Hi guys,

so – this is new for this blog and also new for me Here’s my first videoblog for klein2. Enjoy it!

Ciao
Dennis

Tweet This Post Digg This Facebook Reddit

Good morning,

I’ve played with and tested different types of server OS in the last two weeks. You’ve noticed it; my very first installation (since switching away from Debian) was Windows Server 2008. It was nice and fast, but an evalution. Then we (yeah that’s me and my wife) had the idea that using an Exchange Server at home could be very nice. So I spend another few days with poking around with Windows Server 2003 SBS that we already had and next with Windows Server for Small Business 2008 (x64) as another evaluation copy. Not to mention that it was a horrible act to keep backup of our content. In the end, anything failed extremely and made a strike through the bill (not sure if I can really translate this saying into english, but in German it means, that the plan has failed).

The most important thing for the server should be file storage. Secure file storage! Well, using Windows Server allowed me to use the onboard RAID0/1 controller to create a mirror of 2x 1TB drives. Nice, but.. I wanted to go to RAID5 and there’s also the costs. Not just for a good RAID card which costs around 350 – 400 Euro (PCIexpress, 3ware), no it’s also the licence for a Windows Server which is pretty expensive. Too expensive for a server that serves just 7 computers in our and the neighbours house.

So, I turned to Google and typed “Good OS for a fileserver”, and guess what it said? FreeBSD. Sure, FreeBSD… I tried that years ago – as desktop and it was nice and easy (compared to Linux very easy and much better structured), but it was never an OS that I would recommend for a desktop. Yes – that depends on the kind of applications that I run: Photoshop, Illustrator and so on. Nothing to go on FreeBSD here (please, don’t start discussing about GIMP – I like GIMP, but it’s NO WAY a replacement for Photoshop in my mind!).

Then I turned to an IRC channel where I often stayed in the last few years from time to time. It’s the IRC channel of the BSDGroup.de. (The IRC channel is #bsdgroup.de on irc.freenode.org (6667) if you would like to join, but it’s mainly in German). I snapped some keywords on ZFS and RAIDz. Hm.. ZFS? Isn’t this the groundbreaking new filesystem from SUN Microsystems? Yes! And it was ported to FreeBSD. Wow! I like SUN, I like their hardware which is very structured build (ever installed hardware into a SUN? That’s very similar to the Mac Pro – just easy to do!) and of course I fight with Java on my Cisco’s notebook every day . No, I like SUN – they have humor and do cool commercials which you can check out on YouTube.

So, looks like RAIDz is what I’m looking for. A superstable filesystem that allows me to creat a kind of RAID5 on software base without having to buy one of those superexpensive cards. And it’s secure – more secure than any other filesystem. Woah! Sounds way too good, doesn’t it? Sounds perfect for my server project.

Here we go!

First, I grabbed the AMD64 ISO of FreeBSD 7.1 from their server, of course the “Boot Only” disc, which is similar to the “netinstall” of Debian. Just put it in your drive, boot and install. I did the setup several times in the past, so I remeber easily how to install it and what to take care about. The system harddisk is still on the old format, XFS, it’s on my Samsung 250GB SATA-II disk. Fine so far. After installing, I had to reboot the machine and login as root afterwards. Hey! No nano? What the hell…?

Ha! Getting software on your FreeBSD machine is something kinda easy. If you’ve a well powered CPU inside your machine, I would recommend you to go with the Ports collection which downloads the sources of the tool you would like to install and compile it right for your machine which gives every tool the perfect addiction to your machine. So for example installing nano looks like…

carter# cd /usr/ports/editors/nano
carter# make install clean
...
carter# rehash

Let me explain it. You join the directory by testing out where something is, or – more easy, by using whereis.

carter# whereis nano
nano: /usr/ports/editors/nano

Oh – by the way: Carter is the name of the server. My wife wants it

You can go on and install different things on your server the same way. I also installed bash, because the shell that came with FreeBSD is not so nice in my eyes, also it requieres this “rehash” command after every installation. Bash not

