Intel Day2 | Web Server | File System

Introduction to Linux

Administration & Programming Intel, Hillsboro, OR Jan 17 2012

Content


 

Users and files Managing files Managing user accounts Processes & resource monitoring

   

Managing Processes File Servers Web servers Troubleshooting & Support

Linux Administration

2

Linux File System
/ The top-level ―root‖ directory tmp bin lib usr var etc dev Special device files

Somewhere everyone can use

System programs

System libraries

Admin utilities config. files

local

bin

lib

spool Spool files for batch utilities

Utilities Somewhere for local additions

Libraries, some utilities and config. files

Linux Administration

3

File System Details
    


 

System Executables: /sbin, /usr/sbin, … User Executables: /bin, /usr/bin, /usr/local/bin Other mount points: /media, /mnt Configuration: /etc, /dev Kernels, Bootloader: /boot Shared Libraries: /lib, /usr/lib, /usr/local/lib Server Data: /var, /srv Temporary Files: /tmp

Linux Administration

4

Special Directories

Home Directories:  /root  /home/username System Information:  /proc, /sys (virtual file system) Optional software:  /opt

Linux Administration

5

Changing Directories


pwd – displays your current working directory cd changes directories Examples:  cd project/docs  cd ..  cd or cd ~ [takes you your home directory]  cd – takes you to your previous working directory
Linux Administration 6

Listing Directory Contents

Listing files in current or specified directory:

ls [options] [files_or_dirs]

Examples:
ls -a (include hidden files)  ls -l (display extra information)  ls -R (recurse through directories

Linux Administration 7

Copying Files & Directories
cp - copy files and directories  Usage:

cp [options] file destination

More than one file may be copied at a time if the destination is a directory:

cp [options] file1 file2 dest

Linux Administration

8

Moving/Renaming Files & Dirs
mv - move and/or rename files & directories  Usage:

mv [options] file destination

More than one file may be moved at a time if the destination is a directory:

mv [options] file1 file2 destination
Linux Administration 9

Creating & Removing Files
touch - create empty files or update file timestamps  rm - remove files  Usage:

rm [options] <file>...

Examples:
rm -i file (interactive)  rm -r directory (recursive

Linux Administration 10

Creating & Removing Directories
mkdir creates directories  rmdir removes empty directories  rm -r recursively removes directory trees

Linux Administration

11

Navigating Filesystem

Using Nautilus (Gnome graphical filesystem browser)  Click on ―Computer‖ icon or  ―Applications‖, ―System Tools‖, ―File Browser‖
Linux Administration 12

Moving & Copying in Nautilus

Drag-and-Drop
Drag: Move on same filesystem, copy on different filesystem  Drag + Ctrl: Always copy  Drag + Alt: Ask whether to copy, move or create symbolic link (alias)

Context menu

Right-click to rename, cut, copy or paste
Linux Administration 13

Removable Media

Mounting means making a foreign filesystem look like part of the main tree.
Before accessing, media must be mounted  Before removing, media must be unmounted

Mountpoints are usually under /media can also be defined in /etc/fstab
Linux Administration 14

Mounting CDs / DVDs
Automatically mounted in Gnome/KDE  Otherwise, must be manually mounted

CD/DVD Reader

mount /media/cdrom
mount /media/cdrecorder

CD/DVD Writer

eject command unmounts & ejects the disk
Linux Administration 15

Mounting USB Media

Detected by the kernel as SCSI devices: /dev/sdaX or /dev/sdbX or similar

Type: tail /var/log/messages to find out

Automatically mounted in Gnome/KDE
Icon created in Computer window  Mounted under /media/Device ID

Linux Administration 16

GUI User Mount Tool

Run from ―Applications‖, ―System Tools‖, ―Disk Management.‖

Allows you to mount or dismount drives or partitions.
Linux Administration 17

Filesystem Management

Creating and Managing Partitions
fdisk  Disk druid

Mounting partitions
mount /dev /mnt  umount /dev or /mnt  /etc/fstab

Linux Administration 18

Filesystem Basics & Attributes
change directory: cd .. / dir pwd  create/del directories: mkdir rmdir  copy/move files: cp rm mv  list files: ls –la dir  change attributes: chmod chown chattr

