Presentation is loading. Please wait.

Presentation is loading. Please wait.

Introduction to Linux (Unix).

Similar presentations

Presentation on theme: "Introduction to Linux (Unix)."— Presentation transcript:

1 Introduction to Linux (Unix)

2 The Hardware the CPU, memory, and I/O devices The Operating System controls and coordinates the use of hardware among the various application programs for the various users The Application Programs defines the ways in which resources, such as word processors, spreadsheets, and compiles, are used to solve the computing problems of the users. The Users you and me

3 It provides an environment within which other programs can do useful work
The OS is a resource allocator by managing the system resources and allocating them to programs and users as needed The OS is a control program by controlling the execution of user programs to prevent errors and improper use of the computer

4 ALL reasonably sophisticated operating systems are the same in that they all provide "standard" features that more or less define the purpose of an OS: Hardware-level I/O Job control Memory management Task switching Utilities for management

5 In 1965 Bell Labs joined with General Electric and MIT to create a new operating system to be called “Multics” (Multiplexed Information and Computing Service) In 1969 AT&T, the parent to Bell Labs, withdrew from the Multics project and went with an existing GE OS called “GECOS” The researchers decided to fashion their own version of the Multics and that summer introduced “Unics” (UNiplexed Information and Computing Service) and then finally called “Unix”

6 From 1969 to 1991 Unix went thru many revisions
Other companies and universities introduced their own versions of the operating system such as HP-UX, BSD, AIX, IRIX, and Solaris In 1987 Professor Andrew S. Tanenbaum invents Minix, an open-source operating system that's a clone of Unix

7 In 1991 Linux is introduced by Linus Torvald, a student in Finland
The project that started as a hobby, became a full-fledged OS when Linus posted the source code at a bulletin board asking people for suggestions and improvements, which received an overwhelming response!

8 Linux is an implementation of UNIX.
Linux is completely Free under GPL (GNU Public License). First stable release: Linux kernel v1.0 in March 1994. Stable kernel versions have even sub-version numbers (1.2, 1.4, 2.0, 2.2, 2.4). Experimental versions have odd numbers (1.1, 1.3, 2.1, 2.3, 2.5).

9 User Shells UNIX OS kernel Hardware Access through user mode
Access through kernel mode


11 Can run on 386 with 4MB RAM. Users don't have to upgrade hardware as often. “Obsolete" machines can be productive as terminals or even servers. (A 486 with 16MB RAM makes an excellent server or internet firewall for a home or small office.)

12 Linux Support many File Systems e.g
autofs, ext, ext2, ext3, iso9660, minix, msdos, nfs, vfat, xenix, etc. Easy to mount all the file systems in different paths.

13 A file is the basic component for data storage
UNIX considers everything it interacts with as a file, even devices such as monitors A directory can contain other files and directories The tree-like structure for UNIX file systems starts at the root level -Root is the file at this level, denoted by character “/”

14 / class etc dev 51223 daws3489 mart2345 newfile myfile


16 Red Hat Mandrake SuSE Caldera Turbo Linux VaLinux

17 Several hardware platforms Support (Intel, Mac (68K and PPC), Alpha, MIPS, ...)
Several users (or the same person more than once) can Work on the same machine at the same time. Each user can run several tasks. A secure file permission system. Users cannot be allowed to affect each other or the OS. User(s) must log in (id/password) before use. Programs compiled to run on Linux do not run on DOS/Windows. Some DOS and Windows programs can be run under Linux using emulators.

18 Graphical Environment - KDE/Gnome/IceWM, Others
Browsers - Mozilla/Konqueror/ Netscape - Kmail/Evolution Ftp Client - gftp Multimedia - XMMS/Xine/Cdparanoia/Cdrecord Security - iptables/ipchains Office Suite - OpenOffice/StarOffice/KOffice File Browser - Konqueror Editors - Joe, VI, Kwrite, Gedit, OpenOffice Writer Languages - C++, FORTRAN, Perl, Emacs, Php etc are build in Linux and can be upgraded with latest release available on net.

19 File and print serving in heterogeneous environments (Samba, Netatalk, NFS).
Web serving (Apache). Proxy Server (Squid) Network infrastructure (DNS/DHCP, LDAP). Network security (fire walling, IP masquerading, NAT). and NEWS SERVER (Internet Exchange, Sendmail, NNTP, list servers).

20 Flexibility can be intimidating:
Complex installation - no "turnkey", minimal PnP. Most vendors won't pre-install onto a new computer. Many command options (but you can use a GUI instead). Never originally designed to be user-friendly. Can have significant learning curve moving from another OS: User must learn new commands and vocabulary. Different "look and feel" for both OS and some applications although current window managers can now emulate Windows “look and feel” if you wish. All file and command names are case-sensitive.



23 A computer to install Linux on
Minimum: Pentium 166 MHz with 8MB RAM Minimum 1GB Disk Space A 8x speed CD-ROM A Linux Distribution (RedHat, Debian, Shackware etc..) One 3.5” Floppy Disk

24 Before installing Linux you need to have detailed information about your hardware. e.g. Mouse, Hard Drive, VGA Card, Monitor, Sound, Modem In Windows go to Control Panel > System > Deice Manager and record the information for each of the relevant device. Linux compatibility lists are available on the Distributor’s web site.

25 Creating a partition with enough free disk space for
Linux installation How data is stored on hard disk Partitions FIPS / Partition Magic to split a Windows partition.

26 Remove Hard Disk compression if present
Norton’s Speeddisk is known to cause problems. Turn it off / uninstall it. Turn it on after linux installation. Remove windows Swapfile

27 Insert bootable CD or bootable Floppy
Start computer Select Installation Mode Graphic (800x600x16-bit) Text LowRes Graphic Linux rescue Linux dd (to install third party driver) expert

28 Select mouse type and options Select installation type
Select Language Select Keyboard type Select mouse type and options emulate 3-button? Select installation type new install upgrade existing system

29 8. Type of install Workstation Laptop Server Custom

30 Workstation Typically single user "client" system
Automatic partitioning GUI Login (GNOME default) All free space dedicated to Linux Preserves any Windows install, multiboots No server daemons installed

31 Server Multiuser, networked
Typical server daemons installed by default No GUI installed Takes ALL hard disk space (erases existing partitions) No multiboot

32 Laptop Similar to Workstation, but with PCMCIA support
Multiboot supported

33 Custom Mixed use, server and client if desired
Select any or all packages Most flexible, but requires knowledge of package choices Single or multiboot

34 9. Partitioning Strategy
Automatic Partitions are / swap Manual, with Disk Druid Manual, with fdisk

35 Choose partitioning method
Remove all Linux partitions Remove all partitions Use existing free space, preserve existing non-Linux partitions RAID?

36 Apply partitioning design (set up partitions)
Minimum partitions are / - for the root file system swap - should be 2X RAM size Setting up multiple file systems in separate partitions permits greater control over use of available space

37 /boot 250MB swap should be 2X RAM size / 5GB for RH-9 complete instllation /home For users data (Optional) /var For logs, mails etc (Optional)

38 Choose boot loader method
MBR (GRUB controls boot selection) First sector of boot partition (lets other boot loader manage choices) GRUB may optionally be protected with a password of your choice.

39 Configure Networking (LAN only)
DHCP (localhost.localdomain) No further configuration needed Static IP Intranet (e.g., ) Routable (e.g., is sonic) Host name and domain name

40 Static IP configuration
IP address Netmask Network address Broadcast address Hostname Gateway Primary DNS (maybe secondary, tertiary)

41 Firewall configuration None Medium High Customize
all ports open in either direction Medium inbound DNS, HTTP High outbound only Customize Choose port and packet type (TCP/UDP) e.g., nntp:tcp

42 Configure user accounts
Language support Choose additional languages for documentation, etc. Choose Time zone Clock may be set to GMT, with offset for local time If you wish to change your time zone configuration after you have booted your Red Hat Linux system, become root and use the /usr/sbin/timeconfig command. Configure user accounts Choose password for "root" account Create at least one "ordinary" user so that typical tasks need not be done as root To become root from an ordinary user login, type su - at the shell prompt in a terminal window and then press [Enter]. Then, enter the root password and press [Enter]. Type "exit" to return to original login.

43 Enable authentication
Make sure "shadow" and "MD5" are selected. Enable MD5 passwords — allows a long password to be used (up to 256 characters), instead of the standard eight characters or less. Enable shadow passwords — provides a secure method for retaining passwords. The passwords are stored in /etc/shadow, which can only be read by root. NIS is for networked Linux systems to share file systems SMB is for file-sharing with Windows NT, 2000, XP network systems Kerberos and LDAP are additional authentication systems that require appropriate server software.

44 Select packages Carefully review and study package choices before proceeding Pick the minimum package set for your purposes for a production server Some server packages open up security holes in the system



47 Configure video hardware
Begin install Copying installation packages from CD's. May take up to two hours Configure video hardware Automatic probing may provide choices for you Have monitor information handy at this point

48 Select monitor configuration Choose custom X configuration
Create boot disk Label the floppy "Red Hat Linux 7.3 Custom Boot Disk" Select monitor configuration Choose custom X configuration Color depth Resolution Select default boot mode (text or GUI) Finish installing, reboot system

49 Basic Linux Commands

50 / - root directory ./ - current directory
./command_name run a command in the current directory ../ - parent directory ~ - home directory $ - typical prompt when logged in as ordinary user # - typical prompt when logged in as root or superuser & - run a program in background mode [Tab][Tab] - prints a list of all available commands. x[Tab][Tab] - prints a list of all available completions for a command, where the beginning is ``x'' [Alt][Ctrl][F1] - switch to the first virtual text console [Alt][Ctrl][Fn] - switch to the nth virtual text console. Typically, there are six on a Linux PC system. [Alt][Ctrl][F7] - switch to the first GUI console, [ArrowUp] - scroll through the command history (in bash) [Shift][PageUp] - scroll terminal output up. This also works at the login prompt, so you can scroll through your boot messages.

