Chapter II

n
Host Management

o
ati
str
i ni
dm
kA
or
tw
Ne
d
an

1
 Contents
 Physical considerations of server room
 Booting and Shutting Down of an Operating System
 Installation and configuration of Software
 Structuring software
 Installation and configuration of devices and
drivers
 User management
 Local and network accounts
 Groups of users

2
 Contents
 Account policy
 Killing old processes
 Moving Users
 Deleting Users
 Security Perspective
 The privileged account’s or super user’s
environment
 Process management and monitoring
 Backup and Restoration
 Kernel customization
3
 Host
 host as being the fundamental object
in the human–computer system.
 Host management : give attention
to the role of the individual host
within such a network.

4
 Physical considerations of server room

 Critical hardware needs to be protected

from accidental and malicious damage.
 Any server room should have, at the very
least,
 a lockable door,
 probably cooling or ventilation equipment
to prevent the temperature from rising
above about 20 degrees Celsius and
some kind of anti-theft protection.
5
 Within the server area we have to
consider the following things:
 A reliable (uninterruptable) power supply is
needed for essential equipment.
 Single points of failure, e.g. network cables,
should be avoided.
 Hot standby equipment should be available for
minimal loss of uptime in case of failure.
 Replaceable hard disks should be considered with
RAID ( redundant array of independent disk)
protection for continuity.
 Protection from natural disasters like fire and
floods, and heating failure in cold countries
should be secured.
 Humans should not be able to touch equipment.
6
 1. Booting and Shutting Down of an Operating System
 The two most fundamental operations on a host
are to start it up and to shut it down
– One does not shut down any machine in the middle
of a crucial operation
– With multitasking operating system, it is not possible
to predict when the machine perform crucial
operation.
– every multitasking operating system provides a
procedure for shutting down safely.
 A safe shutdown
– avoids damage to disks by mechanical interruption,
– it also synchronizes hardware and memory caches,
making sure that no operation is left incomplete.

7
 Unix-like OS
 Booting
– Unix systems can boot in several different modes
or run levels. The most common modes are:
 multi-user mode: The default form for booting
 single-user mode: no external logins are permitted
 The purpose of single-user mode is to allow the
system administrator access to the system without
fear of interference from other users.
 The Unix boot procedure is controlled entirely by the
init program; init reads a configuration file called
/etc/inittab.
 Shutting Down
– Anyone can start a Unix-like system, but we have
to be an administrator or ‘superuser’ to shut one 8
down correctly
 The correct way to shut down a Unix
system is to run one of the following
programs.
 Halt: Stops the system immediately and without
warning.
-- All processes are killed
 Reboot: As halt, but the system reboots in the
default manner immediately.
 shutdown: This program is the recommended way
of shutting down the system.
 It is just a friendly user-interface to the other
programs, but it warns the users of the system about
the impending shutdown and allows them to finish
what they are doing before the system goes down.
9
 Here are some examples of the
shutdown command.
 shutdown -h +3 "System halting in
three minutes, please log out"
 shutdown -r +4 "System rebooting in
four minutes“
 -h option implies that the system will
halt and not reboot automatically.
 -r option implies that the system will
reboot automatically.
 The times are specified in minutes.
10
 Windows
 Booting and shutting down Windows is a trivial matter
 To boot the system, it is simply a matter of switching on the
power.
 To shut it down, one chooses shutdown from the Start Menu
 There is no direct equivalent of single-user mode for
Windows
 The Windows boot procedure on a PC begins with the
BIOS, or PC hardware.
 This performs a memory check and looks for a boot-
able disk.
 A boot-able disk is one which contains a master boot
record (MBR).

11
2. Installation and configuration of Software

 We need to install a third party software in order to get

useful work out of the host.
 We therefore need a thoughtful strategy for dealing
with software
 Free and proprietary software
 The Internet contains gigabytes of software for Linux
systems which cost nothing
 There are two kinds of software installation:
 the installation of software from binaries: for free software
 the installation of software from source: for proprietary
 Commercial software is usually installed from a CD
by running an installation program and following the
instructions carefully.
 Free software and open source software usually come
in source form and must therefore be compiled
12
 Structuring software
 The first step in installing software is to
decide where we want to keep it
 Software should be separated from the operating
system’s installed files,
 so that the OS can be reinstalled or upgraded
without ruining a software installation.
 Unix-like operating systems have a naming
convention.
 Compiled software can be collected in a
special area, with a bin directory and a lib
directory so that binaries and libraries
conform to the usual Unix conventions.
 This makes the system consistent and easy 13to
Unix has a naming standard for
directories:
 bin Binaries or executables for normal
user programs.
 sbin Binaries or executables for programs
which only system administrators
require.
 lib Libraries and support files for special
software.
 etc Configuration files
 share Files which might be shared by
several programs or host
14
 Installation and configuration of
devices and drivers

