1 / 99

Advanced UNIX

Advanced UNIX. Spring 2007 Review Chap 10-14. Definition of root & su. root (1): a file system term describing the top level directory of a drive or storage volume.

gibson
Télécharger la présentation

Advanced UNIX

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Advanced UNIX Spring 2007 Review Chap 10-14

  2. Definition of root & su • root (1): a file system term describing the top level directory of a drive or storage volume. • root (2), or root access: authorization within Unix-based operating systems that allows a user to make system-wide changes. This includes the ability to open and modify files that are off-limits to normal users, such as system files and and files within other users' home directories. • superuser(su): a user who has been given root access.

  3. The root account • Never login in as root • It is dangerous • There is no audit trail • Always login with your personal account • Then su to root • Disable root logins from the network • RSC (Remote System Console) • Change the root password frequently • DoD does this every 90 days

  4. The Shell Prompt • The command line prompt will indicate if you are logged in as root by displaying a # before the cursor • For System-V derivatives of UNIX you will see a $ if you are logged in as a normal user, % if your are on a Berkeley derivative of UNIX

  5. Changing a Password • To Change the password of the account you’re logged in as type the following: passwd <enter> • To change the password of another user type the following: passwd <userid> • For class you should change your password

  6. Using the su command • The su command allows one to become another user without logging off or to assume a role. The default user name is root (super user). • To su to root type the following: su • To su to another user type the following: su <userid>

  7. Administration Tools • With Fedora the Sys Admin tools have the following syntax “system-config-xxxx” • GUI Admin Tools • Vary from Windows Manager • Gnome • KDE • Etc…

  8. Administration Commands • Most system administration commands are locate in “sbin” directories such as: • /sbin • /usr/sbin • /usr/local/sbin

  9. Administrative Config Files • Most configuration files are located in the /etc directory • /etc/passwd • /etc/shadow • /etc/mail/* • /etc/hosts • /etc/fstab • /etc/resolv.conf • See pages 367-371

  10. Administrative Log Files • Most logs are located in /var/log directory • /var/log/messages • /var/log/lp • /var/log/mail or /var/log/maillog • /var/log/cron • /var/log/wtmp

  11. Limited root Access With sudo • You can grant access to root commands to specific users using the sudo command • Key files are: • /etc/sudoers • /usr/sbin/visudo • visudo - edits the sudoers file

  12. Administrative Tools • superuser = root • Unrestricted access • Become a superuser • Log in to root • Use su or su – • Inherits the env from current shell • Only use superuser when it is needed • Change root password periodically • Employment status change for SA • Unauthorized access

  13. Administrative Tools • Always lock your screen • Use xlock or simply log off • Controlling su access • System V • BSD – member’s of group 0 • Linux – GNU su does not check membership of group 0 • Run a command with su same time • su root –c “command”

  14. Administrative Tools • Facility sudo • Selective access • Allow some user to run specific commands as root without having to know the root password • RUN sudo command • Type in user’s own password • Good for a configurable time, default 5 minutes • Configuration file /etc/sudoers • Users • Commands • Format Users host=commands

  15. Administrative Tools • Advantages of sudo • Command logging - accountabilities • Operators can do chores • Hide the real root password • Revoke the privilege without changing the root password • A list of users with privileged access is maintained • Less chance of root shell left unattended

  16. System Administration • Some additional duties of a system administrator are: • Hardware Configuration • File System Management • System Monitoring • For hardware configuration a common Linux tool is Kudzu • http://rhlinux.redhat.com/kudzu/

  17. Kudzu • Hardware probing tool run at system boot time to determine what hardware has been added or removed from the system. • kudzu is normally configured to run at startup • It will check you system for hardware then compare the results with /etc/sysconfig/hwconf • If changes are detected kudzu will prompt you to change your system configuration

  18. Kudzu • Devices kudzu will detect and configure are: • Network devices • SCSI devices • Audio devices • Input/Output devices (keyboards, mice) • CD-ROMs • Scanners

