haven't been updated to include probing for ivy bridge. You might want to try to run something like a fedora live cd/usb to see if that works.

I also forgot to mention that you don’t need sudo in front of the su command. su will prompt you to for the root password anyway.

I don't know how to set up the key pairs as of yet (never really thought about doing it)' date=' I welcome you to post the howto here and I'll make an entry in the original post.[/quote']Sure, Here's a basic how to with some explanation of key pairs:

A keypair consists of a private and public key. In the case of SSH, the public key will sit on your server and can be freely transferred between computers and be given to others without any security risk. Generally speaking a public key encrypts information and a private key decrypts it. Basically this works by the server issuing a "challenge" and encrypting it using the public key, which can only be answered correctly by a computer if it has the correct private key. From there a secure and encrypted connection is established.

on a Windows client:

To generate a key pair download PuTTYgen from here and run it. At the bottom of the window check ssh2 RSA, put the bits at 2048 and generate the key. Enter a passphrase that will be used to secure your private key, which will need to be entered every time you use it like a password. Click save private key and save it somewhere safe. Now you will need to save the public key on the server. To do this, Download wincsp, run it, click new and enter your servers IP, username and password like you would in PuTTY. Save the profile and connect. Once in, go into the .ssh folder on your server. Create a file called authorized_keys if it is not there already. Copy the text from PuTTYgen in the window below where it says "public key for pasting into OpenSSH authorized_keys file:†into the authorized_keys file, save it and exit. Now you can test your key with PuTTY, by loading your PuTTY profile and go to the SSH>Auth section where you can browse to your private key. Save your profile and connect.

On a Linux client:

To generate a key pair, use the ssh-keygen command, which should come with the OpenSSH package (I’m not a debian guy so not entirely sure on this). Run the command as:

ssh-keygen -t rsa -b 2048

and it will prompt you with a few questions. The only thing that will need to be entered is the passphrase, the defaults are fine for the rest so just push enter past each one. Now you copy the public key to the server with:

 ssh-copy-id -i ~/.ssh/id_rsa.pub -p @

SSH will use your private key as the default key when you connect, so you can ssh in as usual and it will prompt you for the passphrase.

Thanks, I'll work on it tonight.

On the su thing: the users that follow this guide will have to use sudo su, because I always disable the root password.

Link to post
Share on other sites
Posted · Original PosterOP
Great guide... but abit missing on parts as mentioned by azeotrope. Also, could you cover on mounting permissions, creating user accounts and setting up a streaming server?

This is a great guide, could the mods please sticky this?

Oh, I totally forgot users and groups in the "Linux basics" section. Damnit.

Also, what do you mean with streaming server? Which protocol are you after? I just mount the samba shares on my Windows desktop and stream all my movies and music of of it as if it were a local hard drive.

I'll be editing this guide soon, when I find the time ;) Thanks for your feedback!

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

Buy VPN

×