How to Add User to Sudoers in Debian 12

The term Virtual Network Computing (VNC) refers to a system for remote access to a computer’s desktop environment. It allows users to interact with the interface, access files on storage, run applications, and modify operating system settings. A similar approach is used for managing virtual machines rented from providers like Hostman. This guide will walk you through setting up a VNC server on a VPS/VDS running Debian, with a secure connection established over SSH. For this example, we’ll use the TightVNC utility, known for its reliable performance even over low-speed connections and seamless file transfers in both directions (to and from the server). Technical Requirements Before starting, ensure you have a prepared Debian server, either in the cloud or locally. Apart from having the operating system ready, it's recommended to configure both a root user and a sudo user (the former without privileges and the latter with them). Additionally, you must allow SSH connections through the firewall. You will need the following: A machine running Windows or macOS. A pre-installed VNC client such as TightVNC, RealVNC, or UltraVNC on Windows, or Screen Sharing on macOS. Alternatively, if you are using another Linux machine, you can install a VNC client such as Vinagre, KRDC, RealVNC, or TightVNC. Installing the VNC Server and Desktop Environment By default, a Debian server doesn’t have a graphical interface for easier management, nor does it include a remote management tool. Therefore, the first step is to install both. In this example, we’ll use the Xfce desktop environment and TightVNC, both of which are available in Debian’s official repository. Update the Package List First, update the list of available packages on the host system by running: sudo apt update Install the Xfce Desktop Environment Next, install the Xfce desktop environment along with additional utilities: sudo apt install xfce4 xfce4-goodies During the installation, the system will prompt you to select a keyboard layout from the provided list. Choose the desired option and press Enter to continue. Once the installation is completed, proceed to install the VNC server. Install the TightVNC Server Use the following command to install TightVNC: sudo apt install tightvncserver After the installation, you need to configure TightVNC by setting a security password and generating configuration files where connection parameters will be stored. Initial VNC Configuration Run the following command to start configuring the VNC server: vncserver The program will prompt you to set a password for connecting to the remote system: You will require a password to access your desktops.Password:Verify: The password must be between 6 and 8 characters long. If a longer password is entered, it will be automatically truncated. Additionally, you can set up a view-only mode, where the connected user can only observe the desktop without being able to control the keyboard or mouse. This mode is useful for demonstrations. After entering both passwords, the utility will generate a configuration file: Would you like to enter a view-only password (y/n)? nxauth:  file /home/username/.Xauthority does not existNew 'X' desktop is your_hostname:1Creating default startup script /home/username/.vnc/xstartupStarting applications specified in /home/username/.vnc/xstartupLog file is /home/username/.vnc/your_hostname:1.log Configuring the VNC Server The VNC server needs to be configured so that it knows what commands to execute upon startup—for example, specifying the desktop environment to be launched when a connection is established. These startup instructions are located in the xstartup file, which resides in the .vnc subdirectory of the home directory. This file is automatically created when you launch the vncserver for the first time.  In this guide, we’ll modify the configuration to launch the Xfce graphical interface upon startup. By default, VNC communicates with remote hosts using port 5901, also known as the display port for "display 1". Additional instances can be started on ports 5902, 5903, etc. Stop the VNC Server Before configuring VNC on Debian, stop the currently running instance with the following command: vncserver -kill :1 The output will look something like this: Killing Xtightvnc process ID 17648 Backup the Original Configuration File It’s a good practice to create a backup of the original xstartup file, so you can easily revert the settings if anything goes wrong: mv ~/.vnc/xstartup ~/.vnc/xstartup.bak Create and Edit a New xstartup File Now, generate a new xstartup file and open it for editing using a text editor (in this case, nano): nano ~/.vnc/xstartup The commands you add to this file will be automatically executed when the VNC server starts or restarts. Add the following lines to launch the Xfce desktop environment: #!