08 – Essential System Management
December 5, 2009 – 10:16 pmPlease note… This information no longer exists at the referenced locations. This is only a copy of what was available in 2003.
Basic Linux Training™
Essential System Management
Henry White
Table of Contents
Your New Job Description
You now have new responsibilities as the system administrator for your new Linux installation.
Actually, once the system is installed and you tweak the configuration to suit your needs, Linux pretty much runs itself. Your main duties will be routine tasks – like managing accounts (you may want to create accounts for other users), backups (let a cron job do it), upgrading (which we’ll cover in the next lesson), and some other one time or occasional tasks.
Of course, emergencies can and do happen. If you understand something about where your configuration files are and what they do, you’re way ahead of the game. This is when you may need that vmlinuz floppy to boot Linux. Also, knowing which configuration files you can edit directly and which have to be created through a utility program will save you an enormous amount of grief when you’re under the gun to get your system up and running again.
Redirecting the standard output stream will come in very handy when you need to send e-mail or post on newsgroup to get some help. You should experiment around with this to familiarize yourself with it before you need it. (The information in Running Linux on page 98 is very basic, and there is some additional information in Linux in a Nutshell on page 137.)
There are two output streams from most Unix/Linux programs: stdout (standard output) and stderr (standard error). Both these streams can be redirected to a file as follows:
- to redirect both the stdout and stderr use the greater than sign with the ampersand
gcc invinitjig.c >& error-msg
- using the Bourne shell and bash you can also use
gcc invinitjig.c &> error-msg
- to save the error messages and discard the regular output
gcc invinitjig.c 2> error-msg
The shell arbitrarily assigns the number 1 to the standard output and 2 to the standard error.
After you have booted up successfully, you might want to take a look at the boot messages more carefully. You can issue the command dmesg to display it on screen, or redirect it to a file using dmesg > filename. You can also scroll back using Shift+PageUp; not to be confused with CTRL+PageUp inside some editors.
Some other useful commands that you should be familiar with are:
- runlevel – display current and previous run levels
- telinit – change run level
- du – disk usage
- df – free space
- free – memory usage
- ps – active processes
- kill – kill (stop) a process
- sync – write filesystem buffers to disk (to ensure filesystem integrity)
- clear – clear display screen
- reset – clear terminal
- env – display current environment
- shutdown – terminate all processes
- halt – (see man pages; this is similar to shutdown, but dependent upon run level and options chosen)
Check these in your man pages, or Linux in a Nutshell. This is just a handful of the hundreds of commands available.
passwd
The information about users in /etc/passwd takes the form:
username:password(encrypted):UID:GID:GECOS:homedirectory:shell
Only use this file to check for current user information. Don’t edit this file to add new users.
Adding an account is relatively easy. Use the adduser command.
Deleting an account is much more involved, and it is usually better to simply disable the account by adding an asterisk (*) before the password for that user in /etc/passwd. Later, when you have time, you will have to remove the user’s home directory, delete the user from any group files, kill any cron or at jobs the user has running, delete the user’s mail file in /etc/spool/mail and, of course, remove the user’s entry from /etc/passwd.
Note:If you have shadow passwords enabled, you’ll have to use /etc/shadow instead to disable the password. Using shadow is not necessarily the default, but highly recommended – especially on multi-user systems where security is paramount.
Since the passwords are encrypted, forgetting your password will mean you have to boot the system from a floppy, mount the /root partition, remove the existing password from /etc/passwd. Reboot from hard disk, login as root user, and create a new password using the passwd command.
Take a look at this basic password file (which is more or less typical for stand-alone computers):
root::0:0:root:/root:/bin/bash bin:*:1:1:bin:/bin: daemon:*2:2:daemon:/sbin: adm:*:3:4 adm:/var/adm: lp:*:4:7:lp:/var/spool/lpd: sync:*:5:0:sync:/sbin:/bin/sync shutdown:*:6:0:shutdown:/sbin:/sbin/shutdown halt:*:7:0:halt:/sbin:/sbin/halt mail:*:8:12:mail:/var/spool/mail: news:*:9:13:news:/usr/lib/news: uucp:*:10:14:uucp:/var/spool/uucppublic: operator:*:11:0:operator:/root:/bin/bash games:*:12:100:games:/usr/games: man:*:13:15:man:/usr/man: postmaster:*:14:12:postmaster:/var/spool/mail:/bin/bash nobody:*:-2:100:nobody:/dev/null: ftp:*:404:1::/home/ftp:/bin/bash guest:*:405:100:guest:/dev/null:/dev/null henryw:Oi.UVcBA9I/Hg:501:100:Henry White:/home/henryw:/bin/bash
Not too many real, live, flesh and bone users, are there?
group
The group file in /etc/group takes the form:
groupname:password:GID:user1,...,usernn
Note that if there is no password, you still have to enter the extra colon in the file.
