Book Image

Mastering Ubuntu Server - Fourth Edition

By : Jay LaCroix
4.7 (7)
Book Image

Mastering Ubuntu Server - Fourth Edition

4.7 (7)
By: Jay LaCroix

Overview of this book

Ubuntu Server is taking the server world by storm - and for a good reason! The server-focused spin of Ubuntu is a stable, flexible, and powerful enterprise-class distribution of Linux with a focus on running servers both small and large. Mastering Ubuntu Server is a book that will teach you everything you need to know in order to manage real Ubuntu-based servers in actual production deployments. This book will take you from initial installation to deploying production-ready solutions to empower your small office network, or even a full data center. You'll see examples of running an Ubuntu Server in the cloud, be walked through set up popular applications (such as Nextcloud), host your own websites, and deploy network resources such as DHCP, DNS, and others. You’ll also see how to containerize applications via LXD to maximize efficiency and learn how to build Kubernetes clusters. This new fourth edition updates the popular book to cover Ubuntu 22.04 LTS, which takes advantage of the latest in Linux-based technologies. By the end of this Ubuntu book, you will have gained all the knowledge you need in order to work on real-life Ubuntu Server deployments and become an expert Ubuntu Server administrator who is well versed in its feature set.

Related Content you might be interested in

Current Title:

Small book image
Mastering Ubuntu Server - Fourth Edition
Jay LaCroix
Sep, 2022 | 584 pages
Small book image
Linux for System Administrators
Viorel Rudareanu | Daniil Baturin
Sep, 2023 | 294 pages
Small book image
Mastering Linux Administration
Alexandru Calcatinge | Julian Balog
Jun, 2021 | 772 pages
Small book image
CentOS Quick Start Guide
Shiwang Kalkhanda
Dec, 2018 | 320 pages
Table of Contents (26 chapters)
Preface
Preface
Who this book is for
What this book covers
To get the most out of this book
Share your thoughts
1
Deploying Ubuntu Server
Deploying Ubuntu Server
Technical requirements
Determining your server’s role
Choosing a device for our server
Obtaining installation media
Creating a bootable flash drive
Installing Ubuntu Server
Installing Ubuntu on a Raspberry Pi
Summary
Relevant tutorials
Free Chapter
2
Managing Users and Permissions
Managing Users and Permissions
Understanding the purpose of users and groups
Understanding when to use root
Creating and removing users
Understanding the /etc/passwd and /etc/shadow files
Distributing default configuration files with /etc/skel
Switching users
Managing groups
Managing passwords and password policies
Configuring administrator access with sudo
Setting permissions on files and directories
Summary
Relevant videos
Further reading
3
Managing Software Packages
Managing Software Packages
Understanding Linux package management
Understanding the differences between Debian and Snap packages
Installing and removing software
Searching for packages
Managing package repositories
Backing up and restoring Debian packages
Cleaning up orphaned apt packages
Taking advantage of hardware enablement updates
Summary
Relevant video
Further reading
4
Navigating and Essential Commands
Navigating and Essential Commands
Learning essential Linux commands
Understanding the Linux filesystem layout
Viewing the contents of files
Viewing application log files
Summary
Relevant video
Further reading
5
Managing Files and Directories
Managing Files and Directories
Copying, moving, and renaming files and directories
Editing files with the Nano and Vim text editors
Input and output streams
Using symbolic and hard links
Summary
Relevant videos
6
Boosting Your Command-line Efficiency
Boosting Your Command-line Efficiency
Understanding the Linux shell
Understanding Bash history
Learning some useful command-line tricks
Understanding variables
Writing simple scripts
Putting it all together – Writing an rsync backup script
Summary
Relevant videos
Further reading
7
Controlling and Managing Processes
Controlling and Managing Processes
Managing jobs
Understanding the ps command
Changing the priority of processes
Dealing with misbehaving processes
Managing system processes
Scheduling tasks with cron
Summary
Relevant videos
Further reading
8
Monitoring System Resources
Monitoring System Resources
Viewing disk usage
Monitoring memory usage
Understanding load average
Viewing resource usage with htop
Summary
Relevant videos
Further reading
9
Managing Storage Volumes
Managing Storage Volumes
Adding additional storage volumes
Formatting and partitioning storage devices
Mounting and unmounting volumes
Understanding the /etc/fstab file
Backing up and restoring volumes
Utilizing LVM
Summary
Relevant videos
Further reading
10
Connecting to Networks
Connecting to Networks
Setting the hostname
Managing network interfaces
Assigning static IP addresses
Understanding Linux name resolution
Getting started with OpenSSH
Getting started with SSH key management
Simplifying SSH connections with a config file
Summary
Relevant videos
Further reading
11
Setting Up Network Services
Setting Up Network Services
Planning your IP address scheme
Setting up a DHCP server for serving IP addresses
Adding a DNS server
Setting up an internet gateway
Summary
Further reading
12
Sharing and Transferring Files
Sharing and Transferring Files
File server considerations
Sharing files with Windows users via Samba
Setting up NFS shares
Transferring files with rsync
Transferring files with SCP
Summary
Relevant videos
Further reading
13
Managing Databases
Managing Databases
Preparations for setting up a database server
Installing MariaDB
Understanding the MariaDB configuration files
Managing MariaDB databases
Setting up a secondary database server
Summary
Further reading
14
Serving Web Content
Serving Web Content
Installing and configuring Apache
Installing additional Apache modules
Securing Apache with TLS
Installing and configuring NGINX
Setting up and configuring Nextcloud
Summary
Relevant videos
Further reading
15
Automating Server Configuration with Ansible
Automating Server Configuration with Ansible
Understanding the need for configuration management
Why Ansible?
Creating a Git repository
Getting started with Ansible
Making your servers do your bidding
Putting it all together – automating web server deployment
Using Ansible’s pull method
Summary
Relevant videos
Further reading
16
Virtualization
Virtualization
Prerequisites and considerations
Setting up a virtual machine server
Creating virtual machines
Bridging the virtual machine network
Simplifying virtual machine creation with cloning
Managing virtual machines via the command line
Summary
Relevant video
Further reading
17
Running Containers
Running Containers
What is containerization?
Understanding the differences between Docker and LXD
Installing Docker
Managing Docker containers
Automating Docker image creation with Dockerfiles
Managing LXD containers
Summary
Relevant videos
Further reading
18
Container Orchestration
Container Orchestration
Container orchestration
Preparing a lab environment for Kubernetes testing
Utilizing MicroK8s
Setting up a Kubernetes cluster
Deploying containers via Kubernetes
Summary
Relevant videos
Further reading
19
Deploying Ubuntu in the Cloud
Deploying Ubuntu in the Cloud
Understanding the difference between on-premises and cloud infrastructure
Important considerations when considering cloud computing as a potential solution
Becoming familiar with some basic AWS concepts
Creating an AWS account
Choosing a region
Deploying Ubuntu as an AWS EC2 instance
Creating and deploying Ubuntu AMIs
Automatically scaling Ubuntu EC2 deployments with Auto Scaling
Keeping costs down: understanding how to save money and make cost-effective decisions
Taking the cloud further: additional resources to grow your knowledge
Summary
Further reading
20
Automating Cloud Deployments with Terraform
Automating Cloud Deployments with Terraform
Why it’s important to automate your infrastructure
Introduction to Terraform and how it can fit within your workflow
Installing Terraform
Automating an EC2 instance deployment
Managing security groups with Terraform
Using Terraform to destroy unused resources
Combining Ansible with Terraform for a full deployment solution
Summary
21
Securing Your Server
Securing Your Server
Lowering your attack surface
Understanding and responding to CVEs
Installing security updates
Automatically installing patches with the Canonical Livepatch service
Securing OpenSSH
Installing and configuring Fail2ban
MariaDB best practices for secure database servers
Setting up a firewall
Encrypting and decrypting disks with LUKS
Locking down sudo
Summary
Further reading
22
Troubleshooting Ubuntu Servers
Troubleshooting Ubuntu Servers
Evaluating the scope
Conducting a root cause analysis
Viewing system logs
Tracing network issues
Troubleshooting resource issues
Diagnosing defective RAM
Summary
Further reading
23
Preventing Disasters
Preventing Disasters
Preventing disasters
Utilizing Git for configuration management
Implementing a backup plan
Utilizing bootable recovery media
Summary
Further reading
24
Other Books You May Enjoy
Other Books You May Enjoy
25
Index
Index

Managing groups

Now that we understand how to create, manage, and switch between user accounts, we’ll need to understand how to manage groups as well. The concept of groups in Linux is not very different from other platforms and pretty much serves the exact same purpose. With groups, you can more efficiently control a user’s access to resources on your server. By assigning a group to a resource (a file, a directory, and so on), you can allow and disallow access to users by simply adding them or removing them from the group.

The way this works in Linux is that every file or directory has both a user and a group that takes ownership of it. This is contrary to platforms such as Windows, which can have multiple groups assigned to a single resource. With Linux, it’s just one-to-one ownership: just one user and just one group assigned to each file or directory. If you list the contents of a directory on a Linux system, you can see this for yourself:

ls -l

The following is a sample line of output from a directory on one of my servers:

-rw-r--r-- 1 root bind  490 2022-04-15 22:05 named.conf

In this case, we can see that root owns the file and that the group bind is also assigned to it. Ignore the other fields for now; I’ll explain them later when we get to the section of this chapter dedicated to permissions. For now, just keep in mind that one user and one group are assigned to each file or directory.

