710 likes | 831 Views
Agenda. Administrative Issues Link of the Week This Week’s Expected Outcomes Points of interest Moving around in UNIX Break-Out Problems Upcoming Deadlines Hands-on Information Lab Assistance, Questions, and Answers. Announcements
E N D
Agenda Administrative Issues Link of the Week This Week’s Expected Outcomes Points of interest Moving around in UNIX Break-Out Problems Upcoming Deadlines Hands-on Information Lab Assistance, Questions, and Answers
Announcements No script logic for the Knoppix File System Lab Assignment 11-1. View the links within the course web site. If that isn’t enough, email or call me. Announcements
File System Search for the web site written by M. Tim Jones (mti@mtjones.com) Anatomy of the Linux file system The syntax used at this web site will be useful when completing Lab Assignment 11-1. These are “under the hood” commands used by Graphical User Interfaces (GUI). Link of the week
What is a UNIX-like File system? A UNIX file system is a collection of files and directories stored on hard disk. Each file system is stored in a separate whole disk partition. The following are some file systems: / - root file system contains files under several directories including /sbin, /tmp, /var, and /dev What makes up a file system? User data - information contained in files Metadata – information on the file system structure such as inodes, directories, and superblock Link of the week
What are interrupt request (IRQ)? It is a signal sent to the CPU instructing it to suspend the current task and take care of the external event such as an incoming signal on the network line. On an x86 platform, the IRQ number range is 0 to 15. On more modern computers, including the x86-64 bit systems, the interrupt number range is greater than 16. Some interrupts are reserved for specific purposes, such as the real-time clock and mouse, while others have common uses and may be reassigned. UNIX Operating System
Bus designs The Industry Standard Architecture (ISA) bus design made sharing interrupts between two devices difficult. Ideally, every device had it’s own IRQ. After 2001, the ISA bus design became non-existent. The Peripheral Component Interconnect (PCI) bus design made sharing interrupts a bit easier, and devices frequently shared the same IRQ. UNIX Operating System
Bus Design The /proc/interrupt file lists IRQs that are in use by Linux, but Linux does not start using an IRQ until the relevant driver is loaded. In conclusion, IRQ conflicts rarely occur on modern hardware, but they do occasionally occur. Demonstrate: cat /proc/interrupts UNIX Operating System
I/O Addresses (I/O Ports) These are unique locations in memory that are reserved for communications between the CPU and a specific hardware device(s). Like the IRQs, the I/O addresses are associated with specific hardware devices and are not shared. Demonstrate: cat /proc/ioports UNIX Operating System
What is Direct Memory Addresses (DMA)? DMA permits the device to transfer data directly without the CPU mediating the transfer of data between the device and memory. This method of communications to I/O ports results in lower resource usage of CPU and boosts the overall system performance. Demonstrate: cat /proc/dma The output specifies the channels used to perform this transfer. DMA addresses should not be shared, even though DMA address conflicts occur fewer than IRQ conflicts. UNIX Operating System
Boot Disks The order in which devices will be used during the boot-up is the implementation of the firmware. The BIOS boot process starts by reading the boot sector from a disk and executing that code. The BIOS boot options are limited because the user can only select the order in which different boot devices are examined to find the boot sector. UNIX Operating System
Boot Disks Under EFI, the boot-up procedure involves reading a boot loader file from a file system on a special partition known as the EFI System Partition (ESP). This file can be a special default name or registered in the computer’s NVRAM. EFI computers offer an extended range of boot options, involving both default boot loader files from various devices and multiple boot loaders on the computer’s hard disks. Some dated implementations of EFI perform simple BIOS-like boot options. UNIX Operating System
Boot Up Files /etc/rc.d/rc.sysinit This init script performs basic system configuration which includes setting the system clock, hostname, and keyboard mapping; setting up the swap partitions; checking the remaining file system for errors; and turning on the quota management. /etc/rc.d/rc This init script runs the scripts for the services that need to be started when you first bring the system up and that need to be started or stopped when the system goes from single user mode to multiuser mode and back down again. UNIX Operating System
Boot Up Files /etc/rc.d/init.d This init.d directory contains shell rc scripts and run via symbolic links in the /etc/rc.d/rcn.d directories, where n is the runlevel the system is entering. /etc/rc.d/rc.local This file is executed after the init scripts. Commands can be placed in this file to customize the system. These commands are best suited to execute in the background and after the initialization process completes. UNIX Operating System
Boot Up Files /etc/rc.d/rc1.d This directory contains scripts that start and stop during a specific run level. The following scripts execute during run level one (1): K10cups K25sshd K50netdump K74nscd K86nfslock K91isdn S01sysstat Notice the numbering from 00 to 99. This numbering provides positioning of a script within the whole scheme of execution. UNIX Operating System
/etc/inittab file /etc/inittab format (id:runlevel:action:process) id is a unique sequence of 1-4 characters which identify an entry in /etc/inittab runlevel is a specific process level that action should be taken action describes which action should be performed process specifies which process to be executed. UNIX Operating System
