Php5 Hosting, Mysql, Java, Jsp, Servlet, Tomcat, Ssh, Http Web Server Blog

140 Part II . Running the Show Using sudo and Other Administrative Logins You don t hear much about other administrative logins (besides root) being used with Linux. It was a fairly common practice in UNIX systems to have several different administrative logins that allowed administrative tasks to be split among several users. For example, a person sitting near a printer could have lp permissions to move print jobs to another printer if he knew a printer wasn t working. In any case, administrative logins are available with Linux, so you may want to look into using them. Here are some examples: . lp User can control some printing features. Having a separate lp administrator allows someone other than the superuser to do such things as move or remove lp logs and print spool files. The home directory for lp is /var/spool/lpd. . mail User can work with administrative e-mail features. The mail group has group permissions to use mail files in /var/spool/mail (which is also the mail user s home directory). . uucp User owns various uucp commands (once used as the primary method for dial-up serial communications) as well as log files in /var/log/uucp, spool files in /var/spool, administrative commands (such as uuchk, uucico, uuconv, and uuxqt) in /usr/sbin, and user commands (uucp, cu, uuname, uustat, and uux) in /usr/bin. The home directory for uucp is /var/spool/uucp. . bin User owns many commands in /bin in traditional UNIX systems. This is not the case in some Linux systems (such as Red Hat and Gentoo) because root owns most executable files. The home directory of bin is /bin. . news User could do administration of Internet news services, depending on how you set permission for /var/spool/news and other news-related resources. The home directory for news is /etc/news. One way to give full or limited root privileges to any nonroot user is to set up the sudo facility, which simply entails adding the user to /etc/sudoers and defining what privilege you want that user to have. Then the user can run any command he or she is privileged to use by preceding that command with the sudo command. Here s an example of how to use the sudo facility to cause any users that are added to the wheel group to have full root privileges: 1. As the root user, edit the /etc/sudoers file by running the visudo command: # /usr/sbin/visudo By default, the file opens in vi, unless your EDITOR variable happens to be set to some other editor acceptable to visudo (for example, export EDITOR=gedit). The reason for using visudo is that the command locks the /etc/sudoers file and does some basic sanity checking of the file to ensure it s been edited correctly.
Note: In case you are looking for affordable and reliable webhost to host and run your business application check Vision ftp web hosting services

Chapter 4 . Learning Basic Administration 139 Another directory, /etc/X11, includes subdirectories that each contain systemwide configuration files used by X and different X window managers available for Linux. The xorg.conf file (which makes your computer and monitor usable with X) and configuration directories containing files used by xdm and xinit to start X are in here. Directories relating to window managers contain files that include the default values that a user will get if that user starts one of these window managers on your system. Window managers that may have system-wide configuration files in these directories include GNOME (gdm) and Twm (twm). Some files and directories in /etc/X11 are linked to locations in the /usr/X11R6 directory. Administrative Log Files One of the things that Linux does well is keep track of itself. This is a good thing, when you consider how much is going on in a complex operating system. Sometimes you are trying to get a new facility to work and it fails without giving you the foggiest reason why. Other times you want to monitor your system to see if people are trying to access your computer illegally. In any of those cases, you can use log files to help track down the problem. The main utilities for logging error and debugging messages for Linux are the syslogd and klogd daemons. General system logging is done by syslogd. Logging that is specific to kernel activity is done by klogd. Logging is done according to information in the /etc/syslog.conf file. Messages are typically directed to log files that are usually in the /var/log directory. Here are a few common log files: . boot.log Contains boot messages about services as they start up. . messages Contains many general informational messages about the system. . secure Contains security-related messages, such as login activity. . XFree86.0.log or Xorg.0.log Depending on which X server you are using, contains messages about your video card, mouse, and monitor configuration. If you are using a Fedora or other Red Hat Linux system, the System Logs utility is a good way to step through your system s log files. From the red hat menu, select System Tools.System Logs. You not only can view boot, kernel, mail, security, and other system logs, but you can also use the filter box to search for particular terms (such as a model number of a piece of hardware that s not working). Note
Note: In case you are looking for affordable and reliable webhost to host and run your j2ee application check Vision j2ee hosting services