51 [Shift][PageDown] - scroll terminal output down
[Ctrl][Alt][+] - switch to next X server resolution (if the server is set up for more than one resolution) [Ctrl][Alt][-] - change to previous X server resolution [Ctrl][Alt][Del] - shut down the system and reboot [Ctrl]c - kill the current process [Ctrl]d logout from the current terminal [Ctrl]z - send current process to the background

52 cd to change directory ls To get a file list ls –a to list hidden files ls –l to list files permissions ls –al to list perm & hidden files ls –i to get I node no touch to create file mkdir to create Directory rm to delete a file Rmdir to delete a Directory cp tp copy files mv to move or rename files & Directories cat to see the content of a file more to see the content of a file less same as more

53 command --help Display help of command
man Manual date Display or change the date & time cal Display a calendar pwd Print Working Directory df Report filesystem disk space usage echo Display message on screen mount Mount a file system eject Eject CD-ROM fdformat Low-level format a floppy disk locate Search for files

54 free Display memory usage
ps Process status kill Kill a process top Show top Process shutdown shutdown –h now To shutdown system shutdown –r now to restart system shutdown –h t15 shutdown after 15 sec adduser to add a new user passwd change password su switch user who Print all usernames currently logged in tail Output the last part of files

55 last Display the last users logged on and how long.
bg start a suspend process in background fg start a suspend process in foreground & At the end of the command makes it run in the background. kill Kill a process pstree Display the tree of running processes fsck Used to repair a filesystem. Must not be run on a mounted file system mke2fs Create a Linux second extended filesystem. mkswap Sets up a Linux swap area on a device or file. hostname Used to show or set the name of the computer Pine Client lynx Internet Browser

56 Input / Output Redirector
Wildcard Input / Output Redirector & Pipes

57 * matches any character and any number of characters.
Another way that bash makes typing commands easier is by enabling users to use wildcards in their commands. The bash shell supports three kinds of wildcards: * matches any character and any number of characters. ? matches any single character. […] matches any single character contained within the brackets

58 The * wildcard can be used in a manner similar to command-line
completion. For example, assume the current directory contains the following files /etc/hosts /etc/host.conf /etc/hosts.allow … ls /etc/h<tab><tab> Or ls /etc/h*

59 The ? wildcard functions in an identical way to the * wildcard
except that the ? wildcard only matches a single character. For example, a directory contains the following files ch1.doc ch2.doc ch3.doc ch4.doc chimp config ls ch?.doc

60 The […] wildcard enables you to specify certain characters or ranges
of characters to match. To print all of the files in the example with the .doc extension using the […] wildcard, enter one of the following two commands: ch1.doc ch2.doc ch3.doc ch4.doc chimp config ls ch[123].doc ls ch[1-3].doc

61 Input redirection changes the source of input for a command. When
a command is entered in bash, the command is expecting some kind of input in order to do its job The input for these commands can be found in a file wc test 11 2 1 or wc < test

62 Output redirection is more commonly used than input redirection.
Output redirection enables you to redirect the output from a command into a file, as opposed to having the output displayed onscreen. The input for these commands can be found in a file ls /etc > list.txt

63 Pipes (often called pipelines) are a way to string together a series
of commands 1. Output from the first command in the pipeline is used as the input to the second command in the pipeline. 2. The output from the second command in the pipeline is used as input to the third command in the pipeline 3. The output from the last command in the pipeline is the output that actually displays onscreen (or is put into a file) cat sample.text | grep “High” | wc -l This pipeline takes the output from the cat command (which lists the contents of a file) and sends it into the grep command. The grep command searches for each occurrence of the word “High” in its input. The grep command’s output then consists

64 of each line in the file that contains the word “High.” This output is
then sent to the wc command. The wc command with the -l option prints the number of lines contained in its input. To show the results on a real file, suppose the contents of sample.text appeared as follows: Things to do today: Low: Go grocery shopping High: Return movie High: Clear level 3 in Alien vs. Predator Medium: Pick up clothes from dry cleaner The pipeline then returns the result 2 cat sample.text | grep “High” | wc -l 2

65 Linux Text Editors

66 Most bioinformatics work involves messing around with text files.
DNA and protein sequences, databases, results of similarity searches and multiple alignments are all stored on the computer as ordinary ASCII text files. To read, write, and edit these text files you must get familiar with a Text Editor program

67 A text editor is like a word processor on a personal computer, except that it does not apply formatting styles (bold, italics, different fonts etc.). Unix has line editors (view and edit one line at a time) and full screen editors. A screen editor loads an entire document into a buffer - allows you to jump to any point in the document.

68 There are many different text editors available for Unix computers
Graphical (X-Windows) Text Editors gedit (click on Gnome-footprint > programs > applications > gedit) kedit (click on Gnome-footprint > KDE menus > applications > Text Editor) kwrite (click on Gnome-footprint > KDE menus > applications > Advanced Editor)

69 emacs - screen based (but not X-windows) editor
vi - visual editor (screen based but not X-windows) editor pico - screen based (but not X-windows) editor ed - basic/crude line editor,

70 The full name of the Emacs program is: "GNU emacs, the Extensible, Customizable, Self-Documenting, Real-time Display Editor.” Emacs is free software produced by the Free Software Foundation (Boston, MA) and distributed under the GNU General Public License.

71 To start Emacs, at the > command prompt, just type: emacs
To use Emacs to edit a file, type: emacs filename (where filename is the name of your file) When Emacs is launched, it opens either a blank text window or a window containing the text of an existing file.

72 The display in Emacs is divided into three basic areas.
The top area is called the text window. The text window takes up most of the screen, and is where the document being edited appears. Below the text window, there is a single mode line (in reverse type). The mode line gives information about the document, and about the Emacs session. The bottom line of the Emacs display is called the minibuffer. The minibuffer holds space for commands that you give to Emacs, and displays status information.

73 Emacs uses Control and Escape characters to distinguish editor commands from text to be inserted in the buffer. Control-x means to hold down the control key, and type the letter x. (You don't need to capitalize the x, or any other control character) [ESCAPE] x means to press the escape key down, release it, and then type x.

74 To save a file as you are working on it, type: Control-x » Control-s
To exit emacs and return to the Unix shell, type: Control-x » Control-c If you have made any changes to the file, Emacs will ask you if you want to save: Save file /u/browns02/nrdc.msf? (y,n,!,.,q,C-r or C-h) Type “y” to save your changes and exit If you type “n”, then it will ask again: Modified buffers exist; exit anyway? (yes or no) If you answer “no”, then it will return you to the file, you must answer “yes” to exit without saving changes


76 Once you move the cursor to the location in the file where you want to do some editing, you can just start typing - just like in an ordinary word processor. The delete key should work to remove characters and inserted text will push existing text over.

77 You can delete or move blocks of text.
First move the cursor to the beginning (or end) of the block of text. Then set a mark with: Ctrl-spacebar Now move to the other end of the block of text and Delete or Copy the block: Delete: Ctrl-w Copy: [Esc] w To Paste a copied block, move to the new location and insert with : Ctrl-y

78 Emacs has a built in help feature
Just type: Ctrl-h To get help with a specific command, type: Ctrl-h k keys (where “keys” are the command keys that you type for that command) Emacs has a built in tutorial: Ctrl-h t this will be the primary exercise for this week’s computer lab.

79 vi is pronounced "vee-eye."
It is found on almost all Unix and Linux systems. vi has two basic modes: Command Mode Text Insert Mode To run vi just type on command prompt vi or vi filename

80 KEY EFFECT Left Arrow Move one character left Down Arrow Move down one line Up Arrow Move up one line Right Arrow Move one character right or h Move one character left j Move down one line k Move up one line l Move one character right 0 Move to beginning of current line (Note: this is “zero” key) $ Move to end of current line

81 KEY EFFECT i Insert text o Insert line below cursor A Append at end of line esc Command mode : Invoke “ex” command r Replace character cw Change word x Delete character dw Delete word dd Delete line

82 Command format is normally [count] command [where]
count number of times to repeat a command (optional) command the actual command where how much to act on or where to take the cursor depending on the command (optional) Examples 23x Delete 23 characters 25dd Delete 25 lines d$ Delete from current position to the end of the line

83 You access these command by hitting “:” in command mode
ex commands provide one way of getting out of vi :wq Write any changes and quit :q Quit (will only do so if no changes) :q! Quit without saving changes

84 KEY EFFECT p Put (paste) contents of buffer yw Yank (copy) word yy Yank (copy) line u Undo last command . Repeat last command U Undo all changes to line d$ Delete to end of line C Change text to end of line J Join lines

85 KEY EFFECT / pattern Search forward for pattern ? pattern Search backward for pattern n Repeat search in same direction N Repeat search in opposite direction

86 ^B Scroll backwards one page. A count scrolls that many pages. ^D Scroll forwards half a window. A count scrolls that many lines. ^F Scroll forwards one page. A count scrolls that many pages. ^H Move the cursor one space to the left. A count moves that many spaces. ^J Move the cursor down one line in the same column. A count moves that many lines down. ^M Move to the first character on the next line. ^N ^P Move the cursor up one line in the same column. A count moves that many lines up. ^U Scroll backwards half a window. A count scrolls that many lines. $ Move the cursor to the end of the current line. A count moves to the end of the following lines.

87 % Move the cursor to the matching parenthesis or brace. ^ Move the cursor to the first non-whitespace character. ( Move the cursor to the beginning of a sentence. ) Move the cursor to the beginning of the next sentence. { Move the cursor to the preceding paragraph. } Move the cursor to the next paragraph. | Move the cursor to the column specified by the count. + Move the cursor to the first non-whitespace character in the next line. - Move the cursor to the first non-whitespace character in the previous line. _ Move the cursor to the first non-whitespace character in the current line. (Zero) Move the cursor to the first column of the current line. B Move the cursor back one word, skipping over punctuation. E Move forward to the end of a word, skipping over punctuation. G Go to the line number specified as the count. If no count is given, then go to the end of the file.

88 H Move the cursor to the first non-whitespace character on the top of the screen. L Move the cursor to the first non-whitespace character on the bottom of the screen. M Move the cursor to the first non-whitespace character on the middle of the screen. W Move forward to the beginning of a word, skipping over punctuation. b Move the cursor back one word. If the cursor is in the middle of a word, move the cursor to the first character of that word. e Move the cursor forward one word. If the cursor is in the middle of a word, move the cursor to the last character of that word. h Move the cursor to the left one character position. j Move the cursor down one line.

89 k Move the cursor up one line. l Move the cursor to the right one character position. w Move the cursor forward one word. If the cursor is in the middle of a word, move the cursor to the first character of the next word. ~ Switch the case of the character under the cursor. < Shift the lines up to where to the left by one shiftwidth. "<<" shifts the current line to the left, and can be specified with a count > Shift the lines up to where to the right by one shiftwidth. ">>" shifts the current line to the right, and can be specified with a count J Join the current line with the next one. A count joins that many lines.


