Book Image

Ubuntu Server Cookbook

By : Uday Sawant
Book Image

Ubuntu Server Cookbook

By: Uday Sawant

Overview of this book

Ubuntu is one of the most secure operating systems and defines the highest level of security as compared other operating system. Ubuntu server is a popular Linux distribution and the first choice when deploying a Linux server. It can be used with a $35 Raspberry Pi to top-notch, thousand-dollar-per-month cloud hardware. Built with lists that there are 4 million + websites built using Ubuntu. With its easy-to-use package management tools and availability of well-known packages, we can quickly set up our own services such as web servers and database servers using Ubuntu. This book will help you develop the skills required to set up high performance and secure services with open source tools. Starting from user management and an in-depth look at networking, we then move on to cover the installation and management of web servers and database servers, as well as load balancing various services. You will quickly learn to set up your own cloud and minimize costs and efforts with application containers. Next, you will get to grips with setting up a secure real-time communication system. Finally, we’ll explore source code hosting and various collaboration tools. By the end of this book, you will be able to make the most of Ubuntu’s advanced functionalities.

Related Content you might be interested in

Current Title:

Small book image
Ubuntu Server Cookbook
Uday Sawant
Jun, 2016 | 456 pages
No titles found
Table of Contents (20 chapters)
Ubuntu Server Cookbook
Ubuntu Server Cookbook
Credits
Credits
About the Author
About the Author
www.PacktPub.com
www.PacktPub.com
Preface
Preface
Free Chapter
1
Managing Users and Groups
Managing Users and Groups
Introduction
Creating a user account
Creating user accounts in batch mode
Creating a group
Adding group members
Deleting a user account
Managing file permissions
Getting root privileges with sudo
Setting resource limits with limits.conf
Setting up public key authentication
Securing user accounts
2
Networking
Networking
Introduction
Connecting to a network with a static IP
Installing the DHCP server
Installing the DNS server
Hiding behind the proxy with squid
Being on time with NTP
Discussing load balancing with HAProxy
Tuning the TCP stack
Troubleshooting network connectivity
Securing remote access with OpenVPN
Securing a network with uncomplicated firewall
Securing against brute force attacks
Discussing Ubuntu security best practices
3
Working with Web Servers
Working with Web Servers
Introduction
Installing and configuring the Apache web server
Serving dynamic contents with PHP
Hosting multiple websites with a virtual domain
Securing web traffic with HTTPS
Installing Nginx with PHP_FPM
Setting Nginx as a reverse proxy
Load balancing with Nginx
Setting HTTPs on Nginx
Benchmarking and performance tuning of Apache
Securing the web server
Troubleshooting the web server
4
Working with Mail Servers
Working with Mail Servers
Introduction
Sending e-mails with Postfix
Enabling IMAP and POP3 with Dovecot
Adding e-mail accounts
Mail filtering with spam-assassin
Troubleshooting the mail server
Installing the Zimbra mail server
5
Handling Databases
Handling Databases
Introduction
Installing relational databases with MySQL
Storing and retrieving data with MySQL
Importing and exporting bulk data
Adding users and assigning access rights
Installing web access for MySQL
Setting backups
Optimizing MySQL performance – queries
Optimizing MySQL performance – configuration
Creating MySQL replicas for scaling and high availability
Troubleshooting MySQL
Installing MongoDB
Storing and retrieving data with MongoDB
6
Network Storage
Network Storage
Introduction
Installing the Samba server
Adding users to the Samba server
Installing the secure FTP server
Synchronizing files with Rsync
Performance tuning the Samba server
Troubleshooting the Samba server
Installing the Network File System
7
Cloud Computing
Cloud Computing
Introduction
Creating virtual machine with KVM
Managing virtual machines with virsh
Setting up your own cloud with OpenStack
Adding a cloud image to OpenStack
Launching a virtual instance with OpenStack
Installing Juju a service orchestration framework
Managing services with Juju
8
Working with Containers
Working with Containers
Introduction
Installing LXD, the Linux container daemon
Deploying your first container with LXD
Managing LXD containers
Managing LXD containers – advanced options
Setting resource limits on LXD containers
Networking with LXD
Installing Docker
Starting and managing Docker containers
Creating images with a Dockerfile
Understanding Docker volumes
Deploying WordPress using a Docker network
Monitoring Docker containers
Securing Docker containers
9
Streaming with Ampache
Streaming with Ampache
Introduction
Installing the Ampache server
Uploading contents and creating catalogs
Setting on-the-fly transcoding
Enabling API access for remote streaming
Streaming music with Ampache
10
Communication Server with XMPP
Communication Server with XMPP
Introduction
Installing Ejabberd
Creating users and connecting with the XMPP client
Configuring the Ejabberd installation
Creating web client with Strophe.js
Enabling group chat
Chat server with Node.js
11
Git Hosting
Git Hosting
Introduction
Installing Git
Creating a local repository with Git CLI
Storing file revisions with Git commit
Synchronizing the repository with a remote server
Receiving updates with Git pull
Creating repository clones
Installing GitLab, your own Git hosting
Adding users to the GitLab server
Creating a repository with GitLab
Automating common tasks with Git hooks
12
Collaboration Tools
Collaboration Tools
Introduction
Installing the VNC server
Installing Hackpad, a collaborative document editor
Installing Mattermost – a self-hosted slack alternative
Installing OwnCloud, self-hosted cloud storage
13
Performance Monitoring
Performance Monitoring
Introduction
Monitoring the CPU
Monitoring memory and swap
Monitoring the network
Monitoring storage
Setting performance benchmarks
14
Centralized Authentication Service
Centralized Authentication Service
Introduction
Installing OpenLDAP
Installing phpLDAPadmin
Ubuntu server logins with LDAP
Authenticating Ejabberd users with LDAP
Index
Index

