Configuration Files Pertaining to Groups and Users
1. /etc/passwd = contains users accounts and passwords. Entries follow this syntax:
name:password:UID:GID:GECOS(Text Description of User):homedirectory:shell
Note: The password field will contain “x” if shadowing is used, and “!!” if no
password is set.
2. /etc/shadow = contains shadowed passwords. This file must be created later if it
was not created during installation. Entries follow this syntax:
name:password:lastchange:min:max:warn:disable1:disable2
3. /etc/group = contains groups and their members and GIDs. Entries follow this
syntax: name:password:GID:members .
4. /etc/login.defs = user account default settings used when adding users.
5. /etc/default/useradd = user account default settings used when adding users.
Configuration Files
vi /etc/motd = Saving text to this file creates a banner “Message Of The Day” that will display
each time a user logs in. It’s just plain ASCII text.
/etc/X11/xorg.conf = location of video card driver config file. You may need to tweak this from
time to time if X Windows will not run the GUI. If XFree86 is installed, it may also be located in
/etc/X11/XF86Config .
/etc/fstab = drives to mount automatically
/etc/inittab = daemons to start automatically at certain run levels. /etc/inittab contains the startup
parameters for your Linux installation. I usually always change the init level from “5” to “3” to boot
up in non-graphical mode and make X Windows optional. This involves changing the line "initdefault:"
and commenting out the last line in inittab that calls gdm. This has the advantage of freeing up CPU
cycles and memory if I just need the server daemons running and no video/multimedia.
/etc/mtab = contains currently mounted file system.
/etc/hosts = host file of IP to hostname mappings.
/etc/hosts.allow = hosts to allow
/etc/hosts.deny = hosts to deny
/etc/sysconfig/network = hostname
/etc/sysconfig/network-scripts/ifcfg-eth0 - The IP, MAC and protocol configuration for each NIC.
/etc/ppp/pap-secrets = pap file with ppp connection
/etc/ppp/chap-secrets = chap file with ppp connection
/etc/resolv.conf = client DNS server address settings (test with “nslookup”)
Configuring Startup Options
chkconfig = program to add daemons to the Linux startup sequence. There are three basic switches:
chkconfig –list = display all daemons configured to start at various run levels.
chkconfig –add = add a daemon to the list to automatically start at a cetain run level.
chkconfig –level = set the init level at which a daemon should start
As an example, we will add all the daemons above to the startup sequence for Linux and have
them all automatically start at init level 3 and init level5:
# NFS Networking
chkconfig –add nfs
chkconfig –level 3 nfs on
chkconfig –level 5 nfs on
chkconfig –add nfslock
chkconfig –level 3 nfslock on
chkconfig –level 5 nfslock on
# SAMBA Networking for Windows
chkconfig –add smb
chkconfig –level 3 smb on
chkconfig –level 5 smb on
# FTP Server
chkconfig –add vsftpd
chkconfig –level 3 vsftpd on
chkconfig –level 5 vsftpd on
# Apache Web Server
chkconfig –add httpd
chkconfig –level 3 httpd on
chkconfig –level 5 httpd on
As an alternative to using the “chkconfig” command, some Linux and Unix systems require that startup
information be added to the “/etc/inittab” file. This would have the same effect as using “chkconfig”,
depending on the system and version:
# System initialization.
si::sysinit:/etc/rc.d/rc.sysinit
l0:0:wait:/etc/rc.d/rc 0
l1:1:wait:/etc/rc.d/rc 1
l2:2:wait:/etc/rc.d/rc 2
l3:3:wait:/etc/rc.d/rc 3
l4:4:wait:/etc/rc.d/rc 4
l5:5:wait:/etc/rc.d/rc 5
l6:6:wait:/etc/rc.d/rc 6
# For NFS, restart daemons in this order.
l7:3:wait:/usr/sbin/rpc.mountd
l8:3:wait:/usr/sbin/rpc.nfsd
l9:3:wait:/usr/sbin/rpc.rquotad
# For SAMBA
l10:3:wait:/etc/rc.d/init.d/smb start
# For Apache Web Server
11:3:wait:/etc/rc.d/init.d/httpd start
# For FTP Server
l12:3:wait:/etc/init.d/vsftpd start
Note: Depending on the circumstances and version of Linux, chkconfig or editing
the inittab file may be preferred over other methods.
