1 / 75

System Administration

System Administration. What is System Administration?. Managing the whole system User accounts Backup Security etc. Services Configuring Starting Stopping. Users and security. Root and su. root Account used by system admin Note: passwd works more leniently for root

crevan
Download Presentation

System Administration

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. System Administration

  2. What is System Administration? • Managing the whole system • User accounts • Backup • Security • etc. • Services • Configuring • Starting • Stopping

  3. Users and security

  4. Root and su • root • Account used by system admin • Note: passwd works more leniently for root • Use extreme caution to guard root's PW • Sometimes called the superuser • Only account with 0 as the user-id • # grep "^root" /etc/passwdroot:x:0:0:root:/root:/bin/bash • PATH usually has /sbin or /usr/sbin • # echo $PATH • /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin • Note: sbin contains most admin commands

  5. Root and su • su • Switch Users • Syntax • su [-] user-id • if user-id is not specified root is assumed • the optional – assumes the id's environment • Omit – if want to keep current environment • Runs in a separate sub-shell • Use <ctrl>-d or exit to terminate

  6. Admin privileges • root has great powers • Change contents and attributes of any file • Delete any file or directory • even if write protected • Start or kill any process • Change any user's password • Set the system clock • Send message to all users with wall • Limit file size • Control access to certain services • at and cron • FTP, SSH, etc.

  7. User management • Users • useradd • low level • adduser • "friendlier" • Groups • groupadd • Low level • addgroup • "friendlier"

  8. passwd and shadow files Enrty in passwd file: tkombol:x:1001:1001:tkombol,,,,:/home/tkombol:/bin/bash User Name Login Shell or script to run Numeric UID Comment field Home Directory Password: x means using encrypted pw, look in shadow file Numeric GID Entry in shadow file: ajkombol:$6$HDwv268pQ/O4 … uMm80Cs/:15347:0:99999:7::: User Name Encrypted password

  9. Maintaining security • In general only the administrator should have access to the system directories: • /bin, /usr/bin, /etc, /sbin, etc. • Security Measures: • Restricted Shell • Set-User-Id (SUID) • Set-Group-Id (SGID • Sticky Bit

  10. Restricted Shell • Some user accounts to use a special restricted shell • Restrictions: • cannot use cd • cannot change their PATH • cannot redefine the SHELL • cannot use a path containing a / •  cannot run a program outside the PWD • Cannot use > or >> to create or append to file • rsh • do not confuse with the remote shell rsh • newer systems have other versions • e.g. rbash and rksh

  11. Special attributes • SUID, SGID and sticky bit • Allows temporary permissions

  12. SUID • Set-User-Id • Lets common users update certain sensitive files • Usually executables • Gives that user the same privileges as the owner • Can be set only by superuser • chmodu+s filename • chmod 4755 filename • the 4 sets the SUID property • Denoted by the letter s in the owner's execute position

  13. SUID • Example: • passwd is a "dangerous" program • Changes the password for a user • Not everyone should have the power to change PWs • Superuser (root) must have the power  • passwd should be owner by root • Users should be able to change their own PW • SUID allows for this

  14. SGID • Same is true for Groups if SGID is set • Set only by superuser • chmodg+s filename • chmod 2755 filename

  15. Sticky Bit • Usually used for directories •  files cannot be deleted in the directory by non owners • even if it has directory write permissions • For files: •  image is kept loaded in memory for quick execution • Set only by superuser • chmodx+t filename • chmod 1755 file name

  16. Booting and Shutdown

  17. run-level review • System dependent run levels: • 0 • shutdown • 1 • system admin mode (local file systems) • 2 • Multiuser (NFS not available) • 3 • Full multiuser • 5 • GUI mode in Linux • 6 • shutdown and reboot • s or S • single user mode (file system mounted)) • Note: • the run levels may vary between distributions

  18. booting • When system powered on: • checks for peripherals • does a set of steps to load kernel • kernel spins off the first progam: init • init maintains the complete system • init is the parent of all daemons • init spawns getty for all terminals • init starts at level 1 or s • before switching to final mode (2-5)

