mount on plug of external disk

For the home server we got an external USB powered hard disk for the public file share. Because this disk may not be present when the computer is started up, and may change device name since it is USB attached, I desired a way to mount that specific hard disk when it was plugged in.

The answer was a fairly long but simple udev rule, and a script to do the mounting.

/etc/udev/rules.d/storage.rules

ATTRS{idVendor}=="0bc2", ATTRS{idProduct}=="5031", ATTRS{serial}=="NA0B3DKV", ENV{DEVTYPE}=="partition", ACTION=="add", RUN+="/usr/local/sbin/mount-storage"

/usr/local/sbin/mount-storage

#!/bin/sh
mount -t vfat -o uid=nobody,gid=nogroup,dmask=000,fmask=111 \
 "$DEVNAME" /mnt/store

I found how to write the rule after referring to Writing udev rules and an example of a rule that matches the type of device.

It is still required to unmount the disk before unplugging it, as is the case with any operating system at the moment.

DNS Server basic setup

The objective is to set up a name server on a Ubuntu server that serves some domains to the Internet. The domains being served are too complex to be managed by the provider of the domain name, as a result they are being hosted on a home server on a dynamic IP.

The environment is Ubuntu 10.10 (Maverick Meerkat) Desktop freshly installed and updates done.

In the process of offloading as much DNS responsibility as possible to external services I found that MX and CNAME records clash, so if there are MX records for a domain, then the top of the domain should not have a CNAME record, so I used an A record that points at the yi.org url redirector server, in the future I may actually update the A record dynamically.

Given that, the following is the minimal steps required to configure the name server.

install the name server software:

sudo apt-get install bind9

Set up the zone file, the top level records should include the top level records that are also provided by the external services.
/etc/bind/db.happy.yi.org:

$TTL 604800
@ 3600 IN SOA happy.yi.org. happy.happy.yi.org. (
 2011011601 ; serial
 604800 ; refresh
 86400 ; retry
 2419200 ; expire
 3600 ) ; default ttl
@ 86400 IN NS sunriseyoga.dyndns.org.
@ 3600 IN A 173.203.238.64
@ 86400 IN MX 10 ASPMX.L.GOOGLE.COM.
@ 86400 IN MX 20 ALT1.ASPMX.L.GOOGLE.COM.
www 86400 IN CNAME sunriseyoga.dyndns.org.
vnc 86400 IN CNAME sunriseyoga.dyndns.org.
mail 86400 CNAME ghs.google.com.
pages 86400 CNAME ghs.google.com.
docs 86400 CNAME ghs.google.com.
sites 86400 CNAME ghs.google.com.
site 86400 CNAME ghs.google.com.
app 86400 CNAME ghs.google.com.
blog 86400 CNAME ghs.google.com.
feather-wiki 86400 CNAME ghs.google.com.

tell the name server to load the zone by adding the following line to /etc/bind/named.conf.local:

zone "happy.yi.org" { type master; file "/etc/bind/db.happy.yi.org"; };

reload the name server

sudo /etc/init.d/bind9 reload

now the domain is being served, and will be accessible from the Internet if the NS records point at the server.

If you want to know more, read the Ubuntu BIND9 Server HOWTO.

Public file share

The objective is some basic network attached storage (NAS), or public file share, where any attached computer can create, read, update, and delete any file without authentication. I would not consider this secure, as anyone who can attach to the network can do whatever they want to the file space, however secure is not the objective at this time. Also if a user is accessing the same shared file space locally on the server it should behave the same as if it was being accessed over the network.

The environment is Ubuntu Desktop 10.10 (Maverick Meerkat) freshly installed and updates done.

Given that, the following are the minimal steps and configuration required to achieve the objective.

Make a public file space based on "HowTo: Create shared directory for local users (with bindfs)", this works much better than access control lists can.

install bindfs

sudo apt-get install bindfs

configure the public space to be set up on startup.
/etc/init/bind-public.conf:

description "Remount public with different permissions"

start on stopped mountall

pre-start exec install --owner=nobody --group=nogroup --mode=0777 \
--directory /export/public

exec bindfs -f --owner=nobody --group=nogroup --perms=a=rwD \
--create-for-user=nobody --create-for-group=nogroup \
--create-with-perms=a=rwD --chown-ignore --chgrp-ignore --chmod-ignore \
/export/public /export/public

and make the public space active

sudo initctl start bind-public

Now to make the space available over the network using Samba.

Install samba

sudo apt-get install samba

And here is a minimal Samba configuration to do the job.
/etc/samba/smb.conf:

[global]
       map to guest = Bad User

[public]
       path = /export/public
       guest ok = yes
       read only = no

It is not necessary to restart samba for the changes to take effect.

At this point the objective is achieved for remote connections, and any local methods for accessing the directory.

For restricted access, configure Samba to require a log-on, or only allow particular users to access the public share.

Installing Ubuntu 10.10 and verifying the hard disk in the process

I have a 160GB hard drive with some bad blocks that I wish to install ubuntu onto. The installer does not have an option to verify the disk during formatting, so I needed to boot up the live cd to do that step myself. I had actually gone through the install already on this disk without marking the bad blocks, so there is a damaged file system on the disk due to the bad blocks.

After the initial installation round I have the partition table configured, so I just re-create the root filesystem with “mkfs.ext4 /dev/sda1 -c -V” to get the blank root with all the bad blocks marked.

After making the file system, start the installer and tell it to do manual partitions, then tell it to use the freshly formatted partition as root and to not format it.

The rest of the install proceeds as normal.

