1.

UNIX/Linux OS Introduction

1.1. Introducing Linux

Linux is the core, or kernel, of a free operating system first developed and released to the world by
Linus Benedict Torvalds in 1991. Torvalds, then a graduate student at the University of Helsinki,
Finland, and now a engineer with the CPU design company Transmeta, Inc., fortuitously chose to
distribute Linux under a free software license named the GNU General Public License (GPL).

Using Linux is a good idea for a number of reasons. These reasons include
⚫ There is little or no cost on a “per seat” basis. Unlike commercial operating systems Linux has
no royalty or licensing fees, and a single Linux distribution on CD-ROM (DVD) can form the
basis of an enterprise wide software distribution, replete with applications and productivity
software.
⚫ Linux, in conjunction with its graphical interface, the X Window System, has worked well.
The fact that UNIX is ready for the consumer desktop is now confirmed with the introduction
of Apple Computer’s BSD UNIX-based MacOS X.
⚫ Linux is fast, stable, scalable, and robust. Latest version of the Linux kernel easily supports
multiple-processor computers (optimized for eight CPUs).
⚫ Linux provides a royalty free development platform for cross-platform development. Because
of the Open Source development model and availability of free high-quality development
tools, Linux provides a low-cost entry point to budding developers and tech industry startups.
⚫ Big-player support in the computer hardware industry from such titans as IBM now lends
credibility to Linux as a viable platform. IBM has pledged to enable Linux on the company’s
entire line of computers, from low-end laptops through “Big Iron” mainframes. New corporate
customers are lining up and using Linux as part of enterprise-level computing solutions.
1.1.1. Disadvantages of Linux
⚫ There are far too many different distributions (but similarities in the different
distributions)
⚫ Linux is not very user friendly and confusing for beginners Is an Open Source
product trustworthy?

1.2. Introducing SUSE Linux

Figure 1 – SUSE Linux Logo

SUSE (poperly pronounced /zuzə/, but typically pronounced /suzi/) is a major retail Linux
distribution and is produced in Germany, but is now currently owned by Novell, Inc.

Page 1 / 121
 History
SUSE Linux was originally based on Slackware Linux; In mid-1992, Softlanding Linux System
(SLS) was founded by Peter McDonald, which was the first comprehensive distribution to contain
elements such as X and TCP/IP. The Slackware distribution (maintained by Patrick Volkerding)
was initially based in large parts on SLS.

S.u.S.E was founded in late 1992 as a UNIX consulting group, which among other things regularly
released software packages that included SLS and Slackware, and printed UNIX/Linux manuals.
They released the first CD version of SLS/Slackware in 1994, under the name S.u.S.E Linux 1.0.
It later integrated with the Jurix distribution of Florian La Roche (also based on Slackware), to
release the first really unique S.u.S.E Linux 4.2 in 1996.

The name "S.u.S.E.", later shortened to just "SUSE", was originally an acronym for the German
phrase "Software- und System-Entwicklung" ("Software and system development"). The company
is now simply called SUSE LINUX, and "SUSE" does not officially stand for anything any more.

On November 4, 2003, Novell announced it would acquire SUSE Linux (Shankland, 2003). The
acquisition was expected to be finalized in January 2004 (Kennedy, 2003). According to Ramesh
(2004), J. Philips (Novell's corporate technology strategist for the Asia Pacific region) stated that
Novell would not "in the medium term" alter the way in which SUSE continues to be developed.
At Novell's annual BrainShare gathering
(http://www.novell.com/brainshare/) in 2004, all computers ran SUSE Linux for the first time. At
this gathering it was also announced that the proprietary SUSE administration program YaST2 (Yet
another Setup Tool) would be released into the public under the GPL license.

Administration Program (YaST2)

SUSE includes a unique installation and administration program called YaST2 which handles
online updates, network and firewall configuration, user administration and more in an integrated
interface. SUSE includes the desktop environments KDE and GNOME in addition to window
managers like Window Maker and Blackbox that are more light-weight. The distribution includes
support for resizing NTFS partitions during installation which allows for SUSE Linux to more
easily co-exist with existing Windows 2000 or XP systems. Another addition is the ability to detect
and install drivers for many common winmodems shipped with OEM desktop and laptop systems
(such modems are designed to use Windows-specific software to operate).

1.3. Preparing to Install SUSE Linux

Proper preparation and planning before considering a SUSE Linux installation can pay big
dividends later on. After choosing to deploy Linux, it is time to take a hard look at how to deploy
the new operation system.

Page 2 / 121
⚫ Hardware Requirement
SUSE Linux can be installed on a wide variety of hardware. This includes legacy platforms up to
the latest workstations, rack-mounted systems, and multi-processor servers available from the
entire tier of computer hardware vendors. Small, medium-sized, and even largescale deployments
of SUSE Linux are available through a number of companies such as IBM, which offers hardware,
software and service solutions (with more than 200 software solutions for clustering application
alone). It is always a good idea to check for compatibility and extensively explore options before
on boards with a specific vendor.

⚫ Partitioning
Partitioning your hard drive for Linux can be done during installation. Partitioning your hard drive
to accept Linux requires some forethought. At the very least, Linux requires a native Linux partition
and a swap partition. The SUSE Linux installer can automatically create and use a partition scheme
if Linux will be the only resident operation system.

The simplest partitioning scheme would be a single Linux native root partition and swap partition.
A single-drive system with 10GB storage and 128MB RAM, the scheme might look like this:

Table 1 – Simple Partition Scheme

Hard Drive Partition Mount Point Size
/dev/hda1 Swap 256MB
/dev/hda2 / 9.74GB

However, on a system that is being designed for expansion, greater capacity, or the capability to
host additional software or users, additional partitions can be used to host various parts of the Linux
file system. Some candidates that should be separate partitions or even file systems include

Table 2 – Linux File Systems Hierarchy

Directory Descriptions
/home Users will store hundreds upon hundreds of megabytes of data under their
directories. This is important data, perhaps even more so than the system
itself. Using a separate partition (on a different volume) can make sense.
Browsed email messages will be stored in the user’s directory.
/opt As the home directory for additional software packages, this directory can
have its own partition or remote file system
/tmp This directory can be used as temporary storage by users and services. This
directory should always have some space to run the system.
/usr This directory can become quite large if additional software is added,
especially on a workstation configuration. Using a separate partition can
make sense. This directory is not often changed.

P
age 3 / 121Lecturer EZE Herbert O.
/var Placing this directory (or perhaps some of its subdirectories) on a separate
partition can be a good idea, especially because security logs, mail, and print
spooling takes place under this tree.
/media Mount point for removable media. Previously this directory was /mnt, but
the Filesystem Hierarchy Standard (FHS) version 2.3 has announced the new
file system hierarchy on 29 Jan 2004, and SUSE has adopted it.
/srv Data directory for www and ftp servers. This is also according to the FHS
2.3
/etc Configuration files will be stored in this directory. This directory should be
back upped.
Swap Swap space is not a directory but it is a necessary partition. Traditionally the
swap partition is assigned a double amount of its memory size.

Figure 2 - Linux File Systems Hierarchy

1.4. Planning – Hardware

Though many factors exist to determine how well a computer system will perform, the hardware
occupies large part. Old and less hardware generally slow down the system. The hardware for a
Linux system deeply determines how it will perform.

Hardware elements

Page 4 / 121
Hardware can be divided into some elements in terms of panning:- 1. CPU
type
2. RAM size
3. Type, IRQ, I/O address, DMA, motherboard, PCI/AGP, external peripherals.
4. Suitability
5. Compatibility – Is your part of hardware supported by the version of Linux that you are
installing?

HCL (Hardware Compatibility List)

Each Linux distributor guarantees its distribution with specific hardware, and makes its information
available on the web. For the openSUSE Linux system, the hardware compatibility list is reported
on its homepage located at, http://en.opensuse.org/Hardware_requirements

1.4.1. Minimal acceptable Hardware

It is said that Linux can make used of old computer parts that were thrown away. However tough
Linux was originally designed to install on an 80386 with as little as 4MB of memory, planning
anything to work with only 4MB of memory is irrelevant in theses days. Important thing is to check
whether your hardware fulfils the minimum requirements for the type of Linux systems that will
be configured.

Provided that the system load remains not high, the minimal acceptable hardware by intended usage
is as listed on Table 3, otherwise they may be insufficient if the system load becomes unusually
high.

Table 3 – Minimum requirement of hardware for openSuDe 12.2

Part of Requirement
hardware
CPU Pentium* III 500 MHz or higher processor (Pentium 4 2.4 GHz or
higher or any AMD64 or Intel64 processor recommended)
RAM GB physical RAM (2 GB recommended)
Swap > 64MB Swap space
Disk 3 GB available disk space for a minimal install, 5 GB available for a
graphical desktop (more recommended)
other Booting from CD/DVD drive or USB-Stick for installation, or support
for booting over network (you need to setup Preboot Execution
Environment PXE1 by yourself, look also at Network install) or an
existing installation of openSUSE, more information at Installation
without CD

1
PXE allows your client computers to boot and install a Linux distribution over the network, without the
need of burning Linux iso images onto a CD/DVD, boot floppy images, etc.
P
age 5 / 121Lecturer EZE Herbert O.
1.4.2. Specialised Hardware
There are other items that system administrator should consider in planning a highperformance
system.

(1) Symmetric Multiprocessing

Symmetric Multiprocessing (SMP) allows sharing the processor’s workload across up to 16
processors in a single computer in theory, but actually, x86 architecture support up to 8 processors.
SMP contributes significant speed up programmes, or systems that support SMP though, only
multi-threaded programmes benefits from SMP.

Multi-threading is the process of cloning processes to split load within a programmes into separate
processes that can be routed to routed to separate processors in an SMP system. If the system is
always busy CPU load, it is likely to reduce the load by introducing SMP system. On the other
hand, if the system is slow on account of slow disk drive, and CPU load is not very high, SMP
model may not be benefited.

(2) RAID
RAID (Redundant Array of Independent Disks, originally redundant array of inexpensive disks is
a storage technology that combines multiple disk drive components into a logical unit. Data are
distributed across the drives in one of several ways called "RAID levels", depending on the level
of redundancy and performance required.
Disk I/O could be a bottleneck for Linux computer system that requires high performance in that
Disk access is measured in millisecond, on the other hand, RAM in nanosecond. You may consider
installing RAID in terms of fault tolerance, and fast disk access. RAID is Redundant Array of
Independent Drives (or Disks), also known as Redundant Array of Inexpensive Drives (or Disks).
There are several different levels of RAID. Linux supports RAID 0, RAID 1, and RAID 5.
⚫ RAID0: Disk stripping. It is intended to improve disk access performance, not fault tolerance.
Data is stripped across multiple disks (from 2 to 32 disks), and is simultaneously read from
multiple drives.
① Disk stripping
② Good for creating large logical disk
③ Faster performance than single hard disk
④ If one disk fails all data is lost
⑤ All disk have to be identical
⚫ RAID1: Disk mirroring & duplexing. This is intended to improve fault tolerance, and not
performance. The same data is stored in two disks. Writing data tends to be slow as two copies
must be written. Raid 1 requires at least 2 disk drives. If one dist fail entire data is safe.

Page 6 / 121
 Server A A

B = B

C C

D D
Mirroring

Figure 3 – RAID2

RAID5: In addition to the data stripping, the parity bits are also splits over all disks in the array.
RAID 5 array can withstands a single disk failure. Writing speed is slow as single write
operation requires old data, and parity to be read from each disk, the new parity to be
calculated, and new data and parity to be written to each disk in the array. However, reading is
quite fast in that data is read from striping across multiple disks. Raid 5 requires at least 3 disk
drives.

Parity
generation

Server
A0 B0 C0 0 Parity

A1 B1 1 Parity D0

A2 2 Parity C2 D1

3 Parity B3 C3 D2

A Blocks B Blocks C Blocks D Blocks

Figure 4 – RAID5

1.5. Planning – Miscellaneous

of users’ computer environment.

⚫ DVD
⚫ CD-ROM
⚫ Network

2
.5.1. Installation method
Though there are some differences among distributions the installation method in slightly different
among Linux distributions offer some kind of installation methods to meet majority
P
age 7 / 121Lecturer EZE Herbert O.
1.5.2. Disk layout
For the disk layout, at least two mount points are necessary.
⚫ The root ( / ) mount point
⚫ The swap mount point
The size of swap point is usually twice as large as that of RAM.

You can create more mount points. To do so, create disk partitions, locate a directory in them. The
next example shows that a HDD divided into several partitions.

srv1:~ # df
Filesystem 1K-blocks Used Available Use% Mounted on
devtmpfs 1016456 0 1016456 0% /dev tmpfs
1024088 0 1024088 0% /dev/shm tmpfs
1024088 2428 1021660 1% /run
tmpfs 1024088 0 1024088 0% /sys/fs/cgroup
/dev/sda3 24635392 6608648 17749368 28% /
/dev/sda3 24635392 6608648 17749368 28% /var/lib/mailman
/dev/sda3 24635392 6608648 17749368 28% /.snapshots
/dev/sda3 24635392 6608648 17749368 28% /var/log
/dev/sda3 24635392 6608648 17749368 28% /var/tmp
/dev/sda3 24635392 6608648 17749368 28% /var/cache
/dev/sda3 24635392 6608648 17749368 28% /var/spool
/dev/sda3 24635392 6608648 17749368 28% /var/opt
/dev/sda3 24635392 6608648 17749368 28% /var/lib/named
/dev/sda3 24635392 6608648 17749368 28% /boot/grub2/x86_64-efi
/dev/sda3 24635392 6608648 17749368 28% /usr/local
/dev/sda3 24635392 6608648 17749368 28% /tmp
/dev/sda3 24635392 6608648 17749368 28% /var/lib/pgsql
/dev/sda3 24635392 6608648 17749368 28% /var/lib/mariadb
/dev/sda3 24635392 6608648 17749368 28% /var/lib/machines
/dev/sda3 24635392 6608648 17749368 28% /opt
/dev/sda3 24635392 6608648 17749368 28% /var/lib/libvirt/images
/dev/sda3 24635392 6608648 17749368 28% /srv
/dev/sda3 24635392 6608648 17749368 28% /var/crash
/dev/sda3 24635392 6608648 17749368 28% /var/lib/mysql
/dev/sda3 24635392 6608648 17749368 28% /boot/grub2/i386-pc
/dev/sda4 36147976 122408 36025568 1% /home
tmpfs 204820 0 204820 0% /run/user/481
tmpfs 204820 12 204808 1% /run/user/0

1.6. During Installation Process

Page 8 / 121
Regardless of the installation type (DVD, CDROM, network, etc) a minimal version of a Linux
kernel is used. Once small set of kernel is loaded, it initializes, and performs some hardware checks.
Then the installation starts. The computer must have a valid IP address of itself as well as IP address
of FTP/NFS server address from where the installation files will be loaded.
During the installation process, multiple virtual terminals (VTY) are available:
⚫ Ctl+Alt+F1: Console Terminal
⚫ Ctl+Alt+F2: Shell prompt
⚫ Ctl+Alt+F3: System messages
⚫ Ctl+Alt+F4: Install log
⚫ Ctl+Alt+F7: Install dialogue

P
age 9 / 121Lecturer EZE Herbert O.
Exercise 1 – Installing and using SUSE Linux

⚫ Partition Design1
Design a partition of your newly installing server. The server will be a mail server (smtp,
pop, and imap). There will be 100 users and each user will have a 100MB mail quota.
Software will be at least 4GB under /usr. The server has a 80GB RAID 5 volume and 1GB
memory.
Disk Partition Size
RAID 5 device1 Swap
/var
/usr
/
/home

⚫ Partition Design2
Design a partition of your newly installing server. The server will be a proxy server. The
requirement of proxy cache space is 10GB. The server has two 40 GB SCSI hard disks and
512MB memory.
Disk Partition Size
SCSI 1

⚫ Partition Design3
Design a partition of your newly installing server. The server will be a web and ftp server.
The web and ftp contents will be 1GB. There will be 100 users and Individual user also
will have a 100MB disk quota for mail and web. The server has a 80GB RAID 5 volume
and 1GB memory.
Disk Partition Size
RAID 5 device1

⚫ Partition Design4
Page 10 / 121
Design the partition of your exercise computer. The server will serve as a mail, smtp, imap,
www, and ftp server. Answer how many users the existing computer can handle.

