/home/bill/System_maintenance/ssh/thunderblog notes.txt www.BillHowell.ca 18Dec2015 initial INNS-Diversity@BillHowell.ca diversity_public pe5t0fdv ******************* Ideas BBS_blog? - text-based and MUCH faster from remote +-----+ WOW!! - X11 options!!! Maybe crucial? May Already Be The Case? : https://developer.mozilla.org/en-US/docs/Mozilla/Command_Line_Options X11 options - These options are only available for an application build for and running atop the X11/X.org display and window system to be found on Linux and other Unix-based systems. +-----+ For multiple users? https://developer.mozilla.org/en-US/docs/Mozilla/Command_Line_Options -new-instance Open new instance, not a new window in running instance, which allows multiple copies of application to be open at a time. +-----+ Can Thunderbird be left on ALL the time, and users simply "join in"? Notes : - A file lock is activated with each user, - I'm not sure what the implications are of redundant files. ****************** Problems Login failure Insecure password transmission 22Dec2015 - about:config settings 22Dec2015 Multiple 22Dec2015 How do I change "mailbox:"? ********************* ********************* ************************ 22Dec2015 21:54 Is there really a need to run batch_access.sh before each user runs thunderbird? watson - login fails, why? was she properly set up as a user? ...check later in week **************** 22Dec2015 Check functioning of Thunderbird setup Test vellasco I forgot to run batch_users.sh, so bill owned several files However - it's interesting because it did work!?? Maybe all my fancy stuff for 4 days was useless! Try miikkulainen same way to see what happens : >> Works, some files owned by some people, others other people??? **************** 22Dec2015 Working in cripple mode - current status My setup of Thunderbird "sort of" works now, at least with users [bill,vanwagner]. Unfortunately it requires : - superuser resetting of .thunderbird/ file permissions before each usage, which is a pain, and a no-go for almost all users but me. (maybe umask can help here - but I understood that it can only tighten permissions, not loosen them) - write access for users that only have diversity_public group membership, which is probably too open a status! - setup details as shown below the instructions subsection +-----+ To use Thunderbird : bill$ sudo bash /home/diversity/diversity_public/bin/batch_thunderbird.sh $ thunderbird & +-----+ +-----+ File setups : +-----+ GW: /home/diversity/diversity_public/bin/batch_thunderbird.sh chown -R thunderbird /home/diversity/diversity_public/.thunderbird chgrp -R diversity_member /home/diversity/diversity_public/.thunderbird chmod -R u=rwx /home/diversity/diversity_public/.thunderbird chmod -R g=rwx /home/diversity/diversity_public/.thunderbird chmod -R o=rwx /home/diversity/diversity_public/.thunderbird This way - no user can change permissions, as "thunderbird" is alone in its own group. +-----+ GW: /home/diversity/users//.thunderbird/profiles.ini [General] StartWithLastProfile=0 [Profile0] Name=INNS-Diversity IsRelative=0 Path=/home/diversity/diversity_public/.thunderbird/dxb80ksb.INNS-Diversity Default=0 +-----+ GW: /home/diversity/diversity_public/.thunderbird/dxb80ksb.INNS-Diversity/virtualFolders.dat version=1 +-----+ +-----+ Thunderbird -> Account Settings +-----+ Thunderbird -> Account Settings -> INNS-Diversity@BillHowell.ca -> Server Settings -> Local directory : /home/diversity/diversity_public/.thunderbird/dxb80ksb.INNS-Diversity/Mail/mail.billhowell.ca +-----+ Thunderbird -> Account Settings -> Local Folders -> Local directory : /home/diversity/diversity_public/.thunderbird/dxb80ksb.INNS-Diversity/Mail/Local Folders +-----+ Current security is BAD! : Thunderbird -> Account Settings -> INNS-Diversity@BillHowell.ca -> Server Settings -> Security Settings -> : . Connection security : None . Authentication method : Password, transmitted insecurely **************** 22Dec2015 Re-test bill$ thunderbird & now that the user-owner "thunderbired" has been created bill$ thunderbird & >> NUTS!!! bill's call simply creates : . "Local Folders-2" . mail.billhowell-3.ca .. So thunderbird must look for directory owned by