%% $Header: /cvsroot/lcdp/lpic/general-linux-2/slides/gl2.114.3.slides.tex,v 1.4 2003/08/29 14:36:14 waratah Exp $ \input{gl2.slide-header.tex} %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% \begin{document} %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %----10->|-----20->|-----30->|-----40->|-----50->|-----60->|-----70->|-----80-> \begin{slide} %================================================================ \begin{center} \LARGE \textsf{-- General Linux 2 -- \\ Setup User Level Security} \LARGE \textsf{[2] } \\[2mm] \large \textsf{(Linux Professional Institute Certification)}\\[1mm] \normalsize\end{center} \footnote{Copyright \copyright\ 2002 Geoffrey Robertson. Permission is granted to make and distribute verbatim copies or modified versions of this document provided that this copyright notice and this permission notice are preserved on all copies under the terms of the GNU General Public License as published by the Free Software Foundation---either version 2 of the License or (at your option) any later version.} \scriptsize \begin{verbatim} .~. Slides for a talk by Pia Smith /V\ // \\ geoffrey robertson @._.@ geoffrey@zip.com.au \end{verbatim} \tiny \begin{verbatim} $Id: gl2.114.3.slides.tex,v 1.4 2003/08/29 14:36:14 waratah Exp $ \end{verbatim} \normalsize \vfill \end{slide} %----------------------------------------------------------- %----10->|-----20->|-----30->|-----40->|-----50->|-----60->|-----70->|-----80-> %============================================================================== \begin{slide} %ghr \listofslides \vfill \end{slide} %------------------------------------------------------------------------------ %============================================================================== \begin{slide}{} %ghr \Slidecontents \vfill \end{slide} %----------------------------------------------------------- %============================================================================== %============================================================================== \begin{slide} %ghr \slideheading{(2.2) 102 Installation \& Package Mgt. [24]} \begin{description} \item[2.114.1] Perform Security Administration Tasks [4] \item[2.114.2] Setup Host Security [4] \item[2.114.3] {\bf \underline{Setup User Level Security [2]}} \end{description} \vfill \end{slide} %----------------------------------------------------------- %============================================================================== \begin{slide}{} %ghr \Slidecontents \vfill \end{slide} %----------------------------------------------------------- %============================================================================== %============================================================================== \begin{slide} %ghr \slideheading{Setup User Level Security [2]} \slidesubheading{Objective} Candidate should be able to configure user level security. Tasks include limits on user logins, processes, and memory usage. \vfill \end{slide} %----------------------------------------------------------- %============================================================================== \begin{slide} %ghr \Slideheading{Setup User Level Security [2]} \slidesubheading{Key files, terms, and utilities} \begin{alltt} quota usermod \end{alltt} \vfill \end{slide} %----------------------------------------------------------- %============================================================================== \begin{slide} %ghr \Slideheading{Setup User Level Security [2]} \slidesubheading{Resources of interest} \begin{description} \item[TBA] \begin{alltt} \end{alltt} \end{description} \vfill \end{slide} %----------------------------------------------------------- %============================================================================== %============================================================================== \begin{slide}{} %Pia Smith \slideheading{Set and View Disk Quotas} \slidesubheading{Enabling Quotas} \begin{itemize} \item \reveal Add the \texttt{userquota} and \texttt{grpquota} options in \texttt{/etc/fstab}: \begin{alltt} /dev/hda2 /home ext3 defaults,usrquota,grpquota 1 2 \end{alltt} \item \reveal Create the quota.user and quota.group files: \begin{alltt} fehung:~# touch /home/quota.user /home/quota.group fehung:~# chmod 600 /home/quota.user /home/quota.group \end{alltt} \item \reveal Initialise the \texttt{quota.*} files as databases by running \texttt{quotacheck}: \begin{alltt} fehung:/home# quotacheck -augv Cannot get exact used space... Results might be inaccurate. quotacheck: Scanning /dev/hda2 [/home] done quotacheck: Checked 143 directories and 689 files \end{alltt} \end{itemize} \vfill \end{slide} %----------------------------------------------------------- %============================================================================== %============================================================================== \begin{slide}{} %Pia Smith \Slideheading{Set and View Disk Quotas} \slidesubheading{Enabling Quotas \textit{ctd\ldots}} \begin{itemize} \item \reveal Confirm that the databases have actually been initialised by making sure that the \texttt{quota.