Ok – time to go and add some more diskspace to the computer:

In the picture above, you can see the server with final installation. From top to bottom I’ve added:

- Seagate 200GB SATA-II (Part 1/2 of RAIDz “backup”) ZFS
- Seagate 200GB SATA-II (Part 2/2 of RAIDz “backup”) ZFS
- WD “Green” 1000GB SATA-II (Part 1/3 of RAIDz1 “storage”) ZFS
- WD “Green” 1000GB SATA-II (Part 2/3 of RAIDz1 “storage”) ZFS
- WD “Green” 1000GB SATA-II (Part 3/3 of RAIDz1 “storage”) ZFS
- Samsung 250GB SATA-II (System) XFS

The server had 4Gigs of RAM, which is badly needed. Running RAIDz requieres at least 1Gig of RAM!

So, I started with creating the “zpool” (RAID storage) with the help of those two nice sites. I was really impressed that it told me after less than 10 seconds, that my RAIDz1 (storage) was created.

Let me show you how it looks after filling it with our content:

carter# zpool list
NAME SIZE USED AVAIL CAP HEALTH ALTROOT
storage 2.72T 456G 2.27T 16% ONLINE -

errors: No known data errors

That looks good, doesn’t it? Here’s the overview by running the “df -h” command to display the free/used capacities in your system:

carter# df -h
Filesystem Size Used Avail Capacity Mounted on
/dev/ad10s1a 496M 245M 211M 54% /
devfs 1.0K 1.0K 0B 100% /dev
/dev/ad10s1e 496M 12K 456M 0% /tmp
/dev/ad10s1f 216G 15G 184G 7% /usr
/dev/ad10s1d 4.7G 21M 4.3G 0% /var
storage 1.8T 304G 1.5T 17% /storage

Maybe you notice the difference between the sizes. I think it has something to do with the size units (1000 or 1024MByte = 1GB / 1000 or 1024GB = 1TB). I was shocked yesterday morning when I say TOO MUCH free space on this array But when I woke up (and this could take some time in the morning), I got it.

Next step was to create the other array. I used my 2x 200GB drives for a backup for the most important data. This is a kind of “RAID1″ array. Of course, I had to try to remove the data cable from one of those disks to see if it works. Perfect! I was able to copy all data with 1 missing drive on each array!

carter# zpool status
pool: backup
state: ONLINE
scrub: scrub completed with 0 errors on Wed Jan 28 17:45:12 2009
config:

errors: No known data errors

What you see here is the “scrub”. Scrub means to check the disk after a dropout of one disk. That’s why it’s recorded here.

carter# zpool list
NAME SIZE USED AVAIL CAP HEALTH ALTROOT
backup 372G 27.8G 344G 7% ONLINE -

carter# df -h
Filesystem Size Used Avail Capacity Mounted on
/dev/ad10s1a 496M 245M 211M 54% /
devfs 1.0K 1.0K 0B 100% /dev
/dev/ad10s1e 496M 12K 456M 0% /tmp
/dev/ad10s1f 216G 15G 184G 7% /usr
/dev/ad10s1d 4.7G 21M 4.3G 0% /var
backup 183G 14G 169G 8% /backup

I’ve removed the “other” entry everytime here (backup/storage) to make clear which is the one I’ve just spoken about.

So – cool, but how to get the data onto those RAIDz pools? Well, NOT the same way I used when I ran Windows or Linux servers. A painpoint regarding FreeBSD is the damn slow connection while using Samba3. So I decided to do a double-life. Using FTP as main option for transfering large files to the server, but using Samba site by site with FTP for small documents or sharing stuff to a network player for TV for example. Yes, it’s slow but funnily, in a test we did yesterday with a borrowd box, I was able to stream FullHD content to our plasma withour drops

So – that about the server. Other equipment has been purchased for the home office since I last mentioned it here. First of all, here are some nice shots from the office at the attic (we moved upstairs before christmas because of different reasons, one was, that I used to use 2 desks and not just one, just too much equipment to place ).

