====== System Administration ======
===== Devices and disk access =====
With Linux disks and USB media are seen as devices. To access data on them, a device first must be mounted on a mount point (directory).
On SliTaz devices can be mounted using a program with a graphical user interface, like ''pcmanfm'' or with a command from a terminal.
To mount the first partition of a local disk on ''/mnt/disk'':
# mkdir -p /mnt/disk
# mount /dev/sda1 /mnt/disk
To mount an optical disk or an USB medium, mount points located in ''/media'' should be used.
Note that for an optical disk, you just have to specify the device path. For a flash key, the mount point already exists:
# mount /dev/cdrom
# mount /dev/sda1 /media/flash
=== NTFS filesystem ===
If read or write access to Windows ntfs filesystems is needed, a few additional packages from the repository must be installed.
The ''ntfs-3g'' driver provides stable access to ntfs partitions and ''ntfsprogs'' provides manipulation tools dependent on fuse.
Note that ntfs partitions can be formatted, moved or resized using Gparted, a GUI to parted.
=== NFS ===
NFS (Network File System) is the native UNIX and Linux method for sharing file systems.
In this respect its function is similar to Samba.
The most popular version is still NFSv3, which is able to use UDP or TCP as the network protocol.
The older NFSv2 was only capable of using UDP.
On a LAN, UDP is still the fastest protocol; TCP is to be preferred when the machines are connected over a WAN.
NFSv3 has been superseded by NFS version4 which has notable improvements (security) over v3 but its configuration has become a lot more complex as a result.
An NFS server exports a part of it's file system; i.e. makes it available on the network.
The server is configured with details about client ip addresses or host names and can restrict their access to the file system.
Access can be read-only, read-write or no access at all.
An NFS client simply mounts the exported file systems as if they were local devices.
The NFS software in Slitaz makes it possible to run both as a server or a client.
To start the NFS processes, you need to run the init script in ''/etc/init.d/'':
/etc/init.d/nfsd start|stop|restart
The NFS daemons must be running also when the machine acts as a client.
== NFS Software Installation ==
To start using NFS, the following packages are required:
# tazpkg -l | grep nfs
linux-nfsd 3.16.55 base-system
nfs-utils 2.6.1 system-tools
Install them using:
# tazpkg -gi linux-nfsd
# tazpkg -gi nfs-utils
== /etc/exports ==
Here is a sample exports file:
# /etc/exports: the access control list for filesystems which may be exported
# to NFS clients. See exports(5).
#
# Example for NFSv2 and NFSv3:
# /srv/homes hostname1(rw,sync,no_subtree_check) hostname2(ro,sync,no_subtree_check)
#
# Example for NFSv4:
# /srv/nfs4 gss/krb5i(rw,sync,fsid=0,crossmnt,no_subtree_check)
# /srv/nfs4/homes gss/krb5i(rw,sync,no_subtree_check)
#
/usb1 192.168.1.0/24(rw,sync,no_subtree_check)
The server is only exporting one filesystem: usb1. Clients must be in the 192.168.1.0/24 network and they have read-write access.
To use nfs on the client; all you need to do is start nfsd and mount the share:
# /etc/init.d/nfsd start
# mkdir /mnt/usbdrive1
# mount server:/usb1 /mnt/usbdrive1
Please note the specific format for nfs shares ''//server//'':''//mountpoint//''.
===== Users, groups and passwords =====
To manage users and groups on a SliTaz system, the command line must be used, but file permissions can be changed with a GUI, PCmanFM for example.
Only the system administrator (''root'') can add or remove users and groups. The system administrator can also change **all** user passwords;
a nonprivileged user can only change his or her own password.
To add or remove a user named linux:
# adduser linux
# deluser linux
=== Manipulating users and group membership ===
Linux groups are a mechanism to manage a collection of computer system users.
All Linux users have a user name and a group name and a unique numerical identification number called a userid (UID) and a groupid (GID) respectively.
