1 Advanced Unix Administrative Tools. 2 VMWare Image Setup We all need to check out the VMWare FC6 image that you’ll be using We all need to check out

11

Advanced UnixAdvanced Unix

Administrative ToolsAdministrative Tools

22

VMWare Image SetupVMWare Image Setup

We all need to check out the VMWare We all need to check out the VMWare FC6 image that you’ll be usingFC6 image that you’ll be using• Login as rootLogin as root• Password should be “thoughtpolice”Password should be “thoughtpolice”• Now create a non-root account for Now create a non-root account for

yourself:yourself: adduser <userid>adduser <userid>

• Create a password:Create a password: Passwd <userid>Passwd <userid>

33


Superuser rootSuperuser root• Unrestricted accessUnrestricted access• Become a superuserBecome a superuser

Log in to rootLog in to root Use su or su –Use su or su –

• Inherits the env from current shellInherits the env from current shell

• Only use superuser when it is neededOnly use superuser when it is needed• Change root password periodicallyChange root password periodically

Employment status change for SAEmployment status change for SA Unauthorized accessUnauthorized access

44


• Always lock your screenAlways lock your screen Use xlock or simply log offUse xlock or simply log off

• Controlling su accessControlling su access System VSystem V BSD – member’s of group 0BSD – member’s of group 0 Linux – GNU su does not check Linux – GNU su does not check

membership of group 0membership of group 0

• Run a command with su same timeRun a command with su same time su root –c “command”su root –c “command”

55

Administrative ToolsAdministrative Tools Facility sudoFacility sudo

• Selective accessSelective access• Allow some user to run specific commands Allow some user to run specific commands

as root without having to know the root as root without having to know the root passwordpassword

RUN sudo commandRUN sudo command• Type in user’s own passwordType in user’s own password• Good for a configurable time, default 5 minutesGood for a configurable time, default 5 minutes

• Configuration file /etc/sudoersConfiguration file /etc/sudoers UsersUsers CommandsCommands FormatFormat

Users host=commandsUsers host=commands

66


More about Facility sudoMore about Facility sudo• Select the commands for sudo with Select the commands for sudo with

carecare No shell scriptsNo shell scripts No utility which provides shell escapesNo utility which provides shell escapes

• Editor visudoEditor visudo LockLock Syntax checkingSyntax checking

77

Quick Sudo LabQuick Sudo Lab

As a normal user type the following:As a normal user type the following:

/bin/cat /etc/sudoers/bin/cat /etc/sudoers Now try the following:Now try the following:

sudo /bin/cat /etc/sudoerssudo /bin/cat /etc/sudoers Now add the following to Now add the following to

/etc/sudoers/etc/sudoers

<your id> ALL=/bin/cat /etc/sudoers<your id> ALL=/bin/cat /etc/sudoers Now try step 2 again…Now try step 2 again…

88


• Advantages of sudoAdvantages of sudo Command logging - accountabilitiesCommand logging - accountabilities Operators can do choresOperators can do chores Hide the real root passwordHide the real root password Revoke the privilege without changing Revoke the privilege without changing

the root passwordthe root password A list of users with privileged access is A list of users with privileged access is

maintained maintained Less chance of root shell left unattendedLess chance of root shell left unattended

99


• Disadvantages of sudoDisadvantages of sudo Breach in security of a personal account can Breach in security of a personal account can

equal a compromise of the root account equal a compromise of the root account Logging can be subvertedLogging can be subverted

• sudo cshsudo csh• sudo susudo su

1010

Administrative ToolsAdministrative Tools Communicating with UsersCommunicating with Users

• Command writeCommand write writewrite username [tty] username [tty]

• only talks on local systemonly talks on local system Ctrl–D ends the Ctrl–D ends the writewrite session it session it Replying with Replying with writewrite will create a two-way will create a two-way

communicationcommunication• Command Command talk talk oror ytalk ytalk

Must have a daemon listeningMust have a daemon listening Separate window for sender and receiverSeparate window for sender and receiver

• To refuse write, talk and ytalk requestsTo refuse write, talk and ytalk requests Use the command Use the command mesg n or ymesg n or y Default is Default is nn Root account overrides the settingRoot account overrides the setting

1111


More about Communicating with UsersMore about Communicating with Users• Sending message to allSending message to all

Command = Command = wallwall Very useful for system announcementsVery useful for system announcements

““System going down. Save your work and logoff”System going down. Save your work and logoff”

