1 / 68

System Administration

System Administration. Some recommended references. Unix System Administration Handbook by Evi Nemeth, Garth Snyder, Scott Seebass published by Prentice Hall Unix in a Nutshell by Daniel Gilly & O’Reilly staff published by O’Reilly & Associates, Inc. System Administration Online

chiku
Télécharger la présentation

System Administration

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. System Administration

  2. Some recommended references • Unix System Administration Handbook • by Evi Nemeth, Garth Snyder, Scott Seebass • published by Prentice Hall • Unix in a Nutshell • by Daniel Gilly & O’Reilly staff • published by O’Reilly & Associates, Inc. • System Administration Online • http://www.samag.com/

  3. Essential System Administration • Startup & Shutdown • User Accounts • Security • Backup & Restore • Printers & the Spooling Subsystem

  4. Sys Admin Duties • ...just a partial list • add/change/remove users & groups • backups & restores • answer user questions • monitor system activity (audits & logs) • system security • install programs and OS updates • free up disk space

  5. Sys Admin Duties • handle system crashes • resolve network problems • install/modify/remove systems (& furniture) • write scripts to automate as much as possible • go to meetings....

  6. Basic Strategies • plan it before you do it • make it reversible • make changes incrementally • test, test, test!! ...before going to production • know how things REALLY work • never modify the original file • i.e.. always work with a copy!

  7. Becoming the Superuser • su • become “root user” in the current directory without reading root’s startup scripts, it will ask for the root password before giving you superuser power • su - • just like logging in as root • sudo • a program that allows specified users to run specific commands as root without knowing the root password

  8. Common special file names

  9. Startup & Shutdown • the boot program is responsible for loading the UNIX kernel into memory and passing control of the system to it • typically called: • unix on System V based systems • vmunix on BSD based systems • process 0 is often the scheduler • it is really part of the kernel • process 1 is the init process

  10. Startup & Shutdown • once called init takes care of preparing the system for use • multi-user mode • a fully functional normal system • prompts for login by all users • single-user mode • non-networked • usually considered to be a maintenance mode • should prompt for login by root only

  11. Startup & Shutdown • System V run levels (Solaris) • 0 - power down state • 1 - system administration state • S/s - single user mode • 2 - multi user mode (networked or not) • 3 - remote file sharing state - (networked only) • 4 - user defined • 6 - shutdown and reboot state

  12. Startup & Shutdown • who -r • display current run level and it’s init time ex. $ who -r . run level 3 Mar 14 11:14 3 0 S ^ previous run level see man page for field definitions

  13. Startup & Shutdown • to start a SunOS or Solaris system from the prom prompt • boot will typically go to run level 3 • boot -s will go to single user mode • other systems will be different...

  14. Startup & Shutdown • BSD initialization files (typically) • init calls /etc/rc which calls /etc/rc.local • /etc/rc.local is primarily concerned with network initialization • /etc/rc takes care of everything else

  15. Startup & Shutdown • System V initialization files (typically) • init looks at configuration file /etc/inittab • inittab implicitly defines a process to be run at one or more run levels • commands to execute at the start of each run level are stored in an initialization file called rcn, where n is the run level number • stored under /etc in V.3 and /sbin in V.4 • rcn script runs scripts in directory /etc/rcn.d

  16. Startup & Shutdown • for example: booting to run level 3 • init read /etc/inittab which says to execute /etc/rc3 • /etc/rc3 will execute scripts in directory /etc/rc3.d • you can use telinit command to change current system run level • telinit 6- would cause system to shutdown & reboot • you can also use the init command directly • telinit is only a link to init in any case...

