TechNotes
ALTERNATIVES
Usage:
alternatives --install <link> <name> <path> <priority>
[--initscript <service>]
[--family <family>]
[--slave <link> <name> <path>]*
alternatives --remove <name> <path>
alternatives --auto <name>
alternatives --config <name>
alternatives --display <name>
alternatives --set <name> <path>
alternatives --list
Example:
$ which emacs
/usr/bin/emacs
$ file /usr/bin/emacs
/usr/bin/emacs: symbolic link to /etc/alternatives/emacs
$ file /etc/alternatives/emacs
/etc/alternatives/emacs: symbolic link to /usr/bin/emacs-24.5
$ file /usr/bin/emacs-24.5
/usr/bin/emacs-24.5: sticky ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 2.6.32
The Linux alternatives system allows you configure the use of a specific executable referred to by a generic name. The typical example is to configure the use of a specific editor when several alternatives are available.
Suppose the following editors are installed on a system:
/usr/bin/vim
/usr/bin/gedit
/usr/bin/emacs
/bin/vi
First, you need to "install" these editors into the alternatives system. The general form of the "alternatives" command is:
# alternatives --install link name path priority
The "link" is just a name that you will use to invoke an editor; it should be something that exists in your PATH; in this case we will choose the value "/usr/bin/edit"
The "name" is a generic term that refers to some functionality; in this case we will choose "editor"; this will be installed in /etc/alternavites/<name> as a symbolic link
The "path" is the fully qualified path to some real, existing, executable
The "priority" is a number that determines which "alternative" is current
Now, let's "install" 3 of our alternatives in the alternatives system:
# alternatives --install /usr/bin/edit editor /usr/bin/vim 100
# alternatives --install /usr/bin/edit editor /usr/bin/gedit 200
# alternatives --install /usr/bin/edit editor /usr/bin/emacs 300
In this example, 3 of our 4 available editors have been installed in the alternatives system. The execution of the above 3 commands will cause the following:
Symbolic link /usr/bin/edit is created, pointing to /etc/alternatives/editor
Symbolic link /etc/alternatives/editor is created, pointing to /usr/bin/emacs
File /var/lib/alternatives/editor is created, with the following contents:
auto <--- the mode
/usr/bin/edit <--- the link (symbolic link /etc/alternatives/<name>)
<a blank line>
/usr/bin/vim <--- the first alternative
100 <--- and its priority
/usr/bin/gedit <--- etc
200
/usr/bin/emacs
300
If we were to now execute the following command:
# alternatives --display editor
the alternatives system would consult the above file to display the current settings:
edit - status is auto
link currently points to /usr/bin/emacs
/usr/bin/vim - priority 100
/usr/bin/gedit - priority 200
/usr/bin/emacs - priority 300
Current 'best' version is /usr/bin/emacs
If we were to execute the following command:
# alternatives --config editor
The alternatives system would present us with a menu allowing us to change the settings. The "+" indicates which entry is current and the "*" indicates which entry is considered best (based on the priority).
If we wanted to introduce /bin/vi as a choice, we could:
# alternatives --install /usr/bin/edit editor /bin/vi 400
Instead of using "config" we could have used "--set" directly to select a new choice:
# alternatives --set editor /bin/vi
Note that "--set" can only be executed on an already "--installe[ed]" alternative
Relationship Between Contents of "/var/lib/alternatives/<name>" and "alternatives --install" Command
The generic format of the "alternatives --install" command is:
# alternatives --install link name path priority \
--slave slink1 sname1 spath1 \
--slave slink2 sname2 spath2 \
--slave slink3 sname3 spath3 \
--slave slink4 sname4 spath4
The execution of the command:
# alternatives --install /usr/bin/java java /usr/lib/jvm/jre-1.4.2-gcj/bin/java 1420 \
--slave /usr/lib/jvm/jre jre /usr/lib/jvm/jre-1.4.2-gcj \
--slave /usr/lib/jvm-exports/jre jre_exports /usr/lib/jvm-exports/jre-1.4.2-gcj \
--slave /usr/bin/keytool keytool /usr/lib/jvm/jre-1.4.2-gcj/bin/keytool \
--slave /usr/bin/rmiregistry rmiregistry /usr/lib/jvm/jre-1.4.2-gcj/bin/rmiregistry
would result in:
# cat /var/lib/alternatives/java <--- "java" is name
manual
/usr/bin/java <--- link
jre <--- sname1
/usr/lib/jvm/jre <--- slink1
jre_exports <--- sname2
/usr/lib/jvm-exports/jre <--- slink2
keytool <--- sname3
/usr/bin/keytool <--- slink3
rmiregistry <--- sname4
/usr/bin/rmiregistry <--- slink4
...blank line...
