Module 9 Linux Administration 9.1 User Interface Administration 9.2 User Accounts and Group Accounts 9.3 Files System and Services Management 9.4 Daemons User Interface Administration Log On Procedures • • • Users can log on to a Linux operating system using the Command-Line Interface (CLI), which is similar to the Windows 2000 interface. The Linux CLI provides the user with successive text only prompts to enter a user name and password. No additional domain information is required. GUI Interface • "X Window" allows Linux to operate similar to the other GUIs. • A typical X Window interface will look somewhat familiar to a Windows 2000 user. • Linux users can completely customize their X Window interface to meet their specific needs. • A terminal window displays a standard Linux command prompt in a small window on the screen. CLI Interface • The Linux command-line interface (CLI) allows the user to interact with the system in the same manner as the Windows 2000 command interpreter. • Users should try entering basic commands. • Do not attempt to randomly guess commands, since such careless activity could have impacts on the system. CLI Interface • The man command displays online man pages for any of the hundreds of Linux commands. • A listing of all the Linux commands with a brief description of what they do can be obtained by entering man intro at the command line. • A man page can be displayed on the man command itself by typing man man. CLI Interface • A number of different headings or informational areas are in a typical man page. • All commands will have at least a name, a synopsis, and a description. • A common Linux command is cd, which allows users to change directories. • Some of the output has been omitted because the output from the cd man page is normally about nine pages long. CLI Interface • The ls command can be issued with the [options] and the [files] list to display the contents of a specific directory. • When the ls command is issued without these options the contents of the current directory will be listed. • Also more than one filename can be given so that the ls command will list the contents of multiple directories. The Linux Shells • The Linux shells operate as a command interpreter. • The command interpreter from the MS-DOS environment is similar. • It combines the interactive features that make the C shell popular with the easier to use shell programming syntax of the Bourne shell. • The Born Again Shell is referred to as the bash shell and is used for many ’UNIXlike’ systems. vi Editor • Linux includes an editing tool call the vi Editor that allows the editing of the configuration and script files as well as creation of some configuration and script files. • The three modes of operation in vi Editor are command, edit/entry, and last-line. User Accounts and Group Accounts User and Group Accounts in a Linux Environment • User accounts in a Linux system allow several people to be logged into the system at the same time or at different times without interfering with each other. • The term user and account are sometimes used interchangeably. • There are several important terms that will need to be learned. User and Group Accounts in a Linux Environment • The Linux operating system is both a multiuser and multitasking system. • The most important user account is the Superuser account; also referred to as the root account. • This account is used by the system administrator to perform any administrative tasks on a Linux system. • The Superuser account can be used in several ways: – – – – root login Su Sudo SUID root files Adding Users • The root user creates other Linux users with the useradd command. • When this command is entered at the prompt, Linux performs many simultaneous tasks to create the user account, such as creating a home directory and assigning default permissions. • Flags and parameters exist for the useradd command and can be found by viewing its man page. Managing User Accounts • The process of disabling an account requires a bit more effort. • The system administrator must edit the file that stores all user information on the system and manually disable the user's password. • User passwords are stored in a central file known as the ‘shadow’ file, which is located in the /etc directory. • This file can be edited with a text editor like vi Editor. Creating Groups and Adding users to Groups • Every group on a Linux system can have anywhere from no members to as many members as there are user accounts on the systems. • Group membership is controlled by the /etc/group file. • To change to a different group after logging into the system use the newgrp command. • The syntax for this command is newgrp <group name> for example: newgrp engineering. • The gpasswd command can be used to modify existing groups. Files System and Services Management Creating/Sharing Directories • Creating files and directories in Linux is a matter of knowing the proper commands and how to use them. • Some of the commands use the same syntax for both files and directories, while others are different. Passwords and Permissions • The Linux system of permissions is much more difficult than that of Windows 2000. System administrators are given more control with the use of three distinct permission categories of read, write, and execute. • The execute permission controls the ability of a user to enter a directory, while the read permission controls its readability. Passwords and Permissions • File and directory permissions in Linux are controlled through the use of the chown and chmod commands. • The chown command is performed by all users to specify the user and group ownership of a file or directory: – chown username.group filename – For example: chown jdoe.executives report_01 • File and directory ownership is an important concept in Linux because permissions are declared for both users and groups based on this ownership – chmod mode filename – For example: chmod 700 report_01 Mounting and Managing Files Systems • The two commands that Linux uses to mount and unmount file systems and partitions are mount and umount. • Find a comprehensive list at the mount man page. Mounting and Managing Files Systems • The -o option takes a comma-separated list of the options. • The df command will display information about a hard drive or partition that includes total, used, and available hard disk space. • There are many parameters that can be used with this command as well. Mounting and Managing Files Systems • If space needs to be freed up on a hard drive, use the du command to display information about a specific user’s home directory to make a decision on which files to either move or delete to make room. • There are several parameters that can be used along with the du command. File System Configuration Files • There are two types of configuration files for the Linux file system, User and System configuration files. • The user configuration files are stored as dot (.) files • The user settings for the KDE interface are stored in the .kde and .kderc files. • These dot files are hidden and are ignored by most Linux tools. • If the ls command is used to list the contents of a user’s home directory these files will not be listed. • They can be listed by adding the –A parameter to the ls command. File System Configuration Files • System function configuration files control system functions after the system has been booted up. • The server files are located in the /etc directory. • These files control programs that run in the background, most often unnoticeable to the user. • These files are usually configured to