 After we install operating system we can

install different device drivers by using
different procedure.
-- Eg network driver, sound and etc
 If needed configuration is also possible
-- Eg configuring FTP,DHCP, DNS server

15
 3. User management

 User management is important because the system

exists to be used by human beings, and they are both
friend and enemy.
 Without users, there would be few challenges in
system administration.
 Users are both the reason that computers exist and their
greatest threat
 System administrators must cater to all needs, and
ensure the stability and security of the system.
16
 Issue
 User management is about interfacing humans to
computers. This brings to light a number of issues:
– Accounting: registering new users and deleting old ones.
– Comfort and convenience.
– Support services.
– Ethical issues.
– Trust management and security
 Some of these (account registration) are technological,
while others (support services) are human issue

17
 User registration
 One of the first issues on a new host is to issue accounts
for users.
 For small organizations, user registration is a relatively
simple matter.
 Users can be registered at a centralized location by the
system manager, and made available to all of the hosts
in the network by some sharing mechanism, such as a
login server, distributed authentication service or by
direct copying of the data
 For larger organizations, with many departments, user
registration is complicated
18
 Cont …
 Give users a common username on all hosts, of
no more than eight characters.
 Give them a common password on all hosts,
unless there is a special reason not to do so.
 Operating system designers provide virtually no
help for this task
 many solutions have been created by third parties
 There is no acceptable, standardized user
registration methods have been widely adopted
19
 Local and network accounts

 Most organizations need a system for centralizing

passwords, so that each user will have the same
password on each host on the network.
– Local accounts: a user has permission to use only the
local host.
-- it is configured on local host it self.
– Network accounts: a user can use any host which
belongs to a network domain.

20
 Groups of users

 A group is an association of usernames which can be

referred to collectively by a single name.
– Both Linux and Windows allow users to belong to multiple groups
– File and process permissions can be granted to a group of users.
 Groups are defined statically by the system administrator
 On Unix-like systems they are defined in the /etc/group file,
like this:
-- users::100:user1,mark,user2,user3
 name of the group, in this case, is users, with group-id 100
and members user1, mark, user2 and user3.

21
 Cont …
 NT also allows the creation of groups.
-- net group groupname /ADD
 Users may then be added with the syntax,
net group groupname username username2... /ADD
Some standard groups are defined by the system,
 Administrators
 Users
 Guest
 The Administrators group has privileged access to the
system.
22
 Account policy

 Most organizations need a strict policy for assigning

accounts and opening the system for users
– Policy rules are required for guiding user behavior, and
also for making system rules clear.
 An account policy should contain:
– Rules about what users are allowed/not allowed to do.
– Specifications of what mandatory enforcement users
can expect, e.g. cleanup of garbage files
– Any account policy should contain a clause about weak
passwords. 23
 User support services
 All users require help at some time or another
 Normal users are not privileged users means
that they must occasionally rely on a super
user to clean up a mess, or fix a problem
which is beyond their control.

24
 Support policy

– The amount of support that one offers users is a matter of

policy.
 One has the choice between supporting users directly,
and investing time in making them self-sufficient.
 Which of these two strategies depends on the nature
of the problem.
– Support can be directly or by making users self-sufficient via
 Training users
 Helping users
 Documenting and providing the answers to frequently asked
questions (FAQs)
25
 Controlling user resources
 Every system has a mixture of passive and
active users
– Passive users utilize the system often minimally,
quietly accepting the choices which have been
made for them.
– They seldom place great demands on the system
• Passive users can be a security risk, because they are not
aware of their actions.
– Active users, on the other hand, follow every detail
of system development
• They frequently find every error in the system and
contact system administrators frequently 26
 Resource consumption
– Control any resources used by any user,
• whether they be the number of printed pages sent to
the printer or the number of bytes written to the disk
– Disks fill up at an alarming rate.
– Users almost never throw away files unless they
have to
• To keep hosts working it is necessary to remove files,
not just add them.
• Quotas limit the amount of disk space users can have
access to

27
 Quotas and limits
 In a shared environment, all users share the
same machine resources.
 If one user is selfish that affects all of the other
 One way of protecting operating systems from
users and from faulty software is to place
quotas on the amount of system resources
which they are allowed.

