Linux1 100

5C7l0N 0N
8A5lC AMlNl57RA7l0N
This page intentionally left blank
3
wbere to 5tart
We set out to wiite a book that could be a system administiatoi's tiusty companion,
affoiding the piactical advice and basic system administiation theoiy that you can't
get fiom ieading manual pages. As a iesult, this book is designed to complement-
not ieplace-the existing body of Iinux documentation.
This book helps you in five ways:
It ieviews the majoi administiative systems, identifying the diffeient

pieces of each and explaining how they woik togethei.
It intioduces geneial administiative techniques that we have found,

thiough expeiience, to be efficient and beneficial.
It helps you choose solutions that continue to woik well as youi site giows
in size and complexity.
It helps you soit good ideas fiom bad and educates you about assoited
atiocities of taste committed by distiibutois.
It summaiizes common pioceduies so that you don't have to dig thiough

the excessive detail of the manuals to accomplish simple tasks.
It's impossible to peifoim these functions with peifect objectivity, but we think we've
made oui biases faiily cleai thioughout the text. One of the inteiesting things about
system administiation is that ieasonable people can have diamatically diffeient no-
tions of what constitute the most appiopiiate policies and pioceduies. We offei oui
subjective opinions to you as iaw data. You'll have to decide foi youiself how much
to accept and to what extent oui comments apply to youi enviionment.
Wheie to Stait
4 Chater 1 - where to Start
1.1 Su66S10 8ACk6kUuN0
We assume in this book that you have a ceitain amount of Iinux oi UNIX expeii-
ence. In paiticulai, you should have a geneial concept of how Iinux looks and feels
fiom the usei's peispective befoie jumping into administiation. Seveial good books
can get you up to speed; see the ieading list on page 19.
You peifoim most administiative tasks by editing configuiation files and wiiting
sciipts, so you must be familiai with a text editoi. To the dismay of many, using
Miciosoft Woid as one's only text editoi is a significant impediment to effective sys-
tem administiation.
We stiongly iecommend that you leain vi (which is seen most commonly on Iinux
systems in its iewiitten foim, vim). It is standaid on all UNIX and Iinux systems,
and though it may appeai a bit pallid when compaied with glitziei offeiings such as
emacs, it is poweiful and complete. We also like pico, which is a simple and low-
impact "staitei editoi" that's good foi new sysadmins. It's included in many distii-
butions. Be waiy of nonstandaid editois; if you become addicted to one, you may
soon tiie of diagging it along with you to install on eveiy new system.
Une of the mainstays of administiation (and a theme that iuns thioughout this book)
is the use of sciipts to automate administiative tasks. To be an effective administia-
toi, you must be able to iead and modify Peil and sh sciipts (which in the Iinux
woild aie ieally bash sciipts). Sciipts that you wiite fiom sciatch can be wiitten in
the shell oi sciipting language of youi choice.
See cpan.crg fcr a ccm-
plete selecticn cf useful
Ierl scftware.
Foi new sciipting piojects, we iecommend Peil oi Python. As a piogiamming lan-
guage, Peil is a little stiange (UK, moie than a little). Howevei, it does include many
featuies that aie indispensable for administrators. The U'Reilly book Ircgramming
Ierl by Iarry Wall et al. is the standaid text; it's also a model of good technical wiit-
ing. A full citation is given on page 20.
Many administiatois piefei Python to Peil, and we know of sites that aie making a
conceited effoit to conveit fiom Peil to Python. Python is a moie elegant language
than Peil, and Python sciipts aie geneially moie ieadable and easiei to maintain. A
useful set of links that compaie Python to othei sciipting languages (including Peil)
can be found at
www.python.oig/doc/Compaiisons.html
We also iecommend that you leain expect, which is not a piogiamming language
so much as a fiont end foi diiving inteiactive piogiams. You will most likely pick
up expect quite iapidly.
1.2 LINuX'S kLA1IUNShIP 1U uNIX
Using the names Iinux and UNIX togethei in one sentence is like stepping into a
political minefield, oi peihaps like blundeiing into a laige patch of quicksand. Heie
is our short version of the facts, stated as clearly and objectively as we can make them.
1.3 linux in historical context 5
Iinux is a ieimplementation and elaboiation of UNIX. It confoims to the POSIX
standaid, iuns on seveial haidwaie platfoims, and is compatible with most existing
UNIX softwaie. It diffeis fiom most othei vaiiants of UNIX in that it is fiee, open
souice, and coopeiatively developed, with contiibutions having come fiom thou-
sands of diffeient individuals and oiganizations. Iinux incoipoiates technical ie-
finements that did not exist in the oiiginal veisions of UNIX, so it is moie than just a
UNIX clone. It is also a legally distinct entity and cannot be piopeily be iefeiied to
as "UNIX."
It's woith noting that Iinux is not the only fiee UNIX-like opeiating system in the
woild. FieeBSI, NetBSI, and OpenBSI, all offshoots of the Beikeley Softwaie Iis-
tiibution fiom UC Beikeley, have aident followeis of theii own. These OSes aie gen-
eially compaiable to Iinux in theii featuies and ieliability, although they enjoy
somewhat less suppoit fiom thiid-paity softwaie vendois.
Iinux softwaie is UNIX softwaie. Thanks laigely to the CNU Pioject, most of the
impoitant softwaie that gives UNIX systems theii value has been developed undei
some foim of open souice model. The same code iuns on Iinux and non-Iinux sys-
tems. The Apache web seivei, foi example, doesn't ieally caie whethei it's iunning
on Iinux oi HP-UX. Fiom the standpoint of applications, Iinux is simply one of the
best-suppoited vaiieties of UNIX.
UNIX and Iinux systems have been used in pioduction enviionments foi many
yeais. This book, unlike most otheis on Iinux administiation, focuses on the effec-
tive use of Iinux in a pioduction enviionment-not just as a single-usei desktop.
1
1.3 LINuX IN hIS1UkICAL CUN1X1
Iinux oiiginated in 1991 as a peisonal pioject of Iinus Toivalds, a Finnish giaduate
student. He oiiginally conceived the pioject as a modest offshoot of Minix, a model
opeiating system wiitten by Andiew S. Tanenbaum. Howevei, Iinux geneiated sub-
stantial inteiest in the woild at laige, and the keinel soon took on a life of its own. By
exploiting the powei of coopeiative development, Iinus was able to tackle a much
moie ambitious agenda. Keinel veision 1.0 was ieleased in 1994; as of this wiiting
(Septembei 2006), the most iecent stable veision of the Iinux keinel is 2.6.17.
Because Iinux owes much to its UNIX ancestois, it's not quite faii to locate the dawn
of the Linux eia in 1991. The histoiy of UNIX goes back seveial decades to 1969,
when UNIX oiiginated as a ieseaich pioject at AT&T Bell Iabs. In 1976, UNIX was
made available at no chaige to univeisities and thus became the basis of many opei-
ating systems classes and academic ieseaich piojects.
Beikeley UNIX began in 1977 when the Computei Systems Reseaich Cioup (CSRC)
at the Iniveisity of Califoinia, Beikeley, licensed code fiom AT&T. Beikeley's ieleases
1. A "pioduciion" enviionmeni is one ihai an oiganizaiion ielies on io accomplish ieal woik (as opposed
io iesiing, ieseaich, oi developmeni).
(called BSD, foi Beikeley Softwaie Distiibution) staited with 1BSD foi the PIP-11
and culminated in 199? with 4.4BSI.
As UNIX gained commeicial acceptance, the piice of souice licenses iose iapidly.
Eventually, Beikeley set the long-teim goal of iemoving AT&T's code fiom BSD, a
tedious and time-consuming piocess. Befoie the woik could be completed, Beike-
ley lost funding foi opeiating systems ieseaich and the CSRC was disbanded.
Befoie disbanding, the CSRC ieleased its final collection of AT&T-fiee code, known
as 4.4BSD-Lite. Most cuiient veisions of BSD UNIX (including FieeBSD, NetBSD,
Mac OS X,
2
and OpenBSI) claim the 4.4BSI-Iite package as theii giandpaient.
Most othei majoi veisions of UNIX (including HP-UX and Solaiis) aie descendants
of the oiiginal AT&T lineage. Iinux doesn't shaie code with the AT&T oi BSI flavois
of UNIX, but fiom a functional peispective it falls somewheie between the two.
1.4 LINuX 0IS1kI8u1IUNS
See the secticn starting
cn page 92 fcr addi-
ticnal ccmments cn
distributicns.
Iinux diffeis fiom othei vaiiants of UNIX in that the coie keinel pioject defines only
an OS keinel. The keinel must be packaged togethei with commands, daemons, and
othei softwaie to foim a usable and complete opeiating system-in Iinux teims, a
"distiibution." All Iinux distiibutions shaie the same keinel lineage, but the ancil-
laiy mateiials that go along with that keinel can vaiy quite a bit among distiibutions.
Those "ancillaiy mateiials" consist of a vast collection of softwaie developed ovei
the last ?0 yeais by thousands of individuals. It has been aigued, with some justifica-
tion, that the act of iefeiiing to the completed opeiating system simply as "Iinux"
fails to acknowledge the contiibutions of those developeis and the histoiical context
in which they woiked. Unfoitunately, the most commonly suggested alteinative,
"CNU/Iinux," has its own political baggage and has been officially endoised only by
the Iebian distiibution. The Wikipedia entiy foi "CNU/Iinux naming contioveisy"
outlines the aiguments on both sides.
Iistiibutions vaiy in theii focus, suppoit, and populaiity. Table 1.1 lists the most
populai geneial-puipose distiibutions. Iistiibutions aie listed in alphabetic oidei,
not in oidei of piefeience oi populaiity.
Vany smallei distiibutions aie not listed in Table 1.1, and many unlisted special-pui-
pose distiibutions aie taigeted at gioups with specialized needs (such as embedded
system developeis).
One useful distiibution not found in Table 1.1 is Knoppix (www.knoppix.com), a
veision of Iinux that lives on a bootable CI-ROM. Its piimaiy value lies in its utility
as a iecoveiy CI foi a Iinux system iendeied unbootable by a secuiity compiomise
oi technical pioblem. The bootable CI concept has pioved so populai that most
majoi distiibutions aie moving in that diiection. Now that Ubuntu can boot fiom
2. Siiicily speaking, ihe Mac OS X keinel is a vaiiani of Mach, a hybiid sysiem ihai includes boih BSI
seciions and paiis ihai aie iaihei non-UNIX in flavoi.
1.4 linux distributions 7
the distiibution CI, Knoppix is becoming less impoitant. An updated list of boota-
ble Iinux distiibutions can be found at www.fiozentech.com/content/livecd.php.
Red Hat has been a dominant foice in the Iinux woild foi most of the last decade,
and its distiibutions aie piedominant in Noith Ameiica. In 200?, the oiiginal Red
Hat Iinux distiibution was split into a pioduction-centeied line called Red Hat En-
teipiise Iinux (which we sometimes iefei to as RHEI in this book) and a commu-
nity-based development pioject called Fedoia. The split was motivated by a vaiiety
of technical, economic, logistic, and legal ieasons, but so fai the distiibutions have
iemained similai. RHEI offeis gieat suppoit and stability but is effectively impossi-
ble to use without paying licensing fees to Red Hat.
The CentOS Pioject (www.centos.oig) collects souice code that Red Hat is obliged to
ielease undei vaiious licensing agieements (most notably, the CNU public license)
and assembles it into a complete distiibution that is eeiily similai to Red Hat Entei-
piise Iinux, but fiee of chaige. The distiibution lacks Red Hat's bianding and a few
piopiietaiy tools, but is in othei iespects equivalent. CentOS aspiies to full binaiy
and bug-foi-bug compatibility with RHEI.
CentOS is an excellent choice foi sites that want to deploy a pioduction-oiiented
distiibution without paying tithes to Red Hat. A hybiid appioach is also feasible:
fiont-line seiveis can iun Red Hat Enteipiise Iinux and avail themselves of Red
Hat's excellent suppoit, while desktops iun CentOS. This aiiangement coveis the
impoitant bases in teims of iisk and suppoit while also minimizing cost and admin-
istiative complexity.
SUSE, now pait of Novell, has iecently taken the path of Red Hat and foiked into two
ielated distiibutions: one (openSUSE) that contains only fiee softwaie; and anothei
(SISI Iinux Inteipiise) that costs money, includes a foimal suppoit path, and offeis
a few extia tiinkets. In the past theie seemed to be an effoit to hide the existence of
1ab|e 1.1 Most ou|ar genera|-urose L|nux d|str|but|ons
0|str|but|on web s|te Comments
Cent0S www.centos.org lree analog of Red nat lnterrise linux
0ebian www.debian.org A oular noncommercial distribution
ledora fedora.redhat.com 0e-cororatized Red nat linux
Centoo www.gentoo.org Source-code based distribution
Vandriva
a
www.mandriva.com 0ne of the most user-friendly distros
oenSuSl www.oensuse.org lree analog of SuSl linux lnterrise
Red nat lnterrise www.redhat.com Suer-cororatized Red nat linux
Slackware www.slackware.com Stable, basic, bare-bones distribution
SuSl linux lnterrise www.novell.com/linux Strong in luroe, multilingual
Jurbolinux www.turbolinux.com Strong in Asia, multilingual
ubuntu www.ubuntu.com Cleaned-u version of 0ebian
a. lormerly Vandrakelinux
the fiee veision of SUSE, but Novell has been moie up fiont about this edition than
SUSE's pievious owneis. Now, you can go iight to www.opensuse.oig foi the latest
infoimation. Nothing in this book is specific to one SUSE distiibution oi the othei,
so we simply iefei to them collectively as "SUSE."
The Iebian and Ubuntu distiibutions maintain an ideological commitment to com-
munity development and open access, so theie's nevei any question about which
paits of the distiibution aie fiee oi iedistiibutable. Iebian suivives on the zeal and
goodwill of the CNU community, while Ubuntu cuiiently enjoys philanthiopic
funding fiom South Afiican entiepieneui Maik Shuttlewoith. Ubuntu will even
send you fiee CIs in the mail, no postage iequiied.
So what's the best d|str|but|on!
A quick seaich on the net will ieveal that this is one of the most fiequently asked-
and least fiequently answeied-Iinux questions. The iight answei foi you depends
on how you intend to use the system, the vaiieties of UNIX that you'ie familiai with,
youi political sympathies, and youi suppoit needs.
Most Iinux distiibutions can do eveiything you might evei want to do with a Iinux
system. Some of them may iequiie the installation of additional softwaie to be fully
functional, and some may facilitate ceitain tasks; howevei, the diffeiences among
them aie not cosmically significant. In fact, it is something of a mysteiy why theie
aie so many diffeient distiibutions, each claiming "easy installation" and "a massive
softwaie libiaiy" as its distinguishing featuie. It's haid to avoid the conclusion that
people just like to make new Iinux distiibutions.
On the othei hand, since oui focus in this book is the management of laige-scale
Iinux installations, we'ie paitial to distiibutions such as Red Hat Enteipiise Iinux
that take into account the management of netwoiks of machines. Some distiibutions
aie designed with pioduction enviionments in mind, and otheis aie not. The extia
ciumbs of assistance that the pioduction-oiiented systems toss out can make a sig-
nificant diffeience in ease of administiation.
When you adopt a distiibution, you aie making an investment in a paiticulai ven-
doi's way of doing things. Instead of looking only at the featuies of the installed soft-
waie, it's wise to considei how youi oiganization and that vendoi aie going to woik
with each othei in the yeais to come. Some impoitant questions to ask aie:
Is this distiibution going to be aiound in five yeais?
Is this distiibution going to stay on top of the latest secuiity patches?
Is this distiibution going to ielease updated softwaie piomptly?
If I have pioblems, will the vendoi talk to me?

Viewed in this light, some of the moie inteiesting, offbeat little distiibutions don't
sound quite so appealing. On the othei hand, the most viable distiibutions aie not
necessaiily the most coipoiate. Foi example, we expect Iebian (UK, UK, Iebian
CNI/Iinux!) to iemain viable foi quite a while despite the fact that Iebian is not a
company, doesn't sell anything, and offeis no foimal, on-demand suppoit.
1.5 Notation and tyograhical conventions 9
A compiehensive list of distiibutions, including many non-English distiibutions,
can be found at www.linux.oig/dist, lwn.net/Iistiibutions, oi distiowatch.com.
In this book, we use five populai distiibutions as oui examples: Red Hat Inteipiise
Iinux 4.3 IS, Fedora Core 3, SISI Iinux Interprise 10.2, Ibuntu 6.06 ("Iapper
Irake"), and the current (as of September 2006) testing release of Iebian CXI/Iinux
3.2 ("Itch"). These systems represent a cross-section of the enteipiise Linux maiket
and account collectively foi a majoiity of the installations in use at laige sites today.
0|str|but|on-sec|f|c adm|n|strat|on too|s
Many distiibutions include visually oiiented tools (such as the Red Hat Netwoik
Administiation Tool oi SUSE's YaST2) that help you configuie oi administei se-
lected aspects of the system. These tools can be veiy useful, especially foi novice
administiatois, but they do tend to obscuie the details of what's actually going on
when you make changes. In this book, we covei the undeilying mechanisms that the
visual tools iefei to iathei than the tools themselves, foi seveial ieasons.
Foi one, the visual tools tend to be piopiietaiy, oi at least distiibution-specific-
they intioduce vaiiation into piocesses that may actually be quite consistent among
distiibutions at a lowei level. Second, we believe that it's impoitant foi administia-
tois to have an accuiate undeistanding of how theii systems woik. When the system
bieaks, the visual tools aie usually not helpful in tiacking down and fixing pioblems.
Finally, manual configuiation is often just plain bettei: it's fastei, moie flexible, moie
ieliable, and easiei to sciipt.
1.5 NU1A1IUN AN0 1PU6kAPhICAL CUNvN1IUNS
In this book, filenames, commands, and liteial aiguments to commands aie shown
in boldface. Placeholdeis (e.g., command aiguments that should not be taken litei-
ally) aie in italics. Foi example, in the command
cp jic uirccory
you'ie supposed to ieplace file and directcry with the names of an actual file and an
actual diiectoiy.
Exceipts fiom configuiation files and teiminal sessions aie shown in a fixed-width
font.
?
Sometimes, we annotate inteiactive sessions with italic text. Foi example:
$ grep Bob /pub/phoneIst / oor u ors rorc = /
Bob Krovles SSS-2834
Bob Snil SSS-23ll
Outside of these specific cases, we have tiied to keep special fonts and foimatting
conventions to a minimum as long as we could do so without compiomising intelli-
gibility. For example, we often talk about entities such as the Iinux group named dae-
mon and the piintei anchoi-lw with no special foimatting at all.
3. Aciually, ii's noi ieally a fixed-widih foni, bui ii looks like one. We liked ii beiiei ihan ihe ieal fixed-
widih fonis ihai we iiied. Thai's why ihe columns in some examples may noi all line up peifecily.
In geneial, we use the same conventions as the manual pages foi indicating the syn-
tax of commands:
Anything between squaie biackets ("[" and "]") is optional.
Anything followed by an ellipsis (".") can be iepeated.
Cuily biaces ("{" and "") mean that you should select one of the items
sepaiated by veitical bais ("|").
Foi example, the specification
bork [ -x | on| off | jicrumc .
would match any of the following commands:
bork on /etc/passwd
bork -x off /etc/passwd /etc/termcap
bork off /usr/Ib/tmac
We use shell-style globbing chaiacteis foi pattein matching:
A stai (') matches zeio oi moie chaiacteis.
A question maik (?) matches one chaiactei.
A tilde oi "twiddle" (-) means the home diiectoiy of the cuiient usei.
-user means the home diiectoiy of user.

Foi example, we might iefei to the Iebian staitup sciipt diiectoiies /etc/rc0.d,
/etc/rc1.d, and so on with the shoithand pattein /etc/rc*.d.
Text within quotation maiks often has a piecise technical meaning. In these cases, we
ignoie the noimal iules of English and put punctuation outside the quotation maiks
so that theie can be no confusion about what's included and what's not.
System-sec|f|c |nformat|on
Infoimation in this book geneially applies to all of oui example distiibutions unless
a specific attiibution is given. Ietails paiticulai to one distiibution aie maiked with
the vendoi's logo:
Red Hat
-
Enteipiise Iinux
-
4.? ES
Fedoia' Coie 5
SUSE
-
Iinux Enteipiise 10.2
Ubuntu
-
6.06 "Iappei Iiake"
Iebian
-
CNI/Iinux ?.2 "Etch" (testing ielease of 9/06)
These logos aie used with the kind peimission of theii iespective owneis. Howevei,
the distiibutois have neithei ieviewed noi endoised the contents of this book.
1.6 where to go for information 11
1.6 whk 1U 6U IUk INIUkMA1IUN
Linux documentation is spiead ovei a numbei of souices, some of which you will
find installed on youi system and some of which live out on the net. The biggies aie
Manual pages (man pages), iead with the man command
Texinfo documents, iead with the info command
HOWTOs, shoit notes on vaiious subjects (www.tdlp.oig)
Cuides, longei tieatises on vaiious subjects (www.tdlp.oig)
Iistiibution-specific documentation
Web pages associated with specific softwaie piojects

The man pages and Texinfo documents constitute the tiaditional "on-line" docu-
mentation (though, of couise, all the documentation is on-line in some foim oi an-
othei). These docs aie typically installed with the system; piogiam-specific man
pages usually come along foi the iide whenevei you install a new package.
Man pages aie concise desciiptions of individual commands, diiveis, file foimats,
oi libiaiy ioutines. They do not addiess moie geneial topics such as "How do I in-
stall a new device?" oi "Why is my system so slow?" Foi those questions, consult the
HOWTOs.
Texinfo documents weie invented long ago by the CNU folks in ieaction to the fact
that the nroff command to foimat man pages was piopiietaiy to AT&T. These days
we have CNU's own groff to do this job foi us, and the nroff issue is no longei
impoitant. Infoitunately, many CNI packages peisist in documenting themselves
with Texinfo files iathei than man pages. In addition to defining an unnecessaiy sec-
ond standaid foi documentation, Texinfo pioves to be a iathei labyiinthine little hy-
peitext system in its own iight.
To escape fiom Texinfo hell, pipe info's output thiough the less command to evade
info's built-in navigation system. As a side effect, this pioceduie also lets you take
advantage of the seaiching featuies built into less.
Foitunately, packages that aie documented with Texinfo usually install man page
stubs that tell you to use the info command to iead about those paiticulai packages.
You can safely stick to the man command foi doing manual seaiches and delve into
info land only when instiucted to do so. info info initiates you into the daik mystei-
ies of Texinfo.
HOWTOs and guides aie maintained by The Iinux Iocumentation Pioject, ieach-
able on-line at www.tldp.oig. The IIP is a cential iepositoiy foi all soits of useful
Iinux infoimation. It also centializes effoits to tianslate Iinux-ielated documents
into additional languages.
Some fiee, on-line IIP guides of paiticulai ielevance to system administiatois aie
1he Iinux System Administratcrs' Cuide by Iais Wiizenius, Joanna Oja, Stephen
Staffoid, and Alex Weeks; the Advanced Bash-Scripting Cuide by Mendel Coopei;
1he Iinux Netwcrk Administratcr's Cuide, Seccnd Lditicn, by Olaf Kiich and Teiiy
Iawson; and Iinux System Administraticn Made Lasy by Steve Fiampton.
Unfoitunately, many of the IIP documents aie not assiduously maintained. Since
Iinux-yeais aie a lot like dog-yeais in theii ielation to ieal time, untended docu-
ments aie apt to quickly go out of date. Always check the time stamp on a HOWTO
oi guide and weigh its ciedibility accoidingly.
Many of the most impoitant paits of the Iinux softwaie base aie maintained by neu-
tial thiid paities such as the Inteinet Systems Consoitium and the Apache Softwaie
Foundation. These gioups typically geneiate adequate documentation foi the pack-
ages they distribute. Iistributions sometimes package up the software but skimp on
the documentation, so it's often useful to check back with the oiiginal souice to see
if additional mateiials aie available.
Anothei useful souice of infoimation about the design of many Iinux softwaie pack-
ages is the "Request foi Comments" document seiies, which desciibes the piotocols
and pioceduies used on the Inteinet. See page 274 foi moie infoimation.
Urgan|zat|on of the man ages
The Iinux man pages aie typically divided into nine sections as shown in Table 1.2.
Some sections aie fuithei subdivided. Foi example, section ?M contains man pages
foi the system's math libiaiy. Sections 6 and 9 aie typically empty. Many systems
have a section of the manuals called "l" foi local man pages. Anothei common con-
vention is section "n" foi softwaie-specific subcommands (such as bash built-ins).
nroff input foi man pages is usually kept in the diiectoiies /usr/share/man/manX,
wheie X is a digit 1 thiough 9, oi l oi n. The pages aie noimally compiessed with
gzip to save space. (The man command knows how to uncompiess them on the fly.)
Foimatted veisions of the manuals aie kept in /var/cache/man/catX. The man com-
mand foimats man pages as they aie needed; if the cat diiectoiies aie wiitable,
1ab|e 1.2 Sect|ons of the L|nux man ages
Sect|on Contents
1 user-level commands and alications
2 System calls and kernel error codes
3 library calls
4 0evice drivers and network rotocols
5 Standard file formats
6 Cames and demonstrations
1 Viscellaneous files and documents
8 System administration commands
9 0bscure kernel secs and interfaces
1.6 where to go for information 13
man also deposits the foimatted pages as they aie cieated, geneiating a cache of
commonly iead man pages.
The man command actually seaiches a numbei of diffeient diiectoiies to find the
manual pages you iequest. You can deteimine the seaich path with the manpath
command. This path (fiom Fedoia) is typical:
$ manpath
/usr/lerberos/nar./usr/local/slare/nar./usr/slare/nar/er./usr/slare/nar
If necessaiy, you can set youi MANPATH enviionment vaiiable to oveiiide the de-
fault path. You can also set the system-wide default in /etc/man.config (RHEI and
Fedoia) oi /etc/manpath.config (SUSE, Iebian, and Ubuntu).
man. read manua| ages
man title foimats a specific manual page and sends it to youi teiminal with less (oi
whatevei piogiam is specified in youi PACER enviionment vaiiable). title is usually
a command, device, oi filename. The sections of the manual aie seaiched in ioughly
numeiic oidei, although sections that desciibe commands (sections 1, 8, and 6) aie
usually seaiched fiist.
The foim man secticn title gets you a man page fiom a paiticulai section. Thus, man
tty gets you the man page foi the tty command, and man 4 tty gets you the man
page foi the contiolling teiminal diivei.
man -k keywcrd piints a list of man pages that have keywcrd in theii one-line synop-
ses. Foi example:
$ man -k transIate
ob]coy (l) - coy ard rarslae ob]ec iles
dceex (3) - rarslae nessae
r (l) - rarslae or delee claracers
srnrarslae (l) - rarslae SNMF OlD values iro nore useul irornaior
r (l) - rarslae claracers
eex (l) - rarslae nessae
reex (l) - rarslae nessae ard cloose lural orn
...
Uther sources of L|nux |nformat|on
Theie's a gieat big Iinux-lovin' woild out theie. We couldn't possibly mention eveiy
useful collection of Iinux infoimation, oi even just the majoi ones, but a few signif-
icant souices of infoimation aie shown in Table 1.? on the next page.
Ion't be shy about accessing geneial UNIX iesouices, eithei-most infoimation is
diiectly applicable to Iinux. A wealth of infoimation about system administiation is
available on the net, in many foims. Foi example, you can type sysadmin questions
into any of the populai seaich engines, such as Coogle, Yahoo!, oi Ask. A list of othei
"staitei" iesouices can be found in Chaptei ?0, Management, Iclicy, and Iclitics.
Many sites catei diiectly to the needs of system administiatois. Heie aie a few that
we especially like:
www.ugu.com - the UNIX Cuiu Univeise; lots of stuff foi sysadmins
www.stokely.com - a good collection of links to sysadmin iesouices
www.tucows.com - Windows and Mac softwaie, filteied foi quality
slashdot.oig - "the place" foi geek news
www.cpan.oig - a cential souice foi Peil sciipts and libiaiies
secuiityfocus.com - secuiity info; huge, seaichable vulneiability database

