5.

System Administration Commands / Tools

5.1. User and Group Management
Since Linux is a multi-user operating system, several people may be logged in and actively
working on a given machine at the same time. Security-wise, it is never a good idea to allow
users to share the credentials of the same account. In fact, best practices dictate the use of as
many user accounts as people needing access to the machine.

At the same time, it is to be expected that two or more users may need to share access to certain
system resources, such as directories and files. User and group management in Linux allows us
to accomplish both objectives.

These operations are performed using the following commands:

 adduser: add a user to the system.
 userdel: delete a user account and related files.
 addgroup: add a group to the system.
 delgroup: remove a group from the system.
 usermod: modify a user account.
 chage: change user password expiry information.
 sudo: run one or more commands as another user (typically with superuser permissions).
 Relevant files: /etc/passwd (user information), /etc/shadow (encrypted
passwords), /etc/group (group information) and /etc/sudoers (configuration for sudo).

Superuser permissions can be gained either by changing to the root user with the su command or
using sudo. The latter approach is used by default in Ubuntu and derivatives, and is preferred
over the former in other distributions as well.

It is also important to note that, as opposed to other Linux flavors, the user that is created when
Ubuntu is first installed has superuser privileges out-of-the-box. You can verify whether sudo is
installed on your machine by running

Adding a New Regular Account

To begin, let's create a new user named pluralsight using Ubuntu and CentOS as representative
distributions.

In Ubuntu or derivatives, this is as easy as doing (you will be required to enter your password to
run sudo):
sudo adduser pluralsight

In other distributions, first login as root and do:

adduser pluralsight
You may be prompted to set the new user's initial password, and other optional information
(such as full name, work phone, etc). This will be stored in /etc/passwd using colons as field
separators. If not, you can assign a password for the newly created account
named pluralsight with
passwd pluralsight
and entering it twice. Needless to say, you must preface the above command with sudo if you're
using Ubuntu.

When a new user is added, a group with the same name is created automatically. This
is called a primary group.

There are three types of accounts on a Unix system −

Root account
This is also called superuser and would have complete and unfettered control of the system. A
superuser can run any commands without any restriction. This user should be assumed as a
system administrator.
System accounts
System accounts are those needed for the operation of system-specific components for example
mail accounts and the sshd accounts. These accounts are usually needed for some specific
function on your system, and any modifications to them could adversely affect the system.
User accounts
User accounts provide interactive access to the system for users and groups of users. General
users are typically assigned to these accounts and usually have limited access to critical system
files and directories.
Unix supports a concept of Group Account which logically groups a number of accounts. Every
account would be a part of another group account. A Unix group plays important role in
handling file permissions and process management.

Managing Users and Groups

There are four main user administration files −
 /etc/passwd − Keeps the user account and password information. This file holds the
majority of information about accounts on the Unix system.
 /etc/shadow − Holds the encrypted password of the corresponding account. Not all the
systems support this file.
 /etc/group − This file contains the group information for each account.
  /etc/gshadow − This file contains secure group account information.
Check all the above files using the cat command.
The following table lists out commands that are available on majority of Unix systems to create
and manage accounts and groups −

Sr.No. Command & Description

1
Useradd - Adds accounts to the system

2
Usermod - Modifies account attributes

3
Userdel - Deletes accounts from the system

4
Groupadd - Adds groups to the system

5
Groupmod - Modifies group attributes

6
Groupdel - Removes groups from the system

You can use Manpage Help to check complete syntax for each command mentioned here.

Create a Group
We will now understand how to create a group. For this, we need to create groups before
creating any account otherwise, we can make use of the existing groups in our system. We have
all the groups listed in /etc/groups file.
All the default groups are system account specific groups and it is not recommended to use
them for ordinary accounts. So, following is the syntax to create a new group account −
groupadd [-g gid [-o]] [-r] [-f] groupname
The following table lists out the parameters −

Sr.No. Option & Description

1
-g GID - The numerical value of the group's ID
2
-o This option permits to add group with non-unique GID

3
-r This flag instructs groupadd to add a system account

4
-f This option causes to just exit with success status, if the specified group already exists. With
-g, if the specified GID already exists, other (unique) GID is chosen

5
Groupname Actual group name to be created

If you do not specify any parameter, then the system makes use of the default values.
Following example creates a developers group with default values, which is very much
acceptable for most of the administrators.
$ groupadd developers

Modify a Group
To modify a group, use the groupmod syntax −
$ groupmod -n new_modified_group_name old_group_name
To change the developers_2 group name to developer, type −
$ groupmod -n developer developer_2
Here is how you will change the financial GID to 545 −
$ groupmod -g 545 developer

Delete a Group
We will now understand how to delete a group. To delete an existing group, all you need is
the groupdel command and the group name. To delete the financial group, the command is −
$ groupdel developer
This removes only the group, not the files associated with that group. The files are still
accessible by their owners.

