Fedora Bible 2011 Notes (10/3/11)
advertisement
Fedora Bible 2011: Chapter 9: Understanding System Administration
Using the root user Account
The traditional role of the root user in Linux systems is to have complete control over the operation
of your Fedora system.
home directory for the root user is /root.
/etc/passwd file: root:x:0:0:root:/root:/bin/bash This shows that for the user named root, the x
indicates that the password is stored in /etc/shadow, the user ID is set to 0 (root user), and the
group ID is set to 0 (root group). The home directory is /root and the shell for that user is
/bin/bash.
usermod
Among the defaults that are set for the root user are aliases for certain commands that could have
dangerous consequences. Aliases for the rm, cp, and mv commands allow those commands to be run
with the -i option.
sudo
su
su Password: ******
#
su - Password: ******
#
If you became the root user by just typing su, rather than su -, you would not have changed
directories or the environment of the current login session.
su – chum
// become another user other than root
When you are finished using super user permissions, return to the previous shell by exiting the
current shell. To do so, press Ctrl+D or type exit.
Using graphical administration tools
trend over the past few versions of Fedora has been to steer clear of the massive administrative
interfaces (such as linuxconf and Webmin) and instead offer graphical windows that perform
individual administrative tasks.
Add/Remove Software (gnome-packagekit)
Authentication (authconfig-gtk)
Boot Loader (system-config-boot)
Date & Time
Figure 9-2: Choose an NTP server by clicking Synchronize date and time over the network.
Firewall (system-config-firewall)
Language (system-config-language)
Logical Volume Management (system-config-lvm)
Network (system-config-network)
Network Device Control (system-config-network)
Printing (system-config-printer)
Root Password (system-config-rootpassword)
Samba (system-config-samba)
SWAT window. SWAT is described in Chapter 17.)
SELinux Management (policycoreutils-gui)
Services (system-config-services)
Software Sources (gnome-packagekit)
Software Update (gnome-packagekit)
Users (accountsdialog)
Users & Groups (system-config-users)
Configuration Editor (gconf-editor)
Disk Usage Analyzer (gnome-utils)
Disk Utility (gnome-disk-utility)
Kickstart (system-config-kickstart)
Log File Viewer (gnome-system-log)
System Monitor (gnome-system-monitor)
Administrative commands
When you log in as root, your $PATH variable is set to include some directories that contain
commands for the root user.
/sbin
/usr/sbin
Administrative configuration files
$HOME
/etc
adjtime
aliases
bashrc
crontab
csh.cshrc (and csh.login)
dovecot
exports
fedora-release
fstab
group
gshadow
host.conf
hosts
hosts.allow
hosts.deny
inittab
issue
issue.net
mail.rc
modprobe.conf
mtab
mtools.conf
named.conf
nsswitch.conf
ntp.conf
passwd
printcap
profile
protocols
redhat-release
resolv.conf
rpc
services
shadow
shells
sudoers
rsyslog.conf
/etc/X11
/etc/alternatives
/etc/amanda
/etc/cron*
/etc/cups
/etc/default
/etc/httpd
/etc/init.d
/etc/mail
/etc/pcmcia
/etc/postfix
/etc/ppp
/etc/rc?.d
/etc/security
/etc/skel
/etc/squid
/etc/sysconfig
/etc/vsftpd
/etc/xinetd.d
Administrative log files
The main utilities for logging error and debugging messages for Linux are the rsyslogd and klogd
daemons.
/etc/rsyslog.conf
/usr/sbin/visudo
Uncomment the following line to allow users in the group named wheel to have full root privileges on
the computer: %wheel ALL=(ALL) ALL 4. The previous line causes the user to be prompted for a
password to be allowed to use administrative commands. To allow users in the wheel group to have
that privilege without using a password, uncomment the following line instead: %wheel ALL=(ALL)
NOPASSWD: ALL
edit the /etc/group file using the vigr -s command (-s update /etc/shadow file also)
wheel:x:10:root,mary,jake
jake – sudo ls (will be asked for password. This is the user jake’s password, not the root password.)
