Professional Documents
Culture Documents
8A5lC AMlNl57RA7l0N
This page intentionally left blank
3
wbere to 5tart
We set out to wiite a book that could be a system administiatoi's tiusty companion,
affoiding the piactical advice and basic system administiation theoiy that you can't
get fiom ieading manual pages. As a iesult, this book is designed to complement-
not ieplace-the existing body of Iinux documentation.
This book helps you in five ways:
It helps you choose solutions that continue to woik well as youi site giows
in size and complexity.
It helps you soit good ideas fiom bad and educates you about assoited
atiocities of taste committed by distiibutois.
Cuily biaces ("{" and "") mean that you should select one of the items
sepaiated by veitical bais ("|").
Foi example, the specification
bork [ -x | on| off | jicrumc .
would match any of the following commands:
bork on /etc/passwd
bork -x off /etc/passwd /etc/termcap
bork off /usr/Ib/tmac
We use shell-style globbing chaiacteis foi pattein matching:
A tilde oi "twiddle" (-) means the home diiectoiy of the cuiient usei.
Iistiibution-specific documentation
Acute phantom pageiphobia: the distuibing feeling that youi pagei has
gone off (when it ieally hasn't) and that youi peaceful evening with youi
significant othei is about to abiuptly end, iesulting in a 72-houi woik mai-
athon without food
Multiusei opeiation
Administiatois have little contiol ovei most of these steps. We effect most bootstiap
configuiation by editing the system staitup sciipts.
2.1 bootstraing 23
kerne| |n|t|a||zat|on
See Chapter 28 fcr
mcre infcrmaticn
abcut the kernel.
The Linux keinel is itself a piogiam, and the fiist bootstiapping task is to get this
piogiam into memoiy so that it can be executed. The pathname of the keinel is usu-
ally /vmlinuz oi /boot/vmlinuz.
Linux implements a two-stage loading piocess. Duiing the fiist stage, the system
ROM loads a small boot piogiam into memoiy fiom disk. This piogiam then ai-
ianges foi the keinel to be loaded.
The keinel peifoims memoiy tests to find out how much RAM is available. Some of
the keinel's inteinal data stiuctuies aie statically sized, so the keinel sets aside a fixed
amount of ieal memoiy foi itself when it staits. This memoiy is ieseived foi the kei-
nel and cannot be used by usei-level piocesses. The keinel piints on the console a
message that iepoits the total amount of physical memoiy and the amount available
to usei piocesses.
hardware conf|gurat|on
One of the keinel's fiist choies is to check out the machine's enviionment to see what
haidwaie is piesent. When you constiuct a keinel foi youi system, you tell it what
haidwaie devices it should expect to find; when the keinel begins to execute, it tiies
to locate and initialize each device that you have told it about. The keinel piints out
a line of ciyptic infoimation about each device it finds.These days, distiibutions in-
clude keinels that woik on most machine configuiations, iequiiing minimal (if any)
customization.
The device infoimation given at keinel configuiation time is often undeispecified.
In these cases, the keinel tiies to deteimine the othei infoimation it needs by piob-
ing the bus foi devices and asking the appiopiiate diiveis foi infoimation. The diiv-
eis foi devices that aie missing oi that do not iespond to a piobe will be disabled. If a
device is latei connected to the system, it is also possible to load oi enable a diivei foi
it on the fly. See Chaptei 28, Drivers and the Kernel, foi details.
kerne| threads
Once basic initialization is complete, the keinel cieates seveial "spontaneous" pio-
cesses in usei space. They'ie called spontaneous piocesses because they aie not cie-
ated thiough the noimal system fork mechanism; see page 56 foi moie details.
See page 2 fcr mcre
infcrmaticn abcut ps.
The numbei and natuie of the spontaneous piocesses vaiy fiom system to system.
Undei Linux, theie is no visible PID 0. init (always piocess 1) is accompanied by
seveial memoiy and keinel handlei piocesses, including those shown in Table 2.1
on the next page. These piocesses all have low-numbeied PIIs and can be identified
by the biackets aiound theii names in ps listings (e.g., [kacpid]). Sometimes the
piocess names have a slash and a digit at the end, such as [kblockd/0]. The numbei
indicates the piocessoi on which the thiead is iunning, which may be of inteiest on
a multipiocessoi system.
24 Chater 2 - booting and Shutting 0own
Among these piocesses, only init is ieally a full-fledged usei piocess. The otheis aie
actually poitions of the keinel that have been diessed up to look like piocesses foi
scheduling oi aichitectuial ieasons.
Once the spontaneous piocesses have been cieated, the keinel's iole in bootstiap-
ping is complete. Howevei, none of the piocesses that handle basic opeiations (such
as accepting logins) have been cieated, noi have most of the Linux daemons been
staited. All of these tasks aie taken caie of (indiiectly, in some cases) by init.
Uerator |ntervent|on (manua| boot on|y)
See Chapter 3 fcr mcre
infcrmaticn abcut the
rcct acccunt.
If the system is to be biought up in single-usei mode, a command-line flag (the
woid "single") passed in by the keinel notifies init of this fact as it staits up. init
eventually tuins contiol ovei to sulogin, a special neuteied-but-iabid veision of
login that piompts foi the ioot passwoid.
1
If you entei the iight passwoid, the sys-
tem spawns a ioot shell. You can type <Contiol-I> instead of a passwoid to bypass
single-usei mode and continue to multiusei mode. See page ?1 foi moie details.
See Chapter 5 fcr mcre
infcrmaticn abcut file-
systems and mcunting.
Fiom the single-usei shell, you can execute commands in much the same way as
when logged in on a fully booted system. Howevei, on SISI, Iebian, and Ibuntu
systems, only the ioot paitition is usually mounted; you must mount othei filesys-
tems by hand to use piogiams that don't live in /bin, /sbin, oi /etc.
In many single-usei enviionments, the filesystem ioot diiectoiy staits off being
mounted iead-only. If /tmp is pait of the ioot filesystem, a lot of commands that use
tempoiaiy files (such as vi) will iefuse to iun. To fix this pioblem, you'll have to begin
youi single-usei session by iemounting / in iead/wiite mode. The command
# mount -o rw,remount /
usually does the tiick.
Red Hat and Fedoia's single-usei mode is a bit moie aggiessive than noimal. By the
time you ieach the shell piompt, these distiibutions have tiied to mount all local file-
systems. Although this seems helpful at fiist, it can piove pioblematic if you have a
sick filesystem.
1ab|e 2.1 Some common L|nux kerne| rocesses
1hread Purose
kjourna|d Commits ext3 journal udates to disk
a
kswad Swas rocesses when hysical memory is low
krec|a|md Reclaims memory ages that haven't been used recently
ksoft|rqd nandles multile layers of soft interruts
khubd Configures uSb devices
a. Jhere is one kjourna|d for each mounted ext3 filesystem.
1. See ihe man pages foi inittab and sulogin foi moie infoimaiion. Sadly, even modein veisions of Red
Hai and Fedoia do noi by defauli iequiie a passwoid io eniei single-usei mode.
2.2 booting PCs 25
The fsck command is noimally iun duiing an automatic boot to check and iepaii
filesystems. When you biing the system up in single-usei mode, you may need to
iun fsck by hand. See page 1?1 foi moie infoimation about fsck.
When the single-usei shell exits, the system attempts to continue booting into mul-
tiusei mode.
xecut|on of startu scr|ts
By the time the system is ieady to iun its staitup sciipts, it is iecognizably Linux.
Even though it doesn't quite look like a fully booted system yet, no moie "magic"
steps aie left in the boot piocess. The staitup sciipts aie just noimal shell sciipts,
and they'ie selected and iun by init accoiding to an algoiithm that, though some-
times toituous, is ielatively compiehensible.
The caie, feeding, and taxonomy of staitup sciipts meiits a majoi section of its own.
It's taken up in moie detail staiting on page ?2.
Mu|t|user oerat|on
See page 855 fcr mcre
infcrmaticn abcut the
lcgin prccess.
Aftei the initialization sciipts have iun, the system is fully opeiational, except that
no one can log in. Foi logins to be accepted on a paiticulai teiminal (including the
console), a getty piocess must be listening on it. init spawns these getty piocesses
diiectly, completing the boot piocess. init is also iesponsible foi spawning giaphical
login systems such as xdm oi gdm if the system is set up to use them.
Keep in mind that init continues to peifoim an impoitant iole even aftei bootstiap-
ping is complete. init has one single-usei and seveial multiusei "iun levels" that de-
teimine which of the system's iesouices aie enabled. Run levels aie desciibed latei in
this chaptei, staiting on page ??.
2.2 8UU1IN6 PCS
At this point we've seen the geneial outline of the boot piocess. We now ievisit sev-
eial of the moie impoitant (and complicated) steps.
PC booting is a lengthy oideal that iequiies quite a bit of backgiound infoimation to
explain. When a machine boots, it begins by executing code stoied in ROMs. The
exact location and natuie of this code vaiies, depending on the type of machine you
have. On a machine designed explicitly foi UNIX oi anothei piopiietaiy opeiating
system, the code is typically fiimwaie that knows how to use the devices connected
to the machine, how to talk to the netwoik on a basic level, and how to undeistand
disk-based filesystems. Such intelligent fiimwaie is convenient foi system adminis-
tiatois. Foi example, you can just type in the filename of a new keinel, and the fiim-
waie will know how to locate and iead that file.
Un PCs, this initial boot code is geneially called a BIUS (Basic Input/Uutput System),
and it is extiemely simplistic compaied to the fiimwaie of a piopiietaiy machine.
Actually, a PC has seveial levels of BIOS: one foi the machine itself, one foi the video
26 Chater 2 - booting and Shutting 0own
caid, one foi the SCSI caid if the system has one, and sometimes foi othei peiiphei-
als such as netwoik caids.
The built-in BIOS knows about some of the devices that live on the motheiboaid,
typically the IIE contiollei (and disks), netwoik inteiface, keyboaid, seiial poits,
and paiallel poits. SCSI caids aie usually only awaie of the devices that aie connected
to them. Thankfully, the complex inteiactions iequiied foi these devices to woik
togethei has been standaidized in the past few yeais, and little manual inteivention
is iequiied.
Modein BIOSes aie a little smaitei than they used to be. They usually allow you to
entei a configuiation mode at boot time by holding down one oi two special keys;
most BIOSes tell you what those special keys aie at boot time so that you don't have
to look them up in the manual.
The BIOS noimally lets you select which devices you want to tiy to boot fiom, which
sounds moie piomising than it actually is. You can usually specify something like
"Tiy to boot off the floppy, then tiy to boot off the CI-ROM, then tiy to boot off the
haid disk." Unfoitunately, some BIOSes aie limited to booting fiom the fiist IIE
CI-ROM diive oi the fiist IIE haid disk. If you have been veiy, veiy good ovei the
pievious yeai, Santa might even biing you a BIOS that acknowledges the existence of
SCSI caids.
Once youi machine has figuied out what device to boot fiom, it will tiy to load the
fiist 512 bytes of the disk. This 512-byte segment is known as the mastei boot iecoid
oi MBR. The MBR contains a piogiam that tells the computei fiom which disk pai-
tition to load a secondaiy boot piogiam (the "boot loadei"). Foi moie infoimation
on PC-style disk paititions and the MBR, iefei to Chaptei 7, Adding a Disk.
The default MBR contains a simple piogiam that tells the computei to get its boot
loadei fiom the fiist paitition on the disk. Iinux offeis a moie sophisticated MBR
that knows how to deal with multiple opeiating systems and keinels.
Once the MBR has chosen a paitition to boot fiom, it tiies to load the boot loadei
specific to that paitition. The boot loadei is then iesponsible foi loading the keinel.
2.3 uSIN6 8UU1 LUA0kS. LILU AN0 6ku8
What would life be like without choices? Two boot loadeis aie used in the Iinux
woild: IIIO and CRUB. IIIO is the tiaditional boot loadei. It is veiy stable and well
documented but is iapidly being eclipsed by CRUB, which has become the default
boot loadei on Red Hat, SUSE, and Fedoia systems. In fact, cuiient Red Hat and
Fedoia distiibutions do not include IIIO at all. On the othei hand, Iebian still uses
IIIO as its boot loadei of choice.
6ku8. 1he 6kand un|f|ed 8oot |oader
CRUB is paiticulaily populai among useis who iun a vaiiety of opeiating systems
(such as Windows, UpenBSI, FieeBSI, etc.) on the same machine oi who aie actively
2.3 using boot loaders: lll0 and CRub 27
woiking on keinel development. CRUB is also useful foi folks who change theii sys-
tem configuiation fiequently. Unlike LILO, which must be ieinstalled into the boot
iecoid oi MBR eveiy time it is ieconfiguied, GRUB ieads its configuiation file at
boot time, eliminating an easy-to-foiget administiative step.