Disk Partition Size

P
age 11 / 121Lecturer EZE Herbert O.
Page 12 / 121
2. Architecture of OS UNIX

2.1. UNIX Layers

As is illustrated in Figure 5 UNIX consists of three parts:

⚫ Kernel
⚫ Shell
⚫ Programmes/Utilities
Although operating system usually regarded with all three layers, strictly speaking,
programmes/utilities are not part of the operating system. Programmes/Utilities that come with the
operating system is a supplement to standard UNIX command, then makes the system more useful
to the user, but only the kernel and the shell are truly the operating system.

Users

Utilities
Shell

Kernel

The Operating System

Hardware

Figure 5 – UNIX Layers

2.1.1. Kernel
The kernel is the core of operating system, presenting a virtual machine interface to user process.
Processes are written without needing any knowledge of what physical hardware is installed on a
computer. Instead the kernel abstracts all hardware into a consistent virtual interface. The kernel
provides low-level services:
⚫ Access to hardware (I/O)
⚫ Memory management Process management
⚫ Inter process management
⚫ Virtual file system switch

P
age 13 / 121Lecturer EZE Herbert O.
 User level programmes

Programmes

System Call Interface

Inter process
Virtual File system communication Advanced Network
Management Service (socket)

Process
Memory Manager
Schedular
Virtual File system
drivers TCP/IP protocol drivers

IDE Disk USB Disk

driver driver Ethernet card driver

Kernel

Hardware

Hardware

Figure 6 – Kernel sub-system

2.1.2. Shell
A UNIX shell provides the user interface for the UNIX operating system. Shell runs by the login
process. Shell interprets user commands, executes them and returns to the shell. Shell can be
customized through shell environment variable.
There exist a number of shell registers in /etc/shells, The main difference is the amount of built-in
functionality. You can select one of shells using chsh, or passwd –s command. Environment
variable, “echo $SHELL” shows current shell you are using. Below are well known shell:-

⚫ Bourne shell (sh)

It is written in Bell Laboratory in 1977. At first it was distributed with Version 7 UNIX. C
shell (csh)
It is written for the BSD UNIX system, derived from the predecessor, "the Bourne shell" C like
syntax.

Page 14 / 121
⚫ Bourne-again shell (bash)
This is the default shell on most Linux systems. Written in 1987 by Brian Fox in 1990, it is a pun
on the Bourne shell (sh), which was an early, important UNIX shell. The Bourne shell was the shell
distributed with Version 7 Unix. TENEX C shell (tcsh)
It is based on and compatible with the C shell (csh). It is essentially the C shell with (programmable)
filename completion, command-line editing, and a few other features.

2.2. User Management

UNIX is multi user operating system. It is necessary to differentiate between the users so as to keep
the file system private, or assign the right permission, and what ever.
Each user is given an account: set of files which is usually stored in the user home directory,
resources, and information belonging to a user.

2.2.1. /etc/passwd
The /etc/passwd file contains user account’s attributes.
⚫ Login name
⚫ Encrypted password
⚫ UID / GID (User ID / Group ID)
⚫ Home directory location
⚫ Default shell

Example:
….
root:x:0:0:root:/root:/bin/sh
…
user1:x:1000:100:User1:/home/user1:/bin/bash
user2:x:1001:100:User2:/home/user2:/bin/bash
The UID of a super user (root account) is 0.

2.2.2. /etc/group
Group information is stored in /etc/group.
⚫ Group name
⚫ Password (rarely used)
⚫ GID (Group ID)
⚫ List of members GECOS (Generic Electric Comprehensive Operating SysteM0
⚫ Home directory location
⚫ Default shell

P
age 15 / 121Lecturer EZE Herbert O.
2.2.3. Dot files
Start-up files begin with a dot is ‘run command’ for short. They are used by various programmes
(command line based and graphical) such as the shell, editors. Global dot files exist under /etc/skel.
Also to establish user specific environment, dot files are located in each user’s home directory. The
below are some typical dot files.

Table 4 – Common start-up files and their use

Command Dot file name Typical use (set the following values)
bash .bashrc command alias, search path, umask value,
cdpath for filename searches, prompt, history
.bash_profile terminal type, environment variables
sh .profile similar to .bashrc and .bash_profile for sh
vi .exrc vi editor options
emacs .emacs emacs editor options
startx .xinitrc initial X11 environment

2.2.4. Account Management Utilities

There are some command line utilities in relation to managing users, and groups.
useradd, usermod, userdel, passwd : operate on the /etc/passwd file groupadd,
groupmod, groupdel : operate on the /etc/group file

useradd is mostly used command. To create a new user “user1”, simply type,
# useradd user1 –m –g users
The option –m create home directory, and –g option specify the group.
Then, following entry will be added in /etc/passwd. This default value was derived from
/etc/default/useradd.
user1:x:1005:100::/home/user1:/bin/bash

The default values can be overridden by specifying additional values. In the next example, primary
and secondary group, home directory location and default shell are specified.

# useradd –c "User1" –d /home/writer/user1 –g lecture –G famous –s /bin/tcsh -m user1

Then this command created the following passwd entry:

user1:x:1005:100:User1:/home/writer/user1:/bin/tcsh

To change own password

# passwd
Changing password for root.
New Password:
Page 16 / 121
Reenter New Password:
Password changed.

To change a user’s password

# passwd user1
Changing password for user1.
New Password:
Reenter New Password:
Password changed.

2.3. File System

Most of the hard disks are mounted automatically. When you boot Linux, all Linux partitions
residing on hard disk that are listed in the /etc/fstab file are typically mounted.

To see file system types that are currently available to be used on the system, type,
# cat /proc/filesystems

Table 5 shows the file system types that are supported in Linux.

Table 5 – Supported File System Types

Type Description
cifs Common Internet File System (CIFS), the virtual file system used to access
servers that comply CIFS specification. CIFS is an attempt to refine and
standardize the SMB protocol used by Samba and Windows file sharing

ext3 Ext file systems are the most common in Linux systems. The ext3 file system
includes journaling features that compared to ext3, improve a file system’s
capability to recover from crashes.
ext2 The default filesystem type for earlier Linux system. Ext2 does not include
journaling features.
msdos An MS-DOS filesystem. You can use this type to mount floppy disks that come
from Microsoft OS
vat Microsoft extended FAT (VFAT) filesystem
reiserfs ReiserFS journaled filesystem. ReiserFS and ext3 are the most common
filesystem types used with Linux today.
swap Used for swap partitions. Swap areas are used to hold data temporarily when
RAM is currently used up.
nfs Network File System (NFS) type of filesystem. NFS is used to mount file
systems on other Linux or UNIX computers.

P
age 17 / 121Lecturer EZE Herbert O.
ntfs Windows NT filesystem. It is supported as a read-only file system. Readwrite
support is available but considered unreliable.

2.3.1. The organization of the file tree

File systems in the UNIX/Linux have never been well organized. Various incompatible naming
conventions are used simultaneously and different types of files scatters randomly around the
namespace. For example, some applications locate their configuration files in /etc directory, other
applications locate them in /usr/local/etc, or specific directory. Nevertheless, there is a culturally
correct place for everything. Some of important standard directories are listed in Table 6.

Table 6 – Linux System Directories

Path Contents
/(root)
/bin location of user command & utilities, which are binary files
/boot kernel and files needed to load the kernel
/dev device directory, device file, terminal
/home location of user ‘homes’
/lib Libraries that are used by various programs and languages.
/media mount points for removal media (new FHS)
/mnt used previously as mount points for removal media
/opt optional, add-on application software packages
/proc ‘process directory’ – files corresponds to running process
/root location of ‘home’ of user ‘root’
/sbin ‘system’ command
/srv Data directory for http and ftp servers
/tmp temporary or scratch
/usr application programmes, on-line manual pages, language
dictionary
/bin command and executable
/include Header files for C programmes
/lib libraries
/local software you compile and installed from source code
/sbin less essential commands for system administration
/share items that might be common for system administration
/src source code (non-local) software packages
/var log files, process ID, application programme’s configuration files
/log system log files
/etc system configuration files
/init.d location of start-up shell scripts
/rc1.d start-up-files for single user mode
/rc3.d start-up-files for multi user text mode

Page 18 / 121
 /rc5.d start-up-files for multi X11mode

2.3.2. Pathnames
The file system is presented as a single unified hierarchy that starts at the directory ‘/’ (root), and
continues downward through an arbitrary number of subdirectory. (The single unified hierarchy
differs from that used by Windows. Windows uses disk-specific name space)

Pathname is represented with list of directories, and a file name. Pathname can be absolute (
/var/log/apache2/access_log ), or relative ( apache2/access_log ). Relative pathnames are
interpreted starting at the current directory.

⚫ The current directory is symbolised one dot .

⚫ The parent directory is symbolised two dots .. The home directory is
symbolised one tilde ~ pwd command lists current directory.

A command entered without path indication will be searched among directories specified in PATH
environment variable.
The list of directories, and file name form ‘pathname’ that must be locate a particular file, together
with its filename, forming a “pathname”

2.3.3. File Permission

The chmod command changes the permission of a file. Only the owner of the file and superuser
can change its permission.
# chmod 'access-control' file(s)

▪ u(user), g(group), o(others), a(all) Octal Binary Perms Octal Binary Perms
▪ +(add), -(remove), =(exact) ▪ 0 000 --- 4 100 r--
r(read), w(write), x(execute) or octal 1 001 --X 5 101 r-X
digit listed right 2 010 -W- 6 110 rW-
3 011 -WX 7 111 rWX

Example:
# chmod 754 Script
This is equal to
# chmod u=rwx,g=rx,o=r Script

This will add group write permission to myDir and all its contents
# chmod –R g+W myDir
P
age 19 / 121Lecturer EZE Herbert O.
chmod 700 myCabinet/

2.3.4. File Ownership

The chown command change a file’s, or directory’s ownership, and group ownership. To change a
files’ group, you must wither owner of the file and belong to the group, or super user. To change
owners of files, you must be the super user (root).
# chown new-owner files(s)
# chgrp new-group files(s)

As well as chmod, chown with –R flag changes the settings of a directory, and all the files
underneath.
# chmod 755 ~user1
# chown –R user1:users ~user1
These commands might be used to set up a new user’s home directory.

2.3.5. umask: Default permission umask is a build-in shell internal command that influences the
default permissions of the files when they are created. Specify the permission that you do not allow
in the argument of umask.
# umask 023
This will give a new file with permission ‘rwxr-xr--‘ (754 permission).
Usually it is provided for a suitable default in the shell initial dot file ( .cshrc, or .profile ) with
umask. (777 – 022 = 755)

2.3.6. inode
There are three aspects to a file. It contains data, it has attributes (access permissions, ownership,
etc), and it has one or more names. These three things are stored in different places in the filesystem.
A file’s data is stored within a disk partition. A file’s attributes are stored in a data structure called
an inode (originally short for “intermediate node”). Each file has one inode, which contains,
⚫ The file’s type (regular file? directory? device file? and so on)
⚫ The file’s access permissions, owner, and group
⚫ The file’s timestamps – time of last access, time of last modification, and time of last status
change
⚫ Pointers to where this file’s data blocks are
⚫ A count of the number of links to this inode

Page 20 / 121
You can see inode by ls command with -i option
# ls –i

2.3.7. Mounting and Un-mounting file systems

All file systems are logically contained within the root directory / (root), regardless of their physical
location. The system mounts / (root), and unmount / (root) (usually /mnt).
To mount the file system,
# mount [-t type] [device] directory [-o options]

To mount a CD Drive
# mount –t iso9660 /dev/cdrom /media/cdrom
Or just
# mount /dev/cdrom /media/cdrom

To mount an ISO file

# mount /tmp/openSUSE.iso /mnt/suse -o loop

To mount NFS file system

# mount –t nfs 192.168.0.2:/srv/ftp /mnt/ftp

To mount Microsoft Windows Network, as known as, Server Message Block (SMB), Common
Internet File System (CIFS), or Samba server.
# mount -t cifs //192.168.0.2/share /mnt/share -o username=guest,password=guest

To un-mount the file system,

# unmount directory

To verify the mounted filesystem,

# df

2.3.8. Using fstab File to Define Mountable File Systems

/etc/fstab file contains reference to frequency mounted file system. Also, simplify the mount
command usage.

P
age 21 / 121Lecturer EZE Herbert O.
/dev/hda1 swap swap defaults 00
/dev/hda2 / ext3 acl,user_xattr 1 1 proc
/proc proc defaults 0 0 sysfs /sys
sysfs noauto 0 0 debugfs /sys/kernel/debug
debugfs noauto 0 0 usbfs /proc/bus/usb
usbfs noauto 0 0 devpts /dev/pts devpts
mode=0620,gid=5 0 0 /tmp/openSUSE.iso /mnt/suse -o
loop defaults 00
192.168.100.2:/srv/ftp/ /mnt/ftp nfs ro 00
//192.168.0.2/share /mnt/smb cifs username=guest,password=guest 0 0

Table 7 – Format of fstab

Column Description
1 Identifies the partition. It is most commonly the device name.
2 The mount point for this partition. Normally this is an empty directory created

3 The filesystem type of this partition. The keyword auto in this field tells
mount to figure out the filesystem format for itself examining the partition.
4 The mount options for this partition. This is a comma-separated list of
options

5 The fifth field is used by the dump command (a utility for performing
incremental backups of a partition). A 1 in this field indicates that the
filesystem should be included by dump. This tool has largely fallen out of
use and the field has little meaning these days.
6 The sixth field is used by the file consistency check program fsck to
determine the order in which filesystem checks are done at boot time. The
root filesystem should have a value of 1

Table 8 – Mount options

Option Opposite Description
exec Noexec Allow files on this filesystem to be executed
rw Ro Mounts the filesystem with read/write access
defaults Use default settings.

