[waffffffle]

I just installed mandrake 9.1 on a PC to use as a webserver (was running apache on windows but I couldn't get PHP to work so I gave up). The mandrake install still sucks compared to OS X but I am having real trouble getting samba sharing to work at all (i need to make it share the web server).

I have the following in my samba.conf file:

[htdocs]
comment = Webserver
path = /var/www/html
valid users = colonial root
read only = No

colonial is the name of the account on the computer. my problem is that I can't log in from OS X (or windows for that matter). does samba use the same passwords as the user accounts? If not how do I set the passwords? What do I enter for DOMAIN/WORKGROUP in the finder when connecting to the server? thanks.

[utidjian]

Originally posted by waffffffle:
I just installed mandrake 9.1 on a PC to use as a webserver (was running apache on windows but I couldn't get PHP to work so I gave up). The mandrake install still sucks compared to OS X but I am having real trouble getting samba sharing to work at all (i need to make it share the web server).

I have the following in my samba.conf file:

[htdocs]
comment = Webserver
path = /var/www/html
valid users = colonial root
read only = No

colonial is the name of the account on the computer. my problem is that I can't log in from OS X (or windows for that matter). does samba use the same passwords as the user accounts? If not how do I set the passwords? What do I enter for DOMAIN/WORKGROUP in the finder when connecting to the server? thanks.

1) At or near the top of your smb.conf file there is a section called [global] with a line that should read:

workgroup = MYGROUP

where MYGROUP is whatever you want it to be (WORKGROUP, HOMEGROUP, WEBGROUP, whatever). It should match the workgroup setting on your Windows or Mac OS client.

2) Further down in the smb.conf file should be a line that reads:

security = user

leave it that way or make it that way.

3) Later there should be lines that read:

encrypt passwords = yes
smb passwd file = /etc/samba/smbpasswd

on your system the smbpasswd file may be somewhere else... wherever it is, point the "smb passwd file =" line to that file, ferinstance:

smb passwd file = /etc/smbpasswd

4) There should also be a line that reads:

username map = /etc/samba/smbusers

in this file there will be entries that map Linux/Unix users to Samba users. In your case there should be an entry:

colonial = colonial

again it should point to wherever your smbusers file is.

5) You have to set the smbpasswd for user colonial. Make this the same password as colonial has on the Windows/Mac OS client. You use the command (as root) on the Samba server like this:

smbpasswd -a colonial

then input the password for user colonial. See the manpage for smbpasswd for more info.

6) At this point you should stop and start the Samba service so that it loads an changes you made to the configuration like this:

service samba restart
or
service smb restart

7) The /var/www/html folder or subfolders under that need to be read/write/execute for the user colonial. Preferably owned by that user.

8) Now test the configuration from one of your client machines. The workgroup should be whatever you set it as above. Same for the username and password.

You may find it easier to use webmin (http://www.webmin.com) or SWAT to administer your server. I recommend webmin over SWAT.

In fact... you don't need to run a Samba server at all. For Windows clients you could use WinSCP (http://winscp.vse.cz/eng/) and for Mac OS clients MacSSH (http://pro.wanadoo.fr/chombier/index.html) or niftytelnet (http://www.lysator.liu.se/~jonasw/freeware/niftyssh/) OR just use the scp command that comes with Mac OS X.

[waffffffle]

THANK YOU!! It works perfectly now.

Webmin is actually installed but I have no idea how to use or access it. Do you know how I could get it working?

Also, I can't figure out where the regular httpd.conf file is for me to edit. There are a bunch of those files but I can't find the regular one.

Thanks again.

[utidjian]

Originally posted by waffffffle:
THANK YOU!! It works perfectly now.

Webmin is actually installed but I have no idea how to use or access it. Do you know how I could get it working?

Also, I can't figure out where the regular httpd.conf file is for me to edit. There are a bunch of those files but I can't find the regular one.

Thanks again.

Amazing!! ;-)

It should be startable by (as root):

service webmin start

The URL to access it should be something like:

http://your.ip.address:10000

If you have SSL configured for webmin (highly recommended):

https://your.ip.address:10000

You should be reading: http://www.webmin.com/index2.html documentation.

Your webserver config file should be in
/etc/httpd/conf/httpd.conf
On a linux system all global config files are in /etc/ (or should be!!).