Groups can be assigned to logically tie users together for a common security, privilege and access purpose.
It is the foundation of Linux security and access.
Access to files and devices may be granted based on a userid or a groupid.
This mechanism is the same for all of linux but the way it is configured varies per distribution.
Sometimes additional or different commands are used, like for example ''usermod'', ''chgrp'', ''useradd'' or ''groupadd''.
Below is an overview of how to handle users, groups and group membership on Slitaz.
The Slitaz way is using only four commands. Simple and Elegant. ;-)
# adduser <= adds a user
# deluser <= deletes a user
# addgroup <= adds a group
# delgroup <= deletes a group
# addgroup <= adds a user to a group
# adduser -G <= adds the user to an additional group
# delgroup <= deletes a user from a group
Any user can be member of any group and the combination of user and group permissions allows for granular access to system resources.
=== Passwd ===
To change the current user's password or change the password of a specific user, you must use the passwd command:
$ passwd
# passwd
=== Audio group ===
If you want a new user to be able to listen to music he must be in the group ''audio''.
To add an existing user to the group audio:
# adduser -G audio
===== Language and keyboard layout =====
SliTaz saves the configuration of the default locale in ''/etc/locale.conf'' which is read by ''/etc/profile'' on each login
and the keyboard setting is stored in ''/etc/keymap.conf''.
These two files can be edited with your favorite editor or configured respectively with ''tazlocale'' and ''tazkeymap''.
You can modify the settings you choose on the first boot by typing as system administrator:
# tazlocale
Or:
# tazkeymap
To check all available locales or the current configuration, the command ''locale'' can be used:
$ locale -a
$ locale
===== Custom Shell =====
SliTaz uses the shell provided by busybox linked to ''sh''. It is light, fast and standards compliant.
To change the default shell for a user, the corresponding field in the user's line in ''/etc/passwd'' can be modified with a text editor.
After login, ''/etc/profile'' is read first and then the user file ''~/.profile''.
These files can be edited with a text editor to configure the language, any aliases, etc.
=== Example: ~/.profile ===
# ~/.profile: executed by Bourne-compatible login shells.
#
# Aliases.
alias ls='ls -F'
alias df='df -h'
# Env variables.
export EDITOR=nano
===== Bash Shell =====
If you wish to use the Bash (Bourne Again SHell), first as system administrator install bash.
Then the system administrator must edit ''/etc/passwd'' to change the user's shell to ''/bin/bash''.
Finally copy ''~/.profile'' to ''~/.bashrc''.
# tazpkg get-install bash
# nano /etc/passwd ~ :/bin/bash
hacker:~$ cp .profile .bashrc
The next time ''hacker'' logs in, bash will be the default shell;
this can be confirmed by typing ''env'' on the command line and inspecting the ''SHELL'' variable.
===== Editors =====
Busybox supplies a clone of vi for normal text editing, but it does have its limitations. The full vim editor can be installed with:
# tazpkg get-install vim
Or alternatively if you prefer emacs:
# tazpkg get-install emacs
===== Sudo =====
The sudo command can be installed on SliTaz:
# tazpkg get-install sudo
Note that the configuration file ''/etc/sudoers'', should always be edited by the ''visudo'' command which locks the file and checks for errors.
===== System Time =====
To check the current system time, you can simply type:
$ date
=== TimeZone ===
On SliTaz, the timezone configuration is saved in ''/etc/TZ''.
This file can be edited with a text editor or simply the echo command.
The available timezones are to be found in the ''/usr/share/zoneinfo'' directory.
Here's an example using the timezone Europe/London:
# echo "Europe/London" > /etc/TZ
=== Rdate ===
To synchronize the system clock with a network time server, the system administrator can use the ''rdate -s'' command:
# rdate -s tick.greyware.com
To display the time on the remote server, use the ''rdate -p'' command:
$ rdate -p tick.greyware.com
=== Using NTP ===
NTP is a protocol to synchronize the time on many different systems via a network.
