ITI481: Unix Administration

1
ITI-481 Unix Administration

• Meeting 5

2
Todays Agenda

• Network Information Service (NIS)
• The Cron Program
• Syslogd and Logging

3
Network Information Service (NIS)

• Permits the sharing and distribution of critical
  files over the network.
• Information such as user accounts, groups, and
  file systems are maintained in a centralized
  database.
• Key tool for centralizing and simplifying
  management of multiple systems.
• Previously named Yellow Pages (yp).

4
NIS Domains and Roles

• Systems using NIS must belong to an NIS domain,
  which is different from a DNS domain.
• Roles for NIS participants
• Master Server
• Slave Server
• Client

5
NIS Database

• NIS Database is composed of map files.
• Here are some files that are frequently built
  into maps/etc/passwd/etc/shadow/etc/group/etc
  /hosts/etc/aliases/etc/auto.master
• Server pushes map files out to clients.

6
NIS Master Server Configuration

• You must have the ypserv package installed.
  yp-tools required for NIS based account
  management.
• Set a domainname.
• This can be done at the command linegtdomainname
  mydomain
• For the domainname to be established after
  reboot, it needs to be set from the rc scripts.
  Add an entry to /etc/sysconfig/networkNISDOMAIN
  mydomain
• Start the ypserv daemongt/etc/rc.d/init/d/ypserv
  startThis daemon is responsible for handling NIS
  requests.

7
NIS Master Server Configuration (cont.)

• Edit /var/yp/Makefile to define what files will
  get shared via NIS. The key part isall
  passwd group hosts rpc services netid protocols
  netgrp mail shadow publickey networks ethers
  bootparams amd.home auto.master auto.home
  passwd.adjunctThis defines what maps will get
  shared. Put in front of entries that are not to
  be shared.
• Initialize the yp server to build the maps in
  /var/yp/domainnamegt /usr/lib/yp/ypinit m
• If additional changes are made to any files
  distributed via NIS, they will need to be pushed
  outgt cd /var/ypmake

8
Configuring an NIS Client

• Requires ypbind package.
• Set a domainname.
• This can be done at the command linegtdomainname
  mydomain
• For the domainname to be established after
  reboot, it needs to be set from the rc scripts.
  Add an entry to /etc/sysconfig/networkNISDOMAIN
  mydomain

9
Configuring an NIS Client (cont.)

• Edit /etc/yp.conf to provide the necessary
  information to locate the NIS server
• Broadcast Methoddomain mydomain broadcast
• Server Hostname Method domain mydomain server
  servernameUse IP address for servername or add
  host name to /etc/hosts.
• Start the NIS client daemongt /etc/rc.d/init.d/yp
  bind start
• Define what configuration files will use NIS
  /etc/nsswitch.conf.

10
/etc/nswitch.conf

• Responsible for telling the system the order in
  which to search for information.
• Formatfilename servicename
• Sample entrypasswd files nis
• Valid services include files, yp, nis, dns (host
  only), and nis.

11
Exercise Configuring the NIS Master Server

• Work in pairs to complete this exercise.
  Select one machine to be host1 (master server)
  and one machine to be host2 (client).
• On host1, download and install the ypserv
  packagegt rpm ivh ypserv-1.3.9-1.i386.rpm
• Set the domainname for the system on
  host1gtdomainname unixtrainSubstitute the
  number that you will be provided with for . It
  is important that each group has a separate NIS
  domain.
• Start the ypserv daemon on host1gt
  /etc/rc.d/init.d/ypserv start
• Edit /var/yp/Makefile in host1. Put a in front
  of netgrp for the all entry.
• Initialize the ypserver to build the mapsgt
  /usr/lib/yp/ypinit -m

12
Exercise Configuring an NIS Client

• On host2, set the NIS domainname at the command
  line gtdomainname unixtrainSubstitute the
  number that you will be provided with for .
• On host2, edit /etc/yp.conf. Uncomment the
  following linedomain NISDOMAIN server
  HOSTNAMESet NISDOMAIN to the domainname that
  you set on host1. Change the hostname to the IP
  address of host1.
• On host2, start ypbind gt /etc/rc.d./init.d/ypbin
  d start
• On host2, test your NIS configurationgtypcat
  groupThis should dump the group map to your
  screen.

