10.5 Administrative Tasks (Topic 2.11) 10.5.1 Objective 1: Manage Users and Group Accountsand Related System Files 10.5.1.1 passwd and group -
User account information is stored in /etc/passwd. -
Each line in /etc/passwd contains a username, password, UID, GID, user's name, home directory, and default shell. -
Group information is stored in /etc/group. -
Each line in /etc/group contains a group name, group password, GID, and group member list. -
passwd and group are world-readable. 10.5.1.2 Shadow files -
To prevent users from obtaining encrypted passwords from passwd and group, shadow files are implemented. -
Encrypted passwords are moved to a new file, which is readable only by root. -
The shadow file for /etc/passwd is /etc/shadow. -
The shadow file for /etc/group is /etc/gshadow. 10.5.1.3 User and group management commands The following commands are commonly used for manual user and group management: - useradd user
-
Create the account user. - usermod user
-
Modify the user account. - userdel user
-
Delete the user account. - groupadd group
-
Add group. - groupmod group
-
Modify the parameters of group. - groupdel group
-
Delete group. - passwd username
-
Interactively set the password for username. - gpasswd groupname
-
Interactively set the password for groupname. - pwconv
-
Convert a standard password file to a shadow configuration. - pwunconv
-
Revert from a shadow password configuration. - grpconv
-
Convert a standard group file to a shadow configuration. - grpunconv
-
Revert from a shadow group configuration. - chage user
-
Modify password aging and expiration settings for user. 10.5.2 Objective 2: Tune the User Environment and System Environment Variables 10.5.2.1 Configuration scripts -
The bash shell uses system-wide configuration scripts -- such as /etc/profile and /etc/bashrc -- when it starts. -
Commands in /etc/profile are executed at login time. -
Commands in /etc/bashrc are executed for each invocation of bash. -
Changes to these system-wide files affect all users on the system. 10.5.2.2 New account home directories -
New user directories are populated automatically by copying /etc/skel and its contents. -
The system administrator may add, modify, and delete files in /etc/skel as needed for the local environment. 10.5.3 Objective 3: Configure and Use System Log Filesto Meet Administrative and Security Needs 10.5.3.1 Syslog -
The syslog system displays and records messages describing system events. -
Messages can be placed on the console, in log files, and on the text screens of users. -
syslog is configured by /etc/syslog.conf in the form facility.level action: - facility
-
The creator of the message, selected from among auth, authpriv, cron, daemon, kern, lpr, mail, mark, news, syslog, user, or local0 through local7. - level
-
Specifies a severity threshold beyond which messages are logged and is one of (from lowest to highest severity) debug, info, notice, warning, err, crit, alert, or emerg. The special level none disables a facility. - action
-
The destination for messages that correspond to a given selector. It can be a filename, @hostname, a comma-separated list of users, or an asterisk, meaning all logged-in users. -
Together, facility.levels comprise the message selector. -
Most syslog messages go to /var/log/messages. 10.5.3.2 Log file rotation 10.5.3.3 Examining log files -
Files in /var/log (such as messages) and elsewhere can be examined using utilities such as tail, less, and grep. -
Information in syslog log files includes date, time, origin hostname, message sender, and descriptive text. -
To debug problems using log file information, first look at the hostname and sender, then at the message text. 10.5.4 Objective 4: Automate System Administration Tasksby Scheduling Jobs to Run in the Future 10.5.4.1 Using cron -
The cron facility consists of crond, the cron daemon, and crontab files containing job-scheduling information. -
cron is intended for the execution of commands on a periodic basis. -
crond examines all crontab files every minute. -
Each system user has access to cron through a personal crontab file. -
The crontab command, shown here, allows the crontab file to be edited and viewed: - crontab
-
View, or with -e, edit crontab files. -
Asterisks in any of the time fields match all possible values. -
In addition to personal crontab files, the system has its own crontab files: /etc/crontab as well as files in /etc/cron.d. 10.5.4.2 Using at 10.5.4.3 User access 10.5.5 Objective 5: Maintain an Effective Data Backup Strategy -
System backup provides protection against disk failures, accidental file deletion, accidental file corruption, and disasters. -
System backup provides access to historical data. -
Full backups save all files. -
Differential backups save files modified or created since the last full backup. -
Incremental backups save files modified or created since the last full or incremental backup. -
A full backup will be coupled with either differential or incremental backups, but not both. -
Backup media are rotated to assure high-quality backups. -
Backup media must be verified to assure data integrity. -
Backup is often performed using tar and mt, as follows: - tar files
-
Archive or restore files recursively, to tape or to a tarfile. - mt operation
-
Control a tape drive, including skipping over multiple archives on tape, rewinding, and ejecting. operations include fsf, bsf, rewinde, and offline (see the manpage for a complete list). -
Backup should include everything necessary to restore a system to operation in the event of a disaster. Examples include /etc, /home, /var/log, and /var/spool, though individual requirements vary. |