APT Package Manager on Linux Explained

As a system administrator, knowing how to installupdate or delete Linux packages is crucial in order to maintain your Linux hosts and servers.

You may have to update your current packages in order to get the latest security patches for your servers.

On the other hand, you may have to setup an entire HTTP Web Server in order to deploy a brand new website your application team developed.

Sometimes, you might just want to test new software in order to see if it fits your needs, just to uninstall the packages later on.

As a consequence, knowing how to manage Linux packages is crucial.

In this tutorial, we are going to focus on Linux package management using the APT package manager.

First, we are going to go through a bit of history on the origins of Open Source Software in order to grasp the fundamentals of Linux packages.

Later on, we will be focusing a bit more on APT (Advanced Package Tool) and we are to see how you can compile your own programs in order to have custom installations.

Ready?

What You Will Learn

By reading this tutorial, you are going to learn about the following subjects:

  • The GNU/Linux project and the origins of free software;
  • How program installation is designed on Linux and how it differs from Windows hosts;
  • What software repositories are and what are the different repository types that you may encounter;
  • APT cache complete guide : how to update your cache and how to look for programs on your system;
  • APT get detailed commands : how to install and remove Linux packages properly;

That’s a long program, so without further ado, let’s jump right into it.

GNU/Linux Origins explained

Before detailing how you can install and uninstall packages on Linux, it is quite important to have some basics about what GNU and Linux are.

When discussing about Linux, it is quite common to refer to Linux as an operating system but it is not entirely true.

When we refer to Linux operating systems, we actually refer to GNU/Linux operating systems.

What is GNU?

GNU (short for “GNU Not Unix“) is an operating system designed to provide free software that is easy to acquire, distribute and modify by yourself.

Today, it is quite popular to think of Unix (or at least GNU) as a free operating system but it has not always been the case.

For example, if you were to run the “uname” command on your system, with the “-o” option (for operating system), you would see that you are most probably running a GNU/Linux OS.

$ uname -o

uname-o

Interesting!

Back in the early days of Unix, the Unix operating system was not free open source software at all : it was developed by companies such as IBM, HP or AT&T for business needs.

However, given the rise of copyrighted software and licensed distributions, Richard Stallman, researcher at the MIT, decided to develop an UNIX alternative : GNU.

GNU was designed to be an open source operating system that is backwards compatible with Unix operating systems.

On a GNU operating system, commands (such as “ls”, “cat” or “gcc”) are completely open source.

Moreover, GNU is defined as “free software”, but are we talking about money?

Free Software Explained

As we explained before, GNU is self-proclaimed to be free software.

But the “free” software does not literally refers to money, it refers to fundamental freedoms that are core to GNU :

  • Freedom to run programs as you wish, for whatever purpose you are trying to achieve;
  • Freedom to modify the program, preconditioning a complete access to the program source code;
  • Freedom to redistribute copies in order to help your neighbours;
  • Sharing your modifications to the world : this way you are not limited to your own changes, but you can help thousands of developers around the world.

Those fundamental freedoms are tied to the concept of copyleft.

You can have specific rules added to this set of fundamental rules as long as they don’t interfere with the core rules themselves.

It would be for example illegal to take open source code, modify it and sell it without providing end users with the source code.

This is an important statement because it means that it is not forbidden to sell code per-se, it is illegal to prevent end-users from fundamental rights.

As a consequence, GNU not only defines those fundamental freedom rules but it also guarantees that those rights are spread on all subsequent versions of the software.

In this context and in order to deal with copyrighted content, the GPL license (GNU General Public License) was created.

The GPL license helps aggregating the different inherent rules dedicated to free software and to define license breaches. A complete GPL FAQ can be found on this page.

Accessing GNU packages

As you probably already understood it, GNU packages are packages designed to be sharedmodified and run wherever you want, for whatever purpose.

In this context, GNU packages can be accessed directly on the GNU website.

If you head over to the software page of the GNU official website, you would be able to see the entire list of GNU packages available to you.

gnu-packages-2

As you can see, this is quite a long list of packages.

One of the most popular package is the core-utils one, providing the most popular Linux commands such as “ls“, “cat” or “find“.

And those commands can be modified and run at will!

All those packages come whenever you installed a GNU/Linux operating system, but what if you wanted to install third-party software?

For that, Linux is designed to communicate with what we call software repositories.

What are Linux software repositories?

Before describing Linux software repositories, it is quite important to have some background about how the Linux packaging system is designed.

If you come from a Window environment, you are used to download executable files (.exe) from the Internet, open an installation wizard and click “Next” a couple of times in order to have your program installed.

On Linux, this is not the case.

On Linux, packages are downloaded and installed from online repositories by a package manager.

linux-packaging-system

APT Package Manager on Linux

On Debian-based distributions, packages are downloaded via the APT package manager.

When we refer to packages, we are essentially dealing with archive files that contain multiple deb files that are used by the dpkg utility to install programs.

So why would we need APT?

APT, standing for Advanced Package Manage, is responsible for downloading, installing, updating and removing packages from your system.

But why should we need a package manager for that?

Couldn’t we install the programs by ourselves?

It would be hard because packages are tied together through package dependencies.

Concept of packages dependencies

Let’s take for example the VIM Editor on Linux.

If you are using a Debian distribution, the VIM page for Debian repositories is available here.

This is where you would be able to find information about this specific package : what functionalities it provides, who created it but most importantly what packages it depends on.

On Linux, most packages don’t come as “pure” packages : they depend on a wide variety of different packages in order to provide third-party features to the actual program.

As you can see by scrolling the page, the VIM package depends on a lot of other packages.

dependencies

As you can see here, dependencies are split into four different categories :

  • depends : as the name states, this dependency is needed in order for the program to run. Without it, the program cannot start at all;
  • recommends : without this dependency, the program would be able to run but it would not provide all the features that this tool is designed to provide;
  • suggests : without this dependency, the program would be able to run and provide core functionalities but it would not be the final version of the tool;
  • enhances : this dependency can enhance the actual tool by improving performance or display but it is not needed at all.

Now you know why we use the APT tool : package dependencies are resolved for you at the installation time.

Now that you know more about packages, let’s have a look at what software repositories are.

Linux Software Distribution Architecture

On Linux, software is distributed through software repositories.

Software repositories are used in order to aggregate free software provided by the community.

Repositories may be tied to a specific distribution.

Ubuntu, Debian, CentOS or RHEL have their own repositories that are updated daily.

As a consequence, when you want to install a new program, you are querying those base repositories in order to retrieve packages from them.

If you wanted to install packages that are not located on distribution based repositories, you would add your own trusted repositories to your system in order to install new packages.

This is essentially why Linux is said to be safer than Windows when it comes to installing new programs.

Unless you are installing shady packages, you are most of time communicating with trusted repositories where hundreds of different developers review the code you are executing on your machine.

It does not prevent viruses or malwares from spreading but it would be unlikely because multiple independant reviewers have inspected the package code.

Note that repositories are split into different categories and you may have to take the correct repository to guarantee that you are running safe versions.

Such versions include “stable” repositories, “testing” repositories and “unstable repositories”.

Note : in other distributions, those repositories may have a different name (Ubuntu has multiverse, universe, main and so on)

By default, your distribution is most likely linked to the stable (also called “main”) repository via the sources.list configuration file.

$ cat /etc/apt/sources.list

sources-list

Now that you know more about software repositories and how your package manager interacts with it, let’s see what your package manager cache is.

APT Cache Explained

As we discussed before, the APT package manager is responsible for downloading packages from the Internet (or local package repositories) in order to install them.

However, operations done by the APT package manager are not done online all the time.

APT manages an internal database called a cache.

The APT cache is used in order to provide offline information about current packages installed on your system. It essentially guarantees that you are able to access package information without having to be connected to Internet.

Searching packages in the cache

For example, you can search for all Python related packages that may be stored in your APT cache.

For that, you need to run the “apt-cache” command with the “search” option.

$ apt-cache search <search string>

$ apt-cache search python
Tip : you can pipe your cache search with “less” in order to see all the results provided.

apt-cache search python | less

cache-search

Besides searching for specific packages, the APT cache can also show complete details about a package.

Showing package information

In order to show package information, you have to execute the “apt-cache” command with the “show” option.

$ apt-cache show <package_name>

For example, in order to have more information about the gcc package (which is a GNU compiler), you would type

$ apt-cache show gcc

apt-cache-show

So if we don’t need an Internet connection to show some details, it means that they are stored somewhere on our instance.

Let’s say for example that I want to look for the cache documentation page for the nano command.

By default, package information is stored in “/var/lib/apt/lists

$ ls /var/lib/apt/lists

var-lib-apt

In this directory, you have access to a bunch of different files that store information about packages stored in your system.

To prove it, let’s look for the file providing information for the nano command.

