Although Linux is in many ways clearer and simpler than Windows, it demands more attention, especially if you are going to use it to run a website. Linux assumes you're going to want to admin your machine, rather than letting the machine take care of its own admin, and because *nix has been used for major internet archetectures for a while, it is well known to crackers etc., who delight in poking holes in it (indeed, poking holes in it is seen as positively contributing to the discovery of security holes). As such, if you are going to use Linux, it is useful to get your head around some basic admin. This page will give you a flavour, and some pointers, but you need to swat up: see the recommended reading.
UNIX-Style systems have settings for who can read, write, and execute files and read, write, and execute from directories. While these are simpler that Windows permissions, users rarely see the workings of Windows permissions, while in UNIX-style OSs manipulating these is much more common.
Each file or directory has three sets of permissions: owner, group, and all users. Each of these can be set to have read "r", write "w", and execute "x" (run) permission with regards to the file/directory. You can see the ownership and permissions of the files and directories within the pwd by typing: "ls -la".
For example, a directory may be listed as:
./ root:web rwxrwx---
Meaning the directory is owned by 'root' who can do anything (first rwx), and usable by the web group who can also do anything (second rwx). The rest of users can do nothing "---".
A file might be listed like this:
myProgram.exe root:web rwxr-xr---
Meaning the owner(root) can read,write, and run the file, while the web group can read and run the file, but not write over it, and the rest of the users have no permissions.
Especially when dealing with files on websites it is very important the ownership and permissions are set up correctly: you really don't want to give all users permission to write to web directories incase someone manages to get themselves a username on your machine &ndash the harm they can cause on your machine is bad enough; the harm they can do to client machines who think your website is safe is much greater.
You can change the owner of a file using chown (as superuser):
chown user:group filename
You can use * wildcard for all. You can also use:
chown -R user: group *
for recursive change through all directories in current directory.
You can also use chmod to change the file permissions:
chmod userGroupPublic filename
The permissions are usually allocated numerically, by totaling up the following four numbers: 4 = read; 2 = write; 1 = exec; 0 = none. For example:
chmod 750 filename
Sets to: user all permissions (4+2+1=7); Group read/exec (4+1=5); and all other users none. Again, you can use recursion and wildcards.
Key directories include:
/bin /sbin | Systems programs |
/lib | Systems libraries |
/etc | Config files |
/home | User directories |
/var | Logs etc. |
/usr/bin | User programs |
/tmp | Temp files |
/usr/share | Shared files |
Linux comes with a number of pre-installed services (programs that run in the background from startup), but you can add others and stop and start them as you need. Most have startup scripts in /etc/rc.d/init.d/, which you can call, thus:
/etc/rc.d/init.d/httpd stop
/etc/rc.d/init.d/httpd start
/etc/rc.d/init.d/httpd restart
(httpd is usually an Apache webserver)
To get programs to run at a regular time step, they need an entry in a crontab file. These are used by the "cron" program to schedual events. They are set up using the crontab command:
crontab -e cronfilename
Unfortunately crontab will often use one of the default editors.
For a long time security in UNIX-style systems was irregularly set up at install and you needed to be on top of security issues at setup and on a daily basis.
Linux generally sets up ok initially. However, you should change default passwords, give the superuser one, and make sure updates are set to automatically install (depends on the flavour you use as to how this works).
Despite this, if you set up a webserver open to the world, you need to stay on top of security issues as they arise. You can find a list of some major alert systems at LZone. There's also NCAS.