{"id":81055,"date":"2018-09-26T17:47:45","date_gmt":"2018-09-26T17:47:45","guid":{"rendered":"https:\/\/www.red-gate.com\/simple-talk\/?p=81055"},"modified":"2021-04-29T15:25:07","modified_gmt":"2021-04-29T15:25:07","slug":"how-to-linux-for-sql-server-dbas-part-2","status":"publish","type":"post","link":"https:\/\/www.red-gate.com\/simple-talk\/databases\/sql-server\/database-administration-sql-server\/how-to-linux-for-sql-server-dbas-part-2\/","title":{"rendered":"How to Linux for SQL Server DBAs \u2014 Part 2"},"content":{"rendered":"<p><strong>The series so far:<\/strong><\/p>\n<ol>\n<li><a href=\"https:\/\/www.red-gate.com\/simple-talk\/sql\/sql-linux\/how-to-linux-for-sql-server-dbas-part-1\/\">How to Linux for SQL Server DBAs \u2014 Part 1<\/a><\/li>\n<li><a href=\"https:\/\/www.red-gate.com\/simple-talk\/sql\/sql-linux\/how-to-linux-for-sql-server-dbas-part-2\">How to Linux for SQL Server DBAs \u2014 Part 2<\/a><\/li>\n<li><a href=\"https:\/\/www.red-gate.com\/simple-talk\/sql\/sql-linux\/how-to-linux-for-sql-server-dbas-part-3\/\">How to Linux for SQL Server DBAs \u2014 Part 3<\/a><\/li>\n<li><a href=\"https:\/\/www.red-gate.com\/simple-talk\/sql\/sql-linux\/how-to-linux-for-sql-server-dbas-part-4\/\">Navigate Linux for SQL Server DBAs<\/a><\/li>\n<\/ol>\n\n<p><a href=\"https:\/\/www.red-gate.com\/simple-talk\/sql\/sql-linux\/how-to-linux-for-sql-server-dbas-part-1\/\">Part 1<\/a> of this series covered a little history about Linux, how to set up a Docker container with Linux to utilize as a demo environment and some basic docker commands to maintain your Linux host. Part 2 is going to dig deeper into Linux to ensure you understand the power of root, logins\/users and groups to then connect all of these areas to help you understand how Linux functions differently than Windows at the user level.<\/p>\n<p>To log into a Linux host, you must have a login. That login may be root (aka God), but you must have a username and password or a certificate authenticating your access to log into the Linux host, or the authentication will fail. Each login is assigned a default group, which is similar to roles in a database. You can have more than one group assigned to a user login on the host and a default group is set by the administrator, commonly at the time of the user creation.<\/p>\n<p>A user login is created with one of two commands:<\/p>\n<ul>\n<li>adduser<\/li>\n<li>useradd<\/li>\n<\/ul>\n<p>As Linux is the descendant of decades of Unix, it\u2019s good to know the difference and the similarities of these two commands that appear to simply switch the order of the words.<\/p>\n<ol>\n<li>Both commands will create a user login.<\/li>\n<li>Only one, (adduser) will ask you to interactively create a password, add a group and other pertinent information for the user.<\/li>\n<li>Useradd will simply create a user, and all other steps must be performed separately if not added via arguments at the time of the command.<\/li>\n<li>If you need to remember which one is which, remember that the one that comes first alphabetically is the one that\u2019s interactive, requiring less manual work post the user creation.<\/li>\n<\/ol>\n<p>If you have your Docker container set up, work with these commands and see the difference between them. No, you might not have to do this in real life, but then again, how many SQL DBAs have a Linux administrator on staff to set up a box properly? How many of you may be the ones to help your Windows administrator set up a Linux box properly to support your new SQL Server environment? It\u2019s worth it to know how.<\/p>\n<p>Start by opening a Command Prompt, (or you can do this from Putty or PowerShell Interface. These steps won\u2019t be impacted like the build of the Docker container covered in the last article.)