Daily Management
A)User Administration
/etc/passwd
/etc/security/passwd
Attribute -characteristic of a user or a group that defines the type of function that a user of group can perform . These can be extraordinary privilegest, restrictions, processing environments assigned to a user
-Access rights
-environment
-Authentication
-Account access
Files
1)/etc/security/environ-Environment attributes for users
2)/etc/security/lastlog-Last login attributes for users
3)/etc/security/limits-Process resource limits for users
4)/etc/security/user-Extended attributes for users
5)/usr/lib/security/mkuser.default-Default attributes for new users.
6)/usr/lib/security/mkuser.sys-Customize new user accounts.
7)/etc/passwd-BAsic attributes of user
8)/etc/security/passwd-Password information
9)/etc/security/login.cfg-System default login parameters
10)/etc/utmp-Records of users logged into the system.
11)/var/adm/wtmp-Connect time accounting records.
12)/etc/security/failedlogin-Records all failed login attempts.
13)/etc/motd-Message to be displayed, every time a user logs in to the system.
14)/etc/environment-Basic environment settings for all users.
15)/etc/profile-Additional Environment settings for all users
16)$HOME/.profile-Environment settings for a specific user
17)/etc/group-Basic attribution of groups
18)/etc/security/group-Extended attributes of groups
+ /etc/passwd
Name:password:USERID:PrincipleGroup:GECOS:HOME:SHELL
*-incorrect passwd
!-Normal passwd is in /etc/security/passwd file
+/etc/utmp
-->who -a
+/etc/profile
First file that the os uses at login time contains -umask, mail ,tty
+$HOME/.profile-2nd file os uses at login time
-shells to open
-Envir variables
-Default editor
-Prompt appearence
B)User Administration tasks
1)Adding a new user account
-To create the smith account with smith as an administrator
-->mksuser -a smith
Create user account smith, with default values in /usr/lib/security/mkuser.default
-->mkuser smith
-->smitty mkuser
2)-->passwd
Change your passwd
-->smitty passwd
3)Do not use chuser if you have NIS
-To change the expiration date for the smith to 8a.m. 1 Dec. 1998
-->chuser -a expires=1201080098 smith(Month,Day,Hour,Min,Year)
To add smith to the group program
-->chuser groups=program smith
-smitty chuser
4)lsuser, smitty users
-->lsuser smith
displays all attributes of user smith in default format.
-Display all attributes of all users
-->lsuser ALL
5)Removing a user account,
-->smitty rmuser
-Remove smith
-->rmuser smith
-Remove smith ,all attributes ,passwd,authentication
--rmuser -p smith
6)-->who
-->whoami
-->who -r(runlevel)
-Display any active process that was spawned by init
-->who -p
7)/etc/nologin
if it exists the system accepts the user's name & password but prevents the user from logging
8)-->chsh
change user's login shell attribute.
9)/etc/security/limits-Specify the process resource limits for each user
default/prashant:
fsize=2097151
core=2097151 largest core file a user's process can create
cpu=-1 max number of seconds of system time that a user's process can use(-1 is turnoff restrictions)
data=262144
rss=65536<largest physical memory user's process can allocate
stack=65536
nofiles=2000 Max number of files a user's process can have open at one time
10)/etc/security/environ-Environment attributes for user.
mksuser creates a user stanza in this file .
Initialization of attributes depends upon their values in the /usr/lib/security/mkuser.default file.
chuser - to change attributes
lsuser- display attributes
rmuser-removes entire record for a user
ex.
-->pg /etc/security/environ
default:
root:
daemon:
bin:
sys:
adm:
uucp:
guest:
11)/usr/lib/security/mkuser/default
Contains the default attributes for new users.
This file have the default values of the attributes for the users created by mkuser command
-->pg /usr/lib/security/mkuser.default
user:
pgrp=staff
groups=staff
shell=/usr/bin/ksh
home=/home/$USER
admin:
pgrp = system
groups= system
shell = /usr/bin/ksh
home=/home/$USER
12)/etc/security/lastlog- Last login attributes for users.
username:
time_last_login=1134081482 (number of seconds since the last successful login)
tty_last_login=/dev/pts/6 Terminal on which the user last logged in.
