Embed Size (px)
DESCRIPTION
notes of linux
Citation preview
An Introduction to Linux
Contents
• Operating System
– Purpose
• Intro to Linux
– Background– Background
– Kernel
Purpose of Operating System
• To manage hardware and software resources in a system
–Memory, processor, disk space, programs
• To ensure the system behaves in a predictable • To ensure the system behaves in a predictable way
• To provide a stable, consistent high-level interface to the hardware
-Individual applications do not need to know hardware implementation details.
Introduction to Linux
• Linux is a free distributed implementation of a Unix-like Kernel
• Developed by Linus Torvalds at the University of Helsinki with the help of programmers of Helsinki with the help of programmers across the Internet.
• The first version of Linux kernel became available on the net in 1991.
Areas of Maximum Usage
• Used as server which is powered up and online 24X7.
• Used as web servers, hosting web sites browsed by the users worldwide.
Uniqueness of Linux
• Linux is a cross platform OS that runs on many computer models.
• Linux & many Linux applications are distributed in source forms.in source forms.
• Linux is free in two sense
– You pay nothing to obtain it.
– Linux comes bundled with special documentation or application with technical support.
Background of Linux
• Development of Unix
– Features
– Versions
• Linux Background• Linux Background
• Copyright to Copyleft
• Intro to Kernel
Development of Unix
• Ken Thompson & Dennis Ritchie implemented a rudimentary OS on PDP 7 & named it Unics.
• Developed at Bell Labs by AT&T in 1970’s • Developed at Bell Labs by AT&T in 1970’s
• Unix is a trademark administered by the Open Group, and it refers to a computer OS that conforms to a particular specification i.e. Posix (Portable OS Interface) specifications.
Main Features of Unix
• Simplicity
• Reusable Components
• Filters
• Open File Systems• Open File Systems
• Portability
Versions of Unix
• Sun OS by Sunmicrosystems owned by Bill Joy.
• System V by AT & T in 1984.• System V by AT & T in 1984.
• BSD(Berkeley System Division) Unix Written at the University of California, Berkeley in 1978.
Linux Background…
• AT & T claimed Unix as its intellectual property and began charging hefty license fee who wanted to use Unix.
• Others followed the suite.• Others followed the suite.
• In 1983, Richard Stallman, scientist at MIT, launched GNU project which aimed at creating a free Unix- like OS.
• Like early Unix, it was distributed free in source form.
…Linux Background…
• Stallman used Internet as a means of communication.
• He founded FSF(Free Software Foundation), a non-profit corporation that seeks to promote non-profit corporation that seeks to promote free software and eliminate restrictions on the copying, redistributing, understanding and modification of software.
…Linux Background
• By the early 90s, the FSF had obtained or written all major components of the GNU except the KERNEL.
• Linus Torvalds working with MINIX, a Unix-like • Linus Torvalds working with MINIX, a Unix-like OS written by Andrew Tannenbaum was disappointed with its performance and believed he could do better.
Birth of Linux
• He shared his work with others on Internet news groups.
• Soon other programmers joined to extend & • Soon other programmers joined to extend & improve his Kernel which he called Linux.
• Released on Oct 1,1991, Linux grew rapidly.
• Linux has been integrated with other GNU software to produce a fully functional OS
Copyright to Copyleft
• FSF guarantees freedom to users through a special term – GNU Public License which gives everyone the right to use, modify & redistribute the software, but only if the redistribution the software, but only if the redistribution terms are unchanged.
• According to FSF,” Proprietary software developers use copyright to take away the user’s freedom, we use copyright to guarantee their freedom. That’s why we reverse the name, changing it to copyleft”.
Intro to Kernel
• Focal point of any OS is kernel.
• It is a core program that runs programs & manage hardware devices, such as disks and printers.printers.
• It acts like a bridge between hardware & other user & system programs & applications.
Features
• Multitasking
-several processes running at the same time independent of each other
• Multiuser• Multiuser
-several users work with the system at the same time
• Multiplatform
-runs on different CPUs, not just Intel.
Features Contd…
• Multiprocessing
-distribute several applications across several processors
• Multithreading• Multithreading
-with kernel support multiple independent threads are controlled within a single process memory space.
• Architectural Independence
-Linux runs on almost all platforms
Features Contd…
• Demand Loads Executables
-reads from disk only those parts of a program that are actually used
• Virtual Memory Using Paging• Virtual Memory Using Paging
-pages not there in physical memory but needs to be accessed are loaded
• Unified Memory Pool
-for user programs and disk cache
Features Contd…
• Shared Libraries
-static and dynamic link libraries
• Core Dumps for Post-Mortem Analysis
-Allow use of debugger on a program-Allow use of debugger on a program
• Support for POSIX 1003.1 Standard
• Source Code Available
-including kernel, drivers, the development tools and all user programs
Features Contd…
• Various formats for Executable Files
-through an iBCS2(standard) – compliant emulation module, mostly compatible with SCO Unix, SVR3 & SVR4 at the binary levelSCO Unix, SVR3 & SVR4 at the binary level
• Memory Protected Mode
-has memory protection between processes, so that one program can’t bring the whole system down
Features Contd…
• Support for National Keyboards & Fonts
-support for many national or customized keyboards
• Multiple Virtual Console
-several independent login sessions through the -several independent login sessions through the console
• Different File Systems
-support several common file systems, including Minix, Xenix and all common System V file systems
-has its own advanced file system i.e. ext2 which offers file systems of upto 4TB and names upto 255 characters long.
Features Contd…
• TCP/IP, SLIP & PPP SUPPORT
-Linux can be integrated into local Unix networks. All network services such as NFS, Remote Login can be usedRemote Login can be used
• Embedded LINUX
-The embedded applications such as industrial controllers, outers, entertainment electronics and palmtops
Linux Distribution
Various organizations & individuals package Linux, often combining it with free or proprietary applications. Such a package that includes all the software needed to install and run Linux is called a Linux Distribution.
Some Popular DistributionSome Popular Distribution• Caldera OpenLinux• Slackware Linux• Red Hat Linux• SUSE Linux• Debian Linux
Distributions can be obtained from:FTP Servers, E-mail systems, public-domain
distributors and some bookshops
Characteristic Linux Windows NT Solaris
Range of compatible hardware
Very wide Modest Narrow
Minimal hardware 386 PC 486 PC Pentium
Representative cost of hardware
Low Higher Highest
Average downtime Very low As low as 30 min./week Very low
Performance High Comparable to Linux Half of Linux to same as Linux
Linux Features and Comparison Performance
Linux
Multi-processing capabilities
Excellent Modest Excellent
IP Security (IPSec) Yes Through Service Pack Later Versions
IPv6 Available Privately demonstrated Beta
Overall user satisfaction, per Datapro
Highest Lowest Medium
Source code readily available
Yes No No
Installed base Millions Millions Hundreds of thousands
Relationship between Linux & Unix
There are many similarities as well as differences between Linux and Unix.
Similarities
• Almost all programs that run on Unix can be • Almost all programs that run on Unix can be compiled and run on Linux.
• Some of commercial applications developed on Unix can run unchanged in binary form on Linux systems.
Similarities…
• Both share many common applications such as:
-GUI, file, and windows managers (KDE, Gnome) Gnome)
-Shells (ksh, csh, bash)
-Various office applications
-Development tools (perl, php, c, c++)
-Posix interface
Relationship• Linux is a UNIX Clone
• Linux Is Just a Kernel
• License and cost
• User-Friendly
• Security
• Backup and Recovery
• File Systems
• Administration Tools
• Startup Scripts
• End User Perspective
• System Administrator Perspective
Linux/Unix
Comparison
What is it? Linux is an example of Open Source software development and Free Operating System (OS).
