The Linux Operating System

1
The Linux Operating System
The Tonga Institute of Higher Education
Lecture 3 Becoming the Superuser and Users and
Groups
2
Root.

• We've been looking at how to manipulate the Linux
  system, figuring out where things go, but we
  can't really do anything without being the
  superuser, root.
• The root user, remember, can do anything he
  wants, so we have to be careful not to make
  mistakes. We could delete things that make the
  entire computer never work again.
• Most Linux users recommend only using the root
  user when you need to. In case you make mistakes
  you don't want to destroy your system. But there
  are a lot of times you'll need to be root if you
  have your own system to look after

3
What to do as root?

• Now that you are root, what are you able to do?
• Shutdown and reboot (if you are going to
  shutdown, you should send the command to do it,
  not just press the off button)
• root_at_usp root shutdown -now
• root_at_usp root reboot
• Shutting down and rebooting are simple. We can
  also control a lot about how the system starts up
  and how it runs while it is on

4
System Startup

• The system will have many programs that will
  start up as 'services.' These will be things like
  the webserver, telnet server, but also kernel
  programs that keep the filesystem together, run
  memory and do system logging.
• Some of these services will be defined by the
  user, some by the system. You can control them
  all through the use of what is called Run Levels
  and the chkconfig command

5
What happens during a bootup?

• 1. BIOS The Basic Input/Output System is the
  lowest level interface between the computer and
  peripherals. The BIOS performs integrity checks
  on memory and seeks instructions on the Master
  Boor Record (MBR) on the floppy drive or hard
  drive.
• 2. The MBR points to the boot loader (LILO Linux
  boot loader).
• 3. LILO will then ask for the OS label which will
  identify which kernel to run. It then loads the
  Linux operating system.
• 4. The first thing the kernel does is to execute
  init program. Init is the root/parent of all
  processes executing on Linux.
• 5. The first processes that init starts is a
  script /etc/rc.d/rc.sysinit
• 6. Based on the appropriate run-level, scripts
  are then executed to start various processes to
  run the system

6
Run Levels

• A run level is a state of init and the whole
  system that defines what system services are
  operating. Run levels are identified by numbers
• Run level numbers
• 0 Halt the system.
• 1 Single-user mode (for special administration).
• 2-5 Normal operation (user defined).
• 6 Reboot.
• Deciding on how you run your system at startup,
  the run level will determine what programs start
  and how much you are able to change

7
Run Levels

• Run levels are configured in /etc/inittab by
  lines like the following
• l22wait/etc/init.d/rc 2
• The first field is an arbitrary label, the second
  one means that this applies for run level 2. The
  third field means that init should run the
  command in the fourth field once, when the run
  level is entered, and that init should wait for
  it to complete. The /etc/init.d/rc command runs
  whatever commands are necessary to start and stop
  services to enter run level 2.
• The command in the fourth field does all the hard
  work of setting up a run level. It starts
  services that aren't already running, and stops
  services that shouldn't be running in the new run
  level any more. Exactly what the command is, and
  how run levels are configured, depends on the
  Linux distribution.

8
Run Levels

• When init starts, it looks for a line in
  /etc/inittab that specifies the default run
  level
• id2initdefault
• You can ask init to go to a non-default run level
  at startup by giving the kernel a command line
  argument of single or emergency. Kernel command
  line arguments can be given via LILO, for
  example. This allows you to choose the single
  user mode (run level 1).
• While the system is running, the telinit command
  can change the run level. When the run level is
  changed, init runs the relevant command from
  /etc/inittab.

9
Booting in single user mode

• An important run level is single user mode (run
  level 1), in which only the system administrator
  is using the machine and as few system services,
  including logins, as possible are running. Single
  user mode is necessary for a few administrative
  tasks.
• A running system can be taken to single user mode
  by using telinit to request run level 1. At
  bootup, it can be entered by giving the word
  single or emergency on the kernel command line
  the kernel gives the command line to init as
  well, and init understands from that word that it
  shouldn't use the default run level.
• One reason to go to this level is if you forget
  your root password or if you need to check the
  filesystem on the / partition

10
init.d and xinet.d

• init.d is a folder in your /etc/rc.d directory
  that contains little programs called scripts
  that will start or stop services and programs on
  your computer.
• It is actually part of the startup process and
  based on what run level you have decided to use,
  different scripts will be run from the init.d
  folder
• Most of the scripts will have a 'start', 'stop',
  'restart' and 'status' option so you can control
  the programs yourself
• For example, to start a webserver, you might do
  the following
• /etc/rc.d/init.d/httpd start