(last logged host)host_last_login_count=0 The number of unsuccessful login attempts since the last successful login.
This attribute works with the user's login retries attribute,
specified in the /etc/security file , to lock the user's account after a specified number of consecutive unsuccessful login attempts.
-->chsec -f /etc/security/lastlog -s username -a login_count=0
13)/etc/security/user -extended attributes for user
mkuser creates a stanza in this file for each new user and initializes its attributes with the default attributes defined in the /usr/lib/security/mkuser.default file
Also this file contains many attributes that allow you to control how users must manage their passwords, such as histsize,histexpire,
maxage-Maximum age(in weeks)of a password
maxexpired,maxrepeats etc.
14)/usr/lib/security/mkuser.sys
shell script that customizes a new user account.
Creates homedir, primary group, profile, for user's shell.
15)/etc/passwd
Basic user attributes
Name:Password:UserID:PrincipleGroup:Gecos:HomeDirectory:Shell
16)/etc/security/passwd-Contains passwd information.
A user who has an invalid password (*) in the /etc/passwd file will have no entry in the /etc/security/passwd file
ex. root:
passwd=CHbXMXLTUO1
lastupdate=1134028556
flags=
17)/etc/security/login.cfg
System default login parameters,
configuration information for login and user authentication
default:
sak_enabled=false
logintimes=
logindisable=0
logininterval=0
loginreenable=0
logindelay=0
usw:
shells=/bin/sh, /bin/bsh, /bin/csh
maxlogins=32767
logintimeout=60
auth_type=STD_AUTH
18)/etc/utmp
Record of users logged into the system
-->who -a
Processes this file, if this file is missing or corrupted , no output is generated from the who command.
-->/var/adm/wtmp
conncect time accounting records
19)/etc/security/failedlogin-All failed login attempts
-To change the /dev/tty0 port to automatically lock if five unsuccessful login attempts occur within 60 seconds,
-->chsec -f /etc/security/login.cfg -s /dev/tty0
-a logindisable=5 -a logininterval=60
s-name of the stanza to modify
f-name of the stanza file to modify
-To unlock the /dev/tty
-->chsec -f /etc/security/portlog -s /dev/tty0 -a locktime=0
-To allow logins from 8.00 am, until 5.00 pm for all users
-->chsec -f /etc/security/user -s default -a logintimes=0800-1700
-PS1 Primary prompt
-->echo "$PS1"
-Change prompt
-->export PS1="root@'hostname'#"
*mkgroup
-Create a new group account called managers and set yourself as the administrator
-->mkgroup -A managers
-Create a new group account called managers & set the list of administrators to steve & mike
-->mkgroup adms=steve, mike managers
*chgroup -->smit chgroup(dont use if you have NIS)
-Changes attributes for group
-To add sam &carol to the finance group , which currently only has frank as a member
-->chgroup users=sam,carol,frank finance
-->chgroup users=u1,u2,u3, dbm
-To remove frank from finance group, but retain sam and carol ,and remove the administrators of the finance group
-->chgroup users=sam,carol adms=finance
*chgrpmem : Changes the administrators of members of a group
-To remove joey as an administrator of the friends group
-->chgrpmem -a -joey friends
-To add members rachel & phoeby to group friends
-->chgrpmem -m + rachel, pheby friends
-To list members and administrators of group friends
-->chgrpmem friends
acl examples
attributes :SUID
base permissions:
owner (frank):rw_
group (system):r_x
others:_ _ _
extended permissions:
enabled
permit rw_ u:dhs
deny r_ _ i:chas ,g:system(user chas has not any access until he is a memeber of group chas)
specify r_ _ ,:john, g:gateway, g:mail(untill john is a member of gateway and mail group he has the read access)
permit rw_ g:account, g:finance
-->aclget filename
-Change the shell to /usr/bin/ksh for user prashant
-->chsh prashant /usr/lib/ksh
-To enable user smith to access this system remotely
-->chuser rlogin = true smith
C)Common login errors
1)3004-004 : You attempted to logout, when processes are still running
2)3004-007: Invalid login name or password
3)3004-008:Failed credentials
4)3004-009:Damaged login shell
5)3004-030:Caps lock on
6)3004-302:Account has expired
7)3004-687:User does not exist
D)Monitoring & Managing processes
-)Display all processes
--> ps -e -f
-)Display processes owned by ross, joey, chandler
-->ps -f -l -ross, joey, chandler
