This guide will describe the basics of setting up, securing, and maintaining a Linux server. so you can do things like build a sandbox.
Linux is a free operating system kernel based on the design of UNIX. It is often bundled with with userspace tools from the GNU project and other open source software to create what is known as a Linux distribution.
This guide will focus on the Ubuntu Server Long Term Support (LTS) distribution, but many of the details apply to other distributions, and other UNIX/UNIX-like systems, such as Mac OS and BSD as well.
The command line
In UNIX and UNIX-like systems, commands are issued by the user through the keyboard intro a program called a shell. A shell passes a user’s command to a program, and returns the result to the user. Each shell has it’s own scripting language, allowing users to run commands programmatically. In most Linux distributions use the
bash shell by default. but others, such as the more modern
fish shell can be used.
A bash prompt can customized, but usually looks something like something like this:
If you need help with a command, you have a few options. Most commands have a
--help switch that can be used to get basic information about a command. For example, if you needed a quick reference on the
ls command, you could run:
If you need a more extensive manual for a command, you can use the
To scroll up and down a man page use the up and down arrow keys on your keyboard. Use the space bar to skip down a page. Use the
q key to quit, and return to your shell.
You can chain commands together by piping them. When multiple commands are separated by the pipe (
|) character, the standard output of the first command is uses the standard input for the second command, and so on. For example, the
cat command outputs the contents of files, and the
grep command can be used to look for strings. By combining the two together, you can see if the string
Waldo exists in a file called
world by running:
cat world | grep Waldo
The output of commands can also be redirected to files. Adding
> test to the end of a command or chain of commands will redirect the output to a file called
test, overwriting any existing file with the same name.
>> can be used to append to a file, rather than overwriting it. For example, if you wanted to quickly append the line
hello world to a file called test, you could run:
echo "hello world" >> test
Here are some useful commands:
cd- Change the current directory
ls- List files and directories
mkdir- Create a directory
rm- Remove (delete) a file
man- View a manual page
mv- Move/rename files
cp- Copy files
more- Read through files in a paged format
grep- Find strings in files
find- Find files on the filesystem
nano- A basic text editor
top- Monitor running processes and system resources
passwd- Change a password
tail- Print the last few lines of a file - useful for logs
Users and groups
There are two kinds of users in UNIX systems,
root, and everyone else. UNIX is designed so that multiple users can use a system at once without affecting other users, so a normal user cannot make changes that might affect other users on the system. The
root user has complete access to and authority over the system.
Performing tasks as root when it is not necessary is dangerous, so in Ubuntu, Mac OS, and many other systems, the
sudo command is used. It allows a normal user to run a single command as root. By default, sudo in Ubuntu is configured to allow any user in the
admin group to read any command as root. A user in this group (such as the user account created when you installed the OS) should be able to run:
A user has one primary group, which is usually a group with the same name as their username, and can belong to any number of secondary groups.
To create a new user on the system, run:
sudo adduser name
To delete a user from the system, run:
sudo deluser name
To create a group, run:
sudo groupadd name
To add an existing user to an existing group on Debian/Ubuntu systems, run:
sudo gpasswd -a user groupname
To remove an existing user from existing group:
sudo gpasswd -d username groupname
To get a list of groups that you or other users belong to, use the
Note: Logged-in users must log out and login for changes in group assignments to take affect.
In Linux (and UNIX in general), everything is represented as a file on the filesystem, even devices. The root of the filesystem is
/. You can view the top-level filesystem layout by running
Linux follows the Filesystem Hierarchy Standard. Here are some highlights:
/usr/bin- Where most system binaries for users are stored
/etc- Where configuration files are stored. On UNIX systems, most configuration is done by editing text files.
/home- Where home directories are stored
/tmp- Where temporary files are stored
var/log- Where log files are stored
Each user on the system that is not a system account should have its own home directory. This personal directory where a stores his or her files and settings. It is one of the few places other than
/tmp that a non-root user can write to. It is typically a directory under
/home with the same name as its user. In a shell, the current user’s home directory is represented as a tilde (
~), which is why you see one in a new bash prompt - the initial current directory is your home directory.
~ can also be used when referencing the path of your home directory.
Every file and directory in the filesystem has a user as an owner and a group assignment, even if that is the dummy user/group,
nobody. By default a file or directory is owned by whatever user created it, and that user’s default group, which is usually a group with the same name as the user. Unlike windows, file permissions are not inherited.
