Updated: 2013-04-01 08:38 EDT
sudoers
grouproot
loginstar
archive backup and listing23h59 (11:59pm) Saturday March 30, 2013 (end of Week 11)
tar
archive section; added checking instructions)This assignment is based on your weekly Class Notes.
Remember to READ ALL THE WORDS to work effectively and not waste time.
This is an overview of how you are expected to complete this assignment. Read all the words before you start working.
Since we also do manual marking of student assignments, your final mark may not be the same as the mark submitted using the current version of the Checking Program. We do not guarantee that any version of the Checking Program will find all the errors in your work. Complete your assignments according to the specifications, not according to the incomplete set of the mistakes detected by the Checking Program.
When you are finished the tasks, leave the files and directories in place as part of your deliverables. Do not delete any assignment work until after the term is over! Assignments may be re-marked at any time; you must have your term work available right until term end.
The previous term’s course notes are always available on the Internet here: CST8207 GNU/Linux Operating Systems I.
All the current and previous terms notes files are also stored on the CLS. You can learn about how to read and search these notes files using the command line on the CLS under the heading Copies of the CST8207 course notes near the bottom of the page Course Linux Server. The current CST8177 term notes are searchable there, too!
All references to the “Source Directory” below are to the CLS directory ~idallen/cst8177/13w/assignment07/
and that name starts with a tilde character “~
” followed by a userid with no intervening slash. The leading tilde indicates to the shell that the pathname starts with the HOME directory of the account idallen
.
On the Course Linux Server, make the directory Assignments/assignment07
, in which some information will be stored related to this assignment.
Create the check
symbolic link needed to run the Checking Program, as described in the section Checking Program below.
passwd, useradd, userdel, groupadd, gpasswd, usermod, chown, chgrp, chmod, chsh
sudoers
groupWe will create a special
sudoers
group. Thesudo
command will be configured to permit any account in this group to become theroot
user and run any command with full privileges.
If necessary, login to your CentOS 5.8 VM as the root
user (the only user).
sudo
command, as follows:
man groupadd
manual page:
-r
system account option.sudoers
sudo
to use the new sudoers
group, as follows:
/etc/sudoers
(for example, /etc/sudoers.bak
)sudoers
file with the visudo
command.
vi
with this command.# %wheel ALL=(ALL) ALL
wheel
, create a new line (and a comment above it) that allows anyone in the sudoers
group to run all commands.#
at the front of the line from the previous step. The line must start with %
followed by the new group name (not wheel
)./etc/sudoers
file and quit the editor.Do a file difference between your backup file /etc/sudoers.bak
and the new /etc/sudoers
file. Make sure that the only changes you see are the ones you intended to make. If not, restore the file (or restore a previous snapshot) and make the changes again.
Do not add extensive customization to the
root
account on a system, since such customization may not suit allroot
users of the system and may break automated programs that need to become theroot
user.Leave the
root
account on your CentOS 5.8 VM alone.In this section you will create your own system administration account on your CentOS 5.8 VM. All work is done on your CentOS 5.8 VM.
References to man pages will be to CentOS man pages, not CLS man pages. Since CentOS Linux and Ubuntu Linux are different distributions, they sometimes have different documentation and programs.
If necessary, login to your CentOS 5.8 VM as the root
user (the only user).
Make sure you have configured the sudoers
group in the previous section.
man useradd
manual page:
useradd
command line.-c
option.-r
system account option and how it will require you to use the -m
option as well.-m
option.useradd
man page, add a new system account with the following settings:
/etc/passwd
on the CLS.
/etc/passwd
is called the GECOS field or user’s name or comment field.(CST8177-13W
40N)
” where Firstname and Lastname are your name and 40N must be your own three-digit lab section number (401 through 405)./ets/skel
.man passwd
.sudo
for the new account, as follows:
man gpasswd
manual page.sudoers
group.sudo
, as follows:
root
account.man sudo
, or search the course notes, for how to “gain root
privileges” when you are a sudoer.root
privileges using the sudo
command to start a root
privilege shell:
-i
option to set a correct root
PATH
that includes system administration paths such as /sbin
.$
to include the #
character that indicates root
privileges.root
’s) when prompted by the sudo
command?root
) user in the sudoers
group?/etc/sudoers
file that allows anyone in the sudoers
group to run all commands? (Check your work.)whoami
or id
to confirm that you are the root
user.ip route
. If you see “command not found”, you have not used the correct sudo
option to set the root
PATH
. Try again.
root
PATH
inclues system paths such as /sbin
root
shell privileges as your sysadmin (non-root
) user, because you are about to disallow root
logins./etc/sudoers.bak
if everything is working correctly.root
loginsMany systems increase security by making it impossible to become the
root
user directly using aroot
account password, forcing people to first login with their own account name and only then usesudo
to execute privileged commands.
root
shell privileges using the sudo
command, if necessary.
