Converting Your Mybook World Into A File And Webserver

Configuring Linux on MyBook World Edition Document Purpose The purpose of this document is to guide the reader through the configuration of Linux on their Western Digital MyBook World Edition. After completing this guide the reader will have turned their MyBook NAS into a low-power, Linux-based web-server and fileserver.

Requirements The following requirements are prerequisites for using this installation guide. 1. Western Digital MyBook World Edition 2. A second networked computer with an SSH client and web-browser

Table of Contents COFIGURIG LIUX O MYBOOK WORLD EDITIO

1

DOCUMET PURPOSE REQUIREMETS TABLE OF COTETS

1 1 1

ISTALLIG THE BASE SYSTEM

2

EABLIG SSH O YOUR MYBOOK COFIGURIG THE ETWORK ISTALL OPTWARE ISTALL SAMBA DISABLIG MIOET

2 3 4 5 6

ISTALLIG THE WEB SERVER

7

ACTIVE A SIMPLE WEB SERVER O PORT 8080 ACTIVE A SECURE WEB SERVER O PORT 443 ISTALLIG PHP SUPPORT PUBLISHIG MYBOOK COTET O THE ITERET

7 8 10 11

APPEDIX A – COFIGURATIO FILES

12

Page 1 of 16

Configuring Linux on your MyBook World Edition

www.daviddn.com

Installing the base System Enabling SSH on your MyBook 1. Determine the IP address of your MyBook. The MyBook initially connects to your network via DHCP so you can check your DHCP clients on your router. 2. Access the MyBook Web Interface via the URL http://mybook_ip/ 3. During the next steps you will be prompted for the administrator’s username and password. By default these are admin/123456 4. Create new share users via the Web Interface. Click on File Sharing and then select User Management. Add user accounts for david and niamh. 5. Update the firmware on the device using the URL below. In fact, this doesn’t attempt to update the firmware it is merely a way of injecting code into the MyBook to allow the SSH daemon to start running so that we can connect via SSH. If the firmware is not available from this third-party site when you need to install it then use the file called latestfw.sh, which is included within the System Files collection of this project. http://mybook/auth/firmware_upgrade.pl?fwserver=martin.hinner.info/mybook/firmware.php

6. A message saying new firmware is available will be displayed. Click on the button to download and install the new firmware. It will tell you that the installation process will take up to 30 minutes, but because we are not really installing a new firmware (we are only enabling SSH) the process will in fact only take a couple of minutes. 7. You will not receive any message saying when the update has completed so you will need to wait a couple of minutes and then try SSH to see if it works. When it is available you should log in as one of the user accounts that you created before (david in my case) and then type the following to get the root shell (no password is required). login as: david [email protected]'s password: [enter password] [david@MyBookWorld ~]$ su – [root@MyBookWorld ~]#

8. In order to make SSHD permanent (so that you don’t lose it after a reboot): vi /etc/inittab

Enter the following at the end of the file: # Make SSH Permanent ::sysinit:/usr/sbin/sshd

9. Reboot your MyBook and check that it works

Page 2 of 16

Configuring Linux on your MyBook World Edition

www.daviddn.com

Configuring the Network 1. SSH back into your MyBook to perform the following steps to set a static IP address 2. Configure the network settings file vi /var/oxsemi/network-settings

Ensure the file looks like this, where 192.168.2.200 is the IP address to assign: network_mode=static hostname=MyBookWorld workgroup=workgroup static_ip=192.168.2.200 static_msk=24 static_gw=192.168.2.1 static_dns1=192.168.2.1 static_dns2= static_dns3= static_ntp=north-america.pool.ntp.org revert_to_dhcp=no

3. Configure the hosts settings file vi /etc/hosts

Ensure the file looks like this: 127.0.0.1 192.168.2.200

localhost MyBookWorld

4. Configure the name-server resolution settings file vi /etc/resolv.conf

Ensure the file looks like this: nameserver 192.168.2.1

5. Reboot your MyBook. Your IP address should now be changed to 192.168.2.200 reboot

Page 3 of 16

Configuring Linux on your MyBook World Edition

www.daviddn.com

Install OptWare 1. OptWare is a set of pre-compiled binaries for the MyBook. Many Linux packages are available and can be installed easily with their dependencies automatically catered for. You can install OptWare by issuing the following commands in the terminal: wget http://mybookworld.wikidot.com/local--files/optware/setup-optware.sh sh setup-optware.sh

