If you’re like me, you’re probably opening this guide, ready to learn to take your infrastructure to the next level. That kind of enthusiasm is important, Ubuntu is not for the feint hearted and is certainly more of a struggle to get to grips with than a Windows server.
That said, once you do become familiar with the Ubuntu server commands, you’ll find it is much more rewarding to work with than its Windows equivalent – both in terms of usability and let’s not forget that smug feeling you’ll have, knowing that you’ve saved yourself a lot of money by deploying Ubuntu instead of Windows.
Before we can even start looking at Ubuntu commands, we will need to set up a server – in this case, I’ll be creating a VPS (Virtual Private Server) through Digital Ocean. There are a lot of benefits of using a VPS in place of a shared host, the biggest of which, is the dedicated resource allocation.
What this means is you’ll always have xGB of RAM at your disposal, rather than fighting with hundreds, if not thousands, of other customers on your shared hosting server. Additionally, you can host whatever you like on your VPS without being penalized by the hosting company for using too much compute power.
All in all, this is a much more flexible solution for your business as it provides you with infrastructure which can be scaled to grow with your business – meaning, if you have certain days or times that your service is particularly in demand (like the Apple store when a new phone is released), you can set your servers to automatically expand to cope with the additional demand from your users – giving your users consistent performance.
Even though this ebook runs through the setup of servers on Digital Ocean, the Ubuntu commands throughout will work for all other cloud services, including Amazon Web Services, Microsoft Azure, Linode and others.
Without further ado, let’s get started!
Domain name management
Domain names are like street addresses for the internet, they’re useful, everyone has one, but they aren’t really 100% necessary from a functionality point of view. However, they do make your website easier to find for your users, so from a marketing standpoint they’re very necessary.
There are a few things you need to know about domains though (in order to get your digital ocean instance working) and those things are outlined below. Firstly, you have the domain name servers – these servers provide rules so that your website can be found. In order to use your domain with Digital Ocean, you’ll need to set these to be: ns1.digitalocean.com, ns2.digitalocean.com and ns3.digitalocean.com.
Once you’ve done that with your domain registrar, you can start looking at the DNS manager in Digital Ocean. All you need to do is add your domain to the control panel. Once your instance is up and running, you’ll need to do the following.
- Firstly, create an A record (named @) that points at your servers IP address.
- Next, create two cname records.
- One should be www in the left column & example.com in the right hand column.
- The next should be * in the left column & example.com in the right hand column.
Creating a LAMP server
There are several ways that you could go about setting up your server – you could install Ubuntu and then go about installing each of the applications you need to run your website, one at a time. This is time consuming and isn’t a particularly efficient way to launch your services as there are core applications / services which are used by almost all basic deployments on Ubuntu servers.
Those core applications / services are: Linux, Apache, MySQL and PHP.
Apache is a web server which controls what your server does when a visitor comes along. It tells the server which website the user is looking for and in which directory to find that website. We will be using Apache throughout this ebook.
MySQL is a database server which is used to store structured data (for example an orders database). This is a robust and well tested solution that is one of the leading products in the market (and it’s free). Finally, we have PHP which is an engine which enables your server to interpret and display PHP documents to your users.
We refer to the installation of all these components as a LAMP Stack. Luckily for us, Digital Ocean (and most other providers) have a ready-made image for us, so we don’t need to mess around installing everything. To set up your LAMP server, follow the below steps.
- Log in to your Digital Ocean account
- Click “create droplet” in the top right
- Name your droplet anything you want
- Under the applications tab, select ‘LAMP on 14.04’
- Click ‘Create Droplet’
You will then see a progress bar appear on the page. Once this is complete, your server is up and running- congratulations, you’re officially an Ubuntu server owner!
Setting the root password
Now that you’ve created your server you’ll need to check your inbox. You see, when you create a new droplet with Digital Ocean you will be emailed an auto generated password for your server. You should try and change this as soon as possible to maintain the security of your droplet.
In order to change the password you will need to become familiar with SSH (Secure Shell). As a bit of background, SSH is an industry standard, secure method of accessing and administering servers remotely. The benefit of SSH is that it enables you to manage your servers without physically needing to plug a keyboard into them.
If you have a Windows desktop, you can SSH on to your servers by downloading a tool called Putty. Once you’ve done that, run the application – you’ll need to enter the your droplets IP address and then hit ‘open’.
