User:Hess0060: Difference between revisions

From ITCwiki
Jump to navigation Jump to search
No edit summary
 
(24 intermediate revisions by the same user not shown)
Line 1: Line 1:
==Printer Administration==
==Printer Administration==
Common UNIX Printing System (CUPS) is a printing system used by Linux
:*'''Common UNIX Printing System''' (CUPS) is a printing system used by Linux computers.  
computers. Information that will be sent to a printer is called a print job.
:*Information that will be sent to a printer is called a print job.
The lp command is used to specify and print the print job. To check the status
:*The '''lp''' command is used to specify and print the print job.  
of a printer(s) the lpstat command is used. The cups daemon (cupsd) will
:*To check the status of a printer(s) the '''lpstat''' command is used.
assign all print jobs a unique print job ID and put them in the print queue.
:*The cups daemon (cupsd) will assign all print jobs a unique print job  
The print queue is a special temporary directory where the print jobs are
::ID and put them in the print queue.
stored before being sent to the printer. The path of the queue is usually
:*The print queue is a special temporary directory where the print jobs are
/var/spool/cups on most Linux systems. If the printer is accepting print jobs,
::stored before being sent to the printer.  
the cupsd will put the print job in to the queue. This is called spooling or
:*The path of the queue is usually '''/var/spool/cups''' on most Linux systems.  
queuing.
:*If the printer is accepting print jobs,the cupsd will put the print job in to the queue.
Adding the –t option shows all the printers and there statuses on the system.
:*This is called spooling or queuing.
kevin@kubuntu1:~$ lpstat -t
:*Adding the –t option shows all the printers and there statuses on the system.
scheduler is running
 
system default destination: Samsung-ML-2152W
::kevin@kubuntu1:~$ lpstat -t
device for Samsung-ML-2152W: smb:///192.168.0.195
::scheduler is running
Samsung-ML-2152W accepting requests since Tue 17 Jan 2012 11:25:40 PM CST
::system default destination: Samsung-ML-2152W
printer Samsung-ML-2152W is idle. enabled since Tue 17 Jan 2012 11:25:40 PM
::device for Samsung-ML-2152W: smb:///192.168.0.195
CST
::Samsung-ML-2152W accepting requests since Tue 17 Jan 2012 11:25:40 PM CST
kevin@kubuntu1:~$
::printer Samsung-ML-2152W is idle. enabled since Tue 17 Jan 2012 11:25:40 PM
To manipulate the status of a printer by using the cupsaccept, cupsreject,
::CST
cupsenable, or cupsdisable commands.
::kevin@kubuntu1:~$
kevin@kubuntu1:~$ cupsaccept Samsung-ML-2152W
:*To manipulate the status of a printer by using the cupsaccept, cupsreject,
kevin@kubuntu1:~$ cupsdisable Samsung-ML-2152W
::cupsenable, or cupsdisable commands.
kevin@kubuntu1:~$ lpstat -t
::kevin@kubuntu1:~$ cupsaccept Samsung-ML-2152W
scheduler is running
::kevin@kubuntu1:~$ cupsdisable Samsung-ML-2152W
system default destination: Samsung-ML-2152W
::kevin@kubuntu1:~$ lpstat -t
device for Samsung-ML-2152W: smb:///192.168.0.195
::scheduler is running
Samsung-ML-2152W accepting requests since Fri 23 Mar 2012 11:35:18 AM CDT
::system default destination: Samsung-ML-2152W
printer Samsung-ML-2152W disabled since Fri 23 Mar 2012 11:35:18 AM CDT -
::device for Samsung-ML-2152W: smb:///192.168.0.195
Paused
::Samsung-ML-2152W accepting requests since Fri 23 Mar 2012 11:35:18 AM CDT
kevin@kubuntu1:~$
::printer Samsung-ML-2152W disabled since Fri 23 Mar 2012 11:35:18 AM CDT -
The –r option is used to give a reason why the printer’s status is set as
::Paused
such.
::kevin@kubuntu1:~$
kevin@kubuntu1:~$ cupsdisable Samsung-ML-2152W -r "OMG the printer is on fire"
:*The –r option is used to give a reason why the printer’s status is set as
Samsung-ML-2152W
::such.
kevin@kubuntu1:~$ lpstat -t
::kevin@kubuntu1:~$ cupsdisable Samsung-ML-2152W -r "OMG the printer is on fire"
scheduler is running
::Samsung-ML-2152W
system default destination: Samsung-ML-2152W
::kevin@kubuntu1:~$ lpstat -t
device for Samsung-ML-2152W: smb:///192.168.0.195
::scheduler is running
Samsung-ML-2152W accepting requests since Fri 23 Mar 2012 11:35:18 AM CDT
::system default destination: Samsung-ML-2152W
printer Samsung-ML-2152W disabled since Fri 23 Mar 2012 11:35:18 AM CDT -
::device for Samsung-ML-2152W: smb:///192.168.0.195
OMG the printer is on fire
::Samsung-ML-2152W accepting requests since Fri 23 Mar 2012 11:35:18 AM CDT
kevin@kubuntu1:/$
::printer Samsung-ML-2152W disabled since Fri 23 Mar 2012 11:35:18 AM CDT -
Use the lp command to print.
::OMG the printer is on fire
kevin@kubuntu1:/$ lp -d Samsung-ML-2152W /home/kevin/Documents/reports
::kevin@kubuntu1:/$
request id is Samsung-ML-2152W-2 (1 file(s))
:*Use the lp command to print.
kevin@kubuntu1:/$
::kevin@kubuntu1:/$ lp -d Samsung-ML-2152W /home/kevin/Documents/reports
Other options can be added to the lp command as shown.
::request id is Samsung-ML-2152W-2 (1 file(s))
Option
::kevin@kubuntu1:/$
Description
:*Other options can be added to the lp command as shown.
−d printername
 
