How To Manage Groups And Users On Linux

User and group management on Linux sounds pretty complex, but it’s actually quite easy. If you’ve had trouble understanding how to create new groups, delete existing groups, or modifying users on your system, don’t worry. As it turns out, even the most experienced of Linux users can easily forget the fundamentals. In this guide, we’ll go over all the ways you can manage groups and users on the Linux platform.

Create New Groups

Creating new groups isn’t something many users do, as most Linux distributions don’t need it. If you’re installing software or managing things in a way that requires a new group, the quickest way to accomplish this is with the command-line with the groupadd command.

To use groupadd, you’ll need root access, or at the very least, the ability to interact with the system via sudo privileges. Confirm that your user can do this, then open up a terminal and do the following to create a new group:

su -

groupadd newgroup

or, alternatively, make a new group with sudo:

sudo groupadd newgroup

alternatively, create multiple groups at once:

su -
groupadd newgroup, newgroup2, newgroup3

or

sudo groupadd newgroup, newgroup2, newgroup3

Groupadd will create the new group on your Linux system. To confirm that the group is there, consider filtering through the list of groups on your PC.

cut -d: -f1 /etc/group | grep newgroup

By combining the above command with grep, it’s possible to filter out the new group you made. If the command returns nothing, try to create the user group again.

Delete Groups

If you have no use for a certain group on your Linux PC, it’s a good idea to delete it. Removing a user group on Linux is as easy as creating a new one. First, log in as su, or confirm your user can execute sudo commands. Then, run the groupdel command to get rid of an existing group.

su -
groupdel newgroup

or

sudo groupdel newgroup

Running groupdel should get rid of it. List all available groups on your PC to be sure.

cut -d: -f1 /etc/group | grep newgroup

If Grep doesn’t return anything, you’ll know for sure the group is gone.

Add/Remove Users To Groups

To add existing users to a newly created group, you’ll need to make use of the usermod command. Open up a terminal and use the cut command to view all groups. Go through the list and find the names of the groups you’d like to add your user to. Alternatively, use the name of the user group created earlier.

Note: like before, confirm you can log into Root with su, or that you’re able to use sudo before modifying critical user information.

su -

usermod -a -G newgroup yourusername

or

sudo usermod -a -G newgroup yourusername

Confirm your user is added to the new group by running the following command:

groups

Manage Users

Aside from managing groups on Linux, learning how to create and manage users is also key to maintaining a harmonious Linux system. Unlike group management, user tools are a lot less complicated. There’s not a whole lot of complexity to it. In this section of the guide we’ll go over how to create a new user on Linux with the command line and how to delete a user.

Create New User

Need to create a new user on your Linux system? Start out by opening up a terminal window. In the terminal, gain root access with su or sudo.

su -

or

sudo -s

Now that you’ve got a root shell, it’ll be much easier to manipulate users without needing to add “sudo”, and a password over and over. To create a new user with a full home directory, run the command below.

Note: on some Linux PC’s you may need to replace “useradd” with “adduser”.

useradd newuser

Alternatively, it’s possible to create a new user and assign groups to it at the same time:

useradd -G group1, group2, group3, group4, group5, group6 newuser

After creating the new user, set the password:

passwd newuser

Delete User

Deleting users on Linux is quite straightforward and easy. Getting rid of a user can easily be accomplished on Linux by making use of the userdel command.

Note: before continuing with deleting users, be sure to log out of everything. It’s a very bad idea to delete a user that is currently in use. Things can go wrong, and you’ll reget it.

Once you’ve made sure you’re not logged into the user you plan to delete, run:

su -

or

sudo -s

Followed by:

userdel -r newuser

To delete the user but preserve the Home directory, run this command instead:

userdel newuser

Read How To Manage Groups And Users On Linux by Derrik Diener on AddictiveTips – Tech tips to make you smarter

3 Ways To Secure An SSH Server On Linux

SSH is awesome, as it allows us to gain terminal access to other Linux PCs and servers over the network, or even the internet! Still, for as amazing as this technology is, there are some glaring security issues that make using it unsafe. If you’re an average user, there’s no real need to install complicated SSH security tools. Instead, consider following these basic steps to secure an SSH server on Linux.