$
to include the #
character that indicates root
privileges.root
PATH
that includes /sbin
Type whoami
or id
to confirm that you are the root
user.
Lock the root
account password using the correct option of the passwd
command.
Exit your current shell to release root
privileges, so that you return to your system admin account and see a regular prompt (no #
character).
Verify that you cannot use su
to become root
any more using the locked root
account password.
Your CentOS virtual machine clock is not synchronized to the Internet time servers. This section configures network time.
NOTE1: Changing the time of a system running in full muti-user mode is dangerous. If system accounting is being used to charge users for computer time, changing the time can cost users real money. Where possible, only change the system time in single-user mode, when all non-system programs are stopped and nobody is logged in.
NOTE2: Pausing and resuming a virtual machine that is not running VMware tools may cause the VM clock to be wrong, and the time difference may be too large for the Network Time Package to correct using the default settings. You may have to set the clock manually.
root
shell privileges using the sudo
command, if necessary.
$
to include the #
character that indicates root
privileges.root
PATH
that includes /sbin
Type whoami
or id
to confirm that you are the root
user.
shutdown now
(without the -h
halting option!)date
command and note the second SYNOPSIS
syntax line used to set the current date/time.date
command to verify that your system time is close to the actual time (within a few seconds), and try again if needed.exit
at the single-user shell.root
privileges again.
root
PATH
that includes /sbin
Use yum
to install the ntp
package. (Refer to the lecture notes.)
chkconfig
to configure the ntpd
daemon to start in runlevels 2,3,4,and 5.
ntpd
daemon using the correct service command for this purpose.
ntpd
with thechkconfig
command.ntpd
service is running.
ntpd
messages at the end of /var/log/messages
Your new system admin account is missing the shell prompt, options, and aliases of your account on the CLS. Let’s bring some selected files from the CLS to your CentOS sysadmin account.
root
shell, if you are running as root
.Type whoami
or id
to confirm that you are not running as root
.
.bashrc
and .bash_profile
from your account on the CLS to the HOME directory of your account on your CentOS VM, as follows:
scp
command.scp
command name.\$
instead of just $
in the prompt! RTFM man bash
)Assignments
directory into the HOME directory of your sysadmin account on your CentOS VM, as follows:
rsync
command with the archive options that preserve all timestamps, ownership, permissions, hard links, etc.You will use the standard account management tools to create a few ordinary (non-admin) accounts, just as you did last term. You will force password expiry so that the users must change their passwords when they first log in.
root
shell privileges using the sudo
command, if necessary.
$
to include the #
character that indicates root
privileges.root
PATH
that includes /sbin
Type whoami
or id
to confirm that you are the root
user.
user001
, user002
, user003
User One
, User Two
, User Three
Set different, good initial passwords for the three users.
Set their HOME directory permissions to be full permissions for owner and no permissions for group or other.
In this section, you will be creating a text file suitable for input to the
newusers
command, then usingnewusers
to quickly create almost a hundred new accounts.
root
shell, if you are running as root
.Type whoami
or id
to confirm that you are not running as root
.
userlist.csv
from the Source Directory on the CLS to the Assignments/assignment07/
directory in your account on your CentOS machine.
userlist.csv
file was given to you from the Human Resources department by someone who created it with a spreadsheet.newusers
command, as follows:userlist.newusers
based on userilst.csv
, as follows:
Every line in the new file must be suitable for input to the newusers
command. Every line must have these seven colon-separated fields:
username:password:::Real Name:/home/username:/bin/bash
userlist.csv
into userlist.newusers
with the following small changes:
username
is the user’s username (unchanged)password
is a single new clear-text (unencrypted) password for all the new accounts, created as follows:
userlist.csv
password
.sed
command to read this file and change the word password
to the single unencrypted password that you made up, redirecting the output of that sed
command to the target file userlist.newusers
UID
field is blank (unchanged)GID
field is blank (unchanged)Real Name
is the user’s real name (unchanged)/home/username
is the user’s HOME directory (unchanged)/bin/bash
is the user’s shell (unchanged)userlist.csv
is not a user to be created and must not appear in the new userlist.newusers
output file.Verify that your output file is 97 lines (no header line) and the only field that has changed in each line is the new password
field.
