Transcript Week_12 - Computing Sciences

Week Twelve Agenda
•Announcements
If you need to change your proctor, do it soon.
Final will have the same format as midterm – just
more questions and more time given.
•Link of the week
•Review week eleven lab assignment
•Week eleven expected outcomes
•Next lab assignment
•Upcoming deadlines
•Lab assistance
Link of the week
• Domain name registration Web site
http://www.godaddy.com
• Determine if a domain is currently in use.
http://www.pair.com/ or http://www.godaddy.com
• What is a domain name?
• What is the function of the Domain Name System?
• BIND (Berkley Internet Name Domain)
• What is meant by top level domain?
Link of the week
Top Level Domain (TLD)
•
•
•
•
•
•
•
•
gov – Government
edu – Educational
org – Organizations (nonprofit)
mil – Military
com – Commercial business
net – Network organizations
ca – Canada
th – Thailand
Link of the week
http://www.iana.org/cctld/cctld.htm
Iana - Internet Assigned Numbers Authority
Observe the Root Zone Database at the above Web site. It
represents the list of top-level domains.
Each country has an ISO (International Organization for
Standardization) country code designated as its domain
name.
The URL (Uniform Resource Locator) is also a hierarchy.
Its top-level domain name appears at the end, but is
read from left to right).
alpha.einstein.edu
beta.ca.mail2web.com
Link of the week
Next lab assignment
• Network Services
A variety of services available across a network
NFS
Remote login
Utilize a Web browser
• All network services rely on the ability to convert a host or domain name to
an IP address.
DNS are complex. The number of host names and IP addresses in the
Internet is very large.
DNS Local contains actual translations for the machines in its local
network
DNS Global contains more information about translations.
A single translation could involve several DNS before
resolving the IP address.
Review week eleven lab assignment
$HOME/.profile or .bash_profile
The $HOME/.profile file in your home directory is a collection of shell
commands that are executed whenever you login. The $HOME/.profile file
is used to set environment variables and shell options.
PATH – executable search path
- adding a directory either pre or post within PATH
variable
- set PATH for single user or all users umask – defaults:
umask 077
Alias - alias search=grep
TERM=vt100
export SHELL TERM EDITOR VISUAL MAIL PRINTER USER PS1
• Display available shells on system.
• Display current shell being utilized.
• Change to a different shell .
cat /etc/shells
echo $SHELL
chsh –s /bin/ksh
Review week eleven lab assignment
UNIX commands:
ps –s
ps –x
ps -aux | grep crond
nice
(view zombie processes)
(view only active processes)
(view crond executing)
(execute with modified scheduling
priority)
umask
(displays umask numeric values)
umask –S
(displays umask symbolic values)
fg (Resume job in the foreground, and make it the current job)
bg (Resume the suspended job in the background, as if it had been
started with &)
cat /etc/shells
(Display available shells on system).
echo $SHELL
(Display current shell being utilized).
Chsh –s /bin/ksh
(Change to a different shell) .
printenv or env
(commands to display environment variables).
Review Process States
PROCESS STATE CODES
D
R
S
T
Z
uninterruptible sleep (usually IO)
runable (on run queue)
sleeping
traced or stopped
a defunct ("zombie") process
For BSD formats and when the "stat" keyword is used,
additional letters may be displayed:
W has no resident pages
< high-priority process
N low-priority task
L has pages locked into memory (for real-time and custom IO)
Use the ps –aux | less command to display the above mentioned codes listed
under the STAT column heading.
Review Week Twelve Lab Assignment
PROCESS STATE Code
USER
PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root
root
root
root
root
root
root
root
root
root
1
2
3
4
5
6
7
8
9
10
0.0
0.0
0.0
0.0
0.0
0.0
0.0
0.0
0.0
0.0
0.0 1424 488 ?
0.0
0 0?
0.0
0 0?
0.0
0 0?
0.0
0 0?
0.0
0 0?
0.0
0 0?
