LINUX+

Open-Source Software

Rajat Goyal
 Acknowledgement
I’d like to thank the pioneers of our industry
for blazing the trail and mapping the path to success,
vision, courage, perseverance and guide us to
perceive the future of Computing
through an Operating System which we call it as
“LINUX”

Also,
I’d like to dedicate this to
my Parents and Teachers for providing
a model of solid values and
hard work for me to the path of Computing.

-- Rajat Goyal

2
Table of Contents
1. Linux : Overview……………………………………………………………………………………….4 - 10
 Introduction to Linux
 Why we use Linux
 Features of Linux
 Linux v/s Windows
 Linux Flavors

2. History of Linux……………………………………………………………………………………….11 - 18
 Founders : Overview
 Generation & Development
 Linux Desktop

3. Open Source Software Development……………………………………………………..19 - 23

 Open Source Software
 Developer/Licensor
 Examples of Open Source Software
 Preference Reasons for using Open Source Software

4. Linux Architecture…………………………………………………………………………………..24 - 56

3
 Linux : Overview
Introduction to Linux
Linux is a generic term referring to “Unix-Like”
computer operating system based on Linux kernel. Linux is
a freely distributed operating system that runs on multiple
hardware platforms, which means that it is free and open-
source software in which all the underlying source code can
be used, freely modified, and redistributable by anyone
under the terms of the GNU/GPL and other free licenses.
Linux is a complete multitasking and multiuser operating system
based on Linux kernel. The Linux kernel was originally developed for the Intel
80386 with multitasking operations which is one of its best features. The
kernel is the code that controls the interface between user programme and
hardware devices.
A Linux-based system is a modular Unix-like operating system. It
derives much of its basic design from principles established in UNIX during
the 1970s and 1980s. Such a system uses a monolithic kernel, the Linux
kernel, which handles process control, networking, and peripheral and file
system access. Device drivers are integrated directly with the kernel.
Separate projects that interface with the kernel provide much of the
system's higher-level functionality. The GNU user land is an important part of
most Linux-based systems, providing the most common implementation of
the C library, a popular shell, and many of the common UNIX tools which
carry out many basic operating system tasks. The graphical user interface (or
GUI) used by most Linux systems is based on the X Window System.

4
Why we Use Linux
This Unix-like open source software is widely used for the following
many reasons:

 A Linux distribution has software worth thousands of dollars, for

virtually no cost.

 Linux operating system is reliable, stable, and very powerful.

 Linux comes with a complete development environment, including

compilers, toolkits, and scripting languages.

 Linux comes with networking facilities, allowing you to share hardware.

 Linux utilizes your memory, CPU, and other hardware to the fullest.

 A wide variety of commercial software is also available.

 Linux is very easily upgradeable.

 Supports multiple processors as standard.

 True multitasking. So many apps, all at once.

 The GUIs are more powerful than Mac!

5
Features of Linux
The Basic features of Linux which defines this software in a more
fruitful manner which are as follows:

 Open source development model.

 Supports wide variety of hardware.

 Supports many networking protocols and configurations.

 Supports more File systems.

 Linux has a reputation for fewer bugs (programming mistakes) than

Windows.

 True multitasking.

 X Windows System - A graphical user interface similar to windows, but

supports remote sessions over a network.

 Advanced server functionality,

 FTP server
 Telnet server
 BOOTP server
 DHCP server
 Samba server

6
 After installation you can create logins for different users.

 Each user may login by his/her own login and password – own login area.

 Upon login, default directory is home directory of the user.

 Linux/Unix is case sensitive i.e. WHO is not same as who

 UNIX shell is a command program to communicate with a computer.

 Shell interprets the command that you enter on keyboards.

 Shell commands can be used to automate various programming tasks.

 Linux/UNIX has powerful text processing tools which are highly suited to
working with sequence data

 Linux/Unix is very stable - computers running Linux/Unix almost never crash.

 Linux/Unix is very efficient

 It gets maximum number crunching power out of your processor (and
multiple processors)
 It can smoothly manage extremely huge amounts of data
 It can give a new life to otherwise obsolete Macs and PCs

 It is easy for the programmers.

7
‘Linux’ v/s ‘Windows’
Windows Linux
Windows is considered a Single-User, Multi- Linux is considered a Multi-User,
Tasking OS. Multi-Tasking OS.
It enables one user to perform multiple It allows multiple different users to
tasks at once, but does not allow perform tasks simultaneously, and
multiple different users. ensures they do not interfere with each
other
Windows supports the FAT and NTFS file Linux supports a wide variety of file
systems. systems, including FAT, NTFS, ext/3/4,
ReiserFS, XFS, JFS, and many others.
Some ability to expand support via new Adding support for new ones is as easy as
drivers. a kernel recompile.
MSRP for Windows Vista Home Basic is MSRP for most Linux distributions is
$199.95 $free.
MSRP for Windows Server 08 Std is $999 However, most of the time support is not
for five access licenses. Additional access free and must be paid for.
licenses are $199 for 5.
Open Source Development Model and so It is not an open source and hence
the programmer can redesign the OS. cannot be redesigned by the
programmer.
Linux is robust and very much secure from Windows gets affected by virus very
virus. easily.
The Linux server has surpassed windows Security is the main issue which has made
server operating system in security. windows to think to survive.
There are 250000+ developers behind Linux Compared to Linux, a window is
for open source deployment. developed by few thousands of people.

8
Linux Flavors

 Red hat Linux (Red hat)

 SuSE Linux (Novell)

 Fedora Linux

 Caldera Linux

 Mandrake Linux

9
 Turbo Linux

 Slack ware Linux Project

 Knoppix Linux Live

File system

 Ubuntu Linux

 AsiaNux Linux

10
 History of Linux
Founders: Overview
The UNIX operating system was conceived and implemented in the
1960s and first released in 1970. Its wide availability and portability meant
that it was widely adopted, copied and modified by academic institutions and
businesses, with its design being influential on authors of other systems.
The GNU Project, started in 1984 by Richard Stallman, had the goal
of creating a "complete Unix-compatible software system”, composed
entirely of free software. The next year Stallman created the Free Software
Foundation and wrote the GNU General Public License (GNU GPL) in 1989.
Linus Torvalds has said that if the GNU kernel had been available at the time
(1991), he would not have decided to write his own.
In 1991 while attending the University of Helsinki, Torvalds began to
work on a non-commercial replacement for MINIX, which would eventually
become the Linux kernel.

Linus Benedict Torvalds

The Linux operating system (OS) was first

coded by a Finnish computer programmer called Linus
Benedict Torvalds in 1991, when he was just 21! He
had got a new 386, and he found the existing DOS and
UNIX too expensive and inadequate.
Linus Benedict Torvalds (born December 28, 1969) began the
development of Linux, an operating system kernel, and today acts as the

11
project coordinator.
Inspired by Minix (a kernel and operating system developed by
Andrew Tanenbaum), he felt the need for a capable UNIX operating system
that he could run on his home PC. Torvalds did the original development of
the Linux kernel primarily in his own time and on his equipment.
The Linux operating system (OS) was first coded by a Finnish
computer programmer called Linus Benedict Torvalds in 1991, when he was
just 21! He had got a new 386, and he found the existing DOS and UNIX too
expensive and inadequate.
In those days, a UNIX-like tiny, free OS called Minix was extensively
used for academic purposes. Since its source code was available, Linus
decided to take Minix as a model.

Richard Matthew Stallman

Richard Matthew Stallman (born March

16, 1953), often abbreviated to "rms", is an
American software freedom activist, hacker, and
software developer. In September 1983, he
launched the GNU Project to create a free Unix-
like operating system, and has been the project's
lead architect and organizer. With the launch of
the GNU Project, he started the free software movement and, in October
1985, set up the Free Software Foundation.
Stallman pioneered the concept of copyleft and is the main author
of several copyleft licenses including the GNU General Public License, the
most widely used free software license. Since the mid-1990s, Stallman has
spent most of his time advocating for free software, as well as campaigning

12
against both software patents and what he sees as excessive extension of
copyright laws. Stallman has also developed a number of pieces of widely-
used software, including the original Emacs, the GNU Compiler Collection,
and the GNU Debugger. He co-founded the League for Programming
Freedom in 1989.

