Introduction to UNIX: 
Lecture Seven

7.1 Objectives
This lecture covers basic system administration concepts and tasks, namely:
Note that you will not be given administrator access on the lab machines. However, you might like to try some basic administration tasks on your home PC.
7.2 The Superuser root
The superuser is a privileged user who has unrestricted access to all commands and files on a system regardless of their permissions. The superuser's login is usually root. Access to the root account is restricted by a password (the root password). Because the root account has huge potential for destruction, the root password should be chosen carefully, only given to those who need it, and changed regularly.

One way to become root is to log in as usual using the username root and the root password (usually security measures are in place so that this is only possible if you are using a "secure" console and not connecting over a network). Using root as your default login in this way is not recommended, however, because normal safeguards that apply to other user accounts do not apply to root. Consequently using root for mundane tasks often results in a memory lapse or misplaced keystrokes having catastrophic effects (e.g. forgetting for a moment which directory you are in and accidentally deleting another user's files, or accidentally typing "rm -rf * .txt" instead of "rm -rf *.txt" ).

A better way to become root is to use the su utility. su (switch user) lets you become another user (at least as far as the computer is concerned). If you don't specify the name of the user you wish to become, the system will assume you want to become root. Using su does not usually change your current directory, unless you specify a "-" option which will run the target user's startup scripts and change into their home directory (provided you can supply the right password of course). So:

    $ su -
    Password: xxxxxxxx
    #

Note that the root account often displays a different prompt (usually a #). To return to your old self, simply type "exit" at the shell prompt.

You should avoid leaving a root window open while you are not at your machine. Consider this paragraph from a humorous 1986 Computer Language article by Alan Filipski:

"The prudent administrator should be aware of common techniques used to breach UNIX security. The most widely known and practised attack on the security of the UNIX brand operating system is elegant in its simplicity. The perpetrator simply hangs around the system console until the operator leaves to get a drink or go to the bathroom. The intruder lunges for the console and types rm -rf / before anyone can pry his or her hands off the keyboard. Amateur efforts are characterised by typing in things such as ls or pwd. A skilled UNIX brand operating system security expert would laugh at such attempts."

7.3 Shutdown and System Start-up
7.4 Adding Users
7.5 Controlling User Groups
  • groupadd (in /usr/sbin):
  • groupadd creates a new user group and adds the new information to /etc/group:

      # groupadd groupname
     

  • usermod (in /usr/sbin):
  • Every user belongs to a primary group and possibly also to a set of supplementary groups. To modify the group permissions of an existing user, use

    # usermod -g initialgroup username -G othergroups

    where othergroups is a list of supplementary group names separated by commas (with no intervening whitespace).
     

  • groups
  • You can find out which groups a user belongs to by typing:

      # groups username

7.6 Reconfiguring and Recompiling the Linux Kernel
Linux has a modular, customisable kernel with several switchable options (e.g. support for multiple processors and device drivers for various hardware devices). It may happen that some new hardware is added to a Linux machine which requires you to recompile the kernel so that it includes device driver support (and possibly new system calls) for the new hardware. To do this, you will need to rebuild the Linux kernel from scratch as follows:
7.7 Cron Jobs
crond is a daemon that executes commands that need to be run regularly according to some schedule. The schedule and corresponding commands are stored in the file /etc/crontab.

Each entry in the /etc/crontab file entry contains six fields separated by spaces or tabs in the following form:

       minute  hour  day_of_month  month  weekday  command

These fields accept the following values:

    minute            0 through 59
    hour              0 through 23
    day_of_month      1 through 31
    month             1 through 12
    weekday           0 (Sun) through 6 (Sat)
    command           a shell command

You must specify a value for each field. Except for the command field, these fields can contain the following:

You can also specify some execution environment options at the top of the /etc/crontab file:

SHELL=/bin/bash
PATH=/sbin:/bin:/usr/sbin:/usr/bin
MAILTO=root

To run the calendar command at 6:30am. every Mon, Wed, and Fri, a suitable /etc/crontab entry would be:

30 6 * * 1,3,5 /usr/bin/calendar

The output of the command will be mailed to the user specified in the MAILTO environment option.

You don't need to restart the cron daemon crond after changing /etc/crontab - it automatically detects changes.

7.8 Keeping Essential Processes Alive
It is important that daemons related to mission critical services are immediately respawned if they fail for some reason. You can do this by adding your own entries to the /etc/inittab file. For example:

rs:2345:respawn:/home/sms/server/RingToneServer

Here rs is a 2 character code identifying the service, and 2345 are the runlevels (to find about runlevels, type man runlevel) for which the process should be created. The init process will create the RingToneServer process at system startup, and respawn it should it die for any reason.

(BACK TO COURSE CONTENTS)



© September 2001 William Knottenbelt (wjk@doc.ic.ac.uk)