So, finally after long time, i am able to figure out the difference between forking and threading :)
When i have been surfing around, i see a lots of threads/questions regarding forking and threading, lots of queries which one should be used in the applications. So i wrote this post which could clarify the difference between these two based on which you could decide what you want to use in your application/scripts.
What is Fork/Forking:
Fork is nothing but a new process that looks exactly like the old or the parent process but still it is a different process with different process ID and having it’s own memory. Parent process creates a separate address space for child. Both parent and child process possess the same code segment, but execute independently from each other.
The simplest example of forking is when you run a command on shell in unix/linux. Each time a user issues a command, the shell forks a child process and the task is done.
When a fork system call is issued, a copy of all the pages corresponding to the parent process is created, loaded into a separate memory location by the OS for the child process, but in certain cases, this is not needed. Like in ‘exec’ system calls, there is not need to copy the parent process pages, as execv replaces the address space of the parent process itself.
Few things to note about forking are:
The child process will be having it’s own unique process ID.
The child process shall have it’s own copy of parent’s file descriptor.
File locks set by parent process shall not be inherited by child process.
Any semaphores that are open in the parent process shall also be open in the child process.
Child process shall have it’s own copy of message queue descriptors of the parents.
Child will have it’s own address space and memory.
Fork is universally accepted than thread because of the following reasons:Development is much easier on fork based implementations.
Fork based code a more maintainable.
Forking is much safer and more secure because each forked process runs in its own virtual address space. If one process crashes or has a buffer overrun, it does not affect any other process at all.
Threads code is much harder to debug than fork.
Fork are more portable than threads.
Forking is faster than threading on single cpu as there are no locking over-heads or context switching.
Some of the applications in which forking is used are: telnetd(freebsd), vsftpd, proftpd, Apache13, Apache2, thttpd, PostgreSQL.
Pitfalls in Fork:- In fork, every new process should have it’s own memory/address space, hence a longer startup and stopping time.
- If you fork, you have two independent processes which need to talk to each other in some way. This inter-process communication is really costly.
- When the parent exits before the forked child, you will get a ghost process. That is all much easier with a thread. You can end, suspend and resume threads from the parent easily. And if your parent exits suddenly the thread will be ended automatically.
- In-sufficient storage space could lead the fork system to fail.
What are Threads/Threading:Threads are Light Weight Processes (LWPs). Traditionally, a thread is just a CPU (and some other minimal state) state with the process containing the remains (data, stack, I/O, signals). Threads require less overhead than “forking” or spawning a new process because the system does not initialize a new system virtual memory space and environment for the process. While most effective on a multiprocessor system where the process flow can be scheduled to run on another processor thus gaining speed through parallel or distributed processing, gains are also found on uniprocessor systems which exploit latency in I/O and other system functions which may halt process execution.
Threads in the same process share:Process instructions
Most data
open files (descriptors)
signals and signal handlers
current working directory
User and group id
Each thread has a unique:
Thread ID
set of registers, stack pointer
stack for local variables, return addresses
signal mask
priority
Return value: errno
Few things to note about threading are:Thread are most effective on multi-processor or multi-core systems.
For thread – only one process/thread table and one scheduler is needed.
All threads within a process share the same address space.
A thread does not maintain a list of created threads, nor does it know the thread that created it.
Threads reduce overhead by sharing fundamental parts.
Threads are more effective in memory management because they uses the same memory block of the parent instead of creating new.
Pitfalls in threads:
Race conditions: The big loss with threads is that there is no natural protection from having multiple threads working on the same data at the same time without knowing that others are messing with it. This is called race condition. While the code may appear on the screen in the order you wish the code to execute, threads are scheduled by the operating system and are executed at random. It cannot be assumed that threads are executed in the order they are created. They may also execute at different speeds. When threads are executing (racing to complete) they may give unexpected results (race condition). Mutexes and joins must be utilized to achieve a predictable execution order and outcome.
Thread safe code: The threaded routines must call functions which are “thread safe”. This means that there are no static or global variables which other threads may clobber or read assuming single threaded operation. If static or global variables are used then mutexes must be applied or the functions must be re-written to avoid the use of these variables. In C, local variables are dynamically allocated on the stack. Therefore, any function that does not use static data or other shared resources is thread-safe. Thread-unsafe functions may be used by only one thread at a time in a program and the uniqueness of the thread must be ensured. Many non-reentrant functions return a pointer to static data. This can be avoided by returning dynamically allocated data or using caller-provided storage. An example of a non-thread safe function is strtok which is also not re-entrant. The “thread safe” version is the re-entrant version strtok_r.
Advantages in threads:Threads share the same memory space hence sharing data between them is really faster means inter-process communication (IPC) is real fast.
If properly designed and implemented threads give you more speed because there aint any process level context switching in a multi threaded application.
Threads are really fast to start and terminate.
Some of the applications in which threading is used are: MySQL, Firebird, Apache2, MySQL 323
FAQs:1. Which should i use in my application ?
Ans: That depends on a lot of factors. Forking is more heavy-weight than threading, and have a higher startup and shutdown cost. Interprocess communication (IPC) is also harder and slower than interthread communication. Actually threads really win the race when it comes to inter communication. Conversely, whereas if a thread crashes, it takes down all of the other threads in the process, and if a thread has a buffer overrun, it opens up a security hole in all of the threads.
which would share the same address space with the parent process and they only needed a reduced context switch, which would make the context switch more efficient.
2. Which one is better, threading or forking ?
Ans: That is something which totally depends on what you are looking for. Still to answer, In a contemporary Linux (2.6.x) there is not much difference in performance between a context switch of a process/forking compared to a thread (only the MMU stuff is additional for the thread). There is the issue with the shared address space, which means that a faulty pointer in a thread can corrupt memory of the parent process or another thread within the same address space.
3. What kinds of things should be threaded or multitasked?
Ans: If you are a programmer and would like to take advantage of multithreading, the natural question is what parts of the program should/ should not be threaded. Here are a few rules of thumb (if you say “yes” to these, have fun!):
Are there groups of lengthy operations that don’t necessarily depend on other processing (like painting a window, printing a document, responding to a mouse-click, calculating a spreadsheet column, signal handling, etc.)?
Will there be few locks on data (the amount of shared data is identifiable and “small”)?
Are you prepared to worry about locking (mutually excluding data regions from other threads), deadlocks (a condition where two COEs have locked data that other is trying to get) and race conditions (a nasty, intractable problem where data is not locked properly and gets corrupted through threaded reads & writes)?
Could the task be broken into various “responsibilities”? E.g. Could one thread handle the signals, another handle GUI stuff, etc.?
Conclusions:- Whether you have to use threading or forking, totally depends on the requirement of your application.
- Threads more powerful than events, but power is not something which is always needed.
- Threads are much harder to program than forking, so only for experts.
- Use threads mostly for performance-critical applications.
Tuesday, December 20, 2011
Orphan Process
What is Orphan Process?It’s a pretty much common question asked in most of the interviews related to Linux, and most of the time people got it confused with Zombie Process. But these two are totally different from each other. An Orphan Process is nearly the same thing which we see in real world. Orphan means someone whose parents are dead. The same way Orphan process is a process, whose parents are dead, that means parents are either terminated, killed or exited but the child process is still alive.
In Linux/Unix like operating systems, as soon as parents of any process are dead, re-parenting occurs, automatically. Re-parenting means processes whose parents are dead, means Orphaned processes, are immediately adopted by special process “init”. Thing to notice here is that even after re-parenting, the process still remains Orphan as the parent which created the process is dead,
Reasons for Orphan Processes:
A process can be orphaned either intentionally or unintentionally. Sometime a parent process exits/terminates or crashes leaving the child process still running, and then they become orphan processes.
Also, a process can be intentionally orphaned just to keep it running. For example when you need to run a job in the background which don’t need any manual intervention and going to take long time, then you detach it from user session and leave it there. Same way, when you need to run a process in the background for infinite time, you need to do the same thing. Processes running in the background like this are known as daemon process.
At the same time, when a client connects to a remote server and initiated a process, and due to some reason the client crashes unexpectedly, the process on the server becomes Orphan.
Finding a Orphan Process:
It’s very easy to spot a Orphan process. Orphan process is a user process, which is having init (process id – 1) as parent. You can use this command in linux to find the Orphan processes.
# ps -elf | head -1; ps -elf | awk '{if ($5 == 1 && $3 != "root") {print $0}}' | headThis will show you all the
orphan processes running in your system. The output from this command confirms that they are Orphan processes but doesn’t mean that they are all useless, so confirm from some other source also before killing them.
Killing a Orphan Process:
As orphaned processes waste server resources, so it’s not advised to have lots of orphan processes running into the system. To kill a orphan process is same as killing a normal process.
# kill -15 <PID>If that don’t work then simply use
# kill -9 <PID>
FAQs:Q. Is Orphan process different from an Zombie process ?
A. Yes, Orphan process are totally different from Zombie processes. Zombie processes are the ones which are not alive but still have entry in parent table. For more details, please refer to — Zombie Processes.
Q. Are Orphan processes harmful for system ?
A. Yes. Orphan processes take resources while they are in the system, and can potentially leave a server starved for resources. Having too many Orphan processes will overload the init process and can hang-up a Linux system. We can say that a normal user who has access to your Linux server is capable to easily kill your Linux server in a minute.
In Linux/Unix like operating systems, as soon as parents of any process are dead, re-parenting occurs, automatically. Re-parenting means processes whose parents are dead, means Orphaned processes, are immediately adopted by special process “init”. Thing to notice here is that even after re-parenting, the process still remains Orphan as the parent which created the process is dead,
Reasons for Orphan Processes:
A process can be orphaned either intentionally or unintentionally. Sometime a parent process exits/terminates or crashes leaving the child process still running, and then they become orphan processes.
