A Linux server administration tutorial for beginners

A Linux 1-day
workshop
Presented by Peter Dalmaris
Sunday, 17 June 12

View Slide

About this workshop
• No prior knowledge of Linux necessary
• Lots of Linux ﬂavours, we concentrate on
Ubuntu
• Server, not desktop edition
• 9am to 5pm with a couple of breaks
Sunday, 17 June 12

View Slide

About this workshop
Sunday, 17 June 12

View Slide

About this workshop
๏ Start with some history and
architecture
๏ Virtual Machines, installation
๏ Remote access
๏ User management
๏ File system
๏ Networking (including Samba)
๏ Backing up
๏ Server software
Sunday, 17 June 12

View Slide

About this workshop
๏ Start with some history and
architecture
๏ Virtual Machines, installation
๏ Remote access
๏ User management
๏ File system
๏ Networking (including Samba)
๏ Backing up
๏ Server software
๏Software management: installing,
removing, updating
๏Scheduling jobs through cron
๏Vim
๏Webmin
๏Rsync
๏...and anything else we can ﬁt in
Sunday, 17 June 12

View Slide

About me
• Working with Linux for over 10 years
• Administrator for two public web applications
running on Ubuntu Linux 8.10 and 9.04
(www.trackscentral.com, www.gitcentral.com)
• Delivering IT services through my company,
Futureshock Research.
• Teaching at CSU since 2002.
• Undergraduate degree in Electrical and Computer
Engineering, Masters in Information Systems, Masters
in Knowlegde Management, PhD in Business Process
Management and Knowledge Management.
• Contact me at [email protected]
Sunday, 17 June 12

View Slide

History - UNIX and
GNU
• UNIX dominated the OS space since 1960.
It was efﬁcient, effective, but expensive.
• An effort to produce an open-source
UNIX-like OS begun by Richard Stallman in
1994, this was the GNU project beginnings.
• A lot of software was written as part of the
GNU project by the Free Software
Foundation: compilers, text editors, a shell...
Sunday, 17 June 12

View Slide

History - GNU is not
an OS
• ...but there were no complete kernel,
device drivers, daemons etc.
• Without these subsystems, GNU could not
be completed as intended.
Sunday, 17 June 12

View Slide

History - Linux ﬁlls the
gap
• In 1991 Linus Trovalds developed a replacement of
MINIX teaching OS developed by Andrew S.
Tanenbaum and released by Prentice-Hall.
• This replacement became the Linux kernel. Version
0.12 of Linux was released in 1992.
• At ﬁrst, it operated in the Minix user space.
• Linux kernel became the missing GNU kernel.
Sunday, 17 June 12

View Slide

Sunday, 17 June 12

View Slide

The cost of developing
Linux Fedora 9
Sunday, 17 June 12

View Slide

The cost of developing
Linux Fedora 9
Linux kernel
Sunday, 17 June 12

View Slide

NCAR's newest supercomputer: On 12 July
2004, SCD took delivery of lightning, a new
Linux cluster manufactured by IBM. The 1.1-
teraflop system is now installed in the NCAR
Computer Room
Motorola RAZR², an advanced
embedded system using embedded
Linux
The Nokia N810 features the Maemo
Linux distribution,[2] based on
Maemo 4.0, which features MicroB
(a Mozilla-based mobile browser), a
GPS navigation application, new
media player, and a refreshed
interface.
The WRT54G is notable for
being the first consumer-
level network device that
had its firmware source code
released to satisfy the
obligations of the GNU
GPL.
Ubuntu Linux on
Macbook Pro
Sunday, 17 June 12

View Slide

Ubuntu Linux
• A good choice for both server and desktop
distribution.
• Free and well updated - new release every
six months.
• Security updates for 18 months - after that
just upgrade to the latest version.
• There are LTS versions with extended
length support.
Sunday, 17 June 12

View Slide

Ubuntu Linux server
• Build on Debian, with reputation for robust
server implementations.
• Latest version is 9.04, based on kernel
2.6.28-11.37.
• Out of the box support for cloud
computing (Eucalyptus).
• Mail server stack: SMTP, POP3, IMAP with
TLS and SASL.
Sunday, 17 June 12

View Slide

Ubuntu Linux server
• Kernel-based virtual machine (KVM).
• Microsoft Exchange support.
• Simpliﬁed ﬁrewall.
• etc. etc.
Sunday, 17 June 12

View Slide

Desktop vs server
Sunday, 17 June 12

View Slide

Getting started:
installation
• It makes sense to install servers on virtual
machines:
• Better use of existing hardware
• Ease of maintenance and disaster recovery
You can assign a Linux virtual machine to a single
service, like a web server, email server etc. Keep
things simple.
Maintain a single Linux host and multiple guests.
Sunday, 17 June 12

View Slide

Virtualisation
Sunday, 17 June 12

View Slide

Option 1: Ubuntu server
on VMware on any host
• Download the server image from http://
www.ubuntu.com/getubuntu/download-
server
• Start Vmware
• Create a new virtual machine using the
image you just downloaded
Sunday, 17 June 12