If you modified the fstab, or some mount point failed due to some network problems for NFS,
CIFS, etc, the following command mounts according to the configuration of fstab.
# mount -a

2.3.9. Checking Files

(1) Displaying System Space with df
You can display the space available in your file systems using df command. To see the amount of
space available on all the mounted file systems on your Linux. To produce output in a more human-
readable form, use –h option.
Page 22 / 121
# df
Filesystem 1K-blocks Used Available Use% Mounted on
/dev/hda3 12901120 11161180 1084488 92% / udev
517652 116 517536 1% /dev
# df -h
Filesystem Size Used Avail Use% Mounted on
/dev/hda3 13G 11G 1.1G 92% / udev
506M 116K 506M 1% /dev

(2) Checking Disk Usage with du

To find out how much space is being consumed by a particular directory and its sub directories use
du command. Using –h option print sizes in human readable format (i.e. 1K, 2M, 3G).
# du -h /var/log/
96K /var/log/gdm
4.0K /var/log/apache2
1.1M /var/log/delegate-old
8.0K /var/log/smpppd
92K /var/log/cups
20K /var/log/audit
4.0K /var/log/news
4.0K /var/log/krb5
4.0K /var/log/apparmor/reports-archived
4.0K /var/log/apparmor/reports-exported
4.0K /var/log/apparmor/reports
16K /var/log/apparmor
4.0K /var/log/samba
336K /var/log/squid
8.0K /var/log/quagga
97M /var/log/YaST2
146M /var/log/

Using –s option summarize the display only a total for each directory.
# du -sh /usr/*
12M /usr/X11R6
221M /usr/bin
12K /usr/etc
3.1M /usr/games
16K /usr/i586-suse-linux
130M /usr/include
1.5G /usr/lib
47M /usr/local
44M /usr/sbin
1.6G /usr/share
P
age 23 / 121Lecturer EZE Herbert O.
300M /usr/src
0 /usr/tmp

(3) Search for files in a file system with find

Find file named core in or below directory /
# find / -name core –print

Find file named with a wildcard, it should be enclose the pattern in quotes.
# find /usr/local/src -name '*.c' -print

Find files which is more than 100M file size in or below directory /home
# find /home -size +100M –print

Find files owned by username (or numeric user ID) in or below directory /
# find / -user username –print

(4) Search for files in a file system with locate

By installing the findutils-locate package, files can be found quickly by the file name. This tool
creates the filesystem database which is updated daily. When you install the package, the database
is not created. The first time, or when you want to update the database, execute as,
# updatedb

Find files by filename as,

# locate filename

2.4. Virtual Terminal

A terminal refers to the input/output device attached to a computer. That is a primary devices used
by users to interact with Linux. As for virtual terminal, it refers to multiple independent logical
terminals multiplexed over one physical terminal. Each virtual terminal has its own device file.

Users can access it by pressing CTL+ALT+ F1 to F7. Usually virtual terminal 1 to 6 is textbased
terminals, and virtual terminal 7 is the graphical terminal. Mingetty’s responsibility is to create
and manage a text-based terminal.

In addition to virtual console keystrokes, the Linux console also recognizes the three-fingered
salute Ctrl+Alt+Del. And while using the console, you can also get the screen to scroll. This is
down by using Shift+PageUp or Shift+PageDown..

Page 24 / 121
The Linux console also supports an available pointing device for copy and paste operations. This
support is through the gpm (general purpose mouse server), which must be enabled or started while
booting Linux. To copy a section of text, click and drag text with the left mouse button (button 1)
held down. To paste text, click an insertion point and then press the middle mouse button (button
2).

2.5. X Server

The Linux windowing system uses client/server architecture. The server component is called the X
server. The client components may run on the local machine, or may be remote.

2.5.1. X Server Configuration

OpenSUSE includes an X server configuration tool called sax2. You can run this from YaST,
[Hardware], and [Graphics Card and Monitor].

SaX2 edits the main X server configuration file, /etc/X11/xorg.conf. This is a plain text file, but
you really cannot edit it by hand.

2.5.2. X Server Troubleshooting

If the screen is completely garbled, press Ctrl-Alt-Backspace to terminate the X server. If it insists
on trying to restart, press Ctil-Alt-F1. This should bring you to a command-line login on a virtual
terminal, which does not use X.

You might need to temporary set the default run level to 3, but for the time being, edit the file
/etc/inittab and edit,
id:5:initdefault:
P
age 25 / 121Lecturer EZE Herbert O.
To
id:3:initdefault:

You may prefer to switch to run level 3 temporarily with the command
# init 3

Now you can try starting SaX2 from the text-based login
# sax2

If the X server fails to start, try looking in the log files /var/log/SaX2.log and /var/log/Xorg.0.log
for a clue as to what went wrong. In the Xorg.0.log file, look for lines tagged with the string “EE”.

If SaX2 will not start, use following command. This will attempt to create a configuration file
automatically without bringing up a graphical user interface.
# sax2 -a

This will bring up the user interface in low resolution (800x600) mode.
# sax2 -l

This will force re-initialization of the hardware detection database.

# sax2 -r

Hopefully, one of these strategies will result in a working X server.

2.6. Process

A process is the abstraction used by UNIX to represent a running programme.

A programme is invoked when a command is issued. While the programme is running it is called a
process. When the operating system is started after a boot, a single process is started. This process
is the parent of all subsequent processes. Each process created on the system has a unique number,
PID.
When you login to the system a process is started to run your shell program. Any processes that are
started from within your shell - such as entering a command - are the children of this process. A
process can have many children, but only one parent.

2.6.1. Process type

Processes can be classified in terms of how they are invoked.

Page 26 / 121
 Table 9 – Process types
Process type Meaning
Terminal A forked process invoked from a shell prompt during login
/shell process session
Batch process A process usually invoked cron. It is not associated with login
session.
Daemon process It is invoked at startup-time by its startup-scripts, and continues
running, httpd, dhcpd, squid, etc
Kernel process

2.6.2. Process State

Also, processes can be classified in terms of their states as listed in Table 10.

Table 10 – Process states

Process State Meaning
Runnable The process is allocated some CPU time slices and is executing
Sleeping The process is waiting for something to happen such as input from a
device. It does not consume any CPU time, but it occupies address
space (memory)
Stopped The process has been halted before it exited normally
Zombie A process is no longer active, but resources are allocated to this process

2.6.3. Fork, exec, and init

The fork and exec are used by an existing process to create a new process.

The fork system call creates a copy of the original process. Given a unique PID (Process ID), the
new process (child process) inherits the environment of the original process (parent process), and
keeps parent process’s ID (PPID).

The exec system call creates a new process by overwriting an original process, therefore, PID
remain the same. After a fork, the child process often uses one of the exec system calls to begin
execution of a new programme.

init is one of the processes that the kernel automatically starts at system boot. Having PID 1, init
is responsible for executing the system’s start-up scripts. All processes except processes that the
kernel creates are descendants of init.

Example
# ls

P
age 27 / 121Lecturer EZE Herbert O.
⚫ Shell call fork system call, then creates a child process
⚫ The child process exec ls
⚫ the parent process, the shell wait the end of ls

# exec ls
⚫ shell exec ls command
⚫ shell’s process information is overwritten by ls command’ information. The PIDs of shell and
ls remain the same.
⚫ Therefore, after the end of ls command, shell also finished.

2.6.4. Checking Process by ps Command

Linux provides tools for listing running processes, monitoring system usage, and stopping (or
killing) processes when necessary.

The ps command is used to see which programs are running. In this example, the –a option to show
processes of all users who are associated with the current terminal, and the –u option asks that
usernames be shown, as well as other information such as the time the process started and memory
and CPU usage.
# ps au
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 5102 0.0 0.1 4276 1912 pts/0 Ss+ 20:14 0:00 -bash root
5968 0.0 0.1 4276 1912 pts/1 Ss 20:21 0:00 -bash root 6149
0.0 0.0 2484 856 pts/1 R+ 20:27 0:00 ps au

Table 11 – Columns of ps command

Column Description
USER The USER column shows the name of the user who started the process
PID Each process is represented by a unique ID number as a process ID (PID).
%CPU The %CPU column shows the percentages of the processor that the process is
consuming.
%MEM The %MEM column shows the percentages of the random access memory that
the process is consuming.
VSZ The VSZ (virtual set size) shows the size of the image process (in kilobytes)
RSS The RSS (resident set size) shows the size of the program in memory
STAT The STAT column represents the state of the process, with R indicating a
currently running process and S representing a sleeping process.
START The START shows the time the process began running, and TIME shows the
cumulative system time used.

To show all processes running in the background.

# ps aux | less

To show all processes with parent process ID (PPID),

Page 28 / 121
# ps alx | less

To kill (stop) a process by PID,

# kill 1234
This kills process 1234.

To kill process by name

# killall processname

2.7. Boot process

2.7.1. Overview
Understanding the boot process is vital for system administration. In general, the boot process
undergoes the following procedures:-

a. BIOS loads a boot programme from MBR on the first hard disk
b. The boot programmes loads kernel
c. The kernel initialize hardware and runs diagnostics
d. Then, the kernel forks init
e. init reads /etc/inittab, then launches start-up scripts

a-b)
When a computer is switched on, BIOS stored in ROM starts. BIOS loads a programme contained
in the first 512 bytes of the disk (MBR). This programme loads a secondary boot programme (grub,
or lilo) from a disk. The boot programmes starts from the first partition of the disk by default, but
Linux provides nicer MBR (grub, lilo) so that the computer enables multiple operating system.
After the MBR sets the partition to boot from, MBR loads the boot loader specific to the partition,
then the kernel is loaded.

c)
The boot programme allows the user to pass arguments, such as hardware specific information, root
partition location. Also some other boot programme’s configuration file can be found in
/boot/grub/menu.lst.
Kernel executes the initialization scripts, which check file system, mount local disks, assign
page/swap areas, or clean up pages.

d-e) init switches the default run level, then executes startup-scripts under /etc/init.d. Start-up
scripts are responsible for starting or stopping processes, or service. Startup scripts use
configuration information from files located under /etc/sysconfig directory

P
age 29 / 121Lecturer EZE Herbert O.
2.7.2. GRUB menu / configuration sample

Figure 7 – GRUB menu sample

If you want to start as a single user mode (runlevel 1) for emergency or some maintenance, enter
“1” at the [Boot Options] textbox.
2.7.3. Login and Shutdown
After rebooting your PC, you will be able to log in to a Linux session. If X11 was not configured
during the installation, you will log in at a text-based login prompt, If you configured X and enabled
a graphical login, the screen will clear after SUSE Linux boots, and you will be presented with a
graphical login screen.

To login, type root or appropriate username and press Enter, type in the password and press Enter
to start using Linux. If you use a graphical login, you can use the shutdown or reboot menus in the
dialog box to shut down or reboot our system. To shutdown your system from the command line
of a text-based session, use the shutdown command with its –h or halt option and the keyword now
or the numeral 0. You can also use other aliases.

Table 12 – Shutdown and Reboot Commands

Shutdown command Reboot command
# halt # reboot
Page 30 / 121
 # shutdown –h now # shutdown –r now
# shutdown –h 0 # shutdown –r 0
# telinit 0 # telinit 6

2.8. RUN level and Service

init defines 7 run levels. Each run level represents a distinct system service.
⚫ Level 0: system is shut down
⚫ Level 1: single-user mode
⚫ Level 2: multi-user mode - user can define
⚫ Level 3: multi-user text based login
⚫ Level 4: not-used – user can define
⚫ Level 5: multi-user with xdm
⚫ Level 6: reboot

Single-user mode is usually used for maintenance, like Windows safe mode. It does not supply
network service, does not start any daemon. The main usage for the single-user mode is to root
password recovery in that it does not require root password entry by default for many Linux
distributions except openSUSE.

/etc/inittab defines commands when the system enters each level as well as default run level. In
this case, the system runlevel is 3. You can hand-edit this entry if you wish.
# The default runlevel is defined here id:3:initdefault:

Following commands show the current runlevel

# who -r
run-level 5 May 9 12:54 last=S
Or
# runlevel
N5

Following commands switch run-level to x

# telinit x
Or
# init x

2.8.1. Control Boot-time Service Startup init executes the system startup scripts. They are shell
scripts interpreted by shell (/bin/sh,
/bin/bash, /bin/tcsh, or what ever). Master copies of the startup scripts are under the /etc/init.d
directory. Each script starts, or stops a daemon, or definite feature of the system, recognising start
P
age 31 / 121Lecturer EZE Herbert O.
and stop argument. A run level specific startup script is located under /etc/init.d/rcX.d, where X is
the run level, but it is not a script file, but a symbolic link of which name is preceded a capital S(for
“start”), or K(for “kill”), followed by a number. The number designates the order of start, or stop.
When the system starts, it runs startup scripts that start with S in ascending order with the argument
start. When the system halts, it runs startup scripts that start with K (for “kill”) in descending
numerical order with the argument stop.

You can start the server by three different ways, but the result is the same
# /etc/init.d/squid start
For convenience, openSUSE places symbolic links to these scripts in /usr/sbin
# rcsquid start
Or you can also start as,
# service squid start

Each of scripts at /etc/init.d takes an argument to specify its action; the arguments shown in Table
13 are supported by most scripts

Table 13 – Startup script arguments

Argument Meaning
Start Start the daemon
Stop Stop the daemon
Restart Equivalent to stop followed by start
Reload Signal the daemon to reload its configuration file
Status Report status (at minimum, reports whether the daemon is running)

For example, you can use these scripts as shown in this sequence
# /etc/init.d/sshd start
Starting SSH daemon done
# /etc/init.d/sshd status
Checking for service sshd running
# /etc/init.d/sshd stop
Shutting down SSH daemon done
# /etc/init.d/sshd status
Checking for service sshd running

The utility chkconfig can be used to manipulate and interrogate the Slinks and Klinks from the
command line.

Page 32 / 121
 Table 14 – Using chkconfig command
Command Description
chkconfig --list Display the settings for all services at all runlevel

chkconfig --list sshd Display the settings for the sshd service
chkconfig sshd on Enable sshd at its default runlevels
chkconfig sshd 5 Enable sshd to start at level 5 only
chkcondig sshd off Disable sshd
chkconfig --del sshd Delete S link and K link of sshd
chkconfig --add sshd Add S link and K link of sshd

You can see the S link and K link arrangement for sshd with a wildcard,
# ls -l /etc/init.d/rc?.d/*sshd lrwxrwxrwx 1 root root 7 Feb 25 22:17
/etc/init.d/rc3.d/K17sshd -> ../sshd lrwxrwxrwx 1 root root 7 Feb 25 22:08
/etc/init.d/rc3.d/S09sshd -> ../sshd lrwxrwxrwx 1 root root 7 Feb 25 22:17
/etc/init.d/rc5.d/K17sshd -> ../sshd lrwxrwxrwx 1 root root 7 Feb 25 22:08
/etc/init.d/rc5.d/S09sshd -> ../sshd

The two digit numbers in the link names are used to control the order in which the scripts are
executed. This is important, because if service A depends on service B.

The each master script at /etc/init.d places within the script a set of comment lines that specify
which run levels this service is supported to run at, and what services it depends on. For example
of /etc/init.d/sshd
### BEGIN INIT INFO
# Provides: sshd
# Required-Start: $network $remote_fs
# Required-Stop: $network $remote_fs
# Default-Start: 3 5
# Default-Stop: 0 1 2 6
# Description: Start the sshd daemon
### END INIT INFO

The Default-Start line describes which run levels to enable the service in. It will also look at the
Required-Start and Required-Stop lines to figure out where in the startup and shutdown order the
S links and K links should be placed.

