Saturday, September 20, 2008

Making TextMate recognize .html.erb files

I'm using TextMate to edit some Ruby on Rails code. I noticed that when I edit the view pages (i.e. index.html.erb) it does not do syntax highlighting. It turns out this is because the Ruby on Rails TextMate bundle thinks that ruby view pages are .rhtml, which is the old Ruby on Rails format.

You can fix this by editing the Ruby on Rails language bundle.

In TextMate, select Bundles -> Bundle Editor -> Edit Languages.

This will open a new Bundle Editor Window. Click the arrow next to Ruby on Rails and highlight HTML (Rails). In the code that appears on the right, change the following

fileTypes = ( 'rhtml');
to
fileTypes = ('rhtml', 'html.erb');
Click the red X in the upper left corner to close the Bundle Editor Window.

Close any existing .html.erb files, when you open them again, they will have ruby syntax highlighting.

Labels: , ,

Tuesday, September 2, 2008

Allow rails users to login via vsftpd

So you've installed Ruby on Rails with Postgres, and now you want to allow your users to login to your server via FTP. First we need to install our FTP server. (In the config window, I left the defaults)
freebsd-vm# cd /usr/ports/ftp/vsftpd
freebsd-vm# make install 
cd /usr/ports/ftp/vsftpd && make config;
[...]
      ports included in the Ports Collection. Please type 'make deinstall'
      to deinstall the port if this is a concern.

      For more information, and contact details about the security
      status of this software, see the following webpage: 
http://vsftpd.beasts.org/
freebsd-vm#
Edit the vsftpd conf file.
#vi /usr/local/etc/vsftpd.conf
# Remove all lines and replace with the following
background=YES
listen=YES
anonymous_enable=NO
local_enable=YES
virtual_use_local_privs=YES
write_enable=YES
connect_from_port_20=YES
secure_chroot_dir=/usr/local/share/vsftpd/empty
pam_service_name=vsftpd
guest_enable=YES
user_sub_token=$USER
local_root=/usr/local/www/apache22/data/$USER
chroot_local_user=YES
hide_ids=YES
ftpd_banner=Welcome to FTP server
file_open_mode=0770
local_umask=0000
anon_mkdir_write_enable=NO
guest_username=vsftpd
user_config_dir=/etc/vsftpd/users
Create the vsftpd startup script.
# vi /usr/local/etc/rc.d/vsftpd
#!/bin/sh
#
# $FreeBSD: ports/ftp/vsftpd/files/vsftpd.sh.in,v 1.7 2006/02/20 20:47:01 dougb Exp $
#

# PROVIDE: vsftpd
# REQUIRE: DAEMON

# Add the following line to /etc/rc.conf to enable `vsftpd':
#
# vsftpd_enable="YES"
# vsftpd_flags="/some/path/conf.file" # Not required
#

. "/etc/rc.subr"

name="vsftpd"
rcvar=`set_rcvar`

load_rc_config "$name"
: ${vsftpd_enable:="NO"}
: ${vsftpd_flags:=""}

command="/usr/local/libexec/$name"
required_files="/usr/local/etc/$name.conf"
start_precmd="vsftpd_check"

vsftpd_check()
{
 if grep -q "^ftp[  ]" /etc/inetd.conf ${required_files}
 then
  err 1 "ftp is already activated in /etc/inetd.conf"
 fi
 if ! egrep -q -i -E "^listen.*=.*YES$" ${required_files}
 then
  err 1 "vsftpd script need "listen=YES" on config file"
 fi
 if ! egrep -q -i -E "^background.*=.*YES$" ${required_files}
 then
  err 1 "vsftpd script need "background=YES" on config file"
 fi
}

run_rc_command "$1"
We also need to install the Postgres PAM module.
freebsd-vm# cd /usr/ports/security/pam-pgsql/
freebsd-vm# make install
=> libpam-pgsql-0.6.3.tar.bz2 doesn't seem to exist in /usr/ports/distfiles/.
=> Attempting to fetch from http://nchc.dl.sourceforge.net/sourceforge/pam-pgsql/.
[...]
to use this module. Note, that unlike most other ports, this port
installs a file into /usr/lib directly (/usr/lib/pam_pgsql.so),
because PAM requires that.
===>   Registering installation for pam-pgsql-0.6.3_1
freebsd-vm# 
We need to tell vsftpd to use pam-pgsql for authentication.
freebsd-vm# vi /etc/pam.d/vsftpd
auth    required pam_pgsql.so config_file=/etc/pam_pgsql_vsftpd.conf
account required pam_pgsql.so config_file=/etc/pam_pgsql_vsftpd.conf

freebsd-vm# vi /etc/pam_pgsql_vsftpd.conf
debug
pw_type = md5
connect = hostaddr=127.0.0.1 port=5432 dbname=sample_development \
        user=sample_user password='password' connect_timeout=15
auth_query = select password from users where username = %u
acct_query = select ftp_disabled as acc_expired, \
        0 as acc_new_pwreq, (password ISNULL or password = '') as user_password \ 
        from users where username = %u

freebsd-vm#
(Long lines above with \ in them should be one long continuous line in your config file)

