1,576
edits
Changes
no edit summary
[[Category:OPS235]]
{{Admon/caution|THIS IS AN OLD VERSION OF THE LAB|'''This is an archived version. Do not use this in your OPS235 course.'''}}
=LAB PREPARATION=
==Purpose / Objectives of Lab 4==
{| width="40%" align="right" cellpadding="10"
|- valign="top"
|
[[Image:users.png|thumb|right|150px|System administrators are required to add, remove and modify user accounts.]]
|
[[Image:on-off.png|thumb|right|135px|In order to perform maintenance, system administrators need to know how to stop and start services for a Linux system. ]]
|}
{|cellpadding="15" width=Linux Command Online Reference==Each Link below displays online manpages for each command (via [http://linuxmanpages.com/ http://linuxmanpages.com]):"40%"
|- valign="top"
|width="10%" |*[http://linuxmanpages.com/man8/vgs.8.php vgs]*[httpImage://linuxmanpagesharddrive.compng|thumb|left|85px|<b>Removable Hard Disk Pack</man8/lvs.8.php lvsb> (SATA)]*[http://linuxmanpages.com/man8/pvs.8.php pvs]*[http://linuxmanpages.com/man8/vgdisplay.8.php vgdisplay]*|width="10%" |[http://linuxmanpages.com/man8/lvdisplay.8.php lvdisplay]*[httpImage://linuxmanpagesubs-key.com/man8/pvdisplay.8.php pvdisplay]png|thumb|left|85px|*[http://www.centos.org/docs/5/html/Deployment_Guide-en-US<b>USB key</s1-system-config-lvm.html system-config-lvm] b><br>(Tutorialfor backups)*[http://linuxmanpages.com/man8/lvextend.8.php lvextend]*[http://linuxmanpages.com/man8/resize2fs.8.php resize2fs]*[http://linuxmanpages.com/man8/lvcreate.8.php lvcreate]*[http://linuxmanpages.com/man8/lvreduce.8.php lvreduce]*[http://linuxmanpages.com/man8/pvcreate.8.php pvcreate]*[http://linuxmanpages.com/man8/vgextend.8.php vgextend]|*width="10%" |[http://linuxmanpages.com/man8/mount.8.php mount]*[httpImage://linuxmanpageslog-book.compng|thumb|left|70px|<b>Lab4 Log Book</man8/umount.8.php umount]*[http://linuxmanpages.com/man8/useradd.8.php useradd]*[http://linuxmanpages.com/man8/userdel.8.php userdel]*[http://linuxmanpages.com/man8/usermod.8.php usermodb>]*[http://linuxmanpages.com/man8/groupadd.8.php groupadd]*[http://linuxmanpages.com/man8/groupdel.8.php groupdel]
|}
==Resources on the webMy Toolkit (CLI Reference)==Additional links to tutorials and HOWTOs:
{|width="50%" cellpadding="15"|- valign="top"|width="10%" |<u>User Management:* </u>[http://unixhelp.ed.ac.uk/CGI/man-cgi?useradd+8 useradd]<br>[Logical Volume Managementhttp://unixhelp.ed.ac.uk/CGI/man-cgi?userdel+8 userdel]<br>[http://unixhelp.ed.ac.uk/CGI/man-cgi?usermod+8 usermod] ('''Note<br>[http:''' It is recommended to return to this guide as a reference when performing the next several investigations)//unixhelp.ed.ac.uk/CGI/man-cgi?groupadd+8 groupadd]<br>[http:* //unixhelp.ed.ac.uk/CGI/man-cgi?groupdel+8 groupdel]|width="10%" |<u>Managing Services</u>[http://wwwunixhelp.ed.thegeekstuffac.comuk/2011CGI/man-cgi?chkconfig+8 chkconfig]<br>[http:/05/ext2unixhelp.ed.ac.uk/CGI/man-ext3-ext4cgi?service+8 service]<br>[http:// Linux File Systems (ext2www.dsm.fordham.edu/ext3cgi-bin/ext4)man-cgi.pl?topic=systemctl systemctl]<br>|width="10%" |<u>Miscellaneous</u>:* [http://tldpman7.org/HOWTOlinux/man-pages/Partitionman5/fdisk_partitioningpasswd.5.html Partitioning with fdisk/etc/passwd]<br>:* [http://wwwman7.org/linux/man-tutorialpages/man5/group.5.infohtml /modulesetc/group]<br>[http://man7.php?name=MContent&pageid=282 Mounting org/linux/ Unmounting Fileman-systemspages/man5/shadow.5.html /etc/shadow]<br>:* [http://wwwarchive.itwirelinuxfromscratch.comorg/businessblfs-itmuseum/1.0/BLFS-news1.0/postlfs/skel.html /etc/open-sourceskel]<br>[http://zenit.senecac.on.ca/wiki/index.php/14446-uid-and-gid-the-basics-of-linux-user-admin UID and GID explainedInit_vs_systemd init vs systemd]|}
= Software Package INVESTIGATION 1: User/Group Management =
