Notes for setup vsftpd on Ubuntu server

Reflection of the process, install vsftpd and assign the user group/folder

Need to properly add the user and the user group as well as user’s directory

User directory chown and chmod need to be correct

Properly setup the passive forward and passive ports

The firewall issue

The certificate and key issue (in the example it’s the same PEM file...)

Possible routine for the FTP

  1. Install server
  2. Add user
  3. Change user password
  4. Change user directory
  5. Change user group
  6. Change directory ownership
  7. Set passive mode
    pasv_enable=Yes
    pasv_max_port=10091
    pasv_min_port=10091
  8. Set firewall to open 21 and 10091
  9. Generate the certificate and key, .conf correct setup
  10. FTP set to require explicit FTP over TLS

 

Use TLS / SSL to secure the connection

http://wiki.vpslink.com/Configuring_vsftpd_for_secure_connections_%28TLS/SSL/SFTP%29#Generate_a_Certificate

[root@vps] openssl req -x509 -nodes -days 365 -newkey rsa:1024 \
-keyout /etc/vsftpd/vsftpd.pem \
-out /etc/vsftpd/vsftpd.pem

To configure vsftpd you edit the file /etc/vsftpd/vsftpd.conf and add the following lines:

ssl_enable=YES
allow_anon_ssl=NO
force_local_data_ssl=NO
force_local_logins_ssl=NO
ssl_tlsv1=YES
ssl_sslv2=NO
ssl_sslv3=NO
rsa_cert_file=/etc/vsftpd/vsftpd.pem

 

Vsftpd config passive mode

To configure passive mode for vsftpd you need to
set some parameters in vsftpd.conf.

pasv_enable=Yes
pasv_max_port=20100
pasv_min_port=20090

Otherwise it’ll come with directory list error.

 

Ubuntu change user home directory

# You either need to be logged on as root, not recommended, or prefix the command with sudo. The command does not create the folder so you will need to create it first.

cd /home

sudo mkdir peter

sudo chown peter:peter peter

sudo usermod -d /home/peter peter

If want to
move current user directory to new:

sudo usermod  -d new_home_dir  -m  username

 

Linux user group etc.

Linux: Show All Members of a Group

The /etc/group file is a text file that defines the groups on the Linux and Unix based systems. You can simply query this file to find and list all members of a group.

  1. /etc/group file – User group file
  2. members command – List members of a group
  3. lid command – List user’s groups or group’s users

Linux: List all members of a group using /etc/group file

# Use grep command as follows:

$ grep 'grpup-name-here' /etc/group

$ grep 'ftponly' /etc/group

$ grep -i --color 'ftponly' /etc/group

# Sample outputs:

ftponly:x:1001:raj,vivek,archana,sai,sayali

To get just a list of all members of a group called ftponly, type:

awk -F':' '/ftponly/{print $4}' /etc/group

Other ways:

# All users:

$ getent passwd

# All groups:

$ getent group

# All groups with a specific user:

$ getent group | grep username

 

Understanding the /etc/passwd file

http://www.cyberciti.biz/faq/understanding-etcpasswd-file-format/

Task: See User List

/etc/passwd is only used for local users only. To see list of all users, enter:

$ cat /etc/passwd

To search for a username called tom, enter:

$ grep tom /etc/passwd

/etc/passwd file permission

The permission on the /etc/passwd file should be read only to users (-rw-r–r–) and the owner must be root:

$ ls -l /etc/passwd

Output:

-rw-r--r-- 1 root root 2659 Sep 17 01:46 /etc/passwd

 

Vsftpd install

https://www.digitalocean.com/community/tutorials/how-to-configure-vsftpd-to-use-ssl-tls-on-an-ubuntu-vps

 

Command to list all users with their UID?

