Transcript from the "Exercise 12: Setting up your server" Lesson
>> Jem: So now let's set up our server. First thing we want to do, we wanna update all the software on the server. Usually when you install a brand new droplet it's up to date. But let's keep it up to date just in case. We always want to make sure this runs regularly.
[00:00:14] So I'm gonna say apt-get update.
>> Jem: And it's just gonna check all the packages, kind of the core things. Probably not much to update. But it's always good to go and locate that or go ahead and run that on any new computer. And on my personal site, I have this run on a regular job that just updates once a week or so, just to keep it up to date.
>> Jem: Okay, so right now, there's a problem. We're running as root. Root is the ultimate gatekeeper, person in charge, bouncer, they have all the commands. They can run everything and the server will never ask them, are you sure want to do this? Because if you're doing something as root, you should know what you're doing.
[00:01:12] So we don't want to do that. We're going to add a new user, that has way less permissions. So just in case, well, it keeps you from shooting yourself in the foot, so [LAUGH]. And pro tip, never, never run anything as root unless you absolutely have to. Because the system will not tell you when you're about to do something stupid.
[00:01:31] So let's go ahead and add a user. Yes?
>> Speaker 2: You said do the update, do they have to do upgrade too to actually install them?
>> Jem: No, you can just do apt-get update.
>> Speaker 2: Okay. And then are there any risks of automatically doing apt-get upgrade or update? I don't know if that was a typo.
>> Jem: There are, the one danger of using the apt-get repository is that it's a little behind. Because Ubuntu, the foundation, I believe it's Canonical, they verify all the packages are all stable and working correctly. So it's always gonna be a little bit behind of what the actual repositories are.
[00:02:09] So when we install Node later, it probably won't be the latest version of Node, but it's gonna be the latest stable version that they're comfortable with, which is why I generally use apt-get. But you're always free to install your own software on your own server. But again, once you go off that path, you're on your own if something breaks.
>> Jem: Let's see, Nick asked, could you explain a little more when using our .pub key versus the private key. It looked like we use the public key when creating the droplet and private key to log in. Yes, great question. And let us jump back to my awesome diagram.
[00:02:50] So, again, with the public key, public private key authentication, the public key always lives on the server. That is, you're free to distribute, you're free to hand out. You put it on GitHub, you put it on Digital Ocean, the public key can go anywhere. It's not a big deal if that gets out.
[00:03:06] The private key has to stay on your computer. Because, again, all your messages are encrypted using that public key, and only your private key can unlock those messages, can decode that. Hopefully, Nick, that helps a little bit. And remember, if you're using public key, it's .pub. The private key does not have an extension on it, and it's a much larger file.
>> Jem: And let's jump back.
>> Jem: Okay, so we're gonna add a user now. Because, again, we don't wanna run things as root. We wanna stay off root. As quickly as possible, we want to jump off there. So we're going to add a user. So in your command line, type adduser where username is whatever you want.
[00:03:55] I'm going to be Jem on my server, but pick whatever you want. Just not root, obviously.
>> Speaker 2: With the dollar sign?
>> Jem: No, sorry. If you see dollar sign, that is a placeholder. So in my instance, I'm gonna say. Let's go ahead and clear this. adduser jem.
>> Jem: And I'll give it a password.
[00:04:23] Re-enter that password. You can skip all of this, steps. You can tell [LAUGH] Linux is an old system, Room Number, Work Phone, things like that. Just hit Enter. Now you're good. Okay, so I'll do that one more time, I'll add a different user. So adduser, I don't know, jem2, I'm not very creative.
[00:04:49] And I'll give it a password.
>> Jem: And you just hit Enter, Enter, and now you have two users.
>> Jem: Okay, so far, we're taking baby steps.
>> Jem: So next, so I have a user now, but the user has no permissions. They have permission to work in their own directory, but that's it.
[00:05:14] We need to give our user permission to do things as sudo, as sudo, the super user. So not Tamer, can anyone tell me what sudo stands for? Anybody? I even said it.
>> Speaker 2: Didn't you just say super user?
>> Jem: Yes, but what does sudo stand for though?
>> Speaker 2: Super user do.
>> Jem: Exactly, yes. Super user do, that's what sudo stands for. I don't know, yeah. There's lots of little jokes built into Linux, they had a lot of free time back in the day. But sudo just means super user do. And super user, of course, is root. That is a super user.
[00:05:52] So we wanna give our user we just created the ability to do things as root when necessary, but not all the time. So we're gonna add it to the user group sudo. It's actually called the sudoers group, super user doers [LAUGH]. So, say usermod -a, for add it, adding it to a group, capital G.
