Posts Tagged ‘bash’

Ubuntu Server Setup Checklist

June 20th, 2009

I’ve now set up half a dozen or so Ubuntu Server installations over the past year or two.  For the last few, I created a checklist to make sure I don’t leave any of the smaller, less obvious things out.  I present it here, completely unmodified.  Note, this is more of a preliminary checklist, as it doesn’t include installation of Apache, MySql, PHP or any other programs such as Postfix.  Basically, I’ll perform these steps regardless of whether It’ll be a web or mail server.  These also assume you like the vi text editor, if not, you can substitute emacs, nano, or whatever your preference when neccesary.  Also, some of these are already done depending on your server host.

Fix Locale Warnings:
# apt-get install language-pack-en

Set Timezone:
# dpkg-reconfigure tzdata

Install Time Daemon:
# apt-get install ntp

Install Manual Pages:
# apt-get install man

Add Domain name
# vi /etc/hosts localhost
123.456.789.012 computername (replace external ip)

Add Administrative User (with home directory):
# useradd myusername -m

Give Admin user Sudo Powers
# visudo
myusername ALL=(ALL) ALL

Set Admin Password
# passwd myusername

Set Admin Shell Preference (optional)
# vi /etc/passwd
myusername: […] :bash

Disable Root SSH Login:
# vi /etc/ssh/sshd_config

Tighten default permissions for file & directory creation:
# vi /etc/profile
umask 027 (no default access for others)

Install and Set Up Firewall
# apt-get install ufw
# ufw allow ssh <–DO NOT FORGET THIS
# ufw enable

The Sticky Bit

January 20th, 2009

Just about any linux user is familiar with the unix permission system. You have three categories of users (user, group, other) and three different permission options (read, write execute). However, most users don’t know about several advanced permissions, one of which is the sticky bit.

Besides having a cool name, the sticky bit provides a very useful function: when set as a directory permission it lets anyone add things the the directory (write access), but they can only delete things they own. Normally, allowing all users write access also allows all users to delete anything (yeah, that’s dangerous).

In particular, users can only remove files if at least one of the following is true:
-The user is the owner of the file
-The user is the owner of the parent directory
-The user has write permissions on the file

When is this useful? It’s commonly found in var directories, when everyone needs to be able to create files, but shouldn’t modify files for other users. It’s also common in mailbox directories for the same reason. I found it particularly useful for a media folder that is shared between users. Users can add Pictures and Videos to the folder, but can’t delete those belonging to others.

So how do you set it?
-For chmod in relative mode, the sticky bit is designated by a “t”

# chmod t filename

-For chmod in absolute mode, the sticky bit can be added by prepending a “1” the the permission.

#chmod 1777 dirname

Cool huh?