How to Install SELinux on Ubuntu 22.04

A remote desktop lets you control your computer from wherever you are, which is super handy for working or fixing issues. For users of Ubuntu, TightVNC Server is one such stand-alone option to opt for. This software uses VNC to remotely view and control your computer's screen. This tutorial covers the TightVNC Server installation on Ubuntu. We'll guide you through installation and show you how to secure your connection. What is TightVNC TightVNC is a remote desktop application built on the VNC protocol. With this tool, you can control and view your Linux computer on a different machine, whether it is a laptop or a mobile. This software also compresses data and optimizes bandwidth, so it is extremely beneficial for low latency, low-speed internet. This software is used quite frequently by developers and administrators to access servers from far away and to debug everything. Why Use TightVNC Server  TightVNC possesses some great benefits to Ubuntu users: Resource-Efficient: Since it does not require a lot in terms of resources, it is appropriate for low-power PCs and works well on old computers. Multi-Platform Compatibility: It is compatible with other operating systems thus you can use your setup from various devices, e.g., tablets, windows computers, and even Macs. Customizable Configurations: You can customize the tool to your needs. You can utilize your own ports, use secure tunnels for the sake of security, or use less technical desktop environments so that all the things remain light and fast. Cost-Free Solution: It's an open-source project, so the software is completely free for both business and personal use. Prerequisites  Ensure you have: Ubuntu OS: This tutorial applies to Ubuntu 20.04 and newer versions. Desktop Environment: A GDE like LXDE should be installed. Superuser Access: Administrative privileges are must for installation. Internet Access: Stable connectivity for downloading packages. Step 1: Update System Initially, upgrade your system so that all processes work perfectly and there are no issues during the installation. Run: sudo apt update && sudo apt upgrade -y The command updates outdated programs and also puts the list of software on your computer in a refreshable state. Step 2: Install TightVNC Server Now, install the TightVNC server package using the following command to enable the remote desktop functionality.  sudo apt install tightvncserver -y This installs the core software. The -y flag automatically confirms the installation prompt, ensuring the process is uninterrupted.  Once completed, the application will be ready for further configuration. Step 3: Install a Graphical Desktop Environment (GDE) TightVNC requires a GDE and LXDE is recommended due to its lightweight nature: sudo apt install lxde -y By restricting the utilization of resources, LXDE provides your system with more space for your real work. It is particularly useful if your server is low in RAM and CPU. Step 4: Configure TightVNC  Configuration is crucial in installing the tool to your specifications. To ensure proper operation, do the following: Initialize Session Run TightVNC server to create your initial session: tightvncserver It will ask you to create a remote access password during initialization. This password guarantees only approved users may connect. Stop the Server for Configuration To modify default settings, first stop the server: tightvncserver -kill :1 Stopping session :1 allows you to edit the startup file without interruption. Edit Startup Script Create or modify the startup file: nano ~/.vnc/xstartup Add the below-provided configuration: xrdb $HOME/ .Xresources xsetroot -solid grey export XXL_XMODMAP_DISABLE=1 /etc/X11/Xsession /usr/bin/startlxde These commands start an X11 session with a graphical desktop. They start user configuration, set the background color, disable custom keyboard mappings, initalize the session, and start the LXDE environment. Then assign the correct permissions to ensure it executes properly: sudo chmod 755 ~/.vnc/xstartup Step 5: Start the Server Restart the server to ensure correct configurations are applied: tightvncserver The session number (e.g., :1) displayed in the output allows for remote connection. Step 6: Connect to the System Remotely Now it’s time to connect to your server using the TightVNC Viewer or any compatible VNC client. First, get your server’s IP address using: hostname -I Then use the below instructions: Start the VNC client on your local device. Input the server address in the form of ip_address:session_number. For example: 192.168.X.X:590X. Type in the VNC password that you have set earlier. Once connected, the graphical interface is remotely manageable. Step 7: Secure TightVNC Server Remote access involves potential security risks, so it’s important to secure your server connection. Use SSH Tunneling To encrypt your connection, create an SSH tunnel: ssh -L 5901:localhost:5901 user@your_server_ip Replace user and your_server_ip with your server details. Access the VNC session via localhost:5901 in the VNC Viewer. Restrict Port Access Use the system firewall to allow connections only from trusted IPs: sudo ufw allow from your_trusted_ip to any port 5901 Replace your_trusted_ip with the IP of your local machine. Step 8: Stop and Manage