introduction to linux (unix). the hardware –the cpu, memory, and i/o devices the operating system...

Introduction to

Linux (Unix)

Computer System

• The Hardware– the CPU, memory, and I/O devices

• The Operating System– controls and coordinates the use of hardware among the

various application programs for the various users• The Application Programs

– defines the ways in which resources, such as word processors, spreadsheets, and compiles, are used to solve the computing problems of the users.

• The Users– you and me

Operating System

• It provides an environment within which other programs can do useful work

• The OS is a resource allocator by managing the system resources and allocating them to programs and users as needed

• The OS is a control program by controlling the execution of user programs to prevent errors and improper use of the computer

Standard Of OS

ALL reasonably sophisticated operating systems are the same in that they all provide "standard" features that more or less define the purpose of an OS:

• Hardware-level I/O • Job control • Memory management • Task switching • Utilities for management

Unix Evolution

• In 1965 Bell Labs joined with General Electric and MIT to create a new operating system to be called “Multics” (Multiplexed Information and Computing Service)

• In 1969 AT&T, the parent to Bell Labs, withdrew from the Multics project and went with an existing GE OS called “GECOS”

• The researchers decided to fashion their own version of the Multics and that summer introduced “Unics” (UNiplexed Information and Computing Service) and then finally called “Unix”

Unix Evolution

• From 1969 to 1991 Unix went thru many revisions

• Other companies and universities introduced their own versions of the operating system such as HP-UX, BSD, AIX, IRIX, and Solaris

• In 1987 Professor Andrew S. Tanenbaum invents Minix, an open-source operating system that's a clone of Unix

Linux

• In 1991 Linux is introduced by Linus Torvald, a student in Finland

• The project that started as a hobby, became a full-fledged OS when Linus posted the source code at a bulletin board asking people for suggestions and improvements, which received an overwhelming response!

What is Linux

• Linux is an implementation of UNIX.

• Linux is completely Free under GPL (GNU Public License).

• First stable release: Linux kernel v1.0 in March 1994.• Stable kernel versions have even sub-version numbers

(1.2, 1.4, 2.0, 2.2, 2.4). Experimental versions have odd numbers (1.1, 1.3, 2.1, 2.3, 2.5).

Layers of a Linux System

User

Shells

UNIX OS kernel

Hardware

Access through user mode

Access through kernel mode

Linux Features

Free – no per-user licensing.

Stable – continuous uptime of one or more years is not uncommon for Linux installations.

Secure – primarily as a result of open peer review throughout its development.

Internet-ready – Linux was designed from the ground up as a network operating system.

Open – based on published standards and built for interoperability.

Linux Features

• Can run on 386 with 4MB RAM.

• Users don't have to upgrade hardware as often.

• “Obsolete" machines can be productive as terminals or even servers. (A 486 with 16MB RAM makes an excellent server or internet firewall for a home or small office.)

Linux Features

• Linux Support many File Systems e.g

autofs, ext, ext2, ext3, iso9660, minix, msdos, nfs,

vfat, xenix, etc.

• Easy to mount all the file systems in different paths.

File System

• A file is the basic component for data storage

• UNIX considers everything it interacts with as a file, even devices such as monitors

• A directory can contain other files and directories

• The tree-like structure for UNIX file systems starts at the root level

-Root is the file at this level, denoted by character “/”

Directory Structure

/

class etc dev

51223

daws3489mart2345

newfile myfile

Linux Distribution?

• Linux is just an operating system

• Does not include any applications, no word processors, games, programming languages, or even installers!

• Different people bundle different applications with Linux and call it a “Linux Distribution”

• Some distros cost $$$ (RedHat) while others do not (Debian)

Common Linux Distributions

• Red Hat

• Mandrake

• SuSE

• Caldera

• Turbo Linux

• VaLinux

How Linux is Different then Other OS?

• Several hardware platforms Support (Intel, Mac (68K and PPC), Alpha, MIPS, ...)

• Several users (or the same person more than once) can Work on the same machine at the same time. Each user can run several tasks.

• A secure file permission system. • Users cannot be allowed to affect each other or the OS. • User(s) must log in (id/password) before use. • Programs compiled to run on Linux do not run on

DOS/Windows. Some DOS and Windows programs can be run under Linux using emulators.

Some Linux Applications

• Graphical Environment - KDE/Gnome/IceWM, Others

• Browsers - Mozilla/Konqueror/ Netscape

• E-Mail - Kmail/Evolution

• Ftp Client - gftp

• Multimedia - XMMS/Xine/Cdparanoia/Cdrecord

• Security - iptables/ipchains

• Office Suite - OpenOffice/StarOffice/KOffice

• File Browser - Konqueror

• Editors - Joe, VI, Kwrite, Gedit, OpenOffice Writer

• Languages - C++, FORTRAN, Perl, Emacs, Php etc are build in Linux and can be upgraded with latest release available on net.

Where does Linux fit ?

• File and print serving in heterogeneous environments (Samba, Netatalk, NFS).

• Web serving (Apache).

• Proxy Server (Squid)

• Network infrastructure (DNS/DHCP, LDAP).

• Network security (fire walling, IP masquerading, NAT).

• EMAIL and NEWS SERVER (Internet Exchange, Sendmail, NNTP, list servers).

Disadvantages of Linux

• Flexibility can be intimidating:

• Complex installation - no "turnkey", minimal PnP.

• Most vendors won't pre-install onto a new computer.

• Many command options (but you can use a GUI instead).

• Never originally designed to be user-friendly.

• Can have significant learning curve moving from another OS:

• User must learn new commands and vocabulary.

• Different "look and feel" for both OS and some applications although current window managers can now emulate Windows “look and feel” if you wish.

• All file and command names are case-sensitive.

LINUX

INSTALLATION

Linux Installation

We break it down into 5 steps

1. Gather the recourses

2. Gather Hardware information

3. Prepare the hard drive

4. Perform the installation

5. Adding packages and customization

Gather the recourses

• A computer to install Linux on

Minimum: Pentium 166 MHz with 8MB RAM• Minimum 1GB Disk Space• A 8x speed CD-ROM• A Linux Distribution (RedHat, Debian,

Shackware etc..)• One 3.5” Floppy Disk

Gather Hardware Information

• Before installing Linux you need to have detailed information about your hardware. e.g. Mouse, Hard Drive, VGA Card, Monitor, Sound, Modem

• In Windows go to Control Panel > System > Deice Manager and record the information for each of the relevant device.

• Linux compatibility lists are available on the Distributor’s web site.

Preparing the Hard Drive

Creating a partition with enough free disk space for

Linux installation

• How data is stored on hard disk• Partitions• FIPS / Partition Magic to split a Windows

partition.

Problems

• Remove Hard Disk compression if present

• Norton’s Speeddisk is known to cause problems.

Turn it off / uninstall it. Turn it on after linux

installation.

• Remove windows Swapfile

RedHat Linux Installation

1. Insert bootable CD or bootable Floppy

2. Start computer

3. Select Installation Mode– Graphic (800x600x16-bit)– Text– LowRes Graphic– Linux rescue– Linux dd (to install third party driver)– expert


4. Select Language

5. Select Keyboard type

6. Select mouse type and options– emulate 3-button?

7. Select installation type– new install– upgrade existing system


8. Type of install– Workstation– Laptop– Server– Custom


• Workstation– Typically single user "client" system– Automatic partitioning– GUI Login (GNOME default)– All free space dedicated to Linux– Preserves any Windows install, multiboots– No server daemons installed


• Server– Multiuser, networked– Typical server daemons installed by default– No GUI installed– Takes ALL hard disk space (erases existing

partitions)– No multiboot


• Laptop– Similar to Workstation, but with PCMCIA support– Multiboot supported


• Custom– Mixed use, server and client if desired– Select any or all packages– Most flexible, but requires knowledge of package

choices– Single or multiboot


9. Partitioning Strategy– Automatic

• Partitions are– /– swap

– Manual, with Disk Druid– Manual, with fdisk


• Choose partitioning method– Remove all Linux partitions– Remove all partitions– Use existing free space, preserve existing non-

Linux partitions– RAID?


• Apply partitioning design (set up partitions)• Minimum partitions are

/ - for the root file system

swap- should be 2X RAM size• Setting up multiple file systems in separate

partitions permits greater control over use of available space


• /boot 250MB• swap should be 2X RAM size• / 5GB for RH-9 complete instllation• /home For users data (Optional)• /var For logs, mails etc (Optional)


10. Choose boot loader method– MBR (GRUB controls boot selection)– First sector of boot partition (lets other boot

loader manage choices)– GRUB may optionally be protected with a

password of your choice.


11. Configure Networking (LAN only)– DHCP (localhost.localdomain)

• No further configuration needed

– Static IP• Intranet (e.g., 172.16.0.1)• Routable (e.g., 198.168.49.214 is sonic)• Host name and domain name


• Static IP configuration– IP address– Netmask– Network address– Broadcast address– Hostname– Gateway– Primary DNS (maybe secondary, tertiary)


12. Firewall configuration• None

– all ports open in either direction

• Medium– inbound DNS, HTTP

• High– outbound only

• Customize– Choose port and packet type (TCP/UDP)– e.g., nntp:tcp


13. Language support– Choose additional languages for documentation, etc.

14. Choose Time zone– Clock may be set to GMT, with offset for local time– If you wish to change your time zone configuration after you have

booted your Red Hat Linux system, become root and use the /usr/sbin/timeconfig command.

15. Configure user accounts– Choose password for "root" account– Create at least one "ordinary" user so that typical tasks need not be

done as root– To become root from an ordinary user login, type su - at the

shell prompt in a terminal window and then press [Enter]. Then, enter the root password and press [Enter]. Type "exit" to return to original login.


16. Enable authentication– Make sure "shadow" and "MD5" are selected.– Enable MD5 passwords — allows a long password to be used (up

to 256 characters), instead of the standard eight characters or less. – Enable shadow passwords — provides a secure method for

retaining passwords. The passwords are stored in /etc/shadow, which can only be read by root.

– NIS is for networked Linux systems to share file systems– SMB is for file-sharing with Windows NT, 2000, XP network

systems– Kerberos and LDAP are additional authentication systems that

require appropriate server software.


17. Select packages– Carefully review and study package choices

before proceeding– Pick the minimum package set for your purposes

for a production server– Some server packages open up security holes in

the system


18. Begin install– Copying installation packages from CD's.– May take up to two hours

19. Configure video hardware– Automatic probing may provide choices for you– Have monitor information handy at this point


20. Create boot disk– Label the floppy "Red Hat Linux 7.3 Custom

Boot Disk"

21. Select monitor configuration22. Choose custom X configuration

– Color depth– Resolution

23. Select default boot mode (text or GUI)24. Finish installing, reboot system

Basic Linux Commands

Shortcut Commands

• / - root directory • ./ - current directory • ./command_name - run a command in the current directory• ../ - parent directory• ~ - home directory • $ - typical prompt when logged in as ordinary user • # - typical prompt when logged in as root or superuser • & - run a program in background mode• [Tab][Tab] - prints a list of all available commands. • x[Tab][Tab] - prints a list of all available completions for

a command, where the beginning is ``x'' • [Alt][Ctrl][F1] - switch to the first virtual text console • [Alt][Ctrl][Fn] - switch to the nth virtual text console. Typically, there

are six on a Linux PC system. • [Alt][Ctrl][F7] - switch to the first GUI console, • [ArrowUp] - scroll through the command history (in bash) • [Shift][PageUp] - scroll terminal output up. This also works at the

login prompt, so you can scroll through your boot messages.

• [Shift][PageDown] - scroll terminal output down

• [Ctrl][Alt][+] - switch to next X server resolution (if the server is set up for more than one

resolution)

• [Ctrl][Alt][-] - change to previous X server resolution

• [Ctrl][Alt][Del] - shut down the system and reboot

• [Ctrl]c - kill the current process

• [Ctrl]d logout from the current terminal

• [Ctrl]z - send current process to the background

Files Related Commands

1. cd to change directory2. ls To get a file list3. ls –a to list hidden files4. ls –l to list files permissions5. ls –al to list perm & hidden files6. ls –i to get I node no7. touch to create file8. mkdir to create Directory9. rm to delete a file10. Rmdir to delete a Directory11. cp tp copy files12. mv to move or rename files & Directories13. cat to see the content of a file14. more to see the content of a file15. less same as more

System Commands

• command --help Display help of command• man Manual• date Display or change the date & time • cal Display a calendar • pwd Print Working Directory • df Report filesystem disk space usage• echo Display message on screen • mount Mount a file system• eject Eject CD-ROM • fdformat Low-level format a floppy disk • locate Search for files

• free Display memory usage• ps Process status• kill Kill a process• top Show top Process• shutdown • shutdown –h now To shutdown system• shutdown –r now to restart system• shutdown –h t15 shutdown after 15 sec• adduser to add a new user• passwd change password• su switch user• who Print all usernames currently logged in • tail Output the last part of files

• last Display the last users logged on and how long.

