Transcript The Linux System Administration Guide (Chapters 1-6)

Secure System Administration & Certification
The Linux System Administrator’s Guide (Ch. 1-6)
Jerry Dawkins (Project Leader)
Stephen I. Khan
Michael Oglesby
University of Tulsa
Department of Mathematical & Computer Sciences
CS 5493/7493 Secure System Administration & Certification
Dr. Mauricio Papa
Secure System Administration & Certification
The Linux System Administrator’s Guide (Ch. 1-6)
Jerry Dawkins (Project Leader)
Stephen I. Khan
Michael Oglesby
University of Tulsa
Department of Mathematical & Computer Sciences
CS 5493/7493 Secure System Administration & Certification
Dr. Mauricio Papa
Chapter 1. Introduction
1.
The guide…
- describes the system administration aspects of using Linux.
- is intended for people who know “next to nothing” about system
administration.
- doesn’t tell you how to install Linux.
- is not targeted at any one given distribution.
- is not as good as it would be if a “wizard” had been paid “handsomely” to
write it.
2. system administration: covers all things that you have to do to keep a
computer system in usable order (includes items like backups, program
installations and creating user accounts).
3. A system administrator is “just a user with special privileges and duties”.
4. Get familiar with the manual pages (man pages).
Chapter 2. About This Book
2.1 Acknowledgements
2.1.1 Joanna’s Acknowledgements
• Joanna Oja  [email protected]
• Joanna would “really like to hear from you” regarding ideas on how to make the
guide “better”; i.e., bad language, factual errors, new ares to cover, etc.
2.1.2 Stephen’s Acknowledgements
• Stephen Stafford  [email protected]
• Stephen claims that there are likely to be “some minor inaccuracies” and
sections that may be “out of date”. He invites everyone to email him with these
corrections @ [email protected].
2.2. Typographical Conventions
• Filenames  /usr/share/doc/foo
• Command names  fsck
• Email addresses  <[email protected]>
• ULRs  http://www.linuxdoc.org
Chapter 3. Overview Of A Linux System
3.1. Various Parts Of An Operating System
1. kernel: Keeps track of files on the disk, starts programs and runs them
concurrently, assigns memory and other resources to various processes,
processes network packets, provides tools with which all services can be built,
prevents anyone from accessing the hardware directly, etc.
2. system programs: Use the tools provided by the kernel to implement the
various services required from an operating system, run `on top of the kernel‘
(user mode) and needed to get the system working.
3. application programs: intended for getting useful things done (or for playing,
if it happens to be a game).
4. An operating system can also contain compilers and their corresponding
libraries (i.e., the C/C++ libraries), documentation and sometimes even games.
Traditionally, the operating system has been defined by the contents of the
installation media; with Linux “it is not as clear since it is spread all over the FTP
sites of the world” (many different distributions).
Chapter 3. Overview of a Linux System (cont…)
3.2. Important Parts Of The Kernel
1. The Linux kernel consists of several important parts: process management,
memory management, hardware device drivers, file system drivers, network
management, etc.
2. memory management: takes care of assigning memory areas and swap
space areas to processes, parts of the kernel, and for the buffer cache.
3. process management: creates processes and implements multitasking by
switching the active process on the processor.
4. At the lowest level, the kernel contains a hardware device driver for each kind
of hardware it supports.
5. Class abstraction is useful, as the services the kernel provides have similar
properties; i.e., the various network protocols using a single prgramming interface
- the BSD socket library. Another example is the virtual file system (VFS) layer
that abstracts the file system operations away from their implementation.
Figure 3-1. Some of the more important parts of the Linux kernel.
Chapter 3. Overview of a Linux System (cont…)
3.3. Major Services In A UNIX System
3.3.1. INIT
1. The single most important service in a UNIX system is provided by init.
2. init is started as the first process of every UNIX system (last thing the kernel
does when it boots).
3. When init starts, it continues the boot process by doing various startup chores
(checking and mounting file systems, starting daemons, etc. – depending on the
distribution).
4. init provides the concept of single user mode and multi-user mode. Some
distributions generalize this as run levels (i.e., single and multi-user modes are
considered to be two run levels – the contents of /etc/inittab usually provides
hints of the predefined run levels).
5. init ensures getty is working (to allow users to log in), and will adopt orphan
processes.
