Title: Chapter 15 System Administration
1Chapter 15 System Administration
- By C. Shing
- ITEC Dept
- Radford University
2Objectives
- Understand system administrators duty
- Understand the system start up and shutdown
procedures - Understand how to maintain file systems and user
accounts - Understand how to install software and peripheral
devices - Understand how to configure kernel
- Understand how to manage system accounting and
security
3System Admin Duty
- Boot up and shutdown systems
- Maintain and back up system
- Maintain user accounts and system accounting
- Install system and application software
- Install and configure peripheral and kernel
- Maintain network interface and system security
4System Admin Account
- Root user ID is 0
- Hard to correct problems if made mistake
- Become superuser use su utility to create a
child shell of root - sudo provide special privilege for a specific
task
5System Start up
- Power up self test
- Load kernel to RAM
- Kernel start running and initialize itself
- Kernel starts first process PID1(init), then it
spawns child processes (getty) for creating and
maintaining login shell using /etc/inittab to
decide runlevels - Run fsck to check file systems (use sync utility
to fix damaged file systems) - Mount file systems use mount for entries in
/etc/vfstab file - Start daemons
6System Run Level (Mode)
- BSD system in either of the 2 modes
- Single-user create a Bourne shell
- Only / is mounted automatically
- Need manually mount other file systems for system
repair, back-up, kernel reconfiguration - Multi-user
- Start daemons by running boot up file /etc/rc
- Start locally maintained services by running boot
up file /etc/rc.local - Clear files in /tmp
7System Run Level (Mode) (Cont.)
- BSD system in either of the 2 modes
- Multi-user (Cont.)
- Create getty processes for every terminal in
/etc/ttytab file - Start up network services, default mode
- Start login process by replacing getty process
when detect login attempt - Start up shell replaces login shell for
successful login - Store login username in /etc/utmp and login
session in /var/adm/wtmp
8System Run Level (Mode) (Cont.)
- BSD system in either of the 2 modes
- Multi-user (Cont.)
- Logout init process receives SIGCHLD signal
- remove username in /etc/utmp and logout session
in /var/adm/wtmp - Create a new getty process for the freed terminal
9System Run Level (Mode) (Cont.)
- System V in either of the 8 levels
- 0-6 can have own boot-up script for each level
- 0 firmware
- 1 or S for Single-user mode
- 2 muti-user, no network
- 3 multi-user, network
- 4 not used
- 5 shutdown for power off
- 6 reboot
10System Run Level (Mode) (Cont.)
- System V in either of the 8 levels
- Boot-up files are /etc/rc0, /etc/rc1,, /etc/rc6,
/etc/rcS - Run level scripts are in /etc/rc0.d, /etc/rc1.d,
, /etc/rc3.d, /etc/rcS.d - Start up script name begins with S
- Shutdown script name begins with K
- All process management scripts are in /etc/init.d
directory
11System Shutdown
- shutdown option time message
- Option h halt
- r reboot
- Time now shutdown immediately
- minutes within minutes
- hoursminutes within hours and minutes
- Example
- shutdown h now
12System Shutdown (Cont.)
- halt
- reboot
- sync
- update super-block
13Maintain File System
- fsck p filesystem
- Automatically correct inconsistency on filesystem
- Free block also inode
- Used block but not inode
- More than 1 inodes reference 1 block
- Wrong block number
- Wrong inode link count
- Inode not in any directory
14Maintain File System (Cont.)
- df -k filesystem
- Report in 1K block the disk space used/available
for the mounted filesystem - Example
- df -k
15Maintain File System (Cont.)
- du -option filename
- Option k 1K block
- s size only
- Report in 1K block the disk usage for the
filename recursively down to subdirectories - Example
- du k .
16Maintain File System (Cont.)
- quota -v username
- Display usernames disk quota
- Example
- quota
17Maintain File System (Cont.)
- format -d diskname -p partition
- Format partition on diskname
- Disk partition rule
- Swap space 2 to 2.5 RAM size
- Partitions needed /, /usr, /var, /tmp,
- /export through NFS, /opt
18Maintain File System (Cont.)
- Old Red Hat server partition recommendation (128
MB RAM) - / 256 MB
- Swap 256 MB
- /usr 512 MB
- /boot 16 MB
- /home user accounts 512 MB
- /var server log for a long time
- /tmp or link to /var/tmp
- Note combine partition space if not needed
19Maintain File System (Cont.)
- Red Hat Home server partition recommendation CPU
Pentium III 800 MHz (512MB RAM) w GeForce 2 MX
(VRAM 32 MB), 320GB - /
- swap 1 GB
- /usr 2-5GB
- /boot 100 MB
- /home user accounts 160 GB
- /var server log for a long time 100 GB
- /tmp or link to /var/tmp
- Note combine partition space if not needed
20Maintain File System (Cont.)
