6 Advanced User Administration CERTIFICATION OBJECTIVES 6.01 Setting Up and Managing Disk Quotas 6.02 Kernel Sources 6.03 Kernel Recompilation and Installation 6.04 The cron System 6.05 System-Wide Shell Configuration Files for Bourne and Bash Shells ✓ Two-Minute Drill Q&A Self Test CertPrs8 / RHCE Red Hat Certified Engineer Linux Study Guide / Jang / 222485-1 / Chapter 6 Blind Folio 6:295 D:\omh\CertPrs8\485-1\ch06.vp Wednesday, September 18, 2002 9:54:10 AM Color profile: Generic CMYK printer profile Composite Default screen 296 Chapter 6: Advanced User Administration CertPrs8 / RHCE Red Hat Certified Engineer Linux Study Guide / Jang / 222485-1 / Chapter 6 I n this chapter, you will learn how to create and implement policies for managing disk usage—by user or by group. Next, you will learn how to upgrade, configure, compile, and install your own custom kernels. You will learn about the advantages and disadvantages of monolithic and modular kernels. You have three different ways to customize and optimize your kernel configuration for size and functionality. You will also learn the recommended techniques for configuring and installing the kernel. Finally, you will learn how to set up the Linux startup shell configuration scripts so that users’ sessions are configured according to your (and their) requirements, and how to schedule the periodic execution of jobs. For the RHCE exam, the skills you learn in this chapter are important for the Installation and Network Services Exam. As described in the Red Hat Exam Prep guide, the configuration elements of this exam require that you know how to manage accounts and set up the user environment. Managing kernels, writing initialization scripts, and scheduling jobs are all key skills for any Linux administrator. CERTIFICATION OBJECTIVE 6.01 Setting Up and Managing Disk Quotas Quotas are used to limit a user’s or a group of users’ ability to consume disk space. This prevents a small group of users from monopolizing disk capacity and potentially interfering with other users or the entire system. Disk quotas are commonly used by ISPs, by Web hosting companies, on FTP sites, or on corporate file servers to ensure continued availability of their systems. Without quotas, one or more users can upload files on an FTP server to the point of filling a filesystem. Once the affected partition is full, other users are effectively denied upload access to the disk. This is also a reason to mount different filesystem directories on different partitions. For example, if you only had partitions for your root (/) directory and swap space, someone uploading to your computer could fill up all of the space in your root directory (/). Without some free space in root (/), your system could become unstable or even crash. You have two ways to set quotas for users. You can limit users by inodes or by kilobyte-sized disk blocks. Every Linux file requires an inode, so you can set limits by the number of files or by absolute space. D:\omh\CertPrs8\485-1\ch06.vp Wednesday, September 18, 2002 9:54:10 AM Color profile: Generic CMYK printer profile Composite Default screen Setting Up and Managing Disk Quotas 297 CertPrs8 / RHCE Red Hat Certified Engineer Linux Study Guide / Jang / 222485-1 / Chapter 6 Limits on disk blocks restrict the amount of disk space available to a user on your system. Older versions of Red Hat Linux included LinuxConf, which included a graphical tool to configure quotas. As of this writing, Red Hat Linux no longer has a graphical quota configuration tool. Today, the quota system may be configured only through the command line interface. Learn to focus on command line tools. Red Hat used to make LinuxConf available as a graphical tool for a number of system administration functions, including quotas. While Red Hat may create another GUI quota manager, don’t count on it. And GUI tools have been known to crash. On the job, as well as on the exam, command line tools are the only sure way to address just about any Linux configuration issue. Besides, command line tools are faster, and time is often of the essence on the RHCE exam. Kernel Configuration Resource consumption is managed by the kernel. Thus, before you can set up quotas, you should make sure this feature is active in your kernel. Fortunately, the standard Red Hat Linux kernel enables quota support by default. However, if you download a new kernel, you may not be so fortunate. This chapter includes instructions on installing kernel sources to enable features such as quotas. To verify quota support in any custom-built kernels you may have, issue the following command: # grep CONFIG_QUOTA /usr/src/linux-2.4/.config There are three