To login to a linux machine remotely:
ssh username@ipaddress
To see the version of Linux running:
cat /etc/os-release
printenv
lists all environment variables
Print working directory:
pwd
Get IP address:
ifconfig
or ifconfig | grep inet
See what ports are open:
netstat
List all users:
less /etc/passwd
List groups a user belongs to:
groups username
or id username
List groups with their members:
getent group
or getent group | grep searchsomething
To get the status, including rules being enforced, of the uncomplicated firewall:
sudo ufw status
To list all processes currently running;
ps aux | grep searchsomething
To find a particular file or directory from among all files:
sudo find / -name "searchsomething"
or for directory name search only:
sudo find / -type d -name "searchsomething"
To search for specific text within the files within the current directory:
grep -nr 'searchsomething*'
- $ is the normal prompt for commands
- # is the system administrator prompt
- in the C shell, the prompt ends with %
- > is used to send the output to a text file. >> is used to append the output to an existing text file without over-writing.
$VARIABLE_NAME
is a variableapt
combinesapt-get
andapt-cache
and it is newer. Useapt
.sudo apt update && sudo apt upgrade -y
- To install Python packages, use apt only if you want to install directly on the machine, otherwise use pip. Pip installs modules slower, but installs the latest versions, and most importantly works within a virtualenv. In the special case of Raspberry Pi, use apt because it knows the unique processor architecture and installs the correct builds of modules.
script savedcommands.txt
- A
.sh
file is an executable shell script. # to comment within ./
is used to specify the current working directory especially when running something that could be the same as a system command.- nano is the basic user-friendly text editor.
- To view
$PATH
,echo "${PATH//:/$'\n'}"
or justecho $PATH
- To edit
$PATH
for the current session,export PATH='/new/directory:$PATH'
>
sends command output to a file.>>
appends the output to a file without overwriting existing contents.ls -al
shows all files in directory including hiddenwhatis
is a brief explanationman
gives a manualless
is like cat, but one page at a time
Useful Linux Commands
At this point, you are using Linux. Either Raspberry Pi OS or Ubuntu are “flavors” of Linux. Having a list of basic commands is helpful:
Set up Firewall
sudo ufw allow OpenSSH
sudo ufw allow 22
sudo ufw allow 3306
sudo ufw default deny incoming
sudo ufw default allow outgoing
sudo ufw allow ssh
sudo ufw allow http
or sudo ufw allow 80
sudo ufw allow https
or sudo ufw allow 443
sudo ufw allow 'apache full'
sudo ufw show added
sudo ufw enable
Create Non-Root Super-User
This step appears complex and does not appear necessary especially this early in the process. Strictly speaking, it is indeed not necessary. You could skip this step and do everything as the root or default user that already exists. However, it is best to do this now because:
- to do things in the right order
- to highlight an important aspect of the Linux OS: that Linux is very user-specific and permissions-based. This makes Linux less intuitive at first but makes it secure enough to be accessed by many different anonymous people as a server without allowing hackers to access sensitive parts of the server.
- to avoid inevitable frustration later. Using Linux you will see “permission denied” errors periodically throughout your experience and you are better off expecting and troubleshooting them than believing that Linux is just annoying. Permissions are built-in to Linux from the ground up and it’s best to work with it rather than try to ignore it.
- Logging in as a non-root user is safer. For example, some installations of Ubuntu default to external root login disabled, which means for a remote server you would be locked out if this were set and you don’t have another user to login as.
sudo adduser new_username
usermod -aG sudo new_username
Change the password for the current user as desired with:
passwd
Grant all privileges to the user with the command
sudo visudo
and add a line in the /etc/sudoers file below the root user line: new_username ALL=(ALL:ALL)ALL
This only allows the user to give itself privileges. The user does not have all read/write privileges like the root itself. Log in as the new user through SSH.
Non-Root Super-User Gives Itself Read/Write Privileges
This sounds convoluted and it is when you are accustomed to dealing with desktop computers designed for convenience. Linux is designed for security.
Make a new group
sudo addgroup servermanager
and add the new user to the group
sudo adduser new_username servermanager
groups new_username
make the new group the owner of the required directories:
sudo chown -vR :servermanager /var/www/
sudo chown -vR :servermanager /etc/apache2/sites-available/
sudo chown -vR :servermanager /etc/apache2/sites-enabled
then modify the directory permission to be written by the owner group:
sudo chmod -vR g+w /var/www/
(add +x if you want to be able to develop in this directory)
sudo chmod -vR g+w /etc/apache2/sites-available
sudo chmod -vR g+w /etc/apache2/sites-enabled
(Useful Users and Permissions Commands)
Linux has a group and user structure to manage permissions and it is very useful to be able to view the current state:
List all users in the system:
cat /etc/passwd
List all groups on the system:
cat etc/group
or less etc/group
or
getent group
for all members of a single group:
getent group group_name
check ownership of a directory, for example:
ls -ld /var/www/
check ownership of a file:
ls -l /var/www/
Find all the files owned by a particular user (may take some time):
sudo find / -user username
Change the active group for the session, possibly not:
newgrp servermanager
delete a group:
sudo groupdel group_name
delete a user (-r removes the user’s directory and mail spool):
sudo userdel -r username
search “linux octal permissions” to understand the numbering system.
Show all currently logged in users on a system:
w