Restricting Linux Logins to Specified Group

If you have linux boxes that authenticate over ldap but want logins for specific boxes to be restricted to a particular group, there is a simple way to achieve this.

Firstly, create a new file called /etc/group.login.allow (it can be called anything – you just need to update the line below to reflect the name)

In this file, pop in all the groups that should be able to login

admin
group1
group2

Edit /etc/pam.d/common-auth (in ubuntu), it might be called /etc/pam.d/system-auth or something else very similar. At the top of the file (or at least above other entries, add the following line:

auth required pam_listfile.so onerr=fail item=group sense=allow file=/etc/group.login.allow

For the record, found this little tidbit over at the centos forums

My Thoughts on OCFS2 / Understanding OCFS2 [1110]

As mentioned earlier, we have been considered networked filesystems instead of NFS to introduce into a number of complex environments. OCFS2 was one of the first candidates.

In fact, we also considered GFS2 but looking around on the net, there seemed to be a general consensus recommending ocfs2 over gfs2.

Ubuntu makes it pretty easy to install and manage ocfs2 clusters. You just need to install ocfs2-tools and ocfs2console. You can then use the console to manage the cluster.

What I totally missed in all of my research and understanding, and due to lack of in depth knowledge on clustered filesystems was that OCFS2 (and GFS2 for that matter) are shared disk file systems.

What does this mean?

Continue reading

GlusterFS HOWTO [1108]

So, I  am catching up a bit on the technical documentation. A week taken to play Skyrim combined with various other bits and pieces made this a little difficult.

On the bright side, there are a few new things that have been worked on so hopefully plenty of things to cover soon.

We manage a number of servers and all over the place and all of them require to be backed up. We also have a number of desktops all with mirrored disks also getting backed up.

I like things to be all nicely efficient and its annoying when one server / desktop runs out of space when another two (or ten) has plenty of space. We grew to dislike NFS particularly due to the single point of failure and there were few other options.

We had tried glusterfs a few years ago (think it was at version 1.3 or something) and there were various issues particularly around small files and configuration was an absolute nightmare.

With high hopes that version 3.2 was exactly what we were looking for, we set up three basic machines for testing

Continue reading

Gnome Desktop Inaccessible After Screensaver Kicks in [1103]

Yesterday, I mentioned a problem that I’ve been having with GNOME 3 on Ubuntu 11.10.

Essentially what happens is that when I leave my desktop for a while, under specific circumstances, and often, on returning and moving the mouse or using the keyboard, the pointer would come back  on screen. However, this only works on one of my two screens.

The unlock dialog does not show up and it seems that there is no way to get back in.

In the past, I would log into the terminal (Ctrl-Alt-F1 or any function key through to F5 or so) and

$ kill -9 -1

This would of course kill all processes owned by me and is therefore unpleasant at best and have you losing a bunch of work at worst.

After a brainwave yesterday (as detailed in the aforementioned post), I decided to check the status of the screensaver and killed just those processes. Happily, this gives me my desktop back. However, my gnome-shell had given up which I had to restart

$ gnome-shell --replace

Unfortunately, I did not get the windows into the original workspaces since everything just got dumped into the one workspace but it is better than having to kill everything off.

EDIT: I just realised that the screen saver of course no longer kicks in and I had to restart it

$ gnome-screensaver --no-daemon

Synergy with Linux Server & Mac Client

I  borrowed a mac to try and play with iPhone development. I already have a linux box (running Ubuntu 9.10). Anyone who has used two computers simultaneously know how annoying it is to have two keyboards/mice plugged. I originally anticipated just using X11 forwarding. However, it is an iMac with a big beautiful screen. It would be an absolute waste to not use it.

Continue reading

Perfect Linux

According to Brian Lunduke, Ubuntu 9.10 is almost perfect, and I concur.

Being a bit of a purist, I ran Debian for very many years but found their stable releases lagging behind far too much. This was largely due to their perfectly understandable view of it being ready only when it is right.

For a while, I ran their unstable distribution called Sid, based on the disturbed, hyperactive 10 year old boy in the film Toy Story. The idea being that Sid breaks things, and it certainly did. While it taught me a heck of a lot about linux (and the terminal), my computer was broken on a very regular basis.

Continue reading

Vista Guest, Linux Host, VirtualBox, Host Networking – Bridge

One would think that it would be straightforward, work off the bat, or at least have some reasonable documentation. Unfortunately, no!

I needed host networking to be able to access network resources (Samba shares etc.) which does not work if the guest OS is on NAT 😦

Solving it was easy though… I assume Vista is installed as a guest with the guest additions and that your user account is a part of the vboxusers group.

On the linux host, first install bridge utils. I run Ubuntu, so it was as easy as:

$ sudo aptitude install bridge-utils

Next, you need to set up the bridge; again, easy on Ubuntu:

add the following section to /etc/network/interfaces

auto br0
iface br0 inet dhcp
bridge_ports eth1

Add the interfaces to VirtualBox

$ sudo VBoxAddIF vbox0 ‘shri’ br0

Within the VirtualBox Guest settings, choose Host Networking and fo the interface, choose br0

bring the interface up:

$ sudo ifup br0

and start your guest os… et voila, it just works…