• bg start a suspend process in background• fg start a suspend process in foreground• & At the end of the command makes it run

in the background. • kill Kill a process• pstree Display the tree of running processes• fsck Used to repair a filesystem.

Must not be run on a mounted file system• mke2fs Create a Linux second extended filesystem.• mkswap Sets up a Linux swap area on a device or file.• hostname Used to show or set the name of the computer• Pine E-mail Client• lynx Internet Browser

WildcardInput / Output Redirector

& Pipes

Wildcards

Another way that bash makes typing commands easier is by enabling users to use wildcards in their commands. The bash shell supports three kinds of wildcards:

* matches any character and any number of characters.

? matches any single character.

[…] matches any single character contained within the brackets

*

The * wildcard can be used in a manner similar to command-line completion. For example, assume the current directory contains the following files

/etc/hosts /etc/host.conf /etc/hosts.allow …

ls /etc/h<tab><tab>

Or

ls /etc/h*

?

The ? wildcard functions in an identical way to the * wildcard except that the ? wildcard only matches a single character. For example, a directory contains the following files

ch1.doc ch2.doc ch3.doc ch4.doc chimp config

ls ch?.doc

[…]

The […] wildcard enables you to specify certain characters or ranges of characters to match. To print all of the files in the example with the .doc extension using the […] wildcard, enter one of the following two commands: ch1.doc ch2.doc ch3.doc ch4.doc chimp config ls ch[123].doc

ls ch[1-3].doc

Input Redirection

Input redirection changes the source of input for a command. When a command is entered in bash, the command is expecting some kind of input in order to do its job

The input for these commands can be found in a file

wc test11 2 1

or

wc < test11 2 1

Output Redirection

Output redirection is more commonly used than input redirection. Output redirection enables you to redirect the output from a command into a file, as opposed to having the output displayed onscreen.

The input for these commands can be found in a file

ls /etc > list.txt

Pipes

Pipes (often called pipelines) are a way to string together a series of commands 1. Output from the first command in the pipeline is used as the input to the second command in the pipeline. 2. The output from the second command in the pipeline is used as inputto the third command in the pipeline 3. The output from the last command in the pipeline is the output that actually displays onscreen (or is put into a file)

cat sample.text | grep “High” | wc -l

This pipeline takes the output from the cat command (which lists thecontents of a file) and sends it into the grep command. The grep command searches for each occurrence of the word “High” in its input. The grep command’s output then consists

Pipesof each line in the file that contains the word “High.” This output is then sent to the wc command. The wc command with the -l optionprints the number of lines contained in its input.

To show the results on a real file, suppose the contents of sample.text appeared as follows:

Things to do today:Low: Go grocery shoppingHigh: Return movieHigh: Clear level 3 in Alien vs. PredatorMedium: Pick up clothes from dry cleaner The pipeline then returns the result 2

cat sample.text | grep “High” | wc -l2

Linux Text Editors

Text Files

• Most bioinformatics work involves messing around with text files.

• DNA and protein sequences, databases, results of similarity searches and multiple alignments are all stored on the computer as ordinary ASCII text files.

• To read, write, and edit these text files you must get familiar with a Text Editor program

What is a Text Editor?

• A text editor is like a word processor on a personal computer, except that it does not apply formatting styles (bold, italics, different fonts etc.).

• Unix has line editors (view and edit one line at a time) and full screen editors.

• A screen editor loads an entire document into a buffer - allows you to jump to any point in the document.

Unix Text Editors

• There are many different text editors available for Unix computers

Graphical (X-Windows) Text Editors

• gedit – (click on Gnome-footprint > programs >

applications > gedit) • kedit

– (click on Gnome-footprint > KDE menus > applications > Text Editor)

• kwrite – (click on Gnome-footprint > KDE menus >

applications > Advanced Editor)

Console Text Editors

• emacs - screen based (but not X-windows) editor

• vi - visual editor (screen based but not X-windows) editor

• pico - screen based (but not X-windows) editor

• ed - basic/crude line editor,

Emacs

• The full name of the Emacs program is: "GNU emacs, the Extensible, Customizable, Self-Documenting, Real-time Display Editor.”

• Emacs is free software produced by the Free Software Foundation (Boston, MA) and distributed under the GNU General Public License.

Starting emacs

• To start Emacs, at the > command prompt, just type: emacs

• To use Emacs to edit a file, type: emacs filename

(where filename is the name of your file)

• When Emacs is launched, it opens either a blank text window or a window containing the text of an existing file.

The Emacs Display

• The display in Emacs is divided into three basic areas.

• The top area is called the text window. The text window takes up most of the screen, and is where the document being edited appears.

• Below the text window, there is a single mode line (in reverse type). The mode line gives information about the document, and about the Emacs session.

• The bottom line of the Emacs display is called the minibuffer. The minibuffer holds space for commands that you give to Emacs, and displays status information.

Emacs Commands

• Emacs uses Control and Escape characters to distinguish editor commands from text to be inserted in the buffer.

Control-x means to hold down the control key, and type the letter x.

(You don't need to capitalize the x, or any other control character)

[ESCAPE] x means to press the escape key down, release it, and then type x.

Save & Exit

• To save a file as you are working on it, type:Control-x » Control-s

• To exit emacs and return to the Unix shell, type: Control-x » Control-c

If you have made any changes to the file, Emacs will ask you if you want to save:

Save file /u/browns02/nrdc.msf? (y,n,!,.,q,C-r or C-h)

• Type “y” to save your changes and exit• If you type “n”, then it will ask again:

Modified buffers exist; exit anyway? (yes or no)• If you answer “no”, then it will return you to the file,

you must answer “yes” to exit without saving changes

Moving Around

The arrow keys on the keyboard work for moving around one line or one character at a time.

Some navigation commands:

• Move to the Top of the file: [Esc] <

• Move to the End of the file: [Esc] >

• Next screen (page down): Ctrl-v

• Previous screen (page up): [Esc] v

• Start of the current line: Ctrl-a

• End of the current line: Ctrl-e

• Forward one word: [Esc] f

• Backward one word: [Esc] b

Type Text

• Once you move the cursor to the location in the file where you want to do some editing, you can just start typing - just like in an ordinary word processor.

• The delete key should work to remove characters and inserted text will push existing text over.

Cut, Copy, and Paste

• You can delete or move blocks of text.– First move the cursor to the beginning (or end)

of the block of text.– Then set a mark with: Ctrl-spacebar– Now move to the other end of the block of text

and Delete or Copy the block:• Delete: Ctrl-w• Copy: [Esc] w

– To Paste a copied block, move to the new location and insert with : Ctrl-y

Getting Help in Emacs

• Emacs has a built in help feature– Just type: Ctrl-h– To get help with a specific command,

type: Ctrl-h k keys(where “keys” are the command keys that you type for

that command)

• Emacs has a built in tutorial: Ctrl-h t• this will be the primary exercise for this week’s

computer lab.

vi

• vi is pronounced "vee-eye." • It is found on almost all Unix and Linux

systems. • vi has two basic modes:

– Command Mode– Text Insert Mode

• To run vi just type on command prompt

vi or vi filename

Movement

KEY EFFECT Left Arrow Move one character left Down Arrow Move down one line Up Arrow Move up one line Right Arrow Move one character right

or h Move one character left j Move down one line k Move up one line l Move one character right 0 Move to beginning of current line

(Note: this is “zero” key)

$ Move to end of current line

KEY EFFECT i Insert text o Insert line below cursor A Append at end of line esc Command mode : Invoke “ex” command r Replace character cw Change word x Delete character dw Delete word dd Delete line

Command format is normally[count] command [where]

• count number of times to repeat a command (optional) • command the actual command • where how much to act on or where to take the cursor

depending on the command (optional) • Examples

• 23xDelete 23 characters

• 25ddDelete 25 lines

• d$Delete from current position to the end of the line

You access these command by hitting “:” in command mode ex commands provide one way of getting out of vi

• :wqWrite any changes and quit

• :qQuit (will only do so if no changes)

• :q!Quit without saving changes

KEY EFFECT p Put (paste) contents of buffer yw Yank (copy) word yy Yank (copy) line u Undo last command . Repeat last command U Undo all changes to line d$ Delete to end of line C Change text to end of line J Join lines

KEY EFFECT

/ pattern Search forward for pattern

? pattern Search backward for pattern

n Repeat search in same direction N Repeat search in opposite direction

Keystroke Purpose

^B Scroll backwards one page. A count scrolls that many pages.

^D Scroll forwards half a window. A count scrolls that many lines.

^F Scroll forwards one page. A count scrolls that many pages.

^H Move the cursor one space to the left. A count moves that many spaces.

^J Move the cursor down one line in the same column. A count moves that many lines down.

^M Move to the first character on the next line.

^N Move the cursor down one line in the same column. A count moves that many lines down.

^P Move the cursor up one line in the same column. A count moves that many lines up.

^U Scroll backwards half a window. A count scrolls that many lines.

$ Move the cursor to the end of the current line. A count moves to the end of the following lines.

Keystroke Purpose

% Move the cursor to the matching parenthesis or brace.

^ Move the cursor to the first non-whitespace character.

( Move the cursor to the beginning of a sentence.

) Move the cursor to the beginning of the next sentence.

{ Move the cursor to the preceding paragraph.

} Move the cursor to the next paragraph.

| Move the cursor to the column specified by the count.

+ Move the cursor to the first non-whitespace character in the next line.

- Move the cursor to the first non-whitespace character in the previous line.

_ Move the cursor to the first non-whitespace character in the current line.

0 (Zero) Move the cursor to the first column of the current line.

B Move the cursor back one word, skipping over punctuation.

E Move forward to the end of a word, skipping over punctuation.

G Go to the line number specified as the count. If no count is given, then go to the end of the file.

Keystroke Purpose

H Move the cursor to the first non-whitespace character on the top of the screen.

L Move the cursor to the first non-whitespace character on the bottom of the screen.

M Move the cursor to the first non-whitespace character on the middle of the screen.

W Move forward to the beginning of a word, skipping over punctuation.

b Move the cursor back one word. If the cursor is in the middle of a word, move the cursor to the first character of that word.

e Move the cursor forward one word. If the cursor is in the middle of a word, move the cursor to the last character of that word.

h Move the cursor to the left one character position.

j Move the cursor down one line.

Keystroke Purpose

k Move the cursor up one line.

l Move the cursor to the right one character position.

w Move the cursor forward one word. If the cursor is in the middle of a word, move the cursor to the first character of the next word.

~ Switch the case of the character under the cursor.

< Shift the lines up to where to the left by one shiftwidth. "<<" shifts the current line to the left, and can be specified with a count

> Shift the lines up to where to the right by one shiftwidth. ">>" shifts the current line to the right, and can be specified with a count

J Join the current line with the next one. A count joins that many lines.

LINUX FILE SYSTEM

File System

• File System is developed for • create/store/load/delete/seek file on media

• Media example• Magnetic Media

• Tape

• Floppy disk

• Hard disk

• Optical Media• Cdrom

• Dvd

File System of OS

• File system of Windows OS

• Windows 98 and Windows ME

• Support FAT16, FAT32

• Windows 2000

• Support FAT16,FAT32, NTFS

• Windows XP

• Support FAT32, NTFS

File System Structures

• Files - store the data• Directories - organize files• Partitions - separate collections of

directories (also called “volumes”)– all directory information kept in partition– mount file system to access

Diff between Linux and Win File System

Characteristic Windows LinuxFile System NTFS, FAT ext2,ext3

Reference Root of each partition point

Each partition is mount under a drive letterEx. C:, D:, F:

Each partitions is mounted under /

File Extensions Files are recognized by file extensions.Ex. Abc.txt, tmp.exe

No File Ext

Case Sensitive No Yes

File System in Linux

• File System in Linux is divided into 2 type

• Linux Swap

is used in virtual memory system

• Linux File System

• is used to store file

• there is various type of file system

• ext2 ( is first introduced in kernel 2.0.x )

• ext3 ( is first introduced in kernel 2.4.x )

Basic File System Concepts

• Every Linux filesystem implements a basic set of common concepts derived from the Unix operating system

• Files are represented by inodes (information nodes)• Directories are simply files containing a list of

entries, so a directory is represented by an inode as well

INODE

• Each file is represented by a structure, called an inode• An ``inode'' (information node) contains all the

information about a file (except file data), Each inode contains the description of the file: – file type– access rights– owners– timestamps– size– pointers to data blocks

• The inode also contains the locations of all the data that make up a file so the operating system can collect it all when needed. The only information the inode does not contain is the name of the file and the contents.

