- •About the Author
- •Credits
- •How This Book Is Organized
- •Part I: Linux Basics
- •Part II: Installation
- •Part III: Configuration
- •Part IV: Administration
- •Part V: Maintaining the Linux System
- •How Each Chapter Is Structured
- •How to Use This Book
- •Conventions Used in This Book
- •What is Linux?
- •The origin of UNIX
- •Who started Linux?
- •Understanding Open Source
- •Understanding Closed Source
- •Understanding Artistic License
- •Is Freeware really free?
- •Is Shareware never free?
- •A comparison and contrast of licensing methods
- •The Growth of Linux
- •Linux on a Personal Computer
- •Graphical installation
- •Hardware detection
- •Graphical user interface
- •Linux limitations on the PC
- •Linux succeeds on the PC
- •Linux on workstations
- •Linux on servers
- •Summary
- •Assessment Questions
- •Scenarios
- •Answers to Chapter Questions
- •Assessment Questions
- •Scenarios
- •Linux Kernel
- •Kernel versions
- •Kernel availability
- •Linux Distributions
- •Beehive
- •BlueCat
- •Caldera OpenLinux
- •Debian
- •Corel
- •DragonLinux
- •Elfstone
- •Gentoo
- •Hard Hat Linux
- •KRUD
- •LinuxPPC
- •Mandrake
- •Phat Linux
- •Slackware
- •StormLinux
- •SuSE
- •TurboLinux
- •Yellow Dog Linux
- •Mini and Specialty Distributions
- •Astaro
- •KYZO
- •FlightLinux
- •NetMAX
- •Packages and Packaging Solutions
- •Red Hat Package Manager
- •Debian Package Management System
- •Tarball
- •Linux Resources
- •Summary
- •Assessment Questions
- •Scenarios
- •Lab Exercises
- •Answers to Chapter Questions
- •Assessment Questions
- •Scenarios
- •Linux In the Real World
- •Word Processing
- •Spreadsheets and databases
- •Web browsing
- •File transfer
- •More, more, and more applications
- •The Server and DNS
- •A Linux Web server
- •Linux e-mail server
- •File servers
- •Proxy, news, and search servers
- •FTP servers
- •Firewalls
- •Determining Linux Roles and Services
- •Comparing Linux with other operating systems
- •Hardware compatibility
- •Summary
- •Assessment Questions
- •Scenarios
- •Answers to Chapter Questions
- •Assessment Questions
- •Scenarios
- •Installing Linux
- •Final Preparations for Installation
- •Verification
- •Package selection
- •Final hardware verification
- •Pre-installation partitioning planning
- •Installing Linux
- •Text or GUI installation
- •Basic setup of Linux
- •Selecting the machine type
- •Partitioning the hard disk drive
- •Installing a boot manager
- •Creating the Boot Diskette
- •Networking
- •Additional installation information
- •Accounts and passwords
- •Additional packages to install
- •GUI installation
- •Obtaining video card information
- •Configuring the X windows system
- •Selecting the windows manager or desktop environment
- •Summary
- •Assessment Questions
- •Scenarios
- •Lab Exercises
- •Answers to Chapter Questions
- •Chapter Pre-test
- •Answers to Assessment Questions
- •Scenarios
- •Alternative to the GUI Installation
- •Command Line installation
- •Install the Linux system
- •Network installations of Linux
- •Review of a Linux Installation
- •Installation media
- •Initial selections
- •Installation type or class
- •Disk partitioning and formatting
- •Installing LILO
- •Network configuration
- •User accounts
- •Authentication methods
- •Package selection and installation
- •A Dual-Boot Installation of Linux
- •Linux with Microsoft Windows
- •Linux with Microsoft Windows NT and 2000
- •Linux and Solaris
- •Linux and other operating systems
- •Installing Additional Software with gzip and tar
- •Installing Additional Software with RPM
- •Removing software with RPM
- •Upgrading software with RPM
- •Query the RPM software
- •Verify the RPM software
- •Verify the package files
- •Upgrading the Kernel
- •Upgrading a Linux Kernel
- •System Log Files
- •The Final Test of the Installation
- •Summary
- •Assessment Questions
- •Scenarios
- •Lab Exercises
- •Answers to Chapter Questions
- •Chapter Pre-test
- •Assessment Questions
- •Scenarios
- •What is the X Window System?
