System administration: Difference between revisions
add mysql link |
dump from oldwiki |
||
| Line 16: | Line 16: | ||
[[Category:System administration]] | [[Category:System administration]] | ||
= System administration = | |||
== Initial setup (for Ubuntu distribution) == | |||
=== SSH keys === | |||
Create private/public SSH key file using 2048 bit encryption and with a comment. The command creates files under ~/.ssh folder. | |||
<source lang="bash"> | |||
$ ssh-keygen -b 2048 -C user@host.domain | |||
</source> | |||
=== SSH config for connection === | |||
The config file ~/.ssh/config stores information about various SSH connections, and allows the definition of hostname, username, ports, and other settings. | |||
<source lang="html5"> | |||
Host hostname1 | |||
HostName hostname1.domain.com | |||
User username1 | |||
Port 1234 | |||
</source> | |||
=== Adding a user to sudoers list === | |||
<code>#includedir /etc/sudoers.d</code> should be at the end of /etc/sudoers file. | |||
Create a file under this directory (i.e. localusers) and add entries. | |||
* <code>jsmith ALL=(ALL) NOPASSWD:ALL</code> would allow a user to sudo without entering a password. | |||
* <code>jpocahontas ALL=(ALL) ALL</code> would force password entry | |||
Run <code>$ chmod 0440 filename</code> afterwards. | |||
=== Enable color prompt === | |||
On Ubuntu distribution of GNU/Linux, you can uncomment force_color_prompt = yes line to use color prompts. The following is my personal favorite color configuration for the prompt. | |||
<source lang="bash"> | |||
PS1='${debian_chroot:+($debian_chroot)}\[\033[01;32m\]\u\[\033[01;30m\]@\[\033[00;36m\]\h\[\033[00m\]:\[\033[01;34m\]\w\[\033[00m\]\$ ' | |||
</source> | |||
=== Enable byobu === | |||
<source lang="bash"> | |||
$ byobu-enable | |||
</source> | |||
=== Update .vimrc === | |||
<source lang="vim"> | |||
syntax on | |||
set noexpandtab | |||
set wrap | |||
set tabstop=4 | |||
set shiftwidth=4 | |||
set smartindent | |||
set autoindent | |||
set encoding=utf-8 fileencodings= | |||
set mouse=a | |||
set fo=cqlro | |||
set tags=tags,../tags,../../tags,../../../tags,../../../../tags,../../../../../tags,../../../../../../tags | |||
color elflord | |||
" set foldmethod=marker | |||
set foldmethod=indent | |||
set foldnestmax=15 | |||
set nofoldenable | |||
set foldlevel=1 | |||
" filetype plugin on | |||
imap <c-k> <esc>:r! zdump GMT <bar> tail -c29 <bar> xargs -0 date +"\%-m/\%-d/\%-Y \%-l:\%M:\%S \%p" -d<enter>$i<right> | |||
" PHP documenter script bound to Control-P | |||
autocmd FileType php inoremap <C-p> <ESC>:call PhpDocSingle()<CR>i | |||
autocmd FileType php nnoremap <C-p> :call PhpDocSingle()<CR> | |||
autocmd FileType php vnoremap <C-p> :call PhpDocRange()<CR> | |||
</source> | |||
=== Set up environment for web development === | |||
Install the LAMP stack | |||
<source lang="bash"> | |||
$ sudo apt-get install tasksel | |||
$ sudo tasksel install lamp-server | |||
</source> | |||
Install git and other PHP related extensions | |||
<source lang="bash"> | |||
$ sudo apt-get install git php5-mcrypt php5-xdebug php5-intl | |||
</source> | |||
==== .gitconfig ==== | |||
<source lang="html5"> | |||
[core] | |||
editor = vim | |||
excludesfile = /home/mhan/.gitignore_global | |||
# autocrlf = input | |||
# safecrlf = true | |||
[color] | |||
ui = always | |||
[alias] | |||
co = checkout | |||
ci = commit | |||
st = status | |||
br = branch | |||
df = difftool | |||
hist = log --pretty=format:\"%C(yellow)%h %C(green)%ad %Creset| %s%C(red)%d %C(blue)[%an]\" --graph --date=short | |||
histall = log --pretty=format:\"%C(yellow)%h %C(green)%ad %Creset| %s%C(red)%d %C(blue)[%an]\" --graph --date=short --all | |||
hist10 = !git log --pretty=format:\"%C(yellow)%h %C(green)%ad %Creset| %s%C(red)%d %C(blue)[%an]\" --graph --date=short | head -n 10 | |||
hist10all = !git log --pretty=format:\"%C(yellow)%h %C(green)%ad %Creset| %s%C(red)%d %C(blue)[%an]\" --graph --date=short --all | head -n 10 | |||
type = cat-file -t | |||
dump = cat-file -p | |||
ignore = update-index --assume-unchanged | |||