Also, a process can be intentionally orphaned just to keep it running. For example when you need to run a job in the background which don’t need any manual intervention and going to take long time, then you detach it from user session and leave it there. Same way, when you need to run a process in the background for infinite time, you need to do the same thing. Processes running in the background like this are known as daemon process.
At the same time, when a client connects to a remote server and initiated a process, and due to some reason the client crashes unexpectedly, the process on the server becomes Orphan.
Finding a Orphan Process:
It’s very easy to spot a Orphan process. Orphan process is a user process, which is having init (process id – 1) as parent. You can use this command in linux to find the Orphan processes.
# ps -elf | head -1; ps -elf | awk '{if ($5 == 1 && $3 != "root") {print $0}}' | headThis will show you all the
orphan processes running in your system. The output from this command confirms that they are Orphan processes but doesn’t mean that they are all useless, so confirm from some other source also before killing them.
Killing a Orphan Process:
As orphaned processes waste server resources, so it’s not advised to have lots of orphan processes running into the system. To kill a orphan process is same as killing a normal process.
# kill -15 <PID>If that don’t work then simply use
# kill -9 <PID>
FAQs:Q. Is Orphan process different from an Zombie process ?
A. Yes, Orphan process are totally different from Zombie processes. Zombie processes are the ones which are not alive but still have entry in parent table. For more details, please refer to — Zombie Processes.
Q. Are Orphan processes harmful for system ?
A. Yes. Orphan processes take resources while they are in the system, and can potentially leave a server starved for resources. Having too many Orphan processes will overload the init process and can hang-up a Linux system. We can say that a normal user who has access to your Linux server is capable to easily kill your Linux server in a minute.
Zombie Process
What is a Zombie Process ?
It’s a pretty much common question asked in most of the interviews related to Linux, and most of the time people got it confused with Orphan Process. But these two are totally different from each other. A Zombie Process is nearly the same thing which we see in lot of horror movies. Like the dead people which don’t have any life force left, Zombie processes are the dead processes sitting in the process table and doing nothing.
To explain this in much better way, “Zombie process or defunct process is a process that have completed the execution, have released all the resources (CPU, memory) but still had an entry in the process table.”
Reasons of Zombie Process:
Most of the time, the reason for existence of Zombie process is bad coding. Normally, when a child (subprocess) finishes it’s task and exits, then it’s parent is suppose to use the “wait” system call and get the status of the process. So, until the parent process don’t check for the child’s exit status, the process is a
Zombie process, but it usually is very small duration. But if due to any reason (bad programming or a bug), the parent process didn’t check the status of the child and don’t call “wait”, the child process stays in the state of Zombie waiting for parent to check it’s status.
Finding Zombie processes:
To check whether you have any Zombie processes in your system, simply run linux command line utility “top”. It shows the number of zombie processes at the upper-right side of its output.
At the same time, you can use one more command to check that
# ps aux
All the processes which are having “z” in their Stat column are Zombie processes.
Killing a Zombie Process:
Well, before taking any decision of killing the Zombie process, you should wait, as it is possible that the parent process is intentionally leaving the process in a zombie state to ensure that future children that it may create will not receive the same pid. Or perhaps the parent is occupied, and will reap the child process momentarily.
If that didn’t happen then you can send a SIGCHLD signal to the parent process of zombie which will instruct parents to reap their zombie children.
# kill -s SIGCHLD <PPID>Even if this don’t work, then the last option you will have is to kill the parent process. You can easily find out the parent’s process ID with this command:
# ps aux -eo ppid | grep <Zombie Process ID>
# kill -9 <PPID>So when a Zombie process loses it’s parent process, it becomes orphan and adopted by “init”. Init periodically executes the wait system call to reap any zombies with init as parent.
FAQs:
Q. Why I can’t kill a Zombie process with “kill” command ?
A. Zombie process is already dead, so killing them with “kill -9″ won’t help at all.
Q. Is it bad to have Zombie processes on your system ?
A. Well, as Zombie processes are not taking any resources of your system, leaving a small entry in process table, it’s not at all harmful to have Zombie processes in your system, but it may hurt you sometime under heavy load. So, it’s always better not to have them.
Q. I am seeing a lots of Zombie processes around in my system, what could be the reason ?
A. If this is the case then you are using some code/software in your system which is having a lot of bugs or not properly written. Look for something like that and fix it.
Q. Is Zombie process different from an Orphan process ?
A. Yes, Zombie is something which is already dead, but Orphan processes are those whose parents are dead.
It’s a pretty much common question asked in most of the interviews related to Linux, and most of the time people got it confused with Orphan Process. But these two are totally different from each other. A Zombie Process is nearly the same thing which we see in lot of horror movies. Like the dead people which don’t have any life force left, Zombie processes are the dead processes sitting in the process table and doing nothing.
To explain this in much better way, “Zombie process or defunct process is a process that have completed the execution, have released all the resources (CPU, memory) but still had an entry in the process table.”
Reasons of Zombie Process:
Most of the time, the reason for existence of Zombie process is bad coding. Normally, when a child (subprocess) finishes it’s task and exits, then it’s parent is suppose to use the “wait” system call and get the status of the process. So, until the parent process don’t check for the child’s exit status, the process is a
Zombie process, but it usually is very small duration. But if due to any reason (bad programming or a bug), the parent process didn’t check the status of the child and don’t call “wait”, the child process stays in the state of Zombie waiting for parent to check it’s status.
Finding Zombie processes:
To check whether you have any Zombie processes in your system, simply run linux command line utility “top”. It shows the number of zombie processes at the upper-right side of its output.
At the same time, you can use one more command to check that
# ps aux
All the processes which are having “z” in their Stat column are Zombie processes.
Killing a Zombie Process:
Well, before taking any decision of killing the Zombie process, you should wait, as it is possible that the parent process is intentionally leaving the process in a zombie state to ensure that future children that it may create will not receive the same pid. Or perhaps the parent is occupied, and will reap the child process momentarily.
If that didn’t happen then you can send a SIGCHLD signal to the parent process of zombie which will instruct parents to reap their zombie children.
# kill -s SIGCHLD <PPID>Even if this don’t work, then the last option you will have is to kill the parent process. You can easily find out the parent’s process ID with this command:
# ps aux -eo ppid | grep <Zombie Process ID>
# kill -9 <PPID>So when a Zombie process loses it’s parent process, it becomes orphan and adopted by “init”. Init periodically executes the wait system call to reap any zombies with init as parent.
FAQs:
Q. Why I can’t kill a Zombie process with “kill” command ?
A. Zombie process is already dead, so killing them with “kill -9″ won’t help at all.
Q. Is it bad to have Zombie processes on your system ?
A. Well, as Zombie processes are not taking any resources of your system, leaving a small entry in process table, it’s not at all harmful to have Zombie processes in your system, but it may hurt you sometime under heavy load. So, it’s always better not to have them.
Q. I am seeing a lots of Zombie processes around in my system, what could be the reason ?
A. If this is the case then you are using some code/software in your system which is having a lot of bugs or not properly written. Look for something like that and fix it.
Q. Is Zombie process different from an Orphan process ?
A. Yes, Zombie is something which is already dead, but Orphan processes are those whose parents are dead.
Friday, November 25, 2011
How many minimum drives are required to create R5 ( RAID 5) ?
You need to have at least 3 disk drives to create R5.
What is the difference between RAID 0, RAID 1 and RAID 5?
RAID 0 => Plain striping typically with 24kb, 54kb or 128kb stripe size
RAID 1 => Mirroring
RAID 5 => Stripping with parity
RAID 1 => Mirroring
RAID 5 => Stripping with parity
What are some attacks against FCP?
Node Name / Port Name spoofing at Port Login time
Source Port ID spoofing on dataless FCP commands
Snooping and spoofing on FC-AL
Snooping and Spoofing after Fabric reconfiguration
Denial of Service attacks can be made in User mode
Source Port ID spoofing on dataless FCP commands
Snooping and spoofing on FC-AL
Snooping and Spoofing after Fabric reconfiguration
Denial of Service attacks can be made in User mode
What are the classes of attacks against SANs?
Snooping: Mallory reads data Alice sent to Bob in private
Allows access to data
Spoofing: Mallory fools Alice into thinking that he is Bob
Allows access to or destruction of data
Denial of Service: Mallory crashes or floods Bob or Alice
Reduces availability
Allows access to data
Spoofing: Mallory fools Alice into thinking that he is Bob
Allows access to or destruction of data
Denial of Service: Mallory crashes or floods Bob or Alice
Reduces availability
What is LUN masking?
LUN (Logical Unit Number) Masking is an authorization process that makes a LUN available to some hosts and unavailable to other hosts.
LUN Masking is implemented primarily at the HBA (Host Bus Adapater) level. LUN Masking implemented at this level is vulnerable to any attack that compromises the HBA.
Some storage controllers also support LUN Masking.
LUN Masking is important because Windows based servers attempt to write volume labels to all available LUN's. This can render the LUN's unusable by other operating systems and can result in data loss.
LUN Masking is implemented primarily at the HBA (Host Bus Adapater) level. LUN Masking implemented at this level is vulnerable to any attack that compromises the HBA.
Some storage controllers also support LUN Masking.
LUN Masking is important because Windows based servers attempt to write volume labels to all available LUN's. This can render the LUN's unusable by other operating systems and can result in data loss.
What are different levels of zoning?
Different Levels of Zoning:
a) Port Level zoning
b) WWN Level zoning
c) Device Level zoning
d) Protocol Level zoning
e) LUN Level zoning
What is the different between mirroring, Routing and multipathing?