View Slide

Hands-on: Installation
Directory Type FS Size Typical Size LAB
/boot Primary Ext2 100MB 200MB
/var LVM XFS 4GB 700MB
/home LVM XFS 200GB 3GB
/ LVM Ext3 50GB 2GB
swap LVM Swap 1GB 200MB
Sample partitioning that separates critical portions of
the hard drive.
Sunday, 17 June 12

View Slide

Option 2: Linux guests to an
Ubuntu host running KVM
• KVM is the default virtualisation technology
that ships with current versions of Ubuntu
• Requires hardware with virtualisation
extensions
Sunday, 17 June 12

View Slide

One host, many guests
Ubuntu host
Ubuntu guest
Windows guest
Sunday, 17 June 12

View Slide

Install a guest #1
Can your hardware support KVM?
egrep '(vmx|svm)' --color=always /proc/cpuinfo
No output means no KVM support. Try checking
virtualization settings in the BIOS.
If there is support, install the required packages:
$ sudo apt-get install kvm libvirt-bin ubuntu-vm-
builder qemu bridge-utils virt-viewer
• libvirt-bin provides libvirtd which you need to administer qemu and kvm instances
using libvirt
• kvm is the backend
• ubuntu-vm-builder powerful command line tool for building virtual machines
• bridge-utils provides a bridge from your network to the virtual machines
Inspect the cpuinfo
virtual ﬁle:
Use the apt-get
package manager:
Sunday, 17 June 12

View Slide

Install guest #2
Add your user name to the libvirtd group
$ sudo usermod -aG libvirtd `id -un`
This will give you access to the system-wide libvirtd
instance. Log out and in to make this effective.
Test the installation is valid:
$ virsh -c qemu:///system list
Id Name State
----------------------------------
$
More about user
management later.
virsh is the main
interface for
managing guest
domains
Sunday, 17 June 12

View Slide

Install KVM #3
Run the KVM command as root to reveal
problems, such as lack of hardware
$ sudo kvm
QEMU PC emulator version 0.9.1 (kvm-62),
Copyright (c) 2003-2008 Fabrice Bellard
usage: qemu [options] [disk_image]
...
$
kvm command can be
used to start guest
machines directly.
Sunday, 17 June 12

View Slide

Setup the virtual
network #1
To enable network services to the VM and
VM access to the outside world, we must
conﬁgure bridge networking; The VM will
access the network through the host’s
physical network interface.
1. Install the bridge utility
sudo apt-get install bridge-utils
2. Stop networking services
sudo invoke-rc.d networking stop
Sunday, 17 June 12

View Slide

Setup the virtual
network #2
3. Edit /etc/network/
interfaces and add
the br0 section:
auto lo
iface lo inet loopback
auto eth0
iface eth0 inet manual
auto br0
iface br0 inet static
address 192.168.0.10
network 192.168.0.0
netmask 255.255.255.0
broadcast 192.168.0.255
gateway 192.168.0.1
bridge_ports eth0
bridge_stp off
bridge_fd 0
bridge_maxwait 0
You may use DHCP
instead of ﬁxed values.
Content of /etc/
network/
Sunday, 17 June 12

View Slide

Setup the virtual
network #3
4. Restart networking services:
sudo /etc/init.d/networking restart
Sunday, 17 June 12

View Slide

Remote administration
Sunday, 17 June 12

View Slide

with SSH #1
• Ubuntu comes with an open source
implementation of the SSH standard, called
OpenSSH.
• OpenSSH makes it possible to securely
control a remote computer, and to transfer
ﬁles.
• To make this possible, we must install the
sshd component on the server if not
already installed.
Sunday, 17 June 12

View Slide

with SSH #2
Install the sshd component:
sudo apt-get install openssh-server
Install the client component:
sudo apt-get install openssh-client
Some OS’s, like Mac OS X, come with an SSH client build-in. In
Windows, use Putty.
Sunday, 17 June 12

View Slide

with SSH #3
Connect:
europa:~ peter$ ssh [email protected]
Local machine
Remote machine
Sunday, 17 June 12

View Slide

with SSH #4
You can authenticate the client using its public key;
then, you will not need to provide a password every
time you want to connect.
Create the client’s public key if one doesn’t exist
already:
ssh-keygen -t dsa
This creates your key pair and stores it in ~/.ssh/.
ssh-keygen is a key
pair generator
Sunday, 17 June 12