/usr/lib/jvm/jre-1.4.2-gcj/bin/java <--- path
1420 <--- priority
/usr/lib/jvm/jre-1.4.2-gcj <--- spath1
/usr/lib/jvm-exports/jre-1.4.2-gcj <--- spath2
/usr/lib/jvm/jre-1.4.2-gcj/bin/keytool <--- spath3
/usr/lib/jvm/jre-1.4.2-gcj/bin/rmiregistry <--- spath4
Note that "alternatives --display <name>" simply summarizes the contents of file "/var/lib/alternatives/<name>"
# alternatives --display java
java - status is manual
link currently points to /usr/lib/jvm/jre-1.4.2-gcj/bin/java
/usr/lib/jvm/jre-1.4.2-gcj/bin/java - priority 1450
slave jre: /usr/lib/jvm/jre-1.4.2.gcj
slave jre_exports: /usr/lib/jvm-exports/jre-1.4.2-gcj
slave keytool: /usr/lib/jvm/jre-1.4.2-gcj/bin/keytool
slave rmiregistry: /usr/lib/jvm/jre-1.4.2-gcj/bin/rmiregistry
Current 'best' version is /usr/lib/jvm/jre-1.4.2-gcj/bin/java
DIRCOLORS
dircolors is used to adjust the colors displayed by the "ls" command. To get the current settings:
$ dircolors -p > lscolors.txt
Now modify "lscolors.txt". Here is a summary of the codes used:
Attribute Text Background Color
00=none 30 40 black
01=bold 31 41 red
04=underscore 32 42 green
05=blink 33 43 yellow
07=reverse 34 44 blue
08=conceal 35 45 magenta
36 46 cyan
37 47 white
To "install" your modified "lscolors.txt":
$ eval $(dircolors lscolors.txt)
However, the easier way is to create "lscolors.txt" as ".dircolors" in your home directory. A file in /etc/profile.d (colorls.sh) detects the presence of ".dircolors" and uses it instead of the standard system version.
USER EQUIVALENCE
To setup user equivalence:
On HOST1:
# generate the host1 public and private keys
$ ssh-keygen -t {dsa|rsa}
# copy host1 public keys to host2
$ cd ~/.ssh
$ scp *.pub <userid>@<host2>:/tmp/
On HOST2:
# generate the host2 public and private keys
$ ssh-keygen -t {dsa|rsa}
# copy host2 public keys to host1
$ cd ~/.ssh
$ scp *.pub <userid>@<host1>:/tmp/
# append the public keys from host1 to the authorized_keys file
$ cat /tmp/*.pub >> authorized_keys
On HOST1:
# append the public keys from host2 to the authorized_keys file
$ cd ~/.ssh
$ cat /tmp/*.pub >> authorized_keys
NOTE: The ~/.ssh directory contains the public and private keys that belong to "this" host. The authorized_keys file contains the public keys of the other hosts (the ones allowed to ssh to this host). Repeat the process between all sets of hosts for which user equivalence is desired.
NOTE: Ensure that file authorized_keys has 600 (rw- --- ---) permissions.
VIM
Global Initialization File:
Linux: /etc/vimrc
Some Useful SET Options For VIMRC:
set autoindent set ignorecase set smartcase
set shiftwidth=3 set showmatch set showmode
set nowrapscan set tabstop=8 set softtabstop=3
set wrapmargin=5 set nohls syntax off
Help Commands
:h # general help
:h index # command index
:h user-manual # user manual table of contents
:h reference_toc # reference manual table of contents
:h motion.txt # list motion commands
:h x # help on normal mode command "x"
:h :x # help on command line command ":x"
:h i_x # help on insert mode command "x"
:h v_x # help on visual mode command "x"
:h c-x # help on c-x
:h enn # help on error number
:h pattern"tab" # help on pattern (tab to next pattern)
:h pattern"c-d" # help on pattern (all patterns at once)
:h 'option' # help on particular option
:options # get a list of options
:version # get list of where .vimrc, .exrc is
:helpg pattern # subcommands: :cn :cp :cfir :cla :copen :cclose
:args :file # get info about args, current file
:let # show current let bindings
:set # show current set bindings
Moving Around
% # matching ([{}])
w W # next word (next whitespace word)
b B # prev word (prev whitespace word)
e E # next word (next whitespace word)
ge gE # end of prev word (prev whitespace word)
0 $ # first char (last char)
fx Fx ; , # forward (back) to char x; repeat (opposite dir)
tx Tx ; , # forward (back) to before char x; repeat (opp dir)
gg G H M L # first last home middle last
c-] # jump to link: 'opt' ":cmd" |subject|
c-t # older entry in tag stack
c-o # older entry in jump list (jump back)
c-i # newer entry in jump list
c-w h|j|k|l # move to new window
Undo/Redo
u # undo
c-r # redo
Change/Delete Commands (Operators)
~ # switch case (see :set top, :set notop)
x X # delete char under, to left of cursor
d$ D # delete to end of line
dw db # delete from cursor to end, start of word
daw diw # delete word (including, not including white space)
dgg dG # delete from cursor to beginning, end of file
g~{motion} # swap case operator
{visual}~ # swap case of highlighted text
{visual}u {visual}Gu # make highlighted text lowercase/uppercase
gu{motion} gU{motion} # make lowercase, uppercase
! # filter through external program operator
gq # text formatting operator
< > # shift left, right operators
zf{motion} # create a fold
zd # delete fold at cursor
zo # open a fold under the cursor
zc # close one fold under the cursor
. # repeat prior change
Buffers and Files
:f # show current filename
:ls # list buffers
:b n # switch to buffer n
:buffers # show buffers
# where: % (current window) # (alternate buffer) + (modified buffer)
a=active buffer = (read only buffer)
Search Commands
* # # find next, prior string under cursor
g* g# # as above but don't treat string as a word
n N # find next, prior occurence
/\<word # find whole word that begins "word"
/word\> # find whole word that ends with "word"