While each file or directory can only have one group assignment, any user account can be a member of any number of groups. Entering the groups command by itself with no options will tell you what groups your logged-in user is currently a member of. If you add a username to the groups command, you’ll see which groups that user is a member of. Go ahead and give the groups command a try with and without providing a username to get the idea.

On the Ubuntu Server platform, you’ll likely see that each of your user accounts is a member of a group that’s named the same as your username. As I mentioned earlier, when you create a user account, you’re also creating a group with the same name as the user. On some Linux distributions, though, a user’s primary group will default to a group called users instead. If you were to execute the groups command as a user on the Ubuntu desktop platform, you would likely see additional groups. This is due to the fact that distributions of Linux that cater to being a server platform are often more stripped down and users on desktop platforms need access to more objects such as printers, audio cards, and so on. Some packages that can be installed also add additional system users to the server.

If you were curious as to which groups exist on your server, all you would need to do is cat the contents of the /etc/group file. Similar to the /etc/passwd file we covered earlier, the /etc/group file contains information regarding the groups that have been created on your system. Go ahead and take a look at this file on your system:

cat /etc/group

The following is sample output from this file on one of my servers:

Figure 2.10: Sample output from the /etc/group file

Like before, the columns in this file are separated by colons, though each line is only four columns long. In the first column, we have the name of the group. No surprise there. In the second, we are able to store a password for the group, but this is not used often as it’s actually a security risk to do so. In the third column, we have the GID, which is similar in concept to the UID from when we were discussing users. Finally, in the last column, we (would) see a comma-separated list of each user that is a member of each of the groups.

Several entries don’t show any group memberships at all. Each user is indeed a member of their own group, so this is implied even though it doesn’t explicitly call that out in this file. If you take a look at the /etc/passwd entries for your users, you will see that their primary group (shown as the third column in the form of a GID) references a group contained in the /etc/group file.

Creating new groups on your system is easy to do and is a great idea for categorizing your users and what they are able to do. Perhaps you create an accounting group for your accountants, an admins group for those in your IT department, and a sales group for your salespeople. The groupadd command allows you to create new groups.

If you wanted to, you could just edit the /etc/group file and add a new line with your group information manually, although, in my opinion, using groupadd saves you some work and ensures that group entries are created properly. Editing group and user files directly is typically frowned upon (and a typo can cause serious problems). Anyway, what follows is an example of creating a new group with the groupadd command:

sudo groupadd admins

If you take a look at the /etc/group file again after adding a new group, you’ll see that a new line was created in the file and a GID was chosen for you (the first one that hadn’t been used yet). Removing a group is just as easy. Just issue the groupdel command followed by the name of the group you wish to remove:

sudo groupdel admins

Next, we’ll take a look at the usermod command, which will allow you to actually associate users with groups. The usermod command is more or less a Swiss Army knife; there are several things you can do with that command (adding a user to a group is just one of its abilities). If we wanted to add a user to our admins group, we would issue the following command:

sudo usermod -aG admins myuser

In that example, we’re supplying the -a option, which means append, and immediately following that, we’re using -G, which means we would like to modify secondary group membership. I put the two options together with a single dash (-aG), but you could also issue them separately (-a -G). The example I gave only adds the user to additional groups; it doesn’t replace their primary group.

Be careful not to miss the -a option here, as by doing so, you will instead replace all current group memberships with the new one, which is usually not what you want. The -a option means append, or to add the existing list of group memberships for that user.

If you wanted to change a user’s primary group, you would use the -g option instead (lowercase g instead of an uppercase G as we used earlier):

sudo usermod -g <group-name> <username>

Feel free to check out the man pages for the usermod command, to see all the nifty things it allows you to manage relating to your users. You can peruse the man page for the usermod command with the following command:

man usermod

One additional example is changing a user’s /home directory. Suppose that one of your users has undergone a name change, so you’d like to change their username, as well as moving their previous home directory (and their files) to a new one. The following commands will take care of that:

sudo usermod -d /home/jsmith jdoe -m 
sudo usermod -l jsmith jdoe

In that example, we’re moving the home directory for jdoe to /home/jsmith, and then in the second example, we’re changing the username from jdoe to jsmith.

If you wish to remove a user from a group, you can use the gpasswd command to do so. gpasswd -d will do the trick:

sudo gpasswd -d <username> <grouptoremove>

In fact, gpasswd can also be used in place of usermod to add a user to a group:

sudo gpasswd -a <username> <group>

So, now you know how to manage groups. With the efficient management of groups, you’ll be able to manage the resources on your server better. Of course, groups are relatively useless without some explanation of how to manage permissions (otherwise, nothing would actually allow a member of a group access to a resource). Later on in this chapter, we’ll cover permissions so that you have a complete understanding of how to manage user access.

Previous Section
End of Section 8
Next Section