420 likes | 436 Views
This week's agenda includes announcements, a link of the week about Linux file systems, a review of the previous lab assignment, expectations for the current week's lab assignment, upcoming deadlines, and lab assistance.
E N D
Week Eleven Agenda • Announcements • Link of the week • Review week ten lab assignment • Week ten expected outcomes • Next lab assignment • Upcoming deadlines • Lab assistance
Link of the week File System http://www.skillsheaven.com/linuxfil.php This site addresses many concerns you might have about Linux file systems from history, version types, pros/cons, troubleshooting, etc. Define: Filesystem The methods, organization of data, and metadata that an operating system uses to keep track of files on a disk or partition on a storage device.
Link of the week • Linux Filesystem ext3 includes journaling capabilities to allow faster recovery after unexpected reboots Define filesystem with journaling : A file system with journaling is based on the techniques used from real-time transaction processing. A transaction log is used to store transactions either in a designated filesystem location or on a separate disk partition. As changes are made to the filesystem, metadata changes are recorded to the log and writing entries to the log are done prior to writing the actual buffers to disk.
Link of the week Benefits of journaling In the event of a system crash, the entries in the log file remain intact and are replayed. Maintaining this level of data integrity ensures that the file system is in a constant state.
Review week ten lab assignment /etc/passwd file varneyg:x:1020:1021:varneg user:/export/home/varneyg:/bin/ksh • Username: It is used when user logs in. It should be between 1 and 32 characters in length. • Password: An x character indicates that encrypted password is stored in /etc/shadow file. • User ID (UID): Each user must be assigned a user ID (UID). UID 0 (zero) is reserved for root and UIDs 1-99 are reserved for other predefined accounts. Further UID 100-999 are reserved by system for administrative and system accounts/groups. • Group ID (GID): The primary group ID (stored in /etc/group file) • User ID Info: The comment field. It allow you to add extra information about the users such as user’s full name, phone number etc. This field use by finger command. • Home directory: The absolute path to the directory the user will be in when they log in. If this directory does not exists then users directory becomes / • Command/shell: The absolute path of a command or shell (/bin/bash). Typically, this is a shell. Please not it does not have to be a shell.
Review week ten lab assignment /etc/passwd file The /etc/passwd file is considered the user database for the system. The information contained in the /etc/passwd file is useful for applications running on the system to access. In summary, the /etc/passwd file is located under the system configuration and executables directory. The /etc/passwd file is the system’s master list of information about user accounts.
Review week ten lab assignment /etc/shadow file varneyg:$1$dhBysgdhfteM9gd00:13064:0:99999:7::: • User name : It is your login name • Password: It your encrypted password. The password should be minimum 6-8 characters long including special characters/digits • Last password change (last changed): Days since Jan 1, 1970 that password was last changed • Minimum: The minimum number of days required between password changes i.e. the number of days left before the user is allowed to change his/her password • Maximum: The maximum number of days the password is valid (after that user is forced to change his/her password) • Warn : The number of days before password is to expire that user is warned that his/her password must be changed • Inactive : The number of days after password expires that account is disabled • Expire : days since Jan 1, 1970 that account is disabled i.e. an absolute date specifying when the login may no longer be used • Unused field:
Review week ten lab assignment /etc/shadow file • The “X” in the /etc/passwd file password field indicates that the shadow file contains the encrypted password. • Red Hat Linux uses MD5 by default. • Most Linux systems utilize MD5 as their encrypted form. • MD5 requires 34 characters in encryption form. • MD5 begins with a dollar sign, number, and a dollar sign (e.g. $1$). • The shadow file is only readable by root. In summary, the /etc/shadow file contains the encoded passwords and password settings. The /etc/shadow file contains all the guide lines that pertain to the administration of the password.
Review week ten lab assignment /etc/group file Group name:Password:GID:User_list Group name: Name of the group. • Password: The group password is encrypted. If this field is empty, no password is needed. Otherwise, an “X” in the field indicates the password is stored in the /etc/gshadow file. • GID: The numerical group ID and/or unique group identifier. • User_list: All the group member's user names, separated by commas. Most Unix-like systems impose a limit of 16 to 32 group memberships per user.
Review week ten lab assignment /etc/group file ntp:x:38: student:x:101: itadmin:x:400: faculty:x:410: csfac:x:420:mccannp,sieberth,hochstew,whittakt,morganr,hartung staff:x:430:: In summary, the /etc/group file identifies a collection of users who generally share similar functions. These groupings are not limited to departments or project.