13
Exercise Account Management Through NIS

• On host1, use useradd to create a new accountgt
  useradd yptest
• On host1,set a password for the accountgt passwd
  yptest
• Push out the maps from host1gt cd /var/ypmake
• On host1, start yppasswddgt /etc/rc.d/init.d/yppa
  sswdd
• On host2, login to the yptest account (You can
  get a new console on host2 by typing
  ltCTRLgtltALTgtltF2gt).
• On host2, change the password for the yptest
  accountgt yppasswd
• Logout of host2 and verify that you can log back
  in with the yptest account password.

14
The Cron Program

• Used to schedule jobs to run at particular time.
• Useful to to automate system administration
  tasks.
• crond is started at boot time from rc scripts.
• User access to cron can be restricted through
  /etc/cron.allow and /etc/cron.deny.
• Log files stored in /var/log/cron.

15
Cron Files

• Configuration files defining scheduled jobs are
  stored in multiple locations
• /var/spool/cronCron jobs defined according to
  username.
• /etc/crontabDefines cron jobs to be run hourly,
  daily, weekly, and monthly
• /etc/cron.d
• Cron files should not be edited directly. Use the
  crontabgt crontab u username -e

16
Crontab File Format

• Crontab files use the following formatMinute
  Hour Day Month DayOfWeek Comand
• Time fields are as follows
• Minute (0-59)
• Hour (0-23)
• Day of Month (0-31)
• Month (0-12 or names)
• Day of Week (0-6 or names)
• Sample entriesPush yp maps every 15
  minutes0,15,30,45 (cd /var/yp/usr/bin/make)gt
  /dev/nullMail a disk usage report every Friday
  at 500PM0 17 fri df /bin/mail root

17
/etc/crontab

• Defines a set of directories that will run
  scripts or links located in those directories at
  specified times.
• Predefined cron directories/etc/cron.hourly
  /etc/cron.daily /etc/cron.weekly
  /etc/cron.monthly
• Non-standard way of using cron.

18
Exercise Creating Crontab Entries

• Edit the root crontab filegt cd
  /var/spool/crongt crontab u root -e
• Create a crontab entry to run out of the root
  account to email a disk usage report to your
  internet.rutgers.edu account or another email
  address of your choice.
• Check /var/log/cron to verify that your job ran.

19
Syslogd

• Most system logging is handled through the
  syslogd.
• Configuration file is /etc/sylog.conf.
• Log entries are directed to various files in
  /var/log.
• Messages logged by syslogd include a time stamp,
  the process or facility that delivered the
  message, and the message itself.
• Rotating log files periodically is recommended.

20
/etc/syslog.conf

• Format of syslog rulefacility.priority action
• facility - system or application generating the
  message.
• priority level of severity of the message.
• Wild cards are accepted.
• Sample entriesauthpriv. /var/log/securemail.
  err /var/log/maillog
• Tab delineated file.
• If changes are made need to restart syslog
  daemongt kill HUP cat /var/run/syslog.pid

21
Additional Log Files

• /var/run/utmp information about who is
  currently logged into system. Used by commands
  such as who and finger.
• /var/log/wtmp login times and duration for each
  user on the system. Can view with last command.
• /var/log/lastlog similar to wtmp but used by
  different programs, such as finger.

22
Exercise Monitoring Log Files

• Work in pairs to complete this exercise. Select
  one machine to be host1 and one machine to be
  host2.
• From host1, initiate and log in to host2 under
  the student account with the following
  applicationsgt rsh host2gt ssh host2
• While the connections are still active, try
  running the following commands on host2gt whogt
  finger
• Also try the following from host1gt telnet
  host2Review the log files in /var/log. What
  evidence do you find of the various connections
  and attempted connections from above?

23
Homework

• Read chapters 13, 15, 16, and 21 in Linux
  Administration A Beginners Guide.