You install CRUB on youi boot diive by iunning grub-install. This command takes
the name of the device fiom which you'll be booting as an aigument. The way CRUB
names the physical disk devices diffeis fiom the standaid Iinux convention (al-
though CRIB can use standaid Iinux names as well). A CRIB device name looks
like this:
(ld0,0)
The fiist numeiic value indicates the physical diive numbei (staiting fiom zeio), and
the second numeiic value iepiesents the paitition numbei (again, staiting fiom
zeio). In this example, (hd0,0) is equivalent to the Iinux device /dev/hda1. Eigo, if
you wanted to install CRUB on youi piimaiy diive, you would use the command
= grub-nstaII '(hd0,0)'
The quotes aie necessaiy to pievent the shell fiom tiying to inteipiet the paienthe-
ses in its own special way.
By default, CRUB ieads its default boot configuiation fiom /boot/grub/grub.conf.
Heie's a sample grub.conf file:
deaul=0
ineou=l0
slaslinae=(ld0,0)/boo/rub/slasl.xn.z
ile Red Ha Lirux (2.o.-S)
roo (ld0,0)
lerrel /boo/vnliruz-2.o.-S ro roo=/dev/ldal
This example configuies only a single opeiating system, which CRUB boots auto-
matically (deaul=0) if it doesn't ieceive any keyboaid input within 10 seconds
(ineou=l0). The ioot filesystem foi the "Red Hat Linux" configuiation is the
GRUB device (hd0,0). CRUB loads the keinel fiom /boot/vmlinuz-2.6.9-5 and dis-
plays a splash scieen fiom the file /boot/grub/splash.xpm.gz when it is loaded.
CRUB suppoits a poweiful command-line inteiface as well as facilities foi editing
configuiation file entiies on the fly. To entei command-line mode, type c fiom the
CRUB boot image. Fiom the command line you can boot opeiating systems that
aien't in grub.conf, display system infoimation, and peifoim iudimentaiy filesys-
tem testing. You can also enjoy the command line's shell-like featuies, including
command completion and cuisoi movement. Anything that can be done thiough
the grub.conf file can be done thiough the CRUB command line as well.
Piess the <Tab> key to obtain a quick list of possible commands. Table 2.2 on the
next page lists some of the moie useful commands.
28 Chater 2 - booting and Shutting 0own
Foi detailed infoimation about CRUB and its command line-options, iefei to the
official manual:
www.gnu.oig/softwaie/giub/manual/
LILU. 1he trad|t|ona| L|nux boot |oader
IIIO is configuied and installed with the lilo command. lilo bases the installed con-
figuiation on the contents of the /etc/lilo.conf file. To change youi boot configuia-
tion, you simply update /etc/lilo.conf and ieiun lilo. You must ieconfiguie LILO
eveiy time the boot piocess changes-in paiticulai, eveiy time you want to add a
new boot paitition, and eveiy time you have a new keinel to boot.
You can install IIIO eithei into the MBR of the disk oi into the boot iecoid of the
Iinux ioot paitition.
Heie's a basic lilo.conf file foi a Iinux system that has both a pioduction keinel and
a backup keinel:
boo=/dev/lda = Fu boo loader or MBR
roo=/dev/ldal = Seciy roo ariior
irsall=/boo/boo.b
na=/boo/na
delay=20 = 2 sec or user irerru
inae=/vnliruz = Kerrel o boo
label=lirux = Label o reer o lis erry
read-orly
inae=/vnliruz-baclu = Baclu erry
label=baclu
read-orly
Each possible boot scenaiio has a label. At boot time, you can tell IIIO which one to
use by enteiing the appiopiiate label. The fiist label to appeai in lilo.conf becomes
the default.
The default scenaiio (named lirux) boots the file /vmlinuz. The read-orly tag spec-
ifies that the keinel should mount its ioot filesystem iead-only. This option should
always be piesent; the staitup sciipts will take caie of iemounting the paitition iead-
wiite at the appiopiiate time. This system is also configuied to boot a backup keinel,
1ab|e 2.2 6ku8 command-||ne ot|ons
Command Mean|ng
reboot Soft-reboot the system
f|nd lind a file on all mountable artitions
root Secify the root device (a artition)
kerne| load a kernel from the root device
he| Cet interactive hel for a command
boot boot the system from the secified kernel image
2.3 using boot loaders: lll0 and CRub 29
/vmlinuz-backup. It's always a good idea to have such an alteinative; a bioken kei-
nel configuiation can lead to an unbootable system.
Running lilo without any aiguments geneiates and installs the boot loadei and tells
you which entiies aie available. It puts a stai next to the default image. Howevei, if
you have made an eiioi in the lilo.conf file, lilo usually won't discovei the pioblem
until halfway thiough the installation of the boot loadei. When this happens, the boot
loadei is in a confused state. Dc nct rebcct until you've iun lilo successfully.
To avoid getting into this situation, you can iun lilo -t to test the configuiation with-
out ieally installing it. If eveiything looks koshei, you can then iun lilo foi ieal. It is
something of a mysteiy why lilo does not iun this pietest foi you by default.
lilo's output when iun with the config file above is:
= lilo
Added lirux
Added baclu
When the system boots, IIIO piints the following piompt:
LlLO.
It then waits 2 seconds (20 tenths of a second, set with the delay tag), boots the
keinel /vmlinuz, and mounts the fiist paitition of the fiist IIE disk as the ioot pai-
tition. You can see a list of defined boot scenaiios by piessing the <Tab> key:
LlLO. <Tab>
lirux baclu
LlLO.
To boot using an alteinate scenaiio, just entei its label at the piompt.
kerne| ot|ons
IIIO and CRUB allow command-line options to be passed to the keinel. These op-
tions typically modify the values of keinel paiameteis, instiuct the keinel to piobe
foi paiticulai devices, specify the path to init, oi designate a specific ioot device.
Table 2.? shows a few examples.
1ab|e 2.3 xam|es of kerne| boot-t|me ot|ons
Ut|on Mean|ng
|n|t=/sb|n/|n|t Jells the kernel to use /sb|n/|n|t as its |n|t rogram
|n|t=/b|n/bash Starts only the bash shell, useful for emergency recovery
root=/dev/foo Jells the kernel to use /dev/foo as the root device
s|ng|e boots to single-user mode
30 Chater 2 - booting and Shutting 0own
Mu|t|boot|ng on PCs
Since many opeiating systems iun on PCs, it is faiily common piactice to set up a
machine to be able to boot seveial diffeient systems. To make this woik, you need to
configuie a boot loadei to iecognize all the diffeient opeiating systems on youi disks.
In the next few sections, we covei some common multiboot stumbling blocks and
then ieview some example configuiations.
Each disk paitition can have its own second-stage boot loadei. Howevei, theie is
only one MBR. When setting up a multiboot configuiation, you must decide which
boot loadei is going to be the "mastei." Foi bettei oi woise, youi choice will often be
dictated by the vagaiies of the opeiating systems involved. IIIO and CRUB aie the
best options foi a system that has a Iinux paitition. CRUB is supeiioi to IIIO in a
multibooting situation.
6ku8 mu|t|boot conf|gurat|on
A multiboot CRUB system is much like its single-boot counteipait. Install all the
desiied opeiating systems befoie making changes to /boot/grub/grub.conf.
A grub.conf configuiation foi booting Windows looks diffeient fiom one foi boot-
ing a UNIX oi Iinux system:
ile Virdovs XF
rooroveriy (ld0,0)
clairloader +l
The clairloader option loads the boot loadei fiom a the specified location (in this
case, sectoi 1 on the fiist paitition of the piimaiy IIE diive). The rooroveriy op-
tion guaiantees that CRUB will not tiy to mount the specified paitition. This option
keeps CRUB fiom messing with paititions it can't undeistand, such as NTFS paiti-
tions oi paititions outside the aiea that CRUB can iead.
The grub.conf file below can boot Windows XP fiom paitition 1, Red Hat Entei-
piise Iinux fiom paitition 2, and Fedoia fiom paitition ?:
deaul=0
ineou=S
slaslinae=(ld0,2)/boo/rub/slasl.xn.z
lidderneru
ile Virdovs XF
rooroveriy (ld0,0)
clairloader +l
ile Red Ha
roo (ld0,l)
lerrel /boo/vnliruz
ile !edora
roo (ld0,2)
lerrel /boo/vnliruz
2.4 booting single-user mode 31
LILU mu|t|boot conf|gurat|on
To configuie a multiboot system that uses IIIO in the MBR (e.g., Iinux with Win-
dows XP), begin with the standaid IIIO configuiation as outlined on page 28. You
can then go back and add entiies foi the othei opeiating systems to /etc/lilo.conf.
Heie's the lilo.conf entiy you need to boot Windows fiom the fiist paitition of youi
fiist IIE disk:
oler = /dev/ldal
label = virdovs
able = /dev/lda
A complete lilo.conf file that boots Windows fiom paitition 1, Iinux fiom paitition
2, and FieeBSI fiom paitition ? would look something like this:
boo = /dev/lda = irsall or le MBR o ls lDL drive
delay = 20 = Vai 2 sec. or user's boo cloice
deaul = lirux = l ro iru, boo lirux ron 2rd ariior
inae = /boo/vnliruz-2.o.
roo = /dev/lda2
label = lirux
read-orly
oler = /dev/ldal = boo ron ls ariior
label = virdovs
able = /dev/lda
oler = /dev/lda3 = boo ron 3rd ariior
label = reebsd
able = /dev/lda
You'll need to ieiun lilo aftei putting these entiies into lilo.conf. Remembei to iun
lilo -t fiist to test the config file. See page 124 foi moie paititioning infoimation.
Vendois (oi volunteeis) often ielease patches foi Iinux distiibutions, and the keinel
is no exception. Secuiity vulneiabilities, bugs, and featuies aie added on a iegulai
basis. Unlike othei softwaie packages, howevei, keinel patches aie not updated, but
iathei aie installed side-by-side with the existing keinel. This helps administiatois
back out of an upgiade easily if a keinel patch bieaks theii system. As time goes by,
the IIIO and CRUB boot menus fill up with all the diffeient veisions keinel. It's
usually safe to use the default selection, but be awaie of this potentially simple fix if
youi system doesn't boot aftei patching.
2.4 8UU1IN6 SIN6L-uSk MU0
Single-usei mode is a gieat way to change the system configuiation oi peifoim
maintenance tasks without woiiying about affecting (oi being tioubled by) othei
useis. It's also a lifesavei when you'ie woiking on a bioken system.
32 Chater 2 - booting and Shutting 0own
See page 33 fcr
mcre infcrmaticn
abcut run levels.
It's most common to entei single-usei mode by passing aiguments to the boot loadei.
Howevei, you can usually entei single-usei mode fiom anothei iun level by iunning
the command telinit 1. It isn't necessaiy to ieboot unless you'ie debugging a boot-
dependent pioblem.
As a piecautionaiy measuie against a possibly unstable system, the filesystem ioot
diiectoiy staits off being mounted iead-only. This may be counteipioductive to youi
mission if you'ie tiying to fix a pioblem with a configuiation file oi command that
lives in the ioot filesystem oi if you need to execute a command that modifies files.
To fix this pioblem, iemount the ioot filesystem in iead/wiite mode with
= mount -o remount -w /
The exact pioceduie foi invoking single-usei mode at boot time diffeis between
CRUB and IIIO.
S|ng|e-user mode w|th 6ku8
You don't need to use the command line to boot single-usei mode undei CRUB. The
CRUB authois iealized that boot options should be easily modifiable and decided
on the 'a' key as the appiopiiate tool. At the CRUB splash scieen, highlight the de-
siied keinel and piess 'a' to append to the boot options. To boot single-usei mode,
add the single flag to the end of the existing keinel options. An example foi a typical
configuiation might be
rub aerd> ro root=LABEL=/ rhgb quet sngIe
S|ng|e-user mode w|th LILU
Iistiibutions piovide diffeient ways of getting to the IIIO command piompt. If
you've installed IIIO in favoi of CRUB on Red Hat, Fedoia, oi SUSE, choose the
command-line menu option fiom the fancy giaphic usei inteiface. Iebian and
Ubuntu useis should piess and hold the shift key just aftei the BIOS has peifoimed
its memoiy checks and othei system self-tests.
At the LILO piompt, entei the label of the configuiation you want to boot (as spec-
ified in lilo.conf) followed by -s oi single. Foi example, the default configuiation
shipped with Iebian is called "linux", so to boot that configuiation into single-usei
mode, you'd use
LlLO. Inux sngIe
2.5 wUkkIN6 wI1h S1Ak1uP SCkIP1S
Aftei you exit fiom single-usei mode (oi, in the automated boot sequence, at the
point at which the single-usei shell would have iun), init executes the system staitup
sciipts. These sciipts aie ieally just gaiden-vaiiety shell sciipts that aie inteipieted
by sh (well, bash, ieally). The exact location, content, and oiganization of the sciipts
vaiy consideiably fiom system to system.