$ sudo grep -r -A 3 -B 3 -E "Package: nano$" . | less

cache-info

As you can see, many files contain a reference to the nano packagebut the one I am interested in is definitely contained in the “main amd64” file (as a reminder, “main” stands for stable and “amd64” to my processor architecture)

If you have any doubts about your CPU architecture, you run the “lscpu” command.

$ lscpu

processor-architecture

Updating the APT cache

As you already probably understood, the APT cache works offline.

As a consequence, the APT cache has to be updated periodically in order to make sure that :

  • You are pointing to the correct repositories;
  • You are getting the latest updates for the software installed on your computer.

In order to fetch updates for your cache, you need to run the “apt-get update” command.

$ sudo apt-get update
Note : you have to be sudo in order to update your system cache.

update-packages

As you can see, the command executes a couple of GET calls to distant repositories in order to fetch new information.

When you update your repositories, it is important to note that no software was updated on your computer.

Running the “apt-get update” command only updates the cache in order to have latest information about software, it does not directly update your programs.

In order to update your programs, you need to execute the “upgrade” command.

Updating (upgrading) your local packages

In order to update your local programs, you need to run “apt-get” with the “upgrade” option.

$ sudo apt-get upgrade

At some point during the command, you will be asked if you want to install the updates.

want-to-continue

Hit “Y” and press Enter.

When confirming, your programs will be upgraded to their latest stable version.

upgrade-packages

Nice!

You have successfully upgraded your packages using the upgrade command.

Updating your cache and upgrading your current packages is really nice, but what if you wanted to install new packages on your system?

In the next section, you are going to see how you can install new programs on your system using APT.

Installing new packages with APT

When installing new packages with APT, you essentially have two options :

  • The package is already located in one of the repositories you are linked to;
  • The package is in a distant repository and you need to add it.

In order to see if a package is already located into your APT cache, you have to search your cache.

In this example, we are going to pretend that we want to install the “gcc” package.

First, let’s see if GCC is already located into our APT cache.

$ apt-cache search --names-only ^gcc$

search-cache

As you can see, the GCC package is directly available with my default local repositories.

Installing software found in the cache

When the package is directly available in default repositories, you can install it by running the “apt-get” command with the “install” option.

Note : you will need sudo privileges in order to install new packages on your system.
$ sudo apt-get install gcc

You may also be asked if you accept to install this package on your system.

Hit “Y” whenever you are prompted with this question.

Installing software found in the cache

Shortly after, your program should be install and usable.

In order to verify that the command was correctly installed, you can run the “whereis” command.

$ whereis gcc

whereis-gcc

Awesome, you have correctly installed the GCC compiler on your system!

Installing software unavailable in the cache

In some cases, you may want to install software that is not directly stored into your APT cache.

For this section, we are going to install Grafana, an open-source dashboarding that is not directly available in the default packages.

Note : this is not a tutorial dedicated to Grafana, this part will only cover commands related to APT.

First, we need to make sure that the package is not already contained in our APT cache.

$ apt-cache search --names-only ^grafana$
<empty>

In this case, no default packages are installed for Grafana, we need to add it by ourselves.

Adding custom APT repositories

In order to add custom APT repositories, you need to understand the APT sources directory structure.

By default, repositories are stored into the “/etc/apt” folder.

$ ls -l /etc/apt

Adding custom APT repositories etc-apt

In this directory, you have multiple entries :

  • apt.conf.d : the APT configuration folders containing configuration files in order to configure proxies for example;
  • auth.conf.d : can be used in order to store authentication details related to proxies;
  • preferences.d : can be used in order to set priorities to specific repositories or packages;
  • sources. list : contains the default set of repositories for your distribution;
  • sources.list.d : a directory that may contain custom APT repositories;
  • trusted.gpg.d : a set of GPG keys that you trust in order to certify download authenticity.

The “sources.list” is already filled with default repositories, so we may not want to modify this file.

sources-list-2

Instead, we are going to add a custom repository to the sources.list.d directory.

$ sudo touch /etc/apt/sources.list.d/custom.list

In this newly created file, add one entry for the custom repository you want to install.

$ sudo nano /etc/apt/sources.list.d/custom.list

deb https://packages.grafana.com/oss/deb stable main

In order to install packages securely, you may have to import GPG keys.

$ sudo wget -q -O https://packages.grafana.com/gpg.key | sudo apt-key add -
OK
Note : you may not have to add a GPG key for every package but it guarantees that the package is installed securely.

Now that your repository was correctly added, update your APT cache in order for the changes to be applied.

$ sudo apt-get update

apt-get-update (1)

Now, if you search for your package, you should be able to find it.

$ sudo apt-cache show grafana

As a consequence, you are now ready to install your package.

To install your package, simply run the “apt-get” command with the “install” option.

$ sudo apt-get install grafana

Awesome!

Now your package is successfully installed.

As you can see, installing custom software is quite different from installing software available in the cache : you have to add custom repositories and eventually add GPG keys.

Now that you know how to install packages, let’s see how you can uninstall them.

Uninstalling packages with APT

When uninstalling packages using the APT package manager, you essentially have two options : remove or purge.

Removing packages using apt-get remove

The first way to uninstall package is to use the apt-get remove command.

$ sudo apt-get remove <package>

Using the grafana package we installed earlier, this would give

$ sudo apt-get remove grafana

So why would we need a purge function?

When using apt-get remove, the packages are removed but the files associated to the package are left intact.

To see it, try listing the files associated to a package on your system using the dpkg command.

$ dpkg -L <package>

dpkg-list

As you can see, configuration files are still there, that’s why you need to use the purge command.

Purging packages using apt-get purge

In order to use the purge command, simply execute “apt-get” with the “purge” option.

$ sudo apt-get purge <package>

Now if you try to see files associated with your package, you won’t be able to find any of them.

$ dpkg -L <package>
<empty>

Removing dependencies with autoremove

As you probably understood it, the point of using APT is that it retrieves package dependencies for you and install them correctly.

As a consequence, whenever you install new packages, you have the risk of leaving dangling dependencies on your system.

In order to remove dangling dependencies (i.e dependencies not used anymore), you have to use the autoremove option.

You can either do it while uninstalling a package

$ sudo apt-get autoremove <package>

Or you can do it after by executing the autoremove option with no arguments at all.

$ sudo apt-get autoremove

Conclusion

In this long tutorial, you learnt how you can install and uninstall packages using the APT package manager.

You also learnt more about the origins of Open Source Software, where it comes from and how the GNU/Linux operating system emerged from standard Unix operating systems.

If you are interested about Linux system administration, we have a complete section dedicated to it on the website, so make sure to check it out.

How To Archive and Compress Files on Linux

As a system administrator, you may have downloaded some archives that you need to extract in order to reveal their files.

You may be also backing up an entire database made of a wide variety of small files that you want to aggregate in one single archive.

Archiving and compressing files are common operations in the Unix world, done by system administrators on a very regular basis.

Luckily for you, Linux exposes a set of different commands in order to archive, compress, uncompress and extract files from an archive.

In this tutorial, you will learn more about the tar command as well as the different compression methods that can be used in order to save space on Linux.

Ready?

Archive files on Linux using tar

Tar is a very popular command among system administrators.

Sometimes referred as tarball, tar was historically used to write data to devices that did not have file systems at the time.

As a consequence, the tar command was introduced in 1979 in order to replace the “tp” program that was used back then.

Nowadays, the tar command is widely used in order to archive files (meaning putting files together in a single archive).

To archive files on Linux using tar, run “tar” with the “cvf” options.

$ tar -cvf archive.tar file1 file2 directory1 directory2

file1/
file2/
directory1/
directory2/

In this case, we used three different options :

  • -c : for create archive, a pretty self-explanatory option if you want to create a new archive made from the files selected;
  • -v : for verbose, this is the reason why the command displays the files added to the archive when executing it;
  • -f : for file, this option is used in order to specify the filename of the archive we want to create (in this case archive.tar)

Those options are probably the most important options for archiving files on Linux.

When running the tar command with the “-f” flag, a new archive was created in your current working directory.

$ ls -l
total 20
-rw-rw-r-- 1 schkn schkn 10240 Nov  9 10:41 archive.tar
drwxrwxr-x 2 schkn schkn  4096 Nov  9 10:41 directory1
drwxrwxr-x 2 schkn schkn  4096 Nov  9 10:41 directory2
-rw-rw-r-- 1 schkn schkn     0 Nov  9 10:41 file1
-rw-rw-r-- 1 schkn schkn     0 Nov  9 10:41 file2

As you can see, the size of the archive is bigger than the sum of the files in it.

Why?

Creating a tar archive does not simply put files and directories in a big box : an archive is also a special file made of special file headers that may take a substantial amount of space.

As a consequence, your archive is way bigger than the sum of the files in it.

This is a very important fact because we are able to understand that archiving files does not mean that your files are compressed in it.

In order to compress files when archiving, you need to provide other options to the tar command.

File compression will be explained in the next chapters.