Unix is an operating system that is very popular in universities, companies, big enterprises etc.
Development and Distribution
Linux is developed by Open Source development i.e. through sharing and collaboration of code and features through forums etc and it is distributed by various vendors such as Debian, Red Hat, SUSE,
Unix systems are divided into various other flavors, mostly developed by AT&T as well as various commercial vendors and non-profit organizations.
Debian, Red Hat, SUSE, Ubuntu, GentuX etc.
Inception It is based on UNIX and eventually after adding many features of GUI, Drivers etc, Linus Torvalds developed the framework of the OS that became LINUX in 1992. The LINUX kernel was released on 17th September, 1991
In 1969, it was developed by a group of AT&T employees at Bell Labs and Dennis Ritchie. It was written in “C” language and was designed to be a portable, multi-tasking and multi-user system in a time-sharing configuration.
GUI: Linux typically provides two GUIs, KDE and Gnome. But Linux GUI is optional.
Initially Unix was a command based OS, but later a GUI, popularly known as X Window was created for UNIX.
Threat detection and solution
In case of Linux, threat detection and solution is
In case of Unix, user has to wait for a while, to get the solution detection and solution is
very fast, as Linux is mainly community driven and whenever any Linux user posts any kind of threat, several developers start working on it from different parts of the world
wait for a while, to get the proper bug fixing patch.
Cost Linux can be freely distributed, downloaded freely, distributed through magazines, Books etc. There are priced versions for Linux also, but they are normally cheaper than Windows.
Different flavors of Unix have different cost structures
Security: Linux has had about 60-100 viruses listed till date
A rough estimate of unixviruses is between 85 -120 viruses reported till date.viruses reported till date.
User Linux, like all Unix variants, is designed to handle multiple concurrent users.
Unix operating systems were developed mainly for mainframes, servers and workstations. The Unix environment and the client-server program model were essential elements in the development of the Internet
Open Source Software
• When programmers on the Internet can read, redistribute, and modify the source for a piece of software, it evolves
• People improve it, people adapt it, people fix • People improve it, people adapt it, people fix bugs. And this can happen at a speed that, compared to conventional software development, seems astonishing
Unix ArchitectureThe image cannot be displayed. Your computer may not have enough memory to open the image, or the image may have been corrupted. Restart your computer, and then open the file again. If the red x still appears, you may have to delete the image and then insert it again.
UNIX ARCHITECTURE• HARDWRE:The physical component of the computer
system is called hardware.
• UNIX SHELL: The shell or the command interpreter is the mediator which interprets the commands we give and then conveys them to the Kernel which ultimately executes them. It provides the user interface to the Kernel. them. It provides the user interface to the Kernel.
• KERNEL: It is that part of the operating system that carries out the basic functions such as accessing files, allocating memory and handling communications. Its main function is to manage the resources of the computer’s hardware such as CPU, memory, I/O devices and network communication.
• USERS: The human beings that use the computer system are called the users.
Micro/Mono• The kernel internally contains many
components, such as a memory manager,scheduler, numerous device drivers, a filesystem, and so on.
• Monolithic kernel--All of the components• Monolithic kernel--All of the componentsmentioned above, and many others, are alllumped into a single operating system file.
• Microkernel--Only the bare minimum is put intothe kernel file, and every thing else is put intoseparate programs, which the microkernel loadsand runs at boot time.
Fundamental Architecture of GNU/Linux
USER SPACE/KERNEL SPACE
• Kernel space is where the kernel (i.e., the core of the operating system) executes (i.e., runs) and provides its services. Kernel space can be accessed by user processes only through the use of system calls.
• User space is that set of memory locations in which user processes (i.e., everything other than the kernel) user processes (i.e., everything other than the kernel) run.
• The reason for this separation is that otherwise user data and kernel data could disturb each other which would result in less performance and system instabilities.
GNU C Library (glibc)
This provides the system call interface that connects to the kernel and provides the connects to the kernel and provides the mechanism to transition between the user-space application and the kernel.
KERNEL
• Linux uses a monolithic kernel, the Linux kernel, which handles process control, networking, and peripheral and file system networking, and peripheral and file system access. Device drivers are integrated directly with the kernel.
Kernel LayersThe Linux kernel is the core of a large and complex operating
system, and while it's huge, it is well organized in terms of subsystems and layers. It can be divided into three gross levels.
• Level 1
SCI which implements the basic functions such as read and write.
• Level 2• Level 2
Kernel code which is common to all architectures supported by Linux.
• Level 3
Architecture-dependent code which forms BSP (Board Support Package). This code serves as the processor and platform specific code for the given architecture.
Major Sub systems of the Linux Kernel
Sub Systems of Kernel
• SCI-provides the means to perform function calls from user space into the kernel.
• PM
• MM• MM
• VFS
• Network Stack
• Device Drivers
• arch
• In the kernel, these are called threads and represent anindividual virtualization of the processor (thread code,data, stack, and CPU registers).
• In user space, the term process is typically used, thoughthe Linux implementation does not separate the twoconcepts (processes and threads).
• The kernel provides an application program interface(API) through the SCI to create a new process (fork, exec,
Process Management
(API) through the SCI to create a new process (fork, exec,POSIX functions), stop a process (kill, exit), andcommunicate and synchronize between them (signal, orPOSIX mechanisms).
• Share the CPU between the active threads: The kernelimplements a novel scheduling algorithm that operates inconstant time, regardless of the number of threads vyingfor the CPU. This is called the O(1) scheduler, denotingthat the same amount of time is taken to schedule onethread as it is to schedule many.
Memory management• memory is managed in pages (4KB in size for most architecture). • Linux provides abstractions over 4KB buffers, such as the slab
allocator. • Memory management scheme uses 4KB buffers as its base, but
then allocates structures from within, keeping track of which pages are full, partially used, and empty. This allows the scheme to dynamically grow and shrink based on the needs of the greater system.greater system.
• Supporting multiple users of memory, there are times when the available memory can be exhausted. For this reason, pages can be moved out of memory and onto the disk. This process is called swapping because the pages are swapped from memory onto the hard disk.
• You can find the memory management sources in ./linux/mm
Slab Allocator• Processes generally request memory on the order of
bytes, not on the order of pages. To support the allocation of smaller memory requests made through calls to functions like kmalloc(), the kernel implements the slab allocator, which is a layer of the memory manager that acts on acquired pages.
• The slab allocator seeks to reduce the cost incurred • The slab allocator seeks to reduce the cost incurred by allocating, initializing, destroying, and freeing memory areas by maintaining a ready cache of commonly used memory areas. This cache maintains the memory areas allocated, initialized, and ready to deploy. When the requesting process no longer needs the memory areas, they are simply returned to the cache.
Virtual file system• The VFS provides a switching layer between the SCI and the file
systems supported by the kernel.• At the top of the VFS is a common API abstraction of functions
such as open, close, read, and writes. • At the bottom of the VFS are the file system abstractions that
define how the upper-layer functions are implemented. These are plug-ins for the given file system You can find the file system sources in ./linux/fs.sources in ./linux/fs.
• Below the file system layer is the buffer cache, which provides a common set of functions to the file system layer (independent of any particular file system). This caching layer optimizes access to the physical devices by keeping data around for a short time (or speculatively read ahead so that the data is available when needed).
• Below the buffer cache are the device drivers, which implement the interface for the particular physical device.
The VFS between users and file systems
Network stack
• The network stack, by design, follows a layered architecture modeled after the protocols themselves.
• The sockets layer is the standard API to the networking subsystem and provides a user interface to a variety of networking protocols.
• From raw frame access to IP protocol data units • From raw frame access to IP protocol data units (PDUs) and up to TCP and the UDP, the sockets layer provides a standardized way to manage connections and move data between endpoints.