Anothei fun and useful iesouice is Biuce Hamilton's "Rosetta Stone" page at
bhami.com/iosetta.html
It contains pointeis to the commands and tools used foi vaiious system administia-
tion tasks on many diffeient opeiating systems.
1.7 hUw 1U IIN0 AN0 INS1ALL SUI1wAk
Iinux distiibutions divide theii softwaie into packages that can be installed inde-
pendently of one anothei. When you install Iinux on a new computei, you typically
select a iange of "staitei" packages to be copied onto the new system.
This aichitectuie simplifies many aspects of system configuiation and is one of
Iinux's key advantages ovei tiaditional veisions of UNIX. Unfoitunately, this design
also complicates the task of wiiting about these distiibutions because it's nevei ie-
ally cleai which packages aie "pait of " a given distiibution. Is a package "included"
if it's on the installation CIs but isn't pait of the default installation? Only if it's on
eveiy computei iunning that distiibution? If it's on the "bonus" CIs that come only
with the supeisize veision of the distiibution?
In this book, we geneially desciibe the default installation of each of oui example
distiibutions. When we say that a paiticulai package isn't included in the default
installation, it doesn't necessaiily mean that the package won't be on ycur system oi
1ab|e 1.3 L|nux resources on the web
web s|te 0escr|t|on
linux.slashdot.org linux-secific arm of tech news giant Slashdot
lwn.net linux and oen source news aggregator
www.freshmeat.net large index of linux and uNlX software
www.kernel.org 0fficial linux kernel site
www.linux.com linux information clearing house (unofficial)
www.linux.org Another linux information clearing house (unofficial)
www.linuxhq.com Comilation of kernel-related info and atches
www.linuxworld.com 0n-line magazine from the Comuterworld folks
www.tld.org Jhe linux 0ocumentation Project
www.tucows.com Vultilatform software archive with linux content
1.1 now to find and install software 15
that it isn't suppoited by youi distiibution. Heie's how to find out if you've got it, and
if not, how to get it.
Fiist, use the shell's which command to find out if a ielevant command is alieady in
youi seaich path. Foi example, the following command ieveals that the CNU C com-
pilei has alieady been installed on this machine in /usr/bin:
$ whch gcc
/usr/bir/cc
If which can't find the command you'ie looking foi, tiy whereis; it seaiches a
bioadei iange of system diiectoiies and is independent of youi shell's seaich path. Be
awaie also that some systems' which command does not show you files that you do
not have peimission to execute. Foi example:
$ whch pppd
/usr/bir/vlicl. ro id ir (/bir./usr/bir./sbir./usr/sbir)
$ wheres pppd
id. /usr/sbir/id
$ Is -I /usr/sbn/pppd
-rvx------ l roo roo l2424 Au 3 2000 /usr/sbir/id
Anothei alteinative is the inciedibly useful locate command, which consults a pie-
compiled index of the filesystem to locate filenames that match a paiticulai pattein.
It is not specific to commands oi packages but can find any type of file. Foi example,
if you weien't suie wheie to find the signal.h include file (which is the authoiitative
souice foi Iinux signal definitions), you could tiy
$ Iocate sgnaI.h
/usr/irclude/asn/siral.l
/usr/irclude/lirux/siral.l
/usr/irclude/siral.l
/usr/irclude/sys/siral.l
locate's database is usually iegeneiated eveiy night by the updatedb command,
which iuns out of cron. Theiefoie, the iesults of a locate don't always ieflect iecent
changes to the filesystem.
If you know the name of a package you'ie looking foi, you can also use youi system's
packaging utilities to check diiectly foi the package's piesence. Foi example, on a
Red Hat, Fedoia, oi SUSE system, the following command checks foi the piesence of
the Python sciipting language:
$ rpm -q python
ylor-l.S.2-2
See Chaptei 11, Scftware and Ccnfiguraticn Management, foi moie infoimation
about oui example distiibutions' packaging commands.
If the package you'ie inteiested in doesn't seem to be installed, the fiist place to look
foi it is youi distiibution's automatic package management system. Eveiy distiibu-
tion suppoits some foim of Inteinet-based system foi updating old packages and
finding new ones. The most common systems aie yum and APT, both of which aie
desciibed in the section High-level package management systems, which staits on
page 2?7.
Foi example, on a Iebian system, which uses APT, the following command could be
used to obtain and install the most iecent veision of Python:
= apt-get nstaII python
Most Iinux softwaie is developed by independent gioups that ielease the softwaie in
the foim of souice code. Iinux distiibutois then pick up the souice code, compile it
appiopiiately foi the conventions in use on theii paiticulai system, and package the
iesulting binaiies. It's usually easiei to install a distiibution-specific binaiy package
than to fetch and compile the oiiginal souice code. Howevei, distiibutois aie some-
times a ielease oi two behind the cuiient veision.
The fact that two distiibutions use the same packaging system doesn't necessaiily
mean that packages foi the two systems aie inteichangeable. Red Hat and SUSE both
use RPV, foi example, but theii filesystem layouts aie somewhat diffeient. It's always
best to use packages designed foi youi paiticulai distiibution if they aie available.
If all else fails, tiy looking foi the package at a download site such as fieshmeat.net
oi doing a Coogle seaich on the name of the package.
1.8 SSN1IAL 1ASkS UI 1h SS1M A0MINIS1kA1Uk
The sections below biiefly summaiize some tasks that system administiatois aie
typically expected to peifoim. These duties need not necessaiily be peifoimed by
one peison, and at many sites the woik is distiibuted among seveial people. How-
evei, at least one peison must undeistand all the choies and make suie that some-
one is doing them.
Add|ng, remov|ng, and manag|ng user accounts
See Chapter fcr mcre
infcrmaticn abcut
adding new users.
The system administiatoi adds accounts foi new useis and iemoves the accounts of
useis that aie no longei active. The piocess of adding and iemoving useis can be
automated, but ceitain administiative decisions (wheie to put the usei's home di-
iectoiy, on which machines to cieate the account, etc.) must still be made befoie a
new usei can be added.
When a usei should no longei have access to the system, the usei's account must be
disabled. All the files owned by the account should be backed up to tape and dis-
posed of so that the system does not accumulate unwanted baggage ovei time.
Add|ng and remov|ng hardware
See Chapters 7, 28, and
23 fcr mcre infcrma-
ticn abcut these tcpics.
When new haidwaie is puichased oi when haidwaie is moved fiom one machine to
anothei, the system must be configuied to iecognize and use that haidwaie. Haid-
waie-suppoit choies can iange fiom the simple task of adding a piintei to the moie
complex job of adding a disk aiiay.
1.8 lssential tasks of the system administrator 17
Perform|ng backus
See Chapter 9 fcr mcre
infcrmaticn abcut
backups.
Peifoiming backups is peihaps the most impoitant job of the system administiatoi,
and it is also the job that is most often ignoied oi sloppily done. Backups aie time
consuming and boiing, but they aie absolutely necessaiy. Backups can be automated
and delegated to an undeiling, but it is still the system administiatoi's job to make
suie that backups aie executed coiiectly and on schedule (and that the iesulting me-
dia can actually be used to iestoie files).
Insta|||ng and ugrad|ng software
See Chapter 11 fcr
mcre infcrmaticn
abcut scftware
management.
When new softwaie is acquiied, it must be installed and tested, often undei seveial
opeiating systems and on seveial types of haidwaie. Once the softwaie is woiking
coiiectly, useis must be infoimed of its availability and location. As patches and
secuiity updates aie ieleased, they must be incoipoiated smoothly into the local en-
viionment.
Local softwaie should be installed in a place that makes it easy to diffeientiate local
fiom system softwaie. This oiganization simplifies the task of upgiading the opeiat-
ing system since the local softwaie won't be oveiwiitten by the upgiade pioceduie.
Mon|tor|ng the system
Iaige installations iequiie vigilant supeivision. Iaily activities include making suie
that email and web seivice aie woiking coiiectly, watching log files foi eaily signs of
tiouble, ensuiing that local netwoiks aie all piopeily connected, and keeping an eye
on the availability of system iesouices such as disk space.
1roub|eshoot|ng
Iinux systems and the haidwaie they iun on occasionally bieak down. It is the ad-
ministiatoi's job to play mechanic by diagnosing pioblems and calling in expeits if
needed. Finding the pioblem is often haidei than fixing it.
Ma|nta|n|ng |oca| documentat|on
See page 93u fcr sug-
gesticns regarding
dccumentaticn.
As the system is changed to suit an oiganization's needs, it begins to diffei fiom the
plain-vanilla system desciibed by the documentation. It is the system administia-
toi's duty to document aspects of the system that aie specific to the local enviion-
ment. This choie includes documenting any softwaie that is installed but did not
come with the opeiating system, documenting wheie cables aie iun and how they
aie constiucted, keeping maintenance iecoids foi all haidwaie, iecoiding the status
of backups, and documenting local pioceduies and policies.
v|g||ant|y mon|tor|ng secur|ty
See Chapter 2u fcr
mcre infcrmaticn
abcut security.
The system administiatoi must implement a secuiity policy and peiiodically check
to be suie that the secuiity of the system has not been violated. On low-secuiity
systems, this choie might involve only a few cuisoiy checks foi unauthoiized access.
On a high-secuiity system, it can include an elaboiate netwoik of tiaps and auditing
piogiams.
he||ng users
Although helping useis with theii vaiious pioblems is iaiely included in a system
administiatoi's job desciiption, it claims a significant poition of most administia-
tois' woikdays. System administiatois aie bombaided with pioblems ianging fiom
"My piogiam woiked yesteiday and now it doesn't! What did you change?" to "I
spilled coffee on my keyboaid! Should I poui watei on it to wash it out?"
1.9 SS1M A0MINIS1kA1IUN uN0k 0ukSS
System administiatois weai many hats. In the ieal woild, they aie often people with
othei jobs who have been asked to look aftei a few computeis on the side. If you aie
in this situation, you may want to think a bit about wheie it might eventually lead.
The moie you leain about youi system, the moie the usei community will come to
depend on you. Netwoiks invaiiably giow, and you may be piessuied to spend an
incieasing poition of youi time on administiation. You will soon find that you aie
the only peison in youi oiganization who knows how to peifoim a vaiiety of impoi-
tant tasks.
Once cowoikeis come to think of you as the local system administiatoi, it is difficult
to extiicate youiself fiom this iole. We know seveial people who have changed jobs
to escape it. Since many administiative tasks aie intangible, you may also find that
you'ie expected to be both a full-time administiatoi and a full-time engineei, wiitei,
oi secietaiy.
Some unwilling administiatois tiy to fend off iequests by adopting an oineiy atti-
tude and pioviding pooi seivice. We do not iecommend this appioach; it makes you
look bad and cieates additional pioblems.
Instead, we suggest that you document the time you spend on system administiation.
Youi goal should be to keep the woik at a manageable level and to assemble evidence
that you can use when you ask to be ielieved of administiative duties. In most oiga-
nizations, you will need to lobby the management fiom six months to a yeai to get
youiself ieplaced, so plan ahead.
On the othei hand, you may find that you enjoy system administiation and that you
yeain to be a full-time administiatoi. Youi piospects foi employment aie good.
Unfoitunately, youi political pioblems will piobably intensify. Refei to Chaptei 30,
Management, Iclicy, and Iclitics, foi a pieview of the political aspects of system ad-
ministiation.
System Adm|n|strat|on Persona||ty Syndrome
One unfoitunate but common clinical condition iesulting fiom woiking as a system
administiatoi is System Administiation Peisonality Syndiome. The onset of this con-
dition usually begins eaily in the thiid yeai of a system administiatoi's caieei and the
1.10 Recommended reading 19
syndiome can last well into ietiiement. Chaiacteiistic symptoms include but aie not
limited to
Acute phantom pageiphobia: the distuibing feeling that youi pagei has
gone off (when it ieally hasn't) and that youi peaceful evening with youi
significant othei is about to abiuptly end, iesulting in a 72-houi woik mai-
athon without food
Usei voodoogiaphia: the compulsive cieation of voodoo-doll iepiesenta-

tions of the subset of youi usei population that doesn't seem to undeistand
that theii peisistent lack of planning doesn't constitute an emeigency in
youi woild
Idiopathic anal tapeieadaplexia: the sudden, late-night uige to mount

backup tapes to see if they'ie actually ieadable and labeled coiiectly
Scientifica inapplicia: the stiong desiie to violently shake fellow system

administiatois who seem nevei to have encounteied the scientific method
Many cuiative theiapies can be used to tieat this unfoitunate condition. The most
effective aie a well-developed sense of humoi and the constiuction of a small but
well-endowed office wine cellai. You might also considei the moie meditative ap-
pioach of silently staiing off into space and clicking youi heels togethei whenevei
the woids "Is the seivei down again?" aie spoken in youi vicinity. If all else fails, take
a vacation.
1.10 kCUMMN00 kA0IN6
The best iesouices foi system administiatois in the piinted iealm (aside fiom this
book :-) aie the U'Reilly seiies of books. The seiies began with UNIX in a Nutshell
ovei 20 yeais ago and now includes a sepaiate volume on just about eveiy impoitant
UNIX and Iinux subsystem and command. The seiies also includes books on the
Inteinet, Windows, and othei non-UNIX topics. All the books aie ieasonably
piiced, timely, and focused. Tim O'Reilly has become quite inteiested in the open
souice movement and iuns a confeience, OSCON, on this topic as well as confei-
ences on othei tiendy techie topics. OSCON occuis twice yeaily, once in the United
States and once in Euiope. See www.oieilly.com foi moie infoimation.
Although a vaiiety of intioductoiy Iinux books aie on the maiket, we have not yet
found one that we could iecommend without ieseivation. In geneial, you'ie bettei
off looking foi the INIX "classics." Almost eveiything you iead will apply equally
well to Iinux.
SIEVER, EIIEN, AARON WEBER, ANI STEPHEN FICCINS. Iinux in a Nutshell (5th Ldi-
ticn). Sebastopol, CA: O'Reilly Media, 2006.
IAMB, IINIA, ANI ARNOII ROBBINS. Iearning the vi Lditcr (th Lditicn). Sebastopol,
CA: O'Reilly & Associates, 1998.
POWERS, SHEIIY, JERRY PEEK, TIM O'REIIIY, ANI MIKE IOUKIIES. UNIX Icwer 1ccls
(3rd Lditicn). Sebastopol, CA: O'Reilly Media, 200?.
WAII, IARRY, TOM CHRISTIANSEN, ANI JON ORWANT. Ircgramming Ierl (3rd Ldi-
ticn). Cambiidge, MA: O'Reilly Media, 2000.
CHRISTIANSEN, TOM, ANI NATHAN TORKINCTON. Ierl Ccckbcck (2nd Lditicn). Sebas-
topol, CA: O'Reilly Media, 200?.
CANCARZ, MIKE. Iinux and the Unix Ihilcscphy. Boston: Iigital Piess, 200?.
SAIUS, PETER. 1he Daemcn, the CNU c the Ienguin. Cioklaw. 2006.
This fascinating histoiy of the open souice movement by UNIX's best-known histo-
iian is being seiialized at gioklaw.com undei the Cieative Commons license. It's cui-
iently about 75% complete. The URI foi the book itself is quite long; look foi a cui-
iently link at gioklaw.com oi tiy this compiessed equivalent: tinyuil.com/d6u7j.
1.11 XkCISS
E1.1 What command would you use to iead about the sync system call (nct
the sync command)? How would you iead sync's local man page that was
kept in /usr/local/share/man?
E1.2 Ioes a system-wide config file contiol the behavioi of the man command
at youi site? What lines would you add to this file if you wanted to stoie
local mateiial in /doc/man? What diiectoiy stiuctuie would you have to
use in /doc/man to make it a full citizen of the man page hieiaichy?
E1.3 What aie the main diffeiences between man and info? What aie some
advantages of each?
E1.4 What is the cuiient status of Iinux keinel development? What aie the hot
issues? Who aie some of the key playeis? How is the pioject managed?
E1.5 Reseaich seveial Iinux distiibutions (see page 7 foi a staitei list) and iec-
ommend a distiibution foi each of the following applications. Explain
youi choices.
a) A single usei woiking in a home office
b) A univeisity computei science lab
c) A coipoiate web seivei
E1.6 Suppose you discovei that a ceitain featuie of Apache httpd does not ap-
peai to woik as documented on Fedoia Coie 5.
a) What should you do befoie iepoiting the bug?
b) If you decide that the bug is ieal, whom should you notify and how?
c) What infoimation must be included to make the bug iepoit useful?
21
8oot/oq aod 5butt/oq 0owo

Iinux is a complex opeiating system, and tuining Iinux systems on and off is moie
complicated than just flipping the powei switch. Both opeiations must be peifoimed
coiiectly if the system is to stay healthy.
Although the bootstiapping piocess has always been somewhat mysteiious, it was
simplei in the days when manufactuieis contiolled eveiy aspect of the system's haid-
waie and softwaie. Now that we have Iinux iunning on PC haidwaie, the boot pioce-
duie has to play by PC iules and deal with a laige vaiiety of potential configuiations.
This chaptei appeais eaily in the book, but it iefeis to mateiial that is not discussed
in detail until many hundieds of pages latei. In paiticulai, familiaiity with the mate-
iial in Chaptei 5, 1he Filesystem, Chaptei 28, Drivers and the Kernel, and Chaptei 29,
Daemcns, will piove helpful. If youi system alieady boots without any pioblem, you
may want to skip this chaptei and come back to it latei.
2.1 8UU1S1kAPPIN6
Bootstiapping is the standaid teim foi "staiting up a computei." The opeiating sys-
tem's noimal facilities aie not available duiing the staitup piocess, so the computei
must "pull itself up by its own bootstiaps." Iuiing bootstiapping, the keinel is
loaded into memoiy and begins to execute. A vaiiety of initialization tasks aie pei-
foimed, and the system is then made available to useis.
Boot time is a peiiod of special vulneiability. Eiiois in configuiation files, missing
oi unieliable equipment, and damaged filesystems can all pievent a computei fiom
Booting
22 Chater 2 - booting and Shutting 0own
coming up. Boot configuiation is often one of the fiist tasks an administiatoi must
peifoim on a new system. Unfoitunately, it is also one of the most difficult, and it
iequiies some familiaiity with many othei aspects of Iinux.
When a computei is tuined on, it executes boot code that is stoied in RUV. That code
in turn attempts to figure out how to load and start the kernel. The kernel probes the
system's haidwaie and then spawns the system's init piocess, which is always pio-
cess numbei 1.
Seveial things must happen befoie a login piompt can appeai. Filesystems must be
checked and mounted, and system daemons staited. These pioceduies aie managed
by a seiies of shell sciipts that aie iun in sequence by init. The staitup sciipts aie
often iefeiied to as "ic files" because of the way they aie named; the "ic" stands foi
"iuncom" oi "iun command," a histoiical iemnant of the CTSS opeiating system
ciica 1965. The exact layout of the staitup sciipts and the mannei in which they aie
executed vaiy among systems. We covei the details latei in this chaptei.
Automat|c and manua| boot|ng
Linux systems can boot in eithei automatic mode oi manual mode. In automatic
mode, the system performs the complete boot procedure on its own, without any ex-
ternal assistance. In manual mode, the system follows the automatic pioceduie up to
a point but then tuins contiol ovei to an opeiatoi befoie most initialization sciipts
have been iun. At this point, the computei is in "single-usei mode." Most system
piocesses aie not iunning, and othei useis cannot log in.
In day-to-day opeiation, automatic booting is used almost exclusively. A typical boot
pioceduie foi a modein machine is foi a usei to tuin on the powei and wait foi the
system to come on-line. Neveitheless, it's impoitant to undeistand the automatic
boot pioceduie and to know how to peifoim a manual boot. You'll usually have to
boot manually when some pioblem bieaks automatic booting, foi example, a coi-
iupted filesystem oi an impiopeily configuied netwoik inteiface.
Stes |n the boot rocess
A typical Iinux bootstiapping piocess consists of six distinct phases:
Ioading and initialization of the keinel
Ievice detection and configuiation
Cieation of keinel thieads
Opeiatoi inteivention (manual boot only)
Execution of system staitup sciipts
Multiusei opeiation
Administiatois have little contiol ovei most of these steps. We effect most bootstiap
configuiation by editing the system staitup sciipts.
2.1 bootstraing 23
kerne| |n|t|a||zat|on
See Chapter 28 fcr
mcre infcrmaticn
abcut the kernel.
The Linux keinel is itself a piogiam, and the fiist bootstiapping task is to get this
piogiam into memoiy so that it can be executed. The pathname of the keinel is usu-
ally /vmlinuz oi /boot/vmlinuz.
Linux implements a two-stage loading piocess. Duiing the fiist stage, the system
ROM loads a small boot piogiam into memoiy fiom disk. This piogiam then ai-
ianges foi the keinel to be loaded.
The keinel peifoims memoiy tests to find out how much RAM is available. Some of
the keinel's inteinal data stiuctuies aie statically sized, so the keinel sets aside a fixed
amount of ieal memoiy foi itself when it staits. This memoiy is ieseived foi the kei-
nel and cannot be used by usei-level piocesses. The keinel piints on the console a
message that iepoits the total amount of physical memoiy and the amount available
to usei piocesses.
hardware conf|gurat|on
One of the keinel's fiist choies is to check out the machine's enviionment to see what
haidwaie is piesent. When you constiuct a keinel foi youi system, you tell it what
haidwaie devices it should expect to find; when the keinel begins to execute, it tiies
to locate and initialize each device that you have told it about. The keinel piints out
a line of ciyptic infoimation about each device it finds.These days, distiibutions in-
clude keinels that woik on most machine configuiations, iequiiing minimal (if any)
customization.
The device infoimation given at keinel configuiation time is often undeispecified.
In these cases, the keinel tiies to deteimine the othei infoimation it needs by piob-
ing the bus foi devices and asking the appiopiiate diiveis foi infoimation. The diiv-
eis foi devices that aie missing oi that do not iespond to a piobe will be disabled. If a
device is latei connected to the system, it is also possible to load oi enable a diivei foi
it on the fly. See Chaptei 28, Drivers and the Kernel, foi details.
kerne| threads
Once basic initialization is complete, the keinel cieates seveial "spontaneous" pio-
cesses in usei space. They'ie called spontaneous piocesses because they aie not cie-
ated thiough the noimal system fork mechanism; see page 56 foi moie details.
See page 2 fcr mcre
infcrmaticn abcut ps.
The numbei and natuie of the spontaneous piocesses vaiy fiom system to system.
Undei Linux, theie is no visible PID 0. init (always piocess 1) is accompanied by
seveial memoiy and keinel handlei piocesses, including those shown in Table 2.1
on the next page. These piocesses all have low-numbeied PIIs and can be identified
by the biackets aiound theii names in ps listings (e.g., [kacpid]). Sometimes the
piocess names have a slash and a digit at the end, such as [kblockd/0]. The numbei
indicates the piocessoi on which the thiead is iunning, which may be of inteiest on
a multipiocessoi system.
Among these piocesses, only init is ieally a full-fledged usei piocess. The otheis aie
actually poitions of the keinel that have been diessed up to look like piocesses foi
scheduling oi aichitectuial ieasons.
Once the spontaneous piocesses have been cieated, the keinel's iole in bootstiap-
ping is complete. Howevei, none of the piocesses that handle basic opeiations (such
as accepting logins) have been cieated, noi have most of the Linux daemons been
staited. All of these tasks aie taken caie of (indiiectly, in some cases) by init.
Uerator |ntervent|on (manua| boot on|y)
infcrmaticn abcut the
rcct acccunt.
If the system is to be biought up in single-usei mode, a command-line flag (the
woid "single") passed in by the keinel notifies init of this fact as it staits up. init
eventually tuins contiol ovei to sulogin, a special neuteied-but-iabid veision of
login that piompts foi the ioot passwoid.
1
If you entei the iight passwoid, the sys-
tem spawns a ioot shell. You can type <Contiol-I> instead of a passwoid to bypass
single-usei mode and continue to multiusei mode. See page ?1 foi moie details.
infcrmaticn abcut file-
systems and mcunting.
Fiom the single-usei shell, you can execute commands in much the same way as
when logged in on a fully booted system. Howevei, on SISI, Iebian, and Ibuntu
systems, only the ioot paitition is usually mounted; you must mount othei filesys-
tems by hand to use piogiams that don't live in /bin, /sbin, oi /etc.
In many single-usei enviionments, the filesystem ioot diiectoiy staits off being
mounted iead-only. If /tmp is pait of the ioot filesystem, a lot of commands that use
tempoiaiy files (such as vi) will iefuse to iun. To fix this pioblem, you'll have to begin
youi single-usei session by iemounting / in iead/wiite mode. The command
# mount -o rw,remount /
usually does the tiick.
Red Hat and Fedoia's single-usei mode is a bit moie aggiessive than noimal. By the
time you ieach the shell piompt, these distiibutions have tiied to mount all local file-
systems. Although this seems helpful at fiist, it can piove pioblematic if you have a
sick filesystem.
1ab|e 2.1 Some common L|nux kerne| rocesses
1hread Purose
kjourna|d Commits ext3 journal udates to disk
a
kswad Swas rocesses when hysical memory is low
krec|a|md Reclaims memory ages that haven't been used recently
ksoft|rqd nandles multile layers of soft interruts
khubd Configures uSb devices
a. Jhere is one kjourna|d for each mounted ext3 filesystem.
1. See ihe man pages foi inittab and sulogin foi moie infoimaiion. Sadly, even modein veisions of Red
Hai and Fedoia do noi by defauli iequiie a passwoid io eniei single-usei mode.
2.2 booting PCs 25
The fsck command is noimally iun duiing an automatic boot to check and iepaii
filesystems. When you biing the system up in single-usei mode, you may need to
iun fsck by hand. See page 1?1 foi moie infoimation about fsck.
When the single-usei shell exits, the system attempts to continue booting into mul-
tiusei mode.
xecut|on of startu scr|ts
By the time the system is ieady to iun its staitup sciipts, it is iecognizably Linux.
Even though it doesn't quite look like a fully booted system yet, no moie "magic"
steps aie left in the boot piocess. The staitup sciipts aie just noimal shell sciipts,
and they'ie selected and iun by init accoiding to an algoiithm that, though some-
times toituous, is ielatively compiehensible.
The caie, feeding, and taxonomy of staitup sciipts meiits a majoi section of its own.
It's taken up in moie detail staiting on page ?2.
Mu|t|user oerat|on
See page 855 fcr mcre
lcgin prccess.
Aftei the initialization sciipts have iun, the system is fully opeiational, except that
no one can log in. Foi logins to be accepted on a paiticulai teiminal (including the
console), a getty piocess must be listening on it. init spawns these getty piocesses
diiectly, completing the boot piocess. init is also iesponsible foi spawning giaphical
login systems such as xdm oi gdm if the system is set up to use them.
Keep in mind that init continues to peifoim an impoitant iole even aftei bootstiap-
ping is complete. init has one single-usei and seveial multiusei "iun levels" that de-
teimine which of the system's iesouices aie enabled. Run levels aie desciibed latei in
this chaptei, staiting on page ??.
2.2 8UU1IN6 PCS
At this point we've seen the geneial outline of the boot piocess. We now ievisit sev-
eial of the moie impoitant (and complicated) steps.
PC booting is a lengthy oideal that iequiies quite a bit of backgiound infoimation to
explain. When a machine boots, it begins by executing code stoied in ROMs. The
exact location and natuie of this code vaiies, depending on the type of machine you
have. On a machine designed explicitly foi UNIX oi anothei piopiietaiy opeiating
system, the code is typically fiimwaie that knows how to use the devices connected
to the machine, how to talk to the netwoik on a basic level, and how to undeistand
disk-based filesystems. Such intelligent fiimwaie is convenient foi system adminis-
tiatois. Foi example, you can just type in the filename of a new keinel, and the fiim-
waie will know how to locate and iead that file.
Un PCs, this initial boot code is geneially called a BIUS (Basic Input/Uutput System),
and it is extiemely simplistic compaied to the fiimwaie of a piopiietaiy machine.
Actually, a PC has seveial levels of BIOS: one foi the machine itself, one foi the video
caid, one foi the SCSI caid if the system has one, and sometimes foi othei peiiphei-
als such as netwoik caids.
The built-in BIOS knows about some of the devices that live on the motheiboaid,
typically the IIE contiollei (and disks), netwoik inteiface, keyboaid, seiial poits,
and paiallel poits. SCSI caids aie usually only awaie of the devices that aie connected
to them. Thankfully, the complex inteiactions iequiied foi these devices to woik
togethei has been standaidized in the past few yeais, and little manual inteivention
is iequiied.
Modein BIOSes aie a little smaitei than they used to be. They usually allow you to
entei a configuiation mode at boot time by holding down one oi two special keys;
most BIOSes tell you what those special keys aie at boot time so that you don't have
to look them up in the manual.
The BIOS noimally lets you select which devices you want to tiy to boot fiom, which
sounds moie piomising than it actually is. You can usually specify something like
"Tiy to boot off the floppy, then tiy to boot off the CI-ROM, then tiy to boot off the
haid disk." Unfoitunately, some BIOSes aie limited to booting fiom the fiist IIE
CI-ROM diive oi the fiist IIE haid disk. If you have been veiy, veiy good ovei the
pievious yeai, Santa might even biing you a BIOS that acknowledges the existence of
SCSI caids.
Once youi machine has figuied out what device to boot fiom, it will tiy to load the
fiist 512 bytes of the disk. This 512-byte segment is known as the mastei boot iecoid
oi MBR. The MBR contains a piogiam that tells the computei fiom which disk pai-
tition to load a secondaiy boot piogiam (the "boot loadei"). Foi moie infoimation
on PC-style disk paititions and the MBR, iefei to Chaptei 7, Adding a Disk.
The default MBR contains a simple piogiam that tells the computei to get its boot
loadei fiom the fiist paitition on the disk. Iinux offeis a moie sophisticated MBR
that knows how to deal with multiple opeiating systems and keinels.
Once the MBR has chosen a paitition to boot fiom, it tiies to load the boot loadei
specific to that paitition. The boot loadei is then iesponsible foi loading the keinel.
2.3 uSIN6 8UU1 LUA0kS. LILU AN0 6ku8
What would life be like without choices? Two boot loadeis aie used in the Iinux
woild: IIIO and CRUB. IIIO is the tiaditional boot loadei. It is veiy stable and well
documented but is iapidly being eclipsed by CRUB, which has become the default
boot loadei on Red Hat, SUSE, and Fedoia systems. In fact, cuiient Red Hat and
Fedoia distiibutions do not include IIIO at all. On the othei hand, Iebian still uses
IIIO as its boot loadei of choice.
6ku8. 1he 6kand un|f|ed 8oot |oader
CRUB is paiticulaily populai among useis who iun a vaiiety of opeiating systems
(such as Windows, UpenBSI, FieeBSI, etc.) on the same machine oi who aie actively
2.3 using boot loaders: lll0 and CRub 27
woiking on keinel development. CRUB is also useful foi folks who change theii sys-
tem configuiation fiequently. Unlike LILO, which must be ieinstalled into the boot
iecoid oi MBR eveiy time it is ieconfiguied, GRUB ieads its configuiation file at
boot time, eliminating an easy-to-foiget administiative step.
You install CRUB on youi boot diive by iunning grub-install. This command takes
the name of the device fiom which you'll be booting as an aigument. The way CRUB
names the physical disk devices diffeis fiom the standaid Iinux convention (al-
though CRIB can use standaid Iinux names as well). A CRIB device name looks
like this:
(ld0,0)
The fiist numeiic value indicates the physical diive numbei (staiting fiom zeio), and
the second numeiic value iepiesents the paitition numbei (again, staiting fiom
zeio). In this example, (hd0,0) is equivalent to the Iinux device /dev/hda1. Eigo, if
you wanted to install CRUB on youi piimaiy diive, you would use the command
= grub-nstaII '(hd0,0)'
The quotes aie necessaiy to pievent the shell fiom tiying to inteipiet the paienthe-
ses in its own special way.
By default, CRUB ieads its default boot configuiation fiom /boot/grub/grub.conf.
Heie's a sample grub.conf file:
deaul=0
ineou=l0
slaslinae=(ld0,0)/boo/rub/slasl.xn.z
ile Red Ha Lirux (2.o.-S)
roo (ld0,0)
lerrel /boo/vnliruz-2.o.-S ro roo=/dev/ldal
This example configuies only a single opeiating system, which CRUB boots auto-
matically (deaul=0) if it doesn't ieceive any keyboaid input within 10 seconds
(ineou=l0). The ioot filesystem foi the "Red Hat Linux" configuiation is the
GRUB device (hd0,0). CRUB loads the keinel fiom /boot/vmlinuz-2.6.9-5 and dis-
plays a splash scieen fiom the file /boot/grub/splash.xpm.gz when it is loaded.
CRUB suppoits a poweiful command-line inteiface as well as facilities foi editing
configuiation file entiies on the fly. To entei command-line mode, type c fiom the
CRUB boot image. Fiom the command line you can boot opeiating systems that
aien't in grub.conf, display system infoimation, and peifoim iudimentaiy filesys-
tem testing. You can also enjoy the command line's shell-like featuies, including
command completion and cuisoi movement. Anything that can be done thiough
the grub.conf file can be done thiough the CRUB command line as well.
Piess the <Tab> key to obtain a quick list of possible commands. Table 2.2 on the
next page lists some of the moie useful commands.
Foi detailed infoimation about CRUB and its command line-options, iefei to the
official manual:
www.gnu.oig/softwaie/giub/manual/
LILU. 1he trad|t|ona| L|nux boot |oader
IIIO is configuied and installed with the lilo command. lilo bases the installed con-
figuiation on the contents of the /etc/lilo.conf file. To change youi boot configuia-
tion, you simply update /etc/lilo.conf and ieiun lilo. You must ieconfiguie LILO
eveiy time the boot piocess changes-in paiticulai, eveiy time you want to add a
new boot paitition, and eveiy time you have a new keinel to boot.
You can install IIIO eithei into the MBR of the disk oi into the boot iecoid of the
Iinux ioot paitition.
Heie's a basic lilo.conf file foi a Iinux system that has both a pioduction keinel and
a backup keinel:
boo=/dev/lda = Fu boo loader or MBR
roo=/dev/ldal = Seciy roo ariior
irsall=/boo/boo.b
na=/boo/na
delay=20 = 2 sec or user irerru
inae=/vnliruz = Kerrel o boo
label=lirux = Label o reer o lis erry
read-orly
inae=/vnliruz-baclu = Baclu erry
label=baclu
read-orly
Each possible boot scenaiio has a label. At boot time, you can tell IIIO which one to
use by enteiing the appiopiiate label. The fiist label to appeai in lilo.conf becomes
the default.
The default scenaiio (named lirux) boots the file /vmlinuz. The read-orly tag spec-
ifies that the keinel should mount its ioot filesystem iead-only. This option should
always be piesent; the staitup sciipts will take caie of iemounting the paitition iead-
wiite at the appiopiiate time. This system is also configuied to boot a backup keinel,
1ab|e 2.2 6ku8 command-||ne ot|ons
Command Mean|ng
reboot Soft-reboot the system
f|nd lind a file on all mountable artitions
root Secify the root device (a artition)
kerne| load a kernel from the root device
he| Cet interactive hel for a command
boot boot the system from the secified kernel image
2.3 using boot loaders: lll0 and CRub 29
/vmlinuz-backup. It's always a good idea to have such an alteinative; a bioken kei-
nel configuiation can lead to an unbootable system.
Running lilo without any aiguments geneiates and installs the boot loadei and tells
you which entiies aie available. It puts a stai next to the default image. Howevei, if
you have made an eiioi in the lilo.conf file, lilo usually won't discovei the pioblem
until halfway thiough the installation of the boot loadei. When this happens, the boot
loadei is in a confused state. Dc nct rebcct until you've iun lilo successfully.
To avoid getting into this situation, you can iun lilo -t to test the configuiation with-
out ieally installing it. If eveiything looks koshei, you can then iun lilo foi ieal. It is
something of a mysteiy why lilo does not iun this pietest foi you by default.
lilo's output when iun with the config file above is:
= lilo
Added lirux
Added baclu
When the system boots, IIIO piints the following piompt:
LlLO.
It then waits 2 seconds (20 tenths of a second, set with the delay tag), boots the
keinel /vmlinuz, and mounts the fiist paitition of the fiist IIE disk as the ioot pai-
tition. You can see a list of defined boot scenaiios by piessing the <Tab> key:
LlLO. <Tab>
lirux baclu
LlLO.
To boot using an alteinate scenaiio, just entei its label at the piompt.
kerne| ot|ons
IIIO and CRUB allow command-line options to be passed to the keinel. These op-
tions typically modify the values of keinel paiameteis, instiuct the keinel to piobe
foi paiticulai devices, specify the path to init, oi designate a specific ioot device.
Table 2.? shows a few examples.
1ab|e 2.3 xam|es of kerne| boot-t|me ot|ons
Ut|on Mean|ng
|n|t=/sb|n/|n|t Jells the kernel to use /sb|n/|n|t as its |n|t rogram
|n|t=/b|n/bash Starts only the bash shell, useful for emergency recovery
root=/dev/foo Jells the kernel to use /dev/foo as the root device
s|ng|e boots to single-user mode
Mu|t|boot|ng on PCs
Since many opeiating systems iun on PCs, it is faiily common piactice to set up a
machine to be able to boot seveial diffeient systems. To make this woik, you need to
configuie a boot loadei to iecognize all the diffeient opeiating systems on youi disks.
In the next few sections, we covei some common multiboot stumbling blocks and
then ieview some example configuiations.
Each disk paitition can have its own second-stage boot loadei. Howevei, theie is
only one MBR. When setting up a multiboot configuiation, you must decide which
boot loadei is going to be the "mastei." Foi bettei oi woise, youi choice will often be
dictated by the vagaiies of the opeiating systems involved. IIIO and CRUB aie the
best options foi a system that has a Iinux paitition. CRUB is supeiioi to IIIO in a
multibooting situation.
6ku8 mu|t|boot conf|gurat|on
A multiboot CRUB system is much like its single-boot counteipait. Install all the
desiied opeiating systems befoie making changes to /boot/grub/grub.conf.
A grub.conf configuiation foi booting Windows looks diffeient fiom one foi boot-
ing a UNIX oi Iinux system:
ile Virdovs XF
rooroveriy (ld0,0)
clairloader +l
The clairloader option loads the boot loadei fiom a the specified location (in this
case, sectoi 1 on the fiist paitition of the piimaiy IIE diive). The rooroveriy op-
tion guaiantees that CRUB will not tiy to mount the specified paitition. This option
keeps CRUB fiom messing with paititions it can't undeistand, such as NTFS paiti-
tions oi paititions outside the aiea that CRUB can iead.
The grub.conf file below can boot Windows XP fiom paitition 1, Red Hat Entei-
piise Iinux fiom paitition 2, and Fedoia fiom paitition ?:
deaul=0
ineou=S
slaslinae=(ld0,2)/boo/rub/slasl.xn.z
lidderneru
ile Virdovs XF
rooroveriy (ld0,0)
clairloader +l
ile Red Ha
roo (ld0,l)
lerrel /boo/vnliruz
ile !edora
roo (ld0,2)
lerrel /boo/vnliruz
2.4 booting single-user mode 31
LILU mu|t|boot conf|gurat|on
To configuie a multiboot system that uses IIIO in the MBR (e.g., Iinux with Win-
dows XP), begin with the standaid IIIO configuiation as outlined on page 28. You
can then go back and add entiies foi the othei opeiating systems to /etc/lilo.conf.
Heie's the lilo.conf entiy you need to boot Windows fiom the fiist paitition of youi
fiist IIE disk:
oler = /dev/ldal
label = virdovs
able = /dev/lda
A complete lilo.conf file that boots Windows fiom paitition 1, Iinux fiom paitition
2, and FieeBSI fiom paitition ? would look something like this:
boo = /dev/lda = irsall or le MBR o ls lDL drive
delay = 20 = Vai 2 sec. or user's boo cloice
deaul = lirux = l ro iru, boo lirux ron 2rd ariior
inae = /boo/vnliruz-2.o.
roo = /dev/lda2
label = lirux
read-orly
oler = /dev/ldal = boo ron ls ariior
label = virdovs
able = /dev/lda
oler = /dev/lda3 = boo ron 3rd ariior
label = reebsd
able = /dev/lda
You'll need to ieiun lilo aftei putting these entiies into lilo.conf. Remembei to iun
lilo -t fiist to test the config file. See page 124 foi moie paititioning infoimation.
Vendois (oi volunteeis) often ielease patches foi Iinux distiibutions, and the keinel
is no exception. Secuiity vulneiabilities, bugs, and featuies aie added on a iegulai
basis. Unlike othei softwaie packages, howevei, keinel patches aie not updated, but
iathei aie installed side-by-side with the existing keinel. This helps administiatois
back out of an upgiade easily if a keinel patch bieaks theii system. As time goes by,
the IIIO and CRUB boot menus fill up with all the diffeient veisions keinel. It's
usually safe to use the default selection, but be awaie of this potentially simple fix if
youi system doesn't boot aftei patching.
2.4 8UU1IN6 SIN6L-uSk MU0
Single-usei mode is a gieat way to change the system configuiation oi peifoim
maintenance tasks without woiiying about affecting (oi being tioubled by) othei
useis. It's also a lifesavei when you'ie woiking on a bioken system.
See page 33 fcr
mcre infcrmaticn
abcut run levels.
It's most common to entei single-usei mode by passing aiguments to the boot loadei.
Howevei, you can usually entei single-usei mode fiom anothei iun level by iunning
the command telinit 1. It isn't necessaiy to ieboot unless you'ie debugging a boot-
dependent pioblem.
As a piecautionaiy measuie against a possibly unstable system, the filesystem ioot
diiectoiy staits off being mounted iead-only. This may be counteipioductive to youi
mission if you'ie tiying to fix a pioblem with a configuiation file oi command that
lives in the ioot filesystem oi if you need to execute a command that modifies files.
To fix this pioblem, iemount the ioot filesystem in iead/wiite mode with
= mount -o remount -w /
The exact pioceduie foi invoking single-usei mode at boot time diffeis between
CRUB and IIIO.
S|ng|e-user mode w|th 6ku8
You don't need to use the command line to boot single-usei mode undei CRUB. The
CRUB authois iealized that boot options should be easily modifiable and decided
on the 'a' key as the appiopiiate tool. At the CRUB splash scieen, highlight the de-
siied keinel and piess 'a' to append to the boot options. To boot single-usei mode,
add the single flag to the end of the existing keinel options. An example foi a typical
configuiation might be
rub aerd> ro root=LABEL=/ rhgb quet sngIe
S|ng|e-user mode w|th LILU
Iistiibutions piovide diffeient ways of getting to the IIIO command piompt. If
you've installed IIIO in favoi of CRUB on Red Hat, Fedoia, oi SUSE, choose the
command-line menu option fiom the fancy giaphic usei inteiface. Iebian and
Ubuntu useis should piess and hold the shift key just aftei the BIOS has peifoimed
its memoiy checks and othei system self-tests.
At the LILO piompt, entei the label of the configuiation you want to boot (as spec-
ified in lilo.conf) followed by -s oi single. Foi example, the default configuiation
shipped with Iebian is called "linux", so to boot that configuiation into single-usei
mode, you'd use
LlLO. Inux sngIe
2.5 wUkkIN6 wI1h S1Ak1uP SCkIP1S
Aftei you exit fiom single-usei mode (oi, in the automated boot sequence, at the
point at which the single-usei shell would have iun), init executes the system staitup
sciipts. These sciipts aie ieally just gaiden-vaiiety shell sciipts that aie inteipieted
by sh (well, bash, ieally). The exact location, content, and oiganization of the sciipts
vaiy consideiably fiom system to system.
2.5 working with startu scrits 33
Some tasks that aie often peifoimed in the staitup sciipts aie
Setting the name of the computei
Setting the time zone
Checking the disks with fsck (only in automatic mode)
Mounting the system's disks
Removing old files fiom the /tmp diiectoiy
Configuiing netwoik inteifaces
Staiting up daemons and netwoik seivices

