CS465 -Unix

1
CS465 -Unix

• System
• Administration

2
What does the System Administrator do?

• Starts/stops the system
• Maintains the file system and user accounts
• Installs HW and SW
• Configures TCP/IP
• Performs system accounting, performance
  monitoring, and security

3
UNIX Processes

• Program vs Process
• A program is an executable file.
• A process is an instance of the program in
  execution.
• When a process invokes a new program it creates a
  child process
• A new process is created each time you execute a
  non-kernel command
• Current process (parent) forks a new process
  (child)
• ps shows process identifier (PID) and the parent
  process identifier (PPID)

4
Process Creation Functions

• UNIX provides two key functions that operate on
  processes
• fork - creates a duplicate process
• Almost all info copied from original (parent)
• New process has a unique process ID, which is
  returned to the parent process.
• exec - loads a program from a file and overwrites
  the existing code

5
Creating New Processes

• Example
• include ltstdio.hgt
• include ltstdlib.hgt / system calls /
• main()
• if ( fork() 0) / child /
• execl("/bin/ps", "ps", NULL)
• else
• wait() / parent /
• printf("childs ps done\n")
• Note Anyone (not just system administrator) can
  create new processes.

6
Startup Processes

• init process
• last step in booting procedure
• creates other processes to allow the users to
  login
• getty process
• conditions for terminal connection
• waits for user-id
• display login on the screen
• login process
• checks password with the uid
• executes .profile or .login (depends on default
  shell)
• displays shell prompt
• shell process (command line interpreter) displays
  prompt

7
Startup Process Diagram
kernel
Process 0 Kernel bootstrap. Start process 1.
kernal mode
user mode
/etc/init
Process 1 create processes to allow login.
8
System Startup Processes
UID PID PPID C STIME TTY STAT TIME
CMD root 1 0 0 Oct01 ?
Ss 001 init 2 root 2944 1 0
Oct01 tty1 Ss 000 /sbin/getty 38400
tty1 root 2946 1 0 Oct01 tty2 Ss
000 /sbin/getty 38400 tty2
9
Who can perform system administrator duties?

• Need root privileges to run many sysadmin
  commands
• Can log in directly as user root
• rwx privileges will not affect root
• BETTER WAY
• Log in under your own username
• Use su to switch to root
• Maintains a log of which user logged into the
  root account

10
The su utility

• If you are logged in as an ordinary user, you may
  use switch user (su)
• su username
• If no username is listed, su will switch you to
  the root account.
• Example
• su
• Password (enter root password)
• Note that the prompt changes from to

11
Security Issue

• If you are using su from someone elses terminal
  to switch to root, you should ALWAYS type the
  entire path to avoid Trojan Horse programs
• /bin/su lt-- acadunix
• or sometimes
• /usr/bin/su

12
root commands

• Most system administration commands are in the
  /usr/etc or /usr/bin directory
• Add /usr/etc to the roots path by adding
• PATH/usr/etcPATH
• to the /.profile file

13
root precautions

• When you are logged in as root, you should
• Test destructive commands non-destructively
  (Example use ls before rm)
• Create /etc/securetty to have a list of allowable
  terminals for root login
• Only become root to do single specific tasks.
  Return back to your normal user shell (via exit
  command) until you are sure what needs to be done
  by root and to do your own work.
• Always be slow and deliberate running as root.
  Your actions could affect a lot of things. Think
  before you type!

14
sus other use

• You can also use switch user (su) to gain access
  to any user account
• su username
• Creates a subshell environment with users id and
  group id
• Example
• su jsmith
• Password (enter jsmiths password)
• Note If you use su from the root account, you
  will not need to enter a password.

