P. 1
Linux Project (Final)

Linux Project (Final)

|Views: 79|Likes:
Published by Rajat Goyal

More info:

Published by: Rajat Goyal on May 26, 2011
Copyright:Attribution Non-commercial


Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See more
See less







Open-Source Software
Rajat Goyal

I’d like to thank the pioneers of our industry for blazing the trail and mapping the path to success, vision, courage, perseverance and guide us to perceive the future of Computing through an Operating System which we call it as “LINUX”

Also, I’d like to dedicate this to my Parents and Teachers for providing a model of solid values and hard work for me to the path of Computing.

-- Rajat Goyal


Table of Contents
1. Linux : Overview……………………………………………………………………………………….4 - 10
     Introduction to Linux Why we use Linux Features of Linux Linux v/s Windows Linux Flavors

2. History of Linux……………………………………………………………………………………….11 - 18
 Founders : Overview  Generation & Development  Linux Desktop

3. Open Source Software Development……………………………………………………..19 - 23
    Open Source Software Developer/Licensor Examples of Open Source Software Preference Reasons for using Open Source Software

4. Linux Architecture…………………………………………………………………………………..24 - 56


Linux : Overview

Introduction to Linux
Linux is a generic term referring to “Unix-Like”
computer operating system based on Linux kernel. Linux is a freely distributed operating system that runs on multiple hardware platforms, which means that it is free and opensource software in which all the underlying source code can be used, freely modified, and redistributable by anyone under the terms of the GNU/GPL and other free licenses. Linux is a complete multitasking and multiuser operating system based on Linux kernel. The Linux kernel was originally developed for the Intel 80386 with multitasking operations which is one of its best features. The kernel is the code that controls the interface between user programme and hardware devices. A Linux-based system is a modular Unix-like operating system. It derives much of its basic design from principles established in UNIX during the 1970s and 1980s. Such a system uses a monolithic kernel, the Linux kernel, which handles process control, networking, and peripheral and file system access. Device drivers are integrated directly with the kernel. Separate projects that interface with the kernel provide much of the system's higher-level functionality. The GNU user land is an important part of most Linux-based systems, providing the most common implementation of the C library, a popular shell, and many of the common UNIX tools which carry out many basic operating system tasks. The graphical user interface (or GUI) used by most Linux systems is based on the X Window System.


Why we Use Linux
This Unix-like open source software is widely used for the following
many reasons:  A Linux distribution has software worth thousands of dollars, for virtually no cost.  Linux operating system is reliable, stable, and very powerful.  Linux comes with a complete development environment, including compilers, toolkits, and scripting languages.  Linux comes with networking facilities, allowing you to share hardware.  Linux utilizes your memory, CPU, and other hardware to the fullest.  A wide variety of commercial software is also available.  Linux is very easily upgradeable.  Supports multiple processors as standard.  True multitasking. So many apps, all at once.  The GUIs are more powerful than Mac!


Features of Linux
The Basic features of Linux which defines this software in a more
fruitful manner which are as follows:  Open source development model.  Supports wide variety of hardware.  Supports many networking protocols and configurations.  Supports more File systems.  Linux has a reputation for fewer bugs (programming mistakes) than Windows.  True multitasking.  X Windows System - A graphical user interface similar to windows, but supports remote sessions over a network.  Advanced server functionality,
     FTP server Telnet server BOOTP server DHCP server Samba server


 After installation you can create logins for different users.  Each user may login by his/her own login and password – own login area.  Upon login, default directory is home directory of the user.  Linux/Unix is case sensitive i.e. WHO is not same as who  UNIX shell is a command program to communicate with a computer.  Shell interprets the command that you enter on keyboards.  Shell commands can be used to automate various programming tasks.  Linux/UNIX has powerful text processing tools which are highly suited to

working with sequence data
 Linux/Unix is very stable - computers running Linux/Unix almost never crash.  Linux/Unix is very efficient

 It gets maximum number crunching power out of your processor (and multiple processors)  It can smoothly manage extremely huge amounts of data  It can give a new life to otherwise obsolete Macs and PCs
 It is easy for the programmers.


‘Linux’ v/s ‘Windows’
Windows Linux
Windows is considered a Single-User, Multi- Linux is considered a Multi-User, Tasking OS. Multi-Tasking OS. It enables one user to perform multiple It allows multiple different users to tasks at once, but does not allow perform tasks simultaneously, and multiple different users. ensures they do not interfere with each other Windows supports the FAT and NTFS file Linux supports a wide variety of file systems. systems, including FAT, NTFS, ext/3/4, ReiserFS, XFS, JFS, and many others. Some ability to expand support via new Adding support for new ones is as easy as drivers. a kernel recompile. MSRP for Windows Vista Home Basic is MSRP for most Linux distributions is $199.95 $free. MSRP for Windows Server 08 Std is $999 However, most of the time support is not for five access licenses. Additional access free and must be paid for. licenses are $199 for 5. Open Source Development Model and so It is not an open source and hence the programmer can redesign the OS. cannot be redesigned by the programmer. Linux is robust and very much secure from Windows gets affected by virus very virus. easily. The Linux server has surpassed windows Security is the main issue which has made server operating system in security. windows to think to survive. There are 250000+ developers behind Linux Compared to Linux, a window is for open source deployment. developed by few thousands of people.


Linux Flavors
 Red hat Linux (Red hat)

 SuSE Linux (Novell)

 Fedora Linux

 Caldera Linux

 Mandrake Linux


 Turbo Linux

 Slack ware Linux Project

 Knoppix Linux Live

File system

 Ubuntu Linux

 AsiaNux Linux


History of Linux

Founders: Overview
The UNIX operating system was conceived and implemented in the 1960s and first released in 1970. Its wide availability and portability meant that it was widely adopted, copied and modified by academic institutions and businesses, with its design being influential on authors of other systems. The GNU Project, started in 1984 by Richard Stallman, had the goal of creating a "complete Unix-compatible software system”, composed entirely of free software. The next year Stallman created the Free Software Foundation and wrote the GNU General Public License (GNU GPL) in 1989. Linus Torvalds has said that if the GNU kernel had been available at the time (1991), he would not have decided to write his own. In 1991 while attending the University of Helsinki, Torvalds began to work on a non-commercial replacement for MINIX, which would eventually become the Linux kernel.

Linus Benedict Torvalds
The Linux operating system (OS) was first coded by a Finnish computer programmer called Linus Benedict Torvalds in 1991, when he was just 21! He had got a new 386, and he found the existing DOS and UNIX too expensive and inadequate. Linus Benedict Torvalds (born December 28, 1969) began the development of Linux, an operating system kernel, and today acts as the

project coordinator. Inspired by Minix (a kernel and operating system developed by Andrew Tanenbaum), he felt the need for a capable UNIX operating system that he could run on his home PC. Torvalds did the original development of the Linux kernel primarily in his own time and on his equipment. The Linux operating system (OS) was first coded by a Finnish computer programmer called Linus Benedict Torvalds in 1991, when he was just 21! He had got a new 386, and he found the existing DOS and UNIX too expensive and inadequate. In those days, a UNIX-like tiny, free OS called Minix was extensively used for academic purposes. Since its source code was available, Linus decided to take Minix as a model.

Richard Matthew Stallman
Richard Matthew Stallman (born March 16, 1953), often abbreviated to "rms", is an American software freedom activist, hacker, and software developer. In September 1983, he launched the GNU Project to create a free Unixlike operating system, and has been the project's lead architect and organizer. With the launch of the GNU Project, he started the free software movement and, in October 1985, set up the Free Software Foundation. Stallman pioneered the concept of copyleft and is the main author of several copyleft licenses including the GNU General Public License, the most widely used free software license. Since the mid-1990s, Stallman has spent most of his time advocating for free software, as well as campaigning


against both software patents and what he sees as excessive extension of copyright laws. Stallman has also developed a number of pieces of widelyused software, including the original Emacs, the GNU Compiler Collection, and the GNU Debugger. He co-founded the League for Programming Freedom in 1989.