Redundancy Functions Relationships Role
Mirroring Generates 2 i/os to 2 storage targets Creates 2 copies of data
Routing Determined by switches independent of SCSI Recreates n/w route after a failure
Multipathing Two initiator to one target Selects the LUN initiator pair to use
Mirroring Generates 2 i/os to 2 storage targets Creates 2 copies of data
Routing Determined by switches independent of SCSI Recreates n/w route after a failure
Multipathing Two initiator to one target Selects the LUN initiator pair to use
What is a HBA?
A HBA, or Host Bus Adapter, is the interface card which connects a host to a SAN (Storage Area Network).
A HBA could be more accurately referred to as a "Host I/O controller"
A HBA could be more accurately referred to as a "Host I/O controller"
What is SAN File System?
A SAN file system (that is, a storage area network file system) is programming that enables the sharing of the same copies of files stored on common storage media among multiple servers that may have different operating systems. Without a SAN file system, although different servers may share common storage media (using virtualization approaches), they cannot share the same files. A SAN file system simplifies and streamlines SAN management, minimizes storage and retrieval time, optimizes the use of storage resources, allows network components to be scaled individually, and eliminates the need for storage redundancy.
The SAN programming consists of a client on each server that is written especially for the operating platform used by that server. To create or write to a file, the client makes a request to a common metadata server which controls traffic in the SAN. Once access is granted, a server can access the file without having to go through the metadata server, ensuring that most I/O will not be degraded in performance.
The SAN programming consists of a client on each server that is written especially for the operating platform used by that server. To create or write to a file, the client makes a request to a common metadata server which controls traffic in the SAN. Once access is granted, a server can access the file without having to go through the metadata server, ensuring that most I/O will not be degraded in performance.
What is SAN Routing?
SAN (storage area network) routing is a technology used for interconnecting SAN islands (separately designated logical portions of a storage area network) within a larger network. The technology allows communication between authorized devices and programs in different SAN islands, but maintains their autonomy. SAN routing was first developed by Nishan Systems, now known as McData Corporation.
In SAN routing, connection between ports is terminated at each SAN island. This ensures that transactions can be carried out without the danger that problems at any single SAN island will spread to others. The probability of a major network disruption is thereby minimized. Problems can be isolated and resolved quickly. SAN routing also eliminates confusion if addresses overlap between SAN islands in the context of a larger network.
SAN routing is scalable, making it possible to build a large, evolving, and geographically diverse SAN while ensuring stability and interoperability. The technology is ideally suited for remote storage in enterprises having numerous sites in widely separated locations.
In SAN routing, connection between ports is terminated at each SAN island. This ensures that transactions can be carried out without the danger that problems at any single SAN island will spread to others. The probability of a major network disruption is thereby minimized. Problems can be isolated and resolved quickly. SAN routing also eliminates confusion if addresses overlap between SAN islands in the context of a larger network.
SAN routing is scalable, making it possible to build a large, evolving, and geographically diverse SAN while ensuring stability and interoperability. The technology is ideally suited for remote storage in enterprises having numerous sites in widely separated locations.
What is iSCSI? and how it works ?
iSCSI stands for internet SCSI, or internet Small Computer Systems Interface.
iSCSI is the transmission of SCSI commands and data over IP networks.
When an application attempts to read from an iSCSI device, the SCSI read command is encapsulated inside an IP packet. The IP packet is then routed just like any other IP packet on the network. When the IP packet reaches its destination, the encapsulation is stripped off and the SCSI read command is interpreted by the iSCSI drive.
iSCSI is the transmission of SCSI commands and data over IP networks.
When an application attempts to read from an iSCSI device, the SCSI read command is encapsulated inside an IP packet. The IP packet is then routed just like any other IP packet on the network. When the IP packet reaches its destination, the encapsulation is stripped off and the SCSI read command is interpreted by the iSCSI drive.
What is a World Wide Name (WWN)?
A World Wide Name, or WWN, is a 64-bit address used in fiber channel networks to uniquely identify each element in a Fiber Channel network.
Soft Zoning utilizes World Wide Names to assign security permissions.
The use of World Wide Names for security purposes is inherently insecure, because the World Wide Name of a device is a user-configurable parameter.
For example, to change the World Wide Name (WWN) of an Emulex HBA, the users simply needs to run the `elxcfg` command.
Soft Zoning utilizes World Wide Names to assign security permissions.
The use of World Wide Names for security purposes is inherently insecure, because the World Wide Name of a device is a user-configurable parameter.
For example, to change the World Wide Name (WWN) of an Emulex HBA, the users simply needs to run the `elxcfg` command.
What is WWN zoning?
WWN zoning uses name servers in the switches to either allow or block access to particular World Wide Names (WWNs) in the fabric.
A major advantage of WWN zoning is the ability to recable the fabric without having to redo the zone information.
WWN zoning is susceptible to unauthorized access, as the zone can be bypassed if an attacker is able to spoof the World Wide Name of an authorized HBA.
A major advantage of WWN zoning is the ability to recable the fabric without having to redo the zone information.
WWN zoning is susceptible to unauthorized access, as the zone can be bypassed if an attacker is able to spoof the World Wide Name of an authorized HBA.
What is port zoning?
Port zoning utilizes physical ports to define security zones. A users access to data is determined by what physical port he or she is connected to.
With port zoning, zone information must be updated every time a user changes switch ports. In addition, port zoning does not allow zones to overlap.
Port zoning is normally implemented using hard zoning, but could also be implemented using soft zoning.
With port zoning, zone information must be updated every time a user changes switch ports. In addition, port zoning does not allow zones to overlap.
Port zoning is normally implemented using hard zoning, but could also be implemented using soft zoning.
What are hard and soft zoning?
Hard zoning is zoning which is implemented in hardware. Soft zoning is zoning which is implemented in software.
Hard zoning physically blocks access to a zone from any device outside of the zone.
Soft zoning uses filtering implemented in fibre channel switches to prevent ports from being seen from outside of their assigned zones. The security vulnerability in soft zoning is that the ports are still accessible if the user in another zone correctly guesses the fibre channel address.
Here is the pros and cons of zoning:
1) Soft Zoning 2) Hard Zoning 3) Broadcast Zoning
Soft Zoning : Soft zoning uses the name server to enforce zoning. The World Wide Name (WWN) of the elements enforces the configuration policy.
Pros:- Administrators can move devices to different switch ports without manually reconfiguring
zoning. This is major flexibility to administrator. You don't need to change once you create zone set for particular device connected on switch. You create a zone set on switch and allocate storage to host. You can change any port for device connectivity
Cons:- Devices might be able to spoof the WWN and access otherwise restricted resources.
- Device WWN changes, such as the installation of a new Host Bus Adapter (HBA) card, require
policy modifications.
- Because the switch does not control data transfers, it cannot prevent incompatible HBA
devices from bypassing the Name Server and talking directly to hosts.
Hard Zoning: - Hard Zoning uses the physical fabric port number of a switch to create zones and enforce the policy.
Pros:- This system is easier to create and manage than a long list of element WWNs.
- Switch hardware enforces data transfers and ensures that no traffic goes between
unauthorized zone members.
- Hard zoning provides stronger enforcement of the policy (assuming physical security on the
switch is well established).
Cons:- Moving devices to different switch ports requires policy modifications.
Broadcast Zoning: · Broadcast Zoning has many unique characteristics:
- This traffic allows only one broadcast zone per fabric.
- It isolates broadcast traffic.
- It is hardware-enforced.
If you ask me how to choose the zoning type then it is based on SAN requirement in your data center environment. But port zoning is more secure but you have to be sure that device is not going to change otherwise every time you change in storage allocation you have to modify your zoning.
Generally use in industry is soft zoning but as i have mentioned soft zoning has many cos. So, it is hard to say which one you should use always. So, analyze your datacenter environment and use proper zoning.
Broadcast zoning uses in large environment where are various fabric domain.
Having said that Zoning can be enforced either port number or WWN number but not both.
Hard zoning physically blocks access to a zone from any device outside of the zone.
Soft zoning uses filtering implemented in fibre channel switches to prevent ports from being seen from outside of their assigned zones. The security vulnerability in soft zoning is that the ports are still accessible if the user in another zone correctly guesses the fibre channel address.
Here is the pros and cons of zoning:
1) Soft Zoning 2) Hard Zoning 3) Broadcast Zoning
Soft Zoning : Soft zoning uses the name server to enforce zoning. The World Wide Name (WWN) of the elements enforces the configuration policy.
Pros:- Administrators can move devices to different switch ports without manually reconfiguring
zoning. This is major flexibility to administrator. You don't need to change once you create zone set for particular device connected on switch. You create a zone set on switch and allocate storage to host. You can change any port for device connectivity
Cons:- Devices might be able to spoof the WWN and access otherwise restricted resources.
- Device WWN changes, such as the installation of a new Host Bus Adapter (HBA) card, require
policy modifications.
- Because the switch does not control data transfers, it cannot prevent incompatible HBA
devices from bypassing the Name Server and talking directly to hosts.
Hard Zoning: - Hard Zoning uses the physical fabric port number of a switch to create zones and enforce the policy.
Pros:- This system is easier to create and manage than a long list of element WWNs.
- Switch hardware enforces data transfers and ensures that no traffic goes between
unauthorized zone members.
- Hard zoning provides stronger enforcement of the policy (assuming physical security on the
switch is well established).
Cons:- Moving devices to different switch ports requires policy modifications.
Broadcast Zoning: · Broadcast Zoning has many unique characteristics:
- This traffic allows only one broadcast zone per fabric.
- It isolates broadcast traffic.
- It is hardware-enforced.
If you ask me how to choose the zoning type then it is based on SAN requirement in your data center environment. But port zoning is more secure but you have to be sure that device is not going to change otherwise every time you change in storage allocation you have to modify your zoning.
Generally use in industry is soft zoning but as i have mentioned soft zoning has many cos. So, it is hard to say which one you should use always. So, analyze your datacenter environment and use proper zoning.
