Agenda

Agenda

Administrative IssuesLink of the WeekThis Week’s Expected OutcomesPoints of interestMoving around in UNIXBreak-Out ProblemsUpcoming DeadlinesHands-on InformationLab Assistance, Questions, and Answers

AnnouncementsAnnouncements

AnnouncementsFinal exam December 14 through 19, 2015.

Link of the weekLink of the weekEncoding www.fileformat.info/info/unicode/utf8.htm Unicode now replaces ASCII, ISO 8859 and

EUC. It enables users to handle not only practically any script and language used on the planet, it also supports a comprehensive set of mathematical and technical symbols to simplify scientific information exchange.

With UTF-8 encoding, Unicode can be used in a convenient and backwards compatible way in environments that were designed around ASCII, like UNIX. UTF-8 is the way in which Unicode is used under UNIX, Linux, and other systems.

This Week’s Expected OutcomesThis Week’s Expected OutcomesUpon successful completion of this

module, the student will be able to:Manipulate user accounts.

Describe how cron is used to invoke repetitive processes.

Manipulate process structure including: A. fork/execute, B. Initialization process, C. Background/foreground, D. PS tool.

Explain basic UNIX and Linux security issues. Describe disk and file system structure. Use backup and restore archival operations on a

system. Establish network services. Investigate the structure of the LDAP directory using

LDAP commands.

UNIX Operating SystemUNIX Operating System“Initializing” or “booting” the machine

The startup process of a computing system is the installation of software. Many pieces of the software are configured into subsystems and are interdependent upon each other.

The boot up procedure utilized by Linux, HP-UX UNIX and Solaris is based on the UNIX System V procedure. Red Hat Enterprise Linux 6.0 boot up procedure is based on the Upstart procedure.

UNIX Operating SystemUNIX Operating SystemSteps involved in the boot procedure

CPU mode is set to RESETCPU is pre-programmed to begin execution at hex address 0Xfffffff0. Address 0Xfffffff0 is mapped to ROM (Read Only Memory). This ROM (BIOS ) address contains a set of routines that are burnt on the chip


The BIOS code is where the hardware meets software for the first time, and where all the boot magic begins. The BIOS code is inside a chip on the motherboard of your PC, usually stored on what is called an EEPROM. The BIOS is the lowest level of software that interfaces with the hardware as a whole, and is the interface by means of which the bootloader and operating system kernel can communicate with and control the hardware. Through standardized calls to the BIOS the operating system can trigger the BIOS to read and write to the disk and interface with other hardware components.


When your computer is powered on, the BIOS begins its work as part of the POST (Power-On Self Test) process. After that, it bridges all the various parts of your PC together, and interfaces between them as required, setting up the various system components like the VGA, display screen, initializing the memory banks, and giving access to the hardware disks connected to your system. The BIOS on newer motherboards recognizes and identifies USB devices, and external drives and USB mice.


The I/O routines on the BIOS continue the boot process by reading Track 0, Sector 1 of the hard disk. This is the location of the Master Boot Record (MBR). The MBR is the first and most important component on the software side of things in the boot procedure on a BIOS-based machines. Every hard disk contains a MBR, and it contains many other important pieces of information.


The size of the MBR is 512 bytes. The MBR contains the disk partition tables, and executable code which is the first part of the boot loader. The MBR is independent of the kernel.

UNIX Operating SystemUNIX Operating SystemMBR

The information about how a hard disk has been partitioned is stored in its first sector (that is, the first sector of the first track on the first disk surface). The first sector is the master boot record (MBR) of the disk; this is the sector that the BIOS reads in and starts when the machine is first booted.

UNIX Operating SystemUNIX Operating SystemThe master boot record contains a small

program that reads the partition table, checks which partition is active (that is, marked bootable), and reads the first sector of that partition, the partition's boot sector (the MBR is also a boot sector, but it has a special status and therefore a special name). This boot sector contains another small program that reads the first part of the operating system stored on that partition (assuming it is bootable), and then starts it.

UNIX Operating SystemUNIX Operating System

UNIX Operating SystemUNIX Operating SystemThe second and important bit of code of

the MBR is known as the “bootstrap code”. The first 440 bytes of these 512 bytes can contain literally anything. The BIOS will load it and execute its contents as-is, kicking off the bootloader procedure. The bootstrap is incredibly small. It makes up approximately 0.3% of the capacity of a dated MiB floppy disk.