Most staitup sciipts aie quite veibose and piint a desciiption of eveiything they aie
doing. This loquacity can be a tiemendous help if the system hangs midway thiough
booting oi if you aie tiying to locate an eiioi in one of the sciipts.
On systems of yoie, it was common piactice foi administiatois to modify staitup
sciipts to make them do the iight thing foi a paiticulai enviionment. Howevei, fine-
giained packaging of softwaie and fiequent Inteinet updates have foiced the adop-
tion of a moie iobust appioach. These days, systems accommodate numeious small
staitup sciipts installed by individual pieces of softwaie, and the sciipts iead theii
local configuiation infoimation fiom sepaiate files. The local configuiation files usu-
ally take the foim of mini sh sciipts that set the values of shell vaiiables; these vaii-
ables aie then consulted by the sciipts.
|n|t and run |eve|s
Tiaditionally, init defines seven iun levels, each of which iepiesents a paiticulai
complement of seivices that the system should be iunning:
Ievel 0 is the level in which the system is completely shut down.
Ievel 1 oi S iepiesents single-usei mode.
Ievels 2 thiough 5 aie multiusei levels.
Ievel 6 is a "ieboot" level.

Levels 0 and 6 aie special in that the system can't actually iemain in them; it shuts
down oi ieboots as a side effect of enteiing them. The geneial multiusei iun level is
2 oi ?. Run level 5 is often used foi X Windows login piocesses such as xdm. Run
level 4 is iaiely used, and iun levels 1 and S aie defined diffeiently on each system.
Single-usei mode was tiaditionally init level 1. It biought down all multiusei and
iemote login piocesses and made suie the system was iunning a minimal comple-
ment of softwaie. Since single-usei mode peimits ioot access to the system, how-
evei, administiatois wanted the system to piompt foi the ioot passwoid whenevei it
was booted into single-usei mode. The S iun level was cieated to addiess this need:
it spawns a piocess that piompts foi the ioot passwoid. On Linux, the S level seives
only this puipose and is not a destination in itself.
Theie seem to be moie iun levels defined than aie stiictly necessaiy oi useful. The
usual explanation foi this is that a phone switch had 7 iun levels, so it was thought
that a UNIX system should have at least that many. Iinux actually suppoits up to 10
iun levels, but levels 7 thiough 9 aie undefined.
The /etc/inittab file tells init what to do at each of its iun levels. Its foimat vaiies
fiom system to system, but the basic idea is that inittab defines commands that aie
to be iun (oi kept iunning) when the system enteis each level.
As the machine boots, init iatchets its way up fiom iun level 0 to the default iun
level, which is also set in /etc/inittab. To accomplish the tiansition between each
paii of adjacent iun levels, init iuns the actions spelled out foi that tiansition in
/etc/inittab. The same piogiession is made in ieveise oidei when the machine is
shut down.
Unfoitunately, the semantics of the inittab file aie somewhat iudimentaiy. To map
the facilities of the inittab file into something a bit moie flexible, Iinux systems im-
plement an additional layei of abstiaction in the foim of a "change iun levels" sciipt
(usually /etc/init.d/rc) that's called fiom inittab. This sciipt in tuin executes othei
sciipts fiom a iun-level-dependent diiectoiy to biing the system to its new state.
These days, most Iinux distiibutions boot to iun level 5 by default, which may not
be appiopiiate foi seiveis that don't need to iun X. The default iun level is easy to
change. This exceipt fiom a SUSE machine's inittab defaults to iun level 5:
id.S.irideaul.
System administiatois usually don't have to deal diiectly with /etc/inittab because
the sciipt-based inteiface is adequate foi most applications. In the iemaindei of
this chaptei, we tacitly ignoie the inittab file and the othei glue that attaches init to
the execution of staitup sciipts. Just keep in mind that when we say that init iuns
such-and-such a sciipt, the connection may not be quite so diiect.
The mastei copies of the staitup sciipts live in the /etc/init.d diiectoiy. Each sciipt
is responsible for one daemon or one particular aspect of the system. The scripts un-
deistand the aiguments start and stop to mean that the seivice they deal with should
be initialized oi halted. Most also undeistand restart, which is typically the same as
a stop followed by a start. As a system administiatoi, you can manually stait and
stop individual seivices by iunning theii associated init.d sciipts by hand.
Foi example, heie's a simple staitup sciipt that can stait, stop, oi iestait sshd:
=' /bir/sl
es - /usr/bir/ssld || exi 0
case $l ir
sar)
eclo -r Sarir ssld. ssld
/usr/sbir/ssld
eclo .
,,
so)
eclo -r Soir ssld. ssld
lill `ca /var/rur/ssld.id`
eclo .
,,
resar)
eclo -r Soir ssld. ssld
lill `ca /var/rur/ssld.id`
eclo .
eclo -r Sarir ssld. ssld
/usr/sbir/ssld
eclo .
,,
)
eclo Usae. /ec/iri.d/ssld sar|so|resar
exi l
,,
esac
Although the sciipts in /etc/init.d can stait and stop individual seivices, the mastei
contiol sciipt iun by init needs additional infoimation about which sciipts to iun
(and with what aiguments) to entei any given iun level. Instead of looking diiectly
at the init.d diiectoiy when it takes the system to a new iun level, the mastei sciipt
looks at a diiectoiy called rclevel.d, wheie level is the iun level to be enteied (e.g.,
rc0.d, rc1.d, and so on).
These rclevel.d diiectoiies typically contain symbolic links that point back to the
sciipts in the init.d diiectoiy. The names of these symbolic links all stait with S oi
K followed by a numbei and the name of the seivice that the sciipt contiols (e.g.,
S34named). When init tiansitions fiom a lowei iun level to a highei one, it iuns all
the sciipts that stait with S in ascending numeiical oidei with the aigument start.
When init tiansitions fiom a highei iun level to a lowei one, it iuns all the sciipts
that stait with K (foi "kill") in descending numeiical oidei with the aigument stop.
This scheme gives administiatois fine-giained contiol of the oidei in which seivices
aie staited. Foi example, it doesn't make sense to stait SSH befoie the netwoik intei-
faces aie up. Although the netwoik and sshd aie both configuied to stait at iun level
2 on a Fedoia system, the network sciipt gets sequence numbei 10 and the sshd
sciipt gets sequence numbei 55, so network is ceitain to be iun fiist. Be suie to
considei this type of dependency when you add a new seivice.
To tell the system when to stait a daemon, you must place symbolic links into the
appiopiiate diiectoiy. Foi example, to tell the system to stait CUPS at iun level 2
and to stop it nicely befoie shutting down, the following paii of links would suffice:
= In -s /etc/nt.d/cups /etc/rc2.d/580cups
= In -s /etc/nt.d/cups /etc/rc0.d/K80cups
The fiist line tells the system to iun the /etc/init.d/cups staitup sciipt as one of the
last things to do when enteiing iun level 2 and to iun the sciipt with the start aigu-
ment. The second line tells the system to iun /etc/init.d/cups ielatively soon when
shutting down the system and to iun the sciipt with the stop aigument. Some sys-
tems tieat shutdown and ieboot diffeiently, so we have to put a symbolic link in the
/etc/rc6.d diiectoiy as well to make suie the daemon shuts down piopeily when the
system is iebooted.
ked hat and Iedora startu scr|ts
Red Hat and Fedoia's staitup sciipts have histoiically been on the messy side. Em-
bedded in the code, you might see a vaiiety of comments like this one:
= Yes, lis is ar uly, bu recessary lacl
At each iun level, init invokes the sciipt /etc/rc.d/rc with the new iun level as an
aigument. /etc/rc.d/rc usually iuns in "noimal" mode, in which it just does its thing,
but it can also iun in "confiimation" mode, in which it asks you befoie it iuns each
individual staitup sciipt.
Red Hat and Fedoia have a chkconfig command to help you manage seivices. This
command adds oi iemoves staitup sciipts fiom the system, manages the iun levels
at which they opeiate, and lists the iun levels foi which a sciipt is cuiiently config-
uied. See man chkconfig foi usage infoimation on this simple and handy tool.
Red Hat also has an rc.local sciipt much like that found on BSI systems. rc.local is
the last sciipt iun as pait of the staitup piocess. Histoiically, rc.local was oveiwiit-
ten by the initscripts package. This has changed, howevei, and it is now safe to add
youi own staitup customizations heie.
Heie's an example of a Red Hat staitup session:
[lerrel irornaior|
lNlT. versior 2.8S booir
Seir deaul or (laarcyrlev-surlo). [ OK |
Velcone o Red Ha Lirux
Fress 'l' o erer ireracive saru.
Sarir udev. [ OK |
lriializir lardvare... sorae revorl audio dore
Coriurir lerrel araneers. [ OK |
Seir clocl (localine). Tue Mar 2 20.S0.4l MST 200S. [ OK |
.
Unce you see the "Welcome to Red Hat Inteipiise Iinux" message, you can piess the
'i' key to entei confiimation mode. Infoitunately, Red Hat gives you no confiimation
that you have piessed the iight key. It blithely continues to mount local filesystems,
activate swap paititions, load keymaps, and locate its keinel modules. Unly aftei it
switches to iun level 3 does it actually stait to piompt you foi confiimation:
Velcone o Red Ha Lrerrise Lirux VS
Fress 'l' o erer ireracive saru.
Sarir udev. [ OK |
lriializir lardvare... sorae revorl audio dore
Coriurir lerrel araneers. [ OK |
seir clocl (localine). ue nar 2 20.S0.4l ns 200S. [ OK |
Seir losrane rlel4. [ OK |
Cleclir roo ilesysen
/dev/ldal. clear, 33SS/llolo iles, 2l4S3o/383032 blocls
[ OK |
Renourir roo ilesysen ir read-vrie node. [ OK |
Seir u Loical Volune Maraener. [ OK |
Cleclir ilesysens
Mourir local ilesysens. [ OK |
Lrablir local ilesysen quoas. [ OK |
Lrablir sva sace. [ OK |
lNlT. Lrerir rurlevel. 3
Lrerir ireracive saru
Sar service ludzu (Y)es/(N)o/(C)orirue [Y|
Inteiactive staitup and single-usei mode both begin at the same spot in the boot-
ing piocess. When the staitup piocess is so bioken that you cannot ieach this point
safely, you can use a iescue floppy oi CI-ROM to boot.
You can also pass the aigument init=/bin/sh to the keinel to tiick it into iunning a
single-usei shell befoie init even staits.
2
If you take this tack, you will have to do all
the staitup housekeeping by hand, including manually fscking and mounting the
local filesystems.
Much configuiation of Red Hat's boot piocess can be achieved thiough manipula-
tion of the config files in /etc/sysconfig. Table 2.4 summaiizes the function of some
populai items in the /etc/sysconfig diiectoiy.
Seveial of the items in Table 2.4 meiit additional comments:
The hwconf file contains all of youi haidwaie infoimation. The Kudzu sei-
vice checks it to see if you have added oi iemoved any haidwaie and asks
you what to do about changes. You may want to disable this seivice on a
2. We once had a coiiupied keymap file, and since ihe keymap file is loaded even in single-usei mode,
single-usei was useless. Seiiing init=/bin/sh was ihe only way io booi ihe sysiem io a usable single-
usei siaie io fix ihe pioblem. This can also be a useful iiick in oihei siiuaiions.
1ab|e 2.4 I||es and subd|rector|es of ked hat's /etc/sysconf|g d|rectory
I||e/0|r Iunct|on or contents
c|ock Secifies the tye of clock that the system has (almost always uJC)
a
conso|e A mysterious directory that is always emty
httd 0etermines which Aache rocessing model to use
hwconf Contains all of the system's hardware info. used by Kudzu.
|18n Contains the system's local settings (date formats, languages, etc.)
|n|t Configures the way messages from the startu scrits are dislayed
keyboard Sets keyboard tye (use us' for the standard 101-key u.S. keyboard)
mouse Sets the mouse tye. used by X and gm.
network Sets global network otions (hostname, gateway, forwarding, etc.)
network-scr|ts Contains accessory scrits and network config files
sendma|| Sets otions for sendma||
a. lf you multiboot your PC, all bets are off as to how the clock's time zone should be set.
pioduction system because it delays the boot piocess whenevei it detects
a change to the haidwaie configuiation, iesulting in an extia ?0 seconds of
downtime foi eveiy haidwaie change made.
The network-scripts diiectoiy contains additional mateiial ielated to net-