A basic group file looks like this:
root::0:root bin::1:root,bin,daemon daemon::2:root,bin,daemon sys::3:root,bin,adm adm::4:root,adm,daemon tty::5: disk::6:root,adm lp::7:p mem::8: kmem::9: wheel::10:root floppy::11:root mail::12:mail news::13:news uucp::14:uucp man::15:man users::100:games nogroup::-2:
at, batch, cron
When you have a job you want to run at a specific time, you can use at if it’s an one time procedure.
Using the at command is very simple: issue the at command and specify the time of execution, press Enter then the command, Enter and Ctrl-D.
The batch command combines commands and runs with a lower priority than running them in the background. Unlike background tasks which are killed when you log off the system, batch commands continue until the system is shutdown. Another important difference is that background tasks will interrupt you for output or confirmation; batch will send this to you as a mail message.
For repetitive procedures, you will use cron.
To use cron, you first create a text file (with any name other than crontab) with six fields separated by a space. The first five fields are: minute, hour, day of the month, month, day of the week; the sixth field is the command to be run. You can use asterisks ( * ) to indicate commands are to be run in every instance of the field. Also note that days of the week begin with 0 for Sunday, and that times are specified in 24 hour format. You can also specify ranges rather than specific days and times; use a hyphen ( – ) if the range is inclusive or commas ( , ) if it is not. After creating the file, install it by using the crontab command – this will create and install the cron file and save a copy of the original under your username in /usr/lib/crontab. If you want to modify your cron configuration, edit this copy of the original file, then install it using crontab as before. If you want to remove the file use crontab -r.
motd
One of the system scripts (/etc/rc.S) creates new /etc/motd and /etc/issue messages based on the name of the kernel running your system. If you want to use your own message files, you’ll have to comment out the lines in this script that create the new files, otherwise your messages will be overwritten during boot.
The rc.S looks like this:
#!/bin/sh # # /etc/rc.d/rc.S: System initialization script. # # Mostly written by: Patrick J. Volkerding,<volkerdi@ftp.cdrom.com> # PATH=/sbin:/usr/sbin:/bin:/usr/bin # enable swapping /sbin/swapon -a # Start update. /sbin/update & # Test to see if the root partition is read-only, like it ought to be. READWRITE=no if echo -n >>: "Testing filesystem status"; then rm -f "Testing filesystem status" READWRITE=yes fi # Check the integrity of all filesystems if [ ! $READWRITE = yes ]; then /sbin/fsck -A -a # If there was a failure, drop into single-user mode. if [ $? -gt 1 ] ; then echo echo echo "**************************************" echo "fsck returned error code - REBOOT NOW!" echo "**************************************" echo echo /bin/login fi # Remount the root filesystem in read-write mode echo "Remounting root device with read-write enabled." /sbin/mount -w -n -o remount / if [ $? -gt 0 ] ; then echo echo "Attempt to remount root device as read-write failed! This is going to" echo "cause serious problems... " echo echo "If you're using the UMSDOS filesystem, you **MUST** mount the root partition" echo "read-write! You can make sure the root filesystem is getting mounted " echo "read-write with the 'rw' flag to Loadlin:" echo echo "loadlin vmlinuz root=/dev/hda1 rw (replace /dev/hda1 with your root device)" echo echo "Normal bootdisks can be made to mount a system read-write with the rdev command:" echo echo "rdev -R /dev/fd0 0" echo echo "You can also get into your system by using a bootkernel disk with a command" echo "like this on the LILO prompt line: (change the root partition name as needed)" echo echo "LILO: mount root=/dev/hda1 rw" echo echo "Please press