Windows and Linux may be rivals in the marketplace, but in the data center they're more likely to coexist as complementary platforms. If you haven't yet encountered Linux in your career as a Windows administrator, you need to prepare for that eventuality by acquiring a basic understanding of Linux administration. This article jump-starts your Linux learning by explaining essential concepts of Linux user administration, file systems, networking, and software management. (To learn how to obtain more information about Linux commands, files, and programs, see the sidebar "Linux's Online Help," page 43, and the Learning Path box, page 45.) Although the topics I discuss pertain to all Linux distributions, the examples I provide are based on Red Hat Enterprise Server 3—RHES—and might not work for the Linux distribution that you use. Be sure to read your vendor documentation to obtain the correct commands and syntax for your Linux distribution.
Getting Started
Before we go further, let's get a few of the basics out of the way. Linux, like Windows, uses the concept of users and groups for authentication and authorization to resources. Each user must be a member of at least one group, and users can additionally be members of other groups. I discuss user and group administration in more detail later.
Like FAT and NTFS, the Linux file system is organized as a tree—meaning that the file system has a root directory and subdirectories under it. In Linux, the root directory is represented simply by a forward slash (/), whereas in Windows, the root directory is represented by a drive letter and a backslash (e.g., C:\); Linux uses the forward slash instead of the backslash as directory separator. Unlike Windows, Linux doesn't have separate drives; all directories and mounted file systems (e.g., D: in Windows) are found at or under the root directory in Linux. (I explain the concept of mounting a bit later.) Finally, you'll notice that the sample commands I provide begin with the hash character (#)—the Linux shell prompt, which is analogous to using "C:\" to begin a command example. Now let's delve into the specifics of real-world Linux administration.
User Administration
User administration in Linux is conceptually the same as Windows user administration. You define users and groups of users, configure their accounts, and specify their access rights. However, Linux provides administrative tools that are very different from those found on Windows systems. You use these tools to create, delete, and modify user accounts and user groups.
You define a user account by creating an entry in the /etc/passwd file; Table 1 shows the file's contents. By definition, any entry in the /etc/passwd file is a user account, even if it isn't active. As in Windows, software that you install under Linux might create additional user accounts. Each entry in /etc/passwd includes several fields, such as username, password, and home- directory. Here's a sample /etc/passwd entry:
dpuryear:x:500:500:Dustin Puryear:/home/dpuryear:/bin/bash
This entry specifies that the user, dpuryear, has a user ID of 500 and defaults to the group 500 (coincidentally, the same as the username), has the full name Dustin Puryear, is assigned to the home directory /home/dpuryear, and uses /bin/bash (Bourne Again Shell) as the logon shell. The user ID has the same function in Linux that the SID does in Windows. And in Windows, the command shell is cmd.exe; in Linux, the shell is typically /bin/bash.
You'll notice that the second field—the password field—contains an x. In our example, the Linux system uses shadow passwords (provided by the shadow-utils package, which is used on all modern Linux systems), which means that all passwords are actually in the file /etc/shadow. Linux uses the x merely as a placeholder; it doesn't represent a true password. (Actually, the true password isn't stored anywhere in the system. Instead, a hashed version of the password is stored, just as in Windows.)
To create a new user account, you run the adduser command (useradd on some systems) from the bash shell as the root user. Adduser creates a user entry and, if specified, a home directory in the /etc/passwd file. The syntax for adduser is
adduser username -option
where -option represents a command option, such as -u (user ID), -g (group), -d (home), or -s (shell). For example, to create a new account named jdoe for the employee John Doe, enter the command
# adduser jdoe
which creates the following entry in /etc/passwd:
jdoe:x:600:600::/home/jdoe:/bin/bash
You can specify options on the adduser command, for example:
# adduser jdoe -c "John Doe" -m
This command creates an entry in /etc/passwd for the user jdoe; the −c option sets the user's real name to "John Doe," and the -m option creates a home directory for jdoe. In Linux, you have to specify −m or the system won't create the home directory, and the home directory defaults to /home/username unless overridden with the −d option, which lets you specify a different location for the home directory. (On Windows systems, the home directory is created when the user first logs on.)
Unlike Windows, Linux doesn't prompt you for a password when you add a new user account. Instead, you must use a different command—/usr/bin/passwd—to specify an initial password for the user, like this:
# /usr/bin/passwd jdoe
After you enter the command, you'll see onscreen messages and prompts similar to these:
Changing password for user jdoe.
New password: password
Retype new password: password
passwd: all authentication tokens
updated successfully.
To delete an account, you use the userdel (user delete) command, like this:
# userdel jdoe
By default, userdel doesn't remove a user's home directory even when the user's account has been deleted. To remove a user's home directory, you must specify the -r (remove) option on the userdel command:
# userdel jdoe -r
As a Windows administrator, you're probably wondering how you manage users for an entire network when you have to manually add users on each Linux server. The solution is to use a UNIX or Linux network user-management system such as Network Information Service (NIS) or perhaps use Active Directory (AD) for authentication.
Using AD in Linux is typically accomplished by running either the open-source Samba software or Windows Services for UNIX (SFU). Samba provides the Winbind application, which essentially turns Linux into a domain member, complete with authentication and authorization against AD. SFU provides a NIS interface to an AD network.
As you've seen, I use command-line examples. Linux—and UNIX in general—can be completely administered from the command line. All Linux distributions also include GUI-based administration tools, but it's useful to be aware of the underlying command-line tools that the GUI applications rely on. For example, you might want to write a script that uses such commands to manage a large number of user accounts.
Previous
)
)
Register
Anonymous User October 29, 2004