Ubuntu General Commands

General Commands (Most Used)

Managing Users and Permissions

  • show users logged in and history 
    lastlog
  • Change user in terminal 
    • su [name of user]
  • Add users   (Also see "Ubuntu Server Setup General Steps"
    • useradd vs adduser
      • useradd is a command, it will just add user
        • ** useradd WILL NOT create /home/user directory unless you use a flag, see below. 
      • adduser is a script that will prompt for pass and other info. it WILL create a /home/user directory
    • https://help.ubuntu.com/community/AddUsersHowto
    • https://help.ubuntu.com/8.04/serverguide/C/user-management.html
    • useradd   (add user command line)
      • -d set home directory
      • -m force useradd to create the home directory
      • -p set password
      • -G add to group 
        useradd -G groupname username
      • Example useradd: add the user, sajeev34,  to the directory = domain.com group = webusertest1 
        • sudo useradd johndoe -d  /var/www/public_html/domain.com/ -G webusertest1
        • sudo useradd johndoe -d /var/www/sandbox.domain.com/ -G www-data                             
          • you must still assign a password using passwd
          • See ACL to assign access
    • adduser (prompt for details)
    • add a user for web (apache) access example: 
      useradd -d /var/www/public_html/domain.com/public -G www-data -p password USERNAME
    • add user (already exists) to apache group 
      usermod -G www-data username
    • Delete user 
      • deluser username
        • -remove-all-files      remove all files owned by this user
        • -remove-home        remove the user's home directory
  • Create a symbolic link from a users home directory to another directory
  • set user password 
    • passwd (options) username
      • Will prompt for old password
  • Add/Delete a user to a group
    • See the all of the users in a group 
      • cat /etc/group  OR   getent group groupname
    • Example, add a user to the www-data group 
      • sudo usermod -a -G GroupName UserName
        • a - add to group (use with G)
        • G - group name
        • sudo usermod -a -G www-data jsmith
    • Delete a user from a group 
      deluser <username> <groupname>
  • Give a user root permissions. Disable the root user
    • *** Ideally add user to admin(or sudo) group which has sudo privileges. 
    • If user doesn’t exist
      • Create user with adduser. (above)
      • Set the user password (above)
    • Add user to /etc/sudoers
      username ALL=(ALL:ALL) ALL
      login as this user and Disable Root user
      sudo passwd -l root (-l is small L)
  • Change document root to apache: change owner of directory 
    • sudo chgrp newgroup nameOFfile
    • sudo chgrp -R www-data /directory/directory
  • change files owner and group 
    • sudo chown fileowner:filegroup nameOFfile
    • sudo chown www-data:www-data qlaunch1
    • change recursively (all sub files and folders)
      • sudo chown -R www-data:www-data some_directory/
  • create a group 
    • groupadd NameOFGroup
    • list groups 
      • cat /etc/group
    • list members of a group 
      getent group www-data
  • Add a user to a group 
    • sudo usermod -a -G groupName www-data

      • where  groupName is the name of the group and www-data is the user
      • -a is append
      • -G group name
  • Change permissions of directory        https://help.ubuntu.com/community/FilePermissions
    • chmod 
      • -R change files and directories (all files in the directories)
      • change mod of files only in a directory 
        sudo find /path/to/someDirectory -type f -print0 | xargs -0 sudo chmod 644
      • change mod of directories only 
        sudo find /path/to/someDirectory -type d -print0 | xargs -0 sudo chmod 755
  • Set a folder so all files are owned by apache, no matter who edits them: 