2. If you are having any troubles accessing the website then check that the site is available in a standard web-browser. You also may want to confirm that the network changes that you made in the last section are correctly implemented. 3. You then need to reconfigure the ld.so.conf configuration file to know where the libraries are kept on the MyBook (as the standard installation doesn’t know). echo "/opt/lib" >>/etc/ld.so.conf ldconfig

4. Unfortunately the above does not work for all OptWare packages and you may get some complaining that they are missing a key library file. Therefore, you should also include the following line in your .bashrc file in the root users account. vi /root/.bashrc

The following lines are added to the end of the file: export LD_LIBRARY_PATH=/opt/lib export PATH=$PATH:/opt/bin

5. We should now update the local OptWare feed lists. You should also issue this command to get package updates for those packages that you have already installed. /opt/bin/ipkg update

6. You can also use the following commands to see which packages are available and which packages you have already got installed on your Linux system. The installation of new packages is covered in the next section when we should how to install Samba. /opt/bin/ipkg list /opt/bin/ipkg list_installed

Page 4 of 16

Configuring Linux on your MyBook World Edition

www.daviddn.com

Install Samba 1. We can install Samba (one of the OptWare packages) by issuing the command below: /opt/bin/ipkg update /opt/bin/ipkg install samba

2. Next, configure the Samba settings file so that it exposes the shares that you require. I have made a couple of alterations here. Most importantly, I have remarked out the shares.inc file and put the shares that I want in the main smb.conf file instead. This is because the MyBook overwrites the shares.inc file when you make changes via the Web Interface and on every reboot, but it doesn’t overwrite the main smb.conf file. vi /var/oxsemi/smb.conf

[global] server string=MyBookWorld workgroup=workgroup interfaces=192.168.2.200/24 127.0.0.1/8 security=user smb passwd file=/var/private/smbpasswd private dir=/var/private guest account=www-data log file=/var/log/log.%m log level=0 max log size=50 dns proxy=No lock directory=/var/locks pid directory=/var/locks use sendfile=Yes map to guest = Bad User create mask = 755 map hidden = Yes veto files = /shares/internal/.senvidData/ /shares/internal/lost+found/ [PUBLIC] path=/shares/internal/PUBLIC valid users=niamh david write list=niamh david guest ok=No #[dummy-2] #include=/var/oxsemi/shares.inc #[dummy-3] #include=/var/oxsemi/senvid.inc

3. Above I have created a new share at /shares/internal/PUBLIC so I now need to ensure that this directory exists. If you have configured any shares previously via the Web Interface then it probably will do, but it’s best to make sure: mkdir /shares/internal/PUBLIC chown root:www-data /shares/internal/PUBLIC chmod 775 /shares/internal/PUBLIC

4. Finally, restart your Samba service and attempt to connect to the drive from a PC: /etc/init.d/samba.sh restart

Page 5 of 16

Configuring Linux on your MyBook World Edition

www.daviddn.com

Disabling MioNET 1. There are many documented approaches on the Internet telling you how to disable MioNET (a horrible piece of software that cripples your ability to share certain types of media from your MyBook). Most approaches require you to kill processes or comment out lines from the mionet.sh file. Instead, the easiest way I found was to just comment out a couple of lines in the Post Network start-up configuration file: vi /etc/init.d/post_network_start.sh

start() { if [ ! -e "$POST_NETWORK_STARTED_FILE" ] then $SCRIPTS_PATH/crond.sh start #$SCRIPTS_PATH/mionet.sh start touch $POST_NETWORK_STARTED_FILE fi } stop() { if [ -e "$POST_NETWORK_STARTED_FILE" ] then #$SCRIPTS_PATH/mionet.sh stop $SCRIPTS_PATH/crond.sh stop rm $POST_NETWORK_STARTED_FILE fi }

2. Reboot your MyBook to check if everything is OK. reboot

Page 6 of 16

Configuring Linux on your MyBook World Edition

www.daviddn.com

Installing the Web Server Active a Simple Web Server on Port 8080 1. Firstly, make a backup of the main configuration file: cp /etc/lighttpd/lighttpd.conf /etc/lighttpd/lighttpd.conf.bak