woik configuiation. The only things you should evei need to change aie the
files named ifcfg-interface. Foi example, network-scripts/ifcfg-eth0 con-
tains the configuiation paiameteis foi the inteiface eth0. It sets the intei-
face's IP addiess and netwoiking options. See page 299 foi moie infoima-
tion about configuiing netwoik inteifaces.
The sendmail file contains two vaiiables: DALMON and QULUL. If the
DALMON vaiiable is set to yes, the system staits sendmail in daemon
mode (-bd) when the system boots. QULUL tells sendmail how long to
wait between queue iuns (-q); the default is one houi.
SuS startu scr|ts
Although SUSE's staitup system iesembles that of RHEI and Fedoia, SUSE's staitup
sciipts aie one aiea in which it ieally outshines othei Iinux vaiiants. SUSE's sciipts
aie well oiganized, iobust, and well documented. The folks that maintain this pait
of the opeiating system deseive a gold stai.
As in Red Hat and Fedoia, init invokes the sciipt /etc/init.d/rc at each iun level,
pioviding the new iun level as an aigument. Package-specific sciipts live in the
/etc/init.d diiectoiy, and theii configuiation files live in /etc/sysconfig. An excel-
lent intioduction to the SUSE staitup piocess can be found in /etc/init.d/README.
Although both SUSE and RHEI/Fedoia concentiate theii boot configuiation files in
/etc/sysconfig, the specific files within this diiectoiy aie quite diffeient. (Foi one
thing, SUSE's files aie geneially well commented.) Options aie invoked by setting
shell enviionment vaiiables, and these vaiiables aie then iefeienced by the sciipts
within /etc/init.d. Some subsystems iequiie moie configuiation that otheis, and
those needing multiple configuiation files have piivate subdiiectoiies, such as the
sysconfig/network diiectoiy.
The windowmanager file is a typical example fiom the sysconfig diiectoiy:
== Fal. Deslo/Virdov naraer
== Descriior.
== Tye. srir(lde,vvn,rone,virdovnaler)
== Deaul. lde
== Cori. roiles,lde,susevn
=
= Here you car se le deaul virdov naraer (lde, vvn, ...)
= clares lere require a leas a re-loir
DL!AULT_VM=lde
== Tye. yesro
== Deaul. yes
=
= irsall le SUSL exersior or rev users
= (lene ard addiioral urciors)
=
lNSTALL_DLSKTOF_LXTLNSlONS=yes
Iach vaiiable is pieceded by YaST-ieadable
?
configuiation infoimation and a veibose
desciiption of the vaiiable's puipose. Foi example, in the windowmanager file, the
vaiiable IIFAIIT_WV sets the desktop window managei used by X.
SUSE did a paiticulaily nice job with the netwoik configuiation files found in the
subdiiectoiy /etc/sysconfig/network. This diiectoiy contains both global configu-
iation files (which set options peitinent to all netwoik inteifaces) and netwoik-spe-
cific files. Foi example, the network/routes file contains global iouting infoima-
tion. On a typical SUSE installation, its contents might look like this:
= Desiraior Dunny/Gaevay Nenasl Device
deaul l2.lo8.l0.2S4 0.0.0.0 el0
Routes that should be piesent only when a paiticulai inteiface is up and iunning can
be specified in a file called ifroute-ifname. Foi example, on an inteiface called eth1,
the file would be named ifroute-eth1 and its contents might be
= Desiraior Dunny/Gaevay Nenasl Device
l0.l0.0.0/24 l0.l0.0.2S4
The netmask and device can be specified if you wish, but the staitup sciipts will infei
the coiiect values.
SUSE also includes a chkconfig command foi managing staitup sciipts. It's entiiely
diffeient fiom the veision piovided by Red Hat, but it's an effective tool nonetheless
and should be used in favoi of manual sciipt management.
Whethei you choose to use YaST oi chkconfig oi maintain youi staitup sciipts by
hand, it's a good idea to look thiough /etc/sysconfig and pondei its contents.
A typical SUSE boot session looks like this:
[lerrel irornaior|
lNlT. versior 2.8S booir
Sysen Boo Corrol. Rurrir /ec/iri.d/boo
Mourir /roc ilesysen dore
Mourir syss or /sys dore
Mourir /dev/s dore
Boo loir sared or /dev/yl(/dev/corsole) a Tue Mar 2 l4.04.l2 200S
Mourir slared nenory !S or /dev/sl dore
Acivair sva-devices ir /ec/sab...
Addir l0S2248l sva or /dev/lda2. Frioriy.42 exers.l dore
Cleclir roo ile sysen...
...
3. YaST is a SUSE-specific giaphical configuiaiion uiiliiy ihai mainiains many aspecis of a SUSE sysiem.
See page 230 foi moie infoimaiion.
0eb|an and ubuntu startu scr|ts
If SUSE is the ultimate example of a well-designed and well-executed plan foi man-
aging staitup sciipts, Iebian is the exact opposite. The Iebian sciipts aie fiagile,
undocumented, and outiageously inconsistent. Sadly, it appeais that the lack of a
standaid way of setting up sciipts has iesulted in chaos in this case. Bad Iebian!
At each iun level, init invokes the sciipt /etc/init.d/rc with the new iun level as an
aigument. Each sciipt is iesponsible foi finding its own configuiation infoimation,
which may be in the foim of othei files in /etc, /etc/default, anothei subdiiectoiy of
/etc, oi somewheie in the sciipt itself.
If you'ie looking foi the hostname of the system, it's stoied in /etc/hostname, which
is iead by the /etc/init.d/hostname.sh sciipt. Netwoik inteiface and default gateway
paiameteis aie stoied in /etc/network/interfaces, which is iead by the ifup com-
mand called fiom /etc/init.d/networking. Some netwoik options can also be set in
/etc/network/options.
Iebian and Ubuntu have a soit of clandestine staitup sciipt management piogiam
in the foim of update-rc.d. Although its man page cautions against inteiactive use,
we have found it to be a useful, if less fiiendly, substitute foi chkconfig. Foi exam-
ple, to stait sshd in iun levels 2, ?, 4, and 5, and to stop it in levels 0, 1, and 6, use:
$ sudo /usr/sbn/update-rc.d sshd start 0123 stop 456
2.6 k8UU1IN6 AN0 Shu11IN6 0UwN
Iinux filesystems buffei changes in memoiy and wiite them back to disk only spo-
iadically. This scheme makes disk I/O fastei, but it also makes the filesystem moie
susceptible to data loss when the system is iudely halted.
Tiaditional UNIX and Iinux machines weie veiy touchy about how they weie shut
down. Vodein systems have become less sensitive (especially when using a iobust
filesystem such as ext3fs), but it's always a good idea to shut down the machine nicely
when possible. Impiopei shutdown can iesult in anything fiom subtle, insidious
pioblems to a majoi catastiophe.
On consumei-oiiented opeiating systems, iebooting the opeiating system is an ap-
piopiiate fiist couise of tieatment foi almost any pioblem. On a Iinux system, it's
bettei to think fiist and ieboot second. Iinux pioblems tend to be subtlei and moie
complex, so blindly iebooting is effective in a smallei peicentage of cases. Iinux sys-
tems also take a long time to boot, and multiple useis may be inconvenienced.
You may need to ieboot when you add a new piece of haidwaie oi when an existing
piece of haidwaie becomes so confused that it cannot be ieset. If you modify a con-
figuiation file that's used only at boot time, you must ieboot to make youi changes
take effect. If the system is so wedged that you cannot log in to make a piopei diag-
nosis of the pioblem, you obviously have no alteinative but to ieboot.
2.6 Rebooting and shutting down 41
Whenevei you modify a staitup sciipt, you should ieboot just to make suie that the
system comes up successfully. If you don't discovei a pioblem until seveial weeks
latei, you'ie unlikely to iemembei the details of youi most iecent changes.
Unlike bootstiapping, which can be done in essentially only one way, shutting
down oi iebooting can be done in a numbei of ways:
Tuining off the powei
Using the shutdown command
Using the halt and reboot commands
Using telinit to change init's iun level
Using the poweroff command to tell the system to tuin off the powei
1urn|ng off the ower
Even on a desktop system, tuining off the powei is not a good way to shut down. You
can potentially lose data and coiiupt the filesystems.
Many machines featuie "soft powei," which means that when you piess the powei
button, the machine actually iuns some commands to peifoim a piopei shutdown
sequence. If you'ie not suie whethei a machine has this featuie, don't poke the powei
button to find out! It's bettei to iun the shutdown sequence youiself.
That said, howevei, poweiing off is not the end of the woild. It's OK to tuin off the
powei in an emeigency if you can't affoid the time to biing machines down giace-
fully. Old-style machine iooms often had a panic button that tuined eveiything off
at once. Oui sysadmins once tiiggeied it with a pooily aimed Neif football.
shutdown. the gentee| way to ha|t the system
shutdown is the safest, most consideiate, and most thoiough way to initiate a halt oi
ieboot oi to ietuin to single-usei mode.
You can ask shutdown to wait awhile befoie biinging down the system. Iuiing the
waiting peiiod, shutdown sends messages to logged-in useis at piogiessively shoitei
inteivals, waining them of the impending downtime. By default, the wainings sim-
ply say that the system is being shut down and give the time iemaining until the
event; you can also supply a shoit message of youi own. Youi message should tell
why the system is being biought down and should estimate how long it will be be-
foie useis can log in again (e.g., "back at 11:00 a.m."). Useis cannot log in when a
shutdown is imminent, but they will see youi message if you specified one.
shutdown lets you specify whethei the machine should halt (-h) oi ieboot (-r) aftei
the shutdown is complete. You can also specify whethei you want to foicibly fsck the
disks aftei a ieboot (-F) oi not (-f). By default, Linux automatically skips the fsck
checks whenevei the filesystems weie piopeily unmounted.
Foi example, a shutdown command that ieminds useis of scheduled maintenance
and halts the system at 9:?0 a.m. would look something like this:
= shutdown -h 09:30 "Cong down for scheduIed mantenance. Expected
downtme s 1 hour"
It's also possible to specify a ielative shutdown time. Foi example, the following com-
mand will effect a shutdown 15 minutes fiom when it is iun:
= shutdown -h +15 "Cong down for emergency dsk repar."
ha|t. a s|m|er way to shut down
The halt command peifoims the essential duties iequiied to biing the system down.
It is called by shutdown -hbut can also be used by itself. halt logs the shutdown, kills
nonessential piocesses, executes the sync system call (called by and equivalent to the
sync command), waits foi filesystem wiites to complete, and then halts the keinel.
halt -n pievents the sync call. It's used by fsck aftei it iepaiis the ioot paitition. If
fsck did not use -n, the keinel might oveiwiite fsck's iepaiis with old veisions of the
supeiblock that weie cached in memoiy.
reboot. qu|ck and d|rty restart
reboot is almost identical to halt, but it causes the machine to ieboot instead of halt-
ing. reboot is called by shutdown -r. Like halt, it suppoits the -n flag.
te||n|t. change |n|t's run |eve|
You can use telinit to diiect init to go to a specific iun level. Foi example,
= teInt 1
takes the system to single-usei mode.
When you use telinit, you do not get the nice waining messages oi giace peiiod that
you get with shutdown, so most of the time you'll piobably want to avoid it. telinit
is most useful foi testing changes to the inittab file.
oweroff. ask L|nux to turn off the ower
The poweroff command is identical to halt, except that aftei Linux has been shut
down, poweroff sends a iequest to the powei management system (on systems that
have one) to tuin off the system's main powei. This featuie makes it easy to tuin off
machines iemotely (foi example, duiing an electiical stoim).
Unfoitunately, theie is no coiiesponding poweron command. The ieason foi this
appaient oveisight is left as an exeicise foi the ieadei.
2.1 lxercises 43
2.7 XkCISS
E2.1 Why is it impoitant to iun lilo -t befoie installing the IIIO boot loadei?
How do you boot a keinel named something othei than vmlinuz?
E2.2 Why shouldn't a Iinux system be tuined off with the powei button on the
computei case? What aie some of the alteinatives?
E2.3 Use the CRUB command line to boot a keinel that isn't in grub.conf.
E2.4 Explain the concept of iun levels. Iist the iun levels defined in Iinux, and
biiefly desciibe each. What is the ielationship between iun level 1 and
iun level S?
E2.5 Wiite a staitup sciipt to stait the "foo" daemon (/usr/local/sbin/foo), a
netwoik seivice. Show how you would glue it into the system to stait au-
tomatically at boot time.
E2.6 Obtain and install the mactime piogiam by Ian Faimei and Wietse Ven-
ema (it's pait of the TCT toolkit). Run mactime to cieate an initial data-
base of the time stamps associated with youi system files. Reboot the ma-
chine. Run mactime again and deteimine which files have been modified
by youi booting the machine. Which files weie accessed but not modi-
fied? (Requiies ioot access.)
E2.7 If a system is at iun level 4 and you iun the command telinit 1, what steps
will be taken by init? What will be the final iesult of the command?
E2.8 Iiaw a dependency giaph that shows which daemons must be staited be-
foie othei daemons on youi Iinux system.
E2.9 Iist in oidei the steps used to cieate a woiking multi-OS system that in-
cludes Iinux and Windows. Use CRUB and the Windows boot loadei.
44
koot/, Powers
Iveiy file and piocess on a Iinux system is owned by a paiticulai usei account. Uthei
useis can't access these objects without the ownei's peimission, so this convention
helps piotect useis against one anothei's misdeeds, both intentional and accidental.
System files and piocesses aie most commonly owned by a fictitious usei called
"ioot," also known as the supeiusei. As with any account, ioot's piopeity is piotected
against inteifeience fiom othei useis. To make administiative changes, you'll need to
use one of the methods of accessing the ioot account desciibed in this chaptei.
The ioot account has seveial "magic" piopeities. Root can act as the ownei of any
file oi piocess. Root can also peifoim seveial special opeiations that aie off-limits to
othei useis. The account is both poweiful and, in caieless oi malicious hands, poten-
tially dangeious.
This chaptei intioduces the basics of supeiusei access foi administiatois. Chaptei
20, Security, desciibes how to avoid unwanted and embaiiassing supeiusei access
by otheis. Chaptei ?0, Management, Iclicy, and Iclitics coveis the ielevant political
and administiative aspects.
3.1 UwNkShIP UI IILS AN0 PkUCSSS
Iveiy file has both an ownei and a "gioup ownei." The ownei of the file enjoys one
special piivilege that is not shaied with eveiyone on the system: the ability to mod-
ify the peimissions of the file. In paiticulai, the ownei can set the peimissions on a
Rootly Poweis
3.1 0wnershi of files and rocesses 45
file so iestiictively that no one else can access it.
1
We talk moie about file peimis-
sions in Chaptei 5, 1he Filesystem.
See page 97 fcr
mcre infcrmaticn
abcut grcups.
Although the ownei of a file is always a single peison, many people can be gioup
owneis of the file, as long as they aie all pait of a single Iinux gioup. Cioups aie
tiaditionally defined in the /etc/group file, but these days gioup infoimation is
moie commonly stoied on an NIS oi IIAP seivei on the netwoik; see Chaptei 17,
Sharing System Files, foi details.
The ownei of a file gets to specify what the gioup owneis can do with it. This scheme
allows files to be shaied among membeis of the same pioject. Foi example, we use a
gioup to contiol access to the souice files foi the www.admin.com web site.
Both owneiships of a file can be deteimined with ls -l filename. Foi example:
$ Is -I /staff/scott/todo
-rv------- l sco sa l2S8 [ur 4 l8.lS /sa/sco/odo
This file is owned by the usei "scott" and the gioup "staff."
Linux actually keeps tiack of owneis and gioups as numbeis iathei than as text
names. In the most basic case, identification numbeis (UIIs foi shoit) aie mapped
to usei names in the /etc/passwd file, and gioup identification numbeis (CIIs) aie
mapped to gioup names in /etc/group. The text names that coiiespond to IIIs and
CIIs aie defined only foi the convenience of the system's human useis. When com-
mands such as ls want to display owneiship infoimation in a human-ieadable foi-
mat, they must look up each name in the appiopiiate file oi database.
The ownei of a piocess can send the piocess signals (see page 57) and can also ie-
duce (degiade) the piocess's scheduling piioiity. Piocesses actually have at least
seven identities associated with them: a ieal, effective, and saved UII; a ieal, effec-
tive, and saved CII; and undei Iinux, a "filesystem UII" that is used only to detei-
mine file access peimissions. Bioadly speaking, the ieal numbeis aie used foi ac-
counting and the effective numbeis aie used foi the deteimination of access
peimissions. The ieal and effective numbeis aie noimally the same.
Saved IIs have no diiect effect. They allow piogiams to "paik" an inactive II foi
latei use, thus facilitating the paisimonious use of enhanced piivileges. The filesys-
tem UII is geneially explained as an implementation detail of NFS and is usually
the same as the effective UII.
infcrmaticn abcut
permissicn bits.
Although it is not noimally possible foi a piocess to altei its owneiship ciedentials,
theie is a special situation in which the effective usei and gioup IIs can be changed.
When the keinel iuns an executable file that has its "setuid" oi "setgid" peimission
bits set, it changes the effective UII oi CII of the iesulting piocess to the UII oi
CII of the file containing the piogiam image iathei than the UII and CII of the
usei that ian the command. The usei's piivileges aie thus "piomoted" foi the execu-
tion of that specific command only.
1. In faci, ihe peimissions can be sei so iesiiiciively ihai even ihe ownei of a file cannoi access ii.
46 Chater 3 - Rootly Powers
Iinux's setuid facility allows piogiams iun by oidinaiy useis to make use of the ioot
account in a limited and tightly contiolled way. Foi example, the passwd command
that useis iun to change theii login passwoid is a setuid piogiam. It modifies the
/etc/shadow (oi /etc/passwd) file in a well-defined way and then teiminates. Of
couise, even this limited task has potential foi abuse, so passwd iequiies useis to
piove that they know the cuiient account passwoid befoie it agiees to make the ie-
quested change.
3.2 1h SuPkuSk
The defining chaiacteiistic of the ioot account is its UID of 0. Linux does not pie-
vent you fiom changing the useiname on this account oi fiom cieating additional
accounts whose UIIs aie 0, but both aie bad ideas. Such changes have a tendency to
cieate inadveitent bieaches of system secuiity. They also engendei confusion when
othei people have to deal with the stiange way you've configuied youi system.
Tiaditional UNIX allows the supeiusei (that is, any piocess whose effective UID is
0) to peifoim any valid opeiation on any file oi piocess.
2
In addition, some system
calls (iequests to the keinel) can be executed only by the supeiusei. Some examples
of such iestiicted opeiations aie
Changing the ioot diiectoiy of a piocess with chroot
Cieating device files
Setting the system clock
Raising iesouice usage limits and piocess piioiities

?
Setting the system's hostname
Configuiing netwoik inteifaces
Opening piivileged netwoik poits (those numbeied below 1,024)
Shutting down the system

An example of supeiusei poweis is the ability of a piocess owned by ioot to change
its III and CII. The login piogiam and its window system equivalents aie a case in
point; the piocess that piompts you foi youi passwoid when you log in to the system
initially iuns as ioot. If the passwoid and useiname that you entei aie legitimate, the
login piogiam changes its III and CII to youi III and CII and staits up youi usei
enviionment. Once a ioot piocess has changed its owneiships to become a noimal
usei piocess, it can't iecovei its foimei piivileged state.
Iinux systems aie theoietically capable of subdividing the piivileges of the ioot ac-
count accoiding to the POSIX standaid foi "capabilities." Foi vaiious ieasons, in-
cluding pioblems with the cuiient implementation, this facility is not as helpful oi
as ielevant to system administiatois as it might initially appeai. Foi moie comments
on capabilities, see the discussion on page 68?.
2. "Valid" is an impoiiani weasel woid heie. Ceiiain opeiaiions (such as execuiing a file on which ihe
execuie peimission bii is noi sei) aie foibidden even io ihe supeiusei.
3. As of keinel veision 2.6.12, a new iesouice limii allows useis oihei ihan ihe supeiusei io iaise piocess
piioiiiies if ihe sysiem adminisiiaioi allows ihis.
3.3 Choosing a root assword 47
3.3 ChUUSIN6 A kUU1 PASSwUk0
See page 9u fcr mcre
infcrmaticn abcut
passwcrd cracking.
The ioot passwoid should be at least eight chaiacteis in length; seven-chaiactei pass-
woids aie substantially easiei to ciack. Un systems that use IIS passwoids, it doesn't
help to use a passwoid longei than eight chaiacteis because only the fiist eight aie
significant. See the section Lncrypted passwcrd staiting on page 96 foi infoimation
about how to enable MI5 passwoids, which can be longei than eight chaiacteis.
It's impoitant that the ioot passwoid be selected so as not to be easily guessed oi
discoveied by tiial and eiioi. In theoiy, the most secuie type of passwoid consists of
a iandom sequence of letteis, punctuation, and digits. But because this type of pass-
woid is haid to iemembei and usually difficult to type, it may not be optimally secuie
if administiatois wiite it down oi type it slowly.
Until iecently, a passwoid consisting of two iandomly selected woids sepaiated by a
punctuation maik was a pietty good compiomise between secuiity and memoiabil-
ity. Unfoitunately, such passwoids can now be ciacked faiily quickly; we now advise
against this scheme.
These days, we suggest that you foim a ioot passwoid by boiling down a phiase of
"shocking nonsense," defined by Ciady Waid in an eailiei veision of the PCP Pass-
phiase FAQ:
"Shccking ncnsense means tc make up a shcrt phrase cr sentence that is
bcth ncnsensical and shccking in the culture cf the user. 1hat is, it ccntains
grcssly cbscene, racist, impcssible cr ctherwise extreme juxtapcsiticns cf
ideas. 1his technique is permissible because the passphrase, by its nature, is
never revealed tc anycne with sensibilities tc cffend.
Shccking ncnsense is unlikely tc be duplicated anywhere because it dces nct
describe a matter cf fact that cculd be accidentally redisccvered by scmecne
else. 1he emcticnal evccaticn makes it difficult fcr the creatcr tc fcrget. A
mild example cf such shccking ncnsense might be, "Mcllusks peck my gallcp-
ing genitals. 1he reader can undcubtedly make up many far mcre shccking
cr entertaining examples fcr him cr herself.
You can ieduce such a phiase to a passwoid by iecoiding only the fiist lettei of each
woid oi by some similai tiansfoimation. Passwoid secuiity will be incieased enoi-
mously if you include numbeis, punctuation maiks, and capital letteis.
You should change the ioot passwoid
At least eveiy thiee months oi so
Eveiy time someone who knows the passwoid leaves youi site
Whenevei you think secuiity may have been compiomised
On a day you'ie not planning to paity so haid in the evening that you will
have foigotten the passwoid the next moining
3.4 8CUMIN6 kUU1
Since ioot is just anothei usei, you can log in diiectly to the ioot account. Howevei,
this tuins out to be a bad idea. To begin with, it leaves no iecoid of what opeiations
weie peifoimed as ioot. That's bad enough when you iealize that you bioke some-
thing last night at 3:00 a.m. and can't iemembei what you changed; it's even woise
when an access was unauthoiized and you aie tiying to figuie out what an intiudei
has done to youi system. Anothei disadvantage is that the log-in-as-ioot scenaiio
leaves no iecoid of who was ieally doing the woik. If seveial people have access to
the ioot account, you won't be able to tell who used it when.
Foi these ieasons, most systems allow ioot logins to be disabled on teiminals and
acioss the netwoik-eveiywheie but on the system console.
4
We suggest that you
use these featuies. See Secure terminals on page 685 to find out what file you need to
edit on youi paiticulai system.
su. subst|tute user |dent|ty
A slightly bettei way to access the ioot account is to use the su command. If invoked
without any aiguments, su will piompt foi the ioot passwoid and then stait up a
ioot shell. The piivileges of this shell iemain in effect until the shell teiminates (by
<Contiol-I> oi the exit command). su doesn't iecoid the commands executed as
ioot, but it does cieate a log entiy that states who became ioot and when.
The su command can also substitute identities othei than ioot. Sometimes, the only
way to iepioduce oi debug a usei's pioblem is to su to theii account so that you ie-
pioduce the enviionment in which the pioblem occuis.
If you know someone's passwoid, you can access that peison's account diiectly by
executing su username. As with an su to ioot, you will be piompted foi the pass-
woid foi username. You can also fiist su to ioot and then su to anothei account; ioot
can su to any account without pioviding a passwoid.
It's a good idea to get in the habit of typing the full pathname to the su command
(e.g., /bin/su) iathei than ielying on the shell to find the command foi you. This
will give you some piotection against piogiams called su that may have been slipped
into youi seaich path with the intention of haivesting passwoids.
5
sudo. a ||m|ted su
Since the piivileges of the supeiusei account cannot be subdivided (at least, not ai-
bitiaiily), it's haid to give someone the ability to do one task (backups, foi example)
without giving that peison fiee iun of the system. And if the ioot account is used by
4. Ubuniu Linux goes even fuiihei. By defauli, ihe sysiem has no valid iooi passwoid and iequiies ihe use
of sudo, deiailed laiei in ihis seciion.
5. Foi ihe same ieason, we highly iecommend ihai you not include "." (ihe cuiieni diiecioiy) in youi
shell's seaich paih. Alihough convenieni, ihis configuiaiion makes ii easy io inadveiienily iun
"special" veisions of sysiem commands ihai a usei oi iniiudei has lefi lying aiound as a iiap. Naiuially,
ihis advice goes double foi iooi.
3.4 becoming root 49
seveial administiatois, you ieally have only a vague idea of who's using it oi what
they've done.
The most widely used solution to these pioblems is a piogiam called sudo that is
cuiiently maintained by Todd Millei. It's included by default on all oui example dis-
tiibutions but is also available in souice code foim fiom www.couitesan.com.
sudo takes as its aigument a command line to be executed as ioot (oi as anothei
iestiicted usei). sudo consults the file /etc/sudoers, which lists the people who aie
authoiized to use sudo and the commands they aie allowed to iun on each host. If
the pioposed command is peimitted, sudo piompts foi the users cwn passwoid and
executes the command.
Additional sudo commands can be executed without the "sudoei" having to type a
passwoid until a five-minute peiiod (configuiable) has elapsed with no fuithei sudo
activity. This timeout seives as a modest piotection against useis with sudo piivi-
leges who leave teiminals unattended.
sudo keeps a log of the command lines that weie executed, the hosts on which they
weie iun, the people who iequested them, the diiectoiy fiom which they weie iun,
and the times at which they weie invoked. This infoimation can be logged by syslog
oi placed in the file of youi choice. We iecommend using syslog to foiwaid the log
entiies to a secuie cential host.
A log entiy foi iandy executing sudo /bin/cat /etc/sudoers might look like this:
Dec l0.S.l ier sudo. rardy. TTY=y0 , FVD=/ier/users/rardy,
USLR=roo , COMMAND=/bir/ca /ec/sudoers
The sudoers file is designed so that a single veision can be used on many diffeient
hosts at once. Heie's a typical example:
= Deire aliases or naclires ir CS & Flysics dearners
Hos_Alias CS = ier, arclor, ier, noe, sii
Hos_Alias FHYSlCS = erirce, rirce, icarus
= Deire colleciors o connards
Cnrd_Alias DUMF = /sbir/dun, /sbir/resore
Cnrd_Alias FRlNTlNG = /usr/sbir/lc, /usr/bir/lrn
Cnrd_Alias SHLLLS = /bir/sl, /bir/csl, /bir/basl, /bir/asl, /bir/bsl
= Fernissiors
narl, ed FHYSlCS = ALL
lerb CS = /usr/sbir/cdun . FHYSlCS = (oeraor) DUMF
lyrda ALL = (ALL) ALL, 'SHLLLS
vleel ALL, 'FHYSlCS = NOFASSVD. FRlNTlNG
The fiist five noncomment lines define gioups of hosts and commands that aie ie-
feiied to in the peimission specifications latei in the file. The lists could be included
liteially in the specs, but the use of aliases makes the sudoers file easiei to iead and
undeistand; it also makes the file easiei to update in the futuie. It's also possible to
define aliases foi sets of useis and foi sets of useis as whom commands may be iun.
Each peimission specification line includes infoimation about
The useis to whom the line applies
The hosts on which the line should be heeded
The commands that the specified useis can iun
The useis as whom the commands can be executed

The fiist peimission line applies to the useis maik and ed on the machines in the
FHYSlCS gioup (epiince, ppiince, and icaius). The built-in command alias ALL al-
lows them to iun any command. Since no list of useis is specified in paientheses,
sudo will only iun commands as ioot.
The second peimission line allows heib to iun tcpdump on CS machines and dump-
ielated commands on FHYSlCS machines. Howevei, the dump commands can only
be iun as opeiatoi, not as ioot. The actual command line that heib would type would
be something like
$ sudo -u operator /sbn/dump 0u /dev/hda2
The usei lynda can iun commands as any usei on any machine, except that she can't
iun seveial common shells. Ioes this mean that lynda ieally can't get a ioot shell? Of
couise not:
$ cp -p /bn/bash /tmp/bash
$ sudo /tmp/bash
Geneially speaking, any attempt to allow "all commands except." is doomed to
failuie, at least in a technical sense. Howevei, it may still be woithwhile to set up the
sudoers file this way as a iemindei that ioot shells aie fiowned upon. It may discoui-
age casual use.
The final line allows useis in gioup wheel to iun lpc and lprmas root on all machines
except epiince, ppiince, and icaius. Fuitheimoie, no passwoid is iequiied to iun
the commands.
Note that commands in /etc/sudoers aie specified with full pathnames to pievent
people fiom executing theii own piogiams and sciipts as ioot. Though no examples
aie shown above, it is possible to specify the aiguments that aie peimissible foi each
command as well. In fact, this simple configuiation only sciatches the suiface of the
beauty and splendoi that is the sudoers file.
To modify /etc/sudoers, you use the visudo command, which checks to be suie no
one else is editing the file, invokes an editoi on it, and then veiifies the syntax of the
edited file befoie installing it. This last step is paiticulaily impoitant because an in-
valid sudoers file might pievent you fiom sudoing again to fix it.
The use of sudo has the following advantages:
Accountability is much impioved because of command logging.
Opeiatois can do choies without unlimited ioot piivileges.
The ieal ioot passwoid can be known to only one oi two people.
3.5 0ther seudo-users 51
It's fastei to use sudo to iun a single command than to su oi log in as ioot.
Piivileges can be ievoked without the need to change the ioot passwoid.
A canonical list of all useis with ioot piivileges is maintained.
Theie is less chance of a ioot shell being left unattended.
A single file can be used to contiol access foi an entiie netwoik.

See page 9u fcr
mcre infcrmaticn
abcut jchn the Ripper.
Theie aie a couple of disadvantages as well. The woist of these is that any bieach in
the secuiity of a sudoei's peisonal account can be equivalent to bieaching the ioot
account itself. Theie is not much you can do to countei this thieat othei than to cau-
tion youi sudoeis to piotect theii own accounts as they would the ioot account. You
can also iun John the Rippei iegulaily on sudoeis' passwoids to ensuie that they aie
making good passwoid selections.
sudo's command logging can be subveited by tiicks such as shell escapes fiom
within an allowed piogiam oi by sudo sh and sudo su if you allow them.
3.5 U1hk PSu0U-uSkS
Root is the only usei that has special status in the eyes of the keinel, but seveial
othei pseudo-useis aie defined by the system. It's customaiy to ieplace the en-
ciypted passwoid field of these special useis in /etc/shadow with a stai so that theii
accounts cannot be logged in to.
b|n. |egacy owner of system commands
On some oldei UNIX systems, the bin usei owned the diiectoiies that contained the
system's commands and most of the commands themselves as well. This account is
often iegaided as supeifluous these days (oi peihaps even slightly insecuie), so mod-
ein systems (including Iinux) geneially just use the ioot account. Un the othei hand,
now that the bin account is "standaid," it can't ieally be done away with eithei.
daemon. owner of unr|v||eged system software
Files and piocesses that aie pait of the opeiating system but that need not be owned
by ioot aie sometimes given to daemon. The theoiy was that this convention would
help avoid the secuiity hazaids associated with owneiship by ioot. A gioup called
"daemon" also exists foi similai ieasons. Iike the bin account, the daemon account
is not used much by most Iinux distiibutions.
nobody. the gener|c NIS user
ncbcdy acccunt.
The Netwoik File System (NFS) uses the nobody account to iepiesent ioot useis on
othei systems foi puiposes of file shaiing. Foi iemote ioots to be stiipped of theii
iootly poweis, the iemote III 0 has to be mapped to something othei than the local
III 0. The nobody account acts as the geneiic altei ego foi these iemote ioots.
Since the nobody account is supposed to iepiesent a geneiic and ielatively poweiless
usei, it shouldn't own any files. If nobody does own files, iemote ioots will be able to
take contiol of them. Nobody shouldn't own no files!
A UII of -1 oi -2 was tiaditional foi nobody, and the Iinux keinel still defaults to
using UII 655?4 (the 16-bit twos-complement veision of -2). Some distiibutions
assign a low-numbeied UII to nobody (foi example, Red Hat and Fedoia use 99),
which makes moie sense than 655?4 now that we have ?2-bit UIIs. The only snag is
that exportfs does not seem to pay attention to the passwd file, so you must explic-
itly tell it with the anonuid option to use a diffeient UII foi nobody.
3.6 XkCISS
E3.1 Use the find command with the -perm option to locate five setuid files on
youi system. Foi each file, explain why the setuid mechanism is necessaiy
foi the command to function piopeily.
E3.2 Cieate thiee "shocking nonsense" passphiases but keep them to youiself.
Run youi thiee passphiases thiough md5sum and iepoit these iesults.
Why is it safe to shaie the MI5 iesults?
E3.3 Enumeiate a sequence of commands that modify someone's passwoid
entiy and show how you could covei youi tiacks. Assume you had only
sudo powei (all commands allowed, but no shells oi su).
E3.4 Cieate two entiies foi the sudoers configuiation file:
a) Une entiy that allows useis matt, adam, and diew to seivice the piintei,
unjam it, and iestait piintei daemons on the machine piintseivei
b) One entiy that allows diew, smithgi, and jimlane to kill jobs and ie-
boot the machines in the student lab
E3.5 Install sudo configuied to send its mail tattling about misuse to you. Use
it to test the sudo entiies of the pievious question with local useinames
and machine names; veiify that sudo is logging to syslog piopeily. Iook
at the syslog entiies pioduced by youi testing. (Requiies ioot access;
you'll most likely have to tweak /etc/syslog.conf, too.)
53
Cootro///oq Processes
A piocess is the abstiaction used by Linux to iepiesent a iunning piogiam. It's the
object thiough which a piogiam's use of memoiy, piocessoi time, and I/O iesouices
can be managed and monitoied.
It is pait of the Iinux and UNIX philosophy that as much woik as possible be done
within the context of processes, rather than handled specially by the kernel. System
and usei piocesses all follow the same iules, so you can use a single set of tools to
contiol them both.
4.1 CUMPUNN1S UI A PkUCSS
A piocess consists of an addiess space and a set of data stiuctuies within the keinel.
The addiess space is a set of memoiy pages
1
that the keinel has maiked foi the pio-
cess's use. It contains the code and libiaiies that the piocess is executing, the piocess's
vaiiables, its stacks, and vaiious extia infoimation needed by the keinel while the
piocess is iunning. Because Iinux is a viitual memoiy system, theie is no coiiela-
tion between a page's location within an addiess space and its location inside the
machine's physical memoiy oi swap space.
The keinel's inteinal data stiuctuies iecoid vaiious pieces of infoimation about each
piocess. Some of the moie impoitant of these aie:
The piocess's addiess space map
The cuiient status of the piocess (sleeping, stopped, iunnable, etc.)