Master Boot Record (MBR)

Master Boot Record

UNIX Operating SystemUNIX Operating SystemConsidering how small the bootstrap

code section is, the only useful purpose it can really serve is to look up another file from the disk and load it to perform the actual boot process. In reality, the bootstrap code is often referred to as a “stage one bootloader”. Depending on the operating system, the exact place the bootstrap code searches for the “stage two bootloader” can change, but on Windows the stage one bootloader will search the partition table of the MBR for a partition marked as “active” which is MBR speak for “bootable,”

UNIX Operating SystemUNIX Operating Systemindicating that the start of the partition contains the next portion of the boot code in its starting sectors. On a correctly created MBR disk, only one partition can be marked as active at a time.

So the job of the bootstrap code segment in the MBR is fairly simple: look up the active partition from the partition table, and load that code into the memory for execution by the CPU as the next link in the boot chain.

UNIX Operating SystemUNIX Operating SystemDepending on the OS you are loading, it

might actually look up a hard coded partition instead of the active partition and the offset of the boot code within the partition boot sector might change, but the basic concept remains the same. For legacy systems, the MBR almost always loads the first sector of the active partition, meaning another 512 bytes.

UNIX Operating SystemUNIX Operating SystemThe boot loader is responsible for

loading the kernel into memory. Boot loaders are independent of the operating system and are executable code found inside the MBR. The boot loader must share the 512 bytes with the partition table.


The LILO is independent of specific file system, and can boot an operating system from floppy disks and hard drives. There are sixteen different images that can be selected at boot time. LILO can be placed either in the master boot record (MBR) or the boot sector partition. In the latter case, something else like a reference must be placed in the MBR to load LILO.


UNIX Operating SystemUNIX Operating SystemDefine: Linux initrd

The previous slide displayed how the boot process is broken up into several major components, each of which is an independent subsystem with many different options and variations. The implementation of each component can differ considerably depending on your hardware and operating system, but the rules they follow and the process by which they work from are always the same.

UNIX Operating SystemUNIX Operating SystemDefine: Linux initrd

The /dev/initrd file is a read-only block device. The /dev/initrd is a RAM disk device that is loaded by the boot loader into memory before the kernel is started. The kernel utilizes this block device for a two phased system boot-up.

During the first phase, the kernel starts up and mounts an initial root filesystem from the contents of the /dev/initrd (RAM disk is initialized by the boot loader).

The second phase, additional drivers or other module information are loaded from the initial root device as contents. After loading all modules, a new root filesystem (/etc/fstab) is mounted from a different device.


UNIX Operating SystemUNIX Operating SystemWhat is a Block Device?

Block device is a device you can read blocks of information. Some block devices are CDROM, hard disk, and floppy disks.

The following dd statement reads one 512 byte record.

dd if=/dev/sda1 of=/dev/null count=1 Command: ls –l /dev/initrdbrw-rw---- 1 root disk 1, 250 Jun 24 2004

initrdbrw-rw---- 1 root disk 1, 10 Sep 8

2011ram10

UNIX Operating SystemUNIX Operating SystemCharacter Device

Character special files or character devices relate to devices through which the system transmits data one character at a time. These device nodes often serve for stream communication with devices such as mice, keyboards, virtual terminals, and serial modems, and usually do not support random access to data.

UNIX Operating SystemUNIX Operating SystemCharacter Device

In most implementations, character devices use un-buffered input and output routines. The system reads each character from the device immediately or writes each character to the device immediately.

crw------- 1 root root 5, 1 Sep 8 2011 console

crw--w---- 1 root tty 4, 44 Sep 8 2011 tty44

UNIX Operating SystemUNIX Operating SystemRole of the kernel Once the drivers have been

loaded, execution is turned over to the kernel.The kernel then executes a series of steps.

- Determines memory size- Initializes Data Structure- Mount root partition - Hardware Configuration

UNIX Operating SystemUNIX Operating SystemRole of the kernel

Kernel configures information based on probing the system bus, and querying drivers for information. Devices that are missing drivers are considered disabled.

- Hand crafted/Spontaneous processes.