Specifies the name of the printer to send the print job to
       
−i print job ID Specifies a certain print job ID to modify
{| class="wikitable"
−n number Prints a certain number of copies, where number can be any number
|-
−m Mails you confirmation of print job completion
!Options
−o option Specifies certain printing options. Common printing
!Function
          options include the following:
|-
          cpi=number—Specifies the number of characters per inch,
|−i
          where number is the number of characters
|Print job ID Specifies a certain print job ID to modify
          landscape—Prints in landscape orientation
|-
          number-up=number—Prints the number of pages on a single
|−d
            page, where number is 1, 2, or 4
|printername, Specifies the name of the printer to send the print job to
          sides=string—Sets double-sided printing, where string is
|-
            either ”two-sided-short-edge” or ”two-sided-long-edge”
|−n
To print a list of all users logged in, pipe the who command to the lp
|Number Prints a certain number of copies, where number can be any number
command.
|-
kevin@kubuntu1:/$ who | lp -d Samsung-ML-2152W
|−m
request id is Samsung-ML-2152W-4 (0 file(s))
|Mails you confirmation of print job completion
kevin@kubuntu1:/$
|-
To remove all print jobs from a specific user, add the –u <username> before
| −o
the cancel command. To remove all print jobs use the –a as shown.
| option Specifies certain printing options. Common printing options include the following:
kevin@kubuntu1:/$ cancel -a
|-
kevin@kubuntu1:/$ lpstat
|}
kevin@kubuntu1:/$
 
The Line Printer Daemon (LPD) is an alternative to CUPS, that is used by older
:*cpi=number—Specifies the number of characters per inch, where number is the number of characters.
Linux systems. The LPD commands can be used in CUPS.
:*landscape—Prints in landscape orientation
LPR command =
:*number-up=number—Prints the number of pages on a single
print documents
:*page, where number is 1, 2, or 4
LPC command =
:*sides=string—Sets double-sided printing, where string is
view printer status
::either ”'''two-sided-short-edge'''” or ”'''two-sided-long-edge'''”
LPQ command =
 
see jobs in the queue
:*To print a list of all users logged in, pipe the who command to the '''lp''' command.
LPRM command =
:kevin@kubuntu1:/$ who | lp -d Samsung-ML-2152W
remove job form queue
:request id is Samsung-ML-2152W-4 (0 file(s))
You can find the cupsd configuration file in the /etc/cups/cupsd.conf
:kevin@kubuntu1:/$
directory. The /etc/cups/printers.conf contains settings about the specific
:*To remove all print jobs from a specific user, add the '''–u'' <username> before
printer.
::the cancel command. To remove all print jobs use the –a as shown.
The command system-config-printer will launch a GUI-based program; the Printer
::kevin@kubuntu1:/$ '''cancel -a'''
Configuration tool. This program lets you add printers with Plug and Play
::kevin@kubuntu1:/$ lpstat
(PnP) or specify the Uniform Resource Identifier (URI). Hewlett-Packard
::kevin@kubuntu1:/$
JetDirect, Internet Printing Protocol (IPP), Line Printer Daemon (LPD or
:*The Line Printer Daemon (LPD) is an alternative to CUPS, that is used by older
Windows (SAMBA) allows you to print to a printer across the network. From the
::Linux systems.  
Printer Configuration tool you are also able to give users and groups
:*The '''LPD''' commands can be used in CUPS.
permission to print to specific printers.
:*LPR command = print documents
You can use CUPS to administer and remotely administer printes through a web
:*LPC command = view printer status
browser. To open the CUPS web-based control panel, navigate to
:*LPQ command = see jobs in the queue
http://servername:631.
:*LPRM command =remove job form queue
:*You can find the cupsd configuration file in the /etc/cups/cupsd.conf directory.  
:*The /etc/cups/printers.conf contains settings about the specific printer.
:*The command system-config-printer will launch a GUI-based program; the Printer Configuration tool.  
:*This program lets you add printers with Plug and Play
::(PnP) or specify the Uniform Resource Identifier (URI). Hewlett-Packard  
::JetDirect, Internet Printing Protocol (IPP), Line Printer Daemon (LPD or
::Windows (SAMBA) allows you to print to a printer across the network. From the
::Printer Configuration tool you are also able to give users and groups
:*permission to print to specific printers.
:*You can use CUPS to administer and remotely administer printes through a web browser.  
:*To open the CUPS web-based control panel, navigate to http://servername:631.