/bin/bashxrdb $HOME/.Xresourcesstartxfce4 & Here: The first line specifies that the script should be executed using the bash shell. The line with xrdb loads the .Xresources file, which defines terminal colors, cursor themes, font rendering, and other desktop appearance settings. The line startxfce4 & launches the Xfce graphical interface. Make the xstartup File Executable After editing the configuration file, make it executable by running: sudo chmod +x ~/.vnc/xstartup Restart the VNC Server Finally, restart the VNC server: vncserver You’ll see the following output on the screen: New 'X' desktop is your_hostname:1Starting applications specified in /home/username/.vnc/xstartupLog file is /home/username/.vnc/your_hostname:1.log Configuring the VNC Desktop By default, TightVNC establishes a connection without encryption. However, for our purposes, we require a secure tunnel using the SSH protocol. This involves creating a secure connection on the client side, which forwards data to localhost for handling by the VNC utility. You can achieve this by running the following command in the terminal (Linux or macOS): ssh -L 5901:127.0.0.1:5901 -C -N -l user your_server_ip The -L option specifies port forwarding. The default configuration uses port 5901 on both the remote and local hosts. The -C option enables compression, which reduces the size of data sent between the client and server. The -N option tells the SSH protocol that no remote commands will be executed and that it is only being used for port forwarding. The -l option specifies the username for the remote connection. In the above command, replace user with the username (typically a non-privileged root user) and your_server_ip with the actual IP address of the remote host. If you are using Windows, you can create the SSH tunnel using PuTTY, a popular SSH client with a graphical interface. In PuTTY, you need to: Enter the IP address of the remote host. Configure port forwarding by adding localhost:5901 as the new port for data redirection. Save the session settings and initiate the connection. Once you initiate the connection, the system will prompt you to enter the password you set during the initial VNC server configuration. The tunnel will only be activated after successful user authentication. Once connected, you will see the Xfce graphical interface as configured in the .Xresources file. You can finalize the desktop setup by selecting "Use default configuration" in the menu. To end the SSH session, press the key combination Ctrl+C. This will close the tunnel and terminate the remote session. Running VNC as a System Service In the final step, we will configure VNC Server as a system service on Debian, enabling you to start, stop, and restart it just like other system services. This ensures that the utility starts automatically with the server. To do this, we'll edit the configuration file /etc/systemd/system/[email protected]: sudo nano /etc/systemd/system/[email protected] The @ symbol is used as an argument to modify the service parameters. It is applied when you need to specify the display port used by the VNC utility. Add the following lines to the file (replace user, group, workingdirectory, and username with your own values): [Unit]Description=Start TightVNC server at startupAfter=syslog.target network.target[Service]Type=forkingUser=usernameGroup=usernameWorkingDirectory=/home/usernamePIDFile=/home/username/.vnc/%H:%i.pidExecStartPre=-/usr/bin/vncserver -kill :%i > /dev/null 2>&1ExecStart=/usr/bin/vncserver -depth 24 -geometry 1280x800 :%iExecStop=/usr/bin/vncserver -kill :%i[Install]WantedBy=multi-user.target The ExecStartPre command allows you to stop the VNC server if it is already running. The ExecStart command will restart the server and set the resolution to 1280x800 with 24-bit color. After editing the file, apply the changes and inform the system about the new file: sudo systemctl daemon-reload Next, enable the service: sudo systemctl enable [email protected] The 1 after the @ represents the display number where the service should be activated. It will always be "1" unless you change the default configuration, but you can specify another number if needed. Now, stop the active instance of the VNC server and start the new service: vncserver -kill :1sudo systemctl start vncserver@1 You can check if the VNC server is running with: sudo systemctl status vncserver@1 The result will look like this: [email protected] - Start TightVNC server at startup   Loaded: loaded (/etc/systemd/system/[email protected]; enabled; vendor preset: enabled)   Active: active (running) since Wed 2018-09-05 16:47:40 UTC; 3s ago  Process: 4977 ExecStart=/usr/bin/vncserver -depth 24 -geometry 1280x800 :1 (code=exited, status=0/SUCCESS)  Process: 4971 ExecStartPre=/usr/bin/vncserver -kill :1 > /dev/null 2>&1 (code=exited, status=0/SUCCESS)  Main PID: 4987 (Xtightvnc)... After these steps, the VNC server will be available after the system restarts. Now, initiate the SSH tunnel again: ssh -L 5901:127.0.0.1:5901 -C -N -l username your_server_ip This command will create a connection using the client application that forwards the connection from localhost:5901 to your local machine. Conclusion We have completed configuring and launching a secure VNC server on a Debian system. Now, you can perform all usual operations: installing and uninstalling software, configuring programs, managing files, surfing the web, etc.

