Linux File Permissions, Groups, and Users

Why Are Permissions Important?

Permissions are important for keeping your data safe and secure.   Utilizing permission settings in Linux can benefit you and those you want to give access to your files and you don’t need to open up everything just to share one file or directory (something Windows sharing often does).  You can group individual users together and change permissions on folders (called directories in Linux) and files and you don’t have to be in the same OU or workgroup or be part of a domain for them to access those files.  You can change permissions on one file and share that out to a single group or multiple groups.  Fine grained security over your files places you in the driver seat in control of your own data.

Some will argue that it may be too much responsibility…that placing this onto the user is foolish and other aforementioned operating systems don’t do this.  You’d be right…XP doesn’t do this.  However, Microsoft saw what Linux and Unix do with the principle of least privilege and have copied this aspect from them.  While the NTFS filesystem employs user access lists with workgroups and domains…it cannot mirror the fine grained, small scale security of Linux for individual files and folders.  For the home user, Linux empowers control and security.

I’m going to go over how users and directory/file permissions work.  So, let’s setup an example that will allow us to explore file permissions.  If you have any questions, just ask it in the comments section at the end of the article.

File Permissions Explained

permissionsThe picture to your left is a snapshot of my $HOME directory.  I’ve included this “legend” to color code and label the various columns.  Let’s go through the labels and names of things first and then work on understanding how we can manipulate them in the next section.

As noted in the picture, the first column (orange) explains whether or not the contents listed is a directory or not.  If any of these happened NOT to be a directory, a dash (-) would be in place of the d at the beginning of the listing on the far left.

In the second, third, and fourth column (Green, Blue and Red) we find permissions.  Looking at the gray box in the bottom-right corner gives us an explanation of what each letter represents in our first few columns.  These tell us whether or not each user, group, or other (explained in detail later in this article) have read, write, and execute privileges for the file or folder/directory.

In the 5th column (white) the number of hard links is displayed.  This column shows the number of actual physical hard links.  A hard link is a directory reference, or pointer, to a file on a storage volume that is a specific location of physical data.  More information on hard links vs. symbolic (soft) links can be found here.

In column 6 (light blue) we find the user/owner of the file/directory.  In column 7 (gray blue), the group that has access to the file/folder is displayed.  In column 8 (pink), the size of the file or folder is shown in kilobytes.  In column 9 (fluorescent green), the last date the file or folder was altered or touched is shown.  In column 10 (grey), the file or directory name is displayed.

We’re going to pay specific attention to the first four columns in the next section and then follow that up by working with the sixth and seventh by going over user/owner and group.  Let’s move on to go over all of those rwx listings and how we can make them work for us.

Read, Write, Execute – User, Group, Other

First, let’s go over what different permissions mean.  Read permission means you can view the contents of a file or folder.  Write permission means you can write to a file or to a directory (add new files, new subdirectories) or modify a file or directory.  Execute permission means that you can change to a directory and execute ( or run ) a file or script for that file or directory.

The User section shown in green in the picture above shows whether or not the user can perform the actions listed above.  If the letter is present, the user has the ability to perform that action.  The same is true for the Group shown in blue above…if a member of the group that has access to the file or directory looks in this column, they will know what they can or can’t do (read,write, or execute).  Lastly, all others (noted in the red column above).  Do all others have read, write, and execute permissions on the file or folder?  This is important for giving anonymous users access to files in a file server or web server environment.

You can see how fine grained you might be able to set things up with…For example, you may give users read only access while allowing a group of 5 users full control of the file or directory.  You may want to switch that around.  It’s entirely up to you how you want to setup permissions.

More about Groups

Let’s go through setting up a group and adding a few users to it and then assigning that group permissions to access a directory and file.