-)Display info about all processes & kernel threads
-->ps -emo THREAD
-)list all 64 bit processes
--> ps -M
-)kill
-->kill PID
-->kill -kill 2098 1048
kill processes
-->kill -kill 0
To stop all of your processes and log yourself off
-)To stop all the processes you own
-->kill -9 -1
+ nice & renice
-nice ,runs another command at a different priority,
-renice, changes the priority of an already running process
-nice 0(highest) to 39(lowest)
-renice -20(highest) to 20 (lowest)
-->renice -n 5 p 98732
ProcessID- 987,32 should have lower scheduling priorities
-->renice -n -4 -9 324 25
324 & 25 have higher scheduling priorities
+ fuser
-To list the process numbers and user login names of processes using the /etc/filesystems
-->fuser -u /etc/filesystems
-To terminate all of the processes using a given filesystem
-->fuser -k -x -u -c /dev/hd1
or
-->fuser -kxuc /home
You might want to use this command if you are trying to unmount the /dev/hd1 filesystem and a process that is accessing the /dev/hd1 filesystem prevent this.
-)To list all processes that are using a file that has been deleted from a given filesystem
-->fuser -d /usr
what is still active in the filesystem
-)To return the processID, for all processes that have
open references within a specified filesystem
-->fuser -xc /tmp
fuser will show only user processes and not system of kernel process
-->find /home -type d -exec fuser -u {} \ ;
E)File and directory permissions and ownership
+Access Control lists
The major task in administering access control is to define the group memeberships of users, because these memeberships determine the users access rights to the files that they do not own.
With ACL permissions, you can permit or deny file access to specific individuals or groups without changing the base permissions
+Base Permissions
-owner group others
-r,w,x
+Attributes
setuid(SUID):IF owner set suid bit for the file then only it will give permission of execution to everybody, if owner doesn't have the suid(execution)permission, then nobody will able to execute it.
+suid only related to executed -x permission
+small 's' execute permission is there
+Big 'S' execute permission is not there
+suid set only to files
-->chmod ug+s filename
+setgid(SGID)
*Extended Permissions
ex. of ACL
attributes : SUID
base permission :
owner(frank):rw_
group(system):r_x
others:_ _ _
extended permissions: optional
enabled extended permissions enable
permit rw_ u:dhs
deny r_ _ u:chas, g:system
specify r_ _ u:john, g:gateway, g:mail
permit rw_ g:account, g:finance
-)To display the access control information for the status file
-->aclget status
*Setting Access Control Information(aclput)
-)To set the access control information for the status file with the access control information stored in the acldefs file
-->aclput -i acldefs status
2. To set the access control information for the status file with the same information used for the plans file
-->aclget plans | aclput status
*acledit
-)To edit acl info of plans file
-->acledit plans
*chmod
Modifies the mode bits and the extended access control lists (ACLs) of the specified files or directories.
+Permission for directories
r-list
w-create,delete
x-cd
-->chmod go -w+x mydir
-->chmod u=rwx, go=r_ _ filename
user has all permissions, group & others denied in all way.
-)To recursively descend diretories & change file & directory permissions given the tree structure
-->chmod -R 777 f*
*chown
changes the owner of the file
-) How to change the owner of the file program.c
-->chown prashant program.c
-)change the owner & group of all files in the directory /tmp/src to owner john & group build
-->chown -R john:build /tmp/src/
*chgrp
changes the group associated with the specified file or directory
-)Changes the group ownership of the file or directory
named test to production
-->chgrp production test
(copy group setting of productin on group test)
-)Change the group ownership of the directory named production, and of all the files and subdirectories under it to test
--> chgrp -R test production
copy the group settings of test onto group production
*Cron & crontab
--> crontab -l
lists the contents in /var/spool/cron/crontabs directory
-crontab 0, 15,30,45 8-17 * * 1-5 /home/script1
To execute a command called script1 every 15min between 8AM and 5PM , Monday through friday
-->crontab -e
To create and update the crontab file.