Andrew Stuart Tanenbaum
Andrew Stuart "Andy" Tanenbaum (sometimes referred to by the handle AST) (born March 16, 1944) is a professor of computer science at the Vrije Universiteit, Amsterdam in the Netherlands. He is best known as the author of MINIX, a free Unix-like operating system for teaching purposes, and for his computer science textbooks, regarded as standard texts in the field. He regards his teaching job as his most important work. Tanenbaum was born in New York City and grew up in suburban White Plains, New York. He received his B.Sc. degree in Physics from MIT in 1965. He received his Ph.D. degree in physics from the University of California, Berkeley in 1971. He moved to the Netherlands to live with his wife, who is Dutch, but he retains his United States citizenship. He teaches courses about Computer Organization and Operating Systems and supervises the work of Ph.D. candidates at the VU University Amsterdam.


Generation & Development
A Linux-based system is a modular Unix-like operating system. It derives much of its basic design from principles established in UNIX during the 1970s and 1980s. Such a system uses a monolithic kernel, the Linux kernel, which handles process control, networking, and peripheral and file system access. Device drivers are integrated directly with the kernel. Separate projects that interface with the kernel provide much of the system's higher-level functionality. The GNU user land is an important part of most Linux-based systems, providing the most common implementation of the C library, a popular shell, and many of the common Unix tools which carry out many basic operating system tasks. The graphical user interface (or GUI) used by most Linux systems is based on the X Window System.

Unix (officially trademarked as UNIX, sometimes also written as UNIX with small caps) is a computer operating system originally developed in 1969 by a group of AT&T employees at Bell Labs, including Ken Thompson, Dennis Ritchie, Brian Kernighan, Douglas McIlroy, and Joe Ossanna. Today's UNIX systems are split into various branches, developed over time by AT&T as well as various commercial vendors and non-profit organizations. As of 2007, the owner of the trademark is The Open Group, an industry standards consortium. Only systems fully compliant with and certified according to the Single UNIX Specification are qualified to use the trademark; others are called "Unix system-like" or "Unix-like".


UNIX operating systems are widely used in both servers and workstations. UNIX was designed to be portable, multi-tasking and multiuser in a time-sharing configuration. In 1983, Richard Stallman announced the GNU project, an ambitious effort to create a free software Unix-like system; "free" in that everyone who received a copy would be free to use, study, modify, and redistribute it. The GNU project's own kernel development project, GNU Hurd, had not produced a working kernel, but in 1992 Linus Torvalds released the Linux kernel as free software under the GNU General Public License. In addition to their use in the Linux operating system, many GNU packages — such as the GNU Compiler Collection (and the rest of the GNU toolchain), the GNU C library and the GNU core utilities — have gone on to play central roles in other free Unix systems as well.

MINIX is a Unix-like computer operating system based on microkernel architecture. Andrew S. Tanenbaum wrote the operating system to be used for educational purposes; MINIX also inspired the creation of the Linux kernel. Its name is a portmanteau of the words minimal and UNIX. Minix has been free and open source software since it was released under the BSD license in April 2000. Andrew S. Tanenbaum created MINIX at Vrije Universiteit in Amsterdam to exemplify the principles conveyed in his textbook, Operating Systems Design and Implementation (1987). An abridged 12,000 lines of the C source code of the kernel, memory manager, and file system of MINIX 1.0 are printed in the book. Prentice-Hall also released MINIX source code and binaries on floppy disk with a reference manual. MINIX 1 was system-call compatible with Seventh Edition Unix.


A Linux-based system is a modular Unix-like operating system. It derives much of its basic design from principles established in UNIX during the 1970s and 1980s. Such a system uses a monolithic kernel, the Linux kernel, which handles process control, networking, and peripheral and file system access. Device drivers are integrated directly with the kernel. Separate projects that interface with the kernel provide much of the system's higher-level functionality. The GNU userland is an important part of most Linux-based systems, providing the most common implementation of the C library, a popular shell, and many of the common Unix tools which carry out many basic operating system tasks. The graphical user interface (or GUI) used by most Linux systems is based on the X Window System. Linux distributions, comprising Linux and large collections of compatible software have become popular both with individual users and in business. Popular distributions include Red Hat Enterprise Linux, Fedora, SUSE Linux Enterprise, openSUSE, Debian GNU/Linux, Ubuntu, Mandriva Linux, Slackware Linux and Gentoo.

Linux Desktops



GNOME is a desktop environment—a graphical user interface which runs on top of a computer operating system—composed entirely of free software. It is an international project that includes creating software development frameworks, selecting application software for the desktop, and working on the programs which manage application launching, file handling, and window and task management. GNOME is part of the GNU Project and can be used with various Unix-like operating systems, most notably those built on top of the Linux kernel and the GNU userland, and as part of Java Desktop System in Solaris.

KDE is a free software project based around its flagship product, a desktop environment mainly for Unix-like systems. The goal of the project is to provide basic desktop functions and applications for daily needs as well as tools and documentation for developers to write stand-alone applications for the system. In this regard, the KDE project serves as an umbrella project for many standalone applications and smaller projects that are based on KDE technology. These include KOffice, KDevelop, Amarok, K3b and many others. KDE software is based on the Qt toolkit. The original GPL version of this toolkit only existed for the X11 platform, but with the release of Qt 4, GPL versions are available for all platforms. This allows KDE software based on Qt 4 to also be distributed to Microsoft Windows and Mac OS X.




Open Source Software Development
Developed on the Web No Single Vendor

Low Cost


Community Developed & Owned

Small & Modular

Standards Based


Open Source Software
In 1979, AT&T introduces their Unix License, which is actually even by today is pretty much expensive. For educational institutions, you can get one CPU license for 7500 Dollars (Rs. 3,75,000) per CPU and if you want a full commercial license, it will cost you around 60,000 Dollars (Rs. 30,00,000) per CPU. Richard Matthew Stallman, an American Software freedom activist, a hacker and software developer, started the Free Software Foundation and the GNU Project. He pioneered and created GPL (General Public License) for the GNU Project, which is a widely used free software license and is the most popular and well-known example of Copyleft license. Stallman’s goal was to produce one license that could be used for any project, thus making it possible for many projects to share code. This Software Foundation is designed to promote Free and Open source software or software which is liberally licensed to grant the right of users to study, change, and improve its design through the availability of its source code. Open Source is a term, developed in 1997, to represent free software that is distributed with the source files. End users can modify and recompile the software to meet their needs. For instance:for x:= 0 to 100 do { if x == 50 print “halfway done” else print x }


Closed Source means any software that is distributed without the source files. End users cannot modify and recompile the software according to their needs. For instance:00011101010111110000100011111000011100111110000000111111010101 010101100110010101010101011111001110101011111111000001111110000 1111000011111110010101010100101110011001010111010000001011010 01010101010101101010001111100100000000001111000011100001001 01010111010101011001111000011100011111000111110000011111000011 11111000111100011010101010100011111001010101010111100001010101 010010001001110101010001001011010101010101010101010101010101

Copyleft: - Copyleft is a play on the word copyright to describe the practice
of using copyright law to remove restrictions on distributing copies. It is a form of licensing and can be used to modify copyrights for works such as computer software, documents, music and art.

GNU General Public License: - The GPL grants the recipients of a
computer program the rights of the free software definition and uses copyleft to ensure the freedoms are preserved, even when the work is changed or added to. Open Source software is software licensed under an agreement that conforms to the Open Source definition:
     

Access to Source code. Freedom to Redistribute. Freedom to Modify. Non-Discriminatory Licensing (licensee/product). Integrity of Authorship. Redistribution in accordance with the Open Source License Agreement.