#Perform this part in your '''centos1''' VM.# Read the man page for the <b><code><span style="color:#3366CC;font-size:1.2em;">useradd</span></code></b> command.# Create three fictitious users (make-up their userids and full names. Give each of these newly-created users a password.# Grep the <b><code><span style="color:#3366CC;font-size:1.2em;">/etc/passwd</span></code></b> file for each of the new users.#* What is the '''home''' directory of each user?#* What '''group''' is each user in?#* What other information can you provide regarding these users?#* Where are the '''passwords''' stored?# Look at the man page for '''/etc/shadow''' using the command: <b><code><span style="color:#3366CC;font-size:1.2em;">man 5 shadow</span></code></b>#* Grep the <b><code><span style="color:#3366CC;font-size:1.2em;">/etc/shadow</span></code></b> file for each of the new users.#* Make note of this information. # Create two new dummy users, <b><code><span style="color:#3366CC;font-size:1.2em;">ops235_1</span></code></b> and <b><code><span style= Investigation 2"color: #3366CC;font-size:1.2em;">ops235_2</span></code></b>.# Investigate the home directory of one of your new users.#* What files are there? Be sure to include hidden files.#* What do you think these files are used for?#* How does the operating system determine which files are created in a new home account? The answer can be found here:<br>http://www.linuxhowtos.org/Tips%20and%20Tricks/using_skel.htm#* Look at the files (including hidden files) in the template directory referred to in the article. Compare them to what is in a home directory for a new user. What do you install and remove software notice?#* Create a new file in this directory with RPM? the following command: <b><code><span style="color:#3366CC;font-size:1.2em;">touch foo</span></code></b>#* Create a new user named <b><code><span style="color:#3366CC;font-size:1.2em;">foobar</span></code></b>, with the option to automatically create a home directory.#* Look at the contents of foobar's home directory. What do you notice?# Be sure to record your observations in your lab notes.#Issue the man pages for the '''useradd''' command. Explain the purpose of using the '''-e''' option for the ''useradd'' command. Try to think what would be the purpose for a Linux sysadmin to use this option when creating new users.
#Remain in your '''centos1''' VM for this section.# Read the man page for the <b><code><span style="color:#3366CC;font-size:1.2em;">groupadd</span></code></b> and <b><code><span style= Investigation 3"color:#3366CC;font-size: How do 1.2em;">groupdel</span></code></b> commands.# Note which option allows you install and remove software with to set the Group ID number ('''GID'yum'') when you create a new group.# Examine the file <b><code><span style="color:#3366CC;font-size:1.2em;">/etc/group</span></code></b>#* Which values of GID are reserved for system accounts?#* Which values of GID are reserved for non-system user accounts?#* What is the lowest available GID number for non-system users?#* What is the default group name of a new user? #* Add a new group named <b><code><span style="color:#3366CC;font-size:1.2em;">ops235</span></code></b> with a GID of <b><code><span style="color:#3366CC;font-size:1.2em;">600</span></code></b>.#* The management at your organization have concerns regarding some irresponsible users on your system.#** Add a new group named '''investigation'''.#** Look at '''/etc/group''' and note the GID of group called '''investigation'''.#** What GID is given to a new group if you do not specify it?#** In the file, add those users to the end of the concerned group (separate each user-name with a comma).#** Those individuals have explained their actions to management and the crisis has been resolved. Delete the '''investigation''' group.#** Look at '''/etc/group''' again and note the change.
