Every computer owner must be
The same is true with any UNIX operating system, whether it is on a personal computer (typically Linux, FreeBSD, or Mac OS X), a midsized server (again Linux or one of the other UNIX variants), or a large mainframe (such as Solaris, HP-UX, or AIX). The extent of administration you must do will depend on how you use your system. If you have a personal workstation or you are your system’s only
Because UNIX is a multiuser operating system, you may want to set up your system so that many people can use it. As an administrator, you will assign a login name, a password, and a working directory to each user. You will probably want to connect additional terminals or PCs so that several users can work at the same time.
You will also need to protect the information on your system. To do this, you’ll have to monitor available disk space and processing performance, protect against security breaches, and regularly back up the data. Depending on the kind of work being done on your system, you may need to add software or printers, networks, and other hardware peripherals.
This chapter will familiarize you with basic concepts and procedures that go into administering the UNIX System for these major variants: Linux, Solaris, Mac OS X, AIX, and HP-UX. It is divided into four major sections: administrative concepts, setup procedures, maintenance tasks, and security Important administrative topics that require greater depth of explanation are covered in Chapter 14. Topics needed for mail, network, and Internet administration are covered in Chapters 15 and 17. For further information on administration, see the administrative documentation that comes with your system.
Although you don’t need to be a UNIX guru to do basic system administration, you do need to be familiar with basic UNIX features and have some skill in editing and issuing commands. There is much to learn, but being a competent system administrator is a
If you are administering a
This section describes the concepts of administration for multiple users and multiple processes. It also
If you are supporting other users on your machine, you will have to consider their needs as well as your own. You will need to assign them logins and passwords, so that they can access the system, and to add terminals (or PCs), so that they can all work at the same time.
You will probably want to schedule machine maintenance and shutdowns for off-hours, so that you will not have to kick users off the system during the times they need it most. Also, you will want to use the tools provided with UNIX to alert your users about system changes, such as some newly installed software or the addition of a printer. You will also need to service their
The fact that UNIX is multitasking means that many processes can be competing for the same resources at the same time. A lot of busy users can quickly gobble up your file system space and drain available processor time. As an administrator, you can control the priorities that different users and processes have for using your computer’s central processor.
Most computers that run UNIX offer two
Desktop menus typically provide an easier way to administer your system because they tend to be both visually oriented and
When you are starting UNIX System administration, you should begin by using the desktop interface that comes with your system. Using desktop menus will reduce your margin for error and help teach you about the system. You also need not worry about dozens of commands and options.
The examples of administration in this chapter are done with commands, even though an equivalent may exist in the desktop menu interface. There are three reasons for doing this:
Desktop menu interfaces are often very different from one operating system to the
Commands and options tend to be similar from one UNIX system to the next. You could use the commands shown in this chapter on almost any computer running UNIX. If a command shown here is not available on your system,
Desktop Menu interfaces do not let you see what is actually happening, and over time you may lose the understanding of how particular processes work.
Most Linux distributions have built-in system administration tools. Red Hat, for example, uses a tool called
Linuxconf is a tool that is available on most Linux distributions to provide a wide variety of configuration services. YaST is the setup and configuration tool used in SUSE Linux to install software, configure hardware, setup networks, servers, and much more.
Almost all Linux distributions have system administration tools for both client machines as well as servers. As an example, Red Hat Linux uses the Red Hat Console to perform most system administration on servers. Figure 13–1 shows the Red Hat Console. Red Hat Console is a GUI-based front end for Red Hat Administration Server that allows you to manage servers as well as users. Within the Red Hat Console there is a service called the Certificate System (CS) that allows you to configure servers as well as perform other tasks.
Figure 13–1: The Red Hat Console
Prior to Solaris 9, system administrators used admintool as its system administration menu interface. Even though it was rich in features, it was rarely used by more
Figure 13–2: SMC main screen
For other more complex tasks, and for most single-system environments , most Solaris system administrators prefer to use command-line interfaces so that they have better control over the various processes that are executed in completing the task.
The administrative menu interface for HP-UX is called SAM (System Administration Manager). The look of this menu interface is very similar to the Mac OS X menu interface. You can perform most user, file, network, and software administration using this interface. Figure 13–3 shows the SAM main menu.
Figure 13–3: The HP System Administration Manager (SAM)
Apple has a rich tradition of integrating applications with a strong graphical user interface (GUI). Mac OS X Tiger uses the Aqua Desktop environment, as shown in Fig. 13–4, to perform a wide range of user and system administration functions. Administrators that have used previous versions of the Macintosh-or even Windows 2000-environment find the icons familiar, with increased functionality. While there are some system administration functions that can be performed in other menus under Mac OS X, the System Preferences menu provides the most familiar tools, such as user administration, hardware and network administration, system configuration, and desktop management.
Figure 13–4: The Mac OS X Aqua desktop interface
The AIX system administration interface is called the System Management Interface Tool (SMIT). SMIT provides a
Figure 13–5: AIX sample menu screen for user administration
System administrators may add applications to run customized system management routines via the Applications menu screen.
Although menus are better for beginning administrators, traditionally Linux/UNIX System administration has been done by running individual commands. The commands can have a wide variety of options, making them powerful and flexible.
