Setting Default umask for SFTP on Ubuntu Server

Much as described in this blog post by Jeff Robbins, I have a situation where two sftp users in the same group are both uploading files to an Ubuntu 10.04 server using Dreamweaver. The issue is that by default the permissions are 755, so even though both users are in the same group, only the file owner has write permissions. Since the users need to be able to overwrite each other’s files I needed a way to have the default permissions be 775.

What is outlined in the blog post above is exactly what I was after, but for some reason on Ubuntu server if you use what is the final edit in that post:
Subsystem sftp /usr/lib/openssh/sftp-server -u 0002
That results in “Connection closed” messages when you try to log in. The solution above that one works, just note the minor modification of pointing to /usr/lib/… instead of /usr/libexec/…
Subsystem sftp /bin/sh -cumask 0002; /usr/lib/openssh/sftp-server’
Restart ssh and you should be in business.
Thanks to Jeff for that very helpful blog post, and to Thad Meyer for pointing it out to me just last week (coincidentally enough).

Installing Packages for Sublime Text 2 on Linux

I decided to give Sublime Text 2 a try on the next sprint on my current project. I’ve heard a lot of great things about it and have been impressed in the bit of messing around I’ve done thus far, and as I’ve said before although CFEclipse rocks for CFML development after using it for years and years Eclipse is just starting to feel like a lot more than I need. Eclipse is great for the Groovy and Java work that I do but for CFML I’ve been looking for something more lightweight, because for CFML work I tend to use Eclipse as a pretty basic editor and file navigator. Like most programmers I also tend to get bored and simply want to try new things once in a while.

I used emacs on the last round of updates to the OpenBD admin console. I really, really like emacs but you’re stuck with using the HTML syntax highlighting and code formatting since there’s no CFML plugin for emacs (that I could find anyway), so it falls over pretty hard if you try to do too much CFSCRIPT. I also use vim quite a lot as an editor but for full-blown project work I’ve never made the switch for whatever reason. I’m also a big fan of UltraEdit and although they do have a Linux version, it’s pretty sluggish. Hopefully that’ll get better in newer releases.
But I digress–the real point of this post is a quick tip on where to put Sublime Text packages on Linux. Not a huge thing but I figured I’d share since I did have to do a bit of hunting around. Even though Sublime Text is available for Linux (which is awesome), most of the information around this assumes you’re using either Windows or Mac.
After you extract Sublime Text 2 and run it for the first time it creates the directory ~/.config/sublime-text-2 and this is where you put your packages. You just copy the directory containing the package you want to install into ~/.config/sublime-text-2/Packages, restart Sublime Text, and you’re done.
Let’s use the ColdFusion Plugin as an example. After unzipping the plugin, you’ll copy the ColdFusion directory (the entire directory, not just the contents) into ~/.config/sublime-text-2/Packages so you’ll wind up with the directory ~/.config/sublime-text-2/Packages/ColdFusion Restart Sublime Text and if you go to View -> Syntax you’ll see ColdFusion in the list.
Note that in some of the Mac instructions I found they indicated you have to also add a symlink in ~/.config/sublime-text-2/Installed Packages that points to the directory of the package. I did that first and it works but given that all the other packages in ~/.config/sublime-text-2/Packages show up in the menus, I decided to delete the symlink and after restarting Sublime Text everything still works.
I’ll be using Sublime Text 2 hot and heavy over the next few weeks so I’ll share my experience with it. If you have any tips for a n00b or stuff that tripped you up when you first started using Sublime Text I’d love to hear them.

Cisco AnyConnect VPN Client vs. OpenConnect on 64-Bit Linux Mint 12

Last night I decided to replace my Ubuntu 11.10 installation on my System76 Serval Pro with Linux Mint 12. I’ve used Linux Mint on and off since version 9, and Linux Mint 10 and 11 were my full-time OSes until I ran into some lockup issues with Mint 11 on my System76 Lemur Ultra-Thin, at which point I decided to give Ubuntu 11.10 with Unity a real shot.

Not to get sidetracked on the real topic of this post, but Unity isn’t nearly as bad as many make it out to be. After using it for a week I actually started to like it and found myself quite productive with it. That said, since I’ve also always loved Mint I figured I better kick the tires on their latest release which is now the most popular GNU/Linux distribution, having recently bumped Ubuntu from the top spot.

If you’ve seen all my previous posts on getting Cisco AnyConnect running on GNU/Linux you’ll know that this is an ever-changing series of problems and fixes over the years, but with Ubuntu 11.10 and Cisco finally releasing a native 64-bit version of the AnyConnect client the steps were finally limited to simply install and launch.