  19. shutdown • When the system is ready to be turned off: • Sends signals to all running processes • So they may terminate normally • Logs off all users • Kill their remaining processes • Unmounts all secondary storage • Invokes sync • writes all data in memory to disk • preserves integrity of file system • Notifies users to switch off • or moves system to single user mode

  20. Init Details • instructions in a file: /etc/inittab • each line has a 4 field instruction: • label:run_levels:action:command # cat inittab # /etc/inittab: init(8) configuration. # The default runlevel. id:2:initdefault: si::sysinit:/etc/init.d/rcS # What to do in single-user mode. ~~:S:wait:/sbin/sulogin … # /etc/init.d executes the S and K scripts upon change of runlevel. # Runlevel 0 is halt. # Runlevel 1 is single-user. # Runlevels 2-5 are multi-user. # Runlevel 6 is reboot. l0:0:wait:/etc/init.d/rc 0 l1:1:wait:/etc/init.d/rc 1 l2:2:wait:/etc/init.d/rc 2 … # What to do when the power fails/returns. pf::powerwait:/etc/init.d/powerfail start pn::powerfailnow:/etc/init.d/powerfail now po::powerokwait:/etc/init.d/powerfail stop … 1:2345:respawn:/sbin/getty 38400 tty1 2:23:respawn:/sbin/getty 38400 tty2

  21. init actions • There are many, here are the big ones: • sysinit • used to initialize • do checks at this time: • file systems ok • activate swap partitions • etc. • respawn • make sure process is restarted on termination • e.g. when someone logs off a terminal • boot • executes only when the inittab is read the first time • init ignores any run levels placed here • off • kills a process if it is running • ctrlaltdel • executes shutdown (linux only)

  22. in the beginning… • init forks getty • more than 1 getty can be forked • init goes dormant • getty (get tty) • waits for user to login • starts login (exec) • login • user logs in • shell is started (exec) • shell • user works under the shell • when user logs out • shell is killed • init is notified • init wakes • init spawns another getty • repeat …

  23. rc scripts • Directories labeled • rco.d, rc1.d, … rc6.d, rcS.d • Debian • Similar names in other distros • Number in the name matches the runlevel of the system • When the run level changes the scripts in the directory for that run level are run • In alphabetic order

  24. rc scripts • The script names • Begin with a K or S • Kill or Start • Followed by a two digit number • Followed by characters • Usually a name that indicates the script function • K's go first to remove any improper programs from a previous run level • S's follow to start the programs appropriate for this run level

  25. rc scripts • Example for run level one on a Debian system # cd /etc/rc1.d # ls K01alsa-utils K01krb5-admin-server K01squid K06nfs-common K01anacron K01metasploit K01tomcat6 K06portmap K01apache2 K01nfs-kernel-server K01winbind README K01atd K01openbsd-inetd K02avahi-daemon S01killprocs K01bluetooth K01openvpn K02cups S06bootlogs K01exim4 K01proftpd K02krb5-kdc S07single K01gdm3 K01samba K02mysql K01hal K01saned K02postgresql K01kerneloops K01smartmontools K04rsyslog #

  26. rc scripts • Example for run level five on a Debian system # cd /etc/rc5.d/ # ls README S04cron S04rsync S05krb5-admin-server S01binfmt-support S04dbus S04smartmontools S06bootlogs S01fancontrol S04kerneloops S04squid S06cups S01rsyslog S04krb5-kdc S04ssh S06saned S01sudo S04loadcpufreq S04winbind S07samba S01tomcat6 S04metasploit S05avahi-daemon S14portmap S02openvpn S04mysql S05bluetooth S15nfs-common S03apache2 S04ntp S05cpufrequtils S16nfs-kernel-server S04acpid S04openbsd-inetd S05exim4 S17rc.local S04anacron S04postgresql S05gdm3 S17rmnologin S04atd S04proftpd S05hal S17stop-bootlogd #

  27. Device Files

  28. Device Files • In Linux everything is a file • This includes devices • /dev • directory that "lists" the devices • entries are not literal files • a device file contains no data • reference to a program (device driver) to read or write that device • permissions are analogous to those for files

  29. Device files • Block or Character • Devices can read/write data as "chunks" • Blocks • Usually buffered in memory before used or written • Devices can read/write data in "streams" • Character • read or write one character (byte) at a time • Usually a device works in one mode or the other • Some devices can work in either mode

