Title: Getting Started with Linux: Novells Guide to CompTIAs Linux Course 3060
1Getting Started with Linux Novells Guide to
CompTIAs Linux (Course 3060)
- Section 7
- Use the Command-Line Interface to Administer the
System
2Objectives
- Understand User and Group Configuration Files
- Manage User Accounts and Groups from the
Command-Line - Manage File Permissions and Ownership
- Set up and Configure Disk Quotas
3Objectives (continued)
- Decide Which File System Format to Use
- Manage Local Storage Devices and File Systems
- Execute RPM Package-Related Operations
- Perform a Standard Software Build from Source
- Understand and Configure a Boot Manager
4Understand User and Group Configuration Files
- Information on users and groups is kept in
- /etc/passwd
- /etc/shadow
- /etc/group
- You should not modify these files with an editor
- Use YaST or the appropriate command-line tools
- Modifying these files with an editor can lead to
errors - To ensure consistency, you should be able to
- Check /etc/passwd and /etc/shadow
- Convert Passwords to and from Shadow
5/etc/passwd
6/etc/passwd (continued)
- UID
- 099 for the system itself
- 100499 for special system users (such as
services and programs) - On SLES 9, normal users start from UID 1000
7/etc/shadow
- Only root can modify it
- Root and members of the group shadow can read it
- Contains encrypted (hashed) passwords
- Coded with crypt 13 characters long
- If an invalid character occurs in password field
then user cannot log in
8/etc/shadow (continued)
9/etc/shadow (continued)
10/etc/group
- Each line represents a single group record
- Group name, password hash, GID, and the members
of the group - Shows secondary group memberships only
- In older versions of SUSE LINUX, group passwords
are stored in /etc/gshadow
11/etc/group (continued)
12Check /etc/passwd and /etc/shadow
- Because user configuration is handled by two
files (/etc/passwd and /etc/shadow), these files
have to match each other - However, discrepancies can occur
13Check /etc/passwd and /etc/shadow (continued)
14Convert Passwords to and from Shadow
- Convert Password to Shadow
- pwconv command converts the passwd file to the
shadow file - Replaces the password in /etc/passwd with x
- Password aging information is pulled from
login.defs - pwconv can also be used to add missing entries to
the shadow file - Convert Shadow to Password
- pwuconv moves passwords from /etc/shadow to
/etc/passwd and password aging information is lost
15Manage User Accounts and Groups from the
Command-Line
- In addition to the YaST modules users and groups,
you can use the following commands to add,
change, and delete users and groups - useradd
- passwd
- usermod
- userdel
- groupadd, groupmod, and groupdel
- To prevent individual users from using system
resources excessively, use the following command - ulimit
16useradd
- useradd options
- -m. /etc/skel/ used as a template for home
directory - -c. comment
- -g. GID or -g groupname
- -G. defines any supplementary groups
- -p. encrypted password (use mkpasswd first)
- -e. YYYY-MM-DD expiration date
- /etc/default/useradd
- GROUP1001
- HOME/home
- INACTIVE-1
- EXPIRE
- SHELL/bin/bash
- SKEL/etc/skel
- GROUPSaudio,dialout,uucp,video
17passwd
- Use without arguments to change own password
- Other options
- -l to lock a user account (use -u to unlock)
- -S to list the status of a user account
18passwd (continued)
19passwd (continued)
- /etc/default/passwd
- In SLES 9, a different algorithm (like blowfish)
configured in /etc/security/pam_unix2.conf takes
precedence over the one in /etc/default/passwd - DES supports passwords up to eight characters
long - MD5 and Blowfish support longer passwords
20passwd (continued)
- The quickest way to create a new user from a
command-line is to use useradd and passwd
21usermod
- Used to modify information such as the UID, the
standard shell, the home directory, and the
primary group in an existing user account - Its options are nearly the same as the options of
the command useradd - Examples
- Change the home directory
- usermod -d /newhome/tux -m tux
- Change the UID
- usermod -u 1504 tux
22userdel
- Used to delete user accounts
- userdel tux
- Without options, it removes the user from
- /etc/passwd
- /etc/shadow
- /etc/group
- If /var/spool/cron/tabs/username exists, it is
deleted - Home directory is not deleted
- To delete the users home directory and the data
it contains - userdel -r tux
23groupadd, groupmod, and groupdel
- groupadd group_name (next free GID is used)
- -g GID
- -p encrypted_password
- groupmod
- -g newGID
- -n new_group_name
- -A user (to add to group)
- groupdel group_name
- You can delete a group only if no user has this
group assigned as a primary group
24Exercise 7-1 Manage User Accounts
- In this exercise command-line tools are employed
to manager user accounts - Especially if there are many accounts to manage,
the command-line tools usually get the job done
