Getting Started with Linux: Novells Guide to CompTIAs Linux Course 3060

1
Getting Started with Linux Novells Guide to
CompTIAs Linux (Course 3060)

• Section 7
• Use the Command-Line Interface to Administer the
  System

2
Objectives

• Understand User and Group Configuration Files
• Manage User Accounts and Groups from the
  Command-Line
• Manage File Permissions and Ownership
• Set up and Configure Disk Quotas

3
Objectives (continued)

• Decide Which File System Format to Use
• Manage Local Storage Devices and File Systems
• Execute RPM Package-Related Operations
• Perform a Standard Software Build from Source
• Understand and Configure a Boot Manager

4
Understand User and Group Configuration Files

• Information on users and groups is kept in
• /etc/passwd
• /etc/shadow
• /etc/group
• You should not modify these files with an editor
• Use YaST or the appropriate command-line tools
• Modifying these files with an editor can lead to
  errors
• To ensure consistency, you should be able to
• Check /etc/passwd and /etc/shadow
• Convert Passwords to and from Shadow

5
/etc/passwd
6
/etc/passwd (continued)

• UID
• 099 for the system itself
• 100499 for special system users (such as
  services and programs)
• On SLES 9, normal users start from UID 1000

7
/etc/shadow

• Only root can modify it
• Root and members of the group shadow can read it
• Contains encrypted (hashed) passwords
• Coded with crypt 13 characters long
• If an invalid character occurs in password field
  then user cannot log in

8
/etc/shadow (continued)
9
/etc/shadow (continued)
10
/etc/group

• Each line represents a single group record
• Group name, password hash, GID, and the members
  of the group
• Shows secondary group memberships only
• In older versions of SUSE LINUX, group passwords
  are stored in /etc/gshadow

11
/etc/group (continued)
12
Check /etc/passwd and /etc/shadow

• Because user configuration is handled by two
  files (/etc/passwd and /etc/shadow), these files
  have to match each other
• However, discrepancies can occur

13
Check /etc/passwd and /etc/shadow (continued)
14
Convert Passwords to and from Shadow

• Convert Password to Shadow
• pwconv command converts the passwd file to the
  shadow file
• Replaces the password in /etc/passwd with x
• Password aging information is pulled from
  login.defs
• pwconv can also be used to add missing entries to
  the shadow file
• Convert Shadow to Password
• pwuconv moves passwords from /etc/shadow to
  /etc/passwd and password aging information is lost

15
Manage User Accounts and Groups from the
Command-Line

• In addition to the YaST modules users and groups,
  you can use the following commands to add,
  change, and delete users and groups
• useradd
• passwd
• usermod
• userdel
• groupadd, groupmod, and groupdel
• To prevent individual users from using system
  resources excessively, use the following command
• ulimit

16
useradd

• useradd options
• -m. /etc/skel/ used as a template for home
  directory
• -c. comment
• -g. GID or -g groupname
• -G. defines any supplementary groups
• -p. encrypted password (use mkpasswd first)
• -e. YYYY-MM-DD expiration date
• /etc/default/useradd
• GROUP1001
• HOME/home
• INACTIVE-1
• EXPIRE
• SHELL/bin/bash
• SKEL/etc/skel
• GROUPSaudio,dialout,uucp,video

17
passwd

• Use without arguments to change own password
• Other options
• -l to lock a user account (use -u to unlock)
• -S to list the status of a user account

18
passwd (continued)
19
passwd (continued)

• /etc/default/passwd
• In SLES 9, a different algorithm (like blowfish)
  configured in /etc/security/pam_unix2.conf takes
  precedence over the one in /etc/default/passwd
• DES supports passwords up to eight characters
  long
• MD5 and Blowfish support longer passwords

20
passwd (continued)

• The quickest way to create a new user from a
  command-line is to use useradd and passwd

21
usermod

• Used to modify information such as the UID, the
  standard shell, the home directory, and the
  primary group in an existing user account
• Its options are nearly the same as the options of
  the command useradd
• Examples
• Change the home directory
• usermod -d /newhome/tux -m tux
• Change the UID
• usermod -u 1504 tux

22
userdel

• Used to delete user accounts
• userdel tux
• Without options, it removes the user from
• /etc/passwd
• /etc/shadow
• /etc/group
• If /var/spool/cron/tabs/username exists, it is
  deleted
• Home directory is not deleted
• To delete the users home directory and the data
  it contains
• userdel -r tux

23
groupadd, groupmod, and groupdel

• groupadd group_name (next free GID is used)
• -g GID
• -p encrypted_password
• groupmod
• -g newGID
• -n new_group_name
• -A user (to add to group)
• groupdel group_name
• You can delete a group only if no user has this
  group assigned as a primary group

