Download presentation
Presentation is loading. Please wait.
1
Advanced Operating Systems
Tonga Institute of Higher Education Advanced Operating Systems Lecture 6: Becoming the Superuser and Users and Groups
2
Root. We've been looking at how to manipulate the Linux system, figuring out where things go, but we can't really do anything without being the superuser, root. The root user, remember, can do anything he wants, so we have to be careful not to make mistakes. We could delete things that make the entire computer never work again. Most Linux users recommend only using the root user when you need to. In case you make mistakes you don't want to destroy your system. But there are a lot of times you'll need to be root if you have your own system to look after
3
What to do as root? Now that you are root, what are you able to do?
Shutdown and reboot (if you are going to shutdown, you should send the command to do it, not just press the off button) root]# shutdown -now root]# reboot Shutting down and rebooting are simple. We can also control a lot about how the system starts up and how it runs while it is on
4
System Startup The system will have many programs that will start up as 'services.' These will be things like the webserver, telnet server, but also kernel programs that keep the filesystem together, run memory and do system logging. Some of these services will be defined by the user, some by the system. You can control them all through the use of what is called Run Levels and the chkconfig command (if you have the chkconfig command, if you don’t we need to edit files)
5
What happens during a bootup?
1. BIOS: The Basic Input/Output System is the lowest level interface between the computer and peripherals. The BIOS performs integrity checks on memory and seeks instructions on the Master Boor Record (MBR) on the floppy drive or hard drive. 2. The MBR points to the boot loader (LILO: Linux boot loader). 3. LILO will then ask for the OS label which will identify which kernel to run. It then loads the Linux operating system. 4. The first thing the kernel does is to execute init program. Init is the root/parent of all processes executing on Linux. 5. The first processes that init starts is a script /etc/rc.d/rc.sysinit 6. Based on the appropriate run-level, scripts are then executed to start various processes to run the system
6
Run Levels A run level is a state of init and the whole system that defines what system services are operating. Run levels are identified by numbers Run level numbers 0 Halt the system. 1 Single-user mode (for special administration). 2-5 Normal operation (user defined). 6 Reboot. Deciding on how you run your system at startup, the run level will determine what programs start and how much you are able to change
7
Run Levels Run levels are configured in /etc/inittab by lines like the following: l2:2:wait:/etc/init.d/rc 2 The first field is an arbitrary label, the second one means that this applies for run level 2. The third field means that init should run the command in the fourth field once, when the run level is entered, and that init should wait for it to complete. The /etc/init.d/rc command runs whatever commands are necessary to start and stop services to enter run level 2. The command in the fourth field does all the hard work of setting up a run level. It starts services that aren't already running, and stops services that shouldn't be running in the new run level any more. Exactly what the command is, and how run levels are configured, depends on the Linux distribution.
8
Run Levels When init starts, it looks for a line in /etc/inittab that specifies the default run level: id:2:initdefault: You can ask init to go to a non-default run level at startup by giving the kernel a command line argument of single or emergency. Kernel command line arguments can be given via LILO, for example. This allows you to choose the single user mode (run level 1). While the system is running, the telinit command can change the run level. When the run level is changed, init runs the relevant command from /etc/inittab.
9
/etc/inittab configuration
The /etc/inittab has some special features that allow init to react to special circumstances. These special features are marked by special keywords in the third field. Some examples: powerwait Allows init to shut the system down, when the power fails. This assumes the use of a UPS, and software that watches the UPS and informs init that the power is off. ctrlaltdel Allows init to reboot the system, when the user presses ctrl-alt-del on the console keyboard. Note that the system administrator can configure the reaction to ctrl-alt-del to be something else instead, e.g., to be ignored, if the system is in a public location.
