CourseSession 340967 Linux 301 v3

Linux 301: introduction to Linux system administrationThis class focuses on Linux system administration. You'll begin by exploring the programs andprocesses that run on your system. Then youll be introduced to a few handy automation techniquesand commands: bash scripts, cron and rsync. Finally, you'll learn how to set up file and print services,as well as install and configure a web and FTP server. These skills are essential to every Linuxadministrator.

LessonsIntroduction to processes1.Everything running on a Linux system is a process. In this lesson, you'll learnhow to identify the processes running on a given system, locate those that arehaving or causing problems and deal with them.Linux task automation2.One of the great powers of Linuxand the rest of UNIXis the ability toautomate tasks with ease. This lesson teaches you about scripting, the cronautomation tool and scheduling automatic backups.Configuring Linux file servers and print servers3.Do you need to share files between multiple operating systems? In this lesson,you'll learn about Samba and how you can use it to create a file and print serverthat can be accessed by Linux, Windows and Mac OS X clients.Linux web and FTP server configuration4.As a server, Linux has a reputation for being both stable and secure. Andbecause so many people want to learn Linux simply to set up their own servers,this is an important skill. This lesson will show you how to set up a basic weband FTP server.

Introduction to processesEverything running on a Linux system is a process. In this lesson, you'll learn how to identify the processesrunning on a given system, locate those that are having or causing problems and deal with them.

Welcome

If you took Linux 101 and 201, you learned a variety of desktop, GUI-based skills that aregreat for beginning Linux users, along with some rudimentary command-line skills. However,to become a system administrator, these skills are only the beginning of your journey. You'llstart this class by learning a vital skill: the ability to identify and manage processes, which areprograms running on your system. Without this skill, you can't hunt down runaway processesand stop them from overrunning your system resources, among other things.

The goal of this class is to bring you up to the level of a junior system administrator. You'lllearn a mix of command-line and GUI (graphical user interface) tools, based on how currentadministrators tend to use the tools most often.

This class focuses on the Debian distribution, namely Debian 5, because this is thedistribution Linux 101 and 201 focused on and the distribution that comes with some HPsystems. If you're using another Linux distribution, such as Ubuntu, that's finemanydistributions share the same core functions at the command line. Just keep in mind that someof the instructions given in this class may require adjustment for your particular distribution.

If you're already quite familiar with Linux as a desktop user, you should do fine in thisclass even if you didn't take Linux 101 or 201. However, if you don't know how to useLinux at all, consider starting with Linux 101 rather than this class.

What this class offers

In four lessons, this class gives you a foundational tutorial of Linux system administration,techniques and commands. Here's how the lessons break down:

Lesson 1: Introduction to processes explores processes running on your computer. You'lllearn how to view process details, identify problems and shut down processes that arecausing problems.Lesson 2: Linux task automation introduces you to task automation. You'll be introduced toshell scripting, and then see cron and rsync in action.Lesson 3: Configuring Linux file servers and print servers shows you how to set up a fileserver using Samba, and make printing available over a network.Lesson 4: Linux web and FTP server configuration walks you through the process ofsetting up FTP and web servers. You'll learn how to use vsftpd for FTP services andApache Web Server for web services.

Each lesson is accompanied by a short assignment and quiz, which are designed to help youmore fully understand the numerous concepts covered in this class.

Throughout this class, we provide Flash examples. To view these examples, you needthe Adobe Flash Player. Keep an eye out for notes with links that say "See how to ____"or something similar. Some of these files may be very large and could take a while toappear or download if you have a slow connection.

Let's get started with the topics in Lesson 1.

Viewing the system state

If your Linux system is running right now, there are processes working behind the scenes.Open a command-line terminal (select Applications > Accessories > Terminal), and then typetop to see the processes in action, as shown in Figure 1-1. When you want to close thisprogram, press q.

Figure 1-1: A sample top session.

Enlarge image

There's a lot of information available in this window, and at first it can feel ratheroverwhelming; however, there's no better way to get a quick view of what's happening onyour system.

The first line displays information you can see by itself by issuing the uptime command.

Get help

Anytime youneedassistance withLinuxcommand-linetasks, turn tothe man pagesfirst. They giveyou detailedinformation,parametersand switchesfor Linuxcommands.Just type manfollowed by thename of thecommand toopen theappropriateman page. Forexample, mantop opens theman page forthe topcommand.

Run Linux ona highperformance

From left to right, the first line of top output includes:

The current time: The system says that the time is 7:51 in the evening.How long the system's been running: This system been running 22 minutes. It's commonto see values in the hundreds of days here.How many users are logged on right now: There are two users logged on.The system load average one minute ago: A load average is a measure of how busy yoursystem is. Technically, it refers to how many processes were using CPU (centralprocessing unit) time in the last number of minutes. In this case, the load average of 0.23refers to the average number of processes taking up CPU time in the last minute.The system load average five minutes ago: The load average of 0.10 refers to the averagenumber of processes taking up CPU time in the last five minutes.The system load average fifteen minutes ago: The load average of 0.06 refers to theaverage number of processes taking up CPU time in the last fifteen minutes.

In general, the higher a load average rises above the number of processors, the moredemand there is for the CPUs. The lower they fall below the number of processors, the moreavailable CPU capacity there is. If you consistently see high load averages, you may need toupgrade your CPU or add a CPU, if possible.

On the second line, you find basic information about the types of processes running. Fromleft to right, you have:

The total number of processes the system is tracking: There are 100 processes currentlyon this system.The number of running processes: There are two processes actually doing something onthis system at the moment.The number of sleeping processes: Most of the processes, 98, are sleeping, which meansthey're waiting for something to happen before they activate.The number of stopped processes: If you or a program caused a process to halt but not todie, it will wait until you or another program activates it to continue what it was doing. Noprocesses are stopped on this system.The number of processes that have become zombies: Yes, these processes are membersof the undead. A zombie is essentially a completed process, but its parent process hasn'tindicated it no longer needs it, so the system marks the zombie as semi-alive. There areno zombies on this system.

Zombie processes often go away on their own. If one lingers long enough to becomeannoying or cause problems, use the techniques discussed later in this lesson to identify theparent process (the one that launched the zombie process) and stop it.

On the third line from the top, you find information about CPU usage. This information refersto, from left to right:

The percentage of processes being run by users at the moment: About 1 percent of theprocesses on this system are being run by users.The percentage of processes being run by the system at the moment: The system itself isrunning 0 percent of the processes.The percentage of processes with "nice" values applied: Applying nice values to a processtells the process that it can use more system resources, or that it should cut back and useless of them. No processes are "niced" at this time on this system.The percentage of processes that are currently idle: The majority of the processes on thissystem are idle. They're basically just sitting around waiting for something to do.The percentage of processes waiting on something: There are 1.3 percent waitingprocesses on this system. When you see something here, it's often because they'rewaiting for disk I/O (input/output) to complete.The percentage of processes that are talking directly to hardware: There are no processeson this system that are talking to hardware at the moment.The percentage of processes that are talking directly to software: There are no processesactively talking to software at the moment.The percentage of processes scheduling access to hardware: There are no processesscheduling access at the moment.

Line four of the output shows you information about how your memory is currently beingused. From left to right, this information refers to:

The amount of RAM you currently have on the system, in kilobytes: There is about 1 GB

desktop

If yourcomputer isgetting toobogged downand doesn'thave enoughfree RAM, itmight be timeto upgrade.

