10.5 Administrative Tasks (Topic
2.11)
10.5.1 Objective 1: Manage Users
and Group Accountsand Related System Files
10.5.1.1 passwd and group
-
User account information is stored in
/etc/passwd.
-
Each line in /etc/passwd contains a
username, password, UID, GID, user's name, home directory,
and default shell.
-
Group information
is stored in /etc/group.
-
Each line in /etc/group contains a
group name, group password, GID, and group member list.
-
passwd and group are world-readable.
10.5.1.2 Shadow files
-
To prevent users from obtaining encrypted
passwords from passwd and group, shadow files are implemented.
-
Encrypted passwords are moved to a new
file, which is readable only by root.
-
The shadow file for /etc/passwd is
/etc/shadow.
-
The shadow file for /etc/group is
/etc/gshadow.
10.5.1.3 User and group management
commands
The following commands are commonly used for
manual user and group management:
- useradd
user
-
Create the account
user.
- usermod
user
-
Modify the user
account.
- userdel
user
-
Delete the user
account.
- groupadd
group
-
Add group.
- groupmod
group
-
Modify the parameters of
group.
- groupdel
group
-
Delete group.
- passwd
username
-
Interactively set the password for
username.
- gpasswd
groupname
-
Interactively set the password for
groupname.
- pwconv
-
Convert a standard password file to a
shadow configuration.
- pwunconv
-
Revert from a shadow password
configuration.
- grpconv
-
Convert a standard group file to a shadow
configuration.
- grpunconv
-
Revert from a shadow group
configuration.
- chage
user
-
Modify password aging and expiration
settings for user.
10.5.2 Objective 2: Tune the User
Environment and System Environment Variables
10.5.2.1 Configuration scripts
-
The bash
shell uses system-wide configuration scripts -- such as
/etc/profile and /etc/bashrc -- when it
starts.
-
Commands in /etc/profile are
executed at login time.
-
Commands in /etc/bashrc are executed
for each invocation of bash.
-
Changes to these system-wide files affect
all users on the system.
10.5.2.2 New account home
directories
-
New user directories are populated
automatically by copying /etc/skel and its contents.
-
The system administrator may add, modify,
and delete files in /etc/skel as needed for the local
environment.
10.5.3 Objective 3: Configure and
Use System Log Filesto Meet Administrative and Security
Needs
10.5.3.1 Syslog
-
The syslog system displays and records messages
describing system events.
-
Messages can be placed on the console, in
log files, and on the text screens of users.
-
syslog is
configured by
/etc/syslog.conf in the form
facility.level action:
- facility
-
The creator of the message, selected from
among auth, authpriv, cron,
daemon, kern, lpr, mail,
mark, news, syslog, user, or
local0 through local7.
- level
-
Specifies a severity threshold beyond
which messages are logged and is one of (from lowest to
highest severity) debug, info,
notice, warning, err, crit,
alert, or emerg. The special level
none disables a facility.
- action
-
The destination for messages that
correspond to a given selector. It can be a filename,
@hostname, a comma-separated list of users, or an
asterisk, meaning all logged-in users.
-
Together, facility.levels
comprise the message selector.
-
Most syslog messages go to
/var/log/messages.
10.5.3.2 Log file rotation
10.5.3.3 Examining log files
-
Files in /var/log (such as
messages) and elsewhere can be examined using
utilities such as tail, less, and grep.
-
Information in syslog log files
includes date, time, origin hostname, message sender, and
descriptive text.
-
To debug problems using log file
information, first look at the hostname and sender, then at
the message text.
10.5.4 Objective 4: Automate System
Administration Tasksby Scheduling Jobs to Run in the
Future
10.5.4.1 Using cron
-
The cron
facility consists of crond,
the cron daemon, and crontab files containing
job-scheduling information.
-
cron is
intended for the execution of commands on a periodic basis.
-
crond examines all crontab files every minute.
-
Each system user has access to cron through a personal
crontab file.
-
The crontab
command, shown here, allows the crontab file to be
edited and viewed:
- crontab
-
View, or with -e, edit crontab files.
-
Asterisks in any of the time fields match
all possible values.
-
In addition to personal crontab
files, the system has its own crontab files:
/etc/crontab as well as files
in /etc/cron.d.
10.5.4.2 Using at
10.5.4.3 User access
10.5.5 Objective 5: Maintain an
Effective Data Backup Strategy
-
System backup
provides protection against disk failures, accidental file
deletion, accidental file corruption, and disasters.
-
System backup provides access to historical
data.
-
Full backups save all files.
-
Differential backups save files modified or
created since the last full backup.
-
Incremental backups save files modified or
created since the last full or incremental backup.
-
A full backup will be coupled with either
differential or incremental backups, but not both.
-
Backup media are rotated to assure
high-quality backups.
-
Backup media must be verified to assure
data integrity.
-
Backup is often performed using tar and mt, as follows:
- tar
files
-
Archive or restore files recursively, to
tape or to a tarfile.
- mt
operation
-
Control a tape drive, including skipping
over multiple archives on tape, rewinding, and ejecting.
operations include fsf, bsf,
rewinde, and offline (see the manpage for a
complete list).
-
Backup should include everything necessary
to restore a system to operation in the event of a disaster.
Examples include /etc, /home, /var/log,
and /var/spool, though individual requirements vary.
|