Just click “open” and your server terminal will appear. Type ‘root’ as the username and enter the password that you received in the email (you can right click in the terminal and select ‘paste’ to make this easier). You will now be prompted to enter a new password.
If you’re not using an Windows desktop, you can open your terminal and simply type ‘sudo ssh root@yourIPaddress‘. This will then prompt you for your existing password (as above).
Configuring Apache Server
Your initial setup and configuration phase is not complete. You have a server with Linux, Apache, MySQL and PHP installed on it. You also now know how to SSH to your server, which will help us very shortly.
Currently though, you don’t have any websites on your server, and in its current state, it would be no use uploading them either. There is a little bit of required configuration work before you’ll be able to see your website running on the server.
In order to host websites on your droplet, you will need to use a method called SFTP (Secure File Transfer Protocol) to connect to your server. Essentially, this gives you access to the directory structure of your server and all the files held within it.
The next section covers installing and using Filezilla – an FTP client.
Other web server options
We’ve spoken about and used Apache server, but, I thought it would be worthwhile covering off the Apache alternatives and discussing the difference between Apache and Apache Tomcat.
So first thing is first, Apache Tomcat is a web container that allows you to serve Java (JSP) applications, whereas, Apache server will deliver HTML, PHP and ASP documents. As always, Java just requires a little bit more TLC and even has its own, special little tool.
Then we have other choices of web server. This is a core part of your infrastructure and you must choose wisely. Apache is the most popular web server out there as it hosts the majority of websites, however, NGinx is also an option, it’s dubbed as being much faster than Apache at serving static files and also consumes much less memory for concurrent requests. What that means, is as your website traffic increases and you have many people hitting your server at the same time, it would be able to cope much better than Apache.
The functionality of both are broadly the same, and, they’re both completely free.
SFTP to your server
In order to SFTP to your server, you’ll need to do is download Filezilla onto your desktop computer. This is available for both Windows and Ubuntu desktop. To connect your website, click File > Site Manager. Within this screen, enter the host details (which is your servers IP address), the logon type (which is interactive), protocol (which is SFTP) and the username (which is root).
Once you’ve filled all of that in you can go ahead and click ‘connect’ – you will be prompted to enter your password – hopefully, you’re now connected to your server.
You’ll see a folder with three dots (…) at the top of your screen, click that. On the subsequent page, find the directory named ‘var’. Within that, open ‘html’.
Configuring the website(s)
Now that you have the correct directory open, you can go ahead and follow the below commands.
- Add your website address as a folder (e.g. var/www/example.com)
- Within your new folder, create a sub folder called ‘public_html’
- Navigate to ‘/etc/apache2/sites-available’
- Copy the ‘000-default.conf ‘to your desktop
- Edit the file name to be yourdomain.com.conf
- Within the file edit the server admin email (to your email address)
- Then edit the document root (to point at your new public_html folder)
- Finally, add these two lines (replacing ‘domain.com’ with your web address): ServerName domain.com / ServerAlias www.domain.com
- Open the terminal via SSH
- Connect to your server
- Type ‘sudo a2ensite example.com.conf’ (replacing example.com with your URL)
- Restart apache by typing ‘sudo service apache2 restart’
Now that you’ve done that, you can start uploading all of your web pages, CSS and images to that folder. As soon as your domain has been pointed at the server, you’ll be able to navigate to your new website.
If you’re introducing public facing web servers into your organization, you’ll need to keep on top of your security – we’ve seen a lot of large scale, public hacking scandals recently (Sony, Playstation Network, Xbox Live and plenty more).
There are plenty of individuals out there that would love to mess up your website or application – it’s a challenge for them to do so and they get a sense of satisfaction from stealing your data, whether it’s useful to them or not.
Using the root user of your Ubuntu server is never suggested. This is because, if you and several other users are managing a server, you’ll have no record of who did what, also, everyone will have access to do everything.
This probably isn’t a huge issue in the early phases of your application / website deployment, but imagine you’ve grown, your website is making a significant amount of money daily and you’ve started to hire new system administrators.
They all have root access to your servers and one of them decides to make a change. That change brings the system crashing down, you’re website / application goes offline and you have no idea who was responsible.
These issues happen, in the most part, not because of malicious intent by your employee, but rather because they have access to commands and functionality that they do not know or understand.
