Categories
Interior

How to prevent other users from accessing your home directory in ubuntu 14.04

Picture this scenario. You want to allow an user to do only certain tasks and execute certain commands. The user shouldn’t change the environment variables/paths. S/he can’t visit to the other directories except her/his home directory and can’t switch to other users etc. The user can only be able to execute a few commands assigned by the system administrator. Is that possible? Yes! This is where Restricted Shell comes in help. Using Restricted Shell, we can easily limit user’s access to the Linux system. Once you put the users in restricted shell mode, they are allowed to execute only limited set of commands. In this brief tutorial, we will talk about how to do this in Linux. I tested this guide on CentOS 7 minimal server. However, It will work on most Unix-like distributions.

What is Restricted Shell?

First, let me clarify what exactly Restricted Shell is. It is not a separate shell like Bash, Korn Shell etc. If you start any existing shell using “rbash”, “–restricted”, “-r” options, then it will become Restricted shell. For instance, the Bourne shell can be started as a restricted shell with the command bsh -r, and the Korn shell with the command ksh -r.

The Restricted Shell will limit the users from executing most commands and from changing the current working directory. The Restricted Shell will impose the following restrictions to the users:

  • It will not allow you to execute cd command. So you can’t go anywhere. You can simply stay in the current working directory.
  • It will not allow you to modify the values of $PATH, $SHELL, $BASH_ENV or $ENV environmental variables.
  • It will not allow you to execute a program that contains a /(slash) character. For example, you can’t run /usr/bin/uname or ./uname command. You can however execute uname command. In other words, you are allowed to run the commands in the current path only.
  • You can’t redirect the output using ‘ > ’, ‘ >| ’, ‘ <> ’, ‘ >& ’, ‘ &> ’, and ‘ >> ’ redirection operators.
  • It will not allow you to get out of the restricted shell mode within scripts.
  • It will not allow you to turn off restricted shell mode with ‘set +r’ or ‘set +o restricted’.

This can be very useful when a large number of users are using a shared system. So, If you want to allow the users to execute only specific commands, Restricted Shell is one way to do this.

Limit User’s Access To The Linux System Using Restricted Shell

First, create a symlink called rbash from Bash as shown below. The following commands should be run as root user.

Next, create an user called “ostechnix” with rbash as his/her default login shell.

Set password to the new user.

Create a bin directory inside the home folder of the the new user.

Now, we need to specify which commands the user can run.

Here, I am going to let the user to run only “ls”, “mkdir”, and “ping” commands. You can assign any commands of your choice.

To do so, run the following commands:

Now, you understand why we created the “bin” directory in the earlier step. The users can’t run any commands except the above three commands.

Next, prevent the user from modifying .bash_profile.

Edit /home/ostechnix/.bash_profile file:

Modify the PATH variable like below.

Press ESC key and type :wq to save and close the file.

Now when the user logs in, the restricted shell(rbash) will run as the default login shell and read the .bash_profile, which will set PATH to $HOME/bin so that the user will only be able to run the ls, mkdir and ping commands. The restricted shell will not allow the user to change PATH, and the permissions on .bash_profile will not allow the user to alter the environment to bypass the restrictions during the next login session.

Verifying Rbash

Now, log out from root user and log back in with the newly created user i.e ostechnix in our case.

Then, run some commands to check whether it works or not. For example, I want to clear the Terminal.

Sample output:

You can’t use cd command to change to the different directory.

Sample output:

You can’t redirect the output using > operator either.

Sample output:

The user “ostechnix” is allowed to use only the commands assigned by you (the system admin, of course). In our case, the user can execute ls, mkdir and ping commands.

Apart from these three commands, the user can’t perform anything. S/He is completely under your control.

Suggested read:

Allow new commands to users

If you want to assign more commands to a user, log out out from the current user and back in to the root user again and assign the commands as shown below.

For example, to allow the user (i.e. ostechnix) to execute rm command, run the following command as root user.

Now the user can able to use “rm” command.

For more details, refer the man pages in the link given below.

Lori Kaufman is a technology expert with 25 years of experience. She’s been a senior technical writer, worked as a programmer, and has even run her own multi-location business. Read more.

If you share your Ubuntu machine with other people, you probably have multiple users set up, thinking that the other users log into their own accounts and only have access to their own home directories. However, by default, any user can access any home directory.

When you add a new user in Ubuntu, the adduser utility creates a new home directory for the new account. By default, the new home directory is placed in the /home/ directory on the root followed by the username. For example, /home/lori. User home directories in Ubuntu are created with world read/execute permissions, giving all other users on the system rights to read the contents of other users’ home directories. See our article for more information about how file permissions work in Linux.

NOTE: When we say to type something in this article and there are quotes around the text, DO NOT type the quotes, unless we specify otherwise.

You can easily change the permissions for your home directory to protect your private files. To check the permissions on your home directory, press Ctrl+Alt+T to open a Terminal window. Type the following line at the prompt and press Enter. Replace “lori” with your own username.

NOTE: The command contains only lowercase L’s not the number 1.

At the beginning of the line, the permissions for the file are listed. As said in our article about Linux permissions:

“The r stands for “read,” the w stands for “write,” and the x stands for “execute.” Directories will start with a “d” instead of a “-“. You’ll also notice that there are 10 spaces which hold value. You can ignore the first, and then there are 3 sets of 3. The first set is for the owner, the second set is for the group, and the last set is for the world.”

So, the home directory listed below has read, write, and execute permissions for the owner and read and execute permission for the group and world.