the Server You can stop a session to save resources when it’s not needed: tightvncserver -kill :1 This disables the active connection without uninstalling the server. Troubleshooting Common Issues If you encounter problems during setup or remote access, these solutions may help: Blank Screen After Connection If TightVNC only shows a blank or gray screen, try these solutions: Kill all VNC sessions: Conflicting sessions can cause display issues. tightvncserver -kill :session_number Once done, run the server again: tightvncserver Restart the System: A simple reboot can resolve graphical glitches and session conflicts: sudo reboot Specify the Display Screen: Ensure the correct display screen is used by setting the DISPLAY variable: export DISPLAY=:1 This will allow remote access to the login screen via Xorg. Also, don’t forget to include startxfce4 in the xstartup file. Remove Lock Files: Leftover lock files can interfere with graphical sessions: sudo rm -rf /tmp/.X*-lock /tmp/.X11-unix/X* Unable to Connect Confirm the port (e.g., 5901) is open: sudo ufw status Open the port if necessary: sudo ufw allow 5901/tcp Session Won’t Start Check for logs in the .vnc directory: cat ~/.vnc/*.log Client Rejected from Localhost Some VNC servers might only listen on localhost by default. To fix the issue, run: vncserver -localhost no Integrating TightVNC with Cloud Platforms You can expand the application usability by integrating it with cloud services for remote accessibility. Apply the following instructions: Open ports required for TightVNC through the cloud platform’s security group settings (e.g., port 5901 for VNC sessions). Use SSH tunneling to secure access: ssh -i your-key.pem -L 5901:localhost:5901 user@cloud_server_ip Customizing TightVNC Viewer Settings Overlooked client settings can really boost usability and security. Add a View-Only Mode for Specific Users In case someone needs to monitor activity without interacting with the desktop: Set a view-only password: tightvncpasswd -viewonly Provide the user with the view-only password while keeping control of the main session. Integrating TightVNC with Scripts Automation can streamline workflows for repetitive tasks or multi-session setups.  Batch Start Multiple Sessions Write a script to launch multiple VNC instances simultaneously: nano ~/start-vnc-sessions.sh Add: #!/bin/bash tightvncserver :1 tightvncserver :2 tightvncserver :3 Make the script executable: chmod +x ~/start-vnc-sessions.sh Run the script: ./start-vnc-sessions.sh Conclusion TightVNC Server installation on Ubuntu allows secure remote desktop access with maximum accessibility and productivity. This tutorial has given you an optimized and secured environment through which you can remotely access your system. For remote access for troubleshooting purposes, server management, and so on, TightVNC offers simple management with maximum resource utilization.

Let’s look at the process of installing Samba software on a cloud server with the Ubuntu 22.04 operating system. This guide is also suitable for installing Samba on Debian. Let’s start with a brief description of this software. What is Samba Samba is a software package developed to provide compatibility and interaction between UNIX-like systems and Windows. The software has been distributed under a free license for over 30 years. Samba ensures seamless integration of servers and PCs running UNIX into an AD (Active Directory) system. This software can be used as a controller and as a standard component of a domain. Thus, users can flexibly configure cloud file storages. Samba provides extensive functionality for managing file and database access rights by assigning specific user groups. Creating a New Server Go to the control panel and create a new server.  Select the Ubuntu 22.04 image and then the minimum server configuration.  After creating the server, connect to it via SSH, and you can begin configuration. Adding a User This is simple — enter the command: sudo useradd -p new_server_pass new_server_user Instead of new_server_pass and new_server_user, you can use any password and any username. Enter your own data instead of the example ones. Note that we immediately set the password, which was possible thanks to the -p command. Installing Samba on Ubuntu For convenience, we have broken the installation process into separate steps. Step 1. Preparation To start the installation process, use the following command: sudo apt install samba -y Now you need to remember the system name of the service. In most cases, it is smbd. Therefore, if you want to call the service, use this name. First, let’s configure autostart, which is done with the command: sudo systemctl enable smbd Now start it using the familiar command: sudo systemctl start smbd Then check the system status using: sudo systemctl status smbd To stop Samba, use: sudo systemctl stop smbd To restart the service, enter: sudo systemctl restart smbd If you want Samba to no longer start automatically, use the command: sudo systemctl disable smbd The reload command is used to refresh the configuration. The following command will forcibly open port 445, as well as 137–139. To allow them in the ufw firewall, use: sudo ufw allow Samba Step 2. Configuring Anonymous Access Suppose you have some remote server located outside your