Chapter 3 - Working in Linux

3.2.1 Major Applications

Server Applications

Software that has no direct interaction with the monitor and keyboard of the machine it
runs on. Its purpose is to serve information to other computers, called clients.
Sometimes server applications may not talk to other computers but only sit there and
crunch data.
Linux excels at running server applications because of its reliability and efficiency. The
ability to optimize server operating systems with just needed components allows
administrators to do more with less, a feature loved by startups and large enterprises
alike.

Desk Applications

Web browsers, text editors, music players, or other applications with which users
interact directly. In many cases, such as a web browser, the application is talking to a
server on the other end and interpreting the data. This is the “client” side of a
client/server application.

Tools

A loose category of software that exists to make it easier to manage computer systems.
Tools can help configure displays, provide a Linux shell that users type commands into,
or even more sophisticated tools, called compilers, that convert source code to
application programs that the computer can execute.

3.2.2.1 Web servers

HyperText Transfer Protocol (HTTP)

The web page itself can either be static or dynamic. When the web browser requests a
static page, the web server sends the file as it appears on disk. In the case of a
dynamic site, the request is sent by the web server to an application, which generates
the content.

WordPress
 is one popular example. Users can develop content through their browser in the
WordPress application, and the software turns it into a fully functional dynamic website.

Apache

the dominant web server in use today.

was originally a standalone project, but the group has since formed the Apache
Software Foundation and maintains over a hundred open source software
projects. Apache HTTPD is the daemon, or server application program, that “serves”
web page requests.

NGINX

Which is based out of Russia. It focuses on performance by making use of more

modern UNIX kernels and only does a subset of what Apache can do. Over 65% of
websites are powered by either NGINX or Apache.

3.2.2.2 Private Cloud Servers

ownCloud

was launched in 2010 by Frank Karlitschek to provide software to store, sync and share
data from private cloud servers. It is available in a standard open source GNU AGPLv3
license and an enterprise version that carries a commercial license.

NextCloud

was forked from ownCloud in 2016 by Karlitschek and has been growing steadily since
then. It is provided under a GNU AGPLv3 and aims for “an open, transparent
development process.”

Both projects focus on providing private cloud software that meets the needs of both large
and small organizations that require security, privacy, and regulatory compliance. While
several other projects aim to serve the same users, these two are by far the largest in terms
of both deployment and project members.

3.2.2.3 Database Servers

MariaDB
 a community-developed fork of the MySQL relational database management system. It
is just one of many database servers used for web development as different
requirements dictate the best application for the required tasks.
A database stores information and also allows for easy retrieval and querying. Some
other popular databases are Firebird and PostgreSQL. You might enter raw sales
figures into the database and then use a language called Structured Query Language
(SQL) to aggregate sales by product and date to produce a report.

3.2.2.4 Email Servers

Mail Transfer Agent (MTA)

The most well known MTA (software that is used to transfer electronic messages to
other systems) is Sendmail. Postfix is another popular one and aims to be simpler and
more secure than Sendmail.

Mail Delivery Agent (MDA)

Also called the Local Delivery Agent, it takes care of storing the email in the user’s
mailbox. Usually invoked from the final MTA in the chain.

POP/IMAP Server

The Post Office Protocol (POP) and Internet Message Access Protocol (IMAP) are
two communication protocols that let an email client running on your computer talk to a
remote server to pick up the email.
Dovecot - a popular POP/IMAP server owing to its ease of use and low
maintenance. Cyrus IMAP is another option. Some POP/IMAP servers implement
their own mail database format for performance and include the MDA if the custom
database is desired. People using standard file formats (such as all the emails in
one text file) can choose any MDA.

Microsoft Exchange - is shipped primarily as a software package/suite that includes all the
necessary or approved components, all from Microsoft, so there are few if any options to
make individual selections. In the open source world, many options can be modularly
included or swapped out for package components, and indeed some software packages or
suites are just a well-packaged set of otherwise individual components all harmoniously
working together.

3.2.2.5 File Sharing

Samba

allows a Linux machine to look and behave like a Windows machine so that it can
share files and participate in a Windows domain.
Samba implements the server components, such as making files available for sharing
and certain Windows server roles, and also the client end so that a Linux machine may
consume a Windows file share.

