System Administration

System Administration

Devices and disk access

With Linux disks and USB media are seen as devices. To access data on them, a device first must be mounted on a mount point (directory).

On SliTaz devices can be mounted using a program with a graphical user interface, like pcmanfm or with a command from a terminal.

To mount the first partition of a local disk on /mnt/disk:

 # mkdir -p /mnt/disk
 # mount /dev/sda1 /mnt/disk

To mount an optical disk or an USB medium, mount points located in /media should be used.

Note that for an optical disk, you just have to specify the device path. For a flash key, the mount point already exists:

 # mount /dev/cdrom
 # mount /dev/sda1 /media/flash

NTFS filesystem

If read or write access to Windows ntfs filesystems is needed, a few additional packages from the repository must be installed.

The ntfs-3g driver provides stable access to ntfs partitions and ntfsprogs provides manipulation tools dependent on fuse. Note that ntfs partitions can be formatted, moved or resized using Gparted, a GUI to parted.

NFS

NFS (Network File System) is the native UNIX and Linux method for sharing file systems. In this respect its function is similar to Samba.

The most popular version is still NFSv3, which is able to use UDP or TCP as the network protocol.

The older NFSv2 was only capable of using UDP.

On a LAN, UDP is still the fastest protocol; TCP is to be preferred when the machines are connected over a WAN.

NFSv3 has been superseded by NFS version4 which has notable improvements (security) over v3 but its configuration has become a lot more complex as a result.

An NFS server exports a part of it's file system; i.e. makes it available on the network. The server is configured with details about client ip addresses or host names and can restrict their access to the file system. Access can be read-only, read-write or no access at all. An NFS client simply mounts the exported file systems as if they were local devices.

The NFS software in Slitaz makes it possible to run both as a server or a client. To start the NFS processes, you need to run the init script in /etc/init.d/:

/etc/init.d/nfsd start|stop|restart

The NFS daemons must be running also when the machine acts as a client.

NFS Software Installation

To start using NFS, the following packages are required:

# tazpkg -l | grep nfs
linux-nfsd              3.16.55           base-system
nfs-utils               2.6.1             system-tools

Install them using:

# tazpkg -gi linux-nfsd
# tazpkg -gi nfs-utils

/etc/exports

Here is a sample exports file:

# /etc/exports: the access control list for filesystems which may be exported
#               to NFS clients.  See exports(5).
#
# Example for NFSv2 and NFSv3:
# /srv/homes       hostname1(rw,sync,no_subtree_check) hostname2(ro,sync,no_subtree_check)
#
# Example for NFSv4:
# /srv/nfs4        gss/krb5i(rw,sync,fsid=0,crossmnt,no_subtree_check)
# /srv/nfs4/homes  gss/krb5i(rw,sync,no_subtree_check)
#
/usb1           192.168.1.0/24(rw,sync,no_subtree_check)

The server is only exporting one filesystem: usb1. Clients must be in the 192.168.1.0/24 network and they have read-write access.

To use nfs on the client; all you need to do is start nfsd and mount the share:

# /etc/init.d/nfsd start
# mkdir /mnt/usbdrive1
# mount server:/usb1 /mnt/usbdrive1

Please note the specific format for nfs shares server:mountpoint.

Users, groups and passwords

To manage users and groups on a SliTaz system, the command line must be used, but file permissions can be changed with a GUI, PCmanFM for example. Only the system administrator (root) can add or remove users and groups. The system administrator can also change all user passwords; a nonprivileged user can only change his or her own password.

To add or remove a user named linux:

 # adduser linux
 # deluser linux

Manipulating users and group membership

Linux groups are a mechanism to manage a collection of computer system users. All Linux users have a user name and a group name and a unique numerical identification number called a userid (UID) and a groupid (GID) respectively. Groups can be assigned to logically tie users together for a common security, privilege and access purpose. It is the foundation of Linux security and access. Access to files and devices may be granted based on a userid or a groupid. This mechanism is the same for all of linux but the way it is configured varies per distribution. Sometimes additional or different commands are used, like for example usermod, chgrp, useradd or groupadd. Below is an overview of how to handle users, groups and group membership on Slitaz.

The Slitaz way is using only four commands. Simple and Elegant.

# adduser <username> <= adds a user

# deluser <username> <= deletes a user

# addgroup <groupname> <= adds a group

# delgroup <groupname> <= deletes a group

# addgroup <username> <groupname> <= adds a user to a group

# adduser -G <groupname> <username> <= adds the user to an additional group

# delgroup <username> <groupname> <= deletes a user from a group

Any user can be member of any group and the combination of user and group permissions allows for granular access to system resources.

Passwd

To change the current user's password or change the password of a specific user, you must use the passwd command:

 $ passwd
 # passwd <username>

Audio group

If you want a new user to be able to listen to music he must be in the group audio.

