User Management and Process Monitoring of UNIX Basics
User Management
System administrators' user reason includes establishing an account for all users in the system; and when changing the user environment, password
Group
Maintenance.
Analyze user needs
Whenever you need to increase the user, the system administrator will first analyze the user needs, for each account component, by using the default
Comment
Meet user needs. You can use the following options when viewing the default book option from sysadmsh.
Accounts> Defaults
Or SCOADMIN> Account Manager
When establishing an account, evaluate user needs and see if you need to modify the billing component. If the user uses only one application,
Consignment
This file is performed each time the .profile file is registered.
Default parameter, the default value is established (Default Parameter)
First, enter the user registration name, lowercase and three to eight characters; when filling in the annotation bar, you should include the identification information, such as the user
name,
Unit, phone number, etc. In addition, it is pointed out whether you are willing to create an account by default, or modify the account number.
If the
Use the default method to select NO. After determining the user you want to add, give the created file and directory, then execute / TCB /
LIB / UseShell directive, establish a user account, however, in UNIX system instructions, to pass sysadmsh or scoadmi
n can run this instruction. If you decide to change the user billing the default mode, choose Yes when you create an account, then you need to fill it.
Each column, at a suitable location, press
Specify user group
Each user must belong to at least one group. By default, the user registration group is Group. In a group, you also include reading, write
And execute the permissions of the file, additional user rights to that group, as the designated group-in. To change into a group
Available
NewGRP (c) instruction. When you increase your user, you can create a new group or attach to an existing group. Associated group
The information is stored in / etc / group. When adding users to create a new group, the group name will automatically add to / etc / group
Document. The group ID can be generated by the system or manually, but must be in the range of 100 to 60,000, and the ID below 100 is left.
For subsystems and other default groups. When managing a network system, you often need to specify GID (Group ID, Group ID), avoid
Free of all network nodes, so
It is best to choose the default group ID.
Specify logic shell
To know which shell works in the user, the SCO system can use the following different shells:
CSH: c shell.
Krn Shell, combined with the characteristics of Bourne Shell and C shell and instruction line editing.
RKSH: add restrictions of Korn shell.
RSH: plus restrictions of Bourne Shell.
Scosh: SCO Shell.
SH: Bourne Shell.
UUCP: UNIX to UNIX copy feature, it is not a shell, but the program running successfully.
The default shell is specified in / etc / default / authsh, from the / usr / lib / mkuser directory structure, take it
The registration shell table can be used.
Specify the primary directory
The default home directory is defined in / etc / default / authsh, from the / usr / lib / mkuser / homepaths file,
take
To the choice of the main directory. And create a new home directory for users. Specifying the user ID (UID) must be in 200
Until
Within 60000, specify in the / etc / default / authsh file, the UID must be unique to prevent online
on
Have the same UID, and once the UID is set, never change.
Specify user class
In addition, it is necessary to set up their categories for users, and the types are as follows:
-Individual: Personal note.
-Pseudo-usr: Set an account for each subsystem task, and if you register, your Pseudo USR account class, Operato
R,
Security Office and Administrator accounting classes are other names of Pseudo □ USR.
- You cannot set up SuperUser and Retired account classes.
If you want to use Su (c) (changed user standing command), the user must be specified as user class Individual.
take
With this domain, in order to use SU, the user must have a SU authorization, know the account password. Low, Traditional and IMPR
Oved
The SU authorization is given to the security default value. The SU authorization is not given under the HIGH security default value.
Give the user
When you create a new user account, you need to set up or do not select the initial password for the user.
-New: Now give a password, the user must be entered in this password when registering.
-Later: Don't give a password now, users can't register before you give a password.
-Blank: Give an empty password, users can register, but when registering, force users give a password.
-Remove: Does not give a password, users can register for password.
-Force Password Change: Decides whether to force users to force varying passwords when the user is registered.
Under High Security, you must generate a password for each user. If you give an initial password, you should tell the user his mouth.
Order, I hope that when he first registered, immediately modify this password, modify the password, don't choose others to easily guess
Password, such as name or birthday, etc., it is best to add a non-character in the password.
System Security: Modify User Default Account
In order to prevent the user's account registration to enter the system, ensure the integrity of the system, the system administrator needs repair
Change one
Some users' default accounts, and check the user's registration. First, the administrator will set the maximum number of unsuccessful registration,
Calculate
Use the number of incorrect password registration; when the maximum number of times is not successfully registered, set the lock user account and terminal. Such as
Fruit
Within the registration time, you still have not set the password, you can also lock the user's system, or even the root household. After successful registration, I hope to enjoy the priority CPU schedule, you can use the Nice (C) value to give the user shell and the process started by it.
Adjust the priority. The set value will be stored in / etc / system / default.
