The Linux Operating System Lecture 3: Becoming the Superuser and Users and Groups The Tonga Institute of Higher Education.

Slides:



Advertisements
Similar presentations
Basic Unix system administration
Advertisements

Booting and Shuting Down WeeSan Lee. Roadmap Bootstrapping Boot Loaders Startup/Init Scripts Reboot & Shutdown Q&A.
Genesis: from raw hardware to processes System booting sequence: how does a machine come into life.
Chapter 9: Understanding System Initialization The Complete Guide To Linux System Administration.
Week 8 System Initialization and X Windows. Objectives  Summarize the major steps necessary to boot a Linux system  Configure the LILO and GRUB boot.
Booting and Shutting Down the UNIX Operating System Arcadio A. Sincero Jr. 6/6/2001 CMSC 691X, Section 6080.
Linux+ Guide to Linux Certification Chapter Nine System Initialization.
Linux can be generally divided into four major components: 1. KERNEL – OS, ultimate boss The kernel is the core program that runs programs and manages.
Linux+ Guide to Linux Certification, Second Edition Chapter 3 Linux Installation and Usage.
1 Web Server Administration Chapter 3 Installing the Server.
Starting and Stopping Linux. Boot Process BIOS initializes hardware –Loads the boot sector MBR loads the bootloader –Point to kernel Kernel initializes.
System Startup and Shutdown
Linux System Administration LINUX SYSTEM ADMINISTRATION.
Linux+ Guide to Linux Certification Chapter Three Linux Installation and Usage.
Introduction to Linux Installing Linux User accounts and management Linux’s file system.
Booting and boot levels
Hands-On Microsoft Windows Server 2008
The Linux Operating System Lecture 7: Tonga Institute of Higher Education.
Guide to Linux Installation and Administration, 2e1 Chapter 3 Installing Linux.
System Startup & Shutdown Objectives –to interpret the Unix startup and shutdown configuration files –to be able to create a customised run level Contents.
Guide to Linux Installation and Administration, 2e 1 Chapter 9 Preparing for Emergencies.
Guide to Linux Installation and Administration, 2e1 Chapter 8 Basic Administration Tasks.
1 Linux Basics for Networking. 2 Module - Linux Basics for Networking ♦ Overview This module focuses on the basics of networking using Redhat Enterprise.
Managing User Accounts. Module 2 – Creating and Managing Users ♦ Overview ► One should log into a Linux system with a valid user name and password granted.
Adding New Users User as an entity - username(UID), GID. UID - typically a number for system to identify the user. GID – a number that recognizes a set.
IT2204: Systems Administration I 1 6b). Introduction to Linux.
Day 11 SAMBA NFS Logs Managing Users. SAMBA Implements the ability for a Linux machine to communicate with and act like a Windows file server. –Implements.
ITI-481: Unix Administration Meeting 3 Christopher Uriarte, Instructor Rutgers University Center for Applied Computing Technologies.
Lesson 9-Setting and Using Permissions. Overview Describing file permissions. Using execute permissions with a file. Changing file permissions using mnemonics.
More on file systems, Booting Todd Kelley CST8177– Todd Kelley1.
Guide to Linux Installation and Administration1 Chapter 4 Running a Linux System.
Users Greg Porter V1.0, 26 Jan 09. What is a user? Users “own” files and directories Permission based on “ownership” Every user has a User ID (UID) 
System Startup & Shutdown
There are three types of users in linux  System users: ?  Super user: ?  Normal users: ?
Managing Users  Each system has two kinds of users:  Superuser (root)  Regular user  Each user has his own username, password, and permissions that.
Chapter 10 Chapter 10: Managing the Distributed File System, Disk Quotas, and Software Installation.
More on file systems, Booting Todd Kelley CST8177– Todd Kelley1.
Chapter 3 & 6 Root Status and users File Ownership Every file has a owner and group –These give read,write, and execute priv’s to the owner, group, and.
Creating and Managing File Systems. Module 5 – Creating and Managing File Systems ♦ Overview This module deals with the structure of the file system,
Linux Startup Process Presenter: Dipu Gupta.
Introduction to System Admin Sirak Kaewjamnong. 2 The system administration’s job  Adding a new user  Doing backup and restoring files from backups.
1 FreeBSD Installation AFNOG X Cairo, Egypt May 2009 Hervey Allen.
Lesson 3-Touring Utilities and System Features. Overview Employing fundamental utilities. Linux terminal sessions. Managing input and output. Using special.
The Saigon CTT Chapter 10 Managing Users. The Saigon CTT  Objectives  Define the requirements for user accounts  Explain group and group accounts 
© 2006 ITT Educational Services Inc. Linux Operating System :: Unit 3 :: Slide 1 Downloading and Installing Software yum pirut Bit Torrent rmp.
System Administration. Logging in as System Administrator System Admin login (aka superuser, aka root) –login id: root –Default PS1 prompt: # –Home directory:
1 Day 2 Logging in, Passwords, Man, talk, write. 2 Logging in Unix is a multi user system –Many people can be using it at the same time. –Connections.
SCSC 455 Computer Security Chapter 3 User Security.
1 FreeBSD Installation AFNOG Chix 2011 Blantyre, Malawi 31 st Oct - 4 th Nov 2011 Dorcas Muthoni and Evelyn Namara.
Linux Use the Command-Line Interface to Administer the System.
CSC414 “Introduction to UNIX/ Linux” Lecture 6. Schedule 1. Introduction to Unix/ Linux 2. Kernel Structure and Device Drivers. 3. System and Storage.
SUSE Linux Enterprise Desktop Administration Chapter 9 Manage Users, Groups, and Permissions.
Lecture 02 File and File system. Topics Describe the layout of a Linux file system Display and set paths Describe the most important files, including.
Lecture 4 & 5: System Architecture  File systems  Devices  File system permissions  Review of Linux runlevels  In-class exercise.
Basic UNIX system administration CS 2204 Class meeting 14 *Notes by Doug Bowman and other members of the CS faculty at Virginia Tech. Copyright
System initialization Unit objectives A.Outline steps necessary to boot a Linux system, configure LILO and GRUB boot loaders, and dual boot Linux with.
Linux Filesystem Administration
System Administration Startup Process. Why Care? ● Every process on your system comes about by following a specific chain of events from the machine startup.
LINUX SYSTEM ADMINISTRATION
Chapter Objectives In this chapter, you will learn:
Guide to Linux Installation and Administration, 2e
System Programming and administration CS 308
Advanced Operating Systems
Linux Users and Groups Management
OPS235: Week 1 Installing Linux (Lab1: Investigations 4 - )
SUSE Linux Enterprise Desktop Administration
LINUX SYSTEM ADMINISTRATION
Adding New Users.
Presentation transcript:

The Linux Operating System Lecture 3: Becoming the Superuser and Users and Groups The Tonga Institute of Higher Education

Root. ● We've been looking at how to manipulate the Linux system, figuring out where things go, but we can't really do anything without being the superuser, root. ● The root user, remember, can do anything he wants, so we have to be careful not to make mistakes. We could delete things that make the entire computer never work again. ● Most Linux users recommend only using the root user when you need to. In case you make mistakes you don't want to destroy your system. But there are a lot of times you'll need to be root if you have your own system to look after

What to do as root? ● Now that you are root, what are you able to do? ● Shutdown and reboot (if you are going to shutdown, you should send the command to do it, not just press the off button) – root]# shutdown – root]# ● Shutting down and rebooting are simple. We can also control a lot about how the system starts up and how it runs while it is on

System Startup ● The system will have many programs that will start up as 'services.' These will be things like the webserver, telnet server, but also kernel programs that keep the filesystem together, run memory and do system logging. ● Some of these services will be defined by the user, some by the system. You can control them all through the use of what is called Run Levels and the chkconfig command

What happens during a bootup? 1. BIOS: The Basic Input/Output System is the lowest level interface between the computer and peripherals. The BIOS performs integrity checks on memory and seeks instructions on the Master Boor Record (MBR) on the floppy drive or hard drive. 2. The MBR points to the boot loader (LILO: Linux boot loader). 3. LILO will then ask for the OS label which will identify which kernel to run. It then loads the Linux operating system. 4. The first thing the kernel does is to execute init program. Init is the root/parent of all processes executing on Linux. 5. The first processes that init starts is a script /etc/rc.d/rc.sysinit 6. Based on the appropriate run-level, scripts are then executed to start various processes to run the system

Run Levels ● A run level is a state of init and the whole system that defines what system services are operating. Run levels are identified by numbers – Run level numbers 0Halt the system. 1Single-user mode (for special administration). 2-5Normal operation (user defined). 6Reboot. ● Deciding on how you run your system at startup, the run level will determine what programs start and how much you are able to change

Run Levels ● Run levels are configured in /etc/inittab by lines like the following: – l2:2:wait:/etc/init.d/rc 2 ● The first field is an arbitrary label, the second one means that this applies for run level 2. The third field means that init should run the command in the fourth field once, when the run level is entered, and that init should wait for it to complete. The /etc/init.d/rc command runs whatever commands are necessary to start and stop services to enter run level 2. ● The command in the fourth field does all the hard work of setting up a run level. It starts services that aren't already running, and stops services that shouldn't be running in the new run level any more. Exactly what the command is, and how run levels are configured, depends on the Linux distribution.