15
shutdown Utility

• Use shutdown to stop the system. Users are
  notified of the impending shut down, as are the
  systems that are mounting resources from the
  server being shut down.
• Format
• shutdown -y -g grace-period
• -i init-state message
• Example
• shutdown -i S -g 120 " disk replacement
  
• Shutdown started. Tue Jun 7 145140 PDT
  1994
• Broadcast Message from root (pts/1) on foo Tue
  Jun 7 145141...
• The system will be shut down in 2 minutes
• disk replacement
• Broadcast Message from root (pts/1) on foo Tue
  Jun 7 145241...
• The system will be shut down in 1 minutes
• disk replacement

16
halt Utility

• Shuts the system down as quickly as possible (no
  user warning)
• Flushes buffers
• Halts system
• Format
• halt

17
Single User Mode

• The system normally runs in multi-user mode.
• After a system shutdown, you will be in Single
  User Mode
• Creates Bourne shell at console ONLY
• Automatically logged in as root
• Used for system maintenance and backup
• Must issue sync command before returning to
  multi-user mode (writes changes to hard disk)
• Can turn off power or reset the system

18
Daemons

• What is a daemon?
• A process that only needs to be started once, and
  will lay dormant until it is required
• Examples
• mail daemon
• login daemon
• Cron
• Many system daemons are started on bootup
• UID PID PPID C STIME TTY STAT TIME CMD
• daemon 2694 1 0 Oct01 ? Ss 000
  /usr/sbin/atd

19
System SecurityWhat are you trying to protect?

• The Risk
• Possibility of an intruder gaining unauthorized
  access
• Motivations
• The Curious
• The Malicious
• The Competition
• The Borrowers
• The Leapfrogger

20
Security Issues

• Vulnerability How well protected is your
  computer?
• Locate world writable directories
• Check for unowned files
• Do not permit .rhosts files
• Password Security
• Use crack on your own system
• Security Policy
• That which is not permitted is prohibited!!

21
Unix System Logs

• Unix keeps track of the following, by UserID
• Memory and CPU usage
• Login/Logout time
• Pages printed on printers

22
Checking Logs

• Some things to check for in your logs (in
  directory /var/log or /var/logs)
• Short or incomplete logs
• Logs containing strange timestamps
• Logs with incorrect permissions or ownership
• Records of reboots or restarting of services
• Missing logs
• su entries or logins from strange places

23
System logins/logouts

• System file records all logins, logouts, and
  reboots, with the most recent activity at the top.

• Can be viewed using the last command
• last -n username
• where -n displays lines of the file
• username displays only lines for specific user

• Each entry includes
• user name and login device
• host that the user is logged in from
• date and time that the user logged in and logged
  out
• total login time in hours and minutes
• Also includes entries for each reboot

24
Example

• last -n6 small000
• small000 pts/0 xlate.regis.edu Tue Oct 7
  1337 still logged in
• small000 pts/0 dsl-206-53-24-25 Mon Oct 6
  1820 - 1835 (0014)
• small000 pts/0 xlate.regis.edu Mon Oct 6
  1432 - 1645 (0213)
• small000 pts/2 xlate.regis.edu Fri Oct 3
  1410 - 1435 (0025)
• small000 pts/1 dsl-206-53-24-25 Thu Oct 2
  1924 - 1932 (0008)
• small000 pts/0 dsl-206-53-24-25 Thu Oct 2
  1438 - 1517 (0039)

25
System logins/logouts

• You can log failed command-line login attempts in
  the /var/adm/loginlog file.
• To turn on logging, root should create this file
  with read and write permissions for the root user
  only, and it should belong to the sys group.
• touch /var/adm/loginlog chown root
  /var/adm/loginlog chmod 600 /var/adm/loginlog

• All failed login activity is written to this file
  automatically after five consecutive failed
  attempts. If there are less than five consecutive
  failed attempts, no activity is logged to this
  file.
• Each failed attempt entry contains
• user's login name
• login device (TTY port)
• time of the failed attempt.

26
Monitoring su usage

• It is a good idea to monitor who has been using
  the su command, especially to gain root access.
• Set the SULOG variable in the /etc/default/su
  file to set up a file to log all su attempts.
• Example SULOG/var/adm/sulog

• If the SULOG variable is not defined, su command
  logging is not enabled.
• The SULOG log file records
• the date and time the command was issued,
• whether it was successful (shown by the plus
  symbol for success or the hyphen - symbol for
  failure),
• the device from which the command was issued,
  the login and the effective identity.

27
User Management

• The system administrator can
• Add, modify and delete user accounts
• Establish filesystem quotas
• Change user passwords
• Must be logged into the root account to do these
  things

28
Logging into the root account

• As the system administrator, you should
• log in to a system as a regular user
• use su to switch to the root user account only
  when you need to perform system administrative
  tasks
• Why?

