2. Administration
• Becoming the Super User (the su Command)
• Administrative GUI Tools
• Many commands are intended only for root.
• /sbin — This contains commands for modifying your disk
partitions (such as fdisk), changing boot procedures
(grub), and changing system states (init).
• /usr/sbin —This contains commands for managing user
accounts (such as useradd) and checking network traffic
(wireshark). Commands that run as daemon processes
are also contained in this directory. (Look for commands
that end in d, such as sshd, pppd, and crond.)
3. Administrative Config Files
• Almost everything you set up for your
particular computer — user accounts,
network addresses, or GUI preferences —
is stored in plaintext files.
4. $HOME
• All users store information in their home
directories that directs how their login
accounts behave. Most configuration files
in $HOME begin with a dot (.), so they
don’t appear as a user’s directory when
you use a standard ls command (you
need to type ls –a to see them)
5. /etc
• adjtime—Holds data to adjust the hardware clock (see the hwclock
man page).
• aliases —Can contain distribution lists used by the Linux mail
service.
• bashrc—Sets system-wide defaults for bash shell users. (By
default, it sets the shell prompt to include the current user name,
hostname, current directory, and other values.)
• cdrecord.conf —Contains defaults used for recording CDs.
• crontab—Sets cron environment and times for running automated
tasks.
• csh.cshrc (or cshrc)—Sets system-wide defaults for csh (C shell)
users.
• dovecot—Contains information needed to support the dovecot
IMAPv4/POP3 mail service.
6. /etc
• esd.conf —Sets options used by the
Enlightenment Sound Daemon to mix multiple
audio streams into a single audio output.
• exports—Contains a list of local directories that
are available to be shared by remote computers
using the Network File System (NFS).
• fstab—Identifies the devices for common
storage media (hard disk, floppy, CD-ROM, etc.)
and locations where they are mounted in the
Linux system. This is used by the mount
command to choose which file systems to
mount.
7. /etc
• group—Identifies group names and group IDs (GIDs) that are defined in the
systems. Group permissions in Linux are defined by the second of three
sets of rwx (Read, Write, Execute) bits associated with each file and
directory.
• gshadow—Contains shadow passwords for groups.
• host.conf — Sets the locations in which domain names (e.g., redhat.com)
are searched for on TCP/IP networks (such as the Internet). By default, the
local hosts file is searched, then any nameserver entries in resolv.conf.
• hosts—Contains IP addresses and hostnames that you can reach from
your computer. (Usually this file is used just to store names of computers on
your LAN or small private network.)
• hosts.allow—Lists host computers that are allowed to use certain TCP/IP
services from the local computer.
• hosts.deny—Lists host computers that are not allowed to use certain
TCP/IP services from the local computer (doesn’t exist by default).
8. /etc
• inittab—Contains information that defines which
programs start and stop when Linux boots, shuts down,
or goes into different states (runlevels) in between. This
is the most basic configuration file for starting Linux.
• issue—Contains the lines that are displayed when a
terminal is ready to let you log in to your system from a
local terminal, or the console in text mode.
• issue.net— Contains login lines that are displayed to
users who try to log in to the Linux system from a
computer on the network using the telnet service.
• mail.rc —Sets system-wide parameters associated with
using mail.
• man.config—Used by the man command to determine
the default path to the location of man pages.
9. /etc
• modprobe.conf — Contains aliases and options
related to loadable kernel modules
• used by your computer.
• mtab—Contains a list of file systems that are
currently mounted.
• mtools.conf —Contains settings used by DOS
tools in Linux.
• named.conf —Contains DNS settings if you are
running your own DNS server.
• ntp.conf —Includes information needed to run
the Network Time Protocol (NTP).
10. /etc
• passwd— Stores account information for all valid users
for the system. Also includes other information, such as
the home directory and default shell.
• printcap—Contains definitions for the printers configured
for your computer.
• profile —Sets system-wide environment and start-up
programs for all users. This file is read when the user
logs in.
• protocols—Sets protocol numbers and names for a
variety of Internet services.
• redhat-release—Contains a string identifying the current
CentOS release.
11. /etc
• resolv.conf — Identifies the locations of DNS name
server computers that are used by TCP/IP to translate
Internet host.domain names into IP addresses.
• rpc —Defines remote procedure call names and
numbers.