The configuration above assumes three things:

  • Your rails database name is sample_development and can be connected with the username sample_user and the password password (change red items as needed)
  • Your rails users are stored in the users table. The password field is password and the username field is username (change yellow items as needed)
  • Your rails users are stored in the users table. The ftp_disabled field holds whether they should be allowed access (false) or denied (true). (Change white items as needed)
We need to create the user for vsftpd to run as.
freebsd-vm# adduser 
Username: vsftpd
Full name: FTP User
Uid (Leave empty for default): 
Login group [vsftpd]: 
Login group is vsftpd. Invite vsftpd into other groups? []: 
Login class [default]: 
Shell (sh csh tcsh nologin) [sh]: nologin
Home directory [/home/vsftpd]: 
Use password-based authentication? [yes]: no
Lock out the account after creation? [no]: 
Username   : vsftpd
Password   : 
Full Name  : FTP User
Uid        : 1002
Class      : 
Groups     : vsftpd 
Home       : /home/vsftpd
Shell      : /usr/sbin/nologin
Locked     : no
OK? (yes/no): yes
adduser: INFO: Successfully added (vsftpd) to the user database.
Add another user? (yes/no): no
Goodbye!
freebsd-vm# 
Configure vsftpd to start on boot and manually start vsftpd once.
freebsd-vm# echo vsftpd_enable="YES" >> /etc/rc.conf 
freebsd-vm# chmod 755 /usr/local/etc/rc.d/vsftpd
freebsd-vm# /usr/local/etc/rc.d/vsftpd start
Starting vsftpd.
freebsd-vm# 
Now we need to create a couple of users to test this with. Below we'll create a user bob that can login and a user bob2 that can not login.
freebsd-vm$ psql -U sample_rails_app sample_rails_app_development
Welcome to psql 8.3.3, the PostgreSQL interactive terminal.

Type:  \copyright for distribution terms
       \h for help with SQL commands
       \? for help with psql commands
       \g or terminate with semicolon to execute query
       \q to quit

sample_rails_app_development=> select * from users;
 id | username | password | homedir | ftp_disabled | created_at | updated_at 
----+----------+----------+---------+--------------+------------+------------
(0 rows)
sample_rails_app_development=> insert into users (username,password,homedir,ftp_disabled) values ('bob',md5('bob'),'/home/bob',false);
INSERT 0 1
sample_rails_app_development=> insert into users (username,password,homedir,ftp_disabled) values ('bob2',md5('bob2'),'/home/bob2',true);
INSERT 0 1
sample_rails_app_development=> select * from users;
 id | username |             password             |  homedir   | ftp_disabled | created_at | updated_at 
----+----------+----------------------------------+------------+--------------+------------+------------
  2 | bob      | 9f9d51bc70ef21ca5c14f307980a29d8 | /home/bob  | f            |            | 
  3 | bob2     | 436187b1cb437f7ddb11952542e351a4 | /home/bob2 | t            |            | 
(2 rows)

sample_rails_app_development=> \q
freebsd-vm$ 
Next, we need to create bob's virtual home directory (as root).
freebsd-vm# mkdir -p /usr/local/www/apache22/data/bob
freebsd-vm# chown vsftpd:vsftpd /usr/local/www/apache22/data/bob
Now we can login as bob (and not bob2).
freebsd-vm$ ftp localhost
Trying 127.0.0.1...
Connected to localhost.
220 Welcome to FTP server
Name (localhost:jasonn): bob
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> pwd
Remote directory: /
ftp> quit
221 Goodbye.
freebsd-vm$ ftp localhost
Trying 127.0.0.1...
Connected to localhost.
220 Welcome to FTP server
Name (localhost:jasonn): bob2
331 Please specify the password.
Password:
530 Login incorrect.
ftp: Login failed.
ftp> quit
221 Goodbye.
freebsd-vm$ 
Now we need a script that will setup the FTP user's home directory. (Run this in your Rails project's home directory)
freebsd-vm# echo "User.write_ftp_configs" >> write_ftp_configs
freebsd-vm#
Change the User model in your Rails application
freebsd-vm$ vi app/models/user.rb 

class User < ActiveRecord::Base
  require 'ftools'

  def self.write_ftp_configs
    User.find(:all, :conditions => ["ftp_disabled is false"]).each do |user|
      unless File.directory?(user.homedir)
        # If their home directory doesn't exist, create it
        # and chown the directory to vsftpd (1002)
        File.makedirs user.homedir
        File.chown(1002, 1002, user.homedir)
      end
      if File.directory?("/etc/vsftpd/users")
        unless Dir.entries("/etc/vsftpd/users").include?(user.homedir)
          File.open("/etc/vsftpd/users/#{user.username}", 'w') {|f|
            f.write("local_root=#{user.homedir}\n");
          }
        end
      end
    end
  end
end
Now you just need to setup a cronjob to run as root. This script should cd to your rails root directory and run "script/runner write_ftp_configs".