According to the FHS ONLY non-binary scripts and plain text config files go in /etc/. See: http://www.pathname.com/fhs/2.2/ for more info. Unfortunately many Unix/Linux distributions (including Mac OS X) stray from the standard quite a bit. There is also plenty of leeway in how things can be configured on your system. For the most part... Linux distributions like Red Hat, Mandrake, Gentoo, and Debian stick pretty close to the standard. Most BSDs do also.

In any case... the scripts that start and stop services on your MDK box are in /etc/rc.d/init.d/ Take a look around in there and read some of the scripts. It will show you where they are looking for their config files. To set services to start and stop automatically read the manpage for chkconfig.

There may be easier to use GUI tools for configging all this on MDK but I don't use MDK... I DO know what commands work though.

[waffffffle]

Well actually I think I spoke a bit too soon. My problem is with permissions and owners. It seems that I am causing problems for myself but using different users for things. I log in as root over SSH because I can't stand that my first and only account that I created on the computer (colonial) doesn't have sudo privelage and its damn near impossible to figure out how to give it that ability.

I'm logging into the samba share as colonial so I am unable to save some files and some of my php scripts have permissions issues because files have different owners (the apache user runs the scripts I believe). What's the best way to fix this? What user should I use to log over SMB?

Also, webmind kind of sucks. None of the modules are configured and I have no idea how to configure them because I don't know where anything is in linux. I like the Mac OS X file structure much better since I can actually figure out what I'm doing.

Thanks again for the help.

[waffffffle]

also, you wouldn't know how I could get pico on this linux system would you? I can't stand emacs for quick editing of files but pico is nowhere to be found.

[utidjian]

Originally posted by waffffffle:
also, you wouldn't know how I could get pico on this linux system would you? I can't stand emacs for quick editing of files but pico is nowhere to be found.

The command to install pico (or nano) should be as simple as:

urpmi pico
or
urpmi nano

[utidjian]

Originally posted by waffffffle:
Well actually I think I spoke a bit too soon. My problem is with permissions and owners. It seems that I am causing problems for myself but using different users for things. I log in as root over SSH because I can't stand that my first and only account that I created on the computer (colonial) doesn't have sudo privelage and its damn near impossible to figure out how to give it that ability.

I'm logging into the samba share as colonial so I am unable to save some files and some of my php scripts have permissions issues because files have different owners (the apache user runs the scripts I believe). What's the best way to fix this? What user should I use to log over SMB?

Also, webmind kind of sucks. None of the modules are configured and I have no idea how to configure them because I don't know where anything is in linux. I like the Mac OS X file structure much better since I can actually figure out what I'm doing.

Thanks again for the help.

OK I think you have run into one of the (many) reasons I don't use MDK. There is (IIRC) a cronjob on MDK that recurses through the non-/home folders on your system each night and fiddles with the ownership and permissions of the directories an files. This is supposed to make the system more secure. I am rather doubtful of its utility.

This can be OK for static HTML files but for dynamic PHP scripts it can really foul things up. How to sort this all out on an MDK system may be a bit of a headache... but doable. Since I don't run an MDK system I can't tell you exactly what needs to be done... I CAN tell you what I do.

Most files and folders under /var/www/html on my webservers are owner=root, group=root with permissions 0744 (octal for -rwxr--r--). The subfolders that contain PHP scripts and ALL files within those folders are owner=apache, group=apache (so that the webserver which runs as user apache can access those files and run them) with permissions 0755 (octal for -rwx-r-xr-x). This is quite easy to maintain... I just have to remember to run:

cd /var/www/html
chown -R apache:apache php-folders
chmod -R 0755 php-folders

This may seem like a hassle but one usually doesn't change those files all that often on a production system. If you are doing development work then the PHP stuff should be tested in /home/colonial/www (you will also have to set the httpd.conf file to look there). The URL would then be: http://your.server.ip/~colonial

Linux does have sudo and it is usually installed by default. Most Linux sysadmins I know don't bother with it. They usually do login as their regular username via ssh or on console then:

su -

That shell with then have root privs.
As usual, the way to configure who can use sudo is set somewhere in /etc. The file is /etc/sudoers. Please read the manpage for that file and any comments that may be in the file already. To make things a little easier for you there are several commands in Linux that are indispensable... especially if you are new to it... more experienced hands use them all the time. Try:

man -k sudo
or
apropos sudo
or
locate sudo | less

I think you will find what you were looking for. The basic syntax is:

man -k keyword
or
apropos keyword

these also work in Mac OS X.