Installing MySQL on Debian effectively creates a robust and flexible database (DB) infrastructure that accommodates a wide range of applications as well as services. It is renowned for its scalability, dependability, and durability. By setting it, individuals experience the operations in an efficient manner and enhance the overall efficiency of DB infrastructure. This combination is especially beneficial for administrators, DB analysts, and industries that demand a dependable database solution for dealing with huge data. Additionally, MySQL's comprehensive guide and supporters help make it simpler to troubleshoot problems and enhance operations.  In this guide, we will demonstrate the thorough procedure for installing and configuring MySQL on Debian. How to Install MySQL on Debian The default repositories do not contain the MySQL database server package on Debian. To install it on a  Linux system follow the below instructions. We will download the recent version of the MySQL. Step 1: Download MySQL Package Let us obtain the MySQL repository information package, which is in the .deb format: wget https://dev.mysql.com/get/mysql-apt-config_0.8.30-1_all.deb Note: To authenticate the most updated release, go to the MySQL repository webpage. Step 2: MySQL Configuration Package Installation Then, employ the .deb file for initializing the installation via dpkg: sudo dpkg -i mysql-apt-config_0.8.30-1_all.deb Respond to the prompt. For instance, pick MySQL Server & Cluster and hit Enter for starting configurations: For picking a version such as (mysql-8.4-lts), scroll downward and hit OK for the next step: Step 3: Refresh the System Now, update the server's package indexes to implement the updated MySQL info: sudo apt update Step 4: MySQL Installation Debian's default manager makes sure to install MySQL in an easier manner. Installing the package with this command: sudo apt install mysql-server -y You will see the interface for setting the root account. Input a stronger password to secure the database. In the end, hit the Ok button: Check the version on the server via the --version utility: mysql --version Step 5: Managing the Services Now, you can enable the MySQL service to initialize automatically at boot time: sudo systemctl enable mysql Activate the service via the systemctl utility: sudo systemctl start mysql Check if the system service is operational by viewing its status: sudo systemctl status mysql Step 6: MySQL Secure Installation The key or password that the individual created at the initialising procedure is currently protecting the root DB user on the server. MySQL also includes other insecure defaults, such as remote access to test databases and the root database user on the server.  It is vital to secure the MySQL installation after it has been completed as well as disable all unsafe default settings. There is a security script that can assist us in this procedure. Run the script: sudo mysql_secure_installation To activate the VALIDATE PASSWORD component and guarantee stringent password procedures, type Y and hit Enter. Next, you will need to configure several security settings: Set the Root Password: Select a strong password and make sure that it is correct. Configure the password policy for the DB server. For instance, type 2 to permit only the strong passwords on the server and hit Enter. When required to modify the root password, input N; alternatively, input Y to modify the password. Eliminate Anonymous Users: It is advised to eliminate the accessibility of anonymous users. For this, input Y and Enter when prompted. Prevent Accessibility of Remote Root: It is a better practice to avoid remote root login for multiple security concerns. To prevent the root user from having a remote access, input Y and hit Enter. Delete the Test DB: For enhancing security, the test database, which is utilized for testing, can be deleted. To do so, input Y and hit Enter. Refreshing Privilege Tables: It guarantees that all modifications are implemented instantly. To implement the configuration and edit the privileges table, hit Enter. Step 7: Access MySQL Utilizing the mysql client utility, MySQL establishes the connection and provides access to the database server console.  