91 File System is developed for
create/store/load/delete/seek file on media Media example Magnetic Media Tape Floppy disk Hard disk Optical Media Cdrom Dvd

92 File system of Windows OS
Windows 98 and Windows ME Support FAT16, FAT32 Windows 2000 Support FAT16,FAT32, NTFS Windows XP Support FAT32, NTFS

93 Directories - organize files
Files - store the data Directories - organize files Partitions - separate collections of directories (also called “volumes”) all directory information kept in partition mount file system to access

94 Characteristic Windows Linux File System NTFS, FAT ext2,ext3
Reference Root of each partition point Each partition is mount under a drive letter Ex. C:, D:, F: Each partitions is mounted under / File Extensions Files are recognized by file extensions. Ex. Abc.txt, tmp.exe No File Ext Case Sensitive No Yes

95 File System in Linux is divided into 2 type
Linux Swap is used in virtual memory system Linux File System is used to store file there is various type of file system ext2 ( is first introduced in kernel 2.0.x ) ext3 ( is first introduced in kernel 2.4.x )

96 Every Linux filesystem implements a basic set of common concepts derived from the Unix operating system Files are represented by inodes (information nodes) Directories are simply files containing a list of entries, so a directory is represented by an inode as well

97 Each file is represented by a structure, called an inode
An ``inode'' (information node) contains all the information about a file (except file data), Each inode contains the description of the file: file type access rights owners timestamps size pointers to data blocks

98 The inode also contains the locations of all the data that make up a file so the operating system can collect it all when needed. The only information the inode does not contain is the name of the file and the contents. Directories contain the actual filenames. Blocks pointed to by the inode contain the actual data

99 Directories are implemented as a special type of file
A directory is a file containing a list of entries Each entry contains an inode number and a file name When a process uses a pathname, the kernel code searches in the directories to find the corresponding inode number After the name has been converted to an inode number, the inode is loaded into memory and is used by subsequent requests

100 Anatomy of an inode Data blocks i-node

101 The ext fs supports standard Unix file types:
regular files Directories device special files symbolic links (Shortcuts) Ext fs is able to manage filesystems created on really big partitions up to 4 TB Ext fs provides long file names. The maximum file name size is 255 characters Ext fs reserves some blocks for the super user (root) This allows the administrator to recover easily from situations where user processes fill up filesystems

102 One special data block, the ``superblock'', contains overall information about the filesystem, just as the inode contains information about a specific file. The superblock contains the information necessary to mount a filesystem and access its data, including the size of the filesystem, the number of free inodes, and information about free space available.

103 When a filesystem such as ext fs is mounted it checks a flag in the superblock to determine the consistency of the filesystem When an ext fs system boots it sets this consistency flag to Not Clean When an ext fs system shuts down normally it sets the consistency flag to Clean If the system boots and discovers the consistency flag is Not Clean, as could happen in a system crash, it runs fsck (file system check) to search for errors in the files system


105 In the root directory there are a number of folders
In the root directory there are a number of folders. The names of these folders, what they are expected to contain / (root) bin sbin home etc boot root usr var dev lib scott alice bob bin sbin local lib tmp n321 mail public_html bin man lib share src

106 The /bin directory contains commands that may be used by users or system administrators
A command is a small executable file This directory is available when the system starts up

107 This is the directory where the Linux kernel is stored
It contains everything that is required for the boot process except configuration files

108 To Linux all devices are considered to be files
For any device, such as a CDROM or a Video display Card, there must be a corresponding file in this directory Examples of device files would be: /dev/cdrom for the CDROM /dev/fd0 for the first floppy disk /dev/hda1 for the first IDE hard disk /dev/sda1 for the first SCSI hard disk Some devices are mounted when the system boots and some must be manually mounted

109 This directory contains configuration files and directories for the current system
Linux is well known for the fact that its configuration files are plain text files (rather than the bizarre registry database of Windows) Every Linux program is expected to store its configuration in this directory or a subdirectory of this directory

110 This directory stores all files belonging to the multiple users who have accounts on the system
If user name is “abc” then the home directory of this will be /home/abc

111 Stands for initial ram disk
A ram disk is an area of memory that acts as if it is a disk device (very fast, but not very permanent!) During the boot process a ram disk is created and mounted in this directory The kernel can then use this ram disk which usually contains device drivers needed during the boot process Without this directory RedHat Linux will not boot Once the boot process is complete the ram disk is unmounted

112 The system libraries needed for the following are found in this directory:
to boot the system for commands found in /bin For commands found in /sbin Libraries for user applications are likely to be found in /usr/lib

113 If Linux system crash, the program fsck
(file system check) will be run when the system reboots If any files are found to be corrupted or damaged in some way then they are placed in this directory

114 This is the default directory to which temporary filesystems (such as CD-ROMs and Floppy Disks) are mounted To mount a CDROM you would give the command: mount /mnt/cdrom The result will be a directory called cdrom in the mnt directory This cdrom directory will contain the filesystem of the CDROM

115 This directory is inherited from early versions of
UNIX Applications that did not come with the operating system were installed here (they are optional applications)

116 This is a virtual filesystem, containing process information
The files in this directory or its sub-directories are neither text or binary Most of the files have a length of zero (0) Yet when the file is viewed, it can contain quite a bit of information. Both applications and system administrators can use /proc as a method of accessing information about the state of the kernel, the attributes of the machine, the state of individual processes, and so on. For example, cat /proc/meminfo will present information on the memory used by Linux

117 The root user does not get a home directory (/home/root)
Instead, a directory in the root filesystem is created as the home directory for the system administrator

118 Root-only commands and utilities used for system administration are stored in /sbin, /usr/sbin, and /usr/local/sbin /sbin also contains binaries essential for booting, restoring, recovering, and/or repairing the system Root-only commands that are run after /usr is mounted are placed in one of the /usr/sbin directories


120 This directory contains variable data files
This includes spool directories, administrative and logging data, and transient and temporary files The directory /var/log contains log files generated by the web server, ftp server, and boot process along with any other application that creates a log file /var can be located on other partitions or filesystems

121 This directory contains user binary files such as the applications you would use
This directory contains shareable, read-only data /usr can be located on other partitions or filesystems

122 This is the primary directory for executable commnads on the system
/usr/bin This is the primary directory for executable commnads on the system /usr/include This is where all of the system’s general-use include files for the C programming language are placed /usr/lib Object files, libraries, and internal binaries that would be linked into C programs are placed here /usr/sbin Non-essential binaries used exclusively by the system administrator are stored here

123 Network File System (NFS)


125 When an application accesses a file that resides on a remote
machine, the program’s operating system invokes client software that contacts a file server on the remote machine and performs the requested operations on the file. Unlike a file transfer, the application’s system does not retrieve or store an entire file at once; instead, it requests transfer of one small block of data at a time.

126 In addition to the basic mechanisms for reading file protections,
and translate information among the presentations used on various computers. Because a remote file access service connects two machines, it must handle differences in the way the client and server systems name files, denote paths through directories, and store information about files. The files access software must accommodate differences and writing files, a file access service must provide ways to create and destroy files, peruse directories, authenticates requests, honor in the semantics interpretation of file operations.

127 The NFS design stores state information at the client site, allowing servers to remain stateless.
Because the server is stateless, disruption in service will not affect client operation. A client will be able to continue file access after a stateless server crashes and reboots; the application program, which runs on the client system, can remain unaware of the server reboot. Because a stateless server does not need to allocate resources for each client, a stateless design can scale to handle more clients than a stateful design.

128 The NFS designers adopted UNIX file system semantics when defining the meaning of individual operations. Understanding the UNIX file system is essential to understanding NFS because NFS uses the UNIX file systems terminologies and semantics. It honors the same open-read-write-close paradigm as UNIX, and offers most of the same services. Like UNIX, NFS assumes a hierarchical naming system. It considers the file hierarchy to be composed of directories and files. +


130 NFS assumes that file or directory has a mode that specifies its type
and access protection. The definitions and meaning of bits in the NFS mode integer is very similar to that of UNIX. Although NFS defines file types for devices, it does not permit remote device access (e.g., a client may not read or write a remote device)

131 An NFS file server runs on a machine (which has large disks)
that has a local file system. An NFS client runs on an ordinary machine and access the files on machines that run NFS servers. When an application program calls open to obtain access to a file, the OS uses the syntax of the path name to choose between local and remote file access procedures. If the path refers to a local file, the system uses the computer’s standard file system software to access the file; If the path refers to a remote file, the system uses NFS client software to access the remote file.

132 In UNIX, the mount mechanism construct a single, unified naming
hierarchy from individual file systems on multiple disks. UNIX implementation of NFS client code use an extended version of the mount mechanism to integrate remote file systems into the naming hierarchy along with local file systems. The main advantage of using the mount mechanism is consistency: all file names have the same form. An application program cannot tell whether a file is local or remote from the name syntax alone.




136 When a user is accessing a file, the kernel determines whether the file
is a local file or an NFS file. The kernel passes all references to local files to the local file access module and all references to the NFS files to the NFS client module The NFS client sends RPC requests to the NFS server through its TCP/TP module, Normally, NFS is used with UDP, but newer implementations can use TCP. Then the NFS server receives the requests on port 2049. Next, the NFS server passes the request through its local file access routines,

137 which access the file on server’s local disk
which access the file on server’s local disk. After the server gets the results back from the local file access routines, the NFS server sends back the reply in the RPC reply format to the client. while the NFS server is handling the client’s request, the local file system needs some amount of time to return the results to the server. During this time the server does not want to block other incoming client requests. To handle multiple client requests, NFS servers are multithreaded or there are multiple servers running at the same time. Second, the same situation occurs in the client’s side. Some Unix systems often use a technique similar to the NFS server: there are multiple biod’s running on the client side to provide more concurrency of NFS requests.

138 Client wants to access a file from server



141 NFS is a protocol in the application layer
NFS is a protocol in the application layer. It works with some protocols. The mount protocol provides the method of validation and permission checking and initiates the root file handle for client. The port mapper protocol provides the current server port number to the client that needs to access the specific server program. NIS is usually implemented with NFS. It provides a convenient way User can login with the same user name and password to all the

142 NFS and RPC requests can be used with both UDP and TCP,
machines in the same NIS group. NFS and all related protocols are using the service provided by RPC. All NFS requests and replies are in the format specified by RPC. XDR is the standard for encoding data in RPC. NFS and RPC requests can be used with both UDP and TCP, NFS was designed to be independent from transport layer. That means NFS can use on top of many transport protocols. However, in this class we interested in TCP and UDP only.

