OPS235 Lab 4 - CentOS7
Contents
LAB PREPARATION
Purpose / Objectives of Lab 1
There are many other tasks that a Linux system administrator must perform other than installing Linux and installing software.
A few additional tasks are user management and managing services.
Main objectives:
- Add a virtual hard disk and expand your vm's existing file system using LVM
- Administer (add, remove, modify) users on a Linux system.
- Save time while adding new users using a template of start-up files.
- Create and manage groups on a Linux system.
- Start and Stop services on a Linux system.
- Display the status of running services on a Linux system.
Minimum Required Materials
My Toolkit (CLI Reference)
User Management: | Managing Services | Miscellaneous |
INVESTIGATION 1: User/Group Management
Part 1: The /etc/passwd file
- Look at the
/etc/passwd
file. - Make note of the contents of that file.
- Read about the file: http://linux.die.net/man/5/passwd
- Make sure you know what information each field contains.
- Why do you think there are so many users?
- Look at the names of the users. What do you think these user names represent? Are they people?
- What is the numeric user ID (UID) of the root user?
- The user IDs of real users (people) are different from the user IDs of system accounts. What is the pattern?
Answer the Part 1 observations / questions in your lab log book.
Part 2: Adding users
- Perform this part in your centos1 VM.
- Read the man page for the
useradd
command. - Create a new user account for each of your pod mates, using their learn account name as a user name. Give each user a password.
- Grep the
/etc/passwd
file for each of the new users.- What is the home directory of each user?
- What group is each user in?
- What else do you know about each user?
- Where are the passwords stored?
- Look at the man page for /etc/shadow using the command man 5 shadow
- Grep the
/etc/shadow
file for each of the new users. - Make note of this information.
- Grep the
- Create two new dummy users,
ops235_1
andops235_2
. - Investigate the home directory of one of your new users.
- What files are there? Be sure to include hidden files.
- What do you think these files are used for?
- How does the operating system determine which files are created in a new home account? The answer can be found here: http://www.linuxhowtos.org/Tips%20and%20Tricks/using_skel.htm
- Look at the files (including hidden files) in the template directory referred to in the article. Compare them to what is in a home directory for a new user. What do you notice?
- Create a new file in this directory with the following command:
touch foo
- Create a new user named
foobar
, with the option to automatically create a home directory. - Look at the contents of foobar's home directory. What do you notice?
- Be sure to record your observations in your lab notes.
- Perform this part in your centos3 VM.
- Add your matrix account user to centos3.
Answer the Part 2 observations / questions in your lab log book.
Part 3: Managing Groups
- Perform this part in your centos1 VM.
- Read the man page for the
groupadd
andgroupdel
commands. - Note which option allows you to set the Group ID number (GID) when you create a new group.
- Examine the file
/etc/group
- Which values of GID are reserved for system accounts?
- Which values of GID are reserved for non-system user accounts?
- What is the lowest available GID number for non-system users?
- What is the default group name of a new user?
- Add a new group named
ops235
with a GID of600
. - You are angry at some irresponsible users on your system.
- Add a new group named idiots.
- Look at /etc/group and note the GID of idiots.
- What GID is given to a new group if if you do not specify it?
- Your anger has subsided. Delete the
idiots
group. - Look at /etc/group again and note the change.
Answer the Part 3 observations / questions in your lab log book.
Part 4: Deleting / Modifying Users
- Perform this part in your centos1 VM.
- Read the man page for the
userdel
command. Note which option automatically removes the users home directory when that user is deleted.
- Delete the user ops235_1 using the command
userdel ops235_1
- Delete the user ops235_2 using the same command with the option which removes the home directory of the user.
- Check the contents of the /home directory. What do you notice?
- Check the contents of the
/etc/group
file. What do you notice? - Read the man page for the usermod command. Note which options change the user's full name, primary group, supplementary groups, and shell.
- Add each of your new users to the group ops235 (in other words, add ops235 to each user as a supplementary group).
- Examine
/etc/group
. What has changed? - Use the usermod command to associate each of your pod mates' full name to their user name. With each change, examine their entries in the
/etc/passwd
file. What has changed? - Be sure to record your observations in your lab notes.
Answer the Part 4 observations / questions in your lab log book.
INVESTIGATION 2: Managing Run-Levels and System Services
Part 1: How do we Manage Runlevels?
- Perform this part in both your centos2 and centos3 VMs.
The runlevel command is now deprecated in Fedora, and will likely be deprecated in RHEL/CentOS at some point as well, but for now this is what the industry is using.
- Issue the following Linux command:
runlevel
- Note the difference in output between centos2 and centos3.
- You can use the
init
command to change the current runlevel. See a list of runlevels here. Use theman
command to learn how to use theinit command. Use this command to change the current runlevel in centos2 to 3. What happened? What happens after your reboot?
- Change the default runlevel on centos2 to 3. What happens now after you reboot?
- Issue the following Linux command:
startx
- What happens?
- Log-off your graphical system. You should return to your shell prompt.
