System Administration: Core Concepts Chapter 11. Introduction What is the job of the system administrator? Keep one or more systems in a useful and

System System Administration: Administration: Core ConceptsCore Concepts

Chapter 11Chapter 11

Introduction Introduction

What is the job of the system What is the job of the system administrator?administrator? Keep one or more systems in a useful and Keep one or more systems in a useful and

convenient state for usersconvenient state for users

Introduction Introduction

A well-maintained systemA well-maintained system Runs quickly enough so users do not get too frustrated waiting Runs quickly enough so users do not get too frustrated waiting

for the system to respondfor the system to respond Has enough storage to accommodate users’ needsHas enough storage to accommodate users’ needs Provides a working environment appropriate to each user’s Provides a working environment appropriate to each user’s

abilities and requirementsabilities and requirements Is secure from malicious and accidental acts altering its Is secure from malicious and accidental acts altering its

performance or compromising the security of the data is holdsperformance or compromising the security of the data is holds Is backed up regularly, with recently backed-up files readily Is backed up regularly, with recently backed-up files readily

available.available. Backups must be tested regularlyBackups must be tested regularly

All software on the system is patched and updatedAll software on the system is patched and updated

System Administrator System Administrator and SuperUserand SuperUser

Much of what a system administrator does is work that Much of what a system administrator does is work that ordinary users do not have permission to doordinary users do not have permission to do

To perform these tasks, the administrator typically will To perform these tasks, the administrator typically will login as login as root (SuperUser)root (SuperUser) Some commands can only be executed by rootSome commands can only be executed by root Read, Write, and Execute file and directory access Read, Write, and Execute file and directory access

permissions do not affect rootpermissions do not affect root Some safeguards built in to some commands do not apply to Some safeguards built in to some commands do not apply to

rootroot When running with root privileges, the shell will display a When running with root privileges, the shell will display a

special prompt (#)special prompt (#)

System Administrator System Administrator and SuperUserand SuperUser

Gaining or granting Superuser privilegesGaining or granting Superuser privileges Bring the system up in single-user modeBring the system up in single-user mode Once the system is running in multi-user Once the system is running in multi-user

mode, login as rootmode, login as root Use the su (substitute user) commandUse the su (substitute user) command Use the sudo command to give users Use the sudo command to give users

superuser privlidges for a limited amount of superuser privlidges for a limited amount of time on a per-user per-command basistime on a per-user per-command basis

Using setuidUsing setuid

System Administration System Administration ToolsTools

Numerous tools exist to assist in system Numerous tools exist to assist in system administration it’s up to your imagination to administration it’s up to your imagination to make them work the way you wantmake them work the way you want

su (substitute user)su (substitute user) Gives you another user’s privilegesGives you another user’s privileges You must know the password of the user who’s You must know the password of the user who’s

privileges you want to useprivileges you want to use When su is used to become the superuser, a new When su is used to become the superuser, a new

shell is spawned and displays the # promptshell is spawned and displays the # prompt Use CONTROL-D or Use CONTROL-D or exitexit to terminate the session to terminate the session


su (cont.)su (cont.) e.g. e.g.

$ id$ iduid=500(alex) gid=500(alex) groups=500(alex) context=user_u:system_r:unconfined_ruid=500(alex) gid=500(alex) groups=500(alex) context=user_u:system_r:unconfined_r$ su$ suPassword:Password:# id# iduid=0(root) gid=0(root) groups=0(root), 1(bin), 2(daemon), 3(sys), …uid=0(root) gid=0(root) groups=0(root), 1(bin), 2(daemon), 3(sys), …

su can be used with the –c option to run a single su can be used with the –c option to run a single command with other privilidgescommand with other privilidges e.g.e.g.

$ kill -15 4982$ kill -15 4982-bash: kill: (4982) – Operation not permitted-bash: kill: (4982) – Operation not permitted$ su –c “kill -15 4982”$ su –c “kill -15 4982”Password:Password:$$


killkill Sends a signal to a processSends a signal to a process

The signal may or may not terminate the processThe signal may or may not terminate the process kill -15 or kill –TERMkill -15 or kill –TERM

will send a terminate signal to the process. The will send a terminate signal to the process. The process could ignore this.process could ignore this.

kill -9 or kill –killkill -9 or kill –kill will send a terminate signal that the process CAN’T will send a terminate signal that the process CAN’T

ignoreignore

System OperationSystem Operation

Booting the systemBooting the system The process of reading the Linux kernel into The process of reading the Linux kernel into

system memory and starting it runningsystem memory and starting it running

The last step of the boot procedure is for Linux The last step of the boot procedure is for Linux to run the init program as PID number 1to run the init program as PID number 1 init is the first genuine process to run after bootinginit is the first genuine process to run after booting init is the parent of all system processesinit is the parent of all system processes if you kill process 1, the system will crashif you kill process 1, the system will crash