Linux Administration

19

Filesystem Creation
Owner  Group  Everyone else

Linux Administration

20

Ext3: Journaling for Ext2 Filesystems
/.journal hidden file  Writes buffers to hard drive during intervals  Can be configured with e2tunefs

Linux Administration

21

The Filesystem Hierarchy
/  /boot  /etc /dev  /bin /lib /sbin  /root /home  /usr /opt  /tmp /var

Linux Administration 22

Mount Options & Configuration
mount –t type /device /mountpoint  Can be specified in /etc/fstab  Can be automounted  ‗man mount‘ for list of ‗options‘

Linux Administration

23

Connecting to Network Shares

NFS
mount server:/share /mountpoint  umount /mountpoint

SMB/CIFS
smbmount server:/share /mountpoint  smbumount /mountpoint

Linux Administration

24

Unmounting Filesystems

umount /mountpoint umount /device

Linux Administration

25

The Auto-Mounter
Based on the autofs daemon  Uses /etc/auto.master config file and /etc/auto.misc  Or from command line:

automount [options] mount-point maptype[,format] map [map-options]

Linux Administration

26

Swap partitions
Used for temporary storage of program memory  2-3x available RAM  Partition type 83

Linux Administration

27

Determining Filesystem Usage
mount  df –h  du -h  quota  repquota

Linux Administration

28

Adding a Drive
Physically connect drive  Run fdisk, create partitions  Reboot  Format partitions  Edit /etc/fstab  Test it  Ready to use!

Linux Administration 29

Hands-on Lab 1a
Exploring RedHat Linux Services

From command line type:
    

top (press h, q after reading screens) w [integrated who / uptime] whoami ps ax [list all active processes] pstree

Linux Administration

30

Hands-on Lab 1b

From command line type:
  

su service http start service http status  Or ―ps ax | grep httpd‖ killall httpd

Linux Administration

31

Linux Processes

Linux Administration

32

The init Program

Once the kernel has started /sbin/init
 

Can be configured for either BSD or SYSV boot init is controlled by the file /etc/inittab

Each line of /etc/inittab has four colonseparated fields
Lines starting with # are comments 1. unique one-to-four–character label 2. list of run levels 3. an action 4. command to execute on entering the run level

Linux Administration 33

Run Levels

When Linux starts up or shuts down, it jumps to a run level
Run Level 0 Run Level 1 or S Run Level 2 Halt Single-user Multiuser without networking

Run Level 3
Run Level 4 Run Level 5 Run Level 6

Full multiuser
Unused X11 Reboot
Linux Administration 34

A SYSV-Style /etc/inittab
# The default run level id:5:initdefault: # System initialization. si::sysinit:/etc/rc.d/rc.sysinit

# do the SYSV stuff l0:0:wait:/etc/rc.d/rc l1:1:wait:/etc/rc.d/rc l2:2:wait:/etc/rc.d/rc l3:3:wait:/etc/rc.d/rc l4:4:wait:/etc/rc.d/rc l5:5:wait:/etc/rc.d/rc l6:6:wait:/etc/rc.d/rc

0 1 2 3 4 5 6

# Trap CTRL-ALT-DELETE ca::ctrlaltdel:/sbin/shutdown -t3 -r now # Run gettys in standard runlevels 1:12345:respawn:/sbin/mingetty tty1 2:2345:respawn:/sbin/mingetty tty2 # run a display manager in run level 5 x:5:respawn:/usr/bin/kdm -nodaemon

Linux Administration

35

The System Initialization Script

A SYSV init program runs a system initialization script

Usually /etc/rc.d/rc.sysinit

Critical
Errors in the script may prevent the system from booting  Edit the file with extreme caution!

