Howto: Linux Basics


(Sean Whalen) #1

This guide will describe the basics of setting up, securing, and maintaining a Linux server. so you can do things like build a sandbox.

Introduction

Linux is a free operating system kernel based on the design of UNIX. It is often bundled with with userspace tools from the GNU project and other open source software to create what is known as a Linux distribution.

This guide will focus on the Ubuntu Server Long Term Support (LTS) distribution, but many of the details apply to other distributions, and other UNIX/UNIX-like systems, such as Mac OS and BSD as well.

The command line

In UNIX and UNIX-like systems, commands are issued by the user through the keyboard intro a program called a shell. A shell passes a user’s command to a program, and returns the result to the user. Each shell has it’s own scripting language, allowing users to run commands programmatically. In most Linux distributions use the bash shell by default. but others, such as the more modern fish shell can be used.

A bash prompt can customized, but usually looks something like something like this:

user@hostname:~/current_directory$

If you need help with a command, you have a few options. Most commands have a --help switch that can be used to get basic information about a command. For example, if you needed a quick reference on the ls command, you could run:

ls --help

If you need a more extensive manual for a command, you can use the man command.

man ls

To scroll up and down a man page use the up and down arrow keys on your keyboard. Use the space bar to skip down a page. Use the q key to quit, and return to your shell.

You can chain commands together by piping them. When multiple commands are separated by the pipe (|) character, the standard output of the first command is uses the standard input for the second command, and so on. For example, the cat command outputs the contents of files, and the grep command can be used to look for strings. By combining the two together, you can see if the string Waldo exists in a file called world by running:

cat world | grep Waldo

The output of commands can also be redirected to files. Adding > test to the end of a command or chain of commands will redirect the output to a file called test, overwriting any existing file with the same name. >> can be used to append to a file, rather than overwriting it. For example, if you wanted to quickly append the line hello world to a file called test, you could run:

echo "hello world" >> test

Here are some useful commands:

  • cd - Change the current directory
  • ls - List files and directories
  • mkdir - Create a directory
  • rm - Remove (delete) a file
  • man - View a manual page
  • mv - Move/rename files
  • cp - Copy files
  • more - Read through files in a paged format
  • grep - Find strings in files
  • find - Find files on the filesystem
  • nano - A basic text editor
  • top - Monitor running processes and system resources
  • passwd - Change a password
  • tail - Print the last few lines of a file - useful for logs

Users and groups

There are two kinds of users in UNIX systems, root, and everyone else. UNIX is designed so that multiple users can use a system at once without affecting other users, so a normal user cannot make changes that might affect other users on the system. The root user has complete access to and authority over the system.

Performing tasks as root when it is not necessary is dangerous, so in Ubuntu, Mac OS, and many other systems, the sudo command is used. It allows a normal user to run a single command as root. By default, sudo in Ubuntu is configured to allow any user in the admin group to read any command as root. A user in this group (such as the user account created when you installed the OS) should be able to run:

sudo whoami

And see root returned.

A user has one primary group, which is usually a group with the same name as their username, and can belong to any number of secondary groups.

To create a new user on the system, run:

sudo adduser name

To delete a user from the system, run:

sudo deluser name

To create a group, run:

sudo groupadd name

To add an existing user to an existing group on Debian/Ubuntu systems, run:

sudo gpasswd -a user groupname

To remove an existing user from existing group:

sudo gpasswd -d username groupname

To get a list of groups that you or other users belong to, use the groups command.

Note: Logged-in users must log out and login for changes in group assignments to take affect.

The filesystem

In Linux (and UNIX in general), everything is represented as a file on the filesystem, even devices. The root of the filesystem is /. You can view the top-level filesystem layout by running

ls / 

Linux follows the Filesystem Hierarchy Standard. Here are some highlights:

  • /usr/bin - Where most system binaries for users are stored
  • /etc - Where configuration files are stored. On UNIX systems, most configuration is done by editing text files.
  • /home - Where home directories are stored
  • /tmp - Where temporary files are stored
  • /var/log - Where log files are stored

Each user on the system that is not a system account should have its own home directory. This personal directory where a stores his or her files and settings. It is one of the few places other than /tmp that a non-root user can write to. It is typically a directory under /home with the same name as its user. In a shell, the current user’s home directory is represented as a tilde (~), which is why you see one in a new bash prompt - the initial current directory is your home directory. ~ can also be used when referencing the path of your home directory.

Every file and directory in the filesystem has a user as an owner and a group assignment, even if that is the dummy user/group, nobody. By default a file or directory is owned by whatever user created it, and that user’s default group, which is usually a group with the same name as the user. Unlike windows, file permissions are not inherited.

