Linux Fundamentals

Linux Fundamentals
Table of Contents
I. introduction to Linux ............................................................................................................. 1
1. distributions ............................................................................................................... 3
1.1. Red Hat ........................................................................................................... 4
1.2. Ubuntu ............................................................................................................. 4
1.3. Debian ............................................................................................................. 4
1.4. Other ............................................................................................................... 4
1.5. Which to choose ? ............................................................................................. 5
II. first steps on the command line .............................................................................................. 6
2. man pages .................................................................................................................. 8
2.1. man $command ................................................................................................. 9
2.2. man $configfile ................................................................................................. 9
2.3. man $daemon .................................................................................................... 9
2.4. man -k (apropos) ............................................................................................... 9
2.5. whatis .............................................................................................................. 9
2.6. whereis ............................................................................................................ 9
2.7. man sections ................................................................................................... 10
2.8. man $section $file ............................................................................................ 10
2.9. man man ........................................................................................................ 10
2.10. mandb .......................................................................................................... 10
3. working with directories ............................................................................................ 11
3.1. pwd ............................................................................................................... 12
3.2. cd .................................................................................................................. 12
3.3. absolute and relative paths ................................................................................. 13
3.4. path completion ............................................................................................... 14
3.5. ls ................................................................................................................... 14
3.6. mkdir ............................................................................................................. 16
3.7. rmdir .............................................................................................................. 16
3.8. practice: working with directories ........................................................................ 18
3.9. solution: working with directories ....................................................................... 19
4. working with files ..................................................................................................... 21
4.1. all files are case sensitive .................................................................................. 22
4.2. everything is a file ........................................................................................... 22
4.3. file ................................................................................................................ 22
4.4. touch .............................................................................................................. 23
4.5. rm ................................................................................................................. 24
4.6. cp .................................................................................................................. 25
4.7. mv ................................................................................................................. 26
4.8. rename ........................................................................................................... 27
4.9. practice: working with files ................................................................................ 28
4.10. solution: working with files .............................................................................. 29
5. working with file contents .......................................................................................... 31
5.1. head ............................................................................................................... 32
5.2. tail ................................................................................................................. 32
5.3. cat ................................................................................................................. 33
5.4. tac ................................................................................................................. 34
5.5. more and less .................................................................................................. 35
5.6. strings ............................................................................................................ 35
5.7. practice: file contents ........................................................................................ 36
5.8. solution: file contents ........................................................................................ 37
6. the Linux file tree ..................................................................................................... 38
6.1. filesystem hierarchy standard .............................................................................. 39
6.2. man hier ......................................................................................................... 39
6.3. the root directory / ............................................................................................ 39
6.4. binary directories ............................................................................................. 40
6.5. configuration directories .................................................................................... 42

iii
 Linux Fundamentals

6.6. data directories ................................................................................................ 44

6.7. in memory directories ....................................................................................... 46
6.8. /usr Unix System Resources ............................................................................... 51
6.9. /var variable data .............................................................................................. 53
6.10. practice: file system tree .................................................................................. 55
6.11. solution: file system tree .................................................................................. 57
III. pipes and commands ......................................................................................................... 59
7. filters ....................................................................................................................... 61
7.1. cat ................................................................................................................. 62
7.2. tee ................................................................................................................. 62
7.3. grep ............................................................................................................... 62
7.4. cut ................................................................................................................. 64
7.5. tr ................................................................................................................... 64
7.6. wc ................................................................................................................. 65
7.7. sort ................................................................................................................ 66
7.8. uniq ............................................................................................................... 67
7.9. comm ............................................................................................................. 68
7.10. od ................................................................................................................ 69
7.11. sed ............................................................................................................... 70
7.12. pipe examples ................................................................................................ 71
7.13. practice: filters ............................................................................................... 72
7.14. solution: filters ............................................................................................... 73
8. basic Unix tools ......................................................................................................... 75
8.1. find ................................................................................................................ 76
8.2. locate ............................................................................................................. 77
8.3. date ............................................................................................................... 77
8.4. cal ................................................................................................................. 78
8.5. sleep .............................................................................................................. 78
8.6. time ............................................................................................................... 79
8.7. gzip - gunzip ................................................................................................... 80
8.8. zcat - zmore .................................................................................................... 80
8.9. bzip2 - bunzip2 ................................................................................................ 81
8.10. bzcat - bzmore ............................................................................................... 81
8.11. practice: basic Unix tools ................................................................................. 82
8.12. solution: basic Unix tools ................................................................................. 83
IV. vi ................................................................................................................................... 85
9. Introduction to vi ...................................................................................................... 87
9.1. command mode and insert mode ......................................................................... 88
9.2. start typing (a A i I o O) ................................................................................... 88
9.3. replace and delete a character (r x X) ................................................................... 89
9.4. undo and repeat (u .) ......................................................................................... 89
9.5. cut, copy and paste a line (dd yy p P) .................................................................. 89
9.6. cut, copy and paste lines (3dd 2yy) ..................................................................... 90
9.7. start and end of a line (0 or ^ and $) ................................................................... 90
9.8. join two lines (J) and more ................................................................................ 90
9.9. words (w b) .................................................................................................... 91
9.10. save (or not) and exit (:w :q :q! ) ....................................................................... 91
9.11. Searching (/ ?) ............................................................................................... 91
9.12. replace all ( :1,$ s/foo/bar/g ) ............................................................................ 92
9.13. reading files (:r :r !cmd) ................................................................................... 92
9.14. text buffers .................................................................................................... 92
9.15. multiple files ................................................................................................. 92
9.16. abbreviations ................................................................................................. 93
9.17. key mappings ................................................................................................ 94
9.18. setting options ................................................................................................ 94
9.19. practice: vi(m) ............................................................................................... 95
9.20. solution: vi(m) ............................................................................................... 96
V. local user management ........................................................................................................ 97

iv
 Linux Fundamentals

10. introduction to users ................................................................................................ 99

10.1. whoami ....................................................................................................... 100
10.2. who ............................................................................................................ 100
10.3. who am i ..................................................................................................... 100
10.4. w ............................................................................................................... 100
10.5. id ............................................................................................................... 100
10.6. su to another user ......................................................................................... 101
10.7. su to root .................................................................................................... 101
10.8. su as root .................................................................................................... 101
10.9. su - $username ............................................................................................. 101
10.10. su - ........................................................................................................... 101
10.11. run a program as another user ....................................................................... 102
10.12. visudo ....................................................................................................... 102
10.13. sudo su - ................................................................................................... 103
10.14. sudo logging .............................................................................................. 103
10.15. practice: introduction to users ........................................................................ 104
10.16. solution: introduction to users ........................................................................ 105
11. groups .................................................................................................................. 107
11.1. groupadd ..................................................................................................... 108
11.2. group file .................................................................................................... 108
11.3. groups ......................................................................................................... 108
11.4. usermod ...................................................................................................... 109
11.5. groupmod .................................................................................................... 109
11.6. groupdel ...................................................................................................... 109
11.7. gpasswd ...................................................................................................... 110
11.8. newgrp ........................................................................................................ 111
11.9. vigr ............................................................................................................ 111
11.10. practice: groups .......................................................................................... 112
11.11. solution: groups .......................................................................................... 113
VI. file security .................................................................................................................... 114
12. standard file permissions ........................................................................................ 116
12.1. file ownership .............................................................................................. 117
12.2. list of special files ......................................................................................... 119
12.3. permissions .................................................................................................. 120
12.4. practice: standard file permissions .................................................................... 125
12.5. solution: standard file permissions .................................................................... 126
13. file links ................................................................................................................ 128
13.1. inodes ......................................................................................................... 129
13.2. about directories ........................................................................................... 130
13.3. hard links .................................................................................................... 131
13.4. symbolic links .............................................................................................. 132
13.5. removing links ............................................................................................. 132
13.6. practice : links .............................................................................................. 133
13.7. solution : links .............................................................................................. 134
VII. process management ....................................................................................................... 135
14. introduction to processes ........................................................................................ 137
14.1. terminology ................................................................................................. 138
14.2. basic process management .............................................................................. 139
14.3. signalling processes ....................................................................................... 143
14.4. practice : basic process management ................................................................. 146
14.5. solution : basic process management ................................................................. 147
VIII. disk management .......................................................................................................... 149
15. disk devices ........................................................................................................... 151
15.1. terminology ................................................................................................. 152
15.2. device naming .............................................................................................. 154
15.3. discovering disk devices ................................................................................. 155
15.4. erasing a hard disk ........................................................................................ 160
15.5. advanced hard disk settings ............................................................................ 161

v
 Linux Fundamentals

15.6. practice: hard disk devices .............................................................................. 162

15.7. solution: hard disk devices .............................................................................. 163
16. disk partitions ....................................................................................................... 165
16.1. about partitions ............................................................................................. 166
16.2. discovering partitions ..................................................................................... 167
16.3. partitioning new disks .................................................................................... 169
16.4. about the partition table ................................................................................. 171
16.5. GUID partition table ...................................................................................... 172
16.6. labeling with parted ....................................................................................... 172
16.7. practice: partitions ......................................................................................... 174
16.8. solution: partitions ........................................................................................ 175
17. file systems ............................................................................................................ 176
17.1. about file systems ......................................................................................... 177
17.2. common file systems ..................................................................................... 178
17.3. putting a file system on a partition ................................................................... 181
17.4. tuning a file system ....................................................................................... 182
17.5. checking a file system ................................................................................... 183
17.6. practice: file systems ..................................................................................... 184
17.7. solution: file systems ..................................................................................... 185
18. mounting .............................................................................................................. 186
18.1. mounting local file systems ............................................................................ 187
18.2. displaying mounted file systems ...................................................................... 188
18.3. from start to finish ........................................................................................ 190
18.4. permanent mounts ......................................................................................... 191
18.5. securing mounts ............................................................................................ 192
18.6. mounting remote file systems .......................................................................... 193
18.7. practice: mounting file systems ........................................................................ 194
18.8. solution: mounting file systems ....................................................................... 195
IX. boot management ............................................................................................................ 197
19. init and runlevels ................................................................................................... 199
19.1. system init(ialization) .................................................................................... 200
19.2. daemon or demon ? ....................................................................................... 205
19.3. starting and stopping daemons ......................................................................... 205
19.4. chkconfig .................................................................................................... 206
19.5. update-rc.d ................................................................................................... 208
19.6. bum ............................................................................................................ 209
19.7. runlevels ..................................................................................................... 210
19.8. systemd ....................................................................................................... 212
19.9. practice: init ................................................................................................. 218
19.10. solution : init .............................................................................................. 219
X. system management .......................................................................................................... 221
20. scheduling ............................................................................................................. 223
20.1. one time jobs with at ..................................................................................... 224
20.2. cron ............................................................................................................ 226
20.3. practice : scheduling ...................................................................................... 228
20.4. solution : scheduling ...................................................................................... 229
21. logging .................................................................................................................. 230
21.1. login logging ................................................................................................ 231
21.2. syslogd ........................................................................................................ 234
21.3. logger ......................................................................................................... 237
21.4. watching logs ............................................................................................... 237
21.5. rotating logs ................................................................................................. 238
21.6. practice : logging .......................................................................................... 239
21.7. solution : logging .......................................................................................... 240
22. memory management ............................................................................................. 242
22.1. displaying memory and cache ......................................................................... 243
22.2. managing swap space .................................................................................... 244
22.3. monitoring memory with vmstat ...................................................................... 246

vi
 Linux Fundamentals

22.4. practice : memory ......................................................................................... 247

22.5. solution : memory ......................................................................................... 248
23. resource monitoring ............................................................................................... 249
23.1. four basic resources ....................................................................................... 250
23.2. top ............................................................................................................. 250
23.3. free ............................................................................................................ 250
23.4. watch .......................................................................................................... 251
23.5. vmstat ......................................................................................................... 251
23.6. iostat .......................................................................................................... 252
23.7. mpstat ......................................................................................................... 253
23.8. sadc and sar ................................................................................................. 253
23.9. ntop ............................................................................................................ 254
23.10. iftop .......................................................................................................... 254
23.11. iptraf ......................................................................................................... 254
23.12. nmon ........................................................................................................ 255
23.13. htop .......................................................................................................... 255
XI. network management ....................................................................................................... 256
24. interface configuration ........................................................................................... 258
24.1. to gui or not to gui ....................................................................................... 259
24.2. Debian nic configuration ................................................................................ 260
24.3. RHEL nic configuration ................................................................................. 262
24.4. ifconfig ....................................................................................................... 264
24.5. ip ............................................................................................................... 266
24.6. dhclient ....................................................................................................... 267
24.7. hostname ..................................................................................................... 267
24.8. arp ............................................................................................................. 268
24.9. route ........................................................................................................... 269
24.10. ping .......................................................................................................... 269
24.11. optional: ethtool .......................................................................................... 270
24.12. practice: interface configuration ..................................................................... 271
24.13. solution: interface configuration ..................................................................... 272
25. network sniffing ..................................................................................................... 274
25.1. wireshark ..................................................................................................... 275
25.2. tcpdump ...................................................................................................... 279
25.3. practice: network sniffing ............................................................................... 280
25.4. solution: network sniffing ............................................................................... 281
26. binding and bonding .............................................................................................. 282
26.1. binding on Redhat/Fedora ............................................................................... 283
26.2. binding on Debian/Ubuntu .............................................................................. 284
26.3. bonding on Redhat/Fedora .............................................................................. 285
26.4. bonding on Debian/Ubuntu ............................................................................. 287
26.5. practice: binding and bonding ......................................................................... 289
26.6. solution: binding and bonding ......................................................................... 290
27. introduction to networking ..................................................................................... 291
27.1. introduction to iptables .................................................................................. 292
27.2. practice : iptables .......................................................................................... 293
27.3. solution : iptables .......................................................................................... 294
27.4. xinetd and inetd ............................................................................................ 295
27.5. practice : inetd and xinetd ............................................................................... 297
27.6. network file system ....................................................................................... 298
27.7. practice : network file system .......................................................................... 300
XII. apache and squid ........................................................................................................... 301
28. introduction to squid .............................................................................................. 303
28.1. about proxy servers ....................................................................................... 303
28.2. installing squid ............................................................................................. 304
28.3. port 3128 ..................................................................................................... 304
28.4. starting and stopping ..................................................................................... 304
28.5. client proxy settings ...................................................................................... 305

vii
 Linux Fundamentals

28.6. upside down images ...................................................................................... 307

28.7. /var/log/squid ................................................................................................ 309
28.8. access control ............................................................................................... 309
28.9. testing squid ................................................................................................ 309
28.10. name resolution .......................................................................................... 309
XIII. iptables firewall ............................................................................................................ 311
29. introduction to routers ........................................................................................... 313
29.1. router or firewall .......................................................................................... 314
29.2. packet forwarding ......................................................................................... 314
29.3. packet filtering ............................................................................................. 314
29.4. stateful ........................................................................................................ 314
29.5. nat (network address translation) ...................................................................... 315
29.6. pat (port address translation) ........................................................................... 315
29.7. snat (source nat) ........................................................................................... 315
29.8. masquerading ............................................................................................... 315
29.9. dnat (destination nat) ..................................................................................... 315
29.10. port forwarding ........................................................................................... 315
29.11. /proc/sys/net/ipv4/ip_forward ......................................................................... 316
29.12. /etc/sysctl.conf ............................................................................................ 316
29.13. sysctl ........................................................................................................ 316
29.14. practice: packet forwarding ........................................................................... 317
29.15. solution: packet forwarding ........................................................................... 319
30. iptables firewall ..................................................................................................... 322
30.1. iptables tables .............................................................................................. 323
30.2. starting and stopping iptables .......................................................................... 323
30.3. the filter table .............................................................................................. 324
30.4. practice: packet filtering ................................................................................. 329
30.5. solution: packet filtering ................................................................................. 330
30.6. network address translation ............................................................................. 331
XIV. Appendix .................................................................................................................... 334
Index .................................................................................................................................. 335

viii
List of Tables
1.1. choosing a Linux distro ...................................................................................................... 5
9.1. getting to command mode ................................................................................................. 88
9.2. switch to insert mode ........................................................................................................ 88
9.3. replace and delete ............................................................................................................ 89
9.4. undo and repeat ............................................................................................................... 89
9.5. cut, copy and paste a line .................................................................................................. 89
9.6. cut, copy and paste lines ................................................................................................... 90
9.7. start and end of line ......................................................................................................... 90
9.8. join two lines .................................................................................................................. 90
9.9. words ............................................................................................................................. 91
9.10. save and exit vi .............................................................................................................. 91
9.11. searching ....................................................................................................................... 91
9.12. replace .......................................................................................................................... 92
9.13. read files and input ......................................................................................................... 92
9.14. text buffers .................................................................................................................... 92
9.15. multiple files ................................................................................................................. 93
9.16. abbreviations ................................................................................................................. 93
12.1. Unix special files .......................................................................................................... 119
12.2. standard Unix file permissions ........................................................................................ 120
12.3. Unix file permissions position ......................................................................................... 120
12.4. Octal permissions .......................................................................................................... 123
15.1. ide device naming ......................................................................................................... 154
15.2. scsi device naming ........................................................................................................ 154
16.1. primary, extended and logical partitions ............................................................................ 166
16.2. Partition naming ........................................................................................................... 166
19.1. systemd power management ........................................................................................... 216
29.1. Packet Forwarding Exercise ............................................................................................ 317
29.2. Packet Forwarding Solution ............................................................................................ 319

ix
Part I. introduction to Linux
Table of Contents
1. distributions ....................................................................................................................... 3
1.1. Red Hat ................................................................................................................... 4
1.2. Ubuntu ..................................................................................................................... 4
1.3. Debian ..................................................................................................................... 4
1.4. Other ....................................................................................................................... 4
1.5. Which to choose ? ..................................................................................................... 5

2
Chapter 1. distributions
This chapter gives a short overview of current Linux distributions.

A Linux distribution is a collection of (usually open source) software on top of a Linux ker-
nel. A distribution (or short, distro) can bundle server software, system management tools,
documentation and many desktop applications in a central secure software repository. A
distro aims to provide a common look and feel, secure and easy software management and
often a specific operational purpose.

Let's take a look at some popular distributions.

3
 distributions

1.1. Red Hat

Red Hat is a billion dollar commercial Linux company that puts a lot of effort in developing
Linux. They have hundreds of Linux specialists and are known for their excellent support.
They give their products (Red Hat Enterprise Linux and Fedora) away for free. While Red
Hat Enterprise Linux (RHEL) is well tested before release and supported for up to seven
years after release, Fedora is a distro with faster updates but without support.

1.2. Ubuntu
Canonical started sending out free compact discs with Ubuntu Linux in 2004 and quick-
ly became popular for home users (many switching from Microsoft Windows). Canonical
wants Ubuntu to be an easy to use graphical Linux desktop without need to ever see a com-
mand line. Of course they also want to make a profit by selling support for Ubuntu.

1.3. Debian
There is no company behind Debian. Instead there are thousands of well organised devel-
opers that elect a Debian Project Leader every two years. Debian is seen as one of the most
stable Linux distributions. It is also the basis of every release of Ubuntu. Debian comes in
three versions: stable, testing and unstable. Every Debian release is named after a character
in the movie Toy Story.

1.4. Other
Distributions like CentOS, Oracle Enterprise Linux and Scientific Linux are based on Red
Hat Enterprise Linux and share many of the same principles, directories and system admin-
istration techniques. Linux Mint, Edubuntu and many other *buntu named distributions are
based on Ubuntu and thus share a lot with Debian. There are hundreds of other Linux dis-
tributions.

4
 distributions

1.5. Which to choose ?

Below are some very personal opinions on some of the most popular Linux Distributions.
Keep in mind that any of the below Linux distributions can be a stable server and a nice
graphical desktop client.

Table 1.1. choosing a Linux distro

distribution name reason(s) for using
Red Hat Enterprise (RHEL) You are a manager and you want a good support contract.
CentOS You want Red Hat without the support contract from Red Hat.
Fedora You want Red Hat on your laptop/desktop.
Linux Mint You want a personal graphical desktop to play movies, music and games.
Debian My personal favorite for servers, laptops, and any other device.
Ubuntu Very popular, based on Debian, not my favorite.
Kali You want a pointy-clicky hacking interface.
others Advanced users may prefer Arch, Gentoo, OpenSUSE, Scientific, ...

When you are new to Linux in 2015, go for the latest Mint or Fedora. If you only want to
practice the Linux command line then install one Debian server and/or one CentOS server
(without graphical interface).

Here are some links to help you choose:

distrowatch.com
redhat.com
centos.org
debian.org
www.linuxmint.com
ubuntu.com

5
Part II. first steps on
the command line
Table of Contents
2. man pages .......................................................................................................................... 8
2.1. man $command ......................................................................................................... 9
2.2. man $configfile ......................................................................................................... 9
2.3. man $daemon ............................................................................................................ 9
2.4. man -k (apropos) ....................................................................................................... 9
2.5. whatis ...................................................................................................................... 9
2.6. whereis .................................................................................................................... 9
2.7. man sections ........................................................................................................... 10
2.8. man $section $file .................................................................................................... 10
2.9. man man ................................................................................................................ 10
2.10. mandb .................................................................................................................. 10
3. working with directories .................................................................................................... 11
3.1. pwd ....................................................................................................................... 12
3.2. cd .......................................................................................................................... 12
3.3. absolute and relative paths ......................................................................................... 13
3.4. path completion ....................................................................................................... 14
3.5. ls ........................................................................................................................... 14
3.6. mkdir ..................................................................................................................... 16
3.7. rmdir ...................................................................................................................... 16
3.8. practice: working with directories ............................................................................... 18
3.9. solution: working with directories ............................................................................... 19
4. working with files ............................................................................................................. 21
4.1. all files are case sensitive .......................................................................................... 22
4.2. everything is a file ................................................................................................... 22
4.3. file ........................................................................................................................ 22
4.4. touch ...................................................................................................................... 23
4.5. rm ......................................................................................................................... 24
4.6. cp .......................................................................................................................... 25
4.7. mv ......................................................................................................................... 26
4.8. rename ................................................................................................................... 27
4.9. practice: working with files ........................................................................................ 28
4.10. solution: working with files ...................................................................................... 29
5. working with file contents .................................................................................................. 31
5.1. head ....................................................................................................................... 32
5.2. tail ......................................................................................................................... 32
5.3. cat ......................................................................................................................... 33
5.4. tac ......................................................................................................................... 34
5.5. more and less .......................................................................................................... 35
5.6. strings .................................................................................................................... 35
5.7. practice: file contents ................................................................................................ 36
5.8. solution: file contents ................................................................................................ 37
6. the Linux file tree ............................................................................................................. 38
6.1. filesystem hierarchy standard ..................................................................................... 39
6.2. man hier ................................................................................................................. 39
6.3. the root directory / .................................................................................................... 39
6.4. binary directories ..................................................................................................... 40
6.5. configuration directories ............................................................................................ 42
6.6. data directories ........................................................................................................ 44
6.7. in memory directories ............................................................................................... 46
6.8. /usr Unix System Resources ....................................................................................... 51
6.9. /var variable data ...................................................................................................... 53
6.10. practice: file system tree .......................................................................................... 55
6.11. solution: file system tree .......................................................................................... 57

7
Chapter 2. man pages
This chapter will explain the use of man pages (also called manual pages) on your Unix
or Linux computer.

You will learn the man command together with related commands like whereis, whatis
and mandb.

Most Unix files and commands have pretty good man pages to explain their use. Man pages
also come in handy when you are using multiple flavours of Unix or several Linux distrib-
utions since options and parameters sometimes vary.

8
 man pages

2.1. man $command

Type man followed by a command (for which you want help) and start reading. Press q to
quit the manpage. Some man pages contain examples (near the end).
paul@laika:~$ man whois
Reformatting whois(1), please wait...

2.2. man $configfile

Most configuration files have their own manual.
paul@laika:~$ man syslog.conf
Reformatting syslog.conf(5), please wait...

2.3. man $daemon

This is also true for most daemons (background programs) on your system..
paul@laika:~$ man syslogd
Reformatting syslogd(8), please wait...

2.4. man -k (apropos)

man -k (or apropos) shows a list of man pages containing a string.
paul@laika:~$ man -k syslog
lm-syslog-setup (8) - configure laptop mode to switch syslog.conf ...
logger (1) - a shell command interface to the syslog(3) ...
syslog-facility (8) - Setup and remove LOCALx facility for sysklogd
syslog.conf (5) - syslogd(8) configuration file
syslogd (8) - Linux system logging utilities.
syslogd-listfiles (8) - list system logfiles

2.5. whatis
To see just the description of a manual page, use whatis followed by a string.
paul@u810:~$ whatis route
route (8) - show / manipulate the IP routing table

2.6. whereis
The location of a manpage can be revealed with whereis.
paul@laika:~$ whereis -m whois
whois: /usr/share/man/man1/whois.1.gz

This file is directly readable by man.

paul@laika:~$ man /usr/share/man/man1/whois.1.gz

9
 man pages

2.7. man sections

By now you will have noticed the numbers between the round brackets. man man will
explain to you that these are section numbers. Executable programs and shell commands
reside in section one.
1 Executable programs or shell commands
2 System calls (functions provided by the kernel)
3 Library calls (functions within program libraries)
4 Special files (usually found in /dev)
5 File formats and conventions eg /etc/passwd
6 Games
7 Miscellaneous (including macro packages and conventions), e.g. man(7)
8 System administration commands (usually only for root)
9 Kernel routines [Non standard]

2.8. man $section $file

Therefor, when referring to the man page of the passwd command, you will see it written
as passwd(1); when referring to the passwd file, you will see it written as passwd(5). The
screenshot explains how to open the man page in the correct section.
[paul@RHEL52 ~]$ man passwd # opens the first manual found
[paul@RHEL52 ~]$ man 5 passwd # opens a page from section 5

2.9. man man

If you want to know more about man, then Read The Fantastic Manual (RTFM).

Unfortunately, manual pages do not have the answer to everything...

paul@laika:~$ man woman
No manual entry for woman

2.10. mandb
Should you be convinced that a man page exists, but you can't access it, then try running
mandb on Debian/Mint.
root@laika:~# mandb
0 man subdirectories contained newer manual pages.
0 manual pages were added.
0 stray cats were added.
0 old database entries were purged.

Or run makewhatis on CentOS/Redhat.

[root@centos65 ~]# apropos scsi
scsi: nothing appropriate
[root@centos65 ~]# makewhatis
[root@centos65 ~]# apropos scsi
hpsa (4) - HP Smart Array SCSI driver
lsscsi (8) - list SCSI devices (or hosts) and their attributes
sd (4) - Driver for SCSI Disk Drives
st (4) - SCSI tape device

10
Chapter 3. working with directories
This module is a brief overview of the most common commands to work with directories:
pwd, cd, ls, mkdir and rmdir. These commands are available on any Linux (or Unix) sys-
tem.

This module also discusses absolute and relative paths and path completion in the bash
shell.

11
 working with directories

3.1. pwd
The you are here sign can be displayed with the pwd command (Print Working Directory).
Go ahead, try it: Open a command line interface (also called a terminal, console or xterm)
and type pwd. The tool displays your current directory.
paul@debian8:~$ pwd
/home/paul

3.2. cd
You can change your current directory with the cd command (Change Directory).
paul@debian8$ cd /etc
paul@debian8$ pwd
/etc
paul@debian8$ cd /bin
paul@debian8$ pwd
/bin
paul@debian8$ cd /home/paul/
paul@debian8$ pwd
/home/paul

3.2.1. cd ~
The cd is also a shortcut to get back into your home directory. Just typing cd without a target
directory, will put you in your home directory. Typing cd ~ has the same effect.
paul@debian8$ cd /etc
paul@debian8$ pwd
/etc
paul@debian8$ cd
paul@debian8$ pwd
/home/paul
paul@debian8$ cd ~
paul@debian8$ pwd
/home/paul

3.2.2. cd ..
To go to the parent directory (the one just above your current directory in the directory
tree), type cd .. .
paul@debian8$ pwd
/usr/share/games
paul@debian8$ cd ..
paul@debian8$ pwd
/usr/share

To stay in the current directory, type cd . ;-) We will see useful use of the . character repre-
senting the current directory later.

12
 working with directories

3.2.3. cd -
Another useful shortcut with cd is to just type cd - to go to the previous directory.
paul@debian8$ pwd
/home/paul
paul@debian8$ cd /etc
paul@debian8$ pwd
/etc
paul@debian8$ cd -
/home/paul
paul@debian8$ cd -
/etc

3.3. absolute and relative paths

You should be aware of absolute and relative paths in the file tree. When you type a path
starting with a slash (/), then the root of the file tree is assumed. If you don't start your path
with a slash, then the current directory is the assumed starting point.

The screenshot below first shows the current directory /home/paul. From within this direc-
tory, you have to type cd /home instead of cd home to go to the /home directory.
paul@debian8$ pwd
/home/paul
paul@debian8$ cd home
bash: cd: home: No such file or directory
paul@debian8$ cd /home
paul@debian8$ pwd
/home

When inside /home, you have to type cd paul instead of cd /paul to enter the subdirectory
paul of the current directory /home.
paul@debian8$ pwd
/home
paul@debian8$ cd /paul
bash: cd: /paul: No such file or directory
paul@debian8$ cd paul
paul@debian8$ pwd
/home/paul

In case your current directory is the root directory /, then both cd /home and cd home will
get you in the /home directory.
paul@debian8$ pwd
/
paul@debian8$ cd home
paul@debian8$ pwd
/home
paul@debian8$ cd /
paul@debian8$ cd /home
paul@debian8$ pwd
/home

This was the last screenshot with pwd statements. From now on, the current directory will
often be displayed in the prompt. Later in this book we will explain how the shell variable
$PS1 can be configured to show this.

13
 working with directories

3.4. path completion

The tab key can help you in typing a path without errors. Typing cd /et followed by the tab
key will expand the command line to cd /etc/. When typing cd /Et followed by the tab key,
nothing will happen because you typed the wrong path (upper case E).

You will need fewer key strokes when using the tab key, and you will be sure your typed
path is correct!

3.5. ls
You can list the contents of a directory with ls.
paul@debian8:~$ ls
allfiles.txt dmesg.txt services stuff summer.txt
paul@debian8:~$

3.5.1. ls -a
A frequently used option with ls is -a to show all files. Showing all files means including
the hidden files. When a file name on a Linux file system starts with a dot, it is considered
a hidden file and it doesn't show up in regular file listings.
paul@debian8:~$ ls
allfiles.txt dmesg.txt services stuff summer.txt
paul@debian8:~$ ls -a
. allfiles.txt .bash_profile dmesg.txt .lesshst stuff
.. .bash_history .bashrc services .ssh summer.txt
paul@debian8:~$

3.5.2. ls -l
Many times you will be using options with ls to display the contents of the directory in
different formats or to display different parts of the directory. Typing just ls gives you a
list of files in the directory. Typing ls -l (that is a letter L, not the number 1) gives you a
long listing.
paul@debian8:~$ ls -l
total 17296
-rw-r--r-- 1 paul paul 17584442 Sep 17 00:03 allfiles.txt
-rw-r--r-- 1 paul paul 96650 Sep 17 00:03 dmesg.txt
-rw-r--r-- 1 paul paul 19558 Sep 17 00:04 services
drwxr-xr-x 2 paul paul 4096 Sep 17 00:04 stuff
-rw-r--r-- 1 paul paul 0 Sep 17 00:04 summer.txt

14
 working with directories

3.5.3. ls -lh
Another frequently used ls option is -h. It shows the numbers (file sizes) in a more human
readable format. Also shown below is some variation in the way you can give the options
to ls. We will explain the details of the output later in this book.

Note that we use the letter L as an option in this screenshot, not the number 1.
paul@debian8:~$ ls -l -h
total 17M
-rw-r--r-- 1 paul paul 17M Sep 17 00:03 allfiles.txt
-rw-r--r-- 1 paul paul 95K Sep 17 00:03 dmesg.txt
-rw-r--r-- 1 paul paul 20K Sep 17 00:04 services
drwxr-xr-x 2 paul paul 4.0K Sep 17 00:04 stuff
-rw-r--r-- 1 paul paul 0 Sep 17 00:04 summer.txt
paul@debian8:~$ ls -lh
total 17M
-rw-r--r-- 1 paul paul 17M Sep 17 00:03 allfiles.txt
-rw-r--r-- 1 paul paul 95K Sep 17 00:03 dmesg.txt
-rw-r--r-- 1 paul paul 20K Sep 17 00:04 services
drwxr-xr-x 2 paul paul 4.0K Sep 17 00:04 stuff
-rw-r--r-- 1 paul paul 0 Sep 17 00:04 summer.txt
paul@debian8:~$ ls -hl
total 17M
-rw-r--r-- 1 paul paul 17M Sep 17 00:03 allfiles.txt
-rw-r--r-- 1 paul paul 95K Sep 17 00:03 dmesg.txt
-rw-r--r-- 1 paul paul 20K Sep 17 00:04 services
drwxr-xr-x 2 paul paul 4.0K Sep 17 00:04 stuff
-rw-r--r-- 1 paul paul 0 Sep 17 00:04 summer.txt
paul@debian8:~$ ls -h -l
total 17M
-rw-r--r-- 1 paul paul 17M Sep 17 00:03 allfiles.txt
-rw-r--r-- 1 paul paul 95K Sep 17 00:03 dmesg.txt
-rw-r--r-- 1 paul paul 20K Sep 17 00:04 services
drwxr-xr-x 2 paul paul 4.0K Sep 17 00:04 stuff
-rw-r--r-- 1 paul paul 0 Sep 17 00:04 summer.txt
paul@debian8:~$

15
 working with directories

3.6. mkdir
Walking around the Unix file tree is fun, but it is even more fun to create your own directories
with mkdir. You have to give at least one parameter to mkdir, the name of the new directory
to be created. Think before you type a leading / .
paul@debian8:~$ mkdir mydir
paul@debian8:~$ cd mydir
paul@debian8:~/mydir$ ls -al
total 8
drwxr-xr-x 2 paul paul 4096 Sep 17 00:07 .
drwxr-xr-x 48 paul paul 4096 Sep 17 00:07 ..
paul@debian8:~/mydir$ mkdir stuff
paul@debian8:~/mydir$ mkdir otherstuff
paul@debian8:~/mydir$ ls -l
total 8
drwxr-xr-x 2 paul paul 4096 Sep 17 00:08 otherstuff
drwxr-xr-x 2 paul paul 4096 Sep 17 00:08 stuff
paul@debian8:~/mydir$

3.6.1. mkdir -p
The following command will fail, because the parent directory of threedirsdeep does not
exist.
paul@debian8:~$ mkdir mydir2/mysubdir2/threedirsdeep
mkdir: cannot create directory ‘mydir2/mysubdir2/threedirsdeep’: No such fi\
le or directory

When given the option -p, then mkdir will create parent directories as needed.
paul@debian8:~$ mkdir -p mydir2/mysubdir2/threedirsdeep
paul@debian8:~$ cd mydir2
paul@debian8:~/mydir2$ ls -l
total 4
drwxr-xr-x 3 paul paul 4096 Sep 17 00:11 mysubdir2
paul@debian8:~/mydir2$ cd mysubdir2
paul@debian8:~/mydir2/mysubdir2$ ls -l
total 4
drwxr-xr-x 2 paul paul 4096 Sep 17 00:11 threedirsdeep
paul@debian8:~/mydir2/mysubdir2$ cd threedirsdeep/
paul@debian8:~/mydir2/mysubdir2/threedirsdeep$ pwd
/home/paul/mydir2/mysubdir2/threedirsdeep

3.7. rmdir
When a directory is empty, you can use rmdir to remove the directory.
paul@debian8:~/mydir$ ls -l
total 8
drwxr-xr-x 2 paul paul 4096 Sep 17 00:08 otherstuff
drwxr-xr-x 2 paul paul 4096 Sep 17 00:08 stuff
paul@debian8:~/mydir$ rmdir otherstuff
paul@debian8:~/mydir$ cd ..
paul@debian8:~$ rmdir mydir
rmdir: failed to remove ‘mydir’: Directory not empty
paul@debian8:~$ rmdir mydir/stuff
paul@debian8:~$ rmdir mydir
paul@debian8:~$

16
 working with directories

3.7.1. rmdir -p
And similar to the mkdir -p option, you can also use rmdir to recursively remove direc-
tories.
paul@debian8:~$ mkdir -p test42/subdir
paul@debian8:~$ rmdir -p test42/subdir
paul@debian8:~$

17
 working with directories

3.8. practice: working with directories

1. Display your current directory.

2. Change to the /etc directory.

3. Now change to your home directory using only three key presses.

4. Change to the /boot/grub directory using only eleven key presses.

5. Go to the parent directory of the current directory.

6. Go to the root directory.

7. List the contents of the root directory.

8. List a long listing of the root directory.

9. Stay where you are, and list the contents of /etc.

10. Stay where you are, and list the contents of /bin and /sbin.

11. Stay where you are, and list the contents of ~.

12. List all the files (including hidden files) in your home directory.

13. List the files in /boot in a human readable format.

14. Create a directory testdir in your home directory.

15. Change to the /etc directory, stay here and create a directory newdir in your home di-
rectory.

16. Create in one command the directories ~/dir1/dir2/dir3 (dir3 is a subdirectory from dir2,
and dir2 is a subdirectory from dir1 ).

17. Remove the directory testdir.

18. If time permits (or if you are waiting for other students to finish this practice), use and
understand pushd and popd. Use the man page of bash to find information about these
commands.

18
 working with directories

3.9. solution: working with directories

1. Display your current directory.
pwd

2. Change to the /etc directory.

cd /etc

3. Now change to your home directory using only three key presses.
cd (and the enter key)

4. Change to the /boot/grub directory using only eleven key presses.

cd /boot/grub (use the tab key)

5. Go to the parent directory of the current directory.

cd .. (with space between cd and ..)

6. Go to the root directory.

cd /

7. List the contents of the root directory.

ls

8. List a long listing of the root directory.

ls -l

9. Stay where you are, and list the contents of /etc.

ls /etc

10. Stay where you are, and list the contents of /bin and /sbin.
ls /bin /sbin

11. Stay where you are, and list the contents of ~.

ls ~

12. List all the files (including hidden files) in your home directory.
ls -al ~

13. List the files in /boot in a human readable format.

ls -lh /boot

14. Create a directory testdir in your home directory.

mkdir ~/testdir

15. Change to the /etc directory, stay here and create a directory newdir in your home di-
rectory.

19
 working with directories

cd /etc ; mkdir ~/newdir

16. Create in one command the directories ~/dir1/dir2/dir3 (dir3 is a subdirectory from dir2,
and dir2 is a subdirectory from dir1 ).
mkdir -p ~/dir1/dir2/dir3

17. Remove the directory testdir.

rmdir testdir

18. If time permits (or if you are waiting for other students to finish this practice), use and
understand pushd and popd. Use the man page of bash to find information about these
commands.
man bash # opens the manual
/pushd # searches for pushd
n # next (do this two/three times)

The Bash shell has two built-in commands called pushd and popd. Both commands work
with a common stack of previous directories. Pushd adds a directory to the stack and changes
to a new current directory, popd removes a directory from the stack and sets the current
directory.
paul@debian7:/etc$ cd /bin
paul@debian7:/bin$ pushd /lib
/lib /bin
paul@debian7:/lib$ pushd /proc
/proc /lib /bin
paul@debian7:/proc$ popd
/lib /bin
paul@debian7:/lib$ popd
/bin

20
Chapter 4. working with files
In this chapter we learn how to recognise, create, remove, copy and move files using com-
mands like file, touch, rm, cp, mv and rename.

21
 working with files

4.1. all files are case sensitive

Files on Linux (or any Unix) are case sensitive. This means that FILE1 is different from
file1, and /etc/hosts is different from /etc/Hosts (the latter one does not exist on a typical
Linux computer).

This screenshot shows the difference between two files, one with upper case W, the other
with lower case w.
paul@laika:~/Linux$ ls
winter.txt Winter.txt
paul@laika:~/Linux$ cat winter.txt
It is cold.
paul@laika:~/Linux$ cat Winter.txt
It is very cold!

4.2. everything is a file

A directory is a special kind of file, but it is still a (case sensitive!) file. Each terminal
window (for example /dev/pts/4), any hard disk or partition (for example /dev/sdb1) and
any process are all represented somewhere in the file system as a file. It will become clear
throughout this course that everything on Linux is a file.

4.3. file
The file utility determines the file type. Linux does not use extensions to determine the
file type. The command line does not care whether a file ends in .txt or .pdf. As a system
administrator, you should use the file command to determine the file type. Here are some
examples on a typical Linux system.
paul@laika:~$ file pic33.png
pic33.png: PNG image data, 3840 x 1200, 8-bit/color RGBA, non-interlaced
paul@laika:~$ file /etc/passwd
/etc/passwd: ASCII text
paul@laika:~$ file HelloWorld.c
HelloWorld.c: ASCII C program text

The file command uses a magic file that contains patterns to recognise file types. The magic
file is located in /usr/share/file/magic. Type man 5 magic for more information.

It is interesting to point out file -s for special files like those in /dev and /proc.
root@debian6~# file /dev/sda
/dev/sda: block special
root@debian6~# file -s /dev/sda
/dev/sda: x86 boot sector; partition 1: ID=0x83, active, starthead...
root@debian6~# file /proc/cpuinfo
/proc/cpuinfo: empty
root@debian6~# file -s /proc/cpuinfo
/proc/cpuinfo: ASCII C++ program text

22
 working with files

4.4. touch
4.4.1. create an empty file
One easy way to create an empty file is with touch. (We will see many other ways for
creating files later in this book.)

This screenshot starts with an empty directory, creates two files with touch and the lists
those files.
paul@debian7:~$ ls -l
total 0
paul@debian7:~$ touch file42
paul@debian7:~$ touch file33
paul@debian7:~$ ls -l
total 0
-rw-r--r-- 1 paul paul 0 Oct 15 08:57 file33
-rw-r--r-- 1 paul paul 0 Oct 15 08:56 file42
paul@debian7:~$

4.4.2. touch -t
The touch command can set some properties while creating empty files. Can you determine
what is set by looking at the next screenshot? If not, check the manual for touch.
paul@debian7:~$ touch -t 200505050000 SinkoDeMayo
paul@debian7:~$ touch -t 130207111630 BigBattle.txt
paul@debian7:~$ ls -l
total 0
-rw-r--r-- 1 paul paul 0 Jul 11 1302 BigBattle.txt
-rw-r--r-- 1 paul paul 0 Oct 15 08:57 file33
-rw-r--r-- 1 paul paul 0 Oct 15 08:56 file42
-rw-r--r-- 1 paul paul 0 May 5 2005 SinkoDeMayo
paul@debian7:~$

23
 working with files

4.5. rm
4.5.1. remove forever
When you no longer need a file, use rm to remove it. Unlike some graphical user interfaces,
the command line in general does not have a waste bin or trash can to recover files. When
you use rm to remove a file, the file is gone. Therefore, be careful when removing files!
paul@debian7:~$ ls
BigBattle.txt file33 file42 SinkoDeMayo
paul@debian7:~$ rm BigBattle.txt
paul@debian7:~$ ls
file33 file42 SinkoDeMayo
paul@debian7:~$

4.5.2. rm -i
To prevent yourself from accidentally removing a file, you can type rm -i.
paul@debian7:~$ ls
file33 file42 SinkoDeMayo
paul@debian7:~$ rm -i file33
rm: remove regular empty file `file33'? yes
paul@debian7:~$ rm -i SinkoDeMayo
rm: remove regular empty file `SinkoDeMayo'? n
paul@debian7:~$ ls
file42 SinkoDeMayo
paul@debian7:~$

4.5.3. rm -rf
By default, rm -r will not remove non-empty directories. However rm accepts several op-
tions that will allow you to remove any directory. The rm -rf statement is famous because it
will erase anything (providing that you have the permissions to do so). When you are logged
on as root, be very careful with rm -rf (the f means force and the r means recursive) since
being root implies that permissions don't apply to you. You can literally erase your entire
file system by accident.
paul@debian7:~$ mkdir test
paul@debian7:~$ rm test
rm: cannot remove `test': Is a directory
paul@debian7:~$ rm -rf test
paul@debian7:~$ ls test
ls: cannot access test: No such file or directory
paul@debian7:~$

24
 working with files

4.6. cp
4.6.1. copy one file
To copy a file, use cp with a source and a target argument.
paul@debian7:~$ ls
file42 SinkoDeMayo
paul@debian7:~$ cp file42 file42.copy
paul@debian7:~$ ls
file42 file42.copy SinkoDeMayo

4.6.2. copy to another directory

If the target is a directory, then the source files are copied to that target directory.
paul@debian7:~$ mkdir dir42
paul@debian7:~$ cp SinkoDeMayo dir42
paul@debian7:~$ ls dir42/
SinkoDeMayo

4.6.3. cp -r
To copy complete directories, use cp -r (the -r option forces recursive copying of all files
in all subdirectories).
paul@debian7:~$ ls
dir42 file42 file42.copy SinkoDeMayo
paul@debian7:~$ cp -r dir42/ dir33
paul@debian7:~$ ls
dir33 dir42 file42 file42.copy SinkoDeMayo
paul@debian7:~$ ls dir33/
SinkoDeMayo

4.6.4. copy multiple files to directory

You can also use cp to copy multiple files into a directory. In this case, the last argument
(a.k.a. the target) must be a directory.
paul@debian7:~$ cp file42 file42.copy SinkoDeMayo dir42/
paul@debian7:~$ ls dir42/
file42 file42.copy SinkoDeMayo

4.6.5. cp -i
To prevent cp from overwriting existing files, use the -i (for interactive) option.
paul@debian7:~$ cp SinkoDeMayo file42
paul@debian7:~$ cp SinkoDeMayo file42
paul@debian7:~$ cp -i SinkoDeMayo file42
cp: overwrite `file42'? n
paul@debian7:~$

25
 working with files

4.7. mv
4.7.1. rename files with mv
Use mv to rename a file or to move the file to another directory.
paul@debian7:~$ ls
dir33 dir42 file42 file42.copy SinkoDeMayo
paul@debian7:~$ mv file42 file33
paul@debian7:~$ ls
dir33 dir42 file33 file42.copy SinkoDeMayo
paul@debian7:~$

When you need to rename only one file then mv is the preferred command to use.

4.7.2. rename directories with mv

The same mv command can be used to rename directories.
paul@debian7:~$ ls -l
total 8
drwxr-xr-x 2 paul paul 4096 Oct 15 09:36 dir33
drwxr-xr-x 2 paul paul 4096 Oct 15 09:36 dir42
-rw-r--r-- 1 paul paul 0 Oct 15 09:38 file33
-rw-r--r-- 1 paul paul 0 Oct 15 09:16 file42.copy
-rw-r--r-- 1 paul paul 0 May 5 2005 SinkoDeMayo
paul@debian7:~$ mv dir33 backup
paul@debian7:~$ ls -l
total 8
drwxr-xr-x 2 paul paul 4096 Oct 15 09:36 backup
drwxr-xr-x 2 paul paul 4096 Oct 15 09:36 dir42
-rw-r--r-- 1 paul paul 0 Oct 15 09:38 file33
-rw-r--r-- 1 paul paul 0 Oct 15 09:16 file42.copy
-rw-r--r-- 1 paul paul 0 May 5 2005 SinkoDeMayo
paul@debian7:~$

4.7.3. mv -i
The mv also has a -i switch similar to cp and rm.

this screenshot shows that mv -i will ask permission to overwrite an existing file.
paul@debian7:~$ mv -i file33 SinkoDeMayo
mv: overwrite `SinkoDeMayo'? no
paul@debian7:~$

26
 working with files

4.8. rename
4.8.1. about rename
The rename command is one of the rare occasions where the Linux Fundamentals book has
to make a distinction between Linux distributions. Almost every command in the Funda-
mentals part of this book works on almost every Linux computer. But rename is different.

Try to use mv whenever you need to rename only a couple of files.

4.8.2. rename on Debian/Ubuntu

The rename command on Debian uses regular expressions (regular expression or shor regex
are explained in a later chapter) to rename many files at once.

Below a rename example that switches all occurrences of txt to png for all file names ending
in .txt.
paul@debian7:~/test42$ ls
abc.txt file33.txt file42.txt
paul@debian7:~/test42$ rename 's/\.txt/\.png/' *.txt
paul@debian7:~/test42$ ls
abc.png file33.png file42.png

This second example switches all (first) occurrences of file into document for all file names
ending in .png.
paul@debian7:~/test42$ ls
abc.png file33.png file42.png
paul@debian7:~/test42$ rename 's/file/document/' *.png
paul@debian7:~/test42$ ls
abc.png document33.png document42.png
paul@debian7:~/test42$

4.8.3. rename on CentOS/RHEL/Fedora

On Red Hat Enterprise Linux, the syntax of rename is a bit different. The first example
below renames all *.conf files replacing any occurrence of .conf with .backup.
[paul@centos7 ~]$ touch one.conf two.conf three.conf
[paul@centos7 ~]$ rename .conf .backup *.conf
[paul@centos7 ~]$ ls
one.backup three.backup two.backup
[paul@centos7 ~]$

The second example renames all (*) files replacing one with ONE.
[paul@centos7 ~]$ ls
one.backup three.backup two.backup
[paul@centos7 ~]$ rename one ONE *
[paul@centos7 ~]$ ls
ONE.backup three.backup two.backup
[paul@centos7 ~]$

27
 working with files

4.9. practice: working with files

1. List the files in the /bin directory

2. Display the type of file of /bin/cat, /etc/passwd and /usr/bin/passwd.

3a. Download wolf.jpg and LinuxFun.pdf from http://linux-training.be (wget http://

linux-training.be/files/studentfiles/wolf.jpg and wget http://linux-training.be/files/books/
LinuxFun.pdf)
wget http://linux-training.be/files/studentfiles/wolf.jpg
wget http://linux-training.be/files/studentfiles/wolf.png
wget http://linux-training.be/files/books/LinuxFun.pdf

3b. Display the type of file of wolf.jpg and LinuxFun.pdf

3c. Rename wolf.jpg to wolf.pdf (use mv).

3d. Display the type of file of wolf.pdf and LinuxFun.pdf.

4. Create a directory ~/touched and enter it.

5. Create the files today.txt and yesterday.txt in touched.

6. Change the date on yesterday.txt to match yesterday's date.

7. Copy yesterday.txt to copy.yesterday.txt

8. Rename copy.yesterday.txt to kim

9. Create a directory called ~/testbackup and copy all files from ~/touched into it.

10. Use one command to remove the directory ~/testbackup and all files into it.

11. Create a directory ~/etcbackup and copy all *.conf files from /etc into it. Did you include
all subdirectories of /etc ?

12. Use rename to rename all *.conf files to *.backup . (if you have more than one distro
available, try it on all!)

28
 working with files

4.10. solution: working with files

1. List the files in the /bin directory
ls /bin

2. Display the type of file of /bin/cat, /etc/passwd and /usr/bin/passwd.

file /bin/cat /etc/passwd /usr/bin/passwd

3a. Download wolf.jpg and LinuxFun.pdf from http://linux-training.be (wget http://

linux-training.be/files/studentfiles/wolf.jpg and wget http://linux-training.be/files/books/
LinuxFun.pdf)
wget http://linux-training.be/files/studentfiles/wolf.jpg
wget http://linux-training.be/files/studentfiles/wolf.png
wget http://linux-training.be/files/books/LinuxFun.pdf

3b. Display the type of file of wolf.jpg and LinuxFun.pdf

file wolf.jpg LinuxFun.pdf

3c. Rename wolf.jpg to wolf.pdf (use mv).

mv wolf.jpg wolf.pdf

3d. Display the type of file of wolf.pdf and LinuxFun.pdf.

file wolf.pdf LinuxFun.pdf

4. Create a directory ~/touched and enter it.

mkdir ~/touched ; cd ~/touched

5. Create the files today.txt and yesterday.txt in touched.

touch today.txt yesterday.txt

6. Change the date on yesterday.txt to match yesterday's date.

touch -t 200810251405 yesterday.txt (substitute 20081025 with yesterday)

7. Copy yesterday.txt to copy.yesterday.txt

cp yesterday.txt copy.yesterday.txt

8. Rename copy.yesterday.txt to kim

mv copy.yesterday.txt kim

9. Create a directory called ~/testbackup and copy all files from ~/touched into it.
mkdir ~/testbackup ; cp -r ~/touched ~/testbackup/

10. Use one command to remove the directory ~/testbackup and all files into it.
rm -rf ~/testbackup

11. Create a directory ~/etcbackup and copy all *.conf files from /etc into it. Did you include
all subdirectories of /etc ?

29
 working with files

cp -r /etc/*.conf ~/etcbackup

Only *.conf files that are directly in /etc/ are copied.