Create a file inside your home directory by opening up a shell or terminal and typing:

touch ~/example.txt

You’ve now created a file called example.txt inside your home directory.  If you are already there, you can list the contents with the ‘ls’ command.  Do that now.  If you’re not already there, type ‘cd ~/’ and you will be taken to your home directory where you can ‘ls’ list the files.  It should look similar to the following:

[devnet@lostlap ~]$ ls -l
total 40
drwxr-xr-x  2 devnet devnet 4096 2010-05-24 17:04 Desktop
drwxr-xr-x  6 devnet devnet 4096 2010-05-24 13:10 Documents
drwxr-xr-x  9 devnet devnet 4096 2010-05-27 15:25 Download
-rw-rw-r--  1 devnet devnet    0 2010-05-28 10:21 example.txt
drwxr-xr-x 13 devnet devnet 4096 2010-05-26 16:48 Music
drwxr-xr-x  3 devnet devnet 4096 2010-05-24 13:09 Pictures
drwxr-xr-x  3 devnet devnet 4096 2010-05-24 13:04 Videos

Next up, let’s create a new group and a couple of new users.  After creating these we’ll assign the users to the new group.  After that, we’ll move the file and lock it down to the new group only.  If everything works as planned, the file should be accessible to root and the other 2 users but NOT accessible to your current user. You’ll need to be root for all of these commands (or use sudo for them). Since I have sudo and don’t want to continually type sudo, I used the command “sudo -s” and entered my root password to permanently log in as root in a terminal for the duration of this how-to. OK, Let’s get started:

[root@lostlap ~]$ useradd -m -g users -G audio,lp,optical,storage,video,wheel,games,power -s /bin/bash testuser1
[root@lostlap ~]$ useradd -m -g users -G audio,lp,optical,storage,video,wheel,games,power -s /bin/bash testuser2

The above commands will create two users that should be pretty close to your current logged in user (as far as group membership goes).  If the groups you’re adding the user to do not exist, you may get a warning that the groups don’t exist…no worries, just continue.  If the above commands don’t work on your system (I used Arch Linux to do this) then you can use the GUI elements to manage users and add a new one.  You won’t need to add them to any extra groups since we just need a basic user.  Next, let’s create our ‘control’ group.

[root@lostlap ~]$ groupadd testgroup

The above command creates the ‘testgroup’ group. Now let’s add the two users we created to this group.

[root@lostlap ~]$ gpasswd -a testuser1 testgroup
[root@lostlap ~]$ gpasswd -a testuser2 testgroup

The command above adds both our test users to the test group we created. Now we need to lock the file down so that only those users inside of ‘testgroup’ can access it. Since your current logged in user is NOT a member of ‘testgroup’ then you shouldn’t be able to access the file once we lock access to that group.

[root@lostlap ~]$ chgrp testgroup example.txt

The above command changes the group portion of file permission (discussed earlier) from a group your currently logged in user is a member of to our new group ‘testgroup’. We still need to change the owner of the file so a new terminal opened up as your current user won’t be the owner of example.txt.  To do this, let’s assign example.txt a new owner of Testuser2.

[root@lostlap ~]$ chown testuser2 example.txt

Now when you try to access the file example.txt you won’t be able to open it up as your standard user (root still will be able to access it) because you don’t have the permissions to do so. To test this, open up a new terminal (one where you are not root user) and use your favorite text editor and try to open up example.txt.

[devnet@lostlap ~]$ nano example.txt

Both testuser1 and testuser2 will be able to access example.txt because testuser2 owns the file and testuser1 is in the testgroup that has access to this file. However, your current logged in user will also have READ rights to it but will not be able to access it. Why? Let’s take a look at the permissions on example.txt

[devnet@lostlap ~]$ ls -l example.txt
-rw-r--r-- 1 testuser1 testgroup 8 2010-05-28 10:21 example.txt

Notice that the user, group, and other (1st, 2nd, and 3rd position of r,w,x – see the handy diagram I made above) have permissions assigned to them. The user can read and write to the file. The group can read it. Others can also read it. So let’s remove a permission to lock this file down. Go back to your root terminal that is open or ‘sudo -s’ to root again and do the following:

[root@lostlap ~]$ chmod o-r example.txt

Now go back to your user terminal and take a look at the file again:

[devnet@lostlap ~]$ ls -l example.txt
-rw-r----- 1 testuser1 testgroup 8 2010-05-28 10:21 example.txt

Once that has been accomplished, try and open the file with your favorite text editor as your currently logged in user (devnet for me):

[devnet@lostlap ~]$ nano example.txt

Your user now should get a permission denied error by nano (or whatever text editor you used to open it). This is how locking down files and directories works. It’s very granular as you can give read, write, and execute permissions to individual users, groups of users, and the general public. I’m sure most of you have seen permissions commands with 777 or 644 and you can use this as well (example, chmod 666 filename) but please remember you can always use the chmod ugo+rwx or ugo-rwx as a way to change the permissions as well. I liked using letters as opposed to the numbers because it made more sense to me…perhaps you’ll feel the same.

Hopefully you now have a general understanding how groups, users and permissions work and can appreciate how the complexity of it is also elegant at the same time. If you have questions, please fire away in the comments section. Corrections? Please let me know! Thanks for reading!

ICH6 Intel Sound on Unity or Mandriva PulseAudio Fix

I had been fighting for a very long time with pulseaudio on Unity Linux 2010…it just didn’t seem to work for me.  There were problems with having to mute and unmute the external amplifier channel in alsamixer in order to get sound to work.  On some boots there was no sound and on others, sound was fine.  When I finally installed TinyMe 2010 RC last week, I disabled pulseaudio all together to get the sound working with ALSA only.

Then the worst thing that could possibly happen on my Gateway M250 happened…ALSA stopped working and there was no sound.  I started pulseaudio back up to no avail…no matter what I did, nothing worked to get sound up and running.

It was about the time I wanted to carve the sound pieces out of my laptop and throw them across the room that I decided to give everything I tried in the past one more try.

I fixed it…and I was pretty amazed that the solution was as easy as it was having spent weeks upon weeks fighting the pulseaudio issue.  I can only surmise that I made a typo in the module that I needed to blacklist.  After this arduous journey, it came down to blacklisting the modem sound card to make things work.

To do this on Mandriva and Unity Linux you’ll need to blacklist the following module:  snd_intel8x0m.  Notice the ‘m’ on the end of the standard module snd_intel8x0 for the ICH6 sound card.

You can do this by editing the following file as root in your favorite text editor:  /etc/modprobe.d/blacklist-compat

Add the following line anywhere in this file:

blacklist snd_intel8x0m

After that, you can reboot to make sure the module is blacklisted.  I know there are more elegant ways to load and unload kernel modules but this is the easiest way to get the job done for new users.  Subsequent reboots resulted in still having sounds.  Thankfully, I didn’t have to rip my laptop apart in a quest to throw the sound portions.  I sure hope this helps others out!

Finding Files with locate

Many Linux users use the ‘find’ utility when searching for files using the command line on their system. They’ll do a simple:

find / -name 'pattern'

Really though, the power of find isn’t just in finding names of files but rather specific details about those files. For example, if you wanted to find files which are writable by both their owner and their group:

find / -perm -444 -perm /222 ! -perm /111

or perhaps find any file that’s been altered in your Download directory in the past 24 hours:

find /home/user/Downloads/ -mtime 0

As you can see, the find command is very versatile and can be used to find an array of different attributes of files.  There are times though where I’m just looking for something and I don’t want to have to wait for the command to scan the entire directory tree in order to track it down.  That’s where locate comes in with quick and simple results.

