=== modified file 'libs/global.ent'
--- libs/global.ent 2012-02-05 15:25:11 +0000
+++ libs/global.ent 2012-03-11 17:20:25 +0000
@@ -6,15 +6,29 @@
+<<<<<<< TREE
+=======
+
+
+
+>>>>>>> MERGE-SOURCE
+<<<<<<< TREE
+=======
+
+
+
+
+
+>>>>>>> MERGE-SOURCE
=== modified file 'libs/legalnotice.xml'
--- libs/legalnotice.xml 2012-02-05 15:25:11 +0000
+++ libs/legalnotice.xml 2012-03-11 17:20:25 +0000
@@ -19,8 +19,13 @@
+<<<<<<< TREE
2012
Contributors to the document
+=======
+ 2012
+ &canonical-name; and members of the Ubuntu Documentation Project
+>>>>>>> MERGE-SOURCE
The Ubuntu Documentation Project
=== modified file 'libs/ubuntu-banner.xsl'
--- libs/ubuntu-banner.xsl 2011-10-17 19:52:54 +0000
+++ libs/ubuntu-banner.xsl 2012-03-11 17:20:25 +0000
@@ -52,7 +52,7 @@
Ubuntu Documentation
>
-
Ubuntu 11.10
+
Ubuntu 12.04
>
=== modified file 'serverguide/C/backups.xml'
--- serverguide/C/backups.xml 2011-09-10 20:50:34 +0000
+++ serverguide/C/backups.xml 2012-03-11 17:20:25 +0000
@@ -349,6 +349,12 @@
copies of an entire file system.
+
+
+ rsync:
+ a flexible utility used to create incremental copies of files.
+
+
=== modified file 'serverguide/C/file-server.xml'
--- serverguide/C/file-server.xml 2012-03-09 23:38:34 +0000
+++ serverguide/C/file-server.xml 2012-03-11 17:20:25 +0000
@@ -22,12 +22,21 @@
FTP Server
- File Transfer Protocol (FTP) is a TCP protocol for uploading and downloading
- files between computers. FTP works on a client/server model. The server component is
- called an FTP daemon. It continuously listens for FTP requests
- from remote clients. When a request is received, it manages the login and sets up
- the connection. For the duration of the session it executes any of commands sent by
- the FTP client.
+ File Transfer Protocol (FTP) is a TCP protocol for
+ downloading files between computers. In the past, it has
+ also been used for uploading but, as that method does not
+ use encryption, user credentials as well as data transferred
+ in the clear and are easily intercepted. So if you are here
+ looking for a way to upload and download files securely, see
+ the section on OpenSSH in instead.
+
+
+ FTP works on a client/server model. The server component is
+ called an FTP daemon. It continuously
+ listens for FTP requests from remote clients. When a request
+ is received, it manages the login and sets up the
+ connection. For the duration of the session it executes any
+ of commands sent by the FTP client.
Access to an FTP server can be managed in two ways:
@@ -41,24 +50,30 @@
- In the Anonymous mode, remote clients can access the FTP server by using the
- default user account called "anonymous" or "ftp" and
- sending an email address as the password. In the Authenticated mode a user must
- have an account and a password. User access to the FTP server directories and files is
- dependent on the permissions defined for the account used at login. As a general
- rule, the FTP daemon will hide the root directory of the FTP server and change it to
- the FTP Home directory. This hides the rest of the file system from remote
- sessions.
+ In the Anonymous mode, remote clients can access the FTP
+ server by using the default user account called
+ "anonymous" or "ftp" and sending an
+ email address as the password. In the Authenticated mode a
+ user must have an account and a password. This latter
+ choice is very insecure and should not be used except in
+ special circumstances. If you are looking to transfer files
+ securely see SFTP in the section on OpenSSH-Server. User
+ access to the FTP server directories and files is dependent
+ on the permissions defined for the account used at login. As
+ a general rule, the FTP daemon will hide the root directory
+ of the FTP server and change it to the FTP Home
+ directory. This hides the rest of the file system from
+ remote sessions.
vsftpd - FTP Server Installation
- vsftpd is an FTP daemon available in
- Ubuntu. It is easy to install, set up, and
- maintain. To install vsftpd you
- can run the following command:
+ vsftpd is an FTP daemon
+ available in Ubuntu. It is easy to install, set up, and
+ maintain. To install vsftpd
+ you can run the following command:
@@ -204,12 +219,20 @@
- FTP can also be encrypted using FTPS. Different from SFTP,
- FTPS is FTP over Secure Socket Layer (SSL). SFTP is a FTP
- like session over an encrypted SSH connection. A major difference is that users
- of SFTP need to have a shell account on the system, instead of a
- nologin shell. Providing all users with a shell may not be ideal for some
- environments, such as a shared web host.