2.9. vi Editor

P
age 33 / 121Lecturer EZE Herbert O.
The vi editor is available on every Unix and Linux system. It works on character terminals, without
a graphical user interface, and it is fast and powerful once you get to know it. Figure 8 shows the
three major modes of vi and shows a few of the command availavle in each mode.

Start

Command Mode i, a, A,... Insert Mode

Most editing operations such as deleting and The characters you
searching are done in command mode. Most use type are entered into
single-character commands. ESC the edit buffer.

: Newline

Bottom Line Mode

Most commands that require arguments use this
mode, i.e. global search and replace, write buffer to
file, go to given line number. The command is
terminated by a newline.

Figure 8 – Operating modes in vi

Table 15 – vi Commands
Command Description
Movement
h,j,k,l Left, down, up, right
^, $ Start, end of current line
Ctrl+b Scroll backwards one page
Ctrl+f Scroll forwards one page
Ctrl+u Scroll backwards half a window
Ctrl+d Scroll forwards half a window
:n Go to line n
nG Go to line n. If no count is given, the end of the file
Insert Mode
I Insert before cursor
A Insert after cursor
A Append to end of line
I Insert at start of line
O Open a line below current line
O Open a line above current line
Replacing Text
C Change to he end of the line from the current cursor
position
Cw Change the current word
Cc Change the current line
Page 34 / 121
 S Change the entire line
R Replace one character
Search
/pattern Search for pattern, forward from current position. Use
backslash “\” for special characters.
N Repeat the search in the forward
N Repeat the search in the backward
:%s/pattern/to_pattern/g Substitute. All occurrences are substituted.
Copy, Delete, Paste
U Undo the last change
Yy “Yank” (copy) the current line into the paste buffer
P Paste the buffer before the current cursor position
X Delete the character under the cursor
Dd Delete the current line (and put it in the paste buffer)
D Delete to end of line
. Repeat the previous change at the new cursor position
Miscellany
ZZ Save the file and exit
:wq Save the file and exit (same as ZZ)
Ctrl+g Show the current filename and the status
:q! Quit the editor, abandoning any changes
:w file Save to the specified file

2.10. How to get information

Linux documentation is spread over a number of sources, some of which are installed on your
system.
⚫ Books
⚫ Distribution specific documents (/usr/local/doc)
⚫ Electronic guides
⚫ HOWTOs: (http://www.tldp.org) – Good starting point
⚫ Manual pages (man pages)

● man pages
Man pages documents are traditional ‘on-line’ documentation. This document is installed in the
directories /usr/share/man/manX, were X is a digit 1 through 9. That is a section. The Linux man
pages are divided into nine sections.
Table 16 – Section of Linux man pages
Section Contents

P
age 35 / 121Lecturer EZE Herbert O.
 1 User-level commands and applications
2 System Calls and Kernel error codes
3 Library calls
4 Device drivers and network protocols
5 Standard file format
6 Games and demonstrations
7 Miscellaneous files and documents
8 System administration commands
9 Obscure kernel spec and interfaces

The man pages are normally compressed with gzip to save space. (The man command knows how
to uncompress).
The man command searches a number of different directories to find the manual pages. manpath
command shows the search path. If necessary, you can set MANPATH environment variable to
overwrite default path. You can also set the system-wide default in /etc/manpath.config. man
command with section number shows man page specific to the section, For example,
‘man 5 crontab’ shows how to setup crontab table. On the other hand, ‘man crontab’ ( same as
‘man 1 crontab’) tells you about crontab command. Thus, unless you specify section number, man
searched the topic from section 1, and then shows the result.

‘man –k keyword’’ prints a list of man page that have keyword in their one-line summary.
# man –k memory ( same as ‘apropos memory’ )
PerlIO::scalar (3pm) - in-memory IO, scalar IO pmap
(1) - report memory map of a process vmstat
(8) - Report virtual memory statistics
ipcrm (8) - remove a message queue, semaphore set or shared memory id

Page 36 / 121
Exercise 2 – Linux Administration

1.Create users
Create users on your Linux box
User Name Password Group
trainee1 trainee1 trainees
trainee2 trainee2 trainees
trainee3 trainee3 trainees

P
age 37 / 121Lecturer EZE Herbert O.
3. Basic of using Linux

3.1. Using the Console

SUSE Linux supports the use of virtual consoles or terminals. This means that you can log in, run
a program, and then jump to another login prompt, login, and start another session.

To jump to another console while using Linux in text-based mode, login and then press Alt+F2
(you will be using the first virtual console, or vt1 by default). You should then see another login
prompt. Log in, and you are then using vt2, the second Linux console. Jump back and for the
between sessions by using the Alt key plus the F key number of the desired session. The only caveat
when using virtual consoles in that there is a default limit on the available number (usually six) and
there might be one or more active X Window sessions (occupying vt7 by default or vt8).

In addition to virtual console keystrokes, the Linux console also recognize the three-fingered salute
Ctrl+Alt+Del. And while using the console, you can also get the screen to scroll. This is down by
using Shift+PageUp or Shift+PageDown..

The Linux console also supports an available pointing device for copy and paste operations. This
support is through the gpm or general purpose mouse server, which must be enabled or started
while booting Linux. To copy a section of text, click and drag text with the left mouse button (button
1) held down. To paste text, click an insertion point and then press the middle mouse button (button
2).

3.2. ls – List contents of directories

You can quickly examine the layout of a Linux file system by using the list directory contents
command, ls, like this;

$ ls /
bin dev home media opt root srv tmp var boot etc lib mnt proc
sbin sys usr

In addition to the name of each file, print the file type, permissions, number of hard links, owner
name, group name, size in bytes, and timestamp.

$ ls -l total
3
-rw-r--r-- 1 guest users 8 Aug 4 15:56 file1
-rw-r--r-- 1 guest users 8 Aug 5 15:57 file2
-rw-r--r-- 1 guest users 8 Aug 4 15:57 file3

Page 38 / 121
Sort directory contents by timestamp instead of alphabetically, with the newest files listed first.

$ ls -lt total
3
-rw-r--r-- 1 guest users 8 Aug 5 15:57 file2
-rw-r--r-- 1 guest users 8 Aug 4 15:57 file3
-rw-r--r-- 1 guest users 8 Aug 4 15:56 file1

3.3. cd – Change Directory

Use the cd command to navigate through the Linux file system. This command is generally used
with a specific directory location, or pathname like this:

$ cd /usr/X11

The cd command can also be used with several shortcuts. For example to quickly move up a
directory, use the cd command like this:

$ cd ..

To return one’s home directory from anywhere in the Linux file system, use the cd command like
this:

$ cd

3.4. cp - Copy Files

cp file1 file2 – Copies file 1 and create file2

$ ls file1 file2
file3
$ cp file1 file4
$ ls
file1 file2 file3 file4

3.5. mv - rename files

mv [options] source... directory

$ ls file1 file2 file3 file4

P
age 39 / 121Lecturer EZE Herbert O.
$ mv file4 /tmp
$ ls
file1 file2 file3
$ cd /tmp
[guest@linux /tmp]$ ls
file4

mv [options] source dest

$ ls
file1 file2 file3 file4
$ mv file4 file5
$ ls
file1 file2 file3 file5

3.6. rm - remove files

rm file(s) – Delete file(s)

$ ls file1
file2
$ rm file2 $ ls
file1

rm –fr – Deletes directory (regardless of contents inside)

$ rm –fr /tmp/testdir

3.7. mkdir – Make Directories

$ ls file1
$ mkdir directory
$ ls -lt total
2
drwxr-xr-x 2 guest users 1024 Aug 5 11:40 directory/
-rw-r--r-- 1 guest users 8 Aug 4 16:04 file1

3.8. cat - concatenate files and print on the standard output

cat filename
Outputs contents of filename to display
Page 40 / 121
$ cat file1
101 3people 2-DK
102 none 1-room
201 2people 2-DK
202 4people 3-LDK

3.9. less – Allows scrolling while reading contents of files

less filename
$ less /etc/services

3.10. grep - print lines matching a pattern

grep [-cvn] pattern [file1 file2 ...]

$ cat file1
101 3people 2-DK
102 none 1-room
201 2people 2-DK
202 4people 3-LDK

$ cat file2
301 4people 4-DK
302 3people 3-LDK
401 none 2-DK
402 2people 2-DK

$ grep LDK *
file1:202 4people 3-LDK file2:302
3people 3-LDK

3.11. Introduction to Text Editor (vi)

This is an introduction to vi, a text editor that is available on almost all Unix machines. This is what
you use to create a file or to change the contents of a file.

To start up vi, use the command 'vi filename', where filename is the name of the file that you want
to change. If you want to create a new file, you can just say 'vi newfilename', where newfilename
is the name that you want to give the file.

The tricky part about vi is that it has two modes, insert mode and command mode. When you are
in insert mode, all you can do is type text, which will go directly into the file wherever your cursor

P
age 41 / 121Lecturer EZE Herbert O.
is. When you are in command mode, you can do everything else, including moving the cursor,
searching, and setting options.

To move from insert mode to command mode, use the [ESC] key. If you forget to do this and end
up with a ':wq' or something else that you don't want at the end of your line, just backspace over
the characters that you don't want, then hit [ESC]. If you hit [ESC] when you are already in
command mode, the terminal will beep at you, but it won't do anything to your file. When in doubt,
hit [ESC].

To move from command mode to insert mode, use the i, a, o, or O command as described below.
There are a few others, but those are the most common.

To use the following commands, you must be in command mode:

Cursor Movement:
A handy thing about these commands is that you can type a number first, and the editor will do
the command that many times. For instance, h moves the cursor one character to the left, and
12h moves the cursor twelve characters to the left. You shouldn't see the number or command
that you type, by the way. If you do, you are in insert mode; you should backspace over the
number and press the [ESC] key, then try again.

h - moves cursor one character to the

left j - moves cursor one line down k -
moves cursor one line up
l - moves cursor one character to the right

^f - moves cursor one screen forward

^d - moves cursor a half screen down
^b - moves cursor one screen backward
^u - moves cursor a half screen up

^ - moves cursor to the beginning of the line

$ - moves cursor to the end of a line

w - moves cursor one word forward, with punctuation and braces as new words W
- moves cursor forward to the next word
b - moves cursor one word backward, with punctuation and braces as new words
B - moves cursor backward to the next word

numberG – Jump cursor into the number of line

G – Jump cursor into the end of the file

Page 42 / 121
/pattern - searches for pattern and moves the cursor there
?pattern - searches backwards for pattern and moves the cursor there

Deleting Text:

x - deletes the character the cursor is on X - deletes

the character to the left of the cursor dd - deletes
the entire line the cursor is on

d followed by a cursor movement command deletes that much text. For instance, w moves the
cursor forward a word, and dw deletes to the end of the word. The 5h command moves the cursor
five characters to the left, and the d5h command deletes five characters to the left.

Inserting Text:
These commands may seem a little confusing at first. The i command means that everything you
type until you hit [ESC] will be inserted to the left of the cursor. In other words, this command
leaves you in insert mode with the insertion point to the left of where the cursor was when you hit
'i.'

i - inserts text to the left of the cursor (leaves you in insert mode) a - appends
text to the right of the cursor (leaves you in insert mode) A - appends text at the
end of the line (leaves you in insert mode) o - opens new line under the line the
cursor is on (leaves you in insert mode) O - opens new line above the line the
cursor is on (leaves you in insert mode)

⚫ How Do I Get Out Of This Thing, Anyway?

When you hit the colon (:), you will see it at the bottom of the screen (unless you are still in insert
mode, in which case you should back up over it and press [ESC], then try again). You will see
anything you type after the colon at the bottom of the screen. After commands that use a colon, you
have to hit the key.
:q! - exits without saving changes :w - write changes
:wq - write changes, then quit

⚫ Line Number Commands

This is useful for programmers
^g - shows what line you are on at the bottom of the

3.12. Working as root

The root, or superuser account is a special account and user on UNIX and Linux systems. When
logged in as root, you have total control over your system. This includes the ability to destroy a
P
age 43 / 121Lecturer EZE Herbert O.
running system. Linux comes with a command named su that allows you to rune as root and then
return you to normal user status. You can recognize whether normal or root user by prompt, as $
normal or # root.

$ su – root Password:
#

The only time you should run Linux as the superuser is when booting to run level 1, or system
maintenance mode. This is most often done for filesystem or system configuration repair and
maintenance. Logging in and using Linux as the root operator is not good idea, and defeats the
entire concept of file permissions, discussed next.

3.13. Permissions

Under Linux operating system, everything in the file system, including directories and devices, is
a file. And every file has a set of permissions. These permissions from the basis for security under
Linux and consist of a series of fields designating read, write, and execute permission assigned to
every file. You can examine the permissions for a particular file (if you have read access) by using
the ls command’s long-format listing like this:

$ touch file
$ ls –l file
-rw-r--r-- 1 user1 users 0 2004-11-03 17:29 file

In this example, the touch command is used to quickly create a file. The ls command then reports
on the file showing permissions, owner, group, size, and create (or modification) date. Under Linux,
permissions are grouped by owner, group and others, with read, write, and execute permission
assigned to each, like so:

Owner Group Others rwx

rwx rwx

These permissions can also be represented by base 8, or octal values, with read permission=4, write
permission=2, and execute permission=1. In the previous example for the file named file, the
owner, user1, has read and write permission, as does any member of the group named users. All
other users may only read the file. In octal notation, the file has a permission setting of 664
(read+write, read+write, read-only).

Directories are also files under Linux. For example, again use the ls command to show permissions
like this:

Page 44 / 121
$ mkdir foo
$ ls –ld foo
drwxr-xr-x 2 user1 users 48 2004-11-03 17:36 foo

In this example, the mkdir command is used to create a directory. The ls command and its –ld option
is used to show the permissions and other information about the directory. Here you can see that
the directory has permission values of 775 (read+write+execute, read+write+execute,
read+execute).

The chmod command is used alter a file’s permissions, and uses various forms of command syntax,
such as octal or a mnemonic form (such as u,g,o, or a and rwx, and so on) to specify a desired
change. Although either form can be used, octal is easy to use quickly after you visualize and
understand how permissions are numbered.

For example, to modify a file’s permissions so that only you, the owner, can read and write, the use
chmod command a file permission of 600, like this:

$ chmod 600

P
age 45 / 121Lecturer EZE Herbert O.
3.14. Managing Services

3.14.1. Linux Run Levels

The init command uses the Linux system initialization table, or /etc/inittab to boot Linux to a
specific system state or runlevel. These runlevels, in which various services might be in effect or
not, are defined in /etc/inittab. The SUSE Linux runlevels are defined as

# runlevel 0 is System halt (Do not use this for initdefault!)

# runlevel 1 is Single user mode
# runlevel 2 is Local multiuser without remote network (e.g. NFS)
# runlevel 3 is Full multiuser with network
# runlevel 4 is Not used
# runlevel 5 is Full multiuser with network and xdm
# runlevel 6 is System reboot (Do not use this for initdefault!)

The default entry, or initdefault line /etc/inittab determines what system state to boot SUSE Linux
to. For example,

Id:3:initdefault:

In this example, SUSE Linux will be booted to a full multiuser with network mode.

