System administration: Difference between revisions

From Han Wiki
Jump to navigation Jump to search
→‎Debian/Ubuntu-specific: add Fix (unreachable) prompt for encrypted home folder
→‎Fix (unreachable) prompt for encrypted home folder: change the content from obsolete to Enable SSH public key authentication with an ecrypted home folder
Line 269: Line 269:
= Debian/Ubuntu-specific =
= Debian/Ubuntu-specific =


== Fix (unreachable) prompt for encrypted home folder ==
== Enable SSH public key authentication with an encrypted home folder ==


''Tested on Ubuntu 16.04 LTS''
''Tested on Ubuntu 16.04 LTS''
I run <span class="package">byobu</span> with a home folder that is encrypted.  When I reconnect with my live session the prompt returns with (unreachable) path<ref>http://askubuntu.com/questions/72229/unreachable-home-folder, Accessed on 7/14/2016</ref> This is due to the auto-unmount feature built into the encryption utility.  You can force it not to auto-unmount by either deleting the flag file found under ~/.ecryptfs.


<syntaxhighlight lang="bash" highlight="1">
<syntaxhighlight lang="bash" highlight="1">
$ mv ~/.ecryptfs/auto-umount ~/.ecryptfs/auto-umount.dist
$ /sbin/umount.ecryptfs_private
$ cd $HOME
$ chmod 700 .
$ mkdir -m 700 .ssh
$ chmod 500 .
$ echo $YOUR_REAL_PUBLIC_KEY > .ssh/authorized_keys
$ /sbin/mount.ecryptfs_private
</syntaxhighlight>
</syntaxhighlight>



Revision as of 17:14, 14 July 2016

Web services

Disk management

File management

Network management

MySQL

Synergy

VIM

OS X

Slackware

System administration

Initial setup (for Ubuntu distribution)

SSH keys

Create private/public SSH key file using 2048 bit encryption and with a comment. The command creates files under ~/.ssh folder.

$ ssh-keygen -b 2048 -C user@host.domain

SSH config for connection

The config file ~/.ssh/config stores information about various SSH connections, and allows the definition of hostname, username, ports, and other settings.

Host hostname1
    HostName hostname1.domain.com
    User username1
    Port 1234

Adding a user to sudoers list

#includedir /etc/sudoers.d should be at the end of /etc/sudoers file.

Create a file under this directory (i.e. localusers) and add entries.

  • jsmith ALL=(ALL) NOPASSWD:ALL would allow a user to sudo without entering a password.
  • jpocahontas ALL=(ALL) ALL would force password entry

Run $ chmod 0440 filename afterwards.

Enable color prompt

On Ubuntu distribution of GNU/Linux, you can uncomment force_color_prompt = yes line to use color prompts. The following is my personal favorite color configuration for the prompt.

PS1='${debian_chroot:+($debian_chroot)}\[\033[01;32m\]\u\[\033[01;30m\]@\[\033[00;36m\]\h\[\033[00m\]:\[\033[01;34m\]\w\[\033[00m\]\$ '

Enable byobu

$ byobu-enable

Update .vimrc

syntax on
set noexpandtab
set wrap
set tabstop=4
set shiftwidth=4
set smartindent
set autoindent
set encoding=utf-8 fileencodings=
set mouse=a
set fo=cqlro
set tags=tags,../tags,../../tags,../../../tags,../../../../tags,../../../../../tags,../../../../../../tags
color elflord

" set foldmethod=marker
set foldmethod=indent
set foldnestmax=15
set nofoldenable
set foldlevel=1

" filetype plugin on
imap <c-k> <esc>:r! zdump GMT <bar> tail -c29 <bar> xargs -0 date +"\%-m/\%-d/\%-Y \%-l:\%M:\%S \%p" -d<enter>$i<right>

" PHP documenter script bound to Control-P
autocmd FileType php inoremap <C-p> <ESC>:call PhpDocSingle()<CR>i
autocmd FileType php nnoremap <C-p> :call PhpDocSingle()<CR>
autocmd FileType php vnoremap <C-p> :call PhpDocRange()<CR>