System Operation System Operation init scriptsinit scripts

start and stop system servicesstart and stop system services The first script that init runs is /etc/rc.d/rc.sysinitThe first script that init runs is /etc/rc.d/rc.sysinit

performs basic system configurationperforms basic system configuration setting the clocksetting the clock hostnamehostname keyboard mappingkeyboard mapping setting up swap partitionssetting up swap partitions checking the file systems for errorschecking the file systems for errors turning on quota managementturning on quota management

System OperationSystem Operation init scripts (cont.)init scripts (cont.)

/etc/rc.d/rc/etc/rc.d/rc Runs next after rc.sysinitRuns next after rc.sysinit Runs the scripts for services that need to be started or Runs the scripts for services that need to be started or

stopped when the system is first brought up or that stopped when the system is first brought up or that need to be started or stopped when going from single need to be started or stopped when going from single user to multiuser and backuser to multiuser and back

Init scripts (rc - run command) are shell scripts located Init scripts (rc - run command) are shell scripts located in /etc/rc.d/init.din /etc/rc.d/init.d

run via symbolic link in the /etc/rc.d/rcrun via symbolic link in the /etc/rc.d/rcnn.d.d n refers to the runlevel the system is enteringn refers to the runlevel the system is entering


Configuring ServicesConfiguring Services service utilityservice utility

reports on or changes the status of a servicereports on or changes the status of a service

system-config-servicessystem-config-services Displays the Service Configuration windowDisplays the Service Configuration window Two functionsTwo functions

Turns a system service on and offTurns a system service on and off Controls which services are stopped and started when Controls which services are stopped and started when

the system enters and leaves runlevels 3, 4, and 5the system enters and leaves runlevels 3, 4, and 5

Service Configuration GUIService Configuration GUI


Configuring Services (cont.)Configuring Services (cont.) chkconfigchkconfig

Character basedCharacter based Duplicates much of the system-config-services Duplicates much of the system-config-services

utilityutility Add, remove, list startup information, and check Add, remove, list startup information, and check

the state of system servicesthe state of system services Changes the config only – not the current state of Changes the config only – not the current state of

servicesservices

System OperationSystem Operation Bringing the system downBringing the system down

Shutdown utility Shutdown utility Must be told what time to bring the system downMust be told what time to bring the system down Warns all users that the system is going downWarns all users that the system is going down

Halt utilityHalt utility Calls the shutdown utilityCalls the shutdown utility

Both bring the system down safelyBoth bring the system down safely CONTROL-ALT-DELCONTROL-ALT-DEL

Reboots the systemReboots the system

DO NOT TURN POWER OFF BEFORE SYSTEM IS DO NOT TURN POWER OFF BEFORE SYSTEM IS DOWNDOWN


CRASH!!!!!CRASH!!!!! Occurs when the system suddenly stops or Occurs when the system suddenly stops or

fails.fails.

Run fsck on all local filesystems that were Run fsck on all local filesystems that were mounted at time of a crash – this is a file mounted at time of a crash – this is a file system check utility - (p.470) system check utility - (p.470)

System Administration UtilitiesSystem Administration Utilities Red Hat configuration toolsRed Hat configuration tools

system-config-authenticationsystem-config-authentication Displays Authentication Configuration window with Displays Authentication Configuration window with

two tabstwo tabs User InformationUser Information

Allows enabling of NIS, LDAP, Hesiod, and WinbindAllows enabling of NIS, LDAP, Hesiod, and Winbind AuthenticationAuthentication

Allows the use of shadow and MD5 passwordsAllows the use of shadow and MD5 passwords

system-config-bind (Fedora)system-config-bind (Fedora) Displays the DNS windowDisplays the DNS window

System Administration System Administration Utilities Utilities

Red Hat configuration tools Red Hat configuration tools system-config-bootsystem-config-boot

Displays the Boot Configuration windowDisplays the Boot Configuration window system-config-datesystem-config-date

Displays the date/time properties windowDisplays the date/time properties window system-config-displaysystem-config-display

Displays the Display Settings windowDisplays the Display Settings window system-config-httpdsystem-config-httpd

Displays the HTTP windowDisplays the HTTP window system-config-keyboardsystem-config-keyboard

Displays the keyboard windowDisplays the keyboard window

Config Utilities Config Utilities

System Administration System Administration UtilitiesUtilities

Red Hat configuration tools Red Hat configuration tools system-config-kickstartsystem-config-kickstart