Andrew Stuart Tanenbaum

Andrew Stuart "Andy" Tanenbaum

(sometimes referred to by the handle AST)
(born March 16, 1944) is a professor of
computer science at the Vrije Universiteit,
Amsterdam in the Netherlands. He is best
known as the author of MINIX, a free Unix-like operating system for
teaching purposes, and for his computer science textbooks, regarded as
standard texts in the field. He regards his teaching job as his most important
work.
Tanenbaum was born in New York City and grew up in suburban
White Plains, New York. He received his B.Sc. degree in Physics from MIT in
1965. He received his Ph.D. degree in physics from the University of
California, Berkeley in 1971. He moved to the Netherlands to live with his
wife, who is Dutch, but he retains his United States citizenship. He teaches
courses about Computer Organization and Operating Systems and supervises
the work of Ph.D. candidates at the VU University Amsterdam.

13
Generation & Development
A Linux-based system is a modular Unix-like operating system. It
derives much of its basic design from principles established in UNIX during
the 1970s and 1980s. Such a system uses a monolithic kernel, the Linux
kernel, which handles process control, networking, and peripheral and file
system access. Device drivers are integrated directly with the kernel.
Separate projects that interface with the kernel provide much of the
system's higher-level functionality. The GNU user land is an important part of
most Linux-based systems, providing the most common implementation of
the C library, a popular shell, and many of the common Unix tools which
carry out many basic operating system tasks. The graphical user interface (or
GUI) used by most Linux systems is based on the X Window System.

UNIX
Unix (officially trademarked as UNIX, sometimes also written as
UNIX with small caps) is a computer operating system originally developed in
1969 by a group of AT&T employees at Bell Labs, including Ken Thompson,
Dennis Ritchie, Brian Kernighan, Douglas McIlroy, and Joe Ossanna. Today's
UNIX systems are split into various branches, developed over time by AT&T
as well as various commercial vendors and non-profit organizations.
As of 2007, the owner of the trademark is The Open Group, an
industry standards consortium. Only systems fully compliant with and
certified according to the Single UNIX Specification are qualified to use the
trademark; others are called "Unix system-like" or "Unix-like".

14
 UNIX operating systems are widely used in both servers and
workstations. UNIX was designed to be portable, multi-tasking and multi-
user in a time-sharing configuration. In 1983, Richard Stallman announced
the GNU project, an ambitious effort to create a free software Unix-like
system; "free" in that everyone who received a copy would be free to use,
study, modify, and redistribute it. The GNU project's own kernel
development project, GNU Hurd, had not produced a working kernel, but in
1992 Linus Torvalds released the Linux kernel as free software under the
GNU General Public License. In addition to their use in the Linux operating
system, many GNU packages — such as the GNU Compiler Collection (and
the rest of the GNU toolchain), the GNU C library and the GNU core utilities
— have gone on to play central roles in other free Unix systems as well.

MINIX
MINIX is a Unix-like computer operating system based on
microkernel architecture. Andrew S. Tanenbaum wrote the operating
system to be used for educational purposes; MINIX also inspired the creation
of the Linux kernel. Its name is a portmanteau of the words minimal and
UNIX. Minix has been free and open source software since it was released
under the BSD license in April 2000.
Andrew S. Tanenbaum created MINIX at Vrije Universiteit in
Amsterdam to exemplify the principles conveyed in his textbook, Operating
Systems Design and Implementation (1987). An abridged 12,000 lines of the C
source code of the kernel, memory manager, and file system of MINIX 1.0
are printed in the book. Prentice-Hall also released MINIX source code and
binaries on floppy disk with a reference manual. MINIX 1 was system-call
compatible with Seventh Edition Unix.

15
LINUX
A Linux-based system is a modular Unix-like operating system. It
derives much of its basic design from principles established in UNIX during
the 1970s and 1980s. Such a system uses a monolithic kernel, the Linux
kernel, which handles process control, networking, and peripheral and file
system access. Device drivers are integrated directly with the kernel.
Separate projects that interface with the kernel provide much of the
system's higher-level functionality. The GNU userland is an important part of
most Linux-based systems, providing the most common implementation of
the C library, a popular shell, and many of the common Unix tools which
carry out many basic operating system tasks. The graphical user interface (or
GUI) used by most Linux systems is based on the X Window System.
Linux distributions, comprising Linux and large collections of
compatible software have become popular both with individual users and in
business. Popular distributions include Red Hat Enterprise Linux, Fedora,
SUSE Linux Enterprise, openSUSE, Debian GNU/Linux, Ubuntu, Mandriva
Linux, Slackware Linux and Gentoo.

Linux Desktops

Desktops

GNOME KDE

16
GNOME
GNOME is a desktop environment—a
graphical user interface which runs on top of a
computer operating system—composed entirely of
free software. It is an international project that
includes creating software development frameworks,
selecting application software for the desktop, and working on the
programs which manage application launching, file handling, and window
and task management.
GNOME is part of the GNU Project and can be used with various
Unix-like operating systems, most notably those built on top of the Linux
kernel and the GNU userland, and as part of Java Desktop System in Solaris.

KDE
KDE is a free software project based around its
flagship product, a desktop environment mainly for
Unix-like systems. The goal of the project is to provide
basic desktop functions and applications for daily needs as well as tools and
documentation for developers to write stand-alone applications for the
system. In this regard, the KDE project serves as an umbrella project for
many standalone applications and smaller projects that are based on KDE
technology. These include KOffice, KDevelop, Amarok, K3b and many others.
KDE software is based on the Qt toolkit. The original GPL version of this
toolkit only existed for the X11 platform, but with the release of Qt 4, GPL
versions are available for all platforms. This allows KDE software based on Qt
4 to also be distributed to Microsoft Windows and Mac OS X.

17
 Desktops

GNOME KDE

18
 Open Source Software
Development

Developed on the Web No Single Vendor

Low Cost Multi-Platform

Community Small & Modular

Developed & Owned

Standards Based

19
Open Source Software
In 1979, AT&T introduces their Unix License, which is actually even by
today is pretty much expensive. For educational institutions, you can get one
CPU license for 7500 Dollars (Rs. 3,75,000) per CPU and if you want a full
commercial license, it will cost you around 60,000 Dollars (Rs. 30,00,000) per
CPU.
Richard Matthew Stallman, an American Software freedom activist, a
hacker and software developer, started the Free Software Foundation and
the GNU Project. He pioneered and created GPL (General Public License) for
the GNU Project, which is a widely used free software license and is the most
popular and well-known example of Copyleft license. Stallman’s goal was to
produce one license that could be used for any project, thus making it
possible for many projects to share code. This Software Foundation is
designed to promote Free and Open source software or software which is
liberally licensed to grant the right of users to study, change, and improve its
design through the availability of its source code.
Open Source is a term, developed in 1997, to represent free software
that is distributed with the source files. End users can modify and recompile
the software to meet their needs. For instance:-
for x:= 0 to 100 do
{
if x == 50
print “halfway done”
else
print x
}

20
 Closed Source means any software that is distributed without the
source files. End users cannot modify and recompile the software according
to their needs. For instance:-
00011101010111110000100011111000011100111110000000111111010101
010101100110010101010101011111001110101011111111000001111110000
1111000011111110010101010100101110011001010111010000001011010
01010101010101101010001111100100000000001111000011100001001
01010111010101011001111000011100011111000111110000011111000011
11111000111100011010101010100011111001010101010111100001010101
010010001001110101010001001011010101010101010101010101010101

Copyleft: - Copyleft is a play on the word copyright to describe the practice

of using copyright law to remove restrictions on distributing copies. It is a
form of licensing and can be used to modify copyrights for works such as
computer software, documents, music and art.

GNU General Public License: - The GPL grants the recipients of a

computer program the rights of the free software definition and uses
copyleft to ensure the freedoms are preserved, even when the work is
changed or added to.

Open Source software is software licensed under an agreement that

conforms to the Open Source definition:
 Access to Source code.
 Freedom to Redistribute.
 Freedom to Modify.
 Non-Discriminatory Licensing (licensee/product).
 Integrity of Authorship.
 Redistribution in accordance with the Open Source License Agreement.

21
Developer/Licensor
Any Developer/Licensor can draft an agreement that conforms to the
Open Source Development, though most licensors use existing agreements

 GNU Public License (“GPL”)

 Lesser/Library GNU Public License (“LGPL”)

 Mozilla Public License.

 Berkeley Software Distribution License (“BSD”)

 Apache Software License.

 Two widely used open source licenses have “Copyleft” provisions.