ENTER to continue, then reboot and use one of the above methods to" echo -n "get into your machine and start looking for the problem. " read junk; fi else echo "Testing filesystem status: read-write filesystem" if [ ! -d /DOS ]; then # no warn for UMSDOS (kind of a bad test, but...) cat << EOF *** ERROR: Root partition has already been mounted read-write. Cannot check! For filesystem checking to work properly, your system must initially mount the root partition as read only. Please modify your kernel with 'rdev' so that it does this. If you're booting with LILO, add a line: read-only to the Linux section in your /etc/lilo.conf and type 'lilo' to reinstall it. If you boot from a kernel on a floppy disk, put it in the drive and type: rdev -R /dev/fd0 1 If you boot from a bootkernel disk, or with Loadlin, you can add the 'ro' flag. This will fix the problem *AND* eliminate this annoying message. :^) EOF echo -n "Press ENTER to continue. " read junk; fi fi # remove /etc/mtab* so that mount will create it with a root entry /bin/rm -f /etc/mtab* /etc/nologin /var/run/utmp \ /etc/shutdownpid /var/run/*.pid # mount file systems in fstab (and create an entry for /) # but not NFS because TCP/IP is not yet configured /sbin/mount -avt nonfs # Looks like we have to create this. cat /dev/null > /var/run/utmp # Configure the system clock. # This can be changed if your system keeps GMT. if [ -x /sbin/clock ]; then /sbin/clock -s fi # Setup the /etc/issue and /etc/motd to reflect the current kernel level: # THESE WIPE ANY CHANGES YOU MAKE TO /ETC/ISSUE AND /ETC/MOTD WITH EACH # BOOT. COMMENT THEM OUT IF YOU WANT TO MAKE CUSTOM VERSIONS. echo > /etc/issue echo Welcome to Linux `/bin/uname -a | /bin/cut -d\ -f3`. >> /etc/issue echo >>: /etc/issue echo "`/bin/uname -a | /bin/cut -d\ -f1,3`." > /etc/motd # This loads any kernel modules that are needed. These might be required to # use your CD-ROM drive, bus mouse, ethernet card, or other optional hardware. if [ -x /etc/rc.d/rc.modules ]; then . /etc/rc.d/rc.modules fi # Initialize PCMCIA devices: if [ -x /etc/rc.d/rc.pcmcia ] ; then . /etc/rc.d/rc.pcmcia start fi # Run serial port setup script: # (CAREFUL! This can make some systems hang if the rc.serial script isn't # set up correctly. If this happens, you may have to edit the file from a # boot disk) # # . /etc/rc.d/rc.serial
The /etc/motd script looks like this:
Linux heddy 2.2.15 #1 Sat May 13 10:22:03 EST 2000 i486 unknown
Most of the programs included with the Debian GNU/Linux system are
freely redistributable; the exact distribution terms for each program
are described in the individual files in /usr/doc/*/copyright
Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
You have mail.
/home/henryw>
The /etc/issue script looks like this:
Debian GNU/\s 2.2 \n \l
heddy login:
which shows up on screen as on the first console as
Debian GNU/Linux 2.2 heddy tty1
heddy login:
where heddy is the machine name
Assignments
Terms and Concepts:
Define and add these to your glossary:
- /boot
- /boot/map
- /dev
- /etc/skel
- account
- active partition
- backups
- e2fsck
- file ownership
- file permissions
- image stanza
- init
- initialize
- LILO parameters
- login
- mknod
- performance tuning
- privacy
- rdev
- recompiling
- root account
- root user
- secondary boot loader
- shutdown
- single-user mode
- su
- system administration
- system configuration
- system maintenance
- upgrade
- user
On-line:
Continue with the tutorials:
- http://blt.basiclinux.net/files/unixhelp/ – UNIXhelp for Users
- http://www-wks.acs.ohio-state.edu/unix_course/intro-1.html – Introduction to Unix and add this to your list
- http://www.tldp.org/LDP/sag/index.html – Linux System Administrators’ Guide
Copyright © 1997-2003 Henry White. All Rights Reserved.
Reproduction or redistribution without prior written consent is strictly prohibited. Address comments and inquiries to info@basiclinux.net.
Sorry, comments for this entry are closed at this time.