Intro to command line

A Linux web server is generally set up exclusively using the command line. For those with experience using MS-DOS and Apple computers, this just requires a little readjustment, but for those who have never used a command line interface, this will be something brand-new and may initially be a source of frustration as the command line is not in the least bit intuitive. However, over time, users usually find the command line interface to be superior for getting work done. Much can be accomplished through quick keyboard commands, typically memorized through repetition of use, and editing of configuration files that often include instructions on how to configure the settings.

For those who are new to Linux, please be aware that Linux is very precise and largely unintuitive. Instructions cannot be cast aside as with furniture assembly instructions to be later reviewed for the one or two difficult steps. Instructions should be read carefully and thoroughly before beginning any actual work. This may seem like extra work, but it actually reduces the work and makes the whole process more enjoyable. Most creators of instructions have a contact option included in or near the instructions and most of the time will respond to questions fairly quickly with a non-judgmental and patient attitude toward new users.

Interfacing with the server
There are generally two ways to work on a server. One way is to have a keyboard and monitor connected to the machine. The second, more popular, way is to connect to the server remotely from a regular desktop computer or other device, typically using a secure shell, more commonly known as SSH.

Keys
SSH uses public-key cryptography, which means there are two keys used - one for encryption and one for decryption. Typically, each device a user has will have its own key pair.

Public key
The public key is used to encrypt the information. This information can only be decrypted with the private key. In usage with SSH, the public key is placed on the device to be logged into. That device, when sending information to the user, will encrypt the information using this key. This is why it is called the 'public' key - it is safe to expose to the public, in fact this is its intended use.

Private key
The private key is the only key that may be used to decrypt information encrypted with the public key. Since the private key is the only way to decrypt the message, it can be used as a very effective user authentication tool which can prevent brute-force attacks from penetrating a server.

This is why it is common practice for each device to have its own key pair - in the event that a private key is compromised (a stolen laptop, for example), the user can log into servers that use the public key for user authentication and remove the public key, preventing the compromised private key from being used to infiltrate the servers.

Windows SSH client
Windows does not have a native OpenSSH client and since Ubuntu runs OpenSSH Server, Windows users will need to install a client.

Install PuTTY SSH client
Download the Windows installer for everything except PuTTYtel and run the installer. Open PuTTYgen. Change the number of bits in the generated key to 4096, click Generate, and move the mouse randomly in the box as instructed. Enter the device name in the 'Key comment' field – this is a name that is used to refer to this device, e.g. homedesktop, or whatever.

Copy the "Public key for pasting into OpenSSH authorized_keys file". This is a big key, so make sure to highlight the whole thing. It will start with  and end with whatever was entered into the Key comment field. Paste it into a text document and save, perhaps naming it with the device name followed by OpenSSH Public Key.

Click ‘Save public key’ and give the file a name such as 'device Public Key'.

The Key Passphrase is optional, but if used, it can protect the server from someone who gains control of a device before the administrator disables the device’s public key on the server. Usually this password is not very complex as it will have to be used every time the key is used, which is every time the user logs into the server, and it only really serves the purpose of slowing down the would-be hacker with the compromised device key because the key pair is what prevents everyone else from logging into the server.

Save the private key and use a name similar to what was used with the public key files. Wherever the keys are saved on the device, be sure not to move them around. The private key will be used to log onto the server with various different programs, including PuTTY and an FTP client.

PuTTY has some very convenient features that can make working with it rather pleasant. To copy something from the session, simply highlight the desired text and it will automatically be copied to the clipboard. To paste into PuTTY, simply move the cursor to desired location to paste and right-click anywhere inside the PuTTY window and the text will be pasted in. Keep in mind that SSH sessions do not allow using the mouse for navigation - everything is done through the keyboard, so navigation will be done with the cursor and using the arrow, page down, page up, end, and home keys, and on some programs the space bar and shift+space bar for page up and page down, respectively.

Text editors
An important part of using the command line is also using a text editor, both on the server and the client device. When editing text files on the local device, it is not advisable to use a word processor as this can cause formatting issues with the text and characters.