You can see the new case where the server is now built in on the right side of the desktop. Oh! By the way, I used Vista for a few days, but now I’m back on OSX here, and honestly – good to be back home . Vista is better than I thought, but – I played around too much with everything, so it became on overkill and a waste of time. I spend too much time on “trying” except get things done, for example blogging .

This is a recent shot from last Tuesday. I was watching John Chambers keynote at the Cisco Networkers 2009 over the VPN connection to the Cisco network. Very nice! I also loved the session of Brian Cox, a particle physican of the CERN. I’m very interested in astrophysics and this combination of Cisco and astrophysics – very win/win for me! Unfortunaly, I don’t see a recording of those session on the site . Need to ask around if they exist and if they are available for public viewing.

By the way equipment. I really hope noone of Cisco is now angry about me, but sorry, I couldn’t affored 400 Euros into an 8 Port SoHo switch from Cisco, so I bought this HP Procurve 1800-8G, as recommended by Stefan.

But, no worries, Cisco, I also bought a new Wireless router and this time, I bought a Linksys, which is part of Cisco

Stacked together and in operation mode, it looks like this (well, today all ports are used )

Before I forget, I twittered about thinking about installing FreeBSD on my X41, hey – got this supersweet 12″ ThinkPad X41 Tablet a few days ago and I’m really happy with it

That’s it for today, it’s 7 minutes before 9 and I need to urgently boot the Cisco notebook, have a lot things to get done today.

Have it good!

Ciao
Dennis

Tweet This Post Digg This Facebook Reddit

Hi Guys,

so, no – it’s not that bad as the topic sounds. First of all, thanks for your comments to my last thread about moving our eMails to Google Mail.

Warning! If you are NOT intereseted in Mailservers at all, you should NOT read the following stuff.

What’s the point?
Well, Google Mail was nice. It has a calendar and a nice webinterface with a very good address book. It als fits nice into our Windows and Mac envoirment.

The bad thing is, leaving the comments from the last post about spying out my eMails and easy access for FBI, CIA, BKA ∧ BND (and so on…) by side, the painpoint was the speed of the applications and especially the speed of their IMAP-server. It’s a bit strange, because a friend told me, that it’s blazing fast for him (he also lives here in Germany and around the corner). Anyway. The next bad thing was the often dropping connection of the calendar. It’s very annoying if iCal tells you every 5 minutes that the connection is lost. Of course, when this happend 2-3x, you quit iCal (or whatever you use to work with the calendar), and you will get no updates from the other users, who are sharing their calendar with you.

Thinking about other solutions
We sat down yesterday and I used my new (used bought) ThinkPad X41 to make notices into MS OneNote (I love this tool! Thanks a lot for the tip, Stefan!).

We compared the following scenarios with each other:
(1) MS Exchange (Windows Server 2003 SBS)
(2) Scalix (CentOS 5 based)
(3) hMailServer (Windows Server as it is currently)
(4) leaving the eMails on the webserver

(1) MS Exchange – very nice solution. I must say, I love it when it comes to business. Working with it in combination with Outlook 2003 is very nice. It is more or less expensive (you can get this server version incl. Exchange 2003 for 400 Euros). We thought about installing a second server (PIII 1GHz with 512MB RAM) that I have laying around.

Pro
- iPhone support (Active Sync)
- same base as the other server (“guinan”)
- easy to do backups
- less system requirements (compared to Scalix (s. below))

Contra
- requires a fix IP (costs: 10 Euro / month additional)
- requires a 24/7 running server at home
- no native client on OS X (Entourage would be a way, but this would raise costs again + it is not as good as Outlook)
- webmail just runs fine on IE

(2) Scalix – I’ve already written a thread about Scalix. It’s a very nice interface and easy to install, handling seems to be a bit buggy, when I read a bit through their own forum. Costs are minimal. The server is available as a Community Edition which includes 5 Premium users for free. Also the recommended Linux is free available (CentOS).