UNIX Operating SystemUNIX Operating SystemLinux Kernel Data Structure (task_struct)

The task_struct data structure contains the following fields:

- Process staterunningreturning from system callprocessing an interrupt routineprocessing a system callready

waiting- Processes priority - Clock ticks (10ms intervals) which the process can

continue executing without being forced rescheduling.

- Error number of the last faulting system call

UNIX Operating SystemUNIX Operating SystemDescribe a processes:

Original parent, parent, youngest child, younger sibling, and finally older sibling.

Process ID Timing information; for example, the amount of

time the process has spent in user mode.

UNIX Operating SystemUNIX Operating SystemLinux Kernel

The Linux kernel process table is a data structure that describes all processes that currently exist. The process table is implemented as an array of pointers to task structures. The kernel process table is limited in size to 512 entries and has its own block size. All Linux blocks are currently 1024 bytes.

UNIX Operating SystemUNIX Operating SystemRole of the init process

The kernel starts a few spontaneous/handcrafted processes in user space. The origin of the init process is from the kernel and not the fork and execute procedure. The init process has a Process ID (PID) of one (1) and a Parent Process ID of zero (0).

root 1 0 0 2014 ? 00:03:19 /sbin/init


The init process is the ultimate parent in the running system and plays an important role in the startup process. All future processes on the system are descendants of the init process.


Once the system processes are created, then the kernels work is basically completed.

The init process performs the following tasks:

Executions the /etc/rc.d/rc.sysinit script

Sets the system clockActivates the paging processStarts the RAID devicesCheck and mounts other file systemsExecutes the /etc/inittab scriptExecutions of run commandsSwitch to multi user mode

UNIX Operating SystemUNIX Operating Systeminit process

After the run commands (rc) have executed, the system is fully operational.

It looks for the file /etc/inittab to see if there is an entry of the type initdefault. The initdefault entry determines the initial run level of the system.

Display: /etc/inittab file

init login process1. Init process spawns the getty or minigetty process.

2. The getty process invokes the login process. After the user name has been entered, it is passed to the login process.

UNIX Operating SystemUNIX Operating Systeminit process

3. The login process prompts the user for a user password, and verifies it. If authentication is successful, the user’s shell is created.

Otherwise, a failure causes an error message, ends and then init process will respawn getty or minigetty.

4. The user’s preferred shell will be invoked creating a session.

5. Eventually, the user will logout.

UNIX Operating SystemUNIX Operating SystemThe /etc/inittab file on the cs.franklin.edu

machine has been updated with Red Hat 6.0. This new release affects Lab Assignment 9-1 because information has been removed from the /etc/inittab file. Currently, the new release of the /etc/inittab file is accessed during boot up for the default run level (id:3:initdefault). Otherwise, system initialization, individual run levels, and the Ctrl-Alt_Delete feature are handled by different files.


UNIX Operating SystemUNIX Operating SystemThe previous slide displays how the boot process is

broken up into several major components, each of which is an independent subsystem with many different options and variations. The implementation of each component can differ considerably depending on your hardware and operating system, but the rules they follow and the process by which they work are always the same.

UNIX Operating SystemUNIX Operating SystemIt makes no difference what type computer you

have or operating system, standard desktop PCs or laptops, all power on and start up using one of two ways:

1. The traditional BIOS-MBR2. UEFI-GRT method.

2.1 Windows2.2 Linux2.3 Mac OS-X2.4 PCs, laptops, and tables

UNIX Operating SystemUNIX Operating SystemIn UNIX, a process is a name given to a program

being executed by the operating system.

In Linux, that same program is referred to as a task or process. Linux considers both names as the same.

A process consist of:- Program code, data, and stack- Open files (stdin, stdout, stderr)- System data structures- Environment (terminal type, user login directory, $HOME)

A Linux system will share code and system libraries among processes so that memory can be conserved and only keep one copy of the code is in memory at a time.

UNIX Operating SystemUNIX Operating SystemProcess

Each Linux process is allocated a unique process identifier (PID). The range of PIDs is usually between 2 and 32,768.

A process can be terminated several ways:- Foreground process by typing Ctl-C- Background process with PID=n and

typing kill [option] -n

UNIX Operating SystemUNIX Operating SystemProcess

Processes go through various process states during their existence. These transitory states are managed by the operating system (OS). The specifics of these process states vary from one OS to another, as well as the state names.