To change these permissions, type the following line at the prompt and press Enter.

Type your password when prompted and press Enter.

NOTE: The chmod command uses octal numbers as one way to indicate permissions. Our article about Linux file permissions uses a different method that requires more steps but may be easier to understand. Using the octal numbers to specify permissions is a quicker method. Use whichever method with which you are more comfortable. To learn about using octal numbers to set permissions, see this article.

Press the up arrow twice to use the “ls –ld /home/ ” command again to check the permissions. Notice that the permissions for world are all dashes (-). That means that the world cannot read, write, or execute anything in your home directory.

However, users in the same group as you can read and execute files and folders in your home directory. If you don’t want anyone else but yourself to have access to your home directory, enter “0700” as the numbers in the chmod command.

NOTE: For more information about managing users and groups in Linux, see our article.

To close the terminal window, type “exit” at the prompt and press Enter.

Now, when other users on the system try to access your home directory, the following dialog box displays.

You can also set up Ubuntu to use specific permissions when setting up the home directory for a new user you are creating. To do this, you need to edit the adduser configuration file. To do this, type the following command at the prompt and press Enter.

We are using gedit to edit the file. You can use a different text editor if you want.

NOTE: The gksudo command is like the sudo command but is used to run graphical programs as root. The sudo command is used to run command line programs as root.

Enter your password in the Password edit box on the dialog box that displays and press Enter or click OK.

Scroll down to the DIR_MODE command in the adduser.conf file. The number set is “0755” by default. Change it to reflect the different types of permissions (r, w, x) you want to grant to the different types of users (owner, group, world), such as “0750” or “0700” as discussed earlier. Click Save.

Close gedit by selecting Quit from the File menu. You can also click the X button in the upper-left corner of the window to close gedit.

Close the Terminal window by clicking the X in the upper-left corner of the window.

Now, the files in your home directory will remain private. Just remember that, if there are other users in the same group as you, you might want to take away the permissions for both group and world for your home directory.

  • Page History
  • Login to edit

Whenever you add a user to Ubuntu, either by installing Ubuntu or manually adding a new user, Ubuntu creates a /home/username directory for that user with their username. The /home/username directory is often referred to as just “the home directory”. This page offers some information about what, exactly, this directory is, what’s kept there, and how you can use it.

You can have as many /home/username directories as you have users.

Each user has full read/write/execute access to his or her /home/username directory.

  • Each user can make their /home/username directory unreadable by other users.
  • Each user can fully customize their Desktop layout/background, sounds, window manager, applications, etc.
  • The home directory is:
    • Where your Desktop resides.
    • Where your documents, pictures, music, videos, audio, and pretty much everything else can be stored.
    • Where your application settings are stored, in hidden files and directories (their names start with a . ) that you should not touch unless you know what you are doing. Eg, /home/username/.thunderbird contains your Thunderbird emails and contacts, /home/username/.mozilla contains Firefox bookmarks, passwords, history, plugins…

      The only place (with the exclusion of removable drives and the /tmp directory) within the Ubuntu file system where a user can freely create/modify/remove files and directories without needing root permissions or the sudo command.

    Software can be installed into the home directory, giving users who do not have administrative rights to the system the ability to use applications they would like. An example of software that installs to the /home/username directory is Wine.

    You can do this by creating a /home/username/bin directory, compiling software from source and installing it to the /home/username/bin directory, or by downloading binary-only software that you keep in the /home/username/bin directory. Then add the new binary path to your $PATH list, by putting this, for example, into your /home/username/.bashrc file.

    Executable binaries/scripts in your /home/username/bin directory will be accessible from the command line, or by pressing Alt+F2 in Gnome/KDE/Xfce.

    If you’re not sure how to add that line to the file, open a terminal and type gedit /home/username/.bashrc. Then paste the above line at the very end of that file, save it, and close the terminal.

    An important thing to consider is how you’re going to back up your home directory. Your base system can be reinstalled by using the Live CD or whatever other method you used to install it originally. Since your home directory contains all your personal configuration settings and all the files and directories you have created, downloaded, etc., you’ll want to be sure these are kept safe so that you can restore them if necessary. Here are a couple of pages in this wiki with some suggestions:

    Since Hardy, Ubuntu can be reinstalled while preserving home even without separate /home: see UbuntuReinstallation.

    If you wish to share a separate /home between several Linux distributions, do not forget to use different usernames.

    HomeFolder (последним исправлял пользователь yannubuntu 2012-09-10 07:53:04)

    There are several reasons to restrict a SSH user session to a particular directory, especially on web servers, but the obvious one is a system security. In order to lock SSH users in a certain directory, we can use chroot mechanism.

    change root (chroot) in Unix-like systems such as Linux, is a means of separating specific user operations from the rest of the Linux system; changes the apparent root directory for the current running user process and its child process with new root directory called a chrooted jail.

    In this tutorial, we’ll show you how to restrict a SSH user access to a given directory in Linux. Note that we’ll run the all the commands as root, use the sudo command if you are logged into server as a normal user.

    Step 1: Create SSH Chroot Jail

    1. Start by creating the chroot jail using the mkdir command below:

    2. Next, identify required files, according to the sshd_config man page, the ChrootDirectory option specifies the pathname of the directory to chroot to after authentication. The directory must contain the necessary files and directories to support a user’s session.