Pro
- low costs
- runs fine on OS X
- Outlook plugin available (we use Windows on our notebooks)
- webmail works on every regular browser

Contra
- high system requirements (1 GHz + min. 1 GB RAM / that’s kind of a no-go since the 2nd server has just 2 RAM slots which can handle up to 256 MB RAM each)
- backups complicated (you’ll have to stop the whole system to do a backup)
- Outlook plugin is laggy
- requires a fix IP (costs: 10 Euro / month additional)
- requires a 24/7 running server at home
- RAID1 is NOT supported using Linux by mainboard limitations, a real RAID-controller would raise the costs about around about 200 Euros or more)

(3) hMailServer – This nice and small freeware works on the current server and don’t need a second one. Also, it is able to fetch eMails from an external mailserver and deliver it to different accounts. Costs are neutral, because no fix IP is requiered and also no 2nd server.

Pro
- does not need a fix IP (is able to redirect the eMails direct to an external “real” mailserver)
- Open Source, no costs
- does not require a 2nd server
- works on the current server OS, which means – full support for the RAID1 + backup drive. Every eMail will be stored on 3 disks when they were fetched into the local server)

Contra
- no calendar

(4) Leaving eMails on the external mailserver. I’m honest, it works fine and I was really about to do this step backward, but as described in my previous post, there is not good security for my eMails. Sure – the backup covers them, but I want it local. So, that’s also a no-go.

Conclusion
Wow – that are a lot of options to choose from. We used to select the No. 3, an hMailServer locally. Very low costs and the ability to switch off the server for a few days, when we are out of the house.

Before I started configuring this solution, I’ve painted a sketch of the messages workflow. I translated it into a “human-readable” Visio-sheet.

Wow! That must look confusing!

So, let me explain how it works

On the top, you’ll see “lorne”, our webserver. This is the home of the mentioned external mailserver and this baby has to do a lot! The blue cloud presents the Internet. A fetchmail fetches eMails from 7 different eMail accounts and puts it into a forwared, which forwards the messages to Spamfence to wash the Spam out. Spamfence sends the clean mails back to “lorne” into different user-accounts.

The local mailserver "e;guinan” loads the messages from the mailserver in a 1 minute period and puts it into the local accounts. Rules are applied to this process to be sure that last spam mails are filtered out and were pushed to a Spam folder on each account. (“lorne” runs Spamassasin and finds some Spams sometimes, but marks it with ***SPAM*** in the topic).

The clients are now able to use their eMails on the local IMAP accounts from their mailclients like Apple Mail, MS Outlook, Thunderbird etc.

But wait, what the hell is the 2nd server called “trip”? Yeah, that’s a 2nd server – but a virtual one. I used to install Debian into a VMWare session for one reason: Webserver. I tried it and hate it; Apache2 on Windows systems. It’s so – clumbsy. So I’m happy that Debian works so nice in the VMWare session . What it provides (between an own Intranet) is RoundCubeMail, super nice and free Webmail-Client. I use it to connect to the “guinan” mailserver, and it’s also accessable from external.

Sending eMails was a little horrortrip. Finally I decided to create a secret account on the external mailserver and tell the hMailServer (local) to fake the header, so that every user sends his/her own details. This works fine, and the fact, that the external mailserver is used, it a pro, because it has a valid Reverse-DNS and minimize the issue, that another mailserver doesn’t accept our eMails (what could easy happen, when we tried to send eMails from the local server direct to any other mailserver).

In short – that’s it. Of course, there is one thing that I had in mind that was not very well – syncronisation.

When I move an eMail into one of my much folders at the local IMAP account and I’m in the Cisco office in Düsseldorf a day later and the local server is switched off, I have those eMail regular in the root-folder (because I told the hMailServer NOT to delete fetched eMails for backup purpose) and not where I left it the day before. That’s the point, where the Linux-tool “imapsync” joins the mail-orgy. This nice tool let you sync 2 IMAP accounts. That means: I can sync my local account to an external other account and so I’m at home also when the local server is turned off! Sure, when I come back home and want it local, I have to sync it back and honestly, it takes a few minutes to sync eMails, but – it works. I will need to spend some time on studying all the different parameters of this nice tool (which, by the way, also runs on the virtual Debian server).

