TechNotes
ALTERNATIVES
Usage:
alternatives --install <link> <name> <path> <priority>
[--initscript <service>]
[--family <family>]
[--slave <link> <name> <path>]*
alternatives --remove <name> <path>
alternatives --auto <name>
alternatives --config <name>
alternatives --display <name>
alternatives --set <name> <path>
alternatives --list
Example:
$ which emacs
/usr/bin/emacs
$ file /usr/bin/emacs
/usr/bin/emacs: symbolic link to /etc/alternatives/emacs
$ file /etc/alternatives/emacs
/etc/alternatives/emacs: symbolic link to /usr/bin/emacs-24.5
$ file /usr/bin/emacs-24.5
/usr/bin/emacs-24.5: sticky ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 2.6.32
The Linux alternatives system allows you configure the use of a specific executable referred to by a generic name. The typical example is to configure the use of a specific editor when several alternatives are available.
Suppose the following editors are installed on a system:
/usr/bin/vim
/usr/bin/gedit
/usr/bin/emacs
/bin/vi
First, you need to "install" these editors into the alternatives system. The general form of the "alternatives" command is:
# alternatives --install link name path priority
The "link" is just a name that you will use to invoke an editor; it should be something that exists in your PATH; in this case we will choose the value "/usr/bin/edit"
The "name" is a generic term that refers to some functionality; in this case we will choose "editor"; this will be installed in /etc/alternavites/<name> as a symbolic link
The "path" is the fully qualified path to some real, existing, executable
The "priority" is a number that determines which "alternative" is current
Now, let's "install" 3 of our alternatives in the alternatives system:
# alternatives --install /usr/bin/edit editor /usr/bin/vim 100
# alternatives --install /usr/bin/edit editor /usr/bin/gedit 200
# alternatives --install /usr/bin/edit editor /usr/bin/emacs 300
In this example, 3 of our 4 available editors have been installed in the alternatives system. The execution of the above 3 commands will cause the following:
Symbolic link /usr/bin/edit is created, pointing to /etc/alternatives/editor
Symbolic link /etc/alternatives/editor is created, pointing to /usr/bin/emacs
File /var/lib/alternatives/editor is created, with the following contents:
auto <--- the mode
/usr/bin/edit <--- the link (symbolic link /etc/alternatives/<name>)
<a blank line>
/usr/bin/vim <--- the first alternative
100 <--- and its priority
/usr/bin/gedit <--- etc
200
/usr/bin/emacs
300
If we were to now execute the following command:
# alternatives --display editor
the alternatives system would consult the above file to display the current settings:
edit - status is auto
link currently points to /usr/bin/emacs
/usr/bin/vim - priority 100
/usr/bin/gedit - priority 200
/usr/bin/emacs - priority 300
Current 'best' version is /usr/bin/emacs
If we were to execute the following command:
# alternatives --config editor
the alternatives system would present us with a menu allowing us to change the settings. The "+" indicates which entry is current and the "*" indicates which entry is considered best (based on the priority).
If we wanted to introduce /bin/vi as a choice, we could:
# alternatives --install /usr/bin/edit editor /bin/vi 400
Instead of using "config" we could have used "--set" directly to select a new choice:
# alternatives --set editor /bin/vi
Note that "--set" can only be executed on an already "--installe[ed]" alternative
Relationship Between Contents of "/var/lib/alternatives/<name>" and "alternatives --install" Command
The generic format of the "alternatives --install" command is:
# alternatives --install link name path priority \
--slave slink1 sname1 spath1 \
--slave slink2 sname2 spath2 \
--slave slink3 sname3 spath3 \
--slave slink4 sname4 spath4
The execution of the command:
# alternatives --install /usr/bin/java java /usr/lib/jvm/jre-1.4.2-gcj/bin/java 1420 \
--slave /usr/lib/jvm/jre jre /usr/lib/jvm/jre-1.4.2-gcj \
--slave /usr/lib/jvm-exports/jre jre_exports /usr/lib/jvm-exports/jre-1.4.2-gcj \
--slave /usr/bin/keytool keytool /usr/lib/jvm/jre-1.4.2-gcj/bin/keytool \
--slave /usr/bin/rmiregistry rmiregistry /usr/lib/jvm/jre-1.4.2-gcj/bin/rmiregistry
would result in:
# cat /var/lib/alternatives/java <--- "java" is name
manual
/usr/bin/java <--- link
jre <--- sname1
/usr/lib/jvm/jre <--- slink1
jre_exports <--- sname2
/usr/lib/jvm-exports/jre <--- slink2
keytool <--- sname3
/usr/bin/keytool <--- slink3
rmiregistry <--- sname4
/usr/bin/rmiregistry <--- slink4
...blank line...
/usr/lib/jvm/jre-1.4.2-gcj/bin/java <--- path
1420 <--- priority
/usr/lib/jvm/jre-1.4.2-gcj <--- spath1
/usr/lib/jvm-exports/jre-1.4.2-gcj <--- spath2
/usr/lib/jvm/jre-1.4.2-gcj/bin/keytool <--- spath3
/usr/lib/jvm/jre-1.4.2-gcj/bin/rmiregistry <--- spath4
Note that "alternatives --display <name>" simply summarizes the contents of file "/var/lib/alternatives/<name>"
# alternatives --display java
java - status is manual
link currently points to /usr/lib/jvm/jre-1.4.2-gcj/bin/java
/usr/lib/jvm/jre-1.4.2-gcj/bin/java - priority 1450
slave jre: /usr/lib/jvm/jre-1.4.2.gcj
slave jre_exports: /usr/lib/jvm-exports/jre-1.4.2-gcj
slave keytool: /usr/lib/jvm/jre-1.4.2-gcj/bin/keytool
slave rmiregistry: /usr/lib/jvm/jre-1.4.2-gcj/bin/rmiregistry
Current 'best' version is /usr/lib/jvm/jre-1.4.2-gcj/bin/java
DIRCOLORS
dircolors is used to adjust the colors displayed by the "ls" command. To get the current settings:
$ dircolors -p > lscolors.txt
Now modify "lscolors.txt". Here is a summary of the codes used:
Attribute Text Background Color
00=none 30 40 black
01=bold 31 41 red
04=underscore 32 42 green
05=blink 33 43 yellow
07=reverse 34 44 blue
08=conceal 35 45 magenta
36 46 cyan
37 47 white
To "install" your modified "lscolors.txt":
$ eval $(dircolors lscolors.txt)
However, the easier way is to create "lscolors.txt" as ".dircolors" in your home directory. A file in /etc/profile.d (colorls.sh) detects the presence of ".dircolors" and uses it instead of the standard system version.
USER EQUIVALENCE
To setup user equivalence:
On HOST1:
# generate the host1 public and private keys
$ ssh-keygen -t {dsa|rsa}
# copy host1 public keys to host2
$ cd ~/.ssh
$ scp *.pub <userid>@<host2>:/tmp/
On HOST2:
# generate the host2 public and private keys
$ ssh-keygen -t {dsa|rsa}
# copy host2 public keys to host1
$ cd ~/.ssh
$ scp *.pub <userid>@<host1>:/tmp/
# append the public keys from host1 to the authorized_keys file
$ cat /tmp/*.pub >> authorized_keys
On HOST1:
# append the public keys from host2 to the authorized_keys file
$ cd ~/.ssh
$ cat /tmp/*.pub >> authorized_keys
NOTE: The ~/.ssh directory contains the public and private keys that belong to "this" host.
The authorized_keys file contains the public keys of the other hosts (the ones allowed to
ssh to this host). Repeat the process between all sets of hosts for which user equivalence
is desired.
NOTE: Ensure that file authorized_keys has 600 (rw- --- ---) permissions.