View Slide

with SSH #5
Take the contents of the file in ~/.ssh/id_dsa.pub on
the client, and paste it in the file ~/.ssh/
authorized_keys on the server. If the target file does
not exist, create it. This is how authorized_keys may
look like:
$ cat authorized_keys
ssh-dss
AAAAB3NzaC1kc3MAAACBAPKXVOfOAXtN8USLGYWJ7eSvvmPOawSXq35v1xHlTYPBeYbcLD17saIL8Mv7qgb9YDlU
7qPSQgSlOupzWnS7NyXxY5o/G0Z55R7ELQe/MlsRllfdEgLJn/
o1ww97POqcwDNxtRH48Or2chS2nyJlRIrq4c4pIW71HX+TobuMiHk5AAAAFQD7OZHCLizY/
WaTML9pNm103Dv6ZQAAAIEArli/RfNDvFPMuusrzlSOWK8ZK++Vp0xfBRCx0eeT/HkijXNwBlMvmuOBn/
1dKulHXaZhOCQ1657nF/6LvQF3QpJ7y6I3Ste5+d+YJIVlxXPPmawnkD0sAj2ExgchnsKL/VoL/
2wvT9qSyaAvue9OAtY2jEN8V78RMR3Ftytg1SsAAACBAJlOJYWOXmKJzfple5dKq6NKJQzNcLgGKvvwZKwC2fe9gL6y
GY
+PoH6henBAApKWqUxtaTamZAjhmowZ2Mv0ST13jvaX9i8K0hjxfHP3l03OvCFcSLWxj3NeMnas7HSEgvRRwrohm51V
HEHlu+U8GWd36E6AjjUzlcfreym5IRDv [email protected]
Sunday, 17 June 12

View Slide

with SSH #6
europa:~ peter$ ssh [email protected]
Connect just like before, there
should be no request for your
password:
Local machine
Remote machine
Sunday, 17 June 12

View Slide

Upgrading
Sunday, 17 June 12

View Slide

Upgrading
To upgrade to the latest version of Ubuntu
server, use the so-release-upgrade utility.
First, update apt-get to acquire the latest package
information:
sudo apt-get update
Then, install the upgrade utility:
sudo apt-get install update-manager-core
Finally, do the upgrade:
do-release-upgrade
Sunday, 17 June 12

View Slide

Updating installed
packages
Use the apt-get tool:
sudo apt-get upgrade
To automate package updates, use unattended-
upgrades:
sudo apt-get install unattended-upgrades
Install the package:
sudo vi /etc/apt/apt.conf.d/50unattended-upgrades
... and conﬁgure it:
Unattended upgrade actions are logged in /var/log/unattended-upgrades. Add a Cron job to
run /usr/bin/unattended-upgrade periodically.
Sunday, 17 June 12

View Slide

User management
Sunday, 17 June 12

View Slide

User management
๏ A critical aspect of server management.
๏In Ubuntu, the root user is disabled for safety.
๏Management tasks requiring root access can be
completed by using the sudo command by a user who
is in the “admin” group.
๏The user created during the installation process is
added automatically to the admin group.
Sunday, 17 June 12

View Slide

Adding and deleting
users
To add a user:
sudo adduser username
To delete a user (will retain the home directory):
sudo deluser username
To disable a user:
sudo passwd -l username
To enable a user:
sudo passwd -u username
Sunday, 17 June 12

View Slide

Creating and deleting
groups
To create a group:
sudo addgroup groupname
To delete a group:
sudo delgroup groupname
To add a user to a group:
sudo adduser username groupname
Sunday, 17 June 12

View Slide

User proﬁles
By default, all new home directories are accessible
by everyone. You can enforce non-default access
rights to new home directories by editing /etc/
adduser.conf:
The contents of this directory are modelled after the
contents of /etc/skel.
Change “DIRMODE=0755”to “DIRMODE=0750”
Sunday, 17 June 12

View Slide

Password policy
You can enforce strong user passwords by editing the
password policy ﬁle /etc/pam.d/common-password.
For example, to enforce a password with minimum 6
characters, edit the password line to look like this:
password required pam_unix.so nullok obscure min=6 max=8 md5
Sunday, 17 June 12

View Slide

Password expiration
To see the password expiry value for a user, use the
“chage” command:
sudo chage -l username
To make changes:
sudo chage username
The chage tool is for
changing password
expiration date.
Sunday, 17 June 12

View Slide

File system
Sunday, 17 June 12

View Slide

File system
A ﬁlesystem is responsible for managing data stored
on a non-volatile storage device like hard disks, USB
drives, DVDs etc.
Most linux distros, including Ubuntu, use ext3 (“third
extended ﬁlesystem”).
Ubuntu 9.04 introduces experimental support for
ext4.
Sunday, 17 June 12

View Slide

Ext3
A journaling ﬁlesystem: logs changes in a journal to
increase reliability in case of power failure or system
crash.
Sunday, 17 June 12

View Slide

Ext3
Not as fast as others, like JFS, ReiserFS and XFS,
but wins in CPU utilization, reliability, and testing
base.
Sunday, 17 June 12

View Slide

Ext3 ﬁle limits
^ 8 KiB block size is only available on architectures which allow 8 KiB pages, such as Alpha.
Sunday, 17 June 12

View Slide

Ext3 levels of journaling
❖Journal
❖Lowest risk, slowest
❖Metadata and files are written to the journal before being
committed.
❖Ordered (default)
❖Medium risk, medium speed
❖Metadata are written to the journal only - ext3 guarantees file
contents are written to disk before marked as committed in
the journal. Beware of “intermediate state” problem!
❖Writeback
❖Highest risk, fastest
❖Metadata written in journal, no guarantee for file contents.
Sunday, 17 June 12

View Slide

Ext4
❖Adds 64-bit storage limits.
❖Volumes up to 1 exabyte. Files up to 16 terabytes.
❖Improved large ﬁle performance and reduced
fragmentation.
❖Backwards compatible with ext2 and 3.
❖Journal cheksumming (not present in ext3).
❖Online defragmentation.
❖Timestamps in nanoseconds.
Sunday, 17 June 12