Linux Administration

36

Startup and Shutdown Scripts

Each run level has a directory of scripts
 

Run Level 2 scripts are in /etc/rc.d/rc2.d When a run level is entered
• All K##name scripts are called with a parameter stop • All S##name scripts are called with a parameter start

K and S scripts should be symbolic links to scripts in

/etc/rc.d/init.d

Simplest place to add new things that need to be done at startup is /etc/rc.d/rc.local
Linux Administration 37

Startup & Shutdown Example

Each program or group of programs has several entries:
/etc/rc.d/init.d/sendmail

Its symbolic links
/etc/rc.d/rc0.d/K30sendmail /etc/rc.d/rc1.d/K30sendmail ... /etc/rc.d/rc5.d/S80sendmail /etc/rc.d/rc6.d/K30sendmail
Linux Administration 38

Chkconfig Tool
Manages boot scripts  Some keywords are placed in the master script in the /etc/rc.d/init.d directory

The following example creates S90 scripts for run levels 3, 4, and 5 and K10 scripts for all other run levels—they are comment lines in the script:
# chkconfig: 345 90 10 # description: Description of the software

Linux Administration

39

Chkconfig Example

K and S links are created using chkconfig --add file

K and S links are removed using chkconfig --del file
Settings can be viewed using chkconfig --list file

Linux Administration

40

System Shutdown

Linux, like any multitasking operating system, needs to be shut down properly to ensure that
All data is correctly written to disk  Network connections are released  Programs delete their temporary files  All disks have been unmounted or remounted read-only

Linux Administration 41

Shutdown to Turn off

Shutting down for halt
shutdown -h [ -t seconds ] now  init 0  halt

Linux Administration

42

Shutdown to Reboot

Shutting down for reboot
shutdown -r [ -t seconds ] now  init 6  reboot

Linux Administration

43

Software Updates

Linux Administration

44

Packages
Integrated archive and installation process  Consist of an archive containing

Software either in another archive or as a directory structure  Scripts to manage the installation

Allow a package to be removed cleanly

Linux Administration

45

Packages & Distributions

Some example packages:
Debian .deb packages  Red Hat Package Manager (RPM) .rpm packages

 

It is used by Suse, CentOS, ... An RPM has a fixed format:
package-version-tries.arch.rpm gcc-2.95.2-1.i386.rpm

Linux Administration

46

RPM Package Queries
List all installed packages
rpm -qa | less

Do Now!

List the version of a package
rpm -qi net-tools

List the contents of an installed package
rpm -ql net-tools | less

Find a package‘s dependencies
rpm -qR net-tools
Linux Administration 47

RPM Package Usage

Install a package
rpm --install package.rpm rpm -ivh package.rpm

Upgrade a package
rpm --upgrade package.rpm rpm -Uvh package.rpm

Erase a package
rpm --erase package
Linux Administration 48

RPM Package Creation

To create an RPM package you need:

archives containing the source code that must be in the directory /usr/src/redhat/SOURCES

A specification file that instructs RPM how to build and install the software  The package is built by passing the specification file to RPM: rpmbuild –bb package.spec

Linux Administration

49

Archives: tar

tar files
Tape archive files have file extension of .tar  Sometimes compressed .tar.Z  Or compressed with gzip .tar.gz or .tgz  Or compressed with bzip2 .tar.bz2

Linux Administration

50

Archives: tar file use
GNU tar has a z option that directly supports compress and gzip compression  GNU tar has a j option that directly supports bzip2 compression

Archives usually contain a directory structure that is extracted into the current working directory

Linux Administration

51

Tar Archive Extract
Listing tar files tar tf archive.tar  Extracting tar files tar xvf archive.tar  Extracting compressed tar files tar jxvf archive.tar.bz2 tar zxvf archive.tar.gz

Linux Administration

52

Tar Archive Create

Creating tar files
tar cvf archive.tar files

Creating compressed tar files
tar jcvf archive.tar.bz2 files tar zcvf archive.tar.gz files

Linux Administration

53

Digital Signatures

A message digest is a statistically unique hash of a file, typically 128 bits long

md5sum is a program that can be used to generate a hash

$ md5sum htmlconf12.zip a12e78db5d3d732978c797b8b15d86cc

htmlconv12.zip

A file that matches its hash can be considered valid assuming that the Web site has not been compromised MD5 = Message Digest 5
Linux Administration 54

Digital Signatures & Encryption

Use encryption to validate files:
A message digest (or the whole file) can be encrypted with the originator‘s secret key  The file, the encrypted hash, and the originator‘s public key together can validate the file‘s authenticity

Linux Administration

55

Digital Signatures Illustrated
The archive MD5 apache_1.3.20.tar.gz The hash 49255234

Private key encrypt The encrypted hash RSA AhF6Z789

If both hashes are identical then the archive is genuine!

