One of the easiest ways I think to get started with most things running out of the box is by installing Virtualmin (It is a hosting control panel based on Webmin).
There is now a beta installer for Rocky and Alma.
After a minimal installation, all you do is run the install script, the panel and a LAMP stack is installed.
Just use a FQDN and then after install continue through the browser. There might be some small steps still necessary like adding a letsencrypt certificate to postfix/dovecot. But thats available through the GUI as well.
Then just “install scripts” → Roundcube.
It is free and in my opinion an amazing server management tool. It comes with Apache, SQL, PHP, Fail2Ban, FirewallD, BIND, Postifx, Dovecot, ProfTPD all preconfigured.
But since Rocky is new, there are maybe a few things to configure on your own.
No, I see that the great gurus of Linux have decided that if a user logs in as root, he can no longer run a browser. It’s FAR to dangerous.
I decided that as it’s too dangerous for a person who has been in the computer game for 40 years to use a browser in Linux that I’ll stick with Windows and Apple where I don’t neeed a love-fest with sudo and I can be trusted to cut and paste.
Yes it is, any process has full control of your server because it’s running as root user. This is why you usually run as a normal user, and use su or sudo to obtain root privileges because it requires authentication.
You do realise that this is no different to Windows now? Now Windows asks you to click an option before you get administrator privileges or the right click to run as administrator. Windows also stopped you running as administrator by default. Although people will still tend to login as admin with full rights. But then this is why Windows is compromised so much in comparison to Linux.
Your root problem was because the owner of the directory was apache, which means when you were most likely setting directory permissions, you were in the wrong directory at the time. WHich is obvious in that if you are not the owner of the directory you cannot create directories and files in it. Once you would have reset it to the original owner, then Firefox as your standard user would have worked. It was an unfortunate side-effect, changing directory/file permissions as well as selinux contexts you have to really be careful. Had /usr or /var been reset as well, your entire server would no longer work properly.
The world is not the same as it was 30-40 years ago. My first IT job all we had to worry about was DOS viruses like Friday the 13’th, etc. Things have moved on, and so have all the viruses, trojans, and other ways to hijack computers. Security is important, especially not to run as root/administrator by default.
Look at Apple MacOSX. Rarely have to use the command line at all. When you need extra privileges, it asks you for the password if you have it, great if not, tough.
I worked for Novell for years. I was always logged in as Adminstrator (to root of the tree). Sometimes on a world-wide network with hundreds of servers.
I worked from 1992 until I retired on various editions of Windows ALWAYS logged in as Adminstrator.
So far over all these years, I’ve never had a virus, never had an ‘incident’ and when I work on Linux, I ALWAYS login as root so I can cut and paste from a browser. I consider that I have a brain enough to know what I’m doing.
I did see it had changed the owner to apache and I did change it back, but I just got so disheartened with the way EVERYTHING on Linux is tedious and nothing you see on the web ever works properly.
How would anyone new (like me) to Linux who has had years of experience on everything to a PDP11 up, get to grips (as I’m trying to do) and install a simple thing like a mail server without all the damn hassles because NOTHING on the web (written by ‘experts’) ever works as it should?
Until Linux gets it together and tries to make things EASIER instead of more difficult, Windows and Apple will be the OS of choice.
Examples: Centos had a great GUI for creating users, it’s gone. The new one is an insult.
Centos is the ONLY distro (I could find) where you can install a server with a GUI. Many of us do NOT enjoy typing in huge strings of text, when you can click a mouse.
Instead of getting simpler, Linux seems to be getting more difficult to work with. Is this by design?
Yes, but despite SSL certificates, DMARC, SPF, DKIM and all the new security features, there is more spam than ever before and there seems to be little decrease in hacker activity. IMO it gets worse.
What man can devise, another man can break. Install a decent firewall, READ the logs EVERY DAY from Logwatch.
A firewall is FREE (OPNsense, pfsense)
You can install Smoothwall Express on an old PC that you were going to take to the tip and it doesn’t need any Linux know-how, just a working brain.
There’s no point in having detailed log files if you never bother to look at them and if you allow your users to open emails when they don’t know the sender, or download pirate software, you are looking for trouble.
I have spam blacklist filters on my mail server and if EVERY ISP and Host did the same, spam would stop in very short time.
If granny Smith stopped getting eny mail and mail she sent never got delivered, she just MIGHT have the brains to find out her PC is BLACKLISTED because she had a password of ‘password’ or ‘xxxxxx’.
Trouble is no one is interested in stopping spam.
I also disagree that people are more concerned about security than ever before. CEO’s and company managers may be more concerned but your average user is LESS concerned. All they are interested in, is ease of use, so they have more time for Facebook and Twitter. THAT is why they can’t be bothered to use a decent password or take any security measures at all. Social Media has killed what little bit of interest the average user had about security.
In theory yes. In reality no. Why? Because the blacklists work on IP reputation and block the ones that were spamming. But then the spammers find another IP address, and start again. And the circle repeats. Or they are spammed from botnets (users computers compromised for example).
This is why commercial anti-spam solutions start to block via content rather than just IP address, or blacklists, or domains, since the sender address or sender IP changes. Once a signature exists for the content, then it can also get blocked. But, the content is constantly changing. It’s a never ending war, email spam will never end. And no commercial solution either will block 100%. No spam solution will, no matter how many people use one.
Using blacklists, RBL’s, DMARC, SPF, DKIM can reduce the amount of spam coming in. RspamD is also another great product you can install on your mail server or email gateway. But again, reporting is required, and maybe, maybe in some time your spam will reduce, but it will never ever be zero spam. It’s simply not possible.
Only because granny Smith and Joe Facebook can’t be bothered to use a decent password or make any effort to secure their PC/Smatphone/Table/whatever. Too much like hard word. Why remember a password when you have 10,000 friends on Facebook that need all your spare time?
If users secured their PC’s spammers wouldn’t be able to find new Ip addresses to use.
No, it’s not a case of passwords. Clicking a link which infects your machine with a botnet trojan is enough. Password was not required to do it. They don’t hack your machine, they rely on you visiting dodgy pages, links, whatever. And yes, unfortunately, people are stupid enough to do it. Including on business computers as well, I had to fix such a situation at a particular client because of this. Zero-day spam and links got through, not recognised by anti-spam solutions, no signatures, no blacklist IP.
The same happens when their entire hard disk gets encrypted. Because they click a link or opened an email attachment. Nothing to do with passwords. That said password length and security is important to make it difficult. But then, and I have also seen this, emails received, saying your account is disabled, and you need to verify, so they click the link, input their password thinking they are resetting the account, and now they have your email and password to spam people and take over your account. And then the server reputation is lost.
Or, people ring up, asking to do tech support to fix a problem with your computer, and so without thinking, they have let the person remote control their machine, and the guy goes around trashing it, deleting stuff, locking you out.
People need to step back a minute and think and use that little grey matter.