Download - Chapter 15 System Administration
![Page 1: Chapter 15 System Administration](https://reader035.vdocuments.us/reader035/viewer/2022062518/56814928550346895db65f16/html5/thumbnails/1.jpg)
Chapter 15 System Administration
By C. Shing
ITEC Dept
Radford University
![Page 2: Chapter 15 System Administration](https://reader035.vdocuments.us/reader035/viewer/2022062518/56814928550346895db65f16/html5/thumbnails/2.jpg)
Objectives
• Understand system administrator’s duty• Understand the system start up and shutdown
procedures• Understand how to maintain file systems and
user accounts• Understand how to install software and
peripheral devices• Understand how to configure kernel• Understand how to manage system accounting
and security
![Page 3: Chapter 15 System Administration](https://reader035.vdocuments.us/reader035/viewer/2022062518/56814928550346895db65f16/html5/thumbnails/3.jpg)
System Admin Duty
• Boot up and shutdown systems
• Maintain and back up system
• Maintain user accounts and system accounting
• Install system and application software
• Install and configure peripheral and kernel
• Maintain network interface and system security
![Page 4: Chapter 15 System Administration](https://reader035.vdocuments.us/reader035/viewer/2022062518/56814928550346895db65f16/html5/thumbnails/4.jpg)
System Admin Account
• Root: user ID is 0– Hard to correct problems if made mistake
• Become superuser: use su utility to create a child shell of root– sudo: provide special privilege for a specific
task
![Page 5: Chapter 15 System Administration](https://reader035.vdocuments.us/reader035/viewer/2022062518/56814928550346895db65f16/html5/thumbnails/5.jpg)
System Start up
• Power up self test• Load kernel to RAM• Kernel start running and initialize itself• Kernel starts first process PID=1(init), then it
spawns child processes (getty) for creating and maintaining login shell using /etc/inittab to decide runlevels– Run fsck to check file systems (use sync utility to fix
damaged file systems)– Mount file systems use mount for entries in /etc/vfstab
file– Start daemons
![Page 6: Chapter 15 System Administration](https://reader035.vdocuments.us/reader035/viewer/2022062518/56814928550346895db65f16/html5/thumbnails/6.jpg)
System Run Level (Mode)
• BSD system in either of the 2 modes:– Single-user: create a Bourne shell
• Only / is mounted automatically• Need manually mount other file systems for
system repair, back-up, kernel reconfiguration
– Multi-user• Start daemons by running boot up file /etc/rc• Start locally maintained services by running boot
up file /etc/rc.local • Clear files in /tmp
![Page 7: Chapter 15 System Administration](https://reader035.vdocuments.us/reader035/viewer/2022062518/56814928550346895db65f16/html5/thumbnails/7.jpg)
System Run Level (Mode) (Cont.)
• BSD system in either of the 2 modes:– Multi-user (Cont.)
• Create getty processes for every terminal in /etc/ttytab file
• Start up network services, default mode• Start login process by replacing getty process
when detect login attempt• Start up shell replaces login shell for successful
login• Store login username in /etc/utmp and login
session in /var/adm/wtmp
![Page 8: Chapter 15 System Administration](https://reader035.vdocuments.us/reader035/viewer/2022062518/56814928550346895db65f16/html5/thumbnails/8.jpg)
System Run Level (Mode) (Cont.)
• BSD system in either of the 2 modes:– Multi-user (Cont.)
• Logout: init process receives SIGCHLD signal– remove username in /etc/utmp and logout session in
/var/adm/wtmp– Create a new getty process for the freed terminal
![Page 9: Chapter 15 System Administration](https://reader035.vdocuments.us/reader035/viewer/2022062518/56814928550346895db65f16/html5/thumbnails/9.jpg)
System Run Level (Mode) (Cont.)
• System V in either of the 8 levels:– 0-6: can have own boot-up script for each
level• 0 : firmware• 1 or S: for Single-user mode• 2: muti-user, no network• 3: multi-user, network• 4: not used• 5: shutdown for power off• 6: reboot
![Page 10: Chapter 15 System Administration](https://reader035.vdocuments.us/reader035/viewer/2022062518/56814928550346895db65f16/html5/thumbnails/10.jpg)
System Run Level (Mode) (Cont.)
