I want to introduce you to a few of these handy, but little-known, Linux administration tools.

Figure 1

w

The w command is a very simple tool that displays to you who is logged onto a system, when they logged in, and what processes they are using. This command is incredibly simple to use, just issue the command w and you will receive output similar to that shown in Figure 1.

As you can see the user jlwallen (that’s me) has been logged in since 14:19 and has four processes running.

iostat

Figure 2

The iostat command (part of the sysstat program) will report CPU statistics and I/O statistics. As you can see, in Figure 2, iostat is broken into three sections:

Information: Information about kernel, hostname, date, and architecture.

Avg-CPU: This section gives you all of the information about your CPU on different levels (user, system, I/O, involuntary wait, and idle).

Device: This section offers statistics on a per physical device basis.

Figure 3

mpstat

The mpstat command will display a per-processor listing of processes. If you issue the command mpstat -P ALL you will see a listing of your processes for each CPU (see Figure 3). This command will report processes on a user, idle, nice, system, irq, involuntary wait, and guest level.

Instead of running this on all processors you can specify a processor with the -P argument.

Figure 4

pmap

This tool is more used for developers as it will report bottlenecks in memory. You have to use it on a process ID (PID) like so:

pmap -d PID

Where PID is the actual process ID of the program you want to check.

As I already mentioned, the information output from this command will be helpful for developers and not much more.

Figure 5

ss

The socket statistics command will give you output of all network sockets on your system. As you can see (in Figure 5) there are a lot of sockets to list on the average computer. This command is similar to netstat but is much faster at reporting. Figure 5 illustrates how ss does its reporting. Here you see localhost as well as some private IP addresses connecting to sockets on this particular machine.

Figure 6

iptraf

The iptraf tool is one of my favorite text-based network monitoring tools. You won’t find iptraf installed by default (it’s generally in the default repositories for distributions, so it’s easy to install). Once you have iptraf installed you can start it by issuing the command iptraf. This tool allows you to create filters which can monitor specific network devices, addresses, packets, ports, and more.

Conclusion

The Linux operating system offers a ton of administration tools. Since many of those tools are commands, they wind up disappearing in obscurity. Here you have seen a few of those obscure commands. If you need more information on any of these commands you can check out the man page for each.

In this article, I am going to introduce you to an outstanding graphical tool, found in the GNOME desktop of Ubuntu 9.10, that allows you to manage both users and groups. Because this tool is a part of the GNOME desktop, there will be no need for any installation (that is, if you already have GNOME installed). So getting up to speed is just a matter of firing up the tool and understanding how it works.

Finding the tool

Figure 1

The user and group management tool can be found in the Administration sub-menu of the System menu. The entry is this menu will be labeled “Users and Groups”. When you first fire this tool (see Figure 1) up you will notice you can’t really do anything. Before you actually use this tool you have to unlock it by authenticating with your users’ sudo password.  To unlock this window click the small “key” button (in between the Help and Close buttons) and then enter your sudo password. When you do this the rest of the buttons will become available. Now you can click on a user and modify that users’ properties. But before we look at a users’ properties, let’s do the following:.

• Create a new user.
• Create a new group
• Add the new user to the new group.

Creating a new user

Figure 2

In order to create a new user, first click the Add user button. This will bring up a new window (see Figure 2) where you enter all of the information you you need for your new user. You will want to pay close attention to the User Privileges tab where you can add or remove rights for a user. For example: Say you have VirtualBox installed and you want the new user to be able to use this virtual machine management tool. To give this new user rights you will need to click the check box associated with VirtualBox in the User Privileges tab.  And say you do not want to allow your users to monitor system logs. You can uncheck that box in the same tab.

In the Advanced tab you can assign the new user to a main group, assign the user a home directory, change the user ID, and change the default shell for the user. Typically the defaults will be just fine.

Create a new group

Figure 3

To create a new group click the Manage Groups button. When the new window opens (see Figure 3) you will see listing of all the groups currently on your system. You can add new groups or edit the properties of an already existing group.

In order to create a new group click the Add Group button, which will open the Add Group window (see Figure 4). Here you can do three things:

• Name a new group.
• Give the group a GID (Group ID number).
• Add users to the new group.

Figure 4

You can add as many users as you like to the new group. Just click the check box associated with the user you want and then click OK. The new group will be added and the users added to the group.

Final thoughts

Of course all of these actions can be handled via the command line, but for many administrators a GUI goes a long way to make the daily grind a little easier. The administration of users and groups is one such task that greatly benefits from this philosophy.

Relax. Ubuntu was created so that “su” access wasn’t necessary. Instead Ubuntu employes the “sudo” utility which adds the standard user to the administrative group. Why did they do this? Simple. Ubuntu’s goal is to make their distribution the most user-friendly available. To that end the developers felt it necessary to “remove” the root user because the average user had little to no experience with such a beast. The average user certainly didn’t have to have “root” privileges to get around in the Windows operating system. Ubuntu figured this was the way to go. There were two ways around this – make the standard user a root user or just emply sudo and create an administrative group the standard user would belong to. Now the standard user could undertake admin tasks without having to understand the concept of a standard user versus a root user.

