All About Apache2 [Installing, Starting and Stopping, Files and Commands]

A Web Server delivers web pages requested by clients via the internet. Apache has been the most popular and widely used web server today; in fact, it is the default web server on most Linux Distros. Web pages from the Apache Server can be accessed from a web browser, any web browser initiates communication from a web server by making a request using HTTP or HTTPS.

Installing Apache2 on an Ubuntu machine.

sudo apt-get install apache2

After installing apache2, important files are stored in /etc/apache2.
httpd.conf is the main configuration file for Apache.
apache2.conf is the main configuration file for Apache2.

Starting Apache

sudo /etc/init.d/apache2 start
or
sudo service apache2 start
or
sudo service apache2 graceful --> calls apachectl

Stoping Apache2

sudo /etc/init.d/apache2 stop
or
sudo service apache2 stop

apache2ctl
apache2ctl is a management utility, an Apache HTTP server control interface that is also used to start and stop Apache. Commands are:

start -Start the daemon
stop -Stop the daemon
restart -Restart or start the daemon
fullstatus -Report status of server (requires lynx)
graceful -Gracefully restart the server
configtest -Test config file syntax
help -Display commands

For apache2 options, type man apache2 on the terminal. If apache version 1 is installed on a machine, same commands are used, instead apache2 is replaced with httpd.

Network Configuration (Files and Commands)

Files

/etc/hostname – holds the hostname
/etc/hosts – file mapping of IP addresses – hostnames
/etc/networks – maps network addresses -names
/etc/host.conf – replaced by nsswitch
/etc/resolv.conf – client dns configuration
/etc/services – maps port numbers to names
/etc/nsswich.conf – name service switch configuration file, determines how system looks up name and various other things.

Commands

ifconfig – show and configure network interfaces
route – show and configure network routes
dhcpcd, dhcpclient, pmp – DHCP clients
dig – tests DNS servers
host – query and debug DNS servers
hostname – display hostname, and NIS domaind setting
netstat – shows what service is listening on what port
ping – sends ICMP echo request to hosts
traceroute – show the path (display routes) that a network connection takes.
mtr – works like traceroute in real time
tcpdump – packet sniffer command that displays the contents of packets received on a network interface.
route -n – view the routing table
whois – queries information about the owner of the domain

Netstat
netstat -a -u -t – Prints ports in use
netstat -r – Prints routing table
netstat -i – Prints interfaces
netstat -g – Prints multicast groups
netstat -M – Prints masqueraded connections
netstat -s – Prints statistics

Managing Group Accounts (Files and Commands)

/etc/group contains group account information.

Format:
groupname:password: GID:userlist

e.g.:

admin:x:119:diane
ssh:x:109:

/etc/gshadow contains group passwords.

Format:
groupname:password:administrators:members

e.g.:

diane:!::

Commands:

chage – change user password expiry information

gpasswd – change group membership, group passwords

groupadd – create a group

groupdel – delete a group

groupmod – modify a group

grpconv – moves all group password information to /etc/gshadow

grpunconv – creates group from group and gshadow and then removes gshadow

Shared password is not recommended, so do not use group passwords unless necessary.

In adding a user to a group, usermod removes user from any groups not specified, instead use gpasswd. gpasswd adds the new user without removing the new user from any existing group memberships.
syntax:
gpasswd -a user group

Managing User Accounts (Files and Commands)

etc/passwd contains the user account information(for human or non-human users). Non-human users like sshd also owns files and run processes.

Format:
username:password:userid:groupid:GECOS:homedirectory:loginshell

e.g:

diane:x:1000:1000:Diane Palo,,,:/home/diane:/bin/bash
sshd:x:115:65534::/var/run/sshd:/usr/sbin/nologin

All added users will have a userid of greater than or equall to 1000.

To suspend an account, replace the login shell to bin/false or sbin/nologin to prevent the user from logging in to the machine. Setting the login shell to bin/false or sbin/nologin is used to create limited accounts.

/etc/shadow contains user password information.