Runlevels and “init”
init = also “telinit” used to take Unix/Linux up and down run levels. In the folders /etc/rc.d/rc0.d to folder
/etc/rc.d/rc6.d are soft links (created with ln –s) that are prefixed with a “K” for killing or an “S” for starting.
When entering a runlevel, all links with a “K” are killed and all links with an “S” are started.
The three runlevels to be concerned with are:
1 = single user (diagnostic/safe mode for running fsck and other tools)
3 = full multi user mode, all the daemons but without the GUI or XServer
5 = the full monty, all daemons and the GUI and XServer and a bag of chips!
Environment Files – You can create multiple environment files for different users.
These are usually called “profiles”, and they are executed in the following order:
1. /etc/profile
2. ~/.bash_profile
3. ~/.bash_login
4. ~/.profile
Note:
Remember that the "~" means the home directory of
the current user.
GUI Configuration
The GUI of Linux is X Windows. Remember that in Linux/Unix, everything concerning the GUI is “a la carte”,
separate from the OS and kernel. In addition to the commonly used KDE (K Desktop Environment), GNOME
(GNU Object Model Environment) and Xfce desktops, there are many different Window Managers that can be
employed with X Windows. Some of these are enlightenment (sometimes used by GNOME), fvwm (feeble
virtual window manager), kwin (used by KDE) , metacity (GNOME window manager in Fedora Core 2 - Fedora
Core 4), sawfish, twm (Tab Window Manager), and wmaker (Window Maker). Configuration files are as follows:
1. /etc/X11/gdm/gdm.conf = configures appearance of gdm (GNOME Display Manager).
2. .Xclients-default = default desktop environment that loads, located in user’s home directory. Remember that
anything that starts with a “.” Is a hidden file and can only bee seen with “ls –a”. In thisfile is a line that
begins with “exec”. To start a desktop environment by default, change it to “exec” + :
1. gnome-session
2. startkde
3. startxfce4
4. twm
3. .Xclients = points to the .Xclients-default file above. Located in user’s home directory.
4. /etc/X11/xorg.conf = video card configuration file. Tweak this with vi if you can’t
start X Windows.
5. /etc/X11/XF86Config = video configuration file if using XFree86.
Hardware Configuration
1. /proc/cpuinfo – information detected about cpu.
2. /proc/meminfo – information detected about amount of RAM.
3. /proc/dma - information detected about DMA channels.
4. /proc/interrupts - information detected about IRQ assignments.
5. /proc/ioports – information detected about I/O addresses.
6. /proc/modules - information detected about modules installed.
7. /var/log/boot.log = log of services on startup.
8. /var/log/messages = log of messages from system on startup.
dmesg = displays hardware detected by Kudzu at boot time.
The RedHat Package Manager (RPM)
rpm = rpm command. Syntax:
1. Install a rpm package = rpm –ivh TheProgram.rpm
2. Query a rpm package = rpm –q TheProgram.rpm
3. List all files in the package = rpm –ql TheProgram.rpm
4. Remove rpm program = rpm –e TheProgram
Note: When running rpm -q APackage to query a package, note that the
string name of the rpm file in the database is often not the same name
as the file name, so you must guess a bit.
Tarballs and Gunzip (compression and decompression)
The older method of installing Unix/Linux programs (in other words, before the most wonderful and
convenient “Redhat Package Manager” - may it live forever), involved using several utilities among
which were those called “tar” and “gunzip”. Now “gunzip” is easy, it's just “unzip” with a “g”
preceding it, from “GNU”, and sounding like the familiar “winzip” archive utility used by Windows
users. As far as “tar” is concerned, I'm unsure of the history. But tar files are called “tar balls” and
effectively they “glue” or “tar” files and directories together into an archive. When you have spent
all day “tarring” files, you begin to feel rather “tarred”. Ha ha. Sorry, just trying to be funny. Please
don't “tar” and feather me and shoot me with a “gunzip”. Ha ha. Guess I should get
back to explaining things. ( I have no life, this is midnight madness! This is my song.)
A common practice then, is to “tar” a bunch of files and directories to turn them into a single archived
file with the extension “.tar”, and then to “gzip” the tar file to compress the archived file for downloading,
giving it an extension of “.gz”. This means you must first “gunzip” the file, and then you must “un-tar” it.
Many times a two step process, and of course there are commands to “tar” and “gzip” things (compression)
just as well as we can “untar” and “gunzip” (decompression) them.
1. gunzip TheFile.gz = decompresses the file and removes the “.gz” extension.