Set up environment for web development

Install the LAMP stack

$ sudo apt-get install tasksel

$ sudo tasksel install lamp-server

Install git and other PHP related extensions

$ sudo apt-get install git php5-mcrypt php5-xdebug php5-intl

.gitconfig

[core]
  editor = vim
  excludesfile = /home/mhan/.gitignore_global
# autocrlf = input
# safecrlf = true
[color]
  ui = always
[alias]
  co = checkout
  ci = commit
  st = status
  br = branch
  df = difftool
  hist = log --pretty=format:\"%C(yellow)%h %C(green)%ad %Creset| %s%C(red)%d %C(blue)[%an]\" --graph --date=short
  histall = log --pretty=format:\"%C(yellow)%h %C(green)%ad %Creset| %s%C(red)%d %C(blue)[%an]\" --graph --date=short --all
  hist10 = !git log --pretty=format:\"%C(yellow)%h %C(green)%ad %Creset| %s%C(red)%d %C(blue)[%an]\" --graph --date=short | head -n 10
  hist10all = !git log --pretty=format:\"%C(yellow)%h %C(green)%ad %Creset| %s%C(red)%d %C(blue)[%an]\" --graph --date=short --all | head -n 10
  type = cat-file -t
  dump = cat-file -p
  ignore = update-index --assume-unchanged
  track = update-index --no-assume-unchanged
  listignored = !git ls-files -v | grep -s ^'h ' | cut -b 1-2 --complement
[diff]
  tool = vimdiff
[difftool]
  prompt = false
[merge]
  defaultToUpstream = true

Change default shell

$ chsh

Edit passwd files

$ sudo vipw

Resources

Check disk space usage

You can check the file space usage with the command du.

$ du -h

Check disk space left

df is for checking the amount of disk space used and available on file systems.

$ df -h

User Accounts

Groups

Add a new group

$ sudo addgroup webdev

Delete a group

$ sudo delgroup webdev

Add a user to a group

$ sudo adduser username groupname

Set a directory writable by a certain group

Make /srv/www folder readable/writable/executable by dev group

$ sudo setfacl -d -m g:dev:rwx /srv/www

Add a user account

$ sudo useradd -d /home/jsmith -m jsmith -G webdev
$ sudo passwd jsmith

Delete a user account

Force removal and delete files

$ sudo userdel -fr username

or

$ sudo deluser -remove-home username

Lock or unlock a user account

$ sudo passwd -l username
$ sudo passwd -u username

Adding sudoers

A file can be added for groups of users or specific users to /etc/sudoers.d/ directory. This line would make someone a sudoer with no password requirement.

jsmith ALL=(ALL) NOPASSWD:ALL

If you want the user to type a password.

jsmith ALL=(ALL:ALL) ALL


Samba

Reset password for Samba server

$ samba-tool user setpassword administrator


OpenSSL

Creating self-signed certificates (usually for SSL connection)

$ sudo a2enmod ssl
$ sudo service apache2 restart

$ sudo mkdir /etc/apache2/ssl

$ sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/apache2/ssl/apache.key -out /etc/apache2/ssl/apache.pem -outform PEM

Debian/Ubuntu-specific

Enable SSH public key authentication with an encrypted home folder

Tested on Ubuntu 16.04 LTS

$ /sbin/umount.ecryptfs_private
 $ cd $HOME
 $ chmod 700 .
 $ mkdir -m 700 .ssh
 $ chmod 500 .
 $ echo $YOUR_REAL_PUBLIC_KEY > .ssh/authorized_keys
 $ /sbin/mount.ecryptfs_private

Reconfigure console font

$ dpkg-reconfigure console-setup

Change time zone

$ dpkg-reconfigure tzdata


Setting niceness (aka priority) on Linux processes

  • Tested on: Ubuntu 12.04 Precise
  • Difficulty: 1/10
  • Time: <1 minute + your WPM

Niceness or nice value in Linux is just another name for the value of priority given to a process. The higher the number means the lower the priority. The nice value can also be negative, and such values will give a process higher than normal priority. Higher the priority (or lower the nice value), the more CPU time is given, therefore the application will be perceived as running faster.

As an example, let's say the process of interest is qemu-system-arm. You have to find out what PID (Process ID) is first.

$ pidof qemu-system-arm
3016

Then check what the current nice value of the process is:

$ ps -o pid,comm,nice -p 3016
  PID COMMAND         NI
 3016 qemu-system-arm  0

According to the output, the nice value of qemu-system-arm is 0. We want to decrease the nice value to dedicate more CPU time to it. However, you need sudo privilege in order to give a negative value for a nice value, even though you do not need such privilege for increasing the nice value to something above 0. Here we decrease it to -10.

$ sudo renice -10 -p 3016

To set a permanent priority on all processes for a specific user or a group you can update /etc/security/limits.conf file.

References

http://www.nixtutor.com/linux/changing-priority-on-linux-processes/ (accessed on July 22, 2012)


Byobu

keyboard shortcuts

C-a c - Create a new screen window

C-a A - Rename the screen

C-a C-a - Go back to the previous window

C-a <0-9> - Switch to screen #0-9 (quick toggle)

C-a " - View a list of the current screens, which will allow you to select one from the list

C-a ' - Enter a screen number to switch to (slower version of C-a <0-9>)

C-a d - Detach the whole screen session and fork to the background. Very useful for remote sessions you want to leave open. The command "screen -r" will resume your screen session.

C-a <Escape> - Scroll up through your command line "history" and see what output you previously got. Hitting <Escape> again cancels it.

links

http://aperiodic.net/screen/quick_reference

Bash

Change to previous folder

This changes the folder to the previous folder you were in.

$ cd -