faster than YaST - However, usually you have to use more than one
tool, whereas in YaST everything is within one or
two dialog boxes
25ulimit
- Prevents individual users from using system
resources excessively at expense of other users - ulimit -a
- Example
26ulimit (continued)
- You can change the settings globally for the
entire system - By means of the file /etc/profile
- Contains preconfigured entries that you can
customize according to your needs - By way of the PAM configuration
- /etc/security/limits.conf enables user- or
group-specific configuration - Files in /etc/pam.d/ allow application-specific
configuration
27ulimit (continued)
28ulimit (continued)
29Exercise 7-2 Use ulimit
- The program ulimit is useful when there are
several users on a machine and you want to
prevent them from giving each other a hard time
by using too many of the available resources - In this exercise, you practice using ulimit
30Manage File Permissions and Ownership
- The first 10 columns represent the following
- 1 File type
- 2-4 File permissions of the user who owns the
file - 5-7 File permissions of the owning group of the
file - 8-10 File permissions of others
31Manage File Permissions and Ownership (continued)
32Change the File Permissions with chmod
33Change the File Permissions with chmod (continued)
- With the option -R and a specified directory, you
can change the access permissions of all files
and subdirectories under the specified directory - If you have a certain set of permissions in mind
that the file should have, the octal syntax is
usually the most efficient
34Change the File Permissions with chmod (continued)
35Change the File Ownership with chown and chgrp
- User root can use chown and chgrp as follows
- chown new_user.new_group file
- chown new_user file
- chown .new_group file
- chgrp new_group file
- A normal user can modify ownership of a file
he/she owns - chown .new_group file
- chgrp new_group file
- The user can only change the group affiliation of
the file that he owns if he is a member of the
new group
36Modify Default Access Permissions
- By default, files are created with the access
mode 666 and directories with 777 - To modify these default access mode settings, use
umask - The permissions set in the umask are removed from
the default permissions
37Modify Default Access Permissions (continued)
38Modify Default Access Permissions (continued)
39Modify Default Access Permissions (continued)
- umask 077 restricts access to the owner and root
- To make umask setting permanent, change its value
in /etc/profile - To make the setting user-specific, enter the
value of umask in the file .bashrc in the home
directory of the respective user
40Configure Special File Permissions
41Configure Special File Permissions (continued)
- To set the sticky bit
- chmod ot /tmp
- chmod 1777 /tmp
- The sticky bit is listed in the permissions for
others - To set the SUID
- chmod us /usr/bin/passwd
- chmod 4755 /usr/bin/passwd
- To set the SGID
- chmod gs /usr/bin/wall
- chmod 2755 /usr/bin/wall
42Exercise 7-3 Manage File Permissions and Ownership
- File permissions and ownership is a subject any
user on a Linux system needs to understand - For a system administrator, this understanding is
of crucial importance, as faulty permissions can
have serious impact on the system security - In this exercise, you manage file permissions and
ownership
43Set up and Configure Disk Quotas
44Set up and Configure Disk Quotas (continued)
- Disk quota support is included in the kernel in
SLES 9 - You can implement disk quotas for partitions
configured with the ext2, ext3, or ReiserFS file
systems - To set up and configure the disk quota service on
your server, do the following tasks (in order) - Prepare the File System
- Initialize the Quota System
- Configure and Manage User and Group Quotas
- Start and Activate the Quota Service
45Prepare the File System
- When the system is started, the quotas for the
file system must be activated - Indicate for which file systems quotas are to be
activated by configuring entries in /etc/fstab - If you have configured /etc/fstab without
rebooting your server, you need to remount the
file systems - mount -o remount /
46Prepare the File System (continued)
47Initialize the Quota System
- After remounting, initialize the quota system
- Use quotacheck (part of the package quota)
- Checks the partitions with quota keywords and
stores the determined values in the files
aquota.user and aquota.group - For example, quotacheck -avug
- Use -m to force the check
- Assuming the quota entries exist for /, after
running quotacheck the following files are
created
48Configure and Manage User and Group Quotas
- To configure soft/hard limits for blocks and
inodes - edquota -u user Set up user quotas
- edquota -g group Set up group quotas
- For example, edquota -u geeko
- To configure grace periods for blocks and inodes
- edquota -t
49Configure and Manage User and Group Quotas
(continued)