Extract files using tar on Linux

Now that you have created an archive file, you may want to extract the files located in your archive.

To extract files using the tar command, append the “-x” option instead of the initial “-c” option.

$ tar -xvf archive.tar

file1
file2
directory1/
directory2/

Note that extracting your files does not mean that the archive will be deleted from your current working directory.

$ ls -l

total 28
-rw-rw-r-- 1 schkn schkn 10240 Nov  9 12:01 archive.tar
drwxrwxr-x 2 schkn schkn  4096 Nov  9 10:41 directory1
drwxrwxr-x 2 schkn schkn  4096 Nov  9 10:41 directory2
-rw-rw-r-- 1 schkn schkn     0 Nov  9 12:00 file1
-rw-rw-r-- 1 schkn schkn     0 Nov  9 10:41 file2

When extracting files on Linux, there a little gotcha that you need to be aware of.

If a file on the current working directory has the same name as a file inside the archive, the content of the file in the working directory will be replaced with the one from the archive.

In order to illustrate it, add some content to one of your file, extract your files and re-inspect the content of your file again.

$ echo "Added some content to the file" > file1

$ tar -xvf archive.tar

$ cat file1
<empty>

Comparing local files with archive files

In order to prevent data to be erased during the process, the tar command can compare files located in your current working directory with files in your archive.

Back to the example we discussed earlier, let’s add some content back to the “file1” file.

$ echo "Added some content to the file" > file1

In order to compare files with tar, use the “-d” option.

$ tar -dvf archive.tar

file1
file1: Mod time differs
file1: Size differs
file2
directory1/
directory2/

As you can see, tar will compare timestamps and more specifically the latest modification date of the file.

If the modification date of the local file is more recent than the one from the archive file, the tar command will display a notice showing that the modification time differs.

Similarly, tar can inspect file sizes and highlight size differences between your files.

In order to avoid erasing your files, you can use the star command which is a great alternative to the existing tar command.

Prevent file overwriting using star

By default, the star utility might not be installed on your system.

In order to install the star utility, run the YUM utility

$ sudo yum install star

Then, in order to archive files with star, simply run “star” with the “-c” option.

$ star -c -f=archive.tar file1 file2

Then, you can use the gzip or gunzip utility in order to compress your new archive.

$ gzip archive.tar

As a consequence, the initial tar file will be transformed into a tar.gz archive.

Now if you were to create a file with the exact same name, the star utility would not overwrite it by default.

$ echo "This is some content" > file1

$ gzip -d archive.tar.gz

$ star -x -f=archive.tar
star: current 'file1' newer.
star: current 'file2' newer.
star: 1 blocks + 0 bytes (total of 10240 bytes = 10.00k).

$ cat file1
This is some content

Quite handy when you are afraid of losing your content!

Compressing files using gzip on Linux

Now that you have your tar archive ready, the next step is to compress it in order to reduce its size.

For that, we are first going to use the gzip utility.

By default, the gzip utility should be installed, but if this is not the case, make sure to install it depending on your distribution.

$ sudo apt-get install gzip

$ sudo yum install gzip

Now that gzip is installed, run “gzip” and pass the archive you just created as an argument.

$ gzip archive.tar

Running the gzip command will create a tar.gz file in the current working directory.

Most importantly, the initial tar file will be upgraded to a tar.gz so you won’t have the initial archive anymore.

$ ls -l
total 12
-rw-rw-r-- 1 schkn schkn  184 Nov  9 10:41 archive.tar.gz
drwxrwxr-x 2 schkn schkn 4096 Nov  9 10:41 directory1
drwxrwxr-x 2 schkn schkn 4096 Nov  9 10:41 directory2
-rw-rw-r-- 1 schkn schkn    0 Nov  9 10:41 file1
-rw-rw-r-- 1 schkn schkn    0 Nov  9 10:41 file2

As you can see, the file size was dramastically reduced from 10 Kb to a stunning 184 bytes, gzip reduced the filesize by over 98%.

However, if you don’t want to use the gzip utility, you can also compress files using the tar command with options.

Do you think it can improve the compression rate?

Compressing files on Linux using tar

As mentionned in the first section, the tar command can be used in order to archive and compress files in one line.

In order to compress files with tar, simply add the “-z” option to your current set of options.

$ tar -cvzf archive1.tar.gz file1 file2 directory1 directory2

Similarly to the first tar command that you have run, a new compressed archive file will be created in your current working directory.

To inspect files created, simply run the “ls” command again.

$ ls -l
total 28
-rw-rw-r-- 1 schkn schkn   184 Nov  9 10:41 archive.tar.gz
-rw-rw-r-- 1 schkn schkn   172 Nov  9 11:10 archive1.tar.gz
drwxrwxr-x 2 schkn schkn  4096 Nov  9 10:41 directory1
drwxrwxr-x 2 schkn schkn  4096 Nov  9 10:41 directory2
-rw-rw-r-- 1 schkn schkn     0 Nov  9 10:41 file1
-rw-rw-r-- 1 schkn schkn     0 Nov  9 10:41 file2

Now as you can see, the compressed archive created is slightly lighter than the one created with gzip.

Compressing files using bzip2

Most of the time, the gzip command is used in order to compress files or archives.

However, this is not historically the only compression method available in software engineering : you can also use bzip2.

The main difference between gzip and bzip2 is in the fact the gzip uses the LZ77 compression algorithm while bzip2 uses the Burrows-Wheeler algorithm.

Bzip2 is known to be quite slower than the gzip algorithm, however it can be handy in some cases to know how to compress using bzip2.

To compress files using bzip2, simply run “bzip2” with the filename that you want to compress.

$ bzip2 archive.tar

In order to decompress files compressed using bzip2, simply append the “-d” option to your command.

$ bzip -d archive.tar.bz2

Alternatively, you can create bz2 archives using the tar command and by specifying the “-j” option.

$ tar -cjf archive.tar.gz2 file1 file2

Using tar, you have the option to compress using a wide panel of different compression methods :

  • -j : compress a file using the bz2 compression method;
  • -J : uses the xz compression utility;
  • –lzip : uses the lzip compression utility;
  • –lzma : uses the lzma compression utility;
  • –lzop : uses lzop to compresss files
  • -z : equivalent to the gzip or gunzip utility.

Conclusion

In this tutorial, you learnt how you can archive and compress files using the tar utility on Linux.

You also learnt about the different compression methods available and how they can be used in order to reduce the size of your files and directories.

If you are curious about Linux system administration, we have a complete section dedicated to it on the website, so make sure to have a look.

How To Add Swap Space on Debian 10 Buster

This tutorial focuses on how to create swap space on Debian 10 via a swap file or a swap partition on your hard drive.

On a Linux system, it is very common to run out of memory, because you run too many programs, or because you run programs that are consuming too much memory.

As a consequence, if your RAM is full, you won’t be able to launch new programs on your computer.

You will have to manually shut down programs or tweak them to consume less memory.

There is however another way to virtually increase your memory : by using swap space.

In this tutorial, we are going to see how you can add swap space on Debian 10, either by creating a swap file or by creating a disk partition dedicated to swap.

Looking to add swap space on CentOS 8?

What is Swap Space on Debian?

Swap space is a space allocated to handle additional programs running when your RAM memory is full.

Let’s say that you have 4 GBs of RAM on your computer, and that 3 programs are already taking 3.5 GBs out of the 4 available.

What is Swap Space on Debian ram-1

If you are trying to run a program that is taking 1 GB on normal usage, you won’t be able to do it as you don’t have the space necessary for the program.

You could buy some RAM (which is expensive), or you could choose to create some swap space on your host.

When running your 1 GB program, your operating system (Linux here) will “move” or “swap” one of the programs to a dedicated part of your hard drive (your swap partition) and run your 1 GB program on the newly allocated space.

What is Swap Space on Debian ram-2

As you can imagine, the OS can switch programs from swap to RAM and vice versa.

The threshold to determine when programs should be switched from RAM to Swap is called the swappiness, but configuring ths swappiness will be reserved for another tutorial.

Now that you have some basics on what the swap space is and how the swap space works on Linux, let’s see on you can create some swap space on Debian 10.

Prerequisites

Sudo privileges

In order to add swap space on Debian 10 Buster, you need to have sudo privileges on your host.

Make sure this is the case by running the following command

$ sudo -v

If you are not getting any errors messages, you are good to go.

Checking existing swap partitions

In order to see existing swap partitions available on your host, run the following command

$ sudo swapon --show

If a partition is already existing, you should get at least one line as a result.

swap-show

As you can see, I already own a swap partition on my sda drive of size 8 GB.

As the current memory on my computer is sufficient, my host is not using swap at the moment.

If no swap spaces are configured on your system, this is the output that you should expect.

swap-show-2

Add Swap Space with a swap file

The first method to add swap space on Debian is to use a dedicated swap file.