==Log File Administration==
==Log File Administration==
Line 103: Line 114:
*Called  log files most Daemons record information and error messages to files stored on the file system.
*Called  log files most Daemons record information and error messages to files stored on the file system.
*Typically stored in the /var/log directory
*Typically stored in the /var/log directory
::*'''Example:'''
::*'''Example:''' /var/log/samba contains log files created by the samba file-sharing daemons
:::*/var/log/samba contains log files created by the samba file-sharing daemons


'''Common Linux log files found in /var/log'''
'''Common Linux log files found in /var/log'''
*boot.log
{| class="wikitable"
:::Contains basic information regarding daemon startup obtained during system initialization
|-
*cron
! logs
:::Contains information and error messages generated by the cron and at daemons
! description
*dmesg
|-
:::Contains detected hardware information obtained during system startup
| boot.log
*maillog
| Contains basic information regarding daemon startup obtained during system initialization
:::Contains information and error messages generated by the sendmail daemon
|-
*secure  
|cron
:::Contains information and error messages regarding network access generated by daemons such as sshd and xinetd
|Contains information and error messages generated by the cron and at daemons
*wtmp  
|-
:::Contains a history of all login sessions  
| dmesg
*rpmpkgs yum.log
| Contains detected hardware information obtained during system startup.
:::Contains a list of packages installed by the Red Hat Package Manager and related error messages
|-
*xferlog  
| maillog
:::Contains information and error messages generated by the FTP daemon
| Contains information and error messages generated by the sendmail daemon.
*Xorg.0.log XFree86
|-
:::Contains information and error messages generated by X Windows
| secure
*lastlog  
| Contains information and error messages regarding network access generated by daemons such as sshd and xinetd.
:::Contains a list of users and their last login time; must be viewed using the lastlog command
|-
*messages  
| wtmp
:::Contains detailed information regarding daemon startup obtained at system initialization as well as important system messages produced after system initialization
| Contains a history of all login sessions.
|-
| rpmpkgs yum.log
| Contains a list of packages installed by the Red Hat Package Manager and related error messages.
|-
| xferlog  
| Contains information and error messages generated by the FTP daemon.
|-
| Xorg.0.log XFree86
| Contains information and error messages generated by X Windows.
|-
| lastlog
| Contains a list of users and their last login time; must be viewed using the lastlog command.
|-
| messages  
| Contains detailed information regarding daemon startup obtained at system initialization as well as important system messages produced after system initialization
|}
 


===System Log Daemon===
===System Log Daemon===
Line 134: Line 161:
*When the daemon is started on the system  
*When the daemon is started on the system  
::*Creates a socket /dev/log
::*Creates a socket /dev/log
:::*This is for other system processes to write to
::*This is for other system processes to write to
:::*It then reads any information written to this socket and saves it to the appropriate log file according to /etc/rsyslog.conf
::*It then reads any information written to this socket and saves it to the appropriate log file according to :::/etc/rsyslog.conf
::*To view use cat /etc/rsyslog.conf
::*To view use cat /etc/rsyslog.conf


*Sample output showing the '''Facility,''' '''Priority''' and '''Location''' of the '''/etc/rsyslog.conf''' file
*Sample output showing the '''Facility,''' '''Priority''' and '''Location''' of the '''/etc/rsyslog.conf''' file
::*news.=crit /var/log/news/news.crit
:::news.=crit /var/log/news/news.crit
:::*Facility: "news."
:::Facility: "news."
::::*The area of the system to listen to and log
:::The area of the system to listen to and log
:::*Priority: "=crit"
::::Priority: "=crit"
::::*The importance of the information being logged
:::::The importance of the information being logged
:::*Location: /var/log/news/news.crit
::::Location: /var/log/news/news.crit
::::*The location and path of the log file
:::::The location and path of the log file




'''Examples of kernel log facilities with differing priorities'''
'''Examples of kernel log facilities with differing priorities'''
*kern.warning  /var/log/logfile
{| class="wikitable"
::*logs warning messages and those with more serious priorities to the '''/var/log/logfile'''
|-
*kern.=warning  /var/log/logfile
! kernel logs
::*logs just the warning messages to the '''/var/log/logfile'''
! function
*kern.* /var/log/logfile
|-
::*logs all error messages to the '''/var/log/logfile'''
| kern.warning  /var/log/logfile
*kern.*;kern. !=warn   /var/log/logfile
| logs warning messages and those with more serious priorities to the '''/var/log/logfile'''
|-
| kern.=warning  /var/log/logfile
| logs just the warning messages to the '''/var/log/logfile'''
|-
| kern.* /var/log/logfile
| logs all error messages to the '''/var/log/logfile'''
|-
| \*.=warn;kern.none   /var/log/logfile
| logs all warnings from all facilities except the kernel to the /var/log/logfile
|}
 
 
::*logs all but the warning priority messages to /var/log/logfile
::*logs all but the warning priority messages to /var/log/logfile
*\*.=warn;kern.none  /var/log/logfile
::*\*.=warn;kern.none  /var/log/logfile
::*logs all warnings from all facilities except the kernel to the /var/log/logfile
::*logs all warnings from all facilities except the kernel to the /var/log/logfile




'''Facilities used by the System Daemon Log'''
'''Facilities used by the System Daemon Log'''
*auth or security
 
