Howto: create your own linux home server using Debian

[goldfinger5]

Hey MG2R great tutorial !

 

any plans to expand?  i.e. gateway server,backup server,openvpn,nfs,bittorent server, etc.etc.

[MG2R]

Hey MG2R great tutorial !

 

any plans to expand?  i.e. gateway server,backup server,openvpn,nfs,bittorent server, etc.etc.

Thanks, usually, I expand it whenever I set up something new, although I think that this guide is pretty much completed.

With that, I mean that all parts of it are centered around a home data server that can be set up by newbies. Things like gateway servers are not really coherent with that definition. I might still be doing NFS and bittorrent, although I don't really use those on my server.

[nik96]

Is it possible to have a router/gateway and a fully fledges linux server as one?

[MG2R]

Is it possible to have a router/gateway and a fully fledges linux server as one?

it is.

[nik96]

I dont see many people doing this, any reason why this aint popular.

 

Is it possible to setup some QOS rules in linux when acting as a router.

And this would mean ur modem would connect to ur linux server which would then connect to a switch. Right?

 

Sorry for all these questions. Im really keen on doing this.

[MG2R]

Possible to put everything on one server? Why don't I see this happening?

Yes, it is. It doesn't get done often because:

1. routing can be done on small, low-power hardware that can be set in a closet and forgotten about. Since it can be done with relatively unbreakable hardware (small SSD for OS, small PSU, embedded CPU), it's often easier and more flexible to put it on a separate hardware.
2. availability. A storage server can have quite the complex setup, which can have hidden things that may at some point crash the server. When such a thing happens, you don't want your internet access, routing, DHCP,... to fail as well.
3. security. A firewall/gateway should have the least possible amount of ports opened up and the least amount of hackable services running, since that's the point of entry into your local network. Preferably there isn't even SSH running on the thing and you would need to manage it via hardware access only.

So yes, it is possible, but it isn't recommended.

 

 

Is it possible to setup some QOS rules in linux when acting as a router.

Not an expert on this, but I would assume it is possible somehow, seeing that the professional routers often run Linux.

 

 

And this would mean ur modem would connect to ur linux server which would then connect to a switch. Right?

yes

 

 

Sorry for all these questions. Im really keen on doing this.

All questions are welcome

[Vitalius]

-snip-

Read it. 

Doesn't cover the thing I need. Like, how do you manage the permissions of multiple groups and users in regards to a single file/folder. Example:

Where I can individually define multiple users' permissions for a file without using a group. Or configure multiple group permissions. 

I suppose I could make a group of groups and do it that way, but is such a thing necessary or is there some better way to do it? Don't get me wrong, I get there's no GUI for it, but I'd imagine Linux has such functionality. I'd just rather it be not overly or unnecessarily complex (group of groups) if there's a tool for it.

[MG2R]

Where I can individually define multiple users' permissions for a file without using a group. Or configure multiple group permissions.

If you're trying to set permissions for CIFS shares, you need to alter those in the samba config (which has a nice UI on FreeNAS, I suppose?).

 

I thought you wanted to control which services can access a drive? In such a case, you need to run each service as a separate user (like, SABnzbd+ could run as user 'sab') and then put those users in a group that has permission to access the disk.

 

(for those interested: this conversation started at http://linustechtips.com/main/statuses/user/2414-vitalius/?status_id=24527)

[Vitalius]

If you're trying to set permissions for CIFS shares, you need to alter those in the samba config (which has a nice UI on FreeNAS, I suppose?).

 

I thought you wanted to control which services can access a drive? In such a case, you need to run each service as a separate user (like, SABnzbd+ could run as user 'sab') and then put those users in a group that has permission to access the disk.

 

(for those interested: this conversation started at http://linustechtips.com/main/statuses/user/2414-vitalius/?status_id=24527)

No, I'm trying to set it for what you said. Plugins (basically services) accessing a directory. Though FreeNAS does has a relatively simple UI for that for CIFS shares, yes.