As is mentioned above, it’s never the best idea. The safer option is to make use of a function called sudo (super user do), which enables the user to temporarily increase their privileges on the system, using their own password, rather than root. This enables you to control which user can carry out each of the server commands and it also means you can track what actions each user is taking.
You can disable the root password ( sudo passwd -1 root) and even disable the root account all together (usermod –expiredate 1), all of these commands can be read about further by typing man sudo into your terminal.
User management on Ubuntu is very straightforward. In order to add a user, you can use the sudo functionality (outlined above) and type sudo adduser username, this will then prompt you to enter lots of information about that user, such as name, phone number etc…
Deleting a user is just as simple (dangerously simple). Again, using the sudo command, you can
type sudo deluser username.
Deleting the user is not the same as deleting all the related data for that user. For example, deleting the user John, will not delete John’s home folder – this is useful if you have certain data retention policies that you must adhere to. It does, however, cause an issue if you have a new member of the team called John – if you add that individual with the same username as was used for the original John, they will have access to his home folder. To avoid this, you might want to rename his folder, or create the user with a new user ID.
You can also lock a user account (sudo passwd -l username) or unlock a user account (sudo passwd -u username).
You can also group users. This could be useful as you’d be able to add a user to the HR group & assign system privileges to the users based on what group they’re in. To do that, you’ll first need to create a group (sudo addgroup groupname) – you can, of course, always delete a group too (sudo delgroup groupname).
To add a user to that group simply type sudo adduser username groupname.
Making user management easier
User management can be a bit of a drag through the command line. It’s not the most intuitive interface in the world and that can lead to mistakes. I recommend using a tool called Ajenti to manage your user security & groups – it’s worked nicely for me!
When you create a new user, they will also have a home directory created for them (under /home/username). This can cause problems as those folders are created with global read and write capability. That means that any user can look in any other users home folder.
In order to check the users home directory status, just type ls -ld /home/username into the terminal. The output is likely to start with something like this: drwxr-xr-x. The three blocks of letters determine the permissions that each user will have. The first block shows the permissions of the directory owner, the second shows the permissions of the group and the final block shows the permissions of all other users.
R = Read
W = Write
X = Execute
To remove the world readable syntax, simply type sudo chmod 0750 /home/username. This will ensure that you’re protecting both the parent and all sub directories.
That’s great, you’ve controlled the access to your user file, but, this should never have been a problem. The best thing you can do is edit the adduser global default permissions which are applied when creating home folders. To do this, find the adduser.conf file located in the /etc/ directory.
Within this folder, modify the DIR_MODE variable to reflect the permissions that you want the users to have. I find that this tool: http://permissions-calculator.org/ is extremely helpful when it comes to finding out which permissions you want to give users.
You can now verify that your changes have worked. You can do this by typing in ls -ld
/home/username. Your results should now have changed.
You can implement stringent firewall rules along with other security features, but, if your passwords are poor, all of that is pointless. If you’re going to enable SSH (which I imagine you will), then you will need to implement a strong password policy.
You can control the password policy from the common-password file, located in the /etc/pam.d/ directory.
You can update the minimum length of password by editing the password minlen=8 line to enforce a larger number of characters. It should be noted though, the administrator does not need to adhere to these requirements when creating users.
You can also set your passwords to expire by setting a maximum password age.
Virtual / digital security isn’t your only concern when it comes to managing your servers. You need to also defend from those people that have physical access to your servers.
If they aren’t in a restricted access room already, that should be on your mind, but, you can also prevent ctrl+alt+delete reboots (which do not require sudo access).
To do this simply comment out the below line in the control-alt-delete.conf file, found under the /etc/init/ directory – #exec shutdown -r now “Control-Alt-Delete pressed”
The Ubuntu kernel uses the Netfilter system. This is a system which is used to decide what to do with network traffic that hits the server.
To control the Netfilter system rules, we have access to iptables which will define what to do when a packet hits your server.
However, iptables are not the most user friendly of things, and as such, Ubuntu is shipped with UFW (Uncomplicated Firewall). This gives you a much simpler way to manage your firewall.
Using the UFW commands
Using UFW is simple, if you want to enable it (switch it on), simply type sudo ufw enable into the terminal, and, if you want to disable it (switch if off), simply type sudo ufw disable.
Managing your port security is just as straightforward. You can type sudo ufw allow 22 to allow port 22 (replace the port number with whatever you need) and you can block a port by typing sudo ufw deny 22.