• reduces possiblitiy that the system will be left
  unattended with the root user logged in
• critical mistakes are less likely to occur if you
  perform your routine work as a regular system user

29
User Accounts

• Each user needs a unique
• account name
• user identification (UID) number
• home directory
• and a login shell.
• The system administrator also has to determine
  which groups a user may access.

30
System Files

• Unix stores user account and group entry
  information in the following system files
• /etc/passwd
• Stores login account entries for authorized
  system users (edit file via useradd, usermod
  userdel).
• /etc/shadow
• Shadow of /etc/passwd, but with encrypted
  passwords
• /etc/group
• Defines the system group entries

31
Steps for Adding a User

• Create new user account via useradd
• (adds new entry into both the /etc/passwd and
  /etc/shadow files)
• Set user password via passwd
• Add user to /etc/group file
• Set quotas (if in effect)

32
useradd defaults

• Format
• useradd -D -g default_group -b default_home
• -f default_inactive -e default_expire_date
• -s default_shell
• The D option is used to list/set useradd
  defaults for account creation
• useradd D
• GROUP100
• HOME/home
• INACTIVE-1
• EXPIRE
• SHELL/bin/bash
• SKEL/etc/skel

33
useradd Creating New Accounts

• useradd without D, creates new user accounts
• useradd -c comment -d home_dir
• -e expire_date -f inactive_time
• -g initial_group -G group,...
• -m -k skeleton_dir -M -p passwd
• -s shell -u uid -o -n -r login
• useradd has many options, but the minimum
  information required is a login name and a real
  name.
• The user's real name is considered a "comment"
  and is given with the -c switch
• useradd -c "President George Bush" gbush

34
Notes on Adding Users

• The new user's home directory is either given
  permission 700 or 711 by default (700 makes the
  home directory invisible to other users, 711
  allows others to list it).
• By default the user belongs to a group that
  consists only of himself (primary group). Or you
  may add the user to other groups that define
  access permissions to other directories.
• When a user is added, his home directory is
  automatically created, with any subdirectories
  and scripts as defined in /etc/skel

35
Defining Sample User Login Files

• /etc/skel contains a "model" for the user's home
  directory
• Create any files required by a typical user, for
  example .profile for a login template
• Example
• ls -l /etc/skel
• total 6
• -rw-r--r-- 1 root sys 138 Mar 3 2002
  local.cshrc
• -rw-r--r-- 1 root sys 607 Dec 22 2001
  local.login
• -rw-r--r-- 1 root sys 596 Mar 3 2002
  local.profile

36
User Account Passwords

• By default, no password is given to a user when
  you use useradd
• You must use the passwd command to supply an
  initial password, which will be encrypted
• Changing password (user may change own password)
• passwd jsmith
• Changing password for user jsmith
• New UNIX password
• Retype new UNIX password
• passwd all authentication tokens updated
  successfully

37
Modifying User Accounts

• usermod can be used to change user account
  settings
• Format (similar to useradd)
• usermod
• usage usermod -u uid -o -g group -G
  group,..
• -d home -m -s shell -c comment -l
  new_name
• -f inactive -e expire -p passwd -L-U
  name
• usermod -s /bin/ksh jsmith

38
Deleting User Accounts

• userdel deletes user accounts from the system
• Format
• userdel -r login
• Option
• - r Removes the user's home directory and all
  files below it from the system.
• Examples
• userdel r jsmith
• userdel mjones

39
User Groups

• groupadd adds a new group (root only)
• Format
• groupadd -g gid group
• Example
• groupadd CS465F08
• Use usermod to add users to the new group
• usermod -G CS465F08 jsmith

40
Communicating with Users

• Broadcast message to ALL users on local host
• wall lt msgfile
• Takes input from stdin if no msgfile is given
  (until CTRL-D)

41
Communicating with Users

• You can also display a message of the day to
  users when they log on
• Edit the file
• /etc/motd
• Can be used to
• Issue announcements
• Warn of scheduled shutdowns
• etc

42

• File System Maintenance

43
Special Files

• Unix treats every device as a file
• Special files can refer to
• floppy disk
• CD-ROM
• hard disk partitions
• etc..
• Special files are located in the /dev directory
• /dev/fd0 first floppy disk
• /dev/hda1 first partition in first hard disk
• -/dev/tty0 first terminal