Ubuntu 10.10 VNC Login Screen

I figured out how to get a graphical login screen over VNC on Ubuntu 10.10 today. The method that worked before Ubuntu 10.04 stopped working when XDMCP support was removed from gdm (source).

This procedure starts from a fresh install of Ubuntu-Desktop-10.10.

install xdm, vnc4server, and xinetd.

sudo apt-get install xdm vnc4server xinetd

When asked during installation what the default display manager should be, keep the setting as gdm.

Configure xdm to be able to answer XDMCP requests, comment out the following line in /etc/X11/xdm/xdm-config:

! SECURITY: do not listen for XDMCP or Chooser requests
! Comment out this line if you want to manage X terminals with xdm
!DisplayManager.requestPort:    0

Configure XDM to answer XDMCP requests from localhost, and to listen to just localhost by adding the following lines to /etc/X11/xdm/Xaccess:

localhost
LISTEN localhost

Configure XDM to not bring up a physical display by commenting out the following line in /etc/X11/xdm/Xservers:

#:0 local /usr/bin/X :0 vt7 -nolisten tcp

Configure the startup script to allow XDM to start despite gdm taking care of the screen by removing /etc/X11/default-display-manager:

sudo mv /etc/X11/default-display-manager /etc/X11/default-display-manager.disable

Add the VNC port definition to /etc/services if it has not already been added:

vnc 5900/tcp

Configure the VNC incoming port by creating /etc/xinetd.d/vnc:

service vnc
{
        only_from = localhost 192.168.0.0/24
        disable = no
        id = vnc
        socket_type = stream
        protocol = tcp
        wait = no
        user = nobody
        server = /usr/bin/Xvnc4
        server_args = -inetd -query localhost -once -SecurityTypes=None -pn -fp /usr/share/fonts/X11/misc/,/usr/share/fonts/X11/75dpi/,/usr/share/fonts/X11/100dpi/ -desktop Ubuntu
        log_on_failure += USERID
}

In this configuration connections are restricted to the local network (192.168.0.*).

After all these pieces are done, restart the services to load the new configurations:

sudo /etc/init.d/xdm restart
sudo /etc/init.d/xinetd restart

Now you should be able to use VNC to get a login screen.

There is a problem with gnome in this setup where it has a keyboard shortcut assigned to 'd', which can be fixed by going into System -> Preferences -> Keyboard Shortcuts and disabling, or reassigning the "Hide all normal windows and set focus to the desktop" shortcut key (source). This may happen because the default key binding is Mod4+D, and there is no Mod4 modifier key on the VNC connection.

scanbuttond: filtering syslog

In a previous post I started setting up scanner button support on debian, tonight I filtered the messages that appear every two seconds in the log stating that there are no scanners attached.

I opted to just drop all the scanbuttond messages, so I added a file /etc/rsyslogd.d/scanbuttond.conf with the contents

:app-name, equals, "scanbuttond"  ~

and that dropped all the scanbuttond messages.

Another night I will make the buttons do something.

scanner buttons (introduction)

I am lazy when it comes to usage of my scanner, it has buttons on the front, and I expect to be able to scan using those buttons without having the screen on the computer disrupted. This is not the case on my Mac, but is the configuration I have on my Linux laptop. I have also recently found VirtualBox to work nicely enough to play with, so I may be able to set up the scanner in Linux in a box on the Mac.

So far I installed scanbuttond, and see that the scanner is detected and button presses detected.

apt-get install scanbuttond

Later I will look up the rest of the configuration and return to this mini-project.

VNC Login on Ubuntu

I have a laptop running Ubuntu Desktop 9.04, which has been sitting on a shelf getting occasional remote use. I am also in the process of building a replacement home server for the house from a broken laptop, in a hope to replace the current home server with one that uses less power. So, I went about figuring out how to get a gdm login screen over VNC, for remote graphical login.

I found that I needed to use the vnc4server package instead of the other options for vnc servers on the laptop so that the keyboard would translate properly into the remote session.

sudo apt-get install vnc4server

I already knew that I needed to turn on XDMCP, but figuring out how was a little bit of a challenge since each display manager has the option in a different place, and it also changes with versions of the display managers. I eventually found a graphical tool to turn it on under "System -> Administration -> Login Window", in there I just set "Remote -> Style -> Same as Local" and XDMCP was turned on.

Now I needed to have an inetd to launch the vncserver from, on incoming connections.

sudo apt-get install xinetd

and add a vnc service name to /etc/services (if it is not already listed in that file)

vnc 5600/tcp

and add the vnc service to xinetd (/etc/xinetd.d/vnc)

service vnc
{
        only_from = localhost 192.168.0.0/24
        disable = no
        id = vnc
        socket_type = stream
        protocol = tcp
        wait = no
        user = nobody
        server = /usr/bin/Xvnc4
        server_args = -inetd -query localhost -once -SecurityTypes=None -extension XFIXES -pn -fp /usr/share/fonts/X11/misc/,/usr/share/fonts/X11/75dpi/,/usr/share/fonts/X11/100dpi/
        log_on_failure += USERID
}

The long line starting with server_args is server_args = -inetd -query localhost -once -SecurityTypes=None -extension XFIXES -pn -fp /usr/share/fonts/X11/misc/,/usr/share/fonts/X11/75dpi/,/usr/share/fonts/X11/100dpi/, which I could put into a script somewhere to make the line shorter, if I feel the need later.

connections are restricted to the local network only, after restarting xinetd it finally worked.

I will be setting this up again on the server that I am building, and if something is missing I will update it then.