Linux Network The xinetd daemon has TCP Wrappers capabilities built-in. TCP Wrapper is a security tool available on most flavors of UNIX, AIX, HP-UX, Linux and Solaris operating systems. TCP Wrapper is a lightweight alternative to a firewall. Excellent tool for reducing CPU usage. Real firewalls generally are CPU intensive. TCP Wrapper is not widely known by system administrators. UNIX Operating System
Security TCP Wrapper part of a client/server model. This access control language defines rules that selectively allow clients to access server daemons on a local system based on the client’s address and the daemon the client tries to access. UNIX Operating System
Security SELinuxmanage the kernel’s functionality iptables is a packet filter. It monitors network packets, and protocol types. chroot jail creates a temporary root file system UNIX Operating System
In general, every directory under the root directory is on the root partition, unless it has a separate entry in the full listing from df (or df -h with no other options). Every partition has its own file system. By imagining all those file systems together, we can form an idea of the tree-structure for the entire system. In a file system, a file is represented by an inode, a kind of serial number containing information about the actual data that makes up the file: to whom this file belongs, and where is it located on the hard disk. UNIX Operating System
Every partition has its own set of inodes; throughout a system with multiple partitions, files with the same inode number can exist. Why partition? One of the goals of having different partitions is to achieve higher data security in case of disaster. By dividing the hard disk in partitions, data can be grouped and separated. When an accident occurs, only the data in the partition that took the hit will be affected, and the data on the other partitions will remain intact. UNIX Operating System
Linux File system ext3 includes journaling capabilities that allows for faster recovery after unexpected reboots. Journaling reduces the amount of time spent recovering a file system after a crash, and is therefore in high demand in environments where high availability is important, not only to improve recovery times on single machines but also to allow a crashed machine's file system to be recovered on another machine when we have a cluster of nodes with a shared disk. UNIX Operating System
Define file system with journaling A file system with journaling is based on the techniques used from real-time transaction processing. A transaction log is used to store transactions either in a designated file system location or on a separate disk partition. As changes are made to the file system, metadata changes are recorded in the log and writing entries in the log are done prior to writing the actual buffers to disk. UNIX Operating System
Linux file system with journaling In the event of a system crash, the entries in the log file remain intact and are replayed. Maintaining this level of data integrity ensures that the file system is in a constant state. UNIX Operating System
/etc/passwd file The /etc/passwd file is considered the user database for the system. The information contained in the /etc/passwd file is useful for applications running on the system to access. In summary, the /etc/passwd file is located under the system configuration and executables directory. The /etc/passwd file is the system’s master list of information about user accounts. UNIX Operating System
/etc/shadow file • The “X” in the /etc/passwd file password field indicates that the shadow file contains the encrypted password. • Red Hat Linux uses MD5 by default. • Most Linux systems utilize MD5 as their encrypted form. • MD5 requires 34 characters in encryption form. • MD5 begins with a dollar sign, number, and a dollar sign (e.g. $1$ or $6$ …). • The shadow file is only readable by root. In summary, the /etc/shadow file contains the encoded passwords and password settings. The /etc/shadow file contains all the guide lines that pertain to the administration of the password. UNIX Operating System
/etc/group file In summary, the /etc/group file identifies a collection of users who generally share similar functions. These groupings are not limited to departments or project. UNIX Operating System
Managing Users Adding a user to a computer involves several steps before the user can actually log in and perform user operations. UNIX Operating System
Managing Users Every user that intends to utilize a computer must first gain access to that system, then go through an initialization process found under the user’s home directory. The new user initialization process begins by reading and executing the commands and environmental variables found in the $HOME/.profile file or .bash_profile. Normally, the .profile is run automatically when you log into the system and the user’s environment is set up silently. Once the user is granted permission to access the system, a shell is spawn to allow the user to interact with the system. UNIX Operating System
Managing Users Display the ~dandrear/.profile When adding a new user account to the system, the administrator assigns the username a user identification number (UID). The UID is used internally by the system to identify each user. Duplicating the UID causes the accounts to share an identity in the system. UNIX Operating System
Kernel functions in two ways A responsive function is one where resource allocation and process creation and management, are initiated by requests from processes. An autonomous function is the allocation of memory and CPU, which are performed without explicitly requested by a user process. Daemon processes are started as part of the boot process and run until the system is shut down. Daemon processes can be associated with a systems database applications, network , secure terminal and file transfer, and scheduling tasks UNIX Operating System
