Who is a System Administrator ?

The System Administrator is the person on the technical staff who works exclusively in those jobs related to the system itself. These jobs are machine installation, addition and removal of users from the system, installation of new software required by the users, system backup, printer configuration, addition of new hardware in the system, set up of automatic procedures for resolving specific problems, system security, kernel re-compilation and other jobs regarding the operating system.

Depending on the company's size or workflow organization there are also other figures like the System Integrator, also called Network Administrator who has the job of establishing communication between several operating systems : Linux, UNIX, DOS, MS-Windows, Novell NetWare, Apple MAC and others like IBM AS/400 systems. Another position created in the last few years is the Web Master, whose role is to be HTML publisher on the Web; this person is also an HTML programmer who installs the web server and writes CGI with Perl and Java applets. After these there are the system programmers who write the source code for setting up a specific service. Generally, these programmers write code in the C/C++ or Tcl/Tk languages, while the System Administrator writes the scripts, programming shell scripts or using languages designed exclusively for system jobs.

Our FTLinuxCourse includes a specific course for each one of these company roles.

In small companies these jobs are made for one or two persons. In personal Linux systems, the same person covers all these roles including the System Adminstrator.

From a hierarchical point of view, the System Administrator is the "root" user, the only user capable of executing all the system operations. The other users have different levels of priority (or security), depending on their role in the organization.

In this chapter we will show the most frequent jobs of a System Administrator, which we will explain in detail in the FTLinuxCourse System Administrator course.

System configuration and control

If we have to define the role of the System Administator in a few words, these words are system configuration and control.

The installation of the operating system is itself a configuration that copies the packages we have chosen from the hard disk, adds users, sets the network local IP, activates the standard daemons, printers and other services in the system.

The control of the system must guarantee that all the services are available at any moment, in other words that the network services are always ready, that access to Internet works at all times, that the data present in the system are available even after some system failure or external damage etc. In Linux, the System Administrator's work is easier than in other operating systems. Linux's performance, stability and completeness reduce the system administrator's work. Millions of Linux machines are used as web servers and are on 24 hours a day for years, without showing the slightest sign of weakness or unreliability.

For ensuring this continuity, the System Administrator must backup the system. The system backup can be made on another disk partition, on other local or network disks or on an external medium like a tape, a CD-ROM, a ZIP, a magnetic optical, MO, a DVD, a PD or other media.

In the following sections we will introduce some configuration files, while in the next section we will explain the role of the log files that let administrators monitor the system.

The directory "/etc"

RedHat includes in the directory "/etc" and its relative subdirectories all the files for configuring the machine.

This includes the files:

• "/etc/passwd" that lists all the users present in the system; their corresponding passwords are listed in the file "/etc/shadow".
• "/etc/printcap" lists the system printers
• "/etc/ftpusers" includes all the users who CANNOT use the ftp program. To allow the "root" user to use the FTP service, you have to remove the "root" entry from this file
• "/etc/inittab" that lists all the services to be activated, depending on the "init" level. Also, the default init level is included in this file
• "/etc/fstab" is the table that includes all the File Systems to be automatically mounted at boot time.
• "/etc/crontab" is the table that includes the scheduling that will be read by the daemon "cron"
• "/etc/rc.d" indicates that this directory includes other subdirectories where all the configuration script files that active all the services, depending on the default init level, are listed
• "/etc/securetty" indicates all the ttys where it's possible to work with the system. It's convenient to rename this file if we want access using telnet from any terminal
• "/etc/inetd.conf" This file lists all the network services available in the system. A comment, "#" at the start of a line means that the service will not be activated at the next boot
• "/etc/issue" and "/etc/issue.net" are the files that present the login message on the console or from a remote machine
• "/etc/services" and "/etc/protocols" include the services and protocols that can be activated on the machine
• "/etc/shells" includes all the system shells present on the machine
• "/etc/hosts" lists all the remote network hosts. It has no machine name
• "/etc/mtab" is the table that lists the mounted file systems
• "/etc/syslog.conf" is the configuration file for the syslogd daemon
• "/etc/sendmail.cf" is the configuration file for mail
• "/etc/lilo.conf" is the configuration file for LILO
• "/etc/profile" is the file that includes the environment variables for all users, such as PATH, umask ,and also others like LANG, which specifies the multilingual environment: Italian, German, Spanish, French or other
• "/etc/mail.rc" is the configuration file for mail and its alias
• "/etc/termcap" is the file that contains all the ESC sequences supported on the system
• "/etc/resolv.conf" is the file that includes the domain server, the DNS, either remote or local or on the network or Internet, that translates external names, for example, www.futuretg.com with its corresponding IP
• "/etc/HOSTNAME" is the system machine
• "/etc/rpc" lists all the RPC (Remote Procedure Call) services
• "/etc/host.conf", includes system configuration about the host.
• "/etc/mtools.conf" is the configuration file for mtool

The "/etc" directory contains subdirectories that include other configuration files. The most important directory is "/etc/sysconfig".