NTP is a client-server application which uses UDP port 123.
This section describes how to configure a system as an NTP client, deriving its time from the Internet.
There are many servers available on the Internet which provide a NTP service.
Experience has shown that NTP servers seldom have a high availability, rather the opposite!
This means it may not be such a good idea to configure a particular server as a time source, not even two or three.
After a while none of them might be active any more and time is drifting freely!
A better way is to use the service from ntp.org ( http://www.ntp.org/ ).
They provide pools of NTP servers per country or region.
Selecting one of these provides a more reliable connection to a NTP time source.
Although Slitaz is a small distribution, it provides several NTP implementations.
Most notably:
1: busybox ntpd (included in the base installation). Using busybox ntpd from the command line:
# busybox ntpd -p nl.pool.ntp.org OR
# ntpd -p nl.pool.ntp.org
2: ntp.tazpkg (install from packages repository). To install ntp.tazpkg:
# tazpkg get-install ntp
This package includes a decent set of ntp related binaries and the configuration file ''/etc/init.d/ntp''
# tazpkg list-files ntp
Installed files with: ntp
=========================
/etc/init.d/ntp
/etc/ntp.conf
/usr/bin/calc_tickadj
/usr/bin/ntp-keygen
/usr/bin/ntp-wait
/usr/bin/ntpd
/usr/bin/ntpdate
/usr/bin/ntpdc
/usr/bin/ntpq
/usr/bin/ntptime
/usr/bin/ntptrace
/usr/bin/sntp
/usr/bin/tickadj
/usr/bin/update-leap
Be aware that Slitaz has several NTP daemons available.
We have busybox ntp but also the ntp package. Both provide virtually the same functionality.
If you have limited resources, the busybox version can provide all you need.
If you want all the diagnostic stuff as well, you should rather go for installing ntp.tazpkg.
=== Starting ntpd at boot ===
Probably the easiest way to start busybox ntpd at boot is to add an entry like above to ''/etc/init.d/local.sh''.
The explanation below focuses on ntp.tazpkg.
It is unclear which one was intended by the developers to be started by the Server Manager.
This can be somewhat confusing. The verified way to configure the NTP daemon is to use the command line as detailed below.
To start ''/usr/bin/ntpd'' (from ntp.tazpkg) at boot:
1: Make sure to install the package as shown above ;-).
2: Edit ''/etc/daemons.conf'' as follows:
Add one line at the end:
NTP_OPTIONS="-p xx.pool.ntp.org" (where xx = country.)
The NTP daemon reads it's options from **/etc/daemons.conf**.
The configuration file **/etc/ntp.conf**, which is referred to by the Server Manager seems to be unused and may be deleted.
3: Edit ''/etc/rcS.conf'' as follows:
On the line with daemons to start, add ntp to the list:
RUN_DAEMONS="inetd dbus hald slim firewall httpd ntp"
Make sure to enter just ntp, not ntp**d**! The name is a reference to **/etc/init.d/ntp**
These are the required steps. Reboot to verify everything is indeed working as expected.
Use the following to check if the daemon is running:
$ ps -ef | grep ntpd
1934 root 0:00 /usr/bin/ntpd -p nl.pool.ntp.org
2193 root 0:00 grep ntpd
In this example, the first line shows the process we want to see.
Use **/etc/init.d/ntp {start | stop | restart}** to control the NTP daemon or specify the full path (/usr/bin/ntpd).
Using ntpd on the command line without the full path causes the busybox version to be invoked!