You can check the status of your firewall (and all rules that have been applied to it) by typing sudo ufw status into the terminal. This will let you know if the firewall is enabled and all of the allowed / denied ports.
Once you’ve seen the list of rules, you might want to delete one, you can do this by typing sudo
ufw delete deny 22 or sudo ufw delete allow 22.
You can also specify what to do with specific hosts or networks. For example, I can allow SSH access from a particular IP address by typing sudo ufw allow proto tcp from IPADDRESS to any port 22 into the terminal.
Firewall logs help you to recognise attacks, troubleshoot your firewall rules and notice unusual activity on your network. These aren’t automatically generated though, you’ll need to turn them on, which is simple, just type sudo ufw logging on. If you then want to switch them off, you can do so by typing sudo ufw logging off.
You can find the logs in /var/log/messages, var/log/syslog and /var/log/kern.log.
App Armor is a security feature which is built into Ubuntu. It runs silently in the background so you might not even know it’s there and you are even more likely not to know what it’s doing.
App Armor allows system administrators to assign each program / process a security profile. This restricts the capabilities of that program so that it can’t cause any damage in the event of a security vulnerability.
You can view the App Armor status by typing sudo apparmor_status into the terminal. This will let you see whether App Armor is running on your system and it will also show you the App Armor profiles that you’ve installed on the system.
Each of the profiles that you create are able to run in two possible modes – “complain mode” or “enforce mode”. Enforce mode enforces the rules that have been set for the profile, while complain mode does not enforce anything, it just logs any violation attempts – this is useful for test systems to see what kind of errors could be thrown up.
eCryptfs is a cryptographic filesystem for Ubuntu Server. This layers on top of the file system and protects your files. You can install eCryptfs by typing sudo apt-get install ecryptfs-utils into the terminal. You can then choose which partitions you want to encrypt (you can do this by following the eCryptfs user manual.
A great third party tool that can help you defend from attacks is Cloudflare. They have provisions to provide you with SSL certificates and protection from brute force attacks.
Cloudflare specialize in security and site performance, while I do think it is possible to implement some of the provisions they have on your own server, I don’t necessarily see the point as their service is low cost and very effective.
As a further enhancement to security on your server, you can block SSH access for your root user. This user has maximum privileges, so, you don’t want to make it accessible to the world. Before you restrict this, you’ll need to make sure that you have another administrative user (referred to as su (super user)) that you can use in the place of root. To add a user to the sudo group just type ‘sudo adduser <username> sudo‘ to your terminal.
Now, if you SFTP to your server and navigate to /etc/ssh, you will find a file called sshd_config. If you open this file, you will see a line that says ‘PermitRootLogin’.
Remove ‘yes’ and replace this with ‘no’. This stops anyone from connecting to the server through SSH using the root username and password. To view these changes, you’ll need to restart the SSH service on your server.
You can do this by typing ‘sudo service ssh restart‘ into the terminal. You should now find that your root login no longer works (both over SFTP and SSH).
Now that you have your security looking good, I’ll show you how to configure your server for more consistent performance. I find that the best way to do this is through a swap file.
Essentially, a swap file is a dedicated portion of your hard drive, which is used as an extension of your RAM – helping to alleviate any memory constraints you might have. This is particularly useful for php websites with high load (e.g. a popular WordPress website).
In order to set up your swap file, take a look below.
- Check whether you already have a swap file by typing ‘free -m’ into the terminal
- The swap file can be created with the following command (this command may take a few seconds to run). This essentially builds a file of the specified size (in this case 2GB): ‘sudo dd if=/dev/zero of=/swapfile bs=1G count=2’
- Let’s check that the space has been allocated by using: ‘ls -lh /swapfil’
- Now we have our swap file created, we just need to enable it.
- 1.Adjust permissions by typing ‘sudo chmod 600 /swapfile’
- Verify the output with ‘ls -lh /swapfile’
- Set up the swap space with ‘sudo mkswap /swapfile’
- Enable the file ‘sudo swapon /swapfile’
- Verify that the process was successful ‘sudo swapon -s’
When we reboot, the file will not automatically be enabled. To make that happen, edit the file ‘sudo nano /etc/fstab’ and add ‘/swapfile none swap sw 0 0’ at the bottom of the file.
The Cloudflare servers are positioned in strategic locations across the globe. That means that no matter where in the world your customers are, they’ll be routed to the closest possible server, reducing latency and improving response times.