Any Developer/Licensor can draft an agreement that conforms to the Open Source Development, though most licensors use existing agreements
 GNU Public License (“GPL”)  Lesser/Library GNU Public License (“LGPL”)  Mozilla Public License.  Berkeley Software Distribution License (“BSD”)  Apache Software License.  Two widely used open source licenses have “Copyleft” provisions.
 GNU Public License (“GPL”)  Lesser GNU Public License or Library GNU Public License (“LGPL”)

 Most Other licenses do not have Copyleft terms.  Project-Based Development by Informal Networks
 Maintainers
 Corporations (IBM, HP, Sun)  Non-Profit Foundations (Apache Software Foundation)  Individuals (Linus Torvalds)

 Contributors  Users

 Distribution, Updates and Upgrades.  Third Party Vendors


Examples of Open Source Software
     Linux (Operating system kernel-substitutes for proprietary UNIX) Apache Web Server (Web Server for UNIX systems) MySQL (Structured Query Language – competes with Oracle) Cloudspace, Eclipse (IBM contributions) OpenOffice (Open source implementation of Sun’s StarOffice)

Preference Reasons for using Open Source Software
 Cost Savings.  Stability.  No forced upgrades.  Access and broad rights to source code.  Ability to define and expedite new development.  Access to skilled community of developers.  Migration cost.  Copyleft provisions of GPL, LGPL and similar licenses.  Uncertainty about open development model.


Linux Architecture
I. Component Facts. 25 27 28 29 31 35 43 45 47 52 53

II. Directory Contents. III. Computer Roles. IV. Installation Facts. V. Users & Groups. VI. Managing the File System. VII. Services. VIII. Boot & Shutdown. IX. Networking. X. Security. XI. Troubleshooting.



Component Facts

The Linux operating system is a modular system, which means that the components can function without affecting one another. Because of its modular nature, you can create a highly customized Linux operating system based on your individual requirements. The table below lists the modules typical to Linux. Each component (or set of components) is generally developed independently, and each component offers functionality while minimally affecting the other components.
Component Kernel Description
 The kernel is the core component of the


The kernel is constantly being updated. operating system. Current and previous kernel versions can  The kernel coordinates communication be found at www.kernel.org. between the hardware and other software components.  The kernel is the only component that is technically Linux. All other components are addons that turn the system into a fully-functional operating system.
 The shell is the user interface that accepts and


interprets commands (either from a command prompt or a script) and forwards them to the kernel.  A Linux shell is comparable to the DOS interpreter/DOS prompt. Graphical User Interface (GUI)
 The GUI is responsible for drawing graphical

bash (Bourne-Again Shell) is the most common (and default) Linux shell. It is an enhancement of the original Bourne shell (sh). tcsh is an enhanced version of the Berkeley UNIX C-shell (csh).

XWindows is the most common GUI elements on the computer screen. system. X Windows works in conjunction  The Linux GUI was designed to work the same with an X Client to render the GUI. X way regardless of the video hardware on the Windows is capable of running as a server and sending the GUI images to computer system separate machines running an X Client. Xfree86 is the most common X Client


Window Manager/Desktop Environment

 A Windows emulator is an implementation of

KDE (Kommon Desktop Environment), the Microsoft Windows API. which uses the K Window Manager  The emulator lets you run Windows applications (kwm) and comes with the Qt toolkit on Linux without running the Windows for C++. operating system. GNOME (GNU Object Model Environment) does not specify a window manager because its design allows use of any window manager. However, it does use Metacity as a default window manager in the absence of a window manager. GNOME requires the use of the GIMP Toolkit (GTK) to render the full GNOME desktop.

Boot Loader

 A boot loader runs after the system executes

the BIOS ROM and POST functions.
 It loads the Linux kernel from the boot partition

LILO (LInux LOader) is the most common bootloader. GRUB (GRand Unified Bootloader) is a new bootloader that offers extra functionality. SMB/Samba NFS LPR CUPS Apache Tomcat

on the hard disk.  It is also used to boot other operating systems present on the computer. Daemons (Services)
 Daemons

are programs that run in the File/Print Services background, providing additional functionality to a system.  The Windows equivalent of a daemon is a Print services service. Web Server

Domain Name Service BIND (DNS) E-mail Firewall Sendmail Postfix ipchains Smoothwall Astaro Security Linux Squid

Proxy Server



Directory Contents

The unified file system uses a single root directory that contains various other directories. File systems from other hard drive partitions mount to directories beneath the root directory, providing access to a single directory structure.
Directory Description / The / character represents the root directory of the Linux system. All directories are below the / (root directory) of the system. /bin The /bin directory contains binary commands that are available to all users. /boot The /boot directory contains the kernel and boot loader files. /dev The /dev directory contains device files. /etc The /etc directory contains configuration files specific to the system. /home The /home directory contains by default the user home directories. /initrd The /initrd directory is used during the boot process to hold the initial RAM drive image. /lib The /lib directory contains shared program libraries and kernel modules. /media The /media directory contains the /cdrom and /floppy directories. It is the point where CD-ROM and floppy drives can be mounted according to the FHS (Filesystem Hierarchy Standard) v2.3. /mnt The /mnt directory is an empty directory. This was the mount point for CD-ROM and floppy drives prior to FHS v2.3. /opt The /opt directory contains the additional programs. /proc The /proc directory contains information about the system state and processes. /root The /root directory is the root user's home directory. Do not confuse /root with the root of the system (/). /sbin The /sbin directory contains system binary commands. /srv The /srv directory contains files for services like the FTP and Web servers. /sys The /sys directory is new with release 2.6. It takes some of the system state date that was previously contained in /proc. /tmp The /tmp directory contains temporary files created by programs during system use. /usr The /usr directory contains system commands and utilities. /usr holds the following directories:  /usr/bin  /usr/lib  /usr/local  /usr/sbin  /usr/X11R6 (for the X Window system) Depending on the implementation, the /usr directory might also include the /usr/doc subdirectory (or /usr/share/doc subdirectory) to hold documentation accessible to all users. /var The /var directory contains data files that change constantly. Standard subdirectories include:  /var/mail (holds e-mail in boxes)  /var/spool (holds files waiting for processing, such as print jobs or scheduled jobs)  /var/www (holds www or proxy cache files)



Computer Roles

Before you install Linux, you should know how you'll use the system. The way the system is used will determine what kinds of components you should select to install. The table below lists common deployments for Linux systems and the components those deployments should include.
Role Desktop Description A desktop implementation is targeted to the end-user in environments such as home-based computers (for gaming, multi-media, or Web surfing) or home offices. Common Components  Graphical desktop  Web browser (like Mozilla)  E-mail client  Productivity tools (an office productivity suite like GNOME Office, for example)  Sound, graphics, and video support  Gaming support
           



A workstation implementation is for large corporate installation, system administrators, or developers. Office workstations often have more business productivity applications while workstations for software developers and system administrators have tools for creating and compiling software and administering network resources. A server provides networking services to multiple users or to other computers. Because end users do not typically log on to a server directly, graphical and multimedia components are often not installed on servers to conserve system resources and eliminate sources of problems. Linux can provide many different services (e.g., file, email, and Web services) on one machine unless it is being accessed by a very large number of people.

Word processor Database editor Desktop publishing applications Spreadsheet applications E-mail applications Development tools System administration tools Mail services Routing Proxy service FTP service Web services (to allow users to access information, like an online catalog for example, through a Web browser) Network file system (NFS) (for file sharing) Storage (e.g., an appliance server) Database services (for storing client information, for example)

  



Installation Facts

Depending on your organization and how you will deploy Linux, you have several choices of how to access the Linux source files to complete the installation. Listed below are several different methods you can use. (Before performing any installation, check the hardware compatibility list (HCL) for the Linux version you've selected to make sure your system components are supported.)
Installation File Description Location CD-ROM or Installation source files are on a disk or other removable media such as: removable  USB, Firewire devices media  Floppy, Zip disk (multiple disks might be required)  CD-ROM Use this method if you have access to portable installation source files. Network Installation files are located on a shared directory on the network. To complete the installation, you must: 1. Copy the source files to a shared network location. 2. Boot the computer to a limited version operating system with networking support (typically from a boot floppy). Make sure the computer uses the appropriate protocols to connect to the network share (FTP, SMB, NFS). 3. Connect to the network share and start the installation. Using this method, the computer does not need a drive for accessing the installation files, and you can start multiple installs with a single source. Disk imaging Using disk imaging, you install Linux on one system. You then use imaging tools (or even backup/restore utilities) to replicate the installation to other computers. Use this method to install Linux quickly on multiple systems. In most cases, the hardware in each system must be identical.

