Friday 28 October 2011

System administration

1. Do not log in as root

..unless there is a good reason for doing so. In Linux you can create as many users as you like, all with their own home folders and permissions.

One user is special: root (also called "superuser") has the right to do anything.

Use su - to temporary become root and do the things you need, never log into your sytem as root!

Root is only for system maintainance, this is not a regular user (LWindows don't have any user management at all and uses root for everything, this is a very bad idea!).

You can execute a command as root with: 
  su -c 'command done as root'

Gentoo Linux: Note that on Gentoo Linux only users that are member of the wheel group are allowed to su to root.

2. Keep track of what is done

The first thing you should do as root is make a file called 
  /root/DoneAsRoot.txt

Use this file to write down everything that is done as root (superuser).

Make two directories in the /root folder: 
  /root/original

  /root/changes

Copy all your original configuration files to /root/original before you make any changes.

When you changed a configuration file, back it up in /root/changes.

Write down what you installed and what configuration files you have changed in /root/DoneAsRoot.txt.

This may seem like unimportant extra work, and for a home user it may be. The DoneAsRoot.txt can be used to get a quick overview of how the system is configured. It can be used for reference when setting up another system. Most importantly, this makes it easy for someone else to step in as root and instantly understand how the system is configured.

3. linksys on open wifis

default login and password for linksys is admin/admin

4. Admin tips

To find files writable to groups or everyone:
/usr/bin/find / -type f \( -perm -2 -o -perm -20 \) -exec ls -lg {} \; 2>/dev/null >group-writable.txt
/usr/bin/find / -type d \( -perm -2 -o -perm -20 \) -exec ls -ldg {} \; 2>/dev/null >>world-writable.txt

This will greate two large lists of all the files that have insecure permissions and can be written to by a group or by everybody.

Make sure only files that, for some reason, need to allow this do, generally this is a bad thing.
Use chmod g-w and chmod o-w to remove the write permissions.
Posted by at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)