cloud. Network security rules require that you never open direct access to it through its IP. You can only do this through a tunnel, which is already set up. Typically, servers with granted access have the address 10.8.0.1, and this is the address we will use further. To share data and grant anonymous access to it, first open the configuration file. It is located here: /etc/samba/smb.conf. We recommend making a backup of the clean file — this will help you quickly restore the original program state without needing to reinstall. Now remove all comments, leaving only the code, and enter the command testparm to ensure the program works properly. In the shared folder settings, enter the following parameters: [share]     comment = share     path = /data/public_share     public = yes     writable = yes     read only = no     guest ok = yes Also, make sure that the following four fields (mask and mode) have matching numeric values (for example, 0777). Regarding the specific lines: [share] — the name of the shared folder, which will be visible to everyone connecting to your server; comment — a comment that can be anything; path — the path to the data storage folder; public — gives permission for public access: if you do not want users to view the folder contents, set this to no; writable — determines whether data can be written to the folder; read only — specifies that the folder is read-only: to allow users to create new files, set it to no; guest ok — determines whether guests can access the folder. Thus, the folder name and path may differ depending on what values you specify for the shared folder. The comment can also be anything, and for the last four parameters, values are set as yes or no. Now restart the program and check if you can connect to the server from Windows. Step 3. Configuring Access by User Credentials To create access by login and password, you first need to create a new directory and configure permissions. In the configuration file, set all parameters to no (see above), except writable: in this line, the value should be yes, meaning that writing in the folder should be enabled. Use the mkdir command to create a new directory, then create a user with useradd someone (where someone can be any username) and set a password for them with the command passwd. For example: passwd something Now, with the command below, add the new user and try to log in: if everything is configured correctly, you will have access to the folder. sudo smbpasswd -a someone Step 4. Configuring Group Access Configuring group access is necessary when you need to create restricted access for specific user groups. In smb.conf, after the line guest ok, additionally specify the following lines (all usernames here are generated simply for example): valid users = admin, mary_smith, jane_jameson, maria ortega, nathalie_brown write list = admin, nathalie_brown In the valid users line, list the users who are granted access to the directory. And in the write list, list those who can modify data in the folder. In addition, after the force directory mode line, add another line with the following value: inherit owner = yes This enables inheritance of created objects. Now save the settings and restart the service, after which the new settings should take effect. Step 5. Connecting to Samba from Windows and Linux For quick connection to Samba from Windows, press Ctrl+E and enter the path. Note that you need to use \\ to indicate the network path to the resource. And to avoid reconnecting to the server each time, you can choose the option to connect the resource as a drive, if your security policy allows it. In the new window, specify the drive letter and fill in the required data. For connecting to Samba from Linux, you use the cifs utilities, which are installed with the command: sudo apt install cifs-utils -y Next, the resource is mounted and connected. This is done with: sudo mount.cifs //10.8.0.1/our_share /share The path and resource name can be anything. You can also perform automatic mounting using the configuration file fstab with its own settings. Step 6. Configuring the Network Trash Bin This operation is needed to avoid accidental permanent deletion of files. For this, create the following directory: [Recycle]     comment = Trash for temporary file storage     path = /directory/recycle     public = yes     browseable = yes     writable = yes     vfs objects = recycle     recycle:repository = .recycle/%U     recycle:keeptree = Yes     recycle:touch = Yes     recycle:versions = Yes     recycle:maxsize = 0     recycle:exclude = *.tmp, ~$*     recycle:exclude_dir = /tmp Now, let’s review line by line what these parameters mean: vfs objects = recycle — indicates use of the corresponding subsystem; repository — the path for storing deleted data; keeptree — whether to keep the directory tree after deletion; touch — whether to change the timestamps of files when they are moved to the trash; versions — whether to assign a version number if files with identical names are deleted; maxsize — the maximum size of a file placed in the trash. A value of 0 disables limits; exclude — which file types to exclude; exclude_dir — which directories to exclude. Conclusion That’s it — now you know how to install Samba on an Ubuntu cloud server and configure it for your own needs.

