Linux, Get Oriented

To login to a linux machine remotely:

ssh username@ipaddress

To see the version of Linux running:

cat /etc/os-release

printenv lists all environment variables

Print working directory:

pwd

Get IP address:

ifconfig or ifconfig | grep inet

See what ports are open:

netstat

List all users:

less /etc/passwd

List groups a user belongs to:

groups username or id username

List groups with their members:

getent group or getent group | grep searchsomething

To get the status, including rules being enforced, of the uncomplicated firewall:

sudo ufw status

To list all processes currently running;

ps aux | grep searchsomething

To find a particular file or directory from among all files:

sudo find / -name "searchsomething"

or for directory name search only:

sudo find / -type d -name "searchsomething"

To search for specific text within the files within the current directory:

grep -nr 'searchsomething*'

  • $ is the normal prompt for commands
  • # is the system administrator prompt
  • in the C shell, the prompt ends with %
  • > is used to send the output to a text file. >> is used to append the output to an existing text file without over-writing.
  • $VARIABLE_NAME is a variable
  • apt combines apt-get and apt-cache and it is newer. Use apt.
  • sudo apt update && sudo apt upgrade -y
    • To install Python packages, use apt only if you want to install directly on the machine, otherwise use pip. Pip installs modules slower, but installs the latest versions, and most importantly works within a virtualenv. In the special case of Raspberry Pi, use apt because it knows the unique processor architecture and installs the correct builds of modules.
  • script savedcommands.txt
  • A .sh file is an executable shell script. # to comment within
  • ./ is used to specify the current working directory especially when running something that could be the same as a system command.
  • nano is the basic user-friendly text editor.
  • To view $PATH, echo "${PATH//:/$'\n'}" or just echo $PATH
  • To edit $PATH for the current session, export PATH='/new/directory:$PATH'
  • > sends command output to a file. >> appends the output to a file without overwriting existing contents.
  • ls -al shows all files in directory including hidden
  • whatis is a brief explanation
  • man gives a manual
  • less is like cat, but one page at a time

Useful Linux Commands

At this point, you are using Linux. Either Raspberry Pi OS or Ubuntu are “flavors” of Linux. Having a list of basic commands is helpful:

Set up Firewall

sudo ufw allow OpenSSH

sudo ufw allow 22

sudo ufw allow 3306

sudo ufw default deny incoming

sudo ufw default allow outgoing

sudo ufw allow ssh

sudo ufw allow http or sudo ufw allow 80

sudo ufw allow https or sudo ufw allow 443

sudo ufw allow 'apache full'

sudo ufw show added

sudo ufw enable

Create Non-Root Super-User

This step appears complex and does not appear necessary especially this early in the process. Strictly speaking, it is indeed not necessary. You could skip this step and do everything as the root or default user that already exists. However, it is best to do this now because:

  • to do things in the right order
  • to highlight an important aspect of the Linux OS: that Linux is very user-specific and permissions-based. This makes Linux less intuitive at first but makes it secure enough to be accessed by many different anonymous people as a server without allowing hackers to access sensitive parts of the server.
  • to avoid inevitable frustration later. Using Linux you will see “permission denied” errors periodically throughout your experience and you are better off expecting and troubleshooting them than believing that Linux is just annoying. Permissions are built-in to Linux from the ground up and it’s best to work with it rather than try to ignore it.
  • Logging in as a non-root user is safer. For example, some installations of Ubuntu default to external root login disabled, which means for a remote server you would be locked out if this were set and you don’t have another user to login as.

sudo adduser new_username

usermod -aG sudo new_username

Change the password for the current user as desired with:

passwd

Grant all privileges to the user with the command

sudo visudo

and add a line in the /etc/sudoers file below the root user line: new_username ALL=(ALL:ALL)ALL

This only allows the user to give itself privileges. The user does not have all read/write privileges like the root itself. Log in as the new user through SSH.

Non-Root Super-User Gives Itself Read/Write Privileges

This sounds convoluted and it is when you are accustomed to dealing with desktop computers designed for convenience. Linux is designed for security.

Make a new group

sudo addgroup servermanager

and add the new user to the group

sudo adduser new_username servermanager

groups new_username

make the new group the owner of the required directories:

sudo chown -vR :servermanager /var/www/

sudo chown -vR :servermanager /etc/apache2/sites-available/

sudo chown -vR :servermanager /etc/apache2/sites-enabled

then modify the directory permission to be written by the owner group:

sudo chmod -vR g+w /var/www/ (add +x if you want to be able to develop in this directory)

sudo chmod -vR g+w /etc/apache2/sites-available

sudo chmod -vR g+w /etc/apache2/sites-enabled

(Useful Users and Permissions Commands)

Linux has a group and user structure to manage permissions and it is very useful to be able to view the current state:

List all users in the system:

cat /etc/passwd

List all groups on the system:

cat etc/group or less etc/group

or

getent group

for all members of a single group:

getent group group_name

check ownership of a directory, for example:

ls -ld /var/www/

check ownership of a file:

ls -l /var/www/

Find all the files owned by a particular user (may take some time):

sudo find / -user username

Change the active group for the session, possibly not:

newgrp servermanager

delete a group:

sudo groupdel group_name

delete a user (-r removes the user’s directory and mail spool):

sudo userdel -r username

search “linux octal permissions” to understand the numbering system.

Show all currently logged in users on a system:

w