UNIX Operating System
Download
Report
Transcript UNIX Operating System
Agenda
Administrative Issues
Link of the Week
This Week’s Expected Outcomes
Points of interest
Moving around in UNIX
Break-Out Problems
Upcoming Deadlines
Hands-on Information
Lab Assistance, Questions, and Answers
Announcements
Announcements
No script logic for the Knoppix File System Lab
Assignment 11-1. View the links within the
course web site. If that isn’t enough, email or
call me.
Link of the week
File System
Search for the web site written by M. Tim
Jones ([email protected])
Anatomy of the Linux file system
The syntax used at this web site will be
useful when completing Lab Assignment 11-1.
These are “under the hood” commands used by
Graphical User Interfaces (GUI).
Link of the week
What is a UNIX-like File system?
A UNIX file system is a collection of files and
directories stored on hard disk. Each file system is
stored in a separate whole disk partition. The following
are some file systems:
/ - root file system contains files under several
directories including /sbin, /tmp, /var, and /dev
What makes up a file system?
User data - information contained in files
Metadata – information on the file system structure
such as inodes, directories, and superblock
UNIX Operating System
What are interrupt request (IRQ)?
It is a signal sent to the CPU instructing it to
suspend the current task and take care of the
external event such as an incoming signal on the
network line. On an x86 platform, the IRQ
number range is 0 to 15. On more modern
computers, including the x86-64 bit systems,
the interrupt number range is greater than 16.
Some interrupts are reserved for specific
purposes, such as the real-time clock and mouse,
while others have common uses and may be
reassigned.
UNIX Operating System
Bus designs
The Industry Standard Architecture (ISA)
bus design made sharing interrupts between two
devices difficult. Ideally, every device had it’s
own IRQ. After 2001, the ISA bus design
became non-existent.
The Peripheral Component Interconnect
(PCI) bus design made sharing interrupts a bit
easier, and devices frequently shared the same
IRQ.
UNIX Operating System
Bus Design
The /proc/interrupt file lists IRQs that are in
use by Linux, but Linux does not start using an
IRQ until the relevant driver is loaded.
In conclusion, IRQ conflicts rarely occur on
modern hardware, but they do occasionally
occur.
Demonstrate: cat /proc/interrupts
UNIX Operating System
I/O Addresses (I/O Ports)
These are unique locations in memory that
are reserved for communications between the
CPU and a specific hardware device(s). Like the
IRQs, the I/O addresses are associated with
specific hardware devices and are not shared.
Demonstrate: cat /proc/ioports
UNIX Operating System
Linux
device
Windows
IRQ
I/O Addr
/dev/tty50
COMP1
4
0x03f8
/dev/lp0
LPT1
7
0x0378
/dev/fd0
A;
6
0x03e0
UNIX Operating System
What is Direct Memory Addresses (DMA)?
DMA permits the device to transfer data directly
without the CPU mediating the transfer of data between
the device and memory. This method of
communications to I/O ports results in lower resource
usage of CPU and boosts the overall system
performance.
Demonstrate: cat /proc/dma
The output specifies the channels used to perform
this transfer. DMA addresses should not be shared, even
though DMA address conflicts occur fewer than IRQ
conflicts.
UNIX Operating System
Boot Disks
The order in which devices will be used
during the boot-up is the implementation of the
firmware.
The BIOS boot process starts by reading the
boot sector from a disk and executing that code.
The BIOS boot options are limited because the
user can only select the order in which different
boot devices are examined to find the boot
sector.
UNIX Operating System
Boot Disks
Under EFI, the boot-up procedure involves
reading a boot loader file from a file system on a
special partition known as the EFI System
Partition (ESP). This file can be a special default
name or registered in the computer’s NVRAM.
EFI computers offer an extended range of boot
options, involving both default boot loader files
from various devices and multiple boot loaders
on the computer’s hard disks. Some dated
implementations of EFI perform simple BIOSlike boot options.
UNIX Operating System
Boot Up Files
/etc/rc.d/rc.sysinit
This init script performs basic system configuration
which includes setting the system clock, hostname, and
keyboard mapping; setting up the swap partitions;
checking the remaining file system for errors; and
turning on the quota management.
/etc/rc.d/rc
This init script runs the scripts for the services that
need to be started when you first bring the system up
and that need to be started or stopped when the system
goes from single user mode to multiuser mode and back
down again.
