The Linux System Admin. GuidePart II
description
Transcript of The Linux System Admin. GuidePart II
The Linux System Admin. GuidePart II
Brandon Enochs
Brett Edgar
Dominic Schulte
Memory Management
Virtual memory, swap space, buffer cache
7.1 Virtual Memory
A technique that allows the execution of of processes that may not be completed using only physical memory
Virtual memory is an abstraction of physical memory that uses other means of storage, usually hard disk space for process data
Most modern operating systems provide virtual memory services
7.2 Creating a swap space
Linux has tools to create two types of swap space– Swap files– Swap partitions
7.2 Cont. Creating swap files
One good way to create the swap file is through the following commands:– dd if=/dev/zero of=<swap file name> bs=1024
count=<desired size (in kilobytes) of swap file>• dd creates a file with various properties
– mkswap <swap file name or swap partition> 1024• mkswap writes various information to the swap file or swap
partition that the kernel needs to know in order to make use of it
7.3 Using a swap space
An initialized swap space is enabled with swapon command. This command tells the kernel that the swap space can be used. The path to the swap space is given as the argument to swapon.
The swapoff command disables a swap space
7.3 Cont. Monitoring swap space
The free command will give you the total amount of memory used in each swap space
$ free
total used free shared
buffers
Mem: 15152 14896 256 12404 2528
-/+ buffers: 12368 2784
Swap: 32452 6684 25768
$
7.5 Allocating swap space
Many Linux partitioning tools recommend creating a swap space that is twice the size of your physical memory.
So, if you have 512 megabytes of RAM you would need a gigabyte of swap space!
This is clearly wasteful
7.5 Correctly allocating swap space
Estimate your average memory usageAdd a small amount to your estimateThen, your correct swap size = estimate –
total physical memory.
7.6 The buffer cache
Linux, like most modern operating system does read/write caching of primary storage devices. This speeds up data access when the same data is read or written multiple times.
A program called bdflush synchronizes cached reads and writes every 30 seconds with the underlying storage media.
System administrators should be careful not to just simply power off their computers as unsynchronized cache data could be lost, possibly rendering the operating system unusable.
Chapter 8: Boots and Shutdowns
Booting– After a computer is a powered on and has performed all
necessary self testing, it begins the process of booting the operating system.
• First, it reads a small piece of code from the boot sector of the boot device, usually a hard drive or CDROM. This piece of code is responsible for loading the operating system. This process is known as “bootstrapping.”
Shutting down– First, all processes are told to terminate– Second, all file systems and swap spaces are unmounted– Finally, the computer is powered down
8.2 The Linux boot process
First, A boot loader loads the Linux kernel image into memory
Second, the Linux kernel will uncompress itselfThird, the kernel will initialize all device drivers
and check to see what hardware is availableThird, the kernel will mount the root file systemFinally, the kernel will run the init process
– The init process will perform various initialization tasks like placing the system in multi-user mode
8.3 Shutting down Linux
Linux can be properly shutdown by using the appropriately named shutdown command
The shutdown command has various parameters that control the time and manner in which the computer is shutdown
8.4 Rebooting
Rebooting is accomplished by use of the shutdown command with –r command line switch
8.5 Single user mode
The shutdown command can be used to bring the system down to single user mode.
This is useful for system administration tasks that can't be done while the system is running normally.
8.6 Emergency boot floppies
Most modern distributions provide an emergency boot method for you to recover your system.