10
Booting in single user mode
An important run level is single user mode (run level 1), in which only the system administrator is using the machine and as few system services, including logins, as possible are running. Single user mode is necessary for a few administrative tasks. A running system can be taken to single user mode by using telinit to request run level 1. At bootup, it can be entered by giving the word single or emergency on the kernel command line: the kernel gives the command line to init as well, and init understands from that word that it shouldn't use the default run level. One reason to go to this level is if you forget your root password or if you need to check the filesystem on the “/” partition
11
init.d and xinet.d init.d is a folder in your /etc/rc.d directory that contains little programs called “scripts” that will start or stop services and programs on your computer. It is actually part of the startup process and based on what run level you have decided to use, different scripts will be run from the init.d folder Most of the scripts will have a 'start', 'stop', 'restart' and 'status' option so you can control the programs yourself For example, to start a webserver, you might do the following /etc/rc.d/init.d/httpd start
12
rc.d So the program scripts are in the /etc/rc.d/init.d folder
What is the /etc/rc.d folder for? /etc/rc.d will contain all the files needed to boot up. This is where the programs for the different run levels are saved. They are located in the /etc/rc.d/rc0.d/ --> /etc/rc.d/rc6.d/ Notice the files in these folders start with a S or a K before them. The files with an S mean they are for startup, the files with the K mean they are for the shutdown To add a new service and have it be included in the correct run level, you'll need to put the K and S files in the correct rcX.d folder (where X --> 0-6)
13
rc.d Sometimes with all the run levels and files things get confusing, so what if you just want a simple way to make things start when you boot up the system? There is a file called /etc/rc.d/rc.local. This 'rc.local' file will be run when the system starts and any commands inside of it will also be run. You just need to put the full path to where the file is saved. For example, if you want a mySQL database to start when the computer starts, just put in on the last line of the rc.local file /usr/local/bin/mysql
14
rc.sysinit You'll also notice in the /etc/rc.d folder there is a rc.sysinit file. This is for the kernel to start when the computer starts. This is what starts the important system services and programs and also configures the computer correctly when you start up. It will do things like mount your filesystems, set your clock and change your hostname so these things are the same as you want them to be. It's a good idea not to change anything in here
15
xinet.d All the talk about init.d is for programs and services that are local, which means they run on the system and are not for networked enabled programs (generally speaking). For programs that are networked services, ones that talk to other computers on a network, the xinet.d folder is used in /etc/. xinet.d is relatively new to Linux, but used a lot in RedHat. When we get to the chapter about networking, we will look at it more in depth
16
Chkconfig So how can you control what programs will start up and shut down and find out what is actually running? The chkconfig command is used to activate and deactivate services. If you use the chkconfig --list command, you will see a list of system services and whether they are started (on) or stopped (off) in runlevels 0-6. Example: $ chkconfig --list anacron anacron 0:off 1:off 2:on 3:on 4:on 5:on 6:off
17
Chkconfig Examples: Forces httpd service to run for levels 3, 4 and 5.
* chkconfig --level 345 httpd on Start the httpd service when system starts. * chkconfig --add httpd Do not start the sendmail system start. * chkconfig --del sendmail List all services and init levels. * chkconfig --list
18
Crontab So you know how to make programs start when the system starts, what about making programs run at a regular interval, for example every hour, or once a day? Crontab is a small program that is the task scheduler on Linux systems. It will act like an alarm clock. At a certain time, it will wake up and make a program run. When you access crontab, you have to use the text editor, vi. So all your practice with vi will pay off
19
Using crontab Each user is allowed to have his or her own crontab, but the root user will be the one to use it the most. To see your crontabs, type crontab -l And what you'll see is something like 0 1 * * * /home/www/cgi-bin/awstats.pl 0 2 * * * /usr/bin/sarg 0 3 * * * echo > /var/log/squid/access.log 0 3 * * * echo > /var/mail/junk Basically a list of programs with some numbers and stars So what does it mean and how does it work?