When you install Ubuntu you created a user and that user has a password. To handle most any “administrative” task all they have to do is use the “sudo” command so they can run commands as a different (in this case the administrative) user.

So if you want to issue a command that requires administrative access you would issue it by way of the sudo command like so:

sudo ADMIN_TASK

Where ADMIN_TASK is the actual administrative task you want to run. When you hit enter you will be asked for your password, at which point you will enter your standard user password.

But What About “su”?

I have run into instances where I have wanted to have actual root access. Although I don’t really recommend this (It is actually best to stick with the setup Ubuntu has created), you can create a root password by issuing the command:

sudo passwd root

When you press enter you will be prompted (twice) for a new password. Once you enter the password the second time your root password will be ready to use.

/etc/sudoers

The /etc/sudoers file is where you configure sudo. This file shouldn’t really be monkied with as the default should work perfectly for you. There is one particular line you should definitely avoid (of course I have to point it out so you will know which one to avoid.) Take a look at this line:

# %sudo ALL=NOPASSWD: ALL

You probably have a good guess as to what that line would do if it were uncommented. Allow the sudo user access to root privileges without having to use a password. This should remain commented out so this option isn’t available.

Final Thoughts

The Ubuntu distribution has created one of the most user-friendly setups in Linux land. Taking advantage of sudo is one of the many ways Ubuntu achieves such a state. Understanding the sudo system will keep new Ubuntu users from pulling out their hair as they attempt to gain root privileges. New users? Nothing to see here…just go about your business. ;-)

dmesg

When I have a problem (or when I am attaching a usb device) one of the first places I go is the dmesg command. The dmesg command prints out the kernel keyring buffer. The information you will get will be all of the information you do not see when your system is booting. This is a great place to get information (low level) on your hardware. On one of my laptops, I run dmesg and near the top I see:

Phoenix BIOS detected: BIOS may corrupt low RAM, working it around.
last_pfn = 0x7f6d0 max_arch_pfn = 0x100000
x86 PAT enabled: cpu 0, old 0x7040600070406, new 0x7010600070106
kernel direct mapping tables up to 38000000 @ 10000-15000
Using x86 segment limits to approximate NX protection
RAMDISK: 37c6a000 - 37fef4a2


From that I can tell I have a Phoenix bios. Pretty obvious. A little later I see:

Security Framework initialized
SELinux:  Initializing.
SELinux:  Starting in permissive mode

Now I know Security Enhanced Linux is starting, in permissive mode, at bootup. And even further on down the line I see:

CPU1: Intel(R) Pentium(R) Dual  CPU  T2390  @ 1.86GHz stepping 0d
checking TSC synchronization [CPU#0 -> CPU#1]: passed.
Brought up 2 CPUs
Total of 2 processors activated (7447.76 BogoMIPS)

The above shows me information about my CPU. Good to know.

The most important information you will probably get from dmesg is the information regarding attached USB devices. When you plug in a USB device you will need to know what special device this is attached to so you can mount it. This will occur at the bottom of the dmesg command output.

The output of dmesg is quite long and will scroll by very quickly. When I run this command I always pipe it through the less command like so:

dmesg | less

This way I can view the output one page at a time.

/var/log

This special directory is the Mac Daddy of information gathering. Fire up a terminal window and issue the command ls /var/log/ and see what it contains. You see, included in this listing, such log files and log directories as:

• boot.log – boot information
• cron – cron logs
• cups – directory of all printing logs
• httpd – Apache logs
• mail – Mail server logs
• maillog – The mail log
• messages – Post-boot kernel information
• secure – Security log
• Xorg.0.log – X Server log

You can see the listing of log files in the /var/log directory, but in order to actually read the log files you have to be the root user (or use sudo).

Viewing with tail

One of the handiest methods of viewing log files is using the tail command. What tail does is follow the running output of a log file. For instance if I want to follow my /var/log/secure log to watch for security issues I would enter the command tail -f /var/log/secure. The f switch tells tail to follow. If  you don’t add the f switch tail will just list the output all at once (as if you just issued less /var/log/secure.)

Final Thougths

There is so much information to be gained from reading log files. The Linux operating system makes reading log files easy, once you know which log file does what. Take a poke around /var/log to find out exactly what you have and where you need to look for the problem you are having.

The software Application Monitor can come in handy for users who run servers of any kind on their computer or who like to download files when they are sleeping or not near the computer. Nothing’s worse than to wake up to realize that the application that controlled the download crashed ten minutes after going to bed.

Application Monitor will monitor applications added by the user in selected intervals. If the software program notices that an application is not running anymore – because of a crash, program termination or other reasons – it will restart it automatically.

All that needs to be done to monitor a new application is to enter a name and point the Application Monitor to the application’s path. It is possible to add arguments that will be executed when the program starts and to change the interval from 2 minutes to a different one.

The system administrator can be notified by email regularly and all events will be logged on the system’s hard drive by default.

Application Monitor is a portable software that requires the Microsoft .net Framework 1.1 to run.

Update: Application Monitor has not been updated in a long time. The program is still listed on the developer website though. A test under Windows 7 confirmed however that it is running fine under the new operating system. The project seems to have been abandoned though.