Copy/Paste Commands
v .. move cursor .. y # yank visual mode section
"ry{motion} # yank some motion into register r
"rp # paste register r
"rd # delete into register r
:edit f1 :saveas f2 # edit f1, mod it, save it as f2; future :w to f2
Options and Miscellaneous Commands
:set cmdheight=n # to make more room for error displays
:set aw noaw # automatic write when moving between files
:set bk nobk # make backup copies (~ at end of name)
:set is nois # incremental search
:set hl nohl # highlight
:set hls nohls # highlight search
:set list nolist # list invisible characters
:set nu nonu # line numbers
:set top notop # tilde operator (see g~)
ga # print ascii value of char under cursor
g8 # print hex value of char under cursor
8g8 # find an illegal UTF-8 byte seq after the cursor
Highlight/Format Commands
:ce # center
:le # left align
:ri # right align
:hi clear linenr # clear line number highlight
:hi DiffAdd # change the foreground (ctermfg) or background (ctermbg) colors
:hi DiffChange # 0 = black 1 = dark red 2 = dark green
:hi DiffDelete # 3 = dark yellow 4 = dark blue 5 = dark magenta
:hi DiffText # 6 = dark cyan 7 = gray n* = turn on bold attribute
Window Commands
:sp :vsp # split current window (two views on same file)
:sp f1 :vsp f1 # split and edit file f1 (editing two files)
:new :vnew # split and edit empty file (editing two files)
:next :prev # move to next, prev file
:last :first # move to last, first file
c-w+ c-w- # increase, decrease window size
c-ww # switch to other window
<n>c-w_ # set window size to n
:clo # close current window
:qall :wall # quit all windows, write all windows
:wqall # write and quit all windows
Map Commands
:map Fx cmd # map function to command
:map ^V<F1>ix^V<esc> # F1 = insert "x" at cursor
NOTE: can also enter F1 and ESC as <F1> and <ESC>, using 4 or 5 chars instead of using C-V
File Commands
:edit <file> # close current file, edit new one
:args # show file arguments
:argadd <file> # add file to list of files being edited
:first :last :prev :next # edit first, last, previous, next file
:r <file> # insert file below cursor
:r !cmd # exec cmd and insert its stdout below cursor
Tags, Jump Lists and Marks
:tags # display tag stack
:pop :tag # older/newer entry in tag stack
:jumps # display jump list
c-o c-i # older/newer jump entry
`. # jump to last edit
`" # jump to last cursor
`<x> # jump to file mark
:m x # set mark x
:delm x # delete mark x
:marks :marks x # display marks, info about mark x
'x `x # goto line, line/column marked with x
'' # goto cursor position before last jump
'[ '] # goto start, end of last change
Visual Mode
v V c-v # enter character/line/block visual mode
o O # go to other end of highlighted text
<esc> # exit visual mode
Miscellaneous Commands
:vert diffs f1 # diff current file against f1 vertically
zo zc # open, close a fold
K # invoke "man" on token under cursor
Using a Clipboard
"*yy # put yanked line in clipboard
"#p # paste clipboard contents
Record a Script
q<register>
... enter commands ...
q # to quit recording
@<register> # to execute
MISCELLANEOUS
ALIAS
See .bashrc
aliases for "ls" colors are set in /etc/profile.d/colors.x (see /etc/profile)
alias r="fc -s"
alias ls="ls -Fx color=none"
alias ps="ps -Heo euser,pid,ppid,cputime,start,comm"
AUDIT
auditd
/etc/audit/auditd.conf
/etc/audit/audit.rules
/var/log/audit -> /var/log/audit.d/bin.n
auditctl
-e 0|1 [disable, enable auditing]
-l [list rules]
-s [status]
-a list,action -F name oper value [add rule to end of list]
-A list,action -F name oper value [add rule to beginning of list]
list = task, entry, exit, user, exclude
action = never, always
aureport
Selection Options:
--failed
-i --interpret
--success
-te --end (recent, today, yesterday, this-week)
-ts --start (recent, today, yesterday, this-week)
Report Options
-au --auth
-a --avc
-cr --crypto
-e --event
-f --file
-h --host
-l --login
-m --mods
-ma --mac
-r --response
-s --syscall
-u --user
-x --executable
ausearch
Selection Options:
-i --interpret
-te --end (today, yesterday, this-week)
-ts --start (today, yesterday, this-week)
-w --word (must match whole word)
Report Options
-a --event audit_event_id
-c --comm commnad_name
-f --file file_name
-ga --gid-all group_id
-hn --host hostname
-k --key key_string
-m --message message_type
-o --object se-linux-context
-p --pid pid
-pp --ppid ppid
-sc --syscall syscall_name_or_value
-se --context se-linux-context
-su --subject se-linux-context
-sv --success yes|no
-ua --uid-all userid
-x --executable executable name
BOOT ARGUMENTS
See "man bootparam"
/var/log/dmesg
/var/log/boot.log
cat /proc/cmdline
hda -> 1st IDE, master
hdb -> 1st IDE, slave
hdc -> 2nd IDE, master
hdd -> 2nd IDE, slave
BOOT LOADER
/etc/grub.conf
The master boot record (MBR):
The recommended place to install a boot loader, unless the MBR already starts another operating system loader, such as System Commander or OS/2's Boot Manager. The MBR is a special area on your hard drive that is automatically loaded by your computer's BIOS, and is the earliest point at which the boot loader can take control of the boot process. If you install it in the MBR, when your machine boots, GRUB (or LILO) will present a boot prompt. You can then boot Red Hat Enterprise Linux AS or any other operating system that you have configured the boot loader to boot.