• You can find the networking sources in the kernel at ./linux/net.
Device drivers
• The vast majority of the source code in the Linux kernel exists in device drivers that make a particular hardware device usable.
• The Linux source tree provides a drivers subdirectory • The Linux source tree provides a drivers subdirectory that is further divided by the various devices that are supported, such as Bluetooth, I2C, serial, and so on.
• You can find the device driver sources in ./linux/drivers.
Architecture-Dependent code• While much of Linux is independent of the architecture
on which it runs, there are elements that must consider the architecture for normal operation and for efficiency.
• The ./linux/arch subdirectory defines the architecture-dependent portion of the kernel source contained in a number of subdirectories that are specific to the architecture (collectively forming the BSP). architecture (collectively forming the BSP).
• For a typical desktop, the i386 directory is used.
• Each architecture subdirectory contains a number of other subdirectories that focus on a particular aspect of the kernel, such as boot, kernel, memory management, and others.
• You can find the architecture-dependent code in ./linux/arch.
Linux Booting Procedure
How computer startup?
• Booting is a bootstrapping process that starts operating systems when the user turns on a computer system
• A boot sequence is the set of operations the • A boot sequence is the set of operations the computer performs when it is switched on that load an operating system
Booting sequence
1. Turn on
2. CPU jump to address of BIOS (0xFFFF0)
3. BIOS runs POST (Power-On Self Test)
4. Find bootale devices4. Find bootale devices
5. Loads and execute boot sector form MBR6. Load OS
BIOS (Basic Input/Output System)
• BIOS refers to the software code run by a computer when first powered on
• The primary function of BIOS is code program embedded on a chip that recognizes and controls various devices that make up the computer.up the computer.
BIOS on boardBIOS on screen
Stage 1 boot loader
• The primary boot loader that resides in the MBR is a 512-byte image containing both program code and a small partition table.
• The first 446 bytes are the primary boot loader, which contains both executable code and error message text.
• The next sixty-four bytes are the partition table, which • The next sixty-four bytes are the partition table, which contains a record for each of four partitions (sixteen bytes each).
• The MBR ends with two bytes that are defined as the magic number (0xAA55). The magic number serves as a validation check of the MBR.
Stage 2 boot loader
• The secondary, or second-stage, boot loader could be more aptly called the kernel loader. The task at this stage is to load the Linux kernel and optional initial RAM disk.
• The first- and second-stage boot loaders combined • The first- and second-stage boot loaders combined are called Linux Loader (LILO) or GRand Unified Bootloader (GRUB) in the x86 PC environment.
• GRUB can load a Linux kernel from an ext2 or ext3 file system. It does this by making the two-stage boot loader into a three-stage boot loader.
Boot loader
• GRUB and LILO are the most popular Linux boot loader.
Other boot loader (Several OS)• bootman • NTLDR • XOSL • XOSL • BootX • loadlin • Gujin • Boot Camp • Syslinux • GAG
GRUB: Grand Unified Bootloader
• GRUB is an operating system independent boot loader
• A multiboot software packet from GNU
• Flexible command line interface• Flexible command line interface
• File system access
• Support multiple executable format
• Support diskless system
• Download OS from network
GRUB boot process
1. The BIOS finds a bootable device (hard disk) and transfers
control to the master boot record
2. The MBR contains GRUB stage 1. Given the small size of the
MBR, Stage 1 just load the next stage of GRUB
3. GRUB Stage 1.5 is located in the first 30 kilobytes of hard disk
immediately following the MBR. Stage 1.5 loads Stage 2.
4. GRUB Stage 2 receives control, and displays to the user the
GRUB boot menu (where the user can manually specify the
boot parameters).
5. GRUB loads the user-selected (or default) kernel into memory
and passes control on to the kernel.
LILO: LInux LOader
• Not depend on a specific file system
• Can boot from harddisk and floppy
• Up to 16 different images
• Must change LILO when kernel image file or • Must change LILO when kernel image file or config file is changed
Linux Loader (LILO)
• LILO is a boot manager.
• Usually installed in the Master Boot Record
• Configuration file is /etc/lilo.conf. If any changes are made to lilo.conf, /sbin/lilochanges are made to lilo.conf, /sbin/liloneeds to be run for the changes to become active.
• For Linux, LILO’s purpose is to identify the location of the kernel:/boot/vmlinuz-2.2.12-20
The Linux Boot Process
1. LILO starts and Linux is selected as the operating system to boot.
2. The Linux kernel is loaded into memory and then probes system hardware.then probes system hardware.
3. The init process reads /etc/inittab and determines whether runlevel 0-6 should be started.
4. rc scripts are executed for the specified run level to start various services.
Booting
• Once the kernel is found and loaded by the boot loader, the default boot process is identical across all architectures.
• The BIOS • The BIOS
• The Boot Loader
-GRUB
-LILO
Booting
• Once the second stage boot loader has determined which kernel to boot, it locates the corresponding kernel binary in the /boot/ directory.
• The boot loader then places the appropriate • The boot loader then places the appropriate initial RAM disk image, called an initrd, into memory. The initrd is used by the kernel to load drivers necessary to boot the system.
• This is particularly important if SCSI hard drives are present or if the systems uses the ext3 file system
Booting• Once the kernel and the initrd image are loaded into
memory, the boot loader hands control of the boot process to the kernel.
• The Kernel When the kernel is loaded, it immediately initializes When the kernel is loaded, it immediately initializes and configures the computer's memory and various hardware attached to the system, including all processors, I/O subsystems, and storage devices.It then looks for the compressed initrd image in a predetermined location in memory, decompresses it, mounts it, and loads all necessary drivers.
Booting
• Next, it initializes virtual devices related to the file system, such as LVM or software RAID before unmounting the initrd disk image and freeing up all the memory the disk image once occupied. occupied.
• The kernel then creates a root device, mounts the root partition read-only, and frees any unused memory.
• At this point, the kernel is loaded into memory and operational.
Init process
• The first thing the kernel does is to execute init program
• Init is the root/parent of all processes executing on Linux
• The first processes that init starts is a script • The first processes that init starts is a script /etc/rc.d/rc.sysinit
• Based on the appropriate run-level, scripts are executed to start various processes to run the system and make it functional
Runlevels
• A runlevel is a software configuration of the system which allows only a selected group of processes to exist
• The processes spawned by init for each of • The processes spawned by init for each of these runlevels are defined in the /etc/inittab file
• Init can be in one of eight runlevels: 0-6
RunlevelsRunlevel
Scripts Directory(Red Hat/Fedora Core)
State
0 /etc/rc.d/rc0.d/ shutdown/halt system
1 /etc/rc.d/rc1.d/ Single user mode
2 /etc/rc.d/rc2.d/ Multiuser with no network services exported
3 /etc/rc.d/rc3.d/ Default text/console only start. Full multiuser
4 /etc/rc.d/rc4.d/Reserved for local use. Also X-windows (Slackware/BSD)
5 /etc/rc.d/rc5.d/ XDM X-windows GUI mode (Redhat/System V)
6 /etc/rc.d/rc6.d/ Reboot
s or S Single user/Maintenance mode (Slackware)
M Multiuser mode (Slackware)
Summary
• Much like Linux itself, the Linux boot process is highly flexible, supporting a huge number of processors and hardware platforms.
• In the beginning, the loading boot loader provided a simple way to boot Linux without any frills. simple way to boot Linux without any frills.
• The LILO boot loader expanded the boot capabilities, but lacked any file system awareness.
• The latest generation of boot loaders, such as GRUB, permits Linux to boot from a range of file systems (from Minix to Reiser).