• Directories contain the actual filenames.• Blocks pointed to by the inode contain the actual data

Directories

• Directories are implemented as a special type of file• A directory is a file containing a list of entries• Each entry contains an inode number and a file name• When a process uses a pathname, the kernel code

searches in the directories to find the corresponding inode number

• After the name has been converted to an inode number, the inode is loaded into memory and is used by subsequent requests

i-nodeData blocks

• Anatomy of an inode

The Extended File System

• The ext fs supports standard Unix file types: – regular files– Directories– device special files– symbolic links (Shortcuts)

• Ext fs is able to manage filesystems created on really big partitions up to 4 TB

• Ext fs provides long file names. The maximum file name size is 255 characters

• Ext fs reserves some blocks for the super user (root)– This allows the administrator to recover easily

from situations where user processes fill up filesystems

SuperBlock

• One special data block, the ``superblock'', contains overall information about the filesystem, just as the inode contains information about a specific file. The superblock contains the information necessary to mount a filesystem and access its data, including the size of the filesystem, the number of free inodes, and information about free space available.

File System Consistency

• When a filesystem such as ext fs is mounted it checks a flag in the superblock to determine the consistency of the filesystem

• When an ext fs system boots it sets this consistency flag to Not Clean

• When an ext fs system shuts down normally it sets the consistency flag to Clean

• If the system boots and discovers the consistency flag is Not Clean, as could happen in a system crash, it runs fsck (file system check) to search for errors in the files system

Disk layout in classical UNIX systems

UNIX File system Hierarchy

/ (root)

bin var devusrrootbootetchomesbin

scott bobalice

public_html

mail

bin sbin local lib

man lib sharebin

lib

tmp

srcn321

• In the root directory there are a number of folders. The names of these folders, what they are expected to contain

/bin

• The /bin directory contains commands that may be used by users or system administrators

• A command is a small executable file

• This directory is available when the system starts up

/boot

• This is the directory where the Linux kernel is stored

• It contains everything that is required for the boot process except configuration files

/dev

• To Linux all devices are considered to be files• For any device, such as a CDROM or a Video display

Card, there must be a corresponding file in this directory

• Examples of device files would be:

/dev/cdrom for the CDROM

/dev/fd0 for the first floppy disk

/dev/hda1 for the first IDE hard disk

/dev/sda1 for the first SCSI hard disk

• Some devices are mounted when the system boots and some must be manually mounted

/etc

• This directory contains configuration files and directories for the current system

• Linux is well known for the fact that its configuration files are plain text files (rather than the bizarre registry database of Windows)

• Every Linux program is expected to store its configuration in this directory or a subdirectory of this directory

/home

• This directory stores all files belonging to the multiple users who have accounts on the system

• If user name is “abc” then the home directory of this will be /home/abc

/initrd

• Stands for initial ram disk• A ram disk is an area of memory that acts as if it is a

disk device (very fast, but not very permanent!)• During the boot process a ram disk is created and

mounted in this directory• The kernel can then use this ram disk which usually

contains device drivers needed during the boot process

• Without this directory RedHat Linux will not boot• Once the boot process is complete the ram disk is

unmounted

/lib

The system libraries needed for the following are found in this directory:

1. to boot the system

2. for commands found in /bin

3. For commands found in /sbin• Libraries for user applications are likely to be

found in /usr/lib

/lost+found

• If Linux system crash, the program fsck

(file system check) will be run when the system reboots

• If any files are found to be corrupted or damaged in some way then they are placed in this directory

/mnt

• This is the default directory to which temporary filesystems (such as CD-ROMs and Floppy Disks) are mounted

• To mount a CDROM you would give the command:

mount /mnt/cdrom

• The result will be a directory called cdrom in the mnt directory

• This cdrom directory will contain the filesystem of the CDROM

/opt

• This directory is inherited from early versions of

UNIX

• Applications that did not come with the operating

system were installed here (they are optional

applications)

/proc

• This is a virtual filesystem, containing process information• The files in this directory or its sub-directories are neither text

or binary• Most of the files have a length of zero (0)• Yet when the file is viewed, it can contain quite a bit of

information.• Both applications and system administrators can use /proc

as a method of accessing information about the state of the kernel, the attributes of the machine, the state of individual processes, and so on.

• For example, cat /proc/meminfo will present information on the memory used by Linux

/root

• The root user does not get a home directory (/home/root)

• Instead, a directory in the root filesystem is created as the home directory for the system administrator

/sbin/sbin

• Root-only commands and utilities used for system administration are stored in /sbin, /usr/sbin, and /usr/local/sbin

• /sbin also contains binaries essential for booting, restoring, recovering, and/or repairing the system

• Root-only commands that are run after /usr is mounted are placed in one of the /usr/sbin directories

/tmp

• Programs that require temporary files store them here

• This directory may be cleared out every time the system boots up

/var

• This directory contains variable data files• This includes spool directories, administrative and

logging data, and transient and temporary files• The directory /var/log contains log files generated by

the web server, ftp server, and boot process along with any other application that creates a log file

• /var can be located on other partitions or filesystems

/usr

• This directory contains user binary files such as the applications you would use

• This directory contains shareable, read-only data

• /usr can be located on other partitions or filesystems

/usr t q bin t q dict t q etc t q games t q i386-glibc21-linux t q include t q kerberos t q lib t q libexec t q local t q lost+found t q sbin t q share t q src t q tmp m q X11R6

• /usr/bin• This is the primary directory for executable

commnads on the system• /usr/include• This is where all of the system’s general-use include

files for the C programming language are placed• /usr/lib• Object files, libraries, and internal binaries that would

be linked into C programs are placed here• /usr/sbin• Non-essential binaries used exclusively by the system

administrator are stored here

Network File System(NFS)

Introduction

Sun Microsystems, Inc. defined a remote file access mechanism that has become widely accepted throughout the computer industry, known as NFS.

The mechanism allows a computer to run a server that makes some or all of its files available for remote access, and allow applications on other computers to access those files.

Remote File Access Vs Transfer

When an application accesses a file that resides on a remote

machine, the program’s operating system invokes client software

that contacts a file server on the remote machine and performs the

requested operations on the file.

Unlike a file transfer, the application’s system does not retrieve

or store an entire file at once; instead, it requests transfer of one

small block of data at a time.

File Access Among various Computers

In addition to the basic mechanisms for reading file protections, and translate information among the presentations used on various computers.

Because a remote file access service connects two machines, it must handle differences in the way the client and server systems name files, denote paths through directories, and store information about files.

The files access software must accommodate differences and writing files, a file access service must provide ways to create and destroy files, peruse directories, authenticates requests, honor in the semantics interpretation of file operations.

Stateless Servers

The NFS design stores state information at the client site, allowing servers to remain stateless.

Because the server is stateless, disruption in service will not affect client operation.

A client will be able to continue file access after a stateless server crashes and reboots; the application program, which runs on the client system, can remain unaware of the server reboot.

Because a stateless server does not need to allocate resources for each client, a stateless design can scale to handle more clients than a stateful design.

+

NFS and UNIX File Semantics

The NFS designers adopted UNIX file system semantics when defining the meaning of individual operations.

Understanding the UNIX file system is essential to understanding NFS because NFS uses the UNIX file systems terminologies and semantics.

It honors the same open-read-write-close paradigm as UNIX, and offers most of the same services.

Like UNIX, NFS assumes a hierarchical naming system. It considers the file hierarchy to be composed of directories and files.

Diskless workstations

Ethernet

Lab1-1.tul.edu Lab1-2.tul.edu Lab1-3.tul.edu

Lab1-4.tul.edu

NFS Server

DISK

NFS File Modes

NFS assumes that file or directory has a mode that specifies its type and access protection.

The definitions and meaning of bits in the NFS mode integer is very similar to that of UNIX.

Although NFS defines file types for devices, it does not permit remote device access (e.g., a client may not read or write a remote device)

NFS Client and Server

An NFS file server runs on a machine (which has large disks) that has a local file system.

An NFS client runs on an ordinary machine and access the files on machines that run NFS servers.

When an application program calls open to obtain access to a file, the OS uses the syntax of the path name to choose between local and remote file access procedures.

If the path refers to a local file, the system uses the computer’s standard file system software to access the file; If the path refers to a remote file, the system uses NFS client software to access the remote file.

NFS Client and UNIX

In UNIX, the mount mechanism construct a single, unified naming

hierarchy from individual file systems on multiple disks.

UNIX implementation of NFS client code use an extended version of

the mount mechanism to integrate remote file systems into the naming

hierarchy along with local file systems.

The main advantage of using the mount mechanism is consistency: all

file names have the same form.

An application program cannot tell whether a file is local or remote

from the name syntax alone.

Diskless workstations(Logical view)

ws1:/ ws2:/ ws3:/

Ws4:/

NFS Server's disk:/

ws4 ws3ws2ws1

.

.

.

.

.

.

.

.

.

.

.

.

Several workstations with NFS

Ethernet

Lab1-1.tul.edu.pk Lab1-2.tul.edu.pk Lab1-3.tul.edu.pk

Lab1-4.tul.edu.pk

NFS Server

DISK

Several workstations with NFS(Logical view)

Lab1-1:/

etc home usr ...

Lab1-2:/

etc home usr ...

Lab1-3:/

etc home usr ...

NFS Server's disk:/

etc home usr ...

abc asd xyz ...

Lab1-4:/

etc home usr ...

How does NFS work ? When a user is accessing a file, the kernel determines whether the file

is a local file or an NFS file. The kernel passes all references to local

files to the local file access module and all references to the NFS files

to the NFS client module

The NFS client sends RPC requests to the NFS server through its

TCP/TP module, Normally, NFS is used with UDP, but newer

implementations can use TCP.

Then the NFS server receives the requests on port 2049.

Next, the NFS server passes the request through its local

file access routines,

How does NFS work ?which access the file on server’s local disk. After the server gets the results

back from the local file access routines, the NFS server sends back the

reply in the RPC reply format to the client.

while the NFS server is handling the client’s request, the local file

system needs some amount of time to return the results to the server.

During this time the server does not want to block other incoming

client requests. To handle multiple client requests, NFS servers are

multithreaded or there are multiple servers running at the same time.

Second, the same situation occurs in the client’s side. Some Unix systems

often use a technique similar to the NFS server: there are multiple biod’s

running on the client side to provide more concurrency of NFS requests.

How does NFS work ?

localfile

access

NFSclient

TCP/UDPIP

userprocess

NFSserver

TCP/UDPIP

localfile

access

port 2049

client kernel server kernel

localdisk

localdisk

RPC RPC

Client wants to access a file from server

How does RPC works ?

Client Process

Clientexecutes

ServerwaitsRPC

messageServer starts

Procedure call

Procedure return

Server executesprocedure

Call terminatesRPC returnmessage

Clientwaits

Clientcontinues

Server Process

OSI v.s. NFS

Application

Presentation

Session

Transport

Network

Link

Physical

NFSMOUNT

PORT MAPPERNIS(Network Information System)

XDR (eXternal Data Representation)

RPC (Remote Procedure Call)

TCP, UDP

IP

Ethernet

OSI Model NFS Protocol Layers

OSI v.s. NFS

NFS is a protocol in the application layer. It works with some protocols.

• The mount protocol provides the method of validation and permission

checking and initiates the root file handle for client.

• The port mapper protocol provides the current server port number

to the client that needs to access the specific server program.

• NIS is usually implemented with NFS. It provides a convenient way

User can login with the same user name and password to all the

OSI v.s. NFS

machines in the same NIS group.

• NFS and all related protocols are using the service provided by RPC.

All NFS requests and replies are in the format specified by RPC.

• XDR is the standard for encoding data in RPC.

NFS and RPC requests can be used with both UDP and TCP,

• NFS was designed to be independent from transport layer.

That means NFS can use on top of many transport protocols.

However, in this class we interested in TCP and UDP only.

File Handles

How does a server know which file/directory the client needs to access?There is a data structure that is called the File Handle.

The File handle is created by the NFS server and it is a unique reference to the specific file or directory on the NFS server itself.

This FH is passed to the client at the first time the NFS client contacts the NFS server. The process of first contact is called the Mounting process.

The top directory of the NFS server file system is called the root of the mounted file system. So, when the client mounts the server file system, the client will get a file handle of the root file system from the server.

File Handles

• FH is opaque to the client. This means the client does not do

anything with the FH. The client only sends it back to the server

when it wants to access that file/directory. • And the server can know from the file handle which file/dir the

client needs to access.• With the FH, the client does not need to know how the NFS server

specifies the path name. And the other important point is that the

server doesn’t need to keep track of what is the current access

point of the client.

volume ID inode # generation #

Example of File HandlesSuppose :client needs to cat the file sub2/myname.txt under the current directory

What is the attributeof current

dir(9925949) ?These are attributesof 9925949

What is FH of "sub"in 9925949 ?

