scis.regis.edu ● scis@regis.edu cs 468: advanced unix class 2 dr. jesús borrego regis university...

scis.regis.edu ● scis@regis.edu

CS 468: Advanced UNIXClass 2

Dr. Jesús BorregoRegis University

1

Topics

•Homework 1 solutions•How to capture output to file•Installation of system•User Administration•How to capture output to file•Homework 2 Assignment•Q&A

2

Capturing script interaction

3

Adding Users

Tasks:•Assign user name•Add new entry to password file•Add entry to group file•Create home directory for user•Create startup files for user•Notify user

4

Password file format

•username:•password:•userID:•groupID:•personal:•home directory:•startup

5

6

username:password:userID:groupID:personal:home directory:startup

Group file

7

LDAP

•Lightweight Directory Access Protocol•Smaller version of Directory Services

X.500•Table look up of entries; look up an entry

and it finds attributes•Used to determine access given to a user•Used by most operating systems,

including Unix, Linux, and Windows ▫MS: Active Directory

8

Directory Services Overview•Directory Concept

▫Look up resources based on known attributes

•Based on IETF and ISB X.500▫http://www.cse.ohio-state.edu/cgi-bin/rfc/rfc1

777.html

•DAP – Directory Access Protocol▫Specified in X.511

•LDAP – Lightweight DAP▫Clients can read and query the directory

9

Directory Services•Entities have attributes that can be

used to search▫Files can have access descriptors for

users•Contains a number of records with

(attribute, value) pairs•Collection of directory entries is

called a Directory Information Base (DIB)

10

Source: Tanenbaum, A., & Steen, M. V. (2007). Distributed systems: Principles and paradigms (2nd ed.). Upper Saddle River, NJ: Pearson Prentice Hall.

Directory Services Overview•Resources can be:

▫Computers, servers, databases, printers▫People, groups▫Anything on a network

•Dependent on TCP/IP for functionality

11

Source: Schwartz, R. (2000). Windows 2000 Active Directory survival guide: Planning and implementation. New York, NY: John Wiley & Sons

Active Directory Concepts•Namespace – name or group of

names defined according to a naming convention

•Name resolution – the ability to attribute a name to an object on the network▫Distinguished Name (DN) – from the root

Division/Department/Section/Unit/Group

▫Relative Distinguished Name (RDN) – relative to a particular location ./Group

12

Source: Schwartz, R. (2000). Windows 2000 Active Directory survival guide: Planning and implementation. New York, NY: John Wiley & Sons

Microsoft Directory Services•Services defined as:

▫Single point of access to network resources

▫Adaptive and expandable information source

▫Common policy or set of rules▫Methods for querying directory

objects

13

Source: Schwartz, R. (2000). Windows 2000 Active Directory survival guide: Planning and implementation. New York, NY: John Wiley & Sons

MS Active Directory Framework•Logical Elements

▫Structure▫Relationships

•Physical Components ▫AD Sites▫Domain Controllers

14

Source: Schwartz, R. (2000). Windows 2000 Active Directory survival guide: Planning and implementation. New York, NY: John Wiley & Sons

Logical Elements

•Objects•Schema•Domains•Containers and OUs•Trees and Forests•Sites and Domain Controllers

15

Source: Schwartz, R. (2000). Windows 2000 Active Directory survival guide: Planning and implementation. New York, NY: John Wiley & Sons

Objects•“Any item contained in the directory that has a common set of attributes”

•Examples: users, workstations, printers, databases, files

•Has properties and is defined by class definitions

•Can be a parent or child

16

Source: Schwartz, R. (2000). Windows 2000 Active Directory survival guide: Planning and implementation. New York, NY: John Wiley & Sons

Object Attributes•Property = Attribute•A set of information defining an object•Children inherit attributes of parents•Actual value defines object uniquely