possible results. If you see the following, quota support is enabled: CONFIG_QUOTA=y Alternatively, if you see the following, quota support is not enabled: CONFIG_QUOTA=n If you don’t see any output, then you haven’t installed the kernel source files. If you have a custom or upgraded kernel, use either the make menuconfig or make xconfig command to enable quota support. The quota support option is located in the filesystem section. Simply turn on quota support and rebuild and install your new kernel. (There will be more on building and installing kernels later in this chapter.) D:\omh\CertPrs8\485-1\ch06.vp Wednesday, September 18, 2002 9:54:10 AM Color profile: Generic CMYK printer profile Composite Default screen To complete the job, you will need to reboot to your new kernel and then install the quota RPMs. The Quota Package First, check to see if you have the quota RPM installed on your system. You can check with the following command: [root@notebook /]# rpm -q quota quota-3.07-3 You have several ways to get the quota RPM file and install it. The most direct would be to install this RPM directly from your Red Hat installation CD-ROM: mount /mnt/cdrom Load the quota RPM with the following command: rpm -Uvh /mnt/cdrom/RedHat/RPMS/quota-* This command allows rpm to update (or install if a previous version of the quota RPM is not present, -U), to install verbosely (-v), and to use a series of hashes (-h) to indicate the current progress while installing the software. The asterisk is especially useful if you’re installing the package from an FTP or HTTP server, since the version number may be different from what you expect. It can be time consuming to find the right Red Hat Installation CD. One tip used by many administrators is to install all RPMs from the Red Hat Installation CDs on a /RedHat/RPMs directory on a networked server. This can be the same directory that you use to install Red Hat Linux over a network, as discussed in Chapter 5. As the actual location of an RPM can change from version to version of Red Hat Linux, this book does not specify the CD that you need to use. The quota package includes the following commands: ■ /sbin/quotaon /fs Enables quotas for the /fs filesystem. ■ /sbin/quotaoff /fs Disables quota tracking. ■ /usr/sbin/edquota name Edits the quota settings for user name. Can also be used to set defaults, or to copy quota settings from one user to another. 298 Chapter 6: Advanced User Administration CertPrs8 / RHCE Red Hat Certified Engineer Linux Study Guide / Jang / 222485-1 / Chapter 6 D:\omh\CertPrs8\485-1\ch06.vp Wednesday, September 18, 2002 9:54:10 AM Color profile: Generic CMYK printer profile Composite Default screen Setting Up and Managing Disk Quotas 299 CertPrs8 / RHCE Red Hat Certified Engineer Linux Study Guide / Jang / 222485-1 / Chapter 6 ■ quota Allows users to see their current resource consumption and limits. ■ repquota Generates a report of disk consumption by all users for a quota- enabled filesystem. ■ quotacheck Scans a filesystem for quota usage. Initializes the quota databases. The next step is to ensure the quotas are turned on and checked when Linux boots on your system. sysinit Quota Handling The /etc/rc.d/rc.sysinit script as described in Chapter 4 is used to provide system initialization services for Linux during the boot process. Included in the script are commands to enable quota services. Specifically, this script runs both /sbin/quotacheck (to ensure that disk consumption usage records are accurate) and /sbin/quotaon (to enable quotas on all filesystems indicated in /etc/fstab). While you can run /sbin/quotaon and /sbn/quotaoff manually, there is usually little need. Red Hat’s /etc/rc.d/rc.sysinit ensures quotas are enabled during the boot process. When your computer shuts down, Red Hat runs the umount command on all filesystems. When each quota-enabled filesystem is unmounted, the kernel’s latest information on resource consumption by users, groups, files, and inodes for that filesystem is written back to the partition. Quota Activation in /etc/fstab The file /etc/fstab tells Linux which filesystems you wish to mount at boot time. The options column of this file is used to configure the way a directory is mounted. As Linux continues the boot process, these options are passed to the mount command. To get Linux to enable quotas when you boot, you need to add the appropriate entries to /etc/fstab for users, groups, or both. Whenever you edit a key configuration file such as /etc/fstab, it’s a good idea to back it up and save it to any boot or rescue disks that you may have. If your changes lead to a catastrophic failure, you can boot your system from a