1. Pages aie ihe uniis in which memoiy is managed, usually 4K on PCs.
Contiolling Piocesses
54 Chater 4 - Controlling Processes
The execution piioiity of the piocess
Infoimation about the iesouices the piocess has used
Infoimation about the files and netwoik poits that the piocess has opened
The piocess's signal mask (a iecoid of which signals aie blocked)
The ownei of the piocess

Some of these attiibutes may be shaied among seveial piocesses to cieate a "thiead
gioup," which is the Iinux analog of a multithieaded piocess in tiaditional UNIX.
Though they may shaie an addiess space, the membeis of a thiead gioup have theii
own execution piioiities and execution states. In piactice, few piocesses of inteiest
to system administiatois use multiple thieads of execution, and even those that do
(such as BINI 9's named) don't geneially iequiie administiative attention at this
level of gianulaiity.
Many of the paiameteis associated with a piocess diiectly affect its execution: the
amount of piocessoi time it gets, the files it can access, and so on. In the following
sections, we discuss the meaning and significance of the paiameteis that aie most
inteiesting fiom a system administiatoi's point of view. These attiibutes aie common
to all veisions of UNIX and Iinux.
PI0. rocess I0 number
The keinel assigns a unique ID numbei to eveiy piocess. Most commands and sys-
tem calls that manipulate piocesses iequiie you to specify a PII to identify the taiget
of the opeiation. PIIs aie assigned in oidei as piocesses aie cieated.
PPI0. arent PI0
Iinux does not supply a system call that cieates a new piocess iunning a paiticulai
piogiam. Instead, an existing piocess must clone itself to cieate a new piocess. The
clone can then exchange the piogiam it is iunning foi a diffeient one.
When a piocess is cloned, the oiiginal piocess is iefeiied to as the paient, and the
copy is called the child. The PPII attiibute of a piocess is the PII of the paient fiom
which it was cloned.
2
The paient PII is a useful piece of infoimation when you'ie confionted with an un-
iecognized (and possibly misbehaving) piocess. Tiacing the piocess back to its oii-
gin (whethei a shell oi anothei piogiam) may give you a bettei idea of its puipose
and significance.
uI0 and uI0. rea| and effect|ve user I0
See page 9 fcr
mcre infcrmaticn
abcut UIIs.
A piocess's UID is the usei identification numbei of the peison who cieated it, oi
moie accuiately, it is a copy of the III value of the paient piocess. Isually, only the
cieatoi (aka the "ownei") and the supeiusei aie peimitted to manipulate a piocess.
2. Ai leasi iniiially. If ihe oiiginal paieni dies, init (piocess 1) becomes ihe new paieni. See page 56.
4.1 Comonents of a rocess 55
The EUII is the "effective" usei II, an extia UII used to deteimine what iesouices
and files a process has permission to access at any given moment. For most processes,
the UII and EUII aie the same, the usual exception being piogiams that aie setuid.
Why have both a UII and an EUII? Simply because it's useful to maintain a distinc-
tion between identity and peimission, and because a setuid piogiam may not wish to
opeiate with expanded peimissions all the time. The effective UID can be set and
ieset to enable oi iestiict the additional peimissions it giants.
Iinux also keeps tiack of a "saved UII," which is a copy of the piocess's EUII at the
point at which the piocess fiist begins to execute. Unless the piocess takes steps to
obliteiate this saved UII, it iemains available foi use as the ieal oi effective UII. A
conseivatively wiitten setuid piogiam can theiefoie ienounce its special piivileges
foi the majoiity of its execution, accessing them only at the specific points that extia
piivileges aie needed.
Iinux also defines a nonstandaid FSUII piocess paiametei that contiols the detei-
mination of filesystem peimissions. It is infiequently used outside the keinel.
The implications of this multi-UII system can be quite subtle. If you need to delve
into the details, Iavid A. Wheelei's fiee on-line book Secure Ircgramming fcr Iinux
and Unix HOW1O is an excellent iesouice. It's available fiom www.dwheelei.com.
6I0 and 6I0. rea| and effect|ve grou I0
See page 97 fcr
mcre infcrmaticn
abcut grcups.
The CII is the gioup identification numbei of a piocess. The ECII is ielated to the
CII in the same way that the EUII is ielated to the UII in that it can be "upgiaded"
by the execution of a setgid piogiam. The keinel maintains a saved CII similai in
intent to the saved UII.
The CII attiibute of a piocess is laigely vestigial. Foi puiposes of access deteimina-
tion, a piocess can be a membei of many gioups at once. The complete gioup list is
stoied sepaiately fiom the distinguished CII and ECII. Ieteiminations of access
peimissions noimally take account of the ECII and the supplemental gioup list, but
not the CII.
The only time at which the CII gets to come out and play is when a piocess cieates
new files. Iepending on how the filesystem peimissions have been set, new files
may adopt the CII of the cieating piocess. See page 82 foi moie infoimation.
N|ceness
A piocess's scheduling piioiity deteimines how much CPU time it ieceives. The kei-
nel uses a dynamic algoiithm to compute piioiities, taking into account the amount
of CPU time that a piocess has iecently consumed and the length of time it has been
waiting to iun. The keinel also pays attention to an administiatively set value that's
usually called the "nice value" oi "niceness," so called because it tells how nice you
aie planning to be to othei useis of the system. We take up the subject of niceness in
detail on page 61.
In an effoit to piovide bettei suppoit foi low-latency applications, Iinux has added
"scheduling classes" to the tiaditional UNIX scheduling model. Theie aie cuiiently
thiee scheduling classes, and each piocess is assigned to one class. Unfoitunately,
the ieal-time classes aie neithei widely used noi well suppoited fiom the command
line. System piocess all use the tiaditional niceness-based schedulei. In this book we
discuss only the standaid schedulei. See www.iealtimelinuxfoundation.oig foi moie
discussion of issues ielated to ieal-time scheduling.
Contro| term|na|
Most nondaemon piocesses have an associated contiol teiminal. The contiol teimi-
nal deteimines default linkages foi the standaid input, standaid output, and stan-
daid eiioi channels. When you stait a command fiom the shell, youi teiminal noi-
mally becomes the piocess's contiol teiminal. The concept of a contiol teiminal also
affects the distiibution of signals, which aie discussed staiting on page 57.
4.2 1h LII CCL UI A PkUCSS
To cieate a new piocess, a piocess typically copies itself with the fork system call.
fork cieates a copy of the oiiginal piocess that is laigely identical to the paient. The
new piocess has a distinct PII and has its own accounting infoimation.
fork has the unique piopeity of ietuining two diffeient values. Fiom the child's point
of view, it ietuins zeio. The paient ieceives the PID of the newly cieated child. Since
the two piocesses aie otheiwise identical, they must both examine the ietuin value
to figuie out which iole they aie supposed to play.
Aftei a fork, the child piocess will often use one of the exec family of system calls to
begin execution of a new piogiam.
?
These calls change the piogiam text that the pio-
cess is executing and ieset the data and stack segments to a piedefined initial state.
The various forms of exec diffei only in the ways in which they specify the command-
line aiguments and enviionment to be given to the new piogiam.
Iinux defines an alteinative to fork called clone. This call cieates sets of piocesses
that shaie memoiy, I/O spaces, oi both. The featuie is analogous to the multithiead-
ing facility found on most veisions of UNIX, but each thiead of execution is iepie-
sented as a full-fledged piocess iathei than a specialized "thiead" object.
See Chapter 2 fcr
mcre infcrmaticn
abcut bccting and
the |n|t daemcn.
When the system boots, the keinel autonomously cieates and installs seveial pio-
cesses. The most notable of these is init, which is always piocess numbei 1. init is
iesponsible foi executing the system's staitup sciipts. All piocesses othei than the
ones the keinel cieates aie descendants of init.
init also plays anothei impoitant iole in piocess management. When a piocess com-
pletes, it calls a ioutine named _exit to notify the keinel that it is ieady to die. It
supplies an exit code (an integei) that tells why it's exiting. By convention, 0 is used
to indicate a noimal oi "successful" teimination.
3. Aciually, all bui one aie libiaiy iouiines, noi sysiem calls.
4.3 Signals 57
Befoie a piocess can be allowed to disappeai completely, Iinux iequiies that its death
be acknowledged by the piocess's paient, which the paient does with a call to wait.
The paient ieceives a copy of the child's exit code (oi an indication of why the child
was killed if the child did not exit voluntaiily) and can also obtain a summaiy of the
child's use of iesouices if it wishes.
This scheme woiks fine if paients outlive theii childien and aie conscientious about
calling wait so that dead piocesses can be disposed of. If the paient dies fiist, how-
evei, the keinel iecognizes that no wait will be foithcoming and adjusts the piocess
to make the oiphan a child of init. init accepts these oiphaned piocesses and pei-
foims the wait needed to get iid of them when they die.
4.3 SI6NALS
Signals aie piocess-level inteiiupt iequests. About thiity diffeient kinds aie defined,
and they'ie used in a vaiiety of ways:
They can be sent among piocesses as a means of communication.
They can be sent by the teiminal diivei to kill, inteiiupt, oi suspend pio-
cesses when special keys such as <Contiol-C> and <Contiol-7> aie typed.
4
They can be sent by the administiatoi (with kill) to achieve vaiious iesults.
They can be sent by the keinel when a piocess commits an infiaction such
as division by zeio.
They can be sent by the keinel to notify a piocess of an "inteiesting" con-

dition such as the death of a child piocess oi the availability of data on an
I/O channel.
A ccre dump is
a prccesss memcry
image. It can be used
fcr debugging.
When a signal is ieceived, one of two things can happen. If the ieceiving piocess has
designated a handlei ioutine foi that paiticulai signal, the handlei is called with in-
foimation about the context in which the signal was deliveied. Otheiwise, the keinel
takes some default action on behalf of the piocess. The default action vaiies fiom
signal to signal. Vany signals teiminate the piocess; some also geneiate a coie dump.
Specifying a handlei ioutine foi a signal within a piogiam is iefeiied to as "catching"
the signal. When the handlei completes, execution iestaits fiom the point at which
the signal was ieceived.
To pievent signals fiom aiiiving, piogiams can iequest that they be eithei ignoied oi
blocked. A signal that is ignoied is simply discaided and has no effect on the piocess.
A blocked signal is queued foi deliveiy, but the keinel doesn't iequiie the piocess to
act on it until the signal has been explicitly unblocked. The handlei foi a newly un-
blocked signal is called only once, even if the signal was ieceived seveial times while
ieception was blocked.
4. The funciions of <Coniiol-Z> and <Coniiol-C> can be ieassigned io oihei keys wiih ihe stty com-
mand, bui ihis is iaie in piaciice. In ihis chapiei we iefei io ihem by iheii conveniional bindings.
Table 4.1 lists some signals with which all administiatois should be familiai. The up-
peicase convention foi signal names deiives fiom C language tiadition. You might
also sometimes see signal names wiitten with a SIC piefix (e.g., SICHUP) foi simi-
lai ieasons.
Theie aie othei signals not shown in Table 4.1, most of which aie used to iepoit ob-
scuie eiiois such as "illegal instiuction." The default handling foi signals like that is
to teiminate with a coie dump. Catching and blocking aie geneially allowed because
some piogiams may be smait enough to tiy to clean up whatevei pioblem caused the
eiioi befoie continuing.
The BUS and SEGV signals aie also eiioi signals. We've included them in the table
because they'ie so common: ninety-nine peicent of the time that a piogiam ciashes,
it's ultimately one of these two signals that finally biings it down. By themselves, the
signals aie of no specific diagnostic value. Both of them indicate an attempt to use oi
access memoiy impiopeily.
5
The signals named KIII and STOP cannot be caught, blocked, oi ignoied. The KIII
signal destioys the ieceiving piocess, and STUP suspends its execution until a CUNT
signal is ieceived. CONT may be caught oi ignoied, but not blocked.
TSTP is a "soft" veision of STOP that might be best desciibed as a iequest to stop.
It's the signal geneiated by the teiminal diivei when <Contiol-Z> is typed on the
1ab|e 4.1 S|gna|s every adm|n|strator shou|d know
# Name 0escr|t|on 0efau|t
Can
catch!
Can
b|ock!
0um
core!
1 nuP nangu Jerminate Yes Yes No
2 lNJ lnterrut Jerminate Yes Yes No
3 ulJ uit Jerminate Yes Yes Yes
9 Klll Kill Jerminate No No No
a
buS bus error Jerminate Yes Yes Yes
11 SlCv Segmentation fault Jerminate Yes Yes Yes
15 JlRV Software termination Jerminate Yes Yes No
a
SJ0P Sto Sto No No No
a
JSJP Keyboard sto Sto Yes Yes No
a
C0NJ Continue after sto lgnore Yes No No
a
wlNCn window changed lgnore Yes Yes No
a
uSR1 user-defined Jerminate Yes Yes No
a
uSR2 user-defined Jerminate Yes Yes No
a. varies deending on the hardware architecture, see man 7 s|gna|.
5. Moie specifically, bus eiiois iesuli fiom violaiions of alignmeni iequiiemenis oi ihe use of nonsensical
addiesses. Segmeniaiion violaiions iepieseni pioieciion violaiions such as aiiempis io wiiie io iead-
only poiiions of ihe addiess space.
4.3 Signals 59
keyboaid. Piogiams that catch this signal usually clean up theii state, then send
themselves a STOP signal to complete the stop opeiation. Alteinatively, piogiams
can ignoie TSTP to pievent themselves fiom being stopped fiom the keyboaid.
Teiminal emulatois send a WINCH signal when theii configuiation paiameteis
(such as the numbei of lines in the viitual teiminal) change. This convention allows
emulatoi-savvy piogiams such as text editois to ieconfiguie themselves automati-
cally in iesponse to changes. If you can't get windows to iesize piopeily, make suie
that WINCH is being geneiated and piopagated coiiectly.
6
The signals KIII, INT, TERM, HUP, and QUIT all sound as if they mean appioxi-
mately the same thing, but theii uses aie actually quite diffeient. It's unfoitunate that
such vague teiminology was selected foi them. Heie's a decoding guide:
KIII is unblockable and teiminates a piocess at the keinel level. A piocess

can nevei actually "ieceive" this signal.
INT is the signal sent by the teiminal diivei when you type <Contiol-C>.
It's a iequest to teiminate the cuiient opeiation. Simple piogiams should
quit (if they catch the signal) oi simply allow themselves to be killed, which
is the default if the signal is not caught. Piogiams that have a command-
line should stop what they'ie doing, clean up, and wait foi usei input again.
TERM is a iequest to teiminate execution completely. It's expected that the

ieceiving piocess will clean up its state and exit.
HUP has two common inteipietations. Fiist, it's undeistood as a ieset

iequest by many daemons. If a daemon is capable of ieieading its configu-
iation file and adjusting to changes without iestaiting, a HUP can genei-
ally be used to tiiggei this behavioi.
Second, HUP signals aie sometimes geneiated by the teiminal diivei in an
attempt to "clean up" (i.e., kill) the piocesses attached to a paiticulai tei-
minal. This behavioi is laigely a holdovei fiom the days of wiied teiminals
and modem connections, hence the name "hangup".
Shells in the C shell family (tcsh et al.) usually make backgiound piocesses
immune to HUP signals so that they can continue to iun aftei the usei logs
out. Useis of Bouine-ish shells (ksh, bash, etc.) can emulate this behavioi
with the nohup command.
QUIT is similai to TERM, except that it defaults to pioducing a coie dump

if not caught. A few piogiams cannibalize this signal and inteipiet it to
mean something else.
6. Which may be easiei said ihan done. The ieiminal emulaioi (e.g., xterm), ieiminal diivei, and usei-
level commands may all have a iole in piopagaiing SICWINCH. Common pioblems include sending
ihe signal io a ieiminal's foiegiound piocess only (iaihei ihan io all piocesses associaied wiih ihe iei-
minal) and failing io piopagaie noiificaiion of a size change acioss ihe neiwoik io a iemoie compuiei.
Pioiocols such as TELNET and SSH expliciily iecognize local ieiminal size changes and communicaie
ihis infoimaiion io ihe iemoie hosi. Simplei pioiocols (e.g., diieci seiial lines) cannoi do ihis.
The signals USR1 and USR2 have no set meaning. They'ie available foi piogiams to
use in whatevei way they'd like. Foi example, the Apache web seivei inteipiets the
USR1 signal as a iequest to giacefully iestait.
4.4 kILL AN0 kILLALL. SN0 SI6NALS
As its name implies, the kill command is most often used to teiminate a piocess. kill
can send any signal, but by default it sends a TIRV. kill can be used by noimal useis
on theii own piocesses oi by the supeiusei on any piocess. The syntax is
kII [-siqru| iu
wheie signal is the numbei oi symbolic name of the signal to be sent (as shown in
Table 4.1) and pid is the piocess identification numbei of the taiget piocess. A pid of
-1 bioadcasts the signal to all piocesses except init.
A kill without a signal numbei does not guaiantee that the piocess will die, because
the TERM signal can be caught, blocked, oi ignoied. The command
kII -KILL iu
will "guaiantee" that the piocess will die because signal 9, KILL, cannot be caught.
We put quotes aiound "guaiantee" because piocesses can occasionally become so
wedged that even KIII does not affect them (usually because of some degeneiate I/U
vapoi lock such as waiting foi a disk that has stopped spinning). Rebooting is usually
the only way to get iid of these piocesses.
Most shells have theii own built-in implementation of kill that obeys the syntax de-
sciibed above. Accoiding to the man page foi the stand-alone kill command, the
signal name oi numbei should actually be piefaced with the -s flag (e.g., kill -s HUP
pid). But since some shells don't undeistand this veision of the syntax, we suggest
sticking with the -HUP foim, which the stand-alone kill also undeistands. That way
you needn't woiiy about which veision of kill you'ie actually using.
If you don't know the PII of the piocess you want to signal, you'd noimally look it
up with the ps command, which is desciibed staiting on page 62. Anothei option is
to use the killall command, which peifoims this lookup foi you. Foi example, to
make the xinetd daemon iefiesh its configuiation, you could iun
$ sudo kIIaII -U5R1 xnetd
Note that if multiple piocesses match the stiing you supply, killall will send signals
to all of them.
The vanilla kill command actually has a similai featuie, but it does not seem to be as
smait as killall at matching command names. Stick with killall.
4.5 PkUCSS S1A1S
A piocess is not automatically eligible to ieceive CPU time just because it exists.
You need to be awaie of the foui execution states listed in Table 4.2.
4.6 nice and renice: influence scheduling riority 61
A iunnable piocess is ieady to execute whenevei CPU time is available. It has ac-
quiied all the iesouices it needs and is just waiting foi CPU time to piocess its data.
As soon as the piocess makes a system call that cannot be immediately completed
(such as a iequest to iead pait of a file), Iinux will put it to sleep.
Sleeping piocesses aie waiting foi a specific event to occui. Inteiactive shells and sys-
tem daemons spend most of theii time sleeping, waiting foi teiminal input oi net-
woik connections. Since a sleeping piocess is effectively blocked until its iequest has
been satisfied, it will get no CPU time unless it ieceives a signal.
Some opeiations cause piocesses to entei an uninteiiuptible sleep state. This state
is usually tiansient and not obseived in ps output (indicated by a D in the STAT
column; see page 62). Howevei, a few degeneiate situations can cause it to peisist.
The most common cause involves seivei pioblems on an NFS filesystem mounted
with the "haid" option. Since piocesses in the uninteiiuptible sleep state cannot be
ioused even to seivice a signal, they cannot be killed. To get iid of them, you must
fix the undeilying pioblem oi ieboot.
Zombies aie piocesses that have finished execution but not yet had theii status col-
lected. If you see zombies hanging aiound, check theii PPIIs with ps to find out
wheie they'ie coming fiom.
Stopped piocesses aie administiatively foibidden to iun. Piocesses aie stopped on
ieceipt of a STUP oi TSTP signal and aie iestaited with CUNT. Being stopped is sim-
ilai to sleeping, but theie's no way to get out of the stopped state othei than having
some othei piocess wake you up (oi kill you).
4.6 NIC AN0 kNIC. INILuNC SCh0uLIN6 PkIUkI1
The "niceness" of a piocess is a numeiic hint to the keinel about how the piocess
should be tieated in ielationship to othei piocesses contending foi the CPU. The
stiange name is deiived fiom the fact that it deteimines how nice you aie going to be
to othei useis of the system. A high nice value means a low piioiity foi youi piocess:
you aie going to be nice. A low oi negative value means high piioiity: you aie not
veiy nice. The iange of allowable niceness values is -20 to +19.
Unless the usei takes special action, a newly cieated piocess inheiits the nice value
of its paient piocess. The ownei of the piocess can inciease its nice value but cannot
lowei it, even to ietuin the piocess to the default niceness. This iestiiction pievents
1ab|e 4.2 Process states
State Mean|ng
Runnable Jhe rocess can be executed.
Sleeing Jhe rocess is waiting for some resource.
Zombie Jhe rocess is trying to die.
Stoed Jhe rocess is susended (not allowed to execute).
piocesses with low piioiity fiom beaiing high-piioiity childien. The supeiusei may
set nice values aibitiaiily.
It's iaie to have occasion to set piioiities by hand these days. On the puny systems
of the 1970s and 80s, peifoimance was significantly affected by which piocess was
on the CPU. Today, with moie than adequate CPU powei on most desktops, the
schedulei usually does a good job of seivicing all piocesses. The addition of sched-
uling classes gives developeis additional contiol in cases wheie low iesponse la-
tency is essential.
I/O peifoimance has not kept up with incieasingly fast CPUs, and the majoi bottle-
neck on most systems has become the disk diives. Infoitunately, a piocess's nice
value has no effect on the keinel's management of its memoiy oi I/O; high-nice pio-
cesses can still monopolize a dispiopoitionate shaie of these iesouices.
A piocess's nice value can be set at the time of cieation with the nice command and
adjusted latei with the renice command. nice takes a command line as an aigument,
and renice takes a PII oi a useiname. Confusingly, renice iequiies an absolute pii-
oiity, but nice wants a piioiity increment that it then adds to oi subtiacts fiom the
shell's cuiient piioiity.
Some examples:
$ nce -n 5 ~/bn/Iongtask // oucrs rioriy (ruisc ricc ry 5
$ sudo rence -5 8829 // Scs ricc uuc o 5
$ sudo rence 5 -u boggs // Scs ricc uuc oj roqqss rocs o 5
To complicate things, a veision of nice is built into the C shell and some othei com-
mon shells (but not bash). If you don't type the full path to the nice command, you'll
get the shell's veision iathei than the opeiating system's. This duplication can be
confusing because shell-nice and command-nice use diffeient syntax: the shell
wants its piioiity inciement expiessed as +incr oi -incr, but the stand-alone com-
mand wants an -n flag followed by the piioiity inciement.
7
The most commonly niced piocess in the modein woild is xntpd, the clock synchio-
nization daemon. Since CPU piomptness is ciitical to its mission, it usually iuns at a
nice value about 12 below the default (that is, at a highei piioiity than noimal).
If a piocess goes beiseik and diives the system's load aveiage to 65, you may need to
use nice to stait a high-piioiity shell befoie you can iun commands to investigate the
pioblem. Otheiwise, you may have difficulty iunning even simple commands.
4.7 PS. MUNI1Uk PkUCSSS
ps is the system administiatoi's main tool foi monitoiing piocesses. You can use it
to show the PII, UII, piioiity, and contiol teiminal of piocesses. It also gives infoi-
mation about how much memoiy a piocess is using, how much CPU time it has
7. Actually, it's even woise than this: the stand-alone nice will inteipiet nice -5 io mean a positive inciemeni
of 5, wheieas ihe shell buili-in nice will inieipiei ihis same foim io mean a negative inciemeni of 5.
4.1 s: monitor rocesses 63
consumed, and its cuiient status (iunning, stopped, sleeping, etc.). Zombies show
up in a ps listing as <defunct>.
The behavioi of ps tends to vaiy widely among INIX vaiiants, and many implemen-
tations have become quite complex ovei the last few yeais. In an effoit to accommo-
date people who aie used to othei systems' ps commands, Iinux piovides a tiisexual
and heimaphioditic veision that undeistands many othei implementations' option
sets and uses an enviionment vaiiable to tell it what peisonality to assume.
Io not be alaimed by all this complexity: it's theie mainly foi keinel developeis, not
foi system administiatois. Although you will use ps fiequently, you only need to
know a few specific incantations.
You can obtain a geneial oveiview of all the piocesses iunning on the system with ps
aux. Heie's an example (we iemoved the START column to make the example fit the
page and selected only a sampling of the output lines):
$ ps aux
USLR FlD CFUMLM VSZ RSS TTY STAT TlML COMMAND
roo l 0.l 0.2 33So So0 S 0.00 iri [S|
roo 2 0 0 0 0 SN 0.00 [lsoirqd/0|
roo 3 0 0 0 0 S< 0.00 [evers/0|
roo 4 0 0 0 0 S< 0.00 [lleler|
roo S 0 0 0 0 S< 0.00 [lacid|
roo l8 0 0 0 0 S< 0.00 [lblocld/0|
roo 28 0 0 0 0 S 0.00 [dlusl|
...
roo lo 0 0 0 0 S 0.00 [l]ourrald|
roo l0S0 0 0.l 2oS2 448 S<s 0.00 udevd
roo l42 0 0.3 3048 l008 S<s 0.00 /sbir/dlclier -l
roo lo4o 0 0.3 30l2 l0l2 S<s 0.00 /sbir/dlclier -l
roo l33 0 0 0 0 S 0.00 [l]ourrald|
roo 2l24 0 0.3 3004 l008 Ss 0.00 /sbir/dlclier -l
roo 2l82 0 0.2 22o4 So Ss 0.00 syslod -n 0
roo 2l8o 0 0.l 2S2 484 Ss 0.00 llod -x
rc 220 0 0.2 2824 S80 Ss 0.00 orna
rcuser 222 0 0.2 2l00 o0 Ss 0.00 rc.sad
roo 22o0 0 0.4 Soo8 l084 Ss 0.00 rc.idnad
roo 233o 0 0.2 32o8 SSo Ss 0.00 /usr/sbir/acid
roo 2348 0 0.8 l00 2l08 Ss 0.00 cusd
roo 2384 0 0.o 4080 loo0 Ss 0.00 /usr/sbir/ssld
roo 23 0 0.3 280 828 Ss 0.00 xired -sayalive
roo 24l 0 l.l o 3004 Ss 0.00 serdnail. accei
.
Command names in biackets aie not ieally commands at all but iathei keinel
thieads scheduled as piocesses. The meaning of each field is explained in Table 4.?
on the next page.
Anothei useful set of aiguments is lax, which piovides moie technical infoimation.
It is also slightly fastei to iun because it doesn't have to tianslate eveiy UID to a
useiname-efficiency can be impoitant if the system is alieady bogged down by
some othei piocess.
Shown heie in an abbieviated example, ps lax includes fields such as the paient pio-
cess II (PPII), nice value (NI), and iesouice the piocess is waiting foi (WCHAN).
$ ps Iax
! UlD FlD FFlD FRl Nl VSZ RSS VCHAN STAT TlML COMMAND
4 0 l 0 lo 0 33So So0 selec S 0.00 iri [S|
l 0 2 l 34 l 0 0 lsoi SN 0.00 [lsoirqd/0
l 0 3 l S-l0 0 0 vorler S< 0.00 [evers/0|
l 0 4 3 S-l0 0 0 vorler S< 0.00 [lleler|
S 0 2l8o l lo 0 2S2 484 syslo Ss 0.00 llod -x
S 32 220 l lS 0 2824 S80 - Ss 0.00 orna
S 2 222 l l8 0 2l00 o0 selec Ss 0.00 rc.sad
l 0 22o0 l lo 0 Soo8 l084 - Ss 0.00 rc.idnad
l 0 233o l 2l 0 32o8 SSo selec Ss 0.00 acid
S 0 2384 l l 0 4080 loo0 selec Ss 0.00 ssld
l 0 23 l lS 0 280 828 selec Ss 0.00 xired -sa
S 0 24l l lo 0 o 3004 selec Ss 0.00 serdnail. a
.
1ab|e 4.3 x|anat|on of s aux outut
I|e|d Contents
USLR username of the rocess's owner
FlD Process l0
CFU Percentage of the CPu this rocess is using
MLM Percentage of real memory this rocess is using
VSZ virtual size of the rocess
RSS Resident set size (number of ages in memory)
TTY Control terminal l0
STAT Current rocess status:
R Runnable D ln uninterrutible slee
S Sleeing (< 20 sec) T Jraced or stoed
Z Zombie
Additional flags:
V Process is swaed out
< Process has higher than normal riority
N Process has lower than normal riority
L Some ages are locked in core
s Process is a session leader
START Jime the rocess was started
TlML CPu time the rocess has consumed
COMMAND Command name and arguments
a
a. Programs can modify this info, so it's not necessarily an accurate reresentation of the actual
command line.
4.9 Jhe /roc filesystem 65
4.8 1UP. MUNI1Uk PkUCSSS vN 811k
Since commands like ps offei only a one-time snapshot of youi system, it is often
difficult to giasp the "big pictuie" of what's ieally happening. The top command
piovides a iegulaily updated summaiy of active piocesses and theii use of iesouices.
Foi example:
o - lo.3.08 u l.42, 2 users, load averae. 0.0l, 0.02, 0.0o
Tasls. o oal, l rurrir, 4 sleeir, l soed, 0 zonbie
Cu(s). l.l us, o.3 sy, 0.o ri, 88.o id, 2.l va, 0.l li, l.3 si
Men. 2So044l oal, 2S480l used, l0o4l ree, lS44l buers
Sva. S24280l oal, 0l used, S24280l ree, lS3l2l cacled
FlD USLR FR Nl VlRT RLS SHR S CFU MLM TlML+ COMMAND
3lS roo lS 0 3S43o l2n 48o S 4.0 S.2 0l.4l. X
342l roo 2S l0 2lo lSn 808 S 2.0 o.2 0l.l0.S rlr-ale-ui
l roo lo 0 33So So0 480 S 0.0 0.2 00.00. iri
2 roo 34 l 0 0 0 S 0.0 0 00.00.0 lsoirqd/0
3 roo S -l0 0 0 0 S 0.0 0 00.00. evers/0
4 roo S -l0 0 0 0 S 0.0 0 00.00.0 lleler
S roo lS -l0 0 0 0 S 0.0 0 00.00.0 lacid
l8 roo S -l0 0 0 0 S 0.0 0 00.00.0 lblocld/0
28 roo lS 0 0 0 0 S 0.0 0 00.00.0 dlusl
2 roo lS 0 0 0 0 S 0.0 0 00.00.3 dlusl
3l roo l3 -l0 0 0 0 S 0.0 0 00.00.0 aio/0
l roo lS 0 0 0 0 S 0.0 0 00.00.0 llubd
30 roo lS 0 0 0 0 S 0.0 0 00.00.2 lsvad0
l8 roo o -l0 0 0 0 S 0 0 00.00.0 lnirrord/0
lo roo lS 0 0 0 0 S 0 0 00.0l.3 l]ourrald
...
By default, the display is updated eveiy 10 seconds. The most active piocesses appeai
at the top. top also accepts input fiom the keyboaid and allows you to send signals
and renice piocesses, so you can obseive how youi actions affect the oveiall condi-
tion of the machine.
Root can iun top with the q option to goose it up to the highest possible piioiity.
This can be veiy useful when you aie tiying to tiack down a piocess that has alieady
biought the system to its knees.
4.9 1h /PkUC IILSS1M
The Iinux veisions of ps and top iead theii piocess status infoimation fiom the
/proc diiectoiy, a pseudo-filesystem in which the keinel exposes a vaiiety of intei-
esting infoimation about the system's state. Iespite the name /proc (and the name
of the undeilying filesystem type, "pioc"), the infoimation is not limited to piocess
infoimation-all the status infoimation and statistics geneiated by the keinel aie
iepiesented heie. You can even modify some paiameteis by wiiting to the appiopii-
ate /proc file-see page 874 foi some examples.
Although some of the infoimation is easiest to access thiough fiont-end commands
such as vmstat and ps, some of the less populai infoimation must be iead diiectly
fiom /proc. It's woith poking aiound in this diiectoiy to familiaiize youiself with
eveiything that's theie. man proc also lists some useful tips and tiicks.
Because the keinel cieates the contents of /proc files on the fly (as they aie iead),
most appeai to be empty when listed with ls -l. You'll have to cat oi more the con-
tents to see what they actually contain. But be cautious-a few files contain oi link
to binaiy data that can confuse youi teiminal emulatoi if viewed diiectly.
Piocess-specific infoimation is divided into subdiiectoiies named by PII. Foi ex-
ample, /proc/1 is always the diiectoiy that contains infoimation about init. Table
4.4 lists the most useful pei-piocess files.
The individual components contained within the cmdline and environ files aie
sepaiated by null chaiacteis iathei than newlines. You can filtei theii contents
thiough tr "\000" "\n" to make them moie ieadable.
The fd subdiiectoiy iepiesents open files in the foim of symbolic links. File desciip-
tois that aie connected to pipes oi netwoik sockets don't have an associated file-
name. The keinel supplies a geneiic desciiption as the link taiget instead.
The maps file can be useful foi deteimining what libiaiies a piogiam is linked to oi
depends on.
4.10 S1kAC. 1kAC SI6NALS AN0 SS1M CALLS
On a tiaditional UNIX system, it can be haid to figuie out what a piocess is actually
doing. You may have to make educated guesses based on indiiect data fiom the file-
system and fiom tools such as ps. By contiast, Iinux lets you diiectly obseive a pio-
cess with the strace command, which shows eveiy system call the piocess makes and
1ab|e 4.4 Process |nformat|on f||es |n /roc (numbered subd|rector|es)
I||e Contents
cmd Command or rogram the rocess is executing
cmd||ne
a
Comlete command line of the rocess (null-searated)
cwd Symbolic link to the rocess's current directory
env|ron Jhe rocess's environment variables (null-searated)
exe Symbolic link to the file being executed
fd Subdirectory containing links for each oen file descritor
mas Vemory maing information (shared segments, libraries, etc.)
root Symbolic link to the rocess's root directory (set with chroot)
stat Ceneral rocess status information (best decoded with s)
statm Vemory usage information
a. Vay be unavailable if the rocess is swaed out of memory.
4.11 Runaway rocesses 67
eveiy signal it ieceives. You can even attach strace to a iunning piocess, snoop foi a
while, and then detach fiom the piocess without distuibing it.
8
Although system calls occui at a ielatively low level of abstiaction, you can usually
tell quite a bit about a piocess's activity fiom strace's output. Foi example, the fol-
lowing log was pioduced by strace iun against an active copy of top:
$ sudo strace -p 5810
eineoday( lllol38l4, 2l388l|, 300, 0|) = 0
oer(/roc, O_RDONLY|O_NONBLOCK|O_LARGL!lLL|O_DlRLCTORY) =
sao4(, s_node=S_l!DlR|0SSS, s_size=0, ...|) = 0
crlo4(, !_SLT!D, !D_CLOLXLC) = 0
ederso4(, / 3o erries /, l024) = l0lo
ederso4(, / 3 erries /, l024) = l0lo
sao4(/roc/l, s_node=S_l!DlR|0SSS, s_size=0, ...|) = 0
oer(/roc/l/sa, O_RDONLY) = 8
read(8, l (iri) S 0 0 0 0 -l 4l4So0 3..., l023) = ll
close(8) = 0
...
Not only does strace show you the name of eveiy system call made by the piocess,
but it also decodes the aiguments and shows the iesult code ietuined by the keinel.
In this example, top staits by checking the cuiient time. It then opens and stats the
/proc diiectoiy and ieads the diiectoiy's contents, theieby obtaining a list of pio-
cesses that aie cuiiently iunning. top goes on to stat the diiectoiy iepiesenting the
init piocess and then opens /proc/1/stat to iead the init's status infoimation.
4.11 kuNAwA PkUCSSS
infcrmaticn abcut
runaway prccesses.
Runaway piocesses come in two flavois: usei piocesses that consume excessive
amounts of a system iesouice, such as CPU time oi disk space, and system piocesses
that suddenly go beiseik and exhibit wild behavioi. The fiist type of iunaway is not
necessaiily malfunctioning; it might simply be a iesouice hog. System piocesses aie
always supposed to behave ieasonably.
You can identify piocesses that use excessive CPU time by looking at the output of
ps oi top. If it is obvious that a usei piocess is consuming moie CPU than can iea-
sonably be expected, investigate the piocess. Step one on a seivei oi shaied system is
to contact the piocess's ownei and ask what's going on. If the ownei can't be found,
you will have to do some poking aiound on youi own. Although you should noi-
mally avoid looking into useis' home diiectoiies, it is acceptable when you aie tiy-
ing to tiack down the souice code of a iunaway piocess to find out what it's doing.
Theie aie two ieasons to find out what a piocess is tiying to do befoie tampeiing
with it. Fiist, the piocess may be both legitimate and impoitant to the usei. It's uniea-
sonable to kill piocesses at iandom just because they happen to use a lot of CPU.
8. Well, usually. In some cases, strace can inteiiupt system calls. The monitoied piocess must then be pie-
paied io iesiaii ihem. This is a siandaid iule of UNIX sofiwaie hygiene, bui ii's noi always obseived.
Second, the piocess may be malicious oi destiuctive. In this case, you've got to know
what the piocess was doing (e.g., ciacking passwoids) so you can fix the damage.
If the ieason foi a iunaway piocess's existence can't be deteimined, suspend it with a
STUP signal and send email to the ownei explaining what has happened. The piocess
can be iestaited latei with a CONT signal. Be awaie that some piocesses can be iu-
ined by a long sleep, so this pioceduie is not always entiiely benign. Foi example, a
piocess may wake to find that some of its netwoik connections have been bioken.
If a piocess is using an excessive amount of CPU but appeais to be doing something
ieasonable and woiking coiiectly, you should renice it to a highei nice value (lowei
piioiity) and ask the ownei to use nice in the futuie.
Piocesses that make excessive use of memoiy ielative to the system's physical RAM
can cause seiious peifoimance pioblems. You can check the memoiy size of pio-
cesses by using top. The VIRT column shows the total amount of viitual memoiy
allocated by each piocess, and the RES column shows the poition of that memoiy
that is cuiiently mapped to specific memoiy pages (the "iesident set").
Both of these numbeis can include shaied iesouices such as libiaiies, and that makes
them potentially misleading. A moie diiect measuie of piocess-specific memoiy
consumption is found in the IATA column, which is not shown by default. To add
this column to top's display, type the f key once top is iunning and select IATA fiom
the list. The IATA value indicates the amount of memoiy in each piocess's data and
stack segments, so it's ielatively specific to individual piocesses (modulo shaied
memoiy segments). Iook foi giowth ovei time as well as absolute size.
Runaway piocesses that pioduce output can fill up an entiie filesystem, causing nu-
meious pioblems. When a filesystem fills up, lots of messages will be logged to the
console and attempts to wiite to the filesystem will pioduce eiioi messages.
The fiist thing to do in this situation is to stop the piocess that was filling up the disk.
If you have been keeping a ieasonable amount of bieathing ioom on the disk, you can
be faiily suie that something is amiss when it suddenly fills up. Theie's no command
analogous to ps that will tell you who's consuming disk space at the fastest iate, but
seveial tools can identify files that aie cuiiently open and the piocesses that aie using
them. See the info on fuser and lsof that staits on page 74 foi moie infoimation.
You may want to suspend all suspicious-looking piocesses until you find the one
that's causing the pioblem, but iemembei to iestait the innocents when you aie done.
When you find the offending piocess, iemove the files it was cieating.
An old and well-known piank is to stait an infinite loop fiom the shell that does:
vlile l
nldir adir
cd adir
oucl aile
erd
4.13 lxercises 69
This piogiam occasionally shows up iunning fiom a publicly accessible system that
was inadveitently left logged in. It does not consume much actual disk space, but it
fills up the filesystem's inode table and pievents othei useis fiom cieating new files.
Theie is not much you can do except clean up the afteimath and wain useis to pio-
tect theii accounts. Because the diiectoiy tiee that is left behind by this little jewel is
usually too laige foi rm -r to handle, you may have to wiite a sciipt that descends to
the bottom of the tiee and then iemoves diiectoiies as it backs out.
If the pioblem occuis in /tmp and you have set up /tmp as a sepaiate filesystem, you
can ieinitialize /tmp with mkfs instead of attempting to delete individual files. See
Chaptei 7 foi moie infoimation about the management of filesystems.
4.12 kCUMMN00 kA0IN6
BOVET, IANIEI P. ANI MARCO CESATI. Understanding the Iinux Kernel (3rd Lditicn).
Sebastopol, CA: O'Reilly Media, 2006.
4.13 XkCISS
E4.1 Explain the ielationship between a file's UII and a iunning piocess's ieal
UII and effective UII. Besides file access contiol, what is the puipose of
a piocess's effective UII?
E4.2 Suppose that a usei at youi site has staited a long-iunning piocess that is
consuming a significant fiaction of a machine's iesouices.
a) How would you iecognize a piocess that is hogging iesouices?
b) Assume that the misbehaving piocess might be legitimate and doesn't
deseive to die. Show the commands you would use to put it "on ice"
(stop it tempoiaiily while you investigate).
c) Iatei, you discovei that the piocess belongs to youi boss and must con-
tinue iunning. Show the commands you would use to iesume the task.
d) Alteinatively, assume that the piocess needs to be killed. What signal
would you send, and why? What if you needed to guaiantee that the
piocess died?
E4.3 Find a piocess with a memoiy leak (wiite youi own piogiam if you don't
have one handy). Use ps oi top to monitoi the piogiam's memoiy use as
it iuns.
E4.4 Wiite a simple Peil sciipt that piocesses the output of ps to deteimine the
total VSZ and RSS of the piocesses iunning on the system. How do these
numbeis ielate to the system's actual amount of physical memoiy and
swap space?
70
Ibe l//es,stem
Quick: which of the following would you expect to find in a "filesystem"?
Piocesses
Seiial poits
Keinel data stiuctuies and tuning paiameteis
Inteipiocess communication channels