20
Using crontab 0 1 * * * /home/www/cgi-bin/awstats.pl There are five fields to the schedule, and then the name of the program that will run The fields are, in this order, MINUTE(0-59) HOUR(0-23) DAYOFMONTH(1-31) MONTHOFYEAR(1-12) DAYOFWEEK(0-6) Note 0 = Sun Also note that the ASTERISK (*) is what's called a WILDCARD meaning it will match any value. So in this example it will run on the 0th minute of the 1st hour of every day of the month, every month of the year and every day of the week
21
Add your own crontab So to add your own crontab, type
crontab -e This will open up the crontab file in 'vi' and you can add your own crontab line Crontab examples: Program1 will run every minute of the 1st hour of the 4th day of every month * 1 4 * * /usr/bin/program1 Program2 will run every 15th minute every 6 hours, every 10th day of the 5th month of the year 0,15,30,45 0,6,12, * /usr/bin/program2
22
User Management An important task for the root user is to be able to add new user's to the system and to delete old users. To add a user to the system we can use the command 'useradd' or we can do it all manually With 'useradd' /]$ useradd new_user -g students This will add a user called new_user and put them in the group called students To remove user, 'userdel' /]$ userdel new_user
23
Setting passwords To set a password for a new user, you'll use the 'passwd' program /]$ passwd new_user You'll then be prompted to enter in the new password for that user If you don't specify a user name, then you can change your own password
24
Groups Users also have options of being inside of groups. This is for security and permission reasons. For example, at a school, all students might be in the students group and all teachers in the staff group. You could then make student grades group readable for staff, but not for students. To add a new group to the system, use 'groupadd' /]$ groupadd students Now you'll be able to add students to this new group on your system
25
Adding users manually Inside /etc/passwd you'll see lines like
The list of users and their home directories are in the important file called '/etc/passwd' This file used to contain encrypted passwords of everyone on the system, but that proved insecure and they moved the passwords to a file called /etc/shadow that only root can read Inside /etc/passwd you'll see lines like user1:x:500:100:User 1:/home/user:/bin/bash Fields are separated by the ':' The first field is for the username. Then next, 'x' means the password is in /etc/shadow. 500 and 100 are the user id and group id respectively. User 1 is the name of the user. /home/user is their home directory and /bin/bash is the shell program they are using
26
The /etc/group file Groups are saved inside the file /etc/group and a line will look like this administrators:x:501:user1,user2 The first field is the name of the group, the 'x' is for no password, 501 is the group id and the last field is a list of users who are also part of this group For example, user1 might be a part of staff and administrators, but his primary group is staff. So to add him to administrators, add him to the end of the line for in the /etc/group file
27
Assigning quotas Quotas limit how much space one user can take up on a system. If you don't have any quotas, then someone can put every movie they have on the computer until you run out of space and there is no room for virtual memory. That's bad So if you have a lot of users, its good to have some sort of quota system set up to limit how much they can save To add quotas to a system is sometimes tricky, but generally these are the steps to take. First open /etc/fstab and find the partition you want to change. You'll see something like /dev/hda2 /home ext3 defaults 1 1 You'll be adding the usrquota, and the grpquota part. This tells the file system there is a user and group quota. Do it like this: /dev/hda2 /home ext3 defaults,usrquota,grpquota 1 1
28
Assigning quotas The next step is to create a file where quotas are saved. Depending on what filesystem you have you might have to create a file called 'quota.user' or 'aquota.user' touch /home/quota.user chmod 600 /home/quota.user Then you need to turn on quotas quotaon -av And now you are ready to start assigning quotas hopefully. You might have to reboot the computer so that the partition is remounted correctly at the beginning, with quotas enabled
29
Assigning quotas To assign a quota for a user, you'll use a command called 'edquota' edquota -u user1 You'll see something like the below: Disk quotas for user user1 (uid 665): Filesystem blocks soft hard inodes soft hard /dev/hda Filesystem shows which partition it is on. Blocks shows how many KB the user has taken up Soft is the 'soft' quota for how many KB they can use. This means they'll get a warning when they get to this level Hard is the 'hard', they cannot go over this limit Inodes is the number of files they have created (hard and soft are quotas for the number of files they can have in total)
30
Checking and maintaining quotas
To see all the quotas you have on a system, use the command: repquota -a To see the quota for just one user, try quota -u user1 Soft limits are like grace periods for people, it will let them keep their files for a certain amount of time above the soft limit, but then make them delete stuff after a certain amount of time To change how long that time is, use the command edquota -t
31
Summary This chapter gave you a basic outline of somethings the root user is responsible for. The root user will also be involved in doing many other things, and there are many other commands that help the root user to administer We'll take a look at other things the root user can do, especially in terms of networking and security features on Linux Remember, if anyone found out your root user password, they could do whatever they want to your computer very easily.
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.