2. Create the following directories on the server within the Internal Share: mkdir /shares/internal/WWW mkdir /shares/internal/WWW/public

3. Edit the index.html for the Web Server and provide links to the future MyBook URL: vi /shares/internal/WWW/public/index.html

<TITLE>MyBook <STYLE> A{ text-decoration:none; color:#0000FF; font-family:Tahoma; font-size:14px; }

Online Storage

4. Add the following lines to the end of the lighttpd.conf file. This will create a new web site on port 8080 and will disable the Standard NAS Admin interface on that server. vi /shares/internal/WWW/public/index.html

$SERVER["socket"] == index-file.names = ( server.document-root fastcgi.server = ( "nasMaster.pl" => (( ".pl" => (( "socket" }

":8080" { "index.html" ) = "/shares/internal/WWW/public" "socket" => "",)), => "",)))

5. Restart lighttpd and test the website by going to http://192.168.2.200:8080/

Page 7 of 16

Configuring Linux on your MyBook World Edition

www.daviddn.com

Active a Secure Web Server on Port 443 1. This will create a secure Web Server on port 443 (HTTPS with Authentication). It will also add a simple User Admin Tool to control which user accounts have access. First, create the following directories and files as outlined below: mkdir /shares/internal/WWW/Welcome echo \ Hello World (Secure) \ >/shares/internal/WWW/Welcome/index.html mkdir /shares/internal/WWW/Admin touch /shares/internal/WWW/Admin/Adminaccess.log touch /shares/internal/WWW/Admin/access.log chmod 646 /shares/internal/WWW/Admin/access.log chmod 646 /shares/internal/WWW/Admin/Adminaccess.log cp /usr/www/lib/images/icons/Globe.gif /shares/internal/WWW/Admin

2. Add a user account (admin/123456) for the Admin user to the Digest file: vi /shares/internal/WWW/Admin/WebUsers.htdigest.user

admin:WEBADMIN:e0fd3b3c0a1a153230ecf71477b2055c

3. Next acquire the following files from the Wiki website. wget http://mybookworld.wikidot.com/local--files/web-server/fr.pem -O /shares/internal/WWW/fr.pem wget http://mybookworld.wikidot.com/local--files/web-server/SetWebUser.sh -O /shares/internal/WWW/Admin/SetWebUser.sh wget http://mybookworld.wikidot.com/local--files/web-server/WebMgr.pl -O /shares/internal/WWW/Admin/WebMgr.pl

4. The contents of the default WebMgr.pl script need to be altered so that all references to PUBLIC/WWW/ are changed to WWW/. I have included the complete altered version of the WebMgr.pl script in the appendix to this document. 5. Set the permissions on the scripts: chmod 755 /shares/internal/WWW/Admin/SetWebUser.sh chmod 755 /shares/internal/WWW/Admin/WebMgr.pl

6. Check all the files are where they should be: ls -l /shares/internal/WWW/Admin/ -rw-r--rw-rwxr-xr-x -rwxr-xr-x -rwxr-xr-x -rw-r--r--rw-r--rw-

1 1 1 1 1 1

root root root root root root

root 127038 root 3011 root 560 root 6018 root 367 root 1510296

May Apr Apr Apr May May

28 21 23 23 18 28

21:37 22:38 21:45 21:39 21:06 22:02

Page 8 of 16

Adminaccess.log Globe.gif SetWebUser.sh WebMgr.pl WebUsers.htdigest.user access.log

Configuring Linux on your MyBook World Edition

www.daviddn.com

7. Edit the sudoers file so that SetWebUser.sh can be run as root: vi /etc/sudoers

... /etc/init.d/samba.sh,\ /usr/www/nbin/updateNFS.sh,\ /shares/internal/WWW/Admin/SetWebUser.sh