28
 Cont…
– Disk quotas: Place fixed limits on the amount of
disk space which can be used per user
 The advantage of this is that the user cannot use
more storage than this limit.
 The disadvantage is that many software systems
need to generate/cache large temporary files (e.g.
compilers, or web browsers) and a fixed limit
means that these systems will fail to work as a user
approache his /her quota.
29
 Cont…
 CPU time limit: Some faulty software packages leave
processes running which consume valuable CPU cycles to no
purpose.
 Users of multiuser computer systems occasionally
steal CPU time by running huge programs which
make the system unusable for others.
 Policy decisions: Users collect garbage.
 To limit the amount of it, one can specify a system policy which
includes items of the form Users may not have mp3, wav, mpeg
etc. files on the system for more than one day.

30
 Killing old processes
 Processes sometimes do not get terminated when they
should.
 There are several reasons for this.
– Sometimes users forget to log out
– sometimes poorly written terminal software does not
properly kill its processes
– Program may be crash (enter into loop)
 One way to clean up processes in a work environment is
to look for user processes which have run for more than
a day.
 Cfengine can also be used to clean up old processes.
31
 Moving users
 When disk partitions become full, it is
necessary to move users from old partitions to
new ones.
– Moving users is a straightforward operation, but it
should be done with some caution.
– A user who is being moved should not be logged
in while the move is taking place, or files could be
copied incorrectly.

32
 Deleting old users
 Users who leave an organization eventually
need to be deleted from the system
 It is often advisable to keep old accounts for a
time in case the user actually returns, or
wishes to transfer data to a new location
 Whether or not this is acceptable must be a
question of policy

33
 Cont …
 Before deleting a user completely, a backup of
the data can be made for safe-keeping.
Then we have to remove the following:
 Account entry from the password database.
 Personal files.
 E-mail and voice mail and mailing lists.
 Removal from groups and lists (e.g. mailing
lists).
34
 Security perspective
 Security is the discipline of protecting interests and things of
value.
 Security spans a number of issues: reliability, integrity,
privacy, authenticity and – the heart of every security
problem – how far one is willing to trust the parts of a system.
 Let us mention a few of the ways in which the tenets of
security apply to the evaluation process.
1. Trust: The fundamental issue in any security system is where
one places one’s trust;
-- it is about deciding what is an acceptable risk.
For example, staff might trust students never to cheat

35
 Cont…
2.Reliability: The reliability of the examination procedure
must be secured against both malicious exploitation and
accidental error.
3. Integrity: Integrity concerns the ability to transmit
information, or intent, without alteration or error
4. Authenticity and identity: Students need to trust the
authenticity of the exam paper, or the problems they are
to answer.
5.Privacy: Finally, can the process of evaluation be
conducted with sufficient respect for individual privacy?
36
 4.The privileged account’s or super user’s environment

– What kind of user environment should the super user

have?
 Super user have the power to destroy the system,
or sabotage it
– the super user’s account should be configured to avoid
as many casual mistakes as possible.
– The privileged user should never log in directly (unless
the system is in single user mode).
– The privileged user should have a minimal environment,
should not read or reply to its own E-mail (this should
be sent to a system administration group),and should
never log in over an unencrypted channel.
37
 5.Process management and monitoring

 Process management: Processes, or running

programs, do not always complete in a timely fashion.
 Some buggy processes go amok( and consume CPU
cycles by executing infinite loops, others simply hang
and fail to disappear.
 On multiuser systems, terminals sometimes fail to
terminate their login processes properly and will
leave whole hierarchies of idle processes which do
not go away by themselves.
 This leads to a gradual filling of the process table.
38
 Cont …

 A process is a program in execution.