Standard UNIX System administrative commands are contained in the following directories:
/sbin, /usr/sbin, /usr/bin,
You should make sure that those directories are in your path. To check, print your
# echo $PATH /sbin:/usr/sbin:/usr/bin:/etc
As you add applications, you may want to add other directories to your path. You could also add your own directory of administrative commands that you create yourself.
Because individual commands can be run without the restrictions of a menu interface, you can take advantage of shell features:
You can queue up commands to run at a given time. For example, if you wanted to run regularly the disk space usage shell script described in the previous paragraph, you could set up a cron job, described in the next section.
As you become more experienced with administration, you will probably use more commands. For simple procedures, it is usually faster to type a single command than to go through a set of menus.
The cron facility lets you execute jobs at particular dates and times. Windows 2000 and XP administrators use a similar concept, called the Windows Task Scheduler. Usually, a job consists of one or more commands that can be run without operator assistance. Each job can be set up to run regularly, or on one particular occasion.
Although cron may be available to all users on the system, it is particularly useful to administrators who want to run regular maintenance tasks automatically
Here are some of the things you may want to do with cron:
Set up backup procedures to run on a regular schedule during hours when the system is not busy (see Chapter 14).
Set up system activity
Set up commands to check the age and
Set up a command to output reports to a printer later in the day when you know the printer will not be busy
You have four potential ways to set up
jobs. The first is to create a file of the commands in the
format and install it so that the job can run again and again at defined intervals
command). The second is to use the
crontab Command Users who are allowed to use the cron facility-for example, those whose lognames are listed in /etc/cron.d/cron.allow (or /etc/cron.allow in Linux)-can create their own crontab files and install them in their $HOME directory When the system is delivered, a root crontab file should already exist. To add jobs to the root crontab file, type
# crontab -e
Each line in a
file contains six fields that are separated by spaces or tabs. The first five fields are integers that identify when the command is run, and the
Use 00 through 59 to specify the minute of each
Use 0 through 23 to specify the hours of each day the command is run.
Use 1 through 31 to specify the day of each month the command is run.
Use 1 through 12 to specify the month of each year the command is run.
Use 0 through 6 to specify the days of each week the command is run (Sunday is 0).
Multiple entries in a field should be separated by commas. An asterisk represents all legal values. A dash (
) between two
Here are examples of three typical crontab file entries; follow the six-field format to create your own crontab entries:
00 17 * * 1, 2, 3, 4, 5 /usr/sbin/ckbupscd >/dev/console 2>1 0, 30 * * * * /usr/lib/uucp/uudemon.poll > /dev/null 10,25,40,55 * * * * /etc/rfs/rmnttry >/dev/null #rfs
The first entry says to run
(to check for scheduled
run-parts Command Linux system administrators can create directory structures to avoid creating and editing large crontab files that run procedures at different times, by using the run-parts routine. If your distribution does not have this package preloaded, you must first download it from one of the sponsoring sites, such as packages.debian.org/stable/source/ debianutils. Once you have downloaded it into your current directory, you should note the version number (x.xx) and run the following script with the version number replaced:
$mv run-parts-x.xx /tmp $cd /tmp/runparts-x.xx $sudo ./install.sh
This script first moves the
routine into the
directory It then changes the current directory to where you just moved the file. It finally
You now can add any cron scripts into /etc/cron.hourly, /etc/cron.daily, /etc/cron.weekly, /etc/cron.monthly, or /etc/cron.yearly directories, based on when you want to run the script. (Note: These directories are owned by root .)
To most users, the UNIX System directory structure appears as a series of connected directories containing files. To administrators, this series of directories is, itself, a set of file systems. The concept of root as the highest level of the directory structure for all UNIX directories and devices is discussed in detail in Chapter 3. This is a different concept for most PC users, who are used to associating files relative to their current drive (e.g., the C drive).
Each file system is assigned a part of the space (called a partition) from a storage medium (usually a hard disk) on your computer. The file system can then be connected to a place in the directory structure. This action is called mounting, and the place is called the mount point. See Chapter 14 for detailed information on mounting file systems. The standard UNIX System file systems are mounted automatically, either in single-user or multiuser state. (See the description of system states later in this chapter.)
Once a file system is mounted, all files and directories below that mount point will
Important administrative files are distributed among the different file systems. The philosophy behind the distribution has changed drastically in newer versions of UNIX and Linux.
Previously, the UNIX System directory tree was oriented toward the root (/) file system, containing files needed for single-user operation, and the user file system (/usr), containing files for multi-user operation. Interspersed among them were files that were specific to the system and those that could easily be shared among a number of systems.
Most variants of UNIX categorize files into directories containing
Machine private files These are files that support the particular system on which they reside. These include boot files (to build the system’s kernel, set tunable parameter limits, and configure hardware drivers) and accounting logs (to account for the users and processes that consume the system’s resources). These files are in the root file system (i.e., they are available when the machine is brought up in single-user state).
Machine-independent sharable files
These include files that can be shared across the network, regardless of the type of system you are using. For example, the
database files, which contain compiled terminal definitions, are
With this arrangement, whole directories of common files can be shared across a network, yet only files that pertain to a specific system would have to be kept on that system. As a result, computers with small hard disks or no hard disks would be able to run the UNIX System, because few files would have to be kept locally
Chapter 14 offers a description of the UNIX file system and files typically associated with typical directory structures. Chapter 3 includes descriptions of each of the major tree structures.