FH of sub is 7656838

What is FH of "myname.txt"in 7656838 ?

FH of myname.txtis 7657235

What is the attribute of7657235 ?

.

.

.

NFS Client NFS Server

Idempotent Procedures

Suppose :client needs to remove the file sub2/myname.txt

Remove OK

Here is the attr andcontent of 7656838

Remove "myname.txt"from 7656838

NFS Client NFS Server

Remove "myname.txt" from7656838 (retransmitted)

Error : No such file or dir

What is the attribute of7656838 (dir 856) ?

Idempotent Procedures

• Can be executed more than once by the server and still return the same result

• Stateless protocol requires idempotent operation• How to makes all NFS requests idempotent:–Server records recently performed operations in

cache–Server checks in cache for duplicate requests–Server returns the previous result if it is a duplicate

Should NFS use TCP or UDP ?

• From the beginning, NFS used UDP–Most NFS systems were on LAN–High overhead if using TCP

• Currently, NFS across WAN needs TCP–Reliability and congestion control–Both sides set TCP’s keep alive option–If server crashes, client opens new TCP connection–If client crashes, server will terminate the

connection after the next keep alive probe

How does RPC different from local procedure call ?

• Error handling:–failures of the server or network must be handled

Performance:–slower than local procedure calls

• Authentication:–RPC can be transported over insecure networks

Port Mapper

Airport Entrance

Terminal A

Terminal B

Term

inal

C

Term

inal

D

Terminal E

Terminal F

US109 to Akron

Port Mapper

Airport Entrance

Terminal A

Terminal B

Term

inal

C

Term

inal

DTerminal E

Terminal FFlight schedule

US109 to AkronFlight Departure timeDestinationGate

DE427 6:15 AMCincinnati E8

US109 7:40 AMAkron OH B5

US278 4:35 PMDetroit MI C9UA0097 6:00 PMLAX CA D12

Port Mapper/RPCBIND

ClientProcess

Client Kernel Server Kernel

Port Mapper

userprocess

userprocess

ServerProcess

userprocess

(1)register

at start

(2) get port# RPC request

(3) RPC reply with port#

(4) RPC call (request)

(5) RPC reply message

Files Permissions

Files

We're going to look at • file types

UNIX recognizes a number of types. • magic numbers

How different normal files can be distinguished • file attributes

Information stored about files • file protection

How access to files is restricted.

File types

UNIX stores information in byte-oriented files. UNIX recognizes a number of different file types. You can view the different types of files with ls -l

[root@lab1 home]# ls -l /home /dev/null /etc/passwddrwxr-xr-x 11 root root 1024 Feb 7 1996 /homecrw-rw-rw- 1 root root 1, 3 May 6 1998 /dev/null-rw-r--r-- 1 root root 669 Dec 30 15:49 /etc/passwd

[root@lab1 home]# ls -l /dev/hda1brw-rw---- 1 root disk 3, 1 May 6 1998 /dev/hda1

[root@lab1 home]# ls -l /etc/X11/Xlrwxrwxrwx 1 root root 29 Jan 26 1998 /etc/X11/X -> ../../usr/X11R6/bin/XF86_SVGA

File types

The first letter indicates file type.

File Type Meaning Example

- a normal file /etc/passwd

d a directory /

l symbolic link /dev/modem

b block device file /dev/hda

c character device file /dev/tty1

Access Permissions

• Limiting unauthorized access to your directories and files is a very important concern for ALL Linux (Unix) users.

• Consequences of Unauthorized Access:– Copying your assignments (cheating)– Using your account for illegal activity– Using your account to send obscene messages– Tampering with files

File Protection

UNIX achieve this by • specifying three valid file operations

Read, write and execute • dividing users into three groups

user - person who owns the filegroup - group who owns the fileother - everybody else

• allow the owner to specify valid operations for each group

File Operations

The meaning of a file operation is different if applied to a file or a directory.

Operation

Effect on a file Effect on a directory

read read the contents of the file

find out what files are in the directory, e.g. ls

write delete the file or add something to the file

be able to create or remove a file from the directory

execute

be able to run a file/program

be able to access a file within a directory

File Permissions

Every file has file permissions

[root@lab1]# ls -l / /etc/passwd /home/test/teachingdrwxr-xr-x 19 root root 1024 Dec 8 15:54 /-rw-r--r-- 1 root root 669 Dec 30 15:49 /etc/passwd

drwxrwxrwx 10 test test 1024 Dec 24 23:18 /home/test/teaching

They specify which operations each group can perform.

File Permissions

File Permissions Description

/ drwxr-xr-x file type => directoryuser/owner (root) => read, write and executegroup (root) => read and executeother => read and execute

/etc/passwd -rw-r--r-- file type => normal fileuser/owner (root) => read and writegroup (root) => readother => read

/home/test/teaching/ drwxrwxrwx file type => directoryuser/owner (test) => read, write and executegroup (test) => read, write and executeother => read, write and execute

Numeric and Symbolic Permissions

UNIX actually stores permissions as numbers. But humans generally don't do numbers well. The nice commands (like ls, stat) change them to symbolic. A Systems Administrator needs to be able to translate from one to the other.

Symbolic Permissions

Following table summarizes the valid symbols.

Symbol Meaning

r read

w write

x execute

Numeric Permissions

Each symbolic permission has a numeric equivalent. Summarized in the following table. These are actually octal numbers

Symbol Numeric equivalent

r 4

w 2

x 1

Doing the conversion

Doing a conversion from symbolic to numeric (e.g. rwxr--r-x) • split symbols into three user groups

user - rwxgroup - r--other - r-x

• replace symbols with numeric equivalent and adduser - rwx = 4 + 2 + 1 = 7group - r-- = 4 other - r-x = 4 + 1 = 5

Doing the conversion

• bring them together to form the numeric permissionsrwxr--r-x = 745

Changing file permissions

Command

Purpose

chmod

Change the file permissions for a file. Only the owner of a file can use it.

chgrp Change the group owner of a file. You can only change it to a group you belong to.

chown

Change the user owner of a file. Only root can use this.

Introduction to

Linux Shells

Computer Language

• Computers do not understand a thing we type• The language of computers is a language consisting

exclusively of numbers• What these numbers mean are determined by the

manufacturer of the CPU• The instruction set for a Pentium CPU is not the same

as the set for an IBM PowerPC CPU

Enter the Shell

• One of the features of Unix is that it can and has been ported to many different types of CPU

• Linux is a clone of Unix that works on Intel CPUs (i386) and beyond

• Regardless of the flavor of Unix you are using, once you are logged into the system in console mode, you are using a shell or command interpreter

• The shell is a program that responds to user commands either typed at the keyboard or read from a file

• These commands will work on most every version of Unix regardless of the CPU

• In the history of Unix there have been and still are a number of shells a user can choose from

Shell’s Tasks

It performs the following tasks

1. Wait for the user to enter a command 2. Parse the command line, 3. Find the executable file for the command This

can be a a shell function, a built-in shell command or an executable program.

4. If the command can't be found generate an error message

5. If it is found, fork off a child process to execute the command

6. Wait until the command is finished 7. Return to step 1

Common Shells

The Most Common Linux Shell

• The Bourne Shell• The Bash Shell• The C Shell• The TC Shell• The Korn Shell• The A Shell• The Z Shell

The Bourne Shell

• Bourse shell is the first Unix shell, its the grandfather of all modern shells

• It was written by Steve Bourne at AT&T• It is installed as /bin/sh• This is the only shell guaranteed to be on any Unix

system you might encounter• In many cases, however, you'll find that /bin/sh is not

a real Bourne shell• Instead it is a symbolic link to a more modern shell

that has backward compatibility with the Bourne shell.

• You won't find the Bourne shell being used much interactively these days

• It doesn't contain any of the fancy interactive features of newer shells

• But it remains immensely popular for scripts for two reasons: – it's a pretty fair scripting language, – it's available on every Unix box a script might find

itself being executed upon• Where the Bourne shell falls short scripting-wise,

other widely available utilities such as the AWK language interpreter (awk) and the stream editor (sed) are used within Bourne shell scripts.

The bash Shell

• The Bourne Again Shell (bash) is a product of the Free Software Foundation's GNU project

• It is backward compatible with the Bourne shell and contains all of the nicer features of both csh and ksh,

• This is the default Linux shell and is usually installed as /bin/bash with a symbolic link to /bin/sh (typing /bin/sh will invoke bash)

• On commercial Unix systems you may find that someone has installed it as /usr/local/bin/bash.

The C Shell

• The C shell was written by Bill Joy at the University of California at Berkeley

• His main intent for writing the C shell was to create a shell with C language-like syntax

• Its major enhancement over the original Bourne shell is its command history facility

• Despite the C language heritage, csh proved to be unsuitable for high-powered script programming

• The C Shell is usually installed as /bin/csh

The TC Shell

• A later effort, also involving William Joy, improved on C Shell by adding command line editing

• The result was the TC Shell (tcsh)• You can configure the editing for vi-like or emacs-

like modes• TC Shell is usually installed as /bin/tcsh and

sometimes symbolically linked to /bin/csh.

The Korn Shell

• The Korn Shell (ksh), a product of AT&T, was a successful attempt to provide the functionality of C Shell while using a Bourne Shell syntax and maintaining Bourne Shell backward compatibility

A to Z

• A Shell (ash) by Kenneth Almquist of Berkely is a lightweight Bourne Shell clone which you may find suitable for use on machines that are very tight on memory

• It's usually installed as /bin/ash and it may also have symbolic links to /bin/bsh and /bin/sh.

• The Z Shell (zsh) by Paul Falstad resembles the Korn Shell in many respects but has some extra features, including built-in spell checking

• It's usually installed as /bin/zsh. • Both ash and zsh are included with most Linux

distributions.

Shell Scripts

• When a command is entered into a shell it is compared to an internal (to the shell) set of commands

• If it is found then the shell executes the command• If it is not found then a search is conducted in the

user’s PATH for an executable file with the same name as the command

• Commands, either internal or external, can be stored in a (text) file

• A file of commands is called a shell script

The file /etc/shells contains a list of valid shells.

Secure Shell (SSH)

Basics

• Command line terminal connection tool• Secure connections over the Internet• Replacement for rsh, rcp, telnet, and others• Both ends authenticate themselves to the other end• Designed by Tatu Ylonen of Finland• Encrypting all transmitted confidential data

- Password- Binary Files- Administrative Commands

• Two version of Secure Shell (Not Compatible with each other) 1. Secure Shell (SSH) 2. Secure Shell version 2 (SSH2 or SecSh)

• Solve two acute problem in Internet - Secure remote tunnel logins - Secure file transfer

• Tunnel TCP Session over encrypted Secure Shell Connection

• Secure the communication of other applications and protocols without modifying the application

Encrypted SSH2 Tunnel

InternetInternet

SSH Server Mail ServerSSH Client

SSH TunnelSSH Tunnel

Replacement of RSH

SSH’s first use was as a replacement for rsh, the Unix remote shell

application. This tool allowed one to connect to a shell on a remote

machine.

The tool suffered from two major shortcomings.

1. Like telnet it sent all traffic in cleartext,

2. Secondly, the /etc/hosts.equiv and ~/.rhosts files listed trusted

machines and users; these could make rsh connections

without any further authentication.

If an attacker compromised any of these trusted hosts, they would

immediately get access to the rsh server with no more effort.

SSH encrypts all traffic, including the password or key authentication.

Features

Strong authentication.

Closes several security holes (e.g., IP, routing, and DNS spoofing). New authentication methods: .rhosts together with RSA based host authentication, and pure RSA authentication. Improved privacy.

All communications are automatically and transparently encrypted. RSA is used for key exchange, and a conventional cipher (normally IDEA, DES, ortriple-DES) for encrypting the session. Encryption is started before authentication, and no passwords or other information is transmitted in the clear. Encryption is also used to protect against spoofed packets.

Port Forwarding:Arbitrary TCP/IP ports can be redirected through the encrypted channel in both directions (e.g., for e-cash transactions).

Host Authentication: Never trusts the network. Minimal trust on the remote side of the connection. Minimal trust on domain name servers. Pure RSA authentication never trusts anything but the private key.

Shield against Spoofing:Client RSA-authenticates the server machine in the beginning of every connection to prevent trojan horses (by routing or DNS spoofing) and man-in-the-middle attacks, and the server RSA-authenticates the clientmachine before accepting .rhosts or /etc/hosts.equiv authentication(to prevent DNS, routing, or IP-spoofing).

.

Server Key The server program has its own server RSA key which is automatically regenerated every hour. This key is never saved in any file. Exchanged session keys are encrypted using both the server key and the server hostkey. The purpose of the separate server key is to make it impossible to decipher a captured session by breaking into the server machine at a later time; one hour from the connection even the server machine cannot decipher the session key. The server key is normally 768 bits.