A server administrator often has to work with user accounts — adding, deleting, and configuring access modes. Removing outdated user accounts is one security measure that can significantly reduce the number of vulnerabilities in the system. The Linux utilities deluser and userdel are used for deletion. However, before proceeding directly to deleting a user, we must take certain steps. In this article, we will explore how to delete a user in Ubuntu without compromising the system. At the same time, we will preserve the ability to access the user’s home directory files after deletion. In this article, we will work with the user hostman, which was created beforehand. This article will primarily focus on removing an Ubuntu user via the terminal, but we will also provide instructions for deleting a user account through the graphical interface. Please note that you will need superuser privileges to work with user accounts. The instructions will be suitable for any cloud server running Ubuntu OS. Checking the User Account First, you need to check whether the user is currently logged into the system. This will affect further steps: if the user is currently authorized on the server, you will need to terminate their connection and change the password. Check the list of users authorized in the system using the who utility or its alias w: who If you see that the user hostman is authorized, you need to check which processes are running under this user. This is a necessary step because if background operations are being performed, Ubuntu 22.04 will not allow us to delete the user. Check with the ps utility: sudo ps -u hostman As a result, you might see a response like this:    PID TTY          TIME CMD 1297129 pts/2    00:00:00 bash 1297443 pts/2    00:00:00 htop For testing purposes, we launched the htop utility under the hostman account, which is running in the background. Blocking Access Before stopping the user’s processes, you need to block their access to the system. You can do this by changing their password. User passwords are stored in the system in encrypted form in the /etc/shadow file. This file is readable only by the root user, and in addition to password hashes, it contains their expiration information. There is a special utility that allows you to remove a user’s password in Ubuntu — passwd. To restrict access, we will use the passwd utility with the -l (or --lock) flag, which puts the utility into lock mode: sudo passwd -l hostman As a result, the utility will add an exclamation mark at the beginning of the encrypted password string. That is all that is needed to prevent the user from logging in again since the hashes will no longer match. Killing Processes In Ubuntu, you cannot delete a user via the console if any processes are running under their name. To terminate a process, you can use one of the following commands: kill — deletes a process by its identifier. You can determine the IDs of the hostman user processes with: top -U hostman or ps -u hostman pkill — deletes a process by its name. For example, if the user hostman has launched the top process, you can terminate it with: sudo pkill top killall — deletes all processes, including child processes. Often, a process will launch many so-called subprocesses; stopping them by name or identifier can be complex and time-consuming. We will use the last command to reliably kill all user processes: sudo killall -9 -u hostman The -9 flag means the processes will receive a SIGKILL signal. This means the process will be forcibly terminated, since this signal cannot be ignored or blocked. Essentially, it is equivalent to a “force quit” of a non-responding program in graphical operating systems. After completing the user’s processes, they will no longer be authorized in the system. You can verify this using the who command. Since we locked the login in the previous step, the hostman user will not be able to log in again. Optional — Archiving the Home Directory Quite often, when deleting a Linux user account, you may need to keep its home directory, which might contain important files required either by the user or by the organization you are serving as an administrator. The built-in Ubuntu utilities allow you to remove a user while keeping their home directory. However, this is not recommended for two reasons: Disk Space — the user’s home directory may contain a large amount of data. It is irrational and excessive to store data from all outdated accounts on the main work disk. Over time, you might run out of space for new users. Data Relevance — it is good practice to keep the /home directory containing only the directories corresponding to active user accounts. Keeping this list in order helps with administration. We will use the tar utility to archive the home directory of the hostman user: sudo tar -cvjf /mnt/nobackup/hostman.homedir.tar.gz /home/hostman Let’s go over the arguments and flags: -c — creates the resulting .tar archive file -v — enables verbose mode, showing debugging information and listing archived files -z — creates a compressed .gz archive -f — indicates that the first argument will be used as the archive name The first argument is the final location of the archive. In our example, we place the archive with the user’s home directory on the nobackup disk, which, as the name implies, is not subject to backup. The second argument is the path to the directory from which the archive is created. Stopping Scheduled Jobs Before deleting a user in Ubuntu, it is recommended to stop all cron scheduler tasks launched by that user. You can do this with the crontab command. We will launch it under the hostman user with the -u flag and switch it to delete mode with the -r flag: sudo crontab -r -u hostman Now you can be sure that after deleting the user account, no unknown scripts will be executed for which no one is responsible. Deleting the User Once all the previous steps have been completed, it is time to proceed with the main task: deleting the Ubuntu user. There are two ways to do this: the deluser and userdel utilities. To delete the user account, we will use the deluser utility. Running it without parameters will delete the user account but leave their home directory and other user files intact. You can use the following flags: --remove-home — as the name suggests, deletes the user’s home directory --remove-all-files — deletes all system files belonging to the user, including the home directory --backup — creates an archive of the home directory and mail files and places it in the root directory. To specify a folder for saving the archive, use the --backup-to flag. As you can see from the parameter descriptions above, manually archiving the user’s home directory is not strictly necessary — deluser can do everything for you. In addition, with deluser you can remove a user from a group in Ubuntu or delete the group itself: sudo deluser hostman administrators The command above removes the user hostman from the administrators group. Let’s proceed with the complete deletion of the user and the hostman group without preserving the home directory: sudo deluser --remove-home hostman Deleting the User via Graphical Interface The entire article above is about how to delete a user in the Ubuntu terminal. But if you have a system with a graphical interface, you can delete a user in just a few simple steps. Open the Users section in System Settings. To switch to superuser mode, click the Unlock button. After that, the Delete User button will become active. When you click it, a dialog box will appear, offering to delete the user’s files, specifically those in the home directory. Conclusion Deleting a user in Ubuntu is not difficult; you just need to use the deluser utility with the required parameters. However, in this article, we described several steps that will help you safely delete a user account while preserving the system’s stability.