Broadcast zoning uses in large environment where are various fabric domain.
Having said that Zoning can be enforced either port number or WWN number but not both.
What is SAN zoning?
Zoning is nothing but map of host to device to device connectivity is overlaid on the storage networking fabric, reducing the risk of unauthorized access.
SAN zoning is a method of arranging Fibre Channel devices into logical groups over the physical configuration of the fabric.
SAN zoning may be utilized to implement compartmentalization of data for security purposes.
Each device in a SAN may be placed into multiple zones.
SAN zoning is a method of arranging Fibre Channel devices into logical groups over the physical configuration of the fabric.
SAN zoning may be utilized to implement compartmentalization of data for security purposes.
Each device in a SAN may be placed into multiple zones.
Thursday, November 24, 2011
Linux Kernel Compilation
How to: Compile Linux kernel
Compiling Cutom Kernel is Fun activity. Serially Its own advantages and disadvantages.
However, Beginner / sometimes admin find it difficult to compile Linux kernel. Compilation needs to be understand before typing any command.
Here is the steps by step Information:
Step # 1 Download the Latest Linux kernel tar ball.
#cd /home/shihora/
#wget http://www.kernel.org/pub/linux/kernel/v2.6/linux-x.y.z.tar.bz2
Step # 2 Extract tar file
# tar -xjvf linux-x.y.z.tar.bz2 -C /usr/src
# cd /usr/src
Step # 3 Configure kernel
Before you configure kernel make sure you have development tools (gcc compilers and related tools) are installed on your system.
# yum install gcc
Now you can start kernel configuration by typing any one of the command:
# make menuconfig - Text based color menus, radiolists & dialogs. This option also useful on remote server if you wanna compile kernel remotely.
# make xconfig - X windows (Qt) based configuration tool, works best under KDE desktop
For example make menuconfig command launches following screen:
# make menuconfig
You have to select different options as per your need. Each configuration option has HELP button associated with it so select help button to get help.
Step # 4 Compile kernel
Start compiling to create a compressed kernel image, enter:
#make
Start compiling to kernel modules:
#make modules
Install kernel modules (become a root user, use su command):
#su -
#make modules_install
Step # 5 Install kernel
So far we have compiled kernel and installed kernel modules. It is time to install kernel itself.
# make install
It will install three files into /boot directory as well as modification to your kernel grub configuration file:
System.map-x.y.z
config-x.y.z
vmlinuz-x.y.z
Step # 6: Create an initrd image
Type the following command at a shell prompt:
# cd /boot
# mkinitrd -o initrd.img-x.y.z x.y.z
initrd images contains device driver which needed to load rest of the operating system later on.
Step # 7 Modify Grub configuration file - /boot/grub/menu.lst
Open below file using vi:
# vi /boot/grub/menu.lst
title Debian GNU/Linux, kernel 2.6.25 Default
root (hd0,0)
kernel /boot/vmlinuz root=/dev/hdb1 ro
initrd /boot/initrd.img-2.6.25
Remember to setup correct root=/dev/hdXX device. Save and close the file.
Step # 8 : Reboot computer and boot into your new kernel
# reboot
Thats it Guys .. Isn't it fun activity :)
Compiling Cutom Kernel is Fun activity. Serially Its own advantages and disadvantages.
However, Beginner / sometimes admin find it difficult to compile Linux kernel. Compilation needs to be understand before typing any command.
Here is the steps by step Information:
Step # 1 Download the Latest Linux kernel tar ball.
#cd /home/shihora/
#wget http://www.kernel.org/pub/linux/kernel/v2.6/linux-x.y.z.tar.bz2
Step # 2 Extract tar file
# tar -xjvf linux-x.y.z.tar.bz2 -C /usr/src
# cd /usr/src
Step # 3 Configure kernel
Before you configure kernel make sure you have development tools (gcc compilers and related tools) are installed on your system.
# yum install gcc
Now you can start kernel configuration by typing any one of the command:
# make menuconfig - Text based color menus, radiolists & dialogs. This option also useful on remote server if you wanna compile kernel remotely.
# make xconfig - X windows (Qt) based configuration tool, works best under KDE desktop
For example make menuconfig command launches following screen:
# make menuconfig
You have to select different options as per your need. Each configuration option has HELP button associated with it so select help button to get help.
Step # 4 Compile kernel
Start compiling to create a compressed kernel image, enter:
#make
Start compiling to kernel modules:
#make modules
Install kernel modules (become a root user, use su command):
#su -
#make modules_install
Step # 5 Install kernel
So far we have compiled kernel and installed kernel modules. It is time to install kernel itself.
# make install
It will install three files into /boot directory as well as modification to your kernel grub configuration file:
System.map-x.y.z
config-x.y.z
vmlinuz-x.y.z
Step # 6: Create an initrd image
Type the following command at a shell prompt:
# cd /boot
# mkinitrd -o initrd.img-x.y.z x.y.z
initrd images contains device driver which needed to load rest of the operating system later on.
Step # 7 Modify Grub configuration file - /boot/grub/menu.lst
Open below file using vi:
# vi /boot/grub/menu.lst
title Debian GNU/Linux, kernel 2.6.25 Default
root (hd0,0)
kernel /boot/vmlinuz root=/dev/hdb1 ro
initrd /boot/initrd.img-2.6.25
Remember to setup correct root=/dev/hdXX device. Save and close the file.
Step # 8 : Reboot computer and boot into your new kernel
# reboot
Thats it Guys .. Isn't it fun activity :)
Linux Process Management
System Processes:
The basic Linux monitoring commands such as ps -auxww and pstree and also top will inform you of the processes running on your system. Sometimes a process must be terminated. To terminate a process:
1.First Identify the process:
#ps -eaf | grep "programe name"
or
#pstree -p
or
#ps -auxw
or
#top
2.Kill the process:
#kill <process-id-number>
#killall <command-name>
This will perform an gracefully shutdown of the process. If it unresponsive and not killed then give a stronger signal with:
kill -9 <process-id-number>.
This method is not as good and thus less preferred.
A signal may be given to the process.
To restart a process after updating it's configuration file, issue the command kill -HUP <process-id-number>
This means the software was written to trap for the signal so that it could respond to it. If the software (command) is not written to respond to a particular signal, then the sending of the signal to the process is futile.
How you can Identify all known signals: fuser -l or kill -l
IPCs: Semaphores, Shared Memory and Queues
In Linux World, some processes may use Linux InterProcess Communication or IPC (semaphores, shared memory or queues) which may need to be cleaned up manually:
1.How to Identify the semaphores:
ipcs -q
ipcs -m
ipcs -s
-q - it Lists Share Queues
-m - Shared Memory
-s - List Semaphores
2.Remove the semaphores:
ipcrm -s <ipcs id>
Through Lsof Process Management
lsof - Shows number of Processes attached to open files or open network ports:
The command lsof shows a list of processes attached to open files or network ports.
Syntax:
lsof filename:
#lsof /var/log/mailman/qrunnerpython
- The process attached to an open file can be killed using the command fuser -ki filename
- List all open files on system: lsof
- List all files opened by user: lsof -u user-id
- The commands netstat -patnu and socklist(FreeBSD command) will list open network connections.
Use the command lsof -i TCP:port-number to see the processes attached to the port.
For Example:
# lsof -i TCP:389
The basic Linux monitoring commands such as ps -auxww and pstree and also top will inform you of the processes running on your system. Sometimes a process must be terminated. To terminate a process:
1.First Identify the process:
#ps -eaf | grep "programe name"
or
#pstree -p
or
#ps -auxw
or
#top
2.Kill the process:
#kill <process-id-number>
#killall <command-name>
This will perform an gracefully shutdown of the process. If it unresponsive and not killed then give a stronger signal with:
kill -9 <process-id-number>.
This method is not as good and thus less preferred.
A signal may be given to the process.
To restart a process after updating it's configuration file, issue the command kill -HUP <process-id-number>
This means the software was written to trap for the signal so that it could respond to it. If the software (command) is not written to respond to a particular signal, then the sending of the signal to the process is futile.
How you can Identify all known signals: fuser -l or kill -l
IPCs: Semaphores, Shared Memory and Queues
In Linux World, some processes may use Linux InterProcess Communication or IPC (semaphores, shared memory or queues) which may need to be cleaned up manually:
1.How to Identify the semaphores:
ipcs -q
ipcs -m
ipcs -s
-q - it Lists Share Queues
-m - Shared Memory
-s - List Semaphores
2.Remove the semaphores:
ipcrm -s <ipcs id>
Through Lsof Process Management
lsof - Shows number of Processes attached to open files or open network ports:
The command lsof shows a list of processes attached to open files or network ports.
Syntax:
lsof filename:
#lsof /var/log/mailman/qrunnerpython
- The process attached to an open file can be killed using the command fuser -ki filename
- List all open files on system: lsof
- List all files opened by user: lsof -u user-id
- The commands netstat -patnu and socklist(FreeBSD command) will list open network connections.
Use the command lsof -i TCP:port-number to see the processes attached to the port.
For Example:
# lsof -i TCP:389
Linux Memory Interpreting - free/vmstat
Interpreting Free
To see how much memory you are currently using, run free -m or free -mt. It will provide output like:Free Command: Display Memory Size in MB #free -m total used free shared buffers cached
Mem: 751 626 126 0 36 336
-/+ buffers/cache: 255 497
Swap: 957 0 957Displays a line containing the totals memory in MB:#free -m -t total used free shared buffers cached
Mem: 751 626 126 0 36 336
-/+ buffers/cache: 254 497
Swap: 957 0 957
Total: 1708 626 1083
The key used figure to look at is the buffers/cache row used value. This is how much space your applications are currently using. For best performance, this number should be less than your total memory.