  30. Device Files: General rule • Storage devices like discs (hard, optical) work in block (b) mode • Devices like terminals, tape drives and printers work in character (c) mode

  31. Device Files: Sample Listing ls /dev total 0 crw-rw---- 1 root video 10, 175 2013-01-16 18:18 agpgart crw-rw---- 1 root audio 14, 4 2013-01-16 18:18 audio lrwxrwxrwx 1 root root 3 2013-01-16 18:18 cdrom -> hdc lrwxrwxrwx 1 root root 3 2013-01-16 18:18 cdrw -> hdc lrwxrwxrwx 1 root root 3 2013-01-16 18:18 cdrw1 -> hdd drwxr-xr-x 2 root root 2780 2013-04-02 16:25 char lrwxrwxrwx 1 root root 3 2013-01-16 18:18 dvd -> hdc brw-rw---- 1 root disk 3, 0 2013-01-16 18:18 hda brw-rw---- 1 root disk 3, 1 2013-01-16 18:20 hda1 brw-rw---- 1 root cdrom 22, 0 2013-01-16 18:18 hdc brw-rw---- 1 root cdrom 22, 64 2013-01-16 18:18 hdd crw-rw-rw- 1 root root 1, 3 2013-01-16 18:18 null lrwxrwxrwx 1 root root 15 2013-01-16 18:18 stderr -> /proc/self/fd/2 lrwxrwxrwx 1 root root 15 2013-01-16 18:18 stdin -> /proc/self/fd/0 lrwxrwxrwx 1 root root 15 2013-01-16 18:18 stdout -> /proc/self/fd/1 crw-rw-rw- 1 root root 5, 0 2013-04-03 14:43 tty crw-rw---- 1 root root 4, 0 2013-01-16 18:18 tty0 crw------- 1 tkombol tty 4, 1 2013-04-03 15:08 tty1 crw-rw---- 1 root dialout 4, 64 2013-02-18 17:06 ttyS0 crw-rw---- 1 root dialout 4, 65 2013-01-16 18:18 ttyS1 crw-rw---- 1 root root 252, 1 2013-01-16 18:18 usbdev1.1_ep00 crw-rw---- 1 root root 252, 0 2013-01-16 18:18 usbdev1.1_ep81

  32. File Systems

  33. File systems • Directory structure with its own root • Disk can be divided into multiple file systems • Separates data • Corruption in one file system will not affect another • Each file system can be backed up independently

  34. File Systems • Components • boot block • boot program • partition table • superblock • global info on file system • OS keeps a copy in memory • inode blocks • keeps track of every disk block • data blocks • all the data

  35. Unix/Linux File Systems • Types • s5 • ufs • ext2, ext3 and ext4 • Current linux systems • iso9660 or hsfs • cd rom file system • msdos or pcfs • original floppy for DOS • swap • bfs • proc or procfs

  36. File Systems • Mounting • A directory in one filesystem which contains another file system is a mount point • Classical mount points • /dev/fd • floppy disk • fd0 • first floppy drive • /dev/hda • first ide drive • hda1 • a partition in hda • /dev/hdb • second ide drive • /dev/sda • first scsi drive • also used for pata/sata drives • /dev/ttyS0 • a serial port

  37. File systems • mount points may be different on various distros • My Debian at home and one at work have different dev names for the same function

  38. File Systems • Notes • Can mount multiple drive blocks to make one larger file system • Combine partitions, drives • LVM • Logical Volume Manager

  39. File Systems • Mounting • assign file blocks to a directory name • Unmounting • removes the mount • fstab • lists all available disks and partitions • where they should be mounted and how • can be used by mount

  40. mounting • mount [opts] devnamedirname • must know device name • dirname must exist • it should be empty • permissions set to at least 755 • 777 works but is less secure • some may be predefined • Notes: • mount • no option lists all current mounts • fdisk –l • will list available hard drives