I was just curious if there were some way to set it up how Windows does it. Where I can have multiple users with multiple different sets of permissions that are not in the same group. i.e. you right click a folder/file and go to security tab in Windows and it gives you that interface where you pretty much have free reign to define permissions for each user individually.

Basically, cp, sb, pms, and tm all need certain permissions for a certain directory. However, tm needs read access only, sb & cp needs read/write, and pms, needs read/write/execute. That's just an example of one of the directory's permission configurations. For a different directory, both cp & tm need read/write. 

So I wouldn't know how to define 3 different sets of permissions for a single directory (i.e. read only, read/write, and read/write/execute) at the same time for multiple users, and to have it work with multiple drives in a secure way, I'd have to create multiple groups that each service-user is a part of. i.e. cp & tm's read/write group, then sb & cp's read/write group, then ... so on.

That's why I asked if there were a more controlled way to do it. Like, I go to the directory and just say "Ok, this user gets these permissions." and then I repeat that process for 4 users, but I don't see a command for that and chown/chmod aren't powerful enough to do it AFAIK. 

However, and this is important, that diagram is assuming I just chmod 777 everything. I'd rather not do that obviously. Or that I set all owners/groups to guest which is basically wide open access as it is in FreeNAS.

[IdeaStormer]

..snip..

 

 

Yea, but chmod 777 is too destructive from a security point of view and from a permissions fail safe as well. With chmod 777 any of those services if they go wrong can ruin anything they can touch, not good. You would of been better off making sure the service user had a unique group and using chmod g+rwx on their respective folder.

 

We can PM smb.conf files if you want to see more examples of group restricted shares.

[Vitalius]

Yea, but chmod 777 is too destructive from a security point of view and from a permissions fail safe as well. With chmod 777 any of those services if they go wrong can ruin anything they can touch, not good. You would of been better off making sure the service user had a unique group and using chmod g+rwx on their respective folder.

 

We can PM smb.conf files if you want to see more examples of group restricted shares.

Oh, I understand 777 being terrible for security and other things. That's why I would prefer a way to fix it. 

They don't have a respective folder. The same folder that tm needs to access is the same folder sb needs to access. An example: sb dumps a file in the folder, then tm grabs it and uses it. Then tm dumps new files in another folder that sb needs to access to register that tm did what it was meant to do. 

These plugins are meant to work in tandem to automate some processes. So keeping them separate on what directories they can access defeats the purpose. But at the same time, I'd like to only give them what they need to do what they need to do. 

That would be useful. Thanks.

[alpenwasser]

- snip -

 

- snip -

 

- snip -

What about access control lists? I recently stumbled upon them when

setting up APOLLO, however I don't really need the additional features

they seem to offer over standard permissions, so I have not personally

experimented with them and don't really know a lot about what they

can and cannot do.

Still, some links I found during that time:

http://www.centos.org/docs/5/html/Deployment_Guide-en-US/ch-acls.html

https://wiki.archlinux.org/index.php/Access_Control_Lists

http://beginlinux.com/server_training/server-managment-topics/1038-ubuntu-804-access-control-lists

http://linuxcommando.blogspot.ch/2007/12/basic-linux-permission-model-lets-you.html

http://linux.about.com/library/cmd/blcmdl5_acl.htm

http://linux.about.com/library/cmd/blcmdl1_setfacl.htm

EDIT:

I haven't gone through the entire conversation up to

this point again, so apologies if this has already

been mentioned and dismissed.

[Vitalius]

 EDIT:

I haven't gone through the entire conversation up to

this point again, so apologies if this has already

been mentioned and dismissed.

It hasn't been mentioned yet. I'll read up on it when I get home (if Dark Souls 2 doesn't steal all my time). The only thing is that I don't know if FreeNAS will acknowledge them. It is FreeBSD, but I don't know what is and isn't used. We'll see. Thanks.

[Arquiteto]

Installing NTP

 

Network Time Protocol (NTP) is a networking protocol for clock synchronization between computer systems over packet-switched, variable-latency data networks. NTP you keep your clock sync'd with UTC using a great precision protocol.