As the master control file for system startup, /etc/inittab and its corresponding system of symbolic
link used to control system services can be managed by various graphical and nongraphic
administrative tools. SUSE Linux graphical tool YaST can be used to control the action of a service
at a particular runlevel.

SUSE Linux also offers a manual configuration of boot services. Use the chkconfig command to
display, diagnose, or change the starting or stopping of system services (as available under
/etc/rc.d/init.d) in each runlevel. For example, to list all services that will be turned on in runlevel
3, you can pipe the output of chkconfig through the frep command like this:
# chkconfig -list | grep '5:on'
alsasound 0:off 1:off 2:on 3:on 4:off 5:on 6:off coldplug 0:off
1:on 2:on 3:on 4:off 5:on 6:off cron 0:off 1:off 2:on 3:on
4:off 5:on 6:off cups 0:off 1:off 2:on 3:on 4:off 5:on 6:off
fbset 0:off 1:on 2:on 3:on 4:off 5:on 6:off hotplug 0:off
1:on 2:on 3:on 4:off 5:on 6:off hwscan 0:off 1:off 2:on 3:on
4:off 5:on 6:off isdn 0:off 1:off 2:on 3:on 4:off 5:on 6:off kbd
0:off 1:on 2:on 3:on 4:off 5:on 6:off network 0:off 1:off 2:on
3:on 4:off 5:on 6:off nfsboot 0:off 1:off 2:off 3:on 4:off 5:on
6:off nscd 0:off 1:off 2:off 3:on 4:off 5:on 6:off portmap
0:off 1:off 2:off 3:on 4:off 5:on 6:off postfix 0:off 1:off 2:off
Page 46 / 121
3:on 4:off 5:on 6:off powersaved 0:off 1:off 2:on 3:on 4:off 5:on
6:off random 0:off 1:off 2:on 3:on 4:off 5:on 6:off resmgr
0:off 1:off 2:on 3:on 4:off 5:on 6:off smbfs 0:off 1:off 2:off
3:on 4:off 5:on 6:off splash 0:off 1:on 2:on 3:on 4:off 5:on
6:off splash_early 0:off 1:off 2:on 3:on 4:off 5:on 6:off splash_late
0:off 1:off 2:on 3:on 4:off 5:on 6:off sshd 0:off 1:off 2:off
3:on 4:off 5:on 6:off syslog 0:off 1:off 2:on 3:on 4:off 5:on
6:off xdm 0:off 1:off 2:off 3:off 4:off 5:on 6:off xinetd
0:off 1:off 2:off 3:on 4:off 5:on 6:off

The chkconfig command can be used to reassign start or stop values for each runlevel and each
service. However, this feature should only be used cautiously because it is possible to render a
system temporarily unusable. (You can boot Linux to single-user mode to attempt a fix). For
example, to start network time protocol (ntp) (controlled by the xntpd script under /etc/rc.d/init.d/),
use chkconfig like this:

# chkconfig xntpd on

You can then verify this action by again grepping chkconfig’s output like so:

# chkconfig –list | grep xntpd

xntpd 0:off 1:off 2:off 3:on 4:off 5:on 6:off

(1). Starting and Stopping Services

There are several ways to manually start or stop services or to change runlevels while using Linux.
To quickly manage a service (as root), call the service’s /etc/rc.d/init.d name on the command line
with an appropriate keyword, such as start or stop.

# /etc/rc.d/init.d/xntpd start
Starting

3.15. Managing Software using RPM

The Red Hat Package Manager (RPM) is used for installing, erasing, upgrading software on SUSE
Linux. You also can use YaST graphical tool for managing packages however the background is
still using RPM.

1. Installing
# rpm -ivh foo-1.0-1.i386.rpm
foo ####################################

P
age 47 / 121Lecturer EZE Herbert O.
2. Do not do a dependency check before installing
# rpm -ivh --nodeps foo-1.0-1.i386.rpm

3. Install the packages even if they replace files from other, already installed, packages.
# rpm -ivh --replacefiles foo-1.0-1.i386.rpm

4. Install the packages even if some of them are already installed on this system
# rpm -ivh --replacepkgs foo-1.0-1.i386.rpm

5. Allow an upgrade to replace a newer package with an older one.

# rpm -ivh --oldpackage foo-1.0-1.i386.rpm

6. Force (Same as using --replacepkgs, --replacefiles, and --oldpackage)

# rpm -ivh --force foo-1.0-1.i386.rpm

7. Uninstalling
# rpm -e foo

8. Upgrading
# rpm -Uvh foo-2.0-1.i386.rpm
foo ####################################

9. Freshening
# rpm -Fvh foo-1.2-1.i386.rpm
foo ####################################
RPM's freshen option works for single packages or a group of packages. If you have just
downloaded a large number of different packages, and you only want to upgrade those packages
that are already installed on your system, freshening will do the job. If you use freshening, you will
not have to deleting any unwanted packages from the group that you downloaded before using
RPM.

# rpm -Fvh *.rpm

10. Show installed package's information

# rpm -qi packagename
# rpm -qip packagename-1.2.rpm

11. Show all installed files

# rpm -ql packagename
# rpm -qpl packagename-1.2.rpm

12. Show document file

# rpm -qd packagename
Page 48 / 121
# rpm -qpd packagename-1.2.rpm

13. Show configuration file

# rpm -qc packagename
# rpm -qpc packagename-1.2.rpm

14. List packages on which this package depends.

# rpm -qR packagename
# rpm -qpR packagename-1.2.rpm

15. List the package specific scriptlet(s) that are used as part of the installation and uninstallation
processes.
# rpm -q --scripts packagename
# rpm -qp --scripts packagename-1.2.rpm

16. Query package owning FILE

# rpm -qf FILE(full path)

17. Display the states of files in the package. The state of each file is one of normal, not installed,
or replaced.
# rpm -qs packagename

18. Show all installed packages

# rpm –qa
Or use less command for scrolling like this
# rpm –qa | less
Or sort and less command for browsing and scrolling like this
# rpm –qa | sort | less

3.16. Managing Users

As a practical matter for reasons of identification and accountability, regular users exist. Each user
has own username, password and permissions that can only be assigned by the superuser. The
ability to run programs and access files can be restricted for regular users, and the access is again
being determined solely by the superuser. All users have a user ID (uid), and a group ID (gid).

1. The su command
You become root and inherit root’s environment
$ su – #
By executing the following, you become that user and inherit the enfironment – a pretty handy tool:
$ su - <some other user>
P
age 49 / 121Lecturer EZE Herbert O.
To return the previous user’s identity, just type
# exit
This takes you to the previous user’s prompt
$

2. Managing groups
The groups are identified in /etc/groups. You can add a new group by groupadd command
# groupadd trainee
Delete group by groupdel command
# groupdel trainee

3. Managing users
Adding new users with the commands adduser and passwd (to change passwords) is simple to do
from the command line, and you can make it even more elaborate to make it do more for you.
Add the user newuser with the password panewuser in users group.
# adduser newuser –g users

Note: SUSE 9.1 does not create the home directory of the new user, so you can make as,
# mkdir /home/newuser
Change the owner of the directory as,
# chown newuser:users –R /home/newuser

To delete a user,
# deluser newuser
Delete the user’s directory and subdirectories if needed
# rm –fr /home/newuser

YaST also provide an interface of managing users

Exercise 3 – Installing and using SUSE Linux

Page 50 / 121
 Configure the network of the Linux
Trainee1 Trainee2 …
IP Address (Internal) 192.168.0.11/24 192.168.0.12/24 …
Host Name t1 t2 …
Domain Name test1.kg test2.kg …
Root user’s password training training …
After the completion of the configuration, test the connectivity by ping command.

Install Software
Install findutils-locate package

Create users
Create users on your Linux box
User Name Password Group
trainee1 trainee1 trainees
trainee2 trainee2 trainees
trainee3 trainee3 trainees

P
age 51 / 121Lecturer EZE Herbert O.
4. Bash

4.1. Bash Basics

4.1.1. Introduction The shell’s job is to translate the user’s command lines into operating system
instructions. Several layers of events take place whenever you enter a command, but we are going
to consider only the top layer, known as the shell. Figure 9 shows the relationship between user,
shell, and operating system.

Shell

Output UNIX
Operating
Input System

User

Figure 9: The shell is a layer around the UNIX operating system

Bash is the shell, or command language interpreter, for the GNU operating system. The name is an
acronym for the 'Bourne-Again Shell', the author of the direct ancestor of the current Unix shell
/bin/sh.

Bash is largely compatible with sh and incorporates useful features from the Korn shell ksh and the
C shell csh. It offers functional improvements over sh for both interactive and programming use.

While the GNU operating system provides other shells, Bash is the default shell. It currently runs
on nearly every version of Unix and a few other operating systems - independentlysupported ports
exist for MS-DOS, OS/2, and Windows.

4.1.2. Filename, Wildcards, and Pathname Expansion

The shell provides a build-in way to specify the pattern of a set of filenames without having to
know all of the names themselves. You can use special characters, called wildcards, in filenames
to turn them into patterns. Table 17 lists the basic wildcards.

Table 17: Basic wildcards

Wildcard Matches
? Any single character
* Any string of characters
Page 52 / 121
[set] Any character in set
[!set] Any character not in set

The ? wildcard matches any single characters, so that if your directory contains the files program.c,
program.log, and program.o, then the expression program.? matches program.c and program.o
but not program.log.

The asterisk (*) matches any string of characters. The program.* will match all three files in the
previous paragraph.

Table 18 should help demonstrate how the asterisk works. Assume that you have the files bob,
darlene, dave, ed, frank, and fred in your working directory.

Table 18: Using the * wildcard

Expression Yields
fr* frank fred
*ed ed fred
b* bob
*e* darlene dave ed fred
*r* darlene frank fred
* bob darlene dave ed frank fred
d*e darlene dave

A set is a list of characters (e.g., abc), an inclusive range (e.g., a-z), or some combination of the
two. If you want the dash character to be part of a list, just list it first or last. Table 19 should explain
things more clearly.

Table 19: Using the set construct wildcards

Expression Matches
[abc] a, b, or c
[.,;] Period (.), comma (,), or semicolon (;)
[-_] Dash (-) or underscore (_)
[a-c] a, b, or c
[a-z] All lowercase letters
[!0-9] All non-digits
[0-9!] All digits and exclamation point
[a-zA-Z] All lower and uppercase letters
[a-zA-Z0-9_-] All letters, all digits, underscore, and dash

P
age 53 / 121Lecturer EZE Herbert O.
In the original wildcard example, program.[co] and program.[a-z] both match program.c and
program.o, but not program.log.

Suppose you are a C programmer, and you want to list all source, object, and header files in your
working directory. The command ls.[cho] matches names end in a period followed by a c, h, or o.

The wildcard examples that we have seen so far are actually part of a more general concept called
pathname expansion. For example, if you wanted to list all of the files in the directories /usr and
/usr2, you could type ls /usr*. If you were only interested in the files beginning with the letter b
and e in these directories, you could type ls /usr*/[be]* to list them.

4.1.3. Brace Expansion

Whereas pathname expansion wildcards will expand to files and directories that exist, brace
expansion expands to an arbitrary string of a given form: an optional preamble, followed by
comma-separated strings between braces, and followed by an optional postscript.
$ echo b{ed,olt,ar}s beds
bolts bars

You can also use a different type of brace expansion nfor creating a sequence of letters or numbers.
$ echo {2..5}
2345

$ echo {d..h} d e f g h

Brace expansion can also be used with wildcard expansions. In the example from the previous
section where we listed the source, object, and header files in the working directory, we could have
used ls *.{c,h,o}.

4.1.4. Standard I/O

By convention, each UNIX program has a single way of accepting input called standard input, a
single way of producing output called standard output, and a single way of producing error
messages called standard error output, usually shortened to standard error.

4.1.5. I/O Redirection

The shell can redirect standard input so that it comes from a file. The notation command < filename
does this; it sets things up so that command takes standard input from a file instead of from a
terminal.

For example, sort < /etc/passwd will sort the lines in the file, and out onto your terminal (we are
pretending that these utilities do not take filename arguments).

Page 54 / 121
Similarly, command > filename causes the command’s standard output to be redirected to the
named file. The example of this is date > now: the date command prints the current date and time
on the standard output; the previous command saves it in a file called now.

Input and output redirectors can be combined. For example,

$ cat < file1 > file2

This would be similar to cp file1 file2.

This will redirect standard error to a file.

$ grep word noexistfile 2> grep-error.log

This will redirect standard output and standard error to a file.

$ rm -f $(find / -name core) &> /dev/null

4.1.6. Pipelines
It is possible to redirect the output of a command into the standard input of another command
instead of a file. The construct that does this is called the pipe, notated as |. A command line that
includes two or more commands connected with pipes is called a pipeline.

Pipes are very often used with toe more, or less command. If you are in a directory with a large
number of files and you want to see details about them, ls -l | more, or ls -l | less will give you a
detailed listing a screen at a time.

Here is a more complicated example. The file /etc/passwd stores information about users’ accounts
on a UNIX. The first field of each line is the login name; fields are separated by colons (:). A sample
line might look like this:
linus:x:1000:100:Linus Torvalds:/home/linus:/bin/bash

To get a sorted listing of all users on the system, type:

$ cut -d: -f1 < /etc/passwd | sort
ad bin
daemon
ftp
games
linus
…

P
age 55 / 121Lecturer EZE Herbert O.
(Actually, you can omit the <, since cut accept input filename arguments.) The cut command
extracts the first field (-f1), where fields are separated by colons (-d:), from the input. The entire
pipeline will print a list that looks like this:

4.1.7. Background Jobs

Pipes are actually a special case of a more general feature: doing more than one thing at a time. It
means running more programs at the same time. The shell also lets you run more than one command
at a time during a single login session. Normally, when you type a command and hit RETUEN, the
shell will let the command have control of your terminal until it is done. But if you want to run a
command that does not require user input and you want to do other things while the command is
running, put an ampersand (&) after the command.

For example, the file is abc.tar.Z, which is a large compressed archive file. Type uncompress
abc.tar & (you can omit .Z), and the system will start a job in the background.

# updatedb &
[1] 294

You can check on background jobs with the command jobs.

$ jobs
[1]+ Running updatedb &

When the job finishes, you will see

[1]+ Done updatedb

4.1.8. Background Input / Output

Jobs you put in the background should not do I/O to your terminal. If you type,
# make &

and then resulting in very large amounts of output, which will be difficult to stop. However, if you
type
# make &> make.log &

Then the difference will be saved in the file txtdiff for you to examine later.

4.1.9. Background Jobs and Priorities

Every job on the system is assigned a priority, a number that tells the operating system how much
priority to give the job when it doles out resources (the higher the number, the lower the priority).
Commands that you enter from the shell, whether foreground or background jobs, usually it have
the same priority. The system administrator is able to run commands at a higher propriety than
normal users.
Page 56 / 121
For example, this redirects stdout and stderr to a file at a low priority (default 10) in the background.
$ nice make &> make.log &

It is the lowest propriety (19: lowest priority, -20: highest priority, default 10)
$ nice -n 19 make &> make.log &

4.1.10. Special Characters and Quoting

Table 20 gives the meanings of all special characters within shell command lines only. Other
characters have special meanings in specific situations, such as the regular expressions and string-
handling operators.