(You can change the timeout value from five minutes to however long you want by setting the
passwd_timeout value in the /etc/sudoers file.)
Using PolicyKit for assigning administrative privilege (fig 9.3shows example)
/etc/polkit-1/
`-- localauthority
|-- 10-vendor.d
|-- 20-org.d
|-- 30-site.d
|-- 50-local.d
`-- 90-mandatory.d
and
/var/lib/polkit-1/
`-- localauthority
|-- 10-vendor.d
|-- 20-org.d
|-- 30-site.d
|-- 50-local.d
`-- 90-mandatory.d
Administering Your Linux System
Configuring hardware
lsmod, modprobe, insmod,
Managing file systems and disk space
(You can use commands such as find, du, and df to do this.)
Monitoring system performance
top, ps -aux
Managing hardware with the DeviceKit
starting with Fedora 11, HAL was deprecated in favor of a newer replacement called DeviceKit.
udisks --enumerate
udisks --show-info /dev/sda1
Configuring modules
lsmod
modinfo fuse
modprobe parport
modprobe parport_pc io=0x3bc irq=auto
A shell script that ends with the extension of .modules in /etc/sysconfig/modules will be executed
automatically at boot time by the rc.sysinit script.
rmmod parport_pc
Managing File Systems and Disk Space
fdisk –l
mount
To see file system types that are currently available for use on your system, type cat
/proc/filesystems.
Using the fstab file to define mountable file systems
You find the following in each field of the fstab file:
Field 1 — The name of the device representing LABEL or UUID options.
Field 2 — The mount point in the file system.
Field 3 — The file system type.
Field 4 — Options to the mount command.
Field 5 — The number in this field indicates whether or not the indicated file system must be
backed up by a backup system called dump. A number 1 assumes that the file system
needs to be backed up, or dumped. A number 0 assumes that the file system doesn’t need
to be dumped.
Field 6 — The number in this field indicates whether or not the indicated file system needs to
be checked with fsck.
Mounting removable media
Here are examples of entries you could add to your /etc/fstab file: /dev/cdrom /mnt/cdrom
auto noauto,user,exec,ro 0 0 /dev/fd0 /mnt/floppy auto noauto,owner 0 0
mount -t msdos /dev/fd0 /mnt/floppy
mkdir /mnt/mycdimage # mount -o loop whatever-i386-disc1.iso /mnt/mycdimage
Mounting Windows file systems
mkdir /mnt/windows # mount -t ntfs /dev/sda2 /mnt/windows
umount /mnt/windows
umount /dev/sda2
“device is busy,” error message when umount
An alternative for unmounting a busy device is the -l option. With umount -l (a lazy unmount), the
unmount happens as soon as the device is no longer busy.
Using the mkfs command to create a file system
mkfs -t ext3 /dev/fd0
fdisk /dev/sdb
Checking system space
df
Figure 9-4: Determine where disk space is being used with Disk Usage Analyzer.
du -h /home/ericfj
find / -xdev -user jake -print0 | xargs -0 ls -ldS > /tmp/jake
You must be root user to run this command effectively, unless you are just checking your
personal files.
Monitoring System Performance
System Tools ⇒ System Monitor.
top
Fixing Your System with the FirstAidKit
FirstAidKit is an automated recovery tool
yum install firstaidkit
firstaidkit -a (auto)
firstaidkit-plugin-all
To see a list of the available plugins, use the following command: # firstaidkit --list See
https://fedorahosted.org/firstaidkit/ for more information about FirstAidKit.
Using Security Enhanced Linux
Chapter 10: Setting Up and Supporting Users
In This Chapter: Creating user accounts, Setting user defaults, Extending user authentication,
Creating portable desktops, Providing support to users, Deleting user accounts, Checking disk
quotas, & Sending mail to all users (please note that I have not added highlights for all sections)
Creating User Accounts
Regular users you add to your Fedora system typically fall into one of two categories:
Desktop users
Server users
Adding users with useradd
only required parameter to useradd is the login name of the user, but usually need additional
information.
useradd -c "John Smith" -m jsmith
passwd jsmith
In creating the account for John, the useradd command performs several actions: Reads the
/etc/login.defs and /etc/default/usradd files to get default values to use when creating accounts.