To prevent out of memory errors, it needs to be less than the total memory and swap space.
If you wish to quickly see how much memory is free look at the buffers/cache row free value. This is the total memory - the actual used . vmstat Command:
Linux Commands to Monitor Memory Usage:
top Show top processes
sar -B Show statistics on page swapping.
vmstat Monitor virtual memory
free Display amount of free and used memory in the system. (Also: cat /proc/meminfo)
pmap Display/examine memory map and libraries (so). Usage: pmap pid
cat /proc/sys/vm/freepages Display virtual memory "free pages".
cat /proc/meminfo Show memory size and usage.
How to Setup Password-less SSH Using Public - Private Keys
This HOWTO is a step-by-step guide for configuring and using password-less SSH service on Linux systems and is intended for a technical audience only.
The term “password-less” means that SSH authentication is carried out by using public and private keys. Using public/private key authentication with SSH enables SSH logins without requiring passwords interactively and this is known as SSH key authentication.
You need to generate a pair of public/private keys on your client system. In order to generate public/private keys on your client system use the ssh-keygen program within a terminal as shown below.
[shihora@linuxhungrymind ~]$ ssh-keygen -t dsaGenerating public/private dsa key pair.
Enter file in which to save the key (/home/shihora/.ssh/id_dsa):
Created directory '/home/shihora/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/shihora/.ssh/id_dsa.
Your public key has been saved in /home/shihora/.ssh/id_dsa.pub.
The key fingerprint is:
D2:0e: ad: 54:e7:c2: 2e: 51:cb: cd: 7b: 68:db: 19:d3: 6e shihora@linuxhungrymind
After you have created the public/private key pairs on your client machine, you need to copy the newly created public key to the server.
scp ~shihora/.ssh/id_dsa.pub username@AnotherLinuxHungryMindServer:~username/.ssh/authorized_keys2
cat id_dsa.pub >> authorized_keys2
Certainly, you don’t want normal system users to alter the server’s authorized_keys2 file.
$ chmod 600 authorized_keys
After performing these operations you are done! Your server is ready to accept SSH connections from your client without requesting a password.
The term “password-less” means that SSH authentication is carried out by using public and private keys. Using public/private key authentication with SSH enables SSH logins without requiring passwords interactively and this is known as SSH key authentication.
You need to generate a pair of public/private keys on your client system. In order to generate public/private keys on your client system use the ssh-keygen program within a terminal as shown below.
[shihora@linuxhungrymind ~]$ ssh-keygen -t dsaGenerating public/private dsa key pair.
Enter file in which to save the key (/home/shihora/.ssh/id_dsa):
Created directory '/home/shihora/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/shihora/.ssh/id_dsa.
Your public key has been saved in /home/shihora/.ssh/id_dsa.pub.
The key fingerprint is:
D2:0e: ad: 54:e7:c2: 2e: 51:cb: cd: 7b: 68:db: 19:d3: 6e shihora@linuxhungrymind
After you have created the public/private key pairs on your client machine, you need to copy the newly created public key to the server.
scp ~shihora/.ssh/id_dsa.pub username@AnotherLinuxHungryMindServer:~username/.ssh/authorized_keys2
cat id_dsa.pub >> authorized_keys2
Certainly, you don’t want normal system users to alter the server’s authorized_keys2 file.
$ chmod 600 authorized_keys
After performing these operations you are done! Your server is ready to accept SSH connections from your client without requesting a password.
PAM PassPhrase Policy Implementation
Here are the step by step information:
To make every user on system choose strong passwords, in order to minimize hacking risks, one can implement the passphrase policy using below instructions.
Download “pam_passwdqc” module from given link.
FTP the downloaded file “pam_passwdqc-1.0.2.tar.gz” to linux server in any directory of your choice.
Unzip and untar the same. It will generate in “pam_passwdqc-1.0.2” directory.
Enter into that directory and execute following commands.
make
make install
This will generate the “pam_passwdqc.so” binary file and copy the same into /lib/security.
Change directory to /etc/pam.d and backup the original “system-auth” file.
Open “system-auth” file using vi editor and uncomment following line.
password required /lib/security/$ISA/pam_cracklib.so retry=3 type=
And insert following line in place of old line.
password required /lib/security/$ISA/pam_passwdqc.so
Wednesday, November 23, 2011
Alternative of "ls" command
What if your "ls" binary get corrupted ? Is there any alternative of "ls" command. The Answer is "YES"
echo Does ls
Did you know that echo can list out a directory much like the ls command? The shell you use must understand globbing in order for this to work. The formatting of the information that results is really the only difference between the two. An output of ls yields a single or multiple column listing. When echo is used, the files are all spaced one right after the other.
% cd /usr
% ls *
bin etc games include java kerberos lib libexec local man nsh openv sbin share src tmp X11R6
% echo *
bin etc games include java kerberos lib libexec local man nsh openv sbin share src tmp X11R6
In looking at the examples for the two commands, you can see right away that echo doesn't output any of the file description labels. The real ls command won't display the file description labels either. These labels help to identify the type of files, which are directories (/), soft links (@), or executables (*).
So why do they show up on the ls command? These description labels appear when the -F argument is passed to ls. A lot of vendors and admins like to set an alias entry in the user startup login scripts as a convenience to help identify what the files are. Check the login script that you are using—.login, .profile, .cshrc, or .alias—and you will see an entry similar to
alias ls ls -CF
Reasons
There might come a time when you will not be able to use the ls command. It might not even be accessible from miniroot. Script writing is easier without having to unalias the ls command all the time. Using echo displays a clean list of files within a given directory.
Real World Experience
Hard system crashes or drives dying can bring systems down to the point where filesystems are so corrupted that they are unable to mount. When this occurs, at times the only way to see the system files is to use echo for displaying the files and directories.
In writing scripts for users or for the system, you never know whether the account that the script runs under has spurious alias definitions. Some users and admins can get creative with their aliases and pass multiple commands or pipe several commands together within an alias entry. To avoid having to set an unalias in your scripts, use the echo command. Here are some examples where echo might be used within scripts.
A variable definition:
list=`echo *`
To pass files through a loop:
for $list in `echo *`
do
source code
done
echo Does ls
Did you know that echo can list out a directory much like the ls command? The shell you use must understand globbing in order for this to work. The formatting of the information that results is really the only difference between the two. An output of ls yields a single or multiple column listing. When echo is used, the files are all spaced one right after the other.
% cd /usr
% ls *
bin etc games include java kerberos lib libexec local man nsh openv sbin share src tmp X11R6
% echo *
bin etc games include java kerberos lib libexec local man nsh openv sbin share src tmp X11R6
In looking at the examples for the two commands, you can see right away that echo doesn't output any of the file description labels. The real ls command won't display the file description labels either. These labels help to identify the type of files, which are directories (/), soft links (@), or executables (*).
So why do they show up on the ls command? These description labels appear when the -F argument is passed to ls. A lot of vendors and admins like to set an alias entry in the user startup login scripts as a convenience to help identify what the files are. Check the login script that you are using—.login, .profile, .cshrc, or .alias—and you will see an entry similar to
alias ls ls -CF
Reasons
There might come a time when you will not be able to use the ls command. It might not even be accessible from miniroot. Script writing is easier without having to unalias the ls command all the time. Using echo displays a clean list of files within a given directory.
Real World Experience
Hard system crashes or drives dying can bring systems down to the point where filesystems are so corrupted that they are unable to mount. When this occurs, at times the only way to see the system files is to use echo for displaying the files and directories.
In writing scripts for users or for the system, you never know whether the account that the script runs under has spurious alias definitions. Some users and admins can get creative with their aliases and pass multiple commands or pipe several commands together within an alias entry. To avoid having to set an unalias in your scripts, use the echo command. Here are some examples where echo might be used within scripts.
A variable definition:
list=`echo *`
To pass files through a loop:
for $list in `echo *`
do
source code
done
Swap on-the-fly
Swap on-the-Fly
If you find that, after you have installed UNIX on your system, you still need more swap space, it is an easy thing to accomplish. Create a swap file and make it active.
Syntax:
mkfile size[m] filename
The main command for adding swap on the fly is mkfile. This command is simple to use, so adding swap on the fly is easy. After you determine that you need more swap and you have found an underutilized disk that can help balance the disk I/O, you're ready.
# mkfile 200m /disk2/swap_500MB
This mkfile command creates a 500MB swap file in the /disk2 partition. The only step left is to turn the swap file into active swap for the system. Depending on your flavor of UNIX, this is achieved in the following ways:
# swap -a /disk2/swap_500MB
# swapon -a /disk2/swap_500MB
This uses the swap only for the length of time that the system is up. If you reboot or shut down the system for any reason, the swap file is still there, but it is no longer active. The swap or swapon command must be executed again.
To hardcode the swap file into the system so that it is always activated when the system comes up, place an entry in the filesystem table by editing the filesystem table on your system. This file will be called /etc/fstab or /etc/vfstab.
Add the following line to the filesystem table:
/disk2/swap_500M swap swap rw 0 0
Reason
It used to be that the fastest disk I/O was only on the system drive. With the speed of today's SCSI buses and fiber channels, creating the device swap only on the system disk is not really necessary anymore. It is now easy to put swap anywhere on a system, but with that comes the necessity to balance the disk I/O to get the maximum amount of performance out of the system.
Real World Experience
Sometimes a user calls complaining that the applications they are running take up too much of the system's resources. If this happens and you determine that lack of swap space is the problem, let the user know how concerned you are and that you want to fix it on the spot. By adding more swap on-the-fly for the user while you have him on the phone, it looks like you're pulling some kind usable space out of thin air. This simple feat can make you look pretty good in the user's eyes.
If you find that, after you have installed UNIX on your system, you still need more swap space, it is an easy thing to accomplish. Create a swap file and make it active.
