In this lab we will review the mount commands, the /etc/fstab file, the /etc/ttys file and the dmesg utility. Using an editor of choice we will also modify the startup configuration file /etc/rc.conf. FreeBSD accesses several files during the start-up procedure and we need to know which ones we should edit for our custom configurations. Determine when to boot into single user mode (someone changed the root password?). Review the dmesg utility and various files in the /var/log directory. We will also configure the network using the ifconfig and /etc/rc.d/netif commands and review dhclient. Review the find and tar commands to locate and save files that have changed. (This you will need to complete your assignment)
You will only require a “standard” installation again with binaries
and docs only for the beginning of this lab but the later steps require
X as well. If you are reinstalling at this point then you can choose to
install both the basic X and KDE desktop system now.
As for every lab, you need to have a good understanding of the commands
(use the man pages to review) and read the relevant sections of the
FreeBSD manual.
/etc/ttys
/etc/rc.conf
If you choose a distribution that does no include the base X windows installation, when you try to install Gnome, KDE, or any other program that depends on X Windows, You will be asked to switch between CD1 and CD2 over 50 times, as it tries to install KDE for CD2 but had to keep going back to CD1 for the X dependancies. If this happens to you, it it faster to create a new virtual machine than switch the CDs.
Most of you are familiar with the bash shell from unix admin 1, (the bash shell is used more in the linux world rather than the unix world but is available if you prefer). It is not included in FreeBSD by default (Due to it being under the restrictive GPL license, rather than the liberal BSD license) so we will have to install it. We can install packages from our distribution media using sysinstall but we can also install from the command line using the pkg_add utility. See the BSD Handbook and the man pages for review of the mount commands and BSD Handbook on pkg_add. We will cover these topics in a later lab in more detail.
First use pkg_add to install the bash shell from the distribution media (ISO images)How did you mount the ISO images, what was your mount point?
_________________________________________________________________________________________
What file system type do CDs use?
_________________________________________________________________________________________
How did you find the bash package on the ISO images? What commands did you use?
_________________________________________________________________________________________
What remote location does the command pkg_add –r install from ?
_________________________________________________________________________________________
Change your account to use the bash shell - Change the default shell for your account with the chsh command. There is a program called chsh which allows ordinary users to change their shell. The chsh command will use the Environment variable setting in your account to find out what editor to use. By default it is set to the vi editor. You can change this environment variable to point to another editor eg: ee (easy editor). To change your environment variables if you are currently using the csh or tcsh shell you can use:
setenv EDITOR ee
setenv VISUAL ee
What command can you use to change the environment variable for your default
editor if you are using the bash shell?
_________________________________________________________________________________________
How would you change your default editor permanently (subsequent logins)?.
_________________________________________________________________________________________
Unlike linux which has run levels for different modes of operation,
BSD has only two modes. Multiuser and single user mode. Single user
mode can be used for maintenance tasks and recovering from software
errors or failed hardware. Single User mode is also used when your
system is at risk of a security breech. In single user mode there are
very limited resources by default, somewhat like safe mode in the
windows world.
If you have forgotten the root password or someone has changed it you
will not be able to log in using the root account. This means that you
would not have the privilege to change the root password. The only way
that you can change the root password is by knowing the existing
password or by booting into single user mode, which doesn't prompt for
the password.
One way to boot into single user mode is by choosing the single user
option (4) from the boot loader menu. If you have physical access to
the machine you can (by default) boot into single user mode. If we do
not have the root password then we cannot shutdown properly but we
could power down which is not recommended under normal circumstances.
Root can of course shutdown into single user at any time by the
shutdown now command. Power down and choose option 4 from the loader.
First you will see startup messages and then quite quickly there will
be a shell prompt. You will be asked if you want to use the default
shell or another shell? pressing Enter will give you the default shell.
Notice that you are not asked for a password (this is the default
behaviour and we say how to change this in the /etc/ttys file.) Single
user mode is a minimum system configuration. The only partition that is
mounted is / (root) and only mounted for read access. If we want to run
any programs like passwd to change the root password or any other
programs required for maintenance tasks we would need to know where the
program resides (which partition). If it is not on the root partition
then that partition must be mounted as well. If a partition has only
been mounted with read access and we need to write out any
configuration changes then the partition must be mounted for write
access.
mount -uw / (this command would upgrade the root (/) partition to write access).