Checks command-line parameters to determine which default values to override. Creates a new user
entry in the /etc/passwd and /etc/shadow files based on the default values and command-line
parameters. Creates any new group entries in the /etc/group file. Creates a home directory based
on the user’s name and places it in the /home directory. Copies any files located within the
/etc/skel directory to the new home directory. This usually includes login and application startup
scripts.
useradd -m -g users -G wheel,sales -s /bin/tcsh -c"Mary Smith" mary
In this case, the useradd command is told to create a home directory for the user mary (-m), make
users the primary group she belongs to (-g), add her to the groups wheel and sales (-G), and assign
tcsh as her primary command shell (-s). Note that the wheel and sales groups must already exist for
this example to work. This results in a line similar to the following being added to the /etc/passwd
file: mary:x:502:100:Mary Smith:/home/mary:/bin/tcsh
If you look at the/etc/group file, you should find something similar to this:
root:x:0:root
bin:x:1:root,bin,daemon
daemon:x:2:root,bin,daemon
sys:x:3:root,bin,adm
adm:x:4:root,adm,daemon
tty:x:5:
useradd -m -G wheel,sales -s /bin/tcsh -c"Mary Smith" mary
That would result in an /etc/passwd entry like this:
mary:x:502:502:Mary Smith:/home/mary:/bin/tcsh
And a new group
mary:x:502:
Adding users with the Account Information dialog
Adding users with User Manager
system-config-users
Fedora uses a user private group (UPG) scheme,
You can extend this scheme for sharing files among several users. Here’s an example:
# useradd -m projectx
# mkdir /usr/local/x
# chown root.projectx /usr/local/x
# chmod 2775 /usr/local/x
# ls -ld /usr/local/x
drwxrwsr-x 2 root projectx 4096 Aug 18 01:54 /usr/local/x
# gpasswd -a nextuser projectx
This example creates a user named projectx
Setting User Defaults
/etc/login.defs
/etc/default/useradd
Supplying initial login scripts
Global defaults can be assigned from /etc/profile
The bash shell looks for .bashrc in the current user’s home directory
You can supply initial default versions of these and other configuration files by placing them in the
/etc/skel directory.
The .bash_profile script is run each time the user starts a new bash shell and, in turn, runs the
.bashrc script.
example of the .bash_profile file:
# .bash_profile
# Get the aliases and functions
if [ -f ~/.bashrc ]; then
. ~/.bashrc fi
# User specific environment and startup programs
PATH=$PATH:$HOME/bin
export PATH
example of a .bashrc file:
# .bashrc
# Source global definitions
if [ -f /etc/bashrc ]; then . /etc/bashrc fi
# User specific aliases and functions
alias rm='rm -i'
alias cp='cp -i'
alias mv='mv -i'
Configuring system-wide shell options
/etc/bashrc
While you can put system-wide options in the /etc/bashrc file, users can override these settings.
Setting system profiles
/etc/profile
PATH
Environment variables
The last thing the /etc/profile file does is look at the contents of the /etc/profile.d directory and
source in the files that it finds.
To prevent a remote user from logging in and accessing a shell (via ssh, telnet, or another login
service), you can set the default shell for a user to nologin.
For example: # useradd -s /sbin/nologin jerryb
A common practice with Web hosting is to allow a user to place content on the server, often in that
user’s /home/username/public_html directory,
Resetting a user’s password
passwd mary
After resetting the password, set it to expire so the user has to change it the next time she logs in.
You can use the chage
command to set an expiration period for the password and to trick the system into thinking that the
password is long overdue to be changed:
# chage -M 30 -d 0 mary
The -M 30 option tells the system to expire Mary’s password every 30 days. The -d 0 option tricks
the system into thinking that her password has not been changed since January 1, 1970.