When you start the install program, you can often choose how to interact with the installation program. The following table compares various methods.


Installatio n Method GUI install

Description With the GUI method, you make installation choices using the mouse and keyboard from graphical installation screen. The GUI install is the default install for most distributions. A text install bypasses the GUI screens, giving you basic text screens instead. Use the text install if the system has video card problems or low video support. In a scripted installation, you answer all installation questions ahead of time. Your responses are stored in a file that is then read by the install program. The installation progresses without interaction. Use this system for a fully automated install and to quickly install on multiple systems.

Text install Scripted

Although the installation process differs depending on the distribution, the following list represents a fairly generic installation process you will follow:
1. Identify network requirements, select a distribution, identify the computer role, and verify that all hardware meets system requirements 2. Select an installation file location and installation method 3. Start the installation 4. Choose the installation language and the system keyboard and mouse 5. Partition the hard disk 6. Configure the boot loader 7. Configure the network and firewall 8. Choose a system language and time zone 9. Create user accounts and configure authentication 10. Select components and services to install 11. Configure the video hardware 12. Install components and create boot disks 13. Select monitor and X Windows settings

During installation, the super user account, called the root user, is created. Following installation, you can log on to Linux by typing root as the username and then supplying the password you entered during installation. Red Hat Linux provides you with the redhat-config-language command that runs with an active X server occurrence to change the default language on your system after installation. Linux systems can determine the date and time in three ways:


 

Set the system clock to GMT (Greenwich-Meridian time) and then use the correct time zone to interpolate the local time. Set the system clock to the local time. NTP (network time protocol) to automatically synchronize the system date and time with time servers on the network/Internet.


Users & Groups

User accounts control the ability to log on to a system, access resources, and perform certain actions. Groups provide a means of grouping users for administrative purposes such as assigning permissions to files. When you work with users and groups, you will use a friendly name (such as mary or sales) to refer to the user or group. However, the system uses ID numbers to identify users and groups.
  

The user ID (UID) and the group ID (GID) are typically automatically assigned by the system (although in some cases you can modify the ID number if you like). The root user has a UID of 0. Users you create are assigned UIDs 500 and above.

Users can be members of two different group types:

Primary group (also called the private group). By default, when you create a user, a corresponding group is also created. The user is the only member of this group. When you create files and directories, the primary group is automatically made the owner of those files. Secondary groups. Secondary groups are groups you create. You assign members to those groups, and then use permissions to control access to files.

Note: The primary group is just a group like any other group. The only difference is that the user account specifically identifies the primary group for each user. The user and group databases are stored in the following files:


File /etc/passwd

Description Holds user account information including the user name, UID, primary group membership, and the home directory location. /etc/shadow Holds passwords and password expiration information for user accounts. Using a separate file increases the security of the user passwords. /etc/group Holds group information including the group name, GID, and group membership information. /etc/gshadow Holds passwords for groups.

 Users Command & Files
User account information is stored in two different files. The table below describes these files and their sample content.
File /etc/passwd Contents Each line identifies a user account. Each line contains multiple fields, with each field separated by a colon. Shown below is a sample line from the passwd file: pclark:x:501:501:Petunia Clark:/home/pclark:/bin/bash The fields within this line are as follows: 1. User account name. 2. Password. An x in the field indicates passwords are stored in the /etc/shadow file. 3. User ID number. 4. Primary group ID number, typically this number matches the UID number. 5. GECOS field, typically used for a description or the user's full name. 6. Path to the home directory. 7. Path to the default shell. /etc/shadow Like the /etc/passwd file, each line corresponds to a user account. Each line consists of fields separated by colons. Shown below is a sample entry: pclark:$ab7Y56gu9bs:12567:0:99999:7::: 1. User account name. 2. Password. The $ in front of the password identifies the password as an encrypted entry.


3. Last change. The date of the most recent password change, measured in the number of days since 1 January 1970. 4. Minimum password age. The minimum number of days the user must wait before changing the password. 5. Maximum password age. The maximum number of days between password changes. 6. Password change warning. The number of days a user is warned before the password must be changed. 7. Grace logins. The number of days the user can log in without changing the password. 8. Disable time. The number of days since 1 January 1970, after which the account will be disabled.

Although it is possible to edit the passwd and shadow files manually to manage user accounts, doing so can disable your system. Instead, use a GUI utility or the following commands to manage user accounts.
Use... useradd name To... Example Create a user account. By default, when useradd pmaxwell creates the pmaxwell you create a user account, you create a user account home directory for that user with the same name under /home/username. Add a description for the account in the GECOS field of /etc/passwd. Assign an absolute pathname to a custom home directory location.

useradd -c text name

useradd -c "Paul Morrill" pmorril creates the pmorril account with a comment useradd -d path name useradd -d /tmpusr/sales1 sales1 creates the sales1 user account with home directory located at /tmpusr/sales1 useradd -u ID name Assign the user a custom UID. This is useful useradd -u 789 dphilips creates the if you want to assign ownership of files and dphilips account with user ID 789 directories to a different user. usermod name Modify an existing user account. usermod usermod -c "Paul Morril" pmorril changes uses the same switches as useradd. the comment field for user pmorril usermod -l newname Rename a user account. When renaming usermod -l esmith -d /home/esmith -m the account, use the -d switch to rename ejones renames the ejones account to name the home directory, and use the -m switch esmith, renames the home directory, and to copy all files from the existing home moves the old home directory contents to directory to the new home directory. the new location usermod -s path name Modifies the default shell setting for the usermod -s /bin/tsch esmith points the user account. shell for esmith to /bin/tsch userdel name Remove the user from the system. userdel pmaxwell deletes the pmaxwell account while leaving the home directory on the system Remove the user and the user's home userdel -r pmorril removes both the directory. account and the home directory

userdel -r name

Note: If you ever edit the user database files manually, use the vipw command. This command locks the user files and opens them in vi for editing.


 Group Commands & Files
Group information is stored in two different files. The table below describes these files and their sample content.
File /etc/group Contents Each line identifies a group. Each line contains multiple fields, with each field separated by a colon. Shown below is a sample line from the passwd file: sales:x:510:pclark,mmckay,hsamson The fields within this line are as follows: 1. Group name. 2. Group password, this field will have an x if group passwords are contained in the gshadow file. 3. Group ID. 4. Group members, a comma-separated list of user accounts that are members of the group. /etc/gshadow Like the /etc/group file, each line corresponds to a group. Each line consists of fields separated by colons. Shown below is a sample entry: sales:!:pclark:pclark,mmckay,hsamson The fields within this line are as follows: 1. Group name 2. Group password. The group password allows users to add themselves as members of the account. If the field contains a single exclamation point (!), the group account cannot be accessed using the password. If the field contains a double exclamation point (!!), no password has been assigned to the group account (and it cannot be accessed using the password). If there is no value, only group members can log in to the group account. 3. Administrators. This field contains a list of users (in comma-delimited format) who have authorization to administer the account. 4. Group members, a comma-separated list of user accounts that are members of the group.

Use the commands in the table below to manage Linux groups.


Use... groupadd name groupmod -n newname name groupdel name gpasswd name

To... Create a group. Change the name of a group. Delete a group.