  19. Modules • What is a loadable kernel module • When to use modules • Intel 80386 memory management • How module gets loaded in proper location • Internals of module • Linking and unlinking module

  20. Kernel module description • To add a new code to a Linux kernel, it is necessary to add some source files to kernel source tree and recompile the kernel. • But you can also add code to the Linux kernel while it is running. A chunk of code added in such way is called a loadable kernel module • Typical modules: • device drivers • file system drivers • system calls

  21. When kernel code must be a Module • Some higher level component of Linux kernel can be compiled as modules • Some Linux kernel code must be linked statically then component is included in the kernel or it is not compiled at all • Basic Rules of Thumb: • Installed kernels are bloated • A working kernel should be built with anything that is necessary to get the system booted up • Everything else can be built as a modules

  22. Advantages of modules • There is no necessity to rebuild the kernel, when a new kernel option is added • Modules help find system problems (if system problem caused a module just don't load it) • Modules save memory • Modules are much easier to maintain and debug • Modules once loaded are as fast as a kernel

  23. Module Implementation • Modules are stored in the file system as ELF (Executable and Linkable Format) object files • The kernel makes sure that the rest of the kernel can reach the module's global symbols • Module must know the addresses of symbols (variables and functions) in the kernel and in other modules The • kernel keeps track of the use of modules, so that no modules is unloaded while another module or kernel is using it

  24. Programs for linking and unlinking • insmod • Reads from the name of the module to be linked • Locates the file containing the module's object code • Computes the size of the memory area needed to store the module code, its name, andthe module object • lsmod • reads /proc/modules • rmmod • Invokes the query_module( ) system call • Invokes the delete_module( ) system call • Use the QM_REFS subcommand several times, to retrieve dependency information on the linked modules • modprobe • takes care of possible complications due to module dependencies, uses depmod program and /etc/modules.conf file

  25. File System Administration • Disk devices are represented by device files that reside in the /devdirectory • Device file – a file used by Linux commands that represent a specific device on the system • Character devices • Transfer data to and from the system one character or data bit at a time • Block devices • Storage devices that transfer to and from the system in chunks of many bits by caching the information in RAM • Can transfer information must faster than character devices

  26. Mounting Mounting • Process used to associate a device with a directory in the logical directory tree such that users may store data on that device Mount point • Directory in a file structure to which something is mounted Mount floppy to default mount point (directory) $ mount /dev/fd0 Mount floppy to specified mount point (directory) $ mount /dev/fd0 /flopper

  27. Working with Hard Disks • IDE hard disk drives attach to the mainboard with an IDE cable and must be configured on one of four configurations, each of which has a different device file: • Primary master (/dev/hda) • Primary slave (/dev/hdb) • Secondary master (/dev/hdc) • Secondary slave (/dev/hdd)

  28. Working with Hard Disks • SCSI hard disks are well-suited to UNIX/Linux servers that require a great deal of storage space for programs and user files • Different device files associated with SCSI hard disks: • First SCSI hard disk drive (/dev/sda) • Second SCSI hard disk drive (/dev/sdb) • Third SCSI hard disk drive (/dev/sdc)

  29. Hard Disk Partitioning • Recall that hard disks have the largest storage capacity of any device used to store information on a regular basis • This poses some problems, because as the size of a disk increases, organization becomes more difficult and the chance of error increases • Partition • A physical division of a hard disk drive

  30. User Management • There are many more aspects to user management than just creating an account and setting a password • setting password expiration • setting password complexity • setting account expiration • manage groups • Next we will set up a user account, set password expiration, modify the default password length, add a group and set the default group for new users (from the command line of course)

  31. Class Lab • Using vi, change the max number of days a password can be used to 180 • Edit /etc/login.defs • Change PASS_MAX_DAYS to 180 • Using vi change the minimum password length to 7 • Edit /etc/login.defs • PASS_MIN_LEN to 7

  32. Class Lab • Create a new group called students using the groupadd command (as root) groupadd students • Change default group for new users to students using the useradd command (as root)useradd –D –g students • Create an account for yourself

  33. Class Lab • Create a new user with an expiration date of 02/28/2007 useradd –e 02/28/2007 user1 • Look at /etc/shadow user1:!!:13555:0:180:7::13572: • The 13555 is the number of days from 1 Jan 1970 (the UNIX Epoch date) and 13572 is 28 Feb 2007

  34. Class Lab • Add your full name to the account you created for yourself using usermod usermod –c “<yourname>” <userid> • Bottom Line – Many, many ways to manage your users. Including the various GUI applications.

