2/19/2003 Lecture 3 Computer System Administration Lecture 3 Setup (continued)

2/19/2003 Lecture 3 On Your Own ● Machines Have/Will be reinstalled – Following Procedure in first 2 lectures – root passwords will be default ● No further “interference” from me. – You are responsible for: ● Security ● Users ● Packages/Software

2/19/2003 Lecture 3 Passwords ● The passwd(1) program – Same on all 3 architectures – Change the root password!!!!! – As root can change other users passwords.

2/19/2003 Lecture 3 /etc/passwd ● Database of user accounts – Flat-File ● Also standard format – Colon separated – Username – Password (encrypted) – UID – GID

2/19/2003 Lecture 3 Passwd(5) file format (cont) – GECOS field ● Comma Separated ● Name ● Phone number ● Office ● Etc... – Home Directory – Shell

2/19/2003 Lecture 3 Shadow Passwords ● Hides the encrypted form of the password. – Root-only access ● Solaris – /etc/shadow – Additional information (must update both) ● Last change time ● Min change time ● Inactive time ●...

2/19/2003 Lecture 3 Shadow Passwords(cont) ● Irix – /etc/shadow ● Also additional fields (must update both) ● Last change ● Min change ● Inactive ●...

2/19/2003 Lecture 3 FreeBSD Shadow Passwords ● /etc/master.passwd – “master” password file – /etc/passwd is generated from master.passwd ● pwd_mkdb – Hashed databases generated ● /etc/pwd.db (public) ● /etc/spwd.db (shadow/private)

2/19/2003 Lecture 3 man(1) pages ● Unix system self documentation/reference – Sections ● Solaris (/usr/share/man/...) – Section 1: User Commands – Section 2: Kernel Functions – Section 3: Library Functions ● Subsections: aio, c, curses, kstat,... – Section 4: File Formats – Section 5: Standards, Environments, Macros

2/19/2003 Lecture 3 Solaris man(1) Sections (cont) – Section 6: Games and Demos – Section 7: Device and Network Interfaces – Section 9: Device Driver Interfaces ● Requesting a specific manpage – man [-s section] page ● Search path – man -s 1 passwd – man -s 4 passwd

2/19/2003 Lecture 3 FreeBSD man(1) sections ● /usr/share/man ● Section 1: User Commands ● Section 2: Kernel Functions ● Section 3: Library Functions ● Section 4: Device Driver Reference ● Section 5: File Formats ● Section 6: Games

2/19/2003 Lecture 3 FreeBSD man(1) sections ● Section 7: Misc ● Section 8: System Administration Commands ● Section 9: Kernel Programming Reference ● Requesting a specific section: – Man [section] page ● Search path ● Man 5 passwd

2/19/2003 Lecture 3 Irix man(1) sections ● Located in /usr/share/catman – Subdivided ● a_man: Administrative ● g_man: Graphics ● u_man: User ● p_man: Programming – Sections ● Section 1: Shell Commands ● Section 2: Kernel Functions

2/19/2003 Lecture 3 Irix man(1) sections ● Section 3: Library Functions ● Section 4: File Formats ● Section 5: Misc ● Section 6: Games ● Section 7: Devices ● Section 8: System Daemons – Requesting specific sections ● man [section] page – Man 4 passwd

2/19/2003 Lecture 3 System Services ● Securing your System – Stop unnecessary services – Tools ● ps ● netstat ● fstat(FreeBSD)/fuser(Solaris/Irix)

2/19/2003 Lecture 3 Solaris System Startup ● Runlevels (man init) – S/s: Single User – 0: Firmware – 1: Administrative – 2: Multi-user mode – 3: Multi-user+Network share – 4: Free – 5: power-off – 6: reboot

2/19/2003 Lecture 3 Runlevel State Transition ● Startup (initdefault 3) – Runlevel 2 – Runlevel 3

2/19/2003 Lecture 3 Runlevel Scripts ● /etc/rc? ● /etc/rc?.d – /etc/rc2.d – /etc/rc3.d – Scripts typically linked to their real location in /etc/init.d ● Kill Scripts – Begin with K – Executed in alphabetical order – K00foo stop

2/19/2003 Lecture 3 Runlevel Start Scripts ● Start Scripts – Begin with S – Executed in alphabetical order – S99foo start

2/19/2003 Lecture 3 start/stop scripts ● Are ONLY executed on a transition INTO a state – KILL scripts are NOT executed when you leave a state, only the kill scripts of the new state are executed – If you want to have apache only running in runlevel 3 you need to put Kill scripts in any other runlevels (typically 2 and 1)

2/19/2003 Lecture 3 Disabling Scripts ● Delete links and originals in /etc/rc?.d and /etc/init.d – BAD – No record of what was once there, no way to get it back ● Delete /etc/rc?.d/[KS]##foo. – Bad – Can retrieve it, but don't know where it goes.

2/19/2003 Lecture 3 Disabling Scripts (cont) ● Rename it – mv S99foo disabled.S99foo – mv K00foo disabled.K00foo – Doesn't start/stop (doesn't begin with K or S) – Keeps a record – Can be reversed

2/19/2003 Lecture 3 Irix System Startup ● Also runlevel/inittab based ● You can manage irix processes in the same way ● Better way – chkconfig ● chkconfig doesn't know about runlevels – Process typically only started/stopped once, in a specific runlevel

2/19/2003 Lecture 3 Chkconfig ● Seeing whats on and whats off – chkconfig -s ● Setting state – chkconfig [-f]{variable} {on | off} – -f for a new flag ● Create your own! ● State stored in /etc/config – One file/variable (same name as variable) – Optionally “variable.options” (stores options for that variable

2/19/2003 Lecture 3 FreeBSD System Startup ● No Runlevels/inittab – Configuration provided by 'rc.conf', similar to Irix chkconfig

2/19/2003 Lecture 3 rc.conf ● rc.conf – /etc/defaults/rc.conf ● Read first ● information/defaults only ● DO NOT EDIT – Will be overwritten by system upgrades/etc – /etc/rc.conf ● Read second ● Make changes here ● Only need to add specific entries for items you want changed

2/19/2003 Lecture 3 FreeBSD Startup: Customizing ● /usr/local/etc/rc.d – local_startup ● Run like inittab scripts – Alphabetical – {start | stop} – Must end in “.sh” – Disable via: mv foo.sh foo.sh.disabled