Click here for "Error Codes for Commercial Air Conditioners".

Debian10 ; SU, repository mirror, locate, time zone settings

Among the initial settings to be made after installing Debian, we will configure the following items.

  • Restricting users who can su
  • Edit Debian repository mirror settings
  • Make locate command available
  • Locale settings
  • Configure time zone settings
  • Update system packages

1. Limit the users who can su

In Debian, the default configuration allows any user to become the root user with the “su” command.
When multiple users are created on the server, if the login information of any one of the users is known, the su command can be used to take away the root user privileges after unauthorized access, so we need to restrict the users who can execute the su command as much as possible.
Therefore, limit the users who can execute the su command as much as possible. Only users who belong to the wheel group can be authorized to execute su.

1.1 Adding users to the wheel group

Create a wheel group with the following command

# groupadd wheel

Run the usermod command to add a user to the wheel group. For example, let’s say the user you want to add is example.

# usermod -g wheel example

Verify that it has been added to the wheel group using the id command.

# id example
uid=1000(testuser01) gid=1001(wheel) groups=1001(wheel)

1.2 Edit the su command configuration file

The configuration file for the su command is /etc/pam.d/su

# vi /etc/pam.d/su
# Uncomment this to force users to be a member of group root
# before they can use `su’. You can also add “group=foo”
# to the end of this line if you want to use a group other
# than the default “root” (but this may have side effect of
# denying “root” user, unless she’s a member of “foo” or explicitly
# permitted earlier by e.g. “sufficient pam_rootok.so”).
# (Replaces the `SU_WHEEL_ONLY’ option from login.defs)
#auth required pam_wheel.so Uncomment out
  ↓
auth required pam_wheel.so

Now, the example user can use the “su -” command to transition to root privileges.

2. Editing Debian repository mirror settings

The repository mirror configuration file is /etc/apt/sources.list, make a copy and edit it.

# cd /etc/apt/
# cp sources.list sources.list_back
# vi /etc/apt/sources.list

The file contents are

#deb cdrom:[Debian GNU/Linux 10.2.0 _Buster_ – Official amd64 NETINST 20191116-09:56]/ buster main

deb http://ftp.jp.debian.org/debian/ buster main
deb-src http://ftp.jp.debian.org/debian/ buster main

deb http://security.debian.org/debian-security buster/updates main
deb-src http://security.debian.org/debian-security buster/updates main

# buster-updates, previously known as ‘volatile’
deb http://ftp.jp.debian.org/debian/ buster-updates main
deb-src http://ftp.jp.debian.org/debian/ buster-updates main

# This system was installed using small removable media
# (e.g. netinst, live or single CD). The matching “deb cdrom”
# entries were disabled at the end of the installation process.
# For information about how to configure apt package sources,
# see the sources.list(5) manual.

The top one is the media we used during the installation. Since it is not used anymore, I have commented it out.
If you want to use it in Japan, make it a mirror with jp.

3. Make the locate command available

The find command can be used to search for a specific file on the entire Linux system, but the options for find are somewhat confusing.
The locate command is capable of extracting all files with the specified file name.
Although it requires you to create a database of file and folder names in advance, it has the advantage of fast file search and ease of use. In this section, we will enable the “locate” command to be used.

3.1 Install the locate package

# apt install -y locate
# dpkg -l | grep locate
ii locate 4.6.0+git+20190209-2 amd64 maintain and query an index of a directory tree

If you see the name of the locate package in the execution result as shown above, the installation is complete.

3.2 Create a database

# updatedb

3.3 Run the locate command.

s an example, we will search for all files named “sshd”.

# locate sshd
/etc/pam.d/sshd
/etc/ssh/sshd_config
/etc/systemd/system/sshd.service
/run/sshd
/run/sshd.pid
/usr/sbin/sshd
/usr/share/man/man5/sshd_config.5.gz
/usr/share/man/man8/sshd.8.gz
/usr/share/openssh/sshd_config
/usr/share/openssh/sshd_config.md5sum
/usr/share/vim/vim81/syntax/sshdconfig.vim
/var/lib/systemd/deb-systemd-helper-enabled/sshd.service
/var/lib/ucf/cache/:etc:ssh:sshd_config

A list of filenames containing sshd is now displayed.

4. Locale settings

This is the language setting for your Linux system, and if you selected Japanese as the locale when you installed Debian, then you are already in a Japanese environment and do not need to change it.
If your environment is set to English locale and you prefer Japanese locale, please do so.

4.1 Check the current locale.

Check the locale set in the system. To check the locale, use the “localectl status” command.

# localectl status
System Locale: LANG=C.UTF-8
VC Keymap: n/a
X11 Layout: jp
X11 Model: pc105

In the above case, “C.UTF-8” is the locale, which means it is the C locale (POSIX locale).

4.2 Change to Japanese locale

In Debian, you can check the list of locales with the command “localectl list-locales”. Let’s run it to see the locales available on the system.

# localectl list-locales
C.UTF-8
ja_JP.utf8

Two locales are now displayed. The displayed result “ja_JP.utf8” is the locale for Japanese, so we will set the “ja_JP.utf8” locale.
To set the locale, use the “localectl set-locale” command. Execute it as follows

# localectl set-locale LANG=ja_JP.utf8
Confirm.
# localectl status
System Locale: LANG=ja_JP.utf8
VC Keymap: n/a
X11 Layout: jp
X11 Model: pc105

We have confirmed that the “ja_JP.utf8” locale has been set as shown above.

5. Setting the time zone

In most cases, the time zone of Debian 10 is set at the time of installation, but if the Japanese time zone “JST” is not specified, you can change it with the “timedatectl” command.

5.1 Display the current time zone

To check the time zone set on the server, run the “timedatectl status” command

# timedatectl status
Local time: 金 2019-11-01 15:49:16 JST
Universal time: 金 2019-11-01 06:49:16 UTC
RTC time: 金 2019-11-01 06:49:17
Time zone: Asia/Tokyo (JST, +0900)
System clock synchronized: yes
NTP service: active
RTC in local TZ: no

The time zone is set to “Asia/Tokyo (JST)” as shown above.

5.2 Change time zone to Japan

If the time zone is not set to “Asia/Tokyo (JST)”, you can use the command “timedatectl set-timezone” to change the time zone.

# timedatectl set-timezone Asia/Tokyo
I’ll check it out.
# timedatectl status
Local time: 金 2019-11-01 15:50:23 JST
Universal time: 金 2019-11-01 06:50:23 UTC
RTC time: 金 2019-11-01 06:50:23
Time zone: Asia/Tokyo (JST, +0900)
System clock synchronized: yes
NTP service: active
RTC in local TZ: no

6. Update the system package

A Debian system installed from the media may contain outdated packages. Debian also uses “apt” to update all packages.
If you do not want to update the packages, but just want to see the list of packages that will be updated, you can run the “apt update” command. You can do this as follows

# apt update
hit:1 http://deb.debian.org/debian buster InRelease
hit:2 http://deb.debian.org/debian buster-updates InRelease
hit:3 http://security.debian.org/debian-security buster/updates InRelease
Loading package list… Done
Create the dependency tree.
Reading status information… Done
All packages are up to date.

To update the package, run the “apt upgrade” command.

# apt upgrade -y
Loading package list… Done
Create the dependency tree.
Reading status information… Done
An upgrade package is detected… Done
Upgrades: 0, new installs: 0, removals: 0, pending: 0.

No update was done this time because there were no packages to update.

タイトルとURLをコピーしました