- •The X Window System
- •X Client and Server communications
- •X Window Manager
- •Configuring X Window Systems
- •Custom X Window System Programs
- •Manual Configuration of the X Window System
- •Documentation
- •Summary
- •Assessment Questions
- •Scenarios
- •Lab Exercises
- •Answers to Chapter Questions
- •Chapter Pre-test
- •Assessment Questions
- •Scenarios
- •Basic Network Services
- •TCP/IP Protocol Suite
- •Connection protocols needed
- •Other network protocols
- •Configuring Basic Network Services
- •Host name
- •IP addressing
- •DHCP
- •Netmask
- •Hardware resources
- •Routing and gateways
- •PPP, SLIP and PLIP connections
- •Server Tasks with
- •IP aliases for virtual hosts
- •Apache Web Server
- •Samba File Server
- •Home directories
- •Disk shares
- •Configuring Client Services
- •SMB/CIFS
- •NIS client configuration
- •NFS client configuration
- •Configuring Internet Services
- •Web browser
- •POP and SMTP
- •TFTP
- •SNMP
- •Remote Access
- •Rlogin
- •Telnet
- •OpenSSH
- •Documentation
- •Summary
- •Assessment Questions
- •Scenarios
- •Lab Exercises
- •Answers to Chapter Questions
- •Chapter Pre-test
- •Assessment Questions
- •Scenarios
- •Adding Hardware
- •Memory
- •Swap
- •Adding a hard drive
- •Video and monitor
- •Printers
- •Configuration files
- •Setting environment variables
- •BASH
- •Documentation
- •Summary
- •Assessment Questions
- •Scenarios
- •Lab Exercises
- •Answers to Chapter Questions
- •Chapter Pre-test
- •Assessment Questions
- •Scenarios
- •Basic User and Group Administration
- •What are users and groups?
- •Creating users
- •Change user information
- •Deleting users
- •Creating groups
- •Getting Around Linux
- •Navigating Linux
- •Common file and directory commands
- •Setting File and Directory Permissions
- •Mounting and Managing File Systems
- •Mount
- •Umount
- •Mounted file systems
- •Summary
- •Assessment Questions
- •Scenarios
- •Lab Exercises
- •Answers to Chapter Questions
- •Chapter Pre-test
- •Assessment Questions
- •Scenarios
- •Multi-User Environment
- •The creation of Virtual Consoles
- •The Linux Terminal Server Project
- •Configurations for remote systems
- •Monitoring remote connections
- •Common Shell Commands
- •Basic shell scripts
- •Caution using root access
- •Navigating the GUI interface
- •Summary
- •Assessment Questions
- •Scenarios
- •Lab Exercises
- •Answers to Chapter Questions
- •Chapter Pre-test
- •Assessment Questions
- •Scenarios
- •Linux Runlevels
- •init
- •Shutting down Linux
- •Managing Linux Services
- •Configuring Linux Printing
- •lpd daemon
- •/etc/printcap
- •Printing management
- •Using the vi Editor
- •vi operation modes
- •Editing text files
- •Using the
- •Summary
- •Assessment Questions
- •Scenarios
- •Lab Exercises
- •Answers to Chapter Questions
- •Chapter Pre-test
- •Assessment Questions
- •Scenarios
- •Disk and File System Management
- •Repairing Partitions
- •System Automation and Scheduling
- •cron
- •Core Dumps
- •Analyzing core dumps
- •GNU Debugger
- •Managing Networking Interfaces
- •Installing System Packages and Patches
- •Compressed archive
- •Debian Package Installer
- •Slackware Package Installation
- •Summary
- •Assessment Questions
- •Scenarios
- •Lab Exercises
- •Answers to Chapter Questions
- •Chapter Pre-test
- •Assessment Questions
- •Scenarios
- •Linux Processes
- •Core services versus non-critical services
- •Process administration
- •Process control
- •Monitoring Log Files
- •Maintaining Documentation
- •Summary
- •Assessment Questions
- •Scenarios
- •Lab Exercises
- •Answers to Chapter Questions
- •Chapter Pre-test
- •Assessment Questions
- •Scenarios
- •Linux Security
- •Securing the Environment
- •Location
- •Environment
- •System Security
- •System/user files
- •Permissions
- •Log auditing
- •Backups
- •Linux Security Best Practices
- •Network security
- •Firewall
- •System security
- •Securing a Web server
- •Securing an FTP server
- •FTP program version
- •FTP configuration files
- •Process security
- •Summary
- •Assessment Questions
- •Scenarios
- •Lab Exercises
- •Answers to Chapter Questions
- •Chapter Pre-test
- •Assessment Questions
- •Scenarios
- •Disaster Recovery Planning
- •Types of data
- •Frequency and Scheduling
- •Storage and media types
- •Recovering data
- •Offsite storage
- •Linux Backup Tools and Commands
- •Third party tools
- •Tape devices
- •Summary
- •Assessment Questions
- •Scenarios
- •Lab Exercises
- •Answers to Chapter Questions
- •Chapter Pre-test
- •Assessment Questions
- •Scenarios
- •Identifying the Problem
- •Methodology and Best Practices
- •Troubleshooting Resources
- •Documentation resources
- •Internet resources
- •System Log Files
- •Tools for Log Files
- •Output to another file
- •Locating files
