Setting Up Linux Like An ISP

[Netopia]

Hey Gang,

I've tried to Google and BBS search around the web, but haven't found any real answers to what I'm looking for. Part of the reason might be that the words I'm having to use to search may be just to common. Anyway....

I've got a RH9 box that my work is letting me host on their T1 line. I've already got a domain name and DNS is set and all that, but I'd like to set the box up more like an ISP. For instance... I'd like to give every member of my family an account on the box the same way I'm sure I'm added to the boxes by my various ISP's. Then, once an account is made, I would hope that they would be able to FTP into their home directory and also use a .html directory there for their own webserver use. Also an email account.

I would imagine that ISP's (especially big ones) don't go about doing all this manually everytime they sign up a new users. Does anyone know if there are any programs out there that will automate the whole process? I've even gone so far as to use my shell script on my ISP to get into their /etc/apache directory and copied all of their config files hoping to learn something from them, but there doesn't seem to be anything special (except for virtual domains for their business customers).

Anyone have any ideas? If not, is this a killer app waiting to happen?

Joe

 

[n0cmonkey]

useradd

Write a script or modify useradd or whatever to add a ~/public_html or whatever you are calling your UserDirectories (which I believe is what the option is called in httpd.conf to give users their own directories). I think that's what you're asking for anyways...

EDIT: Look at /etc/skel. There might be a way to add a ~/public_html or whatever directory there and have it copied over when a new user is created.

 

[Netopia]

Hmmmm..... I need to learn more.

But, IMHO, if n0cmonkey doesn't have a pat answer, then there is a great app or at least a priceless script waiting to be written by someone who knows how. Maybe I should crack a few more books... it could be ME!

Joe

 

[Barnaby W. Füi]

This stuff is pretty rudimentary so from what I can tell, ISPs all just write up their own scripts to manage their stuff. No real reason to write some big app for it, it's not really the type of thing that an application seems appropriate for. Sysadmins use scripts

 

[Netopia]

Yeah... an APP in the most common usage would be overkill. It just seems to me that if there is a fairly standard web server (apache) and a fairly standard FTP server (????) then one could easily (IF they had the knowledge... I don't yet) simply post the scripts for others to use.

Is there a site on the internet where people share scripts they've created for various purposes?

Joe

 

[n0cmonkey]

On OpenBSD I use adduser. If I had more users I would add to adduser, or create another script to create my public_html directories (which would actually just be links on my system...). I haven't messed with FTP at all at home though, so I don't know how much setup would be involved. I am guessing you would want chrooted" FTP, but the setup would depend on your daemon.

EDIT: Ok, if you are looking to add UserDirectories (URL/~USER), just add your UserDirectory name to /etc/skel. I just tested this on both OpenBSD and Debian, so it should work on RedHat too. Then each user that gets added gets his own website.

 

[Netopia]

You guys blow me away!

How in the HECK do you stay up with all this stuff?

But... you know what?... I'm VERY thankful you do!

Joe

 

[n0cmonkey]

Originally posted by: Netopia
You guys blow me away!

How in the HECK do you stay up with all this stuff?

But... you know what?... I'm VERY thankful you do!

Joe

I have lots of free time.

Check the edit in my previous post and see if that is basically what you are looking for as far as the webpages go.

 

[Netopia]

I'm going to have to continue this tomorrow... but MANY MANY THANKS for the help. I think you've hit upon exactly what I need!

Joe

 

[Netopia]

EDIT: Ok, if you are looking to add UserDirectories (URL/~USER), just add your UserDirectory name to /etc/skel. I just tested this on both OpenBSD and Debian, so it should work on RedHat too. Then each user that gets added gets his own website.

I'm off to an appointment right now, but I figured that I'd shoot this off first. I did a quick chech this morning and I don't have anything like "skel" under my /etc. Is the file I'm looking for part of apache or is there something else I should be looking for. On second thought... should I be concerned that I don't have a /ect/skel?

Joe

 

[n0cmonkey]

Originally posted by: Netopia

EDIT: Ok, if you are looking to add UserDirectories (URL/~USER), just add your UserDirectory name to /etc/skel. I just tested this on both OpenBSD and Debian, so it should work on RedHat too. Then each user that gets added gets his own website.

I'm off to an appointment right now, but I figured that I'd shoot this off first. I did a quick chech this morning and I don't have anything like "skel" under my /etc. Is the file I'm looking for part of apache or is there something else I should be looking for. On second thought... should I be concerned that I don't have a /ect/skel?

Joe

I don't use RH, so I can't figure out what it is off hand. /etc/skel holds the .profiles and other similar files for when a user is created. You could search for something like find /etc -name ".profile", but I don't know if RH bothers to copy those files into a user's home directory, or even if it has that particular file

 

[Netopia]

Ok... first off I feel foolish since I did an "ls /etc/sk*" and nothing came up, but today I'm in there looking around and sure enough, there's an "skel" directory. The only profile is a .bash_profile, and I'm not quite sure where I need to add the stuff you indicated.

I have learned some other interesting things though. While rummaging though httpd.conf, I discovered the whole area for usre dirs. Not only does it tell you how it works, but it even tells you the permissions that are needed in order to make everything work. As I was reading that the persons userdir (thier ~ directory) would require 711 permissions so that apache could get through it and that their actual web served directory (something like ~/.html) would have to have a permissions setting of 755, a little bell started dinging in my head.

