Saturday, December 4, 2010

Adding extra/addtional FTP user for a domain in plesk control panel

Hi,

Finally you came here to know how to create additional FTP user account for a domain in plesk control panel, no wonder i will explain you its pretty simple, all you need is to be root of the server.

Let's get started.

Login to the server using root account and add a user which you need to restrict the files/folders that the user can access by using the following command.

#useradd -d /var/www/vhosts/domainname.tld/path/to/folder/

now a user will be created, but the user can access other files under / partition where the server has read permission to other users, this is a big security hole so you need make sure that the user shouldn't access other files in the server except the folder which he should access. So, you have to change change the group id for that particular user, this can be done by following the steps below.

All the user details will be in /etc/passwd file, there you need to change the group id from
username:x:500:500::/var/www/vhosts/domainname.tld/path/to/folder/:/bin/bash
username1:x:501:501::/var/www/vhosts/domainname.tld/path/to/folder/:/bin/bash


to

username:x:500:2425::/var/www/vhosts/domainname.tld/path/to/folder/:/bin/bash

[ Above I have changed the group id(500) to 2425 which is the default psactl group id for Plesk control panel it may differ for your server, you can check it with other FTP user names and use that for the new user]

Now you should also change the shell for the user which is currently set to user as /bin/bash, where the user can access the server using SSH, you need to change it to /bin/false which will make the user to use only FTP service.

That's it, a new FTP user is created in Plesk control panel.

Wednesday, November 24, 2010

User administration in linux

Hi, this topic covers the user administration in linux operating system.

The important feature of a linux machine is that. In linux machine multiple users can access the same machine at the same time.

At the end of this topic you will learn to know the following 3 things

1.Add, Remove and Modify users in a system.

2.Groups.

3.Permissions(modes).

Okay, lets get detail in the above topic

1.Add, Remove and Modify users in a system:
===========================================

To add , delete or modify users in linux you much be a root user(super user) or a administrator.

1.Adding a user
---------------

Command used to add a user in linux is

#useradd

2.Remove a user
---------------

Command used to delete a user in linux is

#userdel

3.Modify a user
---------------

Command used to add a user in linux is

#usermod

All the above commands will be located in /usr/sbin directory.

You can specify the user config files which a new user will have when an account is created these configuration files are copied from the /etc/skel/ directory.

[skel stands for skeleton]

Now, let us see the steps in creating a new user account

Now first of all we will check the defaults of useradd command.

[root@siru /]#useradd -D

[The "-D" option means that default for useradd command]

O/P of above command is
GROUP=100
HOME=/home
INACTIVE=-1
EXPIRE=
SHELL=/bin/bash
SKEL=/etc/skel
[root@siru /]#


In the above output
Group=100 It means that if we didn't specify a group when we create a user it automatically puts the user into Group100.

HOME=/home It means that if we don't specify a home directory it will set default home directory of that user as /home.

INACTIVE=-1
EXPIRE=
these two means account expiration date, either of them is not set now by default as INACTIVE=-1 means its not described and EXPIRE= has not returned any values hence there is no expiration date for a new account unless it is set specially just in-case if the EXPIRE is set to a date say 30-11-2010 the account that has been created with this expiration date will expire on 30-11-2010 and from that date the user cannot login to the system but all his files will be kept unmodified just in-case if we unexpire that account the user can access those files as he like he left it when it expired and if INACTIVE=-1 is set to any positive value say positive 10 then the files owned by the expired user account will delete after 10 days of the particular expired account including the user id.

SHELL=/bin/bash
is the default shell for that particular account.

SKEL=/etc/skel default skeleton for that particular account, when an account is created the configuration files under this folder will be copied to the user's account.

Now let us add an account
[root@siru /]#useradd lisa
now once i press enter after typing the above command two files will be modified, they are htpasswd and htshadow files, lisa's home directory was created and few configuration files are copied into this directory. Let's see them now we will go into /home directory

[root@siru /]#cd /home
now a folder named lisa will be created

[root@siru home]#ls
output of the above file will be
jeevi lisa
which means that the system has created a account names lisa now lets go into lisa directory now and i will list all the files under lisa

[root@siru home]# cd lisa
[root@siru lisa]# ls -a
output of the above command is
. .. .bash_logout .bash_profile .bashrc .emacs .gtkrc .kde .screenrc

now you can see that the files under lisa folder is user config files as they start with the name dot(.), if we "ls -a" inside /etc/skel directory