Many tutorials are not specifying this detail, but swap files cannot contain any holes at all.

It means that you should not use the cp command to create your swap file.

It is also not recommended to use the fallocate commands on file systems that support preallocated files such as XFS and ext4.

As a consequence, you are going to use the dd command in order to add swap space on Debian.

add-swap-space-dd

In this case, we are going to create a 2 GB swap file.

Note : there are no performance improvements in using a swap file rather than creating a file partition. Swap files are just easier to manage because the file size can be easily adjusted. Changing the partition size for swap can be trickier than changing the file size.

a – Create a swapfile using dd

To add swap space, run the following command

$ sudo dd if=/dev/zero of=swapfile bs=1MiB count=$((2*2014))

Make sure that your swap file was created by issuing the following command.

$ ls -l swapfile

swap-2

b – Secure your swapfile with permissions

Swap files are only used by the operating system for memory optimization purposes.

As a consequence, it should not be modified by any users except for the root user.

Change the file permissions of your swapfile.

$ sudo chmod 600 /swapfile

c – Enable your swapfile

Now that your swapfile is secure, it is time to activate your swap space.

To enable swap space on Debian 10, run the following command.

$ sudo mkswap /swapfile

This is going to set the file as a swap file, setting the correct headers for the swapon binary.

mkswap

Now that the swapspace is correctly set, you can enable it.

$ sudo swapon /swapfile

To verify that your swap space is active, you can run the initial command with the –show flag.

$ sudo swapon --show

swapon-success

d – Make your swap space permanent

Similarly to the creation of filesystems, changes won’t be made permanent if you don’t append some changes to the fstab file.

If you leave it this way, your swap space will be erased at the next host reboot.

To make your swap space permanent, edit the /etc/fstab file and paste the following changes.

$ cd /etc/
$ sudo nano fstab

/swapfile none swap defaults 0 0

This configuration specifies that :

  • /swapfile: the name of the “swap filesystem” we are creating;
  • none: there is mount point for this filesystem
  • swap: the filesystem type used
  • defaults: the filesystem options, set as default for this example
  • 0: the dump option for the filesystem, as well as the pass option.

Save your file, and restart your changes to make sure that the changes are still effective.

$ sudo reboot
$ sudo swapon --show

Congratulations!

You successfully created swap space on Debian 10 using a swap file.

Add Swap Space with a swap partition

Another way to add swap space on Debian is to create a dedicated swap partition.

If you run the initial Debian 10 installation, there is a high chance that some swap partition is already created on your system.

However for this tutorial, we are going to start from scratch and create our own swap partition.

a – Create a swap space partition with fdisk

To have a look at the existing partitions on your host, run the following command

$ sudo fdisk -l

list-partition-1

As you can see, I already own a ext4 primary partition and a second partition that is not currently used.

We are going to add a swap partition as an extended or logical partition on sda.

Run the fdisk utility, and create a new partition on the hard drive that you want (sda in my case)

$ sudo fdisk /dev/sda

Welcome to fdisk (util-linux 2.30.1).
Changes will remain in memory only, until you decide to write them.
Be careful before using the write command.

Command (m for help): n

Run the “n” command to add a new partition to your disk.

Note : if your host is running out of primary partitions, you can add swap space within an extended partition.
All space for primary partitions is in use
Adding logical partition 5
First sector (48291898-65062911, default 48291840):

You can leave the first sector option as default by just pressing Enter.

On the next prompt, specify the size of your swap partition. In this case, I am going to use 2 GiB again.

Last sector, +/-sectors or +/-size{K,M,G,T,P} : +2G

Created a new partition 5 of type 'Linux' and of size 2 GiB.

As you can see, partitions are created with the Linux partition type by default.

This is not what we want, since we want to have a swap partition on our drive.

To change the partition type, run the “t” command in fdisk.

Command (m for help): t
Partition number (1,2,5, default 5): 5
Hex code (type L to list all codes): 82

On Linux, swap partitions have the partition type ID 82 in fdisk.

Hit Enter, and make sure that your partition type was correctly changed.

Changed type of partition 'Linux' to 'Linux swap / Solaris'

Don’t forget to write your changes to disk as fdisk does not directly write to disk unless you ask it do it.

To write on disk, run the “w” command in fdisk.

The partition table has been altered
Syncing disks.

Make sure that your swap partition was correctly added by running the fdisk command again.

list-partition-2

Now that your swap partition is created, it is time to enable it on our Debian 10 host.

b – Enabling your swap partition

First, make sure to run the mkswap for the swap headers to be correctly set on your partition.

$ sudo mkswap /dev/sda5

mkswap-2
Now that your headers are set, run the swapon command.

$ sudo swapon /dev/sda5

Similarly to the other method, make sure that your swap space was correctly created.

$ sudo swapon --show

swapon-show-2

c – Make your swap space permanent

In order to make your swap space permanent, it needs to be added to the fstab file.

First of all, get the UUID for your newly created partition.

$ sudo blkid

c – Make your swap space permanent blkid

Copy the UUID value, and edit your fstab to append the following changes.

$ sudo nano /etc/fstab

UUID=4c46c5af-3530-486b-aabe-abca2543edca   none   swap  defaults   0   0

Save your file, and restart your system to make sure that your changes are permanent.

$ sudo reboot
$ sudo swapon --show

swapon-show-3

Congratulations, you correctly created a swap partition using fdisk on Debian 10 Buster.

Remove swap partition on Debian

Removing swap partitions on Debian is pretty straightforward : first you need to use the command “swapoff” on the swap partition you are trying to remove.

If you are not sure about your current existing partitions, run a simple “blkid” command.

$ blkid 

$ sudo swapon /dev/sda5

Finally, edit your fstab and remove the entry associated with the swap partition.

$ sudo nano fstab

UUID=4c46c5af-3530-486b-aabe-abca2543edca   none   swap  defaults   0   0     <--- To be removed.

Troubleshooting

When adding swap space on Debian 10 Buster, you may run into the following error.

Troubleshooting

swapon: /swapfile: read swap header failed.

This error is happening when you don’t run the mkswap command before running the swapon command.

As a reminder, mkswap sets the header for the file or the partition to be used as swap space.

If you forget to run the mkswap command, Linux won’t be able to assign it as swap space on your host.

Location of swap file on Linux

By default, swap files are located into the “/proc/swaps” directory of your system.

~$ cat /proc/swaps
Filename                Type        Size    Used    Priority
/swapfile               file        1025101 0       -1

From there, you know that your swap file is located at your root directory.

Another way to get the location of your swap file is to inspect the fstab file.

$ cat /etc/fstab

/swapfile    none     swap    sw     0       0

Conclusion

Today, you learnt that there are two ways to add swap space on a Debian 10 host, by creating a swap file or by creating a swap partition with fdisk.

Source Command on Linux Explained

The source command on Linux is a pretty popular function run by system administrators daily.

But what is the function of the source command?

Used to refresh the current shell environment, the source command can also be used in order to import functions into other bash scripts or to run scripts into the current shell environment.

In today’s tutorial, we are going to see how the source command should be used on Linux.

The commands will be executed in a Debian 10 environment with GNOME, but they will work for every distribution.

Source command internals

Before starting, it is important to have a complete understanding of what environment and shell variables are.

By default, on Linux, your system already owns a couple of environment variables to store various information such as the shell to use, your hostname or your current username.

Environment variables are initialized by the system and are inherited by all processes on the system. As a consequence, when you are running a shell instance, you are to get the value of environment variables on your system.

$ echo $USER
devconnected

On the other hand, shell variables are variables declared within the context of a shell instance and they are not shared with other shells or with child processes.

$ VARIABLE=devconnected
$ echo $VARIABLE
devconnected

On Linux, when you execute a script, it is most likely executed in a subshell.

As a consequence, you won’t be able to have the variables defined in your first shell running in the script, they simply don’t share the same environment.

This is what the source command solves.

The source command is used in order to evaluate the file passed as an argument in the context of the current execution. Shortened as ‘.’, the source command is mostly used in the context of shells run in terminal windows.

$ source filename [arguments]

Note that when arguments are provided, they are set as positional parameters for the script specified.

Note : the source documentation is located inside the bash documentation. To read it, type “man bash” and search for the source command paragraph.

Source command internals source-documentation

Source to update your current shell environment (.bashrc)

One of the main reasons to use source is to refresh the current shell environment by running the bashrc file.

As a reminder, .bashrc is a script file executed whenever you launch an interactive shell instance.

It is defined on a per-user basis and it is located in your home directory.

Let’s say for example that you want to add a new alias to your shell environment.

Open your .bashrc file and a new entry to it.

alias ll='ls -l'

Now try to run your new alias command directly in the terminal.

alias

As you can see, the changes were not directly applied in your current environment.

For the changes to be applied, run the source command with the .bashrc file as an argument.