Netatalk

lets a Linux machine perform as an Apple Macintosh file server. The native file sharing
protocol for UNIX/Linux is called the Network File System (NFS).
NFS is usually part of the kernel which means that a remote file system can be
mounted (made accessible) just like a regular disk, making file access transparent to
other applications.

Domain Name System (DNS)

It is used to convert a name like https://www.icann.org/ to an IP address like 192.0.43.7,

which is a unique identifier of a computer on the Internet. DNS also holds global
information like the address of the MTA for a given domain name. An organization may
want to run their own DNS server to host their public-facing names, and also to serve
as an internal directory of services.
Internet Software Consortium- maintains the most popular DNS server, simply
called bind after the name of the process that runs the service.\
Lightweight Directory Access Protocol (LDAP) - one common directory system
which also powers Microsoft’s Active Directory. In LDAP, an object is stored in a
tree, and the position of that object on the tree can be used to derive information
about the object and what it stores. For example, a Linux administrator may be
stored in a branch of the tree called “IT Department,” which is under a branch
called “Operations.” Thus one can find all the technical staff by searching under
the “IT Department” branch.
OpenLDAP - dominant program used in Linux infrastructure.

Dynamic Host Configuration Protocol (DHCP)

When a computer boots up, it needs an IP address for the local network so it can be
uniquely identified.
DHCP’s job is to listen for requests and to assign a free address from the DHCP pool.
The Internet Systems Consortium (known until January 2004 as the Internet Software
Consortium) also maintains the ISC DHCP server, which is the most common open
 source DHCP server.

3.2.3.1 Email
Thunderbird

full-featured desktop email client. Thunderbird connects to a POP or IMAP server,

displays email locally, and sends email through an external SMTP server.

Evolution and KMail

which are the GNOME and KDE projects' email clients. Standardization through POP
and IMAP and local email formats means that it’s easy to switch between email clients
without losing data.

3.2.3.2 Creative
Blender

3D movie creation

GIMP (GNU Image Manipulation Program)

2D image manipulation

Audacity

audio editing
They have had various degrees of success in professional markets. Blender is used for
everything from independent films to Hollywood movies, for example. GIMP supports
high-quality photo manipulation, original artwork creation, graphic design elements, and
is extensible through scripting in multiple languages. Audacity is a free and open source
audio editing tool that is available on multiple operating systems.

3.2.3.3 Productivity
LibreOffice

a fork of the OpenOffice (sometimes called OpenOffice.org) application suite. Both

offer a full office suite, including tools that strive for compatibility with Microsoft Office in
 both features and file formats.

LibreOffice Calc

is not limited to rows and columns of numbers. The numbers can be the source of a
graph, and formulas can be written to calculate values based on information, such as
pulling together interest rates and loan amounts to help compare different borrowing
options.

LibreOffice Writer

a document can contain text, graphics, data tables, and much more. You can link
documents and spreadsheets together, for example, so that you can summarize data in
a written form and know that any changes to the spreadsheet will be reflected in the
document.
LibreOffice can also work with other file formats, such as Microsoft Office or Adobe
Portable Document Format (PDF) files. Additionally, through the use of extensions,
LibreOffice can be made to integrate with Wiki software to give you a powerful intranet
solution.

3.2.3.4 Web Browsers

Linux is a first class citizen for the Mozilla Firefox and Google Chrome browsers.
Both are open source web browsers that are fast, feature-rich, and have excellent
support for web developers.
These packages are an excellent example of how competition helps to drive open
source development – improvements made to one browser spur the development of the
other browser. As a result, the Internet has two excellent browsers that push the limits
of what can be done on the web, and work across a variety of platforms. Using a
browser, while second nature for many, can lead to privacy concerns. By understanding
and modifying the configuration options, one can limit the amount of information they
share while searching the web and saving content.

3.3 Console Tools

Historically, the development of UNIX shows considerable overlap between the skills of
software development and systems administration.
The tools for managing systems have features of computer languages such as loops
(which allow commands to be carried out repeatedly), and some computer
programming languages are used extensively in automating systems administration
 tasks. Thus, one should consider these skills complementary, and at least a basic
familiarity with programming is required for competent systems administrators.