If you do that it will force a new password every 30 days
Modifying Accounts
Modifying user accounts with usermod
Assume that a new employee named Jenny Barnes will be taking over Mary’s job. We want to
convert the mary account to a new name (-l jenny), new comment (-c"Jenny Barnes"), and home
directory (-d /home/jenny). You can do that with the following command:
# usermod -l jenny -c"Jenny Barnes" -m -d /home/jenny
Users can also change their own user information using the chfn command. This information is
stored in the /etc/passwd file and displayed when you type the finger command (e.g., finger jenny,
to get information on a given user). In this example, the full name, office name, office phone, home
phone, and work phone are set by the user jenny:
$ chfn -f"J Smith" -o"A-111" -p 555-1212 -h 555-2323
finger command opens potential security issues.
Modifying user accounts with User Manager
system-config-users
Deleting User Accounts
Deleting user accounts with userdel
To delete the user account with login name mary, type the following:
# userdel mary
To wipe out her home directory along with her account, type this:
# userdel -r mary
Files owned by the deleted user but not located in the user’s home directory will not be deleted.
Soo
find / -user mary
Searches the entire file hierarchy (start at /) for all files and directories owned by mary and prints
the filenames to the screen.
find /home -user mary -exec rm -i {} \ ;
Searches for all files and subdirectories under /home owned by mary. Run the rm command
interactively to delete each file.
find / -user mary -exec chown jenny {} \;
Searches for all files and subdirectories under /home that are owned by user mary and runs the
chown command to change each file so that it is owned by jenny instead.
Deleting user accounts with User Manager
Using du to check disk use
The following checks disk usage for several home directories:
# du -hcs /home/tom /home/bill /home/tina /home/sally
Removing temp files automatically
tmpwatch
/etc/cron.daily/tmpwatch
Chapter 11: Automating System Tasks
def: shell script is a group of commands, functions, variables, or just about anything else you can
use from a shell.
1. Understanding Shell Scripts
Shell scripts are the equivalent of batch files in MS-DOS,
Fedora uses shell scripts (/etc/rc.d/rc.sysinit and /etc/rc) to check and mount all your file
systems, set up your consoles, configure your network, launch all your system services, and
eventually provide you with your login screen.
1a. Executing and debugging shell scripts
One of the primary advantages of shell scripts is that you can open them in any text editor
to see what they do.
two basic ways to execute a shell script:
The filename is used as an argument to the shell (as in bash myscript).
the name of the interpreter placed in the first line of the script, preceded by #! (as in
#!/bin/bash), and have its execute bit set (using chmod +x). You can then run your script
just like any other program
pound sign (#) prefaces comments
tips
Place an echo statement at the beginning of lines within the body of a loop. That way,
rather than execute the code, you can see what will be executed without making any
permanent changes.
You could use set -x near the beginning of the script to display each command that is
executed or launch your scripts using bash –x myscript.
keeping your code readable
1b. Understanding shell variables
Variable names within shell scripts are case-sensitive and can be defined in the following
manner:
NAME=value
characters such as the dollar sign ($), backtick (`), asterisk (*), exclamation point (!), and
others have special meaning to the shell,
In Linux, to properly interpret a file named my big! file!, you need to either surround it in
double quotes or type: my\ big\! file\!
The following example sets the output of the uname -n command to the MACHINE variable.
You can use parentheses to set NUM_FILES to the number of files in the current directory
by piping (|) the output
MACHINE='uname –n'
NUM_FILES=$(/bin/ls | wc –l)
In the next example the double quotes (") tell bash to substitute the value of the variable
CurBalance. If you used single quotes ('), the shell would merely display the text
$CurBalance
BALANCE is set to the value of the CurBalance variable: BALANCE="$CurBalance"
1c. Special shell variables
$0, $1, $2, $3…$n. $0 is special and is assigned the name used to invoke your script; the
others are assigned the values of the parameters passed on the command line.
