How to Administer Linux: The Basics

Last updated: 1 Nov 2008

Overview

Overview of Linux and system administration; hands-on experience with basic administration tasks; testing results

Workshop Duration

2 hrs.

Student Prerequisites

use of Unix/Linux

Student Provides

nothing

Lab Provides
Preparation
  1. Fresh installation of Fedora to x cloned disks
  2. Disk drives inserted and locked into computers
  3. Setup root account with password
Delivery
  1. What is System Administration?
    1. Defining system
    2. Adding/removing/updating hardware and software
    3. Configuring hardware, software, file systems, etc.
    4. Ensuring data integrity
    5. Managing user accounts/helping users
    6. Managing resources
    7. Handling problems
    8. Monitoring operation
      • Security
      • Performance
      • Functionality
    9. Interfacing with other systems
    10. Defining and enforcing policies
  2. Basic vs. Advanced Administration
    1. Basic
      1. single user
      2. sharing/fairness not an issue
      3. downtime is acceptable (no 24x7 requirement)
      4. no limits
      5. no policy
    2. Advanced
      1. multiple users
      2. need reasonable response
      3. rely on network for email, files, logins
      4. often create or encounter problems
      5. want to connect to other systems
      6. often attempt to subvert policies
      7. not skilled in computing
      8. advanced topics: DNS,NFS,NIS,httpd,sendmail,LDAP,NTP,etc.
  3. Focus of Workshop
    1. Understand Linux design and operation
    2. Emphasize commands vs. GUI
    3. Expose simple monitoring tools
    4. Encourage backup/restore
    5. Maybe mention interfacing
    6. Provide hands-on time
  4. How Linux Starts
    1. BIOS
    2. boot from device
    3. decompress RAM image into RAM
    4. run RAM image
    5. detect rest of hardware
    6. mount device as root (/)
      • IDE and CD/DVD: /dev/hd[a-z][1-9]
      • SCSI/SAS/SATA/USB: /dev/sd[a-z][1-9]
      • could be on CD/DVD/USB
    7. transfer control from RAM to root
    8. start init process then startup scripts
    9. single vs. multi-user?
  5. From where?
    1. /boot -- RAM image, kernel
    2. / (root)
    3. /etc/sysconfig and /dev
    4. PATH=/bin:/sbin:/usr/bin:/usr/sbin
    5. /etc/rc.d and /etc/init.d

      startup and shutdown scripts, in order

    6. /lib; /proc; /tmp; /var; /opt; /home; /usr; /mnt
  6. File system (fs)
    1. File types: regular/dir/char & block devices/sockets/pipes/links/sh mem
    2. absolute vs. relative paths
    3. file redirection
          0 is stdin: <filename
          1 is stdout: >filename (or >> to append)
          2 is stderr: 2>filename (common: 2>&1 -- put same place as stdout)
          
    4. file attributes
      1. owner and group (chown, chgrp)
      2. permissions (chmod, umask)

        See via:

              > ls -l
              -rwxr--r--  1 labadmin labadmin      267 Nov  6  2006 fix_perms
              
        • symbolic type: ugo
        • symbolic permissions: rwx
        • can also use octal
        • umask is 777-perms
    5. make a fs on a device

      See via:

            > df -h
            
      • partition or Logical Volume Manager (LVM)

        simplicity vs. expandability

      • partition: MAKEDEV, then fdisk or other partition tool
      • mke2fs -j /dev/sdb3 (for example)

        fsck for large disks takes a long time. Using journals is much quicker.

    6. mount device to a directory (usually empty)

      If you don't want to mount manually, put the mount info in the /etc/fstab and it will attach at startup or when requested.

      • umount device or directory to unmount

        device must not be in use, or it will fail. To see who is using a device, use fuser command

      • CDs and DVDs can be mounted (may need "-t iso9660")
      • floppy (/dev/fd0 is device; "-t msdos" is type of FS)
      • file system (e.g., "-t nfs", "-t msdos", "-t samba")
      • entries stored in /etc/mtab
  7. Users and groups
    1. User directory: /etc/passwd
      • useradd, usermod, userdel
      • /etc/shadow is secure version with passwords
      • run pwconv if edited /etc/passwd drectly
      • for service accounts, use "/bin/nologin" as default
    2. /etc/group
      • groupadd, groupmod, groupdel
      • grpconv may be neceesary
    3. /etc/skel and /etc/profile.d
  8. Processes
    1. init is pid 1; mother of all processes
      • config file: /etc/inittab
      • parent of all
      • spawns getty which starts "login"
    2. fork clones a process; everything except id

      environment variables, standard file descriptors, memory map of code

    3. exec substitutes current code for new code, and may change environment
    4. list processes: ps aux
    5. monitor processes: top
    6. kill process: kill -KILL pid
    7. use nice to start, or renice to change a command's resource usage
  9. Brief word about Terminals
    1. console: login; messages are written here
    2. terminals (tty), pseudo-terminals (pty, pts)
    3. serial communications; modems work this way
  10. Daemons/services
    1. on from startup to shutdown
    2. scripts to control in /etc/init.d
    3. service ___ start/stop/restart/status

      For example:

          service network restart
          
    4. modifying service for startup
      • chkconfig --list ___
      • chkconfig ___ on
      • chkconfig ___ off
    5. often create log files
    6. should be associated with service account
    7. config files often in /etc/___.conf
    8. superserver: /etc/xinetd.d
  11. Desktop

    All X Window System based, allowing remote display of GUI (keyboard, mouse, display, window movement).