(gigabyte) of RAM on this system, which displays as 1011708k.The amount of RAM currently in use, in kilobytes: You can see that the system is usingabout 228 MB (megabytes) of RAM. Notice that this value is on a system that's primarilyidle.The amount of RAM currently free, in kilobytes: There are approximately 784 MB of freeRAM, as you might guess from the measure of the amount in use. Watching the loadaverage over time is particularly helpful in telling you whether you need to add more RAM.The amount of RAM allocated by processes to hold information they haven't dealt with yet,in kilobytes: Approximately 30 MB of RAM is being used as a buffer by processes on thissystem.

The fifth row holds information about your swap space, or the partition (or file) that the systemuses to create virtual memory. Virtual memory is essentially extra RAM stored on your harddisk. Virtual memory is handy when you're asking your computer to do more than it has thememory to handle; however, it's slower than real RAM because the computer has to writeand read from the hard disk to get at the data. Swap is often set up to be twice the size ofyour RAM.

Reading the fifth row from left to right, you find:

The total swap on this system: There is approximately 747 MB of swap on this computer.The amount of swap space currently in use: Because there is a lot of available physicalmemory, the system doesn't have to dip into any swap space. However, if even half of yourswap space is consistently being used, you need to install more RAM on your system.The amount of free swap space: The full 747 MB of swap is still available.The amount of swap space allocated for holding file contents in memory for faster access:About 108 MB of this computer's swap space is being used for caching.

Now that you know how to view system details, move on to viewing process details. That'scovered in the next section.

Viewing process details

You now know how to read the upper portion of top output, which gives you system stateinformation. The lower section shows you information about the processes currently runningon your system, sorted dynamically by how much of your CPU the process is using at themoment. The listing continually changes as various processes require more and lessresources.

If you've just set up a computer, run the top command and save the output to a file or print it.You can use this information as your baseline against which to compare future detailsdisplayed using top. This will help you decide when a certain process is unusually high, whenyou need to add more memory and so on.

Along the top of the process listing is a set of headers, telling you what each columncontains. These headers refer to:

PID: The Process ID, which is the unique number assigned to this process by the kernel.USER: Who the process is running as.PR: The priority assigned to the task, which is a measure of how many resources it'sallowed to consume. The lower the value, the higher the priority, so the more CPU andRAM the process is allowed to use.NI: The nice value assigned to this process. A 0 means there is no priority setting, apositive number means the process is not important and is running at a lower priority thanits default and a negative number means the process is important and is running at ahigher priority than its default.VIRT: The amount of virtual memory being used by this process, in kilobytes.RES: The amount of RAM the process is currently using.SHR: The amount of RAM the process is currently using and is possibly sharing with otherprograms.S: The process's current status. Possibilities in this column are D (the process is sleepingand you can't interrupt it), R (the process is running), S (the process is sleeping), T (theprocess is being traced by programming tools for debugging purposes, or has beenstopped) and Z (the process is a zombie).%CPU: The amount of CPU time the task is using, as a percentage of total available CPU

time. By default, top sorts the processes using this column. If you changed from thedefault, type P to return.%MEM: The amount of RAM the task is using, as a percentage of total available RAM. Tosort processes using this column, press M.TIME+: The amount of CPU time the process has used since it started, in one-hundredthsof a second.COMMAND: The program actually being run.

Now you know how to read top output. With practice, you'll be able to read this screen andidentify potential problems with just a glance. Next, learn how to view process informationusing the ps command.

View process information with ps

Another vital command for viewing processes is ps. Typically, you use this command bytyping ps aux. The a displays processes for all users, u displays the output in the best way forusers to read rather than computers and x displays processes that aren't attached to aterminalfor example, many system processes. The ps aux command provides outputsimilar to what you see in Figure 1-2.

Figure 1-2: Sample ps aux output.

Enlarge image

Notice that although the fields are in a different order and displayed in a slightly differentmanner, you get essentially the same information that you get by using the top command. Inthis case, from left to right, the fields are:

USER: Who the process is running as.PID: The process ID, which is the unique number assigned to this process by the kernel.%CPU: The amount of CPU time the task is using, as a percentage of total available CPUtime.%MEM: The amount of RAM the task is using as a percentage of total available RAM. Tosort processes using this column, press M.VSZ: The amount of virtual memory being used by this process, in kilobytes.RSS: The amount of RAM the process is currently using.TTY: Which terminal, if any, the process is attached to.STAT: The process's current status. The values shown here relate to the S column for top.If you see an X, that means it's a dead process.START: When the command started running, either in hours and minutes, or the monthand the day.TIME: The amount of CPU time the process has used since it started.COMMAND: The program actually being run. If you can't see the whole thing and need to,type ps auxw instead to get wider output.

The top and ps commands can be a system administrator's best friend. Get to know themwell. Reading the man pages for both commands will show you there are many morefeaturesexplore them on your own as you develop your administration skills.

Performancewhen itcounts

HPworkstationshave the powerto crankthroughmassiveamounts ofreal-time datauninterrupted.

Identifying and stopping problem processes

Now that you know what each part of the top and ps output means, you're one step closer tobeing able to track down problem processes. Problem processes mostly show up as thefollowing:

The program that would not die: You've pressed Ctrl+C several times and the command-line program still won't stop. Or you've clicked the X in the upper-right corner of a GUIapplication and the window is still partially displayed.The program is hogging all of your RAM or CPU: Your computer is running strangely slow.You run the top command and discover that some piece of software is using 99 percent ofyour resources. (It's helpful to occasionally run top just to see what's normal for yourcomputer.)

Once you've identified a problem process, you need to get rid of it. To do this, you need todetermine its PID, which you already know how to do by using top or ps. A good shortcut is, ifyou know at least part of the program name ("hog," for example, for some imaginary programcalled resourcehog), is to use a pipe, which is a vertical bar (|).

Reviewing the pipe feature

You might already be familiar with this command if you took other Linux classes, but this is agood time to refresh your memory.

A pipe enables you to send the output of one program as the input to the next, as though itpassed through a pipe from a water source to your sink. So, for example, if you typed just psaux, the output of this command and its flags are displayed on your screen, scrolling downuntil only the end appears because the output tends to be quite long. Using a pipe, you cansend the output through the less program, which enables you to view the output one page ata time and press the spacebar to move through it by typing:

ps aux | less

Being able to view the output one page at a time makes it easier to find its PID. However, youcan use pipes to make this job even easier. Doing so involves adding the grep command,which can be used to look for matching text in files or output:

grep hog *

This command looks inside every file in the current directory for the text hog, and displayswhich files contained it and what the line(s) containing it looked like. However, you want tosearch the output of ps aux, so you'd type:

ps aux | grep hog

The resulting output would contain only lines with the text hog in them, making it even easierto spot which program you're looking for and find its PID.

Another handy feature similar to piping is the ability to send the output to a file. Use thestandard out, or STDOUT, symbol (>) to output the results of a command to another file. Thisis something that can be useful if you need to submit the output of ps aux to a technicalsupport person, for example. To do this you'd type:

ps aux > output.txt

The essentialtool of the ITprofessional

ITprofessionalsrely onhandhelddevices to keepthem availableand on demandwithout beingstuck in theoffice. HPiPAQs offer theultimate inmobility andconnectivity.