  17. Example /etc/inittab file poincare: more inittab s0:0:wait:/sbin/rc0 >/dev/console 2<>/dev/console </dev/console s1:1:wait:/usr/sbin/shutdown -y -iS -g0 >/dev/console 2<>/dev/console </dev/console s2:23:wait:/sbin/rc2 >/dev/console 2<>/dev/console </dev/console s3:3:wait:/sbin/rc3 >/dev/console 2<>/dev/console </dev/console s5:5:wait:/sbin/rc5 >/dev/console 2<>/dev/console </dev/console s6:6:wait:/sbin/rc6 >/dev/console 2<>/dev/console </dev/console

  18. Startup & Shutdown • BSD style shutdown... • shutdown [options] time message • time • +m - in m minutes • h:m - at specified time (24 hour clock) • now - immediately • message • is displayed immediately • and repeated at increasingly more frequent intervals until the shutdown actually occurs

  19. Startup & Shutdown • System V shutdown... • shutdown -g n [ -i level ] [ -y ] • n - number of seconds to wait (default is 60) • level • 0 - power off • S/s - single user mode (default) • 5 - firmware state (prom prompt) • 6 - reboot to initdefault state in /etc/inittab • -y - answer yes without a prompt to confirmation request (default is to prompt for confirmation)

  20. The Superblock • Index into the filesystem • Stored in memory and multiply on disk • Contains: • List of inodes • Freelist - set of pointers to free space on disk • Various internal parameters • Like filesystem size • Maintained in memory, written to disk about every 30 seconds

  21. Startup & Shutdown • sync command is used to finish all disk transactions and write out an up-to-date superblock, guaranteeing that the system can be turned off without corrupting the files • run as root and usually executed twice (or more) times in a row • sync schedules but does not necessarily immediately perform the writes

  22. Startup & Shutdown • fsck command is used to check the filesystem for correctness. • checks for agreement between the superblock info and the actual filesystem • usually run automatically when booting to multi user modes • can be run manually • but should only be done in single user mode • can fix problems that are found or just display

  23. User Accounts • a user is an entity that can execute programs or own files • some users exist only to own files - these are sometimes called pseudo users • every user has an unique username • every user has an unique user id (UID) • every user belongs to one or more groups • each group has an unique group id (GID)

  24. Account Creation Strategy • Standard login names • Home directory/folder location • Password requirements • Startup files/profiles • Email accounts

  25. Creating UNIX User Accts • The /etc/passwd file is the same for all flavors of UNIX • All flavors also have a /etc/group file • The passwd file defines a set of attributes that define a user • All user accounts are created equal. The permissions associated with them are what makes each user unique

  26. User Accounts • Adding a new user • assign a username and user id • assign a primary group and secondary groups (if any) • edit /etc/passwd and /etc/group • assign a password to the new account • create a home directory and put default initialization files there • chown & chgrp the home dir & files as needed

  27. Passwd file & Group file mike:x:1003:10:Mike John:/export/home/dbittrol:/sbin/sh userid uid group User Name default directory encrypted password default shell it340-A::150: groupname group id number adm::4:root,adm,daemon,vwaldo,dbittrol,pmchugh groupname grpid 5 members of the group

  28. User Accounts • always make a copy of the passwd file before editing it or use the command vipw • format of /etc/passwd • username:passwd:UID:GID:GCOS:homedir:shell • stevel:xxxx:101:43:Comments:/home/stevel:/bin/csh • format of /etc/group • groupname:*:GID:additional usernames • group1:*:43:stevel,student1,student2,student3

  29. User Accounts • standard users • root - user 0 - the superuser (only login acct in this list) • daemon - used to execute system server processes • bin - owns executables for most user commands • sys - owns system files • adm - owns the accounting files • uucp - UNIX-to-UNIX copy subsystem account • cron,mail,news,usenet,lp,lpd - own subsystem accounts • auth,auditor or audit - own system auditing facility • nobody - used by NFS

  30. User Accounts • standard groups • system or root or wheel or sys (GID0) • members of this group are allowed to su to root • daemon - owner of spooling directories • kmem,mem - owns various system files (GID2 on bsd) • sys - owns various system files (sys v) • tty or terminal - owns all files connected to terminals • cron,mail,uucp,news - associated with subsystems • user, users,other,staff - default group for users (GID20)

  31. Adding users • Use admintool • Edit files such as /etc/passwd (not recommended • Command line prompt i.e.; /usr/sbin/useradd -m -d /home/username -g 100 -s /usr/local/bin/bash -c “First Lastname” userid set up first password in the passwd file passwd userid encrypted file is /etc/shadow