**3.3.1 Shells
At the basic level, users interact with a Linux system through a shell whether
connecting to the system remotely or from an attached keyboard. The shell’s job is to
accept commands, like file manipulations and starting applications, and to pass those
to the Linux kernel for execution.

Bourne shell & C shell

was named after its creator Stephen Bourne of Bell Labs.

The C shell was so named because its syntax borrows heavily from the C language.
As both these shells were invented in the 1970s, there are more modern versions,
the Bourne Again Shell (Bash) and the tcsh (pronounced as tee-cee-shell). Bash is
the default shell on most systems, though tcsh is also typically available.

Programmers have taken favorite features from Bash and tcsh and made other shells, such
as the Korn shell (ksh) and the Z shell (zsh). The choice of shells is mostly a personal one;
users who are comfortable with Bash can operate effectively on most Linux systems. Other
shells may offer features that increase productivity in specific use cases.

3.3.2 Text Editors

Most Linux systems provide a choice of text editors which are commonly used at the
console to edit configuration files. The two main applications are Vi (or the more
modern Vim) and Emacs. Both are remarkably powerful tools to edit text files; they
differ in the format of the commands and how plugins are written for them. Plugins can
be anything from syntax highlighting of software projects to integrated calendars.
Both Vi and Emacs are complex and have a steep learning curve, which is not helpful
for simple editing of a small text file. Therefore, Pico and Nano are available on most
systems and provide very basic text editing.

Note

Consider This: The Nano editor was developed as a completely open source editor
that is loosely based on Pico, as the license for Pico is not an open source license and
forbids making changes and distributing it.
While Nano is simple and easy to use, it doesn’t offer the extensive suite of more advanced
editing and key binding features that an editor like Vi does. Administrators should strive to
gain some basic familiarity with Vi, though, because it is available on almost every Linux
system in existence. When restoring a broken Linux system by running in the distribution’s
recovery mode, Vi can be a critical tool, and the best time to learn Vim or any editor is before
you desperately need it to fix a broken system.

3.4 Package Management

Every Linux system needs to add, remove, and update software. In the past this meant
downloading the source code, setting it up, compiling it, and copying files onto each
system that required updating. Thankfully, modern distributions use packages, which
are compressed files that bundle up an application and its dependencies (or required
files), greatly simplifying the installation by making the right directories, copying the
proper files into them, and creating such needed items as symbolic links.
Package Manager - takes care of keeping track of which files belong to which
package and even downloading updates from repositories, typically a remote
server sharing out the appropriate updates for a distribution. In Linux, there are
many different software package management systems, but the two most popular
are those from Debian and Red Hat.

3.4.1 Debian Package

The Debian distribution, and its derivatives such as Ubuntu and Mint, use the Debian
package management system. At the heart of Debian package management are
software packages that are distributed as files ending in the .deb extension.
The lowest-level tool for managing these files is the dpkg command. This command
can be tricky for novice Linux users, so the Advanced Package Tool, apt-get (a
front-end program to the dpkg tool), makes management of packages easier.
Additional command line tools which serve as front-ends
to dpkg include aptitude and GUI front-ends like Synaptic and Software Center.

3.4.2 RPM Package Management

Linux Standards Base

Which is a Linux Foundation project, is designed to specify (through a consensus) a

set of standards that increase the compatibility between conforming Linux systems.
According to the Linux Standards Base, the standard package management system is
RPM.
 RPM makes use of an .rpm file for each software package. This system is what
distributions derived from Red Hat, including Centos and Fedora, use to manage
software. Several other distributions that are not Red Hat derived, such as SUSE,
OpenSUSE, and Arch, also use RPM.
The back-end tool most commonly used for RPM Package Management is
the rpm command. While the rpm command can install, update, query and
remove packages, the command line front-end tools such
as yum and up2date automate the process of resolving dependency issues.

Note

A back-end program or application either interacts directly with a front-end program or

is "called" by an intermediate program. Back end programs would not interact directly
with the user. Basically, there are programs that interact with people (front-end) and
programs that interact with other programs (back-end).