track = update-index --no-assume-unchanged | |||
listignored = !git ls-files -v | grep -s ^'h ' | cut -b 1-2 --complement | |||
[diff] | |||
tool = vimdiff | |||
[difftool] | |||
prompt = false | |||
[merge] | |||
defaultToUpstream = true | |||
</source> | |||
== Change default shell == | |||
<source lang="bash"> | |||
$ chsh | |||
</source> | |||
== Edit passwd files == | |||
<source lang="bash"> | |||
$ sudo vipw | |||
</source> | |||
== Resources == | |||
=== Check disk space usage === | |||
You can check the file space usage with the command <span class="package">du</span>. | |||
<syntaxhighlight lang="bash"> | |||
$ du -h | |||
</syntaxhighlight> | |||
=== Check disk space left === | |||
<span class="package">df</span> is for checking the amount of disk space used and available on file systems. | |||
<syntaxhighlight lang="bash"> | |||
$ df -h | |||
</syntaxhighlight> | |||
= User Accounts = | |||
== Groups == | |||
=== Add a new group === | |||
<source lang="bash"> | |||
$ sudo addgroup webdev | |||
</source> | |||
=== Delete a group === | |||
<source lang="bash"> | |||
$ sudo delgroup webdev | |||
</source> | |||
=== Add a user to a group === | |||
<source lang="bash"> | |||
$ sudo adduser username groupname | |||
</source> | |||
=== Set a directory writable by a certain group === | |||
Make /srv/www folder readable/writable/executable by dev group | |||
<source lang="bash"> | |||
$ sudo setfacl -d -m g:dev:rwx /srv/www | |||
</source> | |||
== Add a user account == | |||
<source lang="bash"> | |||
$ sudo useradd -d /home/jsmith -m jsmith -G webdev | |||
$ sudo passwd jsmith | |||
</source> | |||
== Delete a user account == | |||
Force removal and delete files | |||
<source lang="bash"> | |||
$ sudo userdel -fr username | |||
</source> | |||
or | |||
<source lang="bash"> | |||
$ sudo deluser -remove-home username | |||
</source> | |||
== Lock or unlock a user account == | |||
<source lang="bash"> | |||
$ sudo passwd -l username | |||
$ sudo passwd -u username | |||
</source> | |||
== Adding sudoers == | |||
A file can be added for groups of users or specific users to /etc/sudoers.d/ directory. This line would make someone a sudoer with no password requirement. | |||
<source lang="html5"> | |||
jsmith ALL=(ALL) NOPASSWD:ALL | |||
</source> | |||
If you want the user to type a password. | |||
<source lang="html5"> | |||
jsmith ALL=(ALL:ALL) ALL | |||
</source> | |||
= Samba = | |||
== Reset password for Samba server == | |||
<source lang="bash"> | |||
$ samba-tool user setpassword administrator | |||
</source> | |||
= OpenSSL = | |||
== Creating self-signed certificates (usually for SSL connection) == | |||
<source lang="bash"> | |||
$ sudo a2enmod ssl | |||
$ sudo service apache2 restart | |||
$ sudo mkdir /etc/apache2/ssl | |||
$ sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/apache2/ssl/apache.key -out /etc/apache2/ssl/apache.pem -outform PEM | |||
</source> | |||
= Debian/Ubuntu-specific = | |||
== Reconfigure console font == | |||
<syntaxhighlight lang="bash"> | |||
$ dpkg-reconfigure console-setup | |||
</syntaxhighlight> | |||
== Change time zone == | |||
<syntaxhighlight lang="bash"> | |||
$ dpkg-reconfigure tzdata | |||
</syntaxhighlight> | |||
Revision as of 19:43, 29 June 2016
System administration
Initial setup (for Ubuntu distribution)
SSH keys
Create private/public SSH key file using 2048 bit encryption and with a comment. The command creates files under ~/.ssh folder.
$ ssh-keygen -b 2048 -C user@host.domain
SSH config for connection
The config file ~/.ssh/config stores information about various SSH connections, and allows the definition of hostname, username, ports, and other settings.
Host hostname1
HostName hostname1.domain.com
User username1
Port 1234Adding a user to sudoers list
#includedir /etc/sudoers.d should be at the end of /etc/sudoers file.
Create a file under this directory (i.e. localusers) and add entries.
jsmith ALL=(ALL) NOPASSWD:ALLwould allow a user to sudo without entering a password.jpocahontas ALL=(ALL) ALLwould force password entry
Run $ chmod 0440 filename afterwards.