Use sudo
to run the newusers
command to create all of these 97 new users.
This reviews the account management commands you learned above and in your previous term. Links to previous term notes and worksheets are given above under Review of CST8207 account management. None of the items below require you to text-edit any system files using a text editor. Actions can be performed using the correct account management commands. Most account management commands will require
root
permissions to run.
common
.
Create a directory called /home/common
owned by your sysadmin user, and group-owned by the new common
group.
Change the permissions on /home/common
so that your sysadmin user can read/write/search, members of the common
group can read/write/search, and it is not accessible in any way to other users.
user004
and user005
to the common
group.
user004
without using a password (using your sysadmin powers) and as that user, create a group-writeable file in the common
group called /home/common/README
containing the text This common directory is for members of the common group
.
user004
shell to revert back to your superuser-self.user005
, and ensure that as user005
you can edit the file /home/common/README
and change the text “for members
” to “for all members
”.
user005
shell to revert back to your superuser-self.user006
and ensure that as user006
you have no access to the /home/common/
directory.
user006
shell to revert back to your superuser-self.user005
to CommonUser 005
.
user006
and user007
.
user008
and user009
to /bin/sh
.
User 010
and User 011
without deleting their HOME directories.
User 012
and User 013
using the option that also deletes the HOME directory at the same time.
None of the items above require you to text-edit any system files using a text editor. Actions can be performed using the correct account management commands. Most account management commands will require
root
permissions to run.
tar
archive backup and listingAs your sysadmin account, in your CentOS Assignments
directory, create a compressed tar
archive of your assignment07
directory named assignment07_
YYYYMMDD.tgz
(no spaces), where YYYYMMDD is the date you created the archive backup.
Generate a verbose listing of your tar
archive file, showing the contents of the archive including all the owners and date/time stamps, into file tar_tvzf.txt
under your assignment07
directory.
Optional: Read the mouse-over text in this XKCD tar
-related comic.
The pathnames in the tar
file must not include any parent directories of the assignment07
directory you were asked to save.
When you are finished, run the Checking Program to create an overall mark. Submit the output to Blackboard in the correct location.
Since we also do manual marking of student assignments, your final mark may not be the same as the mark submitted using the current version of the Checking Program. We do not guarantee that any version of the Checking Program will find all the errors in your work. Complete your assignments according to the specifications, not according to the incomplete set of the mistakes detected by the Checking Program.
The checking program resides on the Course Linux Server, but your work is on your CentOS Virtual Machine. There is a new Fetch program that you must download and use on your CentOS machine to copy information from your CentOS Virtual Machine to your account on the CLS so that the checking program can check it on the CLS.
Once the Fetch program has fetched these files from your Virtual Machine to the CLS, you can run the checking program on the CLS to check what is saved in the files. When you make changes on your CentOS Virtual Machine, you need to run the Fetch program again to update the saved files on the CLS.
Simply running the checking program on the CLS will not update the saved files on the CLS. You must run the Fetch program when you make changes on your CentOS Virtual Machine.
Do all the following steps on your CentOS 5.8 VM. Read through the whole list before you start typing anything.
root
account (same userid as Blackboard).Assignments/assignment07
(exactly the same directory hierarchy as you already have on the CLS), unless you already have this directory.assignment07
directory.As shown below, use wget
to get a copy of the Fetch program from this URL into a file named do.sh
: http://teaching.idallen.com/cst8177/13w/notes/data/assignment07wget.sh
CentOS$ wget -O do.sh http://teaching.idallen.com/cst8177/13w/notes/data/assignment07wget.sh
Saving to: `do.sh'
Make sure you have a file named do.sh
in your directory. You only need to download this once.
root
user on CentOS.As shown below, use sh
to run the do.sh
script you just downloaded to CentOS with the USER
environment variable set to your own CLS account userid. (Do not use abcd0001.)
CentOS# USER=abcd0001 sh do.sh # use your *own* userid *not* abcd0001
This Fetch program will connect from CentOS to the CLS using your account name. It will copy files from CentOS to your assignment07
directory on the CLS. It will then run the checking program on the CLS to check your work. You will need to answer one question about your IP address, and then wait and type in your CLS password.