The biggest problem with the permissions issue is the MDK cronjob that recurses through the folders and changes them around.


The problme you are having with webmin is not really webmins problem. I am guessing that MDK installed a very plain vanilla version and configuration by default. If you can log in to the webmin interface via a browser everything can be done via that interface.

Once you are logged in to webmin the the first thing you should choose is Webmin Configuration --> Upgrade Webmin hten in the upper right panel check "Latest version from www.webmin.com" and check "Check GnuPG signature on package?" then click on the Upgrade Webmin button. This may take a while.

When that is done... log back in to webmin and navigate back to the Upgrade Webmin page... on the panel beneath Upgrade Webmin called "Update modules now" check "Update from www.webmin.com" and check "Install modules that are not currently installed" then click on the button Update Modules... this may also take a while.

Once that is all done you should have all the right stuff in all the right places. As you navigate around the webmin pages... if a module is NOT yet configured and/or if it is configurable a tab should appear near the top of the page that module is in called (not surprisingly) "Configure Module"... click on that. If the module has never been configured before the system will usually prompt you to configure it.

As with all root enabled configuration tools, please be very very careful. Webmin will NOT ask you if you really really want to do something before it does it. Once you click the "Save" button in a configuration... it WILL do it... no more questions asked.

Heh... I know exactly how you feel about the file structure... if is is any consolation... I was almost completely lost at first in the Mac OS X filesystem when I first started using it.

[waffffffle]

I was hoping to use one user for everything because I have my php scripts mixed right in with the rest of my html files. I want to be able to connect via samba and modify files however I like without worrying about fixing the permissions later. Can I connect as apache using samba? I've tried messing with the sudoers file and it was very confusing. I'm thinking that I should have installed BSD on this computer instead of mandrake but I don't know of any BSD distributions that are (easy).

[utidjian]

Originally posted by waffffffle:
I was hoping to use one user for everything because I have my php scripts mixed right in with the rest of my html files. I want to be able to connect via samba and modify files however I like without worrying about fixing the permissions later. Can I connect as apache using samba? I've tried messing with the sudoers file and it was very confusing. I'm thinking that I should have installed BSD on this computer instead of mandrake but I don't know of any BSD distributions that are (easy).

Yes you can connect via Samba using apache as the user. Note, however, you will not (and should not) connect via ssh and get a shell as user apache. Remember to add user apache to smbusers and do an smbpasswd -a apache. When you connect via Samba from you Windows or Mac OS X client box remeber you will have to connect as user apache and specify the Samba password you gave to apache. You should not have to set a regular password for user apache on the Linux box.... just the Samba password.

By default user apache should be be dumped in to /var/www (adjustable) and you may want to fiddle with the default directory perm settings and file perm settings in the smb.conf file. Lemme know if you need to.

[begin opinion]
Personally, I would have gone with Red Hat as the server. IMO easier to install than MDK, more stable, easier to configure, and less wierdness. MDK is fine as a newbie desktop.
BSD install is only part of the battle... then you have to configure it. It gives you no advantage there over Linux. The filesystem layout is essentially identical to Linux.
[end opinion]

[waffffffle]

I guess you're right. However OS X initial configuration seems so much more intelligent to me than linux. Have an admin user with sudo privileges seems like a great idea. I use my one user account in OS X to do EVERYTHING and it works perfectly. I just sudo to do some stuff. No need to have certain files owned by www or root or whatever.

I chose Mandrake because I had heard good things about it's server capabilities, although I'm not a linux user so its all the same to me. Also in my little experience with Red Hat I got hte impression that it would be harder for me to install and get running. I once tried to get YDL running on my 6400 and after several attempts I got it up and it sucked. No graphical login and SO SLOW. I had trouble setting everything up with Mandrake (the online documentation was outdated and referred to the wizdrake package by different names, making it harder to find, even though it was supposed to be installed for me). The whole install took several hours. Setting up a Mac to run OS X as a server would have taken an hour (install OS X off CD, install MySQL and PHP double-clickable packages off the internet).

[utidjian]

Originally posted by waffffffle:
I guess you're right. However OS X initial configuration seems so much more intelligent to me than linux. Have an admin user with sudo privileges seems like a great idea. I use my one user account in OS X to do EVERYTHING and it works perfectly. I just sudo to do some stuff. No need to have certain files owned by www or root or whatever.