1d. Parameter expansion in bash
As mentioned earlier, if you want the value of a variable, you precede it with a $ (for
example, $CITY). This is really just shorthand for the notation ${CITY};
Table 11-1: Examples of bash Parameter Expansion
Construction
Description
${var:-value}
If the variable is unset or empty, expand this to
value.
${var#pattern}
Chop the shortest match for pattern from the
front of var’s value.
${var##pattern}
Chop the longest match for pattern from the
front of var’s value.
${var%pattern}
Chop the shortest match for pattern from the
end of var’s value.
${var%%pattern}
Chop the longest match for pattern from the
end of var’s value.
Try typing the following commands from a shell to test how parameter expansion works:
FOOD="Pizza"
$ FOOD=${FOOD:-"Not Set"}
$ SNACK=${SNACK:-"Not Set"}
$ echo $FOOD
Pizza
$ echo $SNACK
Not Set
2. Performing arithmetic in shell scripts
3. Using programming constructs in shell scripts
3a. The “if...then” statements
VARIABLE=1
if [ $VARIABLE -eq 1 ] ; then
echo"The variable is 1"
fi
The = works best for comparing string values, while -eq is often better for comparing
numbers.
STRING="Friday"
if [ $STRING ="Friday" ] ; then
echo"WhooHoo. Friday."
else echo"Will Friday ever get here?"
fi
You can also reverse tests with an exclamation mark (!).
Tip
Leave a space before and after the square brackets, as [ is actually a Linux command in
/usr/bin (and built into the bash shell).
A simple backup script
filename = “$HOME"
if [ -f"$filename" ] ; then
echo"$filename is a regular file"
elif [ -d"$filename" ] ; then
echo"$filename is a directory"
else
echo"I have no idea what $filename is"
fi
value of 0, meaning it is true, or a 1, meaning it is false.
Table 11-2: Operators for Test Expressions
Operator
What Is Being Tested?
-a file
Does the file exist?Table 11-2: Operators for Test
Expressions (same as –e)
-b file
Is the file a special block device?
-c file
Is the file character special (e.g., a character device)? Used to
identify serial lines and terminal devices.
-d file
Is the file a directory?
-e file
Does the file exist? (same as -a)
-f file
Does the file exist, and is it a regular file (e.g., not a
directory, socket, pipe, link, or device file)?
-g file
Does the file have the set-group-id bit set?
-G file
Does your group own the file?
-h file
Is the file a symbolic link? (same as –L)
-k file
Does the file have the sticky bit set?
-L file
Is the file a symbolic link? (same as -h)
-n string
Is the length of the string greater than 0 bytes?
-N file
Has the file been modified since it was last read?
-O file
Do you own the file?
-p file
Is the file a named pipe?
-r file
Is the file readable by you?
-s file
Does the file exist, and is it larger than 0 bytes?
-S file
Does the file exist, and is it a socket?
-t fd
Is the file descriptor connected to a terminal?
-u file
Does the file have the set-user-id bit set?
-w file
Is the file writable by you?
-x file
Is the file executable by you?
-z string
Is the length of the string 0 (zero)
expr1 -a expr2
Are both the first expression and the second expression true?
expr1 -o expr2
Is either of the two expressions true?
file1 -nt file2
Is the first file newer than the second file (using the
modification timestamp)?
file1 -ot file2
Is the first file older than the second file (using the
modification timestamp)?
file1 -ef file2
Are the two files associated by a hard link?
var1 = var2
Is the first variable equal to the second variable?
var1 -eq var2
Is the first variable equal to the second variable?
var1 -ge var2
Is the first variable greater than or equal to the second
variable?
var1 -gt var2
Is the first variable greater than the second variable?
var1 > var2
Does the first variable sort after the second variable?
var1 -le var2
Is the first variable less than or equal to the second variable?
var1 -lt var2
Is the first variable less than the second variable?
var1 < var2
Does the first variable sort before the second variable?
var1 != var2
Is the first variable not equal to the second variable?
var1 -ne var2
Is the first variable not equal to the second variable?