::*Specifies messages from the login system, such as the login program, the getty program, and the su command
{| class="wikitable"
*authpriv
|-
::*Specifies messages from the login system when authenticating users across the network or to system databases
! Daemon Log
*cron
! description
::*Specifies messages from the cron and at daemons
|-
*daemon
| auth or security
::*Specifies messages from system daemons, such as the FTP daemon
| Specifies messages from the login system, such as the login program, the getty program, and the su command.
*kern
|-
::*Specifies messages from the Linux kernel
|authpriv
*lpr
| Specifies messages from the login system when authenticating users across the network or to system databases.
::*Specifies messages from the printing system (lpd)
|-
*mail
| cron
::*Specifies messages from the e-mail system (sendmail)
| Specifies messages from the cron and at daemons
*mark
|-
::*Specifies time stamps used by syslogd; used internally only
| daemon
*news
| Specifies messages from system daemons, such as the FTP daemon
::*Specifies messages from the Inter Network News daemon and other USENET daemons
|-
*syslog
| kern
::*Specifies messages from the syslog daemon
| Specifies messages from the Linux kernel.
*user
|-
::*Specifies messages from user processes
| lpr
*uucp
| Specifies messages from the printing system (lpd)
::*Specifies messages from the uucp (UNIX to UNIX copy) daemon
|-
*local0-7
| mail
::*Specifies local messages; these are not used by default but can be defined for custom use
| Specifies messages from the e-mail system (sendmail).
|-
| mark
| Specifies time stamps used by syslogd; used internally only.
|-
| news
| Specifies messages from the Inter Network News daemon and other USENET daemons.
|-
| syslog
| Specifies messages from the syslog daemon.
|-
| user
| Specifies messages from user processes.
|-
| uucp
| Specifies messages from the uucp (UNIX to UNIX copy) daemon.
|-
| local0-7
|Specifies local messages; these are not used by default but can be defined for custom use
|-
|}


'''Priorities used by the System Daemon Log (listed in ascending order)'''
'''Priorities used by the System Daemon Log (listed in ascending order)'''
*debug
::*Indicates all information from a certain facility
*info
::*Indicates normal information messages as a result of system operations
*notice
::*Indicates information that should be noted for future reference, yet does not indicate a problem
*warning or warn
::*Indicates messages that might be the result of an error but are not critical to system operations
*error or err
::*Indicates all other error messages not described by other priorities
*crit
::*Indicates system critical errors such as hard disk failure
*alert
::*Indicates an error that should be rectified immediately, such as a corrupt system database
*emerg or panic
::*Indicates very serious system conditions that would normally be broadcast to all users


The etc/rsyslog.conf file can also send logging information to another computer.
{| class="wikitable"
|-
! Daemon Log
! Description
|-
| debug
| Indicates all information from a certain facility.
|-
| info
| Indicates normal information messages as a result of system operations
|-
| notice
| Indicates information that should be noted for future reference, yet does not indicate a problem
|-
| warning or warn
| Indicates messages that might be the result of an error but are not critical to system operations.
|-
| error or err
| Indicates all other error messages not described by other priorities.
|-
| crit
| Indicates system critical errors such as hard disk failure.
|-
| alert
| Indicates an error that should be rectified immediately, such as a corrupt system database.
|-
| emerg or panic
| Indicates very serious system conditions that would normally be broadcast to all users
|-
|}
 
===The etc/rsyslog.conf file can also send logging information to another computer===
*Facility.priority @hostname:portnumber
*Facility.priority @hostname:portnumber
::*The remote computer
::*The remote computer
Line 214: Line 288:


*'''Commented'''
*'''Commented'''
::*# Provides UDP syslog reception
::# Provides UDP syslog reception
::*#$ModLoad imudp.so
::#$ModLoad imudp.so
::*#$UDPServerRun 514
::#$UDPServerRun 514
::*# Provides TCP syslog reception
::# Provides TCP syslog reception
::*#$ModLoad imtcp.so
::#$ModLoad imtcp.so
::*#$InputTCPServerRun 514
::#$InputTCPServerRun 514
*'''Un-Commented'''
*'''Un-Commented'''
::*# Provides UDP syslog reception
:::Provides UDP syslog reception
::*$ModLoad imudp.so
:::$ModLoad imudp.so
::*$UDPServerRun 514
:::$UDPServerRun 514
::*# Provides TCP syslog reception
:::Provides TCP syslog reception
::*$ModLoad imtcp.so
:::$ModLoad imtcp.so
::*$InputTCPServerRun 514
:::$InputTCPServerRun 514
:::*This allows the system to accept incoming requests from another System Log Daemon on TCP and UDP port 514 (the default System Log Daemon port)
:*This allows the system to accept incoming requests from another System Log Daemon on TCP and UDP port 514 (the ::default System Log Daemon port)
 
 
 


===Managing Log Files===
===Managing Log Files===
Line 263: Line 334:
:*Bash shell prompts for user accounts information this is called authentication.
:*Bash shell prompts for user accounts information this is called authentication.


:8User accounts and passwords are located in the /etc/password and /etc/shadow and are encrypted
:*User accounts and passwords are located in the '''/etc/password''' and '''/etc/shadow''' and are encrypted


:*/etc/password and a line that contains the encrypted password and
:*'''/etc/password''' and a line that contains the encrypted password and


:*/etc/shadow. expiration information in
:*'''/etc/shadow''' is where the expiration information is stored in.


:*You can use the dfdffpwunconv command to revert to using an /etc/passwd file only, This is not best
:*You can use the dfdffpwunconv command to revert to using an /etc/passwd file only, This is not best
Line 273: Line 344:


:*You can use the pwconv command to configure the system again using an /etc/shadow file for
:*You can use the pwconv command to configure the system again using an /etc/shadow file for
password storage.
::password storage.