24
Exercise 7-1 Manage User Accounts

• In this exercise command-line tools are employed
  to manager user accounts
• Especially if there are many accounts to manage,
  the command-line tools usually get the job done
  faster than YaST
• However, usually you have to use more than one
  tool, whereas in YaST everything is within one or
  two dialog boxes

25
ulimit

• Prevents individual users from using system
  resources excessively at expense of other users
• ulimit -a
• Example

26
ulimit (continued)

• You can change the settings globally for the
  entire system
• By means of the file /etc/profile
• Contains preconfigured entries that you can
  customize according to your needs
• By way of the PAM configuration
• /etc/security/limits.conf enables user- or
  group-specific configuration
• Files in /etc/pam.d/ allow application-specific
  configuration

27
ulimit (continued)

• /etc/profile

28
ulimit (continued)
29
Exercise 7-2 Use ulimit

• The program ulimit is useful when there are
  several users on a machine and you want to
  prevent them from giving each other a hard time
  by using too many of the available resources
• In this exercise, you practice using ulimit

30
Manage File Permissions and Ownership

• The first 10 columns represent the following
• 1 File type
• 2-4 File permissions of the user who owns the
  file
• 5-7 File permissions of the owning group of the
  file
• 8-10 File permissions of others

31
Manage File Permissions and Ownership (continued)
32
Change the File Permissions with chmod
33
Change the File Permissions with chmod (continued)

• With the option -R and a specified directory, you
  can change the access permissions of all files
  and subdirectories under the specified directory
• If you have a certain set of permissions in mind
  that the file should have, the octal syntax is
  usually the most efficient

34
Change the File Permissions with chmod (continued)
35
Change the File Ownership with chown and chgrp

• User root can use chown and chgrp as follows
• chown new_user.new_group file
• chown new_user file
• chown .new_group file
• chgrp new_group file
• A normal user can modify ownership of a file
  he/she owns
• chown .new_group file
• chgrp new_group file
• The user can only change the group affiliation of
  the file that he owns if he is a member of the
  new group

36
Modify Default Access Permissions

• By default, files are created with the access
  mode 666 and directories with 777
• To modify these default access mode settings, use
  umask
• The permissions set in the umask are removed from
  the default permissions

37
Modify Default Access Permissions (continued)
38
Modify Default Access Permissions (continued)
39
Modify Default Access Permissions (continued)

• umask 077 restricts access to the owner and root
• To make umask setting permanent, change its value
  in /etc/profile
• To make the setting user-specific, enter the
  value of umask in the file .bashrc in the home
  directory of the respective user

40
Configure Special File Permissions
41
Configure Special File Permissions (continued)

• To set the sticky bit
• chmod ot /tmp
• chmod 1777 /tmp
• The sticky bit is listed in the permissions for
  others
• To set the SUID
• chmod us /usr/bin/passwd
• chmod 4755 /usr/bin/passwd
• To set the SGID
• chmod gs /usr/bin/wall
• chmod 2755 /usr/bin/wall

42
Exercise 7-3 Manage File Permissions and Ownership

• File permissions and ownership is a subject any
  user on a Linux system needs to understand
• For a system administrator, this understanding is
  of crucial importance, as faulty permissions can
  have serious impact on the system security
• In this exercise, you manage file permissions and
  ownership

43
Set up and Configure Disk Quotas
44
Set up and Configure Disk Quotas (continued)

• Disk quota support is included in the kernel in
  SLES 9
• You can implement disk quotas for partitions
  configured with the ext2, ext3, or ReiserFS file
  systems
• To set up and configure the disk quota service on
  your server, do the following tasks (in order)
• Prepare the File System
• Initialize the Quota System
• Configure and Manage User and Group Quotas
• Start and Activate the Quota Service

45
Prepare the File System

• When the system is started, the quotas for the
  file system must be activated
• Indicate for which file systems quotas are to be
  activated by configuring entries in /etc/fstab
• If you have configured /etc/fstab without
  rebooting your server, you need to remount the
  file systems
• mount -o remount /

46
Prepare the File System (continued)
47
Initialize the Quota System

• After remounting, initialize the quota system
• Use quotacheck (part of the package quota)
• Checks the partitions with quota keywords and
  stores the determined values in the files
  aquota.user and aquota.group
• For example, quotacheck -avug
• Use -m to force the check
• Assuming the quota entries exist for /, after
  running quotacheck the following files are
  created

