Intro to command line
A Linux web server is generally set up exclusively using the command line. For those with experience using MS-DOS and Apple computers, this just requires a little readjustment, but for those who have never used a command line interface, this will be something brand-new and may initially be a source of frustration as the command line is not in the least bit intuitive. However, over time, users usually find the command line interface to be superior for getting work done. Much can be accomplished through quick keyboard commands, typically memorized through repetition of use, and editing of configuration files that often include instructions on how to configure the settings.
For those who are new to Linux, please be aware that Linux is very precise and largely unintuitive. Instructions cannot be cast aside as with furniture assembly instructions to be later reviewed for the one or two difficult steps. Instructions should be read carefully and thoroughly before beginning any actual work. This may seem like extra work, but it actually reduces the work and makes the whole process more enjoyable. Most creators of instructions have a contact option included in or near the instructions and most of the time will respond to questions fairly quickly with a non-judgmental and patient attitude toward new users.
Interfacing with the server
There are generally two ways to work on a server. One way is to have a keyboard and monitor connected to the machine. The second, more popular, way is to connect to the server remotely from a regular desktop computer or other device, typically using a secure shell, more commonly known as SSH.
Keys
SSH uses public-key cryptography, which means there are two keys used - one for encryption and one for decryption. Typically, each device a user has will have its own key pair.
Public key
The public key is used to encrypt the information. This information can only be decrypted with the private key. In usage with SSH, the public key is placed on the device to be logged into. That device, when sending information to the user, will encrypt the information using this key. This is why it is called the 'public' key - it is safe to expose to the public, in fact this is its intended use.
Private key
The private key is the only key that may be used to decrypt information encrypted with the public key. Since the private key is the only way to decrypt the message, it can be used as a very effective user authentication tool which can prevent brute-force attacks from penetrating a server.
This is why it is common practice for each device to have its own key pair - in the event that a private key is compromised (a stolen laptop, for example), the user can log into servers that use the public key for user authentication and remove the public key, preventing the compromised private key from being used to infiltrate the servers.
Windows SSH client
Windows does not have a native OpenSSH client and since Ubuntu runs OpenSSH Server, Windows users will need to install a client.
Install PuTTY SSH client
Download the Windows installer and run the installer. Open PuTTYgen. Change the number of bits in the generated key to 4096, click Generate, and move the mouse randomly in the box as instructed. Enter the device name in the 'Key comment' field – this is a name that is used to refer to this device, e.g. homedesktop, or whatever.
Copy the "Public key for pasting into OpenSSH authorized_keys file". This is a big key, so make sure to highlight the whole thing. It will start with ssh-rsa and end with whatever was entered into the Key comment field. Paste it into a text document and save, perhaps naming it with the device name followed by OpenSSH Public Key.
Click ‘Save public key’ and give the file a name such as 'device Public Key'.
The Key Passphrase is optional, but if used, it can protect the server from someone who gains control of a device before the administrator disables the device’s public key on the server. Usually this password is not very complex as it will have to be used every time the key is used, which is every time the user logs into the server, and it only really serves the purpose of slowing down the would-be hacker with the compromised device key because the key pair is what prevents everyone else from logging into the server.
Save the private key and use a name similar to what was used with the public key files. Wherever the keys are saved on the device, be sure not to move them around. The private key will be used to log onto the server with various different programs, including PuTTY and an FTP client.
PuTTY has some very convenient features that can make working with it rather pleasant. To copy something from the session, simply highlight the desired text and it will automatically be copied to the clipboard. To paste into PuTTY, simply move the cursor to desired location to paste and right-click anywhere inside the PuTTY window and the text will be pasted in. Keep in mind that SSH sessions do not allow using the mouse for navigation - everything is done through the keyboard, so navigation will be done with the cursor and using the arrow, page down, page up, end, and home keys, and on some programs the space bar and shift+space bar for page up and page down, respectively.
Text editors
An important part of using the command line is also using a text editor, both on the server and the client device. When editing text files on the local device, it is not advisable to use a word processor as this can cause formatting issues with the text and characters.
Linux command line
There are many text editors for Linux command line, but for the beginner, nano is usually the easiest to use and can do pretty much everything necessary for configuring a server. Some useful tips on using nano include pressing ctrl+w to find specific text, particularly useful when dealing with larger configuration files. It may be a good idea to get in the habit of saving a file (ctrl+o) immediately after making changes. If a change is made to a file and then exited (ctrl+x), nano will ask if it should save the changes made. If a change was an accident, e.g., accidentally typing or deleting something, then this will be saved and likely cause an error that will be difficult to track down. By always saving immediately after making changes, it makes it easier to think back to whether or not the changes made that nano is asking about should be saved.