    For an interactive session, this requires at least a shell, commonly sh , and basic /dev nodes such as null, zero, stdin, stdout, stderr, and tty devices:

    Listing Required Files

    3. Now, create the /dev files as follows using the mknod command. In the command below, the -m flag is used to specify the file permissions bits, c means character file and the two numbers are major and minor numbers that the files point to.

    Create /dev and Required Files

    4. Afterwards, set the appropriate permission on the chroot jail. Note that the chroot jail and its subdirectories and subfiles must be owned by root user, and not writable by any normal user or group:

    Set Permissions on Directory

    Step 2: Setup Interactive Shell for SSH Chroot Jail

    5. First, create the bin directory and then copy the /bin/bash files into the bin directory as follows:

    Copy Files to bin Directory

    6. Now, identify bash required shared libs , as below and copy them into the lib directory:

    Copy Shared Library Files

    Step 3: Create and Configure SSH User

    7. Now, create the SSH user with the useradd command and set a secure password for the user:

    8. Create the chroot jail general configurations directory, /home/test/etc and copy the updated account files (/etc/passwd and /etc/group) into this directory as follows:

    Copy Password Files

    Note: Each time you add more SSH users to the system, you will need to copy the updated account files into the /home/test/etc directory.

    Step 4: Configure SSH to Use Chroot Jail

    9. Now, open the sshd_config file.

    and add/modify the lines below in the file.

    Configure SSH Chroot Jail

    Save the file and exit, and restart the SSHD services:

    Step 5: Testing SSH with Chroot Jail

    10. At this point, test if the chroot jail setup is working as expected:

    Testing SSH User Chroot Jail

    From the screenshot above, we can see that the SSH user is locked in the chrooted jail, and can’t run any external commands (ls, date, uname etc).

    The user can only execute bash and its builtin commands such as(pwd, history, echo etc) as seen below:

    SSH Built-in Commands

    Step 6. Create SSH User’s Home Directory and Add Linux Commands

    11. From the previous step, we can notice that the user is locked in the root directory, we can create a home directory for the the SSH user like so (do this for all future users):

    Create SSH User Home Directory

    12. Next, install a few user commands such as ls, date, mkdir in the bin directory:

    Add Commands to SSH User

    13. Next, check the shared libraries for the commands above and move them into the chrooted jail libraries directory:

    Copy Shared Libraries

    Step 7. Testing SFTP with Chroot Jail

    14. Do a final test using sftp; check if the commands you have just installed are working.

    Add the line below in the /etc/ssh/sshd_config file:

    Save the file and exit. Then restart the SSHD services:

    15. Now, test using SSH, you’ll get the following error:

    Test SSH Chroot Jail

    Try using SFTP as follows:

    Testing sFTP SSH User

    That’s it for now!. In this article, we showed you how to restrict a SSH user in a given directory (chrooted jail) in Linux. Use the comment section below to offer us your thoughts about this guide.

    If You Appreciate What We Do Here On TecMint, You Should Consider:

    TecMint is the fastest growing and most trusted community site for any kind of Linux Articles, Guides and Books on the web. Millions of people visit TecMint! to search or browse the thousands of published articles available FREELY to all.

    If you like what you are reading, please consider buying us a coffee ( or 2 ) as a token of appreciation.

    We are thankful for your never ending support.

    I currently have vsftpd installed in such a way, that when a user, say for instance my account frederik authenticates, I will be directed to my home directory /home/frederik/ .

    This is a problem for certain FTP clients, as they can not change to anything outside that default folder, for instance /home/ (even given permission).

    How can I change it so that authenticated users gets directed to / instead?

    3 Answers 3

    Just add this line to /etc/vsftpd.conf :

    Restart the vsftpd service to apply the changes:

    Essentially, you can set it to whatever directory you want. You also can use $USER in the path, it will be replaced with user’s login.

    So, if you set local_root , for example, to /home/$USER/ftp , then when a user connects to your server, he will be directed to the ftp folder in his home directory.

    You can create a chroot list with vsftpd.conf Check this

    All the users belonging to ftp-users group goes into /home/ftp-docs/ftp_stuff by default when they login. They cannot navigate in other directories and are restricted to this particular directory.

    Create a directory by issuing the following command as root:

    In the /etc/vsftpd/vsftpd.conf write this chroot_list_enable=YES chroot_list_file=/etc/vsftpd.chroot_list

    Put all you ftp-users group userś name in /etc/vsftpd.chroot_list Then in the /etc/passwd file make the home directory of all the users belonging to ftp-users group to /home/ftp-docs/ftp_stuff . Then do the following:

    Then login via any user belonging to ftp-users group you will lend into /home/ftp-docs/ftp_stuff . You cant go to the other higher level directories.

    you can create multiple entries in the list for multiple groups. the order in which those groups are in the list file will dictate their highest directory I believe.

    When you administer a Linux machine that houses multiple users, there might be times when you need to take more control over those users than the basic user tools offer. This idea comes to the fore especially when you need to manage permissions for certain users. Say, for example, you have a directory that needs to be accessed with read/write permissions by one group of users and only read permissions for another group. With Linux, this is entirely possible. To make this happen, however, you must first understand how to work with users, via groups and access control lists (ACLs).

    We’ll start from the beginning with users and work our way to the more complex ACLs. Everything you need to make this happen will be included in your Linux distribution of choice. We won’t touch on the basics of users, as the focus on this article is about groups.

    For the purpose of this piece, I’m going to assume the following:

    You need to create two users with usernames:

    You need to create two groups:

    Olivia needs to be a member of the group editors , while nathan needs to be a member of the group readers. The group readers needs to only have read permission to the directory /DATA , whereas the group editors needs to have both read and write permission to the /DATA directory. This, of course, is very minimal, but it will give you the basic information you need to expand the tasks to fit your much larger needs.