<\/p>\n<p>Now it may have been a while since you worked with your docker container. You\u2019ll need to check on the status of your container first and if it\u2019s <em>Exited<\/em>, then start it:<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" width=\"2784\" height=\"723\" class=\"wp-image-81056\" src=\"https:\/\/www.red-gate.com\/simple-talk\/wp-content\/uploads\/2018\/09\/word-image-255.png\" \/><\/p>\n<p>The command to check your container status is:<\/p>\n<pre class=\"lang:ps theme:powershell-ise\">docker ps -a<\/pre>\n<p>Note the name of your container under the <em>NAMES<\/em> column. In the example above, my container is named \u2018kellyn.\u2019<\/p>\n<p>You can start your container with the following command:<\/p>\n<pre class=\"lang:ps theme:powershell-ise\">docker start &lt;container name&gt;<\/pre>\n<p>Then check the status again- you should see in the status that it is <em>Up<\/em> and how long it\u2019s been in that status.<\/p>\n<h2>Log into Your Container<\/h2>\n<p>A simple command gets you logged into your container and at the command line:<\/p>\n<pre class=\"lang:ps theme:powershell-ise\">docker exec -it &lt;container name&gt; \"&lt;shell choice&gt;\"<\/pre>\n<p>Using my own docker container, I can offer an example:<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" width=\"1511\" height=\"161\" class=\"wp-image-81057\" src=\"https:\/\/www.red-gate.com\/simple-talk\/wp-content\/uploads\/2018\/09\/word-image-256.png\" \/><\/p>\n<p>What you see to the left of the prompt, (#) is the <code>&lt;user&gt;@&lt;container identifier&gt;<\/code>. This isn\u2019t a standard configuration for a command prompt, but it is one I prefer and find helpful when working with multiple hosts in an environment.<\/p>\n<p>Notice that no password is requested to log into your container. It may alarm you that you\u2019re able to do this, but the docker <code>exec<\/code> command used the <code>-it<\/code> argument. This is a request to keep the standard input open and interactive and the docker container you created as root. All other users would require a password, and only you can do this.<\/p>\n<p>We\u2019ll begin with a few navigation commands to help familiarize ourselves with Linux navigation and basic commands:<\/p>\n<table>\n<tbody>\n<tr>\n<td>\n<p>Command<\/p>\n<\/td>\n<td>\n<p>What it Does<\/p>\n<\/td>\n<td>\n<p>Warnings or Hints<\/p>\n<\/td>\n<\/tr>\n<tr>\n<td>\n<p>whoami<\/p>\n<\/td>\n<td>\n<p>Tells you who you are logged in as<\/p>\n<\/td>\n<td>\n<p>If you\u2019re switched users, it will show you the user you ARE currently.<\/p>\n<\/td>\n<\/tr>\n<tr>\n<td>\n<p>pwd<\/p>\n<\/td>\n<td>\n<p>Directory path you currently are in<\/p>\n<\/td>\n<td>\n<p>No, it\u2019s not for password. No, don\u2019t attempt to make an alias to try to make it a password. Bad idea.<\/p>\n<\/td>\n<\/tr>\n<tr>\n<td>\n<p>df -h<\/p>\n<\/td>\n<td>\n<p>File system, directory and storage information in appropriate size format<\/p>\n<\/td>\n<td>\n<p>You can perform this same command with a -k instead of the -h if you like really big numbers to calculate from kilobytes.<\/p>\n<\/td>\n<\/tr>\n<tr>\n<td>\n<p>ls<\/p>\n<p>ls -la<\/p>\n<p>ls -ltr<\/p>\n<\/td>\n<td>\n<p>To list<\/p>\n<p>To list all, including permissions<\/p>\n<p>To list all, most recent last<\/p>\n<\/td>\n<td>\n<p>Notice the differences in these commands and what DOESN\u2019T show up when you don\u2019t add the -a argument.<\/p>\n<\/td>\n<\/tr>\n<tr>\n<td>\n<p>cd &lt;directory&gt;<\/p>\n<p>cd ..<\/p>\n<p>cd<\/p>\n<\/td>\n<td>\n<p>Change directory<\/p>\n<p>Change directory one dir up<\/p>\n<p>Change directory to home dir<\/p>\n<\/td>\n<td>\n<p>cd to \/var\/tmp, then perform the next two and see how the location changes. Note that there is a space between cd and the two dots<\/p>\n<\/td>\n<\/tr>\n<tr>\n<td>\n<p>Profile or bash.rc file<\/p>\n<\/td>\n<td>\n<p>Run commands at login to set environment variables and settings.