Unix System Administration PDF

**Introduction to System Administration and the UNIX Way** **Managing User Accounts and Groups (Overview) And Essential Administrative Tools and Techniques** Exam type **Test I: Multiple Choice Question (1-40)** **Test II: Identification (1-5)** **Test II: Identification (6-10)** **Test III: Enumeration** **Test IV Essay** Pointers Review the following 1. What is this **\$ smit -s /dev/null -l /dev/null command meaning in a Unix System?** 2. *crfs meaning in Unix Sytems* 3. Permission in UNIX Linux 4. What command in the Unix system can message to all users? 5. What command can you use in changing directory in windows 6. numeric file modes permissions in unix system 7. range of UIDs 8. Seven main functions and characteristics of the **/etc/shadow file** in a Unix system. 9. **aspects highlighting the importance of user names in UNIX.** In Unix-based operating systems, directory protection, or directory permissions, are used to control access to directories. Directory permissions work similarly to file permissions but are applied to directories instead. They determine who can perform various actions within a directory, such as listing its contents, creating files within it, and deleting files from it. Unix directory permissions are represented by a series of symbols or octal values. Here are the primary directory permissions and their meanings **Read (r)**: If a user has read permission for a directory, they can view the list of files and subdirectories within that directory. They can also access the metadata (like file names and sizes) of the files and directories. **Write (w)**: Write permission allows a user to create, delete, or modify files and subdirectories within a directory. This permission also enables users to rename files within the directory. **Execute (x)**: Execute permission on a directory allows a user to traverse (i.e., enter) the directory. Without execute permission, even if a user has read permission, they won\'t be able to access files or subdirectories within the directory. Execute permission is also necessary to perform any actions within subdirectories. Unix directories have three sets of permissions, just like files: **Owner permissions**: These permissions apply to the user who owns the directory. **Group permissions**: These permissions apply to the group associated with the directory. **Others permissions**: These permissions apply to all other users on the system who are not the owner and not in the group. The permission settings for a directory are typically displayed when you use the ls -l command. For example: drwxr-xr-x 2 user1 group1 4096 Sep 12 10:00 my\_directory In this example: **drwxr-xr-x:** The first character \'d\' indicates that it\'s a directory. The following three sets of \'rwx\' represent the owner\'s, group\'s, and others\' permissions, respectively. **2:** The number of subdirectories or hard links within the directory. **user1**: The owner of the directory. **group1:** The group associated with the directory. To change directory permissions, you can use the **chmod** command, specifying the desired permissions in symbolic or octal notation. For example: shCopy code chmod 755 my\_directory This command sets read, write, and execute permissions for the owner (7), and read and execute permissions for the group and others (5). **File Protection** File modes are set with the chmod command; we'll look at chmod after discussing the file protection concepts it relies on. Once ownership is set up properly, the next natural issue to consider is how to protect files from unwanted access (or the reverse: how to allow access to those people who need it). **Types of file and directory access** Unix supports three types of file access: read, write, and execute, designated by the letters r, w, and x, respectively. Table 2-1 shows the meanings of those access types. In contrast, if you want to run any command lists or use files in the directory via an explicit or implicit wildcard---e.g., ls without arguments or cat.dat---you do need read access to the directory file itself to expand the wildcards. Thus, to cd to a directory, you need only execute access since you don't need to be able to read the directory file itself. ![](media/image2.png) Note especially that write access on a file is not required to delete it; write access to the directory where the file resides is sufficient (although in this case, you'll be asked whether to override the protection on the file): \$ rm copper rm: override protection 440 for copper? y If you answer yes, the file will be deleted (the default response is no). For example, when you don't have access to any of the component files, you still need only read access to a directory in order to do a simple ls; if you include -l (or