:* This is the format used in /etc/password file “name:password:UID:GID:GECOS:home directory:shell”
:* This is the format used in /etc/password file “name:password:UID:GID:GECOS:home directory:shell”
Line 283: Line 354:
:*daemon:x:2:2:daemon:/sbin:/sbin/nologin
:*daemon:x:2:2:daemon:/sbin:/sbin/nologin


:*8UID & /etc/passwd
==UID & /etc/passwd==


:*The User Identifier (UID) specifies the unique User ID that is assigned to each user.
:*The User Identifier (UID) specifies the unique User ID that is assigned to each user.
Line 290: Line 361:


:*UIDs that are less than 500 refer to user accounts that are used by daemons when logging in to
:*UIDs that are less than 500 refer to user accounts that are used by daemons when logging in to
:the system.
::the system.


:*The root user is usually listed at the top of the /etc/passwd file
:*The root user is usually listed at the top of the /etc/passwd file
Line 297: Line 368:
::in the shadow file and are encrypted.
::in the shadow file and are encrypted.


:*password times are expressed in days.
:::password times are expressed in days.


:*You can change the password expiration time in the shadow file. In the shadow file min = time
:*You can change the password expiration time in the shadow file. In the shadow file '''min''' = time
::before user can change password again. max = time that user can use current password.
::before user can change password again. '''max''' = time that user can use current password.


:*warn= the number of days before a user is prompted to change their password
:*'''warn'''= the number of days before a user is prompted to change their password


:*by default min =0 max=99,999 days and warn= 7days
:*by default min =0 max=99,999 days and warn= 7days
Line 318: Line 389:
:*primary groups are listed in the password file.
:*primary groups are listed in the password file.


:*All groups and their members are listed in the /etc/group
:*All groups and their members are listed in the '''/etc/group'''


==Creating User Accounts==
==Creating User Accounts==
Line 324: Line 395:
:*useradd command is used to create commands
:*useradd command is used to create commands


:*Example: useradd bobg
:::Example: '''useradd bobg'''
:*There is two files that are used to create default account information.
:*There is two files that are used to create default account information.
:*(UID,shell and home directories)
:*(UID,shell and home directories)


::*The first is /etc/login.defs and sets default locations for email password
::*The first is '''/etc/login.defs''' and sets default locations for email password
:::expiration minimum password length and the rage of UID and GIDs for
:::expiration minimum password length and the rage of UID and GIDs for
:::the users.
:::the users.
::*The second is /etc/default/useradd file. It controls default primary
::*The second is '''/etc/default/useradd''' file. It controls default primary
:::groups, locations of home directories, number of days to disable
:::groups, locations of home directories, number of days to disable
:::accounts with expired passwords, date to disable user accounts, and the
:::accounts with expired passwords, date to disable user accounts, and the
Line 390: Line 461:


*To modify user accounts after creation you
*To modify user accounts after creation you
:may edit the /etc/passwd or shadow file, but
:may edit the ''''/etc/passwd'''' or '''shadow file''', but
:it is not best practice because it may cause
:it is not best practice because it may cause
:topographical errors.
:topographical errors.
*The recommended method of editing user
*The recommended method of editing user
:accounts is to use the usermod command.
:accounts is to use the '''usermod''' command.
:example: usermod -l barbg bobg will change
:example: '''usermod -l barbg bobg''' will change
:the the user name from bobg to barbg.
:the the user name from bobg to barbg.


Line 432: Line 503:
|}
|}


* User-mod command can not be used to change password expirations in the
:* '''User-mod''' command can not be used to change password expirations in the
shadow file.
::shadow file.
*To unlock an account you can usermod -U or passwd -u commands.
:*To unlock an account you can '''usermod -U''' or '''passwd -u''' commands.


==Deleting user accounts==
==Deleting user accounts==
:*You can remove user accounts by using the
::'''userdel''' command. This removes entries from the
::'''/etc/passwd''' and the '''/etc/shadow file.'''
:*If you use '''-r''' option it will remove the that user's
::home directory and its contents.
:*if a user is deleted the files are owned by the next
::users with the same UID. The new recipient will
::have a folder that has the name of the former owner.
==Managing Groups==
:*To you can add Groups by editing /etc group file with a text editor,
::or use the groupadd
:*If you use -r option it will remove the that user's
::home directory and its contents.
:*To use the groupadd command you need to use -g option with the GID number and the
::group name. Example : '''groupadd –g 492 group1''' command.
:*You can also add users to a group by using the '''usermod''' command with the -G option
::followed by the username. example: '''usermod –G group1 maryj'''
:*The '''groupmod''' command that can be used to modify the group name and GID, there is also
:*you can see a list of groups you or a user belongs to by using the groups command. To see
::what GID the Groups have use the '''id''' command.
:*you can use the newgrp command. to change primary groups and change file ownership.
:*groups can be managed using a GUI environment in the by navigating to System menu,
::select Administration, Users and Groups.
:*you can see a list of groups you or a user belongs to by using the groups command. To see
::what GID the Groups have use the '''id''' command.
:*you can use the '''newgrp''' command. to change primary groups and change file ownership.
:*groups can be managed using a GUI environment in the by navigating to System menu,
::select Administration, Users and Groups.