Monitor process management
The program is an executable (Process) is an instance that is running the program. SCO UNIX SYSTEM V supports many
The process runs simultaneously, and various systems create new processes by calling available processes, communicating with other process, and terminating others.
process.
Process family
When the new process is created, the kernel will assign a process identification number (PID) to it and add an explanation message to the process table. By one
A
The process creates another new process, the old process is the parent process, the new process is a child process. Most of the directive executed by the user shell is
it
The child process, the child process runs the instruction. The parent process allows multiple child processes to achieve tasks, etc., the processes are completed.
One
The parent process can have multiple child processes, but a child process has only one parent process.
Front desk and background process
After you are in the SHELL prompt, create a child process run command, the shell waits for the command to exit, then return to the user
The prompt, this command is running synchronously with the shell, ie runs at the front desk. Instructions to be opened at the shell prompt, if
The child process created by the shell runs this instruction, but does not wait for the instruction to exit, and return directly to the user prompts.
This instruction is running synchronously with the shell, ie runs at the station.
$ SLEEP 10 &
Elf process
The elf process is a process, which has no contact with the terminal and users, and some people like to call him a housemote. Elf completing some
cycle
Sex, usually it sleeps. Use the PS (c) instruction to see the elves, it has a question mark (?) In the TTY area.
-Sched: PID 0, which has completed the process of the process swaps between the storage bureau and the disk switch.
-Init: PID 1, the system automatically built the first user process, it is responsible for initializing the boot and registration process, that is, all non-
system
The ancestors of the process process. It will start the Getty process on the end port to start the Getty.
-VHAND: PID 2, page wizard, it frequently sends the page content to the switching area.
-BDFUSH: PID 3, regular refreshing high speed slow (default, refresh every 13 seconds)
-Logger: Archive system error message.
-Cron: Run jobs during dispatch.
-Ipsched: Print the wizard offline.
Orphan process
The orphan process is still active in the parent process, which is recognized by INIT (M) for the son. The zombie process is the process has terminated.
But
The process has not been revoked, because the parent process is not "waiting" it, the process table still retains this body, the process table is the zombie
Program
Consuming resources. With the creation of the new process, there is a large number of autopsies, but the total number is limited, so the production of new processes is affected.
Life.
The baby process is different from the zombie process, and does not affect system efficiency. Usually, it will be removed when the parent process died.
process.
If they have not been removed, INIT (M) should be inherited and removed. Monitor process
Monitor the number of processes, use to record the performance of the system; monitor the user's process, including hanging processes;
Carrier average
Value and other system performance issues. To display process information, you can report the PS (C) instruction report, process status. By default
,only
The message will be reported to the current terminal. If the user does not have root privileges, PS is only limited to the process, report
user
Process message. If the user has ROOT permissions, the process message of all users on all terminals will be reported.
$ PS-U Joana
--U
--T
The PS -elf instructions provide a message that needs to have F, S, C, PRI, NI, and Time fields.
-F is a tag, indicating that the process location, 20 denotes in memory, 0 means that the exchange is on the disk, and 31 is a system process.
-S is the status message, indicating the state, sleep or running.
-C is the percentage of the process occupies the CPU
-Time is the total time to spend CPU.
-Pri is the current priority of the process
-Ni is the Nice (ADM) menu of the process
How to create a process
When the process bifes a child process, you will enter your sleep state. At the beginning, the child process runs the same app for the parent process.
Introvert
Nuclear allocates a new PID. When the child progresses to perform new programs, keep the newly allocated PDI, the new program will replace the child
Cheng's original procedure. After the child process is completed, the kernel will move it from the system, then wake up the father process, the child process will retreat
Out.
Monitoring system loading
The UPTime (C) instruction displays the load mean (one minute, five minutes and fifteen minutes), that is, in the scheduled time, queuing operation
Enter
The average number of procedures: $ UPTIME W (C) The instruction generates the same load merit message as uptime (c), and who is in
Commission
What to do, if the user has root privilege, W reports the relevant information about all users. If there is no, only display with the user process
Have
Close information. PCPU (Process CPU, Process CPU Time) shows how long is a specific instruction has run. Control
The process, this check is useful. Joint CPU, conforming to CPI Time), showing a terminal involved
Total time for all processes.
The SAR (ADM) directive is a system activity report program that displays system resource accumulation utilization. Infit system bottleneck
(Bottleneck), SAR is a very good utility, the instruction syntax is as follows:
$ SAR [-Option] [Sample-Interval-Samples]
For example: $ SAR-U120
The -u option displays the CPU utilization. If the% IDLE is uniform, the use efficiency is rising, but the process of running is not
not
CPU cycle. For example, the process throughput is displayed, for example, using the -q option. If the% SWPOCC is greater than 20, exchange (SWAP)
Ping, you can use large memory to reduce exchange / negative activities.
