Tag Archives: ubuntu

How to Manage Users with Groups in Linux | Linux.com


When you administer a Linux machine that houses multiple users, there might be times when you need to take more control over those users than the basic user tools offer. This idea comes to the fore especially when you need to manage permissions for certain users. Say, for example, you have a directory that needs to be accessed with read/write permissions by one group of users and only read permissions for another group. With Linux, this is entirely possible. To make this happen, however, you must first understand how to work with users, via groups and access control lists (ACLs).

We’ll start from the beginning with users and work our way to the more complex ACLs. Everything you need to make this happen will be included in your Linux distribution of choice. We won’t touch on the basics of users, as the focus on this article is about groups.

For the purpose of this piece, I’m going to assume the following:

You need to create two users with usernames:

You need to create two groups:

Olivia needs to be a member of the group editors, while nathan needs to be a member of the group readers. The group readers needs to only have read permission to the directory /DATA, whereas the group editors needs to have both read and write permission to the /DATA directory. This, of course, is very minimal, but it will give you the basic information you need to expand the tasks to fit your much larger needs.

I’ll be demonstrating on the Ubuntu 16.04 Server platform. The commands will be universal—the only difference would be if your distribution of choice doesn’t make use of sudo. If this is the case, you’ll have to first su to the root user to issue the commands that require sudo in the demonstrations.

Creating the users

The first thing we need to do is create the two users for our experiment. User creation is handled with the useradd command. Instead of just simply creating the users we need to create them both with their own home directories and then give them passwords.

The first thing we do is create the users. To do this, issue the commands:

sudo useradd -m olivia

sudo useradd -m nathan

We have now created our users. If you look in the /home directory, you’ll find their respective homes (because we used the -m option, which creates a home directory).

Next each user must have a password. To add passwords into the mix, you’d issue the following commands:

sudo passwd olivia

sudo passwd nathan

When you run each command, you will be prompted to enter (and verify) a new password for each user.

That’s it, your users are created.

Creating groups and adding users

Now we’re going to create the groups readers and editors and then add users to them. The commands to create our groups are:

addgroup readers

addgroup editors

That’s it. If you issue the command less /etc/group, you’ll see our newly created groups listed (Figure 1).

With our groups created, we need to add our users. We’ll add user nathan to group readers with the command:

sudo usermod -a -G readers nathan

We’ll add the user olivia to the group editors with the command:

sudo usermod -a -G editors olivia

Now we’re ready to start managing the users with groups.

Giving groups permissions to directories

Let’s say you have the directory /READERS and you need to allow all members of the readers group access to that directory. First, change the group of the folder with the command:

sudo chown -R :readers /READERS 

Next, remove write permission from the group with the command:

sudo chmod -R g-w /READERS

Now we remove the others x bit from the /READERS directory (to prevent any user not in the readers group from accessing any file within) with the command:

sudo chmod -R o-x /READERS

At this point, only the owner of the directory (root) and the members of the readers group can access any file within /READERS.

Let’s say you have the directory /EDITORS and you need to give members of the editors group read and write permission to its contents. To do that, the following command would be necessary:

sudo chown -R :editors /EDITORS

sudo chmod -R g+w /EDITORS

sudo chmod -R o-x /EDITORS

At this point, any member of the editors group can access and modify files within. All others (minus root) have no access to the files and folders within /EDITORS.

The problem with using this method is you can only add one group to a directory at a time. This is where access control lists come in handy.

Using access control lists

Now, let’s get tricky. Say you have a single folder—/DATAand you want to give members of the readers group read permission and members of the group editors read/write permissions. To do that, you must take advantage of the setfacl command. The setfacl command sets file access control lists for files and folders.

The structure of this command looks like this:

setfacl OPTION X:NAME:Y /DIRECTORY

Where OPTION is the available options, X is either u (for user) or g (for group), NAME is the name of the user or group, and DIRECTORY is the directory to be used. We’ll be using the option -m for modify. So our command to add the group reader for read access to the /DATA directory would look like this:

sudo setfacl -m g:readers:rx -R /DATA

Now any member of the readers group can read the files contained within /DATA, but they cannot modify them.