It will look something like this:
CentOS$ whoami
abcd0001
CentOS$ pwd
/home/abcd0001/Assignments/assignment07
CentOS$ wget -O do.sh http://teaching.idallen.com/cst8177/13w/notes/data/assignment07wget.sh
Saving to: `do.sh'
CentOS$ su
Password:
CentOS# USER=abcd0001 sh do.sh # use your *own* userid *not* abcd0001
---------------------------------------------------------------------------
abcd0001: FETCH version 1. Connecting to CLS as USER='abcd0001' using ssh
---------------------------------------------------------------------------
abcd0001: Use local Algonquin IP cst8177-alg.idallen.ca [y/N]? n
abcd0001: Please wait; using ssh to connect to user 'abcd0001' on cst8177.idallen.ca ...
*** COURSE LINUX SERVER ***
abcd0001@cst8177.idallen.ca's password: # enter your CLS password
---------------------------------------------------------------------------
idallen-ubuntu assignment07fetch_server.sh version 0 run by abcd0001.
Please wait; collecting info from abcd0001 Virtual Machine
---------------------------------------------------------------------------
VM files collected into Assignments/assignment07/abcd0001.tar.bz on CLS.
Now running check program for abcd0001 on CLS:
----------------------------------------------------------------------------
idallen-ubuntu check: Assignments/assignment07 check program version 00
*** Checking account for abcd0001 on idallen-ubuntu ***
[... checking program output appears here ...]
assignment07
on the CLS..bashrc
file or world-writable files on the CLS). These errors are on the CLS, not on your CentOS machine.When you are done with your assignment, you need to run the checking program one last time on the CLS and submit the output file, as follows:
Do all this on the Course Linux Server:
There is a Checking Program named assignment07check
in the Source Directory on the CLS. Create a Symbolic Link to this program named check
under your new assignment07
directory so that you can easily run the program to check your work and assign your work a mark. Note: You can create a symbolic link to this executable program but you do not have permission to read or copy the program file.
Execute the above “check” program on the CLS using its symbolic link. (Review the CST8207 Search Path notes if you forget how to run a program by pathname from the command line.) This program will check your work, assign you a mark, and display the output on your screen. (You may want to paginate the long output so you can read all of it.)
You may run the “check” program as many times as you wish, to correct mistakes and get the best mark. Some tasks sections require you to finish the whole section before running the checking program at the end; you may not always be able to run the checking program successfully after every single task step.
When you are done with checking this assignment, and you like what you see on your screen, redirect the output of the Checking Program into the text file assignment07.txt
under your assignment07
directory on the CLS. Use the exact name assignment07.txt
in your assignment07
directory. You only get one chance to get the name correct. Case (upper/lower case letters) matters. Be absolutely accurate, as if your marks depended on it. Do not edit the file.
Transfer the above assignment07.txt
file from the CLS to your local computer and verify its contents. Do not edit this file! No empty files, please! Edited or damaged files will not be marked. You may want to refer to this term’s updated File Transfer notes.
Submit the assignment07.txt
file under the correct Assignment area on Blackboard (with the exact name) before the due date. Upload the file via the assignment07 “Upload Assignment” facility in Blackboard: click on the underlined assignment07 link in Blackboard. Use “Attach File” and “Submit” to upload your plain text file.
No word-processor documents. Do not send email. Use only “Attach File”. Do not enter any text into the Submission or Comments boxes on Blackboard; I do not read them. Use only the “Attach File” section followed by the Submit button. (If you want to send me comments about your assignment, use email.)
Your instructor may also mark the assignment07
directory in your CLS account after the due date. Leave everything there on the CLS. Do not delete any assignment work from the CLS until after the term is over!
Use the exact file name given above. Upload only one single file of plain text, not HTML, not MSWord. No fonts, no word-processing. Plain text only.
Did I mention that the format is plain text (suitable for VIM/Nano/Pico/Gedit or Notepad)?
NO EMAIL, WORD PROCESSOR, PDF, RTF, or HTML DOCUMENTS ACCEPTED.
No marks are awarded for submitting under the wrong assignment number or for using the wrong file name. Use the exact name given above.
WARNING: Some inattentive students don’t read all these words. Don’t make that mistake! Be exact.
READ ALL THE WORDS. OH PLEASE, PLEASE, PLEASE READ ALL THE WORDS!
Author:
| Todd Kelley / Richard Donnelly and
| Ian! D. Allen - idallen@idallen.ca - Ottawa, Ontario, Canada
| Home Page: http://idallen.com/ Contact Improv: http://contactimprov.ca/
| College professor (Free/Libre GNU+Linux) at: http://teaching.idallen.com/
| Defend digital freedom: http://eff.org/ and have fun: http://fools.ca/
Plain Text - plain text version of this page in Pandoc Markdown format
Author Ian! D. Allen