  35. Unix “Epoch” Date = 1 Jan 1970 • The early Unix engineers picked that date arbitrarily, because they needed to set a uniform date for the start of time, and New Year's Day, 1970 seemed most convenient.

  36. System Profiles • When a user logs in a system profile is established • Set’s environment variables • I.e. PATH=/bin;/usr/bin; • Set’s alias’s • I.e. alias rm ‘rm –i’ alias cp ‘cp –I’ alias cls ‘clear’

  37. System Profiles • Various system-wide profiles: • /etc/profile (bourne shell) • /etc/bashrc (bash shell) • /etc/tcshrc (c-shell) • User specific profiles (located in home dir) • ~/.profile • ~/.bashrc • ~/.tcshrc

  38. Shell Scripts • A shell script is a group of commands, functions, variables, etc., that can be run from the shell prompt (command line) • Chapter 12 gives an overview of how shell scripts work and can be used. • Automate system chores • Application startup • Even generate web pages • http://www.wildbill.org/rose/spring07.cgi

  39. Shell Scripts (/etc/init.d/*) • Many of the startup scripts are located in the /etc/init.d directory • Know and understand symbolic links • A symbolic Link is where a file has one main name, but there's an extra entry in the file name table that refers any accesses back to the main name

  40. Shell Scripts (/etc/init.d/*) • Many of the startup scripts are located in the /etc/init.d directory • Know and understand symbolic links • A symbolic Link is where a file has one main name, but there's an extra entry in the file name table that refers any accesses back to the main name

  41. Symbolic Links • Symbolic links are set up using the ln command with the -s option - so for exampleln -s filename1.txt filename2.txt

  42. LILO • /etc/lilo.conf • Location of kernel • Disk partition to mount as root file system • Map installer • Read configuration file • Write boot loaders, OS info to hard disk

  43. GRUB • Boot time shell • GRUB interactive command prompt • Run new configuration on the fly • Dynamic default configuration • Can use to boot other OS

  44. GRUB • /boot/grub/grub.conf • # general section • splashimage (hd0,0)/grub/splash.xpm.gz • default 0 • timeout 30 • password -md5 encoded-password • title Linux • root (hd0,0) kernel /vmlinuz ro root=/dev/hda2

  45. LILO Traditional Need to be reinstalled in the master boot record after replacing the kernel or changing the boot configuration GRUB Newer Flexible Interactive command prompt Compare LILO and GRUB

  46. Kernel initialization • Checks system hardware • Identifies devices • Kernel • Makes hardware do what the programs want

  47. Kernel Initialization • Probe essential devices • CPU, Console, Memory • Probe other hardware Subsystem • I/O buses, Network interfaces, Hard disks, CD-ROM drives, Floppy drives, Storage devices

  48. Kernel Initialization • File System initialization • Logical volume manager subsystem • RAID • SCSI Devices • Hard disk partitions • Change configuration of kernel • /usr/src/linux/make menuconfig or xconfig • rdev • Boot loader parameter

  49. Init • Location: /sbin/init • Uses functions from libraries written in C • Checks and mounts file system • Starts up daemons to log system messages • Starts the getty processes that put the login prompts on your virtual terminals • Networking • Serves web page • Listen to the mouse

  50. Inittab file • Location: /etc/inittab • xx:levels:action:process • Xx • Label for the entry • Levels • Specific system operating mode • Predefined set of system processes

More Related