[root@siru lisa]# ls -a /etc/skel
o/p
. .. .bash_logout .bash_profile .bashrc .emacs .gtkrc .kde .screenrc
hence these are files copied from /etc/skel directory.

now you will know that we have never set a password for the user lisa, so the user lisa cannot login to the system as it doesn't have any password, so we are setting password for the user lisa

[root@siru /]#passwd lisa
[Note: the root user is the only user that can change or set password for a user other than the self]
o/p
Changing password for user lisa
New password:
type password for lisa
Re-Type password:retype password for lisa
passwd: all authentication tokens are updated successfully password has been set and now lisa can login to the system using her account.

Alright, now we shall have a look into the htpasswd and htshadow files into the system.
cat /etc/passwd
o/p

jeevi:x:500:500::/home/jeevi:/bin/bash
lisa:x:501:501::/home/lisa:/bin/bash

in the above output you could see that lisa is the username, x is the password which will be stored in /etc/passwd file, 501 is the user id, next 501 is the group id, (ya i said default as 100 but redhat linux will have a separate user private group it starts with 501, you will know that if you are familiar with group administration)net files is comment which is not set so the two colons(::) it can be filled by using useradd -c command /home/lisa is the default home directory of the user lisa, /bin/bash is the default shell for the user lisa.

Now, let's have a look into htshadow file, the htshadow file will also have a separate line for each user

#cat /etc/shadow
o/p

jeevi:fdsfsfGD#$%%565GF$$$%^*:11758:0:99999:7:::
lisa:Pfdefs@#4GFVtr33@334$ff:11768:0:99999:7:::

the first field of the above o/p is the user name and the next field is the encrypted version of the password just for security reasons.

Now let's change a password for a bunch of users in a single command,

#pwlist
o/p
jeevi:siru
lisa:lisa

#chpasswd < pwlist
o/p of above command will change all passwords for user for jeevi and lisa, but the file pwlist will have passwords for them in plain text format hence its safe to delete pwlist file, hence the after deleting pwlist file the passwords for users will only be present under /etc/passwd file(which is encrypted).

Now lets learn about groups.

The group id's for users are stored under /etc/group
# cat /etc/group
o/p
jeevi:x:500:
lisa:x:501:


again the first field specifies group name, next is group password which is stored at /etc/gshadow file, next is group id and next is the list of users in he group 500 which is empty which means that group jeevi has no users under it.

Let us consider that if some members are working on a project and have to access the files in common, say "projectX", so we are now creating projectX group.

#groupadd -r projectX
#cat /etc/group
jeevi:x:500:
lisa:x:501:
projectX:x:11:

now we will add jeevi and lisa user into the projectX group this can be done by the following command
#usermod -G projectX jeevi
o/p
#cat /etc/group
jeevi:x:500:
lisa:x:501:
projectX:x:11:jeevi


#usermod -G projectX lisa
o/p
#cat /etc/group
jeevi:x:500:
lisa:x:501:
projectX:x:11:jeevi:lisa


which means users jeevi and lisa are a members of the group projectX, so the files with group permissions set to projectX can be accessible by jeevi as well as lisa in common.

Now lets add user jeevi to projectX as well as projectY, this can be done by

#groupadd -r projectY
#cat /etc/group
jeevi:x:500:
lisa:x:501:
projectX:x:11:jeevi:lisa
projectY:x:12:



#groupadd -
#usermod -G projectX,projectY jeevi

o/p
#cat /etc/group
jeevi:x:500:
lisa:x:501:
projectX:x:11:jeevi:lisa
projectY:x:12:jeevi


now, user jeevi is a user of both projectX as well as projectY but lisa is only a member of projectX group.

Command to see the groups which a user is present is
#group
(i.e) #group jeevi
O/P
jeevi: jeevi :projectX: projectY

Note that when ever you need to add an extra group for jeevi you need to specify all the group which jeevi wants to be else he will be removed from the other groups say you will be removed from projectX and projectY if you have not specified these two group then jeevi will be removed from these two groups.

File permssions(modes):
=======================

* There are separate permissions for user, group and other.
* #ls -l command shows modes
* Root and owner can change modes.