Stopping problem processes

Once you know the PID for a problem process, you can stop it using the appropriate versionof the kill command. The simplest way to stop, or kill, a process is to type kill pid, such as kill2523. You then need to look at top or ps again to determine if the program with that PID isactually gone. If it is, you're done. However, it might not be. Some programs are quitepersistent.

Although kill by itself is gentle, in that it closes programs down gracefully, it has a variantthat's much more like a sledgehammer. You want to avoid this version as much as possiblebecause it can leave behind a mess in memory, temporary files and more. This ultimate killtool is the -9 flag, such as kill -9 pid, or kill -9 2523.

Another variant of kill is killall. This version is useful if you have many copies of a programrunning. For example, you usually deal with the Apache Web server through server controltools. However, if the server is so badly damaged that it doesn't stop in any other way, youcould spend a while stopping each piece because it runs many copies of itself at once formaximum efficiency. In Debian, Apache runs as the service apache2, whereas in otherdistributions it might run as apache or httpd. Assuming your Apache server is running asapache2, you could kill every instance of apache2 at once by typing killall apache2 or killall -9apache2.

Moving on

In this lesson, you learned how to use the top and ps commands to view what's happeningon your system at various times, and how to identify and stop problem processes. In Lesson2, you'll be introduced to task automation. Before moving on, do the assignment and take thequiz for this lesson to further solidify your new skills.

Assignment #1

It's time to get to know your Linux system. Do the following:

Open a terminal window.1.Type top and press Enter.2.Of the first three processes listed, are they using the most CPU power or the most3.memory? (If these are changing quickly, just pick three that keep showing up towardthe top of the list.)Use the man command to learn more about each of these processes.4.What's the PID for each of these processes?5.What would you type to see one of these processes using the ps aux command?6.What would you type to see this process in the output of ps aux?7.How would you get rid of this process?8.How would you stop this process if the technique in Step 7 didn't work?9.

Solution

Here are the solutions to the following steps of the assignment:

6. ps aux | grep pid

7. ps aux | grep pid > output.txt

8. kill pid

9. kill -9 pid

Quiz #1Question 1:What information is available when you type ps aux? (Check all that apply.)

A) Who's running the processB) The process's current statusC) Who originally started the processD) The percentage of memory the process is currently usingQuestion 2:Which symbol enables you to use the output of one program as the input to another?

A) -B) +C) ]D) |Question 3:Which command enables you to search file contents or program output for matching text?

A) fileB) findC) grepD) locateQuestion 4:Which symbol outputs the text generated from a command to another file?

A) D) =Question 5:Which key combination should you use to try to stop a command-line program before resorting to the killcommand?

A) Ctrl+SB) Alt+SC) Alt+CD) Ctrl+C

Linux task automationOne of the great powers of Linuxand the rest of UNIXis the ability to automate tasks with ease. This lessonteaches you about scripting, the cron automation tool and scheduling automatic backups.

Introducing the bash shell script

Welcome back. In Lesson 1, you learned how to view processes on your computer, andidentify and stop problem processes. In this lesson, you'll be introduced to shellscriptinganother skill to add to your growing administration toolkit. After that you'll find outhow to use the cron utility to automate repetitive tasks, and then learn how to automate filebackups using the rsync command.

One important thing that's easy to forget is that automation is essential to smart systemadministration. Humans are fallible. We forget, or get too overwhelmed with other things, andwe skip what we know should be done for the health of our systems in favor of what the bossor a user is demanding right now.

This is where shell scripts come in exceedingly handy. If you're familiar with Windows batchfiles, you'll have a relatively easy time with shell scriptsthey follow the same principle. Ashell script is a plain text file that contains a sequence of instructions, such as commands,that you type on the command line. Common uses of shell scripts are to automate backups,create event reminders that broadcast across a network, automate repetitive and complextasks and even verify information.

This section simply introduces you to bash shell scripting, and you'll see some real-worldscripts later in the lesson. However, to get really good at scripting requires furtherindependent study and a lot of practice.

Creating a basic script

Creating a (bash) shell script at its most basic level involves the following process:

Open a text file in an editor, such as gedit.1.Add the following code at the top of the file to tell the system that this script uses the2.bash shell to process the contents:

#!/bin/bash

Place the rest of the commands below the first line.1.Save the file.2.Make it executable. Typing chmod u+x scriptname is a quick command to use.3.Run the script.4.

The process is often a bit more complex because you'll test the script at various stages;however, this is how you create a script in general. The code line in Step 2 is often referred toas a sha-bang (the # symbol is often called a hash, and the ! symbol is often called a bang),which can be helpful in remembering which character comes before the other.

Here's an example of a simple script:

#!/bin/bashecho "Hello world!"

Yes, that's the entire script. If you save it in the file ~/bin/hello, typing:

chmod u+x ~/bin/hello

will make the script executable. To run it, you could type ~/bin/hello, or if you're inside the~/bin directory, you could type:

./hello

You can run the script by just typing hello if it's in your command path. To see whichdirectories are currently in your path, type echo $PATH. The script's output would be:

Hello world!

To add a directory to your path temporarily, type PATH="$PATH:/directory" at a command

prompt. For example, to add /home/bob/bin, you'd type PATH="$PATH:/home/bob/bin". Toadd it permanently, open your ~/.bash_profile file, edit the PATH line to add a colon and thenew directory at the end, and then save the file. The changes won't take place, however, untilyour next login.

Now that you're beginning to understand the power of scripting, which is often used toautomate tasks, let's take a look at a popular automation utilitycron.

Using Linux cron

The ultimate system administrator would be able to remember everything that they had to do,executing the system scripts at the correct times and ensuring that everything ran correctly.Sadly, we're all only human so it's inevitable that you will forget to do things. Thankfully, Linuxhas a built-in task scheduling system called cron. It's handled by the daemon crond, whichruns in the background, watching what needs to run and when, and launches the scheduledtasks (which are called jobs). There are two ways in which these tasks are assigned in Linux,depending on whether they're system tasks or jobs belonging to a particular user.

System cron jobs

If you look in the /etc directory, you'll find a number of entries related to cron. The master filefor scheduling system jobs is /etc/crontab. Its contents may look similar to the following:

SHELL=/bin/bashPATH=/sbin:/bin:/usr/sbin:/usr/binMAILTO=rootHOME=/# m h dom mon dow command01 * * * * root run-parts /etc/cron.hourly02 4 * * * root run-parts /etc/cron.daily22 4 * * 0 root run-parts /etc/cron.weekly42 4 1 * * root run-parts /etc/cron.monthly

Walking through this file, line by line, it says:

Commands in this file will be executed using bash.The programs called by this file can be found in /sbin, /bin, /usr/sbin and /usr/bin.If there are output results, they should be emailed to the root user.The effective home directory for the system is the root directory.At the specified time, run every script (that's what the run-parts is for) in the directory/etc/cron.hourly as the root user.At the specified time, run every script in the directory /etc/cron.daily as the root user.At the specified time, run every script in the directory /etc/cron.weekly as the root user.At the specified time, run every script in the directory /etc/cron.monthly as the root user.