 It is a unit of work with in the system.
 Program is a passive entity, process is an active entity.
 Process needs resources to accomplish its task
• CPU, memory, I/O, files
• Initialization data
 Process termination requires reclaim of any reusable resources
 Process executes instructions sequentially, one at a time, until
completion.
• Typically system has many processes, some user, some operating
system running concurrently on one or more CPUs

39
 Process Management Activities
The operating system is responsible for the following
activities in connection with process management:
 Creating and deleting both user and system
processes
 Suspending and resuming processes
 Providing mechanisms for process synchronization
 Providing mechanisms for process communication
 Providing mechanisms for deadlock handling

40
 Cont…
• In the end, the accumulation of such processes
will prevent new programs from being started.
• Processes are killed with the kill command on
Unix-like systems, or with the Windows
Resource Kit’s kill command, or the Task
Manager

41
 Monitoring
• Having set policy and implemented it to some
degree, it is important to verify the success of this
programmed by measuring the state of the system.
• Various monitoring tools exist for this purpose,
depending upon the level at which we wish to
evaluate the system:
1. Machine performance level
2. Abstract policy level.

42
 Formatting and building file systems
 Disk formatting is a way of organizing and finding a way
around the surface of a disk.
 If a file system becomes damaged, it is possible to lose data.
 File system checking programs called disk doctors, e.g. the
Unix program fsck (filesystem check), can be used to repair
the operating system’s map of a disk
 In Unix File systems, data which lose their labelling get placed
for human inspection in a special directory which is found on
every partition, called lost+found.

43
 6.Backup and restoration
Backups are taking several copies of the data from primary storage to
secondary storage.
• We can lose information in many ways:
by accident, technical failure, natural.
• There are three types of backup
• Full Backup - a complete backup of all files on a partition
• Incremental Backup - refers to copying all files that have changed
since the previous full backup
• Cumulative Backup, also known as a Differential backup, is a type of
incremental that contains changes made to a file since the last full
backup.
44
Cont …

45
 Reasons for a backup plan include:

– Physical damage to a storage element (such as a disk) that

can result in data loss.
– People make mistakes and unhappy employees or external
hackers may breach security and maliciously destroy data.
– Software failures can destroy or lose data and viruses can
destroy data, impact data integrity, and halt key
operations.
– Physical security breaches can destroy equipment that
contains data and applications.
– Natural disasters and other events such as earthquakes,
lightning strikes, floods, tornados, hurricanes, accidents,
chemical spills, and power grid failures can cause not only
the loss of data but also the loss of an entire computer
facility. 46
 Reasons for Restorations
• The ability to recover from loss presupposes
that we have enough pieces of the system
from which to reconstruct it, should disaster
strike.
• If we have done an adequate job of backing up
the system, including special information
about its hardware configuration, then we will
not lose data, but we can still lose valuable
time.
47
 7.Kernel customization
• Kernel:- The portion of the OS code that
interacts directly with the computer hardware.
• Shell:- The portion that interfaces with the
applications and user.
• User interface:- The user can interact with the
shell using either the command line interface
(CLI) or graphical user interface (GUI).

48
• The operating system kernel is that most important
part of the system which drives the hardware of
the machine and shares it between multiple
processes.
• If the kernel does not work well, the system as a
whole will not work well.
• The main reason for making changes to the kernel
is to fix bugs and to upgrade system software, such
as support for new hardware; performance gains

49
 Cont…
The standard procedure for installing a new
kernel breaks a basic principle:
• don’t compatible with the operating system
distribution, as this will just be overwritten by
later upgrades.
• It also potentially breaks the principle of
reproducibility: the choices and parameters
which we choose for one host do not
necessarily apply for others.
50
 8.System performance tuning
• When is a fault not a fault? When it is an inefficiency.
performance of a computer to be unacceptably slow and
we become irritated.
• Efficiency and users’ perception of efficiency are usually
two separate things.
• System performance tuning is a complex subject, in which
no part of the system is sacrosanct.
• Although it is quite easy to pin-point general performance
problems,
• it is harder to make general recommendations to fix these

51
 Cont…
• In order to identify a problem, we must first
measure the performance.
• there are the two issues:
 user perception of performance
(interactive response time)
 system throughput and we have to choose
the criterion we wish to meet.

52
 Cont…
When the system is running slowly, it is natural
to look at what resources are being tested, i.e.
What processes are running
 How much available memory the system has
 Whether disks are being used excessively
 Whether the network is being used heavily
 What software dependencies the system has
(e.g. DNS, NFS).
53