- Old Red Hat client partition recommendation (32
MB RAM) - Swap 64 MB
- /boot 16 MB
- / rest
21Maintain File System (Cont.)
- Red Hat Home partition recommendation CPU
Pentium II 500 (128 MB RAM, 40 GB disk) - swap 256 MB, logical partition
- /boot 100 MB, primary partition
- / 10 GB, primary partition
- /home 5 GB, primary partition
- Reserve 20 GB
22Maintain File System (Cont.)
- Solaris server partition recommendation
(Dedicated server) - /
- Swap
- /usr shared system files
- /opt larger for NFS service
- /export
- /export/home holds user accounts
- /export/swap for serve diskless client
- /var server log for a long time
- /tmp or link to /var/tmp
- Note combine partition space if not needed
23Maintain File System (Cont.)
- Solaris client partition recommendation
- /
- Swap
- /usr
- /opt if local optional software used
- /var client log for a long time
- /tmp if user or application use this a lot
- /home if workstation contains user accounts
- Note combine partition space if not needed
24Maintain File System (Cont.)
- mkfs newfilesystem sectornumber
- Create a newfilesystem (with sectornumber
sectors) - newfs newfilesystem devicetype
- Invoke mkfs using sectornumber specified by the
devicetype in /etc/device.tab
25Manage User Accounts
- Add user entry in /etc/shadow and /etc/passwd
files - Use vipw command to edit
- Change password using passwd command
- Add group entry in /etc/group file
- Create home directory for the user
- Set up owner, group and directory permissions
- Provide start up files
- .login and .cshrc files for start-up tc shell
26Install Software Configure Kernel
- Deposit/Download software in appropriate
directory - Solaris under /
- /kernel Unix kernel (e.g. /kernel/genunix has
about 1.5 MB) - /bin, /usr/bin Unix utilities, built-in commands
- /sbin system binaries
- /dev device files
- /lib essential libraries
- /usr/lib libraries for C, FORTRAN, etc
- /var/log log files
- /var/adm admin log files
27Install Software Configure Kernel (Cont.)
- Deposit/Download software in appropriate
directory - Solaris under / (Cont.)
- /etc admin files, start-up files, configuration
files - /opt optional system software
- /proc pseudo file systems, contains managing
process information - User application under /usr/local, often a mount
point for other file systems - /usr/local/bin local software binary
28Install Software Configure Kernel (Cont.)
- Modify configuration file for your environment
- Use config utility to recompile kernel and create
makefile for the architecture if not provided - Run make utility to produce executable file for
the software - Reboot the system
29Install Software Configure Kernel (Cont.)
- Example Install Kerberos 5 On Red Hat Linux
- cd /usr/local/bin
- mkdir kerberos cd kerberos
- Now, download Kerberos 5 from web
- tar -xzf krb5-1.3.1.tar.gz
- This uncompress and untar the file
- ./configure --without-krb4
- This recompiles kernel and create a makefile
to exclude Kerberos 4 support - make
- This compiles necessary system files for
Kerberos 5 - make install
- This creates executables and puts them in
the right directories
30Install Peripheral Devices
- Install device driver
- Find major and minor number of the device
- Associate the device with device driver
- mknod devicename option majornumber minornumber
- Option b block device
- c character device
31Install Peripheral Devices (Cont.)
- Example
- mknod /dev/disk1 b 4 0
- disk is a block device
32Install Peripheral Devices (Cont.)
- Terminal files
- /etc/termcap (/etc/terminfo) complete terminal
information - /etc/ttydefs define terminal baud rate
33Manage Network Devices
- ifconfig utility to configure network interface
- Ifconfig interfacename ip-address netmask
up/down - assign ip-address to interfacename and
running/shutdown - Route utility to manually manage routing table
- route add/delete ip-address netmask gateway
- create/delete an entry to ip-address in the
routing table
34Manage Network Devices (Cont.)
- netstat -r
- display routing table
35Manage System Accounting and Security
- acct
- Display accounting information
- System usages store in /etc/adm/acct directory,
use sa utility - Login/logout information stored in /usr/adm/wtmp
file, use ac and last utilities
36Manage System Accounting and Security (Cont.)
- Security
- Disable unused ports
- Disable commands/methods that avoid password
- rlogin, rsh
- Disable utilities with known security problem
- ping, finger
- Do not log on root account unless necessary
- Logon your regular account and use su utility to
get super-user privilege - Watch files with SUID and SGID set
- /tmp has sticky bit set only owner can modify or
delete files - Use secure protocols
- Use secure telnet to replace telnet
37Misc.
- uname a
- Prints system information
- dmesg
- Display system diagnostic information such as
memory, devices
38Reference
- Ch. 15
- Ch. 2 3 of Nemeth etl.