• services— Defines TCP/IP services and their port
assignments.
• shadow—Contains encrypted passwords for users who
are defined in the passwd file. (This is viewed as a more
secure way to store passwords than the original
encrypted password in the passwd file. The passwd file
needs to be publicly readable, whereas the shadow file
can be unreadable by all but the root user.)
12. /etc
• shells —Lists the shell command-line interpreters (bash, sh, csh,
etc.) that are available on the system, as well as their locations.
• sudoers—Sets commands that can be run by users, who may not
otherwise have permission to run the command, using the sudo
command. In particular, this file is used to provide selected users
with root permission.
• syslog.conf —Defines what logging messages are gathered by the
syslogd daemon and what files they are stored in. (Typically, log
messages are stored in files contained in the /var/log directory.)
• termcap—Lists definitions for character terminals, so that
character-based applications know what features are supported by
a given terminal. Graphical terminals and applications have made
this file obsolete to most people. (Termcap was the BSD UNIX way
of storing terminal information; UNIX System V used definitions in
/usr/share/terminfo files.)
13. /etc/X11
• Contains subdirectories that each contain
system-wide configuration files used by X
and different X window managers
available for Linux. The xorg.conf file
(which makes your computer and monitor
usable with X) and configuration
directories containing files used by xdm
and xinit to start X are in here.
14. /etc
• /etc/amanda —Contains files and directories that
allow the amanda facility to do network backups
of other Linux and UNIX systems.
• /etc/cron* — Directories in this set contain files
that define how the crond utility runs applications
on a daily (cron.daily), hourly (cron.hourly),
monthly (cron.monthly), or weekly (cron.weekly)
schedule.
• /etc/cups —Contains files that are used to
configure the CUPS printing service.
15. /etc
• /etc/default —Contains files that set default values for
various utilities. For example, the file for the useradd
command defines the default group number, home
directory, password expiration date, shell, and skeleton
directory (/etc/skel) that are used when creating a new
user account.
• /etc/httpd —Contains a variety of files used to configure
the behavior of your Apache Web server (specifically,
the httpd daemon process).
• /etc/init.d — Contains links to the run-level scripts. These
scripts are linked from files in the /etc/rc?.d directories to
have each service associated with a script started or
stopped for the particular run level. The ? is replaced by
the run-level number (0 through 6).
16. /etc
• /etc/mail —Contains files used to configure your
sendmail mail service.
• /etc/pcmcia — Contains configuration files that allow you
to have a variety of PCMCIA cards configured for your
computer. (PCMCIA slots are those openings on your
laptop that allow you to have credit card–sized cards
attached to your computer. You can attach such devices
as modems and external CD-ROMs.)
• /etc/postfix —Contains configuration files for the postfix
mail transport agent.
• /etc/ppp —Contains several configuration files used to
set up Point-to-Point protocol (so that you can have your
computer dial out to the Internet).
17. /etc
• /etc/rc?.d —There is a separate rc?.d directory for each valid
system state: rc0.d (shutdown state), rc1.d (single-user state), rc2.d
(multiuser state), rc3.d (multiuser plus networking state), rc4.d
(user-defined state), rc5.d (multiuser, networking, plus GUI login
state), and rc6.d (reboot state).
• /etc/security —Contains files that set a variety of default security
conditions for your computer. These files are part of the pam
(pluggable authentication modules) package.
• /etc/skel —Any files contained in this directory are automatically
copied to a user’s home directory when that user is added to the
system. By default, most of these files are dot (.) files, such as .kde
(a directory for setting KDE desktop defaults) and .bashrc (for
setting default values used with the bash shell).
18. /etc
• /etc/squid —Contains configuration files for the Squid proxy caching server.
• /etc/sysconfig —Contains important system configuration files that are
created and
• maintained by various system services (including iptables, samba, and most
networking services).
• /etc/uucp —Contains configuration files used with Taylor UUCP (a
nonstandard version of the uucp facility that is used to create modem, direct
line, and other serial connections with other computers).
• /etc/vsftpd —Contains configuration files used to set up the vsftpd FTP
server.
• /etc/xinetd.d —Contains a set of files, each of which defines a network
service that the xinetd daemon listens for on a particular port. When the
xinetd daemon process receives a request for a service, it uses the
information in these files to determine which daemon processes to start to
handle the request.
