Personal System Administration Guide

Chapter 1
Overview of System Administration

Underlying the applications and tools you use on your IRIS Ž is the IRIX (TM) operating system (a version of the UNIX Ž operating system). IRIX is much more flexible and powerful than traditional personal computer operating systems in these ways:

IRIX is a multiuser operating system, which means several users can work on the system simultaneously and maintain private files.

IRIX makes the IRIS a multi-tasking system, which means the IRIS can run several applications, print files, and update files simultaneously.

IRIX lets you connect the system to a network where you can transparently transfer files to and from another system or peripheral device.

IRIX lets you add a broad range of hardware peripherals such as printers, terminals, disk drives, and modems without additional software.

Along with the advanced capabilities of the IRIX operating system come certain responsibilities for setting up, maintaining, and troubleshooting it. This set of responsibilities is known as system administration. Click a topic below for more information.

"Choosing an Administrator and Privileged Users" describes the responsibilities and permission levels of different users.

"Using System Administration Tools" describes the System toolchest and the IRIX shell.

Choosing an Administrator and Privileged Users

You need to decide which people will be responsible for keeping the system in good running order and, if the system is connected to a network, who will work in conjunction with the network administrator to access network services.

About User Privileges and the Primary User

Because many people may use the same system, the system provides a built-in security scheme where you can grant different people different capabilities for changing the system. There are three levels of capability:

User:: Any person who has a login account on the system. When a User logs in, he can change only his personal work area. A User can run the graphical administration tools from the System toolchest, but the features of the tools that change system information are not available.
Privileged User:: A person whose login account includes administrative privileges. When a Privileged User logs in, he can change his personal work area, and can use the graphical administration tools to change or customize the entire system (for example, set up a disk or create a login account). There can be more than one Privileged User on the same system.
Administrator:: The person who can use the most privileged account, the root account. This person should have his own personal login account for daily use, but, when there are serious system problems to correct, the person logs in to the root account to change system information using the graphical tools or using the IRIX shell.
: The Administrator has all the capabilities of a Privileged User, plus the capability to change information in the root account (such as the password) and to log in to an IRIX shell as root. Because there is only one root account, there is only one Administrator per system. The System Manager window for a particular system includes the name of the system's Administrator so other users know who to contact for help.

In a large, secure, networked environment run by an experienced network administrator, the scheme could work in this manner:

The network administrator is the Administrator for every system; this means he is the only person who can use the root account, his name appears on the account, and only he knows the password.

The Administrator creates a standard personal login account for each person who will use a particular system; the average is three Users per system.

Out of all the Users, the Administrator selects one person to be responsible for maintaining the system daily; the Administrator adds administrative privileges to this person's account, making the person a Privileged User.

In a smaller, less secure environment where each person has one system, the scheme could work in this manner:

Each person is completely responsible for maintaining his own system. That person is both a Privileged User and the Administrator. Usually the person performs administrative tasks while logged in to his personal account. But when he must use the IRIX shell with administrative privileges, the person logs out and logs back in to the root account.

The Privileged User adds login accounts for other people who occasionally need to use the system. If one of these Users ever needs to perform administrative tasks, the Privileged User adds privileges to the User's account to make him a Privileged User.

For environments in which one person uses a particular system much more frequently than anyone else (where the person is essentially the system's owner), you can designate that person as the Primary User. The Primary User does not necessarily have any special access privileges; the person's name appears along with the Administrator's name in the system's System Manager window so other users know who uses the system regularly. There is only one Primary User per system.

Note: The System Setup tool supports the model where one person has one system which he must maintain. When you create a login account for a person using this tool, it designates that person as the Primary User, and also makes the person a Privileged User. If necessary, you can later use the User Manager to remove administrative privileges or assign the title of Primary User to someone else.

The Responsibilities of Privileged Users

A Privileged User can use administration tools to perform these tasks:

Setting up the system initially as a standalone system or as a member of an existing network. (See "Setting Up System Basics.")

Creating login accounts so all users of the system can access it. (See "Creating a User Login Account.") If the system will be connected to a network, the Administrator may work in conjunction with the network administrator.

Connecting any peripheral devices and configuring software so that the devices work properly. (See "Setting Up Peripheral Connections" and "Setting Up Printer Connections.")

Installing application software and updating system software. (Only the Administrator can do this at this time; see "Installing Software.")

Performing regular backups of the entire filesystem and, in some cases, of individual users' data, and restoring data when it is lost. (Only the Administrator can do this at this time; see "Backing Up and Restoring Files.")

Monitoring and troubleshooting the system to keep it working efficiently and properly. (See Chapter 6, "Managing Disk Space", and Chapter 7, "Maintaining the System", and Chapter 8, "Troubleshooting.")