Latest revision as of 13:48, 26 March 2012

Printer Administration

  • Common UNIX Printing System (CUPS) is a printing system used by Linux computers.
  • Information that will be sent to a printer is called a print job.
  • The lp command is used to specify and print the print job.
  • To check the status of a printer(s) the lpstat command is used.
  • The cups daemon (cupsd) will assign all print jobs a unique print job
ID and put them in the print queue.
  • The print queue is a special temporary directory where the print jobs are
stored before being sent to the printer.
  • The path of the queue is usually /var/spool/cups on most Linux systems.
  • If the printer is accepting print jobs,the cupsd will put the print job in to the queue.
  • This is called spooling or queuing.
  • Adding the –t option shows all the printers and there statuses on the system.
kevin@kubuntu1:~$ lpstat -t
scheduler is running
system default destination: Samsung-ML-2152W
device for Samsung-ML-2152W: smb:///192.168.0.195
Samsung-ML-2152W accepting requests since Tue 17 Jan 2012 11:25:40 PM CST
printer Samsung-ML-2152W is idle. enabled since Tue 17 Jan 2012 11:25:40 PM
CST
kevin@kubuntu1:~$
  • To manipulate the status of a printer by using the cupsaccept, cupsreject,
cupsenable, or cupsdisable commands.
kevin@kubuntu1:~$ cupsaccept Samsung-ML-2152W
kevin@kubuntu1:~$ cupsdisable Samsung-ML-2152W
kevin@kubuntu1:~$ lpstat -t
scheduler is running
system default destination: Samsung-ML-2152W
device for Samsung-ML-2152W: smb:///192.168.0.195
Samsung-ML-2152W accepting requests since Fri 23 Mar 2012 11:35:18 AM CDT
printer Samsung-ML-2152W disabled since Fri 23 Mar 2012 11:35:18 AM CDT -
Paused
kevin@kubuntu1:~$
  • The –r option is used to give a reason why the printer’s status is set as
such.
kevin@kubuntu1:~$ cupsdisable Samsung-ML-2152W -r "OMG the printer is on fire"
Samsung-ML-2152W
kevin@kubuntu1:~$ lpstat -t
scheduler is running
system default destination: Samsung-ML-2152W
device for Samsung-ML-2152W: smb:///192.168.0.195
Samsung-ML-2152W accepting requests since Fri 23 Mar 2012 11:35:18 AM CDT
printer Samsung-ML-2152W disabled since Fri 23 Mar 2012 11:35:18 AM CDT -
OMG the printer is on fire
kevin@kubuntu1:/$
  • Use the lp command to print.
kevin@kubuntu1:/$ lp -d Samsung-ML-2152W /home/kevin/Documents/reports
request id is Samsung-ML-2152W-2 (1 file(s))
kevin@kubuntu1:/$
  • Other options can be added to the lp command as shown.


Options Function
−i Print job ID Specifies a certain print job ID to modify
−d printername, Specifies the name of the printer to send the print job to
−n Number Prints a certain number of copies, where number can be any number
−m Mails you confirmation of print job completion
−o option Specifies certain printing options. Common printing options include the following:
  • cpi=number—Specifies the number of characters per inch, where number is the number of characters.
  • landscape—Prints in landscape orientation
  • number-up=number—Prints the number of pages on a single
  • page, where number is 1, 2, or 4
  • sides=string—Sets double-sided printing, where string is
either ”two-sided-short-edge” or ”two-sided-long-edge
  • To print a list of all users logged in, pipe the who command to the lp command.
kevin@kubuntu1:/$ who | lp -d Samsung-ML-2152W
request id is Samsung-ML-2152W-4 (0 file(s))
kevin@kubuntu1:/$
  • To remove all print jobs from a specific user, add the '–u <username> before
the cancel command. To remove all print jobs use the –a as shown.
kevin@kubuntu1:/$ cancel -a
kevin@kubuntu1:/$ lpstat
kevin@kubuntu1:/$
  • The Line Printer Daemon (LPD) is an alternative to CUPS, that is used by older
Linux systems.
  • The LPD commands can be used in CUPS.
  • LPR command = print documents
  • LPC command = view printer status
  • LPQ command = see jobs in the queue
  • LPRM command =remove job form queue
  • You can find the cupsd configuration file in the /etc/cups/cupsd.conf directory.
  • The /etc/cups/printers.conf contains settings about the specific printer.
  • The command system-config-printer will launch a GUI-based program; the Printer Configuration tool.
  • This program lets you add printers with Plug and Play
(PnP) or specify the Uniform Resource Identifier (URI). Hewlett-Packard
JetDirect, Internet Printing Protocol (IPP), Line Printer Daemon (LPD or
Windows (SAMBA) allows you to print to a printer across the network. From the
Printer Configuration tool you are also able to give users and groups
  • permission to print to specific printers.
  • You can use CUPS to administer and remotely administer printes through a web browser.
  • To open the CUPS web-based control panel, navigate to http://servername:631.