48
Configure and Manage User and Group Quotas

• To configure soft/hard limits for blocks and
  inodes
• edquota -u user Set up user quotas
• edquota -g group Set up group quotas
• For example, edquota -u geeko
• To configure grace periods for blocks and inodes
• edquota -t

49
Configure and Manage User and Group Quotas
(continued)

• To copy user quotas
• edquota -p tux geeko
• To generate a quota report, use repquota
• For example, repquota -aug

50
Start and Activate the Quota Service

• To initialize quota system when system is booted
• insserv quota (innserv quotad for NFS)
• To start the quota system
• /etc/init.d/quota start
• To start or stop the quota system
• /usr/sbin/quotaon filesystem
• /usr/sbin/quotaoff filesystem
• Use option -a to activate/deactivate all
  automatically mounted file systems (except NFS)
  with quotas

51
Exercise 7-4 Set Up and Configure Disk Quotas

• Sooner or later the available storage space gets
  used up
• While not a cure all, quotas are a means to
  prevent single users from using up the space,
  leaving too little for others to work effectively
• The purpose of this exercise is to practice
  setting and managing disk quotas

52
Decide Which File System Format to Use

• Non-journaling file systems (e.g. Ext2, VFAT)
• In case of a system crash, the complete structure
  of the file system has to be checked to ensure
  integrity
• Journaling file systems (e.g. Ext3, ReiserFS,
  JFS, XFS)
• Treat file system operations as transactions
• Track changes to file system metadata or user
  data
• On system failure, file system is restored to
  consistent state by replaying the journal
• File system inspects only those portions of the
  metadata that have recently changed

53
Ext2

• Extended File System was integrated in Linux
  0.96c
• Ext2 became the most popular Linux FS for years
• It lost importance with the creation of
  journaling file systems and their short recovery
  times
• After a system outage when the FS was not cleanly
  unmounted, e2fsck starts to analyze the file
  system data
• Metadata is brought to consistent state, and
  non-allocated files or data blocks are written to
  a designated directory (lostfound)
• It analyzes the whole file system
• Takes longer than checking the log data of a
  journaling file system

54
Ext2 (continued)

• Not a good choice for servers that need to be
  highly available
• It is sometimes faster than other file systems
  (it does not maintain a journal and uses
  significantly less memory)

55
Ext3

• An Ext3 FS can be easily built on top of an Ext2
  FS
• Upgrades from Ext2 to Ext3 are easy
• Can be performed while Ext2 FSs are mounted
• Downgrading from Ext3 to Ext2 is very easy too
• Ext3 is designed to take care of metadata and
  data
• datajournal mode offers maximum security
• dataordered mode ensures data and metadata
  integrity, but uses journaling only for metadata
• datawriteback option allows data to be written
  into the main file system after its metadata has
  been committed to the journal

56
ReiserFS

• First journaling file system available for Linux
• Better disk space utilization
• Data is organized in a B tree
• Better space usage by dynamic inode allocation
• Keeps the file system more flexible
• Better disk access performance
• For small files, both file data and stat_data
  (inode) information are often stored next to each
  other
• Fast crash recovery
• Journal keeps track of recent metadata changes

57
JFS

• Developed by IBM for its AIX systems
• Tailored to suit needs of high throughput server
  environments where performance is a goal
• 64-bit file system supports large files and
  partitions
• Efficient journaling (metadata-only)
• Concurrent operations can be combined into one
  group commit
• Efficient directory organization
• Content of small directories stored directly in
  its inode
• For larger directories, it uses B trees
• Better space usage by dynamic inode allocation

58
XFS

• Originally intended as file system for SGIs IRIX
  OS
• High performance 64-bit journaling file system
• Good at manipulating large files and performs
  well on high-end hardware
• Takes a great deal of care with metadata
  integrity, but pays less attention to data
  integrity
• High scalability by using allocation groups
• High performance by efficient management of disk
  space (uses B trees and delayed allocation)
• Preallocation to avoid file system fragmentation

59
Manage Local Storage Devices and File Systems

• To manage local storage devices and file systems,
  for instance, when integrating an additional hard
  disk into the Linux system you need to understand
  how to
• Partition a Hard Disk with the fdisk Command
• Use File System Management Commands
• Use File System Mount Commands

60
Partition a Hard Disk with the fdisk Command

• Example fdisk /dev/hdb
• Max. four primary partitions can be set up on a
  HD
• If you need more partitions, declare one of these
  four as an extended partition

61
Partition a Hard Disk with the fdisk Command
(continued)
62
Use File System Management Commands

• mkfs Make file system
• Use -t option to indicate FS type (ext2 by
  default)
• Options for creating ext2 or ext3 file systems

63
Use File System Management Commands (continued)

• To create a Reiser file system, use mkreiserfs
• Other file system types, such as vfat and xfs are
  created similarily, using mkfs.vfat, mkfs.xfs,
  etc.