3b. The case command
case"VAR" in
Result1)
{ body };;
Result2)
{ body };;
*)
{ body } ;;
esac
you need to replace "VAR" with the variable or command to test, and each { body } block
with the actual commands to run,
# Our VAR doesn't have to be a variable,
# it can be the output of a command as well
# Perform action based on day of week
case 'date +%a' in
"Mon")
BACKUP=/home/myproject/data0
TAPE=/dev/rft0
# Note the use of the double semi-colon to end each option
;;
# Note the use of the"|" to mean"or"
"Tue" |"Thu")
BACKUP=/home/myproject/data1
TAPE=/dev/rft1
;;
"Wed" |"Fri")
BACKUP=/home/myproject/data2
TAPE=/dev/rft2
;;
# Don't do backups on the weekend.
*)
BACKUP="none"
TAPE=/dev/null
;;
esac
asterisk (*) is used as a catchall,
3c. The “for...do” loop
for VAR in LIST
do
{ body }
done
for NUMBER in 0 1 2 3 4 5 6 7 8 9
do
echo The number is $NUMBER
one
for FILE in '/bin/ls'
do
echo $FILE
done
3d. “while...do” and “until...do”
while condition until condition
do
{ body }
done
Here is an example of a while loop that outputs the number
0123456789:
N=0
while [ $N –lt 10 ] ; do
echo –n $N
let N=$N+1
done
Another way to output the number 0123456789 is to use an until loop as follows:
N=0
until [ $N –eq 10 ] ; do
echo –n $N
let N=$N+1
done
4. Some useful external programs
(grep)
using grep to search for all lines that contain the text /home in the /etc/passwd file as
follows: grep /home /etc/passwd
(cut)
Using an earlier example of the grep command, this line pipes a list of regular users from the
/etc/passwd file, then displays the sixth field (-f6) as delimited by a colon (-d':'). The
hyphen at the end tells cut to read from standard input (from the pipe).
grep /home /etc/passwd | cut –f6 –d':' -
(tr)
(sed)
5. Trying some simple shell scripts
A simple telephone list This idea has been handed down from generation to generation of old
Unix hacks. It’s really quite simple, but it employs several of the concepts just introduced:
#!/bin/bash
# (@)/ph
# A very simple telephone list
# Type"ph new name number" to add to the list, or
# just type"ph name" to get a phone number
PHONELIST=~/.phonelist.txt
# If no command line parameters ($#), there
# is a problem, so ask what they're talking about.
if [ $# -lt 1 ] ; then
echo"Whose phone number did you want?"
exit 1
fi
# Did you want to add a new phone number?
if [ $1 ="new" ] ; then
shift
echo $* >> $PHONELIST
echo $* added to database
exit 0
fi
# Nope. But does the file have anything in it yet?
# This might be our first time using it, after all.
if [ ! -s $PHONELIST ] ; then
echo"No names in the phone list yet!"
exit 1
else grep -i -q"$*" $PHONELIST # Quietly search the file
if [ $? -ne 0 ] ; then # Did we find anything?
echo"Sorry, that name was not found in the phone list"
exit 1
else
grep -i"$*" $PHONELIST
fi
fi
exit 0
5a. A simple backup script
6. Initializing the System
1. Boot hardware
2. Start boot loader
3. Boot the kernel
7. Starting init
upstart,
Note
Upstart has been changing in recent versions of Fedora. Up through Fedora 12, the system
initialization files were in /etc/event.d/rcN, such as /etc/event.d/rc5. Starting in Fedora
13, these files are in /etc/init and have a .conf filename extension. Fedora 14 offers an
updated version of the upstart launch. Expect a lot of changes in this area.
Fedora 14, a new system called systemd
configuration files are located in /etc/systemd/system
services are defined in /lib/systemd/system.
uses target files that define multiple units grouped together.
multi-user.target defines target for run level 3
and graphical.target defines init level 5
Systemd associates each target, such as multi-user.target, with a set of things the target
wants, that is, things the target depends on, stored in the multi-user.target.wants
directory.
Even with systemd, you’ll see that most services are still defined in /etc/rc.d/init.d. You
can continue to use those files if you desire.