start the server or to change its behavior in some way if the server has been already started. File System Configuration Files • The /etc/inittab file is responsible for controlling init processes, which runs the startup scripts on a Linux system. • There are two types of lines that will be found in the /etc/inittab files: comment lines and control lines. • Comment lines are found in all scripts in any operating system. • These are the lines that are commented out using a pound sign (#). • Control lines are the lines that are read by the program. File System Configuration Files • The /etc/fstab file provides access to disk partitions and removable media devices. • Linux supports a unified directory structure which means that every directory in located somewhere in relation to the root of the tree which is /. Managing Runlevels • Runlevels control what predetermined set of programs will run on the computer when the system starts up. • The settings that control how the system boots and what runlevel to boot up into is stored in the /etc/inittab file. • The init program reads the settings in this file and therefore sets the systems initial runlevel. • Once the system has been booted up it change the runlevel using the init or telinit program. Managing Runlevels • Switching to runlevel 0 is a special case because it requires shutting down the computer and halting it. • Switching to runlevel 0, to shut down the system, can be done with the telinit or init command. • It is recommended to use the shutdown command instead because of the many options it gives. Documenting a Linux System Configuration • Properly document the system: – – – – – – – – System Maintenance Log Initial Configuration Package Installations Configuration File Edits Filesystem Changes Kernel Recompilations Hardware Changes Backing Up the /etc Directory • Using the tar command it is possible to back up the /etc directory to any mounted device. Daemons Introduction to Linux Daemons • The functions that are called ‘services’ in Windows and Netware Loadable Modules (NLMs) in Novell are referred to as Daemons in Linux. • Examples of Linux Daemons are FTPD and HTTPD. • Daemons are not integrated into the operating system as services are in Windows. • Daemons run as a background process and run continuously without producing any visible output. Introduction to Linux Daemons • There are several common Linux Daemons: – HTTPD: This daemon is responsible for web browser requests. – Inetd: This daemon will wait for an incoming request to be made and then forwards that request to the appropriate Daemon. – Crond: This daemon will run scripts at a specified time. – Syslogd: This daemon will record information about currently running programs to the system log file. • Daemons can be loaded or unloaded into memory at any time. • They can also be restarted without having to restart the entire system. Starting, Stopping, and Restarting Daemons • Sys V scripts can be used to start, stop, or restart Linux Daemons. • The scripts are located in directories, most commonly the /etc/rc.d/init.d or /etc/init.d directory. • To execute these scripts they need to be followed by options such as start, stop, or restart. • The status option can be used on some scripts as well to get feedback on what the current state the daemon is in. Starting, Stopping, and Restarting Daemons • The two types of superservers that are used in Linux are inetd.d and xinetd.d. • Super-servers listen for requests for any of the daemons and services on the server. • They load the daemon or service into memory only when a request has been made and it is in use. • Until the request is made the daemon would not be running or consume any memory. HTTP • The Linux NOS is not capable of providing the HTTP daemon to users. • Instead, a separate web-hosting program named Apache is the common solution. • Apache provides the same HTTP Daemons for Linux that the Internet Information Services (IIS) tool does for Windows 2000. • Users do not have to be running a Linux system to access the apache web server daemon because the apache web-server is accessed by the HTTP protocol, which is operating system independent. HTTP • Users of an HTTP enabled Linux system are typically given a special directory within their home directory for placing public web files. • This directory is often named ‘public_html’ and automatically becomes the user's root web directory. FTP • While the Windows 2000 FTP service may or may not be available by default, the Linux FTP service (FTPD) needs no configuring. • This setting is found in the /etc/rc.d/init.d/xinetd. • If a system administrator wishes to disable the service, a pound sign (#) can be placed at the start of the line. • Otherwise, Linux automatically starts the FTP Daemon (FTPD) during the boot process, and users are able to remotely FTP to the machine at any time. Telnet • Telnet allows a remote user to log in to a system for the purposes of issuing commands and accessing files using a CLI. • Upon discovering that a server is listening for Telnet requests, a hacker can try to use brute force to break into a system. • A brute force attack may involve using a program that guesses the password, using a dictionary as the source of its guesses. Server Message Block (SMB) Protocol • The Server Message Blocks (SMB) protocol is designed to be a file sharing protocol. • It has since been renamed to Common Internet Filesystems (CIFS) but is still used for file and printer sharing. • This protocol is used to allow non-Linux or UNIX systems to mount Linux filesystems and printers over the network. • The SMB protocol allows a Windows client to do this the same way as if they were connecting to another Windows system. NFS • NFS is used as a means to share files between multiple computer systems connected on a network. • However the main difference with NFS is that is designed to work on UNIX systems. • NFS is the preferred method of sharing files between Linux and UNIX systems because client systems are able to access NFS shares on a NFS file server with regular Linux file access utilities. Mail Client • To set up the e-mail Daemon on Linux, the administrator will need to set up a mail user agent, the mail transfer agent (MTA), and the transport protocol. • The mailer provides the user with an interface for reading and composing messages. • The mailer uses the MTA to transfer the mail from the sender to the recipient and back. • The two major MTAs are SMTP and Sendmail. Printing in a Linux Environment • The main component of Linux printing is the print queue. • The LPRng software provides the server with the ability to handle multiple printers and queues as well as provides the security that will be needed in a large network. • The /etc/printcap file is at the core of the LPRng printing software. Printing in a Linux Environment • Red Hat comes with a GUI tool that can be used to setup printers called printtool. • To use the tool, type printtool at a shell prompt, this will launch the GUI printer configuration tool. • This tool aids in configuring a client workstation to connect to a printer either locally or to a print server over the network. Scripts • The Linux operating system can also accommodate many different scripting languages. The most common and basic of these is its built-in ’shell scripting’ abilities. • A shell script is a text file that contains any number of Linux commands listed successively. • Each command is executed in turn exactly as if it had been typed at the command prompt. • Shell scripts can also contain programming logic such as looping and conditional statements.