2.5 working with startu scrits 33
Some tasks that aie often peifoimed in the staitup sciipts aie
The hwconf file contains all of youi haidwaie infoimation. The Kudzu sei-
vice checks it to see if you have added oi iemoved any haidwaie and asks
you what to do about changes. You may want to disable this seivice on a
2. We once had a coiiupied keymap file, and since ihe keymap file is loaded even in single-usei mode,
single-usei was useless. Seiiing init=/bin/sh was ihe only way io booi ihe sysiem io a usable single-
usei siaie io fix ihe pioblem. This can also be a useful iiick in oihei siiuaiions.
1ab|e 2.4 I||es and subd|rector|es of ked hat's /etc/sysconf|g d|rectory
I||e/0|r Iunct|on or contents
c|ock Secifies the tye of clock that the system has (almost always uJC)
a
conso|e A mysterious directory that is always emty
httd 0etermines which Aache rocessing model to use
hwconf Contains all of the system's hardware info. used by Kudzu.
|18n Contains the system's local settings (date formats, languages, etc.)
|n|t Configures the way messages from the startu scrits are dislayed
keyboard Sets keyboard tye (use us' for the standard 101-key u.S. keyboard)
mouse Sets the mouse tye. used by X and gm.
network Sets global network otions (hostname, gateway, forwarding, etc.)
network-scr|ts Contains accessory scrits and network config files
sendma|| Sets otions for sendma||
a. lf you multiboot your PC, all bets are off as to how the clock's time zone should be set.
38 Chater 2 - booting and Shutting 0own
pioduction system because it delays the boot piocess whenevei it detects
a change to the haidwaie configuiation, iesulting in an extia ?0 seconds of
downtime foi eveiy haidwaie change made.
The sendmail file contains two vaiiables: DALMON and QULUL. If the
DALMON vaiiable is set to yes, the system staits sendmail in daemon
mode (-bd) when the system boots. QULUL tells sendmail how long to
wait between queue iuns (-q); the default is one houi.
SuS startu scr|ts
Although SUSE's staitup system iesembles that of RHEI and Fedoia, SUSE's staitup
sciipts aie one aiea in which it ieally outshines othei Iinux vaiiants. SUSE's sciipts
aie well oiganized, iobust, and well documented. The folks that maintain this pait
of the opeiating system deseive a gold stai.
As in Red Hat and Fedoia, init invokes the sciipt /etc/init.d/rc at each iun level,
pioviding the new iun level as an aigument. Package-specific sciipts live in the
/etc/init.d diiectoiy, and theii configuiation files live in /etc/sysconfig. An excel-
lent intioduction to the SUSE staitup piocess can be found in /etc/init.d/README.
Although both SUSE and RHEI/Fedoia concentiate theii boot configuiation files in
/etc/sysconfig, the specific files within this diiectoiy aie quite diffeient. (Foi one
thing, SUSE's files aie geneially well commented.) Options aie invoked by setting
shell enviionment vaiiables, and these vaiiables aie then iefeienced by the sciipts
within /etc/init.d. Some subsystems iequiie moie configuiation that otheis, and
those needing multiple configuiation files have piivate subdiiectoiies, such as the
sysconfig/network diiectoiy.
The windowmanager file is a typical example fiom the sysconfig diiectoiy:
== Fal. Deslo/Virdov naraer
== Descriior.
== Tye. srir(lde,vvn,rone,virdovnaler)
== Deaul. lde
== Cori. roiles,lde,susevn
=
= Here you car se le deaul virdov naraer (lde, vvn, ...)
= clares lere require a leas a re-loir
DL!AULT_VM=lde
== Tye. yesro
== Deaul. yes
=
2.5 working with startu scrits 39
= irsall le SUSL exersior or rev users
= (lene ard addiioral urciors)
=
lNSTALL_DLSKTOF_LXTLNSlONS=yes
Iach vaiiable is pieceded by YaST-ieadable
?
configuiation infoimation and a veibose
desciiption of the vaiiable's puipose. Foi example, in the windowmanager file, the
vaiiable IIFAIIT_WV sets the desktop window managei used by X.
SUSE did a paiticulaily nice job with the netwoik configuiation files found in the
subdiiectoiy /etc/sysconfig/network. This diiectoiy contains both global configu-
iation files (which set options peitinent to all netwoik inteifaces) and netwoik-spe-
cific files. Foi example, the network/routes file contains global iouting infoima-
tion. On a typical SUSE installation, its contents might look like this:
= Desiraior Dunny/Gaevay Nenasl Device
deaul l2.lo8.l0.2S4 0.0.0.0 el0
Routes that should be piesent only when a paiticulai inteiface is up and iunning can
be specified in a file called ifroute-ifname. Foi example, on an inteiface called eth1,
the file would be named ifroute-eth1 and its contents might be
= Desiraior Dunny/Gaevay Nenasl Device
l0.l0.0.0/24 l0.l0.0.2S4
The netmask and device can be specified if you wish, but the staitup sciipts will infei
the coiiect values.
SUSE also includes a chkconfig command foi managing staitup sciipts. It's entiiely
diffeient fiom the veision piovided by Red Hat, but it's an effective tool nonetheless
and should be used in favoi of manual sciipt management.
Whethei you choose to use YaST oi chkconfig oi maintain youi staitup sciipts by
hand, it's a good idea to look thiough /etc/sysconfig and pondei its contents.
A typical SUSE boot session looks like this:
[lerrel irornaior|
lNlT. versior 2.8S booir
Sysen Boo Corrol. Rurrir /ec/iri.d/boo
Mourir /roc ilesysen dore
Mourir syss or /sys dore
Mourir /dev/s dore
Boo loir sared or /dev/yl(/dev/corsole) a Tue Mar 2 l4.04.l2 200S
Mourir slared nenory !S or /dev/sl dore
Acivair sva-devices ir /ec/sab...
Addir l0S2248l sva or /dev/lda2. Frioriy.42 exers.l dore
Cleclir roo ile sysen...
...
3. YaST is a SUSE-specific giaphical configuiaiion uiiliiy ihai mainiains many aspecis of a SUSE sysiem.
See page 230 foi moie infoimaiion.
40 Chater 2 - booting and Shutting 0own
0eb|an and ubuntu startu scr|ts
If SUSE is the ultimate example of a well-designed and well-executed plan foi man-
aging staitup sciipts, Iebian is the exact opposite. The Iebian sciipts aie fiagile,
undocumented, and outiageously inconsistent. Sadly, it appeais that the lack of a
standaid way of setting up sciipts has iesulted in chaos in this case. Bad Iebian!
At each iun level, init invokes the sciipt /etc/init.d/rc with the new iun level as an
aigument. Each sciipt is iesponsible foi finding its own configuiation infoimation,
which may be in the foim of othei files in /etc, /etc/default, anothei subdiiectoiy of
/etc, oi somewheie in the sciipt itself.
If you'ie looking foi the hostname of the system, it's stoied in /etc/hostname, which
is iead by the /etc/init.d/hostname.sh sciipt. Netwoik inteiface and default gateway
paiameteis aie stoied in /etc/network/interfaces, which is iead by the ifup com-
mand called fiom /etc/init.d/networking. Some netwoik options can also be set in
/etc/network/options.
Iebian and Ubuntu have a soit of clandestine staitup sciipt management piogiam
in the foim of update-rc.d. Although its man page cautions against inteiactive use,
we have found it to be a useful, if less fiiendly, substitute foi chkconfig. Foi exam-
ple, to stait sshd in iun levels 2, ?, 4, and 5, and to stop it in levels 0, 1, and 6, use:
$ sudo /usr/sbn/update-rc.d sshd start 0123 stop 456
2.6 k8UU1IN6 AN0 Shu11IN6 0UwN
Iinux filesystems buffei changes in memoiy and wiite them back to disk only spo-
iadically. This scheme makes disk I/O fastei, but it also makes the filesystem moie
susceptible to data loss when the system is iudely halted.
Tiaditional UNIX and Iinux machines weie veiy touchy about how they weie shut
down. Vodein systems have become less sensitive (especially when using a iobust
filesystem such as ext3fs), but it's always a good idea to shut down the machine nicely
when possible. Impiopei shutdown can iesult in anything fiom subtle, insidious
pioblems to a majoi catastiophe.
On consumei-oiiented opeiating systems, iebooting the opeiating system is an ap-
piopiiate fiist couise of tieatment foi almost any pioblem. On a Iinux system, it's
bettei to think fiist and ieboot second. Iinux pioblems tend to be subtlei and moie
complex, so blindly iebooting is effective in a smallei peicentage of cases. Iinux sys-
tems also take a long time to boot, and multiple useis may be inconvenienced.
You may need to ieboot when you add a new piece of haidwaie oi when an existing
piece of haidwaie becomes so confused that it cannot be ieset. If you modify a con-
figuiation file that's used only at boot time, you must ieboot to make youi changes
take effect. If the system is so wedged that you cannot log in to make a piopei diag-
nosis of the pioblem, you obviously have no alteinative but to ieboot.
2.6 Rebooting and shutting down 41
Whenevei you modify a staitup sciipt, you should ieboot just to make suie that the
system comes up successfully. If you don't discovei a pioblem until seveial weeks
latei, you'ie unlikely to iemembei the details of youi most iecent changes.
Unlike bootstiapping, which can be done in essentially only one way, shutting
down oi iebooting can be done in a numbei of ways:
Using the poweroff command to tell the system to tuin off the powei
1urn|ng off the ower
Even on a desktop system, tuining off the powei is not a good way to shut down. You
can potentially lose data and coiiupt the filesystems.
Many machines featuie "soft powei," which means that when you piess the powei
button, the machine actually iuns some commands to peifoim a piopei shutdown
sequence. If you'ie not suie whethei a machine has this featuie, don't poke the powei
button to find out! It's bettei to iun the shutdown sequence youiself.
That said, howevei, poweiing off is not the end of the woild. It's OK to tuin off the
powei in an emeigency if you can't affoid the time to biing machines down giace-
fully. Old-style machine iooms often had a panic button that tuined eveiything off
at once. Oui sysadmins once tiiggeied it with a pooily aimed Neif football.
shutdown. the gentee| way to ha|t the system
shutdown is the safest, most consideiate, and most thoiough way to initiate a halt oi
ieboot oi to ietuin to single-usei mode.
You can ask shutdown to wait awhile befoie biinging down the system. Iuiing the
waiting peiiod, shutdown sends messages to logged-in useis at piogiessively shoitei
inteivals, waining them of the impending downtime. By default, the wainings sim-
ply say that the system is being shut down and give the time iemaining until the
event; you can also supply a shoit message of youi own. Youi message should tell
why the system is being biought down and should estimate how long it will be be-
foie useis can log in again (e.g., "back at 11:00 a.m."). Useis cannot log in when a
shutdown is imminent, but they will see youi message if you specified one.
shutdown lets you specify whethei the machine should halt (-h) oi ieboot (-r) aftei
the shutdown is complete. You can also specify whethei you want to foicibly fsck the
disks aftei a ieboot (-F) oi not (-f). By default, Linux automatically skips the fsck
checks whenevei the filesystems weie piopeily unmounted.
42 Chater 2 - booting and Shutting 0own
Foi example, a shutdown command that ieminds useis of scheduled maintenance
and halts the system at 9:?0 a.m. would look something like this:
= shutdown -h 09:30 "Cong down for scheduIed mantenance. Expected
downtme s 1 hour"
It's also possible to specify a ielative shutdown time. Foi example, the following com-
mand will effect a shutdown 15 minutes fiom when it is iun:
= shutdown -h +15 "Cong down for emergency dsk repar."
ha|t. a s|m|er way to shut down
The halt command peifoims the essential duties iequiied to biing the system down.
It is called by shutdown -hbut can also be used by itself. halt logs the shutdown, kills
nonessential piocesses, executes the sync system call (called by and equivalent to the
sync command), waits foi filesystem wiites to complete, and then halts the keinel.
halt -n pievents the sync call. It's used by fsck aftei it iepaiis the ioot paitition. If
fsck did not use -n, the keinel might oveiwiite fsck's iepaiis with old veisions of the
supeiblock that weie cached in memoiy.
reboot. qu|ck and d|rty restart
reboot is almost identical to halt, but it causes the machine to ieboot instead of halt-
ing. reboot is called by shutdown -r. Like halt, it suppoits the -n flag.
te||n|t. change |n|t's run |eve|
You can use telinit to diiect init to go to a specific iun level. Foi example,
= teInt 1
takes the system to single-usei mode.
