Module 9 Linux Administration

advertisement
Module 9
Linux Administration
9.1 User Interface Administration
9.2 User Accounts and Group Accounts
9.3 Files System and Services Management
9.4 Daemons
User Interface Administration
Log On Procedures
•
•
•
Users can log on to a
Linux operating system
using the Command-Line
Interface (CLI), which is
similar to the Windows
2000 interface.
The Linux CLI provides
the user with successive
text only prompts to enter
a user name and
password.
No additional domain
information is required.
GUI Interface
• "X Window" allows Linux to
operate similar to the other
GUIs.
• A typical X Window interface
will look somewhat familiar to
a Windows 2000 user.
• Linux users can completely
customize their X Window
interface to meet their specific
needs.
• A terminal window displays a
standard Linux command
prompt in a small window on
the screen.
CLI Interface
• The Linux command-line
interface (CLI) allows the
user to interact with the
system in the same manner
as the Windows 2000
command interpreter.
• Users should try entering
basic commands.
• Do not attempt to randomly
guess commands, since
such careless activity could
have impacts on the
system.
CLI Interface
• The man command
displays online man pages
for any of the hundreds of
Linux commands.
• A listing of all the Linux
commands with a brief
description of what they do
can be obtained by entering
man intro at the command
line.
• A man page can be
displayed on the man
command itself by typing
man man.
CLI Interface
• A number of different headings
or informational areas are in a
typical man page.
• All commands will have at least
a name, a synopsis, and a
description.
• A common Linux command is
cd, which allows users to
change directories.
• Some of the output has been
omitted because the output from
the cd man page is normally
about nine pages long.
CLI Interface
• The ls command can be
issued with the [options] and
the [files] list to display the
contents of a specific
directory.
• When the ls command is
issued without these options
the contents of the current
directory will be listed.
• Also more than one filename
can be given so that the ls
command will list the contents
of multiple directories.
The Linux Shells
• The Linux shells operate as a
command interpreter.
• The command interpreter from
the MS-DOS environment is
similar.
• It combines the interactive
features that make the C shell
popular with the easier to use
shell programming syntax of
the Bourne shell.
• The Born Again Shell is
referred to as the bash shell
and is used for many ’UNIXlike’ systems.
vi Editor
• Linux includes an editing
tool call the vi Editor that
allows the editing of the
configuration and script files
as well as creation of some
configuration and script
files.
• The three modes of
operation in vi Editor are
command, edit/entry, and
last-line.
User Accounts and Group Accounts
User and Group Accounts
in a Linux Environment
• User accounts in a Linux
system allow several people
to be logged into the system
at the same time or at
different times without
interfering with each other.
• The term user and account
are sometimes used
interchangeably.
• There are several important
terms that will need to be
learned.
User and Group Accounts
in a Linux Environment
• The Linux operating system is both a multiuser and
multitasking system.
• The most important user account is the Superuser
account; also referred to as the root account.
• This account is used by the system administrator to
perform any administrative tasks on a Linux system.
• The Superuser account can be used in several ways:
–
–
–
–
root login
Su
Sudo
SUID root files
Adding Users
• The root user creates other
Linux users with the
useradd command.
• When this command is
entered at the prompt, Linux
performs many
simultaneous tasks to
create the user account,
such as creating a home
directory and assigning
default permissions.
• Flags and parameters exist
for the useradd command
and can be found by
viewing its man page.
Managing User Accounts
• The process of disabling an account requires a bit more
effort.
• The system administrator must edit the file that stores all
user information on the system and manually disable the
user's password.
• User passwords are stored in a central file known as the
‘shadow’ file, which is located in the /etc directory.
• This file can be edited with a text editor like vi Editor.
Creating Groups and
Adding users to Groups
• Every group on a Linux system
can have anywhere from no
members to as many members
as there are user accounts on the
systems.
• Group membership is controlled
by the /etc/group file.
• To change to a different group
after logging into the system use
the newgrp command.
• The syntax for this command is
newgrp <group name> for
example: newgrp engineering.
• The gpasswd command can be
used to modify existing groups.
Files System and Services Management
Creating/Sharing Directories
• Creating files and
directories in Linux is a
matter of knowing the
proper commands and
how to use them.
• Some of the commands
use the same syntax for
both files and
directories, while others
are different.
