Administrasi sistem Linux adalah skill fundamental yang harus dikuasai oleh setiap pengguna Linux, terutama yang menggunakan Linux untuk server atau development. Artikel ini membahas dasar-dasar administrasi sistem dengan fokus pada user management dan permissions.
User Management
1. Membuat User Baru
# Membuat user baru
sudo adduser username
Atau dengan useradd (minimal)
sudo useradd -m username
Set password
sudo passwd username
Perbedaan adduser dan useradd:
– adduser: Interactive, user-friendly, membuat home directory dan setup default
– useradd: Low-level, minimal, memerlukan opsi tambahan
2. Membuat User dengan Home Directory
# Dengan home directory
sudo useradd -m -d /home/username -s /bin/bash username
-m: Create home directory
-d: Specify home directory path
-s: Specify default shell
3. Menambahkan User ke Groups
# Add user ke sudo group
sudo usermod -aG sudo username
Add ke multiple groups
sudo usermod -aG sudo,docker,www-data username
-a: Append (jangan lupa!)
-G: Secondary groups
4. Mengubah User Properties
# Ganti username
sudo usermod -l newname oldname
Ganti home directory
sudo usermod -d /new/home/dir -m username
Ganti shell
sudo usermod -s /bin/zsh username
Lock user
sudo usermod -L username
Unlock user
sudo usermod -U username
5. Menghapus User
# Hapus user (keep home directory)
sudo userdel username
Hapus user dan home directory
sudo userdel -r username
Hapus dengan force (jika user sedang login)
sudo userdel -f username
6. Melihat Informasi User
# List semua users
cat /etc/passwd
Cek user exists
id username
Detail user
finger username
atau:
getent passwd username
User yang sedang login
who
w
last
Group Management
1. Membuat Group
# Membuat group baru
sudo groupadd groupname
Dengan GID spesifik
sudo groupadd -g 1001 groupname
2. Mengubah Group
# Ganti nama group
sudo groupmod -n newname oldname
Ganti GID
sudo groupmod -g 1002 groupname
3. Menghapus Group
sudo groupdel groupname
4. Melihat Group Information
# List semua groups
cat /etc/group
Groups yang dimiliki user
groups username
Primary group
id -gn username
Semua groups
id username
File Permissions
1. Memahami Permission System
Struktur permission: -rwxrwxrwx
Position: 1234567890
|---|---|---
| | |
| | +-- Others permissions
| +------- Group permissions
+------------ Owner permissions
Tipe file:
– -: Regular file
– d: Directory
– l: Symbolic link
– c: Character device
– b: Block device
Permission types:
– r (read): 4
– w (write): 2
– x (execute): 1
2. Mengubah Permissions dengan chmod
# Numeric mode
chmod 755 file.txt # rwxr-xr-x
chmod 644 file.txt # rw-r--r--
chmod 600 file.txt # rw-------
chmod 777 file.txt # rwxrwxrwx (avoid!)
Symbolic mode
chmod u+x file.txt # Add execute for owner
chmod g-w file.txt # Remove write for group
chmod o+r file.txt # Add read for others
chmod a=r file.txt # Set read-only for all
Recursive
chmod -R 755 directory/
3. Mengubah Ownership dengan chown
# Ganti owner
sudo chown user file.txt
Ganti group
sudo chown :group file.txt
Ganti owner dan group
sudo chown user:group file.txt
Recursive
sudo chown -R user:group directory/
Copy ownership dari file lain
sudo chown --reference=file1.txt file2.txt
4. Mengubah Group dengan chgrp
# Ganti group
sudo chgrp groupname file.txt
Recursive
sudo chgrp -R groupname directory/
Special Permissions
1. Setuid (Set User ID)
# Set setuid bit
chmod u+s /usr/bin/somebinary
Numeric: 4
chmod 4755 /usr/bin/somebinary
Check
ls -l /usr/bin/somebinary
Output: -rwsr-xr-x
2. Setgid (Set Group ID)
# Set setgid bit pada file
chmod g+s file.txt
Set setgid bit pada directory (new files inherit group)
chmod g+s directory/
Numeric: 2
chmod 2755 directory/
Check
ls -l directory/
Output: drwxr-sr-x
3. Sticky Bit
# Set sticky bit (hanya owner bisa delete file di directory)
chmod +t /tmp
Numeric: 1
chmod 1777 /tmp
Check
ls -ld /tmp
Output: drwxrwxrwt
Access Control Lists (ACL)
1. Install ACL
sudo apt install acl
2. Menggunakan setfacl
# Grant read+write untuk user spesifik
setfacl -m u:username:rw file.txt
Grant read+execute untuk group
setfacl -m g:groupname:rx directory/
Grant untuk everyone
setfacl -m o::r file.txt
Recursive
setfacl -R -m u:username:rwx directory/
Set default ACL untuk new files
setfacl -d -m u:username:rw directory/
3. Menggunakan getfacl
# View ACL
getfacl file.txt
View directory ACL
getfacl directory/
Remove ACL
setfacl -x u:username file.txt
Remove all ACL
setfacl -b file.txt
System Maintenance
1. Disk Space Management
# Cek disk space
df -h
Cek directory size
du -sh /path/to/directory
Top 10 largest directories
du -h / | sort -rh | head -10
Find large files
find / -type f -size +100M -exec ls -lh {} \; 2>/dev/null
Cleanup package cache
sudo apt clean
sudo apt autoremove
2. Memory Management
# Cek memory usage
free -h
Top memory consuming processes
ps aux --sort=-%mem | head -10
Monitor dengan htop
htop
Clear cache (hati-hati!)