UNIX Operating SystemUNIX Operating SystemProcessProcess states:1.Created (fork and exec)2.Waiting (process scheduler - load from

secondary storage to main memory)3.Running (after a process is assigned a

processor by a short –term scheduler, context switch is performed)

4.Blocked (waiting for resources - user input or secondary storage input. Then process is moved back to “waiting” state)

5.Terminated (finished execution, waits to be removed from main memory)

UNIX Operating SystemUNIX Operating SystemProcess Summary

In UNIX-like operating systems, the kernel is invoked when a process issues a system call.All processes have owners.

Processes transition through various states.

When an original process (parent) creates or spawns another processes (child), it inherits the file access and execution privileges belonging to the parent (basic frame work of the parent).




UNIX Operating SystemUNIX Operating SystemWhat is a thread?

The amount of work performed by a process or task.- A single threaded process is a process only

performs one task.- A multi-threaded process is a process that performs multiple tasks concurrently without incurring additional overhead needed to create a new process.

UNIX Operating SystemUNIX Operating SystemShutdown command

One commonly issued form of this command is shutdown -h now, which will shut down a system immediately. Another one is shutdown -r now to reboot. Another command format allows the user to specify an exact time or a delay before shutdown: shutdown -h 20:00 will turn the computer off at 8:00 PM, and shutdown -r -t 60 will automatically reboot the machine within 60 seconds (one minute) of issuing the command.

UNIX Operating SystemUNIX Operating SystemShutdown command

The complete syntax of the Linux version of the command is:usage: shutdown [-akrhfnc] [-t secs] time [message]

-a use /etc/shutdown.allow -k don't really shutdown, only warn -r reboot after shutdown -h halt after shutdown -f do a 'fast' reboot (skip fsck) -F force fsck on reboot -n do not go through "init" but go down real

fast -c cancel a running shutdown -t secs delay between warning and kill

signal

UNIX Operating SystemUNIX Operating SystemKill Command

Caveat:The command kill sends the specified signal to the specified process or process group. As a precaution, avoid indiscriminate use of the kill command on jobs involving text editors, databases programs, mail programs, or any other program that has a large amount of user interaction. The kill command terminates a job without saving any of the user input or program results.

UNIX Operating SystemUNIX Operating System/etc/password FileLocation: /etc/passwdField separators: Colon (:) File format:Username:Password:UID:GID:UserID:Home

directory:Command/shellExample:dandrear:x:1020:1021:dandrear

user:/export/home/dandrear:/bin/bashPermissions on Einstein:-rw-r--r-- 1 root root 1636 Aug 16

10:37 /etc/passwd

UNIX Operating SystemUNIX Operating System/etc/Passwd File Username: It is used when user logs in. It

should be between 1 and 32 characters in length.

Password: An x character indicates that encrypted password is stored in /etc/shadow file.

User ID (UID): Each user must be assigned a user ID (UID). UID 0 (zero) is reserved for root and UIDs 1-99 are reserved for other predefined accounts. Further UID 100-999 are reserved by system for administrative and system accounts/groups.

Group ID (GID): The primary group ID (stored in /etc/group file)

User ID Info: The comment field. It allow you to add extra information about the users such as user’s full name, phone number etc. This field use by finger command.

UNIX Operating SystemUNIX Operating System/etc/Passwd File Home directory: The absolute path to the

directory the user will be in when they log in. If this directory does not exists then users directory becomes /

Command/shell: The absolute path of a command or shell (/bin/bash). Typically, this is a shell. Please not it does not have to be a shell.

UNIX Operating SystemUNIX Operating System/etc/shadow FileLocation: /etc/shadowField separators: Colon (:) File format:username:passwd:lastpasswdch:min:max:warn:inactive:expire:unused

Example:dandrear:$1$dhBysgdhfteM9gd00:13064:0:99999:7:::Permissions on Einstein:-r-------- 1 root root 1107 Sep 5 15:24 /etc/shadow

(Permission denied)

UNIX Operating SystemUNIX Operating System/etc/shadow File User name : It is your login name Password: It your encrypted password. The

password should be minimum 6-8 characters long including special characters/digits

Last password change (last changed): Days since Jan 1, 1970 that password was last changed

Minimum: The minimum number of days required between password changes i.e. the number of days left before the user is allowed to change his/her password

Maximum: The maximum number of days the password is valid (after that user is forced to change his/her password)

