FSU

Root and Administrator Tasks: Process Management

Root and Administrator Tasks: Process Management

Root and Administrator Tasks: Process Management

If the keyword user is specified in a mount point defined in /etc/fstab, then many newer versions of the mount program will allow a user to mount or unmount that specific filesystem. (This is becoming a very smooth process in many distributions, and plugging in/removing a USB drive is now usually pleasant experience. While there is much flux here, some distributions are giving unique names such as the UUID name as part of the mount name; also, if you use LVM to create a volume group on a USB drive, then you can have a consistent logical name in /dev space.)

Root and Administrator Tasks: Process Management

Root and Administrator Tasks: Process Management

Root and Administrator Tasks: Process Management

Root and Administrator Limitations: Process Management

Root and Administrator Limitations: Process Management

Root and Administrator Limitations: Process Management

sudo: pseudo su, or how to set up safer su

sudo: pseudo su, or how to set up safer su

sudo: pseudo su, or how to set up safer su

# sudoers file.
#
# See the sudoers man page for the details on how to write a sudoers file.
#

# Host alias specification

# User alias specification

sudo: pseudo su, or how to set up safer su


# Cmnd alias specification

# Defaults specification

# User privilege specification
root	ALL=(ALL) ALL

# Uncomment to allow people in group wheel to run all commands
# %wheel	ALL=(ALL)	ALL

sudo: pseudo su, or how to set up safer su


# Same thing without a password
# %wheel	ALL=(ALL)	NOPASSWD: ALL

# Samples
# %users  ALL=/sbin/mount /cdrom,/sbin/umount /cdrom
# %users  localhost=/sbin/shutdown -h now

user1	monet=/usr/local/bin/suroot, /bin/su

System Load Average

``load average'' == average size of ready queue over sample period

System Load Average

Idle Time

Idle Time

iostat -c 1
Linux 2.6.27.24-170.2.68.fc10.x86_64 (localhost.localdomain) 	06/11/2009

avg-cpu:  %user   %nice %system %iowait  %steal   %idle
          57.04    0.20    0.97    0.07    0.00   41.73

avg-cpu:  %user   %nice %system %iowait  %steal   %idle
          50.50    0.00    0.00    0.99    0.00   48.51

avg-cpu:  %user   %nice %system %iowait  %steal   %idle
          51.36    0.00    0.25    0.00    0.00   48.39

Process Monitoring: ps

Process Monitoring: ps

Process Manipulation:

As a system administrator, you can adjust the priority of a process with renice:

renice +19 PID    ##  lowest priority (nice)
renice -19 PID    ## highest priority (not nice)

Example ps output from long, long ago

USER       PID %CPU %MEM   SZ  RSS TT STAT START   TIME COMMAND
-----------------------------------------------------------------------
kuncick   7467 40.1 1.3   124  364 pc D <  09:32   0:15 find / -name foo
kuncick   7419 16.6 1.3   124  364 pc D N  09:28   0:11 find ... 
kuncick   7529 39.4 1.2   100  320 pc R    09:35   0:01 find / -name foo 
kuncick   7528 35.8 1.2   112  324 pc R    09:35   0:15 find / -name foo 
root         1  0.0 0.0    52    0 ?  IW   Dec 18  0:24 /sbin/init - 
root         2  0.0 0.0     0    0 ?  D    Dec 18  0:08 pagedaemon 
root        75  0.0 0.4    48  108 ?  S    Dec 18 12:09 in.routed 
bynum     7328  0.0 0.1    48   24 pb S    09:24   0:00 rlogin

Example ps output from the more recent past

F   UID   PID  PPID PRI  NI   VSZ  RSS WCHAN  STAT TTY        TIME COMMAND
--------------------------------------------------------------------------
5     0  1778     1  24   0  1528  512 -      S    ?          0:00 /usr/sbin/apmd -p
 10 -w 5 -W -P /etc/sysconfig/apm-scripts/apmscript
5     0  1866     1  15   0  2144  880 -      S    ?          0:00 xinetd -stayalive
 -pidfile /var/run/xinetd.pid
1    51  1902     1  15   0  5992 2284 -      S    ?          0:00 sendmail: Queue
 runner@00:01:00 for /var/spool/clientmqueue
1    49  1949     1  25   0  5296 4012 -      S    ?          0:00 /usr/bin/jserver

Example ps output from the more recent past

4   500  2089  2068  15   0 18364 8948 schedu S    ?          0:00 /usr/bin/gnome-session 
SSH_AGENT_PID=2140 HOSTNAME=sophie.cs.fsu.edu TERM=dumb SHELL=/bin/bash HISTSIZE=1000 
QTDIR=/usr/lib/qt-3.1 USER=langley LS_COLORS= SSH_AUTH_SOCK=/tmp/ssh-sQIL2089/agent.2089 
PATH=/usr/kerberos/bin:/usr/local/bin:/usr/bin:/bin:/usr/X11R6/bin:/home/langley/bin 
MAIL=/var/spool/mail/langley PWD=/home/langley INPUTRC=/etc/inputrc XMODIFIERS=@im=none 
LANG=en_US.UTF-8 LAMHELPFILE=/etc/lam/lam-helpfile GDMSESSION=Default 
SSH_ASKPASS=/usr/libexec/openssh/gnome-ssh-askpass SHLVL=1 HOME=/home/langley 
LOGNAME=langley LESSOPEN=|/usr/bin/lesspipe.sh %s DISPLAY=:0 G_BROKEN_FILENAMES=1 
XAUTHORITY=/home/langley/.Xauthority
0     0  7601  7365  15   0 11320 5528 -      S    pts/1      0:00 emacs -nw