Using the Locate Command

Using the locate command can only be accomplished if you install the mlocate package.  Most major distributions have this available.  If not, head over to the mlocate homepage and install manually.  Once that is accomplished, you’ll need to manually run a command to index your filesystem with it…otherwise, you’ll have to wait for the command to run automatically as it registers with cron to do so on a system level.  Open an terminal and change to your root user, then execute the following:

updatedb &

This updates the mlocate database that indexes your files and forks it to the background (the ‘&’ forks it to the background).  You can now logout of the terminal as root and the process will quietly work in the background.

After the command completes, using mlocate is as easy as using the locate command:

locate firefox | less

The command above will look for all files with firefox in the name and pipe the command through less so you can use the spacebar or enter key to scroll the file buffer.  Of course, the reason we pipe it through less is because any file that resides in the ‘firefox’ directory will be reported in the output.  While this tool isn’t as granular as the find command, it is a quick way to track down paths, directories, and files you know should exist.  Since the data is indexed using the updatedb command (by cron) the results are very quick and the command does not have to scan through the filesystem to return the results.

There are plenty more advanced options via flags (such as following symbolic links, making search term case sensitive, and even using regexp).  See the man page for details on how each of these options work.  Play around with locate and see what you can do!  It’s a powerful and quick search command!

Installing Openbox on Foresight Linux

My friend Og Maciel originally introduced me to Openbox a while back and I’ve been using it ever since. I love the lightweight feel, the ability to customize and the center around having NO icons on my desktop.  I don’t feel cluttered when I work! Today, we’re going to go over installing Openbox with some added tools.  This tutorial is tailored for Foresight Linux but the guide may very well serve other distros as well.

What is Openbox?

From the Openbox homepage, “Openbox is a minimalistic, highly configurable, next generation window manager with extensive standards support.”  From using it, I often think of it as fluxbox-like with the benefits of being able to dip into Gnome or KDE for the items that I want to use.  Your desktop will then run with speed and simplicity using only the elements you want to use with it.

So…Let’s get Started…

This How-To will assume that you’re running Foresight Linux, you’re logged into Gnome and that you’re familiar with conary, the package manager for Foresight.  First and foremost, install openbox:

[devnet@lostlap Desktop]$ sudo conary update openbox obmenu obconf

This installs the needed components to run Openbox on your system. Openbox is minimal by default though so if you login to the environment now for the first time, there will be no taskbars, nothing…just a large blank area for you to work with. We will need to install some extra components to give a bit more functionality. If you’d like a panel menu, I recommend using tint2. I used to use pypanel which is a small panel written in python but this panel is no longer developed.

There are other panels that are packaged with openbox in mind for Foresight; fbpanel is available, which is a very fast and functional menu bar. I like lxpanel also, which is fbpanel with some easier configuration options. For a full list, please see openbox documentation. For our purposes here, we will install tint2:

[devnet@lostlap Desktop]$ sudo conary update tint2

Now we need to copy the default configuration file for tint2 so we can build our panel to our liking.  You’ll have to create the default path for the tint2rc configuration file.  To do this and copy the config file:

[devnet@lostlap Desktop]$ mkdir -p ~/.config/tint2/
[devnet@lostlap Desktop]$ cp /etc/xdg/tint2/tint2rc ~/.config/tint2/

Now tint2 has a configuration file in place and is ready for Openbox to start.

Let the Configuration Begin!

The hard part (install) is now out of the way thanks to the conary package manager. Now we need to configure Openbox so that it’s ready for us when we log out of Gnome. The configuration files will need to be copied to /home/user/.config/openbox.  Of course, this path doesn’t exist yet so we’ll need to create it like this:

[devnet@lostlap Desktop]$ mkdir -p ~/.config/openbox/

Visiting there now will show that there aren’t any files in this directory.  The file we’ll absolutely need to place there is autostart.sh. Other files that will be in here are rc.xml which is for obconf (openbox configuration) and menu.xml (openbox menu system).  We’ll copy menu.xml from a default copy there later.  The other file should auto-create when loading for the first time (rc.xml)