any other option that lists file sizes), you also need execute access to the directory. ![](media/image4.png) **Access classes** *User access (u)* Access granted to the owner of the file. *Group access (g)* Access granted to members of the same group as the group owner of the file (but does not apply to the owner himself, even if he is a member of this group). *Other access (o)* Access granted to all other normal users. The long version of the ls command also displays file permissions in addition to user and group ownership: **\$ ls -l** -rwxr-xr-x 1 root system 120 Mar 12 09:32 bronze -r\--r\--r\-- 1 chavez chem 84 Feb 28 21:43 gold -rw-rw-r\-- 1 chavez physics 12842 Oct 24 12:04 platinum The set of letters and hyphens at the beginning of each line represents the file's mode. The 10 characters are interpreted as indicated in Table 2-4. ![](media/image6.png) On the file bronze, the owner---in this case, root---is allowed read, write, and execute access, while all other users are allowed only read and execute access. Finally, for the file platinum, the owner (chavez) and all members of the group physics are allowed read and write access, while everyone else is granted only read access. **Setting file protection** The chmod command is used to specify the access mode for files: **\$ chmod access-string files** To create an access string, you choose one or more codes from the access class column, one operator from the middle column, and one or more access types from the third column. Thus, to add write access for yourself for a file you own (lead, for example), use: **\$ chmod u+w lead** To add write access for everybody, use the all access class: **\$ chmod a+w lead** To remove write access, use a minus sign instead of a plus sign: **\$ chmod a-w lead** This command sets the permissions on the file lead to allow only read access for all users **\$ chmod a=r lead** If execute or write access had previously been set for any access class, executing this command removes it Thus, the following command adds write access for the file owner and removes write access and adds read access for the group and other classes for the files bronze and brass: **\$ chmod u+w,og+r-w bronze brass** The chmod command supports a recursive option (-R), to change the mode of a directory and all files under it. For example, if user chavez wants to protect all the files under her home directory from everyone else, she can use the command: **\$ chmod -R go-rwx /home/Chavez** **Beyond the basics** For example, this command prevents any access to the file lead by anyone other than its owner: \$ chmod go= lead Similarly, the form chmod = may be used to remove all access from a file (subject to constraints on some systems, to be discussed shortly). A typical use for this access type is to grant group or other read and execute access to all the directories and executable files within a subtree while granting only read access to all other types of files (the first group will all presumably have user execute access set). For example, the following command grants read access to all users for the current directory and every file under it: \$ chmod -R +r **For example:** **\$ ls -lF** -rw\-\-\-\-\-\-- 1 chavez chem609 Nov 29 14:31 data\_file.txt drwx\-\-\-\-\-- 2 chavez chem512 Nov 29 18:23 more\_stuff/ -rwx\-\-\-\-\-- 1 chavez chem161 Nov 29 18:23 run\_me\* **\$ chmod go+rX \*** **\$ ls -lF** -rw-r\--r\-- 1 chavez chem609 Nov 29 14:31 data\_file.txt drwxr-xr-x 2 chavez chem512 Nov 29 18:23 more\_stuff/ -rwxr-xr-x 1 chavez chem161 Nov 29 18:23 run\_me\* If you like thinking in octal, or if you've been around Unix a long time, you may find numeric modes more convenient than incantations like go+rX. For example, this command makes the other access the same as the current group access for each file in the current directory: **\$ chmod o=g \*** **Specifying numeric file modes** Each access triad (for a different user class) is converted to a single digit by setting each individual character in the triad to 1 or 0, depending on whether that type of access is permitted or not, and then taking the resulting three-digit binary number and converting it to an integer (which will be between 0 and 7). To set the protection on a file to match those above, you specify the numeric file mode 754 to chmod as the access string: ![](media/image8.png) **Specifying the default file mode** If masks confuse, you can compute the umask value by subtracting the numeric access mode you want to assign from 777. Its argument is a three-digit numeric mode that represents the access to be inhibited---masked out---when a file is created. **\$ umask 023** You usually put a umask command in the system-wide login initialization file and in the individual login initialization files you give to users when you create their accounts (see Chapter 6). **% chmod +rx \*** In such cases, the current umask is taken into account before the file access mode is changed. More specifically, an individual access permission is not changed unless the umask allows it to be set. It takes a concrete example to fully appreciate this aspect of chmod: **\$ umask** *Displays the current value.