Koozali.org: home of the SME Server
Obsolete Releases => SME 7.x Contribs => Topic started by: Dacky on September 07, 2006, 11:19:00 AM
-
I am trying to figure out how to get the ibays to be web pages for individual users of our sme 7 server. I see hints and examples on the web site, but no clear directions. I cannot download one script mentioned because it is not available (userwebpage or something like that). I figured out how to have a main web site for the whole domain. This is what I want to do:
Allow users to ftp to a file folder for storing files
Allow users to create their own web pages
We are a school and have one domain. It would be nice to give this option to our students for educational purposes. What are the clear steps to allow this to happen?
How to exactly set up an ibay to do these two things.
Thanks.
-
Dacky
> Allow users to ftp to a file folder for storing files
That feature already exists, user home folders
Enable ftp access in server manager then
ftp://username@ftp.yourdomain.com
see also chapter on ibays
You can use that feature in conjunction with this contrib to direct users to a certain folder or ibay
http://mirror.contribs.org/smeserver//contribs/dungog/packages/smeserver/7.0/i386/RPMS.dungog/smeserver-remoteuseraccess-1.2-6.noarch.rpm
> Allow users to create their own web pages
The userwebpage contrib is the way to do this.
I don't know if the contrib that is available works on sme7 yet.
> How to exactly set up an ibay to do these two things.
Setting up ibay to have independant folders for different students could be done but it would be a lot of extra work & maintenance, which is already done with the sme server user controls.
The webshare contrib may also be of interest
http://mirror.contribs.org/smeserver//contribs/dmay/smeserver/7.x/
-
Dacky
This might be what you want, quoting from wherever I got it from.
Mini How to for creating user web space (should work on all versions)
You want to allow your users to have public web space accessable by
http://www.your_domain/~user_name
Download http://khunjarnet.com/downloads/user-web-space/e-smith-user-webspace-0.1-3.noarch.rpm
This rpm by Damien Curtain will install the custom templates.
# rpm -ivh e-smith-user-webspace-0.1-3.noarch.rpm
answer yes to the question
# mkdir /etc/e-smith/skel/user/home/public_html
# pico /etc/e-smith/events/actions/user-create-unix
find the line that says
chmod 0700, "/home/e-smith/files/users/$userName";
and change to
chmod 0755, "/home/e-smith/files/users/$userName";
^x to exit and save
you can put a default index.html in /etc/e-smith/skel/user/home/public_html
that will appear in the users webspace when the user is created
Note: this will only create user webspace for new users. Existing users
will need to be created by hand.
# mkdir /home/e-smith/files/users/$user/home/public_html
# chmod 755 /home/e-smith/files/users/$user
If at any stage you want to disable user webspace
# /sbin/e-smith/config set UserPublicWeb off
# /sbin/e-smith/expand-template /etc/httpd/conf/httpd.conf
# service httpd restart
or to re-enable
# /sbin/e-smith/config set UserPublicWeb on
# /sbin/e-smith/expand-template /etc/httpd/conf/httpd.conf
# service httpd restart
Usual disclaimer: You are responsible for any changes you make to your server.
-
That RPM no longer exists on my website and hasn't for a couple of years. I don't even have a copy of it.
Jon
-
JonB
> That RPM no longer exists on my website...
OK, I found it on pagefault .org, but it won't download from there either.
I have it in my archives, if you want it Dacky, I'll post it somewhere or email it to you, let me know.
-
Ray,
You got me thinking and I found it in a very old backup. I have put it up on my website
http://khunjarnet.com/downloads/user-web-space/
WARNING: This has been not tested on SME7. In fact I have not used it since E-Smith V5. Use at your own risk.
Jon
-
Or see here...
http://mirror.contribs.org/smeserver/contribs/star/mitel/contrib/user-web-space/
-
Thanks, this is what I think we need.
I followed the ancient directions and the following was generated. Is this OK? And did it work? It appears to me that there might be a problem with httpd. If this script could be updated, it would be helpful to schools who want to use SME and allow students to develop skills in web page creation.
The response (sorry for including this, but it might mean something):
You now have the option to enable user web directories.