    I’ll be demonstrating on the Ubuntu 16.04 Server platform. The commands will be universal—the only difference would be if your distribution of choice doesn’t make use of sudo . If this is the case, you’ll have to first su to the root user to issue the commands that require sudo in the demonstrations.

    Creating the users

    The first thing we need to do is create the two users for our experiment. User creation is handled with the useradd command. Instead of just simply creating the users we need to create them both with their own home directories and then give them passwords.

    The first thing we do is create the users. To do this, issue the commands:

    We have now created our users. If you look in the /home directory, you’ll find their respective homes (because we used the -m option, which creates a home directory).

    Next each user must have a password. To add passwords into the mix, you’d issue the following commands:

    When you run each command, you will be prompted to enter (and verify) a new password for each user.

    That’s it, your users are created.

    Creating groups and adding users

    Now we’re going to create the groups readers and editors and then add users to them. The commands to create our groups are:

    That’s it. If you issue the command less /etc/group , you’ll see our newly created groups listed ( Figure 1 ).

    Figure 1: Our new groups ready to be used.

    With our groups created, we need to add our users. We’ll add user nathan to group readers with the command:

    We’ll add the user olivia to the group editors with the command:

    Now we’re ready to start managing the users with groups.

    Giving groups permissions to directories

    Let’s say you have the directory /READERS and you need to allow all members of the readers group access to that directory. First, change the group of the folder with the command:

    Next, remove write permission from the group with the command:

    Now we remove the others x bit from the /READERS directory (to prevent any user not in the readers group from accessing any file within) with the command:

    At this point, only the owner of the directory (root) and the members of the readers group can access any file within /READERS .

    Let’s say you have the directory /EDITORS and you need to give members of the editors group read and write permission to its contents. To do that, the following command would be necessary:

    At this point, any member of the editors group can access and modify files within. All others (minus root) have no access to the files and folders within /EDITORS .

    The problem with using this method is you can only add one group to a directory at a time. This is where access control lists come in handy.

    Using access control lists

    Now, let’s get tricky. Say you have a single folder— /DATA— and you want to give members of the readers group read permission and members of the group editors read/write permissions. To do that, you must take advantage of the setfacl command. The setfacl command sets file access control lists for files and folders.

    The structure of this command looks like this:

    Where OPTION is the available options, X is either u (for user) or g (for group), NAME is the name of the user or group, and DIRECTORY is the directory to be used. We’ll be using the option -m for modify. So our command to add the group reader for read access to the /DATA directory would look like this:

    Now any member of the readers group can read the files contained within /DATA , but they cannot modify them.

    To give members of the editors group read/write permissions (while retaining read permissions for the readers group), we’d issue the command;

    The above command would give any member of the editors group both read and write permission, while retaining the read-only permissions to the readers group.

    All the control you need

    And there you have it. You can now add members to groups and control those groups’ access to various directories with all the power and flexibility you need. To read more about the above tools, issue the commands:

    By default Ubuntu does not set up a root password during installation and therefore you don’t get the facility to log in as root. However, this does not mean that the root account doesn’t exist in Ubuntu or that it can’t be completely accessed. Instead you are given the ability to execute tasks with superuser privileges using sudo command.

    Actually, the developers of Ubuntu decided to disable the administrative root account by default. The root account has been given a password which matches no possible encrypted value, thus it may not log in directly by itself.

    Attention: Enabling root account is not at all required as most activities in Ubuntu do not actually call for you to use the root account.

    Although users are strongly recommended to only use the sudo command to gain root privileges, for one reason or another, you can act as root in a terminal, or enable or disable root account login in the Ubuntu using following ways.

    1. How to Enable Root Account in Ubuntu?

    To Access/Enable the root user account run the following command and enter the password you set initially for your user (sudo user).

    Enable Root Access in Ubuntu

    2. How to Change Root Password in Ubuntu?

    You can change root password with ‘sudo passwd root‘ command as shown below.

    Change Root Password in Ubuntu

    3. How to Disable Root Access in Ubuntu?

    If you wish to disable root account login, run the command below to set the password to expire.

    Disable Root Access in Ubuntu

    You may refer Ubuntu documentation for further information.

    That’s it. In this article, we explained how to enable and disable root login in Ubuntu Linux. Use the comment form below to ask any questions or make any important additions.

    If You Appreciate What We Do Here On TecMint, You Should Consider:

    TecMint is the fastest growing and most trusted community site for any kind of Linux Articles, Guides and Books on the web. Millions of people visit TecMint! to search or browse the thousands of published articles available FREELY to all.

    If you like what you are reading, please consider buying us a coffee ( or 2 ) as a token of appreciation.

    We are thankful for your never ending support.

    I need to execute part of a bash script as a different user, and inside that user’s $HOME directory. However, I’m not sure how to determine this variable. Switching to that user and calling $HOME does not provide the correct location:

    Update:

    It appears that the issue is with the way that I am trying to switch users in my script:

    What is the correct way to switch users and execute commands as a different user in a bash script?

    13 Answers 13

    You can now choose to sort by Trending, which boosts votes that have happened recently, helping to surface more up-to-date answers.

    Trending is based off of the highest score sort and falls back to it if no posts are trending.

    Update: Based on this question’s title, people seem to come here just looking for a way to find a different user’s home directory, without the need to impersonate that user.

