General Commands (Most Used)

  • set user password
    • passwd (options) username
    • Will prompt for old password
  • Disable root user
    • sudo passwd -l root  (-l is small L)   [root cannot login with password]
    • usermod --expiredate 1    [account is disabled]
    • sudo usermod —e 1 root
  • Enable root
    • sudo passwd root
    • (give it a password and it will be enabled)
  • Give current user sudo privledges
    • sudo -i
  • List all groups

    cat /etc/group

  • List all users

    cat /etc/passwd

  • list only directories
    • ls -d
  • SUDO
    • *When you run a command, you are acting as root. Therefore directories created with sudo will belong to root.
  • su
  • show server version
    • cat /etc/issue
  • Change a files owner
    • sudo chown -R www-data:www-data some_directory/

Managing Users and Permissions

  • show users logged in and history
    • lastlog
  • Change user in terminal
    • su [name of user]
  • Add users   (Also see "Ubuntu Server Setup General Steps"
    • useradd vs adduser
      • useradd is a command, it will just add user
        • ** useradd WILL NOT create /home/user directory unless you use a flag, see below. 
      • adduser is a script that will prompt for pass and other info. it WILL create a /home/user directory
    • useradd   (add user command line)
      • -d set home directory
      • -m force useradd to create the home directory
      • -p set password
      • -G add to group
        • useradd -G groupname username
      • Example useradd: add the user, sajeev34,  to the directory = group = webusertest1
        • sudo useradd johndoe -d  /var/www/public_html/ -G webusertest1
        • sudo useradd johndoe -d /var/www/ -G www-data
          • you must still assign a password using passwd
          • See ACL to assign access
    • adduser (prompt for details)
    • add a user for web (apache) access example:
      • useradd -d /var/www/public_html/ -G www-data -p password USERNAME
    • add user (already exists) to apache group
      • usermod -G www-data username
    • Delete user
      • deluser username
        • -remove-all-files      remove all files owned by this user
        • -remove-home        remove the user's home directory
  • Create a symbolic link from a users home directory to another directory
  • set user password
    • passwd (options) username
      • Will prompt for old password
  • Add/Delete a user to a group
    • See the all of the users in a group
      • cat /etc/group  OR   getent group groupname
    • Example, add a user to the www-data group
      • sudo usermod -a -G GroupName UserName
        • a - add to group (use with G)
        • G - group name
        • sudo usermod -a -G www-data jsmith
    • Delete a user from a group
      • deluser <username> <groupname>
  • Give a user root permissions. Disable the root user
    • *** Ideally add user to admin(or sudo) group which has sudo privileges. 
    • If user doesn’t exist
      • Create user with adduser. (above)
      • Set the user password (above)
    • Add user to /etc/sudoers
      username ALL=(ALL:ALL) ALL
      4. login as this user and Disable Root user
      sudo passwd -l root (-l is small L)
  • Change document root to apache: change owner of directory
    • sudo chgrp newgroup nameOFfile
    • sudo chgrp -R www-data /directory/directory
  • change files owner and group
    • sudo chown fileowner:filegroup nameOFfile
    • sudo chown www-data:www-data qlaunch1
    • change recursively (all sub files and folders)
      • sudo chown -R www-data:www-data some_directory/
  • create a group
    • groupadd NameOFGroup
    • list groups
      • cat /etc/group
    • list members of a group
      • getent group www-data
    • Add a user to a group
      • sudo usermod -a -G groupName www-data
        • where  groupName is the name of the group and www-data is the user
        • -a is append
        • -G group name
  • Change permissions of directory
    • chmod 
      • -R change files and directories (all files in the directories)
      • change mod of files only in a directory
        • sudo find /path/to/someDirectory -type f -print0 | xargs -0 sudo chmod 644
      • change mod of directories only
        • sudo find /path/to/someDirectory -type d -print0 | xargs -0 sudo chmod 755
  • Set a folder so all files are owned by apache, no matter who edits them: 

