Secure your system
Don’t trust your feelings, how do know that you are yourself?
Linux is known for its security prowess, although we admit it hasn’t been that good in the last few years with the numerous exploits and breaches. Earlier in the feature we mentioned the /etc/passwd file that records details about the users in the installation. The file uses the following format: [username]:[x]:[UID]:[GID]:[Comment]:[Home directory]:[Default shell]
Some fields such as [username] and [Home directory] are self explanatory. The x in the second field points to the fact that the account is protected by a shadow password. The [UID] and [GID] are the numerical representation of the user and primary group that a user belongs to. The [Default shell] is the shell that will be made available to this user when they login into the system. Most Linux distros will default to the Bash shell but there are several others on offer. Then there’s the /etc/shadow file which contains the encrypted password as well as other information, such as account or password expiration values.
The permissions on the /etc/shadow are set to prevent any user from even reading the file. But if no one can access the file how can users change their passwords which are stored in this file? This is because the passwd utility uses a special permission known as SUID (Set User ID).
Thanks to this special provision, the user running the passwd command temporarily becomes root while the command is running and can proceed to write to the /etc/ shadow file. To append the setuid bit to a file, add +s for the user, for example chmod u+s /path/to/file . Now anyone who attempts to access this file will do so as if they are the owner of the file.
Sudo primer
To grant access to sudo , a system administrator must edit the /etc/sudoers file. It’s recommended that this file is edited using the visudo command instead of opening it directly with a text editor. Entering sudo visudo opens the /etc/sudoers file using vi text editor. The Defaults secure_ path= line specifies the path use for every command run from sudo . It’s followed by lines that specify permissions for root, any other user and certain groups (marked by the % sign) on the installation. The rule for the root user reads something like this: root ALL=(ALL) ALL
This means that the root user can run any command on any host as any user. To allow user mayank to add and remove users on all machines, we can add this line: mayank ALL=/usr/bin/useradd, /usr/bin/userdel
The file has an extensive man page ( man sudoers ) that has more examples and features.
Superintend processes
The average home user doesn’t need to have the proficiency and the dexterity of a professionally qualified system administrator. However, there are a few skills that should be in your repertoire to manage your computer efficiently.
One important aspect of a system administrator’s job is to make sure that the computer you are looking after runs smoothly and you can do so by monitoring it. The ps -e command will print a long list of all the processes on the system. You can truncate the list to display only processes that have the same UID as the current user by invoking the ps command without any switches. The output of the ps command includes the unique process ID (PID) along with the name of the running program.
It’s more common to pipe ( seePiedPiperbox,bottom right) the list to display information about a specific program. The command ps aux | grep libreoffice will display detailed
information only about the processes associated with
LibreOffice, for instance. Once you know the PID of a process you can terminate that process with the kill command. Assuming that LibreOffice has a pid of 8899, you can terminate an unresponsive session with the sudo kill 8899 command. It’s also possible to send signals to multiple processes matching a specified program or username by using the killall command, such as killall vlc .
You can also use the top command to view a list of running tasks with the most CPU-intensive ones listed first. The top command also displays various bits of useful information about the processes including their PID. It also has a few interactive commands. For example, you can kill a process from within top by pressing the K key which prompts you to enter the PID of the process you want to terminate.
Schedule tasks
There are tasks that are more effective when you run them on a schedule, for example regular backups and downloads.
The at command helps you schedule tasks that you need to run at a specific time and date. For example, if you need to download a large file, it’s best to schedule it late in the night, for example 1am in the morning. The command at 1am tomorrow will change the prompt to at> and everything that you type at this prompt will be run at the time that you specify. To download a file, point to its location with the wget command. Press the Enter key to specify another command, for example, if you want to move the file to a specific folder. When you are done, press Ctrl+D to save the job. At the time, the at command will perform the actions you’ve told it to and the at command allows for fairly complex time specifications. In addition to AM and PM, the command also accepts times in the HH:MM format and particular dates.
When you press Ctrl+D to submit a job, the command prints a job ID. Use the atq command to list all submitted jobs which you can then remove with the atrm command by suffixing the ID of the job you wish to delete.
If you wish to run a task repeatedly, then you’re better off using the Cron daemon. Use the / crontab -e command to edit your crontab file. The first time you run the command you’ll be asked to select one of the available command-line text editors. Each job is specified in seven fields that define the time to run, owner, and command. The first five commands specify the execution time, the sixth defines the day of the week, and the last field lists the command to be executed. You can use the / crontab -l command to list your scheduled jobs. System-wide crontabs are stored in /etc/ crontab and user-specific crontabs are under the /var/ spool/cron directory. Taken your first steps have you, but mastery of the terminal is a long journey, so continue to buy LinuxFormat you must!