Note
See www.freedesktop.org/wiki/Software/systemd and
http://0pointer.de/blog/projects/systemd.html for more information on systemd. Most older
commands, such as service start and chkconfig, still work under systemd. See
http://docs.fedoraproject.org/en-US/Fedora/14/html/Installation_Guide/s2-boot-initshutdown-init.html for more information on upstart.
8. Starting Up and Shutting Down the System
8a. Starting run-level scripts
Any change of run level causes the /etc/rc.d/rc script to be executed, with the new run
level as an argument.
Checks that run-level scripts are correct
Determines current and previous run levels
Decides whether to enter interactive startup
Kills and starts run-level scripts
8b. Understanding run-level scripts
Table 11-4: Run-Level Scripts Contained in /etc/init.d
Run-Level
Scripts
Description
acpid
Controls the Advanced Configuration and Power
Interface daemon, which monitors events in the
kernel and reports them to user level.
atd
Starts or stops the at daemon to receive, queue, and
run jobs submitted via the at or batch commands.
autofs
Starts and stops the automount daemon, for
automatically mounting file systems (so, for example,
a CD can be automatically mounted when it is
inserted).
bluetooth
Starts services such as authentication, discovery,
and human interface devices for communicating with
Bluetooth devices.
crond
Starts or stops the cron daemon to periodically run
routine commands.
dhcpd
Starts or stops the dhcpd daemon, which
automatically assigns IP addresses to computers on a
LAN.
firstboot
Checks to see if firstboot needs to be run and, if so,
runs it. This is typically done after Fedora is first
installed.
haldaemon
Starts the hald daemon to discover and set up
hardware. Used to mount removable media, manage
power, or auto-play multimedia.
halt
Terminates all processes, writes out accounting
records, removes swap space, unmounts all file
systems, and either shuts down or reboots the
machine (depending on how the command was
called).
httpd
Starts the httpd daemon, which enables your
computer to act as an HTTP server (that is, to serve
Web pages).
ip6tables
Starts the ip6tables firewall daemon, which manages
any iptables-style firewall rules set up for your
computer for Ipv6 networking.
iptables
Starts the iptables firewall daemon, which manages
any iptables-style firewall rules set up for your
computer.
killall
Shuts down any subsystems that may still be running
prior to a shutdown or reboot.
messagebus
Runs the dbus-daemon for broadcasting system
messages to interested applications.
netfs
Mounts or unmounts network (NFS, SMB, and NCP)
file systems.
network
Starts or stops all configured network interfaces and
initializes the TCP/IP and IPX protocols.
NetworkMan
ager
Switches automatically to the best-available network
connections.
nfs
Starts or stops the NFS-related daemons (rpc.nfsd,
rpc.mountd, rpc.statd, and rcp.rquotad) and exports
shared file systems.
ntpd
Runs the Network Time Protocol daemon (ntpd),
which synchronizes system time with Internet
standard time servers.
openvpn
Runs the OpenVPN virtual private network service.
rsyslog
Starts or stops the klogd and rsyslogd daemons that
handle logging events from the kernel and other
processes, respectively.
sendmail
Controls the sendmail daemon, which handles
incoming and outgoing SMTP (Simple Mail Transport
Protocol) mail messages.
smb
Starts or stops the smbd and nmbd daemons for
allowing access to Samba file and print services.
snmpd
Starts or stops the snmpd (Simple Network
Management Protocol) daemon, which enables others
to view machine-configuration information.
sshd
Runs the secure shell daemon (sshd), which listens
for requests from ssh clients for remote login or
remote execution requests.
vsftpd
Runs the Very Secure FTP server (vsftpd) to provide
FTP sessions to remote clients for downloading and
uploading files.
winbind
Runs the winbind service for Samba file and print
services.
Each script is linked with K stops with S starts
two digits following the K or S select the priority
All of the programs within the /etc/rcX.d directories (where X is replaced by a run-level
number) are symbolic links, usually to a file in /etc/init.d.