MISCELLANEOUS
ALIAS
See .bashrc
aliases for "ls" colors are set in /etc/profile.d/colors.x (see /etc/profile)
alias r="fc -s"
alias ls="ls -Fx color=none"
alias ps="ps -Heo euser,pid,ppid,cputime,start,comm"
AUDIT
auditd
/etc/audit/auditd.conf
/etc/audit/audit.rules
/var/log/audit -> /var/log/audit.d/bin.n
auditctl
-e 0|1 [disable, enable auditing]
-l [list rules]
-s [status]
-a list,action -F name oper value [add rule to end of list]
-A list,action -F name oper value [add rule to beginning of list]
list = task, entry, exit, user, exclude
action = never, always
aureport
Selection Options:
--failed
-i --interpret
--success
-te --end (recent, today, yesterday, this-week)
-ts --start (recent, today, yesterday, this-week)
Report Options
-au --auth
-a --avc
-cr --crypto
-e --event
-f --file
-h --host
-l --login
-m --mods
-ma --mac
-r --response
-s --syscall
-u --user
-x --executable
ausearch
Selection Options:
-i --interpret
-te --end (today, yesterday, this-week)
-ts --start (today, yesterday, this-week)
-w --word (must match whole word)
Report Options
-a --event audit_event_id
-c --comm commnad_name
-f --file file_name
-ga --gid-all group_id
-hn --host hostname
-k --key key_string
-m --message message_type
-o --object se-linux-context
-p --pid pid
-pp --ppid ppid
-sc --syscall syscall_name_or_value
-se --context se-linux-context
-su --subject se-linux-context
-sv --success yes|no
-ua --uid-all userid
-x --executable executable name
AUTO LOGON
To enable auto logon via ssh from Unix to a Windows host (without using a password)
# logon to Windows host in target userid
# create directory .ssh2
c:\documents and settings\someuser> mkdir .ssh2
#logon to Unix host from which autologon is desired
# move to .ssh directory
$ cd .ssh
# create private key (id_dsa) and public key (id_dsa.pub)
# do not supply a pass-phrase when prompted
$ ssh-keygen -t dsa
# create SECSSH Public Key file (ssh_id_dsa.pub)
$ ssh-keygen -e -f id_dsa > ssh_id_dsa.pub
# copy file "ssh_id_dsa.pub" to the Windows host
$ sftp @
> lls (ensure id_dsa, id_dsa.pub and ssh_id_dsa.pub are visible)
> cd .ssh2 (change to remote directory /HOME/.ssh2)
> put ssh_id_dsa.pub (copy file to remote Windows host)
> exit
# logon to Windows host
# move to directory .ssh2
c:\documents and settings\someuser> cd .ssh2
# edit (create) file "authorization"
# put in an entry that reads: "key ssh_id_dsa.pub"
AUTO MOUNT
disable /etc/rc.d/init.d/autofs to prevent automatic mounts
chkconfig --level ijk autofs off
service autofs stop
AUTO RUN
autorun - automatically mount cdrom on startx
See Mount
See /etc/fstab
See $HOME/.kde/Autostart/Autorun.desktop
BOOT ARGUMENTS
See "man bootparam"
/var/log/dmesg
/var/log/boot.log
cat /proc/cmdline
hda -> 1st IDE, master
hdb -> 1st IDE, slave
hdc -> 2nd IDE, master
hdd -> 2nd IDE, slave
BOOT DISK
mount /dev/cdrom /mnt/cdrom
dd if=boot,img of=/dev/fd0 bs=1440k
BOOT LOADER
/etc/grub.conf
The master boot record (MBR):
The recommended place to install a boot loader, unless the MBR already starts another operating system loader, such as System Commander or OS/2's Boot Manager. The MBR is a special area on your hard drive that is automatically loaded by your computer's BIOS, and is the earliest point at which the boot loader can take control of the boot process. If you install it in the MBR, when your machine boots, GRUB (or LILO) will present a boot prompt. You can then boot Red Hat Enterprise Linux AS or any other operating system that you have configured the boot loader to boot.
The first sector of your root partition:
Recommended if you are already using another boot loader on your system (such as OS/2's Boot Manager). In this case, your other boot loader will take control first. You can then configure that boot loader to start GRUB (or LILO), which will then boot Red Hat Enterprise Linux AS.
Caution:
If you have a RAID card, be aware that some BIOSes do not support booting from the RAID card. In cases such as these, the boot loader should not be installed on the MBR of the RAID array. Rather, the boot loader should be installed on the MBR of the same drive as the /boot partition was created.
CERTIFICATES
# GENERIC INSTRUCTIONS
# create a private key then generate a certificate request from it
openssl genrsa -out privkey.pem 1024
openssl req -new -key privkey.pem -out certreq.pem
# same thing as above, but using req
# create a private key and a certificate request (all equivalent)
openssl req -new -out certreq.pem
openssl req -new -keyout privkey.pem -out certreq.pem
openssl req -newkey rsa:1024 -out certreq.pem
openssl req -newkey rsa:1024 -keyout privkey.pem -out certreq.pem
# remove the pass phrase from an RSA private key
openssl rsa -in privkey.pem -out privkey_npp.pem
# create a private key and self signed root certificate
openssl req -x509 -newkey rsa:1024 -keyout privkey.pem -out rootcert.pem
# create self signed root certificate from a private key
openssl x509 -req -in certreq.pem -signkey privkey_npp.pem -out rootcert.pem
# examine and verify a certificate request
openssl req -in certreq.pem -text -verify -noout
# encrypt a private key using triple DES
openssl rsa -in privkey.pem -des3 -out privkey_3des.pem
# convert a private key from PEM to DER format
openssl rsa -in privkey.pem -outform DER -out privkey.der
# print out components of private key
openssl rsa -in privkey.pem -text -noout
# print out public part of a private key
openssl rsa -in privkey.pem -pubout -out pubkey.pem
# EXAMPLE
# generate private key
openssl genrsa -des3 -out server.key 1024
# generate cert signing request
openssl req -new -key server.key -out server.csr
# remove pass phrase from key
cp server.key server.key.org
openssl rsa -in server.key.org -out server.key
# create self signed certificate
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
# install certificate and private key
cp server.crt /usr/local/apache/conf/ssl.crt/
cp server.key /usr/local/apache/conf/ssl.key/
# configure ssl.conf
SSLEngine on
SSLCertificateFile /usr/local/apache/conf/ssl.crt/server.crt
SSLCertificateKeyFile /usr/local/apache/conf/ssl.key/server.key
CHKCONFIG
chkconfig --list [service]
chkconfig --add service
chkconfig --del service
chkconfig [--level level] service on|off|reset
Header:
# chkconfig: levels start_order kill_order
# description: description
# processname: processname
COMPRESSION
compress/uncompress .Z
gzip/gunzip .gz
zip/unzip .zip .jar .war
bzip2/bunzip2 .bz2
CONFIGURATION FILES
See /usr/share/doc/initscripts-version/sysconfig.txt for details
/etc/hosts
/etc/sysconfig/network
GATEWAY=<gateway IP>
HOSTNAME=<fqdn by default, but whatever hostname you want>
GATEWAYDEV=<gateway device to use when multiple devices have a gateway (eg eth0)>
IPV6FORWARDING=yes|no
IPV6INIT=yes|no
IPV6TO4_RADVD_PIDFILE=<pid-file> (obsolete)
IPV6_AUTOCONF=yes|no
IPV6_AUTOTUNNEL=yes|no
IPV6_DEFAULTDEV=<interface> (optional)
IPV6_DEFAULTGW=<IPv6 address[%interface]> (optional)
IPV6_RADVD_PIDFILE=<pid-file> (optional)
IPV6_RADVD_TRIGGER_ACTION=startstop|reload|restart|SIGHUP (optional)
IPV6_ROUTER=yes|no<br /> IPX=yes|no
IPXAUTOFRAME=on|off (again, not yes|no)
IPXAUTOPRIMARY=on|off (note, that MUST be on|off, not yes|no)
IPXINTERNALNETNUM=<netnum>
IPXINTERNALNODENUM=<nodenum>
NETWORKDELAY=<delay in seconds>
NETWORKING=yes|no
NETWORKING_IPV6=yes|no
NISDOMAIN=<nis domain name>
NOZEROCONF= Set this to not set a route for dynamic link-local addresses.
VLAN=yes|no
obsoleted values from earlier releases:
FORWARD_IPV4=yes|no
DEFRAG_IPV4=yes|no
/etc/sysconfig/network-scripts/ifcfg-eth0
The first defines an interface, and the second contains only the parts of the definition that are different in a
"alias" (or alternative) interface. For example, the network numbers might be different, but everything else
might be the same, so only the network numbers would be in the alias file, but all the device information would
be in the base ifcfg file.
The items that can be defined in an ifcfg file depend on the interface type.
BOOTPROTO=none|bootp|dhcp
DEVICE=<name of physical device
DHCLIENT_IGNORE_GATEWAY=yes|no|1|0
DHCPRELEASE=yes|no|1|0
DNS{1,2}=<ip address>
GATEWAY=
HOTPLUG=yes|no
HWADDR= ethernet hardware address for this device
IPADDR=
MACADDR=use of this in with HWADDR= may cause unintended behavior.
METRIC=metric for the default route using GATEWAY
MTU=default MTU for this device
NAME=<friendly name for users to see>
NETMASK=
NM_CONTROLLED=yes|no
NOZEROCONF=
ONBOOT=yes|no (not valid for alias devices; use ONPARENT)
PEERDNS=yes|no
PERSISTENT_DHCLIENT=yes|no|1|0
SCOPE= Ethernet with BOOTPROTO=none.
SRCADDR= use the specified source address for outgoing packets
USERCTL=yes|no
WINDOW= Default window for routes from this device
If BOOTPROTO is not "none", then the only other item that must be set is the DEVICE item; all the rest will be determined
by the boot protocol. No "dummy" entries need to be created.
Base items being deprecated:
NETWORK=<will be calculated automatically with ipcalc>
BROADCAST=<will be calculated automatically with ipcalc>
Alias specific items:
ONPARENT=yes|no
Whether to bring up the device when parent device is brought up.
Wireless-specific items:
See iwconfig(8) for additional information.
CHANNEL= Ignored if MODE=Managed.
DEFAULTKEY=<default key index>
ESSID= Defaults to "any".
FRAG=[off|<fragmentation threshold>
FREQ= Ignored if MODE=Managed.
