Shows program destination: which certbot which php etc
update-rc.d
update-rc.d name disable update-rc.d name enable ----------------------------------------------------- Basically, all these commands make a symbolic link from /etc/init.d/ to the appropriate run-level folder in /etc/ ----------------------------------------------------- /webmin/disable-enable-webmin/ http://manpages.ubuntu.com/manpages/xenial/man8/update-rc.d.8.html
symbolic dir link
ln -s /home/username/domains/sub.username.lt/public public_html
sshd_config
AllowUsers user1 user2 https://ostechnix.com/allow-deny-ssh-access-particular-user-group-linux/
Match user ben_files
# The following two directives force ben_files to become chrooted
# and only have sftp available. No other chroot setup is required.
ChrootDirectory /var/www/vhosts/mydomain.com/files
#ForceCommand internal-sftp
ForceCommand /usr/bin/git
# For additional paranoia, disallow all types of port forwardings.
AllowTcpForwarding no
GatewayPorts no
X11Forwarding no
usermod
https://www.tecmint.com/usermod-command-examples/
Add you user to the webserver user group: sudo usermod -a -G www-data username
Add shell usermod -s /usr/bin/bash username usermod -s /usr/bin/git-shell username
Add directory usermod -d /hime/username username
Options
- -c = We can add comment field for the useraccount.
- -d = To modify the directory for any existing user account.
- -e = Using this option we can make the account expiry in specific period.
- -g = Change the primary group for a User.
- -G = To add a supplementary groups.
- -a = To add anyone of the group to a secondary group.
- -l = To change the login name from tecmint to tecmint_admin.
- -L = To lock the user account. This will lock the password so we can’t use the account.
- -m = moving the contents of the home directory from existing home dir to new dir.
- -p = To Use un-encrypted password for the new password. (NOT Secured).
- -s = Create a Specified shell for new accounts.
- -u = Used to Assigned UID for the user account between 0 to 999.
- -U = To unlock the user accounts. This will remove the password lock and allow us to use the user account.
chown + chmod + 755 + 644
own myuser
chown -R www-data:www-data /home/stage2/ftp
all folders = 755 + all files = 644
chmod -R u+rwX,go+rX,go-w /home/stage2/ftp
Add you user to the webserver user group:
sudo usermod -a -G www-data ubuntu
https://stackoverflow.com/questions/30639174/how-to-set-up-file-permissions-for-laravel
Cerbot cron job
cronjob
Add conjob example chmod +x /var/mycommands/file.sh crontab -e (edit file) 0 * * * * sh /var/mycommands/file.sh > var/mylogs/file.log cronjobs list crontab -l //-------- turn on logs ---------- nano /etc/rsyslog.d/50-default.conf cron.* /var/log/cron.log service cron restart //------------------------------------- //------fix permissions -------- crontab -e & update file //------------------------------- cronjob example: every minute https://crontab.guru/#*/1_*_*_*_* processed cronjobs filtered by filename grep -i "file.sh" /var/log/syslog https://stackoverflow.com/questions/28235524/how-to-run-a-php-script-daily-with-the-cron-job-on-ubuntu-os
tree of processes
display a tree of processes pstree https://man7.org/linux/man-pages/man1/pstree.1.html
directory size
sudo du -sh /var https://linuxize.com/post/how-get-size-of-file-directory-linux/
File Permissions
u – users g – groups o – others
- chmod +rwx filename to add permissions to users,groups,others.
- chmod -rwx filename to remove permissions.
- chmod +x filename to allow executable permissions
- chmod u+x filename to allow executable permissions for user
- chgrp groupname filename
- chgrp groupname foldername
- chown username filename
- chown username foldername
https://www.pluralsight.com/blog/it-ops/linux-file-permissions
apachetop
disable password on server
By default
PasswordAuthentication is set to yes, so explicitly commenting it in /etc/ssh/sshd_config and restart sshd has no effect.You’ll need to explicitly set PasswordAuthentication no to allow only Public Key Authentication.
service ssh restarthttps://askubuntu.com/questions/346857/how-do-i-force-ssh-to-only-allow-users-with-a-key-to-log-in
check ram
logrotate
logrotate /etc/logrotate.d/your-logrotate-config https://unix.stackexchange.com/questions/116136/how-to-make-log-rotate-change-take-effect/116138 https://www.2daygeek.com/configure-logrotate-manage-linux-log-files/
Webserver as owner (the way most people do it, and the Laravel doc’s way)
711:answer https://stackoverflow.com/questions/30639174/how-to-set-up-file-permissions-for-laravel
* sudo chown -R www-data:www-data /path/to/your/laravel/root/directory
* sudo usermod -a -G www-data ubuntu
* sudo find /path/to/your/laravel/root/directory -type f -exec chmod 644 {} \;
* sudo find /path/to/your/laravel/root/directory -type d -exec chmod 755 {} \;
* cd /var/www/html/laravel >> assuming this is your current root directory
* sudo chown -R $USER:www-data .