To give members of the editors group read/write permissions (while retaining read permissions for the readers group), we’d issue the command;

sudo setfacl -m g:editors:rwx -R /DATA 

The above command would give any member of the editors group both read and write permission, while retaining the read-only permissions to the readers group.

All the control you need

And there you have it. You can now add members to groups and control those groups’ access to various directories with all the power and flexibility you need. To read more about the above tools, issue the commands:

  • man usradd

  • man addgroup

  • man usermod

  • man sefacl

  • man chown

  • man chmod

Learn more about Linux through the free “Introduction to Linux” course from The Linux Foundation and edX.

Photon Could Be Your New Favorite Container OS | Linux.com


Containers are all the rage, and with good reason. As discussed previously, containers allow you to quickly and easily deploy new services and applications onto your network, without requiring too much in the way of added system resources. Containers are more cost-effective than using dedicated hardware or virtual machines, and they’re easier to update and reuse.

Best of all, containers love Linux (and vice versa). Without much trouble or time, you can get a Linux server up and running with Docker and deploying containers. But, which Linux distribution is best suited for the deployment of your containers? There are a lot of options. You could go with a standard Ubuntu Server platform (which makes installing Docker and deploying containers incredibly easy), or you could opt for a lighter weight distribution one geared specifically for the purpose of deploying containers.

One such distribution is Photon. This particular platform was created in 2005 by VMware; it includes the Docker daemon and works with container frameworks, such as Mesos and Kubernetes. Photon is optimized to work with VMware vSphere, but it can be used on bare metal, Microsoft Azure, Google Compute Engine, Amazon Elastic Compute Cloud, or VirtualBox.

Photon manages to stay slim by only installing what is absolutely necessary to run the Docker daemon. In the end, the distribution comes in around 300 MB. This is just enough Linux make it all work. The key features to Photon are:

  • Kernel tuned for performance.

  • Kernel is hardened according to the Kernel Self-Protection Project (KSPP).

  • All installed packages are built with hardened security flags.

  • Operating system boots with validated trust.

  • Photon management daemon manages firewall, network, packages, and users on remote Photon OS machines.

  • Support for persistent volumes.

  • Project Lightwave integration.

  • Timely security patches and updates.

Photon can be used via ISO, OVA, Amazon Machine Image, Google Compute Engine image, and Azure VHD. I’ll show you how to install Photon on VirtualBox, using an ISO image. The installation takes about five minutes and, in the end, you’ll have a virtual machine, ready to deploy containers.

Creating the virtual machine

Before you deploy that first container, you have to create the virtual machine and install Photon. To do this, open up VirtualBox and click the New button. Walk through the Create Virtual Machine wizard (giving Photon the necessary resources, based on the usage you predict the container server will need). Once you’ve created the virtual machine, you need to first make a change to the settings. Select the newly created virtual machine (in the left pane of the VirtualBox main window) and then click Settings. In the resulting window, click on Network (from the left navigation).

In the Networking window (Figure 1), you need to change the Attached to drop-down to Bridged Adapter. This will ensure your Photon server is reachable from your network. Once you’ve made that change, click OK.

Select your Photon virtual machine from the left navigation and then click Start. You will be prompted to locate and attach the IOS image. Once you’ve done that, Photon will boot up and prompt you to hit Enter to begin the installation. The installation is ncurses based (there is no GUI), but it’s incredibly simple.

In the next screen (Figure 2), you will be asked if you want to do a Minimal, Full, or OSTree Server. I opted to go the Full route. Select whichever option you require and hit enter.

In the next window, select the disk that will house Photon. Since we’re installing this as a virtual machine, there will be only one disk listed (Figure 3). Tab down to Auto and hit Enter on your keyboard. The installation will then require you to type (and verify) an administrator password. Once you’ve done that, the installation will begin and finish in less than five minutes.

Once the installation completes, reboot the virtual machine and log in with the username root and the password you created during installation. You are ready to start working.

Before you begin using Docker on Photon, you’ll want to upgrade the platform. Photon uses the yum package manager, so login as root and issue the command yum update. If there are any updates available, you’ll be asked to okay the process (Figure 4).