There are also GUI-based front-end tools such as Yumex and Gnome PackageKit that
also make RPM package management easier.
Some RPM-based distributions have implemented the ZYpp (or libzypp) package
management style, mostly openSUSE and SUSE Linux Enterprise, but mobile
distributions MeeGo, Tizen and Sailfish as well.

zypper (command) - is the basis of the ZYpp method, and it features short and long
English commands to perform functions, such as zypper in packagename which installs a
package including any needed dependencies.

Most of the commands associated with package management require root privileges.
The rule of thumb is that if a command affects the state of a package, administrative
access is required. In other words, a regular user can perform a query or a search, but
to add, update or remove a package requires the command to be executed as the root
user.

3.5 Development Languages

C language

Language itself maps closely to the generated machine code so that a skilled
programmer can write code that is small and efficient.\
When computer memory was measured in kilobytes, this was very important. Even with
large memory sizes today, C is still helpful for writing code that must run fast, such as
an operating system.
 It has been extended over the years. There is C++, which adds object support to C (a
different style of programming), and Objective C that took another direction and is in
heavy use in Apple products.

Java

First imagines a hypothetical CPU called the Java Virtual Machine (JVM) and then
compiles all the code to that. Each host computer then runs JVM software to translate
the JVM instructions (called bytecode) into native instructions.

Interpreted languages
- Are translated to machine code as they execute.
- Also tend to offer more features than compiled languages, meaning that often less code is
needed. The language interpreter itself is usually written in another language such as C, and
sometimes even Java! This means that an interpreted language is being run on the JVM,
which is translated at runtime into actual machine code.

JavaScript

A high-level interpreted programming language that is one of the core technologies on

the world wide web. It is similar to but fundamentally different from Java, which is a
completely object-oriented programming language owned by Oracle.
A cross-platform scripting language for adding interactive elements to web pages, that
is in wide use across the internet.

Note

Consider This: Object-oriented refers to programming that abstracts complex actions

and processes so that the end user only deals with basic tasks. To visualize this
concept, think of a machine that performs a complex set of tasks by simply pushing a
button.

Perl

An interpreted language. It was originally developed to perform text manipulation. Over

the years, it gained favor with systems administrators and continues to be improved
and used in everything from automation to building web applications.

PHP

A language that was initially built to create dynamic web pages.

 A PHP file is read by a web server such as Apache. Special tags in the file indicate that
parts of the code should be interpreted as instructions. The web server pulls all the
different parts of the file together and sends it to the web browser.
PHP’s main advantages are that it is easy to learn and available on almost any system.
Because of this, many popular projects are built on PHP.

Ruby

Another language that was influenced by Perl and Shell, along with many other
languages. It makes complex programming tasks relatively easy, and with the inclusion
of the Ruby on Rails framework, is a popular choice for building complex web
applications.
is also the language that powers many of the leading automation tools
like Chef and Puppet, which make managing a large number of Linux systems much
simpler.

Python

Another scripting language that is in general use. Much like Ruby it makes complex
tasks easier and has a framework called Django that makes building web applications
very easy. Python has excellent statistical processing abilities and is a favorite in
academia.
ImageMagick - One such library that lets programmers manipulate images in
code.It also ships with some command line tools that enable programmers to
process images from a shell and take advantage of the scripting capabilities there.

OpenSSL

is a cryptographic library that is used in everything from web servers to the command
line. It provides a standard interface for adding cryptography into a Perl script, for
example.
At a much lower level is the C library. The C library provides a basic set of functions for
reading and writing to files and displays, and is used by applications and other
languages alike.

3.6 Security
Administrators and computer users are increasingly aware of privacy concerns in both
their personal and professional lives. High-profile data breaches have been in the news
all too often recently, and the cost of these break-ins can reach into the millions of
 dollars for the institutions that fall victim to hackers and ransomware attacks. Many
times the cause of these breaches is simply human error such as opening a suspicious
email or entering passwords into a phony login page.
Cookies are the primary mechanism that websites use to track you. Sometimes this
tracking is good, such as to keep track of what is in your shopping cart or to keep you
logged in when you return to the site.
Browsers typically offer cookie-related settings; users can opt to have the browser tell
the site not to track. This voluntary tag is sent in the request, and some sites will honor
it. The browser can also be set never to remember third-party cookies and remove
regular cookies (such as from the site you are browsing) after being closed.
Tweaking privacy settings can make you more anonymous on the Internet, but it can
also cause problems with some sites that depend on third-party cookies. If this
happens, you might have to explicitly permit some cookies to be saved.
Browsers also offer a private or incognito mode where cookies and tracking pixels are
deleted upon exiting the window. This mode can be helpful if you would like to search
for something without letting other websites know what you are looking for.

