430 likes | 526 Views
Unit L4 - Advanced Linux. CIS-116 SUNY Ulster Karl Wick. Handout. File Properties. Several properties are associated with each file in Linux Recall the ls – l directory listing command The first piece of information about a file shows these properties. -rw-r--r-- There are ten ‘slots’
E N D
Unit L4 - Advanced Linux CIS-116 SUNY Ulster Karl Wick
File Properties • Several properties are associated with each file in Linux • Recall the ls – l directory listing command • The first piece of information about a file shows these properties. • -rw-r--r-- There are ten ‘slots’ • Recall that Linux is a multiuser OS
File Properties (2) • All files and directories are owned by the person (account) that created them. • Each person may belong to a ‘workgroup’. • Other unrelated users may be on the network. • The owner of a file can set file permissions for • the owner • the group • others
File Properties (3) • Permissions fall into three categories • read • write • execute (does not apply to all files, of course) • The permissions field • type, owner rwx, group rwx, others rwx • - type means a file d type means a directory • rwx means permitted, - means not permitted
File Properties (4) • -rwxr-xr-- means: • This is a file • The owner can read, write and execute the file • Group members can read and execute the file • Other users can only read the file • dwrx------ means: • This is a directory • Only the owner can read or write or execute
Changing Permissions • The owner of a file can change permissions by using the chmod command. • Root can chmod any file or directory on the system. • chmod u|g|o|a +|-|= r|w|x filename • u user g group o others a all • + add - remove = the only permission • r read access w write access x execute access • chmod u+rw roadtrip.txt
Another way • You can call up chmod with integer values • r = 4 • w = 2 • x = 1 • - = 0 • chmod 644 weekend.txt is the same as • chmod u+rw weekend.txt; chmod g+rw weekend.txt; chmod o+r weekend.txt • Try it and ls –l to see the new permissions
An example • From the student account and directory /home/student • Create a text file (of any text) and save it • Type these lines: chmod a –rwx newfile.txt (Remove all permissions) cat newfile.txt (you will get a message – “Permission Denied”) chmod u +rw newfile.txt (Restore permissions to the owner) cat newfile.txt • Note: The restrictions do not apply to root • Permissions are a security feature • It is not a good idea to use 666 or 777 permissions
Common Settings • -rw------- (600) Owner read & write permission • -rw-r--r-- (644) Owner read & write, group & others read only • -rwx------ (700) Owner has all permissions, group & others none • -rwxr-xr-x (755) Owner has all permissions, group and others read and execute • -rwx--x--x (711) Owner has all permissions, group & others exe • -rw-rw-rw (666) Everyone can read and write • -rwxrwxrwx (777) Everyone can read, write, and execute • drwx------ (700) Directory. Only owner can read and write • drwxr-xr-x (755) Directory. Owner can write, all can read • NOTE: execute for a directory means listing capability
Default Permissions • For most Linux systems the default permissions of rw-r--r-- are used whenever you create a file. • The default permission settings are contained in a file accessed at bootup by the umask command. • Type umask and you will see the default permissions. • umask REMOVES permissions • Type umask +rw-rw-rw- or umask 000 • Type umask –w--w--w or umask 222 to remove write permissions.
Monitoring the System Memory and Disk Usage
free, vmstat, ps • free Displays the status of RAM and VRAM • Mem: refers to RAM • Swap: refers to virtual RAM (the swap file) • Too little RAM will cause ‘thrashing’ (constantly moving information from RAM to VRAM) • vmstat Provides detailed information about swap file usage. The output is cryptic. See man. • swap file, free, buffer size, cache size, swap in and out statistics, cpu: user, system and idle processes. • ps Lists all running processes by number and user.
Real Time System Status • top Displays the most processor intensive processes in real time. Updates about every 5 seconds. • Type top <enter> and watch the screen • Type <j> a few times and watch the screen • Type <q> to exit top
top Interactive Comands <space> update now ^L redraw screen k kill a process by ID i ignore idle n, # number of processes to view q quit many toggles for displays N sort by PID A sort by age P sort by CPU useage M sort by mem use T sort by time W write to ~/.toprc
Checking HD usage • df Shows 1k blocks allocated, used, available for all mounted filesystems. • df –m Same but displayed in megabytes. Try –h too • You can specify a single filesystem too: df /dev/hda5
Checking HD Usage • du Summarizes disk usage by 512 byte blocks • du –b size in bytes • du –a all files not just directories • du –h human readable
Stopping a Process • Type ps <enter> to see all running processes • Type kill [processid#] or kill [processname] • If multiple instances of the same (name) process are running, these commands may not work. • Try kill –s kill [pid] • If you kill a process that the OS needs, the system may crash.
LILO and configuring LILO • LILO loads Linux at bootup. It can also load other OSs. LILO is a boot manager. • LILO configuration options are stored in the file /etc/lilo.conf They can be changed with a text editor. • After making changes, you MUST save lilo.conf and run lilo to write the changes to the MBR of the hard disk. • lilo.conf can store more than one image and boot to a menu.
