1. scis.regis.edu ● scis@regis.edu CS 468: Advanced UNIX Class 2 Dr. Jesús Borrego Regis University 1

2. Topics Homework 1 solutions How to capture output to file Installation of system User Administration How to capture output to file Homework 2 Assignment Q&A 2

3. Capturing script interaction 3

4. Adding Users Tasks: Assign user name Add new entry to password file Add entry to group file Create home directory for user Create startup files for user Notify user 4

5. Password file format username: password: userID: groupID: personal: home directory: startup 5

6. 6 username:password:userID:groupID:personal:home directory:startup

7. Group file 7

8. LDAP Lightweight Directory Access Protocol Smaller version of Directory Services X.500 Table look up of entries; look up an entry and it finds attributes Used to determine access given to a user Used by most operating systems, including Unix, Linux, and Windows ▫MS: Active Directory 8

9. Directory Services Overview Directory Concept ▫Look up resources based on known attributes Based on IETF and ISB X.500 ▫http://www.cse.ohio-state.edu/cgi- bin/rfc/rfc1777.htmlhttp://www.cse.ohio-state.edu/cgi- bin/rfc/rfc1777.html DAP – Directory Access Protocol ▫Specified in X.511 LDAP – Lightweight DAP ▫Clients can read and query the directory 9

10. Directory Services Entities have attributes that can be used to search ▫Files can have access descriptors for users Contains a number of records with (attribute, value) pairs Collection of directory entries is called a Directory Information Base (DIB) 10 Source: Tanenbaum, A., & Steen, M. V. (2007). Distributed systems: Principles and paradigms (2nd ed.). Upper Saddle River, NJ: Pearson Prentice Hall.

11. Directory Services Overview Resources can be: ▫Computers, servers, databases, printers ▫People, groups ▫Anything on a network Dependent on TCP/IP for functionality 11 Source: Schwartz, R. (2000). Windows 2000 Active Directory survival guide: Planning and implementation. New York, NY: John Wiley & Sons

12. Active Directory Concepts Namespace – name or group of names defined according to a naming convention Name resolution – the ability to attribute a name to an object on the network ▫Distinguished Name (DN) – from the root  Division/Department/Section/Unit/Group ▫Relative Distinguished Name (RDN) – relative to a particular location ./Group 12 Source: Schwartz, R. (2000). Windows 2000 Active Directory survival guide: Planning and implementation. New York, NY: John Wiley & Sons

13. Microsoft Directory Services Services defined as: ▫Single point of access to network resources ▫Adaptive and expandable information source ▫Common policy or set of rules ▫Methods for querying directory objects 13 Source: Schwartz, R. (2000). Windows 2000 Active Directory survival guide: Planning and implementation. New York, NY: John Wiley & Sons

14. MS Active Directory Framework Logical Elements ▫Structure ▫Relationships Physical Components ▫AD Sites ▫Domain Controllers 14 Source: Schwartz, R. (2000). Windows 2000 Active Directory survival guide: Planning and implementation. New York, NY: John Wiley & Sons

15. Logical Elements Objects Schema Domains Containers and OUs Trees and Forests Sites and Domain Controllers 15 Source: Schwartz, R. (2000). Windows 2000 Active Directory survival guide: Planning and implementation. New York, NY: John Wiley & Sons

16. Objects “Any item contained in the directory that has a common set of attributes” Examples: users, workstations, printers, databases, files Has properties and is defined by class definitions Can be a parent or child 16 Source: Schwartz, R. (2000). Windows 2000 Active Directory survival guide: Planning and implementation. New York, NY: John Wiley & Sons

17. Object Attributes Property = Attribute A set of information defining an object Children inherit attributes of parents Actual value defines object uniquely ▫A printer can be a parent and has attributes  Location, brand, properties ▫An HP OfficeJet J4680 at IP 10.10.10.15 is a specific printer 17 Source: Schwartz, R. (2000). Windows 2000 Active Directory survival guide: Planning and implementation. New York, NY: John Wiley & Sons

18. Object Classes Classes grouped by attributes Sample classes: ▫Users ▫Groups ▫Computers ▫Organizational Units ▫Databases ▫… 18 Source: Schwartz, R. (2000). Windows 2000 Active Directory survival guide: Planning and implementation. New York, NY: John Wiley & Sons

19. Structure Components Containers ▫Store objects in the directory (domains, OUs) Domains ▫Form security boundaries on a network ▫Security settings do not cross over domains OUs ▫Subdivide directory structure into smaller units  Makes administration easier and more manageable 10/11/2015 19 Source: Schwartz, R. (2000). Windows 2000 Active Directory survival guide: Planning and implementation. New York, NY: John Wiley & Sons

20. Relational Components Trees ▫A contiguous namespace ▫Domains interconnected via relationships Forests ▫Collection of trees Global Catalog Server ▫Central repository of objects 20 Source: Schwartz, R. (2000). Windows 2000 Active Directory survival guide: Planning and implementation. New York, NY: John Wiley & Sons

21. Trees Logical hierarchy of domains within the namespace ▫Within the tree, domains are interconnected in trust relationships Trust Relationship ▫Formed when two or more domains are joined in the sane namespace and a link is formed 21 Source: Schwartz, R. (2000). Windows 2000 Active Directory survival guide: Planning and implementation. New York, NY: John Wiley & Sons

22. Forests When companies merge ▫Individual trees are merged into a forest Allows established trees to coexist in a new network First tree created in the forest becomes the root (by default) Trees in forest share common schema, configuration, and catalog server 22 Source: Schwartz, R. (2000). Windows 2000 Active Directory survival guide: Planning and implementation. New York, NY: John Wiley & Sons

23. Chapter 7: Adding New Users 23

24. User management commands To add users: useradd To delete users: userdel To modify users: usermod 24

25. Login names rules 25

26. Password encryption 26

27. Encryption Crypt – based on DES MDT SHA256 Blowfish 27

28. UserID Login names are understandable to users UID is used by the system internally UIDs must be unique across the organization User IDs are managed by LDAP 28

29. Group ID Defined in /etc/groups 32-bit number GID 0 – system Group ID for a user is stored in the password file GECOS – General Comprehensive OS ▫Contains general information about user p.181 29

30. User information Home Directory Login shell (bash default) Login scripts 30

31. Other startup files See.bashrc See.bash_profile Review table 7.3, page 1898 31

32. Startup files 32

33. Bash profile 33

34. Adding Users 34

35. User account options 35

36. Chapter 12: 36

37. Installing UNIX Installation methods: From media (DVD) From network installation (DHCP, TFTP) that boots system without media ▫Retrieves files from network (HTTPS, NFS, FTP) From network card Others (system dependent): Kickstart, LILO, AutoYaST 37

38. Installation documentation 38

39. Keywords for JumpStart 39

40. Packages Used to distribute software Can also be used to release other files Attempt to make installation easier than using tar.gz archives Include dependencies to determine what components are required for a given installation 40

41. Package concepts Release – a software baseline Component – Subset of software within a release Architecture – Specific class of hardware Packages – elements that make up components and releases 41

42. Binaries and config files 42

43. Software Distribution Commands 43

44. Revision Control Need to keep track of versions for a system – Why? Can do backups but they become cumbersome CVS SubVersion Revision Version Branches Trunks 44

45. Branch Management 45

46. Localization and Configuration Need to configure all devices and file systems Need to maintain inventory of devices Software released involve maintaining licenses Set up a test environment before releasing changes If possible, take advantage of management tools 46

47. Questions? 47