In addition to the performance improvements, Cloudflare also has many security features which could help you protect from brute force attacks.
Now that you’ve got your servers up and running, you’ll want to monitor their performance and availability. After all, nobody is going to sign up for a service that is slow and only available some of the time.
By monitoring the vital signs of your web servers and network, you’ll be able to identify bottlenecks and the data will enable you to better troubleshoot potential issues with your website.
There are two great services that Ubuntu suggest you can install to do all of this. The first is Nagios (for availablility monitoring) and the other is Munin (for performance) monitoring.
Nagios helps you monitor your websites availability. That isn’t just to show you whether it is up and running, it is far more comprehensive than that. It helps you to monitor all of your applications, services and system metrics all from a single dashboard.
This tool will help you quickly identify infrastructure outages and will even tell you via email or text message. That’s not to say that everyone gets all of the messages, you can set escalation policies so that the right people are notified at the right time.
Nagios will also help you out with all of the mundane and boring tasks of a sys admin, like SLA monitoring and reporting for all servers / networks.
If you love pretty graphs, then Munin is not a bad choice. You’ll get historical charts, showing the performance of your servers networks, SANs and applications. If something is not pulling it’s weight and is slowing the rest of the components down, you’ll know about it.
This helps you identify the root cause of performance issues and helps you to find a resolution sooner.
Managing your databases
If you’re migrating an existing website or application to your new server, you may have an existing MySQL database, if you’re not migrating, you might want to create a new database. Either way, the best way to do that is through PHPMyAdmin. The reason I like this tool so much is that it applies a nice user interface to a relatively complex procedure.
Before you get started, you’ll need to know what your MySQL root password is. This is created automatically during the installation of the LAMP stack. You can find the root password within the following file: /etc/motd.tail.
In order to install PHPMyAdmin, just follow the steps below (the install process is covered in more detail in the ‘advanced commands’ section of this ebook):
- sudo apt-get -y update
- sudo apt-get -y install phpmyadmin
During the installation, you’ll be prompted to answer a few questions. The first of those questions asks you which web server you’re using – if you’ve been with us since the beginning of this guide, you are running Apache2.
The next question, just hit yes – this will configure PHPMyAdmin so that it’s usable.
The next two screens will ask you for passwords, the first is the MySQL root password that you found in the motd.tail folder (as above) and the second is the password that you would like to use to login to PHPMyAdmin.
That should be it, the installation is complete. All you need to do now is make a few Apache configuration amendments.
- Locate the file /etc/apache2/apache.conf
- Add the line ‘include /etc/phpmyadmin/apache.conf‘ to the bottom of the file
- From the terminal run: ‘sudo service apache2 restart‘ to restart the Apache server with your new configuration.
You should now be able to navigate to www.yourdomain.com/phpmyadmin – why not go ahead and log in.
Install, update and remove packages
If you’re looking to manage your Ubuntu servers effectively, you’ll probably want to install some management software (such as Ajenti). You can do this through the Ubuntu package management system.
The package management system is a derivative of that used in Debian Linux, whereby each package will contain all of the required files, data and instructions to deploy a new piece of software to your system.
The process to install and upgrade software will vary, depending on what you’re trying to install, however the commands available to you through the Ubuntu terminal are always the same and are outlined below.
The first command is dpkg – this particular package can help you to install or remove software from your Ubuntu OS, however, it will not automatically download and install dependencies that your software many have (for example WordPress is dependent on MySQL).
This tool is therefore best used for those packages that are local to your machine.
The apt- get command works with Ubuntu’s Advanced Packaging Tool (APT) to help install and upgrade packages. You can add packages to your sources list (/etc/apt/sources.list).
Whenever you run an apt-get command, it makes a log of what you did. This can be found under /var/log/dpkg.log.
Install, remove and upgrade commands can be carried out with single-key commands through a menu driven interface (making life a little bit simpler for those of us that dislike the terminal).
To open aptitude just type ‘sudo aptitude’ into the terminal. You can exit aptitude by typing ‘q’ into the terminal.
Ubuntu is a very versatile distribution of the Linux operating system, as such you have a lot of flexibility over your network configuration. This is an area of the operating system that you can’t just pick up and understand, even with a guide like this, you’ll probably want to test your changes on a development / test environment before hitting a live site with your new skills.
I’ll keep this section light as most of the network configuration is handled by cloud hosts through a visual interface.
