1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

built debian server to host tivo hd recordings, next steps?

Discussion in 'TiVo Home Media Features & TiVoToGo' started by markmarz, Jun 2, 2012.

  1. Jun 2, 2012 #1 of 52
    markmarz

    markmarz Member

    94
    0
    Feb 3, 2002
    Chicago, IL
    Woo hoo!! Installed debian on my new home-built off a usb drive (that was a challenge in itself); everything's cool! In fact I'm writing to you now from Iceweasal on the new server.

    I know I'd like the server to run headless and I know that involves running xdmcp to allow me to bring up the desktop remotely, say on my windows laptop; and I know I need to share the filesystem(s) on the server, but I could use a hint how to accomplish all that.

    Meantime I'll keep digging.

    Thanks!
     
  2. Jun 3, 2012 #2 of 52
    lrhorer

    lrhorer New Member

    6,922
    0
    Aug 31, 2003
    San...
    Since you are posting from IceWeasel, I take it you are running a desktop already. That being the case, you already have X up and running. One thing (I don't recall) are you running an Intel or AMD system? I don't know if it has been fixed, but there was a small bug that caused some Intel based systems to lock up on boot if there was no display. It's a fairly easy fix if it happens, so report back if you cannot bring up your system without a monitor attached while running X.

    The following assumes you have a secure network, specifically a NAT firewall providing internet access. If not, we will need to talk about implementing a firewall on the server. I recommend the external firewall, but if you don;t want to or for some reason are unable to implement the external firewall, ping back and we can secure your system before moving forward.

    Meanwhile, the first step is to make sure the server has a fixed IP. A dynamic IP and servers do not mix well. Your clients really need to know where they can find the server without a lot of contortions.

    Next you need to open up the system to respond to XDMCP requests.

    Finally, you should have ssh enabled.

    OK, to get started, open up a terminal session. Switch to the root user identity (please, no grumbles from paternalistic Linux types) by typing `su` and entering the root password at the password prompt. Type each of the following, allowing the system to install each software:

    Code:
    apt-get install vim
    apt-get install openssh-server
    To edit a file, issue the command

    Code:
    vim <filename>
    Vi and vim are a bit arcane, but for your purposes all you need to know is pressing the <insert> key once enters insert mode. Pressing it successive times toggles between insert and overwrite mode. To exit either editing mode, press <Esc>. To save and quit the file, (after exiting the edit mode by pressing <Esc> ) press :wq! To exit without saving, type :q!

    Edit the interfaces file by typing

    Code:
    vim /etc/network/interfaces
    and make it look something like the following (choose the IP address as you like, making sure it is not an address your router will try to set automatically):

    Code:
    # This file describes the network interfaces available on your system
    # and how to activate them. For more information, see interfaces(5).
    
    # The loopback network interface
    auto lo
    iface lo inet loopback
    address 127.0.0.1
    netmask 255.0.0.0
    
    # The primary network interface
    allow-hotplug eth0
    iface eth0 inet static
    address 192.168.xxx.yyy
    netmask 255.255.255.0
    gateway 192.168.xxx.1
    auto eth0
    (This assumes your gateway router is 192,168.xxx.1)
    Save and quit the file by pressing <Esc>:wq!

    To enable the IP so you can use it without rebooting the machine, type

    /etc/init.d/networking restart (Deprecated)

    Code:
    ifdown eth0
    ifup eth0
    The next step depends on whether you are using gdm or kdm as your display manager.

    If you are using gdm, then editing the /etc/gdm/gdm.conf file to contain the lines

    Code:
    [xdmcp]
    Enable=true
    and then issuing the command

    Code:
    /etc/init.d/gdm restart
    should allow you to log in to the server with an X-server such as X-ming or Exceed Hummingbird from a networked computer. Of course you will need to install the X-server of your choice on the remote machine, first. There is a free version of X-ming available for Windows.

    If you are using kdm (which I prefer) as your display manager, then edit the /etc/kde4/kdm/kdmrc file to contain the same two lines. Note there are a great many more options in /etc/kde4/kdm/kdmrc, and you might like to study them to see what other options for logging in you may want to implement. Once again, issue the

    Code:
    /etc/init.d/kdm restart
    command to enable your changes.
     