To Summarize: Boot sequence
• Load hardware information from BIOS
• Read MBR’s Kernel Loader (master boot record) For Linux, goto boot (kernel with /boot/vmlinuz-xxxx
For DOS, goto boot.ini
• Load Linux kernel
• Execute init program (/sbin/init)to get run-level details (contains in • Execute init program (/sbin/init)to get run-level details (contains in /etc/inittab)
There are 6 levels
• init execute /etc/rc.d/rc.sysinit
• Start kernel external model (/etc/modules.conf)
• init execute run-level’s scripts files
• init execute /etc/rc.d/rc.local files;
• execute /bin/login program;
• After successful login, shell take over the machine
Daemons
• Process that are continuously operational.
• Linux daemon is a background process.
• One can query its status any time.
• Daemon starts at bootup, right after kernel • Daemon starts at bootup, right after kernel initializes
• Daemons are responsible to sort out the incoming stream of data, matching parameters and determining priority each command receives.
Daemons
• Daemons monitor the system
-Cron Daemon
works periodically to manage automatic processes.automatic processes.
System-Specific Daemon
• Inetd is a daemon that controls and manages several other daemons.
• It calls those daemons that are needed by the system to perform various duties.system to perform various duties.
• Inetd requires root access to run, hence, it is extremely powerful and can call certain processes into life and kill them as well.
• Inetd relies on configuration file /etc/inetd.conf for spawning any process.
TCP_WRAPPERS
• Inetd maintain control over the ports and monitor what services are started through a program named – Tcp_Wrappers.
• Tcp_wrappers allow better access control and • Tcp_wrappers allow better access control and logging of network daemons.
• Tcp_wrappers uses the tcpd daemon which acts a filter on a particular port until the appropriate call is made.
Controlling Generic Daemons
• You can choose what daemons you want to startup automatically by either running the command
– /sbin/check-config, or– /sbin/check-config, or
– /usr/sbin/ntsysv
• The normal options used while configuring these daemons are – status, start, stop, or restart.
Start Up Scripts
• Rc files control daemons.
• Two basic locations for bootup scripts:-
- /etc/rc.d directory (global) – start deamon when run level changesdeamon when run level changes
- user’s own directory – certain programs start automatically at login
Start/stop deamon
• Admin can issue the command and either start, stop, status, restart or reload option
• i.e. to stop the web server:
– cd /etc/rc.d/init.d/ – cd /etc/rc.d/init.d/
– (or /etc/init.d/ for S.u.s.e. and Debian)
– httpd stop
Security
Administering Passwords• Examining Basic Security
– Attacks from your own system users.
– Growth of Internet has multiplied potential targets exponentially
– Many crackers use drift-net methods for locating, – Many crackers use drift-net methods for locating, identifying and ensnarling vulnerable machines.
– Recognize & become familiar with the weakness of your Linux Distribution
• Subscribe to BugTraq or any other vulnerability mailing lists
Precautions to secure Linux System
– Learn how to implement safety measures & take a proactive approach.
– Know how to fix the system and clean-up after a suspected break-in.suspected break-in.
– Be able to prevent any future security breaches.
Knowing Your Linux Release– Many Linux Distributions are wide open to security
breaches as they leave certain programs running that should not be enabled by default.
– Subscribe to Red Hat’s newsletter for example & stay up to date on exploits.
– Surf the Linux weekly news page to become familiar with basic Linux jargon, procedures and tools.
– See the site http://www.securityfocus.com formely known – See the site http://www.securityfocus.com formely known as BugTraq to know anything related to security crisis.
– The CERT mailing list and security site (http://cert.org/) exposes weaknesses for the purpose of strengthening systems.
Keeping Users in Check
Creating and keeping the passwords up to date.
– Aging Measures
After a certain period of time, users need to issue the system a new password.to issue the system a new password.
– Encrypt Password Files
Using gpasman program
Managing Connections
Security that should be taken care of when sharing server with other users.– Sniffing Packets
• Packet Sniffer – A program that captures and views the packets as they are transmitted on your machine. Its packets as they are transmitted on your machine. Its power can be abused in the wrong hands.
• A Keyboard Logger – A program that track the key pressed during your period of connectivity can also be a potential threat. This means passwords can be transmitted insecurely to the system & can be viewed when in transit as well.
Precautions
• Run ps command periodically to identify both – the process and the user
• Determine the user’s connection by executing either a w or who command.a w or who command.
• Determining a packet sniffer on monitoring your connections, change all passwords immediately.
• Run the last command to see who had logged in during that period.
• Cancel that person’s account who is found sniffing packets.
Securing Shell with ssh
• An encrypted connection from one machine to another that prevents a mediocre cracker from gaining too much information from the connection.connection.
• The ssh utility runs as a background daemon and should be started upon bootup.
• The daemon files are located in /usr/local/ sbin
…Security...• Logging into other systems using ssh
– Must install or configure ssh to run on the client and sshd or the ssh daemon to run on the server.
• Securely Copying Files across Machines
– Use the scp command to copy over the data files remotely. The scp program is a part of ssh remotely. The scp program is a part of ssh package.
– A status bar appears that show in percentages the amount of data successfully transferred.
Firewalling your System
– Firewall utilities that set up Name Address Translation are available as Patches that you can apply to the kernel.
– With NAT you can provide non-routable IP addresses to machines within your internal & have addresses to machines within your internal & have those then route out through your gateway/ firewall.
– This allows a nearly limitless number of unique addresses for internal boxes without purchasing expensive routable IP addresses
Filtering Packets on the Server Level
• Default method of creating a Linux firewall is with Ipchains( The tool that talks to the kernel and tells it what packets to filter )– It is a successor to the earlier program – ipfwadm
– Ipchains is implemented for closing ports and allowing traffic – Ipchains is implemented for closing ports and allowing traffic through from specific hosts.
– Ipchain script is a customized script thereby firewall can attain varying levels of security.
– Ipchain is very useful for IP masquerading
• Another program is netfilter which accomplishes both – packet filtering and static NATing on the server level.
Patches
• Available Targets Under Ipchains
ACCEPT Allow a packet to come through
DENY Drops the packet silently
REJECT Notifies the sender that the packet is dropped.
MASQ Masquerades the packet.
REDIRECT Sends the packet to a port on the firewall or the routing Linux machine.
RETURN Transfers the packet to the end of the current chain
Gaining Added Security
Several programs are available on the internet to keep the system secure and in checking the intruders.
Tripwires: (Proactive Approach)» Tripwire is a program for checking the current files on the
Linux system.
» This program generates a database of the existing » This program generates a database of the existing directories and files on a newly installed system and then periodically checks for changes to the files.
» On finding any change to a system file, Tripwire sends an E-mail to notify you about the modification.
» Install this program immediately after installing Linux on your machine.
Gaining Added Security• Creating Bad passwords: (Reactive Approach)
The program crack is used to test the passwords of the users and see whether any of them ‘crack’ when run against dictionary list and when tested with a decryption algorithm.
• Securing Your Linux Box
Jay Beale and the Bastille Project Developers developed a set of Perl scripts that shore up the most blatant security set of Perl scripts that shore up the most blatant security flaws and discretions.
– Bastille Linux aims to be the most comprehensive, flexible and educational security handling program for Red Hat Linux
Version 6.1 & down.
– You have choices between two different methods:» Interactive Bastille.pl text user interface + BackEnd.pl script
» AutomatedBastille.pl script
Cleanup Compromised Boxes1. Disconnect the machine immediately from the
network.
2. Take extreme care when becoming root and use absolute paths when executing commands or programs.programs.
3. Check PATH to ensure it is still the same as before.
4. If the root has been compromised then there is no other alternative than to reformat.
5. If you can see the cracker, he/she can also see you. Hence you will have to be very quick.
Cleanup Compromised Boxes
6. Do not become that user in order to move to cracker’s home directory.
7. When Root is compromised:
– Disconnect that user from off the system.