<\/p>\n<\/td>\n<td>\n<p>.bash_rc is default with .profile called secondary by the .bash_rc to perform specific settings for aliases, environment variables, and links. Best practice is to use a .profile with any additions and add that to the .bash_rc file. Home for this file is \/home\/&lt;user&gt;<\/p>\n<\/td>\n<\/tr>\n<tr>\n<td>\n<p>id &lt;user&gt;<\/p>\n<\/td>\n<td>\n<p>User login information<\/p>\n<\/td>\n<td>\n<p>Tells basic information about a user on the Linux host. Without the &lt;user&gt; argument, it returns information about the current user<\/p>\n<\/td>\n<\/tr>\n<tr>\n<td>\n<p>ps<\/p>\n<p>ps -ef<\/p>\n<\/td>\n<td>\n<p>Process information<\/p>\n<\/td>\n<td>\n<p>Utility to report on processes running on a Linux host.<\/p>\n<\/td>\n<\/tr>\n<tr>\n<td>\n<p>\/etc<\/p>\n<\/td>\n<td>\n<p>Directory containing configuration and system files<\/p>\n<\/td>\n<td>\n<p>The common user would not have access to the files in this directory, and many files are protected from a DBA from even reading and most likely writing to the files. Any files owned by the database software would be given rights to the dba group.<\/p>\n<\/td>\n<\/tr>\n<tr>\n<td>\n<p>su<\/p>\n<p>sudo<\/p>\n<\/td>\n<td>\n<p>Switch user<\/p>\n<p>Switch user domain owner<\/p>\n<\/td>\n<td>\n<p>One is a command to switch to another user. The second is a command placed in front of a second command that asks that command to be run with root privileges, similar to running \u201cas administrator\u201d in Windows.<\/p>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<h2>Creating Users<\/h2>\n<p>Create a user, named <em>jdoe1<\/em> for John Doe with the <code>useradd<\/code> command and <em>jdoe2<\/em> for Jane Doe with the <code>adduser<\/code> command.<\/p>\n<pre class=\"lang:ps theme:powershell-ise\">useradd jdoe1\r\nadduser jdoe2<\/pre>\n<p><img loading=\"lazy\" decoding=\"async\" width=\"1456\" height=\"956\" class=\"wp-image-81058\" src=\"https:\/\/www.red-gate.com\/simple-talk\/wp-content\/uploads\/2018\/09\/word-image-257.png\" \/><\/p>\n<p>Note the difference with the <code>useradd<\/code> command for John\u2019s user, <em>jdoe1<\/em>. After typing in the username, it\u2019s complete. No request for a password or additional information.<\/p>\n<p>For the <code>adduser<\/code> command for Jane\u2019s user, jdoe2, I was asked for a password, to confirm the password and additional information about the user. You can use the <code>id<\/code> command to view the user:<\/p>\n<pre class=\"lang:ps theme:powershell-ise\">id jdoe1\r\nid jdoe2<\/pre>\n<p><img loading=\"lazy\" decoding=\"async\" width=\"1243\" height=\"201\" class=\"wp-image-81059\" src=\"https:\/\/www.red-gate.com\/simple-talk\/wp-content\/uploads\/2018\/09\/word-image-258.png\" \/><\/p>\n<p>Notice that the user logins look the same and note that they\u2019ve been assigned a group that is the same as their login.<\/p>\n<p>Inspect the difference with passwords. For this, you\u2019re going to \u2018pipe\u2019 two commands together. The first is <code>cat<\/code>, (concatenate) and the second is <code>grep<\/code>, which allows you to filter information from the first data captured from the file we\u2019ll pass to it. You\u2019re going to use the password file and return only the rows that have information about user logins and passwords that have <em>jdoe<\/em> in them:<\/p>\n<pre class=\"lang:ps theme:powershell-ise\">cat \/etc\/passwd | grep jdoe<\/pre>\n<p><img loading=\"lazy\" decoding=\"async\" width=\"1455\" height=\"156\" class=\"wp-image-81060\" src=\"https:\/\/www.red-gate.com\/simple-talk\/wp-content\/uploads\/2018\/09\/word-image-259.png\" \/><\/p>\n<p>Notice that <em>jdoe1 <\/em>is missing user name information, phone number, a shell, etc. The directory <em>\/home\/&lt;user name&gt;<\/em> is the user\u2019s home directory assignment. This is their directory that includes their login settings, (aka bash profile or run commands) and often the location where they will save their personal files. Could the <code>adduser<\/code> and <code>useradd<\/code> commands create the same output results? Yes, but it would have taken numerous arguments and information at the command line vs. interactively. If you\u2019re curious to find out more, refer to the following <a href=\"http:\/\/www.tutorialspoint.com\/unix_commands\/adduser.htm\">link<\/a>.