Change Default Connection Port

By far the quickest and easiest way to secure an SSH server is to change the port it uses. By default, SSH server runs on port 22. To change it, open up a terminal window. Inside the terminal window, SSH to the remote PC hosting SSH server.

ssh user@local-ip-address

Once logged in, drop from a regular user to Root. If you’ve got the Root account on, logging in with su is a good choice. Else, you’ll need to gain access with sudo.

su -

or

sudo -s

Now that you’ve got admin access, open up the SSH configuration file in Nano.

nano /etc/ssh/sshd_config

Scroll through the configuration file for “Port 22”. Remove the if there is one, then change 22″ to another number. Typically, a port above 100, or even one in the 1,000 range will suffice. After changing the port number, press the Ctrl + O keyboard combination to save the edits. Then, exit the editor by pressing Ctrl + X.

Editing the configuration file isn’t going to immediately switch your SSH server over to using the correct port. Instead, you’ll need to manually restart the service.

systemctl restart sshd

Running the systemctl command should reboot the SSH daemon and apply the new settings. If restarting the daemon fails, another option is to reboot your SSH server machine:

reboot

After restarting the daemon (or machine), SSH will not be accessible via port 22. As a result, connecting over SSH requires manually specifying the port.

Note: be sure to change “1234” with the port set in the SSH configuration file.

ssh -p 1234 user@local-ip-address

Disable Password Login

Another great way to secure an SSH server is to remove password login and instead transition to logging in via SSH keys. Going the SSH key route creates a circle of trust between your SSH server and remote machines that have your key. It’s an encrypted password file that’s hard to crack.

Set up with an SSH key on your server. When you’ve got the keys set up, open up a terminal and open up the SSH configuration file.

su -

or

sudo -s

Then, open the config in Nano with:

nano /etc/ssh/sshd_config

By default, SSH servers handle authentication via the user’s password. If you’ve got a secure password, this is a good way to go, but an encrypted SSH key on trusted machines is faster, more convenient, and secure. To finish the transition to “passwordless login”, look in the SSH configuration file. Inside this file, scroll through and find the entry that says “PasswordAuthentication”.

Remove the # symbol from in front of “PasswordAuthentication”, and ensure it has the word “no” in front of it. If everything looks good, save the edits to the SSH configuration by pressing Ctrl + O on the keyboard.

After saving the configuration, close Nano with Ctrl + X, and restart SSHD to apply the changes.

systemctl restart sshd

If you don’t use systemd, try restarting SSH with this command instead:

service ssh restart

Next time a remote machine tries to log into this SSH server, it will check for the correct keys and let them in, without a password.

Disable Root Account

Disabling the Root account on your SSH server is a way to mitigate the damage that may occur when an unauthorized user gains access over SSH. To disable the Root account, it is imperative that at least one user on your SSH server can gain Root via sudo. This will ensure that you can still gain system-level access if you need it, without the Root password.

Note: be sure that the users who can access Root privileges via sudo have a secure password, or disabling the superuser account is pointless.

To disable Root, elevate the terminal to superuser privileges:

sudo -s

Using sudo -s bypasses the need to log in with su, and instead grants a root shell via the sudoers file. Now that the shell has superuser access, run the password command and scramble the Root account with –lock.

passwd --lock root

Running the above command scrambles the Root account’s password so that logging in via su is impossible. From now on, users can only SSH in as a local user, then switch to a Root account via sudo privileges.

Read 3 Ways To Secure An SSH Server On Linux by Derrik Diener on AddictiveTips – Tech tips to make you smarter

How To Create A Dropbox Backup Server On Linux

A headless Dropbox backup server starts out by installing a command-line version of Dropbox. In this instance, we’ll make use of the Dropbox Uploader. It’s a script that makes automatically uploading content to Dropbox over the command-line very easy.

Install Git

To get this script, you’ll need to have the Git package installed on your Linux PC. Open up a terminal window and enter the following commands to get going with Git.

Ubuntu

sudo apt install git

Debian

sudo apt-get install git

Arch Linux

sudo pacman-S git

Fedora

sudo dnf install git

OpenSUSE

sudo zypper install git

Other Linuxes

Git is ubiquitous. As a result, users on even the most obscure Linux distribution should be able to install it. Use your package manager to search for “git”, and install it. Alternatively, check Pkgs.org for a downloadable installer.

