User Groups
In Linux and Windows, groups can greatly facilitate administration because they let you configure permissions for a set of users rather than many individual users. You define groups in Linux as you define users, within a single file—but for groups the file is /etc/group. Table 2 shows the contents of /etc/group. The format for an /etc/group entry is
group-name:password:GID:member1,
member2,...
The following entry is commonly found in Linux etc/group files:
sys::3:root,bin,adm
In this listing, the group name is sys, the group ID (GID) is 3, and the users root, bin, and adm belong to the group. (Again, like Windows, Linux uses numbers internally to represent actual objects such as users and groups and lets users reference those objects by using symbolic names, such as sys.) Notice that the sample /etc/group entry has no password field. Most groups in the /etc/group file don't have a password. In general, you can ignore the password field; however, you must place a field separator character (a colon—or :) in the password position even if you're not specifying an actual password.
To add a new group, you use the groupadd command. For example, to create the students group, you'd enter
# groupadd students
which creates the following entry in /etc/group:
students:x:700:
After you add a group, you can add users to it as you would to any other group. To add users to a group, you can either manually edit /etc/group or run the usermod command with the case-sensitive −G option, like this:
# usermod jdoe -G students,users
After you've created groups, you should apply group ownership (i.e., use commands to restrict access to certain directories by group) to the directories that you want to control. You do this by using two commands—chgrp and chmod—which I discuss later.
Deleting a group is similar to deleting a user. To delete a group, you use the groupdel command and specify the group you want to delete. For example, to delete the newly defined students group, you'd enter
# groupdel students
Before you delete a group, you should determine whether the group is currently being used by the system or by regular accounts. If so, you must first make sure that all users in the group have updated their file-ownership information to another group, if necessary.
The Linux File System
Linux and Windows both abstract the file system interface between the kernel and hardware by using file system drivers. This abstraction lets the kernel provide a standardized interface that can easily be modified to support newer technologies. (Linux actually provides access to both old and new file systems, including the Linux ext2 and ext3 file systems and DOS FAT, among others.) In general, you don't need to worry about the mechanics of how Linux stores and retrieves data from disk. However, you do need to know how to mount file systems (that is, make them available to users) and how to check and repair damaged file systems. In addition, you should have a good understanding of how to apply permissions to directories and files.
When you mount a file system in Linux, you attach it to the root file system so that users and applications can access it. Until you mount the file system, you can't access the files that are located in it. This procedure differs from Windows in that when Windows detects a disk with a known file system type, it immediately makes the disk available as a lettered drive. (Windows Server 2003, Windows XP, and Windows 2000 Server also support mounting file systems, so that you can extend the size of a current lettered drive by mounting a new disk on a directory on that drive.)
To mount a file system, you use the mount command, for example:
# mount /dev/cdrom /mnt/cdrom
This command mounts the file system on the disk in the CD-ROM drive to the /mnt/cdrom directory (/dev/cdrom simply refers to the actual CD-ROM device). After the file system is mounted, you can access the CD-ROM through /mnt/cdrom.
When you're finished with the file system, you should unmount it. To do so, use the umount command, as follows:
# umount /mnt/cdrom
Linux also understands FAT and FAT32 file systems and supports NTFS, but the NTFS support isn't reliable. However, unreliable NTFS support isn't a big problem because most production servers aren't dual-boot and thus don't share NTFS file systems.
In Windows, you can map a remote Server Message Block/Common Internet File System (SMB/CIFS) file system to a local drive letter by running the command
C:\ net use x: \\fileserver\files
In Linux, you can mount an NFS file system similarly, by running the mount command:
# mount fileserver:/files /mnt/files
Most modern Linux distributions also let you easily mount an SMB/CIFS file system, which you do by running the command
# mount -t smbfs //fileserver/files
/mnt/files
(The command wraps to two lines here because of space constraints.) This command mounts the SMB file-system type (-t smbfs) from the Windows server and the //fileserver/files share (which in Windows would be \\fileserver\files) on the local mount point /mnt/files.
You can automate much of the mount process, including having the system automatically mount a set of file systems at system startup. The /etc/fstab file contains information about devices, mount points, file-system types, and how to check for errors. By populating this file with the appropriate information, you can have the system do most file system mounts for you.
An entry in /etc/fstab looks similar to that in Figure 1. This entry specifies that /dev/cdrom should be mounted on /mnt/cdrom, Linux should determine the file system being used (auto), and the file system should be mounted as read-only (ro). The final two entries (0 and 2) are related to the dump system command and aren't important here—in general, just use the setting that Figure 1 shows.
You can now mount and unmount the CD-ROM by specifying only the directory, like this:
# mount /mnt/cdrom
# umount /mnt/cdrom
Linux will now mount the CD-ROM when the system boots. As you add new disks to your Linux system, you'll first format them by running the command
mkfs.ext3
(which is similar to the DOS Format command), then place the device entry in /etc/fstab so that the file system is available when the system boots.
Repairing File Systems
Linux file systems can be damaged just as Windows file systems can (e.g., during a power failure). Newer file systems, such as ext3 and ReiserFS, have journaling capabilities. This means that they behave like NTFS when they aren't properly unmounted before the system is rebooted: Instead of requiring a long file system−check when the system boots up, the newer Linux file systems quickly correct themselves. Although journaling ensures file system integrity, it offers no guarantee that you won't lose user data if the server suddenly loses power.
Sometimes you might want to force a file system check. In Windows, you can use the Scandisk or Chkdsk command to do this; in Linux, you must use the fsck (file system check) command, like this:
# fsck -c /dev/hda2
The sample command runs a file system check on /dev/hda2. Generally, you don't want to run fsck on a mounted, writeable file system. You should either unmount the file system, then run fsck, or mount the file
system as read-only instead of writeable. If the file system in question is the boot volume (e.g., /dev/hda1 in an IDE-based system), you should run the fsck command on the file system only when the Linux system is in single-user mode. You can determine whether the system is in single-user mode (called runlevel in Linux) by running the command
# telinit 1
Register