12. Use rename to rename all *.conf files to *.backup . (if you have more than one distro
available, try it on all!)
On RHEL: touch 1.conf 2.conf ; rename conf backup *.conf

On Debian: touch 1.conf 2.conf ; rename 's/conf/backup/' *.conf

30
Chapter 5. working with file contents
In this chapter we will look at the contents of text files with head, tail, cat, tac, more, less
and strings.

We will also get a glimpse of the possibilities of tools like cat on the command line.

31
 working with file contents

5.1. head
You can use head to display the first ten lines of a file.
paul@debian7~$ head /etc/passwd
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/bin/sh
bin:x:2:2:bin:/bin:/bin/sh
sys:x:3:3:sys:/dev:/bin/sh
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/bin/sh
man:x:6:12:man:/var/cache/man:/bin/sh
lp:x:7:7:lp:/var/spool/lpd:/bin/sh
mail:x:8:8:mail:/var/mail:/bin/sh
news:x:9:9:news:/var/spool/news:/bin/sh
root@debian7~#

The head command can also display the first n lines of a file.
paul@debian7~$ head -4 /etc/passwd
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/bin/sh
bin:x:2:2:bin:/bin:/bin/sh
sys:x:3:3:sys:/dev:/bin/sh
paul@debian7~$

And head can also display the first n bytes.

paul@debian7~$ head -c14 /etc/passwd
root:x:0:0:roopaul@debian7~$

5.2. tail
Similar to head, the tail command will display the last ten lines of a file.
paul@debian7~$ tail /etc/services
vboxd 20012/udp
binkp 24554/tcp # binkp fidonet protocol
asp 27374/tcp # Address Search Protocol
asp 27374/udp
csync2 30865/tcp # cluster synchronization tool
dircproxy 57000/tcp # Detachable IRC Proxy
tfido 60177/tcp # fidonet EMSI over telnet
fido 60179/tcp # fidonet EMSI over TCP

# Local services
paul@debian7~$

You can give tail the number of lines you want to see.
paul@debian7~$ tail -3 /etc/services
fido 60179/tcp # fidonet EMSI over TCP

# Local services
paul@debian7~$

The tail command has other useful options, some of which we will use during this course.

32
 working with file contents

5.3. cat
The cat command is one of the most universal tools, yet all it does is copy standard input to
standard output. In combination with the shell this can be very powerful and diverse. Some
examples will give a glimpse into the possibilities. The first example is simple, you can use
cat to display a file on the screen. If the file is longer than the screen, it will scroll to the end.
paul@debian8:~$ cat /etc/resolv.conf
domain linux-training.be
search linux-training.be
nameserver 192.168.1.42

5.3.1. concatenate
cat is short for concatenate. One of the basic uses of cat is to concatenate files into a bigger
(or complete) file.
paul@debian8:~$ echo one >part1
paul@debian8:~$ echo two >part2
paul@debian8:~$ echo three >part3
paul@debian8:~$ cat part1
one
paul@debian8:~$ cat part2
two
paul@debian8:~$ cat part3
three
paul@debian8:~$ cat part1 part2 part3
one
two
three
paul@debian8:~$ cat part1 part2 part3 >all
paul@debian8:~$ cat all
one
two
three
paul@debian8:~$

5.3.2. create files

You can use cat to create flat text files. Type the cat > winter.txt command as shown in the
screenshot below. Then type one or more lines, finishing each line with the enter key. After
the last line, type and hold the Control (Ctrl) key and press d.
paul@debian8:~$ cat > winter.txt
It is very cold today!
paul@debian8:~$ cat winter.txt
It is very cold today!
paul@debian8:~$

The Ctrl d key combination will send an EOF (End of File) to the running process ending
the cat command.

33
 working with file contents

5.3.3. custom end marker

You can choose an end marker for cat with << as is shown in this screenshot. This construc-
tion is called a here directive and will end the cat command.
paul@debian8:~$ cat > hot.txt <<stop
> It is hot today!
> Yes it is summer.
> stop
paul@debian8:~$ cat hot.txt
It is hot today!
Yes it is summer.
paul@debian8:~$

5.3.4. copy files

In the third example you will see that cat can be used to copy files. We will explain in detail
what happens here in the bash shell chapter.
paul@debian8:~$ cat winter.txt
It is very cold today!
paul@debian8:~$ cat winter.txt > cold.txt
paul@debian8:~$ cat cold.txt
It is very cold today!
paul@debian8:~$

5.4. tac
Just one example will show you the purpose of tac (cat backwards).
paul@debian8:~$ cat count
one
two
three
four
paul@debian8:~$ tac count
four
three
two
one

34
 working with file contents

5.5. more and less

The more command is useful for displaying files that take up more than one screen. More
will allow you to see the contents of the file page by page. Use the space bar to see the next
page, or q to quit. Some people prefer the less command to more.

5.6. strings
With the strings command you can display readable ascii strings found in (binary) files.
This example locates the ls binary then displays readable strings in the binary file (output
is truncated).

paul@laika:~$ which ls
/bin/ls
paul@laika:~$ strings /bin/ls
/lib/ld-linux.so.2
librt.so.1
__gmon_start__
_Jv_RegisterClasses
clock_gettime
libacl.so.1
...

35
 working with file contents

5.7. practice: file contents

1. Display the first 12 lines of /etc/services.

2. Display the last line of /etc/passwd.

3. Use cat to create a file named count.txt that looks like this:
One
Two
Three
Four
Five

4. Use cp to make a backup of this file to cnt.txt.

5. Use cat to make a backup of this file to catcnt.txt.

6. Display catcnt.txt, but with all lines in reverse order (the last line first).

7. Use more to display /etc/services.

8. Display the readable character strings from the /usr/bin/passwd command.

9. Use ls to find the biggest file in /etc.

10. Open two terminal windows (or tabs) and make sure you are in the same directory in
both. Type echo this is the first line > tailing.txt in the first terminal, then issue tail -f
tailing.txt in the second terminal. Now go back to the first terminal and type echo This is
another line >> tailing.txt (note the double >>), verify that the tail -f in the second terminal
shows both lines. Stop the tail -f with Ctrl-C.

11. Use cat to create a file named tailing.txt that contains the contents of tailing.txt followed
by the contents of /etc/passwd.

12. Use cat to create a file named tailing.txt that contains the contents of tailing.txt preceded
by the contents of /etc/passwd.

36
 working with file contents

5.8. solution: file contents

1. Display the first 12 lines of /etc/services.
head -12 /etc/services

2. Display the last line of /etc/passwd.

tail -1 /etc/passwd

3. Use cat to create a file named count.txt that looks like this:
cat > count.txt
One
Two
Three
Four
Five (followed by Ctrl-d)

4. Use cp to make a backup of this file to cnt.txt.

cp count.txt cnt.txt

5. Use cat to make a backup of this file to catcnt.txt.

cat count.txt > catcnt.txt

6. Display catcnt.txt, but with all lines in reverse order (the last line first).
tac catcnt.txt

7. Use more to display /etc/services.

more /etc/services

8. Display the readable character strings from the /usr/bin/passwd command.

strings /usr/bin/passwd

9. Use ls to find the biggest file in /etc.

ls -lrS /etc

10. Open two terminal windows (or tabs) and make sure you are in the same directory in
both. Type echo this is the first line > tailing.txt in the first terminal, then issue tail -f
tailing.txt in the second terminal. Now go back to the first terminal and type echo This is
another line >> tailing.txt (note the double >>), verify that the tail -f in the second terminal
shows both lines. Stop the tail -f with Ctrl-C.

11. Use cat to create a file named tailing.txt that contains the contents of tailing.txt followed
by the contents of /etc/passwd.
cat /etc/passwd >> tailing.txt

12. Use cat to create a file named tailing.txt that contains the contents of tailing.txt preceded
by the contents of /etc/passwd.
mv tailing.txt tmp.txt ; cat /etc/passwd tmp.txt > tailing.txt

37
Chapter 6. the Linux file tree
This chapter takes a look at the most common directories in the Linux file tree. It also shows
that on Unix everything is a file.

38
 the Linux file tree

6.1. filesystem hierarchy standard

Many Linux distributions partially follow the Filesystem Hierarchy Standard. The FHS
may help make more Unix/Linux file system trees conform better in the future. The FHS
is available online at http://www.pathname.com/fhs/ where we read: "The filesystem hi-
erarchy standard has been designed to be used by Unix distribution developers, package
developers, and system implementers. However, it is primarily intended to be a reference
and is not a tutorial on how to manage a Unix filesystem or directory hierarchy."

6.2. man hier

There are some differences in the filesystems between Linux distributions. For help about
your machine, enter man hier to find information about the file system hierarchy. This
manual will explain the directory structure on your computer.

6.3. the root directory /

All Linux systems have a directory structure that starts at the root directory. The root di-
rectory is represented by a forward slash, like this: /. Everything that exists on your Linux
system can be found below this root directory. Let's take a brief look at the contents of the
root directory.

[paul@RHELv4u3 ~]$ ls /
bin dev home media mnt proc sbin srv tftpboot usr
boot etc lib misc opt root selinux sys tmp var

39
 the Linux file tree

6.4. binary directories

Binaries are files that contain compiled source code (or machine code). Binaries can be
executed on the computer. Sometimes binaries are called executables.

6.4.1. /bin
The /bin directory contains binaries for use by all users. According to the FHS the /bin
directory should contain /bin/cat and /bin/date (among others).

In the screenshot below you see common Unix/Linux commands like cat, cp, cpio, date, dd,
echo, grep, and so on. Many of these will be covered in this book.
paul@laika:~$ ls /bin
archdetect egrep mt setupcon
autopartition false mt-gnu sh
bash fgconsole mv sh.distrib
bunzip2 fgrep nano sleep
bzcat fuser nc stralign
bzcmp fusermount nc.traditional stty
bzdiff get_mountoptions netcat su
bzegrep grep netstat sync
bzexe gunzip ntfs-3g sysfs
bzfgrep gzexe ntfs-3g.probe tailf
bzgrep gzip parted_devices tar
bzip2 hostname parted_server tempfile
bzip2recover hw-detect partman touch
bzless ip partman-commit true
bzmore kbd_mode perform_recipe ulockmgr
cat kill pidof umount
...

6.4.2. other /bin directories

You can find a /bin subdirectory in many other directories. A user named serena could put
her own programs in /home/serena/bin.

Some applications, often when installed directly from source will put themselves in /opt. A
samba server installation can use /opt/samba/bin to store its binaries.

6.4.3. /sbin
/sbin contains binaries to configure the operating system. Many of the system binaries
require root privilege to perform certain tasks.

Below a screenshot containing system binaries to change the ip address, partition a disk
and create an ext4 file system.
paul@ubu1010:~$ ls -l /sbin/ifconfig /sbin/fdisk /sbin/mkfs.ext4
-rwxr-xr-x 1 root root 97172 2011-02-02 09:56 /sbin/fdisk
-rwxr-xr-x 1 root root 65708 2010-07-02 09:27 /sbin/ifconfig
-rwxr-xr-x 5 root root 55140 2010-08-18 18:01 /sbin/mkfs.ext4

40
 the Linux file tree

6.4.4. /lib
Binaries found in /bin and /sbin often use shared libraries located in /lib. Below is a screen-
shot of the partial contents of /lib.
paul@laika:~$ ls /lib/libc*
/lib/libc-2.5.so /lib/libcfont.so.0.0.0 /lib/libcom_err.so.2.1
/lib/libcap.so.1 /lib/libcidn-2.5.so /lib/libconsole.so.0
/lib/libcap.so.1.10 /lib/libcidn.so.1 /lib/libconsole.so.0.0.0
/lib/libcfont.so.0 /lib/libcom_err.so.2 /lib/libcrypt-2.5.so

/lib/modules
Typically, the Linux kernel loads kernel modules from /lib/modules/$kernel-version/.
This directory is discussed in detail in the Linux kernel chapter.

/lib32 and /lib64

We currently are in a transition between 32-bit and 64-bit systems. Therefore, you may
encounter directories named /lib32 and /lib64 which clarify the register size used during
compilation time of the libraries. A 64-bit computer may have some 32-bit binaries and
libraries for compatibility with legacy applications. This screenshot uses the file utility to
demonstrate the difference.

paul@laika:~$ file /lib32/libc-2.5.so

/lib32/libc-2.5.so: ELF 32-bit LSB shared object, Intel 80386, \
version 1 (SYSV), for GNU/Linux 2.6.0, stripped
paul@laika:~$ file /lib64/libcap.so.1.10
/lib64/libcap.so.1.10: ELF 64-bit LSB shared object, AMD x86-64, \
version 1 (SYSV), stripped

The ELF (Executable and Linkable Format) is used in almost every Unix-like operating
system since System V.

6.4.5. /opt
The purpose of /opt is to store optional software. In many cases this is software from outside
the distribution repository. You may find an empty /opt directory on many systems.

A large package can install all its files in /bin, /lib, /etc subdirectories within /opt/$packa-
gename/. If for example the package is called wp, then it installs in /opt/wp, putting binaries
in /opt/wp/bin and manpages in /opt/wp/man.

41
 the Linux file tree

6.5. configuration directories

6.5.1. /boot
The /boot directory contains all files needed to boot the computer. These files don't change
very often. On Linux systems you typically find the /boot/grub directory here. /boot/grub
contains /boot/grub/grub.cfg (older systems may still have /boot/grub/grub.conf) which
defines the boot menu that is displayed before the kernel starts.

6.5.2. /etc
All of the machine-specific configuration files should be located in /etc. Historically /etc
stood for etcetera, today people often use the Editable Text Configuration backronym.

Many times the name of a configuration files is the same as the application, daemon, or
protocol with .conf added as the extension.
paul@laika:~$ ls /etc/*.conf
/etc/adduser.conf /etc/ld.so.conf /etc/scrollkeeper.conf
/etc/brltty.conf /etc/lftp.conf /etc/sysctl.conf
/etc/ccertificates.conf /etc/libao.conf /etc/syslog.conf
/etc/cvs-cron.conf /etc/logrotate.conf /etc/ucf.conf
/etc/ddclient.conf /etc/ltrace.conf /etc/uniconf.conf
/etc/debconf.conf /etc/mke2fs.conf /etc/updatedb.conf
/etc/deluser.conf /etc/netscsid.conf /etc/usplash.conf
/etc/fdmount.conf /etc/nsswitch.conf /etc/uswsusp.conf
/etc/hdparm.conf /etc/pam.conf /etc/vnc.conf
/etc/host.conf /etc/pnm2ppa.conf /etc/wodim.conf
/etc/inetd.conf /etc/povray.conf /etc/wvdial.conf
/etc/kernel-img.conf /etc/resolv.conf
paul@laika:~$

There is much more to be found in /etc.

/etc/init.d/
A lot of Unix/Linux distributions have an /etc/init.d directory that contains scripts to start
and stop daemons. This directory could disappear as Linux migrates to systems that replace
the old init way of starting all daemons.

/etc/X11/
The graphical display (aka X Window System or just X) is driven by software from the
X.org foundation. The configuration file for your graphical display is /etc/X11/xorg.conf.

/etc/skel/
The skeleton directory /etc/skel is copied to the home directory of a newly created user. It
usually contains hidden files like a .bashrc script.

/etc/sysconfig/
This directory, which is not mentioned in the FHS, contains a lot of Red Hat Enterprise
Linux configuration files. We will discuss some of them in greater detail. The screenshot
below is the /etc/sysconfig directory from RHELv4u4 with everything installed.

42
 the Linux file tree

paul@RHELv4u4:~$ ls /etc/sysconfig/
apmd firstboot irda network saslauthd
apm-scripts grub irqbalance networking selinux
authconfig hidd keyboard ntpd spamassassin
autofs httpd kudzu openib.conf squid
bluetooth hwconf lm_sensors pand syslog
clock i18n mouse pcmcia sys-config-sec
console init mouse.B pgsql sys-config-users
crond installinfo named prelink sys-logviewer
desktop ipmi netdump rawdevices tux
diskdump iptables netdump_id_dsa rhn vncservers
dund iptables-cfg netdump_id_dsa.p samba xinetd
paul@RHELv4u4:~$

The file /etc/sysconfig/firstboot tells the Red Hat Setup Agent not to run at boot time. If
you want to run the Red Hat Setup Agent at the next reboot, then simply remove this file,
and run chkconfig --level 5 firstboot on. The Red Hat Setup Agent allows you to install
the latest updates, create a user account, join the Red Hat Network and more. It will then
create the /etc/sysconfig/firstboot file again.
paul@RHELv4u4:~$ cat /etc/sysconfig/firstboot
RUN_FIRSTBOOT=NO

The /etc/sysconfig/harddisks file contains some parameters to tune the hard disks. The file
explains itself.

You can see hardware detected by kudzu in /etc/sysconfig/hwconf. Kudzu is software from
Red Hat for automatic discovery and configuration of hardware.

The keyboard type and keymap table are set in the /etc/sysconfig/keyboard file. For more
console keyboard information, check the manual pages of keymaps(5), dumpkeys(1), load-
keys(1) and the directory /lib/kbd/keymaps/.
root@RHELv4u4:/etc/sysconfig# cat keyboard
KEYBOARDTYPE="pc"
KEYTABLE="us"

We will discuss networking files in this directory in the networking chapter.

43
 the Linux file tree

6.6. data directories

6.6.1. /home
Users can store personal or project data under /home. It is common (but not mandatory by
the fhs) practice to name the users home directory after the user name in the format /home/
$USERNAME. For example:
paul@ubu606:~$ ls /home
geert annik sandra paul tom

Besides giving every user (or every project or group) a location to store personal files, the
home directory of a user also serves as a location to store the user profile. A typical Unix
user profile contains many hidden files (files whose file name starts with a dot). The hidden
files of the Unix user profiles contain settings specific for that user.

paul@ubu606:~$ ls -d /home/paul/.*
/home/paul/. /home/paul/.bash_profile /home/paul/.ssh
/home/paul/.. /home/paul/.bashrc /home/paul/.viminfo
/home/paul/.bash_history /home/paul/.lesshst

6.6.2. /root
On many systems /root is the default location for personal data and profile of the root user.
If it does not exist by default, then some administrators create it.

6.6.3. /srv
You may use /srv for data that is served by your system. The FHS allows locating cvs,
rsync, ftp and www data in this location. The FHS also approves administrative naming in /
srv, like /srv/project55/ftp and /srv/sales/www.

On Sun Solaris (or Oracle Solaris) /export is used for this purpose.

6.6.4. /media
The /media directory serves as a mount point for removable media devices such as CD-
ROM's, digital cameras, and various usb-attached devices. Since /media is rather new in the
Unix world, you could very well encounter systems running without this directory. Solaris
9 does not have it, Solaris 10 does. Most Linux distributions today mount all removable
media in /media.
paul@debian5:~$ ls /media/
cdrom cdrom0 usbdisk

6.6.5. /mnt
The /mnt directory should be empty and should only be used for temporary mount points
(according to the FHS).

44
 the Linux file tree

Unix and Linux administrators used to create many directories here, like /mnt/something/.
You likely will encounter many systems with more than one directory created and/or mount-
ed inside /mnt to be used for various local and remote filesystems.

6.6.6. /tmp
Applications and users should use /tmp to store temporary data when needed. Data stored
in /tmp may use either disk space or RAM. Both of which are managed by the operating
system. Never use /tmp to store data that is important or which you wish to archive.

45
 the Linux file tree

6.7. in memory directories

6.7.1. /dev
Device files in /dev appear to be ordinary files, but are not actually located on the hard disk.
The /dev directory is populated with files as the kernel is recognising hardware.

common physical devices

Common hardware such as hard disk devices are represented by device files in /dev. Below
a screenshot of SATA device files on a laptop and then IDE attached drives on a desktop.
(The detailed meaning of these devices will be discussed later.)

#
# SATA or SCSI or USB
#
paul@laika:~$ ls /dev/sd*
/dev/sda /dev/sda1 /dev/sda2 /dev/sda3 /dev/sdb /dev/sdb1 /dev/sdb2

#
# IDE or ATAPI
#
paul@barry:~$ ls /dev/hd*
/dev/hda /dev/hda1 /dev/hda2 /dev/hdb /dev/hdb1 /dev/hdb2 /dev/hdc

Besides representing physical hardware, some device files are special. These special devices
can be very useful.

/dev/tty and /dev/pts

For example, /dev/tty1 represents a terminal or console attached to the system. (Don't break
your head on the exact terminology of 'terminal' or 'console', what we mean here is a com-
mand line interface.) When typing commands in a terminal that is part of a graphical inter-
face like Gnome or KDE, then your terminal will be represented as /dev/pts/1 (1 can be
another number).

/dev/null
On Linux you will find other special devices such as /dev/null which can be considered
a black hole; it has unlimited storage, but nothing can be retrieved from it. Technically
speaking, anything written to /dev/null will be discarded. /dev/null can be useful to discard
unwanted output from commands. /dev/null is not a good location to store your backups ;-).

6.7.2. /proc conversation with the kernel

/proc is another special directory, appearing to be ordinary files, but not taking up disk
space. It is actually a view of the kernel, or better, what the kernel manages, and is a means
to interact with it directly. /proc is a proc filesystem.

paul@RHELv4u4:~$ mount -t proc

46
 the Linux file tree

none on /proc type proc (rw)

When listing the /proc directory you will see many numbers (on any Unix) and some inter-
esting files (on Linux)

mul@laika:~$ ls /proc
1 2339 4724 5418 6587 7201 cmdline mounts
10175 2523 4729 5421 6596 7204 cpuinfo mtrr
10211 2783 4741 5658 6599 7206 crypto net
10239 2975 4873 5661 6638 7214 devices pagetypeinfo
141 29775 4874 5665 6652 7216 diskstats partitions
15045 29792 4878 5927 6719 7218 dma sched_debug
1519 2997 4879 6 6736 7223 driver scsi
1548 3 4881 6032 6737 7224 execdomains self
1551 30228 4882 6033 6755 7227 fb slabinfo
1554 3069 5 6145 6762 7260 filesystems stat
1557 31422 5073 6298 6774 7267 fs swaps
1606 3149 5147 6414 6816 7275 ide sys
180 31507 5203 6418 6991 7282 interrupts sysrq-trigger
181 3189 5206 6419 6993 7298 iomem sysvipc
182 3193 5228 6420 6996 7319 ioports timer_list
18898 3246 5272 6421 7157 7330 irq timer_stats
19799 3248 5291 6422 7163 7345 kallsyms tty
19803 3253 5294 6423 7164 7513 kcore uptime
19804 3372 5356 6424 7171 7525 key-users version
1987 4 5370 6425 7175 7529 kmsg version_signature
1989 42 5379 6426 7188 9964 loadavg vmcore
2 45 5380 6430 7189 acpi locks vmnet
20845 4542 5412 6450 7191 asound meminfo vmstat
221 46 5414 6551 7192 buddyinfo misc zoneinfo
2338 4704 5416 6568 7199 bus modules

Let's investigate the file properties inside /proc. Looking at the date and time will display
the current date and time showing the files are constantly updated (a view on the kernel).

paul@RHELv4u4:~$ date
Mon Jan 29 18:06:32 EST 2007
paul@RHELv4u4:~$ ls -al /proc/cpuinfo
-r--r--r-- 1 root root 0 Jan 29 18:06 /proc/cpuinfo
paul@RHELv4u4:~$
paul@RHELv4u4:~$ ...time passes...
paul@RHELv4u4:~$
paul@RHELv4u4:~$ date
Mon Jan 29 18:10:00 EST 2007
paul@RHELv4u4:~$ ls -al /proc/cpuinfo
-r--r--r-- 1 root root 0 Jan 29 18:10 /proc/cpuinfo

Most files in /proc are 0 bytes, yet they contain data--sometimes a lot of data. You can see
this by executing cat on files like /proc/cpuinfo, which contains information about the CPU.

paul@RHELv4u4:~$ file /proc/cpuinfo

/proc/cpuinfo: empty
paul@RHELv4u4:~$ cat /proc/cpuinfo
processor : 0
vendor_id : AuthenticAMD
cpu family : 15
model : 43

47
 the Linux file tree

model name : AMD Athlon(tm) 64 X2 Dual Core Processor 4600+

stepping : 1
cpu MHz : 2398.628
cache size : 512 KB
fdiv_bug : no
hlt_bug : no
f00f_bug : no
coma_bug : no
fpu : yes
fpu_exception : yes
cpuid level : 1
wp : yes
flags : fpu vme de pse tsc msr pae mce cx8 apic mtrr pge...
bogomips : 4803.54

Just for fun, here is /proc/cpuinfo on a Sun Sunblade 1000...

paul@pasha:~$ cat /proc/cpuinfo

cpu : TI UltraSparc III (Cheetah)
fpu : UltraSparc III integrated FPU
promlib : Version 3 Revision 2
prom : 4.2.2
type : sun4u
ncpus probed : 2
ncpus active : 2
Cpu0Bogo : 498.68
Cpu0ClkTck : 000000002cb41780
Cpu1Bogo : 498.68
Cpu1ClkTck : 000000002cb41780
MMU Type : Cheetah
State:
CPU0: online
CPU1: online

Most of the files in /proc are read only, some require root privileges, some files are writable,
and many files in /proc/sys are writable. Let's discuss some of the files in /proc.

48
 the Linux file tree

/proc/interrupts
On the x86 architecture, /proc/interrupts displays the interrupts.

paul@RHELv4u4:~$ cat /proc/interrupts

CPU0
0: 13876877 IO-APIC-edge timer
1: 15 IO-APIC-edge i8042
8: 1 IO-APIC-edge rtc
9: 0 IO-APIC-level acpi
12: 67 IO-APIC-edge i8042
14: 128 IO-APIC-edge ide0
15: 124320 IO-APIC-edge ide1
169: 111993 IO-APIC-level ioc0
177: 2428 IO-APIC-level eth0
NMI: 0
LOC: 13878037
ERR: 0
MIS: 0

On a machine with two CPU's, the file looks like this.

paul@laika:~$ cat /proc/interrupts
CPU0 CPU1
0: 860013 0 IO-APIC-edge timer
1: 4533 0 IO-APIC-edge i8042
7: 0 0 IO-APIC-edge parport0
8: 6588227 0 IO-APIC-edge rtc
10: 2314 0 IO-APIC-fasteoi acpi
12: 133 0 IO-APIC-edge i8042
14: 0 0 IO-APIC-edge libata
15: 72269 0 IO-APIC-edge libata
18: 1 0 IO-APIC-fasteoi yenta
19: 115036 0 IO-APIC-fasteoi eth0
20: 126871 0 IO-APIC-fasteoi libata, ohci1394
21: 30204 0 IO-APIC-fasteoi ehci_hcd:usb1, uhci_hcd:usb2
22: 1334 0 IO-APIC-fasteoi saa7133[0], saa7133[0]
24: 234739 0 IO-APIC-fasteoi nvidia
NMI: 72 42
LOC: 860000 859994
ERR: 0

/proc/kcore
The physical memory is represented in /proc/kcore. Do not try to cat this file, instead use a
debugger. The size of /proc/kcore is the same as your physical memory, plus four bytes.
paul@laika:~$ ls -lh /proc/kcore
-r-------- 1 root root 2.0G 2007-01-30 08:57 /proc/kcore
paul@laika:~$

49
 the Linux file tree

6.7.3. /sys Linux 2.6 hot plugging

The /sys directory was created for the Linux 2.6 kernel. Since 2.6, Linux uses sysfs to support
usb and IEEE 1394 (FireWire) hot plug devices. See the manual pages of udev(8) (the suc-
cessor of devfs) and hotplug(8) for more info (or visit http://linux-hotplug.sourceforge.net/ ).

Basically the /sys directory contains kernel information about hardware.

50
 the Linux file tree

6.8. /usr Unix System Resources

Although /usr is pronounced like user, remember that it stands for Unix System Resources.
The /usr hierarchy should contain shareable, read only data. Some people choose to mount
/usr as read only. This can be done from its own partition or from a read only NFS share
(NFS is discussed later).

6.8.1. /usr/bin
The /usr/bin directory contains a lot of commands.
paul@deb508:~$ ls /usr/bin | wc -l
1395

(On Solaris the /bin directory is a symbolic link to /usr/bin.)

6.8.2. /usr/include
The /usr/include directory contains general use include files for C.
paul@ubu1010:~$ ls /usr/include/
aalib.h expat_config.h math.h search.h
af_vfs.h expat_external.h mcheck.h semaphore.h
aio.h expat.h memory.h setjmp.h
AL fcntl.h menu.h sgtty.h
aliases.h features.h mntent.h shadow.h
...

6.8.3. /usr/lib
The /usr/lib directory contains libraries that are not directly executed by users or scripts.
paul@deb508:~$ ls /usr/lib | head -7
4Suite
ao
apt
arj
aspell
avahi
bonobo

6.8.4. /usr/local
The /usr/local directory can be used by an administrator to install software locally.
paul@deb508:~$ ls /usr/local/
bin etc games include lib man sbin share src
paul@deb508:~$ du -sh /usr/local/
128K /usr/local/

6.8.5. /usr/share
The /usr/share directory contains architecture independent data. As you can see, this is a
fairly large directory.
paul@deb508:~$ ls /usr/share/ | wc -l

51
 the Linux file tree

263
paul@deb508:~$ du -sh /usr/share/
1.3G /usr/share/

This directory typically contains /usr/share/man for manual pages.

paul@deb508:~$ ls /usr/share/man
cs fr hu it.UTF-8 man2 man6 pl.ISO8859-2 sv
de fr.ISO8859-1 id ja man3 man7 pl.UTF-8 tr
es fr.UTF-8 it ko man4 man8 pt_BR zh_CN
fi gl it.ISO8859-1 man1 man5 pl ru zh_TW

And it contains /usr/share/games for all static game data (so no high-scores or play logs).
paul@ubu1010:~$ ls /usr/share/games/
openttd wesnoth

6.8.6. /usr/src
The /usr/src directory is the recommended location for kernel source files.
paul@deb508:~$ ls -l /usr/src/
total 12
drwxr-xr-x 4 root root 4096 2011-02-01 14:43 linux-headers-2.6.26-2-686
drwxr-xr-x 18 root root 4096 2011-02-01 14:43 linux-headers-2.6.26-2-common
drwxr-xr-x 3 root root 4096 2009-10-28 16:01 linux-kbuild-2.6.26

52
 the Linux file tree

6.9. /var variable data

Files that are unpredictable in size, such as log, cache and spool files, should be located in
/var.

6.9.1. /var/log
The /var/log directory serves as a central point to contain all log files.
[paul@RHEL4b ~]$ ls /var/log
acpid cron.2 maillog.2 quagga secure.4
amanda cron.3 maillog.3 radius spooler
anaconda.log cron.4 maillog.4 rpmpkgs spooler.1
anaconda.syslog cups mailman rpmpkgs.1 spooler.2
anaconda.xlog dmesg messages rpmpkgs.2 spooler.3
audit exim messages.1 rpmpkgs.3 spooler.4
boot.log gdm messages.2 rpmpkgs.4 squid
boot.log.1 httpd messages.3 sa uucp
boot.log.2 iiim messages.4 samba vbox
boot.log.3 iptraf mysqld.log scrollkeeper.log vmware-tools-guestd
boot.log.4 lastlog news secure wtmp
canna mail pgsql secure.1 wtmp.1
cron maillog ppp secure.2 Xorg.0.log
cron.1 maillog.1 prelink.log secure.3 Xorg.0.log.old

6.9.2. /var/log/messages
A typical first file to check when troubleshooting on Red Hat (and derivatives) is the /var/
log/messages file. By default this file will contain information on what just happened to the
system. The file is called /var/log/syslog on Debian and Ubuntu.
[root@RHEL4b ~]# tail /var/log/messages
Jul 30 05:13:56 anacron: anacron startup succeeded
Jul 30 05:13:56 atd: atd startup succeeded
Jul 30 05:13:57 messagebus: messagebus startup succeeded
Jul 30 05:13:57 cups-config-daemon: cups-config-daemon startup succeeded
Jul 30 05:13:58 haldaemon: haldaemon startup succeeded
Jul 30 05:14:00 fstab-sync[3560]: removed all generated mount points
Jul 30 05:14:01 fstab-sync[3628]: added mount point /media/cdrom for...
Jul 30 05:14:01 fstab-sync[3646]: added mount point /media/floppy for...
Jul 30 05:16:46 sshd(pam_unix)[3662]: session opened for user paul by...
Jul 30 06:06:37 su(pam_unix)[3904]: session opened for user root by paul

6.9.3. /var/cache
The /var/cache directory can contain cache data for several applications.
paul@ubu1010:~$ ls /var/cache/
apt dictionaries-common gdm man software-center
binfmts flashplugin-installer hald pm-utils
cups fontconfig jockey pppconfig
debconf fonts ldconfig samba

6.9.4. /var/spool
The /var/spool directory typically contains spool directories for mail and cron, but also
serves as a parent directory for other spool files (for example print spool files).

53
 the Linux file tree

6.9.5. /var/lib
The /var/lib directory contains application state information.

Red Hat Enterprise Linux for example keeps files pertaining to rpm in /var/lib/rpm/.

6.9.6. /var/...
/var also contains Process ID files in /var/run (soon to be replaced with /run) and temporary
files that survive a reboot in /var/tmp and information about file locks in /var/lock. There
will be more examples of /var usage further in this book.

54
 the Linux file tree

6.10. practice: file system tree

1. Does the file /bin/cat exist ? What about /bin/dd and /bin/echo. What is the type of these
files ?

2. What is the size of the Linux kernel file(s) (vmlinu*) in /boot ?

3. Create a directory ~/test. Then issue the following commands:

cd ~/test

dd if=/dev/zero of=zeroes.txt count=1 bs=100

od zeroes.txt

dd will copy one times (count=1) a block of size 100 bytes (bs=100) from the file /dev/zero
to ~/test/zeroes.txt. Can you describe the functionality of /dev/zero ?

4. Now issue the following command:

dd if=/dev/random of=random.txt count=1 bs=100 ; od random.txt

dd will copy one times (count=1) a block of size 100 bytes (bs=100) from the file /dev/
random to ~/test/random.txt. Can you describe the functionality of /dev/random ?

5. Issue the following two commands, and look at the first character of each output line.
ls -l /dev/sd* /dev/hd*

ls -l /dev/tty* /dev/input/mou*

The first ls will show block(b) devices, the second ls shows character(c) devices. Can you
tell the difference between block and character devices ?

6. Use cat to display /etc/hosts and /etc/resolv.conf. What is your idea about the purpose
of these files ?

7. Are there any files in /etc/skel/ ? Check also for hidden files.

8. Display /proc/cpuinfo. On what architecture is your Linux running ?

9. Display /proc/interrupts. What is the size of this file ? Where is this file stored ?

10. Can you enter the /root directory ? Are there (hidden) files ?

11. Are ifconfig, fdisk, parted, shutdown and grub-install present in /sbin ? Why are these
binaries in /sbin and not in /bin ?

12. Is /var/log a file or a directory ? What about /var/spool ?

13. Open two command prompts (Ctrl-Shift-T in gnome-terminal) or terminals (Ctrl-Alt-F1,

Ctrl-Alt-F2, ...) and issue the who am i in both. Then try to echo a word from one terminal
to the other.

55
 the Linux file tree

14. Read the man page of random and explain the difference between /dev/random and /
dev/urandom.

56
 the Linux file tree

6.11. solution: file system tree

1. Does the file /bin/cat exist ? What about /bin/dd and /bin/echo. What is the type of these
files ?
ls /bin/cat ; file /bin/cat

ls /bin/dd ; file /bin/dd

ls /bin/echo ; file /bin/echo

2. What is the size of the Linux kernel file(s) (vmlinu*) in /boot ?

ls -lh /boot/vm*

3. Create a directory ~/test. Then issue the following commands:

cd ~/test

dd if=/dev/zero of=zeroes.txt count=1 bs=100

od zeroes.txt

dd will copy one times (count=1) a block of size 100 bytes (bs=100) from the file /dev/zero
to ~/test/zeroes.txt. Can you describe the functionality of /dev/zero ?

/dev/zero is a Linux special device. It can be considered a source of zeroes. You cannot send
something to /dev/zero, but you can read zeroes from it.

4. Now issue the following command:

dd if=/dev/random of=random.txt count=1 bs=100 ; od random.txt

dd will copy one times (count=1) a block of size 100 bytes (bs=100) from the file /dev/
random to ~/test/random.txt. Can you describe the functionality of /dev/random ?

/dev/random acts as a random number generator on your Linux machine.

5. Issue the following two commands, and look at the first character of each output line.
ls -l /dev/sd* /dev/hd*

ls -l /dev/tty* /dev/input/mou*

The first ls will show block(b) devices, the second ls shows character(c) devices. Can you
tell the difference between block and character devices ?

Block devices are always written to (or read from) in blocks. For hard disks, blocks of 512
bytes are common. Character devices act as a stream of characters (or bytes). Mouse and
keyboard are typical character devices.

6. Use cat to display /etc/hosts and /etc/resolv.conf. What is your idea about the purpose
of these files ?
/etc/hosts contains hostnames with their ip address

/etc/resolv.conf should contain the ip address of a DNS name server.

57
 the Linux file tree

7. Are there any files in /etc/skel/ ? Check also for hidden files.
Issue "ls -al /etc/skel/". Yes, there should be hidden files there.

8. Display /proc/cpuinfo. On what architecture is your Linux running ?

The file should contain at least one line with Intel or other cpu.

9. Display /proc/interrupts. What is the size of this file ? Where is this file stored ?

The size is zero, yet the file contains data. It is not stored anywhere because /proc is a
virtual file system that allows you to talk with the kernel. (If you answered "stored in RAM-
memory, that is also correct...).

10. Can you enter the /root directory ? Are there (hidden) files ?
Try "cd /root". The /root directory is not accessible for normal users on most modern Linux sys

11. Are ifconfig, fdisk, parted, shutdown and grub-install present in /sbin ? Why are these
binaries in /sbin and not in /bin ?
Because those files are only meant for system administrators.

12. Is /var/log a file or a directory ? What about /var/spool ?

Both are directories.

13. Open two command prompts (Ctrl-Shift-T in gnome-terminal) or terminals (Ctrl-Alt-F1,

Ctrl-Alt-F2, ...) and issue the who am i in both. Then try to echo a word from one terminal
to the other.
tty-terminal: echo Hello > /dev/tty1

pts-terminal: echo Hello > /dev/pts/1

14. Read the man page of random and explain the difference between /dev/random and /
dev/urandom.
man 4 random

58
Part III. pipes and commands
Table of Contents
7. filters ............................................................................................................................... 61
7.1. cat ......................................................................................................................... 62
7.2. tee ......................................................................................................................... 62
7.3. grep ....................................................................................................................... 62
7.4. cut ......................................................................................................................... 64
7.5. tr ........................................................................................................................... 64
7.6. wc ......................................................................................................................... 65
7.7. sort ........................................................................................................................ 66
7.8. uniq ....................................................................................................................... 67
7.9. comm ..................................................................................................................... 68
7.10. od ........................................................................................................................ 69
7.11. sed ....................................................................................................................... 70
7.12. pipe examples ........................................................................................................ 71
7.13. practice: filters ....................................................................................................... 72
7.14. solution: filters ....................................................................................................... 73
8. basic Unix tools ................................................................................................................ 75
8.1. find ........................................................................................................................ 76
8.2. locate ..................................................................................................................... 77
8.3. date ....................................................................................................................... 77
8.4. cal ......................................................................................................................... 78
8.5. sleep ...................................................................................................................... 78
8.6. time ....................................................................................................................... 79
8.7. gzip - gunzip ........................................................................................................... 80
8.8. zcat - zmore ............................................................................................................ 80
8.9. bzip2 - bunzip2 ........................................................................................................ 81
8.10. bzcat - bzmore ....................................................................................................... 81
8.11. practice: basic Unix tools ......................................................................................... 82
8.12. solution: basic Unix tools ......................................................................................... 83

60
Chapter 7. filters
Commands that are created to be used with a pipe are often called filters. These filters
are very small programs that do one specific thing very efficiently. They can be used as
building blocks.

This chapter will introduce you to the most common filters. The combination of simple
commands and filters in a long pipe allows you to design elegant solutions.

61
 filters

7.1. cat
When between two pipes, the cat command does nothing (except putting stdin on stdout).
[paul@RHEL4b pipes]$ tac count.txt | cat | cat | cat | cat | cat
five
four
three
two
one
[paul@RHEL4b pipes]$

7.2. tee
Writing long pipes in Unix is fun, but sometimes you may want intermediate results. This
is were tee comes in handy. The tee filter puts stdin on stdout and also into a file. So tee is
almost the same as cat, except that it has two identical outputs.
[paul@RHEL4b pipes]$ tac count.txt | tee temp.txt | tac
one
two
three
four
five
[paul@RHEL4b pipes]$ cat temp.txt
five
four
three
two
one
[paul@RHEL4b pipes]$

7.3. grep
The grep filter is famous among Unix users. The most common use of grep is to filter lines
of text containing (or not containing) a certain string.
[paul@RHEL4b pipes]$ cat tennis.txt
Amelie Mauresmo, Fra
Kim Clijsters, BEL
Justine Henin, Bel
Serena Williams, usa
Venus Williams, USA
[paul@RHEL4b pipes]$ cat tennis.txt | grep Williams
Serena Williams, usa
Venus Williams, USA

You can write this without the cat.

[paul@RHEL4b pipes]$ grep Williams tennis.txt
Serena Williams, usa
Venus Williams, USA

One of the most useful options of grep is grep -i which filters in a case insensitive way.
[paul@RHEL4b pipes]$ grep Bel tennis.txt
Justine Henin, Bel
[paul@RHEL4b pipes]$ grep -i Bel tennis.txt

62
 filters

Kim Clijsters, BEL

Justine Henin, Bel
[paul@RHEL4b pipes]$

Another very useful option is grep -v which outputs lines not matching the string.
[paul@RHEL4b pipes]$ grep -v Fra tennis.txt
Kim Clijsters, BEL
Justine Henin, Bel
Serena Williams, usa
Venus Williams, USA
[paul@RHEL4b pipes]$

And of course, both options can be combined to filter all lines not containing a case insen-
sitive string.
[paul@RHEL4b pipes]$ grep -vi usa tennis.txt
Amelie Mauresmo, Fra
Kim Clijsters, BEL
Justine Henin, Bel
[paul@RHEL4b pipes]$

With grep -A1 one line after the result is also displayed.
paul@debian5:~/pipes$ grep -A1 Henin tennis.txt
Justine Henin, Bel
Serena Williams, usa

With grep -B1 one line before the result is also displayed.
paul@debian5:~/pipes$ grep -B1 Henin tennis.txt
Kim Clijsters, BEL
Justine Henin, Bel

With grep -C1 (context) one line before and one after are also displayed. All three options
(A,B, and C) can display any number of lines (using e.g. A2, B4 or C20).
paul@debian5:~/pipes$ grep -C1 Henin tennis.txt
Kim Clijsters, BEL
Justine Henin, Bel
Serena Williams, usa

63
 filters

7.4. cut
The cut filter can select columns from files, depending on a delimiter or a count of bytes.
The screenshot below uses cut to filter for the username and userid in the /etc/passwd file.
It uses the colon as a delimiter, and selects fields 1 and 3.
[[paul@RHEL4b pipes]$ cut -d: -f1,3 /etc/passwd | tail -4
Figo:510
Pfaff:511
Harry:516
Hermione:517
[paul@RHEL4b pipes]$

When using a space as the delimiter for cut, you have to quote the space.
[paul@RHEL4b pipes]$ cut -d" " -f1 tennis.txt
Amelie
Kim
Justine
Serena
Venus
[paul@RHEL4b pipes]$

This example uses cut to display the second to the seventh character of /etc/passwd.
[paul@RHEL4b pipes]$ cut -c2-7 /etc/passwd | tail -4
igo:x:
faff:x
arry:x
ermion
[paul@RHEL4b pipes]$

7.5. tr
You can translate characters with tr. The screenshot shows the translation of all occurrences
of e to E.
[paul@RHEL4b pipes]$ cat tennis.txt | tr 'e' 'E'
AmEliE MaurEsmo, Fra
Kim ClijstErs, BEL
JustinE HEnin, BEl
SErEna Williams, usa
VEnus Williams, USA

Here we set all letters to uppercase by defining two ranges.

[paul@RHEL4b pipes]$ cat tennis.txt | tr 'a-z' 'A-Z'
AMELIE MAURESMO, FRA
KIM CLIJSTERS, BEL
JUSTINE HENIN, BEL
SERENA WILLIAMS, USA
VENUS WILLIAMS, USA
[paul@RHEL4b pipes]$

Here we translate all newlines to spaces.

[paul@RHEL4b pipes]$ cat count.txt
one
two

64
 filters

three
four
five
[paul@RHEL4b pipes]$ cat count.txt | tr '\n' ' '
one two three four five [paul@RHEL4b pipes]$

The tr -s filter can also be used to squeeze multiple occurrences of a character to one.
[paul@RHEL4b pipes]$ cat spaces.txt
one two three
four five six
[paul@RHEL4b pipes]$ cat spaces.txt | tr -s ' '
one two three
four five six
[paul@RHEL4b pipes]$

You can also use tr to 'encrypt' texts with rot13.

[paul@RHEL4b pipes]$ cat count.txt | tr 'a-z' 'nopqrstuvwxyzabcdefghijklm'
bar
gjb
guerr
sbhe
svir
[paul@RHEL4b pipes]$ cat count.txt | tr 'a-z' 'n-za-m'
bar
gjb
guerr
sbhe
svir
[paul@RHEL4b pipes]$

This last example uses tr -d to delete characters.

paul@debian5:~/pipes$ cat tennis.txt | tr -d e
Amli Maursmo, Fra
Kim Clijstrs, BEL
Justin Hnin, Bl
Srna Williams, usa
Vnus Williams, USA

7.6. wc
Counting words, lines and characters is easy with wc.
[paul@RHEL4b pipes]$ wc tennis.txt
5 15 100 tennis.txt
[paul@RHEL4b pipes]$ wc -l tennis.txt
5 tennis.txt
[paul@RHEL4b pipes]$ wc -w tennis.txt
15 tennis.txt
[paul@RHEL4b pipes]$ wc -c tennis.txt
100 tennis.txt
[paul@RHEL4b pipes]$

65
 filters

7.7. sort
The sort filter will default to an alphabetical sort.
paul@debian5:~/pipes$ cat music.txt
Queen
Brel
Led Zeppelin
Abba
paul@debian5:~/pipes$ sort music.txt
Abba
Brel
Led Zeppelin
Queen

But the sort filter has many options to tweak its usage. This example shows sorting different
columns (column 1 or column 2).
[paul@RHEL4b pipes]$ sort -k1 country.txt
Belgium, Brussels, 10
France, Paris, 60
Germany, Berlin, 100
Iran, Teheran, 70
Italy, Rome, 50
[paul@RHEL4b pipes]$ sort -k2 country.txt
Germany, Berlin, 100
Belgium, Brussels, 10
France, Paris, 60
Italy, Rome, 50
Iran, Teheran, 70

The screenshot below shows the difference between an alphabetical sort and a numerical
sort (both on the third column).
[paul@RHEL4b pipes]$ sort -k3 country.txt
Belgium, Brussels, 10
Germany, Berlin, 100
Italy, Rome, 50
France, Paris, 60
Iran, Teheran, 70
[paul@RHEL4b pipes]$ sort -n -k3 country.txt
Belgium, Brussels, 10
Italy, Rome, 50
France, Paris, 60
Iran, Teheran, 70
Germany, Berlin, 100

66
 filters

7.8. uniq
With uniq you can remove duplicates from a sorted list.
paul@debian5:~/pipes$ cat music.txt
Queen
Brel
Queen
Abba
paul@debian5:~/pipes$ sort music.txt
Abba
Brel
Queen
Queen
paul@debian5:~/pipes$ sort music.txt |uniq
Abba
Brel
Queen

uniq can also count occurrences with the -c option.

paul@debian5:~/pipes$ sort music.txt |uniq -c
1 Abba
1 Brel
2 Queen

67
 filters

7.9. comm
Comparing streams (or files) can be done with the comm. By default comm will output
three columns. In this example, Abba, Cure and Queen are in both lists, Bowie and Sweet
are only in the first file, Turner is only in the second.
paul@debian5:~/pipes$ cat > list1.txt
Abba
Bowie
Cure
Queen
Sweet
paul@debian5:~/pipes$ cat > list2.txt
Abba
Cure
Queen
Turner
paul@debian5:~/pipes$ comm list1.txt list2.txt
Abba
Bowie
Cure
Queen
Sweet
Turner

The output of comm can be easier to read when outputting only a single column. The digits
point out which output columns should not be displayed.

paul@debian5:~/pipes$ comm -12 list1.txt list2.txt

Abba
Cure
Queen
paul@debian5:~/pipes$ comm -13 list1.txt list2.txt
Turner
paul@debian5:~/pipes$ comm -23 list1.txt list2.txt
Bowie
Sweet

68
 filters

7.10. od
European humans like to work with ascii characters, but computers store files in bytes. The
example below creates a simple file, and then uses od to show the contents of the file in
hexadecimal bytes

paul@laika:~/test$ cat > text.txt

abcdefg
1234567
paul@laika:~/test$ od -t x1 text.txt
0000000 61 62 63 64 65 66 67 0a 31 32 33 34 35 36 37 0a
0000020

The same file can also be displayed in octal bytes.

paul@laika:~/test$ od -b text.txt
0000000 141 142 143 144 145 146 147 012 061 062 063 064 065 066 067 012
0000020

And here is the file in ascii (or backslashed) characters.

paul@laika:~/test$ od -c text.txt
0000000 a b c d e f g \n 1 2 3 4 5 6 7 \n
0000020

69
 filters

7.11. sed
The stream editor sed can perform editing functions in the stream, using regular expres-
sions.

paul@debian5:~/pipes$ echo level5 | sed 's/5/42/'

level42
paul@debian5:~/pipes$ echo level5 | sed 's/level/jump/'
jump5

Add g for global replacements (all occurrences of the string per line).

paul@debian5:~/pipes$ echo level5 level7 | sed 's/level/jump/'

jump5 level7
paul@debian5:~/pipes$ echo level5 level7 | sed 's/level/jump/g'
jump5 jump7

With d you can remove lines from a stream containing a character.

paul@debian5:~/test42$ cat tennis.txt

Venus Williams, USA
Martina Hingis, SUI
Justine Henin, BE
Serena williams, USA
Kim Clijsters, BE
Yanina Wickmayer, BE
paul@debian5:~/test42$ cat tennis.txt | sed '/BE/d'
Venus Williams, USA
Martina Hingis, SUI
Serena williams, USA

70
 filters

7.12. pipe examples

7.12.1. who | wc
How many users are logged on to this system ?
[paul@RHEL4b pipes]$ who
root tty1 Jul 25 10:50
paul pts/0 Jul 25 09:29 (laika)
Harry pts/1 Jul 25 12:26 (barry)
paul pts/2 Jul 25 12:26 (pasha)
[paul@RHEL4b pipes]$ who | wc -l
4

7.12.2. who | cut | sort

Display a sorted list of logged on users.
[paul@RHEL4b pipes]$ who | cut -d' ' -f1 | sort
Harry
paul
paul
root

Display a sorted list of logged on users, but every user only once .
[paul@RHEL4b pipes]$ who | cut -d' ' -f1 | sort | uniq
Harry
paul
root

7.12.3. grep | cut

Display a list of all bash user accounts on this computer. Users accounts are explained in
detail later.
paul@debian5:~$ grep bash /etc/passwd
root:x:0:0:root:/root:/bin/bash
paul:x:1000:1000:paul,,,:/home/paul:/bin/bash
serena:x:1001:1001::/home/serena:/bin/bash
paul@debian5:~$ grep bash /etc/passwd | cut -d: -f1
root
paul
serena

71
 filters

7.13. practice: filters

1. Put a sorted list of all bash users in bashusers.txt.

2. Put a sorted list of all logged on users in onlineusers.txt.

3. Make a list of all filenames in /etc that contain the string conf in their filename.

4. Make a sorted list of all files in /etc that contain the case insensitive string conf in their
filename.

5. Look at the output of /sbin/ifconfig. Write a line that displays only ip address and the
subnet mask.

6. Write a line that removes all non-letters from a stream.

7. Write a line that receives a text file, and outputs all words on a separate line.

8. Write a spell checker on the command line. (There may be a dictionary in /usr/share/
dict/ .)

72
 filters

7.14. solution: filters

1. Put a sorted list of all bash users in bashusers.txt.
grep bash /etc/passwd | cut -d: -f1 | sort > bashusers.txt

2. Put a sorted list of all logged on users in onlineusers.txt.

who | cut -d' ' -f1 | sort > onlineusers.txt

3. Make a list of all filenames in /etc that contain the string conf in their filename.
ls /etc | grep conf

4. Make a sorted list of all files in /etc that contain the case insensitive string conf in their
filename.
ls /etc | grep -i conf | sort

5. Look at the output of /sbin/ifconfig. Write a line that displays only ip address and the
subnet mask.
/sbin/ifconfig | head -2 | grep 'inet ' | tr -s ' ' | cut -d' ' -f3,5

6. Write a line that removes all non-letters from a stream.

paul@deb503:~$ cat text
This is, yes really! , a text with ?&* too many str$ange# characters ;-)
paul@deb503:~$ cat text | tr -d ',!$?.*&^%#@;()-'
This is yes really a text with too many strange characters

7. Write a line that receives a text file, and outputs all words on a separate line.

paul@deb503:~$ cat text2

it is very cold today without the sun

paul@deb503:~$ cat text2 | tr ' ' '\n'

it
is
very
cold
today
without
the
sun

8. Write a spell checker on the command line. (There may be a dictionary in /usr/share/
dict/ .)

paul@rhel ~$ echo "The zun is shining today" > text

paul@rhel ~$ cat > DICT

is
shining
sun
the

73
 filters

today

paul@rhel ~$ cat text | tr 'A-Z ' 'a-z\n' | sort | uniq | comm -23 - DICT
zun

You could also add the solution from question number 6 to remove non-letters, and tr -s '
' to remove redundant spaces.