Create an Account
Let us see how to create a new account on your Unix system. Following is the syntax to create a
user's account −
useradd -d homedir -g groupname -m -s shell -u userid accountname
The following table lists out the parameters −

Sr.No. Option & Description

1
-d homedir Specifies home directory for the account

2
-g groupname Specifies a group account for this account

3
-m Creates the home directory if it doesn't exist

4
-s shell Specifies the default shell for this account

5
-u userid You can specify a user id for this account

6
Accountname Actual account name to be created

If you do not specify any parameter, then the system makes use of the default values.
The useradd command modifies the /etc/passwd, /etc/shadow, and /etc/group files and creates
a home directory.
Following is the example that creates an account mcmohd, setting its home directory
to /home/mcmohd and the group as developers. This user would have Korn Shell assigned to it.
$ useradd -d /home/mcmohd -g developers -s /bin/ksh mcmohd
Before issuing the above command, make sure you already have the developers group created
using the groupadd command.
Once an account is created you can set its password using the passwd command as follows −
$ passwd mcmohd20
Changing password for user mcmohd20.
New UNIX password:
Retype new UNIX password:
passwd: all authentication tokens updated successfully.
When you type passwd accountname, it gives you an option to change the password, provided
you are a superuser. Otherwise, you can change just your password using the same command
but without specifying your account name.
Modify an Account
The usermod command enables you to make changes to an existing account from the command
line. It uses the same arguments as the useradd command, plus the -l argument, which allows
you to change the account name.
For example, to change the account name mcmohd to mcmohd20 and to change home directory
accordingly, you will need to issue the following command −
$ usermod -d /home/mcmohd20 -m -l mcmohd mcmohd20

Delete an Account
The userdel command can be used to delete an existing user. This is a very dangerous
command if not used with caution.
There is only one argument or option available for the command .r, for removing the account's
home directory and mail file.
For example, to remove account mcmohd20, issue the following command −
$ userdel -r mcmohd20
If you want to keep the home directory for backup purposes, omit the -r option. You can
remove the home directory as needed at a later time.

In this chapter, we will discuss in detail about file permission and access modes in Unix. File
ownership is an important component of Unix that provides a secure method for storing files.
Every file in Unix has the following attributes −
 Owner permissions − The owner's permissions determine what actions the owner of the
file can perform on the file.
 Group permissions − The group's permissions determine what actions a user, who is a
member of the group that a file belongs to, can perform on the file.
 Other (world) permissions − The permissions for others indicate what action all other
users can perform on the file.

5.2. The Permission Indicators

While using ls -l command, it displays various information related to file permission as follows
−
$ls -l /home/amrood
-rwxr-xr-- 1 amrood users 1024 Nov 2 00:10 myfile
drwxr-xr--- 1 amrood users 1024 Nov 2 00:10 mydir
Here, the first column represents different access modes, i.e., the permission associated with a
file or a directory.
The permissions are broken into groups of threes, and each position in the group denotes a
specific permission, in this order: read (r), write (w), execute (x) −
 The first three characters (2-4) represent the permissions for the file's owner. For
example, -rwxr-xr-- represents that the owner has read (r), write (w) and execute (x)
permission.
 The second group of three characters (5-7) consists of the permissions for the group to
which the file belongs. For example, -rwxr-xr-- represents that the group has read (r)
and execute (x) permission, but no write permission.
 The last group of three characters (8-10) represents the permissions for everyone else.
For example, -rwxr-xr-- represents that there is read (r) only permission.

File Access Modes

The permissions of a file are the first line of defense in the security of a Unix system. The basic
building blocks of Unix permissions are the read, write, and execute permissions, which have
been described below −
Read
Grants the capability to read, i.e., view the contents of the file.
Write
Grants the capability to modify, or remove the content of the file.
Execute
User with execute permissions can run a file as a program.