#Remain in your '''centos1''' VM for this section.# Read the man page for the '''userdel''' command. Note which option automatically removes the users home directory when that user is deleted.# Delete the user '''ops235_1''' using the command <olb><code> <li valuespan style="2color:#3366CC;font-size:1.2em;">Issue the command: userdel ops235_1<code/span>yum install elinks</code> and answer <code>y</codeb> to # Delete the question about installation. <ol type="a"> <li>Where did user '''ops235'yum'' get _2 using the elinks softwaresame command with the option which removes the home directory of the user.# Check the contents of the /home directory. What do you notice?# Check the contents of the <b></licode> <lispan style="color:#3366CC;font-size:1.2em;">Why could ''yum'' install elinks when rpm couldn't?/etc/group</lispan> </olcode> </lib>file. What do you notice?# Read the man page for the usermod command. Note which options change the user's full name, primary group, supplementary groups, and shell. <li>Issue an RPM query to verify # Create a new user account called '''noobie''' for the employee: '''"Really Green"''' . Assign a password for that elinks is installednewly created user. Record # Management has indicated that this employee be on on probation for 3 months. Use the '''usermod''' command to set the account for noobie to expire in 3 months from this day as part of the security policy of this organization.# Add each of your lab log-booknew users to the group ops235 (in other words, add ops235 to each user as a supplementary group).# Examine </lib> <licode>Issue the command<span style="color:#3366CC;font-size: 1.2em;">/etc/group<code/span>yum remove elinks</code></lib>. What has changed? <li>Issue an RPM query # Use the '''usermod''' command to change the full name of the user account '''noobie''' from '''"Really Green"''' to verify '''"Outstanding Employee"'''. Examine the result of running that elinks is no longer installed. Record this command in your lab log-book.the </lib> <licode>Issue this command<span style="color:#3366CC;font-size: <code1.2em;">yum info cups/etc/passwd</codespan></licode></olb>file. What has changed?::* Based on # Use the '''usermod''' command to extend the result, do you think that cups is a useful package use of their account for your system? If not, try removing it5 years as of today.<ol> <li value="8">Unused and unneeded software can present a security risk and ties up disk space needlessly. Find at least 4 other packages (for example: games, sound & video, etc) that you're not using on your system, and remove them. # Be careful sure to ensure that removing those packages does not also remove other software that you do needrecord your observations in your lab notes.</li></ol>
'''Answer the Investigation 3 Part 4 observations / questions in your lab log book.'''
#Use your '''centos2''' VM for this part.
<ol>
<li value="42">What do Use the options c, v, and f mean?'''man''' pages to learn about the '''service''' command.</li> <li>Record Issue the archive file size.following Linux command: </liul> <li>Compress the file using <codeb>gzip</code><span style="color: <ul#3366CC;font-size:1.2em;"> service --status-all<li/span></code>gzip /tmp/archive1.tar</codeb></li> </ul>
</li>
<li>Record Note the archive file size after compressionservices that are currently running.</li> <li>Make sure you're still in Use the command <b><code><span style="color:#3366CC;font-size:1.2em;">service iptables stop</usrspan></sharecode></docb> to stop the service named '''iptables'''</sudo*li> <li>Run a command to verify that the '''iptables''' service has stopped.<br><br>'''NOTE:''' Although the service command seems to work, it is <u>'''deprecated'''</codeu> (i.e. "out-dated:). It has been replaced by using the [http://zenit.senecac.on.ca/wiki/index.php/Init_vs_systemd#systemd_Command_Usage systemctl] command. This is a command based upon a newer method of starting and then create managing system services called [http://zenit.senecac.on.ca/wiki/index.php/Init_vs_systemd systemd] (which replaces init - the "initialization table"). This method allows services to run more independently of each other, so that a compressed archiveservice may be stopped without other dependent services to be stopped as well.