74
Chapter 8. basic Unix tools
This chapter introduces commands to find or locate files and to compress files, together
with other common tools that were not discussed before. While the tools discussed here are
technically not considered filters, they can be used in pipes.

75
 basic Unix tools

8.1. find
The find command can be very useful at the start of a pipe to search for files. Here are some
examples. You might want to add 2>/dev/null to the command lines to avoid cluttering your
screen with error messages.

Find all files in /etc and put the list in etcfiles.txt

find /etc > etcfiles.txt

Find all files of the entire system and put the list in allfiles.txt
find / > allfiles.txt

Find files that end in .conf in the current directory (and all subdirs).
find . -name "*.conf"

Find files of type file (not directory, pipe or etc.) that end in .conf.
find . -type f -name "*.conf"

Find files of type directory that end in .bak .

find /data -type d -name "*.bak"

Find files that are newer than file42.txt

find . -newer file42.txt

Find can also execute another command on every file found. This example will look for
*.odf files and copy them to /backup/.
find /data -name "*.odf" -exec cp {} /backup/ \;

Find can also execute, after your confirmation, another command on every file found. This
example will remove *.odf files if you approve of it for every file found.
find /data -name "*.odf" -ok rm {} \;

76
 basic Unix tools

8.2. locate
The locate tool is very different from find in that it uses an index to locate files. This is a
lot faster than traversing all the directories, but it also means that it is always outdated. If
the index does not exist yet, then you have to create it (as root on Red Hat Enterprise Linux)
with the updatedb command.
[paul@RHEL4b ~]$ locate Samba
warning: locate: could not open database: /var/lib/slocate/slocate.db:...
warning: You need to run the 'updatedb' command (as root) to create th...
Please have a look at /etc/updatedb.conf to enable the daily cron job.
[paul@RHEL4b ~]$ updatedb
fatal error: updatedb: You are not authorized to create a default sloc...
[paul@RHEL4b ~]$ su -
Password:
[root@RHEL4b ~]# updatedb
[root@RHEL4b ~]#

Most Linux distributions will schedule the updatedb to run once every day.

8.3. date
The date command can display the date, time, time zone and more.
paul@rhel55 ~$ date
Sat Apr 17 12:44:30 CEST 2010

A date string can be customised to display the format of your choice. Check the man page
for more options.
paul@rhel55 ~$ date +'%A %d-%m-%Y'
Saturday 17-04-2010

Time on any Unix is calculated in number of seconds since 1969 (the first second being the
first second of the first of January 1970). Use date +%s to display Unix time in seconds.
paul@rhel55 ~$ date +%s
1271501080

When will this seconds counter reach two thousand million ?

paul@rhel55 ~$ date -d '1970-01-01 + 2000000000 seconds'
Wed May 18 04:33:20 CEST 2033

77
 basic Unix tools

8.4. cal
The cal command displays the current month, with the current day highlighted.
paul@rhel55 ~$ cal
April 2010
Su Mo Tu We Th Fr Sa
1 2 3
4 5 6 7 8 9 10
11 12 13 14 15 16 17
18 19 20 21 22 23 24
25 26 27 28 29 30

You can select any month in the past or the future.

paul@rhel55 ~$ cal 2 1970
February 1970
Su Mo Tu We Th Fr Sa
1 2 3 4 5 6 7
8 9 10 11 12 13 14
15 16 17 18 19 20 21
22 23 24 25 26 27 28

8.5. sleep
The sleep command is sometimes used in scripts to wait a number of seconds. This example
shows a five second sleep.
paul@rhel55 ~$ sleep 5
paul@rhel55 ~$

78
 basic Unix tools

8.6. time
The time command can display how long it takes to execute a command. The date command
takes only a little time.
paul@rhel55 ~$ time date
Sat Apr 17 13:08:27 CEST 2010

real 0m0.014s
user 0m0.008s
sys 0m0.006s

The sleep 5 command takes five real seconds to execute, but consumes little cpu time.
paul@rhel55 ~$ time sleep 5

real 0m5.018s
user 0m0.005s
sys 0m0.011s

This bzip2 command compresses a file and uses a lot of cpu time.
paul@rhel55 ~$ time bzip2 text.txt

real 0m2.368s
user 0m0.847s
sys 0m0.539s

79
 basic Unix tools

8.7. gzip - gunzip

Users never have enough disk space, so compression comes in handy. The gzip command
can make files take up less space.
paul@rhel55 ~$ ls -lh text.txt
-rw-rw-r-- 1 paul paul 6.4M Apr 17 13:11 text.txt
paul@rhel55 ~$ gzip text.txt
paul@rhel55 ~$ ls -lh text.txt.gz
-rw-rw-r-- 1 paul paul 760K Apr 17 13:11 text.txt.gz

You can get the original back with gunzip.

paul@rhel55 ~$ gunzip text.txt.gz
paul@rhel55 ~$ ls -lh text.txt
-rw-rw-r-- 1 paul paul 6.4M Apr 17 13:11 text.txt

8.8. zcat - zmore

Text files that are compressed with gzip can be viewed with zcat and zmore.
paul@rhel55 ~$ head -4 text.txt
/
/opt
/opt/VBoxGuestAdditions-3.1.6
/opt/VBoxGuestAdditions-3.1.6/routines.sh
paul@rhel55 ~$ gzip text.txt
paul@rhel55 ~$ zcat text.txt.gz | head -4
/
/opt
/opt/VBoxGuestAdditions-3.1.6
/opt/VBoxGuestAdditions-3.1.6/routines.sh

80
 basic Unix tools

8.9. bzip2 - bunzip2

Files can also be compressed with bzip2 which takes a little more time than gzip, but com-
presses better.
paul@rhel55 ~$ bzip2 text.txt
paul@rhel55 ~$ ls -lh text.txt.bz2
-rw-rw-r-- 1 paul paul 569K Apr 17 13:11 text.txt.bz2

Files can be uncompressed again with bunzip2.

paul@rhel55 ~$ bunzip2 text.txt.bz2
paul@rhel55 ~$ ls -lh text.txt
-rw-rw-r-- 1 paul paul 6.4M Apr 17 13:11 text.txt

8.10. bzcat - bzmore

And in the same way bzcat and bzmore can display files compressed with bzip2.
paul@rhel55 ~$ bzip2 text.txt
paul@rhel55 ~$ bzcat text.txt.bz2 | head -4
/
/opt
/opt/VBoxGuestAdditions-3.1.6
/opt/VBoxGuestAdditions-3.1.6/routines.sh

81
 basic Unix tools

8.11. practice: basic Unix tools

1. Explain the difference between these two commands. This question is very important. If
you don't know the answer, then look back at the shell chapter.
find /data -name "*.txt"

find /data -name *.txt

2. Explain the difference between these two statements. Will they both work when there are
200 .odf files in /data ? How about when there are 2 million .odf files ?
find /data -name "*.odf" > data_odf.txt

find /data/*.odf > data_odf.txt

3. Write a find command that finds all files created after January 30th 2010.

4. Write a find command that finds all *.odf files created in September 2009.

5. Count the number of *.conf files in /etc and all its subdirs.

6. Here are two commands that do the same thing: copy *.odf files to /backup/ . What would
be a reason to replace the first command with the second ? Again, this is an important ques-
tion.
cp -r /data/*.odf /backup/

find /data -name "*.odf" -exec cp {} /backup/ \;

7. Create a file called loctest.txt. Can you find this file with locate ? Why not ? How do
you make locate find this file ?

8. Use find and -exec to rename all .htm files to .html.

9. Issue the date command. Now display the date in YYYY/MM/DD format.

10. Issue the cal command. Display a calendar of 1582 and 1752. Notice anything special ?

82
 basic Unix tools

8.12. solution: basic Unix tools

1. Explain the difference between these two commands. This question is very important. If
you don't know the answer, then look back at the shell chapter.
find /data -name "*.txt"

find /data -name *.txt

When *.txt is quoted then the shell will not touch it. The find tool will look in the /data
for all files ending in .txt.

When *.txt is not quoted then the shell might expand this (when one or more files that ends
in .txt exist in the current directory). The find might show a different result, or can result
in a syntax error.

2. Explain the difference between these two statements. Will they both work when there are
200 .odf files in /data ? How about when there are 2 million .odf files ?
find /data -name "*.odf" > data_odf.txt

find /data/*.odf > data_odf.txt

The first find will output all .odf filenames in /data and all subdirectories. The shell will
redirect this to a file.

The second find will output all files named .odf in /data and will also output all files that
exist in directories named *.odf (in /data).

With two million files the command line would be expanded beyond the maximum that the
shell can accept. The last part of the command line would be lost.

3. Write a find command that finds all files created after January 30th 2010.
touch -t 201001302359 marker_date
find . -type f -newer marker_date

There is another solution :

find . -type f -newerat "20100130 23:59:59"

4. Write a find command that finds all *.odf files created in September 2009.
touch -t 200908312359 marker_start
touch -t 200910010000 marker_end
find . -type f -name "*.odf" -newer marker_start ! -newer marker_end

The exclamation mark ! -newer can be read as not newer.

5. Count the number of *.conf files in /etc and all its subdirs.
find /etc -type f -name '*.conf' | wc -l

6. Here are two commands that do the same thing: copy *.odf files to /backup/ . What would
be a reason to replace the first command with the second ? Again, this is an important ques-
tion.
cp -r /data/*.odf /backup/

83
 basic Unix tools

find /data -name "*.odf" -exec cp {} /backup/ \;

The first might fail when there are too many files to fit on one command line.

7. Create a file called loctest.txt. Can you find this file with locate ? Why not ? How do
you make locate find this file ?

You cannot locate this with locate because it is not yet in the index.
updatedb

8. Use find and -exec to rename all .htm files to .html.

paul@rhel55 ~$ find . -name '*.htm'

./one.htm
./two.htm
paul@rhel55 ~$ find . -name '*.htm' -exec mv {} {}l \;
paul@rhel55 ~$ find . -name '*.htm*'
./one.html
./two.html

9. Issue the date command. Now display the date in YYYY/MM/DD format.
date +%Y/%m/%d

10. Issue the cal command. Display a calendar of 1582 and 1752. Notice anything special ?
cal 1582

The calendars are different depending on the country. Check http://linux-training.be/files/

studentfiles/dates.txt

84
Part IV. vi
Table of Contents
9. Introduction to vi .............................................................................................................. 87
9.1. command mode and insert mode ................................................................................. 88
9.2. start typing (a A i I o O) ........................................................................................... 88
9.3. replace and delete a character (r x X) .......................................................................... 89
9.4. undo and repeat (u .) ................................................................................................. 89
9.5. cut, copy and paste a line (dd yy p P) .......................................................................... 89
9.6. cut, copy and paste lines (3dd 2yy) ............................................................................. 90
9.7. start and end of a line (0 or ^ and $) ........................................................................... 90
9.8. join two lines (J) and more ........................................................................................ 90
9.9. words (w b) ............................................................................................................ 91
9.10. save (or not) and exit (:w :q :q! ) ............................................................................... 91
9.11. Searching (/ ?) ....................................................................................................... 91
9.12. replace all ( :1,$ s/foo/bar/g ) .................................................................................... 92
9.13. reading files (:r :r !cmd) ........................................................................................... 92
9.14. text buffers ............................................................................................................ 92
9.15. multiple files ......................................................................................................... 92
9.16. abbreviations ......................................................................................................... 93
9.17. key mappings ........................................................................................................ 94
9.18. setting options ........................................................................................................ 94
9.19. practice: vi(m) ....................................................................................................... 95
9.20. solution: vi(m) ....................................................................................................... 96

86
Chapter 9. Introduction to vi
The vi editor is installed on almost every Unix. Linux will very often install vim (vi im-
proved) which is similar. Every system administrator should know vi(m), because it is an
easy tool to solve problems.

The vi editor is not intuitive, but once you get to know it, vi becomes a very powerful
application. Most Linux distributions will include the vimtutor which is a 45 minute lesson
in vi(m).

87
 Introduction to vi

9.1. command mode and insert mode

The vi editor starts in command mode. In command mode, you can type commands. Some
commands will bring you into insert mode. In insert mode, you can type text. The escape
key will return you to command mode.

Table 9.1. getting to command mode

key action
Esc set vi(m) in command mode.

9.2. start typing (a A i I o O)

The difference between a A i I o and O is the location where you can start typing. a will
append after the current character and A will append at the end of the line. i will insert before
the current character and I will insert at the beginning of the line. o will put you in a new
line after the current line and O will put you in a new line before the current line.

Table 9.2. switch to insert mode

command action
a start typing after the current character
A start typing at the end of the current line
i start typing before the current character
I start typing at the start of the current line
o start typing on a new line after the current line
O start typing on a new line before the current line

88
 Introduction to vi

9.3. replace and delete a character (r x X)

When in command mode (it doesn't hurt to hit the escape key more than once) you can use
the x key to delete the current character. The big X key (or shift x) will delete the character
left of the cursor. Also when in command mode, you can use the r key to replace one single
character. The r key will bring you in insert mode for just one key press, and will return you
immediately to command mode.

Table 9.3. replace and delete

command action
x delete the character below the cursor
X delete the character before the cursor
r replace the character below the cursor
p paste after the cursor (here the last deleted character)
xp switch two characters

9.4. undo and repeat (u .)

When in command mode, you can undo your mistakes with u. You can do your mistakes
twice with . (in other words, the . will repeat your last command).

Table 9.4. undo and repeat

command action
u undo the last action
. repeat the last action

9.5. cut, copy and paste a line (dd yy p P)

When in command mode, dd will cut the current line. yy will copy the current line. You can
paste the last copied or cut line after (p) or before (P) the current line.

Table 9.5. cut, copy and paste a line

command action
dd cut the current line
yy (yank yank) copy the current line
p paste after the current line
P paste before the current line

89
 Introduction to vi

9.6. cut, copy and paste lines (3dd 2yy)

When in command mode, before typing dd or yy, you can type a number to repeat the com-
mand a number of times. Thus, 5dd will cut 5 lines and 4yy will copy (yank) 4 lines. That
last one will be noted by vi in the bottom left corner as "4 line yanked".

Table 9.6. cut, copy and paste lines

command action
3dd cut three lines
4yy copy four lines

9.7. start and end of a line (0 or ^ and $)

When in command mode, the 0 and the caret ^ will bring you to the start of the current line,
whereas the $ will put the cursor at the end of the current line. You can add 0 and $ to the d
command, d0 will delete every character between the current character and the start of the
line. Likewise d$ will delete everything from the current character till the end of the line.
Similarly y0 and y$ will yank till start and end of the current line.

Table 9.7. start and end of line

command action
0 jump to start of current line
^ jump to start of current line
$ jump to end of current line
d0 delete until start of line
d$ delete until end of line

9.8. join two lines (J) and more

When in command mode, pressing J will append the next line to the current line. With yyp
you duplicate a line and with ddp you switch two lines.

Table 9.8. join two lines

command action
J join two lines
yyp duplicate a line
ddp switch two lines

90
 Introduction to vi

9.9. words (w b)
When in command mode, w will jump to the next word and b will move to the previous
word. w and b can also be combined with d and y to copy and cut words (dw db yw yb).

Table 9.9. words

command action
w forward one word
b back one word
3w forward three words
dw delete one word
yw yank (copy) one word
5yb yank five words back
7dw delete seven words

9.10. save (or not) and exit (:w :q :q! )

Pressing the colon : will allow you to give instructions to vi (technically speaking, typing
the colon will open the ex editor). :w will write (save) the file, :q will quit an unchanged
file without saving, and :q! will quit vi discarding any changes. :wq will save and quit and
is the same as typing ZZ in command mode.

Table 9.10. save and exit vi

command action
:w save (write)
:w fname save as fname
:q quit
:wq save and quit
ZZ save and quit
:q! quit (discarding your changes)
:w! save (and write to non-writable file!)

The last one is a bit special. With :w! vi will try to chmod the file to get write permission
(this works when you are the owner) and will chmod it back when the write succeeds. This
should always work when you are root (and the file system is writable).

9.11. Searching (/ ?)
When in command mode typing / will allow you to search in vi for strings (can be a regular
expression). Typing /foo will do a forward search for the string foo and typing ?bar will do
a backward search for bar.

Table 9.11. searching

command action
/string forward search for string

91
 Introduction to vi

command action
?string backward search for string
n go to next occurrence of search string
/^string forward search string at beginning of line
/string$ forward search string at end of line
/br[aeio]l search for bral brel bril and brol
/\<he\> search for the word he (and not for here or the)

9.12. replace all ( :1,$ s/foo/bar/g )

To replace all occurrences of the string foo with bar, first switch to ex mode with : . Then
tell vi which lines to use, for example 1,$ will do the replace all from the first to the last
line. You can write 1,5 to only process the first five lines. The s/foo/bar/g will replace all
occurrences of foo with bar.

Table 9.12. replace

command action
:4,8 s/foo/bar/g replace foo with bar on lines 4 to 8
:1,$ s/foo/bar/g replace foo with bar on all lines

9.13. reading files (:r :r !cmd)

When in command mode, :r foo will read the file named foo, :r !foo will execute the com-
mand foo. The result will be put at the current location. Thus :r !ls will put a listing of the
current directory in your text file.

Table 9.13. read files and input

command action
:r fname (read) file fname and paste contents
:r !cmd execute cmd and paste its output

9.14. text buffers

There are 36 buffers in vi to store text. You can use them with the " character.

Table 9.14. text buffers

command action
"add delete current line and put text in buffer a
"g7yy copy seven lines into buffer g
"ap paste from buffer a

9.15. multiple files

You can edit multiple files with vi. Here are some tips.

92
 Introduction to vi

Table 9.15. multiple files

command action
vi file1 file2 file3 start editing three files
:args lists files and marks active file
:n start editing the next file
:e toggle with last edited file
:rew rewind file pointer to first file

9.16. abbreviations
With :ab you can put abbreviations in vi. Use :una to undo the abbreviation.

Table 9.16. abbreviations

command action
:ab str long string abbreviate str to be 'long string'
:una str un-abbreviate str

93
 Introduction to vi

9.17. key mappings

Similarly to their abbreviations, you can use mappings with :map for command mode and
:map! for insert mode.

This example shows how to set the F6 function key to toggle between set number and set
nonumber. The <bar> separates the two commands, set number! toggles the state and set
number? reports the current state.
:map <F6> :set number!<bar>set number?<CR>

9.18. setting options

Some options that you can set in vim.

:set number ( also try :se nu )

:set nonumber
:syntax on
:syntax off
:set all (list all options)
:set tabstop=8
:set tx (CR/LF style endings)
:set notx

You can set these options (and much more) in ~/.vimrc for vim or in ~/.exrc for standard vi.

paul@barry:~$ cat ~/.vimrc

set number
set tabstop=8
set textwidth=78
map <F6> :set number!<bar>set number?<CR>
paul@barry:~$

94
 Introduction to vi

9.19. practice: vi(m)

1. Start the vimtutor and do some or all of the exercises. You might need to run aptitude
install vim on xubuntu.

2. What 3 key sequence in command mode will duplicate the current line.

3. What 3 key sequence in command mode will switch two lines' place (line five becomes
line six and line six becomes line five).

4. What 2 key sequence in command mode will switch a character's place with the next one.

5. vi can understand macro's. A macro can be recorded with q followed by the name of
the macro. So qa will record the macro named a. Pressing q again will end the recording.
You can recall the macro with @ followed by the name of the macro. Try this example: i 1
'Escape Key' qa yyp 'Ctrl a' q 5@a (Ctrl a will increase the number with one).

6. Copy /etc/passwd to your ~/passwd. Open the last one in vi and press Ctrl v. Use the arrow
keys to select a Visual Block, you can copy this with y or delete it with d. Try pasting it.

7. What does dwwP do when you are at the beginning of a word in a sentence ?

95
 Introduction to vi

9.20. solution: vi(m)

1. Start the vimtutor and do some or all of the exercises. You might need to run aptitude
install vim on xubuntu.
vimtutor

2. What 3 key sequence in command mode will duplicate the current line.
yyp

3. What 3 key sequence in command mode will switch two lines' place (line five becomes
line six and line six becomes line five).
ddp

4. What 2 key sequence in command mode will switch a character's place with the next one.
xp

5. vi can understand macro's. A macro can be recorded with q followed by the name of
the macro. So qa will record the macro named a. Pressing q again will end the recording.
You can recall the macro with @ followed by the name of the macro. Try this example: i 1
'Escape Key' qa yyp 'Ctrl a' q 5@a (Ctrl a will increase the number with one).

6. Copy /etc/passwd to your ~/passwd. Open the last one in vi and press Ctrl v. Use the arrow
keys to select a Visual Block, you can copy this with y or delete it with d. Try pasting it.
cp /etc/passwd ~
vi passwd
(press Ctrl-V)

7. What does dwwP do when you are at the beginning of a word in a sentence ?

dwwP can switch the current word with the next word.

96
Part V. local user management
Table of Contents
10. introduction to users ........................................................................................................ 99
10.1. whoami ............................................................................................................... 100
10.2. who .................................................................................................................... 100
10.3. who am i ............................................................................................................. 100
10.4. w ....................................................................................................................... 100
10.5. id ....................................................................................................................... 100
10.6. su to another user ................................................................................................. 101
10.7. su to root ............................................................................................................ 101
10.8. su as root ............................................................................................................ 101
10.9. su - $username ..................................................................................................... 101
10.10. su - ................................................................................................................... 101
10.11. run a program as another user ............................................................................... 102
10.12. visudo ............................................................................................................... 102
10.13. sudo su - ........................................................................................................... 103
10.14. sudo logging ...................................................................................................... 103
10.15. practice: introduction to users ................................................................................ 104
10.16. solution: introduction to users ................................................................................ 105
11. groups .......................................................................................................................... 107
11.1. groupadd ............................................................................................................. 108
11.2. group file ............................................................................................................ 108
11.3. groups ................................................................................................................. 108
11.4. usermod .............................................................................................................. 109
11.5. groupmod ............................................................................................................ 109
11.6. groupdel .............................................................................................................. 109
11.7. gpasswd .............................................................................................................. 110
11.8. newgrp ................................................................................................................ 111
11.9. vigr .................................................................................................................... 111
11.10. practice: groups .................................................................................................. 112
11.11. solution: groups .................................................................................................. 113

98
Chapter 10. introduction to users
This little chapter will teach you how to identify your user account on a Unix computer using
commands like who am i, id, and more.

In a second part you will learn how to become another user with the su command.

And you will learn how to run a program as another user with sudo.

99
 introduction to users

10.1. whoami
The whoami command tells you your username.
[paul@centos7 ~]$ whoami
paul
[paul@centos7 ~]$

10.2. who
The who command will give you information about who is logged on the system.
[paul@centos7 ~]$ who
root pts/0 2014-10-10 23:07 (10.104.33.101)
paul pts/1 2014-10-10 23:30 (10.104.33.101)
laura pts/2 2014-10-10 23:34 (10.104.33.96)
tania pts/3 2014-10-10 23:39 (10.104.33.91)
[paul@centos7 ~]$

10.3. who am i
With who am i the who command will display only the line pointing to your current session.
[paul@centos7 ~]$ who am i
paul pts/1 2014-10-10 23:30 (10.104.33.101)
[paul@centos7 ~]$

10.4. w
The w command shows you who is logged on and what they are doing.
[paul@centos7 ~]$ w
23:34:07 up 31 min, 2 users, load average: 0.00, 0.01, 0.02
USER TTY LOGIN@ IDLE JCPU PCPU WHAT
root pts/0 23:07 15.00s 0.01s 0.01s top
paul pts/1 23:30 7.00s 0.00s 0.00s w
[paul@centos7 ~]$

10.5. id
The id command will give you your user id, primary group id, and a list of the groups that
you belong to.
paul@debian7:~$ id
uid=1000(paul) gid=1000(paul) groups=1000(paul)

On RHEL/CentOS you will also get SELinux context information with this command.
[root@centos7 ~]# id
uid=0(root) gid=0(root) groups=0(root) context=unconfined_u:unconfined_r\
:unconfined_t:s0-s0:c0.c1023

100
 introduction to users

10.6. su to another user

The su command allows a user to run a shell as another user.
laura@debian7:~$ su tania
Password:
tania@debian7:/home/laura$

10.7. su to root
Yes you can also su to become root, when you know the root password.
laura@debian7:~$ su root
Password:
root@debian7:/home/laura#

10.8. su as root
You need to know the password of the user you want to substitute to, unless your are logged
in as root. The root user can become any existing user without knowing that user's password.
root@debian7:~# id
uid=0(root) gid=0(root) groups=0(root)
root@debian7:~# su - valentina
valentina@debian7:~$

10.9. su - $username
By default, the su command maintains the same shell environment. To become another user
and also get the target user's environment, issue the su - command followed by the target
username.
root@debian7:~# su laura
laura@debian7:/root$ exit
exit
root@debian7:~# su - laura
laura@debian7:~$ pwd
/home/laura

10.10. su -
When no username is provided to su or su -, the command will assume root is the target.
tania@debian7:~$ su -
Password:
root@debian7:~#

101
 introduction to users

10.11. run a program as another user

The sudo program allows a user to start a program with the credentials of another user.
Before this works, the system administrator has to set up the /etc/sudoers file. This can be
useful to delegate administrative tasks to another user (without giving the root password).

The screenshot below shows the usage of sudo. User paul received the right to run useradd
with the credentials of root. This allows paul to create new users on the system without
becoming root and without knowing the root password.

First the command fails for paul.

paul@debian7:~$ /usr/sbin/useradd -m valentina
useradd: Permission denied.
useradd: cannot lock /etc/passwd; try again later.

But with sudo it works.

paul@debian7:~$ sudo /usr/sbin/useradd -m valentina
[sudo] password for paul:
paul@debian7:~$

10.12. visudo
Check the man page of visudo before playing with the /etc/sudoers file. Editing the sudoers
is out of scope for this fundamentals book.
paul@rhel65:~$ apropos visudo
visudo (8) - edit the sudoers file
paul@rhel65:~$

102
 introduction to users

10.13. sudo su -
On some Linux systems like Ubuntu and Xubuntu, the root user does not have a password
set. This means that it is not possible to login as root (extra security). To perform tasks as
root, the first user is given all sudo rights via the /etc/sudoers. In fact all users that are
members of the admin group can use sudo to run all commands as root.
root@laika:~# grep admin /etc/sudoers
# Members of the admin group may gain root privileges
%admin ALL=(ALL) ALL

The end result of this is that the user can type sudo su - and become root without having to
enter the root password. The sudo command does require you to enter your own password.
Thus the password prompt in the screenshot below is for sudo, not for su.
paul@laika:~$ sudo su -
Password:
root@laika:~#

10.14. sudo logging

Using sudo without authorization will result in a severe warning:
paul@rhel65:~$ sudo su -

We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:

#1) Respect the privacy of others.

#2) Think before you type.
#3) With great power comes great responsibility.

[sudo] password for paul:

paul is not in the sudoers file. This incident will be reported.
paul@rhel65:~$

The root user can see this in the /var/log/secure on Red Hat and in /var/log/auth.log on
Debian).
root@rhel65:~# tail /var/log/secure | grep sudo | tr -s ' '
Apr 13 16:03:42 rhel65 sudo: paul : user NOT in sudoers ; TTY=pts/0 ; PWD=\
/home/paul ; USER=root ; COMMAND=/bin/su -
root@rhel65:~#

103
 introduction to users

10.15. practice: introduction to users

1. Run a command that displays only your currently logged on user name.

2. Display a list of all logged on users.

3. Display a list of all logged on users including the command they are running at this very
moment.

4. Display your user name and your unique user identification (userid).

5. Use su to switch to another user account (unless you are root, you will need the password
of the other account). And get back to the previous account.

6. Now use su - to switch to another user and notice the difference.

Note that su - gets you into the home directory of Tania.

7. Try to create a new user account (when using your normal user account). this should fail.
(Details on adding user accounts are explained in the next chapter.)

8. Now try the same, but with sudo before your command.

104
 introduction to users

10.16. solution: introduction to users

1. Run a command that displays only your currently logged on user name.
laura@debian7:~$ whoami
laura
laura@debian7:~$ echo $USER
laura

2. Display a list of all logged on users.

laura@debian7:~$ who
laura pts/0 2014-10-13 07:22 (10.104.33.101)
laura@debian7:~$

3. Display a list of all logged on users including the command they are running at this very
moment.
laura@debian7:~$ w
07:47:02 up 16 min, 2 users, load average: 0.00, 0.00, 0.00
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
root pts/0 10.104.33.101 07:30 6.00s 0.04s 0.00s w
root pts/1 10.104.33.101 07:46 6.00s 0.01s 0.00s sleep 42
laura@debian7:~$

4. Display your user name and your unique user identification (userid).
laura@debian7:~$ id
uid=1005(laura) gid=1007(laura) groups=1007(laura)
laura@debian7:~$

5. Use su to switch to another user account (unless you are root, you will need the password
of the other account). And get back to the previous account.
laura@debian7:~$ su tania
Password:
tania@debian7:/home/laura$ id
uid=1006(tania) gid=1008(tania) groups=1008(tania)
tania@debian7:/home/laura$ exit
laura@debian7:~$

6. Now use su - to switch to another user and notice the difference.

laura@debian7:~$ su - tania
Password:
tania@debian7:~$ pwd
/home/tania
tania@debian7:~$ logout
laura@debian7:~$

Note that su - gets you into the home directory of Tania.

105
 introduction to users

7. Try to create a new user account (when using your normal user account). this should fail.
(Details on adding user accounts are explained in the next chapter.)
laura@debian7:~$ useradd valentina
-su: useradd: command not found
laura@debian7:~$ /usr/sbin/useradd valentina
useradd: Permission denied.
useradd: cannot lock /etc/passwd; try again later.

It is possible that useradd is located in /sbin/useradd on your computer.

8. Now try the same, but with sudo before your command.
laura@debian7:~$ sudo /usr/sbin/useradd valentina
[sudo] password for laura:
laura is not in the sudoers file. This incident will be reported.
laura@debian7:~$

Notice that laura has no permission to use the sudo on this system.

106
Chapter 11. groups
Users can be listed in groups. Groups allow you to set permissions on the group level instead
of having to set permissions for every individual user.

Every Unix or Linux distribution will have a graphical tool to manage groups. Novice users
are advised to use this graphical tool. More experienced users can use command line tools to
manage users, but be careful: Some distributions do not allow the mixed use of GUI and CLI
tools to manage groups (YaST in Novell Suse). Senior administrators can edit the relevant
files directly with vi or vigr.

107
 groups

11.1. groupadd
Groups can be created with the groupadd command. The example below shows the creation
of five (empty) groups.
root@laika:~# groupadd tennis
root@laika:~# groupadd football
root@laika:~# groupadd snooker
root@laika:~# groupadd formula1
root@laika:~# groupadd salsa

11.2. group file

Users can be a member of several groups. Group membership is defined by the /etc/group
file.
root@laika:~# tail -5 /etc/group
tennis:x:1006:
football:x:1007:
snooker:x:1008:
formula1:x:1009:
salsa:x:1010:
root@laika:~#

The first field is the group's name. The second field is the group's (encrypted) password (can
be empty). The third field is the group identification or GID. The fourth field is the list of
members, these groups have no members.

11.3. groups
A user can type the groups command to see a list of groups where the user belongs to.
[harry@RHEL4b ~]$ groups
harry sports
[harry@RHEL4b ~]$

108
 groups

11.4. usermod
Group membership can be modified with the useradd or usermod command.
root@laika:~# usermod -a -G tennis inge
root@laika:~# usermod -a -G tennis katrien
root@laika:~# usermod -a -G salsa katrien
root@laika:~# usermod -a -G snooker sandra
root@laika:~# usermod -a -G formula1 annelies
root@laika:~# tail -5 /etc/group
tennis:x:1006:inge,katrien
football:x:1007:
snooker:x:1008:sandra
formula1:x:1009:annelies
salsa:x:1010:katrien
root@laika:~#

Be careful when using usermod to add users to groups. By default, the usermod command
will remove the user from every group of which he is a member if the group is not listed in
the command! Using the -a (append) switch prevents this behaviour.

11.5. groupmod
You can change the group name with the groupmod command.
root@laika:~# groupmod -n darts snooker
root@laika:~# tail -5 /etc/group
tennis:x:1006:inge,katrien
football:x:1007:
formula1:x:1009:annelies
salsa:x:1010:katrien
darts:x:1008:sandra

11.6. groupdel
You can permanently remove a group with the groupdel command.
root@laika:~# groupdel tennis
root@laika:~#

109
 groups

11.7. gpasswd
You can delegate control of group membership to another user with the gpasswd command.
In the example below we delegate permissions to add and remove group members to serena
for the sports group. Then we su to serena and add harry to the sports group.
[root@RHEL4b ~]# gpasswd -A serena sports
[root@RHEL4b ~]# su - serena
[serena@RHEL4b ~]$ id harry
uid=516(harry) gid=520(harry) groups=520(harry)
[serena@RHEL4b ~]$ gpasswd -a harry sports
Adding user harry to group sports
[serena@RHEL4b ~]$ id harry
uid=516(harry) gid=520(harry) groups=520(harry),522(sports)
[serena@RHEL4b ~]$ tail -1 /etc/group
sports:x:522:serena,venus,harry
[serena@RHEL4b ~]$

Group administrators do not have to be a member of the group. They can remove themselves
from a group, but this does not influence their ability to add or remove members.
[serena@RHEL4b ~]$ gpasswd -d serena sports
Removing user serena from group sports
[serena@RHEL4b ~]$ exit

Information about group administrators is kept in the /etc/gshadow file.

[root@RHEL4b ~]# tail -1 /etc/gshadow
sports:!:serena:venus,harry
[root@RHEL4b ~]#

To remove all group administrators from a group, use the gpasswd command to set an empty
administrators list.
[root@RHEL4b ~]# gpasswd -A "" sports

110
 groups

11.8. newgrp
You can start a child shell with a new temporary primary group using the newgrp com-
mand.
root@rhel65:~# mkdir prigroup
root@rhel65:~# cd prigroup/
root@rhel65:~/prigroup# touch standard.txt
root@rhel65:~/prigroup# ls -l
total 0
-rw-r--r--. 1 root root 0 Apr 13 17:49 standard.txt
root@rhel65:~/prigroup# echo $SHLVL
1
root@rhel65:~/prigroup# newgrp tennis
root@rhel65:~/prigroup# echo $SHLVL
2
root@rhel65:~/prigroup# touch newgrp.txt
root@rhel65:~/prigroup# ls -l
total 0
-rw-r--r--. 1 root tennis 0 Apr 13 17:49 newgrp.txt
-rw-r--r--. 1 root root 0 Apr 13 17:49 standard.txt
root@rhel65:~/prigroup# exit
exit
root@rhel65:~/prigroup#

11.9. vigr
Similar to vipw, the vigr command can be used to manually edit the /etc/group file, since
it will do proper locking of the file. Only experienced senior administrators should use vi
or vigr to manage groups.

111
 groups

11.10. practice: groups

1. Create the groups tennis, football and sports.

2. In one command, make venus a member of tennis and sports.

3. Rename the football group to foot.

4. Use vi to add serena to the tennis group.

5. Use the id command to verify that serena is a member of tennis.

6. Make someone responsible for managing group membership of foot and sports. Test that
it works.

112
 groups

11.11. solution: groups

1. Create the groups tennis, football and sports.
groupadd tennis ; groupadd football ; groupadd sports

2. In one command, make venus a member of tennis and sports.

usermod -a -G tennis,sports venus

3. Rename the football group to foot.

groupmod -n foot football

4. Use vi to add serena to the tennis group.

vi /etc/group

5. Use the id command to verify that serena is a member of tennis.

id (and after logoff logon serena should be member)

6. Make someone responsible for managing group membership of foot and sports. Test that
it works.
gpasswd -A (to make manager)

gpasswd -a (to add member)

113
Part VI. file security
Table of Contents
12. standard file permissions ................................................................................................ 116
12.1. file ownership ...................................................................................................... 117
12.2. list of special files ................................................................................................. 119
12.3. permissions .......................................................................................................... 120
12.4. practice: standard file permissions ............................................................................ 125
12.5. solution: standard file permissions ........................................................................... 126
13. file links ........................................................................................................................ 128
13.1. inodes ................................................................................................................. 129
13.2. about directories ................................................................................................... 130
13.3. hard links ............................................................................................................ 131
13.4. symbolic links ...................................................................................................... 132
13.5. removing links ..................................................................................................... 132
13.6. practice : links ...................................................................................................... 133
13.7. solution : links ...................................................................................................... 134

115
Chapter 12. standard file permissions
This chapter contains details about basic file security through file ownership and file per-
missions.

116
 standard file permissions

12.1. file ownership

12.1.1. user owner and group owner
The users and groups of a system can be locally managed in /etc/passwd and /etc/group,
or they can be in a NIS, LDAP, or Samba domain. These users and groups can own files.
Actually, every file has a user owner and a group owner, as can be seen in the following
screenshot.
paul@rhel65:~/owners$ ls -lh
total 636K
-rw-r--r--. 1 paul snooker 1.1K Apr 8 18:47 data.odt
-rw-r--r--. 1 paul paul 626K Apr 8 18:46 file1
-rw-r--r--. 1 root tennis 185 Apr 8 18:46 file2
-rw-rw-r--. 1 root root 0 Apr 8 18:47 stuff.txt
paul@rhel65:~/owners$

User paul owns three files; file1 has paul as user owner and has the group paul as group
owner, data.odt is group owned by the group snooker, file2 by the group tennis.

The last file is called stuff.txt and is owned by the root user and the root group.

12.1.2. listing user accounts

You can use the following command to list all local user accounts.
paul@debian7~$ cut -d: -f1 /etc/passwd | column
root ntp sam bert naomi
daemon mysql tom rino matthias2
bin paul wouter antonio bram
sys maarten robrecht simon fabrice
sync kevin bilal sven chimene
games yuri dimitri wouter2 messagebus
man william ahmed tarik roger
lp yves dylan jan frank
mail kris robin ian toon
news hamid matthias ivan rinus
uucp vladimir ben azeddine eddy
proxy abiy mike eric bram2
www-data david kevin2 kamel keith
backup chahid kenzo ischa jesse
list stef aaron bart frederick
irc joeri lorenzo omer hans
gnats glenn jens kurt dries
nobody yannick ruben steve steve2
libuuid christof jelle constantin tomas
Debian-exim george stefaan sam2 johan
statd joost marc bjorn tom2
sshd arno thomas ronald

117
 standard file permissions

12.1.3. chgrp
You can change the group owner of a file using the chgrp command.
root@rhel65:/home/paul/owners# ls -l file2
-rw-r--r--. 1 root tennis 185 Apr 8 18:46 file2
root@rhel65:/home/paul/owners# chgrp snooker file2
root@rhel65:/home/paul/owners# ls -l file2
-rw-r--r--. 1 root snooker 185 Apr 8 18:46 file2
root@rhel65:/home/paul/owners#

12.1.4. chown
The user owner of a file can be changed with chown command.
root@laika:/home/paul# ls -l FileForPaul
-rw-r--r-- 1 root paul 0 2008-08-06 14:11 FileForPaul
root@laika:/home/paul# chown paul FileForPaul
root@laika:/home/paul# ls -l FileForPaul
-rw-r--r-- 1 paul paul 0 2008-08-06 14:11 FileForPaul

You can also use chown to change both the user owner and the group owner.
root@laika:/home/paul# ls -l FileForPaul
-rw-r--r-- 1 paul paul 0 2008-08-06 14:11 FileForPaul
root@laika:/home/paul# chown root:project42 FileForPaul
root@laika:/home/paul# ls -l FileForPaul
-rw-r--r-- 1 root project42 0 2008-08-06 14:11 FileForPaul

118
 standard file permissions

12.2. list of special files

When you use ls -l, for each file you can see ten characters before the user and group owner.
The first character tells us the type of file. Regular files get a -, directories get a d, symbolic
links are shown with an l, pipes get a p, character devices a c, block devices a b, and sockets
an s.

Table 12.1. Unix special files

first character file type
- normal file
d directory
l symbolic link
p named pipe
b block device
c character device
s socket

Below a screenshot of a character device (the console) and a block device (the hard disk).
paul@debian6lt~$ ls -ld /dev/console /dev/sda
crw------- 1 root root 5, 1 Mar 15 12:45 /dev/console
brw-rw---- 1 root disk 8, 0 Mar 15 12:45 /dev/sda

And here you can see a directory, a regular file and a symbolic link.
paul@debian6lt~$ ls -ld /etc /etc/hosts /etc/motd
drwxr-xr-x 128 root root 12288 Mar 15 18:34 /etc
-rw-r--r-- 1 root root 372 Dec 10 17:36 /etc/hosts
lrwxrwxrwx 1 root root 13 Dec 5 10:36 /etc/motd -> /var/run/motd

119
 standard file permissions

12.3. permissions
12.3.1. rwx
The nine characters following the file type denote the permissions in three triplets. A per-
mission can be r for read access, w for write access, and x for execute. You need the r
permission to list (ls) the contents of a directory. You need the x permission to enter (cd) a
directory. You need the w permission to create files in or remove files from a directory.

Table 12.2. standard Unix file permissions

permission on a file on a directory
r (read) read file contents (cat) read directory contents (ls)
w (write) change file contents (vi) create files in (touch)
x (execute) execute the file enter the directory (cd)

12.3.2. three sets of rwx

We already know that the output of ls -l starts with ten characters for each file. This screen-
shot shows a regular file (because the first character is a - ).
paul@RHELv4u4:~/test$ ls -l proc42.bash
-rwxr-xr-- 1 paul proj 984 Feb 6 12:01 proc42.bash

Below is a table describing the function of all ten characters.

Table 12.3. Unix file permissions position

position characters function
1 - this is a regular file
2-4 rwx permissions for the user owner
5-7 r-x permissions for the group owner
8-10 r-- permissions for others

When you are the user owner of a file, then the user owner permissions apply to you. The
rest of the permissions have no influence on your access to the file.

When you belong to the group that is the group owner of a file, then the group owner
permissions apply to you. The rest of the permissions have no influence on your access to
the file.

When you are not the user owner of a file and you do not belong to the group owner, then
the others permissions apply to you. The rest of the permissions have no influence on your
access to the file.

120
 standard file permissions

12.3.3. permission examples

Some example combinations on files and directories are seen in this screenshot. The name
of the file explains the permissions.
paul@laika:~/perms$ ls -lh
total 12K
drwxr-xr-x 2 paul paul 4.0K 2007-02-07 22:26 AllEnter_UserCreateDelete
-rwxrwxrwx 1 paul paul 0 2007-02-07 22:21 EveryoneFullControl.txt
-r--r----- 1 paul paul 0 2007-02-07 22:21 OnlyOwnersRead.txt
-rwxrwx--- 1 paul paul 0 2007-02-07 22:21 OwnersAll_RestNothing.txt
dr-xr-x--- 2 paul paul 4.0K 2007-02-07 22:25 UserAndGroupEnter
dr-x------ 2 paul paul 4.0K 2007-02-07 22:25 OnlyUserEnter
paul@laika:~/perms$

To summarise, the first rwx triplet represents the permissions for the user owner. The sec-
ond triplet corresponds to the group owner; it specifies permissions for all members of that
group. The third triplet defines permissions for all other users that are not the user owner
and are not a member of the group owner.

121
 standard file permissions

12.3.4. setting permissions (chmod)

Permissions can be changed with chmod. The first example gives the user owner execute
permissions.
paul@laika:~/perms$ ls -l permissions.txt
-rw-r--r-- 1 paul paul 0 2007-02-07 22:34 permissions.txt
paul@laika:~/perms$ chmod u+x permissions.txt
paul@laika:~/perms$ ls -l permissions.txt
-rwxr--r-- 1 paul paul 0 2007-02-07 22:34 permissions.txt

This example removes the group owners read permission.

paul@laika:~/perms$ chmod g-r permissions.txt
paul@laika:~/perms$ ls -l permissions.txt
-rwx---r-- 1 paul paul 0 2007-02-07 22:34 permissions.txt

This example removes the others read permission.

paul@laika:~/perms$ chmod o-r permissions.txt
paul@laika:~/perms$ ls -l permissions.txt
-rwx------ 1 paul paul 0 2007-02-07 22:34 permissions.txt

This example gives all of them the write permission.

paul@laika:~/perms$ chmod a+w permissions.txt
paul@laika:~/perms$ ls -l permissions.txt
-rwx-w--w- 1 paul paul 0 2007-02-07 22:34 permissions.txt

You don't even have to type the a.

paul@laika:~/perms$ chmod +x permissions.txt
paul@laika:~/perms$ ls -l permissions.txt
-rwx-wx-wx 1 paul paul 0 2007-02-07 22:34 permissions.txt

You can also set explicit permissions.

paul@laika:~/perms$ chmod u=rw permissions.txt
paul@laika:~/perms$ ls -l permissions.txt
-rw--wx-wx 1 paul paul 0 2007-02-07 22:34 permissions.txt

Feel free to make any kind of combination.

paul@laika:~/perms$ chmod u=rw,g=rw,o=r permissions.txt
paul@laika:~/perms$ ls -l permissions.txt
-rw-rw-r-- 1 paul paul 0 2007-02-07 22:34 permissions.txt

Even fishy combinations are accepted by chmod.

paul@laika:~/perms$ chmod u=rwx,ug+rw,o=r permissions.txt
paul@laika:~/perms$ ls -l permissions.txt
-rwxrw-r-- 1 paul paul 0 2007-02-07 22:34 permissions.txt

122
 standard file permissions

12.3.5. setting octal permissions

Most Unix administrators will use the old school octal system to talk about and set permis-
sions. Look at the triplet bitwise, equating r to 4, w to 2, and x to 1.

Table 12.4. Octal permissions

binary octal permission
000 0 ---
001 1 --x
010 2 -w-
011 3 -wx
100 4 r--
101 5 r-x
110 6 rw-
111 7 rwx

This makes 777 equal to rwxrwxrwx and by the same logic, 654 mean rw-r-xr-- . The chmod
command will accept these numbers.
paul@laika:~/perms$ chmod 777 permissions.txt
paul@laika:~/perms$ ls -l permissions.txt
-rwxrwxrwx 1 paul paul 0 2007-02-07 22:34 permissions.txt
paul@laika:~/perms$ chmod 664 permissions.txt
paul@laika:~/perms$ ls -l permissions.txt
-rw-rw-r-- 1 paul paul 0 2007-02-07 22:34 permissions.txt
paul@laika:~/perms$ chmod 750 permissions.txt
paul@laika:~/perms$ ls -l permissions.txt
-rwxr-x--- 1 paul paul 0 2007-02-07 22:34 permissions.txt

123
 standard file permissions

12.3.6. umask
When creating a file or directory, a set of default permissions are applied. These default
permissions are determined by the umask. The umask specifies permissions that you do
not want set on by default. You can display the umask with the umask command.
[Harry@RHEL4b ~]$ umask
0002
[Harry@RHEL4b ~]$ touch test
[Harry@RHEL4b ~]$ ls -l test
-rw-rw-r-- 1 Harry Harry 0 Jul 24 06:03 test
[Harry@RHEL4b ~]$

As you can also see, the file is also not executable by default. This is a general security
feature among Unixes; newly created files are never executable by default. You have to
explicitly do a chmod +x to make a file executable. This also means that the 1 bit in the
umask has no meaning--a umask of 0022 is the same as 0033.

12.3.7. mkdir -m
When creating directories with mkdir you can use the -m option to set the mode. This
screenshot explains.
paul@debian5~$ mkdir -m 700 MyDir
paul@debian5~$ mkdir -m 777 Public
paul@debian5~$ ls -dl MyDir/ Public/
drwx------ 2 paul paul 4096 2011-10-16 19:16 MyDir/
drwxrwxrwx 2 paul paul 4096 2011-10-16 19:16 Public/

12.3.8. cp -p
To preserve permissions and time stamps from source files, use cp -p.
paul@laika:~/perms$ cp file* cp
paul@laika:~/perms$ cp -p file* cpp
paul@laika:~/perms$ ll *
-rwx------ 1 paul paul 0 2008-08-25 13:26 file33
-rwxr-x--- 1 paul paul 0 2008-08-25 13:26 file42

cp:
total 0
-rwx------ 1 paul paul 0 2008-08-25 13:34 file33
-rwxr-x--- 1 paul paul 0 2008-08-25 13:34 file42

cpp:
total 0
-rwx------ 1 paul paul 0 2008-08-25 13:26 file33
-rwxr-x--- 1 paul paul 0 2008-08-25 13:26 file42

124
 standard file permissions

12.4. practice: standard file permissions

1. As normal user, create a directory ~/permissions. Create a file owned by yourself in there.

2. Copy a file owned by root from /etc/ to your permissions dir, who owns this file now ?

3. As root, create a file in the users ~/permissions directory.

4. As normal user, look at who owns this file created by root.

5. Change the ownership of all files in ~/permissions to yourself.

6. Make sure you have all rights to these files, and others can only read.

7. With chmod, is 770 the same as rwxrwx--- ?

8. With chmod, is 664 the same as r-xr-xr-- ?

9. With chmod, is 400 the same as r-------- ?

10. With chmod, is 734 the same as rwxr-xr-- ?

11a. Display the umask in octal and in symbolic form.

11b. Set the umask to 077, but use the symbolic format to set it. Verify that this works.

12. Create a file as root, give only read to others. Can a normal user read this file ? Test
writing to this file with vi.

13a. Create a file as normal user, give only read to others. Can another normal user read this
file ? Test writing to this file with vi.

13b. Can root read this file ? Can root write to this file with vi ?

14. Create a directory that belongs to a group, where every member of that group can read
and write to files, and create files. Make sure that people can only delete their own files.

125
 standard file permissions

12.5. solution: standard file permissions

1. As normal user, create a directory ~/permissions. Create a file owned by yourself in there.
mkdir ~/permissions ; touch ~/permissions/myfile.txt

2. Copy a file owned by root from /etc/ to your permissions dir, who owns this file now ?
cp /etc/hosts ~/permissions/

The copy is owned by you.

3. As root, create a file in the users ~/permissions directory.

(become root)# touch /home/username/permissions/rootfile

4. As normal user, look at who owns this file created by root.

ls -l ~/permissions

The file created by root is owned by root.

5. Change the ownership of all files in ~/permissions to yourself.

chown user ~/permissions/*

You cannot become owner of the file that belongs to root.

6. Make sure you have all rights to these files, and others can only read.
chmod 644 (on files)

chmod 755 (on directories)

7. With chmod, is 770 the same as rwxrwx--- ?

yes

8. With chmod, is 664 the same as r-xr-xr-- ?

No

9. With chmod, is 400 the same as r-------- ?

yes

10. With chmod, is 734 the same as rwxr-xr-- ?

no

11a. Display the umask in octal and in symbolic form.

umask ; umask -S

11b. Set the umask to 077, but use the symbolic format to set it. Verify that this works.
umask -S u=rwx,go=

126
 standard file permissions

12. Create a file as root, give only read to others. Can a normal user read this file ? Test
writing to this file with vi.
(become root)

# echo hello > /home/username/root.txt

# chmod 744 /home/username/root.txt

(become user)

vi ~/root.txt

13a. Create a file as normal user, give only read to others. Can another normal user read this
file ? Test writing to this file with vi.
echo hello > file ; chmod 744 file

Yes, others can read this file

13b. Can root read this file ? Can root write to this file with vi ?

Yes, root can read and write to this file. Permissions do not apply to root.

14. Create a directory that belongs to a group, where every member of that group can read
and write to files, and create files. Make sure that people can only delete their own files.
mkdir /home/project42 ; groupadd project42

chgrp project42 /home/project42 ; chmod 775 /home/project42

You can not yet do the last part of this exercise...

127
Chapter 13. file links
An average computer using Linux has a file system with many hard links and symbolic
links.

To understand links in a file system, you first have to understand what an inode is.

