Adding Users in Linux

Question: How do I manually add a user on my Linux server?

Answer: There are many reasons why you might want to add a user manually. Some scripts require their own special users with generic permissions to run them. Creating a user is actually very easy. Just follow these steps:

1. Login to your server via SSH.
2. Become root:
$ su
3. If the user you want to make is called “mrtest” simply enter:

# adduser mrtest
4. It will ask for the user’s password. Enter it.
5. It will then ask for Full Name, room number, work phone, etc. All of this is optional.
6. Finally, it will ask if the information is correct. Just press Y for yes.

By default, the user’s group will be the same as the name. If it needs to be in another group, you will need to tell Linux to change it. We will cover that in another post.

Password Protecting Your Directories

Question: How do I password protect a directory on my website?

Answer: Many web hosting control panels offer a “password protect” feature for your directories. If not, there is a moderately easy way to do it with an Apache .htaccess file.

First, create an .htaccess file that looks like this:

AuthUserFile /home/yourname/.htpasswd
AuthName “Password Protected”
AuthType Basic
require user yourname

Replace “yourname” with your desired username. Next, you will need to create the .htpasswd file in the location you specified. This requires you to have an encrypted password entry:

username:encryptedpassword

Use the following form to create one: Htpasswd Generator.

Changing the MySQL root password

Question: How do I change my MySQL root password on my dedicated server?

Answer: If you have never set the password for MySQL, the server will allow you to connect as root without any password at all. This is obviously not secure and needs to be fixed. Consider it an important step in configuring your server for the first time.

To setup the password for the first time, type this from the command line:

mysqladmin -u root password 54321

Replace “54321″ with your desired password.

To change the password after it has already been set, enter the following:

mysqladmin -u root -p 'oldpassword' password 54321

Replace ‘oldpassword’ with your actual password and 54321 with the new one.

Photo Source: Flickr

Managing passwords in Linux with the "passwd" command

When managing a dedicated server, it is very important to keep a secure password and to change it periodically. In an SSH session, the best way to accomplish this is to use the “passwd” command. A normal user can change his/her own account, while a system administrator (root) can change any account’s password on the system.

In Linux, there are certain requirements for passwords. The “passwd” command is configured to reject passwords that appear to be too easy to guess, particularly those that match common usage words. To change the password of the current user, just type passwd with nothing following it. To change the password of any other user, log in as root and then enter:

passwd username

It will ask you for a new password and then ask you to type the password again to confirm it. A good password will be 6 to 8 character and contain both lowercase letters and numbers. Another trick you can use to make sure a user changes his or her password is to use the “-e” flag. Enter:

passwd -e username

This will cause the user’s password to expire and force the person to change the password at his/her next login.

Photo Source: Flickr

Keep Your Website Safe from Hackers

Question: How do I keep my hosting account from being hacked?

Answer:

1. More than anything else, it is important to keep your passwords secret and unique. No one else should have your password, not even your web host. If someone emails you pretending to be your web host or other authority and asks you for your password, do NOT believe it. Contact your web hosting company and let them know about the email. Also, make your password difficult to guess. Try to use a mixture of letters and numbers rather than a real word.

2. Always keep your personal computer clean from viruses and perform all of your security updates. Chances are, if you are infected with malware or a botnet, it will seek out the computers you connect to first, starting with your server.

3. Always keep third-party scripts and software up to date. This is crucial. You could have taken all other precautions, but if your shopping cart or forum has an unpatched security hole, you are in for a hurting — something that could affect your entire server and be grounds for account suspension.

4. Make sure that none of your files have world-writable permissions. In Linux, this means 777. In a file manager or FTP program, it might look like “-rwxrwxrwx”. Files should be either 755 (only for executable files, when a script requires it) or 644 (writeable only to you and read-only to everyone else). Those will look like “-rwxr-xr-x” and “-rw-r–r–”.

Photo: SXC

What's in a password?

Phishing is on the rise, and with more services moving online, web fraud is a serious concern. Most people are pretty confident that their passwords are safe from cybercrime, but are they really? For your Twitter account, maybe you are not that concerned if your password is your daughter’s name, but when it comes to your website, possibly your source of income, you might want to consider something a little more sophisticated.

Identity thieves and other cyber criminals typical have password sniffing software and a lot of practice guessing passwords of people they want to exploit. There are a few easy steps you can take to make sure your password is rock solid. First, make sure you use a combination of letters and numbers. Using all of one or the other just makes it easier to hack. You can also consider using mixed case letters. Next, make sure that you avoid common words or number combinations. It should look totally random, even if it is not.

Finally, you should consider rotating your password, trying different combinations. If you have used the same password for the past two years, you could be asking for trouble. There are a plethora of password generators on the web and for PCs that can make the process a little easier. Some of them will check the strength of your passwords. This feature is also built into many operating systems like Linux. Knowing your password is safe makes your job and your web host’s job a lot easier.