Usage

As I mentioned, Photon comes with everything you need to deploy containers or even create a Kubernetes cluster. However, out of the box, there are a few things you’ll need to do. The first thing is to enable the Docker daemon to run at start. To do this, issue the commands:

systemctl start docker

systemctl enable docker

Now we need to create a standard user, so we’re not running the docker command as root. To do this, issue the following commands:

useradd -m USERNAME

passwd USERNAME

Where USERNAME is the name of the user to add.

Next we need to add the new user to the docker group with the command:

usermod -a -G docker USERNAME

Where USERNAME is the name of the user just created.

Log out as the root user and log back in as the newly created user. You can now work with the docker command without having to make use of sudo or switching to the root user. Pull down an image from Docker Hub and start deploying containers.

An outstanding container platform

Photon is, without a doubt, an outstanding platform, geared specifically for containers. Do note that Photon is an open source project, so there is no paid support to be had. If you find yourself having trouble with Photon, hop on over to the Issues tab in the Photon Project’s Github page, where you can read and post about issues. And if you’re interested in forking Photon, you’ll find the source code on the project’s official Github page.

Give Photon a try and see if it doesn’t make deploying Docker containers and/or Kubernetes clusters significantly easier.

Learn more about Linux through the free “Introduction to Linux” course from The Linux Foundation and edX.

How to Install and Use Docker on Linux | Linux.com


Containers are all the rage in IT — with good reason. Containers are lightweight, standalone packages that contain everything needed to run an application (code, libraries, runtime, system settings, and dependencies). Each container is deployed with its own CPU, memory, block I/O, and network resources, all without having to depend upon an individual kernel and operating system. And that is the biggest difference between a container and a virtual machine; whereas a virtual machine is a full-blown operating system platform, running on a host OS, a container is not.

Containers allow you to expand your company offerings (either internal or external) in ways you could not otherwise. For example, you can quickly deploy multiple instances of NGINX (even with multiple stagings — such as development and production). Unlike doing this with Virtual Machines, containers will not put nearly the hit on your system resources.

Docker makes creating, deploying, and managing containers incredibly simple. What’s best is that installing and using Docker is second-nature to the Linux platform.

I’m going to demonstrate how easy it is to install Docker on Linux, as well as walking you through the first steps of working with Docker. I’ll be demonstrating on the Ubuntu 16.04 Server platform, but the process is very similar on most all Linux distributions.

I will assume you already have Ubuntu Server 16.04 up and running and ready to go.

Installation

Since Ubuntu Server 16.04 is sans GUI, the installation and usage of Docker will be handled entirely through the command line. Before you run the installation command, make sure to update apt and then run any necessary upgrades. Do note, if your server’s kernel upgrades, you’ll need to reboot the system. Thus, you might want to plan to do this during a time when a server reboot is acceptable.

To update apt, issue the command:

sudo apt update

Once that completes, upgrade with the command:

sudo apt upgrade

If the kernel upgrades, you’ll want to reboot the server with the command:

sudo reboot

If the kernel doesn’t upgrade, you’re good to install Docker (without having to reboot). The Docker installation command is:

sudo apt install docker.io

If you’re using a different Linux distribution, and you attempt to install (using your distribution’s package manager of choice), only to find out docker.io isn’t available, the package you want to install is called docker. For instance, the installation on Fedora would be:

sudo dnf install docker

If your distribution of choice is CentOS 7, installing docker is best handled via an installation script. First update the platform with the command sudo yum check-update. Once that completes, issue the following command to download and run the necessary script:

curl -fsSL https://get.docker.com/ | sh

Out of the box, the docker command can only be run with admin privileges. Because of security issues, you won’t want to be working with Docker either from the root user or with the help of sudo. To get around this, you need to add your user to the docker group. This is done with the command:

sudo usermod -a -G docker $USER

Once you’ve taken care of that, log out and back in, and you should be good to go. That is, unless your platform is Fedora. When adding a user to the docker group to this distribution, you’ll find the group doesn’t exist. What do you do? You create it first. Here are the commands to take care of this:

sudo groupadd docker && sudo gpasswd -a ${USER} docker && sudo systemctl restart docker

newgrp docker

Log out and log back in. You should be ready to use Docker.

Starting, stopping, and enabling Docker

Once installed, you will want to enable the Docker daemon at boot. To do this, issue the following two commands:

sudo systemctl start docker

sudo systemctl enable docker

Should you need to stop or restart the Docker daemon, the commands are:

sudo systemctl stop docker

sudo systemctl restart docker

Docker is now ready to deploy containers.