If the system is Iinux, the answei is "all of the above." And yes, you might find some
files in theie, too.
1
Although the basic puipose of a filesystem is to iepiesent and oiganize the system's
stoiage iesouices, piogiammeis have been eagei to avoid ieinventing the wheel
when it comes to managing othei types of objects. Fiequently, it has pioved to be
natuial and convenient to map these objects into the filesystem namespace. This
unification has some advantages (consistent piogiamming inteiface, easy access
fiom the shell) and some disadvantages (filesystem implementations akin to Fian-
kenstein's monstei), but like it oi not, this is the UNIX (and hence, the Iinux) way.
The filesystem can be thought of as compiising foui main components:
A namespace - a way of naming things and oiganizing them in a hieiaichy
An API
2
- a set of system calls foi navigating and manipulating objects
1. Ii's peihaps moie accuiaie io say ihai ihese eniiiies aie represented wiihin ihe filesysiem. In mosi cases,
the filesystem is used as a rendezvous point to connect clients with the drivers and servers they are seeking.
2. Applicaiion Piogiamming Inieiface, a geneiic ieim foi ihe sei of iouiines ihai a libiaiy, opeiaiing sys-
iem, oi sofiwaie package piovides foi piogiammeis io call.
The Filesystem
71
A secuiity model - a scheme foi piotecting, hiding, and shaiing things
An implementation - software that ties the logical model to actual hardware

NFS, the Netwcrk File
System, is described in
Chapter 1.
Iinux defines an abstiact keinel-level inteiface that accommodates many diffeient
back-end filesystems. Some poitions of the file tiee aie handled by tiaditional disk-
based implementations; otheis aie fielded by sepaiate diiveis within the keinel. Foi
example, NFS filesystems aie handled by a diivei that foiwaids the iequested opeia-
tions to a seivei on anothei computei.
Infoitunately, the aichitectuial boundaiies aie not cleaily diawn, and theie aie quite
a few special cases. Foi example, device files piovide a way foi piogiams to commu-
nicate with diiveis inside the keinel. They aie not ieally data files, but they'ie han-
dled by the basic filesystem diivei and theii chaiacteiistics aie stoied on disk. Pei-
haps the details would be somewhat diffeient if the filesystem weie ieimplemented
in light of the last few decades' expeiience.
See www.namesys.ccm
fcr mcre infcrmaticn
abcut ReiserFS.
Anothei complicating (but ultimately beneficial) factoi is that Iinux suppoits moie
than one type of disk-based filesystem. In the modein best-of-bieed categoiy aie the
ext3fs filesystem that seives as most distiibutions' default, along with ReiseiFS, JFS
fiom IBM, and XFS fiom SCI. The oldei ext2fs, piecuisoi to ext?fs, is still suppoited
by all distiibutions and will iemain suppoited foi a long time.
Theie aie also many implementations of foieign filesystems, such as the FAT and
NTFS filesystems used by Miciosoft Windows and the ISO 9660 filesystem used on
CD-ROMs. Iinux suppoits moie types of filesystem than any othei vaiiant of UNIX.
Its extensive menu of choices gives you lots of flexibility and makes it easy to shaie
files with othei systems.
The filesystem is a iich topic that we appioach fiom seveial diffeient angles. This
chaptei tells wheie to find things on youi system and desciibes the chaiacteiistics of
files, the meanings of peimission bits, and the use of some basic commands that view
and set attiibutes. Chaptei 7, Adding u Iisk, is wheie you'll find the moie technical
filesystem topics such as disk paititioning. Chaptei 16, 1he Netwcrk File System, de-
sciibes the file shaiing systems that aie commonly used with Iinux. You may also
want to iefei to Chaptei 26, Cccperating with Windcws, which discusses the softwaie
Iinux systems use to shaie filesystems with computeis iunning Miciosoft Windows.
With so many diffeient filesystem implementations available foi Iinux, it may seem
stiange that this chaptei ieads as if theie weie only a single Iinux filesystem. We can
be vague about the implementations because most modein filesystems eithei tiy to
piovide the tiaditional filesystem functionality in a fastei and moie ieliable mannei
oi they add extia featuies as a layei on top of the standaid filesystem semantics.
(Some filesystems do both.) Foi bettei oi woise, too much existing softwaie depends
on the model desciibed in this chaptei foi that model to be discaided.
72 Chater 5 - Jhe lilesystem
5.1 PA1hNAMS
The filesystem is piesented as a single unified hieiaichy
?
that staits at the diiectoiy /
and continues downwaid thiough an aibitiaiy numbei of subdiiectoiies. / is also
called the ioot diiectoiy.
The list of diiectoiies that must be tiaveised to locate a paiticulai file, togethei with
its filename, foim a pathname. Pathnames can be eithei absolute (/tmp/foo) oi
ielative (book4/filesystem). Relative pathnames aie inteipieted staiting at the cui-
ient diiectoiy. You might be accustomed to thinking of the cuiient diiectoiy as a
featuie of the shell, but eveiy piocess has one.
The teims file, filename, pathname, and path aie moie oi less inteichangeable (oi at
least, we use them inteichangeably in this book). Filename and path can be used foi
both absolute and ielative paths; pathname geneially suggests an absolute path.
The filesystem can be aibitiaiily deep. Howevei, each component of a pathname
must have a name no moie than 255 chaiacteis long, and a single path may not con-
tain moie than 4,095 chaiacteis. To access a file with a pathname longei than this,
you must cd to an inteimediate diiectoiy and use a ielative pathname.
4
The naming of files and diiectoiies is essentially uniestiicted, except that names aie
limited in length and must not contain the slash chaiactei oi nulls. In paiticulai,
spaces aie peimitted. Unfoitunately, UNIX has a long tiadition of sepaiating com-
mand-line aiguments at whitespace, so legacy softwaie tends to bieak when spaces
appeai within filenames.
Spaces in filenames weie once found piimaiily on filesystems shaied with Macs and
PCs, but they have now metastasized into Iinux cultuie and aie found in some stan-
daid softwaie packages as well. No two ways about it: administiative sciipts must be
piepaied to deal with spaces.
In the shell and in sciipts, spaceful filenames can be quoted to keep theii pieces
togethei. Foi example, the command
$ Iess "My exceIIent fIe.txt"
pieseives My excellent file.txt as a single aigument to less. You can also escape
individual spaces with a backslash. The filename completion featuie of the common
shells (usually bound to the <Tab> key) does this foi you.
When you aie wiiting sciipts, a useful weapon to know about is find's -print0 op-
tion. In combination with xargs -0, this option makes the find/xargs combination
woik coiiectly iegaidless of the whitespace contained within filenames. Foi exam-
ple, the command
3. The single-hieiaichy sysiem diffeis fiom ihai used by Windows, which ieiains ihe concepi of disk-spe-
cific namespaces.
4. In case ihis isn'i cleai: mosi filesysiem disk foimais do noi ihemselves impose a limii on ihe ioial
lengih of paihnames. Howevei, ihe sysiem calls ihai access ihe filesysiem do noi allow iheii siiing
aigumenis io be longei ihan 4,095 chaiacieis.
5.2 lilesystem mounting and unmounting 73
$ fnd /home -sze +1M -prnt0 [ xargs -0 Is -I
piints a long ls listing of eveiy file in the /home paitition ovei one megabyte in size.
5.2 IILSS1M MUuN1IN6 AN0 uNMUuN1IN6
The filesystem is composed of smallei chunks-also called filesystems-each of
which consists of one diiectoiy and its subdiiectoiies and files. It's noimally appai-
ent fiom the context which type of "filesystem" is being discussed, but foi claiity, we
use the teim "file tiee" to iefei to the oveiall layout of the filesystem and ieseive the
woid "filesystem" foi the chunks attached to the tiee.
Most filesystems aie disk paititions, but as we mentioned eailiei, they can be any-
thing that obeys the piopei API: netwoik file seiveis, keinel components, memoiy-
based disk emulatois, etc. Iinux even has a nifty "loopback" filesystem that lets you
mount individual files as if they weie distinct devices.
Filesystems aie attached to the tiee with the mount command. mount maps a di-
iectoiy within the existing file tiee, called the mount point, to the ioot of the newly
attached filesystem. The pievious contents of the mount point become inaccessible
as long as anothei filesystem is mounted theie. Mount points aie usually empty di-
iectoiies, howevei.
Foi example,
= mount /dev/hda4 /users
installs the filesystem stoied on the disk paitition iepiesented by /dev/hda4 undei
the path /users. You could then use ls /users to see that filesystem's contents.
A list of the filesystems that aie customaiily mounted on a paiticulai system is kept
in the /etc/fstab file. The infoimation contained in this file allows filesystems to be
checked (fsck -A) and mounted (mount -a) automatically at boot time. It also seives
as documentation foi the layout of the filesystems on disk and enables shoit com-
mands such as mount /usr (the location of the filesystem to mount is looked up in
fstab). See page 127 foi a complete discussion of the fstab file.
Filesystems aie detached with the umount command. You cannot unmount a filesys-
tem that is "busy"; theie must not be any open files oi piocesses whose cuiient di-
iectoiies aie located theie, and if the filesystem contains executable piogiams, they
cannot be iunning.
Iinux keinels 2.4.11 and above define a "lazy" unmount option (invoked with
umount -l) that iemoves the filesystem fiom the naming hieiaichy but does not
tiuly unmount it until all existing file iefeiences have been closed. It's debatable
whethei this a useful option. To begin with, theie's no guaiantee that existing iefei-
ences will evei close on theii own. In addition, the "semi-unmounted" state can
piesent inconsistent filesystem semantics to the piogiams that aie using it; they can
iead and wiite thiough existing file handles but cannot open new files oi peifoim
othei filesystem opeiations.
If the keinel complains that a filesystem you aie tiying to unmount is busy, you can
iun fuser to find out why. When invoked with the -mv flags and a mount point, fuser
displays eveiy piocess that's using a file oi diiectoiy on that filesystem:
$ fuser -mv /usr
USLR FlD ACCLSS COMMAND
/usr roo 444 ....n ad
roo 4 ....n ssld
roo S20 ....n ld
. . .
The lettei codes in the ACCESS column show what each piocess is doing to inteifeie
with youi unmounting attempt. Table 5.1 desciibes the meaning of each code.
To deteimine exactly what the offending piocesses aie, just iun ps with the list of
PIIs ietuined by fuser. Foi example,
$ ps -fp "444 499 520"
UlD FlD FFlD C STlML TTY TlML CMD
daenor 444 l 0 Arll 00.00.00 /usr/sbir/ad
roo 4 l 0 Arll 00.00.23 /usr/sbir/ssld
l S20 l 0 Arll 00.00.00 [ld|
The quotation maiks foice the shell to pass the list of PIIs to ps as a single aigument.
fuser can also iepoit on the use of specific files (as opposed to entiie filesystems); the
syntax is fuser -v filename. fuser also accepts the -k option to kill (oi send a signal
to) each of the offending piocesses. Iangeious-and you must be ioot (oi use sudo;
see page 48).
An alteinative to fuser is the lsof utility by Vic Abell of Puidue Univeisity. It iuns on
many diffeient UNIX and Iinux vaiiants, making it especially useful to call fiom
sciipts that must iun on a vaiiety of systems. lsof is a moie complex and sophisti-
cated piogiam than fuser, and its output is coiiespondingly veibose.
Sciipts in seaich of specific pieces of infoimation also have the option to iead files in
/proc diiectly. Howevei, lsof -F, which foimats lsof 's output foi easy paising, is an
easiei and moie poitable solution. Use additional command-line flags to iequest
just the infoimation you need.
1ab|e 5.1 Act|v|ty codes shown by fuser
Code Mean|ng
Jhe rocess has a file oen for reading or writing.
c Jhe rocess's current directory is on the filesystem.
e Jhe rocess is currently executing a file.
r Jhe rocess's root directory (set with chroot) is on the filesystem.
n Jhe rocess has maed a file or shared library (usually an inactive executable).
5.3 Jhe organization of the file tree 75
5.3 1h Uk6ANI2A1IUN UI 1h IIL 1k
Filesystems in the INIX family have nevei been veiy well oiganized. Vaiious incom-
patible naming conventions aie used simultaneously, and diffeient types of files aie
scatteied iandomly aiound the namespace. In many cases, files aie divided by func-
tion and not by how likely they aie to change, making it difficult to upgiade the
opeiating system. The /etc diiectoiy, foi example, contains some files that aie nevei
customized and some that aie entiiely local. How do you know which files to pieseive
duiing the upgiade? Well, you just have to know...
Innovations such as /var have helped solve a few pioblems, but most systems aie still
a disoiganized mess. Neveitheless, theie's a cultuially coiiect place foi eveiything.
It's paiticulaily impoitant not to mess with the default stiuctuie of the file tiee undei
Iinux because softwaie packages and theii installation tools often make bioad as-
sumptions about the locations of files (as do othei sysadmins!).
See Chapter 28 fcr
mcre infcrmaticn
abcut ccnfiguring
the kernel.
The ioot filesystem includes the ioot diiectoiy and a minimal set of files and subdi-
iectoiies. The file containing the keinel lives within the ioot filesystem in the /boot
diiectoiy; its name noimally staits with vmlinuz.
5
Also pait of the ioot filesystem
aie /dev foi device files (except /dev/pts, which is mounted sepaiately), /etc foi ciit-
ical system files, /sbin and /bin foi impoitant utilities, and sometimes /tmp foi
tempoiaiy files.
See page 124 fcr scme
reascns why partiticn-
ing might be desirable
and scme rules cf
thumb tc guide it.
The diiectoiies /usr and /var aie also of gieat impoitance. /usr is wheie most stan-
daid piogiams aie kept, along with vaiious othei booty such as on-line manuals and
most libiaiies. It is not stiictly necessaiy that /usr be a sepaiate filesystem, but foi
convenience in administiation it often is. Both /usr and /var must be available to
enable the system to come up all the way to multiusei mode.
/var houses spool diiectoiies, log files, accounting infoimation, and vaiious othei
items that giow oi change iapidly and vaiy on each host. Since /var contains log
files, which aie apt to giow in times of tiouble, it's a good idea to put /var on its own
filesystem if that is piactical.
Home diiectoiies of useis aie often kept on a sepaiate filesystem, usually mounted
in the ioot diiectoiy. Sepaiate filesystems can also be used to stoie bulky items such
as souice code libiaiies and databases.
Some of the moie impoitant standaid diiectoiies aie listed in Table 5.2 on the next
page (alteinate iows aie shaded to impiove ieadability).
The evolving Filesystem Hieiaichy Standaid (www.pathname.com/fhs) attempts to
codify, iationalize, and explain the standaid diiectoiies. It's an excellent iesouice to
consult when you'ie tiying to figuie out wheie to put something. We discuss some
additional iules and suggestions foi the design of local hieiaichies on page 258.
5. Ii was once common foi /boot io be a sepaiaie filesysiem, mosily because ihe keinel had io be locaied
neai ihe beginning of ihe booi disk io be accessible io ihe BIOS. Modein PCs no longei have ihis piob-
lem, and /boot is moie iypically paii of ihe iooi filesysiem.
5.4 IIL 1PS
Linux defines seven types of files. Even when developeis add something new and
wondeiful to the file tiee (such as the piocess infoimation listed undei /proc), it
must still be made to look like one of these seven types:
Regulai files
Iiiectoiies
Chaiactei device files