How do you read the times? These are those collections of numbers and asterisks before theword root on the last four lines. Think of these as columns in a table, where the columnsstand for (from left to right):

The minute (m) the task should run, counted from minute 0 (midnight) to 59The hour (h) the task should run, counted from hour 0 (midnight) to 23The day of the month (dom) the task should run, counted from 1 to 31The month (mon) the task should run, counted from 1 to 12The day of the week (dow) the task should run, counted from 0 (Sunday) to 7 (Sunday)

When you see a *, this means "all." So, for example, 01 * * * * means:

Minute 01of every hourof every day of the monthof every monthof every day of the week

If you look in /etc/cron.hourly, /etc/cron.daily, /etc/cron.weekly and /etc/cron.monthly, you'll

Get help fromthe man

Need areminder of theformat for acron job'stiming? Thecommand man5 crontabdisplays theman page for acron job'sformat.

see that each contains a selection of scripts, links and programs. It's possible to have toomany of these launching at the same time, causing system slowdowns. You can get aroundthis issue by creating jobs for the root user rather than putting them into this system format,giving the root user jobs different timings so they won't interact with the bulk system jobs.

User cron jobs

Every user on the system can create a cron job by typing:

crontab -e

Typing this command opens a file in nano (a text editor), with only the following commentedline:

# m h dom mon dow command

You can create a cron job from scratch in this file. However, this file is formatted more simplythan /etc/crontab. It will only contain cron jobs, not all of the settings you saw in /etc/crontab.A job is defined in a line that includes the time and task.

So, for example, you might have:

* 6 * * * rsync -auvz /home/andy/Documents/example:/backups/andy/Documents/

This statement says that at 6:00 a.m. every day, the rsync utility (which is handy forsynchronizing directories and filesyou'll look at this command later in the lesson) shouldupdate its backup, sending any new or changed files from /home/andy/Documents to thecomputer named example, into the directory /backups/andy/Documents.

As you can see, user cron jobs are much simpler in format than system jobs. When you savethe file, the crontab program loads the new settings into crond for youthis is why you usecrontab -e to edit the file rather than editing it directly.

Next, get a look at some real-world applications of the cron utility.

Cool cron uses

A list of good things to use cron for tends to look much like a list of good things to use shellscripts for. However, the difference is that you can use cron to run a specific program withspecific flags without needing any kind of script attached.

Example 1: meeting reminder

Perhaps you have a team meeting every Wednesday at 3 p.m. and want to send yourself areminder every Tuesday at 10 a.m. to make sure you prepare. You might create the followingcron job with crontab -e:

0 10 * * Tue mail -s "Team meeting tomorrow at3 p.m." [email protected]

Although the preceding command appears to wrap to a second line, type it all on one

Don't sacrificeperformance

There is noneed tosacrifice theperformance ofa desktop forthe mobility ofa laptop withHP extremepowerbusinessnotebooks.

line.

This job will send an email with the subject "Team meeting tomorrow at 3 p.m." [email protected] at 10 a.m. every Tuesday. (You can use letters for days of the week, andfor months as well.)

However, what if you wanted to include a body for this mail? Maybe you're responsible forcollating the minutes from the last meeting before this one and sometimes forget. So, you cancreate the text file ~/meeting_reminder.txt with the contents:

Don't forget to collate those meeting notes!

Then, you can change the cron job to:

0 10 * * Tue mail -s "Team meeting tomorrow at3 p.m." [email protected] < meeting_reminder.txt

This version pulls the contents of meeting_reminder.txt, which is in your home directory andtherefore needs no path, into the mail body.

Example 2: finding SUID programs

Perhaps every Saturday at 2 p.m., while most of the office staff is home and not using thesystems, every one of the computers compiles a list of all of their SUID (Set User ID) rootprograms and emails them to a central computer (such as server.example.com) where ascript (run by the user processor) examines them, making sure that no SUID programs are inplace that shouldn't be.

The command used to locate every SUID program on the system is find, and its full layoutlooks like this:

find / -user root -perm 4000

The find command starts in the base directory and searches all directories below it, lookingfor files owned by the user root and the special permission SUID bit set, whose valuenumerically is 4000. This command needs to be placed in the root user's crontab, and mightlook as follows (this would all be typed on one line):

0 14 * * Sat find / -user root -perm 4000 |mail -s "SUID listing" [email protected]

Using a pipe in this command takes all of the output from the find command and puts it intothe body of the specified email. In this case, an email is sent [email protected] with the subject "SUID listing."

Now that you're familiar with cron, let's move on to rsync, a popular file-copying tool that'soften used to create file backups. You'll also see how to create a script that automatesbackups for you.

The rsync command is a powerful tool for copying files and synchronizing directories on asingle computer or between two computers over a network. It's often used under the hoodwithin popular backup software to set up mirrored FTP and websites, and directly by thosewho prefer to have control of everything that's happening.

This command has far too many flags and switches to cover in a single lesson. Instead, thefocus here is on using rsync for backups, specifically. If you're used to working with oldertools, such as rcp or even ftp, rsync can prove to be a far smarter solution. Why? Becausercp and ftp transfer files in the open, in a way that enables anyone to "sniff" the files and copythem along the way. The rsync program, on the other hand, is capable of using ssh (secureshell) to encrypt the password exchange and file transfers, hiding them from prying eyes.

One cool feature about rsync is that it doesn't have to transfer a whole file. Instead, if it seesthat a file has changed, it can transfer only the altered portion.

Let's move on to learning how to create manual backups with the rsync utility. This is the firststep in learning how to automate rsync backups.

Educate yourself further

We can help you make choices like a seasoned admin. All the information you could need tohelp you choose the right servers and storage for your organization is available in one place,the Servers & Storage expertise center at HP.

Because rsync can be rather complicated, it's best to learn how to use it manually before youtry to automate it. Don't just put an rsync command into a script without testing it first to makesure it will do exactly what you want. It's relatively simple to end up with a completely differentresult.

If you don't have rsync in your system, you can install it using the #apt-get install rsynccommand.

The rsync command is used in the following format:

rsync flags source destination

Some of the flags available for the rsync command are listed in the following table.

Flag Purpose

-a A shortcut for "archive," which is the same as using the flag combination -rlptgoD.

-b Create backups of the files in transit, to the directory --backup-dir (used as --backup-dir=path) and with the suffix --suffix (used as --suffix=character(s)) addedto the end of the file.

--delete Delete files on the destination side that no longer exist on the sending side.

-e Use the specified remote shell. If you're using a version of Linux that doesn'tinclude -e ssh among the flags, you may need to add --rsync- path to tell rsyncwhere to find ssh.

--exclude=pattern

Don't transfer files that match the given pattern. See Table 2-2 for the ways ofspecifying patterns. Notice that all directories are shown with a slash at the end ofthem.

--exclude-

Pull the patterns from file, where one pattern is listed per line.

from=file

-g Keep track of the permission group associated with the files.

-l Keep symlinks as symlinks (that's a lowercase L, not the number 1).

--max-size=size

Don't transfer any files that are bigger than size. To specify kilobytes, add a k atthe end (for example, 1k). For megabytes, use an m (such as 1m), and forgigabytes, use a g (such as 1g).

-n Don't actually do the file transfer. Just show me what would happen if you did.

-o Keep track of the permission owner associated with the files.

-p Keep track of the permissions associated with the files.