Review week ten lab assignment /etc/gshadow file • Group-name: is the name of the group • Password: is the encoded version of the password • Group-admins: is the list of members in the group • Additional- users: a copy of additional members. In summary, the /etc/gshadow file is utilized to store the /etc/group password.
Review week ten lab assignment File Summary /etc/passwd - user account information /etc/shadow - secure user password information /etc/group - group information /etc/gshadow - secure group password information User account files The /etc/passwd, /etc/shadow, and /etc/group files are considered the most important files for storing user account and authentication information. Command to add a user account Linux/Knoppix –useradd Command to remove a user account Knoppix – deluser Linux - userdel
Review week ten lab assignment Managing Users Adding a user to a computer involves several steps before the user can actually log in and perform user operations. Every user that intends to utilize a computer must first gain access to that system, then go through an initialization process found under the user’s home directory. The new user initialization process begins by reading and executing the commands and environmental variables found in the $HOME/.profile file or .bash_profile. Normally, the .profile is run automatically when you log into the system and the user’s environment is set up silently. Once the user is granted access permission to the system, a shell is spawn to allow the user to interact with the system. Display the ~varneyg/.profile When adding a new user account to the system, the administrator assigns the username a user identification number (UID). The UID is used internally by the system to identify each user. Duplicating the UID causes the accounts to share an identity in the system.
Review week ten lab assignment Processes The & symbol represents the background process. Once a background process is launched by a terminal session, the process becomes unattached to the terminal that launched it. Background processes are terminated typing kill -9 <pid> Example: simple_script & Once a foreground process is started, it remains in the foreground until it completes, because it remains attached to the terminal. Foreground process by typing Ctl-C
Review week ten lab assignment Kernel functions in two ways An autonomous function is the allocation of memory and CPU, which are performed without explicitly requested by a user process. A responsive function is one where resource allocation and process creation and management, are initiated by requests from processes. The daemon processes are started as part of the boot process and run until the system is shut down. Daemon processes can be associated with a systems database applications, network , secure terminal and file transfer, and scheduling tasks
Review week ten lab assignment An autonomous process is one that is not started by the kernel. The daemon processes are started as part of the boot process and run until the system is shut down. The UNIX inetd daemon may start the telnetd to handle a telnet connection. The UNIX inetd daemon may start the ftpd to handle an ftp connection. One daemon may start another; the UNIX inetddaemonwill accept a network connection and then start another daemon to handle the connection, based on the type of connection. There are various processes in UNIX that are not owned by a user, but exist to provide services. These processes are often called "daemons.“ The inetd superserver runs continuously listening for network connections. This type of daemon is more susceptible to be system breaches.
Review week ten lab assignment xinetd daemon The Linux xinetd daemon is a more secure replacement for the inetd superserver. The xinetd superserver listens for network connections. When a connection is made, it launches a specific daemon and forwards the data from the socket to the daemon’s standard input. Basically, the xinetd superserver works on-demand.
Review week ten lab assignment Single and Multi-Threaded Processes The implementation of a thread may differ from one operating system to another. Generally, a thread exists within a process. Multiple threads within a single process can co-exist and share the same resources. Threads compared to Processes Threads exist as subsets of a process. Multiple threads in a single process share memory and other resources. Threads share the same address space. Threads utilize context switching the same as a process.
Review week ten lab assignment Single threaded process is when a process only performs one task. Multi-threaded process is when a process can perform multiple tasks concurrently without extra overhead needed to create a new process. Word processor is a multi-threaded process. Kernel Functions The kernel part of the operating system that allocates machine resources, including memory, disk space, and CPU cycles, to all other programs that run on a computer
Review week ten lab assignment The kernel is responsible for creating the init process. This creation is referred to as spontaneous and/or hand-crafted. Processes go through various process states during their existence. These are transitory states managed by the operating system (OS). The specifics of these process states vary from one OS to another, as well as state names. Linux Process states: - Waiting (process scheduler - load from secondary storage to main memory) - Running (after a process is assigned a processor by a short – term scheduler, context switch is performed) - Stopped (The process has been stopped, usually by receiving a signal. A process that is being debugged can be in a stopped state) - Zombie (This is a halted process for some reason. Still has a task_struct data structure)
Review week ten lab assignment Zombie process is a process that has completed execution but still has an entry in the process table, allowing the process that started it to read its exit status. Remember that a Zombie is already dead. Processes marked <defunct> are dead processes (so-called “zombies”) Locate a zombie process on cs.franklin.edu Commands: ps aux ps aux | awk ‘{ print $8 “ “ $2 } ‘ | grep -w Z
Review week ten lab assignment Orphan process is a process whose parent process has terminated or finished. Characteristics of an orphan process: The owner of an orphan process can kill that process. Logging off your terminal will not guarantee termination of your orphan. An orphan process may continue to execute, taking up system resources and slowing the machine down for other users. If you notice slow performance on a machine and you see an orphan process that doesn’t belong to you.