* 23 **\$ ls -l gold silver** \-\-\-\-\-\-\-\-\-- 1 chavez chem 609 Oct 24 14:31 gold -rwxrwxrwx 1 chavez chem 12874 Oct 22 23:14 silver **\$ chmod +rwx gold** **\$ chmod -rwx silver** **\$ ls -l gold silver** -rwxr-xr\-- 1 chavez chem 609 Nov 12 09:04 gold \-\-\-\--w\--wx 1 chavez chem 12874 Nov 12 09:04 silver The second chmod command clears only those access bits that are permitted by the umask; in this case, write access for group and write and execute access for other remain turned on. **Special-purpose access modes** The simple file access modes described previously do not exhaust the Unix possibilities. Table 2-5 lists the other defined file modes. When the set user ID (setuid) or set group ID (setgid) access mode is set on an executable file, processes that run it are granted access to system resources based upon the file's user or group owner, rather than based on the user who created the process. For files, this traditionally told the Unix operating system to keep an executable image in memory even after the process that was using it had exited. **Save-text access on directories** If the sticky bit is set on a directory, a user may only delete files that she owns or for which she has explicit write permission granted, even when she has write access to the directory (thus overriding the default Unix behavior). The sticky bit is set using the user access class. For example, to turn on the sticky bit on /tmp, use this command: **\# chmod u+t /tmp** Oddly, Unix displays the sticky bit as a "t" in the other execute access slot in long directory listings: **\$ ls -ld /tmp drwxrwxrwt 2 root 8704 Mar 21 00:37 /tmp** **Setgid access on directories** When this mode is set, it means that files created in that directory will have the same group ownership as the directory itself (rather than the user owner's primary group), emulating the default behavior on BSD-based systems (FreeBSD and Tru64). To place setgid access on a directory, use a command like this one: **\# chmod g+s /pub/chem2** **Numerical equivalents for special access modes** The special access modes can also be set numerically. They are set via an additional octal digit prepended to the mode whose bits correspond to the sticky bit (lowest bit: 1), setgid/file locking (middle bit: 2), and setuid (high bit: 4). Here are some examples: **\# chmod 4755** uid *Setuid access* **\# chmod 2755** gid *Setgid access* **\# chmod 6755** both *Setuid and setgid access: 2 highest bits on* **\# chmod 1777** sticky *Sticky bit* **\# chmod 2745 locking** *File locking (note that group execute is off)* **\# ls -ld** -rwsr-sr-x 1 root chem 0 Mar 30 11:37 both -rwxr-sr-x 1 root chem 0 Mar 30 11:37 gid -rwxr-Sr-x 1 root chem 0 Mar 30 11:37 locking drwxrwxrwt 2 root chem 8192 Mar 30 11:39 sticky -rwsr-xr-x 1 root chem 0 Mar 30 11:37 uid **How to Recognize a File Access Problem** My company ultimately had to send out a debugging version of the editor, and the culprit turned out to be /dev/null, which the system administrator had decided needed protecting against random users! If you suspect a file protection problem, try running the command or program as root. My first rule of thumb about any user problem that comes up is this: it's usually a file ownership or protection problem. Seriously, though, the majority of the problems users encounter that aren't the result of hardware problems really are file access problems. This caused the ownership on the directory to be set to root.\* Since this happened in the directory used by UUCP (the Unix-to-Unix copy facility), and correct file and directory ownership are crucial for UUCP to function, what at first seemed to be an innocuous change to an inconsequential file broke an entire Unix subsystem. **Mapping Files to Disks** The symbolic link appears as a separate entry in directory listings, marked as a link with an "l" as the first character in the mode string: % ls -l -rw\-\-\-\-\-\-- 2 chavez chem 5228 Mar 12 11:36 index -rw\-\-\-\-\-\-- 2 chavez chem 5228 Mar 12 11:36 hlink lrwxrwxrwx 1 chavez chem 5 Mar 12 11:37 slink -\> index Symbolic links are always very small files, while every hard link to a given file (inode) is exactly the same size (hlink is naturally the same length as index). - Using ls to identify file types The long directory listing (produced by the ls -l command) identifies the type of each file it lists via the initial character of the permissions