\input{gl2.slide-header-beamer}% \errorcontextlines=99 %% Subtopic Number = '1.111.2' %% Title: 'Tune the user environment and system environment variables' %% Weight: 3 %% Description: %% Candidate should be able to modify global and user %% profiles. This includes setting environment variables, maintaining skel %% directories for new user accounts and setting command search path with %% the proper directory. %% Key files, terms, and utilities include: %% /etc/profile %% /etc/skel %% env %% export %% set %% unset \title{1.111.2\\Tune the user environment and system environment variables\\Weight 3} \date{2005 October} \author[Nick Urbanik]{Nick Urbanik \texttt{}\\ {\scriptsize This document Licensed under GPL---see section~\ref{sec:license}}}% \subtitle{Linux Professional Institute Certification --- 102}% \mode
{\chead{1.111.2}}% \begin{document} \maketitle \mode
{\thispagestyle{empty}} \begin{frame} \frametitle{Outline} \mode {% %\footnotesize \begin{multicols}{2} \tableofcontents \end{multicols} % You might wish to add the option [pausesections] }% \mode
{% \tableofcontents }% \end{frame} \section{Context} \label{sec:context} \begin{frame} \frametitle{Topic 111 Administrative Tasks [21]}% \framesubtitle{Where we are up to}% \begin{description} \item[1.111.1] Manage users and group accounts and related system files [4] % \uline depends on \usepackage[normalem]{ulem}: \item[1.111.2] \textbf{\uline{Tune the user environment and system environment variables [3]}} \item[1.111.3] Configure and use system log files to meet administrative and security needs [3] \item[1.111.4] Automate system administration tasks by scheduling jobs to run in the future [4] \item[1.111.5] Maintain an effective data backup strategy [3] \item[1.111.6] Maintain system time [4] \end{description} \end{frame} \section{Objectives} \label{sec:objectives} \begin{frame} \frametitle{Description of Objective}% \framesubtitle{1.111.2\ \ Tune the user environment and system environment variables [3]}% \mode{\Large}% Candidate should be able to modify global and user profiles. This includes setting environment variables, maintaining skel directories for new user accounts and setting command search path with the proper directory. \end{frame} \begin{frame} \frametitle{Key files, terms, and utilities include:}% \framesubtitle{1.111.2\ \ Tune the user environment and system environment variables [3]}% \mode{\large}% \begin{description} \item[\texttt{/etc/profile}] --- To export environment variables for all users when they log in using a \texttt{bash}, \texttt{sh}, or \texttt{ksh} (and other) shell \item[\texttt{/etc/skel}] --- directory from which new home directories get a copy of files \item[\texttt{env}] --- display environment variables, or run a command with a modified environment \item[\texttt{export}] --- make environment variables available to commands \item[\texttt{set}] --- display environment, or control operation of the bash shell \item[\texttt{unset}] --- completely remove variables or functions from environment \end{description} \end{frame} \section{What things can we set?} \label{sec:what-can-we-set} \begin{frame} \frametitle{What things can we set?} \begin{description} \item[\texttt{PATH}] --- a colon-separated list of directories that the shell should search to look for a command. \item[other environment variables] --- there are many, including the handy \texttt{export~RSYNC\_RSH=ssh} \item[aliases, functions] --- discussed in topic 1.109.1 Customize and use the shell environment \item[shell prompts] --- customise the shell prompt(s) \texttt{PS1},\,\ldots\ in \texttt{/etc/bashrc} or \texttt{/etc/bash.bashrc} \item[\texttt{umask}] --- determines the default permissions when you create a file \item[\texttt{ulimit}] --- places limits on resources; in particular: core file sizes \item[\texttt{set}] --- we can set various shell options with the built-in command \texttt{set} \end{description} \end{frame} \subsection{Setting the \texttt{PATH}} \label{sec:PATH} \begin{frame} \frametitle{Setting the \texttt{PATH}} \begin{itemize} \item The \texttt{PATH} will have already been set with initial values: \begin{description} \item[Debian/Ubuntu] in \texttt{/etc/login.defs} \item[Red Hat/Fedora] in \texttt{/etc/profile} \begin{itemize} \item though on my system