Module #03 - Basic Sysadmin

Overview
Study Material
DF
PA
Extras

This module will continue our study of the Linux CLI but with a focus on elementary system administration tasks that you might encounter even if just managing your own Linux workstation or virtual instance in the cloud.

Topics Studied in this Module

T1 - sudo: The first topic of this module, will introduce tools needed when you have to execute a command with root privileges. This will come in handy as we are about to learn to manage user accounts on our Linux system in this module, and to manage software packages in the next. Both of these tasks are entry-level system administration tasks that advanced users may find themselves performing on their own Linux workstation.
T2 - Managing Users: This topic will allow you to learn to manage multiple user accounts on your Linux system.
T3 - Filesystem Permissions: We review the basic and ubiquitous permission scheme used on Linux & UNIX systems.

Learning Activities

This module features the following learning activities; DF, PA, GQ

Linux+ Exams Objectives

This module deals with material related to the following objectives from the CompTIA Linux+ and LPI certifications exams.

Exam LX0-101 - Objective 103.1 - Work on the command line
Exam LX0-101 - Objective 103.3 - Perform basic file management
Exam LX0-101 - Objective 104.5 - Manage file permissions & ownership
Exam LX0-102 - Objective 107.1 - Manage user & group accounts & related system files
Exam LX0-102 - Objective 110.1 - Perform security administration tasks

T1 - Becoming a Super-User

Our first topic is somewhat adhoc as it presents tools that you are going to need every time you want to run some other tools with "root" privileges. This offering is mostly focused on teaching you how to be a proficient user on the Linux platform, however, this will sometimes entail performing operations on your system which require privileges.

Installing or removing software packages is one of these operations since it affects your system as a whole. For this reason, we introduce the following tools in this module.

sudo & gksudo
Video Link: YouTube
This video reviews how to use sudo & gksudo to perform tasks with administrator privileges. We will be using this tool quite frequently since managing the software installed on your workstation is considered a system administration tasks and therefore requires root privileges.
Please note that, since Ubuntu 17.10 both gksu and gksudo have been deprecated. See the Extras tab of this module for links to possible replacements. Short story; sudo -H will do just fine for our needs.

The following reading assignment will give you an idea of how you might configure sudo on your system by editting the /etc/sudoers configuration file. It is an important aspect of securing a Linux system since it allows you to enforce the least privilege principle.

Reading Assignments
URL Link: Guillermo Garron's Tutorial on Sudoers
This tutorial post is a bit old, 2012, but still cover the fundamentals since these have not changed much since then.

Even though this course is not meant as an introduction to system administration, it helps taking a peek "under the hood" to gain a solid understanding of how things work. The following video will provide you with a brief overview of the syntax of the file used to configure sudo policies.

The sudoers File
Video Link: YouTube
We take a look at the /etc/sudoers file that allows you to identify users and grant them the ability to use the sudo command. Of particular interest is the fact that you may restrict what kind of commands they are allowed to run using sudo, which allows you to delegate privileged tasks to colleagues while still adhering to the least privilege principle.

Last but not least, practice reading manpages so that you are able to extract from them the information you need during exams. Hint, hint.

Reading Assignments: Man pages
URL Link: sudo & sudoedit
Make sure you read the manpage for the various tools illustrated in these videos. You will find above the links to the manpages.ubuntu.com site.

Reading Assignments: Man pages
URL Link: gksudo
While sudo & sudoedit are meant to run CLI tools with privileges, gksudo allows you to do the same with tools featuring a GUI. See the "breaking news" section in the "Extras" tab of this module for an update on available options to run graphical user interface tools with privileges.

T2 - Managing User Accounts

This topic will focus on managing user accounts on a Linux system. We will explore both CLI-based and GUI-based tools to do so. Please note that, since managing user accounts is a privileged operation, we will have to rely on the sudo tools.

Let us start by looking at the command line tools available to perform user accounts management.

User Accounts Management Tools
Video Link: YouTube
We start by looking at various command line tools used to create and delete user accounts. The adduser, deluser commands represent a high-level way to process the tasks at hand while useradd and userdel are lower level tools that only focus on the most basic aspects of user accounts management.

While the above tools are focused on user accounts, we have very similar tools that allow us to manage user groups.

Group Management Tools
Video Link: YouTube
This video review the command line tools used to create and delete user groups on a Linux system. The addgroup and delgroup commands are illustrated and correspond to high level tools to handle such tasks. We also mention the groupadd and groupdel commands which are their lower-level counterparts.

Now that you have a basic understanding of how the above tools operate, take a look at the corresponding manpages. You need to learn how to read manpages and refer back to them when faced with a new problem that will require you to figure out the available options and corresponding capability of a specific tool.

Reading Assignments: Man pages
URL Link: adduser deluser useradd userdel passwd
You will find above the links to the http://manpages.ubuntu.com/ site. However, it is always best to read manpages on your system itself. This way, you are always sure you are reading the version of the documentation corresponding to the version of the tool actually installed.

The following videos will supplement the above by showing you the GUI-based tools available to manage users.