Would you like to enable User Directories? (y/N): y
WARNING in /etc/e-smith/templates//etc/httpd/conf/httpd.conf/90e-smithAccess50userdir: *WARNING* esmith::config(/home/e-smith/accounts) called with old database path. The following package needs to be updated: at /usr/lib/perl5/site_perl/esmith/config.pm line 374
esmith::config::TIEHASH('esmith::config', '/home/e-smith/accounts') called at /etc/e-smith/templates//etc/httpd/conf/httpd.conf/90e-smithAccess50userdir line 6
eval 'package esmith::__TEMPLATE__::1; ;
#line 1 /etc/e-smith/templates//etc/httpd/conf/httpd.conf/90e-smithAccess50userdir
my %conf;
tie %conf, \'esmith::config\';
my %accounts;
tie %accounts, \'esmith::config\', \'/home/e-smith/accounts\';
my $key;
my $value;
my $result = "";
# Global user dir assignments. Give ~user access
# Turned on/off globally through the var UserPublicWeb
# eg. to turn on run /sbin/e-smith/config set UserPublicWeb on
# to turn off run /sbin/e-smith/config set UserPublicWeb off
if(defined($conf{\'UserPublicWeb\'}) && ($conf{\'UserPublicWeb\'} eq "on"))
{
$result .= "#-------------------------------------------------------\\n";
$result .= "# Alias to enable /user aswell as /~user access\\n";
$result .= "#-------------------------------------------------------\\n";
while (($key,$value) = each %accounts)
{
my ($type, %properties) = split (/\\|/, $value, -1);
if ($type eq \'user\')
{
$result .= "Alias /$key /home/e-smith/files/users/$key/home/public_html\\n";
}
}
$result .= "\\n";
$result .= "#-------------------------------------------------------\\n";
$result .= "#Generic user dir access directive\\n";
$result .= "#-------------------------------------------------------\\n";
$result .= "<Directory /home/e-smith/files/users/*/home/public_html>\\n";
$result .= " AllowOverride FileInfo AuthConfig Limit\\n";
$result .= " Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec\\n";
$result .= " <Limit GET POST OPTIONS PROPFIND>\\n";
$result .= " Order allow,deny\\n";
$result .= " Allow from all\\n";
$result .= " </Limit>\\n";
$result .= " <Limit PUT DELETE PATCH PROPPATCH MKCOL COPY MOVE LOCK UNLOCK>\\n";
$result .= " Order deny,allow\\n";
$result .= " Deny from all\\n";
$result .= " </Limit>\\n";
$result .= "</Directory>\\n";
}
$result;
;' called at /usr/lib/perl5/vendor_perl/5.8.5/Text/Template.pm line 319
Text::Template::fill_in('Text::Template=HASH(0x923e2d8)', 'HASH', 'ARRAY(0x90b9b20)', 'PACKAGE', 'esmith::__TEMPLATE__::1', 'BROKEN', 'CODE(0x9157410)', 'UNTAINT', 1, ...) called at /usr/lib/perl5/vendor_perl/5.8.5/Text/Template.pm line 382
Text::Template::fill_in_file('/etc/e-smith/templates//etc/httpd/conf/httpd.conf/90e-smithAc...', 'HASH', 'ARRAY(0x90b9b20)', 'PACKAGE', 'esmith::__TEMPLATE__::1', 'BROKEN', 'CODE(0x9157410)', 'UNTAINT', 1, ...) called at /usr/lib/perl5/site_perl/esmith/templates.pm line 528
esmith::templates::processTemplate('HASH(0x8e812ec)') called at /sbin/e-smith/expand-template line 45
WARNING: Template processing succeeded for //etc/httpd/conf/httpd.conf: 1 fragment generated warnings
at /sbin/e-smith/expand-template line 45
'httpd' is not a valid service name
-
On first look this...
/home/e-smith/accounts
needs to point to...
/home/e-smith/db/accounts
-
On second look this...
esmith::config
needs to be changed to...
esmith::ConfigDB
as the first is no longer used.
-
Part of the script worked in that a public_html folder did appear in the user's home directory. However, it messed up the httpd.conf file, so I had to reset the template (a nice thing I like about this system). And now I have the server back working. So, part of the rpm works. If anyone is knowledgeable enough to redo this plugin, it would be great for people like us. I don't know how to build an rpm or modify the script well enough to make it work. It certainly could be useful for people. I'll look forward to good news in the future :lol: .