<\/p>\n<p>As you can see, <em>jdoe1<\/em> is incomplete, and you\u2019ll need to assign much of his full profile manually.<\/p>\n<h2>Setting a Password<\/h2>\n<p><em>Jdoe1<\/em> will require a password, and the following command works as root to either set a password or update a password for any user:<\/p>\n<p>passwd &lt;user&gt;<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-81061\" src=\"https:\/\/www.red-gate.com\/simple-talk\/wp-content\/uploads\/2018\/09\/word-image-260.png\" width=\"585\" height=\"133\" \/><\/p>\n<p>The password for the <em>jdoe1<\/em> user is now set, and they could successfully login. It may be alright to simply set these users to having groups the same as their login, but traditionally, there will be a group, (i.e., role in the database world) that each user will be allocated to.<\/p>\n<h2>Creating and Setting a Group<\/h2>\n<p>To create a group, use the <code>groupadd<\/code> command. After creating groups, you can then assign privileges to files and directories to this group, which will then be assigned to users. It\u2019s really not that different than roles in a database.<\/p>\n<pre class=\"lang:ps theme:powershell-ise\">groupadd &lt;group name&gt;<\/pre>\n<p>Add two groups, one for the database owners and database, called <em>sqlinstall<\/em> and a second called <em>devgroup<\/em> for developers working on this \u2018development box.\u2019<\/p>\n<pre class=\"lang:ps theme:powershell-ise\">groupadd sqlinstall\r\ngroupadd devgroup<\/pre>\n<p>You will then need to modify the user to assign a group to them with the <code>usermod<\/code> command with the <code>-a<\/code>, (add) and <code>-G<\/code>, (group) arguments:<\/p>\n<pre class=\"lang:ps theme:powershell-ise\">usermod -a -G &lt;group name&gt; &lt;user name&gt;<\/pre>\n<p>Assign <em>jdoe1<\/em> to the dba group, (<em>sqlinstall<\/em>) and <em>jdoe2<\/em> to the developer group, (<em>devgroup<\/em>).<\/p>\n<pre class=\"lang:ps theme:powershell-ise\">usermod -a -G sqlinstall jdoe1\r\nusermod -a -G devgroup jdoe2<\/pre>\n<p><img loading=\"lazy\" decoding=\"async\" width=\"1284\" height=\"209\" class=\"wp-image-81062\" src=\"https:\/\/www.red-gate.com\/simple-talk\/wp-content\/uploads\/2018\/09\/word-image-261.png\" \/><\/p>\n<p>How do the users look now that their groups have been updated? Run the id command to find out.<\/p>\n<pre class=\"lang:ps theme:powershell-ise\">id jdoe2\r\nid jdoe1<\/pre>\n<p><img loading=\"lazy\" decoding=\"async\" width=\"1665\" height=\"206\" class=\"wp-image-81063\" src=\"https:\/\/www.red-gate.com\/simple-talk\/wp-content\/uploads\/2018\/09\/word-image-262.png\" \/><\/p>\n<p>You can now see the groups have been added, but what if you didn\u2019t want the users to have groups with their name and what if you wanted the <em>devgroup<\/em> and <em>sqlinstall<\/em> groups to be their primary groups? You\u2019ll then need to modify the user and add the group to the user configuration:<\/p>\n<pre class=\"lang:ps theme:powershell-ise\">usermod -g devgroup jdoe2\r\nusermod -g sqlinstall jdoe1<\/pre>\n<p>Inspect the user with the <code>id<\/code> utility again:<\/p>\n<pre class=\"lang:ps theme:powershell-ise\">id jdoe2<\/pre>\n<p><img loading=\"lazy\" decoding=\"async\" width=\"1336\" height=\"159\" class=\"wp-image-81064\" src=\"https:\/\/www.red-gate.com\/simple-talk\/wp-content\/uploads\/2018\/09\/word-image-263.png\" \/><\/p>\n<p>Now the user shows as only having the <em>devgroup<\/em> as the primary and the <em>devgroup<\/em> ID assigned to it. If you wanted to add more groups to this user, just as you saw previously, you could do that, but now the user\u2019s login is set up as a proper manager of the database installation, (<em>sqlinstall<\/em>) as <em>jdoe1. <\/em>And <em>jdoe2<\/em> is in the development group, (<em>devgroup<\/em>).