Syntax:
mkfile size[m] filename
The main command for adding swap on the fly is mkfile. This command is simple to use, so adding swap on the fly is easy. After you determine that you need more swap and you have found an underutilized disk that can help balance the disk I/O, you're ready.
# mkfile 200m /disk2/swap_500MB
This mkfile command creates a 500MB swap file in the /disk2 partition. The only step left is to turn the swap file into active swap for the system. Depending on your flavor of UNIX, this is achieved in the following ways:
# swap -a /disk2/swap_500MB
# swapon -a /disk2/swap_500MB
This uses the swap only for the length of time that the system is up. If you reboot or shut down the system for any reason, the swap file is still there, but it is no longer active. The swap or swapon command must be executed again.
To hardcode the swap file into the system so that it is always activated when the system comes up, place an entry in the filesystem table by editing the filesystem table on your system. This file will be called /etc/fstab or /etc/vfstab.
Add the following line to the filesystem table:
/disk2/swap_500M swap swap rw 0 0
Reason
It used to be that the fastest disk I/O was only on the system drive. With the speed of today's SCSI buses and fiber channels, creating the device swap only on the system disk is not really necessary anymore. It is now easy to put swap anywhere on a system, but with that comes the necessity to balance the disk I/O to get the maximum amount of performance out of the system.
Real World Experience
Sometimes a user calls complaining that the applications they are running take up too much of the system's resources. If this happens and you determine that lack of swap space is the problem, let the user know how concerned you are and that you want to fix it on the spot. By adding more swap on-the-fly for the user while you have him on the phone, it looks like you're pulling some kind usable space out of thin air. This simple feat can make you look pretty good in the user's eyes.
fuser Instead of ps
Here is an alternative way to get the process ID (PID) of a particular process. The fuser command is more reliable and can be quicker than ps.
/bin/csh: 1485t 1106t
/bin/csh: 1485t 1106t
The fuser command outputs the PIDs of all processes that are currently opened under the named file. If a named directory is passed through fuser, the PIDs of all the processes that have a file or files open for reading in that directory are displayed. The files passed must be fully qualified in order for the command to function properly. If they are not, the proper syntax is displayed on standard output.
There is one caveat to using this command. You must have read access to /dev/kmem and /dev/mem. This is because fuser takes an actual snapshot of the system image that is found in these character devices at the time it is executed.
# fuser /bin/csh
/bin/csh: 1485t 1106t
The t at the end of the each PID denotes that these processes have their own executable text segment that is open.
The fuser command has an option (-k) that can be passed to send a kill signal to the PID. So, to kill all the csh processes, execute the following simple command:
# fuser -k /bin/csh
/bin/csh: 1485t 1106t
This replaces the following set of commands you would use a number of times throughout the day:
# ps -ef | grep ksh
root 1484 1485 1 17:54:02 pts/1 0:00 /bin/ksh
root 1116 1117 1 17:54:16 pts/1 0:00 grep ksh
root 1090 1091 0 Aug 09 pts/2 0:00 /bin/ksh
# kill 1484 1090
If multiple processes are associated with a particular process that you run within your environment, you can easily write a script to kill the application and all the daemons associated with it.
Suppose an application lives in /sbin called bsr. It has several daemons that run independently from bsr, such as bsrqqd, bsrexecd, and bsrojbd. You can write a quick-and-dirty script to kill the entire application by using fuser:
#! /bin/sh
fuser -k /sbin/ls
fuser -k /sbin/bsrqq
Line 1: Define the shell to use.
Lines 3–6: Find the process of the file running and kill its process.
Reason
Using fuser is simple, to the point, and very efficient. It can be time consuming to pick from hundreds of processes on larger servers that might or might not relate to the process you are trying to kill or gather information on. This single command quickly gathers information and kills the PID, if necessary, on request. It is a very useful command for an administrator.
Real World Experience
I have become accustomed to using this command for killing predetermined processes. I have several scripts similar to the one described in place to kill off various user applications, X sessions, and shells, among other things. On a remote system defined as a trusted host, it is nice to be able to execute a remote shell and kill processes quickly without having to log in to the remote machine. To the user it appears as though you have killed processes without even logging in to the system: it's magic to them!
/usr/sbin/fuser /bin/csh
Linux Boot Process for interview
Linux Boot process for interview
"Our target is to load the OS"
1. Power on
2. ROM loads BIOS into the RAM - Boot strapping
3. POST - it does the "Hardware Inventory" on the system
4. CMOS, it will give the current bootable devices.
5. BIOS read first 512 bytes of HDD and its called MBR
6. 446 - BS, 64 PT and 2 bytes for Magic number.
7. Now BIOS examine the PT table to find out the Active Partition.
8. Loads whatever it finds in the first sector of the AP aka BS.
9. Now BIOS loads the first stage boot loader called LILO which is there in the BS of the MBR and put there at install time.
10. The fist stage boot loader has one purpose in life is to load the 2nd stage boot loader.
11. Now 1st stage boot loader request BIOS for CHS# of /boot/boot.b.
12. BIOS load this 2nd stage boot loader.
13. The 2nd stage boot loader now loads the balance contents of BS into the RAM.
14. Here it will go through the LILO.conf file and follows the instruction given there.
Prompt: It requests BIOS for an Int 13h and gives it the CHS # of the /boot/message file
which BIOS promptly fetches and the 2nd stage BL executes - This is the splash screen
15. after the timeout and default is Linux kernel then the 2nd stage boot loader - /boot/boot.b - loads the Linux kernel in the RAM
16. Now the 2nd-stage wishes to load the kernel, as instructed by the binary-format lilo.conf after timing out or whatever the user chooses.
But there's a problem !!
The Linux kernel is on the HDD /boot partition!!
And the 2nd-stage LILO BL has no idea how to access the HDD
Why ? Because of
The HDD drivers - /dev/hda... are in /dev on the HDD
and to access it the 2nd stage BL requires the file /dev/hda which once again is itself on the HDD !!
17. The 2nd stage BL has no choice but to use the BIOS as its HDD device driver to access the HDD at boot time.
After all that's where the kernel is [/boot/vmlinuz-2.4.20-8] !!
18. The 2nd stage BL once again requests BIOS - Int 13h fn 2 - for the CHS # of the
/boot/map file, which BIOS loads
22. The 2nd stage loader now examines this /boot/map and extracts the CHS # inside it - which was put there by the BL installer - anaconda - and /sbin/lilo - and requests BIOS once more to load whatever is there in that CHS # address
23. BIOS then loads the Linux kernel /boot/vmlinuz-2.4.20-8 into the RAM and hands it to the 2nd stage BL
24. The 2nd stage BL uncompress this file and fills the memory with kernel mem structures which can be seen in the /proc virtual file system
The Linux OS is ready and running!! Kernel Land is ready!!
Now it turns to user land....
25. Now Linux Kernel is in the RAM and more powerful than the 2nd stage BL. It takes over total control from it and makes yet another BIOS call Int 13h fn 2 for the file
/boot/initrd-2.4.20-8.img
26. It uncompress it in RAM and creates a mini-FS as can be seen by mounting initrd
image.
27. Note that the HDD driver is available now; Hence the kernel executes the "linuxrc" script which mounts the "root" partition in R/O mode and loads the /sbin/init* program into RAM
The Userland Part of Linux is now started by the /sbin/init daemon
Next Part !!! If you like the above Kernel Part ..please comment will post remaining part !!
Tuesday, November 22, 2011
LVM Command’s description
pvcreate - Create physical volume from a hard drive
vgcreate - Create logical volume group from one or more physical volumes
vgextend - Add a physical volume to an existing volume group
vgreduce - Remove a physical volume from a volume group
lvcreate - Create a logical volume from available space in the volume group
lvextend - Extend the size of a logical volume from free physical extents in the logical volume group
lvremove - Remove a logical volume from a logical volume group, after unmounting it
vgdisplay - Show properties of existing volume group
lvdisplay - Show properties of existing logical volumes
pvscan - Show properties of existing physical volumes
Difference between Linux and UNIX ?
For me the main difference between Linux and UNIX is - Free v/s Money.
UNIX is money oriented product that BIG companies uses :)
IBM AIX and Sun Solaris and HP-UX all are UNIX operating systems.
Most UNIX systems are commercial in nature.
Linux compliance the POSIX standards so it cab also be considered as UNIX.
In Linux world, Linux is nothing but just a kernel. The open communitiy makes distribution based
on this kernel and gives different name to market their identity.
Linux is Free. Few distribution is freely available via internet.
Linux is user-friendly. It makes it easy to install sound card, flash players, and other desktop goodies
Linux comes with firewall - iptalbes/ipchains(older version of firewall)
Linux comes with Backup and Recovery software.
Linux supports ext2,3,4, ResierFS File Systems where as UNIX has different file system depends on the distro.
Distro has different Startup scripts location:Linux - /etc/init.d/
AIX - /etc/rc.d/init.d/
Solaris - /etc/init.d/
HP-UX - /sbin/init.d/
SUSE - /etc/rc.d/init.d/
UNIX distro: 1) Oracle Solaris
2) HP-UX
3) IBM AIX
4) Mac OS
Linux Distro: 1) Redhat
2) Fedora
3) SUSE
4) Ubuntu
5) Debian
UNIX is money oriented product that BIG companies uses :)
IBM AIX and Sun Solaris and HP-UX all are UNIX operating systems.
Most UNIX systems are commercial in nature.
Linux compliance the POSIX standards so it cab also be considered as UNIX.
In Linux world, Linux is nothing but just a kernel. The open communitiy makes distribution based
on this kernel and gives different name to market their identity.
Linux is Free. Few distribution is freely available via internet.
Linux is user-friendly. It makes it easy to install sound card, flash players, and other desktop goodies
Linux comes with firewall - iptalbes/ipchains(older version of firewall)
Linux comes with Backup and Recovery software.
