Post on 23-Jan-2016
description
transcript
2/19/2003Lecture 3
Computer System Administration
Lecture 3Setup (continued)
2/19/2003Lecture 3
On Your Own
● Machines Have/Will be reinstalled– Following Procedure in first 2 lectures– root passwords will be default
● No further “interference” from me.– You are responsible for:
● Security● Users● Packages/Software
2/19/2003Lecture 3
Passwords
● The passwd(1) program– Same on all 3 architectures– Change the root password!!!!!– As root can change other users passwords.
2/19/2003Lecture 3
/etc/passwd
● Database of user accounts– Flat-File
● Also standard format– Colon separated– Username– Password (encrypted)– UID– GID
2/19/2003Lecture 3
Passwd(5) file format (cont)
– GECOS field● Comma Separated● Name● Phone number● Office● Etc...
– Home Directory– Shell
2/19/2003Lecture 3
Shadow Passwords
● Hides the encrypted form of the password.– Root-only access
● Solaris– /etc/shadow– Additional information (must update both)
● Last change time● Min change time● Inactive time● ...
2/19/2003Lecture 3
Shadow Passwords(cont)
● Irix– /etc/shadow
● Also additional fields (must update both)● Last change● Min change● Inactive● ...
2/19/2003Lecture 3
FreeBSD Shadow Passwords
● /etc/master.passwd– “master” password file– /etc/passwd is generated from master.passwd
● pwd_mkdb
– Hashed databases generated● /etc/pwd.db (public)● /etc/spwd.db (shadow/private)
2/19/2003Lecture 3
man(1) pages
● Unix system self documentation/reference– Sections
● Solaris (/usr/share/man/...)– Section 1: User Commands– Section 2: Kernel Functions– Section 3: Library Functions
● Subsections: aio, c, curses, kstat, ...
– Section 4: File Formats– Section 5: Standards, Environments, Macros
2/19/2003Lecture 3
Solaris man(1) Sections (cont)
– Section 6: Games and Demos– Section 7: Device and Network Interfaces– Section 9: Device Driver Interfaces
● Requesting a specific manpage– man [-s section] page
● Search path
– man -s 1 passwd– man -s 4 passwd
2/19/2003Lecture 3
FreeBSD man(1) sections
● /usr/share/man● Section 1: User Commands● Section 2: Kernel Functions● Section 3: Library Functions● Section 4: Device Driver Reference● Section 5: File Formats● Section 6: Games
2/19/2003Lecture 3
FreeBSD man(1) sections
● Section 7: Misc● Section 8: System Administration Commands● Section 9: Kernel Programming Reference● Requesting a specific section:
– Man [section] page● Search path● Man 5 passwd
2/19/2003Lecture 3
Irix man(1) sections
● Located in /usr/share/catman– Subdivided
● a_man: Administrative● g_man: Graphics● u_man: User● p_man: Programming
– Sections● Section 1: Shell Commands● Section 2: Kernel Functions
2/19/2003Lecture 3
Irix man(1) sections
● Section 3: Library Functions● Section 4: File Formats● Section 5: Misc● Section 6: Games● Section 7: Devices● Section 8: System Daemons
– Requesting specific sections● man [section] page
– Man 4 passwd
2/19/2003Lecture 3
System Services
● Securing your System– Stop unnecessary services– Tools
● ps● netstat● fstat(FreeBSD)/fuser(Solaris/Irix)
2/19/2003Lecture 3
Solaris System Startup
● Runlevels (man init)– S/s: Single User– 0: Firmware– 1: Administrative– 2: Multi-user mode– 3: Multi-user+Network share– 4: Free– 5: power-off– 6: reboot
2/19/2003Lecture 3
Runlevel State Transition
● Startup (initdefault 3)– Runlevel 2– Runlevel 3
2/19/2003Lecture 3
Runlevel Scripts
● /etc/rc?● /etc/rc?.d
– /etc/rc2.d– /etc/rc3.d– Scripts typically linked to their real location in
/etc/init.d● Kill Scripts
– Begin with K– Executed in alphabetical order– K00foo stop
2/19/2003Lecture 3
Runlevel Start Scripts
● Start Scripts– Begin with S– Executed in alphabetical order– S99foo start
2/19/2003Lecture 3
start/stop scripts
● Are ONLY executed on a transition INTO a state– KILL scripts are NOT executed when you leave a
state, only the kill scripts of the new state are executed
– If you want to have apache only running in runlevel 3 you need to put Kill scripts in any other runlevels (typically 2 and 1)
2/19/2003Lecture 3
Disabling Scripts
● Delete links and originals in /etc/rc?.d and /etc/init.d– BAD– No record of what was once there, no way to get it
back● Delete /etc/rc?.d/[KS]##foo.
– Bad– Can retrieve it, but don't know where it goes.
2/19/2003Lecture 3
Disabling Scripts (cont)
● Rename it– mv S99foo disabled.S99foo– mv K00foo disabled.K00foo– Doesn't start/stop (doesn't begin with K or S)– Keeps a record– Can be reversed
2/19/2003Lecture 3
Irix System Startup
● Also runlevel/inittab based● You can manage irix processes in the same way● Better way
– chkconfig● chkconfig doesn't know about runlevels
– Process typically only started/stopped once, in a specific runlevel
2/19/2003Lecture 3
Chkconfig
● Seeing whats on and whats off– chkconfig -s
● Setting state– chkconfig [-f]{variable} {on | off}– -f for a new flag
● Create your own!
● State stored in /etc/config– One file/variable (same name as variable)– Optionally “variable.options” (stores options for that
variable
2/19/2003Lecture 3
FreeBSD System Startup
● No Runlevels/inittab– Configuration provided by 'rc.conf', similar to Irix
chkconfig
2/19/2003Lecture 3
rc.conf
● rc.conf– /etc/defaults/rc.conf
● Read first● information/defaults only● DO NOT EDIT
– Will be overwritten by system upgrades/etc
– /etc/rc.conf● Read second● Make changes here● Only need to add specific entries for items you want
changed
2/19/2003Lecture 3
FreeBSD Startup: Customizing
● /usr/local/etc/rc.d– local_startup
● Run like inittab scripts– Alphabetical– {start | stop}– Must end in “.sh”– Disable via: mv foo.sh foo.sh.disabled