  3. Jun 3, 2012 #3 of 52
    wmcbrine

    wmcbrine Ziphead

    10,363
    22
    Aug 2, 2003
    That's not really necessary. Unlike in Windows, in Linux you can do most of what you need to from the command line, so telnet or ssh is sufficient. On the rare occasions when I want to run an X app remotely, I just do an "ssh -X" and start the app from the command line.

    Leaving an X environment running full-time on a headless server can be a waste of server resources.
     
  4. Jun 3, 2012 #4 of 52
    markmarz

    markmarz Member

    94
    0
    Feb 3, 2002
    Chicago, IL
    Sounds good. So ssh -X will enable me to later kick off kmttg, right?

    I avoid running X full-time by not kicking off xdmcp?

    Sorry for the dumb questions .. long-time programmer, been using Solaris for years and now AIX at work, but novice linux administrator. I found this site this morning: http://www.linux-tutorial.info. Seems like a good start; there's some I know, but only picked up haphazardly. I learn best by starting at the beginning.
     
  5. Jun 3, 2012 #5 of 52
    markmarz

    markmarz Member

    94
    0
    Feb 3, 2002
    Chicago, IL
    amd-64

    ping!

    I've been looking around at linux security since reading your reply and realize this is going to require a whole heck of a lot of background study. I'm not adverse to having the incantations handed over w/o much of an understanding in the interests of expediency! I'm going to hold off on further steps as you suggest until security is set up. I'll be trying to learn the basics in the meantime.

    Don't know for sure but I think GDM. I'm using LXDE, is that a clue?
     
  6. Jun 3, 2012 #6 of 52
    markmarz

    markmarz Member

    94
    0
    Feb 3, 2002
    Chicago, IL
    Well, I did just go ahead and attempted to add this software; didn't seem like that would hurt. Although vim installed fine, having a problem with openssh-server:

    Code:
    Media change: please insert the disc labeled
     'Debian GNU/Linux 6.0.5 _Squeeze_ - Official amd64 xfce+lxde-CD Binary-1 20120512-14:33'
    in the drive '/media/cdrom/' and press enter
    The sad thing is I didn't actually install from a physical cd; I installed from a cd image put to a usb stick via win32 disk imager because I don't have a cd player right now. Tried re-inserting usb stick but didn't help. I also know diddly-squat about filesystems on linux so no idea how to (say) point to the usb stick if pointing is what's needed. I will be getting a cd player in a few days; I could write the install image to it and try from there.
     
  7. Jun 3, 2012 #7 of 52
    markmarz

    markmarz Member

    94
    0
    Feb 3, 2002
    Chicago, IL
    Okay, problem solved. Installed synaptic and disabled cd rom image from package sources, then installed openssh-server.
     
  8. Jun 3, 2012 #8 of 52
    lrhorer

    lrhorer New Member

    6,922
    0
    Aug 31, 2003
    San...
    Yep. The sources list is kept at /etc/apt/sources.list. I'm a little surprised the CD-ROM source was kept there, since you did a netinst installation.

    I don't much like Synaptic, but it does get the job done. I much prefer kpackage, but for some bizarre reason they have decided to pull it from development. I'm using a back port. Don't worry about the file systems. Linux can take care of all that for you until you are ready to format your array (or whatever you decide to deploy). For a video server, I like XFS. It handles underlying arrays expeditiously, and it is very fast at creating and writing files. It tends to be a bit slow at deleting thousands of files, but on a video server, that almost never happens.
     
  9. Jun 3, 2012 #9 of 52
    markmarz

    markmarz Member

    94
    0
    Feb 3, 2002
    Chicago, IL
    Thanks, I will go with XFS. Seems particularly well suited to my enormous TD HD files, which should be the overwhelming majority of user files.

    In the meantime, I would like to implement a software firewall (don't want to buy an external firewall) .. is this offer still on?

    Other than wireless security (but this server is wired to switch as is the pc I plan to remote into it with), and whatever firewall features are implemented by default in the DLink 655 router, I'm not aware of any other security on the network.

    Don't know, but don't think I have that. I'm reluctant to move forward until the system is secure, or at least secure enough. Or does going forward with your instructions starting with
    all I need to do?
     
  10. lrhorer

    lrhorer New Member

    6,922
    0
    Aug 31, 2003
    San...
    It's true it is not strictly necessary, and I frequently spawn independent X apps in their own windows. There are some advantages to using a native Desktop manager, however. Among them are the ability to automatically launch a suite of apps on the server upon login under a single desktop, having multiple desktops, and I find operations like cut-and-paste to be much, much easier under KDE than Windows.