Now, access the shell interface and run general statements on the DB server. Let’s input the root and the password created at the time of the safe installation procedure: sudo mysql -u root -p Step 8: Basic MySQL Operations The creation of a DB and a new user for your applications rather than utilizing the root is a better practice. To accomplish the task, employ the given instructions: Create a Database: First, create a database. For instance, hostmandb is created via the below command: CREATE DATABASE hostmandb; Display All Databases: List all databases to make sure hostmandb is created: SHOW DATABASES; Create of a New User: Create a user and assign a strong password. In our example, we set Qwer@1234 as a password for the user  minhal. Replace these values with your data. CREATE USER 'minhal'@'localhost' IDENTIFIED BY 'Qwer@1234'; Give Permissions to the User: Give complete access to the hostmandb to the new user: GRANT ALL PRIVILEGES ON hostmandb.* TO 'minhal'@'localhost'; Flush Privileges: To implement the modifications, refresh the table: FLUSH PRIVILEGES; Exit the Shell: For closing the interface, utilize the EXIT statement: EXIT; Access MySQL Console as the Particular User For the purpose of testing hostmandb access, log in to MySQL as the new user, in our case minhal. sudo mysql -u minhal -p It accesses the console after entering the minhal user password when prompted: For verification, display all DBs and confirm that the hostmandb is available: SHOW DATABASES; Step 9: Configuration for Remote Access Setting up the server for supporting remote accessibility is necessary if an individual is required to access MySQL remotely. Follow these steps: Access the mysql.cnf file and modify the particular file for MySQL: sudo nano /etc/mysql/mysql.conf.d/mysqld.cnf Look for the line with the bind-address and change it to: bind-address = 0.0.0.0 Reload the MySQL service: sudo systemctl restart mysql Permit the user to have remote access: sudo mysql -u root -p GRANT ALL PRIVILEGES ON hostmandb.* TO 'minhal'@'localhost';FLUSH PRIVILEGES;EXIT; Step 10: Firewall Configuration If you have a firewall activated, you need to open the MySQL port 3306 to traffic. Set up the firewall following the below steps: Allow traffic through MySQL: sudo ufw allow mysql Now, activate the UFW on the system: sudo ufw enable Reload the firewall: sudo ufw reload Step 11: Restore and Backup Maintaining regular backups is crucial to avoiding data loss. The mysqldump utility is provided by MySQL for backup creation. To achieve this, consider these instructions: Backup a Single Database: This command employs mysqldump to create the backup of the hostmandb as a hostmandb_backup.sql file: sudo mysqldump -u root -p hostmandb> hostmandb_backup.sql Backup All Databases: For creating a backup of all databases as a file named all_databases_backup.sql with root privileges, utilize mysqldump: sudo mysqldump -u root -p --all-databases > all_databases_backup.sql Restore a Particular Database: Now, restore the hostmandb from the backup file hostmandb_backup.sql: sudo mysql -u root -p hostmandb < hostmandb_backup.sql Step 12: Optimize MySQL Operations (Optional) Depending on the workload and server resources, you can adjust settings to guarantee peak performance. These instructions will help you maximize MySQL's speed: Adjust InnoDB Buffer Pool Size: Caches for data and indexes are kept in the InnoDB buffer pool. Expanding its size can enhance its functionality. Edit the MySQL configuration file: sudo nano /etc/mysql/mysql.conf.d/mysqld.cnf The below line should be added or changed: innodb_buffer_pool_size = 1G Its size should be adjusted according to the amount of memory on the server. Enable Query Cache: The query cache stores the outcome of SELECT queries. Enabling it can enhance operations for repetitive queries. Modify the .cnf file: sudo nano /etc/mysql/mysql.conf.d/mysqld.cnf Add or edit the below lines: query_cache_type = 1query_cache_size = 64M Optimize Table Structure: Frequently optimize your customers table in hostmandb to recover wasted space and boost efficiency: USE hostmandb;OPTIMIZE TABLE customers; Analyze Operations: DB operations can be tracked and analyzed with tools like MySQL Workbench and mysqltuner. Using the command below, install mysqltuner: sudo apt install mysqltuner Run mysqltuner to get performance recommendations: sudo mysqltuner Conclusion Installing a MySQL environment is important in today's digital world. By following this instruction, you'll be able to safely install and connect to your MySQL database. This strategy not only increases security but also improves remote database maintenance efficiency. It helps to prevent breaches and ensures the confidentiality of your data. This article has given thorough instructions for the installation of MySQL's database environment on Debian. It is suggested that MySQL servers should be regularly monitored and optimized to guarantee optimum performance and dependability. In addition, Hostman offers pre-configured and ready-to-use cloud databases, including cloud MySQL. 