Linux supports ext2,3,4, ResierFS File Systems where as UNIX has different file system depends on the distro.
Distro has different Startup scripts location:Linux - /etc/init.d/
AIX - /etc/rc.d/init.d/
Solaris - /etc/init.d/
HP-UX - /sbin/init.d/
SUSE - /etc/rc.d/init.d/
UNIX distro: 1) Oracle Solaris
2) HP-UX
3) IBM AIX
4) Mac OS
Linux Distro: 1) Redhat
2) Fedora
3) SUSE
4) Ubuntu
5) Debian
Tip 25: Just don't grep grep
A useful tool in scripting is the "grep" function. This program will find a string in a file. It is often used also to find if a process is running:
ps ax | grep sendmail
That command will find if sendmail is running. The problem is that you might end up with an other entry for this command. Because you grep for "sendmail", you may well end up with this command showing because the "sendmail" string is in the command line. To avoid that, you can use the -v flag to grep:
ps ax | grep sendmail | grep -v grep
That command will find all the lines in the current process list that have the "sendmail" string in it, and will remove the lines containing the string "grep".
Tip 24: How to compile C code ?
The command Called "gcc" and "cc" does this for you.
Just have simple C code in one file and save it as filename.c.
gcc -o myprogram myprogram.c
You will see newly file created as "myprogram"
Thats it !!
Just have simple C code in one file and save it as filename.c.
gcc -o myprogram myprogram.c
You will see newly file created as "myprogram"
Thats it !!
Tips 23: Who owns this port ?
Several utilities exist to check which ports are open, who is connected to your system and even what process owns a port number.
First a few ground rules. Ports below 1024 are reserved for common services, and only root can use them.
Standard port numbers can be found in /etc/services. The maximum number of ports is 65k, so you have more than enough Internet ports for all your services.
Here are some useful utilities. Netstat is a command that will list both the open ports and who is connected to your system. You should run it like this:
netstat -an | more
This way you can find out who is connected to which service.
Another interesting command is the fuser program. This program can tell you which user and process owns a
port. For example, the following command will tell you who owns port 6000:
fuser -v -n tcp 6000
First a few ground rules. Ports below 1024 are reserved for common services, and only root can use them.
Standard port numbers can be found in /etc/services. The maximum number of ports is 65k, so you have more than enough Internet ports for all your services.
Here are some useful utilities. Netstat is a command that will list both the open ports and who is connected to your system. You should run it like this:
netstat -an | more
This way you can find out who is connected to which service.
Another interesting command is the fuser program. This program can tell you which user and process owns a
port. For example, the following command will tell you who owns port 6000:
fuser -v -n tcp 6000
Tips 22: Alternative to Telnet Command ?
Telnet is a protocol allowing you to connect to a remote system and run programs and commands on that system. It is very old and still very much in use today.
Unfortunately, a telnet client sends the user password as clear text, and the connection is not encrypted. On the other hand, a program called ssh exists that can replace both telnet and ftp in a secure, encrypted way.
SSH stands for Secure Shell. It will encrypt each connection with a random key, so that it is impossible or at least very hard for a third party to decrypt the connection and find the password, or spy on you.
Unfortunately, a telnet client sends the user password as clear text, and the connection is not encrypted. On the other hand, a program called ssh exists that can replace both telnet and ftp in a secure, encrypted way.
SSH stands for Secure Shell. It will encrypt each connection with a random key, so that it is impossible or at least very hard for a third party to decrypt the connection and find the password, or spy on you.
Tips 21: How to secure your webserver ?
E-commerce is becoming very popular on the Internet. Companies will often pay thousands of dollars for commercial packages to deliver secure content to customers on the Web. You can setup one of the most popular Web servers, Apache, running on Linux and serving secure content, for free.To setup Apache to deliver secure content, you will need to get a cryptographic package called OpenSSL, based on the SSLeay library. The place to start is at http://www.apache-ssl.org/. From there, you can download the needed patches to make Apache into a secure web server.
Detailed instructions are available in the packages, but here is a quick step-by-step guide:
- First, you need to download 3 packages: Apache itself, the corresponding Apache-SSL patch and OpenSSL.
- Then you need to patch the Apache distribution and compile the SSL library.
- After editing the configuration file in the Apache directory, and setting the right paths and libraries to use, you can compile Apache and then create a test certificate.
- All you have to do now is install Apache and configure it to use your test certificate.
- Then you need to patch the Apache distribution and compile the SSL library.
- After editing the configuration file in the Apache directory, and setting the right paths and libraries to use, you can compile Apache and then create a test certificate.
- All you have to do now is install Apache and configure it to use your test certificate.
Note that while Apache and the SSLeay libray are free, you may need to pay to get signed certificates from commercial companies. Also, due to export laws in various countries, you may want to check your local laws before using any encrypting product.
Tips 20: How to access Remote File Systems ?
SMB is the most popular protocol to access Windows systems. But from the Unix world comes NFS. NFS is a way to share files that predates SMB and Samba, and comes compiled in most Linux distributions. To enable file sharing, you must have the nfsd and mountd daemons running. You also need to add the IPs of the systems you want to allow in /etc/exports.
To access remote file systems, you simply mount them like local hard drives. To mount /usr/files from 11.12.13.14 into /mnt/files, simply type:
mount -tnfs 1.2.3.4:/usr/files /mnt/files
The -tnfs parameter may be omited.
Tips 19: Display below commands output in IP rather hostname ?
These commands were all given the -n flag and will display only IP addresses.
When dealing with networking issues, it often helps to be able to use only IP addresses rather than hostnames. Why? For 2 reasons. First, the name server might not always be available if routing is being changed. And most important, you may not have the time to wait for all the IP resolving to be done.
Fortunately, many networking utilities in Linux share a common option flag. The -n flag. It will allow you to make the utility display IP addresses rather than hostnames. Here are a few examples:
Fortunately, many networking utilities in Linux share a common option flag. The -n flag. It will allow you to make the utility display IP addresses rather than hostnames. Here are a few examples:
netstat -anp
traceroute 11.12.13.14 -n
arp -n -a -i eth1 -a proxy
Tips 18: How to browse website from Linux command line ?
When you try to access a Web site, or any remote site, you need to specify the full hostname. This means the machine name plus the domain name:
lynx mahes.com
If you have a few domain names that you access a lot, you can make your life easier. You can edit /etc/resolv.conf and add the domains there:
server DNSSERVERNAME
This means that the system will search in those domains for hostnames. From now on type:
lynx mahes.com
Tips 17: How to change file permissions ?
To change a file's permissions, you need to use a program called chmod. With that command you can change one or multiple file permissions. Here are a few examples:
$ chmod 755 filename
$ ls -l filename
-rwxr-xr-x 1 root users 1656 Mar 22 00:27 filename
$ chmod 700 filename
$ ls -l filename
-rwx------ 1 root users 1656 Mar 22 00:27 filename
$ chmod 664 filename
$ ls -l filename
-rw-rw-r-- 1 root users 1656 Mar 22 00:27 filename
The numbers are based on the 3 types of permissions. Read = 4, write = 2 and execute = 1. A permission of 755 means the user will have read, write and execute permissions (4 + 2 + 1 = 7), and everyone else will have read and execute permissions (4 + 1 = 5).
$ chmod 755 filename
$ ls -l filename
-rwxr-xr-x 1 root users 1656 Mar 22 00:27 filename
$ chmod 700 filename
$ ls -l filename
-rwx------ 1 root users 1656 Mar 22 00:27 filename
$ chmod 664 filename
$ ls -l filename
-rw-rw-r-- 1 root users 1656 Mar 22 00:27 filename
The numbers are based on the 3 types of permissions. Read = 4, write = 2 and execute = 1. A permission of 755 means the user will have read, write and execute permissions (4 + 2 + 1 = 7), and everyone else will have read and execute permissions (4 + 1 = 5).
Tips 16: File Permissions
When you try to run a file it may refuse to work with an error like "Permission denied" and when you try to view another file it may also say that you don't have permission to view it. These all come down to file
permissions, a basic feature of Unix.
There are 3 types of permissions: read, write and execute. When you list files it will say which permission the files have:
ls -l file.dat
-rw-r--r-- 1 root users 1656 Mar 22 00:27 file.dat
The first part of that line is the permissions. They are, in order, the user permissions, the group permissions and others permissions, where r means read, w means write and x means execute. For this file, the user, root, has read and write permission (rw-), the group, users, can only read the file (r--) and everyone else can also only read the file (r--).
permissions, a basic feature of Unix.
There are 3 types of permissions: read, write and execute. When you list files it will say which permission the files have:
ls -l file.dat
-rw-r--r-- 1 root users 1656 Mar 22 00:27 file.dat
The first part of that line is the permissions. They are, in order, the user permissions, the group permissions and others permissions, where r means read, w means write and x means execute. For this file, the user, root, has read and write permission (rw-), the group, users, can only read the file (r--) and everyone else can also only read the file (r--).
Other letters may appear. The first letter is - for a normal file, d for a directory and c or b for a device. In place of x you may see a letter s. This means that when you start a program, it will run as its owner.
Tips 15: Remove space containing in filename file ?
File names in Linux can have many letters and numbers in them. Usualy, names should not have spaces in them, although Linux can deal with them. There are some characters that should not be used in files, like "/" and "~".
Some programs unfortunately will create strange looking file names, often as temporary files. Using the rm command, you should be able to remove them, but it may be hard when strange alphanumeric characters are used. Here are a few ways you should try to get rid of a file with a strange name:
- First you should try the following:
rm -f "file name"
- If this doesn't work you should try the console program mc.
- With graphical file managers, you should be able to pick an icon and remove it, regardless of the file name.