The ‘init’ process
Bringing up the system
init comes first
After the kernel has started, the first process it calls is init, located at /sbin/init
If init can’t be found, /bin/sh is started; if sh can’t be found, the system fails
init starts getty on every terminal and virtual console; it also restarts getty when a user logs out
init will adopt orphaned processesLinux uses a System V like init
/etc/inittab
Configuration file for initMade up of four colon-delimited fields on each
line: id, runlevels, action, and process id: must be unique; for getty lines, must be the
terminal it runs on runlevels: the runlevels to run the command in, no
delimiters (2345 = runlevels 2-5) action: once, or respawn; run the command once,
or restart it when it diesprocess: the command to execute
Runlevels
0: halt system; 1: single-user; 2-5: user defined; 6: reboot
Can be used to control what subsystems are running on a machine
Configured in /etc/inittab: l2:2:wait:/etc/init.d/rc 2
In /etc/inittab default runlevel is specified with id:2:initdefault: where id is anything
telinit can change runlevels while the system is up
Special configuration in /etc/inittab
Special keywords for the third field:– powerwait: allows init to shut the system off in
conjunction with a UPS during a power failure– ctrlaltdel: allows init to reboot the system on a
ctrl-alt-del key combination– sysinit: command to run at system boot-up;
usually cleans up /tmpThere are other possible commands. See the
inittab man page for more information
Single-user mode
Can be entered from a running system by issuing telinit 1 on a local terminal as root
Can be entered upon boot by passing the kernel single or emergency
Very few services are running in single-user mode. It is useful for performing fsck on a broken partition and restoring backups after a disk failure.
Logging In and Out
It’s the password, stupid.
Terminal logins
init starts getty which outputs /etc/issue to the terminal, retrieves the username, and then starts login to process the password
Network logins
init will start inetd which listens for an incoming connection and then starts the appropriate login program (ssh, telnet, rlogin, etc.)
Only one inetd is started since there can be a large number of possible connections, although few may ever be used
The login program
login authenticates the user and sets up an initial environment (serial parameters, spawning a shell); it outputs /etc/motd and checks for local e-mail; these can be disable by creating ~/.hushlogin
Failed and root login attempts are logged via syslog.
Currently logged in users are listed in /var/run/utmp. All successful logins are listed in /var/log/wtmp.
Access control
The user database is stored in /etc/passwd. If passwords are shadowed, they will be in /etc/shadow.
The user database contains user’s real names, home directories, and login shells.
crack can be used to search for bad passwords; passwd is better since it can check for bad passwords and enforce rules without having to waste CPU cycles cracking passwords
Access control (continued)
The group database is in /etc/group; if shadow passwords are enabled, there can be a /etc/shadow.group
The root user can only login via terminals listed in /etc/securetty; however, any user can login and use su to become root
Shell startup
After login finishes, it will execute the user’s shell, as specified in /etc/passwd
Each shell will use different files to control its startup environment
The Bourne shell and its derivatives will execute /etc/profile followed by ~/.profile
/etc/profile can be used by the Sysadmin to create a default global environment
Managing User Accounts
Creating, modifying, and removing accounts
Account Basics
Mechanism for user differentiation– Unique user id (uid)– Group id (gid)
FilesResourcesInformation
Account Creation
To the kernel, you’re just a number– uid– Separate DB assigns usernames to id’s
Update DBCreate home directoryDefault environmentPrograms: adduser, useradd, etc.
The Password File
UsernamePasswordNumeric user idNumeric group idFull name or account descriptionHome directoryLogin shell
Password Security
/etc/passwd world readable– Password “encrypted”– One-way hash function
Shadow passwords– /etc/shadow– Root-readable– etc/passwd contains special marker– Setuid used for user verification
ID’s
Network Filesystem (NFS)– Correlation necessary
Independent systems– Automated tools acceptable
Initial User Environments
New user friendly/etc/skel
– /etc/skel/.profile– Keep small and simple
Use global files when possible– /etc/profile– Does not break users’ setups
Manual User Creation
vipw – add new /etc/passwd line– Locks file during editing– Make password field ‘*’ to deny login
vigr – add new /etc/group, if necessaryCopy files from /etc/skel to new home dirchown/chmod to set ownership/permission
– -R option usefulSet the password
Account Commands
Change relevant field of /etc/passwd– chfn – change full name field– chsh – change the login shell– passwd – change the password
Only super-user may change others acct.’sMay be disabled using chmod
Removing Users
Remove all references to user – Lock account– Files, mailboxes, print jobs, cron/at jobs– Relevant lines from /etc/passwd and /etc/group
find – locate other user files– find / -user username
Special commands– deluser or userdel
Disabling Accounts
Security, financial, operational concernsChange shell
– Displays message instead of granting a shell
Change username or password– Causes confusion