+ FTP can also be encrypted using
+ FTPS. Different from
+ SFTP, FTPS
+ is FTP over Secure Socket Layer (SSL).
+ SFTP is a FTP like session over
+ an encrypted SSH connection. A
+ major difference is that users of SFTP need to have
+ a shell account on the system,
+ instead of a nologin shell.
+ Providing all users with a shell may not be ideal
+ for some environments, such as a shared web host.
+ However, it is possible to restrict such accounts to
+ only SFTP and disable shell interaction. See the
+ section on OpenSSH-Server for more.
@@ -303,9 +326,14 @@
-
- The CodeGurus article
- FTPS vs. SFTP: What to Choose has useful information contrasting FTPS and SFTP.
+ See Stop
+ Using FTP! How to Transfer Files
+ Securely and Why
+ You Need to Stop Using FTP for a
+ discussion of the shortcomings of FTP
+ and what the real alternatives are.
=== modified file 'serverguide/C/network-config.xml'
--- serverguide/C/network-config.xml 2011-08-23 17:23:39 +0000
+++ serverguide/C/network-config.xml 2012-03-11 17:20:25 +0000
@@ -1014,7 +1014,7 @@
- Time Synchronisation with NTP
+ Time Synchronisation (NTP)
NTP is a TCP/IP protocol for synchronising time over a network. Basically a client requests the current time from a server, and uses it to set its own clock.
@@ -1022,14 +1022,17 @@
Behind this simple description, there is a lot of complexity - there are tiers of NTP servers, with the tier one NTP servers connected to atomic clocks, and tier two and three servers spreading the load of actually handling requests across the Internet. Also the client software is a lot more complex than you might think - it has to factor out communication delays, and adjust the time in a way that does not upset all the other processes that run on the server. But luckily all that complexity is hidden from you!
-Ubuntu uses ntpdate and ntpd.
+Ubuntu uses ntpdate and ntpd.
ntpdate
-Ubuntu comes with ntpdate as standard, and will run it once at boot time to set up your time according to Ubuntu's NTP server.
-
+ Ubuntu comes with ntpdate as
+ standard, and will run it once at boot time when the network
+ interfaces are brought up to set up your time according to
+ Ubuntu's NTP server.
+
ntpdate -s ntp.ubuntu.com
@@ -1038,8 +1041,11 @@
ntpd
- The ntp daemon ntpd calculates the drift of your system clock and continuously adjusts it, so there are no large corrections that could
- lead to inconsistent logs for instance. The cost is a little processing power and memory, but for a modern server this is negligible.
+ The ntp daemon ntpd calculates the drift
+ of your system clock and continuously adjusts it, so there are no
+ large corrections that could lead to inconsistent logs for
+ instance. The cost is a little processing power and memory, but for
+ a modern server this is negligible.
@@ -1082,7 +1088,7 @@
View status
- Use ntpq to see to see more info:
+ Use ntpq to see to see more info:
# sudo ntpq -p
=== modified file 'serverguide/C/remote-administration.xml'
--- serverguide/C/remote-administration.xml 2011-10-10 23:18:17 +0000
+++ serverguide/C/remote-administration.xml 2012-03-11 17:20:25 +0000
@@ -16,7 +16,7 @@
one of the most popular OpenSSH, and one of the most growing usage Puppet .
- OpenSSH Server
+ OpenSSH Server (SFTP/SSH)
Introduction
@@ -27,13 +27,18 @@
application and how to change them on your Ubuntu system.
- OpenSSH is a freely available version of the Secure Shell (SSH) protocol family of
- tools for remotely controlling a computer or transferring files between computers.
- Traditional tools used to accomplish these functions, such as
- telnet or rcp, are insecure
- and transmit the user's password in cleartext when used. OpenSSH provides a server
- daemon and client tools to facilitate secure, encrypted remote control and file
- transfer operations, effectively replacing the legacy tools.
+ OpenSSH is a freely available version of the Secure Shell
+ (SSH) protocol family of tools for remotely controlling a
+ computer or transferring files between computers. SSH has
+ largely replaced older, outdated tools, such as
+ telnet,
+ rcp, and
+ ftp which are insecure and
+ transmit the user's password in cleartext when
+ used. OpenSSH provides a server daemon and client tools to
+ facilitate secure, encrypted remote control and file
+ transfer operations, effectively replacing the legacy
+ tools.
The OpenSSH server component, sshd, listens
@@ -46,20 +51,23 @@
OpenSSH server daemon initiates a secure copy of files between the server and
client after authentication. OpenSSH can use many authentication methods, including plain password, public key, and Kerberos tickets.
+
+ The SSH File Transfer Protocol (SFTP) is a binary
+ protocol desgined from the beginning to be as secure as
+ possible for both login and data transfer. For secure
+ file transfer, nothing more is needed than to have
+ OpenSSH-Server up and running.