Run Levels ● When init starts, it looks for a line in /etc/inittab that specifies the default run level: – id:2:initdefault: ● You can ask init to go to a non-default run level at startup by giving the kernel a command line argument of single or emergency. Kernel command line arguments can be given via LILO, for example. This allows you to choose the single user mode (run level 1). ● While the system is running, the telinit command can change the run level. When the run level is changed, init runs the relevant command from /etc/inittab.

Booting in single user mode ● An important run level is single user mode (run level 1), in which only the system administrator is using the machine and as few system services, including logins, as possible are running. Single user mode is necessary for a few administrative tasks. ● A running system can be taken to single user mode by using telinit to request run level 1. At bootup, it can be entered by giving the word single or emergency on the kernel command line: the kernel gives the command line to init as well, and init understands from that word that it shouldn't use the default run level. ● One reason to go to this level is if you forget your root password or if you need to check the filesystem on the “/” partition

init.d and xinet.d ● init.d is a folder in your /etc/rc.d directory that contains little programs called “scripts” that will start or stop services and programs on your computer. ● It is actually part of the startup process and based on what run level you have decided to use, different scripts will be run from the init.d folder ● Most of the scripts will have a 'start', 'stop', 'restart' and 'status' option so you can control the programs yourself ● For example, to start a webserver, you might do the following – /etc/rc.d/init.d/httpd start

rc.d ● So the program scripts are in the /etc/rc.d/init.d folder ● What is the /etc/rc.d folder for? ● /etc/rc.d will contain all the files needed to boot up. This is where the programs for the different run levels are saved. They are located in the /etc/rc.d/rc0.d/ --> /etc/rc.d/rc6.d/ ● Notice the files in these folders start with a S or a K before them. The files with an S mean they are for startup, the files with the K mean they are for the shutdown ● To add a new service and have it be included in the correct run level, you'll need to put the K and S files in the correct rcX.d folder (where X --> 0-6)

rc.d ● Sometimes with all the run levels and files things get confusing, so what if you just want a simple way to make things start when you boot up the system? ● There is a file called /etc/rc.d/rc.local. This 'rc.local' file will be run when the system starts and any commands inside of it will also be run. ● You just need to put the full path to where the file is saved. For example, if you want a mySQL database to start when the computer starts, just put in on the last line of the rc.local file – /usr/local/bin/mysql

xinet.d ● All the talk about init.d is for programs and services that are local, which means they run on the system and are not for networked enabled programs (generally speaking). ● For programs that are networked services, ones that talk to other computers on a network, the xinet.d folder is used in /etc/. ● xinet.d is relatively new to Linux, but used a lot in RedHat. When we get to the chapter about networking, we will look at it more in depth

Chkconfig ● So how can you control what programs will start up and shut down and find out what is actually running? ● The chkconfig command is used to activate and deactivate services. ● If you use the chkconfig --list command, you will see a list of system services and whether they are started (on) or stopped (off) in runlevels 0-6. ● Example: $ chkconfig --list anacron anacron 0:off 1:off 2:on 3:on 4:on 5:on 6:off

Chkconfig ● Examples: ● Forces httpd service to run for levels 3, 4 and 5. * chkconfig --level 345 httpd on ● Start the httpd service when system starts. * chkconfig --add httpd ● Do not start the sendmail system start. * chkconfig --del sendmail ● List all services and init levels. * chkconfig --list

chkconfig ● Most of the time we can just use chkconfig to turn things on and off (which is the easiest) ● It will make the changes for the current run level and thus, you won't need to worry about what run level you are changing ● root]# chkconfig sendmail ● root]# chkconfig httpd

Crontab ● So you know how to make programs start when the system starts, what about making programs run at a regular interval, for example every hour, or once a day? ● Crontab is a small program that is the task scheduler on Linux systems. It will act like an alarm clock. At a certain time, it will wake up and make a program run. ● When you access crontab, you have to use the text editor, vi. So all your practice with vi will pay off

Using crontab ● Each user is allowed to have his or her own crontab, but the root user will be the one to use it the most. ● To see your crontabs, type – crontab -l ● And what you'll see is something like – 0 1 * * * /home/www/cgi-bin/awstats.pl – 0 2 * * * /usr/bin/sarg – 0 3 * * * echo > /var/log/squid/access.log – 0 3 * * * echo > /var/mail/junk ● Basically a list of programs with some numbers and stars ● So what does it mean and how does it work?