View Slide

Files and directories
Filesystems store data in ﬁles and directories.
Filesystems are stored in disk partitions.
You can conﬁgure partitions any way you like, but
something like this is advisable:
Sunday, 17 June 12

View Slide

fstab: static fs info
cat /etc/fstab
fstab is a text ﬁle that
contains ﬁlesystem
information
Sunday, 17 June 12

View Slide

df: Partition utilization
df -h
df stands for “disk
free”
Sunday, 17 June 12

View Slide

Mount points
mount
mount -o remount, ro /usr
mount -a
Remount /usr in read only:
Mount all fs in /etc/fstab:
The mount command attaches a
ﬁlesystem to a mount point
Sunday, 17 June 12

View Slide

File & directory
commands
Command Description
ls Lists the contents of a directory
cd Change directory
mkdir Create directory
rmdir Remove directory
cp Copy file
mv Move file
rm Remove file
pwd Print the present working directory
file Print the presumed type of a file
chmod Change the permission attributes of a file
Sunday, 17 June 12

View Slide

Networking
Sunday, 17 June 12

View Slide

Networking
Most networking is configured by editing two files:
❖/etc/network/interfaces
❖Ethernet, TCP/IP, bridging
❖/etc/resolv.conf
❖DNS
Other networking files:
❖/etc/hosts
❖/etc/dhcp3/dhcpd.conf
Sunday, 17 June 12

View Slide

/etc/network/interfaces
Typical default contents:
Directive Description
auto
Indicates the device should be setup at boot
time.
lo Loopback interface.
iface “Interface”.
eth0
Ethernet device 0, typically the primary
network adaptor.
inet
Indicates network adaptor has an IPv4
address space.
dhcp
Network adaptor gets its conﬁguration from
a DHCP server.
Sunday, 17 June 12

View Slide

/etc/network/interfaces
Good practice: fix your server’s IP address.
Directive Description
static
Indicates the adaptor uses fixed IP
configuration.
address The IP address of the host.
netmask Network subnet mask.
gateway Gateway address.
network The network portion of the IP address.
nameserver The IP of a DNS.
For static interfaces, you may also need to edit /etc/resolv.conf to specify DNS servers.
Sunday, 17 June 12

View Slide

/etc/hosts
Ubuntu refers to this ﬁle to resolve host names
before contacting a DNS. Good for frequently used
hostnames, or internal network hosts.
Sunday, 17 June 12

View Slide

Network useful
commands
Command Description
ping Test that an internet host is reachable.
ifconﬁg Administer a TCP/IP network interface.
sudo /etc/init.d/
networking
stop, start, restart as arguments; controls
network status.
route
Examine and conﬁgure the host’s routing
table.
Sunday, 17 June 12

View Slide

Backup
Sunday, 17 June 12

View Slide

Backup
“Failing to plan is planning to fail”
It is a matter of time before you experience system
failure on your server. When that happens, it is
nice to have a backup.
Sunday, 17 June 12

View Slide

What is a backup?
... to keep multiple historical versions of your data
going back far enough in time to enable recovery
from a small or big disaster.
Sunday, 17 June 12

View Slide

Types of backup
❖Full - Backup the complete data set
❖Incremental - Backup only changes since last
backup
Periodic backup
❖Daily - Hold for the short term
❖Weekly - Hold for the medium term
❖Monthly - Hold for the long term
Sunday, 17 June 12

View Slide

Backup using a shell script
#!/bin/sh
####################################
#
# Backup to NFS mount script.
#
####################################
# What to backup.
backup_files="/home /var/spool/mail /etc /root /boot /opt"
# Where to backup to.
dest="/mnt/backup"
# Create archive filename.
day=$(date +%A)
hostname=$(hostname -s)
archive_file="$hostname-$day.tgz"
# Print start status message.
echo "Backing up $backup_files to $dest/$archive_file"
date
echo
# Backup the files using tar.
tar czf $dest/$archive_file $backup_files
# Print end status message.
echo
echo "Backup finished"
date
# Long listing of files in $dest to check file sizes.
ls -lh $dest
This script rotates
through 7 backups
- one for each day.
A modification can
allow for rotation
of daily, weekly, and
monthly backups.
Sunday, 17 June 12

View Slide

Automating with cron
Cron is used to schedule the execution of scripts. We
will look at it in more detail later.
# m h dom mon dow command
0 0 * * * bash /usr/local/bin/backup.sh
crontab -e
To enter the cron job editor
To run the backup script every
day of every month of every
year, at midnight
Sunday, 17 June 12

View Slide

Restoring
Use tar to test the integrity of an archive, or to
extract its contents.
tar -tzvf /mnt/backup/host-Monday.tgz
To list the contents of the
archive
tar -xzvf /mnt/backup/host-Monday.tgz -
C /tmp etc/hosts
To extract a ﬁle from the archive
tar -xzvf /mnt/backup/host-Monday.tgz
To extract the full contents of
the archive
Sunday, 17 June 12