Table 20: Special characters

Character Meaning
| Pipe
[ Start character-set wildcard
] End character-set wildcard
{ Start command block
} End command block
* String wildcard
? Single-character wildcard
& Background job
~ Home directory
` Command substitution
‘ Strong quote
“ Weak quote
# Comment
$ Variable expression
( Start sub shell
) End sub shell
\ Quote next character
; Shell command separator
< Input redirect
> Output redirect
/ Pathname directory separator
! Pipeline logical NOT

4.1.11. Quoting
If you want to print the string 2 * 3 > 5 is a valid inequality? If you type:
$ echo 2 * 3 > 5 is a valid inequality.
P
age 57 / 121Lecturer EZE Herbert O.
You would get a new file 5, containing “2 Desktop bin 3 is a valid inequality.”.

If you type as below, the result is the string, taken literally.

$ echo ‘2 * 3 > 5 is a valid inequality.‘ 2 * 3
> 5 is a valid inequality.

4.1.12. Backslash-Escaping
Another way to change the meaning of a character is to precede it with a backslash (\). This is called
backslash-escaping the character. For example,
$ echo 2 \* 3 \> 5 is a valid inequality.
2 * 3 > 5 is a valid inequality.

4.1.13. History Expansion

History expansion is a primitive way to recall and edit commands in the history list. The way to
recall commands is by the use of event designators. Table 21 gives a complete list.

Table 21: Event designators

Command Description
! Start a history substitution
!! Refers to the last command
!n Refers to command line n
!-n Refers to the current command line minus n
!string Refers to the most recent command starting with string
!?string? Refers to the most recent command containing string; the ending ? is
optional
^string1^string2 Repeat the last command, replacing string1 with string2

Command numbers can be determined from the history command.

4.1.14. Aliases
Aliases allow a string to be substituted for a word when it is used. Aliases can be defined on the
command line, in your .bash_profile, or in your .bashrc. If you want to apply the same aliases to
all users in a system, edit (create) /etc/bash.bashrc.local at a SuSE environment. For example,

alias llmo=’ll | less’

5. DHCP Server

Page 58 / 121
Dynamic Host Configuration Protocol (DHCP) servers provide network configuration parameters
to machines when they boot. DHCP provides the IP addresses, subnet mask, the broadcast address,
the IP address of the default gateway, the IP address of one or more DNS servers, a domain name
for the client and so on.
DHCP offers a number of conveniences. First, it allows large-scale deployment of desktop systems
by allowing each system to be imaged with an identical configuration. Second, it allows those who
regularly move laptops between networks to automatically pick up appropriate settings for that
network, without tedious manual reconfiguration. Third, it allows reuse of IP addresses through the
reclamation and reissue of expired leases.

DHCP Configuration

DHCP Server package of,

• dhcp-server
If you want to manage the DHCP server by YaST, install the package,
• yast2-dhcp-server
Edit /etc/sysconfig/dhcpd to specify the name of the interface you want the DHCP server to listen
on
…
DHCPD_INTERFACE="eth0"
…

There are several configuration examples. You can copy it and modify,

# cp /usr/share/doc/packages/dhcp-doc/examples/simple_dhcpd.conf/
/etc/dhcpd.conf

Edit /etc/dhcpd.conf as,

option domain-name "domain1.site";

option domain-name-servers 192.168.0.1, 192.168.0.2; option
routers 192.168.0.1;
option ntp-servers 192.168.0.10; option netbios-
name-servers 192.168.250.10; default-lease-time
86400; ddns-update-style none; subnet
192.168.250.0 netmask 255.255.255.0 { range
192.168.250.50 192.168.250.99; default-lease-time
14400; max-lease-time 172800; }

P
age 59 / 121Lecturer EZE Herbert O.
Start the DHCP server

# /etc/init.d/dhcpd start
Arrange for it to be started at run time with
# chkconfig dhcpd on

The DHCP server records the leases at /var/lib/dhcp/db/dhcpd.leases as,

lease 192.168.10.200 { starts 0 2007/06/03 15:39:39; ends 0 2007/06/03
19:39:39; binding state active; next binding state free; hardware ethernet
00:13:a9:6f:28:29; uid "\001\000\023\251o()"; client-hostname "pc1"; }
Fixed IP for clients
You can also assign a fixed IP address with DHCP for the pc1. The entry typically looks like this
at /etc/dhcpd.conf
…
host pc1 {
hardware ethernet 00:13:a9:6f:28:29;
fixed-address 192.168.10.55; }
Redundant DHCP Server
DHCP3.0 server offers a failover capability that uses primary and secondary DHCP server.
However, this functionality is rarely implemented due to the unstable takeover between them.
Instead, redundant DHCP server can be installed using different range of IP addresses. In this
example, two servers are acting as DHCP server, and DNS server.

Server 1 Server 2
Server IP address 192.168.0.1 192.168.0.2
IP Range 192.168.0.100-150 192.168.0.151-200
DNS 192.168.0.1 192.168.0.2
192.168.0.2 192.168.0.1

If one of the servers is down, the other server can provide DHCP functionality. If you are also
using DNS in each server, the order of DNS configuration also should be changed accordingly.

Page 60 / 121
DHCP Client
DHCP Client will receive automatically but you can also specify
For Windows NT, 2000, XP and Vista,

Command Description
Command Description
ipconfig Show IP information
ipconfig /all Show all IP information
ipconfig /release Release IP addresses
ipconfig /renew Renew IP addresses

You might experience the renew option does not work, and then reboot the PC.

P
age 61 / 121Lecturer EZE Herbert O.
For Linux,
Command Description
Command Description
ifconfig Show IP information
route -n Show routing table
/etc/init.d/network Get IP address
restart or dhcpcd

Page 62 / 121
6. Basic of DNS (BIND)
The Domain Name System or DNS is a system that stores information about host names and domain
names on networks, such as the Internet. Most importantly, it provides an IP address for each host
name, and lists the mail exchange servers accepting e-mail for each domain.

The DNS forms a vital part of the Internet, because hardware requires IP addresses to perform
routing, but humans use host names and domain names, for example in URLs and email addresses.

6.1. How the DNS works

Figure 10 – How the DNS works

A domain name usually consists of two or more parts (technically labels) separated by dots. The
rightmost label conveys the top-level domain (for example, the address www.yahoo.com has the
top-level domain com). Each label to the left specifies a subdivision or subdomain (for example,
yahoo.com is a subdomain of com and www.yahoo.com is a subdomain of yahoo.com).

6.2. DNS records

⚫ An A record or address record maps a host name to its 32-bit IPv4 address.
⚫ An AAAA record or IPv6 address record maps a host name to its 128-bit IPv6 address.
⚫ A CNAME record or canonical name record makes one domain name an alias of another. The
aliased domain gets all the subdomains and DNS records of the original.

P
age 63 / 121Lecturer EZE Herbert O.
⚫ An MX record or mail exchange record maps a domain name to a list of mail exchange servers
for that domain.
⚫ A PTR record or pointer record maps a host name to the canonical name for that host. Setting
up a PTR record for a host name in the in-addr.arpa domain that corresponds to an IP address
implements reverse DNS lookup for that address. For example (at the time of writing),
www.icann.net has the IP address 192.0.34.164, but a PTR record maps 164.34.0.192.in-
addr.arpa to its canonical name, referrals.icann.org.
⚫ An NS record or name server record maps a domain name to a list of DNS servers for that
domain and are used to create delegations.
⚫ An SOA record or start of authority record specifies the DNS server providing authoritative
information about an Internet domain.

6.3. BIND

BIND (Berkeley Internet Name Domain, previously: Berkeley Internet Name Daemon) is the most
commonly used DNS server on the Internet, especially on Unix-like systems, where it is a de facto
standard.

6.4. Install and configuration of BIND

Setting up a DNS server Requirements

DNS server can be set up in many O/S environments. For our scenario we shall use the Linux O/S;
A computer already installed with openSuSE leap 42.3; the machine should also be configured with
a functional repository, and should have at least 1GB free hard disk space.

Scenario:
Assume that we have a single openSuSE Leap 42.3 Linux machine to be configured as a DNS
Server, and another client machine (Linux, or Windows 7). A switch will be needed to create a
single segment LAN. The topology is a shown below:
Scenario diagram for typical rwanda.local network

Page 64 / 121
DNS server installation requires the following packages
1. bind 2. bind-chrootenv 3. bind-doc 4. bind-libs 5. bind-utils

bind-utils might be already installed along with YaST.

These packages can be installed by using the yast2 tool or using the yast2 command line interface
zypper command “zypper in bind “

# zypper install bind bind-chrootenv bind-doc bind-libs bind-utils

Preparing... ########################################### [100%]
1:bind-utils ########################################### [ 50%] 2:bind
########################################### [100%]

Checking the installed packages by “zypper search bind”

P
age 65 / 121Lecturer EZE Herbert O.
The output of the second command is a tabular output. In the first column “i” indicates an already
installed package. “i” against bind, bind-chrootenv, bind-doc, bind-libs, bind-utils, all indicates that
the packages have been installed.

Start BIND automatically

# chkconfig --list | grep named

named 0:off 1:off 2:off 3:off 4:off 5:off 6:off
# chkconfig named on
# chkconfig --list | grep named
named 0:off 1:off 2:off 3:on 4:off 5:on 6:off

1. Location of setting files

Path
/etc/named.conf Main configuration file
/var/lib/named/master/rwanda.zone Zone file
/var/lib/named/master/10.168.192.zone Reverse zone file
/etc/resolv.conf DNS Client configuration

2. Forward Zone
First, we must introduce the zone to named.conf
…

Page 66 / 121
include "/etc/named.conf.include"; zone "rwanda.local" in { file "master/rwanda.local";
type master;
};

Next, create the zone file /var/lib/named/master/ rwanda.local

$TTL 1W
@ IN SOA ns1.rwanda.local.
root.ns1.rwanda.local. (
42 ; serial (d. adams)
2D ; refresh
4H ; retry
6W ; expiry
1W ) ;
minimum
IN NS ns1.rwanda.local.
ns1 IN A 192.168.10.1 www
IN CNAME ns1 mike IN CNAME
ns1

3. Reverse Zone
First, we must introduce the zone to named.conf
zone "10.168.192.in-addr.arpa" in {
file "master/192.168.10.zone";
type master; };

Next, create the reverse zone file /var/lib/named/master/master/192.168.10.zone

$TTL 1W
@ IN SOA ns1.rwanda.local. root.ns1.rwanda.local. (
42 ; serial (d. adams)
2D ; refresh
4H ; retry
6W ; expiry
1W ) ;
minimum
IN NS ns1.rwanda.local.
1 IN PTR ns1.rwanda.local.

4. Resolver Configuration

P
age 67 / 121Lecturer EZE Herbert O.
The last thing we need to do before running BIND is to set up the local resolver software.
/etc/resolv.conf
nameserver 192.168.10.1 search
rwanda.local

5. How to restart
Whenever you changed the configuration, you must restart the service to enable to configuration.
# /etc/init.d/named restart

6.5. How to check

1. nslookup command
# nslookup
Default Server: ns1.rwanda.local
Address: 192.168.10.1

> ns1
Server: ns1.rwanda.local
Address: 192.168.10.1

Name: ns1.rwanda.local
Address: 192.168.10.1

> www
Server: ns1.rwanda.local
Address: 192.168.10.1

Name: www. rwanda.local canonical name = ns1.rwanda.local.

Addresses: 192.168.10.1

2. dig command

Page 68 / 121
ns1:~ # dig rwanda.local

; <<>> DiG 9.9.9-P1 <<>>

rwanda.local ;; global options: +cmd ;;
Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63565
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;rwanda.local. IN A

;; AUTHORITY SECTION:
rwanda.local. 604800 IN SOA ns1.rwanda.local. root.ns1.rwanda.local. 42
172800 14400 3628800 604800

;; Query time: 0 msec

;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: Tue Apr 02 10:50:19 CAT 2019
;; MSG SIZE rcvd: 86

Exercise 4 - DNS

Configure your DNS server. Following will be the example configuration for BIND.
Trainee1 Trainee2
Domain Name test1.kg test2.kg
Network Address 212.0.0.0/255.255.255.240 212.0.0.0/255.255.255.240

Host Name (aliases) IP Address

pop3, smtp, www, proxy, mail, imap Your Linux’s IP address

t2, t3 Partner’s IP address

Note: If your computer is not delegated properly from the higher DNS authority, you can
not test using nslookup and dig command. However, you can still test by ping command.

P
age 69 / 121Lecturer EZE Herbert O.
7. Advanced DNS (BIND)

7.1. DNS Forwarder

Table 22 – DNS (BIND) configuration file and directories

File, Directory Description
/etc/named.conf BIND Configuration file
/var/lib/named/master/ Directory for master zone and reverse zone file
/var/lib/named/slave/ Directory for slave zone and reverse slave zone file

To use the name server of the provider or one already running on your network as the forwarder,
enter the corresponding IP address or addresses in the options section under forwarders. The
addresses in the followings are just examples. Change these entries according to your own setup.

options { directory "/var/lib/named"; forwarders {

192.168.10.1; 192.168.5.1; }; listen-on {
127.0.0.1; 192.168.10.1/24; }; allow-query {
127.0.0.0/8; 192.168.10.0/24; }; notify no;
};

Figure 11 – Forwarding Options in named.conf

The options entry is followed by entries for the zone, for localhost, 0.0.127.in-addr.arpa, and the
type hint entry under “.”, which should always be present. The corresponding files do not need to
be modified and should work as is. Also make sure that each entry is closed with a “;” and that the
curly braces are in the correct places. After changing the configuration file /etc/named.conf or the
zone files, tell BIND to reread them.

7.2. Important Configuration Options

directory "/var/lib/named"; specifies the directory where BIND can find the files containing the
zone data.

forwarders 192.168.10.1;; specifies the name servers (mostly of the provider) to which DNS
requests should forwarded if they cannot be resolved directly.

forward first; causes DNS requests to be forwarded before an attempt is made to resolve them via
the root name servers. Instead of forward first, forward only can be written to have all requests
forwarded and none sent to the root name servers. This makes sense for firewall configurations.

Page 70 / 121
listen-on port 53 127.0.0.1; 192.168.10.1;; tells BIND to which network interface and port to listen.
The port 53 specification can be left out, as 53 is the default port. If this entry is completely omitted,
BIND accepts requests on all interfaces.

query-source address * port 53; This entry is necessary if a firewall is blocking outgoing DNS
requests. This tells BIND to post requests externally from port 53 and not from any of the high
ports above 1024.
allow-query 127.0.0.1; 192.168.10.1/24;; defines the networks from which clients can post DNS
requests. The /24 at the end is an abbreviated expression for the netmask, in this case,
255.255.255.0.

allow-transfer ! *;; controls which hosts can request zone transfers. In the example, such requests
are completely denied with ! *. Without this entry, zone transfers can be requested from anywhere
without restrictions.

notify no; If notify is set to yes (default), notify messages are sent to other name servers when the
zone data is changed. Instead of setting a global 'notify' statement in the 'options' section, a separate
'notify' can be added to each zone definition.

P
age 71 / 121Lecturer EZE Herbert O.
8. APACHE WEB SERVER

Page 72 / 121
 Introduction

• Apache web server evolved as a result of the effort of Brain Behiendorl in 1995

• He collected and packaged apache as a collection of software patches that had been used on the latest version of NCSA HTTPd
web server. The first package known as apache (from “a patchy” web server) was released publicly in 1995.