*} files are larger than 0. \item \reveal Run quotaon to enable the quota system: \begin{alltt} fehung:/home# quotaon -a \end{alltt} \item \reveal There are two further things to deal with: \begin{enumerate} \item \reveal Turn on quota is turned at boot time. (details next slide) \item \reveal Check the data base regularly. (details next slide) \end{enumerate} \item \reveal The filesystem (in this case /home) is now ready to accept quotas on a per user or group basis. \end{itemize} \vfill \end{slide} %----------------------------------------------------------- %============================================================================== %============================================================================== \begin{slide}{} %Pia Smith \Slideheading{Set and View Disk Quotas} \slidesubheading{Initialising Quotas when booting} To ensure quota is turned on upon system boot, add the following to the system's initialisation script (\texttt{/etc/rc.d/rc.sysinit} or similar): {\small \begin{alltt} if [ -x /sbin/quotacheck ]; then echo "Checking quotas." /sbin/quotacheck -auvg echo "Done." fi if [ -x /sbin/quotaon ]; then echo "Enabling quotas." /sbin/quotaon -avug fi \end{alltt} } \vfill \end{slide} %----------------------------------------------------------- %============================================================================== %============================================================================== \begin{slide}{} %Pia Smith \Slideheading{Set and View Disk Quotas} \slidesubheading{Check the Quota database Regularly with \texttt{cron}} To ensure that the databases are checked regularly, add a script to one of the crontab system directories, (such as /etc/cron.weekly/) to run quotacheck: \begin{alltt} #!/bin/bash /sbin/quotacheck -auvg \end{alltt} or a job in crontab to achieve the same thing. \vfill \end{slide} %----------------------------------------------------------- %============================================================================== %============================================================================== \begin{slide}{} \Slideheading{Set and View Disk Quotas} \slidesubheading{Quota Limits} There are five types of quota limits that can be enforced: \begin{itemize} \item \reveal Per-user hard limit \item \reveal Per-group hard limit \item \reveal Per-user soft limit \item \reveal Per-group soft limit \item \reveal Grace Period \end{itemize} \vfill \end{slide} %----------------------------------------------------------- %============================================================================== %============================================================================== \begin{slide}{} \Slideheading{Set and View Disk Quotas} \slidesubheading{Quota Limits---Per-user hard limit} This is the absolute maximum of a users allocated space, once reached the user cannot write anything else to the filesystem, and the currently worked upon file if saved is truncated and useless. The user doesn't lose what is in the current shell, so they can free up some space and then save the file. \vfill \end{slide} %----------------------------------------------------------- %============================================================================== %============================================================================== \begin{slide}{} \Slideheading{Set and View Disk Quotas} \slidesubheading{Quota Limits---Per-group hard limit} This is the absolute maximum of a groups allocated space, once reached the group cannot write anything else to the filesystem, and the currently worked upon file if saved is truncated and useless. Users in the group don't lose what is in the current shell, so they can free up some space and then save the file. \vfill \end{slide} %----------------------------------------------------------- %============================================================================== %============================================================================== \begin{slide}{} \Slideheading{Set and View Disk Quotas} \slidesubheading{Quota Limits---Per-user soft limit} An abstract limit enforced on users that is less than the hard limit, and once reached, the user enters the grace period. After the soft limit has been reached the user starts getting warnings printed on the terminal that the quota has been exceeded. \vfill \end{slide} %----------------------------------------------------------- %============================================================================== %============================================================================== \begin{slide}{} \Slideheading{Set and View Disk Quotas} \slidesubheading{Quota Limits---Per-group soft limit } An abstract limit enforced on groups that is less than the hard limit, and once reached, the group enters the grace period. After the soft limit has been reached the group starts getting warnings printed on the terminal that the quota has been exceeded. \vfill \end{slide} %----------------------------------------------------------- %============================================================================== %============================================================================== \begin{slide}{} \Slideheading{Set and View Disk Quotas} \slidesubheading{Quota Limits---Grace Period} Once a soft limit has been reached the user/group enters the grace period which is an abstract time before the hard limit is enforced, regardless of whether the hard limit is reached (assuming the user doesn't get their quota down below the soft limit in that time). \vfill \end{slide} %----------------------------------------------------------- %============================================================================== %============================================================================== \begin{slide}{} \Slideheading{Set and View Disk Quotas} \slidesubheading{Setting up and configuring quotas} \begin{itemize} \item \reveal The next move is to edit the quota reference for each user. We can get around this with scripts, but essentially this is not nice :) \item \reveal We can actually edit the quota of a typical user on our system and then copy the attributes of that users quota to other users, as follows: \begin{alltt} fehung:/home/greebo# edquota greebo \end{alltt} \item \reveal This edits the quota for user greebo, in this file we change the soft and hard limits to whatever we choose, example: \begin{alltt} Disk quotas for user greebo (uid 1000): Filesystem blocks soft hard inodes soft hard /dev/hda2 538 29000 30000 689 0 0 \end{alltt} \end{itemize} \vfill \end{slide} %----------------------------------------------------------- %============================================================================== %============================================================================== \begin{slide}{} \Slideheading{Set and View Disk Quotas} \slidesubheading{Configuring Quotas} \begin{itemize} \item \reveal The first soft and hard values are relevant to blocks and the second to inodes, here the user has a block soft and hard limit but no inode limit . \item \reveal We can then attribute these settings to the rest of the users thus: \begin{verbatim} fehung:/home/greebo# edquota -p greebo $(awk -F: '$3 > \ 999 { print $1 }' /etc/passwd) \end{verbatim}%$ and can confirm this worked by running \rootcmd{edquota } to see whether the new settings copied across. \item \reveal We can only modify the grace limit system wide. We do this by running \rootcmd{edquota -tu}, and changing the value. \end{itemize} \vfill \end{slide} %----------------------------------------------------------- %============================================================================== %============================================================================== \begin{slide}{} \Slideheading{Set and View Disk Quotas} \slidesubheading{Quota commands: \texttt{quota(1)}} \texttt{quota} is used to display quotas on users and groups, using the -u switch for users and -g switch for groups: \begin{alltt} fehung:/home\rootcmd{quota -uv greebo} Disk quotas for user greebo (uid 1000): Filesystem blocks quota limit grace files quota limit grace /dev/hda2 538 29000 30000 689 0 0 \end{alltt} \vfill \end{slide} %----------------------------------------------------------- %============================================================================== %============================================================================== \begin{slide}{} \Slideheading{Set and View Disk Quotas} \slidesubheading{Quota commands: \texttt{quotaon(1)}} \texttt{quotaon} turns on the quota system, quotaoff turns it off. Easy! \vfill \end{slide} %----------------------------------------------------------- %============================================================================== %============================================================================== \begin{slide}{} \Slideheading{Set and View Disk Quotas} \slidesubheading{Quota commands: \texttt{repquota(1)}} \texttt{repquota} reports on the status on quotas. Common options are as follows: \begin{alltt} -a reports on all quotas -g reports on group quotas -u reports on user quotas -v verbose mode \end{alltt} Examples: \begin{alltt} \rootcmd{repquota -v /home} \end{alltt} or \begin{alltt} \rootcmd{repquota -a} \end{alltt} \vfill \end{slide} %----------------------------------------------------------- %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% \end{document} %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %============================================================================== %============================================================================== \begin{slide}{} \Slideheading{Set and View Disk Quotas} \slidesubheading{} \vfill \end{slide} %----------------------------------------------------------- ============================================================================= \begin{slide}{} \end{slide} %------------------------------------------------------------------ \item \reveal \begin{alltt} \end{alltt}