-
it would be easier with a src.rpm or with the spec file...
if anyone has it.
but the answer seem to be NO, regarding what said JonB
-
unnilennium
> it would be easier with a src.rpm or with the spec file...
I have put a request through to Damien Curtain the last packager.
-
unnilennium
> it would be easier with a src.rpm or with the spec file...
I have put a request through to Damien Curtain the last packager.
Or look at his site...
http://www.pagefault.org/download/rpms/SRPMS/e-smith-user-webspace-0.1-3.src.rpm
this is a working link
-
ok i am working on it ...
a little to debug and i am trying to add a little more security to the sme7 release: id est i don't find that chmod 755 a user dir is a good thing... as after every other users will be able to see personal information thanks to the ftp if they are not chroot on their home folder...
what do you think about this.
here is the first SME7 release http://www.pialasse.com/RPMS with the sources
read the txt=> i have automatized some task that you had to do manually with the old version
PS:is there a way to upload the work on a contribs.org directory ?
-
Hi
I have one configurated SME7 server (using to test SEVERAL things: Hylafax &winmodem, YUM, byRequest to my Tivo...) so I can do ANY tests you like.
Just let me know: jader.marasca A_T gmail
Jáder
-
Hi
I have one configurated SME7 server (using to test SEVERAL things: Hylafax &winmodem, YUM, byRequest to my Tivo...) so I can do ANY tests you like.
Just let me know: jader.marasca A_T gmail
Jáder
yes , can you try the rpm I just make :)
This evening i will do a new release that will create the correct html folder for existing users.
change 755 CHMOD of user directory to 701 that is sufficient, and the html folder to 705.
I am searching a way to secure the personal data that are in the username/home directory
-
I am searching a way to secure the personal data that are in the username/home directory
In this section...
$result .= "\\n";
$result .= "#-------------------------------------------------------\\n";
$result .= "#Generic user dir access directive\\n";
$result .= "#-------------------------------------------------------\\n";
$result .= "<Directory /home/e-smith/files/users/*/home/public_html>\\n";
$result .= "SSLRequireSSL on\\n";
$result .= " AllowOverride FileInfo AuthConfig Limit\\n";
$result .= " Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec\\n";
$result .= " <Limit GET POST OPTIONS PROPFIND>\\n";
$result .= " Order allow,deny\\n";
$result .= " Allow from all\\n";
$result .= " </Limit>\\n";
$result .= " <Limit PUT DELETE PATCH PROPPATCH MKCOL COPY MOVE LOCK UNLOCK>\\n";
$result .= " Order deny,allow\\n";
$result .= " Deny from all\\n";
$result .= " </Limit>\\n";
$result .= "</Directory>\\n";
Why not add an SSLRequireSSL see in red, not sure it's in right place as I've not had a chance to test.
-
I´m serious... I have a spare server... for a couple of days... so just point me to the tgz/rpm file and I´ll try it to you.
(I can also build an RPM... already have done this ONCE before and I´m a brave soul!)
Jáder
-
here is the first SME7 release http://www.pialasse.com/RPMS with the sources
read the txt=> i have automatized some task that you had to do manually with the old version
Jader it's in his post already as an rpm.
PS:is there a way to upload the work on a contribs.org directory ?
Send an email to staff
-
$result .= "SSLRequireSSL on\\n";
Why not add an SSLRequireSSL see in red, not sure it's in right place as I've not had a chance to test.
it could be another good thing to add, but that's not what i was meaning.
in fact with the configuration that i found in the initial rpm : all the users directory are chmod to 755 and keep chown "user":"user" =>so all the users will be able to see what is in the directory of the others, (unable to write, but able to steal personal information)
so there's two solutions
1- changing the spot of the public_html folder
2- chown every users folder to user:www with chmod 710 and ~/public_html chmod to 770
I think the second solution is good , any ither suggestions ?