138 Part II . Running the Show Table 4-1 (continued) File Description printcap Contains definitions for the printers configured for your computer. (If the printcap file doesn t exist, look for printer information in the /etc/cups directory.) profile Sets system-wide environment and startup programs for all users. This file is read when the user logs in. protocols Sets protocol numbers and names for a variety of Internet services. resolv.conf Identifies the locations of DNS name server computers that are used by TCP/IP to translate Internet host.domain names into IP addresses. (When a Web browser or mail client looks for an Internet site, it checks servers listed in this file to locate the site.) rpc Defines remote procedure call names and numbers. services Defines TCP/IP services and their port assignments. shadow Contains encrypted passwords for users who are defined in the passwd file. (This is viewed as a more secure way to store passwords than the original encrypted password in the passwd file. The passwd file needs to be publicly readable, whereas the shadow file can be unreadable by all but the root user.) shells Lists the shell command-line interpreters (bash, sh, csh, and so on) that are available on the system, as well as their locations. sudoers Sets commands that can be run by users, who may not otherwise have permission to run the command, using the sudo command. In particular, this file is used to provide selected users with root permission. syslog.conf Defines what logging messages are gathered by the syslogd daemon and what files they are stored in. (Typically, log messages are stored in files contained in the /var/log directory.) termcap Lists definitions for character terminals, so that character-based applications know what features are supported by a given terminal. Graphical terminals and applications have made this file obsolete to most people. (Termcap was the BSD UNIX way of storing terminal information; UNIX System V used definitions in /usr/share/terminfo files.) xinetd.conf Contains simple configuration information used by the xinetd daemon process. This file mostly points to the /etc/xinetd.d directory for information about individual services. (Some systems use the inetd.conf file and the inetd daemon instead.)
Note: If you are looking for cheap webhost to host and run your apache application check Vision apache web hosting services

Chapter 4 . Learning Basic Administration 137 File Description fstab Identifies the devices for common storage media (hard disk, floppy, CD-ROM, and so on) and locations where they are mounted in the Linux system. This is used by the mount command to choose which file systems to mount when the system first boots. group Identifies group names and group IDs (GIDs) that are defined on the systems. Group permissions in Linux are defined by the second of three sets of rwx (read, write, execute) bits associated with each file and directory. gshadow Contains shadow passwords for groups. host.conf Sets the locations in which domain names (for example, redhat.com) are searched for on TCP/IP networks (such as the Internet). By default, the local hosts file is searched and then any name server entries in resolv.conf. hosts Contains IP addresses and host names that you can reach from your computer. (Usually this file is used just to store names of computers on your LAN or small private network.) hosts.allow Lists host computers that are allowed to use certain TCP/IP services from the local computer. hosts.deny Lists host computers that are not allowed to use certain TCP/IP services from the local computer (doesn t exist by default). inittab Contains information that defines which programs start and stop when Linux boots, shuts down, or goes into different states in between. This is the most basic configuration file for starting Linux. lilo.conf Sets Linux boot loader (lilo) parameters to boot the computer. In particular, it lists information about bootable partitions on your computer. (If your distribution uses the GRUB boot loader, you may not see this file.) modules.conf Contains aliases and options related to loadable kernel modules used by your computer. mtab Contains a list of file systems that are currently mounted. mtools.conf Contains settings used by DOS tools in Linux. named.conf Contains DNS settings if you are running your own DNS server. ntp.conf Includes information needed to run the Network Time Protocol (NTP). passwd Stores account information for all valid users for the system. Also includes other information, such as the home directory and default shell. (Rarely includes the user passwords themselves, which are typically stored in the /etc/shadow file.) Continued
Note: In case you are looking for affordable and reliable webhost to host and run your j2ee application check Vision web and email hosting services

136 Part II . Running the Show . /etc/pcmcia Contains configuration files that allow you to have a variety of PCMCIA cards configured for your computer. (PCMCIA slots are those openings on your laptop that enable you to have credit card sized cards attached to your computer. You can attach such devices as modems and external CD-ROMs.) . /etc/postfix Contains configuration files for the postfix mail transport agent. . /etc/ppp Contains several configuration files used to set up Point-to-Point Protocol (PPP) so that you can have your computer dial out to the Internet. . /etc/rc?.d There is a separate rc?.d directory for each valid system state: rc0.d (shutdown state), rc1.d (single-user state), rc2.d (multiuser state), rc3.d (multiuser plus networking state), rc4.d (user-defined state), rc5.d (multiuser, networking, plus GUI login state), and rc6.d (reboot state). . /etc/security Contains files that set a variety of default security conditions for your computer. These files are part of the pam (pluggable authentication modules) package. . /etc/skel Any files contained in this directory are automatically copied to a user s home directory when that user is added to the system. By default, most of these files are dot (.) files, such as .kde (a directory for setting KDE desktop defaults) and .bashrc (for setting default values used with the bash shell). . /etc/sysconfig Contains important system configuration files that are created and maintained by various services (including iptables, samba, and most networking services). These files are critical for Linux distributions that use GUI administration tools but not used on other Linux systems at all. . /etc/xinetd.d Contains a set of files, each of which defines a network service that the xinetd daemon listens for on a particular port. When the xinetd daemon process receives a request for a service, it uses the information in these files to determine which daemon processes to start to handle the request. Table 4-1 /etc Configuration Files of Interest File Description aliases Can contain distribution lists used by the Linux mail service. (This file may be located in /etc/mail.) bashrc Sets system-wide defaults for bash shell users. (This may be called bash.bashrc on some Linux distributions.) crontab Sets cron environment and times for running automated tasks. csh.cshrc Sets system-wide defaults for csh (C shell) users. (or cshrc) exports Contains a list of local directories that are available to be shared by remote computers using the Network File System (NFS).
Note: If you are looking for high quality webhost to host and run your jsp application check Vision jsp web hosting services