Finally: That’s the setup and it’s much fun to use it. It’s a win/win for us and the envoirment, because it’s the most power-effective way to do this challenge.

Hope you enjoyed this trip into mailservers and maybe you’ll want to create something similar

Ciao
Dennis

PS. Before some expert ask: of course, MX10 & MX20 are directed to the external mailserver on “lorne”.

Tweet This Post Digg This Facebook Reddit

Hi guys,

it’s a few days ago, since I posted my last content here. I was a bit busy with work, but early this morning I found a few minutes to drop a few lines

So, I knew that my webserver doesn’t have a RAID1. That’s not so good, so I tried to upgrade it. My provider is not willing to give my dedicated server an upgrade. Well, it’s not a problem, because the web-stuff, databases etc are backed up every night to an external server. But that’s a no-go for eMails (in my mind).

So I had the choice of 3 options:

- Download the eMails via POP3
- Create an own mailserver at home on my server who has a RAID1 + additional backup disk
- Go and find a hosting solution on the internet which is able to handle very own domain

I was never a fan of POP3. In the early days of my internet usage (that was around 1995/1996), I had an eMail account at my ISP, a POP3 mailbox and that was fine. I’d got 3-4 eMails a week (that were the glory times before spam *sigh*). When I heared about IMAP a few years later, I paid money to have it. I had an GMX Account with IMAP, called TOPMAIL. Was nice, but when I got my own domains and webserver, I wanted to have it there to do not have just a few MBytes of space. My current server, where this site is also hosted on, there is plenty of space available and so I used my mailaccount without limitations. Very good, but a bit unsecure. I’m a bit nuts with my eMail. I collect them and never delete important eMails from my account. I also want to have it shared an all my computers incl. the notebook I got from Cisco for my daily work. The best solution, of course, is to have the eMails stored on an IMAP account.

The second option – to place a server with an own mailserver – is a nice idea. There is SCALIX with a free version in the “Community Edition” that allows me to add up to 5 premium users for free. Very nice and the webinterface is much much better than the Microsoft Outlook Web Access!

But, there’s one bad thing about that. I have a server here, I can also get a cheap fix IP with reverse DNS entries, but to run a computer 24/7 for eMails is not pretty ecologic. Of course, it’s a “Green” server with a energy saving AMD64 EE CPU + 3x “Green” 1TB disks from WD, but to run it 24/7 just for eMails.. no. And what if I’m away for a few days? Everytime change the MX entries in the DNS settings in my Domain hosters settings? No way!

I’m also a bit, well, scared to run a server 24/7 when I’m not at home. Sure, burning down a house with a computer is not that easy and the badest thing that should happen is that the fuses drop out, but there’s still a risc.

Also having an own eMail server at home, which is nice since the data are loaded damn fast, drops out.

The thing I finally did is to move everything to Google. Yeah! I’m not kidding. To the evil data collectors. Well, I was never a fan of my own Google Mail account, since I know that Google is able to read my mails. But c’mon, they use it to show you so called Web-Clips (which you can amazingly hide). There’s a risc and from the data protection point of view, getting a better own webserver with a RAID1 is the best choice, but I tell you, my server is fine as it is! And it’s pretty cheap. To invest 50 Euro or more into a new server is not what makes sense. Sure, in the past, I had done it, but maybe with the years, I got a little bit of more wise (maybe ).

So, I applicated to Google Mail for Organisations which is free available for up to 500 account with 7GB/account. Not kidding! They really give every damn user 7GB+! woaaahhh!

Nowadays, Google Mail (I am not allowed to call it “GM*il”, because this is a registered trademark of a strange guy here in Germany who asks you to pay for that usage…, so Germany is the only country where it’s called Google Mail except this other and shorter name) gives you also access to the eMails via IMAP. For free. Nice! The web interface is not as good as my RoundCube Mail that I used before, but for the few times I need to use it online, it’s ok. It also integrated nice into my Outlook at my private notebook and here on my Mac into Apple Mail.