128
 file links

13.1. inodes
13.1.1. inode contents
An inode is a data structure that contains metadata about a file. When the file system stores
a new file on the hard disk, it stores not only the contents (data) of the file, but also extra
properties like the name of the file, the creation date, its permissions, the owner of the file,
and more. All this information (except the name of the file and the contents of the file) is
stored in the inode of the file.

The ls -l command will display some of the inode contents, as seen in this screenshot.
root@rhel53 ~# ls -ld /home/project42/
drwxr-xr-x 4 root pro42 4.0K Mar 27 14:29 /home/project42/

13.1.2. inode table

The inode table contains all of the inodes and is created when you create the file system
(with mkfs). You can use the df -i command to see how many inodes are used and free on
mounted file systems.
root@rhel53 ~# df -i
Filesystem Inodes IUsed IFree IUse% Mounted on
/dev/mapper/VolGroup00-LogVol00
4947968 115326 4832642 3% /
/dev/hda1 26104 45 26059 1% /boot
tmpfs 64417 1 64416 1% /dev/shm
/dev/sda1 262144 2207 259937 1% /home/project42
/dev/sdb1 74400 5519 68881 8% /home/project33
/dev/sdb5 0 0 0 - /home/sales
/dev/sdb6 100744 11 100733 1% /home/research

In the df -i screenshot above you can see the inode usage for several mounted file systems.
You don't see numbers for /dev/sdb5 because it is a fat file system.

13.1.3. inode number

Each inode has a unique number (the inode number). You can see the inode numbers with
the ls -li command.
paul@RHELv4u4:~/test$ touch file1
paul@RHELv4u4:~/test$ touch file2
paul@RHELv4u4:~/test$ touch file3
paul@RHELv4u4:~/test$ ls -li
total 12
817266 -rw-rw-r-- 1 paul paul 0 Feb 5 15:38 file1
817267 -rw-rw-r-- 1 paul paul 0 Feb 5 15:38 file2
817268 -rw-rw-r-- 1 paul paul 0 Feb 5 15:38 file3
paul@RHELv4u4:~/test$

These three files were created one after the other and got three different inodes (the first
column). All the information you see with this ls command resides in the inode, except for
the filename (which is contained in the directory).

129
 file links

13.1.4. inode and file contents

Let's put some data in one of the files.
paul@RHELv4u4:~/test$ ls -li
total 16
817266 -rw-rw-r-- 1 paul paul 0 Feb 5 15:38 file1
817270 -rw-rw-r-- 1 paul paul 92 Feb 5 15:42 file2
817268 -rw-rw-r-- 1 paul paul 0 Feb 5 15:38 file3
paul@RHELv4u4:~/test$ cat file2
It is winter now and it is very cold.
We do not like the cold, we prefer hot summer nights.
paul@RHELv4u4:~/test$

The data that is displayed by the cat command is not in the inode, but somewhere else on
the disk. The inode contains a pointer to that data.

13.2. about directories

13.2.1. a directory is a table
A directory is a special kind of file that contains a table which maps filenames to inodes.
Listing our current directory with ls -ali will display the contents of the directory file.
paul@RHELv4u4:~/test$ ls -ali
total 32
817262 drwxrwxr-x 2 paul paul 4096 Feb 5 15:42 .
800768 drwx------ 16 paul paul 4096 Feb 5 15:42 ..
817266 -rw-rw-r-- 1 paul paul 0 Feb 5 15:38 file1
817270 -rw-rw-r-- 1 paul paul 92 Feb 5 15:42 file2
817268 -rw-rw-r-- 1 paul paul 0 Feb 5 15:38 file3
paul@RHELv4u4:~/test$

13.2.2. . and ..
You can see five names, and the mapping to their five inodes. The dot . is a mapping to itself,
and the dotdot .. is a mapping to the parent directory. The three other names are mappings
to different inodes.

130
 file links

13.3. hard links

13.3.1. creating hard links
When we create a hard link to a file with ln, an extra entry is added in the directory. A new
file name is mapped to an existing inode.
paul@RHELv4u4:~/test$ ln file2 hardlink_to_file2
paul@RHELv4u4:~/test$ ls -li
total 24
817266 -rw-rw-r-- 1 paul paul 0 Feb 5 15:38 file1
817270 -rw-rw-r-- 2 paul paul 92 Feb 5 15:42 file2
817268 -rw-rw-r-- 1 paul paul 0 Feb 5 15:38 file3
817270 -rw-rw-r-- 2 paul paul 92 Feb 5 15:42 hardlink_to_file2
paul@RHELv4u4:~/test$

Both files have the same inode, so they will always have the same permissions and the same
owner. Both files will have the same content. Actually, both files are equal now, meaning
you can safely remove the original file, the hardlinked file will remain. The inode contains
a counter, counting the number of hard links to itself. When the counter drops to zero, then
the inode is emptied.

13.3.2. finding hard links

You can use the find command to look for files with a certain inode. The screenshot below
shows how to search for all filenames that point to inode 817270. Remember that an inode
number is unique to its partition.
paul@RHELv4u4:~/test$ find / -inum 817270 2> /dev/null
/home/paul/test/file2
/home/paul/test/hardlink_to_file2

131
 file links

13.4. symbolic links

Symbolic links (sometimes called soft links) do not link to inodes, but create a name to
name mapping. Symbolic links are created with ln -s. As you can see below, the symbolic
link gets an inode of its own.
paul@RHELv4u4:~/test$ ln -s file2 symlink_to_file2
paul@RHELv4u4:~/test$ ls -li
total 32
817273 -rw-rw-r-- 1 paul paul 13 Feb 5 17:06 file1
817270 -rw-rw-r-- 2 paul paul 106 Feb 5 17:04 file2
817268 -rw-rw-r-- 1 paul paul 0 Feb 5 15:38 file3
817270 -rw-rw-r-- 2 paul paul 106 Feb 5 17:04 hardlink_to_file2
817267 lrwxrwxrwx 1 paul paul 5 Feb 5 16:55 symlink_to_file2 -> file2
paul@RHELv4u4:~/test$

Permissions on a symbolic link have no meaning, since the permissions of the target apply.
Hard links are limited to their own partition (because they point to an inode), symbolic links
can link anywhere (other file systems, even networked).

13.5. removing links

Links can be removed with rm.
paul@laika:~$ touch data.txt
paul@laika:~$ ln -s data.txt sl_data.txt
paul@laika:~$ ln data.txt hl_data.txt
paul@laika:~$ rm sl_data.txt
paul@laika:~$ rm hl_data.txt

132
 file links

13.6. practice : links

1. Create two files named winter.txt and summer.txt, put some text in them.

2. Create a hard link to winter.txt named hlwinter.txt.

3. Display the inode numbers of these three files, the hard links should have the same inode.

4. Use the find command to list the two hardlinked files

5. Everything about a file is in the inode, except two things : name them!

6. Create a symbolic link to summer.txt called slsummer.txt.

7. Find all files with inode number 2. What does this information tell you ?

8. Look at the directories /etc/init.d/ /etc/rc2.d/ /etc/rc3.d/ ... do you see the links ?

9. Look in /lib with ls -l...

10. Use find to look in your home directory for regular files that do not(!) have one hard link.

133
 file links

13.7. solution : links

1. Create two files named winter.txt and summer.txt, put some text in them.
echo cold > winter.txt ; echo hot > summer.txt

2. Create a hard link to winter.txt named hlwinter.txt.

ln winter.txt hlwinter.txt

3. Display the inode numbers of these three files, the hard links should have the same inode.
ls -li winter.txt summer.txt hlwinter.txt

4. Use the find command to list the two hardlinked files

find . -inum xyz #replace xyz with the inode number

5. Everything about a file is in the inode, except two things : name them!

The name of the file is in a directory, and the contents is somewhere on the disk.

6. Create a symbolic link to summer.txt called slsummer.txt.

ln -s summer.txt slsummer.txt

7. Find all files with inode number 2. What does this information tell you ?

It tells you there is more than one inode table (one for every formatted partition + virtual
file systems)

8. Look at the directories /etc/init.d/ /etc/rc.d/ /etc/rc3.d/ ... do you see the links ?
ls -l /etc/init.d

ls -l /etc/rc2.d

ls -l /etc/rc3.d

9. Look in /lib with ls -l...

ls -l /lib

10. Use find to look in your home directory for regular files that do not(!) have one hard link.
find ~ ! -links 1 -type f

134
Part VII. process management
Table of Contents
14. introduction to processes ................................................................................................ 137
14.1. terminology ......................................................................................................... 138
14.2. basic process management ...................................................................................... 139
14.3. signalling processes ............................................................................................... 143
14.4. practice : basic process management ......................................................................... 146
14.5. solution : basic process management ........................................................................ 147

136
Chapter 14. introduction to processes

137
 introduction to processes

14.1. terminology
14.1.1. process
A process is compiled source code that is currently running on the system.

14.1.2. PID
All processes have a process id or PID.

14.1.3. PPID
Every process has a parent process (with a PPID). The child process is often started by the
parent process.

14.1.4. init
The init process always has process ID 1. The init process is started by the kernel itself so
technically it does not have a parent process. init serves as a foster parent for orphaned
processes.

14.1.5. kill
When a process stops running, the process dies, when you want a process to die, you kill it.

14.1.6. daemon
Processes that start at system startup and keep running forever are called daemon processes
or daemons. These daemons never die.

14.1.7. zombie
When a process is killed, but it still shows up on the system, then the process is referred to
as zombie. You cannot kill zombies, because they are already dead.

138
 introduction to processes

14.2. basic process management

14.2.1. $$ and $PPID
Some shell environment variables contain information about processes. The $$ variable will
hold your current process ID, and $PPID contains the parent PID. Actually $$ is a shell
parameter and not a variable, you cannot assign a value to it.

Below we use echo to display the values of $$ and $PPID.

[paul@RHEL4b ~]$ echo $$ $PPID

4224 4223

14.2.2. pidof
You can find all process id's by name using the pidof command.

root@rhel53 ~# pidof mingetty

2819 2798 2797 2796 2795 2794

14.2.3. parent and child

Processes have a parent-child relationship. Every process has a parent process.

When starting a new bash you can use echo to verify that the pid from before is the ppid
of the new shell. The child process from above is now the parent process.

[paul@RHEL4b ~]$ bash

[paul@RHEL4b ~]$ echo $$ $PPID
4812 4224

Typing exit will end the current process and brings us back to our original values for $$
and $PPID.

[paul@RHEL4b ~]$ echo $$ $PPID

4812 4224
[paul@RHEL4b ~]$ exit
exit
[paul@RHEL4b ~]$ echo $$ $PPID
4224 4223
[paul@RHEL4b ~]$

139
 introduction to processes

14.2.4. fork and exec

A process starts another process in two phases. First the process creates a fork of itself, an
identical copy. Then the forked process executes an exec to replace the forked process with
the target child process.

[paul@RHEL4b ~]$ echo $$

4224
[paul@RHEL4b ~]$ bash
[paul@RHEL4b ~]$ echo $$ $PPID
5310 4224
[paul@RHEL4b ~]$

14.2.5. exec
With the exec command, you can execute a process without forking a new process. In the
following screenshot a Korn shell (ksh) is started and is being replaced with a bash shell
using the exec command. The pid of the bash shell is the same as the pid of the Korn
shell. Exiting the child bash shell will get me back to the parent bash, not to the Korn shell
(which does not exist anymore).

[paul@RHEL4b ~]$ echo $$

4224 # PID of bash
[paul@RHEL4b ~]$ ksh
$ echo $$ $PPID
5343 4224 # PID of ksh and bash
$ exec bash
[paul@RHEL4b ~]$ echo $$ $PPID
5343 4224 # PID of bash and bash
[paul@RHEL4b ~]$ exit
exit
[paul@RHEL4b ~]$ echo $$
4224

140
 introduction to processes

14.2.6. ps
One of the most common tools on Linux to look at processes is ps. The following screenshot
shows the parent child relationship between three bash processes.

[paul@RHEL4b ~]$ echo $$ $PPID

4224 4223
[paul@RHEL4b ~]$ bash
[paul@RHEL4b ~]$ echo $$ $PPID
4866 4224
[paul@RHEL4b ~]$ bash
[paul@RHEL4b ~]$ echo $$ $PPID
4884 4866
[paul@RHEL4b ~]$ ps fx
PID TTY STAT TIME COMMAND
4223 ? S 0:01 sshd: paul@pts/0
4224 pts/0 Ss 0:00 \_ -bash
4866 pts/0 S 0:00 \_ bash
4884 pts/0 S 0:00 \_ bash
4902 pts/0 R+ 0:00 \_ ps fx
[paul@RHEL4b ~]$ exit
exit
[paul@RHEL4b ~]$ ps fx
PID TTY STAT TIME COMMAND
4223 ? S 0:01 sshd: paul@pts/0
4224 pts/0 Ss 0:00 \_ -bash
4866 pts/0 S 0:00 \_ bash
4903 pts/0 R+ 0:00 \_ ps fx
[paul@RHEL4b ~]$ exit
exit
[paul@RHEL4b ~]$ ps fx
PID TTY STAT TIME COMMAND
4223 ? S 0:01 sshd: paul@pts/0
4224 pts/0 Ss 0:00 \_ -bash
4904 pts/0 R+ 0:00 \_ ps fx
[paul@RHEL4b ~]$

On Linux, ps fax is often used. On Solaris ps -ef (which also works on Linux) is common.
Here is a partial output from ps fax.

[paul@RHEL4a ~]$ ps fax

PID TTY STAT TIME COMMAND
1 ? S 0:00 init [5]

...

3713 ? Ss 0:00 /usr/sbin/sshd

5042 ? Ss 0:00 \_ sshd: paul [priv]
5044 ? S 0:00 \_ sshd: paul@pts/1
5045 pts/1 Ss 0:00 \_ -bash
5077 pts/1 R+ 0:00 \_ ps fax

141
 introduction to processes

14.2.7. pgrep
Similar to the ps -C, you can also use pgrep to search for a process by its command name.

[paul@RHEL5 ~]$ sleep 1000 &

[1] 32558
[paul@RHEL5 ~]$ pgrep sleep
32558
[paul@RHEL5 ~]$ ps -C sleep
PID TTY TIME CMD
32558 pts/3 00:00:00 sleep

You can also list the command name of the process with pgrep.

paul@laika:~$ pgrep -l sleep

9661 sleep

14.2.8. top
Another popular tool on Linux is top. The top tool can order processes according to cpu
usage or other properties. You can also kill processes from within top. Press h inside top
for help.

In case of trouble, top is often the first tool to fire up, since it also provides you memory
and swap space information.

142
 introduction to processes

14.3. signalling processes

14.3.1. kill
The kill command will kill (or stop) a process. The screenshot shows how to use a standard
kill to stop the process with pid 1942.

paul@ubuntu910:~$ kill 1942

paul@ubuntu910:~$

By using the kill we are sending a signal to the process.

14.3.2. list signals

Running processes can receive signals from each other or from the users. You can have a
list of signals by typing kill -l, that is a letter l, not the number 1.

[paul@RHEL4a ~]$ kill -l

1) SIGHUP 2) SIGINT 3) SIGQUIT 4) SIGILL
5) SIGTRAP 6) SIGABRT 7) SIGBUS 8) SIGFPE
9) SIGKILL 10) SIGUSR1 11) SIGSEGV 12) SIGUSR2
13) SIGPIPE 14) SIGALRM 15) SIGTERM 17) SIGCHLD
18) SIGCONT 19) SIGSTOP 20) SIGTSTP 21) SIGTTIN
22) SIGTTOU 23) SIGURG 24) SIGXCPU 25) SIGXFSZ
26) SIGVTALRM 27) SIGPROF 28) SIGWINCH 29) SIGIO
30) SIGPWR 31) SIGSYS 34) SIGRTMIN 35) SIGRTMIN+1
36) SIGRTMIN+2 37) SIGRTMIN+3 38) SIGRTMIN+4 39) SIGRTMIN+5
40) SIGRTMIN+6 41) SIGRTMIN+7 42) SIGRTMIN+8 43) SIGRTMIN+9
44) SIGRTMIN+10 45) SIGRTMIN+11 46) SIGRTMIN+12 47) SIGRTMIN+13
48) SIGRTMIN+14 49) SIGRTMIN+15 50) SIGRTMAX-14 51) SIGRTMAX-13
52) SIGRTMAX-12 53) SIGRTMAX-11 54) SIGRTMAX-10 55) SIGRTMAX-9
56) SIGRTMAX-8 57) SIGRTMAX-7 58) SIGRTMAX-6 59) SIGRTMAX-5
60) SIGRTMAX-4 61) SIGRTMAX-3 62) SIGRTMAX-2 63) SIGRTMAX-1
64) SIGRTMAX
[paul@RHEL4a ~]$

14.3.3. kill -1 (SIGHUP)

It is common on Linux to use the first signal SIGHUP (or HUP or 1) to tell a process that
it should re-read its configuration file. Thus, the kill -1 1 command forces the init process
(init always runs with pid 1) to re-read its configuration file.

root@deb503:~# kill -1 1
root@deb503:~#

It is up to the developer of the process to decide whether the process can do this running,
or whether it needs to stop and start. It is up to the user to read the documentation of the
program.

143
 introduction to processes

14.3.4. kill -15 (SIGTERM)

The SIGTERM signal is also called a standard kill. Whenever kill is executed without
specifying the signal, a kill -15 is assumed.

Both commands in the screenshot below are identical.

paul@ubuntu910:~$ kill 1942

paul@ubuntu910:~$ kill -15 1942

14.3.5. kill -9 (SIGKILL)

The SIGKILL is different from most other signals in that it is not being sent to the process,
but to the Linux kernel. A kill -9 is also called a sure kill. The kernel will shoot down the
process. As a developer you have no means to intercept a kill -9 signal.

root@rhel53 ~# kill -9 3342

14.3.6. SIGSTOP and SIGCONT

A running process can be suspended when it receives a SIGSTOP signal. This is the same
as kill -19 on Linux, but might have a different number in other Unix systems.

A suspended process does not use any cpu cycles, but it stays in memory and can be re-
animated with a SIGCONT signal (kill -18 on Linux).

Both signals will be used in the section about background processes.

144
 introduction to processes

14.3.7. pkill
You can use the pkill command to kill a process by its command name.

[paul@RHEL5 ~]$ sleep 1000 &

[1] 30203
[paul@RHEL5 ~]$ pkill sleep
[1]+ Terminated sleep 1000
[paul@RHEL5 ~]$

14.3.8. killall
The killall command will send a signal 15 to all processes with a certain name.
paul@rhel65:~$ sleep 8472 &
[1] 18780
paul@rhel65:~$ sleep 1201 &
[2] 18781
paul@rhel65:~$ jobs
[1]- Running sleep 8472 &
[2]+ Running sleep 1201 &
paul@rhel65:~$ killall sleep
[1]- Terminated sleep 8472
[2]+ Terminated sleep 1201
paul@rhel65:~$ jobs
paul@rhel65:~$

14.3.9. killall5
Its SysV counterpart killall5 can by used when shutting down the system. This screenshot
shows how Red Hat Enterprise Linux 5.3 uses killall5 when halting the system.
root@rhel53 ~# grep killall /etc/init.d/halt
action $"Sending all processes the TERM signal..." /sbin/killall5 -15
action $"Sending all processes the KILL signal..." /sbin/killall5 -9

14.3.10. top
Inside top the k key allows you to select a signal and pid to kill. Below is a partial screenshot
of the line just below the summary in top after pressing k.
PID to kill: 1932

Kill PID 1932 with signal [15]: 9

145
 introduction to processes

14.4. practice : basic process management

1. Use ps to search for the init process by name.

2. What is the process id of the init process ?

3. Use the who am i command to determine your terminal name.

4. Using your terminal name from above, use ps to find all processes associated with your
terminal.

5. What is the process id of your shell ?

6. What is the parent process id of your shell ?

7. Start two instances of the sleep 3342 in background.

8. Locate the process id of all sleep commands.

9. Display only those two sleep processes in top. Then quit top.

10. Use a standard kill to kill one of the sleep processes.

11. Use one command to kill all sleep processes.

146
 introduction to processes

14.5. solution : basic process management

1. Use ps to search for the init process by name.

root@rhel53 ~# ps -C init
PID TTY TIME CMD
1 ? 00:00:04 init

2. What is the process id of the init process ?

1

3. Use the who am i command to determine your terminal name.

root@rhel53 ~# who am i
paul pts/0 2010-04-12 17:44 (192.168.1.38)

4. Using your terminal name from above, use ps to find all processes associated with your
terminal.

oot@rhel53 ~# ps fax | grep pts/0

2941 ? S 0:00 \_ sshd: paul@pts/0
2942 pts/0 Ss 0:00 \_ -bash
2972 pts/0 S 0:00 \_ su -
2973 pts/0 S 0:00 \_ -bash
3808 pts/0 R+ 0:00 \_ ps fax
3809 pts/0 R+ 0:00 \_ grep pts/0

or also

root@rhel53 ~# ps -ef | grep pts/0

paul 2941 2939 0 17:44 ? 00:00:00 sshd: paul@pts/0
paul 2942 2941 0 17:44 pts/0 00:00:00 -bash
root 2972 2942 0 17:45 pts/0 00:00:00 su -
root 2973 2972 0 17:45 pts/0 00:00:00 -bash
root 3816 2973 0 21:25 pts/0 00:00:00 ps -ef
root 3817 2973 0 21:25 pts/0 00:00:00 grep pts/0

5. What is the process id of your shell ?

2973 in the screenshot above, probably different for you

echo $$ should display same number as the one you found

6. What is the parent process id of your shell ?

2972 in the screenshot above, probably different for you

in this example the PPID is from the su - command, but when inside gnome then for example
gnome-terminal can be the parent process

7. Start two instances of the sleep 3342 in background.

147
 introduction to processes

sleep 3342 &

sleep 3342 &

8. Locate the process id of all sleep commands.

pidof sleep

9. Display only those two sleep processes in top. Then quit top.
top -p pidx,pidy (replace pidx pidy with the actual numbers)

10. Use a standard kill to kill one of the sleep processes.

kill pidx

11. Use one command to kill all sleep processes.

pkill sleep

148
Part VIII. disk management
Table of Contents
15. disk devices ................................................................................................................... 151
15.1. terminology ......................................................................................................... 152
15.2. device naming ...................................................................................................... 154
15.3. discovering disk devices ......................................................................................... 155
15.4. erasing a hard disk ................................................................................................ 160
15.5. advanced hard disk settings .................................................................................... 161
15.6. practice: hard disk devices ...................................................................................... 162
15.7. solution: hard disk devices ..................................................................................... 163
16. disk partitions ............................................................................................................... 165
16.1. about partitions ..................................................................................................... 166
16.2. discovering partitions ............................................................................................. 167
16.3. partitioning new disks ............................................................................................ 169
16.4. about the partition table ......................................................................................... 171
16.5. GUID partition table ............................................................................................. 172
16.6. labeling with parted ............................................................................................... 172
16.7. practice: partitions ................................................................................................. 174
16.8. solution: partitions ................................................................................................ 175
17. file systems .................................................................................................................... 176
17.1. about file systems ................................................................................................. 177
17.2. common file systems ............................................................................................. 178
17.3. putting a file system on a partition ........................................................................... 181
17.4. tuning a file system ............................................................................................... 182
17.5. checking a file system ........................................................................................... 183
17.6. practice: file systems ............................................................................................. 184
17.7. solution: file systems ............................................................................................. 185
18. mounting ...................................................................................................................... 186
18.1. mounting local file systems .................................................................................... 187
18.2. displaying mounted file systems .............................................................................. 188
18.3. from start to finish ................................................................................................ 190
18.4. permanent mounts ................................................................................................. 191
18.5. securing mounts .................................................................................................... 192
18.6. mounting remote file systems .................................................................................. 193
18.7. practice: mounting file systems ............................................................................... 194
18.8. solution: mounting file systems ............................................................................... 195

150
Chapter 15. disk devices
This chapter teaches you how to locate and recognise hard disk devices. This prepares you
for the next chapter, where we put partitions on these devices.

151
 disk devices

15.1. terminology
15.1.1. platter, head, track, cylinder, sector
Data is commonly stored on magnetic or optical disk platters. The platters are rotated (at
high speeds). Data is read by heads, which are very close to the surface of the platter, without
touching it! The heads are mounted on an arm (sometimes called a comb or a fork).

Data is written in concentric circles called tracks. Track zero is (usually) on the outside.
The time it takes to position the head over a certain track is called the seek time. Often
the platters are stacked on top of each other, hence the set of tracks accessible at a certain
position of the comb forms a cylinder. Tracks are divided into 512 byte sectors, with more
unused space (gap) between the sectors on the outside of the platter.

When you break down the advertised access time of a hard drive, you will notice that most
of that time is taken by movement of the heads (about 65%) and rotational latency (about
30%).

15.1.2. ide or scsi

Actually, the title should be ata or scsi, since ide is an ata compatible device. Most desktops
use ata devices, most servers use scsi.

15.1.3. ata
An ata controller allows two devices per bus, one master and one slave. Unless your con-
troller and devices support cable select, you have to set this manually with jumpers.

With the introduction of sata (serial ata), the original ata was renamed to parallel ata. Op-
tical drives often use atapi, which is an ATA interface using the SCSI communication pro-
tocol.

15.1.4. scsi
A scsi controller allows more than two devices. When using SCSI (small computer system
interface), each device gets a unique scsi id. The scsi controller also needs a scsi id, do not
use this id for a scsi-attached device.

Older 8-bit SCSI is now called narrow, whereas 16-bit is wide. When the bus speeds was
doubled to 10Mhz, this was known as fast SCSI. Doubling to 20Mhz made it ultra SCSI.
Take a look at http://en.wikipedia.org/wiki/SCSI for more SCSI standards.

152
 disk devices

15.1.5. block device

Random access hard disk devices have an abstraction layer called block device to enable
formatting in fixed-size (usually 512 bytes) blocks. Blocks can be accessed independent of
access to other blocks.
[root@centos65 ~]# lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
sda 8:0 0 40G 0 disk
--sda1 8:1 0 500M 0 part /boot
--sda2 8:2 0 39.5G 0 part
--VolGroup-lv_root (dm-0) 253:0 0 38.6G 0 lvm /
--VolGroup-lv_swap (dm-1) 253:1 0 928M 0 lvm [SWAP]
sdb 8:16 0 72G 0 disk
sdc 8:32 0 144G 0 disk

A block device has the letter b to denote the file type in the output of ls -l.
[root@centos65 ~]# ls -l /dev/sd*
brw-rw----. 1 root disk 8, 0 Apr 19 10:12 /dev/sda
brw-rw----. 1 root disk 8, 1 Apr 19 10:12 /dev/sda1
brw-rw----. 1 root disk 8, 2 Apr 19 10:12 /dev/sda2
brw-rw----. 1 root disk 8, 16 Apr 19 10:12 /dev/sdb
brw-rw----. 1 root disk 8, 32 Apr 19 10:12 /dev/sdc

Note that a character device is a constant stream of characters, being denoted by a c in ls -

l. Note also that the ISO 9660 standard for cdrom uses a 2048 byte block size.

Old hard disks (and floppy disks) use cylinder-head-sector addressing to access a sector
on the disk. Most current disks use LBA (Logical Block Addressing).

15.1.6. solid state drive

A solid state drive or ssd is a block device without moving parts. It is comparable to flash
memory. An ssd is more expensive than a hard disk, but it typically has a much faster access
time.

In this book we will use the following pictograms for spindle disks (in brown) and solid
state disks (in blue).

153
 disk devices

15.2. device naming

15.2.1. ata (ide) device naming
All ata drives on your system will start with /dev/hd followed by a unit letter. The master
hdd on the first ata controller is /dev/hda, the slave is /dev/hdb. For the second controller,
the names of the devices are /dev/hdc and /dev/hdd.

Table 15.1. ide device naming

controller connection device name
master /dev/hda
ide0
slave /dev/hdb
master /dev/hdc
ide1
slave /dev/hdd

It is possible to have only /dev/hda and /dev/hdd. The first one is a single ata hard disk, the
second one is the cdrom (by default configured as slave).

15.2.2. scsi device naming

scsi drives follow a similar scheme, but all start with /dev/sd. When you run out of letters
(after /dev/sdz), you can continue with /dev/sdaa and /dev/sdab and so on. (We will see later
on that lvm volumes are commonly seen as /dev/md0, /dev/md1 etc.)

Below a sample of how scsi devices on a Linux can be named. Adding a scsi disk or raid
controller with a lower scsi address will change the naming scheme (shifting the higher scsi
addresses one letter further in the alphabet).

Table 15.2. scsi device naming

device scsi id device name
disk 0 0 /dev/sda
disk 1 1 /dev/sdb
raid controller 0 5 /dev/sdc
raid controller 1 6 /dev/sdd

A modern Linux system will use /dev/sd* for scsi and sata devices, and also for sd-cards,
usb-sticks, (legacy) ATA/IDE devices and solid state drives.

154
 disk devices

15.3. discovering disk devices

15.3.1. fdisk
You can start by using /sbin/fdisk to find out what kind of disks are seen by the kernel.
Below the result on old Debian desktop, with two ata-ide disks present.
root@barry:~# fdisk -l | grep Disk
Disk /dev/hda: 60.0 GB, 60022480896 bytes
Disk /dev/hdb: 81.9 GB, 81964302336 bytes

And here an example of sata and scsi disks on a server with CentOS. Remember that sata
disks are also presented to you with the scsi /dev/sd* notation.
[root@centos65 ~]# fdisk -l | grep 'Disk /dev/sd'
Disk /dev/sda: 42.9 GB, 42949672960 bytes
Disk /dev/sdb: 77.3 GB, 77309411328 bytes
Disk /dev/sdc: 154.6 GB, 154618822656 bytes
Disk /dev/sdd: 154.6 GB, 154618822656 bytes

Here is an overview of disks on a RHEL4u3 server with two real 72GB scsi disks. This
server is attached to a NAS with four NAS disks of half a terabyte. On the NAS disks, four
LVM (/dev/mdx) software RAID devices are configured.
[root@tsvtl1 ~]# fdisk -l | grep Disk
Disk /dev/sda: 73.4 GB, 73407488000 bytes
Disk /dev/sdb: 73.4 GB, 73407488000 bytes
Disk /dev/sdc: 499.0 GB, 499036192768 bytes
Disk /dev/sdd: 499.0 GB, 499036192768 bytes
Disk /dev/sde: 499.0 GB, 499036192768 bytes
Disk /dev/sdf: 499.0 GB, 499036192768 bytes
Disk /dev/md0: 271 MB, 271319040 bytes
Disk /dev/md2: 21.4 GB, 21476081664 bytes
Disk /dev/md3: 21.4 GB, 21467889664 bytes
Disk /dev/md1: 21.4 GB, 21476081664 bytes

You can also use fdisk to obtain information about one specific hard disk device.
[root@centos65 ~]# fdisk -l /dev/sdc

Disk /dev/sdc: 154.6 GB, 154618822656 bytes

255 heads, 63 sectors/track, 18798 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0x00000000

Later we will use fdisk to do dangerous stuff like creating and deleting partitions.

155
 disk devices

15.3.2. dmesg
Kernel boot messages can be seen after boot with dmesg. Since hard disk devices are detect-
ed by the kernel during boot, you can also use dmesg to find information about disk devices.
[root@centos65 ~]# dmesg | grep 'sd[a-z]' | head
sd 0:0:0:0: [sda] 83886080 512-byte logical blocks: (42.9 GB/40.0 GiB)
sd 0:0:0:0: [sda] Write Protect is off
sd 0:0:0:0: [sda] Mode Sense: 00 3a 00 00
sd 0:0:0:0: [sda] Write cache: enabled, read cache: enabled, doesn't support \
DPO or FUA
sda: sda1 sda2
sd 0:0:0:0: [sda] Attached SCSI disk
sd 3:0:0:0: [sdb] 150994944 512-byte logical blocks: (77.3 GB/72.0 GiB)
sd 3:0:0:0: [sdb] Write Protect is off
sd 3:0:0:0: [sdb] Mode Sense: 00 3a 00 00
sd 3:0:0:0: [sdb] Write cache: enabled, read cache: enabled, doesn't support \
DPO or FUA

Here is another example of dmesg on a computer with a 200GB ata disk.

paul@barry:~$ dmesg | grep -i "ata disk"
[ 2.624149] hda: ST360021A, ATA DISK drive
[ 2.904150] hdb: Maxtor 6Y080L0, ATA DISK drive
[ 3.472148] hdd: WDC WD2000BB-98DWA0, ATA DISK drive

Third and last example of dmesg running on RHEL5.3.

root@rhel53 ~# dmesg | grep -i "scsi disk"
sd 0:0:2:0: Attached scsi disk sda
sd 0:0:3:0: Attached scsi disk sdb
sd 0:0:6:0: Attached scsi disk sdc

156
 disk devices

15.3.3. /sbin/lshw
The lshw tool will list hardware. With the right options lshw can show a lot of information
about disks (and partitions).

Below a truncated screenshot on Debian 6:

root@debian6~# lshw -class volume | grep -A1 -B2 scsi
description: Linux raid autodetect partition
physical id: 1
bus info: scsi@1:0.0.0,1
logical name: /dev/sdb1
--
description: Linux raid autodetect partition
physical id: 1
bus info: scsi@2:0.0.0,1
logical name: /dev/sdc1
--
description: Linux raid autodetect partition
physical id: 1
bus info: scsi@3:0.0.0,1
logical name: /dev/sdd1
--
description: Linux raid autodetect partition
physical id: 1
bus info: scsi@4:0.0.0,1
logical name: /dev/sde1
--
vendor: Linux
physical id: 1
bus info: scsi@0:0.0.0,1
logical name: /dev/sda1
--
vendor: Linux
physical id: 2
bus info: scsi@0:0.0.0,2
logical name: /dev/sda2
--
description: Extended partition
physical id: 3
bus info: scsi@0:0.0.0,3
logical name: /dev/sda3

Redhat and CentOS do not have this tool (unless you add a repository).

157
 disk devices

15.3.4. /sbin/lsscsi
The lsscsi command provides a nice readable output of all scsi (and scsi emulated devices).
This first screenshot shows lsscsi on a SPARC system.
root@shaka:~# lsscsi
[0:0:0:0] disk Adaptec RAID5 V1.0 /dev/sda
[1:0:0:0] disk SEAGATE ST336605FSUN36G 0438 /dev/sdb
root@shaka:~#

Below a screenshot of lsscsi on a QNAP NAS (which has four 750GB disks and boots from
a usb stick).
lroot@debian6~# lsscsi
[0:0:0:0] disk SanDisk Cruzer Edge 1.19 /dev/sda
[1:0:0:0] disk ATA ST3750330AS SD04 /dev/sdb
[2:0:0:0] disk ATA ST3750330AS SD04 /dev/sdc
[3:0:0:0] disk ATA ST3750330AS SD04 /dev/sdd
[4:0:0:0] disk ATA ST3750330AS SD04 /dev/sde

This screenshot shows the classic output of lsscsi.

root@debian6~# lsscsi -c
Attached devices:
Host: scsi0 Channel: 00 Target: 00 Lun: 00
Vendor: SanDisk Model: Cruzer Edge Rev: 1.19
Type: Direct-Access ANSI SCSI revision: 02
Host: scsi1 Channel: 00 Target: 00 Lun: 00
Vendor: ATA Model: ST3750330AS Rev: SD04
Type: Direct-Access ANSI SCSI revision: 05
Host: scsi2 Channel: 00 Target: 00 Lun: 00
Vendor: ATA Model: ST3750330AS Rev: SD04
Type: Direct-Access ANSI SCSI revision: 05
Host: scsi3 Channel: 00 Target: 00 Lun: 00
Vendor: ATA Model: ST3750330AS Rev: SD04
Type: Direct-Access ANSI SCSI revision: 05
Host: scsi4 Channel: 00 Target: 00 Lun: 00
Vendor: ATA Model: ST3750330AS Rev: SD04
Type: Direct-Access ANSI SCSI revision: 05

158
 disk devices

15.3.5. /proc/scsi/scsi
Another way to locate scsi (or sd) devices is via /proc/scsi/scsi.

This screenshot is from a sparc computer with adaptec RAID5.

root@shaka:~# cat /proc/scsi/scsi
Attached devices:
Host: scsi0 Channel: 00 Id: 00 Lun: 00
Vendor: Adaptec Model: RAID5 Rev: V1.0
Type: Direct-Access ANSI SCSI revision: 02
Host: scsi1 Channel: 00 Id: 00 Lun: 00
Vendor: SEAGATE Model: ST336605FSUN36G Rev: 0438
Type: Direct-Access ANSI SCSI revision: 03
root@shaka:~#

Here we run cat /proc/scsi/scsi on the QNAP from above (with Debian Linux).
root@debian6~# cat /proc/scsi/scsi
Attached devices:
Host: scsi0 Channel: 00 Id: 00 Lun: 00
Vendor: SanDisk Model: Cruzer Edge Rev: 1.19
Type: Direct-Access ANSI SCSI revision: 02
Host: scsi1 Channel: 00 Id: 00 Lun: 00
Vendor: ATA Model: ST3750330AS Rev: SD04
Type: Direct-Access ANSI SCSI revision: 05
Host: scsi2 Channel: 00 Id: 00 Lun: 00
Vendor: ATA Model: ST3750330AS Rev: SD04
Type: Direct-Access ANSI SCSI revision: 05
Host: scsi3 Channel: 00 Id: 00 Lun: 00
Vendor: ATA Model: ST3750330AS Rev: SD04
Type: Direct-Access ANSI SCSI revision: 05
Host: scsi4 Channel: 00 Id: 00 Lun: 00
Vendor: ATA Model: ST3750330AS Rev: SD04
Type: Direct-Access ANSI SCSI revision: 05

Note that some recent versions of Debian have this disabled in the kernel. You can enable
it (after a kernel compile) using this entry:
# CONFIG_SCSI_PROC_FS is not set

Redhat and CentOS have this by default (if there are scsi devices present).
[root@centos65 ~]# cat /proc/scsi/scsi
Attached devices:
Host: scsi0 Channel: 00 Id: 00 Lun: 00
Vendor: ATA Model: VBOX HARDDISK Rev: 1.0
Type: Direct-Access ANSI SCSI revision: 05
Host: scsi3 Channel: 00 Id: 00 Lun: 00
Vendor: ATA Model: VBOX HARDDISK Rev: 1.0
Type: Direct-Access ANSI SCSI revision: 05
Host: scsi4 Channel: 00 Id: 00 Lun: 00
Vendor: ATA Model: VBOX HARDDISK Rev: 1.0
Type: Direct-Access ANSI SCSI revision: 05

159
 disk devices

15.4. erasing a hard disk

Before selling your old hard disk on the internet, it may be a good idea to erase it. By simply
repartitioning, or by using the Microsoft Windows format utility, or even after an mkfs
command, some people will still be able to read most of the data on the disk.
root@debian6~# aptitude search foremost autopsy sleuthkit | tr -s ' '
p autopsy - graphical interface to SleuthKit
p foremost - Forensics application to recover data
p sleuthkit - collection of tools for forensics analysis

Although technically the /sbin/badblocks tool is meant to look for bad blocks, you can use
it to completely erase all data from a disk. Since this is really writing to every sector of the
disk, it can take a long time!
root@RHELv4u2:~# badblocks -ws /dev/sdb
Testing with pattern 0xaa: done
Reading and comparing: done
Testing with pattern 0x55: done
Reading and comparing: done
Testing with pattern 0xff: done
Reading and comparing: done
Testing with pattern 0x00: done
Reading and comparing: done

The previous screenshot overwrites every sector of the disk four times. Erasing once with
a tool like dd is enough to destroy all data.

Warning, this screenshot shows how to permanently destroy all data on a block device.
[root@rhel65 ~]# dd if=/dev/zero of=/dev/sdb

160
 disk devices

15.5. advanced hard disk settings

Tweaking of hard disk settings (dma, gap, ...) are not covered in this course. Several tools
exists, hdparm and sdparm are two of them.

hdparm can be used to display or set information and parameters about an ATA (or SATA)
hard disk device. The -i and -I options will give you even more information about the phys-
ical properties of the device.
root@laika:~# hdparm /dev/sdb

/dev/sdb:
IO_support = 0 (default 16-bit)
readonly = 0 (off)
readahead = 256 (on)
geometry = 12161/255/63, sectors = 195371568, start = 0

Below hdparm info about a 200GB IDE disk.

root@barry:~# hdparm /dev/hdd

/dev/hdd:
multcount = 0 (off)
IO_support = 0 (default)
unmaskirq = 0 (off)
using_dma = 1 (on)
keepsettings = 0 (off)
readonly = 0 (off)
readahead = 256 (on)
geometry = 24321/255/63, sectors = 390721968, start = 0

Here a screenshot of sdparm on Ubuntu 10.10.

root@ubu1010:~# aptitude install sdparm
...
root@ubu1010:~# sdparm /dev/sda | head -1
/dev/sda: ATA FUJITSU MJA2160B 0081
root@ubu1010:~# man sdparm

Use hdparm and sdparm with care.

161
 disk devices

15.6. practice: hard disk devices

About this lab: To practice working with hard disks, you will need some hard disks. When
there are no physical hard disk available, you can use virtual disks in vmware or Virtual-
Box. The teacher will help you in attaching a couple of ATA and/or SCSI disks to a virtual
machine. The results of this lab can be used in the next three labs (partitions, file systems,
mounting).

It is adviced to attach three 1GB disks and three 2GB disks to the virtual machine. This will
allow for some freedom in the practices of this chapter as well as the next chapters (raid,
lvm, iSCSI).

1. Use dmesg to make a list of hard disk devices detected at boot-up.

2. Use fdisk to find the total size of all hard disk devices on your system.

3. Stop a virtual machine, add three virtual 1 gigabyte scsi hard disk devices and one virtual
400 megabyte ide hard disk device. If possible, also add another virtual 400 megabyte ide
disk.

4. Use dmesg to verify that all the new disks are properly detected at boot-up.

5. Verify that you can see the disk devices in /dev.

6. Use fdisk (with grep and /dev/null) to display the total size of the new disks.

7. Use badblocks to completely erase one of the smaller hard disks.

8. Look at /proc/scsi/scsi.

9. If possible, install lsscsi, lshw and use them to list the disks.

162
 disk devices

15.7. solution: hard disk devices

1. Use dmesg to make a list of hard disk devices detected at boot-up.
Some possible answers...

dmesg | grep -i disk

Looking for ATA disks: dmesg | grep hd[abcd]

Looking for ATA disks: dmesg | grep -i "ata disk"

Looking for SCSI disks: dmesg | grep sd[a-f]

Looking for SCSI disks: dmesg | grep -i "scsi disk"

2. Use fdisk to find the total size of all hard disk devices on your system.
fdisk -l

3. Stop a virtual machine, add three virtual 1 gigabyte scsi hard disk devices and one virtual
400 megabyte ide hard disk device. If possible, also add another virtual 400 megabyte ide
disk.
This exercise happens in the settings of vmware or VirtualBox.

4. Use dmesg to verify that all the new disks are properly detected at boot-up.
See 1.

5. Verify that you can see the disk devices in /dev.

SCSI+SATA: ls -l /dev/sd*

ATA: ls -l /dev/hd*

6. Use fdisk (with grep and /dev/null) to display the total size of the new disks.
root@rhel53 ~# fdisk -l 2>/dev/null | grep [MGT]B
Disk /dev/hda: 21.4 GB, 21474836480 bytes
Disk /dev/hdb: 1073 MB, 1073741824 bytes
Disk /dev/sda: 2147 MB, 2147483648 bytes
Disk /dev/sdb: 2147 MB, 2147483648 bytes
Disk /dev/sdc: 2147 MB, 2147483648 bytes

7. Use badblocks to completely erase one of the smaller hard disks.

#Verify the device (/dev/sdc??) you want to erase before typing this.
#
root@rhel53 ~# badblocks -ws /dev/sdc
Testing with pattern 0xaa: done
Reading and comparing: done
Testing with pattern 0x55: done
Reading and comparing: done
Testing with pattern 0xff: done
Reading and comparing: done
Testing with pattern 0x00: done
Reading and comparing: done

8. Look at /proc/scsi/scsi.
root@rhel53 ~# cat /proc/scsi/scsi

163
 disk devices

Attached devices:
Host: scsi0 Channel: 00 Id: 02 Lun: 00
Vendor: VBOX Model: HARDDISK Rev: 1.0
Type: Direct-Access ANSI SCSI revision: 05
Host: scsi0 Channel: 00 Id: 03 Lun: 00
Vendor: VBOX Model: HARDDISK Rev: 1.0
Type: Direct-Access ANSI SCSI revision: 05
Host: scsi0 Channel: 00 Id: 06 Lun: 00
Vendor: VBOX Model: HARDDISK Rev: 1.0
Type: Direct-Access ANSI SCSI revision: 05

9. If possible, install lsscsi, lshw and use them to list the disks.
Debian,Ubuntu: aptitude install lsscsi lshw

Fedora: yum install lsscsi lshw

root@rhel53 ~# lsscsi
[0:0:2:0] disk VBOX HARDDISK 1.0 /dev/sda
[0:0:3:0] disk VBOX HARDDISK 1.0 /dev/sdb
[0:0:6:0] disk VBOX HARDDISK 1.0 /dev/sdc

164
Chapter 16. disk partitions
This chapter continues on the hard disk devices from the previous one. Here we will put
partitions on those devices.

This chapter prepares you for the next chapter, where we put file systems on our partitions.

165
 disk partitions

16.1. about partitions

16.1.1. primary, extended and logical
Linux requires you to create one or more partitions. The next paragraphs will explain how
to create and use partitions.

A partition's geometry and size is usually defined by a starting and ending cylinder (some-
times by sector). Partitions can be of type primary (maximum four), extended (maximum
one) or logical (contained within the extended partition). Each partition has a type field
that contains a code. This determines the computers operating system or the partitions file
system.

Table 16.1. primary, extended and logical partitions

Partition Type naming
Primary (max 4) 1-4
Extended (max 1) 1-4
Logical 5-

16.1.2. partition naming

We saw before that hard disk devices are named /dev/hdx or /dev/sdx with x depending on
the hardware configuration. Next is the partition number, starting the count at 1. Hence the
four (possible) primary partitions are numbered 1 to 4. Logical partition counting always
starts at 5. Thus /dev/hda2 is the second partition on the first ATA hard disk device, and /
dev/hdb5 is the first logical partition on the second ATA hard disk device. Same for SCSI, /
dev/sdb3 is the third partition on the second SCSI disk.

Table 16.2. Partition naming

partition device
/dev/hda1 first primary partition on /dev/hda
/dev/hda2 second primary or extended partition on /dev/hda
/dev/sda5 first logical drive on /dev/sda
/dev/sdb6 second logical on /dev/sdb

The picture below shows two (spindle) disks with partitions. Note that an extended partition
is a container holding logical drives.

166
 disk partitions

16.2. discovering partitions

16.2.1. fdisk -l
In the fdisk -l example below you can see that two partitions exist on /dev/sdb. The first
partition spans 31 cylinders and contains a Linux swap partition. The second partition is
much bigger.

root@laika:~# fdisk -l /dev/sdb

Disk /dev/sdb: 100.0 GB, 100030242816 bytes

255 heads, 63 sectors/track, 12161 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes

Device Boot Start End Blocks Id System

/dev/sdb1 1 31 248976 82 Linux swap / Solaris
/dev/sdb2 32 12161 97434225 83 Linux
root@laika:~#

16.2.2. /proc/partitions
The /proc/partitions file contains a table with major and minor number of partitioned de-
vices, their number of blocks and the device name in /dev. Verify with /proc/devices to link
the major number to the proper device.

paul@RHELv4u4:~$ cat /proc/partitions

major minor #blocks name

3 0 524288 hda
3 64 734003 hdb
8 0 8388608 sda
8 1 104391 sda1
8 2 8281507 sda2
8 16 1048576 sdb
8 32 1048576 sdc
8 48 1048576 sdd
253 0 7176192 dm-0
253 1 1048576 dm-1

The major number corresponds to the device type (or driver) and can be found in /proc/
devices. In this case 3 corresponds to ide and 8 to sd. The major number determines the
device driver to be used with this device.

The minor number is a unique identification of an instance of this device type. The
devices.txt file in the kernel tree contains a full list of major and minor numbers.

167
 disk partitions

16.2.3. parted and others

You may be interested in alternatives to fdisk like parted, cfdisk, sfdisk and gparted. This
course mainly uses fdisk to partition hard disks.

parted is recommended by some Linux distributions for handling storage with gpt instead
of mbr.

Below a screenshot of parted on CentOS.

[root@centos65 ~]# rpm -q parted
parted-2.1-21.el6.x86_64
[root@centos65 ~]# parted /dev/sda
GNU Parted 2.1
Using /dev/sda
Welcome to GNU Parted! Type 'help' to view a list of commands.
(parted) print
Model: ATA VBOX HARDDISK (scsi)
Disk /dev/sda: 42.9GB
Sector size (logical/physical): 512B/512B
Partition Table: msdos

Number Start End Size Type File system Flags

1 1049kB 525MB 524MB primary ext4 boot
2 525MB 42.9GB 42.4GB primary lvm

(parted)

168
 disk partitions

16.3. partitioning new disks

In the example below, we bought a new disk for our system. After the new hardware is
properly attached, you can use fdisk and parted to create the necessary partition(s). This
example uses fdisk, but there is nothing wrong with using parted.

16.3.1. recognising the disk

First, we check with fdisk -l whether Linux can see the new disk. Yes it does, the new disk
is seen as /dev/sdb, but it does not have any partitions yet.
root@RHELv4u2:~# fdisk -l

Disk /dev/sda: 12.8 GB, 12884901888 bytes

255 heads, 63 sectors/track, 1566 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes

Device Boot Start End Blocks Id System

/dev/sda1 * 1 13 104391 83 Linux
/dev/sda2 14 1566 12474472+ 8e Linux LVM

Disk /dev/sdb: 1073 MB, 1073741824 bytes

255 heads, 63 sectors/track, 130 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes

Disk /dev/sdb doesn't contain a valid partition table

16.3.2. opening the disk with fdisk

Then we create a partition with fdisk on /dev/sdb. First we start the fdisk tool with /dev/sdb
as argument. Be very very careful not to partition the wrong disk!!

root@RHELv4u2:~# fdisk /dev/sdb

Device contains neither a valid DOS partition table, nor Sun, SGI...
Building a new DOS disklabel. Changes will remain in memory only,
until you decide to write them. After that, of course, the previous
content won't be recoverable.

Warning: invalid flag 0x0000 of partition table 4 will be corrected...

16.3.3. empty partition table

Inside the fdisk tool, we can issue the p command to see the current disks partition table.
Command (m for help): p

Disk /dev/sdb: 1073 MB, 1073741824 bytes

255 heads, 63 sectors/track, 130 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes

Device Boot Start End Blocks Id System

169
 disk partitions

16.3.4. create a new partition

No partitions exist yet, so we issue n to create a new partition. We choose p for primary, 1
for the partition number, 1 for the start cylinder and 14 for the end cylinder.
Command (m for help): n
Command action
e extended
p primary partition (1-4)
p
Partition number (1-4): 1
First cylinder (1-130, default 1):
Using default value 1
Last cylinder or +size or +sizeM or +sizeK (1-130, default 130): 14

We can now issue p again to verify our changes, but they are not yet written to disk. This
means we can still cancel this operation! But it looks good, so we use w to write the changes
to disk, and then quit the fdisk tool.
Command (m for help): p

Disk /dev/sdb: 1073 MB, 1073741824 bytes

255 heads, 63 sectors/track, 130 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes

Device Boot Start End Blocks Id System

/dev/sdb1 1 14 112423+ 83 Linux

Command (m for help): w

The partition table has been altered!

Calling ioctl() to re-read partition table.

Syncing disks.
root@RHELv4u2:~#

16.3.5. display the new partition

Let's verify again with fdisk -l to make sure reality fits our dreams. Indeed, the screenshot
below now shows a partition on /dev/sdb.

root@RHELv4u2:~# fdisk -l

Disk /dev/sda: 12.8 GB, 12884901888 bytes

255 heads, 63 sectors/track, 1566 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes

Device Boot Start End Blocks Id System

/dev/sda1 * 1 13 104391 83 Linux
/dev/sda2 14 1566 12474472+ 8e Linux LVM

Disk /dev/sdb: 1073 MB, 1073741824 bytes

255 heads, 63 sectors/track, 130 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes

Device Boot Start End Blocks Id System

/dev/sdb1 1 14 112423+ 83 Linux
root@RHELv4u2:~#

170
 disk partitions

16.4. about the partition table

16.4.1. master boot record
The partition table information (primary and extended partitions) is written in the master
boot record or mbr. You can use dd to copy the mbr to a file.