44
Installing New Devices

• First install the device driver, if necessary
• Second, run mknod to associate a special file
  with the actual hardware device
• Format
• mknod spec-filename cb major minor
• where c character, b block device
• major device class (uses this device driver)
• minor instance within the class
• Example
• mknod /dev/tty0 c 2 0

45
More on Filesystems

• Unix stores files in filesystems
• A filesystem lives in a hard disk partition, on a
  floppy or on a CD-ROM or on a networked computer
• A filesystem must first be created using a
  special command newfs or mkfs or something
  similar
• Before a filesystem can be used it must be mounted

46
Mounting Filesystems

• Only root may mount a filesystem
• The mount command requires two pieces of
  information
• The special file which refers to the device where
  the filesystem lives
• The place to make it appear in the filesystem,
  the mount point
• Format
• mount -t type device directory

47
Mounting Example

• Assuming
• /dev/fd0 refers to a floppy drive
• There already exists a directory called
  /mnt/floppy
• The command
• mount /dev/fd0 /mnt/floppy
• Attaches the floppy filesystem
• A file abc.txt on the floppy is now accessable as
  /mnt/floppy/abc.txt
• The /etc/mtab file contains a list of all
  currently mounted devices

48
Mounting Filesystems
/
/etc
/var
/bin
/tmp
/usr
/mnt
/home
/dev
a file system

• Root file system (/) is mounted at boot time and
  cannot be unmounted
• All other file systems are mounted BELOW the root
• A file system can be mounted to a directory of
  another mounted file system

49
Checking on Mounted Filesystems

• The mount command with no arguments will
  displayed the currently mounted filesystems
• mount
• /dev/hda1 on / type ext3 (rw,errorsremount-ro)
• tmpfs on /lib/init/rw type tmpfs
  (rw,nosuid,mode0755)
• proc on /proc type proc (rw,noexec,nosuid,nodev)
• sysfs on /sys type sysfs (rw,noexec,nosuid,nodev)
• udev on /dev type tmpfs (rw,mode0755)
• tmpfs on /dev/shm type tmpfs (rw,nosuid,nodev)
• devpts on /dev/pts type devpts (rw,noexec,nosuid,g
  id5)
• /dev/sda2 on /usr type ext3 (rw,errorsremount-ro)
  
• /dev/sdb1 on /tmp type ext3 (rw,errorsremount-ro)
  
• /dev/sdb2 on /opt type ext3 (rw,errorsremount-ro)
  

50
Disk Freespace Statistics

• df displays the number of free blocks and the
  number of files in each file system, or a
  particular file system
• Format
• df filesystem

• Examples
• df
• Filesystem 1K-blocks Used Available Use
  Mounted on
• /dev/hda1 2464936 287432 2052288 13
  /
• udev 10240 56 10184 1
  /dev
• /dev/sda2 6823216 2709144 4114072 40
  /usr
• /dev/sdb1 4031664 33108 3793760 1
  /tmp
• /dev/sdb2 4719996 548264 3931964 13
  /opt
• /dev/sdc1 8744304 534828 7765284 7
  /home
• df /dev/sdb1
• Filesystem 1K-blocks Used Available Use
  Mounted on
• /dev/sdb1 4031664 33108 3793760 1
  /tmp

51
Disk Usage Statistics

• du displays disk usage statistics ( of 512k
  blocks)

• Format
• du a filename
• If no filename given, gives usage of each
  directory file in the current directory.
• -a summaries for each file

52
Disk Usage Statistics (2)

• Examples
• du block size of directories in current
  directory
• 8 ./sub1
• 28 ./sub2
• 84 .

du -a block size of each file in current
directory 2 ./bye.c 14 ./greet 2
./hello.c 8 ./sub1 28 ./sub2 84 .
du greet block size of file greet only 14
greet
53
Need for Archive Utilities

• Archive refers to backup (with or without data
  compression)
• Data compression saves disk space / transmission
  time
• Combines multiple files/directory into one file
• Easier to maintain and transfer (download)
• Extra integrity checking (CRC)