the PATH /usr/local/bin:/bin:/usr/bin exists when \texttt{/etc/profile} is sourced \end{itemize} \end{description} \item You need to \alert{append} or \alert{prefix} your existing \texttt{PATH} with other directories: \item append: \texttt{PATH="\$PATH:/new/dir/bin"} \item prefix: \texttt{PATH="/new/dir/bin:\$PATH"} \end{itemize} \end{frame} \subsection{Prompts: \texttt{PS1}} \label{sec:prompts} \begin{frame} \frametitle{Prompts: \texttt{PS1}} \begin{itemize} \item The prompts you set go into \texttt{PS1} \item Set in \texttt{/etc/bashrc} or \texttt{/etc/bash.bashrc} \item Highly customisable \item At UNSW in mid 80's, I spent too much time making prompts that did somersaults or printed something quickly that immediately disappeared, to give subliminal messages. \begin{itemize} \item Depended on having a 2400 bps connection to a DEC PDP11 for the delay in animation \end{itemize} \item In \cmdbox{man bash}, search for \texttt{PROMPTING} \item There are also other prompts: \texttt{PS2}, \texttt{PS3}, \texttt{PS4}. \end{itemize} \end{frame} \subsection{\texttt{umask}} \label{sec:umask} \begin{frame} \frametitle{\texttt{umask}} \begin{itemize} \item Determines the default permissions of any file or directory you create \item Example: this in \texttt{/etc/bashrc} or \texttt{/etc/bash.bashrc}:\\ \texttt{umask 022} \item \ldots\,ensures that any ordinary file will have permissions \texttt{-rw-r-{}-r-{}-}, a directory or compiled executable will have permission \texttt{-rwxr-xr-x} \end{itemize} \end{frame} \subsection{\texttt{ulimit}} \label{sec:ulimit} \begin{frame} \frametitle{\texttt{ulimit}} \begin{itemize} \item To see the limits you have: \cmdbox{ulimit -a} \item Documentation: \cmdbox{help ulimit} \end{itemize} \end{frame} \section{\texttt{export}} \label{sec:export} \begin{frame}[fragile] \frametitle{\texttt{export}} \begin{itemize} \item Every \alert{environment variable} must be \alert{exported} if other commands are to inherit its value \item A variable only needs to be exported once \item The default startup scripts will have exported \texttt{PATH}, unless something is strangely wrong \item In \texttt{bash}, we can export variables when we define them, or separately, so we can put: \begin{semiverbatim} export RSYNC_RSH=ssh \end{semiverbatim} or \begin{semiverbatim} RSYNC_RSH=ssh export RSYNC_RSH \end{semiverbatim} \end{itemize} \end{frame} \section{Setting options in \texttt{bash} with \texttt{set}} \label{sec:set} \begin{frame} \frametitle{Setting options in \texttt{bash} with \texttt{set}} \begin{itemize} \item The \texttt{bash} builtin command \texttt{shopt} controls some \texttt{bash} options, but the exam doesn't ask about it. \begin{itemize} \item do \cmdbox{help shopt} \end{itemize} \item The builtin \texttt{bash} command \texttt{set} is also used to set many options in \texttt{bash} \item \cmdbox{set \red{-}o \meta{option}} \begin{itemize} \item \ldots\ turns \meta{option} \alert{on} \end{itemize} \item \cmdbox{set \red{+}o \meta{option}} \begin{itemize} \item \ldots\ turns \meta{option} \alert{off} \end{itemize} \end{itemize} \end{frame} \begin{frame} \frametitle{\texttt{bash} options you can set with \texttt{set}} \begin{description} \item[\texttt{emacs} or \texttt{vi}] --- choose whether you want \texttt{emacs}-like or \texttt{vi}-like editing of the command line. \item[\texttt{history}] --- enable/disable command history \pause% \begin{itemize} \item important for junior to use before viewing porn to avoid being sprung my mum or dad \end{itemize} \pause% \item[\texttt{noclobber}] --- If set, disallow existing regular files to be overwritten by redirection of output. \begin{itemize} \item Override this setting with: \end{itemize} \end{description} \cmdbox{command >| file-to-be-clobbered-regardless.txt} \end{frame} \begin{frame} \frametitle{Quick Quiz} \begin{itemize} \item Okay, junior wants to execute the command \cmdbox{xine -f porn-movie.wmv} without it going into $\sim$\texttt{/.bash\_history}, where mum or dad might find it. \pause% \item What command should junior execute first? \end{itemize} \end{frame} \section{Startup Scripts} \label{sec:startup-scripts} \subsection{The order in which \texttt{bash} executes scripts} \label{sec:order-of-execution-login-scripts} \begin{frame}[fragile] \frametitle{login \texttt{hash} shell} \begin{itemize} \item A \alert{login shell} has `\texttt{-}' as the first character of the command name, \begin{semiverbatim} \cmd{ps o pid,user,cmd p $$} PID USER CMD 8892 nickl -bash \end{semiverbatim} or has the option \texttt{-{}-login}. \item When a \alert{login} shell starts up, the following files are \alert{sourced}: \begin{itemize} \item \texttt{/etc/profile}, if it exists \item it sources the first of these that it finds, searching for them in this order: \sloppypar$\sim$\texttt{/.bash\_profile}, $\sim$\texttt{/.bash\_login}, $\sim$\texttt{/.profile} \item When the login shell exits, it sources $\sim$\texttt{/.bash\_logout}, if it exists. \end{itemize} \end{itemize} \end{frame} \begin{frame} \frametitle{Interactive \texttt{bash} shell} \begin{itemize} \item An \alert{interactive} shell has standard input and error both connected to terminals \begin{itemize} \item it is not being used to run a command such as \cmdbox{sh -c command} or \cmdbox{sh script.sh} \end{itemize} \item Behaviour is different on Fedora and Ubuntu systems (Why???) \begin{description} \item[Fedora/Red Hat] --- If the shell is not a login shell, then it will source $\sim$\texttt{/.bashrc}, if it exists. \item[Ubuntu/Debian] --- If the shell is not a login shell, then it will source both \sloppypar\texttt{/etc/bash.bashrc} and $\sim$\texttt{/.bashrc}, if each of them exists. \end{description} \end{itemize} \end{frame} \begin{frame} \frametitle{Noninteractive shells} \begin{itemize} \item A non-interactive shell (e.g., one that has been started to execute a command) will source the file whos name is in the environment variable \texttt{BASH\_ENV} \end{itemize} \end{frame} \subsection{What Sources What} \label{sec:what-sources-what} \begin{frame} \frametitle{What sources what} \framesubtitle{On Red Hat/Fedora systems:} \begin{itemize} %\item \texttt{/etc/profile} sources \texttt{$\sim$/.bashrc} \item \texttt{$\sim$/.bash\_profile} sources \texttt{$\sim$/.bashrc} \item \texttt{$\sim$/.bashrc} sources \texttt{/etc/bashrc} \item \texttt{/etc/bashrc} sources \texttt{/etc/profile.d/*.sh} if this is not a login shell \item \texttt{/etc/profile} sources \texttt{/etc/profile.d/*.sh} \item This means: \begin{itemize} \item \texttt{/etc/profile} and \texttt{$\sim$/.bash\_profile} are sourced \alert{only} when a user logs in where their shell is \texttt{bash}, \texttt{sh}, \texttt{ksh}, \texttt{ash} and a few other shells, by \alert{whatever means} \item \texttt{$\sim$/.bashrc}, \texttt{/etc/bashrc} and \texttt{/etc/profile.d/*.sh} are sourced for \alert{every} new interactive shell, including login shells. \end{itemize} \end{itemize} \end{frame} \begin{frame} \frametitle{What sources what} \framesubtitle{On Ubuntu/Debian systems:} \begin{itemize} \item \texttt{/etc/profile} sources \texttt{/etc/bash.bashrc} \item \texttt{/etc/bash.bashrc} sources \texttt{/etc/bashrc.local}\quad\green{\tick} \item \texttt{$\sim$/.bash\_profile} sources \texttt{$\sim$/.bashrc} \item This means: \begin{itemize} \item \texttt{/etc/profile} and \texttt{$\sim$/.bash\_profile} are sourced \alert{only} when a user logs in where their shell is \texttt{bash}, \texttt{sh}, \texttt{ksh}, \texttt{ash} and a few other shells, by \alert{\texttt{ssh} and a text console only} \item \texttt{/etc/bash.bashrc} and \texttt{$\sim$/.bashrc} and \texttt{/etc/bashrc.local} are sourced for \alert{every} new interactive shell, including login shells. \end{itemize} \end{itemize} \end{frame} \subsection{Weird stuff} \label{sec:weird-stuff} \begin{frame} \frametitle{Weird stuff} \begin{itemize} \item The file \texttt{/etc/bashrc} is not read directly by \texttt{bash} \begin{itemize} \item Red Hat, Fedora systems source \texttt{/etc/bashrc} from \texttt{$\sim$/.bashrc} \end{itemize} \item Red Hat, Fedora systems source \texttt{$\sim$/.bashrc} from \texttt{$\sim$/.bash\_profile} \item When you log into an Ubuntu system via \texttt{gdm}, it will \alert{not} source \texttt{/etc/profile}! \begin{itemize} \item However, the file \texttt{/etc/bash.bashrc} \alert{does} (somehow) get read! \item The file \texttt{/etc/profile} \alert{is} sourced when you log in via \texttt{ssh} or at a text console! \item You can define environment variables in \texttt{/etc/environment}, but do not