IWCONFIG=<other iwconfig(8) options>
IWPRIV=<iwpriv(8) commands>
KEY=<default WEP key>
KEY{1,2,3,4}=<WEP key with the given index>
MODE=[Ad-Hoc|Managed|Master|Repeater|Secondary|Monitor|Auto]
NWID=
RATE=
RTS=[auto|fixed|off|<rts threshold>
SECURITYMODE=[on|off|open|restricted]
SENS=<sensitivity threshold>
SPYIPS=<list of IP addresses to monitor for link quality>
/etc/resolv.conf
search domain | domain domain (search/domain mutually exclusive)
nameserver x.x.x.x
nameserver x.x.x.x
/etc/nsswitch.conf
where to look first to resolve names
/etc/sysconfig/static-routes
any host x.x.x.x netmask x.x.x.x gw x.x.x.x
route add -host 192.168.100.17 netmask 255.255.255.0 gw 172.16.22.1
See /etc/init.d/network
/etc/localtime
-> /usr/share/zoneinfo/EST5EDT
/etc/security/opasswd
/etc/ntp.conf
/usr/lib/X11/app-defaults
$HOME/.Xresources
$HOME/.Xdefaults
/etc/rc.d/rc.sysinit
AUTOFSCK_TIMEOUT=15
/etc/network/interfaces
(Knoppix)
auto lo
iface lo inet loopback
auto eth0
iface eth0 inet static
address 137.9.70.43
netmask 255.255.255.0
gateway 137.9.70.1
CRON
/var/spool/cron/ - contains cron files named after /etc/passwd entries; if unmatched entires exist here, may get "ORPHAN (no passwd entry)" messages in logwatch
/etc/crontab - contains entries to directories
/etc/cron.hourly/
/etc/cron.daily/ - logwatch lives here; if it doesn't run, make sure it's executable
/etc/cron.weekly/
/etc/cron.monthly/
/etc/cron.d/sysstat - contains system activity accounting jobs; produces "crond(pam_unix)" session messages in /var/log/secure
minute: 0-59 | a-b/n | */n
hour: 0-23
day_of_month: 1-31
month: 1-12
day_of_week: 0-7 (0 or 7 is Sunday)
DATA FILES
/var/log/boot.log
/var/log/cron
/var/log/dmesg
/var/log/lastlog
/var/log/messages
/var/log/ppp
/var/log/rpmpkgs (see /etc/crontab)
DIRECTORY PERMISSIONS
Need read to use ls on directory
Need write to add/remove files in directory
Need execute to cd into directory or use it as part of a path
If you don't have execute in all directories along a path to a file you cannot use the file regardless of the file's permissions
If you don't have read permissions to a directory, file name expansion will not work on that directory's files; you must use the full pathname to access files
If you don't have write permission you cannot move, create or remove files in the directory
If you have write permissions in a directory, you can remove a file, regardless of the file's permissions or who the owner is. However, as of SVR3.2, if a directory is writable and the sticky bit is set, a user can remove a file in that directory only if the user owns the file, or the user owns the directory, or the file is writable by the user, or the user is root.
DISK FAILURE
To copy physical disk to another:
dd if=/dev/hda of=/dev/hdb bs=1k conf=sync,noerror
DISK INFORMATION
fdisk -l
fdisk -l /dev/hdx
sfdisk -l
sfdisk -l /dev/hdx
hdparm -i /dev/hdx
hdparm -I /dev/hdx
parted /dev/hdx
EDGE SYNCHRONIZATION ERROR
Fonts larger than the boxes designed to hold them causes an edge synchronization error after 10,000 iterations
EDITING .WAR FILES
unzip -d /tmp some.war '*/element'
cd /tmp
vi path/element
zip -f some.war path/element
Get table of contents:
unzip -l some.war | less
Get table of contents, listing a particular element:
unzip -l some.war '*/element'
Extract particular element to stdout:
unzip -c some.war '*/element'
Extract particular element into some directory:
unzip -d dir some.war '*/element'
Extract particular element into some directory, junk paths:
unzip -j -d dir some.war '*/element'
Extract particular element into current directory, preserving paths:
unzip some.war '*/element'
Extract particular element into current directory, junk paths:
unzip -j some.war '*/element'
Remove a particular element:
zip -d some.war '*/element'...
Replace a particular element:
zip -f some.war path/element
Replace all elements under :
zip -fr some.war path/
FILE ACCESS TIMES
FIND LS
DESCRIPTION
-atime -tu
file access time
-ctime -tc
file status change time
-mtime -t
file modification time
FILE AND DIRECTORY PERMISSIONS
Linux Files and File Permission
Linux files are setup so access to them is controlled. There are three
types of access:
1. read
2. write
3. execute
Each file belongs to a specific user and group. Access to the files is
controlled by user, group, and what is called other. The term, other, is
used to refer to someone who is not the user (owner) of the file, nor is
the person a member of the group the file belongs to. When talking about
setting permissions for "other" users to use, it is commonly referred to as
setting the world execute, read, or write bit since anyone in the world
will be able to perform the operation if the permission is set in the other
category.
File names and permission characters
File names can be up to 256 characters long with "-", "_", and "."
characters along with letters and numbers.
When a long file listing is done, there are 10 characters that are shown on
the left that indicate type and permissions of the file. File permissions
are shown according to the following syntax example: drwerwerwe
There are a total of 10 characters in this example, as in all Linux files.
The first character indicates the type of file, and the next three indicate
read, write, and execute permission for each of the three user types, user,
group and other. Since there are three types of permission for three users,
there are a total of nine permission bits. The table below shows the
syntax:
1 2 3 4 5 6 7 8 9 10
d r w e r w e r w e
* Character 1 is the type of file: - is ordinary, d is directory, l is link.
* Characters 2-4 show owner permissions. Character 2 indicates read
* permission, character 3 indicates write permission, and character 4
* indicates execute permission.
* Characters 5-7 show group permissions. Character 5=read, 6=write,
* 7=execute
* Characters 8-10 show permissions for all other users. Character
* 8=read, 9=write, 10=execute
There are 5 possible characters in the permission fields. They are:
* r = read - This is only found in the read field.
* w = write - This is only found in the write field.
* x = execute - This is only found in the execute field.
* s = setuid - This is only found in the execute field.
* If there is a "-" in a particular location, there is no permission.
* This may be found in any field whether read, write, or execute field.
Examples
Type "ls -l" and a listing like the following is displayed:
total 10
drwxrwxrwx 4 george team1 122 Dec 12 18:02 Projects
-rw-rw-rw- 1 george team1 1873 Aug 23 08:34 test
-rw-rw-rw- 1 george team1 1234 Sep 12 11:13 datafile
The fields are as follows:
1. Type field: The first character in the field indicates a file type of
one of the following:
* d = directory
* l = symbolic link
* s = socket
* p = named pipe
* - = regular file
* c= character (unbuffered) device file special
* b=block (buffered) device file special
2. Permissions are explained above.
3. Links: The number of directory entries that refer to the file. In our
example, there are four.
4. The file's owner in our example is George.
5. The group the file belongs to. In our example, the group is team1.
6. The size of the file in bytes
7. The last modification date. If the file is recent, the date and time
is shown. If the file is not in the current year, the year is shown
rather than time.
8. The name of the file.
Set User Identification Attribute
The file permissions bits include an execute permission bit for file owner,
group and other. When the execute bit for the owner is set to "s" the set
user ID bit is set. This causes any persons or processes that run the file
to have access to system resources as though they are the owner of the
file. When the execute bit for the group is set to "s", the set group ID
bit is set and the user running the program is given access based on access
permission for the group the file belongs to. The following command:
chmod +s myfile
sets the user ID bit on the file "myfile". The command:
chmod g+s myfile
sets the group ID bit on the file "myfile".
The listing below shows a listing of two files that have the group or user
ID bit set.
-rws--x--x 1 root root 14024 Sep 9 1999 chfn
-rwxr-sr-x 1 root mail 12072 Aug 16 1999 lockfile
The files chfn and lockfile are located in the directory "/usr/bin". The
"s" takes the place of the normal location of the execute bit in the file
listings above. This special permission mode has no meaning unless the file
has execute permission set for either the group or other as well. This
means that in the case of the lockfile, if the other users (world execute)
bit is not set with permission to execute, then the user ID bit set would
be meaningless since only that same group could run the program anyhow. In
both files, everyone can execute the binary. The first program, when run is
executed as though the program is the root user. The second program is run
as though the group "mail" is the user's group.
For system security reasons it is not a good idea to set many program's set
user or group ID bits any more than necessary, since this can allow an
unauthorized user privileges in sensitive system areas. If the program has
a flaw that allows the user to break out of the intended use of the
program, then the system can be compromised.
Directory Permissions
There are two special bits in the permissions field of directories. They
are:
* s - Set group ID
* t - Save text attribute (sticky bit) - The user may delete or modify
* only those files in the directory that they own or have write
* permission for.
Save text attribute
The /tmp directory is typically world-writable and looks like this in a
listing:
drwxrwxrwt 13 root root 4096 Apr 15 08:05 tmp
Everyone can read, write, and access the directory. The "t'' indicates that
only the user (and root, of course) that created a file in this directory
can delete that file.
To set the sticky bit in a directory, do the following:
chmod +t data
This option should be used carefully. A possible alternative to this is
1. Create a directory in the user's home directory to which he or she
can write temporary files.
2. Set the TMPDIR environment variable using each user's login script.
3. Programs using the tempnam(3) function will look for the TMPDIR
variable and use it, instead of writing to the /tmp directory.
Directory Set Group ID
If the setgid bit on a directory entry is set, files in that directory will
have the group ownership as the directory, instead of than the group of the
user that created the file.
This attribute is helpful when several users need access to certain files.
If the users work in a directory with the setgid attribute set then any
files created in the directory by any of the users will have the permission
of the group. For example, the administrator can create a group called
spcprj and add the users Kathy and Mark to the group spcprj. The directory
spcprjdir can be created with the set GID bit set and Kathy and Mark
although in different primary groups can work in the directory and have
full access to all files in that directory, but still not be able to access
files in each other's primary group.