Windows
In Windows, the default text editor is Notepad, which may be used for editing any Linux text file, but has very limited features. For most text editing, Notepad++ is vastly superior to Notepad. It has tabs, themes (selecting 'Black board' in the style configurator is similar to SSH in PuTTY), and other advanced features such as showing where brackets open and close, saving in virtually any format, and find & replace, which can work across tabs and even whole directories and their sub-directories. All that and more, and it’s free!
Filesystem permissions
Filesystem permissions are a very important concept to understand, as they are fundamental to everything done in Linux. It is not required that new administrators be experts in all aspects of permissions, but understanding a few fundamentals is necessary.
Classes
There are three classes which can each be assigned their own set of permissions.
Owner
The owner is assigned to any of the users in Linux, and processes are assigned to users during installation of the software. In Linux, a file or directory created by a user will automatically be owned by that user.
Group
Any user may be assigned to any group or any number of groups. Processes running in Linux are usually assigned to groups when the software is installed. Groups have their own set of permissions on files and directories, which will apply to all members of the group. A new file or directory will be assigned to the primary group of the creator unless setgid has been set on the parent directory, in which case Linux will assign the new file or directory to the group of the parent directory.
Other
If a user is not the owner or a member of the group a file or directory has been assigned to, then the set of permissions for other will apply.
Permissions
There are three permissions that can be assigned to each class.
Read
For files, the read permission allows for reading of the file. For directories, the read permission allows for viewing of the contents of the directory.
Write
For files, the write permission allows for modifying of the file. For directories, the write permission allows for modifying the entries in the directory, including creating new files, renaming files and deleting files.
Execute
For files, the execute permission allows a file to be executed. For directories, it allows entries to be opened.
Root
The root user can change permissions to every file and directory on the system and has full permissions to all files and directories not assigned to it. This is why it is important to guard root access. However, sometimes it is desirable to be fully logged in as root so that the the user does not have to type sudo hundreds of times in a row. A user session can be elevated to a root session with a number of different commands, but likely the best way is with sudo -i. To return to the regular user session, enter the command exit.
sudo
The sudo command in Ubuntu will elevate permissions of any member of the sudo group to root for whatever command follows it. This allows users with lesser permissions to gain root permissions when needed. The sudo command only requires password entry for its first use in a session or after 15 minutes of not using the sudo command.
Viewing ownership and permissions
File and directory ownership, for both owners and groups, and permissions can be easily viewed and modified (modification is discussed later).
Linux will display permissions in symbolic notation, but it is usually easier when making changes to permissions to use octal notation, which is also the most common way that permissions are discussed in references such as books, tutorials, blogs, forums, etc. The chart below demonstrates what each symbolic notation and each octal notation looks like for the given permission set. Note that this chart is not exhaustive of the permutations and is only for demonstrating how each permission set looks as assigned in all classes.
| Symbolic Notation | Octal Notation | English |
|---|---|---|
| ---------- | 000 | no permissions |
| ---x--x--x | 111 | execute |
| --w--w--w- | 222 | write |
| --wx-wx-wx | 333 | write & execute |
| -r--r--r-- | 444 | read |
| -r-xr-xr-x | 555 | read & execute |
| -rw-rw-rw- | 666 | read & write |
| -rw-rw-r-- | 664 | user and group read & write; others read |
| -rwxrwxrwx | 777 | read, write, & execute |
| -rwxrwxr-x | 775 | user and group read, write, & execute; others read and execute |
Parent directories and sub-directories
If a parent directory has more strict permissions than that of its sub-directories, the parent's permissions will take precedence. This is true for the entire chain of sub-directories.
Interfacing with the command line
Where and who
When logging into Linux, the user always starts out in the user's home directory, located at /home/username. The command prompt will always state the user's current location on the server, and the home directory location will be annotated as username@servername:~$ with the ~ meaning the user is in the home directory of the user the session has logged in as and the $ meaning the user is operating with username@ level permissions. When using the shell as root, the command prompt will use a # and state root@servername:~# if in the home directory. Other locations will be identified in the command prompt by the full directory location. For example, when the user is in the /var/log/ directory, the command prompt would be username@servername:/var/log$ or root@servername:/var/log#.
Standard entry of commands
Programs in Linux that are used from the command line are assigned unique commands. Linux will always evaluate a command line from left to right. For example, the command for accessing the nano text editor is nano. To open a document, simply enter nano documentname into the command prompt and nano will attempt to open the document.