-
hello ,
finally a new release:
now the only thing to do is to put your HTML into the public folder to view your personnal webpages.
http://www.pialasse.com/RPMS/smeserver-user-webspace-0.1-5.SME7.noarch.rpm
Changes from 0.1-4:
all old users have a new public_html folder (if does not already exist) all rights are given to folders for apache work.
known issues:
http://server/~user is accessible for new users , but http://server/user need an expand-template /etc/httpd/conf/httpd.conf; service httpd-e-smith restart to be accessible.
__________________________________________________________
As now the discussion is about a contrib I suggest YOU to continue here :
http://forums.contribs.org/index.php?topic=33660.msg143772#msg143772
-
Thanks for the hard work. I got this to work on my older server. I am now setting up one for our school for the real thing.
Problem: If a person copies a file over from the desktop to the public_html folder in their ftp folder, and then someone tries to access, there is a "Forbidden" message. It is a permission thing. The file uploaded reads -rw-rw----. I know how to change the permission of this (755) and then it works, but all my students will not nor will they have shell access to their folders. Any idea of an easy way to make sure all files uploaded will be 755 or at least readable? Or another way to get around the permission thing? I don't want to chmod every file for every user! The user owns the public_html folder.
-
need to release a fix, but not enough time to test it for the moment...
it seems that i have secured a little more that i should...
-
I've done some searching in past forums and found that this was a problem a few years ago. It appears to be a permission problem either in samba or ftp. As the files are uploaded into the public_html folder, they are rw-rw---, and therefore unaccessible to people. Some options I came across:
1. Have an automated script change the permissions of the folders every 5 minutes. I could not find this script on the linked website.
2. The default permissions for files created via Samba should be directory 755 and file 644. This can be changed in /etc/e-smith/templates-custom/etc/smb.conf/50homes.
3. Change proftp.conf file to include
AllowOverwrite on
Umask 022
I have not worked with these programs too much so don't know the scripts. I have not tried any of these yet. Do any of these options sound reasonable? Can the best option be incorporated into the automated script?
-
i was thinking about the cron job solution : i can post you a script this evening (europe time)
JP
-
here is it:
past e this code in a file
ls -1 /home/e-smith/files/users/ >/tmp/listeusers
cat /tmp/listeusers|while read line
do
if [ "admin" != "$line" ]
then
chown -R $line:www /home/e-smith/files/users/$line/home/public_html
chmod -R 2770 /home/e-smith/files/users/$line/home/public_html
fi
done
then add a cron job that call this script every 10 or 30 minutes
-
Thanks,
This is coming along nice now. One more icing on the cake. How do I enable dynamic web pages with php? I can't seem to get a php script to work on a web page. Looking at the httpd.conf file, I am trying to figure this out. I came up with a template script but can't get it to cooperate (first attempt at something this complicated). I am basing this on what I saw in an ibay I created that has dynamic enabled. This would be something like 94UserWebPhp in the httpd.conf in the template-custom. I suspect the error is in the first part:
{
use esmith::AccountsDB;
my $accounts = esmith::AccountsDB->open_ro();
foreach my $accounts
{
$OUT .= "\n<Directory /home/e-smith/files/users/" . $accounts . "/home/public_html>\n";
$OUT .= " AddType application/x-httpd-php .php .php3 .phtml\n";
$OUT .= " AddType application/x-httpd-php-source .phps\n";
$OUT .= " php_admin_value open_basedir /home/e-smith/files/users/" . $accounts . $
$OUT .= " Options None\n";
$OUT .= " Options +Indexes\n";
$OUT .= " Options +Includes\n";
$OUT .= " AllowOverride None\n";
$OUT .= " order deny,allow\n";
$OUT .= " deny from all\n";
$OUT .= " allow from all\n";
$OUT .= " </Directory>\n";
}
}
-
I figured out the following script that let my php linked page appear. I made this a template for /etc/httpd/conf/httpd.conf.
94UserWebPhp
{
use esmith::AccountsDB;
$OUT = "";
my $accounts = esmith::AccountsDB->open;
my @users = $accounts->users;
foreach my $user (@users)
{
$OUT .= "\n<Directory /home/e-smith/files/users/".$user->key."/$
$OUT .= " AddType application/x-httpd-php .php .php3 .phtml\$
$OUT .= " AddType application/x-httpd-php-source .phps\n";
# Set the sandbox within which PHP is confined to play
my $basedir = $user->prop('PHPBaseDir')
|| ("/home/e-smith/files/users/" . $user->key . "/");
$OUT .= " php_admin_value open_basedir $basedir\n";
$OUT .= "</Directory>\n";
}
}
-
Hi,
I'm completely dumb about linux, so as minor as the task looks, for me its something completely new. So please bare with me.