The first sector of your root partition:
If you are already using another boot loader on your system (such as OS/2's Boot Manager). In this case, your other boot loader will take control first. You can then configure that boot loader to start GRUB (or LILO), which will then boot Red Hat Enterprise Linux AS.
Caution:
If you have a RAID card, be aware that some BIOSes do not support booting from the RAID card. In cases such as these, the boot loader should not be installed on the MBR of the RAID array. Rather, the boot loader should be installed on the MBR of the same drive as the /boot partition was created.
CERTIFICATES
# GENERIC INSTRUCTIONS
# create a private key then generate a certificate request from it
openssl genrsa -out privkey.pem 1024
openssl req -new -key privkey.pem -out certreq.pem
# same thing as above, but using req
# create a private key and a certificate request (all equivalent)
openssl req -new -out certreq.pem
openssl req -new -keyout privkey.pem -out certreq.pem
openssl req -newkey rsa:1024 -out certreq.pem
openssl req -newkey rsa:1024 -keyout privkey.pem -out certreq.pem
# remove the pass phrase from an RSA private key
openssl rsa -in privkey.pem -out privkey_npp.pem
# create a private key and self signed root certificate
openssl req -x509 -newkey rsa:1024 -keyout privkey.pem -out rootcert.pem
# create self signed root certificate from a private key
openssl x509 -req -in certreq.pem -signkey privkey_npp.pem -out rootcert.pem
# examine and verify a certificate request
openssl req -in certreq.pem -text -verify -noout
# encrypt a private key using triple DES
openssl rsa -in privkey.pem -des3 -out privkey_3des.pem
# convert a private key from PEM to DER format
openssl rsa -in privkey.pem -outform DER -out privkey.der
# print out components of private key
openssl rsa -in privkey.pem -text -noout
# print out public part of a private key
openssl rsa -in privkey.pem -pubout -out pubkey.pem
# EXAMPLE
# generate private key
openssl genrsa -des3 -out server.key 1024
# generate cert signing request
openssl req -new -key server.key -out server.csr
# remove pass phrase from key
cp server.key server.key.org
openssl rsa -in server.key.org -out server.key
# create self signed certificate
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
# install certificate and private key
cp server.crt /usr/local/apache/conf/ssl.crt/
cp server.key /usr/local/apache/conf/ssl.key/
# configure ssl.conf
SSLEngine on
SSLCertificateFile /usr/local/apache/conf/ssl.crt/server.crt
SSLCertificateKeyFile /usr/local/apache/conf/ssl.key/server.key
COMPRESSION
.Z compress/uncompress
.gz gzip/gunzip
.zip, .jar, .war zip/unzip
.bz2 bzip2/bunzip2
CONFIGURATION FILES
See /usr/share/doc/initscripts-version/sysconfig.txt for details
/etc/hosts
/etc/sysconfig/network
GATEWAY=<gateway IP>
HOSTNAME=<fqdn by default, but whatever hostname you want>
GATEWAYDEV=<device to use when multiple devices have a gateway (eg eth0)>
IPV6FORWARDING=yes|no
IPV6INIT=yes|no
IPV6TO4_RADVD_PIDFILE=<pid-file> (obsolete)
IPV6_AUTOCONF=yes|no
IPV6_AUTOTUNNEL=yes|no
IPV6_DEFAULTDEV=<interface> (optional)
IPV6_DEFAULTGW=<IPv6 address[%interface]> (optional)
IPV6_RADVD_PIDFILE=<pid-file> (optional)
IPV6_RADVD_TRIGGER_ACTION=startstop|reload|restart|SIGHUP (optional)
IPV6_ROUTER=yes|no
IPX=yes|no
IPXAUTOFRAME=on|off
IPXAUTOPRIMARY=on|off
IPXINTERNALNETNUM=<netnum>
IPXINTERNALNODENUM=<nodenum>
NETWORKDELAY=<delay in seconds>
NETWORKING=yes|no
NETWORKING_IPV6=yes|no
NISDOMAIN=<nis domain name>
VLAN=yes|no
/etc/sysconfig/network-scripts/ifcfg-eth0
BOOTPROTO=none|bootp|dhcp
DEVICE=<name of physical device
DHCLIENT_IGNORE_GATEWAY=yes|no|1|0
DHCPRELEASE=yes|no|1|0
DNS{1,2}=<ip address>
GATEWAY=
HOTPLUG=yes|no
HWADDR= ethernet hardware address for this device
IPADDR=
MACADDR=use of this in with HWADDR= may cause unintended behavior
METRIC=metric for the default route using GATEWAY
MTU=default MTU for this device
NAME=<friendly name for users to see>
NETMASK=
NM_CONTROLLED=yes|no
NOZEROCONF=
ONBOOT=yes|no (not valid for alias devices; use ONPARENT)
PEERDNS=yes|no
PERSISTENT_DHCLIENT=yes|no|1|0
SCOPE= Ethernet with BOOTPROTO=none
SRCADDR= use the specified source address for outgoing packets
USERCTL=yes|no
WINDOW= Default window for routes from this device
If BOOTPROTO is not "none", then the only other item that must be set is the DEVICE item; all the rest will be determined by the boot protocol. No "dummy" entries need to be created.