Some programs unfortunately will create strange looking file names, often as temporary files. Using the rm command, you should be able to remove them, but it may be hard when strange alphanumeric characters are used. Here are a few ways you should try to get rid of a file with a strange name:
- First you should try the following:
rm -f "file name"
- If this doesn't work you should try the console program mc.
- With graphical file managers, you should be able to pick an icon and remove it, regardless of the file name.
Tips 14: How to find Files on System ?
Find is a very useful and powerful utility. It is often used by system administration and in shell scripts. Here are 2 commands that might be useful:
find / -perm -4000 -print
This command will find every file on the system that is suid. This means that when you run it you will be running it as an other user. For example, traceroute is a utility that needs to be run as root. To allow users to run it, systems administrators will set it suid root so it will be run as root even if a user starts it. This can be useful, but can also be a big security risk if the utility has a security hole in it.
Here is another interesting command:
find / -atime +10 -print
This command will find all the files accessed more than 10 days ago. Commands like this one can be useful to find old files that need to be backuped or erased.
finally: man find
find / -perm -4000 -print
This command will find every file on the system that is suid. This means that when you run it you will be running it as an other user. For example, traceroute is a utility that needs to be run as root. To allow users to run it, systems administrators will set it suid root so it will be run as root even if a user starts it. This can be useful, but can also be a big security risk if the utility has a security hole in it.
Here is another interesting command:
find / -atime +10 -print
This command will find all the files accessed more than 10 days ago. Commands like this one can be useful to find old files that need to be backuped or erased.
finally: man find
Tips 13: Apache VirtualHosts
Apache, the popular Web server for Linux and Unix, allows you to domain virtual domainnames with multiple IP addresses. You can set one IP to each domainname. But what if you want to domain multiple domainnames on a single IP? Apache allows you to do it.
The trick is a single command that goes in the httpd.conf configuration file:
NameVirtualdomain 1.2.3.4
Replacing 1.2.3.4 with your real IP address, this will allow Apache to know on which IP it should serve the
virtual domainnames. Then you can add the virtual commands for every domainname you want to domain:
<Virtualdomain virtual.domain.com>
ServerAdmin webmaster@virtual.domain.com
DocumentRoot /home/httpd/virtual
ServerName virtual.domain.com
</Virtualdomain>
This will add virtual.domain.com in your list of virtual domains and serve the pages in /home/httpd/virtual. Of
course you need to have the actual virtual.domain.com domainname pointing to that system.
The trick is a single command that goes in the httpd.conf configuration file:
NameVirtualdomain 1.2.3.4
Replacing 1.2.3.4 with your real IP address, this will allow Apache to know on which IP it should serve the
virtual domainnames. Then you can add the virtual commands for every domainname you want to domain:
<Virtualdomain virtual.domain.com>
ServerAdmin webmaster@virtual.domain.com
DocumentRoot /home/httpd/virtual
ServerName virtual.domain.com
</Virtualdomain>
This will add virtual.domain.com in your list of virtual domains and serve the pages in /home/httpd/virtual. Of
course you need to have the actual virtual.domain.com domainname pointing to that system.
Tips: 12 How to run java programs in Linux ?
Java is an interpreted language. Usualy Java is found on the Web, in small programs called applets. But many Java applications exist. They are like applets, but require a Java Virtual Machine to run on your system. Netscape Communicator and any Java-enabled browser can run Java applets, but what if you want to run Java programs?
Java programs are files ending with .class and must be run in a JVM. The Java Development Kit comes with a JVM. What you need is the Linux port of the JDK. Once installed, you can run any Java application using the line:
java Program
Where java is the JVM, from the JDK package, and Program is the class found inside the Program.class file.
Note that you do not have to specify the .class part of the file to run it.
Tips: 11 Power OFF and Shutdown !!
Linux, like most other operating systems, must be shutdown in a specified manner. You can't turn the power off on a computer running Linux, or you may lose some data.
Here are the steps that need to be done when you want to shutdown:
- The operating system needs to stop all the running processes and logout the users.
- Various servers need to be shutdown in a proper way.
- All the mounted file systems need to be unmounted safely and unwritten data need to be stored on the disk.
The system can then be turned off safely.
To accomplish all these tasks, the shutdown command exists. That command has a lot of options, and you should explore them before trying anything at random. Another way to shutdown a Linux system is to set the runlevel to 0, the default shutdown level, with the init program.
Commands:
Shutdown -h now
Poweroff
init {0,1,2,3,4,5,6}
Here are the steps that need to be done when you want to shutdown:
- The operating system needs to stop all the running processes and logout the users.
- Various servers need to be shutdown in a proper way.
- All the mounted file systems need to be unmounted safely and unwritten data need to be stored on the disk.
The system can then be turned off safely.
To accomplish all these tasks, the shutdown command exists. That command has a lot of options, and you should explore them before trying anything at random. Another way to shutdown a Linux system is to set the runlevel to 0, the default shutdown level, with the init program.
Commands:
Shutdown -h now
Poweroff
init {0,1,2,3,4,5,6}
Tips 10: Can Linux run without a harddrive ?
Answer is YES.
Modern Linux distributions require around 100 megs to 200 megs of hard disk space to install. But is it
possible to run Linux on a system without a hard drive? Yes it is.
The Linux Router Project is a full-featured Linux distribution that fits on one diskette. It was made for
routers, and use modules to add the software packages you need, including DNS servers, Web servers, email and routing.
Ref: Linuxrouter.org
Tips 9: Famous File Systems
·
msdos: This is the FAT file system used by DOS.
·
vfat: This is the FAT32 file system used by Windows 95 and Windows 98.
·
ext2: This is the default Linux file system.· iso9660: This is the default CD-ROM format.
Tips 8: FTP ACL ?
FTP may be very useful, but must be configured correctly. It can allow people to log into their accounts, it can allow anonymous users to login to a public software directory, and it can display nice messages to them.
The files that you will probably want to modify are /etc/ftpusers and /etc/ftpaccess.
The file /etc/ftpusers is very simple. It lists the people that will not be allowed to use FTP to your system. The root account, and other system accounts should be in that file.
The file /etc/ftpaccess is a bit more complex and controls the behaviour of the FTP server. It tells it what to use as README file to display on a directory listing, what kind of logs to create and what messages to display.
Note that if you create an anonymous FTP area, you will need to read the FTP man page and do exactly what it tells you to avoid possible security risks.
Tips: 7 what is the Default boot mode ?
When a Linux system boots, it loads the kernel, all its drivers, and the networking servers, then the system will display a text login prompt. There, users can enter their user names and their passwords. But it doesn't have to boot this way.
There are 3 modes defined in most Linux distributions that can be used for booting. They are defined in
/etc/inittab and have specific numbers. The first mode, also called runlevel 1, is single user mode. That mode will only boot the system for 1 user, with no networking. Runlevel 3 is the default mode. It will load the networking servers and display a text login prompt. Runlevel 5 is the graphical mode. If you have X Window installed and configured, you can use it to display a graphical login prompt.
The way to change this is to edit /etc/inittab and change the initdefault line:
id:3:initdefault:
Changing a 3 to a 5 will make the system display a xdm graphical screen on bootup.
Tips: 6 what is the Default file permissions ?
When you create a file, the system gives it default permissions. On most systems the permissions are 755 (read, write and execute for the owner, and read and execute for others).
This default is setup with the umask command. To use the command, you need to find the right octal number to give it. The permissions in the umask are turned off from 666. This means that a umask of 022 will give you the default of 755. To change your default permissions from 755 to 700, you would use this command:
Tips: 5 how to allow normal users to run root's command ?
When a user starts a command, it runs with the permissions of that user. What if you want to allow them to run some commands with root permissions? You can, and that's called suid.
You can set a command to be suid root with the chmod command. This will make it run as root even if a user starts it. Here is how to set commandname suid root:
chmod +s /path/commandname
Note that you must be very careful with this option. If the command has any security hole, or allows the user to access other files or programs, the user could take over the root account and the whole system.
Tips: 4 How to allow user to mount the drives ?
By default, Linux does not allow users to mount drives. Only root can do it, and making the mount binary suid root is not a good idea. With a special command in the /etc/fstab file, you can change that.
This is a typical line for the fd0 (A:) drive in /etc/fstab:
/dev/fd0 /mnt auto noauto,user 1 1
The keywords here are noauto and user. Noauto tells mount not the try to mount a diskette on boot, and user allows any user to mount the drive into /mnt. The auto keyword is also interesting. It tells mount to try to find out which file system is on the diskette.
Tips: 3 How to create swap File ?
You are in a situation where you need more swap. what do you do - Reinstall ???
No et all,
The trick is to make a file and then tell the swapon program to use it. Here's how to create, for example, a 64 megs swap file on your root partition
dd if=/dev/zero of=/swapfile bs=1024 count=65536
This will make a 64 megs (about 68 millions bytes) file on your hard drive. You now need to initialize it:
mkswap /swapfile 65536
sync
And you can then add it to your swap pool:
swapon /swapfile
With that you have 64 megs of swap added. Don't forget to add the swapon command to your startup files so the command will be repeated at each reboot.
Tips: 2 Swap and memory
One of the most critical setting is Linux's swap space. During the installation, you will need to create a swap partition.
What size should the partition be?
It depends on 2 things:
The size of your hard drive and the size of your RAM memory.
The less RAM you have, the more swap you will need. Usually you will want to set your swap space size to be twice the RAM size, with a maximum of 126 megs. This of course requires you to have a hard drive with enough free space to create such a partition.
If you have 32 megs of RAM, making the swap space 64 megs or even 128 megs is very important. You will need it. If you have 128 megs of RAM on the other hand, you won't need much swap because the system will already have 128 megs to fill before using swap space. So a swap partition of 128 megs or even 32 megs could be enough.
Subscribe to:
Posts (Atom)