Chapter 4 . Learning Basic Administration 135 The advantage of plain-text files is that it s easy to read and change them. Any text editor will do. The downside, however, is that as you edit configuration files, no error checking is going on. You have to run the program that reads these files (such as a network daemon or the X desktop) to find out whether you set up the files correctly. A comma or a quote in the wrong place can sometimes cause a whole interface to fail. Throughout this book you ll find descriptions of the configuration files you need to set up the different features that make up Linux systems. The two major locations of configuration files are your home directory (where your personal configuration files are kept) and the /etc directory (which holds system-wide configuration files). Following are descriptions of directories (and subdirectories) that contain useful configuration files. (Refer to Table 4-1 for some individual configuration files in /etc that are of particular interest.) Viewing the contents of Linux configuration files can teach you a lot about administering Linux systems. . $HOME All users store information in their home directories that directs how their login accounts behave. Most configuration files in $HOME begin with a dot (.), so they don t appear as a user s directory when you use a standard ls command (you need to type ls -a to see them). There are dot files that define how each user s shell behaves, the desktop look-and-feel, and options used with your text editor. There are even files such as .ssh/* and .rhosts that configure network permissions for each user. (To see the name of your home directory, type echo $HOME from a shell.) . /etc This directory contains most of the basic Linux system-configuration files. Table 4-1 shows some /etc configuration files of interest. . /etc/cron* Directories in this set contain files that define how the crond utility runs applications on a daily (cron.daily), hourly (cron.hourly), monthly (cron.monthly), or weekly (cron.weekly) schedule. . /etc/cups Contains files that are used to configure the CUPS printing service. . /etc/default Contains files that set default values for various utilities. For example, the file for the useradd command defines the default group number, home directory, password expiration date, shell, and skeleton directory (/etc/skel) that are used when creating a new user account. . /etc/httpd Contains a variety of files used to configure the behavior of your Apache Web server (specifically, the httpd daemon process). (On some Linux systems, /etc/apache is used instead.) . /etc/init.d Contains the permanent copies of System V style run-level scripts. These scripts are often linked to files in the /etc/rc?.d directories to have each service associated with a script started or stopped for the particular run level. The ? is replaced by the run-level number (0 through 6). (Slackware puts its run-level scripts in the /etc/rc.d directory.) . /etc/mail Contains files used to configure your sendmail mail service.
Note: In case you are looking for affordable and reliable webhost to host and run your j2ee application check Vision web and email hosting services

134 Part II . Running the Show Exploring Administrative Commands, Configuration Files, and Log Files You can expect to find many commands, configuration files, and log files in the same places in the file system, regardless of which Linux distribution you are using. The following sections give you some pointers on where to look for these important elements. Administrative Commands Only the root user is intended to use many administrative commands. When you log in as root (or use su - from the shell to become root), your $PATH variable is set to include some directories that contain commands for the root user. These include the following: . /sbin Contains commands for modifying your disk partitions (such as fdisk), checking file systems (fsck), and changing system states (init). . /usr/sbin Contains commands for managing user accounts (such as useradd) and adding mount points for automounting file systems (automount). Commands that run as daemon processes are also contained in this directory. (Look for commands that end in d, such as sshd, pppd, and cupsd.) Some administrative commands are contained in regular user directories (such as /bin and /usr/bin). This is especially true of commands that have some options available to everyone. An example is the /bin/mount command, which anyone can use to list mounted file systems, but only root can use to mount file systems. (Some desktops, however, are configured to let regular users use mount to mount CDs, DVDs, or other removable media.) To find commands that are intended primarily for the system administrator, check out the section 8 manual pages (usually in /usr/share/man/man8). They contain descriptions and options for most Linux administrative commands. Some third-party applications will add administrative commands to directories that are not in your PATH. For example, an application may put commands in /usr/local/bin, /opt/bin, or /usr/local/sbin. In those cases, you may need to add those directories to your PATH. Administrative Configuration Files Configuration files are another mainstay of Linux administration. Almost everything you set up for your particular computer user accounts, network addresses, or GUI preferences is stored in plain-text files. This has some advantages and some disadvantages.
Note: If you are looking for cheap webhost to host and run your apache application check Vision jboss web hosting services