The downloaded archive
MD5 The encrypted hash? apache_1.3.20.tar.gz AhF6Z789 RSA The hash? 49255234

Public key decrypt

Linux Administration

56

OpenSSH Overview
A secure replacement for ftp, telnet, rsh, rlogin  Available from www.openssl.org  The OpenSSL Project is a collaborative effort to develop an Open Source toolkit implementing SSL v2/v3 & TLS v1

Linux Administration

RH253-57

The OpenSSH

Generating a Certificate & Key in the PEM Format:
cd /usr/share/ssl/certs  make give_me_a_name.pem

Linux Administration

RH253-58

OpenSSH Authentication
 

# Provides encryption services for applications without modifying the application. # Uses public key encryption  openssl req -new -newkey rsa:1024 -nodes -x509 -keyout /tmp/key -out /tmp/cert  cd /usr/share/ssl/certs  make stunnel.pem

Linux Administration

RH253-59

Protecting Your Keys
Your keys are encrypted with your passphrase  Do NOT share your passphrase with anyone

Linux Administration

RH253-60

Applications: RPM

Import signature from vendor, CD ROM or web site

Red Hat.key rpm –checksig package

verifying signatures from signature db

Linux Administration

RH253-61

User Administration

Linux Administration

62

User Policy Considerations

The Unix security model is very simple:
Files & processes are ‗owned‘ by a specific user or group  root is the super user  Other accounts are for services (no interactive login) or real users

Linux Administration

63

The User Account Database

All accounts are defined in /etc/passwd
Format:  username:password:userid:groupid:desc ription:homedir:loginshell  For security, real password is stored at /etc/shadow

Linux Administration

64

Adding a New User Account
Use vi /etc/passwd and add account  Use useradd script

useradd username
  

Creates /home/username Assigns bash as default shell Copies /etc/skel scripts to /home/username

Linux Administration

65

Modifying/Deleting Accounts
 

Usermod username

set an expiration date

Userdel username redhat-config-users or Main Menu | System Settings | Users and Groups.

Linux Administration

66

Group Administration
A group is a logical placeholder for accounts  Is defined in /etc/group  Commands available

  

groupadd groupdel groupmod
Linux Administration 67

Switching Accounts
It is recommended to run as a user for most operations within a server  If certain operations require supervisor access, use the su user command  Root can test certain scripts by temporally becoming a user: su – user  To return to normal account, type exit

Linux Administration 68

File Ownership
A file is owned by a user or group  Commands:

chown, chmod, chattr

If you type the ls –l command you get something like:

-rw-rw-r-- 1 sam grp 1 Apr 19 filex

Where sam is owner, grp is group
Linux Administration 69

Linux File Permission

First char is:  - file  ‗d‘ directory  ‗l‘ link to another file or device in the following three sets, you will see:  r — file can be read  w — file can be written to  x — file can be executed (if it is a program)
Linux Administration 70

Default File Permissions
umask –S shows current file permissions in the form: -rw-r--r–  Use umask to change defaults
 

When creating files, by default, the name of your group is the same as your login name
Linux Administration 71

SUID / SGID Executables
Set User ID / Set Group ID  if the SUID bit is set for any application then your user ID would be set as that of the owner of application/file rather than the current user, while running that application  chmod +s file

Linux Administration 72

User Private Groups
When creating accounts in Red Hat, each user belongs to its own group (private group)  By default, they are the only member of that group