Example groupadd sales creates the sales group groupmod -n sales2 sales renames the sales group to sales2 groupdel mktg deletes the mktg group

Change a group password (use Typing gpasswd sales prompts you to type the group the -r option to remove a group password password). Log in to a new group. You must Typing newgrp sales prompts you for the password for the have the group password to sales group so you can log in complete this command. -g Assign a user to a primary useradd -g pmaxwell pmaxwell assigns primary group group. membership for user pmaxwell to the pmaxwell group Assign a user to a secondary group (or groups). Follow the command with a commaseparated list of groups. usermod -G sales,mktg pmorril removes all existing group assignments for pmorril and makes the user account a member of the sales and mktg groups. (You can remove a user from all secondary groups by using the command usermod -G "" user.)

newgrp name

usermod group user usermod -G group1,group2 user

Note: When you assign a user to one or more secondary groups, all existing secondary group membership is removed before assigning the user account to the listed groups.

VI. Managing the File system  Permission Facts
Every file has an inode (information node) that stores information about the file, including when the file was last modified, file size, data block location, permissions, and ownership (remember, directories are also files in the Linux system). The portion of the inode that stores permission information is called the mode. The mode has three sections:
  

User (owner) permissions Group (group owner) permissions Other (everyone on the Linux system) permissions

There are three types of permissions contained in the mode, each of which is described in the table below.


Permission Letter Abbreviation Read Write r w

Octal Value 100 (binary) 4 (decimal) 10 (binary) 2 (decimal) 1 (binary & decimal)

Allowed Actions on Files Open and read the file Open, read, and edit the file

Allowed Actions on Directories List directory contents if the execute permission is also present Add, delete, and rename files if the execute permission is also present



Execute the file (if it's a Enter the directory and work with program file) or the shell script its contents

When you identify permissions, you can either use the letter abbreviation (r, w, x), or the octal number that corresponds to the permission. The following graphic shows a detailed depiction of how permissions are displayed and how they can be referenced.

You should note the following facts about the mode:
   

A d preceding the permissions indicates that the object is a directory. A - identifies a file (the example above is for a file). Permissions are grouped according to user, group, or other permissions. If a permission has not been assigned, a - takes its place in order. When using numbers to represent permissions, add the decimal numbers together within each permission group. Then string the numbers together. For example, the permissions in the graphic above can be represented by the number 764. The root user has all permissions to files and directories regardless of what the mode indicates.


Default Permissions and Umask
By default, files receive rw-rw-rw- (666) permissions, and directories receive rwxrwxrwx (777) permissions when they are created. In most cases, the default assignment gives excessive permission to files and directories. You can customize the default permission assignments by setting a umask. The umask identifies which permissions are removed from the default permissions when files and directories are created. The following table shows what happens when you set a umask value of 022.
Files 666 rw-rw-rw022 644 rw-r--r-Directories 777 rwxrwxrwx 755 rwxr-xr-x

Default Permission Umask Result

In the example above, when you create a file, the umask value (022) is subtracted from the default permissions for new files (666). This gives you permissions of 666 - 022 = 644 or rw-r--r--. Note: When subtracting permissions using the umask, use binary math (not decimal math) to identify the exact permissions removed. Be sure to remove permissions from the system defaults, not from all permissions (777 for both files and directories). Additional examples of umask calculations are:
 

A umask of 066 results in file permissions of rw-------- (600) and directory permissions of rwx--x--x (711). A umask of 033 results in file permissions of rw-r--r-- (644) and directory permissions of rwxr--r-- (744). Notice that the file permissions are not 633 as you would get if you performed decimal math using the umask setting. A umask of 011 results in no changes to file permissions (the x permission is already removed by default) and directory permissions of rwxrw-rw- (766).


 Ownership Facts
When a user creates a file (or directory), the user and the user's primary group receive ownership for the file (or directory). File ownership determines which users are allowed to change the file's ownership and permissions. Only a file owner and the root user can change file ownership or permissions. The three permission settings in the table below comprise a "fourth group" that also affects file ownership. You need to understand how to work with these settings in conjunction with permissions.
Setting Octal Description Abbreviation SUID s in the execute permission 100 (binary) If the SUID bit is set, the program will run with the (Set position of the user 4 (decimal) permissions of the file owner, not with the permissions of User ID) permissions the user who runs the program. Example: rwsrw-rwThe most common use of SUID is to allow users to run a command as the root user. Users do not become the root user, but rather the command or program runs as if executed by the root user. Some programs require the SUID bit set for proper functionality. Be careful in setting the SUID bit as it could give a program too many permissions. SGID s in the execute permission 10 (binary) If the SGID bit is set, the program will run with the group (Set position of the group 2 (decimal) permissions of the group owner. Group permissions This can also present security risks to your system. ID) Example: rwxrwsrwSticky t in the execute permission 1 (binary and This marks the file in such a way as to prevent the file's position of the other decimal) deletion from the system by anyone except the file owner. Bit permissions Setting the sticky bit works particularly well with shared Example: rwxrw-rwt files. Letter Abbreviation

Each fourth group setting precedes the standard octal representation of a set of permissions. For example:  4421 sets the SUID  2421 sets the SGID  1421 sets the sticky bit  6421 sets both the SUID and SGID  7421 sets all three


 Permission Commands
The table below lists the most common commands for managing file permissions.
Use... To... Example chmod Add a permission for a user, group, or chmod u+x,g+x,o+x myfile category+permission other (category) to a file. filename This syntax adds the execute permission to the file myfile for user, group, and other. chmod category permission filename Remove a permission for a user, group, or other from a file. chmod g-w,o-w myfile This syntax removes the write permission for group and other from the file myfile. chmod u=rwx myfile This syntax grants the user read, write, and execute permission for the file myfile.

chmod Makes the permission equal to the category=permission permission specified for the user, filename group, or other for the file. chmod number filename

umask umask number

Sets the permissions for the file chmod 711 myfile according to the numbers represented for each mode category. This syntax grants the user read, write, and execute permission (7) while group and other both receive execute permission (1) for the file myfile. View the current umask setting 022 is the typical umask setting. Change the default umask (normally umask 007 022). This syntax sets the umask to remove nothing from the user or group but to remove all permissions from other.

 Ownership Commands
The table below lists the most common commands for managing file ownership.
Use... To... Example ls -l View a long file listing. A long file listing shows the ownership, drwxr-xr-x 22 root root 4096 Jun 19 15:01 permissions, and names for the files (among other sales information).


chown user filename Change the ownership of a file (or directory). Only the root user or owner of the file can execute this command. chown -R user Change the ownership of the file recursively throughout the directory tree. filename chown user:group filename chown :group filename chgrp group filename

chown pmorril /sales/report makes pmorril the user owner of the /sales/report file

chown -R pmorril /sales makes pmorril the owner of all files in the /sales directory (and below) Change the user and group ownership of chown pmaxwell:sales /sales/report makes pmaxwell the user owner and sales the group the file. owner of the file Change the group owner of a file. chown :sales -R /sales makes the sales group the owner of all files in the /sales directory chgrp sales /sales/report makes the sales group the group owner of the file

 File Management Commands
The table below lists the most common file management commands.
Use... cat filename filename To... Append the second file to the end of the first and display the output on screen. Write a file to a CD-RW device. Example cat cam_proj new_specs combines the new_specs file with the cam_proj file.

cdrecord options dev=#,#,# speed=# filename cp source destination

Diff filename filename file filename(s)

cdrecord -v dev=0,0,0 speed=2 data/home/jwalton/multimedia_project writes the multimedia_project file to the CD-RW device as a data file. The -data option creates a data cd, and the -audio option creates an audio cd. The -v (verbose) option allows you to see recording progress. Copy a file to a new cp proj /ongoing/projects cp proj /ongoing/projects/proj location. When you copy a Either command copies the proj file to the /ongoing/projects file, you create a new file. directory. File ownership and permission comes from the user who ran the cp command. Find the differences diff cam_proj cam_proj1 finds the differences between the two between two files. named files. View the file type(s) for the designated file(s). file /bin/* | less shows the file type for each of the files in the /bin directory. (This command pipes the output to less to allow you to view each file line-by-line or page-by-page.)