Displays the Kickstart Configurator windowDisplays the Kickstart Configurator window used to create a Kickstart scriptused to create a Kickstart script

system-config-languagesystem-config-language Displays the Language Selection windowDisplays the Language Selection window

system-config-lvmsystem-config-lvm Displays the Logical Volume Management windowDisplays the Logical Volume Management window

system-config-mousesystem-config-mouse Displays the Mouse Configuration windowDisplays the Mouse Configuration window

System Administration System Administration UtilitiesUtilities

Red Hat configuration tools Red Hat configuration tools system-config-netbootsystem-config-netboot

Displays the Network installation and Diskless Displays the Network installation and Diskless Environment windowEnvironment window

system-config-networksystem-config-network Displays the Network Configuration window (p.571)Displays the Network Configuration window (p.571)

system-config-network-cmdsystem-config-network-cmd Displays the parameters that system-config-Displays the parameters that system-config-

network usesnetwork uses


Red Hat configuration tools Red Hat configuration tools system-config-printersystem-config-printer

Displays the Printer Configuration windowDisplays the Printer Configuration window

system-config-rootpasswordsystem-config-rootpassword Displays the Root Password windowDisplays the Root Password window The passwd command can also be usedThe passwd command can also be used

system-config-sambasystem-config-samba Displays the Samba Server Configuration Displays the Samba Server Configuration

windowwindow


Red Hat configuration tools Red Hat configuration tools system-config-servicessystem-config-services

Displays the Service Configuration windowDisplays the Service Configuration window Configures which services run at which runlevelConfigures which services run at which runlevel

system-config-soundcardsystem-config-soundcard Displays the Audio Devices windowDisplays the Audio Devices window

system-config-userssystem-config-users Displays the User Management windowDisplays the User Management window Used to manage users and groupsUsed to manage users and groups

System Administration UtilitiesSystem Administration Utilities Command Line Utilities Command Line Utilities

kudzukudzu Finds new and changed hardware and configures itFinds new and changed hardware and configures it

mkfsmkfs Creates a new filesystem Creates a new filesystem e.g. mkfs –t ext3 e.g. mkfs –t ext3 devicedevice

setserialsetserial Gets and sets serial port informationGets and sets serial port information

statstat Displays the information about a file or filesystemDisplays the information about a file or filesystem

Setting Up a Server – Admin TasksSetting Up a Server – Admin Tasks

Writing configuration filesWriting configuration files Specifying hosts and subnetsSpecifying hosts and subnets port-mapport-map rpcinforpcinfo xinetdxinetd TCP wrappersTCP wrappers chroot jailchroot jail

Setting up a Server Setting up a Server Standard Rules in writing Configuration Standard Rules in writing Configuration

FilesFiles Blank lines are ignoredBlank lines are ignored # anywhere on a line starts a comment that # anywhere on a line starts a comment that

continues to the end of the linecontinues to the end of the line When a name contains a SPACE, it must be When a name contains a SPACE, it must be

quoted by single or double quotesquoted by single or double quotes Lines can be broken by inserting a backslash Lines can be broken by inserting a backslash

(\) and pressing RETURN(\) and pressing RETURN

Setting Up a Server Setting Up a Server

Specifying Clients in config filesSpecifying Clients in config filesPatternPattern MatchesMatchesn.n.n.nn.n.n.n One IP addressOne IP address

namename One hostnameOne hostname

name starts with .name starts with . name ending with the specified stringname ending with the specified string

IP addr ending with .IP addr ending with . IP addresses starting with the specified IP addresses starting with the specified numbersnumbers

n.n.n.n/m.m.m.mn.n.n.n/m.m.m.m IP addresses based on subnet maskIP addresses based on subnet mask

ALLALL Always matchAlways match

LOCALLOCAL Any hostname that doesn’t contain a .Any hostname that doesn’t contain a .

EXCEPTEXCEPT Matches anything in the preceding list Matches anything in the preceding list that is not in the following listingthat is not in the following listing

Setting Up a ServerSetting Up a Server

rpcinfo and portmaprpcinfo and portmap rpcinfo displays information about programs rpcinfo displays information about programs

registered with portmapregistered with portmap RCP calls are made to programs to see if they are RCP calls are made to programs to see if they are

“alive”“alive”

Setting Up a Server Setting Up a Server xinetd xinetd SuperserverSuperserver

Replaced inetd and is more secureReplaced inetd and is more secure Listens for network connectionsListens for network connections

When a connection is made, it launches a specified When a connection is made, it launches a specified server daemon and forwards the data from the socket server daemon and forwards the data from the socket to the daemon’s standard inputto the daemon’s standard input

uses /etc/hosts.allow and /etc/hosts.denyuses /etc/hosts.allow and /etc/hosts.deny