http://askubuntu.com/questions/645236/command-to-list-all-users-with-their-uid

Awk way

List all users with a /home folder:

awk -F: '/\/home/ {printf "%s:%s\n",$1,$3}' /etc/passwd

or all users with a UID >= 1000:

awk -F: '($3 >= 1000) {printf "%s:%s\n",$1,$3}' /etc/passwd

a combination

awk -F: '/\/home/ && ($3 >= 1000) {printf "%s:%s\n",$1,$3}' /etc/passwd

or for all entries

awk -F: '{printf "%s:%s\n",$1,$3}' /etc/passwd

 

A command to list all users? And how to add, delete, modify users?

http://askubuntu.com/questions/410244/a-command-to-list-all-users-and-how-to-add-delete-modify-users

To list all users you can use:

cut -d: -f1 /etc/passwd

To add a new user you can use:

sudo adduser
new_username

or:

sudo useradd
new_username

See also: What is the difference between adduser and useradd?

To remove/delete a user, first you can use:

sudo userdel
username

Then you may want to delete the home directory for the deleted user account :

sudo rm -r /home/
username

(Please use with caution the above command!)

To modify the username of a user:

usermod -l
new_username old_username

To change the password for a user:

sudo passwd
username

To change the shell for a user:

sudo chsh
username

To change the details for a user (for example real name):

sudo chfn
username

And, of course, see also: man adduser, man useradd, man userdel... and so on.

One of my Drupal Amazon AWS CDN migration experiences

Lately I've helped to move one of the existing sites from an Amazon EC2 to another, this is a cross-account migration.

Some config and environment:

Old server: ubuntu 12.04 / Apache on a m3.medium EC2 instance with Drupal 7, database is on an RDS instance alone
New server: ubuntu 14.04 / Apache 2 / php5-fpm on a m3.medium EC2 instance, it also has a RDS instance for the database
The new instances were all set up prior for this migration.

So the other parts were relatively simple like always:

  • Put site to maintenance mode, disabled clean-url, deleted cache, etc.
  • Site file tar gz compressed
  • Used mysqldump to get MySQL dump file and tar gz
  • From the destination EC2 instance, ssh to the old instance to get the compressed file
  • Copied everything from old bucket to the new bucket by using CloudBerry Explorer for Amazon S3 / S3 Browser

The CDN and sitemap issue

It's all good, however when I installed and set up everything. I've found files missing and the sitemap was just with the old domain name.
The sitemap was generated with Drupal XML sitemap
No matter how many times that I rebuilt the sitemap it's just the old one that shows in the browser when directly visit
So I started to look for the cause of this issue.
The rest of the parts were all looking good, so I then started to look at the most suspicious CDN setup, and finally get it sorted out.
The following are the steps that I did.
Config Steps:
  • need to hand code all the Amazon AWS details into the site settings.php
  • need to hand code the base URL to settings.php
  • need to run a complete CRON
  • delete all caches including S3 cache, static cache, everything cached
  • need to enable base url option in advgg -> under OBSCURE OPTIONS -> check "include the base_url variable in the hooks hash array"
  • remove the old sitemap in xmlsitemap panel
  • add a new sitemap file back in
  • go to rebuild the sitemap links in the rebuid panel
  • check the sitemap that is rebuit then use update cached files, click "update"
  • the I have a perfect sitemap to submit to the Search Engines

Conclusion:

  • The sitemap built is actually not located on the web server, it's a CDN distribution over S3 bucket via CloudFront - usually sitemap will located on the web server site root though
  • So if you go to the web server site root to look for this sitemap file it'll not show there
  • The Amazon details needed to be hand coded in the setting files, this may not be the best option but it's the only option that works at the moment
  • CRON takes time also the CDN distribution has delay, the changes could not be seen immediately
  • Drupal can't live without caching otherwise it's very slow, but caching will cause problem over development and/or troubleshooting as what you are looking at were all cached files and changes made could not take effect right away

Here is the reference:

https://keithyau.wordpress.com/2014/12/04/why-bootdev-cdn-configuration/