Format:
username
:password
:days since Jan 1, 1970 that password was last changed
:days before password may be changed
:days after which password must be changed
:days before password is to expire that user is warned
:days after password expires that account is disabled
:days since Jan 1, 1970 that account is disabled
:a reserved field

e.g:

diane:$6$CnGqE0NA$iLrquxZUS6bqnAbffVNtS/BRy2CB/abthemvhyUHm9A5EK8YdZtj0fSAEhUg8B2YConm0hXCuJsaItAr6RU5R1:15165:0:99999:7:::

Password is encypted, a hash of the password.

Add ‘!’ to disable an account temporarily or sudo passwd -l username.
Remove ‘!’ to enable the account or sudo passwd -u username.
To change user password expiry information, use chage username.

Commands:
passwd – change password
syntax:
passwd password

pwconv – moves all user password information from /etc/
passwd to /etc/shadow
syntax:
pwconv

pwunconv – moves all password information from /etc/shadow to /etc/passwd then deletes /etc/shadow
syntax:
pwunconv

useradd – create an account
syntax:
adduser username

userdel – delete an account
syntax:
userdel username

usermod – modify an account
syntax:
usermod username

Other Commands:

finger – display user’s information.
syntax:
finger username

chfn – change user’s information.
syntax:
chfn username

Conditions – File Tests

[ … ] or test is the command used to test information about files.

e.g.:

$ [ -f file ] # true if file is an ordinary file
$ [ ! -f file ] # true if file is NOT an ordinary file
$ [ -d file ] # true if file is a directory
$ [ -u file ] # true if file has SUID permission
$ [ -g file ] # true if file has SGID permission
$ [ -x file ] # true if file exists and is executable
$ [ -r file ] # true if file exists and is readable
$ [ -w file ] # true if file exists and is writeable
$ [ file1 -nt file2 ] # true if file1 is newer than file2

Important Notes:
– Use spaces after the ‘[‘ and before the ‘]’.
– Use spaces around operators.

Special File Permission

setuid grants temporary access permission. A normal user inherits root privileges for the purpose of that process. setuid bit is represented by an S/s.
-rwSrw-rw- –> Setuid bit set, not executable
-rwsrw-rw- –> Setuid bit set, executable

syntax:

chmod 4*** file

e.g.: chmod 4644 /etc/passwd

setgid works the same way with setuid. The difference is; instead of the root, the group privileges are inherited. setgid is bit represented by an S/s.
-rw-rwSrw- –> Setgid bit set, not executable
-rw-rwsrw- –> Setgid bit set, executable
file should be a member of the group, to access privilege.

syntax:

chmod 2*** file

e.g.: chmod 2755 hexdump

stickybit keep programs in swap even after execution. Files in a directory with the sticky bit set can not be deleted by anyone other than the owner of the file, the owner of the directory, and the root user. Sticky bit is represented by an T/t.
-rw-rw-rwT –> Sticky bit set, not executable
-rw-rw-rwt –> Sticky bit set, executable

syntax:

chmod 1*** file

e.g.: chmod 1755 myfile

umask and chattr

umask alters the standard permission. umask is set in etc/profile.

File Creation
default permission when creating a file: 666 [rw- rw- rw-]
permission when a file is created : 644 [rw- r– r–]
this is because of umask setting in etc/profile, umask 022 is subtracted from 666

Directory Creation
default permission when creating a file: 777 [rwx rwx rwx]
permission when a directory is created : 755 [rwx r-x r-x]
this is because of umask setting in etc/profile, umask 022 is subtracted from 777

chattr change a file’s attributes. It is used to change and drop attributes.

chattr +i file

ls command do not display attributes. lsattr command must be used instead

lsattr file

chown and chgrp

To change file ownership, use chown command. And to change the group where a file belong to, use chgrp command.

change file owner:

chown user file

change file owner and group:

chown user:group file

change only the group:

chgrp user file

File Permissions

In Linux, users are able to control file access through the use of permissions.
The three modes of file access are:
read -view the file
write – change the file
execute – run the file

A file is different from a directory when talking about permissions. In a directory, the three mode of access are:
read – view directory’s contents
write – add, delete, rename files
execute – open a files or sub directories in a directory

Files and Directories can be accessed by:
file owner or user (u) – with an entry in /etc/passwd
member of the files’ group (g) – with an entry in /etc/group
anyone else or others (o)

Using ls -l command, all file’s attributes can be examined.