To change a file or directory’s owner, use the
chown command. For example, to make the the user
sean owner of all files and directories in the current directory with names that end in
chown sean *.mp3
To also change the group to the
music group, run:
chown sean:music *.mp3
To change ownership recursively (on all files and folders within that path on down), add the
chown -R sean:music ~/music
To view the ownership and permissions for all files and directories, run:
total 10664 drwx------ 17 sean sean 12288 Jun 29 08:40 . drwxr-xr-x 8 root root 4096 Apr 29 10:33 .. -rw------- 1 sean sean 26058 Jun 24 10:44 .bash_history -rw-r--r-- 1 sean sean 220 Mar 9 11:06 .bash_logout -rw-r--r-- 1 sean sean 3637 Mar 9 11:06 .bashrc drwx------ 3 sean music 4096 Jun 1 08:34 music ...
The first line is the total number of bytes in the directory in bytes, which is then followed by the file listing.
The fields of the the output from left to right are:
- The object’s permissions
- The number of “hard links” (i.e. number of files in a directory + 2 for
- Owner’s name
- Group name
- The size in bytes
- Last modification time stamp
The first two items in the listing are special.
.- represents the current directory
..- represents the directory one level above the current directory
They can be used for representing relative paths in commands and scripts. For example, if you wanted to move a file from the parent directory to the current directory, you would run:
mv ../file .
Executable files can be executed by using
., or its full path
The file permissions are shown as a line on ten flags;
- means that the flag is not enabled. The first flag is used to specify a non-file, such as
d for directory, or
l for link. The remaining flags are read, write, and execute, grouped in order for the user (i.e. the owner), group, and others.
r- Read. Allows the user to read the contents of a file.
w- Write. Allows the user to write to the file, or create a new file in a directory.
x- Execute. Allows a user to execute a file on it’s own. For directories, this is used to a flag to set weather a user can list the contents of a directory,
In the above listing, only I can use my
To change a file’s permissions, use
chmod. The format for the command is:
chmod permissions files
You can set permissions by setting a combination of
u (the User/owner),
g (the Group), and
x flag is used to make files executable, and to mark directories as searchable. What if you want to make directories searchable, without making files executable? Use a capital
X in with
chmod, which will cause
chmod to only set
x on directories, and not files.
For example, if I wanted to to set permissions recursively on my
music directory so that I have full permissions, and members of the group can only read the it, and others cannot, I’d run:
chmod -R u=rwXg=rX,o= ~/music
Or if I wanted to allow group members to write to the files, and share read-only permisions with others:
chmod -R ug=rwX,o=rX ~/music
Or if I wanted to keep it all to myself:
chmod -R u=rwX,go= ~/music
Although using letters for permission flags is arguably easier, typically, you’ll see the permissions in instructions and tutorials expressed as a set of three numbers. for example:
chmod 755 file
An explanation of numerical permissions is available here.
Unless you really mean to and know what you’re doing, never use
chmod 777. That will give all users all permissions. If you see that in a tutorial, the author was probably lazy, and created a very insecure system.
For more details on
chmod, see this excellent tutorial, or the man page.
root, or the current owner may change permissions or ownership for a file or directory.
Symbolic links (Symlinks)
Symbolic links are filesystem entries that point to another entry in the file system. Common uses include:
- Redirecting an old path to a new location
- Setting which configuration files are enabled
For example, to exable a site configuration file in Nginx, you create a symbolic link between the file in
ln -s /etx/nginx/sites-available/example.com /etc/nginx/sites-enabled/example.com
If you or your host haven’t already, you should set a static network configuration Do this by editing
Software in Linux distributions is installed using packages. Most distributions use either the Debian package format (DEB), or the Redhat format (RPM) Both systems can install packages from centeral repositories, so that software can be installed and updated from one place… Debain-based systems use
apt to manage package installation from repositories, Redhat-based systems use
yum. Since this guide is written for Ubuntu, which is a Debain-based distribution, we’ll focus on
To update the list of available and updated packages from the repository, run:
sudo apt-get update
To install a package from the repositories, run:
sudo apt-get install name
To uninstall a package, run:
sudo apt-get remove name
To completely remove a package, along with its configuration files, run:
sudo apt-get purge name
To remove unneeded dependencies, run:
sudo apt-get autoremove
To update all installed packages on the system using the newer versions in the repositories, run:
sudo apt-get upgrade
To configure daily automatic security updates for the Ubuntu repositories
sudo dpkg-reconfigure -plow unattended-upgrades