Directory Access Modes

Directory access modes are listed and organized in the same manner as any other file. There are
a few differences that need to be mentioned −
Read
Access to a directory means that the user can read the contents. The user can look at
the filenames inside the directory.
Write
Access means that the user can add or delete files from the directory.
Execute
Executing a directory doesn't really make sense, so think of this as a traverse permission.
A user must have execute access to the bin directory in order to execute the ls or
the cd command.

Changing Permissions
To change the file or the directory permissions, you use the chmod (change mode) command.
There are two ways to use chmod — the symbolic mode and the absolute mode.
Using chmod in Symbolic Mode
The easiest way for a beginner to modify file or directory permissions is to use the symbolic
mode. With symbolic permissions you can add, delete, or specify the permission set you want
by using the operators in the following table.

Sr.No. Chmod operator & Description

1
+ Adds the designated permission(s) to a file or directory.

2
- Removes the designated permission(s) from a file or directory.

3
= Sets the designated permission(s).

Here's an example using testfile. Running ls -1 on the testfile shows that the file's permissions
are as follows −
$ls -l testfile
-rwxrwxr-- 1 amrood users 1024 Nov 2 00:10 testfile
Then each example chmod command from the preceding table is run on the testfile, followed
by ls –l, so you can see the permission changes −
$chmod o+wx testfile
$ls -l testfile
-rwxrwxrwx 1 amrood users 1024 Nov 2 00:10 testfile
$chmod u-x testfile
$ls -l testfile
-rw-rwxrwx 1 amrood users 1024 Nov 2 00:10 testfile
$chmod g = rx testfile
$ls -l testfile
-rw-r-xrwx 1 amrood users 1024 Nov 2 00:10 testfile
Here's how you can combine these commands on a single line −
$chmod o+wx,u-x,g = rx testfile
$ls -l testfile
-rw-r-xrwx 1 amrood users 1024 Nov 2 00:10 testfile

Using chmod with Absolute Permissions

The second way to modify permissions with the chmod command is to use a number to specify
each set of permissions for the file.
Each permission is assigned a value, as the following table shows, and the total of each set of
permissions provides a number for that set.

Number Octal Permission Representation Ref

0 No permission ---

1 Execute permission --x

2 Write permission -w-

3 Execute and write permission: 1 (execute) + 2 (write) = 3 -wx

4 Read permission r--

5 Read and execute permission: 4 (read) + 1 (execute) = 5 r-x

6 Read and write permission: 4 (read) + 2 (write) = 6 rw-

7 All permissions: 4 (read) + 2 (write) + 1 (execute) = 7 rwx

Here's an example using the testfile. Running ls -1 on the testfile shows that the file's
permissions are as follows −
$ls -l testfile
-rwxrwxr-- 1 amrood users 1024 Nov 2 00:10 testfile
Then each example chmod command from the preceding table is run on the testfile, followed
by ls –l, so you can see the permission changes −
$ chmod 755 testfile
$ls -l testfile
-rwxr-xr-x 1 amrood users 1024 Nov 2 00:10 testfile
$chmod 743 testfile
$ls -l testfile
-rwxr---wx 1 amrood users 1024 Nov 2 00:10 testfile
$chmod 043 testfile
$ls -l testfile
----r---wx 1 amrood users 1024 Nov 2 00:10 testfile

Changing Owners and Groups

While creating an account on Unix, it assigns a owner ID and a group ID to each user. All the
permissions mentioned above are also assigned based on the Owner and the Groups.
Two commands are available to change the owner and the group of files −
 chown − The chown command stands for "change owner" and is used to change the
owner of a file.
 chgrp − The chgrp command stands for "change group" and is used to change the
group of a file.

Changing Ownership
The chown command changes the ownership of a file. The basic syntax is as follows −
$ chown user filelist
The value of the user can be either the name of a user on the system or the user id (uid) of a
user on the system.
The following example will help you understand the concept −
$ chown amrood testfile
$
Changes the owner of the given file to the user amrood.
NOTE − The super user, root, has the unrestricted capability to change the ownership of any
file but normal users can change the ownership of only those files that they own.

Changing Group Ownership

The chgrp command changes the group ownership of a file. The basic syntax is as follows −
$ chgrp group filelist
The value of group can be the name of a group on the system or the group ID (GID) of a
group on the system.
Following example helps you understand the concept −
$ chgrp special testfile
$
Changes the group of the given file to special group.