The following command will set the GID bit on a directory:
chmod g+s spcprjdir
The directory listing of the directory "spcprjdir":
drwxrwsr-x 2 kathy spcprj 1674 Sep 17 1999 spcprjdir
The "s'' in place of the execute bit in the group permissions causes all
files written to the directory "spcprjdir" to belong to the group "spcprj".
Note: Linux files were displayed with a default tab value of 8 in older
Linux versions. That means that file names longer than 8 may not be
displayed fully if you are using an old Linux distribution. There is an
option associated with the ls command that solves this problem. It is "-T".
Ex: "ls al -T 30" to make the tab length 30.
Umask Settings
The umask command is used to set and determine the default file creation
permissions on the system. It is the octal complement of the desired file
mode for the specific file type. Default permissions are:
* 777 - Executable files
* 666 - Text files
These defaults are set allowing all users to execute an executable file and
not to execute a text file. The defaults allow all users can read and write
the file.
The permission for the creation of new executable files is calculated by
subtracting the umask value from the default permission value for the file
type being created. An example for a text file is shown below with a umask
value of 022:
666 Default Permission for text file
-022 Minus the umask value
-----
644 Allowed Permissions
Therefore the umask value is an expression of the permissions the user,
group and world will not have as a default with regard to reading, writing,
or executing the file. The umask value here means the group the file
belongs to and users other than the owner will not be able to write to the
file. In this case, when a new text file is created it will have a file
permission value of 644, which means the owner can read and write the file,
but members of the group the file belongs to, and all others can only read
the file. A long directory listing of a file with these permissions set is
shown below.
-rw-r--r-- 1 root workgrp 14233 Apr 24 10:32 textfile.txt
A example command to set the umask is:
umask 022
The most common umask setting is 022. The /etc/profile script is where the
umask command is usually set for all users.
Red Hat Linux has a user and group ID creation scheme where there is a
group for each user and only that user belongs to that group. If you use
this scheme consistently you only need to use 002 for your umask value with
normal users.
FILESYSTEMS
Create Filesystem
1) partition the disk (parted | fdisk)
fdisk /dev/xxx
> n (new partition)
> p (primary partition)
> w (write)
2) make a filesystem
mkfs.ext3 /dev/sdx
mkfs -t ext3 /dev/sdx
mkfs -t msdos /dev/fd0
mkfs -t vfat /dev/fd0
mke2fs -j -N 30000000 /dev/sdb1
mke2fs 1.35 (28-Feb-2004)
Filesystem label=
OS type: Linux
Block size=4096 (log=2)
Fragment size=4096 (log=2)
30015488 inodes, 11677239 blocks
583861 blocks (5.00%) reserved for the super user
First data block=0
Maximum filesystem blocks=1685544960
916 block groups
12760 blocks per group, 12760 fragments per group
32768 inodes per group
Superblock backups stored on blocks:
12760, 38280, 63800, 89320, 114840, 319000, 344520, 625240, 1033560,
1595000, 3100680, 4376680, 7975000, 9302040
Writing inode tables: done
Creating journal (8192 blocks): done
Writing superblocks and filesystem accounting information: done
This filesystem will be automatically checked every 22 mounts or
180 days, whichever comes first. Use tune2fs -c or -i to override.
e2label if desired
3) mount the new partition
4) update /etc/fstab
Format of /etc/fstab
#device-name mount-point filesystem-type options fs-freq fs-passno
/dev/sdxx /home ext3 defaults 1 1
fs-freq = used by dump; 0 = do not dump
fs-passno = used by fsck; specifies order of fsck at reboot (/ should be 1, others should be 2)
Filesystem labels
see /dev/disk/by-label To Repair Corrupted Filesystem:
Determine where the superblocks are:
$ mke2fs -n /dev/sdx
Repair the filesystem:
$ e2fsck -b -p /dev/sdx
or (if -p option fails)
$ e2fsck -b /dev/sdx
Using partprobe to dynamically add partition:
Any time you use 'fdisk', 'parted' or any other favorite partitioning utility you may have to modify the partition table for a drive, run 'partprobe' after you exit the
partitioning utility and 'partprobe' will let the kernel know about the modified partition table information. If you have several disk drives and want to specify a
specific drive for 'partprobe' to scan, you can run 'partprobe <device_node>'
Use blockdev to reread a partition table
# blockdev --rereadpt /dev/sdx
FIREFOX
Firefox "about" commands:
about:
about:blank
about:buildconfig
about:cache
about:config
about:credits
about:license
about:mozilla
about:plugins
To enable java jre for firefox
cd /opt/firefox/plugins
ln -s /usr/java/jdk1.6.0_07/jre/plugin/i386/ns7/libjavaplugin_oji.so libjavaplugin_oji.so
To enable Adobe for firefox
cd /opt/firefox/plugins
ln -s /usr/local/Adobe/Acrobat7.0/Browser/intellinux/nppdf.so nppdf.so
FONTS
chkfontpath -l
chkfontpath -a font_dir
chkfontpath -r font_dir
fc-list
xfs
xfsinfo
xlsfonts
--
see also: /etc/X11/fs/config
FSCK
See p. 244 of File System Admin by Arleen Frisch
When FSCK prints error messages, mode values have the following meaning
01 - named pipe
02 - character special file
04 - directory
06 - block special file
10 - plain file
12 - symbolic link
14 - socket
FTP AS SHELL SCRIPT
1) Set up .netrc:
machine name login uid password string
chmod 700 .netrc
2) Set up FTP commands in crunin
ascii
get from to
.
.
quit
3) Set up shell program crun
ftp host < crunin
4) Execute shell program
sh crun
GPG
To create a GPG key:
gpg --gen-key
To encrypt a file using GPG key:
gpg -r userid --output file.gpg --encrypt file.txt
To decrypt a file using GPG key:
gpg -r userid --output file.txt --decrypt file.gpg
GRUB
See also BOOT LOADER
To boot Windows after Linux is uninstalled and GRUB was used for dual boot:
root (hd0,1)
chainloader +1
boot
HISTORY
To keep track of date & time when commands are executed, add to /etc/profile:
HISTSIZE=2000
HISTTIMEFORMAT="%m%d%H%M%S "
HOSTNAME
/proc/sys/kernel/hostname
/etc/sysconfig/network
/etc/hosts
HTTP
File /etc/httpd/conf.d/manual.conf contains "AliasMatch" directive
"AliasMatch" allows access to HTTP manual via: http://localhost/manual
This requires "LoadModule alias_module in /etc/httpd/conf/httpd.conf
HARDWARE RESOURCES
dmidecode - list hardware resources
kudzu - looks for new hardware
To Get a List of Attached Devices:
# cat /proc/scsi/scsi
# dmidecode -s <keyword>
keyword from the following list: bios-vendor, bios-version, bios-release-date, system-manufacturer,
system-product-name, system-version, system-serial-number, system-uuid, baseboard-manufacturer,
baseboard-product-name, baseboard-ver-sion, baseboard-serial-number, baseboard-asset-tag,
chassis-man-ufacturer, chassis-type, chassis-version, chassis-serial-number, chassis-asset-tag,
processor-family, processor-manufacturer, processor-version, processor-frequency.
# dmidecode -t <type>
type can be bios, system, baseboard, chassis, processor, memory, cache, connector, slot
INFO COMMAND
Selecting other nodes:
n # next node
p # previous node
[ # previous node in document
] # next node in document
t # top node in document
u # up to parent node
d # to directory node
g # go to node [g top = t]
l # last visited node
L # list of visited nodes (c-x c-b)
m # select menu item by name (identified by "* menu:")
r|f # follow x-ref (identified by "*Note xref-name: node-name")
tab # move to next hyperlink
b # beginning of node
e # end of node
Moving around:
spc|pgdn # next page (c-v)
bsp|pgup # previous page (m-v)
down arrow # next line (c-n)
up arrow # previous lines (c-p)
c-a # cursor to beginning of line
c-e # cursor to end of line
c-b # cursor back one char
c-f # cursor forward one char
Screen Commands
c-x 0 # close current window
c-x 1 # close all windows except current
c-x 2 # split window
c-x o # move cursor to other window
c-l # refresh screen
c-g # cancel operation
Searching
/|s # search (s for next entry)
c-s # interactive search forward
c-r # interactive search backward
} # find next occurence (c-x n)
{ # find previous occurence (c-x N)
i # search index (use "," for next entry)
R # toggle regular expression
Quiting and Help
q # quit (c-x c-c)
?|h # open a help window
INITIALIZATION OPTIONS
In /etc/bashrc for global effect:
PAGER="less"; export PAGER
LESS="-FXgij10"; export LESS
alias ls="ls -Fx --color=none"
alias r="fc -s"
set -o vi
IPTABLES
To Use the Menu Interface
# system-config-securitylevel
To Update the Rules
service iptables save
edit /etc/sysconfig/iptables
service iptables restart
Files:
/etc/init.d/iptables
/etc/sysconfig/iptables
/etc/sysconfig/iptables.save
Commands:
iptables-save [> filename]
iptables-restore [< filename]
service iptables start
iptables-restore < /etc/sysconfig/iptables
service iptables stop
iptables -t table -F (flush firewall rules)
iptables -t table -X (delete firewall chains)
iptables -t table -Z (set counters to zero)
iptables -t filter -P INPUT ACCEPT
iptables -t filter -P OUTPUT ACCEPT
iptables -t filter -P FORWARD ACCEPT
service iptables restart
service iptables stop
service iptables start
service iptables status
iptables -t table --list -n --verbose --line-numbers
service iptables save
iptables-save > /tmp/iptables.XXXXXX
cp -f /etc/sysconfig/iptables /etc/sysconfig/iptables.save
cp -f /tmp/iptables.XXXXXX /etc/sysconfig/iptables
iptables [-t table] {-A|-D|--append|--delete} chain rule-specification
iptables [-t table] {-F|-L|-Z|--flush|--list|--zero} [chain [rulenum]] [options...]