ln filename filename

mkdir directory name mkdir -p path

Create a hard link between files. A hard link creates an exact copy of a file. You can create an unlimited number of hard links to a file, but they all have to be on the same file system. Using the -s option allows you to create a symbolic link to a file. A symbolic link is a shortcut to the original file. Create a directory. Create a directory tree structure.

ln /home/jsmith/projects/home/edunford/projects creates an exact copy of /home/jsmith/projects in /home/edunford/projects.

mkdir projects creates a projects directory in the current working directory.

mv source destination

rm filename rm -f filename rmdir directory rm -r directory

mkdir -p completed/projects creates the completed/projects subdirectory in the current working directory. Move a file to a new location. This is mv ongoing/projects/proj completed/projects/proj also the command used to rename an moves the proj file from /ongoing/projects to existing file using a new name. When /completed/projects. you move a file, permissions stay the same (although you need the permissions to move the file). Delete a file. rm proj removes the proj file the system. Delete a file without a warning rm -f proj immediately removes the proj file from the prompt. system without prompting. Delete a directory (the directory rmdir /projects -- Removes the projects directory from must be empty). the system. Delete a directory and its contents rm -rf completed/ removes the directory structure (use the -rf switches together to beginning with the /completed directory. delete without prompting). Take care rm -rf * removes all files without prompting (do not use with this command because rm -rf* this command). deletes all files in the system. Change a file's timestamp.

touch filename

touch proj changes the access and modification times of the proj file to the current time. du path List files and file sizes in and below du -c /home/badams lists all files and directories in badams' home directory along with a file size and a total the specified directory. Common amount of space taken up by the directory. switches du -c -s /home/badams shows the total amount of space include: taken up in badams' home directory.  -c list a total number for the size  -h display the output in


Human readable format (bytes, KB, MB, GB) -s list only the total, not each file df path

List the free space in the partition holding the specified directory. (Use the -h option to get human readable output.)

df /home lists the free space on the partition that holds the /home directory.

You should also know the following facts about working with files:
  

Hidden files (files not shown by the ls command) are files that start with a period. To show hidden files with the ls command, use the -a option. Commonly used commands often use aliases (an alias is a shortcut to a command). Two common aliases are o ll = ls -l o la = ls -a You can set up command aliases of your own in .bash_profile file in your home directory. This is one of several files that set the system configuration. .bash_profile executes after the systemwide profile file, /etc/profile. To execute programs: o Enter the executable name to run a program directly. (This only works for files that are on your path.) o Enter ./filename to run an executable when you are in a directory that is not on your path. o Enter the full pathname to the file to run an executable from anywhere.




Managing most services is done by executing a shell script that corresponds to the service. Shell scripts are typically located in /etc/rc.d/init.d, although a symbolic link pointing to this directory might also exist at /etc/init.d. Shell scripts contain a series of actions to start, stop, and otherwise manage the service. The table below lists the most common commands for managing services.
Use... /etc/rc.d/init.d/servicename option To... Run the shell script associated with the service. The options available depend on the shell script. Most scripts include the following options:  start  stop  status  restart  reload  * (shows a list of available options) View the status of all services Example /etc/rc.d/init.d atd start /etc/rc.d/init.d atd restart

service --status-all service servicename option

Use this command as shown to get a list of service status. Use the service command line service atd start tool to manage services (eliminates the need to type service atd restart the service's full path).

 Package Manager Facts
A package manager is a software application that installs and maintains software. The package manager maintains a database of software information that you can query to view installed software. However, package managers don't allow users to compile the software as part of the installation process. Two common package managers include:  RPM--The Red Hat Package Manager is the most widely supported package manager.  DPKG--Similar to rpm, the Debian Package Manager is designed to manage software for Debian Linux. It offers functionality equal to rpm, but it is not as widely supported or distributed.


 Package Manager Commands
The table below lists the most common rpm commands.
Use... rpm option(s) filename.version.architecture.rpm Common installation options:  -i install  -v verbose  -h hashmarks (to show progress) rpm -U filename.version.architecture.rpm To... Install a software package. Example rpm -ih mozilla- installs the Mozilla Web browser and mail reader.

Upgrade an existing software package. If the software does not exist on the system, -U acts as the -i option.

rpm -e filename

rpm -F filename

rpm -q filename Options that commonly follow -q:  -i info (detailed listing)  -l list package files  -a all (show all installed packages) rpm -qa | grep string

rpm -Uh mozilla- upgrades the Mozilla Web browser and mail reader with the newer file. Erase (uninstall) a software package. rpm -e mojo-2.8.31.i386.rpm uninstalls a Web-based mailing list manager. Upgrade a package that is already rpm -F mojo-2.9.1installed on the system. If the package 1.i386.rpm locates the doesn't exist on the system, rpm -F will package and upgrades it if not install it. an older version is currently on the system. Query the rpm database to find rpm -qi crafty-16.6 returns information about installed software information on the crafty packages. chess game.

rpm -V package name

Query the database for text that matches string. This is useful if you know part of the file name of a software application. The | (pipe) parameter redirects the results of the -qa options to the grep shell command which filters out all information that does not match string. Identify missing files in a package or package dependency.

rpm -qa | grep voicecontrol returns information on a voice recognition software package.

rpm -V bash identifies any files missing from the bash package.

Note: When using rpm to update software, you might get a message stating: cannot get shared lock on database. When you update the rpm database, the program creates a lock on the database to prevent other processes from modifying the database at the same time. To correct the error:  Close any other programs that might be using the rpm database.  Check for stale lock files (lock files that were not deleted properly) and remove them.



Boot & Shutdown

A boot loader manages the loading of the operating system and allows you to have multiple operating systems on a single system. Popular Linux boot loader utilities are:
 

LILO (LInux LOader), the original Linux boot loader. GRUB (GRand Unified Bootloader), is a recent replacement that is gaining in popularity.

PCs use the following process to boot the system:
1. At startup, the BIOS verifies system hardware, then looks for a master boot record (MBR) on a valid booting disk. Once located, it loads the first program in the MBR (this is the boot loader file). 2. The boot loader loads a small piece of code, then looks for the remaining boot loader code. This is the first stage of the boot load process. 3. For LILO, the boot loader looks in the MBR for the additional boot information. With GRUB, it can look on the /boot volume for additional boot information. The additional information includes a list of possible operating systems recognized by the boot loader. This is the second stage of the boot load process. 4. After the user has chosen the OS to boot to (or if only one is found), the boot loader locates and begins loading the corresponding kernel. It also loads the initial RAM disk image (initrd) into memory so the kernel can locate drivers needed to load the kernel. 5. With the kernel and initrd loaded, the boot loader passes control to the kernel.

LILO has a long history of stable operation, and it seems unlikely to be completely replaced by GRUB. However, listed below are some reasons why GRUB has increased in popularity.

GRUB provides an interactive command line during boot up that allows you to do the operations below: o View hardware configuration o Find and view files o Alter the GRUB configuration o Boot a selected operating system  GRUB offers a complete support system, including the following components: o Web site o Manual o FAQ o Bug tracker o Developer mailing list  GRUB can read the ext2 and ext3 filesystems (and not just the MBR), so it can read its configuration file from the /boot partition instead of having to store such information on the MBR as LILO does.


 Shutdown Command and Facts.
Turning off the power without executing the proper shutdown procedure to a computer can result in data loss and filesystem corruption. Linux provides several different shutdown options. The table below shows common commands for shutting down the system.
Use... shutdown -h now halt or init 0 shutdown –r now reboot or init 6 shutdown -h time shutdown –r time To... Shut the system down immediately.

Shut the system down immediately and reboot.