- •Process Configuration and Management
- •Stopping, Starting, and Restarting Processes
- •Configuration Files
- •Summary
- •Assessment Questions
- •Scenarios
- •Lab Exercises
- •Answers to Chapter Questions
- •Chapter Pre-test
- •Assessment Questions
- •Scenarios
- •Examining the Startup Process
- •Boot process steps
- •Analyzing Boot Process Errors
- •Common Boot Problems
- •Using System Status Tools
- •File System Check
- •System Resource Commands
- •Using the System Boot Disk
- •Types of boot disks
- •Creating a boot disk
- •Creating a rescue/utility disk
- •Summary
- •Assessment Questions
- •Scenarios
- •Lab Exercises
- •Answers to Chapter Questions
- •Chapter Pre-test
- •Assessment Questions
- •Scenarios
- •Common User Problems
- •Login problems
- •File and directory permissions
- •Printing problems
- •Mail problems
- •Software Package Problems
- •Package dependencies
- •Software and version conflicts
- •Backup and Restore Errors
- •Backup hardware
- •Backup software
- •File restore errors
- •Application Failures
- •Log files
- •Process and daemon errors
- •Web server errors
- •Telnet
- •Mail services
- •Basic Networking Troubleshooting
- •Networking connectivity
- •Network hardware problems
- •Summary
- •Assessment Questions
- •Scenarios
- •Lab Exercises
- •Answers to Chapter Questions
- •Chapter Pre-test
- •Assessment Questions
- •Scenarios
- •Mainboard Components
- •BIOS
- •System memory
- •System Resources
- •I/O addresses
- •Direct memory access
- •Laptop Considerations
- •PCMCIA
- •Linux Peripheral Configuration
- •Installing and Configuring SCSI Devices
- •SCSI definitions
- •SCSI technologies
- •SCSI cabling and termination
- •SCSI device configuration
- •Linux SCSI devices
- •ATA/IDE Devices
- •IDE drive configuration
- •Linux ATA/IDE Drive configuration
- •Linux Support for Other Devices
- •IEEE 1394 (Firewire)
- •Summary
- •Assessment Questions
- •Scenarios
- •Answers to Chapter Questions
- •Chapter Pre-test
- •Assessment Questions
- •Scenarios
- •What’s on the CD-ROM
- •System Requirements
- •Using the CD with Microsoft Windows
- •Using the CD with Linux
- •Microsoft Windows applications
- •Linux applications
- •Troubleshooting
- •Sample Exam
- •Exam Questions
- •Exam Answers
- •Taking a CompTIA Exam
- •How to register for an exam
- •What to expect at the testing center
- •Your exam results
- •If you don’t receive a passing score
- •About the Linux + Exam
- •Preparing for the Linux+ Exam
- •For More Information
- •Preamble
- •No Warranty
- •Glossary
- •Index
Chapter 9 General Linux Administration 293
Every Linux system requires basic system administration, which includes the creation and management of users and groups of users. In order to allow your
users and groups to access data, you must set up permissions to the required files and directories on the system. The administrator must manage these permissions in order to prevent unauthorized access to the file systems, and accidental damage to core system files.
Basic User and Group Administration
Basic user and group administration on a Linux system is an important skill. Among the expectations of this skill is the ability to add and remove users and groups of users. The current users and groups of users must be modified throughout the life of a Linux system.
What are users and groups?
A user account is an individual account that is created for the purpose of granting access based on an individual login. This login is used to determine access levels to the Linux system, including file access, directory access, program access, and access for any other user task. User accounts prevent each user that logs in from having administrative rights. Restricting administrative rights is an important security measure and prevents mischievous activity by allowing only the appropriate system rights for each user.
The administrator must also assign appropriate rights for groups of users. A group is a logical grouping of users who have the same needs, and group accounts are used to simplify administration of file and directory permissions. This is accomplished by creating a group account, assigning permissions rights to this account, and then adding the appropriate individual users to the group. An example of this might be a payroll department for a company. By creating a Payroll group, you can assign the users who are responsible for payroll activities to a group with access permissions to payroll files. Furthermore, it’s probably not a good idea to allow others access to the payroll system. Because the payroll system is most likely comprised of many systems, you can cut down on the overhead of assigning permissions by using groups instead of enabling access to each system for each individual user.