I chose Mandrake because I had heard good things about it's server capabilities, although I'm not a linux user so its all the same to me. Also in my little experience with Red Hat I got hte impression that it would be harder for me to install and get running. I once tried to get YDL running on my 6400 and after several attempts I got it up and it sucked. No graphical login and SO SLOW. I had trouble setting everything up with Mandrake (the online documentation was outdated and referred to the wizdrake package by different names, making it harder to find, even though it was supposed to be installed for me). The whole install took several hours. Setting up a Mac to run OS X as a server would have taken an hour (install OS X off CD, install MySQL and PHP double-clickable packages off the internet).

Of course I am right, it was my opinion after all ;-) That will always be "right" for me and by definition, yours will be right for you.

Do you mean more intelligent or more intelligible? Also there are many Linux install routines even within a given distribution. Some are GUI, some are text based... they range from incredibly complicated to incredibly simple.

There has been much debate over the years over which is better to use, sudo or su. Personally, I prefer the clear separation of root or admin from regular user. I can work with either one. Red Hat does the same thing as Mac OS X when it comes to their GUI config tools... a dialog pops up, asks for the root password, and proceeds from there. They have a little "keychain" icon that appears in the panel to let you know that you have a rootly app open. After a few minutes this times out... just like sudo. Same thing with webmin.

Red Hat and Mac OS X are just as forgiving as regards file ownership in the Apache setup. It is Mandrake that seems to have a problem. The permissions setting are a different matter and unless you take steps to make sure things are the way you want them it can get screwed up in any OS. Mac OS X users have this problem from time to time also. It is really a combination of ownership and permissions. IIRC correctly... back in the day, Apache used to run as root so it didn't really matter who owned the files and what the permissions were. Convenient but also convenient for crackers... hence Apache runs as user apache with very limited privs. On Mac OS X Apache runs as user www and group www. On either OS it is set in the httpd.conf file. You could set it to run as user colonial... but that still wouldn't stop MDK from fiddling with the files. AFAIK only MDK does this. I think it is something they inherited from Bastille.

I agree about YDL. I have used YDL on and off for almost 4 years. Sometimes it goes in easy... sometimes not... sometimes not at all. They have improved a lot from when I first tried it. At the time I found it to be MUCH faster than Mac OS 9 or Mac OS X. Not sure why you found it to be slow except a 6400 is kind of a minimal system... I doubt it runs OS X all that well either (if at all). I have also tried SuSE-PPC and MDK-PPC. Both were OK. Did you try installing MDK on a Mac? I did on a slot loading iMac. Was fairly easy to install but a lot of apps were broken. Next Linux I try on PPC will be Gentoo... takes ages to install mainly because it builds most every single thing from source... but it is supposed to run very well once done.

For a casual or first time user Linux can certainly be awkward... as can any OS one is not familiar... no big revelation.

For me, a Red Hat server takes 15 minutes to install, start to finish, nothing extra to click on or download. To be fair though... both of us would have to download and install the most recent updates which can take a long time in any case. The documentation for Red Hat is extensive and very comprehensive... MUCH more so than for Mac OS X. The documentation for Mac OS X server has improved a LOT over the four years I have been using it though there is still plenty of room to catch up.

Kinda like... I like Chevy instead of Ford, Mercedes instead of BMW... whatever. YMMV

Anyhow... the problem is... is getting your PC that you want to use as a server running reliably as a server using Linux. I htink the easiest way for you to do this would be to use webmin for all your configuration stuff. As far as accessing the system from a Mac client there are several ways to do this. One of them is Samba, another is SCP, another is netatalk, another would be NFS. From a Windows client there is Samba, WinSCP, and some sort of NFS. As far as permissions weirdness with MDK you should talk to an MDK user and find out what they do. I have had enormously bad luck with MDK and I don't have it on any current systems.

[utidjian]

OK (phew)... found the stuff you need to read up on regarding the security stuff on MDK. See: http://www.mandrakesecure.net/en/docs/msec.php

I think it is run from a sript somewhere in /etc/cron.daily/.

I am guessing you chose security level 3 (or higher) during install, yes?

Now that I have read that document... I think msec is a basically neat idea as stated. As long as one knows and understands what is happening and how to adjust it... AND it follows the docs then it can help prevent many mistakes.

