The Linux System Admin. GuidePart II

Brandon Enochs

Brett Edgar

Dominic Schulte

Memory Management

Virtual memory, swap space, buffer cache

7.1 Virtual Memory

A technique that allows the execution of of processes that may not be completed using only physical memory

Virtual memory is an abstraction of physical memory that uses other means of storage, usually hard disk space for process data

Most modern operating systems provide virtual memory services

7.2 Creating a swap space

Linux has tools to create two types of swap space– Swap files– Swap partitions

7.2 Cont. Creating swap files

One good way to create the swap file is through the following commands:– dd if=/dev/zero of=<swap file name> bs=1024

count=<desired size (in kilobytes) of swap file>• dd creates a file with various properties

– mkswap <swap file name or swap partition> 1024• mkswap writes various information to the swap file or swap

partition that the kernel needs to know in order to make use of it

7.3 Using a swap space

An initialized swap space is enabled with swapon command. This command tells the kernel that the swap space can be used. The path to the swap space is given as the argument to swapon.

The swapoff command disables a swap space

7.3 Cont. Monitoring swap space

The free command will give you the total amount of memory used in each swap space

$ free

total used free shared

buffers

Mem: 15152 14896 256 12404 2528

-/+ buffers: 12368 2784

Swap: 32452 6684 25768

$

7.5 Allocating swap space

Many Linux partitioning tools recommend creating a swap space that is twice the size of your physical memory.

So, if you have 512 megabytes of RAM you would need a gigabyte of swap space!

This is clearly wasteful

7.5 Correctly allocating swap space

Estimate your average memory usageAdd a small amount to your estimateThen, your correct swap size = estimate –

total physical memory.

7.6 The buffer cache

Linux, like most modern operating system does read/write caching of primary storage devices. This speeds up data access when the same data is read or written multiple times.

A program called bdflush synchronizes cached reads and writes every 30 seconds with the underlying storage media.

System administrators should be careful not to just simply power off their computers as unsynchronized cache data could be lost, possibly rendering the operating system unusable.

Chapter 8: Boots and Shutdowns

Booting– After a computer is a powered on and has performed all

necessary self testing, it begins the process of booting the operating system.

• First, it reads a small piece of code from the boot sector of the boot device, usually a hard drive or CDROM. This piece of code is responsible for loading the operating system. This process is known as “bootstrapping.”

Shutting down– First, all processes are told to terminate– Second, all file systems and swap spaces are unmounted– Finally, the computer is powered down

8.2 The Linux boot process

First, A boot loader loads the Linux kernel image into memory

Second, the Linux kernel will uncompress itselfThird, the kernel will initialize all device drivers

and check to see what hardware is availableThird, the kernel will mount the root file systemFinally, the kernel will run the init process

– The init process will perform various initialization tasks like placing the system in multi-user mode

8.3 Shutting down Linux

Linux can be properly shutdown by using the appropriately named shutdown command

The shutdown command has various parameters that control the time and manner in which the computer is shutdown

8.4 Rebooting

Rebooting is accomplished by use of the shutdown command with –r command line switch

8.5 Single user mode

The shutdown command can be used to bring the system down to single user mode.

This is useful for system administration tasks that can't be done while the system is running normally.

8.6 Emergency boot floppies

Most modern distributions provide an emergency boot method for you to recover your system.

The ‘init’ process

Bringing up the system

init comes first

After the kernel has started, the first process it calls is init, located at /sbin/init

If init can’t be found, /bin/sh is started; if sh can’t be found, the system fails

init starts getty on every terminal and virtual console; it also restarts getty when a user logs out

init will adopt orphaned processesLinux uses a System V like init

/etc/inittab

Configuration file for initMade up of four colon-delimited fields on each

line: id, runlevels, action, and process id: must be unique; for getty lines, must be the

terminal it runs on runlevels: the runlevels to run the command in, no

delimiters (2345 = runlevels 2-5) action: once, or respawn; run the command once,

