1. Introduction to System Admin Sirak Kaewjamnong

2. 2 The system administration’s job  Adding a new user  Doing backup and restoring files from backups  Answer user questions  Monitoring system activity and tuning system performance for good respond time  Worrying about system security and patching security holds

3. 3 The system administration’s job  Installing programs and OS updates  Trying to free up disk space  Rebooting the system after a crash  Adding a new equipment and new systems  Fixing any problems  Writing scripts to automate as many of the above activities as possible

4. 4 Unix superuser  Superuser is a privileged account with unrestricted access to all files and command  The user name of superuser is “root”  This user has a user ID of 0

5. 5 Becoming root  There are two ways to become the superuser 1. Login as root directly 2. Execute command su to change privileged % su

6. 6 Sudo command  The sudo utility allows users defined in the /etc/sudoers configuration file to have temporary access to run commands they would not normally be able to due to file permission restrictions  Sudo (superuser do) allows a system administrator to give certain users (or groups of users) the ability to run some (or all) commands as root

7. 7 The /etc/sudoers File  The /etc/sudoers file contains all the configuration and permission parameters needed for sudo to work

8. 8 Format of the /etc/sudoers File  Groups are the same as user groups and are differentiated from regular users by a % at the beginning. The Linux user group "users" would be represented by %users.  can have multiple usernames per line separated by commas.  Multiple commands also can be separated by commas. Spaces are considered part of the command.  The keyword ALL can mean all usernames, groups, commands and servers.  If run out of space on a line, admin can end it with a back slash (\) and continue on the next line.  The NOPASSWD keyword provides access without prompting for your password. usernames/group servername = (usernames command can be run as) command

9. 9 /etc/sudoers Examples root ALL = (ALL) ALL %wheel ALL = (ALL) ALL  root and users in group wheel can run anything on any machine as any user Srk,rp ALL = NOPASSWD: ALL  User srk and rp can run anything on any machine without a password peter, %operator ALL= /sbin/, /usr/sbin, /usr/local/apps/check.pl  user peter and all the members of the group operator to gain access to all the program files in the /sbin and /usr/sbin directories, plus the privilege of running the command /usr/local/apps/check.pl

10. 10 Using Aliases in the sudoers File User_AliasADMINS = millert, mikef, dowdy ADMINSALL = NOPASSWD: ALL  User alias ADMINS are user millert.mikef,dowdy  User alias ADMINS can run anything on any machine without a password Cmnd_AliasPRINTING = /usr/sbin/lpc, /usr/bin/lprm Cmnd_AliasSHUTDOWN = /usr/sbin/shutdown srk ALL = PRINTING, /usr/bin/adduser  User srk can use printer and add new user

11. 11 How to add user  Add linux group #groupadd students #groupadd staff #groupadd teachers  Add the Linux users and assign them to their respective groups #useradd –g teachers rp #useradd –g staff srk  Each user's personal directory is placed in the /home directory. The directory name will be the same as their user name

12. 12 Change password  User root changing the password for user paul [root@myhost]# passwd paul Changing password for user paul. New password: Retype new password: passwd: all authentication tokens updated successfully. [root@myhost]#

13. 13 Delete user  The userdel command is used to remove the user's record from the /etc/passwd and /etc/shadow used in the login process. The command has a single argument, the username [root@myhost]# userdel paul  an optional -r switch that additionally removes all the contents of the user's home directory [root@myhost]# userdel -r paul

14. 14  http://www.sudo.ws/sudo/sample.sud oers