8. Edit the lighttpd configuration file by adding a new server definitions to the end: vi /etc/lighttpd/lighttpd.conf

... $SERVER["socket"] == ":443" { server.network-backend = "write" index-file.names = ( "index.html” ) server.document-root = "/shares/internal/WWW/Welcome" auth.backend.htdigest.userfile = "/shares/internal/WWW/Admin/WebUsers.htdigest.user" auth.require = ( "/" => ( "method" => "digest", "realm" => "WEB", "require" => "valid-user" ) ) accesslog.filename = "/shares/internal/WWW/Admin/access.log" fastcgi.server = ( "nasMaster.pl" => (( "socket" => "",)), ".pl" => (( "socket" => "",))) ssl.engine = "enable" ssl.pemfile = "/shares/internal/WWW/fr.pem" } $SERVER["socket"] == ":3210" { index-file.names = ( "WebMgr.pl" ) fastcgi.server = ( "WebMgr.pl" => (( "socket" => "/tmp/lighttpd.webmgr.socket", "bin-path" => "/shares/internal/WWW/Admin/WebMgr.pl", "check-local" => "disable", "min-procs" => 1, "max-procs" => 1, "idle-timeout" => 30, )), ".pl" => (( "socket" => "",)), "nasMaster.pl" => (( "socket" => "",)) ) ssl.engine = "enable" ssl.pemfile = "/shares/internal/WWW/fr.pem" server.document-root = "/shares/internal/WWW/Admin" auth.backend.htdigest.userfile = "/shares/internal/WWW/Admin/WebUsers.htdigest.user" auth.require = ( "/" => ( "method" => "digest", "realm" => "WEBADMIN", "require" => "valid-user" ) ) accesslog.filename = "/shares/internal/WWW/Admin/Adminaccess.log" }

9. Restart lighttpd and test the interfaces: /etc/init.d/lighttpd.sh restart

Connect to https://mybook:3210 Connect to https://mybook

to configure user accounts (admin/123456) to access the secure Web Server

Page 9 of 16

Configuring Linux on your MyBook World Edition

www.daviddn.com

Installing PHP Support 1. PHP is most easily installed from the OptWare packages: /opt/bin/ipkg install php-fcgi /opt/bin/ipkg install libiconv

2. Next change the lighttpd configuration file so that it includes PHP support. vi /etc/lighttpd/lighttpd.conf

3. Inside the fastcgi.server sections add the following lines: ... fastcgi.server = ( "nasMaster.pl" => (( "socket" => "",)), ".php" => (( "bin-path" => "/opt/bin/php-fcgi", "socket" => "/tmp/php.socket", "bin-environment" => ( "LD_LIBRARY_PATH" => "/opt/lib", ), )), ".pl" => (( "socket" => "",))) } ...

4. Change the index-file.names sections as follows: ... index-file.names = ( "index.html" ,"index.php" ) ...

Page 10 of 16

Configuring Linux on your MyBook World Edition

www.daviddn.com

Publishing MyBook Content on the Internet 1. Create a soft link from the web-server to the internal share that has your data files: ln -s /shares/internal/PUBLIC /shares/internal/WWW/Welcome/mybook

2. Next change the lighttpd configuration file so that it allows Directory Browsing: vi /etc/lighttpd/lighttpd.conf

... $SERVER["socket"] == ":443" { dir-listing.activate="enable" $HTTP["url"] == "/" { dir-listing.activate="disable"} server.network-backend = "write" ...

3. Test that it works correctly by going to the URL https://mybook_ip/mybook/

Page 11 of 16

Configuring Linux on your MyBook World Edition

www.daviddn.com

APPENDIX A – Configuration Files This appendix contains configuration and script files for key components referenced throughout the main Installation guide. The filename for each configuration file is shown above each listing. To install these configuration files and scripts simply copy the contents of the listing into the filename specified.

/shares/internal/WWW/Admin/WebMgr.pl This Perl script is used to administrate access to the secure HTTPS web server. This script needs to be changed after downloading it to reference the directory structures used in this guide. Here is what the full script should look like: #!/usr/local/bin/perl #use strict; use CGI::Fast; use CGI::Carp qw ( fatalsToBrowser ); use File::Basename; #$CGI::POST_MAX = 1024 * 105000; my $safe_filename_characters = "a-zA-Z0-9_.-"; my my my my my

@RealmUsers=(); $RealmUser=""; $u_pwd=""; $u_name=""; $u_realm="";

while (my $query = new CGI::Fast) { my $SourcePage = $query->param("SourcePage"); if ( $SourcePage eq "" ) { print $query->header ( ); PrintHead(); print "Add new user