Flexible Any user can create any number of user authentication RSA keys for his own use. Each user has a file which lists the RSA public keys for which proof of possession of the corresponding private key is accepted as authentication. User authentication keys are typically 1024 bits.

Easier to Use: No retraining needed for normal users; everything happens automatically,and old .rhosts files will work with strong authentication if administration installs host key files

Replacement of “R”Complete replacement for rlogin, rsh, and rcp

Why Should Use SSH

Currently, almost all communications on computer networks are done without encryption. As a consequence, anyone who has access to any machine connected to the network can listen in on any communication. This is being done by hackers, curious administrators, employers, criminals, industrial spies, and governments. Some networks leak off enough electromagnetic radiation that data may be captured even from a distance.

When you log in, your password goes in the network in plain text. Thus, any listener can then use your account to do any evil he likes. Many incidents have been encountered worldwide where crackers have started programs on workstations without the owner’s knowledge just to listen to the network and collect passwords.

Encryption and cryptographic authentication and integrity protection are required to secure networks and computer systems. SSH uses strong cryptographic algorithms to achieve these goals.

Ease of use is critical to the acceptance of a piece of software. SSH attempts to be *easier* to use than its insecure counterparts.

SSH is available for almost all Unix platforms, and commercial versions are available for Windows (3.1, 95, NT) and Macintosh

Encryption

Support of the strongest available encryption algorithms

• 3DES• CAST-128• Twofish• Blowfish• U.S.Advanced Encryption Standard (AES)

- 128 Bit

Encryption Methods

x-CAST-128-cbc

x-AES

x-ArcFour

x-TwoFish

xxBlowFish

-xIDEA

xx3DES

-xDES

SSH2SSH1Methods

SSH Transport Layer Protocol

client server

TCP connection setup

SSH version string exchange

SSH key exchange(includes algorithm negotiation)

SSH data exchange

termination of the TCP connection

SSH key background

• Old way: password stored on server, user supplied password compared to stored version• New way: private key kept on client, public key stored on server.

The serious problem with the password approach, whether used with telnet

or with ssh, is that the password you need to enter at the client end is stored

on the server. Even though it’s stored in an encoded form in /etc/passwd or

/etc/shadow, this password can be cracked with brute force once one has

access to that file. The difference with the public/private key split is that if

an attacker gets the public key stored on the server, that public key cannot

be used to get back into the server! Only the private key, kept on the client

only, can be used to get into a server with the public key.

RSA Authentication

RSA authentication is based on public key cryptography. The idea is that there are two encryption keys, one for encryption and another fordecryption. It is not possible (on human time scale) to derive the decryption key from the encryption key. The encryption key is called the Public key, because it can be given to anyone and it is not secret. The decryption key, on the other hand, is secret, and is called the Private key

RSA authentication is based on the impossibility of deriving the privatekey from the public key. The public key is stored on the server machinein the user's $HOME/.ssh/authorized_keys file. The private key is onlykept on the user's local machine, laptop, or other secure storage

How RSA Auth Works

When the user tries to log in, the client tells the server the public key that the user wishes to use for authentication. The server then checks if this public key is admissible. If so, it generates a 256 bit random number, encrypts it with the public key, and sends the value to the client.The client then decrypts the number with its private key, computes a 128bit MD5 checksum from the resulting data, and sends the checksum backto the server. (Only a checksum is sent to prevent chosen-plaintext attacksagainst RSA.) The server checks computes a checksum from the correct data, and compares the checksums. Authentication is accepted if the checksums match.

Overview Of Secure Shell

The software consists of a number of programs.sshd Server program run on the server machine. This listens for connections from client machines, and whenever it receives a connection, it performs authentication and starts serving the client. ssh This is the client program used to log into another machine or to executecommands on the other machine. "slogin" is another name for this program. scp Securely copies files from one machine to another. ssh-keygenUsed to create RSA keys (host keys and user authentication keys).

ssh-agentAuthentication agent. This can be used to hold RSA keys for authentication. ssh-addUsed to register new keys with the agent. make-ssh-known-hosts Used to create the /etc/ssh_known_hosts file.

SSH1 vs. SSH2

• Two Entirely Different Protocols• SSH1 uses Server and Host Keys to Authenticate • SSH2 only uses Host keys.• SSH2 encrypt different parts of the packet• SSH2 is more secure

Setting Up Secure Shell (SSH)

• Download the latest version follow the following steps.

• Decompress and unarcheve the software with the command.tar –zxf ssh-1.2.27.tar.gz

• Change your working directory so that you are in the root level of the Source code distribution.

cd ssh-1.2.27

• Run the configure program./configure

• Use the make command to compile the software. make

• When the process is finished, you will need to install the newly created binaries. During the installation process, the software will generate randomkeys to be used in the encryption process.

make install • Start new service by typing

service sshd start or /etc/rc.d/init.d/sshd startservice sshd stop or /etc/rc.d/init.d/sshd stopservice sshd status or /etc/rc.d/init.d/sshd status

Testing The SSH

[root@lab1]# slogin -l aamir localhost or ssh –l aamir localhost

[email protected]'s password:

Last login: Wed Aug 1 19:25:02 2001 from 202.133.64.67

If there is a message "connection refused," you may need to make a small change in your local tcpwrapper configuration files. Check to see if you have an /etc/hosts.deny file. Make a entry in this file that looks like this:

ALL: ALL

In /etc/hosts.allow file make following entry:

sshd: ALL or IP addresses of allowed machines

The etc/ssh/sshd_config File

The SSH configuration file is called /etc/ssh/sshd_config. By default SSH listens on all your NICs and uses TCP port 22.

#Port 22#Protocol 2,1#ListenAddress 0.0.0.0#ListenAddress

To prevent from people trying to hack in on a well known TCP port,then you can change port 22 to something else that won't interfere with other applications on your system, such as port 435 First make sure your system isn't listening on port 435

[root@bigboy root]# netstat -an | grep 435[root@bigboy root]#

Change the Port line in /etc/ssh/sshd_config to mention 435 and remove the "#" at the beginning of the line. If port 435 is being used, pick another port and try again.

Port 435

Restart SSH [root@lab1]# service sshd restart

Check to ensure SSH is running on the new port [root@lab1]# netstat -an | grep 435tcp 0 0 192.168.1.100:435 0.0.0.0:* LISTEN


Port 22ListenAddress 192.168.1.1HostKey /etc/ssh/ssh_host_keyServerKeyBits 1024LoginGraceTime 600KeyRegenerationInterval 3600PermitRootLogin noIgnoreRhosts yesIgnoreUserKnownHosts yesStrictModes yesX11Forwarding noPrintMotd yesSyslogFacility AUTHLogLevel INFOR


RhostsAuthentication noRhostsRSAAuthentication noRSAAuthentication yesPasswordAuthentication yesPermitEmptyPasswords noAllowUsers admin

Port 22 The option Port specifies on which port number ssh daemon listens for incoming connections. The default port is 22. ListenAddress 192.168.1.1 The option ListenAddress specifies the IP address of the interface network on which the ssh daemon server socket is bind. The default is 0.0.0.0; to improve security you may specify only the required ones to limit possible addresses. HostKey /etc/ssh/ssh_host_key The option HostKey specifies the location containing the private host key. ServerKeyBits 1024 The option ServerKeyBits specifies how many bits to use in the server key. These bits are used when the daemon starts to generate its RSA key

LoginGraceTime 600 The option LoginGraceTime specifies how long in seconds after a connection request the server will wait before disconnecting if the user has not successfully logged in. KeyRegenerationInterval 3600 The option KeyRegenerationInterval specifies how long in seconds the server should wait before automatically regenerated its key. This is a security feature to prevent decrypting captured sessions. PermitRootLogin no The option PermitRootLogin specifies whether root can log in using ssh. Never say yes to this option. IgnoreRhosts yes The option IgnoreRhosts specifies whether rhosts or shosts files should not be used in authentication.

IgnoreUserKnownHosts yes The option IgnoreUserKnownHosts specifies whether the ssh daemon should ignore the user's $HOME/.ssh/known_hosts during RhostsRSAAuthentication. StrictModes yes The option StrictModes specifies whether ssh should check user's permissions in their home directory and rhosts files before accepting login. This option must always be set to yes because sometimes users may accidentally leave their directory or files world-writable. X11Forwarding no The option X11Forwarding specifies whether X11 forwarding should be enabled or not on this server. Since we setup a server without GUI installed on it, we can safely turn this option off.

PrintMotd yes The option PrintMotd specifies whether the ssh daemon should print the contents of the /etc/motd file when a user logs in interactively. The /etc/motd file is also known as the message of the day. SyslogFacility AUTH The option SyslogFacility specifies the facility code used when logging messages from sshd. The facility specifies the subsystem that producedthe message--in our case, AUTH.LogLevel INFO The option LogLevel specifies the level that is used when logging messages from sshd. INFO is a good choice. See the man page for sshd for more information on other possibilities. RhostsAuthentication no The option RhostsAuthentication specifies whether sshd can try to use rhosts based authentication. Because rhosts authentication is insecure you shouldn't use this option.

RhostsRSAAuthentication no The option RhostsRSAAuthentication specifies whether to try rhosts authentication in concert with RSA host authentication. RSAAuthentication yes The option RSAAuthentication specifies whether to try RSA authentication. This option must be set to yes for better security in your sessions. RSA use public and private key pairs created with thessh-keygen utility for authentication purposes. PasswordAuthentication yes The option PasswordAuthentication specifies whether we should use password-based authentication. For strong security, this option must always be set to yes.

PermitEmptyPasswords no The option PermitEmptyPasswords specifies whether the server allows logging in to accounts with a null password. If you intend to use the scp utility to make automatic backups over the network, you must set this option to yes. AllowUsers admin The option AllowUsers specifies and controls which users can access ssh services. Multiple users can be specified, separated by spaces.

Using SSH To Login To A Remote Machine

Using SSH is similar to Telnet. To login from another Linux box use the "ssh" command with a "-l" to specify the username you wish to login as. If you leave out the "-l", your username will not change.

User “root” Logs In To smallfry As User “root” [root@lab1]# ssh 192.168.2.1

User “root” Logs In To testsrv As User “abc” Using default port 22[root@lab1]# ssh -l abc 192.168.2.1

Using port 435[root@lab1]# ssh -l abc -p 435 192.168.2.1

Copying Files To The Local Linux BoxCommand Format: scp username@address:remotefile localdir Examples:

Copy file /tmp/software.rpm on the remote machine to the local directory /home

[root@lab1]# scp [email protected]:/tmp/software.rpm /home

Copy file /tmp/software.rpm on the remote machine to the local directory /home using TCP port 435

[root@lab1]# scp –p 435 [email protected]:/tmp/software.rpm /home

RSA Key Generation SSH1

[xyz@lab1]$ ssh-keygen

Generating public/private rsa1 key pair.Enter file in which to save the key (/home/xyz/.ssh/identity): /home/xyz/.ssh/identityEnter passphrase (empty for no passphrase):Enter same passphrase again:Your identification has been saved in /home/xyz/.ssh/identity.Your public key has been saved in /home/xyz/.ssh/identity.pub.The key fingerprint is:22:bc:0b:fe:f5:06:1d:c0:05:ea:59:09:e3:07:8a:8c

xyz@lab1

cd ~.ssh; ls –l-rw------- 1 xyz xyz 526 Nov 2 01:33 identity-rw-r--r-- 1 xyz xyz 330 Nov 2 01:33 identity.pub

The file identity contains your private key. This key is used to gain access on systems which have your private keylisted in their authorized keys file. Also, make sure your private key always is chmod 600, so other users on the system won't have access to it.

The file identity.pub contains your public key, which can be added to other system's authorized keys files. We will get to adding keys later

RSA Key Generation SSH1

[xyz@lab1]$ ssh-keygen –t dsa

Generating public/private dsa key pair.Enter file in which to save the key (/home/xyz/.ssh/id_dsa) Enter passphrase (empty for no passphrase):Enter same passphrase again:Your identification has been saved in /home/xyz/.ssh/id_dsaYour public key has been saved in /home/xyz/.ssh/id_dsa.pub The key fingerprint is:22:bc:0b:fe:f5:06:1d:c0:05:ea:59:09:e3:07:8a:8c

xyz@lab1

cd ~.ssh; ls –l-rw------- 1 xyz xyz 526 Nov 2 01:33 id_dsa -rw-r--r-- 1 xyz xyz 330 Nov 2 01:33 id_dsa.pub

The file id_dsa contains your version 2 private keyThe file id_dsa.pub contains your version 2 public key

Placing the public key on the remote server

To be able to log in to remote systems using your pair of keys, you will first have to add your public key on the remote server to the authorized_keys (for version 1) file,

and the authorized_keys2 (for version2) file in the .ssh/ directory in your home directory on the remote machine.