Ubuntu Unity Tools
Video Link: YouTube
This video reviews the same operations with the new users managements tools available in Ubuntu 12.04LTS Unity desktop manager.

T3 - Filesystem Permissions

Permissions apply to both folders and files. They constitute your first line of defense in terms of securing who may or may not access contents.

The following sections of the Ryan Chadwick Linux Tutorial are assigned for this module;

Reading Assignments
URL Link: Ryan Chadwick's Linux Tutorial
The following sections of the Tutorial are assigned for this module;
- Permissions

To supplement the above reading assignment, and allow you to learn the material with a "live" perspective, take a look at the following videos.

chmod & symbolic permissions
Video Link: YouTube
This video examine the chmod tool and its user-friendly symbolic syntax used to set files and folders permissions, add specific permissions, or remove specific permissions. We also introduce the notation used by ls to display permissions of files or folders.

chmod & octal permissions
Video Link: YouTube
We revisit the use of chmod but using this time the octal integer notation for permissions. we also describe the significance of the octal digits by looking at permissions as binary vectors.

chown
Video Link: YouTube
We conclude with the use of the chown tool used to change ownership and group-ownership of both files and folders.

Now that the tools should feel familiar, take the time to study their respective manpages.

Reading Assignments: Man pages
URL Link: chmod chown
Take a look at the various available options for each commands so that you have a good idea of what they are able to do in addition to what was covered in the videos.

This Discussion Forum assignment will allow us to take a peek beyond the Ubuntu Linux distribution that we are using in this course and consider the many available flavors of Linux. The format we will adopt will be that of a pro vs. cons discussion.

Please note; since we are already using Ubuntu for this course, and most courses in the cybersecurity track are using Kali Linux, you are not allowed to pick these Linux distributions for this DF assignment. The point is for you to learn something new :)

To a new Linux Distribution!... and beyond?

We are now going to, once again, install a Linux virtual machine that will stand in addition to the Ubuntu one that you have already setup for the course. However, this time you will be the ones picking which Linux distribution you want to install. Keeping both virtual machines all semester long will allow you to jump back and forth and gain experience using multiple Linux environments.

In order to make the best out of this learning activity, remember to keep detailed notes, including screenshots when relevant.

Start by downloading the ISO image for the Linux distribution you selected, then install it as a VirtualBox virtual machine. You should be able to do so easily by following the notes you kept from the previous PA assignments. The installer of the Linux distribution itself might however be different; some will be easier, others more detailed. Keep notes and screenshots of what you have to do to get this new Linux distribution installed in its own virtual machine. Do not hesitate to post on the course forum dedicated to questions about the software used in this course to share your thoughts about it or problems you are bumping into.

During our first module, you watched videos showing you how to use the desktop, a basic text editor, and a file explorer. Together, these tools are the bare minimum to allow you to start working in a given environment.

Make sure you take detailed notes on how to perform the same tasks with your new Linux distribution. Pay particularly attentions to new ways to do things, maybe simpler or better, or situations where the new distribution is less practical to achieve a specific task. As with the previous step, feel free to post on the appropriate course forum to share your thoughts, discuss problems you bumped into, or ask for help.

Topic - Review of Linux Distributions

The idea of this DF is to have you discuss with one another the pro and cons of adopting a specific Linux distribution. Your post will be based on your experience, downloading, installing, and using a new Linux distribution. You may use Ubuntu as a baseline to which you will compare the new Linux distribution that you selected. Put yourself in the shoes of an IT professional who has been asked by his team to prepare a brief summary of what is good and what is less good about a given distribution. The underlying goal is to educate your colleagues / classmates on what that distribution would be good for.

You will note that some distributions are really specialized and offer turn-key solutions for security, multi-media hosting and streaming, media processing, or any other topic for which there was enough interest in the community to motivate people to build their own distribution. If you are interested in a specific aspect of IT, you should dig for a Linux distribution that is particularly suited for it.

Other distributions, such as Slackware, Gentoo or CoreOS, offer very different philosophies on what it means to distribute software. These might be worth your time if you want to be exposed to radically different distributions.

Requirements for your Posts

Your post will state arguments in favor, or against, the adoption of a Linux distribution of your choice. You will establish these with respect to Uhuntu Linux and your post should, at the very minimum, address the following considerations;

What is the primary goal for this distribution? e.g. desktop users, first time Linux enthusiasts, server-side...
What kind of open source license does the distribution favors? Does it allow for non open source software?
How frequent are the releases and what is the policy to determine when to release?
What kind of support is available? e.g. community-based or provided by a company (if so, what is the company backing the distribution)?
Where would one find more information about this distribution? e.g. official forums, official documentation, community websites...
What are the available options to install this distribution?
What architectures or platform is it available for? e.g. ARM, x86, Sparc...

Feel free to add to this list as it is only provided as a minimum requirement and different distributions will give you opportunities to bring up specific aspects not listed above.

Exercise #1 - Organizing your sudoers

Write down what you would put into your /etc/sudoers file in order to achieve the following goals;

Users tux, john and lise are in a user alias named POWERUSERS
The experimental commnands /bin/exp.one and /bin/exp.two are in a command group name EXPERIMENTAL
We allow our POWERUSERS to run the EXPERIMENTAL commands from an terminal and any networked system

Please note that you do not actually have to make modifications to the sudoers file or create any users accounts, but you do need to explain how you would achieve these conditions if these users/commands were real.