To add an existing user to the group audio:

 # adduser -G audio <username>

Language and keyboard layout

SliTaz saves the configuration of the default locale in /etc/locale.conf which is read by /etc/profile on each login and the keyboard setting is stored in /etc/keymap.conf. These two files can be edited with your favorite editor or configured respectively with tazlocale and tazkeymap. You can modify the settings you choose on the first boot by typing as system administrator:

 # tazlocale
 Or:
 # tazkeymap

To check all available locales or the current configuration, the command locale can be used:

 $ locale -a
 $ locale

Custom Shell

SliTaz uses the shell provided by busybox linked to sh. It is light, fast and standards compliant. To change the default shell for a user, the corresponding field in the user's line in /etc/passwd can be modified with a text editor.

After login, /etc/profile is read first and then the user file ~/.profile. These files can be edited with a text editor to configure the language, any aliases, etc.

Example: ~/.profile

# ~/.profile: executed by Bourne-compatible login shells.
#

# Aliases.
alias ls='ls -F'
alias df='df -h'

# Env variables.
export EDITOR=nano

Bash Shell

If you wish to use the Bash (Bourne Again SHell), first as system administrator install bash. Then the system administrator must edit /etc/passwd to change the user's shell to /bin/bash. Finally copy ~/.profile to ~/.bashrc.

 # tazpkg get-install bash
 # nano /etc/passwd   ~ :/bin/bash
 hacker:~$ cp .profile .bashrc

The next time hacker logs in, bash will be the default shell; this can be confirmed by typing env on the command line and inspecting the SHELL variable.

Editors

Busybox supplies a clone of vi for normal text editing, but it does have its limitations. The full vim editor can be installed with:

 # tazpkg get-install vim

Or alternatively if you prefer emacs:

 # tazpkg get-install emacs

Sudo

The sudo command can be installed on SliTaz:

 # tazpkg get-install sudo

Note that the configuration file /etc/sudoers, should always be edited by the visudo command which locks the file and checks for errors.

System Time

To check the current system time, you can simply type:

$ date

TimeZone

On SliTaz, the timezone configuration is saved in /etc/TZ. This file can be edited with a text editor or simply the echo command. The available timezones are to be found in the /usr/share/zoneinfo directory.

Here's an example using the timezone Europe/London:

 # echo "Europe/London" > /etc/TZ

Rdate

To synchronize the system clock with a network time server, the system administrator can use the rdate -s command:

 # rdate -s tick.greyware.com

To display the time on the remote server, use the rdate -p command:

 $ rdate -p tick.greyware.com

Using NTP

NTP is a protocol to synchronize the time on many different systems via a network. NTP is a client-server application which uses UDP port 123. This section describes how to configure a system as an NTP client, deriving its time from the Internet. There are many servers available on the Internet which provide a NTP service.

Experience has shown that NTP servers seldom have a high availability, rather the opposite! This means it may not be such a good idea to configure a particular server as a time source, not even two or three. After a while none of them might be active any more and time is drifting freely! A better way is to use the service from ntp.org ( http://www.ntp.org/ ). They provide pools of NTP servers per country or region. Selecting one of these provides a more reliable connection to a NTP time source.

Although Slitaz is a small distribution, it provides several NTP implementations.

Most notably:

1: busybox ntpd (included in the base installation). Using busybox ntpd from the command line:

# busybox ntpd -p nl.pool.ntp.org  OR
# ntpd -p nl.pool.ntp.org

2: ntp.tazpkg (install from packages repository). To install ntp.tazpkg:

 # tazpkg get-install ntp

This package includes a decent set of ntp related binaries and the configuration file /etc/init.d/ntp

# tazpkg list-files ntp

Installed files with: ntp
=========================
/etc/init.d/ntp
/etc/ntp.conf
/usr/bin/calc_tickadj
/usr/bin/ntp-keygen
/usr/bin/ntp-wait
/usr/bin/ntpd
/usr/bin/ntpdate
/usr/bin/ntpdc
/usr/bin/ntpq
/usr/bin/ntptime
/usr/bin/ntptrace
/usr/bin/sntp
/usr/bin/tickadj
/usr/bin/update-leap

Be aware that Slitaz has several NTP daemons available. We have busybox ntp but also the ntp package. Both provide virtually the same functionality. If you have limited resources, the busybox version can provide all you need. If you want all the diagnostic stuff as well, you should rather go for installing ntp.tazpkg.

Starting ntpd at boot

Probably the easiest way to start busybox ntpd at boot is to add an entry like above to /etc/init.d/local.sh. The explanation below focuses on ntp.tazpkg. It is unclear which one was intended by the developers to be started by the Server Manager. This can be somewhat confusing. The verified way to configure the NTP daemon is to use the command line as detailed below.

To start /usr/bin/ntpd (from ntp.tazpkg) at boot:

1: Make sure to install the package as shown above .

2: Edit /etc/daemons.conf as follows:

Add one line at the end: 
 NTP_OPTIONS="-p xx.pool.ntp.org" (where xx = country.)