This example copies the master boot record from the first SCSI hard disk.
dd if=/dev/sda of=/SCSIdisk.mbr bs=512 count=1

The same tool can also be used to wipe out all information about partitions on a disk. This
example writes zeroes over the master boot record.
dd if=/dev/zero of=/dev/sda bs=512 count=1

Or to wipe out the whole partition or disk.

dd if=/dev/zero of=/dev/sda

16.4.2. partprobe
Don't forget that after restoring a master boot record with dd, that you need to force the
kernel to reread the partition table with partprobe. After running partprobe, the partitions
can be used again.
[root@RHEL5 ~]# partprobe
[root@RHEL5 ~]#

16.4.3. logical drives

The partition table does not contain information about logical drives. So the dd backup
of the mbr only works for primary and extended partitions. To backup the partition table
including the logical drives, you can use sfdisk.

This example shows how to backup all partition and logical drive information to a file.
sfdisk -d /dev/sda > parttable.sda.sfdisk

The following example copies the mbr and all logical drive info from /dev/sda to /dev/sdb.
sfdisk -d /dev/sda | sfdisk /dev/sdb

171
 disk partitions

16.5. GUID partition table

gpt was developed because of the limitations of the 1980s mbr partitioning scheme (for
example only four partitions can be defined, and they have a maximum size two terabytes).

Since 2010 gpt is a part of the uefi specification, but it is also used on bios systems.

Newer versions of fdisk work fine with gpt, but most production servers today (mid 2015)
still have an older fdisk.. You can use parted instead.

16.6. labeling with parted

parted is an interactive tool, just like fdisk. Type help in parted for a list of commands
and options.

This screenshot shows how to start parted to manage partitions on /dev/sdb.

[root@rhel71 ~]# parted /dev/sdb
GNU Parted 3.1
Using /dev/sdb
Welcome to GNU Parted! Type 'help' to view a list of commands.
(parted)

Each command also has built-in help. For example help mklabel will list all supported
labels. Note that we only discussed mbr(msdos) and gpt in this book.
(parted) help mklabel
mklabel,mktable LABEL-TYPE create a new disklabel (partition table)

LABEL-TYPE is one of: aix, amiga, bsd, dvh, gpt, mac, msdos, pc98, sun, loop
(parted)

We create an mbr label.

(parted) mklabel msdos>
Warning: The existing disk label on /dev/sdb will be destroyed and all data on
this disk will be lost. Do you want to continue?
Yes/No? yes
(parted) mklabel gpt
Warning: The existing disk label on /dev/sdb will be destroyed and all data on
this disk will be lost. Do you want to continue?
Yes/No? Y
(parted)

172
 disk partitions

16.6.1. partitioning with parted

Once labeled it is easy to create partitions with parted. This screenshot starts with an un-
partitioned (but gpt labeled) disk.
(parted) print
Model: ATA VBOX HARDDISK (scsi)
Disk /dev/sdb: 8590MB
Sector size (logical/physical): 512B/512B
Partition Table: gpt
Disk Flags:

Number Start End Size File system Name Flags

(parted)

This example shows how to create two primary partitions of equal size.
(parted) mkpart primary 0 50%
Warning: The resulting partition is not properly aligned for best performance.
Ignore/Cancel? I
(parted) mkpart primary 50% 100%
(parted)

Verify with print and exit with quit. Since parted works directly on the disk, there is no
need to w(rite) like in fdisk.
(parted) print
Model: ATA VBOX HARDDISK (scsi)
Disk /dev/sdb: 8590MB
Sector size (logical/physical): 512B/512B
Partition Table: gpt
Disk Flags:

Number Start End Size File system Name Flags

1 17.4kB 4295MB 4295MB primary
2 4295MB 8589MB 4294MB primary

(parted) quit
Information: You may need to update /etc/fstab.

[root@rhel71 ~]#

173
 disk partitions

16.7. practice: partitions

1. Use fdisk -l to display existing partitions and sizes.

2. Use df -h to display existing partitions and sizes.

3. Compare the output of fdisk and df.

4. Create a 200MB primary partition on a small disk.

5. Create a 400MB primary partition and two 300MB logical drives on a big disk.

6. Use df -h and fdisk -l to verify your work.

7. Compare the output again of fdisk and df. Do both commands display the new partitions ?

8. Create a backup with dd of the mbr that contains your 200MB primary partition.

9. Take a backup of the partition table containing your 400MB primary and 300MB logical
drives. Make sure the logical drives are in the backup.

10. (optional) Remove all your partitions with fdisk. Then restore your backups.

174
 disk partitions

16.8. solution: partitions

1. Use fdisk -l to display existing partitions and sizes.
as root: # fdisk -l

2. Use df -h to display existing partitions and sizes.

df -h

3. Compare the output of fdisk and df.

Some partitions will be listed in both outputs (maybe /dev/sda1 or /dev/hda1).

4. Create a 200MB primary partition on a small disk.

Choose one of the disks you added (this example uses /dev/sdc).
root@rhel53 ~# fdisk /dev/sdc
...
Command (m for help): n
Command action
e extended
p primary partition (1-4)
p
Partition number (1-4): 1
First cylinder (1-261, default 1): 1
Last cylinder or +size or +sizeM or +sizeK (1-261, default 261): +200m
Command (m for help): w
The partition table has been altered!
Calling ioctl() to re-read partition table.
Syncing disks.

5. Create a 400MB primary partition and two 300MB logical drives on a big disk.
Choose one of the disks you added (this example uses /dev/sdb)

fdisk /dev/sdb

inside fdisk : n p 1 +400m enter --- n e 2 enter enter --- n l +300m (twice)

6. Use df -h and fdisk -l to verify your work.

fdisk -l ; df -h

7. Compare the output again of fdisk and df. Do both commands display the new partitions ?
The newly created partitions are visible with fdisk.

But they are not displayed by df.

8. Create a backup with dd of the mbr that contains your 200MB primary partition.
dd if=/dev/sdc of=bootsector.sdc.dd count=1 bs=512

9. Take a backup of the partition table containing your 400MB primary and 300MB logical
drives. Make sure the logical drives are in the backup.
sfdisk -d /dev/sdb > parttable.sdb.sfdisk

175
Chapter 17. file systems
When you are finished partitioning the hard disk, you can put a file system on each partition.

This chapter builds on the partitions from the previous chapter, and prepares you for the
next one where we will mount the filesystems.

176
 file systems

17.1. about file systems

A file system is a way of organizing files on your partition. Besides file-based storage, file
systems usually include directories and access control, and contain meta information about
files like access times, modification times and file ownership.

The properties (length, character set, ...) of filenames are determined by the file system you
choose. Directories are usually implemented as files, you will have to learn how this is
implemented! Access control in file systems is tracked by user ownership (and group owner-
and membership) in combination with one or more access control lists.

17.1.1. man fs
The manual page about filesystems is accessed by typing man fs.
[root@rhel65 ~]# man fs

17.1.2. /proc/filesystems
The Linux kernel will inform you about currently loaded file system drivers in /proc/filesys-
tems.
root@rhel53 ~# cat /proc/filesystems | grep -v nodev
ext2
iso9660
ext3

17.1.3. /etc/filesystems
The /etc/filesystems file contains a list of autodetected filesystems (in case the mount com-
mand is used without the -t option.

Help for this file is provided by man mount.

[root@rhel65 ~]# man mount

177
 file systems

17.2. common file systems

17.2.1. ext2 and ext3
Once the most common Linux file systems is the ext2 (the second extended) file system. A
disadvantage is that file system checks on ext2 can take a long time.

ext2 was being replaced by ext3 on most Linux machines. They are essentially the same,
except for the journaling which is only present in ext3.

Journaling means that changes are first written to a journal on the disk. The journal is flushed
regularly, writing the changes in the file system. Journaling keeps the file system in a consis-
tent state, so you don't need a file system check after an unclean shutdown or power failure.

17.2.2. creating ext2 and ext3

You can create these file systems with the /sbin/mkfs or /sbin/mke2fs commands. Use
mke2fs -j to create an ext3 file system.

You can convert an ext2 to ext3 with tune2fs -j. You can mount an ext3 file system as ext2,
but then you lose the journaling. Do not forget to run mkinitrd if you are booting from this
device.

17.2.3. ext4
The newest incarnation of the ext file system is named ext4 and is available in the Linux
kernel since 2008. ext4 supports larger files (up to 16 terabyte) and larger file systems than
ext3 (and many more features).

Development started by making ext3 fully capable for 64-bit. When it turned out the changes
were significant, the developers decided to name it ext4.

17.2.4. xfs
Redhat Enterprise Linux 7 will have XFS as the default file system. This is a highly scalable
high-performance file system.

xfs was created for Irix and for a couple of years it was also used in FreeBSD. It is supported
by the Linux kernel, but rarely used in dsitributions outside of the Redhat/CentOS realm.

178
 file systems

17.2.5. vfat
The vfat file system exists in a couple of forms : fat12 for floppy disks, fat16 on ms-dos, and
fat32 for larger disks. The Linux vfat implementation supports all of these, but vfat lacks a
lot of features like security and links. fat disks can be read by every operating system, and
are used a lot for digital cameras, usb sticks and to exchange data between different OS'ses
on a home user's computer.

17.2.6. iso 9660

iso 9660 is the standard format for cdroms. Chances are you will encounter this file system
also on your hard disk in the form of images of cdroms (often with the .iso extension). The
iso 9660 standard limits filenames to the 8.3 format. The Unix world didn't like this, and thus
added the rock ridge extensions, which allows for filenames up to 255 characters and Unix-
style file-modes, ownership and symbolic links. Another extensions to iso 9660 is joliet,
which adds 64 unicode characters to the filename. The el torito standard extends iso 9660
to be able to boot from CD-ROM's.

17.2.7. udf
Most optical media today (including cd's and dvd's) use udf, the Universal Disk Format.

17.2.8. swap
All things considered, swap is not a file system. But to use a partition as a swap partition
it must be formatted and mounted as swap space.

17.2.9. gfs
Linux clusters often use a dedicated cluster filesystem like GFS, GFS2, ClusterFS, ...

17.2.10. and more...

You may encounter reiserfs on older Linux systems. Maybe you will see Sun's zfs or the
open source btrfs. This last one requires a chapter on itself.

179
 file systems

17.2.11. /proc/filesystems
The /proc/filesystems file displays a list of supported file systems. When you mount a file
system without explicitly defining one, then mount will first try to probe /etc/filesystems
and then probe /proc/filesystems for all the filesystems without the nodev label. If /etc/
filesystems ends with a line containing only an asterisk (*) then both files are probed.
paul@RHELv4u4:~$ cat /proc/filesystems
nodev sysfs
nodev rootfs
nodev bdev
nodev proc
nodev sockfs
nodev binfmt_misc
nodev usbfs
nodev usbdevfs
nodev futexfs
nodev tmpfs
nodev pipefs
nodev eventpollfs
nodev devpts
ext2
nodev ramfs
nodev hugetlbfs
iso9660
nodev relayfs
nodev mqueue
nodev selinuxfs
ext3
nodev rpc_pipefs
nodev vmware-hgfs
nodev autofs
paul@RHELv4u4:~$

180
 file systems

17.3. putting a file system on a partition

We now have a fresh partition. The system binaries to make file systems can be found with ls.
[root@RHEL4b ~]# ls -lS /sbin/mk*
-rwxr-xr-x 3 root root 34832 Apr 24 2006 /sbin/mke2fs
-rwxr-xr-x 3 root root 34832 Apr 24 2006 /sbin/mkfs.ext2
-rwxr-xr-x 3 root root 34832 Apr 24 2006 /sbin/mkfs.ext3
-rwxr-xr-x 3 root root 28484 Oct 13 2004 /sbin/mkdosfs
-rwxr-xr-x 3 root root 28484 Oct 13 2004 /sbin/mkfs.msdos
-rwxr-xr-x 3 root root 28484 Oct 13 2004 /sbin/mkfs.vfat
-rwxr-xr-x 1 root root 20313 Apr 10 2006 /sbin/mkinitrd
-rwxr-x--- 1 root root 15444 Oct 5 2004 /sbin/mkzonedb
-rwxr-xr-x 1 root root 15300 May 24 2006 /sbin/mkfs.cramfs
-rwxr-xr-x 1 root root 13036 May 24 2006 /sbin/mkswap
-rwxr-xr-x 1 root root 6912 May 24 2006 /sbin/mkfs
-rwxr-xr-x 1 root root 5905 Aug 3 2004 /sbin/mkbootdisk
[root@RHEL4b ~]#

It is time for you to read the manual pages of mkfs and mke2fs. In the example below,
you see the creation of an ext2 file system on /dev/sdb1. In real life, you might want to use
options like -m0 and -j.
root@RHELv4u2:~# mke2fs /dev/sdb1
mke2fs 1.35 (28-Feb-2004)
Filesystem label=
OS type: Linux
Block size=1024 (log=0)
Fragment size=1024 (log=0)
28112 inodes, 112420 blocks
5621 blocks (5.00%) reserved for the super user
First data block=1
Maximum filesystem blocks=67371008
14 block groups
8192 blocks per group, 8192 fragments per group
2008 inodes per group
Superblock backups stored on blocks:
8193, 24577, 40961, 57345, 73729

Writing inode tables: done

Writing superblocks and filesystem accounting information: done

This filesystem will be automatically checked every 37 mounts or

180 days, whichever comes first. Use tune2fs -c or -i to override.

181
 file systems

17.4. tuning a file system

You can use tune2fs to list and set file system settings. The first screenshot lists the reserved
space for root (which is set at five percent).
[root@rhel4 ~]# tune2fs -l /dev/sda1 | grep -i "block count"
Block count: 104388
Reserved block count: 5219
[root@rhel4 ~]#

This example changes this value to ten percent. You can use tune2fs while the file system
is active, even if it is the root file system (as in this example).
[root@rhel4 ~]# tune2fs -m10 /dev/sda1
tune2fs 1.35 (28-Feb-2004)
Setting reserved blocks percentage to 10 (10430 blocks)
[root@rhel4 ~]# tune2fs -l /dev/sda1 | grep -i "block count"
Block count: 104388
Reserved block count: 10430
[root@rhel4 ~]#

182
 file systems

17.5. checking a file system

The fsck command is a front end tool used to check a file system for errors.
[root@RHEL4b ~]# ls /sbin/*fsck*
/sbin/dosfsck /sbin/fsck /sbin/fsck.ext2 /sbin/fsck.msdos
/sbin/e2fsck /sbin/fsck.cramfs /sbin/fsck.ext3 /sbin/fsck.vfat
[root@RHEL4b ~]#

The last column in /etc/fstab is used to determine whether a file system should be checked
at boot-up.
[paul@RHEL4b ~]$ grep ext /etc/fstab
/dev/VolGroup00/LogVol00 / ext3 defaults 1 1
LABEL=/boot /boot ext3 defaults 1 2
[paul@RHEL4b ~]$

Manually checking a mounted file system results in a warning from fsck.

[root@RHEL4b ~]# fsck /boot
fsck 1.35 (28-Feb-2004)
e2fsck 1.35 (28-Feb-2004)
/dev/sda1 is mounted.

WARNING!!! Running e2fsck on a mounted filesystem may cause

SEVERE filesystem damage.

Do you really want to continue (y/n)? no

check aborted.

But after unmounting fsck and e2fsck can be used to check an ext2 file system.
[root@RHEL4b ~]# fsck /boot
fsck 1.35 (28-Feb-2004)
e2fsck 1.35 (28-Feb-2004)
/boot: clean, 44/26104 files, 17598/104388 blocks
[root@RHEL4b ~]# fsck -p /boot
fsck 1.35 (28-Feb-2004)
/boot: clean, 44/26104 files, 17598/104388 blocks
[root@RHEL4b ~]# e2fsck -p /dev/sda1
/boot: clean, 44/26104 files, 17598/104388 blocks

183
 file systems

17.6. practice: file systems

1. List the filesystems that are known by your system.

2. Create an ext2 filesystem on the 200MB partition.

3. Create an ext3 filesystem on one of the 300MB logical drives.

4. Create an ext4 on the 400MB partition.

5. Set the reserved space for root on the ext3 filesystem to 0 percent.

6. Verify your work with fdisk and df.

7. Perform a file system check on all the new file systems.

184
 file systems

17.7. solution: file systems

1. List the filesystems that are known by your system.
man fs

cat /proc/filesystems

cat /etc/filesystems (not on all Linux distributions)

2. Create an ext2 filesystem on the 200MB partition.

mke2fs /dev/sdc1 (replace sdc1 with the correct partition)

3. Create an ext3 filesystem on one of the 300MB logical drives.

mke2fs -j /dev/sdb5 (replace sdb5 with the correct partition)

4. Create an ext4 on the 400MB partition.

mkfs.ext4 /dev/sdb1 (replace sdb1 with the correct partition)

5. Set the reserved space for root on the ext3 filesystem to 0 percent.
tune2fs -m 0 /dev/sdb5

6. Verify your work with fdisk and df.

mkfs (mke2fs) makes no difference in the output of these commands

The big change is in the next topic: mounting

7. Perform a file system check on all the new file systems.

fsck /dev/sdb1
fsck /dev/sdc1
fsck /dev/sdb5

185
Chapter 18. mounting
Once you've put a file system on a partition, you can mount it. Mounting a file system
makes it available for use, usually as a directory. We say mounting a file system instead
of mounting a partition because we will see later that we can also mount file systems that
do not exists on partitions.

On all Unix systems, every file and every directory is part of one big file tree. To access
a file, you need to know the full path starting from the root directory. When adding a file
system to your computer, you need to make it available somewhere in the file tree. The
directory where you make a file system available is called a mount point.

186
 mounting

18.1. mounting local file systems

18.1.1. mkdir
This example shows how to create a new mount point with mkdir.
root@RHELv4u2:~# mkdir /home/project42

18.1.2. mount
When the mount point is created, and a file system is present on the partition, then mount
can mount the file system on the mount point directory.
root@RHELv4u2:~# mount -t ext2 /dev/sdb1 /home/project42/

Once mounted, the new file system is accessible to users.

18.1.3. /etc/filesystems
Actually the explicit -t ext2 option to set the file system is not always necessary. The mount
command is able to automatically detect a lot of file systems.

When mounting a file system without specifying explicitly the file system, then mount will
first probe /etc/filesystems. Mount will skip lines with the nodev directive.
paul@RHELv4u4:~$ cat /etc/filesystems
ext3
ext2
nodev proc
nodev devpts
iso9660
vfat
hfs

18.1.4. /proc/filesystems
When /etc/filesystems does not exist, or ends with a single * on the last line, then mount
will read /proc/filesystems.
[root@RHEL52 ~]# cat /proc/filesystems | grep -v ^nodev
ext2
iso9660
ext3

18.1.5. umount
You can unmount a mounted file system using the umount command.
root@pasha:~# umount /home/reet

187
 mounting

18.2. displaying mounted file systems

To display all mounted file systems, issue the mount command. Or look at the files /proc/
mounts and /etc/mtab.

18.2.1. mount
The simplest and most common way to view all mounts is by issuing the mount command
without any arguments.
root@RHELv4u2:~# mount | grep /dev/sdb
/dev/sdb1 on /home/project42 type ext2 (rw)

18.2.2. /proc/mounts
The kernel provides the info in /proc/mounts in file form, but /proc/mounts does not exist
as a file on any hard disk. Looking at /proc/mounts is looking at information that comes
directly from the kernel.
root@RHELv4u2:~# cat /proc/mounts | grep /dev/sdb
/dev/sdb1 /home/project42 ext2 rw 0 0

18.2.3. /etc/mtab
The /etc/mtab file is not updated by the kernel, but is maintained by the mount command.
Do not edit /etc/mtab manually.
root@RHELv4u2:~# cat /etc/mtab | grep /dev/sdb
/dev/sdb1 /home/project42 ext2 rw 0 0

188
 mounting

18.2.4. df
A more user friendly way to look at mounted file systems is df. The df (diskfree) command
has the added benefit of showing you the free space on each mounted disk. Like a lot of
Linux commands, df supports the -h switch to make the output more human readable.
root@RHELv4u2:~# df
Filesystem 1K-blocks Used Available Use% Mounted on
/dev/mapper/VolGroup00-LogVol00
11707972 6366996 4746240 58% /
/dev/sda1 101086 9300 86567 10% /boot
none 127988 0 127988 0% /dev/shm
/dev/sdb1 108865 1550 101694 2% /home/project42
root@RHELv4u2:~# df -h
Filesystem Size Used Avail Use% Mounted on
/dev/mapper/VolGroup00-LogVol00
12G 6.1G 4.6G 58% /
/dev/sda1 99M 9.1M 85M 10% /boot
none 125M 0 125M 0% /dev/shm
/dev/sdb1 107M 1.6M 100M 2% /home/project42

18.2.5. df -h
In the df -h example below you can see the size, free space, used gigabytes and percentage
and mount point of a partition.
root@laika:~# df -h | egrep -e "(sdb2|File)"
Filesystem Size Used Avail Use% Mounted on
/dev/sdb2 92G 83G 8.6G 91% /media/sdb2

18.2.6. du
The du command can summarize disk usage for files and directories. By using du on a
mount point you effectively get the disk space used on a file system.

While du can go display each subdirectory recursively, the -s option will give you a total
summary for the parent directory. This option is often used together with -h. This means du
-sh on a mount point gives the total amount used by the file system in that partition.
root@debian6~# du -sh /boot /srv/wolf
6.2M /boot
1.1T /srv/wolf

189
 mounting

18.3. from start to finish

Below is a screenshot that show a summary roadmap starting with detection of the hardware
(/dev/sdb) up until mounting on /mnt.
[root@centos65 ~]# dmesg | grep '\[sdb\]'
sd 3:0:0:0: [sdb] 150994944 512-byte logical blocks: (77.3 GB/72.0 GiB)
sd 3:0:0:0: [sdb] Write Protect is off
sd 3:0:0:0: [sdb] Mode Sense: 00 3a 00 00
sd 3:0:0:0: [sdb] Write cache: enabled, read cache: enabled, doesn't support \
DPO or FUA
sd 3:0:0:0: [sdb] Attached SCSI disk

[root@centos65 ~]# parted /dev/sdb

(parted) mklabel msdos

(parted) mkpart primary ext4 1 77000
(parted) print
Model: ATA VBOX HARDDISK (scsi)
Disk /dev/sdb: 77.3GB
Sector size (logical/physical): 512B/512B
Partition Table: msdos

Number Start End Size Type File system Flags

1 1049kB 77.0GB 77.0GB primary

(parted) quit
[root@centos65 ~]# mkfs.ext4 /dev/sdb1
mke2fs 1.41.12 (17-May-2010)
Filesystem label=
OS type: Linux
Block size=4096 (log=2)
Fragment size=4096 (log=2)
Stride=0 blocks, Stripe width=0 blocks
4702208 inodes, 18798592 blocks
939929 blocks (5.00%) reserved for the super user
First data block=0
Maximum filesystem blocks=4294967296
574 block groups
32768 blocks per group, 32768 fragments per group
8192 inodes per group
( output truncated )
...
[root@centos65 ~]# mount /dev/sdb1 /mnt
[root@centos65 ~]# mount | grep mnt
/dev/sdb1 on /mnt type ext4 (rw)
[root@centos65 ~]# df -h | grep mnt
/dev/sdb1 71G 180M 67G 1% /mnt
[root@centos65 ~]# du -sh /mnt
20K /mnt
[root@centos65 ~]# umount /mnt

190
 mounting

18.4. permanent mounts

Until now, we performed all mounts manually. This works nice, until the next reboot. Luck-
ily there is a way to tell your computer to automatically mount certain file systems during
boot.

18.4.1. /etc/fstab
The file system table located in /etc/fstab contains a list of file systems, with an option to
automtically mount each of them at boot time.

Below is a sample /etc/fstab file.

root@RHELv4u2:~# cat /etc/fstab
/dev/VolGroup00/LogVol00 / ext3 defaults 1 1
LABEL=/boot /boot ext3 defaults 1 2
none /dev/pts devpts gid=5,mode=620 0 0
none /dev/shm tmpfs defaults 0 0
none /proc proc defaults 0 0
none /sys sysfs defaults 0 0
/dev/VolGroup00/LogVol01 swap swap defaults 0 0

By adding the following line, we can automate the mounting of a file system.
/dev/sdb1 /home/project42 ext2 defaults 0 0

18.4.2. mount /mountpoint

Adding an entry to /etc/fstab has the added advantage that you can simplify the mount
command. The command in the screenshot below forces mount to look for the partition
info in /etc/fstab.
root@rhel65:~# mount /home/project42

191
 mounting

18.5. securing mounts

File systems can be secured with several mount options. Here are some examples.

18.5.1. ro
The ro option will mount a file system as read only, preventing anyone from writing.
root@rhel53 ~# mount -t ext2 -o ro /dev/hdb1 /home/project42
root@rhel53 ~# touch /home/project42/testwrite
touch: cannot touch `/home/project42/testwrite': Read-only file system

18.5.2. noexec
The noexec option will prevent the execution of binaries and scripts on the mounted file
system.
root@rhel53 ~# mount -t ext2 -o noexec /dev/hdb1 /home/project42
root@rhel53 ~# cp /bin/cat /home/project42
root@rhel53 ~# /home/project42/cat /etc/hosts
-bash: /home/project42/cat: Permission denied
root@rhel53 ~# echo echo hello > /home/project42/helloscript
root@rhel53 ~# chmod +x /home/project42/helloscript
root@rhel53 ~# /home/project42/helloscript
-bash: /home/project42/helloscript: Permission denied

18.5.3. nosuid
The nosuid option will ignore setuid bit set binaries on the mounted file system.

Note that you can still set the setuid bit on files.
root@rhel53 ~# mount -o nosuid /dev/hdb1 /home/project42
root@rhel53 ~# cp /bin/sleep /home/project42/
root@rhel53 ~# chmod 4555 /home/project42/sleep
root@rhel53 ~# ls -l /home/project42/sleep
-r-sr-xr-x 1 root root 19564 Jun 24 17:57 /home/project42/sleep

But users cannot exploit the setuid feature.

root@rhel53 ~# su - paul
[paul@rhel53 ~]$ /home/project42/sleep 500 &
[1] 2876
[paul@rhel53 ~]$ ps -f 2876
UID PID PPID C STIME TTY STAT TIME CMD
paul 2876 2853 0 17:58 pts/0 S 0:00 /home/project42/sleep 500
[paul@rhel53 ~]$

18.5.4. noacl
To prevent cluttering permissions with acl's, use the noacl option.
root@rhel53 ~# mount -o noacl /dev/hdb1 /home/project42

More mount options can be found in the manual page of mount.

192
 mounting

18.6. mounting remote file systems

18.6.1. smb/cifs
The Samba team (samba.org) has a Unix/Linux service that is compatible with the SMB/
CIFS protocol. This protocol is mainly used by networked Microsoft Windows computers.

Connecting to a Samba server (or to a Microsoft computer) is also done with the mount
command.

This example shows how to connect to the 10.0.0.42 server, to a share named data2.
[root@centos65 ~]# mount -t cifs -o user=paul //10.0.0.42/data2 /home/data2
Password:
[root@centos65 ~]# mount | grep cifs
//10.0.0.42/data2 on /home/data2 type cifs (rw)

The above requires yum install cifs-client.

18.6.2. nfs
Unix servers often use nfs (aka the network file system) to share directories over the network.
Setting up an nfs server is discussed later. Connecting as a client to an nfs server is done
with mount, and is very similar to connecting to local storage.

This command shows how to connect to the nfs server named server42, which is sharing
the directory /srv/data. The mount point at the end of the command (/home/data) must
already exist.
[root@centos65 ~]# mount -t nfs server42:/srv/data /home/data
[root@centos65 ~]#

If this server42 has ip-address 10.0.0.42 then you can also write:
[root@centos65 ~]# mount -t nfs 10.0.0.42:/srv/data /home/data
[root@centos65 ~]# mount | grep data
10.0.0.42:/srv/data on /home/data type nfs (rw,vers=4,addr=10.0.0.42,clienta\
ddr=10.0.0.33)

18.6.3. nfs specific mount options

bg If mount fails, retry in background.
fg (default)If mount fails, retry in foreground.
soft Stop trying to mount after X attempts.
hard (default)Continue trying to mount.

The soft+bg options combined guarantee the fastest client boot if there are NFS problems.
retrans=X Try X times to connect (over udp).
tcp Force tcp (default and supported)
udp Force udp (unsupported)

193
 mounting

18.7. practice: mounting file systems

1. Mount the small 200MB partition on /home/project22.

2. Mount the big 400MB primary partition on /mnt, the copy some files to it (everything in /
etc). Then umount, and mount the file system as read only on /srv/nfs/salesnumbers. Where
are the files you copied ?

3. Verify your work with fdisk, df and mount. Also look in /etc/mtab and /proc/mounts.

4. Make both mounts permanent, test that it works.

5. What happens when you mount a file system on a directory that contains some files ?

6. What happens when you mount two file systems on the same mount point ?

7. (optional) Describe the difference between these commands: find, locate, updatedb, make-
whatis, whereis, apropos, which and type.

8. (optional) Perform a file system check on the partition mounted at /srv/nfs/salesnumbers.

194
 mounting

18.8. solution: mounting file systems

1. Mount the small 200MB partition on /home/project22.
mkdir /home/project22
mount /dev/sdc1 /home/project22

2. Mount the big 400MB primary partition on /mnt, the copy some files to it (everything in /
etc). Then umount, and mount the file system as read only on /srv/nfs/salesnumbers. Where
are the files you copied ?
mount /dev/sdb1 /mnt
cp -r /etc /mnt
ls -l /mnt

umount /mnt
ls -l /mnt

mkdir -p /srv/nfs/salesnumbers
mount /dev/sdb1 /srv/nfs/salesnumbers

You see the files in /srv/nfs/salenumbers now...

But physically they are on ext3 on partition /dev/sdb1

3. Verify your work with fdisk, df and mount. Also look in /etc/mtab and /proc/mounts.
fdisk -l
df -h
mount

All three the above commands should show your mounted partitions.

grep project22 /etc/mtab

grep project22 /proc/mounts

4. Make both mounts permanent, test that it works.

add the following lines to /etc/fstab

/dev/sdc1 /home/project22 auto defaults 0 0

/dev/sdb1 /srv/nfs/salesnumbers auto defaults 0 0

5. What happens when you mount a file system on a directory that contains some files ?
The files are hidden until umount.

6. What happens when you mount two file systems on the same mount point ?
Only the last mounted fs is visible.

195
 mounting

7. (optional) Describe the difference between these commands: find, locate, updatedb, make-
whatis, whereis, apropos, which and type.
man find
man locate
...

8. (optional) Perform a file system check on the partition mounted at /srv/nfs/salesnumbers.

# umount /srv/nfs/salesnumbers (optional but recommended)
# fsck /dev/sdb1

196
Part IX. boot management
Table of Contents
19. init and runlevels ........................................................................................................... 199
19.1. system init(ialization) ............................................................................................ 200
19.2. daemon or demon ? ............................................................................................... 205
19.3. starting and stopping daemons ................................................................................. 205
19.4. chkconfig ............................................................................................................ 206
19.5. update-rc.d ........................................................................................................... 208
19.6. bum .................................................................................................................... 209
19.7. runlevels ............................................................................................................. 210
19.8. systemd ............................................................................................................... 212
19.9. practice: init ......................................................................................................... 218
19.10. solution : init ...................................................................................................... 219

198
Chapter 19. init and runlevels
Many Unix and Linux distributions use init scripts to start daemons in the same way that
Unix System V did. This chapter will explain in detail how that works.

Init starts daemons by using scripts, where each script starts one daemon, and where each
script waits for the previous script to finish. This serial process of starting daemons is slow,
and although slow booting is not a problem on servers where uptime is measured in years,
the recent uptake of Linux on the desktop results in user complaints.

To improve Linux startup speed, Canonical has developed upstart, which was first used
in Ubuntu. Solaris also used init up to Solaris 9, for Solaris 10 Sun developed Service
Management Facility. Both systems start daemons in parallel and can replace the SysV init
scripts. There is also an ongoing effort to create initng (init next generation).

In 2014 the systemd initiative has taken a lead when after Fedora, RHEL7 and CentOS7
also Debian has chosen this to be the prefered replacement for init. The end of this module
contains an introduction to systemd.

199
 init and runlevels

19.1. system init(ialization)

19.1.1. process id 1
The kernel receives system control from the bootloader. After a while the kernel starts the
init daemon. The init daemon (/sbin/init) is the first daemon that is started and receives
process id 1 (PID 1). Init never dies.

19.1.2. configuration in /etc/inittab

When /sbin/init is started, it will first read its configuration file /etc/inittab. In that file, it
will look for the value of initdefault (3 in the screenshot below).
[paul@rhel4 ~]$ grep ^id /etc/inittab
id:3:initdefault:

19.1.3. initdefault
The value found in initdefault indicates the default runlevel. Some Linux distributions have
a brief description of runlevels in /etc/inittab, like here on Red Hat Enterprise Linux 4.
# Default runlevel. The runlevels used by RHS are:
# 0 - halt (Do NOT set initdefault to this)
# 1 - Single user mode
# 2 - Multiuser, without NFS (The same as 3, if you don't have network)
# 3 - Full multiuser mode
# 4 - unused
# 5 - X11
# 6 - reboot (Do NOT set initdefault to this)

Runlevel 0 means the system is shutting down. Runlevel 1 is used for troubleshooting, only
the root user can log on, and only at the console. Runlevel 3 is typical for servers, whereas
runlevel 5 is typical for desktops (graphical logon). Besides runlevels 0, 1 and 6, the use may
vary depending on the distribution. Debian and derived Linux systems have full network
and GUI logon on runlevels 2 to 5. So always verify the proper meaning of runlevels on
your system.

200
 init and runlevels

19.1.4. sysinit script

/etc/rc.d/rc.sysinit
The next line in /etc/inittab in Red Hat and derivatives is the following.
si::sysinit:/etc/rc.d/rc.sysinit

This means that independent of the selected runlevel, init will run the /etc/rc.d/rc.sysinit
script. This script initializes hardware, sets some basic environment, populates /etc/mtab
while mounting file systems, starts swap and more.
[paul@rhel ~]$ egrep -e"^# Ini" -e"^# Sta" -e"^# Che" /etc/rc.d/rc.sysinit
# Check SELinux status
# Initialize hardware
# Start the graphical boot, if necessary; /usr may not be mounted yet...
# Initialiaze ACPI bits
# Check filesystems
# Start the graphical boot, if necessary and not done yet.
# Check to see if SELinux requires a relabel
# Initialize pseudo-random number generator
# Start up swapping.
# Initialize the serial ports.

That egrep command could also have been written with grep like this :
grep "^# \(Ini\|Sta\|Che\)".

/etc/init.d/rcS
Debian has the following line after initdefault.
si::sysinit:/etc/init.d/rcS

The /etc/init.d/rcS script will always run on Debian (independent of the selected runlevel).
The script is actually running all scripts in the /etc/rcS.d/ directory in alphabetical order.
root@barry:~# cat /etc/init.d/rcS
#! /bin/sh
#
# rcS
#
# Call all S??* scripts in /etc/rcS.d/ in numerical/alphabetical order
#

exec /etc/init.d/rc S

201
 init and runlevels

19.1.5. rc scripts
Init will continue to read /etc/inittab and meets this section on Debian Linux.
l0:0:wait:/etc/init.d/rc 0
l1:1:wait:/etc/init.d/rc 1
l2:2:wait:/etc/init.d/rc 2
l3:3:wait:/etc/init.d/rc 3
l4:4:wait:/etc/init.d/rc 4
l5:5:wait:/etc/init.d/rc 5
l6:6:wait:/etc/init.d/rc 6

On Red Hat Enterprise Linux it is identical except init.d is rc.d.

l0:0:wait:/etc/rc.d/rc 0
l1:1:wait:/etc/rc.d/rc 1
l2:2:wait:/etc/rc.d/rc 2
l3:3:wait:/etc/rc.d/rc 3
l4:4:wait:/etc/rc.d/rc 4
l5:5:wait:/etc/rc.d/rc 5
l6:6:wait:/etc/rc.d/rc 6

In both cases, this means that init will start the rc script with the runlevel as the only para-
meter. Actually /etc/inittab has fields separated by colons. The second field determines the
runlevel in which this line should be executed. So in both cases, only one line of the seven
will be executed, depending on the runlevel set by initdefault.

19.1.6. rc directories
When you take a look any of the /etc/rcX.d/ directories, then you will see a lot of (links to)
scripts who's name start with either uppercase K or uppercase S.
[root@RHEL52 rc3.d]# ls -l | tail -4
lrwxrwxrwx 1 root root 19 Oct 11 2008 S98haldaemon -> ../init.d/haldaemon
lrwxrwxrwx 1 root root 19 Oct 11 2008 S99firstboot -> ../init.d/firstboot
lrwxrwxrwx 1 root root 11 Jan 21 04:16 S99local -> ../rc.local
lrwxrwxrwx 1 root root 16 Jan 21 04:17 S99smartd -> ../init.d/smartd

The /etc/rcX.d/ directories only contain links to scripts in /etc/init.d/. Links allow for the
script to have a different name. When entering a runlevel, all scripts that start with uppercase
K or uppercase S will be started in alphabetical order. Those that start with K will be started
first, with stop as the only parameter. The remaining scripts with S will be started with start
as the only parameter.

All this is done by the /etc/rc.d/rc script on Red Hat and by the /etc/init.d/rc script on
Debian.

202
 init and runlevels

19.1.7. mingetty
mingetty in /etc/inittab
Almost at the end of /etc/inittab there is a section to start and respawn several mingetty
daemons.
[root@RHEL4b ~]# grep getty /etc/inittab
# Run gettys in standard runlevels
1:2345:respawn:/sbin/mingetty tty1
2:2345:respawn:/sbin/mingetty tty2
3:2345:respawn:/sbin/mingetty tty3
4:2345:respawn:/sbin/mingetty tty4
5:2345:respawn:/sbin/mingetty tty5
6:2345:respawn:/sbin/mingetty tty6

mingetty and /bin/login

This /sbin/mingetty will display a message on a virtual console and allow you to type a
userid. Then it executes the /bin/login command with that userid. The /bin/login program
will verify whether that user exists in /etc/passwd and prompt for (and verify) a password.
If the password is correct, /bin/login passes control to the shell listed in /etc/passwd.

respawning mingetty
The mingetty daemons are started by init and watched until they die (user exits the shell and
is logged out). When this happens, the init daemon will respawn a new mingetty. So even
if you kill a mingetty daemon, it will be restarted automatically.

This example shows that init respawns mingetty daemons. Look at the PID's of the last two
mingetty processes.

[root@RHEL52 ~]# ps -C mingetty

PID TTY TIME CMD
2407 tty1 00:00:00 mingetty
2408 tty2 00:00:00 mingetty
2409 tty3 00:00:00 mingetty
2410 tty4 00:00:00 mingetty
2411 tty5 00:00:00 mingetty
2412 tty6 00:00:00 mingetty

When we kill the last two mingettys, then init will notice this and start them again (with
a different PID).

[root@RHEL52 ~]# kill 2411 2412

[root@RHEL52 ~]# ps -C mingetty
PID TTY TIME CMD
2407 tty1 00:00:00 mingetty
2408 tty2 00:00:00 mingetty
2409 tty3 00:00:00 mingetty
2410 tty4 00:00:00 mingetty
2821 tty5 00:00:00 mingetty
2824 tty6 00:00:00 mingetty

203
 init and runlevels

disabling a mingetty
You can disable a mingetty for a certain tty by removing the runlevel from the second field
in its line in /etc/inittab. Don't forget to tell init about the change of its configuration file
with kill -1 1.

The example below shows how to disable mingetty on tty3 to tty6 in runlevels 4 and 5.

[root@RHEL52 ~]# grep getty /etc/inittab

# Run gettys in standard runlevels
1:2345:respawn:/sbin/mingetty tty1
2:2345:respawn:/sbin/mingetty tty2
3:23:respawn:/sbin/mingetty tty3
4:23:respawn:/sbin/mingetty tty4
5:23:respawn:/sbin/mingetty tty5
6:23:respawn:/sbin/mingetty tty6

204
 init and runlevels

19.2. daemon or demon ?

A daemon is a process that runs in background, without a link to a GUI or terminal. Daemons
are usually started at system boot, and stay alive until the system shuts down. In more recent
technical writings, daemons are often refered to as services.

Unix daemons are not to be confused with demons. Evi Nemeth, co-author of the UNIX
System Administration Handbook has the following to say about daemons:

Many people equate the word "daemon" with the word "demon", implying some kind of sa-
tanic connection between UNIX and the underworld. This is an egregious misunderstand-
ing. "Daemon" is actually a much older form of "demon"; daemons have no particular bias
towards good or evil, but rather serve to help define a person's character or personality.
The ancient Greeks' concept of a "personal daemon" was similar to the modern concept of
a "guardian angel" ....

19.3. starting and stopping daemons

The K and S scripts are links to the real scripts in /etc/init.d/. These can also be used when the
system is running to start and stop daemons (or services). Most of them accept the following
parameters: start, stop, restart, status.

For example in this screenshot we restart the samba daemon.

root@laika:~# /etc/init.d/samba restart
* Stopping Samba daemons... [ OK ]
* Starting Samba daemons... [ OK ]

You can achieve the same result on RHEL/Fedora with the service command.
[root@RHEL4b ~]# service smb restart
Shutting down SMB services: [ OK ]
Shutting down NMB services: [ OK ]
Starting SMB services: [ OK ]
Starting NMB services: [ OK ]

You might also want to take a look at chkconfig, update-rc.d.

205
 init and runlevels

19.4. chkconfig
The purpose of chkconfig is to relieve system administrators of manually managing all the
links and scripts in /etc/init.d and /etc/rcX.d/.

19.4.1. chkconfig --list

Here we use chkconfig to list the status of a service in the different runlevels. You can see
that the crond daemon (or service) is only activated in runlevels 2 to 5.
[root@RHEL52 ~]# chkconfig --list crond
crond 0:off 1:off 2:on 3:on 4:on 5:on 6:off

When you compare the screenshot above with the one below, you can see that off equals to
a K link to the script, whereas on equals to an S link.
[root@RHEL52 etc]# find ./rc?.d/ -name \*crond -exec ls -l {} \;|cut -b40-
./rc0.d/K60crond -> ../init.d/crond
./rc1.d/K60crond -> ../init.d/crond
./rc2.d/S90crond -> ../init.d/crond
./rc3.d/S90crond -> ../init.d/crond
./rc4.d/S90crond -> ../init.d/crond
./rc5.d/S90crond -> ../init.d/crond
./rc6.d/K60crond -> ../init.d/crond

19.4.2. runlevel configuration

Here you see how to use chkconfig to disable (or enable) a service in a certain runlevel.

This screenshot shows how to disable crond in runlevel 3.

[root@RHEL52 ~]# chkconfig --level 3 crond off
[root@RHEL52 ~]# chkconfig --list crond
crond 0:off 1:off 2:on 3:off 4:on 5:on 6:off

This screenshot shows how to enable crond in runlevels 3 and 4.

[root@RHEL52 ~]# chkconfig --level 34 crond on
[root@RHEL52 ~]# chkconfig --list crond
crond 0:off 1:off 2:on 3:on 4:on 5:on 6:off

206
 init and runlevels

19.4.3. chkconfig configuration

Every script in /etc/init.d/ can have (comment) lines to tell chkconfig what to do with the
service. The line with # chkconfig: contains the runlevels in which the service should be
started (2345), followed by the priority for start (90) and stop (60).
[root@RHEL52 ~]# head -9 /etc/init.d/crond | tail -5
# chkconfig: 2345 90 60
# description: cron is a standard UNIX program that runs user-specified
# programs at periodic scheduled times. vixie cron adds a
# number of features to the basic UNIX cron, including better
# security and more powerful configuration options.

19.4.4. enable and disable services

Services can be enabled or disabled in all runlevels with one command. Runlevels 0, 1 and
6 are always stopping services (or calling the scripts with stop) even when their name starts
with uppercase S.
[root@RHEL52 ~]# chkconfig crond off
[root@RHEL52 ~]# chkconfig --list crond
crond 0:off 1:off 2:off 3:off 4:off 5:off 6:off
[root@RHEL52 ~]# chkconfig crond on
[root@RHEL52 ~]# chkconfig --list crond
crond 0:off 1:off 2:on 3:on 4:on 5:on 6:off

207
 init and runlevels

19.5. update-rc.d
19.5.1. about update-rc.d
The Debian equivalent of chkconfig is called update-rc.d. This tool is designed for use in
scripts, if you prefer a graphical tool then look at bum.

When there are existing links in /etc/rcX.d/ then update-rc.d does not do anything. This is
to avoid that post installation scripts using update-rc.d are overwriting changes made by
a system administrator.
root@barry:~# update-rc.d cron remove
update-rc.d: /etc/init.d/cron exists during rc.d purge (use -f to force)

As you can see in the next screenshot, nothing changed for the cron daemon.
root@barry:~# find /etc/rc?.d/ -name '*cron' -exec ls -l {} \;|cut -b44-
/etc/rc0.d/K11cron -> ../init.d/cron
/etc/rc1.d/K11cron -> ../init.d/cron
/etc/rc2.d/S89cron -> ../init.d/cron
/etc/rc3.d/S89cron -> ../init.d/cron
/etc/rc4.d/S89cron -> ../init.d/cron
/etc/rc5.d/S89cron -> ../init.d/cron
/etc/rc6.d/K11cron -> ../init.d/cron

19.5.2. removing a service

Here we remove cron from all runlevels. Remember that the proper way to disable a service
is to put K scripts oin all runlevels!
root@barry:~# update-rc.d -f cron remove
Removing any system startup links for /etc/init.d/cron ...
/etc/rc0.d/K11cron
/etc/rc1.d/K11cron
/etc/rc2.d/S89cron
/etc/rc3.d/S89cron
/etc/rc4.d/S89cron
/etc/rc5.d/S89cron
/etc/rc6.d/K11cron
root@barry:~# find /etc/rc?.d/ -name '*cron' -exec ls -l {} \;|cut -b44-
root@barry:~#

19.5.3. enable a service

This screenshot shows how to use update-rc.d to enable a service in runlevels 2, 3, 4 and
5 and disable the service in runlevels 0, 1 and 6.
root@barry:~# update-rc.d cron defaults
Adding system startup for /etc/init.d/cron ...
/etc/rc0.d/K20cron -> ../init.d/cron
/etc/rc1.d/K20cron -> ../init.d/cron
/etc/rc6.d/K20cron -> ../init.d/cron
/etc/rc2.d/S20cron -> ../init.d/cron
/etc/rc3.d/S20cron -> ../init.d/cron
/etc/rc4.d/S20cron -> ../init.d/cron
/etc/rc5.d/S20cron -> ../init.d/cron

208
 init and runlevels

19.5.4. customize a service

And here is an example on how to set your custom configuration for the cron daemon.
root@barry:~# update-rc.d -n cron start 11 2 3 4 5 . stop 89 0 1 6 .
Adding system startup for /etc/init.d/cron ...
/etc/rc0.d/K89cron -> ../init.d/cron
/etc/rc1.d/K89cron -> ../init.d/cron
/etc/rc6.d/K89cron -> ../init.d/cron
/etc/rc2.d/S11cron -> ../init.d/cron
/etc/rc3.d/S11cron -> ../init.d/cron
/etc/rc4.d/S11cron -> ../init.d/cron
/etc/rc5.d/S11cron -> ../init.d/cron

19.6. bum
This screenshot shows bum in advanced mode.

209
 init and runlevels

19.7. runlevels
19.7.1. display the runlevel
You can see your current runlevel with the runlevel or who -r commands.

The runlevel command is typical Linux and will output the previous and the current runlevel.
If there was no previous runlevel, then it will mark it with the letter N.
[root@RHEL4b ~]# runlevel
N 3

The history of who -r dates back to Seventies Unix, it still works on Linux.
[root@RHEL4b ~]# who -r
run-level 3 Jul 28 09:15 last=S

19.7.2. changing the runlevel

You can switch to another runlevel with the telinit command. On Linux /sbin/telinit is
usually a (hard) link to /sbin/init.

This screenshot shows how to switch from runlevel 2 to runlevel 3 without reboot.
root@barry:~# runlevel
N 2
root@barry:~# init 3
root@barry:~# runlevel
2 3

19.7.3. /sbin/shutdown
The shutdown command is used to properly shut down a system.

Common switches used with shutdown are -a, -t, -h and -r.

The -a switch forces /sbin/shutdown to use /etc/shutdown.allow. The -t switch is used

to define the number of seconds between the sending of the TERM signal and the KILL
signal. The -h switch halts the system instead of changing to runlevel 1. The -r switch tells
/sbin/shutdown to reboot after shutting down.

This screenshot shows how to use shutdown with five seconds between TERM and KILL
signals.
root@barry:~# shutdown -t5 -h now

The now is the time argument. This can be +m for the number of minutes to wait before
shutting down (with now as an alias for +0. The command will also accept hh:mm instead
of +m.

19.7.4. halt, reboot and poweroff

The binary /sbin/reboot is the same as /sbin/halt and /sbin/poweroff. Depending on the
name we use to call the command, it can behave differently.

210
 init and runlevels

When in runlevel 0 or 6 halt, reboot and poweroff will tell the kernel to halt, reboot or
poweroff the system.

When not in runlevel 0 or 6, typing reboot as root actually calls the shutdown command
with the -r switch and typing poweroff will switch off the power when halting the system.

19.7.5. /var/log/wtmp
halt, reboot and poweroff all write to /var/log/wtmp. To look at /var/log/wtmp, we need
to use th last.
[root@RHEL52 ~]# last | grep reboot
reboot system boot 2.6.18-128.el5 Fri May 29 11:44 (192+05:01)
reboot system boot 2.6.18-128.el5 Wed May 27 12:10 (06:49)
reboot system boot 2.6.18-128.el5 Mon May 25 19:34 (1+15:59)
reboot system boot 2.6.18-128.el5 Mon Feb 9 13:20 (106+21:13)

19.7.6. Ctrl-Alt-Del
When rc is finished starting all those scripts, init will continue to read /etc/inittab. The next
line is about what to do when the user hits Ctrl-Alt-Delete on the keyboard.

Here is what Debian 4.0 does.

root@barry:~# grep -i ctrl /etc/inittab
# What to do when CTRL-ALT-DEL is pressed.
ca:12345:ctrlaltdel:/sbin/shutdown -t1 -a -r now

Which is very similar to the default Red Hat Enterprise Linux 5.2 action.
[root@RHEL52 ~]# grep -i ctrl /etc/inittab
# Trap CTRL-ALT-DELETE
ca::ctrlaltdel:/sbin/shutdown -t3 -r now

One noticable difference is that Debian forces shutdown to use /etc/shutdown.allow, where
Red Hat allows everyone to invoke shutdown pressing Ctrl-Alt-Delete.

19.7.7. UPS and loss of power

[root@RHEL52 ~]# grep ^p /etc/inittab
pf::powerfail:/sbin/shutdown -f -h +2 "Power Failure; System Shutting Down"
pr:12345:powerokwait:/sbin/shutdown -c "Power Restored; Shutdown Cancelled"

It will read commands on what to execute in case of powerfailure, powerok and Ctrl-Alt-
Delete. The init process never stops keeping an eye on power failures and that triple key
combo.
root@barry:~# grep ^p /etc/inittab
pf::powerwait:/etc/init.d/powerfail start
pn::powerfailnow:/etc/init.d/powerfail now
po::powerokwait:/etc/init.d/powerfail stop

211
 init and runlevels

19.8. systemd
It is likely that systemd will replace all the standard init/runlevel/rc functionality. Both Red
Hat and Debian have decided in 2014 that systemd will be replacing init in future releases
(RHEL7/CentOS7 and Debian 8).

The screenshot below shows systemd running as pid 1 on RHEL7.

[root@rhel7 ~]# ps fax | grep systemd | cut -c1-76
1 ? Ss 0:01 /usr/lib/systemd/systemd --switched-root --system
505 ? Ss 0:00 /usr/lib/systemd/systemd-journald
545 ? Ss 0:00 /usr/lib/systemd/systemd-udevd
670 ? Ss 0:00 /usr/lib/systemd/systemd-logind
677 ? Ssl 0:00 /bin/dbus-daemon --system --address=systemd: --no
2662 pts/1 S+ 0:00 \_ grep --color=auto systemd
[root@rhel7 ~]#

Debian 8 (not yet released in September 2014) uses parts of systemd, but still has init as
pid 1.
root@debian8:~# ps fax | grep systemd
2042 ? S 0:00 /sbin/cgmanager --daemon -m name=systemd
10127 pts/4 S+ 0:00 | \_ grep systemd
2777 ? S 0:00 /lib/systemd/systemd-logind
root@debian8:~#

212
 init and runlevels

19.8.1. systemd targets

The first command to learn is systemctl list-units --type=target (or the shorter version
systemctl -t target). It will show you the different targets on the system.
[root@rhel7 ~]# systemctl list-units --type=target
UNIT LOAD ACTIVE SUB DESCRIPTION
basic.target loaded active active Basic System
cryptsetup.target loaded active active Encrypted Volumes
getty.target loaded active active Login Prompts
graphical.target loaded active active Graphical Interface
local-fs-pre.target loaded active active Local File Systems (Pre)
local-fs.target loaded active active Local File Systems
multi-user.target loaded active active Multi-User System
network.target loaded active active Network
nfs.target loaded active active Network File System Server
paths.target loaded active active Paths
remote-fs.target loaded active active Remote File Systems
slices.target loaded active active Slices
sockets.target loaded active active Sockets
swap.target loaded active active Swap
sysinit.target loaded active active System Initialization
timers.target loaded active active Timers

LOAD = Reflects whether the unit definition was properly loaded.