 GNU Public License (“GPL”)
 Lesser GNU Public License or Library GNU Public License (“LGPL”)

 Most Other licenses do not have Copyleft terms.

 Project-Based Development by Informal Networks

 Maintainers
 Corporations (IBM, HP, Sun)
 Non-Profit Foundations (Apache Software Foundation)
 Individuals (Linus Torvalds)
 Contributors
 Users

 Distribution, Updates and Upgrades.

 Third Party Vendors

22
Examples of Open Source Software
 Linux (Operating system kernel-substitutes for proprietary UNIX)
 Apache Web Server (Web Server for UNIX systems)
 MySQL (Structured Query Language – competes with Oracle)
 Cloudspace, Eclipse (IBM contributions)
 OpenOffice (Open source implementation of Sun’s StarOffice)

Preference Reasons for using Open Source Software

 Cost Savings.

 Stability.

 No forced upgrades.

 Access and broad rights to source code.

 Ability to define and expedite new development.

 Access to skilled community of developers.

 Migration cost.

 Copyleft provisions of GPL, LGPL and similar licenses.

 Uncertainty about open development model.

23
 Linux Architecture
Particulars
I. Component Facts. 25

II. Directory Contents. 27

III. Computer Roles. 28

IV. Installation Facts. 29

V. Users & Groups. 31

VI. Managing the File System. 35

VII. Services. 43

VIII. Boot & Shutdown. 45

IX. Networking. 47

X. Security. 52

XI. Troubleshooting. 53

24
 I. Component Facts
The Linux operating system is a modular system, which means that the
components can function without affecting one another. Because of its modular
nature, you can create a highly customized Linux operating system based on your
individual requirements. The table below lists the modules typical to Linux. Each
component (or set of components) is generally developed independently, and
each component offers functionality while minimally affecting the other
components.

Component Description Examples

Kernel  The kernel is the core component of the The kernel is constantly being updated.
operating system. Current and previous kernel versions can
 The kernel coordinates communication be found at www.kernel.org.
between the hardware and other software
components.
 The kernel is the only component that is
technically Linux. All other components are add-
ons that turn the system into a fully-functional
operating system.
Shell  The shell is the user interface that accepts and bash (Bourne-Again Shell) is the most
interprets commands (either from a command common (and default) Linux shell. It is an
prompt or a script) and forwards them to the enhancement of the original Bourne shell
kernel. (sh).
 A Linux shell is comparable to the DOS tcsh is an enhanced version of the
interpreter/DOS prompt. Berkeley UNIX C-shell (csh).
Graphical User  The GUI is responsible for drawing graphicalXWindows is the most common GUI
Interface (GUI) elements on the computer screen. system. X Windows works in conjunction
 The Linux GUI was designed to work the same with an X Client to render the GUI. X
way regardless of the video hardware on the Windows is capable of running as a
computer system server and sending the GUI images to
separate machines running an X Client.
Xfree86 is the most common X Client

25
Window  A Windows emulator is an implementation of KDE (Kommon Desktop Environment),
Manager/Desktop the Microsoft Windows API. which uses the K Window Manager
Environment  The emulator lets you run Windows applications (kwm) and comes with the Qt toolkit
on Linux without running the Windows for C++.
operating system. GNOME (GNU Object Model
Environment) does not specify a
window manager because its design
allows use of any window manager.
However, it does use Metacity as a
default window manager in the absence
of a window manager. GNOME requires
the use of the GIMP Toolkit (GTK) to
render the full GNOME desktop.
Boot Loader  A boot loader runs after the system executes LILO (LInux LOader) is the most
the BIOS ROM and POST functions. common bootloader.
 It loads the Linux kernel from the boot partition
GRUB (GRand Unified Bootloader) is a
on the hard disk. new bootloader that offers extra
 It is also used to boot other operating systems functionality.
present on the computer.
Daemons  Daemons are programs that run in the File/Print Services SMB/Samba
(Services) background, providing additional functionality NFS
to a system.
 The Windows equivalent of a daemon is a Print services LPR
service. CUPS
Web Server Apache
Tomcat
Domain Name Service BIND
(DNS)
E-mail Sendmail
Postfix
Firewall ipchains
Smoothwall
Astaro Security
Linux
Proxy Server Squid

26
 II. Directory Contents
The unified file system uses a single root directory that contains various other
directories. File systems from other hard drive partitions mount to directories beneath
the root directory, providing access to a single directory structure.

Directory Description
/ The / character represents the root directory of the Linux system. All directories are below the / (root
directory) of the system.
/bin The /bin directory contains binary commands that are available to all users.
/boot The /boot directory contains the kernel and boot loader files.
/dev The /dev directory contains device files.
/etc The /etc directory contains configuration files specific to the system.
/home The /home directory contains by default the user home directories.
/initrd The /initrd directory is used during the boot process to hold the initial RAM drive image.
/lib The /lib directory contains shared program libraries and kernel modules.
/media The /media directory contains the /cdrom and /floppy directories. It is the point where CD-ROM and
floppy drives can be mounted according to the FHS (Filesystem Hierarchy Standard) v2.3.
/mnt The /mnt directory is an empty directory. This was the mount point for CD-ROM and floppy drives prior to
FHS v2.3.
/opt The /opt directory contains the additional programs.
/proc The /proc directory contains information about the system state and processes.
/root The /root directory is the root user's home directory. Do not confuse /root with the root of the system (/).
/sbin The /sbin directory contains system binary commands.
/srv The /srv directory contains files for services like the FTP and Web servers.
/sys The /sys directory is new with release 2.6. It takes some of the system state date that was previously
contained in /proc.
/tmp The /tmp directory contains temporary files created by programs during system use.
/usr The /usr directory contains system commands and utilities. /usr holds the following directories:
 /usr/bin
 /usr/lib
 /usr/local
 /usr/sbin
 /usr/X11R6 (for the X Window system)
Depending on the implementation, the /usr directory might also include the /usr/doc subdirectory (or
/usr/share/doc subdirectory) to hold documentation accessible to all users.
/var The /var directory contains data files that change constantly. Standard subdirectories include:
 /var/mail (holds e-mail in boxes)
 /var/spool (holds files waiting for processing, such as print jobs or scheduled jobs)
 /var/www (holds www or proxy cache files)

27
 III. Computer Roles
Before you install Linux, you should know how you'll use the system. The
way the system is used will determine what kinds of components you should
select to install. The table below lists common deployments for Linux systems and
the components those deployments should include.
Role Description
Desktop A desktop implementation is targeted to the
end-user in environments such as home-based
computers (for gaming, multi-media, or Web
surfing) or home offices.
Workstation A workstation implementation is for large
corporate installation, system administrators,
or developers. Office workstations often have
more business productivity applications while
workstations for software developers and
system administrators have tools for creating
and compiling software and administering
network resources.
Server A server provides networking services to
multiple users or to other computers. Because
end users do not typically log on to a server
directly, graphical and multimedia
components are often not installed on servers
to conserve system resources and eliminate
sources of problems. Linux can provide many
different services (e.g., file, email, and Web
services) on one machine unless it is being
accessed by a very large number of people.
28
Common Components
 Graphical desktop
 Web browser (like Mozilla)
 E-mail client
 Productivity tools (an office productivity
suite like GNOME Office, for example)
 Sound, graphics, and video support
 Gaming support
 Word processor
 Database editor
 Desktop publishing applications
 Spreadsheet applications
 E-mail applications
 Development tools
 System administration tools
 Mail services
 Routing
 Proxy service
 FTP service
 Web services (to allow users to access
information, like an online catalog for
example, through a Web browser)
 Network file system (NFS) (for file
sharing)
 Storage (e.g., an appliance server)
 Database services (for storing client
information, for example)
 IV. Installation Facts
Depending on your organization and how you will deploy Linux, you have
several choices of how to access the Linux source files to complete the
installation. Listed below are several different methods you can use. (Before
performing any installation, check the hardware compatibility list (HCL) for the
Linux version you've selected to make sure your system components are
supported.)

Installation File Description

Location
CD-ROM or Installation source files are on a disk or other removable media such as:
removable  USB, Firewire devices
media  Floppy, Zip disk (multiple disks might be required)
 CD-ROM
Use this method if you have access to portable installation source files.
Network Installation files are located on a shared directory on the network. To complete the installation,
you must:
1. Copy the source files to a shared network location.
2. Boot the computer to a limited version operating system with networking support
(typically from a boot floppy). Make sure the computer uses the appropriate protocols to
connect to the network share (FTP, SMB, NFS).
3. Connect to the network share and start the installation.
Using this method, the computer does not need a drive for accessing the installation files, and
you can start multiple installs with a single source.
Disk imaging Using disk imaging, you install Linux on one system. You then use imaging tools (or even
backup/restore utilities) to replicate the installation to other computers.
Use this method to install Linux quickly on multiple systems. In most cases, the hardware in each
system must be identical.