9. Understanding what startup scripts do
10. Changing run-level script behavior
Note Always make a copy
Many of the startup scripts use a file in the /etc/sysconfig
11. Reorganizing or removing run-level scripts
Caution :You should never remove the run-level file from the /etc/init.d directory.
system-config-services
chkconfig --list | less
chkconfig --list cups
ntsysv
12. Adding run-level scripts
13. Managing xinetd services
Several services, particularly network services, are not handled by separate run-level
scripts. Instead, a single run-level script called xinetd (formerly inetd) is run to handle
incoming requests for these services.
Fewer daemon processes
Access control and logging
14. Manipulating run levels
telinit command (really just a symbolic link to init) enables you to specify a desired run level,
14a. Determining the current run level
# runlevel S 5
14b. Changing to a shutdown run level
reboot, halt, poweroff, and shutdown
15. Scheduling System Tasks
15a. Using at.allow and at.deny
limit which users can use the at facility. The file /etc/at.allow contains a list of users who
are granted access, and the file /etc/at.deny contains a similar list of those who may not
submit at jobs.
15b. Specifying when jobs are run
Table 11-5: Samples for Specifying Times in an at Job
Command Line
Description
at now
The job is run immediately.
at now + 2
minutes
The job will start two minutes from the
current time.
15c. Submitting scheduled jobs
Piped in from standard input
echo"cd /tmp/perl; make ; ls -al" | at 2am tomorrow
Read as standard input
$ at 23:40
at> cd /tmp/perl
at> make
at> ls -al
at> <Ctrl-d>
Read from a file
$ at -f /root/bin/runme now + 5 hours
15d. Viewing scheduled jobs
atq
(effectively the same as at -l)
# atq
2 Sun Jan 9 00:51 a ericfj
3 Sun Jan 9 00:52 a ericfj
4 Sun Jan 9 23:52 a ericfj
Here you can see that three at jobs are pending (job numbers 2, 3, and 4, all indicated as a).
After the job number, the output shows the date and hour each
15e. Deleting scheduled jobs
# atrm 19 20
15f. Using the batch command
If system resources are at a premium on your machine, or if the job you submit can run at a
priority lower than normal, the batch command (equivalent to at -q b) may be useful.
$ batch
at> du -h /home > /tmp/duhome
at> <Ctrl+d>
As soon as the load average is low enough, the command is run.
15g. Using the cron facility
cron includes two access control files designed to limit which users can use it. The file
/etc/cron.allow contains a list of users who are granted access, and the file /etc/cron.deny
four places where a job can be submitted
/var/spool/cron/username
/etc/crontab
/etc/cron.d
/etc/cron.hourly, /etc/cron.daily, /etc/cron.weekly, and /etc/cron.monthly
directories
Table 11-6: Valid /etc/crontab Field Values
#
Field
Acceptable Values
1
minute
Any integer between 0 and 59
2
hour
Any integer between 0 and 23, using a 24-hour
clock
3
day of
the
month
Any integer between 0 and 31
4
month
Any integer between 1 and 12, or an abbreviation
for the name of the month (Jan, Feb, Mar, Apr,
May, Jun, Jul, Aug, Sep, Oct, Nov, Dec)
5
day of
the
week
Any integer between 0 and 7 (as a convenience,
both 0 and 7 can represent Sunday, 1 is Monday, 2
is Tuesday, and so on), or abbreviation for the day
(Sun, Mon, Tue, Wed, Thu, Fri, Sat)
15g. Modifying scheduled tasks with crontab
The files in /var/spool/cron should not be edited directly. They should only be accessed via
the crontab command.
command: $ crontab -l
crontab -r
crontab -e
15h. Understanding cron files
examples
/etc/cron.daily/logrotate
/etc/cron.daily/makewhatis.cron
/etc/cron.daily/mlocate.cron
/etc/cron.daily/tmpwatch
makewhatis.cron script installed in /etc/cron.weekly is similar to the one in /etc/cron.daily
but it completely rebuilds the whatis database,
Finally, the /etc/cron.d directory contains files that have the same format as /etc/crontab
files.