[00:06:18] Sudo, which is a group of super users. And then just put in your username that you just created. So in my case, it's Jem.
>> Jem: Yes?
>> Speaker 2: Just a quick question, my understanding of like sudo is that it lets you do things as root. So then how is it any different than us just running around as root?
[00:06:38] Or is it just that if we're in sudo, it'll ask us, it'll say, hey, you're about to do something that makes you root, are you sure you want to proceed?
>> Jem: Yes. Fantastic question, and that's actually the next part, I think. Yes, okay. I will answer you in 30 seconds.
[00:06:55] So now, let's switch to that user. So I can say su for switch user to jem. And my shell's gonna look a little different now, because I just switched out of root. And another pro tip, if you're ever in root, it's gonna be this hash right here. The hash invariably means you're in root and you generally don't wanna see that.
[00:07:18] So I'll switch back to that. Switch user, su, so now I'm jem. I can cd to my home directory. So, how do I check if I have sudo command? Let's just do a basic, let's look at a log file. And to look at a log file, you need sudo permission.
[00:07:36] So if I say cat, cat is just a way of displaying a file name. So I say /var, why is it so slow? Log, and let's look at the auth log. I don't have permission to look at that, because only a superuser can look at the log. Why is that?
[00:07:57] Because if you're using something like password authentication, which you shouldn't, you'll see passwords in plain text often in the auth log, which is why you need superuser permission to look at it. So to make sure that we have super user permission, I'll just say sudo cat /var/log/auth.log. I put in my password, and I can see the auth.log now.
[00:08:23] So to answer your question, if you're doing something dangerous that the system says, hey, should you really be doing this? You're doing something pretty advanced that you could actually break stuff. It's gonna make you sudo it. And it's just a failsafe to make sure, again, you don't shoot yourself in the foot and do something potentially dangerous.
[00:08:41] So super shortcut pro tip, if you wanna, let's try this again. Permission denied, cuz I didn't sudo that command. If you want a short cut for that, sudo sudo will replay, the bang will replay your history. The bang is gonna execute it. So sudo will execute that last command as the super user.
[00:09:03] It's a nice shortcut, because I do that all the time where I'm like aah, and I don't want to type in sudo /var. That's silly, so sudo bang bang will replay that as sudo.
>> Speaker 2: So you said we're not in sudo if we don't have the pound, the hash.
>> Jem: Right.
>> Speaker 3: Do you see the hash right now?
>> Speaker 2: No, but I think I see the cat /var/log, so I'm just confused.
>> Jem: You shouldn't. The default permissions are set to the logs that a non-sudoer can't see those. So it's very strange.
>> Speaker 2: So how do we get off of sudo again?
>> Jem: Switch user, su. su your user name. I wonder if I could switch to my own user from myself, yes I can. Don't know why I would, but you can. And to exit out of this user, I can just say exit. And because I was already in my other user, I just create another instance.
[00:10:04] I exit again. I'm back at root. And if I exit one more time, I'm off my server. So we learned log in to the server as root.
>> Jem: And I can switch my user. Okay, so now let's just test to see, can I log into the server as the user I just created?
[00:10:28] So let's go ahead and exit.
>> Jem: Exit again.
>> Jem: Cuz I'm lazy.
>> Jem: So now when you SSH in to your server, so back on your computer. We're back on our home computer. You should be able to SSH into as user name at your IP address. Type in the password that you created when you created that user.
[00:11:04] And now, you're logged in as the user. Everybody with me so far? I see people nodding, cool. All right, this is good.
>> Jem: Okay, everybody watching live, if I'm going too fast, Just tell me and I will pause for a minute or two. Just to get everybody caught up.
[00:11:27] Cuz we're gonna kinda pick up speed a little bit.
>> Jem: Okay, just go back to the set up, switch user, to make sure that the user has sudo access. So sudo cat /var/log. There's a lot of ways to test sudo access, but just the quickest way that I always use.
[00:11:48] And the exit, just exit, and then exit. We're almost there.
>> Speaker 2: [INAUDIBLE] one more time, please?
>> Jem: Okay, I'll go over it one more time. So we created the server. We updated our software.
>> Jem: We created a new user. So adduser whatever your username you want it to be.
[00:12:13] In my case, it's Jem. I added that user to the sudoers group. So usermod -aG sudo the username. We switch to that user, so su $USERNAME, so in my case su jem. And then we just test it to make sure that that user we created has sudo access.
>> Jem: And we exit,