– Make sure you know his point of origin i.e his IP – Make sure you know his point of origin i.e his IP address.
– Place an entry in hosts.deny file denying his access from the last location.
– Shut down all access from outside your network.
– Decide whether to reformat or restore needed files from a prestine backup.
Cleanup Compromised Boxes
• Tracking down the Culprit
– Find the method with which that user gained access to the system.
– Check to see what it does. Use any text editor to – Check to see what it does. Use any text editor to view the contents.
– Check whether it is binary or a shell script.
– Use string program to find any questionable strings such as e-mail addresses to forward snooped data.
– Make certain that the user is off the system.
Cleanup Compromised Boxes
• Guilty User
– If regular user, get in contact with him/her.
– If a minor or juvenile, informing parents and cancelling account would be sufficient.cancelling account would be sufficient.
– If a regular user with valid account, confront that person with proof
– If that person is not only damaging but also utilizing company resources to advance his/her aims elsewhere, contact criminal authorities to pursue the matter more fully.
Cleanup Compromised Boxes• Ransacking the Log
– Check to see when the cracker last logged in
– Contact the cracker’s ISP
– Refer to ftp log file - /var/log/xferlog to know about all downloads and uploadsabout all downloads and uploads
– Check who recently became superuser
– Check /tmp to see that no one is running an executble from that location.
– Use ps command with grep to isolate any rogue pocess.
– Do not reboot the system untill you either kill off the process or stop it.
Linux files structure
Linux files structure
• /– This is referred to as the root directory. It's the baseline for the
directory structure, which is important when navigating from one directory tree to another.
• /bin – Contains essential programs for the operating system in executable
form.
• /boot – This directory, as the name suggests, contains the boot information for
Linux, including the kernel.Linux, including the kernel.
• /dev – In Linux, devices are treated in the same way as files, so they can be
read from and written to in the same way. So, when a device is attached, it will show up in this folder. Bear in mind that this includes every device in the system, including internal motherboard devices and more.
• /etc
– The default configuration files for Linux applications are stored in this directory. These are text files can be easily edited, but bear in mind that they can sometimes be overridden by copies of the files elsewhere on the system.
• /home
– This is where the computer's users files are kept, so in a way it is Linux's equivalent to Windows' "My Documents". Each user gets their own named directory, and security permissions can be set so that users can view and edit, view only, or if required not even see the contents of other users' home directories. the contents of other users' home directories.
• /lib
– This directory contains shared libraries for use by applications running on Linux, similar to Windows' DLL files.
• /lost+found
– This is Linux's rescue directory, so that in the event of a crash or other serious event files are stashed here to enable recovery.
• /mnt – In Linux, every storage device is treated as just another
directory. This includes floppy disks, hard drives, CD/DVD ROMs and USB card devices. Since it is very unlikely to ever concern you with a dedicated server it is not covered here, but just know that this is the directory in which storage devices are "mounted."
• /proc – This "virtual" directory contains a lot of fluid data about the
status of the kernel and its running environment. Since Linux status of the kernel and its running environment. Since Linux treats everything as files, you can view this data using text viewing software, and though even editing these files is sometimes possible,.
• /root – Rather than being part of the /home directory, the superuser
(or root user)'s directory is placed here. Remember that this is not the same thing as the root directory of the system (/).
• /sbin
– This is where system administration software is stored. Unlike applications in the /bin folder, the root user is usually the only user who can run these.
• /tmp
– Applications store their temporary files in this directory.
• /usr
– This directory is where users' applications are stored, including the – This directory is where users' applications are stored, including the executables, and also sometimes the source code, along with any images and documentation.
• /var
– Similar to /proc, this directory contains data concerning the status of running application, including many log files. This is worth knowing, because these can be viewed in the event of a system error to help in diagnosing the problem.
The EXT2 File System
The Second Extended File System• The Second Extended File system was
devised (by Rémy Card) as an extensible and powerful file system for Linux.
• It is also the most successful file system so far in the Linux community and is the basis far in the Linux community and is the basis for all of the currently shipping distributions.
• Due to this, it is extremely well integrated into the kernel, with good performance enhancements.
Ext2 File System Layout
BLOCK GP BLOCK GP . . . . . . . . . . BLOCK GP BLOCK GP
0 1 N-1 N
SUPER BLOCK GROUP DESCRIPTOR
BLOCK BITMAP
INODE BITMAP
INODE TABLE
DATA BLOCKS
Partition Layout – ext2
• The Boot sector block is optional, not required if you do not want to make this partition bootable
• Each Block group has the same number of available data blocks and inodesavailable data blocks and inodes
• Having multiple block groups helps counter fragmentation, improves reliability (since backups of the superblock are there) and even speeds up access as the inode table is near the data blocks –reduced seek time for data blocks
Partition layout – ext2
• not all block groups have the superblock . The firstblock group however, must have it, and it is theblock group however, must have it, and it is theone used by the kernel. Others are backups to beused by filesystem checkers for consistencychecks.
Some definitions• Boot sector – Block which may contain the stage 1 boot
loader and which points to the stage 1.5 or stage 2 boot loader
• Superblock – The filesystem header, identifies and represents the filesystem and provides relevant information about the fs. It must be present at block 1 if a boot sector is present, otherwise at block 0if a boot sector is present, otherwise at block 0
• FS/Group descriptor – Pointers to the bitmaps and table in the block group
– It contains a group descriptor data structure for every block group.
– The group descriptor stores the address of block bitmap and inode bitmap for the block group.
Some definitions• Block bitmap – Block usage information, tells which
blocks in the block group are empty(0) or used(1)
• Inode Bitmap – Inode usage information i.e allocation status of the inodes in the group.
• Inode table – Table of the inodes. Each inode provides necessary and relevant information about each file.
• Inodes
– Each inode corresponds to one file, and it stores file’s primary metadata, such as file’s size, ownership, and temporal information.
– Inode is typically 128 bytes in size and is allocated to each file and directory
Data blocks – blocks where the data is stored!
Inode
• inode definition
An inode is a data structure on a traditional Unix-style file system such as UFS or ext3. An inode stores basic information about a regular inode stores basic information about a regular file, directory, or other file system object.
Use ls -i command to see inode number of file
$ ls -i /etc/passwd
Metadata Concepts
Super Block
Group Desc Table
Block Bitmap
Group 0
Inode Bitmap
Inode Table
Block Bitmap
Block Bitmap
…Group 1
Group n
Inode Bitmap
Inode Table
Inode Bitmap
Inode Table
Metadata Concepts
• Superblock:
– The Ext2 superblock is located 1024 bytes from the start of the file system and is 1024 bytes in sizesize
– Back up copies are typically stored in the first file data block of each block group
– It contains basic information of the file system, such as the block size, the total number of blocks, etc.
The Ext2 Superblock• The Superblock contains a description of the basic size and
shape of this file system.
• System keeps multiple copies of the Superblock in many Block Groups.
• It holds the following information :
Magic Number : 0xef53 for the current implementation.
Revision Level : for checking compatibility Revision Level : for checking compatibility
Mount Count and Maximum Mount Count : to ensure that the filesystem is periodically checked
Block Group Number : The Block Group that holds this copy of Superblock.
Block Size : size of block for the file system in bytes.
The Ext2 Superblock
Blocks per Group : fixed when file system is created – the block bitmap must fit into 1 block, hence number of
blocks per group = 8*block size
Free Blocks : Number of free blocks in the system –excludes the blocks reserved for rootexcludes the blocks reserved for root
Free Inodes : Number of free Inodes in the system –excludes inodes reserved for root
First Inode : The first Inode in an EXT2 root file system
would be the directory entry for the '/' directory.