6. When the system is shut down, init is in charge of killing all other processes,
unmounting all file systems, stopping the processor, along with anything else it
has been configured to do.
Chapter 3. Overview of a Linux System (cont…)
3.2.2. Logins From Terminals
1. The getty program provides the capability to login from terminals (via serial
lines) and the console (when not running X).
2. init starts a separate instance of getty for each terminal login, reads the
username and runs the login program. login runs the shell if the login credentials
are correct. init detects shell termination (i.e., user logout, bad password, etc.)
and starts a new instance of getty.
3. The kernel has no notion of logins, this is all handled by the system
programs.
3.3.3. SYSLOG
1. syslog is a program that writes errors, warnings and other messages
produced by the kernel or other system programs to a file.
2. It can be configured to sort the messages to different files according to degree
of importance (i.e., kernel messages are typically the most important).
Chapter 3. Overview of a Linux System (cont…)
3.3.4. Periodic Command Execution: CRON and AT
1. The cron service is used to run commands periodically. Typically used for
maintenance; i.e., cleaning up files in /tmp and /var/tmp.
2. The at service is similar to cron, but the command is executed at the given
time, but it is not repeated.
3.3.5. Graphical User Interface
1. Not incorporated into the kernel.
2. Implemented by user level programs.
3. Makes the system more flexible, but has the disadvantage of making the
system harder to learn since it is simple to implement a different user interface for
each program.
4. The graphical environment primarily used with Linux is called the X Window
System.
Chapter 3. Overview of a Linux System (cont…)
3.3.6. Networking
1. networking: act of connecting two or more computers so that they can
communicate with each other.
2. Some basic network services: access to centralized file systems, printing,
backups, etc.
3. Lower costs and better fault tolerance in available due to centralized
administration.
3.3.7. Network Logins
1. For each person logging in via the network, there is a separate virtual network
connection, and there can be X number of these.
2. Some different ways to log in via a network - telnet and rlogin being the major
ones in TCP/IP networks.
3. Instead of a herd of gettys, there is a single daemon that listens for all
incoming login attempts for each remote login mechanism. The separate
daemons start a new instance of themselves to handle a single login attempt
while the original instance continues to listen for other attempts.
Chapter 3. Overview of a Linux System (cont…)
3.3.8. Network File Systems
1. One of the more useful things that can be done with networking services is
sharing files via a network file system [i.e., Network File System (NFS developed by Sun].
2. Another popular way of sharing files is Samba http://www.samba.org.
3.3.9. Mail
1. The delivery of mail to local or remote mailboxes is done by one program (the
mail transfer agent (MTA), i.e., sendmail or smail).
2. The mail user agents (MUA) (programs users use) are many and varied, i.e.,
pine, mutt or elm).
3. The mailboxes are usually stored in /var/spool/mail.
3.3.10. Printing
1. The printer is managed by software that implements a print queue.
2. This relieves the users from fighting over control of the printer.
3. The print queue software also spools the printouts on disk.
Chapter 3. Overview of a Linux System (cont…)
3.3.11. The File System Layout
1. The file system is divided into many parts; usually along the lines of a root file
system (/) with /bin, /lib, /etc, /dev, /usr (programs and unchanging data), /var
[changing data (such as log files)], /home (personal files), etc.
2. The layout depends on the hardware configuration and the decisions of the
system administrator.
Chapter 4. Overview of the Directory Tree
4.1. Background
1. Linux directory tree is based on the File System Hierarchy Standard (FHS standard for how the directory tree in a Linux system is organized)
2. Not all Linux distributions follow this standard “slavishly”.
3. The full directory tree is intended to be breakable into smaller parts, each
capable of being on its own disk or partition, to accommodate to disk size limits
and to ease backup and other system administration tasks.
4. Major parts…
- The root file system contains the files that are necessary for booting
the system up and to bring it up to such a state that the other file
systems may be mounted.
- The /usr file system contains all commands, libraries, manual pages,
and other unchanging files needed during normal operation.
- The /var file system contains files that change, such as spool
directories, log files, formatted manual pages, and temporary files.
- The /home file system contains the users' home directories, i.e., all
the real data on the system.
Chapter 4. Overview of the Directory Tree (cont…)
4.2. The Root File System
1. The root file system should generally be small since it contains very critical
files. A small, infrequently modified file system has a better chance of not getting
corrupted. Some common items in the root file system:
- /bin : contains files needed during the boot process.