When you use telinit, you do not get the nice waining messages oi giace peiiod that
you get with shutdown, so most of the time you'll piobably want to avoid it. telinit
is most useful foi testing changes to the inittab file.
oweroff. ask L|nux to turn off the ower
The poweroff command is identical to halt, except that aftei Linux has been shut
down, poweroff sends a iequest to the powei management system (on systems that
have one) to tuin off the system's main powei. This featuie makes it easy to tuin off
machines iemotely (foi example, duiing an electiical stoim).
Unfoitunately, theie is no coiiesponding poweron command. The ieason foi this
appaient oveisight is left as an exeicise foi the ieadei.
2.1 lxercises 43
2.7 XkCISS
E2.1 Why is it impoitant to iun lilo -t befoie installing the IIIO boot loadei?
How do you boot a keinel named something othei than vmlinuz?
E2.2 Why shouldn't a Iinux system be tuined off with the powei button on the
computei case? What aie some of the alteinatives?
E2.3 Use the CRUB command line to boot a keinel that isn't in grub.conf.
E2.4 Explain the concept of iun levels. Iist the iun levels defined in Iinux, and
biiefly desciibe each. What is the ielationship between iun level 1 and
iun level S?
E2.5 Wiite a staitup sciipt to stait the "foo" daemon (/usr/local/sbin/foo), a
netwoik seivice. Show how you would glue it into the system to stait au-
tomatically at boot time.
E2.6 Obtain and install the mactime piogiam by Ian Faimei and Wietse Ven-
ema (it's pait of the TCT toolkit). Run mactime to cieate an initial data-
base of the time stamps associated with youi system files. Reboot the ma-
chine. Run mactime again and deteimine which files have been modified
by youi booting the machine. Which files weie accessed but not modi-
fied? (Requiies ioot access.)
E2.7 If a system is at iun level 4 and you iun the command telinit 1, what steps
will be taken by init? What will be the final iesult of the command?
E2.8 Iiaw a dependency giaph that shows which daemons must be staited be-
foie othei daemons on youi Iinux system.
E2.9 Iist in oidei the steps used to cieate a woiking multi-OS system that in-
cludes Iinux and Windows. Use CRUB and the Windows boot loadei.
44
koot/, Powers
Iveiy file and piocess on a Iinux system is owned by a paiticulai usei account. Uthei
useis can't access these objects without the ownei's peimission, so this convention
helps piotect useis against one anothei's misdeeds, both intentional and accidental.
System files and piocesses aie most commonly owned by a fictitious usei called
"ioot," also known as the supeiusei. As with any account, ioot's piopeity is piotected
against inteifeience fiom othei useis. To make administiative changes, you'll need to
use one of the methods of accessing the ioot account desciibed in this chaptei.
The ioot account has seveial "magic" piopeities. Root can act as the ownei of any
file oi piocess. Root can also peifoim seveial special opeiations that aie off-limits to
othei useis. The account is both poweiful and, in caieless oi malicious hands, poten-
tially dangeious.
This chaptei intioduces the basics of supeiusei access foi administiatois. Chaptei
20, Security, desciibes how to avoid unwanted and embaiiassing supeiusei access
by otheis. Chaptei ?0, Management, Iclicy, and Iclitics coveis the ielevant political
and administiative aspects.
3.1 UwNkShIP UI IILS AN0 PkUCSSS
Iveiy file has both an ownei and a "gioup ownei." The ownei of the file enjoys one
special piivilege that is not shaied with eveiyone on the system: the ability to mod-
ify the peimissions of the file. In paiticulai, the ownei can set the peimissions on a
Rootly Poweis
3.1 0wnershi of files and rocesses 45
file so iestiictively that no one else can access it.
1
We talk moie about file peimis-
sions in Chaptei 5, 1he Filesystem.
See page 97 fcr
mcre infcrmaticn
abcut grcups.
Although the ownei of a file is always a single peison, many people can be gioup
owneis of the file, as long as they aie all pait of a single Iinux gioup. Cioups aie
tiaditionally defined in the /etc/group file, but these days gioup infoimation is
moie commonly stoied on an NIS oi IIAP seivei on the netwoik; see Chaptei 17,
Sharing System Files, foi details.
The ownei of a file gets to specify what the gioup owneis can do with it. This scheme
allows files to be shaied among membeis of the same pioject. Foi example, we use a
gioup to contiol access to the souice files foi the www.admin.com web site.
Both owneiships of a file can be deteimined with ls -l filename. Foi example:
$ Is -I /staff/scott/todo
-rv------- l sco sa l2S8 [ur 4 l8.lS /sa/sco/odo
This file is owned by the usei "scott" and the gioup "staff."
Linux actually keeps tiack of owneis and gioups as numbeis iathei than as text
names. In the most basic case, identification numbeis (UIIs foi shoit) aie mapped
to usei names in the /etc/passwd file, and gioup identification numbeis (CIIs) aie
mapped to gioup names in /etc/group. The text names that coiiespond to IIIs and
CIIs aie defined only foi the convenience of the system's human useis. When com-
mands such as ls want to display owneiship infoimation in a human-ieadable foi-
mat, they must look up each name in the appiopiiate file oi database.
The ownei of a piocess can send the piocess signals (see page 57) and can also ie-
duce (degiade) the piocess's scheduling piioiity. Piocesses actually have at least
seven identities associated with them: a ieal, effective, and saved UII; a ieal, effec-
tive, and saved CII; and undei Iinux, a "filesystem UII" that is used only to detei-
mine file access peimissions. Bioadly speaking, the ieal numbeis aie used foi ac-
counting and the effective numbeis aie used foi the deteimination of access
peimissions. The ieal and effective numbeis aie noimally the same.
Saved IIs have no diiect effect. They allow piogiams to "paik" an inactive II foi
latei use, thus facilitating the paisimonious use of enhanced piivileges. The filesys-
tem UII is geneially explained as an implementation detail of NFS and is usually
the same as the effective UII.
See page 81 fcr mcre
infcrmaticn abcut
permissicn bits.
Although it is not noimally possible foi a piocess to altei its owneiship ciedentials,
theie is a special situation in which the effective usei and gioup IIs can be changed.
When the keinel iuns an executable file that has its "setuid" oi "setgid" peimission
bits set, it changes the effective UII oi CII of the iesulting piocess to the UII oi
CII of the file containing the piogiam image iathei than the UII and CII of the
usei that ian the command. The usei's piivileges aie thus "piomoted" foi the execu-
tion of that specific command only.
1. In faci, ihe peimissions can be sei so iesiiiciively ihai even ihe ownei of a file cannoi access ii.
46 Chater 3 - Rootly Powers
Iinux's setuid facility allows piogiams iun by oidinaiy useis to make use of the ioot
account in a limited and tightly contiolled way. Foi example, the passwd command
that useis iun to change theii login passwoid is a setuid piogiam. It modifies the
/etc/shadow (oi /etc/passwd) file in a well-defined way and then teiminates. Of
couise, even this limited task has potential foi abuse, so passwd iequiies useis to
piove that they know the cuiient account passwoid befoie it agiees to make the ie-
quested change.
3.2 1h SuPkuSk
The defining chaiacteiistic of the ioot account is its UID of 0. Linux does not pie-
vent you fiom changing the useiname on this account oi fiom cieating additional
accounts whose UIIs aie 0, but both aie bad ideas. Such changes have a tendency to
cieate inadveitent bieaches of system secuiity. They also engendei confusion when
othei people have to deal with the stiange way you've configuied youi system.
Tiaditional UNIX allows the supeiusei (that is, any piocess whose effective UID is
0) to peifoim any valid opeiation on any file oi piocess.
2
In addition, some system
calls (iequests to the keinel) can be executed only by the supeiusei. Some examples
of such iestiicted opeiations aie
Eveiy time someone who knows the passwoid leaves youi site
On a day you'ie not planning to paity so haid in the evening that you will
have foigotten the passwoid the next moining
48 Chater 3 - Rootly Powers
3.4 8CUMIN6 kUU1
Since ioot is just anothei usei, you can log in diiectly to the ioot account. Howevei,
this tuins out to be a bad idea. To begin with, it leaves no iecoid of what opeiations
weie peifoimed as ioot. That's bad enough when you iealize that you bioke some-
thing last night at 3:00 a.m. and can't iemembei what you changed; it's even woise
when an access was unauthoiized and you aie tiying to figuie out what an intiudei
has done to youi system. Anothei disadvantage is that the log-in-as-ioot scenaiio
leaves no iecoid of who was ieally doing the woik. If seveial people have access to
the ioot account, you won't be able to tell who used it when.
Foi these ieasons, most systems allow ioot logins to be disabled on teiminals and
acioss the netwoik-eveiywheie but on the system console.
4
We suggest that you
use these featuies. See Secure terminals on page 685 to find out what file you need to
edit on youi paiticulai system.
su. subst|tute user |dent|ty
A slightly bettei way to access the ioot account is to use the su command. If invoked
without any aiguments, su will piompt foi the ioot passwoid and then stait up a
ioot shell. The piivileges of this shell iemain in effect until the shell teiminates (by
<Contiol-I> oi the exit command). su doesn't iecoid the commands executed as
ioot, but it does cieate a log entiy that states who became ioot and when.
The su command can also substitute identities othei than ioot. Sometimes, the only
way to iepioduce oi debug a usei's pioblem is to su to theii account so that you ie-
pioduce the enviionment in which the pioblem occuis.
If you know someone's passwoid, you can access that peison's account diiectly by
executing su username. As with an su to ioot, you will be piompted foi the pass-
woid foi username. You can also fiist su to ioot and then su to anothei account; ioot
can su to any account without pioviding a passwoid.
It's a good idea to get in the habit of typing the full pathname to the su command
(e.g., /bin/su) iathei than ielying on the shell to find the command foi you. This
will give you some piotection against piogiams called su that may have been slipped
into youi seaich path with the intention of haivesting passwoids.
5
sudo. a ||m|ted su
Since the piivileges of the supeiusei account cannot be subdivided (at least, not ai-
bitiaiily), it's haid to give someone the ability to do one task (backups, foi example)
without giving that peison fiee iun of the system. And if the ioot account is used by
4. Ubuniu Linux goes even fuiihei. By defauli, ihe sysiem has no valid iooi passwoid and iequiies ihe use
of sudo, deiailed laiei in ihis seciion.
5. Foi ihe same ieason, we highly iecommend ihai you not include "." (ihe cuiieni diiecioiy) in youi
shell's seaich paih. Alihough convenieni, ihis configuiaiion makes ii easy io inadveiienily iun
"special" veisions of sysiem commands ihai a usei oi iniiudei has lefi lying aiound as a iiap. Naiuially,
ihis advice goes double foi iooi.
3.4 becoming root 49
seveial administiatois, you ieally have only a vague idea of who's using it oi what
they've done.
The most widely used solution to these pioblems is a piogiam called sudo that is
cuiiently maintained by Todd Millei. It's included by default on all oui example dis-
tiibutions but is also available in souice code foim fiom www.couitesan.com.
sudo takes as its aigument a command line to be executed as ioot (oi as anothei
iestiicted usei). sudo consults the file /etc/sudoers, which lists the people who aie
authoiized to use sudo and the commands they aie allowed to iun on each host. If
the pioposed command is peimitted, sudo piompts foi the users cwn passwoid and
executes the command.
Additional sudo commands can be executed without the "sudoei" having to type a
passwoid until a five-minute peiiod (configuiable) has elapsed with no fuithei sudo
activity. This timeout seives as a modest piotection against useis with sudo piivi-
leges who leave teiminals unattended.
sudo keeps a log of the command lines that weie executed, the hosts on which they
weie iun, the people who iequested them, the diiectoiy fiom which they weie iun,
and the times at which they weie invoked. This infoimation can be logged by syslog
oi placed in the file of youi choice. We iecommend using syslog to foiwaid the log
entiies to a secuie cential host.
A log entiy foi iandy executing sudo /bin/cat /etc/sudoers might look like this:
Dec l0.S.l ier sudo. rardy. TTY=y0 , FVD=/ier/users/rardy,
USLR=roo , COMMAND=/bir/ca /ec/sudoers
The sudoers file is designed so that a single veision can be used on many diffeient
hosts at once. Heie's a typical example:
= Deire aliases or naclires ir CS & Flysics dearners
Hos_Alias CS = ier, arclor, ier, noe, sii
Hos_Alias FHYSlCS = erirce, rirce, icarus
= Deire colleciors o connards
Cnrd_Alias DUMF = /sbir/dun, /sbir/resore
Cnrd_Alias FRlNTlNG = /usr/sbir/lc, /usr/bir/lrn
Cnrd_Alias SHLLLS = /bir/sl, /bir/csl, /bir/basl, /bir/asl, /bir/bsl
= Fernissiors
narl, ed FHYSlCS = ALL
lerb CS = /usr/sbir/cdun . FHYSlCS = (oeraor) DUMF
lyrda ALL = (ALL) ALL, 'SHLLLS
vleel ALL, 'FHYSlCS = NOFASSVD. FRlNTlNG
The fiist five noncomment lines define gioups of hosts and commands that aie ie-
feiied to in the peimission specifications latei in the file. The lists could be included
liteially in the specs, but the use of aliases makes the sudoers file easiei to iead and
undeistand; it also makes the file easiei to update in the futuie. It's also possible to
define aliases foi sets of useis and foi sets of useis as whom commands may be iun.