• Apache is the most widely used web server providing 70% of web service content on public internet.

• The group known as Apache Software Foundation is now an incorporated group providing legal structure for the continued open
source operation of apache

• The latest version of apache is apache2-2.2.10-2.5 as at

2009

TCT 2/22/2010

Page 73 / 121
Lecturer EZE Herbert O.
 Installation

• Installation of apache2 in openSuSE can be

done from these ways
• Yast2 – software management. To do this you must
be sure that your repositories are correctly
configured for the yast installation utility to be able
to correctly access or download the package
• Yast command line tool (Zypper). The command is
zypper in –y apache2
• RPM – this can be used if apache2 package
is downloaded as a .rpm compressed file.

TCT 2/22/2010
Confirm installation
• Installation can be confirmed in yast2-software
management tool by clicking on the installed tab, the
installed packages will be listed in alphabetical order
in the details-container pane of the utility.

Page 74 / 121
•The command
line tool can also
be used by typing
at the shell
prompt: zypper se
<package name –
e.g. apache2>
•Rpm command
can also be used
by typing rpm –qa
<packagename
e.g. apache2>
Configuration

• The apache server is a multi-layered consolidated system that uses mostly pre-forked system call and sometimes worker-thread
system for executing the server processes.
• So the server forks up many executing processes and spare process in ready state to process many of the categories of the web
service processing.
• As a result the configuration includes many modules, which are not contained in a single file.
Page 75 / 121
Lecturer EZE Herbert O.
• The main configuration file is the /etc/apache2/httpd.conf file.
• Many include statements (called include directives – in apache2 terms) are used to include these modules in the sections of the
main configuration file (httpd.conf) where they should be.
• The /etc/apache2/httpd.conf file has three main configuration sections
• The Global Environment Section, the Main server or default server section, and the Virtual Host Section

Page 76 / 121
 Global Environment section

• Any configuration section is actually made of configuration lines

(statements) called directives. It is these directives that the apache server reads, in order to know how to respond to client requests
• The global environment section provides the directives that affect the overall operation of the apache server as a whole.
• The global section of the httpd.conf is organised in such a way that group of settings/directives which make up a module are
contained in separate files. These modular files can be included or not included dynamically into the httpd.conf (Apache runtime),
by use of a directive for including files –
“include <module “/file_path”>”. E.g. Include
/etc/apache2/sysconfig.d/loadmodule.conf
• Examples of the directives includes “include <module file path>”, Directory, AccessFileName, DirectoryIndex, The re are many
other directives which can be found in the included moduler files at the global environment section.
• In server-tunning.conf file, there are directives like, StartServers,
MinSpareServers, MaxSpareServers,ServerLimit, Maxclients and MaxRequestPerChild in a pre-fork server process environment.
Default-server section

• This section is used to provide the configuration option dedicated to the operation of the primary web site.

• The include directive here points to the defaultserver configuration file where the main directives for default server configuration
is.

• The directives to find in the file include

DocumentRoot, <Directory –for document root>, Alias, ScriptAlias, <IfModule mod_Userdir>, etc

Page 77 / 121Lecturer EZE Herbert O. TCT 2/22/2010

 Virtual Server Section

• Here is the place to configure for virtual hosts. Such configurations allow an administrator to configure multiple websites in the
same server.
• The include directive in this section points to vhosts.d directory where there are vhost.template files used in configuring the virtual
hosts. And also listen.conf file where there are directives for ip address and ports on which virtual hosts can listen for service
requests (Listen 80,
NameVirtualHost *: 80) are typical directives here.

• The vhost.template file contains some similar directives as the default-server.conf file, but in addition it also contain directives like
<VirtualHost *:80>, ServerAdmin,
ServerName, DocumentRoot, ErrorLog, CustomLog,
HostNameLookups, UseCannonicalName,
ServerSignature

Page 78 / 121Lecturer EZE Herbert O. TCT 2/22/2010

 Typical Server Configuration Objectives
• Server can be configured for the following objectives
∞ Hosting of a single primary website (httpd.conf, default-server.conf)
∞ Hosting of several name-based websites on a single IP Address
(httpd.conf, listen.conf, vhosts.d/vhost.template)
∞ Hosting different sites on different ports but same IP Addresses (httpd.conf, listen.conf, vhosts.d/vhost.template)
∞ IP-based Virtual hosting (httpd.conf, listen.conf, vhosts.d/vhost.template)
∞ Adding security configurations to web site contents (httpd.conf, /etc/http-passwd)
∞ Running Web sites that allow SSI-include pages to be requested
∞ Running Websites that includes ExecCGI pages/content
• DirectoryIndex – found in /etc/apache2/httpd.conf , it is used to specify the document format, which if present in the root
directory, would be served to a client as a default page in a case where a user did not specify any particular page in the URL
placed in a web browser
• DocumentRoot – Found in /etc/apache2/default-server.conf and vhost.template
files. This directive serves to specify the directory path that the website is using to contain the web pages or contents for the
website.
• <Directory> and <Files> - found commonly in many of the configuration files, serves as a container for website directories or
files, which provides a platform in which some other directives can be applied. It most commonly appears in the form below
<Directory /srv/www/htdocs>
<Files secret.html> Options All
AllowOveride None
Order deny, allow
Allow from 192.168.10.0 /24
Deny from All </Files>
</Directory>
•

Page 79 / 121
Lecturer EZE Herbert O.
 Explaining some major Directives
<Directory /srv/www/htdocs>
<Filessecret.html>
Options All
AllowOveride None
Order deny, allow
Allow from 192.168.10.0 /24
Deny from All
</Files>
</Directory>
the first two lines points to the resources (directory or pages/files) that the options in the container shall operate on.
The Options directive is used to choose one or combinations of operational website features { Indexes, Includes,
FollowSymLinks, SymLinksIfOwnerMatch, ExecCGI, Multiviews, All, and None}
The AllowOverride directive used one or combination of the choices {All, None, Options, FileInfo, AutoConfig, and Limit} to
specify the degree of restriction on inheritance of settings/features by the subdirectories or child-directories or files to the directory
associated to this container.

Page 80 / 121
Lecturer EZE Herbert O.
 Explaining some major Directives

The line Order deny,allow and Deny from All work together to select or filter clients request for the pages in the container which
can be serviced (passed) or rejected. The Order directive is used to specify which set (Deny or Allow ) directives to evaluate
first for matching.
For the Order deny,allow - Deny directives will be evaluated first before Allow directives are evaluated. If at the reception of a
request, at least one Deny directive matches that request, the request will be rejected except if there is any allow directive that
matches the request.
For Order allow,deny - First, all Allow directives are evaluated; at least one must match, or the request is rejected. Next, all Deny
directives are evaluated. If any matches, the request is rejected. Last, any requests which do not match an Allow or a Deny
directive are denied by default.

• <IfModule mod_Userdir>
</IfModule> - This directive is used in the same way as the Directory container directive, but in the case of “If a module is to be
included”. So it specifies configuration settings or additional specific directives for the module which it points to, like Userdir
module as in the case of above directive.

• Alias – This directive is used to give shortname or fakename to a directory or pages files or other resources such that rather than
giving the full pathname for that resource in the URL, the short fakename can be used in the url to reduce the complexity e.g
Alias /john/
/home/john/public_html/

Page 81 / 121Lecturer EZE Herbert O. TCT 2/22/2010

 Configuring a primary website
 Install apache2, apache2-prefork package

Page 82 / 121Lecturer EZE Herbert O. TCT 2/22/2010

 Explaining some major Directives

 Set it to start automatically at boot time using chkconfig apache2 on

 Type vi /etc/apache2/httpd.c onf so as to access httpd.conf file
 Ensure that index.html is
included in the values for the
DirectoryIndex
directive

Page 83 / 121Lecturer EZE Herbert O. TCT 2/22/2010

 Configuring a primary website
 Type vi /etc/apache2/defaultserver.conf to access the main server
configuration file. On the DocumentRoot directive, specify the file
path to the directory you would use to place your web pages.
 On the <Directory> container for the DocumentRoot, modify the
Options directive setting from
None to All
 Copy the sample Alias directive for /icons/ and use the example
to make aliases to pages or directories as you wish

Page 84 / 121Lecturer EZE Herbert O. TCT 2/22/2010

 <IfModule mod_userdir.c> directive is used to enable a
public_html directory to be appended to the O/S users
home directory. No need to change anything in this
directive container
 An Alias can be used to connect to the users home
directory’s public_html, so that the user’s pages can be
published on the website.
 Save the document file and restart the apache2 server
using /etc/init.d/apache2 restart
Configuring Name-based Virtual Servers
(focus - /etc/apache2/listen.conf,
/etc/apache2/vhosts.d/vhost.template)

 This can be based on a typical scenario. Assuming

we have an existing domain itclass.local. For
which we want to setup two virtual websites;
wwwl.itclass.local, and mail.itclass.local.

 There is an existing DNS server with dns

CNAME resource records associating the virtual
websites (domain names) to the FQDN of a
single host server.

 IP Address of the Host machine may be given as 192.168.10.20 /24

Page 85 / 121Lecturer EZE Herbert O. TCT 2/22/2010

 Name-based Virtual websites

 The first things to do are, to Install the apache2 relevant packages

 Set apache2 On at run levels 3 and 5, so that it can start automatically at boot time.

 Ensure that DirectoryIndex directive has been set with correct values in /etc/apache2/httpd.conf.

 For all the above steps, do as in the case of setting up primary website.
Name-based virtual website
(create the DocumentRoots)

Page 86 / 121
Lecturer EZE Herbert O.
 Decide the points in the files system tree where you wish to create
the DocumentRoots for the websites
 Navigate to those points and Create the directories you will use as
the document roots (to keep the web pages/files) for the
two sites wwwl.itclass.local and for
mail.itclass.local

. These document roots does not necessarily have to be at

the same mount points in the file system tree
 The DocumentRoot for wwwl.itclass.local is
/root/mysites/wwwl.itclass; for mail.itclass.local is
/root/mailsites/mail.itclass
Name-based virtual website
(create the Vhosts
configuration files)

 Type at the shell prompt cd

/etc/apache2/vhosts.d
/ to access the vhost.d directory

 Type cp vhost.template wwwl.conf to create a wwwl.conf

file for the wwwl.itclass.local site
 Type cp vhost.template mail.conf to create a mail.conf file
for the mail.itclass.local site

Page 87 / 121Lecturer EZE Herbert O. TCT 2/22/2010

Name-based Virtual Website
(Configuring Listening Ports and IP Addresses)

Page 88 / 121Lecturer EZE Herbert O. TCT 2/22/2010

 Name-based Virtual Website

 From the shell prompt type : vi /etc/apache2/listen.conf to access

the listen.conf file

 In Listen.conf file modify the listen directive given it a port value

you wish to use for the site. The default is port number 80
 Modify the NameVirtualHost directive to add a value
representing the IP Address of your site and the port number.
Some times the IP Address is represented by * , which means any
IP Address. The syntax is shown in the insert at the right hand.
(Configuring wwwl.conf file for wwwl.itclass.local)

Page 89 / 121Lecturer EZE Herbert O. TCT 2/22/2010

 Name-based Virtual Website
 Type at shell prompt vi
/etc/apache2/vhosts.d/wwwl.conf and hit enter key to access the
wwwl.conf file
 In the <VirtualHost> directives container, modify all the
directives having values based on the template domain-name to
take values based on your virtual website domain-name e.g for
the directive ServerName: dummy-host.example.com, change to
ServerName: wwwl.itclass.local
 Modify the directive UseCannonicalName: Off to
UseCannonicalName: On
 Put the correct values for the DocumentRoot directive (ie
/root/mysites/wwwl.itclass)
 Choose the right combination of values for the Options directive
 Apend an Alias Directive if you need to include any other page
source apart from the document root in your website
 All other directives can be left untouched, the insert at the right
hand side illustrates
this configurations
(Configuring mail.conf file for mail.itclass.local)

 Type at shell prompt vi

Page 90 / 121Lecturer EZE Herbert O. TCT 2/22/2010

 Name-based Virtual Website

/etc/apache2/vhosts.d/mail.conf and hit enter key to access the

mail.conf file
 In the <VirtualHost> directives container, modify all the
directives having values based on the template domain-name to
take values based on your virtual website domain-name e.g for
the directive ServerName: dummy-host.example.com, change to
ServerName: maill.itclass.local
 Modify the directive UseCannonicalName: Off to
UseCannonicalName: On
 Put the correct values for the DocumentRoot directive (ie
/root/mailsites/mail.itclass)
 Choose the right combination of values for the Options directive
 Apend an Alias Directive if you need to include any other page
source apart from the document root in your website
 All other directives can be left untouched, the insert at the right
hand side illustrates
this configurations
(Some fine-tuning touches)

 Type at the shell prompt: vi

Page 91 / 121Lecturer EZE Herbert O. TCT 2/22/2010

 Name-based Virtual Website
/var/lib/named/dyn/itclass .zone to access the forward zone
file of the DNS server if it is residing in the same host machine
as the Web server otherwise you should do this in the DNS
server host.
 Make a CNAME (RR) entry to point the canonical names of the
virtual websites (domains) to the single host machine running
the apache server
 Type /etc/init.d/named restart to restart the DNS server
 Type /etc/init.d/apache2 start to start the apache server

Page 92 / 121Lecturer EZE Herbert O. TCT 2/22/2010

 Configuring Security
(use is made of httpd.conf file)

Page 93 / 121Lecturer EZE Herbert O. TCT 2/22/2010

 Security in Appache is based on three processes
 Authentication – in this case the apache process matches
configured values (names and passwords) from a password file
to the supplied credential of user, to verify the identity of the
user.
 Authorization – in this case the apache process allows a
request if it is coming from a user authorized to access a given
resource (pages)
 Access Control – this is the process of limiting users access to
information that they may not have access to.
 In shell prompt type; htpasswd2 -c
/etc/http-passwd petre
in order to create a passwd file (httppasswd) with the entry petre A portion of httpd.conf with a Directory
(a user) for apache2 web page request authentication container for security directives
 Open the httpd.conf file and use the <Directory> container
directive, to specify security directives for the web pages or
resources targeted by the container. This is illustrated at the
right hand side insert
Configuring Security
(use is made of httpd.conf file)

 After configuring the httpd.conf file save it and restart the

apache2 server.
 The security configuration can be tested by trying to access
the web page targeted by the Container directive over a
web browser.
 This kind of confuguration uses Basic AuthType: when the
size of users exceeds few hundreds it slows down the
server, at that point it is recommended to use other
AuthType . Which are found in modules mod_auth_dbm,

Page 94 / 121Lecturer EZE Herbert O. TCT 2/22/2010

 mod_auth_mysql. These modules can be included in
httpd.conf to provide more security directives for apache2
Configuring Security

Access control is based on

 Directives {Order, Deny and Allow) which have been
discussed earlier or
 Use of .htaccess files in directories intended to be
protected.
To use .htaccess file, create a file which has no name, but has
only an extension name .htaccess . Inside that file use
Allow or Deny directives to specify the security or access
control condition , you wish to use for a particular
directory, where you will place the .htaccess file (i.e. which
you wish to protect)
In httpd.conf ensure that the directive AccessFileName is set to the
value .htaccess.
Also ensure that if the directory is a child, then the parent
directory should have the directive AllowOverride set to a
value not None. It can be Limit
Running Websites enabled to serve contents based on CGI scripts

 CGI – Common Gateway Interface defines a way in which a web server can interact with external programs, often referred to as CGI
programs or scripts, for generating dynamic web contents based on client request.
 If a web server has the capability to run CGI scripts, normally contained in a specific directory, it means that when a client requests
content from such directories, the server itself will run the scripts or programs in the directory, those programs in turn will generate web
pages as a result of their process and the generated pages are served to the client. CGI is said to be server side technology because the
client machine does not need to have a particular client program in order to request and use the CGI directory contents. The web server
itself runs the content and server the result to the client via the web browser.
 PERL is a scripting language that can be used for CGI scripts. PERL compares with PHP sometimes. However it is different from php
scripts because where as php runs its process interpreter as part of the apache web server, perl script interpreter runs as separate process
from the web server modules and only pipes its outputs into the web servers standard output.