UNIX Operating System
Boot Up Files
/etc/rc.d/init.d
This init.d directory contains shell rc scripts
and run via symbolic links in the /etc/rc.d/rcn.d
directories, where n is the runlevel the system is
entering.
/etc/rc.d/rc.local
This file is executed after the init scripts.
Commands can be placed in this file to
customize the system. These commands are best
suited to execute in the background and after the
initialization process completes.
UNIX Operating System
Boot Up Files
/etc/rc.d/rc1.d
This directory contains scripts that start and stop
during a specific run level. The following scripts
execute during run level one (1):
K10cups
K25sshd K50netdump K74nscd
K86nfslock K91isdn
S01sysstat
Notice the numbering from 00 to 99. This
numbering provides positioning of a script within the
whole scheme of execution.
UNIX Operating System
/etc/inittab file
/etc/inittab format (id:runlevel:action:process)
id is a unique sequence of 1-4 characters which identify
an entry in /etc/inittab
runlevel is a specific process level that action should
be taken
action describes which action should be performed
process specifies which process to be executed.
UNIX Operating System
Linux Network
The xinetd daemon has TCP Wrappers capabilities
built-in. TCP Wrapper is a security tool available on most
flavors of UNIX, AIX, HP-UX, Linux and Solaris
operating systems. TCP Wrapper is a lightweight
alternative to a firewall. Excellent tool for reducing CPU
usage. Real firewalls generally are CPU intensive.
TCP Wrapper is not widely known by system
administrators.
UNIX Operating System
Security
TCP Wrapper part of a client/server model. This
access control language defines rules that selectively
allow clients to access server daemons on a local
system based on the client’s address and the daemon the
client tries to access.
UNIX Operating System
Security
SELinux manage the kernel’s functionality
iptables is a packet filter. It monitors network
packets, and protocol types.
chroot jail creates a temporary root file system
UNIX Operating System
In general, every directory under the root
directory is on the root partition, unless it has a
separate entry in the full listing from df (or df -h with
no other options).
Every partition has its own file system. By
imagining all those file systems together, we can form
an idea of the tree-structure for the entire system. In a
file system, a file is represented by an inode, a kind of
serial number containing information about the actual
data that makes up the file: to whom this file belongs,
and where is it located on the hard disk.
UNIX Operating System
Every partition has its own set of inodes;
throughout a system with multiple partitions,
files with the same inode number can exist.
Why partition?
One of the goals of having different
partitions is to achieve higher data security in
case of disaster. By dividing the hard disk in
partitions, data can be grouped and separated.
When an accident occurs, only the data in the
partition that took the hit will be affected, and
the data on the other partitions will remain
intact.
UNIX Operating System
Linux File system ext3 includes journaling
capabilities that allows for faster recovery after
unexpected reboots.
Journaling reduces the amount of time
spent recovering a file system after a crash,
and is therefore in high demand in
environments where high availability is
important, not only to improve recovery times
on single machines but also to allow a crashed
machine's file system to be recovered on
another machine when we have a cluster of
nodes with a shared disk.
UNIX Operating System
Define file system with journaling
A file system with journaling is based on
the techniques used from real-time transaction
processing. A transaction log is used to store
transactions either in a designated file system
location or on a separate disk partition.
As changes are made to the file system,
metadata changes are recorded in the log and
writing entries in the log are done prior to
writing the actual buffers to disk.
UNIX Operating System
Linux file system with journaling
In the event of a system crash, the entries
in the log file remain intact and are replayed.
Maintaining this level of data integrity ensures
that the file system is in a constant state.
UNIX Operating System
/etc/passwd file
The /etc/passwd file is considered the user
database for the system.
The information contained in the
/etc/passwd file is useful for applications
running on the system to access.
In summary, the /etc/passwd file is located
under the system configuration and
executables directory. The /etc/passwd file is
the system’s master list of information about
user accounts.
UNIX Operating System
/etc/shadow file
The “X” in the /etc/passwd file password field indicates
that the shadow file contains the encrypted password.
Red Hat Linux uses MD5 by default.
Most Linux systems utilize MD5 as their encrypted
form.
MD5 requires 34 characters in encryption form.
MD5 begins with a dollar sign, number, and a dollar
sign (e.g. $1$ or $6$ …).
The shadow file is only readable by root.
In summary, the /etc/shadow file contains the
encoded passwords and password settings. The
/etc/shadow file contains all the guide lines that pertain
to the administration of the password.