--progress

Show progress during file transfers.

-q Don't display anything but error messages. This is a popular option for scripts.

-r When copying a directory, recurse through all of the subdirectories as well.

--stats Display file transfer statistics.

-t Preserve timestamps.

-u Only update files that have changed or are new, don't copy over unchanged files.

-v Give more verbose output.

-x Don't cross over to another partition.

-z Compress the files before transferring over the network.

Table 2-1: Flags commonly used with rsync.

The following table lists methods of specifying a pattern for the rsync --exclude flag.

Format Description Example

path A directory or file without a slash in front of it will be relative toyour home directory.

--exclude=Downloads/

/path A directory or file with a slash in front of it is consideredrelative to the root directory. You must have permission to

--exclude=/tmp/

access this directory and read its files to be able to transferthem.

A pathwith a *in it

The * matches any number of characters. However, it'll stopat a slash.

--exclude=D*s/matches Downloadsor Dogs but notDown/Ups/

A pathwith a ?in it

The ? matches one single character. --exclude=D??s/matches Dogs butnot Downloads

A path** in it

The same as * but doesn't stop at slashes. --exclude=D**s/matches Downloads,Dogs andDown/Ups/

Table 2-2: Methods of specifying a pattern for the rsync --exclude flag.

The location and destination are specified the same way. At their most complex, they showup in this format:

user@host:path

Let's break this down to understand it:

User: The login you're synchronizing to and can be left out if you're going from and to thesame account (maybe you're the user bob on both computers).Host: The computer you're taking the files from or to, depending on whether this is thesource or destination entry. You can leave this one out if you're synchronizing twolocations on the same computer.Path: The files that should be transferred.

The most complex item here is the path. Because of this, it's common to use -n for a dry runwhen you first create the command to make sure it transfers what you want. Then you can goback and remove the -n once you're satisfied.

Keep in mind the following two examples. The first example:

rsync -avz /var/www/html webarchive:/var/www/html

takes all of the files in /var/www/html, compresses them, outputs verbosely and keeps all oftheir permissions and other information intact. It then puts them in /var/www/html/html. Yes, itcreates a new subdirectory. On the other hand, the second example:

rsync -avz /var/www/html/ webarchive:/var/www/html/

does the same thing with one big difference: it takes the files from /var/www/html and putsthem into /var/www/html.

Now that you understand the ins and outs of rsync, move on to learn how to create a scriptthat runs rsync unattended and at regular intervals.

Back up

Human intervention is one of the common causes of failed backup. Autoloaders reduce thisrisk significantly by automating a backup routine, eliminating the human element and freeingup your IT staff.

Once you've tested your rsync command and are sure it's doing exactly what you want, it'stime to refine it and put it into a script if this is part of your backup plan. The first thing youshould do is ensure you really want all of the directories and files you're transferring. You canend up with a pile of --exclude statements in addition to your main rsync.

After that, you can write a simple script that makes use of a lock file. Lock files ensure that,essentially, you don't end up with a backup so long that a second backup starts while the firstone is still running. An example of such a script follows:

#!/bin/bashif [ ! -f /home/jareesh/bin/backup.lock ]then touch /home/jareesh/bin/backup.lock rsync -auvz --exclude=Downloads//home/jareesh/ server:/home/jareesh/backup/ rm /home/jareesh/bin/backup.lockfi

This script checks to make sure the file /home/jareesh/bin/backup.lock doesn't exist (becauseof the !). If it does, the script ends.

If the file doesn't exist, the empty file is created with the touch command. From there, averbose, compressed update of the directory /home/jareesh and all of its contents except forthe Downloads subdirectory is made, keeping all permissions and timestamps in place. Thedata is transferred to the server and into the directory /home/jareesh/backup.

This is a single-user backup. If you're working on a large system, you'll probably back up allof /home and other vital directories on the system as well.

Using multiple backups

If you keep only one version of your backup media, any system corruption that's introduced inthe areas you're backing up will end up in your only backup.

There are many approaches to dealing with this problem. Those administrators with relativelysimple needs might set up a crontab that looks like this:

30 * * * * nice /home/jareesh/bin/backup-hourly &> /dev/null* 6 * * * nice /home/jareesh/bin/backup-daily &> /dev/null* 8 * * 0 nice /home/jareesh/bin/backup-weekly &> /dev/null* 10 1 * * nice /home/jareesh/bin/backup-monthly &> /dev/null

Each version of this script points to a different destination so the backups don't overwriteeach other. The nice statement that precedes each server/path tells the server not to run thebackups at full-throttle, and instead makes them run a bit slower. This way, you're less likelyto bog down the computer being backed up.

Moving on

You can't survive as an administrator today without understanding automation. Make use ofcron and scripting to lighten your workload, spread out processes that bog down systems

while users aren't working and handle vital tasks that you otherwise might forget. The rest ofthe class focuses on servers, beginning with the Samba file server in Lesson 3. Before youmove on, complete the assignment and take the quiz for this lesson.

Assignment #2

This is a two-part assignment. First, you'll read more about cron. Second, you'll explore andexperiment with cron.

Reading material

Type man 5 crontab at a command prompt to read more about how cron jobs areformatted. The timings can be more complex than was discussed in Lesson 2.

Working with cron

Open a command-line terminal window and do the following:

Switch to the root user (enter su -), if necessary.1.When will the monthly system cron jobs run?2.Which programs will run at this time?3.Log in as a regular user.4.Type crontab -e to open your user's crontab file.5.Create a cron job that sends an email to one of your email accounts every hour with6.the subject "Hi there name" and a body containing whatever you like.Wait long enough for the email to have been sent three times. How long did each7.message take to arrive?Remove the cron job from your crontab so you won't get that email every hour.8.

Quiz #2Question 1:True or False: The code #!/bin/bash tells the system that what follows is a bash shell script.

A) TrueB) FalseQuestion 2:Which file contains the instructions for the main system's cron jobs?

A) /etc/cron.dailyB) /etc/crondC) /etc/crontabD) /etc/cronjobsQuestion 3:When will a cron job run that's scheduled for 0 0 13 * 5?

A) At midnight when the thirteenth of the month falls on a Friday.B) At 1:00 p.m. every day in MayC) Every minute of the day May 13D) At 1:00 p.m. when there's a Friday on the first day of the monthQuestion 4:Which rsync flag lets you keep specified files or directories from being transferred?

A) --excludeB) --preventC) --ignoreD) --files

Question 5:Which directory will the command rsync -auvz /etc server:/backups back up to?

A) /backups/etcB) /backupsC) /etcD) /backups/backup

Configuring Linux file servers and print serversDo you need to share files between multiple operating systems? In this lesson, you'll learn about Samba andhow you can use it to create a file and print server that can be accessed by Linux, Windows and Mac OS Xclients.

Introducing Samba

Welcome back. In Lesson 2, you were introduced to bash shell scripting, and then saw itused with two well-known tools: cron and rsync. With your Linux administration toolkit (andknowledge) growing, you're ready to look at server installations. This lesson focuses onSamba.

Today, it's unusual to come across any business that doesn't have some form of a network.From the start, Linux was designed with networking in mind and is commonly used as a low-cost file server, thanks to the free distribution model. It's not restricted to connecting to otherLinux computersthanks to Samba, you can also connect to Windows networks. This lessoncovers the setup of a basic file and print server, one of the most frequently implementedLinux solutions.