SUID and SGID File Permission

Often when a command is executed, it will have to be executed with special privileges in order
to accomplish its task.
As an example, when you change your password with the passwd command, your new
password is stored in the file /etc/shadow.
As a regular user, you do not have read or write access to this file for security reasons, but
when you change your password, you need to have the write permission to this file. This means
that the passwd program has to give you additional permissions so that you can write to the
file /etc/shadow.
Additional permissions are given to programs via a mechanism known as the Set User ID
(SUID) and Set Group ID (SGID) bits.
When you execute a program that has the SUID bit enabled, you inherit the permissions of that
program's owner. Programs that do not have the SUID bit set are run with the permissions of the
user who started the program.
This is the case with SGID as well. Normally, programs execute with your group permissions,
but instead your group will be changed just for this program to the group owner of the program.
The SUID and SGID bits will appear as the letter "s" if the permission is available. The
SUID "s" bit will be located in the permission bits where the owners‘ execute permission
normally resides.
For example, the command −
$ ls -l /usr/bin/passwd
-r-sr-xr-x 1 root bin 19031 Feb 7 13:47 /usr/bin/passwd*
$
Shows that the SUID bit is set and that the command is owned by the root. A capital letter S in
the execute position instead of a lowercase s indicates that the execute bit is not set.
If the sticky bit is enabled on the directory, files can only be removed if you are one of the
following users −

 The owner of the sticky directory

 The owner of the file being removed
 The super user, root
To set the SUID and SGID bits for any directory try the following command −
$ chmod ug+s dirname
$ ls -l
drwsr-sr-x 2 root root 4096 Jun 19 06:45 dirname
$

5.3. Performance Tools

Unix provides following important tools to measure and fine tune Unix system performance −

Sr.No. Command & Description

1
nice/renice Runs a program with modified scheduling priority

2
Netstat Prints network connections, routing tables, interface statistics, masquerade
connections, and multicast memberships

3
Time Helps time a simple command or give resource usage

4
Uptime This is System Load Average

5
Ps Reports a snapshot of the current processes

6
Vmstat Reports virtual memory statistics

7
Gprof Displays call graph profile data

8
Prof Facilitates Process Profiling

9
Top Displays system tasks
5.4. Add Your Printer To Computer
First basic thing is to install or add your printer. Connecting printer in Linux machine is very
simple as almost all Linux distros have printer supports. Open the printer app from your
app menu and look if the printer has been added.

If the printer is already added or configured, it will be listed quickly on the opening printer app.
If not, go to Openprinting and install your driver and again launch your printer option. Your
printer should now be listed under add option, click forward on your printer config. Add the
description and done. Open printer driver page has a vast variety so it is very unlikely that you
don‘t find your printer.
Print anything to check your printer.Now as the printer is added let‘s share it so you can access it
on other systems. It is also simple. Right-click on your printer and select the shared option.
Here it is done. You have successfully shared your printer on a network in Linux. Now you will
need to access it on other systems. Here is how to do it.

Accessing A Printer On Another Computer

I assume you are on LAN or somehow connected to your system from which we have shared our
printer. Now here is what you have to do. Again open the printer tool as we did earlier and hit the
ADD button. Your shared printer will be listed under the network printer. Click the remote
hostname with the preferred printer, forward and fill out the description as we did earlier, apply
and done. Voila! Print now!
If your printer is not listed, click on a find network printer. Enter the IP address of the printer and
hit find. URI would be automatically filled. Again do as the old-time fill description and apply.
Done!
5.4. Share a Printer on Linux
We used Ubuntu 14.04 for this, but the process should be similar on other distributions.

Open Ubuntu‘s System Settings window by clicking the gear icon on the top bar and selecting
System Settings. Click the Printers icon and any printers you‘ve added will appear in the list.

Click the Server menu at the top of the screen and select Server Settings.

Click the ―Publish shared printers connected to this system‖ checkbox to enable network sharing
of connected printers.
Right-click the printer in the list, select Properties, and click Policies. Ensure the Shared box is
checked so the printer will be shared.

Access a Shared Printer on Linux

Open Ubuntu‘s System Settings window and click the Printers icon. Click the Add button to add
a new printer.
Expand the Network Printer section, select Windows Printer via SAMBA, and click the Browse
button. You‘ll be able to browse available network printers connected to different computers on
the network. Add the printer to your PC, configure its drivers, and it will appear as an available
printer when printing from Linux applications.

