Chapter 15 System Administration

1
Chapter 15 System Administration

• By C. Shing
• ITEC Dept
• Radford University

2
Objectives

• Understand system administrators duty
• Understand the system start up and shutdown
  procedures
• Understand how to maintain file systems and user
  accounts
• Understand how to install software and peripheral
  devices
• Understand how to configure kernel
• Understand how to manage system accounting and
  security

3
System Admin Duty

• Boot up and shutdown systems
• Maintain and back up system
• Maintain user accounts and system accounting
• Install system and application software
• Install and configure peripheral and kernel
• Maintain network interface and system security

4
System Admin Account

• Root user ID is 0
• Hard to correct problems if made mistake
• Become superuser use su utility to create a
  child shell of root
• sudo provide special privilege for a specific
  task

5
System Start up

• Power up self test
• Load kernel to RAM
• Kernel start running and initialize itself
• Kernel starts first process PID1(init), then it
  spawns child processes (getty) for creating and
  maintaining login shell using /etc/inittab to
  decide runlevels
• Run fsck to check file systems (use sync utility
  to fix damaged file systems)
• Mount file systems use mount for entries in
  /etc/vfstab file
• Start daemons

6
System Run Level (Mode)

• BSD system in either of the 2 modes
• Single-user create a Bourne shell
• Only / is mounted automatically
• Need manually mount other file systems for system
  repair, back-up, kernel reconfiguration
• Multi-user
• Start daemons by running boot up file /etc/rc
• Start locally maintained services by running boot
  up file /etc/rc.local
• Clear files in /tmp

7
System Run Level (Mode) (Cont.)

• BSD system in either of the 2 modes
• Multi-user (Cont.)
• Create getty processes for every terminal in
  /etc/ttytab file
• Start up network services, default mode
• Start login process by replacing getty process
  when detect login attempt
• Start up shell replaces login shell for
  successful login
• Store login username in /etc/utmp and login
  session in /var/adm/wtmp

8
System Run Level (Mode) (Cont.)

• BSD system in either of the 2 modes
• Multi-user (Cont.)
• Logout init process receives SIGCHLD signal
• remove username in /etc/utmp and logout session
  in /var/adm/wtmp
• Create a new getty process for the freed terminal

9
System Run Level (Mode) (Cont.)

• System V in either of the 8 levels
• 0-6 can have own boot-up script for each level
• 0 firmware
• 1 or S for Single-user mode
• 2 muti-user, no network
• 3 multi-user, network
• 4 not used
• 5 shutdown for power off
• 6 reboot

10
System Run Level (Mode) (Cont.)

• System V in either of the 8 levels
• Boot-up files are /etc/rc0, /etc/rc1,, /etc/rc6,
  /etc/rcS
• Run level scripts are in /etc/rc0.d, /etc/rc1.d,
  , /etc/rc3.d, /etc/rcS.d
• Start up script name begins with S
• Shutdown script name begins with K
• All process management scripts are in /etc/init.d
  directory

11
System Shutdown

• shutdown option time message
• Option h halt
• r reboot
• Time now shutdown immediately
• minutes within minutes
• hoursminutes within hours and minutes
• Example
• shutdown h now

12
System Shutdown (Cont.)

• halt
• reboot
• sync
• update super-block

13
Maintain File System

• fsck p filesystem
• Automatically correct inconsistency on filesystem
• Free block also inode
• Used block but not inode
• More than 1 inodes reference 1 block
• Wrong block number
• Wrong inode link count
• Inode not in any directory

14
Maintain File System (Cont.)

• df -k filesystem
• Report in 1K block the disk space used/available
  for the mounted filesystem
• Example
• df -k

15
Maintain File System (Cont.)

• du -option filename
• Option k 1K block
• s size only
• Report in 1K block the disk usage for the
  filename recursively down to subdirectories
• Example
• du k .

16
Maintain File System (Cont.)

• quota -v username
• Display usernames disk quota
• Example
• quota

17
Maintain File System (Cont.)

• format -d diskname -p partition
• Format partition on diskname
• Disk partition rule
• Swap space 2 to 2.5 RAM size
• Partitions needed /, /usr, /var, /tmp,
• /export through NFS, /opt

18
Maintain File System (Cont.)

• Red Hat server partition recommendation (128 MB
  RAM)
• / 256 MB
• Swap 256 MB
• /usr 512 MB
• /boot 16 MB
• /home user accounts 512 MB
• /var server log for a long time
• /tmp or link to /var/tmp
• Note combine partition space if not needed