Using crontab ● 0 1 * * * /home/www/cgi-bin/awstats.pl ● There are five fields to the schedule, and then the name of the program that will run ● The fields are, in this order, – MINUTE(0-59) – HOUR(0-23) – DAYOFMONTH(1-31) – MONTHOFYEAR(1-12) – DAYOFWEEK(0-6) Note 0 = Sun ● Also note that the ASTERISK (*) is what's called a WILDCARD meaning it will match any value. ● So in this example it will run on the 0 th minute of the 1 st hour of every day of the month, every month of the year and every day of the week

Add your own crontab ● So to add your own crontab, type – crontab -e ● This will open up the crontab file in 'vi' and you can add your own crontab line ● Crontab examples: ● Program1 will run every minute of the 1 st hour of the 4 th day of every month – * 1 4 * * /usr/bin/program1 ● Program2 will run every 15 th minute every 6 hours, every 10 th day of the 5 th month of the year 0,15,30,45 0,6,12, * /usr/bin/program2

User Management ● An important task for the root user is to be able to add new user's to the system and to delete old users. ● To add a user to the system we can use the command 'useradd' or we can do it all manually ● With 'useradd' /]$ useradd new_user -g students ● This will add a user called new_user and put them in the group called students ● To remove user, 'userdel' /]$ userdel new_user

Setting passwords ● To set a password for a new user, you'll use the 'passwd' program /]$ passwd new_user ● You'll then be prompted to enter in the new password for that user ● If you don't specify a user name, then you can change your own password

Groups ● Users also have options of being inside of groups. This is for security and permission reasons. For example, at a school, all students might be in the students group and all teachers in the staff group. ● You could then make student grades group readable for staff, but not for students. ● To add a new group to the system, use 'groupadd' /]$ groupadd students ● Now you'll be able to add students to this new group on your system

Adding users manually ● The list of users and their home directories are in the important file called '/etc/passwd' ● This file used to contain encrypted passwords of everyone on the system, but that proved insecure and they moved the passwords to a file called /etc/shadow that only root can read ● Inside /etc/passwd you'll see lines like user1:x:500:100:User 1:/home/user:/bin/bash ● Fields are separated by the ':' The first field is for the username. Then next, 'x' means the password is in /etc/shadow. 500 and 100 are the user id and group id respectively. User 1 is the name of the user. /home/user is their home directory and /bin/bash is the shell program they are using

The /etc/group file ● Groups are saved inside the file /etc/group and a line will look like this – administrators:x:501:user1,user2 ● The first field is the name of the group, the 'x' is for no password, 501 is the group id and the last field is a list of users who are also part of this group ● For example, user1 might be a part of staff and administrators, but his primary group is staff. So to add him to administrators, add him to the end of the line for in the /etc/group file

Assigning quotas ● Quotas limit how much space one user can take up on a system. If you don't have any quotas, then someone can put every movie they have on the computer until you run out of space and there is no room for virtual memory. That's bad ● So if you have a lot of users, its good to have some sort of quota system set up to limit how much they can save ● To add quotas to a system is sometimes tricky, but generally these are the steps to take. First open /etc/fstab and find the partition you want to change. You'll see something like /dev/hda2 /home ext3 defaults 1 1 ● You'll be adding the usrquota, and the grpquota part. This tells the file system there is a user and group quota. Do it like this: /dev/hda2 /home ext3 defaults,usrquota,grpquota 1 1

Assigning quotas ● The next step is to create a file where quotas are saved. Depending on what filesystem you have you might have to create a file called 'quota.user' or 'aquota.user' – touch /home/quota.user – chmod 600 /home/quota.user ● Then you need to turn on quotas – quotaon -av ● And now you are ready to start assigning quotas hopefully. You might have to reboot the computer so that the partition is remounted correctly at the beginning, with quotas enabled

Assigning quotas ● To assign a quota for a user, you'll use a command called 'edquota' – edquota -u user1 ● You'll see something like the below: ● Disk quotas for user user1 (uid 665): Filesystem blocks soft hard inodes soft hard /dev/hda ● Filesystem shows which partition it is on. ● Blocks shows how many KB the user has taken up ● Soft is the 'soft' quota for how many KB they can use. This means they'll get a warning when they get to this level ● Hard is the 'hard', they cannot go over this limit ● Inodes is the number of files they have created (hard and soft are quotas for the number of files they can have in total)

Checking and maintaining quotas ● To see all the quotas you have on a system, use the command: – repquota -a ● To see the quota for just one user, try – quota -u user1 ● Soft limits are like grace periods for people, it will let them keep their files for a certain amount of time above the soft limit, but then make them delete stuff after a certain amount of time ● To change how long that time is, use the command – edquota -t

Summary ● This chapter gave you a basic outline of somethings the root user is responsible for. ● The root user will also be involved in doing many other things, and there are many other commands that help the root user to administer ● We'll take a look at other things the root user can do, especially in terms of networking and security features on Linux ● Remember, if anyone found out your root user password, they could do whatever they want to your computer very easily.