If your system will be part of a network, the Privileged User is also responsible for:

Contacting the network administrator before connecting your system to the network. The network administrator provides information that you need to uniquely identify your system on the network and to ensure that the regular users of your system can have accounts on other systems on the network. (See "Setting Up Network Connections.")

Making all, some, or none of your system's directories available to all, some, or none of the other systems and users on the network. (See "Making Your Disk Space Available to Other Systems.")

Providing access to printers on other systems so the users of your system can send files to them. (See "Accessing a Printer Across the Network.")

Providing access to disk space that's available on other systems on the network. (See "Using Disk Space on Other Systems.")

The Network Administrator's Role

The responsibilities of a network administrator vary greatly from site to site. If you will be using the network, it's important to contact the network administrator to understand all the services that are available to you. In general, the network administrator is responsible for:

Setting up and maintaining the network so connections are reliable and data is transferred as quickly as possible.

Creating, maintaining, and periodically distributing a list of all systems and users so that each has a unique identity on the network.

Setting up and maintaining network services such as electronic mail and the Network Information Services (NIS).

For more information on network administration, see Chapter 15, "Understanding Silicon Graphics Networking Products,"Chapter 16, "Planning a Network," and Chapter 17, "Setting Up a Network" in the IRIX Advanced Site and Server Administration Guide.

Using System Administration Tools

As the Administrator or Privileged User you can use two different types of tools:

The System toolchest provides a collection of graphical system administration tools.

The IRIX shell accepts IRIX commands that you use for more advanced administrative tasks.

This online information describes how to use the graphical tools in the System toolchest to perform as many administration tasks as possible; in cases where no graphical tools support a task, you must use IRIX commands or edit system files. If you prefer to perform all administrative tasks without using the System toolchest, see the IRIX Advanced Site and Server Administration Guide (choose "Online Books" from the System toolchest, and look in the SGI_Admin bookshelf). Regardless of whether you edit system files manually or let the graphical tools do it for you, you are changing the same system files.

The System Toolchest

The administrative tools that you'll use most frequently are in the System toolchest menu; you run a tool by choosing it from the menu. The first tool in the menu is the System Manager. Tools that you use less frequently appear when you choose "System Admin Tools" from the Tools menu in the System Manager window.

The System toolchest includes these tools:

System Manager: Lets a User view which of the system's resources are available for use by other systems on the network, check the hardware and software inventory of the system, and get business card information about the system's Primary User and Administrator.

Lets a Privileged User run all the system administration tools and designate the Primary User. See also XXX (ch7, chosts stuff)
Disk Manager: Shows how much disk space you are using and how much is still available. Privileged Users can specify when the system should warn that the disk is nearly full. When you install a new disk, a Privileged User also uses this tool to specify a dirctory (mount point) from which to access the disk.
User Manager: Lets Users view information about their own and other people's login account, and lets them change business card information about their own account. Privileged Users can use the tool to create, change, and delete user login accounts.
NFS Mount Manager: Available only on systems that have the optional NFS software installed. Lets Privileged Users access (mount) directories on other systems so that Users can access the directories as if they resided on the local system.
Printer Manager: Lets Users view the list of available printers and drag printer icons onto their desktop for use. Lets Privileged Users set up the software for local or remote printers so the system can access the printers.
Software Manager: Lets Users view a list of installed software. Lets the Administrator install and remove software from the system's manufacturer.
Backup & Restore: Lets any User back up files and directories that are owned by the User. Lets the Administrator create full system backups from which you can restore the entire system in the event of a serious system software failure.
View System Log: Displays a log of all the system messages, and lets a Privileged User customize when and how the System Log Viewer should notify Users of system problems.
Run Confidence Tests: Displays a window that lets Users test various peripherals and system components, such as the mouse, keyboard, and monitor.

Logging In as root Through a Shell Window

Only the Administrator can perform administrative tasks that are not supported by the graphical tools since he must use the root account in a shell window. The home directory for the root account is the root (/) directory of the filesystem. The user logged in to the root account can move, change, and delete every file and directory on the system, regardless of who owns them and what type of permissions they have set. Be sure to create a password for this account that only the Administrator knows. (See "Designating the Administrator with the User Manager".)

Note: Some UNIX and IRIX documents refer to the user of the root account as the superuser rather than the Administrator.

When you're already logged in as a regular user, you can start a shell window and log in as root by following these steps:

Choose "Unix Shell" from the Desktop toolchest.

Position your cursor within the new window and type:

login root

Then press <Enter>.

If a prompt for a password appears, type the password then press <Enter>. If a prompt appears but the root account has no password, just press <Enter>. (See "Customizing System Account Information" to create, change, or remove a password.)

You are now logged in to the root account and are located in the root (/) directory. When you are logged in as root, the IRIX prompt is a pound sign (#) rather than a percent sign (%).

To log out of the root account, type:

logout

Then press <Enter>. The shell window disappears.

Send feedback to Technical Publications.