Summer 2009Root and Administrator Tasks: ProcessManagement+ UNIX “root” privileged accounts+ If a process has a userid of 0, many restrictionssuch as permission checks from processes are notenforced. These are generally called “root” processes;root processes can, tattoueba:CNT 4603Summer 2009Root and Administrator Tasks: ProcessManagement1. Mount and unmount file systems – however, that’s notquite true on Linux machines; the mount(8) program isnow being suid to root on some (many) distributions.CNT 4603Summer 2009Root and Administrator Tasks: ProcessManagementIf the keyword user is specified in a mount point definedin /etc/fstab, then newer versions of the mountprogram will allow a user to mount or unmount thatspecific filesystem. (This is becoming a very smoothprocess in many distributions, and plugging in/removinga USB drive is now usually pleasant experience. If youuse LVM to create a volume group on a USB drive, thenyou get a consistent logical name in /dev space.)CNT 4603Summer 2009Root and Administrator Tasks: ProcessManagement2. Root processes can set a process’s filesystem root to asubdirectory of a filesystem via chroot(2)3. Create device files (/dev, mknod)4. Set the system clock5. Can access any local fileCNT 4603Summer 2009Root and Administrator Tasks: ProcessManagement6. Change file ownership7. Raise resource limits (datasize, stacksize, coresize) – noother userid than 0 can do so; other userids can onlylower resources limits8. Lower nice values (raising priority)CNT 4603Summer 2009Root and Administrator Tasks: ProcessManagement9. Change system’s hostname10. Run halt, shutdown, telinit11. Manage print subsystemsCNT 4603Summer 2009Root and Administrator Limitations:Process Management12. Many other programs check to see if the current processis running under uid 0 (the code to check for this usuallylooks something like “if geteuid() == 0) ...”)CNT 4603Summer 2009Root and Administrator Limitations:Process Management+ What limitations and restrictions are there to such rootprocesses?1. UNIX suffers from “userid 0 has all powers”, so rootaccount (and its password(s)) is focus of securitybreakins.CNT 4603Summer 2009Root and Administrator Limitations:Process Management2. Usually root on another machine won’t (and shouldn’t!)trust you3. Should be careful that when acting as “root” that youknow your $PATH. Beware of file paths in $PATH,especially the current working directory (“.”, aka as“pwd” or “cwd”).CNT 4603Summer 2009How to become “root”?Generally, people use something along the way of sudo,su, or login.1. Ancient caveats: The login still enforces criteria aboutusing an “allowed” terminal (in /etc/ttytab (BSD),/etc/default/login (Solaris) or /etc/securetty(RedHat Linux).)CNT 4603Summer 2009How to become root? login, su, sudo2. Execute the su command+ “su” = Substitute UserCNT 4603Summer 2009How to become root? login, su, sudo+ “su” with minus flag (“su - fc5”) invokes a “login”session+ Good idea to “su - root”. The advantages of a “login”shell:ó Paths are those of root, not your current processesCNT 4603Summer 2009How to become root? login, su, sudoó Set up items such as “safe” aliases for dangerousprograms such asà rm → rm -ià cp → cp -ià mv → mv -iCNT 4603Summer 2009sudo: pseudo su, or how to set up safer su+ Ubuntu tries to make it de rigueur, others also+ Allows a class of users to execute a set of commandswith root privileges (flexible enough though to do more)CNT 4603Summer 2009sudo: pseudo su, or how to set up safer su+ Logs the use of the “sudo” command (but does not logthe commands executed by the shells that are startedby sudo !)+ Does raise some vulnerabilities (yet-another setuidprogram)CNT 4603Summer 2009sudo: pseudo su, or how to set up safer su# sudoers file.## See the sudoers man page for the details on how to write a sudoers file.## Host alias specification# User alias specificationCNT 4603Summer 2009sudo: pseudo su, or how to set up safer su# Cmnd alias specification# Defaults specification# User privilege specificationroot ALL=(ALL) ALL# Uncomment to allow people in group wheel to run all commands# %wheel ALL=(ALL) ALLCNT 4603Summer 2009sudo: pseudo su, or how to set up safer su# Same thing without a password# %wheel ALL=(ALL) NOPASSWD: ALL# Samples# %users ALL=/sbin/mount /cdrom,/sbin/umount /cdrom# %users localhost=/sbin/shutdown -h nowuser1 monet=/usr/local/bin/suroot, /bin/suCNT 4603Summer 2009System Load Average“load average” == average size of ready queue oversample period+ Shows the 1, 5, and 15 minute load averages+ Can see with w, uptime, or topCNT 4603Summer 2009System Load Average+ What’s a reasonable load average? → depends on themachine and the type of jobs running+ I am using a quad-core machine to write these notes;it also has two processes crunching numbers and aload average over 2, but it’s not loaded and is veryresponsive.CNT 4603Summer 2009Idle Time+ Percentage of time the system is idle+ Can see with “iostat -c 1”, “top”, or “vmstat 1”+ What do you want this number to be? (again, itdepends on machine’s raison d’etre)CNT 4603Summer 2009Idle Timeiostat -c 1Linux 2.6.27.24-170.2.68.fc10.x86_64 (localhost.localdomain) 06/11/2009avg-cpu: %user %nice %system %iowait %steal %idle57.04 0.20 0.97 0.07 0.00 41.73avg-cpu: %user %nice %system %iowait %steal %idle50.50 0.00 0.00 0.99 0.00 48.51avg-cpu: %user %nice %system %iowait %steal %idle51.36 0.00 0.25 0.00 0.00 48.39CNT 4603Summer 2009Process Monitoring: ps+ ps comes from process status; LAH has comprehensiveinformation+ Shows a window into process table via the filesystem –remember, ps these days generally is just walk throughthe /proc pseudo-filesystemCNT 4603Summer 2009Process Monitoring: ps+ Rich command options set; unfortunately, there aredifferent options depending on whether the OS is BSDor System V based.+ The BSD “ps” has these columns (which is generallytrue for the other “ps” variations):1. Process state. First letter indicates the runnability ofthe process:CNT 4603Summer 2009Process Monitoring: psó R - Runnable processes.ó T - Stopped processes.ó P - Processes in page wait.ó D - Processes in non-interruptable waits;ó S - Processes sleeping less than about 20 seconds.CNT 4603Summer 2009Process Monitoring: psó I - Processes sleeping more than 20 secondsó Z - zombie (process with NO resources other than aproc slot)2. Swapped? Second letter