- To copy user quotas
- edquota -p tux geeko
- To generate a quota report, use repquota
- For example, repquota -aug
50Start and Activate the Quota Service
- To initialize quota system when system is booted
- insserv quota (innserv quotad for NFS)
- To start the quota system
- /etc/init.d/quota start
- To start or stop the quota system
- /usr/sbin/quotaon filesystem
- /usr/sbin/quotaoff filesystem
- Use option -a to activate/deactivate all
automatically mounted file systems (except NFS)
with quotas
51Exercise 7-4 Set Up and Configure Disk Quotas
- Sooner or later the available storage space gets
used up - While not a cure all, quotas are a means to
prevent single users from using up the space,
leaving too little for others to work effectively - The purpose of this exercise is to practice
setting and managing disk quotas
52Decide Which File System Format to Use
- Non-journaling file systems (e.g. Ext2, VFAT)
- In case of a system crash, the complete structure
of the file system has to be checked to ensure
integrity - Journaling file systems (e.g. Ext3, ReiserFS,
JFS, XFS) - Treat file system operations as transactions
- Track changes to file system metadata or user
data - On system failure, file system is restored to
consistent state by replaying the journal - File system inspects only those portions of the
metadata that have recently changed
53Ext2
- Extended File System was integrated in Linux
0.96c - Ext2 became the most popular Linux FS for years
- It lost importance with the creation of
journaling file systems and their short recovery
times - After a system outage when the FS was not cleanly
unmounted, e2fsck starts to analyze the file
system data - Metadata is brought to consistent state, and
non-allocated files or data blocks are written to
a designated directory (lostfound) - It analyzes the whole file system
- Takes longer than checking the log data of a
journaling file system
54Ext2 (continued)
- Not a good choice for servers that need to be
highly available - It is sometimes faster than other file systems
(it does not maintain a journal and uses
significantly less memory)
55Ext3
- An Ext3 FS can be easily built on top of an Ext2
FS - Upgrades from Ext2 to Ext3 are easy
- Can be performed while Ext2 FSs are mounted
- Downgrading from Ext3 to Ext2 is very easy too
- Ext3 is designed to take care of metadata and
data - datajournal mode offers maximum security
- dataordered mode ensures data and metadata
integrity, but uses journaling only for metadata - datawriteback option allows data to be written
into the main file system after its metadata has
been committed to the journal
56ReiserFS
- First journaling file system available for Linux
- Better disk space utilization
- Data is organized in a B tree
- Better space usage by dynamic inode allocation
- Keeps the file system more flexible
- Better disk access performance
- For small files, both file data and stat_data
(inode) information are often stored next to each
other - Fast crash recovery
- Journal keeps track of recent metadata changes
57JFS
- Developed by IBM for its AIX systems
- Tailored to suit needs of high throughput server
environments where performance is a goal - 64-bit file system supports large files and
partitions - Efficient journaling (metadata-only)
- Concurrent operations can be combined into one
group commit - Efficient directory organization
- Content of small directories stored directly in
its inode - For larger directories, it uses B trees
- Better space usage by dynamic inode allocation
58XFS
- Originally intended as file system for SGIs IRIX
OS - High performance 64-bit journaling file system
- Good at manipulating large files and performs
well on high-end hardware - Takes a great deal of care with metadata
integrity, but pays less attention to data
integrity - High scalability by using allocation groups
- High performance by efficient management of disk
space (uses B trees and delayed allocation) - Preallocation to avoid file system fragmentation
59Manage Local Storage Devices and File Systems
- To manage local storage devices and file systems,
for instance, when integrating an additional hard
disk into the Linux system you need to understand
how to - Partition a Hard Disk with the fdisk Command
- Use File System Management Commands
- Use File System Mount Commands
60Partition a Hard Disk with the fdisk Command
- Example fdisk /dev/hdb
- Max. four primary partitions can be set up on a
HD - If you need more partitions, declare one of these
four as an extended partition
61Partition a Hard Disk with the fdisk Command
(continued)
62Use File System Management Commands
- mkfs Make file system
- Use -t option to indicate FS type (ext2 by
default) - Options for creating ext2 or ext3 file systems
63Use File System Management Commands (continued)
- To create a Reiser file system, use mkreiserfs
- Other file system types, such as vfat and xfs are
created similarily, using mkfs.vfat, mkfs.xfs,
etc.