<\/p>\n<p>One thing you may be asking yourself is about the identifiers assigned to each user and group. The Linux kernel identifies not by name, but by ID. The Root user is ALWAYS 0. All users added after that are added from 1001 on, but as an Oracle DBA, it\u2019s standard to have Oracle as 503 with the <em>orainstall<\/em> group being 504 in most organizations. Why is this? It was around 2006 that Oracle became a standard in the Unix world, and it became common for the creation to be the third login, fourth login for the group created at a time that it started with 501. As new systems were added, and legacy systems were still in place, it became a common UID to see for Oracle. The reason for keeping it the same across hosts is each host recognizes the synchronized login as the same user by the identifier. Using the same <code>usermod<\/code> command you used earlier, the UID can be updated for a user, and the <code>groupadd<\/code> command can do the same to synchronize the groups to ensure this is consistent across a network that may require it. This may be valuable to know as MSSQL logins are created to own SQL Server software across hosts on a network and need to identify the user as the same login for remote access, etc.<\/p>\n<h2>Being God Isn\u2019t Good<\/h2>\n<p>Let\u2019s begin with discussing WHY it\u2019s not a good idea to be root on a Linux host unless absolutely necessary to perform a specific task. Ask any DBA for DB Owner or SA privileges, and you will most likely receive an absolute \u201cNo\u201d for the response. DBAs need to have the same respect for the host their database runs on. Windows hosts have significantly hardened user security by introducing enhancements and unique application users to enforce similar standards at the enterprise server level, and Linux has always been this way. To be perfectly blunt, the Docker image with SQL Server running as root is a choice that shows lacking investigation to what privileges are REQUIRED to run, manage and support an enterprise database. This is not how we\u2019d want to implement it for customer use.<\/p>\n<p>Unlike a Windows OS, the Linux kernel is exposed to the OS layer. There isn\u2019t a registry that requires a reboot or has a safety mechanism to refuse deletion or write to files secured by the registry or library files. Linux ASSUMED if you are root or if you have permissions to a file\/directory, you KNOW what you\u2019re doing. Due to this, it\u2019s even more important to have the least amount of privileges to perform any task required.<\/p>\n<p>Proper deployment would have a unique MSSQL Linux login owning the SQL Server installation and a <em>DBAGroup<\/em> as the group vs. the current configuration of ROOT:ROOT owning everything. With all the enhancements to security, this is one area that as DBAs, we should request to have adhered to. Our databases should run as a unique user owning the bin files and database processes.<\/p>\n<p>Processes running as root aren\u2019t logged or audited the same way as it would be if you used commands to switch over or ran with the <code>SUDO<\/code>, (switch user domain owner) command. All users logging into a Linux host should have their own login and then switch user (<code>su<\/code>) over so that it is a fully logged and audited step in the system log files. As you further enhance your environment design, you should then consider utilizing more advanced features, such as stick bit, iptables, SGID and advance group creation and allocation whenever required.