64
Use File System Management Commands (continued)
65
Use File System Management Commands (continued)

• fsck lets you check/repair file systems
• fsck filesystem
• It defaults to checking file systems in
  /etc/fstab
• -A walk through /etc/fstab and try to check all
  the file systems in one pass
• -N dont execute, just show what would be done

66
Use File System Management Commands (continued)
67
Use File System Management Commands (continued)

• Depending on the kind of errors found in the file
  system after a file system check, the rescue
  system might need to be used
• /sbin/e2fsck or /sbin/reiserfsck
• They check the file system for a correct
  superblock, faulty data blocks, or faulty
  allocation of data blocks
• For ext2 and ext3 file systems, view the location
  of all copies of the superblock using dumpe2fs
• Then, with e2fsck, you can copy one of the backup
  copies to the beginning of the file system
• For ReiserFS reiserfsck --fix-fixable
  --rebuild-tree

68
Use File System Mount Commands

• To mount a drive
• mount -t ext2 /dev/hdb1 /data
• If -t option isnt used, FS type is auto-detected
• Options include remount, rw/ro, sync/async,
  atime/noatime, nodev/dev, noexec/exec,
  nosuid/suid, auto/noauto, user/nouser, defaults
• umount /data
• Cannot unmount partitions in use
• fuser lists all processes accessing a
  file/directory
• umount -f lets you unmount file systems that the
  kernel thinks are busy

69
Use File System Mount Commands (continued)

• Use mount (without arguments) to view information
  stored in /etc/mtab, which is changed when a file
  system is mounted or unmounted
• For more accurate information, view /proc/mounts
• /etc/fstab specifies which device files are
  mounted to the file system, with which file
  system type and with which options, and when the
  system is booted
• subfs allows dynamic mounting of removable media

70
Execute RPM Package-Related Operations

• The software on the SLES 9 distribution is
  available in the form of RPM Package Manager
  (RPM) packages (extension .rpm)
• RPM packages to distribute software contain
• Executable programs, configuration files,
  documentation, information about the software
  (dependencies and shared libraries)
• Source RPMs have the extension .src.rpm
• Packages are installed if dependencies are
  fulfilled
• /var/lib/rpm

71
Use the rpm Command

• RPM is used to
• Build rpm packages from the source code
• Manage software packages on the host
• Options -I, -U, -F, -v, -h
• YaST ensures automatic resolution of dependencies

72
Use the rpm Command (continued)

• Use rpm -q to query the rpm database
• To remove software, use -e (rpm -e rsync)
• With --nodeps, removes a package needed by other
  packages
• Use -V to verify file integrity
• If some files have been damaged or modified, you
  could reinstall the package to correct the error
• To rebuild the rpm database, use rpm --rebuilddb
• /usr/lib/rpm/rpmrc global RPM configuration file
• When rpm is updated, all changes to this file are
  lost
• Modify configuration in /usr/lib/rpm/rpmrc or
  /.rpmrc

73
Use the rpm Command (continued)
74
Exercise 7-5 Execute RPM Package-Related
Operations

• The standard tool to install and remove software
  in SLES 9 is YaST
• YaST is a front end to the RPM package manager
  that is responsible for the actual installation
  of the software
• The purpose of this exercise is to show you how
  you can use RPM directly to install and remove
  software

75
Perform a Standard Software Build from Source

• Programs use more than one source code files
• It is difficult to compile a program with
  multiple source code files manually on the
  command-line
• In this objective, you learn how to do the
  following to perform a standard build process
• Use configure to Prepare the Build Process
• Use make to Compile the Source Code
• Use make install to Install the Compiled Program
• Install the Required Packages for a Build
  Environment

76
Use configure to Prepare the Build Process

• Before compiling a program, you must prepare the
  source code with a configure script
• Build process must be prepared for the
  environment
• Generate makefiles depending on environment
• Enable/disable certain features of an application
• At the top of the source directory ./configure
• To enable/disable features of an application, it
  takes additional arguments
• Use ./configure --help to list all available
  configure options

77
Use make to Compile the Source Code

• make searches directory for GNUMakefile,
  Makefile, or makefile
• Makefiles consists of targets, dependencies, and
  commands for the targets
• If executed without parameters, the first target
  is used