Pulling images

For Docker, images serve as the building blocks of your containers. You can pull down a single image (say NGINX) and deploy as many containers as you need from that image. To use images, you must first pull them onto your system. Images are pulled from registries and your Docker installation includes usage of the default Docker Hub — a registry that contains a large amount of contributed images (from official images to user-contributed).

Let’s say you want to pull down an image for the Nginx web server. Before doing so, let’s check to see what images are already to be found on our system. Issue the command docker images and you should see that no images are to be found (Figure 1).

Let’s fix that. We’ll download the Nginx image from Docker Hub with the command:

docker pull nginx

The above command will pull down the latest (official) Nginx image from Docker Hub. If we run the command docker images, we now see the image listed (Figure 2).

Notice I said “official” Nginx image? You will find there are plenty of unofficial Nginx images to be found on Docker Hub. Many of these unofficial images have been created to serve specific purposes. You can see a list of all Nginx images, found on Docker Hub, with the command

docker search nginx

As you can see (Figure 3), there are Nginx images to be had for numerous purposes (reverse proxy, PHP-FPM-capable, LetsEncrypt, Bitnami, Nginx for Raspberry Pi and Drupal, and much more).


Say, for example, you want to pull down the Nginx image with reverse proxy functionality built in. That unofficial image is called jwilder/nginx-proxy. To pull that image down, issue the command:

docker pull jwilder/nginx-proxy

Issue the command docker images to see the newly pulled images (Figure 4).

As a word of caution, I recommend only working with the official images, as you cannot be certain if an unofficial image will contain malicious code.

You now have images, ready to be used for the deploying of containers. When next we visit this topic, we’ll begin the process deploying those containers, based on the Nginx image.

Docker is an incredibly powerful system that can make your job easier and your company more flexible and agile. For more information on what Docker can do, issue the command man docker and read through the man page.

Learn more about Linux through the free “Introduction to Linux” course from The Linux Foundation and edX.

5 Coolest Linux Terminal Emulators | Linux.com


Sure, we can get by with boring old GNOME terminal, Konsole, and funny, rickety, old xterm. When you’re in the mood to try something new, however, take a look at these five cool and useful Linux terminals.

Xiki

Number one on my hit parade is Xiki. Xiki is the brainchild of Craig Muth, talented programmer and funny man (funny as in humorous, and possibly other senses of the word as well). I wrote about Xiki so long ago, in Meet Xiki, the Revolutionary Command Shell for Linux and Mac OS X. Xiki is much more than yet another terminal emulator; it’s an interactive environment for expanding the reach and speed of your command-line interface.

Xiki has mouse support and runs in most command shells. It has tons of on-screen help and is fast to navigate with the keyboard or mouse. One simple example of its speed is how it turbocharges the ls command. Xiki zooms through multiple levels in your filesystem without having to continually re-type ls or cd, or resort to clever regular expressions.

Xiki integrates with many text editors, provides a persistent scratchpad, has a fast search engine, and, as they say, much much more. Xiki is so featureful and so different that the fastest way to wrap your head around it is to watch Craig’s funny and informative videos.

Cool Retro Term

I dig Cool Retro Term (shown in main image above) for its looks, and also its usefulness. It takes us back to the era of cathode ray tube monitors, which wasn’t all that long ago, and which I have zero nostalgia for. Pry my LCD screens from my cold dead etc. It is based on Konsole, so it has Konsole’s excellent functionality. Change Cool Retro Term’s appearance from the Profiles menu. Profiles include Amber, Green, Pixelated, Apple ][, and Transparent Green, and all include a realistic scanline. Not all of them are usable, for example the Vintage profile warps and flickers realistically like a dying screen.

Cool Retro Term’s GitHub repository has detailed installation instructions, and Ubuntu users havethe PPA.

Sakura

When you want a nice lightweight and configurable terminal, try Sakura (Figure 1). It has few dependencies, unlike GNOME Terminal and Konsole, which drag in big chunks of GNOME and KDE. Most options are configurable from the right-click menu, such as tab labels, colors, size, default number of tabs, fonts, bell, and cursor type. You can set more options, for example keybindings, in your personal configuration file, ~/.config/sakura/sakura.conf.