The autostart.sh file is what starts all of our services and our tint2 panel we just installed as well as setup our wallpaper and other items.  Instead of going through the options you can place in here, I’m going to share my autostart.sh to get you up and running quickly.  Please note that if you chose not to install fbpanel and use the gnome-panel or other panel instead, you’ll need to comment the pypanel line below and uncomment what you’ll be using:

[devnet@lostlap Desktop]$  cat autostart.sh
# This shell script is run before Openbox launches.
# Environment variables set here are passed to the Openbox session.
##############################################################
# Panel Section
##############################################################
# pypanel, my favorite panel for openbox
#(sleep 3 && pypanel) &
# Use the wbar Launcher if you would like.  Don't forget to install it before uncommenting
# wbar &
(sleep 3 && tint2) &

#############################################################
# Gnome Integration Section
#############################################################
# This section let's Gnome give us some of its desktopiness
gnome-power-manager &
nm-applet --sm-disable &
/usr/libexec/gnome-settings-daemon &
gnome-volume-manager --sm-disable &
gnome-keyring-daemon &

###########################################################
# Other Add-on's for Openbox
###########################################################
# Make your wallpaper restore to last setting using Nitrogen.
nitrogen --restore &
parcellite &
volumeicon &
################################# End ###################

Download my autostart.sh

To create the menu system file for openbox, we’ll copy from the default installation to our .config/openbox directory (so we can use obmenu…otherwise, that command will give us an error) so use the following command in a terminal:

[devnet@lostlap Desktop]$ cp /etc/xdg/openbox/menu.xml ~/.config/openbox/

Now you’re ready to login and reap what you have sown 🙂 Logout of Gnome and change sessions in GDM to Openbox.  Notice that your tint2 panel starts up and has the gnome applications we recorded in the autostart.sh file above running and docked! You can add more options to your autostart.sh file and you can also edit tint2rc (in your /home/user/.config/tint2 directory) to store settings for your panel.

I’ve Installed and am Running, Now What?

Now you get to customize the Openbox menu with your favorite applications. Menus are activated by right clicking anywhere on the desktop. There are a few default applications…I choose obconf right away so that I can choose a theme I like and increase the text size since I’m using a high resolution. After that is done, I right click for the menu again and go to applications >> xterm. When the terminal pops up, I type obmenu. From there, I’ll be able to edit my right click menu.

Now instead of entering obmenu in a terminal each time, let’s add it to our right click options. In the obmenu window that you opened in the last paragraph, expand the Openbox 3 option. Find obconf and highlight it. Click ‘new item’ and add obmenu for a label, execute for action, and obmenu for Execute. This will add obmenu to your right click options so you don’t have to open a terminal each time to do things. You can also customize any of the items you find in applications…I put a few things I normally need such as thunderbird, firefox, gnome-terminal, etc. Feel free to add whatever you need…you can have many submenu’s . It’s setup is pretty straightforward.

Nitrogen, the wallpaper manager, requires a small tweak as well to get working. What I did was create a /home/username/Photos/Wallpaper directory and then loaded it up with my favorite desktop wallpaper. Good places to go for cool wallpapers are desktopography.com and vladstudio.com.  Next, install Nitrogen:

[devnet@lostlap Desktop]$ sudo conary update Nitrogen

After your first login, you’ll need to add a menu entry using obmenu to call the nitrogen browser. So create the menu entry and the action you call is:

nitrogen /home/username/Photos/wallpaper

Of course, replace ‘username’ with your users name.  This will allow you to open up all the wallpaper photos inside of that directory.

So What Have we Done?

Today, we’ve installed Openbox on Foresight Linux. We’ve given it a tint2 panel so we have a place to dock applications and we’ve customized the Openbox right click menu and added a wallpaper program called Nitrogen. Hopefully, this shows you the customizable features of Openbox and also shows you the speed that Openbox operates at. It’s a very minimalistic environment, yet one that can be very powerful.

