Advice on best practice for creating sysadmin scripts
Linux - ServerThis forum is for the discussion of Linux Software used in a server related context.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Advice on best practice for creating sysadmin scripts
Hi
Over the last day I've successfully configured a dynamic name server with bind . This is working, but I'm not convinced I've placed the scripts I've created in the best locations.
My home network connects to the internet via a netgear router. I've written a series of scripts that query the router for the ip address, query the dns server for ip address and if they don't match then send an update. Currently all my scripts sit in /root/ipupdate and all are owned by root. The primary script /root/ipupdate/update is kicked off by a cron job ever five minutes and is run as root.
Although this all works, it doesn't feel like I've got the most sensible set up in the world. I guess my questions are:
Where should I place the scripts that do the work
As non of the scripts need to be run as root, is it ok to run them as root? (I'm guessing not)
(Which user should these scripts run as?)
I'm placing the cron job in /etc/crontab, is this the best location for system admin tasks?
I've never totally understood the Linux file structure, which is why I tend to place everything in the home directory of the user I'm work as.
Apologies if this is in the wrong forum. As I think I'm asking a system/server administration question I thought this forums was the most appropriate. If there is a better forum, then please move this post.
This shouldn't be accessible to normal users so roots home dir is a perfectly valid location. If you created a script for anyone to use you'd probably want to put it under /usr/local/bin.
I'm not quite clear on the logic of your solution though, what's the purpose of the zone your dns server is hosting and is it internet facing ?
My though was that from a security standpoint any script that does not need root access should not be run as root. Problem is I don't know which user to run them as, or where to put them.
The set up is not important to my question, but for completeness, this is what I'm doing.
I have a vps on the internet running named that I use to host some sites.
I have a low spec centos web/ftp/mail development server sitting in the DMZ of my home network. When its finally configured correctly this will be shared between myself and I friend I work with. The machine used to live at his house, as he has a static IP address and I have a dynamic one, but as I'm the one more confident administering the server we decided to move it to my house and see if I could configure dynamic DNS using our VPS.
The scripts I'm asking about sit on the server at my home, kicked off by crond every five minutes and basically do the following:
user curl to access the admin interface to the netgear router to get the external ip address
use the 'host' command to get the ip address for our domain from the external dns serve
If my IP address is reassigned, then the two above ip's wont match. Then an nsupdate command is issued to set the new ip
Where should I place the scripts that do the work?
Totally site / environment dependent. In the past, I've placed cronjob scripts in a few different locations, depending on use:
/root/scripts
/usr/local/bin
/usr/local/deptscripts (for a large collection of scripts that logically go together)
Quote:
Originally Posted by pernest
As non of the scripts need to be run as root, is it ok to run them as root? (I'm guessing not)
(Which user should these scripts run as?)
You're correct. You should run your scripts with the least level of privilege required to do the job. (Select the user based on what the script is doing, and what permissions it needs. I have set up service accounts for exactly this sort of thing, when needed.)
Quote:
Originally Posted by pernest
I'm placing the cron job in /etc/crontab, is this the best location for system admin tasks?
As you know, you have at least three options:
/etc/crontab
/etc/cron.d
the user's crontab (usually in /var/spool/cron/, and edited using "crontab -e")
Your selection was not a bad one. Personally, I prefer to use /etc/cron.d to avoid cluttering up /etc/crontab. The user's crontab is also fine, but IMO it makes it easier to "forget" that you have cronjobs running for a particular user.
Quote:
Originally Posted by pernest
I've never totally understood the Linux file structure, which is why I tend to place everything in the home directory of the user I'm work as.
Read the manpages for hier(7). That may help, or it may further muddy the waters.
I've read the man page for the file system hierarchy and it has answered some questions, but probably raised even more! I guess my main problem is that I don't fully understand what should go into the /usr directory and which system users have access to it.
Is the existence of the /usr directory a result of the common set up that *nix machines used to have? In that you would have a centralized server and group of machines that would connect to it. Then the individual user machines would only need enough file system to get them to boot (/bin and /sbin), but once they were booted, they could mount the /usr directory to get at the other software they needed from (/usr/bin and /usr/sbin). Have I got that totally wrong?
I feel that if I were to scatter scripts into /usr/bin that it would be a maintenance nightmare, so even though I only have four scripts, is there a good reason that I shouldn't put them into a project subdirectory of /usr/bin?
The thing I'm now most unsure of is the user to add to execute these scripts. With the command:
Code:
useradd -s /sbin/nologin ipupdate
am I correct in thinking that this will create a new user called ipupdate, with no home directory and that does not have a shell loging? Can I use such a user to execute the ip update scripts I've described above? Is this the most appropriate user to create?
The difficulty with Linux sometimes is understanding that this is often (always) more than one correct way to get the job done.
With regards to file locations most are just conventions, which, over time are changed depending on either the distribution or other factors.
For instance, a shell script you write to do system administration tasks could be located anywhere really depending on which convention you want to use, system administrators that previously worked on unix systems might have stuck to the conventions that particular operating system had because that's what they were used to, so you might find a linux system that was built by an old school unix admin who would put all his shell scripts into /usr/local/bin but it doesn't meant that's where they have to go.
In regards to your original question, once you decide where you want to put the script. Make sure the user you created can access it and the file has the correct permissions. Then use the root account to edit the crontab file for that user.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.