1 / 30

The Linux Operating System

The Linux Operating System. The Tonga Institute of Higher Education. Lecture 3: Becoming the Superuser and Users and Groups. Root. We've been looking at how to manipulate the Linux system, figuring out where things go, but we can't really do anything without being the superuser, root.

shlomo
Télécharger la présentation

The Linux Operating System

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. The Linux Operating System The Tonga Institute of Higher Education Lecture 3: Becoming the Superuser and Users and Groups

  2. Root. • We've been looking at how to manipulate the Linux system, figuring out where things go, but we can't really do anything without being the superuser, root. • The root user, remember, can do anything he wants, so we have to be careful not to make mistakes. We could delete things that make the entire computer never work again. • Most Linux users recommend only using the root user when you need to. In case you make mistakes you don't want to destroy your system. But there are a lot of times you'll need to be root if you have your own system to look after

  3. What to do as root? • Now that you are root, what are you able to do? • Shutdown and reboot (if you are going to shutdown, you should send the command to do it, not just press the off button) • [root@usp root]# shutdown -now • [root@usp root]# reboot • Shutting down and rebooting are simple. We can also control a lot about how the system starts up and how it runs while it is on

  4. System Startup • The system will have many programs that will start up as 'services.' These will be things like the webserver, telnet server, but also kernel programs that keep the filesystem together, run memory and do system logging. • Some of these services will be defined by the user, some by the system. You can control them all through the use of what is called Run Levels and the chkconfig command

  5. What happens during a bootup? 1. BIOS: The Basic Input/Output System is the lowest level interface between the computer and peripherals. The BIOS performs integrity checks on memory and seeks instructions on the Master Boor Record (MBR) on the floppy drive or hard drive. 2. The MBR points to the boot loader (LILO: Linux boot loader). 3. LILO will then ask for the OS label which will identify which kernel to run. It then loads the Linux operating system. 4. The first thing the kernel does is to execute init program. Init is the root/parent of all processes executing on Linux. 5. The first processes that init starts is a script /etc/rc.d/rc.sysinit 6. Based on the appropriate run-level, scripts are then executed to start various processes to run the system

  6. Run Levels • A run level is a state of init and the whole system that defines what system services are operating. Run levels are identified by numbers • Run level numbers 0 Halt the system. 1 Single-user mode (for special administration). 2-5 Normal operation (user defined). 6 Reboot. • Deciding on how you run your system at startup, the run level will determine what programs start and how much you are able to change

  7. Run Levels • Run levels are configured in /etc/inittab by lines like the following: • l2:2:wait:/etc/init.d/rc 2 • The first field is an arbitrary label, the second one means that this applies for run level 2. The third field means that init should run the command in the fourth field once, when the run level is entered, and that init should wait for it to complete. The /etc/init.d/rc command runs whatever commands are necessary to start and stop services to enter run level 2. • The command in the fourth field does all the hard work of setting up a run level. It starts services that aren't already running, and stops services that shouldn't be running in the new run level any more. Exactly what the command is, and how run levels are configured, depends on the Linux distribution.

  8. Run Levels • When init starts, it looks for a line in /etc/inittab that specifies the default run level: • id:2:initdefault: • You can ask init to go to a non-default run level at startup by giving the kernel a command line argument of single or emergency. Kernel command line arguments can be given via LILO, for example. This allows you to choose the single user mode (run level 1). • While the system is running, the telinit command can change the run level. When the run level is changed, init runs the relevant command from /etc/inittab.

  9. Booting in single user mode • An important run level is single user mode (run level 1), in which only the system administrator is using the machine and as few system services, including logins, as possible are running. Single user mode is necessary for a few administrative tasks. • A running system can be taken to single user mode by using telinit to request run level 1. At bootup, it can be entered by giving the word single or emergency on the kernel command line: the kernel gives the command line to init as well, and init understands from that word that it shouldn't use the default run level. • One reason to go to this level is if you forget your root password or if you need to check the filesystem on the “/” partition

  10. init.d and xinet.d • init.d is a folder in your /etc/rc.d directory that contains little programs called “scripts” that will start or stop services and programs on your computer. • It is actually part of the startup process and based on what run level you have decided to use, different scripts will be run from the init.d folder • Most of the scripts will have a 'start', 'stop', 'restart' and 'status' option so you can control the programs yourself • For example, to start a webserver, you might do the following • /etc/rc.d/init.d/httpd start