bill? Unfortunately, bill simply created new [Mail, Local Folders, etc] Is there a setting to PREVENT creating a [new account, Mail, Local Folders]s? .. Check issue of multiple users http://askubuntu.com/questions/325990/how-do-i-set-up-thuderbird-for-multiple-email-accounts-in-ubuntu >> Gives me an idea - just add names of users to profile.ini, pointing to same directory : /home/diversity/diversity_public/.thunderbird/dxb80ksb.INNS-Diversity/profiles.ini .. Now try vanwagner to see if NEW [Mail, Local files] directories set up ***************** 22Dec2015 Set file Access Control List for /home/diversity/diversity_public/.thunderbird *************** 22Dec2015 Thunderbird - prevent user from "taking over" Thunderbird files see /home/bill/System_maintenance/ssh/thunderbird notes.txt +-----+ bill$ sudo bash /home/bill/diversity/batch_access.sh >> As per 21Dec2015 below, check permissions for : GW::/home/diversity/diversity_public/.thunderbird/dxb80ksb.INNS-Diversity/ : . cert_override.txt . folderTree.json . Invalidprefs.js => Ah Hah! - maybe a clue! . prefs.js . sessionCheckpoints.json . session.json .d startupCache . virtualFolders.dat . xulstore.json PLUS : . Mail/Local-Folders-1 . mail.billhowell-2.ca +-----+ Simple way to control : In GW://home/bill/diversity/batch_access.sh, add line : chmod -R u=rx 22Dec2015 Reset permissions for Thunderbird (get rid of vanwagner restrictions) following up on yesterday GW://home/bill/diversity/batch_access.sh For GW://home/diversity/diversity_public/.thunderbird : chown -R diversity_thunder chgrp -R diversity_member chmod -R g=rwx chmod -R o=rwx This way - no user can change permissions ****************** 22Dec2015 profiles.ini again +-----+ [General] StartWithLastProfile=0 (instead of 1) [Profile0] Name=INNS-Diversity IsRelative=0 Path=/home/diversity/diversity_public/.thunderbird/dxb80ksb.INNS-Diversity +-----+ .. check ownership & permissions for thunderbird bill$ ls -l /home/diversity/diversity_public/.thunderbird/dxb80ksb.INNS-Diversity (but not .../Mail/Local%20Folders/Unsent%20Messages) >> OK bill$ thunderbird & >> STILL opens account to restart setup! .. Do I have to specify profile on startup?, something like : bill$ thunderbird -profile "/home/diversity/diversity_public/.thunderbird" >> NUTS, still wants to start brand new. .. Go through startup of mail account anyways, then check file permissions >> LOTS of error messages, still wants to restart from new! .. Close Thunderbird, retstaRT again >> NUTS!! bill = [owner, group] for : addons.json blocklist.xml directoryTree.json folderTree.json prefs.js sessionCheckpoints.json session.json virtualFolders.dat xulstore.json >> Mail & sub-folders : >> -> OK, still : diversity_member [owner], diversity_public [group] >> Why is "Local Folders-1" being used instead of "Local Folders"?? >> STRANGE : nemo doesn't show "Local Folders-1" but command line does!!!!??? >> profiles.ini : same as setins in /home/bill/.thunderbird/profiles.ini WOW!!! bill just set up NEW mail folder DIRECTLY in .thunderbird!! >> This will cause problems, I should have set : bill$ thunderbird -profile STOP for now - solve ACLs first!! *************** 22Dec2015 Thunderbird command line options https://developer.mozilla.org/en-US/docs/Mozilla/Command_Line_Options thunderbird -ProfileManager >> Runs create identity etc ... later *************** 22Dec2015 about:config -> changes to settings following up on yesterday : "Tools -> Options -> Advanced -> General -> Config Editor (button)". ..DEFAULT : maybe this is the key!!! mail.identity.default.draft_folder default string mailbox://nobody@Local%20Folders/Drafts >> what's "mailbox:" => is this a specific directory? ..Also - any reference with "mailbox:", eg : mail . default_sendlater_uri String Defines the Unsent Message folder used by the Send Later button. Defaults to mailbox://nobody@Local%20Folders/Unsent%20Messages ..I changed Unsent "mailbox://nobody@" to "/home/diversity/diversity_public/.thunderbird/dxb80ksb.INNS-Diversity/Mail/Local%20Folders/Unsent%20Messages" ..Restart thunderbird >> This setting stuck! .. I did Drafts, Templates, Sent ..OOPS!! WRONG! None of those goes in Local Folders!!!! ..What I need to do is redefine "mailbox:" >> Result : no hits after previous changes to [Unsent,Sent,Drafts,Templates] Didn't I see something about forced user names (government or something) Error : when I cancelled out of thunderbird (or did I?), the connection "locked up"! Was this die to my launching "thunderbird -ProfileManager" in my normal desktop? I simply closed the terminal while it was still running - VAMOOUS! everything GW: disappeared, but not in separatye workshape! (cool) *************** 22Dec2015 Reset permissions for Thunderbird (get rid of vanwagner restrictions) following up on yesterday GW://home/bill/diversity/batch_access.sh For GW://home/diversity/diversity_public/.thunderbird : chown -R diversity_member chgrp -R diversity_public chmod -R g=rx chmod -R o-rwx bill$ sudo bash /home/bill/diversity/batch_access.sh >> As per 21Dec2015 below, check permissions for : GW::/home/diversity/diversity_public/.thunderbird/dxb80ksb.INNS-Diversity/ : . cert_override.txt . folderTree.json . Invalidprefs.js => Ah Hah! - maybe a clue! . prefs.js . sessionCheckpoints.json . session.json .d startupCache . virtualFolders.dat . xulstore.json PLUS : . Mail/Local-Folders-1 . mail.billhowell-2.ca bill$ cd /home/diversity/diversity_public/.thunderbird/dxb80ksb.INNS-Diversity/ bill$ ls -l >> OK - no vanwagner [ownership,group] bill$ cd Mail bill$ ls -l >> OK - no vanwagner [ownership,group] ..Test bill$ thunderbird & >> Error message that Thunderbird is already running - must close .. Check pids for thunderbird (I've forgotten how!) bill$ pidof thunderbird >> nothing returned, maybe thunderbird chokes on changes to permissions? bill$ ps (process status) >> thunderbird NOT listed! ..OOPS, my permissions are WRONG!! ..As before, as a emporary fudge, use GW://home/bill/diversity/batch_access.sh For GW://home/diversity/diversity_public/.thunderbird : chown -R diversity_member chgrp -R diversity_member chmod -R g=rwx chmod -R o=rwx bill$ thunderbird & >> Thunderbird opens, but of course starts all obver again... >> Next -> about:config ************** 21Dec2015 reset permissions of 4 ?jsob? files in .thunderbird extensions This is the simplest thing to do & test, so try it see GW::/home/diversity/diversity_public/.thunderbird/dxb80ksb.INNS-Diversity/ : . cert_override.txt . folderTree.json . Invalidprefs.js => Ah Hah! - maybe a clue! . prefs.js . sessionCheckpoints.json . session.json .d startupCache . virtualFolders.dat . xulstore.json PLUS : . Mail/Local-Folders-1 . mail.billhowell-2.ca Look first at prefs.js - can't open because of prefs - bill$ sudo gedit prefs.js +-----+ Content : Do not edit this file. ... changes will be overwritten when the application exits. To make a manual change to preferences, you can visit the URL about:config +-----+ Ok, what to do with that? http://kb.mozillazine.org/About:config about:config is a feature of Mozilla applications which lists application settings (known as preferences) that are read from the profile files prefs.js and user.js, and from application defaults. Many of these preferences are not present in the Options or Preferences dialog. Using about:config is one of several methods of modifying preferences and adding other "hidden" ones. This article is a companion article for about:config entries where the most important about:config variables are described. n Thunderbird 1.5 or later, about:config is accessed via "Tools -> Options -> Advanced -> General -> Config Editor (button)". To access this and other about:* functions more easily in Thunderbird, you can use ViewAbout add-on. http://kb.mozillazine.org/About:config_entries ++++++ http://kb.mozillazine.org/Mail_and_news_settings ++++++ mail . accountmanager . accounts String Comma separated list of existing accounts. If its not listed here its ignored. mail . accountmanager . appendaccounts String Comma separated list of pre-configured accounts that a ISP / Vendor wants to add to the existing accounts list mail . accountmanager . defaultaccount String Name of default account. mail . accountmanager . localfoldersserver String Name of the pseudo account for Local Folders. mail . account . account# . identities String Comma separated list of identities. If its not listed here its ignored. See Multiple