To change a file or directory’s owner, use the chown command. For example, to make the the user sean owner of all files and directories in the current directory with names that end in .mp3

chown sean *.mp3

To also change the group to the music group, run:

chown sean:music *.mp3

To change ownership recursively (on all files and folders within that path on down), add the -R switch:

chown -R sean:music ~/music

To view the ownership and permissions for all files and directories, run:

ls -al

total 10664
drwx------ 17 sean sean   12288 Jun 29 08:40 .
drwxr-xr-x  8 root root    4096 Apr 29 10:33 ..
-rw-------  1 sean sean   26058 Jun 24 10:44 .bash_history
-rw-r--r--  1 sean sean     220 Mar  9 11:06 .bash_logout
-rw-r--r--  1 sean sean    3637 Mar  9 11:06 .bashrc
drwx------  3 sean music   4096 Jun  1 08:34 music
...

The first line is the total number of bytes in the directory in bytes, which is then followed by the file listing.

The fields of the the output from left to right are:

  1. The object’s permissions
  2. The number of “hard links” (i.e. number of files in a directory + 2 for . and ..)
  3. Owner’s name
  4. Group name
  5. The size in bytes
  6. Last modification time stamp

The first two items in the listing are special.

  • . - represents the current directory
  • .. - represents the directory one level above the current directory

They can be used for representing relative paths in commands and scripts. For example, if you wanted to move a file from the parent directory to the current directory, you would run:

mv ../file .

Executable files can be executed by using ., or its full path

 ./myexecutable
 /home/sean/myexecutable

The file permissions are shown as a line on ten flags; - means that the flag is not enabled. The first flag is used to specify a non-file, such as d for directory, or l for link. The remaining flags are read, write, and execute, grouped in order for the user (i.e. the owner), group, and others.

  • r - Read. Allows the user to read the contents of a file.
  • w - Write. Allows the user to write to the file, or create a new file in a directory.
  • x - Execute. Allows a user to execute a file on it’s own. For directories, this is used to a flag to set weather a user can list the contents of a directory,

In the above listing, only I can use my music directory

To change a file’s permissions, use chmod. The format for the command is:

chmod permissions files

You can set permissions by setting a combination of r,w, and x, for u (the User/owner), g (the Group), and o (Others)

The x flag is used to make files executable, and to mark directories as searchable. What if you want to make directories searchable, without making files executable? Use a capital X in with chmod, which will cause chmod to only set x on directories, and not files.

For example, if I wanted to to set permissions recursively on my music directory so that I have full permissions, and members of the group can only read the it, and others cannot, I’d run:

chmod -R  u=rwXg=rX,o= ~/music

Or if I wanted to allow group members to write to the files, and share read-only permisions with others:

chmod -R  ug=rwX,o=rX ~/music

Or if I wanted to keep it all to myself:

chmod -R  u=rwX,go= ~/music

Although using letters for permission flags is arguably easier, typically, you’ll see the permissions in instructions and tutorials expressed as a set of three numbers. for example:

chmod 755 file

An explanation of numerical permissions is available here.

Unless you really mean to and know what you’re doing, never use chmod 777. That will give all users all permissions. If you see that in a tutorial, the author was probably lazy, and created a very insecure system.

For more details on chmod, see this excellent tutorial, or the man page.

Note: Only root, or the current owner may change permissions or ownership for a file or directory.

Symbolic links (Symlinks)

Symbolic links are filesystem entries that point to another entry in the file system. Common uses include:

  • Redirecting an old path to a new location
  • Setting which configuration files are enabled

For example, to exable a site configuration file in Nginx, you create a symbolic link between the file in sites-available and sites-enabled:

ln -s /etx/nginx/sites-available/example.com /etc/nginx/sites-enabled/example.com

Network

If you or your host haven’t already, you should set a static network configuration Do this by editing /etc/interfaces

nano /etc/interfaces

Package management

Software in Linux distributions is installed using packages. Most distributions use either the Debian package format (DEB), or the Redhat format (RPM) Both systems can install packages from centeral repositories, so that software can be installed and updated from one place… Debain-based systems use apt to manage package installation from repositories, Redhat-based systems use yum. Since this guide is written for Ubuntu, which is a Debain-based distribution, we’ll focus on apt.

To update the list of available and updated packages from the repository, run:

sudo apt-get update

To install a package from the repositories, run:

sudo apt-get install name

To uninstall a package, run:

sudo apt-get remove name

To completely remove a package, along with its configuration files, run:

sudo apt-get purge name

To remove unneeded dependencies, run:

sudo apt-get autoremove 

To update all installed packages on the system using the newer versions in the repositories, run:

sudo apt-get upgrade

To configure daily automatic security updates for the Ubuntu repositories

sudo dpkg-reconfigure -plow unattended-upgrades