Installation Notes of Interest

tint2

Tint2 is my newly crowned favorite panel for openbox.  It’s lightweight and is able to be configured in so many ways.  I added the sleep command inside my autostart.sh to make sure that the desktop is loaded before the tint2 panel tries to load…mostly, this is due to network manager wanting to animate while the panel loads.  This isn’t as much problem with tint2 as it is with pypanel (see below).

pypanel

Some things I’ve noticed when running openbox…network manager has problems with pypanel. I added the sleep command inside my autostart.sh and this is much better now…but there may be similar problems with network manager. It’s really NM searching for a network and it causes the panel to flicker a bit. Not a real show stopper.

Gnome-panel

Gnome-panel running inside openbox causes a few errors to pop up when I login. This could be due to the fact that I’ve started things in my autostart.sh out of order…I’m also not all together sure what is causing these errors. The problem seems to be with the docking area of gnome-panel as when I minimize programs they are not docked. Easily fixable, but annoying nonetheless.

Alternative Panels

There are quite a few alternative panels out there.  Fbpanel is one.  Perlpanel is another.  Fbpanel and lxpanel are available in the Foresight repositories. You can also add other launchers like wbar if you so desire.

Screenshot

Openbox on Foresight
Openbox on Foresight

Backup Directories and Subdirectories Preserving File Structure

I needed a quick way to backup my small music collection on my laptop and preserve the complete file structure and permissions.  There are a few ways to do this of course…for example, you can just copy the files using whatever file manager you happen to be using in your Linux distribution.  In some cases though, you might want your backup to take up less space than the full monty.  Especially true if you are backing up to thumb drives!

You can use the tar command to make this a snap.

Tar combines multiple files into an archive and you can use it to preserve permissions and file structure and then you can compress the archive to save space.

tar -c --recursion -p --file=backup.tar directory

The -c flag creates an archive for us.  –recursion goes through all subdirectories.  The -p flag preserves permissions on all the files.  This is handy if you have certain folders or files that you need to sticky with individual users or groups.  The –file flag is the option for outputting to a file name.  You can also add multiple directories that you’re zipping up like the following:

tar -c --recursion -p --file=backup.tar directory1 directory2 directory3

After you have the file output as backup.tar it’s time to compress it.  The most standard way to do this is to use the gzip command:

gzip backup.tar

This command will output backup.tar.gz to the current directory which will take up less space than that of a standard 1-to-1 copy.  There are many other flags and options that you can use with the tar command.  For an in depth look at those flags and options, check the tar man page by typing ‘man tar’ in a terminal or view it online here.

UPDATE:

Commenter ‘jack’ has offered a few extra flags to combine the archiving and zipping into one command:

tar -c -z --recursion -p --file=backup.tar directory1 directory2 directory3

The -z flag will gzip the archive after you’ve used tar to create it.  Substituting -j in for -z above will bzip the archive.  Thanks for the tips jack!

Host Your Own Domain, Website and Webserver

This post was originally published on 13 July, 2006.  This version has been updated.

I have a problem with facebook, myspace, and other social networking websites out there.  The problem is when I upload my data to their webservers….I don’t own it anymore.  They do.  And they can do whatever they want with it once it is there.

With this in mind, I’d rather setup my own twitter using Status.net or my own digg using Pligg.  But I’d do it on MY OWN SERVER.  That way, any content I upload is MINE.  It doesn’t reside on some server in California or DC and get recycled to advertisements.

I like to control my own stuff.  I don’t like to be cut out of the loop.  If you’re like me, then you’ll want to host your own domain, website and webserver so that your friends/family/shrink can quickly and easily connect up to see new photos, find out the latest family developments, and understand why you wear tinfoil hats every Thursday after 4pm.

Normally, to host your own webpage you would need to spend around 7 bucks to purchase a domain.  Next you would need a hosting plan that usually runs around 3-15 dollars per month to serve up your web pages.