[xyz@lab1]$ cd .ssh/

For SSH1

$ scp identity.pub [email protected]:/home/identity.pub

For SSH2

$ scp id_dsa.pub [email protected]:/home/id_dsa.pub

This will place your keys in your home directory on the remote server. After that we will login on the remote server using ssh or telnet the conventional way... with a password.

[xyz@tmpsrv xyz]$ mkdir .ssh[xyz@tmpsrv xyz]$ chmod 700 .ssh[xyz@tmpsrv xyz]$ cd .ssh[[email protected]]$ touch authorized_keys[[email protected]]$ chmod 600 authorized_keys[xyz@tmpsrv .ssh]$ cat ../identity.pub >> authorized_keys

Placing the key for version 2 works about the same :

[xyz@tmpsrv xyz]$ mkdir .ssh[xyz@tmpsrv xyz]$ chmod 700 .ssh[xyz@tmpsrv xyz]$ cd .ssh[[email protected]]$ touch authorized_keys2[[email protected]]$ chmod 600 authorized_keys2[xyz@tmpsrv .ssh]$ cat ../id_dsa.pub >> authorized_keys2

Now logout from the remote server and connect again with ssh

ssh –i ./.ssh/identity 192.168.2.11 (for ssh1)

ssh –i ./.ssh/id_dsa 192.168.2.11 (for ssh2)

Software Management

Package

A package is a software collection written in a particular format to achieve a specific goal. It makes installation easier.

Redhat linux has over 450 packages available of which about 270 are installed originally on the server.

What is Package Management & why do we want it?

• Managing Programs• Executables• Data Files• Configuration Files• Documentation

Examples of Packages · Applications, eg. a word processor or a

programming language · A part of the Operating System, eg. an

FTP server

Advantages · One easily managed "chunk" · Packages are "intelligent"

What you can do with Packages

Package operations: · Installing packages · Upgrading packages · Removing packages

Keeping track of packages: · Finding out what packages are

installed · Get information on a specific

package · Is a package still installed

correctly?

Types of Packages

In Red Hat Linux there are two most common types of Packages

1. RPM Packages

2. Tarball Packages

RPM?

RPM stands for Redhat Package Manager. This utility was originally developed by Redhat but is now found in other Linux distributions.

It is an easy method for installing, upgrading, deleting, or quering a software package. RPM is a significant enhancement over the tar utility that is used to install tarballs

RPM Design Goals

• Make it easy to get packages on and

off the system • Make it easy to verify a package

was installed correctly • Make it easy for the package builder • Make it start with the original

source code • Make it work on different computer

architectures

RPM Design Goals

For the end user, RPM provides many features that make

maintaining a system far easier than it has ever been.

• One command : Installing, uninstalling, and upgrading of

RPM packages

• Package Database: Maintain database of installed packages

and their files, which allows you to perform powerful queries and verification of your system.

• During upgrades, RPM handles configuration files specially, so that you never lose your customizations -- a feature that is impossible with straight .tar.gz files.

RPM Design Goals

For the developer, RPM allows to take source code for software and package it into source and binary packages for end users. This process is quite simple and is driven from a single file and optional patches that you create

A Bit of History

RPP · Used in Red Hat Linux versions before 2.0 · Supported one-command

installation and uninstallation · Package verification · Powerful querying · No support for multiple architectures

PMS · Developed at the same time as RPP · Used in the BOGUS distribution · No package verification · Weak querying · No support for multiple architectures

PM · Produced by the developers of PMS

under contract to Red Hat Software · Combined the best features of RPP and

PMS · Weak database design · No support for multiple architectures

· Produced by Marc Ewing and Erik Troan

· Automatic Handling of Configuration Files

· Easy to rebuild many packages

· Slow and big (written in Perl)

· Poor support for multiple architectures

RPM Version 1

RPM Version 2

· Rewritten in C - much faster and didn't

require Perl · New database design improved speed and

reliability · Enhanced multiple architecture support

RPM Packages usually have a file extension.rpm

eg. eject- 1.4-3. i386 .rpm

Some packages have “noarch” in file name, it means the package is not dependent on the architecture of the system.

Package Name Platform ExtVer

I nstalling Packages

rpm –i file1.rpm ...

eg. rpm –i eject-1.4-3.i386.rpm

• Performs dependency checks · Checks for conflicts · Performs any tasks required before

the install · Decides what to do with config files · Unpacks files from the package · Performs any tasks required after the

install

I nstalling Packages (cont.)

Additional options · Overwriting packages: --replacepkgs · Overwriting files: --replacefiles · Overwriting packages and files: --force · Ignoring dependencies: --nodeps · Don't install documentation: --excludedocs

Erasing Packages

rpm -e pkg1 ...

· Checks that no other packages require the one being removed

· Performs any tasks required before uninstalling

· Check if any config files were changed· Deletes any files belonging to the package · Performs any tasks required after

uninstalling · Keeps track of what it did

rpm -e eject

Upgrading Packages

rpm -U file1.rpm ...

· Installs the new version · Erases any older versions if they exist • Configuration file handling

rpm -U eject-1.2-2.i386.rpm · "Upgrade" to an older version: --oldpackage

Querying Packages: rpm -q

Example Queries: · Where did this file come from? · What is in this package I received? · What version of this package do I have installed? · Is there any documentation for this package?

Parts to a query: · What packages to query · What information is wanted

Selecting Packages

To Check All installed packages

• rpm –qa• Use "less" or "grep“

rpm -qa | grep -i ssh

openssh-server-3.4p1-2openssh-clients-3.4p1-2openssh-askpass-gnome-3.4p1-2openssh-3.4p1-2openssh-askpass-3.4p1-2

Selecting Packages (cont.)

Query a package file: You can use the “-ql” qualifier to list all the files associated with an installed RPM. In this example we test to make sure that the NTP package is installed using the”-qa” qualifier, then we use the “-ql” qualifier to get the file listing [root@lab tmp]# rpm -qa ntp ntp-4.1.2-0.rc1.2 [root@lab tmp]# rpm -ql ntp /etc/ntp /etc/ntp.conf /etc/ntp/drift /etc/ntp/keys

Listing Files In RPM Files

You can use the “-qpl” qualifier to list all the files in a RPM file

[root@lab tmp]# rpm -qpl dhcp-3.0pl1-23.i386.rpm /etc/rc.d/init.d/dhcpd/etc/rc.d/init.d/dhcrelay/etc/sysconfig/dhcpd/etc/sysconfig/dhcrelay………/usr/share/man/man8/dhcrelay.8.gz/var/lib/dhcp/var/lib/dhcp/dhcpd.leases[root@lab tmp]#

How Uninstall RPMs

The rpm –e command will erase an installed package. The package name given must match that listed in the rpm –qa command as the version of the package is important.

[root@lab tmp]# rpm -e dhcp-3.0pl1-23.i386.rpm

How to Install Source RPMs

Sometimes the packages you want to install need to be compiled in order to match your kernel version. This requires you to use source RPM files. Download the source RPMs or locate them on CD They usually have a file extension ending with (.src.rpm) Run the following commands as root: rpmbuild --rebuild filename.src.rpm

Gnome-RPM

One of the most convenient package manipulation tools available is Gnome-RPM, a graphical tool which runs under the X Window System.

LINUX NETWORKING

Networks and Standalone Computers

• Network– Group of computers and other devices connected

by some type of transmission media– Networks enable users to share devices and data,

collectively called a network’s resources• Standalone computer

– Uses programs and data only from its local disks and is not connected to a network

Local and Remote Computers

• Local computer– Computer on which user is working

• Remote computer– Computer that user controls or works on via

network connection

Types of Network

1. Local Area Network (LAN)

2. Metropolitan Area Network (MAN)

3. Wide Area Network (WAN)

Local Area Network (LAN)

• Network of computers and other devices confined to relatively small space

• LAN Modules

- Peer to Peer Module

- Client / Server Module

Peer-to-Peer Network

• Computers communicate on single segment of cable and share each other’s data and devices

• Simple example of a local area network (LAN)• Not Secure and not scalable

Client/server network

Network based on client/server architecture– Clients do not communicate directly to each other

in a client/server architecture but use the server as an intermediate step in comm

• Network operating system– Special software designed to manage data, network

security and sharing other resources on a server for a number of clients

Networking Basics

Figure 1-3: LAN with a file

server

Advantages of Server-Based over Peer-to-Peer Networks

• User login accounts and passwords can be assigned in one place

• Access to multiple shared resources can be centrally granted

• Servers are optimized to handle heavy processing loads and dedicated to handling requests from clients

• Servers can connect more than a handful of computers

MANs and WANs

• Metropolitan area network (MAN)– Network connecting clients and servers in

multiple buildings within limited geographic area

• Wide area network (WAN)– Network that spans large distance and connects

two or more LANs– The Internet is an example of a very intricate

and extensive WAN that spans the globe

Local Area Network

Wide Area Network

Elements Common to AllServer-Based Networks

• Server• Workstation• Node

– Client, server, or other device that can communicate over a network and that is identified by a unique identifying number, known as its network address


• Network operating system (NOS)– Linux, Solaris, Windows 2000 etc..

• Network interface card (NIC)– Enables workstation to connect to the network and

communicate with other computers

Network Topologies

• Bus Topology• Star Topology• Ring Topology• Mesh Topology• Hybrid Topologies

Bus Topology

Terminator

Segment

Terminator

Star Topology

Hub

Ring Topology

Mesh Topology

Hybrid Topologies

Star-Bus Bus

Star-Ring

Network Devices

• Repeaters and Hubs• Bridges• Switches• Routers• Gateways• Remote Access Connectivity Types• Public Switched Telephone Network (PSTN)• Integrated Services Digital Network (ISDN)• X.25• Asymmetric Digital Subscriber Line (ADSL)

Repeaters and Hubs

RepeaterTransmits data to

all connected computers

HubTransmits data to all connected computers in a star topology

Repeater

Hub

Bridges

Bridge

Switches

Switch

Routers

RouterRouter

RouterRouter

Gateways

Ethernet

Token Ring

Gateway

Remote Access Connectivity Types

Dial-up Remote Access

Remote Access Client

Remote Access Server

Virtual Private Network

Remote Access Client

Linux VPN ServerCorporateIntranet

InternetInternet

TunnelTunnel

Public Switched Telephone Network (PSTN)

AnalogModem

Analog Modem

Analog Voice Data Worldwide Availability Analog Modem 56 Kbps

Analog Voice Data Worldwide Availability Analog Modem 56 Kbps

PSTNPSTN

Telephone Wires

Client Server

Integrated Services Digital Network (ISDN)

ISDN Modem

ISDN Modem

International Communication Standard Digital Transmission Extends over Local Telephone Exchange ISDN Modem 64 Kbps or Faster

International Communication Standard Digital Transmission Extends over Local Telephone Exchange ISDN Modem 64 Kbps or Faster

ISDNISDN

Digital Telephone Lines or Telephone Wires

Client Server

X.25

Modem

Based on Packet Switching X.25 Packet Assembler/Disassembler

(PAD) Client Configuration Server Configuration

Based on Packet Switching X.25 Packet Assembler/Disassembler

(PAD) Client Configuration Server Configuration

X.25X.25

X.25 Smart Card

Client Server

PAD Service

Asymmetric Digital Subscriber Line (ADSL)

LANAdapter

Copper Telephone Lines Simultaneous Voice and Data Transmission 1.5 to 9 Mbps Downstream Rate 16 to 640 Kbps Upstream Rate LAN Interface or Dial-up Interface

Copper Telephone Lines Simultaneous Voice and Data Transmission 1.5 to 9 Mbps Downstream Rate 16 to 640 Kbps Upstream Rate LAN Interface or Dial-up Interface

ADSLADSL

LANAdapter

ATMAdapter

ATMAdapter

Client Server

ADSL Wires


• Transmission media– Means

through which data are transmitted and received

Coaxial ThinNetThickNet10Base2, 10Base5

Fiber-Optic

Twisted-PairUnshielded (UTP)Shielded (STP)10/100

• Transmission Media


• Protocol– Rules network uses to transfer data

e.g TCP/IP, IPX/SPX, AppleTalk ….

• Data Packets– The distinct units of data transmitted from one

computer to another on a network

What Is TCP/IP?

• TCP/IP is a universal standard suite of protocols used to provide connectivity between networked devices.

• One component of TCP/IP is the Internet Protocol (IP) which is responsible for ensuring that data is transferred between two addresses without being corrupted.

• For manageability, the data is usually split into multiple pieces or “packets”

• The two most popular transportation mechanisms used on the Internet are Transmission Control Protocol (TCP) and User Datagram Protocol (UDP).