Linux command line
There are many text editors for Linux command line, but for the beginner, nano is usually the easiest to use and can do pretty much everything necessary for configuring a server. Some useful tips on using nano include pressing  to find specific text, particularly useful when dealing with larger configuration files. It may be a good idea to get in the habit of saving a file immediately after making changes. If a change is made to a file and then exited, nano will ask if it should save the changes made. If a change was an accident, e.g., accidentally typing or deleting something, then this will be saved and likely cause an error that will be difficult to track down. By always saving immediately after making changes, it makes it easier to think back to whether or not the changes made that nano is asking about should be saved.

Windows
In Windows, the default text editor is Notepad, which may be used for editing any Linux text file, but has very limited features. For most text editing, Notepad++ is vastly superior to Notepad. It has tabs, themes (selecting 'Black board' in the style configurator is similar to SSH in PuTTY), and other advanced features such as showing where brackets open and close, saving in virtually any format, and find & replace, which can work across tabs and even whole directories and their sub-directories. All that and more, and it’s free!

Filesystem permissions
Filesystem permissions are a very important concept to understand, as they are fundamental to everything done in Linux. It is not required that new administrators be experts in all aspects of permissions, but understanding a few fundamentals is necessary.

Classes
There are three classes which can each be assigned their own set of permissions.

Owner
The owner is assigned to any of the users in Linux, and processes are assigned to users during installation of the software. In Linux, a file or directory created by a user will automatically be owned by that user.

Group
Any user may be assigned to any group or any number of groups. Processes running in Linux are usually assigned to groups when the software is installed. Groups have their own set of permissions on files and directories, which will apply to all members of the group. A new file or directory will be assigned to the primary group of the creator unless  has been set on the parent directory, in which case Linux will assign the new file or directory to the group of the parent directory.

Other
If a user is not the owner or a member of the group a file or directory has been assigned to, then the set of permissions for other will apply.

Permissions
There are three permissions that can be assigned to each class.

Read
For files, the read permission allows for reading of the file. For directories, the read permission allows for viewing of the contents of the directory.

Write
For files, the write permission allows for modifying of the file. For directories, the write permission allows for modifying the entries in the directory, including creating new files, renaming files and deleting files.

Execute
For files, the execute permission allows a file to be executed. For directories, it allows entries to be opened.

Root
The root user can change permissions to every file and directory on the system and has full permissions to all files and directories not assigned to it. This is why it is important to guard root access. However, sometimes it is desirable to be fully logged in as root so that the the user does not have to type  hundreds of times in a row. A user session can be elevated to a root session with the command. To return to the regular user session, enter the command.

sudo
The  command in Ubuntu will elevate permissions of any member of the   group to   for whatever command follows it. This allows users with lesser permissions to gain  permissions when needed. The  command only requires password entry for its first use in a session or after 15 minutes of not using the   command.

Viewing ownership and permissions
File and directory ownership, for both owners and groups, and permissions can be easily viewed and modified (modification is discussed later).

Linux will display permissions in symbolic notation, but it is usually easier when making changes to permissions to use octal notation, which is also the most common way that permissions are discussed in references such as books, tutorials, blogs, forums, etc. The chart below demonstrates what each symbolic notation and each octal notation looks like for the given permission set. Note that this chart is not exhaustive of the permutations and is only for demonstrating how each permission set looks as assigned in all classes.

Parent directories and sub-directories
If a parent directory has more strict permissions than that of its sub-directories, the parent's permissions will take precedence. This is true for the entire chain of sub-directories.

Where and who
When logging into Linux, the user always starts out in the user's home directory, located at. The command prompt will always state the user's current location on the server, and the home directory location will be annotated as  with the   meaning the user is in the home directory of the user the session has logged in as and the   meaning the user is operating with   level permissions. When using the shell as root, the command prompt will use a  and state   if in the home directory. Other locations will be identified in the command prompt by the full directory location. For example, when the user is in the  directory, the command prompt would be   or.

Standard entry of commands
Programs in Linux that are used from the command line are assigned unique commands. Linux will always evaluate a command line from left to right. For example, the command for accessing the nano text editor is. To open a document, simply enter  into the command prompt and nano will attempt to open the document.

A command may be executed on a specific location. For example, the file  can be read while in any directory by entering.