54
Archiving for Backup

• Regular backup helps recover from
• Disasters (disk crash / fire / flood)
• Human errors (accidentally deleting files /
  directory)
• Software errors that corrupt data / files
  (including viruses)
• Good idea to keep multiple generations and
  strategic snapshots (e.g. year end / month end)
  of backups
• Backup devices tapes, CDR/CDRW, etc

55
Summary
Archive Restore List Usage Notes
compress uncompress Compress single file
tar cvf tar xvf tar tf Backup multiple files/dirs (designed for tape)
cpio -ocv cpio -icvd cpio -icvt Save to one volume with owners / group (disk-to-disk) For your reference only
dump restore Backs up an entire filesystem, or all files that have changed
56
Archiving files with tar

• Unlike other systems, Unix has one tool for
  archiving multiple files within one file tar
  and another for compressing the archive
  compress
• A compressed tar archive is a common format for
  distributing Unix software
• Look for
• name.tar.Z compressed tar file

57
Using tar

• Archives files to and extracts files from a
  single file called a tar file. Default device for
  a tar file is a magnetic tape.
• Format
• tar keyoptions files-to-archive
• Keys
• c create new archive
• r append files to archive
• u update (only save files if more recent)
• t list contents of archive (or files if
  specified)
• x extract files from archive

58
Using tar (2)

• Format
• tar keyoptions files-to-archive

• Options (note no dash in front of options)
• f filename follows - read from/write to next
  argument (instead of default tar drive)
  Argument of dash (-) uses standard I/O
• v verbose mode lists each file as tar
  processes it

59
Examples of tar usage

• tar cf test.tar /test
• create new archive file, test.tar, comprising the
  entire test subtree
• tar tf test.tar
• list contents of test.tar
• tar tf - test.tar more
• list contents to stdout and pipe to more
• tar xvf test.tar
• extract files (with verify) from archive file

60
tar current directory tree
tar cvf tar1.tar . a ./ 0K a ./secret/ 0K a
./secret/ltr1 1K a ./secret/ltr2 1K

• tar tvf tar1.tar
• tar blocksize 10
• drwxr-xr-x 4110/1501 0 Mar 1 2314 2003 ./
• drwxr-xr-x 4110/1501 0 Mar 1 2314 2003
  ./secret/
• -rw-r--r-- 4110/1501 14 Mar 1 2314 2003
  ./secret/ltr1
• -rw-r--r-- 4110/1501 16 Mar 1 2314 2003
  ./secret/ltr2

NOTE Using relative path (.) allows restoration
anywhere
61
Extracting from a tar archive

• tar xvf tar1.tar
• tar blocksize 10
• x ., 0 bytes, 0 tape blocks
• x ./secret, 0 bytes, 0 tape blocks
• x ./secret/ltr1, 14 bytes, 1 tape blocks
• x ./secret/ltr2, 16 bytes, 1 tape blocks
• tar can't set time on . Not owner

62
Selective restoration from tar archive

• tar xvf tar1.tar ./secret/ltr1
• tar blocksize 10
• x ./secret/ltr1, 14 bytes, 1 tape blocks

tar xvf tar1.tar tar tvf tar1.tar grep
secret tar blocksize 10 x ./secret, 0 bytes,
0 tape blocks x ./secret/ltr1, 14 bytes, 1 tape
blocks x ./secret/ltr2, 16 bytes, 1 tape blocks
63
Compressing Files

• File compression makes a file smaller
• Format
• compress cv filename
• Options
• -c Send output to stdout
• -v Show compression achieved
• Replaces original file with compressed file (.Z
  is added to the filename)

64
Compression Examples

• ls w
• whofile
• compress -v whofile
• whofile Compression 53.55 -- replaced with
  whofile.Z
• ls w
• whofile.Z

ls w whofile compress -cv whofile gt
whofile.compress whofile Compression 53.55
ls w whofile whofile.compress
65
Uncompressing Files

• Format
• uncompress cv filename
• Options
• -c Get input from stdin (instead of .Z file)
• and send output to stdout
• -v Output message saying what was done (only
  works if c NOT used)
• By default, (no c) finds .Z file and
  uncompresses it. Replaces .Z file with original
  file ( no .Z )

