Now that we have successfully installed the operating system, anti-virus, FTP and web servers, it's time to start creating users and configuring the system so that it works the way we want it to. Well, the way I need it to for this particular project - and if you're just learning how to set up such server as this, maybe how you want it to work as well.
3. Add Users
First we're going to add the users. We will be adding them as potential users for the entire system, and then restricting their access later. My instructor has specified that I name my users "wsc1", "wsc2", et cetera. You can choose more creative names for your users, obviously - just replace "wsc#" with whatever username you prefer. Here's how to do it:
sudo adduser wsc1
If you're logged in as root, you won't need to use the "sudo" command. After pressing enter, you should be prompted to enter the root or admin password. Then they will ask you for information about the user you're adding - I've left this part blank since it's not relevant to making my project work. If I were doing this for a company, I would be entering user information to specify who the user account was made for.
Once you've added all the users you would like to add, move on to the next step.
***Please note that if you are creating more than one user, and you want all of your users to be able to easily access the servers, you would then also need to add a group, and add the users to that group. I do not need to do this for this project, so I am not describing that process here.***
4. Backup Passwd File and Change User's Home Directory
Now we're going to make sure your newly created users can't access the rest of the system and wreak unimagineable havoc for other users, should you ever implement such a thing at work with actual human users.
First, copy the /etc/passwd file in case you make a mistake. This way, you still have access to your original file and can just reverse the copying process to restore the original settings. The command "cp" means copy. Here's how I did it:
cp /etc/passwd /etc/passwd.original
When you edit files, you will need to use editor software of some sort. Ubuntu 15.10 comes with "Nano" preinstalled. I prefer to use something called "Vim", which is what I'll be using here. If you're using a different editor than "Vim", you'll need to adjust your commands accordingly. For example:
Type the following into the command line (and again, note the differences for your preferred editor):
sudo vim /etc/passwd
Now you should see a colourful series of lines of text. At or near the bottom of the list, you should see the names of your new users at the far left of the screen. Each colon (:) separates a different field. First, the username. Then the "x" is sort of a throwback to the old days, when a hash of the password would appear in this file. I can't tell you exactly what the next two numbers mean, but they are used to identify your user in the system one way or another. If you did not enter user information, like me, you'll see three commas, then something like "/home/username:/bin/bash".
If you're using Vim, use the arrow keys to navigate the cursor where you want to edit, and press <insert> to begin editing. You're going to change the end of the line for your user(s) that we were just discussing, like so:
Original:
:/home/username:/bin/bash
New:
:/srv/ftp:/bin/bash
When you are finished editing, press the <Esc> key a couple of times for good measure - this will take you out of editing mode in Vim. Then use one of the following commands:
To save:
:w <Enter>
To exit:
:x <Enter>
To exit WITHOUT SAVING:
:q! <Enter>
In other FTP servers, you would use /bin/false instead, but VSFTPD requires bash to run in the background as an oddity.
***I chose to only change the home directory for one of my users since I will not be creating a group. You could still restrict all of them to the FTP server this way without making a group and using the command "symlink" instead to redirect them, but applying that is beyond the scope of this tutorial.***
5. Configure VSFTPD
3. Add Users
First we're going to add the users. We will be adding them as potential users for the entire system, and then restricting their access later. My instructor has specified that I name my users "wsc1", "wsc2", et cetera. You can choose more creative names for your users, obviously - just replace "wsc#" with whatever username you prefer. Here's how to do it:
sudo adduser wsc1
If you're logged in as root, you won't need to use the "sudo" command. After pressing enter, you should be prompted to enter the root or admin password. Then they will ask you for information about the user you're adding - I've left this part blank since it's not relevant to making my project work. If I were doing this for a company, I would be entering user information to specify who the user account was made for.
Once you've added all the users you would like to add, move on to the next step.