A command may be executed on a specific location. For example, the file /var/log/syslog can be read while in any directory by entering nano /var/log/syslog.
Some commands may have options, which are usually invoked by entering the option after the command. For example, nano can open a file and go to a specific line and column by entering nano +LINE,COLUMN. Entering nano +33 /directory/filename will open filename and place the cursor at line 33, column 1 (the default column when a column is not specified). Other options may use a - before the option, for example gunzip -V prints the current version and licensing info for gunzip.
Man pages
Most commands have an associated man page. This page can be found by using the command man followed by the command it is desired to learn about. The man pages are typically brief explanations on how to use a given command. For an even quicker reference, many commands include a help option that will print out when the --help option is entered after the command, for example gunzip --help.
Note that the hier man page covers the layout of the filesystem as recommended by the operating system developers.
Command entry shortcuts
Pressing the up arrow key will cycle through the last commands entered into the command line, starting with the most recent. The down arrow can then be used to cycle back down, all the way to the current command line. Each of these cached lines can also be edited.
Pressing tab after entering text will tell Linux to find which command the user is trying to use based on the text entered so far. If there is not a unique match for the text, Linux will give a beep that it doesn't have enough information to complete the entry. Pressing tab a second time will list all commands that start with the current text entered. For example, entering na and pressing tab twice lists the namei, nameif, nano and nawk commands. However, typing nan and pressing tab enters the command nano with a space after it.
Navigating the filesystem is accomplished with the cd command. To navigate to a sub-directory of the current directory, enter cd subdirectoryname/, cd subdirectoryname/subsubdirectoryname/, etc. To navigate to a directory that is not a subdirectory of the current directory, enter cd /directoryname/, cd /directoryname/subdirectoryname, etc. To navigate to the parent directory of the current directory, enter cd ...
Linux is case sensitive on file and directory locations, so take care to note if the file or directory being navigating to uses any upper-case letters.
Files and directories can be 'hidden' by using a . before the file or directory name, though hidden entries will always be displayed when using the ll command.
The tab button can be used for navigation in the same way it is used in commands. Entering the first characters of a directory or file name will tell Linux to find which location the user is trying to enter, and pressing tab twice when there are not enough characters entered will list all available locations based on the text entered. This shortcut may also be used in stages for faster entry. For example, cd /e+tab updates to cd /etc/, after which adding upd+tab will update to cd /etc/update- and beep. Then entering n and tab will update with the full location cd /etc/update-notifier/. This works will all commands using navigation.
Commands
Be sure to take a look through the commands in the Common and useful commands article.
Files
When operating through command line, Linux generally does not distinguish filetypes in the same way that Windows does. A file can be named with nearly any character. When making a backup of a file, the backup can be named backup.filename, for example.
Configuration files
Most software settings are changed by editing text files, and one of the most common is the configuration file, typically a file with .conf, conf.d or some variation of such on the end of it. It is standard for most configuration files to include instructions on various settings that can be set and changed in the file, with additional details on each option located in other files such as sample file (often filename.conf.sample), in README files and on the developer's project page.
When an instruction states to change a parameter in a configuration file, there should generally be only one of that parameter in the file, as stated by the instruction. For example, an instruction may state to change parameter xyz.abc = TRUE and the file may contain two similar parameters 123.xyz.abc = FALSE and xyz.abc = FALSE. Only xyz.abc = FALSE should be changed. The other should be left alone unless otherwise stated by the instructions.
Commenting
Commenting in code is accomplished by using tags which inform the server to ignore any text written after the tag. This annotation is where the instructions may be found in a configuration file or as a form of informal documentation. However, different programs use different symbols for comments, and some require closing tags. Sometimes it may be preferable to comment out code instead of deleting it.
Configuration files and other files read by most Linux programs use the # symbol to comment out everything after it on that line, with one notable exception being PHP itself, for which the configuration files use ;.
PHP files (read by the PHP interpreter) have two options for commenting. One option, using the symbols // or #, will comment out the line just as the # symbol does in configuration files. The second option requires a closing tag and is often used as a multi-line option where everything between /* and */ will be commented out.
HTML uses similar closing tags where everything between <!-- and --> will be commented out.
Often, an instruction may require uncommenting of a line, which is the removal of the comment to make the server read the line. The instruction my specifically state to 'uncomment' a line, but more often it may only state to change the line. If a line that an instruction states needs to be changed, but doesn't mention commenting or uncommenting the line, then most likely the line will need to be uncommented if found commented.
Next step: initialize the server
Now that the very basics of using the command line interface have been covered, it's time to initialize the server for use.