BTW you would have had much the same problem if Mac OS X was the server and you were installing files with incorrect permissions set as the non-web user. The difference is MDK may be changing them on you even though you did set them correctly.

[waffffffle]

OK so I did this, looking for these cron things:

[root@colonial]# locate cron | grep msec

and I got:

/etc/cron.daily/msec
/etc/cron.hourly/msec

So how do I turn these things off? I really don't know anything about cron except that it can do things automatically. these things look like shell scripts (also something I don't know too much about). Can I just delete these files?

Now that you've explained why Red Hat is better I guess you're right about that one too. However the computer has now been moved into a networking closet and I am hoping to never have to look at it again. A couple of other students I know recommended gentoo but it seemed too bleeding-edge for my purposes. They both didn't like Red Hat.

I tried the YDL install on my 6400 about 18 months ago using the most current YDL at the time. The machine definitely is underpowered and will not run OS X.

Webmin is intimidating because I don't know how to configure it properly. I'll look into that when I have more time. I have a big final on Friday afternoon, and then I go home and I'll have plenty of time before work starts to mess with it.

Thanks for all your help.

[utidjian]

Originally posted by waffffffle:
OK so I did this, looking for these cron things:

[root@colonial]# locate cron | grep msec

and I got:

/etc/cron.daily/msec
/etc/cron.hourly/msec

So how do I turn these things off? I really don't know anything about cron except that it can do things automatically. these things look like shell scripts (also something I don't know too much about). Can I just delete these files?

Now that you've explained why Red Hat is better I guess you're right about that one too. However the computer has now been moved into a networking closet and I am hoping to never have to look at it again. A couple of other students I know recommended gentoo but it seemed too bleeding-edge for my purposes. They both didn't like Red Hat.

I tried the YDL install on my 6400 about 18 months ago using the most current YDL at the time. The machine definitely is underpowered and will not run OS X.

Webmin is intimidating because I don't know how to configure it properly. I'll look into that when I have more time. I have a big final on Friday afternoon, and then I go home and I'll have plenty of time before work starts to mess with it.

Thanks for all your help.

Yep those are the cron files. The ones in cron.daily get run every day, the ones in cron.weekly run every week. There is also, usually, a cron.hourly and a cron.monthly. To list all the files packaged with msec you can:

rpm -ql msec | less

or to see all the nitty-gritty:

rpm -qil msec | less

Now you may notice at the bottom of the list of files that there are two log files, /var/log/security and /var/log/security.log which are probably only readable by root. Take a look at those files. They should tell you exactly what msec has been up to on your system. It may turn out that it wasn't molesting any of your files at all.

I wouldn't just delete the files outright. It would probably be better to just learn how to use the utility since it seems to be a fairly fundamental part of the security setup on MDK. Perhaps set it to a lower level than highest (levels 4 & 5). There should be some sort of GUI thing for security management in one of the menus or whatever.

Another option would be to remove msec altogether:

rpm -e msec

should do it, though it may complain.

In either case you will lose all benefits of using msec.

The reason I suggested webmin is that it is just about the easiest to use GUI frontend to system configuration and maintenance I know of. It has even been ported to Mac OS X. I have it installed on my Mac OS X servers and it works well. Webmin is very comprehensive and at first look it may seem that there are an overwhelming number of options... but you only need to use the ones that concern you and what you want to do. For most of the modules there is context sensitive help... as a "Help" tab and/or a "Search docs..." tab.

As I think I suggested before... you should talk to the people that recommended MDK to you. Presumably they have done all this before and will be able to show and explain what to do. You should also try the Mandrake forums at
http://www.mandrakeclub.com/modules....e=Splatt_Forum

Almost forgot to add a link...
http://www.swelltech.com/support/web...1.0/index.html
is a pretty good manual on all the webminisms.

[waffffffle]

Thanks. After some work I got webmin configured a little bit. I still have a way to go until it works completely, however I have my site working well enough right now that I no longer need to muck with anything (at least for now). Thanks for all the help.

Oh, I just want to add that I set up an old iMac (rev C) running 10.2 (client) yesterday and put it in the same networking closet as the mandrake server. There is a world of difference in the setup. The only annoyance was having to go out and get graphical installers for PHP, MySQL, X11 and VNC. Besides that (which was all EASY stuff) the setup was a breeze. This OS X site will be up and running much faster than the mandrake one. Although I haven't tried getting sendmail working yet. That was a pain for me on my own computer.