A Typical lilo.conf File boot=/dev/had Where LILO is installed map=/boot/map optional line - default install=/boot/boot.b optional line - default prompt Prompt? (For multiple boot systems) timeout=50 In 1/10ths of a second to default image message=/boot/message default is the first image found in file image=/boot/vmlinuz-2.4.2-2 default image label=linux type linux to start root=/dev/hda3 read-only password=passwrd other=/dev/hda1 additional image label=dos type dos to start table=dev/hda
More Administrative Tasks (admin chapter 8)
Managing Accounts • Types of Accounts • root - The administrator / Superuser • Regular Users • Non-Regular Users - used by programs • Account Groups • Each user belongs to a primary group • A user can belong to a secondary group • Groups can be assigned permissions • Type more /etc/passwd to see all users including usernames created by programs. • Root will be first, regular users will be last.
etc/passwd • root:x:0:0:root:/root:/bin/bash • Fields are separated by colons Account name : Password (x means in /etc/shadow file : User ID : Group ID : Real Name : Home Directory : Default shell • It is possible to edit in a text editor but not advisable due to some security measures not allowing the changes.
/etc/group • root : x : 0 : root • bin : x : 1 : root,bin,daemon • Fields are separated by colons Name of Group : Group Password (may be blank, or x {stored elsewhere}) : Group ID : group members separated by commas.
Security • In early versions of Linux the user passwords were stored in /etc/passwd. • This file is available to most users. • /etc/shadow is where passwords are now stored and is accessible only to root.
Passwords • Changing • Run passwd • Recovery • mount root partition, • edit /etc/passwd file to remove the root password • edit /etc/shadow file, if used • reboot
passwd Options for root • -l -u lock and unlock the account (root may access) by adding ! to the beginning of the pw. • -S status of account password. • These work with some versions of Linux • -n set min # days between pw changes • -x set max # days pw remains valid • -w set #days before warning PW about to expire • -I set #days after pw expires before acct. is locked.
/etc/shadow • Again, the entries are delimited by colons. root:$1$uBxqh7wl$oklXHuoBjHH7JmiVdk/fQ : 10815 : 0 : 99999 : 7 : : : Account name that MUST correspond with a user account in /etc/passwd. : Encrypted password : password security information follows. • New users have !! in the password field (Tackett & Burnett 5th Que p290)
Checking passwd & shadow • pwck will check on the consistency & validity of the /etc/passwd and /etc/shadow files. • pwck also warns of any account that does not have a password. • grpck will check on the consistency & validity of the /etc/group and /etc/gshadow files.
Creating New User Accounts • Log in as root • Type useradd username <enter> • If required, run chfn username to add personal info and update finger information. • useradd –D will show the default settings • These are stored in /etc/default/useradd • There are many options that may be used with the useradd command. • (See /etc/login.defs and man for detailed info.)
Removing Users • Remove login capability (temporary. Maybe user is away on vacation): Edit /etc/passwd or /etc/shadow and put a * at the beginning of the PW field. The account stays intact. • Remove user but keep files: Edit /etc/passwd and /etc/shadow files by removing user name. OR run userdel username. Change file ownership and location with chown and mv • Remove user and home files: userdel –r username OR • a) Remove entry from password files. • b) erase all files in home directory find homedir –exec rm{} • c) Erase user’s home directory rmdir homedir • d) don’t forget other files such as e-mail alias files.
Notes about useradd options • If a name (ie option –c) contains a space you must enter it between double quotes so that Linux doesn’t think that it is two field variables • useradd –D options will change the defaults. All of the options on the previous slide are permitted useradd –D –s /bin/csh • You can combine options on one line. useradd –g sales –c “Phred The Wonder Dog” phred • You can edit /etc/default/useradd in a text editor.
Simple example • useradd student2 –p cis116 • Adds the user named “student2” and specifies the password to be “cis116”
Creating New Groups • Use the groupadd groupname command (preferred) or edit /etc/group in a text editor. • The –g option will specify a particular group number for the new group. • Do not assign two groups with the same number because Unix will consider them the same. • ex: • groupadd –g 900 managers • groupadd students
Modifying User Accounts • usermod options username • usermod uses the same options as useradd • usermod –c “Liz Osowski” lizw • usermod –l lizo –d /home/lizo lizw Changes home directory to look for. Make sure that the home directory actually exists!
Modifying Groups • Use groupmod [-g GID] [-n group_name] group • -g GID is numerical group number. • -n group_name will change from group to this.
Deleting A Group • Edit the /etc/group file by removing the pertinent line. • Reassign all files with the old group ID to a new group ID. • find / -gid group-id find users_home_dir –exec chgrp newgroup {} \;
Keeping track of users • Simply typing <w> from the root account will provide a list of all users logged onto the system. • It will tell you: • their login date or time • their CPU usage • their last command
Banner Messages • Stored in the file /etc/motd • Edit the file and save it or create the file with cat > /etc/motd if it does not exist. • Reboot and the message will appear immediately after a successful login.
Bonus: GUI to Text and Back • From text mode enter startx to activate the GUI. • From the GUI type <CTRL-ALT-F2> to enter text mode. You may need to login the first time you do this. • From text mode type <ALT-F7> to go back to the GUI. • You can switch back and forth.