Sunday, October 1, 2017

Windows Share Permissions Done Right in FreeNAS

The scenario is that you have a FreeNAS machine - for reference I am running FreeNAS-11.0-U2 - and you want to have a multi-user system where different users have different permissions to access shares over a local network. Here I wil show a quick and basic setup of a new share and setting its permissions. Then I will explain two common issues that are encountered and how to resolve them:
  • Everybody can see and read the shares over the Windows network
  • I have set up the users , added them to the proper group, but they still cannot access a Dataset

To begin with, the basic steps for creating a new network share is as follows:
  1. Create and manage users and groups
  2. Create and share the Datasets

Create and Manage Users and Groups

It is probably easier to start with this. So for example we want to have 3 users, Alice, Bob and Charlie. They should all be granted access to some common shared directories and have restricted access to some other directories.
  1. Create a Group called "Shared". This group will be the owner of later directories (Datasets) accessible to all of the users.
    Creating a new group called Shared.
  2. Create the users Alice, Bob and Charlie and add them to the group Shared.
    Creating a new user and adding immediately to the Shared group
    Adding the new user Alice, at the same time assigning her to the Shared group.

Create and Share the Datasets

There are plenty of guides on this and it is not so complicated once you get the hang of it. For reference take a look at doc.freenas.org, forums.freenas.org or tekblog. Here just for the sake of introduction the basic idea.
  1. Create a new Dataset called "Common" as a Windows share.
    Creating a new Dataset called Common.
  2. Change the permissions of the newly created Dataset and set the Owner (user) as root and the Owner (group) the Shared group.
    Changing the permissions of the new Datatset.
  3. Share the newly create Dataset. This makes it available over the network.
    Creating a new Windows (SMB) share
    Creating a new SMB (Windows) sahre for the newly created Dataset
 At this point all 3 users have access to the Common share over the network, by default \\freenas.local\Common. This is the basic setup and it will work on freshly created datasets. If you have previosuly changed any permissions on parent Datasets the read the section below for explaining the issues.

General Errors and Solution 

A brief section explaining some (trivial) problems I encountered and found it hard to get an explanation.

Everybody can see and read the share over the network

By default when making Windows shares in FreeNAS the group "Everyone" is added to a share and hence all users who can log in can actually view the share. The solution is to attach the volume in a Windows amchine as the owner of the dataset, right-click the folder, go to permissions and remove the group "Everybody" from the access list. This prevents LAN users from seeing the sahres all together.
Checking user and group permissions for the main Dataset
By default, the group "Everyone" is added to FreeNAS Windows shares.

Permissions settings for the main Dataset
To deny access of local network users without explicit permissions to view the shared Datasets, remove the "Everyone" group from the permissions tab.
If you have sub-folder in the datase, you will get a prompt asking you if you want to change the permissions recursively, you can say yes.

I have set up the users, added them to the proper group, but they still cannot access a Dataset

This can happen if a parent Dataset is shared and some of its sub-datasets are also sahred separately. The issue comes when the sub-dataset has to be sahred with an user, but the parent dataset has to be restricted. It took my a while to figure out as it is often not mentioned, but the parent dataset in FreeNAS has to have the same Owner (group) as the sub-dataset you want to share. Lets look at the following simple share setup as an example.
Storage Dataset with Music and Series sub-datasets.
Example share setup, where Storage Dataset has 2 sub-datatsets.


If I wanted to share just the Music sub-dataset with Alice, I would need to do the following,
  • Create a new group, e.g. called "Shared"
  • Add Alice to the group Shared
  • Make "Shared" the Owner (group) of the Music dataset
  • Make "Shared" the Owner (group) of the Storage parent Dataset (this is usually forgotten!)
  • To restrict Alice's access to the Series dataset, make sure that it is owned by another group in which Alice is not a member.

Run Storjshare in a FreeNAS Jail

Not really a Debian/Ubuntu thing as per say, but since recently I built a FreeNAS system, I though it would be useful to rent out an unused 2 TB disk. So here it goes, Storjshare daemon inside a FreeNAS-11.0-U2 jail.

I am assuming that you know what storjshare is, basic experience with its terminal (non-GUI) version and that you have hands-on experince with FreeNAS.

TL;DR (aka Advanced users) 

  1. Create jail and assign storage space
  2. In jail terminal
    pkg install node6-6.11.3-1 npm3 git
  3. Install storjsahre via npm,
    npm install stojshare-daemon --global --no-optional
  4. Start the daemon and connect a farmer node
    storjshare daemon
    storjshare start --config yourconfig.jso
    n
Not clear enough? Read below.