In this directory:

[root@heaven sysconfig]# ll
total 1520
drwxr-xr-x   4 root     root         1024 Oct  9 10:39 ./
drwxr-xr-x  37 root     root         3072 Oct 10 18:44 ../
-rwxr-xr-x   1 root     root           56 Apr  8  1999 amd*
-rw-r--r--   1 root     root           29 Apr 17 09:33 apmd
-rw-r--r--   1 root     root           19 Jun 23 20:14 clock
drwxr-xr-x   2 root     root         1024 Jun  9 19:09 console/
-rw-------   1 root     root       823296 Aug 16 11:29 core
-rw-r--r--   1 root     root            4 Sep 17 18:04 desktop
-rw-r--r--   1 root     root       705199 Aug 16 11:29 emacs
-rw-r--r--   1 root     root           68 Jun  9 19:09 i18n
-rw-r--r--   1 root     root          892 Feb 25  1999 init
-rw-r--r--   1 root     root           14 Jun 23 11:36 keyboard
-rw-r--r--   1 root     root           89 Jun  9 19:10 mouse
-rw-r--r--   1 root     root          124 Jun 24 16:53 network
drwxr-xr-x   2 root     root         1024 Sep 29 04:38 network-scripts/
-rw-r--r--   1 root     root           38 Jun  9 19:09 pcmcia
-rwxr-xr-x   1 root     root           20 Apr 19 22:38 sendmail*
-rw-r--r--   1 root     root          184 Sep  4 18:56 soundcard
-rw-r--r--   1 root     root           60 Jun 24 16:53 static-routes

are important configuration files, all the script daemons loaded at boot time are in this dir. The scripts relating to the network interface that activate the loop back "lo", the network card "eth0", are included in "/etc/sysconfig/network-scripts".

In fact, in the main directory we find the files :

• "keyboard" that informs us which is the file that includes the ESC sequences for our keyboard
• "clock" contains the mode in which time is managed: GMT or ZIC
• "ipx" lists all the IPX services: Frame, Network, Ethernet, 802.2 and others
• "network"  tells us if we belong to a network, the interface "ifconfig" supported; this file runs the network scripts at boot time from the directory "/etc/sysconfig/network-scripts"
• "pcmcia"  tells us if the PCMCIA interface is present on the system

Finally, in the directory "/etc/sysconfig/network-scripts" we have:

[root@heaven /etc]# cd sysconfig/network-scripts/
[root@heaven network-scripts]# l
./           ../          functions    ifcfg-eth0*  ifcfg-eth1*  ifcfg-lo     ifcfg-plip0  ifcfg-tr0*
ifdown-ppp*  ifdown-sl*   ifup-ppp*    ifup-sl*
[root@heaven network-scripts]#

In "/etc" we also have the directory "/etc/X11"  that contains the configuration files for the default X environment :

[root@heaven X11]# ll
total 8
drwxr-xr-x   2 root     root         1024 Dec  1 13:12 afterstep
drwxr-xr-x   2 root     root         1024 Dec  1 14:23 fs
drwxr-xr-x   2 root     root         1024 Dec  1 13:13 fvwm
drwxr-xr-x   2 root     root         1024 Dec  1 14:22 twm
drwxr-xr-x   2 root     root         1024 Dec  1 13:13 wmconfig
drwxr-xr-x   2 root     root         1024 Dec  1 14:22 xdm
drwxr-xr-x   2 root     root         1024 Dec  1 14:22 xinit
drwxr-xr-x   2 root     root         1024 Dec  1 14:22 xsm
[root@heaven X11]#

One of the most important directories here is the "xinit" directory:

[root@heaven xinit]# ll
total 6
-rw-r--r--   1 root     root         2867 Sep  2 04:38 .Xresources
-rwxr-xr-x   1 root     root         1856 Sep  2 04:34 kdeinitrc
-r--r--r--   1 root     root          666 Aug 31  1993 xinitrc
[root@heaven xinit]#

As we explained in Chapter 2, The X-Window Universe, the program "startx" is a script that runs the "xinit" program. The "xinit" program, like any other UNIX/LINUX program,has a default behavior or resource file.

This default file is the file "/etc/X11/xinit/xinitrc".