2. gzip TheFile = compresses the file and adds the “.gz” extension.
3. tar -xvf TheFile.tar = extracts “tar ball” archive file.
4. tar -cvf TheFile.tar = creates “tar ball” archive file.
Procedure for Using GCC Compiler to Install Software
1. chmod 777 * - Make all files executable.
1. Type “./configure” to run the configure script. Make any necessary
changes before running.
2. Type “make” to compile.
3. Type “make install” to install the file.
Logging In Linux
syslogd = system log daemon
/var/log/* - location of various log files
/etc/syslog.conf = configures log files. Entries are as such:
Facility.priority /etc/log/TheLogFile
/etc/logrotate.conf = controls the logrotate settings.
logrotate = backs up and clears log files.
Measuring Performance
mpstat = Stands for “Multi Procesor Statistics”, measures CPU cycles on Linux Server. Can specify
the interval in seconds and the number of measurements to make. Syntax: mpstat 5 7 .
iostat = disk performace
sar = System Activity Reporter
Printing
Linux uses the Common Unix Printing System (CUPS) for managing print jobs. It utilizes
“cupsd”, the cups daemon. Configuration files are located in /etc/cups/cupsd.conf and
/etc/cups/printers.conf.
lp = print a file, the printer daemon. Syntax = lp –d Ricoh /etc/MyFile.txt
lpstat = display jobs in print queue. Syntax = lpstat + printer
lpstat –t = list total printers and their status
lp –d = print a print job. Syntax = lp –d NameOfPrinter FileToPrint .
Example: lp –d Ricoh1 /etc/hosts
You can pipe the output of commands to a printer like:
Example: ls –la | lp –d Ricoh1
cancel = cancels a print job in the queue. Example: cancel PrintJob#
cancel –a = cancel all print jobs
lpadmin = allows you to control/restrict printer access. Example:
lpadmin –u allow:root,sandrabullock –u deny:all –d Ricoh1 = Allow root and Sandra Bullock
to print to the printer Ricoh1, but no one else.
Configuration of printers can happen several different ways. You can access it via the GUI
by “RedHat” button -> “System Settings” -> “Printing”. You may also use:
1. Terminal = system-config-printer-tui
2. GUI = system-config-printer-gui
LPD = Old Unix line printer daemon.
lpc = views status of printers Syntax: lpc status
lpr = prints documents Syntax: lpr -#2 –P Ricoh1 /etc/hosts
lpq = view status of printer queue
lprm = remove print job from queue Syntax: lprm 3
accept = enables spooling Syntax: accept Ricoh1
reject = disables spooling Syntax: reject Ricoh1
enable = disable printer Syntax: enable Ricoh1
disable = enable printer Syntax: disable Ricoh1
To cause jobs to be collected in the print queue, one might “accept” printer spooling
for the printer, yet “disable” the printer.
Scheduling
at = schedules an event. Example: at 9:30pm August 10. After you type at and its arguments,
you will get a prompt. You may type the commands you wish to execute, hitting enter and going
to the next line for each command. When you are ready to end, press [ CTRL + d ] to finish. The
“at” command is for occasional or one time only tasks. Example:
at 9:30pm August 10
at> ./MyScript
at> ls -l
at> date > TheDate.txt
at> [CTRL + d ]
at –l = display at jobs queued.
at –d = remove an at job. Syntax: at –d 3 = remove at job 3.
at –c = show contents of at job
/etc/at.allow = Allows users to use at commands.
If not configured, only root is allowed.
/etc/at.deny = Denies users the use of at commands.
crontab = access cron table. File located in /etc/crontab and in /etc/cron.d. The cron daemon is for doing things
repetitively on a cyclical basis.
crontab –e = calls the vi editor to edit or create the specified crontab text file.
crontab –l = lists cron table
cron tables are structured as follows:
|
Minute |
Hour (24
hr.) |
Day of
Month |
Month |
Week Day |
|
0 |
0 |
0 |
0 |
0 |
Its just numbers separated by spaces, but the numbers have meaning in their order,
that is to say in where they are placed. So, in a crontab file:
13 18 24 8 2 /root/scripts/MyScript = Run MyScript at 6:13 pm, August 24 on the 2nd day of the week (Tuesday).
Quotas
Soft limits = allows user to
exceed quota limits for certain period of time.