Shut the system down in the designated amount of time. Examples:  shutdown -h +5 shuts the system down in five minutes.  shutdown -h 22:00 shuts the system down at 10:00 pm.  shutdown -r +15 reboots the system in 15 minutes.  shutdown -r 24:00 reboots the system at midnight. shutdown -c Terminate the shutdown process. (You can also press Ctrl + c on the keyboard.) shutdown -rf Reboots the system and skips the fsck utility on reboot (the -f parameter stands for fast). Example: time  shutdown -r +15 reboots the system in 15 minutes and skips fsck. shutdown -k Sends a warning message, but doesn't really shut down. If used in combination with -h or -r, it will terminate the shutdown process after the message is sent. shutdown -a The system uses the /etc/shutdown.allow file to verify who can shut down the system. The most common use of this switch is to edit the /etc/inittab file and add the -a switch to the CTRL-ALT-DELETE section. When the switch is present, if the shutdown.allow file exists, shutdown checks to see if a listed user or root is logged on.  If so, the system shuts down.  If not, shutdown is not allowed.  If the file does not exist, there are no restrictions on who can shut down the system.

When you use the shutdown command to power the computer off, the system does the following:
 

Sends a SIGTERM message to open programs to allow them to close. Notifies logged on users that the shutdown process has initiated and the length of time before shut down.  Blocks users from logging into the system.  Uses init and /etc/inittab to shut down processes and the system. The shutdown command executes the shutdown process listed in inittab.



Many of the network services you run on Linux are administered by xinetd, a service known as a super server. A super server listens on behalf of other services to start and stop them as necessary. Xinetd starts when the system boots up. Its configuration file is /etc/xinetd.conf, and most of the daemons it manages are located in the /etc/xinetd.d directory. Xinetd has come to replace inetd in modern Linux distributions in large part because it is more secure than inetd. For example, unlike inetd which depended on tcpd to access hosts.allow and hosts.deny, xinetd does not to rely on external programs to manage its security; it can access hosts.allow and hosts.deny directly. Using xinetd, you can also place limits on incoming connections. There are two ways you can enable services to be managed by the xinetd super server. You can either add a section to the /etc/xinetd.conf file describing the service, or you can create a file containing the service description in the /etc/xinetd.d directory. The table below describes the most common network services.
Service Apache Web server BIND DNS server Description Server Component Used to serve Web pages to httpd computers across a network. Client Component Web browser (Mozilla is a popular Linux Web browser) Any application that needs to resolve domain names nslookup dig dhcpcd dhclient pump (to manage client connections) Commands and Configuration Files /etc/httpd/conf/httpd.conf is the main configuration file. /var/www holds WWW and proxy cache files. /etc/named.conf zone files are stored in the /var/named directory

Provides name resolution services.



Dynamically assigns IP dhcpd addresses and other TCP/IP configuration information to network hosts.




Used to transfer across networks.

files ftpd


Network file service allows nfsd Linux systems to share files across a network


NIS uses multiple files. For username and password information, it builds a special database from your passwd and shadow files. When you change your Linux users, you must re-export them to NIS. The /var/yp directory holds the NIS user database files. SMB/Samba Samba is the open source smbd and smb4k utility The /etc/samba directory stores samba server message block nmbd to browse configuration files (SMB) service. Windows computers  smb.conf (main configuration uses SMB, so Samba allows and shares file) integration of Linux and  smbpasswd (stores samba user Windows file sharing. information) smbmount to mount the smbfs file system smbpasswd -a name to associate Samba users with established user accounts and change user passwords. Squid proxy Allows networked squid server computers to share one Internet connection SSH Secure shell provides opensshd encrypted communication (replaces telnet) Generally a /etc/squid/squid.conf is the main Web browser configuration file. /var/www holds proxy cache files. ssh (remote /etc/ssh directory stores configuration shell) files scp (secure copy) sftp (secure FTP) Clients /etc/radiusd accessing the server remotely

A centralized user database ypserv for local network yppasswdd authentication. ypxfrd

ftp from the command line Web browsers GUI clients mount command to access data on storage devices ypbind


/etc/exports exportfs -r command to export the share to the network users


Provides centralized radiusd authentication and accounting for remote access (dial-in) services.


SendMail Provides e-mail sendmail services.

Multiple e-mail clients, /etc/sendmail.cf or /etc/mail/sendmail.cf often integrated with a configures the server. Web browser. /etc/aliases maps mail names to user names. The .forward file in the user home directory redirects incoming mail messages to other e-mail addresses. The /var/mail directory holds user mailbox files (this might be a symbolic link to another location).

Note: You can manage each service independently, or use the linuxconf tool. Linuxconf is a graphical tool that lets you view and manage many different networking services in a single tool.

 NIS Facts
A common way to allow centralized logins is to set up an NIS server. An NIS server allows you to coordinate common configuration files like /etc/passwd and /etc/shadow across several Linux machines. Use ypserv.rpm to install the NIS service. This packet installs the following daemons, which are the core services to run an NIS server:  ypserv  yppasswdd  ypxfrd After you've installed the ypserv.rpm, use the following steps to configure the NIS server: 1. Add the following line to /etc/sysconfig/network: NISDOMAIN=domain_name. 2. Start the NIS services. You can do this with one of the following sets of commands at the command line: o chkconfig daemon on (replacing daemon with ypserv, yppasswdd, or ypxfrd) o /etc/init.d/daemon start (replacing daemon with ypserv, yppasswdd, or ypxfrd) 3. Switch to /usr/lib/yp and run ./ypinit -m to create the yp database. 4. Add users to the local passwd file, then run make -C /var/yp to rebuild the yp database from the /usr/lib/yp directory. You can also use the ypmake command.


After setting up the NIS server and creating the yp database, you need to configure client computers to use the NIS server for authentication. Use the following steps: 1. 2. 3. 4. Run the Authentication tool from the GUI. Identify the domain and NIS server. Enter ypbind at the command line to start the NIS client. Locate the NIS server by entering ypwhich at the command line.

 Remote Access and Administration
Not only can you have multiple users logged on to a computer at a time, you can also log in to a computer over the network. This is useful in case you want to copy files or manage the remote computer. Listed below are common tools that let you connect to remote systems.
Tool Telnet FTP (File Transfer Protocol) SFTP (Secure FTP) SSH (Secure Shell) Command Syntax telnet address ftp address Examples telnet opens a remote session with the server. ftp opens an interactive FTP session with the server, allowing you to transfer files. sftp prowley@ logs in using SSH and provides you a secure FTP session. ssh ssh prowley@ logs in and opens a secure remote session (similar to Telnet). ssh -l tsampson my.network.com logs in to my.network.com as the user tsampson. scp /sales/report prowley@ securely transfers the report file from the local system to the remote computer.

sftp user@server

ssh server ssh user@server ssh -l user hostname

scp (Secure Copy)

scp source user@server:destination

When using Telnet to connect to a remote computer, you cannot log in as the root user. Instead, log in as another user, then use the su command to switch to the root user within the Telnet session. The /etc/ftpusers file contains the names of users who do not have ftp login privileges.


 Networking Commands and Files
Linux uses the following files for network configuration information.
File or Directory Description /etc/init.d/network Script file that loads and unloads networking services. /etc/sysconfig/network- Network configuration file directory. In this directory, you'll find individual device configuration files by locating files named ifcfg-device_name (e.g., ifcfg-eth0). You can edit scripts these individual files to modify the following settings:  Boot protocol (static, DHCP, or BootP)  Autoconfiguration information  IP Address, mask, and gateway (for static configurations) /etc/hosts /etc/resolv.conf IP address-to-host name files used for name resolution. (A host name is also called a fully qualified domain name or FQDN.) Entries in the /etc/hosts file need only two fields - the IP address followed by the host name. Any entries after these two entries are either aliases, or if preceded by a # sign, a comment about the entry. Holds the variables that define the host and domain names.


The table below shows common commands for configuring network settings.
Use... service network option To... Example Starts, restarts, or stops networking service network start services. service network restart service network stop ifconfig interface Create a static IP configuration. You ifconfig eth0 netmask can also start or stop a network configures a static IP address parameters and subnet mask for eth0 interface with ifconfig. Common ifconfig ifconfig eth0 up starts the eth0 device parameters: (conversely, down stops the device)  address interface's IP address  netmask interface's subnet mask  up activate interface  down deactivate interface's ifup interface Start a network interface. ifup eth1 ifdown interface Stop a network interface. ifdown eth1 route add options target Add or delete a static route for the route add default gw eth1 adds route del options target target. the default gateway to eth1.