Ubuntu can see printers shared via Bonjour from a Mac and will automatically add them.
Modern printers often have built in Wi-Fi, so they can make themselves available to all the
computers, smartphones, and tablets on a network without any complicated printer-sharing. Wi-
Fi printers are ideal if you want to share a printer without the hassle.
5.5. Configuring Network in Linux
Ubuntu GUI Network Tools:

 /usr/bin/gnome-nettool (apt-get install gnome-nettool)

 /usr/bin/network-admin (apt-get install gnome-network-admin)

5.5.2 Linux networking commands:

To start network servcies

 /etc/rc.d/init.d/network start - command to start, restart or stop the network

 netstat - Display connections, routing tables, stats etc

o List externally connected processes: netstat -
punta
 -a: Show both listening and non-listening sockets.
 -p: Show PID of process owning socket
 -u: Show UDP
 -t: Show TCP
 -n: Show IP addresses only. Don't resolve host
names
 -g: Show multi-cast group membership info
 -c: Continuous mode - update info every second
 -v: Verbose
 -e: Extended information
 -o: show network timer information
o List all connected processes: netstat -nap
o List all processes with a TCP connection: netstat -
tlnp
This will list open TCP ports:
 -t: TCP
 -l: listening ports only
 -n: no host name lookup
 -p: process ID

one can also use the command: lsof -i -P

o Show network statistics: netstat -s

o Display routing table info: netstat -rn
o $ netstat -nr
o Kernel IP routing table
o Destination Gateway Genmask Flags MSS Window irtt
Iface
o 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0
eth0
o 169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0
eth0
o 0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0
eth0

Flags:

 G: route uses gateway

 U: Interface is "up"
 H: Only a single host is accessible (eg. loopback)
 D: Entry generated by ICMP redirect message
 M: Modified by ICMP redirect message
o Display processes connecting with ssh (port 22): netstat -aon | grep ':22 '

o $ netstat -aon | grep :22

o tcp 0 0 0.0.0.0:22 0.0.0.0:*
LISTEN off (0.00/0/0)
o tcp 0 36 172.131.56.120:22 118.57.17.204:37951
ESTABLISHED on (0.24/0/0)
o tcp 0 0 172.131.56.120:22 116.31.114.52:46438
ESTABLISHED keepalive (7160.36/0/0)
o tcp 0 0 172.131.56.120:22 116.31.114.52:64874
ESTABLISHED keepalive (7209.52/0/0)
o tcp 0 0 :::22 :::*
LISTEN off (0.00/0/0)

 -a: Show both listening and non-listening sockets.

 -o: show network timer information
 -n: no host name lookup
Note that a "connection" does not mean that there was a successful login.
 o Display interface statistics: netstat -i
o $ netstat -i
o Kernel Interface table
o Iface MTU Met RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP
TX-OVR Flg
o eth0 1500 0 2224 0 0 0 1969 0 0
0 BMRU
o lo 16436 0 1428 0 0 0 1428 0 0
0 LRU

Where:

 RX-OK/TX-OK: number of packets transmitted/received error free

 RX-ERR/TX-ERR: number of damaged/error packets transmitted/received
 RX-DRP/TX-DRP: number of dropped packets
 RX-OVR/TX-OVR: number of packets dropped because of a buffer overrun

Flags:

 B: A broadcast address has been set

 L: This interface is a loopback device
 M: All packets are received
 N: Trailers are avoided
 O: ARP is turned off for this interface
 P: Point-to-point connection
 R: Interface is running
 U: Interface is up

 rtstat/lnstat - unified linux network statistics

(reports contents of /proc/net/stat/ and routing cache statistics)

 nstat/rtacct - network statistics tools

(monitor kernel snmp counters and network interface statistics)

 ping - send ICMP ECHO_REQUEST packets to network hosts. Use

Cntl-C to stop ping.
 traceroute - print the route packets take to network host.
(Ubuntu Note: Typically Ubuntu installs tracepath for IPv4 and traceroute6 for IPv6. One
can install traceroute: apt-get install traceroute)
o traceroute IP-address-of-server
o traceroute domain-name-of-server