• The message of the DayThe message of the Day /etc/motd/etc/motd /etc/issue/etc/issue /etc/issue.net/etc/issue.net

1212


Administration toolsAdministration tools• Examples:Examples:

Digital Unix: SETUPDigital Unix: SETUP HP-UX: SAMHP-UX: SAM Solaris: admintoolSolaris: admintool

• Good Good Quick start to system administrationQuick start to system administration

• Mask the raw commandsMask the raw commands Easy: combine several stepsEasy: combine several steps

• DownsideDownside The command prompt is ususally fasterThe command prompt is ususally faster Not all commands available through menuNot all commands available through menu Slow down the learning processSlow down the learning process

1313


HP-UX’s SAMHP-UX’s SAM• Perform a variety of system Perform a variety of system

management tasksmanagement tasks System configurationSystem configuration Change a parameterChange a parameter File system managementFile system management ……

• Detailed loggingDetailed logging

1414


Admin tools for LinuxAdmin tools for Linux• LinuxconfLinuxconf• WebminWebmin• Yet Another System Tool (YaST)Yet Another System Tool (YaST)

1515

ManualsManuals

Unix has two typesUnix has two types• Man pagesMan pages

Individual commandsIndividual commands For formatFor format RoutinesRoutines

• Supplemental documentsSupplemental documents PrintedPrinted online from Internetonline from Internet DVD/CDROMDVD/CDROM RFCs (Request for Comments) for protocols, RFCs (Request for Comments) for protocols,

standards used on the Internetstandards used on the Internet

1616

Organization of man pagesOrganization of man pagesSolaris/Solaris/HP-UXHP-UX

LinuxLinux ContentsContents

11 11 User-level commands and applicationsUser-level commands and applications

22 22 System calls and kernel errorSystem calls and kernel error

33 33 Library callsLibrary calls

44 55 Standard file formatsStandard file formats

55 77 Miscellaneous files and documentsMiscellaneous files and documents

66 66 Games and demonstrationsGames and demonstrations

77 44 Device drivers and network protocolsDevice drivers and network protocols

1m1m 88 System administration commandsSystem administration commands

99 99 Obscure kernel specs and interfacesObscure kernel specs and interfaces

1717

ManualManual

Man pages are keptMan pages are kept• Under Under /usr/man/man#/usr/man/man# or or

/usr/share/man/man#/usr/share/man/man#• Format (troff, SGML)Format (troff, SGML)• Compressed (compress or gzip)Compressed (compress or gzip)

read manual pages: manread manual pages: man• $man title$man title

Example: $man lsExample: $man ls

• $man section title$man section title Example: $man 4 ttyExample: $man 4 tty Solaris Example: $man –s 4 tty Solaris Example: $man –s 4 tty

1818

ManualManual

More about reading manual pages: More about reading manual pages: manman• MANPATHMANPATH

/etc/man.config/etc/man.config Add new man pages besides the system ones.Add new man pages besides the system ones.

MANPATH=/home/share/localman:/usr/share/manMANPATH=/home/share/localman:/usr/share/man

• Keyword search in synopsisKeyword search in synopsis $man –k keyword$man –k keyword

Example: $man –k mountExample: $man –k mount

1919

Creating an ISO ImageCreating an ISO Image

Step One:Step One:• Place your cd’s or dvd in your drivePlace your cd’s or dvd in your drive• As root type the following to make image:As root type the following to make image:

dd if=/dev/cdrom of=/home/ISO/fc4-dvd.isodd if=/dev/cdrom of=/home/ISO/fc4-dvd.iso• The ISO image will be create in your current The ISO image will be create in your current

directorydirectory

2020

Mounting the ISO ImageMounting the ISO Image

Step twoStep two• Make directory under the /mnt directory Make directory under the /mnt directory

called isocalled iso• Then you can mount the ISO image with:Then you can mount the ISO image with:

mount -o loop=/dev/loop1 -t iso9660 filename.iso /mnt/isomount -o loop=/dev/loop1 -t iso9660 filename.iso /mnt/iso

• To simplify this add the following line to To simplify this add the following line to /etc/fstab/etc/fstab

/home/ISO/fc4-dvd.iso /mnt/iso iso9660 loop=/dev/loop1,noauto/home/ISO/fc4-dvd.iso /mnt/iso iso9660 loop=/dev/loop1,noauto

2121

Documents

1 Advanced Unix Administrative Tools. 2 VMWare Image Setup We all need to check out the VMWare FC6 image that you’ll be using We all need to check out