For some reason that isn’t the case with Linux Mint 12 and as in the past the fixes that worked previously don’t seem to apply to Mint 12. Downloading and installing the client is the same as previously, and the installation works fine, but at least on my machine when I try to connect I get a different certificate-related error than I’ve received in the past and I haven’t yet determined how to resolve it.

In the mean time, some folks commented on a previous post to try OpenConnect, which is an open source VPN client designed to work with Cisco hardware. I’d tried it in the past without success against my specific VPN server but since I wasn’t having much luck with AnyConnect (and to be fair, I probably only fought with it for about 30 minutes so there may well be a solution–if you know what it is I’d love to hear it!) I decided to try OpenConnect again. (An aside: my apologies for not responding to comments to that post. Posterous is having notification issues and I haven’t received comment notifications for a while.)

Installation of the client and the integration with the Mint network manager is easy enough:
sudo apt-get install openconnect network-manager-openconnect

After installation completes you go to Network Settings and configure your VPN connection, which basically just requires the host name of your VPN server. With that configured you can then click on the network connection icon on the top right of the screen and select your VPN connection from the VPN list, and in my case it connected fine.

I did try running OpenConnect from a terminal and even when starting with sudo (which you have to do in order for the tunnel to be created), I got the error “No –script argument provided; DNS and routing are not configured” so although it connected to the VPN server fine, I couldn’t do anything once I was connected. Using the network manager piece resolved that issue for some reason. The issue with running from a terminal is probably just a configuration thing but using the network manager is more convenient anyway, so I didn’t dig into that either.

So for now at least I’ll be using OpenConnect instead of AnyConnect, though if/when I install Mint 12 on one of my other machines I may try to figure out what’s wrong with AnyConnect to satisfy my curiosity if nothing else. For now I just had to get something working since tomorrow it’s back to work after the Thanksgiving holiday.

If anyone has AnyConnect running on Mint 12 and has ideas of what to try I’d be very interested to hear how you got things running, and I’ll do a follow-up post if I figure it out when I work on it on another machine.

How to Create a Custom Launcher in Unity on Ubuntu 11.10

One of the first things I always have to do after a fresh install of the latest Ubuntu (or whatever distro is striking my fancy at the time) is create some custom launchers for applications like Eclipse.

Prior to Unity this was done quite easily by editing the menus. In Ubuntu 11.04 with Unity this was no longer an option, so you could right-click on your desktop and select “Create Launcher” and then move the new launcher to ~/.local/share/applications, or there was also a method of creating a .desktop file manually that did the trick.

In Ubuntu 11.10 the right-click menu option for “Create Launcher” was removed (you can read more about why here), so we’re really left with no easy way to create custom launchers. I consider myself a gearhead but even I didn’t care for the “just launch the binary from the terminal” suggestion by some people in the bug thread.

So in my semi-obsessive reading about all of this last night I came across a metion of a package called alacarte that brings back the classic menu editing functionality we knew and loved back in the pre-Unity days.

Just install it:

sudo apt-get install alacarte

Then run it (alacarte from a terminal, or just hit super and search for alacarte), and you’ve gone retro with your menu editing.

One of the 10,000 things I love about free sofware–if there’s an annoyance like this chances are someone else who’s annoyed will fix it, or you can always jump in and fix it yourself. Clearly this wasn’t something on which the Ubuntu developers were going to budge but the alacarte solution works extremely well.

Installing Cisco AnyConnect on 64-Bit Ubuntu 11.10

Every six months for the past few years I’ve been posting how to install Cisco AnyConnect on the latest 64-bit releases of Ubuntu and for a couple of cycles Linux Mint since I was using that as my primary OS for a while.

This time around it’s finally downright boring, which is a good thing. No more installing 32-bit libraries, creating symlinks to Firefox libraries, etc. etc. you just do the following:

  1. Hit your company’s VPN server in a browser and log in with your user name and passcode
  2. Click the AnyConnect link on the left
  3. Click “Start AnyConnect”
  4. This will attempt to install AnyConnect via your browser’s Java plugin. If this works, you’re done! If this doesn’t work (give it at least 60 seconds), read on.

In my case on the two machines on which I attempted this it didn’t work. The browser-based install just hung even though I verified I have Java installed and the browser plugin is working.

If you don’t have Java installed, however, the browser-based installation will detect that and give you a download link for the installer. So what I did was in Firefox I went to Edit -> Preferences -> Manage Add-Ons -> Plugins and I disabled the IcedTea-Web Plugin, which is the Java plugin that Firefox ships with.

I then restarted Firefox and repeated the steps above, only this time on step 4 it detected I didn’t have Java installed and provided a link to the 64-bit installer. Download that file (vpnsetup.sh), chmod +x it, run it, and you’re done.

I’m a little disappointed I didn’t have to the usual dance on this, but it finally just works.