Changing File Permission

Permissions can be specified in absolute form or surgical form.
Absolute form use octal specification.

| u | g | o |
rwx rwx rwx
421 421 421
Here's a summary of numerical permission:
7     full
6     read and write
5     read and execute
4     read only
3     write and execute
2     write only
1     execute only
0     none

syntax:

chmod ### file

e.g
chmod 540 sample.txt

Surgical form use who/how/what specification

Who:
u - user 
g - group
o - other 
a - all (u+g+o)
How: 
+ - Add permission, existing unaffected 
- - Remove permission, existing unaffected 
= - Set permission, existing replaced
What:
r - read
w -write
x -execute

syntax:

chmod WhoHowWhat file

e.g.:
Add execute permission for the file’s owner: chmod u+x file.txt
Remove write permission from group and others: chmod go-w file.txt
Set the file to read only for everyone (kills existing permissions): chmod a=r file.txt

Maintaining the Integrity of File Systems

Here’s another summary of commands used in Linux. These commands are related to filesystem maintenance. It is important to monitor disk space and check Linux file system.

du – shows disk usage
syntax:

du [options] directory

Options:
-a Show counts for all files & directories
-b Display size in bytes
-c Print total for all arguments after processing
-h Print in human readable form
-k Show size in Kilobytes
-m Display size in Megabytes
-s Display a summary for each argument
-x Skip directories containing other filesystems

df – show used and available disk space
syntax:

df [options] directory

Options:
-a Show counts for all filesystems
-t fs type Limit listing to fs type
-h Print in human readable form
-k Show size in Kilobytes
-m Display size in Megabytes
-i Display inode information
-l Limit listing to local filesystems
-x fs type Exclude fs type from listing

fsck – check and optionally repair one or more Linux file systems.
Syntax:

fsck [options] device

Options:
-p Automatically repair without prompting
-n Don’t make changes to filesystem
-y Assume yes to all questions
-f Force check even if fs is clean
-r Interactively prompt for changes
-v Be verbose
-A Check all filesystems in /etc/fstab
-C Display a progress bar
-N Don’t execute, show what would be done

When fsck completes, it will return a value:
Code and Meaning
0 No errors
1 Errors found & corrected
2 System should be rebooted
4 Filesystem error left uncorrected
8 Operational error
16 Usage or syntax error
128 Shared library error

e2fsck – check Linux second extended file system (e2fs).
mke2fs – create an ext2 filesystem or make an ext3 filesystem with the -j option.
syntax:

mke2fs [options] device

Options:
-V Be verbose
-b blocksize Make blocks blocksize bytes
-c Check for bad blocks on device
-i bytes per inode Create an inode for each bytes per inode
-j Create a journal (ext3)
-L label Set the volume label
-N inodes Create the fs with specified number of inodes
-n Show what would be done (don’t actually create fs)

debugfs – a file system debugger
syntax:

debugfs [options] device

commands:
cat filespec –dump contents of the inode filespec to stdout.
cd filespec –change current working directory to filespec.
chroot filespec –change root directory to be the directory file spec.
close –close currently open file system
quit –exit debugfs

dumpe2fs – print super block and blocks group information for the filesystem present on device
syntax:

dumpe2fs [options] device

Options:
-b Display badblocks on device
-h Display superblock information

tune2fs – adjust tunable filesystem parameters on a Linux ext2 filesystem.
Syntax:

tune2fs [options] device

Options:
-c max-mounts Set no of mounts before fsck is forced
-g group Set the group who can use reserved blocks
-j Add a journal to the filesystem
-L label Set the volume label
-r blocks Set the number of reserved blocks