  11. rc.d • So the program scripts are in the /etc/rc.d/init.d folder • What is the /etc/rc.d folder for? • /etc/rc.d will contain all the files needed to boot up. This is where the programs for the different run levels are saved. They are located in the /etc/rc.d/rc0.d/ --> /etc/rc.d/rc6.d/ • Notice the files in these folders start with a S or a K before them. The files with an S mean they are for startup, the files with the K mean they are for the shutdown • To add a new service and have it be included in the correct run level, you'll need to put the K and S files in the correct rcX.d folder (where X --> 0-6)

  12. rc.d • Sometimes with all the run levels and files things get confusing, so what if you just want a simple way to make things start when you boot up the system? • There is a file called /etc/rc.d/rc.local. This 'rc.local' file will be run when the system starts and any commands inside of it will also be run. • You just need to put the full path to where the file is saved. For example, if you want a mySQL database to start when the computer starts, just put in on the last line of the rc.local file • /usr/local/bin/mysql

  13. xinet.d • All the talk about init.d is for programs and services that are local, which means they run on the system and are not for networked enabled programs (generally speaking). • For programs that are networked services, ones that talk to other computers on a network, the xinet.d folder is used in /etc/. • xinet.d is relatively new to Linux, but used a lot in RedHat. When we get to the chapter about networking, we will look at it more in depth

  14. Chkconfig • So how can you control what programs will start up and shut down and find out what is actually running? • The chkconfig command is used to activate and deactivate services. • If you use the chkconfig --list command, you will see a list of system services and whether they are started (on) or stopped (off) in runlevels 0-6. • Example: $ chkconfig --list anacron anacron 0:off 1:off 2:on 3:on 4:on 5:on 6:off

  15. Chkconfig • Examples: • Forces httpd service to run for levels 3, 4 and 5. * chkconfig --level 345 httpd on • Start the httpd service when system starts. * chkconfig --add httpd • Do not start the sendmail system start. * chkconfig --del sendmail • List all services and init levels. * chkconfig --list

  16. chkconfig • Most of the time we can just use chkconfig to turn things on and off (which is the easiest) • It will make the changes for the current run level and thus, you won't need to worry about what run level you are changing • [root@comp root]# chkconfig sendmail off • [root@comp root]# chkconfig httpd on

  17. Crontab • So you know how to make programs start when the system starts, what about making programs run at a regular interval, for example every hour, or once a day? • Crontab is a small program that is the task scheduler on Linux systems. It will act like an alarm clock. At a certain time, it will wake up and make a program run. • When you access crontab, you have to use the text editor, vi. So all your practice with vi will pay off

  18. Using crontab • Each user is allowed to have his or her own crontab, but the root user will be the one to use it the most. • To see your crontabs, type • crontab -l • And what you'll see is something like • 0 1 * * * /home/www/cgi-bin/awstats.pl • 0 2 * * * /usr/bin/sarg • 0 3 * * * echo > /var/log/squid/access.log • 0 3 * * * echo > /var/mail/junk • Basically a list of programs with some numbers and stars • So what does it mean and how does it work?

  19. Using crontab • 0 1 * * * /home/www/cgi-bin/awstats.pl • There are five fields to the schedule, and then the name of the program that will run • The fields are, in this order, • MINUTE(0-59) • HOUR(0-23) • DAYOFMONTH(1-31) • MONTHOFYEAR(1-12) • DAYOFWEEK(0-6) Note 0 = Sun • Also note that the ASTERISK (*) is what's called a WILDCARD meaning it will match any value. • So in this example it will run on the 0th minute of the 1st hour of every day of the month, every month of the year and every day of the week

  20. Add your own crontab • So to add your own crontab, type • crontab -e • This will open up the crontab file in 'vi' and you can add your own crontab line • Crontab examples: • Program1 will run every minute of the 1st hour of the 4th day of every month • * 1 4 * * /usr/bin/program1 • Program2 will run every 15th minute every 6 hours, every 10th day of the 5th month of the year 0,15,30,45 0,6,12,18 10 5 * /usr/bin/program2