I've successfully :
installed the rpm,
created a user,
upload website via ftp
change th chmod via command line
# chown -R rqb:www /home/e-smith/files/users/rqb/home/public_html
# chmod -R 2770 /home/e-smith/files/users/rqb/home/public_html
now I want too to enable php, just like ibays do?
So could you explain step by step how to do it?
Cheers
Tiago Janz
-
As now the discussion is about a contrib I suggest YOU to continue here :
http://forums.contribs.org/index.php?topic=33660.msg143772#msg143772
I have moved this topic into the Contribs forum for you. Thanks!
-
Taigo,
Use the template I posted a few days ago. It works for me.
From terminal as root I did this (on one line):
pico /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/94UserWebPhp
Then in the window I entered this:
{
use esmith::AccountsDB;
$OUT = "";
my $accounts = esmith::AccountsDB->open;
my @users = $accounts->users;
foreach my $user (@users)
{
$OUT .= "\n<Directory /home/e-smith/files/users/".$user->key."/$
$OUT .= " AddType application/x-httpd-php .php .php3 .phtml\$
$OUT .= " AddType application/x-httpd-php-source .phps\n";
# Set the sandbox within which PHP is confined to play
my $basedir = $user->prop('PHPBaseDir')
|| ("/home/e-smith/files/users/" . $user->key . "/");
$OUT .= " php_admin_value open_basedir $basedir\n";
$OUT .= "</Directory>\n";
}
}
Then I saved (control x)
Then I typed expand-template /etc/httpd/conf/httpd.conf
Then I typed service httpd-e-smith restart
This will put a couple of lines in your httpd.conf for each user. I hope it works for you also.
-
Dacky,
That was the kinda of a response I was expecting of.
I haven't tried it yet, but a million thanks for the swift reply.
Cheers
Tiago Janz
-
Hi Dacky,
When I try to do the expand the script yield lots of syntax warnings.
Wasn't anything chopped when published?
Cheers
Tiago Janz
-
Gotcha
This was my exact steps to go on
pico /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/94UserWebPhp
{
use esmith::AccountsDB;
$OUT = "";
my $accounts = esmith::AccountsDB->open;
my @users = $accounts->users;
foreach my $user (@users)
{
$OUT .= "\n<Directory /home/e-smith/files/users/".$user->key;
$OUT .= "/home/public_html>\n";
$OUT .= " AddType application/x-httpd-php";
$OUT .= " .php .php3 .phtml\n";
$OUT .= " AddType application/x-httpd-php-source .phps\n";
# Set the sandbox within which PHP is confined to play
my $tmppath = "/home/e-smith/files/users/";
$tmppath .= $user->key . "/";
my $basedir = $user->prop('PHPBaseDir') || ($tmppath);
$OUT .= " php_admin_value open_basedir $basedir\n";
$OUT .= "</Directory>\n";
}
}
ctrl+x
tab to confirm
expand-template /etc/httpd/conf/httpd.conf
service httpd-e-smith restart
And it did work out
-
here is a nice work; i will have to publish a new release with this great steps.
-
Im learning about sme and perl scripts, I'm doing a script to do all these mambo jambo and gets trigged when a user is added. But I have some compile errors. If any one wants to help me Ill post the script.
Cheers
Tiago
-
# service httpd restart
should be
# svc -t /service/httpd-e-smith
-
unnilennium,
Thanks very much for your update on this contrib! It was just what I was looking for.
I see the discussion of enabling PHP for regular users. I am not completely up to speed on PHP security issues, but I would urge caution enabling CGI for just anyone... Maybe someone more versed in PHP security could comment on this?
I took a few notes as I was testing this out and I posted them on my web site primarily for my own benefit, but it might help others...
http://www.sonoracomm.com/index.php?option=com_content&task=view&id=146&Itemid=32
Thanks again,
G