19. Administrative Log Files
• keep track of itself.
• monitor your system to see if people are
trying to access your computer illegally.
• General system logging is done by
syslogd.
• As root user, you can view log files with
the less command or watch messages as
they enter log file using the tail command
(tail -f /var/log/messages).
20. Ongoing
job as a Linux system administrator
• Configuring Hardware —Often when you
add hardware to your CentOS computer,
that hardware will be automatically
detected and configured by tools. can use
commands such as lsmod, modprobe,
insmod, and rmmod to configure the right
modules to get the hardware working.
• To see what HAL knows about your
system, run the lshal command:
21. Ongoing
job as a Linux system administrator
• Managing File Systems and Disk Space
—You must keep track of the disk space
being consumed, especially if your
CentOS system is shared by multiple
users. At some point, you may need to
add a hard disk or track down what is
eating up your disk space (you can use
commands like find, du, and df to do
this).
22. Ongoing
job as a Linux system administrator
• Monitoring System Performance —You
may have a runaway process on your
system, or you may just be experiencing
slow performance. Tools that come with
CentOS can help you determine how
much of your CPU and memory are being
consumed.
23. Mounting/umount Removable
Media
• CD-ROM—If you are mounting a CD-ROM
that is in the standard ISO 9960 format (as
most software CD-ROMs are), you can
mount that CD-ROM by placing it in your
CD-ROM drive and typing the following:
• # mount /mnt/cdrom
• Floppy Disk
• # mount /mnt/floppy
24. Checking System Space
• Checking Disk Space with Disk Usage
Analyzer
• Displaying System Space with df
• To produce output in a more human-
readable form, use the -h option as
follows: $ df -h
25. Checking Disk Usage with du
• The du command is a good way to check
how much space is being used by a
particular user (du /home/user1)
• To make the output more friendly (in
kilobytes, megabytes, and gigabytes), use
the –h
• $ du -h /home/jake
26. Watch Computer Usage with
System Monitor
• System Monitor graphically displays your
system’s CPU and memory usage.
• Monitoring CPU Usage with top
• By adding the -S option to top, you can
have the display show you the cumulative
CPU time that the process
27. Using Security Enhanced Linux
• When you first install CentOS, you have the
opportunity to enable or disable SELinux.
• Targeted policies focus on services with
vulnerable daemon processes
• Targeted policies limit the impact that an attack
on the following services can have on your
server as a whole: Apache (Web server), Samba
(Windows file and print sharing), FTP (file
transfer protocol), NFS (network file system),
and others
28. Policies in SELinux
• Enforcing —The current SELinux policy is
turned on and its policies are enforced.
• Permissive —The current SELinux policy is on,
but not enforced (so you only see warning
messages describing how the policy would be
enforced).
• Disabled —SELinux is off, so only standard
Linux permissions are enforced (as they always
were on systems not including SELinux).
31. Adding Users with useradd
• # useradd -c "Robert Jones" -m robert
• -c "comment“
• -d home_dir
• -e expire_date
• -g group
• -m Automatically create the user’s home
directory
• -p passwd
• # passwd robert
32. Adding Users with User Manager
• A graphical window for adding, changing,
and deleting user accounts, you can use
the User Manager window.
33. Adding User Accounts to Servers
• To prevent a remote user from logging in
and accessing a shell via ssh or another
login service, you can set the default shell
for a user to nologin.
• # useradd -s /sbin/nologin yason
• A common practice with Web hosting is to
allow a user to place content on the server
• # useradd -s /sbin/nologin -d
/var/www/html webuser
34. Resetting a User’s Password
• # passwd yason
• # chage -M 30 -d 0 yason
• The -M 30 option tells the system to expire
yason’s password every 30 days. The -d 0
option tricks the system into thinking that her
password has not been changed since January
1, 1970.
• Keep in mind that using chage activates
password aging for any account on which it is
used.
35. Modifying User Accounts with
usermod
• # usermod -l mike -c "Mike Barnes" -m
-d /home/mike yason
37. Deleting User Accounts
• Deleting User Accounts with userdel
• # userdel yason
• To wipe out her home directory along with
her account, type this:
• # userdel -r yason
• Deleting User Accounts with User
Manager
38. System Startup and Shutdown
• During system startup, a series of scripts
is run to start the services that you need.
• Service Configuration window.