Review week ten lab assignment Is there an orphan process listed below? root 1 0 0 2010 ? 00:03:17 init varenyg 22387 22385 0 17:34 pts/1 00:00:00 grep init root 927 1 0 2010 ? 00:08:58 /usr/sbin/sshd root 22350 927 0 17:31 ? 00:00:00 sshd: varneyg@pts/1 varneyg 22390 22385 0 17:34 pts/1 00:00:00 sort -r varneyg 22389 22385 0 17:34 pts/1 00:00:00 grep varneyg varneyg 22388 22386 0 17:34 pts/1 00:00:00 ps -ef varneyg 22385 22351 0 17:34 pts/1 00:00:00 /bin/ksh ./pid_ppid.sh varneyg varneyg 22351 22350 0 17:31 pts/1 00:00:00 -ksh
Review week ten lab assignment Terminate orphan Processes kill -3 8074 Signal the process with 8074 pid to “quit” kill -1 8074 Signal the process with 8074 pid to “hangup” kill -9 8074 Signal the process with pid 8074 to be “killed”
Week Fifteen Agenda Kill command is use in several operating systems to send signals to running processes. Implementing the kill command, does not always result in terminating a process. The kill command is a wrapper around the kill() system call, which sends signals to processes or process groups on the system that can be referenced by their process ID (pid). There are many different signals that can be sent to a process, although the ones of most interest are the SIGTERM and SIGKILL. The default signal sent is SIGTERM. Programs that can handle this signal can have useful cleanup operations (save configuration information to a file) before a process terminates. All signals can be intercepted by a process except the SIGKILL and SIGSTOP. These two signals cause a special function to be executed, that are only seen by the kernel. The SIGKILL kills the process, and SIGSTOP pauses it until a SIGCONT is received.
Week Fifteen Agenda UNIX provides security mechanisms that prevent one user on the system from killing another user’s process. In order for one process to send a signal to another, the owner of the signaling process must be the same as the owner of the receiving process or be the superuser. Other useful signals include the following: SIGINT signal can be generated with a CTRL+c SIGTSTP signal can be generated with a CTRL+z SIGQUIT signal can be generated with a CTRL+\ The SIGQUIT will force the program to do a core dump. Microsoft’s command line interpreter Windows PowerShell, kill is a predefined command alias for the Stop-Process command. Microsoft Windows XP, Vista and 7, include the command taskkill.
Week ten, eleven, & twelve expected outcomes Upon successful completion of this module, the student will be able to: • Manipulate user accounts. • Describe how cron is used to invoke repetitive processes. • Manipulate process structure including: a) fork and execute b) Initialization process c) Background/foreground d) PS tool • Explain basic UNIX security issues. • Describe disk and file system structure. • Use backup and restore archival operations on a system. • Establish network services. • Investigate the structure of the LDAP directory using LDAP commands.
Next Lab Assignment NFS (Network File System) In UNIX, the file system isn’t visible to the user. The user doesn’t know or have a need to keep track of the physical location of file(s) like other file systems require. The root directory, denoted by a forward slash (/) is the central component of the file system. Other directories can be attached (mounted) to the root directory and utilized. NFS is a file and directory sharing mechanism native to Unix and Linux. NFS is simplistic to set up. On the server, you make an entry in the /etc/exports file to enable its use by the client. This is called sharing.
Next Lab Assignment NFS (Network File System) In order to access host file systems or printers using an NFS client, the file systems must be exported. To export a file system or printer, it must be added to the host /etc/exports file. The exports file allows the administrator to control the following access: Which file systems are made available to remote users Which remote users can access each file system What access limitations the remote users have to each exported file system
Next Lab Assignment NFS (Network File System) On the server, enter the following information to allow sharing: /dir/to/export host1.mydomain.com(ro,root_squash) /dir/to/export host2.mydomain.com(ro,root_squash) /dir/to/export is the directory you want to export host#.mydomain.com is the machine allowed to log in this directory The ro option mean mounting read-only. The root_squash option for not allowing root write access in this directory Many supposed NFS problems are really problems with the firewall. In order for your NFS server to successfully serve NFS shares, its firewall must enable the following: ICMP Type 3 packets Port 111, the Portmap daemon Port 2049, NFS The port(s) assigned to the mountd daemon
Next Lab Assignment Samba Samba is a suit of open source software programs that accommodates UNIX-like operating systems. The name Samba was derived from SMB (Server Message Block), the protocol that is native method of file and printer sharing for Windows. As a server, Samba shares Linux files and printers with Windows systems. As a client, Samba allows Linux users access to files on Windows systems. Samba has the capability to share files across heterogeneous computing environments.