Command-line options are detailed in man sakura. Use these to lauch Sakura from the command line, or use them in your graphical launcher. For example, this opens to four tabs and sets the window title to MyWindowTitle:

$ sakura -t MyWindowTitle -n 4

Terminology

Terminology comes from the lushly lovely world of the Enlightenment graphical environment and can be prettified all you want (Figure 2). It has a lot of useful features: independent split windows, open files and URLs, file icons, tabs, and gobs more. It even runs in the Linux console, without a graphical environment.

When you have multiple split windows each one can have a different background, and backgrounds are any media file: image files, video, or music. It comes with a bundle of dark themes and transparency, because who needs readability, and even a Nyan cat theme. There are no scroll bars, so navigate up and down with Shift+PageUp and Shift+PageDown.

There are multiple controls: a right-click menu, context dialogs, and command-line options. The right-click menu has the tiniest fonts in the universe, and Miniview displays a microscopic file tree. If there are options to make these readable I did not find them. When you have multiple tabs open click the little tab browser to open a chooser that scrolls up and down. Everything is configurable; consult man terminology for a list of commands and options, including a nice batch of fast keyboard shortcuts. Strangely, this does not include the following commands, which I found by accident:

  • tyalpha
  • tybg
  • tycat
  • tyls
  • typop
  • tyq

Use the tybg [filename] command to set a background, and tybg with no options to remove the background. Run typop [filename] to open files. tyls lists files in icon view. Run any of these commands with the -h option to learn what they do. Even with the readability quirks, Terminology is fast, pretty, and useful

Tilda

There are several excellent drop-down terminal emulators, including Guake and Yakuake. Tilda (Figure 3) is one of the simplest and most lightweight. After opening Tilda it stays open, and you display or hide it with a shortcut key. The tilda key is the default, and you can map any key you like. It’s always open and ready to work, but out of your way until you need it.

Tilda has a nice complement of options, including default size and placement, appearance, keybindings, search bar, mouse hover, and tab bar. These are controlled with a right-click menu.

Learn more about Linux through the free “Introduction to Linux” course from The Linux Foundation and edX.

Samsung to Bring Linux to the Galaxy Phone » Linux Magazine


The same year Canonical decide to pull out of the consumer space, Samsung is bringing a pure desktop Linux experience to PCs. Unlike Apple, Google, or Microsoft, Samsung doesn’t have any tightly integrated offering for professionals who need a desktop to get work done. Samsung came out with DeX, an accessory for Samsung Galaxy phones that connected with a monitor and offers a desktop-like interface. It’s an experience similar to Ubuntu Dock or Motorola Atrix Webtop.

However, the desktop experience was subpar compared with macOS or Windows. Samsung is now looking at desktop Linux for DeX. “Installed as an app, Linux on Galaxy gives smartphones the capability to run multiple operating systems, enabling developers to work with their preferred Linux-based distributions on their mobile devices. Whenever they need to use a function that is not available on the smartphone OS, users can simply switch to the app and run any program they need to in a Linux OS environment,” Samsung said in a press release.

Samsung is quite ambitious about the project, the company is also luring developers, a market that already has a strong hold on desktop Linux. “Now developers can code using their mobile on-the-go and seamlessly continue the task on a larger display with Samsung DeX,” said the company.

While it’s currently in the trial phase, Samsung plans to bring DeX to larger displays. If it does gain mindshare, Samsung might even consider desktop Linux-powered laptops.

One advantage Samsung has over traditional desktop Linux distributions is that Samsung owns the entire hardware chain, from touchscreen to storage. It will be relatively easier for Samsung to offer a fully polished desktop Linux experience compared with a community-based distro, where developers either rely on reverse engineering or are at the mercy of hardware vendors to offer drivers.

Desktop Linux users may finally see the year of Linux. “Linux on Galaxy is made even more powerful because it is DeX-enabled, giving developers the ability to create content on a large screen, powered only by their mobile devices. This represents a significant step forward for software developers, who can now set up a fully functional development environment with all the advantages of a desktop setting that is accessible anytime, anywhere. Samsung Linux on Galaxy is still a work in progress,” said Samsung.

If you are interested in an early notification of availability, please sign up.



Source link