When you start the install program, you can often choose how to interact
with the installation program. The following table compares various methods.

29
Installatio Description
n Method
GUI install With the GUI method, you make installation choices using the mouse and keyboard from graphical
installation screen.
The GUI install is the default install for most distributions.
Text install A text install bypasses the GUI screens, giving you basic text screens instead.
Use the text install if the system has video card problems or low video support.
Scripted In a scripted installation, you answer all installation questions ahead of time. Your responses are
stored in a file that is then read by the install program. The installation progresses without
interaction.
Use this system for a fully automated install and to quickly install on multiple systems.

Although the installation process differs depending on the distribution, the

following list represents a fairly generic installation process you will follow:

1. Identify network requirements, select a distribution, identify the computer role, and verify that all
hardware meets system requirements
2. Select an installation file location and installation method
3. Start the installation
4. Choose the installation language and the system keyboard and mouse
5. Partition the hard disk
6. Configure the boot loader
7. Configure the network and firewall
8. Choose a system language and time zone
9. Create user accounts and configure authentication
10. Select components and services to install
11. Configure the video hardware
12. Install components and create boot disks
13. Select monitor and X Windows settings

During installation, the super user account, called the root user, is created.
Following installation, you can log on to Linux by typing root as the username and then
supplying the password you entered during installation.
Red Hat Linux provides you with the redhat-config-language command that runs with
an active X server occurrence to change the default language on your system after
installation.

Linux systems can determine the date and time in three ways:

30
  Set the system clock to GMT (Greenwich-Meridian time) and then use the
correct time zone to interpolate the local time.
 Set the system clock to the local time.
 NTP (network time protocol) to automatically synchronize the system date
and time with time servers on the network/Internet.

V. Users & Groups

User accounts control the ability to log on to a system, access resources, and
perform certain actions. Groups provide a means of grouping users for
administrative purposes such as assigning permissions to files.

When you work with users and groups, you will use a friendly name (such as
mary or sales) to refer to the user or group. However, the system uses ID
numbers to identify users and groups.

 The user ID (UID) and the group ID (GID) are typically automatically assigned by the
system (although in some cases you can modify the ID number if you like).
 The root user has a UID of 0.
 Users you create are assigned UIDs 500 and above.

Users can be members of two different group types:

 Primary group (also called the private group). By default, when you create a user, a
corresponding group is also created. The user is the only member of this group. When
you create files and directories, the primary group is automatically made the owner of
those files.
 Secondary groups. Secondary groups are groups you create. You assign members to
those groups, and then use permissions to control access to files.

Note: The primary group is just a group like any other group. The only difference is
that the user account specifically identifies the primary group for each user.
The user and group databases are stored in the following files:

31
File Description
/etc/passwd Holds user account information including the user name, UID, primary group membership, and the
home directory location.
/etc/shadow Holds passwords and password expiration information for user accounts. Using a separate file
increases the security of the user passwords.
/etc/group Holds group information including the group name, GID, and group membership information.
/etc/gshadow Holds passwords for groups.

 Users Command & Files

User account information is stored in two different files. The table below
describes these files and their sample content.

File Contents
/etc/passwd Each line identifies a user account.
Each line contains multiple fields, with each field separated by a colon.
Shown below is a sample line from the passwd file:

pclark:x:501:501:Petunia Clark:/home/pclark:/bin/bash

The fields within this line are as follows:

1. User account name.
2. Password. An x in the field indicates passwords are stored in the /etc/shadow file.
3. User ID number.
4. Primary group ID number, typically this number matches the UID number.
5. GECOS field, typically used for a description or the user's full name.
6. Path to the home directory.
7. Path to the default shell.
/etc/shadow Like the /etc/passwd file, each line corresponds to a user account.
Each line consists of fields separated by colons.
Shown below is a sample entry:

pclark:$ab7Y56gu9bs:12567:0:99999:7:::

1. User account name.

2. Password. The $ in front of the password identifies the password as an encrypted entry.

32
 3. Last change. The date of the most recent password change, measured in the number of days
since 1 January 1970.
4. Minimum password age. The minimum number of days the user must wait before changing
the password.
5. Maximum password age. The maximum number of days between password changes.
6. Password change warning. The number of days a user is warned before the password must be
changed.
7. Grace logins. The number of days the user can log in without changing the password.
8. Disable time. The number of days since 1 January 1970, after which the account will be
disabled.

Although it is possible to edit the passwd and shadow files manually to manage user accounts, doing
so can disable your system. Instead, use a GUI utility or the following commands to manage user accounts.

Use... To... Example

useradd name Create a user account. By default, when useradd pmaxwell creates the pmaxwell
you create a user account, you create a user account
home directory for that user with the same
name under /home/username.
useradd -c text name Add a description for the account in the
useradd -c "Paul Morrill" pmorril creates
GECOS field of /etc/passwd. the pmorril account with a comment
useradd -d path name Assign an absolute pathname to a custom
useradd -d /tmpusr/sales1 sales1 creates
home directory location. the sales1 user account with home
directory located at /tmpusr/sales1
useradd -u ID name Assign the user a custom UID. This is useful useradd -u 789 dphilips creates the
if you want to assign ownership of files and dphilips account with user ID 789
directories to a different user.
usermod name Modify an existing user account. usermod usermod -c "Paul Morril" pmorril changes
uses the same switches as useradd. the comment field for user pmorril
usermod -l newname Rename a user account. When renaming usermod -l esmith -d /home/esmith -m
name the account, use the -d switch to rename ejones renames the ejones account to
the home directory, and use the -m switch esmith, renames the home directory, and
to copy all files from the existing home moves the old home directory contents to
directory to the new home directory. the new location
usermod -s path name Modifies the default shell setting for the usermod -s /bin/tsch esmith points the
user account. shell for esmith to /bin/tsch
userdel name Remove the user from the system. userdel pmaxwell deletes the pmaxwell
account while leaving the home directory
on the system
userdel -r name Remove the user and the user's home userdel -r pmorril removes both the
directory. account and the home directory
Note: If you ever edit the user database files manually, use the vipw command. This command locks the user files and opens them
in vi for editing.

33
  Group Commands & Files

Group information is stored in two different files. The table below describes these files
and their sample content.

File Contents
/etc/group Each line identifies a group.
Each line contains multiple fields, with each field separated by a colon.
Shown below is a sample line from the passwd file:

sales:x:510:pclark,mmckay,hsamson

The fields within this line are as follows:

1. Group name.
2. Group password, this field will have an x if group passwords are contained in the gshadow
file.
3. Group ID.
4. Group members, a comma-separated list of user accounts that are members of the group.
/etc/gshadow Like the /etc/group file, each line corresponds to a group.
Each line consists of fields separated by colons.
Shown below is a sample entry:

sales:!:pclark:pclark,mmckay,hsamson

The fields within this line are as follows:

1. Group name
2. Group password. The group password allows users to add themselves as members of the
account. If the field contains a single exclamation point (!), the group account cannot be
accessed using the password. If the field contains a double exclamation point (!!), no
password has been assigned to the group account (and it cannot be accessed using the
password). If there is no value, only group members can log in to the group account.
3. Administrators. This field contains a list of users (in comma-delimited format) who have
authorization to administer the account.
4. Group members, a comma-separated list of user accounts that are members of the group.

Use the commands in the table below to manage Linux groups.

34
 Use... To... Example
groupadd name Create a group. groupadd sales creates the sales group
groupmod -n Change the name of a group. groupmod -n sales2 sales renames the sales group to sales2
newname name
groupdel name Delete a group. groupdel mktg deletes the mktg group
gpasswd name Change a group password (use Typing gpasswd sales prompts you to type the group
the -r option to remove a group password
password).
newgrp name Log in to a new group. You must Typing newgrp sales prompts you for the password for the
have the group password to sales group so you can log in
complete this command.
usermod -g Assign a user to a primary useradd -g pmaxwell pmaxwell assigns primary group
group user group. membership for user pmaxwell to the pmaxwell group
usermod -G Assign a user to a secondary usermod -G sales,mktg pmorril removes all existing group
group1,group2 group (or groups). Follow the assignments for pmorril and makes the user account a
user command with a comma- member of the sales and mktg groups. (You can remove a user
separated list of groups. from all secondary groups by using the command usermod -G
"" user.)
Note: When you assign a user to one or more secondary groups, all existing secondary group membership is removed
before assigning the user account to the listed groups.

