scis.regis.edu ● [email protected] cs 468: advanced unix class 2 dr. jesús borrego regis university...
TRANSCRIPT
Topics
•Homework 1 solutions•How to capture output to file•Installation of system•User Administration•How to capture output to file•Homework 2 Assignment•Q&A
2
Capturing script interaction
3
Adding Users
Tasks:•Assign user name•Add new entry to password file•Add entry to group file•Create home directory for user•Create startup files for user•Notify user
4
Password file format
•username:•password:•userID:•groupID:•personal:•home directory:•startup
5
6
username:password:userID:groupID:personal:home directory:startup
Group file
7
LDAP
•Lightweight Directory Access Protocol•Smaller version of Directory Services
X.500•Table look up of entries; look up an entry
and it finds attributes•Used to determine access given to a user•Used by most operating systems,
including Unix, Linux, and Windows ▫MS: Active Directory
8
Directory Services Overview•Directory Concept
▫Look up resources based on known attributes
•Based on IETF and ISB X.500▫http://www.cse.ohio-state.edu/cgi-bin/rfc/rfc1
777.html
•DAP – Directory Access Protocol▫Specified in X.511
•LDAP – Lightweight DAP▫Clients can read and query the directory
9
Directory Services•Entities have attributes that can be
used to search▫Files can have access descriptors for
users•Contains a number of records with
(attribute, value) pairs•Collection of directory entries is
called a Directory Information Base (DIB)
10
Source: Tanenbaum, A., & Steen, M. V. (2007). Distributed systems: Principles and paradigms (2nd ed.). Upper Saddle River, NJ: Pearson Prentice Hall.
Directory Services Overview•Resources can be:
▫Computers, servers, databases, printers▫People, groups▫Anything on a network
•Dependent on TCP/IP for functionality
11
Source: Schwartz, R. (2000). Windows 2000 Active Directory survival guide: Planning and implementation. New York, NY: John Wiley & Sons
Active Directory Concepts•Namespace – name or group of
names defined according to a naming convention
•Name resolution – the ability to attribute a name to an object on the network▫Distinguished Name (DN) – from the root
Division/Department/Section/Unit/Group
▫Relative Distinguished Name (RDN) – relative to a particular location ./Group
12
Source: Schwartz, R. (2000). Windows 2000 Active Directory survival guide: Planning and implementation. New York, NY: John Wiley & Sons
Microsoft Directory Services•Services defined as:
▫Single point of access to network resources
▫Adaptive and expandable information source
▫Common policy or set of rules▫Methods for querying directory
objects
13
Source: Schwartz, R. (2000). Windows 2000 Active Directory survival guide: Planning and implementation. New York, NY: John Wiley & Sons
MS Active Directory Framework•Logical Elements
▫Structure▫Relationships
•Physical Components ▫AD Sites▫Domain Controllers
14
Source: Schwartz, R. (2000). Windows 2000 Active Directory survival guide: Planning and implementation. New York, NY: John Wiley & Sons
Logical Elements
•Objects•Schema•Domains•Containers and OUs•Trees and Forests•Sites and Domain Controllers
15
Source: Schwartz, R. (2000). Windows 2000 Active Directory survival guide: Planning and implementation. New York, NY: John Wiley & Sons
Objects•“Any item contained in the directory that has a common set of attributes”
•Examples: users, workstations, printers, databases, files
•Has properties and is defined by class definitions
•Can be a parent or child
16
Source: Schwartz, R. (2000). Windows 2000 Active Directory survival guide: Planning and implementation. New York, NY: John Wiley & Sons
Object Attributes•Property = Attribute•A set of information defining an object•Children inherit attributes of parents•Actual value defines object uniquely
▫A printer can be a parent and has attributes Location, brand, properties
▫An HP OfficeJet J4680 at IP 10.10.10.15 is a specific printer
17
Source: Schwartz, R. (2000). Windows 2000 Active Directory survival guide: Planning and implementation. New York, NY: John Wiley & Sons
Object Classes•Classes grouped by attributes•Sample classes:
▫Users▫Groups▫Computers▫Organizational Units▫Databases▫…
18
Source: Schwartz, R. (2000). Windows 2000 Active Directory survival guide: Planning and implementation. New York, NY: John Wiley & Sons
Structure Components•Containers
▫Store objects in the directory (domains, OUs)
•Domains▫Form security boundaries on a network▫Security settings do not cross over domains
•OUs▫Subdivide directory structure into smaller
units Makes administration easier and more
manageable
04/19/23
19
Source: Schwartz, R. (2000). Windows 2000 Active Directory survival guide: Planning and implementation. New York, NY: John Wiley & Sons
Relational Components •Trees
▫A contiguous namespace▫Domains interconnected via relationships
•Forests▫Collection of trees
•Global Catalog Server▫Central repository of objects
20
Source: Schwartz, R. (2000). Windows 2000 Active Directory survival guide: Planning and implementation. New York, NY: John Wiley & Sons
Trees•Logical hierarchy of domains within the
namespace▫Within the tree, domains are
interconnected in trust relationships•Trust Relationship
▫Formed when two or more domains are joined in the sane namespace and a link is formed
21
Source: Schwartz, R. (2000). Windows 2000 Active Directory survival guide: Planning and implementation. New York, NY: John Wiley & Sons
Forests•When companies merge
▫Individual trees are merged into a forest•Allows established trees to coexist in a
new network•First tree created in the forest becomes
the root (by default)•Trees in forest share common schema,
configuration, and catalog server
22
Source: Schwartz, R. (2000). Windows 2000 Active Directory survival guide: Planning and implementation. New York, NY: John Wiley & Sons
Chapter 7: Adding New Users
23
User management commands
•To add users: useradd•To delete users: userdel•To modify users: usermod
24
Login names rules
25
Password encryption
26
Encryption
•Crypt – based on DES•MDT•SHA256•Blowfish
27
UserID
•Login names are understandable to users•UID is used by the system internally•UIDs must be unique across the
organization•User IDs are managed by LDAP
28
Group ID
•Defined in /etc/groups•32-bit number•GID 0 – system•Group ID for a user is stored in the
password file•GECOS – General Comprehensive OS
▫Contains general information about user p.181
29
User information
•Home Directory•Login shell (bash default)•Login scripts
30
Other startup files
•See .bashrc•See .bash_profile•Review table 7.3, page 1898
31
Startupfiles
32
Bashprofile
33
AddingUsers
34
Useraccountoptions
35
Chapter 12:
36
Installing UNIX
Installation methods:•From media (DVD)•From network installation (DHCP, TFTP) that boots system without media
▫Retrieves files from network (HTTPS, NFS, FTP)
•From network card•Others (system dependent): Kickstart, LILO, AutoYaST
37
Installation documentation
38
Keywords for JumpStart
39
Packages
•Used to distribute software•Can also be used to release other files•Attempt to make installation easier than
using tar.gz archives•Include dependencies to determine what
components are required for a given installation
40
Package concepts
•Release – a software baseline•Component – Subset of software within a
release •Architecture – Specific class of hardware•Packages – elements that make up
components and releases
41
Binaries and config files
42
Software Distribution Commands
43
Revision Control
•Need to keep track of versions for a system – Why?
•Can do backups but they become cumbersome
•CVS•SubVersion•Revision•Version•Branches•Trunks
44
Branch Management
45
Localization and Configuration
•Need to configure all devices and file systems
•Need to maintain inventory of devices•Software released involve maintaining
licenses•Set up a test environment before
releasing changes•If possible, take advantage of
management tools
46
Questions?
47