View Slide

...or, specialised backup
utilities
Such as Bacula,
still open-source.
Sunday, 17 June 12

View Slide

Server software
Sunday, 17 June 12

View Slide

Servers, servers,
servers
Most useful work on a server is done by some
kind of server software:
❖Web (i.e. Apache)
❖Database (MySQL)
❖Application (LAMP - i.e Moin Moin)
❖FTP (i.e. vsftpd)
❖Network File System
❖Email (i.e. Postﬁx)
❖Etc.
Sunday, 17 June 12

View Slide

Web servers
Sunday, 17 June 12

View Slide

Web server
Lot’s of choices for open source web servers.
❖Apache
❖LightTPD (YouTube,
Meebo, Wikipedia)
❖Nginx
❖Roxen
Sunday, 17 June 12

View Slide

Apache:
history and
Apache has been around for ever (at least since the
begining of the known time, when the web was
invented):
❖powers 100 million websites (early 2009), over
46% of total
❖Most popular web server since 1996
❖Lineage going back to NCSA HTTPd
❖Comprehensive set of features - you want it, it
has it.
Sunday, 17 June 12

View Slide

Installing Apache
sudo apt-get install apache2
Apache is installed in /etc/apache2.
Sunday, 17 June 12

View Slide

Installing Apache
sudo apt-get install apache2
Apache is installed in /etc/apache2.
File/Directory Description
apache2.conf The main Apache2 configuration file. Contains settings that are global to Apache2.
conf.d Contains configuration files which apply globally to Apache. Other packages that use Apache2 to serve content
may add files, or symlinks, to this directory.
envars File where Apache2 environment variables are set.
httpd.conf Historically the main Apache2 configuration file, named after the httpd daemon.The file
can be used for user specific configuration options that globally effect Apache2.
mods-available This directory contains configuration files to both load modules and configure them.
mods-enabled Holds symlinks to the files in /etc/apache2/mods-available.
ports.conf Houses the directives that determine which TCP ports Apache2 is listening on.
sites-available This directory has configuration files for Apache Virtual Hosts.Virtual Hosts allow
Apache2 to be configured for multiple sites that have separate configurations.
sites-enabled Like mods-enabled, sites-enabled contains symlinks to the /etc/apache2/sites-available directory. Similarly when a
configuration file in sites-available is symlinked it will beactive once Apache is restarted.
Sunday, 17 June 12

View Slide

Works immediately
Sunday, 17 June 12

View Slide

/etc/apache2/sites-
available/site_name
Sunday, 17 June 12

View Slide

/etc/apache2/sites-
available/site_name

ServerAdmin webmaster@localhost

DocumentRoot /var/www

Options FollowSymLinks

AllowOverride None

Options Indexes FollowSymLinks MultiViews

AllowOverride None

Order allow,deny

allow from all

ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/

AllowOverride None

Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch

Order allow,deny

Allow from all

ErrorLog /var/log/apache2/error.log

# Possible values include: debug, info, notice, warn, error, crit,

# alert, emerg.

LogLevel warn

CustomLog /var/log/apache2/access.log combined

Sunday, 17 June 12

View Slide

/etc/apache2/sites-
available/site_name




AllowOverride None


AllowOverride None

Order allow,deny

allow from all


AllowOverride None


Order allow,deny

Allow from all



# alert, emerg.

LogLevel warn


Port number of site
Sunday, 17 June 12

View Slide

/etc/apache2/sites-
available/site_name




AllowOverride None


AllowOverride None

Order allow,deny

allow from all


AllowOverride None


Order allow,deny

Allow from all



# alert, emerg.

LogLevel warn


Port number of site
Email of webmaster
Sunday, 17 June 12

View Slide

/etc/apache2/sites-
available/site_name




AllowOverride None


AllowOverride None

Order allow,deny

allow from all


AllowOverride None


Order allow,deny

Allow from all



# alert, emerg.

LogLevel warn


Port number of site
Email of webmaster
Root directory of site ﬁles
Sunday, 17 June 12

View Slide

/etc/apache2/sites-
available/site_name




AllowOverride None


AllowOverride None

Order allow,deny

allow from all


AllowOverride None


Order allow,deny

Allow from all



# alert, emerg.

LogLevel warn


Port number of site
Email of webmaster
Static ﬁles block
Sunday, 17 June 12

View Slide

/etc/apache2/sites-
available/site_name




AllowOverride None


AllowOverride None

Order allow,deny

allow from all


AllowOverride None


Order allow,deny

Allow from all



# alert, emerg.

LogLevel warn


Port number of site
Email of webmaster
Static ﬁles block
Static ﬁles block
Sunday, 17 June 12

View Slide

/etc/apache2/sites-
available/site_name




AllowOverride None


AllowOverride None

Order allow,deny

allow from all


AllowOverride None


Order allow,deny

Allow from all



# alert, emerg.

LogLevel warn


Port number of site
Email of webmaster
Static files block
Static files block
Error log file
Sunday, 17 June 12

View Slide

/etc/apache2/sites-
available/site_name




AllowOverride None


AllowOverride None

Order allow,deny

allow from all


AllowOverride None


Order allow,deny

Allow from all



# alert, emerg.

LogLevel warn


Port number of site
Email of webmaster
Static files block
Static files block
Error log file
Access log file
Sunday, 17 June 12