VI. Managing the File system

 Permission Facts

Every file has an inode (information node) that stores information about the file,
including when the file was last modified, file size, data block location, permissions, and
ownership (remember, directories are also files in the Linux system). The portion of the inode
that stores permission information is called the mode. The mode has three sections:
 User (owner) permissions
 Group (group owner) permissions
 Other (everyone on the Linux system) permissions

There are three types of permissions contained in the mode, each of which is
described in the table below.

35
Permission Letter Octal Value Allowed Actions on Files Allowed Actions on Directories
Abbreviation
Read r 100 (binary) Open and read the file List directory contents if the
4 (decimal) execute permission is also present
Write w 10 (binary) Open, read, and edit the file Add, delete, and rename files if
2 (decimal) the execute permission is also
present
Execute x 1 (binary & Execute the file (if it's a Enter the directory and work with
decimal) program file) or the shell script its contents

When you identify permissions, you can either use the letter abbreviation (r, w, x), or
the octal number that corresponds to the permission. The following graphic shows a detailed
depiction of how permissions are displayed and how they can be referenced.

You should note the following facts about the mode:

 A d preceding the permissions indicates that the object is a directory. A - identifies a file
(the example above is for a file).
 Permissions are grouped according to user, group, or other permissions.
 If a permission has not been assigned, a - takes its place in order.
 When using numbers to represent permissions, add the decimal numbers together
within each permission group. Then string the numbers together. For example, the
permissions in the graphic above can be represented by the number 764.
 The root user has all permissions to files and directories regardless of what the mode
indicates.

36
Default Permissions and Umask

By default, files receive rw-rw-rw- (666) permissions, and directories receive

rwxrwxrwx (777) permissions when they are created. In most cases, the default assignment
gives excessive permission to files and directories.

You can customize the default permission assignments by setting a umask. The umask
identifies which permissions are removed from the default permissions when files and
directories are created. The following table shows what happens when you set a umask value
of 022.

Files Directories
Default 666 777
Permission rw-rw-rw- rwxrwxrwx
Umask 022
Result 644 755
rw-r--r-- rwxr-xr-x

In the example above, when you create a file, the umask value (022) is subtracted from
the default permissions for new files (666). This gives you permissions of 666 - 022 = 644 or
rw-r--r--.

Note: When subtracting permissions using the umask, use binary math (not decimal math) to
identify the exact permissions removed. Be sure to remove permissions from the system
defaults, not from all permissions (777 for both files and directories).

Additional examples of umask calculations are:

 A umask of 066 results in file permissions of rw-------- (600) and directory permissions of
rwx--x--x (711).
 A umask of 033 results in file permissions of rw-r--r-- (644) and directory permissions of
rwxr--r-- (744). Notice that the file permissions are not 633 as you would get if you
performed decimal math using the umask setting.
 A umask of 011 results in no changes to file permissions (the x permission is already
removed by default) and directory permissions of rwxrw-rw- (766).

37
  Ownership Facts

When a user creates a file (or directory), the user and the user's primary group
receive ownership for the file (or directory). File ownership determines which users are
allowed to change the file's ownership and permissions. Only a file owner and the root user
can change file ownership or permissions.

The three permission settings in the table below comprise a "fourth group" that also
affects file ownership. You need to understand how to work with these settings in
conjunction with permissions.

Setting Letter Abbreviation Octal Description

Abbreviation
SUID s in the execute permission 100 (binary) If the SUID bit is set, the program will run with the
(Set position of the user 4 (decimal) permissions of the file owner, not with the permissions of
User ID) permissions the user who runs the program.
Example: rwsrw-rw- The most common use of SUID is to allow users to run a
command as the root user. Users do not become the root
user, but rather the command or program runs as if
executed by the root user.
Some programs require the SUID bit set for proper
functionality.
Be careful in setting the SUID bit as it could give a program
too many permissions.
SGID s in the execute permission 10 (binary) If the SGID bit is set, the program will run with the group
(Set position of the group 2 (decimal) permissions of the group owner.
Group permissions This can also present security risks to your system.
ID) Example: rwxrwsrw-
Sticky t in the execute permission 1 (binary and This marks the file in such a way as to prevent the file's
Bit position of the other decimal) deletion from the system by anyone except the file owner.
permissions Setting the sticky bit works particularly well with shared
Example: rwxrw-rwt files.

Each fourth group setting precedes the standard octal representation of a set of permissions. For example:
 4421 sets the SUID
 2421 sets the SGID
 1421 sets the sticky bit
 6421 sets both the SUID and SGID
 7421 sets all three

38
 Permission Commands

The table below lists the most common commands for managing file permissions.

Use... To... Example

chmod Add a permission for a user, group, or chmod u+x,g+x,o+x myfile
category+permission other (category) to a file.
filename This syntax adds the execute permission to the file
myfile for user, group, and other.
chmod category Remove a permission for a user, chmod g-w,o-w myfile
permission filename group, or other from a file.
This syntax removes the write permission for group
and other from the file myfile.
chmod Makes the permission equal to the chmod u=rwx myfile
category=permission permission specified for the user,
filename group, or other for the file. This syntax grants the user read, write, and execute
permission for the file myfile.
chmod number Sets the permissions for the file chmod 711 myfile
filename according to the numbers
represented for each mode category. This syntax grants the user read, write, and execute
permission (7) while group and other both receive
execute permission (1) for the file myfile.
umask View the current umask setting 022 is the typical umask setting.
umask number Change the default umask (normally umask 007
022).
This syntax sets the umask to remove nothing from
the user or group but to remove all permissions from
other.

 Ownership Commands

The table below lists the most common commands for managing file ownership.

Use... To... Example

ls -l View a long file listing. A long file listing shows the ownership, drwxr-xr-x 22 root root 4096 Jun 19 15:01
permissions, and names for the files (among other sales
information).

39
chown user filename Change the ownership of a file (or chown pmorril /sales/report makes pmorril the
directory). Only the root user or owner of user owner of the /sales/report file
the file can execute this command.
chown -R user Change the ownership of the file recursively
chown -R pmorril /sales makes pmorril the
filename throughout the directory tree. owner of all files in the /sales directory (and
below)
chown user:group Change the user and group ownership of chown pmaxwell:sales /sales/report makes
filename the file. pmaxwell the user owner and sales the group
owner of the file
chown :group Change the group owner of a file. chown :sales -R /sales makes the sales group
filename the owner of all files in the /sales directory
chgrp group chgrp sales /sales/report makes the sales
filename group the group owner of the file

 File Management Commands

The table below lists the most common file management commands.

Use... To... Example

cat filename Append the second file to cat cam_proj new_specs combines the new_specs file with the
filename the end of the first and cam_proj file.
display the output on
screen.
cdrecord Write a file to a CD-RW cdrecord -v dev=0,0,0 speed=2 -
options device. data/home/jwalton/multimedia_project writes the
dev=#,#,# multimedia_project file to the CD-RW device as a data file. The -data
speed=# option creates a data cd, and the -audio option creates an audio cd.
filename The -v (verbose) option allows you to see recording progress.
cp source Copy a file to a new cp proj /ongoing/projects cp proj /ongoing/projects/proj
destination location. When you copy a Either command copies the proj file to the /ongoing/projects
file, you create a new file. directory.
File ownership and
permission comes from the
user who ran the cp
command.
Diff filename Find the differences diff cam_proj cam_proj1 finds the differences between the two
filename between two files. named files.
file View the file type(s) for the file /bin/* | less shows the file type for each of the files in the /bin
filename(s) designated file(s). directory. (This command pipes the output to less to allow you to
view each file line-by-line or page-by-page.)