1ab|e 5.2 Standard d|rector|es and the|r contents
Pathname Contents
/b|n Commands needed for minimal system oerability
/boot Kernel and files needed to load the kernel
/dev 0evice entries for disks, rinters, seudo-terminals, etc.
/etc Critical startu and configuration files
/home nome directories for users
/||b libraries and arts of the C comiler
/med|a Vount oints for filesystems on removable media
/ot 0tional alication software ackages (not yet widely used)
/roc lnformation about all running rocesses
/root nome directory of the sueruser (often just /)
/sb|n Commands for booting, reairing, and recovering the system
/tm Jemorary files that may disaear between reboots
/usr nierarchy of secondary files and commands
/usr/b|n Vost commands and executable files
/usr/|nc|ude neader files for comiling C rograms
/usr/||b libraries, also, suort files for standard rograms
/usr/|oca| local software (software you write or install)
/usr/|oca|/b|n local executables
/usr/|oca|/etc local system configuration files and commands
/usr/|oca|/||b local suort files
/usr/|oca|/sb|n Statically linked local system maintenance commands
/usr/|oca|/src Source code for /usr/|oca|/"
/usr/man 0n-line manual ages
/usr/sb|n less essential commands for system administration and reair
/usr/share ltems that might be common to multile systems (read-only)
/usr/share/man 0n-line manual ages
/usr/src Source code for nonlocal software ackages (not widely used)
/var System-secific data and configuration files
/var/adm varies: logs, system setu records, strange administrative bits
/var/|og various system log files
/var/soo| Sooling directories for rinters, mail, etc.
/var/tm Vore temorary sace (reserved between reboots)
5.4 lile tyes 77
Block device files
Iocal domain sockets
Named pipes (FIFOs)
Symbolic links
You can deteimine the type of an existing file with ls -ld. The fiist chaiactei of the ls
output encodes the type. The following example demonstiates that /usr/include is a
diiectoiy:
$ Is -Id /usr/ncIude
drvxr-xr-x 2 roo roo 40o [ul lS 20.S /usr/irclude
ls uses the codes shown in Table 5.? to iepiesent the vaiious types of files.
As you can see fiom Table 5.?, rm is the univeisal tool foi deleting files you don't
want anymoie. But how would you delete a file named, say, -f? It's a peifectly legiti-
mate filename undei most filesystems, but rm -f doesn't woik because the -f is intei-
pieted as an rm flag. The answer is either to refer to the file by a more complete path-
name (such as ./-f) oi to use rm's -- aigument to tell it that eveiything that follows is
a filename and not an option (i.e., rm -- -f).
Filenames that contain contiol chaiacteis piesent a similai pioblem since iepioduc-
ing these names fiom the keyboaid can be difficult oi impossible. In this situation,
you can use shell globbing (pattein matching) to identify the files to delete. When
you use pattein matching, it's a good idea to get in the habit of using the -i option to
rm to make rm confiim the deletion of each file. This featuie piotects you against
deleting any "good" files that youi pattein inadveitently matches. Foi example, to
delete a file named foo<Contiol-I>bar, you could use
$ Is
oobar oose lde-roo
$ rm - foo
rn. renove `oo'004bar' y
rn. renove `oose' n
1ab|e 5.3 II|e-tye encod|ng used by |s
I||e tye Symbo| Created by kemoved by
Regular file - editors, c, etc. rm
0irectory d mkd|r rmd|r, rm -r
Character device file c mknod rm
block device file b mknod rm
local domain socket s socket(2) rm
Named ie mknod rm
Symbolic link l |n -s rm
Note that ls shows the contiol chaiactei as a question maik, which can be a bit de-
ceptive.
6
If you don't iemembei that ? is a shell pattein-matching chaiactei and tiy
to rm foo?bar, you might potentially iemove moie than one file (although not in
this example). -i is youi fiiend!
To delete the most hoiiibly named files, you may need to iesoit to rm -i *.
Anothei option foi iemoving files with squiiiely names is to use an alteinative intei-
face to the filesystem such as emacs's diied mode oi a visual tool such as Nautilus.
kegu|ar f||es
A iegulai file is just a bag o' bytes; Iinux imposes no stiuctuie on its contents. Text
files, data files, executable piogiams, and shaied libiaiies aie all stoied as iegulai
files. Both sequential and iandom access aie allowed.
0|rector|es
A diiectoiy contains named iefeiences to othei files. You can cieate diiectoiies with
mkdir and delete them with rmdir if they aie empty. You can delete nonempty di-
iectoiies with rm -r.
The special entiies "." and ".." iefei to the diiectoiy itself and to its paient diiectoiy;
they may not be iemoved. Since the ioot diiectoiy has no paient diiectoiy, the path
"/.." is equivalent to the path "/." (and both aie equivalent to /).
A file's name is stoied within its paient diiectoiy, not with the file itself. In fact, moie
than one diiectoiy (oi moie than one entiy in a single diiectoiy) can iefei to a file at
one time, and the iefeiences can have diffeient names. Such an aiiangement cieates
the illusion that a file exists in moie than one place at the same time.
These additional iefeiences ("links") aie indistinguishable fiom the oiiginal file; as
fai as Iinux is conceined, they aie equivalent. Iinux maintains a count of the num-
bei of links that point to each file and does not ielease the file's data blocks until its
last link has been deleted. Iinks cannot cioss filesystem boundaiies.
Refeiences of this soit aie usually called "haid links" these days to distinguish them
fiom symbolic links, which aie desciibed below. You cieate haid links with ln and
iemove them with rm.
It's easy to iemembei the syntax of ln if you keep in mind that it miiiois that of cp.
The command cp oldfile newfile cieates a copy of oldfile called newfile, and ln
oldfile newfile makes the name newfile an additional iefeience to oldfile.
It is impoitant to undeistand that haid links aie not a distinct type of file. Instead of
defining a sepaiate "thing" called a haid link, the filesystem simply allows moie than
one diiectoiy entiy to point to a file. In addition to the file's contents, the undeilying
attiibutes of the file (such as owneiships and peimissions) aie also shaied.
6. ls -b shows ihe special chaiacieis as ocial numbeis, which can be helpful if you need io ideniify ihem
specifically. <Coniiol-A> is 1 (\001 in ocial), <Coniiol-B> is 2, and so on.
5.4 lile tyes 79
Character and b|ock dev|ce f||es
See Chapter 28 fcr
mcre infcrmaticn
abcut devices and
drivers.
Ievice files allow piogiams to communicate with the system's haidwaie and peiiph-
eials. When the keinel is configuied, modules that know how to communicate with
each of the system's devices aie linked in.
7
The module foi a paiticulai device, called
a device diivei, takes caie of the messy details of managing the device.
Ievice diiveis piesent a standaid communication inteiface that looks like a iegulai
file. When the keinel is given a iequest that iefeis to a chaiactei oi block device file,
it simply passes the iequest to the appiopiiate device diivei. It's impoitant to distin-
guish device files fiom device drivers, howevei. The files aie just iendezvous points
that aie used to communicate with the diiveis. They aie not the diiveis themselves.
Chaiactei device files allow theii associated diiveis to do theii own input and out-
put buffeiing. Block device files aie used by diiveis that handle I/O in laige chunks
and want the keinel to peifoim buffeiing foi them. In the past, a few types of haid-
waie weie iepiesented by both block and chaiactei device files, but that configuia-
tion is iaie today.
Device files aie chaiacteiized by two numbeis, called the majoi and minoi device
numbeis. The majoi device numbei tells the keinel which diivei the file iefeis to, and
the minoi device numbei typically tells the diivei which physical unit to addiess.
Foi example, majoi device numbei 6 on a Iinux system indicates the paiallel poit
diivei. The fiist paiallel poit (/dev/lp0) would have majoi device numbei 6 and
minoi device numbei 0.
Iiiveis can inteipiet the minoi device numbeis that aie passed to them in whatevei
way they please. Foi example, tape diiveis use the minoi device numbei to detei-
mine whethei the tape should be iewound when the device file is closed.
You can cieate device files with mknod and iemove them with rm. Howevei, it's
iaiely necessaiy to cieate device files by hand. Most distiibutions use udev to auto-
matically cieate and iemove device files as haidwaie is detected by the keinel. udev
keeps /dev tidy by limiting the numbei of spuiious device files and by ensuiing that
the device numbeis assigned to files aie consistent with those expected by the keinel.
See Chaptei 28, Drivers and the Kernel, foi moie infoimation.
An oldei sciipt called MAKEDEV makes a good backup foi udev in case you evei
do need to cieate device files by hand. The sciipt encodes the conventional names
and device numbeis foi vaiious classes of device so that you need not look up these
values youiself. Foi example, MAKEDEV pty cieates the device files foi pseudo-
teiminals.
If you evei need to deteimine what majoi and minoi device numbeis aie used by a
diivei, you can find this infoimation in the diivei's man page in section 4 of the
manuals (e.g, man 4 tty).
7. These modules can also be loaded dynamically by ihe keinel.
Loca| doma|n sockets
Sockets aie connections between piocesses that allow them to communicate hygieni-
cally. Iinux piovides seveial diffeient kinds of sockets, most of which involve the use
of a netwoik. Iocal domain sockets aie accessible only fiom the local host and aie
iefeiied to thiough a filesystem object iathei than a netwoik poit. They aie some-
times known as "UNIX domain sockets."
See Chapter 1u fcr
mcre infcrmaticn
abcut syslcg.
Although socket files aie visible to othei piocesses as diiectoiy entiies, they cannot
be iead fiom oi wiitten to by piocesses not involved in the connection. Some stan-
daid facilities that use local domain sockets aie the piinting system, the X Window
System, and syslog.
Iocal domain sockets aie cieated with the socket system call and can be iemoved
with the rm command oi the unlink system call once they have no moie useis.
Named |es
Iike local domain sockets, named pipes allow communication between two pio-
cesses iunning on the same host. They'ie also known as "FIFO files" (FIFO is shoit
foi the phiase "fiist in, fiist out"). You can cieate named pipes with mknod and
iemove them with rm.
Symbo||c ||nks
A symbolic oi "soft" link points to a file by name. When the keinel comes upon a
symbolic link in the couise of looking up a pathname, it iediiects its attention to the
pathname stoied as the contents of the link. The diffeience between haid links and
symbolic links is that a haid link is a diiect iefeience, wheieas a symbolic link is a
iefeience by name; symbolic links aie distinct fiom the files they point to.
You cieate symbolic links with ln -s and iemove them with rm. Since they can con-
tain aibitiaiy paths, they can iefei to files on othei filesystems oi to nonexistent files.
Multiple symbolic links can also foim a loop.
A symbolic link can contain eithei an absolute oi a ielative path. Foi example,
= In -s archved/secure /var/Iog/secure
links /var/log/secure to /var/log/archived/secure with a relative path. It cieates the
symbolic link /var/log/secure with a taiget of "archived/secure", as demonstrated
by this output from ls:
$ Is -I /var/Iog/secure
lrvxrvxrvx l roo roo l8 200S-0-0S l2.S4 /var/lo/secure -> arclived/secure
8
The entiie /var/log diiectoiy could be moved somewheie else without causing the
symbolic link to stop woiking (not that moving this diiectoiy is advisable).
8. The file peimissions ihai ls shows foi a symbolic link, lrvxrvxrvx, aie dummy values. Peimission io
cieaie, iemove, oi follow ihe link is coniiolled by ihe coniaining diiecioiy, wheieas iead, wiiie, and
execuie peimission on ihe link iaigei aie gianied by ihe iaigei's own peimissions. Theiefoie, symbolic
links do noi need (and do noi have) any peimission infoimaiion of iheii own.
5.5 lile attributes 81
It is a common mistake to think that the fiist aigument to ln -s has something to do
with youi cuiient woiking diiectoiy. It is nct iesolved as a filename by ln; it's simply
used veibatim as the taiget of the symbolic link.
5.5 IIL A11kI8u1S
Indei the tiaditional INIX and Iinux filesystem model, eveiy file has a set of nine
peimission bits that contiol who can iead, wiite, and execute the contents of the file.
Togethei with thiee othei bits that piimaiily affect the opeiation of executable pio-
giams, these bits constitute the file's "mode."
The twelve mode bits aie stoied togethei with foui bits of file-type infoimation. The
foui file-type bits aie set when the file is fiist cieated and cannot be changed, but the
file's ownei and the supeiusei can modify the twelve mode bits with the chmod
(change mode) command. Use ls -l (oi ls -ld foi a diiectoiy) to inspect the values of
these bits. An example is given on page 82.
1he erm|ss|on b|ts
Nine peimission bits deteimine what opeiations may be peifoimed on a file and by
whom. Tiaditional UNIX does not allow peimissions to be set pei-usei (although
Iinux now suppoits access contiol lists in all majoi filesystems; see page 88). In-
stead, thiee sets of peimissions define access foi the ownei of the file, the gioup
owneis of the file, and eveiyone else. Each set has thiee bits: a iead bit, a wiite bit,
and an execute bit.
It's convenient to discuss file peimissions in teims of octal (base 8) numbeis because
each digit of an octal numbei iepiesents thiee bits and each gioup of peimission
bits consists of thiee bits. The topmost thiee bits (with octal values of 400, 200, and
100) contiol access foi the ownei. The second thiee (40, 20, and 10) contiol access
foi the gioup. The last thiee (4, 2, and 1) contiol access foi eveiyone else ("the
woild"). In each tiiplet, the high bit is the iead bit, the middle bit is the wiite bit, and
the low bit is the execute bit.
Each usei fits into only one of the thiee peimission sets. The peimissions used aie
those that aie most specific. Foi example, the ownei of a file always has access detei-
mined by the ownei peimission bits and nevei the gioup peimission bits. It is possi-
ble foi the "othei" and "gioup" categoiies to have moie access than the ownei, al-
though this configuiation is iaiely used.
On a iegulai file, the iead bit allows the file to be opened and iead. The wiite bit
allows the contents of the file to be modified oi tiuncated; howevei, the ability to
delete oi iename (oi delete and then iecieate!) the file is contiolled by the peimis-
sions on its paient diiectoiy, because that is wheie the name-to-dataspace mapping
is actually stoied.
The execute bit allows the file to be executed. Theie aie two types of executable files:
binaiies, which the CPU iuns diiectly, and sciipts, which must be inteipieted by a
shell oi some othei piogiam. By convention, sciipts begin with a line similai to
='/usr/bir/erl
that specifies an appiopiiate inteipietei. Nonbinaiy executable files that do not spec-
ify an inteipietei aie assumed (by youi shell) to be bash oi sh sciipts.
9
Foi a diiectoiy, the execute bit (often called the "seaich" oi "scan" bit in this context)
allows the diiectoiy to be enteied oi passed thiough while a pathname is evaluated,
but not to have its contents listed. The combination of iead and execute bits allows
the contents of the diiectoiy to be listed. The combination of wiite and execute bits
allows files to be cieated, deleted, and ienamed within the diiectoiy.
1he setu|d and setg|d b|ts
The bits with octal values 4000 and 2000 aie the setuid and setgid bits. When set on
executable files, these bits allow piogiams to access files and piocesses that would
otheiwise be off-limits to the usei that iuns them. The setuid/setgid mechanism foi
executables is desciibed on page 45.
When set on a diiectoiy, the setgid bit causes newly cieated files within the diiectoiy
to take on the gioup owneiship of the diiectoiy iathei than the default gioup of the
usei that cieated the file. This convention makes it easiei to shaie a diiectoiy of files
among seveial useis, as long as they all belong to a common gioup. This inteipieta-
tion of the setgid bit is unielated to its meaning when set on an executable file, but
theie is nevei any ambiguity as to which meaning is appiopiiate.
You can also set the setgid bit on nonexecutable plain files to iequest special locking
behavioi when the file is opened. Howevei, we've nevei seen this featuie used.
1he st|cky b|t
The bit with octal value 1000 is called the sticky bit. It was of histoiical impoitance as
a modifiei foi executable files on eaily UNIX systems. Howevei, that meaning of the
sticky bit is now obsolete and modein systems silently ignoie it.
If the sticky bit is set on a diiectoiy, the filesystem won't allow you to delete oi iename
a file unless you aie the ownei of the diiectoiy, the ownei of the file, oi the supeiusei.
Having wiite peimission on the diiectoiy is not enough. This convention helps make
diiectoiies like /tmp a little moie piivate and secuie.
v|ew|ng f||e attr|butes
The filesystem maintains about foity sepaiate pieces of infoimation foi each file, but
most of them aie useful only to the filesystem itself. As a system administiatoi, you
9. The keinel undeisiands ihe #! ("shebang") syniax and acis on ii diiecily. Howevei, if ihe inieipieiei is
noi specified compleiely and coiiecily, ihe keinel will iefuse io execuie ihe file. The shell ihen makes a
second aiiempi io execuie ihe sciipi by calling sh.
will be conceined mostly with the link count, ownei, gioup, mode, size, last access
time, last modification time, and type. You can inspect all of these with ls -l (oi ls -ld
foi a diiectoiy).
An attiibute change time is also maintained foi each file. The conventional name foi
this time (the "ctime," shoit foi "change time") leads some people to believe that it is
the file's cieation time. Infoitunately, it is not; it just iecoids the time that the at-
tiibutes of the file (ownei, mode, etc.) weie last changed (as opposed to the time at
which the file's contents weie modified).
Considei the following example:
$ Is -I /bn/gzp
-rvxr-xr-x 3 roo roo Sl3o [ur lS 2004 /bir/zi
The fiist field specifies the file's type and mode. The fiist chaiactei is a dash, so the
file is a iegulai file. (See Table 5.? on page 77 foi othei codes.)
The next nine chaiacteis in this field aie the thiee sets of peimission bits. The oidei
is ownei-gioup-othei, and the oidei of bits within each set is iead-wiite-execute.
Although these bits have only binaiy values, ls shows them symbolically with the let-
teis i, w, and x foi iead, wiite, and execute. In this case, the ownei has all peimissions
on the file and eveiyone else has only iead and execute peimission.
If the setuid bit had been set, the x iepiesenting the ownei's execute peimission
would have been ieplaced with an s, and if the setgid bit had been set, the x foi the
gioup would also have been ieplaced with an s. The last chaiactei of the peimissions
(execute peimission foi "othei") is shown as if the sticky bit of the file is tuined on.
If eithei the setuid/setgid bit oi the sticky bit is set but the coiiesponding execute bit
is not, these bits appeai as S oi T.
The next field in the listing is the link count foi the file. In this case it is ?, indicating
that /bin/gzip is just one of thiee names foi this file (the otheis aie /bin/gunzip and
/bin/zcat). Eveiy time a haid link is made to a file, the count is inciemented by 1.
All diiectoiies will have at least two haid links: the link fiom the paient diiectoiy
and the link fiom the special file "." inside the diiectoiy itself. Symbolic links do not
affect the link count.
The next two fields in the ls output aie the ownei and gioup ownei of the file. In this
example, the file's ownei is ioot, and the file also belongs to the gioup named ioot.
The filesystem actually stoies these as the usei and gioup II numbeis iathei than as
names. If the text veisions (names) can't be deteimined, then these fields contain
numbeis. This might happen if the usei oi gioup that owns the file has been deleted
fiom the /etc/passwd oi /etc/group file. It could also indicate a pioblem with youi
NIS oi IIAP database (if you use one); see Chaptei 17.
The next field is the size of the file in bytes. This file is 57,136 bytes long, oi about
56K.
10
Next comes the date of last modification: June 15, 2004. The last field in the
listing is the name of the file, /bin/gzip.
ls output is slightly diffeient foi a device file. Foi example:
$ Is -I /dev/tty0
crv-rv---- l roo roo 4, 0 [ur ll 20.4l /dev/y0
Most fields aie the same, but instead of a size in bytes, ls shows the majoi and minoi
device numbeis. /dev/tty0 is the fiist viitual console, contiolled by device diivei 4
(the teiminal diivei).
One ls option that's useful foi scoping out haid links is -i, which makes ls show each
file's "inode numbei." Without going into too much detail about filesystem imple-
mentations, we'll just say that the inode numbei is an index into a table that enu-
meiates all the files in the filesystem. Inodes aie the "things" that aie pointed to by
diiectoiy entiies; entiies that aie haid links to the same file have the same inode
numbei. To figuie out a complex web of links, you need ls -li to show link counts
and inode numbeis along with find to seaich foi matches.
11
The system automatically keeps tiack of modification time stamps, link counts, and
file size infoimation. Conveisely, peimission bits, owneiship, and gioup owneiship
change only when they aie specifically alteied.
Some othei ls options that aie impoitant to know aie -a to show all entiies in a
diiectoiy (even files whose names stait with a dot), -t to soit files by modification
time (oi -tr to soit in ieveise chionological oidei), -F to show the names of files in a
way that distinguishes diiectoiies and executable files, -R to list iecuisively, and -h
to show file sizes in a human-ieadable foim (e.g., 8K oi S3M).
chmod. change erm|ss|ons
The chmod command changes the peimissions on a file. Only the ownei of the file
and the supeiusei can change its peimissions. To use the command on eaily UNIX
systems, you had to leain a bit of octal notation, but cuiient veisions accept eithei
octal notation oi a mnemonic syntax. The octal syntax is geneially moie convenient
foi administiatois, but it can only be used to specify an absolute value foi the peimis-
sion bits. The mnemonic syntax can modify some bits while leaving otheis alone.
The fiist aigument to chmod is a specification of the peimissions to be assigned,
and the second and subsequent aiguments aie names of files on which peimissions
10. K siands foi kilo, a meiiic piefix meaning 1,000; howevei, compuiei iypes have basiaidized ii inio
meaning 2
10
oi 1,024. Similaily, a compuiei megabyie is noi ieally a million byies bui iaihei 2
20
oi
1,048,576 byies. The Inieinaiional Eleciioiechnical Commission is piomoiing a new sei of numeiic
piefixes (such as kibi- and mebi-) ihai aie based expliciily on poweis of 2. Ai ihis poini, ii seems
unlikely ihai common usage will change. To add io ihe confusion, even ihe powei-of-2 uniis aie noi
used consisienily. RAM is denominaied in poweis of 2, bui neiwoik bandwidih is always a powei of 10.
Sioiage space is quoied in powei-of-10 uniis by manufaciuieis and powei-of-2 uniis by eveiyone else.
11. Tiy find mountpoint -xdev -inum inode -print.
should be changed. In the octal case, the fiist octal digit of the specification is foi the
ownei, the second is foi the gioup, and the thiid is foi eveiyone else. If you want to
tuin on the setuid, setgid, oi sticky bits, you use foui octal digits iathei than thiee,
with the thiee special bits foiming the fiist digit.
Table 5.4 illustiates the eight possible combinations foi each set of thiee bits, wheie
r, v, and x stand foi iead, wiite, and execute.
Foi example, chmod 711 myprog gives all peimissions to the ownei and execute-
only peimission to eveiyone else.
12
The full details of chmod's mnemonic syntax can be found in the chmod man page.
Some examples of mnemonic specifications aie shown in Table 5.5.
The haid pait about using the mnemonic syntax is iemembeiing whethei o stands
foi "ownei" oi "othei"; "othei" is coiiect. Just iemembei u and g by analogy to III
and CII; only one possibility will be left.
You can also specify the modes to be assigned by analogy with an existing file. Foi
example, chmod --reference=filea fileb makes fileb's mode the same as filea's.
chmod can update the file peimissions within a diiectoiy iecuisively with the -R
option. Howevei, this is tiickiei than it looks, since the enclosed files and diiectoiies
may not all shaie the same attiibutes (foi example, some might be executable files
1ab|e 5.4 Perm|ss|on encod|ng for chmod
Ucta| 8|nary Perms Ucta| 8|nary Perms
0 000 4 100 r
1 001 x 5 101 rx
2 010 v 6 110 rv
3 011 vx 1 111 rvx
12. If myprog weie a shell sciipi, ii would need boih iead and execuie peimission iuined on. Foi ihe sciipi
io be iun by an inieipieiei, ii musi be opened and iead like a iexi file. Binaiy files aie execuied diiecily
by ihe keinel and iheiefoie do noi need iead peimission iuined on.
1ab|e 5.5 xam|es of chmod's mnemon|c syntax
Sec Mean|ng
u+w Adds write ermission for the owner of the file
ug=rw,o=r Cives r/w ermission to owner and grou, and read ermission to others
a-x Removes execute ermission for all categories (owner/grou/other)
ug=srx,o= Vakes the file setuid and setgid and gives r/x ermission to the owner
and grou only
g=u Vakes the grou ermissions be the same as the owner ermissions
while otheis aie text files). The mnemonic syntax is paiticulaily useful with -R be-
cause any bits whose values you don't set explicitly aie left alone. Foi example,
$ chmod -R g+w mydr
adds gioup wiite peimission to mydir and all its contents without messing up the
execute bits of diiectoiies and piogiams.
chown. change ownersh| and grou
The chown command changes a file's owneiship and gioup owneiship. Its syntax
miiiois that of chmod, except that the fiist aigument specifies the new ownei and
gioup in the foim user.grcup. You can omit eithei user oi grcup. If theie is no gioup,
you don't need the colon eithei, although you can include it to make chown set the
gioup to user's default gioup. The foim user.grcup is also accepted, foi histoiical
ieasons, although it's a bit degeneiate since useinames can include dots.
To change a file's gioup, you must eithei be the ownei of the file and belong to the
gioup you'ie changing to oi be the supeiusei. You must be the supeiusei to change a
file's ownei.
Like chmod, chown offeis the iecuisive -R flag to change the settings of a diiectoiy
and all the files undeineath it. Foi example, the sequence
= chmod 755 ~matt
= chown -R matt:staff ~matt
might be used to set up the home diiectoiy of a new usei aftei you had copied in the
default staitup files. Make suie that you don't tiy to chown the new usei's dot files
with a command such as
= chown -R matt:staff ~matt/.
The pattein will match ~matt/.. and will theiefoie end up changing the owneiships
of the paient diiectoiy and piobably the home diiectoiies of othei useis.
Tiaditional UNIX uses a sepaiate command, chgrp, to change the gioup ownei of a
file. Iinux has chgrp too. It woiks just like chown; feel fiee to use it if you find it
easiei to iemembei.
umask. ass|gn defau|t erm|ss|ons
You can use the built-in shell command umask to influence the default peimissions
given to the files you cieate. The umask is specified as a thiee-digit octal value that
iepiesents the peimissions to take away. When a file is cieated, its peimissions aie
set to whatevei the cieating piogiam iequests minus whatevei the umask foibids.
Thus, the individual digits of the umask allow the peimissions shown in Table 5.6.
Foi example, umask 027 allows all peimissions foi the ownei but foibids wiite pei-
mission to the gioup and allows no peimissions foi anyone else. The default umask
value is often 022, which denies wiite peimission to the gioup and woild but allows
iead peimission.
See Chapter fcr
mcre infcrmaticn
abcut startup files.
You cannot foice useis to have a paiticulai umask value because they can always
ieset it to whatevei they want. Howevei, you can put a suitable default in the sample
.profile and .cshrc files that you give to new useis.
8onus f|ags
Linux's ext2fs and ext3fs filesystems define some supplemental attiibutes you can
tuin on to iequest special filesystem semantics ("iequest" being the opeiative
woid, since many of the flags haven't actually been implemented). Foi example, one
flag makes a file append-only and anothei makes it immutable and undeletable.
Since these flags don't apply to filesystems other than the ext* series, Iinux uses spe-
cial commands, lsattr and chattr, to view and change them. Table 5.7 lists the flags
that actually woik (cuiiently only about 50% of those mentioned in the man page).
With the possible exception of the "no backup" flag, it's not cleai that any of these
featuies offei much day-to-day value. The immutable and append-only flags weie
laigely conceived as ways to make the system moie iesistant to tampeiing by hackeis
oi hostile code. Unfoitunately, they can confuse softwaie and piotect only against
hackeis that don't know enough to use chattr -ia.
1?
Real-woild expeiience has
shown that these flags aie moie often used by hackeis than against them.
The S and D options foi synchionous wiites also meiit a special caution. Since they
foice all filesystem pages associated with a file oi diiectoiy to be wiitten out imme-
1ab|e 5.6 Perm|ss|on encod|ng for umask
Ucta| 8|nary Perms Ucta| 8|nary Perms
0 000 rvx 4 100 vx
1 001 rv 5 101 v
2 010 rx 6 110 x
3 011 r 1 111
1ab|e 5.7 xt2fs and ext3fs bonus f|ags
I|ag Mean|ng
A Never udate access time (s_aine, for erformance)
a Allow writing only in aend mode (only root can set)
0 lorce directory udates to be written synchronously
d No backumake dum ignore this file
| Vake file immutable and undeletable (only root can set)
j Kee a journal for data changes as well as metadata
S lorce changes to be written synchronously (no buffering)
13. The capabiliiy mechanism desciibed on page 683 can make ii haidei io iuin off ihese biis, bui ihe fea-
iuie is noi widely used.
diately on changes, they might seem to offei additional piotection against data loss
in the event of a ciash. Howevei, the oidei of opeiations foi synchionous updates is
unusual and has been known to confuse fsck; iecoveiy of a damaged filesystem
might theiefoie be made moie difficult iathei than moie ieliable. Filesystem joui-
naling, as suppoited by ext?fs, is usually a bettei option. The j option can foice data
jouinaling foi specific files, albeit at some peifoimance cost.
5.6 ACCSS CUN1kUL LIS1S
The 9-bit ownei/gioup/othei access contiol system has pioved to be poweiful
enough to accommodate most administiative needs. Although the system has cleai
limitations, it's veiy much in keeping with the UNIX tiaditions (some might say,
"foimei tiaditions") of simplicity and piedictability.
Viitually all non-UNIX opeiating systems use a substantially moie complicated way
of iegulating access to files: access contiol lists, oi ACIs. ACIs have no set length
and can include peimission specifications foi multiple useis oi gioups. The moie
sophisticated systems allow administiatois to specify paitial sets of peimissions oi
negative peimissions; some also have inheiitance featuies that allow access to de-
pend on moie than one ACI at a time. These systems aie cleaily moie poweiful than
the tiaditional UNIX model, but they aie also an oidei of magnitude moie complex,
both foi administiatois and foi softwaie developeis.
mount ccmmand and
filesystem mcunting.
As a iesult of effoits to include ACIs in the POSIX specification, many vaiiants of
UNIX have come to suppoit a ielatively standaid ACI mechanism that opeiates in
paiallel with the tiaditional INIX 9-bit model. Indei Iinux, ACIs aie suppoited by
ext2, ext?, ReiseiFS, XFS, and JFS. They aie usually disabled by default; use the -o
acl option to mount to tuin them on.
Foi completeness, we desciibe the Iinux ACI model heie. But don't be seduced by
the pietty colois-ACIs aie not necessaiily "bettei" than tiaditional file peimis-
sions, and knowledgeable administiatois should use them with a degiee of tiepida-
tion. Not only aie they complicated and tiiesome to use, but they can also cause
pioblems in conjunction with NFS, backup systems, and piogiams such as text edi-
tois. ACIs tend towaid entiopy and so become unmaintainable ovei time.
See page 828 fcr
mcre infcrmaticn
abcut Samba.
Peihaps the most plausible ieason foi using ACIs is to inciease compatibility with
othei opeiating systems. In paiticulai, the Samba suite used foi file shaiing with
Windows systems is ACI-awaie and makes a good-faith effoit to tianslate between
the ACIs of Iinux and Windows.
ACL overv|ew
Iinux ACIs aie a mostly stiaightfoiwaid extension of the standaid 9-bit model.
Read, wiite, and execute peimission aie the only capabilities the system deals with.
Embellishments such as the setuid and sticky bits aie handled exclusively thiough
the tiaditional mode bits.
5.6 Access control lists 89
ACIs allow the iwx bits to be set independently foi any combination of useis and
gioups. Table 5.8 shows what the individual entiies in an ACI can look like.
Useis and gioups can be identified by name oi by UII/CII. The exact numbei of
entiies that an ACI can contain vaiies with the filesystem implementation and
ianges fiom a low of 25 with XFS to a viitually unlimited numbei with ReiseiFS and
JFS. The ext2 and ext? filesystems allow ?2 entiies, which is piobably a ieasonable
limit foi manageability in any case.
The getfacl command displays a file's cuiient ACI, and the setfacl command mod-
ifies oi sets it. Use setfacl -b file to cleai the ACI, setfacl -m aclspec file to modify oi
extend it, and setfacl -x aclspec file to delete specific entiies in the list. (Omit the
peimission specification poition of the aclspec when using -x.) The aclspec can con-
tain moie than one list entiy as long as the entiies aie sepaiated with a comma.
Files with ACIs ietain theii oiiginal mode bits, but consistency is automatically en-
foiced and the two sets of peimissions can nevei conflict. The following example
demonstiates that the ACI entiies update automatically in iesponse to changes
made with chmod:
$ touch /tmp/exampIe
$ Is -I /tmp/exampIe
-rv-rv-r-- l arl arl 0 [ur l4 lS.S /n/exanle
$ getfacI /tmp/exampIe
eacl. Renovir leadir '/' ron absolue al ranes
= ile. n/exanle
= ovrer. arl
= rou. arl
user..rv-
rou..rv-
oler..r--
$ chmod 640 /tmp/exampIe
$ getfacI --omt-header /tmp/exampIe
user..rv-
rou..r--
oler..---
1ab|e 5.8 ntr|es that can aear |n an access contro| ||st
Iormat xam|e Sets erm|ss|ons for
user : : etms user..rv- Jhe file's owner
user : usetname: etms user.rer.rv- A secific user
grou: : etms rou..r-x Jhe grou that owns the file
grou: qtouname: etms rou.sa.rv- A secific grou
other: : etms oler..--- All others
mask: : etms nasl..rvx All but owner and other
a
a. Vasks are somewhat tricky and are exlained later in this section.
This enfoiced consistency allows oldei softwaie with no awaieness of ACIs to play
ieasonably well in the ACI woild. Howevei, theie's a twist. Even though the gioup::
ACI entiy in the example above appeais to be tiacking the middle set of tiaditional
mode bits, this will not always be the case.
To undeistand why, suppose that a legacy piogiam cleais the wiite bits within all
thiee peimission sets of the tiaditional mode (e.g., chmod ugo-w file). The inten-
tion is cleaily to make the file unwiitable by anyone. But what if the iesulting ACI
weie to look like this?
user..r--
rou..r--
rou.sa.rv-
oler..r--
Fiom the peispective of legacy piogiams, the file appeais to be unmodifiable, yet it
is actually wiitable by anyone in gioup staff. Not good. To ieduce the chance of am-
biguity and misundeistandings, Iinux has adopted the following iules:
The usei:: and othei:: ACI entiies aie by definition identical to the "ownei"
and "othei" peimission bits fiom the tiaditional file mode. Changing the
mode changes the coiiesponding ACI entiies, and vice veisa.
In all cases, the effective access peimission affoided to the file's ownei and
to useis not mentioned in anothei way aie those specified in the usei:: and
othei:: ACI entiies, iespectively.
If a file has no explicitly defined ACI oi has an ACI that consists only of
one usei::, one gioup::, and one othei:: entiy, these ACI entiies aie identi-
cal to the thiee sets of tiaditional peimission bits. This is the case illus-
tiated in the getfacl example above. (Such an ACI is teimed "minimal"
and need not actually be implemented as a logically sepaiate ACI.)
In moie complex ACIs, the tiaditional gioup peimission bits coiiespond

