ServerSuit Technical How-To’s



June 14 2016

In our last article, we covered the chmod command which allows you to manipulate file access permissions on a per-user and per-group basis.That article covered the basics, so with this one we want to get a little deeper with advanced attributes. Let's start off with 'suid' and 'sgid.'

Suid and sgid bits are useful if a user needs to run an executable that they otherwise don't have any priveleges for. Before execution, the system checks these bits and substitutes the current user's privileges to the owner`s (or owner's group) of a file. If we want to, for example, restart apache process and we`d like to delegate its execution to an unprivileged (not root or sudoer) user of our system, we'd start with the following script.

June 13 2016

In the our last couple articles a while ago, we discussed how anyone can use SSH to safely transfer files between Linux servers or how to use SSH to create tunnels between your local PC and a remote server. They're great tools and can be extremely useful, but it does require you to configure proper tunnel first. It also has the glaring limitation of being unable to access any resource outside of your server. So, with that in mind, let's talk about VPN and what it can do for us.

June 10 2016

One of the the basic foundations of working with Linux is delegating file access permissions: who can access the file and who can manipulate it. Default file permissions for system files are usually already set by the OS. However new files created by users and third party programs need to be taken care of manually. Missteps in setting up file permissions can lead to problems with the system, newly installed programs, and potentially increase security risks. More importantly, this can lead to authentication and authorization errors.

June 06 2016

We have written briefly before about backups and their importance which, again, cannot be overstated. You may heard a saying like ‘there are two kinds of sys admins: those that made backups and those that don't have a job anymore.'

Anyway, when it comes to backups you also need to validate them to be sure that they saved correctly and that it's what you wanted to save. I can remember a few cases when I suddenly realized that a directory was moved to another location a while ago, but the backup routine was still backing up from the old location. Of course, I ended up noticing only when I had to restore the data. The moral here is that you should be thinking about your backups at the same time that you're thinking about your primary files, or it will bite you sooner or later. 

June 02 2016

There are never enough questions about Linux server security and how to be sure that no one, except you, would ever be able to connect to it. We've discussed this before with our articles on using key-based authentication and Fail2ban. I can personally think that you should always use keys to access SSH on your server, because even the best passwords can be broken. Not to mention having to change it every few months and trying to remember it. Yeah, I know password managers exist but when we're talking about your server with sensitive data on it, you want to be damn sure it’s safe. And that’s where 2-factor authentication comes in.