What most don’t realize is that you can skip these steps all together…you don’t need to get dedicated hosting (this blog is hosted on dedicated hosting…but started out in my apartment!) to serve pages up to your friends and family.  You absolutely do not need to get domain name services through a provider.  You can even host your own webserver using a dialup connection (that’s right…I said dialup) although. I don’t recommend it (but I’ve done it using 56.6kbps).

Why would you want to do this?  The answer might be to stay connected to friends and family…perhaps install a gallery so that your grandparents can see pics of your new dog/car/tinfoil hat.  Sure, you could waste my time with MyWaste..er..space and facebook and be barraged daily by advertisers and solicitors and be inundated with the minutiae of what all your friends had to eat for the day …or you could roll your own web host, install a gallery or website, and provide media to your friends and family without costing yourself a dime.  That’s right, NO COST (except time spent getting it running).  Just remember, your website might not survive a digging or slashdotting if you run it yourself.  Keep that in mind 🙂  So without more chatter, let’s get to the meat and potatoes of things:

Meat and Potatoes

If you have Cable or DSL at home (not a business account) you have something called a dynamic connection.  Dynamic connection means that it can change every once in a while.  DSL and cable ISP’s purchase blocks of IP Addresses in the dynamic range so that they can keep consumers separate from businesses.  It’s also easier for them to manage dynamic pools of people than to have to remember static connections that don’t change for everyone.

Because of this problem…an ever changing connection for you at home…web servers and websites do not do very well.  The reason for this is because when you visit a website on a dynamic connection one day, it might be different the next day.  In order for visitors of a website to find you each and every single time, you need a “domain” or web name that points back to the address (IP Address) your internet service provider changes on a whim.  You’ll also need an update service to update your website each time your ISP decides to change things on you.

Believe it or not, there are free services out there to do that for you.  You just have to be willing to do a little extra work in the beginning to set things up.  You can also do this without spending 20-40 bucks a month on DNS service.

I’ll divide this up into 2 sections.  The first will deal with Linux hosting.  The second, Windows hosting.  This is only something that I’ve found easy to do and the price is just right (it’s free).  The only thing that I recommend is a dedicated internet connection (cable, DSL) but even this is not necessary as dialup can be used.  I recommend that you use the Linux way of doing things since it is more secure and doesn’t require a restart every time you patch it.

*note: I’m assuming that you aren’t behind a firewall/proxy of any kind and that your ISP doesn’t block port 80 traffic.  If your ISP blocks port 80, see the appendix at the end of this article.

LINUX

No matter what version of Linux you run, chances are that you’ll be able to install the apache webserver.  This is good news as over half the websites of the world are run by apache. I’m not going to address the specifics of how to set up your apache…only how to get it a fixed address without buying a domain.  So, you have your html or php pages located into your webservers public directory…good…whatever application you have is installed on your server.  Now, how to resolve your IP…lets say it is…25.24.4.166 (for our example) and you want it to have a host.name.com to bind to.  Easy to resolve.  Go to http://www.no-ip.com/index.php and sign up.  You can get a site from noip that is like yourname.theirdomain.com/.net/.info.  They have cool names like sytes.net and servebeer.org…even workisboring.com.  Other services like dyndns.org also exist and provide the free service as well.

You’ll be able to choose your own top level name…for instance, Ithink.dnsiskinky.com could be your new domain name.  Next download a client from the download tab: https://www.no-ip.com/downloads.php

The linux client is a tar.gz source and is simple to install. Follow the instructions when installing.  You may have to install compilation tools (devel packages like GCC) to install the client.  You now are the proud owner of yoursite.theirsite.com and your IP will ALWAYS update (as long as noip.com is up) each time you log on/sign on/beam up or whatever it is you do.