Use the following commands to view network configuration information:
  

Use ifconfig to view configuration information for network interfaces. Use route to view the routing table and the default gateway. Use arp to view the ARP cache (MAC address-to-IP address mappings).



 User Account Security
Listed below are some recommendations to follow in securing user accounts:
  

  

Use shadow passwords. Check for an x in the password field of /etc/passwd. If it is not there, use pwconv to enable shadow passwords. Enforce password expiration to make users change their passwords periodically. Ensure complex passwords are used. Complex passwords: o Contain six to nine characters (or more) o Contain all of the following:  Upper case letters  Lower case letters  Numbers  Special characters (such as &, $, #, etc.)  Alt characters (such as Æ, µ, £, etc.) o Do not contain recognizable patterns (such as words) o Do not contain personal information (such as the user name) Lock user accounts that will be inactive for a long period of time. Lock or delete user accounts that are no longer needed. Do not use the root user account for regular tasks. Use the su -c or sudo commands to run commands as the root user, or switch to the root user to complete administration tasks. Log out of the root user after completing all necessary tasks.

 Netwok Security Tools
Linux includes several tools that help you manage network security. The following table lists several tool types with Linux examples.


Tool Type Firewall

Port Scanner

Linux Tool ipchains (kernel 2.2 and earlier) iptables (kernel 2.4 and later) nmap

Protocol Analyzer Intrusion Detection System (IDS)

Description A firewall is a set of features that prevents or allows packets based on specific traffic characteristics. For example, you can restrict traffic based on IP addresses or TCP protocol. To protect a server or your network, you should only allow traffic that is necessary for the services on your network. A port scanner checks for open or closed ports on a computer. Network services use ports to identify services running on a computer. To protect a server, make sure that only the necessary ports are opened. For example, if the server is only being used for e-mail, you should shut down ports that correspond to FTP, DNS, and HTTP (among others). Ethereal A protocol analyzer captures network packets and lets you examine their contents. You can capture all packets or only packets that match specific criteria. A protocol analyzer helps you to understand traffic coming to and from a device. snort An intrusion detection system (IDS) is a set of features that is constantly monitoring PortSentry the system looking for attacks. RootKit Hunter Like a combined protocol analyzer and port scanner, snort is constantly monitoring Analysis network traffic, comparing it to a database of known problem traffic patterns. Console When a problem is found, it can take specific actions or create a log of suspicious activity. PortSentry runs as a daemon on the host system, listening to TCP/UDP ports and preventing scanning systems from connecting to the host system. In addition to backdoors and local exports, Rootkit Hunter can identify any rootkit packages have been loaded on your system. Analysis Console can analyze logs files (standard or custom) and databases to detect signs of intrusion.

Another way that you can control network services access is by editing the following two files and identifying networking services by daemon name and network hosts by IP addresses or aliases.

XI. 

Configuration Files and Directories

A big part of Linux administration is editing configuration files viewing other files to gather system information. The following table lists many of the files and directories you've learned about in this course.


File or Directory /etc/inittab /etc/rc.d /etc/rc.d/init.d /etc/rc.d/rc0.d /etc/shutdown.allow /etc/fstab /etc/mtab /mnt /media /dev /etc/crontab /etc/cron.daily /etc/cron.hourly /etc/cron.weekly /etc/cron.monthly /etc/passwd /etc/shadow /etc/group /etc/gshadow /etc/X11/XF86Config /etc/X11/xorg.conf /etc/lilo.conf /etc/grub.conf /boot/grub/grub.conf /boot /etc/modules.conf /etc/conf.modules /etc/modprobe.conf /etc/profile /etc/bashrc /etc/sysconfig/networkscripts /etc/hosts /etc/resolv.conf /etc/inetd.conf /etc/xinetd.conf

Contents/Purpose System initialization file that controls the runlevel and the services started at boot. Directories that hold files related to daemons that are started by the inittab file. init.d holds script files that launch services. rc0.d corresponds to a runlevel and holds links to scripts to start and stop services upon entering the runlevel. File that identifies users who can shut down the system. Files that identify volume mounts. fstab identifies volumes to mount at boot. mtab identifies currently-mounted volumes. Directories that are used to create mount points to volumes. Directory that holds device files that are used to configure and access system resources. Files that identify scheduled tasks. The main crontab file launches the other files listed.

User and group database and password files.

XWindows configuration files. LILO boot loader configuration file. After editing this file, be sure to run the lilo command to write changes to the appropriate location. GRUB boot loader configuration files. The location of the file depends on your distribution. Directory that holds files needed for the boot process. Most notably, the compiled kernel is usually in this directory. Files that identify kernel modules loaded at system startup. The file used depends on the distribution. System-wide profile script that runs for all users immediately after login. System-wide script that is used for aliases and functions. Runs after the /etc/profile script. Directory that holds files for network configuration. Local files used for name resolution. Main network configuration file. This file controls starting and stopping networking services. Which file is used on your system depends on the distribution.


/etc/hosts.allow /etc/hosts.deny /proc /var/log

Files that identify users who can or cannot use network services. Virtual file system that holds information about the current system state. View (and in some cases edit) files in this directory to view and modify the current system state. Directory that holds system messages and events.

/var/log/dmesg Common files that record the majority of system messages. /var/log/messages /var/log/boot.log /var/log/boot.messages /tmp/install.log /root/install.log /var/spool Directory that holds spool files used for printing, mail, cron, and other jobs.

 Network Troubleshooting
The following table compares some of the tools you can use to troubleshoot network communication problems.
Use... ifconfig To... Show status of each network adapter:  MAC address  IP address and mask  Broadcast address  Transmit and receive statistics Test connectivity between two devices ping will keep going, must manually stop it Test connectivity between devices, show the path between the two devices Incoming and outgoing connections. Sessions, ports, and sockets. Who is connected. (Used with the -a option, netstat also shows all listening and non-listening ports. Show the routing table, which includes the default gateway.

ping traceroute netstat

netstat –r route nslookup Resolve IP address from the host name. dig shows expanded output. dig service network Restarts all networking services on the computer. restart

ifup interface Start or stop a network interface. Use the ifconfig -a command to get the IP configuration (IP ifdown interface addressing information) for the network interface. host Retrieve the IP address and other information for a FQDN/host name from a DNS server.


When a network problem happens, the first step is to identify the affected users or computers. If the problem is isolated to a single computer, the problem is with the computer configuration, the network connection, or user error.
   

 

Try to ping other computers to see if the computer has connectivity to any other computer. If ping to any other host fails, check the link light on the NIC. If the light is on, the computer has electrical connectivity to the network. Use ifconfig to verify the IP configuration information If ping works, but the user can't access servers on the network, the problem might be user error in login. Verify the correct user name and password is used. Make sure CAPS lock isn't on (passwords are case sensitive). If ping works, try contacting the computer by hostname. If nslookup or dig fails, troubleshoot name resolution services. Try it with your own user account. If you can connect, troubleshoot user error or examine resource permissions.

If multiple users on the same network are having the same problem, narrow the scope of the problem.
  

Is the problem with accessing a single host or server? If so, troubleshoot the destination device. Is the problem with accessing any outside network? If so, check the routers connecting you to other networks. Is the problem with accessing specific destination networks? If so, run traceroute to identify the spot in the path where the problem starts.

If all users are having troubles connecting to a specific service (such as a file server):
    

Ping the destination server. If ping fails, troubleshoot the server or the connection. Make sure the server is turned on, check the hardware connection, and validate the IP configuration. If ping succeeds, this means the server can be contacted. However, the service might not be responding. Verify that the daemon for the service has been started. If the service is running, the firewall might be blocking ports used by the service. Verify the firewall settings and open ports as necessary. Check permissions or other access controls for users or groups of users.


You're Reading a Free Preview

/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->