"; print "Change user Password

"; print "Delete User

"; print "Change Admin Password

"; print "Access Log

"; print ""; } if ($SourcePage eq "UI_AddNewUser") { print $query->header ( ); PrintHead(); print <<END_UIAddNewUser_HTML;

ROLE: <SELECT name="REALM"> WEB User
Username :
Password :


Back to main page

END_UIAddNewUser_HTML } if ($SourcePage eq "UI_ChangeAdminPassword") { print $query->header ( ); PrintHead(); print <<END_UIChangeAdminPWD_HTML;

Password :


Back to main page

END_UIChangeAdminPWD_HTML }

Page 12 of 16

Configuring Linux on your MyBook World Edition if ($SourcePage eq "UI_ChangeUserPassword") { print $query->header ( ); PrintHead(); print "

"; print ""; print ""; print "
Username : <SELECT name=\"USER\">"; open(DAT, "/shares/internal/WWW/Admin/WebUsers.htdigest.user"); @RealmUsers=; close(DAT); foreach $RealmUser (@RealmUsers) { chop($RealmUser); ($u_name,$u_realm,$u_pwd)=split(/:/,$RealmUser); if ($u_realm eq "WEB") { print " $u_name"; } } print print print print

""; "
Password : "; " "; "


Back to main page
";

print " "; print ""; } if ($SourcePage eq "UI_DeleteUser") { print $query->header ( ); PrintHead(); print "

"; print ""; print "
Username : <SELECT name=\"USER\">"; open(DAT, "/shares/internal/WWW/Admin/WebUsers.htdigest.user"); @RealmUsers=; close(DAT); foreach $RealmUser (@RealmUsers) { chop($RealmUser); ($u_name,$u_realm,$u_pwd)=split(/:/,$RealmUser); if ($u_realm eq "WEB") { print " $u_name"; } } print ""; print " "; print "


Back to main page
"; print " "; print ""; }

if ($SourcePage eq "SetWebUser") { my $REALM = $query->param("REALM"); my $USER = $query->param("USER"); my $PWD = $query->param("PWD"); sudo("/shares/internal/WWW/Admin/SetWebUser.sh $REALM $USER $PWD") ; print $query->header ( ); PrintHead(); print "User $USER successfully defined.
"; print "Back to main page
"; print ""; } if ($SourcePage eq "DeleteWebUser") { my $USER = $query->param("USER"); sudo("/shares/internal/WWW/Admin/SetWebUser.sh WEB $USER DELETE_DELETE") ; print $query->header ( ); PrintHead(); print "User $USER successfully deleted
"; print "Back to main page
"; print ""; } }

Page 13 of 16

www.daviddn.com

Configuring Linux on your MyBook World Edition

www.daviddn.com

# Runs a shell script via sudo. # Make sure that sudoers is configured to match! # sub sudo($) { my ($cmd) = @_; my $rc = system( "sudo $cmd" ); if ( $rc && ($rc != 256) ) { return -1; } else { return 0; } } sub PrintHead() { print <<START_HOME_HTML; <style type="text/css"> .BG {background-color: #FFFFFF;color: #000000;font-family:verdana; font-size: 12px; font-weight: normal;} .TITLE {background-color: #FFFFFF;color: #000000;font-family:verdana; font-size: 20px; font-weight: normal;}

 

Web Management Interface

START_HOME_HTML }

Page 14 of 16

Configuring Linux on your MyBook World Edition

/etc/lighttpd/lighttpd.conf This configuration file holds the settings for the Web Server. server.document-root = "/usr/www/lib/" server.pid-file = "/var/run/lighttpd.pid" server.errorlog = "/var/log/lighttpd/error.log" server.port = 80 server.username = "www-data" server.groupname = "www-data" server.modules

= ( "mod_auth", "mod_access", "mod_alias", "mod_cgi", "mod_fastcgi", "mod_accesslog"