Create a Jail and add some space

  1. Go to Jails/Add Jail. No fancy setting required, probably name it something useful like Storjshare
    Adding a new jail in FreeNAS
    Add a new jail "Storj" where the service will run.
  2. Assign storage place to the jail. Go to Jail/Storage/Add Storage. Select the source, aka the drive or directory to store the future files and the destination. The destionation could be e.g. /mnt/Storjshare and you can ask to create the new directory.
Creating a new jail in the UI
Adding storage space to an existing jail.

Allocating storage space from a Dataset to the newly created jail
Assigning the source (drive space) of Drive1/Storjshare to the jail's /mnt/Storjshare mount point.

 The jail is ready and set, proceed to the next step.

Installing storjshare

Now I did not follow the standard instructions as installing node the described way did not seem to work. Instead I manually installed the required node version via pkg. We need the LTS version 6 of node and we can check for this. You can either log in via ssh to the jail or simply launch a terminal from the UI on the Jails tab.
UI snippet showing how to start a shell from the web browser
Conveniently launching a terminal from the UI.
Once the terminal is open, lets install the pre-requisites first, followed by storjshare.
  1. Search for availabel node versions via,
    pkg search node
    pkg search node output in the shell
    pkg search node returns a list of available packages, notice the node6-6.11.3-1.
  2. The node version we need is node6-6.11.3-1 as shown above. This can be installed with,
    pkg install node6-6.11.3-1
    Installing node6 LTS using pkg install
    Installing node6 with pkg.
  3. At the end you will be prompted to isntall npm3, so do,
    pkg install npm
    Installing npm via pkg install
    Installing npm3 after node6.

  4.  These should be completed so install the other required packages as well,
    pkg install git
  5.  Start installing storjshare as per the githug guide,
    npm install storjshare-daemon
    --global --no-optional
    A few warnings will be present, but for all functionality it will work.
Note: Above the --no-optional was added to the install command as a suggestion from github as the dtrace package fails to build on FreeBSD at the moment. Since the package is not necessary for storjshare, to avoid annoying - and non-relevant - error messages, this modeule can be ommited. When building without the additional --no-optional a similar error will be thrown, although storjshare would still run:
Error: Cannot find module './build/Release/DTraceProviderBindings'

Running storjshare

This is somewhat beyond the scope of the guide, however here is a quick guide on setting up a simple storjshare farming node.
  1. Create your config file with the help of storjsahre --help
    Usage: storjshare-create [options]

    generates a new share configuration

    Options:

    -h, --help                 output usage information
    --storj <addr>             specify the STORJ address (required)
    --key <privkey>            specify the private key
    --storage <path>           specify the storage path
    --size <maxsize>           specify share size (ex: 10GB, 1TB)
    --rpcport <port>           specify the rpc port number
    --rpcaddress <addr>        specify the rpc address
    --maxtunnels <tunnels>     specify the max tunnels
    --tunnelportmin <port>     specify min gateway port
    --tunnelportmax <port>     specify max gateway port
    --manualforwarding         do not use nat traversal strategies
    --logdir <path>            specify the log directory
    --noedit                   do not open generated config in editor
    -o, --outfile <writepath>  write config to path
    For example,
    storjsahre-create --key myPayoutAddress --storage /mnt/StorjShare --size 2TB --logdir /root/ -o settings.json 
  2. After the config file was created, start the daemon with,
    storjshare daemon
  3. Finally, start the farming node using the previos settings,
    storjshare start --config settings.json
     
storjshare status output from the FreeNAS jail
Storjshare inside a FreeNAS jail, runign without problems.

Note: Specifying a logfile can be necessary. During my tryouts I have encountered some trouble with the log directory not being accessible by the jail's user.

Happy farming!

Thursday, May 4, 2017

Install Money Manager EX in Ubuntu 16 - MMEX


Money Manager EX is a nice tool to keep track of personal finances and expenses. And while installers exist for windows, in Linux one has to compile the software alone. This has proven to be somewhat more difficult than expected, but with the right dependencies and following the guide it is possible.

