Panduan Administrasi Sistem Linux untuk Pemula: User Management dan Permissions
Panduan Administrasi Sistem Linux untuk Pemula: User Management dan Permissions
Administrasi sistem Linux adalah skill fundamental yang harus dikuasai oleh setiap pengguna Linux, terutama yang menggunakan Linux untuk server atau development. Artikel ini membahas dasar-dasar administrasi sistem dengan fokus pada user management dan permissions.
User Management
1. Membuat User Baru
# Membuat user baru
sudo adduser username
# Atau dengan useradd (minimal)
sudo useradd -m username
# Set password
sudo passwd username
Perbedaan adduser dan useradd:
adduser: Interactive, user-friendly, membuat home directory dan setup defaultuseradd: Low-level, minimal, memerlukan opsi tambahan
2. Membuat User dengan Home Directory
# Dengan home directory
sudo useradd -m -d /home/username -s /bin/bash username
# -m: Create home directory
# -d: Specify home directory path
# -s: Specify default shell
3. Menambahkan User ke Groups
# Add user ke sudo group
sudo usermod -aG sudo username
# Add ke multiple groups
sudo usermod -aG sudo,docker,www-data username
# -a: Append (jangan lupa!)
# -G: Secondary groups
4. Mengubah User Properties
# Ganti username
sudo usermod -l newname oldname
# Ganti home directory
sudo usermod -d /new/home/dir -m username
# Ganti shell
sudo usermod -s /bin/zsh username
# Lock user
sudo usermod -L username
# Unlock user
sudo usermod -U username
5. Menghapus User
# Hapus user (keep home directory)
sudo userdel username
# Hapus user dan home directory
sudo userdel -r username
# Hapus dengan force (jika user sedang login)
sudo userdel -f username
6. Melihat Informasi User
# List semua users
cat /etc/passwd
# Cek user exists
id username
# Detail user
finger username
# atau:
getent passwd username
# User yang sedang login
who
w
last
Group Management
1. Membuat Group
# Membuat group baru
sudo groupadd groupname
# Dengan GID spesifik
sudo groupadd -g 1001 groupname
2. Mengubah Group
# Ganti nama group
sudo groupmod -n newname oldname
# Ganti GID
sudo groupmod -g 1002 groupname
3. Menghapus Group
sudo groupdel groupname
4. Melihat Group Information
# List semua groups
cat /etc/group
# Groups yang dimiliki user
groups username
# Primary group
id -gn username
# Semua groups
id username
File Permissions
1. Memahami Permission System
Struktur permission: -rwxrwxrwx
Position: 1234567890
|---|---|---
| | |
| | +-- Others permissions
| +------- Group permissions
+------------ Owner permissions
Tipe file:
-: Regular filed: Directoryl: Symbolic linkc: Character deviceb: Block device
Permission types:
r(read): 4w(write): 2x(execute): 1
2. Mengubah Permissions dengan chmod
# Numeric mode
chmod 755 file.txt # rwxr-xr-x
chmod 644 file.txt # rw-r--r--
chmod 600 file.txt # rw-------
chmod 777 file.txt # rwxrwxrwx (avoid!)
# Symbolic mode
chmod u+x file.txt # Add execute for owner
chmod g-w file.txt # Remove write for group
chmod o+r file.txt # Add read for others
chmod a=r file.txt # Set read-only for all
# Recursive
chmod -R 755 directory/
3. Mengubah Ownership dengan chown
# Ganti owner
sudo chown user file.txt
# Ganti group
sudo chown :group file.txt
# Ganti owner dan group
sudo chown user:group file.txt
# Recursive
sudo chown -R user:group directory/
# Copy ownership dari file lain
sudo chown --reference=file1.txt file2.txt
4. Mengubah Group dengan chgrp
# Ganti group
sudo chgrp groupname file.txt
# Recursive
sudo chgrp -R groupname directory/
Special Permissions
1. Setuid (Set User ID)
# Set setuid bit
chmod u+s /usr/bin/somebinary
# Numeric: 4
chmod 4755 /usr/bin/somebinary
# Check
ls -l /usr/bin/somebinary
# Output: -rwsr-xr-x
2. Setgid (Set Group ID)
# Set setgid bit pada file
chmod g+s file.txt
# Set setgid bit pada directory (new files inherit group)
chmod g+s directory/
# Numeric: 2
chmod 2755 directory/
# Check
ls -l directory/
# Output: drwxr-sr-x
3. Sticky Bit
# Set sticky bit (hanya owner bisa delete file di directory)
chmod +t /tmp
# Numeric: 1
chmod 1777 /tmp
# Check
ls -ld /tmp
# Output: drwxrwxrwt
Access Control Lists (ACL)
