Linux Installation and Basic System Administration

Basic System Administration In Linux

1. User Account

UNIX intrinsically support multiple users. Each user has its unique identification, login name (or UID number in system sense).
The purpose of user identifications in multiple user environment is for management of resources such as storage space, memory, CPU time and I/O.
Not all users are equal, the root user (UID = 0) is the system administrator and has complete acess to every resources in the system.
Other than root user, all users are equal. They can use the resource what they are assigned to. Such as accessing their own files.
User are also divided into sets, called groups. A user may belong to several groups. Each group is defined by a list of users that are part of that set.

Managing users

Command line tools: useradd, userdel

2. Managing Filesystems

The word filesystem in Unix has two separate meanings:

denotes the entire file tree and the algorithms to use to manage it.
a subsection of the file tree where the files are stored in a separate disp partition.

Checking Filesystem Information

mount: is a process to attach a filesystem on a disk partition to a directory (mount point) in the root file tree.
umount: to detach a filesystem from the root file tree. All unsaved contents of this filesystem will be written.
to check the filesystems mounted, use the command mount or usermount.

    $ mount
    /dev/hda3 on / type ext2 (rw)
    none on /proc type proc (rw)
    /dev/hda1/ on /dos type vfat (rw)
    none on /dev/pts type devpts (rw,gid=5,mode=620)

to check the size of the filesystems mounted, use the command df.

    $ df
    Filesystem           1k-blocks      Used Available Use% Mounted on
    /dev/hda7               996116    744416    201100  79% /
    /dev/hda1              2096160   1642528    453632  78% /dos

filesystem configuration are stored in the following files:

/etc/fstab

/etc/mtab

Overview of the Directory Tree

Linux filesystem are organized in hierarchical manner. Every file is stored on the system with a unique name, in directories which can also hold other files and directories -- or, subdirectories.
/: the root filesystem, top of the directory tree.
/usr: contains all commands, libraries, man pages, and other unchanging files needed during normal operation.
/var: contains files that changesm such as spool directories (for mail, news, printers, etc), log files, formatted manual pages, and temporary files.
/home: contains the users' home directory.
/bin: command needed during bootup that might be yuser by normal users.
/sbin: commands for system administrator on bootup.
/etc: system configuration files
/root: the home directory for user root.
/lib: shared libraries needed by the programs on the root filesystem.
/lib/modules: loadable kernel modules.
/dev: devuce files.
/tmp: temporary files.
/boot: files used by LILO (Linux Loader).
/mnt: mount point for temporary mounts by the system administrator.
/usr/bin: almost all user commands.
/usr/sbin: system administration commands that are not needed on the root filesystem.
/usr/lib: unchanging data files for programs and subsystems, including some site-wide configuration files.

Ownership and Permissions

Linux is a multi-user system, file permissions are one way the users to protect their files.
All files and directories are "owned" by the person who created them. Only root can change the ownership of files and directories.
Users can change the permission of their files or directories.
to check the ownership and permission of a file or directory, use the list command ls.

    $ cd /tmp
    $ cat > file1
    from file1
    ^D
    $ cat file1
    from file1
    $ ls -l /tmp

to change the ownership of a file or directory, becoming the root user and use change owner command chown or File Property dialog in the GNOME / KDE File Manager (gmc / kfm).

    $ chown wsuser.users /tmp/file1
    $ ls -l /tmp/file1

to change the permission of a file or directory, use the change mode command chmod or File Property dialog in File Manager.
Todo: use GNOME File Manager to change the owner and group of the file /tmp/file1 to nobody.nobody.

Start File Manager in GNOME menu->File Manager
Locate the file /tmp/file1
Select the file, right click on the file, select Properties...
In Properties dialog, select Permissions.
in File Ownership:

In the command shell, check the permission

$ ls -l /tmp/file1

3. Who am I? Who is using this system?

to find who you are, try

    $ id
    $ whoami

to find who is using the system, try

    $ w
    $ finger

the primary function of finger is use to lookup information for a specific user.

    $ finger root

4. Add New Software

One of the system administrator's task is to install new software to the Linux since only root can access all disk in the Linux Filesystem.
You can use rpm, to manager software (packages) installed in the system.

5. Managing Process

Processes are command/program/shell-script that is being run in memory.
Each process identified by a number called Process ID(PID).
There are special kind of process called daemons which running in background and performs a system-related tasks. Most of daemons are started as long as the system is up and stopped when on system shutdown. Examples include init, cron, inetd.
to show the processes running in the system, use the process status command ps, top

    $ ps -aux
    $ top

to control a process (terminate, suspend, resume), use the command kill .

6. Practical Security Tips

It (Unix) was not designed from the start to be secure. It was designed with the necessary characteristics to make security serviceable.
-- Dennis Ritchie

Physical Security: lock your computer physical in a secure place.
Password Security:

Do not assign easy-to-guess password.
Do not share your account with other person.
Check user account with null passwd (without passwd) in /etc/shadow.

Network Security:

Close the door first by denying access from network by default.

    $ cat "ALL:ALL" >> /etc/hosts.deny

Stop all unused services such as sendmail, NFS.

    $ chkconfig --list
    $ chkconfig --del sendmail
    $ chkconfig --del nfslock
    $ chkconfig --del rpc

Check system logs in /var/log regularly especially /var/log/secure.
Update your Linux system regularly.

Checking the errata (bug fixes) in http://www.redhat.com/support/errata
The update packages can be found in

ftp://updates.redhat.com

ftp://ftp.cse.cuhk.edu.hk/pub/redhat/updates

To upgrade the system, refer to Working with Update Agent and Freshening of Package Management with RPM in The Official RedHat Linux Reference Guide.