The crontab command invokes the editor.
-->crontab -v
To check the crontab submission time
-->crontab -r prashant
Removes the /var/spool/cron/crontabs/prashant file
+crontab files are kept in /var/spool/cron/crontabs/
Each cron user has a crontab file with their username
as the filename in this dir.
+crontab
minute, hour, day-of-month, month, day-of-week command
+If the cron.allow file exists, only uesrs whose login names appear in it can use the crontab command.
The root user name must appear in the cron.allow
file , if the file exists.
If only the cron.deny file exists, any user whose name does not appear in the file can use the crontab command
+A user cannot use the crontab command if one of the following is true
-cron.allow file and cron.deny file donot exists
-cron.allow file exists but the user's login name is not listed in it.
-cron.deny file exists & the user's login name is listed in it.
-->cat > /var/adm/cron/cron.allow
root
deploy
*-->crontab -e
edit
-->crontab -v
check crontab submission time
*Removing crontab file
Avoid running crontab -r when you are logged in as root. IT removes the /var/spool/cron/crontabs/root
file.
-->crontab -r
Do not run it as root
-->mail denise < letter1
send the file letter1 as a message to user denise
-->echo $PATH > path (output of command directed)
-->cat path
-->cat file1
line1
-->cat file2
line2
-->cat file2>>file1
-->cat file1
line1
line2
+-->cat >test
test
ctrl+D
-->cat test
TEst
-)chsec command changes the attributes stored in the security configuration stanza files ,
-)to Display current environmental variable
-->setsenv
-)To set the file size limit to 100KB
-->ulimit -f 100
sets or reportss user resource limits as defined in the /etc/security/limits
A)User Administration
/etc/passwd
/etc/security/passwd
Attribute -characteristic of a user or a group that defines the type of function that a user of group can perform . These can be extraordinary privilegest, restrictions, processing environments assigned to a user
-Access rights
-environment
-Authentication
-Account access
Files
1)/etc/security/environ-Environment attributes for users
2)/etc/security/lastlog-Last login attributes for users
3)/etc/security/limits-Process resource limits for users
4)/etc/security/user-Extended attributes for users
5)/usr/lib/security/mkuser.default-Default attributes for new users.
6)/usr/lib/security/mkuser.sys-Customize new user accounts.
7)/etc/passwd-BAsic attributes of user
8)/etc/security/passwd-Password information
9)/etc/security/login.cfg-System default login parameters
10)/etc/utmp-Records of users logged into the system.
11)/var/adm/wtmp-Connect time accounting records.
12)/etc/security/failedlogin-Records all failed login attempts.
13)/etc/motd-Message to be displayed, every time a user logs in to the system.
14)/etc/environment-Basic environment settings for all users.
15)/etc/profile-Additional Environment settings for all users
16)$HOME/.profile-Environment settings for a specific user
17)/etc/group-Basic attribution of groups
18)/etc/security/group-Extended attributes of groups
+ /etc/passwd
Name:password:USERID:PrincipleGroup:GECOS:HOME:SHELL
*-incorrect passwd
!-Normal passwd is in /etc/security/passwd file
+/etc/utmp
-->who -a
+/etc/profile
First file that the os uses at login time contains -umask, mail ,tty
+$HOME/.profile-2nd file os uses at login time
-shells to open
-Envir variables
-Default editor
-Prompt appearence
B)User Administration tasks
1)Adding a new user account
-To create the smith account with smith as an administrator
-->mksuser -a smith
Create user account smith, with default values in /usr/lib/security/mkuser.default
-->mkuser smith
-->smitty mkuser
2)-->passwd
Change your passwd
-->smitty passwd
3)Do not use chuser if you have NIS
-To change the expiration date for the smith to 8a.m. 1 Dec. 1998
-->chuser -a expires=1201080098 smith(Month,Day,Hour,Min,Year)
To add smith to the group program
-->chuser groups=program smith
-smitty chuser
4)lsuser, smitty users
-->lsuser smith
displays all attributes of user smith in default format.
