Hire a web Developer and Designer to upgrade and boost your online presence with cutting edge Technologies

Wednesday, December 7, 2022

Multiple-user student webserver

 we have had a second catastrophic outage of our storage array which, once again, has taken Studentnet with it. However, going from my previous blog post has allowed me to get this up and running fairly quickly. In the process, I found some addendums that I would make to the original – but rather than edit it in, I thought it would be better to make a new post to explain the differences. Plus, I found a much quicker way to get it up and running..

 

Change 1: Install Linux as a LAMP server

This is really simple. Lots of things will get installed by default here; the pear, php and mysql modules all get installed with this. Selecting this and OpenSSH is all I did this time around. Straight afterward this, all that needs to be done is the original step of altering /etc/apache2/mods-enabled/dir.conf to push index.php to the start as well as an apt-get update and upgrade

Change 2: Powerbroker/Likewise installation

This time around, I used pbis 8.2, rather than 7.5. apt-get install pbis-open doesn’t work – so we need to get it from Beyondtrust’s download site manually. Over at http://download1.beyondtrust.com/Technical-Support/Downloads/PowerBroker-Identity-Services-Open-Edition/?Pass=True can be found the latest version for a given distribution; for Ubuntu, currently, this is currently located at  http://download.beyondtrust.com/PBISO/8.2.1/linux.deb.x64/pbis-open-8.2.1.2979.linux.x86_64.deb.sh which uses the Debian release.

The following commands are how I got this working:

cd /tmp
//Make a temporary directory

wget http://download.beyondtrust.com/PBISO/8.2.1/linux.deb.x64/pbis-open-8.2.1.2979.linux.x86_64.deb.sh
//Download to this directory

sudo chmod +x pbis-open-8.2.1.2979.linux.x86_64.deb.sh
//Give execution permission for this file

sudo ./pbis-open-8.2.1.2979.linux.x86_64.deb.sh
//Run the installer. Dont select legacy links, dont need it, and select yes to install now

sudo domainjoin-cli join --ou "OU=ComputerFolder,DC=company,DC=co,DC=uk" company.co.uk myaccount
//The account "myaccount" has to be able to join the domain. You'll be prompted to enter a password.

After this, the server can now accept domain logins. The only other thing to do now is to add in some AD configuration, for things like the prefix for the domain (so users don’t have to type their username@domain.. they only need to type username) as well as where their home directory is located. The following lines add entries to the PBIS configuration:

sudo /opt/pbis/bin/config UserDomainPrefix MYDOMAIN
sudo /opt/pbis/bin/config AssumeDefaultDomain true
sudo /opt/pbis/bin/config LoginShellTemplate /bin/bash 
sudo /opt/pbis/bin/config HomeDirTemplate %H/%D/%U 
sudo /opt/pbis/bin/config RequireMembershipOf "MYDOMAIN\\students" "MYDOMAIN\\staff" "UOB\\TechStaff"
sudo /opt/pbis/bin/config HomeDirUmask 072

 

Change 3: Quick permissions changes

The only next thing to do now is to ensure that “TechStaff” are able to act as admins. We can do this by adding the following, somewhere in the sudoers file (nano /etc/sudoers):

%TechStaff ALL=(ALL:ALL) ALL

TechStaff users can now do everything. Now, for the web server part, we set home directories to be only changed by their owners (and read by anyone in the group and executed by anyone else) already, but we need to change one small thing in the apache2 user directory config after making sure we have run a2enmod userdir – Inside /etc/apache2/mods-enabled/userdir.conf , the line /home/*/public_html needs to be changed to /home/domain/*/public_html – which is specified in the HomeDirTemplate above (home/domain/user – %H/%D/%D). The next line, AllowOverride, should just say All after it, too.

After restarting apache2, everything should work alright, as before. PBIS was a lot easier to install and join the domain with this time around and with the LAMP installation automated, everything was just a lot quicker to get running.

No comments:

Post a Comment