Booting • PROM (BIOS) — perform basic self-test (POST) Lecture 13 and access parameters from nvram • OS Loader — locate and run kernel on disk – Located in the MBR (first sector of boot device) – May call secondary loader on some partition Linux System Administration – LILO, GRUB • Kernel — initializes devices, mounts root filesystem, starts first user process (init) init Boot Scripts • init — reads /etc/inittab to determine what to • /etc/init.d contains scripts for every start according to the run-level ( initdefault ) managed service, e.g. /etc/init.d/sshd {start|stop} 0 Halt • Links to these boot scripts are created in the 1 Single user mode sequencing directories /etc/rc[0-6].d 2 Multiuser, w/o NFS run-level 3 Full multiuser mode • Links started with S are called with start 4 unused • Links started with K are called with stop 5 X11 6 reboot Boot Scripts (cont.) Internet Services Daemon • xinetd — listens to service ports and • Numbers in link determine the order the starts server when a request arrives script are run, e.g. – No need to start all the daemons at boot time – S55sshd runs before S80sendmail but – “Super-server” after S08iptables • Services are configured in • Maintain runlevel information for system /etc/xinetd.conf or in individual services by manipulating files in files under /etc/xinetd.d /etc/rc[0-6].d or use chkconfig 1
Shutting Down User Account Management • shutdown brings the system down safely : • Local user info stored in /etc/passwd • To create a new local user : /sbin/shutdown -t 600 -r “… be right back” • Processes are sent SIGTERM and then Add new entry to /etc/passwd and /etc/shadow 1. (and /etc/group is necessary) SIGKILL 2. Create home directory for the new user with some • halt same as shutdown -h default startup files • reboot same as shutdown -r • Do these manually or use useradd : useradd -c “Bill Gates” -u 1001 -g • poweroff turns off the power after msoft -d /home/billg -m -k /etc/skel halting (same as halt -p ) -s /bin/bash billg User Acct. Management (cont.) /etc/passwd • Format of a passwd entry: • To delete an account : username:password:uid:gid:gecos:homedir:shell userdel -r billg root:x:0:0:root:/root:/bin/bash • To create a group : bin:x:1:1:bin:/bin:/sbin/nologin groupadd -g 550 web nobody:x:99:99:Nobody:/:/sbin/nologin billg:x:1001:501:Bill Gates:/home/billg:/bin/bash • To delete a group : groupdel web /etc/shadow Groups • Format of a shadow entry: • Format of a group entry in /etc/group username:password:lstchg:min:max:warn:inact:exp: groupname:password:gid:user_list root::0:root root:j3dghRBqe$2fjvGJ8js:12650:0:99999:7::: bin:*:12650:0:99999:7::: bin::1:root,bin,daemon … senate::990:chuck,hillary • Group passwords can be stored in • * does not match any password /etc/gshadow • !! account is locked • If you belong to more than 1 groups, you can • The shadow file should only be readable by root change your group with : newgrp [ group ] 2
Become Another User Installation • su - run shell as another user • Install from CD/DVDs interactively • Network automated installation – Need password of the user you are su ’ing to – Kickstart (Red Hat) – No username specified means root – Jumpstart (Solaris) • sudo - execute command as another user • Packages and machine configuration files located on install server – Authenticate with your own password • Install a machine with a single command – Run command as root by default linux ks=nfs: server :/ path (RH Linux) – sudo privileges are defined in /etc/sudoers boot net - install (Solaris) Linux Distros Disk Partition • A partition is a logical section of a disk, normally with its own filesystem • The partition table contains the partition information (starting block, size, type) • A disk can be partitioned during OS installation or (for non-system disks) afterwards using fdisk or parted A Partition Table Filesystems (parted) print • Different filesystem types organize files and Disk geometry for /dev/hda: 0.000-38146.972 megabytes directories in different ways Disk label type: msdos • Ext3 — most common filesystem on Linux Minor Start End Type Filesystem Flags • Ext3 is a journaling filesystem 1 0.031 25603.593 primary ntfs boot 2 25603.594 25705.568 primary ext3 – Sequence of changes to filesystem treated as single 3 25705.569 26733.164 primary linux-swap transaction 4 26733.164 38146.530 extended lba • After unclean system shutdown 5 26733.195 38146.530 logical ext3 – Replay journal to make filesystem consistent – No need to fsck 3