• System V in either of the 8 levels:– Boot-up files are /etc/rc0, /etc/rc1,…,
/etc/rc6, /etc/rcS– Run level scripts are in /etc/rc0.d, /etc/rc1.d,
…, /etc/rc3.d, /etc/rcS.d• Start up script: name begins with S• Shutdown script: name begins with K
– All process management scripts are in /etc/init.d directory
![Page 11: Chapter 15 System Administration](https://reader035.vdocuments.us/reader035/viewer/2022062518/56814928550346895db65f16/html5/thumbnails/11.jpg)
System Shutdown
• shutdown –option time [message]– Option: h – halt
r – reboot– Time: now – shutdown immediately
+minutes – within minuteshours:minutes – within hours and
minutes
Example:shutdown –h now
![Page 12: Chapter 15 System Administration](https://reader035.vdocuments.us/reader035/viewer/2022062518/56814928550346895db65f16/html5/thumbnails/12.jpg)
System Shutdown (Cont.)
• halt
• reboot
• sync
update super-block
![Page 13: Chapter 15 System Administration](https://reader035.vdocuments.us/reader035/viewer/2022062518/56814928550346895db65f16/html5/thumbnails/13.jpg)
Maintain File System
• fsck –p [filesystem]– Automatically correct inconsistency on
filesystem• Free block also inode• Used block but not inode• More than 1 inodes reference 1 block• Wrong block number• Wrong inode link count• Inode not in any directory
![Page 14: Chapter 15 System Administration](https://reader035.vdocuments.us/reader035/viewer/2022062518/56814928550346895db65f16/html5/thumbnails/14.jpg)
Maintain File System (Cont.)
• df -k [filesystem]– Report in 1K block the disk space
used/available for the mounted filesystem
Example:
df -k
![Page 15: Chapter 15 System Administration](https://reader035.vdocuments.us/reader035/viewer/2022062518/56814928550346895db65f16/html5/thumbnails/15.jpg)
Maintain File System (Cont.)
• du -option [filename]– Option: k – 1K block
s – size only– Report in 1K block the disk usage for the
filename recursively down to subdirectories
Example:
du –k .
![Page 16: Chapter 15 System Administration](https://reader035.vdocuments.us/reader035/viewer/2022062518/56814928550346895db65f16/html5/thumbnails/16.jpg)
Maintain File System (Cont.)
• quota [-v] [username]– Display [username’s] disk quota
Example:
quota
![Page 17: Chapter 15 System Administration](https://reader035.vdocuments.us/reader035/viewer/2022062518/56814928550346895db65f16/html5/thumbnails/17.jpg)
Maintain File System (Cont.)
• format [-d diskname] [-p partition]– Format partition on diskname
• Disk partition rule:– Swap space: 2 to 2.5 * RAM size– Partitions needed: /, /usr, /var, /tmp,
/export through NFS, /opt
![Page 18: Chapter 15 System Administration](https://reader035.vdocuments.us/reader035/viewer/2022062518/56814928550346895db65f16/html5/thumbnails/18.jpg)
Maintain File System (Cont.)
• Old Red Hat server partition recommendation: (128 MB RAM)– /: 256 MB– Swap: 256 MB– /usr: 512 MB +– /boot: 16 MB– /home: user accounts: 512 MB +– /var: server log for a long time– /tmp or link to /var/tmp
Note: combine partition space if not needed
![Page 19: Chapter 15 System Administration](https://reader035.vdocuments.us/reader035/viewer/2022062518/56814928550346895db65f16/html5/thumbnails/19.jpg)
Maintain File System (Cont.)
• Red Hat Home server partition recommendation: CPU Pentium III 800 MHz (512MB RAM) w GeForce 2 MX (VRAM 32 MB), 320GB: – /: – swap: 1 GB– /usr: 2-5GB– /boot: 100 MB– /home: user accounts: 160 GB– /var: server log for a long time 100 GB+– /tmp or link to /var/tmp
Note: combine partition space if not needed
![Page 20: Chapter 15 System Administration](https://reader035.vdocuments.us/reader035/viewer/2022062518/56814928550346895db65f16/html5/thumbnails/20.jpg)
Maintain File System (Cont.)