***Please note that if you are creating more than one user, and you want all of your users to be able to easily access the servers, you would then also need to add a group, and add the users to that group. I do not need to do this for this project, so I am not describing that process here.***
4. Backup Passwd File and Change User's Home Directory
Now we're going to make sure your newly created users can't access the rest of the system and wreak unimagineable havoc for other users, should you ever implement such a thing at work with actual human users.
First, copy the /etc/passwd file in case you make a mistake. This way, you still have access to your original file and can just reverse the copying process to restore the original settings. The command "cp" means copy. Here's how I did it:
cp /etc/passwd /etc/passwd.original
When you edit files, you will need to use editor software of some sort. Ubuntu 15.10 comes with "Nano" preinstalled. I prefer to use something called "Vim", which is what I'll be using here. If you're using a different editor than "Vim", you'll need to adjust your commands accordingly. For example:
- To open the configuration file in Nano:
- sudo nano /etc/vsftpd.conf
- To open the configuration file in Vim:
- sudo vim /etc/vsftpd.conf
Note that entering the name of the editor specifies which one you want to use. And be aware that commands for saving and exiting the editor are different in different editors, so if you're not using Vim, you'll need to use the appropriate commands for the one you choose. If you want to make sure you have Vim installed so you can follow along with me directly, type the following into the prompt to install:
sudo apt-get install vim
sudo vim /etc/passwd
Now you should see a colourful series of lines of text. At or near the bottom of the list, you should see the names of your new users at the far left of the screen. Each colon (:) separates a different field. First, the username. Then the "x" is sort of a throwback to the old days, when a hash of the password would appear in this file. I can't tell you exactly what the next two numbers mean, but they are used to identify your user in the system one way or another. If you did not enter user information, like me, you'll see three commas, then something like "/home/username:/bin/bash".
If you're using Vim, use the arrow keys to navigate the cursor where you want to edit, and press <insert> to begin editing. You're going to change the end of the line for your user(s) that we were just discussing, like so:
Original:
:/home/username:/bin/bash
New:
:/srv/ftp:/bin/bash
When you are finished editing, press the <Esc> key a couple of times for good measure - this will take you out of editing mode in Vim. Then use one of the following commands:
To save:
:w <Enter>
To exit:
:x <Enter>
To exit WITHOUT SAVING:
:q! <Enter>
In other FTP servers, you would use /bin/false instead, but VSFTPD requires bash to run in the background as an oddity.
***I chose to only change the home directory for one of my users since I will not be creating a group. You could still restrict all of them to the FTP server this way without making a group and using the command "symlink" instead to redirect them, but applying that is beyond the scope of this tutorial.***
5. Configure VSFTPD
On with the configuration! Remember the note earlier about your preferred editor. You may also want to make a backup copy in case of errors, using the same method as above and just changing to the appropriate file names. To configure VSFTPD, enter:
sudo vim /etc/vsftpd.conf
When the file loads, you'll see that the configuration file consists of many lines of text. Most of these lines have a hashtag at the beginning of the line; this is used to indicate a comment, which is not an applied setting in configuration. Anything that is a complete sentence (with grammatically correct capitalization and punctuation) needs to remain as a commented file, since your computer cannot understand English (or whatever your preferred natural language is). The statements with the equal sign indicate a setting, and you can delete the hashtag to apply the setting.
There are many, many different ways that VSFTPD can be configured to work, even with the same functional goal in mind. This is simply how I have it set up so that it works for me. If you want to learn more about VSFTPD configuration settings, you can find some excellent documentation by typing the following into the command line - but be sure you've exited the configuration file and accessed the command line, first:
man vsftpd.conf
That will bring up the "manual" file for vsftpd configuration. If you choose to look at it, you'll notice that there are many settings listed here that don't appear in your default configuration file. You add them simply by adding them in in the .conf file, as we will do with one setting momentarily (assuming your default configuration file is the same as mine).
Anyway, back to the configuration file. Here are the uncommented settings I have applied to my system, and they do work on the setup I have in place:
You should see "Index of/" at the top of the page, with your newly created file underneath. If you don't receive an error message, you have successfully connected to to the FTP server, and should be able to view the file you've placed on the server. However, your user cannot yet place files on the server - we'll get to that in Part Three.