Every file has three types of modes(permissions) they are user(the actual owner of the file), group and other(all the users present in the system)

#ls -l

The above command will list the file permissions of files.

o/p

drwxr-xr-- root jeevi folder

The fields(i.e drwx) in the above output tells us d-directory,r-read w-write and x-execute permission for the owner(here its root).

The second field(r-x) in the above output tells us that the group user(here it is jeevi) has r-read and x-execute permissions for that folder so he cannot edit that folder like he cannot create or delete files inside that folder.

The third field(r--)in the above output tells us that the other user(say anyother user like lisa,apache, etc) has onlyr-read permission that means that he can only read the folder and cannot edit or execute that folder(to open a folder the user needs execute permission as this is disabled here he cant open the folder).


Changing file permissions:
===========================

To change the file permission you can use "chmod" command. chmod command has two formats they are

1.Symbolc mode.
2.Binary number mode.

1.Symbolic format here we use u(user),g(group),o(other)

Eg:#chmod g+w filename will allow group user have write permission to that file.
#chmod g-w filname will stop the group user from writing/changng the file.
You can use symbolic format as below example as well
#chmod ug=rw filename will make user and group to have read and write permission to that file hence there will be no access for others and no x-execute permission for user and group of that file.


2.Binary number mode uses the following sntax.

#chmod 754 filename(where 7 is user permssion 5 is group permission and 4 is other user's permission) which is represented in binary values as the number 7 comes with binary value "111=rwx" and then 5 with binary value "101=r-x" and 4 with "100=r--".

Directory permissions
=====================
Directoies will have permissions like as follows

7=rwx(where the user will have full permission to the directory, he can add, delete the files inside the directory).
5=r-x(where the user can only read and execute the directory cannot modify the files in that directory).
0=---(No permissions, he cannot access the directory).
[Note: User cannot read the folder if he has the folder has only execute permission and not read permission and he cannot open the directory if he has only the read permission and not execute permission. So, you need at-least read and execute permissions for a directory to access and read it]

If a user have read and execute permission for a directory and no permissions at all for a file inside that directory then he cannot read that file, so both directory and file permissions have to be working on your favor so as to access that particular file inside the directory.

Okay, now let's combine all the above topics and work to share files for different users.

Let us consider that some users are working on ProjectX where everybody working on ProjectX needs to access a common folder and edit files.

[root@siru home]#ls -l

drwxr-x--- 3 siru ProjectX 4086 Mar20 12:11:20 siru
drwxr-x--- 4 lisa lisa 4086 Mar21 12:30:21 lisa


The user siru has group user as ProjectX and read and execute permission for group users, hence the users with ProjectX can access the directory siru, Now lets go inside siru's directory and do an ls -l command

[root@siru home]#cd siru

[root@siru siru]#ls -l
O/P

drwxr-x--- 5 siru ProjectX 4086 Mar20 12:11:20 ProjectX

Here we have ProjectX folder has group user as ProjectX hence the users with ProjectX group can access the files under ProjectX folder. Now, let go inside ProjectX folder and do an ls -l.

[root@siru siru]#cd ProjectX

[root@siru ProjectX]#ls -l

O/P
-rw------- 1 siru ProjectX 64 Mar 21 12:20:21 Plans


Now, here is the mistake where the file "Plans" doesn't have any permissions set for the group ProjectX hence the memebers of the ProjectX cannot access the contents of the file "Plans". So, you need to set read and write permissions to "Plans" file so that users from group "ProjectX" can read or edit that particular file, this can be done as follows

[root@siru ProjectX]#chmod 660

[root@siru ProjectX]#ls -l

-rw-rw---- 1 siru ProjectX 64 Mar 21 12:20:21 Plans


Now, the users under group ProjectX can edit the file "Plans".

Wait a minute do you know how the folder "ProjectX" had group permission as "ProjectX", let me explain how to create a file/folder with other group permission, let us consider that we are logged in as siru user.