Dropbox Uploader

Once the Git tool is installed, we can use it to grab the code for Dropbox Uploader. In the terminal, clone the source code on your Linux PC:

git clone https://github.com/andreafabrizi/Dropbox-Uploader.git

Using the CD command, move the terminal into the newly cloned Dropbox-Uploader folder.

cd Dropbox-Uploader

From here, the script can be used, but it won’t work correctly. To ensure that Dropbox Uploader runs right on Linux, you’ll need to update the permissions of it. Ultimately, the Dropbox Uploader tool is a Shell script, so a simple chmod will suffice.

chmod +x dropbox_uploader.sh

Dropbox Uploader works by running dropbox_uploader.sh. However, the tool also comes with a few other scripts that users can use to work with Dropbox. Optionally, update the permissions on these files to with:

chmod +x dropShell.sh

chmod +x testUnit.sh

Set Up Dropbox API

Now that the Dropbox backup software is on your Linux PC, we can set up the backup system. The first step is to create a new Dropbox app code. This code will be used to log Dropbox into your account. To create a new app, head over to the official developer page, find the “create app” button and click it.

Clicking the “create app” brings you to the API page. Select “Dropbox API” to continue.

Next, choose the level of access Dropbox Uploader should have. For best results, select “Full Access”. Doing this will allow it to work within multiple folders, inside your entire account, rather than just a single area.

Write in the name of the app and click the “create app” button to finish up.

After going through the process of creating an App in the developer center, you’ll be brought to the Dropbox app entry for the Upload tool. Scroll down, find “Generated access token” and click the “Generate” button.

Creating Backups

You’ve got a Dropbox API page set up for the uploader, and an access token to use with it. The next step is to associate the script with your account. To do this, go to the terminal and run the Dropbox Uploader tool.

./dropbox_uploader.sh

When you run the script for the first time, it will ask you for the access token. Go back to the Dropbox API page and copy the new access code from earlier.

After adding the new access code, it’s safe to start running backups. Start off by using the uploader to create a new folder:

./dropbox_uploader.sh mkdir Backup

Running mkdir will create a remote backup folder in your Dropbox account. From here, you’ll be able to upload files to it. To upload,  run the command below.

Note: Dropbox Uploader can handle more than just Tar.gz files. Customize the command below to upload any kind of file.

./dropbox_uploader.sh upload /home/username/location/of/file.tar.gz

Automate Backups

Manual upload is nice, but it’s better to automate these kinds of things. For this job, it’s best to use Cron. In a terminal, gain Root with su or sudo.

su –

or

sudo -s

In the Root shell, access Cron:

crontab -e

Choose the option to use Nano as the editor. Then, paste the following in the Cron file.

Note: this Cron command will tell your Linux PC to compress a backup and upload it to the Backup folder in Dropbox every day at 8:06 AM.

06 08 * * 6 tar -zcvf backup-$(date +%Y-%m-%d).tar.gz /home/username/;/home/username/Dropbox-Uploader/dropbox_uploader.sh upload /home/username/backup-$(date +%Y-%m-%d).tar.gz Backups

Save the command into Cron. Once saved, your PC will automatically take a snapshot of /home/username/, compress it to a Tar.gz archive, date it, and upload it to Dropbox. Don’t want to backup your entire home folder on a schedule? Customize the folder paths, so that it points to a specific folder.

If everything looks good, save the new Cron file in Nano with Ctrl + O.

Disable Automated Backups

Automatic backups to Dropbox are cool, but if you only want to deal with it manually, remove the command from Cron:

su -
crontab -e

Like before, save the edits with Ctrl + O. After saving, the automatic backup will stop.

Read How To Create A Dropbox Backup Server On Linux by Derrik Diener on AddictiveTips – Tech tips to make you smarter

How To Save Music CDs To Your Linux PC With Sound Juicer

Looking for a good way to convert your old physical CD collection to digital files on Linux? If so, we’ve got you covered. In this article, we’ll go over exactly how to turn Music CDs into digital files and convert them so they can upload to the cloud. Linux has many different programs that save Music CDs but by far the most user-friendly one out there is Gnome Sound Juicer.

Install Sound Juicer

To install it, open up a terminal, select your operating system below and enter the command to get going.

To use Gnome Sound Juicer, you’ll need Ubuntu, Debian, Arch Linux, Fedora or OpenSUSE.

