How Linux admins can avoid common pitfalls

• Tags:
• Command Line,
• Gui,
• Command,
• Commands

Jack Wallen

Published: 31 Dec 2008 12:44 GMT

• 
• 
• 
• 
• 

...and 2.6.20 as your backup. If you update to 2.6.26 and all is working well, you can remove 2.6.20. If you use an rpm-based system, you can use this method to remove the old kernels: rpm -qa | grep -i kernel followed by rpm-e kernel-{VERSION}.

6. Not backing up critical configuration files
How many times have you upgraded X11 only to find the new version fubar'd your xorg.conf file to the point where you can no longer use X? It used to happen to me a lot when I was new to Linux. But now, anytime X is going to be updated I always back up /etc/X11/xorg.conf in case the upgrade goes bad. Sure, an X update tries to back up xorg.conf, but it does so within the /etc/X11 directory. And even though this often works seamlessly, you are better off keeping that backup under your own control. I always back up xorg.conf to the /root directory so I know only the root user can even access it. Better safe than sorry. This applies to other critical backups, such as Samba, Apache and MySQL, too.

7. Booting a server to X
When a machine is a dedicated server, you might want to have X installed so some administration tasks are easier. But this doesn't mean you should have that server boot to X. This will waste precious memory and CPU cycles. Instead, stop the boot process at runlevel 3 so you are left at the command line. Not only will this leave all of your resources to the servers, it will also keep prying eyes out of your machine (unless they know the command line and passwords to log in). To log into X, you will simply have to log in and run the command startx to bring up your desktop.

8. Not understanding permissions
Permissions can make your life really easy, but if done poorly, can also make life really easy for hackers. The simplest way to handle permissions is using the rwx method.

Here's what they mean: r=read, w=write, x=execute. Say you want a user to be able to read a file but not write to a file. To do this, you would issue chmod u+r,u-wx filename. What often happens is that a new user sees an error saying they do not have permission to use a file, so they hit the file with something akin to chmod 777 filename to avoid the problem. But this can cause more problems because it gives the file executable privileges.

Remember this: 777 gives a file rwx permissions to all users (root, group, and other), 666 gives the file rw privileges to all users, 555 gives the file rx permissions to all users, 444 gives r privileges to all users, 333 gives wx privileges to all users, 222 gives w privileges to all users, 111 gives x privileges to all users, and 000 gives no privileges to all users.

9. Logging in as root user
I can't stress this enough: do not log in as root. If you need root privileges to execute or configure an application, su to root in a standard user account.

Why is logging in as root bad? Well, when you log on as a standard user, all running X applications still have access only to the system limited to that user. If you log in as root, X has all root permissions. This can cause two problems: first, if you make a big mistake via a GUI, that mistake can be catastrophic to the system; and second, X running as root makes your system more vulnerable.

10. Ignoring log files
There is a reason /var/log exists. It is a single location for all log files. This makes it simple to remember where you first need to look when there is a problem. Possible security issue? Check /var/log/secure.

One of the very first places I look is /var/log/messages. This log file is the common log file where all generic errors and such are logged to. In this file you will get messages about networking, media changes, and so on. When administering a machine you can always use a third-party application such as logwatch that can create various reports for you based on your /var/log files.

These 10 mistakes are pretty common among new Linux administrators. Avoiding the pitfalls will take you through the Linux migration rite of passage faster, and you will come out on the other side a much better administrator.

Credit: 10 mistakes new Linux administrators make from TechRepublic.com

• 
• 
• 
• 

• Share this article:
• Digg
• Slashdot
• Del.ici.ous
• Stumble
• Reddit

• Most Recent
• Most Popular