Enable color prompt
On Ubuntu distribution of GNU/Linux, you can uncomment force_color_prompt = yes line to use color prompts. The following is my personal favorite color configuration for the prompt.
PS1='${debian_chroot:+($debian_chroot)}\[\033[01;32m\]\u\[\033[01;30m\]@\[\033[00;36m\]\h\[\033[00m\]:\[\033[01;34m\]\w\[\033[00m\]\$ '
Enable byobu
$ byobu-enable
Update .vimrc
syntax on
set noexpandtab
set wrap
set tabstop=4
set shiftwidth=4
set smartindent
set autoindent
set encoding=utf-8 fileencodings=
set mouse=a
set fo=cqlro
set tags=tags,../tags,../../tags,../../../tags,../../../../tags,../../../../../tags,../../../../../../tags
color elflord
" set foldmethod=marker
set foldmethod=indent
set foldnestmax=15
set nofoldenable
set foldlevel=1
" filetype plugin on
imap <c-k> <esc>:r! zdump GMT <bar> tail -c29 <bar> xargs -0 date +"\%-m/\%-d/\%-Y \%-l:\%M:\%S \%p" -d<enter>$i<right>
" PHP documenter script bound to Control-P
autocmd FileType php inoremap <C-p> <ESC>:call PhpDocSingle()<CR>i
autocmd FileType php nnoremap <C-p> :call PhpDocSingle()<CR>
autocmd FileType php vnoremap <C-p> :call PhpDocRange()<CR>
Set up environment for web development
Install the LAMP stack
$ sudo apt-get install tasksel
$ sudo tasksel install lamp-server
Install git and other PHP related extensions
$ sudo apt-get install git php5-mcrypt php5-xdebug php5-intl
.gitconfig
[core]
editor = vim
excludesfile = /home/mhan/.gitignore_global
# autocrlf = input
# safecrlf = true
[color]
ui = always
[alias]
co = checkout
ci = commit
st = status
br = branch
df = difftool
hist = log --pretty=format:\"%C(yellow)%h %C(green)%ad %Creset| %s%C(red)%d %C(blue)[%an]\" --graph --date=short
histall = log --pretty=format:\"%C(yellow)%h %C(green)%ad %Creset| %s%C(red)%d %C(blue)[%an]\" --graph --date=short --all
hist10 = !git log --pretty=format:\"%C(yellow)%h %C(green)%ad %Creset| %s%C(red)%d %C(blue)[%an]\" --graph --date=short | head -n 10
hist10all = !git log --pretty=format:\"%C(yellow)%h %C(green)%ad %Creset| %s%C(red)%d %C(blue)[%an]\" --graph --date=short --all | head -n 10
type = cat-file -t
dump = cat-file -p
ignore = update-index --assume-unchanged
track = update-index --no-assume-unchanged
listignored = !git ls-files -v | grep -s ^'h ' | cut -b 1-2 --complement
[diff]
tool = vimdiff
[difftool]
prompt = false
[merge]
defaultToUpstream = trueChange default shell
$ chsh
Edit passwd files
$ sudo vipw
Resources
Check disk space usage
You can check the file space usage with the command du.
$ du -h
Check disk space left
df is for checking the amount of disk space used and available on file systems.
$ df -h
User Accounts
Groups
Add a new group
$ sudo addgroup webdev
Delete a group
$ sudo delgroup webdev
Add a user to a group
$ sudo adduser username groupname
Set a directory writable by a certain group
Make /srv/www folder readable/writable/executable by dev group
$ sudo setfacl -d -m g:dev:rwx /srv/www
Add a user account
$ sudo useradd -d /home/jsmith -m jsmith -G webdev
$ sudo passwd jsmith
Delete a user account
Force removal and delete files
$ sudo userdel -fr username
or
$ sudo deluser -remove-home username
Lock or unlock a user account
$ sudo passwd -l username
$ sudo passwd -u username
Adding sudoers
A file can be added for groups of users or specific users to /etc/sudoers.d/ directory. This line would make someone a sudoer with no password requirement.
jsmith ALL=(ALL) NOPASSWD:ALLIf you want the user to type a password.
jsmith ALL=(ALL:ALL) ALL
Samba
Reset password for Samba server
$ samba-tool user setpassword administrator
OpenSSL
Creating self-signed certificates (usually for SSL connection)
$ sudo a2enmod ssl
$ sudo service apache2 restart
$ sudo mkdir /etc/apache2/ssl
$ sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/apache2/ssl/apache.key -out /etc/apache2/ssl/apache.pem -outform PEM
Debian/Ubuntu-specific
Reconfigure console font
$ dpkg-reconfigure console-setup
Change time zone
$ dpkg-reconfigure tzdata