    Yeah, but I don't think he is going to be doing it full time. Of course, neither way is terribly difficult. What's more, on modern systems, the use of resources by the X environment is not really aggressive compared to their capabilities. I have an XDMCP KDE session up right now on one of my servers with kmttg, five terminal sessions, kpackage, Gnome System Monitor, and KNUT client all running. One CPU is below 4%, and the other is running 26%, but only because the monthly array check is running. Ordinarily, they would both be well under 4%. Memory is 2.7G out of 4G, with 1G of swap. Normally, swap would be under 800K, but wine is using a pretty big chunk.
     
  11. lrhorer

    lrhorer New Member

    6,922
    0
    Aug 31, 2003
    San...
    Yeah, it is.

    Unless you have its firewall disabled, the D-Link 655 IS an external firewall. As long as the firewall on the 655 is enabled and you have your wireless segments properly secured, that is all that is needed. We certainly could implement iptables, but it really is not necessary.

    Yeah, just make sure your passwords are strong, and that the local wireless network is locked down tight. You can run an insecure guest network, if you like. Disallowing remote root logins (which should be the default) is a good idea.
     
  12. lrhorer

    lrhorer New Member

    6,922
    0
    Aug 31, 2003
    San...
    On the Linux machine, yes. Of course you can, if you choose, run kmttg on a remote (presumably windows) machine and simply have it write to the server. For your purposes, it is probably 6 of one and half a dozen of the other.

    Yes. Perhaps more to the point, the desktop manager is then Windows, not the Linux GUI.

    They aren't dumb.
     
  13. lrhorer

    lrhorer New Member

    6,922
    0
    Aug 31, 2003
    San...
    Oh, good. 'Definitely won't be a problem, then.

    Yeah. Iptables is extremely powerful, but damnably arcane.

    Well, OK, there may be some things in there you want to implement, but for now, as long as you have the firewall on the 655 set up properly and have that wireless network locked up tight, it should be fine.

    No, I'm afraid not. I'm not very familiar with LXDE, but unless it has some requirements of which I am unaware, it should be able to run under either gdm or kdm. Indeed, until 2009, it had to run under one or the other of those. In 2009, LXDM, a display manager written specifically for LXDE was released, but I am not sure it is supported under Debian. (LXDE definitely is.)
    There is a simple way to tell, though. Look at the contents of /etc/default-display-manager. It will tell you what display manager is in use.
     
  14. lrhorer

    lrhorer New Member

    6,922
    0
    Aug 31, 2003
    San...
    The short answer to that is: SAMBA.

    Depending on the options you selected during install, SAMBA may already be installed. You can check using Synaptic, or just type

    Code:
    apt-get install samba
    If it is not installed automatically, I also recommend

    Code:
    apt-get install swat
    SWAT (SAMBA Web Administration Tool) allows one to configure and administer SAMBA via web browser from any machine on the LAN.

    As always, if SAMBA or SWAT are already installed and configured, apt-get will notify you of the fact.

    Now the first question is, "How secure does the share need to be?" If you want anyone on the LAN to be able to read, write, and delete files on the share, things get pretty simple. If you want to restrict access, they can get rather more complicated. Note there is absolutely nothing wrong with creating more than one directory on the array, with some of the directories being shared wide open and others being locked down. For example, I created several separate wide open shares for video, music, DVD rips, etc. I also created a personal directory for myself, one for my roommate, and one for each of her daughters. Both on the server itself and on the shares, no one but me can read or write my directory, only my roommate can read and write her directory, etc.

    After you install SAMBA, you will need to create SAMBA users. These are very much like regular Linux users, and indeed it may be a good idea to create the same SAMBA users as Linux users. To that end, the use of mksmbpasswd before the first time SAMBA is run will copy all the Linux users over to the /etc/smbpasswd file. The passwords will not be copied. Once you have all your Linux users created, type:

    Code:
    cat /etc/passwd | /usr/sbin/mksmbpasswd > /etc/samba/smbpasswd
    Then use the smbpasswd utility to create the passwords for SAMBA. Here is a good basic tutorial on setting up SAMBA. Below is a copy of my /etc/samba/smb.conf file:

    Code:
    RAID-Server:/usr/bin# cat /etc/samba/smb.conf
    # Samba config file created using SWAT
    # from UNKNOWN (192.168.1.5)
    # Date: 2011/08/21 08:40:03
    
