OSA Unit - VI: Adding New Users and Storage

Views:
 
Category: Education
     
 

Presentation Description

The /etc/passwd file, The /etc/shadow and /etc/security/passwd files, /etc/group file, Adding users, Adding users with useradd Storage: Adding a hard Disk, Storage Hardware, Storage hardware Interfaces, Software aspects of storage, Formatting, Disk Partitioning, RAID, LVM, Linux File System: The ext family, file system terminology, file system polymorhism, mkfs, fsck, file system mounting, setup for automatic mounting, USB drive mounting, Enabling swapping.

Comments

Presentation Transcript

Unit VI: Adding New Users and Storage:

Unit VI: Adding New Users and Storage Reference: UNIX AND LINUX SYSTEM ADMINISTRATION HANDBOOK Authors : Evi Nemeth Garth Snyder Trent R. Hein Ben Whaley

Index:

Index The /etc/passwd file, The /etc/shadow, /etc/security/passwd files and /etc/group file, Adding users, Adding users with useradd, Storage: Adding a hard Disk, Storage Hardware, Storage hardware Interfaces, Software aspects of storage, Formatting, Disk Partitioning, RAID, LVM, Linux, File System, mkfs, fsck, file system mounting, setup for automatic mounting, USB drive, mounting, Enabling swapping. 2

THE /ETC/PASSWD FILE:

THE /ETC/PASSWD FILE The /etc/ passwd file is a list of users recognized by the system. It can be extended or replaced by a directory service. The system consults /etc/ passwd at login time to determine a user’s UID and home directory. Each line in the file represents one user and contains seven fields separated by colons: Login name Encrypted password placeholder UID (user ID) number Default GID (group ID) number “GECOS” information: full name, office, extension, home phone Home directory Login shell 3

THE /ETC/PASSWD FILE:

For example, the following lines are all valid /etc/passwd entries: root:x:0:0:The System,,x6096,:/:/bin/sh jl:!:100:0:Jim Lane,ECOT8-3,,:/staff/jl:/bin/sh dotty:x:101:20::/home/dotty:/bin/tcsh 4 THE /ETC/PASSWD FILE

THE /ETC/PASSWD FILE:

THE /ETC/PASSWD FILE Login name : Login names (also known as usernames) must be unique and, depending on the operating system, may have length and character set restrictions. 5

THE /ETC/SHADOW AND /ETC/SECURITY/PASSWD FILES:

THE /ETC/SHADOW AND /ETC/SECURITY/PASSWD FILES A shadow password file is readable only by the superuser and serves to keep encrypted passwords safe from prying eyes and password cracking programs. It also includes some additional account information that wasn’t provided for in the original /etc/passwd format. The shadow file is not a superset of the passwd file, and the passwd file is not generated from it. You must maintain both files or use tools such as useradd that maintain both files on your behalf. Like /etc/passwd, /etc/shadow contains one line for each user. Each line contains nine fields, separated by colons: 6

cntd..:

cntd.. Login name Encrypted password Date of last password change Minimum number of days between password changes Maximum number of days between password changes Number of days in advance to warn users about password expiration Linux: Days after password expiration that account is disabled Solaris/HP-UX: Days before account automatically expires Account expiration date A reserved field that is currently always empty, except on Solaris 7

THE /ETC/GROUP FILE:

THE /ETC/GROUP FILE The /etc/group file contains the names of UNIX groups and a list of each group’s members. Here’s a portion of the group file from an AIX system: system:!:0:root,pconsole,esaadmin staff:!:1:ipsec,esaadmin,trent,ben,garth,evi bin:!:2:root,bin sys:!:3:root,bin,sys adm :!:4:bin,adm nobody:!:4294967294:nobody,lpd Each line represents one group and contains four fields: Group name Encrypted password or a placeholder GID number List of members, separated by commas (be careful not to add spaces) 8

ADDING USERS: THE BASIC STEPS:

ADDING USERS: THE BASIC STEPS The process of adding a new user consists of several steps required by the system, two steps that establish a useful environment for the new user, and several extra steps for your own convenience as an administrator. Required: Have the new user sign your policy agreement. Edit the passwd and shadow files to define the user’s account. Add the user to the /etc/group file (not really necessary, but nice). Set an initial password. Create, chown , and chmod the user’s home directory. Configure roles and permissions. For the user: Copy default startup files to the user’s home directory. Set the user’s mail home and establish mail aliases. For you: Verify that the account is set up correctly. Add the user’s contact information and account status to your database. 9

ADDING USERS WITH USERADD:

ADDING USERS WITH USERADD useradd on Ubuntu Ubuntu provides two ways to add users: adduser and useradd. adduser is a Perl wrapper for useradd that is a bit more helpful adduser is configured in /etc/adduser.conf, which includes options such as these: Rules for locating home directories: by group, by username, etc. Permission settings for new home directories UID and GID ranges for system users and general users An option to create individual groups for each user Disk quotas (Boolean only, unfortunately) Regex-based matching of usernames and group names 10

Storage:

Storage 11

Adding a hard Disk:

Adding a hard Disk Linux recipe Run sudo fdisk -l to list the system’s disks and identify the new drive. Then run any partitioning utility to create a partition table for the drive. For drives 2TB and below, install a Windows MBR partition table. cfdisk is the easiest utility for this, but you can also use fdisk, sfdisk, parted, or gparted. Larger disks require a GPT partition table , so you must partition with parted. Put all the drive’s space into one partition of unspecified or “unformatted” type. 12

Adding a hard Disk:

13 Adding a hard Disk Linux recipe Do not install a filesystem. Note the device name of the new partition before you leave the partitioning utility; let’s say it’s /dev/sdc1. Next, run the following command sequence, selecting appropriate names for the volume group ( vgname ), logical volume ( volname ), and mount point. $ sudo pvcreate /dev/sdc1 # Prepare for use w/LVM $ sudo vgcreate vgname /dev/sdc1 # Create volume group $ sudo lvcreate -l 100%FREE -n volname vgname # Create logical volume $ sudo mkfs -t ext4 /dev/ vgname / volname # Create filesystem $ sudo mkdir mountpoint # Create mount point $ sudo vi /etc/ fstab # Set mount opts, mntpoint $ sudo mount mountpoint # to mount the filesystem

STORAGE HARDWARE:

STORAGE HARDWARE Hard disks A typical hard drive contains several rotating platters coated with magnetic film. They are read and written by tiny skating heads that are mounted on a metal arm that swings back and forth to position them. The heads float close to the surface of the platters but do not actually touch. 14

STORAGE HARDWARE:

STORAGE HARDWARE Solid state disks SSDs spread reads and writes across banks of flash memory cells, which are individually rather slow in comparison to modern hard disks. But because of parallelism, the SSD as a whole meets or exceeds the bandwidth of a traditional disk. The great strength of SSDs is that they continue to perform well when data is read or written at random, an access pattern that’s predominant in real-world use. 15

STORAGE HARDWARE INTERFACES:

STORAGE HARDWARE INTERFACES If a system supports several different interfaces, use the one that best meets your requirements for speed, redundancy, mobility, and price. ATA (Advanced Technology Attachment), known in earlier revisions as IDE (Integrated Drive Electronics), was developed as a simple, low-cost interface for PCs. It put the hardware controller in the same box as the disk platters and used a relatively highlevel protocol for communication between the computer and the disks. 16

STORAGE HARDWARE INTERFACES:

STORAGE HARDWARE INTERFACES The PATA interface PATA (Parallel Advanced Technology Attachment), also called IDE, was designed to be simple and inexpensive. It is most often found on PCs or low-cost workstations. The original IDE became popular in the late 1980s. Most PCs have two PATA buses, each of which can host two devices. If you have more than one device on a PATA bus, you must designate one as the master and the other as the slave. 17

STORAGE HARDWARE INTERFACES:

STORAGE HARDWARE INTERFACES The SATA interface As data transfer rates for PATA drives increased, the standard’s disadvantages started to become obvious. Electromagnetic interference and other electrical issues caused reliability concerns at high speeds. Serial ATA, SATA, was invented to address these problems. It is now the predominant hardware interface for storage. It improves transfer rates (potentially to 750 MB/s with the upcoming 6 Gb/s SATA) and includes superior error checking. 18

STORAGE HARDWARE INTERFACES:

STORAGE HARDWARE INTERFACES Parallel SCSI SCSI, the Small Computer System Interface, defines a generic data pipe that can be used by all kinds of peripherals. In the past it was used for disks, tape drives, scanners, and printers, but these days most peripherals have abandoned SCSI in favor of USB. It uses terminator and has a SCSI address or “target number” Serial SCSI From the hardware perspective, SAS improves just about every aspect of traditional parallel SCSI. SAS does not use terminators and has a Fibre-Channel-style 64-bit World Wide Name (WWN) assigned by the manufacturer. 19

THE SOFTWARE SIDE OF STORAGE cntd..:

THE SOFTWARE SIDE OF STORAGE cntd.. 20 Details of pieces in Exhibit B represent:

THE SOFTWARE SIDE OF STORAGE cntd..:

Details of pieces in Exhibit B represent: A storage device is anything that looks like a disk. It can be a hard disk, a flash drive, an SSD, an external RAID array implemented in hardware, or even a network service that provides block-level access to a remote device. A partition is a fixed-size subsection of a storage device. Each partition has its own device file and acts much like an independent storage device. A RAID array (a redundant array of inexpensive/independent disks) combines multiple storage devices into one virtualized device. 21 THE SOFTWARE SIDE OF STORAGE cntd..

THE SOFTWARE SIDE OF STORAGE cntd..:

Details of pieces in Exhibit B represent: Volume groups and logical volumes are associated with logical volume managers (LVMs). These systems aggregate physical devices to form pools of storage called volume groups. The administrator can then subdivide this pool into logical volumes in much the same way that disks of yore were divided into partitions. A filesystem mediates between the raw bag of blocks presented by a partition, RAID array, or logical volume and the standard filesystem interface expected by programs: paths such as /var/spool/mail, UNIX file types, UNIX permissions, etc. The filesystem determines where and how the contents of files are stored, how the filesystem namespace is represented and searched on disk, and how the system is made resistant to (or recoverable from) corruption. 22 THE SOFTWARE SIDE OF STORAGE cntd..

DISK PARTITIONING:

Partitioning and logical volume management are both ways of dividing up a disk into separate chunks of known size. Most of the systems support logical volume management, but only Linux, Solaris, and sometimes HP-UX allow traditional partitioning. Both partitions and logical volumes make backups easier, prevent users from poaching each other’s disk space, and confine potential damage from runaway programs. 23 DISK PARTITIONING

RAID: REDUNDANT ARRAYS OF INEXPENSIVE DISKS:

RAID, “redundant arrays of inexpensive disks,” is a system that distributes or replicates data across multiple disks. RAID not only helps avoid data loss but also minimizes the downtime associated with hardware failures (often to zero) and potentially increases performance. RAID can be implemented by dedicated hardware that presents a group of hard disks to the operating system as a single composite drive. It can also be implemented simply by the operating system’s reading or writing multiple disks according to the rules of RAID. 24 RAID: REDUNDANT ARRAYS OF INEXPENSIVE DISKS

RAID: REDUNDANT ARRAYS OF INEXPENSIVE DISKS:

RAID levels : RAID can do two basic things First, it can improve performance by “striping” data across multiple drives, thus allowing several drives to work simultaneously to supply or absorb a single data stream. Second, it can replicate data across multiple drives, decreasing the risk associated with a single failed disk. Replication assumes two basic forms: mirroring, in which data blocks are reproduced bit-for-bit on several different drives, and parity schemes, in which one or more drives contain an error-correcting checksum of the blocks on the remaining data drives. Mirroring is faster but consumes more disk space. Parity schemes are more disk-space-efficient but have lower performance. 25 RAID: REDUNDANT ARRAYS OF INEXPENSIVE DISKS