0.0
0 0?
0.0
0 0?
0.0
0
0?
S
Oct19
SW Oct19
SW Oct19
SW Oct19
SW Oct19
SW Oct19
SWN Oct19
SWN Oct19
SWN Oct19
SWN Oct19
0:24
0:00
0:00
0:00
0:00
0:00
0:00
0:00
0:00
0:00
init
[migration/0]
[migration/1]
[migration/2]
[migration/3]
[keventd]
[ksoftirqd/0]
[ksoftirqd/1]
[ksoftirqd/2]
[ksoftirqd/3]
VSZ – virtual memory usage of the entire process.
RSS – non-swapped physical memory that a task has used.
Review week eleven lab assignment
Unix/Linux Processes
Linux defines a unit of work as a task or process.
Unix defines a unit of work as a process.
Each process is identified by a unique PID.
Each process is started from a previous process using the fork and
exec command.
The init process is created by the kernel using a non-traditional
procedure called hand-crafted or spontaneous.
Background processes run with a relatively low priority, require little
or no input, and generate a minimum of output. Background
process is unlike with a foreground process, the shell does not have
to wait for a background process to end before it can run more
processes. Background jobs are run at a lower priority to the
foreground jobs.
Foreground process is one that can show the user an interface,
through which the user can interact with the program. The user must
wait for one foreground process to complete before running another
one.
Week Fifteen Agenda
The fork () function is used to create a new process from an existing process. The new
process is called the child process, and the existing process is called the parent. Their
differences can be verified by checking the return value from fork (). The parent gets
the child’s pid returned to him, but the child get 0 (zero) to him.
The attributes the child inherits from the parent varies depending on the UNIX
implementation.
Inherits:
Process credentials (uids and gids)
Scheduling Class
Environment
Root Directory
Stack
Current Working Directory
Memory
Controlling Terminal
Open file descriptors
Resource Limits
Close on exec flags
Nice Value
Signal handling settings
Week Fifteen Agenda
Unique to child process:
Process ID
Different parent process ID
Own copy of file descriptors and directory streams
Process, text, data and other memory locks are NOT inherited
Process times, in the tms struct
Resource utilization are set to zero.
Pending signals initialized to the empty set
Timers created by timer_create operations not inherited
Asynchronous input or output operations not inherited
Review week eleven lab assignment
Daemon processes offer services like web pages
serving, email transferring, time synchronization, and
similar. They usually consume little CPU and
memory, and run quietly without user interaction.
They mainly communicate with other computer
programs, or with other computers via network.
Review week eleven lab assignment
cron is the periodic event scheduler of your system. The following examples give you
an idea of its usefulness and necessity.
• regular daily backups
• periodic mail checking
• polling a device for input
• sending regular reports
• sends user email every time a cron function is performed
cron file locations
/etc/crontab
/etc/cron.deny
/etc/cron.allow
Typical directory configuration
/etc/cron.d/hourly
/etc/cron.d/daily
/etc/cron.d/weekly
/etc/cron.d/monthly
How frequent does cron execute on a Unix-like system?
Disable email
0 * * * * echo “Email Sent” 2>&1 /dev/console
Review week eleven lab assignment
Who can use the crontab commands (create, list, edit or remove)?
Each line of CRONTAB has the following structure:
<Minute> <Hour> <Day> <Month> <Day of Week> <Command line>
There are a total of 6 fields in the crontab file
# This is a comment.
* * * * * /export/home/varneyg/checkfiles.sh
What does the “*” character represent in the first five fields of a crontab
record?
A single integer that matches that exact value.
A comma separated list of integers, like 1,2,3 to match one of the listed values.
Review week eleven lab assignment
crontab format:
* * * * * command to be executed
crontab values:
Field
minute
hour
day
month
weekday
Value
00-59
00-23 (military time)
1-31
1-12
0-6 (0=Sunday)
Example records:
30 5 11 12 * echo “Welcome to Franklin University”
30 * * * * echo “Unix Administration” >/tmp/class.title
Review week eleven lab assignment
crontab restrictions
If your name appears in the cron.allow file or if that files doesn’t exist, you can
use crontab.