Creating users
4.1 Create and delete users
294 Part IV Administration
Some users can be created during the installation of the Linux operating system; however, you will need to add more users as the system is used. You can add more users by employing the adduser command. To use the adduser command, you must have administrative rights. With the adduser command, you can choose from several different options to assign to created users — these options are shown in Table 9-1.
|
Table 9-1 |
|
Options for adduser |
|
|
Option |
Description |
|
|
-c comment |
The new user’s password file comment field. |
|
|
-d <home directory> |
The new user will be created using <home directory> as the |
|
value for the user’s login directory. |
|
|
-e YYYY-MM-DD |
The date the user account will be disabled in the format year- |
|
month-date (2001-12-31) |
|
|
-f # |
Sets the number of days after a password expires until the |
|
account is permanently disabled. -1 disables the feature and 0 |
|
disables the user account when the password expires. |
|
|
-g |
The group name or number of the user’s initial login group. |
|
|
-G |
A list of groups of which the user is also a member. |
|
|
-m |
The user’s home directory will be created if it does not already |
|
exist. The -k option copies the files contained in skeleton_dir to |
|
the home directory; if this option is not used, then the files in |
|
/etc/skel will be used. |
|
|
-M |
The user’s home directory will not be created even if the default |
|
is to create the home directory. |
|
|
-n |
A group having the same name, because the user will not be |
|
created. This is distribution-specific. |
|
|
-r |
Used to create a system account and requires the -m option to |
|
create a home directory. |
|
|
-p <password> |
The encrypted password as returned by the password generator. |
|
|
-s <shell> |
Assigns the <shell> as the user’s login shell. |
|
|
-u <uid> |
The numerical value of the user’s ID must be unique, unless |
|
the -o option is used. The default is to the next available number |
|
greater than 99. |
|
|
No Options |
The useradd command displays the current default values. |
|
|
--help |
Provides program help. |
|
|
Chapter 9 General Linux Administration 295
With these switches and options, you can use the adduser command to create new users. The following files are used to support the addition of users:
/etc/passwd: Contains user account information
/etc/shadow: Contains secure user account information
/etc/group: Contains group information
/etc/default/useradd: Contains the default information for adding users
/etc/login.defs: Contains the system-wide default login settings
The most common command used to add a user is adduser <username>. In enterprise environments, however, the command often includes the -p to assign an initial password and -g to assign a group. The adduser command is an important tool in the administration of users.
Change user information
4.2 Modify existing users (e.g., password, groups, personal information)
You can change user information by using several tools. The tools that are most often used are chfn, chsh, and usermod. Linux administrators use these commands to provide basic user management in the Linux environment.
The usermod command
The usermod command is the command most often used to administer user accounts. This command uses the -c, -d, -e, -f, -g, -p, -s, and -u options that were shown previously in Table 9-1 and the following options shown in Table 9-2.
|
Table 9-2 |
|
Options for usermod |
|
|
Option |
Description |
|
|
-l <login name> |
Changes only the user’s account name to <login name>. This |
|
does not change the home directory of the user. |
|
|
-L |
Locks the user’s password, effectively disabling the password. |
|
|
-U |
Unlocks the user’s password, reverses the -L option. |
|
|
--help |
Provides program help. |
|
|
296 Part IV Administration
The usermod command provides access to not only the settings available when creating an account, but also to the settings for changing an account name and locking and unlocking an account. These settings make the usermod command an excellent tool for basic administration of the user account.
The chfn command
Another tool that is often used to provide basic user account administration is chfn. The chfn command is used to change the finger information provided by the /etc/passwd file. This file provides four fields that are displayed when the finger command is used to identify a user.
Use the finger command to gather information based on a user name. The command can accept user names and return real information about that user.
The Linux finger command displays four pieces of information: full name, location, work phone, and home phone. This information can be useful to identify users by using the finger command. The command employs options to assign this information, as shown in Table 9-3.
|
Table 9-3 |
|
Options for chfn |
|
|
Option |
Description |
|
|
-f <full name> |
Assigns the full name of the user. |
|
|
-o <office> |
Allows the assignment of the location or office room. |
|
|
-p <phone number> |
Assigns the office phone number. |
|
|
-h <phone number> |
Assigns the home phone number. |
|
|
-v |
Prints version information. |
|
|
-u |
Prints usage message. |
|
|
--help |
Provides program help. |
|
|
The chfn command allows administrators to provide basic real world information about a user to the finger command.