Getting started

Before you can start using Samba, you need to make sure you have all the requiredcomponents installed and ready. Follow these steps in Debian:

Open a terminal window (Applications > Accessories > Terminal) and then change to1.the root user with the su - command. The prompt should switch to a pound sign toindicate you're working as root.Issue the apt-get install samba samba-client command from a command prompt to2.download and install the required components for Samba.Issue the apt-get update command.3.Issue the apt-get install gadmin-samba command to install the GADMIN-SAMBA GUI4.tool for managing Samba. Swat is another popular tool that accomplishes the sameas GADMIN-SAMBA, but GADMIN-SAMBA is used in this lesson.

Now it's time to explore Samba.

Like most Linux packages, Samba stores it's configuration information in /etc, under asubdirectory called samba, so the full path is /etc/samba/. Within this folder you'll find thesmb.conf file, which contains the primary configuration information for Samba. Otherimportant files in the directory are smbpasswd and smbusers.

You can edit the Samba configuration files in the text editor of your choice, or you can usetools in the GUI as shown in this lesson. A portion of the smb.conf file is shown in Figure 3-1.

The OfficialSambaHOWTO andReferenceGuide

Samba itself isa huge subject,and there aremany thingsyou need toknow that areoutside thescope of thislesson. To learnmore aboutSamba setupandconfiguration,readTOSHARG(The OfficialSambaHOWTO andReferenceGuide). Youcan also find awealth ofdocumentationat the Sambawebsite.

The smb.conf file contains Samba configuration information.

Enlarge image

Creating a share

The first thing you need to do is create a share, which lets users access a shared folder onthe network. To create a share:

Create a folder to be shared, such as /var/smbshare.1.Right-click the folder, and then select Share Folder. The Share Folder dialog box2.appears.Select Windows networks (SMB) from the drop-down list, as shown in Figure 3-2.3.

Selecting Windows networks (SMB).

Enlarge image

Uncheck the Read only checkbox (if desired), as shown in Figure 3-3, and then click1.Share.

Uncheck Read only in the Share Folder dialog box.

Enlarge image

Right-click the shared folder, select Properties and set its permissions to allow users1.and groups to access it, as shown in Figure 3-4. Close the dialog box when you'refinished.

Setting permissions.

Enlarge image

Restart the Samba file server using the following command at a command prompt:1.

/etc/init.d/samba restart

Now you can configure each remote computer to connect to the server.

If you have a firewall running on your computer, you may need to adjust the settings toallow external computers access to your Samba shares.

See how to set up Samba.

Adding a Samba user

All you have to do now is add one or more Samba users that are allowed to access thenewly created share. You can add existing Linux users to Samba, or create new users inLinux using the useradd command or the GUI tool (System > Administration > Users andGroups).

You must have at least one user account already created in Linux on the computer that'srunning Samba.

To add Samba users:

Select Applications > System Tools > GADMIN-SAMBA.1.Click the Users tab.2.Click the New user button.3.Complete the fields for the user, as shown in Figure 3-5, and then click Apply.4.

Adding a new Samba user.

Enlarge image

You can add a Samba user at the command prompt by issuing the smbpasswd -a usernamecommand.

See how to add a Samba user.

Connecting to a Samba share from Windows or Mac OS X

Once you've added a user, you can test your new settings from a Windows or Mac OS Xcomputer:

Microsoft Windows: To see shared resources on your network in Windows, select Start >Computer. On the left side of the screen, select the Network option. All shared folders anddevices are listed in the Network window.Mac OS X: Go to Finder, press Apple+K (or click Go > Connect to Server), enter smb://hostname and then click Connect. Mac OS X asks you which share you want to connectto.

Both Mac OS X and Windows prompt you for a username and password. Enter thecredentials for the Samba user you added in the GADMIN-SAMBA tool. If all goes well, yourshare should open in a new window, ready for you to work with.

When you assign a Windows username to a UNIX username, the related Linux filepermissions apply to that Windows user. So, if your Linux-based file permissions givelara access to her home folder but not jack, only lara can access her home folder.

Now that you know the basics of setting up a file server and creating shares and users, learnhow to share printers on your network.

Sharing printers

Apart from sharing files, another common use for Debian is sharing printers amongworkstations. Gone are the days of emailing a file to someone to ask them to print itnowyou can just select the printer that you want to use and print straight away.

The nice thing about Debian is that it broadcasts available printers to the network; however,you can pick up the broadcast only if you're using a UNIX-based operating system, such asLinux or Mac OS X.

To set this up, you need to enable the system to publish the printer to the network throughthe Printer configuration window. Follow these steps:

Select System > Administration > Printing.1.In the Printer configuration window, select File > Server Settings. The Basic Server2.Settings dialog box appears.Select the Show printers shared by other systems and Share published printers3.connected to this system options, as shown in Figure 3-6. Click OK.

Figure 3-6: The Basic Server Settings dialog box.

Enlarge image

Select the printer you wish to share from the list of printers, select the Shared option1.and then click Apply.

To test the share, open the Printer configuration window on another computer running Linux,select the shared printer and print a document to it.

Linux pairedwith HP makessharingprinters asnap

Whether yourneeds requirean internal,external orwireless printserver, HPJetdirect printservers allowfor simple andfast networkprinting.

Sharing a printer with Windows users

To configure Debian to enable printer sharing for Windows clients, you'll need to resort to alittle command line work again, utilizing Samba.

To share a printer with Windows users:

Open a new terminal window, and then switch to the root user (because you're going1.to edit a system file).Open the smb.conf file in the gedit editor using this command:2.

gedit /etc/samba/smb.conf

Use your cursor key to scroll down to the bottom of the file, and then enter the1.following lines (if they don't exist already):

[printers]path = /var/spool/sambaguest ok = Yesprintable = Yesbrowseable = Yes

Save the file, and then exit gedit.1.Restart Samba for the changes to take effect:2.

/etc/init.d/samba restart

That's all you need to do for Debian to share its printers with Windows computers. Youshould be able to see the shared printers in Windows at this point.

Let's go through the entry you created in the smb.conf file line by line, so that youunderstand what each line means:

[printers]: This tells Samba to read the information in /etc/printcap and share the printers itfinds configured there.path = /var/spool/samba: This line specifies where Samba should hold the files that it isprinting. Make sure whatever location it points to has plenty of disk space to adequatelybuffer print jobs.guest ok = Yes: The guest ok option enables anyone to print from your printer, which isideal if you're in a small office and need everyone to have access to a single printerwithout further configuration work. This only works if you set the overall Samba securitypolicy to share-level security.Printable= Yes: This refers to a service used by the client to access print services on thehost running the server.browseable = Yes: This enables the printer to be listed when a user browses shares fromanother operating system.

Moving on

In this lesson, you learned how to set up a Samba file server and a print server. Now it's timeto learn how to set up an FTP and web server. Those topics are covered in Lesson 4. Beforeyou move on, complete the assignment and take the quiz for this lesson.

Assignment #3

In this assignment, you'll put into practice what you learned about file sharing usingSamba.

To set up a share using Samba:

Create a directory under /var.1.Share the directory, specifying that it should be available to all users.2.Make sure that the directory is writeable.3.Add three Samba users.4.In Windows, connect to the Samba server.5.If requested, authenticate using your Samba username and password. You6.should now be able to view your share in Windows.