• Old Red Hat client partition recommendation: (32 MB RAM)– Swap: 64 MB– /boot: 16 MB– /: rest
![Page 21: Chapter 15 System Administration](https://reader035.vdocuments.us/reader035/viewer/2022062518/56814928550346895db65f16/html5/thumbnails/21.jpg)
Maintain File System (Cont.)
• Red Hat Home partition recommendation: CPU Pentium II 500 (128 MB RAM, 40 GB disk)– swap: 256 MB+, logical partition– /boot: 100 MB, primary partition– /: 10 GB, primary partition– /home: 5 GB, primary partition
Reserve: 20 GB
![Page 22: Chapter 15 System Administration](https://reader035.vdocuments.us/reader035/viewer/2022062518/56814928550346895db65f16/html5/thumbnails/22.jpg)
Maintain File System (Cont.)
• Solaris server partition recommendation: (Dedicated server)– /– Swap– /usr: shared system files– /opt: larger for NFS service– /export– /export/home: holds user accounts– /export/swap: for serve diskless client– /var: server log for a long time– /tmp or link to /var/tmp
Note: combine partition space if not needed
![Page 23: Chapter 15 System Administration](https://reader035.vdocuments.us/reader035/viewer/2022062518/56814928550346895db65f16/html5/thumbnails/23.jpg)
Maintain File System (Cont.)
• Solaris client partition recommendation: – /– Swap– /usr– /opt: if local optional software used– /var: client log for a long time– /tmp: if user or application use this a lot– /home: if workstation contains user accounts
Note: combine partition space if not needed
![Page 24: Chapter 15 System Administration](https://reader035.vdocuments.us/reader035/viewer/2022062518/56814928550346895db65f16/html5/thumbnails/24.jpg)
Maintain File System (Cont.)
• mkfs newfilesystem [sectornumber]– Create a newfilesystem (with sectornumber
sectors)
• newfs newfilesystem devicetype– Invoke mkfs using sectornumber specified by
the devicetype in /etc/device.tab
![Page 25: Chapter 15 System Administration](https://reader035.vdocuments.us/reader035/viewer/2022062518/56814928550346895db65f16/html5/thumbnails/25.jpg)
Manage User Accounts
• Add user entry in /etc/shadow and /etc/passwd files– Use vipw command to edit– Change password using passwd command
• Add group entry in /etc/group file• Create home directory for the user
– Set up owner, group and directory permissions
• Provide start up files– .login and .cshrc files for start-up tc shell
![Page 26: Chapter 15 System Administration](https://reader035.vdocuments.us/reader035/viewer/2022062518/56814928550346895db65f16/html5/thumbnails/26.jpg)
Install Software & Configure Kernel
• Deposit/Download software in appropriate directory– Solaris: under /
• /kernel: Unix kernel (e.g. /kernel/genunix has about 1.5 MB)• /bin, /usr/bin: Unix utilities, built-in commands• /sbin: system binaries• /dev: device files• /lib: essential libraries• /usr/lib: libraries for C, FORTRAN, … etc• /var/log: log files• /var/adm: admin log files
![Page 27: Chapter 15 System Administration](https://reader035.vdocuments.us/reader035/viewer/2022062518/56814928550346895db65f16/html5/thumbnails/27.jpg)
Install Software & Configure Kernel (Cont.)
• Deposit/Download software in appropriate directory– Solaris: under / (Cont.)
• /etc: admin files, start-up files, configuration files• /opt: optional system software• /proc: pseudo file systems, contains managing
process information
– User application: under /usr/local, often a mount point for other file systems
• /usr/local/bin: local software binary
![Page 28: Chapter 15 System Administration](https://reader035.vdocuments.us/reader035/viewer/2022062518/56814928550346895db65f16/html5/thumbnails/28.jpg)
Install Software & Configure Kernel (Cont.)
