Rootly Powers and Controlling Processes Chapters 3 & 4 Rootly Powers and Controlling Processes

Linux Admin Session 2 Outline All things root. More fun with commands, shells, and scripting. Processes and how to manipulate them.

Lets Review Helpful documentation is available on most commands. Use “man” command to open the manual page for that application (i.e., man wc ) Alternatively use “command --help” to open a brief help/usage screen

Lets Review Homework cut: separate lines into fields sort: sort lines uniq: print unique lines wc: count lines, words, and characters For example, the command below shows that 20 users have /bin/bash as their login shell and that 12 have /bin/false. (The latter are either pseudo-users or users whose accounts have been disabled.) $ cut -d: -f7 /etc/passwd | sort | uniq -c 20 /bin/bash 12 /bin/false

Shell Environment Variables Shell Environment All the programs that run under Linux are called as processes. Processes run continuously in Linux and you can kill or suspend different processes using various commands. When you start a program a new process is created. This process runs within what is called an environment. This particular environment would be having some characteristics which the program/process may interact with. Every program runs in its own environment. You can set parameters in this environment so that the running program can find desired values when it runs. Setting a particular parameter is as simple as typing VARIABLE=value . This would set a parameter by the name VARIABLE with the value that you provide. To see a list of the environment variables that are already set on your machine, type the following $ env

File Ownership Every file in Linux system belongs to an owner and a group. Owners are users or names on the system Groups – collections of users with the same file privileges The “find” command is used to locate files on a Unix or Linux system.  find will search any set of directories you specify for files that match the supplied search criteria.  (example) The “ls” command lists file information (example) UIDs and GIDs Mapped to names in /etc/passwd and /etc/group Similar to DOS command “dir” $ find / -name core $ find / -user student 2> /dev/null (sends error messages here permission denied) $ find / -name core > /tmp/corefiles 2> /dev/null $ ps –ef | grep httpd

Editors (Scripting) Vim (vi improved) Emacs Pico

Root “With great power comes great responsibility…….” Root aka “superuser” UID 0 Traditionally root could perform any operation on any process. (bad idea)

Root cont’ Some examples of root activities include: Changing the root directory of a process Creating device files Setting the system clock Raising resource usage limits and process priorities Setting the systems hostname Configuring the network interfaces Opening privileged network ports Shutting down the system

Root Password Lets look at security guide page 40 At least 8 characters in length Secure – “DG%k2ac40zxko7@$” NOT Secure “password” “12345” “cooper!ee” :P Change the password: every 3 months when security has been compromised when other sys admins leave

Secure Password Creation Methodology T here are many methods that people use to create secure passwords. One of the more popular methods involves acronyms. For example: Think of an easily-remembered phrase, such as: "over the river and through the woods, to grandmother's house we go." Next, turn it into an acronym (including the punctuation). otrattw,tghwg. Add complexity by substituting numbers and symbols for letters in the acronym. For example, substitute 7 for t and the at symbol (@ ) for a: o7r@ 77w,7ghwg. Add more complexity by capitalizing at least one letter, such as H. o7r@ 77w,7gHwg. Finally, do not use the example password above for any systems, ever.

Creating User Passwords Within an Organization If an organization has a large number of users, the system administrators have two basic options available to force the use of good passwords. They can create passwords for the user, or they can let users create their own passwords, while verifying the passwords are of acceptable quality. Creating the passwords for the users ensures that the passwords are good, but it becomes a daunting task as the organization grows. It also increases the risk of users writing their passwords down. For these reasons, most system administrators prefer to have the users create their own passwords, but actively verify that the passwords are good and, in some cases, force users to change their passwords periodically through password aging. (we will revisit password aging – for now – man “chage” command)

Forcing Strong Passwords When users are asked to create or change passwords, they can use the command line application passwd, which is Pluggable Authentication Modules (PAM) aware and therefore checks to see if the password is too short or otherwise easy to crack. /etc/security/pwquality.conf

Becoming Root Logging in a root is typically a bad idea Actions are not logged The su command gives any user access The sudo command – executes programs with su like privileges /etc/sudoers lists authorized users Good for 5 minutes Sudoers actions are logged Du –sh /root

Other Pseudo Users bin – legacy owner of system commands (now used by root account) daemon – files and processes part of the Linux distribution but do not need to be owned by root nobody account- used for remote root users to access local file systems via NFS (network file sharing)

Controlling Processes A process is an address space and set of data structures inside the kernel The kernel maintains process information Address space map Process status Execution priority Resources used Files and network ports opened Owner of the process

Processes Remember the “ps” command PID – unique process IDs created by the kernel PPID – the parent ID of the process EUID – effective user ID Typically the same value as UID UID controls process ownership EUID controls process permissions GID and EGID are similar to UID and EUID respectively

Signals Provide interrupts to process Over 20 are defined (maybe more) E.g. Can be used to halt or terminate processes via terminal, kernel or processes. When a process receives a signal “catch” the signal and perform some defined action Take a default action Processes can also block or ignore signals Core dump

nohup sh custom-script.sh & No hang up and bg 0. Run some SOMECOMMAND 1. ctrl+z to stop (pause) the program and get back to the shell 2. bg to run it in the background 3. disown -h so that the process isn't killed when the terminal closes 4. Type exit to get out of the shell because now your good to go as the operation will run in the background in it own process so its not tied to a shell

Taking it one step further…. jobs - list the current jobs fg - resume the job that's next in the queue fg %[number] - resume job [number] bg - Push the next job in the queue into the background bg %[number] - Push the job [number] into the background

Kill Command “kill” is used to terminate a process Can send any signal but by default sends TERM signal kill –l lists all possible signals kill -9 (KILL) pid The “pkill” command is similar to killall

Process State Process can enter one of four states: “R” Runnable - ready for execution “S” Sleeping - waiting on resource before execution ”Z” Zombie - process is trying to die “T” Stopped - process is not allowed to execute “top” command (example) “ps aux” a option prints all processes, u option prints info about each process, and x option prints terminal based processes

/Proc A lot of kernel information is stored in the /proc directory Programs such as ps pull information from this directory Inside the /proc directory, you’ll see two types of content — numbered directories, and system information files. /proc is not a real file system, it is a virtual file system. For example, if you do ls -l /proc/stat, you’ll notice that it has a size of 0 bytes, but if you do “cat /proc/stat”, you’ll see some content inside the file. Do a ls -l /proc, and you’ll see lot of directories with just numbers. These numbers represents the process ids, the files inside this numbered directory corresponds to the process with that particular PID.