For now, go back to your server machine.
There are many, many different ways that VSFTPD can be configured to work, even with the same functional goal in mind. This is simply how I have it set up so that it works for me. If you want to learn more about VSFTPD configuration settings, you can find some excellent documentation by typing the following into the command line - but be sure you've exited the configuration file and accessed the command line, first:
man vsftpd.conf
That will bring up the "manual" file for vsftpd configuration. If you choose to look at it, you'll notice that there are many settings listed here that don't appear in your default configuration file. You add them simply by adding them in in the .conf file, as we will do with one setting momentarily (assuming your default configuration file is the same as mine).
Anyway, back to the configuration file. Here are the uncommented settings I have applied to my system, and they do work on the setup I have in place:
- listen=NO
- listen_ipv6=YES
- anonymous_enable=NO
- local_enable=YES
- write_enable=YES
- dirmessage_enable=YES
- use_localtime=YES
- xferlog-enable=YES
- connect_from_port_20=YES
- chroot_local_user=YES
- allow_writeable_chroot=YES
- secure_chroot_dir=/var/run/vsftpd/empty
- pam_service_name=vsftpd
- rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
- rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
- ssl_enable=NO
The bit about "allow_writeable_chroot=YES" is in a larger font because you will need to enter it manually if you are setting up with the same versions of Ubuntu and VSFTPD that I am. I put it on the line immediately below "chroot_local_user" so it would be easy to find, but you can put it anywhere in the file as long as it has its own uncommented line.
Once you've finished editing your configuration file, save and exit. After you've saved the changes, you'll need to restart VSFTPD for them to be applied. To do this, type:
sudo service vsftpd restart
Great! You should have a working file server now.
6. Add a Touch File and Test User Access to File Server
First, we'll put a touch (empty) file on the file server. Here's how to do it, from the command line. First, access the file server:
cd /srv/ftp
Next, add the touch file;
sudo touch FTPfile
The final word in that string is the name you wish to give your file - choose whatever you like best. If you want to edit that file, you can open it using your editor and enter in anything you like, save, and exit.
Now it's time to make sure your user can access the file server. To do this, first find your server machine's IP address. Type the following into the command line:
cd /srv/ftp
Next, add the touch file;
sudo touch FTPfile
The final word in that string is the name you wish to give your file - choose whatever you like best. If you want to edit that file, you can open it using your editor and enter in anything you like, save, and exit.
Now it's time to make sure your user can access the file server. To do this, first find your server machine's IP address. Type the following into the command line:
ifconfig
The string of numbers following "inet addr:" will be your IP address. In my case, it's 10.153.10.53 - there will be four numbers separated by periods.
Now, go to a different computer on your network, one that has a GUI installed. Pull up Chrome or another web browser, and type the following into the address bar:
ftp://your.server.ip.address
(This looks like ftp://10.153.10.53 on my machine.)
A window should appear requesting you to enter your username and password. Enter the name and password of a user you've allowed access to your FTP server in the appropriate fields, then press <Enter>.
You should see "Index of/" at the top of the page, with your newly created file underneath. If you don't receive an error message, you have successfully connected to to the FTP server, and should be able to view the file you've placed on the server. However, your user cannot yet place files on the server - we'll get to that in Part Three.
For now, go back to your server machine.
7. Move Web Server Index to FTP Server Directory
Since we jailed our user to the directory where the FTP server is located, it makes things easier for that user to access if we put the Apache server into the same directory. In an enterprise situation, it's *possible* that you might want some people to have access to only one or the other, but it seems a fairly unlikely scenario - if that is the case, though, this guide simply will not provide you with the information you need.
First, we need to make a directory in the FTP server to hold the web server. To do this, enter the following at the command line:
sudo mkdir /srv/ftp/www
Now that you have somewhere for your web server to go, let's put it there!
