Difference between revisions of "Linux Tutorial"
m |
(Added some steps to Ubuntu section Initial User Setup) |
||
| Line 48: | Line 48: | ||
=== Initial User Setup === | === Initial User Setup === | ||
| − | # <code>adduser <username></code> | + | # <code>ssh -i <keyname>.pem ubuntu@<ip of instance></code> |
| − | #* | + | #* Connects to the instance via ssh as the [[Linux_Tutorial#The_.22ubuntu.22_user|ubuntu account]] |
| − | # <code>adduser <username> sudo</code> | + | # <code>sudo adduser <username></code> |
| + | #* Adds a new user with the name <username> | ||
| + | #* Note that <username> could be e.g. ‘bob’, it doesn’t need to be (and really should not be) a Cornell netid, since you can optionally configure your instances to allow use of netid and netid passwords for project members | ||
| + | #* Multiple users may be added at the instance owner’s discretion. | ||
| + | # <code>sudo adduser <username> sudo</code> | ||
#* This will add <username> to the sudo group, which will enable <username> to easily install software and perform other administrative tasks without needing a root login. This has the advantage of making it more difficult to accidentally do something unfortunate to the system. | #* This will add <username> to the sudo group, which will enable <username> to easily install software and perform other administrative tasks without needing a root login. This has the advantage of making it more difficult to accidentally do something unfortunate to the system. | ||
| Line 85: | Line 89: | ||
# <code>ssh -i <keyname>.pem root@<ip of instance></code> | # <code>ssh -i <keyname>.pem root@<ip of instance></code> | ||
| − | #* Connects to the instance via ssh | + | #* Connects to the instance via ssh as the root account |
# <code>adduser <username></code> | # <code>adduser <username></code> | ||
#* Adds a new user with the name <username> | #* Adds a new user with the name <username> | ||
| Line 147: | Line 151: | ||
== Old Tutorial == | == Old Tutorial == | ||
| − | |||
| − | |||
| − | |||
On Red Hat/CentOS, the process is different; run visudo as root and add the line: | On Red Hat/CentOS, the process is different; run visudo as root and add the line: | ||
'''<username> ALL=(ALL) ALL''' | '''<username> ALL=(ALL) ALL''' | ||
Revision as of 14:00, 12 April 2018
This tutorial is intended as a basic introduction to Linux for users of Red Cloud services who are using a Linux Instance. There are two Linux distributions (AKA distros) available for images on Red Cloud: Ubuntu and CentOS. In this tutorial, you will learn how to add a user, install software using the distribution's package manager, how to enable remote password logins, and several related tips. There are some common commands between both distributions, and a section for the specific commands on Ubuntu and CentOS. While many commands are similar across Linux systems, package management, service control, and to a lesser extent, user management, are some of the areas that will differ from distribution to distribution. For another useful tutorial, please see the Cornell Virtual Workshop.
Definitions
This section contains some basic working definitions to help you through this tutorial if you have never used Linux before. This list and the definitions in it should not be considered authoritative.
directory - folder
terminal (A.K.A. console or shell) - a text-only user interface for interacting with an operating system's programs and services. This is where commands are entered.
command - a task for the computer to execute that is entered via the terminal
package - an archive of software and metadata that can be downloaded, installed, and removed via a package manager
root - the system administrative account with all the highest privileges, also known as the superuser. By default, most Linux distros have a single root account when installed, and no user accounts.
sudo - a program that allows a user to run commands with the privileges of another user, typically the root account. This is typically used by typing sudo before a command.
Basic Useful Commands
pwd- print working directory
ls- list directory contents
cd- change directory
Example:
cd ~will take you to your home directory mkdir <name>- make a directory with the specified name
man <command>- manual pages for the specified command
history- displays a list of commands that have been executed via the terminal
cat <file>- outputs the contents of a file to the terminal, with many other options available (check out
man catfor more info) grep <pattern>- prints lines matching a specified pattern. This is usually used with the
|command (pronounced "pipe") so that you can "pipe" the output from one command intogrepto effectively search it.Example:
history | grep mkdirwould search the history output for each time themkdircommand was executed, thus determining all the directories you had created.
If you have not already, it would also be good to familiarize yourself with how to connect to Linux machines remotely.
Text Editors
Since the default interaction with a Linux Instance is through a terminal, it may be useful to familiarize yourself with at least one text editor that can be used in the terminal. Here are a few, with links to get more information about them, but there are more.
vim- Vim is often already installed with many Linux distros, and is therefore useful to learn. There are many online tutorials, but you can also simply type
vimtutorin the terminal to learn how to use vim. emacs- Emacs is a family of text editors including the very popular GNU Emacs. If you want to use it, it may be helpful to take a guided tour or to consult the manual.
nano- GNU nano is a simpler text editor than something like vim because it doesn't have modes, you simply type when it opens. If you'd like more information, consult the documentation.
Ubuntu
The "ubuntu" user
explain Ubuntu root user weirdness
Initial User Setup
ssh -i <keyname>.pem ubuntu@<ip of instance>- Connects to the instance via ssh as the ubuntu account
sudo adduser <username>- Adds a new user with the name <username>
- Note that <username> could be e.g. ‘bob’, it doesn’t need to be (and really should not be) a Cornell netid, since you can optionally configure your instances to allow use of netid and netid passwords for project members
- Multiple users may be added at the instance owner’s discretion.
sudo adduser <username> sudo- This will add <username> to the sudo group, which will enable <username> to easily install software and perform other administrative tasks without needing a root login. This has the advantage of making it more difficult to accidentally do something unfortunate to the system.
