Tag: ubuntu

Setting Up an sftp Site on Amazon Web Services EC2, and a Guest Account

(Original/copy post  from http://cloud.ubuntu.com/ami/, http://www.cybersprocket.com/2009/tips-tricks/sftp-tips-tricks/ and http://blog.markvdb.be/2009/01/sftp-on-ubuntu-and-debian-in-9-easy.html) and adapted a little bit.

This consists of three parts:

  • setting up an sftp site on EC2
  • creating a new user account
  • configuring the new user account to do read-only ftp, with no ssh privileges

This is intended for transferring files to and from trusted users. I use this as an adequate solution for occasionally sending very large files to clients, using an EC2 instance dedicated to that task. After the transfer is complete, I shut down or delete the instance.

Set up a server using Amazon Web Services EC2, choosing an Ubuntu Amazon Machine Image (AMI). (You can find an AMI using http://cloud.ubuntu.com/ami/. You may want to choose one that’s free tier eligible, such as ami-1aad5273)

ssh into the server:

ssh -i keyfile.pem ubuntu@ec2-hostname.amazonaws.com

Install vsftpd:

sudo apt-get install vsftpd

Create a new user:

sudo adduser newusername

Using the AWS Management Console, generate a new key pair for the third-party user.

On Linux, you can generate the public and private keys with the following command on your own local system:

ssh-keygen -b 1024 -f newusername -t dsa

On the server, create the .ssh directory for the new user:

sudo mkdir /home/newusername/.ssh

Paste the public key into /home/newusername/.ssh/authorized_keys.

Set permissions:

sudo chmod 700 /home/newusername/.ssh

sudo chmod 600 /home/newusername/.ssh/authorized_keys

sudo chown -R newusername:newusername /home/newusername/.ssh

Test the new user’s sftp login from your local machine:

sftp -o IdentityFile=newkeypair1.pem newusername@ec2-hostname.amazonaws.com

Make a new group for users who should be limited to using only sftp:

sudo groupadd sftponly

sudo adduser newusername sftponly

Edit /etc/ssh/sshd_config and change the Subsystem line to:

Subsystem sftp internal-sftp

and add these lines to the end of /etc/ssh/sshd_config:

Match group sftponly
ChrootDirectory /home/%u
X11Forwarding no
AllowTcpForwarding no
ForceCommand internal-sftp

Set permissions, without clobbering files necessary for EC2’s key-based authentication (only download):

sudo chown root:root /home/newusername

To deny SSH shell access, run the following command:

sudo usermod newusername /bin/false

If you want permit uploads use the command below.

sudo chown newusername:newusername /home/newusername

and…

sudo chown -R newusername:newusername /home/newusername/.ssh

sudo /etc/init.d/ssh restart

Now the new user can connect by sftp, but not by ssh. Place the files you want to share in /home/newusername, and share the key with the user or upload your files.

Mark Shuttleworth quer dar um fim na ACPI na próxima geração de hardware

A ACPI é uma herança do final do século XX, quando chegou para suceder padrões mais limitados, como o APM, ou mais complicados de fazer funcionar (especialmente no Linux), como a especificação Plug and Play BIOS. Com a ACPI, passou a ser possível definir interfaces gerais (independentes de plataforma) para acesso a itens do sistema como a enumeração e configuração de hardware, o gerenciamento de energia (que antes ficava por conta do BIOS, e não do sistema operacional) e o monitoramento.

Mas Mark Shuttleworth, o fundador da Canonical, publicou sua preocupação com o fato de que – além de muitas vezes terem qualidade de software duvidosa – os firmwares dos fabricantes para suportar a ACPI podem, voluntariamente ou não, servir como vetor de ataque “invisível” à privacidade dos usuários, pela NSA e entidades assemelhadas.

A solução que ele aventa não é nada simples: convencer os fabricantes de hardware a disponibilizarem os drivers para suas inovações sempre na forma de código open source para uso no Linux, e mudar o padrão do firmware para um modelo declarativo, puramente descritivo, sem execução de código. (via lwn.net – “Shuttleworth: ACPI, firmware and your security [LWN.net]”)

How to get Netflix streaming on Ubuntu 12.10

Very Interesting post!

December 10, 2012, 7:00 AM PST

Takeaway: It’s taken quite some time, but Netflix streaming video has finally arrived on the Ubuntu Linux desktop. In this easy, step-by-step, Jack Wallen shows you how.

 

In one of my recent blog posts, I mentioned that Netflix streaming was now available for the Ubuntu 12.10 desktop. I’ve used it — it works like a champ. Any title in your Netflix library will play and play as expected. This means, for Linux users, no more having to depend upon streaming devices or watching Netflix on your WII or PS3. Now you too can enjoy Netflix as was promised long ago by the company itself.This Netflix app is due to the hard work of programmer extraordinaire, Erich Hoover. With the help of WINEFirefox, and Silverlight, Hoover was able to make this happen. Obviously, FOSS purists will turn their nose up at two things:

  • Silverlight
  • DRM

But, if you want streaming Netflix on your Linux desktop… you’ve no choice. When it comes to Hollywood, DRM is not going anywhere… ever.

The installation of Netflix on Ubuntu isn’t hard. In fact, it’s quite easy. It does, however, take some time.