If your name does not appear in the cron.deny file. If cron.deny exists and is
empty, all users can use crontab.
If neither file exists, only the root user can use crontab.
crontab command without options
Read standard input
Exit using “Control C” so that the existing crontab is unmodified.
Exit using “Control D” will cause the current users’ crontab to be
replaced with no information.
Review week eleven lab assignment
crontab commands
crontab -e
Edit crontab file
crontab –l
Display your crontab file
crontab –r
Remove your crontab file
crontab –v
Display last time crontab was
edited.
Week ten, eleven, and twelve expected
outcomes
•
Upon successful completion of this module, the student will be able to:
Manipulate user accounts.
Describe how cron is used to invoke repetitive processes.
Manipulate process structure including:
a. Background/foreground,
b. PS tool.
Explain basic UNIX security issues.
Describe disk and file system structure.
Use backup and restore archival operations on a system.
Establish network services.
Investigate the structure of the LDAP directory using LDAP commands.
Next lab assignment
• Copy-on-Write
It is an optimization strategy for multiple users
can gives the same pointer for a resource. The
primary advantage is that if a caller never makes any
modifications, no private copy is needed. This
strategy is used in virtual memory operating systems
pages in memory that might be modified by either the
process or its copy are marked copy-on-write.
http://en.wikipedia.org/wiki/Copy-on-write
Review week eleven lab assignment
Metadata
• Metadata is data about data. It may describe a single piece of data
or multiple content items and hierarchical levels.
• Metadata can be the name of a US corporation, or a registered
trademark.
• Metadata is structured information that describes and allows us to
find, manage, control and understand other information.
There are many different types of metadata.
Business Intelligence metadata
General IT metadata
IT metadata management products
File system metadata
Image metadata
Next Lab Assignment
• UNIX/Linux file system is contained under the
root directory denoted by a slash “/”.
• Users don’t have to worry about the physical
locations of files.
• The system administrator must be familiar
with mounting and un-mounting storage space
(/mnt).
Next Lab Assignment
File System
Is the methods and data structure that an operating system uses to
keep track of files on a disk or partition; that is the way the
files are organized on the disk.
Inode (Index node (metadata))
An inode contains all information about a file, except its name
and the actual data. The name is stored in the directory,
together with the number of inode. A directory consists of a
file name and the inode which represents the file. The inode
contains the number of several data blocks.
On many file system types the number of inodes available is
fixed when the filesystem is created, giving a maximum
number of files the file system can hold. Typically when a file
system is created about 1% of it is devoted to inodes.
Next Lab Assignment
File System
1. It is an organization of data and metadata on a storage device.
2. It is the methods and data structure that an operating system
uses to keep track of files on a disk or partition; that is the way
the files are organized on the disk.
3. Think of a file system as a protocol. File systems give
meaning to the data on a particular storage device.
What is a block device?
It is a device in which the data that moves to and from occurs in
blocks (like a disk sector) and supports attributes such as
buffering and random access behavior. Block devices include
hard drives, CD-ROMs, and RAM disks.
What is a character device?
It is a device that does not have a physical addressable media.
Character devices include serial ports and tape devices, where
data is streamed character by character.
File System
Next Lab Assignment
Next Lab Assignment
Super Block
Contains information about each mounted file system.
The actual data structure in Linux is called struct_vfsmount.
Information held is mount flags, mount time, device
name, pointer to super block and device block size.
The Linux 2.0 kernel keeps a static array of such
structures to store up to 64 mounted file systems.
Data Block
Data blocks are used to store the data in the file. There is space
only for a few data block numbers in the inode, however if
more are needed, more space for pointers to the data blocks is
allocated dynamically. These dynamically allocated blocks are
indirect blocks. The name indicates that in order to find the
data block, one has to find its number in the indirect block
first.