    In that case, the simplest solution is to use tilde expansion with the username of interest, combined with eval (which is needed, because the username must be given as an unquoted literal in order for tilde expansion to work):

    Note: The usual caveats regarding the use of eval apply; in this case, the assumption is that you control the value of $different_user and know it to be a mere username.

    By contrast, the remainder of this answer deals with impersonating a user and performing operations in that user’s home directory.

    • Administrators by default and other users if authorized via the sudoers file can impersonate other users via sudo .
    • The following is based on the default configuration of sudo – changing its configuration can make it behave differently – see man sudoers .

    The basic form of executing a command as another user is:

    • If you neglect to specify -H , the impersonating process (the process invoked in the context of the specified user) will report the original user’s home directory in $HOME .
    • The impersonating process will have the same working directory as the invoking process.
    • The impersonating process performs no shell expansions on string literals passed as arguments, since no shell is involved in the impersonating process (unless someExe happens to be a shell) – expansions by the invoking shell – prior to passing to the impersonating process – can obviously still occur.

    Optionally, you can have an impersonating process run as or via a(n impersonating) shell, by prefixing someExe either with -i or -s – not specifying someExe . creates an interactive shell:

    -i creates a login shell for someUser , which implies the following:

    • someUser ‘s user-specific shell profile, if defined, is loaded.
    • $HOME points to someUser ‘s home directory, so there’s no need for -H (though you may still specify it)
    • The working directory for the impersonating shell is the someUser ‘s home directory.

    -s creates a non-login shell:

      no shell profile is loaded (though initialization files for interactive nonlogin shells are; e.g.,

    /.bashrc )

  • Unless you also specify -H , the impersonating process will report the original user’s home directory in $HOME .
  • The impersonating shell will have the same working directory as the invoking process.
  • Using a shell means that string arguments passed on the command line MAY be subject to shell expansionssee platform-specific differences below – by the impersonating shell (possibly after initial expansion by the invoking shell); compare the following two commands (which use single quotes to prevent premature expansion by the invoking shell):

    What shell is invoked is determined by “the SHELL environment variable if it is set or the shell as specified in passwd(5)” (according to man sudo ). Note that with -s it is the invoking user’s environment that matters, whereas with -i it is the impersonated user’s.

    Note that there are platform differences regarding shell-related behavior (with -i or -s ):

    sudo on Linux apparently only accepts an executable or builtin name as the first argument following -s / -i , whereas OSX allows passing an entire shell command line; e.g., OSX accepts sudo -u root -s ‘echo $SHELL – $USER – $HOME – $PWD’ directly (no need for eval ), whereas Linux doesn’t (as of sudo 1.8.95p ).

    Older versions of sudo on Linux do NOT apply shell expansions to arguments passed to a shell; for instance, with sudo 1.8.3p1 (e.g., Ubuntu 12.04), sudo -u root -H -s echo ‘$HOME’ simply echoes the string literal “$HOME” instead of expanding the variable reference in the context of the root user. As of at least sudo 1.8.9p5 (e.g., Ubuntu 14.04) this has been fixed. Therefore, to ensure expansion on Linux even with older sudo versions, pass the the entire command as a single argument to eval ; e.g.: sudo -u root -H -s eval ‘echo $HOME’ . (Although not necessary on OSX, this will work there, too.)

    The root user’s $SHELL variable contains /bin/sh on OSX 10.9, whereas it is /bin/bash on Ubuntu 12.04.

    Whether the impersonating process involves a shell or not, its environment will have the following variables set, reflecting the invoking user and command: SUDO_COMMAND , SUDO_USER , SUDO_UID= , SUDO_GID .

    See man sudo and man sudoers for many more subtleties.

    Tip of the hat to @DavidW and @Andrew for inspiration.

    1. Get device info:

    2. Create the Mount Point

    In the example below, the mount point name is “external”. You can name it anything you want.

    for devices formatted in FAT16 or FAT32:

    for devices formatted in ntfs:

    3. Unmounting the Drive

    When you are finished with the device, don’t forget to unmount the drive before disconnecting it. Assuming /dev/sdb1 is mounted at /media/external, you can either unmount using the device or the mount point:

    First get device info:

    Note the device id of the disk to be mounted, for example ‘sda1′. Then we need the UUID of the disk to be mounted, find it with the code below replacing sdXX with the correct device id from the previous step:

    The UUID looks like this:

    Now open this file:

    Now add this line to the end, changning the UUID for yours and /mnt/Disk should be changed to where you want to mount the disk:

    Ctrl+X, then ‘Y’ to save and exit.

    To get the device info:

    Locate the drive info(e.g. sdc2, sdb1, etc) and substitute this into ‘sdXN’ below

    The last line above is for an ntfs formatted drive. For any other drive, try:
    http://askubuntu.com/questions/773406/how-do-i-mount-and-open-flash-drive

    if you try the code below on an ntfs formatted drive, you will get the error:

    Before disconnecting devices, you must unmount them first. This is similar to “Safely Remove” in Windows in that the device won’t unmount until data is finished being written to the device, or until other programs are finished using it. This applies to all types of storage devices, including flash drives, flash cards, external hard drives, ipods and other media players, and even remote storage like Samba or NFS shares.

    Failure to unmount before disconnecting the device can result in loss of data and/or a corrupted file system. There are no exceptions to this rule. Be safe – unmount your drives before disconnecting them!