- /root : home directory for user root.
- /lib : shared libraries needed by the programs on the root file system.
- /tmp : temporary files.
- /mnt : mount point for temporary mounts by the system administrator.
4.3. The /etc Directory
1. The /etc directory contains “a lot of files” including many network configuration
files. Some common subdirectories in the /etc directory:
- /etc/passwd, /etc/shadow : the user database containing the
username, real name, home directory, encrypted password, and other
information about each user.
- /etc/inittab : Configuration file for init.
Chapter 4. Overview of the Directory Tree (cont…)
4.3. The /etc Directory (cont…)
- /etc/fstab : lists the file systems mounted automatically at startup.
- /etc/group : similar to /etc/passwd (describes groups).
- /etc/motd : the message of the day, automatically output after a
successful login.
- /etc/mtab : list of currently mounted file systems.
- /etc/profile, /etc/csh.login, /etc/csh.cshrc : files executed at login or
startup time by the Bourne or C shells.
- /etc/shells : lists trusted shells.
4.4. The /dev Directory
1. The /dev directory contains the special device files for all the devices. The
/dev/MAKEDEV script can be used to create device files not created during
original installation. The /dev/MAKEDEV.local file is a script used to create localonly device files or links [i.e. those that are not part of the standard MAKEDEV
(like non-standard device drivers)].
Chapter 4. Overview of the Directory Tree (cont…)
4.5. The /usr File System
1. The /usr file system is often large, since all programs are installed there. All
files in /usr usually come from a Linux distribution. This makes it possible to
update the system from a new version of the distribution, or even a completely
new distribution, without having to install all programs again. Some common
items in the /usr file system:
- /usr/X11R6 : the X Window System, all files.
- /usr/bin : almost all user commands (some commands are in /bin or in
/usr/local/bin).
- /usr/lib : unchanging data files for programs and subsystems.
- /usr/local : the place for locally installed software and other files.
Chapter 4. Overview of the Directory Tree (cont…)
4.6. The /var File System
1. The /var file system contains data that is changed when the system is running
normally. It is specific for each system, i.e., not shared over the network with
other computers. Some common items in the /var file system:
- /var/games : variable data belonging to games.
- /var/lock : lock files.
- /var/log : log files from various programs [i.e., login and logouts
(/var/log/wtmp) and syslog (/var/log/messages)].
- /var/mail : this is the FHS approved location for user mailbox files
(could be in /var/spool/mail).
- /var/spool : directories for news, printer queues, and other queued
work.
Chapter 4. Overview of the Directory Tree (cont…)
4.7. The /proc File System
• The /proc file system does not exist on a disk - it is located in memory. It is
used to provide information about the system. Some common items in the /proc
file system:
- /proc/cpuinfo : information about the processor.
- /proc/devices : list of device drivers currently running.
- /proc/filesystems : file systems configured into the kernel.
- /proc/ioports : which I/O ports are in use at the moment.
- /proc/kcore : an image of the physical memory of the system.
- /proc/meminfo : information about memory usage.
- /proc/net : status information about network protocols.
- /proc/uptime : the time the system has been up.
- /proc/version : the kernel version.
Chapter 5. Device Files
• All devices are accessed as if they were files, including reading and writing.
• The complete list of devices is available in
usr/src/linux/Documentation/devices.txt.
5.1. The MAKEDEV Script
• The MAKEDEV script is used to create the device file. Most times the
device file will already be created and ready for use after installing Linux.
• #/dev/MAKEDEV –v [device name]
5.2. The MAKNOD Command
• Use mknod if MAKEDEV does not know how to create the device.
(more work)
• #mknod /dev/ttys0 c 4 64
#chown root.dialout /dev/ttys0
#chmod 0644 /dev/ttys0
Chapter 5. Device Files (cont…)
5.3. Device List
•
•
•
•
/dev/fd0
The first floppy drive
/dev/hda
Master IDE drive on the primary
channel
/dev/lp0
Parallel printer
/dev/zero
Zero character generator
•
•
•
•
/dev/loop0
Loopback device
/dev/null
Bit-bucket
/dev/psaux
PS/2 mouse port
/dev/dsp
Digital Signal Processor
Chapter 6. Using Disks and Other Storage Media
• Format your disk. This does various things to prepare it for use, such as
checking for bad sectors. (Formatting is nowadays not necessary for most
hard disks.)