Page 95 / 121Lecturer EZE Herbert O. TCT 2/22/2010

 When a web server is sending output to a web client (browser) based on a CGI program , it first sends a header which is of MIME-
type. This header tells the client that the type of content it is receiving is a script (i.e. text/html) . After this header then the server sends
the remaining contents which can be ordinary html types.
 To provide CGI scripts from a web site, first ensure that , the right package for the scripting language/program has been installed. For
perl, include apache2-mod_perl among the installation packages for apache web server.

Page 96 / 121Lecturer EZE Herbert O. TCT 2/22/2010

 Enabling CGI scripts at a website
First ensure that the required modules for the scripting language of
the CGI pages have been added to the apache2 main
configuration file, this can be confirmed at the file,
/etc/apache2/sysconfig.d/load_module
.conf
 Any loaded module can be confirmed as shown at the screen
shot at the right handside. The directive LoadModule
<module_name> /<module file
path.so> is used to include the module for apache2 process. The
last line in the screen shot is effective for the inclusion of php5
in the apache processes.
 If on checking the appropriate module is not loaded, then the
administrator needs to manually load the right module by using
the LoadModule directive. This step is illutrated at the right Ensure that apache2-mod_perl has been installed
hand for the case of perl module, located at the file path
/usr/lib/apache2/mod_perl.so
 Type LoadModule mod_perl
/usr/lib/apache2/mod_perl.so this
inclusion is done automatically at apache2 starting time , once
the module package has been pre-installed , in opensuse 11.1
O/S.

Lecturer EZE Herbert O.

TCT 2/22/2010
Enabling CGI at website Directory

Page 97 / 121
 There are two ways by which CGI scripts can be enabled for a Lecturer EZE Herbert O.
website.
After a ScriptAlias directive has been used to point to a
 One is by the use of the ScriptAlias directive directory according to file system location, the next thing
 Example; ScriptAlias /cgi-bin/ would then be to use the <Directory> directive to provide the
“/srv/www/cgi-bin/” specific settings of how the apache2 will treat the contents of
 By the above directive, it is meant that the apache2 web server the dircetory which the ScriptAlias pointed to. In the directory
recognizes that the contents in the /srv/www/cgi-bin/ directory directive, use the value +ExecCGI among the values for the
are scripts or programs, so that when a client’s request is (sub)directive Options (e.g.
targeted on that directory, the apache2 server knows that it <Directory “/srv/www/cgi-bin”>
should run the scripts by itself and send the output across the --------
network to the browser. The ScriptAlias works like Alias in Option Indexes +ExecCGI Multiviews
terms of the web space relationship with the URL. If
---------
wwwl.itclass.local is the domain name for the website, then
typing the url; wwwl.itclass.local/cgi-bin/ will make the client </Directory> )
request to be pointed to the content of the the directory
/srv/www/cgi-bin/;
which is the file-system value of the ScriptAlias /cgi-bin/
TCT 2/22/2010

Page 98 / 121
 Enabling CGI at website Directory

Page 99 / 121Lecturer EZE Herbert O. TCT 2/22/2010

 There is a second way to do this. The previously described one
is the default case, it always uses the cgi-bin directory.
However apache2 can run/execute script from any arbitrary
directory in the web site/web space, depending on additional
configurations. This additional configuration goes in two
steps.
 Determine the directory you want to use for containing the
CGI scripts (e.g.
/srv/www/vhosts/newscripts/
 Because this directory is not a natural holder for scripts, it
requires a special program called script handler to be enabled
for the website. This can be done in the configuration file for
the  .
website like default-server.conf, by adding the AddHandler
directive
 Type in the file;
AddHanler cgi-script .cgi
-----
<Directory /srv/www/vhosts/newscripts>
Options +ExecCGI
</Directory>

Page 100 / 121

 Enabling PHP Pages for Apache web server

 PHP – PHP: Hypertext Preprocessor –

scripts are example of SSI. It is a customized, server-embedded
scripting language. It has features of programming languages,
but it allows for the embedding of code in otherwise normal
HTML files so as to generate dynamic contents.
 For PHP to be enable for apache2 in openSUSE 11.1,
 First install php5 package. This can be done from
yast2, RPM command, Zypper or even from source
codes e.g.: zypper in -y php5
 then install the package for apache2mod_php5 should
be. Zypper in -y mod_php5
 Confirm the packages installations by typing
Zypper se apache2 and zypper se php5
 Example are shown at the right hand side
 Confirm that the mod_php5 module is included in the
/etc/apache2/sysconfig.d/loadm odule.conf file.
 Otherwise type at the shell prompt: vi
/etc/sysconfig/apache2 in order to access apache2 server
settings
 Look for the line APACHE_MODULES
= “ ……” it contains a listing of all packages whose
modules are added or included in the apache2 at boot time
(i.e. folloowing rcapache2 command.

Page 101 /
121Lecturer EZE Herbert O.
 Enabling PHP Pages for Apache web server
 In httpd.conf file add a directive as follows
<IfModule mod_php5.c> AddType application/x-
httpdphp .php <IfModule>

Page 102 / 121Lecturer EZE Herbert O. TCT 2/22/2010

 In httpd.conf file add a
directive as follows
<IfModule
mod_php5.c> AddType
application/xhttpd-php
.php
<IfModule>
 You may also include
index.php in
the
DirectoryIdex
directive

Page 103 / 121Lecturer EZE Herbert O. TCT 2/22/2010

 Enabling PHP Pages for Apache we
Testing the PHP enabled Apache2

 Restart Apache2 with

command
/etc/init.d/apache2
restart
 Go to the DocumentRoot,
or any other directory enabled to
display pages in the websites
web space – may be
enabled using Alias directive
.
 Create a php info page (i.e.
phpinfo.php; you may also The example.php script
create another php file, and
then test at the browser
interface
 Example is shown at the right
hand side.
Exercises

The web browser display

 Configure an Apache web

server for Name-based
virtual hosts (www.kigali.local
and mail.kigali.local) for the IP
Address 192.168.20.1 /24

 In mail.kigali.local use
directives to make ACL to prevent a host (e.g. 192.168.20.5) from accessing the web pages.

 Make a PHP content and load it in an arbitrary directory in the www.kigali.local site and
enable that site for PHP content so that a browser can access output from that directory. Add
Authentication based security using Basic Authentication type.

Page 104 / 121Lecturer EZE Herbert O. TCT 2

FTP SERVICE

Page 105 / 121

 Enabling PHP Pages for Apache web server
FTP - Introduction
 FTP – File Transfer protocol is a client-server based network service
(i.e. a form of client-server networking)
 The main purpose of the FTP is to enable separated network users to
transfer files in a convenient and controlled way from one location (the ftp
site in a server) to another location (host running ftp client).
 FTP goes beyond ordinary transferring of single file using a single process
as in the case of TFTP to giving the user the ability to remotely connect
client-side to a server-side, navigate and manipulate the ftp root directories
in the server-side, and transfer files using multiple processes.
 The diagram in the next slide illustrates the ftp service
 FTP being a client-server based system, has a client-side and a server side.
The client side provides the user application interface by which he can
access and use the ftp service. The application interface can be of three
forms.
Page 106 / 121
 3/9/2010
Illustrative Diagram

Page 107 / 121

Enabling PHP Pages for Apache web server
FTP Client – Command line

Page 108 / 121

 The command-line interface which allows a user to use a
number of commands like
 Get(mget) – get file(get multiple files)
 Put (mput) – send file (send multiple files)
 Wget – get file over the web
 Dir – list the content of a remote directory
 Ascii – set ascii transfer type
 Binary – set binary transfer type
 ftp – used to initiate ftp session
 Close – terminate ftp session
 Quit – terminate ftp session and exit
 Mdir – list content of multiple remote diretcories
 Mkdir make diretcory on a remote machine
 Mls – list content of multiple remote diretcory
 Delete (mdelete) – delete remote files (multiple files)
A user used the commands ftp, open and
 Pwd – point working diretcory
 Rmdir – remove diretcory on the remote machine
some credentials to login and Connect,
 Rename – rname a file
dir was used to display the directory
 Open – connect to a remote tftp contents and cd was used to navigate into
 for any of these commands, typing help <the command > the directory Documents, get is used to
will help you get a brief explanation of its use. download file

Page 109 / 121

Enabling PHP Pages for Apache web server
FTP Client – Web browser Interface

Page 110 / 121

 The web-browser interface integrates into its
functionalities an ftp client process. Based on the
server-side configurations during setup, an ftp server
may-enable a user account called Anonymous; this
user may not need a password, to access the ftp site,
but it has limited permissions on the directories and
files and can only read/download files in most cases.
Although there is a configuration option which can
be used to enable write access to the anonymous
user but its mostly not used.
 A user can generally access the ftp-site by typing a
url into the web browser address bar thus ;
ftp://<ip_address_of_ftp_server>
 If the ftp is configured to use an anonymous userID,
then the user can connect diretcly, but if the server is
configured only for authentic users, then a login
process, involving user authentication will be carried
out, before connection is allowed.
FTP Client – GUI client Applications

 There are many examples of this type of

clients, depending on the software
vendor. The GUI clients are easier to use,
and provides fuller functionalities for the user. A checkbox exists which enables a user
to choose to connect as anonymous or non-anonymous user
Page 111 / 121
 Enabling PHP Pages for Apache web server
 A connection is achieved after a user has
entered some credential information in
provided spaces. Depending on the
setup, some GUI clients can show the
remote host ftp page; otherwise, it shows
only the remote hosts directories
menubased ftp commands can be
displayed and clicked in order to
manipulate local and remote directories
and files for transfer.

Figure showing winSCP ftp clients

FTP Processes
Page 112 / 121
 FTP – like the apache web server uses multiple processes
simultaneously, although it uses much less processes.
 There are two main ftp processes namely
 ftp connection and control – this processes uses default
well known port number 21
 ftp data transfer process – this process uses well known
port number 20
 There is also a secure connection (SFTP) process which
uses a well known port number 22
 ftp control is used to initiate and negotiate connection, it
is also used between the client and server to exchange
control commands like rename and copy, or mkdir
commands using port 21
 ftp data transfer – is only functional on interim bases and
serves only to transfer data (files), for instance if a
clients passed a copy command to the server via ftp (21)
, the server responds by initiating a data transfer process
which will enable client-server to establish a data
transfer connection for files exchange
 There two types of Data Transfer Connections in FTP
client-server communications
 ACTIVE data transfer connection (Active FTP)
 Passive Data Transfer connection (Passive FTP)
 Also there is two forms of transfers
 Ascii transfer process
 Binary transfer process

FTP - Installation
Page 113 / 121
 Enabling PHP Pages for Apache web server
 FTP daemon is known as vsftpd
(Very Secured File Transfer Protocol
Daemon)
 To Implement ftp this vsftpd package
need to be installed using any of the
software installation methods
 E.g.: type at the shell prompt zypper in
–y vsftpd
 This command will install the package
provided that the repository is
correctly configured and populated.
 Use the command zypper se vsftpd to
check and ensure that vsftpd package
has been installed
 See at the screen shots at the right.

FTP - Configuration

Page 114 / 121

 For smoother performance VSFTPD
installation and configuration should be
preceded by appropriate installation of
DNS and httpd service.
 FTP main configuration file is
/etc/vsftpd.conf
 Settings in this file is what the daemon
vsftpd reads in other to know how it
should operate, when it is called by the
systems at
/usr/sbin/vsftpd, or
/etc/init.d/vsftpd or
/etc/xinetd.d/vsftpd
 This main configuration file contains a
number of options which are in sections
depending on their configured values
determines the shape of operation of the
ftp service.
 See the right hand side screen shot

Page 115 / 121

 Enabling PHP Pages for Apache web server
Some FTP configuration objectives

 Allow anonymous access to

ftp site
 Allow Local users only to
access ftp site
 Allow user access their
home directories chrooted
 Allowing / disallowing
users to write into ftp site
 Enhancing security on the
site
Page 116 / 121
 Anonymous user access
The default vsftpd.conf, once it is started with  anonymous_enable=YES
the commands chkconfig vsftpd on and
rcvsftpd start; is enough to run the ftp site this option enables anonymous user access
for anonymous user ID access, but only
read permission is available  anon_world_readable_only=YES
 The section on Anonymous ftp (vsftpd.conf) anonymous user can only download files which are world
can be used to make adjustments on how readable
Anonymous users can access the ftp site.
Other sections can be left untouched  anon_upload_enable=YES
anonymous user can upload file if upload is allowed
globally
 anon_umask=022
umask for anonymous users can be changed to this
 anon_mkdir_write_enable=YES
enable anonymous user to create directories
 anon_other_write_enable=YES
enable anonymous user do other things like file renaming
 chown_uploads=YES
 chown_username=whoever
uploaded files ownership changes to anything but not the
root
 anon_max_rate=7200
Page 117 / 121
 Enabling PHP Pages for Apache web server
maximum data transfer rate permitted for
ananymous user in bytes/sec
Local Users only

Page 118 / 121

 The section is used to enable or adjust settings for local
(localhost users IDs) access to the ftp site
 Note that options here do not override the options
settings that relate to them in the general settings
 anonymous_enable=NO
this disables anonymous access
 local_enable=YES
this enables
local users
access to the ftp
site

 local_umask=022
most commonly used umask for local users . Default is 077
 chroot_local_user=YES
local users are chrooted to their home directory
 chroot_list_enable=YES
explicit list of users to chroot their home directories enabled
 chroot_list_file
=/etc/vsftpd.chroot_list
 local_max_rate=7200
maximum data rate permitted for the local user in bytes/sec

Allowing / disallowing write access to ftp

 Setting affecting write access include options in general,
anonymous, local, security sections
 The options involved are at the right hand side
 write_enable=YES
this is in general section. Before any write access can be
allowed for any user
this option must be
enabled

 local_umask=022
this is a umask file permission setting for local users
 anon_upload_enable=YES
this enables anonymous user to upload file, but subject to write_enable
general option
 anon_mkdir_write_enable=YES anonymous user is allowed to create
directories
 anon_other_write_enable=YES allow anonymous user to rename or
move files
 chown_uploads=YES
 chown_username=whoever allow file owner change when
anonymous user uploads file

Skills for a better destiny 120