50 Chater 3 - Rootly Powers
Each peimission specification line includes infoimation about
The ieal ioot passwoid can be known to only one oi two people.
3.5 0ther seudo-users 51
It's fastei to use sudo to iun a single command than to su oi log in as ioot.
Piivileges can be ievoked without the need to change the ioot passwoid.
Cootro///oq Processes
A piocess is the abstiaction used by Linux to iepiesent a iunning piogiam. It's the
object thiough which a piogiam's use of memoiy, piocessoi time, and I/O iesouices
can be managed and monitoied.
It is pait of the Iinux and UNIX philosophy that as much woik as possible be done
within the context of processes, rather than handled specially by the kernel. System
and usei piocesses all follow the same iules, so you can use a single set of tools to
contiol them both.
4.1 CUMPUNN1S UI A PkUCSS
A piocess consists of an addiess space and a set of data stiuctuies within the keinel.
The addiess space is a set of memoiy pages
1
that the keinel has maiked foi the pio-
cess's use. It contains the code and libiaiies that the piocess is executing, the piocess's
vaiiables, its stacks, and vaiious extia infoimation needed by the keinel while the
piocess is iunning. Because Iinux is a viitual memoiy system, theie is no coiiela-
tion between a page's location within an addiess space and its location inside the
machine's physical memoiy oi swap space.
The keinel's inteinal data stiuctuies iecoid vaiious pieces of infoimation about each
piocess. Some of the moie impoitant of these aie:
Infoimation about the files and netwoik poits that the piocess has opened
They can be sent by the teiminal diivei to kill, inteiiupt, oi suspend pio-
cesses when special keys such as <Contiol-C> and <Contiol-7> aie typed.
4
They can be sent by the administiatoi (with kill) to achieve vaiious iesults.
They can be sent by the keinel when a piocess commits an infiaction such
as division by zeio.
INT is the signal sent by the teiminal diivei when you type <Contiol-C>.
It's a iequest to teiminate the cuiient opeiation. Simple piogiams should
quit (if they catch the signal) oi simply allow themselves to be killed, which
is the default if the signal is not caught. Piogiams that have a command-
line should stop what they'ie doing, clean up, and wait foi usei input again.
Ibe l//es,stem
Quick: which of the following would you expect to find in a "filesystem"?
Piocesses
Seiial poits
An API
2
- a set of system calls foi navigating and manipulating objects
1. Ii's peihaps moie accuiaie io say ihai ihese eniiiies aie represented wiihin ihe filesysiem. In mosi cases,
the filesystem is used as a rendezvous point to connect clients with the drivers and servers they are seeking.
2. Applicaiion Piogiamming Inieiface, a geneiic ieim foi ihe sei of iouiines ihai a libiaiy, opeiaiing sys-
iem, oi sofiwaie package piovides foi piogiammeis io call.
The Filesystem
71
Regulai files
Iiiectoiies
Symbolic links
You can deteimine the type of an existing file with ls -ld. The fiist chaiactei of the ls
output encodes the type. The following example demonstiates that /usr/include is a
diiectoiy:
$ Is -Id /usr/ncIude
drvxr-xr-x 2 roo roo 40o [ul lS 20.S /usr/irclude
ls uses the codes shown in Table 5.? to iepiesent the vaiious types of files.
As you can see fiom Table 5.?, rm is the univeisal tool foi deleting files you don't
want anymoie. But how would you delete a file named, say, -f? It's a peifectly legiti-
mate filename undei most filesystems, but rm -f doesn't woik because the -f is intei-
pieted as an rm flag. The answer is either to refer to the file by a more complete path-
name (such as ./-f) oi to use rm's -- aigument to tell it that eveiything that follows is
a filename and not an option (i.e., rm -- -f).
Filenames that contain contiol chaiacteis piesent a similai pioblem since iepioduc-
ing these names fiom the keyboaid can be difficult oi impossible. In this situation,
you can use shell globbing (pattein matching) to identify the files to delete. When
you use pattein matching, it's a good idea to get in the habit of using the -i option to
rm to make rm confiim the deletion of each file. This featuie piotects you against
deleting any "good" files that youi pattein inadveitently matches. Foi example, to
delete a file named foo<Contiol-I>bar, you could use
$ Is
oobar oose lde-roo
$ rm - foo
rn. renove `oo'004bar' y
rn. renove `oose' n
1ab|e 5.3 II|e-tye encod|ng used by |s
I||e tye Symbo| Created by kemoved by
Regular file - editors, c, etc. rm
0irectory d mkd|r rmd|r, rm -r
Character device file c mknod rm
block device file b mknod rm
local domain socket s socket(2) rm
Named ie mknod rm
Symbolic link l |n -s rm
78 Chater 5 - Jhe lilesystem
Note that ls shows the contiol chaiactei as a question maik, which can be a bit de-
ceptive.
6
If you don't iemembei that ? is a shell pattein-matching chaiactei and tiy
to rm foo?bar, you might potentially iemove moie than one file (although not in
this example). -i is youi fiiend!
To delete the most hoiiibly named files, you may need to iesoit to rm -i *.
Anothei option foi iemoving files with squiiiely names is to use an alteinative intei-
face to the filesystem such as emacs's diied mode oi a visual tool such as Nautilus.
kegu|ar f||es
A iegulai file is just a bag o' bytes; Iinux imposes no stiuctuie on its contents. Text
files, data files, executable piogiams, and shaied libiaiies aie all stoied as iegulai
files. Both sequential and iandom access aie allowed.
0|rector|es
A diiectoiy contains named iefeiences to othei files. You can cieate diiectoiies with
mkdir and delete them with rmdir if they aie empty. You can delete nonempty di-
iectoiies with rm -r.
The special entiies "." and ".." iefei to the diiectoiy itself and to its paient diiectoiy;
they may not be iemoved. Since the ioot diiectoiy has no paient diiectoiy, the path
"/.." is equivalent to the path "/." (and both aie equivalent to /).
A file's name is stoied within its paient diiectoiy, not with the file itself. In fact, moie
than one diiectoiy (oi moie than one entiy in a single diiectoiy) can iefei to a file at
one time, and the iefeiences can have diffeient names. Such an aiiangement cieates
the illusion that a file exists in moie than one place at the same time.
These additional iefeiences ("links") aie indistinguishable fiom the oiiginal file; as
fai as Iinux is conceined, they aie equivalent. Iinux maintains a count of the num-
bei of links that point to each file and does not ielease the file's data blocks until its
last link has been deleted. Iinks cannot cioss filesystem boundaiies.
Refeiences of this soit aie usually called "haid links" these days to distinguish them
fiom symbolic links, which aie desciibed below. You cieate haid links with ln and
iemove them with rm.
It's easy to iemembei the syntax of ln if you keep in mind that it miiiois that of cp.
The command cp oldfile newfile cieates a copy of oldfile called newfile, and ln
oldfile newfile makes the name newfile an additional iefeience to oldfile.
It is impoitant to undeistand that haid links aie not a distinct type of file. Instead of
defining a sepaiate "thing" called a haid link, the filesystem simply allows moie than
one diiectoiy entiy to point to a file. In addition to the file's contents, the undeilying
attiibutes of the file (such as owneiships and peimissions) aie also shaied.
6. ls -b shows ihe special chaiacieis as ocial numbeis, which can be helpful if you need io ideniify ihem
specifically. <Coniiol-A> is 1 (\001 in ocial), <Coniiol-B> is 2, and so on.
5.4 lile tyes 79
Character and b|ock dev|ce f||es
See Chapter 28 fcr
mcre infcrmaticn
abcut devices and
drivers.
Ievice files allow piogiams to communicate with the system's haidwaie and peiiph-
eials. When the keinel is configuied, modules that know how to communicate with
each of the system's devices aie linked in.
7
The module foi a paiticulai device, called
a device diivei, takes caie of the messy details of managing the device.
Ievice diiveis piesent a standaid communication inteiface that looks like a iegulai
file. When the keinel is given a iequest that iefeis to a chaiactei oi block device file,
it simply passes the iequest to the appiopiiate device diivei. It's impoitant to distin-
guish device files fiom device drivers, howevei. The files aie just iendezvous points
that aie used to communicate with the diiveis. They aie not the diiveis themselves.
Chaiactei device files allow theii associated diiveis to do theii own input and out-
put buffeiing. Block device files aie used by diiveis that handle I/O in laige chunks
and want the keinel to peifoim buffeiing foi them. In the past, a few types of haid-
waie weie iepiesented by both block and chaiactei device files, but that configuia-
tion is iaie today.
Device files aie chaiacteiized by two numbeis, called the majoi and minoi device
numbeis. The majoi device numbei tells the keinel which diivei the file iefeis to, and
the minoi device numbei typically tells the diivei which physical unit to addiess.
Foi example, majoi device numbei 6 on a Iinux system indicates the paiallel poit
diivei. The fiist paiallel poit (/dev/lp0) would have majoi device numbei 6 and
minoi device numbei 0.
Iiiveis can inteipiet the minoi device numbeis that aie passed to them in whatevei
way they please. Foi example, tape diiveis use the minoi device numbei to detei-
mine whethei the tape should be iewound when the device file is closed.
You can cieate device files with mknod and iemove them with rm. Howevei, it's
iaiely necessaiy to cieate device files by hand. Most distiibutions use udev to auto-
matically cieate and iemove device files as haidwaie is detected by the keinel. udev
keeps /dev tidy by limiting the numbei of spuiious device files and by ensuiing that
the device numbeis assigned to files aie consistent with those expected by the keinel.
See Chaptei 28, Drivers and the Kernel, foi moie infoimation.
An oldei sciipt called MAKEDEV makes a good backup foi udev in case you evei
do need to cieate device files by hand. The sciipt encodes the conventional names
and device numbeis foi vaiious classes of device so that you need not look up these
values youiself. Foi example, MAKEDEV pty cieates the device files foi pseudo-
teiminals.
If you evei need to deteimine what majoi and minoi device numbeis aie used by a
diivei, you can find this infoimation in the diivei's man page in section 4 of the
manuals (e.g, man 4 tty).
7. These modules can also be loaded dynamically by ihe keinel.
80 Chater 5 - Jhe lilesystem
Loca| doma|n sockets
Sockets aie connections between piocesses that allow them to communicate hygieni-
cally. Iinux piovides seveial diffeient kinds of sockets, most of which involve the use
of a netwoik. Iocal domain sockets aie accessible only fiom the local host and aie
iefeiied to thiough a filesystem object iathei than a netwoik poit. They aie some-
times known as "UNIX domain sockets."
See Chapter 1u fcr
mcre infcrmaticn
abcut syslcg.
Although socket files aie visible to othei piocesses as diiectoiy entiies, they cannot
be iead fiom oi wiitten to by piocesses not involved in the connection. Some stan-
daid facilities that use local domain sockets aie the piinting system, the X Window
System, and syslog.
Iocal domain sockets aie cieated with the socket system call and can be iemoved
with the rm command oi the unlink system call once they have no moie useis.
Named |es
Iike local domain sockets, named pipes allow communication between two pio-
cesses iunning on the same host. They'ie also known as "FIFO files" (FIFO is shoit
foi the phiase "fiist in, fiist out"). You can cieate named pipes with mknod and
iemove them with rm.
Symbo||c ||nks
A symbolic oi "soft" link points to a file by name. When the keinel comes upon a
symbolic link in the couise of looking up a pathname, it iediiects its attention to the
pathname stoied as the contents of the link. The diffeience between haid links and
symbolic links is that a haid link is a diiect iefeience, wheieas a symbolic link is a
iefeience by name; symbolic links aie distinct fiom the files they point to.
You cieate symbolic links with ln -s and iemove them with rm. Since they can con-
tain aibitiaiy paths, they can iefei to files on othei filesystems oi to nonexistent files.
Multiple symbolic links can also foim a loop.