View Slide

Multiple sites
Apache supports multiple sites on the same machine.
Assign sites by port number, sub-domain, directory
name, or any combination of the above.
sudo /etc/init.d/apache2 restart
After any conﬁguration changes,
restart Apache
Sunday, 17 June 12

View Slide

Modules
There are many modules that provide additional
functionality.
These modules can be installed and loaded
dynamically.
sudo apt-get install libapache2-mod-auth-
mysql
Installs the MySQL
authentication module
sudo a2enmode auth_mysql
sudo /etc/init.d/apache2 restart
Enables the new module and
restarts apache
Sunday, 17 June 12

View Slide

Apache: depth and
breadth
Sunday, 17 June 12

View Slide

Databases
Sunday, 17 June 12

View Slide

Database server: mySQL
“The world’s most popular open-source database”*
*http://www.mysql.com/
Yahoo,
Google,
Alcatel,
Nokia,
Youtube
25% market
share (EDC
research)
Sunday, 17 June 12

View Slide

MySQL features
❖Cross-platform compatible
❖Libraries for all major
programming languages
❖Many administration
choices, command line, web-
based, GUIs
❖Stored procedures
❖Triggers
❖Cursors
❖Selection of storage engines
(innoDB, Berkeley, etc.)
❖Replication
❖ACID compliance with
innoDB, DBD, Cluster engines.
❖Full-text indexing
❖Open-source!
Sunday, 17 June 12

View Slide

Mysql installation
sudo apt-get install mysql-server
Installs the MySQL
authentication module
sudo netstat -tap | grep mysql
After installation, check mysql
deamon is running
sudo /etc/init.d/mysql restart
To restart:
sudo vi /etc/mysql/my.cnf
To conﬁgure:
Sunday, 17 June 12

View Slide

Create a new database
and user
mysql -u root -p
Log on as root (asks for
password):
create database myDB;
Create a new database:
grant all privileges on myDB.* to
‘newuser’@‘localhost’identiﬁed by
‘newpassword’with grant option;
Create a new user for the new
database:
exit;
mysql -u newuser -p #asks for password
use myDB;
To verify this worked, exit and
logon as the new user (no error
messages mean all good):
Sunday, 17 June 12

View Slide

LAMP
Sunday, 17 June 12

View Slide

LAMP
Linux
Apache
MySQL
Php
A popular conﬁguration for
Linux servers.
LAMP applications are packaged
in a way that makes it easy to
install and manage.
Sunday, 17 June 12

View Slide

LAMP example: Moin Moin
Moin Moin is a Python-based wiki engine.
sudo apt-get install python-moinmoin
Install Moin Moin (expects
Apache 2 already installed):
cd /usr/share/moin
sudo mkdir mywiki
sudo cp -R data mywiki
sudo cp -R underlay mywiki
sudo cp server/moin.cgi mywiki
sudo chown -R www-data.www-data
mywiki
sudo chmod -R ug+rwX mywiki
sudo chmod -R o-rwx mywiki
Prepare the Moin Moin
directory:
Sunday, 17 June 12

View Slide

Configure Moin Moin
data_dir = '/usr/share/moin/mywiki/data'
Edit /etc/moin/mywiki.py
data_underlay_dir='/usr/share/moin/mywiki/
underlay'
In the next line, insert:
### moin
ScriptAlias /mywiki "/usr/share/moin/mywiki/moin.cgi"
alias /moin_static181 "/usr/share/moin/htdocs"

Order allow,deny
allow from all

### end moin
Configure Apache; add the
following lines in /etc/apache2/
sites-available/default file inside the
“” tag:
sudo /etc/init.d/mysql restart
Restart:
Sunday, 17 June 12

View Slide

Test it... Browse to http://localhost/mywiki
Sunday, 17 June 12

View Slide

FTP
Sunday, 17 June 12

View Slide

FTP
A simple way to transfer ﬁles between computers.
Many open source FTP servers available on Linux:
❖ vsftp
❖ Filezilla
❖ Pure-ftpd
❖ NASLite
❖ wu-ftpd
❖ etc.
Sunday, 17 June 12

View Slide

Install vsftp
“Probably the most secure and fastest FTP server for UNIX-like systems.”
http://vsftpd.beasts.org/
sudo apt-get install vsftpd
Install it:
Sunday, 17 June 12

View Slide

Install vsftp
“Probably the most secure and fastest FTP server for UNIX-like systems.”
http://vsftpd.beasts.org/
sudo apt-get install vsftpd
Install it:
Put your ﬁles here to
make them available
to FTP clients
Sunday, 17 June 12

View Slide

Connect to the FTP
server
Sunday, 17 June 12

View Slide

Connect to the FTP
server
Anonymous
connection
Sunday, 17 June 12

View Slide

Connect to the FTP
server
Anonymous
connection
Download
to local
machine
Sunday, 17 June 12

View Slide

Connect to the FTP
server
Anonymous
connection
Download
to local
machine
Download
completed
Sunday, 17 June 12