$ source ~/.bashrc

An alternative way to do it is to run it with the dot syntax

$ . ~/.bashrc

If you try to execute your alias again, you should be able to run it

alias-working

Source to execute a script in the current context

As explained before, the source command can be used to execute a script in the context of the current environment.

To illustrate this point, let’s define a local shell variable in your current shell environment.

$ VARIABLE=devconnected

Now, create a new script and paste the following content in it

#!/bin/bash

echo $VARIABLE
echo $LOGNAME

The VARIABLE variable represents the local shell variable we created before and the LOGNAME variable is an environment variable on your host.

Save your script and give execute permissions to your newly created script (you will need sudo privileges to execute this command)

$ sudo chmod ugo+x <script>

If you try to execute the script, you should see the following result

logname-1

As you can see, the $VARIABLE local variable was not printed to the standard output.

This is because the script was executed in a subshell having its own set of local variables. The environment variable was printed however.

In order to execute this script in the context of our current shell, we are going to use the source command.

source-script

As you can see, in this case, the $VARIABLE variable was correctly printed to the standard output.

Source to import a script function

One of the great features of the source command is to update a script function, allowing a greater reusability of your existing shell functions.

To illustrate this point, let’s take the example of a function that prints the current user to the standard output.

Create a new script file and paste the following content inside.

$ nano script

#!/bin/bash
# Print the current user to the standard output
printUser() {
   echo $USER
}

Create another script and use the source function in order to import your printUser function.

$ nano import-script

#!/bin/bash
source ./script
printUser

Assign the correct permissions to the file you want to execute. You don’t need to have the execute permissions for the file containing the function you want to import.

$ sudo chmod u+x import-script
$ ./import-script

This is what you should see on your screen.

source-function

As you can see, the function was correctly imported and executed, printing the name of the current user of my host.

Source to read variables from a file

Another great usage of the source command on Linux is to read variables from a file.

Let’s say for example that you have a file with the following content in a file named “variables

NAME=devconnected
WEBSITE=devconnected.com
DESCRIPTION="best educational website online"

In another script file, you would be able to use those variables by using the source command to read variables.

Create a script and paste the following content in it.

$ nano variable-script

#!/bin/bash
source ./variables
echo $NAME is a website located at $WEBSITE and it is probably the $DESCRIPTION

source-variable

Troubleshooting

In some cases, you may run into errors when trying to source your files using the source command.

Here is a list of the common errors when trying to source files.

Source command not found on Linux

In some cases, you may run into this error

$ source: command not found

Or using sudo, you might also have a source command not found error.

$ sudo: source: command not found

The easy fix here is to execute the command as the root user by using “su”.

$ sudo -s
$ source .bashrc

Note that you can also use the “dot syntax” which is an equivalent to the source command.

$ . .bashrc

Conclusion

In today’s tutorial, you learnt what is the source command on Linux and how you can use to execute scripts in the context of the current environment.

You also learnt that it can be used to import functions or variables from a simple file to a script file.

If you want more tutorials related to Linux system administration, we have a complete category dedicated to it on devconnected. Click on the image below to read them.

How To Change User Password on Debian 10

On Debian 10, users are able to change their password pretty easily.

It is also possible, if you have sudo rights, to change user passwords as well as to define rules for password change on the host.

In this tutorial, we are going to see how you can change the user password on Debian 10 through the command-line and the user interface if you are using a GNOME desktop.

Change User Password using passwd

The first way to change the user password is to use the passwd command.

$ passwd

Changing password for devconnected.
Current password:
New password:
Retype new password:
passwd: password updated successfully

If you type the same password, you are going to have a warning message saying

Password unchanged

Change Another User’s Password with passwd

Before running the passwd command, make sure that you have sudo rights on your Debian 10 host.

To check sudo rights quickly, run the sudo command and make sure that you have error messages.

$ sudo -v

If you have sudo rights, you can run the passwd command.

Note: when updating another’s user account, you are not forced to know the current user password. It is very handy if you want to restrict the access to a user.

$ sudo passwd <user>

New password:
Retype new password:
passwd: password updated successfully

Delete Another User’s Password with passwd

Sometimes you want to reset the user password, maybe because it has lost it or because the password has been compromised.

You can set the password for the user, or you can delete the existing password to make the account passwordless.

To delete another user’s password, run the following command

$ sudo passwd -d <user>
passwd: password expiry information changed

Now when logging via the GNOME user interface, you won’t be prompted with a password. The account will automatically be logged in.

Note: deleting a user password must be done under rare circumstances and the account should be updated quickly to set a secure and long password.

User data might be compromised if no passwords are set for the account.

Expire Another User’s Password with passwd

When setting a passwd on Debian, the password will never expire by default.

But sometimes, because you want to apply correct password policies, you may want to set an expiration time or to expire some accounts after a given time.

To expire another user’s password on Debian, run the following command

$ sudo passwd --expire <user>
passwd: password expiry information changed

Now when logging on the other user account, it should be prompted to change its password.

Expire Another User’s Password with passwd expire-user-password

Change your password on the GNOME desktop

If you are using Debian 10 with a GNOME desktop, you can modify your password via the user interface.

System administrators tend to use the command line to perform administrative operations, but nothing forces you to do it this way.

1. In the Activities search box, type “Settings” and open it.

Add a user using the GNOME desktop settings

2. In the Settings window, choose the “Details” option.

Change your password on the GNOME desktop details-1

3. Choose the “Users” option, and find the user you want to modify.

Change your password on the GNOME desktop users-window

4. Click on the password field. Specify your old password and change your password to a secure one.

Change your password on the GNOME desktop change-password-debian

Click on “Change” and your password should be changed. Make sure to log again to test your new password.

Troubleshooting

In some cases, you may run into some errors while changing your password on Debian 10.

Here is the list of the most common errors and their solutions.

Default root password on Debian 10

By default, there is no default password for the root account on Debian 10.

This is because the root account is locked by default and setting a root password will unlock the account.

If you forgot your root password, you will have to reset it by rebooting and starting a bash shell into the GRUB.

Forgotten password on Debian 10

If you forgot your password on Debian, you will have to reset your password using the passwd command.

If you are not the system administrator, you have to ask the admin to run the passwd command in order to reset your password and make it expire immediately.

If you are the system administrator, you can run the passwd yourself.

$ sudo passwd <user>

If you remember the root password, connect as root and change the user password over there.

$ su -

$ passwd <user>

Conclusion

With this tutorial, you learnt how to change user password on Debian 10 Buster.

Another method to authenticate on a server is to use SSH keys. Make sure to check this article if you are interested in logging with SSH keys on Debian 10.

I hope that you learnt something new today.

Until then, have fun, as always.

How To Install and Enable SSH Server on Debian 10

This tutorial focuses on setting up and configuring a SSH server on a Debian 10 minimal server

SSH, for Secure Shell, is a network protocol that is used in order to operate remote logins to distant machines within a local network or over Internet. SSH architectures typically includes a SSH server that is used by SSH clients to connect to the remote machine.

As a system administrator, it is very likely that you are using SSH on a daily basis to connect to remote machines across your network.

As a consequence, when new hosts are onboarded to your infrastructure, you may have to configure them to install and enable SSH on them.

In this tutorial, we are going to see how you can install and enable SSH, via OpenSSH, on a Debian 10 distributions.

Prerequisites

In order to install a SSH server on Debian 10, you will need to have sudo privileges on your host.

To check whether you have sudo privileges or not, run the following command

$ sudo -l

If you are seeing the following entries on your terminal, it means that you have elevated privileges

sudo

By default, the ssh utility should be installed on your host, even on minimal configurations.

In order to check the version of your SSH utility, you can run the following command

$ ssh -V

ssh-utility

As you can see, I am running OpenSSH v7.9 with OpenSSL v1.1.1.

Note that it does not mean that SSH servers are installed on my host, it just means that I may able to connect to remote machines as a client using the SSH utility.

It also mean that specific utilities related the SSH protocol (such as scp for example) or related to FTP servers (such as sftp) will be available on my host.

Installing OpenSSH Server on Debian 10

First of all, make sure that your packages are up to date by running an update command

$ sudo apt-get update

Installing OpenSSH Server on Debian 10 apt-get-update

In order to install a SSH server on Debian 10, run the following command

$ sudo apt-get install openssh-server

The command should run a complete installation process and it should set up all the necessary files for your SSH server.

If the installation was successful, you should now have a sshd service installed on your host.

To check your newly installed service, run the following command

$ sudo systemctl status sshd

Installing OpenSSH Server on Debian 10 sshd-service
By default, your SSH server is going to run on port 22.

This is the default port assigned for SSH communications. You can check if this is the case on your host by running the following netstat command

$ netstat -tulpn | grep 22

netstat 2

Great! Your SSH server is now up and running on your Debian 10 host.

Enabling SSH traffic on your firewall settings

If you are using UFW as a default firewall on your Debian 10 system, it is likely that you need to allow SSH connections on your host.

