Ubuntu Server: Adding Users to the Sudoers List

If you have ever ran an Ubuntu Server installation, you may be familiar with the /usr/sbin/visudo file, which lists everyone with super-user permissions on the system. The only user that is in the file with ALL permissions by default is root, which, by default, isn’t even accessible directly in current Ubuntu versions. Though the root user can be assigned a password so that logging in as root is possible, no one would recommend it – or at least no one that I have seen.

When you install Ubuntu Server, you create an initial user. This user is automatically placed in the sudoers group, which means this user can perform actions as the root user by using the command sudo su  and providing their password. Perhaps you’ve wanted to create an additional user and add them to the list of sudoers so that, like your initial user, they can use the sudo  command. Well, it only takes two commands to do this.

First, you create the user using the adduser command:

sudo adduser <username>

At this point, some tutorials online explain how to add this user to the /usr/sbin/visudo file with the same permissions as the root user. If you do this, you will practically be creating a duplicate root user who can do anything on the system. Instead, it’s best to simply add this user to the sudo group:

sudo adduser <username> sudo

If you exit your current terminal session, reopen the terminal and log in as the user you just created, you’ll notice that this user can also perform actions using the sudo  command.

You can also check to see that the user is in the sudo group by viewing the groups users:

grep sudo /etc/group

Make sure the user is listed after your initial user and any other users you may have already added.

Similarly, you can remove a user from the group using the deluser  command:

sudo deluser <username> sudo

I recommend issuing the grep sudo /etc/group  command to ensure the user was removed as well.

Also, take note that the initial user created when installing Ubuntu 12.04 is added to the following groups as well, so if you’re intention is to create a user who is an ‘administrator’ on the machine, it may be wise to add them to all of the following groups.

adm
cdrom
sudo
dip
plugdev
lpadmin
sambashare

To see the list of groups on your server, simply issue the command grep <username> /etc/group , where <username> is the user you initially created during system install. Of course, you can ignore the group with the same name as the user.

XAMPP with Ubuntu

If you want a nicely compiled web server to use for testing, nothing beats XAMPP. And if you use Windows, it’s even nicer with XAMPP Lite. It’s so convenient, you can even run the server from a USB thumb drive.

However, I’ve learned recently that Linux doesn’t have quite as many convenient options. If you wish to set up a web server on Linux, there are countless tutorials across the net on doing it. For me, I just wanted something that I could run and test some things when I needed to without having to upload it to a production web server. Not to mention, it’s faster when everything is on a local machine. I was hoping that a XAMPP Lite setup had been released for Linux, but I was unfortunately wrong. Unlike Windows, Linux would require XAMPP to be installed in the /opt/ directory, which is owned by root. This means my system user wouldn’t be able to access the directory and directly alter files/folders, at least not without steps that extend beyond the directions given on the XAMPP website.

First off, I followed the directions for installing XAMPP exactly as described on the website. At first glance, everything looks fine. However, once I tried to access FTP using the default nobody user, I realized something was wrong. It gave me a 550 permissions error. Initial searching online seemed to indicate that the error wasn’t typical with others, so I figured something must have gone wrong with the installation. I had also installed the most recent beta version. I decided to uninstall, download the latest non-beta version and install it. Everything, again, went as expected with no errors. Again, I logged in via FTP and found that I could not create directories or alter files due to insufficient permissions. Doing a little more troubleshooting, I found that the lampp/htdocs folder was actually solely owned by root, instead of being owned by the user nobody and the root group. The nobody user had no ownership of the directory or its contained files/folders and therefore no permissions to affect it. I logged into root via terminal and changed ownership of the lampp/htdocs to nobody and from there everything worked fine accessing the directory via FTP.

A different approach would have been to change ownership of the directory to my own system user, this way I could directly alter the files/folders through nautilus without even having to run the proFTPD server. Since I am using the web server for testing locally anyway, this would have been the way to go.

For reference, here are the terminal commands used.

For listing ownership of files within a directory:

ls -l <path>

If you are already within the directory for which you want to list ownership of subsequent files and folders, you can leave the <path> value empty.

For changing ownership of the htdocs directory:

chown -R <username>:<usergroup> /opt/lampp/htdocs

Using your username for both the <username>  and <usergroup>  values will be fine.

The reason I recommend XAMPP over other Linux web server packages for using as a test server is that it is the easiest to uninstall that I have seen. Deleting the /opt/lampp directory is all that has to be done for complete removal.

phpFreeChat and phpBB3: Better Group Identifying

When comparing all of the free or open-source software available for providing chat on a website that I have seen so far, I have personally found phpFreeChat to be one of the more impressive options. Though a new version is in the works (2.x), the first branch (1.x) is the most stable and contains the most features as of this moment.

Of those features:

  • the ability for anyone to create rooms (if enabled)
  • op status for administrating, as well as the ability to identify chatters by their credentials from various other site software (such as phpBB)
  • an assortment of theme options that are included, as well as the ability to customize with your own
  • private messaging

I don’t need to explain a great deal about phpFreeChat. You can learn almost anything you need to know about it from its official website and forums. However, what I did not find there and thought useful is a better way to identify chatters for granting op status based on their phpBB group(s). I typically use phpBB as a board in most scenarios.