Next lab assignment
Directory tree
/
jones
varneyg
date
dev
tmp
bin
usr
wc
ksh
tty03
.profile
itec400
test
null
Next Lab Assignment
ext3 File System
Super Block
File Manager
Linux Virtual File System
Kernel
Next lab assignment
Linux Virtual File System (VFS)
The purpose of a VFS is to allow client
applications to access different types of file systems
in a uniform way.
Manages kernel file “abstractions” in one format
for all file systems.
File Manager
Is a program that provides a user interface to
work with the file system. They are very useful for
speeding up interaction with files. The most
common operations on files are create, open, edit,
print, rename, move, and copy.
Next lab assignment
UNIX base root file system tree structure
/bin (commands)
/dev (devices)
/etc (system configuration/executables)
/sbin (boot commands)
/usr/sbin (administrative commands)
/home (users home directories)
/lib (shared libraries)
/mnt (temporary mount directory)
/opt (optional software)
/proc (processes)
/stand (boot-related files)
/var (spooling)
Next lab assignment
lost+found directory
fsck is generally able to repair most system
damage and the frequency with which you will
find anything at all in your lost+found directories
has slowed significantly
If you have a system crash and the Linux file
system checker (fsck) recovers corrupt files they
are placed here.
Review fsck (filesystem check)
fsck
fsck is a utility that analyses and repairs file system inconsistencies.
The file system is checked by providing the name of the block or
character special device or by giving the name of its mount point if a
matching entry exists in /etc/fstab.
fsck File System Inconsistency checks include:
Blocks claimed by more than one inode or the free list.
Blocks claimed by an inode or the free list outside the range of the file
system.
Incorrect link counts.
Incorrect directory sizes.
Bad inode format.
Blocks not accounted for anywhere.
Directory checks, file pointing to unallocated inode, inode number out of
range, and absence of `.' and `. .' as the first two entries in each
directory.
Super Block checks: more blocks for inodes than there are in the file system.
Bad free block list format.
Total free block and/or free inode count incorrect.
Next lab assignment
Unix-like System Security
• Security on UNIX-like systems has focused on the
following areas:
–
–
–
–
–
Files and directories
PATH variable
password authentication
Unix-to-Unix commands
One-way function
Next lab assignment
Linux Security
SELinux developed by the U.S. National Security
Agency (NSA), implements Mandatory Access
Control (MAC) in the Linux kernel. MAC enforces
security policies that limit what a user or program
can do. It defines a security policy that controls some
or all objects, such as files, devices, sockets, and
ports, and some subjects like processes. Utilizing
SELinux, you can grant a process only those
permissions it needs to be functional.
Review week eleven lab assignment
Linux Security
TCP Wrapper is part of the client/server model, and
can be used with any daemon that is linked against
libwrap.a, and relies on the /etc/hosts.allow and
/etc/hosts.deny files as the basis of a simple access
control language. This access control language
defines rules that selectively allow clients to access
server daemons on a local system based on the
client’s address and the daemon the client tries to
access.
Upcoming deadlines
Knoppix File System Exercise, 11-1 is due March 25.
Programming Assignment 2, 12-1 is due April 1.
Archives Exercise, 12-2 is due April 1.
Presentations for Public Domain/Open Source Lab Assignment
13-1 will be April 2.
Programming Assignment 3, 14-1 is due April 14.
Final Exam, 15-1 will be administered April 9-14.
Module 6, contains study information for weeks 10, 11, and 12.
Final Exam Outline will be posted between March 30, two
weeks prior to the final exam date. This outline will be
considered a “living” document. I will add additional
information to it up to one week prior to the exam. All
additional information posted after the initial posting will be
highlighted/indicated.
Lab assistance
• Questions
• Comments
• Concerns
• I will be available after this Franklin Live
session to discuss any problems and/or
concerns regarding lab assignments.