Metadata ConceptsInode Structure
Inodes • The inode holds specific information about the file such as:
– The permission mode assigned to that file – The number of links in place for the file– The file owners UID number– The group GID number– The file size represented in bytes– The address of the datablocks (or major and minor device
numbers)numbers)– The time the file was last modified– The time that file was last accessed – The time any part of the inode was changed
When an inode resides on the disk it is called a disk inode,however when a file is opened, the kernel puts the inode ontoa generic inode table and the inode is called a generic inode.
The Ext2 Inode• Direct/Indirect Blocks : Pointers to the blocks
that contain the data that this Inode is describing.
• Timestamp: The time that the Inode was created and the last time that it was modified.created and the last time that it was modified.
• Size : The size of the file in bytes.
• Owner info : This stores user and group identifiers of the owners of this file or directory
• Mode : This holds two pieces of information; what this inode describes and the permissions that users have to it .
Metadata Concepts
• Inode Allocation:
– If a new inode is for a non-directory file, Ext2 allocates an inode in the same block group as the parent directory.parent directory.
– If that group has no free inode or block, Ext2 uses a quadratic search (add powers of 2 to the current group)
– If quadratic search fails, Ext2 uses linear search.
Metadata Concepts• Inode Allocation:
– If a new inode is for a directory, Ext2 tries to place it in a group that has not been used much.
– Using total number of free inodes and blocks in the superblock, Ext2 calculates the average free inodes superblock, Ext2 calculates the average free inodes and blocks per group.
– Ext2 searches each of the group and uses the first one whose free inodes and blocks are less than the average.
– If the pervious search fails, the group with the smallest number of directories is used.
Indexing and Directories• The content of directories is a list of directory
entry data structure, which describes file name and inode address.
• The length of directory entry varies from 1 to 255 bytes.255 bytes.
• There are two fields in the directory entry:– Name length: the length of the file name
– Record length: the length of this directory entry
Indexing and Directories
When Ext2 wants to delete a directory entry, it just increase the record length of the previous entry to the end to deleted entry.
Standard Ext2 Features• The Ext2fs supports standard Unix file types: regular files,
directories, device special files and symbolic links.
• Ext2fs is able to manage filesystems created on really big partitions. While the original kernel code restricted the maximal filesystem size to 2 GB, recent work in the VFS layer have raised this limit to 4 TB. Thus, it is now possible to use big disks without the need of creating many partitions.
• Ext2fs provides long file names. It uses variable length directory entries. The maximal file name size is 255 characters. This limit could be extended to 1012 if needed.
• Ext2fs reserves some blocks for the super user (root). Normally, 5% of the blocks are reserved to recover data in case of damage
Ext3 Filesystem
• Ext2 and Ext3 are the default Linux file system.
• Ext3 is the new version of Ext2 and adds journaling mechanism, but the basic structures are the same.structures are the same.
• The metadata is stored throughout the file system, and the metadata which is associated with a file are stored “near” it.
Ext3 File System
• A Journaling File System is a type of file system that allows the OS to keep a log of all file system changes before writing the data to disk. disk.
• This log is called a journal, and it is usually a circular log in an especially-allocated area of the file system.
• Other file systems like NTFS, JFS, JFS2 and ReiserFS offers similar capabilities.
Journaling
• A file system journaling records updates to the file system can be recovered after a crash.
• There are two modes of journaling:
– Only metadata updates are recorded– Only metadata updates are recorded
– All updates are recorded
• Journaling in Ext3 is done at block level
• The first block in the journal is journal superblock, and it contains the first logging data address and its sequence number.
Journaling• Journaled file system records information in a log
area on a disk during each write.• Once the log is updated the system then writes the
actual data to the appropriate areas of the filesystemand marks an entry in the log to say the data iscommitted.
• Updates are done in transactions, and eachtransaction has a sequence number.
• Each transaction starts with a descriptor block thattransaction has a sequence number.
• Each transaction starts with a descriptor block thatcontains the transaction sequence number and a listof what blocks are being updated.
• Following the descriptor block are the updatedblocks.
• When the updates have been written to disk, acommit block is written with the same sequencenumber.
Transaction Sequence• A transaction sequence is made up of the following
components:
• Descriptor block: Every transaction initiates with a blockthat describes the beginning of the transaction
• Metadata block: There can be one or many metadatablocks for each transaction, this blocks are where thechanges are recordedchanges are recorded
• Commit block: Depending on the journal mode,basically this block indicates the end of a successfultransaction.
• Revoke block: If there is an error during the operation arevoke block is created and holds a list of the file systemblock that needs to restore during a consistency check.
Journaling
Advantages of Ext3• Availability
The amount of time that the e2fsck program takes is determined primarily by the size of the file system, and for today's relatively large file systems, this takes a long time. The time to recover an ext3 file system depend on the size of the file system or the number of files
• Data IntegrityUsing the ext3 file system can provide stronger guarantees about data integrity in case of an unclean system shutdown as choose the type and level of protection that your data receives. the type and level of protection that your data receives.
• Speed
Despite writing some data more than once, ext3 is often faster (higher throughput) than ext2 because ext3's journaling optimizes hard drive head motion. You can choose from three journaling modes to optimize speed
• Easy TransitionIt is easy to change from ext2 to ext3 and gain the benefits of a robust journaling file system, without reformatting.
Available Journaling OptionsExt3 offers three modes of journaling:
• writeback
– Only logs changes to file system metadata butrelies on the standard file system write process towrite file data changes to disk.
– This is the fastest Ext3 journaling mode.– This is the fastest Ext3 journaling mode.
• ordered
– Only logs changes to file system metadata (inodes),but flushes file data updates to disk before makingchanges to associated file system metadata,keeping the journal synchronized with data writes.
– This is the default Ext3 journaling mode.
Available Journaling Options
• Journal –
– Logs all file system data and metadata changes.
– This journaling mode minimizes the chance oflosing the changes you have made to any file in anlosing the changes you have made to any file in anExt3 file system.
– This approach has a penalty in performance sincedata is being written twice (once to the journal, asecond time to the file system), making it theslowest of the three journaling modes.
Repairing Linux ext2 or ext3 file system
1) File system must be unmounted, you cannot repair it while it is running. Take system down to runlevel one
2) Unmount file system2) Unmount file system
3) Now run fsck on the partition fsck will check the file system and ask which problems should be fixed or corrected.
4) Once fsck finished, remount the file system
5) Go to multiuser mode
common options with fsck
-t to specify the file system type
-p Automatic repair (no questions)
-n Make no changes to the filesystem
-y Assume "yes" to all questions-y Assume "yes" to all questions
-c Check for bad blocks and add them to the badblock list
-f Force checking even if filesystem is marked clean
-v Be verbose
The exit code returned by fsck
0 - No errors1 - File system errors corrected2 - System should be rebooted4 - File system errors left uncorrected4 - File system errors left uncorrected8 - Operational error16 - Usage or syntax error32 - Fsck canceled by user request128 - Shared library error
Utilities of FS Check• tune2fs : The frequency of the checks at system
reboot can be changed with tune2fs. This utility can also be used to change the mount count, which will prevent the system from having to check all filesystems at the 20th reboot
• dumpe2fs:The dumpe2fs utility will provide important information regarding hard disk operating important information regarding hard disk operating parameters found in the superblock i.e. prints the super block and blocks group information for the filesystem present on device.
• Badblocks: badblocks is used to check a filesystem for bad blocks.