<br><br>The most common '''systemctl''' commands are shown below (it is optional to include the filename extension '''.service''' after the service-name):<ul> <li><codespan style="font-family:courier;font-size:1.2em;font-weight:bold;">tar cvzf '''systemctl list-units --all'''</tmpspan> (get a listing of all service names. Can pipe to grep to list service you are interested in)</archive2li><li><span style="font-family:courier;font-size:1.tgz 2em;font-weight:bold;">'''systemctl status service-name'''</span> (Confirm status of a service - running or not-running)</li><li><span style="font-family:courier;font-size:1.2em;font-weight:bold;">'''systemctl stop service-name'''</codespan> (stop a service)</li><li><span style="font-family:courier;font-size:1.2em;font-weight:bold;">'''systemctl start service-name'''</span> (start a service)</li><li><span style="font-family:courier;font-size:1.2em;font-weight:bold;">'''systemctl restart service-name'''</span> (restart a service)</li> <li><span style="font-family:courier;font-size:1.2em;font-weight:bold;">'''systemctl enable service-name'''</ulspan> (enable service so service runs upon system startup)</li> <li>What <span style="font-family:courier;font-size:1.2em;font-weight:bold;">'''systemctl disable service-name'''</span> (disable service so it does the NOT run upon system startup)<br><br><code/li>z</codeul> option do?</li> <li>Compare If you reboot now - the iptables service will be turned back on. We don't want it on though, it causes students headaches.<br>To turn it off permanently we need to use the sizes of '''systemctl''' command:<b><code>/tmp/archive1<span style="color:#3366CC;font-size:1.tar.gz2em;">systemctl disable iptables</codespan> and </code></tmpb><br>(the '''chkconfig''' command used to be the way to enble/archive2disable services, but is now deprecated).tgz</codeli> <li>Use the '''systemctl''' command to verify that the '''iptables''' service is no longer running ('''hint:''' issue command, and pipe to grep "'''iptables'''"). <li>Reboot and confirm that it's no longer running. Why are they so close in size?</li>
</ol>
'''Answer the Investigation Part 1 observations / questions in your lab log book.''' ===Investigation 2: How do you restore files from an archive?==={{Admon/note|Remain in your centos3 VM|Perform these steps in the '''centos3''' virtual machine.}}#Create the directory <code>/tmp/extract1</code>#Change to the <code>/tmp/extract1</code> directory.#Move the file archive1.tar.gz to your current directory.#Unzip the first archive you created:#*<code>gunzip archive1.tar.gz</code>#Extract the files from the first archive:#*<code>tar xvf archive1.tar</code>#Are all the files there? #Compare <code>/tmp/extract1/README</code> and <code>/usr/share/doc/sudo*/README</code>. Are they exactly the same? Why?#Create the directory <code>/tmp/extract2</code>#Move the file archive2.tgz to the <code>/tmp/extract2</code> directory.#Extract the files from the second archive:#*<code>tar xvzf /tmp/extract2/archive2.tgz</code>#Note that this time a separate <code>gunzip</code> command was not needed. Why?#Repeat the previous command, leaving out the option "z". Does it work? Why?#Compare the <code>README</code> file in this directory with the original file. Are they exactly the same? '''Answer the Investigation 2 observations / questions in your lab log book.'''
===Investigation 3Part 2: How do you build software from source codewe Manage Runlevels?===
#Perform this part in both your '''centos2''' and '''centos3''' VMs.
<ol>
<li value="32">Go to Issue the directory following Linux command: <ul> <li><b><code><span style="color:#3366CC;font-size:1.2em;">runlevel</tmpspan></code></b></li> </ul> </li> <li>Use Note the difference in output between '''centos2''' and '''centos3'''.<code/li>wget </codeli> You can use the '''init''' command to download change the "tar ball" that contains the source code for the NLED text editorcurrent run-level. See a list of runlevels [https://www.centos.org/docs/5/html/5.2/Installation_Guide/s2-init-boot-shutdown-rl.html here]. <code/li>wget</codeli> is a Use the '''man''' command-line tool to download files from learn how to use the web using '''init''' command. Use this command to change the http or ftp protocolscurrent run-level in '''centos2''' to '''3'''.What happened?</li> <li>Issue the following Linux command:
<ul>
<li><b><code>wget http<span style="color://cdot#3366CC;font-size:1.senecac.on.ca2em;">startx</softwarespan></nled/nled_2_52_src.tgzcode></codeb></li>
</ul>
</li>
<li>Most but not all source code archives include the capability of installing themselves this way.What happens?</li> <li>If the command Log-off your graphical system. You should return to your shell prompt.<code/li>make install </codeli> does not work (how Using systemd requires a different method of setting text mode and graphical mode. You can you tell? What command did you learn from ULI101 refer to confirm that this command cannot be run from the command line?), copy the <code>nled</code> program manuallylink for future reference: <ul> <li><code>cp nled [http:/usr/localfedoraproject.org/bin<wiki/code>Systemd#How_do_I_change_the_runlevel.3F How to Change Run-Levels with Systemd]</li> </ul> </li> <li>Test <code>nled</code> to Restart your centos2 machine, and make sure certain that it works.runs in '''graphical''' mode</li> </li>Why did copying the nled executable would you want to /usr/local/bin allow the nled command to be make a graphical Linux system run by name anywhere in the command prompttext-based mode?</li>
</ol>
== Investigation 5INVESTIGATION 3: Adding users =LOOKING AHEAD =
==Automating Routine Tasks (Shell Scripting)=={|width="40%" align="right" cellpadding="10"|- valign="top"|{{Admon/notetip|Use centos1Bash Shell Scripting Tips:|Perform these steps <br><ul><li>'''The case statement:'''<br><br>The case statement is a control-flow statement that works in a similar way as the if-elif-else statement (but is more concise). This statement presents scenerios or "cases" based on values or regular expressions (not ranges of values like if-elif-else statements). After action(s) are taken for a particular scenerio (or "case"), a break statement (''';;''') is used to "break-out" of the statement (and not perform other actions). A default case (*) is also used to catch exceptions.<br><br><u>'''Examples (try in shell script):'''</u><br><br>''read -p "pick a door (1 or 2): " pick<br>case $pick in<br> 1) echo "You win a car!" ;;<br> 2) echo "You win a bag of dirt!" ;;<br> *) echo "Not a valid entry"<br> exit 1 ;;<br>esac''<br><br>''read -p "enter a single digit: " digit<br>case $digit in <br> [0-9]) echo "Your single digit is: $digit" ;;<br> *) echo "not a valid single digit"<br> exit 1 ;;<br>esac''<br><br></li><li>'''The getopts function:'''<br><br></li></ul>The getopts function allows the shell scripter to create scripts that accept options (like options for Linux commands). This provides the Linux administrator with scripts that provide more flexibility and versatility. A built-in function called '''centos1getopts''' system(i.e. get command options) is used in conjunction with a '''while''' loop and a '''case''' statement to carry out actions based on if certain options are present when the shell script is run. The variable '''$OPTARG''' can be used if an option accepts text (denoted in the getopts function with an option letter followed by a colon. Case statement exceptions use the ''':)''' and '''\?)''' cases for error handling.<br><br>'''<u>Example of getopts</u>''' (try in script and run with options)<br><br>''while getopts abc: name<br>do<br> case $name in<br> a) echo "Action for option \"a\"" ;;<br> b) echo "Action for option \"b\"" ;;<br> c) echo "Action for option \"c\""<br> echo Value is: $OPTARG" ;;<br> :) echo "Error: You need text after -c option"<br> exit 1 ;;<br> \?) echo "Error: Incorrect option"<br> exit 1 ;;<br>esac''<br>done<br><br>}}|}
#You will be using your '''c7host''' machine for this section.#Download, study, and run the following shell script. Issue the command:<br><b><code><span style== Investigation 6" pointer-events:none;cursor:default;color:#3366CC;font-size:1.2em;">wget https: Managing Groups ==//scs.senecac.on.ca/~murray.saul/user-create.bash</span></code></b>#Try to understand what these Bash Shell scripts do, and then run the script as root. After running the shell script, view the contents of the '''/home''' directory to confirm.
