Introduction to System Admin Sirak Kaewjamnong The system

Introduction to System Admin Sirak Kaewjamnong

The system administration’s job Adding a new user ¡ Doing backup and restoring files from backups ¡ Answer user questions ¡ Monitoring system activity and tuning system performance for good respond time ¡ Worrying about system security and patching security holds ¡ 2

The system administration’s job Installing programs and OS updates ¡ Trying to free up disk space ¡ Rebooting the system after a crash ¡ Adding a new equipment and new systems ¡ Fixing any problems ¡ Writing scripts to automate as many of the above activities as possible ¡ 3

Unix superuser Superuser is a privileged account with unrestricted access to all files and command ¡ The user name of superuser is “root” ¡ This user has a user ID of 0 ¡ 4

Becoming root ¡ There are two ways to become the superuser 1. 2. Login as root directly Execute command su to change privileged 1. %su 5

Sudo command ¡ ¡ The sudo utility allows users defined in the /etc/sudoers configuration file to have temporary access to run commands they would not normally be able to due to file permission restrictions Sudo (superuser do) allows a system administrator to give certain users (or groups of users) the ability to run some (or all) commands as root 6

The /etc/sudoers File ¡ The /etc/sudoers file contains all the configuration and permission parameters needed for sudo to work 7

Format of the /etc/sudoers File usernames/group servername = (usernames command can be run as) command ¡ Groups are the same as user groups and are differentiated from regular users by a % at the beginning. The Linux user group "users" would be represented by %users. ¡ can have multiple usernames per line separated by commas. ¡ Multiple commands also can be separated by commas. Spaces are considered part of the command. ¡ The keyword ALL can mean all usernames, groups, commands and servers. ¡ If run out of space on a line, admin can end it with a back slash () and continue on the next line. ¡ The NOPASSWD keyword provides access without prompting for your password. 8

/etc/sudoers Examples root %wheel ¡ ALL = (ALL) ALL root and users in group wheel can run anything on any machine as any user Srk, rp ¡ ALL = (ALL) ALL = NOPASSWD: ALL User srk and rp can run anything on any machine without a password peter, %operator ALL= /sbin/, /usr/sbin, /usr/local/apps/check. pl ¡ user peter and all the members of the group operator to gain access to all the program files in the /sbin and /usr/sbin directories, plus the privilege of running the command /usr/local/apps/check. pl 9

Using Aliases in the sudoers File User_Alias ADMINS ¡ ¡ User alias ADMINS are user millert. mikef, dowdy User alias ADMINS can run anything on any machine without a password Cmnd_Alias srk ¡ ADMINS = millert, mikef, dowdy ALL = NOPASSWD: ALL PRINTING = /usr/sbin/lpc, /usr/bin/lprm SHUTDOWN = /usr/sbin/shutdown ALL = PRINTING, /usr/bin/adduser User srk can use printer and add new user 10

How to add user Add linux group #groupadd students #groupadd staff #groupadd teachers ¡ Add the Linux users and assign them to their respective groups #useradd –g teachers rp #useradd –g staff srk ¡ ¡ Each user's personal directory is placed in the /home directory. The directory name will be the same as their user name 11

Change password ¡ User root changing the password for user paul [root@myhost]# passwd paul Changing password for user paul. New password: Retype new password: passwd: all authentication tokens updated successfully. [root@myhost]# 12

Delete user ¡ ] ¡ The userdel command is used to remove the user's record from the /etc/passwd and /etc/shadow used in the login process. The command has a single argument, the username root@myhost]# userdel paul an optional -r switch that additionally removes all the contents of the user's home directory [root@myhost]# userdel -r paul 13

¡ http: //www. sudo. ws/sudo/sample. s udoers 14