Slashdot Mirror
Administration on Systems w/ Lots of Users?
kidlinux asks: "Since I started using Linux I've relied mostly on documentation to learn how to use any given aspect of the system. Up until now, I've been used to setting up systems for myself and a few of my friends. I have recently been hired to setup a system which will have 100+ users. Some will have shell access, some email only, some web access, etc.. When setting up a system for vast amounts of users, are things done differently? What kind of things do I need to consider when configuring the system? Is there any documentation available for setting up large scale systems?"
my sig's at the bottom of the page.
If your only worry is a single machine, IMO there is no fundamental difference with a home system, except that it has to be (even more) solid (think redundant power supply, UPS, RAID, backups...), scalable (think RAM, SCSI disks), and you have to pay (even more) attention to potential local root holes. And use a system that works, no fancy using the latest 2.5.1pre6 Linux kernel or 5.x-CURRENT BSD!
Think about how it will be accessed and don't cut corners on security (use SSL for POP/IMAP if possible, favor SSH/SCP/SFTP over telnet/ftp, use encrypted passwords for SAMBA). You may want to set up restrictions on local users - quotas, limits on CPU/RAM usage, etc. You will want to automate account creations: define different classes of users, standard configurations, but also groups, mailing lists - manual maintenance of those can be a major PITA.
OTOH, if you're also responsible for all the clients, then there's a must read: Bootstrapping an architecture. Resist any and all temptation, from yourself or others, akin to "100 users is not enough to bother with automating everything, we'll just handle it by hand", etc. I've been through this myself and regret all the time lost installing, reinstalling systems, spending hours opening batches of accounts, cleaning up old ones, and so on... Computers are good at repetitive tasks, and this one can and should be automated. Of course, keep solidity in mind; you don't want all your network to halt because your upgrade server is stopped for maintenance...
Finally, if you aren't starting from scratch, if you've just been "promoted" sysadmin for 100 users with an existing network, then good luck. Your best bet is to maintain the old infrastructure, set a new one in parallel, and migrate users and machines one by one. But make sure to interview many users and upset as little old habits as possible, otherwise I hope your asbestos suit is ready!
Learn DNS, NIS (or better and if you dare NIS+) or LDAP.
You don't want to use plain text files in each machine....
IANAL but write like a drunk one.
Perl and shell are you friends. Script like it was going out of style. Never do anything manually more than twice (three times tops). This rule will save you a lot of time in the long run.
/usr/local/etc that contains all the important config files, and a cronjob copies the files over ever N minutes or hours. Redhat and Mandrake have a kickstart system that allows you to re-install a system with minimal effort (probably other Linux distros have something similiar). It's useful. Damn useful.
/home, NTP, etc). I'm sure it could take at least 200-300 users before running into any problems (the old server was a 233 Mhz K6 with 128 Megs of memory - it held up suprisingly well for 3 full years with the same load). SCSI, especially, is not worth the money. It's nice, but price/performance on SCSI is not worth it unless you need the fastest possible stuff.
If you have multiple machines (more my area of experience), NFS, NIS, DNS, LDAP, etc are super-important. Make an NFS'ed
The high-end hardware is a waste of money with only a 100 users (unless they're constantly hitting the machine hard). One machine we've got here is a 1 Ghz AMD Tbird, Abit KT7A-RAID, 768 Mb PC133, big software striped RAID IDE disks, pretty vanilla (cost us like $1000 in June, it would be $750 today). It handles web (tons of PHP and Perl, also SSL), mail (SMTP, IMAPS, SPOP3), database, rsync, and SSH for 65 people with no problem (plus NIS, NFS'ing out