* sudo find . -type f -exec chmod 664 {} \;
* sudo find . -type d -exec chmod 775 {} \;
* sudo chgrp -R www-data storage bootstrap/cache
* sudo chmod -R ug+rwx storage bootstrap/cache
create user only for ftp + vsftpd
1. sudo useradd -d /home/customuser/customdir username 2. passwd username 3. usermod -s /bin/false username 4. chown username:username filename --------------------------------------- pavyko su siuo tutorialu (atlikus viska is eiles) https://www.digitalocean.com/community/tutorials/how-to-set-up-vsftpd-for-a-user-s-directory-on-ubuntu-18-04 --------------------------------------- vsftpd.conf (veikiantis is pvz) papildytas su: allow_writeable_chroot=YES force_dot_files=YES listen=NO listen_ipv6=YES anonymous_enable=NO local_enable=YES write_enable=YES dirmessage_enable=YES use_localtime=YES xferlog_enable=YES connect_from_port_20=YES chroot_local_user=YES user_sub_token=$USER local_root=/home/$USER/ftp allow_writeable_chroot=YES force_dot_files=YES pasv_min_port=40000 pasv_max_port=50000 userlist_enable=YES userlist_file=/etc/vsftpd.userlist userlist_deny=NO secure_chroot_dir=/var/run/vsftpd/empty pam_service_name=vsftpd rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key ssl_enable=NO
grep
grep 'word' filename grep -rnw '/path/to/somewhere/' -e 'text_to_find' -r or -R is recursive, -n is line number, and -w stands for match the whole word. https://stackoverflow.com/questions/16956810/how-do-i-find-all-files-containing-specific-text-on-linux
bash update file
#! /bin/sh
file=xyz.cfg
addr=$1
port=$2
username=$3
sed -i 's/address=.*/address='$addr'/' $file
sed -i 's/port=.*/port='$port'/' $file
sed -i 's/username=.*/username='$username'/' $file
https://stackoverflow.com/questions/14643531/changing-contents-of-a-file-through-shell-script/28559815create CronJob
1. list crons: crontab -l 2. edit crons: crontab -e tutorial: https://www.hostinger.com/tutorials/vps/how-to-setup-cron-job-vps generator: https://crontab-generator.org/
dpkg
List packages: dpkg -l Install local file: sudo dpkg -i zip_3.0-4_i386.deb https://help.ubuntu.com/lts/serverguide/dpkg.html
install yarn
curl -sL https://dl.yarnpkg.com/debian/pubkey.gpg | sudo apt-key add - echo "deb https://dl.yarnpkg.com/debian/ stable main" | sudo tee /etc/apt/sources.list.d/yarn.list sudo apt-get update && sudo apt-get install yarn
install nodejs
Node.js v13.x:
# Using Ubuntu
curl -sL https://deb.nodesource.com/setup_13.x | sudo -E bash -
sudo apt-get install -y nodejs
# Using Debian, as root
curl -sL https://deb.nodesource.com/setup_13.x | bash -
apt-get install -y nodejs
https://github.com/nodesource/distributions/blob/master/README.md#debinstall
install curl
sudo apt update sudo apt upgrade sudo apt install curl curl --version saves the downloaded file to local: curl -o [file-name] [URL] https://www.geeksforgeeks.org/curl-command-in-linux-with-examples/
permissions
To recursively give directories read&execute privileges:
find /path/to/base/dir -type d -exec chmod 755 {} +
To recursively give files read privileges:
find /path/to/base/dir -type f -exec chmod 644 {} +
Or, if there are many objects to process:
chmod 755 $(find /path/to/base/dir -type d)
chmod 644 $(find /path/to/base/dir -type f)
Or, to reduce chmod spawning:
find /path/to/base/dir -type d -print0 | xargs -0 chmod 755
find /path/to/base/dir -type f -print0 | xargs -0 chmod 644performance monitoring
top OR sudo apt-get install htop htop https://www.howtoforge.com/tutorial/ubuntu-performance-monitoring/ htop monitor help https://www.deonsworld.co.za/2012/12/20/understanding-and-using-htop-monitor-system-resources/
list all packages
sudo dpkg --get-selections
whereis packagename (whereis webmin)user own
sudo chown username: myfolder
sudo chmod 777 -R myfolder
sudo chmod u+w myfolder
os version
cat /etc/os-release
ssh as user
1. login as root 2. sudo chown -R username /home/username/.ssh 3. sudo chmod 0700 /home/username/.ssh 4. sudo chmod 0600 /home/username/.ssh/authorized_keys copy key for user ssh-copy-id username@host
chmod go-w ~/ chmod 700 ~/.ssh chmod 600 ~/.ssh/authorized_keys
create SWAP file
https://www.digitalocean.com/community/tutorials/how-to-add-swap-on-ubuntu-14-04
secure copy(scp)
1. create folder on server: your-project-name 2. scp -r /path/to/your/local/project/* your-user-name@<droplet-ip-here>:~/your-project-name/
show hidden files
Ctrl + h
useradd & adduser
https://www.tecmint.com/add-users-in-linux/ useradd username also creates user & home dir (better use this command) adduser username To grant sudo privileges to a user type (as root user): usermod -a -G sudo username Change user su - username Open Sudoers file ( /etc/sudoers.d/ ) sudo visudo Set no sudo passwords in sudoers.d (at end of file) username ALL=(ALL) NOPASSWD: ALL As a regular user with sudo privileges, you can delete a user using this syntax: sudo deluser --remove-home username