• debugfs :remove areas grown bad on the disk can be
Linux File Hierarchy Principles• A single-rooted, inverted-tree structure is used for organizing files and directories, including distinct physical volumes, such as floppy disks, CD-ROMs, and multiple hard drives. • The base of the inverted-tree hierarchy is known as root, or /, and is the top of the file structure.
• Names in the Linux file hierarchy are case sensitive.
• Each shell and process on the system has a designated current or • Each shell and process on the system has a designated current or working directory.
• Two dots (..) refer to the parent directory of any particular directory whereas One dot (.) refers to the current directory.
• Files and directories whose names begin with a dot (.) are hidden, that is, they are not displayed by default in file-name listings.
• A user's path is a list of directories that are searched for commands typed at the command line.
File and Directory Names
• With the default filesystem, file names may have up to 255 characters. (Depending on the configuration of your system, different restrictions may apply.)
• File names generally consist of letters, numbers, and certain punctuation marks. All other characters, except the forward slash (/), are valid.
• Some special characters are best avoided in file names. Avoid the following: <, >, ?, *, and ". Also avoid using tabs, spaces, and other non-printable characters.other non-printable characters.
• If you do need to access a file with special characters, enclose the file name in quotation marks.
For example: ls -l "file name with spaces.txt“
• If you remove the quotation marks from the above example, you would be asking the system to list four different files. Also keep in mind that file names are case sensitive.
Absolute and Relative Path Names
• An absolute path name has these characteristics:– Begins with a forward slash (/)– Contains the complete name of each directory that must be
traversed from the root file system up to the object being named
– Can be used anytime, and is valid regardless of the current directory
– Can be used anytime, and is valid regardless of the current directory
• A relative path name has these characteristics:– Does not begin with a forward slash (/)– Specifies the location of the file or directory relative to the
current working directory– Is usually shorter than the respective absolute
Mounting/Unmounting
• floppies, CDs, hard disk partitions, and other storage devices must be attached to some existing directory on your system before they can be accessed. This attaching is called mounting, and the directory where the device is attached is called a mount point. the device is attached is called a mount point.
• The mount point must be a directory that already exists on your system.
• When you're done and want to remove the floppy or CD or other device, you need to detach, unmount, it before removing it.
How to mount
For example, to mount your floppy:$ mount /dev/fd0 /mnt/floppy
/dev/fd0 is your floppy drive, and /mnt/floppy is the mount point.
when you access /mnt/floppy, you'll actually access the files on your floppy.files on your floppy.
if /mnt/floppy is the default mount point for /dev/fd0 (or whatever your floppy drive is), this would mount your floppy:$ mount /mnt/floppy
The default mount points for different devices are configured in a file called /etc/fstab. The root user can freely edit the mount points configured in that file.
How to unmount
Unmounting is done with the umount command
When unmounting, you'll need to tell umount what mounted device to unmount, either by telling what's the device or the mount point. the device or the mount point.
For example, if /dev/fd0 is mounted to /mnt/floppy, you'll unmount it with$ umount /mnt/floppyor$ umount /dev/fd0
Different file types
• Regular files
– it is a one dimensional assortment of bytes that are stored on a disk or other mass storage devices.
– There are many different types of regular files, – There are many different types of regular files, text, binary, executable etc.
– A regular file is referenced by an inode number
Different file types
• Directory File
– it is a file that provides a mapping mechanism between the names of files and the files (datablocks) themselves. (datablocks) themselves.
– holds inode numbers and filenames.
– If you delete a file from a directory the entry in the list is zeroed and this is then called a shadow inode. The inode is then freed up.
Different file types
• Device Files– A device file refers to a device driver
– Can create a device file using the mknod command.
– The files in /dev are used to ensure that we can access hardware such as the printer, cdrom, network etc. hardware such as the printer, cdrom, network etc.
– Here we can read and write directly to the device, so the user issues a system call to a device, the kernel performs a successful open on that device,
– if busy the read/write routine cannot operate, if not busy then reads or writes directly to that device.
different types of device files• Character device files
– writes to and from the device a character at a time. Indicated by a "c" in the first field. Very little preliminary processing required by the kernel so the request is passed directly to the device.
– Examples: Virtual terminals, terminals and serial modems etc etc
• A block device files– only receives a request once block buffering has taken
place in the kernel. Indicated by a "b" in the first field. A filesystem is an example of a block buffering device.
– Talks to devices 1 block at a time ( 1 block = 512 bytes to 32KB)
– Examples: Hard disk, DVD/CD ROM, and memory regions etc
Link Files
• Hard Links
Inodes are associated with precisely one directory entry at a time. However, with hard links it is possible to associate multiple directory entries with a single to associate multiple directory entries with a single inode.
To create a hard link use ln command as follows:# ln /root/file1 /root/file2
Link Files
• Symbolic Link
Symbolic links refer to a symbolic path indicating the abstract location of another file.
To create symbolic link :To create symbolic link :
$ ln -s /path/to/file1.txt /path/to/file2.txt
Differences between hardlinks and symlinks
1. You cannot create a hardlink for a directory.
2. If you remove the original file of a hardlink, the link will still show you the content of the file.
3. A symlink can link to a directory.
4. A symlink, like a Windows shortcut, becomes 4. A symlink, like a Windows shortcut, becomes useless when you remove the original file.
5. Hard links always refer to the source, even if moved or removed.
6. Symbolic links are not updated when the source of the link is moved or removed.
Named Pipes
• A named pipe (FIFO) is a file that allow two processes to communicate with each other if the processes are on the same computer but are not related to each other.
• FIFO means, the order of bytes going in is the same coming out.FIFO means, the order of bytes going in is the same coming out.
• The “name” of a named pipe is actually a file name within the file system.
• to create a named pipe with the name pipe1 give the command:– mkfifo pipe
Reading/ Writing data from/to a FIFOIn the first terminal• $ cat > fifo we are experimenting with the FIFO This is second
line. After opening the fifo in the second terminal for reading/using cat, you will notice the above two lines displayed there.
Now open the second terminal and go to the directory containing the FIFO ‘fifo’
• $ cat fifo we are experimenting with the FIFO This is second • $ cat fifo we are experimenting with the FIFO This is second line. After opening the fifo in the second terminal for readingNow keep on writing to the first terminal. You will notice that every time you press enter, the corresponding line appears in the second terminal.
• Pressing CTRL+D in the first terminal terminates writing to the fifo. This also terminates the second process because reading from the fifo now generates a “BROKEN PIPE” signal. The default action for this is to terminate the process.
The Power of root, The Power of root, Managing users and
File systems
Types of Users
Every file on Linux system including directories, is owned by a specific user and group.
User: The username of the person who owns the file.the file.
Group: The usergroup that owns the file.
Others: Everyone else who has an account on the system.
Superuser• A special user who has access to all files regardless of
access privileges. The user Id of root is 0.• Maintains total control over accounts and files.• files such as those found in /usr/bin and /sbin are
owned by the root or superuser, which has control over all system files.Root controls the creation of normal user accounts • Root controls the creation of normal user accounts and assigning new passwords.
• Root has the power to change separate user passwords globally.
• Search and remove suspected files using locate and file command
Need for the root accountRoot login is required to perform actions which change
the settings for all system-wide users or to modify the users’ accounts. We shall also have to use the root account for certain system operations:
• To add new users to the system and administer the user data. user data.
• To install system-wide software.
• To configure I/O devices like – a scanner or a TV tuner card, for example.
• To configure system services like – a web or FTP server.
Access Permissions
• File permissions are three sets or groups of three bits: r, w and x.
• Each character is assigned a value.
– R(read) is given an octal value of 4
– W(write) is given an octal value of 2– W(write) is given an octal value of 2
– X(execute) is given an octal value of 1
• In Linux, it requires only the permission to be altered in order to execute scripts or programs.