• Partition a hard disk, if you want to use it for several activities that aren't
supposed to interfere with one another. One reason for partitioning is to
store different operating systems on the same disk. Another reason is to
keep user files separate from system files, which simplifies back-ups and
helps protect the system files from corruption.
• Make a file system (of a suitable type) on each disk or partition. The disk
means nothing to Linux until you make a file system; then files can be
created and accessed on it.
• Mount different file systems to form a single tree structure, either
automatically, or manually as needed.
Chapter 6. Using Disks and Other Storage Media (cont…)
6.2. Hard Disks
•
•
•
•
•
•
Consists of one or more platters of which either or both surfaces are
coated with a magnetic substances.
Surfaces are divided into concentric rings called tracks.
Tracks are divided into sectors.
Typical sector holds 512 bytes of data.
A sector is the smallest file size. Cannot split across files.
Read/Write head rides a cushion of air.
Figure 6-1. A schematic picture of a hard disk.
Chapter 6. Using Disks and Other Storage Media (cont…)
6.3. Floppies
•
•
•
Similar to a hard disk
Platter, sectors, tracks, read/write access
Difference
Read/write head touches disk, smaller
different size disks read by the same
drive
setfdprm (modify floppy drive parameters)
6.4. CD-ROMs
• Optical read plastic coated disk. Data is encoded in small holes along a
spiral from the center to the outer edge.
• Most common file system for CD-ROMs is ISO 9660.
• To accommodate additional features the “Rock Ridge extension” was
developed.
Chapter 6. Using Disks and Other Storage Media (cont…)
6.7. Partitions
•
•
•
•
•
•
One hard disk into many
Creates virtual hard disks
Implemented in software
– OS Convention
Stored in Master Boot Record (MBR)
– First sector of the first track on the first disk surface
– Loaded by BIOS
fdisk –l /dev/hda
Labeling
– 1-4 primary partitions
– 5+ logical partitions
– Example
• /dev/hda1 – first primary partition on the first IDE hard disk
• /dev/sdb7 - the third extended partition on the second SCSI hard disk
Chapter 6. Using Disks and Other Storage Media (cont…)
6.7.2. Extended And Logical Partitions
•
•
Limited to 4 partitions
– Original design
Extended partitions
– Partitioning partitions into sub-partitions
• Extended partition
• Logical partition
Chapter 6. Using Disks and Other Storage Media (cont…)
6.8. File Systems
• Methods and data structures that an operating system uses to keep track
of files on a disk or partition; that is, the way the files are organized on the
disk
• General Structure
– Superblock
• Contains information about the file system
– Inode
• Contains all information about a file, except its name
– Directory block
• Contains filename and the number of the inode along with
– Data block
• Used to store data in the file
• Limited in number
– Indirection block
• A pointer to dynamically allocated data blocks to store additional
data
Chapter 6. Using Disks and Other Storage Media (cont…)
6.8.2. File Systems Galore
• Ext2
– Native Linux file system.
– Upward compatible
• Ext3
– Includes journaling (tracks all transactions for rollbacks)
• Minix – the oldest
• Xia – modified minix
• FAT – old DOS
• FAT32 – Windows 95
• NTFS – Windows NT
• Many more…
• /proc
• Access to kernel data structures
– ie process table
• In memory
Chapter 6. Using Disks and Other Storage Media (cont…)
6.8.5. Mounting And Unmounting
•
Enables a device file system to be accessed
– Looks like the contents of the new file system are the contents of
an existing subdirectory in some already mounted file system.
Chapter 6. Using Disks and Other Storage Media (cont…)
6.8.5. Mounting And Unmounting (cont…)
•
•
•
•
Mount takes two arguments
– Device file corresponding to the disk or partition
– Directory below which it will be mounted
Mount point
– Mounted-on directory
Mount attempts to guess the type of file system
– The file system can be specified by the –t option
Umount
– Unmounts the file system
– Data is not necessarily written to the floppy until you unmount it!
Chapter 6. Using Disks and Other Storage Media (cont…)
6.9. Disks Without File Systems
• Has advantages
– More of the disk is usable
– Compatibility
• tar file format is the same on all platforms
• Reason
– Swap partition
– Disk images