▫A printer can be a parent and has attributes Location, brand, properties

▫An HP OfficeJet J4680 at IP 10.10.10.15 is a specific printer

17

Source: Schwartz, R. (2000). Windows 2000 Active Directory survival guide: Planning and implementation. New York, NY: John Wiley & Sons

Object Classes•Classes grouped by attributes•Sample classes:

▫Users▫Groups▫Computers▫Organizational Units▫Databases▫…

18

Source: Schwartz, R. (2000). Windows 2000 Active Directory survival guide: Planning and implementation. New York, NY: John Wiley & Sons

Structure Components•Containers

▫Store objects in the directory (domains, OUs)

•Domains▫Form security boundaries on a network▫Security settings do not cross over domains

•OUs▫Subdivide directory structure into smaller

units Makes administration easier and more

manageable

04/19/23

19

Source: Schwartz, R. (2000). Windows 2000 Active Directory survival guide: Planning and implementation. New York, NY: John Wiley & Sons

Relational Components •Trees

▫A contiguous namespace▫Domains interconnected via relationships

•Forests▫Collection of trees

•Global Catalog Server▫Central repository of objects

20

Source: Schwartz, R. (2000). Windows 2000 Active Directory survival guide: Planning and implementation. New York, NY: John Wiley & Sons

Trees•Logical hierarchy of domains within the

namespace▫Within the tree, domains are

interconnected in trust relationships•Trust Relationship

▫Formed when two or more domains are joined in the sane namespace and a link is formed

21

Source: Schwartz, R. (2000). Windows 2000 Active Directory survival guide: Planning and implementation. New York, NY: John Wiley & Sons

Forests•When companies merge

▫Individual trees are merged into a forest•Allows established trees to coexist in a

new network•First tree created in the forest becomes

the root (by default)•Trees in forest share common schema,

configuration, and catalog server

22

Source: Schwartz, R. (2000). Windows 2000 Active Directory survival guide: Planning and implementation. New York, NY: John Wiley & Sons

Chapter 7: Adding New Users

23

User management commands

•To add users: useradd•To delete users: userdel•To modify users: usermod

24

Login names rules

25

Password encryption

26

Encryption

•Crypt – based on DES•MDT•SHA256•Blowfish

27

UserID

•Login names are understandable to users•UID is used by the system internally•UIDs must be unique across the

organization•User IDs are managed by LDAP

28

Group ID

•Defined in /etc/groups•32-bit number•GID 0 – system•Group ID for a user is stored in the

password file•GECOS – General Comprehensive OS

▫Contains general information about user p.181

29

User information

•Home Directory•Login shell (bash default)•Login scripts

30

Other startup files

•See .bashrc•See .bash_profile•Review table 7.3, page 1898

31

Startupfiles

32

Bashprofile

33

AddingUsers

34

Useraccountoptions

35

Chapter 12:

36

Installing UNIX

Installation methods:•From media (DVD)•From network installation (DHCP, TFTP) that boots system without media

▫Retrieves files from network (HTTPS, NFS, FTP)

•From network card•Others (system dependent): Kickstart, LILO, AutoYaST

37

Installation documentation

38

Keywords for JumpStart

39

Packages

•Used to distribute software•Can also be used to release other files•Attempt to make installation easier than

using tar.gz archives•Include dependencies to determine what

components are required for a given installation

40

Package concepts

•Release – a software baseline•Component – Subset of software within a

release •Architecture – Specific class of hardware•Packages – elements that make up

components and releases

41

Binaries and config files

42

Software Distribution Commands

43

Revision Control

•Need to keep track of versions for a system – Why?

•Can do backups but they become cumbersome

•CVS•SubVersion•Revision•Version•Branches•Trunks

44

Branch Management

45

Localization and Configuration

•Need to configure all devices and file systems

•Need to maintain inventory of devices•Software released involve maintaining

licenses•Set up a test environment before

releasing changes•If possible, take advantage of

management tools

46

Questions?

47