    [global]
    	workgroup = HOME
    	map to guest = Bad User
    	guest account = lrhorer
    	printcap name = cups
    	disable spoolss = Yes
    	mangle prefix = 6
    	domain master = No
    	ldap ssl = no
    
    [Server-Main]
    	path = /RAID/Server-Main/
    	valid users = lrhorer, lgates, "Leslie A Rhorer"
    	admin users = lrhorer
    	read only = No
    	guest ok = Yes
    
    [TiVo-Music]
    	path = /RAID/Music/
    	admin users = lrhorer
    	read only = No
    	guest ok = Yes
    
    [Video]
    	path = /RAID/Recordings/
    	admin users = lrhorer
    	read only = No
    	guest ok = Yes
    
    [Leslie]
    	path = /RAID/Personal_Folders/Leslie/
    	valid users = lrhorer, "Leslie A Rhorer"
    	admin users = lrhorer, "Leslie A Rhorer"
    	read only = No
    	guest ok = No
    	strict locking = No
    	browseable = No
    
    [Liza]
    	path = /RAID/Personal_Folders/Liza/
    	valid users = lgates
    	admin users = lgates
    	read only = No
    	guest ok = No
    	strict locking = No
    	browseable = No
    
    [Tiffany]
    	path = /RAID/Personal_Folders/Tiffany/
    	valid users = tgates
    	admin users = tgates
    	browseable = No
    	strict locking = No
    
    [Photos]
    	path = /RAID/Photos/
    	admin users = lrhorer
    	read only = No
    	guest ok = Yes
    
    [DVD_Rip]
    	path = /RAID/DVD
    	valid users = lrhorer, root
    	read only = No
    	guest ok = Yes
    
    [Thermostat]
    	path = /usr/share/thermostat
    	username = root
    	valid users = lrhorer, root
    	admin users = lrhorer, root
    	read only = No
    	guest ok = Yes
    
    [html]
    	path = /var/www
    	valid users = lrhorer, root
    	admin users = lrhorer, root
    	read only = No
    	guest ok = Yes
    
    Note that I lock down the personal folders not only by setting guest = no and making the shares non-browseable, but I also set strict permissions on the Linux server itself. The personal directories and all the files and subdirectories in them are set for a permission of 700, 600, 500, 400, or 100 as the case may be, with the owner of every directory and file being the user themselves. By comparison, the /RAID/Photos, /RAID/Music, and /RAID/Recordings directories are set with permissions of 777, and most of the files are at least world readable and writable. Anyone can map those folders as drives on their PC.
     
  15. markmarz

    markmarz Member

    94
    0
    Feb 3, 2002
    Chicago, IL
    Perfect!
     
  16. markmarz

    markmarz Member

    94
    0
    Feb 3, 2002
    Chicago, IL
    Great! Thanks for the SAMBA intro, I'll get on it asap! Almost there!
     
  17. markmarz

    markmarz Member

    94
    0
    Feb 3, 2002
    Chicago, IL
    And more than SAMBA; I hadn't found this site on my own, it's excellent for a Debian newbie. Heck, I didn't even know I was mispronouncing Debian in my head till I landed there.
     
  18. lrhorer

    lrhorer New Member

    6,922
    0
    Aug 31, 2003
    San...
    How were you pronouncing it? Duh-BEE'-un?

    Of course, once SAMBA is set up, network clients more or less just think the file server is another Windows workstation (or a domain master) with network sharing enabled. If runing Windows, just map the drive as you would a drive from any other Windows machine. From another Linux machine, it is even easier, although for file sharing between Linux workstations, you might choose to employ NFS. NFS and SAMBA can easily be run on the same server, sharing the same directories on the LAN.
     
  19. markmarz

    markmarz Member

    94
    0
    Feb 3, 2002
    Chicago, IL
    Dee' - bee - en

    But Duh is good!

    Just curious .. is the transfer speed across SAMBA pretty much equivalent to FTP? Wondering if sending 10GB files between the server & my pc where I'll run videoredo is best with either? Anyway, I'll experiment on my own once I get it all set up. Very busy at work this week, may be awhile.
     
  20. unitron

    unitron Active Member

    16,387
    2
    Apr 28, 2006
    semi-coastal NC
    Is

    Deb--eee--an

    not correct?

    I don't see how the spelling would suggest anything else.
     

Share This Page