sudo sync && echo 3 | sudo tee /proc/sys/vm/drop_caches
3. Process Management
# List processes
ps aux
Tree view
ps auxf
Cek process dengan resource tertinggi
top
htop
Kill process
kill PID
kill -9 PID
Kill by name
killall processname
Nice level (priority)
nice -n 10 command
renice -n 10 -p PID
4. Log Management
# View system logs
sudo tail -f /var/log/syslog
View authentication logs
sudo tail -f /var/log/auth.log
Rotate logs manual
sudo logrotate -f /etc/logrotate.conf
Journal logs (systemd)
journalctl -xe
journalctl -u servicename
System Monitoring
1. Uptime dan Load
# Uptime
uptime
Load average
cat /proc/loadavg
CPU info
lscpu
cat /proc/cpuinfo
2. Network Monitoring
# Network connections
netstat -tulpn
ss -tulpn
Bandwidth usage
iftop
nload
Interface statistics
ip -s link
3. Scheduled Tasks
# List cron jobs
crontab -l
Edit cron
crontab -e
System cron
ls /etc/cron.*
cat /etc/crontab
View cron logs
grep CRON /var/log/syslog
Best Practices
1. Security
# Disable root SSH login
sudo nano /etc/ssh/sshd_config
# PermitRootLogin no
Lock unused accounts
sudo usermod -L username
Check for SUID files (potential security risk)
find / -perm -4000 -type f 2>/dev/null
Check world-writable files
find / -perm -2 -type f 2>/dev/null
2. User Creation Checklist
# 1. Create user
sudo adduser username
2. Add to appropriate groups
sudo usermod -aG sudo,users,www-data username
3. Set password policy
sudo passwd username
4. Create home directory (automatic dengan adduser)
5. Copy default configs
sudo cp /etc/skel/.bashrc /home/username/
sudo cp /etc/skel/.profile /home/username/
6. Set ownership
sudo chown -R username:username /home/username
7. Test login
su - username
3. Regular Maintenance Script
#!/bin/bash
# maintenance.sh
echo "=== System Maintenance ==="
Update
echo "Updating system..."
sudo apt update && sudo apt upgrade -y
Cleanup
echo "Cleaning up..."
sudo apt autoremove -y
sudo apt clean
Check disk space
echo "Disk space check:"
df -h
Check failed services
echo "Failed services:"
sudo systemctl --failed
Check logs
echo "Recent errors:"
sudo grep -i "error" /var/log/syslog | tail -5
echo "=== Maintenance Complete ==="
Troubleshooting
1. Permission Denied
# Check permissions
ls -la file.txt
Check ownership
ls -l file.txt
Fix ownership
sudo chown $USER:$USER file.txt
Fix permissions
chmod 644 file.txt
2. User Cannot Login
# Check if account locked
sudo passwd -S username
Check shell validity
cat /etc/shells
grep username /etc/passwd
Check home directory exists
ls -ld /home/username
3. Command Not Found After User Creation
# Check PATH
echo $PATH
Source profile
source ~/.bashrc
source ~/.profile
Check shell
echo $SHELL
Kesimpulan
Administrasi sistem Linux meliputi:
- User Management: Membuat, mengubah, menghapus user accounts
- Group Management: Mengelola group memberships
- Permissions: Mengontrol access ke files dan directories
- Special Permissions: Setuid, setgid, sticky bit
- ACL: Access control untuk granular permissions
- Maintenance: Disk, memory, process, dan log management
Menguasai konsep-konsep ini adalah dasar untuk menjadi Linux system administrator yang kompeten.
Ditulis oleh
Hendra Wijaya