-Display all attributes of all users
-->lsuser ALL
5)Removing a user account,
-->smitty rmuser
-Remove smith
-->rmuser smith
-Remove smith ,all attributes ,passwd,authentication
--rmuser -p smith
6)-->who
-->whoami
-->who -r(runlevel)
-Display any active process that was spawned by init
-->who -p
7)/etc/nologin
if it exists the system accepts the user's name & password but prevents the user from logging
8)-->chsh
change user's login shell attribute.
9)/etc/security/limits-Specify the process resource limits for each user
default/prashant:
fsize=2097151
core=2097151 largest core file a user's process can create
cpu=-1 max number of seconds of system time that a user's process can use(-1 is turnoff restrictions)
data=262144
rss=65536<largest physical memory user's process can allocate
stack=65536
nofiles=2000 Max number of files a user's process can have open at one time
10)/etc/security/environ-Environment attributes for user.
mksuser creates a user stanza in this file .
Initialization of attributes depends upon their values in the /usr/lib/security/mkuser.default file.
chuser - to change attributes
lsuser- display attributes
rmuser-removes entire record for a user
ex.
-->pg /etc/security/environ
default:
root:
daemon:
bin:
sys:
adm:
uucp:
guest:
11)/usr/lib/security/mkuser/default
Contains the default attributes for new users.
This file have the default values of the attributes for the users created by mkuser command
-->pg /usr/lib/security/mkuser.default
user:
pgrp=staff
groups=staff
shell=/usr/bin/ksh
home=/home/$USER
admin:
pgrp = system
groups= system
shell = /usr/bin/ksh
home=/home/$USER
12)/etc/security/lastlog- Last login attributes for users.
username:
time_last_login=1134081482 (number of seconds since the last successful login)
tty_last_login=/dev/pts/6 Terminal on which the user last logged in.
(last logged host)host_last_login_count=0 The number of unsuccessful login attempts since the last successful login.
This attribute works with the user's login retries attribute,
specified in the /etc/security file , to lock the user's account after a specified number of consecutive unsuccessful login attempts.
-->chsec -f /etc/security/lastlog -s username -a login_count=0
13)/etc/security/user -extended attributes for user
mkuser creates a stanza in this file for each new user and initializes its attributes with the default attributes defined in the /usr/lib/security/mkuser.default file
Also this file contains many attributes that allow you to control how users must manage their passwords, such as histsize,histexpire,
maxage-Maximum age(in weeks)of a password
maxexpired,maxrepeats etc.
14)/usr/lib/security/mkuser.sys
shell script that customizes a new user account.
Creates homedir, primary group, profile, for user's shell.
15)/etc/passwd
Basic user attributes
Name:Password:UserID:PrincipleGroup:Gecos:HomeDirectory:Shell
16)/etc/security/passwd-Contains passwd information.
A user who has an invalid password (*) in the /etc/passwd file will have no entry in the /etc/security/passwd file
ex. root:
passwd=CHbXMXLTUO1
lastupdate=1134028556
flags=
17)/etc/security/login.cfg
System default login parameters,
configuration information for login and user authentication
default:
sak_enabled=false
logintimes=
logindisable=0
logininterval=0
loginreenable=0
logindelay=0
usw:
shells=/bin/sh, /bin/bsh, /bin/csh
maxlogins=32767
logintimeout=60
auth_type=STD_AUTH
18)/etc/utmp
Record of users logged into the system
-->who -a
Processes this file, if this file is missing or corrupted , no output is generated from the who command.