A symbolic link can contain eithei an absolute oi a ielative path. Foi example,
= In -s archved/secure /var/Iog/secure
links /var/log/secure to /var/log/archived/secure with a relative path. It cieates the
symbolic link /var/log/secure with a taiget of "archived/secure", as demonstrated
by this output from ls:
$ Is -I /var/Iog/secure
lrvxrvxrvx l roo roo l8 200S-0-0S l2.S4 /var/lo/secure -> arclived/secure
8
The entiie /var/log diiectoiy could be moved somewheie else without causing the
symbolic link to stop woiking (not that moving this diiectoiy is advisable).
8. The file peimissions ihai ls shows foi a symbolic link, lrvxrvxrvx, aie dummy values. Peimission io
cieaie, iemove, oi follow ihe link is coniiolled by ihe coniaining diiecioiy, wheieas iead, wiiie, and
execuie peimission on ihe link iaigei aie gianied by ihe iaigei's own peimissions. Theiefoie, symbolic
links do noi need (and do noi have) any peimission infoimaiion of iheii own.
5.5 lile attributes 81
It is a common mistake to think that the fiist aigument to ln -s has something to do
with youi cuiient woiking diiectoiy. It is nct iesolved as a filename by ln; it's simply
used veibatim as the taiget of the symbolic link.
5.5 IIL A11kI8u1S
Indei the tiaditional INIX and Iinux filesystem model, eveiy file has a set of nine
peimission bits that contiol who can iead, wiite, and execute the contents of the file.
Togethei with thiee othei bits that piimaiily affect the opeiation of executable pio-
giams, these bits constitute the file's "mode."
The twelve mode bits aie stoied togethei with foui bits of file-type infoimation. The
foui file-type bits aie set when the file is fiist cieated and cannot be changed, but the
file's ownei and the supeiusei can modify the twelve mode bits with the chmod
(change mode) command. Use ls -l (oi ls -ld foi a diiectoiy) to inspect the values of
these bits. An example is given on page 82.
1he erm|ss|on b|ts
Nine peimission bits deteimine what opeiations may be peifoimed on a file and by
whom. Tiaditional UNIX does not allow peimissions to be set pei-usei (although
Iinux now suppoits access contiol lists in all majoi filesystems; see page 88). In-
stead, thiee sets of peimissions define access foi the ownei of the file, the gioup
owneis of the file, and eveiyone else. Each set has thiee bits: a iead bit, a wiite bit,
and an execute bit.
It's convenient to discuss file peimissions in teims of octal (base 8) numbeis because
each digit of an octal numbei iepiesents thiee bits and each gioup of peimission
bits consists of thiee bits. The topmost thiee bits (with octal values of 400, 200, and
100) contiol access foi the ownei. The second thiee (40, 20, and 10) contiol access
foi the gioup. The last thiee (4, 2, and 1) contiol access foi eveiyone else ("the
woild"). In each tiiplet, the high bit is the iead bit, the middle bit is the wiite bit, and
the low bit is the execute bit.
Each usei fits into only one of the thiee peimission sets. The peimissions used aie
those that aie most specific. Foi example, the ownei of a file always has access detei-
mined by the ownei peimission bits and nevei the gioup peimission bits. It is possi-
ble foi the "othei" and "gioup" categoiies to have moie access than the ownei, al-
though this configuiation is iaiely used.
On a iegulai file, the iead bit allows the file to be opened and iead. The wiite bit
allows the contents of the file to be modified oi tiuncated; howevei, the ability to
delete oi iename (oi delete and then iecieate!) the file is contiolled by the peimis-
sions on its paient diiectoiy, because that is wheie the name-to-dataspace mapping
is actually stoied.
82 Chater 5 - Jhe lilesystem
The execute bit allows the file to be executed. Theie aie two types of executable files:
binaiies, which the CPU iuns diiectly, and sciipts, which must be inteipieted by a
shell oi some othei piogiam. By convention, sciipts begin with a line similai to
='/usr/bir/erl
that specifies an appiopiiate inteipietei. Nonbinaiy executable files that do not spec-
ify an inteipietei aie assumed (by youi shell) to be bash oi sh sciipts.
9
Foi a diiectoiy, the execute bit (often called the "seaich" oi "scan" bit in this context)
allows the diiectoiy to be enteied oi passed thiough while a pathname is evaluated,
but not to have its contents listed. The combination of iead and execute bits allows
the contents of the diiectoiy to be listed. The combination of wiite and execute bits
allows files to be cieated, deleted, and ienamed within the diiectoiy.
1he setu|d and setg|d b|ts
The bits with octal values 4000 and 2000 aie the setuid and setgid bits. When set on
executable files, these bits allow piogiams to access files and piocesses that would
otheiwise be off-limits to the usei that iuns them. The setuid/setgid mechanism foi
executables is desciibed on page 45.
When set on a diiectoiy, the setgid bit causes newly cieated files within the diiectoiy
to take on the gioup owneiship of the diiectoiy iathei than the default gioup of the
usei that cieated the file. This convention makes it easiei to shaie a diiectoiy of files
among seveial useis, as long as they all belong to a common gioup. This inteipieta-
tion of the setgid bit is unielated to its meaning when set on an executable file, but
theie is nevei any ambiguity as to which meaning is appiopiiate.
You can also set the setgid bit on nonexecutable plain files to iequest special locking
behavioi when the file is opened. Howevei, we've nevei seen this featuie used.
1he st|cky b|t
The bit with octal value 1000 is called the sticky bit. It was of histoiical impoitance as
a modifiei foi executable files on eaily UNIX systems. Howevei, that meaning of the
sticky bit is now obsolete and modein systems silently ignoie it.
If the sticky bit is set on a diiectoiy, the filesystem won't allow you to delete oi iename
a file unless you aie the ownei of the diiectoiy, the ownei of the file, oi the supeiusei.
Having wiite peimission on the diiectoiy is not enough. This convention helps make
diiectoiies like /tmp a little moie piivate and secuie.
v|ew|ng f||e attr|butes
The filesystem maintains about foity sepaiate pieces of infoimation foi each file, but
most of them aie useful only to the filesystem itself. As a system administiatoi, you
9. The keinel undeisiands ihe #! ("shebang") syniax and acis on ii diiecily. Howevei, if ihe inieipieiei is
noi specified compleiely and coiiecily, ihe keinel will iefuse io execuie ihe file. The shell ihen makes a
second aiiempi io execuie ihe sciipi by calling sh.
5.5 lile attributes 83
will be conceined mostly with the link count, ownei, gioup, mode, size, last access
time, last modification time, and type. You can inspect all of these with ls -l (oi ls -ld
foi a diiectoiy).
An attiibute change time is also maintained foi each file. The conventional name foi
this time (the "ctime," shoit foi "change time") leads some people to believe that it is
the file's cieation time. Infoitunately, it is not; it just iecoids the time that the at-
tiibutes of the file (ownei, mode, etc.) weie last changed (as opposed to the time at
which the file's contents weie modified).
Considei the following example:
$ Is -I /bn/gzp
-rvxr-xr-x 3 roo roo Sl3o [ur lS 2004 /bir/zi
The fiist field specifies the file's type and mode. The fiist chaiactei is a dash, so the
file is a iegulai file. (See Table 5.? on page 77 foi othei codes.)
The next nine chaiacteis in this field aie the thiee sets of peimission bits. The oidei
is ownei-gioup-othei, and the oidei of bits within each set is iead-wiite-execute.
Although these bits have only binaiy values, ls shows them symbolically with the let-
teis i, w, and x foi iead, wiite, and execute. In this case, the ownei has all peimissions
on the file and eveiyone else has only iead and execute peimission.
If the setuid bit had been set, the x iepiesenting the ownei's execute peimission
would have been ieplaced with an s, and if the setgid bit had been set, the x foi the
gioup would also have been ieplaced with an s. The last chaiactei of the peimissions
(execute peimission foi "othei") is shown as if the sticky bit of the file is tuined on.
If eithei the setuid/setgid bit oi the sticky bit is set but the coiiesponding execute bit
is not, these bits appeai as S oi T.
The next field in the listing is the link count foi the file. In this case it is ?, indicating
that /bin/gzip is just one of thiee names foi this file (the otheis aie /bin/gunzip and
/bin/zcat). Eveiy time a haid link is made to a file, the count is inciemented by 1.
All diiectoiies will have at least two haid links: the link fiom the paient diiectoiy
and the link fiom the special file "." inside the diiectoiy itself. Symbolic links do not
affect the link count.
The next two fields in the ls output aie the ownei and gioup ownei of the file. In this
example, the file's ownei is ioot, and the file also belongs to the gioup named ioot.
The filesystem actually stoies these as the usei and gioup II numbeis iathei than as
names. If the text veisions (names) can't be deteimined, then these fields contain
numbeis. This might happen if the usei oi gioup that owns the file has been deleted
fiom the /etc/passwd oi /etc/group file. It could also indicate a pioblem with youi
NIS oi IIAP database (if you use one); see Chaptei 17.
84 Chater 5 - Jhe lilesystem
The next field is the size of the file in bytes. This file is 57,136 bytes long, oi about
56K.
10
Next comes the date of last modification: June 15, 2004. The last field in the
listing is the name of the file, /bin/gzip.
ls output is slightly diffeient foi a device file. Foi example:
$ Is -I /dev/tty0
crv-rv---- l roo roo 4, 0 [ur ll 20.4l /dev/y0
Most fields aie the same, but instead of a size in bytes, ls shows the majoi and minoi
device numbeis. /dev/tty0 is the fiist viitual console, contiolled by device diivei 4
(the teiminal diivei).
One ls option that's useful foi scoping out haid links is -i, which makes ls show each
file's "inode numbei." Without going into too much detail about filesystem imple-
mentations, we'll just say that the inode numbei is an index into a table that enu-
meiates all the files in the filesystem. Inodes aie the "things" that aie pointed to by
diiectoiy entiies; entiies that aie haid links to the same file have the same inode
numbei. To figuie out a complex web of links, you need ls -li to show link counts
and inode numbeis along with find to seaich foi matches.
11
The system automatically keeps tiack of modification time stamps, link counts, and
file size infoimation. Conveisely, peimission bits, owneiship, and gioup owneiship
change only when they aie specifically alteied.
Some othei ls options that aie impoitant to know aie -a to show all entiies in a
diiectoiy (even files whose names stait with a dot), -t to soit files by modification
time (oi -tr to soit in ieveise chionological oidei), -F to show the names of files in a
way that distinguishes diiectoiies and executable files, -R to list iecuisively, and -h
to show file sizes in a human-ieadable foim (e.g., 8K oi S3M).
chmod. change erm|ss|ons
The chmod command changes the peimissions on a file. Only the ownei of the file
and the supeiusei can change its peimissions. To use the command on eaily UNIX
systems, you had to leain a bit of octal notation, but cuiient veisions accept eithei
octal notation oi a mnemonic syntax. The octal syntax is geneially moie convenient
foi administiatois, but it can only be used to specify an absolute value foi the peimis-
sion bits. The mnemonic syntax can modify some bits while leaving otheis alone.
The fiist aigument to chmod is a specification of the peimissions to be assigned,
and the second and subsequent aiguments aie names of files on which peimissions
10. K siands foi kilo, a meiiic piefix meaning 1,000; howevei, compuiei iypes have basiaidized ii inio
meaning 2
10
oi 1,024. Similaily, a compuiei megabyie is noi ieally a million byies bui iaihei 2
20
oi
1,048,576 byies. The Inieinaiional Eleciioiechnical Commission is piomoiing a new sei of numeiic
piefixes (such as kibi- and mebi-) ihai aie based expliciily on poweis of 2. Ai ihis poini, ii seems
unlikely ihai common usage will change. To add io ihe confusion, even ihe powei-of-2 uniis aie noi
used consisienily. RAM is denominaied in poweis of 2, bui neiwoik bandwidih is always a powei of 10.
Sioiage space is quoied in powei-of-10 uniis by manufaciuieis and powei-of-2 uniis by eveiyone else.
11. Tiy find mountpoint -xdev -inum inode -print.
5.5 lile attributes 85
should be changed. In the octal case, the fiist octal digit of the specification is foi the
ownei, the second is foi the gioup, and the thiid is foi eveiyone else. If you want to
tuin on the setuid, setgid, oi sticky bits, you use foui octal digits iathei than thiee,
with the thiee special bits foiming the fiist digit.
Table 5.4 illustiates the eight possible combinations foi each set of thiee bits, wheie
r, v, and x stand foi iead, wiite, and execute.
Foi example, chmod 711 myprog gives all peimissions to the ownei and execute-
only peimission to eveiyone else.
12
The full details of chmod's mnemonic syntax can be found in the chmod man page.
Some examples of mnemonic specifications aie shown in Table 5.5.
The haid pait about using the mnemonic syntax is iemembeiing whethei o stands
foi "ownei" oi "othei"; "othei" is coiiect. Just iemembei u and g by analogy to III
and CII; only one possibility will be left.