143 How does a server know which file/directory the client needs to access?
There is a data structure that is called the File Handle. The File handle is created by the NFS server and it is a unique reference to the specific file or directory on the NFS server itself. This FH is passed to the client at the first time the NFS client contacts the NFS server. The process of first contact is called the Mounting process. The top directory of the NFS server file system is called the root of the mounted file system. So, when the client mounts the server file system, the client will get a file handle of the root file system from the server.

144 FH is opaque to the client. This means the client does not do
anything with the FH. The client only sends it back to the server when it wants to access that file/directory. And the server can know from the file handle which file/dir the client needs to access. With the FH, the client does not need to know how the NFS server specifies the path name. And the other important point is that the server doesn’t need to keep track of what is the current access point of the client. volume ID inode # generation #

145 Suppose : client needs to cat the file sub2/myname.txt under the current directory

146 Suppose : client needs to remove the file sub2/myname.txt

147 Can be executed more than once by the server and still return the same result
Stateless protocol requires idempotent operation How to makes all NFS requests idempotent: Server records recently performed operations in cache Server checks in cache for duplicate requests Server returns the previous result if it is a duplicate

148 From the beginning, NFS used UDP
Most NFS systems were on LAN High overhead if using TCP Currently, NFS across WAN needs TCP Reliability and congestion control Both sides set TCP’s keep alive option If server crashes, client opens new TCP connection If client crashes, server will terminate the connection after the next keep alive probe

149 Error handling: Performance: Authentication:
failures of the server or network must be handled Performance: slower than local procedure calls Authentication: RPC can be transported over insecure networks



152 Port Mapper/RPCBIND

153 Files Permissions

154 We're going to look at file types UNIX recognizes a number of types. magic numbers How different normal files can be distinguished file attributes Information stored about files file protection How access to files is restricted.

155 UNIX stores information in byte-oriented files.
UNIX recognizes a number of different file types. You can view the different types of files with ls -l home]# ls -l /home /dev/null /etc/passwd drwxr-xr-x 11 root root Feb /home crw-rw-rw- 1 root root , 3 May /dev/null -rw-r--r root root Dec 30 15:49 /etc/passwd home]# ls -l /dev/hda1 brw-rw root disk , 1 May /dev/hda1 home]# ls -l /etc/X11/X lrwxrwxrwx 1 root root Jan /etc/X11/X -> ../../usr/X11R6/bin/XF86_SVGA

156 The first letter indicates file type.
Meaning Example - a normal file /etc/passwd d a directory / l symbolic link /dev/modem b block device file /dev/hda c character device file /dev/tty1

157 Consequences of Unauthorized Access:
Limiting unauthorized access to your directories and files is a very important concern for ALL Linux (Unix) users. Consequences of Unauthorized Access: Copying your assignments (cheating) Using your account for illegal activity Using your account to send obscene messages Tampering with files

158 UNIX achieve this by specifying three valid file operations Read, write and execute dividing users into three groups user - person who owns the file group - group who owns the file other - everybody else allow the owner to specify valid operations for each group

159 The meaning of a file operation is different if applied to a file or a directory.
Effect on a file Effect on a directory read read the contents of the file find out what files are in the directory, e.g. ls write delete the file or add something to the file be able to create or remove a file from the directory execute be able to run a file/program be able to access a file within a directory

160 Every file has file permissions
ls -l / /etc/passwd /home/test/teaching drwxr-xr-x 19 root root Dec 8 15:54 / -rw-r--r root root Dec 30 15:49 /etc/passwd drwxrwxrwx 10 test test Dec 24 23:18 /home/test/teaching They specify which operations each group can perform.

161 /home/test/teaching/
File Permissions Description / drwxr-xr-x file type => directory user/owner (root) => read, write and execute group (root) => read and execute other => read and execute /etc/passwd -rw-r--r-- file type => normal file user/owner (root) => read and write group (root) => read other => read /home/test/teaching/ drwxrwxrwx file type => directory user/owner (test) => read, write and execute group (test) => read, write and execute other => read, write and execute

162 UNIX actually stores permissions as numbers.
But humans generally don't do numbers well. The nice commands (like ls, stat) change them to symbolic. A Systems Administrator needs to be able to translate from one to the other.

163 Following table summarizes the valid symbols.
Meaning r read w write x execute

164 Each symbolic permission has a numeric equivalent.
Summarized in the following table. These are actually octal numbers Symbol Numeric equivalent r 4 w 2 x 1

165 Doing a conversion from symbolic to numeric (e.g. rwxr--r-x)
split symbols into three user groups user - rwx group - r-- other - r-x replace symbols with numeric equivalent and add user - rwx = = 7 group - r-- = 4 other - r-x = = 5

166 bring them together to form the numeric permissions rwxr--r-x = 745

167 Command Purpose chmod Change the file permissions for a file. Only the owner of a file can use it. chgrp Change the group owner of a file. You can only change it to a group you belong to. chown Change the user owner of a file. Only root can use this.

168 Introduction to Linux Shells

169 Computers do not understand a thing we type
The language of computers is a language consisting exclusively of numbers What these numbers mean are determined by the manufacturer of the CPU The instruction set for a Pentium CPU is not the same as the set for an IBM PowerPC CPU

170 One of the features of Unix is that it can and has been ported to many different types of CPU
Linux is a clone of Unix that works on Intel CPUs (i386) and beyond Regardless of the flavor of Unix you are using, once you are logged into the system in console mode, you are using a shell or command interpreter The shell is a program that responds to user commands either typed at the keyboard or read from a file These commands will work on most every version of Unix regardless of the CPU In the history of Unix there have been and still are a number of shells a user can choose from

171 It performs the following tasks
Wait for the user to enter a command Parse the command line, Find the executable file for the command This can be a a shell function, a built-in shell command or an executable program. 4. If the command can't be found generate an error message 5. If it is found, fork off a child process to execute the command 6. Wait until the command is finished 7. Return to step 1

172 The Most Common Linux Shell
The Bourne Shell The Bash Shell The C Shell The TC Shell The Korn Shell The A Shell The Z Shell

173 Bourse shell is the first Unix shell, its the grandfather of all modern shells
It was written by Steve Bourne at AT&T It is installed as /bin/sh This is the only shell guaranteed to be on any Unix system you might encounter In many cases, however, you'll find that /bin/sh is not a real Bourne shell Instead it is a symbolic link to a more modern shell that has backward compatibility with the Bourne shell.

174 You won't find the Bourne shell being used much interactively these days
It doesn't contain any of the fancy interactive features of newer shells But it remains immensely popular for scripts for two reasons: it's a pretty fair scripting language, it's available on every Unix box a script might find itself being executed upon Where the Bourne shell falls short scripting-wise, other widely available utilities such as the AWK language interpreter (awk) and the stream editor (sed) are used within Bourne shell scripts.

175 The Bourne Again Shell (bash) is a product of the Free Software Foundation's GNU project
It is backward compatible with the Bourne shell and contains all of the nicer features of both csh and ksh, This is the default Linux shell and is usually installed as /bin/bash with a symbolic link to /bin/sh (typing /bin/sh will invoke bash) On commercial Unix systems you may find that someone has installed it as /usr/local/bin/bash.

176 The C shell was written by Bill Joy at the University of California at Berkeley
His main intent for writing the C shell was to create a shell with C language-like syntax Its major enhancement over the original Bourne shell is its command history facility Despite the C language heritage, csh proved to be unsuitable for high-powered script programming The C Shell is usually installed as /bin/csh

177 A later effort, also involving William Joy, improved on C Shell by adding command line editing
The result was the TC Shell (tcsh) You can configure the editing for vi-like or emacs-like modes TC Shell is usually installed as /bin/tcsh and sometimes symbolically linked to /bin/csh.

178 The Korn Shell (ksh), a product of AT&T, was a successful attempt to provide the functionality of C Shell while using a Bourne Shell syntax and maintaining Bourne Shell backward compatibility

179 A Shell (ash) by Kenneth Almquist of Berkely is a lightweight Bourne Shell clone which you may find suitable for use on machines that are very tight on memory It's usually installed as /bin/ash and it may also have symbolic links to /bin/bsh and /bin/sh. The Z Shell (zsh) by Paul Falstad resembles the Korn Shell in many respects but has some extra features, including built-in spell checking It's usually installed as /bin/zsh. Both ash and zsh are included with most Linux distributions.

180 When a command is entered into a shell it is compared to an internal (to the shell) set of commands
If it is found then the shell executes the command If it is not found then a search is conducted in the user’s PATH for an executable file with the same name as the command Commands, either internal or external, can be stored in a (text) file A file of commands is called a shell script The file /etc/shells contains a list of valid shells.

181 Secure Shell (SSH)


183 Two version of Secure Shell (Not Compatible with each other)
1. Secure Shell (SSH) 2. Secure Shell version 2 (SSH2 or SecSh) Solve two acute problem in Internet - Secure remote tunnel logins - Secure file transfer Tunnel TCP Session over encrypted Secure Shell Connection Secure the communication of other applications and protocols without modifying the application

184 Encrypted SSH2 Tunnel Internet SSH Client Mail Server SSH Server

185 SSH’s first use was as a replacement for rsh, the Unix remote shell
application. This tool allowed one to connect to a shell on a remote machine. The tool suffered from two major shortcomings. 1. Like telnet it sent all traffic in cleartext, 2. Secondly, the /etc/hosts.equiv and ~/.rhosts files listed trusted machines and users; these could make rsh connections without any further authentication. If an attacker compromised any of these trusted hosts, they would immediately get access to the rsh server with no more effort. SSH encrypts all traffic, including the password or key authentication.

186 Strong authentication.
Closes several security holes (e.g., IP, routing, and DNS spoofing). New authentication methods: .rhosts together with RSA based host authentication, and pure RSA authentication. Improved privacy. All communications are automatically and transparently encrypted. RSA is used for key exchange, and a conventional cipher (normally IDEA, DES, or triple-DES) for encrypting the session. Encryption is started before authentication, and no passwords or other information is transmitted in the clear. Encryption is also used to protect against spoofed packets.