To enable SSH connections on your host, run the following command

$ sudo ufw allow ssh

ufw-allow

Enable SSH server on system boot

As you probably saw, your SSH server is now running as a service on your host.

It is also very likely that it is instructed to start at boot time.

To check whether your service is enable or not, you can run the following command

$ sudo systemctl list-unit-files | grep enabled | grep ssh

If no results are shown on your terminal, enable the service and run the command again

$ sudo systemctl enable ssh

Enable SSH server on system boot service-enabled

Configuring your SSH server on Debian

Before giving access to users through SSH, it is important to have a set of secure settings to avoid being attacked, especially if your server is running as an online VPS.

As we already saw in the past, SSH attacks are pretty common but they can be avoided if we change default settings available.

By default, your SSH configuration files are located at /etc/ssh/

Configuring your SSH server on Debian ssh-config

In this directory, you are going to find many different configuration files, but the most important ones are :

  • ssh_config: defines SSH rules for clients. It means that it defines rules that are applied everytime you use SSH to connect to a remote host or to transfer files between hosts;
  • sshd_config: defines SSH rules for your SSH server. It is used for example to define the reachable SSH port or to deny specific users from communicating with your server.

We are obviously going to modify the server-wide part of our SSH setup as we are interested in configuring and securing our OpenSSH server.

Changing SSH default port

The first step towards running a secure SSH server is to change the default assigned by the OpenSSH server.

Edit your sshd_config configuration file and look for the following line.

#Port 22

Make sure to change your port to one that is not reserved for other protocols. I will choose 2222 in this case.

Changing SSH default port default-prot

When connecting to your host, if it not running on the default port, you are going to specify the SSH port yourself.

Please refer to the ‘Connecting to your SSH server’ section for further information.

Disabling Root Login on your SSH server

By default, root login is available on your SSH server.

It should obviously not be the case as it would be a complete disaster if hackers were to login as root on your server.

If by chance you disabled the root account in your Debian 10 installation, you can still configure your SSH server to refuse root login, in case you choose to re-enable your root login one day.

To disable root login on your SSH server, modify the following line

#PermitRootLogin

PermitRootLogin no

Disabling Root Login on your SSH server permitrootlogin

Configuring key-based SSH authentication

In SSH, there are two ways of connecting to your host : by using password authentication (what we are doing here), or having a set of SSH keys.

If you are curious about key-based SSH authentication on Debian 10, there is a tutorial available on the subject here.

Restarting your SSH server to apply changes

In order for the changes to be applied, restart your SSH service and make sure that it is correctly restarted

$ sudo systemctl restart sshd
$ sudo systemctl status sshd

Restarting your SSH server to apply changes status-ssh

Also, if you change the default port, make sure that the changes were correctly applied by running a simple netstat command

$ netstat -tulpn | grep 2222

Restarting your SSH server to apply changes 2222

Connecting to your SSH server

In order to connect to your SSH server, you are going to use the ssh command with the following syntax

$ ssh -p <port> <username>@<ip_address>

If you are connecting over a LAN network, make sure to get the local IP address of your machine with the following command

$ sudo ifconfig

Connecting to your SSH server ifconfig

For example, in order to connect to my own instance located at 127.0.0.1, I would run the following command

$ ssh -p 2222 <user>@127.0.0.1

You will be asked to provide your password and to certify that the authenticity of the server is correct.

Connecting to your SSH server ssh-localhost

Exiting your SSH server

In order to exit from your SSH server on Debian 10, you can hit Ctrl + D or type ‘logout’ and your connection will be terminated.

Exiting your SSH server logout-ssh

Disabling your SSH server

In order to disable your SSH server on Debian 10, run the following command

$ sudo systemctl stop sshd
$ sudo systemctl status sshd

Disabling your SSH server disable-ssh

From there, your SSH server won’t be accessible anymore.

Disabling your SSH server connection-refused

Troubleshooting

In some cases, you may run into many error messages when trying to setup a SSH server on Debian 10.

Here is the list of the common errors you might get during the setup.

Debian : SSH connection refused

Usually, you are getting this error because your firewall is not properly configured on Debian.

To solve “SSH connection refused” you have to double check your UFW firewall settings.

By default, Debian uses UFW as a default firewall, so you might want to check your firewall rules and see if SSH is correctly allowed.

$ sudo ufw status

Status: active
 
To                         Action      From
--                         ------      ----
22/tcp                     ALLOW       Anywhere

If you are using iptables, you can also have a check at your current IP rules with the iptables command.

$ sudo iptables -L -n

Chain INPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:ssh

If the rule is not set for SSH, you can set by running the iptables command again.

$ sudo iptables -I INPUT -p tcp -m tcp --dport 22 -j ACCEPT

Debian : SSH access denied

Sometimes, you may be denied the access to your SSH server with this error message “SSH access denied” on Debian.

To solve this issue, it depends on the authentication method you are using.

SSH password access denied

If you are using the password method, double check your password and make sure you are entering it correctly.

Also, it is possible to configure SSH servers to allow only a specific subset of users : if this is the case, make sure you belong to that list.

Finally, if you want to log-in as root, make sure that you modified the “PermitRootLogin” option in your “sshd_config” file.

#PermitRootLogin

PermitRootLogin yes

SSH key access denied

If you are using SSH keys for your SSH authentication, you may need to double check that the key is correctly located in the “authorized_keys” file.

If you are not sure about how to do it, follow our guide about SSH key authentication on Debian 10.

Debian : Unable to locate package openssh-server

For this one, you have to make sure that you have set correctly your APT repositories.

Add the following entry to your sources.list file and update your packages.

$ sudo nano /etc/apt/sources.list

deb http://ftp.us.debian.org/debian wheezy main

$ sudo apt-get update

Conclusion

In this tutorial, you learnt how you can install and configure a SSH server on Debian 10 hosts.

You also learnt about basic configuration options that need to be applied in order to run a secure and robust SSH server over a LAN or over Internet.

If you are curious about Linux system administration, we have a ton of tutorials on the subject in a dedicated category.

How To Change Root Password on CentOS 8

The root account is a special user account on Linux that has access to all files, all commands and that can pretty much do anything on a Linux server.

Most of the time, the root account is disabled, meaning that you cannot access it.

However, you may want to access the root account sometimes to perform specific tasks.

In this tutorial, we will learn how you can change the root password on CentOS 8 easily.

Prerequisites

In order to change the root password on CentOS 8, you need to have sudo privileges or to have the actual password of the root account.

$ sudo -l

User <user> may run the following commands on host-centos:
    (ALL : ALL) ALL

If this is the case, you should be able to change the root password.

If you installed CentOS 8 with the default settings, you may have chosen to lock the root account by default.

Please note that changing the root password will unlock the root account.

Change root password using passwd

The easiest way to change the root password on CentOS 8 is to run the passwd command.

$ sudo passwd

Changing password for user root.
New password:
Retype new password:
passwd: all authentication tokens updated successfully.

Alternatively, you can specify the root user account with the passwd command.

$ sudo passwd root
Recommendation : you should set a strong password for the root account. It should be at least 10 characters, with special characters, uppercase and lowercase letters.

Also, it should not contain any words that are easily found in a dictionary.

In order to connect as root on CentOS 8, use the “su” command without any arguments.

$ su -
Password:
[root@localhost ~]#

Change root password using passwd

Change root password using su

Alternatively, if you are not sudo you can still change the root password if you have the actual root password.

First, make sure to switch user to root by running the “su” command without any arguments.

$ su -
Password:
root@host-centos:~#

Now that you are connected as root, simply run the “passwd” command without any arguments.

$ passwd

Changing password for user root.
New password:
Retype new password:
passwd: all authentication tokens updated successfully.

You can now leave the root account by pressing “Ctrl +D”, you will be redirected your main user account.

Change root password using su su-root

Conclusion

In this quick tutorial, you learnt how you can change the root password on CentOS 8 : by using the passwd command or by connecting as root and changing your password.

Setting the root password can be quite useful if you plan on setting up a SSH server on CentOS 8 for example.

Using the root account can also be quite useful if you plan on adding and deleting users on your CentOS 8 server.

If you are interested in Linux system administration, we have a complete section dedicated to it on the website, so make sure to check it out.

How To Add and Delete Users on Debian 10 Buster

Adding and deleting users is one of the most basic tasks when starting from a fresh Debian 10 server.

Adding user can be quite useful. As your host grows, you want to add new users, assign them special permissions, like sudo rights for example.

In this tutorial, we are going all the ways to add and delete users on Debian 10 hosts.

Prerequisites

In order to add and delete users on Debian, you need to have sudo rights, or to belong to the sudo group.

If you are not sure about how to add a user to sudoers, make sure to check the tutorial we wrote about it.

To check your sudo rights, run the following command

$ sudo -v

If no error messages appear, you are good to go, otherwise ask your system administrator to provide you with sudo rights.