The NTP daemon reads it's options from /etc/daemons.conf. The configuration file /etc/ntp.conf, which is referred to by the Server Manager seems to be unused and may be deleted.

3: Edit /etc/rcS.conf as follows:

On the line with daemons to start, add ntp to the list:
 RUN_DAEMONS="inetd dbus hald slim firewall httpd ntp"

Make sure to enter just ntp, not ntpd! The name is a reference to /etc/init.d/ntp

These are the required steps. Reboot to verify everything is indeed working as expected.

Use the following to check if the daemon is running:

$ ps -ef | grep ntpd
 1934 root       0:00 /usr/bin/ntpd -p nl.pool.ntp.org
 2193 root       0:00 grep ntpd

In this example, the first line shows the process we want to see.

Use /etc/init.d/ntp {start | stop | restart} to control the NTP daemon or specify the full path (/usr/bin/ntpd). Using ntpd on the command line without the full path causes the busybox version to be invoked!

Verifying ntpd operation

The ntpq command can be used to verify connections to NTP servers

# ntpq -p nl.pool.ntp.org
     remote           refid      st t when poll reach   delay   offset  jitter
==============================================================================
*ntp0.nl.uu.net  .PPS.            1 u  632 1024  377    2.700    0.233   0.096
+ntp1.nl.uu.net  .PPS.            1 u  504 1024  377    1.742    0.356  41.789
-chime1.surfnet. 194.171.167.130  2 u  298 1024  377    0.677    0.102   0.134
+chime4.surfnet. .PPS.            1 u  422 1024  367    9.652   -2.669   0.366
 tt165.ripe.net  .STEP.          16 u    - 1024    0    0.000    0.000   0.000

The * at the start of a line indicates the server the system is currently synchronized to.

The column “st” shows the stratum or quality of the time source. 1 is best, 16 means unavailable.

Important to check are the columns “reach” and those behind. Reach should be 377, everything else means polls were missed. The NTP daemon should be running for a while to get reliable output.

Hwclock

The hwclock command enables synchronisation of the time of the hardware clock to the system clock or vice versa.

Synchronise the system clock to the hardware clock ( --utc = universal time, -l = local time ):

 # hwclock -w --utc

Synchronise the hardware clock to the system clock:

 # hwclock -s --utc

 hwclock -u, --utc | -l, --localtime

Indicates that the hardware clock is kept in Coordinated Universal Time or local time, respectively. It is the choice of the system administrator, whether to keep the clock in UTC or local time, but nothing in the clock tells which is choosen. So this option is how to give that information to the hardware clock. If the wrong one of these options is specified (or neither and a wrong default is taken), both setting and querying of the hardware clock will be messed up.

On slitaz, the hardware clock must always be set to UTC. The result of a non-UTC hardware clock setting is an incorrect time for the timezone.

Synchronising the hardware clock with NTP

There are several ways to set the hardware clock to NTP time:

 # busybox ntpd -dnqp nl.pool.ntp.org && hwclock -w -u

OR:

 # ntpdate -u nl.pool.ntp.org && hwclock -w -u

Alternative three: (quite old, may not work on all servers)

# rdate -s nl.pool.ntp.org && hwclock -w -u

Note that in all examples the -u option is used to set the hardware clock to UTC time.

Further reading: https://linux.die.net/man/8/hwclock

Execute scheduled commands

The daemon crond allows to run commands automatically at a scheduled specific date or time. This is very useful for routine tasks such as system administration. The directory cron uses is /var/spool/cron/crontabs.

Each user can have his or her own tasks; they are defined in the file /var/spool/cron/crontabs/user. This file can be created to order modified by any user with the crontab -e command, using the user's default text editor. The crontab utility allows (amongst other things), to list the user's tasks:

# crontab -l <== To list the crontab for user root.
OR:
# crontab -l -u tux <== To list the crontab for another user.
OR:
tux:~$ crontab -l <== To list the crontab for user tux.

The syntax of the crontab files is as follows:

 mm hh dd MMM DDD command > log

We will create a crontab file and test the daemon crond with a task performed every minute - writing the date to a file /tmp/crond.test.

 $ crontab -e

Insert the line:

 * * * * * date >> /tmp/crond.test

save and exit the editor.

When the system administrator has launched crond using the startup script:

 # /etc/init.d/crond start

after a few minutes the contents of the file: /tmp/crond.test can be viewed:

 $ cat /tmp/crond.test

To stop or restart the daemon crond:

 # /etc/init.d/crond stop
 Or :
 # /etc/init.d/crond restart

Invoke the daemon crond on every boot

To launch the daemon crond each time the system is booted, just add it to the variable START_DAEMONS in the configuration file /etc/rcS.conf, either before or after the web server or SSH server.

Add commands to be executed at boot

During the boot process, various scripts are executed to configure services, such as the start of the web server, networking, etc. On SliTaz there is a script /etc/init.d/local.sh which allows to add commands to be launched at system startup. Also new scripts can be created in /etc/init.d.

 # nano /etc/init.d/local.sh

Table of Contents