<ol><li value="3">Open a Bash shell terminal and login as root.</li><li>Use the wget command to download the input file called user-data.txt by issuing the command:<br><b><code><span style="color:#3366CC;font-size:1.2em;">wget https://scs.senecac.on.ca/~murray.saul/user-data.txt</span></code></b></li><li>View the contents on the user-data.txt file to confirm there are 3 fields (username, fullname, and e-mail address)which are separated by the colon (:) symbol.<li><li>Use a text editor (such as <b><code><span style="color:#3366CC;font-size:1.2em;">vi</span></code></b> or <b><code><span style="color:#3366CC;font-size:1.2em;">nano</span></code></b>) to create a Bash Shell script called: <b><code><span style="color:#3366CC;font-size:1.2em;">createUsers.bash</span></code></b> in /root's home directory.</li><li>Enter the following text content into your text-editing session:</li></ol><code style= Investigation 7"color: Deleting #3366CC;font-family:courier;font-size:.9em;margin-left:20px;"><br>#!/bin/bash <br><br># createUsers.bash<br># Purpose: Generates a batch of user accounts (user data stored in a text file)<br>#<br># USAGE: /root/createUsers.bash [-i {input-path}] <br>#<br># Author: *** INSERT YOUR NAME ***<br># Date: *** CURRENT DATE ***<br><br>if [ $PWD != "/root" ] # only runs if in root's home directory<br>then<br> echo "You must be in root's home directory." >&2<br> exit 1<br>fi<br>if [ "$#" -eq 0 ] # if no arguments after command<br>then<br> echo "You must enter an argument" >&2<br> echo "USAGE: $0 [-i {input-path}]" >&2<br> exit 2<br>fi<br></code><br><ol><li value="6">Save your editing session, but remain in the text editor.</li><li>The code displayed below uses the getopt function set the input file pathname or check for invalid options or missing option text. Add the following code</li></ol><br><code style="color:#3366CC;font-family:courier;font-size:.9em;"><br>outputFlag="n"<br>while getopts i: name<br>do<br> case $name in<br> i) inputFile=$OPTARG ;;<br> :) echo "Error: You need text after options requiring text"<br> exit 1 ;;<br> \?) echo "Error: Incorrect option"<br> exit 1 ;;<br> esac<br>done<br></code><ol><li value="6">Save your editing session, but remain in the text editor.</li><li>The code displayed below uses logic to exit the script if the input file does not exist. Command substitution is used to store each line of the input file as a positional parameter. There is one subtle problem here: The full names of the users contain spaces which can create havoc when trying to set each line as a separate positional parameter. In this case the sed command is used to convert spaces to plus signs (+), which will be converted back later. Finally, a '''for''' loop is used to create each account ('''useradd''') and mail the user their account information ('''mail'''). Add the following code:</li></ol><br><code style="color:#3366CC;font-family:courier;font-size:.9em;"><br>if [ ! -f $inputFile ]<br>then<br> echo "The file pathname \"$inputFile\" is empty or does not exist" >&2<br> exit 2<br>fi<br><br>set $(sed 's/ /+/g' $inputFile) # temporarily convert spaces to + for storing lines as positional parameters<br><br>for x<br>do<br> userPassWd=$(date | md5sum | cut -d" " -f1)<br> useradd -m -c "$(echo $x | cut -d":" -f2 | sed 's/+/ /g')" -p $userPassWd $(echo $x | cut -d":" -f1)<br> mail -s "Server Account Information" $(echo $x | cut -d":" -f3) <<+<br> Here is your server account information:<br> servername: myserver.senecac.on.ca<br> username: $(echo $x | cut -d":" -f1)<br> password: $userPassWd<br> Regards,<br> IT Department<br>+<br>done<br><br>echo -e "\n\nAccounts have been created\n\n"<br>exit 0<br></code>
= Preparing for the = Practice For Quizzes , Tests, Midterm & Final Exam ==
# Describe all of the field in <code>'''/etc/passwd'''</code># What is the command to create a VGuser? PV? LVWhat option to create a home directory for that user? # What is the total size command to change the full name of the "main" VG on your systeman already-created user?# How do you create What is the command to delete a LVuser account?# How do you delete an LVWhat option allows for the user's home directory to be removed as well?# How would you add What is the disk partition <code>/dev/sdb7</code> command to your volume create a group "main"?# How would you increase What is the size of the root filesystem by 50 MBcommand (or steps) to include a user in a newly-created group?# What is the purpose of <code>'''/etc/fstabshadow'''</code>?# What is the purpose of <code>'''/etc/shadowskel'''</code>?# What does the term run-level mean?# How to set the run-level of a Linux system to text-based only? How to set to graphical mode?# What is the command to view the status of running services?# What is the command to start a service (like httpd, or sshd)?# What is the command to start a service?# Can a service be stopped and started by issuing just one command?
[[Category:OPS235]]
[[Category:OPS235 Labs]]