Many more features to ps

Many more features to ps

Some favorite ps variations:

ps itself can also act a bit like pstree

$ ps f
  PID TTY      STAT   TIME COMMAND
21915 pts/1    Ss     0:00 bash
22976 pts/1    S+     0:05  \_ emacs -nw 05-rootadmins.tex
27844 pts/2    Ss     0:00      \_ /bin/bash --noediting -i
17182 pts/2    R+     0:00          \_ ps f
18985 pts/0    Ss     0:00 bash
19153 pts/0    S+     0:00  \_ ssh langley@diablo.cs.fsu.edu

Making ps ultra-flexible

If you need to tailor ps output to arbitrary columns, you can use the -o option to specify exactly which columns you would like to display, and -k option to specify order:
$ ps k pid o pid,comm
  PID COMMAND
18985 bash
19153 ssh
21915 bash
22976 emacs
24527 ps
27844 bash

Making ps ultra-flexible

$ ps k comm o pid,comm
  PID COMMAND
18985 bash
21915 bash
27844 bash
22976 emacs
24729 ps
19153 ssh

Other process viewing tools

top example

[root@smtpin MailScanner]# top -b -n 1
top - 07:09:25 up 42 days, 20:18,  2 users,  load average: 1.34, 1.56, 1.79
Tasks: 166 total,   1 running, 165 sleeping,   0 stopped,   0 zombie
Cpu(s): 12.7% us,  1.6% sy,  0.0% ni, 84.3% id,  1.3% wa,  0.0% hi,  0.0% si
Mem:   4149124k total,  3794188k used,   354936k free,   202476k buffers
Swap:  4192956k total,     4960k used,  4187996k free,  2677940k cached

  PID USER      PR  NI  VIRT  RES  SHR S %CPU %MEM    TIME+  COMMAND
 5675 root      15   0 68888  58m 2788 S    4  1.4   0:03.08 MailScanner
 5686 root      15   0  3520  900  676 R    2  0.0   0:00.01 top
26663 root      16   0 38616  29m 3464 S    2  0.7   0:29.90 MailScanner
    1 root      16   0  1980  548  468 S    0  0.0   0:45.81 init

pstree example

init-+-MailScanner
     |-MailScanner-+-16*[MailScanner]
     |             `-4*[MailScanner---MailScanner]
     +-acpid
     +-atd
     +-clamd
     +-crond
     +-cups-config-dae
     +-cupsd

Root remedies for sluggish system

System clogged by many identical jobs → restarting and limiting

Real world example:

You log into a mail server and find a high load 
average, and many, many sendmail processes running 
on the machine. Doing an mailq reveals that 
there are many, many undelivered messages. It turns that out the network that 
this machine normally uses to send mail out was down for a few hours and a lot
of mail has accumulated.

Root remedies for sluggish system

This system should have its queues cleared. To do this efficiently, you decide to stop further incoming mail until you have cleared out the older, undelivered email. You can stop sendmail with something like:

/etc/init.d/sendmail stop

Root remedies for sluggish system

or, if you have killall:

killall sendmail

Root remedies for sluggish system

However, that only stops sendmail.

You now need to clear some of the queue. One way to do this is with the -qf option:

/usr/sbin/sendmail -qf -v

Root remedies for sluggish system

This leaves this new sendmail process running in the 
foreground just as a queue handler, running 
``verbosely'' so that you can see exactly what it is 
doing, and how long it is taking. 

Root remedies for sluggish system

Starting a few of these foreground queue handlers will allow the queues 
to clear more quickly than if you just turn on the 
regular incoming email and a single background
queue handler.

Root root remedies for sluggish system

Another example:

One process has been running for a long time and is 
accumulating a lot of processor time (for instance, top
shows it at the top of the list consistently) → typically,
this can be cleaned up by simply killing that one process. (If this is an
ordinary user process, this is
often the result of a controlling terminal having gone awry.)

Root remedies for sluggish system

Root remedies for sluggish system

Windows Administrator Powers

Windows Administrator Powers

Windows Administrator Powers

Windows Administrator Powers

Windows Administrator Powers

Windows Administrator Powers

The future?

Administrators, by definition, have much more access to systems than ordinary users.

Permissions have not generally been enforced for privileged processes. However, with systems such as SeLinux and TOMOYO, we are now seeing enforcement of security policies even for privileged processes -- this can be disconcerting to system administrators who are used to privileged processes having free rein.