187 Shield against Spoofing:
Port Forwarding: Arbitrary TCP/IP ports can be redirected through the encrypted channel in both directions (e.g., for e-cash transactions). Host Authentication:  Never trusts the network. Minimal trust on the remote side of the connection. Minimal trust on domain name servers. Pure RSA authentication never trusts anything but the private key. Shield against Spoofing: Client RSA-authenticates the server machine in the beginning of every connection to prevent trojan horses (by routing or DNS spoofing) and man-in-the-middle attacks, and the server RSA-authenticates the client machine before accepting .rhosts or /etc/hosts.equiv authentication (to prevent DNS, routing, or IP-spoofing). .

188 Server Key The server program has its own server RSA key which is automatically regenerated every hour. This key is never saved in any file. Exchanged session keys are encrypted using both the server key and the server host key. The purpose of the separate server key is to make it impossible to decipher a captured session by breaking into the server machine at a later time; one hour from the connection even the server machine cannot decipher the session key. The server key is normally 768 bits. Flexible Any user can create any number of user authentication RSA keys for his own use. Each user has a file which lists the RSA public keys for which proof of possession of the corresponding private key is accepted as authentication. User authentication keys are typically 1024 bits.

189 Easier to Use:  No retraining needed for normal users; everything happens automatically, and old .rhosts files will work with strong authentication if administration installs host key files Replacement of “R” Complete replacement for rlogin, rsh, and rcp

190 Currently, almost all communications on computer networks are done
without encryption. As a consequence, anyone who has access to any machine connected to the network can listen in on any communication. This is being done by hackers, curious administrators, employers, criminals, industrial spies, and governments. Some networks leak off enough electromagnetic radiation that data may be captured even from a distance. When you log in, your password goes in the network in plain text. Thus, any listener can then use your account to do any evil he likes. Many incidents have been encountered worldwide where crackers have started programs on workstations without the owner’s knowledge just to listen to the network and collect passwords.

191 Encryption and cryptographic authentication and integrity protection
are required to secure networks and computer systems. SSH uses strong cryptographic algorithms to achieve these goals. Ease of use is critical to the acceptance of a piece of software. SSH attempts to be *easier* to use than its insecure counterparts. SSH is available for almost all Unix platforms, and commercial versions are available for Windows (3.1, 95, NT) and Macintosh



194 SSH version string exchange
client server TCP connection setup SSH version string exchange SSH key exchange (includes algorithm negotiation) SSH data exchange termination of the TCP connection

195 only, can be used to get into a server with the public key.
Old way: password stored on server, user supplied password compared to stored version New way: private key kept on client, public key stored on server. The serious problem with the password approach, whether used with telnet or with ssh, is that the password you need to enter at the client end is stored on the server. Even though it’s stored in an encoded form in /etc/passwd or /etc/shadow, this password can be cracked with brute force once one has access to that file. The difference with the public/private key split is that if an attacker gets the public key stored on the server, that public key cannot be used to get back into the server! Only the private key, kept on the client only, can be used to get into a server with the public key.


197 When the user tries to log in, the client tells the server the public key
that the user wishes to use for authentication. The server then checks if this public key is admissible. If so, it generates a 256 bit random number, encrypts it with the public key, and sends the value to the client. The client then decrypts the number with its private key, computes a 128 bit MD5 checksum from the resulting data, and sends the checksum back to the server. (Only a checksum is sent to prevent chosen-plaintext attacks against RSA.) The server checks computes a checksum from the correct data, and compares the checksums. Authentication is accepted if the checksums match.

198 The software consists of a number of programs.
sshd Server program run on the server machine. This listens for connections from client machines, and whenever it receives a connection, it performs authentication and starts serving the client. ssh This is the client program used to log into another machine or to execute commands on the other machine. "slogin" is another name for this program. scp Securely copies files from one machine to another. ssh-keygen Used to create RSA keys (host keys and user authentication keys).

199 ssh-agent Authentication agent. This can be used to hold RSA keys for authentication. ssh-add Used to register new keys with the agent. make-ssh-known-hosts Used to create the /etc/ssh_known_hosts file.

200 Two Entirely Different Protocols
SSH1 uses Server and Host Keys to Authenticate SSH2 only uses Host keys. SSH2 encrypt different parts of the packet SSH2 is more secure

201 Download the latest version follow the following steps.
Decompress and unarcheve the software with the command. tar –zxf ssh tar.gz Change your working directory so that you are in the root level of the Source code distribution. cd ssh Run the configure program ./configure Use the make command to compile the software. make

202 When the process is finished, you will need to install the newly created
binaries. During the installation process, the software will generate random keys to be used in the encryption process. make install  Start new service by typing service sshd start or /etc/rc.d/init.d/sshd start service sshd stop or /etc/rc.d/init.d/sshd stop service sshd status or /etc/rc.d/init.d/sshd status

203 [root@lab1]# slogin -l aamir localhost or ssh –l aamir localhost
password: Last login: Wed Aug 1 19:25: from

204 If there is a message "connection refused," you may need to make a
small change in your local tcpwrapper configuration files. Check to see if you have an /etc/hosts.deny file. Make a entry in this file that looks like this: ALL: ALL In /etc/hosts.allow file make following entry: sshd: ALL or IP addresses of allowed machines

205 The SSH configuration file is called /etc/ssh/sshd_config. By
default SSH listens on all your NICs and uses TCP port 22. #Port 22 #Protocol 2,1 #ListenAddress #ListenAddress To prevent from people trying to hack in on a well known TCP port, then you can change port 22 to something else that won't interfere with other applications on your system, such as port 435 First make sure your system isn't listening on port 435   root]# netstat -an | grep 435 root]#

206 Change the Port line in /etc/ssh/sshd_config to mention 435
and remove the "#" at the beginning of the line. If port 435 is being used, pick another port and try again. Port 435 Restart SSH service sshd restart Check to ensure SSH is running on the new port netstat -an | grep 435 tcp 0  0  :435  :*    LISTEN  

207 Port 22 ListenAddress HostKey /etc/ssh/ssh_host_key ServerKeyBits 1024 LoginGraceTime 600 KeyRegenerationInterval 3600 PermitRootLogin no IgnoreRhosts yes IgnoreUserKnownHosts yes StrictModes yes X11Forwarding no PrintMotd yes SyslogFacility AUTH LogLevel INFOR

208 RhostsAuthentication no
RhostsRSAAuthentication no RSAAuthentication yes PasswordAuthentication yes PermitEmptyPasswords no AllowUsers admin

209 Port 22 The option Port specifies on which port number ssh daemon listens for incoming connections. The default port is 22. ListenAddress The option ListenAddress specifies the IP address of the interface network on which the ssh daemon server socket is bind. The default is ; to improve security you may specify only the required ones to limit possible addresses. HostKey /etc/ssh/ssh_host_key The option HostKey specifies the location containing the private host key. ServerKeyBits 1024 The option ServerKeyBits specifies how many bits to use in the server key. These bits are used when the daemon starts to generate its RSA key

210 LoginGraceTime 600 The option LoginGraceTime specifies how long in seconds after a connection request the server will wait before disconnecting if the user has not successfully logged in. KeyRegenerationInterval 3600 The option KeyRegenerationInterval specifies how long in seconds the server should wait before automatically regenerated its key. This is a security feature to prevent decrypting captured sessions. PermitRootLogin no The option PermitRootLogin specifies whether root can log in using ssh. Never say yes to this option. IgnoreRhosts yes The option IgnoreRhosts specifies whether rhosts or shosts files should not be used in authentication.

211 IgnoreUserKnownHosts yes
The option IgnoreUserKnownHosts specifies whether the ssh daemon should ignore the user's $HOME/.ssh/known_hosts during RhostsRSAAuthentication. StrictModes yes The option StrictModes specifies whether ssh should check user's permissions in their home directory and rhosts files before accepting login. This option must always be set to yes because sometimes users may accidentally leave their directory or files world-writable. X11Forwarding no The option X11Forwarding specifies whether X11 forwarding should be enabled or not on this server. Since we setup a server without GUI installed on it, we can safely turn this option off.

212 PrintMotd yes The option PrintMotd specifies whether the ssh daemon should print the contents of the /etc/motd file when a user logs in interactively. The /etc/motd file is also known as the message of the day. SyslogFacility AUTH The option SyslogFacility specifies the facility code used when logging messages from sshd. The facility specifies the subsystem that produced the message--in our case, AUTH. LogLevel INFO The option LogLevel specifies the level that is used when logging messages from sshd. INFO is a good choice. See the man page for sshd for more information on other possibilities. RhostsAuthentication no The option RhostsAuthentication specifies whether sshd can try to use rhosts based authentication. Because rhosts authentication is insecure you shouldn't use this option.

213 RhostsRSAAuthentication no
The option RhostsRSAAuthentication specifies whether to try rhosts authentication in concert with RSA host authentication. RSAAuthentication yes The option RSAAuthentication specifies whether to try RSA authentication. This option must be set to yes for better security in your sessions. RSA use public and private key pairs created with the ssh-keygen utility for authentication purposes. PasswordAuthentication yes The option PasswordAuthentication specifies whether we should use password-based authentication. For strong security, this option must always be set to yes.

214 PermitEmptyPasswords no
The option PermitEmptyPasswords specifies whether the server allows logging in to accounts with a null password. If you intend to use the scp utility to make automatic backups over the network, you must set this option to yes. AllowUsers admin The option AllowUsers specifies and controls which users can access ssh services. Multiple users can be specified, separated by spaces.