***PLEASE NOTE THAT WE WILL BE ENTERING A VERY SENSITIVE FILE ON YOUR SYSTEM THAT GOVERNS HOW THE COMPUTER BEHAVES. IF YOU THINK FOR ANY REASON THAT YOU HAVE ACCIDENTALLY CHANGED ANY OF THE PRE-EXISTING TEXT, EXIT WITHOUT SAVING!!!
OTHERWISE, YOU WILL NEED TO START OVER WITH RE-INSTALLING THE OS!!!***
To move the web server contents, we are going to use a file called "/etc/fstab". As mentioned above, you do NOT want to make any changes to the existing text. Before you press the <Insert> key, use the arrow keys to go to the very end of the existing block of text. Press the down and right arrow keys a few extra times just to be sure. Then, press <Insert> and hit the <Enter> key a few times so that you're far away from the existing text and therefore unlikely to accidentally edit it. Now, let's get into this dangerous place and do some work. Enter the following at the command line:
sudo vim /etc/fstab
On your new line, enter the following string of text. Do not use the <spacebar> key between any section - instead, use the <Tab> key.
/var/www/html /srv/ftp/www none rw,bind 0 0
Check, double check, triple check, however many times you need to - and make sure that you've correctly entered this string of text. The first field represents the old location of your web server, the second one is where you want it to go, and the rest are beyond the scope of this guide, but necessary for proper implementation.
If at any point you're unsure if you might have accidentally changed anything in the original text, just close without saving.
When you're satisfied that you've added the new line correctly without changing anything else, save, and exit.
Congratulations, you should now have a working FTP server - and you're really close to having a functional web server, too! Ok, the web server already works, it just doesn't have anything on it yet. :)
Since we jailed our user to the directory where the FTP server is located, it makes things easier for that user to access if we put the Apache server into the same directory. In an enterprise situation, it's *possible* that you might want some people to have access to only one or the other, but it seems a fairly unlikely scenario - if that is the case, though, this guide simply will not provide you with the information you need.
First, we need to make a directory in the FTP server to hold the web server. To do this, enter the following at the command line:
sudo mkdir /srv/ftp/www
Now that you have somewhere for your web server to go, let's put it there!
***PLEASE NOTE THAT WE WILL BE ENTERING A VERY SENSITIVE FILE ON YOUR SYSTEM THAT GOVERNS HOW THE COMPUTER BEHAVES. IF YOU THINK FOR ANY REASON THAT YOU HAVE ACCIDENTALLY CHANGED ANY OF THE PRE-EXISTING TEXT, EXIT WITHOUT SAVING!!!
OTHERWISE, YOU WILL NEED TO START OVER WITH RE-INSTALLING THE OS!!!***
To move the web server contents, we are going to use a file called "/etc/fstab". As mentioned above, you do NOT want to make any changes to the existing text. Before you press the <Insert> key, use the arrow keys to go to the very end of the existing block of text. Press the down and right arrow keys a few extra times just to be sure. Then, press <Insert> and hit the <Enter> key a few times so that you're far away from the existing text and therefore unlikely to accidentally edit it. Now, let's get into this dangerous place and do some work. Enter the following at the command line:
sudo vim /etc/fstab
On your new line, enter the following string of text. Do not use the <spacebar> key between any section - instead, use the <Tab> key.
/var/www/html /srv/ftp/www none rw,bind 0 0
Check, double check, triple check, however many times you need to - and make sure that you've correctly entered this string of text. The first field represents the old location of your web server, the second one is where you want it to go, and the rest are beyond the scope of this guide, but necessary for proper implementation.
If at any point you're unsure if you might have accidentally changed anything in the original text, just close without saving.
When you're satisfied that you've added the new line correctly without changing anything else, save, and exit.
Congratulations, you should now have a working FTP server - and you're really close to having a functional web server, too! Ok, the web server already works, it just doesn't have anything on it yet. :)
No comments:
Post a Comment