  41. mount example # mount /dev/hda1 on / type ext3 (rw,errors=remount-ro) tmpfs on /lib/init/rw type tmpfs (rw,nosuid,mode=0755) proc on /proc type proc (rw,noexec,nosuid,nodev) sysfs on /sys type sysfs (rw,noexec,nosuid,nodev) procbususb on /proc/bus/usb type usbfs (rw) udev on /dev type tmpfs (rw,mode=0755) tmpfs on /dev/shm type tmpfs (rw,nosuid,nodev) devpts on /dev/pts type devpts (rw,noexec,nosuid,gid=5,mode=620) rpc_pipefs on /var/lib/nfs/rpc_pipefs type rpc_pipefs (rw) nfsd on /proc/fs/nfsd type nfsd (rw) /dev/sda1 on /media/EGMONITOR type vfat (rw,nosuid,nodev,uhelper=hal,shortname=lower,uid=1000)

  42. fdisk –l example #sudofdisk -l Disk /dev/hda: 40.0 GB, 40020664320 bytes 255 heads, 63 sectors/track, 4865 cylinders Units = cylinders of 16065 * 512 = 8225280 bytes Disk identifier: 0x93dd93dd Device Boot Start End Blocks Id System /dev/hda1 * 1 4660 37431418+ 83 Linux /dev/hda2 4661 4865 1646662+ 5 Extended /dev/hda5 4661 4865 1646631 82 Linux swap / Solaris Disk /dev/sda: 1018 MB, 1018167296 bytes 2 heads, 63 sectors/track, 15782 cylinders Units = cylinders of 126 * 512 = 64512 bytes Disk identifier: 0x017c9ef7 Device Boot Start End Blocks Id System /dev/sda1 * 1 15783 994288 6 FAT16 # • Notes: • hda is an ide drive with 3 partitions • sda is a USB drive currently plugged in

  43. unmounting • umountdirname • can also use devname • unmount before removing device • prevents loss or corruption of data • note the name is umount, not unmount

  44. fstab • List of default mount points • Gets mounted during the booting process • Notes: • mount –a • will mount the fstab entries • mount /dirname • will mount to the device listed in fstab • umount –a • will try to unmount the entries in fstab • if device is busy will get an error • cannot unmount a directory you are in

  45. fstab # cat /etc/fstab # /etc/fstab: static file system information. # # <file system> <mount point> <type> <options> <dump> <pass> proc /proc proc defaults 0 0 /dev/hda1 / ext3 defaults,errors=remount-ro 0 1 /dev/hda5 none swap sw 0 0 /dev/hdc /media/cdrom0 udf,iso9660 user,noauto 0 0 /dev/hdd /media/cdrom1 udf,iso9660 user,noauto 0 0 /dev/fd0 /media/floppy0 auto rw,user,noauto 0 0 # • Sample fstab: • Columns: • 1: device name • 2: mount point • 3: file system type • 4: mount options • 5: enable backing up (dump) • 6: fsck order

  46. File System Checking • superblock must be kept in sync between the version on the disk and the one in memory • update does a sync every 30 seconds • if there is a powerfailure before a change can be synced there can be discrepancies • Examples: • two or more inodes claiming same disk block • block marked free, but not listed in superblock • used block marked free • mismatch in sizes • file not having a directory entry • fsck can check for and fix these problems

  47. Files system checking • fsck • five sequential phases • each feeding the next phase • if there is an error • fsck becomes interactive • user answers questions to fix

  48. Manageing Disk Space

  49. Managing Disk space • Fact: disks fill up! • Need to monitor and maintain use • Two good base tools: • df • du

  50. Managing Disk space • df • reports free space on disk • -h option makes it human readable # df -h Filesystem Size Used Avail Use% Mounted on /dev/sda1 323M 160M 147M 53% / tmpfs 2.0G 0 2.0G 0% /lib/init/rw udev 2.0G 236K 2.0G 1% /dev tmpfs 2.0G 0 2.0G 0% /dev/shm /dev/sda9 440G 2.9G 415G 1% /home /dev/sda8 368M 11M 339M 4% /tmp /dev/sda5 8.3G 4.2G 3.7G 54% /usr /dev/sda6 2.8G 1.1G 1.6G 41% /var /dev/sdb1 114G 1.9G 106G 2% /opt /dev/sde1 16G 7.2G 8.1G 48% /media/PENDRIVE

More Related