Copying and Deleting, Managing Files

  • copy file 
    cp sourceFile targetFile
  • copy a directory 
    • cp -r source destination
      -r or -R is recursive (include all sub folders and files)
cp -r dir1 dir2
      cp -option  source destination
      cp -option1 -option2  source destination 
  • copy all files from one directory to another
    • mv -vn olddirectory/* /newdirectory/newdirectory
      • check man for attributes
    • Move all files up one directory:
      • mv * .[^.]* ..
        • Spaces are needed. 
    • in Mac, you must specify the entire directory path for source and target 
      • sudo mv /Users/userName/Sites-acquia-drupal/sites/whistlepunk.localhost/whistlepunk/docroot/* .[^.]* /Users/userName/Sites-acquia-drupal/sites/whistlepunk.localhost/
        • ** Note the use of /* .[^.]* to grab all files incl those that start with .
  • Move a directory
    • mv fromflderpath tofolderpath 
        • sudo mv /var/www/public_html/drupal8test1/public/drupal/* .[^.]* /var/www/public_html/drupal8test1/public/  
  • Rename a directory 
    mv /home/user/oldname /home/user/newname
  • Upload a file from the desktop to the server
    • ** MAY HAVE PERMISSIONS ISSUES: Suggest upload to your home directory on the server then cp internally. 
    • scp /Users/johnDoe/Desktop/Symfony_Standard_Vendors_2.3.3.tgz [email protected]:/var/www/ 
    • scp /Users/johnDoe/Desktop/placeholder1.png [email protected]:/var/www/sandbox/sites/default/files
      • Run this from mac prompt
      • Make sure jmahoney has write access on remote server. 
      • also, 
        • sudo scp useraccountname@mymac:/Users/johnDoe/Desktop/test.txt [email protected]:/var/www/sandbox/sites/default/files
          • useraccountname = your mac user
          • mymac: you mac’s hostname. 
      • NOT WORKING 
        sudo scp /Users/johnDoe/Desktop/ckeditor-internal.css [email protected]:/var/www/pcats-D7/sites/all/themes/si_conexxus/css 
      • WORKS: (set ssh port) 
        scp -P 55432 /Users/johnDoe/ARC_ADMIN/Archives/FileName.jpa [email protected]:/home/jrmaron325
    • Examples

      Copy the file "foobar.txt" from a remote host to the local host
      $ scp [email protected]:foobar.txt/some/local/directory
      Copy the file "foobar.txt" from the local host to a remote host
      $ scp foobar.txt [email protected]:/some/remote/directory
      Copy the directory "foo" from the local host to a remote host's directory "bar"
      $ scp -r foo [email protected]:/some/remote/directory/bar
      Copy the file "foobar.txt" from remote host "rh1.edu" to remote host "rh2.edu"
      $ scp [email protected]:/some/remote/directory/foobar.txt \
      [email protected]:/some/remote/directory/
      Copying the files "foo.txt" and "bar.txt" from the local host to your home directory on the remote host
      $ scp foo:.txt bar.txt [email protected]:~
      Copy the file "foobar.txt" from the local host to a remote host using port 2264
      $ scp -P 2264 foobar.txt [email protected]:/some/remote/directory
      Copy multiple files from the remote host to your current directory on the local host
      $ scp [email protected]:/some/remote/directory/\{a,b,c\} .
      $ scp [email protected]:~/\{foo.txt,bar.txt\} .
  • Copy files from server to Mac desktop
  • find a file locate
      • ex. locate php.ini
  • Delete/Remove files and directory
    • rm (filename)
    • remove directory and all files in that directory 
      • rm -r  OR rm -R directoryname
        • r/R => recurrsive
        • -r will prompt y/n for each file UNLESS you use sudo
      • rm -R directoryname
      • rm -R -i directoryname
    • Remove EVERYTHING, force delete CAREFUL! 
      sudo rm -rf (name of directory)
  • find largest files
    • If you just need to find large files, you can use find with the -size option. The next command will list all files larger than 10MiB
      • find / -size +10M -ls
      • find / -size +10G -ls
    • If you want to find files between a certain size, you can combine it with a "size lower than" search. The next command find files between 10MiB and 12MiB:
      • find / -size +10M -size -12M -ls     
  • find size of a directory, find largest directories
    • du / | sort -n
      • last entries are largest files/directories  
    • du -h —max-depth=1
    • du --max-depth=7 /* | sort -n
      • max depth = 7 directories 
    • [CentOS] du -m filename    or      du -h filename     or    du -ms foldername
  • get PHP version
    • php-config --version
    • dpkg -l | grrep php
    • [CentOS]  php -i
  • Compress and uncompress
  • Make a link to another file or directory (known as symbolic link)
    • http://www.cyberciti.biz/faq/creating-soft-link-or-symbolic-link/
    • ln -s {target-filename} {symbolic-filename}
      • For example create softlink for /webroot/home/httpd/test.com/index.php as /home/vivek/index.php, enter the following command: * -s allows link to directory. 
      • ln -s /webroot/home/httpd/test.com/index.php /home/vivek/index.php
      • ls -l