Mounting Filesystems Access Control Lists (ACL) /etc/fstab: • Traditionally, file permissions can only be LABEL=/ / ext3 defaults 1 1 set for user, group, and everyone else LABEL=/boot /boot ext3 defaults 1 2 – Simple but limited none /proc proc defaults 0 0 – Different perms cannot be used for different /dev/sda2 swap swap defaults 0 0 • mount -a causes all fs in fstab to be mounted users • To manually mount a filesystem not in fstab • ACL provides finer access control mount -t ext3 -o ro,acl /dev/sda5 /a • Filesystems need to be mounted with the • To check filesystem usage, use df , e.g. acl option df /usr Setting ACL Quota • To give Prof. Korn rw access to your file • Prevent one user from using up the whole that has permission 600 : disk setfacl -m u:kornj:rw somefile • Disk quota can be configured for individual • To remove all permission for Prof. Korn: users as well as groups setfacl -x u:kornj somefile • To enable quota on a filesystem, mount with usrquota and/or grpquota • To list the ACL for a file/directory: options getfacl somefile Setting Disk Quota Swap • To list quota for user or group: • Swap space — area on disk for transferring quota user or quota -g group pages to/from physical memory (RAM) Disk quotas for user foo (uid: 501): • When RAM is (almost) full, RAM pages Filesystem blocks soft hard inodes soft hard /dev/sdb2 223652 512000 600000 23456 0 0 are saved to swap by the page daemon • User can exceed soft limit for a grace period • Can be a dedicated partition or a swap file • To configure quota for user: • Usually twice the size of RAM edquota user – e.g. 2048 MB swap for 1024 MB RAM • To configure quota for group: edquota -g group 4
RAID RAID Level 5 • R edundant A rray of I ndependent D isks Disk 1 Disk 2 Disk 3 Disk 4 Disk 5 – Combine multiple smaller physical disks into one big 0 1 2 3 P logical disk: OS sees one big drive – Improve I/O performance and provide redundancy 5 6 7 P 4 • Most common RAID levels 10 11 P 8 9 – Linear : concatenation 15 P 12 13 14 – RAID 0 : striping - no redundancy – RAID 1 : mirroring P 16 17 18 19 – RAID 5 : striping with distributed-parity (XOR) 20 21 22 23 P – RAID 6 : P + Q redundancy - up to 2 disk failure Left-symmetric Hardware vs. Software RAID Network Configuration • Ethernet devices are named eth0 , eth1 , etc. • Hardware RAID • To statically configure a network interface: – RAID controller handles everything – IP address (128.122.20.123) – Host sees one big drive – Netmask (defines subnet) (255.255.255.0) • Software RAID – Router (gateway) address (128.122.20.1) – Kernel handles all RAID issues (MD driver) • ifconfig is used at boot time to configure – Cheaper but lower performance network interfaces – See md(4) , mdadm(8) – List configuration if no argument is given DHCP Network File System (NFS) • Dynamic Host Configuration Protocol • Developed by Sun Microsystems • Dynamically allocate IP addresses to clients • Allowed remote filesystems to be mounted locally • Addresses are leased for a certain period – e.g. home directory mounted on machines • Some older clients use BOOTP • To mount a filesystem from a NFS server mount -t nfs -o nosuid,intr serv1:/export/local /usr/local 5
NFS (cont.) Naming and Directory Services • Original UNIX naming system stores info in /etc NFS client NFS server (serv1) – Does not scale well for large network / / • Network naming services – Information stored centrally (client-server model) usr export – Usernames, passwords, hostnames/IP addr, etc. via NFS – Binds names to objects local local – Resolves names to objects • e.g. www.cs.nyu.edu is 128.122.80.245 mount point for bin lib share – DNS, NIS, LDAP serv1:/export/local Domain Name System DNS Namespace • Distributed, replicated service for root • translating hostnames to IP addresses • Namespace divided into hierarchy of gov com org edu domains • Each DNS domain supported by 2 or more name servers nyu usc DNS Client Network Information Service • The resolver (e.g. gethostbyname() ) • Developed by Sun Microsystems - originally Yellow Pages (yp) on the client queries the name server • Stores network, hostnames-addresses, users, and • DNS servers in /etc/resolv.conf , e.g. network services info in NIS maps nameserver 128.122.128.2 – e.g. passwd.byname, passwd.byuid, hosts.byname, ethers.byaddr, netgroup , etc. • Query DNS server interactively with • Client-server model nslookup or dig • Servers are replicated (master/slave) • NIS+ — similar to NIS, but more features and more secure 6
Recommend
More recommend