Installation

Before you tackle this task, make sure your machine is fully updated. You can either do this from the update manager or from the command line. If from the command line, do the following:

  1. Open a terminal window
  2. Issue the command sudo apt-get update
  3. Enter your sudo password
  4. Once the update completes, issue the command sudo apt-get upgrade
  5. Accept the updates
  6. If prompted (in case of a kernel upgrade), reboot the machine

Now that your machine is fully prepped, it’s time to install the Netflix Desktop app. Here are the steps:

  1. Open up a terminal window
  2. Issue the command sudo apt-add-repository ppa:ehoover/compholio
  3. Hit Enter
  4. Issue the command sudo apt-get update
  5. Issue the command sudo apt-get install netflix-desktop

At this point you will see quite a large number of dependencies necessary for the installation (129 to be exact). Say OK to this and the installation will begin. Depending upon the speed of your network connection, this could take some time. Once that’s done, do the following:

  1. Open the Unity Dash
  2. Type netflix
  3. Click Install on the Wine Mono Installer (this is necessary for .NET)
  4. Click Install on the Wine Gecko Installer (this is necessary for embedded HTML to work properly)
  5. If you get an error, OK the error (I had this same thing happen on two machines — everything worked fine anyway)
  6. Allow the local installation to complete

At this point the Netflix Desktop application will open in full screen mode. To get out of that mode, hit F11. You will also find a new Firefox icon on your desktop. You can delete that if you like.

That’s it. You are now ready to enjoy streaming Netflix on your Ubuntu Linux desktop.

 

 

nautilus-open-terminal, a terminal quick launch

Tonite it’s getting late but I wanted to post something that is useful for quickly getting to the shell from any GUI location. The package nautilus-open-terminal does just what you might guess it does. It allows you to launch a gnome-terminal from a right-click within nautilus.

You might remember I blogged about something similar long-long ago with nautilus scripts.  This is based on the same idea, but now wrapped in a nice shiny deb package.  From the package description:

"Nautilus plugin for opening terminals in arbitrary local paths nautilus-open-terminal is a proof-of-concept Nautilus extension which allows you to open a terminal in arbitrary local folders."

To install this quick-launch to the terminal simply run:

sudo apt-get install nautilus-open-terminal

You may need to restart gnome / nautilus for the change to take effect, but afterwards you’ll have a “open terminal” button on your right-click menu anywhere within nautilus or gnome-desktop area.  Enjoy.

Ubuntu Oneiric Ocelot: Next after Natty?

The naming of cats is a difficult matter

It isn’t just one of your holiday games.

– T S Eliot, The Naming of Cats

For the next cycle, I think we’ll leave the oceanic theme behind. The “oddball octopus”, for example, is a great name but not one we’ll adopt this time around. Perhaps in 13 years time, though!

The objective is to capture the essence of our next six months work in a simple name. Inevitably there’s an obliquity, or offbeat opportunism in the result. And perhaps this next release more than most requires something other than orthodoxy – the skunkworks are in high gear right now. Fortunately I’m assured that if one of Natty’s successors is a skunk, it would at least be a sassy skunk!

So we’re looking for a name that conveys mysterious possibility, with perhaps an ounce of overt oracular content too. Nothing too opaque, ornate, odious or orotund. Something with an orderly ring to it, in celebration of the crisp clean cadence by which we the community bring Ubuntu forth.

There’s something neat in the idea that 11.10 will mark eight years since Ubuntu was conceived (it took a little longer to be born). So “octennial” might suit… but that would be looking backwards, and we should have an eye on the future, not the past. Hmm… an eye on the future, perhaps ocular? Or oculate? We’re certainly making our way up the S-curve of adoption, so perhaps ogee would do the trick?

Alternatively, we could celebrate the visual language of Ubuntu with the “orange okapi”, or the welcoming nature of our community with the “osculant orangutan”. Nothing hugs quite like dholbach, though, and he’s no hairy ape.

What we want is something imaginative, something dreamy. Something sleek and neat, too. Something that has all the precision of T S Eliot’s poetry, matched with the “effable ineffability” of our shared values, friendship and expertise. Something that captures both the competence of ubuntu-devel with the imagination of ayatana.

Which leads us neatly to the Oneiric Ocelot.

Oneiric means “dreamy”, and the combination with Ocelot reminds me of the way innovation happens: part daydream, part discipline.

We’ll need to keep up the pace of innovation on all fronts post-Natty. Our desktop has come together beautifully, and in the next release we’ll complete the cycle of making it available to all users, with a 2D experience to complement the OpenGL based Unity for those with the hardware to handle it. The introduction of Qt means we’ll be giving developers even more options for how they can produce interfaces that are both functional and aesthetically delightful.

In the cloud, we’ll have to tighten up and make some firm decisions about the platforms we can support for 12.04 LTS. UDS in Budapest will be full of feisty debate on that front, I’m sure, but I’m equally sure we can reach a pragmatic consensus and start to focus our energies on delivering the platform for widespread cloud computing on free and flexible terms.

Ubuntu is now shipping on millions of systems from multiple providers every year. It makes a real difference in the lives of millions, perhaps tens of millions, of people. As MPT said, “what we do is not only art, it’s performance art”. Every six months the curtains part, and we have to be ready for the performance. I’d like to thank the thousands of people who are actively participating in the production of Natty: take the initiative, take responsibility, take action, and your work will make a difference to all of those users. There are very few places in the world where a personal intellectual contribution can have that kind of impact. And very few places where we have such a strong social fabric around those intellectual challenges, too. We each do what we do for our own reasons, but it’s the global impact of Ubuntu which gives meaning to that action.

Natty is a stretch release: we set out to redefine the look and feel of the free desktop. We’ll need all the feedback we can get, so please test today’s daily, or A3, and file bug reports! Keep up the discipline and focus on the Narwhal, and let’s direct our daydreaming to the Ocelot.

Originally posted by Mark Shuttleworth here on Monday, March 7, 2011.