UNIX inetd Daemon The UNIX inetd daemon may start the telnetd to handle a telnet connection. Inetd daemon may start the ftpd to handle an ftp connection. One daemon may start another; the UNIX inetddaemonwill accept a network connection and then start another daemon to handle the connection, based on the type of connection. There are various processes in UNIX that are not owned by a user, but exist to provide services. These processes are often called "daemons.“ UNIX Operating System
UNIX inetd Daemon The inetd superserver runs continuously listening for network connections. This type of daemon is more susceptible to be system breaches.Linux xinetd daemon UNIX Operating System
Linux xinetd daemon The Linus xinetd daemon is a more secure replacement for the inetd superserver. The xinetd superserver listens for network connections. When a connection is made, it launches a specific daemon and forwards the data from the socket to the daemon’s standard input. Basically, the xinetd superserver works on-demand. UNIX Operating System
Linux xinetd daemon The xinetd daemon has TCP Wrappers capabilities built-in. TCP Wrapper is a security tool available on most flavors of UNIX, AIX, HP-UX, Linux and Solaris operating systems. TCP Wrapper is a lightweight alternative to a firewall. Excellent tool for reducing CPU usage. Real firewalls generally are CPU intensive. TCP Wrapper is not widely known by system administrators. UNIX Operating System
Linux Process States Processes go through various process states during their existence. These are transitory states managed by the operating system (OS). The specifics of these process states vary from one OS to another, as well as state names. Waiting (process scheduler - load from secondary storage to main memory) Executing (after a process is assigned a processor by a short – term scheduler, context switch is performed) Stopped (The process has been stopped, usually by receiving a signal. A process that is being debugged can be in a stopped state or another task is executing ) Zombie (This is a halted process for some reason. Still has an entry in the task_struct data structure) UNIX Operating System
A zombie process is one that has completed execution but still has an entry in the process table, allowing the process that started it to read its exit status. Remember that a zombie is already dead. Processes marked <defunct> are dead processes (so-called "zombies") Locate a zombie process on cs.franklin.edu Commands: ps -aux UNIX Operating System
Orphan process is a process whose parent process has terminated or finished. Characteristics of an orphan process: • The owner of an orphan process can kill that process. Logging off your terminal will not guarantee termination of your orphan. • An orphan process may continue to execute, taking up system resources and slowing the machine down for other users. UNIX Operating System
Orphan process is a process whose parent process has terminated or finished. Characteristics of an orphan process: • If you notice slow performance on a machine and you see an orphan process that doesn’t belong to you. UNIX Operating System
Terminate orphan Processes kill -3 8074 Signal the process with 8074 pid to “quit” kill -1 8074 Signal the process with 8074 pid to “hangup” kill -9 8074 Signal the process with pid 8074 to be “killed” UNIX Operating System
NFS (Network File System) In UNIX, the file system isn’t visible to the user. The user doesn’t know or have a need to keep track of the physical location of file(s) like other file systems require. The root directory, denoted by a forward slash (/) is the central component of the file system. Other directories can be attached (mounted) to the root directory and utilized UNIX Operating System
NFS (Network File System) NFS is a file and directory sharing mechanism native to Unix, HP-UX, and Linux. NFS is simple to set up. On the server, you make an entry in the /etc/exports file to enable its use by the client. This is called sharing. UNIX Operating System
NFS (Network File System) In order to access host file systems or printers using an NFS client, the file systems must be exported. To export a file system or printer, it must be added to the host /etc/exports file. The exports file allows the administrator to control the following access: Which file systems are made available to remote users Which remote users can access each file system What access limitations the remote users have to each exported file system UNIX Operating System
NFS (Network File System) The /etc/exports file contains an entry for each directory that can be exported to NFS clients. This file is read automatically by the exportfs command. If you change this file, you must run the exportfs command before the changes can affect the way the daemon operates. Only when this file is present during system startup does the rc.nfs script execute the exportfs command and start the nfsd and mountd daemons UNIX Operating System
NFS (Network File System) On the server, enter the following information to allow sharing: /dir/to/export host1.mydomain.com(ro,root_squash) /dir/to/export host2.mydomain.com(ro,root_squash) /dir/to/export is the directory you want to export host#.mydomain.com is the machine allowed to log in this directory The ro option mean mounting read-only The root_squash option for not allowing root write access in this directory UNIX Operating System
NFS (Network File System) Many supposed NFS problems are really problems with the firewall. In order for your NFS server to successfully serve NFS shares, its firewall must enable the following: ICMP Type 3 packets Port 111, the Portmap daemon Port 2049, NFS The port(s) assigned to the mountd daemon UNIX Operating System
Samba Samba is the standard Windows interoperability suite of programs for Linux and Unix. The name Samba was derived from SMB (Server Message Block), the protocol that is native method of file and printer sharing for Windows. As a server, Samba shares Linux files and printers with Windows systems. As a client, Samba allows Linux users access to files on Windows systems. Samba has the capability to share files across heterogeneous computing environments. UNIX Operating System