Passwords and Permissions
• The Linux system of
permissions is much more
difficult than that of
Windows 2000. System
administrators are given
more control with the use of
three distinct permission
categories of read, write,
and execute.
• The execute permission
controls the ability of a user
to enter a directory, while
the read permission
controls its readability.
Passwords and Permissions
• File and directory permissions in Linux are controlled
through the use of the chown and chmod commands.
• The chown command is performed by all users to
specify the user and group ownership of a file or
directory:
– chown username.group filename
–
For example: chown jdoe.executives report_01
• File and directory ownership is an important concept in
Linux because permissions are declared for both users
and groups based on this ownership
– chmod mode filename
–
For example: chmod 700 report_01
Mounting and Managing
Files Systems
• The two commands that
Linux uses to mount and
unmount file systems and
partitions are mount and
umount.
• Find a comprehensive list at
the mount man page.
Mounting and Managing
Files Systems
• The -o option takes a
comma-separated list of the
options.
• The df command will
display information about a
hard drive or partition that
includes total, used, and
available hard disk space.
• There are many parameters
that can be used with this
command as well.
Mounting and Managing
Files Systems
• If space needs to be freed
up on a hard drive, use the
du command to display
information about a specific
user’s home directory to
make a decision on which
files to either move or
delete to make room.
• There are several
parameters that can be
used along with the du
command.
File System Configuration Files
• There are two types of configuration
files for the Linux file system, User
and System configuration files.
• The user configuration files are
stored as dot (.) files
• The user settings for the KDE
interface are stored in the .kde and
.kderc files.
• These dot files are hidden and are
ignored by most Linux tools.
• If the ls command is used to list the
contents of a user’s home directory
these files will not be listed.
• They can be listed by adding the –A
parameter to the ls command.
File System Configuration Files
• System function configuration
files control system functions
after the system has been
booted up.
• The server files are located in
the /etc directory.
• These files control programs
that run in the background,
most often unnoticeable to the
user.
• These files are usually
configured to start the server
or to change its behavior in
some way if the server has
been already started.
File System Configuration Files
• The /etc/inittab file is responsible
for controlling init processes,
which runs the startup scripts on
a Linux system.
• There are two types of lines that
will be found in the /etc/inittab
files: comment lines and control
lines.
• Comment lines are found in all
scripts in any operating system.
• These are the lines that are
commented out using a pound
sign (#).
• Control lines are the lines that are
read by the program.
File System Configuration Files
• The /etc/fstab file provides
access to disk partitions
and removable media
devices.
• Linux supports a unified
directory structure which
means that every directory
in located somewhere in
relation to the root of the
tree which is /.
Managing Runlevels
• Runlevels control what predetermined set of
programs will run on the computer when the
system starts up.
• The settings that control how the system
boots and what runlevel to boot up into is
stored in the /etc/inittab file.
• The init program reads the settings in this file
and therefore sets the systems initial runlevel.
• Once the system has been booted up it change the runlevel using the init or telinit
program.
Managing Runlevels
• Switching to runlevel 0 is a
special case because it
requires shutting down the
computer and halting it.
• Switching to runlevel 0, to
shut down the system, can
be done with the telinit or
init command.
• It is recommended to use
the shutdown command
instead because of the
many options it gives.
Documenting a Linux System Configuration
• Properly document the system:
–
–
–
–
–
–
–
–
System Maintenance Log
Initial Configuration
Package Installations
Configuration File Edits
Filesystem Changes
Kernel Recompilations
Hardware Changes
Backing Up the /etc Directory
• Using the tar command it is possible to back up the /etc
directory to any mounted device.
Daemons
Introduction to Linux Daemons
• The functions that are called ‘services’ in Windows and
Netware Loadable Modules (NLMs) in Novell are referred to as
Daemons in Linux.
• Examples of Linux Daemons are FTPD and HTTPD.
• Daemons are not integrated into the operating system as
services are in Windows.
• Daemons run as a background process and run continuously
without producing any visible output.
Introduction to Linux Daemons
• There are several common Linux Daemons:
– HTTPD: This daemon is responsible for web browser
requests.
– Inetd: This daemon will wait for an incoming request to
be made and then forwards that request to the
appropriate Daemon.
– Crond: This daemon will run scripts at a specified time.
– Syslogd: This daemon will record information about
currently running programs to the system log file.