UNIX Operating System
/etc/group file
In summary, the /etc/group file identifies a
collection of users who generally share similar
functions. These groupings are not limited to
departments or project.
UNIX Operating System
Managing Users
Adding a user to a computer involves
several steps before the user can actually log
in and perform user operations.
UNIX Operating System
Managing Users
Every user that intends to utilize a
computer must first gain access to that system,
then go through an initialization process found
under the user’s home directory. The new user
initialization process begins by reading and
executing the commands and environmental
variables found in the $HOME/.profile file or
.bash_profile. Normally, the .profile is run
automatically when you log into the system
and the user’s environment is set up silently.
Once the user is granted permission to access
the system, a shell is spawn to allow the user
to interact with the system.
UNIX Operating System
Managing Users
Display the ~dandrear/.profile
When adding a new user account to the
system, the administrator assigns the username
a user identification number (UID). The UID
is used internally by the system to identify
each user. Duplicating the UID causes the
accounts to share an identity in the system.
UNIX Operating System
Kernel functions in two ways
A responsive function is one where resource
allocation and process creation and management,
are initiated by requests from processes.
An autonomous function is the allocation of
memory and CPU, which are performed without
explicitly requested by a user process.
Daemon processes are started as part of the
boot process and run until the system is shut
down. Daemon processes can be associated with
a systems database applications, network , secure
terminal and file transfer, and scheduling tasks
UNIX Operating System
UNIX inetd Daemon
The UNIX inetd daemon may start the
telnetd to handle a telnet connection. Inetd
daemon may start the ftpd to handle an ftp
connection.
One daemon may start another; the UNIX
inetd daemon will accept a network connection
and then start another daemon to handle the
connection, based on the type of connection.
There are various processes in UNIX that are
not owned by a user, but exist to provide
services. These processes are often called
"daemons.“
UNIX Operating System
UNIX inetd Daemon
The inetd superserver runs continuously
listening for network connections. This type of
daemon is more susceptible to be system
breaches. Linux xinetd daemon
UNIX Operating System
Linux xinetd daemon
The Linus xinetd daemon is a more secure
replacement for the inetd superserver. The
xinetd superserver listens for network
connections. When a connection is made, it
launches a specific daemon and forwards the
data from the socket to the daemon’s standard
input. Basically, the xinetd superserver works
on-demand.
UNIX Operating System
Linux xinetd daemon
The xinetd daemon has TCP Wrappers
capabilities built-in.
TCP Wrapper is a security tool available
on most flavors of UNIX, AIX, HP-UX, Linux
and Solaris operating systems. TCP Wrapper is
a lightweight alternative to a firewall.
Excellent tool for reducing CPU usage. Real
firewalls generally are CPU intensive.
TCP Wrapper is not widely known by
system administrators.
UNIX Operating System
Linux Process States
Processes go through various process states
during their existence. These are transitory states
managed by the operating system (OS). The
specifics of these process states vary from one OS
to another, as well as state names.
Waiting (process scheduler - load from secondary
storage to main memory)
Executing (after a process is assigned a processor by
a short – term scheduler, context switch is
performed)
Stopped (The process has been stopped, usually by
receiving a signal. A process that is being
debugged can be in a stopped state or another task
is executing )
Zombie (This is a halted process for some reason.
Still has an entry in the task_struct data structure)
UNIX Operating System
UNIX Operating System
UNIX Operating System
A zombie process is one that has completed
execution but still has an entry in the process
table, allowing the process that started it to read
its exit status. Remember that a zombie is
already dead.
Processes marked <defunct> are dead
processes (so-called "zombies")
Locate a zombie process on cs.franklin.edu
Commands:
ps -aux
UNIX Operating System
Orphan process is a process whose parent
process has terminated or finished.
Characteristics of an orphan process:
The owner of an orphan process can kill that
process. Logging off your terminal will not
guarantee termination of your orphan.
An orphan process may continue to execute,
taking up system resources and slowing the
machine down for other users.
UNIX Operating System
Orphan process is a process whose parent
process has terminated or finished.
Characteristics of an orphan process:
If you notice slow performance on a machine and
you see an orphan process that doesn’t belong to you.