11
rc.d

• So the program scripts are in the
  /etc/rc.d/init.d folder
• What is the /etc/rc.d folder for?
• /etc/rc.d will contain all the files needed to
  boot up. This is where the programs for the
  different run levels are saved. They are located
  in the /etc/rc.d/rc0.d/ --gt /etc/rc.d/rc6.d/
• Notice the files in these folders start with a S
  or a K before them. The files with an S mean they
  are for startup, the files with the K mean they
  are for the shutdown
• To add a new service and have it be included in
  the correct run level, you'll need to put the K
  and S files in the correct rcX.d folder (where X
  --gt 0-6)

12
rc.d

• Sometimes with all the run levels and files
  things get confusing, so what if you just want a
  simple way to make things start when you boot up
  the system?
• There is a file called /etc/rc.d/rc.local. This
  'rc.local' file will be run when the system
  starts and any commands inside of it will also be
  run.
• You just need to put the full path to where the
  file is saved. For example, if you want a mySQL
  database to start when the computer starts, just
  put in on the last line of the rc.local file
• /usr/local/bin/mysql

13
xinet.d

• All the talk about init.d is for programs and
  services that are local, which means they run on
  the system and are not for networked enabled
  programs (generally speaking).
• For programs that are networked services, ones
  that talk to other computers on a network, the
  xinet.d folder is used in /etc/.
• xinet.d is relatively new to Linux, but used a
  lot in RedHat. When we get to the chapter about
  networking, we will look at it more in depth

14
Chkconfig

• So how can you control what programs will start
  up and shut down and find out what is actually
  running?
• The chkconfig command is used to activate and
  deactivate services.
• If you use the chkconfig --list command, you
  will see a list of system services and whether
  they are started (on) or stopped (off) in
  runlevels 0-6.
• Example
• chkconfig --list anacron
• anacron 0off 1off 2on 3on 4on 5on 6off

15
Chkconfig

• Examples
• Forces httpd service to run for levels 3, 4 and
  5.
• chkconfig --level 345 httpd on
• Start the httpd service when system starts.
• chkconfig --add httpd
• Do not start the sendmail system start.
• chkconfig --del sendmail
• List all services and init levels.
• chkconfig --list

16
chkconfig

• Most of the time we can just use chkconfig to
  turn things on and off (which is the easiest)
• It will make the changes for the current run
  level and thus, you won't need to worry about
  what run level you are changing
• root_at_comp root chkconfig sendmail off
• root_at_comp root chkconfig httpd on

17
Crontab

• So you know how to make programs start when the
  system starts, what about making programs run at
  a regular interval, for example every hour, or
  once a day?
• Crontab is a small program that is the task
  scheduler on Linux systems. It will act like an
  alarm clock. At a certain time, it will wake up
  and make a program run.
• When you access crontab, you have to use the text
  editor, vi. So all your practice with vi will pay
  off

18
Using crontab

• Each user is allowed to have his or her own
  crontab, but the root user will be the one to use
  it the most.
• To see your crontabs, type
• crontab -l
• And what you'll see is something like
• 0 1 /home/www/cgi-bin/awstats.pl
• 0 2 /usr/bin/sarg
• 0 3 echo gt /var/log/squid/access.log
• 0 3 echo gt /var/mail/junk
• Basically a list of programs with some numbers
  and stars
• So what does it mean and how does it work?

19
Using crontab

• 0 1 /home/www/cgi-bin/awstats.pl
• There are five fields to the schedule, and then
  the name of the program that will run
• The fields are, in this order,
• MINUTE(0-59)
• HOUR(0-23)
• DAYOFMONTH(1-31)
• MONTHOFYEAR(1-12)
• DAYOFWEEK(0-6) Note 0 Sun
• Also note that the ASTERISK () is what's called
  a WILDCARD meaning it will match any value.
• So in this example it will run on the 0th minute
  of the 1st hour of every day of the month, every
  month of the year and every day of the week

20
Add your own crontab

• So to add your own crontab, type
• crontab -e
• This will open up the crontab file in 'vi' and
  you can add your own crontab line
• Crontab examples
• Program1 will run every minute of the 1st hour of
  the 4th day of every month
• 1 4 /usr/bin/program1
• Program2 will run every 15th minute every 6
  hours, every 10th day of the 5th month of the
  year
• 0,15,30,45 0,6,12,18 10 5 /usr/bin/program2