  21. User Management • An important task for the root user is to be able to add new user's to the system and to delete old users. • To add a user to the system we can use the command 'useradd' or we can do it all manually • With 'useradd' [root@usp /]$ useradd new_user -g students • This will add a user called new_user and put them in the group called students • To remove user, 'userdel' [root@usp /]$ userdel new_user

  22. Setting passwords • To set a password for a new user, you'll use the 'passwd' program [root@usp /]$ passwd new_user • You'll then be prompted to enter in the new password for that user • If you don't specify a user name, then you can change your own password

  23. Groups • Users also have options of being inside of groups. This is for security and permission reasons. For example, at a school, all students might be in the students group and all teachers in the staff group. • You could then make student grades group readable for staff, but not for students. • To add a new group to the system, use 'groupadd' [root@usp /]$ groupadd students • Now you'll be able to add students to this new group on your system

  24. Adding users manually • The list of users and their home directories are in the important file called '/etc/passwd' • This file used to contain encrypted passwords of everyone on the system, but that proved insecure and they moved the passwords to a file called /etc/shadow that only root can read • Inside /etc/passwd you'll see lines like user1:x:500:100:User 1:/home/user:/bin/bash • Fields are separated by the ':' The first field is for the username. Then next, 'x' means the password is in /etc/shadow. 500 and 100 are the user id and group id respectively. User 1 is the name of the user. /home/user is their home directory and /bin/bash is the shell program they are using

  25. The /etc/group file • Groups are saved inside the file /etc/group and a line will look like this • administrators:x:501:user1,user2 • The first field is the name of the group, the 'x' is for no password, 501 is the group id and the last field is a list of users who are also part of this group • For example, user1 might be a part of staff and administrators, but his primary group is staff. So to add him to administrators, add him to the end of the line for in the /etc/group file

  26. Assigning quotas • Quotas limit how much space one user can take up on a system. If you don't have any quotas, then someone can put every movie they have on the computer until you run out of space and there is no room for virtual memory. That's bad • So if you have a lot of users, its good to have some sort of quota system set up to limit how much they can save • To add quotas to a system is sometimes tricky, but generally these are the steps to take. First open /etc/fstab and find the partition you want to change. You'll see something like /dev/hda2 /home ext3 defaults 1 1 • You'll be adding the usrquota, and the grpquota part. This tells the file system there is a user and group quota. Do it like this: /dev/hda2 /home ext3 defaults,usrquota,grpquota 1 1

  27. Assigning quotas • The next step is to create a file where quotas are saved. Depending on what filesystem you have you might have to create a file called 'quota.user' or 'aquota.user' • touch /home/quota.user • chmod 600 /home/quota.user • Then you need to turn on quotas • quotaon -av • And now you are ready to start assigning quotas hopefully. You might have to reboot the computer so that the partition is remounted correctly at the beginning, with quotas enabled

  28. Assigning quotas • To assign a quota for a user, you'll use a command called 'edquota' • edquota -u user1 • You'll see something like the below: • Disk quotas for user user1 (uid 665): Filesystem blocks soft hard inodes soft hard /dev/hda3 18860 99000 100000 71 0 0 • Filesystem shows which partition it is on. • Blocks shows how many KB the user has taken up • Soft is the 'soft' quota for how many KB they can use. This means they'll get a warning when they get to this level • Hard is the 'hard', they cannot go over this limit • Inodes is the number of files they have created (hard and soft are quotas for the number of files they can have in total)

  29. Checking and maintaining quotas • To see all the quotas you have on a system, use the command: • repquota -a • To see the quota for just one user, try • quota -u user1 • Soft limits are like grace periods for people, it will let them keep their files for a certain amount of time above the soft limit, but then make them delete stuff after a certain amount of time • To change how long that time is, use the command • edquota -t

  30. Summary • This chapter gave you a basic outline of somethings the root user is responsible for. • The root user will also be involved in doing many other things, and there are many other commands that help the root user to administer • We'll take a look at other things the root user can do, especially in terms of networking and security features on Linux • Remember, if anyone found out your root user password, they could do whatever they want to your computer very easily.

More Related