Fix for Empathy AOL IM Login Issues on Ubuntu 11.10

I’ve installed Ubuntu 11.10 on my two System76 laptops (I have a Lemur and a Serval), and on both machines I noticed while I was configuring Empathy it wouldn’t log into AOL IM successfully.

After verifying I wasn’t fat-fingering my password I did some poking around and came across a post-install to-do list for Ubuntu 11.10 that fixed the issue for me. You can of course pick and choose which plugins to install, but I suspect just using the latest version did the trick. There were some on-again off-again bugs related to AIM and ICQ logins during 11.10 development.

Full details are in the linked blog post above, but here’s the basics:


sudo add-apt-repository ppa:telepathy/ppa
sudo apt-get update && sudo apt-get upgrade
sudo apt-get install empathy

With the new version the AIM login issue immediately went away.

 

Manually Installing Java Plugin for Firefox on 64-Bit Ubuntu 11.10

Since I always forget how to do this I figured I’d blog it for my own purposes so I don’t have to sift through Google every time.

This assumes you have the JDK installed under /opt/java/jdk1.6.0_27 — adjust accordingly if you have things installed elsewhere or only have the JRE.

Open up a terminal and do this:


cd /usr/lib/mozilla/plugins
sudo ln -s /opt/java/jdk1.6.0_27/jre/lib/amd64/libnpjp2.so

Then restart Firefox if it’s running.

Now to look into doing this for Chrome …

Fixing BackInTime Snapshot Failures

Although it's really simple to write your own rsync script to do backups on GNU/Linux, I'm a big fan of BackInTime because it's a more sophisticated, snapshot-oriented backup solution (very similar to Apple's Time Machine) as opposed to the blind copy and sync that you'd typically wind up with using a one-line rsync script.

The issue is that even when running BackInTime as root there are some directories, symlinks, etc. that it can't copy or certain operations it can't perform, so you wind up with failed snapshot errors. In the past I never really dug into them and just went back to using an rsync script to sync to my Amahi server, but today I decided to spend a bit of time working through the errors since they were exacerbated a bit due to my home directory being encrypted on my new System76 Lemur UltraThin.

What makes this process easy is that BackInTime keeps excellent logs of where it's failing, and as opposed to taking the time to investigate why each of these operations was failing, I just added a few patterns and directories to my exclude list and my snapshots are succeeding now.

The specifics in your situation may vary, but in my case I added the following to be excluded:
  • *gvfs*
  • [a few symlinks that pointed to directories in my home directory itself]
  • /home/mwoodward/.config/chromium
  • /home/.ecryptfs/mwoodward/.Private
  • /home/mwoodward/.Private
  • /home/mwoodward/.gconf
  • /home/mwoodward/.pulse
With those in the exclude list the snapshots are clean and I'm happily backing things up with BackInTime again. What I need to do next is verify that these exclusions aren't causing any issues, but since all I really need is the bulk of the files in my home directory to be backed up based on the bit of poking around I did it seems to be working fine.

Cisco AnyConnect VPN Client on 64-Bit LinuxMint 11

I’ve posted before about getting Cisco AnyConnect running on Ubuntu 9.10 and Ubuntu 10.04, but I’ve since started using LinuxMint as my daily driver and did a clean install of MInt 11 today. Mint is based on Ubuntu so on Mint 10 the previous strategy to get AnyConnect running worked fine, but I had to take a different approach after installing Mint 11. (I suspect it’ll be the same issue on Ubuntu 11.04 but I haven’t tried it.)

In doing a bit of research I came across this link that explains quite correctly that you don’t need to actually download and extract Firefox to get this all working, which is what I had been doing previously. The Cisco client (for some stupid reason) expects certain things to be in a /usr/local/firefox directory but you can simply create that directory, download some other files, and then create the appropriate symlinks in /usr/local/firefox to make AnyConnect happy.

I also ran into some inexplicable weirdness related to a certificate file in my ~/.mozilla/firefox profile directory but I’ll cover that as I outline the steps I took to get AnyConnect working.

Summary of Steps

Follow these and if you’re lucky it’ll work; if it doesn’t read the information that follows for more details and troubleshooting ideas.

