Computerworld - This article is excerpted from The Official Ubuntu Book by Benjamin Mako Hill, Jono Bacon, Corey Burger, Jonathan Jesse and Ivan Krstic, copyright Prentice Hall. Reprinted with permission of Prentice Hall, all rights reserved.
As a system administrator, one of your chief tasks is dealing with server security. If your server is connected to the Internet, for security purposes, it's in a war zone. If it's only an internal server, you still need to deal with (accidentally) malicious users, disgruntled employees and the guy in accounting who really wants to read the boss's secretary's e-mail.
In general, Ubuntu Server is a very secure platform. The Ubuntu Security Team, the team that produces all official security updates, has one of the best turnaround times in the industry. Ubuntu ships with a no open ports policy, meaning that after you install the machine -- be it an Ubuntu desktop or a server -- no applications will be accepting connections from the Internet by default. Like Ubuntu desktops, Ubuntu Server uses the sudo mechanism for system administration, eschewing the root account. And finally, security updates are guaranteed for at least 18 months after each release (five years for some releases, like Dapper), and are free.
In this section, we want to take a look at filesystem security, system resource limits, dealing with logs and finally some network security. But Linux security is a difficult and expansive topic; remember that we're giving you a crash course here, and leaving a lot of things out -- to be a good administrator, you'll want to learn more.
User Account Administration
Many aspects of user administration on Linux systems are consistent across distributions. Debian provides some convenience tools, such as the useradd command, to make things easier for you. But since Ubuntu fully inherits Debian's user administration model, we won't go into detail about it here. Instead, let us refer you to the O'Reilly Web site for the basics. After reading that page, you'll have full knowledge of the standard model, and we can briefly talk about the Ubuntu difference: sudo.
Ubuntu doesn't enable the root, or administrator, account by default. There is a great deal of security benefit to this approach and incredibly few downsides, all of which are documented at the man pages for sudo_root.
The user that you add during installation is the one who, by default, is placed into the admin group and may use sudo to perform system administration tasks. After adding new users to the system, you may add them to the admin group like this:
$ sudo adduser username admin
Simply use deluser in place of adduser in the above command to remove a user from the group.
One thing to keep in mind is that sudo isn't just a workaround for giving people root access. It can also handle fine-grain permissions, such as saying, "allow this user to execute only these three commands with superuser privileges."
Documentation about specifying these permissions is available in the "sudoers" man page, which can be a bit daunting -- feel free to skip close to the end of it, until you reach the EXAMPLES section. It should take you maybe 10 or 15 minutes to grok it, and it covers a vast majority of the situations for which you'll want sudo. When you're ready to put your new knowledge to use, simply run:
Be careful here -- the sudoers database, which lives in /etc/sudoers, is not meant to just be opened in an editor, because an editor won't check the syntax for you! If you mess up the sudoers database, you might find yourself with no way to become an administrator on the machine.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Is Your Big Data Solution Production-Ready? Read "Is Your Big Data Solution Production-Ready?" now, and discover best practices and actionable steps to implementing a production-ready big data solution.
- Pay-as-you-Grow Data Protection: IBM Tivoli's Full-featured Data Protection Suite for Small to Medium Businesses IBM Tivoli Storage Manager Suite for Unified Recovery gives small and medium businesses the opportunity to start out with only the individual solutions...
- Streamline Data Protection with IBM Tivoli Storage Manager Operations Center IBM Tivoli Storage Manager (TSM) has been an industry-standard data protection solution for two decades. But, where most competitors focus exclusively on Backup...
- Simplify and Consolidate Data Protection for Better Business Results Learn about IBM® Tivoli® Storage Manager Operations Center, which provides advanced visualization, built-in analytics and integrated workflow automation features that leapfrog traditional backup...
- Webinar: Building a Big Data solution that's production-ready Big data solutions are no longer just a nice-to-have.
- Meg Whitman presents Unlocking IT with Big Data During this Web Event you will hear Meg Whitman, President and CEO, HP discuss HAVEn - the #1 Big Data platform, as well... All Linux and Unix White Papers | Webcasts