40
ln filename Create a hard link between files. A ln /home/jsmith/projects/home/edunford/projects
filename hard link creates an exact copy of a creates an exact copy of /home/jsmith/projects in
file. You can create an unlimited /home/edunford/projects.
number of hard links to a file, but
they all have to be on the same file
system. Using the -s option allows
you to create a symbolic link to a file.
A symbolic link is a shortcut to the
original file.
mkdir directory Create a directory. mkdir projects creates a projects directory in the current
name working directory.
mkdir -p path Create a directory tree structure. mkdir -p completed/projects creates the
completed/projects subdirectory in the current working
directory.
mv source Move a file to a new location. This is mv ongoing/projects/proj completed/projects/proj
destination also the command used to rename an moves the proj file from /ongoing/projects to
existing file using a new name. When /completed/projects.
you move a file, permissions stay the
same (although you need the
permissions to move the file).
rm filename Delete a file. rm proj removes the proj file the system.
rm -f filename Delete a file without a warning rm -f proj immediately removes the proj file from the
prompt. system without prompting.
rmdir directory Delete a directory (the directory rmdir /projects -- Removes the projects directory from
must be empty). the system.
rm -r directory Delete a directory and its contents rm -rf completed/ removes the directory structure
(use the -rf switches together to beginning with the /completed directory.
delete without prompting). Take care rm -rf * removes all files without prompting (do not use
with this command because rm -rf* this command).
deletes all files in the system.
touch filename Change a file's timestamp. touch proj changes the access and modification times of
the proj file to the current time.
du path List files and file sizes in and below du -c /home/badams lists all files and directories in
Common the specified directory. badams' home directory along with a file size and a total
switches amount of space taken up by the directory.
include: du -c -s /home/badams shows the total amount of space
 -c list a total taken up in badams' home directory.
number for
the size
 -h display the
output in

41
 Human
readable
format
(bytes, KB,
MB, GB)

-s list only
the total,
not each file
df path List the free space in the partition df /home lists the free space on the partition that holds
holding the specified directory. (Use the /home directory.
the -h option to get human readable
output.)

You should also know the following facts about working with files:

 Hidden files (files not shown by the ls command) are files that start with a period.
 To show hidden files with the ls command, use the -a option.
 Commonly used commands often use aliases (an alias is a shortcut to a command). Two
common aliases are
o ll = ls -l
o la = ls -a
 You can set up command aliases of your own in .bash_profile file in your home directory. This
is one of several files that set the system configuration. .bash_profile executes after the
systemwide profile file, /etc/profile.
 To execute programs:
o Enter the executable name to run a program directly. (This only works for files that are
on your path.)
o Enter ./filename to run an executable when you are in a directory that is not on your
path.
o Enter the full pathname to the file to run an executable from anywhere.

42
 VII. Services.
Managing most services is done by executing a shell script that corresponds to
the service. Shell scripts are typically located in /etc/rc.d/init.d, although a symbolic link
pointing to this directory might also exist at /etc/init.d. Shell scripts contain a series of
actions to start, stop, and otherwise manage the service. The table below lists the most
common commands for managing services.
Use... To... Example
/etc/rc.d/init.d/servicename Run the shell script associated /etc/rc.d/init.d atd start
option with the service. The options
available depend on the shell /etc/rc.d/init.d atd restart
script. Most scripts include
the following options:
 start
 stop
 status
 restart
 reload
 * (shows a list of
available options)
service --status-all View the status of all services
Use this command as shown to get a list of service
status.
service servicename option Use the service command line service atd start
tool to manage services
(eliminates the need to type service atd restart
the service's full path).

 Package Manager Facts

A package manager is a software application that installs and maintains software. The package
manager maintains a database of software information that you can query to view installed software.
However, package managers don't allow users to compile the software as part of the installation process.

Two common package managers include:

 RPM--The Red Hat Package Manager is the most widely supported package manager.
 DPKG--Similar to rpm, the Debian Package Manager is designed to manage software for Debian Linux.
It offers functionality equal to rpm, but it is not as widely supported or distributed.

43
  Package Manager Commands
The table below lists the most common rpm commands.

Use... To... Example

rpm option(s) Install a software package. rpm -ih mozilla-1.7-
filename.version.architecture.rpm 0.2.0.i386.rpm installs the
Common installation options: Mozilla Web browser and
 -i install mail reader.
 -v verbose
 -h hashmarks (to show progress)
rpm -U filename.version.architecture.rpm Upgrade an existing software package. If rpm -Uh mozilla-1.7.2-
the software does not exist on the 0.2.0.i386.rpm upgrades
system, -U acts as the -i option. the Mozilla Web browser
and mail reader with the
newer file.
rpm -e filename Erase (uninstall) a software package. rpm -e mojo-2.8.3-
1.i386.rpm uninstalls a
Web-based mailing list
manager.
rpm -F filename Upgrade a package that is already rpm -F mojo-2.9.1-
installed on the system. If the package 1.i386.rpm locates the
doesn't exist on the system, rpm -F will package and upgrades it if
not install it. an older version is
currently on the system.
rpm -q filename Query the rpm database to find rpm -qi crafty-16.6 returns
Options that commonly follow -q: information about installed software information on the crafty
 -i info (detailed listing) packages. chess game.
 -l list package files
 -a all (show all installed packages)
rpm -qa | grep string Query the database for text that matches rpm -qa | grep
string. This is useful if you know part of voicecontrol returns
the file name of a software application. information on a voice
The | (pipe) parameter redirects the recognition software
results of the -qa options to the grep shell package.
command which filters out all information
that does not match string.
rpm -V package name Identify missing files in a package or rpm -V bash identifies any
package dependency. files missing from the bash
package.
Note: When using rpm to update software, you might get a message stating: cannot get shared lock on database. When you
update the rpm database, the program creates a lock on the database to prevent other processes from modifying the database at
the same time. To correct the error:
 Close any other programs that might be using the rpm database.
 Check for stale lock files (lock files that were not deleted properly) and remove them.

44
 VIII. Boot & Shutdown
A boot loader manages the loading of the operating system and allows you to
have multiple operating systems on a single system. Popular Linux boot loader utilities are:

 LILO (LInux LOader), the original Linux boot loader.

 GRUB (GRand Unified Bootloader), is a recent replacement that is gaining in popularity.

PCs use the following process to boot the system:

1. At startup, the BIOS verifies system hardware, then looks for a master boot record (MBR) on a valid
booting disk. Once located, it loads the first program in the MBR (this is the boot loader file).
2. The boot loader loads a small piece of code, then looks for the remaining boot loader code. This is the
first stage of the boot load process.
3. For LILO, the boot loader looks in the MBR for the additional boot information. With GRUB, it can look
on the /boot volume for additional boot information. The additional information includes a list of
possible operating systems recognized by the boot loader. This is the second stage of the boot load
process.
4. After the user has chosen the OS to boot to (or if only one is found), the boot loader locates and
begins loading the corresponding kernel. It also loads the initial RAM disk image (initrd) into memory
so the kernel can locate drivers needed to load the kernel.
5. With the kernel and initrd loaded, the boot loader passes control to the kernel.

LILO has a long history of stable operation, and it seems unlikely to be completely replaced by
GRUB. However, listed below are some reasons why GRUB has increased in popularity.

 GRUB provides an interactive command line during boot up that allows you to do the operations
below:
o View hardware configuration
o Find and view files
o Alter the GRUB configuration
o Boot a selected operating system
 GRUB offers a complete support system, including the following components:
o Web site
o Manual
o FAQ
o Bug tracker
o Developer mailing list
 GRUB can read the ext2 and ext3 filesystems (and not just the MBR), so it can read its configuration
file from the /boot partition instead of having to store such information on the MBR as LILO does.

45
  Shutdown Command and Facts.
Turning off the power without executing the proper shutdown procedure to a
computer can result in data loss and filesystem corruption. Linux provides several
different shutdown options. The table below shows common commands for shutting
down the system.
Use... To...
shutdown -h Shut the system down immediately.
now
halt or
init 0
shutdown –r Shut the system down immediately and reboot.
now
reboot or
init 6
shutdown -h Shut the system down in the designated amount of time. Examples:
time  shutdown -h +5 shuts the system down in five minutes.
shutdown –r  shutdown -h 22:00 shuts the system down at 10:00 pm.
time  shutdown -r +15 reboots the system in 15 minutes.
 shutdown -r 24:00 reboots the system at midnight.
shutdown -c Terminate the shutdown process. (You can also press Ctrl + c on the keyboard.)
shutdown -rf Reboots the system and skips the fsck utility on reboot (the -f parameter stands for fast). Example:
time  shutdown -r +15 reboots the system in 15 minutes and skips fsck.
shutdown -k Sends a warning message, but doesn't really shut down. If used in combination with -h or -r, it will
terminate the shutdown process after the message is sent.
shutdown -a The system uses the /etc/shutdown.allow file to verify who can shut down the system. The most
common use of this switch is to edit the /etc/inittab file and add the -a switch to the CTRL-ALT-DELETE
section. When the switch is present, if the shutdown.allow file exists, shutdown checks to see if a
listed user or root is logged on.
 If so, the system shuts down.
 If not, shutdown is not allowed.
 If the file does not exist, there are no restrictions on who can shut down the system.