 

Before we start

 

NTP may not work properly if our "delta" is higher than 16 min. If its your case, you must setup your clock manually first.

root@[member=Hostile]:~# date 01251300#date MMDDhhmm#date jan/25, 13h00m <- my birthday 

How to Install NTP?

 

Using Debian as reference:

root@[member=Hostile]:~# aptitude update root@[member=Hostile]:~# aptitude install -y ntp ntp-doc

This will install ntp daemon, ntp docs and the initial config, though it's pretty functional, let's customize it!

 

2. Google for ntp <my country>, in my case "ntp Brasil". I found ntp.br, the oficial Brazillian ntp server. There, you must find their server list. Some examples:

Brasil - ntp.brItalia - http://www.inrim.it/ntp/Deutschlan - http://www.ptb.de/de/org/q/q4/q42/ntp/ntp_main.htm...or just xx.pool.ntp.org ; where xx is your country code: br/ar/it/fr...

3. Tweak your config file:

root@[member=Hostile]:~# nano /etc/ntp.conf

#comment debian default servers (lines 21,...,24)# server 0.debian.pool.ntp.org iburst# server 1.debian.pool.ntp.org iburst# server 2.debian.pool.ntp.org iburst# server 3.debian.pool.ntp.org iburst# Here goes my servers (ntp.br)        server a.st1.ntp.br iburst        server b.st1.ntp.br iburst        server c.st1.ntp.br iburst        server d.st1.ntp.br iburst        server gps.ntp.br iburst        server a.ntp.br iburst        server b.ntp.br iburst        server c.ntp.br iburst

Now we should make sure our server only accepts requests inside our network:

#restriction rule near lines 47~50#restrict <my network ip> mask <my mask> nomodify notraprestrict 192.168.1.0 mask 255.255.255.0 nomodify notrap

Check if your ntp serve needs any additional rules, for ntp.br I've changed:

#From        restrict -4 default kod notrap nomodify nopeer noquery        restrict -6 default kod notrap nomodify nopeer noquery#To        restrict default kod notrap nomodify nopeer noquery        restrict -6 default kod notrap nomodify nopeer noquery

Let's check if everything is OK

root@[member=Hostile]:~# ntpq -p

Bonus Stage! Setup your client

 

Now, you can setup windows/linux to use your own time server.

 

Windows 7/8 client:

• click on your clock, your system calendar will pop up;
• Change date and time settings...;
• Internet time;
• Change settings;
• Type your server ip: 192.168.1.200;
• Click Update now;
• Profit!

Linux client:

root@[member=Hostile]:~# ntpdate -u 192.168.1.200

OSX client:

I don't know!

Sorry about my English!  

[Shaqalac]

I'm a bit stuck at then partition part. Now that I have 60GB of storage on the OS drive, how should I spread my many gigabytes. I know this depends a lot of what my system will be used for.

In MG2R's installation part he has 7.8GB in /home, what kind of files could this be?

 

Here it's recommended to have as much swap as you have RAM. Right now I have 4GB of RAM and still have an unoccupied slot for 4GB more, so I'm thinking of 8GB for swap.

[MG2R]

In MG2R's installation part he has 7.8GB in /home, what kind of files could this be?

in my /home reside some random files that I need to have in a separate bittorrent sync secret. My whole documents folder on the RAID is in one secret, and because BTsync doesn't support shared subfolders, I needed to put those files on the SSD.

 

 

Here it's recommended to have as much swap as you have RAM. Right now I have 4GB of RAM and still have an unoccupied slot for 4GB more, so I'm thinking of 8GB for swap.

 

I'm getting the idea that that site isn't all that up to date anymore. There really isn't any reason to have that much swap. To give you an idea of memory usage, here's a screencap of both my home server, and my VPS: http://puu.sh/86noL

 

You may notice that my home server doesn't even have swap. Basically, if you're not doing anything special that uses hoards of RAM, a 1 - 2 GB swap is prolly plenty. I would advise against doing what I did (no swap) and just have a gig or two -- even if you don't strictly need it. It's a nice measure to keep the system from crashing in the odd case you do run out of RAM.