Getting root privileges with sudo

When you create a new Ubuntu server in the cloud, by default you get the root account. This account has full system access with no restrictions at all and should only be used for administrative tasks. You can always create a new user account with fewer privileges. But there are times when you need extra root privileges to add a new user or change some system setting. You can use the sudo command to temporarily get extra privileges for a single command. In this recipe, you will see how to grant sudo privileges to a newly created user.

Getting ready

You will need a root account or an account with root privileges.

How to do it...

Follow these steps to get the root privileges with sudo:

  1. Add new user if required:

    $sudo adduser john

  2. Make john a member of sudo group with the following command:

    $sudo adduser username sudo

How it works…

All sudo access rules are configured in a file located at /etc/sudoers. This file contains a list of users and groups that are allowed to use the sudo command:

alan ALL=(ALL:ALL)ALL // allow sudo access to user alan
%sudo  ALL=(ALL)  ALL // allow sudo access to members of sudo

The line alan ALL=(ALL:ALL) ALL specifies that the user alan can run any command as any user and optionally set any group (taken from man pages for sudoers: man sudoers).

The entry %sudo ALL=(ALL) ALL specifies that any member of system group sudo can run any command as any user.

All we have to do is add a new user to the group sudo and that user will automatically get sudo privileges. After getting the membership of the sudo group, user needs to log out and log back in for the changes to take effect. Basically, the user shell needs to be restarted with new privileges. Optionally, you can always go and change the sudoers file for a specific condition.

Note

Make sure that you use the visudo tool to make any changes to sudoers file.

There's more…

Here, we will discuss how to set a password-less sudo and some additional benefits of sudo.

Setting password less sudo

sudo is a useful and handy tool for temporary root privileges, but you need to enter your password every time. This creates problems especially for users with no password set. This problem can be solved by setting the NOPASSWD flag in the sudoers file. Make sure you use the visudo tool to edit the sudoers file:

  1. Open the sudoers file with the visudo command:

    $sudo visudo

  2. Select the line for user or group you want to allow password-less sudo access.

  3. Add NOPASSWD after closing the bracket:

    %sudo   ALL=(ALL:ALL) NOPASSWD: ALL

  4. Press Ctrl + O and then confirm with the Enter key to save the changes.

  5. Press Ctrl + X to exit visudo.

Now, the users of the group sudo should be able to use the sudo command without providing a password. Alternatively, you can add a separate entry to limit password-less access to a specific user.

Note that the sudoers program performs cache authentication for a small time (default is 15 minutes). When repeated within timeout, you may notice password-less sudo without setting the NOPASSWD flag.

Other uses of sudo

In addition to running a single command with sudo, you might want to execute a list of commands with the sudo privileges. Then, you can open a shell with root access (# prompt) with the command $sudo -s. The shell environment remains same as original user, but now you can execute commands as a root user.

Alternatively, you can switch user to root with the command $sudo su -. This command will open a new shell as a root user.

See also

  • Check manual pages for sudo with $man sudo

  • For more details on adduser, check the Creating user account recipe

Previous Section
End of Section 9
Next Section