iptables [-t table] -D|--delete chain rulenum
iptables [-t table] -I|--insert chain [rulenum] rule-specification
iptables [-t table] -R|--replace chain rulenum rule-specification
iptables [-t table] -S|--list-rules [chain [rulenum]]
iptables [-t table] -N|--new-chain chain
iptables [-t table] -X|--delete-chain [chain]
iptables [-t table] -P|--policy chain target
iptables [-t table] -E|--rename-chain old-chain-name new-chain-name
table:
filter|nat|mangle|raw (default is filter)
chain:
INPUT|OUTPUT|FORWARD|PREROUTING|POSTROUTING|name
target:
ACCEPT|DROP|QUEUE|RETURN|chain
options:
-v|--verbose
-n|--numeric
--line-numbers
rule-specification:
-p|--protocol tcp|udp|icmp|all (protocols listed in /etc/protocols)
-s|--source addr[/mask]
-d|--destination addr[/mask]
-j|--jump target
-g|--goto chain
-i|--in-interface name
-o|--out-interface name
Match Extensions:
-p|--protocol allows use of match extensions implicitly
-m|--match module causes explicit load of module, thus enabling options:
Modules:
comment:
--comment "comment string"
connlimit:
--connlimit-above n
iprange:
--src-range from[-to]
--dst-range from[-to]
mac:
--mac-source address
multiport:
--source-ports|--sport port[,port|,port:port]...
--destination-ports|--dport port[,port|,port:port]...
--ports port[,port|,port:port]...
tcp:
--source-port|--sport port[:port]
--destination-port|--dport port[:port]
--tcp-flags mask comp
--syn
--tcp-option number
state:
--invalid
--established
--new
--related
--untracked
time:
--datestart
--datestop
--timestart
--timestop
--monthdays
--weekdays
Examples:
To insert in front of rule 5 of the INPUT chain a rule to accept protocol tcp whose state is new with a destination port of 2211:
iptables --insert INPUT 5 -p tcp -m state --state NEW --dport 2211 -j ACCEPT
JAVA
CLASSPATH=path_to_class_files
javac -d path_to_class_files source_file.java
java source_file
jinfo pid
JAVA TIMEZONE
To validate whether DST changes occur on the correct date for Java code, the following test code can be used:
import java.util.*;
import java.text.*;
class testdst {
public static void main(String args[]) {
if ((args.length != 4)) {
if ((args.length == 1) && args[0].equals("-list")) {
System.out.println("Available time zones are:");
String[] list = TimeZone.getAvailableIDs();
int i;
for(i = 0; i < list.length; i++)
System.out.println(list[i]);
}
else {
System.out.println("Usage testdst timezone year month day");
System.out.println("or testdst -list");
}
System.exit(1);
}
TimeZone t = TimeZone.getTimeZone(args[0]);
System.out.println("Using time zone " + t.getDisplayName());
System.out.println("Use parameter-list to get list of available time zones");
GregorianCalendar cal = new GregorianCalendar(t);
int year = new Integer(args[1]).intValue() - 1900;
int month = new Integer(args[2]).intValue() - 1;
int day = new Integer(args[3]).intValue();
Date d = new Date(year, month, day, 12, 0);
System.out.println("Testing date " + DateFormat.getDateInstance().format(d));
cal.setTime(d);
int offset_day = cal.get(Calendar.DST_OFFSET);
Date d2 = new Date(year, month, day-1, 12, 0);
cal.setTime(d2);
int offset_preday = cal.get(Calendar.DST_OFFSET);
if (offset_day == offset_preday)
System.out.println("There was no change in daylight saving time offset");
else
System.out.println("The daylight saving time offset was changed");
System.exit(0);
}
}
JBOSS
https://localhost:8443 (on cohort-ws1)
https://localhost:8443/mdaca (on cohort-ws1)
http://214.4.102.141:8080/jmx-console
http://214.4.102.141:8080/web-console
KERNEL MODULES
lsmod
KERNEL PAGE SIZE
getconf PAGESIZE
KERNEL VERSION
cat /proc/version
uname -a
KEYCODES
To see keycodes of special keys:
stty echo; cat -v; stty echo
enter special key
type ^D to quit
KPPP
Prevent KPPP from asking for root password:
Solution 1:
cd /etc/security/console.apps:
vi kppp:
comment out USER=root:
Solution 2:
ls -l /usr/bin/kppp
ls -l /usr/sbin/kppp
rm /usr/bin/kppp
chmod u+s /usr/sbin/kppp
ln -s /usr/sbin/kppp /usr/bin/kppp
LINE NUMBERING
nl -vstart -iincr -sstring -wwidth -nformat -bstyle
nl -v1000 -i10 -s -w4 -nrz -ba
DIRECTORY LINK COUNT
Link count represents the number of entries contained within a directory (always at least 2 to account for . and ..)
LOCKED ACCOUNT
To reset root password (must be in sudoers file):
sudo faillog -u root -r
Note: /etc/sudoers must contain "<someuserid> all=/usr/bin/faillog" for the above to work
For 64-bit systems, faillog has been replaced by pam_tally2
faillog -a list all failed logings
faillog -u user list failed logins for user
faillog -u user -l sec set lock time for user
faillog -u user -m max set max login fail count before lock
faillog -u user -r reset locked user
lastlog -u userid get last login date/time for user
pam_tally [--user userid] [--reset[=n]] set/reset login failure count
LOGICAL VOLUME MANAGEMENT
To reduce the size of a logical volume:
# umount <filesystem>
# e2fsck -f <filesystem>
# resize2fs <size> <filesystem>
# lvreduce --size <size> <filesystem>
# resize2fs <filesystem>
# mount <filesystem>
LOOPBACK
Create a file to hold the filesystem:
dd if=/dev/zero of=/.u01 bs=1024 count=20M (creates a 20G file)
Associate the file with a loopback device:
losetup /dev/loop0 /.u01
Create a filesystem on the loopback device:
mkfs -t ext3 -b 2048 -m 1 -v /dev/loop0
Create a mount point:
mkdir /u01
Mount the loopback device on the mount point:
mount -t ext3 /dev/loop0 /u01
LSOF
If an open file is accidentally deleted, use the following procedure to recover it:
$ lsof | grep filename
The output of the above should be something like this:
proc pid user nr REG 3,65 number number path (deleted)
less 4158 amachina 4r REG 3,65 123 1273 /home/f1 (deleted)
where "n" is the file descriptor (4)
Given the above information, you can take a look at the /proc entry:
$ ls -l /proc/4158/fd/4
Copy that file to a new location:
$ cp /proc/4158/fd/4 /tmp/newfile
MAILX COMMAND
To change from address:
mailx -s "subject" to@address.com -- -f from@address.com [ < from-file ]
To send HTML text:
#!/bin/bash
# parameter 1 = name of address file
IFS=","
MSGFILE="path to message text"
while read NAME ADDR
do
(
echo "From: somebody@somewhere.com"
echo "To: ${ADDR}"
echo "MIME-Version: 1.0"
echo "Subject: Some subject"
echo "Content-Type: Text/html"
cat ${MSGFILE}
) | sendmail -t
done < ${1}
where ${1} is a a text file containing the name and email address of the recipients (eg):
Alex Machina, address@domain.com
To set reply to address:
Create .mailrc and populate with: "set replyto=user@domain"
Message List Codes
n number
+ next undeleted
- prev undeleted
. current
^ first undeleted
$ last
* all
/str some string
:d deleted
:n new
:o old
:r read
:u unread
z +|-
MAJOR/MINOR CODES
During boot, Oracle mounts partitions identified by numbers. The numbers shown are major/minor device codes and are found in /proc/partitions
MAN PAGE SYMBOLIC LINKS
cd /usr/local/man/man3
for x in $(find /opt/appl/man/man3 -print)
do
ln -s $x $(basename $x)
done
MEMORY SIZE LINKS
free -mot (memory in MB)
view /proc/meminfo
wc -c /dev/mem
pmap (process memory map)
MOUSE
gpm -m /dev/input/mice -t imps2
MUTT
mutt [-a attachment] [-i include] [-s subject] [-b bcc] [-c cc] [-x] address
-x emulates mailx compose
Manual is at /usr/share/doc/mutt...