You can have several Ethernet interfaces configured on your server, these are identified by the naming convention ethX (x is replaced with a numeric value to help identify your connection (starting with eth0)).
Changes made using the ethtool are temporary and will be wiped on reboot. If you’d like to retain your changes, you can add the command you ran in ethtool (as a pre-up statement) to the ethernet interface configuration file, which can be found here: /etc/network/interfaces.
An example pre-up statement (taken from the official Ubuntu documentation) is shown below. This statement will permanently configure port speed to 1,000 mb/s running on full duplex mode.
pre-up /sbin/ethtool -s eth0 speed 1000 duplex full
If you’re using a cloud service such as AWS or Digital Ocean, then the likelihood is that they will cover this section for you. My instances are always created with public and private IP addresses already assigned and configured, so I’ll assume that yours are too!
The first, and most useful bit of configuration you can do is around remote administration. I mean, you can’t be sitting next to your sever all the time – imagine if it goes down at 3am! I know I would much rather get up and sit in my pyjamas at home than jump in the car and drive to my data centre.
That being said, we need to ensure that we have secure methods of administering our servers remotely.
SSH is a standard and secure method of administering servers remotely. This protocol enables you to run commands directly in the server terminal and also enables you to shift files to and from your server.
Open SSH (or equivalent) will already be installed on your Digital Ocean instances, enabling SSH – but, just incase you have your own, completely blank server, please follow the below.
Open SSH is a freely available version of SSH is OpenSSH, which provides a secure and encrypted SSH service to manage your servers. The way that OpenSSH works is it continuously listens for clients trying to connect with it. When it hears a client shouting ‘LET ME CONNECT!’ it authenticates the client and lets the user carry out their business.
Installing OpenSSH is simple:
- sudo apt-get install openssh-client
- sudo apt-get install openssh-server
Once all that is done you’ll need to edit your sshd_config file. This can be done through the terminal or it can be done by using an FTP client to download the file, make changes in notepad and upload the file to the server again – whichever option you prefer.
You don’t have to change anything, but, by leaving your SSH port as port 22, you’re giving your potential hacker something to work with – they know it’s port 22, so they know where they should start. So, let’s get that changed. Within the sshd_config file (found under /etc/ssh/), change port number from 22 to a port of your choice, e.g. 7626.
Once you’ve done that, type ‘sudo service ssh restart‘ into your terminal and then type ‘ufw allow <your chosen port number>‘.
Try to SSH through port 22 – it should be blocked.
To add security to your server, you’ll want to use SSH keys. Essentially, it provides two encrypted keys (public and private), when these keys are bought together, they authenticate and allow you access to the server. This is much more secure than a simple password as it is harder to break into your server through brute force attacks.
In order to generate your SSH keys simply type: ssh-keygen -t rsa into the terminal on your desktop. This will generate an rsa key which will be stored (by default) at ~/.ssh/id_rsa (private key) and ~/.ssh/id_rsa.pub (public key).
In order to use these keys, you’ll need to copy your id_rsa.pub to your server and append it to the existing file by entering: ssh-copy-id username@remotehost.
You can grant permissions to this file on your server by typing: chmod 600 .ssh/authorized_keys. If everything has worked as expected, you’ll now be able to remote to your server without being prompted for a password.
Puppet is a configuration management solution that enables you to define and enforce the state of your infrastructure. It can help to define every step of the infrastructure lifecycle, from provisioning machines (physical and virtual) to reporting, testing, provisioning updates and production releases.
This enables us to ensure that we have consistency, reliability and stability in our infrastructure.
There are hundreds of detailed puppet guides across the web, so I won’t go into any more detail here. The purpose of this guide is to help you understand the different components of Ubuntu and use the most important of those components, rather than being an all in one guide to everything.
Integrating Ubuntu & Windows
As you walk through most offices you’ll see a wide range of devices. You have Windows, Linux iOS and Android all within a relatively small space. Unfortunately, this means that you’ll need to configure your file and print servers to work with the Windows machines that surround your Ubuntu world.
Samba will help you to cover three main areas:
The first is file and print sharing services – this is where you’ll be sharing files, folders, volumes and printers throughout the network within the office.
Next we have directory services which shares all of the information about computers and users of a network with other directory services (like Microsoft Active Directory).
Finally, this shares authentication and access in order to apply file permissions, group policies and more.