Some commands may have options, which are usually invoked by entering the option after the command. For example, nano can open a file and go to a specific line and column by entering. Entering  will open   and place the cursor at line 33, column 1 (the default column when a column is not specified). Other options may use a  before the option, for example   prints the current version and licensing info for.

Man pages
Most commands have an associated man page. This page can be found by using the command  followed by the command it is desired to learn about. The man pages are typically brief explanations on how to use a given command. For an even quicker reference, many commands include a help option that will print out when the  option is entered after the command, for example.

Command entry shortcuts
Pressing the up arrow key will cycle through the last commands entered into the command line, starting with the most recent. The down arrow can then be used to cycle back down, all the way to the current command line. Each of these cached lines can also be edited.

Pressing tab after entering text will tell Linux to find which command the user is trying to use based on the text entered so far. If there is not a unique match for the text, Linux will give a beep that it doesn't have enough information to complete the entry. Pressing tab a second time will list all commands that start with the current text entered. For example, entering  and pressing tab twice lists the ,  ,   and   commands. However, typing  and pressing tab enters the command nano with a space after it.

Navigation
Navigating the filesystem is accomplished with the  command. To navigate to a sub-directory of the current directory, enter,  , etc. To navigate to a directory that is not a subdirectory of the current directory, enter  , cd  , etc. To navigate to the parent directory of the current directory, enter.

Linux is case sensitive on file and directory locations, so take care to note if the file or directory being navigating to uses any upper-case letters.

Files and directories can be 'hidden' by using a  before the file or directory name, though hidden entries will always be displayed when using the   command.

Navigation shortcut
The tab button can be used for navigation in the same way it is used in commands. Entering the first characters of a directory or file name will tell Linux to find which location the user is trying to enter, and pressing tab twice when there are not enough characters entered will list all available locations based on the text entered. This shortcut may also be used in stages for faster entry. For example, +tab updates to , after which adding  +tab will update to   and beep. Then entering  and tab will update with the full location. This works will all commands using navigation.

Common and useful commands
The best way to learn commands is to use them. Staring at lists of commands and trying to memorize them is both boring and ineffective. Commands are usually memorized through repitition of use. For rarely used commands, a browser's bookmark feature is a great solution, although it should be noted that obscure blogs can go away, get rewritten, links changed, and the same can even happen for large forums, such as happened with ubuntuforums.org, rendering bookmarks to greatly useful posts worthless. Another option is to save the webpages to a directory, keep notes somewhere convenient, or add a new article to this wiki!

There are, however some commands that will be used on a very regular basis. Below is a list of very common commands that all users should be able to use at any moment.

Note that nearly everything in Linux is case-sensitive, and most commands are entered as lower-case, including all of the commands below.

cd
Used to change directory of the command prompt and is discussed above.

ll
The  command is used to list the contents of a directory. While there are other commands, such as, to accomplish the same thing,   is typically more useful as it will list ownership and permissions for each file and directory as well as listing hidden files and directories. If the directory being queried is particularly large, using the  option after the directory location will allow for viewing the contents of the directory (navigated with page up/page down) more easily and can be exited by pressing.

cp
The  command is used to copy files or directories. When using the command, the new file or directory can also be given a new name. For example,. The new file or directory can be in the same directory as the one being copied. This is useful for backing up configuration files before editing or copying configuration files that are being applied to new items, such as virtual servers in nginx.

mv
The  command is used to move files or directories. For example,. As with the  command, the moved file or directory may be in the same directory. This is usually the easiest way to rename a directory or file.

mkdir
The  command is used to create a new directory. Example:  or   to make a new sub-directory of the current directory.

rmdir
The  command removes the specified empty directory.

rm
The  command removes the targted file.

rm -rf
Running the  command with options   can be used to delete a directory and its contents. Caution! Linux has few built-in safety nets and will execute this command as permissions allow, so using root privilege to delete a directory containing vital system files will destroy the system! Additionally, there is no 'trash', so all deletions are permanent. On top of that, the user will not be asked to verify whether the target should be deleted, so pressing enter is all that's required to permanently delete the target!

nano
The  text editor has been discussed already in this article.

chown
The  command is used to change the owner or group a file or directory belongs to. For example,  will assign   as the owner of the directory or file specified. Using  will assign   as the owner and   as the group of the directory or file specified. Using the recursive option by entering  when changing user or group ownership on a directory will apply the changes to all files and subdirectories in the targeted directory.