LOGICAL VOLUME MANAGEMENT:

A logical volume manager lets you reallocate space dynamically from the greedy partition to the needy partition. It groups individual storage devices into “volume groups.” The blocks in a volume group can then be allocated to logical volumes,” 26 LOGICAL VOLUME MANAGEMENT

FILE SYSTEMS:

filesystems: Even after a hard disk has been conceptually divided into partitions or logical volumes, it is still not ready to hold files. The Filesystem, must be implemented in terms of raw disk blocks. The filesystem is the code that implements these, and it needs to add a bit of its own overhead and data. 27 FILE SYSTEMS

FILE SYSTEMS:

Linux filesystems: the ext family ext2: “second extended filesystem,” was written specifically for Linux, it is functionally similar to the Berkeley Fast File System. ext3: adds journaling capability to the existing ext2 code, a conceptually simple modification that increases reliability enormously. ext4: is a comparatively incremental update that raises a few size limits, increases the performance of certain operations, and allows the use of “extents” (disk block ranges) for storage allocation rather than just individual disk blocks. Use of ext4 over the previous versions is recommended as of Linux kernel 2.6.28. It is the default on Ubuntu and SUSE; Red Hat remains on ext3. 28 FILE SYSTEMS

FILE SYSTEMS:

Filesystem terminology filesystems share some descriptive terminology. “Inodes” are fixed-length table entries that each hold information about one file. They were originally preallocated at the time a filesystem was created, but some filesystems now create them dynamically as they are needed. Filesystem polymorphism Filesystems are software packages with multiple components. One part lives in the kernel and implements the nuts and bolts of translating the standard filesystem API into reads and writes of disk blocks. Other parts are user-level commands that initialize new volumes to the standard format, check filesystems for corruption. 29 FILE SYSTEMS

FILE SYSTEMS:

mkfs: format filesystems The general recipe for creating a new filesystem is mkfs [-T fstype ] [-o options] rawdevice The default fstype may be hard-coded into the wrapper, or it might be specified in /etc/default/fs . fsck: check and repair filesystems filesystem data structures can potentially become self-inconsistent (Because of block buffering and the fact that disk drives are not really transactional devices). If these problems are not corrected quickly, they propagate. The original fsck scheme worked surprisingly well it could take hours on a large drive. an early optimization: a “filesystem clean” bit that could be set in the superblock when the filesystem was properly unmounted. 30 FILE SYSTEMS

FILE SYSTEMS:

Filesystem mounting A filesystem must be mounted before it becomes visible to processes. The mount point for a filesystem can be any directory, but the files and subdirectories beneath it are not accessible while a filesystem is mounted there. After installing a new disk, you should mount new filesystems. For example, the command $ sudo mount /dev/sda1 /mnt/temp mounts the filesystem in the partition represented by the device file /dev/sd1a on a subdirectory of /mnt, which is a traditional path used for temporary mounts. You can verify the size of a filesystem with the df command. $ df -h /mnt/web1 31 FILE SYSTEMS

FILE SYSTEMS:

Setup for automatic mounting The command mount -a mounts all regular filesystems listed in the filesystem catalog; it is usually executed from the startup scripts at boot time. $ sudo mount -at ext4 mounts all local ext4 filesystems. The mount command reads fstab sequentially. USB drive mounting USB drives: Friendly. Faster & fun flavors: personal “thumb” drives, digital cameras, iPods, and large external disks 32 FILE SYSTEMS

FILE SYSTEMS:

Enabling swapping Raw partitions or logical volumes, rather than structured filesystems, are normally used for swap space. Instead of using a filesystem to keep track of the swap area’s contents, the kernel maintains its own simplified mapping from memory blocks to swap space blocks. On Linux systems, swap areas must be initialized with mkswap , which takes the device name of the swap volume as an argument. 33 FILE SYSTEMS

authorStream Live Help