Ubuntu

sudo apt install sound-juicer

Debian

sudo apt-get install sound-juicer

Arch Linux

sudo pacman -S sound-juicer

Fedora

sudo dnf install sound-juicer

OpenSUSE

sudo zypper install sound-juicer

Other Linuxes

Sound Juicer is an old program. As a result, it’s available on most Linux distributions without issue. To install it, open up Gnome Software, KDE Discover or use the terminal to search your package manager for “sound-juicer” and install it. Can’t find it? Don’t worry! The Gnome project has versions of this app’s source code downloadable. Grab the latest version of the source code and read the file INSTALL to learn how to compile it.

After installing the Gnome Sound Juicer correctly, open it up and move on to the next part of the tutorial.

Using Sound Juicer

Sound Juicer is a useful tool because it can scan the data on an audio CD, convert the files, and save them to various formats on your Linux PC. To get started, open up your CD/DVD disc drive and place in the audio CD. Sound Juicer should automatically detect that a Music CD is in the drive. If not, close the app and re-open it.

Note: Sound Juicer will not launch if it does not detect a CD/DVD drive connected to your Linux PC. If you plan to use an external USB disk drive, connect it before attempting to run the program.

The app should instantly read the CD. Additionally, it’ll attempt to use the Music Brainz database to detect and automatically assign metadata to what it thinks the album is. If your album isn’t detected, you’ll see the button “Edit Album”. Click this button and manually add the id3 metadata for the album.

When all information for the Music CD is added, click the “Select All” button, then hit “Extract” to convert the audio tracks on the CD to OGG music files. All files, once done with the Sound Juicer application, will save to a folder (with the artist name) inside of /home/username/Music/.

Converting OGG Files

At this point, it’s a good idea to point out that Sound Juicer converts audio tracks on albums to the OGG format. It is an open source format that enjoys pretty good support on a lot of different operating systems. However, if you have plans to upload your music to Google Play Music, Amazon Music, or others, this format isn’t a good one to use.

Sound Juicer can’t save in any other format, so you’ll need to also install an encoder. On Linux, the best encoder to use is FFmpeg. It runs through the command line but it’s the fastest and most versatile tool to use for this job. Open up a terminal and install FFmpeg to your PC.

Ubuntu

sudo apt install ffmpeg

Debian

sudo apt-get install ffmpeg

Arch Linux

sudo pacman -S ffmpeg

Fedora

sudo dnf install ffmpeg

OpenSUSE

sudo zypper install ffmpeg

Other Linuxes

Need FFMpeg on your Linux PC? Head over to the official website and learn how to build it from source. Otherwise, search your Linux distribution’s package manager for “ffmpeg” and install it.

Now that FFmpeg is taken care of, go back to the terminal window and CD into the ~/Music directory on your Linux PC. In this example, our Music CD is labeled “Unknown Artist”. Yours may differ.

cd ~/Music

Next, use the LS command to reveal the contents of Music. Look around for the Artist folder that corresponds with what you just saved in Sound Juicer.

ls

CD into the artist folder.

cd Unknown\  \Artist\Unknown\ \Title

Run the conversion command. Please note that you will need to do this for each individual file. In our example, we have 10 OGG files, so FFmpeg needs to convert 10 separate times.

Note: be sure to change “saved-track-file-name” and “new-track-file-name” to each file you’d like to convert.

ffmpeg -i saved-track-file-name.ogg new-track-file-name.mp3

Now that all OGG files are MP3 files, it’s safe to remove the old OGG files:

rm *.ogg

By using a wild-card, RM will only remove files with the OGG extension. The new MP3 files generated by FFmpeg remain in the same place as the original ones.

Read How To Save Music CDs To Your Linux PC With Sound Juicer by Derrik Diener on AddictiveTips – Tech tips to make you smarter

How To Install The Caddy Web Server On Linux

These days, HTTPS is key when hosting a website. Without it, your users could be leaking very personal data from your website into the world. To solve this, many Linux webmasters have taken to using the LetsEncrypt tools, as they make it very easy to generate a certificate. Still, for as easy as LetsEncrpyt is, enabling it on Nginx or Apache on Linux can still be a bit of a chore. Luckily, there’s a better way. Introducing the Caddy web server. It’s web server that has HTTPS enabled by default. If you’re sick of hassling with SSL certificates, Caddy may be just what you need.

Installing Caddy

Installing the Caddy web server works pretty much the same no matter what server operating system you are using. The reason Caddy is so easy to install is that of the developer’s choice to use a downloadable Bash script for installing the software, rather than adding third-party software repositories or installing via binaries.