rescue disk and then restore the original configuration file. D:\omh\CertPrs8\485-1\ch06.vp Wednesday, September 18, 2002 9:54:11 AM Color profile: Generic CMYK printer profile Composite Default screen Here is a sample /etc/fstab before editing: Device Mount point Filesys Options dump Fsck LABEL=/ / ext3 defaults 1 1 /dev/cdrom /mnt/cdrom iso9660 noauto,owner,kudzu,ro 0 0 /dev/fd0 /mnt/floppy auto noauto,owner,kudzu 0 0 none /proc proc defaults 0 0 none /dev/pts devpts gid=5,mode=620 0 0 none /dev/shm tmpfs defaults 0 0 /dev/hda5 swap swap defaults 0 0 LABEL=/win /win vfat uid=500,gid=500,owner,rw 0 0 LABEL=/home /home ext3 defaults 0 0 In this configuration, we can enable quotas only on the root filesystem (LABEL=/) and the /home filesystem (/dev/hda6). To enable user quota tracking on a filesystem, add the keyword usrquota to the values listed in the options column. Similarly, you enable group quota tracking with the grpquota option. Use vi or your favorite text editor to update /etc/fstab. In our example, we will add both user and group quotas to the root filesystem: Device Mount point Filesys Options dump Fsck LABEL=/ / ext3 exec,dev,suid,rw,usrquota,grpquota 1 1 /dev/cdrom /mnt/cdrom iso9660 noauto,owner,kudzu,ro 0 0 /dev/fd0 /mnt/floppy auto noauto,owner,kudzu 0 0 none /proc proc defaults 0 0 none /dev/pts devpts gid=5,mode=620 0 0 none /dev/shm tmpfs defaults 0 0 /dev/hda5 swap swap defaults 0 0 /dev/hda1 /win vfat uid=500,gid=500,owner,rw 0 0 /dev/hda6 /home ext3 defaults 0 0 If you edit the /etc/fstab file by hand, you’ll need to ensure that the line you are editing does not wrap to the next line. If it does, the format for your /etc/fstab will be invalid and you may not be able to successfully boot Linux. You can test changes to /etc/fstab by remounting a filesystem. For example, if you’ve just added an usrquota entry to the /home directory filesystem, you can test it with the mount -o remount /home command. 300 Chapter 6: Advanced User Administration CertPrs8 / RHCE Red Hat Certified Engineer Linux Study Guide / Jang / 222485-1 / Chapter 6 D:\omh\CertPrs8\485-1\ch06.vp Wednesday, September 18, 2002 9:54:11 AM Color profile: Generic CMYK printer profile Composite Default screen Quota Management Commands You need quota files before you can activate actual quotas. First, you need to create the /aquota.user and /aquota.group files. To do it by hand, create the empty files in the root of the object partition and set the security so that only root has read and write permissions. For example: # touch /aquota.user /aquota.group # chmod 600 /aquota.user /aquota.group If the directory where you’re configuring quotas is different, revise these commands accordingly. If you’re more familiar with a Linux distribution with kernel 2.2.x, these files were quota.user and quota.group. Once you create these files, run /sbin/quotacheck -avugm. It automatically scans /etc/mtab, which is based on the mounted directories from /etc/fstab. The options for quotacheck are: ■ -a Scans all filesystems with quotas enabled by checking /etc/mtab. ■ -v Performs a verbose scan. ■ -u Scans for user quotas. ■ -g Scans for group quotas. ■ -m Remounts the scanned filesystem. This will check the current quota information for all users, groups, and partitions. It stores this information in the appropriate quota partitions. If you did not create these files by hand, they will be created now and should have the appropriate security already set, but you should double-check just to be safe: # ls -l /aquota.user /aquota.group No matter how you create the files, you need to run quotacheck to collect initial information on your users. This can be accomplished either by rebooting or by issuing quotacheck if you haven’t already. For example, to initialize your quota files on the root directory, use /sbin/quotacheck -m / Setting Up and Managing Disk Quotas 301 CertPrs8 / RHCE Red Hat Certified Engineer Linux Study Guide / Jang / 222485-1 / Chapter 6 D:\omh\CertPrs8\485-1\ch06.vp Wednesday, September 18, 2002 9:54:11 AM Color profile: Generic CMYK printer profile Composite Default screen Using edquota to Set Up Disk Quotas To specify disk quotas, you need to run edquota. This command will edit the aquota.user or aquota.group file with the vi editor. You can change the editor by specifying a different one with the $EDITOR (i.e., EDITOR=/path/to/new/editor; export EDITOR) variable. In our example, we will pretend we have a user named mj, and we want to restrict how much disk space he is allowed to use. We type the following command to edit his quota record: # /usr/sbin/edquota -u mj Unless you’ve changed the default editor, this launches vi and opens the quota