or restart it when it diesprocess: the command to execute

Runlevels

0: halt system; 1: single-user; 2-5: user defined; 6: reboot

Can be used to control what subsystems are running on a machine

Configured in /etc/inittab: l2:2:wait:/etc/init.d/rc 2

In /etc/inittab default runlevel is specified with id:2:initdefault: where id is anything

telinit can change runlevels while the system is up

Special configuration in /etc/inittab

Special keywords for the third field:– powerwait: allows init to shut the system off in

conjunction with a UPS during a power failure– ctrlaltdel: allows init to reboot the system on a

ctrl-alt-del key combination– sysinit: command to run at system boot-up;

usually cleans up /tmpThere are other possible commands. See the

inittab man page for more information

Single-user mode

Can be entered from a running system by issuing telinit 1 on a local terminal as root

Can be entered upon boot by passing the kernel single or emergency

Very few services are running in single-user mode. It is useful for performing fsck on a broken partition and restoring backups after a disk failure.

Logging In and Out

It’s the password, stupid.

Terminal logins

init starts getty which outputs /etc/issue to the terminal, retrieves the username, and then starts login to process the password

Network logins

init will start inetd which listens for an incoming connection and then starts the appropriate login program (ssh, telnet, rlogin, etc.)

Only one inetd is started since there can be a large number of possible connections, although few may ever be used

The login program

login authenticates the user and sets up an initial environment (serial parameters, spawning a shell); it outputs /etc/motd and checks for local e-mail; these can be disable by creating ~/.hushlogin

Failed and root login attempts are logged via syslog.

Currently logged in users are listed in /var/run/utmp. All successful logins are listed in /var/log/wtmp.

Access control

The user database is stored in /etc/passwd. If passwords are shadowed, they will be in /etc/shadow.

The user database contains user’s real names, home directories, and login shells.

crack can be used to search for bad passwords; passwd is better since it can check for bad passwords and enforce rules without having to waste CPU cycles cracking passwords

Access control (continued)

The group database is in /etc/group; if shadow passwords are enabled, there can be a /etc/shadow.group

The root user can only login via terminals listed in /etc/securetty; however, any user can login and use su to become root

Shell startup

After login finishes, it will execute the user’s shell, as specified in /etc/passwd

Each shell will use different files to control its startup environment

The Bourne shell and its derivatives will execute /etc/profile followed by ~/.profile

/etc/profile can be used by the Sysadmin to create a default global environment

Managing User Accounts

Creating, modifying, and removing accounts

Account Basics

Mechanism for user differentiation– Unique user id (uid)– Group id (gid)

FilesResourcesInformation

Account Creation

To the kernel, you’re just a number– uid– Separate DB assigns usernames to id’s

Update DBCreate home directoryDefault environmentPrograms: adduser, useradd, etc.

The Password File

UsernamePasswordNumeric user idNumeric group idFull name or account descriptionHome directoryLogin shell

Password Security

/etc/passwd world readable– Password “encrypted”– One-way hash function

Shadow passwords– /etc/shadow– Root-readable– etc/passwd contains special marker– Setuid used for user verification

ID’s

Network Filesystem (NFS)– Correlation necessary

Independent systems– Automated tools acceptable

Initial User Environments

New user friendly/etc/skel

– /etc/skel/.profile– Keep small and simple

Use global files when possible– /etc/profile– Does not break users’ setups

Manual User Creation

vipw – add new /etc/passwd line– Locks file during editing– Make password field ‘*’ to deny login

vigr – add new /etc/group, if necessaryCopy files from /etc/skel to new home dirchown/chmod to set ownership/permission

– -R option usefulSet the password

Account Commands

Change relevant field of /etc/passwd– chfn – change full name field– chsh – change the login shell– passwd – change the password

Only super-user may change others acct.’sMay be disabled using chmod

Removing Users

Remove all references to user – Lock account– Files, mailboxes, print jobs, cron/at jobs– Relevant lines from /etc/passwd and /etc/group

find – locate other user files– find / -user username

Special commands– deluser or userdel

Disabling Accounts

Security, financial, operational concernsChange shell

– Displays message instead of granting a shell

Change username or password– Causes confusion