    ERRORS & SOLUTIONS

    If you are trying to unmount a drive ( or USB drive) and are seeing the error:

    Do this to kill the busy processes and unmount the drive (substitute sdXN with the correct drive info:

    The output will show runing processes, example:

    Press ‘y’ to kill the process and do the same for the next prompt, then:

    The code below is for mounting a device using a GUI.

    The link below is used for the guide below, although it does not work when using ‘gksudo gedit …’ (presumably do to no display)
    https://help.ubuntu.com/community/MountingWindowsPartitions

    First, you need to find the device locations of the partition(s) you wish to mount. Open a terminal and run:

    For illustration purposes, an example output from a computer setup with a Vista/Ubuntu dual-boot and shared NTFS data partition is shown here:

    The first three partitions, all NTFS, are the ones that concern us here. There are no FAT32 partitions. In this instance, all three NTFS partitions have partition labels, which makes it easier to identify the purpose of each. If your blkid output does not include partition labels, this means that the partitions do not have labels and you will have to determine which partition you wish to mount by another means. Of the three NTFS partitions, we are going to configure /etc/fstab with only the third, the Data partition. Partition /dev/sda1 is the OEM manufacturer’s recovery partition and should be left unmounted, or as described below. Partition /dev/sda2 is the Windows C:\ partition and is best not included in /etc/fstab for the reasons described above, or mounted read-only – see below.

    You will now need to create a mountpoint for each NTFS partition that you wish to mount by means of /etc/fstab. In our illustration we are going to add one entry only for /dev/sda3. From a terminal:

    In this case we have created a mountpoint with the same name – Data – as the partition label. You may use (almost) any string you wish. Also note that in the example below ‘sda3′ is the

    Below is the rest of the code used in the first link above that should only be used with a GUI:
    https://help.ubuntu.com/community/MountingWindowsPartitions

    Before editing /etc/fstab directly, it is a good idea to make a backup. From a terminal:

    Now open /etc/fstab in a text editor with root privileges:

    If you see the output below,

    ERROR

    Will need to find a solution before continuing. Seems that this process for mounting is for use with gui.

    GKSu is a library that provides a Gtk+ frontend to su and sudo. It supports login shells and preserving environment when acting as a su frontend. It is useful to menu items or other graphical programs that need to ask a user’s password to run another program as another user.
    http://www.nongnu.org/gksu/

    For a general-purpose read-write mount, add this line to the end of /etc/fstab:

    Replace the UUID with the one relevant for your partition as shown in your blkid output. “519CB82E5888AD0F” will not work for you.

    Also, substitute your mountpoint for “/media/Data”. In case you have a blank space in the name of the mountpoint you want to use like “New Volume” instead of “Data” located in “/media” use “/media/New\040Volume”. The space character is created by using “\040” in the fstab.

    You will also need to change the “locale=en_US.utf8” option to one suitable for your location and language if you are not in the USA. You can determine your locale with this terminal command:

    Or for a list of all locales available on your system:

    Now save your edited /etc/fstab and close the text editor. The partition(s) you have configured will be mounted the next time you reboot, but to mount them now:

    Two special cases

    Sample /etc/fstab lines are suggested for two special cases.

    Option 1 – for mounting read-only access. For example, this would be suitable for mounting your Windows C:\ partition if you need to access it. Modify the line below with your UUID and mountpoint:

    Option 2 – to ensure that Ubuntu does not mount the partition and also disables graphical mounting from the file manager. For example, you may wish to ensure that recovery and system partitions are never inadvertently mounted and do not appear in the file manager. In this case you need to create a mountpoint in /mnt, not /media. Modify the line below with your UUID and mountpoint:

    Note: with these mount options, the partition does not appear in the Devices list in the left pane of Nautilus (the Ubuntu file manager), but it still appears in Dolphin, the Kubuntu File Manager. Clicking on the partition in Dolphin causes the display of an error message. This solution is less elegant in Dolphin than with Nautilus, but the desired effect is achieved – the partition cannot be mounted.

    If you need to revert to the original configuration:

    Substitute your mountpoint in the second line.

    Last updated October 29, 2020 By Abhishek Prakash 12 Comments

    It is really simple to switch users in Ubuntu or any other Linux distribution using the terminal.

    All you need to do is to know the unsername and its account password and you can switch users with su command:

    You’ll be asked to enter the password of the user you want to switch to.

    As you can see in the screenshot above, I changed to user prakash from user abhishek in the terminal.

    There are some minor details with this method that I’ll share with you in a moment. I’ll also share the graphical way of switching users in Linux if you are using desktop Linux.

    Switching to root user

    If you want to switch to the root user in Ubuntu, you can use the following command:
    sudo su
    You’ll have to enter your own user password here.

    Change user in Linux command line

    Let’s see things a bit in detail. To switch users, you need to first know the exact username because tab competition doesn’t work here. You can list all the users in Linux command line by viewing the content of the /etc/passwd file.

    You’ll also need to know the password of the user account you want to switch to. This is for security reason, of course.

    If you are the admin user or have sudo access, you can change account password with passwd command.

    You’ll notice that some people use a – between su and the username. There is a specific reason for that.

    When you use -, -l or –login option, you start the shell as a login shell. This means that it will initialize the environment variables like PATH and changes to the home directory of the changed user. It will be as if you logged into the terminal as the second user.

    Note: though – is more popular, it is advised to use –login option.

    Change users in Linux graphically (for desktop Linux)

    If you are using desktop Linux, the above method may not be sufficient for you. Why? Because you switch the user in the terminal only. It is confined to the terminal. Nothing is changed outside the terminal.