You can also specify the modes to be assigned by analogy with an existing file. Foi
example, chmod --reference=filea fileb makes fileb's mode the same as filea's.
chmod can update the file peimissions within a diiectoiy iecuisively with the -R
option. Howevei, this is tiickiei than it looks, since the enclosed files and diiectoiies
may not all shaie the same attiibutes (foi example, some might be executable files
1ab|e 5.4 Perm|ss|on encod|ng for chmod
Ucta| 8|nary Perms Ucta| 8|nary Perms
0 000 4 100 r
1 001 x 5 101 rx
2 010 v 6 110 rv
3 011 vx 1 111 rvx
12. If myprog weie a shell sciipi, ii would need boih iead and execuie peimission iuined on. Foi ihe sciipi
io be iun by an inieipieiei, ii musi be opened and iead like a iexi file. Binaiy files aie execuied diiecily
by ihe keinel and iheiefoie do noi need iead peimission iuined on.
1ab|e 5.5 xam|es of chmod's mnemon|c syntax
Sec Mean|ng
u+w Adds write ermission for the owner of the file
ug=rw,o=r Cives r/w ermission to owner and grou, and read ermission to others
a-x Removes execute ermission for all categories (owner/grou/other)
ug=srx,o= Vakes the file setuid and setgid and gives r/x ermission to the owner
and grou only
g=u Vakes the grou ermissions be the same as the owner ermissions
86 Chater 5 - Jhe lilesystem
while otheis aie text files). The mnemonic syntax is paiticulaily useful with -R be-
cause any bits whose values you don't set explicitly aie left alone. Foi example,
$ chmod -R g+w mydr
adds gioup wiite peimission to mydir and all its contents without messing up the
execute bits of diiectoiies and piogiams.
chown. change ownersh| and grou
The chown command changes a file's owneiship and gioup owneiship. Its syntax
miiiois that of chmod, except that the fiist aigument specifies the new ownei and
gioup in the foim user.grcup. You can omit eithei user oi grcup. If theie is no gioup,
you don't need the colon eithei, although you can include it to make chown set the
gioup to user's default gioup. The foim user.grcup is also accepted, foi histoiical
ieasons, although it's a bit degeneiate since useinames can include dots.
To change a file's gioup, you must eithei be the ownei of the file and belong to the
gioup you'ie changing to oi be the supeiusei. You must be the supeiusei to change a
file's ownei.
Like chmod, chown offeis the iecuisive -R flag to change the settings of a diiectoiy
and all the files undeineath it. Foi example, the sequence
= chmod 755 ~matt
= chown -R matt:staff ~matt
might be used to set up the home diiectoiy of a new usei aftei you had copied in the
default staitup files. Make suie that you don't tiy to chown the new usei's dot files
with a command such as
= chown -R matt:staff ~matt/.
The pattein will match ~matt/.. and will theiefoie end up changing the owneiships
of the paient diiectoiy and piobably the home diiectoiies of othei useis.
Tiaditional UNIX uses a sepaiate command, chgrp, to change the gioup ownei of a
file. Iinux has chgrp too. It woiks just like chown; feel fiee to use it if you find it
easiei to iemembei.
umask. ass|gn defau|t erm|ss|ons
You can use the built-in shell command umask to influence the default peimissions
given to the files you cieate. The umask is specified as a thiee-digit octal value that
iepiesents the peimissions to take away. When a file is cieated, its peimissions aie
set to whatevei the cieating piogiam iequests minus whatevei the umask foibids.
Thus, the individual digits of the umask allow the peimissions shown in Table 5.6.
Foi example, umask 027 allows all peimissions foi the ownei but foibids wiite pei-
mission to the gioup and allows no peimissions foi anyone else. The default umask
value is often 022, which denies wiite peimission to the gioup and woild but allows
iead peimission.
5.5 lile attributes 87
See Chapter fcr
mcre infcrmaticn
abcut startup files.
You cannot foice useis to have a paiticulai umask value because they can always
ieset it to whatevei they want. Howevei, you can put a suitable default in the sample
.profile and .cshrc files that you give to new useis.
8onus f|ags
Linux's ext2fs and ext3fs filesystems define some supplemental attiibutes you can
tuin on to iequest special filesystem semantics ("iequest" being the opeiative
woid, since many of the flags haven't actually been implemented). Foi example, one
flag makes a file append-only and anothei makes it immutable and undeletable.
Since these flags don't apply to filesystems other than the ext* series, Iinux uses spe-
cial commands, lsattr and chattr, to view and change them. Table 5.7 lists the flags
that actually woik (cuiiently only about 50% of those mentioned in the man page).
With the possible exception of the "no backup" flag, it's not cleai that any of these
featuies offei much day-to-day value. The immutable and append-only flags weie
laigely conceived as ways to make the system moie iesistant to tampeiing by hackeis
oi hostile code. Unfoitunately, they can confuse softwaie and piotect only against
hackeis that don't know enough to use chattr -ia.
1?
Real-woild expeiience has
shown that these flags aie moie often used by hackeis than against them.
The S and D options foi synchionous wiites also meiit a special caution. Since they
foice all filesystem pages associated with a file oi diiectoiy to be wiitten out imme-
1ab|e 5.6 Perm|ss|on encod|ng for umask
Ucta| 8|nary Perms Ucta| 8|nary Perms
0 000 rvx 4 100 vx
1 001 rv 5 101 v
2 010 rx 6 110 x
3 011 r 1 111
1ab|e 5.7 xt2fs and ext3fs bonus f|ags
I|ag Mean|ng
A Never udate access time (s_aine, for erformance)
a Allow writing only in aend mode (only root can set)
0 lorce directory udates to be written synchronously
d No backumake dum ignore this file
| Vake file immutable and undeletable (only root can set)
j Kee a journal for data changes as well as metadata
S lorce changes to be written synchronously (no buffering)
13. The capabiliiy mechanism desciibed on page 683 can make ii haidei io iuin off ihese biis, bui ihe fea-
iuie is noi widely used.
88 Chater 5 - Jhe lilesystem
diately on changes, they might seem to offei additional piotection against data loss
in the event of a ciash. Howevei, the oidei of opeiations foi synchionous updates is
unusual and has been known to confuse fsck; iecoveiy of a damaged filesystem
might theiefoie be made moie difficult iathei than moie ieliable. Filesystem joui-
naling, as suppoited by ext?fs, is usually a bettei option. The j option can foice data
jouinaling foi specific files, albeit at some peifoimance cost.
5.6 ACCSS CUN1kUL LIS1S
The 9-bit ownei/gioup/othei access contiol system has pioved to be poweiful
enough to accommodate most administiative needs. Although the system has cleai
limitations, it's veiy much in keeping with the UNIX tiaditions (some might say,
"foimei tiaditions") of simplicity and piedictability.
Viitually all non-UNIX opeiating systems use a substantially moie complicated way
of iegulating access to files: access contiol lists, oi ACIs. ACIs have no set length
and can include peimission specifications foi multiple useis oi gioups. The moie
sophisticated systems allow administiatois to specify paitial sets of peimissions oi
negative peimissions; some also have inheiitance featuies that allow access to de-
pend on moie than one ACI at a time. These systems aie cleaily moie poweiful than
the tiaditional UNIX model, but they aie also an oidei of magnitude moie complex,
both foi administiatois and foi softwaie developeis.
See page 12 fcr mcre
infcrmaticn abcut the
mount ccmmand and
filesystem mcunting.
As a iesult of effoits to include ACIs in the POSIX specification, many vaiiants of
UNIX have come to suppoit a ielatively standaid ACI mechanism that opeiates in
paiallel with the tiaditional INIX 9-bit model. Indei Iinux, ACIs aie suppoited by
ext2, ext?, ReiseiFS, XFS, and JFS. They aie usually disabled by default; use the -o
acl option to mount to tuin them on.
Foi completeness, we desciibe the Iinux ACI model heie. But don't be seduced by
the pietty colois-ACIs aie not necessaiily "bettei" than tiaditional file peimis-
sions, and knowledgeable administiatois should use them with a degiee of tiepida-
tion. Not only aie they complicated and tiiesome to use, but they can also cause
pioblems in conjunction with NFS, backup systems, and piogiams such as text edi-
tois. ACIs tend towaid entiopy and so become unmaintainable ovei time.
See page 828 fcr
mcre infcrmaticn
abcut Samba.
Peihaps the most plausible ieason foi using ACIs is to inciease compatibility with
othei opeiating systems. In paiticulai, the Samba suite used foi file shaiing with
Windows systems is ACI-awaie and makes a good-faith effoit to tianslate between
the ACIs of Iinux and Windows.
ACL overv|ew
Iinux ACIs aie a mostly stiaightfoiwaid extension of the standaid 9-bit model.
Read, wiite, and execute peimission aie the only capabilities the system deals with.
Embellishments such as the setuid and sticky bits aie handled exclusively thiough
the tiaditional mode bits.
5.6 Access control lists 89
ACIs allow the iwx bits to be set independently foi any combination of useis and
gioups. Table 5.8 shows what the individual entiies in an ACI can look like.
Useis and gioups can be identified by name oi by UII/CII. The exact numbei of
entiies that an ACI can contain vaiies with the filesystem implementation and
ianges fiom a low of 25 with XFS to a viitually unlimited numbei with ReiseiFS and
JFS. The ext2 and ext? filesystems allow ?2 entiies, which is piobably a ieasonable
limit foi manageability in any case.
The getfacl command displays a file's cuiient ACI, and the setfacl command mod-
ifies oi sets it. Use setfacl -b file to cleai the ACI, setfacl -m aclspec file to modify oi
extend it, and setfacl -x aclspec file to delete specific entiies in the list. (Omit the
peimission specification poition of the aclspec when using -x.) The aclspec can con-
tain moie than one list entiy as long as the entiies aie sepaiated with a comma.
Files with ACIs ietain theii oiiginal mode bits, but consistency is automatically en-
foiced and the two sets of peimissions can nevei conflict. The following example
demonstiates that the ACI entiies update automatically in iesponse to changes
made with chmod:
$ touch /tmp/exampIe
$ Is -I /tmp/exampIe
-rv-rv-r-- l arl arl 0 [ur l4 lS.S /n/exanle
$ getfacI /tmp/exampIe
eacl. Renovir leadir '/' ron absolue al ranes
= ile. n/exanle
= ovrer. arl
= rou. arl
user..rv-
rou..rv-
oler..r--
$ chmod 640 /tmp/exampIe
$ getfacI --omt-header /tmp/exampIe
user..rv-
rou..r--
oler..---
1ab|e 5.8 ntr|es that can aear |n an access contro| ||st
Iormat xam|e Sets erm|ss|ons for
user : : etms user..rv- Jhe file's owner
user : usetname: etms user.rer.rv- A secific user
grou: : etms rou..r-x Jhe grou that owns the file
grou: qtouname: etms rou.sa.rv- A secific grou
other: : etms oler..--- All others
mask: : etms nasl..rvx All but owner and other
a
a. Vasks are somewhat tricky and are exlained later in this section.
90 Chater 5 - Jhe lilesystem
This enfoiced consistency allows oldei softwaie with no awaieness of ACIs to play
ieasonably well in the ACI woild. Howevei, theie's a twist. Even though the gioup::
ACI entiy in the example above appeais to be tiacking the middle set of tiaditional
mode bits, this will not always be the case.
To undeistand why, suppose that a legacy piogiam cleais the wiite bits within all
thiee peimission sets of the tiaditional mode (e.g., chmod ugo-w file). The inten-
tion is cleaily to make the file unwiitable by anyone. But what if the iesulting ACI
weie to look like this?
user..r--
rou..r--
rou.sa.rv-
oler..r--
Fiom the peispective of legacy piogiams, the file appeais to be unmodifiable, yet it
is actually wiitable by anyone in gioup staff. Not good. To ieduce the chance of am-
biguity and misundeistandings, Iinux has adopted the following iules:
The usei:: and othei:: ACI entiies aie by definition identical to the "ownei"
and "othei" peimission bits fiom the tiaditional file mode. Changing the
mode changes the coiiesponding ACI entiies, and vice veisa.
In all cases, the effective access peimission affoided to the file's ownei and
to useis not mentioned in anothei way aie those specified in the usei:: and
othei:: ACI entiies, iespectively.
If a file has no explicitly defined ACI oi has an ACI that consists only of
one usei::, one gioup::, and one othei:: entiy, these ACI entiies aie identi-
cal to the thiee sets of tiaditional peimission bits. This is the case illus-
tiated in the getfacl example above. (Such an ACI is teimed "minimal"
and need not actually be implemented as a logically sepaiate ACI.)