Google also delivers a calendar which is pretty cool, since I love calenders. It let my collaborate and share it with my wife, so we can make plans about funny things like holidays, appointments or simply to get an overview when and what we cook. The best thing about that is, that you can attach your calendar to applications. It will work with Sunbird and even better, it works with iCal. Including those “Accept”, “Tentative” and “Deny” options that I love so much on my meeting events at work. Collaboration is pretty well solved.

There’s also Google Docs, but I haven’t started using this.

So, that’s it. Yesterday I moved everything from my webserver to the Google Mail account and my wife did the same. Today is our first day with that solution and I’m excited how well it works. If it won’t work out as good as it currently sounds, no problem, we could easily move back and start anything else.

Maybe it’s the age, but meanwhile I want something to “just work” and don’t want to fiddle around and try to get things to work nowadays. It seems like for eMail, I found the right solution.

Ciao
Dennis

PS. Yes, I use my own domain there. Just a few changed in the DNS settings were needed for MX 10 – 30 & SPF/TXT.

Tweet This Post Digg This Facebook Reddit

Hi guys,

well, since we’ve upgraded to a Full HD Plasma television (Panasonic), we enjoy BluRay discs from our BluRay player (also Panasonic). But we’ve some nice videos on our local Debian server in the basement and the idea was to stream those videos via LAN to the TV.

Our first try was a quickly build PC, attached with a BluRay ROM and a more or less new ATI graphics card which has HDMI. The idea was nice, everything plays well, but – who wants a loud screaming PC in the silent living room? Not us! We’ve removed our previous installed beamer because of the noise.

In the end, we found a streaming machine which has no fans and is noiseless, able to stream content via the integrated 10/100MBit/s NIC and also has an HDMI interface with fully support for 1080p/24p.

The solution (seems) to be the Popcorn hour A-110 with the described features. Ok – 270 Euro is a lot of money for this, and that’s the reason why this box will be sent back on monday. No, not the price only. This is the full review.

Unboxing
The Popcorn hour came in a very nice package which reminds me of an Apple product. One site was damaged.

Installation & booting
The installation was quiet easy. I’d connected HDMI to the TV, the network cable and the power cable. That’s it. Booting up went in a acceptable speed (around 1 minute).

Configuration
First thing I did was to configure the network. The Popcorn box got all data from the DHCP server, so that worked from out of the box. I’ve connected the box with the Debian server via SMB. Playing the files works fine, but wait – there’s one thing that I miss…

Sound problems
…yes! No sound! After installing the most recent firmware and configuring all codecs from Digital to Analog (don’t ask me why), we were able to stream a 1080p testfile which runs mostly nicely.

Minimal stuttering 1080p
The video was shown nice and the sound now also works find, but every 5 minutes, the video stutters a bit. Nothing serious, but a bit bothering.

No playback of MPEG1 movies
Trying to play MPEG1 movies fails. After ~20 seconds the movie hungs up. The sound also didn’t work. The container was AVI with DivX.

YouTube stutters
Also YouTube stutters. Well it’s nice to have YouTube videos on a large screen, but it’s not so nice if all tested videos load a bit and streams and stops after a few seconds. A 3min video took more than 15 minutes to play completly. Very bad! We’ve a 16MBit/s connection and should really work much much better. It works much better on the iPhone(s) and also on the computers.

Conclusion
The Popcorn hour A-110 is a very nice box and plays Full HD videos on a 100MBit/s line more or less good from a Linux server who shares the files via SMB. But, if you’ve older and more exotic file formats, the Popcorn hour is not the right solution. Having no sound and sometimes also freezing pics is a bad thing. For us, the cons are to heavy to stay with the box. I mean, we paid 270 Euro for it! That’s a no-go

I will try to stream the content on a notebook that we’ve here laying around and be able to connect with a DVI to HDMI adaptor to the TV. Maybe it works. Not sure which OS to use, honestly. Comments and ideas are very welcome here

Tweet This Post Digg This Facebook Reddit

Hi guys,

I couldn’t find a good tutorial to install the FTP server proftpd on Debian, so I mixed it from different tutorials. Here’s what I’ve done.