  32. Adding Groups • To find out what groups you are in type id –a userid #I.e.; id -a dbittrol uid=1003(dbittrol)gid=10(staff)groups=0(root),2(bin), 3(sys),4(adm),5(uucp),6(mail),7(tty),8(lp),9(nuucp), 12(daemon)

  33. User Accounts • use passwd command to assign initial password to a new user • as root: passwd newuser • passwords should be easy to remember but hard to figure out, guess or crack! • there should be no unprotected accounts • specify minimum password length • change passwords when necessary

  34. User Accounts • shadow password file • is protected from all access by non-root users • stores the encrypted passwords • if you see an x in the password field of the /etc/passwd file then you are using a shadow • usually found in the same directory as passwd

  35. User Accounts • Password restrictions • most UNIX systems provide the ability to modify certain aspects of the password • password aging • maximum lifetime • minimum lifetime • warning time before you must change password • automatically disable account a certain number of days after a password expires • fixed date when account is automatically disabled

  36. User Startup Files • Startup files are found in the user’s home directory and are usually preceded by a . (dot) • Startup files control environment variables, command aliases, command search paths, and shell variables • Bourne .profile • Korn .profile .kshrc #ENV=.kshrc • C-shell .login .cshrc .logout

  37. Managing Users • Managing one system is not difficult, but when you manage multiple systems your tasks increase • Use tools such as NIS/NIS+ • When deleting users make sure that there is not important info stored in that account prior to deleting (check w/supervisor) • Avoid recycling UIDs

  38. User Accounts • login initialization files • sh .profile • csh .login and .cshrc • ksh .profile and .kshrc • .login and .profile are executed at login • .cshrc and .kshrc are executed every time a new shell is spawned

  39. User Accounts • On Solaris some standard utilities are provided for managing user accounts: useradd userdel usermod • These are located in the /usr/sbin directory • Check the man pages for options and syntax

  40. User Accounts • other things to consider when adding a new user • any enhanced security facilities • assigning disk quotas • defining mail alias • setting print queue access • adding to secondary groups • access to third party applications

  41. User Accounts • testing the new account • use the su or sudo command • i.e.. # su - newuser • also handy for testing existing accounts!

  42. User Accounts • the entire process of adding and removing a user can be (and often already is) automated • expect command line and GUI interfaces • depending on how your system is set up it may be best to use only the automated tools for administrative functions • they tend to make sure you don’t forget the little (but always horribly important) details...

  43. User Accounts • the ability to disable and restrict user accounts is also a feature of most systems • when removing a user there are a number of things to keep an eye out for.... • change system access passwords (as needed) • terminate running processes owned by user • remove from secondary groups • remove user’s mail file

  44. User Accounts • remove from the mail alias file (if needed) • check for cron or at jobs by user • check for pending print jobs • backup & delete (archive) home directory • and any other site specific tasks....

  45. Performance Monitoring • Performance Monitoring and tuning are essential parts of system administration • Multiple tools are available • Providing real-time and remote logging of statistics

  46. Key Components • Processor - will a faster processor fix a slow machine • Memory - Are page and swap files in use, is more RAM a fix • Disk - Will faster disks make a difference • Network Interface - Is it important to have a fast and reliable connection to the internet

  47. UNIX Performance Tools • vmstat - Provides statistics on processes, virtual memory, disk, interrupts, and CPU activity • Will summarize activity every five seconds or until program terminated • First line of info is on system since last booted (ignore first line) • r column (run queue) is good processor evaluation

  48. UNIX Performance Tools • b - blocked for resources is indicator of slow disk subsystem • memory - shows free swap space to see if you are using swap space allocated • page - only worry about 4 of 7 columns • re page reclaims • pi kilobytes paged in • po kilobytes paged out • sr pages scanned by the clock algorithm

  49. UNIX Performance Tools • iostat - provides statistics on disk, terminal, and CPU activity • summarizes activity 10 times at 5 second intervals • report on kilobytes transferred per second • seeks per second • milliseconds per average seek

More Related