(This default file, in RedHat Linux 4.2, doesn't let you exit from the graphical environment if you choose the label "Exit" in the root menu of "twm". In the directory "FTContribs/Files/X_resources" we offer another file to resolve this problem).

In this directory we also have the file ".Xdefaults" which lists all the colors, fonts and resource files for the X window system.

The job of the System Administrator is to set up the environment and the default for all the system users. Therefore, when the System Administrator modifies these files, the changes will be reflected upon all the system users.

The System Administrator must also explain these files to the customers, so each user can have a customized X Windows environment. It's necessary to copy the file "xinitrc" to the main directory with the name ".xinitrc", so we can run the favorite windows manager with our favorite applications: Looking Glass, Netscape Communicator and others. The same is valid for the file ".Xresources".

To learn about the KDE, we can consult Appendix K.

In the same way, in the directory "/etc/X11/xdm" there are the files:

[root@heaven xdm]# ll
total 24
-rwxr-xr-x   1 root     root          390 Sep  4  1993 GiveConsole
-rwxr-xr-x   1 root     root          249 Sep  4  1993 TakeConsole
-r--r--r--   1 root     root         1976 Sep  4  1993 Xaccess
-r--r--r--   1 root     root         1047 Sep  4  1993 Xresources
-r--r--r--   1 root     root          382 Sep  4  1993 Xservers
-rwxr-xr-x   1 root     root          605 Sep  4  1993 Xsession
-rwxr-xr-x   1 root     root          150 Sep  4  1993 Xsetup_0
-rwxr-xr-x   1 root     root        13056 Sep  4  1993 chooser
-r--r--r--   1 root     root         1001 Sep  4  1993 xdm-config
[root@heaven xdm]#

As we explained in Chapter 2, xdm is the dialog that contains a graphical login. The colors, fonts and strings present in this directory can be personalized by modifying the file "Xdefaults".

Another important file is "Xservers" that contains the names of the machines that will run X. You have to configure this file when the system includes X-Terminals.

In the other subdirs of "/etc/X11" there are present the default files for other Window Managers included in RedHat. Some of these directories are also present as symbolic links to the directory "/usr/X11R6/lib/X11" :

[root@heaven X11]# pwd
/usr/X11R6/lib/X11
[root@heaven X11]# ll | grep "lr"
lrwxrwxrwx   1 root     root           11 Dec 1 13:12 afterstep -> wm1_modules
lrwxrwxrwx   1 root     root           23 Dec  1 14:22 config -> /usr/X11R6/share/config
lrwxrwxrwx   1 root     root           22 Dec  1 13:12 fs -> ../../../../etc/X11/fs
lrwxrwxrwx   1 root     root           11 Dec  1 13:13 fvwm -> wm1_modules
lrwxrwxrwx   1 root     root           24 Dec  1 14:23 ja_JP -> /usr/X11R6/lib/Wnn/ja_JP
lrwxrwxrwx   1 root     root           24 Dec  1 14:23 ko_KR -> /usr/X11R6/lib/Wnn/ko_KR
lrwxrwxrwx   1 root     root           23 Dec  1 13:13 twm -> ../../../../etc/X11/twm
lrwxrwxrwx   1 root     root           23 Dec  1 13:13 xdm -> ../../../../etc/X11/xdm
lrwxrwxrwx   1 root     root           25 Dec  1 13:12 xinit -> ../../../../etc/X11/xinit
lrwxrwxrwx   1 root     root           23 Dec  1 13:13 xsm -> ../../../../etc/X11/xsm
lrwxrwxrwx   1 root     root           24 Dec  1 14:23 zh_CN -> /usr/X11R6/lib/Wnn/zh_CN
lrwxrwxrwx   1 root     root           24 Dec  1 14:23 zh_TW -> /usr/X11R6/lib/Wnn/zh_TW
[root@heaven X11]#

In "/etc" there are also present other dirs :