19
Maintain File System (Cont.)

• Red Hat client partition recommendation (32 MB
  RAM)
• Swap 64 MB
• /boot 16 MB
• / rest

20
Maintain File System (Cont.)

• Solaris server partition recommendation
  (Dedicated server)
• /
• Swap
• /usr
• /opt larger for NFS service
• /export
• /export/home holds user accounts
• /export/swap for serve diskless client
• /var server log for a long time
• /tmp or link to /var/tmp
• Note combine partition space if not needed

21
Maintain File System (Cont.)

• Solaris client partition recommendation
• /
• Swap
• /usr
• /opt if local optional software used
• /var client log for a long time
• /tmp if user or application use this a lot
• /home if workstation contains user accounts
• Note combine partition space if not needed

22
Maintain File System (Cont.)

• mkfs newfilesystem sectornumber
• Create a newfilesystem (with sectornumber
  sectors)
• newfs newfilesystem devicetype
• Invoke mkfs using sectornumber specified by the
  devicetype in /etc/device.tab

23
Manage User Accounts

• Add user entry in /etc/shadow and /etc/passwd
  files
• Use vipw command to edit
• Change password using passwd command
• Add group entry in /etc/group file
• Create home directory for the user
• Set up owner, group and directory permissions
• Provide start up files
• .login and .cshrc files for start-up tc shell

24
Install Software Configure Kernel

• Deposit/Download software in appropriate
  directory
• Solaris under /
• /kernel Unix kernel (e.g. /kernel/genunix has
  about 1.5 MB)
• /bin, /usr/bin Unix utilities, built-in commands
• /sbin system binaries
• /dev device files
• /lib essential libraries
• /usr/lib libraries for C, FORTRAN, etc
• /var/log log files
• /var/adm admin log files

25
Install Software Configure Kernel (Cont.)

• Deposit/Download software in appropriate
  directory
• Solaris under / (Cont.)
• /etc admin files, star-up files, configuration
  files
• /opt optional system software
• /proc pseudo file systems, contains managing
  process information
• User application under /usr/local, often a mount
  point for other file systems
• /usr/local/bin local software binary

26
Install Software Configure Kernel (Cont.)

• Modify configuration file for your environment
• Use config utility to recompile kernel and create
  makefile for the architecture if not provided
• Run make utility to produce executable file for
  the software
• Reboot the system

27
Install Software Configure Kernel (Cont.)

• Example Install Kerberos 5 On Red Hat Linux
• cd /usr/local/bin
• mkdir kerberos cd kerberos
• Now, download Kerberos 5 from web
• tar -xzf krb5-1.3.1.tar.gz
• This uncompress and untar the file
• ./configure --without-krb4
• This recompiles kernel and create a makefile
  to exculde Kerberos 4 support
• make
• This compiles necessary system files for
  Kerberos 5
• make install
• This creates executables and puts them in
  the right directories

28
Install Peripheral Devices

• Install device driver
• Find major and minor number of the device
• Associate the device with device driver
• mknod devicename option majornumber minornumber
• Option b block device
• c character device

29
Install Peripheral Devices (Cont.)

• Example
• mknod /dev/disk1 b 4 0
• disk is a block device

30
Install Peripheral Devices (Cont.)

• Terminal files
• /etc/termcap (/etc/terminfo) complete terminal
  information
• /etc/ttydefs define terminal baud rate

31
Manage Network Devices

• ifconfig utility to configure network interface
• Ifconfig interfacename ip-address netmask
  up/down
• assign ip-address to interfacename and
  running/shutdown
• Route utility to manually manage routing table
• route add/delete ip-address netmask gateway
• create/delete an entry to ip-address in the
  routing table

32
Manage Network Devices (Cont.)

• netstat -r
• display routing table

33
Manage System Accounting and Security

• acct
• Display accounting information
• System usages store in /etc/adm/acct directory,
  use sa utility
• Login/logout information stored in /usr/adm/wtmp
  file, use ac and last utilities

34
Manage System Accounting and Security (Cont.)

• Security
• Disable unused ports
• Disable commands/methods that avoid password
• rlogin, rsh
• Disable utilities with known security problem
• ping, finger
• Do not log on root account unless necessary
• Logon your regular account and use su utility to
  get sper-user privilege
• Watch files with SUID and SGID set
• /tmp has sticky bit set only owner can modify or
  delete files
• Use secure protocols
• Use secure telnet to replace telnet

35
Misc.

• uname a
• Prints system information
• dmesg
• Display system diagnostic information such as
  memory, devices

36
Reference

• Ch. 15
• Ch. 2 3 of Nemeth etl.