Base items being deprecated:
NETWORK=<will be calculated automatically with ipcalc>
BROADCAST=<will be calculated automatically with ipcalc>
Alias specific items:
ONPARENT=yes|no
Whether to bring up the device when parent device is brought up.
Wireless-specific items:
See iwconfig(8) for additional information.
CHANNEL= Ignored if MODE=Managed.
DEFAULTKEY=<default key index>
ESSID= Defaults to "any".
FRAG=[off|<fragmentation threshold>
FREQ= Ignored if MODE=Managed.
IWCONFIG=<other iwconfig(8) options>
IWPRIV=<iwpriv(8) commands>
KEY=<default WEP key>
KEY{1,2,3,4}=<WEP key with the given index>
MODE=[Ad-Hoc|Managed|Master|Repeater|Secondary|Monitor|Auto]
NWID=
RATE=
RTS=[auto|fixed|off|<rts threshold>
SECURITYMODE=[on|off|open|restricted]
SENS=<sensitivity threshold>
SPYIPS=<list of IP addresses to monitor for link quality>
/etc/resolv.conf
search <domain> | domain <domain> (search/domain mutually exclusive)
nameserver x.x.x.x
nameserver x.x.x.x
/etc/nsswitch.conf
where to look first to resolve names
/etc/sysconfig/static-routes
any host x.x.x.x netmask x.x.x.x gw x.x.x.x
route add -host 192.168.100.17 netmask 255.255.255.0 gw 172.16.22.1
See /etc/init.d/network
/etc/localtime
/usr/share/zoneinfo/EST5EDT
/etc/security/opasswd
/etc/ntp.conf
/usr/lib/X11/app-defaults
$HOME/.Xresources
$HOME/.Xdefaults
/etc/rc.d/rc.sysinit
AUTOFSCK_TIMEOUT=15
CRON
/var/spool/cron/
/etc/crontab
/etc/cron.hourly/
/etc/cron.daily/
/etc/cron.weekly/
/etc/cron.monthly/
/etc/cron.d/sysstat
minute: 0-59 | a-b/n | */n
hour: 0-23
day_of_month: 1-31
month: 1-12
day_of_week: 0-7 (0 or 7 is Sunday)
DIRECTORY PERMISSIONS
Need read to use ls on directory
Need write to add/remove files in directory
Need execute to cd into directory or use it as part of a path
If you don't have execute in all directories along a path to a file you cannot use the file regardless of the file's permissions
If you don't have read permissions to a directory, file name expansion will not work on that directory's files; you must use the full pathname to access files
If you don't have write permission you cannot move, create or remove files in the directory
If you have write permissions in a directory, you can remove a file, regardless of the file's permissions or who the owner is. However, as of SVR3.2, if a directory is writable and the sticky bit is set, a user can remove a file in that directory only if the user owns the file, or the user owns the directory, or the file is writable by the user, or the user is root.
DISK FAILURE
To copy physical disk to another:
dd if=/dev/hda of=/dev/hdb bs=1k conf=sync,noerror
DISK INFORMATION
fdisk -l
fdisk -l /dev/hdx
sfdisk -l
sfdisk -l /dev/hdx
hdparm -i /dev/hdx
hdparm -I /dev/hdx
parted /dev/hdx
EDITING .WAR FILES
Get table of contents:
unzip -l some.war | less
Get table of contents, listing a particular element:
unzip -l some.war '*/element'
Extract particular element to stdout:
unzip -c some.war '*/element'
Extract particular element into some directory:
unzip -d dir some.war '*/element'
Extract particular element into some directory, but remove paths:
unzip -j -d dir some.war '*/element'
Extract particular element into current directory, preserving paths:
unzip some.war '*/element'
Extract particular element into current directory, but remove paths:
unzip -j some.war '*/element'
Remove a particular element:
zip -d some.war '*/element'...
Replace a particular element:
zip -f some.war path/element
Replace all elements recursively:
zip -fr some.war path/
FILE ACCESS TIMES
When using find or ls:
To get file access time: use -atime for find, -tu for ls
To get file status change time: use -ctime for find, -tc for ls
To get file modification time: use -mtime for find, -t for ls
FILE AND DIRECTORY PERMISSIONS
Linux files are setup so access to them is controlled. There are three
types of access: 1. read 2. write 3. execute
Each file belongs to a specific user and group. Access to the files is
controlled by user, group, and what is called other. The term, other, is
used to refer to someone who is not the user (owner) of the file, nor is
the person a member of the group the file belongs to. When talking about
setting permissions for "other" users to use, it is commonly referred to as setting the world execute, read, or write bit since anyone in the world
will be able to perform the operation if the permission is set in the other category.