Iogin name
Home diiectoiy
Iogin shell
Foi example, the following lines aie all syntactically valid /etc/passwd entiies:
roo.laS!]uGZ2so.0.0.Tle Sysen,,xo0o,././bir/sl
]l.x.l00.0.[in Lare,LCT8-3,,./sa/]l./bir/sl
doy.$l$Ce8QAQl$L.Dv[LViHlVeKTMLX!ZO/.l0l.20. ./lone/doy./bir/csl
These days it is not acceptable to leave enciypted passwoids in plain view. With fast
haidwaie, they can be "ciacked" in minutes. All veisions of UNIX and Linux allow
you to hide the enciypted passwoids by placing them in a sepaiate file that is not
woild-ieadable. This is known as a shadow passwoid mechanism, and it is (appio-
piiately) the default on most systems.
The shadow passwoid system makes moie sense when explained as an extension of
the tiaditional /etc/passwd (as it histoiically was), so we defei oui discussion of this
featuie until page 99. A moie geneial discussion of the secuiity implications of
shadow passwoids can be found on page 678.
The contents of /etc/passwd aie often shaied among systems with a database such
as NIS oi IIAP. See Chaptei 17, Sharing System Files, foi moie infoimation.
The following sections discuss the /etc/passwd fields in moie detail.
Log|n name
See page 511 fcr
mcre infcrmaticn
abcut NIS.
Iogin names (also known as useinames) must be unique and no moie than ?2 chai-
acteis long. They may contain any chaiacteis except colons and newlines. If you use
NIS, login names aie limited to 8 chaiacteis, iegaidless of the opeiating system.
Some oldei veisions of UNIX limit the peimissible chaiacteis to alphanumeiics and
impose an 8-chaiactei length limit. At heteiogeneous sites, it's a good idea to heed
the most iestiictive limits. Such a policy will aveit potential conflicts with oldei soft-
waie and will guaiantee that useis can have the same login name on eveiy machine.
Remembei, just because you have a homogeneous enviionment today doesn't mean
that this will be the case tomoiiow.
Login names aie case sensitive; howevei, RFC822 calls foi case to be ignoied in
email addiesses. We aie not awaie of any pioblems caused by mixed-case login
names, but loweicase names aie tiaditional and also easiei to type.
6.1 Jhe /etc/asswd file 95
Iogin names should be easy to iemembei, so iandom sequences of letteis do not
make good login names. We suggest that you avoid nicknames, even if youi oigani-
zation is ielatively infoimal. They'ie ieally not that much fun, and they tend to diaw
scoin; names like IaikIoid and QTPie belong in fiont of uhotmail.com. Iven if youi
useis have no self-iespect, at least have some thought foi youi site's oveiall ciedibility.
Since login names aie often used as email addiesses, it's useful to establish a stan-
daid way of foiming them. It should be possible foi useis to make educated guesses
about each othei's login names. Fiist names, last names, initials, oi some combina-
tion of these all make ieasonable naming schemes.
See page 544 fcr mcre
infcrmaticn abcut
mail aliases.
Any fixed scheme foi choosing login names eventually iesults in duplicate names oi
names that aie too long, so you will sometimes have to make exceptions. In the case
of a long name, you can use youi mail system's aliasing featuies to equate two vei-
sions of the name, at least as fai as mail is conceined.
Foi example, suppose you use an employee's fiist initial and last name as a paia-
digm. Bient Biowning would theiefoie be bbiowning, which is 9 chaiacteis and
theiefoie potentially incompatible with some systems. Instead, you could assign
the usei the login bientb, leaving bbiowning as an aliases file entiy:
bbrovrir. brerb
If youi site has a global mail alias file, each new login name must be distinct fiom any
alias in this file. If it is not, mail will be deliveied to the alias iathei than the new usei.
It's common foi laige sites to implement a full-name email addiessing scheme (e.g.,
John.Q.Publicumysite.com) that hides login names fiom the outside woild. This is a
fine idea, but it ieally doesn't obviate any of the naming advice given above. If foi no
othei ieason than the sanity of administiatois, it's best if login names have a cleai
and piedictable coiiespondence to useis' actual names.
Login names should be unique in two senses. Fiist, a usei should have the same
login name on eveiy machine. This iule is mostly foi convenience, both youis and
the usei's.
See page 85 fcr a
discussicn cf lcgin
equivalence issues.
Second, a paiticulai login name should always iefei to the same peison. Some com-
mands (e.g., ssh) can be set up to validate iemote useis accoiding to theii login
names. Even if sco@boulder and sco@reue weie two diffeient people, one
might be able to log in to the othei's account without pioviding a passwoid if the
accounts weie not set up piopeily.
Expeiience also shows that duplicate names can lead to email confusion. The mail
system might be peifectly cleai about which sco is which, but useis will often send
mail to the wiong addiess.
96 Chater 6 - Adding New users
ncryted assword
A quick iemindei befoie we jump into the details of passwoids: most systems now
keep enciypted passwoids in /etc/shadow iathei than /etc/passwd. Howevei, the
comments in this section apply iegaidless of wheie passwoids aie actually kept.
Passwoids aie stoied in an enciypted foim. Inless you can execute enciyption algo-
iithms in youi head (we want to meet you), you must eithei set passwoids by using
the passwd command (yppasswd if you use NIS) oi by copying an enciypted pass-
woid stiing fiom anothei account.
If you edit /etc/passwd by hand to cieate a new account, put a stai oi an x in the
enciypted passwoid field. The stai pievents unauthoiized use of the account until
you have set a ieal passwoid. Nevei leave this field empty-that intioduces a jumbo-
sized secuiity hole because no passwoid is iequiied to access the account. Even if
you aie using shadow passwoids, it's wise to be a bit anal ietentive about passwoid
hygiene in the /etc/passwd file. You nevei know when some obsolete piogiam oi
sciipt is going to peek at it in oidei to make some kind of secuiity decision.
1
Vajor Iinux distributions recognize multiple methods of password encryption, and
they can determine the encryption method used for each password by examining the
encrypted data. It isn't necessary for all passwords on the system to use the same form
of encryption.
Most Iinux distiibutions default to using MI5 enciyption. MI5 is slightly ciypto-
giaphically bettei than the foimei IIS standaid, and the VI5 scheme allows pass-
woids of aibitiaiy length. Iongei passwoids aie moie secuie-if you actually use
them. Since the use of MI5 won't huit and might help, we iecommend it foi all
systems that suppoit it.
Inciypted passwoids aie of constant length (34 chaiacteis long foi VI5, 13 foi IIS)
iegaidless of the length of the unenciypted passwoid. Passwoids aie enciypted in
combination with a iandom "salt" so that a given passwoid can coiiespond to many
diffeient enciypted foims. If two useis happen to select the same passwoid, this fact
usually cannot be discoveied by inspection of the enciypted passwoids. MI5 pass-
woids aie easy to spot because they always stait with $1$.
SUSE defaults to Blowfish enciyption foi new passwoids. Iike MI5, this is a stiong
algoiithm and a veiy ieasonable default. Howevei, you can't copy SUSE's Blowfish
passwoids to non-SUSE systems since only SUSE undeistands them. You can iden-
tify Blowfish passwoids by theii piefix of $2a$.
uI0 (user I0) number
UIIs aie unsigned ?2-bit integeis. Howevei, because of inteiopeiability issues with
oldei systems, we suggest limiting the laigest UII at youi site to ?2,767 (the laigest
signed 16-bit integei) if possible.
1. Jon Coibei, one of oui iechnical ievieweis, commenied, "If you don'i know when secuiiiy decisions aie
being made, you'ie alieady in iiouble. Adminisiiaiois should noi be suipiised by such ihings."
6.1 Jhe /etc/asswd file 97
By definition, ioot has UID 0. Most systems also define pseudo-useis bin, daemon,
and lots of otheis. It is customaiy to put such fake logins at the beginning of the
/etc/passwd file and to give them low IIIs; nevei assign these logins a ieal shell. To
allow plenty of ioom foi any nonhuman useis you might want to add in the futuie,
we iecommend that you assign UIIs to ieal useis staiting at 500 (oi highei).
See page 48 fcr
mcre infcrmaticn
abcut sudo.
It is nevei a good idea to have multiple accounts with UID 0. While it might seem
convenient to have multiple ioot logins with diffeient shells oi passwoids, this setup
just cieates moie potential secuiity holes and gives you multiple logins to secuie. If
people need to have alteinate ways to log in as ioot, you aie bettei off if they use a
piogiam such as sudo.
Avoid iecycling UIIs foi as long as possible, even the UIIs of people that have left
youi oiganization and had theii accounts peimanently iemoved. This piecaution
pievents confusion if files aie latei iestoied fiom backups, wheie useis may be iden-
tified by UII iathei than by login name.
See Chapter 1 fcr
mcre infcrmaticn
abcut NFS.
IIIs should be kept unique acioss youi entiie oiganization. That is, a paiticulai III
should iefei to the same login name and the same peison on eveiy machine. Failuie
to maintain distinct IIIs can iesult in secuiity pioblems with systems such as NFS
and can also iesult in confusion when a usei moves fiom one woikgioup to anothei.
2
It can be haid to maintain unique UIIs when gioups of machines aie administeied
by diffeient people oi oiganizations. The pioblems aie both technical and political.
The best solution is to have a cential database that contains a iecoid foi each usei
and enfoices uniqueness. (We use a home-giown database to addiess this pioblem.)
A simplei scheme is to assign each gioup within an oiganization a iange of UIIs
and let each gioup manage its own set. This solution keeps the UII spaces sepaiate
(a iequiiement if you aie going to use NFS to shaie filesystems) but does not addiess
the paiallel issue of unique login names. IIAP is becoming a populai management
tool foi UIIs as well.
0efau|t 6I0 number
Iike a UII, a gioup II numbei is ?2-bit integei. CII 0 is ieseived foi the gioup
called "ioot". CII 1 is the gioup "bin" and CII 2 is the gioup "daemon".
See page 82 fcr mcre
infcrmaticn abcut set-
gid directcries.
Cioups aie defined in /etc/group, with the CII field in /etc/passwd pioviding the
default (oi "effective") CII at login time. The default CII is not tieated specially
when access is deteimined;
?
it is ielevant only to the cieation of new files and diiec-
toiies. New files aie noimally owned by the usei's effective gioup. Howevei, in diiec-
toiies on which the setgid bit (02000) has been set and on filesystems mounted with
the grpid option, new files default to the gioup of theii paient diiectoiy.
2. Anoihei NFS-ielaied issue is ihe "nobody" UII ihai is iiadiiionally used io hampei access by iemoie
iooi useis. See page 488 foi deiails.
3. Linux consideis all gioup membeiships when peifoiming access calculaiions. Keinels befoie 2.6.4
allow a maximum of 32 gioup membeiships, bui moie ieceni keinels impose no limii.
98 Chater 6 - Adding New users
6CUS f|e|d
4
The CECOS field is commonly used to iecoid peisonal infoimation about each usei.
It has no well-defined syntax. The CECOS field oiiginally held the login infoimation
needed to tiansfei batch jobs fiom UNIX systems at Bell Iabs to a mainfiame iun-
ning CECOS (the Ceneial Electiic Compiehensive Opeiating System); these days,
only the name iemains. A few piogiams will expand an '&' in the CICUS field to the
usei's login name, which saves a bit of typing. Both finger and sendmail peifoim
this expansion, but many piogiams do not. It's best not to iely on this featuie.
Although you can use any foimatting conventions you like, finger inteipiets comma-
sepaiated CECOS entiies in the following oidei:
Iogin name
Enciypted passwoid
The login name is the same as in /etc/passwd. This field connects a usei's
passwd and shadow entiies.
The last change field iecoids the time at which the usei's passwoid was last
changed. This field is geneially filled in by passwd.
100 Chater 6 - Adding New users
The fouith field sets the numbei of days that must elapse between passwoid
changes. The idea is to foice authentic changes by pieventing useis fiom
immediately ieveiting to a familiai passwoid aftei a iequiied change. How-
evei, we think this featuie could be somewhat dangeious when a secuiity
intiusion has occuiied. We iecommend setting this field to 0.
The fifth field sets the maximum numbei of days allowed between pass-
woid changes. This featuie allows the administiatoi to enfoice passwoid
aging; see page 680 foi moie infoimation. The actual enfoiced maximum
numbei of days is the sum of this field and the seventh (giace peiiod) field.
The sixth field sets the numbei of days befoie passwoid expiiation that the
login piogiam should begin to wain the usei of the impending expiiation.
The seventh field specifies how many days aftei the maximum passwoid
age has been ieached to wait befoie tieating the login as expiied. The
exact puipose of this featuie is not cleai.
The eighth field specifies the day (in days since Jan 1, 1970) on which the
usei's account will expiie. The usei may not log in aftei this date until the
field has been ieset by an administiatoi. If the field is left blank, the account
will nevei expiie.