-->/var/adm/wtmp
conncect time accounting records
19)/etc/security/failedlogin-All failed login attempts
-To change the /dev/tty0 port to automatically lock if five unsuccessful login attempts occur within 60 seconds,
-->chsec -f /etc/security/login.cfg -s /dev/tty0
-a logindisable=5 -a logininterval=60
s-name of the stanza to modify
f-name of the stanza file to modify
-To unlock the /dev/tty
-->chsec -f /etc/security/portlog -s /dev/tty0 -a locktime=0
-To allow logins from 8.00 am, until 5.00 pm for all users
-->chsec -f /etc/security/user -s default -a logintimes=0800-1700
-PS1 Primary prompt
-->echo "$PS1"
-Change prompt
-->export PS1="root@'hostname'#"
*mkgroup
-Create a new group account called managers and set yourself as the administrator
-->mkgroup -A managers
-Create a new group account called managers & set the list of administrators to steve & mike
-->mkgroup adms=steve, mike managers
*chgroup -->smit chgroup(dont use if you have NIS)
-Changes attributes for group
-To add sam &carol to the finance group , which currently only has frank as a member
-->chgroup users=sam,carol,frank finance
-->chgroup users=u1,u2,u3, dbm
-To remove frank from finance group, but retain sam and carol ,and remove the administrators of the finance group
-->chgroup users=sam,carol adms=finance
*chgrpmem : Changes the administrators of members of a group
-To remove joey as an administrator of the friends group
-->chgrpmem -a -joey friends
-To add members rachel & phoeby to group friends
-->chgrpmem -m + rachel, pheby friends
-To list members and administrators of group friends
-->chgrpmem friends
acl examples
attributes :SUID
base permissions:
owner (frank):rw_
group (system):r_x
others:_ _ _
extended permissions:
enabled
permit rw_ u:dhs
deny r_ _ i:chas ,g:system(user chas has not any access until he is a memeber of group chas)
specify r_ _ ,:john, g:gateway, g:mail(untill john is a member of gateway and mail group he has the read access)
permit rw_ g:account, g:finance
-->aclget filename
-Change the shell to /usr/bin/ksh for user prashant
-->chsh prashant /usr/lib/ksh
-To enable user smith to access this system remotely
-->chuser rlogin = true smith
C)Common login errors
1)3004-004 : You attempted to logout, when processes are still running
2)3004-007: Invalid login name or password
3)3004-008:Failed credentials
4)3004-009:Damaged login shell
5)3004-030:Caps lock on
6)3004-302:Account has expired
7)3004-687:User does not exist
D)Monitoring & Managing processes
-)Display all processes
--> ps -e -f
-)Display processes owned by ross, joey, chandler
-->ps -f -l -ross, joey, chandler
-)Display info about all processes & kernel threads
-->ps -emo THREAD
-)list all 64 bit processes
--> ps -M
-)kill
-->kill PID
-->kill -kill 2098 1048
kill processes
-->kill -kill 0
To stop all of your processes and log yourself off
-)To stop all the processes you own
-->kill -9 -1
+ nice & renice
-nice ,runs another command at a different priority,
-renice, changes the priority of an already running process
-nice 0(highest) to 39(lowest)
-renice -20(highest) to 20 (lowest)
-->renice -n 5 p 98732
ProcessID- 987,32 should have lower scheduling priorities
-->renice -n -4 -9 324 25
324 & 25 have higher scheduling priorities
+ fuser
-To list the process numbers and user login names of processes using the /etc/filesystems
-->fuser -u /etc/filesystems
-To terminate all of the processes using a given filesystem
-->fuser -k -x -u -c /dev/hd1
or
-->fuser -kxuc /home
You might want to use this command if you are trying to unmount the /dev/hd1 filesystem and a process that is accessing the /dev/hd1 filesystem prevent this.
-)To list all processes that are using a file that has been deleted from a given filesystem
-->fuser -d /usr
what is still active in the filesystem
-)To return the processID, for all processes that have
open references within a specified filesystem
-->fuser -xc /tmp
fuser will show only user processes and not system of kernel process
-->find /home -type d -exec fuser -u {} \ ;
E)File and directory permissions and ownership
+Access Control lists
The major task in administering access control is to define the group memeberships of users, because these memeberships determine the users access rights to the files that they do not own.