Now try to run the passwd command to change the password.
What happens and why?
_________________________________________________________________________________________
_________________________________________________________________________________________
You will also have to mount any other partitions that hold the utilities
that you want to use. What utilities would you need to use to modify a file?
Do you have access to an editor and if not where would you find the editor?
_________________________________________________________________________________________
_________________________________________________________________________________________
mount -at ufs (this command will mount everything that is listed in
the /etc/fstab file that has a file type of ufs) There is a very good
reason why you wouldn't want to mount all file system types. An example
is nfs or (network file systems) and we will discuss this in the nfs lab.
Mount the partitions that you will need to modify the root password.
_________________________________________________________________________________________
_________________________________________________________________________________________
Once you are in single user mode then you can change the root password
(without knowing the original password) !!So can everyone else!!
This of course suggests that there should be some protection here.
What could we do to change that? There is an entry in the /etc/ttys
configuration file that controls whether a password must be entered at
single user mode. Setting this will make your system more secure
(from a physical access) but it also means that if you have forgotten
the root password you would not be able to recover using single user.
Edit the /etc/ttys and find the entry for this setting. What entry is it?
_________________________________________________________________________________________
As we saw during the installation we can configure the network with sysinstall. For those who really like menus this is fairly quick and easy. It is also very important to know which files are being modified and also how to make changes "on the fly" which is what system administrators often. These changes will not persist once the machine is rebooted, these are useful for testing, as if the new configuration is broken, you can just reboot the machine and it will return to the original configuration. This is especially recommend when building firewalls, incase you lock your self out of the system. Running sysinstall really doesn't require much discussion, it is quite straight forward and the fields will be very familiar to you.
test your configuration with ifconfig (what switches would you use?)
Check the man pages for switches and list them here.
_________________________________________________________________________________________
Running the configuration from sysinstall will modify all of the startup
scripts for you so that on the next boot dhclient will run. This is
good but as system administrators you will be making many changes
especially as you are testing. You could run the dhclient command
interactively as well as we saw in last weeks lab.
dhclient (interface name)
What is the name of our network card and how did you find out?
_________________________________________________________________________________________
Of course you could also configure your static network environment from sysinstall. Again all the changes will be made permanent for you. But first we want to test out our network configurations so let's take a look at ifconfig. Remember ifconfig -a will give you information on the devices and on the status of any networks that are configured. ifconfig can also be used to configure your networks
The long format:
ifconfig le0 inet 10.87.0.21 netmask 255.255.255.0 up
Normal:
ifconfig le0 10.87.0.21 netmask 255.255.255.0
Short:
ifconfig le0 10.87.0.21/255.255.255.0
Shortest: (/24 means '24 bit subnet mask' 255.255.255.0)
ifconfig le0 10.87.0.21/24
Simple and quick. In fact we can make it even simpler and quicker. The inet switch is to tell ifconfig that we are using IPv4 (the default), so we can leave that out. We can use /24 notation to describe the netmask and if it was a "class address" we could eliminate the netmask altogether, ifconfig would take the class default. We don't need the "up" keyword because again it defaults to bringing the interface up. So the command to start your network interface configured for the Internet just got a lot shorter. We will need more than the device configured for our network to work properly though. What about DNS and default gateways? Where do we put the DNS server entries? We will not be able to access any other networks without a default gateway.
ifconfig
netstat -rn
(gives you information on configured routes)
route add default 192.168.0.1
(change the ip to your default gateway)
hostname
(no parameters will show your hostname, or you can provide a new hostname)
Make a note of the commands that you used to configure your network using the 10.100.row0.seat
_________________________________________________________________________________________
_________________________________________________________________________________________
Using ifconfig and the route command to configure your network is very useful for troubleshooting and testing new devices but you will lose your settings on the next reboot. To retain your network configurations for subsequent boots then you must make the entries in the /etc/rc.conf file. We have two rc.conf files: /etc/defaults/rc.conf and /etc/rc.conf, we only edit the /etc/rc.conf. The system uses the /etc/defaults/rc.conf for the initial settings and the /etc/rc.conf file for your site’s custom configurations. We can use the /etc/defaults/rc.conf file for reference. We find the appropriate entries in the /etc/defaults/rc.conf configuration and if you want to override that default setting then you make the change to the /etc/rc.conf file. You will need to find all of the entries necessary for your new network configurations. Refer to the default startup file in /etc/defaults/rc.conf to see which entries that you will want to modify. The system takes the entries that are in /etc/defaults/rc.conf as the defaults. To override any of these entries you must enter them in the /etc/rc.conf file. There are 3 entries that are needed for the network configurations to be used at the next boot. You will need an IP address, default gateway, and a hostname.