Compile from git repository and install

Following the Ubuntu guide from Github one needs to do,
  1. Install dependencies
    sudo apt-get update && sudo apt-get upgrade
    sudo apt-get install git build-essential automake libwxbase3.0-dev libwxgtk3.0-dev libwxgtk-webview3.0-dev python-dev build-essential cmake git libgtk-3-dev libwebkitgtk-dev libwxgtk3.0-dev libwxgtk-webview3.0-dev libwxsqlite3-3.0-dev
    (In the github documentation the latter libwsqlite3-3.0-dev is not mentioned, however it is necessary for compiling. Without this I was getting errors while compiling)
  2. Clone the git repository
    git clone --recursive https://github.com/moneymanagerex/moneymanagerex
    (I found that the --recursive parameter is important, otherwise I got some files missing in the end)
  3. For the release (no debugging build) configure and compile as
    cd moneymanagerex/build
    mkdir release
    cd release
    cmake -DCMAKE_BUILD_TYPE=Release ../../
    make package
  4. After this you can install it with
    sudo make install
  5. and finally run from the terminal window with
    mmex
MMEX running under Ubuntu 16

Note: For make you can pass the argument "-j x" where x is the number of threads to use.

Creating a desktop launcher

Create a file called Mmex.desktop (yes, .desktop) on your desktop.
nano ~/Desktop/Mmex.desktop
Paste the following into the file
#!/usr/bin/env xdg-open
[Desktop Entry]
Version=1.0
Type=Application
Terminal=false
Exec=mmex
Name=Mmex
Comment=Money Manager
Icon=/usr/local/share/icons/hicolor/scalable/apps/mmex.svg
Make the file executable with
chmod +x ~/Desktop/Mmex.desktop
You should be left with the following, a nice desktop launcher.
Mmex desktop launcher and the location of the Icon
What is what?
Exec - command that gets executed
Name - The visible name of the file (hence you don't see the .desktop extension)
Comment - Additional comment if you like
Icon - path to the icon to display, otherwise blank launcher image




Monday, May 1, 2017

A job is running for dev-mapper-cryptswap1.device

If you notice that booting Ubuntu takes a long time and you see the following error message on the booting screen after pressing 'ESC',
A job is running for dev-mapper-cryptswap1.device (50s / 1m30s)

This is caused by the system looking for an encrypted swap partition, however most likely you have not created one. Which is normal, now when a lot of RAM is available, and a swap partition is not necessary. This is all due to a misconfiguration entry in the fstab, which tells the system to try and mount the said (non existing) partition.

Solution

The solution is to remove or comment out the "cryptswap" entries from /etc/fstab and /etc/crypttab.

This can be done easily by editing the above mentioned files as commenting out the lines that say cryptswap by placing a "#" in front of the matching lines.
sudo nano /etc/fstab
sudo nano /etc/crypttab
The result is shown below in the image, where the lines referring to the cryptswap partition are already commented out.

Reminder: 'CTRL + O' saves the file, 'CTRL + X' exits the nano text editor.

Both fstab and crypttab have an entry for cryptswap1, shown as already commented out

Tuesday, January 24, 2017

Install Steam Controller on Ubuntu 16.04

I have a Steam controller that I use every now and then and wanted to try it on Ubuntu 16.04. However, the operating system did not recognize the controller automatically, as of 22.01.2017 on a fresh install of Ubuntu 16.04. Luckily, it can be added quickly without any extensive troubleshooting.


Detecting the steam controller in ubuntu
Ubuntu 16.04 detecting the Steam controller for the first time.

Add a Controller

Referring to an earlier post from November 2016 on AskUbuntu.com the solution is quite straightforward and applies to a fresh 16.04 install.

  1. To install the controller we have to add a new device manually with udev,
    sudo gedit /lib/udev/rules.d/99-steam-controller-perms.rules
  2. There is no such file by default, so the above command will create it. Simply copy the following into it,
    # This rule is needed for basic functionality of the controller in Steam and keyboard/mouse emulation
    SUBSYSTEM=="usb", ATTRS{idVendor}=="28de", MODE="0666"

    # This rule is necessary for gamepad emulation; make sure you replace 'GROUP' with a group that the user that runs Steam belongs to
    KERNEL=="uinput", MODE="0660", GROUP="GROUP", OPTIONS+="static_node=uinput"

    # Valve HID devices over USB hidraw
    KERNEL=="hidraw*", ATTRS{idVendor}=="28de", MODE="0666"

    # Valve HID devices over bluetooth hidraw
    KERNEL=="hidraw*", KERNELS=="*28DE:*", MODE="0666"

    # DualShock 4 over USB hidraw
    KERNEL=="hidraw*", ATTRS{idVendor}=="054c", ATTRS{idProduct}=="05c4", MODE="0666"

    # DualShock 4 wireless adapter over USB hidraw
    KERNEL=="hidraw*", ATTRS{idVendor}=="054c", ATTRS{idProduct}=="0ba0", MODE="0666"