File names and permission characters
File names can be up to 256 characters long with "-", "_", and "."
characters along with letters and numbers. When a long file listing is done, there are 10 characters that are shown on the left that indicate type and permissions of the file. File permissions are shown according to the following syntax example: drwerwerwe
There are a total of 10 characters in this example, as in all Linux files.
The first character indicates the type of file, and the next three indicate read, write, and execute permission for each of the three user types, user, group and other. Since there are three types of permission for three users, there are a total of nine permission bits. The table below shows the syntax:
1 2 3 4 5 6 7 8 9 10
d r w e r w e r w e
* Character 1 is the type of file: - is ordinary, d is directory, l is link.
Characters 2-4 show owner permissions.
Characters 5-7 show group permissions.
Characters 8-10 show permissions for all other users.
There are 5 possible characters in the permission fields. They are:
r = read - This is only found in the read field.
w = write - This is only found in the write field.
x = execute - This is only found in the execute field.
s = setuid - This is only found in the execute field.
- = no permission.
Examples
Type "ls -l" and a listing like the following is displayed:
total 10
drwxrwxrwx 4 george team1 122 Dec 12 18:02 Projects
-rw-rw-rw- 1 george team1 1873 Aug 23 08:34 test
-rw-rw-rw- 1 george team1 1234 Sep 12 11:13 datafile
The fields are as follows:
1. Type field: The first character in the field indicates a file type of one of the following:
d = directory
l = symbolic link
s = socket
p = named pipe
- = regular file
c = character (unbuffered) device file special
b = block (buffered) device file special
2. Permissions are explained above.
3. Links: The number of directory entries that refer to the file. In our example, there are four.
4. The file's owner in our example is George.
5. The group the file belongs to. In our example, the group is team1.
6. The size of the file in bytes
7. The last modification date. If the file is recent, the date and time is shown. If the file is not in the current year, the year is shown rather than time.
8. The name of the file.
Set User Identification Attribute
The file permissions bits include an execute permission bit for file owner, group and other. When the execute bit for the owner is set to "s" the set user ID bit is set. This causes any persons or processes that run the file to have access to system resources as though they are the owner of the file. When the execute bit for the group is set to "s", the set group ID bit is set and the user running the program is given access based on access permission for the group the file belongs to. The following command:
chmod +s myfile
sets the user ID bit on the file "myfile".
chmod g+s myfile
sets the group ID bit on the file "myfile".
The listing below shows a listing of two files that have the group or user
ID bit set.
-rws--x--x 1 root root 14024 Sep 9 1999 chfn
-rwxr-sr-x 1 root mail 12072 Aug 16 1999 lockfile
The files chfn and lockfile are located in the directory "/usr/bin". The
"s" takes the place of the normal location of the execute bit in the file
listings above. This special permission mode has no meaning unless the file has execute permission set for either the group or other as well. This means that in the case of the lockfile, if the other users (world execute) bit is not set with permission to execute, then the user ID bit set would be meaningless since only that same group could run the program anyhow. In both files, everyone can execute the binary. The first program, when run is executed as though the program is the root user. The second program is run as though the group "mail" is the user's group.
For system security reasons it is not a good idea to set many program's set user or group ID bits any more than necessary, since this can allow an
unauthorized user privileges in sensitive system areas. If the program has
a flaw that allows the user to break out of the intended use of the
program, then the system can be compromised.
Directory Permissions
There are two special bits in the permissions field of directories. They
are:
s - Set group ID
t - Save text attribute (sticky bit) - The user may delete or modify only those files in the directory that they own or have write permission for.
Save text attribute
The /tmp directory is typically world-writable and looks like this in a
listing:
drwxrwxrwt 13 root root 4096 Apr 15 08:05 tmp
Everyone can read, write, and access the directory. The "t'' indicates that only the user (and root, of course) that created a file in this directory can delete that file. To set the sticky bit in a directory, do the following:
chmod +t data
This option should be used carefully. A possible alternative to this is
1. Create a directory in the user's home directory to which he or she can write temporary files.
2. Set the TMPDIR environment variable using each user's login script.
3. Programs using the tempnam(3) function will look for the TMPDIR variable and use it, instead of writing to the /tmp directory.
Directory Set Group ID
If the setgid bit on a directory entry is set, files in that directory will have the group ownership as the directory, instead of than the group of the user that created the file. This attribute is helpful when several users need access to certain files. If the users work in a directory with the setgid attribute set then any files created in the directory by any of the users will have the permission of the group. For example, the administrator can create a group called spcprj and add the users Kathy and Mark to the group spcprj. The directory spcprjdir can be created with the set GID bit set and Kathy and Mark although in different primary groups can work in the directory and have full access to all files in that directory, but still not be able to access files in each other's primary group.
The following command will set the GID bit on a directory:
chmod g+s spcprjdir
The directory listing of the directory "spcprjdir":
drwxrwsr-x 2 kathy spcprj 1674 Sep 17 1999 spcprjdir
The "s'' in place of the execute bit in the group permissions causes all
files written to the directory "spcprjdir" to belong to the group "spcprj".
Note: Linux files were displayed with a default tab value of 8 in older
Linux versions. That means that file names longer than 8 may not be
displayed fully if you are using an old Linux distribution. There is an
option associated with the ls command that solves this problem. It is "-T".