UNIX Operating System
Terminate orphan Processes
kill -3 8074
Signal the process with 8074 pid to “quit”
kill -1 8074
Signal the process with 8074 pid to
“hangup”
kill -9 8074
Signal the process with pid 8074 to be
“killed”
UNIX Operating System
NFS (Network File System)
In UNIX, the file system isn’t visible to the
user. The user doesn’t know or have a need to
keep track of the physical location of file(s)
like other file systems require. The root
directory, denoted by a forward slash (/) is the
central component of the file system. Other
directories can be attached (mounted) to the
root directory and utilized
UNIX Operating System
NFS (Network File System)
NFS is a file and directory sharing mechanism
native to Unix, HP-UX, and Linux. NFS is
simple to set up. On the server, you make an
entry in the /etc/exports file to enable its use
by the client. This is called sharing.
UNIX Operating System
NFS (Network File System)
In order to access host file systems or printers
using an NFS client, the file systems must be
exported. To export a file system or printer, it
must be added to the host /etc/exports file.
The exports file allows the administrator to
control the following access:
Which file systems are made available to
remote users
Which remote users can access each file
system
What access limitations the remote users have
to each exported file system
UNIX Operating System
NFS (Network File System)
The /etc/exports file contains an entry for each
directory that can be exported to NFS clients. This
file is read automatically by the exportfs command.
If you change this file, you must run the exportfs
command before the changes can affect the way the
daemon operates.
Only when this file is present during system
startup does the rc.nfs script execute the exportfs
command and start the nfsd and mountd daemons
UNIX Operating System
NFS (Network File System)
On the server, enter the following information to allow sharing:
/dir/to/export host1.mydomain.com(ro,root_squash)
/dir/to/export host2.mydomain.com(ro,root_squash)
/dir/to/export is the directory you want to export
host#.mydomain.com is the machine allowed to log in this
directory
The ro option mean mounting read-only
The root_squash option for not allowing root write access in this
directory
UNIX Operating System
NFS (Network File System)
Many supposed NFS problems are really problems
with the firewall. In order for your NFS server to
successfully serve NFS shares, its firewall must
enable the following:
ICMP Type 3 packets
Port 111, the Portmap daemon
Port 2049, NFS
The port(s) assigned to the mountd daemon
UNIX Operating System
Samba
Samba is the standard Windows interoperability suite
of programs for Linux and Unix.
The name Samba was derived from SMB (Server
Message Block), the protocol that is native method of
file and printer sharing for Windows.
As a server, Samba shares Linux files and printers
with Windows systems. As a client, Samba allows
Linux users access to files on Windows systems.
Samba has the capability to share files across
heterogeneous computing environments.
UNIX Operating System
Samba
For eighteen years, Samba has provided
secure, stable and fast file and print services
for all clients using the SMB/CIFS protocol,
such as all versions of DOS and Windows,
OS/2, Linux and many others.
UNIX Operating System
Samba
The Samba server uses UDP ports 137 and
138 and TCP ports 139 and 445. Normally,
openings in the firewall are needed during
installation.
Samba users must have the same username as
a Linux username or must map to a Linux
username. The username(s) that map a Linux
username are located in /etc/samba/smbusers file.
The record format is
linux_user_name = smb_user_name
UNIX Operating System
Windows uses its own passwords to enter
Samba, not Linux passwords. These passwords
are located in the /etc/samba/smbpasswd file.
Initially, when Samba is installed, this file does
not exist on the system. Each technique
described, allows the system administrator to
add users to smbusers and passwords to
smbpasswd. To map a password from a
Windows system to a Linux system, use the
command
smbpasswd –a smb_passwwd
UNIX Operating System
JumpStart Samba
To configure a Samba server, the systemconfig-samba utility best serves this basic need.
This tool is the best one to use if you’re not
familiar with Samba. The system-config-samba
utility performs three basic functions: configuring
the server, configuring users, and setting up
shares that are exported to the Windows system.
What is a share? It is a filesystem hierarchy that is
shared with another system using SMB. It is a
directory hierarchy that is exported from a Linux
system to a Windows system.
UNIX Operating System
Samba
The /etc/samba/smb.conf file controls a large portion of
how Samba works. The smb-config file is divided into
sections to specifically address certain sections. They
are as follows:
[globals]
Defines global parameters
[printers]
Defines printers
[homes]
Defines shares in the “homes”
directory. This share allows each
user’s home directory to be shared with specific
parameters.
[share name]
Defines a share
Comments: # or ;
Execute testparm to check whether the smb.conf file is
syntactically correct.
UNIX Operating System
HTML
HTML (Hyper Text Markup Language) is
a language used to create documents and the
World Wide Web.