Hard limits = rigid, prevent user from
exceeding limits period.
|
quotaon = turn quotas on
quotaoff = turn quotas off
edquota = edit quota entries |
quotacheck
= update quota database
repquota = produce quota report |
1. To enable and configure quotas
automatically each time the server boots, you need
to add the following entry to /etc/fstab :
LABEL=/ /
ext3 defaults,usrquota,grpquota
1 1
2. Next, remount the root file system
using:
mount / -o remount,rw
3. Update the quota database with
owned files using:
quotacheck -mavug
4. Turn on quotas on the root file
system:
quotaon /
5. Edit quotas for different users
using: edquota –u TheUserName
. This command actually just launches the vi
editor and allows you to configure the quota limit
text configuration file. Using the command
edquota –u –t will
allow you to set the time limit for soft quotas. The
user quota file has the following structure:
Disk quota for root:
|
Filesystem |
blocks |
soft (Kb) |
hard (Kb) |
inodes |
soft (inodes) |
hard (inodes) |
|
/dev/hda2 |
1200 |
0 |
0 |
456 |
0 |
0 |
*Note: A “0” for soft and hard means
no quota limit for root.
Disk quota for cgermany:
|
Filesystem |
blocks |
soft (Kb) |
hard (Kb) |
inodes |
soft (inodes) |
hard (inodes) |
|
/dev/hda2 |
1200 |
18432 |
20480 |
326 |
900 |
1000 |
*Note: 18 Mb soft limit and 20 Mb
hard limit for cgermany. Soft limited to 900
inodes,
hard limited to 1000 inodes.
repquota = Will produce a report on quotas.
Example: repquota /
(produces report for root file
system)
Backing Up a Unix/Linux System
You system is only as good as its latest complete backup, and after spending all this time configuring things, it would
be nice to back it all up so we don’t have to do it again.
A. CPIO
cpio = Unix backup utility. It stands for “Copy In, Copy Out”. To create a new archive, a list of files must be
created using the “find” or "ls" command. Then this list can be fed to cpio by using piping procedures. Works with
all kinds of file systems (not just ext2 and ext3). Example:
The New Ways: (for the new Linux+ 2004 exam)
ls . | cpio -o >backup.cpio = backs up files in current directory to "backup.cpio".
find /root/backupfolder | cpio -o > backup2.cpio = backs up everything in /root/backupfolder .
find -mtime 1 | cpio -oav > ~/backup/dev/hdf7/incremental.cpio = find all files modified
with the last day (24 hours) and back them up.
cpio -i <backup.cpio = restore all files from file "backup.cpio"
Zee-old-vays: find /root/Downloads | cpio –vocB –o /dev/hdd2 (no longer works in many versions)
find /root/Downloads | cpio –vocB –o /root/Downloads.cpio
The archive created with by cpio with the above command can be extracted (restored) with the command:
cpio –vicduB -i /dev/hdd2 . These files will be extracted recursively to whatever directory you are currently
in when running the cpio command (use “pwd” to see). To summarize:
1. cpio –vitB –I /root = view a verbose table of contents of an archive
2. find /root/Downloads | cpio –vocB –o /dev/hdd2 = backup to drive
3. find /root/Downloads | cpio –vocB –o /root/Downloads.cpio = backup to file
4. cpio –vicduB -i /dev/hdd2 = extract (restore) backup to current directory
Here's some interesting and useful arguments to use with cpio from the man pages:
-A, --append
Append to an existing archive. Only
works in copy-out mode. The archive must
be a disk file specified with the -O or
-F (--file) option.
-d, --make-directories
Create leading directories where needed.
-L, --dereference
Dereference symbolic links (copy the
files that they point to instead of
copying the links).
-m, --preserve-modification-time
Retain previous file modification times
when creating files.
-M MESSAGE, --message=MESSAGE
Print MESSAGE when the end of a volume
of the backup media (such as a tapeor a
floppy disk) is reached, to prompt the
user to insert a new volume. If MESSAGE
contains the string "%d", it is replaced
by the current volume num
ber (starting at 1).
--no-absolute-filenames
In copy-in mode, create all files
relative to the current directory, even
if they have an absolute file name in
the archive.
-o, --create
Run in copy-out mode.
-O archive
Archive filename to use instead of
standard output. To use a tape drive on
another machine as the archive, use a
filename that starts with `HOSTNAME:'.
The hostname can be preceded by a
username and an `@' to access the remote
tape drive as that user, if you have
permission to do so (typically an entry
in that user's `~/.rhosts' file). |
-r, --rename
Interactively rename files.