NFS
Basic setup
Create /etc/exports
chkconfig --level 345 portmap on
chkconfig --level 345 nfs on
service portmap restart
service nfs restart
mkdir /nfs_share
cd /nfs_share
mkdir disc1
mount -o loop /OS/Redhat4U2_x86_64/RHEL...disc1.iso /mnt
cp -r /mnt/* /nfs_share/disc1 [/disc1 is now exported via NFS]
Verify processes running:
rpcinfo -p
portmapper
rquotad
nfs
nlockmgr
mountd
Ensure client supports NFS:
cat /proc/filesystems
may need to "modprobe nfs"
Ensure portmapper is running on client:
/etc/ini.d: netfs, nfs, nfslock
May need to seupt /etc/hosts.allow
NSLOOKUP
server can't find : SERVFAIL
ensure /etc/resolv.conf contains "domain domain" entry
NTFS
To get name of kernel:
cat /etc/redhat-release
To get version of kernel:
uname -r
Download appropriate NTFS RPM:
rpm -ihv kernel-ntfs-rpm
[kernel-ntfs-2.4.18-14.i686.rpm or kernel-module-ntfs-x.x.x-y.i686.rpm]
To load kernel module:
modprobe ntfs
To get NTFS driver info:
dmesg | grep -i ntfs
To get list of filesystems supported by the kernel:
cat /proc/filesystem
To get device name of NTFS partition:
fdisk -l
To mount NTFS partition:
mount -t ntfs -o uid=500,gid=100,umask=022 /dev/hdax /mnt/windows
To get list of installed NTFS modules:
rpm -qa | grep -i ntfs
to uninstall a particular NTFS module:
rpm -e kernel-module-ntfs.rpm
NTP
To Ascertain If a Particular Server is a Timeserver:
# ntpdate -d <ip-of-sever>
To Check If an Association to a Configured Timeserver Exists:
# ntpq -np
Purpose of "restrict" keyword:
There is an internal list, each entry of which holds an address, a mask and a set of flags. On receipt of a packet, the source address of the packet is compared to each entry in the list, with a match being posted when the following is true: (source_addr & mask) == (addr & mask); A particular source address may match several list entries. In this case, the entry with the most one bits in the mask is chosen. The flags associated with this entry are used to control access.
References:
http://www.ntp.org
http://www.eecis.udel.edu/~mills/ntp
http://ntp.isc.org
Example:
restrict default nomodify notrap noquery
restrict 172.16.2.0 mask 255.255.255.0 nomodify notrap
restrict 214.4.102.0 mask 255.255.255.128 nomodify notrap
restrict 127.0.0.1
server ntp0.usno.navy.mil
server ntp1.usno.navy.mil
server ntp2.usno.navy.mil
driftfile /var/lib/ntd/drift
Windows NTP Client Setup
net time /querysntp:
net time /setsntp:ntp0.usno.navy.mil:
net stop w32time:
net start w32time
OPEN FILES
Provides list of open file descriptors:
ls -l /proc/pid/fd/*
List open files:
lsof (see also LSOF)
OPEN PORTS
Commands
netstat -tlnp (tcp/listening/numeric/program)
lsof -i -n (all Internet files / numeric)
nmap -sS [options] {host} (scan using TCP Sync)
nmap -sU [options] {host} (scan using UDP)
Ports
631 - Used by cupsd
5353 - Used by DNS multicast for things like Apple Bounjour
ORACLE NOTES
To Prevent Node Eviction in Case CPU is Very Busy:
# crsctl stop crs
# <crs_home>/bin/oprocd stop Ensure clusterware stack is down
# ps -ef | egrep "crsd.bin|ocssd.bin|evmd.bin|oprocd"
There should be no processes running
From one node of the cluster:
# crsctl set css diagwait 13 -force
# crsctl get css diagwait
# crsctl start crs
# crsctl check crs
CRS:
# service init.crs start
# su - "crsctl start" -l oracle
# su - "crsctl check <opt>" -l oracle {where <opt>: evmd|cssd|crsd}
Listener:
# su -c "lsnrctl <opt>" [name] -l oracle {where <opt>: start|stop|status}
PASSWORD CONTROL FILES
To force password change on next login:
chage -d 0 user
Some important files:
/etc/default/passwd
/etc/default/security
/etc/login.defs
/etc/pam.d/login
/etc/pam.d/system-auth
PCI DEVICES
# lspci
PERFORMANCE MONITORING
# sar -u 20 360 > /tmp/cpu
# sar -q 20 360 > /tmp/load
# iostat -t -d sdb1 sdc1 20 360 > /tmp/io
PRINTER CONFIGURATION
See /usr/share/cups/model/
/usr/bin/enable epson
/usr/bin/disable epson
/usr/sbin/accept epson
/usr/sbin/reject epson
lpstat -t
lpoptions -l
lpoptions -o resolution=180x180dpi|360x180dpi
PRIVATE IP ADDRESSES
Class A 10.0.0.0
Class B 172.16.0.0 - 172.31.0.0
Class C 192.168.0.0 - 192.168.255.255
PROCESSES
who -u
pstree -Apu username
ps -Ho pid,ppid,cmd -p pid,pid
RC.SYSINIT
Functions performed by rc.sysinit:
PATH=
HOSTNAME=
. /etc/sysconfig/network
NETWORKING=YES
HOSTNAME=
GATEWAY=
. /etc/init.d/functions
startup functions defined
mount -n -t proc /proc /proc
sysctl -e -p /etc/sysctl.conf
date
load keymaps / load fonts
swapon -a -e
hostname
/fsckoptions
/force check
/.autofsck
AUTOFSCK_TIMEOUT=
LVM initialization
mount -a -t nonfs,smbfs,ncpfs
/sbin/quotacheck
/sbin/quotaon
/sbin/accton
if [ -f /.unconfigured ]
/usr/sbin/password root
/usr/sbin/netconfig
/usr/sbin/kbdconfig
/usr/sbin/authconfig
/usr/sbin/ntsysv
clean up /var
clean up /etc
clean up utmp/wtmp
swapon -a
/bin/true
init serial ports
create /var/log/dmesg
create /usr/log/keyms.0
RECORD A SESSION
# script [-a] [file]
REMOTE DESKTOP
To establish an RDP connection to Windows 7 host pavilion from one of the Linux hosts:
From remote host A, logon to one of the Linux hosts (vectra, spectra, scc440) using ssh
Start vncserver from that host
# vncserver :<n> where n = port number to use
From remote host A, start vncviewer
# vncviewer --FullScreen elmtop:<n> (use F8 for options)
# rdesktop -f pavilion (use ctrl-alt-enter to toggle full screen mode)
REMOTE MOUNT
On host 1
service nfs start
service iptables stop
mount -o ro /dev/hdc /mnt/cdrom
On host 2
mount -o ro -t nfs :/mnt/cdrom /mnt
Supporting Commands:
rpcinfo -p ipli>
showmount -e ip
ROUTE COMMANDS
Linux: route add -net default netmask x.x.x.x gw x.x.x.x
Windows: route add 0.0.0.0 mask x.x.x.x y.y.y.y
RPM
/var/lib/rpm contains rpm db (can be rebuilt: rpm --rebuilddb [from packages])
/var/log/rpmpkgs contains current packages (see /etc/crontab)
CPU ARCHITECTURES:
intel 32-bit: i386,i486,i586,i686,athlon
intel 64-bit: ia64
hpalpha: alpha,alphaxx
sun: sparc,sparc9,sparc64
power pc: ppc,ppc64
motorola: m68k,m68kmint
sgi: sgi
imb rs6000: rs6000
ibm 390: i370,s390x,s90
Useful --query options:
--configfiles
(-c) displays change info for a pkg
--docfiles
(-d) lists documentation files
--info
(-i) displays pkg information; uses --queryformat if supplied
--list
(-l) lists files in pkg
--provides
lists capabilities this pkg provides
--scripts
lists scripts provided for installation/uninstallation
--state
pkg state: normal, not installed, replaced
To import a package GPG key:
rpm --import /usr/share/rhn/RPM-GPG-KEY
To query all installed packages:
rpm --query --all
To query pkg owning filename:
rpm --query --file filename
To list files this pkg provides:
rpm --query --provides pkg
To list files this pkg requires:
rpm --query --requires pkg
To list tag names:
rpm --querytags
To list using query tags:
rpm --query --queryformat '%{name}-%{version}-%{release}-(%{arch})\n' package
To list files in an rpm pkg file:
rpm2cpio pkg | cpio -t
To find what capabilities a package provides:
for x in $(ls -1)
do
echo ====
echo "$x provides"
rpm --query --provides --package $x
done
SCP
When scp produces a "stalled" message, refer to this excellent page for solutions:
http://linuxsecure.blogspot.com/2008/05/scp-stalled-through-firewall-ssh-no.html
Most expedient solution: use -l option to limit scp throughput
# scp -l <value> ...
SCREEN
To share a screen session:
On the control side:
$ screen - S <session_name>
ctrl-a :multiuser on
ctrl-a :acladd <userid>
On the client side:
$ screen -x <userid>/<session_name>;
where <userid> and <session_name> are from the control side
SENDEMAIL
SendEmail is a Windows command to send email
Synopsis: sendemail -f ADDRESS [options]
Required:
-f ADDRESS from (sender) email address
* At least one recipient required via -t, -cc, or -bcc
* Message body required via -m, STDIN, or -o message-file=FILE
Common:
-t ADDRESS [ADDR ...] to email address(es)
-u SUBJECT message subject
-m MESSAGE message body
-s SERVER[:PORT] smtp mail relay, default is localhost:25
Optional:
-a FILE [FILE ...] file attachment(s)
-cc ADDRESS [ADDR ...] cc email address(es)
-bcc ADDRESS [ADDR ...] bcc email address(es)
-xu USERNAME username for SMTP authentication
-xp PASSWORD password for SMTP authentication
Paranormal:
-b BINDADDR[:PORT] local host bind address
-l LOGFILE log to the specified file
-v verbosity, use multiple times for greater effect
-q be quiet (i.e. no STDOUT output)
-o NAME=VALUE advanced options, for details try: --help misc
-o message-file=FILE -o message-format=raw
-o message-header=HEADER -o message-charset=CHARSET
-o reply-to=ADDRESS -o timeout=SECONDS
-o username=USERNAME -o password=PASSWORD
-o tls=auto|yes|no -o fqdn=FQDN
Help:
--help the helpful overview you're reading now
--help addressing explain addressing and related options
--help message explain message body input and related options
--help networking explain -s, -b, etc
--help output explain logging and other output options
--help misc explain -o options, TLS, SMTP auth, and more
SENDMAIL
See: ALTERNATIVES for changing from postfix to sendmail
Some important files:
/etc/mail
/var/spool/mail
/var/spool/mail/mqueue
Warning: RunAsUser for MSP ignored, check group ids (egid=0, want=51); Try:
cd /var/spool
chown smmsp.smmsp clientmqueue
cd /usr/sbin
chown root.smmsp sendmail.sendmail
chmod +s sendmail.sendmail
Rejecting connections on daemon MTA:
load average: xx in /var/log/{messages|maillog}; Try:
Edit /usr/share/sendmail-cf/cf/submit.mc
Modify: QueueLa RefuseLa DelayLa ConnectionRateThrottle
Rebuild sendmail.cf using make
Cannot send local mail
Get "connection refused by hostname: Try:
Modify /etc/hosts.allow:
sendmail : localhost : allow
Cannot send mail to external host
Get "tcpwrappers rejection"
Get "stat=service unavailable"
Get "return to sender: service unavailable"; Try:
Modify /etc/hosts.allow:
sendmail : localhost.localdomain: allow
Aliases database out of date in logwatch report; Try:
aliases [to update /etc/aliases.db (due to update of /etc/aliases)]
After Updating "sendmail.mc", execute to make "sendmail.cf":
cd /etc/mail
m4 sendmail.mc > sendmail.cf
SERVICES
service --status-all
service service start|stop|status|restart|reload|condrestart
SHADOW FORMAT
See chage; See /etc/login.defs for default values for using useradd
amachina:x..x:13570:1:60:7:35:x:
| | | | | |_ account expires << chage -E yyyy-mm-dd usr
| | | | |_ lock n days after << chage -I n user
| | | |_ warn days << chage -W n user
| | |_ maximum age << chage -M n user
| |_ mininum age << chage -m n user
|_ last change since 1970 in days << chage -d n user
set last password change date << chage -d yyyy-mm-dd usr
SHELL FILE EXECUTION ORDER
Login Shell Shell started with --login option
Interactive Shell Shell started without -c option or with -i option
1) /etc/profile
...
for i in /etc/profile.d/*.sh
. $i
2) ~/.bash_profile
...
. ~/.bashrc
PATH=
# user variables
3) ~/.bashrc
...
. ./etc/bashrc
# user aliases and functions
4) /etc/basrhrc
...
umask
Interactive Login Shell or Non-Interactive Shell With --login Option:
/etc/profile /etc/profile
~/.bash_profile ~/.profile
~/.bashrc <- I put local changes here
/etc/bashrc <- I put global changes here
~/.bash_login
~/.profile
Interactive Shell That Is Not A Login Shell:
~./.bashrc . $ENV
/etc/bashrc
Non-Interactive Shell (to start a shell script):
if [ -n $BASH_ENV] (null)
then
. $BASH_ENV
fi
SSH
SSH1 Protocol, method 1:
If remote host contains /etc/hosts.equiv | /etc/ssh/shosts.equiv
And remote host contains username in /etc/passwd
Then remote host allows ssh logon to username>
SSH1 Protocol, method 2:
If remote host contains $HOME/.rhosts | $HOME/.shosts
Then remote host allows ssh logon to username
SSH1 Protocol, method 3:
If /etc/ssh/ssh_known_hosts | $HOME/.ssh/known_hosts
Can be verified against $HOME/.ssh/authorized_keys
Then remote host allows ssh logon to username
Format of hosts.equiv and shosts.equiv:
hostname
hostname username
Format of .rhosts and .shosts:
hostname> username
You are required to change your password immediately (password aged)
Your password has expired, the session cannot proceed
Connection to localhost closed:
In /etc/ssh/sshd_config:
Change "#UsePrivilegeSepartion yes" to "UsePrivilegeSeparation no"
This workaround should not be necessary if OpenSSH is version 3.8+
Also check for missing file /etc/security/opasswd
Host key verification failed:
Ensure /dev/tty permissions = rw-rw-rw- on server and client
ssh_exchange_identification: Connection closed by remote host:
Probably due to missing entry in /etc/hosts.allow allowing host to ssh
Some important files:
/etc/ssh/sshd_config
/etc/ssh/ssh_host_key
/etc/ssh/ssh_host_rsa_key
/etc/ssh/ssh_host_dsa_key
/etc/ssh/knownn_hosts
$HOME/.ssh/authorized_keys
$HOME/.ssh/known_hosts
STARTUP
/sbin/init
/etc/rc.d/rc.sysinit
/etc/inittab
/etc/rc.d/rc 0-6
/etc/X11/prefdm -daemon
/etc/bashrc
/etc/profile
~/.bash_profile
~/.bashrc
/etc/bashrc
~/.bash_login
~/.profile
SUDOERS
visudo
SYMBOLIC LINKS
ln -s source target
ln -s existing_file new_link_file
SYSLOG
Facility.Priority Action
auth debug
authpriv info
cron notice
daemon warning
kern err
lpr crit
mail alert
news emerg
syslog -----
user none
uucp
local0-7
Example:
authpriv.err /var/log/secure
SYSTEM CALLS
System call names are defined in: /usr/include/asm-x86_64/unistd.h
TABS
To set tabs on Vtxx terminal: tabs -n; tput init
To strip tabs from a file: cat infile | col -x outfile
TERMINAL PREFERENCES
Set Terminal Attributes (setterm)
setterm -blank 10
setterm -powersave on
setterm -powerdown 20
setterm -reset
Set User Preferences for X (xset)
xset -q
xset +|-dpms
xset s off
xset x 150
xset dpms 300 600 900
xset dpms force standby|suspend|off
TIMEZONE
NOTE: When timezone definitions change, Jave JRE should be updated because Java includes its own, slightly different timezone database (see JAVA TIMEZONE)
Set system time, using servers in /etc/ntp.conf:
ntpd -g -q
Set hardware clock to system time
hwclock --systohc
displays which timezone hardware clock is set to:
hwclock --debug
Provides value for TZ variable:
tzselect
Some important files:
/usr/share/zoneinfo contains timezone files
/usr/sbin/timeconfig creates /etc/localtime
/etc/localtime can be a symbolic link to /usr/share/zoneinfo/zone
/etc/sysconfig/clock (contains: ZONE=timezone, UTC=true|false, ARC=true|false
List DST change dates:
zdump -v EST5EDT | grep 2007
Use timezone as the local time:
zic -l EST5EDT
TOP
load ave: 1M, 5M, 15M
See "man mpstat" and "man vmstat" for definitions
See "www.ibm.com/developerworks/wikis/display/LinuxP/Measuring+stolen+CPU+cycles"
us: user cpu time
sy: system cpu time
ni: user nice cpu time
id: idle cpu time
wa: iowait cpu time
hi: hardware irq (servicing hardware interrupts)
si: software irq (servicing software interrupts)
st: steal time (time in involuntary wait by virtual cpu while hypervisor is
servicing another processor)
Commands:
c - command toggle
i - ignore zombie
k - kill
u - show specific user
A - sort by age
M - sort by mem
N - sort by pid
P - sort by cpu (default)
S - cumulative mode
T - sort by time
C|1 - collapse CPU info
VIM
Global Initialization File:
:scriptfiles # to find scriptfiles
MAC: /usr/share/vim/vimrc
Linux: /etc/vimrc
Some Useful SET Options For VIMRC:
set autoindent
set ignorecase
set smartcase
set shiftwidth=3
set showmatch
set showmode
set nowrapscan
set tabstop=8
set softtabstop=3
set wrapmargin=5
set nohls
syntax off
Help Commands
:h # general help
:h index # command index
:h user-manual # user manual table of contents
:h reference_toc # reference manual table of contents
:h motion.txt # list motion commands
:h x # help on normal mode command "x"
:h :x # help on command line command ":x"
:h i_x # help on insert mode command "x"
:h v_x # help on visual mode command "x"
:h c-x # help on c-x
:h enn # help on error number
:h pattern"tab" # help on pattern (tab to next pattern)
:h pattern"c-d" # help on pattern (all patterns at once)
:h 'option' # help on particular option
:options # get a list of options
:version # get list of where .vimrc, .exrc is
:helpg pattern # subcommands: :cn :cp :cfir :cla :copen :cclose
:args :file # get info about args, current file
:let # show current let bindings
:set # show current set bindings
Moving Around
% # matching ([{}])
w W # start of next word (next whitespace word)
b B # back to start of prev word (prev whitespace word)
e E # end of next word (next whitespace word)
ge gE # back to end of prev word (prev whitespace word)
0 $ # first char (last char)
fx Fx ; , # forward (back) to char x; repeat (opposite dir)
tx Tx ; , # forward (back) to before char x; repeat (opp dir)
gg G H M L # first last home middle last
c-] # jump to link: 'opt' ":cmd" |subject|
c-t # older entry in tag stack
c-o # older entry in jump list (jump back)