  1. Follow the steps in this blog post, which are as follows:

    1. sudo apt-get install ia32-libs lib32nss-mdns
    2. sudo mkdir /usr/local/firefox
    3. sudo ln -s /usr/lib32/libnss3.so /usr/local/firefox
    4. sudo ln -s /usr/lib32/libplc4.so /usr/local/firefox
    5. sudo ln -s /usr/lib32/libnspr4.so /usr/local/firefox
    6. sudo ln -s /usr/lib32/libsmime3.so /usr/local/firefox
    7. sudo ln -s /usr/lib32/nss/libsoftokn3.so /usr/local/firefox
  2. Download the AnyConnect installer from somewhere. The usual method of browsing to your VPN server and logging in may not work, so see below for details.
  3. Run the installer from the directory to which it was downloaded (sudo ./vpnsetup.sh). The daemon may fail to start at this point but don’t worry if it doesn’t.
  4. If the daemon failed to start, start the VPN daemon: sudo /etc/init.d/vpnagentd_init start

    1. You shouldn’t get an error regarding /opt/cisco/vpn/bin/vpnagentd not being found at this point if you followed the above steps accurately. If you do, read on to see if any ideas come out of any of the subsequent discussion.
  5. Start the AnyConnect client. It should be in your Internet programs menu.

    1. If you get a “server certificate problem” error, stop Firefox and delete ~/.mozilla/firefox/YOUR_PROFILE.default/cert8.db where YOUR_PROFILE is whatever random string Firefox assigned your default profile (you should only have one directory with .default at the end of it in ~/.mozilla/firefox). In my case this problem didn’t rear its head until after I rebooted, so you might want to reboot at the end of all of this to make sure everything’s working.

If you’re still getting errors read on for more info …

Downloading AnyConnect

I ran into problems right out of the gate on Mint 11. On Mint 10 as well as previous versions of Ubuntu I could at least hit my VPN server in a browser, try to fire up the Java applet, and when that fails it prompts you to download, but this time around the “launching Java applet” screen on the VPN server just hung. I verified that Java is enabled in Firefox and tested with other applets so I’m not sure what the issue is there, particularly since this did work on my 32-bit machine with Mint 11.

So word of caution: you need to get the installer elsewhere, or at least I did. There may be a solution to this I haven’t yet come up with so if you know what’s up here, please be sure and comment.

Luckily I had the installer backed up from when I copied my home directory to an external hard drive prior to installing Mint 11, so I ran the installer from my home directory.


sudo ./vpnsetup.sh

This at least got the daemon installed for me, but it failed to start after installation (usually it starts fine after it’s installed), throwing an error about /opt/cisco/vpn/bin/vpnagentd file not being found. The file’s definitely there so I’m not sure what its problem is, but this gets resolved in the subsequent steps so you can ignore that error for now.

Install Necessary Libraries and Create Symlinks

See the above steps for details (all the steps under #1 above). In my case this resolved the file not found error the daemon was throwing when I tried to install AnyConnect prior to creating those symlinks. If you do that step first everything should work.

Launch the VPN Daemon


sudo /etc/init.d/vpnagentd_init start

If that throws errors doublecheck all the symlinks you created above. Note that in previous versions one of the things you were supposed to install and symlink to was sqlite3.so but that does not seem to be necessary.

Launch the AnyConnect Client

You should now be able to launch AnyConnect from your Internet programs menu. If you get a “server certificate problem” error, for me this seemed to be related to a certificate file in my Firefox profile.

How I came across this was after I rebooted and started Firefox on my 32-bit machine, since my home page is my Google Mail login, Firefox immediately threw a “Could not initialize the browser’s security component” error. I found information on that error on Mozilla’s site, so on GNU/Linux this means stopping Firefox and deleting the cert8.db file that’s in your profile (~/.mozilla/firefox/YOUR_PROFILE.default).

On my 64-bit machine the behavior was slightly different. Everything seemed to work with AnyConnect until I rebooted, at which point it threw the server certificate error. I then launched Firefox and it popped up a completely blank alert window, but when I closed that window and Firefox finished loading, I noticed I couldn’t browse to any sites. No matter what I put in the location box the top of the Firefox UI was completely unresponsive.

Since I’d happened to have the security component issue on my 32-bit machine, I figured even though on the 64-bit machine it wasn’t actually showing me the error, that might be the problem. Sure enough when I deleted the cert8.db file Firefox then began to work, as did the AnyConnect client. I rebooted to make sure it wasn’t a fluke and thus far everything is working.

Remaining Issues

At this point the only remaining issue is that for some reason when I connect to the VPN, AnyConnect doesn’t minimize itself into that little “stacked blue balls” icon thingee over near the clock. It just minimizes itself and shows up in your task bar like any other program. Minor annoyance but it does behave correctly on my 32-bit machine so I’m not sure what’s going on there.

Hope that helps some others who are trying to get this running!

Very Simple Fix to Enable USB Device Support in VirtualBox on GNU/Linux

I finally got motivated enough last night to look into why I could see my USB devices in my Windows 7 VM but they were all grayed out, and came across the very simple solution:
http://news.softpedia.com/news/How-to-Fix-VirtualBox-USB-Support-111715.shtml

Short answer is add your user to the vboxusers group, log out and log back in, and you can access all your USB drvices in your VM.