My ISP gives you your webspace with an address of "www.isp.com/~username". I have a shell account with my ISP, so I telnetted in and just for kicks did a "cd .." and then an "ls". Well... I found myself in a directory that was named with the first letter of my username and the directory held TONS of other directories all starting with the same letter. So, for kicks, I cd'd to one of the other usernames and it let me in! Hmmm... bad security. Then I did an "ls" and got a permission denied. Then I cd'd to .html and was whisked to their webspace... where, because just as I had thought, the permissions were 755! I could wander around and look at anyone's space on the entire 200GB+ /home partition! Just for kicks, I did some things like "ls /home/*/*/.html/*.jpg > /home/j/jusername/output.txt" and sure enough, it searched the entire machine without hesitation and dumped a listing of people's jpg's in my directory. I then added another /*/ in the middle and it found TONS of other directories and jpg's! Then I got out and sat and thought for a minute.

So... it would seem if one sets things up exactly like httpd.conf suggests, you leave a HUGE security or at least privacy hole in a system! I don't know that much about chroot, but I was wondering what would happen if I chroot'ed people to their directories. Would it effect them being able to use cgi or perl or mysql or stuff like that that didn't exist within their chrooted jail? Don't know... it's gotten more confusing.

Maybe all of this is old news to many, but as someone who is trying hard to learn Linux/Web Serving/Security etc... it's a little overwhelming because it seems like each thing I do requires me to know several other things in order to do it right.

I guess I don't really have any direct questions at this point, just sharing and looking for other people's ideas and insights.

Thanks!

Joe

 

[n0cmonkey]

Originally posted by: Netopia
Ok... first off I feel foolish since I did an "ls /etc/sk*" and nothing came up, but today I'm in there looking around and sure enough, there's an "skel" directory. The only profile is a .bash_profile, and I'm not quite sure where I need to add the stuff you indicated.

cd /etc/skel&&mkdir public_html

I am going to continue using public_html as the name of the user webpage directory. It's what I'm used to

It should be that simple. Do it, and make a test user to test it.

I have learned some other interesting things though. While rummaging though httpd.conf, I discovered the whole area for usre dirs. Not only does it tell you how it works, but it even tells you the permissions that are needed in order to make everything work. As I was reading that the persons userdir (thier ~ directory) would require 711 permissions so that apache could get through it and that their actual web served directory (something like ~/.html) would have to have a permissions setting of 755, a little bell started dinging in my head.
(snip...)
So... it would seem if one sets things up exactly like httpd.conf suggests, you leave a HUGE security or at least privacy hole in a system! I don't know that much about chroot, but I was wondering what would happen if I chroot'ed people to their directories. Would it effect them being able to use cgi or perl or mysql or stuff like that that didn't exist within their chrooted jail? Don't know... it's gotten more confusing.

Only the chrooted processes will need things in the home directory. Are you planning on giving out shell access? If so, chroot the shell. SCP only? Use the scponly shell (ask and I'll find a link, this goes for anyone). FTP only? Chroot them in FTP (consult your FTPd docs to find out how). The webserver will not be chrooted (OpenBSD does this by default, but it can be a pain, and I don't think any other OSes/distros do it). Apache will be able to access everything just fine, only the users will be limited in what they can and cannot see.

Maybe all of this is old news to many, but as someone who is trying hard to learn Linux/Web Serving/Security etc... it's a little overwhelming because it seems like each thing I do requires me to know several other things in order to do it right.

I guess I don't really have any direct questions at this point, just sharing and looking for other people's ideas and insights.

Thanks!

Joe

I've never given it much thought since most places I have had shell/web access have things setup this way and I never had the time to come up with a solution. These are my initial thoughts though. Hope they help.

 

[Barnaby W. Füi]

From hier(7) on debian:

/etc/skel
When a new user account is created, files from this directory are usually copied into the
user's home directory.

 

[drag]

Oh btw.

When you go:

ls -l /etc/sk*

your only realy looking for normal files. ls handles directories different. For instance if you do a ls /etc/ it will show the directories within the directory, so if you go ls /etc/skel it will show the files in that directory.

If you want to use ls to look for directories and handle them like normal files then you have to go:

ls -ld /etc/sk*

Then that will show directories. Kinda braindead in my opinion. They've made the command to complicated to make it user friendly(there are lots of other little examples were ls causes problems)...

 

[Netopia]

Guys,

I really appreciate your help and info. I'll comment more tomorrow and let you know how it goes... IF I get the time. Today has been one of those incredibly busy days and tomorrow doesn't look any better.

Thanks for all the input, I GREATLY appreciate it and every bit of knowledge I gleen from folks like you who are willing to share puts me a little farther down the road of confidence with *nix.

Joe

 

[Mucman]

Instresting stuff guys! I wrote a website/customer creation script for where I work (Windows 2003 hosting). It's all in ASP, and is pretty slick. It's about 40kb of ASP stuff (includes integration with our customer database, FrontPage install, SQL Server database setup, Application Pool creation, Active Directory integration) and it all works over WMI, so my script is installing websites for numerous servers

I've always wondered how shared hosting configuration is done on unix machines.

 

[Barnaby W. Füi]

I just talked a little with a guy I know who deals with this stuff, this is how it's done at his job:

You add a user via a web interface, and that goes into a database, and does stuff like create their mail directory, home directory, etc. There is a daemon that regenerates /etc/passwd based on the database's contents when needed. You can also have apache generate vhosts based on the database.