ACTIVE = The high-level unit activation state, i.e. generalization of SUB.
SUB = The low-level unit activation state, values depend on unit type.

16 loaded units listed. Pass --all to see loaded but inactive units, too.
To show all installed unit files use 'systemctl list-unit-files'.
[root@rhel7 ~]#

Targets are the replacement of runlevels and define specific points to reach when booting
the system. For example the graphical.target is reached when you get a graphical interface,
and the nfs.target requires a running nfs server.

To switch to a target (for example multi-user.target), we now use systemctl isolate (instead
of the equivalent init 3 to change the runlevel).
[root@rhel7 ~]# ps fax | wc -l
169
[root@rhel7 ~]# systemctl isolate multi-user.target
[root@rhel7 ~]# ps fax | wc -l
129
[root@rhel7 ~]#

To change the default target, we again use this systemctl command (instead of editing the
/etc/inittab file).
[root@rhel7 ~]# systemctl enable multi-user.target --force
rm '/etc/systemd/system/default.target'
ln -s '/usr/lib/systemd/system/multi-user.target' '/etc/systemd/system/default\
.target'
[root@rhel7 ~]#

This command removed the file /etc/systemd/system/default.target and replaced it with a

symbolic link to the multi-user-.target target.

213
 init and runlevels

19.8.2. systemd dependencies

Dependencies are no longer defined by alfabetical order of running scripts, but by config-
uration in /etc/systemd/system/. For example here are the required services for the mul-
ti-user.target on Red Hat Enterprise 7.
[root@rhel7 ~]# ls /etc/systemd/system/multi-user.target.wants/
abrt-ccpp.service hypervkvpd.service postfix.service
abrtd.service hypervvssd.service remote-fs.target
abrt-oops.service irqbalance.service rhsmcertd.service
abrt-vmcore.service ksm.service rngd.service
abrt-xorg.service ksmtuned.service rpcbind.service
atd.service libstoragemgmt.service rsyslog.service
auditd.service libvirtd.service smartd.service
avahi-daemon.service mdmonitor.service sshd.service
chronyd.service ModemManager.service sysstat.service
crond.service NetworkManager.service tuned.service
cups.path nfs.target vmtoolsd.service
[root@rhel7 ~]#

Debian8 is not fully migrated yet.

root@debian8:~# ls /etc/systemd/system/multi-user.target.wants/
anacron.service binfmt-support.service pppd-dns.service ssh.service
atd.service fancontrol.service remote-fs.target
avahi-daemon.service lm-sensors.service rsyslog.service

Typical rc scripts are replaced with services. Issue the systemctl list-units -t service --all
(or systemctl -at service) to get a list of all services on your system.
[root@rhel7 ~]# systemctl -at service | head -5 | column -t | cut -c1-78
UNIT LOAD ACTIVE SUB DESCRIPTION
abrt-ccpp.service loaded active exited Install ABRT coredump
abrt-oops.service loaded active running ABRT kernel log
abrt-vmcore.service loaded inactive dead Harvest vmcores for
abrt-xorg.service loaded active running ABRT Xorg log
[root@rhel7 ~]#

And here an example on how to see the status of the sshd service.
[root@rhel7 ~]# systemctl status sshd.service
sshd.service - OpenSSH server daemon
Loaded: loaded (/usr/lib/systemd/system/sshd.service; enabled)
Active: active (running) since Wed 2014-09-10 13:42:21 CEST; 55min ago
Main PID: 1400 (sshd)
CGroup: /system.slice/sshd.service
--1400 /usr/sbin/sshd -D

Sep 10 13:42:21 rhel7 systemd[1]: Started OpenSSH server daemon.

Sep 10 13:42:21 rhel7 sshd[1400]: Server listening on 0.0.0.0 port 22.
Sep 10 13:42:21 rhel7 sshd[1400]: Server listening on :: port 22.
[root@rhel7 ~]#

214
 init and runlevels

19.8.3. systemd services

The chkconfig and service commands are considered 'legacy'. They are replaced with sys-
temctl.

This screenshot shows the new way to start and stop a service.
[root@rhel7 ~]# systemctl start crond.service
[root@rhel7 ~]# systemctl show crond.service | grep State
LoadState=loaded
ActiveState=active
SubState=running
UnitFileState=enabled
[root@rhel7 ~]# systemctl stop crond.service
[root@rhel7 ~]# systemctl show crond.service | grep State
LoadState=loaded
ActiveState=inactive
SubState=dead
UnitFileState=enabled
[root@rhel7 ~]#

And here is the new way to stop and disable a service.

[root@rhel7 ~]# systemctl stop crond.service
[root@rhel7 ~]# systemctl disable crond.service
rm '/etc/systemd/system/multi-user.target.wants/crond.service'
[root@rhel7 ~]# systemctl show crond.service | grep State
LoadState=loaded
ActiveState=inactive
SubState=dead
UnitFileState=disabled
[root@rhel7 ~]#

This screenshot shows how to enable and start the service again.
[root@rhel7 ~]# systemctl enable crond.service
ln -s '/usr/lib/systemd/system/crond.service' '/etc/systemd/system/multi-user.\
target.wants/crond.service'
[root@rhel7 ~]# systemctl start crond.service
[root@rhel7 ~]# systemctl show crond.service | grep State
LoadState=loaded
ActiveState=active
SubState=running
UnitFileState=enabled
[root@rhel7 ~]#

215
 init and runlevels

19.8.4. systemd signalling

You can also use systemd to kill problematic services.
[root@rhel7 ~]# systemctl show crond.service | grep State
LoadState=loaded
ActiveState=active
SubState=running
UnitFileState=enabled
[root@rhel7 ~]# systemctl kill -s SIGKILL crond.service
[root@rhel7 ~]# systemctl show crond.service | grep State
LoadState=loaded
ActiveState=failed
SubState=failed
UnitFileState=enabled
[root@rhel7 ~]#

19.8.5. systemd shutdown

The poweroff, halt and reboot commands are considered legacy now and are handeld by
systemctl. The table below shows the legacy commands on the left and their new systemd
equivalent on the right.

Table 19.1. systemd power management

legacy command systemd command
poweroff systemctl poweroff
reboot systemctl reboot
halt systemctl halt
pm-suspend systemctl suspend
pm-hibernate systemctl hibernate

19.8.6. remote systemd

The systemctl utility has a buil-in remote control providing there is an ssh daemon running
on the remote system.

This screenshot shows how to use systemctl to verify a service on an other RHEL server.
[root@rhel7 ~]# systemctl -H [email protected] status sshd
[email protected]'s password:
sshd.service - OpenSSH server daemon
Loaded: loaded (/usr/lib/systemd/system/sshd.service; enabled)
Active: active (running) since Thu 2014-09-11 13:04:10 CEST; 16min ago
Process: 1328 ExecStartPre=/usr/sbin/sshd-keygen (code=exited, status=0/SUCCE\
SS)
Main PID: 1363 (sshd)
CGroup: /system.slice/sshd.service
[root@rhel7 ~]#

216
 init and runlevels

19.8.7. there is more systemd

There are other tools...
systemd-analyze systemd-loginctl
systemd-ask-password systemd-machine-id-setup
systemd-cat systemd-notify
systemd-cgls systemd-nspawn
systemd-cgtop systemd-run
systemd-coredumpctl systemd-stdio-bridge
systemd-delta systemd-sysv-convert
systemd-detect-virt systemd-tmpfiles
systemd-inhibit systemd-tty-ask-password-agent

For example systemd-analyze blame will give you an overview of the time it took for each
service to boot.
[root@rhel7 ~]# systemd-analyze blame | head
1.977s firewalld.service
1.096s tuned.service
993ms postfix.service
939ms iprinit.service
925ms vboxadd-x11.service
880ms firstboot-graphical.service
839ms accounts-daemon.service
829ms network.service
822ms iprupdate.service
795ms boot.mount
[root@rhel7 ~]#

217
 init and runlevels

19.9. practice: init

1. Change /etc/inittab so that only two mingetty's are respawned. Kill the other mingetty's
and verify that they don't come back.

2. Use the Red Hat Enterprise Linux virtual machine. Go to runlevel 5, display the current
and previous runlevel, then go back to runlevel 3.

3. Is the sysinit script on your computers setting or changing the PATH environment vari-
able ?

4. List all init.d scripts that are started in runlevel 2.

5. Write a script that acts like a daemon script in /etc/init.d/. It should have a case statement
to act on start/stop/restart and status. Test the script!

6. Use chkconfig to setup your script to start in runlevels 3,4 and 5, and to stop in any other
runlevel.

218
 init and runlevels

19.10. solution : init

1. Change /etc/inittab so that only two mingetty's are respawned. Kill the other mingetty's
and verify that they don't come back.

Killing the mingetty's will result in init respawning them. You can edit /etc/inittab so it
looks like the screenshot below. Don't forget to also run kill -1 1.

[root@RHEL5 ~]# grep tty /etc/inittab

# Run gettys in standard runlevels
1:2345:respawn:/sbin/mingetty tty1
2:2345:respawn:/sbin/mingetty tty2
3:2:respawn:/sbin/mingetty tty3
4:2:respawn:/sbin/mingetty tty4
5:2:respawn:/sbin/mingetty tty5
6:2:respawn:/sbin/mingetty tty6
[root@RHEL5 ~]#

2. Use the Red Hat Enterprise Linux virtual machine. Go to runlevel 5, display the current
and previous runlevel, then go back to runlevel 3.

init 5 (watch the console for the change taking place)

runlevel
init 3 (again you can follow this on the console)

3. Is the sysinit script on your computers setting or changing the PATH environment vari-
able ?

On Red Hat, grep for PATH in /etc/rc.sysinit, on Debian/Ubuntu check /etc/rc.local and /
etc/ini.t/rc.local. The answer is probably no, but on RHEL5 the rc.sysinit script does set
the HOSTNAME variable.

[root@RHEL5 etc]# grep HOSTNAME rc.sysinit

4. List all init.d scripts that are started in runlevel 2.

root@RHEL5 ~# chkconfig --list | grep '2:on'

5. Write a script that acts like a daemon script in /etc/init.d/. It should have a case statement
to act on start/stop/restart and status. Test the script!

The script could look something like this.

#!/bin/bash
#
# chkconfig: 345 99 01
# description: pold demo script
#
# /etc/init.d/pold

219
 init and runlevels

case "$1" in
start)
echo -n "Starting pold..."
sleep 1;
touch /var/lock/subsys/pold
echo "done."
echo pold started >> /var/log/messages
;;
stop)
echo -n "Stopping pold..."
sleep 1;
rm -rf /var/lock/subsys/pold
echo "done."
echo pold stopped >> /var/log/messages
;;
*)
echo "Usage: /etc/init.d/pold {start|stop}"
exit 1
;;
esac
exit 0

The touch /var/lock/subsys/pold is mandatory and must be the same filename as the script
name, if you want the stop sequence (the K01pold link) to be run.

6. Use chkconfig to setup your script to start in runlevels 3,4 and 5, and to stop in any other
runlevel.
chkconfig --add pold

The command above will only work when the # chkconfig: and # description: lines in the
pold script are there.

220
Part X. system management
Table of Contents
20. scheduling ..................................................................................................................... 223
20.1. one time jobs with at ............................................................................................. 224
20.2. cron .................................................................................................................... 226
20.3. practice : scheduling .............................................................................................. 228
20.4. solution : scheduling .............................................................................................. 229
21. logging .......................................................................................................................... 230
21.1. login logging ........................................................................................................ 231
21.2. syslogd ............................................................................................................... 234
21.3. logger ................................................................................................................. 237
21.4. watching logs ....................................................................................................... 237
21.5. rotating logs ......................................................................................................... 238
21.6. practice : logging .................................................................................................. 239
21.7. solution : logging .................................................................................................. 240
22. memory management ..................................................................................................... 242
22.1. displaying memory and cache ................................................................................. 243
22.2. managing swap space ............................................................................................ 244
22.3. monitoring memory with vmstat .............................................................................. 246
22.4. practice : memory ................................................................................................. 247
22.5. solution : memory ................................................................................................. 248
23. resource monitoring ....................................................................................................... 249
23.1. four basic resources ............................................................................................... 250
23.2. top ..................................................................................................................... 250
23.3. free .................................................................................................................... 250
23.4. watch .................................................................................................................. 251
23.5. vmstat ................................................................................................................. 251
23.6. iostat .................................................................................................................. 252
23.7. mpstat ................................................................................................................. 253
23.8. sadc and sar ......................................................................................................... 253
23.9. ntop .................................................................................................................... 254
23.10. iftop .................................................................................................................. 254
23.11. iptraf ................................................................................................................. 254
23.12. nmon ................................................................................................................ 255
23.13. htop .................................................................................................................. 255

222
Chapter 20. scheduling
Linux administrators use the at to schedule one time jobs. Recurring jobs are better sched-
uled with cron. The next two sections will discuss both tools.

223
 scheduling

20.1. one time jobs with at

20.1.1. at
Simple scheduling can be done with the at command. This screenshot shows the scheduling
of the date command at 22:01 and the sleep command at 22:03.
root@laika:~# at 22:01
at> date
at> <EOT>
job 1 at Wed Aug 1 22:01:00 2007
root@laika:~# at 22:03
at> sleep 10
at> <EOT>
job 2 at Wed Aug 1 22:03:00 2007
root@laika:~#

In real life you will hopefully be scheduling more useful commands ;-)

20.1.2. atq
It is easy to check when jobs are scheduled with the atq or at -l commands.
root@laika:~# atq
1 Wed Aug 1 22:01:00 2007 a root
2 Wed Aug 1 22:03:00 2007 a root
root@laika:~# at -l
1 Wed Aug 1 22:01:00 2007 a root
2 Wed Aug 1 22:03:00 2007 a root
root@laika:~#

The at command understands English words like tomorrow and teatime to schedule com-
mands the next day and at four in the afternoon.
root@laika:~# at 10:05 tomorrow
at> sleep 100
at> <EOT>
job 5 at Thu Aug 2 10:05:00 2007
root@laika:~# at teatime tomorrow
at> tea
at> <EOT>
job 6 at Thu Aug 2 16:00:00 2007
root@laika:~# atq
6 Thu Aug 2 16:00:00 2007 a root
5 Thu Aug 2 10:05:00 2007 a root
root@laika:~#

224
 scheduling

20.1.3. atrm
Jobs in the at queue can be removed with atrm.
root@laika:~# atq
6 Thu Aug 2 16:00:00 2007 a root
5 Thu Aug 2 10:05:00 2007 a root
root@laika:~# atrm 5
root@laika:~# atq
6 Thu Aug 2 16:00:00 2007 a root
root@laika:~#

20.1.4. at.allow and at.deny

You can also use the /etc/at.allow and /etc/at.deny files to manage who can schedule jobs
with at.

The /etc/at.allow file can contain a list of users that are allowed to schedule at jobs. When
/etc/at.allow does not exist, then everyone can use at unless their username is listed in /
etc/at.deny.

If none of these files exist, then everyone can use at.

225
 scheduling

20.2. cron
20.2.1. crontab file
The crontab(1) command can be used to maintain the crontab(5) file. Each user can have
their own crontab file to schedule jobs at a specific time. This time can be specified with
five fields in this order: minute, hour, day of the month, month and day of the week. If a
field contains an asterisk (*), then this means all values of that field.

The following example means : run script42 eight minutes after two, every day of the month,
every month and every day of the week.
8 14 * * * script42

Run script8472 every month on the first of the month at 25 past midnight.
25 0 1 * * script8472

Run this script33 every two minutes on Sunday (both 0 and 7 refer to Sunday).
*/2 * * * 0

Instead of these five fields, you can also type one of these: @reboot, @yearly or @annually,
@monthly, @weekly, @daily or @midnight, and @hourly.

20.2.2. crontab command

Users should not edit the crontab file directly, instead they should type crontab -e which
will use the editor defined in the EDITOR or VISUAL environment variable. Users can
display their cron table with crontab -l.

20.2.3. cron.allow and cron.deny

The cron daemon crond is reading the cron tables, taking into account the /etc/cron.allow
and /etc/cron.deny files.

These files work in the same way as at.allow and at.deny. When the cron.allow file exists,
then your username has to be in it, otherwise you cannot use cron. When the cron.allow file
does not exists, then your username cannot be in the cron.deny file if you want to use cron.

226
 scheduling

20.2.4. /etc/crontab
The /etc/crontab file contains entries for when to run hourly/daily/weekly/monthly tasks.
It will look similar to this output.
SHELL=/bin/sh
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin

20 3 * * * root run-parts --report /etc/cron.daily

40 3 * * 7 root run-parts --report /etc/cron.weekly
55 3 1 * * root run-parts --report /etc/cron.monthly

20.2.5. /etc/cron.*
The directories shown in the next screenshot contain the tasks that are run at the times sched-
uled in /etc/crontab. The /etc/cron.d directory is for special cases, to schedule jobs that
require finer control than hourly/daily/weekly/monthly.
paul@laika:~$ ls -ld /etc/cron.*
drwxr-xr-x 2 root root 4096 2008-04-11 09:14 /etc/cron.d
drwxr-xr-x 2 root root 4096 2008-04-19 15:04 /etc/cron.daily
drwxr-xr-x 2 root root 4096 2008-04-11 09:14 /etc/cron.hourly
drwxr-xr-x 2 root root 4096 2008-04-11 09:14 /etc/cron.monthly
drwxr-xr-x 2 root root 4096 2008-04-11 09:14 /etc/cron.weekly

20.2.6. /etc/cron.*
Note that Red Hat uses anacron to schedule daily, weekly and monthly cron jobs.
root@rhel65:/etc# cat anacrontab
# /etc/anacrontab: configuration file for anacron

# See anacron(8) and anacrontab(5) for details.

SHELL=/bin/sh
PATH=/sbin:/bin:/usr/sbin:/usr/bin
MAILTO=root
# the maximal random delay added to the base delay of the jobs
RANDOM_DELAY=45
# the jobs will be started during the following hours only
START_HOURS_RANGE=3-22

#period in days delay in minutes job-identifier command

1 5 cron.daily nice run-parts /etc/cron.daily
7 25 cron.weekly nice run-parts /etc/cron.weekly
@monthly 45 cron.monthly nice run-parts /etc/cron.monthly
root@rhel65:/etc#

227
 scheduling

20.3. practice : scheduling

1. Schedule two jobs with at, display the at queue and remove a job.

2. As normal user, use crontab -e to schedule a script to run every four minutes.

3. As root, display the crontab file of your normal user.

4. As the normal user again, remove your crontab file.

5. Take a look at the cron files and directories in /etc and understand them. What is the run-
parts command doing ?

228
 scheduling

20.4. solution : scheduling

1. Schedule two jobs with at, display the at queue and remove a job.
root@rhel55 ~# at 9pm today
at> echo go to bed >> /root/todo.txt
at> <EOT>
job 1 at 2010-11-14 21:00
root@rhel55 ~# at 17h31 today
at> echo go to lunch >> /root/todo.txt
at> <EOT>
job 2 at 2010-11-14 17:31
root@rhel55 ~# atq
2 2010-11-14 17:31 a root
1 2010-11-14 21:00 a root
root@rhel55 ~# atrm 1
root@rhel55 ~# atq
2 2010-11-14 17:31 a root
root@rhel55 ~# date
Sun Nov 14 17:31:01 CET 2010
root@rhel55 ~# cat /root/todo.txt
go to lunch

2. As normal user, use crontab -e to schedule a script to run every four minutes.
paul@rhel55 ~$ crontab -e
no crontab for paul - using an empty one
crontab: installing new crontab

3. As root, display the crontab file of your normal user.

root@rhel55 ~# crontab -l -u paul
*/4 * * * * echo `date` >> /home/paul/crontest.txt

4. As the normal user again, remove your crontab file.

paul@rhel55 ~$ crontab -r
paul@rhel55 ~$ crontab -l
no crontab for paul

5. Take a look at the cron files and directories in /etc and understand them. What is the run-
parts command doing ?
run-parts runs a script in a directory

229
Chapter 21. logging
This chapter has three distinct subjects.

First we look at login logging ; how can we find out who is logging in to the system, when
and from where. And who is not logging in, who fails at su or ssh.

Second we discuss how to configure the syslog daemon, and how to test it with logger.

The last part is mostly about rotating logs and mentions the tail -f and watch commands
for watching logs.

230
 logging

21.1. login logging

To keep track of who is logging into the system, Linux can maintain the /var/log/wtmp, /
var/log/btmp, /var/run/utmp and /var/log/lastlog files.

21.1.1. /var/run/utmp (who)

Use the who command to see the /var/run/utmp file. This command is showing you all the
currently logged in users. Notice that the utmp file is in /var/run and not in /var/log .
[root@rhel4 ~]# who
paul pts/1 Feb 14 18:21 (192.168.1.45)
sandra pts/2 Feb 14 18:11 (192.168.1.42)
inge pts/3 Feb 14 12:01 (192.168.1.33)
els pts/4 Feb 14 14:33 (192.168.1.19)

21.1.2. /var/log/wtmp (last)

The /var/log/wtmp file is updated by the login program. Use last to see the /var/run/wtmp
file.
[root@rhel4a ~]# last | head
paul pts/1 192.168.1.45 Wed Feb 14 18:39 still logged in
reboot system boot 2.6.9-42.0.8.ELs Wed Feb 14 18:21 (01:15)
nicolas pts/5 pc-dss.telematic Wed Feb 14 12:32 - 13:06 (00:33)
stefaan pts/3 pc-sde.telematic Wed Feb 14 12:28 - 12:40 (00:12)
nicolas pts/3 pc-nae.telematic Wed Feb 14 11:36 - 12:21 (00:45)
nicolas pts/3 pc-nae.telematic Wed Feb 14 11:34 - 11:36 (00:01)
dirk pts/5 pc-dss.telematic Wed Feb 14 10:03 - 12:31 (02:28)
nicolas pts/3 pc-nae.telematic Wed Feb 14 09:45 - 11:34 (01:48)
dimitri pts/5 rhel4 Wed Feb 14 07:57 - 08:38 (00:40)
stefaan pts/4 pc-sde.telematic Wed Feb 14 07:16 - down (05:50)
[root@rhel4a ~]#

The last command can also be used to get a list of last reboots.
[paul@rekkie ~]$ last reboot
reboot system boot 2.6.16-rekkie Mon Jul 30 05:13 (370+08:42)

wtmp begins Tue May 30 23:11:45 2006

[paul@rekkie ~]

231
 logging

21.1.3. /var/log/lastlog (lastlog)

Use lastlog to see the /var/log/lastlog file.
[root@rhel4a ~]# lastlog | tail
tim pts/5 10.170.1.122 Tue Feb 13 09:36:54 +0100 2007
rm pts/6 rhel4 Tue Feb 13 10:06:56 +0100 2007
henk **Never logged in**
stefaan pts/3 pc-sde.telematic Wed Feb 14 12:28:38 +0100 2007
dirk pts/5 pc-dss.telematic Wed Feb 14 10:03:11 +0100 2007
arsene **Never logged in**
nicolas pts/5 pc-dss.telematic Wed Feb 14 12:32:18 +0100 2007
dimitri pts/5 rhel4 Wed Feb 14 07:57:19 +0100 2007
bashuserrm pts/7 rhel4 Tue Feb 13 10:35:40 +0100 2007
kornuserrm pts/5 rhel4 Tue Feb 13 10:06:17 +0100 2007
[root@rhel4a ~]#

21.1.4. /var/log/btmp (lastb)

There is also the lastb command to display the /var/log/btmp file. This file is updated by
the login program when entering the wrong password, so it contains failed login attempts.
Many computers will not have this file, resulting in no logging of failed login attempts.
[root@RHEL4b ~]# lastb
lastb: /var/log/btmp: No such file or directory
Perhaps this file was removed by the operator to prevent logging lastb\
info.
[root@RHEL4b ~]#

The reason given for this is that users sometimes type their password by mistake instead
of their login, so this world readable file poses a security risk. You can enable bad login
logging by simply creating the file. Doing a chmod o-r /var/log/btmp improves security.
[root@RHEL4b ~]# touch /var/log/btmp
[root@RHEL4b ~]# ll /var/log/btmp
-rw-r--r-- 1 root root 0 Jul 30 06:12 /var/log/btmp
[root@RHEL4b ~]# chmod o-r /var/log/btmp
[root@RHEL4b ~]# lastb

btmp begins Mon Jul 30 06:12:19 2007

[root@RHEL4b ~]#

Failed logins via ssh, rlogin or su are not registered in /var/log/btmp. Failed logins via tty are.
[root@RHEL4b ~]# lastb
HalvarFl tty3 Mon Jul 30 07:10 - 07:10 (00:00)
Maria tty1 Mon Jul 30 07:09 - 07:09 (00:00)
Roberto tty1 Mon Jul 30 07:09 - 07:09 (00:00)

btmp begins Mon Jul 30 07:09:32 2007

[root@RHEL4b ~]#

232
 logging

21.1.5. su and ssh logins

Depending on the distribution, you may also have the /var/log/secure file being filled with
messages from the auth and/or authpriv syslog facilities. This log will include su and/or
ssh failed login attempts. Some distributions put this in /var/log/auth.log, verify the syslog
configuration.
[root@RHEL4b ~]# cat /var/log/secure
Jul 30 07:09:03 sshd[4387]: Accepted publickey for paul from ::ffff:19\
2.168.1.52 port 33188 ssh2
Jul 30 05:09:03 sshd[4388]: Accepted publickey for paul from ::ffff:19\
2.168.1.52 port 33188 ssh2
Jul 30 07:22:27 sshd[4655]: Failed password for Hermione from ::ffff:1\
92.168.1.52 port 38752 ssh2
Jul 30 05:22:27 sshd[4656]: Failed password for Hermione from ::ffff:1\
92.168.1.52 port 38752 ssh2
Jul 30 07:22:30 sshd[4655]: Failed password for Hermione from ::ffff:1\
92.168.1.52 port 38752 ssh2
Jul 30 05:22:30 sshd[4656]: Failed password for Hermione from ::ffff:1\
92.168.1.52 port 38752 ssh2
Jul 30 07:22:33 sshd[4655]: Failed password for Hermione from ::ffff:1\
92.168.1.52 port 38752 ssh2
Jul 30 05:22:33 sshd[4656]: Failed password for Hermione from ::ffff:1\
92.168.1.52 port 38752 ssh2
Jul 30 08:27:33 sshd[5018]: Invalid user roberto from ::ffff:192.168.1\
.52
Jul 30 06:27:33 sshd[5019]: input_userauth_request: invalid user rober\
to
Jul 30 06:27:33 sshd[5019]: Failed none for invalid user roberto from \
::ffff:192.168.1.52 port 41064 ssh2
Jul 30 06:27:33 sshd[5019]: Failed publickey for invalid user roberto \
from ::ffff:192.168.1.52 port 41064 ssh2
Jul 30 08:27:36 sshd[5018]: Failed password for invalid user roberto f\
rom ::ffff:192.168.1.52 port 41064 ssh2
Jul 30 06:27:36 sshd[5019]: Failed password for invalid user roberto f\
rom ::ffff:192.168.1.52 port 41064 ssh2
[root@RHEL4b ~]#

You can enable this yourself, with a custom log file by adding the following line tot
syslog.conf.
auth.*,authpriv.* /var/log/customsec.log

233
 logging

21.2. syslogd
21.2.1. about syslog
The standard method of logging on Linux was through the syslogd daemon. Syslog was
developed by Eric Allman for sendmail, but quickly became a standard among many Unix
applications and was much later written as rfc 3164. The syslog daemon can receive mes-
sages on udp port 514 from many applications (and appliances), and can append to log files,
print, display messages on terminals and forward logs to other syslogd daemons on other
machines. The syslogd daemon is configured in /etc/syslog.conf.

21.2.2. about rsyslog

The new method is called reliable and extended syslogd and uses the rsyslogd daemon
and the /etc/rsyslogd.conf configuration file. The syntax is backwards compatible.

Each line in the configuration file uses a facility to determine where the message is coming
from. It also contains a priority for the severity of the message, and an action to decide on
what to do with the message.

21.2.3. modules
The new rsyslog has many more features that can be expanded by using modules. Modules
allow for example exporting of syslog logging to a database.

Se the manuals for more information (when you are done with this chapter).
root@rhel65:/etc# man rsyslog.conf
root@rhel65:/etc# man rsyslogd
root@rhel65:/etc#

234
 logging

21.2.4. facilities
The man rsyslog.conf command will explain the different default facilities for certain dae-
mons, such as mail, lpr, news and kern(el) messages. The local0 to local7 facility can be used
for appliances (or any networked device that supports syslog). Here is a list of all facilities
for rsyslog.conf version 1.3. The security keyword is deprecated.
auth (security)
authpriv
cron
daemon
ftp
kern
lpr mail
mark (internal use only)
news
syslog
user
uucp
local0-7

21.2.5. priorities
The worst severity a message can have is emerg followed by alert and crit. Lowest priority
should go to info and debug messages. Specifying a severity will also log all messages with
a higher severity. You can prefix the severity with = to obtain only messages that match that
severity. You can also specify .none to prevent a specific action from any message from
a certain facility.

Here is a list of all priorities, in ascending order. The keywords warn, error and panic are
deprecated.
debug
info
notice
warning (warn)
err (error)
crit
alert
emerg (panic)

235
 logging

21.2.6. actions
The default action is to send a message to the username listed as action. When the action is
prefixed with a / then rsyslog will send the message to the file (which can be a regular file,
but also a printer or terminal). The @ sign prefix will send the message on to another syslog
server. Here is a list of all possible actions.
root,user1 list of users, separated by comma's
* message to all logged on users
/ file (can be a printer, a console, a tty, ...)
-/ file, but don't sync after every write
| named pipe
@ other syslog hostname

In addition, you can prefix actions with a - to omit syncing the file after every logging.

21.2.7. configuration
Below a sample configuration of custom local4 messages in /etc/rsyslog.conf.
local4.crit /var/log/critandabove
local4.=crit /var/log/onlycrit
local4.* /var/log/alllocal4

21.2.8. restarting rsyslogd

Don't forget to restart the server after changing its configuration.
root@rhel65:/etc# service rsyslog restart
Shutting down system logger: [ OK ]
Starting system logger: [ OK ]
root@rhel65:/etc#

236
 logging

21.3. logger
The logger command can be used to generate syslog test messages. You can aslo use it in
scripts. An example of testing syslogd with the logger tool.
[root@rhel4a ~]# logger -p local4.debug "l4 debug"
[root@rhel4a ~]# logger -p local4.crit "l4 crit"
[root@rhel4a ~]# logger -p local4.emerg "l4 emerg"
[root@rhel4a ~]#

The results of the tests with logger.

[root@rhel4a ~]# cat /var/log/critandabove
Feb 14 19:55:19 rhel4a paul: l4 crit
Feb 14 19:55:28 rhel4a paul: l4 emerg
[root@rhel4a ~]# cat /var/log/onlycrit
Feb 14 19:55:19 rhel4a paul: l4 crit
[root@rhel4a ~]# cat /var/log/alllocal4
Feb 14 19:55:11 rhel4a paul: l4 debug
Feb 14 19:55:19 rhel4a paul: l4 crit
Feb 14 19:55:28 rhel4a paul: l4 emerg
[root@rhel4a ~]#

21.4. watching logs

You might want to use the tail -f command to look at the last lines of a log file. The -f option
will dynamically display lines that are appended to the log.
paul@ubu1010:~$ tail -f /var/log/udev
SEQNUM=1741
SOUND_INITIALIZED=1
ID_VENDOR_FROM_DATABASE=nVidia Corporation
ID_MODEL_FROM_DATABASE=MCP79 High Definition Audio
ID_BUS=pci
ID_VENDOR_ID=0x10de
ID_MODEL_ID=0x0ac0
ID_PATH=pci-0000:00:08.0
SOUND_FORM_FACTOR=internal

You can automatically repeat commands by preceding them with the watch command.
When executing the following:
[root@rhel6 ~]# watch who

Something similar to this, repeating the output of the who command every two seconds,
will appear on the screen.
Every 2.0s: who Sun Jul 17 15:31:03 2011

root tty1 2011-07-17 13:28

paul pts/0 2011-07-17 13:31 (192.168.1.30)
paul pts/1 2011-07-17 15:19 (192.168.1.30)

237
 logging

21.5. rotating logs

A lot of log files are always growing in size. To keep this within bounds, you may want
to use logrotate to rotate, compress, remove and mail log files. More info on the logro-
tate command in /etc/logrotate.conf.. Individual configurations can be found in the /etc/
logrotate.d/ directory.

Below a screenshot of the default Red Hat logrotate.conf file.

root@rhel65:/etc# cat logrotate.conf
# see "man logrotate" for details
# rotate log files weekly
weekly

# keep 4 weeks worth of backlogs

rotate 4

# create new (empty) log files after rotating old ones

create

# use date as a suffix of the rotated file

dateext

# uncomment this if you want your log files compressed

#compress

# RPM packages drop log rotation information into this directory

include /etc/logrotate.d

# no packages own wtmp and btmp -- we'll rotate them here

/var/log/wtmp {
monthly
create 0664 root utmp
minsize 1M
rotate 1
}

/var/log/btmp {
missingok
monthly
create 0600 root utmp
rotate 1
}

# system-specific logs may be also be configured here.

root@rhel65:/etc#

238
 logging

21.6. practice : logging

1. Display the /var/run/utmp file with the proper command (not with cat or vi).

2. Display the /var/log/wtmp file.

3. Use the lastlog and lastb commands, understand the difference.

4. Examine syslog to find the location of the log file containing ssh failed logins.

5. Configure syslog to put local4.error and above messages in /var/log/l4e.log and local4.info
only .info in /var/log/l4i.log. Test that it works with the logger tool!

6. Configure /var/log/Mysu.log, all the su to root messages should go in that log. Test that
it works!

7. Send the local5 messages to the syslog server of your neighbour. Test that it works.

8. Write a script that executes logger to local4 every 15 seconds (different message). Use
tail -f and watch on your local4 log files.

239
 logging

21.7. solution : logging

1. Display the /var/run/utmp file.
who

2. Display the /var/log/wtmp file.

last

3. Use the lastlog and lastb commands, understand the difference.

lastlog : when users last logged on

lastb: failed (bad) login attempts

4. Examine syslog to find the location of the log file containing ssh failed logins.

Answer depends on whether you machine uses syslog or rsyslog (newer).

[root@rhel53 ~]# grep authpriv /etc/syslog.conf
authpriv.* /var/log/secure

[root@rhel71 ~]# grep ^authpriv /etc/rsyslog.conf

authpriv.* /var/log/secure

paul@debian8:~$ grep ^auth /etc/rsyslog.conf

auth,authpriv.* /var/log/auth.log

5. Configure syslog to put local4.error and above messages in /var/log/l4e.log and local4.info
only .info in /var/log/l4i.log. Test that it works with the logger tool!

With syslog:
echo local4.error /var/log/l4e.log >> /etc/syslog.conf
echo local4.=info /var/log/l4i.log >> /etc/syslog.conf
service syslog restart

With rsyslog:
echo local4.error /var/log/l4e.log >> /etc/rsyslog.conf
echo local4.=info /var/log/l4i.log >> /etc/rsyslog.conf
service rsyslog restart

On both:
logger -p local4.error "l4 error test"
logger -p local4.alert "l4 alert test"
logger -p local4.info "l4 info test"
cat /var/log/l4e.log
cat /var/log/l4i.log

6. Configure /var/log/Mysu.log, all the su to root messages should go in that log. Test that
it works!
echo authpriv.* /var/log/Mysu.log >> /etc/syslog.conf

This will log more than just the su usage.

7. Send the local5 messages to the syslog server of your neighbour. Test that it works.

240
 logging

On RHEL5, edit /etc/sysconfig/syslog to enable remote listening on the server.

On RHEL7, uncomment these two lines in /etc/rsyslog.conf to enable 'UDP syslog recep-
tion'.
# Provides UDP syslog reception
$ModLoad imudp
$UDPServerRun 514

On Debian/Ubuntu edit /etc/default/syslog or /etc/default/rsyslog.

on the client: logger -p local5.info "test local5 to neighbour"

8. Write a script that executes logger to local4 every 15 seconds (different message). Use
tail -f and watch on your local4 log files.
root@rhel53 scripts# cat logloop
#!/bin/bash

for i in `seq 1 10`

do
logger -p local4.info "local4.info test number $i"
sleep 15
done

root@rhel53 scripts# chmod +x logloop

root@rhel53 scripts# ./logloop &
[1] 8264
root@rhel53 scripts# tail -f /var/log/local4.all.log
Mar 28 13:13:36 rhel53 root: local4.info test number 1
Mar 28 13:13:51 rhel53 root: local4.info test number 2
...

241
Chapter 22. memory management
This chapter will tell you how to manage RAM memory and cache.

We start with some simple tools to display information about memory: free -om, top and
cat /proc/meminfo.

We continue with managing swap space, using terms like swapping, paging and virtual
memory.

The last part is about using vmstat to monitor swap usage.

242
 memory management

22.1. displaying memory and cache

22.1.1. /proc/meminfo
Displaying /proc/meminfo will tell you a lot about the memory on your Linux computer.
paul@ubu1010:~$ cat /proc/meminfo
MemTotal: 3830176 kB
MemFree: 244060 kB
Buffers: 41020 kB
Cached: 2035292 kB
SwapCached: 9892 kB
...

The first line contains the total amount of physical RAM, the second line is the unused RAM.
Buffers is RAM used for buffering files, cached is the amount of RAM used as cache and
SwapCached is the amount of swap used as cache. The file gives us much more information
outside of the scope of this course.

22.1.2. free
The free tool can display the information provided by /proc/meminfo in a more readable
format. The example below displays brief memory information in megabytes.
paul@ubu1010:~$ free -om
total used free shared buffers cached
Mem: 3740 3519 221 0 42 1994
Swap: 6234 82 6152

22.1.3. top
The top tool is often used to look at processes consuming most of the cpu, but it also displays
memory information on line four and five (which can be toggled by pressing m).

Below a screenshot of top on the same ubu1010 from above.

top - 10:44:34 up 16 days, 9:56, 6 users, load average: 0.13, 0.09, 0.12
Tasks: 166 total, 1 running, 165 sleeping, 0 stopped, 0 zombie
Cpu(s): 5.1%us, 4.6%sy, 0.6%ni, 88.7%id, 0.8%wa, 0.0%hi, 0.3%si, 0.0%st
Mem: 3830176k total, 3613720k used, 216456k free, 45452k buffers
Swap: 6384636k total, 84988k used, 6299648k free, 2050948k cached

243
 memory management

22.2. managing swap space

22.2.1. about swap space
When the operating system needs more memory than physically present in RAM, it can use
swap space. Swap space is located on slower but cheaper memory. Notice that, although
hard disks are commonly used for swap space, their access times are one hundred thousand
times slower.

The swap space can be a file, a partition, or a combination of files and partitions. You can
see the swap space with the free command, or with cat /proc/swaps.
paul@ubu1010:~$ free -o | grep -v Mem
total used free shared buffers cached
Swap: 6384636 84988 6299648
paul@ubu1010:~$ cat /proc/swaps
Filename Type Size Used Priority
/dev/sda3 partition 6384636 84988 -1

The amount of swap space that you need depends heavily on the services that the computer
provides.

22.2.2. creating a swap partition

You can activate or deactivate swap space with the swapon and swapoff commands. New
swap space can be created with the mkswap command. The screenshot below shows the
creation and activation of a swap partition.
root@RHELv4u4:~# fdisk -l 2> /dev/null | grep hda
Disk /dev/hda: 536 MB, 536870912 bytes
/dev/hda1 1 1040 524128+ 83 Linux
root@RHELv4u4:~# mkswap /dev/hda1
Setting up swapspace version 1, size = 536702 kB
root@RHELv4u4:~# swapon /dev/hda1

Now you can see that /proc/swaps displays all swap spaces separately, whereas the free -
om command only makes a human readable summary.
root@RHELv4u4:~# cat /proc/swaps
Filename Type Size Used Priority
/dev/mapper/VolGroup00-LogVol01 partition 1048568 0 -1
/dev/hda1 partition 524120 0 -2
root@RHELv4u4:~# free -om
total used free shared buffers cached
Mem: 249 245 4 0 125 54
Swap: 1535 0 1535

244
 memory management

22.2.3. creating a swap file

Here is one more example showing you how to create a swap file. On Solaris you can use
mkfile instead of dd.
root@RHELv4u4:~# dd if=/dev/zero of=/smallswapfile bs=1024 count=4096
4096+0 records in
4096+0 records out
root@RHELv4u4:~# mkswap /smallswapfile
Setting up swapspace version 1, size = 4190 kB
root@RHELv4u4:~# swapon /smallswapfile
root@RHELv4u4:~# cat /proc/swaps
Filename Type Size Used Priority
/dev/mapper/VolGroup00-LogVol01 partition 1048568 0 -1
/dev/hda1 partition 524120 0 -2
/smallswapfile file 4088 0 -3

22.2.4. swap space in /etc/fstab

If you like these swaps to be permanent, then don't forget to add them to /etc/fstab. The
lines in /etc/fstab will be similar to the following.
/dev/hda1 swap swap defaults 0 0
/smallswapfile swap swap defaults 0 0

245
 memory management

22.3. monitoring memory with vmstat

You can find information about swap usage using vmstat.

Below a simple vmstat displaying information in megabytes.

paul@ubu1010:~$ vmstat -S m
procs ---------memory-------- ---swap-- -----io---- -system- ----cpu----
r b swpd free buff cache si so bi bo in cs us sy id wa
0 0 87 225 46 2097 0 0 2 5 14 8 6 5 89 1

Below a sample vmstat when (in another terminal) root launches a find /. It generates a lot
of disk i/o (bi and bo are disk blocks in and out). There is no need for swapping here.
paul@ubu1010:~$ vmstat 2 100
procs ----------memory---------- ---swap-- -----io---- -system-- ----cpu----
r b swpd free buff cache si so bi bo in cs us sy id wa
0 0 84984 1999436 53416 269536 0 0 2 5 2 10 6 5 89 1
0 0 84984 1999428 53416 269564 0 0 0 0 1713 2748 4 4 92 0
0 0 84984 1999552 53416 269564 0 0 0 0 1672 1838 4 6 90 0
0 0 84984 1999552 53424 269560 0 0 0 14 1587 2526 5 7 87 2
0 0 84984 1999180 53424 269580 0 0 0 100 1748 2193 4 6 91 0
1 0 84984 1997800 54508 269760 0 0 610 0 1836 3890 17 10 68 4
1 0 84984 1994620 55040 269748 0 0 250 168 1724 4365 19 17 56 9
0 1 84984 1978508 55292 269704 0 0 126 0 1957 2897 19 18 58 4
0 0 84984 1974608 58964 269784 0 0 1826 478 2605 4355 7 7 44 41
0 2 84984 1971260 62268 269728 0 0 1634 756 2257 3865 7 7 47 39

Below a sample vmstat when executing (on RHEL6) a simple memory leaking program.
Now you see a lot of memory being swapped (si is 'swapped in').
[paul@rhel6c ~]$ vmstat 2 100

procs ----------memory-------- ---swap-- ----io---- --system-- -----cpu-----

r b swpd free buff cache si so bi bo in cs us sy id wa st
0 3 245208 5280 232 1916 261 0 0 42 27 21 0 1 98 1 0
0 2 263372 4800 72 908 143840 128 0 1138 462 191 2 10 0 88 0
1 3 350672 4792 56 992 169280 256 0 1092 360 142 1 13 0 86 0
1 4 449584 4788 56 1024 95880 64 0 606 471 191 2 13 0 85 0
0 4 471968 4828 56 1140 44832 80 0 390 235 90 2 12 0 87 0
3 5 505960 4764 56 1136 68008 16 0 538 286 109 1 12 0 87 0

The code below was used to simulate a memory leak (and force swapping). This code was
found on wikipedia without author.
paul@mac:~$ cat memleak.c
#include <stdlib.h>

int main(void)
{
while (malloc(50));
return 0;
}

246
 memory management

22.4. practice : memory

1. Use dmesg to find the total amount of memory in your computer.

2. Use free to display memory usage in kilobytes (then in megabytes).

3. On a virtual machine, create a swap partition (you might need an extra virtual disk for this).

4. Add a 20 megabyte swap file to the system.

5. Put all swap spaces in /etc/fstab and activate them. Test with a reboot that they are mount-
ed.

6. Use free to verify usage of current swap.

7. (optional) Display the usage of swap with vmstat and free -s during a memory leak.

247
 memory management

22.5. solution : memory

1. Use dmesg to find the total amount of memory in your computer.
dmesg | grep Memory

2. Use free to display memory usage in kilobytes (then in megabytes).

free ; free -m

3. On a virtual machine, create a swap partition (you might need an extra virtual disk for this).
mkswap /dev/sdd1 ; swapon /dev/sdd1

4. Add a 20 megabyte swap file to the system.

dd if=/dev/zero of=/swapfile20mb bs=1024 count=20000
mkswap /swapfile20mb
swapon /swapfile20mb

5. Put all swap spaces in /etc/fstab and activate them. Test with a reboot that they are mount-
ed.
root@computer# tail -2 /etc/fstab
/dev/sdd1 swap swap defaults 0 0
/swapfile20mb swap swap defaults 0 0

6. Use free to verify usage of current swap.

free -om

7. (optional) Display the usage of swap with vmstat and free -s during a memory leak.

248
Chapter 23. resource monitoring
Monitoring is the process of obtaining information about the utilization of memory, cpu,
bandwidth and storage. You should start monitoring your system as soon as possible, to be
able to create a baseline. Make sure that you get to know your system! This baseline is
important because it allows you to see a steady or sudden growth in resource utilization
and likewise steady (or sudden) decline in resource availability. It will allow you to plan
for scaling up or scaling out.

Let us look at some tools that go beyond ps fax, df -h, free -om and du -sh.

249
 resource monitoring

23.1. four basic resources

The four basic resources to monitor are:
• cpu
• network
• ram memory
• storage

23.2. top
To start monitoring, you can use top. This tool will monitor ram memory, cpu and swap. Top
will automatically refresh. Inside top you can use many commands, like k to kill processes,
or t and m to toggle displaying task and memory information, or the number 1 to have one
line per cpu, or one summary line for all cpu's.
top - 12:23:16 up 2 days, 4:01, 2 users, load average: 0.00, 0.00, 0.00
Tasks: 61 total, 1 running, 60 sleeping, 0 stopped, 0 zombie
Cpu(s): 0.3% us, 0.5% sy, 0.0% ni, 98.9% id, 0.2% wa, 0.0% hi, 0.0% si
Mem: 255972k total, 240952k used, 15020k free, 59024k buffers
Swap: 524280k total, 144k used, 524136k free, 112356k cached

PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND

1 root 16 0 2816 560 480 S 0.0 0.2 0:00.91 init
2 root 34 19 0 0 0 S 0.0 0.0 0:00.01 ksoftirqd/0
3 root 5 -10 0 0 0 S 0.0 0.0 0:00.57 events/0
4 root 5 -10 0 0 0 S 0.0 0.0 0:00.00 khelper
5 root 15 -10 0 0 0 S 0.0 0.0 0:00.00 kacpid
16 root 5 -10 0 0 0 S 0.0 0.0 0:00.08 kblockd/0
26 root 15 0 0 0 0 S 0.0 0.0 0:02.86 pdflush
...

You can customize top to display the columns of your choice, or to display only the processes
that you find interesting.
[paul@RHELv4u3 ~]$ top p 3456 p 8732 p 9654

23.3. free
The free command is common on Linux to monitor free memory. You can use free to display
information every x seconds, but the output is not ideal.
[paul@RHELv4u3 gen]$ free -om -s 10
total used free shared buffers cached
Mem: 249 222 27 0 50 109
Swap: 511 0 511

total used free shared buffers cached

Mem: 249 222 27 0 50 109
Swap: 511 0 511

[paul@RHELv4u3 gen]$

250
 resource monitoring

23.4. watch
It might be more interesting to combine free with the watch program. This program can run
commands with a delay, and can highlight changes (with the -d switch).
[paul@RHELv4u3 ~]$ watch -d -n 3 free -om
...
Every 3.0s: free -om Sat Jan 27 12:13:03 2007

total used free shared buffers cached

Mem: 249 230 19 0 56 109
Swap: 511 0 511

23.5. vmstat
To monitor CPU, disk and memory statistics in one line there is vmstat. The screenshot
below shows vmstat running every two seconds 100 times (or until the Ctrl-C). Below the
r, you see the number of processes waiting for the CPU, sleeping processes go below b.
Swap usage (swpd) stayed constant at 144 kilobytes, free memory dropped from 16.7MB
to 12.9MB. See man vmstat for the rest.
[paul@RHELv4u3 ~]$ vmstat 2 100
procs ----------memory--------- --swap-- ---io--- --system-- ---cpu----
r b swpd free buff cache si so bi bo in cs us sy id wa
0 0 144 16708 58212 111612 0 0 3 4 75 62 0 1 99 0
0 0 144 16708 58212 111612 0 0 0 0 976 22 0 0 100 0
0 0 144 16708 58212 111612 0 0 0 0 958 14 0 1 99 0
1 0 144 16528 58212 111612 0 0 0 18 1432 7417 1 32 66 0
1 0 144 16468 58212 111612 0 0 0 0 2910 20048 4 95 1 0
1 0 144 16408 58212 111612 0 0 0 0 3210 19509 4 97 0 0
1 0 144 15568 58816 111612 0 0 300 1632 2423 10189 2 62 0 36
0 1 144 13648 60324 111612 0 0 754 0 1910 2843 1 27 0 72
0 0 144 12928 60948 111612 0 0 312 418 1346 1258 0 14 57 29
0 0 144 12928 60948 111612 0 0 0 0 977 19 0 0 100 0
0 0 144 12988 60948 111612 0 0 0 0 977 15 0 0 100 0
0 0 144 12988 60948 111612 0 0 0 0 978 18 0 0 100 0

[paul@RHELv4u3 ~]$

251
 resource monitoring

23.6. iostat
The iostat tool can display disk and cpu statistics. The -d switch below makes iostat only
display disk information (500 times every two seconds). The first block displays statistics
since the last reboot.
[paul@RHELv4u3 ~]$ iostat -d 2 500
Linux 2.6.9-34.EL (RHELv4u3.localdomain) 01/27/2007

Device: tps Blk_read/s Blk_wrtn/s Blk_read Blk_wrtn

hdc 0.00 0.01 0.00 1080 0
sda 0.52 5.07 7.78 941798 1445148
sda1 0.00 0.01 0.00 968 4
sda2 1.13 5.06 7.78 939862 1445144
dm-0 1.13 5.05 7.77 939034 1444856
dm-1 0.00 0.00 0.00 360 288

Device: tps Blk_read/s Blk_wrtn/s Blk_read Blk_wrtn

hdc 0.00 0.00 0.00 0 0
sda 0.00 0.00 0.00 0 0
sda1 0.00 0.00 0.00 0 0
sda2 0.00 0.00 0.00 0 0
dm-0 0.00 0.00 0.00 0 0
dm-1 0.00 0.00 0.00 0 0
...
[paul@RHELv4u3 ~]$

You can have more statistics using iostat -d -x, or display only cpu statistics with iostat -c.
[paul@RHELv4u3 ~]$ iostat -c 5 500
Linux 2.6.9-34.EL (RHELv4u3.localdomain) 01/27/2007

avg-cpu: %user %nice %sys %iowait %idle

0.31 0.02 0.52 0.23 98.92

avg-cpu: %user %nice %sys %iowait %idle

0.62 0.00 52.16 47.23 0.00

avg-cpu: %user %nice %sys %iowait %idle

2.92 0.00 36.95 60.13 0.00

avg-cpu: %user %nice %sys %iowait %idle

0.63 0.00 36.63 62.32 0.42

avg-cpu: %user %nice %sys %iowait %idle

0.00 0.00 0.20 0.20 99.59

[paul@RHELv4u3 ~]$

252
 resource monitoring

23.7. mpstat
On multi-processor machines, mpstat can display statistics for all, or for a selected cpu.
paul@laika:~$ mpstat -P ALL
Linux 2.6.20-3-generic (laika) 02/09/2007

CPU %user %nice %sys %iowait %irq %soft %steal %idle intr/s
all 1.77 0.03 1.37 1.03 0.02 0.39 0.00 95.40 1304.91
0 1.73 0.02 1.47 1.93 0.04 0.77 0.00 94.04 1304.91
1 1.81 0.03 1.27 0.13 0.00 0.00 0.00 96.76 0.00
paul@laika:~$

23.8. sadc and sar

The sadc tool writes system utilization data to /var/log/sa/sa??, where ?? is replaced with
the current day of the month. By default, cron runs the sal script every 10 minutes, the sal
script runs sadc for one second. Just before midnight every day, cron runs the sa2 script,
which in turn invokes sar. The sar tool will read the daily data generated by sadc and put it
in /var/log/sa/sar??. These sar reports contain a lot of statistics.