=== Verifying ntpd operation ===
The ''ntpq'' command can be used to verify connections to NTP servers
# ntpq -p nl.pool.ntp.org
remote refid st t when poll reach delay offset jitter
==============================================================================
*ntp0.nl.uu.net .PPS. 1 u 632 1024 377 2.700 0.233 0.096
+ntp1.nl.uu.net .PPS. 1 u 504 1024 377 1.742 0.356 41.789
-chime1.surfnet. 194.171.167.130 2 u 298 1024 377 0.677 0.102 0.134
+chime4.surfnet. .PPS. 1 u 422 1024 367 9.652 -2.669 0.366
tt165.ripe.net .STEP. 16 u - 1024 0 0.000 0.000 0.000
The * at the start of a line indicates the server the system is currently synchronized to.
The column "st" shows the stratum or quality of the time source. 1 is best, 16 means unavailable.
Important to check are the columns "reach" and those behind. Reach should be 377, everything else means polls were missed.
The NTP daemon should be running for a while to get reliable output.
=== Hwclock ===
The ''hwclock'' command enables synchronisation of the time of the hardware clock to the system clock or vice versa.
Synchronise the system clock to the hardware clock ( --utc = universal time, -l = local time ):
# hwclock -w --utc
Synchronise the hardware clock to the system clock:
# hwclock -s --utc
hwclock -u, --utc | -l, --localtime
Indicates that the hardware clock is kept in Coordinated Universal Time or local time, respectively.
It is the choice of the system administrator, whether to keep the clock in UTC or local time, but nothing in the clock tells which is choosen.
So this option is how to give that information to the hardware clock.
If the wrong one of these options is specified (or neither and a wrong default is taken),
both setting and querying of the hardware clock will be messed up.
On slitaz, the hardware clock must always be set to UTC.
The result of a non-UTC hardware clock setting is an incorrect time for the timezone.
=== Synchronising the hardware clock with NTP ===
There are several ways to set the hardware clock to NTP time:
# busybox ntpd -dnqp nl.pool.ntp.org && hwclock -w -u
OR:
# ntpdate -u nl.pool.ntp.org && hwclock -w -u
Alternative three: (quite old, may not work on all servers)
# rdate -s nl.pool.ntp.org && hwclock -w -u
Note that in all examples the ''-u'' option is used to set the hardware clock to UTC time.
Further reading: https://linux.die.net/man/8/hwclock
===== Execute scheduled commands =====
The daemon ''crond'' allows to run commands automatically at a scheduled specific date or time.
This is very useful for routine tasks such as system administration.
The directory ''cron'' uses is ''/var/spool/cron/crontabs''.
Each user can have his or her own tasks; they are defined in the file ''/var/spool/cron/crontabs///user//''.
This file can be created to order modified by any user with the ''crontab -e'' command, using the user's default text editor.
The crontab utility allows (amongst other things), to list the user's tasks:
# crontab -l <== To list the crontab for user root.
OR:
# crontab -l -u tux <== To list the crontab for another user.
OR:
tux:~$ crontab -l <== To list the crontab for user tux.
The syntax of the crontab files is as follows:
mm hh dd MMM DDD command > log
We will create a crontab file and test the daemon ''crond'' with a task performed every minute - writing the date to a file ''/tmp/crond.test''.
$ crontab -e
Insert the line:
* * * * * date >> /tmp/crond.test
save and exit the editor.
When the system administrator has launched ''crond'' using the startup script:
# /etc/init.d/crond start
after a few minutes the contents of the file: ''/tmp/crond.test'' can be viewed:
$ cat /tmp/crond.test
To stop or restart the daemon ''crond'':
# /etc/init.d/crond stop
Or :
# /etc/init.d/crond restart
=== Invoke the daemon crond on every boot ===
To launch the daemon ''crond'' each time the system is booted, just add it to the variable START_DAEMONS in the configuration file ''/etc/rcS.conf'',
either before or after the web server or SSH server.
===== Add commands to be executed at boot =====
During the boot process, various scripts are executed to configure services, such as the start of the web server, networking, etc.
On SliTaz there is a script ''/etc/init.d/local.sh'' which allows to add commands to be launched at system startup.
Also new scripts can be created in ''/etc/init.d''.
# nano /etc/init.d/local.sh