• Modify configuration file for your environment
• Use config utility to recompile kernel and create makefile for the architecture if not provided
• Run make utility to produce executable file for the software
• Reboot the system
![Page 29: Chapter 15 System Administration](https://reader035.vdocuments.us/reader035/viewer/2022062518/56814928550346895db65f16/html5/thumbnails/29.jpg)
Install Software & Configure Kernel (Cont.)
• Example: Install Kerberos 5 On Red Hat Linux
– cd /usr/local/bin
– mkdir kerberos; cd kerberos
– Now, download Kerberos 5 from web– tar -xzf krb5-1.3.1.tar.gz
This uncompress and untar the file
– ./configure --without-krb4 This recompiles kernel and create a makefile to exclude Kerberos 4 support
– make This compiles necessary system files for Kerberos 5
– make install This creates executables and puts them in the right directories
![Page 30: Chapter 15 System Administration](https://reader035.vdocuments.us/reader035/viewer/2022062518/56814928550346895db65f16/html5/thumbnails/30.jpg)
Install Peripheral Devices
• Install device driver
• Find major and minor number of the device
• Associate the device with device driver– mknod devicename option majornumber
minornumber• Option: b – block device
c – character device
![Page 31: Chapter 15 System Administration](https://reader035.vdocuments.us/reader035/viewer/2022062518/56814928550346895db65f16/html5/thumbnails/31.jpg)
Install Peripheral Devices (Cont.)
• Example:– mknod /dev/disk1 b 4 0
disk is a block device
![Page 32: Chapter 15 System Administration](https://reader035.vdocuments.us/reader035/viewer/2022062518/56814928550346895db65f16/html5/thumbnails/32.jpg)
Install Peripheral Devices (Cont.)
• Terminal files:– /etc/termcap (/etc/terminfo): complete terminal
information– /etc/ttydefs: define terminal baud rate
![Page 33: Chapter 15 System Administration](https://reader035.vdocuments.us/reader035/viewer/2022062518/56814928550346895db65f16/html5/thumbnails/33.jpg)
Manage Network Devices
• ifconfig utility to configure network interface– Ifconfig interfacename ip-address netmask [up/down]
assign ip-address to interfacename and running/shutdown
• Route utility to manually manage routing table– route add/delete ip-address netmask gateway
create/delete an entry to ip-address in the routing table
![Page 34: Chapter 15 System Administration](https://reader035.vdocuments.us/reader035/viewer/2022062518/56814928550346895db65f16/html5/thumbnails/34.jpg)
Manage Network Devices (Cont.)
• netstat -r display routing table
![Page 35: Chapter 15 System Administration](https://reader035.vdocuments.us/reader035/viewer/2022062518/56814928550346895db65f16/html5/thumbnails/35.jpg)
Manage System Accounting and Security
• acct– Display accounting information– System usages store in /etc/adm/acct
directory, use sa utility– Login/logout information stored in
/usr/adm/wtmp file, use ac and last utilities
![Page 36: Chapter 15 System Administration](https://reader035.vdocuments.us/reader035/viewer/2022062518/56814928550346895db65f16/html5/thumbnails/36.jpg)
Manage System Accounting and Security (Cont.)
• Security– Disable unused ports– Disable commands/methods that avoid password
• rlogin, rsh– Disable utilities with known security problem
• ping, finger– Do not log on root account unless necessary
• Logon your regular account and use su utility to get super-user privilege
– Watch files with SUID and SGID set• /tmp has sticky bit set: only owner can modify or delete files
– Use secure protocols• Use secure telnet to replace telnet
![Page 37: Chapter 15 System Administration](https://reader035.vdocuments.us/reader035/viewer/2022062518/56814928550346895db65f16/html5/thumbnails/37.jpg)
Misc.
• uname –a
Prints system information
• dmesg
Display system diagnostic information such as memory, devices
![Page 38: Chapter 15 System Administration](https://reader035.vdocuments.us/reader035/viewer/2022062518/56814928550346895db65f16/html5/thumbnails/38.jpg)
Reference
• Ch. 15
• Ch. 2 & 3 of Nemeth etl.