 mtr - a network diagnostic tool introduced in Fedora - Like

traceroute except it gives more network quality and network
diagnostic info. Leave running to get real time stats. Reports
best and worst round trip times in milliseconds.
o mtr IP-address-of-server
o mtr domain-name-of-server
Example: mtr --report www.yahoo.com

o [prompt]$ mtr --report www.yahoo.com

o Start: Sun May 22 19:26:58 2016
o HOST: mydesktop Loss% Snt Last Avg Best Wrst StDev
o 1.|-- Wireless_Broadband_Router 0.0% 10 0.4 0.4 0.3 0.4 0.0
o 2.|-- 61.218.111.1 0.0% 10 4.3 5.4 3.2 9.4 1.9
o 3.|-- 142.202.104.222 0.0% 10 6.7 7.5 6.1 9.9 0.9
o 4.|-- ae8---0.scr02.lsan.ca.fro 0.0% 10 6.1 7.1 6.1 8.2 0.6
o 5.|-- ae1---0.cbr01.lsan.ca.fro 0.0% 10 7.4 7.7 5.7 16.6 3.1
o 6.|-- lag-101.ear2.LosAngeles1. 80.0% 10 6.0 9.5 6.0 13.0 4.9
o 7.|-- ae-1-51.ear3.Seattle1.Lev 90.0% 10 32.4 32.4 32.4 32.4 0.0
o 8.|-- YAHOO-INC.ear3.Seattle1.L 0.0% 10 34.2 33.1 31.7 35.1 0.9
o 9.|-- ae-7.pat1.gqb.yahoo.com 0.0% 10 36.7 35.9 35.1 36.9 0.3
o 10.|-- et-1-0-0.msr2.gq1.yahoo.c 0.0% 10 37.5 39.3 36.6 57.1 6.2
o 11.|-- et-1-0-0.clr1-a-gdc.gq1.y 0.0% 10 37.2 49.1 37.2 119.3 26.0
o 12.|-- et-18-1.fab7-1-gdc.gq1.ya 0.0% 10 38.5 38.1 36.9 39.9 0.7
o 13.|-- po-15.bas1-7-prd.gq1.yaho 0.0% 10 38.0 37.4 36.6 38.5 0.0
o 14.|-- ir1.fp.vip.gq1.yahoo.com 0.0% 10 40.5 37.9 36.7 40.5 1.1
  Installation packages: Ubuntu: mtr-tiny, RH/CentOS: mtr

 whois - Lookup a domain name in the internic whois database.

 finger - Display information on a system user.

i.e. finger user@host Uses $HOME/.plan and $HOME/.projec
t user files.

 iptables - IP firewall administration (Linux kernel 2.6/2.4) See YoLinux

firewall/gateway configuration.

 ipchains - IP firewall administration

 host - Give a host name and the command will return IP address. Unlike nslookup,
the host command will use both /etc/hosts as well as DNS.
Example: host domain-name-of-server

 nslookup - Give a host name and the command will return IP address. Also see Testing your
DNS (YoLinux Tutorial) Note that nslookup does not use the /etc/hosts file.

Remote commands: rcp, rsh, rlogin, rwho, ...

Most of the original Unix remote commands have been superceded by secure shell equivalents.
Instead of telnet, rsh or rlogin, one should use the encrypted connection ssh.

 telnet - user interface to the TELNET protocol

 rlogin - remote login
  rsh - remote shell to execute a command and return results
 uux - Remote command execution over UUCP
 rcp - remote file copy
 uucp - Unix to Unix copy (AWS and RHEL EPEL repo)
uuxqt - UUCP execution daemon
uucico - UUCP file transfer daemon
cu - Call up another system (cu is an old legacy command which is reported to not work very
well)

5.6. Connecting Server

5.6.1. How to Connect via SSH
Now that you have the OpenSSH client and server installed on every machine you need, you can
establish a secure remote connection with your servers. To do so:
1. Open the SSH terminal on your machine and run the following command:

ssh your_username@host_ip_address

If the username on your local machine matches the one on the server you are trying to connect
to, you can just type:

ssh host_ip_address

And hit Enter.