Log File Administration

  • For identifying and troubleshooting problems on a Linux System
  • Called log files most Daemons record information and error messages to files stored on the file system.
  • Typically stored in the /var/log directory
  • Example: /var/log/samba contains log files created by the samba file-sharing daemons

Common Linux log files found in /var/log

logs description
boot.log Contains basic information regarding daemon startup obtained during system initialization
cron Contains information and error messages generated by the cron and at daemons
dmesg Contains detected hardware information obtained during system startup.
maillog Contains information and error messages generated by the sendmail daemon.
secure Contains information and error messages regarding network access generated by daemons such as sshd and xinetd.
wtmp Contains a history of all login sessions.
rpmpkgs yum.log Contains a list of packages installed by the Red Hat Package Manager and related error messages.
xferlog Contains information and error messages generated by the FTP daemon.
Xorg.0.log XFree86 Contains information and error messages generated by X Windows.
lastlog Contains a list of users and their last login time; must be viewed using the lastlog command.
messages Contains detailed information regarding daemon startup obtained at system initialization as well as important system messages produced after system initialization


System Log Daemon

  • logging of most events is handled centrally in Linux in the System Log Deamon
  • When the daemon is started on the system
  • Creates a socket /dev/log
  • This is for other system processes to write to
  • It then reads any information written to this socket and saves it to the appropriate log file according to :::/etc/rsyslog.conf
  • To view use cat /etc/rsyslog.conf
  • Sample output showing the Facility, Priority and Location of the /etc/rsyslog.conf file
news.=crit /var/log/news/news.crit
Facility: "news."
The area of the system to listen to and log
Priority: "=crit"
The importance of the information being logged
Location: /var/log/news/news.crit
The location and path of the log file


Examples of kernel log facilities with differing priorities

kernel logs function
kern.warning /var/log/logfile logs warning messages and those with more serious priorities to the /var/log/logfile
kern.=warning /var/log/logfile logs just the warning messages to the /var/log/logfile
kern.* /var/log/logfile logs all error messages to the /var/log/logfile
\*.=warn;kern.none /var/log/logfile logs all warnings from all facilities except the kernel to the /var/log/logfile


  • logs all but the warning priority messages to /var/log/logfile
  • \*.=warn;kern.none /var/log/logfile
  • logs all warnings from all facilities except the kernel to the /var/log/logfile


Facilities used by the System Daemon Log

Daemon Log description
auth or security Specifies messages from the login system, such as the login program, the getty program, and the su command.
authpriv Specifies messages from the login system when authenticating users across the network or to system databases.
cron Specifies messages from the cron and at daemons
daemon Specifies messages from system daemons, such as the FTP daemon
kern Specifies messages from the Linux kernel.
lpr Specifies messages from the printing system (lpd)
mail Specifies messages from the e-mail system (sendmail).
mark Specifies time stamps used by syslogd; used internally only.
news Specifies messages from the Inter Network News daemon and other USENET daemons.
syslog Specifies messages from the syslog daemon.
user Specifies messages from user processes.
uucp Specifies messages from the uucp (UNIX to UNIX copy) daemon.
local0-7 Specifies local messages; these are not used by default but can be defined for custom use

Priorities used by the System Daemon Log (listed in ascending order)

Daemon Log Description
debug Indicates all information from a certain facility.
info Indicates normal information messages as a result of system operations
notice Indicates information that should be noted for future reference, yet does not indicate a problem
warning or warn Indicates messages that might be the result of an error but are not critical to system operations.
error or err Indicates all other error messages not described by other priorities.
crit Indicates system critical errors such as hard disk failure.
alert Indicates an error that should be rectified immediately, such as a corrupt system database.
emerg or panic Indicates very serious system conditions that would normally be broadcast to all users

The etc/rsyslog.conf file can also send logging information to another computer

  • Facility.priority @hostname:portnumber
  • The remote computer
  • Must have modules that listen to TCP or UDP protocol uncommented in the /etc/rsyslog.conf
  • Commented
  1. Provides UDP syslog reception
  2. $ModLoad imudp.so
  3. $UDPServerRun 514
  4. Provides TCP syslog reception
  5. $ModLoad imtcp.so
  6. $InputTCPServerRun 514
  • Un-Commented
Provides UDP syslog reception
$ModLoad imudp.so
$UDPServerRun 514
Provides TCP syslog reception
$ModLoad imtcp.so
$InputTCPServerRun 514
  • This allows the system to accept incoming requests from another System Log Daemon on TCP and UDP port 514 (the ::default System Log Daemon port)

Managing Log Files

Log files can contain a lot of important system information so it's a good idea to clear the contents of the log files from time to time.

DO NOT remove the log files, the permissions and ownership will be removed as well!!!

We're just going to clear out the contents of the log file.

To do so the > redirect symbol can be used.

This function can be scheduled as well using the logrotate command to backup and clear logfiles stored in /etc/logrotate.conf file and files stored in /etc/logrotate.d directory

    • The log rotate command renames (rotates) log files on a cyclic basis
    • test.log becomes test.log.YYYYMMDD
    • A new test.log file is created to accept system log info.
  • Can be set to keep a certain number of log files
  • If configured to keep 2 log files, logrotate will only keep 2 copies. Then when it cycles logrotate will automatically remove the oldest copy.
  • Most rotation information within /etc/logrotate.conf is overridden from files stored in the /etc/logrotate.d directory.