215 [root@lab1]# ssh -l abc -p 435
Using SSH is similar to Telnet. To login from another Linux box use the "ssh" command with a "-l" to specify the username you wish to login as. If you leave out the "-l", your username will not change. User “root” Logs In To smallfry As User “root”  ssh User “root” Logs In To testsrv As User “abc”  Using default port 22 ssh -l abc Using port 435 ssh -l abc -p

216 Copying Files To The Local Linux Box Command Format:
scp localdir Examples: Copy file /tmp/software.rpm on the remote machine to the local directory /home scp /home Copy file /tmp/software.rpm on the remote machine to the local directory /home using TCP port 435 scp –p 435 /home

217 [xyz@lab1]$ ssh-keygen
Generating public/private rsa1 key pair.Enter file in which to save the key (/home/xyz/.ssh/identity): /home/xyz/.ssh/identity Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/xyz/.ssh/identity. Your public key has been saved in /home/xyz/.ssh/ The key fingerprint is:22:bc:0b:fe:f5:06:1d:c0:05:ea:59:09:e3:07:8a:8c cd ~.ssh; ls –l -rw xyz xyz Nov 2 01:33 identity -rw-r--r xyz xyz Nov 2 01:33

218 The file identity contains your private key.
This key is used to gain access on systems which have your private key listed in their authorized keys file. Also, make sure your private key always is chmod 600, so other users on the system won't have access to it. The file contains your public key, which can be added to other system's authorized keys files. We will get to adding keys later

219 [xyz@lab1]$ ssh-keygen –t dsa
Generating public/private dsa key pair. Enter file in which to save the key (/home/xyz/.ssh/id_dsa) Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/xyz/.ssh/id_dsa Your public key has been saved in /home/xyz/.ssh/ The key fingerprint is:22:bc:0b:fe:f5:06:1d:c0:05:ea:59:09:e3:07:8a:8c cd ~.ssh; ls –l -rw xyz xyz Nov 2 01:33 id_dsa -rw-r--r xyz xyz Nov 2 01:33 The file id_dsa contains your version 2 private key The file contains your version 2 public key

220 To be able to log in to remote systems using your pair of keys,
you will first have to add your public key on the remote server to the authorized_keys (for version 1) file, and the authorized_keys2 (for version2) file in the .ssh/ directory in your home directory on the remote machine. cd .ssh/ For SSH1 $ scp For SSH2 $ scp

221 This will place your keys in your home directory on the remote
server. After that we will login on the remote server using ssh or telnet the conventional way... with a password. xyz]$ mkdir .ssh xyz]$ chmod 700 .ssh xyz]$ cd .ssh touch authorized_keys chmod 600 authorized_keys .ssh]$ cat ../ >> authorized_keys

222 Placing the key for version 2 works about the same :
xyz]$ mkdir .ssh xyz]$ chmod 700 .ssh xyz]$ cd .ssh touch authorized_keys2 chmod 600 authorized_keys2 .ssh]$ cat ../ >> authorized_keys2 Now logout from the remote server and connect again with ssh ssh –i ./.ssh/identity (for ssh1) ssh –i ./.ssh/id_dsa (for ssh2)

223 Software Management

224 A package is a software collection written in a
particular format to achieve a specific goal. It makes installation easier. Redhat linux has over 450 packages available of which about 270 are installed originally on the server.

225 Executables Data Files Configuration Files Documentation
Managing Programs Executables Data Files Configuration Files Documentation

226 Examples of Packages Applications, eg. a word processor or a programming language A part of the Operating System, eg. an FTP server Advantages One easily managed "chunk" Packages are "intelligent"

227 Package operations: Installing packages Upgrading packages Removing packages Keeping track of packages: Finding out what packages are installed Get information on a specific package Is a package still installed correctly?

228 In Red Hat Linux there are two most common types of Packages
RPM Packages Tarball Packages

229 RPM stands for Redhat Package Manager. This utility
was originally developed by Redhat but is now found in other Linux distributions. It is an easy method for installing, upgrading, deleting, or quering a software package. RPM is a significant enhancement over the tar utility that is used to install tarballs

230 Make it easy to get packages on and
off the system Make it easy to verify a package was installed correctly Make it easy for the package builder Make it start with the original source code Make it work on different computer architectures

231 For the end user, RPM provides many features that make
maintaining a system far easier than it has ever been. One command : Installing, uninstalling, and upgrading of RPM packages Package Database: Maintain database of installed packages and their files, which allows you to perform powerful queries and verification of your system. During upgrades, RPM handles configuration files specially, so that you never lose your customizations -- a feature that is impossible with straight .tar.gz files.

232 For the developer, RPM allows to take source code
for software and package it into source and binary packages for end users. This process is quite simple and is driven from a single file and optional patches that you create

233 RPP Used in Red Hat Linux versions before 2.0 Supported one-command installation and uninstallation Package verification Powerful querying No support for multiple architectures

234 PMS Developed at the same time as RPP Used in the BOGUS distribution No package verification Weak querying No support for multiple architectures

235 PM Produced by the developers of PMS under contract to Red Hat Software Combined the best features of RPP and PMS Weak database design No support for multiple architectures

236 RPM Version 1 Produced by Marc Ewing and Erik Troan Automatic Handling of Configuration Files Easy to rebuild many packages Slow and big (written in Perl) Poor support for multiple architectures

237 RPM Version 2 Rewritten in C - much faster and didn't require Perl New database design improved speed and reliability Enhanced multiple architecture support

238 RPM Packages usually have a file extension
eg. eject i386 .rpm Some packages have “noarch” in file name, it means the package is not dependent on the architecture of the system. Package Name Ext Ver Platform

239 rpm –i file1.rpm ... eg. rpm –i eject i386.rpm Performs dependency checks Checks for conflicts Performs any tasks required before the install Decides what to do with config files Unpacks files from the package Performs any tasks required after the install

240 Additional options Overwriting packages: --replacepkgs Overwriting files: --replacefiles Overwriting packages and files: --force Ignoring dependencies: --nodeps Don't install documentation: --excludedocs

241 rpm -e pkg1 ... Checks that no other packages require the one being removed Performs any tasks required before uninstalling Check if any config files were changed Deletes any files belonging to the package Performs any tasks required after uninstalling Keeps track of what it did rpm -e eject

242 rpm -U file1.rpm ... Installs the new version Erases any older versions if they exist Configuration file handling rpm -U eject i386.rpm "Upgrade" to an older version: --oldpackage

243 Example Queries: Where did this file come from? What is in this package I received? What version of this package do I have installed? Is there any documentation for this package? Parts to a query: What packages to query What information is wanted

244 To Check All installed packages
rpm –qa Use "less" or "grep“ rpm -qa | grep -i ssh openssh-server-3.4p1-2 openssh-clients-3.4p1-2 openssh-askpass-gnome-3.4p1-2 openssh-3.4p1-2 openssh-askpass-3.4p1-2

245 Query a package file: You can use the “-ql” qualifier to list all the files associated with an installed RPM. In this example we test to make sure that the NTP package is installed using the”-qa” qualifier, then we use the “-ql” qualifier to get the file listing tmp]# rpm -qa ntp            ntp rc1.2 tmp]# rpm -ql ntp /etc/ntp /etc/ntp.conf /etc/ntp/drift /etc/ntp/keys

246 You can use the “-qpl” qualifier to list all the files in a RPM file
tmp]# rpm -qpl dhcp-3.0pl1-23.i386.rpm /etc/rc.d/init.d/dhcpd /etc/rc.d/init.d/dhcrelay /etc/sysconfig/dhcpd /etc/sysconfig/dhcrelay /usr/share/man/man8/dhcrelay.8.gz /var/lib/dhcp /var/lib/dhcp/dhcpd.leases tmp]#

247 The rpm –e command will erase an installed package.
The package name given must match that listed in the rpm –qa command as the version of the package is important. tmp]# rpm -e dhcp-3.0pl1-23.i386.rpm

248 Sometimes the packages you want to install need to be
compiled in order to match your kernel version. This requires you to use source RPM files. Download the source RPMs or locate them on CD They usually have a file extension ending with (.src.rpm) Run the following commands as root:   rpmbuild --rebuild filename.src.rpm

249 One of the most convenient package manipulation tools available is Gnome-RPM, a graphical tool which runs under the X Window System.


251 Network Standalone computer
Group of computers and other devices connected by some type of transmission media Networks enable users to share devices and data, collectively called a network’s resources Standalone computer Uses programs and data only from its local disks and is not connected to a network

252 Local computer Remote computer Computer on which user is working
Computer that user controls or works on via network connection


254 Network of computers and other devices confined to relatively small space
LAN Modules - Peer to Peer Module - Client / Server Module

255 Computers communicate on single segment of cable and share each other’s data and devices
Simple example of a local area network (LAN) Not Secure and not scalable

256 Network operating system
Network based on client/server architecture Clients do not communicate directly to each other in a client/server architecture but use the server as an intermediate step in comm Network operating system Special software designed to manage data, network security and sharing other resources on a server for a number of clients

257 Figure 1-3: LAN with a file server

258 User login accounts and passwords can be assigned in one place
Access to multiple shared resources can be centrally granted Servers are optimized to handle heavy processing loads and dedicated to handling requests from clients Servers can connect more than a handful of computers

259 Metropolitan area network (MAN)
Network connecting clients and servers in multiple buildings within limited geographic area Wide area network (WAN) Network that spans large distance and connects two or more LANs The Internet is an example of a very intricate and extensive WAN that spans the globe

260 Local Area Network Wide Area Network

261 Server Workstation Node
Client, server, or other device that can communicate over a network and that is identified by a unique identifying number, known as its network address

262 Network operating system (NOS) Network interface card (NIC)
Linux, Solaris, Windows 2000 etc.. Network interface card (NIC) Enables workstation to connect to the network and communicate with other computers

263 Bus Topology Star Topology Ring Topology Mesh Topology Hybrid Topologies

264 Terminator Segment

265 Hub



268 Star-Bus Bus Star-Ring

269 Repeaters and Hubs Bridges Switches Routers Gateways Remote Access Connectivity Types Public Switched Telephone Network (PSTN) Integrated Services Digital Network (ISDN) X.25 Asymmetric Digital Subscriber Line (ADSL)

270 Repeater Hub Transmits data to all connected computers Repeater
computers in a star topology Hub

271 Bridge

272 Switch

273 Router Router Router Router

274 Ethernet Token Ring Gateway

275 Virtual Private Network
Dial-up Remote Access Remote Access Client Remote Access Server Virtual Private Network Remote Access Client Linux VPN Server Corporate Intranet Internet Tunnel

276 PSTN Analog Voice Data Worldwide Availability Analog Modem 56 Kbps
Telephone Wires Client Analog Modem Analog Modem Server Analog Voice Data Worldwide Availability Analog Modem 56 Kbps PSTN

277 Digital Telephone Lines or Telephone Wires
Client ISDN Modem ISDN Modem Server International Communication Standard Digital Transmission Extends over Local Telephone Exchange ISDN Modem 64 Kbps or Faster ISDN

278 X.25 Based on Packet Switching
Modem Based on Packet Switching X.25 Packet Assembler/Disassembler (PAD) Client Configuration Server Configuration X.25 X.25 Smart Card Client Server PAD Service

279 ADSL Copper Telephone Lines Simultaneous Voice and Data Transmission
LAN Adapter Copper Telephone Lines Simultaneous Voice and Data Transmission 1.5 to 9 Mbps Downstream Rate 16 to 640 Kbps Upstream Rate LAN Interface or Dial-up Interface ADSL ATM Client Server ADSL Wires

280 Transmission media Transmission Media Twisted-Pair
Means through which data are transmitted and received Twisted-Pair Unshielded (UTP) Shielded (STP) 10/100 Coaxial ThinNet ThickNet 10Base2, 10Base5 Fiber-Optic

281 Protocol Data Packets Rules network uses to transfer data
e.g TCP/IP, IPX/SPX, AppleTalk …. Data Packets The distinct units of data transmitted from one computer to another on a network

282 TCP/IP is a universal standard suite of protocols used to
provide connectivity between networked devices. One component of TCP/IP is the Internet Protocol (IP) which is responsible for ensuring that data is transferred between two addresses without being corrupted. For manageability, the data is usually split into multiple pieces or “packets” The two most popular transportation mechanisms used on the Internet are Transmission Control Protocol (TCP) and User Datagram Protocol (UDP).