+
+
+
Installation
- Installation of the OpenSSH client and server applications is simple. To install the
- OpenSSH client applications on your Ubuntu system, use this command at a terminal
- prompt:
-
-
-sudo apt-get install openssh-client
-
-
- To install the OpenSSH server application, and related support files, use this command
- at a terminal prompt:
+ Installation of the OpenSSH server application is simple, the
+ client is already installed by default. To install the
+ OpenSSH server application, and related support files, use
+ this command at a terminal prompt:
sudo apt-get install openssh-server
@@ -69,14 +77,19 @@
install during the Server Edition installation process.
+
Configuration
- You may configure the default behavior of the OpenSSH server application,
- sshd, by editing the file
- /etc/ssh/sshd_config. For information about the configuration
- directives used in this file, you may view the appropriate manual page with the
- following command, issued at a terminal prompt:
+ By default only the OpenSSH client
+ installed. SFTP is part of that by default and needs no
+ further configuration to use. You may configure the
+ default behavior of the OpenSSH server,
+ sshd, by editing the file
+ /etc/ssh/sshd_config. For information
+ about the configuration directives used in this file, you
+ may view the manual page with the following
+ command, issued at a terminal prompt:
man sshd_config
@@ -101,30 +114,44 @@
sudo chmod a-w /etc/ssh/sshd_config.original
- The following are examples of configuration directives you may change:
+ The following are examples of configuration directives you
+ may change in /etc/ssh/sshd_config.
+ See the manual page for sshd_config
+ for details on all the configuration directives.
-
-
- To set your OpenSSH to listen on TCP port 2222 instead of the default TCP port
- 22, change the Port directive as such:
-
-
- Port 2222
-
+
+
+ To set your OpenSSH to listen on TCP port 2222 instead
+ of the default TCP port 22, change the Port directive
+ as such:
+
+
+Port 2222
+
+
+
+
+ To prevent remote root login:
+
+
+PermitRootLogin no
+
- To have sshd allow public key-based login credentials,
- simply add or modify the line:
+ To have sshd allow public
+ key-based login credentials and disable password logins,
+ simply add or modify the lines:
-
- PubkeyAuthentication yes
-
+
+PubkeyAuthentication yes
+PasswordAuthentication no
+
- In the /etc/ssh/sshd_config file, or if already present,
- ensure the line is not commented out.
-
+ Be sure that keys are working before disabling passowrd logins, otherwise you risk locking yourself out.
+
+
@@ -132,34 +159,55 @@
/etc/issue.net file as a pre-login
banner, simply add or modify the line:
-
- Banner /etc/issue.net
-
-
- In the /etc/ssh/sshd_config file.
-
+
+Banner /etc/issue.net
+
+
+
+
+ To restrict members of the group "webmasters" to using
+ SFTP only and disallow shell access, add the following.
+ Be careful not to lock yourself out at the same time.
+
+
+Subsystem sftp internal-sftp
+
+Match Group webmasters
+ ForceCommand internal-sftp
+
- After making changes to the /etc/ssh/sshd_config file, save
- the file, and restart the sshd server application to
- effect the changes using the following command at a terminal prompt:
+ After making changes to the
+ /etc/ssh/sshd_config file, save the
+ file, and restart the sshd
+ server application to effect the changes using the
+ following upstart command at a terminal prompt:
-sudo /etc/init.d/ssh restart
+
+sudo restart ssh
+
- Many other configuration directives for sshd are
- available for changing the server application's behavior to fit your needs.
- Be advised, however, if your only method of access to a server is
- ssh, and you make a mistake in configuring
- sshd via the
- /etc/ssh/sshd_config file, you may find you
- are locked out of the server upon restarting it, or that the
- sshd server refuses to start due to an incorrect
- configuration directive, so be extra careful when editing this file on a
- remote server.
+ Many other configuration directives for
+ sshd are available for
+ changing the server application's behavior to fit
+ your needs. See the manual page for
+ sshd_config for the details.
+ Be advised, however, if your only method of access
+ to a server is ssh, and
+ you make a mistake in configuring
+ sshd via the
+ /etc/ssh/sshd_config file, you
+ may find you are locked out of the server upon
+ restarting it, or that the
+ sshd server refuses to
+ start due to an incorrect configuration directive,
+ so be extra careful when editing this file on a
+ remote server.
@@ -217,6 +265,11 @@
Advanced OpenSSH Wiki Page
+
+
+ Wikibook on OpenSSH
+
+
=== modified file 'serverguide/C/web-servers.xml'
--- serverguide/C/web-servers.xml 2011-09-10 19:21:23 +0000
+++ serverguide/C/web-servers.xml 2012-03-11 17:20:25 +0000
@@ -16,20 +16,25 @@
responses along with optional data contents, which usually are Web
pages such as HTML documents and linked objects (images, etc.).
