squeak!
Syllabus Homepage
Course Overview
Course resources
Day 1
Day 2
Day 3
Day 4
Common errors
Internet Glossary
About Your Instructor
Credits: This site powered by the vi text editor, apache webserver, perl scripting, and Debian linux.
squeak!

Unix System Administration Pt 3 - Day 1

Admin

Roll, parking passes.

Goals

In this session you will:
  • take permissions to the next level
  • use setuid and setgid permissions
  • work with symlinks
  • enable selected users to sudo
  • become a cron poweruser
  • write menus for users
  • start measuring system metrics

take permissions to the next level

See the chart on p28
  • review of normal file permissions
  • review of normal directory permissions
    • r - search directory contents (ls with no details)
    • w - allows creation and deletion
    • x - allows users to work with files they know about, but disallows ls. Allows cd
    • r-x - allows ls -l. No file creation or deletion.
  • special file permissions
    • s - setuid, setgid: run with group or owner perms rather than executor...
  • special directory permissions
    • t - sticky bit allows deletion only on owned files (/tmp)
    • s - setguid on directory makes new files owned by dir's group

use setuid and setgid permissions

chmod u+s, set g+s
  • find / -type f \( -perm -2000 -o -perm -4000 \) find setguid/setuid files

use symbolic links

  • hard link - another name for a file (link to an inode). File is deleted when last hlink is gone...
  • symlink - link to name of a file (link to a name). Symlink outlasts the file itself...
  • ln -s /path/to/file /path/to/link

sudo p9-11

sudo allows a trusted user to run particular apps as root for a limited period of time.
Usage: sudo app

The user will be prompted for their pass and will be able to run the app as root for a limited amount of invocations (generally 1) or for a number of minutes (generally 5).
This behavior is controlled by a /etc/sudoers file.


Danger!		 Do not allow sudo to shell scripts or any app that has a shell in it

become a cron poweruser

  • crontab -e edit in place
  • crontab -l > outfile.txt dump crontab to a file
  • crontab infile.txt read crontab from a file

write menus for users

early system metrics

  • users on the system
  • load
  • responsiveness
  • diskspace
  • memory

Homework

Next session we will cover these topics. Please pre-read the material indicated.
  1. job control p295
  2. nice, renice p289-91.
  3. restricted shells p187-88
  4. shell wrappers (no reading)

http://www.mousetrap.net/syllabus/admin_unix_pt3/day1.html
$Id: day1.orb,v 1.15 2002/04/02 04:36:29 mouse Exp $

Remember, your login is based on your machine's hostname, not on any other number.
~/[initials] refers to the subdirectory under your homedir, named after your initials. Everything except for .dotfiles will be stored in your ~/[initials] directory.

© 1995-2001 jason carr
Distributed under the terms of the GNU Free Documentation License.