information for user mj as shown in Figure 6-1. In this example, our soft and hard limits are set to 0 for both inodes and files. This is per the default and means we currently may consume as many inodes or as many disk blocks as we wish. We can see that this user is currently using 3224 blocks and has 425 files (inodes) on this partition. Each block takes up 1KB of space; thus user mj is using 3.2MB. We want to set a limit so that user mj does not take more than 20MB of space with his files. First, we need to elaborate on the meaning of soft and hard limits. ■ Soft limit This is the maximum amount of space a user can have on that partition. If you have set a grace period, then this will act as an alarm. The user will then be notified he is in quota violation. If you have set a grace period, you will also need to set a hard limit. A grace period is the number of days a user is allowed to be above the given quota. After the grace period is over, the user must get under the soft limit to continue. ■ Hard limit Hard limits are necessary only when you are using grace periods. If grace periods are enabled, this will be the absolute limit a person can use. Any attempt to consume resources beyond this limit will be denied. If you are not using grace periods, the soft limit is the maximum amount of available to each user. 302 Chapter 6: Advanced User Administration CertPrs8 / RHCE Red Hat Certified Engineer Linux Study Guide / Jang / 222485-1 / Chapter 6 FIGURE 6-1 Quota information D:\omh\CertPrs8\485-1\ch06.vp Wednesday, September 18, 2002 9:54:11 AM Color profile: Generic CMYK printer profile Composite Default screen Setting Up and Managing Disk Quotas 303 CertPrs8 / RHCE Red Hat Certified Engineer Linux Study Guide / Jang / 222485-1 / Chapter 6 In our example, we will set our user an 18MB soft limit and a 20MB hard limit. As shown in Figure 6-2, this is written as a number of 1KB blocks in the quota file. Note that we have not limited user mj’s use of inodes. He is still able to use as many inodes (thus as many files) as he likes. Now we must save this file. Assuming you’re still using the default vi editor, the wq command does this job nicely. We will also give user mj a seven-day grace period to get his stuff cleaned up. To set the grace period, we use the edquota command, but provide -t as an argument: # /usr/sbin/edquota -t Next, vi will load, and you will see something similar to what you see in Figure 6-3. Here, Linux has provided us with the default of seven days for both inodes and block usage. That is, a user may exceed his soft limit on either resource for up to seven days. After that, further requests to use inodes or disk blocks will be denied. Our user mj would have to delete files to get his total disk block consumption under 18MB before he could create new files or grow existing files. To activate the new grace period, just save the file. There is a quirk to quotas that you should be aware of. When you use edquota and specify the grace period, you cannot have a space between the number and the FIGURE 6-2 Quota information with soft and hard space limits FIGURE 6-3 Default quota grace period D:\omh\CertPrs8\485-1\ch06.vp Wednesday, September 18, 2002 9:54:11 AM Color profile: Generic CMYK printer profile Composite Default screen unit. That is, the entry “7 days” will not work, but “7days” will. If you get an error message similar to: Can't parse grace period time 7 you’ll know you forgot to remove the blank. The edquota command allows you to use an already configured user’s quota as a template for new users. To use this feature, you need to add the following switch and options: -p configured_user arguments: # /usr/sbin/edquota -up mj bob sue This command will not provide any output, but it will take the quota configuration settings of user mj and apply them to both bob and sue. You can list as many users as you want to edit or apply templates to. You can also set up quotas on a per-group basis. To do this, simply run edquota with the -g group_name argument. Here, group_name would need to be a valid group as specified in the /etc/group file. # /usr/sbin/edquota -g mj This opens the block and inode quota for group mj, as shown in Figure 6-4. Automating Quota Settings Methods are available to apply these quotas to all users. First, for quota maintenance, it’s useful to run the aforementioned quotacheck command on a regular basis. As you’ll see later in this chapter, that is easy to do through the cron system. A simple command in the right cron file like the following automatically runs the quotacheck command at 4:00 A.M. every Saturday: 0 4 * * 6 /sbin/quotacheck -avug 304 Chapter 6: Advanced User Administration CertPrs8 / RHCE Red Hat Certified Engineer Linux Study Guide / Jang / 222485-1 / Chapter 6 FIGURE 6-4 Group quota D:\omh\CertPrs8\485-1\ch06.vp Wednesday, September 18, 2002 9:54:11 AM Color profile: Generic CMYK printer profile Composite Default screen [...]