[root@heaven /etc]# ll -Fl | grep '/'
drwxr-xr-x  10 root     root         1024 Dec  1 13:13 X11/
drwxr-xr-x   7 root     root         1024 Dec  1 13:10 cron.d/
drwxr-xr-x   3 root     root         1024 Dec  1 13:16 httpd/
drwxr-xr-x   2 root     root         1024 Dec  1 13:16 isdn/
lrwxrwxrwx   1 root     root           27 Dec  1 13:50 localtime -> ../usr/share/zoneinfo/GMT-1
drwxr-xr-x   2 root     root         1024 Dec  1 13:16 logrotate.d/
drwxr-xr-x   2 root     root         1024 Dec  2 14:24 makedev.d/
drwxr-xr-x   2 root     root         1024 Dec  1 13:15 mgetty+sendfax/
drwxr-xr-x   4 root     root         1024 Dec  1 13:09 modules/
drwxr-xr-x   3 root     root         1024 Dec  1 13:21 mta/
lrwxrwxrwx   1 root     root           15 Dec  1 13:21 nwdsmgr -> nwdsmgr.english/
drwxr-xr-x   2 root     root         4096 Dec  1 13:18 nwdsmgr.english/
drwxr-xr-x   2 root     root         1024 Dec  1 13:16 pam.d/
drwxr-xr-x   3 root     root         1024 Dec  1 13:11 pcmcia/
drwxr-xr-x   2 root     root         1024 Dec  1 14:18 ppp/
drwxr-xr-x  10 root     root         1024 Dec  1 13:52 rc.d/
drwxr-xr-x   3 root     root         1024 Dec  1 13:16 samba.d/
drwxr-xr-x   2 root     root         1024 Dec  1 13:12 security/
drwxr-xr-x   2 root     root         1024 Dec  1 13:21 sendmail/
drwxr-xr-x   4 root     root         1024 Dec  1 13:18 skel/
drwxr-xr-x   2 root     root         1024 Dec  1 13:16 slip/
drwxr-xr-x   4 root     root         1024 Dec  1 15:10 sysconfig/
drwxr-xr-x   2 root     root         1024 Dec  1 13:15 vga/
[root@heaven /etc]#

From the previous list, the directory "ppp" includes all the necessary files for authorizing Internet access, for modem connection on analog phone lines or digital ISDN lines.

As we can see from the list :

[root@heaven /etc]# cd ppp
[root@heaven ppp]# ll
total 7
-rw-------   1 root     daemon         78 Aug 19 10:27 chap-secrets
-rw-r--r--   1 root     root           90 Dec  1 13:59 connect-errors
-rw-r--r--   1 root     daemon        120 Aug  3 18:37 ioptions
-r--r--r--   1 root     root          315 Dec  1 13:59 ip-down
-r--r--r--   1 root     root          312 Dec  1 13:59 ip-up
-rw-r--r--   1 root     root            5 Dec  1 13:59 options
-r--r--r--   1 root     root          265 Dec  1 13:59 pap-secrets
[root@heaven ppp]#

this directory includes three (3) types of files:

• The file for authentication of "pap-secrets", if the connection is established via PAP or "chap-secrets" for the second type: CHAP
• The file with the options for analog connections: "options" and
• The file for the digital connection via ISDN (i): ioptions, ip-up, ip-down

The services in the directory "/etc/rc.d" were explained in Chapter 22: Boot and Shutdown, while the directory "/etc/makedev.d" was introduced in Chapter 20 about media.

Another important directory is "/etc/pam.d" :

[root@heaven pam.d]# pwd
/etc/pam.d
[root@heaven pam.d]# ll
total 13
-rw-r--r--   1 root     root          293 Aug 19 10:09 README
-rw-r--r--   1 root     root          242 Sep  2 04:41 chfn
-rw-r--r--   1 root     root          242 Sep  2 04:41 chsh
-rw-r--r--   1 root     root          314 Aug 19 09:55 ftp
-rw-r--r--   1 root     root          367 Sep  2 04:41 login
-rw-r--r--   1 root     root          327 Aug 19 10:09 other
-rw-r--r--   1 root     root          164 Aug 19 08:30 passwd
-rw-r--r--   1 root     root          278 Aug 19 08:34 rexec
-rw-r--r--   1 root     root          440 Aug 19 08:34 rlogin
-rw-r--r--   1 root     root          204 Aug 19 08:34 rsh
-rw-r--r--   1 root     root          386 Aug 19 13:48 samba
-rw-r--r--   1 root     root          342 Aug 19 11:41 su
-rw-r--r--   1 root     root          151 Aug 19 08:26 vlock
[root@heaven pam.d]#

This directory contains the configuration file for the authentication of several services available in the system.

For example, the file for login includes:

[root@heaven pam.d]# more login
#%PAM-1.0
#[For version 1.0 syntax, the above header is optional]
#
# The PAM configuration file for the `login' service
#
auth            required        pam_securetty.so
auth            required        pam_pwdb.so
#auth           required        pam_dialup.so
auth            optional        pam_mail.so
account         required        pam_pwdb.so
session         required        pam_pwdb.so
session         optional        pam_lastlog.so
password        required        pam_pwdb.so
[root@heaven pam.d]#

These shared libraries ".so" are present in the directory "/lib/security/"