Installing Software
The package manager for Ubuntu is called apt (also see the Ubuntu docs on apt and aptitude). Here are some basic commands worth making sure you understand (again, man apt will help here):
sudo apt updatesudo apt upgradeapt search <package>sudo apt install <package>
It is recommended that you:
- Ensure your system is up-to-date after beginning an instance.
- Install the screen-saving program tmux, which is often useful in case your connection is dropped (either intentionally or unintentionally) or if you want to have multiple terminals available without needing to login each time
To find available packages (available from currently installed repositories), the following command may be used: apt search <package>. For instance, here are the first 6 results for apt search python:
p bpython - fancy interface to the Python interpreter p bpython-gtk - fancy interface to the Python interpreter p bpython-urwid - fancy interface to the Python interpreter p bpython3 - fancy interface to the Python3 interpreter p cairo-dock-plug-ins-dbus-interf - Python interface to interact with Cairo-Do p cantor-backend-python - Python backend for Cantor
Note that the ‘p’ in the first column means that no trace of package exists on the system (run man apt for more details).
CentOS
Initial User Setup
Once you have started a Linux Instance, you will want to connect using ssh and create a user account. You will first have to login as the root account and setup the user account yourself. It is advisable to setup the user account instead of continuing to use the root account. This section details how to correctly setup the user account on a CentOS image.
ssh -i <keyname>.pem root@<ip of instance>- Connects to the instance via ssh as the root account
adduser <username>- Adds a new user with the name <username>
- Note that <username> could be e.g. ‘bob’, it doesn’t need to be (and really should not be) a Cornell netid, since you can optionally configure your instances to allow use of netid and netid passwords for project members
- Multiple users may be added at the instance owner’s discretion.
passwd <username>- This will prompt you to set and verify a password for the user
- Note: if you do not run this command, a password will not be set for the user!
usermod -aG wheel <username>- This will add <username> to the sudo group, which will enable <username> to easily install software and perform other administrative tasks without needing a root login. This has the advantage of making it more difficult to accidentally do something unfortunate to the system.
mkdir ~<username>/.ssh- Creates a directory for the user to hold the public encryption key used in ssh
- Note: The
.sshfolder is hidden to thelscommand by default because of the "." at the beginning. You can see all folders by sending thels -acommand.
cp ~/.ssh/authorized_keys ~<username>/.ssh- This copies the public key to the correct place for the user to be able to ssh
chmod 700 -R ~<username>/.ssh/- Changes the access permissions on the folder and all files contained within.
vim /etc/ssh/sshd_config- Change the line that says
Password Authentication yesto saynoinstead - You could also use your preferred text editor
- Change the line that says
systemctl restart sshdexitssh -i <keyname>.pem <username>@<ip>- At this point your user should be set up to ssh
sudo yum update- This makes sure the system is up-to-date
- You can now begin Installing Software
SSH Security
Once you have set up a user with sudo privileges and ensured that you can indeed login and perform sudo commands successfully (it would be good to test this to be sure), you may want to secure the root login by disabling it.
Disable root login: This must be done while logged in either as root or your user with sudo privileges.
vim /etc/ssh/sshd_config- Change the the line
PermitRootLogin yestoPermitRootLogin no - Note: if this line is commented out (with a
#character in the front), you will need to uncomment it. service sshd restart
When you exit, you should verify that you cannot login as root, but that you can still login as your user.
For more information on SSH Security, see the CentOS guide on Securing OpenSSH.
Installing Software
The package manager for CentOS is called yum. Here are some basic commands worth making sure you understand (again, man yum will help here):
yum check-updatesudo yum updateyum search <package>sudo yum install <package>
It is recommended that you:
- Ensure your system is up-to-date after beginning an instance.
- Install the screen-saving program tmux, which is often useful in case your connection is dropped (either intentionally or unintentionally) or if you want to have multiple terminals available without needing to login each time
Old Tutorial
On Red Hat/CentOS, the process is different; run visudo as root and add the line: <username> ALL=(ALL) ALL
To log in as the new user: ssh <username>@localhost
You can replace localhost with the public IP of the machine if you are logging in remotely, instead of from an existing root login on the instance. Controlling SSH authentication, needed for logging in, is beyond the scope of this article, but we will say that for password authentication to work, you may need to change the PasswordAuthentication to 'yes' in /etc/ssh/sshd_config, and restart the ssh daemon. Restarting daemons varies from system to system, but can be done by stopping and starting the instance if it is based on an EBS image.
Alternatively, the recommended approach is to use a public-private keypair. First, as your user, generate a keypair: ssh-keygen -f username creates two files in the current directory; username.pub is the public key, which you could append to the users ~/.ssh/authorized_keys on your server. The username file should be copied (using your root credentials) and sent securely to the user who needs it. That user can then login like so (note the first <username> corresponds to the private key file we generated):
ssh -i /path/to/<username> <username>@localhost
On the server, make sure the user's .ssh directory has correct permissions:
chmod 700 ~username/.ssh