- HTTPD - Apache2 Web Server
- Apache is the most commonly used Web Server on Linux systems. Web Servers are used
- to serve Web Pages requested by client computers. Clients typically request and view
- Web Pages using Web Browser applications such as Firefox,
- Opera, or Mozilla.
+ Apache2 Web Server (HTTP/HTTPS)
+ Apache is the most commonly used Web Server on the net
+ since its introduction in 1995. Web Servers are used to serve
+ Web Pages requested by client computers. Clients typically
+ request and view Web Pages using Web Browser applications such
+ as Firefox,
+ Opera,
+ Chromium, or
+ Mozilla.
Users enter a Uniform Resource Locator (URL) to point to a Web server by means of
its Fully Qualified Domain Name (FQDN) and a path to the required resource. For example, to view the home page of
the Ubuntu Web site a user will enter only the FQDN. To request specific information about
paid
support, a user will enter the FQDN followed by a path.
- The most common protocol used to transfer Web pages is the Hyper Text Transfer
- Protocol (HTTP). Protocols such as Hyper Text Transfer Protocol over Secure Sockets Layer (HTTPS), and
- File Transfer Protocol (FTP), a protocol for uploading and downloading files, are also
- supported.
+ The most common protocol used to transfer Web pages is the
+ Hyper Text Transfer Protocol (HTTP). Protocols such as Hyper
+ Text Transfer Protocol over Transport Layer Security (HTTPS),
+ and File Transfer Protocol (FTP), a protocol for uploading and
+ downloading files, are also supported.
Apache Web Servers are often used in combination with the MySQL
database engine, the HyperText Preprocessor (PHP)
scripting language, and other popular scripting languages such as
@@ -69,8 +74,11 @@
- apache2.conf: the main Apache2 configuration file. Contains settings that
- are global to Apache2.
+ apache2.conf: the main Apache2
+ configuration file. Contains settings that are
+ global to Apache2. Other settings go
+ in the configuration files for the corresponding virtual
+ hosts. See sites-available below.
@@ -406,9 +414,12 @@
- IncludesNOEXEC - Allow server-side includes,
- but disable the #exec and #include
- commands in CGI scripts.
+ IncludesNOEXEC -
+ Allow server-side includes, but disable the
+ #exec and
+ #include commands in CGI
+ scripts. It is useful for standardized headers,
+ footers and menus.
@@ -471,7 +482,7 @@
User - The User directive sets the userid used by the server to answer requests. This
setting determines the server's access. Any files inaccessible to this user will also be inaccessible to your website's visitors.
- The default value for User is www-data.
+ The default value for User is "www-data".
@@ -481,8 +492,11 @@
- The Group directive is similar to the User directive. Group sets the group under which the server will answer requests.
- The default group is also www-data.
+
+ Group - The Group
+ directive is similar to the User directive. Group sets the
+ group under which the server will answer requests. The
+ default group is also "www-data".
@@ -612,7 +626,22 @@
You can access the secure server pages by typing
https://your_hostname/url/ in your browser address bar.
-
+
+
+ Sharing Write Permission
+ For more than one user to be able to write to the same directory it will be necessary to grant write permission to a group they share in common. The following example grants shared write permission to /var/www to the group "webmasters".
+
+
+
+sudo chgrp -R webmasters /var/www
+sudo find /var/www -type d -exec chmod g=rwxs "{}" \;
+sudo find /var/www -type f -exec chmod g=rws "{}" \;
+
+
+
+ If access must be granted to more than one group per directory, enable Access Control Lists (ACLs).
+
+
References
@@ -639,8 +668,12 @@
- For Ubuntu specific Apache2 questions, ask in the #ubuntu-server IRC channel on
- freenode.net.
+ For Ubuntu specific Apache2 questions, ask in the
+ #ubuntu-server IRC channel on freenode.net or in the
+ Server
+ Platforms subforum on Ubuntu Forums.
@@ -667,7 +700,9 @@
Installation
- The PHP5 is available in Ubuntu Linux.
+ The PHP5 is available in Ubuntu Linux. Unlike python and
+ perl, which are installed in the base system, PHP must be added.
+
To install PHP5 you
=== modified file 'serverguide/C/windows-networking.xml'
--- serverguide/C/windows-networking.xml 2012-03-09 23:38:34 +0000
+++ serverguide/C/windows-networking.xml 2012-03-11 17:20:25 +0000
@@ -67,7 +67,7 @@
- Samba File Server
+ Samba File Server (SMB/CIFS)
One of the most common ways to network Ubuntu and Windows computers is to configure Samba as a File Server. This section