Access Control/Permissions: ACL

  • About: ACL is an add-on to Ubuntu that can help you manage permissions for different users. it is HIGHLY recommended that this is installed during initial setup. 
  • Setup ACL
    1. (reference) https://help.ubuntu.com/community/FilePermissionsACLs
    2. sudo apt-get install acl
    3. make backup copy of fstab
      1. /etc/fstab
    4. Add acl option to fstab file
      1. /dev/xvda1 / ext3 defaults,acl,errors=remount-ro,noatime    0 1
    5. remount the partitions
      1. (run from root) mount -o remount /
    6. verify acl is active
      1. mount | grep acl
        1. You should see a line that includes "acl"
  • check user access
    • getfacl /var/www/~~~~~
  • grant user access
    • sudo setfacl -Rm u:johnDoe:rwx public/
    • ** If a directory is not created by a web root user, they will lose access to it. Use this command to re-assign access. 
  • grant group access
    • sudo setfacl -Rdm g:webusers:rwx public/
  • Allow user to change file permissions, upload download files to a directory

FIREWALL

  • About: Use ufw Firewall to block general SSH access (Do not need to install, this is part of Ubuntu core, just enable). During setup, change the SSH port to something different than 22 RIGHT AWAY
  •  https://help.ubuntu.com/community/UFW
  • If the port you want to open or close is defined in /etc/services, you can use the port name instead of the number. In the above examples, replace 22 with ssh.
  • set default to allow
  • sudo ufw default allow
    1. enable
      1. sudo ufw enable
    2. disable 
      1. sudo ufw disable
    3. check status
      1. sudo ufw status
      2. sudo ufw status verbose
    4. Check the rules as a dry run
      1. sudo ufw --dry-run allow http
        1. shows what would be applied if an allow http rule were applied
    5. enable logging
      1. sudo ufw logging on
      2. Read the log
        1. sudo cat /var/log/ufw.log
    6. allow specific port and IP address
      1. sudo ufw allow from <ip address> to <protocol> port <port no>
      2. ex. allow ip address 192.168.0.4 access to port 22 for all protocols
        1. sudo ufw allow from 192.168.0.4 to any port 22
      3. default deny port 22
        1. sudo ufw deny 22
    7. Open port 80 so the public can see your site
      1. sudo ufw allow 80
    8. If you'll be using SSL, you need to open port 443
      1. sudo ufw allow 443
    9. delete a rule
      1. sudo ufw delete <rule>
        1. ex. sudo ufw delete deny 80/tcp
        2. ufw delete <number> where number is number of rule. 
    10. limit the number of ssh login attempts to 6
      1. sudo ufw limit ssh/tcp
        1. will deny connections if an IP address has attempted to initiate 6 or more connections in the last 30 seconds. 
    11. Block or Unblock an IP address that has been blocked
      1. block an ip address
        1. sudo ufw block from xxx.xxx.xxx.xxx
      2. allow from that address
        1. sudo ufw allow from xxx.xxx.xxx.xxx

PERFORMANCE - MAINTENANCE - SERVER DOWN

CONNECTION

APPLICATIONS/LIBRARIES

  • About: Ubuntu has many many, did we say many, applications and libraries available. Research the ones you need BEFORE you setup the server. 
  • search for an application 
    sudo aptitude search application
    sudo aptitude search htop
  • CURL 
    sudo apt-get install curl
    sudo apt-get install php5-curl
    >restart apache
  • XSL support 
    sudo apt-get install php5-xsl
  • GD Library 
    sudo apt-get install php5-gd
  • List orphaned packages 
    sudo apt-get autoremove
  • List install libraries
  • list all applications 
    aptitude search php5
  • Remove a library: 
    sudo aptitude purge XXYY  where XXYY is the package name
  • Check php and mysql versions 
    php -v
    mysql -V

SHUT DOWN REBOOT

  • Preferred Method:
    • * If a database is being written to during shutdown it will get corrupted
    • Suggest check google real-time analytics to make sure no one is using site. 
    • shutdown apache (this will stop users from writing to db)
      • sudo /etc/init.d/apache2 stop
    • reboot the server 
      sudo reboot
      sudo shutdown -h now
      sudo shutdown -h 0
  • sudo shutdown -h 18:45 "Server is going down for maintenance"
    • Shuts it down at 6:45pm
  • HALT (server has been hacked and is out of control!)
    • sudo halt
      • halt is less 'soft' than shutdown
  • sudo reboot
  • sudo shutdown -r 0
    • (same as sudo reboot)

Updates - Patches

  • Update repositories (always do before updating) 
    sudo apt-get update
  • upgrade ssl (heartbleed bug) 
    • sudo apt-get upgrade openssl
    • check version
      • openssl version -a  (-a = all information)

IN A JAM(Trouble Shooting)