Ex: "ls al -T 30" to make the tab length 30.
Umask Settings
The umask command is used to set and determine the default file creation
permissions on the system. It is the octal complement of the desired file
mode for the specific file type. Default permissions are:
777 - Executable files
666 - Text files
These defaults are set allowing all users to execute an executable file and not to execute a text file. The defaults allow all users can read and write the file. The permission for the creation of new executable files is calculated by subtracting the umask value from the default permission value for the file type being created. An example for a text file is shown below with a umask value of 022:
666 Default Permission for text file
-022 Minus the umask value
-----
644 Allowed Permissions
Therefore the umask value is an expression of the permissions the user,
group and world will not have as a default with regard to reading, writing, or executing the file. The umask value here means the group the file belongs to and users other than the owner will not be able to write to the file. In this case, when a new text file is created it will have a file permission value of 644, which means the owner can read and write the file, but members of the group the file belongs to, and all others can only read the file. A long directory listing of a file with these permissions set is shown below.
-rw-r--r-- 1 root workgrp 14233 Apr 24 10:32 textfile.txt
A example command to set the umask is:
umask 022
The most common umask setting is 022. The /etc/profile script is where the
umask command is usually set for all users. Red Hat Linux has a user and group ID creation scheme where there is a group for each user and only that user belongs to that group. If you use this scheme consistently you only need to use 002 for your umask value with normal users.
FONTS
chkfontpath -l
chkfontpath -a font_dir
chkfontpath -r font_dir
fc-list
xfs
xfsinfo
xlsfonts
see also: /etc/X11/fs/config
FSCK
See p. 244 of File System Admin by Arleen Frisch
When FSCK prints error messages, mode values have the following meaning
01 - named pipe
02 - character special file
04 - directory
06 - block special file
10 - plain file
12 - symbolic link
14 - socket
GPG
To create a GPG key:
gpg --gen-key
To encrypt a file using GPG key:
gpg -r userid --output file.gpg --encrypt file.txt
To decrypt a file using GPG key:
gpg -r userid --output file.txt --decrypt file.gpg
GRUB
See also BOOT LOADER
To boot Windows after Linux is uninstalled and GRUB was used for dual boot:
root (hd0,1)
chainloader +1
boot
HISTORY
To keep track of date & time when commands are executed, add to /etc/profile:
HISTSIZE=2000
HISTTIMEFORMAT="%m%d%H%M%S "
HOSTNAME
/proc/sys/kernel/hostname
/etc/sysconfig/network
/etc/hosts
HARDWARE RESOURCES
dmidecode - list hardware resources
kudzu - looks for new hardware
To Get a List of Attached Devices:
# cat /proc/scsi/scsi
# dmidecode -s <keyword>
<keyword> can be:
bios-vendor, bios-version, bios-release-date, system-manufacturer,
system-product-name, system-version, system-serial-number, system-uuid, baseboard-manufacturer, baseboard-product-name, baseboard-ver-sion, baseboard-serial-number, baseboard-asset-tag, chassis-man-ufacturer, chassis-type, chassis-version, chassis-serial-number, chassis-asset-tag,
processor-family, processor-manufacturer, processor-version, processor-frequency.
# dmidecode -t <type>
<type> can be bios, system, baseboard, chassis, processor, memory, cache, connector, slot
INFO COMMAND
Selecting other nodes:
n # next node
p # previous node
[ # previous node in document
] # next node in document
t # top node in document
u # up to parent node
d # to directory node
g # go to node [g top = t]
l # last visited node
L # list of visited nodes (c-x c-b)
m # select menu item by name (identified by "* menu:")
r|f # follow x-ref (identified by "*Note xref-name: node-name")
tab # move to next hyperlink
b # beginning of node
e # end of node
Moving around:
spc|pgdn # next page (c-v)
bsp|pgup # previous page (m-v)
down arrow # next line (c-n)
up arrow # previous lines (c-p)
c-a # cursor to beginning of line
c-e # cursor to end of line
c-b # cursor back one char
c-f # cursor forward one char
Screen Commands
c-x 0 # close current window
c-x 1 # close all windows except current
c-x 2 # split window
c-x o # move cursor to other window
c-l # refresh screen
c-g # cancel operation
Searching
/|s # search (s for next entry)
c-s # interactive search forward
c-r # interactive search backward
} # find next occurence (c-x n)
{ # find previous occurence (c-x N)
i # search index (use "," for next entry)
R # toggle regular expression
Quiting and Help
q # quit (c-x c-c)
?|h # open a help window
KEYCODES
To see keycodes of special keys:
stty echo; cat -v; stty echo
enter special key
type ^D to quit
LINE NUMBERING
nl -vstart -iincr -sstring -wwidth -nformat -bstyle
nl -v1000 -i10 -s -w4 -nrz -ba
DIRECTORY LINK COUNT
Link count represents the number of entries contained within a directory (always at least 2 to account for . and ..)
