Friday, March 22, 2024
Mar 22 (Fri) – I’m Reporting You, To You!
I’m sharing a recent event in my adventure of being the sysadmin of a home network.
Yesterday I decided to do more research on self-hosted file sharing before I commit to Seafile. I eventually decided to install it.
.
Seafile (the company) strongly recommends that a new user account be created on the server just for running seafile. This makes sense from a security standpoint. So I did. I created a user account named seafile. The first thing for seafile to do is download the seafile server software.
.
This picture has two parts. The top part is a black rectangle. That’s me typing commands into a command prompt on the server. Each step I took is the text that appears to the right of the green and blue text. The bottom half of the picture is some email software I keep running on my workstation. One of the email accounts is my server. This way the server can email me if something important happens. So far so good..
The first thing seafile needs to do is to download the software. But first I wanted to confirm that I was, in fact, using the seafile account. I typed “whoami”. The server responded “seafile”. So far so good.
.
I then typed a command that started with “wget” (”Web Get”) to get the seafile server software off the web. The server responded with “permission denied”. Whoops. My bad. I forgot that when I created the seafile account I gave it just basic permissions. seafile can’t download stuff from the internet.
.
That’s easy to fix, I said to myself. I’ll download the software as a superuser. A superuser can do everything. I enter the same wget command only this time I start the command with the word “sudo”. sudo stands for “super user do“). Perfectly normal procedure so far. Still with me?
.
The server tells me I need to enter seafile’s password to make sure It’s seafile at the keyboard and not someone who conked seafile on the head and is trying to get away with something on myyyy server. So I entered seafile’s password. The server immediately responded. “seafile is not in the sudoers file (i.e. seafile is not a super user but is trying to act like one.) This incident will be reported.”
.
It did. Immediately. On my workstation a text message popped up that said (I’m paraphrasing here) “This is your home server with an important message. An account named seafile thought they were badass and could do super user stuff. I sent you an email that’ll tell you all about it.”
.
My server reported me to me. A boomer thing to do, maybe, but it’s nice to know when something suspicious happens on the server.
.
It took me a hot minute to make seafile a super user, a few seconds to download the seafile server software, and another minute to revoke seafile’s superuser permissions. This is the kind of stuff that passes for excitement around here.
.
It’s cold and sleeting out. We’re on the edge of the bad stuff to the north, Minnesota is taking the brunt of it. So I’m gonna install Seafile and take it for a spin. Cheers.