[siru@siru ProjectX]#mkdir sample
This will create a folder sample
[siru@siru ProjectX]#ls -l

O/P

-rw-rw---- 1 siru ProjectX 64 Mar 21 12:20:21 Plans
drwxr-xr-x 2 siru siru 4086 Mar 21 13:20:21 sample


now the group permission set here for sample folder is siru, you have to change that as follows

[siru@siru ProjectX]#chown siru.ProjectX sample

[siru@siru ProjectX]#ls -l

O/P

-rw-rw---- 1 siru ProjectX 64 Mar 21 12:20:21 Plans
drwxr-xr-x 2 siru ProjectX 4086 Mar 21 13:20:21 sample


you can also do this as below steps as well

[siru@siru ProjectX]#newgrp ProjectX

[siru@siru ProjectX]#mkdir sample

[siru@siru ProjectX]#ls -l

O/P

-rw-rw---- 1 siru ProjectX 64 Mar 21 12:20:21 Plans
drwxr-xr-x 2 siru ProjectX 4086 Mar 21 13:20:21 sample


So, how to make a normal user a administrator of a group, let's see now., it can be done by following commands

#gpasswd -A siru ProjectX


[The capital A tells the system that the successive user is the administrator of that group so, after executing the previous command we will have siru as the administrator of ProjectX, he can add or delete users to ProjectX group].

# su siru[switching user from root to siru]

#gpasswd -a ram ProjectX


The above command adds user ram to group ProjectX

#gpasswd -d lisa ProjectX
The above command delets u
ser lisa from ProjectX

Now if we see the /etc/group file we won't be having user lisa in ProjectX but user ram will be added in ProjectX

#cat /etc/group


O/P
#cat /etc/group
jeevi:x:500:
lisa:x:501:
projectX:x:11:jeevi:ram
projectY:x:12:jeevi

We can have user private groups as well so that if user siru wants only lisa to access his files then he can add user lisa as his group member this can be done as follows

#gpasswd -A siru siru

#su siru[switching user from root to siru]

#gpasswd -a lisa siru

The above command will add user lisa to user siru's private group. Hence lisa can access the files which are set read permissions for siru group. Something like this

-rw-r----- 1 siru siru 64 Mar 21 14:15:00 test


[Note: See to that lisa can enter in to the directory where the groups of siru has permissions to execute and read the particular directory].

Reference: CBTNUGGETS video tutorials

Tuesday, November 23, 2010

Different types of web servers in web hosting environment

There are alot of types of web servers used in hosting environment, i will provide you information about some of them here, first let me list the different types of web servers and then i will explain them in detail.



1.Apache web server
2.Microsoft Internet Information Service
3.Lighttpd
4.Sun Java System Web Server
5.Jigsaw Server
6.nagios web server
7.Zeus web server



1.Apache Web server


This is developed by Apache software foundation, the most reliable and most widely used web server in hosting environment, about 58.8% of the servers are using Apache, this is a open source and free software, this software is usable in Linux, windows, Mac, FreeBSD type operating systems. It supports J2EE(java) when combined with tomcat module. Can have captcha working by enabling Freetype and GD support to PHP modules. Guess what it even supports ASP.NET pages but not to the fuller version.


2.Mcrosoft IIS server
.

This is developed by Microsoft corporation, this is one of the easy to work web server and about 33% servers are using this software, this is a Microsoft software and it comes with a cost value along with server operating system CD's provided by Microsoft. This supports ASP.NET and many other Microsoft enabled web softwares.



3.Lighttpd


This is a open source and free software comes inbuilt with FreeBSD operating systems this consumes very less system resources, this can run on Linux, Windows, Mac, FreeBSD and Solaris operating systems.


4.Sun Java System Web Server


This is developed by Sun micro systems, this is a free software specifically used in larger websites, but this is not an open source software, this can run on Linux, Windows, and other unix like operating systems. Has all the supports for the languages needed by a larger web sites.



5.Jigsaw Server


Jigsaw is an W3C Open Source Project, started May 1996, it supports many Java enabled supports, developed by World Wide Web Consortium. It is open source and free software that can run on operating systems like Linux, Unix, Windows, Mac OS X Free BSD.


6.nagios web server


This is one of the open source software and free software, that can run on operating systems like Linux, and other unix operating systems.


7.Zeus web server


This is one of the easy to use web server that can be configured on a web interface used n a browser using 9090 as default port number, it comes with a cost.

Feel free to post your replies if i went wrong somewhere.

Regards,
Siru

South Indian actor Vijay pictures



South Indian actress Tamana pictures







South Indian actress Trisha pictures

























About moderator of this blog

Hi everyone i am a Linux admin as of now and i created this blog just to share whatever i know, you can also post your suggestions here.

Thanks,
Siru
servertechnologies.blogspot.com