View Slide

Secure FTP
...
local_enable=YES
write_enable=YES
...
Edit /etc/vsftpd.conf:
Now vsftpd will ask for the user’s password
and will start at their home directories.
Sunday, 17 June 12

View Slide

NFS
Allows for server ﬁles and directories to be
available to remote clients as if they were local.
sudo apt-get install nfs-kernel-server
Install it:
Sunday, 17 June 12

View Slide

NFS
Allows for server ﬁles and directories to be
available to remote clients as if they were local.
sudo apt-get install nfs-kernel-server
Install it:
Set directories to be
exported here:
Sunday, 17 June 12

View Slide

Export a directory
Sunday, 17 June 12

View Slide

Export a directory
Export the /home directory to
client with IP 192.168.178.20:
Connect to the
NSF export:
Use as if it is
local
Sunday, 17 June 12

View Slide

Email
Sunday, 17 June 12

View Slide

Email services: Postﬁx
The default Mail Transfer Agent (MTA) for Ubuntu
Rich set of features:
❖Protocols:
❖SMTP
❖DKIM
❖DSN status
❖ETRN
❖IPv6
❖SASL authentication
❖TLS encryption/authoentication
❖QMQP
❖Junk mail control
❖Databases:
❖Berkley
❖CDB
❖LDAP
❖MySQL
❖PostgreSQL
❖Mailbox and Maildir formats
❖Virtual domains
❖Address masquarading
❖Selective address rewritting
❖VERP envelope return
address
Sunday, 17 June 12

View Slide

Postfix installation
sudo apt-get install postfix
Install it:
The configuration screens will come up as part of
the installation.
sudo dpkg-reconfigure postfix
To reconfigure at a later time:
sudo apt-get install postfix
Install it:
Or, you can edit the Postfix configuration file /etc/
postfix/main.cf. After editing, restart:
Sunday, 17 June 12

View Slide

Postfix configuration
Sample values:
❖Internet Site
❖mail.example.com
❖peter
❖mail.example.com,
localhost.localdomain, localhost
❖No
❖127.0.0.0/8 [::ffff:127.0.0.0]/104 [::
1]/128 192.168.0/24
❖0
❖+
❖all
Check sources such as
these for details on
configuration:
❖http://flurdy.com/docs/postfix/
❖http://ubuntuforums.org/
showthread.php?t=780509
❖http://en.wikipedia.org/wiki/
Email#Workings
Sunday, 17 June 12

View Slide

SMTP authentication
Allows a client to identify itself. Once authenticated,
the SMTP server will allow the client to relay mail.
Configuration for SMTP-AUTH is done with the
Dovecot package:
sudo apt-get install dovecot-postfix
Install it:
In production, you will need to configure the SSL
certificate and key to be used with authentication and
encryption.
Sunday, 17 June 12

View Slide

Test by sending yourself
an email
sudo apt-get install nail
Install nail, a
command line
emailer:
Sunday, 17 June 12

View Slide

Firewall
Sunday, 17 June 12

View Slide

Firewall
The Linux kernel includes the Netfilter subsystem:
controls network traffic in/out.
Linux firewalls utilise Netfilter. The administrator
tells Netfilter how to treat data packets by
configuring rules in iptables, a configuration file.
In Ubuntu, we use ufw as a configuration tool for
iptables.
Sunday, 17 June 12

View Slide

ufw
“the friendly way to create a firewall”
ufw: Ucomplicated firewall
sudo apt-get install ufw
Install ufw:
Enable ufw and restart
the server to take effect:
You will not be able to
restore the SSH
connection until you
configure ufw to allow
SSH traffic:
sudo ufw allow 22
sudo ufw deny 22
or
Sunday, 17 June 12

View Slide

ufw, examples of rules
sudo ufw delete deny 22
Delete a rule:
sudo ufw allow proto tcp from
192.168.0.2 to any port 22
Allow access from a host to port
22 of any IP address on this host:
sudo ufw allow http
Allow all HTTP trafﬁc:
Use --dry-run to show the rule
corresponding to a directive:
Sunday, 17 June 12

View Slide

ufw, examples of rules
sudo ufw disable
Disable the firewall:
sudo ufw status
See status:
sudo ufw status verbose
See detailed status:
Application integration, predefined
rules. Apply like this “sudo ufw allow
Postfix” and “sudo ufw app info Postfix”
to view rule details:
Sunday, 17 June 12

View Slide

Software management
Sunday, 17 June 12

View Slide

Package management
Over 24,000 software packages for Ubuntu. It is a
good idea to use a package manager to maintain
those installed on your server.:
❖Install
❖Remove
❖Resolve dependencies
❖Compile
❖Upgrade
Ubuntu is supported by apt-get, aptitude.
Most packages are supported by both, so your
choice.
Sunday, 17 June 12

View Slide

apt
A collection of tools, not a single tool.
apt-get is the most important tool. Used for
tasks like:
❖Update the index ﬁles from their source
❖Upgrade all installed packages
❖Install a package
❖Remove installed package
❖Source code fetching
❖Build dependencies
❖Checks for broken dependencies
❖Clean the local repository
❖Autoclean only ﬁles in the local repository that can no longer be downloaded
and are considered useless.
Sunday, 17 June 12