) server.errorfile-prefix = "/usr/www/lib/error-" mimetype.assign = ( ".html" => "text/html", ".txt" => "text/plain", ".jpg" => "image/jpeg", ".png" => "image/png", ".gif" => "image/gif", ".css" => "text/css", ".mp4" => "video/mp4" ) accesslog.filename = "/var/log/lighttpd/access.log" static-file.exclude-extensions = ( ".fcgi", ".php", ".rb", "~", ".inc", ".cgi" ) index-file.names = ( "nasMaster.pl" ) # bruce - I don't think we need this now... #cgi.assign = ( ".cgi" => "/usr/bin/perl" ) alias.url = ( "/auth" => "/usr/www/lib" ) auth.backend = "htdigest" auth.backend.htdigest.userfile = "/var/private/lighttpd.htdigest.user" auth.require = ( "/auth" => ( "method" => "digest", "realm" => "nas admin", "require" => "valid-user" # bruce - removed user= # "require" => "user=admin" ) ) fastcgi.debug = 0 # Bruce - Removed host & port and replaced with a socket # "host" => "127.0.0.1", # "port" => 1026, fastcgi.server = ( ".pl" => (( "socket" => "/tmp/lighttpd.fcgi.socket", "bin-path" => "/usr/www/lib/nasMaster.pl", "check-local" => "disable", "min-procs" => 1, "max-procs" => 1, "idle-timeout" => 30, "bin-environment" => ( # Environment variables for nasMaster.pl "PERL5LIB" => "/usr/www/lib", "NAS_NBIN" => "/usr/www/nbin", ), )), "nasMaster.pl" => (( "socket" => "/tmp/lighttpd.fcgi.socket", "check-local" => "disable", )) ) $SERVER["socket"] == ":8080" { index-file.names = ( "index.html", "index.php" ) server.document-root = "/shares/internal/WWW/public" fastcgi.server = ( "nasMaster.pl" => (( "socket" => "",)), ".php" => (( "bin-path" => "/opt/bin/php-fcgi", "socket" => "/tmp/php.socket", "bin-environment" => ( "LD_LIBRARY_PATH" => "/opt/lib", ), )), ".pl" => (( "socket" => "",))) }

Page 15 of 16

www.daviddn.com

Configuring Linux on your MyBook World Edition

$SERVER["socket"] == ":443" { dir-listing.activate="enable" $HTTP["url"] == "/" { dir-listing.activate="disable"} server.network-backend = "write" index-file.names = ( "index.html", "index.php" ) server.document-root = "/shares/internal/WWW/Welcome" auth.backend.htdigest.userfile = "/shares/internal/WWW/Admin/WebUsers.htdigest.user" auth.require = ( "/" => ( "method" => "digest", "realm" => "WEB", "require" => "valid-user" ) ) accesslog.filename = "/shares/internal/WWW/Admin/access.log" fastcgi.server = ( "nasMaster.pl" => (( "socket" => "",)), ".php" => (( "bin-path" => "/opt/bin/php-fcgi", "socket" => "/tmp/php.socket", "bin-environment" => ( "LD_LIBRARY_PATH" => "/opt/lib", ), )), ".pl" => (( "socket" => "",))) ssl.engine = "enable" ssl.pemfile = "/shares/internal/WWW/fr.pem" } $SERVER["socket"] == ":3210" { index-file.names = ( "WebMgr.pl" ) fastcgi.server = ( "WebMgr.pl" => (( "socket" => "/tmp/lighttpd.webmgr.socket", "bin-path" => "/shares/internal/WWW/Admin/WebMgr.pl", "check-local" => "disable", "min-procs" => 1, "max-procs" => 1, "idle-timeout" => 30, )), ".pl" => (( "socket" => "",)), ".php" => (( "bin-path" => "/opt/bin/php-fcgi", "socket" => "/tmp/php.socket", "bin-environment" => ( "LD_LIBRARY_PATH" => "/opt/lib", ), )), "nasMaster.pl" => (( "socket" => "",)) ) ssl.engine = "enable" ssl.pemfile = "/shares/internal/WWW/fr.pem" server.document-root = "/shares/internal/WWW/Admin" auth.backend.htdigest.userfile = "/shares/internal/WWW/Admin/WebUsers.htdigest.user" auth.require = ( "/" => ( "method" => "digest", "realm" => "WEBADMIN", "require" => "valid-user" ) ) accesslog.filename = "/shares/internal/WWW/Admin/Adminaccess.log" }

Page 16 of 16

www.daviddn.com