-t, --list
Print a table of contents of the input.
-u, --unconditional
Replace all files, without asking
whether to replace existing newer files
with older files.
-v, --verbose
List the files processed, or with -t,
give an `ls -l' style table of contents
listing. In a verbose table of contents
of a ustar archive, user and group names
in the archive that do not exist on the
local system are
replaced by the names that correspond
locally to the numeric UID and GID
stored in the archive.
-R
[user][:.][group], --owner
[user][:.][group]
In copy-out and copy-pass modes, set the
ownership of all files created to the
specified user and/or group. Either the
user or the group, or both, must be
present. If the group is omitted but the
":" or "." separator is given, use
the given user's login group. Only the
super-user can change files' ownership. |
B. Dump/Restore
dump – backups to the specified drive and partition (1st argument) and the specified file system
(2nd argument). Example: dump -0uf /dev/hdd1 /dev/hda0 . This would backup the
boot partition (hda0) to the secondary IDE slave drive on the second partition (hdd1). For partitions
rather than individual files and directories.
restore – Restores backups made with “dump”. To view the contents of a backup specify its location and use:
restore –tf /dev/hdd1 . To restore the dump above: restore –vrf /dev/hdd1 .
/etc/dumpdates – file that keeps track of backups for full, incremental, and
differential backups.
Automating Backups
Note that on many versions of Linux you must be in the same directory when initiating a backup job. For this
reason it may be necessary to write a script to change directories and then perform the backup as opposed
to trying to call cpio directly from a crontab file.
cd /Back_Me_Up/data1
ls | cpio -ov > ~/BackUps/data1/Backed_You_Up1.cpio
cd ../data2
ls | cpio -ov > ~/BackUps/data2/Backed_You_Up2.cpio
cd ../data3
ls | cpio -ov > ~/BackUps/data3/Backed_You_Up3.cpio
cd ../data4
ls | cpio -ov > ~/BackUps/data4/Backed_You_Up4.cpio
cd ../data5
ls | cpio -ov > ~/BackUps/data5/Backed_You_Up5.cpio |
Save the
script as "BackUpStuff". chmod it 777 to make it
executeable. Move the script to the home
directory of the user creating the crontab file
(In my case "/root") represented by the ~ . Then
type "crontab -e" to create a crontab entry like
so:
0 22
* * * ~/BackUpStuff
This would
run the script to back up the directory every
day at 10:00 pm, regardless of date, month, or
day of week. Remember that crontab files go:
minutes + hours + day of month + month + day of
week.
Process and Job Control
ps = Allows viewing running processes which can then be killed. Examples:
ps –f = full option, lists more information per process.
ps –l = lists more information than the –f option.
ps –e = display entire list of processes across all terminals.
ps –a = processes that run across all terminals.
ps -x = processes that do not run across terminals.
*Note: These can all be combined like: ps –aux and so forth.
kill = stops a running process. You can specify different arguments with the kills command, or leave them
out and it will use the default kill signal which is 15, or SIGTERM . Examples:
1. SIGHUP = 1 (Stops and restarts process with same PID.)
2. SIGINT = 2 (weakest, most compatible)
3. SIGQUIT = 3 (core dump)
4. SIGTERM = 15 (default)
5. SIGKILL = 9 (absolute kill)
kill –l = view different kill signal options.
ls /proc/ = lists all processes in subdirectories corresponding to their PIDs.
& = designates a process as a background process to run in the background.
Example: “MyProgram &” will start MyProgram running in the background.
The command prompt will return, and the user may do other things while it is running.
Please note that all background job IDs must be prefixed with a “%” character.
Example: kill -2 %1 .
jobs = display background job IDs.
fg = moves process to the foreground. Must use “%” to access the PID. Example:
fg %1
bg = moves process to the background. Must use “%” to access the PID. Example:
bg %1
nice = sets cpu priority. A lower nice value increases priority. A higher nice value decreases it.
The default nice value is 0. The lowest nice value is -20, which would receive the most CPU priority.
The highest nice value is 19, which would receive the least CPU priority. Examples:
nice –n 15 ps –aux = would start the ps –aux command with a nice value of 15.
(low priority).
nice –n -20 ps –aux = would start the ps –aux command with a nice value of -20.
(high priority).
renice = use after a process has been started. Example:
renice +15 3456 = will reset whatever the nice value is for process 3456 to 15 (low
priority)
|
Contact