See if you can find them in /etc/defaults/rc.conf and make a note of them here.
_________________________________________________________________________________________
_________________________________________________________________________________________
_________________________________________________________________________________________
Use the ee or vi editor to make these entries in the /etc/rc.conf
file. See the manual
for examples. The entry for the IP address is in the same format as
the ifconfig command you would use at the command line, except it is
treated as a variable:
ifconfig_le0="inet (static address) netmask (subnet mask)"
The entry for a DHCP client configuration would look similar but the IP
address portion would be replaced with the keyword DHCP:
ifconfig_le0="DHCP"
Once you have made the changes in your /etc/rc.conf, they
will not take effect until the next reboot, or, you can use the
command: /etc/rc.d/netif restart to apply the configuration
immediately. You will also need to run /etc/rc.d/routing restart
to apply the new default gateway. Changes to /etc/resolv.conf
take effect immediately.
During the installation procedure you must install the "X" server and the KDE or Gnome desktop environment before you can complete the following tasks. Two other settings must be added to the /etc/rc.conf file before your "X" environment will be configured properly. hald_enable="YES" dbus_enable="YES"
Once you have installed the basic X environment you could start X
from the prompt using your regular account with the command startx. This will start the X server
and using default settings will give us a Window Manager called
TWM. It is an old window manager but still quite useful. Window
managers provide extra functionality than a text based shell only.
Having multiple windows can be very useful for multiple tasks but there
is a cost in overhead and if you are managing a server you may not want
to even install "X". There are lots of window managers available for
the unix environments, examples of which are: Window Maker, and
AfterStep. There are also full blown Desktop environments like GNOME or
KDE. The advantage of a simple window manager over a full blown desk
top environment is "GUI capability" without the overhead. You could
also configure your system to have the X server started automatically
on boot. If X gets started at boot then we will need a login manager
like "kdm" or "xdm" to handle the authentication. To have X started at
boot time, and to select which login manager to use, you must modify
the terminal configuration file /etc/ttys.
The virtual terminal entry for virtual terminal ttyv8 (ALT F9, since
terminals are numbered from 0, and ttyv0 is F1) is set to "off". You
will need to set this entry to "on" and make sure that it points to the
"kdm" login manager.
How are the other virtual terminals used (remember alt F1- F8)?
_________________________________________________________________________________________
How does Alt-F1 differ from the other virtual terminals and how would you use it?
_________________________________________________________________________________________
We will be making lots of changes and will want to save our changes as we customize our systems. An easy way to do that is to copy any files that you have changed to your CSUnix account. You will need to set up networking and then you can scp the files.
tar -czf myfilename.tar /etc/rc.conf /home/username/somefile /etc/morefiles /boot/filename
Or you could put a list of all the files that you have changed into a file and pass that file name as an argument to tar (called an include list):
scp myfilename.tar 000123456@csu.mohawkcollege.ca:filename.tar
(Note: after the colon you can provide a path, if you do not,
the file will be saved in the root of your home directory)
To copy the file back next class, you would simply reverse the command:
scp 000123456@csu.mohawkcollege.ca:filename.tar myfilename.tar
Notice how the scp command is very similar to the cp (copy) command,
the only difference is that it allows you to provide a username and
a remote host, and copy the file to or from that remote machine.
You will need to be able to perform some or all of these tasks for the evaluations, so it is recommend that you make a list all of the commands and procedures that you needed to complete this, and subsequent labs, so you have it handy while practicing for evaluations.
Last updated: 2010/01/19
Updated by: Cheri Weaver
Written by: Cheri Weaver