20061020
From Wsms
previous next
GO TO:
Linux Class Notes
Basic log files and security tools
PAM modules
PAM stands for Pluggable Authentication Modules. It is an API for configuring authentication and is used to upgrade the authentication methods without having to rewrite all the related programs (ftp, login, etc.).
Let's look at the chfn program as an example. This command requires user authentication.
[ggeller@rop ~] chfn -o 999 Changing finger informaion for ggeller. Password: Finger information changed.
How do we know that chfn uses pam? One way to tell is to use the ldd command to see what libraries chfn requires. You can't do this on our classroom's shared server. You can do it as root on the Fedora system you installed under Microsoft Virtual PC:
[root@localhost ~]# ldd /usr/bin/chfn
linux-gate.so.1 => (0x00bf3000)
libcrypt.so.1 => /lib/libcrypt.so.1 (0x07a26000)
libpam.so.0 => /lib/libpam.so.0 (0x004bc000)
libpam_misc.so.0 => /lib/libpam_misc.so.0 (0x006cc000)
libselinux.so.1 => /lib/libselinux.so.1 (0x07210000)
libc.so.6 => /lib/libc.so.6 (0x00597000)
libdl.so.2 => /lib/libdl.so.2 (0x006f3000)
libaudit.so.0 => /lib/libaudit.so.0 (0x004a9000)
libsepol.so.1 => /lib/libsepol.so.1 (0x072b6000)
/lib/ld-linux.so.2 (0x0057a000)
Noticed that the chfn program asked for the password. To do so, it made used one of the pam libraries.
For documentation, see man PAM, or point a browser to file:///usr/share/doc/pam-0.99.5.0/html/pam.html. Before pam, applications programmers had to create their own authentication code. This was a problem. To start with different programs might adopt different interfaces and confuse the users. Also, there was no good way for sysadmins to modify policies and make sure the system was being used appropriatly.
We will be covering more aspects of pam later in the course.
Q. Can you set up your machine to kick off a user at 5 PM?
A. Yes. But you have to install some extra software.
It is not automaic.
You will have to do some scripting.
Q. What about inactivity?
A. There is a inactivity timer you can set.
Boot linux in the single user mode
If the graphics on your linux machine don't work when you boot, get into a command line with Ctrl-Alt-F1 and login as root. Then change /etc/inittab
cd /etc vi inittab
Change the initdefault from 5 to 2.
The Ctrl-Alt-F1 to reach a virtual terminal works with real machine and with Microsoft Virtual PC. It does not work with VMWare Player.
Another way to get access is to go into the single user mode at startup. See [1] This method works with VMWare Player, Microsoft Virtual PC and on real machines.
Briefly, when you see the grub menu at boot time, use the instructions provided and add the word single after the linux line before booting. Edit /etc/inittab as above.
That doesn't solve the problem of fixing your graphics screen. To do that you have to fix /etc/X11/xorg.conf. First make a backup of your current xorg.conf. Then you can edit xorg.conf with vi if you are knowlegable and brave or fool-hardy.
Another utility you can try is setup, which you run from a root terminal.
Functions and bash scripting
Writing a function in bash:
[amellina@rop ~]$ function hi_there()
> {
> echo "hello world"
> }
[amellina@rop ~]$ hi_there
hello world
Writing a bash shell script:
[amellina@rop ~]$ vi hi_there.sh
Save the file, then you can execute it with:
[amellina@rop ~]$ . hi_there.sh hello world [amellina@rop ~]$ source hi_there.sh hello world [amellina@rop ~]$ chmod +x hi_there.sh [amellina@rop ~]$ ./hi_there.sh hello world [amellina@rop ~]$ mkdir bin [amellina@rop ~]$ mv hi_there.sh bin [amellina@rop ~]$ hi_there hello world
The last way to run it works because ~/bin is in your PATH.
[amellina@rop ~]$ echo $PATH /usr/kerberos/bin:/usr/local/bin:/bin:/usr/bin:/home/amellina/bin
When bash tries to execute a command it looks for the command in each of the directories of your path in the sequence they are listed in you PATH variable.
Suppose the first line of hi_there.sh was "#!/bin/bas". You get a different error message:
[amellina@rop ~]$ hi_there.sh -bash: /home/amellina/bin/hi_there.sh: /bin/bas: bad interpreter: No such file or directory
Bash is telling you that there is no /bin/bas file. However, source hi_there.sh or . source hi_there.sh will still work.
Use the --version option to find out what version of bash you are using:
[amellina@rop ~]$ bash --version GNU bash, version 3.1.7(1)-release (i386-redhat-linux-gnu) Copyright (C) 2005 Free Software Foundation, Inc.
You can also use rpm:
[amellina@rop ~]$ rpm -q bash bash-3.1-6.2
When you run a script with . or source, it is running in the same context. Any variables that are set in the script will be available after the script is run. For an example of this see the line in that says ". /etc/init.d/functions" in /etc/init.d/kudzu.
Note: if you do bash -v, you put bash in the verbose mode. Then it echos everything back to you as it executes.
Factorial_bash_script is Angelica's creation. It computes factorials of integers. Try pasting the code into your own script named fact.
Today's take-home lesson: You can do some cool stuff in bash, even though it is not a really good programming language. We will be studying perl later. Perl is a much better language.