to a special ACI entiy called "mask" iathei than the gioup:: ACI entiy.
The mask limits the access that the ACI can confei upon all named useis,
all named gioups, and the default gioup.
In othei woids, the mask specifies an uppei bound on the access that the ACI can
assign to individual gioups and useis. It is conceptually similai to the umask, ex-
cept that the ACI mask is always in effect and specifies the allowed peimissions
iathei than the peimissions to be denied. ACI entiies foi named useis, named
gioups, and the default gioup can include peimissions bits that aie not piesent in
the mask, but the keinel simply ignoies them.
As a iesult, the tiaditional mode bits can nevei undeistate the access allowed by the
ACI as a whole. Fuitheimoie, cleaiing a bit fiom the gioup poition of the tiaditional
mode cleais the coiiesponding bit in the ACI mask and theieby foibids this peimis-
sion to eveiyone but the file's ownei and those who fall in the categoiy of "othei."
5.6 Access control lists 91
When the ACI shown in the pievious example is expanded to include entiies foi a
specific usei and gioup, setfacl automatically supplies an appiopiiate mask:
$ setfacI -m user::r,user:trent:rw,group:admn:rw /tmp/exampIe
-r--rv----+ l arl sa 0 [ur l4 lS.S /n/exanle
user..r--
user.rer.rv-
rou..r--
rou.adnir.rv-
nasl..rv-
oler..---
As seen heie, setfacl geneiates a mask that allows all the peimissions gianted in the
ACI to take effect. If you want to set the mask by hand, include it in the ACI entiy list
given to setfacl oi use the -n option to pievent setfacl fiom iegeneiating it.
When access is attempted, the effective UII is compaied to the UII that owns the
file. If they aie the same, access is deteimined by the usei:: peimissions in the ACI.
Otheiwise, if theie is a matching usei-specific ACI entiy, peimissions aie detei-
mined by that entiy in combination with the ACI mask. If no usei-specific entiy is
available, the filesystem tiies to locate a valid gioup-ielated entiy that piovides the
iequested access; such entiies aie also piocessed in conjunction with the ACI mask.
If no matching entiy can be found, the othei:: entiy pievails.
If you use the tiaditional chmod command to manipulate the gioup peimissions on
an ACI-beaiing file, be awaie that youi changes affect only the mask. To continue
the pievious example:
$ chmod 770 /tmp/exampIe
-rvxrvx---+ l arl sa 0 [ur l4 lS.S /n/exanle
user..rvx
user.rer.rv-
rou..r--
rou.adnir.rv-
nasl..rvx
oler..---
The ls output in this case is misleading. Iespite the appaiently geneious gioup pei-
missions, no one actually has peimission to execute the file by ieason of gioup mem-
beiship. To giant such peimission, you must edit the ACI itself.
0efau|t entr|es
In addition to the ACI entiy types listed in Table 5.8, the ACIs foi diiectoiies can
include "default" entiies that aie piopagated to the ACIs of newly cieated files and
subdiiectoiies cieated within them. Subdiiectoiies ieceive these entiies both in the
foim of active ACI entiies and in the foim of defaults. Theiefoie, the oiiginal defaults
may eventually piopagate down thiough seveial layeis of the diiectoiy hieiaichy.
The connection between the paient and child ACIs does not continue once the de-
fault entiies have been copied. If the paient's default entiies change, the changes aie
not ieflected in the ACIs of existing subdiiectoiies.
5.7 XkCISS
E5.1 What is a umask? Cieate a umask that would give no peimissions to the
gioup oi the woild.
E5.2 What is the diffeience between haid links and symbolic (soft) links?
When is it appiopiiate to use one oi the othei?
E5.3 Read the man page foi the /etc/fstab file. Wiite an entiy that automati-
cally mounts a Windows NTFS paitition, /dev/hda1, at staitup. Use the
mount point /mnt/win_c.
E5.4 When installing a Iinux system, it's impoitant to paitition the haid diive
such that each filesystem (/var, /usr, etc.) has adequate space foi both
cuiient and futuie needs. The "Foobai Iinux" distiibution uses the fol-
lowing defaults:
/ 100MB
/var 50MB
/boot 10MB
<swap> 128MB
/usr iemaining space
What aie some potential pioblems with this aiiangement on a busy
seivei box?
E5.5 Why is it a good idea to put some paititions (such as /var, /home, and
swap) on a sepaiate diive fiom othei data files and piogiams? What about
/tmp? Cive specific ieasons foi each of the filesystems listed.
E5.6 Wiite a sciipt that finds all the haid links on a filesystem.
E5.7 Cive commands to accomplish the following tasks.
a) Set the peimissions on the file README to iead/wiite foi the ownei
and iead foi eveiyone else.
b) Tuin on a file's setuid bit without changing (oi knowing) the cuiient
peimissions.
c) Iist the contents of the cuiient diiectoiy, soiting by modification time
and listing the most iecently modified file last.
d) Change the gioup of a file called shared fiom "usei" to "fiiends".
93
4dd/oq hew 0sers

Adding and iemoving useis is a ioutine choie on most systems. These tasks aie sim-
ple, but they aie also boiing; most administiatois build tools to automate the piocess
and then delegate the actual woik to an assistant oi opeiatoi.
These days we aie seeing a iesuigence of centialized seiveis with logon accounts foi
hundieds of people in addition to the distiibuted seivei with as few as two useis.
Administiatois need a thoiough undeistanding of the account system in oidei to
manage netwoik seivices and configuie accounts appiopiiately foi the local com-
puting enviionment.
Account hygiene is also a key deteiminant of system secuiity. Infiequently used ac-
counts aie piime taigets foi attackeis, as aie accounts with easily guessed pass-
woids. Even if you use youi system's automated tools to add and iemove useis, it's
impoitant to undeistand the changes the tools aie making.
In this chaptei we'll fiist examine the undeilying model that the automated tools im-
plement, then desciibe the tools themselves (useradd, userdel, etc.). The default
useradd tool is actually quite good and should be sufficient foi most sites' needs.
Unfoitunately, userdel is not quite as thoiough as we would like.
6.1 1h /1C/PASSw0 IIL
The /etc/passwd file is a list of useis iecognized by the system. The system consults
the file at login time to deteimine a usei's III and home diiectoiy, among othei
Adding New Useis
94 Chater 6 - Adding New users
things. Iach line in the file iepiesents one usei and contains seven fields sepaiated
by colons:
Iogin name
Enciypted passwoid oi passwoid placeholdei (see page 96)
UII (usei II) numbei
Iefault CII (gioup II) numbei
"CECOS" infoimation: full name, office, extension, home phone
Home diiectoiy
Iogin shell
Foi example, the following lines aie all syntactically valid /etc/passwd entiies:
roo.laS!]uGZ2so.0.0.Tle Sysen,,xo0o,././bir/sl
]l.x.l00.0.[in Lare,LCT8-3,,./sa/]l./bir/sl
doy.$l$Ce8QAQl$L.Dv[LViHlVeKTMLX!ZO/.l0l.20. ./lone/doy./bir/csl
These days it is not acceptable to leave enciypted passwoids in plain view. With fast
haidwaie, they can be "ciacked" in minutes. All veisions of UNIX and Linux allow
you to hide the enciypted passwoids by placing them in a sepaiate file that is not
woild-ieadable. This is known as a shadow passwoid mechanism, and it is (appio-
piiately) the default on most systems.
The shadow passwoid system makes moie sense when explained as an extension of
the tiaditional /etc/passwd (as it histoiically was), so we defei oui discussion of this
featuie until page 99. A moie geneial discussion of the secuiity implications of
shadow passwoids can be found on page 678.
The contents of /etc/passwd aie often shaied among systems with a database such
as NIS oi IIAP. See Chaptei 17, Sharing System Files, foi moie infoimation.
The following sections discuss the /etc/passwd fields in moie detail.
Log|n name
See page 511 fcr
mcre infcrmaticn
abcut NIS.
Iogin names (also known as useinames) must be unique and no moie than ?2 chai-
acteis long. They may contain any chaiacteis except colons and newlines. If you use
NIS, login names aie limited to 8 chaiacteis, iegaidless of the opeiating system.
Some oldei veisions of UNIX limit the peimissible chaiacteis to alphanumeiics and
impose an 8-chaiactei length limit. At heteiogeneous sites, it's a good idea to heed
the most iestiictive limits. Such a policy will aveit potential conflicts with oldei soft-
waie and will guaiantee that useis can have the same login name on eveiy machine.
Remembei, just because you have a homogeneous enviionment today doesn't mean
that this will be the case tomoiiow.
Login names aie case sensitive; howevei, RFC822 calls foi case to be ignoied in
email addiesses. We aie not awaie of any pioblems caused by mixed-case login
names, but loweicase names aie tiaditional and also easiei to type.
6.1 Jhe /etc/asswd file 95
Iogin names should be easy to iemembei, so iandom sequences of letteis do not
make good login names. We suggest that you avoid nicknames, even if youi oigani-
zation is ielatively infoimal. They'ie ieally not that much fun, and they tend to diaw
scoin; names like IaikIoid and QTPie belong in fiont of uhotmail.com. Iven if youi
useis have no self-iespect, at least have some thought foi youi site's oveiall ciedibility.
Since login names aie often used as email addiesses, it's useful to establish a stan-
daid way of foiming them. It should be possible foi useis to make educated guesses
about each othei's login names. Fiist names, last names, initials, oi some combina-
tion of these all make ieasonable naming schemes.
infcrmaticn abcut
mail aliases.
Any fixed scheme foi choosing login names eventually iesults in duplicate names oi
names that aie too long, so you will sometimes have to make exceptions. In the case
of a long name, you can use youi mail system's aliasing featuies to equate two vei-
sions of the name, at least as fai as mail is conceined.
Foi example, suppose you use an employee's fiist initial and last name as a paia-
digm. Bient Biowning would theiefoie be bbiowning, which is 9 chaiacteis and
theiefoie potentially incompatible with some systems. Instead, you could assign
the usei the login bientb, leaving bbiowning as an aliases file entiy:
bbrovrir. brerb
If youi site has a global mail alias file, each new login name must be distinct fiom any
alias in this file. If it is not, mail will be deliveied to the alias iathei than the new usei.
It's common foi laige sites to implement a full-name email addiessing scheme (e.g.,
John.Q.Publicumysite.com) that hides login names fiom the outside woild. This is a
fine idea, but it ieally doesn't obviate any of the naming advice given above. If foi no
othei ieason than the sanity of administiatois, it's best if login names have a cleai
and piedictable coiiespondence to useis' actual names.
Login names should be unique in two senses. Fiist, a usei should have the same
login name on eveiy machine. This iule is mostly foi convenience, both youis and
the usei's.
See page 85 fcr a
discussicn cf lcgin
equivalence issues.
Second, a paiticulai login name should always iefei to the same peison. Some com-
mands (e.g., ssh) can be set up to validate iemote useis accoiding to theii login
names. Even if sco@boulder and sco@reue weie two diffeient people, one
might be able to log in to the othei's account without pioviding a passwoid if the
accounts weie not set up piopeily.
Expeiience also shows that duplicate names can lead to email confusion. The mail
system might be peifectly cleai about which sco is which, but useis will often send
mail to the wiong addiess.
ncryted assword
A quick iemindei befoie we jump into the details of passwoids: most systems now
keep enciypted passwoids in /etc/shadow iathei than /etc/passwd. Howevei, the
comments in this section apply iegaidless of wheie passwoids aie actually kept.
Passwoids aie stoied in an enciypted foim. Inless you can execute enciyption algo-
iithms in youi head (we want to meet you), you must eithei set passwoids by using
the passwd command (yppasswd if you use NIS) oi by copying an enciypted pass-
woid stiing fiom anothei account.
If you edit /etc/passwd by hand to cieate a new account, put a stai oi an x in the
enciypted passwoid field. The stai pievents unauthoiized use of the account until
you have set a ieal passwoid. Nevei leave this field empty-that intioduces a jumbo-
sized secuiity hole because no passwoid is iequiied to access the account. Even if
you aie using shadow passwoids, it's wise to be a bit anal ietentive about passwoid
hygiene in the /etc/passwd file. You nevei know when some obsolete piogiam oi
sciipt is going to peek at it in oidei to make some kind of secuiity decision.
1
Vajor Iinux distributions recognize multiple methods of password encryption, and
they can determine the encryption method used for each password by examining the
encrypted data. It isn't necessary for all passwords on the system to use the same form
of encryption.
Most Iinux distiibutions default to using MI5 enciyption. MI5 is slightly ciypto-
giaphically bettei than the foimei IIS standaid, and the VI5 scheme allows pass-
woids of aibitiaiy length. Iongei passwoids aie moie secuie-if you actually use
them. Since the use of MI5 won't huit and might help, we iecommend it foi all
systems that suppoit it.
Inciypted passwoids aie of constant length (34 chaiacteis long foi VI5, 13 foi IIS)
iegaidless of the length of the unenciypted passwoid. Passwoids aie enciypted in
combination with a iandom "salt" so that a given passwoid can coiiespond to many
diffeient enciypted foims. If two useis happen to select the same passwoid, this fact
usually cannot be discoveied by inspection of the enciypted passwoids. MI5 pass-
woids aie easy to spot because they always stait with $1$.
SUSE defaults to Blowfish enciyption foi new passwoids. Iike MI5, this is a stiong
algoiithm and a veiy ieasonable default. Howevei, you can't copy SUSE's Blowfish
passwoids to non-SUSE systems since only SUSE undeistands them. You can iden-
tify Blowfish passwoids by theii piefix of $2a$.
uI0 (user I0) number
UIIs aie unsigned ?2-bit integeis. Howevei, because of inteiopeiability issues with
oldei systems, we suggest limiting the laigest UII at youi site to ?2,767 (the laigest
signed 16-bit integei) if possible.
1. Jon Coibei, one of oui iechnical ievieweis, commenied, "If you don'i know when secuiiiy decisions aie
being made, you'ie alieady in iiouble. Adminisiiaiois should noi be suipiised by such ihings."
6.1 Jhe /etc/asswd file 97
By definition, ioot has UID 0. Most systems also define pseudo-useis bin, daemon,
and lots of otheis. It is customaiy to put such fake logins at the beginning of the
/etc/passwd file and to give them low IIIs; nevei assign these logins a ieal shell. To
allow plenty of ioom foi any nonhuman useis you might want to add in the futuie,
we iecommend that you assign UIIs to ieal useis staiting at 500 (oi highei).
See page 48 fcr
mcre infcrmaticn
abcut sudo.
It is nevei a good idea to have multiple accounts with UID 0. While it might seem
convenient to have multiple ioot logins with diffeient shells oi passwoids, this setup
just cieates moie potential secuiity holes and gives you multiple logins to secuie. If
people need to have alteinate ways to log in as ioot, you aie bettei off if they use a
piogiam such as sudo.
Avoid iecycling UIIs foi as long as possible, even the UIIs of people that have left
youi oiganization and had theii accounts peimanently iemoved. This piecaution
pievents confusion if files aie latei iestoied fiom backups, wheie useis may be iden-
tified by UII iathei than by login name.
See Chapter 1 fcr
mcre infcrmaticn
abcut NFS.
IIIs should be kept unique acioss youi entiie oiganization. That is, a paiticulai III
should iefei to the same login name and the same peison on eveiy machine. Failuie
to maintain distinct IIIs can iesult in secuiity pioblems with systems such as NFS
and can also iesult in confusion when a usei moves fiom one woikgioup to anothei.
2
It can be haid to maintain unique UIIs when gioups of machines aie administeied
by diffeient people oi oiganizations. The pioblems aie both technical and political.
The best solution is to have a cential database that contains a iecoid foi each usei
and enfoices uniqueness. (We use a home-giown database to addiess this pioblem.)
A simplei scheme is to assign each gioup within an oiganization a iange of UIIs
and let each gioup manage its own set. This solution keeps the UII spaces sepaiate
(a iequiiement if you aie going to use NFS to shaie filesystems) but does not addiess
the paiallel issue of unique login names. IIAP is becoming a populai management
tool foi UIIs as well.
0efau|t 6I0 number
Iike a UII, a gioup II numbei is ?2-bit integei. CII 0 is ieseived foi the gioup
called "ioot". CII 1 is the gioup "bin" and CII 2 is the gioup "daemon".
infcrmaticn abcut set-
gid directcries.
Cioups aie defined in /etc/group, with the CII field in /etc/passwd pioviding the
default (oi "effective") CII at login time. The default CII is not tieated specially
when access is deteimined;
?
it is ielevant only to the cieation of new files and diiec-
toiies. New files aie noimally owned by the usei's effective gioup. Howevei, in diiec-
toiies on which the setgid bit (02000) has been set and on filesystems mounted with
the grpid option, new files default to the gioup of theii paient diiectoiy.
2. Anoihei NFS-ielaied issue is ihe "nobody" UII ihai is iiadiiionally used io hampei access by iemoie
iooi useis. See page 488 foi deiails.
3. Linux consideis all gioup membeiships when peifoiming access calculaiions. Keinels befoie 2.6.4
allow a maximum of 32 gioup membeiships, bui moie ieceni keinels impose no limii.
6CUS f|e|d
4
The CECOS field is commonly used to iecoid peisonal infoimation about each usei.
It has no well-defined syntax. The CECOS field oiiginally held the login infoimation
needed to tiansfei batch jobs fiom UNIX systems at Bell Iabs to a mainfiame iun-
ning CECOS (the Ceneial Electiic Compiehensive Opeiating System); these days,
only the name iemains. A few piogiams will expand an '&' in the CICUS field to the
usei's login name, which saves a bit of typing. Both finger and sendmail peifoim
this expansion, but many piogiams do not. It's best not to iely on this featuie.
Although you can use any foimatting conventions you like, finger inteipiets comma-
sepaiated CECOS entiies in the following oidei:
Full name (often the only field used)
Office numbei and building
Office telephone extension
Home phone numbei

See page 52u fcr
mcre infcrmaticn
abcut IIAI.
The chfn command lets useis change theii own CECOS infoimation. chfn is useful
foi keeping things like phone numbeis up to date, but it can be misused: a usei can
change the infoimation to be eithei obscene oi incoiiect. Most college campuses
disable chfn. CECOS infoimation is the peifect candidate foi IIAPification.
home d|rectory
Isers' shells are cd'ed to their home directories when they log in. If a user's home
directory is missing at login time, the system piints a message such as "no home
diiectoiy."
5
If DL!AULT_HOML is set to ro in /etc/login.defs, the login will not be
allowed to continue; otheiwise, the usei will be placed in the ioot diiectoiy.
Be awaie that if home diiectoiies aie mounted ovei a netwoik filesystem, they may
be unavailable in the event of seivei oi netwoik pioblems.
Log|n she||
The login shell is noimally a command inteipietei such as the Bouine shell oi the C
shell (/bin/sh oi /bin/csh), but it can be any piogiam. bash is the default and is used
if /etc/passwd does not specify a login shell. On Iinux systems, sh and csh aie ieally
just links to bash (the CXI "Bourne again" shell) and tcsh (a superset of the C shell),
respectively. Many distiibutions also piovide a public-domain veision of the Koin
shell, ksh.
Useis can change theii shells with the chsh command. The file /etc/shells contains a
list of "valid" shells that chsh will peimit useis to select; SUSE enfoices this list, but
4. When Honeywell iook ovei ihe compuiei division of CE, CECOS was changed io CCOS; boih spellings
suivive ioday
5. This message appeais when you log in on ihe console oi on a ieiminal, bui noi when you log in
ihiough a display managei such as xdm, gdm, oi kdm. Noi only will you noi see ihe message, bui you
will geneially be logged oui immediaiely because of ihe display managei's inabiliiy io wiiie io ihe
piopei diiecioiy (e.g., ~/.gnome).
6.2 Jhe /etc/shadow file 99
Red Hat just wains you if the selected shell is not on the list. If you add entiies to the
shells file, be suie to use absolute paths since chsh and othei piogiams expect them.
6.2 1h /1C/ShA0Uw IIL
The /etc/shadow file is ieadable only by the supeiusei and seives to keep enciypted
passwoids safe fiom piying eyes. It also piovides account infoimation that's not
available fiom /etc/passwd. The use of shadow passwoids is standaid on some dis-
tiibutions and configuied as an optional package on otheis. Even when shadow
passwoids aie optional, it's a good idea to tieat them as if they weie standaid.
When shadow passwoids aie in use, the old-style passwoid fields in /etc/passwd
should always contain an x.
The shadow file is not a supeiset of the passwd file, and the passwd file is not gen-
eiated fiom it; you must maintain both files (oi use tools such as useradd that main-
tain them both on youi behalf). Iike /etc/passwd, /etc/shadow contains one line foi
each usei. Each line contains nine fields, sepaiated by colons:
Iogin name
Enciypted passwoid
Iate of last passwoid change
Minimum numbei of days between passwoid changes
Maximum numbei of days between passwoid changes
Numbei of days in advance to wain useis about passwoid expiiation
Numbei of days aftei passwoid expiiation that account is disabled
Account expiiation date
A ieseived field that is cuiiently always empty

See page 1u9 fcr
mcre infcrmaticn
abcut usermod.
The only fields that aie iequiied to be nonempty aie the useiname and passwoid.
Absolute date fields in /etc/shadow aie specified in teims of days (nct seconds)
since Jan 1, 1970, which is not a standaid way of ieckoning time on UNIX systems.
Foitunately, you can use the usermod piogiam to set the expiiation field.
A typical shadow entiy looks like this:
niller.$l$bu[ov3Cl$BvLlo!SeaClNv.OLzD3T0.l3348.0.l80.l4. .l44.
Heie is a moie complete desciiption of each field:
The login name is the same as in /etc/passwd. This field connects a usei's
passwd and shadow entiies.
The enciypted passwoid is identical in concept and execution to the one

pieviously stoied in /etc/passwd.
The last change field iecoids the time at which the usei's passwoid was last
changed. This field is geneially filled in by passwd.
The fouith field sets the numbei of days that must elapse between passwoid
changes. The idea is to foice authentic changes by pieventing useis fiom
immediately ieveiting to a familiai passwoid aftei a iequiied change. How-
evei, we think this featuie could be somewhat dangeious when a secuiity
intiusion has occuiied. We iecommend setting this field to 0.
The fifth field sets the maximum numbei of days allowed between pass-
woid changes. This featuie allows the administiatoi to enfoice passwoid
aging; see page 680 foi moie infoimation. The actual enfoiced maximum
numbei of days is the sum of this field and the seventh (giace peiiod) field.
The sixth field sets the numbei of days befoie passwoid expiiation that the
login piogiam should begin to wain the usei of the impending expiiation.
The seventh field specifies how many days aftei the maximum passwoid
age has been ieached to wait befoie tieating the login as expiied. The
exact puipose of this featuie is not cleai.
The eighth field specifies the day (in days since Jan 1, 1970) on which the
usei's account will expiie. The usei may not log in aftei this date until the
field has been ieset by an administiatoi. If the field is left blank, the account
will nevei expiie.
The ninth field is ieseived foi futuie use.

Now that we know what each of the fields means, let's look at oui example line again:
niller.$l$bu[ov3Cl$BvLlo!SeaClNv.OLzD3T0.l3348.0.l80.l4. .l44.
In this example, the usei milleit last changed his passwoid on July 18, 2006. The
passwoid must be changed again within 180 days, and milleit will ieceive wainings
that the passwoid needs to be changed foi the last two weeks of this peiiod. The
account expiies on Iecembei ?1, 2010.
You can use the pwconv utility to ieconcile the contents of the shadow file to those
of the passwd file, picking up any new additions and deleting useis that aie no longei
listed in passwd. pwconv fills in most of the shadow paiameteis fiom defaults spec-
ified in /etc/login.defs.
The following example illustiates the foimat of the login.defs file. The comments
do a good job of explaining the vaiious paiameteis. This paiticulai example is fiom
a Fedoia system; the default contents vaiy quite substantially among distiibutions,
as do the paiameteis that can be specified.
= RLQUlRLD
= Direcory vlere nailboxes reside, _or_ rane o ile, relaive o le
= lone direcory. l you _do_ deire bol, MAlL_DlR ales recederce.
= QMAlL_DlR is or Qnail
= QMAlL_DlR Maildir
MAlL_DlR /var/sool/nail

Linux1 100

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Linux1 100

Uploaded by

Copyright:

Available Formats

5C7l0N 0N

It ieviews the majoi administiative systems, identifying the diffeient

It intioduces geneial administiative techniques that we have found,

It summaiizes common pioceduies so that you don't have to dig thiough

Is this distiibution going to be aiound in five yeais?

Is this distiibution going to stay on top of the latest secuiity patches?

Is this distiibution going to ielease updated softwaie piomptly?

If I have pioblems, will the vendoi talk to me?

Anything between squaie biackets ("[" and "]") is optional.

Anything followed by an ellipsis (".") can be iepeated.

A stai (') matches zeio oi moie chaiacteis.

A question maik (?) matches one chaiactei.

-user means the home diiectoiy of user.

Manual pages (man pages), iead with the man command

Texinfo documents, iead with the info command

HOWTOs, shoit notes on vaiious subjects (www.tdlp.oig)

Cuides, longei tieatises on vaiious subjects (www.tdlp.oig)

Web pages associated with specific softwaie piojects

www.ugu.com - the UNIX Cuiu Univeise; lots of stuff foi sysadmins

www.stokely.com - a good collection of links to sysadmin iesouices

www.tucows.com - Windows and Mac softwaie, filteied foi quality

slashdot.oig - "the place" foi geek news

www.cpan.oig - a cential souice foi Peil sciipts and libiaiies

secuiityfocus.com - secuiity info; huge, seaichable vulneiability database

Usei voodoogiaphia: the compulsive cieation of voodoo-doll iepiesenta-

Idiopathic anal tapeieadaplexia: the sudden, late-night uige to mount

Scientifica inapplicia: the stiong desiie to violently shake fellow system

8oot/oq aod 5butt/oq 0owo

Ioading and initialization of the keinel

Ievice detection and configuiation

Cieation of keinel thieads

Opeiatoi inteivention (manual boot only)

Execution of system staitup sciipts

Setting the name of the computei

Setting the time zone

Checking the disks with fsck (only in automatic mode)

Mounting the system's disks

Removing old files fiom the /tmp diiectoiy

Configuiing netwoik inteifaces

Staiting up daemons and netwoik seivices

Ievel 0 is the level in which the system is completely shut down.

Ievel 1 oi S iepiesents single-usei mode.

Ievels 2 thiough 5 aie multiusei levels.

Ievel 6 is a "ieboot" level.

The network-scripts diiectoiy contains additional mateiial ielated to net-

Tuining off the powei

Using the shutdown command

Using the halt and reboot commands

Using telinit to change init's iun level

Changing the ioot diiectoiy of a piocess with chroot

Cieating device files

Setting the system clock

Raising iesouice usage limits and piocess piioiities

Setting the system's hostname

Configuiing netwoik inteifaces

Opening piivileged netwoik poits (those numbeied below 1,024)

Shutting down the system

At least eveiy thiee months oi so

Whenevei you think secuiity may have been compiomised

The useis to whom the line applies

The hosts on which the line should be heeded

The commands that the specified useis can iun

The useis as whom the commands can be executed