Customizing Linux Servers

ServiceAdmin,Mgmt,Admin

This page will show you how to customize certain aspects of a Linux server, that you want to run applications on or use it in production in some way.

In most cases it is sufficient to apply minor changes to a standard system to make it work as intended.

You may also have a look at Customizing Linux Systems, which contains information on customizing also desktops or laptops, or even Managing Linux Clusters in case you have to customize and manage a bunch of machines.

Sudoers
Enable sudoers by adding certain users to the wheel group. Check resulting entry using getent group wheel

wheel:x:10:smith,jones
 * 1) getent group wheel

Edit the sudoers file /etc/sudoers like this to have the users allowed to sudo use their own passwords instead of root's. This way you can manage to get a root shell even if you should loose his password.

In the default (unmodified) configuration, sudo asks for the root password. #Defaults targetpw  # ask for the password of the target user i.e. root #ALL   ALL=(ALL) ALL   # WARNING! Only use this together with 'Defaults targetpw'! root ALL=(ALL) ALL %wheel ALL=(ALL) ALL
 * 1) This allows use of an ordinary user account for administration of a freshly
 * 2) installed system. When configuring sudo, delete the two
 * 3) following lines:
 * 1) Runas alias specification
 * 1) User privilege specification
 * 1) Uncomment to allow people in group wheel to run all commands
 * 1) Same thing without a password
 * 2) %wheel ALL=(ALL) NOPASSWD: ALL

Root Mails
To avoid a root mail sink you always should redirect mails for root to a dedicated administrative mail address or mailing list.

In case it is supported by your locally configured mail system you just need to append something like the following to your hosts /etc/aliases:

root: sysadmin@your.company
 * 1) customization for /etc/aliases
 * 2) send root mails to system administrators

After editing this file you must issue the newaliases command to reflect your changes to the system.

/etc/aliases: 41 aliases, longest 20 bytes, 489 bytes total
 * 1) newaliases

NTP
To make NTP use dedicated NTP servers add them to /etc/nftp.conf:

## ## server ntps1.gwdg.de server ntps2.gwdg.de server ntps3.gwdg.de
 * 1) Outside source of synchronized time
 * 1) server xx.xx.xx.xx           # IP address of server

Then have NTP set the date and time and configure NTP as a automated service:

Time synchronized with ntps1.gwdg.de
 * 1) rcntp ntptimeset

Shutting down network time protocol daemon (NTPD)                   done Starting network time protocol daemon (NTPD)                        done
 * 1) chkconfig ntp on
 * 2) rcntp restart