    If you want to switch users so that you can log in as another user and use all the system (browser, applications etc) graphically, you’ll have to log out and then log back in.

    Now the screenshots may look different but the steps remain the same. Here’s how to switch users in Ubuntu Linux.

    Go to the top right corner and click the Power Off/Log out option to open the dropdown and you can choose either of Switch User or Log Out.

    • Switch User: You get to keep your session active (applications keep on running) for current user. Good for temporarily switching users as you won’t lose your work.
    • Log out: Current session ends (all applications are closed). Good when you want to switch to the other user for a long time.

    You can choose whichever option is more suited for your need.

    Now, you’ll be at the login screen with all the available users for your system. Choose the user account of your choice.

    Clearly, you need to know the password of the user account you want to use.

    That’s it. I hope you find this quick beginner tip helpful in changing users in Ubuntu and other Linux distributions. Questions and suggestions are always welcome.

    Like what you read? Please share it with others.

    MountWindowsSharesPermanently

    This document describes how to mount CIFS shares permanently. The shares might be hosted on a Windows computer/server, or on a Linux/UNIX server running Samba. This document also applies to SMBFS shares, which are similar to CIFS but are deprecated and should be avoided if possible (link).

    (This document does not describe how to host the shares yourself, only how to access shares that are hosted somewhere else. For hosting shares, use Samba.)

    We’re assuming that:

      Network connections have been configured properly.

    Your local (Ubuntu) username is ubuntuusername.

    Share username on Windows computer is msusername.

    Share password on Windows computer is mspassword.

    The Windows computer’s name is servername (this can be either an IP address or an assigned name).

    The name of the share is sharename.

    You want to mount the share in /media/windowsshare.

    On older systems:

    First, let’s create the mount directory. You will need a separate directory for each mount.

    Then edit your /etc/fstab file (with root privileges) to add this line:

    guest indicates you don’t need a password to access the share,

    uid=1000 makes the Linux user specified by the id the owner of the mounted share, allowing them to rename files,

    iocharset=utf8 allows access to files with names in non-English languages. This doesn’t work with shares of devices like the Buffalo Tera Station, or Windows machines that export their shares using ISO8895-15.

    If there is any space in the server path, you need to replace it by \040, for example //servername/My\040Documents

    After you add the entry to /etc/fstab type:

    This will (re)mount all entries listed in /etc/fstab.

    The quickest way to auto-mounting a password-protected share is to edit /etc/fstab (with root privileges), to add this line:

    This is not a good idea however: /etc/fstab is readable by everyone and so is your Windows password in it. The way around this is to use a credentials file. This is a file that contains just the username and password.

    Using a text editor, create a file for your remote servers logon credential:

    Enter your Windows username and password in the file:

    Save the file, exit the editor.

    Change the permissions of the file to prevent unwanted access to your credentials:

    Then edit your /etc/fstab file (with root privileges) to add this line (replacing the insecure line in the example above, if you added it):

    Save the file, exit the editor.

    Finally, test the fstab entry by issuing:

    If there are no errors, you should test how it works after a reboot. Your remote share should mount automatically.

    Special permissions

    If you need special permission (like chmod etc.), you’ll need to add a uid (short for ‘user id’) or gid (for ‘group id’) parameter to the share’s mount options.

    Mount password protected shares using libpam_mount (Ubuntu 9.04)

    In addition to the initial assumptions, we’re assuming that

    Your username and password are the same on the Ubuntu machine and on the network drive.

    Edit /etc/security/pam_mount.conf.xml using your preferred text editor.

    First, we’re moving the user specific config bits to a file which users can actually edit themselves: remove the commenting tags ( ) surrounding the section called . Save the file when done. With this in place, users can create their own

    Add the following:

    Login errors

    If you get the error “mount error(13) permission denied”, then the server denied your access. Here are the first things to check:

      Are you using a valid username and password? Does that account really have access to this folder?

    Do you have whitespace in your credentials file? It should be password=mspassword, not password = mspassword.

    Do you need a domain? For example, if you are told that your username is SALES\sally, then actually your username is sally and your domain is SALES. The fstab entry should read: . username=sally,password=pass,domain=SALES. Or: . credentials=/path/to/file,domain=SALES.

    Is the security setting correct? The most common is sec=ntlm, but you can also try the other options listed at the mount.cifs man page. The man page list leaves out the option sec=lanman for some reason, but you should try that one as well (see discussion).

    Unprotected network folder won’t automount

    I’ve had a situation where an unprotected network folder wouldn’t automount during bootup, but after manually entering “sudo mount -a” was mounted correctly. I solved this by replacing the “guest” option by “username=guest,password=”. If anyone has an explanation for this, please leave a comment.

    Mount during login instead of boot

    If for some reason/etc/rc0.d/S31umountnfs.sh (networking problems for example) the automatic mounting during boot doesn’t work, you can add the “noauto” parameter to your smbfs fstab entry and then have the share mounted at login.

    Slow shutdown due to a CIFS/Network Manager bug

    If you use Network Manager, and are getting really slow shutdowns, it’s probably because NM shuts down before unmounting the network shares. That will cause CIFS to hang and wait for 60 seconds or so. Here’s how to fix it:/etc/rc0.d/S31umountnfs.sh

    Ubuntu 12.04 already runs umountnfs.sh at reboot and shutdown by default (/etc/rc0.d/S31umountnfs.sh and /etc/rc6.d/S31umountnfs.sh) so this is no longer necessary.