string: For example, the following ls -l output includes each of the file types discussed above, in the same order: -rw\-\-\-\-\-\-- 2 chavez chem 28 Mar 12 11:36 gold.dat -rw\-\-\-\-\-\-- 2 chavez chem 28 Mar 12 11:36 hlink.dat drwx\-\-\-\-\-- 2 chavez chem 512 Mar 12 11:36 old\_data lrwxrwxrwx 1 chavez chem 8 Mar 12 11:37 zn.dat -\> gold.dat brw-r\-\-\-\-- 1 root system 0 Mar 2 15:02 /dev/sd0a crw-r\-\-\-\-- 1 root system 0 Jun 12 1989 /dev/rsd0a srw-rw-rw- 1 root system 0 Mar 11 08:19 /dev/log prw\-\-\-\-\-\-- 1 root system 0 Mar 11 08:32 /usr/lib/cron/FIFO Note that the -l option also displays the target file for symbolic links (following the --\> symbol). Comparing hard and symbolic links When index is deleted: N1 N2 hlink slink unaffected points nowhere (disk) N1 N2 index hlink slink same data as index points to index The file index has both a hard and symbolic link: - Inode - Data Block If a new index is created: N1 N2 index hlink slink no relation to index points to index N3 context-dependent symbolic links (CDSLs). - Here is an example: \# file \* appoint: \... executable not stripped bin: directory clean: symbolic link to bin/clean fort.1: empty gold.dat: ascii text intro.ms: \[nt\]roff, tbl, or eqn input text run\_me.sh: commands text xray.c: ascii text The file appoint is an executable image; the additional information provided for such files differs from system to system **Processes** Getty (and similar) sync Disk buffer flushing update, syncd, syncher, fsflush, bdflush, kupdated paging and swapping Daemons to support virtual memory management pagedaemon, vhand, kpiod, pageout, swapper, kswapd, kreclaimd inetd Master TCP/IP daemon, responsible for starting many others on demand: telnetd, ftpd, rshd, imapd, pop3d, fingerd, rwhod (see/etc/inetd.conf for a full list) inetd name resolution DNS server process named routing Routing daemon routed, gated DHCP Dynamic network client configuration dhcpd, dhcpsd RPC Remote procedure call facility network port-to-service mapper portmap, rpcbind NFS Network File System: native Unix network file sharing nfsd, rpc.mountd, rpc.nfsd, rpc.statd, rpc.lockd, nfsiod Samba File/print sharing with Windows systems smbd, nmbd WWW HTTP server httpd network time Network time synchronization timed, ntpd Table 2-7. For example, the disk partition containing the root filesystem traditionally corresponded to the special files /dev/disk0a and /dev/rdisk0a, specifying the first partition on the first disk (disk 0, partition a), accessed in block and raw mode respectively, with the r designating raw device access. Naturally, the command to mount a disk partition needs to specify the physical disk partition to be mounted (mount's first argument) and the location to place it in the filesystem, its mount point (the second argument).\* Thus, the first command makes the files in the first partition on drive 0 available, placing them at the root of the Unix filesystem. Like the overall Unix filesystem, the files and directories physically located on each disk partition are arranged in a tree structure. An integral part of the process of mounting a disk partition involves grafting its local directory structure into the overall Unix directory tree. **The Root Directory** This is the base of the filesystem's tree structure; all other files and directories, regardless of their physical disk locations, are logically contained underneath the root directory There are a variety of important first-level directories under the / directory. */bin* */dev* */etc and /sbin* */home* */lib* */lost+found* */mnt* */opt* */proc P* */stand* */tcb* */tmp* */usr* */var* **The /usr Directory** The directory /usr contains a number of important subdirectories: /usr/bin /usr/include /usr/lib /usr/local /usr/sbin /usr/share /usr/share/man **The /var Directory** As we noted, the /var directory tree holds data that changes over time. These are its most important subdirectories: */var/adm* */var/cron, /var/new* **UNIX**- Unix is a family of multitasking, multiuser computer operating systems that derive from the original AT&T Unix, whose development started in the 1970s at the Bell Labs research center by Ken Thompson, Dennis Ritchie, and others **RED HAT LINUX-** Red Hat Enterprise Linux is a Linux distribution developed by Red Hat for the commercial market. Red Hat Enterprise Linux is released in server versions for x86-64, Power ISA, ARM64, and IBM Z and a desktop version for x86-64 **SYSTEM MAINTENANCE:** System maintenance is an umbrella term that encompasses various forms of computer maintenance needed to keep a system running. The two main components of system maintenance are preventive and corrective maintenance.

Unix System Administration PDF

Document Details

Tags

Related

Summary

Full Transcript

Upgrade to continue