3.6.1 Password Issues

Good password management is essential to security in any computing environment.
The Linux systems administrator is often the person responsible for setting and
enforcing password policies for users at all levels.
The most privileged user on any Linux system is root; this account is the
primary administrator and is created when the operating system is installed. Often
administrators will disable root access as the first line of defense against intrusion since
computer hackers will try to gain root access in order to take control of the system.
There are many levels of access and various means of password management on a
Linux system. When users are created, they are given different login permissions
depending on what groups they are assigned to.
Managing all these accounts, and their accompanying passwords is a complicated and
necessary part of the systems administrator role. Passwords need to be complex
enough not to be easily guessed by hackers, yet easy to remember for users.
Increasingly users and administrators are turning to password manager programs to
store login credentials in encrypted form.
Two-factor authentication (2FA) - a technique where a password is
supplemented by a second “factor,” often a passcode sent to the user's phone or
other devices. Keeping up with current security trends, while ensuring authorized
users' ease of access, is an ongoing challenge that must be met.

3.6.2 Protecting Yourself

 The easiest thing you can do is to use a good, unique password everywhere you go,
especially on your local machine. A good password is at least 10 characters long and
contains a mixture of numbers, letters (both upper and lower case) and special
symbols. Use a password manager like KeePassX to generate passwords, and then
you only need to have a login password to your machine and a password to open up
your KeePassX file.

Finally, you should protect your computer from accepting incoming connections.
A firewall is a device that filters network traffic, and Linux has one built-in. If you are
using Ubuntu, then the Gufw is a graphical interface to Ubuntu’s Uncomplicated
Firewall (UFW).
Under the hood, you are using iptables, which is the built-in firewall system. Instead of
entering complicated iptables commands you use a GUI. While this GUI lets you build
an effective policy for a desktop, it barely scratches the surface of what iptables can do.

3.6.3 Privacy Tools

HyperText Transfer Protocol Secure (HTTPS)

standard used on web servers to ensure that data transmitted between users and
online resources cannot be intercepted as it travels on the open Internet.

Virtual Private Networks (VPN)

have been in use by companies to connect their remote servers and employees for
many years. Now they are gaining popularity amongst ordinary users looking to protect
their privacy online.
 They work by creating an encrypted channel of communication between two systems,
so the data transmitted between them is scrambled by an algorithm only the systems
know.

Tor

has long been involved in creating privacy tools like it’s Tor Browser that works by
relaying internet requests through a network of servers that prevents websites and
others from learning the identity of the person making the request.

These tools are constantly evolving and choosing which ones are appropriate for the users
and systems involved is an essential part of the systems administrator's role.

3.7 The Cloud

A cloud deployment model provides a basis for how cloud infrastructure is built,
managed, and accessed. There are four primary cloud deployment models:
Public Cloud: a cloud infrastructure deployed by a provider to offer cloud services
to the general public and organizations over the Internet. In the public cloud
model, there may be multiple tenants (consumers) who share common cloud
resources. More than likely, many of us have accessed public cloud resources at
some point through providers such as Amazon, Google, and other popular public
cloud providers.
Private Cloud: a cloud infrastructure that is set up for the sole use of a particular
organization. When compared to a public cloud, a private cloud offers
organizations a greater degree of privacy, and control over the cloud
infrastructure, applications, and data. It can be hosted either on servers managed
by the company that is using it or through a managed private cloud provider such
as Rackspace or IBM.
Community Cloud: a cloud infrastructure that is set up for the sole use by a
group of organizations with common goals or requirements. The organizations
participating in the community typically share the cost of the community cloud
service. This option may be more expensive than the public cloud; however, it may
offer a higher level of control and protection against external threats than a public
cloud.
Hybrid Cloud: composed of two or more individual clouds, each of which can be
a private, community, or public cloud.It may change over time as component
clouds join and leave. The use of such technology enables data and application
portability. It also allows companies to leverage outside resources while retaining
control of sensitive resources.