HTML defines the structure and layout of
a Web document by using a variety of tags and
attributes.
The correct structure for an HTML
document starts with <HTML><HEAD>(enter
here what document is about)<BODY> and
ends with </BODY></HTML>. All the
information you'd like to include in your Web
page fits in between the <BODY> and
</BODY> tags.
UNIX Operating System
HTML
Common Gateway Interface (CGI)
It is a standard used for interfacing between
applications with information servers (Web
server).
CGI scripts execute in real-time and their
output is dynamic in content.
Scripts are designed to be executed from a
Web daemon that will transmit information to
another software facilitator (database engine),
and receive the results back again and display
them to the client.
UNIX Operating System
/etc/init.d/rc.d/crond is started automatically
when entering multi-user runlevel. Crond is a
daemon that executes scheduled commands.
/etc/crontab file is a file which contains the
schedule of entries to be run and at specified
times.
# Einstein /etc/crontab entries
01 * * * * root run-parts /etc/cron.hourly
02 4 * * * root run-parts /etc/cron.daily
22 4 * * 0 root run-parts /etc/cron.weekly
42 4 1 * * root run-parts /etc/cron.monthly
UNIX Operating System
Crontab format
* * * * * command to be executed
1 2 3 4 5
First *: min (0-59)
Second *: hour (0-23)
Third *: day of month (1-31)
Fourth *: month (1-12)
Fifth *: day of week (0-6) (Sunday=0)
Example: 40 18 * * * rm /export/home/someuser/*
UNIX Operating System
Crontab
Example:
0 1 5 10 * /path/to/script.sh >/dev/null 2>&1
0 1 5 10 * /path/to/script.sh &> /dev/null
UNIX Operating System
Crontab
/etc/cron.allow
/etc/cron.deny
crontab commands
crontab -e
Edit crontab file
crontab –l
Display your crontab file
crontab –r
Remove your crontab file
crontab –v
Display last time crontab was
edited.
UNIX Operating System
Full Backup
Full backup is the starting point for all
other types of backup and contains all the data
in the folders and files that are selected to be
backed up. Because full backup stores all files
and folders, frequent full backups result in
faster and simpler restore operations.
Remember that when you choose other backup
types, restore jobs may take longer.
UNIX Operating System
Differential backup
Differential backup contains all files that
have changed since the last FULL backup.
The advantage of a differential backup is that
it shortens restore time compared to a full
backup or an incremental backup. However, if
you perform the differential backup too many
times, the size of the differential backup might
grow to be larger than the baseline full
backup.
UNIX Operating System
Incremental backup
Incremental backup stores all files that
have changed since the last full, differential or
incremental backup. The advantage of an
incremental backup is that it takes the least
time to complete. However, during a restore
operation, each incremental backup must be
processed, which could result in a lengthy
restore job.
Demonstrate: mail sent from crontab
UNIX Operating System
Difference between exit 0 and exit (0)?
As far as the difference between exit,
exit(), and exit(0), there really is none. There is
definitely no difference between the first two
because exit is technically a language
construct, not a function, so it can be called
with or without parentheses, just like echo.
Returning a code of 0 means "this program ran
successfully/without errors",
UNIX Operating System
Points of interest
Computer networks also differ in their design.
The two basic forms of network design are called
client/server and peer-to-peer. Client-server networks
feature centralized server computers that store email,
Web pages, files and or applications. On a peer-to-peer
network, conversely, all computers tend to support the
same functions. Client-server networks are much more
common in business and peer-to-peer networks much
more common in homes.
Moving Around in UNIX
uptime
uname –n
uname –a
uname –r
Break-out problems
1)
2)
3)
What functionality does Samba provide?
List the different process states used on a
Linux system.
Explain the relationship between the
/etc/passwd file and the /etc/shadow file.
respawn
wait
ctrlaltdel
powerwait
initdefault
Hands on information
Lab Assignment 10-1, and 10-2
Account/LDAP/Process due July 13,
2014
Lab Assignment 11-1, Knoppix File
System Exercise due July 20, 2014
Lab Assignment 12-1, Programming
Assignment 2 due July 27, 2014
Module 6, contains study information
for weeks 10, 11, and 12.
After class assistance
Questions
Comments
Concerns
I
am available after this Franklin Live
session to discuss any problems and/or
concerns regarding the lab assignments
Lab Assistance available by phone
and/or email