System Administration Final ProjectSystem Administration Final Project- Micro Computer Center- Micro Computer Center

hchung, hwchiu

Com

pu

ter C

en

ter, C

S, N

CTU

2

Share these files:master.passwd

hostsgroup

netgroupypserversamd.map

sahome

sadutysabsd

NIS Master

NIS Slave

……...

sa-core

NIS Client

ypbind

ypbind

ypbind

yppush

Com

pu

ter C

en

ter, C

S, N

CTU

3

Export/net/data (ro)/net/home (maproot=nobody)

sahome

saduty

sabsd

NFS Master

NFS Client

……...

sa-core

NFS Client

nullfs

Export/net/data (ro)/net/home (maproot=nobody)/net/admin

Sudoers on NFS

Com

pu

ter C

en

ter, C

S, N

CTU

4

sahome

saduty

sabsd

……...

sa-core

ssh

ssh

Only sa-adm can connect to sa-core only from saduty

ssh

Com

pu

ter C

en

ter, C

S, N

CTU

5

Requirement (1/5)Requirement (1/5)- Overview- Overview

Machines• sahome: NFS Server, NIS Master Server, (NIS Client)

• saduty: NIS Slave Server, (NIS/NFS Client)

• sabsd: (NIS/NFS Client)

Groups• sysadm: can access /net/data/sata

• nctucs: everyone

Netgroups• sa-adm: admin users, can login sa-core

• sa-core: core machines (sahome and saduty)

• sa-bsd: all bsd machines

Com

pu

ter C

en

ter, C

S, N

CTU

6

Requirement (2/5)Requirement (2/5)- sahome- sahome

nullfs• /net/home -> /vol/home

• /net/data -> /vol/data

• /net/admin -> /vol/admin

NIS• Bind priority: sahome>saduty

login• sa-adm only

• Only from saduty

Com

pu

ter C

en

ter, C

S, N

CTU

7

Requirement (3/5)Requirement (3/5)- saduty- saduty

NFS• /net/home -> sahome:/vol/home (maproot=nobody)

• /net/data -> sahome:/vol/data (ro)

• /net/admin -> sahome:/vol/admin (ro)

NIS• Bind priority: saduty>sahome

login• sa-adm only

Com

pu

ter C

en

ter, C

S, N

CTU

8

Requirement (4/5)Requirement (4/5)- saduty- saduty

NFS• /net/home -> sahome:/vol/home (maproot=nobody)

• /net/data -> sahome:/vol/data (ro)

NIS• Bind priority: saduty>sahome

login• All

Com

pu

ter C

en

ter, C

S, N

CTU

9

Requirement (5/5)Requirement (5/5)

1-3 members a team All machines share /net/data/sudoers Auto-start all services Auto-mount all folders User can change password on NIS Clients

Com

pu

ter C

en

ter, C

S, N

CTU

10

Step 1Step 1- Setup sahome as NIS Master Server- Setup sahome as NIS Master Server

Edit /etc/rc.conf• nis_server, nisdomainname, yppasswdd

Edit /var/yp/Makefile• #NOPUSH = "True"

• HOSTS     = $(YPDIR)/hosts

• GROUP = $(YPDIR)/group

• AMDHOST   = $(YPDIR)/amd.map

Create /var/yp/hosts, /var/yp/group…etc• Edit /var/yp/master.passwd & /var/yp/group to create your accounts

• Edit /var/yp/hosts to fit your environment

Initial and start services

Com

pu

ter C

en

ter, C

S, N

CTU

11

Step 2Step 2- Setup NIS Clients- Setup NIS Clients

Add NIS Servers’ IP to /etc/hosts Edit /etc/master.passwd & /etc/group

• vipw

Edit /etc/nsswitch.conf• hosts : files nis dns

Edit /etc/rc.conf• nis_client, nisdomainname, ypbind

Testing tools• ypcat

• ypwhich

Com

pu

ter C

en

ter, C

S, N

CTU

12

Step 3Step 3- Setup NFS environment- Setup NFS environment

Nullfs (NFS Server)• $ mount_nullfs /vol/home /net/home

• In /etc/fstab: /vol/home /net/home nullfs rw 2 2

• Create and chmod /sbin/fsck_nullfs:#!/bin/sh

exit

Edit /etc/exports (NFS Server) Edit /etc/rc.conf

• amd (NFS Client)

• nfs_server, mountd (NFS Server)

Edit amd.map (NIS Server)

Com

pu

ter C

en

ter, C

S, N

CTU

13

Step 4Step 4- Setup saduty as a NIS Slave Server- Setup saduty as a NIS Slave Server

Edit /etc/rc.conf• nis_server, nisdomainname, ypxfrd

• Modity ypbind sequence (on every clients)

Edit /var/yp/ypservers (on cshome) Initial and (re)start services

Com

pu

ter C

en

ter, C

S, N

CTU

14

Step 5Step 5- Finishing- Finishing

Sudoers (/usr/local/etc/sudoers)• #include /net/data/sudo/sudoers

sahome:/etc/hosts.allow

/net/data/sata• sysadm only

Login permissions• vipw (/etc/master.passwd)

ALL : localhost 127.0.0.1 [::1] : allowsshd : saduty : allowsshd : ALL : denyALL : @sa-bsd : allowALL : ALL : deny

ALL : localhost 127.0.0.1 [::1] : allowsshd : saduty : allowsshd : ALL : denyALL : @sa-bsd : allowALL : ALL : deny

Com

pu

ter C

en

ter, C

S, N

CTU

15

Step 6Step 6- Bonus- Bonus

rup backup (snapshot) sahome as a log server quota

Com

pu

ter C

en

ter, C

S, N

CTU

16

Hand-inHand-in

Due & Demo• TBD

Com

pu

ter C

en

ter, C

S, N

CTU

17

HelpHelp

Go to bsd*.cs.nctu.edu.tw

IRC channel #nctuNASA on freenode Newsgroup cs.course.sysadmin BBS bs2.to board CS-SysAdmin Email ta@nasa.cs.nctu.edu.tw Goto CSCC to ask professional 3F!