identities per e-mail account. DEFAULT : maybe this is the key!!! mail.identity.default.draft_folder default string mailbox://nobody@Local%20Folders/Drafts >> what's "mailbox:" => is this a specific directory? Also - any reference with "mailbox:", eg : mail . default_sendlater_uri String Defines the Unsent Message folder used by the Send Later button. Defaults to mailbox://nobody@Local%20Folders/Unsent%20Messages Maybe this is causing a problem!! User.js You can also create an optional user.js file in the same directory as prefs.js. It is mainly used by administrators to set the same settings in several profiles. It is recommended that you don't use it since any settings you add to it will be merged into prefs.js when Thunderbird starts, preventing permanent changes using the Config Editor. ******************** 19Dec2015 Thunderbird startup - forced to re-startup each time /home/diversity/users//.thunderbird/profiles.ini Name=default >> try Universal name diversity_public 20Dec2015 In profiles.ini & "Mail Account Setup" Set username to "INNS-Diversity" for ALL diversity users!! Both Incoming & Outgoing : . Email address: INNS-Diversity@BillHowell.ca . server host : mail.billhowell.ca, SSL : STARTTLS, . Auth: Encrypted password, Username: INNS-Diversity Incoming POP3 : Port : should port be 110 (NOT 21) . I CHECKED THIS with my normal Thunderbird!! Outgoing SMTP : Port 587 >> Setup is OK for Bill, but won't download Draft & save message - se if vanwagner can see it >> nyet check if "bill" owns setup >> NO - diversity_public set PATH=/home/diversity/diversity_public/.thunderbird/dxb80ksb.INNS-Diversity >> forgot to rename the directory! bill$ thunderbird & >> NYET - Account settings can't even find the Incoming account! set account settings incoming mail >> OK - works like a charm for bill! Now - fix profiles.ini for vanwagner >> nyet - error msg : WARN Extensions /home/diversity/diversity_public/.thunderbird/dxb80ksb.INNS-Diversity/extensions.json exists but is not readable, rebuilding... >> check ownership NUTS - several files overwritten & owned by vanwagner One of blogs told how to avoid this, but which? >> Ahh! see /home/bill/System_maintenance/ssh/user notes.txt . I've attempted to fix the problem Just try the umask as it is. 1st - reset file permissions for /home/diversity/diversity_public/.thunderbird using /home/bill/diversity/batch_access.sh I added the line chown -R diversity_public /home/diversity/diversity_public/.thunderbird bill$ sudo bash /home/bill/diversity/batch_access.sh now try thunderbird with bill >> Thunderbird won't open! try with vanwagner >> Thunderbird opens - but . it has lost mail setup (again!) . all setups (menus etc) lost and yet - new "Help" mailbox folder is still there So - re-setup! >> vanwagner OK >> it logs into mail server! try sending an email to INNS-Diversity@BillHowell.ca from webmail : >> login failure (password?) try connection security : STARTTLS; authentication : normal (instead of encrypted) >> authentication failed try connection security : none; authentication : Password transmitted insecurely) (??? check my normal email on Lenovo : SAME THING! (idiot!!) ) >> Failed again. => worry about this later Try bill$ >> NUTS! All is lost again >> profiles.ini - remains as I set it, Later, but perhaps change : . Default=1 to Default=0 (or INNS-Diversity, or diversity_public) ??? . try umask on [directory, files] Try vanwagner right now >> NUTS!! all is lost again!! profiles.ini - I set Default=0 >> It created another "Local Folders-1"!!! Also versions [1,2] made this afternoon of : /home/diversity/diversity_public/.thunderbird/dxb80ksb.INNS-Diversity/Mail/mail.billhowell.ca Error msg : Something went wrong loading the provider list JSON file. Going into offline mode. changed file owned by vanwagner : /home/diversity/diversity_public/.thunderbird/dxb80ksb.INNS-Diversity/ : . cert_override.txt . session.json . sessionCheckPoints.json . xulstore.json Three of the four were changed since 18:00 - i.e. AFTER setting umask!? Can I see a list of umasks in effect? 