Adding a user using adduser

The first way to add users on Debian 10 is to use the adduser command.

The adduser command is very similar to the useradd command. However, it provides a more interactive way to add users on a Debian host.

Generally, it is preferred to use adduser rather than useradd (as recommended by the useradd man page itself)

To add a user, run this command

$ sudo adduser ricky

Adding user 'ricky'
Adding new group 'ricky' (1007)
Adding new user 'ricky' (1005) with group 'ricky'
Creating home directory '/home/ricky'
Copying files from '/etc/skel'

You will be asked to choose a password for the user

New password: <type your password>
Retype new password: <retype your password>
Changing the user information for ricky

Then you will be asked to specify some specific information about your new user.

You can leave some values blank if you want by pressing Enter.

Enter the new value, or press ENTER for the default
   Full Name []:
   Room Number []:
   Work Phone []:
   Home Phone []:
   Other []:

Finally, you will be asked if the information provided is correct. Simply press “Y” to add your new user.

Is the information correct? [Y/n] Y

Now that your user was created, you can add it to the sudo group.

Adding a user using useradd

$ sudo useradd <username>

To assign a password to the user, you can use the -p flag but it is not recommended as other users will be able to see the password.

To assign a password to a user, use the passwd command.

$ sudo passwd <username>

New password:
Retype new password:
passwd: password updated successfully

Add a user using the GNOME desktop

If you installed Debian 10 with GNOME, you can also create a user directly from the desktop environment.

In the Applications search bar, search for “Settings”.
Add a user using the GNOME desktop settingsIn the Settings window, find the “Details” option.

Add a user using the GNOME desktop

Click on “Details”, then click on “Users”.

Add a user using the GNOME desktop users

On the top right corner of the window, click on “Unlock”.

Add a user using the GNOME desktop unlock

Enter your password, and a “Add User” option should now appear in the panel.

Add a user using the GNOME desktop add-user

In the next window, choose what type of account you want for the user (either with sudo rights or not).

Fill the full name field, as well as the username field.

You can choose to assign a password now or you can let the user decide on its password on its next logon.

When you are done, simply click on “Add”.

gnome-add-user

Congratulations, your account was successfully created.

account

Check that your user was added

In order to check that your user was created on Linux, run the following command.

$ cat /etc/passwd | grep <user>
<user>:x:1005:1007:User,,,:/home/user:/bin/bash

If there are no entries for the user you just created, make sure to use the adduser command again.

Deleting a user using deluser

In order to delete a user on Debian 10, you have to use the deluser command.

$ sudo deluser <username>

To remove a user with its home directory, run the deluser command with the –remove-home parameter.

$ sudo deluser --remove-home <username>

Looking for files to backup/remove
Removing user 'user'
Warning: group 'user' has no more members.
Done.

To delete all the files associated with a user, use the –remove-all-files parameter.

$ sudo deluser --remove-all-files <username>

Deleting a sudo user with visudo

If you removed a sudo user on Debian, it is very likely that there is a remaining entry in your sudoers file.

To delete a user from the sudoers file, run visudo.

$ sudo visudo

Find the line corresponding to the user you just deleted, and remove this line.

<username>    ALL=(ALL:ALL) ALL

Save your file, and your user should not belong to the sudo group anymore.

Deleting a user using the GNOME Desktop

From the users panel we used to create a user before, find the “Remove user” option at the bottom of the window.
delete-account

Note : you need to unlock the panel to perform this operation.

When clicking on “Remove User”, you are asked if you want to keep the files owned by this user. In this case, I will choose to remove the files.

Deleting a user using the GNOME Desktop files

Troubleshooting

In some cases, you may have some error messages when trying to execute some of the commands above.

adduser : command not found on Debian

By default, the “adduser” command is located in the “/usr/sbin” folder of your system.

$ ls -l /usr/sbin/ | grep adduser
-rwxr-xr-x 1 root root    37322 Dec  5  2017 adduser

To solve this issue, you need to add “/usr/sbin” to your $PATH.

Edit your .bashrc file and add the following line

$ sudo nano ~/.bashrc

export PATH="$PATH:/usr/sbin/"

Source your bashrc file and try to run the adduser command again.

$ source ~/.bashrc

$ sudo adduser john
Adding user `john' ...
Adding new group `john' (1001) ...
Adding new user `john' (1001) with group `john' ...
Creating home directory `/home/john' ...
Copying files from `/etc/skel' ...

You solved the “adduser : command not found” problem on Debian 10.

Conclusion

As you can see, adding and deleting users on Debian 10 is pretty straightforward.

Now that your users are created, you can also set up SSH keys on Debian 10 for a seamless authentication.

How To Install and Enable SSH Server on CentOS 8

This tutorial focuses on setting up and configuring a SSH server on a CentOS 8 desktop environment.

SSH, for Secure Shell, is a network protocol that is used in order to operate remote logins to distant machines within a local network or over Internet.

In SSH architectures, you will typically find a SSH server that is used by SSH clients in order to perform remote commands or to manage distant machines.

As a power user, it is very likely that you may want to use SSH in order to connect to remote machines over your network.

As a consequence, when new hosts are onboarded to your infrastructure, you may have to configure them to install and enable SSH on them.

In this tutorial, we are going to see how you can install and enable SSH on CentOS 8 distributions.

We will also see how you can install OpenSSH to enable your SSH server on CentOS.

Prerequisites

In order to install a SSH server on CentOS 8, you will need to have sudo privileges on your server.

To check whether you have sudo privileges or not, run the following command

$ sudo -l

If you are seeing the following entries on your terminal, it means that you currently belong to the sudo group.

User user may run the following commands on server-centos:
    (ALL : ALL) ALL

By default, the ssh utility should be installed on your host, even on minimal configurations.

In order to check the version of your SSH utility, you can run the following command

$ ssh -V

ssh-v

As you can see, I am running OpenSSH v7.8 with OpenSSL v1.1.1.

Note that it does not mean that SSH servers are installed on my host, it just means that I may able to connect to remote machines as a client using the SSH utility.

It also mean that specific utilities related the SSH protocol (such as scp for example) or related to FTP servers (such as sftp) will be available on my host.

Handy!

Installing OpenSSH Server on CentOS 8

First of all, you have to make sure that your current packages are up to date for security purposes.

$ sudo yum update

If you are prompted with updates, simply press “y” in order to accept the updates on your system.

Installing OpenSSH Server on CentOS 8 update

In order to install a SSH server on CentOS 8, run the following command

$ sudo yum install openssh-server

The command should run a complete installation process and it should set up all the necessary files for your SSH server.

If the installation was successful, you should now have a sshd service installed on your host.

To check your newly installed service, run the following command

$ sudo systemctl status sshd

Installing OpenSSH Server on CentOS 8 sshd

Note that by default, your SSH server might not be started or enabled, you will have to do it by yourself.

You can start your SSH server by running the following command (you will see how to enable your SSH server in the next chapters)

$ sudo systemctl start sshd

By default, your SSH server is going to run on port 22.

This is the default port assigned for SSH communications.

You can check if this is the case on your host by running the following netstat command

$ netstat -tulpn | grep :22

netstat

Great! Your SSH server is now up and running on your CentOS 8 server.

Enabling SSH traffic on your firewall settings

By default, your firewall might not allow SSH connections by default.

As a consequence, you will have to modify your firewall rules in order to accept SSH.

To enable SSH traffic on your SSH server, use the firewall-cmd command in the following way

$ sudo firewall-cmd --permanent --zone=public --add-service=ssh
$ sudo firewall-cmd --reload

Make sure that the services are correctly authorized by running the following command

$ sudo firewall-cmd --list-all | grep services

services : cockpit dhcpv6-client http https ssh

Enable SSH server on system boot

As you probably saw, your SSH server is now running as a service on your host.

It is also very likely that it is instructed to start at boot time.

To check whether your service is enable or not, you can run the following command

$ sudo systemctl list-unit-files | grep enabled | grep ssh

If no results are shown on your terminal, enable the service and run the command again

$ sudo systemctl enable ssh

Enable SSH server on system boot enabled

Configuring your SSH server on CentOS 8

Before giving access to users through SSH, it is important to have a set of secure settings to avoid being attacked, especially if your server is running as an online VPS.

SSH attacks are pretty common : as a consequence, you have to configure your SSH server properly if you don’t want to lose any very sensitive information.

By default, your SSH configuration files are located at /etc/ssh/

Configuring your SSH server on CentOS 8 config

In this directory, you are going to find many different configuration files, but the most important ones are :

  • ssh_config: defines SSH rules for clients. It means that it defines rules that are applied everytime you use SSH to connect to a remote host or to transfer files between hosts;
  • sshd_config: defines SSH rules for your SSH server. It is used for example to define the reachable SSH port or to deny specific users from communicating with your server.

In this tutorial, we will modify the sshd_config file as we are interested in setting up a SSH server, not configuring the SSH clients.