... / Jang / 222485-1 / Chapter 6 Advanced User Administration Quotas on NFS Directories The Network File System (NFS) allows users to share files and directories on a network with Linux and Unix computers Users across the network mount a shared NFS directory from a specific computer Users are normally in a single database in an NFS setup Disk quotas can be applied to these users in virtually the same way... For example, if you create a local user called nfsuser, and you translate all remote requests to this user, then you need to set up quota restrictions for nfsuser on the mounted partition This will limit the disk consumption of all incoming NFS users See Chapter 7 for more about NFS EXERCISE 6-1 Configure Quotas In this exercise, we will set up user quotas for one user on your system These quotas will... quotas to all users on your system For example, the following command applies the quotas that you’ve already set on user mj to all other real users on the system: edquota -p mj `awk -F: '$3 > 499 {print $1}' /etc/passwd` Note that this command lists the first column ($1) of /etc/passwd, which is the user name And in keeping with the UIDs for regular Red Hat users, this is limited to users with UIDs... Jang / 222485-1 / Chapter 6 Kernel Sources 307 6 Make sure this command worked Look for the aquota .user file in the /home directory 7 Now you’re ready to set up quotas for a specific user If necessary, look up user names in /etc/passwd Use the /usr/sbin/edquota -u username command to edit the quotas for the user of your choice 8 Under the soft and hard columns, change the 0 to 80000 and 100000, respectively... see specific information on just one user, the following quota command can be used: # quota -uv mj Disk quotas for user mj(uid 500): Filesystem blocks quota limit /dev/sda3 4096 18000 20000 grace files 431 quota 0 limit 0 grace An individual user can check his or her own usage with the quota command, but only root can use the -u option to examine the quotas for other users FIGURE 6-5 Quota report D:\omh\CertPrs8\485-1\ch06.vp... Color profile: Generic CMYK printer profile CertPrs8 Composite Default screen 328 Chapter 6: / RHCE Red Hat Certified Engineer Linux Study Guide / Jang / 222485-1 / Chapter 6 Advanced User Administration ■ Socket Filtering allows user programs to attach to a socket and filter their specific socket This is based on the BSD-styled socket filtering but is much simpler ■ Unix Domain Sockets include the basic... 18, 2002 9:54:12 AM Color profile: Generic CMYK printer profile CertPrs8 Composite Default screen 310 Chapter 6: / RHCE Red Hat Certified Engineer Linux Study Guide / Jang / 222485-1 / Chapter 6 Advanced User Administration packages with the rpm -Uvh packagename command If the revision associated with your package and architecture are different, revise the package names accordingly The packages in Table... 18, 2002 9:54:12 AM Color profile: Generic CMYK printer profile CertPrs8 Composite Default screen 312 Chapter 6: / RHCE Red Hat Certified Engineer Linux Study Guide / Jang / 222485-1 / Chapter 6 Advanced User Administration In essence, you can customize the Linux kernel any way you want The best way to do it is to make it fit every detail of your hardware Best Practices You should compile your kernel... 18, 2002 9:54:12 AM Color profile: Generic CMYK printer profile CertPrs8 Composite Default screen 314 Chapter 6: / RHCE Red Hat Certified Engineer Linux Study Guide / Jang / 222485-1 / Chapter 6 Advanced User Administration The /proc Filesystem The /proc directory is based on a virtual filesystem; in other words, it does not include any files that are stored on the hard drive But it is a window into... 18, 2002 9:54:12 AM Color profile: Generic CMYK printer profile CertPrs8 Composite Default screen 316 Chapter 6: / RHCE Red Hat Certified Engineer Linux Study Guide / Jang / 222485-1 / Chapter 6 Advanced User Administration FIGURE 6-8 CPU information from /proc/cpuinfo FIGURE 6-9 I/O address information from /proc/ioports D:\omh\CertPrs8\485-1\ch06.vp Wednesday, September 18, 2002 9:54:13 AM Color profile: . settings for user name. Can also be used to set defaults, or to copy quota settings from one user to another. 298 Chapter 6: Advanced User Administration CertPrs8. the soft limit is the maximum amount of available to each user. 302 Chapter 6: Advanced User Administration CertPrs8 / RHCE Red Hat Certified Engineer