In this tutorial, we’ll be using Ubuntu Server, though running the Caddy web Server will work just fine on most other Linux OS’s too, even desktop ones. To start off, make sure you have the Curl app on your Linux PC. If you don’t, open up a terminal search your package manager for “curl”, and install it.

Note: determine if you have curl already by running curl in the terminal. If the “help” dialog shows up for the program, you have Curl on your Linux machine.

curl https://getcaddy.com | bash -s personal

The Caddy web server is free to use for personal use, but you must specify it. Planning to use Caddy in an enterprise setting? Run the installation command with:

curl https://getcaddy.com | bash -s commercial

Running Curl will pipe it through Bash and automatically start the installation process. The Caddy installer will take time to download the web server binary and place it in /usr/local/bin/ directory. If the installation is successful, you’ll see a message saying “Successfully Installed”.

At this point, you’ll need to modify the Caddy binary. Run the following command in the terminal, with sudo privileges.

sudo setcap cap_net_bind_service=+ep /usr/local/bin/caddy

Configuring Caddy

Caddy is installed on the server. The next step in the process is to configure the directory structure. Start out by getting a root terminal. Doing this will make modifying folders in the file system much faster, as you won’t need to enter sudo for every command, followed by a password.

On most systems, users can log directly into the root account with:

su

On Ubuntu server, however, the Root account is locked for security reasons. To get around this, gain a root shell with sudo.

sudo -s

Now that we have root access, create the necessary directories for the Caddy server to operate correctly.

mkdir /etc/caddy

mkdir /etc/ssl/caddy

Note: If your server already has a /var/www/ directory, skip this last mkdir command.

mkdir /var/www

Next, create a new “Caddyfile” inside of /etc/caddy/.

touch /etc/caddy/Caddyfile

Using the chmod command, update the permissions for the Caddy sub-folder inside of /etc/ssl/.

chmod 0770 /etc/ssl/caddy

Lastly, chown the /var/www/ directory:

chown www-data: /var/www

Caddy Systemd File

Most servers, especially Ubuntu server make heavy use of the systemd init system. However, since the web server installs via Bash script, a systemd file isn’t present. Instead, we’ll need to make our own. Use the touch command to make a new, blank service file.

touch /lib/systemd/system/caddy.service

Open up the new caddy.service file and paste the following code into it:

[Unit]
Description=Caddy HTTP/2 web server
Documentation=https://caddyserver.com/docs
After=network-online.target
Wants=network-online.target

[Service]
Restart=on-failure
StartLimitInterval=86400
StartLimitBurst=5

User=www-data
Group=www-data
; Letsencrypt-issued certificates will be written to this directory.
Environment=CADDYPATH=/etc/ssl/caddy

ExecStart=/usr/local/bin/caddy -log stdout -agree=true -conf=/etc/caddy/Caddyfile -root=/var/tmp
ExecReload=/bin/kill -USR1 $MAINPID

LimitNOFILE=1048576
LimitNPROC=64

PrivateTmp=true
PrivateDevices=true
ProtectHome=true
ProtectSystem=full
ReadWriteDirectories=/etc/ssl/caddy

; The following additional security directives only work with systemd v229 or later.
; They further retrict privileges that can be gained by caddy. Uncomment if you like.
; Note that you may have to add capabilities required by any plugins in use.
;CapabilityBoundingSet=CAP_NET_BIND_SERVICE
;AmbientCapabilities=CAP_NET_BIND_SERVICE
;NoNewPrivileges=true

[Install]
WantedBy=multi-user.target

There is a lot of code for the caddy.service file, so do your best to ensure everything is there. When you’re sure, save the changes by pressing the Ctrl + X keyboard combination. Exit the editor with Ctrl + X.

systemctl enable caddy.service

systemctl start caddy.service

After setting up systemd, everything should be ready to go.

Setting Up Domains

Caddy, like any other web server, needs a bit of configuration before using it. Start off by creating a domain folder:

Note: be sure to rename “test-domain.org” with your domain.

mkdir -p /var/www/test-domain.org/

Next, edit the file Caddyfile we created earlier.

nano /etc/caddy/Caddyfile

Paste the following code to activate your new domain:

my-domain.com {
root /var/www/test-domain.org
}

Restart the Caddy systemd service to save the changes. When the service finishes restarting, Caddy is ready to use on your server.

systemctl restart caddy.service

Read How To Install The Caddy Web Server On Linux by Derrik Diener on AddictiveTips – Tech tips to make you smarter