Survival guide: which commands must I know?

When you turn on your server, whether it is connected to a monitor or through SSH, you will see a command prompt:

acdc $ ▮

It is by entering commands with your keyboard that you will administer your server.

Of course, there are a lot. You will discover them little by little according to your needs.

For now, let's see a few of them. Don't try to memorize all of a sudden - come back and get what you need when the time comes.

Tips

Tip # 1: Tab

By using the "tabulation" key ↹, you can complete a command or a path to a file. Start writing the beginning, then press ↹.

Tab is a-ma-zing! 😉

Tip # 2: ctrl-c

To undo what you are writing, press "ctrl" and "c" simultaneously. ("cancel").

Tip # 3: "\"

Although this is very rare, some file names sometimes contain spaces "" or even strange symbols. However, a space is considered by the command prompt as a separator between files. It may therefore understand that you are referring to several files instead of just one.

Then use "\" to "escape" the weird symbol. That way the Command Prompt will sort of ignore it. For example :

/path/to/some/file\ with\ spaces.txt

In any case, avoid creating files with strange names.

If you need to treat a large number of them, find out about the "detox" tool (port of the same name).

Tip # 4: order history

To find the history and quickly relaunch an old command, use the shortcut ctrl-R.

You must first enabled it by adding export "HISTFILE = ~ / .history" in the "~ / .profile" file:

$ echo "export HISTFILE = ~ / .history" >> ~ / .profile

At the next login, the history will be active.

su and doas: how to get superuser privileges (root)?

Enter the command "su -l" then the password for the root user.

WARNING: in this case, your user must belong to the "wheel" group for this to be possible. This is the case for the first user created on a system.

You can also configure doas to run a command with superuser privileges as follows:

doas command

Edit / create the /etc/doas.conf (doas.conf) file to add:

user permit

Adapt "user" according to your needs.

See also :

"man doas"

ls: list the content of a directory

Start "ls" followed by the path to the folder to list (or nothing to list the current folder).

The "-l" option also allows you to indicate permissions, owners, sizes and modification dates.

Example:

$ ls -l / etc
drwxr-xr-x 7 root wheel 512 Apr 19 19:12 X11
drwx ------ 2 root wheel 512 Apr 19 18:16 acme
-rw-r - r-- 1 root wheel 1542 Apr 13 15:39 acme-client.conf
-rw-r - r-- 1 root wheel 1764 Nov 28 13:56 adduser.conf
drwxr-xr-x 2 root wheel 512 Apr 19 18:16 amd
drwxr-xr-x 2 root wheel 512 Apr 19 18:16 authpf
-rw-r - r-- 1 root wheel 30 Aug 2 2020 boot.conf
[...]

We get one line per file / folder. Each line have these fields :

<permissions> <inode> <owner> <group> <size> <date of last access> <file name>

A simple and yet efficient method to secure your website - and more generally its server - is to modify the rights and the owner of the files of said site.

Read the sections on "chmod" and "chown" to learn more.

chmod: change permissions

Let's take a closer look at what the return of the "ls -l" command seen previously tells us.

The letters at the beginning of the line describe the permissions granted to the file. We can remember two things:

1. If the first character is a d, then it is a directory. Otherwise, it is a file (with exceptions).

2. The remaining characters are read by set of 3. Each "triplet" describes the permissions for the owner, for the group, and for everyone else, respectively.

For example, for this line:

drwxr-xr-x 2 www daemon 512 May 5 17:10 bin

We see that it is a directory. Then we read letters 3 by 3:

rwx: The owner www can:

"r-x": Those belonging to the "daemon" group can

"r-x": All others can:

As a general rule, you should avoid as much as possible giving write and execute rights to people other than the owner. Sometimes, reading permission is also withdrawn on certain files (passwords, etc.).

To change permissions, there are several methods.

"symbolic" chmod

Some use a set of numbers, like "chmod 700". I find this way not very explicit when you are not used to it yet. Even if you have to type a few more commands, prefer to use chmod <identity> ± <permission> where:

Will you take a few examples?

These changes can be applied recursively (to all subdocuments in a folder) with the -R option.

Tip: to allow moving in folders, without making the files executable, use X (uppercase) instead of x.

chmod "absolute"

If you want to understand the numerical notation of a chmod:

There is no distinction between folders or files, so proceed with caution.

The first number describe to the permission giver to the owner, the second to the group, the last to the others.