You can also use sar to display a portion of the statistics that were gathered. Like this example
for cpu statistics.
[paul@RHELv4u3 sa]$ sar -u | head
Linux 2.6.9-34.EL (RHELv4u3.localdomain) 01/27/2007

12:00:01 AM CPU %user %nice %system %iowait %idle

12:10:01 AM all 0.48 0.01 0.60 0.04 98.87
12:20:01 AM all 0.49 0.01 0.60 0.06 98.84
12:30:01 AM all 0.49 0.01 0.64 0.25 98.62
12:40:02 AM all 0.44 0.01 0.62 0.07 98.86
12:50:01 AM all 0.42 0.01 0.60 0.10 98.87
01:00:01 AM all 0.47 0.01 0.65 0.08 98.80
01:10:01 AM all 0.45 0.01 0.68 0.08 98.78
[paul@RHELv4u3 sa]$

There are other useful sar options, like sar -I PROC to display interrupt activity per interrupt
and per CPU, or sar -r for memory related statistics. Check the manual page of sar for more.

253
 resource monitoring

23.9. ntop
The ntop tool is not present in default Red Hat installs. Once run, it will generate a very
extensive analysis of network traffic in html on http://localhost:3000 .

23.10. iftop
The iftop tool will display bandwidth by socket statistics for a specific network device. Not
available on default Red Hat servers.
1.91Mb 3.81Mb 5.72Mb 7.63Mb 9.54Mb
--------------|-------------|--------------|-------------|--------|----
laika.local => barry 4.94Kb 6.65Kb 69.9Kb
<= 7.41Kb 16.4Kb 766Kb
laika.local => ik-in-f19.google.com 0b 1.58Kb 14.4Kb
<= 0b 292b 41.0Kb
laika.local => ik-in-f99.google.com 0b 83b 4.01Kb
<= 0b 83b 39.8Kb
laika.local => ug-in-f189.google.com 0b 42b 664b
<= 0b 42b 406b
laika.local => 10.0.0.138 0b 0b 149b
<= 0b 0b 256b
laika.local => 224.0.0.251 0b 0b 86b
<= 0b 0b 0b
laika.local => ik-in-f83.google.com 0b 0b 39b
<= 0b 0b 21b

23.11. iptraf
Use iptraf for a colourful display of ip traffic over the network cards.
[root@centos65 ~]# iptraf
[root@centos65 ~]# iptraf -i eth0

254
 resource monitoring

23.12. nmon
Another popular and all round tool is nmon.

23.13. htop
You can use htop instead of top.

255
Part XI. network management
Table of Contents
24. interface configuration ................................................................................................... 258
24.1. to gui or not to gui ............................................................................................... 259
24.2. Debian nic configuration ........................................................................................ 260
24.3. RHEL nic configuration ......................................................................................... 262
24.4. ifconfig ............................................................................................................... 264
24.5. ip ....................................................................................................................... 266
24.6. dhclient ............................................................................................................... 267
24.7. hostname ............................................................................................................. 267
24.8. arp ..................................................................................................................... 268
24.9. route ................................................................................................................... 269
24.10. ping .................................................................................................................. 269
24.11. optional: ethtool .................................................................................................. 270
24.12. practice: interface configuration ............................................................................. 271
24.13. solution: interface configuration ............................................................................. 272
25. network sniffing ............................................................................................................. 274
25.1. wireshark ............................................................................................................. 275
25.2. tcpdump .............................................................................................................. 279
25.3. practice: network sniffing ....................................................................................... 280
25.4. solution: network sniffing ....................................................................................... 281
26. binding and bonding ...................................................................................................... 282
26.1. binding on Redhat/Fedora ....................................................................................... 283
26.2. binding on Debian/Ubuntu ...................................................................................... 284
26.3. bonding on Redhat/Fedora ...................................................................................... 285
26.4. bonding on Debian/Ubuntu ..................................................................................... 287
26.5. practice: binding and bonding ................................................................................. 289
26.6. solution: binding and bonding ................................................................................. 290
27. introduction to networking ............................................................................................. 291
27.1. introduction to iptables .......................................................................................... 292
27.2. practice : iptables .................................................................................................. 293
27.3. solution : iptables .................................................................................................. 294
27.4. xinetd and inetd .................................................................................................... 295
27.5. practice : inetd and xinetd ...................................................................................... 297
27.6. network file system ............................................................................................... 298
27.7. practice : network file system .................................................................................. 300

257
Chapter 24. interface configuration
This chapter explains how to configure network interface cards to work with tcp/ip.

258
 interface configuration

24.1. to gui or not to gui

Recent Linux distributions often include a graphical application to configure the network.
Some people complain that these applications mess networking configurations up when used
simultaneously with command line configurations. Notably Network Manager (often re-
placed by wicd) and yast are known to not care about configuration changes via the com-
mand line.

Since the goal of this course is server administration, we will assume our Linux servers are
always administered through the command line.

This chapter only focuses on using the command line for network interface configuration!

Unfortunately there is no single combination of Linux commands and /etc files that works on
all Linux distributions. We discuss networking on two (large but distinct) Linux distribution
families.

We start with Debian (this should also work on Ubuntu and Mint), then continue with RHEL
(which is identical to CentOS and Fedora).

259
 interface configuration

24.2. Debian nic configuration

24.2.1. /etc/network/interfaces
The /etc/network/interfaces file is a core network interface card configuration file on de-
bian.

dhcp client
The screenshot below shows that our computer is configured for dhcp on eth0 (the first
network interface card or nic).
paul@debian8:~$ cat /etc/network/interfaces
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

# The loopback network interface

auto lo
iface lo inet loopback

auto eth0
iface eth0 inet dhcp

Configuring network cards for dhcp is good practice for clients, but servers usually require
a fixed ip address.

fixed ip
The screenshot below shows /etc/network/interfaces configured with a fixed ip address.
root@debian7~# cat /etc/network/interfaces
auto lo
iface lo inet loopback

auto eth0
iface eth0 inet static
address 10.42.189.198
broadcast 10.42.189.207
netmask 255.255.255.240
gateway 10.42.189.193

The screenshot above also shows that you can provide more configuration than just the
ip address. See interfaces(5) for help on setting a gateway, netmask or any of the other
options.

260
 interface configuration

24.2.2. /sbin/ifdown
It is adviced (but not mandatory) to down an interface before changing its configuration.
This can be done with the ifdown command.

The command will not give any output when downing an interface with a fixed ip address.
However ifconfig will no longer show the interface.
root@ubu1104srv:~# ifdown eth0
root@ubu1104srv:~# ifconfig
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:106 errors:0 dropped:0 overruns:0 frame:0
TX packets:106 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:11162 (11.1 KB) TX bytes:11162 (11.1 KB)

An interface that is down cannot be used to connect to the network.

24.2.3. /sbin/ifup
Below a screenshot of ifup bringing the eth0 ethernet interface up using dhcp. (Note that
this is a Ubuntu 10.10 screenshot, Ubuntu 11.04 omits ifup output by default.)
root@ubu1010srv:/etc/network# ifup eth0
Internet Systems Consortium DHCP Client V3.1.3
Copyright 2004-2009 Internet Systems Consortium.
All rights reserved.
For info, please visit https://www.isc.org/software/dhcp/

Listening on LPF/eth0/08:00:27:cd:7f:fc
Sending on LPF/eth0/08:00:27:cd:7f:fc
Sending on Socket/fallback
DHCPREQUEST of 192.168.1.34 on eth0 to 255.255.255.255 port 67
DHCPNAK from 192.168.33.100
DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 3
DHCPOFFER of 192.168.33.77 from 192.168.33.100
DHCPREQUEST of 192.168.33.77 on eth0 to 255.255.255.255 port 67
DHCPACK of 192.168.33.77 from 192.168.33.100
bound to 192.168.33.77 -- renewal in 95 seconds.
ssh stop/waiting
ssh start/running, process 1301
root@ubu1010srv:/etc/network#

The details of dhcp are covered in a separate chapter in the Linux Servers course.

261
 interface configuration

24.3. RHEL nic configuration

24.3.1. /etc/sysconfig/network
The /etc/sysconfig/network file is a global (across all network cards) configuration file. It
allows us to define whether we want networking (NETWORKING=yes|no), what the host-
name should be (HOSTNAME=) and which gateway to use (GATEWAY=).
[root@rhel6 ~]# cat /etc/sysconfig/network
NETWORKING=yes
HOSTNAME=rhel6
GATEWAY=192.168.1.1

There are a dozen more options settable in this file, details can be found in /usr/share/doc/
initscripts-*/sysconfig.txt.

Note that this file contains no settings at all in a default RHEL7 install (with networking
enabled).
[root@rhel71 ~]# cat /etc/sysconfig/network
# Created by anaconda

24.3.2. /etc/sysconfig/network-scripts/ifcfg-
Each network card can be configured individually using the /etc/sysconfig/network-scripts/
ifcfg-* files. When you have only one network card, then this will probably be /etc/syscon-
fig/network-scripts/ifcfg-eth0.

dhcp client
Below a screenshot of /etc/sysconfig/network-scripts/ifcfg-eth0 configured for dhcp
(BOOTPROTO="dhcp"). Note also the NM_CONTROLLED paramater to disable control
of this nic by Network Manager. This parameter is not explained (not even mentioned) in
/usr/share/doc/initscripts-*/sysconfig.txt, but many others are.
[root@rhel6 ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE="eth0"
HWADDR="08:00:27:DD:0D:5C"
NM_CONTROLLED="no"
BOOTPROTO="dhcp"
ONBOOT="yes"

The BOOTPROTO variable can be set to either dhcp or bootp, anything else will be consid-
ered static meaning there should be no protocol used at boot time to set the interface values.

RHEL7 adds ipv6 variables to this file.

[root@rhel71 network-scripts]# cat ifcfg-enp0s3
TYPE="Ethernet"
BOOTPROTO="dhcp"
DEFROUTE="yes"
PEERDNS="yes"
PEERROUTES="yes"
IPV4_FAILURE_FATAL="no"
IPV6INIT="yes"

262
 interface configuration

IPV6_AUTOCONF="yes"
IPV6_DEFROUTE="yes"
IPV6_PEERDNS="yes"
IPV6_PEERROUTES="yes"
IPV6_FAILURE_FATAL="no"
NAME="enp0s3"
UUID="9fa6a83a-2f8e-4ecc-962c-5f614605f4ee"
DEVICE="enp0s3"
ONBOOT="yes"
[root@rhel71 network-scripts]#

fixed ip
Below a screenshot of a fixed ip configuration in /etc/sysconfig/network-scripts/ifcfg-
eth0.
[root@rhel6 ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE="eth0"
HWADDR="08:00:27:DD:0D:5C"
NM_CONTROLLED="no"
BOOTPROTO="none"
IPADDR="192.168.1.99"
NETMASK="255.255.255.0"
GATEWAY="192.168.1.1"
ONBOOT="yes"

The HWADDR can be used to make sure that each network card gets the correct name
when multiple network cards are present in the computer. It can not be used to assign a mac
address to a network card. For this, you need to specify the MACADDR variable. Do not
use HWADDR and MACADDR in the same ifcfg-ethx file.

The BROADCAST= and NETWORK= parameters from previous RHEL/Fedora versions

are obsoleted.

24.3.3. nmcli
On RHEL7 you should run nmcli connection reload if you changed configuration files in
/etc/sysconfig/ to enable your changes.

The nmcli tool has many options to configure networking on the command line in RHEL7/
CentOS7
man nmcli

24.3.4. nmtui
Another recommendation for RHEL7/CentOS7 is to use nmtui. This tool will use a 'win-
dowed' interface in command line to manage network interfaces.
nmtui

263
 interface configuration

24.3.5. /sbin/ifup and /sbin/ifdown

The ifup and ifdown commands will set an interface up or down, using the configuration
discussed above. This is identical to their behaviour in Debian and Ubuntu.
[root@rhel6 ~]# ifdown eth0 && ifup eth0
[root@rhel6 ~]# ifconfig eth0
eth0 Link encap:Ethernet HWaddr 08:00:27:DD:0D:5C
inet addr:192.168.1.99 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::a00:27ff:fedd:d5c/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:2452 errors:0 dropped:0 overruns:0 frame:0
TX packets:1881 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:257036 (251.0 KiB) TX bytes:184767 (180.4 KiB)

24.4. ifconfig
The use of /sbin/ifconfig without any arguments will present you with a list of all active
network interface cards, including wireless and the loopback interface. In the screenshot
below eth0 has no ip address.
root@ubu1010:~# ifconfig
eth0 Link encap:Ethernet HWaddr 00:26:bb:5d:2e:52
UP BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
Interrupt:43 Base address:0xe000

eth1 Link encap:Ethernet HWaddr 00:26:bb:12:7a:5e

inet addr:192.168.1.30 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::226:bbff:fe12:7a5e/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:11141791 errors:202 dropped:0 overruns:0 frame:11580126
TX packets:6473056 errors:3860 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:3476531617 (3.4 GB) TX bytes:2114919475 (2.1 GB)
Interrupt:23

lo Link encap:Local Loopback

inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:2879 errors:0 dropped:0 overruns:0 frame:0
TX packets:2879 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:486510 (486.5 KB) TX bytes:486510 (486.5 KB)

You can also use ifconfig to obtain information about just one network card.
[root@rhel6 ~]# ifconfig eth0
eth0 Link encap:Ethernet HWaddr 08:00:27:DD:0D:5C
inet addr:192.168.1.99 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::a00:27ff:fedd:d5c/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:2969 errors:0 dropped:0 overruns:0 frame:0
TX packets:1918 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000

264
 interface configuration

RX bytes:335942 (328.0 KiB) TX bytes:190157 (185.7 KiB)

When /sbin is not in the $PATH of a normal user you will have to type the full path, as
seen here on Debian.
paul@debian5:~$ /sbin/ifconfig eth3
eth3 Link encap:Ethernet HWaddr 08:00:27:ab:67:30
inet addr:192.168.1.29 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::a00:27ff:feab:6730/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:27155 errors:0 dropped:0 overruns:0 frame:0
TX packets:30527 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:13095386 (12.4 MiB) TX bytes:25767221 (24.5 MiB)

24.4.1. up and down

You can also use ifconfig to bring an interface up or down. The difference with ifup is that
ifconfig eth0 up will re-activate the nic keeping its existing (current) configuration, whereas
ifup will read the correct file that contains a (possibly new) configuration and use this config
file to bring the interface up.
[root@rhel6 ~]# ifconfig eth0 down
[root@rhel6 ~]# ifconfig eth0 up
[root@rhel6 ~]# ifconfig eth0
eth0 Link encap:Ethernet HWaddr 08:00:27:DD:0D:5C
inet addr:192.168.1.99 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::a00:27ff:fedd:d5c/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:2995 errors:0 dropped:0 overruns:0 frame:0
TX packets:1927 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:339030 (331.0 KiB) TX bytes:191583 (187.0 KiB)

24.4.2. setting ip address

You can temporary set an ip address with ifconfig. This ip address is only valid until the
next ifup/ifdown cycle or until the next reboot.
[root@rhel6 ~]# ifconfig eth0 | grep 192
inet addr:192.168.1.99 Bcast:192.168.1.255 Mask:255.255.255.0
[root@rhel6 ~]# ifconfig eth0 192.168.33.42 netmask 255.255.0.0
[root@rhel6 ~]# ifconfig eth0 | grep 192
inet addr:192.168.33.42 Bcast:192.168.255.255 Mask:255.255.0.0
[root@rhel6 ~]# ifdown eth0 && ifup eth0
[root@rhel6 ~]# ifconfig eth0 | grep 192
inet addr:192.168.1.99 Bcast:192.168.1.255 Mask:255.255.255.0

24.4.3. setting mac address

You can also use ifconfig to set another mac address than the one hard coded in the network
card. This screenshot shows you how.
[root@rhel6 ~]# ifconfig eth0 | grep HWaddr
eth0 Link encap:Ethernet HWaddr 08:00:27:DD:0D:5C
[root@rhel6 ~]# ifconfig eth0 hw ether 00:42:42:42:42:42
[root@rhel6 ~]# ifconfig eth0 | grep HWaddr
eth0 Link encap:Ethernet HWaddr 00:42:42:42:42:42

265
 interface configuration

24.5. ip
The ifconfig tool is deprecated on some systems. Use the ip tool instead.

To see ip addresses on RHEL7 for example, use this command:

[root@rhel71 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 08:00:27:89:22:33 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.135/24 brd 192.168.1.255 scope global dynamic enp0s3
valid_lft 6173sec preferred_lft 6173sec
inet6 fe80::a00:27ff:fe89:2233/64 scope link
valid_lft forever preferred_lft forever
[root@rhel71 ~]#

266
 interface configuration

24.6. dhclient
Home and client Linux desktops often have /sbin/dhclient running. This is a daemon that
enables a network interface to lease an ip configuration from a dhcp server. When your
adapter is configured for dhcp or bootp, then /sbin/ifup will start the dhclient daemon.

When a lease is renewed, dhclient will override your ifconfig set ip address!

24.7. hostname
Every host receives a hostname, often placed in a DNS name space forming the fqdn or
Fully Qualified Domain Name.

This screenshot shows the hostname command and the configuration of the hostname on
Red Hat/Fedora.
[root@rhel6 ~]# grep HOSTNAME /etc/sysconfig/network
HOSTNAME=rhel6
[root@rhel6 ~]# hostname
rhel6

Starting with RHEL7/CentOS7 this file is empty. The hostname is configured in the standard
/etc/hostname file.
[root@rhel71 ~]# cat /etc/hostname
rhel71.linux-training.be
[root@rhel71 ~]#

Ubuntu/Debian uses the /etc/hostname file to configure the hostname.

paul@debian8:~$ cat /etc/hostname
server42
paul@debian8:~$ hostname
server42

On all Linux distributions you can change the hostname using the hostname $newname
command. This is not a permanent change.
[root@rhel6 ~]# hostname server42
[root@rhel6 ~]# hostname
server42

On any Linux you can use sysctl to display and set the hostname.
[root@rhel6 ~]# sysctl kernel.hostname
kernel.hostname = server42
[root@rhel6 ~]# sysctl kernel.hostname=rhel6
kernel.hostname = rhel6
[root@rhel6 ~]# sysctl kernel.hostname
kernel.hostname = rhel6
[root@rhel6 ~]# hostname
rhel6

267
 interface configuration

24.8. arp
The ip to mac resolution is handled by the layer two broadcast protocol arp. The arp table
can be displayed with the arp tool. The screenshot below shows the list of computers that
this computer recently communicated with.
root@barry:~# arp -a
? (192.168.1.191) at 00:0C:29:3B:15:80 [ether] on eth1
agapi (192.168.1.73) at 00:03:BA:09:7F:D2 [ether] on eth1
anya (192.168.1.1) at 00:12:01:E2:87:FB [ether] on eth1
faith (192.168.1.41) at 00:0E:7F:41:0D:EB [ether] on eth1
kiss (192.168.1.49) at 00:D0:E0:91:79:95 [ether] on eth1
laika (192.168.1.40) at 00:90:F5:4E:AE:17 [ether] on eth1
pasha (192.168.1.71) at 00:03:BA:02:C3:82 [ether] on eth1
shaka (192.168.1.72) at 00:03:BA:09:7C:F9 [ether] on eth1
root@barry:~#

Anya is a Cisco Firewall, faith is a laser printer, kiss is a Kiss DP600, laika is a laptop and
Agapi, Shaka and Pasha are SPARC servers. The question mark is a Red Hat Enterprise
Linux server running on a virtual machine.

You can use arp -d to remove an entry from the arp table.
[root@rhel6 ~]# arp
Address HWtype HWaddress Flags Mask Iface
ubu1010 ether 00:26:bb:12:7a:5e C eth0
anya ether 00:02:cf:aa:68:f0 C eth0
[root@rhel6 ~]# arp -d anya
[root@rhel6 ~]# arp
Address HWtype HWaddress Flags Mask Iface
ubu1010 ether 00:26:bb:12:7a:5e C eth0
anya (incomplete) eth0
[root@rhel6 ~]# ping anya
PING anya (192.168.1.1) 56(84) bytes of data.
64 bytes from anya (192.168.1.1): icmp_seq=1 ttl=254 time=10.2 ms
...
[root@rhel6 ~]# arp
Address HWtype HWaddress Flags Mask Iface
ubu1010 ether 00:26:bb:12:7a:5e C eth0
anya ether 00:02:cf:aa:68:f0 C eth0

268
 interface configuration

24.9. route
You can see the computer's local routing table with the /sbin/route command (and also with
netstat -r ).
root@RHEL4b ~]# netstat -r
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
192.168.1.0 * 255.255.255.0 U 0 0 0 eth0
[root@RHEL4b ~]# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.1.0 * 255.255.255.0 U 0 0 0 eth0
[root@RHEL4b ~]#

It appears this computer does not have a gateway configured, so we use route add default
gw to add a default gateway on the fly.
[root@RHEL4b ~]# route add default gw 192.168.1.1
[root@RHEL4b ~]# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.1.0 * 255.255.255.0 U 0 0 0 eth0
default 192.168.1.1 0.0.0.0 UG 0 0 0 eth0
[root@RHEL4b ~]#

Unless you configure the gateway in one of the /etc/ file from the start of this chapter, your
computer will forget this gateway after a reboot.

24.10. ping
If you can ping to another host, then tcp/ip is configured.
[root@RHEL4b ~]# ping 192.168.1.5
PING 192.168.1.5 (192.168.1.5) 56(84) bytes of data.
64 bytes from 192.168.1.5: icmp_seq=0 ttl=64 time=1004 ms
64 bytes from 192.168.1.5: icmp_seq=1 ttl=64 time=1.19 ms
64 bytes from 192.168.1.5: icmp_seq=2 ttl=64 time=0.494 ms
64 bytes from 192.168.1.5: icmp_seq=3 ttl=64 time=0.419 ms

--- 192.168.1.5 ping statistics ---

4 packets transmitted, 4 received, 0% packet loss, time 3009ms
rtt min/avg/max/mdev = 0.419/251.574/1004.186/434.520 ms, pipe 2
[root@RHEL4b ~]#

269
 interface configuration

24.11. optional: ethtool

To display or change network card settings, use ethtool. The results depend on the capabili-
ties of your network card. The example shows a network that auto-negotiates it's bandwidth.
root@laika:~# ethtool eth0
Settings for eth0:
Supported ports: [ TP ]
Supported link modes: 10baseT/Half 10baseT/Full
100baseT/Half 100baseT/Full
1000baseT/Full
Supports auto-negotiation: Yes
Advertised link modes: 10baseT/Half 10baseT/Full
100baseT/Half 100baseT/Full
1000baseT/Full
Advertised auto-negotiation: Yes
Speed: 1000Mb/s
Duplex: Full
Port: Twisted Pair
PHYAD: 0
Transceiver: internal
Auto-negotiation: on
Supports Wake-on: pumbg
Wake-on: g
Current message level: 0x00000033 (51)
Link detected: yes

This example shows how to use ethtool to switch the bandwidth from 1000Mbit to 100Mbit
and back. Note that some time passes before the nic is back to 1000Mbit.
root@laika:~# ethtool eth0 | grep Speed
Speed: 1000Mb/s
root@laika:~# ethtool -s eth0 speed 100
root@laika:~# ethtool eth0 | grep Speed
Speed: 100Mb/s
root@laika:~# ethtool -s eth0 speed 1000
root@laika:~# ethtool eth0 | grep Speed
Speed: 1000Mb/s

270
 interface configuration

24.12. practice: interface configuration

1. Verify whether dhclient is running.

2. Display your current ip address(es).

3. Display the configuration file where this ip address is defined.

4. Follow the nic configuration in the book to change your ip address from dhcp client to
fixed. Keep the same ip address to avoid conflicts!

5. Did you also configure the correct gateway in the previous question ? If not, then do
this now.

6. Verify that you have a gateway.

7. Verify that you can connect to the gateway, that it is alive.

8. Change the last two digits of your mac address.

9. Which ports are used by http, pop3, ssh, telnet, nntp and ftp ?

10. Explain why e-mail and websites are sent over tcp and not udp.

11. Display the hostname of your computer.

12. Which ip-addresses did your computer recently have contact with ?

271
 interface configuration

24.13. solution: interface configuration

1. Verify whether dhclient is running.
paul@debian5:~$ ps fax | grep dhclient

2. Display your current ip address(es).

paul@debian5:~$ /sbin/ifconfig | grep 'inet '
inet addr:192.168.1.31 Bcast:192.168.1.255 Mask:255.255.255.0
inet addr:127.0.0.1 Mask:255.0.0.0

3. Display the configuration file where this ip address is defined.

Ubuntu/Debian: cat /etc/network/interfaces
Redhat/Fedora: cat /etc/sysconfig/network-scripts/ifcfg-eth*

4. Follow the nic configuration in the book to change your ip address from dhcp client to
fixed. Keep the same ip address to avoid conflicts!
Ubuntu/Debian:
ifdown eth0
vi /etc/network/interfaces
ifup eth0

Redhat/Fedora:
ifdown eth0
vi /etc/sysconfig/network-scripts/ifcfg-eth0
ifup eth0

5. Did you also configure the correct gateway in the previous question ? If not, then do
this now.

6. Verify that you have a gateway.

paul@debian5:~$ /sbin/route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.1.0 * 255.255.255.0 U 0 0 0 eth0
default 192.168.1.1 0.0.0.0 UG 0 0 0 eth0

7. Verify that you can connect to the gateway, that it is alive.

paul@debian5:~$ ping -c3 192.168.1.1
PING 192.168.1.1 (192.168.1.1) 56(84) bytes of data.
64 bytes from 192.168.1.1: icmp_seq=1 ttl=254 time=2.28 ms
64 bytes from 192.168.1.1: icmp_seq=2 ttl=254 time=2.94 ms
64 bytes from 192.168.1.1: icmp_seq=3 ttl=254 time=2.34 ms

--- 192.168.1.1 ping statistics ---

3 packets transmitted, 3 received, 0% packet loss, time 2008ms
rtt min/avg/max/mdev = 2.283/2.524/2.941/0.296 ms

8. Change the last two digits of your mac address.

[root@rhel6 ~]# ifconfig eth0 hw ether 08:00:27:ab:67:XX

9. Which ports are used by http, pop3, ssh, telnet, nntp and ftp ?
root@rhel6 ~# grep ^'http ' /etc/services

272
 interface configuration

http 80/tcp www www-http # WorldWideWeb HTTP

http 80/udp www www-http # HyperText Transfer Protocol
root@rhel6 ~# grep ^'smtp ' /etc/services
smtp 25/tcp mail
smtp 25/udp mail
root@rhel6 ~# grep ^'ssh ' /etc/services
ssh 22/tcp # The Secure Shell (SSH) Protocol
ssh 22/udp # The Secure Shell (SSH) Protocol
root@rhel6 ~# grep ^'telnet ' /etc/services
telnet 23/tcp
telnet 23/udp
root@rhel6 ~# grep ^'nntp ' /etc/services
nntp 119/tcp readnews untp # USENET News Transfer Protocol
nntp 119/udp readnews untp # USENET News Transfer Protocol
root@rhel6 ~# grep ^'ftp ' /etc/services
ftp 21/tcp
ftp 21/udp fsp fspd

10. Explain why e-mail and websites are sent over tcp and not udp.
Because tcp is reliable and udp is not.

11. Display the hostname of your computer.

paul@debian5:~$ hostname
debian5

12. Which ip-addresses did your computer recently have contact with ?
root@rhel6 ~# arp -a
? (192.168.1.1) at 00:02:cf:aa:68:f0 [ether] on eth2
? (192.168.1.30) at 00:26:bb:12:7a:5e [ether] on eth2
? (192.168.1.31) at 08:00:27:8e:8a:a8 [ether] on eth2

273
Chapter 25. network sniffing
A network administrator should be able to use a sniffer like wireshark or tcpdump to trou-
bleshoot network problems.

A student should often use a sniffer to learn about networking. This chapter introduces you
to network sniffing.

274
 network sniffing

25.1. wireshark
25.1.1. installing wireshark
This example shows how to install wireshark on .deb based distributions (including Debian,
Mint, Xubuntu, and others).
root@debian8:~# apt-get install wireshark
Reading package lists... Done
Building dependency tree
Reading state information... Done
... (output truncated)

On .rpm based distributions like CentOS, RHEL and Fedora you can use yum to install
wireshark.
[root@centos7 ~]# yum install wireshark
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
... (output truncated)

25.1.2. selecting interface

When you start wireshark for the first time, you will need to select an interface. You will
see a dialog box that looks similar to this one.

It is possible that there are no interfaces available because some distributions only allow
root to sniff the network. You may need to use sudo wireshark.

Or you can follow the general advice to sniff using tcpdump or any other tool, and save the
capture to a file. Any saved capture can be analyzed using wireshark at a later time.

275
 network sniffing

25.1.3. minimize traffic

Sniffing a network can generate many thousands of packets in a very short time. This can
be overwhelming. Try to mitigate by isolating your sniffer on the network. Preferably sniff
an isolated virtual network interface over which you control all traffic.

If you are at home to learn sniffing, then it could help to close all network programs on
your computer, and disconnect other computers and devices like smartphones and tablets
to minimize the traffic.

Even more important than this is the use of filters which will be discussed in this chapter.

25.1.4. sniffing ping

I started the sniffer and captured all packets while doing these three ping commands (there
is no need for root to do this):
root@debian7:~# ping -c2 ns1.paul.local
PING ns1.paul.local (10.104.33.30) 56(84) bytes of data.
64 bytes from 10.104.33.30: icmp_req=1 ttl=64 time=0.010 ms
64 bytes from 10.104.33.30: icmp_req=2 ttl=64 time=0.023 ms

--- ns1.paul.local ping statistics ---

2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 0.010/0.016/0.023/0.007 ms
root@debian7:~# ping -c3 linux-training.be
PING linux-training.be (188.93.155.87) 56(84) bytes of data.
64 bytes from antares.ginsys.net (188.93.155.87): icmp_req=1 ttl=56 time=15.6 ms
64 bytes from antares.ginsys.net (188.93.155.87): icmp_req=2 ttl=56 time=17.8 ms
64 bytes from antares.ginsys.net (188.93.155.87): icmp_req=3 ttl=56 time=14.7 ms

--- linux-training.be ping statistics ---

3 packets transmitted, 3 received, 0% packet loss, time 2003ms
rtt min/avg/max/mdev = 14.756/16.110/17.881/1.309 ms
root@debian7:~# ping -c1 centos7.paul.local
PING centos7.paul.local (10.104.33.31) 56(84) bytes of data.
64 bytes from 10.104.33.31: icmp_req=1 ttl=64 time=0.590 ms

--- centos7.paul.local ping statistics ---

1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.590/0.590/0.590/0.000 ms

In total more than 200 packets were sniffed from the network. Things become clearer when
you enter icmp in the filter field and press the apply button.

276
 network sniffing

25.1.5. sniffing ping and dns

Using the same capture as before, but now with a different filter. We want to see both dns
and icmp traffic, so we enter both in the filter field.

We put dns or icmp in the filter to achieve this. Putting dns and icmp would render nothing
because there is no packet that matches both protocols.

In the screenshot above you can see that packets 25 and 26 both have 10.104.33.30 as source
and destination ip address. That is because the dns client is the same computer as the dns
server.

The same is true for packets 31 and 32, since the machine is actually pinging itself.

25.1.6. specific ip address

This is a screenshot that filters for dns packets that contain a certain ip address. The filter
in use is ip.addr==10.104.33.30 and dns. The and directive forces each displayed packet
to match both conditions.

Packet 93 is the dns query for the A record of linux-training.be. Packet 98 is the response
from the dns server. What do you think happened in the packets between 93 and 98 ? Try
to answer this before reading on (it always helps to try to predict what you will see, and
then checking your prediction).

25.1.7. filtering by frame

The correct technical term for a packet as sniffed is a frame (because we sniff on layer two).
So to display packets with certain numbers, we use frame.number in the filter.

277
 network sniffing

25.1.8. looking inside packets

The middle pane can be expanded. When selecting a line in this pane, you can see the cor-
responding bytes in the frame in the bottom panel.

This screenshot shows the middle pane with the source address of my laptop selected.

Note that the above works fine when sniffing one interface. When sniffing with for example
tcpdump -i any you will end up with Linux cooked at this level.

25.1.9. other filter examples

You can combine two protocols with a logical or between them. The example below shows
how to filter only arp and bootp (or dhcp) packets.

This example shows how to filter for dns traffic containing a certain ip address.

278
 network sniffing

25.2. tcpdump
Sniffing on the command line can be done with tcpdump. Here are some examples.

Using the tcpdump host $ip command displays all traffic with one host (192.168.1.38 in
this example).
root@ubuntu910:~# tcpdump host 192.168.1.38
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes

Capturing only ssh (tcp port 22) traffic can be done with tcpdump tcp port $port. This
screenshot is cropped to 76 characters for readability in the pdf.
root@deb503:~# tcpdump tcp port 22
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth1, link-type EN10MB (Ethernet), capture size 96 bytes
14:22:20.716313 IP deb503.local.37973 > rhel53.local.ssh: P 666050963:66605
14:22:20.719936 IP rhel53.local.ssh > deb503.local.37973: P 1:49(48) ack 48
14:22:20.720922 IP rhel53.local.ssh > deb503.local.37973: P 49:113(64) ack
14:22:20.721321 IP rhel53.local.ssh > deb503.local.37973: P 113:161(48) ack
14:22:20.721820 IP deb503.local.37973 > rhel53.local.ssh: . ack 161 win 200
14:22:20.722492 IP rhel53.local.ssh > deb503.local.37973: P 161:225(64) ack
14:22:20.760602 IP deb503.local.37973 > rhel53.local.ssh: . ack 225 win 200
14:22:23.108106 IP deb503.local.54424 > ubuntu910.local.ssh: P 467252637:46
14:22:23.116804 IP ubuntu910.local.ssh > deb503.local.54424: P 1:81(80) ack
14:22:23.116844 IP deb503.local.54424 > ubuntu910.local.ssh: . ack 81 win 2
^C
10 packets captured
10 packets received by filter
0 packets dropped by kernel

Same as above, but write the output to a file with the tcpdump -w $filename command.
root@ubuntu910:~# tcpdump -w sshdump.tcpdump tcp port 22
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
^C
17 packets captured
17 packets received by filter
0 packets dropped by kernel

With tcpdump -r $filename the file created above can be displayed.

root@ubuntu910:~# tcpdump -r sshdump.tcpdump

Many more examples can be found in the manual page of tcpdump.

279
 network sniffing

25.3. practice: network sniffing

1. Install wireshark on your computer (not inside a virtual machine).

2. Start a ping between your computer and another computer.

3. Start sniffing the network.

4. Display only the ping echo's in the top pane using a filter.

5. Now ping to a name (like www.linux-training.be) and try to sniff the DNS query and
response. Which DNS server was used ? Was it a tcp or udp query and response ?

6. Find an amateur/hobby/club website that features a login prompt. Attempt to login with
user 'paul' and password 'hunter2' while your sniffer is running. Now find this information
in the sniffer.

280
 network sniffing

25.4. solution: network sniffing

1. Install wireshark on your computer (not inside a virtual machine).
Debian/Ubuntu: aptitude install wireshark

Red Hat/Mandriva/Fedora: yum install wireshark

2. Start a ping between your computer and another computer.

ping $ip_address

3. Start sniffing the network.

(sudo) wireshark

select an interface (probably eth0)

4. Display only the ping echo's in the top pane using a filter.
type 'icmp' (without quotes) in the filter box, and then click 'apply'

5. Now ping to a name (like www.linux-training.be) and try to sniff the DNS query and
response. Which DNS server was used ? Was it a tcp or udp query and response ?
First start the sniffer.

Enter 'dns' in the filter box and click apply.

root@ubuntu910:~# ping www.linux-training.be

PING www.linux-training.be (88.151.243.8) 56(84) bytes of data.
64 bytes from fosfor.openminds.be (88.151.243.8): icmp_seq=1 ttl=58 time=14.9 ms
64 bytes from fosfor.openminds.be (88.151.243.8): icmp_seq=2 ttl=58 time=16.0 ms
^C
--- www.linux-training.be ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1002ms
rtt min/avg/max/mdev = 14.984/15.539/16.095/0.569 ms

The wireshark screen should look something like this.

The details in wireshark will say the DNS query was inside a udp packet.

6. Find an amateur/hobby/club website that features a login prompt. Attempt to login with
user 'paul' and password 'hunter2' while your sniffer is running. Now find this information
in the sniffer.

281
Chapter 26. binding and bonding
Sometimes a server needs more than one ip address on the same network card, we call this
binding ip addresses.

Linux can also activate multiple network cards behind the same ip address, this is called
bonding.

This chapter will teach you how to configure binding and bonding on the most common
Linux distributions.

282
 binding and bonding

26.1. binding on Redhat/Fedora

26.1.1. binding extra ip addresses
To bind more than one ip address to the same interface, use ifcfg-eth0:0, where the last
zero can be anything else. Only two directives are required in the files.
[root@rhel6 ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth0:0
DEVICE="eth0:0"
IPADDR="192.168.1.133"
[root@rhel6 ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth0:1
DEVICE="eth0:0"
IPADDR="192.168.1.142"

26.1.2. enabling extra ip-addresses

To activate a virtual network interface, use ifup, to deactivate it, use ifdown.
[root@rhel6 ~]# ifup eth0:0
[root@rhel6 ~]# ifconfig | grep 'inet '
inet addr:192.168.1.99 Bcast:192.168.1.255 Mask:255.255.255.0
inet addr:192.168.1.133 Bcast:192.168.1.255 Mask:255.255.255.0
inet addr:127.0.0.1 Mask:255.0.0.0
[root@rhel6 ~]# ifup eth0:1
[root@rhel6 ~]# ifconfig | grep 'inet '
inet addr:192.168.1.99 Bcast:192.168.1.255 Mask:255.255.255.0
inet addr:192.168.1.133 Bcast:192.168.1.255 Mask:255.255.255.0
inet addr:192.168.1.142 Bcast:192.168.1.255 Mask:255.255.255.0
inet addr:127.0.0.1 Mask:255.0.0.0

26.1.3. verifying extra ip-addresses

Use ping from another computer to check the activation, or use ifconfig like in this screen-
shot.
[root@rhel6 ~]# ifconfig
eth0 Link encap:Ethernet HWaddr 08:00:27:DD:0D:5C
inet addr:192.168.1.99 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::a00:27ff:fedd:d5c/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1259 errors:0 dropped:0 overruns:0 frame:0
TX packets:545 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:115260 (112.5 KiB) TX bytes:84293 (82.3 KiB)

eth0:0 Link encap:Ethernet HWaddr 08:00:27:DD:0D:5C

inet addr:192.168.1.133 Bcast:192.168.1.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1

eth0:1 Link encap:Ethernet HWaddr 08:00:27:DD:0D:5C

inet addr:192.168.1.142 Bcast:192.168.1.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1

283
 binding and bonding

26.2. binding on Debian/Ubuntu

26.2.1. binding extra ip addresses
The configuration of multiple ip addresses on the same network card is done in /etc/net-
work/interfaces by adding eth0:x devices. Adding the netmask is mandatory.
debian5:~# cat /etc/network/interfaces
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

# The loopback network interface

auto lo
iface lo inet loopback

# The primary network interface

iface eth0 inet static
address 192.168.1.34
network 192.168.1.0
netmask 255.255.255.0
gateway 192.168.1.1
auto eth0

auto eth0:0
iface eth0:0 inet static
address 192.168.1.233
netmask 255.255.255.0

auto eth0:1
iface eth0:1 inet static
address 192.168.1.242
netmask 255.255.255.0

26.2.2. enabling extra ip-addresses

Use ifup to enable the extra addresses.
debian5:~# ifup eth0:0
debian5:~# ifup eth0:1

26.2.3. verifying extra ip-addresses

Use ping from another computer to check the activation, or use ifconfig like in this screen-
shot.
debian5:~# ifconfig | grep 'inet '
inet addr:192.168.1.34 Bcast:192.168.1.255 Mask:255.255.255.0
inet addr:192.168.1.233 Bcast:192.168.1.255 Mask:255.255.255.0
inet addr:192.168.1.242 Bcast:192.168.1.255 Mask:255.255.255.0
inet addr:127.0.0.1 Mask:255.0.0.0

284
 binding and bonding

26.3. bonding on Redhat/Fedora

We start with ifconfig -a to get a list of all the network cards on our system.
[root@rhel6 network-scripts]# ifconfig -a | grep Ethernet
eth0 Link encap:Ethernet HWaddr 08:00:27:DD:0D:5C
eth1 Link encap:Ethernet HWaddr 08:00:27:DA:C1:49
eth2 Link encap:Ethernet HWaddr 08:00:27:40:03:3B

In this demo we decide to bond eth1 and eth2.

We will name our bond bond0 and add this entry to modprobe so the kernel can load the
bonding module when we bring the interface up.
[root@rhel6 network-scripts]# cat /etc/modprobe.d/bonding.conf
alias bond0 bonding

Then we create /etc/sysconfig/network-scripts/ifcfg-bond0 to configure our bond0 inter-

face.
[root@rhel6 network-scripts]# pwd
/etc/sysconfig/network-scripts
[root@rhel6 network-scripts]# cat ifcfg-bond0
DEVICE=bond0
IPADDR=192.168.1.199
NETMASK=255.255.255.0
ONBOOT=yes
BOOTPROTO=none
USERCTL=no

Next we create two files, one for each network card that we will use as slave in bond0.
[root@rhel6 network-scripts]# cat ifcfg-eth1
DEVICE=eth1
BOOTPROTO=none
ONBOOT=yes
MASTER=bond0
SLAVE=yes
USERCTL=no
[root@rhel6 network-scripts]# cat ifcfg-eth2
DEVICE=eth2
BOOTPROTO=none
ONBOOT=yes
MASTER=bond0
SLAVE=yes
USERCTL=no

Finally we bring the interface up with ifup bond0.

[root@rhel6 network-scripts]# ifup bond0
[root@rhel6 network-scripts]# ifconfig bond0
bond0 Link encap:Ethernet HWaddr 08:00:27:DA:C1:49
inet addr:192.168.1.199 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::a00:27ff:feda:c149/64 Scope:Link
UP BROADCAST RUNNING MASTER MULTICAST MTU:1500 Metric:1
RX packets:251 errors:0 dropped:0 overruns:0 frame:0
TX packets:21 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:39852 (38.9 KiB) TX bytes:1070 (1.0 KiB)

The bond should also be visible in /proc/net/bonding.

285
 binding and bonding

[root@rhel6 network-scripts]# cat /proc/net/bonding/bond0

Ethernet Channel Bonding Driver: v3.5.0 (November 4, 2008)

Bonding Mode: load balancing (round-robin)

MII Status: up
MII Polling Interval (ms): 0
Up Delay (ms): 0
Down Delay (ms): 0

Slave Interface: eth1

MII Status: up
Link Failure Count: 0
Permanent HW addr: 08:00:27:da:c1:49

Slave Interface: eth2

MII Status: up
Link Failure Count: 0
Permanent HW addr: 08:00:27:40:03:3b

286
 binding and bonding

26.4. bonding on Debian/Ubuntu

We start with ifconfig -a to get a list of all the network cards on our system.
debian5:~# ifconfig -a | grep Ethernet
eth0 Link encap:Ethernet HWaddr 08:00:27:bb:18:a4
eth1 Link encap:Ethernet HWaddr 08:00:27:63:9a:95
eth2 Link encap:Ethernet HWaddr 08:00:27:27:a4:92

In this demo we decide to bond eth1 and eth2.

We also need to install the ifenslave package.

debian5:~# aptitude search ifenslave
p ifenslave - Attach and detach slave interfaces to a bonding device
p ifenslave-2.6 - Attach and detach slave interfaces to a bonding device
debian5:~# aptitude install ifenslave
Reading package lists... Done
...

Next we update the /etc/network/interfaces file with information about the bond0 interface.
debian5:~# tail -7 /etc/network/interfaces
iface bond0 inet static
address 192.168.1.42
netmask 255.255.255.0
gateway 192.168.1.1
slaves eth1 eth2
bond-mode active-backup
bond_primary eth1

On older version of Debian/Ubuntu you needed to modprobe bonding, but this is no longer
required. Use ifup to bring the interface up, then test that it works.
debian5:~# ifup bond0
debian5:~# ifconfig bond0
bond0 Link encap:Ethernet HWaddr 08:00:27:63:9a:95
inet addr:192.168.1.42 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::a00:27ff:fe63:9a95/64 Scope:Link
UP BROADCAST RUNNING MASTER MULTICAST MTU:1500 Metric:1
RX packets:212 errors:0 dropped:0 overruns:0 frame:0
TX packets:39 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:31978 (31.2 KiB) TX bytes:6709 (6.5 KiB)

The bond should also be visible in /proc/net/bonding.

debian5:~# cat /proc/net/bonding/bond0
Ethernet Channel Bonding Driver: v3.2.5 (March 21, 2008)

Bonding Mode: fault-tolerance (active-backup)

Primary Slave: eth1
Currently Active Slave: eth1
MII Status: up
MII Polling Interval (ms): 0
Up Delay (ms): 0
Down Delay (ms): 0

Slave Interface: eth1

MII Status: up
Link Failure Count: 0

287
 binding and bonding

Permanent HW addr: 08:00:27:63:9a:95

Slave Interface: eth2

MII Status: up
Link Failure Count: 0
Permanent HW addr: 08:00:27:27:a4:92

288
 binding and bonding

26.5. practice: binding and bonding

1. Add an extra ip address to one of your network cards. Test that it works (have your
neighbour ssh to it)!

2. Use ifdown to disable this extra ip address.

3. Make sure your neighbour also succeeded in binding an extra ip address before you
continue.

4. Add an extra network card (or two) to your virtual machine and use the theory to bond
two network cards.

289
 binding and bonding

26.6. solution: binding and bonding

1. Add an extra ip address to one of your network cards. Test that it works (have your
neighbour ssh to it)!
Redhat/Fedora:
add an /etc/sysconfig/network-scripts/ifcfg-ethX:X file
as shown in the theory

Debian/Ubuntu:
expand the /etc/network/interfaces file
as shown in the theory

2. Use ifdown to disable this extra ip address.

ifdown eth0:0

3. Make sure your neighbour also succeeded in binding an extra ip address before you
continue.
ping $extra_ip_neighbour
or
ssh $extra_ip_neighbour

4. Add an extra network card (or two) to your virtual machine and use the theory to bond
two network cards.
Redhat/Fedora:
add ifcfg-ethX and ifcfg-bondX files in /etc/sysconfig/network-scripts
as shown in the theory
and don't forget the modprobe.conf

Debian/Ubuntu:
expand the /etc/network/interfaces file
as shown in the theory
and don't forget to install the ifenslave package

290
Chapter 27. introduction to
networking

291
 introduction to networking

27.1. introduction to iptables

27.1.1. iptables firewall
The Linux kernel has a built-in stateful firewall named iptables. To stop the iptables firewall
on Red Hat, use the service command.

root@RHELv4u4:~# service iptables stop

Flushing firewall rules: [ OK ]
Setting chains to policy ACCEPT: filter [ OK ]
Unloading iptables modules: [ OK ]
root@RHELv4u4:~#

The easy way to configure iptables, is to use a graphical tool like KDE's kmyfirewall or
Security Level Configuration Tool. You can find the latter in the graphical menu, some-
where in System Tools - Security, or you can start it by typing system-config-securitylevel
in bash. These tools allow for some basic firewall configuration. You can decide whether to
enable or disable the firewall, and what typical standard ports are allowed when the firewall
is active. You can even add some custom ports. When you are done, the configuration is
written to /etc/sysconfig/iptables on Red Hat.

root@RHELv4u4:~# cat /etc/sysconfig/iptables

# Firewall configuration written by system-config-securitylevel
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p 50 -j ACCEPT
-A RH-Firewall-1-INPUT -p 51 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A RH-F...NPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A RH-F...NPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
-A RH-F...NPUT -m state --state NEW -m tcp -p tcp --dport 21 -j ACCEPT
-A RH-F...NPUT -m state --state NEW -m tcp -p tcp --dport 25 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT
root@RHELv4u4:~#

To start the service, issue the service iptables start command. You can configure iptables
to start at boot time with chkconfig.

root@RHELv4u4:~# service iptables start

Applying iptables firewall rules: [ OK ]
root@RHELv4u4:~# chkconfig iptables on
root@RHELv4u4:~#

292
 introduction to networking

One of the nice features of iptables is that it displays extensive status information when
queried with the service iptables status command.

root@RHELv4u4:~# service iptables status

Table: filter
Chain INPUT (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT all -- 0.0.0.0/0 0.0.0.0/0

Chain FORWARD (policy ACCEPT)

target prot opt source destination
RH-Firewall-1-INPUT all -- 0.0.0.0/0 0.0.0.0/0

Chain OUTPUT (policy ACCEPT)

target prot opt source destination

Chain RH-Firewall-1-INPUT (2 references)

target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 255
ACCEPT esp -- 0.0.0.0/0 0.0.0.0/0
ACCEPT ah -- 0.0.0.0/0 0.0.0.0/0
ACCEPT udp -- 0.0.0.0/0 224.0.0.251 udp dpt:5353
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:631
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:80
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:21
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:25
REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited

root@RHELv4u4:~#

Mastering firewall configuration requires a decent knowledge of tcp/ip. Good iptables tuto-
rials can be found online here http://iptables-tutorial.frozentux.net/iptables-tutorial.html and
here http://tldp.org/HOWTO/IP-Masquerade-HOWTO/.

27.2. practice : iptables

1. Verify whether the firewall is running.

2. Stop the running firewall.

293
 introduction to networking

27.3. solution : iptables

1. Verify whether the firewall is running.
root@rhel55 ~# service iptables status | head
Table: filter
Chain INPUT (policy ACCEPT)
num target prot opt source destination
1 RH-Firewall-1-INPUT all -- 0.0.0.0/0 0.0.0.0/0

Chain FORWARD (policy ACCEPT)

num target prot opt source destination
1 RH-Firewall-1-INPUT all -- 0.0.0.0/0 0.0.0.0/0

Chain OUTPUT (policy ACCEPT)

2. Stop the running firewall.

root@rhel55 ~# service iptables stop
Flushing firewall rules: [ OK ]
Setting chains to policy ACCEPT: filter [ OK ]
Unloading iptables modules: [ OK ]
root@rhel55 ~# service iptables status
Firewall is stopped.

294
 introduction to networking

27.4. xinetd and inetd

27.4.1. the superdaemon
Back when resources like RAM memory were limited, a super-server was devised to listen
to all sockets and start the appropriate daemon only when needed. Services like swat, telnet
and ftp are typically served by such a super-server. The xinetd superdaemon is more recent
than inetd. We will discuss the configuration both daemons.

Recent Linux distributions like RHEL5 and Ubuntu10.04 do not activate inetd or xinetd by
default, unless an application requires it.

27.4.2. inetd or xinetd

First verify whether your computer is running inetd or xinetd. This Debian 4.0 Etch is
running inetd.

root@barry:~# ps fax | grep inet

3870 ? Ss 0:00 /usr/sbin/inetd

This Red Hat Enterprise Linux 4 update 4 is running xinetd.

[root@RHEL4b ~]# ps fax | grep inet

3003 ? Ss 0:00 xinetd -stayalive -pidfile /var/run/xinetd.pid

Both daemons have the same functionality (listening to many ports, starting other daemons
when they are needed), but they have different configuration files.

27.4.3. xinetd superdaemon

The xinetd daemon is often called a superdaemon because it listens to a lot of incoming
connections, and starts other daemons when they are needed. When a connection request
is received, xinetd will first check TCP wrappers (/etc/hosts.allow and /etc/hosts.deny) and
then give control of the connection to the other daemon. This superdaemon is configured
through /etc/xinetd.conf and the files in the directory /etc/xinetd.d. Let's first take a look
at /etc/xinetd.conf.

paul@RHELv4u2:~$ cat /etc/xinetd.conf

#
# Simple configuration file for xinetd
#
# Some defaults, and include /etc/xinetd.d/

defaults
{
instances = 60
log_type = SYSLOG authpriv
log_on_success = HOST PID
log_on_failure = HOST
cps = 25 30

295
 introduction to networking

includedir /etc/xinetd.d

paul@RHELv4u2:~$

According to the settings in this file, xinetd can handle 60 client requests at once. It uses the
authpriv facility to log the host ip-address and pid of successful daemon spawns. When a
service (aka protocol linked to daemon) gets more than 25 cps (connections per second), it
holds subsequent requests for 30 seconds.