Here is a copy of the basic chat setup from the phpFreeChat website for integrating with phpBB and using its user information for chatters:

<?php
define('IN_PHPBB', true);
$phpbb_root_path = (defined('PHPBB_ROOT_PATH')) ? PHPBB_ROOT_PATH : '../';
$phpEx = substr(strrchr(__FILE__, '.'), 1);
require($phpbb_root_path . 'common.' . $phpEx);

// Start session management
$user->session_begin();
$auth->acl($user->data);
$user->setup();

if ($user->data['user_id'] == ANONYMOUS)
{
	login_box('', $user->lang['LOGIN']);
}
?>
<?php

require_once dirname(__FILE__)."/src/phpfreechat.class.php";
$params = array();
$params["title"] = "Quick chat";
$params["nick"] = $user->data['username_clean']; 
$params['firstisadmin'] = false;
if ($user->data['group_id'] == 4 OR $user->data['group_id'] == 5) // Admins and Moderators
{
$params["isadmin"] = true; // Do what you want cause a pirate is free, you are a pirate 😉
}

$params["serverid"] = md5(__FILE__); // calculate a unique id for this chat
$params["debug"] = false;
$chat = new phpFreeChat( $params );

?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html>
 <head>
  <meta http-equiv="content-type" content="text/html; charset=utf-8" />
  <title>Chicken Talk Chat Room</title>  
 </head>
 <body>
<div class="content">
  <?php $chat->printChat(); ?>
</div>

</body></html>

I have highlighted the lines that grant op status based on the user’s board group.

The method I now use was found by searching the phpBB boards for a way to determine whether a user is in a particular group. You may think this is what is already done in the phpFreeChat example of using phpBB to identify chatters to grant op status above, but what is actually being done there is the chat script is determining if one of the groups being checked is the user’s primary group. Because group assignment is an important way to identify a board user’s main role, it is not uncommon for users to be in multiple groups so that they can access multiple functions. For example, a particular user may be a board administrator, but his primary group is support – because that is his main function on the board. In this case, in order for the user to get op status in the chat, you would have to have the check be looking for the support group, because that is the group ID that will be seen here since it is the user’s primary group. Even though the admin group is being checked, only one group ID is being passed for the user in this case, and it is the user’s primary group only.

For the method that I prefer, follow these steps:

  1. Require the includes/functions_user.php file.
    Find: 

    require($phpbb_root_path . 'common.' . $phpEx);

    and add the following after it:

    require($phpbb_root_path . 'includes/functions_user.' . $phpEx);
  2. Use the group_memberships() function to identify an array of all of the user’s assigned groups.
    Find: 

    if ($user->data['group_id'] == 4 OR $user->data['group_id'] == 5) // Admins and Moderators
    {
    $params["isadmin"] = true; // Do what you want cause a pirate is free, you are a pirate 😉
    }

    and replace it with the following:

    if (group_memberships(array(4,5),$user->data['user_id'],true))
    {
       $params["isadmin"] = true; // Do what you want cause a pirate is free, you are a pirate 😉
    }

As that example is now, it is still only checking for the Administrator and Global moderator groups. However, you can add a group ID to the array within the parentheses and it will check for that group as well. Unlike the original method, this check will pass so long as the user is within one of the listed groups – not requiring the group to be the user’s primary group.

Also, if you wish to not require chatters to be registered and logged in on your board, you can do the following to allow guest chatting:

  1. Find:
    if ($user->data['user_id'] == ANONYMOUS)
    {
    	login_box('', $user->lang['LOGIN']);
    }

    and replace it with the following:

    $RequireLogin = false; // if true, will require chatter to be logged in on the phpBB board 
    if ($user->data['user_id'] == ANONYMOUS)
    {
       if($RequireLogin)
       {
          login_box('', $user->lang['LOGIN']);
       }
    }

    Changing $RequireLogin to true will allow you to quickly revert back to requiring registeration and login without having to replace code again.

  2. Find:
    $params["nick"] = $user->data['username_clean'];

    and replace it with the following:

    if ($user->data['user_id'] != ANONYMOUS) $params["nick"] = $user->data['username_clean']; // phpBB nick used

    If this isn’t done and the $RequireLogin variable is set to false, the guest will be given the nick ANONYMOUS. Otherwise, they are either prompted for a nick upon loading the chat or given a randomly generated guest nick – depending on your phpFreeChat configuration for that.

Orange Is The New Black

Work has kept my girlfriend and I from enjoying our usual getaway from the world to the streaming of Netflix, but we finally got around to it tonight while we ate dinner. Expecting to watch something from our typical list, we saw the unavoidable advertising for Netflix’s original series Orange Is The New Black. To be honest, I really expected this was going to be a pure-bred comedy. Even the synopsis gave me that impression. I won’t dare say that I knew otherwise even within the first two minutes, during which a brief montage of female nudity was put on display, which neither of us saw coming.

I’ll admit that I didn’t think the show was all that bad. I guess it’s probably not that surprising that my girlfriend found much less taste for it. Don’t think the abundance of female nudity is the reason for my interest in watching it again. Actually, I guess I am intrigued by the dramatic presentation of the prison life. Oz was a hit show a decade or so ago, but I didn’t get to watch it due to my lack of an HBO subscription – though I did manage to catch an episode or two during occasional opportunities. Still, the only thing I can remember about Oz is that the newspaper editor from the Spider-Man movies played a bald-headed paraplegic. That’s literally it.

But anyway. I wouldn’t say anything such as “Orange Is the New Black is one of the best new TV shows,” but I will say that it probably isn’t anywhere near being the worst. Plus, getting to see ol’ Captain Janeway from Star Trek: Voyager play a soviet kitchen-head is entertaining in itself, especially following my shock of seeing her on the whacky CN show NTSF:SD:SUV. Still, it’s worth a gander or two if you don’t mind slightly unrestrained nudity and sexual themes – which is common in most HBO/ShoTime series as well (eg. The Tudors and Spartacus) – or a casually-paced drama storyline.