Providing a Lino server

As a server provider you are responsible for installing and maintaining a Lino server, i.e. a virtual or physical machine used to run one or several Lino sites. A Lino server runs a Linux operating system and must be connected to a network.

The server provider holds root access to the server and creates user accounts with sudo rights for each site maintainer. He configures secure remote shell access (SSH) to that machine for each site maintainer. He provides support to the site maintainers. See Creating a user account.

The server provider is not responsible for installing and maintaining specific system packages, Lino source code and configuration, or for giving end-user support to the users of any Lino site hosted on this site.

The server provider may optionally be responsible for providing backup service for the server as a whole.

Where to get a virtual server

If you don’t have your own in-house hardware or dedicated server, you can get a Virtual Private Server from many providers. Here is a list of VPS providers we have tested:

System requirements for a Lino site

We recommend a stable Debian as operating system. Currently this means Debian 10 “Buster”.

One CPU should be enough for a site with a few dozens of users.

You need at least 10 GB of disk space. You can see how much disk space you have by saying:

$ df -h

We recommend at least 2GB of RAM (because we didn’t yet test production sites with less). How to see how much memory you have:

$ free -h

Preparing a new server

Before creating system users, the root user should check the following.

In your /etc/ssh/sshd_config make sure that PasswordAuthentication is set to no. We require site maintainers to have a ~/.ssh/authorized_keys file. They will need their password only for running sudo commands.

All maintainers must have a umask 002 or 007 (not 022 or 077 as is the default value).

Edit the file /etc/bash.bashrc (site-wide for all users):

# nano /etc/bash.bashrc

And add the following line at the end:

umask 002

The umask command is used to mask (disable) certain file permissions from any new file created by a given user. See The umask command for more detailed information.

Also run:

# apt-get update && apt-get upgrade

The system should have installed the sudo package:

# apt-get install sudo

Creating a user account

As a root user you will create a user account for every site maintainer.

In the following examples we assume that the user account to create is joe.

Agree upon a temporary password with Joe (who can later change their password using passwd), and then type:

# adduser joe

Site maintainers must be members of the sudo and www-data groups:

# adduser joe sudo
# adduser joe www-data

Creating the user’s ~/.ssh/authorized_keys file with the maintainer’s public ssh key:

# su - joe
$ mkdir .ssh && chmod 700 .ssh
$ touch .ssh/authorized_keys && chmod 600 .ssh/authorized_keys
$ cat >> .ssh/authorized_keys

Paste the maintainer’s public key to the terminal. Press ENTER to add at least one newline. Press Ctrl+D to say you’re finished with pasting content.

Footnotes:

  • useradd is a native binary compiled with the system, while adduser is a perl script that uses useradd in back-end.

  • ssh requires that the .ssh directory and its content should have permissions set so that only the owner can read, write, or open them.

How to generate a SSH key pair

As a site maintainer you must have generated public and private ssh keys using the command ssh-keygen -t rsa.

How to change the hostname

Every server has a “hostname”, a relatively short “nickname” to designate it. The hostname also appears in the prompt (unless somebody customized their prompt). The hostname is not the same as the FQDN.

How to change the hostname of a Lino server:

$ sudo hostnamectl set-hostname newname

Also edit your /etc/hosts file.

If you use mailutils, you must also check your /etc/mail/local-host-names file.

If that file doesn’t exist, try:

$ mail --show-config-options | grep SYSCONFDIR
SYSCONFDIR=/etc       - System configuration directory

Which means that actually the config files are in /etc/mail. And one of them, /etc/mail/local-host-names contains my default From header.