What I expect from the FTP server is, that the user(s) could log in and have access to different folders who are shared from another harddisk. When I began the tutorial, I thought, that the proftpd is not the solution for my needs, but in the end, it’s the perfect one.

Let me show how what I need:
- the files are stored on a seperate (1TB) harddisk
- the user should be able to access those files without having to leave their own home directory
- the user should NOT see ALL of the folders from the sperate disk

First, the installation of the package was needed. Pretty easy with Debian of course
# apt-get install proftpd

This package has a lot dependencies, so don’t be surprised if up to 20 additional packages will be installed. You will be asked, if you want to install it as inetd or daemon process. Daemon is the better choice for 24/7 FTP servers.

Next, you’ve to configure the server. This is my configuration file, mixed from different tutorials:
Include /etc/proftpd/modules.conf
ServerName "Trip"
ServerType standalone
Defaultserver on
Port 21
Umask 022
MaxInstances 30
User nobody
Group nogroup
DefaultRoot ~
AllowOverwrite on
AuthUserFile /etc/proftpd/ftpd.passwd
AuthUserFile /etc/proftps/ftpd.group
UseIPv6 off
IdentLookups off
ServerIdent on "FTP Server ready."

DenyGroup !ftpuser !ftpprouser


RootLogin off
RequireValidShell on

UseReverseDNS off

When you’ve copy&pasted this (and modified the servers name), you should restart the server with an easy
# /etc/init.d/proftpd restart

Ok – the server is running fine now, and next, you will have to modify your user(s) to be able to access the FTP server with their account settings (which are the same as the SSH logins).

First of all, you will need to add a group. I call it ftpuser:
# addgroup ftpuser

Ok. So next, add the users to this group.

IMPORTANT! I’ve another group where the users are assigned to, so I had to use a CAPITAL “G” to add then to both groups.

# usermod -g ftpuser username

Repeat this for all users who should have access to your brand new server.

If you want to add new user, do it that way:
# adduser -g ftpuser username

Here are two commands, where I am honestly not 100% sure for what they are, but you need them.
# cp /bin/false /bin/ftp
# echo "/bin/ftp" >> /etc/shells

The next think you’ll have to do is to set up the directories. I prefer to use the mount –bind and not ln -l. So here’s what I’ve done.

# cd /home/username
# mkdir Directory
# mount --bind /home/username/Directory /media/1tb_a/Directory

I’ve mounted my 1st 1TB disk in my server in 1tb_a while the backup drive (same, energy saving “green” WD 1TB disk) is 1tb_b. So, of course it will differ from your setup.

I’ve, as mentioned before, 2 groups parallel for my users. The first, main group is klein2. I use this for Samba access. The new one is the ftpuser. I’ve added the new user, who will be able to access our local server, so this one is now also in the group klein2. Why? Well, the user should have access to all folders.

The rights look like this:
52707329 4 drwxrwx--- 2 root klein2 4096 2009-01-01 23:54 Directory

Note, that the ls -lisa will NOT show the 2nd group ftpuser, but the main group.

The rights were set with:
# chmod -R 2770 Directory

Of course, the groups should be set with:
# chown -R root.klein2 Directory

Mount other directories as shown above manual or – if you don’t want to repeat those steps whenever you’ve reset your server – add those lines into /etc/fstab:
# nano /etc/fstab
/media/1tb_a/Directory /home/username/Directory none bind 0 0

Repeat this for EVERY directory you’ve mounted.

See what’s the good thing here? YES! You can select the folders you like to share for different users. You don’t have to share all folders to everyone etc.. I like this

Ciao
Dennis

Tweet This Post Digg This Facebook Reddit