64Use File System Management Commands (continued)
65Use File System Management Commands (continued)
- fsck lets you check/repair file systems
- fsck filesystem
- It defaults to checking file systems in
/etc/fstab - -A walk through /etc/fstab and try to check all
the file systems in one pass - -N dont execute, just show what would be done
66Use File System Management Commands (continued)
67Use File System Management Commands (continued)
- Depending on the kind of errors found in the file
system after a file system check, the rescue
system might need to be used - /sbin/e2fsck or /sbin/reiserfsck
- They check the file system for a correct
superblock, faulty data blocks, or faulty
allocation of data blocks - For ext2 and ext3 file systems, view the location
of all copies of the superblock using dumpe2fs - Then, with e2fsck, you can copy one of the backup
copies to the beginning of the file system - For ReiserFS reiserfsck --fix-fixable
--rebuild-tree
68Use File System Mount Commands
- To mount a drive
- mount -t ext2 /dev/hdb1 /data
- If -t option isnt used, FS type is auto-detected
- Options include remount, rw/ro, sync/async,
atime/noatime, nodev/dev, noexec/exec,
nosuid/suid, auto/noauto, user/nouser, defaults - umount /data
- Cannot unmount partitions in use
- fuser lists all processes accessing a
file/directory - umount -f lets you unmount file systems that the
kernel thinks are busy
69Use File System Mount Commands (continued)
- Use mount (without arguments) to view information
stored in /etc/mtab, which is changed when a file
system is mounted or unmounted - For more accurate information, view /proc/mounts
- /etc/fstab specifies which device files are
mounted to the file system, with which file
system type and with which options, and when the
system is booted - subfs allows dynamic mounting of removable media
70Execute RPM Package-Related Operations
- The software on the SLES 9 distribution is
available in the form of RPM Package Manager
(RPM) packages (extension .rpm) - RPM packages to distribute software contain
- Executable programs, configuration files,
documentation, information about the software
(dependencies and shared libraries) - Source RPMs have the extension .src.rpm
- Packages are installed if dependencies are
fulfilled - /var/lib/rpm
71Use the rpm Command
- RPM is used to
- Build rpm packages from the source code
- Manage software packages on the host
- Options -I, -U, -F, -v, -h
- YaST ensures automatic resolution of dependencies
72Use the rpm Command (continued)
- Use rpm -q to query the rpm database
- To remove software, use -e (rpm -e rsync)
- With --nodeps, removes a package needed by other
packages - Use -V to verify file integrity
- If some files have been damaged or modified, you
could reinstall the package to correct the error - To rebuild the rpm database, use rpm --rebuilddb
- /usr/lib/rpm/rpmrc global RPM configuration file
- When rpm is updated, all changes to this file are
lost - Modify configuration in /usr/lib/rpm/rpmrc or
/.rpmrc
73Use the rpm Command (continued)
74Exercise 7-5 Execute RPM Package-Related
Operations
- The standard tool to install and remove software
in SLES 9 is YaST - YaST is a front end to the RPM package manager
that is responsible for the actual installation
of the software - The purpose of this exercise is to show you how
you can use RPM directly to install and remove
software
75Perform a Standard Software Build from Source
- Programs use more than one source code files
- It is difficult to compile a program with
multiple source code files manually on the
command-line - In this objective, you learn how to do the
following to perform a standard build process - Use configure to Prepare the Build Process
- Use make to Compile the Source Code
- Use make install to Install the Compiled Program
- Install the Required Packages for a Build
Environment
76Use configure to Prepare the Build Process
- Before compiling a program, you must prepare the
source code with a configure script - Build process must be prepared for the
environment - Generate makefiles depending on environment
- Enable/disable certain features of an application
- At the top of the source directory ./configure
- To enable/disable features of an application, it
takes additional arguments - Use ./configure --help to list all available
configure options
77Use make to Compile the Source Code
- make searches directory for GNUMakefile,
Makefile, or makefile - Makefiles consists of targets, dependencies, and
commands for the targets - If executed without parameters, the first target
is used
78Use make install to Install the Compiled Program
- The last step when installing a program from
source is to install the binary file and
additional files belonging to the application - This step is usually done with make and an
install target in the corresponding makefile - make install
- You must enter this as root at the top level of
the source directory
79Install the Required Packages for a Build
Environment
80Understand and Configure a Boot Manager
- To configure a boot manager, you need to know the
following - What Is a Boot Manager?