Note that, as with all Linux commands, using  will depend on file and directory permissions, and typically will require root privileges to execute.

chmod
The  command is used to change the permission set of a file or directory. The permissions can be entered as symbolic notation or octal notation, but octal notation is typically preferred for speed of entry. A change is made by entering, example   sets the permissions on the   file to. The recursive option can used by entering  after   (before permission annotation).

Note that  often requires root privileges to execute.

setgid
It is possible to force all new entries created in a directory to always belong to the same group the parent directory belongs to. This is enabled by entering  instead of the permission annotation, for example,. When a directory has an  in the group write permissions, this means that   has been enabled. ( is always the current directory and   is the parent directory) Example:

Restarting services
It is often necessary to restart services after making changes to configuration files. This can be accomplished with, and nearly always requires root privileges.

reboot
The  command reboots the server and requires root privileges.

logout
The logout command will log the current user out of the session.

poweroff
This command will shutdown Ubuntu and turn the computer's power off. It is only used on physical machines, never virtual machines such as VPS and cloud servers. Powering off a cloud server will only shut down Ubuntu while the hosting company will continue to charge as if the server were running.

shutdown
The  command is not usually used as it only shuts down Ubuntu without powering off the enclosure, but is mentioned here as many new administrators mistakenly use it.

dig
As its man page description states: (domain information groper) is a flexible tool for interrogating DNS name servers. It performs DNS lookups and displays the answers that are returned from the name server(s) that were queried. Most DNS administrators use dig to troubleshoot DNS problems because of its flexibility, ease of use and clarity of output.

It can be particularly useful for seeing what other admins have done when setting up various different DNS records. The  modifier can be used to provide a terse answer instead of the default verbose answer. Below are some examples for viewing specific records (note that subdomain should be used when appropriate):

A records
username@servername:~$ dig example.com +short

AAAA records
username@servername:~$ dig example.com aaaa +short

DKIM records
username@servername:~$ dig -t txt selector._domainkey.example.com +short

DMARC records
username@servername:~$ dig -t txt _dmarc.example.com +short

DMARC RUF/RUA organization domain and reporting address different
username@servername:~$ dig -t txt example.com._report._dmarc.example.org +short

PTR records
username@servername:~$ dig -x  +short

SPF records
username@servername:~$ dig -t txt _spf.example.com

Files
When operating through command line, Linux generally does not distinguish filetypes in the same way that Windows does. A file can be named with nearly any character. When making a backup of a file, the backup can be named, for example.

Configuration files
Most software settings are changed by editing text files, and one of the most common is the configuration file, typically a file with,   or some variation of such on the end of it. It is standard for most configuration files to include instructions on various settings that can be set and changed in the file, with much greater detail on each option located on the developer's home page.

When an instruction states to change a parameter in a configuration file, there should generally be only one of that parameter in the file, as stated by the instruction. For example, an instruction may state to change parameter  and the file may contain two similar parameters   and. Only  should be changed. The other should be left alone unless otherwise stated by the instructions.

Commenting
Commenting in code is accomplished by using tags which inform the server to ignore any text written after the tag. This annotation is where the instructions may be found in a configuration file or as a form of informal documentation. However, different programs use different symbols for comments, and some require closing tags. Sometimes it may be preferable to comment out code instead of deleting it.

Configuration files and other files read by most Linux programs use the  symbol to comment out everything after it on that line, with one notable exception being PHP itself, for which the configuration files use.

PHP files (read by the PHP interpreter) have two options for commenting. One option, using the symbols  or , will comment out the line just as the   symbol does in configuration files. The second option requires a closing tag and is often used as a multi-line option where everything between  and   will be commented out.

HTML uses similar closing tags where everything between  will be commented out.

Often, an instruction may require uncommenting of a line, which is the removal of the comment to make the server read the line. The instruction my specifically state to 'uncomment' a line, but more often it may only state to change the line. If a line that an instruction states needs to be changed, but doesn't mention commenting or uncommenting the line, then most likely the line will need to be uncommented if found commented.

Initialize your server
Now that the very basics of using the command line interface have been covered, it's time to initialize the server for use.