What is TCP?

• TCP is a connection oriented protocol. It opens up aconnection between client and server programs running onseparate computers so that multiple and/or sporadic streams of data can be sent over an indefinite period of time.

TCP keeps track of the packets sent by giving each one asequence number with the remote server sending back “acknowledgement” packets confirming correct delivery.

What is UDP?

UDP is a connectionless protocol. the machine that sends the data having no means of verifying whether the data was correctly received by the remote machine

TCP / UDP Ports

While in data transmission both the UDP and the TCP segment headers track the “port” being used. The source/destination port and the source/ destination IP addresses of the client & server computers are then combined to uniquely identify each data flow

IP Addresses

• All devices connected to the Internet have an Internet Protocol (IP) address. Just like a telephone number, it helps to uniquely identify a user of the system.

• IP addresses are in reality a string of binary digits or "bits". Eachbit is either a 1 or a 0. IP addresses have 32 bits in total. • For ease of use, IP addresses are written in what is called a "dotted decimal" format, four numbers with dots in between. None of the numbers between the dots may be greater than 255. An example of an IP address would be 192.168.0.1 • The numbers between the dots are frequently referred to as"octets"

IP Address Classes

Class 1st Byte Format Total Hosts

A 0 – 126 N.H.H.H 16 Million

B 128 – 191 N.N.H.H 64 Thousand

C 192 – 239 N.N.N.H 254

D 224 – 239 - (Multicast)

E 240 – 254 - (Experimental)

Subnet Masks

• Splits networks into subnetworks• Separates address into 2 parts

– 1’s – Network Portion– 0’s – Host Portion

• Example: Class C Network– Address: N.N.N.H– Mask: 255.255.255.0 (255 = 11111111)– CIDR Notation: N.N.N.H/24

Private IP Addresses

Some groups of IP addresses are reserved for use only in private networks and are not routed over the Internet. These are

10.0.0.0 - 10.255.255.255 172.16.0.0 - 172.31.255.255 192.168.0.0 - 192.168.255.255

Home networking equipment / devices usually are configured in the factory with an IP address in the range 192.168.1.1 to 192.168.1.255

What Is Localhost?

Whether or not your computer has a network interface card it will have a “built in” IP address with which network aware applicationscan communicate with one another. This IP address is defined as 127.0.0.1 and is frequently referred to as “localhost”

MAC Address

• MAC Address also known as Physical address of hardware.

• Assigned by manufacturer (hardware)• Must be absolutely unique• Address format

– 6 octets in hex (#:#:#:#:#:#)– First 3 octets: Manufacturer Identifier– Last 3 octets: Card serial number

• Used for local network communication

Address Resolution Protocol

• Translates IP addresses to Ethernet (MAC) addresses

Who is 10.0.0.3?

10.0.0.1 10.0.0.2 10.0.0.3 10.0.0.4

I am (1:2:3:7:8:9)

arp –a: View the cache

Default Gateways

• Connects Networks together• If destination not on local network, packets

sent through gateway

route: Display/configure routing

Connecting Linux to a Network

• Hostname and IP Address assignment• Configuration of hardware• Default route (gateway) assignment• Name Service Configuration• Testing and troubleshooting

Hostnames

• Uniquely identifies each system• Fully Qualified Domain Name

– hostname.site.domain[.country]– Country: 2 letter identifier for country– Domain: Type of site (edu, com, org)– Site: Unique name of organization– Hostname: Unique name of system

• hostname: Display or set system name

Configuring NIC's IP Address

• Most modern PCs come with an ethernet port. When Linux is installed, this device is called "eth0". You can determine the IP address of this device with the "ifconfig" command

To assign or unassign the eth0 interface an IP address use the ifconfig command

ifconfig eth0 10.0.0.1 netmask 255.255.255.0 uporifconfig eth0 10.0.0.1 netmask 255.255.255.0 down

• To make this permanent each time you boot up you'll have to add this command in your /etc/sysconfig/network-scripts Directory. Interface eth0 has a file called ifcfg-eth0, eth1 uses ifcfg-eth1…etc

Typical format of Ifcfg-eth0 file.

DEVICE=eth0IPADDR=192.168.1.100NETMASK=255.255.255.0ONBOOT= yes

Or in case of DHCP server.

DEVICE=eth0BOOTPROTO=dhcpONBOOT=yes

Multiple IP Addresses On A Single NIC

You can assign multiple IP Address on a single NIC with Ifconfig command or by creating a file.

A virtual sub-interface also known as an "IP alias". IP aliasing is one of the most common ways of creating multiple IP addresses associated with a single NIC. Aliases have the name format "parent-interface-name:X", where "X" is the sub-interface number of your choice.

1. First ensure the "parent" real interface exists 2. Verify that no other IP aliases with the same name exists 3. with the name you plan to use. Create the virtual interface with the ifconfig command ifconfig eth0:0 192.168.1.99 netmask 255.255.255.0 up You then have the choice of creating a file in with the name of /etc/sysconfig/network-scripts/ifcfg-eth0:0

Default Gateway

Default gateway is the address of the router / firewall connected to the Internet or the other network.

Command to check the route is route• To add the default route use the following command route add default gw 192.168.1.1 In this case, make sure that the router / firewall with IP address 192.168.1.1 is connected to the same network the “/etc/sysconfig/network” file is used to configure default gateway each time Linux boots

Following is the sample of /etc/sysconfig/network

NETWORKING=yesHOSTNAME=lab2-3GATEWAY=192.168.1.1

• To delete default route use

route del default gw 192.168.1.1

Linux as Router

A linux server can act as router for this there is need of

1. Two NIC cards2. Enable Packet Forwarding - In simple terms packet forwarding lets packets flow through the Linux box from one network to another The configuration parameter to activate this is found in the file /etc/sysctl.conf. Remove the "#" from the line related to packet forwarding

Before # Disables packet forwarding

#net.ipv4.ip_forward=1

After # Enables packet forwarding net.ipv4.ip_forward=1 Restart the machine or use the following command to activate itimmediately.

echo 1 > /proc/sys/net/ipv4/ip_forward

Name Services

• Following files are need to be configured for name service

1. /etc/hosts– Local configuration

2. /etc/resolv.conf– Domain Name Service (DNS) lookup– search: domains to search if not FQDN

/etc/hosts

The /etc/hosts lists the name and IP address of local hostsLinux will typically check this file before referencing DNS, if the name is found with a corresponding IP address then DNS won't be queried. The /etc/hosts file has the following format

ip-address fully-qualified-domain-name alias1 alias2

The very first line should always look like this with "localhost" being the only alias

127.0.0.1 localhost.localdomain localhost

If you have a NIC card in the server, then you have to add another entry in this file. First determine whats your true hostname is: [root@test /]# hostname test

Add the corresponding entry in the /etc/hosts file for the NIC's IP address

Host test with an IP address of 192.168.1.100 isn't part of any DNS domain

192.168.1.100 test.my-site.com test mail

/etc/resolv.conf

The file /etc/resolv.conf is used to determined the name server of DNS server.

Following is the sample of resolv.conf

nameserver 202.133.76.51nameserver 192.168.2.1

Network tools

• ping – Reachability test

• arp –a - To check the MAC address

• ifconfig - To check the IP Address

• traceroute – Routing performance

• Netstat –a – Network performance stats

• nslookup/dig – DNS Queries

Domain Name Service (DNS)

Purpose of naming

• Addresses are used to locate objects

• Names are easier to remember than numbers

• You would like to get to the address or other objects using a name

• DNS provides a mapping from names to resources of several types

Names and addresses in general

• An address is how you get to an endpoint– Typically, hierarchical (for scaling):

• 950 Milton Street, Brisbane City, QLD 4064• 204.152.187.11, +617-3858-3188

• A “name” is how an endpoint is referenced– Typically, no structurally significant hierarchy

• “David”, “Tokyo”, “apnic.net”

What is DNS?

• DNS is the Domain Name System, which converts/maps symbolic machine names to the Internet addresses. It translates (maps) from name to address and from address to name.

• A Distributed, Hierarchical database of the Names of hosts on the Internet and their associated IP addresses.

In The Beginning..There was ARPANET

• Host names were mapped to IP addresses using 'hosts' files.

• This is the '/etc/hosts' file found on your Linux system. It still exists today to provide basic information to your networking system before any of the major networking services start.

• These files were then copied around the ARPANET using 9600Baud UUCP connections.

• UUCP -- Unix to Unix CoPy; Still used in some places today.

Problems• traffic and load• Name collisions• Consistency

Mapping

• A mapping is simply an association between two things, – easy-to-remember machine name, like

ftp.linux.org, – and the machine's IP address (199.249.150.4).

• DNS also contains mappings the other way, from the IP number to the machine name; this is called a "reverse mapping".

• Maps domain name to IP address.– Application calls resolver– Resolver sends UDP packet to local DNS server– DNS server returns IP address to resolver– Resolver returns IP address to application

DNS Features: Global Distribution

• Data is maintained locally, but retrievable globally– No single computer has all DNS data

• DNS lookups can be performed by any device

• Remote DNS data is locally cacheable to improve performance

DNS Features: Loose Coherency

• The database is always internally consistent– Each version of a subset of the database (a zone) has

a serial number• The serial number is incremented on each database change

• Changes to the master copy of the database are replicated according to timing set by the zone administrator

• Cached data expires according to timeout set by zone administrator

DNS Features: Scalability

• No limit to the size of the database– One server has over 20,000,000 names

• Not a particularly good idea

• No limit to the number of queries– 24,000 queries per second handled easily

• Queries distributed among masters, slaves, and caches

DNS Features: Reliability

• Data is replicated– Data from master is copied to multiple slaves

• Clients can query– Master server– Any of the copies at slave servers

• Clients will typically query local caches

DNS Features: Dynamicity

• Database can be updated dynamically– Add/delete/modify of any record

• Modification of the master database triggers replication– Only master can be dynamically updated

• Creates a single point of failure

Concept: DNS Names

• The namespace needs to be made hierarchical to be able to scale.

• The idea is to name objects based on – location (within country, set of

organizations, set of companies, etc)– unit within that location (company within set

of company, etc)– object within unit (name of person in

company)

DNS Names

• How names appear in the DNS – Fully Qualified Domain Name (FQDN)

• WWW.APNIC.NET.– labels separated by dots

• DNS provides a mapping from FQDNs to resources of several types

• Names are used as a key when fetching data in the DNS

DNS Names

• Domain names can be mapped to a tree• Dot used as a separator

whois

Root DNS

net com

whois

apnic

ftpwww

iana

org

dots

gov

Concept: Resource Records

• The DNS maps names into data using Resource Records.

www.apnic.net. … A 10.10.10.2

Address Resource

Resource Record

Concept: Domains

• Domains are “namespaces”

• Everything below .com is in the com domain

• Everything below apnic.net is in the apnic.net domain and in the net domain

Concept: Domains

net domain

com domain

apnic.net domain

net com

apnic

www www

edu

isi tislabs

•training

ns1ns2

•

• •

•

•

ftp

sun

moon

google

•

•

Delegation

• Administrators can create subdomains to group hosts– According to geography, organizational affiliation or any other

criterion

• An administrator of a domain can delegate responsibility for managing a subdomain to someone else

• The parent domain retains links to the delegated subdomain– The parent domain “remembers” who it delegated the subdomain to

Concept: Zones and Delegations

• Zones are “administrative spaces”

• Zone administrators are responsible for portion of a domain’s name space

• Authority is delegated from a parent and to a child

Concept: Zones and Delegations

net domain

apnic.net zone

net zone

training.apnic.net zone

net com

apnic

www www

edu

isi tislabs

•

training

ns1ns2

•

• •

•

•

•ftp

sun

moon

google•

the Domain Name System

• It has two parts...– the Name Server– the Resolver

Type of DNS Servers

• Primary: Contains the writable authoritative copy for the zones that it is primary for

• Secondary: Contains mirror copy of the data from a primary nameserver. No updates take place here, used to provide redundancy

• Caching-only: relies on other name servers for authoritative answers

Note: BIND -- Berkley Internet Name DaemonThis is the most common name server..

Primary vs. Secondary Servers

• Primary – Data loaded from a file. – One primary server per zone.

• Secondary – Data transferred from a primary server. – Data may be stored in a file. – Checks every refresh period with the primary,

looking for changes. – Might have many secondaries per zone

Sample Forward Lookup File

;; domain.edu (use your favorite naming scheme)$TTL 86400@ IN SOA ns1.domain.edu. root.domain.edu. (

2002093000 ; serial - YYYYMMDDXX21600 ; refresh - 6 hours1200 ; retry - 20 minutes3600000; expire - long time86400) ; minimum TTL - 24 hours

;; NameserversIN NS ns1.domain.edu.IN NS ns2.domain.edu.