- The Boot Manager GRUB
- The GRUB Shell
- The Boot Manager LILO
- The Boot Manager ELILO
- Additional Information
81What Is a Boot Manager?
- The boot loader loads the operating system
kernel, which then loads the system - In SUSE LINUX, this task is handled by the boot
manager GRUB or the boot manager LILO - A boot manager can
- Boot various operating systems
- Specify parameters for the kernel
- The general structure of a boot manager is
- Stage 1 Usually installed in the MBR of HD
- Stage 2 Usually contains the actual boot
manager the files of the boot manager are
located in /boot/
82The Boot Manager GRUB
- Standard boot manager in SLES 9
- Stage 2 includes file system drivers for
ReiserFS, ext2, ext3, Minix, JFS, XFS, FAT, and
FFS (BSD) - Has a shell that enables its interactive control
- Configured by means of /boot/grub/menu.lst
- First, the general options such as the background
color of the boot manager menu are listed - This is followed by options for the various
operating systems that can be booted with the
boot manager - /etc/grub.conf contains how/where the components
are supposed to be installed
83The GRUB Shell
- To start the GRUB shell during operation, enter
grub as root - Close shell by entering quit or pressing Ctrld
- To start the GRUB shell at the boot prompt, do
the following - In the graphical boot selection menu, press Esc
- You will be taken to a text-based menu.
- Start the GRUB shell (command-line) by pressing c
84The Boot Manager LILO
- LILO stands for Linux Loader
- The LILO boot mechanism consists of
- The beginning of the code in a boot sector that
activates the system boot - The heart of the LILO code in /boot/boot-menu.b
- A map file (/boot/map) where LILO enters the
location of Linux kernels and other data during
its installation - (Optional) The message file /boot/message
- Different Linux kernels and boot sectors
85The Boot Manager LILO (continued)
- LILO is configured in the file /etc/lilo.conf
- When installing LILO, use YaST to configure it
- Settings take effect when you run lilo after
changing /etc/lilo.conf - /etc/lilo.conf starts with a global section
followed by one or more system sections for each
operating system LILO should start - A new section is started by a line beginning with
either image or other - To update LILO, launch /sbin/lilo as root
- When the installation is completed, reboot system
86The Boot Manager ELILO
- ELILO is a boot manager for EFI/IA-64 and
EFI/IA-32 based platforms - ELILO is configured by editing the file
/etc/boot/elilo.conf - The syntax is similar to the syntax of LILO
87Additional Information
- Manual pages and info files
- info grub
- man grub
- man grub-install
- man grub-md5-crypt
- man lilo
- man 5 lilo.conf
- README files
- In the directory /usr/share/doc/packages/grub/
- In the directory /usr/share/doc/packages/lilo/
- On the Internet www.gnu.org/software/grub/
88Summary
- User and password information is stored in the
/etc/passwd file on older Linux systems - Group information is stored in the /etc/group
file on Linux systems - You may use the useradd, usermod, and userdel
commands to add, modify, and remove user accounts
on your system, respectively - You can change user account passwords using the
passwd command - You set system user limits for system resource
usage by using ulimit
89Summary (continued)
- Permissions can be set on the owner of a file,
members of the group of the file, as well as
everyone else on the system using chmod - New files and directories receive default
permissions from the system determined by the
umask variable - You can use disk quotas on a filesystem to
restrict the number of files and directories that
individual users can create as well as the amount
of disk space users can occupy - Different filesystems have different features
90Summary (continued)
- Journaling filesystems maintain a transaction log
used to track changes to files and check for
errors - Each filesystem contains a superblock that stores
the structure of the filesystem, an inode section
that contains file and directory information, and
data blocks for file information - Filesystems on a HD must reside in a partition
- The mount command may be used to mount
filesystems to mount point directories using a
variety of options
91Summary (continued)
- Linux uses the /etc/fstab to automatically mount
media as well as mount media at boot time - Most software in SLES is in Red Hat Package
Manager (RPM) format - Alternatively, you can compile source code into a
program - A boot manager (also called a boot loader) is
used to load the Linux kernel at system
initialization