On most Linux systems, the logrotate utility is automatically scheduled to run daily via the file /etc/cron.daily/logrotate, however it can be run manually by typing logrotate /etc/logrotate.conf at a command prompt

Over time the logrotate command generates several copies of each logfile /var/log to view this we type Ls /var/log

Administering Users and Groups

  • Bash shell prompts for user accounts information this is called authentication.
  • User accounts and passwords are located in the /etc/password and /etc/shadow and are encrypted
  • /etc/password and a line that contains the encrypted password and
  • /etc/shadow is where the expiration information is stored in.
  • You can use the dfdffpwunconv command to revert to using an /etc/passwd file only, This is not best
practice for security
  • You can use the pwconv command to configure the system again using an /etc/shadow file for
password storage.
  • This is the format used in /etc/password file “name:password:UID:GID:GECOS:home directory:shell”
  • examples: root:x:0:0:root:/root:/bin/bash
  • 8bin:x:1:1:bin:/bin:/sbin/nologin
  • daemon:x:2:2:daemon:/sbin:/sbin/nologin

UID & /etc/passwd

  • The User Identifier (UID) specifies the unique User ID that is assigned to each user.
  • The root user always has a UID of zero.
  • UIDs that are less than 500 refer to user accounts that are used by daemons when logging in to
the system.
  • The root user is usually listed at the top of the /etc/passwd file
  • In the /etc/passwd file passwords are replaced with the letter “X” password are actually stored
in the shadow file and are encrypted.
password times are expressed in days.
  • You can change the password expiration time in the shadow file. In the shadow file min = time
before user can change password again. max = time that user can use current password.
  • warn= the number of days before a user is prompted to change their password
  • by default min =0 max=99,999 days and warn= 7days

Groups

  • The Group Identifier (GID) is the primary Group ID for the
user.
  • primary group ID’s designate file/directory ownership
  • Each user can be a member of several groups, but only one
of those groups can be the primary group.
  • primary groups are listed in the password file.
  • All groups and their members are listed in the /etc/group

Creating User Accounts

  • useradd command is used to create commands
Example: useradd bobg
  • There is two files that are used to create default account information.
  • (UID,shell and home directories)
  • The first is /etc/login.defs and sets default locations for email password
expiration minimum password length and the rage of UID and GIDs for
the users.
  • The second is /etc/default/useradd file. It controls default primary
groups, locations of home directories, number of days to disable
accounts with expired passwords, date to disable user accounts, and the
skeleton directory.
  • A skeleton directory contains files that are copied to new users home
directories when a new user is created.

Creating User Accounts

Typical contents of the default/useradd file

useradd defaults file
GROUP=100
HOME=/home
INACTIVE=-1
EXPIRE=
SHELL=/bin/bash
SKEL=/etc/skel
CREATE_MAIL_SPOOL=yes
[root@server1 ~]# _
  • You can alter some of the user creation parameter using the options below.
Options Function
-e Specifies a date to disable the account from logging in.
-d Sets absolute pathname to the users directory.
-c Adds conscription entry to the GECOS of the /etc/passwd file.
-f Sets number of days until a users password is disabled.
-k Specifies the skeleton directory.
-G Specifies all other group memberships for the user account.
-m specifies that a home directory should be created for the user.
-g Specifies the primary group for the user account.
by default a group is created with the same name as the user and made the primary group for that user
-s sets path to the shell used for accounts.
-u sets the UID of a account.
  • To modify user accounts after creation you
may edit the '/etc/passwd' or shadow file, but
it is not best practice because it may cause
topographical errors.
  • The recommended method of editing user
accounts is to use the usermod command.
example: usermod -l barbg bobg will change
the the user name from bobg to barbg.

usermod

Options Function
-f sets the number of days until an expired password is disabled.
-c specifies a new description for the user in the GECOS field of /etc/passwd.
-d Specifies absolute pathname to a new home directory.
-g Specifies a new primary group for the user account.
-G specifies all other group memberships for the user accounts.
-l sets new login name.
-e Specifies exasperation date.
-s sets new absolute pathname to a new shell used for a user account.
-u sets new UID for user account.
  • User-mod command can not be used to change password expirations in the
shadow file.
  • To unlock an account you can usermod -U or passwd -u commands.

Deleting user accounts

  • You can remove user accounts by using the
userdel command. This removes entries from the
/etc/passwd and the /etc/shadow file.
  • If you use -r option it will remove the that user's
home directory and its contents.
  • if a user is deleted the files are owned by the next
users with the same UID. The new recipient will
have a folder that has the name of the former owner.

Managing Groups

  • To you can add Groups by editing /etc group file with a text editor,
or use the groupadd
  • If you use -r option it will remove the that user's
home directory and its contents.
  • To use the groupadd command you need to use -g option with the GID number and the
group name. Example : groupadd –g 492 group1 command.
  • You can also add users to a group by using the usermod command with the -G option
followed by the username. example: usermod –G group1 maryj
  • The groupmod command that can be used to modify the group name and GID, there is also
  • you can see a list of groups you or a user belongs to by using the groups command. To see
what GID the Groups have use the id command.
  • you can use the newgrp command. to change primary groups and change file ownership.
  • groups can be managed using a GUI environment in the by navigating to System menu,
select Administration, Users and Groups.
  • you can see a list of groups you or a user belongs to by using the groups command. To see
what GID the Groups have use the id command.
  • you can use the newgrp command. to change primary groups and change file ownership.
  • groups can be managed using a GUI environment in the by navigating to System menu,
select Administration, Users and Groups.