Spring 2009Root and Administrator Tasks: ProcessManagement+ UNIX “root” privileged accounts (Chapter 3 in USAH)+ If a process has a userid of 0, many restrictionssuch as permission checks from processes are notenforced. These are generally called “root” processes;root proc ess es can, tattoueba:CNT 4603Spring 2009Root and Administrator Tasks: ProcessManagement1. Mount and unmount file systems – however, that’s notquite true on Linux machines; the mount(8) program isnow being suid to root on some (many) distributions,and if the keyword user is s pec ified in a mount pointdefined in /etc/fstab, then newer versions of themount program will allow a user to mount or unmountthat specific filesystem. (This is becoming quite slickCNT 4603Spring 2009in many distributions, and plugging in/removing a USBdrive is now a reasonably pleasant experience.)2. Root processes can set a process’s filesystem root to asubdirectory of a filesystem via chroot(2)CNT 4603Spring 2009Root and Administrator Tasks: ProcessManagement3. Create device files (/dev, mknod)4. Set the system clock5. Can access any local fileCNT 4603Spring 2009Root and Administrator Tasks: ProcessManagement6. Change file ownership7. Raise resource limits (datasize, stacksize, coresize) – noother userid than 0 can do so; other userids can onlylower res ources limits8. Lowe r nice values (raising priority)CNT 4603Spring 2009Root and Administrator Tasks: ProcessManagement9. Change system’s hostname10. Run halt, shutdown, telinit11. Manage print subsystemsCNT 4603Spring 2009Root and Administrator Limitations:Process Management12. Many other programs check to see if the current processis running under uid 0 (the code to check for this usuallylooks something like “if geteuid() == 0) ...”)CNT 4603Spring 2009Root and Administrator Limitations:Process Management+ What limitations and restrictions are there to such rootprocesses?1. UNIX suffers from “userid 0 has all powers”, so rootaccount (and its password(s)) is focus of securitybreakins.CNT 4603Spring 2009Root and Administrator Limitations:Process Management2. Usually root on another machine won’t (and shouldn’t!)trust you3. Should be careful that when acting as “root” that youknow your $PATH. Beware of file paths in $PATH,especially the current working directory (“.”, aka as“pwd” or “cwd”).CNT 4603Spring 2009How to become “root”?Generally, people use something along the way of sudo,su, or login.1. Ancient caveats: The login still enforces c riteria aboutusing an “allowed” terminal (in /etc/ttytab (BSD),/etc/default/login (Solaris) or /etc/securetty(RedHat Linux).) Chapter 7 in USAH containsmore oldish information about hard-wired terminals andttytab/gettytab/securetty.CNT 4603Spring 2009How to become root? login, su, sudo2. Execute the su com mand+ “su” = Substitute UserCNT 4603Spring 2009How to become root? login, su, sudo+ “su” with minus flag (“su - fc5”) invokes a “login”session+ Good idea to “su - root”. The advantages of a “login”shell:ó Paths are those of root, not your current processesCNT 4603Spring 2009How to become root? login, su, sudoó Set up items such as “safe” aliases for dangerousprograms such asà rm → rm -ià cp → cp -ià mv → mv -iCNT 4603Spring 2009sudo: pseudo su, or how to set up safer su+ Ubuntu tries to make it de rigueur, others also+ Allows a class of users to execute a set of comm andswith root privileges (fle xible enough though to do more)+ Logs the use of the “sudo” command (but does not logthe c omm ands executed by the shells that are s tartedby sudo !)CNT 4603Spring 2009+ Does raise some vulnerabilities (ye t-another setuidprogram)CNT 4603Spring 2009sudo: pseudo su, or how to set up safer su# sudoers file.## This file MUST be edited with the ’visudo’ command as root.## See the sudoers man page for the details on how to write a sudoers file.## Host alias specification# User alias specificationCNT 4603Spring 2009sudo: pseudo su, or how to set up safer su# Cmnd alias specification# Defaults specification# User privilege specificationroot ALL=(ALL) ALL# Uncomment to allow people in group wheel to run all commands# %wheel ALL=(ALL) ALLCNT 4603Spring 2009sudo: pseudo su, or how to set up safer su# Same thing without a password# %wheel ALL=(ALL) NOPASSWD: ALL# Samples# %users ALL=/sbin/mount /cdrom,/sbin/umount /cdrom# %users localhost=/sbin/shutdown -h nowuser1 monet=/usr/local/bin/suroot, /bin/suCNT 4603Spring 2009System Load Average“load average” == average size of ready queue oversample period+ Show s the 1, 5, and 15 minute load averages+ Can s ee with w, uptime, or top+ What’s a reasonable load average? → depends on themachine and the type of jobs runningCNT 4603Spring 2009Idle Time+ Percentage of time the system is idle+ Can s ee with “iostat -c 1”, “top”, or “vm stat 1”+ What do you want this number to be? (again, itdepends on machine’s raison d’etre)CNT 4603Spring 2009Idle Time[root@smtpin MailScanner]# iostat -c 1Linux 2.6.9-55.0.2.ELsmp (smtpin.cs.fsu.edu) 06/02/2008avg-cpu: %user %nice %sys %iowait %idle12.72 0.00 1.66 1.33 84.30avg-cpu: %user %nice %sys %iowait %idle30.00 0.00 4.50 4.00 61.50avg-cpu: %user %nice %sys %iowait %idle14.46 0.00 1.75 2.00 81.80CNT 4603Spring 2009Process Monitoring: ps+ ps comes from process status; page 53 in USAH hascomprehensive information+ Show s a window into proces s table via the filesystem –remember, ps these days generally is just walk throughthe /proc pseudo-file syste mCNT 4603Spring 2009Process Monitoring: ps+ Rich command options set; unfortunately, the re aredifferent options depending on whether the OS is BSDor Syste m V based.+ The BSD “ps” has these columns (which is generallytrue for the other “ps” variations):1. Process state. First letter indicates the runnability ofthe proce ss:CNT 4603Spring 2009Process Monitoring: psó R - Runnable processes.ó T - Stopped processes.ó P - Proc ess es in page wait.ó D - Processes in non-interruptable waits;ó S - Proce sse s sleeping less than about 20 seconds.CNT 4603Spring 2009Process Monitoring: psó I - Proc ess es sleeping more than 20 secondsó Z - zombie (process with NO resources other than aproc slot)2. Swapped? Second letter indicates whether a process isswapped out;ó blank - loaded in memoryCNT 4603Spring 2009Process Monitoring: psó W - Process is swapped out.ó ’>’ - Process has specified a soft limit on
View Full Document