Warn : The number of days before password is to expire that user is warned that his/her password must be changed

UNIX Operating SystemUNIX Operating System/etc/shadow File Inactive : The number of days after

password expires that account is disabled Expire : days since Jan 1, 1970 that account

is disabled i.e. an absolute date specifying when the login may no longer be used

Unused field:

UNIX Operating SystemUNIX Operating System/etc/group FileLocation: /etc/groupField separators: Colon (:) File format:Group name:Password:GID:User_listExample:faculty:x:410:staff:x:430:Permissions on Einstein:-rw-r--r-- 1 root root 833 Aug 16

10:37 group

UNIX Operating SystemUNIX Operating System/etc/group File

Group name: Name of the group. Password: The group password would be encrypted. If this field is empty, no password is needed. GID: The numerical group ID and/or unique group identifier. User_list: All the group member's user names, separated by commas.



UNIX Operating SystemUNIX Operating SystemAdding Users on a system

Performed in three ways:1. Manually through the system interface2. Adduser/deluser commands (demonstrate on

Knoppix software)3. Using a GUI system administration tool

UNIX Operating SystemUNIX Operating SystemSecurity Features

The Linux network daemon uses xinetd to monitor all configured ports and starts system resources usage only on-demand, since the daemons aren’t running all the time. Security and resource usage is the main objective.

UNIX Operating SystemUNIX Operating SystemChroot jail

Utilized by Linux and UNIX OS to create an artificial root directory. Creating a temporary root directory prevents a program from accessing or modifying files outside the directory hierarchy starting at its root. Chroot affects only the current process and its child processes.

The files need to be placed in the jail directory (such as /users) in directories that mimic their placement in the root (/) file system. So you need to copy all required files. For example, /usr/bin/rssh is located on / file system. If your jail is located at /users, then copy /usr/bin/rssh to /users/usr/bin/rssh.

UNIX Operating SystemUNIX Operating SystemSELinux

Developed by the U.S. National Security Agency (NSA), implements Mandatory Access Control (MAC) in the Linux kernel. MAC enforces security policies that limit what a user or program can do. It defines a security policy that controls some or all objects, such as files, devices, sockets, and ports, and some subjects like processes. Utilizing SELinux, you can grant a process only those

permissions it needs to be functional.

UNIX Operating SystemUNIX Operating SystemTCP Wrapper

It is part of the client/server model, and can be used with any daemon that is linked against libwrap.a, and relies on the /etc/hosts.allow and /etc/hosts.deny files are the basis of a simple access control language. This access control language defines rules that selectively allow clients to access server daemons on a local system based on the client’s address and the daemon the client tries to access.

UNIX Operating SystemUNIX Operating SystemSecurity Features

The iptables utility builds and manipulates network packet filtering rules in the Linux kernel. You can use iptables to create a firewall that protects a system from outside intruders.


Points of interestDisplay the processes running on your

system. If you see cupsd, the CUPS daemon, is running, so the system is using CUPS for printing.

Moving Around in UNIXMoving Around in UNIXsudo - Set user and do. Execute a single

command as another user (root is the default).

lsof - List open files on the system. Normally, it only lists files you (or processes you own) have open; if run as root, it lists all open files.

Moving Around in UNIXMoving Around in UNIXifconfig - Configure network interfaces

(e.g. ethernet ports, AirPort cards, etc).printenv - print out environmentwhois - Internet user name directory service

Break-out problemsBreak-out problems1. simple_script &2. What is a zombie process?3. What files are updated on a Linux system when a

new user is added?4. fork()5. What information is stored in the /etc/passwd file?6. What information is stored in the /etc/shadow file?7. What information is stored in the /etc/group file?8. What is a background process?9. What is a foreground process?10. What is an orphan process?11. kernel12. nice command13. init process

Hands on informationHands on information

Lab Assignment 9-1,Startup /Shutdown due November 15, 2015Lab Assignment 10-1, 10-2 Account/LDAP/Process due November 22, 2015Open Source Assignment 13-1, due December 8 (week 14) and December 15 (week 15)

After class assistanceAfter class assistance

QuestionsCommentsConcerns

I am available after this Franklin Live session to discuss any problems and/or concerns regarding the lab assignments

Lab Assistance available by phone Lab Assistance available by phone and/or emailand/or email

Documents

Agenda