<\/p>\n<h2>Never as Root<\/h2>\n<p>If you\u2019re still unsure why this is such a sticking point, consider the following example to assist in demonstrating the risks. With the SQL Server and all support files owned by root, our example will load data via Excel spreadsheets as part of the workload. A hacker has discovered this and builds malware to attach to the Excel spreadsheet, and as the files are owned by the same owner as SQL Server, the malware is able to take advantage of the vulnerability, and subsequently running scripts on the host as root. If SQL Server had been installed as the OS user MSSQL, with limited privileges and proper group affiliation, this type of attack would be isolated, and impact lessened, along with clear logging of who\/what\/when of the attack.<\/p>\n<p>Linux administrators will consistently demand you justify why you need to run anything as root.\u00a0 No matter if it\u2019s access to update files, run scripts, modify applications or execute system tasks to any directory or non-owned location on the host. By having a proper user\/group configuration, your database server will:<\/p>\n<ol>\n<li>have the ability to track via an audit who has switched over to any user or to super user.<\/li>\n<li>be more likely to eliminate human mistakes by executing catastrophic commands, often unintentionally.<\/li>\n<li>simplify identifying what processes are part of an application stack<\/li>\n<li>provide a second layer of security that could save the company from becoming the next security breach.<\/li>\n<li>limit the amount of data the application\/any user is privy to on the host.<\/li>\n<\/ol>\n<p>Create a proper <strong>MSSQL<\/strong> OS User on Linux and create a<strong> DBA<\/strong> and <strong>SQLINSTALL<\/strong> group.\u00a0 As Microsoft matures its SQL Server offering on Linux, features are going to increase and be enhanced.\u00a0 Microsoft will embrace mature practices, so get ahead of the game and start now, building proper security from the beginning.<\/p>\n<h2>Connecting to SQL Server<\/h2>\n<p>For our last step, we\u2019ll learn how to log into the SQL Server on our container. The assumption is that you\u2019re connected to the container at the command line, and you\u2019re at the command prompt, (<em>username@hostname#<\/em>). The environment isn\u2019t set up as optimally as we\u2019d like yet, so we\u2019ll need to use the full path to the SQLCMD tool to log into SQL Server. To do so, type in the following command:<\/p>\n<pre class=\"lang:ps theme:powershell-ise\">&lt;path to sql command&gt; -S localhost -U &lt;Username&gt; -P '&lt;password&gt;'<\/pre>\n<p>As an example:<\/p>\n<pre class=\"lang:ps theme:powershell-ise\">\/opt\/mssql-tools\/bin\/sqlcmd -S localhost -U SA -P 'T3st1ng!'<\/pre>\n<p>If you\u2019re thinking to yourself, \u201cI don\u2019t remember setting a password!\u201d look back on your command that you used to create your container with. There was an argument for <code>MSSQL_SA_PASSWORD=<\/code>. The value for this argument is your password that was set for the SA login for your SQL Server. If you need to reset the password to a new password or to one that meets requirements for the SA password, then use the following command:<\/p>\n<pre class=\"lang:ps theme:powershell-ise\">opt\/mssql-tools\/bin\/sqlcmd -S localhost -U SA -P \"&lt;old password&gt;\" -Q \"ALTER LOGIN SA WITH PASSWORD='&lt;NewPassword&gt;'\"<\/pre>\n<p>There is a second way to log into the container, including from a remote location, (if the container has been configured to allow remote connections) through the following command, which again, should look familiar, but with just a few differences when concerning a container environment:<\/p>\n<pre class=\"lang:ps theme:powershell-ise\">&lt;path to sql command&gt; -S &lt;ip address,port&gt; -U &lt;username&gt; -P  '&lt;password&gt; '<\/pre>\n<p>Capture the IP Address for your container with the following command:<\/p>\n<pre class=\"lang:ps theme:powershell-ise\">ifconfig -a | grep inet<\/pre>\n<p>Once you have the container IP address, connect to your own container, using the following example as a guide:<\/p>\n<pre class=\"lang:ps theme:powershell-ise\">opt\/mssql-tools\/bin\/sqlcmd -S 172.17.0.5,1433 -U SA -P 'T3st1ng!'