The directory /etc/xinetd.d contains more specific configuration files. Let's also take a look
at one of them.

paul@RHELv4u2:~$ ls /etc/xinetd.d
amanda chargen-udp echo klogin rexec talk
amandaidx cups-lpd echo-udp krb5-telnet rlogin telnet
amidxtape daytime eklogin kshell rsh tftp
auth daytime-udp finger ktalk rsync time
chargen dbskkd-cdb gssftp ntalk swat time-udp
paul@RHELv4u2:~$ cat /etc/xinetd.d/swat
# default: off
# description: SWAT is the Samba Web Admin Tool. Use swat \
# to configure your Samba server. To use SWAT, \
# connect to port 901 with your favorite web browser.
service swat
{
port = 901
socket_type = stream
wait = no
only_from = 127.0.0.1
user = root
server = /usr/sbin/swat
log_on_failure += USERID
disable = yes
}
paul@RHELv4u2:~$

The services should be listed in the /etc/services file. Port determines the service port, and
must be the same as the port specified in /etc/services. The socket_type should be set to
stream for tcp services (and to dgram for udp). The log_on_failure += concats the userid
to the log message formatted in /etc/xinetd.conf. The last setting disable can be set to yes
or no. Setting this to no means the service is enabled!

Check the xinetd and xinetd.conf manual pages for many more configuration options.

27.4.4. inetd superdaemon

This superdaemon has only one configuration file /etc/inetd.conf. Every protocol or daemon
that it is listening for, gets one line in this file.

root@barry:~# grep ftp /etc/inetd.conf

tftp dgram udp wait nobody /usr/sbin/tcpd /usr/sbin/in.tftpd /boot/tftp
root@barry:~#

296
 introduction to networking

You can disable a service in inetd.conf above by putting a # at the start of that line. Here an
example of the disabled vmware web interface (listening on tcp port 902).

paul@laika:~$ grep vmware /etc/inetd.conf

#902 stream tcp nowait root /usr/sbin/vmware-authd vmware-authd

27.5. practice : inetd and xinetd

1. Verify on all systems whether they are using xinetd or inetd.

2. Look at the configuration files.

3. (If telnet is installable, then replace swat in these questions with telnet) Is swat installed ?
If not, then install swat and look at the changes in the (x)inetd configuration. Is swat enabled
or disabled ?

4. Disable swat, test it. Enable swat, test it.

297
 introduction to networking

27.6. network file system

27.6.1. protocol versions
The older nfs versions 2 and 3 are stateless (udp) by default, but they can use tcp. Clients
connect to the server using rpc (on Linux this is controlled by the portmap daemon. Look
at rpcinfo to verify that nfs and its related services are running.

root@RHELv4u2:~# /etc/init.d/portmap status

portmap (pid 1920) is running...
root@RHELv4u2:~# rpcinfo -p
program vers proto port
100000 2 tcp 111 portmapper
100000 2 udp 111 portmapper
100024 1 udp 32768 status
100024 1 tcp 32769 status
root@RHELv4u2:~# service nfs start
Starting NFS services: [ OK ]
Starting NFS quotas: [ OK ]
Starting NFS daemon: [ OK ]
Starting NFS mountd: [ OK ]

The same rpcinfo command when nfs is started.

root@RHELv4u2:~# rpcinfo -p
program vers proto port
100000 2 tcp 111 portmapper
100000 2 udp 111 portmapper
100024 1 udp 32768 status
100024 1 tcp 32769 status
100011 1 udp 985 rquotad
100011 2 udp 985 rquotad
100011 1 tcp 988 rquotad
100011 2 tcp 988 rquotad
100003 2 udp 2049 nfs
100003 3 udp 2049 nfs
100003 4 udp 2049 nfs
100003 2 tcp 2049 nfs
100003 3 tcp 2049 nfs
100003 4 tcp 2049 nfs
100021 1 udp 32770 nlockmgr
100021 3 udp 32770 nlockmgr
100021 4 udp 32770 nlockmgr
100021 1 tcp 32789 nlockmgr
100021 3 tcp 32789 nlockmgr
100021 4 tcp 32789 nlockmgr
100005 1 udp 1004 mountd
100005 1 tcp 1007 mountd
100005 2 udp 1004 mountd
100005 2 tcp 1007 mountd
100005 3 udp 1004 mountd
100005 3 tcp 1007 mountd
root@RHELv4u2:~#

nfs version 4 requires tcp (port 2049) and supports Kerberos user authentication as an
option. nfs authentication only takes place when mounting the share. nfs versions 2 and 3
authenticate only the host.

298
 introduction to networking

27.6.2. server configuration

nfs is configured in /etc/exports. Here is a sample /etc/exports to explain the syntax. You
need some way (NIS domain or LDAP) to synchronize userid's across computers when us-
ing nfs a lot. The rootsquash option will change UID 0 to the UID of the nfsnobody user
account. The sync option will write writes to disk before completing the client request.

paul@laika:~$ cat /etc/exports

# Everyone can read this share
/mnt/data/iso *(ro)

# Only the computers barry and pasha can readwrite this one
/var/www pasha(rw) barry(rw)

# same, but without root squashing for barry

/var/ftp pasha(rw) barry(rw,no_root_squash)

# everyone from the netsec.lan domain gets access

/var/backup *.netsec.lan(rw)

# ro for one network, rw for the other

/var/upload 192.168.1.0/24(ro) 192.168.5.0/24(rw)

You don't need to restart the nfs server to start exporting your newly created exports. You
can use the exportfs -va command to do this. It will write the exported directories to /var/
lib/nfs/etab, where they are immediately applied.

27.6.3. client configuration

We have seen the mount command and the /etc/fstab file before.

root@RHELv4u2:~# mount -t nfs barry:/mnt/data/iso /home/project55/

root@RHELv4u2:~# cat /etc/fstab | grep nfs
barry:/mnt/data/iso /home/iso nfs defaults 0 0
root@RHELv4u2:~#

Here is another simple example. Suppose the project55 people tell you they only need a
couple of CD-ROM images, and you already have them available on an nfs server. You
could issue the following command to mount this storage on their /home/project55 mount
point.

root@RHELv4u2:~# mount -t nfs 192.168.1.40:/mnt/data/iso /home/project55/

root@RHELv4u2:~# ls -lh /home/project55/
total 3.6G
drwxr-xr-x 2 1000 1000 4.0K Jan 16 17:55 RHELv4u1
drwxr-xr-x 2 1000 1000 4.0K Jan 16 14:14 RHELv4u2
drwxr-xr-x 2 1000 1000 4.0K Jan 16 14:54 RHELv4u3
drwxr-xr-x 2 1000 1000 4.0K Jan 16 11:09 RHELv4u4
-rw-r--r-- 1 root root 1.6G Oct 13 15:22 sled10-vmwarews5-vm.zip
root@RHELv4u2:~#

299
 introduction to networking

27.7. practice : network file system

1. Create two directories with some files. Use nfs to share one of them as read only, the other
must be writable. Have your neighbour connect to them to test.

2. Investigate the user owner of the files created by your neighbour.

3. Protect a share by ip-address or hostname, so only your neighbour can connect.

300
Part XII. apache and squid
Table of Contents
28. introduction to squid ...................................................................................................... 303
28.1. about proxy servers ............................................................................................... 303
28.2. installing squid ..................................................................................................... 304
28.3. port 3128 ............................................................................................................ 304
28.4. starting and stopping ............................................................................................. 304
28.5. client proxy settings .............................................................................................. 305
28.6. upside down images .............................................................................................. 307
28.7. /var/log/squid ........................................................................................................ 309
28.8. access control ....................................................................................................... 309
28.9. testing squid ........................................................................................................ 309
28.10. name resolution .................................................................................................. 309

302
Chapter 28. introduction to squid
28.1. about proxy servers
28.1.1. usage
A proxy server is a server that caches the internet. Clients connect to the proxy server with
a request for an internet server. The proxy server will connect to the internet server on behalf
of the client. The proxy server will also cache the pages retrieved from the internet server.
A proxy server may provide pages from his cache to a client, instead of connecting to the
internet server to retrieve the (same) pages.

A proxy server has two main advantages. It improves web surfing speed when returning
cached data to clients, and it reduces the required bandwidth (cost) to the internet.

Smaller organizations sometimes put the proxy server on the same physical computer that
serves as a NAT to the internet. In larger organizations, the proxy server is one of many
servers in the DMZ.

When web traffic passes via a proxy server, it is common practice to configure the proxy
with extra settings for access control. Access control in a proxy server can mean user account
access, but also website(url), ip-address or dns restrictions.

28.1.2. open proxy servers

You can find lists of open proxy servers on the internet that enable you to surf anonymously.
This works when the proxy server connects on your behalf to a website, without logging
your ip-address. But be careful, these (listed) open proxy servers could be created in order
to eavesdrop upon their users.

28.1.3. squid
This module is an introduction to the squid proxy server (http://www.squid-cache.org). We
will first configure squid as a normal proxy server.

303
 introduction to squid

28.2. installing squid

This screenshot shows how to install squid on Debian with aptitude. Use yum if you are
on Red Hat/CentOS.
root@debian7:~# aptitude install squid
The following NEW packages will be installed:
squid squid-common{a} squid-langpack{a}
0 packages upgraded, 3 newly installed, 0 to remove and 0 not upgraded.
Need to get 1,513 kB of archives. After unpacking 4,540 kB will be used.
Do you want to continue? [Y/n/?]
...output truncated...
Setting up squid-langpack (20120616-1) ...
Setting up squid-common (2.7.STABLE9-4.1) ...
Setting up squid (2.7.STABLE9-4.1) ...
Creating squid spool directory structure
2014/08/01 15:19:31| Creating Swap Directories
Restarting Squid HTTP proxy: squid.

squid's main configuration file is /etc/squid/squid.conf. The file explains every parameter
in great detail.
root@debian7:~# wc -l /etc/squid/squid.conf
4948 /etc/squid/squid.conf

28.3. port 3128

By default the squid proxy server will lsiten to port 3128.
root@debian7:~# grep ^http_port /etc/squid/squid.conf
http_port 3128
root@debian7:~#

28.4. starting and stopping

You can manage squid with the standard service command as shown in this screenshot.
root@debian7:~# service squid start
Starting Squid HTTP proxy: squid.
root@debian7:~# service squid restart
Restarting Squid HTTP proxy: squid.
root@debian7:~# service squid status
squid is running.
root@debian7:~# service squid stop
Stopping Squid HTTP proxy: squid.
root@debian7:~#

304
 introduction to squid

28.5. client proxy settings

To enable a proxy server in Firefox or Iceweasel go to Edit Preferences and configure as
shown in this screenshot (replace 192.168.1.60 with the ip address of your proxy server).

Test that your internet works with the proxy enabled. Also test that after a service squid
stop command on your proxy server that you get a message similar to this schreenshot.

305
 introduction to squid

To enable a proxy server with Google Chrome (or Debian Chromium) start the program
from the command line like this:
paul@debian7:~$ chromium --proxy-server='192.168.1.60:3128'

Disabling the proxy with service squid stop should result in an error message similar to
this screenshot.

306
 introduction to squid

28.6. upside down images

A proxy server sits inbetween your browser and the internet. So besides caching of internet
data (the original function of a proxy server) and besides firewall like restrictions based on
www content, a proxy server is in the perfect position to alter the webpages that you visit.

You could for instance change the advertising on a webpage (or remove certain advertisers),
or like we do in this example; change all images so they are upside down.

The server needs command line tools to manipulate images and a perl script that uses these
tools (and wget to download the images locally and serve them with apache2). In this ex-
ample we use imagemagick (which provides tools like convert and mogrify).
root@debian7:~# aptitude install imagemagick wget perl apache2
...output truncated...
root@debian7:~# dpkg -S $(readlink -f $(which mogrify))
imagemagick: /usr/bin/mogrify.im6
root@debian7:~#

The perl script that is shown in the screenshot below can be found on several websites, yet
I have not found the original author. It is however a very simple script that uses wget and
mogrify to download images (.jpg .gif and .png), flip them and store them in /var/www/
images.
root@debian7:~# cat /usr/local/bin/flip.pl
#!/usr/bin/perl
$|=1;
$count = 0;
$pid = $$;
while (<>) {
chomp $_;
if ($_ =~ /(.*\.jpg)/i) {
$url = $1;
system("/usr/bin/wget", "-q", "-O","/var/www/images/$pid-$count.jpg", "$url");
system("/usr/bin/mogrify", "-flip","/var/www/images/$pid-$count.jpg");
print "http://127.0.0.1/images/$pid-$count.jpg\n";
}
elsif ($_ =~ /(.*\.gif)/i) {
$url = $1;
system("/usr/bin/wget", "-q", "-O","/var/www/images/$pid-$count.gif", "$url");
system("/usr/bin/mogrify", "-flip","/var/www/images/$pid-$count.gif");
print "http://127.0.0.1/images/$pid-$count.gif\n";
}
elsif ($_ =~ /(.*\.png)/i) {
$url = $1;
system("/usr/bin/wget", "-q", "-O","/var/www/images/$pid-$count.png", "$url");
system("/usr/bin/mogrify", "-flip","/var/www/images/$pid-$count.png");
print "http://127.0.0.1/images/$pid-$count.png\n";
}
else {
print "$_\n";;
}
$count++;
}

Change (or enable) also the following line in /etc/squid/suiqd.conf.

http_access allow localnet
http_port 3128 transparent

307
 introduction to squid

url_rwwrite_program /usr/local/bin/flip.pl

The directory this script uses is /var/www/images and should be accessible by both the
squid server (which uses the user named proxy and by the apache2 webserver (which
uses the user www-data. The screenshot below shows how to create this directory, set the
permissions and make the users a member of the other groups.
root@debian7:~# mkdir /var/www/images
root@debian7:~# chown www-data:www-data /var/www/images
root@debian7:~# chmod 755 /var/www/images
root@debian7:~# usermod -aG www-data proxy
root@debian7:~# usermod -aG proxy www-data

Test that it works after restarting squid and apache2.

308
 introduction to squid

28.7. /var/log/squid
The standard log file location for squid is /var/log/squid.
[root@RHEL4 ~]# grep "/var/log" /etc/squid/squid.conf
# cache_access_log /var/log/squid/access.log
# cache_log /var/log/squid/cache.log
# cache_store_log /var/log/squid/store.log

28.8. access control

The default squid setup only allows localhost access. To enable access for a private network
range, look for the "INSERT YOUR OWN RULE(S) HERE..." sentence in squid.conf and
add two lines similar to the screenshot below.
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS

acl company_network src 192.168.1.0/24

http_access allow company_network

28.9. testing squid

First, make sure that the server running squid has access to the internet.
[root@RHEL4 ~]# wget -q http://linux-training.be/index.html
[root@RHEL4 ~]# ls -l index.html
-rw-r--r-- 1 root root 2269 Sep 18 13:18 index.html
[root@RHEL4 ~]#

Then configure a browser on a client to use the proxy server, or you could set the
HTTP_PROXY (sometimes http_proxy) variable to point command line programs to the
proxy.
[root@fedora ~]# export HTTP_PROXY=http://192.168.1.39:8080
[root@ubuntu ~]# export http_proxy=http://192.168.1.39:8080

Testing a client machine can then be done with wget (wget -q is used to simplify the screen-
shot).
[root@RHEL5 ~]# > /etc/resolv.conf
[root@RHEL5 ~]# wget -q http://www.linux-training.be/index.html
[root@RHEL5 ~]# ls -l index.html
-rw-r--r-- 1 root root 2269 Sep 18 2008 index.html
[root@RHEL5 ~]#

28.10. name resolution

You need name resolution working on the squid server, but you don't need name resolution
on the clients.
[paul@RHEL5 ~]$ wget http://grep.be
--14:35:44-- http://grep.be
Resolving grep.be... failed: Temporary failure in name resolution.
[paul@RHEL5 ~]$ export http_proxy=http://192.168.1.39:8080
[paul@RHEL5 ~]$ wget http://grep.be
--14:35:49-- http://grep.be/

309
 introduction to squid

Connecting to 192.168.1.39:8080... connected.

Proxy request sent, awaiting response... 200 OK
Length: 5390 (5.3K) [text/html]
Saving to: `index.html.1'

100%[================================>] 5,390 --.-K/s in 0.1s

14:38:29 (54.8 KB/s) - `index.html' saved [5390/5390]

[paul@RHEL5 ~]$

310
Part XIII. iptables firewall
Table of Contents
29. introduction to routers ................................................................................................... 313
29.1. router or firewall .................................................................................................. 314
29.2. packet forwarding ................................................................................................. 314
29.3. packet filtering ..................................................................................................... 314
29.4. stateful ................................................................................................................ 314
29.5. nat (network address translation) ............................................................................. 315
29.6. pat (port address translation) ................................................................................... 315
29.7. snat (source nat) ................................................................................................... 315
29.8. masquerading ....................................................................................................... 315
29.9. dnat (destination nat) ............................................................................................. 315
29.10. port forwarding ................................................................................................... 315
29.11. /proc/sys/net/ipv4/ip_forward ................................................................................. 316
29.12. /etc/sysctl.conf .................................................................................................... 316
29.13. sysctl ................................................................................................................ 316
29.14. practice: packet forwarding ................................................................................... 317
29.15. solution: packet forwarding ................................................................................... 319
30. iptables firewall ............................................................................................................. 322
30.1. iptables tables ...................................................................................................... 323
30.2. starting and stopping iptables .................................................................................. 323
30.3. the filter table ...................................................................................................... 324
30.4. practice: packet filtering ......................................................................................... 329
30.5. solution: packet filtering ......................................................................................... 330
30.6. network address translation ..................................................................................... 331

312
Chapter 29. introduction to routers
What follows is a very brief introduction to using Linux as a router.

313
 introduction to routers

29.1. router or firewall

A router is a device that connects two networks. A firewall is a device that besides acting
as a router, also contains (and implements) rules to determine whether packets are allowed
to travel from one network to another. A firewall can be configured to block access based
on networks, hosts, protocols and ports. Firewalls can also change the contents of packets
while forwarding them.

29.2. packet forwarding

Packet forwarding means allowing packets to go from one network to another. When a
multihomed host is connected to two different networks, and it allows packets to travel from
one network to another through its two network interfaces, it is said to have enabled packet
forwarding.

29.3. packet filtering

Packet filtering is very similar to packet forwarding, but every packet is individually tested
against rules that decide on allowing or dropping the packet. The rules are stored by iptables.

29.4. stateful
A stateful firewall is an advancement over stateless firewalls that inspect every individual
packet. A stateful firewall will keep a table of active connections, and is knowledgeable
enough to recognise when new connections are part of an active session. Linux iptables is
a stateful firewall.

314
 introduction to routers

29.5. nat (network address translation)

A nat device is a router that is also changing the source and/or target ip-address in packets.
It is typically used to connect multiple computers in a private address range (rfc 1918) with
the (public) internet. A nat can hide private addresses from the internet.

It is important to understand that people and vendors do not always use the right term when
referring to a certain type of nat. Be sure you talk about the same thing. We can distuinguish
several types of nat.

29.6. pat (port address translation)

nat often includes pat. A pat device is a router that is also changing the source and/or target
tcp/udp port in packets. pat is Cisco terminology and is used by snat, dnat, masquerading
and port forwarding in Linux. RFC 3022 calls it NAPT and defines the nat/pat combo as
"traditional nat". A device sold to you as a nat-device will probably do nat and pat.

29.7. snat (source nat)

A snat device is changing the source ip-address when a packet passes our nat. snat config-
uration with iptables includes a fixed target source address.

29.8. masquerading
Masquerading is a form of snat that will hide the (private) source ip-addresses of your
private network using a public ip-address. Masquerading is common on dynamic internet
interfaces (broadband modem/routers). Masquerade configuration with iptables uses a dy-
namic target source address.

29.9. dnat (destination nat)

A dnat device is changing the destination ip-address when a packet passes our nat.

29.10. port forwarding

When static dnat is set up in a way that allows outside connections to enter our private
network, then we call it port forwarding.

315
 introduction to routers

29.11. /proc/sys/net/ipv4/ip_forward
Whether a host is forwarding packets is defined in /proc/sys/net/ipv4/ip_forward. The fol-
lowing screenshot shows how to enable packet forwarding on Linux.

root@router~# echo 1 > /proc/sys/net/ipv4/ip_forward

The next command shows how to disable packet forwarding.

root@router~# echo 0 > /proc/sys/net/ipv4/ip_forward

Use cat to check if packet forwarding is enabled.

root@router~# cat /proc/sys/net/ipv4/ip_forward

29.12. /etc/sysctl.conf
By default, most Linux computers are not configured for automatic packet forwarding. To
enable packet forwarding whenever the system starts, change the net.ipv4.ip_forward vari-
able in /etc/sysctl.conf to the value 1.
root@router~# grep ip_forward /etc/sysctl.conf
net.ipv4.ip_forward = 0

29.13. sysctl
For more information, take a look at the man page of sysctl.
root@debian6~# man sysctl
root@debian6~# sysctl -a 2>/dev/null | grep ip_forward
net.ipv4.ip_forward = 0

316
 introduction to routers

29.14. practice: packet forwarding

0. You have the option to select (or create) an internal network when adding a network card
in VirtualBox or VMWare. Use this option to create two internal networks. I named them
leftnet and rightnet, but you can choose any other name.

1. Set up two Linux machines, one on leftnet, the other on rightnet. Make sure they both
get an ip-address in the correct subnet. These two machines will be 'left' and 'right' from
the 'router'.

2. Set up a third Linux computer with three network cards, one on leftnet, the other on
rightnet. This computer will be the 'router'. Complete the table below with the relevant
names, ip-addresses and mac-addresses.

Table 29.1. Packet Forwarding Exercise

leftnet computer the router rightnet computer
MAC
IP

3. How can you verify whether the router will allow packet forwarding by default or not ?
Test that you can ping from the router to the two other machines, and from those two
machines to the router. Use arp -a to make sure you are connected with the correct mac
addresses.

317
 introduction to routers

4. Ping from the leftnet computer to the rightnet computer. Enable and/or disable packet
forwarding on the router and verify what happens to the ping between the two networks. If
you do not succeed in pinging between the two networks (on different subnets), then use a
sniffer like wireshark or tcpdump to discover the problem.

5. Use wireshark or tcpdump -xx to answer the following questions. Does the source MAC
change when a packet passes through the filter ? And the destination MAC ? What about
source and destination IP-addresses ?

6. Remember the third network card on the router ? Connect this card to a LAN with internet
connection. On many LAN's the command dhclient eth0 just works (replace eth0 with the
correct interface).
root@router~# dhclient eth0

You now have a setup similar to this picture. What needs to be done to give internet access
to leftnet and rightnet.

318
 introduction to routers

29.15. solution: packet forwarding

1. Set up two Linux machines, one on leftnet, the other on rightnet. Make sure they both
get an ip-address in the correct subnet. These two machines will be 'left' and 'right' from
the 'router'.

The ip configuration on your computers should be similar to the following two screenshots.
Both machines must be in a different subnet (here 192.168.60.0/24 and 192.168.70.0/24). I
created a little script on both machines to configure the interfaces.
root@left~# cat leftnet.sh
pkill dhclient
ifconfig eth0 192.168.60.8 netmask 255.255.255.0

root@right~# cat rightnet.sh

pkill dhclient
ifconfig eth0 192.168.70.9 netmask 255.255.255.0

2. Set up a third Linux computer with three network cards, one on leftnet, the other on
rightnet. This computer will be the 'router'. Complete the table below with the relevant
names, ip-addresses and mac-addresses.
root@router~# cat router.sh
ifconfig eth1 192.168.60.1 netmask 255.255.255.0
ifconfig eth2 192.168.70.1 netmask 255.255.255.0
#echo 1 > /proc/sys/net/ipv4/ip_forward

Your setup may use different ip and mac addresses than the ones in the table below.

Table 29.2. Packet Forwarding Solution

leftnet computer the router rightnet computer
08:00:27:f6:ab:b9 08:00:27:43:1f:5a 08:00:27:be:4a:6b 08:00:27:14:8b:17
192.168.60.8 192.168.60.1 192.168.70.1 192.168.70.9

319
 introduction to routers

3. How can you verify whether the router will allow packet forwarding by default or not ?
Test that you can ping from the router to the two other machines, and from those two ma-
chines to the router. Use arp -a to make sure you are connected with the correct mac ad-
dresses.

This can be done with "grep ip_forward /etc/sysctl.conf" (1 is enabled, 0 is disabled) or

with sysctl -a | grep ip_for.
root@router~# grep ip_for /etc/sysctl.conf
net.ipv4.ip_forward = 0

4. Ping from the leftnet computer to the rightnet computer. Enable and/or disable packet
forwarding on the router and verify what happens to the ping between the two networks. If
you do not succeed in pinging between the two networks (on different subnets), then use a
sniffer like wireshark or tcpdump to discover the problem.

Did you forget to add a default gateway to the LAN machines ? Use route add default
gw 'ip-address'.
root@left~# route add default gw 192.168.60.1

root@right~# route add default gw 192.168.70.1

You should be able to ping when packet forwarding is enabled (and both default gateways
are properly configured). The ping will not work when packet forwarding is disabled or
when gateways are not configured correctly.

5. Use wireshark or tcpdump -xx to answer the following questions. Does the source MAC
change when a packet passes through the filter ? And the destination MAC ? What about
source and destination IP-addresses ?

Both MAC addresses are changed when passing the router. Use tcpdump -xx like this:
root@router~# tcpdump -xx -i eth1

root@router~# tcpdump -xx -i eth2

320
 introduction to routers

6. Remember the third network card on the router ? Connect this card to a LAN with internet
connection. On many LAN's the command dhclient eth0 just works (replace eth0 with the
correct interface.
root@router~# dhclient eth0

You now have a setup similar to this picture. What needs to be done to give internet access
to leftnet and rightnet.

The clients on leftnet and rightnet need a working dns server. We use one of Google's
dns servers here.
echo nameserver 8.8.8.8 > /etc/resolv.conf

321
Chapter 30. iptables firewall
This chapter introduces some simple firewall rules and how to configure them with iptables.

iptables is an application that allows a user to configure the firewall functionality built into
the Linux kernel.

322
 iptables firewall

30.1. iptables tables

By default there are three tables in the kernel that contain sets of rules.

The filter table is used for packet filtering.

root@debian6~# iptables -t filter -L
Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)

target prot opt source destination

Chain OUTPUT (policy ACCEPT)

target prot opt source destination

The nat table is used for address translation.

root@debian6~# iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target prot opt source destination

Chain POSTROUTING (policy ACCEPT)

target prot opt source destination

Chain OUTPUT (policy ACCEPT)

target prot opt source destination

The mangle table can be used for special-purpose processing of packets.

Series of rules in each table are called a chain. We will discuss chains and the nat table
later in this chapter.

30.2. starting and stopping iptables

The following screenshot shows how to stop and start iptables on Red Hat/Fedora/CentOS
and compatible distributions.
[root@centos6 ~]# service iptables stop
[root@centos6 ~]# service iptables start
iptables: Applying firewall rules [ ok ]
[root@centos6 ~]#

Debian and *buntu distributions do not have this script, but allow for an uninstall.
root@debian6~# aptitude purge iptables

323
 iptables firewall

30.3. the filter table

30.3.1. about packet filtering
Packet filtering is a bit more than packet forwarding. While packet forwarding uses only
a routing table to make decisions, packet filtering also uses a list of rules. The kernel will
inspect packets and decide based on these rules what to do with each packet.

30.3.2. filter table

The filter table in iptables has three chains (sets of rules). The INPUT chain is used for any
packet coming into the system. The OUTPUT chain is for any packet leaving the system.
And the FORWARD chain is for packets that are forwarded (routed) through the system.

The screenshot below shows how to list the filter table and all its rules.
[root@RHEL5 ~]# iptables -t filter -nL
Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)

target prot opt source destination

Chain OUTPUT (policy ACCEPT)

target prot opt source destination
[root@RHEL5 ~]#

As you can see, all three chains in the filter table are set to ACCEPT everything. ACCEPT
is the default behaviour.

324
 iptables firewall

30.3.3. setting default rules

The default for the default rule is indeed to ACCEPT everything. This is not the most secure
firewall.

A more secure setup would be to DROP everything. A package that is dropped will not
continue in any chain, and no warning or error will be sent anywhere.

The below commands lock down a computer. Do not execute these commands inside a
remote ssh shell.
root@debianpaul~# iptables -P INPUT DROP
root@debianpaul~# iptables -P OUTPUT DROP
root@debianpaul~# iptables -P FORWARD DROP
root@debianpaul~# iptables -L
Chain INPUT (policy DROP)
target prot opt source destination

Chain FORWARD (policy DROP)

target prot opt source destination

Chain OUTPUT (policy DROP)

target prot opt source destination

30.3.4. changing policy rules

To start, let's set the default policy for all three chains to drop everything. Note that you
might lose your connection when typing this over ssh ;-).
[root@RHEL5 ~]# iptables -P INPUT DROP
[root@RHEL5 ~]# iptables -P FORWARD DROP
[root@RHEL5 ~]# iptables -P OUTPUT DROP

Next, we allow the server to use its own loopback device (this allows the server to access
its services running on localhost). We first append a rule to the INPUT chain to allow (AC-
CEPT) traffic from the lo (loopback) interface, then we do the same to allow packets to leave
the system through the loopback interface.
[root@RHEL5 ~]# iptables -A INPUT -i lo -j ACCEPT
[root@RHEL5 ~]# iptables -A OUTPUT -o lo -j ACCEPT

Looking at the filter table again (omitting -t filter because it is the default table).
[root@RHEL5 ~]# iptables -nL
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0

Chain FORWARD (policy DROP)

target prot opt source destination

Chain OUTPUT (policy DROP)

target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0

325
 iptables firewall

30.3.5. Allowing ssh over eth0

This example show how to add two rules to allow ssh access to your system from outside.
[root@RHEL5 ~]# iptables -A INPUT -i eth0 -p tcp --dport 22 -j ACCEPT
[root@RHEL5 ~]# iptables -A OUTPUT -o eth0 -p tcp --sport 22 -j ACCEPT

The filter table will look something like this screenshot (note that -v is added for more
verbose output).
[root@RHEL5 ~]# iptables -nvL
Chain INPUT (policy DROP 7 packets, 609 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22

Chain FORWARD (policy DROP 0 packets, 0 bytes)

pkts bytes target prot opt in out source destination

Chain OUTPUT (policy DROP 3 packets, 228 bytes)

pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * lo 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT tcp -- * eth0 0.0.0.0/0 0.0.0.0/0 tcp spt:22
[root@RHEL5 ~]#

30.3.6. Allowing access from a subnet

This example shows how to allow access from any computer in the 10.1.1.0/24 network, but
only through eth1. There is no port (application) limitation here.
[root@RHEL5 ~]# iptables -A INPUT -i eth1 -s 10.1.1.0/24 -p tcp -j ACCEPT
[root@RHEL5 ~]# iptables -A OUTPUT -o eth1 -d 10.1.1.0/24 -p tcp -j ACCEPT

Together with the previous examples, the policy is expanding.

[root@RHEL5 ~]# iptables -nvL
Chain INPUT (policy DROP 7 packets, 609 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
0 0 ACCEPT tcp -- eth1 * 10.1.1.0/24 0.0.0.0/0

Chain FORWARD (policy DROP 0 packets, 0 bytes)

pkts bytes target prot opt in out source destination

Chain OUTPUT (policy DROP 3 packets, 228 bytes)

pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * lo 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT tcp -- * eth0 0.0.0.0/0 0.0.0.0/0 tcp spt:22
0 0 ACCEPT tcp -- * eth1 0.0.0.0/0 10.1.1.0/24

326
 iptables firewall

30.3.7. iptables save

Use iptables save to automatically implement these rules when the firewall is (re)started.
[root@RHEL5 ~]# /etc/init.d/iptables save
Saving firewall rules to /etc/sysconfig/iptables: [ OK ]
[root@RHEL5 ~]#

30.3.8. scripting example

You can write a simple script for these rules. Below is an example script that implements
the firewall rules that you saw before in this chapter.
#!/bin/bash
# first cleanup everything
iptables -t filter -F
iptables -t filter -X
iptables -t nat -F
iptables -t nat -X

# default drop
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT DROP

# allow loopback device

iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT

# allow ssh over eth0 from outside to system

iptables -A INPUT -i eth0 -p tcp --dport 22 -j ACCEPT
iptables -A OUTPUT -o eth0 -p tcp --sport 22 -j ACCEPT

# allow any traffic from 10.1.1.0/24 to system

iptables -A INPUT -i eth1 -s 10.1.1.0/24 -p tcp -j ACCEPT
iptables -A OUTPUT -o eth1 -d 10.1.1.0/24 -p tcp -j ACCEPT

327
 iptables firewall

30.3.9. Allowing ICMP(ping)

When you enable iptables, you will get an 'Operation not permitted' message when trying
to ping other hosts.
[root@RHEL5 ~# ping 192.168.187.130
PING 192.168.187.130 (192.168.187.130) 56(84) bytes of data.
ping: sendmsg: Operation not permitted
ping: sendmsg: Operation not permitted

The screenshot below shows you how to setup iptables to allow a ping from or to your
machine.
[root@RHEL5 ~]# iptables -A INPUT -p icmp --icmp-type any -j ACCEPT
[root@RHEL5 ~]# iptables -A OUTPUT -p icmp --icmp-type any -j ACCEPT

The previous two lines do not allow other computers to route ping messages through your
router, because it only handles INPUT and OUTPUT. For routing of ping, you will need
to enable it on the FORWARD chain. The following command enables routing of icmp
messages between networks.
[root@RHEL5 ~]# iptables -A FORWARD -p icmp --icmp-type any -j ACCEPT

328
 iptables firewall

30.4. practice: packet filtering

1. Make sure you can ssh to your router-system when iptables is active.

2. Make sure you can ping to your router-system when iptables is active.

3. Define one of your networks as 'internal' and the other as 'external'. Configure the router
to allow visits to a website (http) to go from the internal network to the external network
(but not in the other direction).

4. Make sure the internal network can ssh to the external, but not the other way around.

329
 iptables firewall

30.5. solution: packet filtering

A possible solution, where leftnet is the internal and rightnet is the external network.
#!/bin/bash

# first cleanup everything

iptables -t filter -F
iptables -t filter -X
iptables -t nat -F
iptables -t nat -X

# default drop
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT DROP

# allow loopback device

iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT

# question 1: allow ssh over eth0

iptables -A INPUT -i eth0 -p tcp --dport 22 -j ACCEPT
iptables -A OUTPUT -o eth0 -p tcp --sport 22 -j ACCEPT

# question 2: Allow icmp(ping) anywhere

iptables -A INPUT -p icmp --icmp-type any -j ACCEPT
iptables -A FORWARD -p icmp --icmp-type any -j ACCEPT
iptables -A OUTPUT -p icmp --icmp-type any -j ACCEPT

# question 3: allow http from internal(leftnet) to external(rightnet)

iptables -A FORWARD -i eth1 -o eth2 -p tcp --dport 80 -j ACCEPT
iptables -A FORWARD -i eth2 -o eth1 -p tcp --sport 80 -j ACCEPT

# question 4: allow ssh from internal(leftnet) to external(rightnet)

iptables -A FORWARD -i eth1 -o eth2 -p tcp --dport 22 -j ACCEPT
iptables -A FORWARD -i eth2 -o eth1 -p tcp --sport 22 -j ACCEPT

# allow http from external(rightnet) to internal(leftnet)

# iptables -A FORWARD -i eth2 -o eth1 -p tcp --dport 80 -j ACCEPT
# iptables -A FORWARD -i eth1 -o eth2 -p tcp --sport 80 -j ACCEPT

# allow rpcinfo over eth0 from outside to system

# iptables -A INPUT -i eth2 -p tcp --dport 111 -j ACCEPT
# iptables -A OUTPUT -o eth2 -p tcp --sport 111 -j ACCEPT

330
 iptables firewall

30.6. network address translation

30.6.1. about NAT
A NAT device is a router that is also changing the source and/or target ip-address in packets.
It is typically used to connect multiple computers in a private address range with the (public)
internet. A NAT can hide private addresses from the internet.

NAT was developed to mitigate the use of real ip addresses, to allow private address ranges
to reach the internet and back, and to not disclose details about internal networks to the
outside.

The nat table in iptables adds two new chains. PREROUTING allows altering of packets
before they reach the INPUT chain. POSTROUTING allows altering packets after they exit
the OUTPUT chain.

Use iptables -t nat -nvL to look at the NAT table. The screenshot below shows an empty
NAT table.
[root@RHEL5 ~]# iptables -t nat -nL
Chain PREROUTING (policy ACCEPT)
target prot opt source destination

Chain POSTROUTING (policy ACCEPT)

target prot opt source destination

Chain OUTPUT (policy ACCEPT)

target prot opt source destination
[root@RHEL5 ~]#

331
 iptables firewall

30.6.2. SNAT (Source NAT)

The goal of source nat is to change the source address inside a packet before it leaves the
system (e.g. to the internet). The destination will return the packet to the NAT-device. This
means our NAT-device will need to keep a table in memory of all the packets it changed, so
it can deliver the packet to the original source (e.g. in the private network).

Because SNAT is about packets leaving the system, it uses the POSTROUTING chain.

Here is an example SNAT rule. The rule says that packets coming from 10.1.1.0/24 network
and exiting via eth1 will get the source ip-address set to 11.12.13.14. (Note that this is a
one line command!)
iptables -t nat -A POSTROUTING -o eth1 -s 10.1.1.0/24 -j SNAT \
--to-source 11.12.13.14

Of course there must exist a proper iptables filter setup to allow the packet to traverse from
one network to the other.

30.6.3. SNAT example setup

This example script uses a typical nat setup. The internal (eth0) network has access via
SNAT to external (eth1) webservers (port 80).
#!/bin/bash
#
# iptables script for simple classic nat websurfing
# eth0 is internal network, eth1 is internet
#
echo 0 > /proc/sys/net/ipv4/ip_forward
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD DROP
iptables -A FORWARD -i eth0 -o eth1 -s 10.1.1.0/24 -p tcp \
--dport 80 -j ACCEPT
iptables -A FORWARD -i eth1 -o eth0 -d 10.1.1.0/24 -p tcp \
--sport 80 -j ACCEPT
iptables -t nat -A POSTROUTING -o eth1 -s 10.1.1.0/24 -j SNAT \
--to-source 11.12.13.14
echo 1 > /proc/sys/net/ipv4/ip_forward

332
 iptables firewall

30.6.4. IP masquerading
IP masquerading is very similar to SNAT, but is meant for dynamic interfaces. Typical
example are broadband 'router/modems' connected to the internet and receiving a different
ip-address from the isp, each time they are cold-booted.

The only change needed to convert the SNAT script to a masquerading is one line.
iptables -t nat -A POSTROUTING -o eth1 -s 10.1.1.0/24 -j MASQUERADE

30.6.5. DNAT (Destination NAT)

DNAT is typically used to allow packets from the internet to be redirected to an internal
server (in your DMZ) and in a private address range that is inaccessible directly form the
internet.

This example script allows internet users to reach your internal (192.168.1.99) server via
ssh (port 22).
#!/bin/bash
#
# iptables script for DNAT
# eth0 is internal network, eth1 is internet
#
echo 0 > /proc/sys/net/ipv4/ip_forward
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD DROP
iptables -A FORWARD -i eth0 -o eth1 -s 10.1.1.0/24 -j ACCEPT
iptables -A FORWARD -i eth1 -o eth0 -p tcp --dport 22 -j ACCEPT
iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 22 \
-j DNAT --to-destination 10.1.1.99
echo 1 > /proc/sys/net/ipv4/ip_forward

333
Part XIV. Appendix
 /etc/sysconfig/firstboot, 43
Index /etc/sysconfig/harddisks, 43
/etc/sysconfig/hwconf, 43
/etc/sysconfig/iptables, 292
Symbols /etc/sysconfig/keyboard, 43
/, 13, 39 /etc/sysconfig/network, 262
/bin, 40 /etc/sysconfig/network-scripts/, 262
/bin/cat, 40 /etc/sysconfig/network-scripts/ifcfg-bond0, 285
/bin/date, 40 /etc/sysctl.conf, 316
/bin/dmesg, 156 /etc/syslog.conf, 234
/bin/login, 203 /etc/X11/xorg.conf, 42
/boot, 42 /etc/xinetd.conf, 295
/boot/grub, 42 /etc/xinetd.d, 295
/boot/grub/grub.cfg, 42 /export, 44
/boot/grub/grub.conf, 42 /home, 44
/dev, 22, 46, 167 /lib, 41
/dev/hdX, 154 /lib/kbd/keymaps/, 43
/dev/null, 46 /lib/modules, 41
/dev/pts/1, 46 /lib32, 41
/dev/random, 57 /lib64, 41
/dev/sdX, 154 /media, 44
/dev/tty1, 46 /opt, 41
/dev/urandom, 56, 58 /proc, 22, 46
/dev/zero, 57 /proc/cpuinfo, 47
/etc, 42 /proc/devices, 167, 167
/etc/at.allow, 225 /proc/filesystems, 180, 187
/etc/at.deny, 225 /proc/interrupts, 49
/etc/cron.allow, 226 /proc/kcore, 49
/etc/cron.d, 227 /proc/meminfo, 242, 243
/etc/cron.deny, 226 /proc/mounts, 188
/etc/crontab, 227 /proc/net/bonding, 285, 287
/etc/exports, 299 /proc/partitions, 167
/etc/filesystems, 180, 187 /proc/scsi/scsi, 159
/etc/fstab, 183, 191, 245, 299 /proc/swaps, 244
/etc/group, 108, 117 /proc/sys, 48
/etc/gshadow, 110 /proc/sys/net/ipv4/ip_forward, 316
/etc/hostname, 267 /root, 44
/etc/hosts, 57 /run, 54
/etc/inetd.conf, 296 /sbin, 40, 265
/etc/init.d/, 42, 205, 207 /sbin/init, 200
/etc/init.d/rc, 202 /sbin/mingetty, 203
/etc/init.d/rcS, 201 /sbin/telinit, 210
/etc/inittab, 200, 202, 203 /srv, 44
/etc/mtab, 188, 201 /sys, 50
/etc/network/interfaces, 260, 284, 287 /tmp, 45
/etc/passwd, 71, 117, 203 /usr, 51
/etc/rc.d/rc, 202 /usr/bin, 51
/etc/rc.d/rc.sysinit, 201 /usr/include, 51
/etc/rcS.d/, 201 /usr/lib, 51
/etc/rcX.d/, 202 /usr/local, 51
/etc/resolv.conf, 57 /usr/share, 51
/etc/rsyslog.conf, 236 /usr/share/doc, 262
/etc/services, 296 /usr/share/games, 52
/etc/shutdown.allow, 211 /usr/share/man, 52
/etc/skel, 42 /usr/src, 52
/etc/squid/squid.conf, 304 /var, 53
/etc/sudoers, 102, 103 /var/cache, 53
/etc/sysconfig, 42 /var/lib, 54

335
 Index

/var/lib/nfs/etab, 299 cal, 78

/var/lib/rpm, 54 Canonical, 199
/var/lock, 54 case sensitive, 22
/var/log, 53 cat, 33, 62
/var/log/auth.log, 233 cd, 12
/var/log/btmp, 231, 232 cd -, 13
/var/log/lastlog, 231 CentOS, 4
/var/log/messages, 53 chain (iptables), 323
/var/log/sa, 253 character device, 153
/var/log/secure, 233 chgrp(1), 118
/var/log/squid, 309 chkconfig, 43, 205
/var/log/syslog, 53 chkconfig(8), 206
/var/log/wtmp, 211, 231 chmod, 123
/var/run, 54 chmod(1), 91, 122
/var/run/utmp, 231 chmod +x, 124
/var/spool, 53 chown(1), 118
/var/tmp, 54 CHS, 153
., 12 comm(1), 68
.., 12 command mode(vi), 88
.. (directory), 130 cp, 25
. (directory), 130 cp(1), 25
.exrc, 94 cron(8), 223
.vimrc, 94 crontab(1), 226
~, 12 crontab(5), 226
$$, 139 Ctrl-Alt-Delete, 211, 211
$PPID, 139 Ctrl d, 33
$PS1, 13 current directory, 12
777, 123 cut, 71
cut(1), 64
A cylinder, 152
access time, 152
apropos, 9 D
arp(1), 268 daemon, 9, 138, 205
arp table, 268 date, 77
at(1), 223, 224 dd(1), 171, 245
ata, 152 Debian, 4
atapi, 152 default gateway, 269
atq(1), 224 devfs, 50
atrm(1), 225 device driver, 167
devices.txt, 167
B df, 249
badblocks(8), 160 df(1), 189, 189
binaries, 40 df -i, 129
binding, 283 dhclient, 318
binding(ip), 282 dhclient(1), 267
block device, 153 dhcp, 262, 278
bonding(ip), 282 dhcp client, 260, 267
bootp, 262, 278 directory, 130, 177
btrfs, 179 disk platters, 152
bum(8), 209 distribution, 3
bunzip2, 81 distributions, 39
bzcat, 81 dmesg(1), 156
bzip2, 79, 81, 81 DNAT, 315
bzmore, 81 dns, 278
du, 249
du(1), 189
C dumpkeys(1), 43
cable select, 152

336
 Index

E groupmod(1), 109
groups, 107
e2fsck(1), 183
groups(1), 108
echo(1), 139
gunzip(1), 80
Edubuntu, 4
gzip, 80
egrep, 201
gzip(1), 80
ELF, 41
el torito, 179
EOF, 33 H
Eric Allman, 234 halt(8), 211
eth0, 260 hard link, 131
ethtool(1), 270 hdparm(8), 161
Evi Nemeth, 205 head(1), 32
exec, 140 head (hard disk device), 152
executables, 40 here directive, 34
exportfs(1), 299 hidden files, 14
ext2, 178, 181 hostname, 267
ext3, 178 hostname(1), 267
extended partition, 166 http://www.pathname.com/fhs/, 39

F I
fat16, 179 id, 100
fat32, 179 ide, 167
fdisk(1), 167, 169, 170 IEEE 1394, 50
fdisk(8), 155 ifcfg(1), 283
fdisk limitations, 172 ifcfg-eth0, 263
Fedora, 4 ifconfig(1), 264, 265, 283, 284, 285, 287
FHS, 39 ifdown(1), 261, 264, 265, 283
file, 22 ifenslave, 287
file(1), 41 iftop(1), 254
file ownership, 117 ifup(1), 261, 264, 265, 283, 284, 285
file system, 176 inetd, 295
Filesystem Hierarchy Standard, 39 init, 138, 200, 211
filters, 61 initng, 199
filter table (iptables), 323 inode, 128, 131
find(1), 76, 131 inode table, 129
firewall, 314 insert mode(vi), 88
FireWire, 50 iostat(1), 252
fixed ip, 263 iptables, 292, 322, 323
fixed ip address, 260 iptables save, 327
fork, 140 iso9660, 179
FQDN, 267
free, 249, 250 J
free(1), 242, 243 joliet, 179
fsck(1), 183 journaling, 178
ftp, 295
K
G Kerberos, 298
gateway, 269 kernel, 41
GID, 108 keymaps(5), 43
gpasswd, 110 kill(1), 138, 143, 143, 203, 204
gpt, 172 killall(1), 145
grep, 201 kmyfirewall, 292
grep(1), 62 kudzu, 43
grep -i, 62
grep -v, 63 L
groupadd(1), 108 last(1), 211, 231
groupdel(1), 109 lastb(1), 232

337
 Index

lastlog(1), 232 noacl(mount), 192

LBA, 153 nodev, 180, 187
less(1), 35 noexec(mount), 192
Linux Mint, 4 nosuid(mount), 192
ln, 132 ntop(1), 254
ln(1), 131
loadkeys(1), 43 O
locate(1), 77 octal permissions, 123
logger(1), 237 od(1), 69
logical drive, 166 OEL, 4
logical drives, 171 Oracle Enterprise Linux, 4
login, 231 owner, 120
logrotate(1), 238
ls, 14, 120, 129
ls(1), 14, 129, 130 P
ls -l, 119 packet filtering, 314, 324
lsscsi(1), 158 packet forwarding, 314
paging, 242
Parallel ATA, 152
M parent directory, 12
mac address, 265, 317 parted, 172, 173
magic, 22 parted(1), 169
major number, 167 partition, 166
makewhatis, 10 partition table, 171, 171
man(1), 9, 9, 10 partprobe(1), 171
mandb(1), 10 passwd(1), 10
mangle table (iptables), 323 passwd(5), 10
man hier, 39 PAT, 315
man -k, 9 path, 13, 14
masquerading, 315 pgrep(1), 142
master (hard disk device), 152 PID, 138
master boot record, 171 pidof(1), 139
mbr, 171, 171, 172 ping, 269, 317, 318
mingetty, 203 pkill(1), 145
minor number, 167 popd, 20
mkdir, 187 port forwarding, 315
mkdir(1), 16, 124 portmap, 298
mkdir -p, 16 poweroff(8), 211
mke2fs(1), 178, 181 PPID, 138
mkfile(1), 245 primary partition, 166
mkfs, 129 process, 138
mkfs(1), 178, 181 process id, 138
mkinitrd(1), 178 proxy server, 303
mkswap(1), 244 ps, 141, 249
more(1), 35 ps -ef, 141
mount, 187 ps fax, 141
mount(1), 186, 188, 299 pushd, 20
mounting, 186 pwd, 12
mount point, 186 pwd(1), 13
mpstat(1), 253
mv, 26
R
random number generator, 57
N reboot(8), 211
NAPT, 315 Red Hat, 4
NAT, 315 reiserfs, 179
nat table (iptables), 323 rename, 27
netstat(1), 269 repository, 3
NFS, 298 respawn(init), 203, 203

338
 Index

rm, 24 swapoff(1), 244

rm(1), 132 swapon(1), 244
rmdir(1), 16 swap partition, 179
rmdir -p, 17 swap partition(s), 246
rm -rf, 24 swapping, 242
rock ridge, 179 swap space, 244
root, 40, 101, 102, 103 swat, 295
root directory, 39 symbolic link, 132
rootsquash, 299 sysctl, 316
rotational latency, 152 sysctl(1), 267
route(1), 269, 269 sysfs, 50
router, 314 syslogd, 234, 234
RPC, 298 system-config-securitylevel, 292
rpcinfo(1), 298 System V, 41, 199
rpm, 54
runlevel, 200 T
runlevel(1), 210 tab key(bash), 14
tac, 34
S tail(1), 32, 237
sa2(1), 253 tcpdump, 274, 279, 279, 318
sadc(1), 253 tee(1), 62
sal, 253 telinit(8), 210
sar(1), 253, 253 telnet, 295
sata, 152 time, 79
Scientific, 4 top, 145
scsi, 152 top(1), 142, 242, 243, 250
scsi id, 152 touch(1), 23
sector, 152 tr, 65
sed, 70 tr(1), 64
seek time, 152 track, 152
service(1), 205, 292 tune2fs(1), 178, 182
setuid, 192
sfdisk(1), 171
shutdown(8), 210
U
SIGHUP, 143 Ubuntu, 4
SIGKILL, 210 udf, 179
SIGTERM, 145, 210 uefi, 172
skeleton, 42 umask(1), 124
slave (hard disk device), 152 uniq, 71
sleep, 78 uniq(1), 67
SMF, 199 updatedb(1), 77
SNAT, 315 update-rc.d, 205
soft link, 132 update-rc.d(8), 208
solid state drive, 153 upstart, 199
sort, 71 usb, 50
sort(1), 66 usermod, 109
squid, 303
ssd, 153 V
standard input, 33 vfat, 179
standard output, 33 vi, 111
stateful firewall, 314 vi(1), 87
stdin, 62 vigr(1), 111
stdout, 62 vim(1), 87
strings(1), 35 vimtutor(1), 87
su, 101, 101, 110 virtualbox, 317
sudo, 102, 103 virtual memory, 242
sudo su -, 103 visudo, 102
Sun, 199 vmstat, 246

339
 Index

vmstat(1), 251
vmware, 317

W
w, 100
watch(1), 237, 251
wc(1), 65
whatis(1), 9
whereis(1), 9
who, 71, 100
who(1), 210, 231
whoami, 100
who am i, 100
wireshark, 274, 318

X
X, 42
xinetd, 295, 295
X Window System, 42

Z
zcat, 80
zfs, 179
zmore, 80
zombie, 138

340