When you use the shutdown command to power the computer off, the system does the following:

 Sends a SIGTERM message to open programs to allow them to close.

 Notifies logged on users that the shutdown process has initiated and the length of time before shut
down.
 Blocks users from logging into the system.
 Uses init and /etc/inittab to shut down processes and the system. The shutdown command executes
the shutdown process listed in inittab.

46
 IX. Networking.
Many of the network services you run on Linux are administered by xinetd, a
service known as a super server. A super server listens on behalf of other services to
start and stop them as necessary. Xinetd starts when the system boots up. Its
configuration file is /etc/xinetd.conf, and most of the daemons it manages are located
in the /etc/xinetd.d directory.

Xinetd has come to replace inetd in modern Linux distributions in large part
because it is more secure than inetd. For example, unlike inetd which depended on
tcpd to access hosts.allow and hosts.deny, xinetd does not to rely on external
programs to manage its security; it can access hosts.allow and hosts.deny directly.
Using xinetd, you can also place limits on incoming connections.

There are two ways you can enable services to be managed by the xinetd super
server. You can either add a section to the /etc/xinetd.conf file describing the service, or
you can create a file containing the service description in the /etc/xinetd.d directory.

The table below describes the most common network services.

Service Description Server Client Component Commands and Configuration

Component Files
Apache Used to serve Web pages to httpd Web browser (Mozilla /etc/httpd/conf/httpd.conf is
Web computers across a network. is a popular Linux Web the main configuration file.
server browser) /var/www holds WWW and
proxy cache files.
BIND Provides name resolution named Any application that /etc/named.conf
DNS services. needs to resolve zone files are stored in the
server domain names /var/named directory
nslookup
dig
DHCP Dynamically assigns IP dhcpd dhcpcd /etc/dhcpd.conf
addresses and other TCP/IP dhclient
configuration information to pump (to manage
network hosts. client connections)

47
FTP Used to transfer files ftpd ftp from the /etc/ftpaccess
across networks. command line
Web browsers
GUI clients
NFS Network file service allows nfsd mount /etc/exports
Linux systems to share files command to exportfs -r command to export the share
across a network access data on to the network users
storage
devices
NIS A centralized user database ypserv ypbindNIS uses multiple files. For username and
for local network yppasswdd password information, it builds a special
authentication. ypxfrd database from your passwd and shadow
files. When you change your Linux users,
you must re-export them to NIS.
The /var/yp directory holds the NIS user
database files.
SMB/Samba Samba is the open source smbd and smb4k utility The /etc/samba directory stores samba
server message block nmbd to browse configuration files
(SMB) service. Windows computers  smb.conf (main configuration
uses SMB, so Samba allows and shares file)
integration of Linux and  smbpasswd (stores samba user
Windows file sharing. information)
smbmount to mount the smbfs file
system
smbpasswd -a name to associate Samba
users with established user accounts and
change user passwords.
Squid proxy Allows networked squid Generally a /etc/squid/squid.conf is the main
server computers to share one Web browser configuration file.
Internet connection /var/www holds proxy cache files.
SSH Secure shell provides opensshd ssh (remote /etc/ssh directory stores configuration
encrypted communication shell) files
(replaces telnet) scp (secure
copy)
sftp (secure
FTP)
RADIUS Provides centralized radiusd Clients /etc/radiusd
authentication and accessing the
accounting for remote server
access (dial-in) services. remotely

48
 SendMail Provides e-mail sendmail Multiple e-mail clients, /etc/sendmail.cf or /etc/mail/sendmail.cf
services. often integrated with a configures the server.
Web browser. /etc/aliases maps mail names to user names.
The .forward file in the user home directory
redirects incoming mail messages to other e-mail
addresses.
The /var/mail directory holds user mailbox files
(this might be a symbolic link to another
location).
Note: You can manage each service independently, or use the linuxconf tool. Linuxconf is a graphical tool
that lets you view and manage many different networking services in a single tool.

 NIS Facts

A common way to allow centralized logins is to set up an NIS server. An NIS server
allows you to coordinate common configuration files like /etc/passwd and /etc/shadow across
several Linux machines.

Use ypserv.rpm to install the NIS service. This packet installs the following daemons,
which are the core services to run an NIS server:
 ypserv
 yppasswdd
 ypxfrd

After you've installed the ypserv.rpm, use the following steps to configure the NIS
server:

1. Add the following line to /etc/sysconfig/network: NISDOMAIN=domain_name.

2. Start the NIS services. You can do this with one of the following sets of commands
at the command line:
o chkconfig daemon on (replacing daemon with ypserv, yppasswdd, or ypxfrd)
o /etc/init.d/daemon start (replacing daemon with ypserv, yppasswdd, or
ypxfrd)
3. Switch to /usr/lib/yp and run ./ypinit -m to create the yp database.
4. Add users to the local passwd file, then run make -C /var/yp to rebuild the yp
database from the /usr/lib/yp directory. You can also use the ypmake command.

49
 After setting up the NIS server and creating the yp database, you need to configure
client computers to use the NIS server for authentication. Use the following steps:

1. Run the Authentication tool from the GUI.

2. Identify the domain and NIS server.
3. Enter ypbind at the command line to start the NIS client.
4. Locate the NIS server by entering ypwhich at the command line.

 Remote Access and Administration

Not only can you have multiple users logged on to a computer at a time, you
can also log in to a computer over the network. This is useful in case you want to copy
files or manage the remote computer. Listed below are common tools that let you
connect to remote systems.

Tool Command Syntax Examples

Telnet telnet address telnet 192.168.1.12 opens a remote session with the server.
FTP (File ftp address ftp 192.168.1.13 opens an interactive FTP session with the server, allowing
Transfer you to transfer files.
Protocol)
SFTP sftp user@server sftp prowley@192.168.1.13 logs in using SSH and provides you a secure FTP
(Secure session.
FTP)
SSH ssh server ssh 192.168.1.12
(Secure ssh user@server ssh prowley@192.168.1.12 logs in and opens a secure remote session (similar
Shell) ssh -l user hostname to Telnet).
ssh -l tsampson my.network.com logs in to my.network.com as the user
tsampson.
scp scp source scp /sales/report prowley@192.168.1.12:/report securely transfers the report
(Secure user@server:destination file from the local system to the remote computer.
Copy)

When using Telnet to connect to a remote computer, you cannot log in as the
root user. Instead, log in as another user, then use the su command to switch to the
root user within the Telnet session.

The /etc/ftpusers file contains the names of users who do not have ftp login privileges.

50
  Networking Commands and Files
Linux uses the following files for network configuration information.
File or Directory Description
/etc/init.d/network Script file that loads and unloads networking services.
/etc/sysconfig/network- Network configuration file directory. In this directory, you'll find individual device
scripts configuration files by locating files named ifcfg-device_name (e.g., ifcfg-eth0). You can edit
these individual files to modify the following settings:
 Boot protocol (static, DHCP, or BootP)
 Autoconfiguration information
 IP Address, mask, and gateway (for static configurations)
/etc/hosts IP address-to-host name files used for name resolution. (A host name is also called a fully
/etc/resolv.conf qualified domain name or FQDN.) Entries in the /etc/hosts file need only two fields - the IP
address followed by the host name. Any entries after these two entries are either aliases,
or if preceded by a # sign, a comment about the entry.
/etc/hostname Holds the variables that define the host and domain names.

The table below shows common commands for configuring network settings.

Use... To... Example

service network option Starts, restarts, or stops networking service network start
services. service network restart
service network stop
ifconfig interface Create a static IP configuration. You ifconfig eth0 192.168.1.1 netmask
parameters can also start or stop a network 255.255.255.0 configures a static IP address
Common ifconfig interface with ifconfig. and subnet mask for eth0
parameters: ifconfig eth0 up starts the eth0 device
 address interface's (conversely, down stops the device)
IP address
 netmask interface's
subnet mask
 up activate
interface
 down deactivate
interface's
ifup interface Start a network interface. ifup eth1
ifdown interface Stop a network interface. ifdown eth1
route add options target Add or delete a static route for the route add default gw 192.168.1.1 eth1 adds
route del options target target. the default gateway 192.168.1.1 to eth1.