283 TCP is a connection oriented protocol. It opens up a
connection between client and server programs running on separate computers so that multiple and/or sporadic streams of data can be sent over an indefinite period of time. TCP keeps track of the packets sent by giving each one a sequence number with the remote server sending back “acknowledgement” packets confirming correct delivery.

284 UDP is a connectionless protocol. the machine that sends
the data having no means of verifying whether the data was correctly received by the remote machine TCP / UDP Ports While in data transmission both the UDP and the TCP segment headers track the “port” being used. The source/destination port and the source/ destination IP addresses of the client & server computers are then combined to uniquely identify each data flow

285 All devices connected to the Internet have an Internet Protocol
(IP) address. Just like a telephone number, it helps to uniquely identify a user of the system. IP addresses are in reality a string of binary digits or "bits". Each bit is either a 1 or a 0. IP addresses have 32 bits in total. For ease of use, IP addresses are written in what is called a "dotted decimal" format, four numbers with dots in between. None of the numbers between the dots may be greater than 255. An example of an IP address would be The numbers between the dots are frequently referred to as "octets"

286 Class 1st Byte Format Total Hosts A 0 – 126 N.H.H.H 16 Million B 128 – 191 N.N.H.H 64 Thousand C 192 – 239 N.N.N.H 254 D 224 – 239 - (Multicast) E 240 – 254 (Experimental)

287 Splits networks into subnetworks Separates address into 2 parts
1’s – Network Portion 0’s – Host Portion Example: Class C Network Address: N.N.N.H Mask: (255 = ) CIDR Notation: N.N.N.H/24

288 Some groups of IP addresses are reserved for use only in
private networks and are not routed over the Internet. These are   Home networking equipment / devices usually are configured in the factory with an IP address in the range to

289 Whether or not your computer has a network interface card it will
have a “built in” IP address with which network aware applications can communicate with one another. This IP address is defined as and is frequently referred to as “localhost”

290 MAC Address also known as Physical address of hardware.
Assigned by manufacturer (hardware) Must be absolutely unique Address format 6 octets in hex (#:#:#:#:#:#) First 3 octets: Manufacturer Identifier Last 3 octets: Card serial number Used for local network communication

291 Translates IP addresses to Ethernet (MAC) addresses
Who is ? I am (1:2:3:7:8:9) arp –a: View the cache

292 Connects Networks together
If destination not on local network, packets sent through gateway route: Display/configure routing

293 Hostname and IP Address assignment
Configuration of hardware Default route (gateway) assignment Name Service Configuration Testing and troubleshooting

294 Uniquely identifies each system Fully Qualified Domain Name[.country] Country: 2 letter identifier for country Domain: Type of site (edu, com, org) Site: Unique name of organization Hostname: Unique name of system hostname: Display or set system name

295 Most modern PCs come with an ethernet port. When Linux is
installed, this device is called "eth0". You can determine the IP address of this device with the "ifconfig" command To assign or unassign the eth0 interface an IP address use the ifconfig command ifconfig eth netmask up or ifconfig eth netmask down To make this permanent each time you boot up you'll have to add this command in your /etc/sysconfig/network-scripts Directory. Interface eth0 has a file called ifcfg-eth0, eth1 uses ifcfg-eth1…etc

296 Typical format of Ifcfg-eth0 file.
DEVICE=eth0 IPADDR= NETMASK= ONBOOT= yes Or in case of DHCP server. DEVICE=eth0 BOOTPROTO=dhcp ONBOOT=yes

297 You can assign multiple IP Address on a single NIC with
Ifconfig command or by creating a file. A virtual sub-interface also known as an "IP alias". IP aliasing is one of the most common ways of creating multiple IP addresses associated with a single NIC. Aliases have the name format "parent-interface-name:X", where  "X" is the sub-interface number of your choice. 

298 1. First ensure the "parent" real interface exists
2. Verify that no other IP aliases with the same name exists 3. with the name you plan to use. Create the virtual interface with the ifconfig command ifconfig eth0: netmask up You then have the choice of creating a file in with the name of /etc/sysconfig/network-scripts/ifcfg-eth0:0

299 Default gateway is the address of the router / firewall
connected to the Internet or the other network. Command to check the route is route To add the default route use the following command route add default gw In this case, make sure that the router / firewall with IP address is connected to the same network the “/etc/sysconfig/network” file is used to configure default gateway each time Linux boots

300 Following is the sample of /etc/sysconfig/network
NETWORKING=yes HOSTNAME=lab2-3 GATEWAY= To delete default route use route del default gw  

301 A linux server can act as router for this there is need of
Two NIC cards Enable Packet Forwarding - In simple terms packet forwarding lets packets flow through the Linux box from one network to another The configuration parameter to activate this is found in the file /etc/sysctl.conf. Remove the "#" from the line related to packet forwarding Before # Disables packet forwarding #net.ipv4.ip_forward=1

302 After # Enables packet forwarding net.ipv4.ip_forward=1 Restart the machine or use the following command to activate it immediately. echo 1 > /proc/sys/net/ipv4/ip_forward

303 Following files are need to be configured for name service
/etc/hosts Local configuration /etc/resolv.conf Domain Name Service (DNS) lookup search: domains to search if not FQDN

304 The /etc/hosts lists the name and IP address of local hosts
Linux will typically check this file before referencing DNS, if the name is found with a corresponding IP address then DNS won't be queried. The /etc/hosts file has the following format ip-address fully-qualified-domain-name alias1 alias2 The very first line should always look like this with "localhost" being the only alias      localhost.localdomain  localhost  

305 If you have a NIC card in the server, then you have to add
another entry in this file. First determine whats your true hostname is: /]# hostname test Add the corresponding entry in the /etc/hosts file for the NIC's IP address  Host test with an IP address of isn't part of any DNS domain test mail  

306 The file /etc/resolv.conf is used to determined the
name server of DNS server. Following is the sample of resolv.conf nameserver nameserver

307 ping – Reachability test
arp –a - To check the MAC address ifconfig - To check the IP Address traceroute – Routing performance Netstat –a – Network performance stats nslookup/dig – DNS Queries

308 Domain Name Service (DNS)

309 Addresses are used to locate objects
Names are easier to remember than numbers You would like to get to the address or other objects using a name DNS provides a mapping from names to resources of several types

310 An address is how you get to an endpoint
Typically, hierarchical (for scaling): 950 Milton Street, Brisbane City, QLD 4064 , A “name” is how an endpoint is referenced Typically, no structurally significant hierarchy “David”, “Tokyo”, “”

311 DNS is the Domain Name System, which converts/maps symbolic machine names to the Internet addresses. It translates (maps) from name to address and from address to name. A Distributed, Hierarchical database of the Names of hosts on the Internet and their associated IP addresses.

312 Host names were mapped to IP addresses using 'hosts' files.
This is the '/etc/hosts' file found on your Linux system. It still exists today to provide basic information to your networking system before any of the major networking services start. These files were then copied around the ARPANET using 9600Baud UUCP connections. UUCP -- Unix to Unix CoPy; Still used in some places today. Problems traffic and load Name collisions Consistency

313 A mapping is simply an association between two things,
easy-to-remember machine name, like, and the machine's IP address ( ). DNS also contains mappings the other way, from the IP number to the machine name; this is called a "reverse mapping".

314 Maps domain name to IP address.
Application calls resolver Resolver sends UDP packet to local DNS server DNS server returns IP address to resolver Resolver returns IP address to application

315 Data is maintained locally, but retrievable globally
No single computer has all DNS data DNS lookups can be performed by any device Remote DNS data is locally cacheable to improve performance

316 The database is always internally consistent
Each version of a subset of the database (a zone) has a serial number The serial number is incremented on each database change Changes to the master copy of the database are replicated according to timing set by the zone administrator Cached data expires according to timeout set by zone administrator

317 No limit to the size of the database
One server has over 20,000,000 names Not a particularly good idea No limit to the number of queries 24,000 queries per second handled easily Queries distributed among masters, slaves, and caches

318 Clients will typically query local caches
Data is replicated Data from master is copied to multiple slaves Clients can query Master server Any of the copies at slave servers Clients will typically query local caches

319 Database can be updated dynamically
Add/delete/modify of any record Modification of the master database triggers replication Only master can be dynamically updated Creates a single point of failure

320 The namespace needs to be made hierarchical to be able to scale.
The idea is to name objects based on location (within country, set of organizations, set of companies, etc) unit within that location (company within set of company, etc) object within unit (name of person in company)

321 How names appear in the DNS
Fully Qualified Domain Name (FQDN) labels separated by dots DNS provides a mapping from FQDNs to resources of several types Names are used as a key when fetching data in the DNS

322 Root DNS Domain names can be mapped to a tree Dot used as a separator
dots Root DNS net org com gov iana apnic www whois whois ftp

323 The DNS maps names into data using Resource Records.
… A Address Resource

324 Domains are “namespaces”
Everything below .com is in the com domain Everything below is in the domain and in the net domain

325 • com domain com net edu net domain domain • • • google sun
tislabs isi moon training www www ftp ns2 ns1

326 Administrators can create subdomains to group hosts
According to geography, organizational affiliation or any other criterion An administrator of a domain can delegate responsibility for managing a subdomain to someone else The parent domain retains links to the delegated subdomain The parent domain “remembers” who it delegated the subdomain to

327 Zones are “administrative spaces”
Zone administrators are responsible for portion of a domain’s name space Authority is delegated from a parent and to a child

328 net net zone domain zone zone • com net
edu google zone apnic sun tislabs isi moon zone training www www ftp ns2 ns1

329 It has two parts... the Name Server the Resolver

330 Primary: Contains the writable authoritative copy for the zones that it is primary for
Secondary: Contains mirror copy of the data from a primary nameserver. No updates take place here, used to provide redundancy Caching-only: relies on other name servers for authoritative answers Note: BIND -- Berkley Internet Name Daemon This is the most common name server..