FFmpeg is a powerful multimedia framework capable of decoding, encoding, transcoding, muxing, demuxing, streaming, filtering, and playing virtually any media file format. Given its extensive utility in media processing, having the latest version of FFmpeg installed on your Debian system is essential. This guide walks through the process of installing the latest static build of FFmpeg on Debian, ensuring that you have access to the most up-to-date features and performance improvements. Prerequisites Before beginning the installation, ensure that your system meets the following requirements: A Debian-based distribution (e.g., Debian, Ubuntu) Access to a terminal with root or sudo privileges Basic understanding of the Linux command line Installing FFmpeg Downloading the Latest Static Build To get started, you need to download the latest static build of FFmpeg. This version is precompiled, making it a hassle-free option that requires no additional dependencies. 1. Open your terminal. 2. Navigate to the /usr/local/bin directory where you will store the FFmpeg binaries:   cd /usr/local/bin 3. Download the latest static build of FFmpeg using wget. You can find the latest release on the FFmpeg official website. Use the following command to download the tarball: wget https://johnvansickle.com/ffmpeg/releases/ffmpeg-release-i686-static.tar.xz Make sure to replace the URL with the latest version's link if a newer release is available. Extracting the Archive Once the download is complete, you need to extract the tarball to access the FFmpeg binaries. 1. Extract the downloaded archive using the tar command: tar -xvf ffmpeg-release-i686-static.tar.xz 2. List the contents of the extracted directory to verify that the extraction was successful: ls ffmpeg-*-static You should see the FFmpeg binary files listed in the directory. Moving FFmpeg to a System Path To make FFmpeg accessible from any location in your terminal, you need to move it to a system path. 1. Move the FFmpeg binaries to /usr/local/bin: sudo mv ffmpeg-*-static/ffmpeg /usr/local/bin/sudo mv ffmpeg-*-static/ffprobe /usr/local/bin/ 2. Grant execution permissions to the binaries: sudo chmod +x /usr/local/bin/ffmpegsudo chmod +x /usr/local/bin/ffprobe Verifying the FFmpeg Installation To confirm that FFmpeg is installed correctly and is functioning as expected, you can check its version. 1. Run the following command to verify the installation: ffmpeg -version 2. You should see an output similar to this, displaying the FFmpeg version and configuration details: If you see the FFmpeg version listed, the installation was successful. Updating FFmpeg When new versions of FFmpeg are released, it's a good practice to update your installation to benefit from the latest improvements and features. 1. Navigate to /usr/local/bin: cd /usr/local/bin 2. Remove the old FFmpeg binaries: sudo rm ffmpeg ffprobe 3. Download and extract the latest version using the steps mentioned in the "Downloading the Latest Static Build of FFmpeg" and "Extracting the Archive" sections. 4. Move the new binaries to /usr/local/bin and set the execution permissions as detailed in the "Moving FFmpeg to a System Path" section. Common Usage Examples FFmpeg is highly versatile, and there are countless ways to use it. Here are a few common examples: Converting a Video Format Convert a video from MP4 to AVI: ffmpeg -i input.mp4 output.avi Extracting Audio from a Video Extract the audio from a video file and save it as an MP3: ffmpeg -i input.mp4 -q:a 0 -map a output.mp3 Cutting a Video Segment Cut a segment from a video between the 00:01:00 and 00:02:00 marks: ffmpeg -i input.mp4 -ss 00:01:00 -to 00:02:00 -c copy output.mp4 Compressing a Video Reduce the file size of a video: ffmpeg -i input.mp4 -vcodec h264 -acodec mp2 output.mp4 Troubleshooting Common Issues FFmpeg Command Not Found If you encounter the error ffmpeg: command not found, it likely means that FFmpeg isn’t in your system’s path. Ensure that you moved the binaries to /usr/local/bin and that they have the correct execution permissions. Unsupported Codec or Format If FFmpeg returns an error regarding unsupported codecs or formats, you may need to recompile FFmpeg with additional libraries or use precompiled binaries that include the necessary support. Conclusion Installing the latest static build of FFmpeg on Debian ensures you have the most recent features and optimizations without the need for compiling from source. By following this guide, you’ve set up FFmpeg, verified its installation, and explored some common uses. With this powerful tool at your disposal, you can handle a wide range of multimedia tasks efficiently.