2. Type in your password and hit Enter. Note that you will not get any feedback on the screen
while typing. If you are pasting your password, make sure it is stored safely and not in a text
file.
3. When you are connecting to a server for the very first time, it will ask you if you want to
continue connecting. Just type yes and hit Enter. This message appears only this time since
the remote server is not identified on your local machine.
4. An ECDSA key fingerprint is now added and you are connected to the remote server.
If the computer you are trying to remotely connect to is on the same network, then it is best to
use the private IP address instead of the public IP address. Otherwise, you will have to use the
public IP address only. Additionally, make sure that you know the correct TCP port OpenSSH is
listening to for connection requests and that the port forwarding settings are correct. The default
port is 22 if nobody changed configuration in the sshd_config file. You may also just append the
port number after the host IP address.
Here is the example of a connection request using the OpenSSH client. We will specify the port
number as well:

username@machine:~$ ssh phoenixnap@185.52.53.222 –p7654 phoenixn

ap@185.52.53.222’s password:

The authenticity of host '185.52.53.222 (185.52.53.222)' can't b

e established. ECDSA key fingerprint is SHA256:9lyrpzo5Yo1EQAS2Q
eHy9xKceHFH8F8W6kp7EX2O3Ps. Are you sure you want to continue co
nnecting (yes/no)? yes

Warning: Permanently added ' 185.52.53.222' (ECDSA) to the list

of known hosts.

username@host:~$

You are now able to manage and control a remote machine using your terminal. If you have
trouble connecting to a remote server, make sure that:

 The IP address of the remote machine is correct.

 The port SSH daemon is listening to is not blocked by a firewall or forwarded incorrectly.
 Your username and password are correct.
 The SSH software is installed properly.

5.6.2. Establishing an FTP Connection

1. To open an ftp connection to a remote system, invoke the ftp command followed by the
remote server IP address or domain name. For example, to connect to an FTP server at
―192.168.42.77‖ you would type:

ftp 192.168.42.77

2. If the connection is established, a confirmation message will be displayed, and you will
be prompted to enter your FTP username, in this example the FTP username
is linuxize:

220---------- Welcome to Pure-FTPd [privsep] [TLS] --------

--
220-You are user number 1 of 50 allowed.
 220-Local time is now 21:35. Server port: 21.
220-This is a private system - No anonymous login
220-IPv6 connections are also welcome on this server.
220 You will be disconnected after 15 minutes of
inactivity.
Name (192.168.42.77:localuser): linuxize
You may see a different confirmation message depending on
the FTP service running on the remote server.

3. Once you enter the username you will be prompted to type your password:

Password:

4. If the password is correct, the remote server will display a confirmation message and
the ftp> prompt.
5. 230 OK. Current restricted directory is /
6. Remote system type is UNIX.
7. Using binary mode to transfer files.
ftp>
If the FTP server you are accessing accepts anonymous FTP accounts, and you want to log in as
an anonymous user, use anonymous as username and your email address as a password.

Common FTP Commands

Most of thr FTP commands are similar or identical to the commands you would type in the
Linux shell prompt.

Below are some of the most common FTP commands

 help or ? - list all available FTP commands.

 cd - change directory on the remote machine.
 lcd - change directory on the local machine.
 ls - list the names of the files and directories in the current remote directory.
 mkdir - create a new directory within the current remote directory.
 pwd - print the current working directory on the remote machine.
 delete - remove a file in the current remote directory.
 rmdir- remove a directory in the current remote directory.
 get - copy one file from the remote to the local machine.
 mget - copy multiple files from the remote to the local machine.
 put - copy one file from the local to the remote machine.
 mput - copy one file from the local to the remote machine.
 Unix Permissions: File Permissions In Unix With
Examples
Unix Permissions: Learn what are the Different File Permissions in Unix

Unix is a multi-user system where the same resources can be shared by different users.

All permissions in Unix are based on restricting access to specific files and folders to specific
users or user groups.

Unix Permissions: File Permissions with Examples

Access to a file has three levels:

Read permission – If authorized, the user can read the contents of the file.

Write permission – If authorized, the user can modify the file.

Execute permission – If authorized, the user can execute the file as a program.

Each file is associated with a set of identifiers that are used to determine who can access the file:

User ID (UID) – Specifies the user that owns the file. By default, this is the creator of the file.

Group ID (GID) – Specifies the user-group that the file belongs to.

Finally, there are three sets of access permissions associated with each file:

User permission – Specifies the level of access given to the user matching the file‘s UID.

Group permission – Specifies the level of access given to users in groups matching the file‘s
GID.

Others permission – Specifies the level of access given to users without a matching UID or GID.