<\/pre>\n<p>Notice that there is a \u2018,\u2019 between the host IP and the port for the SQL Server. That\u2019s the only change required and everything else is the same. You should see the <em>1&gt;<\/em> prompt, prepared for you to execute SQL. To verify, type in the following statement to check the SQL Server version:<\/p>\n<pre class=\"lang:ps theme:powershell-ise\">1&gt; select @@version\r\n2&gt; go<\/pre>\n<p>You should see the following output or similar, (if you have a different version for your image):<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" width=\"2000\" height=\"764\" class=\"wp-image-81065\" src=\"https:\/\/www.red-gate.com\/simple-talk\/wp-content\/uploads\/2018\/09\/word-image-264.png\" \/><\/p>\n<h2>Conclusion<\/h2>\n<p>Congratulations &#8212; in the previous two articles, you\u2019ve successfully built out, updated, maintained and set up logins on your SQL Server environment. All these steps are important as you build out your foundation of knowledge by working with SQL Server on Linux. As a database administrator, you should continue to practice what we\u2019ve covered to build your comfort level with the operating system. Part II ended with how to log into the SQL Server from the command prompt so you may explore the database you already know and love, experiencing it on this new platform. In part III, you\u2019ll be ready to move onto files, navigation, and permissions, an important aspect to knowing the Linux environment.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>SQL Server DBAs are typically quite familiar with security and best practices in Windows but may not understand how security works in Linux. In this article, Kellyn Pot&#8217;Vin-Gorman demonstrates how to manage user accounts in Linux and why working while logged in as root is a bad idea.&hellip;<\/p>\n","protected":false},"author":316206,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[143527,53],"tags":[95506],"coauthors":[48576],"class_list":["post-81055","post","type-post","status-publish","format-standard","hentry","category-database-administration-sql-server","category-featured","tag-automate"],"acf":[],"_links":{"self":[{"href":"https:\/\/www.red-gate.com\/simple-talk\/wp-json\/wp\/v2\/posts\/81055","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.red-gate.com\/simple-talk\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.red-gate.com\/simple-talk\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.red-gate.com\/simple-talk\/wp-json\/wp\/v2\/users\/316206"}],"replies":[{"embeddable":true,"href":"https:\/\/www.red-gate.com\/simple-talk\/wp-json\/wp\/v2\/comments?post=81055"}],"version-history":[{"count":5,"href":"https:\/\/www.red-gate.com\/simple-talk\/wp-json\/wp\/v2\/posts\/81055\/revisions"}],"predecessor-version":[{"id":81067,"href":"https:\/\/www.red-gate.com\/simple-talk\/wp-json\/wp\/v2\/posts\/81055\/revisions\/81067"}],"wp:attachment":[{"href":"https:\/\/www.red-gate.com\/simple-talk\/wp-json\/wp\/v2\/media?parent=81055"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.red-gate.com\/simple-talk\/wp-json\/wp\/v2\/categories?post=81055"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.red-gate.com\/simple-talk\/wp-json\/wp\/v2\/tags?post=81055"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.red-gate.com\/simple-talk\/wp-json\/wp\/v2\/coauthors?post=81055"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}