Copying and Deleting, Managing Files

  • copy file
    • cp sourceFile targetFile
  • copy a directory
    • cp -r source destination
      -r or -R is recursive (include all sub folders and files)
      cp -r dir1 dir2
      cp -option  source destination
      cp -option1 -option2  source destination 
  • copy all files from one directory to another
    • mv -vn olddirectory/* /newdirectory/newdirectory
      • check man for attributes
    • Move all files up one directory:
      • mv * .[^.]* ..
        • Spaces are needed. 
    • in Mac, you must specify the entire directory path for source and target
      • sudo mv /Users/userName/Sites-acquia-drupal/sites/whistlepunk.localhost/whistlepunk/docroot/* .[^.]* /Users/userName/Sites-acquia-drupal/sites/whistlepunk.localhost/
        • ** Note the use of /* .[^.]* to grab all files incl those that start with .
  • Move a directory
    • mv fromflderpath tofolderpath
        • sudo mv /var/www/public_html/drupal8test1/public/drupal/* .[^.]* /var/www/public_html/drupal8test1/public/  
  • Rename a directory
    • mv /home/user/oldname /home/user/newname
  • Upload a file from the desktop to the server
    • ** MAY HAVE PERMISSIONS ISSUES: Suggest upload to your home directory on the server then cp internally. 
    • scp /Users/johnDoe/Desktop/Symfony_Standard_Vendors_2.3.3.tgz jmahoney@ 
    • scp /Users/johnDoe/Desktop/placeholder1.png
      • Run this from mac prompt
      • Make sure jmahoney has write access on remote server. 
      • also,
        • sudo scp useraccountname@mymac:/Users/johnDoe/Desktop/test.txt 
          • useraccountname = your mac user
          • mymac: you mac’s hostname. 
        • sudo scp /Users/johnDoe/Desktop/ckeditor-internal.css jrmaroney@5162.209.96.80:/var/www/pcats-D7/sites/all/themes/si_conexxus/css 
      • WORKS: (set ssh port)
        • scp -P 55432 /Users/johnDoe/ARC_ADMIN/Archives/FileName.jpa jrmaron325@
    • Examples

      Copy the file "foobar.txt" from a remote host to the local host
      $ scp
      Copy the file "foobar.txt" from the local host to a remote host
      $ scp foobar.txt
      Copy the directory "foo" from the local host to a remote host's directory "bar"
      $ scp -r foo
      Copy the file "foobar.txt" from remote host "" to remote host ""
      $ scp \
      Copying the files "foo.txt" and "bar.txt" from the local host to your home directory on the remote host
      $ scp foo:.txt bar.txt
      Copy the file "foobar.txt" from the local host to a remote host using port 2264
      $ scp -P 2264 foobar.txt
      Copy multiple files from the remote host to your current directory on the local host
      $ scp\{a,b,c\} .
      $ scp\{foo.txt,bar.txt\} .
  • Copy files from server to Mac desktop
  • find a file
    • locate
      • ex. locate php.ini
  • Delete/Remove files and directory
    • rm (filename)
    • remove directory and all files in that directory
      • rm -r  OR rm -R directoryname
        • r/R => recurrsive
        • -r will prompt y/n for each file UNLESS you use sudo
      • rm -R directoryname
      • rm -R -i directoryname
    • Remove EVERYTHING, force delete CAREFUL!
      • sudo rm -rf (name of directory)
  • find largest files
    • If you just need to find large files, you can use find with the -size option. The next command will list all files larger than 10MiB
      • find / -size +10M -ls
      • find / -size +10G -ls
    • If you want to find files between a certain size, you can combine it with a "size lower than" search. The next command find files between 10MiB and 12MiB:
      • find / -size +10M -size -12M -ls     
  • find size of a directory, find largest directories
    • du / | sort -n
      • last entries are largest files/directories  
    • du -h —max-depth=1
    • du --max-depth=7 /* | sort -n
      • max depth = 7 directories 
    • [CentOS] du -m filename    or      du -h filename     or    du -ms foldername
  • get PHP version
    • php-config --version
    • dpkg -l | grrep php
    • [CentOS]  php -i
  • Compress and uncompress
  • Make a link to another file or directory (known as symbolic link)
    • ln -s {target-filename} {symbolic-filename}
      • For example create softlink for /webroot/home/httpd/ as /home/vivek/index.php, enter the following command: * -s allows link to directory. 
      • ln -s /webroot/home/httpd/ /home/vivek/index.php
      • ls -l