    1. Gnome/KDE/etc.
    2. switch to console mode: Ctrl-Alt-F1..F6
    3. switch to desktop mode: Ctrl-Alt-F7
    4. some admin tasks easier through GUI
  12. Tasks
    1. searching files
          grep root /etc/passwd
          
    2. backup

      Can also send backups over net.

      • tar -zpscf full_backup.tar /
      • dump -0 -f full_backup.dmp -b 64 -z3 /dev/VolGroup00/LogVol00
    3. restore

      Can also restore files from net.

      • cd /tmp && tar -zxf full_backup.tar
      • restore -r -b 64 -f full_backup.dmp
    4. periodic processes (cron)
      • per user: crontab -e

        might have to set EDITOR environment variable

      • /etc/cron.hourly;/etc/cron.daily;/etc/cron.weekly;/etc/cron.monthly
      • /etc/cron.d
    5. logs
      • /var/log/messages;/var/log/dmesg
      • config logging: /etc/syslogd.conf
      • rotate logs to avoid overfilling /var: /etc/logrotate.conf;/etc/logrotate.conf
    6. finding files
      • find . -name ___ -print
      • locate ___

        requires periodic process to update the database of files (/etc/cron.daily/mlocate.cron)

    7. help
      • man ____
      • info ____
    8. command searching
      • which ____

        finds which command in the PATH

      • echo $PATH

        shows path

      • export PATH=$PATH:____
    9. networking information
      • /etc/sysconfig/networking/*
      • ifconfig

        displays network info

  13. Hands on time
    1. Create ituser2 account with wheel group membership and give it a password

      From command line:

          useradd -d /home/ituser2 -m -G wheel -c "IT User 2" ituser2
          passwd ituser2
          id ituser2
          
    2. Create ituser3 account with standard user group membership and give it a password

      Use the GUI.

    3. Create a "demo" group, and add ituser2 and ituser3 to it.
          groupadd demo
          usermod --groups wheel,demo ituser2
          id ituser2
          usermod --groups demo ituser3
          id ituser3
          
    4. Login as ituser2

      Switch from GUI to console: Ctrl-Alt-F4

    5. elevate privileges
          sudo bash
          

      Note the difference between standard user and this. Try the same with ituser3 — what happened and what is the difference?

    6. Create a ~/test directory and a put a file in it

      Tilde ("~") in a bash shell means use the current home directory.

      1. mkdir ~/test
      2. echo hi >~/test/textfile
      3. mkdir ~/test/subdirectory
    7. Backup/restore
      1. Backup every detail about files
              tar zpscvf backup.tgz test
              

        Look at contents of the archive:

              tar ztvf backup.tgz
              
      2. Delete test subdirectory
              rm -ri ~/test
              

        Note the danger of rm -rf.

      3. Restore the deleted files
              cd /tmp
              tar zxvf ~/backup.tgz
              

        Move restored files and directories to correct directory.

    8. Change permissions on ~/test while logged on as ituser2
      1. Give world read to ~/test
              chmod o+r ~/test
              ls -ld ~/test
              
      2. Change ownership of ~/test to allow demo group access.
              chgrp demo ~/test
              ls -ld ~/test
              
      3. Set read and execute on ~/test/textfile for ituser ONLY
              chmod u=rx,g-rwx,o-rwx ~/test/textfile
              
      4. Use su with ituser3 to determine if ituser3 can read "/home/ituser/test"
              su ituser3
              ls -l /home/ituser/test
              exit
              
    9. Run top
      1. Explain fields, use O command to change sort order
      2. Which task uses the most CPU?
      3. Which task uses the most memory?
    10. Create a task to write to a log file every 5 minutes.
          crontab -e
          # add this line:
          5 * * * * echo 5 minutes passed >/home/ituser/mylog
          # save the file
          
    11. Enabling and disabling system daemons
      1. Stop sendmail
             service sendmail stop
             
      2. Look at /var/log/messages

        Very useful to look only at the end of it:

             tail /var/log/messages
             
      3. Use chkconfig to turn off sendmail permanently
             chkconfig sendmail off
             chkconfig --list sendmail
             
    12. Firewalling
      1. iptables, gui editing, command line editing and web resources.
      2. Block pings
      3. log dropped packets
      4. ping localhost
  14. Useful urls for assisting with administration tasks:
    1. http://www.lowth.com/LinWiz/

      Useful for building an iptable firewall to base your firewall on

    2. http://tldp.org/

      A document repository for everything linux

Cleanup

Clone the disk drives