78
Use make install to Install the Compiled Program

• The last step when installing a program from
  source is to install the binary file and
  additional files belonging to the application
• This step is usually done with make and an
  install target in the corresponding makefile
• make install
• You must enter this as root at the top level of
  the source directory

79
Install the Required Packages for a Build
Environment
80
Understand and Configure a Boot Manager

• To configure a boot manager, you need to know the
  following
• What Is a Boot Manager?
• The Boot Manager GRUB
• The GRUB Shell
• The Boot Manager LILO
• The Boot Manager ELILO
• Additional Information

81
What Is a Boot Manager?

• The boot loader loads the operating system
  kernel, which then loads the system
• In SUSE LINUX, this task is handled by the boot
  manager GRUB or the boot manager LILO
• A boot manager can
• Boot various operating systems
• Specify parameters for the kernel
• The general structure of a boot manager is
• Stage 1 Usually installed in the MBR of HD
• Stage 2 Usually contains the actual boot
  manager the files of the boot manager are
  located in /boot/

82
The Boot Manager GRUB

• Standard boot manager in SLES 9
• Stage 2 includes file system drivers for
  ReiserFS, ext2, ext3, Minix, JFS, XFS, FAT, and
  FFS (BSD)
• Has a shell that enables its interactive control
• Configured by means of /boot/grub/menu.lst
• First, the general options such as the background
  color of the boot manager menu are listed
• This is followed by options for the various
  operating systems that can be booted with the
  boot manager
• /etc/grub.conf contains how/where the components
  are supposed to be installed

83
The GRUB Shell

• To start the GRUB shell during operation, enter
  grub as root
• Close shell by entering quit or pressing Ctrld
• To start the GRUB shell at the boot prompt, do
  the following
• In the graphical boot selection menu, press Esc
• You will be taken to a text-based menu.
• Start the GRUB shell (command-line) by pressing c

84
The Boot Manager LILO

• LILO stands for Linux Loader
• The LILO boot mechanism consists of
• The beginning of the code in a boot sector that
  activates the system boot
• The heart of the LILO code in /boot/boot-menu.b
• A map file (/boot/map) where LILO enters the
  location of Linux kernels and other data during
  its installation
• (Optional) The message file /boot/message
• Different Linux kernels and boot sectors

85
The Boot Manager LILO (continued)

• LILO is configured in the file /etc/lilo.conf
• When installing LILO, use YaST to configure it
• Settings take effect when you run lilo after
  changing /etc/lilo.conf
• /etc/lilo.conf starts with a global section
  followed by one or more system sections for each
  operating system LILO should start
• A new section is started by a line beginning with
  either image or other
• To update LILO, launch /sbin/lilo as root
• When the installation is completed, reboot system

86
The Boot Manager ELILO

• ELILO is a boot manager for EFI/IA-64 and
  EFI/IA-32 based platforms
• ELILO is configured by editing the file
  /etc/boot/elilo.conf
• The syntax is similar to the syntax of LILO

87
Additional Information

• Manual pages and info files
• info grub
• man grub
• man grub-install
• man grub-md5-crypt
• man lilo
• man 5 lilo.conf
• README files
• In the directory /usr/share/doc/packages/grub/
• In the directory /usr/share/doc/packages/lilo/
• On the Internet www.gnu.org/software/grub/

88
Summary

• User and password information is stored in the
  /etc/passwd file on older Linux systems
• Group information is stored in the /etc/group
  file on Linux systems
• You may use the useradd, usermod, and userdel
  commands to add, modify, and remove user accounts
  on your system, respectively
• You can change user account passwords using the
  passwd command
• You set system user limits for system resource
  usage by using ulimit

89
Summary (continued)

• Permissions can be set on the owner of a file,
  members of the group of the file, as well as
  everyone else on the system using chmod
• New files and directories receive default
  permissions from the system determined by the
  umask variable
• You can use disk quotas on a filesystem to
  restrict the number of files and directories that
  individual users can create as well as the amount
  of disk space users can occupy
• Different filesystems have different features

90
Summary (continued)

• Journaling filesystems maintain a transaction log
  used to track changes to files and check for
  errors
• Each filesystem contains a superblock that stores
  the structure of the filesystem, an inode section
  that contains file and directory information, and
  data blocks for file information
• Filesystems on a HD must reside in a partition
• The mount command may be used to mount
  filesystems to mount point directories using a
  variety of options

91
Summary (continued)

• Linux uses the /etc/fstab to automatically mount
  media as well as mount media at boot time
• Most software in SLES is in Red Hat Package
  Manager (RPM) format
• Alternatively, you can compile source code into a
  program
• A boot manager (also called a boot loader) is
  used to load the Linux kernel at system
  initialization