From a571829e6fd4294c527a01948625bff62ca19f9b Mon Sep 17 00:00:00 2001 From: Simon Marsh Date: Sun, 27 Jun 2021 16:26:34 +0100 Subject: [PATCH] add shell web service --- site/content/additional/maintlog/_index.md | 7 ++++ site/content/services/shell.md | 42 ++++++++++++++++++++-- 2 files changed, 47 insertions(+), 2 deletions(-) diff --git a/site/content/additional/maintlog/_index.md b/site/content/additional/maintlog/_index.md index 3ea3572..9e1cc4b 100644 --- a/site/content/additional/maintlog/_index.md +++ b/site/content/additional/maintlog/_index.md @@ -7,6 +7,13 @@ A log of changes to the burble.dn42 network. --- +## 27th June 2021 + +The shell servers now have apache2 installed to provide home directory +public_html access. +See the [Shell Accounts](/services/shell/) service page +for more info. + ## 23rd June 2021 Added shell.ca-bhs2.burble.dn42 as a new shell server. diff --git a/site/content/services/shell.md b/site/content/services/shell.md index b2f45e5..006d49b 100644 --- a/site/content/services/shell.md +++ b/site/content/services/shell.md @@ -14,8 +14,7 @@ The shell service imports user information from the dn42 registry allowing any MNTNER with an SSH auth method to log in to the servers. Usernames are constructed by lowercasing and removing the '-MNT' suffix. -For example: - +{{}} **FOO-MNT** ``` mntner: FOO-MNT @@ -26,6 +25,7 @@ Log in using the key specified in the auth method: ```shell ssh foo@shell.fr-rbx1.burble.dn42 ``` +{{}} Your home directory is created automatically on first access and will then persist across logins. @@ -45,6 +45,40 @@ The current set of packages can be found in the shell config repo: Requests for additional packages are welcome, please raise these as [issues](https://git.dn42.dev/burble/config-shell/issues) in the repo. +### Webserver + +The shell servers include a webserver with user directories (`~/public_html/`) +and CGI (`~/public_html/cgi-bin/`) enabled. The webserver is accessed over https +and has a dn42 certificate auto-renewed from the +[ACME service](https://acme.dn42/about.html). + +- `https://shell.fr-rbx1.burble.dn42//` +- `https://shell.ca-bhs2.burble.dn42//` + +{{}} +Remember that any files need to be accessible by the webserver +which runs as user/group www-data/www-data; CGI scripts must also be executable. +The default umask of 077 means that the webserver won't be able to +read your public_html folder or any files within it without changing permissions. + +A simplistic approach would be to make your home directory, and +public_html directory world readable: + +```shell +chmod a+rX ~ +chmod -R a+rX ~/public_html +chmod -R a+rx ~/public_html/cgi-bin +``` + +A more secure way of allowing access would be to use posix ACLs: + +```shell +setfacl -m "u:www-data:rX" ~ +setfacl -Rdm "u:www-data:rX" ~/public_html +setfacl -Rdm "u:www-data:rx" ~/public_html/cgi-bin +``` +{{}} + ### Scratch Area (*fr-rbx1 only*) A large storage area is mounted on to /scratch @@ -55,8 +89,10 @@ area it is recommended to create your own directory (named after your username) and then store all your stuff in the new directory; this will help prevent clutter. +{{}} Note that the storage for /scratch is nfs mounted across dn42 so performance will be variable. +{{}} ### Changing Shell @@ -64,11 +100,13 @@ The registry import process currently limits the initial shell to /bin/bash and currently this cannot be changed. If you want to use something different, just exec to the new shell in your .profile or .bashrc. +{{}} Example .bashrc line for zsh: ```shell if [[ $- == *i* ]]; then exec /usr/bin/zsh; fi ``` +{{}} ### Cron, Batch and Services