 

Also, keep in mind that you can simply add swap space at any point in time, so there's not really a need to use such a big partition. But feel free to do so if you wish.

 

 

Now that I have 60GB of storage on the OS drive, how should I spread my many gigabytes.

 

With that space, I would go for sth like

20 GB /30 GB /home 2 GB swap

Installing NTP

 

Could you add an explanation of what you're about to to do in the prelude? Also, if at all possible, add more explanation. The idea is that this tut should be newb-friendly, so more info = more better

Will add you to the OP. Thanks for your contribution!

[Shaqalac]

I'm getting the idea that that site isn't all that up to date anymore. There really isn't any reason to have that much swap. To give you an idea of memory usage, here's a screencap of both my home server, and my VPS: http://puu.sh/86noL

I figured when they listed the example with 32MB of RAM, I thought the principle still counted.

2GB of swap it is.

 

With that space, I would go for sth like

20 GB /30 GB /home 2 GB swap

So the reason for this disposition is because of this?

Also, keep in mind that you can simply add swap space at any point in time, so there's not really a need to use such a big partition. But feel free to do so if you wish.

 

Other than that it sounds reasonable and was what I had in mind, except from the swap partition.

[MG2R]

So the reason for this disposition is because of this?

It's always handy to keep some free space on that SSD, for a multitude of reasons:

1. It gives you flexibility later on
2. It allows for easy adaptation to needs that may not be apparant right now
3. It helps preserve SSD life (not that much of a factor anymore, but still)
4. You probably won't be using a lot of space on your SSD, so creating a big-ass /home partition from the get-go probably isn't necessary
5. Growing partitions is usually easier than shrinking them

If you place the free space between / and /home, you can grow either partition with moving stuff around

[MatheusSanzo]

 

Linus approves.

[MG2R]

Linus approves.

Wut? http://puu.sh/8Dlx1.png

[alpenwasser]

 

Linus approves.

 

 

Wut? http://puu.sh/8Dlx1.png

Apparently he doesn't.

[Shaqalac]

If you place the free space between / and /home, you can grow either partition with moving stuff around

How do I do that, I'm at the point where I've created my partitions for /, /home and swap.

• Started with creating / as primary in the beginning and it got #1.
• Then created /home as primary but in the end and it got #2.
• Last I created swap as logical in the end as well and it got #5.

Visually when the partitions are listed it looks like this:

#1 Primary 20.0GB /8.0GB Free space#5 Logical 2.0GB swap#2 Primary 30.0GB /home

Should I go with the # or with the visual listing?

And does it makes any differences whether /home is primary or logical?

[alpenwasser]

How do I do that, I'm at the point where I've created my partitions for /, /home and swap.

There are multiple ways to shrink/grow partitions, but a common

way to do it is via a special Linux distro called Parted Magic.

It has all the necessary tools to do this rather conveniently,

although you can go other routes.

Visually when the partitions are listed it looks like this:

#1 Primary 20.0GB /8.0GB Free space#5 Logical 2.0GB swap#2 Primary 30.0GB /home

Should I go with the # or with the visual listing?

The deciding factor will be the sector numbers AFAIK. You need

to check on which sector each partition starts and ends, then

you can find out where the partitions physically reside on your

disk.

One possible way to go about that is to run fdisk on your drive,

then print the partition table with 'p' from inside the program,

it should display the numbers for each partition and enable you

to work this out.

As an example, this is what it looks like on my laptop. The thing

to examine are the "Start" and "End" columns:

And does it makes any differences whether /home is primary or logical?

Not to my knowledge. I've even had /boot inside a logical partition at

some point (although usually I don't), didn't cause any issues either.

[MG2R]

How do I do that, I'm at the point where I've created my partitions for /, /home and swap.

[...]

In your case, I would just start again. To get

/free/homeswap

You would start with /, primary in beginning of FS. Then swap, logical, end of FS. Lastly, you do /home, logical or primary, at the end

[Jaybird]

MG2R might want to check on owncloud tutorial. I returned with 404 errors on links. owncloud has been updated to 6.0.3 at the time of writing this.