WARNING: There may be security implications with this script. If a user has their homedir set to something "sensitive" this script will create that directory for them. Make sure you trust anyone that can add users via your Rails application. You could fix this by adding a validation on the homedir field so that it's only a subdirectory of a given directory (i.e. $RAILS_ROOT/upload) or something.

Labels: , , , ,

Monday, September 1, 2008

Installing Ruby on Rails in FreeBSD with Postgres

After setting up a minimal FreeBSD install, I want to get Ruby on Rails up and running. Let's see what's available in the ports tree.
freebsd-vm# make search key=gem | grep Path: | grep ruby
Path: /usr/ports/audio/rubygem-mp3info
Path: /usr/ports/benchmarks/rubygem-railsbench
Path: /usr/ports/databases/ruby-dbd_pg
Path: /usr/ports/databases/ruby-rdbc1
Path: /usr/ports/databases/rubygem-activerecord
[...]
Path: /usr/ports/devel/ruby-gemfinder
Path: /usr/ports/devel/ruby-gems
Path: /usr/ports/devel/rubygem-activesupport
[...]
Path: /usr/ports/www/rubygem-scrubyt
Path: /usr/ports/www/rubygem-taggable
freebsd-vm# 
The ruby-gems port looks promising.
freebsd-vm# cd devel/ruby-gems
freebsd-vm# cat pkg-descr 
a package management framework for the Ruby programming language
An application or library is packaged into a gem, which is 
a single installation unit. 
RubyGems entirely manages its own filesystem space, rather 
than installing files into the "usual" places. This enables 
greater functionality and reliability. 

Using RubyGems, you can: 
- download and install Ruby libraries easily 
- not worry about libraries A and B depending on 
  different versions of library C 
- easily remove libraries you no longer use 
- have power and control over your Ruby platform! 

WWW: http://docs.rubygems.org/
freebsd-vm# 
Let's install it. The install requires ruby to be installed, so it installs that for us (if it's not currently installed). I enabled RDOC and DEBUG and disabled IPV6. (This may take a while, go grab some coffee)
freebsd-vm# make install
=> rubygems-1.2.0.tgz doesn't seem to exist in /usr/ports/distfiles/ruby.
=> Attempting to fetch from http://rubyforge.rubyuser.de/rubygems/.
rubygems-1.2.0.tgz                            100% of  241 kB  138 kBps
===>  Extracting for ruby18-gems-1.2.0_1
[...]
If `gem` was installed by a previous RubyGems installation, you may need
to remove it by hand.

===>   Registering installation for ruby18-gems-1.2.0_1
freebsd-vm# 
Now we need to install rails.
freebsd-vm# gem install rails
Successfully installed rake-0.8.1
Successfully installed activesupport-2.1.0
Successfully installed activerecord-2.1.0
Successfully installed actionpack-2.1.0
[...]
Installing RDoc documentation for actionpack-2.1.0...
Installing RDoc documentation for actionmailer-2.1.0...
Installing RDoc documentation for activeresource-2.1.0...
freebsd-vm# 
We need to install postgresql-server.
freebsd-vm# make search key=postgres | grep Path: | grep server
Path: /usr/ports/databases/aolserver-nspostgres
Path: /usr/ports/databases/erserver
Path: /usr/ports/databases/postgresql73-server
Path: /usr/ports/databases/postgresql74-server
Path: /usr/ports/databases/postgresql80-server
Path: /usr/ports/databases/postgresql81-server
Path: /usr/ports/databases/postgresql82-server
Path: /usr/ports/databases/postgresql83-server
Path: /usr/ports/finance/tinyerp-server
Path: /usr/ports/net/sipxcommserverlib
Path: /usr/ports/net-im/iserverd
freebsd-vm# 
Let's install version 8.3. In the options that came up, I selected Build with PAM support and left the other defaults.
freebsd-vm# cd databases/postgresql83-server/
freebsd-vm# make install
cd /usr/ports/databases/postgresql83-server && make config;
[...]
      For more information, and contact details about the security
      status of this software, see the following webpage: 
http://www.postgresql.org/
freebsd-vm# 
We need to set postgres to run at startup.
freebsd-vm# echo 'postgresql_enable="YES"' >> /etc/rc.conf
freebsd-vm# 
Initialize the database.
freebsd-vm# /usr/local/etc/rc.d/postgresql initdb
The files belonging to this database system will be owned by user "pgsql".
This user must also own the server process.