• Daemons can be loaded or unloaded into memory at
any time.
• They can also be restarted without having to restart
the entire system.
Starting, Stopping, and
Restarting Daemons
• Sys V scripts can be used to
start, stop, or restart Linux
Daemons.
• The scripts are located in
directories, most commonly the
/etc/rc.d/init.d or /etc/init.d
directory.
• To execute these scripts they
need to be followed by options
such as start, stop, or restart.
• The status option can be used
on some scripts as well to get
feedback on what the current
state the daemon is in.
Starting, Stopping, and
Restarting Daemons
• The two types of superservers that are used in Linux
are inetd.d and xinetd.d.
• Super-servers listen for
requests for any of the
daemons and services on the
server.
• They load the daemon or
service into memory only
when a request has been
made and it is in use.
• Until the request is made the
daemon would not be running
or consume any memory.
HTTP
• The Linux NOS is not capable of
providing the HTTP daemon to
users.
• Instead, a separate web-hosting
program named Apache is the
common solution.
• Apache provides the same HTTP
Daemons for Linux that the Internet
Information Services (IIS) tool does
for Windows 2000.
• Users do not have to be running a
Linux system to access the apache
web server daemon because the
apache web-server is accessed by
the HTTP protocol, which is
operating system independent.
HTTP
• Users of an HTTP enabled
Linux system are typically
given a special directory
within their home directory
for placing public web files.
• This directory is often
named ‘public_html’ and
automatically becomes the
user's root web directory.
FTP
• While the Windows 2000 FTP
service may or may not be
available by default, the Linux FTP
service (FTPD) needs no
configuring.
• This setting is found in the
/etc/rc.d/init.d/xinetd.
• If a system administrator wishes to
disable the service, a pound sign
(#) can be placed at the start of the
line.
• Otherwise, Linux automatically
starts the FTP Daemon (FTPD)
during the boot process, and users
are able to remotely FTP to the
machine at any time.
Telnet
• Telnet allows a remote user to
log in to a system for the
purposes of issuing
commands and accessing files
using a CLI.
• Upon discovering that a server
is listening for Telnet requests,
a hacker can try to use brute
force to break into a system.
• A brute force attack may
involve using a program that
guesses the password, using
a dictionary as the source of
its guesses.
Server Message Block
(SMB) Protocol
• The Server Message Blocks (SMB) protocol
is designed to be a file sharing protocol.
• It has since been renamed to Common
Internet Filesystems (CIFS) but is still used
for file and printer sharing.
• This protocol is used to allow non-Linux or
UNIX systems to mount Linux filesystems and
printers over the network.
• The SMB protocol allows a Windows client to
do this the same way as if they were
connecting to another Windows system.
NFS
• NFS is used as a means to share files
between multiple computer systems
connected on a network.
• However the main difference with NFS is that
is designed to work on UNIX systems.
• NFS is the preferred method of sharing files
between Linux and UNIX systems because
client systems are able to access NFS shares
on a NFS file server with regular Linux file
access utilities.
Mail Client
• To set up the e-mail Daemon
on Linux, the administrator will
need to set up a mail user
agent, the mail transfer agent
(MTA), and the transport
protocol.
• The mailer provides the user
with an interface for reading
and composing messages.
• The mailer uses the MTA to
transfer the mail from the
sender to the recipient and
back.
• The two major MTAs are
SMTP and Sendmail.
Printing in a Linux Environment
• The main component of
Linux printing is the print
queue.
• The LPRng software
provides the server with the
ability to handle multiple
printers and queues as well
as provides the security that
will be needed in a large
network.
• The /etc/printcap file is at
the core of the LPRng
printing software.
Printing in a Linux Environment
• Red Hat comes with a GUI
tool that can be used to
setup printers called
printtool.
• To use the tool, type
printtool at a shell prompt,
this will launch the GUI
printer configuration tool.
• This tool aids in configuring
a client workstation to
connect to a printer either
locally or to a print server
over the network.
Scripts
• The Linux operating system can also accommodate many
different scripting languages. The most common and basic of
these is its built-in ’shell scripting’ abilities.
• A shell script is a text file that contains any number of Linux
commands listed successively.
• Each command is executed in turn exactly as if it had been
typed at the command prompt.
• Shell scripts can also contain programming logic such as
looping and conditional statements.
Download