Quiz #3Question 1:What's Samba?

A) A music serviceB) A service that enables you to share files and directoriesC) A service that enables you to download files using peer-to-peer technologyD) A service that enables you to access files over the internetQuestion 2:When using Samba, what are some tasks you can perform? (Check all that apply.)

A) Share a Linux printer with Windows usersB) Share a Linux directory with Windows usersC) Share a Linux directory with Mac OS X usersD) Share a Linux printer with Mac OS X usersQuestion 3:True or False: The primary configuration file in Samba is samba-client.

A) TrueB) False

Linux web and FTP server configurationAs a server, Linux has a reputation for being both stable and secure. And because so many people want tolearn Linux simply to set up their own servers, this is an important skill. This lesson will show you how to set upa basic web and FTP server.

Understanding important terminology

Welcome back. In Lesson 3, you learned how to set up a simple file server andprint server, in addition to sharing files with Windows users. In this lesson, you'llfind out how to set up FTP and web servers. When you start setting up internetservers, there's a lot of technical terminology you suddenly have to understand.You may know some or all of these terms already, but it's better to be safe thansorry, so read through this list or skim it as you need to:

Client: A client program in a client/server setup is the one the end user opens toaccess the server. For example, your web browser is a web client.Daemon: (Pronounced day-mon.) A program that runs in the background,waiting for things to happen. Daemons are most often used for networkservices, such as web servers, email servers and FTP (File Transfer Protocol)servers.DHCP (Dynamic Host Configuration Protocol): A method of automaticallyassigning IP (Internet Protocol) addresses.

Need a domain name?

There's a plethora ofservices that leasedomain names for a mere$8 or less per year.Search the internet fordomain name provider ,compare the services andsign up.

DNS (Domain Name System): This collection of internet servers helps translatethe names you tell your web browsers and other programs to use, such aswww.linux.org, to instead use the IP addresses that computers find easier todecipher, such as 198.182.196.56.Dynamic IP (Internet Protocol): When you connect to your ISP (internet serviceprovider), you're given any one of a group of available IP addresses, which mayor may not be the same one you had last time (thus the dynamic partthenumbers change). These are usually assigned through DHCP.FQDN (Fully Qualified Domain Name): This is the full name of a computer onthe internet, which is often in three parts but can be longer. These parts are thehostname, the domain name and the domain extension, and are assembled inthe format hostname.domain.extensionfor example, mikey.example.com.FTP: This service is used to transfer files from one computer to another. Today,web servers also enable users to easily upload and download files they need;however, FTP servers are still widely used.HTTP (Hypertext Transfer Protocol): This is the language that web servers useto talk to each another.IP address: A set of numbers in the format ###.###.###.### that's unique to"every computer on the internet." This definition is in quotes because althoughit's easy to say, it's only partially correct. Some computers have more than oneEthernet card; therefore, they can have an IP address for each card. There arealso tricks for assigning multiple IP addresses to each card.

A sample IP address is 192.168.0.6. Notice that not all of the pieces haveexactly three digitsit's not necessary to use 192.168.001.005.

Server: A server program in a client/server setup is what a client connects to inorder to get content, data, and so on. When you open your web browser to go toa web page, that page's content is sent to you by a web server.Static IP: This is a specific IP address that never changes. Static IP addressesare used mainly in office and university environments, and for higher-cost ISPaccounts. On a home network, the computer that talks to the outside world hasa dynamic IP assigned by an ISP. However, each computer on the homenetwork probably has its own static IP address that you or your home networkadministrator assigned.

If you want to set up internet services, check with your ISP first. The terms ofyour current internet account might not allow you to host your own serversunless you upgrade to a higher level of service.

Now that you understand the terminology involved in hosting FTP and webservers, read on to learn how to set up an FTP server.

Setting up an FTP server

People who have to share files that are too large to send by email or tend to getcaught in recipient's spam and virus filters often like to use FTP servers instead ofemail. There are many FTP server programs available. This lesson uses vsftpd(Very Secure File Transfer Protocol daemon).

Installing your FTP server

To install vsftpd, follow these steps:

Have your Debian 5 installation media available. (You can also download1.vsftpd from the internet if you don't have your installation media. You'll haveto uncompress the tarball file and run the make command.)Switch to the root user, and then open a terminal window.2.Type apt-get install vsftpd, and then press Enter. When prompted, press3.the y key to accept the package selection.

Anonymous and non-anonymous FTP

There are two types ofFTP available. One isanonymous FTP, whichmeans users don't need alogin and password toaccess the server, so it'sopen to the public. Moreprecisely, they do have tolog in, but they useanonymous as the userID and their emailaddress as a password.The second type isregular FTP, whichrequires users to enter a

Apt-get installs vsftpd, which takes up a surprisingly small amount of disk space.With the software installed, let's get to know vsftpd's main configuration file:/etc/vsftpd.conf.

To find all possible settings for vsftpd, type man vsftpd.conf at a command prompt.

Checking anonymous access settings

Unlike many other FTP programs, vsftpd is set up to permit only secureanonymous FTP access by default. However, it's configured to disallow users toupload files. Permitting users to only download files is safer.

Use gedit or another editor to open /etc/vsftpd.conf. Scroll down in the vsftpd.conffile to find the following line, which should be commented out:

anon_upload_enable=YES

If you want anonymous users to be able to upload files, uncomment the previousline. (You must be logged in as the root user.) In that case, you also need to createa directory for users to upload files to, and uncomment the following line:

write_enable=YES

Disabling anonymous access

Many FTP sites don't allow anonymous access, and in most cases, it's best to shutoff this feature.

To disable anonymous access:

While logged in as root, open the /etc/vsftpd.conf file in a text editor.1.Scroll down to the line:2.

anonymous_enable=YES

Change this entry to:

anonymous_enable=NO

After disabling anonymous access, you need to enable local users to log in. Youcan do that by removing the comment symbol before the following line:

local_enable instruction

A great way to learn about appropriate vsftpd.conf settings is to view the sampleconfigurations in /usr/share/doc/vsftpd/EXAMPLE.

specific login andpassword.

Generally, you shouldavoid allowinganonymous FTP unlessyou absolutely need it, forsecurity purposes.Someone can find a flawin the anonymous serverthat enables them tobreak into the rest of yoursystem. However, vsftpdis set up for anonymousaccess by defaultbecause it's easy to getthe server up andrunning, and its overallsettings create a secureenvironment. Most FTPserver packages aren't assecure when initiallyinstalled.

Adding extra setup options

Want a cool welcome message to display when someone enters a directory onyour FTP server? Create a text file named .message in that directory, and ensurethe following line is enabled (not commented out) in vsftpd.conf:

dirmessage_enable=YES

To limit how many users can be connected to your FTP server, and thereforeuploading and downloading, at the same time, add the following line at the end ofthe file (where # is the number of users; the default is 0, which actually means nolimits):

max_clients=#

Save and exit the file, and then close the text editor.

See how to install an FTP server and review configuration settings.

Now you're ready to start the FTP server. Read on.