Linux Administration

73

Filesystem Quota
It‘s a kernel feature (has to be enabled)  Check if quota is installed: rpm -qi quota  /usr/sbin/edquota name Edits the quota settings for user name  /sbin/quotaon /fs Enables quotas for the /fs filesystem.  /usr/bin/quota show resource use

Linux Administration 74

Linux Servers
File Server (NFS, FTP or SMB)  Email Server  Web Server (http & https)  Squid Web Proxy  Application Server  Database Server

Linux Administration

75

Hypertext Transfer Protocol (HTTP)

httpd is a daemon that handles incoming HTTP connections
Started from boot scripts  Configured using the file conf/httpd.conf

Linux Administration

76

Apache Use

Source: Netcraft www.netcraft.com
Linux Administration 77

Web Site Directories
/webpages/conf/httpd.conf GET /index.html Host: www.apache.org ... <Blank Line> httpd /index.html

Internet/ intranet

/webpages/htdocs/index.html

HTTP/1.1 200 OK Server: Apache/2.0.48 Date: Wed April 16 Content-Type: text/plain Content Length: 150 <Blank Line> Contents of /index.html

Linux Administration

78

A Minimal Apache

conf/httpd.conf is as follows:
User webuser Group webgroup Listen 80 ServerName www.mydomain.com DocumentRoot /webpages/htdocs/

These directives are sufficient to ensure that our server will run

Linux Administration

79

Basic Server Directives

By running httpd as apache/webgroup, the number of files and directories that can be read or modified from HTTP requests are limited
User apache Group webgroup

We respond to requests directed to this server name

In this example, www.mydomain.com

Linux Administration

80

Virtual Hosting

Apache can host several different Web sites
The DNS must resolve multiple hostnames to the same IP address  Apache must be configured to support multiple hosts in conf/httpd.conf
 

This is called virtual hosting

Linux Administration

81

Virtual Hosting Setup
NameVirtualHost 10.0.0.1 <VirtualHost 10.0.0.1> ServerName www.mydomain01.com DocumentRoot /www/docs/host01 </VirtualHost> … <VirtualHost 10.0.0.1 > ServerName www.mydomain09.com DocumentRoot /www/docs/host09 </VirtualHost>
Linux Administration 82

Troubleshooting Guidelines
If it‘s not broken, … don‘t fix it!  If it becomes broken & used to work…

find what was the last configuration change  what is running that could be causing the problem  what is NOT running

Linux Administration

83

Troubleshooting X
The newers X servers generates a debug log at /var/log/XFree86.log  Look for configuration or missing files error messages  Try X by itself

Linux Administration

84

Troubleshooting Services
open another xtem window  type: tail –f /var/log/messages  from another xterm, stop & start service, look into the scrolling messages for error messages

Linux Administration

85

Troubleshooting Networking

Is network up (try ifconfig)?
if no: look for network module or disconnected cable!  if yes: then, can you connect to you network?

if no, misconfigured gateway or DNS server

Linux Administration

86

Troubleshooting Boot Problems
Kernel panic occurs when some devices or hardware functionality are missing; read into messages to identify problem  Rescue CD becomes handy!

Linux Administration

87

Filesystem Corruption
Normally e2fsck is run after x reboots  Serious crashes will require manual intervention (runn level 1)  e2fsck should be run from an unmounted filesystem

Linux Administration

88

Recovery Run-levels

runlevel 1: single user
boot: linux 1  init 1

Linux Administration

89

Rescue Environment Utilities
boot device w/device drivers  vi (to edit passwd or fstab)  e2fsck  rescue CD : be aware that rescue CD puts your standard root directory (/) as mounted on /mnt/sysimage  you can: chroot /mnt/sysimage

Linux Administration 90

Rescue Environment Details

The great difficulty in operating from the rescue environment is that you are working with a minimal version of the Linux operating system

Many of the commands you are used to having at your disposal are not available at this level

Linux Administration

91

Summary


 

Users and files Managing files Managing user accounts Processes & resource monitoring

   

Managing Processes File Servers Web servers Troubleshooting & Support

Linux Administration

92

Sign up to vote on this title
UsefulNot useful