18:47 -> I have to quit and do other priorities ************* 18Dec2015 Thunderblog file permissions from /home/bill/diversity/batch_access.sh : I added lines : # 18Dec2015 16:09 thunderbird needs write priviledges for those who access # but then either diversity_public can destroy it, or cannot see it! # worry about that later, just give write priviledges bill$ sudo bash /home/bill/diversity/batch_access.sh Final things for now : 1. copy profile.ini to all users bill$ sudo bash /home/bill/diversity/batch_profiles.sh >> done - see 2. set permissions via bill$ sudo bash /home/bill/diversity/batch_access.sh >> couple of glitches (need the "x" access!!), but OK for now *************** 18Dec2015 Thunderblog - shared setup Thunderblog - bill is user (u, owner) +-----+ Test mailbox write protection on Toshiba laptop read-only bill >> won't start up full access, R&W bill, but read-only group bill >> OK, looks like it will work for bill, >> but perhaps NOT for others? -> test on DiversityGW +-----+ Setup on DiversityGW +-----+ bill's Thunderblog I copied : /home/bill/.thunderbird To : /home/diversity/diversity_public/.thunderbird changed profile.ini [Profile0] Name=default IsRelative=0 Path=/home/diversity/diversity_public/.thunderbird/dxb80ksb.default Default=1 >> This worked beautifully!! nemo : for .thunderbird directory & contents : . set group = diversity_public . set permissons = read-only +-----+ Test multi-group blog - with No visibility for other groups! vanwagner Thunderblog login Workspace 3 I copied from : /home/diversity/diversity_public/.thunderbird To : /home/diversity/users/vanwagner/.thunderbird vanwagner$ thunderbird >> no workee : stupid nemo DOESN'T recursively set permissions!! >> I should do it all from bash!! command line edited /home/bill/diversity/batch_access_temp.sh : # 18Dec2015 13:59 chgrp -R diversity_public /home/diversity/diversity_public/.thunderbird chmod -R g=rx /home/diversity/diversity_public/.thunderbird chmod -R o=rx /home/diversity/diversity_public/.thunderbird bill$ sudo bash /home/bill/diversity/batch_access_temp.sh >> OK vanwagner$ thunderbird >> gives error already running, and won't open >> probably due to access controls, so try : /home/bill/diversity/batch_access_temp.sh : # 18Dec2015 14:59 #chgrp -R diversity_public /home/diversity/diversity_public/.thunderbird chmod -R g=rwx /home/diversity/diversity_public/.thunderbird #chmod -R o=rx /home/diversity/diversity_public/.thunderbird bill$ sudo bash /home/bill/diversity/batch_access_temp.sh >> YIKES! the mail & local folders directories disappeared : /home/bill/.thunderbird/i9018xtp.default/Mail/Local Folders >> I don't understand. Try : bill$ thunderbird >> runs, but no emails (makes sense - I've lost the mailboxes!!) >> Pain in the butt - try to re-start email listings ... >> OK - note that startup of vanwagner thiunderbird unsucessful, possibly because I was working on it as bill? vanwagner$ thunderbird & >> OK, starts, but the newly created "Mail" directory has group bill, not diversity_public /home/bill/diversity/batch_access_temp.sh : chgrp -R diversity_public /home/diversity/diversity_public/.thunderbird chmod -R g=rwx /home/diversity/diversity_public/.thunderbird bill$ sudo bash /home/bill/diversity/batch_access_temp.sh >> close & restart vanwagner: thunderbird >> error : unable to local mail spool file >> BUT : local folders shows the newly created "Help" folder >> & new email that I drafted does open up Success - except write protections are needed! However - end user changed will be REPLACED as the mail folders are rsync'd *************** 18Dec2015 Thunderblog - shared setup Test my own Toshiba laptop Thunderbird /home/bill/.thunderbird/profiles.ini [Profile0] Name=default IsRelative=1 Path=i9018xtp.default >> change to : [Profile0] Name=default IsRelative=0 Path=/home/bill/Diversity/i9018xtp.default >> This worked beautifully!! Brings up issues : - keyfiles for user setups (configure nemo, thunderbird, etc) - write protection for Thunderblog) except admin - remove email addresses from mailboxes BEFORE updating - (consider this MUCH later!) *************** 17Dec2015 ThunderBlog setup (without IP, kludge system) login as bill do I set up Thunderbird with root? (I can't access diversity_publicity anyways) OOPS! - I should have logged in as diversity_member (wasted much time with bill!) enddoc