Starting and connecting to your FTP server

Vsftpd starts automatically upon installation but does not load by default when youstart the host computer. To start, stop or restart FTP services, begin at the rootprompt and follow these steps:

To start the service, type /etc/init.d/vsftpd start and press Enter.1.To stop the service, type /etc/init.d/vsftpd stop and press Enter.2.To restart the service, type /etc/init.d/vsftpd restart and press Enter.3.

You can check whether your FTP service is running by entering netstat -a | grep ftpat a command prompt.

To ensure that the FTP server starts upon bootup, type sysv-rc-conf on and pressEnter. If the command isn't found, run the apt-get sysv-rc-conf command to installsysv-rc-conf, and then reissue the sysv-rc-conf on command.

Connecting to your FTP server

Now that your FTP server is running, you probably want to let people connect.Both folks with an account on your system and anonymous users can do so byusing any FTP client. You have to give them your server's address, such asftp.example.com or 192.168.235.128. If you have a dynamic IP address, this maychange over time. If you have a static IP (or better yet, your computer has anFQDN), give people that setting.

If you have a dynamic IP and no FQDN, you can determine your address byopening a terminal window and typing /sbin/ifconfig. An example ifconfig output isshown in Figure 4-1.

Linux is ideal for yourservers

Because Linux is free, itis more accessible to runon your servers, while stillbeing secure and well-developed.

Figure 4-1: Ifconfig output.

Enlarge image

Want to try your FTP server from your Linux computer as a client? Use thepackage manager to install gFTP, and then select Applications > Internet > gFTPto run it.

Ignore the lo entry and the values associated with it. That's for localhost, which justmeans "this" computer. Every computer has the same settings for localhost. If youFTP to localhost, you'd FTP into your own computer. What you're interested in isthe eth0 entry. Look for the part that says inet addr. After that is an IP address; inFigure 4-1, it's 192.168.235.128. That's your current IP address, and the value thatyour FTP users enter in their FTP server or URL text box.

Now that you've covered FTP server setup, move on to learn how to set up a webserver using Apache Web Server software.

Setting up a web server

Web servers are best run from static IP addresses; however, if you have one thatyou want to run intermittently from a dynamic address, you can do that too.Debian, and just about every other Linux distribution, comes with Apache WebServer, which has been the most-used web server on the internet for a long time.In Debian, Apache runs as the program apache2, whereas in other distributions itmight run as apache or httpd.

You can use Apache under Microsoft Windows and most other operatingsystems.

Installing your web server

The name Apache Web Server comes from A patchy Web Server because Apachebegan as a bunch of patches (add-ons and changes) to the original httpd server.You might not have Apache installed yet. If that's the case, follow these steps toinstall Apache Web Server:

Have your Debian installation media available, or make sure you're1.connected to the internet and logged in as root.Open a terminal window.2.Enter the command apt-get install apache2, and then press Enter.3.

Viewing the apache2.conf file

Powerful server

If your server demandsare more rigorous,consider pairing opensource Linux with thepowerful and secureProLiant servers, ideal formulti-serverdeployments.

Apache Web Server has many configuration options availablean entire classdedicated to Apache would have difficulty covering all of them. The goal in thislesson is to introduce you to the main Apache configuration file.

In Debian, Apache draws its configuration options from the/etc/apache2/apache2.conf file. You need to be logged in as root to access it. Youcan open the configuration file in a text editor, such as gedit, by issuing the gedit/etc/apache2/apache2.conf command. The file contains many configurabledirectives, which are settings or instructions for the server. The file is also wellcommented, so you'll find plenty of guidance for some of the more obscuresettings.

Figure 4-2: An apache2.conf directive.

Enlarge image

Anytime you've edited the apache2.conf file, you should test your configurationwith this command:

apache2ctl configtest

If "Syntax OK" appears, your configuration is error free; otherwise, one or moreerror messages will appear. You need to correct any errors, resave theapache2.conf file and retest the configuration. When you're finished, restart yourweb server for the changes to take effect.

See how to install a web server and review configuration settings

Starting and connecting to your web server

Apache Web Server starts automatically upon bootup. However, just like an FTPserver, you need to know how to manually start, stop and restart your web server.Here's how:

To start your web server, type /etc/init.d/apache2 start and press Enter.1.To stop your web server, type /etc/init.d/apache2 stop and press Enter.2.To restart your web server at any time, type /etc/init.d/apache2 restart and3.press Enter.

Connecting to your web server

In the real world, after installing a web server, you would go through a (sometimeslengthy) configuration process to name your server, configure addressing and setup one or more websites. After that, anyone can use the server name to connect to

Combining web andFTP services

You can use the web andFTP services together toenable users to uploadtheir own web pagecontent, or for you toupload content to theserver from anothercomputer. You first haveto configure the FTPserver so that itautomatically places youin the right directory forthis purpose. If you're just

your server. You can also connect to the server from the computer it's runningonfor example, open a web browser and type localhost or 127.0.0.1 in theaddress bar. You won't be able to tell other people to use localhost from anothercomputer, though. Localhost literally means "this computer." If you have an IPaddress they can access, use that instead of the server name. For example, theycould type 192.168.0.6 into their address bar and try to connect to your server.

Not all IP addresses are public, so if you're trying to share something across theinternet without a public address, it's not going to work. Contact your networkadministrator or ISP for assistance.

That wraps up the discussion on web servers. You'll get some practice installing anFTP server and a web server in the assignment for this lesson, so take a momentto review what you've learned so far to be prepared for hands-on learning.

Moving on

In this lesson, you learned how to install an FTP server and a web server, andreview their primary configuration files. Throughout this class, you learned skillsand techniques used by full-fledged Linux administrators such as working withsystem processes, automating tasks and managing Samba. If you felt this classwas worth your time and effort, consider taking other Linux classes offeredoccasionally through this learning center. Before moving on, be sure you workthrough the assignment and take the quiz for this lesson. Good luck with Linux!

setting this up for yourown use and no oneelse's, create a separatelogin account to use foruploading web pages.Then, add the followingline to your FTPconfiguration file:local_root=/var/www/html

Once you've made yourchanges, use thecommand/etc/init.d/vsftpd restart tomake sure the newsetting is loaded on yourFTP server.

Assignment #4

To reinforce what you learned in Lesson 4:

Install and set up a vsftpd server with the default settings (anonymous1.access).Install the Apache Web Server as described in the lesson. No fancy stuff2.necessaryjust a basic installation.Issue the netstat -a | grep apache2 command to confirm that the web server is3.running (listening).Stop the server, and then restart the web server.4.Test the connection to both servers.5.

Quiz #4Question 1:Which FTP server uses anonymous access by default?

A) ftpserverB) ftpdC) ftpserviceD) vsftpdQuestion 2:Which line in the vsftpd.conf file allows anonymous users to upload files to the FTP server?

A) anon_upload_enable=YESB) anon_write_enable=NOC) write_enable=YESD) upload_enable=YESQuestion 3:Which web server is commonly used in Debian?

A) IISB) ApacheC) HTTPD) WebdQuestion 4:True or False: The apache2 service starts automatically upon bootup.

A) TrueB) FalseQuestion 5:Which of the following programs can you use to check your IP address?

A) ipaddB) ifconfigC) ipcheckD) listif

2003 - 2010 Powered, Inc.

CourseSession 340967 Linux 301 v3

Documents

Transcript of CourseSession 340967 Linux 301 v3