Track 2 Workshop PacNOG 7 June 29, 2010 System Administration --------------------- 1. Reboot your system Open a terminal session and become root: $ su - Tell your machine to reboot: # shutdown -r now The "-r" means reboot. To stop a machine you can do: # halt -p Be careful when using halt on remote systems! 2. Go to single user mode Once your machine has rebooted and you have logged back in open a terminal window. In the window do: $ sudo init 1 This will take you down to single user mode. You can only log in as the root user. On some systems you are given a root prompt without requiring a password. To go back to multi-user mode type: # exit This is one way you can kill the GUI on your system without completing turning off your machine. 3. Figure out how your machine has been partitioned You want to display free disk space, or "df": $ df -h Use: $ man df to understand what the "-f" option does. Look in /etc/fstab. This is where file systems are mounted in Linux. Read the man page on this file: $ man fstab Notice that defined file systems are pointing to /dev/sda*. Have a look at these files: $ ls -lah /dev/sda* $ file /dev/sda* What type of files are these? 4. Create a new group In a terminal window first do: $ sudo groupadd track2 Now lets add some members to this group: $ sudo vigr You will now be in the /etc/group file using the vi editor with the file locked to other users. Find the entry for "track2" - Easiest way is to press the "/" key, type "track2" and press /track2 [press ] You will be on this line: track2:x:1002: Change the line to look like: track2:x:1002:pacnog,archive And save the file and quit. In command mode type: :wq Verify that your pacing user is now in the track2 group: $ su - pacnog $ groups 5. Editing the command line revisited: We did this exercise in the introduction to Linux session. We will repeat it here. It is particularly useful to realize that you can edit a command just as you would a line of text in a file. For instance, you can: - Use your back-arrow and forward-arrow keys to change text in a command. - Use the Home and End keys to go to the start and the end of a command. - Note: you do not need to go to the end of a command before pressing to execute the command. - You can use the history command with grep to find a previous command. You can copy and paste this command, then edit it to make adjustments. For long commands this can save considerable time. - Alternatively you can use the reverse-search feature of bash: 1.) Press ctrl-r. 2.) type the term you are searching for. 3.) Press ctrl-r to cycle through all occurrences of the term in your history. 4.) Press the right or left-arrow, HOME or END key to start editing the command. First, let's make sure we have a command to play with. Do the following command: $ sudo grep pacnog /etc/passwd Let's give some of these editing rules a try. Instead of searching for the pacnog user in the /etc/passwd file weÕll search for the root user. 1.) Press Òctrl-rÓ 2.) type ÒpacnogÓ 3.) If necessary press ctrl-r again until you see the original command you used to search for the pacnog user in the /etc/password file (sudo grep pacnog /etc/passwd). 4.) Use the arrows keys to move in the command and change pacnog to root. You should now have the following on your command line: $ sudo grep root /etc/passwd With your cursor positioned over just past the ÒtÓ in ÒrootÓ Ð Press to execute the command. You should see: root:x:0:0:root:/root:/bin/bash ThatÕs it. You can practice repeating the above with other parts of commands you have already executed (ls, grep, cat, etc.). 6. Using the pipe command Let's run a command with lots of output: $ sudo lsof -i Find the Process ID (PID) of one of the ssh server that is running on your machine: COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME sshd 988 root 3u IPv4 5040 0t0 TCP *:ssh (LISTEN) sshd 988 root 4u IPv6 5042 0t0 TCP *:ssh (LISTEN) Your PID will be different. Now let's look at all the associated files with this process: $ sudo lsof -p PID There are a fair number of files that are "open" by the ssh server, or daemon - the sshd command. Let's look at more interesting output from the prior command: $ sudo lsof -p PID | grep REG Now let's see how many files the sshd program has open: $ sudo lsof -p PID | grep REG | wc -l To see what these commands are doing read: $ man lsof $ man grep $ man wc 7. Use the top command The top command let's us see the status of our system at a quick glance. To use top simply do: $ top The item at the top of list of running processes is the process using the most CPU resources. Open another terminal window. In that window type: $ ls -lahR / Now in the window where top is running you should start to see the "ls" process listed using some amount of your total CPU. At the top of the top window you'll see something like: top - 08:10:23 up 16:14, 2 users, load average: 0.00, 0.00, 0.00 Tasks: 91 total, 1 running, 90 sleeping, 0 stopped, 0 zombie Cpu(s): 0.0%us, 0.0%sy, 0.0%ni,100.0%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st Mem: 1016348k total, 568532k used, 447816k free, 91904k buffers Swap: 2973688k total, 0k used, 2973688k free, 325908k cached This is a good, quick way to see how much RAM, Virtual memory, CPU, total running processes, etc. that your machine has. You can adjust the output of top as it is running. Exit from top by typing "q" and then do $ man top Now run top again and change what it is displaying interactively. All the information in top is part of a dynamic file system located in /proc. As an example do the following: $ cd /proc $ ls The numbered directories correspond to actual Process IDs of processes that are running. Look at the file meminfo: $ less memento Note that it includes your total RAM. Top uses this file to get this information. Same for cpuinfo, loadavg, uptime, etc. If you want to know what command was executed to start a number process you can type (for instance): $ less /proc/1/cmdline You'll see that the first process started on the system is init.