Setting Up a ServerSetting Up a Server

xinetd xinetd Base configuration stored in /etc/xinetd.conf Base configuration stored in /etc/xinetd.conf

View the contents of /etc/xinetd.confView the contents of /etc/xinetd.conf defaultsdefaults

specifies the default configuration of xinetdspecifies the default configuration of xinetd files in the included in the /etc/xinetd.d directory specify files in the included in the /etc/xinetd.d directory specify

server specific configurationsserver specific configurations defaults can be overridden by server-specific defaults can be overridden by server-specific

configuration filesconfiguration files instancesinstances

specify the number of instances a daemon can run at one timespecify the number of instances a daemon can run at one time

Setting Up a Server Setting Up a Server DHCP DHCP

The client daemon (dhclient) contacts the server The client daemon (dhclient) contacts the server daemon (dhcpd), to obtain IP addressing and daemon (dhcpd), to obtain IP addressing and additional informationadditional information netmasknetmask broadcastbroadcast dnsdns etc.etc.

Broadcast basedBroadcast based Both client and server must be on the same subnetBoth client and server must be on the same subnet


DHCP DHCP DHCP ClientDHCP Client

Requests network configuration parameters from Requests network configuration parameters from the DHCP serverthe DHCP server

Uses the obtained parameters to configure the Uses the obtained parameters to configure the network interfacenetwork interface

Need to have dhclient installedNeed to have dhclient installed DHCP lease information is stored in DHCP lease information is stored in

dhclient.leasesdhclient.leases


DHCP Server DHCP Server Maintains a list of IP addresses and other configuration Maintains a list of IP addresses and other configuration

parametersparameters When requested, the DHCP server provides configuration When requested, the DHCP server provides configuration

parameters to a DHCP clientparameters to a DHCP client Need to have dhcp installedNeed to have dhcp installed To cause dhcpd to start when the system enters multiuserTo cause dhcpd to start when the system enters multiuser

/sbin/chkconfig dhcpd on/sbin/chkconfig dhcpd on

To start manuallyTo start manually /sbin/service dhcpd start/sbin/service dhcpd start


DHCP DHCP DHCP Server DHCP Server

Simple DHCP serverSimple DHCP server Add clients to a networkAdd clients to a network Eliminates the need to maintain a list of assigned IP Eliminates the need to maintain a list of assigned IP

addresses addresses Some devices should NOT have an IP address assiged via Some devices should NOT have an IP address assiged via

DHCPDHCP RoutersRouters ServersServers SwitchesSwitches Others?Others?



Simple DHCP server configuration Simple DHCP server configuration /etc/dhcpd.conf/etc/dhcpd.conf

default-lease-time 600;default-lease-time 600;max-lease-time 86400;max-lease-time 86400;

option subnet-mask 255.255.255.0;option subnet-mask 255.255.255.0;option broadcast-address 192.168.1.255;option broadcast-address 192.168.1.255;option routers 192.168.1.1;option routers 192.168.1.1;option domain-name-servers 192.168.1.1;option domain-name-servers 192.168.1.1;

subnet 192.168.1.0 netmask 255.255.255.0 {rangesubnet 192.168.1.0 netmask 255.255.255.0 {range192.168.1.2 192.168.1.200}192.168.1.2 192.168.1.200}


DHCP Server DHCP Server To install To install

Download latest version from the Internet Software Download latest version from the Internet Software Consortium (Consortium (www.isc.org))

Unpack the archiveUnpack the archive $ tar xzf ./dhcp-3.0.6.tar.gz$ tar xzf ./dhcp-3.0.6.tar.gz

Move the new directory that contains all the source filesMove the new directory that contains all the source files $ ./configure$ ./configure $ make$ make $ sudo make install$ sudo make install

Copy the server/dhcp.conf to /etcCopy the server/dhcp.conf to /etc



To install To install $ sudo touch /var/lib/dhcp/dhcp.leases$ sudo touch /var/lib/dhcp/dhcp.leases $ sudo chkconfig –level 35 dhcpd on$ sudo chkconfig –level 35 dhcpd on $ /etc/init.d/dhcp restart$ /etc/init.d/dhcp restart

Where do we go from Where do we go from here?here?

Read this chapterRead this chapter Try out some of the commandsTry out some of the commands We will be installing DHCP in future We will be installing DHCP in future

lessons on your VM.lessons on your VM.

Documents

System Administration: Core Concepts Chapter 11. Introduction What is the job of the system administrator? Keep one or more systems in a useful and