Access Control/Permissions: ACL

  • About: ACL is an add-on to Ubuntu that can help you manage permissions for different users. it is HIGHLY recommended that this is installed during initial setup. 
  • Setup ACL
    1. (reference)
    2. sudo apt-get install acl
    3. make backup copy of fstab
      1. /etc/fstab
    4. Add acl option to fstab file
      1. /dev/xvda1 / ext3 defaults,acl,errors=remount-ro,noatime    0 1
    5. remount the partitions
      1. (run from root) mount -o remount /
    6. verify acl is active
      1. mount | grep acl
        1. You should see a line that includes "acl"
  • check user access
    • getfacl /var/www/~~~~~
  • grant user access
    • sudo setfacl -Rm u:johnDoe:rwx public/
    • ** If a directory is not created by a web root user, they will lose access to it. Use this command to re-assign access. 
  • grant group access
    • sudo setfacl -Rdm g:webusers:rwx public/
  • Allow user to change file permissions, upload download files to a directory


  • About: Use ufw Firewall to block general SSH access (Do not need to install, this is part of Ubuntu core, just enable). During setup, change the SSH port to something different than 22 RIGHT AWAY
  • If the port you want to open or close is defined in /etc/services, you can use the port name instead of the number. In the above examples, replace 22 with ssh.
  • set default to allow
  • sudo ufw default allow
    1. enable
      1. sudo ufw enable
    2. disable 
      1. sudo ufw disable
    3. check status
      1. sudo ufw status
      2. sudo ufw status verbose
    4. Check the rules as a dry run
      1. sudo ufw --dry-run allow http
        1. shows what would be applied if an allow http rule were applied
    5. enable logging
      1. sudo ufw logging on
      2. Read the log
        1. sudo cat /var/log/ufw.log
    6. allow specific port and IP address
      1. sudo ufw allow from <ip address> to <protocol> port <port no>
      2. ex. allow ip address access to port 22 for all protocols
        1. sudo ufw allow from to any port 22
      3. default deny port 22
        1. sudo ufw deny 22
    7. Open port 80 so the public can see your site
      1. sudo ufw allow 80
    8. If you'll be using SSL, you need to open port 443
      1. sudo ufw allow 443
    9. delete a rule
      1. sudo ufw delete <rule>
        1. ex. sudo ufw delete deny 80/tcp
        2. ufw delete <number> where number is number of rule. 
    10. limit the number of ssh login attempts to 6
      1. sudo ufw limit ssh/tcp
        1. will deny connections if an IP address has attempted to initiate 6 or more connections in the last 30 seconds. 
    11. Block or Unblock an IP address that has been blocked
      1. block an ip address
        1. sudo ufw block from
      2. allow from that address
        1. sudo ufw allow from




  • About: Ubuntu has many many, did we say many, applications and libraries available. Research the ones you need BEFORE you setup the server. 
  • search for an application
    • sudo aptitude search application
    • sudo aptitude search htop
  • CURL
    • sudo apt-get install curl
    • sudo apt-get install php5-curl
    • >restart apache
  • XSL support
    • sudo apt-get install php5-xsl
  • GD Library
    • sudo apt-get install php5-gd
  • List orphaned packages
    • sudo apt-get autoremove
  • List install libraries
  • list all applications
    • aptitude search php5
  • Remove a library:
    • sudo aptitude purge XXYY  where XXYY is the package name
  • Check php and mysql versions
    • php -v
    • mysql -V


  • Preferred Method:
    • * If a database is being written to during shutdown it will get corrupted
    • Suggest check google real-time analytics to make sure no one is using site. 
    • shutdown apache (this will stop users from writing to db)
      • sudo /etc/init.d/apache2 stop
    • reboot the server
      • sudo reboot
  • sudo shutdown -h now
  • sudo shutdown -h 0
  • sudo shutdown -h 18:45 "Server is going down for maintenance"
    • Shuts it down at 6:45pm
  • HALT (server has been hacked and is out of control!)
    • sudo halt
      • halt is less 'soft' than shutdown
  • sudo reboot
  • sudo shutdown -r 0
    • (same as sudo reboot)

Updates - Patches

  • Update repositories (always do before updating)
    • sudo apt-get update
  • upgrade ssl (heartbleed bug)
    • sudo apt-get upgrade openssl
    • check version
      • openssl version -a  (-a = all information)

IN A JAM(Trouble Shooting)

Our team is happy to answer your sales questions. Fill out the form and we’ll be in touch as soon as possible.

2901 E Baltimore St, Baltimore, MD 21224