The database cluster will be initialized with locale C.
The default text search configuration will be set to "english".

creating directory /usr/local/pgsql/data ... ok
creating subdirectories ... ok
selecting default max_connections ... 40
selecting default shared_buffers/max_fsm_pages ... 28MB/179200
creating configuration files ... ok
creating template1 database in /usr/local/pgsql/data/base/1 ... ok
initializing pg_authid ... ok
initializing dependencies ... ok
creating system views ... ok
loading system objects' descriptions ... ok
creating conversions ... ok
creating dictionaries ... ok
setting privileges on built-in objects ... ok
creating information schema ... ok
vacuuming database template1 ... ok
copying template1 to template0 ... ok
copying template1 to postgres ... ok

WARNING: enabling "trust" authentication for local connections
You can change this by editing pg_hba.conf or using the -A option the
next time you run initdb.

Success. You can now start the database server using:

    /usr/local/bin/postgres -D /usr/local/pgsql/data
or
    /usr/local/bin/pg_ctl -D /usr/local/pgsql/data -l logfile start

freebsd-vm# 
Start up the database.
freebsd-vm# /usr/local/etc/rc.d/postgresql start
freebsd-vm#
Verify that postgres is working.
freebsd-vm# createdb test -U pgsql
freebsd-vm# dropdb test -U pgsql
freebsd-vm# 
There is a postgres GEM. Let's install it.
freebsd-vm# gem install postgres
Building native extensions.  This could take a while...
Successfully installed postgres-0.7.9.2008.01.28
1 gem installed
Installing ri documentation for postgres-0.7.9.2008.01.28...
Installing RDoc documentation for postgres-0.7.9.2008.01.28...
freebsd-vm# 
Now we can create a rails application (I switched to a non-root user).
freebsd-vm$ rails -d postgresql sample_rails_app
      create  
      create  app/controllers
      create  app/helpers
      create  app/models
      create  app/views/layouts
      create  config/environments
[...]
      create  log/server.log
      create  log/production.log
      create  log/development.log
      create  log/test.log
freebsd-vm$  
Setup the postgres user for your application
freebsd-vm$ createuser --username pgsql
Enter name of role to add: sample_rails_app
Shall the new role be a superuser? (y/n) n
Shall the new role be allowed to create databases? (y/n) y
Shall the new role be allowed to create more new roles? (y/n) n
freebsd-vm$ cd sample_rails_app/
freebsd-vm$ rake db:create
(in /usr/home/jasonn/sample_rails_app)
freebsd-vm$ 
Create a User scaffold
freebsd-vm$ script/generate scaffold User username:string password:string homedir:string ftp_disabled:boolean
      exists  app/models/
      exists  app/controllers/
      exists  app/helpers/
      create  app/views/users
      exists  app/views/layouts/
      exists  test/functional/
      exists  test/unit/
      exists  public/stylesheets/
      create  app/views/users/index.html.erb
      create  app/views/users/show.html.erb
      create  app/views/users/new.html.erb
      create  app/views/users/edit.html.erb
      create  app/views/layouts/users.html.erb
      create  public/stylesheets/scaffold.css
      create  app/controllers/users_controller.rb
      create  test/functional/users_controller_test.rb
      create  app/helpers/users_helper.rb
       route  map.resources :users
  dependency  model
      exists    app/models/
      exists    test/unit/
      exists    test/fixtures/
      create    app/models/user.rb
      create    test/unit/user_test.rb
      create    test/fixtures/users.yml
      create    db/migrate
      create    db/migrate/20080902231538_create_users.rb
freebsd-vm$ rake db:migrate
(in /usr/home/jasonn/sample_rails_app)
== 20080902231538 CreateUsers: migrating ======================================
-- create_table(:users)
NOTICE:  CREATE TABLE will create implicit sequence "users_id_seq" for serial column "users.id"
NOTICE:  CREATE TABLE / PRIMARY KEY will create implicit index "users_pkey" for table "users"
   -> 0.0645s
== 20080902231538 CreateUsers: migrated (0.0665s) =============================

freebsd-vm$ 
Start up the server and visit http://localhost:3000/users (you may need to substitute your IP address)
freebsd-vm$ script/server
=> Booting WEBrick...
=> Rails 2.1.0 application started on http://0.0.0.0:3000
=> Ctrl-C to shutdown server; call with --help for options
[...]
Create some users, your Rails app is up and running.

Labels: , , ,