<Code />

Peter Anselmo's Home on the Web

Posts Tagged ‘bash’

Ubuntu Server Setup Checklist

June 20th, 2009

I’ve now set up half a dozen or so Ubuntu Server installations over the past year or two. For the last few, I created a checklist to make sure I don’t leave any of the smaller, less obvious things out. I present it here, completely unmodified. Note, this is more of a preliminary checklist, as it doesn’t include installation of Apache, MySql, PHP or any other programs such as Postfix. Basically, I’ll perform these steps regardless of whether It’ll be a web or mail server. These also assume you like the vi text editor, if not, you can substitute emacs, nano, or whatever your preference when neccesary. Also, some of these are already done depending on your server host.

Time/Date/Language
Fix Locale Warnings:
# apt-get install language-pack-en

Set Timezone:
# dpkg-reconfigure tzdata

Install Time Daemon:
# apt-get install ntp

General
Install Manual Pages:
# apt-get install man

Add Domain name
# vi /etc/hosts
127.0.0.1 localhost
123.456.789.012 computername.domain.com computername (replace external ip)

Security
Add Administrative User (with home directory):
# useradd myusername -m

Give Admin user Sudo Powers
# visudo
myusername ALL=(ALL) ALL

Set Admin Password
# passwd myusername

Set Admin Shell Preference (optional)
# vi /etc/passwd
myusername: […] :bash

Disable Root SSH Login:
# vi /etc/ssh/sshd_config
PermitRootLogin no <–MAKE SURE YOU CREATED ADMIN & PASSWORD

Tighten default permissions for file & directory creation:
# vi /etc/profile
umask 027 (no default access for others)

Install and Set Up Firewall
# apt-get install ufw
# ufw allow ssh <–DO NOT FORGET THIS
# ufw enable

No comments »

Posted in Linux

Tags: apache apt-get bash Linux mysql php postfix server ssh ubuntu ufw vim vps

The Sticky Bit

January 20th, 2009

Just about any linux user is familiar with the unix permission system. You have three categories of users (user, group, other) and three different permission options (read, write execute). However, most users don’t know about several advanced permissions, one of which is the sticky bit.

Besides having a cool name, the sticky bit provides a very useful function: when set as a directory permission it lets anyone add things the the directory (write access), but they can only delete things they own. Normally, allowing all users write access also allows all users to delete anything (yeah, that’s dangerous).

In particular, users can only remove files if at least one of the following is true:
-The user is the owner of the file
-The user is the owner of the parent directory
-The user has write permissions on the file

When is this useful? It’s commonly found in var directories, when everyone needs to be able to create files, but shouldn’t modify files for other users. It’s also common in mailbox directories for the same reason. I found it particularly useful for a media folder that is shared between users. Users can add Pictures and Videos to the folder, but can’t delete those belonging to others.

So how do you set it?
-For chmod in relative mode, the sticky bit is designated by a “t”

# chmod t filename

-For chmod in absolute mode, the sticky bit can be added by prepending a “1” the the permission.

#chmod 1777 dirname

Cool huh?

No comments »

Posted in Linux

Tags: bash Linux permissions

About Me
- Welcome to my website. I'm a full-time web developer in Northern California. I do everything from CSS to PHP to server administration, and I love what I do. I'm currently developing several Buddypress/Wordpress plugins, as I think it is a great CMS platform. Feel free to drop me a line: My Email address is my first name appended to this domain name ;-)
Vim Tips
Tired of getting beeped at? Try ":set vb" for the cure. You also add it to your .vimrc file.

Back to Top

Valid XHTML 1.0 Transitional | Valid CSS 3