How does this help you?  Well, if you’re like me, you have a dynamic IP address.  If you connect to the internet via cable, dialup, or dsl…you also have a dynamic IP address.  Dynamic means that it will change from time to time without warning.  So by binding yoursite.theirsite.com to your IP address…you don’t ever have to worry about what IP address you have anymore.  Instead, you’ll always be able to connect using yoursite.theirsite.com.  You can host a webserver using Apache and a virtual host in this style as well (look for another how-to on this subject later) so that everyone can visit a shiny website at yoursite.theirsite.com.

Now you can give your friends/family/dog walker/mailman the address to your new webserver…maybe it’s Ithink.dnsiskinky.com like we used in the example above.  Now when they visit that address in their web browser, your application or web page displays for them.  You also get bragging rights at being the most technical friend/relative/dog walker client/household that everyone knows.  Now let’s cover Windows.

WINDOWS

First you need a free and clear webserver since one is not included by default with windows. You can download Apache for this as well OR try the Abyss Webserver.

Interestingly enough, Abyss is also free!  I ran it while my linux machine was being worked on (bad hard disk…it was a Quantum 200MB drive from 1913…had to upgrade) and it worked just great off of Windows XP.  Download that puppy and install it.  Make sure you read all of the documentation and familiarize yourself with how Abyss does business.

The next step…getting a hostname… is even easier than the linux method because you don’t have to manually install the noip client…they have a windows installer.  Go to http://www.no-ip.com/index.php and sign up.  Choose the domain name you would like (see above examples in Linux section).  Next, download the noip client from the download tab: https://www.no-ip.com/downloads.php but this time choose the windows client.  From there, you’ll be able to install this with a simple double click.  Fill in all of your information (pretty self explanatory) and make sure that it will run with each time you sign on.  You’re set! Your IP will now resolve to the yourchoice.theirhostname.com

CONCLUSION

You don’t have to spend a dime to keep a domain bound to your IP.  This is perfect for the home user who just wants a gallery or homepage.  It’s even good for someone who has a weblog or enthusiast site.  It’s good for someone who wants to be able to find their files and music…setup Jinzora and stream all your music library to yourself anywhere you are!  Setup Amahi and have access to all the goodness it brings.

Please remember, this wouldn’t be good for a business to have.  You will probably violate your ISP’s terms and conditions for using their connection if you tried to run a business this way.

It’s always good form to put a link of the stuff you are using on your website to direct traffic back to your software provider.  When I used noip, I included a noip link on my main page and also an abyss webserver icon as well.  It’s just good form and some companies/software providers necessitate the use of their logo or a link on sites that use their software/code.  Just be a nice person and give a link back to them.  Good luck! Have fun!

Also, please note that having hosted my own webserver for quite some time (circa 2001) I’ve found Linux and Apache as a combination to be more secure, faster, and more stable than any webserver I’ve hosted on the Windows Platform. I included information on Windows mainly to introduce you to the concept of free and open source software. If you thought getting a webserver for free was great, think about getting a whole operating system! Give it a try, you don’t even have to install it (use a Live CD).

APPENDIX

If your ISP blocks port 80 traffic, your webserver won’t work.  Before deciding that your ISP is blocking however, make sure your firewall has the appropriate rules to allow incoming traffic.  You can do a quick add to IPTABLES in the following manner:

iptables -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -j DROP

If you’ve opened up the appropriate ports and things still don’t work, it will be safe to say that you’ve determined the ISP is blocking port 80.  How you can get around this conundrum is to switch the listening port on the webserver to a different one and redirect traffic there.

  1. See how to do this for IIS Webservers
  2. See how to do this for Apache Webservers (normally in /etc/apache2/httpd.conf but your distro may vary.)
  3. See how to do this for Abyss Webservers

If you still have problems, drop me a line in the comments section.  I may not be able to answer all questions but I can most likely get you to a person/place/thing that can.  Have fun and thanks for reading!

Creative Commons License
Except where otherwise noted, the content on this site is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.