1. Install ACL
sudo apt install acl
2. Menggunakan setfacl
# Grant read+write untuk user spesifik
setfacl -m u:username:rw file.txt
# Grant read+execute untuk group
setfacl -m g:groupname:rx directory/
# Grant untuk everyone
setfacl -m o::r file.txt
# Recursive
setfacl -R -m u:username:rwx directory/
# Set default ACL untuk new files
setfacl -d -m u:username:rw directory/
3. Menggunakan getfacl
# View ACL
getfacl file.txt
# View directory ACL
getfacl directory/
# Remove ACL
setfacl -x u:username file.txt
# Remove all ACL
setfacl -b file.txt
System Maintenance
1. Disk Space Management
# Cek disk space
df -h
# Cek directory size
du -sh /path/to/directory
# Top 10 largest directories
du -h / | sort -rh | head -10
# Find large files
find / -type f -size +100M -exec ls -lh {} \; 2>/dev/null
# Cleanup package cache
sudo apt clean
sudo apt autoremove
2. Memory Management
# Cek memory usage
free -h
# Top memory consuming processes
ps aux --sort=-%mem | head -10
# Monitor dengan htop
htop
# Clear cache (hati-hati!)
sudo sync && echo 3 | sudo tee /proc/sys/vm/drop_caches
3. Process Management
# List processes
ps aux
# Tree view
ps auxf
# Cek process dengan resource tertinggi
top
htop
# Kill process
kill PID
kill -9 PID
# Kill by name
killall processname
# Nice level (priority)
nice -n 10 command
renice -n 10 -p PID
4. Log Management
# View system logs
sudo tail -f /var/log/syslog
# View authentication logs
sudo tail -f /var/log/auth.log
# Rotate logs manual
sudo logrotate -f /etc/logrotate.conf
# Journal logs (systemd)
journalctl -xe
journalctl -u servicename
System Monitoring
1. Uptime dan Load
# Uptime
uptime
# Load average
cat /proc/loadavg
# CPU info
lscpu
cat /proc/cpuinfo
2. Network Monitoring
# Network connections
netstat -tulpn
ss -tulpn
# Bandwidth usage
iftop
nload
# Interface statistics
ip -s link
3. Scheduled Tasks
# List cron jobs
crontab -l
# Edit cron
crontab -e
# System cron
ls /etc/cron.*
cat /etc/crontab
# View cron logs
grep CRON /var/log/syslog
Best Practices
1. Security
# Disable root SSH login
sudo nano /etc/ssh/sshd_config
# PermitRootLogin no
# Lock unused accounts
sudo usermod -L username
# Check for SUID files (potential security risk)
find / -perm -4000 -type f 2>/dev/null
# Check world-writable files
find / -perm -2 -type f 2>/dev/null
2. User Creation Checklist
# 1. Create user
sudo adduser username
# 2. Add to appropriate groups
sudo usermod -aG sudo,users,www-data username
# 3. Set password policy
sudo passwd username
# 4. Create home directory (automatic dengan adduser)
# 5. Copy default configs
sudo cp /etc/skel/.bashrc /home/username/
sudo cp /etc/skel/.profile /home/username/
# 6. Set ownership
sudo chown -R username:username /home/username
# 7. Test login
su - username
3. Regular Maintenance Script
#!/bin/bash
# maintenance.sh
echo "=== System Maintenance ==="
# Update
echo "Updating system..."
sudo apt update && sudo apt upgrade -y
# Cleanup
echo "Cleaning up..."
sudo apt autoremove -y
sudo apt clean
# Check disk space
echo "Disk space check:"
df -h
# Check failed services
echo "Failed services:"
sudo systemctl --failed
# Check logs
echo "Recent errors:"
sudo grep -i "error" /var/log/syslog | tail -5
echo "=== Maintenance Complete ==="
Troubleshooting
1. Permission Denied
# Check permissions
ls -la file.txt
# Check ownership
ls -l file.txt
# Fix ownership
sudo chown $USER:$USER file.txt
# Fix permissions
chmod 644 file.txt
2. User Cannot Login
# Check if account locked
sudo passwd -S username
# Check shell validity
cat /etc/shells
grep username /etc/passwd
# Check home directory exists
ls -ld /home/username
3. Command Not Found After User Creation
# Check PATH
echo $PATH
# Source profile
source ~/.bashrc
source ~/.profile
# Check shell
echo $SHELL
Kesimpulan
Administrasi sistem Linux meliputi:
- User Management: Membuat, mengubah, menghapus user accounts
- Group Management: Mengelola group memberships
- Permissions: Mengontrol access ke files dan directories
- Special Permissions: Setuid, setgid, sticky bit
- ACL: Access control untuk granular permissions
- Maintenance: Disk, memory, process, dan log management
Menguasai konsep-konsep ini adalah dasar untuk menjadi Linux system administrator yang kompeten.
Artikel Terkait
Link Postingan: https://www.tirinfo.com/panduan-administrasi-sistem-linux-user-management-permissions/