    CIFS Options Deprecated

    Using dmask or fmask in the fstab file produces the following warnings: WARNING: CIFS mount option ‘dmask’ is deprecated. Use ‘dir_mode’ instead. WARNING: CIFS mount option ‘fmask’ is deprecated. Use ‘file_mode’ instead.

    Instead use this format: file_mode=0777,dir_mode=0777 . Or in some cases you might need to use file_mode=0777,dir_mode=0777,nounix (see discussion)

    Use of tilde in pathnames such as “credentials=

    Curiously, using credentials=

    /.smbcredentials in fstab didn’t work. I had to use the full path, i.e. /home/username/.smbcredentials

    (This is likely because the tilde “

    ” is only a shell short-hand alias for “$HOME”; it isn’t something recognized system-wide by all programs, especially not in a system file table where the concept of “HOME” doesn’t really exist. -Ian!)

    MountWindowsSharesPermanently (последним исправлял пользователь shippj 2020-07-22 01:52:19)

    Tutorial to learn the steps for installing PHP Laravel framework on Ubuntu 22.04 LTS Jammy JellyFish using the command terminal for developing web apps.

    PHP doesn’t need an introduction, it has been around for many years powering web applications that need a dynamic programming language to work but one thing it is not (anymore): modern.

    Programming languages ​​such as Ruby and Python have become increasingly popular, especially in recent years. They are “cool” and appeal better to the next generation of coders. Whereas it is unfortunate PHP is getting a bit old and you can tell. This is exactly where Laravel comes into play. We can consider it as a new generation PHP framework and that’s what makes it so popular. Inspired by Ruby on Rails and .NET, Taylor Otwell created Laravel to get the most out of PHP and to prove that more is possible. Also, he wasn’t satisfied with the other PHP frameworks. They are no longer contemporary. He doesn’t only want to help developers be more productive but also to show that clean programming with PHP can also be fun again.

    In this article, let’s discuss the initial phase to work with Laravel is to install it on Ubuntu-based Linux systems.

    Steps to install Laravel on Ubuntu 22.04 LTS Linux

    The steps given here to set up the Laravel framework on Ubuntu 22.04 will be the same for other versions of Ubuntu such as 18.04 or 20.04 as well.

    1: System update

    First of all, update your system so that it could have the latest updates for security and the installed packages. This will also refresh the APT package manager index cache.

    Also, install git:

    2. Install LAMP on Ubuntu 22.04

    Laravel framework needs PHP to work. However, here we are also installing Apache, and MySQL on your Ubuntu Linux to serve pages of the app, generated on this framework using the Apache whereas to save the data, we have MySQL. Hence, let’s first install the LAMP stack using the command given below.

    Once the installation is completed, you can check the services of Apache and MySQL are working without any errors or not.

    For Apache:

    For MySQL

    3. Secure MySQL and create a Database

    We need a Database to store the data generated by your Laravel app project, hence here we are using a MySQL Database server for that.

    However, before creating a database, let’s secure our MySQL server.

    Login to MySQL first:

    Set root password:

    Note: Change [email protected] with some strong password, you want to set.

    Exit:

    Run the Secure Installation script again.

    The script will ask these questions.

    Enter the password for user root: type your set password and then press ENTER.
    Change the password for root? Press N, then ENTER.
    Remove anonymous users? Press Y, then ENTER.
    Disallow root login remotely? Press Y, then ENTER.
    Remove the test database and access to it? Press Y, then ENTER.
    Reload privilege tables now? Press Y, then ENTER.

    Once done create Database for Laravel:

    Login to Database, if you are not already:

    Now, use the given commands, one by one:

    Note: Replace yourdb with whatever name you want to give your Database, whereas youruser is the user you want to create while the password is the secret key to protect your created user account.

    4. Install PHP Composer for Laravel

    To install Laravel and the dependencies required by it to work properly, we need to use Composer. It is a library manager for PHP projects. Well, we can install Composer using the default package manager of our Ubuntu 22.04, however, the version provided by it will not be the latest one. Therefore, here we are going for an installer script, officially provided by the developers of this PHP library management tool.

    5. Download the Laravel framework project

    Let’s clone the Laravel from its Github repository directly into our web root directory.

    Switch to web directory:

    Clone Laravel

    6. Install Laravel on Ubuntu 22.04

    Once you have downloaded the Laravel on your system, switch to its directory and use the Composer to start the installation process.

    Use the Composer

    Once the installation is completed the change permission to files :

    —–From here onwards we will show how to set it up for accessing Laravel app using Apache——

    7. Create the Laravel environment configuration file

    We already have an example environment file, let’s use it to create one for our Laravel app.

    While inside the Laravel directory, run:

    Generate an encryption key for your app:

    Add the Database details:

    Go to the database section and change the values:

    Save the file using Ctrl+O, hit the Enter key, and then exit the file using Ctrl+X.

    8. Apache Configuration for PHP Laravel App

    Edit the default Apache configuration file and change the web root document directory path. This will point it to serve the files provided by the Laravel instead of the default Apache page.

    Save the file and restart the Apache.

    9. Get the app’s demo page

    We have configured the Laravel PHP framework to access through the Apache web server over port 80. Hence, simply open your system’s browser that can access the ip-address of the Ubuntu 22.04 where you have installed the Laravel and point it to it.

    For example:

    If you want to know how to use the Laravel command line to create and work on various projects without using the Apache web server then here is the tutorial for that. Use Laravel command line