We add the values. This means that "chmod 700" grants "rwx" permissions to the owner, and none to the group and others (7 = 4 + 2 + 1).

Finally, in order to define the permissions by distinguishing between the folder and the files, and not to make a file executable with a "chmod -R" (recursive), the "find" command is your friend:

As always, the "man chmod" command will tell you more.

chown: Owner and group

Each file has an owner and is part of a group. This will allow us to give certain permissions to the owners, which will not necessarily be the same as those given to the group member.

To modify the owner and the group, we use the chown command.

# chown <owner>: <group> filename

File management

Before we see how to handle files, take note of the following notations:

pwd: display the current folder

With pwd you ask "where am I" :)

mkdir: create a directory

$ mkdir name_of_new_folder

Use the "-p" option to create a whole structure at once:

$ mkdir -p ~/folder/with/some/subfolders

cd: change directory

To move to the "/var/www" folder:

$ cd /var/www

The "cd" command without argument moves you to your "$HOME".

cp: copy

To copy a file:

$ cp source_file copy_file

To copy a folder and its contents:

$ cp -R source_folder copy_folder

rm: delete

$ rm path_to_the_folder
$ rm -R path_to_the_folder

mv: move

$ mv source destination

It's like cut and paste.

less: how to read and search in a file?

To only view a file, use the "less" command.

Then you can search for any string of characters by pressing "/" and entering your search. Press "n" to go to the next occurrence, or "N" to go back.

To exit less, press "q".

If you want to search through the content of the logs, that can be handy 😉.

man

Here is the real reason why there are not 36 Support Forums around OpenBSD but only a mailing list: the man pages are very comprehensive, complete with examples, and most of the time are sufficient to answer questions/problems encountered.

The "man" command allows you to display a man page.

Note that there are different sections for categorizing man pages:

Also, it sometimes happens that a man page exists in several different sections: its content is not the same. In order to differentiate them, one refers to a manpage as follows: "page_name (section)".

For example: "apm (8)", or "apm (4)". Or "man (1)" and "man (7)". Yes, "man" has a "man" page.

We use this command as follows, without parenthesis:

$ man (section) page

The section is optional.

To practice, run "man hier". Use arrows to scroll. As with "less", you can search with "/". Notice the "SEE ALSO" part which invites you to read other manpages that may be of interest. Exit with "q".

If you don't know what the name of the man page is, you can search for it with the "apropos" command:

$ apropos your_research

vi: to edit a file

Knowing how to edit a file is crucial.

There is a lot of text editors (vim, nano ...). The default editor on OpenBSD is vi.

vi

It may be confusing to use at first, so some people may want to install another editor instead. However, vi is handy once you get it. If, on the contrary, you are already used to the emacs editor, you will find what you are looking for with the mg editor, also avaiable by default.

Here are some tips for using vi through an example. To edit the /etc/iloverocknroll file, you would enter this:

$ vi /etc/iloverocknroll

The contents of this file will then appear in the terminal.

Most of the time, you will only do this:

You are still here ? 😁

So let's go a little further (but not too much, we promise 😁). Take note that there are three modes:

To save the changes, press ":" then "w". Validate with enter. We can now quit by writing ":q". Note that you can go faster by typing directly ":wq".

To cancel a modification press "u". To remove multiple changes, press "u" then "." as many times as necessary, it allows you to repeat the last action.

In order to search for a text, which is very useful in large files, press the "/" key then write your search.

If you want to exit without saving your changes then type: "q!".

Other very practical tips:

rcctl: How to manage daemons?

In order to activate/deactivate daemons, the "rcctl" command is provided for this purpose. All available services are in the "/etc/rc.d" folder. Here are some reminders:

If you prefer the manual method, then you can directly edit the "/etc/rc.conf.local" file which manages the services launched at startup.

Let's practice

Let's train with a little exercise. Follow the instructions below, then check that you obtain the same thing as in the "Answer". Try to do it from memory first. If you get stuck, read again the page looking for what you are missing.

The answer :


$ cd /tmp
$ mkdir ah
$ cd ah
$ vi dw.txt
$ cp dw.txt DrWho.txt
$ chmod 600 DrWho.txt
$ rm dw.txt
$ cd ~
$ pwd
/home/prx
$ ls -l /tmp/ah
total 2
-rw ------- 1 prx wheel 22 May 5 21:10 DrWho.txt
$ cat /tmp/DrWho.txt
Allons-y

Note that we can replace "cd ~" by "cd $HOME", or even by "cd".