With ACL permissions, you can permit or deny file access to specific individuals or groups without changing the base permissions
+Base Permissions
-owner group others
-r,w,x
+Attributes
setuid(SUID):IF owner set suid bit for the file then only it will give permission of execution to everybody, if owner doesn't have the suid(execution)permission, then nobody will able to execute it.
+suid only related to executed -x permission
+small 's' execute permission is there
+Big 'S' execute permission is not there
+suid set only to files
-->chmod ug+s filename
+setgid(SGID)
*Extended Permissions
ex. of ACL
attributes : SUID
base permission :
owner(frank):rw_
group(system):r_x
others:_ _ _
extended permissions: optional
enabled extended permissions enable
permit rw_ u:dhs
deny r_ _ u:chas, g:system
specify r_ _ u:john, g:gateway, g:mail
permit rw_ g:account, g:finance
-)To display the access control information for the status file
-->aclget status
*Setting Access Control Information(aclput)
-)To set the access control information for the status file with the access control information stored in the acldefs file
-->aclput -i acldefs status
2. To set the access control information for the status file with the same information used for the plans file
-->aclget plans | aclput status
*acledit
-)To edit acl info of plans file
-->acledit plans
*chmod
Modifies the mode bits and the extended access control lists (ACLs) of the specified files or directories.
+Permission for directories
r-list
w-create,delete
x-cd
-->chmod go -w+x mydir
-->chmod u=rwx, go=r_ _ filename
user has all permissions, group & others denied in all way.
-)To recursively descend diretories & change file & directory permissions given the tree structure
-->chmod -R 777 f*
*chown
changes the owner of the file
-) How to change the owner of the file program.c
-->chown prashant program.c
-)change the owner & group of all files in the directory /tmp/src to owner john & group build
-->chown -R john:build /tmp/src/
*chgrp
changes the group associated with the specified file or directory
-)Changes the group ownership of the file or directory
named test to production
-->chgrp production test
(copy group setting of productin on group test)
-)Change the group ownership of the directory named production, and of all the files and subdirectories under it to test
--> chgrp -R test production
copy the group settings of test onto group production
*Cron & crontab
--> crontab -l
lists the contents in /var/spool/cron/crontabs directory
-crontab 0, 15,30,45 8-17 * * 1-5 /home/script1
To execute a command called script1 every 15min between 8AM and 5PM , Monday through friday
-->crontab -e
To create and update the crontab file.
The crontab command invokes the editor.
-->crontab -v
To check the crontab submission time
-->crontab -r prashant
Removes the /var/spool/cron/crontabs/prashant file
+crontab files are kept in /var/spool/cron/crontabs/
Each cron user has a crontab file with their username
as the filename in this dir.
+crontab
minute, hour, day-of-month, month, day-of-week command
+If the cron.allow file exists, only uesrs whose login names appear in it can use the crontab command.
The root user name must appear in the cron.allow
file , if the file exists.
If only the cron.deny file exists, any user whose name does not appear in the file can use the crontab command
+A user cannot use the crontab command if one of the following is true
-cron.allow file and cron.deny file donot exists
-cron.allow file exists but the user's login name is not listed in it.
-cron.deny file exists & the user's login name is listed in it.
-->cat > /var/adm/cron/cron.allow
root
deploy
*-->crontab -e
edit
-->crontab -v
check crontab submission time
*Removing crontab file
Avoid running crontab -r when you are logged in as root. IT removes the /var/spool/cron/crontabs/root
file.
-->crontab -r
Do not run it as root
-->mail denise < letter1
send the file letter1 as a message to user denise
-->echo $PATH > path (output of command directed)
-->cat path
-->cat file1
line1
-->cat file2
line2
-->cat file2>>file1
-->cat file1
line1
line2
+-->cat >test
test
ctrl+D
-->cat test
TEst
-)chsec command changes the attributes stored in the security configuration stanza files ,
-)to Display current environmental variable
-->setsenv
-)To set the file size limit to 100KB
-->ulimit -f 100
sets or reportss user resource limits as defined in the /etc/security/limits
No comments:
Post a Comment