331 Primary Secondary Data loaded from a file.
One primary server per zone. Secondary Data transferred from a primary server. Data may be stored in a file. Checks every refresh period with the primary, looking for changes. Might have many secondaries per zone


333 ;; (use your favorite naming scheme)
$TTL @ IN SOA ( ; serial - YYYYMMDDXX ; refresh - 6 hours 1200 ; retry - 20 minutes ; expire - long time 86400) ; minimum TTL - 24 hours ;; Nameservers IN NS IN NS ;; Hosts with just A records host1 IN A

334 TTL is a timing parameter IN class is widest used
Resource records consist of it’s name, it’s TTL, it’s class, it’s type and it’s RDATA TTL is a timing parameter IN class is widest used There are multiple types of RR records Everything behind the type identifier is called rdata IN A ttl Label type rdata class

335 7200 IN SOA (
; Serial ; Refresh 12 hours ; Retry 4 hours ; Expire 4 days 7200 ; Negative cache 2 hours ) IN NS IN NS Label ttl class type rdata IN A

336 The main DNS configuration is kept in the file /etc/named
The main DNS configuration is kept in the file /etc/named.conf which is used to tell BIND where to find the configuration files for each domain you own. There are usually two zone areas in this file: Forward zone file definitions which list files to map domains to IP addresses Reverse zone file definitions which list files to map IP addresses to domains In this example the forward zone for is being set up by placing the following entries at the bottom of the /etc/named.conf file. The zone file is named zone "" { type master; notify no; allow-query { any; }; file ""; };

337 You can also insert additional entries in the /etc/named.conf file
zone "" { type master; notify no; allow-query { any; }; file ""; };

338 DNS databases contain more than just hostname-to-address records:
Name server records NS Hostname aliases CNAME Mail Exchangers MX Host Information HINFO

339 The SOA and NS records are used to provide information about the zone itself
The NS indicates where information about a given zone can be found The SOA record provides information about the Start Of Authority, i.e. the top of the zone, also called the APEX

340 Contact address Master server Version number Timing parameter
net IN SOA ( ; serial 30M ; refresh 15M ; retry 1W ; expiry 1D ) ; neg.answ.ttl Version number Timing parameter

341 TTL is a timer used in caches
An indication for how long the data may be reused Data that is expected to be ‘stable’ can have high TTLs SOA timers are used for maintaining consistency between primary and secondary servers

342 Zone file is written by the zone administrator
Zone file is read by the master server and it’s content is replicated to slave servers What is in the zone file will end up in the database Because of timing issues it might take some time before the data is actually visible at the client side

343 The ‘header’ of the zone file
Start with a SOA record Include authoritative name servers and Add other information Add other RRs Delegate to other zones

344  admin\ IN SOA admin\. ( ; serial 1h ; refresh 30M ; retry 1W ; expiry 3600 ) ; neg. answ. ttl  admin\. Serial number: 32bit circular arithmetic People often use date format To be increased after editing The timers above qualify as reasonable

345 NS record for all the authoritative servers
They need to carry the zone at the moment you publish A records only for “in-zone” name servers Delegating NS records might have glue associated IN NS IN NS IN A IN A

346 Add all the other data to your zone file Some notes on notation
Note the fully qualified domain name including trailing dot Note TTL and CLASS IN A IN A IN CNAME IN MX 50

347 3600 IN SOA admin\ (
; serial 1h ; refresh 30M ; retry 1W ; expiry 3600 ) ; neg. answ. Ttl IN NS IN NS IN MX IN MX IN A IN A IN A IN A IN CNAME IN.

348 ; Zone file for
; The full zone file $TTL 3D @       IN      SOA (                                ; serial#                         3600            ; refresh, seconds                         3600            ; retry, seconds                         3600            ; expire, seconds                         3600 )          ; minimum, seconds                 NS      www             ; Inet Address of nameserver    MX      10 mail         ; Primary Mail Exchanger localhost       A       www             A       mail             CNAME   www

349 ; Filename: zone ; ; Zone file for x $TTL 3D @       IN        SOA (                                        ; serial number                              8H                 ; refresh, seconds                              2H                 ; retry, seconds                              4W                 ; expire, seconds                              1D )               ; minimum, seconds                   NS         www                ; Nameserver Address 100                PTR 103                PTR 32                 PTR 33                 PTR


351 } query identifier flags # of questions 16 bit fields # of RRs
# of authority RRs # of additional RRs 16 bit fields } Response

352 QR: Query=0, Response=1 AA: Authoritative Answer TC: response truncated (> 512 bytes) RD: recursion desired RA: recursion available rcode: return code

353 A request can indicate that recursion is desired - this tells the server to find out the answer (possibly by contacting other servers). If recursion is not requested - the response may be a list of other name servers to contact.


355 Domain Name Response type Class (IP) Time to live (in seconds) Length of resource data Resource data

356 Both UDP and TCP are used:
TCP for transfers of entire database to secondary servers (replication). UDP for lookups If more than 512 bytes in response - requestor resubmits request using TCP.

357 WEB Server

358 A Web server is the server software behind the World Wide Web.
It listens for requests from a client, such as a browser like Netscape or Microsoft's Internet Explorer. When it gets one, it processes that request and returns some data. This data usually takes the form of a formatted page with text and graphics. The browser then renders this data to the best of its ability and presents it to the user. Web servers are in concept very simple programs. They await for requests and fulfill them when received.

359 URL The Web is based on the client/server paradigm. DNS Server
Typical Transaction on the Web 1. DNS Lookup DNS Server URL 2. TCP connection 3. HTTP request 4. HTTP response Web Server Web Client

360 Web servers communicate with browsers or other clients using the
Hypertext Transfer Protocol (HTTP), which is a simple protocol that standardizes the way requests are sent and processed. This allows a variety of clients to communicate with any vendor's server without compatibility problems. Most of the documents requested are formatted using Hypertext Markup Language (HTML). HTML is a small subset of another markup language called Standard General Markup Language (SGML), which is in wide use by many organizations and the U.S. Government.

361 The protocol, designed by Tim Berners-Lee as early as 1989
Application-level protocol client (browser) makes request - server responds support for: use of URL’s Internet media types (MIME types: RFC2045-RFC2049) allows access to different data formats standards: HTTP 1.0 (RFC 1945), HTTP 1.1 (RFC 2616, a formal on 07.99) protocol server name port directory/file name on the server

362 Simple client request Server reply GET /index.html HTTP/1.1
Host: HTTP/ OK Date: Tue, 09 Jan :49:14 GMT Server: Apache/ (Unix) Last-Modified: Tue, 09 Jan :11:02 GMT ETag: "131e-a074-3a5a6526" Accept-Ranges: bytes Content-Length: 41076 Content-Type: text/html <!--Copyright (c) by Kwan-jin,Jung --> <!--All Rights Reserved --> <html> Simple client request Server reply

363 Status codes are three digit numbers grouped as follows:
1xx - informational 2xx - client request successful 200 - OK 3xx - request redirected 4xx - client errors (request incomplete) 403 - Forbidden 404 - Not found 5xx - server errors

364 A common Goal To provide an open-source, secure, efficient and extensible server that provides HTTP services in sync with non-proprietary World Wide Web standards Apache Group Non-Profit Organization Develop bug fixes and software additions Approve and implement any bug fixes and software additions submitted by non-core developers Test new releases Document new features

365 Freely Available : source code binaries for many platforms (version 1.3.x includes also the Windows NT) Web server orginally based on NCSA server(in 1995) Over 60% of Internet Web servers run Apache or an Apache derivative(In the December 2000 survey) very configurable, lots of directives... optional modules provide extra functionality Powerful performance and Continually upgrade

366 'modular' architecture makes is possible for anyone to add new functions to the server
There are a large number of modules now written for Apache A way to extend the Web server’s request processing It is easy to add a module to Apache Can be statically or dynamically loaded

367 Support for Windows NT systems (Available on Windows 95/98/2000)
Better configuration and building process Support for dynamic modules Better performance Better security Enhanced virtual host configurations

368 If you have a pre-built package Otherwise,
Install it and runs Otherwise, download and unpack in suitable directory (ftp, uncompress, gunzip, tar...) initial configuration(Choose your modules) Compile the server install executable in system further configuration files to reflect your environment Run httpd

369 bin cgi-bin conf www libexec logs some important directories:
cgi-bin/ - CGI scripts directory conf/ - configuration files for httpd server htdocs/ - main directory for documents logs/ directory with log files other stuff (bin/, icons/, include/,proxy/, man/…) bin cgi-bin conf www libexec logs default location is ‘/usr/local/apache’ ab httpd htpasswd

370 How ? (It’s basic configuration)
ServerType standalone Port 80 User apache Group apache ServerAdmin your_ _address ServerRoot "/etc/httpd" ErrorLog /var/log/httpd/logs/error_log TransferLog /var/log/httpd/access_log DocumentRoot /var/www/html DirectoryIndex index.html ScriptAlias /cgi-bin/ /var/www/cgi-bin/ More Directives : StartServers, Min/MaxSpareServers, MaxClients, …

371 Alias /home /var/www/html/mail/
</Directory “/home/mail”> Opetions Indexes Multiviews AllowOverride None Order allow,deny Allow from all </Directory> CGI, PHP Scripts ScriptAlias /passwd "/home/httpd/cgi-bin/chpasswd.cgi" <Directory "/home/httpd/cgi-bin/chpasswd.cgi"> AllowOverride AuthConfig Options ExecCGI

372 The term Virtual Host refers to the practice of maintaining more than one server on one machine, as differentiated by their apparent hostname. ISPs do this a lot Allows additional Web presence without accompanying hardware or software investment required each of the virtual server may have totally different content, configuration, separate log and error files, … alternative is to run another server on a different port part of basic server configuration (httpd.conf)

373 <VirtualHost>
ServerAdmin DocumentRoot /home/httpd/cgi-bin/nwebmail ServerName ServerAlias </VirtualHost>

Download ppt "Introduction to Linux (Unix)."

Similar presentations

Ads by Google