66
Uncompression Examples

• ls w
• whofile.compress whofile.Z
• uncompress v whofile
• whofile.Z -- replaced with whofile
• ls -l w
• -rw------- 1 small000 faculty 8428 May 19 1129
  whofile
• -rw------- 1 small000 faculty 3914 Jun 15 1524
  whofile.compress

uncompress -c lt whofile.compress gt who2 ls
w who2 whofile whofile.compress rm
whofile.compress ls w who2 whofile
67
Compressing archives

• Use a pipeline to compress archives
• tar cvf - compress gt test.tar.Z
• Likewise to access a compressed archive
• uncompress -c test.tar.Z tar tf -

68
tar archive with compression

• Use to set tar s output / input to stdout /
  stdin so that compress can process it
• tar cf - . compress gt tar1.tar.Z
• uncompress lt tar1.tar.Z tar tvf -
• tar blocksize 10
• drwxr-xr-x 4110/1501 0 Mar 1 2314 2001 ./
• drwxr-xr-x 4110/1501 0 Mar 1 2314 2001
  ./secret/
• -rw-r--r-- 4110/1501 14 Mar 1 2314 2001
  ./secret/ltr1
• -rw-r--r-- 4110/1501 16 Mar 1 2314 2001
  ./secret/ltr2

69
Restore compressed tar archive

• Use to set tar s output / input to stdout /
  stdin so that compress can process it
• uncompress lt tar1.tar.Z tar xvf -
• tar blocksize 10
• x ., 0 bytes, 0 tape blocks
• x ./secret, 0 bytes, 0 tape blocks
• x ./secret/ltr1, 14 bytes, 1 tape blocks
• x ./secret/ltr2, 16 bytes, 1 tape blocks
• tar can't set time on . Not owner

70
cpio Archives

• cpio creates backup archives with file owner and
  group retained
• cpio needs a list of files to backup from stdin
• Generally use find to feed filenames to cpio
• Format
• cpio o options
• Create archive (out) - Reads stdin for list of
  files and sends archive to stdout
• cpio i options patterns
• Retrieve from archive (in)- Extract files from
  stdin, optionally based on patterns and sends to
  stdout

71
cpio options

• Options
• -a reset access times
• -c create ASCII standard headers for
  compatibility on other machines.
• -d create directories as needed
• -t table of contents
• -u copies older files over newer ones
• -v verbose display files being copied

72
Creating a cpio archive

• Use the o option to create the archive
• find . -print cpio -ov gt /tmp/cpio1
• .
• secret
• secret/ltr1
• secret/ltr2
• 10 block

73
Restoring a cpio archive (-i)
Display contents cpio -ivt lt
/tmp/cpio1 drwxr-xr-x 3 kwchiu cs 0 Mar 1
2314 2001, . drwxr-xr-x 2 kwchiu cs 0 Mar
1 2314 2001, secret -rw-r--r-- 1 kwchiu cs
14 Mar 1 2314 2001, secret/ltr1 -rw-r--r-- 1
kwchiu cs 16 Mar 1 2314 2001, secret/ltr2 10
blocks

• Restore
• cpio -ivd lt /tmp/cpio1
• .
• cpio Existing "secret/ltr1" same age or newer
• cpio Existing "secret/ltr2" same age or newer
• 10 blocks
• 2 error(s)

74
More cpio Examples
Create archive on tape of all files in the proj
subdirectory find proj -print cpio -ocv gt
/dev/rmt8 Create archive in file proj.cpio of
all files in the proj subdirectory find proj
-print cpio -ocv gt proj.cpi Read from archive
file on tape and extract all .c files, creating
directories as needed cpio -icdv ".c" lt
/dev/rmt8
75
dump

• dump backs up a large file system
• Format
• dump levelf dumpfilevwfilesfilesys
• Levels 0 through 10 available levels
• 0 all files
• 1 all files since last 0
• 2 all files since last 0 or 1, etc
• v verify
• w list files that would be backed up (but
  dont do it)

76
restore

• restore retrieves files from a dump file
• Format
• restore -irtx f dumpfile files
• -i interactive shell selects files to restore
• -r restore all files in current directory
• -t table of contents
• -x restore only specified files

77
dump/restore Examples

• Backup all files on disk dev/da3 and verify
• dump 0 v /dev/rmt0 /dev/da3
• Restore all files from /bin in the archive to
  /bin on the system
• pwd
• /bin
• restore r f /dev/rmt0 /bin