View Slide

Using apt-get
sudo apt-get install nmap
Install a package named “nmap”:
Already installed, ready to use.
sudo apt-get remove nmap
Remove a package named “nmap”:
sudo apt-get update
Update the apt index (the
repositories are listed in /etc/apt/
sources.list):
sudo apt-get upgrade
Upgrade all packages installed:
All actions are recorded in /var/log/dpkg.log
Sunday, 17 June 12

View Slide

Automatic updates
The “unattended-upgrades” package can
automatically install updated packages.
sudo apt-get install unattended-upgrades
Install it:
Deﬁne the type of upgrades in /
etc/apt/apt.conf.d/50unattended-
upgrades
All actions are recorded in /var/log/unattended-
upgrades
Sunday, 17 June 12

View Slide

Windows connectivity
Sunday, 17 June 12

View Slide

Windows connectivity
Works as:
❖File server
❖Printer server (including PDF)
❖Domain controller in Windows networks
❖Authentication
... for Windows clients
Sunday, 17 June 12

View Slide

Samba installation
For Windows XP and later clients, there is nothing
to install.
For the Linux server:
sudo apt-get install samba
Install Samba:
Sunday, 17 June 12

View Slide

Samba configuration
To define a share (in this example, the home
folders), edit the /etc/samba/smb.cnf file:
[homes]
comment = Home Directories
browseable = yes
read only =no
create mask = 0775
directory mask = 0775
valid users = %S
Make home directories shared,
browsable, read-write:
Define the password for a share
user:
sudo /etc/init.d/samba reload
Reload Samba configuration:
Sunday, 17 June 12

View Slide

Access share from
Windows
Sunday, 17 June 12

View Slide

Other Samba
capabilities
We just saw the most basic capability of Samba.
Other things you can do:
❖Sharing CUPS printers
❖Various security issues
❖Active Directory integration, including Kerberos
authentication
❖Database integration for user information
❖LDAP integration
❖Domain controller or client
❖WINS
❖Remote and local management
Sunday, 17 June 12

View Slide

Scheduling
Sunday, 17 June 12

View Slide

Scheduling with cron
Cron is the standard job scheduler for Unix.
Cron stands for “cronograph”.
Every user can specify scripts or programs to
run at speciﬁc time intervals in a text ﬁle called
“crontab”.
Sunday, 17 June 12

View Slide

Example crontab ﬁle
crontab -e
Access/edit crontab ﬁle:
Schedule Script to run
Redirect output
Sunday, 17 June 12

View Slide

cron job deﬁnition
* * * * * command to execute
Sunday, 17 June 12

View Slide

Day of week (0:Sunday to 7)
Sunday, 17 June 12

View Slide

Month (1 - 12)
Sunday, 17 June 12

View Slide

Month (1 - 12)
Day of month (1 - 31)
Sunday, 17 June 12

View Slide

Month (1 - 12)
Hour (0 - 23)
Sunday, 17 June 12

View Slide

Month (1 - 12)
Hour (0 - 23)
Minute (0 - 59)
Sunday, 17 June 12

View Slide

cron shortcuts
Entry Description Equivalent
@reboot Run once at starttup -
@yearly Run once a year 0 0 1 1 *
@annually Same as @yearly 0 0 1 1 *
@monthly Run once a month 0 0 1 * *
@weekly Run once a week 0 0 * * 0
@daily Run once a day 0 0 * * *
@midnight Same as @daily 0 0 * * *
@hourly Run once every hour 0 * * * *
Sunday, 17 June 12

View Slide

Web-based
administration
Sunday, 17 June 12

View Slide

Webmin: web
based server
Open source interface for system administration
based on modules:
❖User management
❖Apache
❖MySQL
❖OpenSSH
❖DNS
❖File sharing
❖etc.
Sunday, 17 June 12

View Slide

Webmin installation
and conﬁguration
wget http://prdownloads.sourceforge.net/webadmin/
webmin_1.500_all.deb
dpkg --install webmin_1.500_all.deb
Get required deb ﬁle and install it:
Sunday, 17 June 12

View Slide

Access Webmin
https://serverIP:10000
Webmin modules Statistics
Sunday, 17 June 12

View Slide

Vim
Sunday, 17 June 12

View Slide

Vim: universal Unix
editor
Sunday, 17 June 12

View Slide

Vim and vi
Vim is an improved version of vi, the stock-standard
text editor for Unix and Linux systems.
sudo apt-get install vim
Install vim
vim filename
start vim
Use commands expressed by keystrokes to control
vim (see cheat sheet in next slide).
Sunday, 17 June 12

View Slide

Vim cheat sheet
Sunday, 17 June 12

View Slide

Go on and build your server.
Notes and videos available at
http://blog.futureshock-ed.com.
A discussion group available at
http://groups.google.com/group/linux-alumni
Any feedback appreciated.
Have fun and stay in touch!
Sunday, 17 June 12

View Slide

A Linux server administration tutorial for beginners

A Linux server administration tutorial for beginners

Peter Dalmaris

More Decks by Peter Dalmaris

Other Decks in How-to & DIY

Featured

Transcript