Changing Permissions
• Chmod command enables you to change a file’s attributes.
• The letters a,u,g,o along with the signs(+,-) are used to take or give away permissions.used to take or give away permissions.
• Another method of setting the permissions is by changing the octal value of a file or a directory.
• The same rules for setting the permissions on files apply to directories.
Changing Ownership
• The command chown changes the user ownership of a certain file while chgrp changes the group ownership.
• To change these settings, you should either • To change these settings, you should either directly own the file or have a root permission to do so.
Set user ID, set group ID, sticky bit • SUID or setuid: change user ID on execution. If setuid bit is set,
when the file will be executed by a user, the process will have the same rights as the owner of the file being executed.
chmod u+s myfile
• SGID or setgid: change group ID on execution. Inherits rights of the group of the owner of the file on execution. For directories it also may mean that when a new file is created in the directory it will inherit the group of the directory (and not of the user who will inherit the group of the directory (and not of the user who created the file).
chmod g+s myfile
• Sticky bit. It was used to trigger process to "stick" in memory after it is finished, now this usage is obsolete. Currently its use is system dependant and it is mostly used to suppress deletion of the files that belong to other users in the folder where you have "write" access to.
chmod +t data
Numeric representation Octal digit Binary value Meaning
0 000 setuid, setgid, sticky bits are cleared
1 001 sticky bit is set
2 010 setgid bit is set
3 011 setgid and sticky bits are set
4 100 setuid bit is set
5 101 setuid and sticky bits are set
6 110 setuid and setgid bits are set
7 111 setuid, setgid, sticky bits are set
The Powers of Root….
• A superuser maintains total control over the accounts and files on the system
• Each user is given a private account with certain permissions.certain permissions.
• Root controls the creation of user accounts.• useradd newperson
Safeguard Root Password
• Do not write root password anywhere.
• Think twice before becoming root.
• Always keep the differentiation with the shell prompt when logging as root and when logging as a regular user.logging as a regular user.
• Be sure to create backup copies of any key files you might edit or unable to restore in case they are corrupted.
• Be authoritative and exercise self control as root.
Establish AUP
• AUP is a document that state what is allowable on the machine and the things for which a user would be held accountable.
• All users must be aware of the rules before • All users must be aware of the rules before granting them an account.
• Administrator cannot be held liable for any issue for which he or she does not have any power.
Find command• It is hard drive intensive as well incur a larger
share of CPU cycles, but can detect nearly all files.
• You can search for files by name, owner, group, type, permissions, date, and other group, type, permissions, date, and other criteria.
• The search is recursive in that it will search all subdirectories too.
Locate command
• Relies upon self generated database of files that either the user must initialize or the system must perform automatically on a regular basis.
• This database is highly configurable and desired directories can later be dismissed or used exclusively.directories can later be dismissed or used exclusively.
• Operates quicker and is less hard drive and CPU-intensive, but if files are changed since the last database rotation, the command will not find the file in question.
Netstat command
• A useful tool for displaying the status of all TCP/IP network services.
– Protocol used, bytes in queues, the address of remote hosts and the socket stateremote hosts and the socket state
• Use –a option to list all active sockets
• Use –e to display current users using the socket
• Use –n to display the IP address
Powers of Root
• Adjust system resources and quotas
• Change the ownership of any file or directory
• Create directories and device files in any location including those that root does not specifically own
• Configure network interfaces
• Manage all configuration files
• Mount and unmount file systems
• Set the system clock
• Shut down the system cleanly
Ways to become Root and/or any other user
• By simply entering su– Will give you root authority in the same working
directory retaining the same environmental variables as those of the original user.
• By su-• By su-– Will give you access to the same accounts
normally granted to root.
• By su- <username>– Will give you the same permissions, paths and
default locations as that user is.
Changing Directory Ownership
• Rules applied to files also apply to directories.
• To place files at a place other than your home directory, you need to create a new directory in new location as a root and then change ownership over location as a root and then change ownership over yourself.
• To create a new directory, the /tmp directory is available for general users.
– Admin should periodically check and delete the contents of /tmp.
– Cron jobs normally clear out older files from /tmp after a certain period of time.
Users needed for Maintenance…• /etc/passwd and /etc/group files show various non-
existing users that perform system functions only.
• They exist for security purposes and mostly run processes such as daemons and other processes.
• Some such users are:• Some such users are:
– User bin:• Has /bin as its home directory which contains all binaries that are
required for system maintenance and operational checks.
– User daemon:• Most daemons have a low UID and are used to execute scripts or
programs at the appropriate time with limited scope and functionality.
…Users needed for Maintenance
• User nobody:
– With UID 99, it is a catchall user for software that doesn’t need or shouldn’t have special permissions.
• Apache Web Server uses it to run all httpd processes.
• NFS daemon uses it for secure file servers on a network.• NFS daemon uses it for secure file servers on a network.
• User fingerd:
– the purpose of this daemon is to locate and identify unique users on each separate Linux system.
Expiring and Locking Password
• Expire a user’s password after a certain date using usermod command with :
– –e option (disable certain user’s password on a specific date)specific date)
usermod –e 10/31/10 mca1
– -L option : to lock an account
usermod –L mca1
– -U option : to unlock an account
usermod –U mca1
Encrypting Passwords
• /etc/passwd file– Has permission 644
• /etc/shadow file– Has permission 400– Has permission 400– More secure due to MD5 hashing of
password in /etc/passwd file and then encrypted with libc’s crypt() function.
Managing new users• To create a regular user account use
– /usr/sbin/adduser command
• Methods– Textual (command line)
– GUI Tools– GUI Tools
• Possible Settings– Determine user’s home directory
– Set quotas
– Permit access to network interface
– Determine other variables of the user’s profile
Using Command Line
• Best method if logged in remotely.
• Does not require a high quality video card.
• Very quick.
• Save disk space by not installing X-Window • Save disk space by not installing X-Window files.
• Minimizes CPU usage.
• Useful when performing repetitive tasks.
Manually configuring accounts• useradd command (a root owned process)
– Creates new files and directories
– Access files owned by root
– Located in /usr/sbin
– Goes through a series of steps in creating files, – Goes through a series of steps in creating files, adding directories.
• Use absolute path depending how you logged in
• Creates home directory and installs user in /etc/passwd and /etc/group files.
• Places specific dotfiles within that user’s home dir based on the contents of the /etc/skel directory.
• Set password using passwd command.
…Manually configuring accounts
• Removing users using userdel command
– Located in /usr/sbin directory
– Search through /etc/passwd and /etc/group files and remove any references and remove any references
– Use –r to remove all the files and directories owned by the user
To remove the user mca1, execute the command:
/usr/sbin/userdel –r mca1
Using GUI Tools• Linuxconf : default tool for most of configuration tasks
by Red Hat.– Was first included in Red Hat 5.1– Helps configure nearly all aspects of the Linux OS– Excellent tool for setting up printers, enabling modems and
dial-up accounts and editing the network configuration.– Easy to use and helpful for beginners– Easy to use and helpful for beginners– Comes in a variety of versions. The most common is
GNOME-based Linuxconf.– Used to edit and manage user accounts and also control
various aspects of the system.– Can be used to configure daemons and processes such as
SAMBA and sendmail.– Setting the default shell & listing all available shells.– Enables to edit and modify existing partitions.
Ways to Run Linuxconf
• Command Line Mode– Enable to view scripts so that they can be edited properly.– Quickest way to access a remote system and edit settings.
• Character Cell Mode• GNOME-Linuxconf• GNOME-Linuxconf• Web-basedDefault: depending on $DISPLAY variable, will normally
start as GNOME-Linuxconf or as the character cell.