21
User Management

• An important task for the root user is to be able
  to add new user's to the system and to delete old
  users.
• To add a user to the system we can use the
  command 'useradd' or we can do it all manually
• With 'useradd'
• root_at_usp / useradd new_user -g students
• This will add a user called new_user and put them
  in the group called students
• To remove user, 'userdel'
• root_at_usp / userdel new_user

22
Setting passwords

• To set a password for a new user, you'll use the
  'passwd' program
• root_at_usp / passwd new_user
• You'll then be prompted to enter in the new
  password for that user
• If you don't specify a user name, then you can
  change your own password

23
Groups

• Users also have options of being inside of
  groups. This is for security and permission
  reasons. For example, at a school, all students
  might be in the students group and all teachers
  in the staff group.
• You could then make student grades group readable
  for staff, but not for students.
• To add a new group to the system, use 'groupadd'
• root_at_usp / groupadd students
• Now you'll be able to add students to this new
  group on your system

24
Adding users manually

• The list of users and their home directories are
  in the important file called '/etc/passwd'
• This file used to contain encrypted passwords of
  everyone on the system, but that proved insecure
  and they moved the passwords to a file called
  /etc/shadow that only root can read
• Inside /etc/passwd you'll see lines like
• user1x500100User 1/home/user/bin/bash
• Fields are separated by the '' The first field
  is for the username. Then next, 'x' means the
  password is in /etc/shadow. 500 and 100 are the
  user id and group id respectively. User 1 is the
  name of the user. /home/user is their home
  directory and /bin/bash is the shell program they
  are using

25
The /etc/group file

• Groups are saved inside the file /etc/group and a
  line will look like this
• administratorsx501user1,user2
• The first field is the name of the group, the 'x'
  is for no password, 501 is the group id and the
  last field is a list of users who are also part
  of this group
• For example, user1 might be a part of staff and
  administrators, but his primary group is staff.
  So to add him to administrators, add him to the
  end of the line for in the /etc/group file

26
Assigning quotas

• Quotas limit how much space one user can take up
  on a system. If you don't have any quotas, then
  someone can put every movie they have on the
  computer until you run out of space and there is
  no room for virtual memory. That's bad
• So if you have a lot of users, its good to have
  some sort of quota system set up to limit how
  much they can save
• To add quotas to a system is sometimes tricky,
  but generally these are the steps to take. First
  open /etc/fstab and find the partition you want
  to change. You'll see something like
• /dev/hda2 /home ext3 defaults 1 1
• You'll be adding the usrquota, and the grpquota
  part. This tells the file system there is a user
  and group quota. Do it like this
• /dev/hda2 /home ext3 defaults,usrquota,grpquota 1
  1

27
Assigning quotas

• The next step is to create a file where quotas
  are saved. Depending on what filesystem you have
  you might have to create a file called
  'quota.user' or 'aquota.user'
• touch /home/quota.user
• chmod 600 /home/quota.user
• Then you need to turn on quotas
• quotaon -av
• And now you are ready to start assigning quotas
  hopefully. You might have to reboot the computer
  so that the partition is remounted correctly at
  the beginning, with quotas enabled

28
Assigning quotas

• To assign a quota for a user, you'll use a
  command called 'edquota'
• edquota -u user1
• You'll see something like the below
• Disk quotas for user user1 (uid 665)
• Filesystem blocks soft hard inodes soft
  hard
• /dev/hda3 18860 99000 100000 71 0
  0
• Filesystem shows which partition it is on.
• Blocks shows how many KB the user has taken up
• Soft is the 'soft' quota for how many KB they can
  use. This means they'll get a warning when they
  get to this level
• Hard is the 'hard', they cannot go over this
  limit
• Inodes is the number of files they have created
  (hard and soft are quotas for the number of files
  they can have in total)

29
Checking and maintaining quotas

• To see all the quotas you have on a system, use
  the command
• repquota -a
• To see the quota for just one user, try
• quota -u user1
• Soft limits are like grace periods for people, it
  will let them keep their files for a certain
  amount of time above the soft limit, but then
  make them delete stuff after a certain amount of
  time
• To change how long that time is, use the command
• edquota -t

30
Summary

• This chapter gave you a basic outline of
  somethings the root user is responsible for.
• The root user will also be involved in doing many
  other things, and there are many other commands
  that help the root user to administer
• We'll take a look at other things the root user
  can do, especially in terms of networking and
  security features on Linux
• Remember, if anyone found out your root user
  password, they could do whatever they want to
  your computer very easily.