    # DualShock 4 Slim over USB hidraw
    KERNEL=="hidraw*", ATTRS{idVendor}=="054c", ATTRS{idProduct}=="09cc", MODE="0666"

    # DualShock 4 over bluetooth hidraw
    KERNEL=="hidraw*", KERNELS=="*054C:05C4*", MODE="0666"

    # DualShock 4 Slim over bluetooth hidraw
    KERNEL=="hidraw*", KERNELS=="*054C:09CC*", MODE="0666"
    Make sure to replace GROUP with the user's group that will run Steam. In most installations your username and group will be username:username, hence your username will suffice. If in doubt, you can check what groups you belong to simply by,
    groups username
  3. Unplug the controller adapter if it was plugged in.
  4. Re-plug the controller adapter. 
That should be it. Enjoy gaming.

Saturday, January 21, 2017

Install Cura 2.x on Ubuntu 16.04

Cura is a slicer software that prepares your 3D drawings for printing. Installing the latest version on Ubuntu 16.04 was not as easy as downloading the .deb file and installing it from the official site at: https://ultimaker.com/en/products/cura-software.


Cura 2.x running under Ubuntu 16.04

Install from repository

Firstly, since Cura depends on python 3.x, let's get the dependencies first,
sudo apt-get install python3 python3-dev python3-sip
Then add the following repository,
sudo add-apt-repository ppa:thopiekar/cura
Finally, update packages list and install cura.
sudo apt-get update && sudo apt-get install cura
After this you should be able to run cura either with the command cura from the terminal or from searching through dash.
Cura
Launch Cura from Ubuntu dash,

Saturday, January 7, 2017

Send email with PHP and crontab on reboot in Ubuntu

Even with the best VPS services reboots can happen: maintenance, hardware upgrade, kernel upgrade. Most of the time users are warned in advance so that they can prepare for the service outage. However, it can happen that there is a reboot and you did not know about it or simply forgot. 

I just added a small php script to my server to send me an email if it was rebooted. This way I can log in ASAP and restart services that do not start automatically.

Send email via PHP

This assumes that you have php installed on your Ubuntu instance.

A simple php program to send emails can look like this:

<?php
$to = "email@address.com";
$subject = "Reboot";
$txt = '

Hello, your server has been rebooted and services have most likely stopped.
If this reboot was unscheduled please log in to restart services.

Have a nice day!
';


// To send HTML mail, the Content-type header must be set
$headers  = 'MIME-Version: 1.0' . "\r\n";
$headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n";

//More headers
$headers = "From: server@server.com" . "\r\n" .
"CC: ";

mail($to,$subject,$txt,$headers);
?>

It is kind of self-explanatory, but just to explain quickly: 

to: email address of the recipient
subject: subject of the email
text: main body of the email until the final semicolon (;). Note that you can also send html-based emails. To do this, simply used the html codes such as,
$text = '<html>
<head>
</head>
<body>
This is a html <br> message!
</body>
</html>'
headers: sets the message header. You can write any email address in the "from" field.
mail($to,$subject,$txt,$headers); : sends the email with the previously defined variables above.

Create and test

  1. You can save the above in a .php file. (I prefer to have a MyScripts directory in my /home, just to keep everything organized.)
  2. Test if the program is working.
    sudo -u www-data php -f rebootMail.php
    This will call php, as the user "www-data", and launch the specified file. If your web server's default user is not www-data, adjust accordingly.

Note: If you have a web server running, you can run the above php program from your web browser. Simply copy the rebootMail.php into your /var/www (or wherever your web server's / is) and visit serveraddress.com/rebootMail.php. If you have done everything correctly, you should receive an email. Although, in this case the php program can be executed by anyone visiting it's web address.

Auto-launch program on reboot 

This can be done either via crontab or using /etc/rc.local. Let's do it via crontab.
  1. To edit existing cron scheduled tasks (no sudo needed),
    crontab -e
  2. In a new line at the end of the file add,
    @reboot /usr/bin/php /path/to/rebootMail.php
  3. Save changes and exit the nano editor,
    Ctrl + O
    Ctrl + X
Done. If all done correctly, you should now receive an email on every reboot. To make sure everything is well configured, you should reboot your server manually once and confirm that it works.

Note: If your php is not installed in /usr/bin, adjust the path accordingly.