scis.regis.edu ● CS 468: Advanced UNIX Class 2 Dr. Jesús Borrego Regis University 1

Topics Homework 1 solutions How to capture output to file Installation of system User Administration How to capture output to file Homework 2 Assignment Q&A 2

Capturing script interaction 3

Adding Users Tasks: Assign user name Add new entry to password file Add entry to group file Create home directory for user Create startup files for user Notify user 4

Password file format username: password: userID: groupID: personal: home directory: startup 5

6 username:password:userID:groupID:personal:home directory:startup

Group file 7

LDAP Lightweight Directory Access Protocol Smaller version of Directory Services X.500 Table look up of entries; look up an entry and it finds attributes Used to determine access given to a user Used by most operating systems, including Unix, Linux, and Windows ▫MS: Active Directory 8

Directory Services Overview Directory Concept ▫Look up resources based on known attributes Based on IETF and ISB X.500 ▫ bin/rfc/rfc1777.htmlhttp:// bin/rfc/rfc1777.html DAP – Directory Access Protocol ▫Specified in X.511 LDAP – Lightweight DAP ▫Clients can read and query the directory 9

Directory Services Entities have attributes that can be used to search ▫Files can have access descriptors for users Contains a number of records with (attribute, value) pairs Collection of directory entries is called a Directory Information Base (DIB) 10 Source: Tanenbaum, A., & Steen, M. V. (2007). Distributed systems: Principles and paradigms (2nd ed.). Upper Saddle River, NJ: Pearson Prentice Hall.

Directory Services Overview Resources can be: ▫Computers, servers, databases, printers ▫People, groups ▫Anything on a network Dependent on TCP/IP for functionality 11 Source: Schwartz, R. (2000). Windows 2000 Active Directory survival guide: Planning and implementation. New York, NY: John Wiley & Sons

Active Directory Concepts Namespace – name or group of names defined according to a naming convention Name resolution – the ability to attribute a name to an object on the network ▫Distinguished Name (DN) – from the root  Division/Department/Section/Unit/Group ▫Relative Distinguished Name (RDN) – relative to a particular location ./Group 12 Source: Schwartz, R. (2000). Windows 2000 Active Directory survival guide: Planning and implementation. New York, NY: John Wiley & Sons

Microsoft Directory Services Services defined as: ▫Single point of access to network resources ▫Adaptive and expandable information source ▫Common policy or set of rules ▫Methods for querying directory objects 13 Source: Schwartz, R. (2000). Windows 2000 Active Directory survival guide: Planning and implementation. New York, NY: John Wiley & Sons

MS Active Directory Framework Logical Elements ▫Structure ▫Relationships Physical Components ▫AD Sites ▫Domain Controllers 14 Source: Schwartz, R. (2000). Windows 2000 Active Directory survival guide: Planning and implementation. New York, NY: John Wiley & Sons

Logical Elements Objects Schema Domains Containers and OUs Trees and Forests Sites and Domain Controllers 15 Source: Schwartz, R. (2000). Windows 2000 Active Directory survival guide: Planning and implementation. New York, NY: John Wiley & Sons

Objects “Any item contained in the directory that has a common set of attributes” Examples: users, workstations, printers, databases, files Has properties and is defined by class definitions Can be a parent or child 16 Source: Schwartz, R. (2000). Windows 2000 Active Directory survival guide: Planning and implementation. New York, NY: John Wiley & Sons

Object Attributes Property = Attribute A set of information defining an object Children inherit attributes of parents Actual value defines object uniquely ▫A printer can be a parent and has attributes  Location, brand, properties ▫An HP OfficeJet J4680 at IP is a specific printer 17 Source: Schwartz, R. (2000). Windows 2000 Active Directory survival guide: Planning and implementation. New York, NY: John Wiley & Sons

Object Classes Classes grouped by attributes Sample classes: ▫Users ▫Groups ▫Computers ▫Organizational Units ▫Databases ▫… 18 Source: Schwartz, R. (2000). Windows 2000 Active Directory survival guide: Planning and implementation. New York, NY: John Wiley & Sons

Structure Components Containers ▫Store objects in the directory (domains, OUs) Domains ▫Form security boundaries on a network ▫Security settings do not cross over domains OUs ▫Subdivide directory structure into smaller units  Makes administration easier and more manageable 10/11/ Source: Schwartz, R. (2000). Windows 2000 Active Directory survival guide: Planning and implementation. New York, NY: John Wiley & Sons

Relational Components Trees ▫A contiguous namespace ▫Domains interconnected via relationships Forests ▫Collection of trees Global Catalog Server ▫Central repository of objects 20 Source: Schwartz, R. (2000). Windows 2000 Active Directory survival guide: Planning and implementation. New York, NY: John Wiley & Sons

Trees Logical hierarchy of domains within the namespace ▫Within the tree, domains are interconnected in trust relationships Trust Relationship ▫Formed when two or more domains are joined in the sane namespace and a link is formed 21 Source: Schwartz, R. (2000). Windows 2000 Active Directory survival guide: Planning and implementation. New York, NY: John Wiley & Sons

Forests When companies merge ▫Individual trees are merged into a forest Allows established trees to coexist in a new network First tree created in the forest becomes the root (by default) Trees in forest share common schema, configuration, and catalog server 22 Source: Schwartz, R. (2000). Windows 2000 Active Directory survival guide: Planning and implementation. New York, NY: John Wiley & Sons

Chapter 7: Adding New Users 23

User management commands To add users: useradd To delete users: userdel To modify users: usermod 24

Login names rules 25

Password encryption 26

Encryption Crypt – based on DES MDT SHA256 Blowfish 27

UserID Login names are understandable to users UID is used by the system internally UIDs must be unique across the organization User IDs are managed by LDAP 28

Group ID Defined in /etc/groups 32-bit number GID 0 – system Group ID for a user is stored in the password file GECOS – General Comprehensive OS ▫Contains general information about user p

User information Home Directory Login shell (bash default) Login scripts 30

Other startup files See.bashrc See.bash_profile Review table 7.3, page

Startup files 32

Bash profile 33

Adding Users 34

User account options 35

Chapter 12: 36

Installing UNIX Installation methods: From media (DVD) From network installation (DHCP, TFTP) that boots system without media ▫Retrieves files from network (HTTPS, NFS, FTP) From network card Others (system dependent): Kickstart, LILO, AutoYaST 37

Installation documentation 38

Keywords for JumpStart 39

Packages Used to distribute software Can also be used to release other files Attempt to make installation easier than using tar.gz archives Include dependencies to determine what components are required for a given installation 40

Package concepts Release – a software baseline Component – Subset of software within a release Architecture – Specific class of hardware Packages – elements that make up components and releases 41

Binaries and config files 42

Software Distribution Commands 43

Revision Control Need to keep track of versions for a system – Why? Can do backups but they become cumbersome CVS SubVersion Revision Version Branches Trunks 44

Branch Management 45

Localization and Configuration Need to configure all devices and file systems Need to maintain inventory of devices Software released involve maintaining licenses Set up a test environment before releasing changes If possible, take advantage of management tools 46

Questions? 47