Chapter 4 . Learning Basic Administration 133 You still need to type the password, but after that, everything that normally happens at login for the root user happens after the su command is completed. Your current directory will be root s home directory (probably /root), and things like the root user s PATH variable will be used. If you become the root user by just typing su, rather than su -, you won t change directories or the environment of the current login session. You can also use the su command to become a user other than root. This is useful for troubleshooting a problem that is being experienced by a particular user, but not by others on the computer (such as an inability to print or send e-mail). For example, to have the permissions of a user named jsmith, you d type the following: $ su - jsmith Even if you were root user before you typed this command, afterward you would only have the permissions to open files and run programs that are available to jsmith. As root user, however, after you type the su command to become another user, you don t need a password to continue. If you type that command as a regular user, you must type the new user s password. When you are finished using superuser permissions, return to the previous shell by exiting the current shell. Do this by pressing Ctrl+D or by typing exit. If you are the administrator for a computer that is accessible to multiple users, don t leave a root shell open on someone else s screen (unless you want to let that person do anything he wants to the computer)! Allowing Limited Administrative Access As mentioned earlier, when you run GUI tools as a regular user (from Red Hat Linux, SUSE, or some other Linux systems), you are prompted for the root password before you are able to access the tool. By entering the root password, you are given root privilege for that one task, without being root user for every task you do from that desktop session. A particular user can also be given administrative permissions for particular tasks without being given the root password. For example, a system administrator can add a user to particular groups, such as modem, disk, users, cdrom, ftp, mail, or www, and then open group permission to use those services. Or, an administrator could add a user to the wheel group and add entries to the /etc/sudoers file to allow that user to use the sudo command to run individual commands as root. (See the description of sudo later in this chapter.) A fairly new feature being added to some Linux distributions that are used in highly secure environments is Security Enhanced Linux (SELinux). With SELinux, instead of one all-powerful root user account, multiple roles can be defined to protect selected files and services. In that way, for example, if someone hacks into your Web server, he would not automatically have access to your mail server, user passwords, or other services running on the computer.
Note: If you are looking for high quality webhost to host and run your jsp application check Vision jsp web hosting services

132 Part II . Running the Show Some Linux distributions, such as Damn Small Linux, give you (as a regular user) the power to run commands as root. You simply have to ask for the privilege using the sudo command. For example, from a Terminal window, to open a shell as root, you would type: $ sudo su - # You ll find out more about the sudo command later in this chapter. The home directory for the root user is typically /root. The home directory and other information associated with the root user account are located in the /etc/passwd file. Here s what the root entry looks like in the /etc/passwd file: root:x:0:0:root:/root:/bin/bash This shows that for the user named root the user ID is set to 0 (root user), the group ID is set to 0 (root group), the home directory is /root, and the shell for that user is /bin/bash. (We re using a shadow password file to store encrypted password data, so the password field here contains an x.) You can change the home directory or the shell used by editing the values in this file. A better way to change these values, however, is to use the useradd command (described later in this chapter). Becoming Root from the Shell (su Command) Although you can become the superuser by logging in as root, sometimes that is not convenient. For example, you may be logged in to a regular user account and just want to make a quick administrative change to your system without having to log out and log back in. Or, you may need to log in over the network to make a change to a Linux system but find that the system doesn t allow root users in from over the network (a common practice in the days before secure shells were available). The solution is to use the su command. From any Terminal window or shell, you can simply type $ su Password: ****** # When you are prompted, type in the root user s password. The prompt for the regular user ($) changes to the superuser prompt (#). At this point, you have full permission to run any command and use any file on the system. However, one thing that the su command doesn t do when used this way is read in the root user s environment. As a result, you may type a command that you know is available and get the message Command Not Found. To fix this problem, use the su command with the dash (-) option instead, like this: $ su - Password: ****** # Note
Note: If you are looking for reliable webhost to maintain and run your java application check Vision java hosting services

Chapter 4 . Learning Basic Administration 131 Figure 4-3: Use the YaST Control Center to administer SUSE systems. Using the Root Login Every Linux system starts out with at least one administrative user account (the root user) and possibly one or more regular user accounts (given a name that you choose, or a name assigned by Linux). In most cases, you log in as a regular user and become the root user to do an administrative task. The root user has complete control of the operation of your Linux system. That user can open any file or run any program. The root user also installs software packages and adds accounts for other people who use the system. When you first install most Linux systems, you add a password for the root user. You must remember and protect this password you will need it to log in as root or to obtain root permission while you are logged in as some other user. Other Linux systems (such as KNOPPIX) start you with a blank root password, so you may want to add one when you first start up by typing the following from a Terminal window or other shell: # passwd root Changing password for user root. New UNIX password: ******** Retype new UNIX password: ********
Note: If you are looking for best quality webspace to host and run your tomcat application check Vision shared web hosting services