LOCKED ACCOUNT
To reset root password (must be in sudoers file):
sudo faillog -u root -r
Note: /etc/sudoers must contain "<someuserid> all=/usr/bin/faillog" for the above to work
For 64-bit systems, faillog has been replaced by pam_tally2
faillog -a list all failed logings
faillog -u user list failed logins for user
faillog -u user -l sec set lock time for user
faillog -u user -m max set max login fail count before lock
faillog -u user -r reset locked user
lastlog -u userid get last login date/time for user
pam_tally [--user userid] [--reset[=n]] set/reset login failure count
LOOPBACK
Create a file to hold the filesystem:
dd if=/dev/zero of=/.u01 bs=1024 count=20M (creates a 20G file)
Associate the file with a loopback device:
losetup /dev/loop0 /.u01
Create a filesystem on the loopback device:
mkfs -t ext3 -b 2048 -m 1 -v /dev/loop0
Create a mount point:
mkdir /u01
Mount the loopback device on the mount point:
mount -t ext3 /dev/loop0 /u01
MAN PAGE SYMBOLIC LINKS
cd /usr/local/man/man3
for x in $(find /opt/appl/man/man3 -print)
do
ln -s $x $(basename $x)
done
PCI DEVICES
# lspci
PRIVATE IP ADDRESSES
Class A 10.0.0.0
Class B 172.16.0.0 - 172.31.0.0
Class C 192.168.0.0 - 192.168.255.255
RECORD A SESSION
# script [-a] [file]
RPM
Useful --query options:
--configfiles displays change info for a pkg
--docfiles lists documentation files
--info displays pkg information; uses --queryformat if supplied
--list lists files in pkg
--provides lists capabilities this pkg provides
--scripts lists scripts provided for installation/uninstallation
--state pkg state: normal, not installed, replaced
To import a package GPG key:
rpm --import /usr/share/rhn/RPM-GPG-KEY
To query all installed packages:
rpm --query --all
To query pkg owning filename:
rpm --query --file filename
To list files this pkg provides:
rpm --query --provides pkg
To list files this pkg requires:
rpm --query --requires pkg
To list tag names:
rpm --querytags
To list using query tags:
rpm --query --queryformat '%{name}-%{version}-%{release}-(%{arch})\n' package
To list files in an rpm pkg file:
rpm2cpio pkg | cpio -t
To find what capabilities a package provides:
for x in $(ls -1)
do
echo ====
echo "$x provides"
rpm --query --provides --package $x
done
SCREEN
To share a screen session:
On the control side:
$ screen - S <session_name>
ctrl-a :multiuser on
ctrl-a :acladd <userid>
On the client side:
$ screen -x <userid>/<session_name>;
where <userid> and <session_name> are from the control side
SHADOW FORMAT
See chage; See /etc/login.defs for default values for using useradd
amachina:x..x:13570:1:60:7:35:x:
| | | | | |_ account expires << chage -E yy-mm-dd usr
| | | | |_ lock n days after << chage -I n user
| | | |_ warn days << chage -W n user
| | |_ maximum age << chage -M n user
| |_ mininum age << chage -m n user
|_ last change since 1970 in days << chage -d n user
set last password change date << chage -d yy-mm-dd usr
SHELL FILE EXECUTION ORDER
Interactive Login Shell or Non-interactive Shell with --login option:
/etc/profile
~/.bash_profile
~/.bashrc <- I put local changes here
/etc/bashrc <- I put global changes here
~/.bash_login
~/.profile
Interactive Shell That Is Not A Login Shell:
~./.bashrc
/etc/bashrc
VIRTUAL CONSOLES
See also X; Some commands:
chvt
openvt
deallocvt
tty|fgconsole
CTRL-ALT-Fn (n=1..6)
Switch to the nth text terminal. (The same could be accomplished with the
rarely used command chvt n. "chvt" stands for "change virtual terminal").
In text terminal (outside X), you can also use Alt-Fn- (the key Ctrl- is
not needed).
CTRL-ALT-Fn (n=7..12)
Switch to the nth GUI terminal (if a GUI terminal is running on screen
n-1). On default, the first X server is running on terminal 7. On default,
nothing is running on terminals 8 to 12--you can start subsequent X server
there.
TAB
(In a text or X terminal) Autocomplete the command if there is only one
option, or else show all the available options. On newer systems you may
need to press Tab-Tab-. THIS SHORTCUT IS GREAT, it can truely save you
lots of time.
ARROWUP
(In a text or X terminal) Scroll and edit the command history. Press
Enter- to execute a historical command (to save on typing). ArrowDown-
scrolls back.
SHIFT-PGUP
Scroll terminal output up. This works also at the login prompt, so you can
scroll through your bootup messages. The amount/usage of your video memory
determines how far back you can scroll the display. Shift-PgDown- scrolls
the terminal output down.
CTRL-ALT-ESC
(in X-windows, KDE) Kill the window I am going to click with my mouse
pointer (the pointer changes to something like a death symbol). Similar
result can be obtained with the command xkill (typed in X-terminal). Useful when an X-window program does not want to close (hangs?).
CTRL-ALT-BKSPC
(in X-windows) Kill the current X-windows server. Use if the X-windows
server cannot be exited normally.
CTRL-ALT-DEL
(in text terminal) Shut down the system and reboot. This is the normal
shutdown command for a user at the text-mode console. Don't just press the
"reset" button for shutdown!
CTRL-S
Stop the transfer to the terminal.
CTRL-Q
Resume the transfer to the terminal. Try if your terminal mysteriously
stops responding. See the previous command.
CTRL-Z
Send the current process to the background.