Virtual Apache/FTP Hosting with forced FTP over SSL in Ubuntu 10.04

This solution will provide a virtual hosting solution using Virtual Name-Based Apache, and vsftpd with virtual users
and forced SSL Connections.

EDIT: I changed the VSFTPD daemon to run as www-data instead so the virtual directories could be written to by apache.

First, we must install the necessary packages:

apt-get update
apt-get install vsftpd mysql-server apache2 libpam-mysql

(Optional packages for a full LAMP stack – php5 php5-mysql)

Then, we create a self-signed SSL Cert for the VSFTPD connections. You may use other signed certs, this is just a basis.

 openssl req -x509 -nodes -days 365 -newkey rsa:1024 -keyout /etc/ssl/private/vsftpd.pem -out /etc/ssl/private/vsftpd.pem

Next we create the authentication table for the virtual users. Be sure to change the vsftpdpassword:

 mysql -u root -p

CREATE DATABASE vsftpd;
GRANT SELECT ON vsftpd.* TO 'vsftpd'@'localhost' IDENTIFIED BY 'vsftpdpassword';
FLUSH PRIVILEGES;
USE vsftpd;
CREATE TABLE `accounts` (
`id` INT NOT NULL AUTO_INCREMENT PRIMARY KEY ,
`username` VARCHAR( 30 ) NOT NULL ,
`pass` VARCHAR( 50 ) NOT NULL ,
UNIQUE ( `username` )
) ENGINE = MYISAM ;
exit;

Next, we back up the original vsftpd config, and create our own:

 cp -v /etc/vsftpd.conf /etc/vsftpd.conf-orig
cat /dev/null > /etc/vsftpd/vsftpd.conf
vi /etc/vsftpd.conf

Copy and paste this into VIM (or your favorite editor):

 # VSFTPD Configuration
listen=YES
anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
nopriv_user=vsftpd
chroot_local_user=YES
secure_chroot_dir=/var/run/vsftpd
pam_service_name=vsftpd
rsa_cert_file=/etc/ssl/certs/vsftpd.pem
guest_enable=YES
guest_username=www-data
local_root=/home/vsftpd/$USER
user_sub_token=$USER
virtual_use_local_privs=YES

# Only necessary if you want to do per-user configs
#user_config_dir=/etc/vsftpd_user_conf

# SSL Related paramaters
ssl_enable=YES
allow_anon_ssl=NO
force_local_data_ssl=YES
force_local_logins_ssl=YES
ssl_tlsv1=YES
ssl_sslv2=NO
ssl_sslv3=NO

# This option specifies the location of the RSA certificate to use for SSL
# encrypted connections.
rsa_cert_file=/etc/ssl/private/vsftpd.pem

Next we configure PAM to authenticate virtual FTP users against the MySQL Database:

cp /etc/pam.d/vsftpd /etc/pam.d/vsftpd-orig
cat /dev/null > /etc/pam.d/vsftpd
vi /etc/pam.d/vsftpd

Paste the following, making sure to change the ftpdpass

 auth required pam_mysql.so user=vsftpd passwd=ftpdpass host=localhost db=vsftpd table=accounts usercolumn=username passwdcolumn=pass crypt=2
account required pam_mysql.so user=vsftpd passwd=ftpdpass host=localhost db=vsftpd table=accounts usercolumn=username passwdcolumn=pass crypt=2

And it’s all set up! I’ve attached a handy Perl script to make provisioning users much easier. It takes 2 arguments when run:

First, the site name. This is the ROOT domain name, without www or anything (example.com)
Second, the FTP User password

So running the script would look like this: ./provision.pl example.com password

The ftp login information would then be:
Server: example.com
Username: example.com
Password: password

Akonadi and Google Calendar Kubuntu 9.10

So been wanting a way to edit my google calendar from Korganizer.  And here’s how:

sudo apt-get install libgcal-dev libcurl4-openssl-dev libxml2-dev ca-certificates kde-devel kdepimlibs-dev xsltproc

wget http://libgcal.googlecode.com/files/akonadi-googledata-1.0.1.tar.bz2

tar xvf akonadi-googledata-1.0.1.tar.bz2

cd cmake

cmake ..

make

sudo make install

echo "export LD_LIBRARY_PATH=/usr/local/lib:$LD_LIBRARY_PATH" >> ~/.bashrc

source ~/.bashrc

cd calendar

sudo make install

Push alt-f2, search for akonadi, and run akonadi-tray

Right clidk the taskbar icon, and select start akonadi server.

I had to right click on the icon in the taskbar, and configure the server with my own mysql details.  I suggest going there, clicking on the server configuration, and hitting the test button to make sure you don’t have any errors.

On the resource configuration tab of the Akonadi configuration, select add, and select google calendar resource.

You must add your google account infor (I was able to sync Apps for your Domain just by putting in my full email address. By the popup, if you have just a google account, they will [email protected])

Open up Kontact (or korganizer), right-click in the resource section, add resource, and select akonadi resource.  Then you can select the gcal resource, sync, and you’re good to go!

Edit – I also had to remove the std.ics from the akonadi resource list in order for it to save to googlecal, but after I did that I had 2-way sync capabilities to google calendar

New Admin user in Kubuntu Karmic Koala

So the other day I was in IRC and someone had brought up a problem where they created a new Administrative user, but didn’t have rights to use ‘sudo’.  Looked into the problem a little bit to figure out what was wrong, and it turns out that when you create a new user through the user manager (in kubuntu, anyways.  Haven’t tested in Gnome.) the user gets added to the adm group, however, a quick look at the sudoers file shows that it’s looking for users in the admin group to allow the use of sudo.  So, to solve the problem we do the following:

If you’re on the new admin user (which I’m assuming you are) use the following commands:

su [insert username of old account without brackets]

sudo usermod -G admin [username of new admin account without brackets]

exit

Then simply logout, and then log back in (not always necessary, but the easiest way to flush the permissions.)

su [insert username of old account without brackets]

Means we’re going to Switch User to the “old” admin account

sudo usermod -G admin [username of new admin account without brackets]

This simply adds the admin group to the secondary group list for the new user

exit

Pretty self explanatory