Disabling Root Login on your SSH server

By default, root login is available on your SSH server.

It should obviously not be the case as it would be a complete disaster if hackers were to login as root on your server.

If by chance you disabled the root account in your CentOS 8 initial installation, you can still configure your SSH server to refuse root login, in case you choose to re-enable your root login one day.

To disable root login on your SSH server, modify the following line

#PermitRootLogin

PermitRootLogin no

Disabling Root Login on your SSH server permitroot

Changing SSH default port

The first step towards running a secure SSH server is to change the default assigned by the OpenSSH server.

Edit your sshd_config configuration file and look for the following line.

#Port 22

Make sure to change your port to one that is not reserved for other protocols. I will choose 2222 in this case.

Changing SSH default port

When connecting to your host, if it not running on the default port, you are going to specify the SSH port yourself.

Now that you have changed the default port, you will need to configure SELinux in order to change the default SSH port.

If you don’t do this step, you won’t be able to restart your SSH server.

$ sudo semanage port -a -t ssh_port_t -p tcp 2222

$ sudo systemctl restart sshd

Please refer to the ‘Connecting to your SSH server’ section for further information.

Configuring key-based SSH authentication

In SSH, there are two ways of connecting to your host : by using password authentication (what we are doing here), or having a set of SSH keys.

So why would you want to configure SSH authentication?

SSH authentication can be used in order to bypass password authentication and to authenticate without having to enter any sensitive information like a password.

Linux will simply take public keys that you already configured, send them to the server that will be responsible for verifying their integrity.

If you are looking for an example, there is a guide on how to setup SSH keys on Debian and the steps should be the same for CentOS distributions.

Restarting your SSH server to apply changes

In order for the changes to be applied, restart your SSH service and make sure that it is correctly restarted

$ sudo systemctl restart sshd
$ sudo systemctl status sshd

Restarting your SSH server to apply changes

Connecting to your SSH server

In order to connect to your SSH server, you are going to use the ssh command with the following syntax

$ ssh -p <port> <username>@<ip_address>

If you are connecting over a LAN network, make sure to get the local IP address of your machine with the following command

$ sudo ifconfig

Alternatively, you can get your local IP address by using the hostnamectl command.

$ hostname -I | awk '{print $1}'

Connecting to your SSH server hostname

For example, in order to connect to my own instance located at 127.0.0.1, I would run the following command

$ ssh -p 2222 <user>@<ip_address>

You will be asked to provide your password and to certify that the authenticity of the server is correct.

Connecting to your SSH server ssh-centos

Disabling your SSH server

In order to disable your SSH server on CentOS 8, run the following command

$ sudo systemctl stop sshd
$ sudo systemctl status sshd

Disabling your SSH server stop-server

From there, your SSH server won’t be accessible anymore.

ssh-connection-refused

Exiting your SSH server

In order to exit from your SSH server on CentOS 8, you can hit Ctrl + D or type ‘logout’ and your connection will be terminated.

Exiting your SSH server logout

Conclusion

In this tutorial, you learnt how you can install, enable, configure and restart your SSH server on CentOS 8.

Note that this tutorial also works for RHEL 8 distributions in the exact same way.

With this tutorial, you also learnt how you can configure your SSH server in order for it to be robust enough for basic attacks.

If you are interested in Linux system administration, we encourage you to have a look at our other tutorials on the subject.

Command Not Found in Bash Fixed

Every system administrator got this error at least one time in a shell : “bash : command not found“.

However, you were pretty sure that you wrote the command correctly, or that you installed the tool that you are actually trying to execute.

So why are you getting this error?

The “bash : command not found” error can happen for various reasons when running commands in a Bash terminal.

Today, we are taking a look at the different ways to solve the “command not found” error in Bash.

Bash & PATH concepts

Before starting out with the solution, it is important to have a few concepts about what the PATH environment variable is and how it is related to the commands you run.

PATH is an environment variable that lists the different directories that your bash terminal will visit in order to find utilities on your system.

To have a look at your PATH environment variable, simply use the “echo” command with the PATH variable.

$ echo $PATH

/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/snap/bin

As you can see, PATH is defined by a list of different system paths delimited by colons.

They are the different paths visited by my interpreter in order to run commands.

If I were to remove an entry from the PATH, or remove the PATH all together, you would not be able to run commands in the bash without specifying the entire path to the binary.

It is an important point to understand because not being able to run a command does not mean that your binary was deleted on the system.

Now that you understand how environment variables are related to your bash interpreter, let’s see how you can solve your error.

Verify that the file exists on the system

The first step to solve this error is to verify that the command you are looking for actually exist on the system.

There are really no points going further if you mispelled the command or if you didn’t install it at all.

Let’s say for example that you cannot run the “ls” command.

Verify that the binary actually exists by searching for the binary on the system.

$ /usr/bin/find / -name ls 2> /dev/null

/bin/ls
/usr/lib/klibc/bin/ls

With the find command, you are able to locate the binary along with the directory where it is stored.

It is quite important because we will need to add this path to our PATH environment variable later on.

Verify your PATH environment variable

Most of the time, you will run into the “bash : command not found” after changing your PATH environment in order to add new entries.

First, verify that the path you searched for before is listed in your PATH environment variable.

$ echo $PATH

/home/user/custom:/home/user

As you can see here, the “/bin” directory is not listed in my PATH environment variable.

By default, the PATH is defined in the “/etc/environment” file for all the users on the system.

If your PATH environment variable is different from the one defined in the environment file, it is because you have overriden the PATH.

Now that you have two choices : either you know where you exported the PATH variable or you don’t.

Fixing your profile scripts : bashrc, bash_profile

In most of the cases, you modified the .bashrc or the .bash_profile file in order to add your PATH override.

To search where you exported your PATH, run the following command

$ /usr/bin/grep -rn --color "export PATH" ~/. 2> /dev/null

./.bashrc:121:export PATH="/home/devconnected"

This command returns the file where the PATH was exported as well as the line number.

Edit this file and add the path from the first section to the export statement.

$ nano /home/user/.bashrc

export PATH="/home/devconnected:/bin"

Save your file and exit the nano editor.

For the changes to be applied, you will have to source your current bash terminal.

This will ensure that the .bashrc file is executed again in the current shell terminal.

$ source .bashrc
Why can you execute source without having to specify the full path?

Because “source” is a shell built-in command.

Try executing “builtin source .bashrc” for example

Now, you can try to execute the command you failed to execute before.

$ ls

file  devconnected  file2  directory1  swap file3

Awesome!

You fixed the “bash : command not found” error on Linux!

Reset the PATH environment variable properly

Even if you solve your issue, you will have to define your PATH environment variable properly if you don’t want to modify your bashrc file all the time.

First, have a look at the PATH variable defined in the “/etc/environment” file.

$ cat /etc/environment

PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games"

In order to reset your PATH environment variable on your environment, export the PATH defined in the environment file.

$ export=PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games"

Now, modify your .bashrc file but use the $PATH syntax in order to append your paths to the existing PATH variable.

$ sudo nano ~/.bashrc

export PATH="$PATH:/home/devconnected"

Exit the file and source your bashrc file for the changes to be applied.

$ source ~/.bashrc

$ echo $PATH

/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/home/devconnected

Awesome!

You have successfully resetted your PATH environment variable, you should not get the “bash : command not found” error anymore.

Execute the command as sudo

In some cases, your PATH environment variable may be perfectly configured but you will have to execute the command as sudo.

You may get this error or just a simple “permission denied” error.

In any cases, first make sure that you have sudo rights with the sudo command.

$ sudo -l

User user may run the following commands on ubuntu:
    (ALL : ALL) ALL

If this is the case, you should be able to execute your command as sudo.

$ sudo <command>

Congratulations!

You have solved the “bash : command not found” error on your system.

Verify that the package is correctly installed

In some cases, you think that your command is installed but you didn’t install the command to begin with.

Let’s say for example that you are looking to run the “htop” command but you are not able to do it.

$ htop

bash : Command 'htop' not found

To verify if the command is correctly installed, depending on your distribution, run the following commands.

$ dkpg -s htop     [Ubuntu/Debian]

dpkg-query: package 'htop' is not installed and no information is available
Use dpkg --info (= dpkg-deb --info) to examine archive files,
and dpkg --contents (= dpkg-deb --contents) to list their contents.

$ rpm -qa | grep htop    [CentOS/RHEL]

In any case, you will have to install the command if you want to run it properly.

$ sudo apt-get install htop   [Ubuntu/Debian]

$ sudo yum install htop       [CentOS/RHEL]

Now you can try to run the command that was missing.

$ htop

Conclusion

In this tutorial, you learnt how you can solve the famous “bash : command not found” error that many system administrators encounter every day.

If you solve your issue with a solution that is not described in the article, make sure to leave a comment in order to help other administrators.

If you are interested in Linux system administration, we have a complete section dedicated to it on the website, so make sure to have a look.