XPUB HUB Node: Sandbox: Difference between revisions
Andre Castro (talk | contribs) |
Andre Castro (talk | contribs) No edit summary |
||
| Line 3: | Line 3: | ||
* location: Xpub Studio | * location: Xpub Studio | ||
* HUB IP: 10.0.0.11 | * HUB IP: 10.0.0.11 | ||
* Public URL https://hub.xpub.nl/sandbox/ | |||
** users public_html https://hub.xpub.nl/sandbox/~username/ | |||
* Disk space: total: 59G Used: 4.5G Free: 52G (April 2020) | * Disk space: total: 59G Used: 4.5G Free: 52G (April 2020) | ||
* it is part of the [[HUB]] network | * Webserver: apache2 | ||
* Tinc service files: | |||
** /etc/systemd/system/tinc@hub.service | |||
** dependent on /etc/systemd/system/tinc.service | |||
* it is part of the Tinc [[HUB]] network | |||
=New users= | |||
==Account creation== | |||
When adding new user account it, they should: | When adding new user account it, they should: | ||
* be added to the sudo group | |||
* have a <nowiki>~/public_html</nowiki> under the group publicweb | * have a <nowiki>~/public_html</nowiki> under the group publicweb | ||
* <nowiki>~/</nowiki> under the group publicweb | * <nowiki>~/</nowiki> under the group publicweb | ||
* be given a default password which they are requested to change | * be given a default password which they are requested to change | ||
The following script will take care of those steps: | |||
<source lang="bash"> | |||
#!/bin/sh | |||
u=$1 | |||
# create user account | |||
adduser $u | |||
# add user to grops sudo publicweb | |||
adduser $u sudo | |||
adduser $u publicweb | |||
# create ~/.ssh/authorized_keys | |||
mkdir /home/$u/.ssh/ | |||
touch /home/$u/.ssh/authorized_keys | |||
# create public_html dir | |||
mkdir /home/$u/public_html | |||
# make user and group of ~/ | |||
chown $u:$u /home/$u -R | |||
# change group of user dir to publicweb | |||
chown $u:publicweb /home/$u | |||
# give permissions rwxr-x--x others need to be x for apache transversing | |||
chmod 751 /home/$u | |||
# just allow read permission and traversal for the group, no write to public_html dir | |||
chmod 750 /home/$u/public_html | |||
# make the files created under public_html belong to publicweb group | |||
chmod g+s /home/$u/public_html | |||
# change group of public_html to publicweb | |||
chgrp publicweb /home/$u/public_html | |||
</source> | |||
==ssh access== | |||
SSH from outside the HRO network is done via the Tinc [[Hub]] network | |||
To allow ssh access, new users will need to: | |||
* generate a ssh key pair (if don't yet have one) | |||
** <span style="background:yellow">'''ensure the key is generate with ''ed25519'' algorithm, instead of the default rsa'''</span> <code>ssh-keygen -t ed25519</code> | |||
* add public key to user's <nowiki>~/.ssh/authorized_keys</nowiki> | |||
=current users= | =current users= | ||
Revision as of 12:11, 16 April 2020
The Sandbox is Raspberry Pi used as a UNIX playground/prototyping platform available to all students.
- location: Xpub Studio
- HUB IP: 10.0.0.11
- Public URL https://hub.xpub.nl/sandbox/
- users public_html https://hub.xpub.nl/sandbox/~username/
- Disk space: total: 59G Used: 4.5G Free: 52G (April 2020)
- Webserver: apache2
- Tinc service files:
- /etc/systemd/system/tinc@hub.service
- dependent on /etc/systemd/system/tinc.service
- it is part of the Tinc HUB network
New users
Account creation
When adding new user account it, they should:
- be added to the sudo group
- have a ~/public_html under the group publicweb
- ~/ under the group publicweb
- be given a default password which they are requested to change
The following script will take care of those steps:
#!/bin/sh
u=$1
# create user account
adduser $u
# add user to grops sudo publicweb
adduser $u sudo
adduser $u publicweb
# create ~/.ssh/authorized_keys
mkdir /home/$u/.ssh/
touch /home/$u/.ssh/authorized_keys
# create public_html dir
mkdir /home/$u/public_html
# make user and group of ~/
chown $u:$u /home/$u -R
# change group of user dir to publicweb
chown $u:publicweb /home/$u
# give permissions rwxr-x--x others need to be x for apache transversing
chmod 751 /home/$u
# just allow read permission and traversal for the group, no write to public_html dir
chmod 750 /home/$u/public_html
# make the files created under public_html belong to publicweb group
chmod g+s /home/$u/public_html
# change group of public_html to publicweb
chgrp publicweb /home/$u/public_html
ssh access
SSH from outside the HRO network is done via the Tinc Hub network
To allow ssh access, new users will need to:
- generate a ssh key pair (if don't yet have one)
- ensure the key is generate with ed25519 algorithm, instead of the default rsa
ssh-keygen -t ed25519
- ensure the key is generate with ed25519 algorithm, instead of the default rsa
- add public key to user's ~/.ssh/authorized_keys
current users
For sanitary reasons graduated students' and past guests' accounts should be deleted.
User list from April 2020
| username | role | year |
|---|---|---|
| andre | tutor | |
| anna | student | 2019-2021 |
| avital | student | 2019-2021 |
| anna | student | 2019-2021 |
| claranoseda | student | 2019-2021 |
| damlanur | student | 2019-2021 |
| ezn (Mika) | student | 2019-2021 |
| ioanatomici | student | 2019-2021 |
| markvandenheuvel | student | 2019-2021 |
| max | student | 2019-2021 |
| sandra | student | 2019-2021 |
| tisaneza | student | 2019-2021 |
| biyiwen | student | 2018-2020 |
| bootje | student | 2018-2020 |
| estragon (Artemis) | student | 2018-2020 |
| outis (Tancredi) | student | 2018-2020 |
| palomagarcia | student | 2018-2020 |
| psc (Pedro) | student | 2018-2020 |
| ritagraca | student | 2018-2020 |
| saibura (Simon) | student | 2018-2020 |
| mmurtaugh | tutor | |
| gnd | sysadmin | |
| dickreckard (Martino) | guest(SI12) | |
| implicant_04 (Femke) | tutor |