- Change the default runlevel for centos2 back to 5 and reboot to make sure it works.
Answer Part 1 observations / questions in your lab log book.
Part 2: How do we Manage System Services?
We have seen that maintaining unneeded packages can be a security risk due to the unnecessary increase in the complexity of your system. Similarly, it is also unnecessarily hazardous, and even more so, to leave unneeded services running. In this investigation, we will learn how to control services, and turn off those services that we think are not necessary to help reduce security risks.}}
- For this part, remain in your centos2 VM.
- Issue the following Linux command:
service --status-all
- Note the services that are currently running.
- Use the
service
command to stop the service named iptables - Issue the
service
command to verify that this service has stopped. - If you reboot now - the iptables service will be turned back on. We don't want it on though, it causes students headaches. To turn it off permanently we need to use the chkconfig command:
chkconfig iptables off
- Reboot and confirm that it's no longer running.
Answer Part 2 observations / questions in your lab log book.
INVESTIGATION 3: LOOKING AHEAD
Automating Routine Tasks (Shell Scripting)
We will now use shell scripting to help automate the task for a Linux adminstrator to create regular user accounts.
- Use the
wget
command to download, study, and run the following shell scripts on-line:https://scs.senecac.on.ca/~murray.saul/user-create.bash
- Try to understand what these Bash Shell scripts do, and then run the script as root. After running the shell script, view the contents of the /home directory to confirm.
Although the zenity command is a "user-friendly" way to run shell scripts, Linux administrators usually create shell scripts that resemble common Linux commands. In this lab, you will learn to create a shell script using the getopts function to make your shell script behave more like actual Linux commands (including the use of options). Refer to the notes section on the right-hand-side for reference about the case statement and the getopts function.
- Open a Bash shell terminal and login as root.
- Use a text editor (such as
vi
ornano
) to create a Bash Shell script called:createUsers.bash
in /root's home directory. - Enter the following text content into your text-editing session:
- #!/bin/bash
- # createUsers.bash
- # Purpose: Generates a batch of user accounts (user data stored in a text file)
- #
# USAGE: /root/createUsers.bash [-i {input file pathname}] [-n {full name}] [-a {account aging}] [-g {add to group}] [-o {results report pathname}] - #
- # Author: *** INSERT YOUR NAME ***
- # Date: *** CURRENT DATE ***
- if [ $HOME != "root" ] # only runs if logged in as root
- then
echo "You must be logged in as root." >&2 - exit 1
- fi
- Save your editing session, but remain in the text editor.
- The code displayed below will require the user to include only one argument after the command (script) which will be the application name. The following code will also generate the report title and current date. Add the following code
- if [ $# -ne 1 ]
- then
- echo "Your command must have a application-name as argument" >&2
- echo "USAGE: $0 [application-name]" >&2
- exit 1
- fi
- # Creates report title (echo with -e option allows newline \n character to be used)
- echo -e "\nSOFTWARE PACKAGE INFORMATION REPORT" > /root/package-info.txt
- echo -e "Date: $(date +'%A %B %d, %Y (%H:%M:%p)')\n\n " >> /root/package-info.txt
- Save your editing session, but remain in the text editor.
- The code displayed below uses a trick called the "Here Document" to redirect stdin from within the command (a quick way to display output on the screen). The read command will store the different information report items as words (separated by a space). The sed command used to convert the spaces to pipes (|) and stored into another variable. This allows the sed command to use extended regular expressions to print rpm elements that match those various patterns to be added to the report. Add the following code
- # Clear screen and use Here Document to display select on report items to read into variable
- cat <<+
- Available Package Information Items:
- # Clear screen and use Here Document to display select on report items to read into variable
- Name
- Summary
- Version
- License
- Source
- URL
- +
- read -p "Enter word(s) shown above separated by spaces: " choice
- # Convert spaces to pipe symbol (|)
- processedChoice=$(echo $choice | sed 's/ /|/g')
- # Use sed with extended regular expressions to only print those matching report elements
- rpm -qi $1 | sed -r -n "/($processedChoice)/ p" >> /root/package-info.txt
- cat <<+
- File "/root/package-info.txt" can been created
- +
- Save, set permissions, and then run that shell script for the application gedit. Did it create that report? Try running the script without an argument - What did it do?
- Use the
wget
command to download, study, and run the following shell scripts on-line:https://scs.senecac.on.ca/~murray.saul/packageInfoGraphical.bash
- Try to understand what this Bash Shell script does.
- #You have completed lab3. Proceed to Completing The Lab, and follow the instructions for "lab sign-off".
Answer Investigation 3 observations / questions in your lab log book.
LAB 4 SIGN-OFF (SHOW INSTRUCTOR)
Arrange proof of the following on the screen:
- ✓ Account created on centos3 matching your Matrix account.
- ✓ List contents of /etc/group file (ops235 group).
- ✓ List contents of /etc/passwd file (created accounts).
- ✓ Fresh backup of the virtual machines.