51
 Use the following commands to view network configuration information:
 Use ifconfig to view configuration information for network interfaces.
 Use route to view the routing table and the default gateway.
 Use arp to view the ARP cache (MAC address-to-IP address mappings).

X. Security
 User Account Security

Listed below are some recommendations to follow in securing user accounts:

 Use shadow passwords. Check for an x in the password field of /etc/passwd. If it is

not there, use pwconv to enable shadow passwords.
 Enforce password expiration to make users change their passwords periodically.
 Ensure complex passwords are used. Complex passwords:
o Contain six to nine characters (or more)
o Contain all of the following:
 Upper case letters
 Lower case letters
 Numbers
 Special characters (such as &, $, #, etc.)
 Alt characters (such as Æ, µ, £, etc.)
o Do not contain recognizable patterns (such as words)
o Do not contain personal information (such as the user name)
 Lock user accounts that will be inactive for a long period of time.
 Lock or delete user accounts that are no longer needed.
 Do not use the root user account for regular tasks. Use the su -c or sudo commands
to run commands as the root user, or switch to the root user to complete
administration tasks. Log out of the root user after completing all necessary tasks.

 Netwok Security Tools

Linux includes several tools that help you manage network security. The
following table lists several tool types with Linux examples.

52
Tool Type Linux Tool Description
Firewall ipchains (kernel
A firewall is a set of features that prevents or allows packets based on specific
2.2 and earlier)
traffic characteristics. For example, you can restrict traffic based on IP addresses or
iptables (kernel
TCP protocol. To protect a server or your network, you should only allow traffic that
2.4 and later) is necessary for the services on your network.
Port nmap A port scanner checks for open or closed ports on a computer. Network services
Scanner use ports to identify services running on a computer. To protect a server, make sure
that only the necessary ports are opened. For example, if the server is only being
used for e-mail, you should shut down ports that correspond to FTP, DNS, and HTTP
(among others).
Protocol Ethereal A protocol analyzer captures network packets and lets you examine their contents.
Analyzer You can capture all packets or only packets that match specific criteria. A protocol
analyzer helps you to understand traffic coming to and from a device.
Intrusion snort An intrusion detection system (IDS) is a set of features that is constantly monitoring
Detection PortSentry the system looking for attacks.
System RootKit Hunter Like a combined protocol analyzer and port scanner, snort is constantly monitoring
(IDS) Analysis network traffic, comparing it to a database of known problem traffic patterns.
Console When a problem is found, it can take specific actions or create a log of suspicious
activity.
PortSentry runs as a daemon on the host system, listening to TCP/UDP ports and
preventing scanning systems from connecting to the host system.
In addition to backdoors and local exports, Rootkit Hunter can identify any rootkit
packages have been loaded on your system.
Analysis Console can analyze logs files (standard or custom) and databases to
detect signs of intrusion.

Another way that you can control network services access is by editing the
following two files and identifying networking services by daemon name and network
hosts by IP addresses or aliases.

XI. Troubleshooting
 Configuration Files and Directories

A big part of Linux administration is editing configuration files viewing other files
to gather system information. The following table lists many of the files and directories
you've learned about in this course.

53
File or Directory Contents/Purpose
/etc/inittab System initialization file that controls the runlevel and the services started at boot.
/etc/rc.d Directories that hold files related to daemons that are started by the inittab file.
/etc/rc.d/init.d init.d holds script files that launch services.
/etc/rc.d/rc0.d rc0.d corresponds to a runlevel and holds links to scripts to start and stop services upon
entering the runlevel.
/etc/shutdown.allow File that identifies users who can shut down the system.
/etc/fstab Files that identify volume mounts. fstab identifies volumes to mount at boot. mtab
/etc/mtab identifies currently-mounted volumes.
/mnt Directories that are used to create mount points to volumes.
/media
/dev Directory that holds device files that are used to configure and access system resources.
/etc/crontab Files that identify scheduled tasks. The main crontab file launches the other files listed.
/etc/cron.daily
/etc/cron.hourly
/etc/cron.weekly
/etc/cron.monthly
/etc/passwd User and group database and password files.
/etc/shadow
/etc/group
/etc/gshadow
/etc/X11/XF86Config XWindows configuration files.
/etc/X11/xorg.conf
/etc/lilo.conf LILO boot loader configuration file. After editing this file, be sure to run the lilo command
to write changes to the appropriate location.
/etc/grub.conf GRUB boot loader configuration files. The location of the file depends on your distribution.
/boot/grub/grub.conf
/boot Directory that holds files needed for the boot process. Most notably, the compiled kernel
is usually in this directory.
/etc/modules.conf Files that identify kernel modules loaded at system startup. The file used depends on the
/etc/conf.modules distribution.
/etc/modprobe.conf
/etc/profile System-wide profile script that runs for all users immediately after login.
/etc/bashrc System-wide script that is used for aliases and functions. Runs after the /etc/profile script.
/etc/sysconfig/network- Directory that holds files for network configuration.
scripts
/etc/hosts Local files used for name resolution.
/etc/resolv.conf
/etc/inetd.conf Main network configuration file. This file controls starting and stopping networking
/etc/xinetd.conf services. Which file is used on your system depends on the distribution.

54
/etc/hosts.allow Files that identify users who can or cannot use network services.
/etc/hosts.deny
/proc Virtual file system that holds information about the current system state. View (and in
some cases edit) files in this directory to view and modify the current system state.
/var/log Directory that holds system messages and events.
/var/log/dmesg Common files that record the majority of system messages.
/var/log/messages
/var/log/boot.log
/var/log/boot.messages
/tmp/install.log
/root/install.log
/var/spool Directory that holds spool files used for printing, mail, cron, and other jobs.

 Network Troubleshooting
The following table compares some of the tools you can use to troubleshoot
network communication problems.

Use... To...
ifconfig Show status of each network adapter:
 MAC address
 IP address and mask
 Broadcast address
 Transmit and receive statistics
ping Test connectivity between two devices ping will keep going, must manually stop it
traceroute Test connectivity between devices, show the path between the two devices
netstat Incoming and outgoing connections. Sessions, ports, and sockets. Who is connected. (Used with
the -a option, netstat also shows all listening and non-listening ports.
netstat –r Show the routing table, which includes the default gateway.
route
nslookup Resolve IP address from the host name. dig shows expanded output.
dig
service network Restarts all networking services on the computer.
restart
ifup interface Start or stop a network interface. Use the ifconfig -a command to get the IP configuration (IP
ifdown interface addressing information) for the network interface.
host Retrieve the IP address and other information for a FQDN/host name from a DNS server.

55
 When a network problem happens, the first step is to identify the affected
users or computers. If the problem is isolated to a single computer, the problem is with
the computer configuration, the network connection, or user error.

 Try to ping other computers to see if the computer has connectivity to any other computer.
 If ping to any other host fails, check the link light on the NIC. If the light is on, the computer
has electrical connectivity to the network.
 Use ifconfig to verify the IP configuration information
 If ping works, but the user can't access servers on the network, the problem might be user
error in login. Verify the correct user name and password is used. Make sure CAPS lock isn't on
(passwords are case sensitive).
 If ping works, try contacting the computer by hostname. If nslookup or dig fails, troubleshoot
name resolution services.
 Try it with your own user account. If you can connect, troubleshoot user error or examine
resource permissions.

If multiple users on the same network are having the same problem, narrow
the scope of the problem.

 Is the problem with accessing a single host or server? If so, troubleshoot the destination
device.
 Is the problem with accessing any outside network? If so, check the routers connecting you to
other networks.
 Is the problem with accessing specific destination networks? If so, run traceroute to identify
the spot in the path where the problem starts.

If all users are having troubles connecting to a specific service (such as a file server):

 Ping the destination server.

 If ping fails, troubleshoot the server or the connection. Make sure the server is turned on,
check the hardware connection, and validate the IP configuration.
 If ping succeeds, this means the server can be contacted. However, the service might not be
responding. Verify that the daemon for the service has been started.
 If the service is running, the firewall might be blocking ports used by the service. Verify the
firewall settings and open ports as necessary.
 Check permissions or other access controls for users or groups of users.

56