use \texttt{export} there, since it is not parsed by the shell. \item It gets curiouser and curiouser. \end{itemize} \end{itemize} \end{frame} \subsection{Executive Summary} \label{sec:executive-summary} \begin{frame} \frametitle{Executive Summary for the suit on the go} \framesubtitle{Red Hat/Fedora:}% \begin{itemize} \item Export variables and the \texttt{PATH} from \texttt{/etc/profile} on a Fedora/Red Hat system for all users, since it is sourced once only, when logging in, via \texttt{gdm}, \texttt{kdm}, \texttt{ssh} or a console; \item define aliases and functions and the prompts \texttt{PS1}, \texttt{PS2},\,\ldots in \texttt{/etc/bashrc} on Red Hat/Fedora systems, since all \texttt{$\sim$/.bashrc} scripts will source it by default whenever a new interactive shell is started \item A better place for aliases and function definitions is a file in \texttt{/etc/profile.d/} --- you might call it \texttt{local.sh} --- since upgrades will not affect it. \end{itemize} \end{frame} \begin{frame} \frametitle{Executive Summary for the suit on the go} \framesubtitle{Ubuntu/Debian:}% \begin{itemize} \item Export variables and the \texttt{PATH} from \texttt{/etc/bashrc.local}, since \sloppypar\texttt{/etc/bash.bashrc} sources \texttt{/etc/bashrc.local} and \texttt{/etc/profile} sources \texttt{/etc/bash.bashrc}, if you want them set the same for all logins, since \texttt{/etc/profile} will not be read when you log in via \texttt{gdm}. In fact, \texttt{/etc/bashrc.local} will be read whenever you start a new interactive \texttt{bash} shell, so it is also the place to define aliases and functions and local customisations to prompts \texttt{PS1}, \texttt{PS2},\,\ldots \item You can add global environment variables to \texttt{/etc/environment}, but just assign variables, do not use export. \item If someone can explain the rationale for not reading \texttt{/etc/profile} from \texttt{gdm}, please let me know. There are issues of security, and setting environment variables independently of shell. \end{itemize} \end{frame} \section{Other places to put settings} \label{sec:other-places} \subsection{\texttt{/etc/login.defs}} \label{sec:login.defs} \begin{frame} \frametitle{\texttt{/etc/login.defs}} \begin{itemize} \item \texttt{/etc/login.defs} appears to have different roles on Red Hat/Fedora systems from Debian/Ubuntu systems. \item On Debian systems, \texttt{/etc/login.defs} appears to be read when a user logs in or changes settings. The \texttt{umask} value is set there, as is the initial value of \texttt{PATH}. \item See \cmdbox{man login.defs} on Debian. \item Red Hat/Fedora systems read \texttt{/etc/login.defs} when creating user accounts with \texttt{shadow-utils} commands including \texttt{useradd}, \texttt{usermod}, \texttt{groupadd},\,\ldots \item There is no man page on Fedora, but it is mentioned in the man pages for the \texttt{shadow-utils} commands. \end{itemize} \end{frame} \section{The \texttt{/etc/skel} directory} \label{sec:etc-skel} \begin{frame} \frametitle{The \texttt{/etc/skel} directory} \begin{itemize} \item When a user's home directory is created using tools such as \texttt{useradd} or \texttt{adduser}, the contents of \texttt{/etc/skel} are all copied to the new directory \item You can customise the login scripts \item You can create a \texttt{/etc/skel/bin} directory, so each new user will have a \texttt{$\sim$/bin} directory \item See topic 1.111.1 Manage users and group accounts and related system files for how \texttt{useradd},\,\ldots\ use \texttt{/etc/skel} \end{itemize} \end{frame} \mode {% \begin{frame} \frametitle{Topics Covered} %\footnotesize %\begin{multicols}{2} \tableofcontents[pausesections,pausesubsections] %\end{multicols} % You might wish to add the option [pausesections] \end{frame} } \section{License Of This Document} \label{sec:license} \begin{frame} \frametitle{License Of This Document} \raggedright% Copyright \copyright\ 2005 Nick Urbanik \par You can redistribute modified or unmodified copies of this document provided that this copyright notice and this permission notice are preserved on all copies under the terms of the GNU General Public License as published by the Free Software Foundation---either version 2 of the License or (at your option) any later version. \end{frame} \end{document}