;; Hosts with just A recordshost1 IN A 1.0.0.1

Concept: Resource Records

• Resource records consist of it’s name, it’s TTL, it’s class, it’s type and it’s RDATA

• TTL is a timing parameter• IN class is widest used• There are multiple types of RR records• Everything behind the type identifier is called

rdata

Labelttl

classtype rdata

www.ibadat.edu.pk. 3600 IN A 10.10.10.2

Example: RRs in a zone file

apnic.net. 7200 IN SOA ns.apnic.net. admin.apnic.net. (

2001061501 ; Serial 43200 ; Refresh 12 hours 14400 ; Retry 4 hours 345600 ; Expire 4 days 7200 ; Negative cache 2 hours )

apnic.net. 7200 IN NS ns.apnic.net.apnic.net. 7200 IN NS ns.ripe.net.

Label ttl class type rdata

host25.apnic.net. 2600 IN A 193.0.3.25

Configuring named.conf

The main DNS configuration is kept in the file /etc/named.conf which is used to tell BIND where to find the configuration files for each domain you own. There are usually two zone areas in this file:

Forward zone file definitions which list files to map domains to IP addresses

Reverse zone file definitions which list files to map IP addresses to domains

In this example the forward zone for www.my-site.com is being set up by placing the following entries at the bottom of the /etc/named.conf file. The zone file is named my-site.zone

zone "my-site.com" {

type master;notify no;allow-query { any; };file "my-site.zone";

};

You can also insert additional entries in the /etc/named.conf file zone "my-other-site.com" { type master;notify no;allow-query { any; };file "my-other-site.zone"; };

DNS Data

• DNS databases contain more than just hostname-to-address records:– Name server records NS– Hostname aliases CNAME– Mail Exchangers MX– Host Information HINFO

Resource Record: SOA and NS

• The SOA and NS records are used to provide information about the zone itself

• The NS indicates where information about a given zone can be found

• The SOA record provides information about the Start Of Authority, i.e. the top of the zone, also called the APEX

Resource Record: SOA

Timing parameter

Master server

Contact address

Version number

net. 3600 IN SOA A.GTLD-SERVERS.net. nstld.verisign-grs.com. (2002021301 ; serial30M ; refresh15M ; retry1W ; expiry1D ) ; neg.answ.ttl

Concept: TTL and other Timers

• TTL is a timer used in caches– An indication for how long the data may be reused– Data that is expected to be ‘stable’ can have high

TTLs

• SOA timers are used for maintaining consistency between primary and secondary servers

Writing a zone file

• Zone file is written by the zone administrator

• Zone file is read by the master server and it’s content is replicated to slave servers

• What is in the zone file will end up in the database

• Because of timing issues it might take some time before the data is actually visible at the client side

First attempt

• The ‘header’ of the zone file– Start with a SOA record– Include authoritative name servers and– Add other information

• Add other RRs

• Delegate to other zones

The SOA record

apnic.net. 3600 IN SOA ns.apnic.net. admin\.email.apnic.net. (

2002021301 ; serial1h ; refresh30M ; retry1W ; expiry3600 ) ; neg. answ. ttl

• [email protected] admin\.email.apnic.net

• Serial number: 32bit circular arithmetic– People often use date format– To be increased after editing

• The timers above qualify as reasonable

Authoritative NS records and related A records

• NS record for all the authoritative servers– They need to carry the zone at the moment you

publish

• A records only for “in-zone” name servers– Delegating NS records might have glue associated

apnic.net. 3600 IN NS NS1.apnic.net.apnic.net. 3600 IN NS NS2.apnic.net.

NS1.apnic.net. 3600 IN A 203.0.0.4NS2.apnic.net. 3600 IN A 193.0.0.202

Other data in the zone

• Add all the other data to your zone file

• Some notes on notation– Note the fully qualified domain name including

trailing dot– Note TTL and CLASS

localhost.apnic.net. 3600 IN A 127.0.0.1NS1.apnic.net. 4500 IN A 203.0.0.4

www.apnic.net. 3600 IN CNAME wasabi.apnic.net.apnic.net. 3600 IN MX 50 mail.apnic.net.

Complete Zone file format

apnic.net. 3600 IN SOA NS1.apnic.net. admin\.email.apnic.net. ( 2002021301 ; serial 1h ; refresh 30M ; retry 1W ; expiry 3600 ) ; neg. answ. Ttl

apnic.net. 3600 IN NS NS1.apnic.net.apnic.net. 3600 IN NS NS2.apnic.net.

apnic.net. 3600 IN MX 50 mail.apnic.net.apnic.net. 3600 IN MX 150 mailhost2.apnic.net.

NS1.apnic.net. 4500 IN A 203.0.0.4NS2.apnic.net. 3600 IN A 193.0.0.202localhost.apnic.net. 3600 IN A 127.0.0.1

NS1.apnic.net. 3600 IN A 193.0.0.4www.apnic.net. 3600 IN CNAME IN. apnic.net.

Sample Forward Zone File of my-site.com.

; Zone file for my-site.com;; The full zone file;$TTL 3D@ IN SOA www.my-site.com. hostmaster.my-site.com. ( 200211152 ; serial# 3600 ; refresh, seconds 3600 ; retry, seconds 3600 ; expire, seconds 3600 ) ; minimum, seconds; NS www ; Inet Address of nameserver my-site.com. MX 10 mail ; Primary Mail Exchanger ;localhost A 127.0.0.1www A 97.158.253.26mail CNAME www

Sample Rev Zone File of my-site.com.

; Filename: 192-168-1.zone;; Zone file for 192.168.1.x;$TTL 3D@ IN SOA www.my-site.com. hostmaster.my-site.com. ( 200303301 ; serial number 8H ; refresh, seconds 2H ; retry, seconds 4W ; expire, seconds 1D ) ; minimum, seconds; NS www ; Nameserver Address; 100 PTR bigboy.my-site.com.103 PTR smallfry.my-site.com. 32 PTR dhcp-32.my-site.com.33 PTR dhcp-33.my-site.com

DNS Message Format

HEADER

QUERIES

Response RESOURCE RECORDS

Response AUTHORITY RECORDS

Response ADDITIONAL INFORMATION

DNS Message Header

• query identifier• flags• # of questions• # of RRs• # of authority RRs• # of additional RRs

Response}16 b

it f

ield

s

Message Flags

• QR: Query=0, Response=1• AA: Authoritative Answer• TC: response truncated (> 512 bytes)• RD: recursion desired• RA: recursion available• rcode: return code

Recursion

• A request can indicate that recursion is desired - this tells the server to find out the answer (possibly by contacting other servers).

• If recursion is not requested - the response may be a list of other name servers to contact.

Question Format

Name: domain name (or IP address)

Query type (A, NS, MX, …)

Query class (1 for IP)

Response Resource Record

• Domain Name• Response type • Class (IP)• Time to live (in seconds) • Length of resource data • Resource data

UDP & TCP

• Both UDP and TCP are used:– TCP for transfers of entire database to

secondary servers (replication).– UDP for lookups– If more than 512 bytes in response - requestor

resubmits request using TCP.

WEB Server

Web Server?

A Web server is the server software behind the World Wide Web.

It listens for requests from a client, such as a browser like Netscape or Microsoft's Internet Explorer. When it gets one, it processes that request and returns some data.

This data usually takes the form of a formatted page with text and graphics. The browser then renders this data to the best of its ability and presents it to the user.

Web servers are in concept very simple programs. They await for requests and fulfill them when received.

How WWW works?

Web Client

Web Server

1. DNS Lookup

2. TCP connection

3. HTTP request

4. HTTP response

Typical Transaction on the Web

The Web is based on the client/server paradigm.

URLDNS Server

Web servers communicate with browsers or other clients using the Hypertext Transfer Protocol (HTTP), which is a simple protocol that standardizes the way requests are sent and processed. This allows a variety of clients to communicate with any vendor's server without compatibility problems. Most of the documents requested are formatted using Hypertext Markup Language (HTML). HTML is a small subset of another markup language called Standard General Markup Language (SGML), which is in wide use by many organizations and the U.S. Government.

HTTP /Hypertext Transfer Protocol

• The protocol, designed by Tim Berners-Lee as early as 1989

• Application-level protocol• client (browser) makes request - server responds• support for:

– use of URL’s– Internet media types (MIME types: RFC2045-

RFC2049)• allows access to different data formats • standards:

– HTTP 1.0 (RFC 1945), HTTP 1.1 (RFC 2616, a formal on 07.99)

protocol server name port directory/file name on the server

http://www.apache.kr.net:8080/directory/file.html

HTTP Request/Response

GET /index.html HTTP/1.1Host: orange.kr.psi.net

HTTP/1.1 200 OKDate: Tue, 09 Jan 2001 10:49:14 GMTServer: Apache/1.3.14 (Unix)Last-Modified: Tue, 09 Jan 2001 01:11:02 GMTETag: "131e-a074-3a5a6526"Accept-Ranges: bytesContent-Length: 41076Content-Type: text/html



<html>

Simple client request

Server reply

Server status codes

• Status codes are three digit numbers grouped as follows:· 1xx - informational· 2xx - client request successful

200 - OK· 3xx - request redirected· 4xx - client errors (request incomplete)

403 - Forbidden

404 - Not found· 5xx - server errors

The Apache HTTP Project

• A common GoalTo provide an open-source, secure, efficient and extensible server that provides HTTP services in sync with non-proprietary World Wide Web standards

• Apache Group– Non-Profit Organization– Develop bug fixes and software additions– Approve and implement any bug fixes and software additions submitted

by non-core developers – Test new releases– Document new features

What’s the Apache ?

• Freely Available : – source code– binaries for many platforms (version 1.3.x includes also the

Windows NT)• Web server orginally based on NCSA server(in 1995)• Over 60% of Internet Web servers run Apache or an Apache

derivative(In the December 2000 survey)• very configurable, lots of directives...• optional modules provide extra functionality• Powerful performance and Continually upgrade

What’s an Apache Module?

• 'modular' architecture makes is possible for anyone to add new functions to the server

• There are a large number of modules now written for Apache

• A way to extend the Web server’s request processing• It is easy to add a module to Apache• Can be statically or dynamically loaded

Features of Apache

Support for Windows NT systems(Available on Windows 95/98/2000)

Better configuration and building process Support for dynamic modules Better performance Better security Enhanced virtual host configurations

Installing the Server on Unix

• If you have a pre-built package– Install it and runs

• Otherwise,– download and unpack in suitable directory

(ftp, uncompress, gunzip, tar...)– initial configuration(Choose your modules)– Compile the server– install executable in system – further configuration files to reflect your

environment– Run httpd

Apache directory structure

• some important directories:– cgi-bin/ - CGI scripts directory– conf/ - configuration files for httpd server– htdocs/ - main directory for documents– logs/ - directory with log files – other stuff (bin/, icons/, include/,proxy/, man/…)

default location is ‘/usr/local/apache’

bin conf wwwcgi-bin logslibexec

ab httpd htpasswd

Configuring Apache

• How ? (It’s basic configuration)– ServerType standalone– Port 80– User apache– Group apache– ServerAdmin your_e-mail_address– ServerRoot "/etc/httpd"– ErrorLog /var/log/httpd/logs/error_log– TransferLog /var/log/httpd/access_log– DocumentRoot /var/www/html– DirectoryIndex index.html– ScriptAlias /cgi-bin/ /var/www/cgi-bin/

• More Directives :– StartServers, Min/MaxSpareServers, MaxClients, …

Alias

Alias /home /var/www/html/mail/

</Directory “/home/mail”>Opetions Indexes MultiviewsAllowOverride NoneOrder allow,denyAllow from all</Directory>

• CGI, PHP Scripts

ScriptAlias /passwd "/home/httpd/cgi-bin/chpasswd.cgi" <Directory "/home/httpd/cgi-bin/chpasswd.cgi">

AllowOverride AuthConfigOptions ExecCGIOrder allow,denyAllow from all

</Directory>

Virtual Hosts

• The term Virtual Host refers to the practice of maintaining more than one server on one machine, as differentiated by their apparent hostname.

• ISPs do this a lot• Allows additional Web presence without

accompanying hardware or software investment required

• each of the virtual server may have totally different content, configuration, separate log and error files, …

• alternative is to run another server on a different port

• part of basic server configuration (httpd.conf)

<VirtualHost comsats.edu.pk>ServerAdmin [email protected] /home/httpd/cgi-bin/nwebmailServerName ibadat.comServerAlias www.ibadat.com

</VirtualHost>

introduction to linux (unix). the hardware –the cpu, memory, and i/o devices the operating system...

Documents

linux unix slide

management slide

linux installation slide

character slide

clone of unix slide

kernel mode slide

unix file systems

linux kernel v1