Exercise #2 - chmod symbolic syntax for file modes

Let us use the chmod symbolic syntax to add specific permissions to a file which already has permissions set. We do not want to simply overwrite all permissions with new ones but rather add or remove specific parts of the permissions.

For instance, create file named unreal in your home folder. Set the permissions on the file to rwx---r--, then modify the permissions so that everyone (i.e., the owner, owner’s group, and everyone else) can execute it.

Please note that you must add the necessary permissions onto the existing ones, do not simply override the existing permissions. If you do you will not receive credit even if the final permissions are correct.

Submit a screenshot of your shell output after you have completed these tasks, including your full name.

Exercise #3 - chmod symbolic syntax again

Let us use the same file that we used in the previous exercise. Override its permissions so that they become r-xr-xr-x but use, this time, the symbolic syntax to replace existing permissions rather than modify them.

Submit a screenshot with your shell output after you have run the necessary commands, also include your full name.

Exercise #4 - Using chown

How would you use chown in the following situation. You are logged in as user “joe” which belongs to two groups; your primary group is “students” and your secondary group is “project42”. Other users on your system might be in the “project42” group regardless of their primary group. How would you use what you learned to make a new directory /tmp/filesharing/ and set its permissions so that;

you, as owner, have RWX access
other users in the “project42” group have R-X access
other users have - - - access

Use symbolic notations to specify the permissions.

Explain, in your own words, how you would validate your solution.

Exercise #5 - User Management

Use a single command line to set the expiration date of an existing user account of your choice to January 1st 2030.

Reading Assignments: Man pages
URL Link: usermod
This manpage will help you achieve the above-defined goal. Make sure you develop the necessary skills to be able to get the information you need from the manpage of a tool you have never used before in order to accomplish a specific task; this is something that is expected of any IT professional.

This tab provides you with optional resources meant for those who want to learn a bit more about the topics covered in this module.

Breaking News

Replacement for gksu, tutorial at ItsFoss by Abhishek Prakash
Ubuntu Official announcement when they removed gksu and gksudo from release 17.10.

Linux Distributions

Here are links to some of the mainstream Linux distributions;

Debian family; [Ubuntu] [Debian]
Red Hat family; [RedHat Enterprise Linux] [CentOS] [Fedora]
Open Suse; [Open Suse]

You will also find a plethora of articles meant to help you identify the best Linux distribution to suit your needs (e.g., this one) or entire websites dedicated to compiling and ranking lists of available Linux distributions;

You will find, in the above, some mainstream distributions that feature interesting philosophies, especially including software packages management; e.g., Gentoo, Arch Linux

A particular mention is worth giving to Linux distributions that put a particular focus on preserving your privacy directly [Tails, Whonix], or indirectly by preventing you from installing, without even realizing it, closed-sources software [Trisquel].

Similarly, if you are looking for small distributions able to give new purpose to old hardware, or run inside a router, take a look at TinyCore. The following article, from the It is FOSS website, provides you with a recent surveys of some of the Linux distributions that are best suited for older hardware; 10 Best Lightweight Linux Distributions For Older Computers, by Mohd Sohail.

If your primary focus is on cybersecurity, besides the obvious Kali, you might also want to take a look at Parrot Linux or Tsurugi. See also this FossBytes review on the latter.

Last but not least, if you are interested in minimalist Linux installations to be deployed in clouds; Alpine, CoreOS, Project Atomic, Photon OS, Rancher OS

One more thing; there are also resources out there to help you figure out what distro is best suited for your needs. Make sure to give them a peek;

DistroTest allows you to conveniently give an actual try to a plethora of Linux distributions without leaving your browser.
Libre Hunt is a gentle introduction to the Linux world that also guides you through determining the distro that best suits you.
Distro Chooser aims at fulfilling the same goals than the above but relies on a survey-like approach of the user. They have currently a Beta of their next version.

Android distributions

Let me preface this section by stating the obvious; yes, Android is not the same as Linux. See this article from Android Authority to read about the basic arguments used in this discussion.

Now that we got this out of the way :) You may still be interested in exploring how the two platform relate so here are a few starting points to help you do so;

Canonical Anbox for Clouds is meant to help running Android apps on Linux. See also this FossBytes article.
Android x86 allows you to run Android on x86 platforms.
Samsung's DEX project was another interesting bridge between the two platforms. Check also out this YouTube video to clarify what it is. As of 2020, it is no longer supported but another similarly intended project might emerge soon.

Harley Hahn's Guide to UNIX and Linux

If you are interested in learning more about the Linux File System, I recommend you look for Harley Hahn's Guide to UNIX and Linux. It is unfortunately out of print but is a great (and entertaining) read about the topic.

The following sections of the above are particularly relevant to this module;

Section 14: Using the Shell: Initialization Files
Section 23 - The Unix Filesystem
Section 24 - Working with Directories
Section 25 - Working With Files