Singpolyma

Archive of "Ubuntu"

Archive for the "Ubuntu" Category

How to force the default route to always use a specific interface on Ubuntu

Posted on

This post was written by Dave Vandervies (@dj3vande).

I think Ubuntu inherits the things that need to be configured for this to work directly from Debian; if that’s correct this information will be useful without modification for Debian systems. It may also be possible to configure dhclient on other Linuxes (and other *nixes) according to these notes; I don’t know whether the guts of dhclient-script come from Debian or from dhclient. In any case, looking at what dhclient-script does will be a good start.

So, I have a machine that’s attached to two networks.

Both networks have DHCP servers. Both DHCP servers give out router configuration. But one of those default routes is useless, so I want to force the system to always use the other network segment’s router as its default route.

(My use case is a virtual machine; one VM network is NATted to the outside world, and one is isolated on the host machine. This VM gets run on different host machines, which assign different network addresses to their virtual segments, but which interface is on which type of segment is fixed by the VM configuration. So here, unlike many multi-interface machines, it’s necessary to tie the default route to a particular *interface* and not a router address.)

It turns out that this isn’t hard to do, but it took a lot of googling (and several rounds of “Find something interesting, search on new keywords”) to find a solution that actually did what I needed; all of the obvious searches turn up information about how to set the default route to a fixed router IP, which only works when you’re always on the same network.

Before I get into the theory of operation, here’s the solution, for
impatient people:

cat << 'EOF' > /etc/dhcp/dhclient-enter-hooks.d/restrict-default-route
## Only the DHCP server talking to eth0 is allowed to give us a default
## route.  Other interfaces only get local-segment configuration.
case ${interface} in
  eth0)
    ;;
  *)
    unset new_routers
    ;;
esac
EOF

So, here’s how this works, since that might be useful for other complicated DHCP configuration tricks you want to do.

When dhclient needs to make system configuration changes, it does it by invoking /sbin/dhclient-script. The first nontrivial thing dhclient-script does is run the entry hooks in /etc/dhcp/dhclient-enter-hooks.d to allow local configuration rules to adjust things as necessary.

These hooks are shell script fragments sourced by the main script, so you can use them to edit the variables that make dhclient-script do things if you like. This is precisely what we want to do. $new_routers is the default gateway the DHCP server gave us; we only want to actually use it for the DHCP server eth0 is talking to, so if we’re on any other interface we unset it, to prevent dhclient-script from taking any action based on it.

You can use the same trick to ignore DNS settings (new_domain_name and new_domain_name_servers) if you want to ignore one network’s DNS servers; I didn’t need that in my configuration because the two subnets’ nameservers behave identically. (But note that if you need something more complicated than simply ignoring one of them, you’ll probably need more than just an entry hook.)

Anonymous SFTP on Ubuntu

Posted on

I spent some time today getting anonymous SFTP setup on my home server. Why would I want to do that, you ask? Well, for file shares. I have an HTTP server and anonymous FTP server set up to make it easier for people to get at the public shares on the system, but really I’m a big fan of consolidating the protocols in this space. FTP is old and clunky, SFTP has solved many of the issues and is widely deployed. In fact, all my PCs are running an SFTP server, only one currently runs an FTP server.

This how-to uses the command line. It’s really not that hard, just type exactly what I tell you to.

First, make sure you have the SSH server installed:

sudo apt-get install openssh-server

Next, create a new user:

sudo adduser --disabled-password anonymous

Then, edit the /etc/shadow file to make the password actually empty:

sudo ${EDITOR=gedit} /etc/shadow

Go to the last line and change the anonymous:*: to anonymous::

Edit /etc/passwd to make the empty password allowed and the login shell is set to /usr/lib/sftp-server

sudo ${EDITOR=gedit} /etc/passwd

Go to the last line and change anonymous:x: to anonymous:: and also change the value on the end of the line (it will either be /bin/bash or /bin/sh) to /usr/lib/sftp-server.

Next, you need to allow sftp-server as a valid shell.

sudo su
echo /usr/lib/sftp-server >> /etc/shells
exit

You also need to allow PAM to accept blank passwords for SSH sessions, so:

sudo ${EDITOR=gedit} /etc/pam.d/sshd

Change the line that reads @include common-auth and replace it with:

auth [success=1 default=ignore] pam_unix.so nullok
auth requisite pam_deny.so
auth required pam_permit.so

Finally, you need to set the SSH server to allow blank passwords.

sudo ${EDITOR=gedit} /etc/ssh/sshd_config

Find the line that reads PermitEmptyPasswords no and change the no to a yes.

Restart sshd with:

sudo /etc/init.d/ssh restart

And you’re done!

Warning: make sure the anonymous user does not have access to files you do not want it anyone to have access to! Ubuntu by default makes way too many things world-readable. This how-to is not about file permissions, but make sure your private files are set so that only your user can read them!

Simple HTTP-based File Shares for Ubuntu

Posted on

This is a simple how-to for setting up automatic file sharing for users’ ~/Public folders in Ubuntu over HTTP with minimal overhead.

While this how-to is simple, it does use the command line. I happen to believe the command line is not so scary as the GUI marketing people would have you think, even to new users. It’s much easier to say “type this” and have a user understand than it is to try to describe the GUI actions.

First, install my subdirs script. This script finds a list of directories containing some other directory, and prints out the path to the subdirectory (if you don’t get that, never mind, you just need to know that you need in installed for this how-to).

sudo wget -O /usr/local/bin/subdirs http://github.com/singpolyma/singpolyma/raw/master/scripts/subdirs
sudo chmod +X /usr/local/bin/subdirs

Then, install the webfs HTTP server.

sudo apt-get install webfs

Edit the config file a bit:

sudo ${EDITOR=gedit} /etc/webfsd.conf

Change the line starting with web_root= to say:

web_root=/var/www

And the line starting with web_port= to say:

web_port=80

Then restart the server by running:

sudo /etc/init.d/webfs restart

Finally, to symlink the shares, run:

subdirs /home Public | while read DIR; do ln -s "$DIR" /var/www/$(basename "`dirname "$DIR"`"); done

You’re done!

The last command will have to be re-run every time you add a new user. Or you could add it as the second-last line in your /etc/rc.local file to make it run every time you boot.

Now people can just visit your computer in their webbrowser (if they’re on your local network… to get access from the Internet you have to configure your router, but you probably don’t want that anyway). The address of any Ubuntu computer in a webbrowser (on a computer than supports mDNS, such as other Ubuntu systems or Apple systems) is just hostname.local. For example, my computer is singpolyma-mini.local. For Windows users, they’ll have to type in your IP address (unless they install Bonjour for Windows).

You can find your IP address by running:

ifconfig | grep 'inet addr' | grep -v 127.0.0.1 | awk '{ print $2 }'

Windows Media Streams on Ubuntu

Posted on

Since I did all the research on this yesterday to get it working, I figured I’d share it with the world in case someone else is having problems with it too! These instructions assume Ubuntu, but should work on pretty much any Linux system with minor modifications.

1) You must have a GStreamer player installed. Totem (the defaul GNOME movie player/media player) is what I used because it was already installed.
2) Install gstreamer0.10-plugins-bad with Synaptic
3) Go to MPlayer and download the binary codecs for Linux. Unpack the file into either the /usr/lib/win32/ directory or the /usr/lib/codecs directory (depending on your system, I put it in both to be safe).
5) Install gstreamer0.10-pitfdll with Synaptic (if available) or get it from a mirror.
4) Install gstreamer0.10-plugins-ugly with Synaptic

That should be it! You should now be able to listen to Internet radio stations in the Windows Media format.