Next Lab Assignment The Samba server uses UDP ports 137 and 138 and TCP ports 139 and 445. Normally, openings in the firewall are needed during installation. Samba users must have the same username as a Linux username or must map to a Linux username. The username(s) that map a Linux username are located in /etc/samba/smbusers file. The record format is linux_user_name = smb_user_name
Next Lab Assignment Samba uses its own passwords to enter Samba, not Linux passwords. These passwords are located in the /etc/samba/smbpasswd file. Initially, when Samba is installed, this file does not exist on the system. Each technique described, allows the system administrator to add users to smbusers and passwords to smbpasswd. To map a password from a Windows system to a Linux system, use the command smbpasswd –a smb_passwwd
Next Lab Assignment JumpStart To configure a Samba server, the system-config-samba utility best serves this basic need. This tool is the best one to use if you’re not familiar with Samba. The system-config-samba utility performs three basic functions: configuring the server, configuring users, and setting up shares that are exported to the Windows system. What is a share? It is a filesystem hierarchy that is shared with another system using SMB. It is a directory hierarchy that is exported from a Linux system to a Windows system.
Next Lab Assignment The /etc/samba/smb.conf file controls a large portion of how Samba works. The smb-config file is divided into sections to specifically address certain sections. They are as follows: [globals] Defines global parameters [printers] Defines printers [homes] Defines shares in the “homes” directory. This share allows each user’s home directory to be shared with specific parameters. [share name] Defines a share Comments: # or ; Execute testparm to check whether the smb.conf file is syntactically correct.
Next lab assignment /etc/init.d/rc.d/crond is started automatically started when entering multi-user runlevel. crond is a daemon that executes scheduled commands. /etc/crontab file is a file which contains the schedule of entries to be run and at specified times. # Einstein /etc/crontab entries 01 * * * * root run-parts /etc/cron.hourly 02 4 * * * root run-parts /etc/cron.daily 22 4 * * 0 root run-parts /etc/cron.weekly 42 4 1 * * root run-parts /etc/cron.monthly
Next lab assignment crontab format * * * * * command to be executed 1 2 3 4 5 First *: min (0-59) Second *: hour (0-23) Third *: day of month (1-31) Fourth *: month (1-12) Fifth *: day of week (0-6) (Sunday=0) Example: 40 18 * * * rm /export/home/someuser/*
Next lab assignment /usr/lib/cron/cron.allow /usr/lib/cron/cron.deny crontab commands crontab -e Edit crontab file crontab –l Display your crontab file crontab –r Remove your crontab file crontab –v Display last time crontab was edited.
Next lab assignment Full backup is the starting point for all other types of backup and contains all the data in the folders and files that are selected to be backed up. Because full backup stores all files and folders, frequent full backups result in faster and simpler restore operations. Remember that when you choose other backup types, restore jobs may take longer. Differential backup Differential backup contains all files that have changed since the last FULLbackup. The advantage of a differential backup is that it shortens restore time compared to a full backup or an incremental backup. However, if you perform the differentialbackup too many times, the size of the differential backup might grow to be larger than the baseline full backup. Incremental backup Incremental backup stores all files that have changed since the last full, differential or incremental backup. The advantage of an incremental backup is that it takes the least time to complete. However, during a restore operation, each incremental backup must be processed, which could result in a lengthy restore job.
Upcoming deadlines • Account/LDAP Script, 10-1 is due March 18. Process, 10-2 is due March 18. • Knoppix File System Exercise, 11-1 is due March 25. • Programming Assignment 2, 12-1 is due April 1. Archives Exercise, 12-2 is due April 1. • Presentations for Public Domain/Open Source Lab Assignment 13-1 will be April 8. • Programming Assignment 3, 14-1 is due April 14. • Final Exam, 15-1 will be administered April 9-14. • Final Exam Outline will be available March 30, two weeks prior to the final exam date. This outline will be considered a “living” document. I will add additional information to it up to one week prior to the exam. All additional information posted after the initial posting will be highlighted/indicated.
Lab assistance • Questions • Comments • Concerns • Outline reading assignments • Review Modules 5,6, and 7. I will be available after this Franklin Live session to discuss any problems and/or concerns regarding lab assignments.