Together, this scheme of access controls makes the Unix system extremely secure while
simultaneously providing the flexibility required of a multi-user system.
The ls -l command can be used to view the permissions associated with each of the files in the
current folder.

Example output of this command is given below.

Example:

flags links owner group size modified-date name

total of 24

drwxr-xr-x 7 user staff 224 Jun 21 15:26 .

drwxrwxrwx 8 user staff 576 Jun 21 15:02.

-rw-r--r-- 1 user staff 6 Jun 21 15:04 .hfile

drwxr-xr-x 3 user staff 96 Jun 21 15:17 dir1

drwxr-xr-x 2 user staff 64 Jun 21 15:04 dir2

-rw-r--r-- 1 user staff 39 Jun 21 15:37 file1

-rw-r--r-- 1 user staff 35 Jun 21 15:32 file2

In this output, the ‗total 24‘ indicates the total number of blocks occupied by the listed files.

The remaining columns are:

flags – A collection of flags indicating the file mode and the file permissions.

links – The number of links associated with the file.

owner – The UID that owns the file.

group – The GIDs associated with the file.

size – The size of the file in bytes.

modified-date – The month, date, hour and minute of the last modification to the file.
name – The name of the file or directory.

The flags in the first column specify the file mode and the different sets of permissions:

#1) The first character indicates the type of file:

– : represents an ordinary file

d: represents a directory

c: represents a character device file

b: represents a block device file

#2) The next three characters indicate user permissions:

The first of these three indicates whether the user has read permission:

– : indicates that the user does not have read permission.

r: indicates that the user has read permission.

The second character indicates whether the user has to write permission:

– : indicates the user does not have write permission.

w: indicates the user has to write permission.

The last character indicates whether the user has executed permission:

– : indicates that the user does not have to execute permission.

x: indicates that the user has executed permission.

#3) The next three characters indicate group permissions, similar to the user permissions above.

#4) The final three characters indicate public permissions, similar to the user permissions above.

In case the file is an ordinary file, read permission allows the user to open the file and examine
its contents. Write permission allows the user to modify the contents of the file. And execute
permission allows the user to run the file as a program.
In case the file is a directory, read permission allows the user to list the contents of the directory.
Write permission allows the users to create a new file in the directory, and to remove a file or
directory from it. Execute permission allows the user to run a search on the directory.

Unix command-line tools to change the access permissions

Unix provides a number of command-line tools to change the access permissions:

Note that only the owner of the file can change the access permissions.

1. chmod: change file access permissions

description: This command is used to change the file permissions. These permissions are read,
write and execute permission for the owner, group, and others.

syntax (symbolic mode):

chmod [ugoa][[+-=][mode]] file

The first optional parameter indicates who – this can be (u)ser, (g)roup, (o)thers or (a)ll

The second optional parameter indicates opcode – this can be for adding (+), removing (-) or
assigning (=) permission.

The third optional parameter indicates the mode – this can be (r)ead, (w)rite, or e(x)ecute.

Example: Add write permission for user, group and others for file1

$ ls -l

-rw-r–r– 1 user staff 39 Jun 21 15:37 file1

-rw-r–r– 1 user staff 35 Jun 21 15:32 file2

$ chmod ugo+w file1

$ ls -l
-rw-rw-rw- 1 user staff 39 Jun 21 15:37 file1

-rw-r–r– 1 user staff 35 Jun 21 15:32 file2

$ chmod o-w file1

$ ls -l

-rw-rw-r– 1 user staff 39 Jun 21 15:37 file1

-rw-r–r– 1 user staff 35 Jun 21 15:32 file2

syntax (numeric mode):

chmod [mode] file

The mode is a combination of three digits – the first digit indicates the permission for the user,
the second digit for the group, and the third digit for others.

Each digit is computed by adding the associated permissions. Read permission is ‗4‘, write
permission is ‗2‘ and execute permission is ‗1‘.

Example: Give read/write/execute permission to the user, read/execute permission to the group,
and execute permission to others.

$ ls -l

-rw-r–r– 1 user staff 39 Jun 21 15:37 file1

-rw-r–r– 1 user staff 35 Jun 21 15:32 file2

$ chmod 777 file1

$ ls -l

-rwxrwxrwx 1 user staff 39 Jun 21 15:37 file1

-rw-r–r– 1 user staff 35 Jun 21 15:32 file2