c-i # newer entry in jump list
c-w h|j|k|l # move to new window
Undo/Redo
u # undo
c-r # redo
Change/Delete Commands (Operators)
~ # switch case (see :set top, :set notop)
x X # delete char under, to left of cursor
d$ D # delete to end of line
dw db # delete from cursor to end, start of word
daw diw # delete word (including, not including white space)
dgg dG # delete from cursor to beginning, end of file
g~{motion} # swap case operator
{visual}~ # swap case of highlighted text
{visual}u {visual}Gu # make highlighted text lowercase/uppercase
gu{motion} gU{motion} # make lowercase, uppercase
! # filter through external program operator
gq # text formatting operator
< > # shift left, right operators
zf{motion} # create a fold
zd # delete fold at cursor
zo # open a fold under the cursor
zc # close one fold under the cursor
. # repeat prior change
Buffers and Files
:f # show current filename
:ls # list buffers
:b n # switch to buffer n
:buffers # show buffers
# where: % (current window) # (alternate buffer) + (modified buffer)
a=active buffer = (read only buffer)
Search Commands
* # # find next, prior string under cursor
g* g# # as above but don't treat string as a word
n N # find next, prior occurence
/\<word # find whole word that begins "word"
/word\> # find whole word that ends with "word"
Copy/Paste Commands
v .. move cursor .. y # yank visual mode section
"ry{motion} # yank some motion into register r
"rp # paste register r
"rd # delete into register r
:edit f1 :saveas f2 # edit f1, mod it, save it as f2; future :w to f2
Options and Miscellaneous Commands
:set cmdheight=n # to make more room for error displays
:set aw noaw # automatic write when moving between files
:set bk nobk # make backup copies (~ at end of name)
:set is nois # incremental search
:set hl nohl # highlight
:set hls nohls # highlight search
:set list nolist # list invisible characters
:set nu nonu # line numbers
:set top notop # tilde operator (see g~)
ga # print ascii value of char under cursor
g8 # print hex value of char under cursor
8g8 # find an illegal UTF-8 byte seq after the cursor
Highlight/Format Commands
:ce # center
:le # left align
:ri # right align
:hi clear linenr # clear line number highlight
:hi DiffAdd # change the foreground (ctermfg) or background (ctermbg) colors
:hi DiffChange # 0 = black 1 = dark red 2 = dark green
:hi DiffDelete # 3 = dark yellow 4 = dark blue 5 = dark magenta
:hi DiffText # 6 = dark cyan 7 = gray n* = turn on bold attribute
Window Commands
:sp :vsp # split current window (two views on same file)
:sp f1 :vsp f1 # split and edit file f1 (editing two files)
:new :vnew # split and edit empty file (editing two files)
:next :prev # move to next, prev file
:last :first # move to last, first file
c-w+ c-w- # increase, decrease window size
c-ww # switch to other window
<n>c-w_ # set window size to n
:clo # close current window
:qall :wall # quit all windows, write all windows
:wqall # write and quit all windows
Map Commands
:map Fx cmd # map function to command
:map ^V<F1>ix^V<esc> # F1 = insert "x" at cursor
NOTE: can also enter F1 and ESC as <F1> and <ESC>, using 4 or 5 chars instead of using C-V
File Commands
:edit <file> # close current file, edit new one
:args # show file arguments
:argadd <file> # add file to list of files being edited
:first :last :prev :next # edit first, last, previous, next file
:r <file> # insert file below cursor
:r !cmd # exec cmd and insert its stdout below cursor
Tags, Jump Lists and Marks
:tags # display tag stack
:pop :tag # older/newer entry in tag stack
:jumps # display jump list
c-o c-i # older/newer jump entry
`. # jump to last edit
`" # jump to last cursor
`<x> # jump to file mark
:m x # set mark x
:delm x # delete mark x
:marks :marks x # display marks, info about mark x
'x `x # goto line, line/column marked with x
'' # goto cursor position before last jump
'[ '] # goto start, end of last change
Visual Mode
v V c-v # enter character/line/block visual mode
o O # go to other end of highlighted text
<esc> # exit visual mode
Miscellaneous Commands
:vert diffs f1 # diff current file against f1 vertically
zo zc # open, close a fold
K # invoke "man" on token under cursor
Using a Clipboard
"*yy # put yanked line in clipboard
"#p # paste clipboard contents
Record a Script
q<register>
... enter commands ...
q # to quit recording
@<register> # to execute
VIRTUAL CONSOLES
See also X
chvt
openvt
deallocvt
tty|fgconsole
Print the name of the terminal in which you are typing this command. If you
prefer the number of the active terminal (instead of its name), it can be
printed using the command fgconsole.
CTRL-ALT-Fn (n=1..6)
Switch to the nth text terminal. (The same could be accomplished with the
rarely used command chvt n. "chvt" stands for "change virtual terminal").
In text terminal (outside X), you can also use Alt-Fn- (the key Ctrl- is
not needed).
CTRL-ALT-Fn (n=7..12)
Switch to the nth GUI terminal (if a GUI terminal is running on screen
n-1). On default, the first X server is running on terminal 7. On default,
nothing is running on terminals 8 to 12--you can start subsequent X server
there.
TAB
(In a text or X terminal) Autocomplete the command if there is only one
option, or else show all the available options. On newer systems you may
need to press Tab-Tab-. THIS SHORTCUT IS GREAT, it can truely save you
lots of time.
ARROWUP
(In a text or X terminal) Scroll and edit the command history. Press
Enter- to execute a historical command (to save on typing). ArrowDown-
scrolls back.
SHIFT-PGUP
Scroll terminal output up. This works also at the login prompt, so you can
scroll through your bootup messages. The amount/usage of your video memory
determines how far back you can scroll the display. Shift-PgDown- scrolls
the terminal output down.
CTRL-ALT-ESC
(in X-windows, KDE) Kill the window I am going to click with my mouse
pointer (the pointer changes to something like a death symbol). Similar
result can be obtained with the command xkill (typed in X-terminal). Useful
when an X-window program does not want to close (hangs?).
CTRL-ALT-BKSPC
(in X-windows) Kill the current X-windows server. Use if the X-windows
server cannot be exited normally.
CTRL-ALT-DEL
(in text terminal) Shut down the system and reboot. This is the normal
shutdown command for a user at the text-mode console. Don't just press the
"reset" button for shutdown!
CTRL-S
Stop the transfer to the terminal.
CTRL-Q
Resume the transfer to the terminal. Try if your terminal mysteriously
stops responding. See the previous command.
CTRL-Z
Send the current process to the background.
WINDOWS
Some Useful Linux-like Windows Commands
fc
find
findstr
for
forfiles
sort
tasklist
query
To require a password:
net user account_name /passwordreq:yes
To add a Windows Service:
sc
To enable ability to install programs after Gold Disk:
Administrative Tools > Local Security Policy > Local Policies >
User Rights Management > Manage Auditing and Security Policy
To fix black screen on install:
Possibile video card problems; may need to uninstall
any other drivers and set "standard VGA graphics adapter" for video
To prevent event logs from filling up with anonymous user login messages:
Try disabling file and printer sharing: Start > Control Panel > Network
Connections > Network Connection > Properties
To prevent autologon:
HKLM\Software\Microsoft\Windows NT\Current Version\Winlogon:
AutoAdminLogon=0
To open user management console:
control userpasswords2
To enable terminal services:
My Computer > Remote > Enable Remote Desktop
netstat -an shows computer listening on port 3389
To allow remote user to log in even though local security policy allows it:
Start > Administrative Tools > Local Security Policy
Security Settings > Local Policies > Security Options >
System cryptography: Use FIPS compliant algorithms = Disabled
To allow more than one RDP connection to Terminal Services:
If Start > Administrative Tools > Terminal Services Configuration >
Connections > RDP-Tcp Properties > Network Adapter > Maximum connections is grayed out:
Start > Run > gpedit.msc > Computer Configuration >
Administrative Templates > Windows Components >
Terminal Services > Limit number of connections
See also: HKLM\Software\Policies\Microsoft\Windows NT\Terminal Services:
MaxInstanceCount=n
To enable browsing to https sites:
HKCU > Software > Microsoft > Windows > CurrentVersion > Internet
Settings > ZoneMap > Ranges > Range1 > :Range REG_SZ xx.xx.xx.xx
https REG_DWORD 2
To control which programs startup:
HKLM > Software > Microsoft > Windows > CurrentVersion > Run
HKLM > Software > Microsoft > Windows > CurrentVersion > RunOnce
HKLM > Software > Microsoft > Windows > CurrentVersion > RunServices
HKLM > Software > Microsoft > Windows > CurrentVersion > RunServicesOnce
HKLM > Software > Microsoft > Windows > CurrentVersion > Policies > Explorer > Run
HKCU > Software > Microsoft > Windows > CurrentVersion > Run
HKCU > Software > Microsoft > Windows > CurrentVersion > RunOnce
HKCU > Software > Microsoft > Windows > CurrentVersion > RunOnceEx
HKCU > Software > Microsoft > Windows > CurrentVersion > Policies > Explorer > Run
To control dependencies of Windows Services:
HKLM > System > CurrentControlSet > Services
To disable compress old files:
HKLM > Software > Microsoft > Windows > CurrentVersion > Explorer > VolumeCaches > CompressOldFiles
To determine server uptime:
systeminfo | find /i "up time"
Format of Windows SendEmail Command:
sendemail -f "from" -t "to" -u "subject" -s "mailserver" -a "attachment" -m "message text" | -o message-file="filename"
WIRELESS
lwconfig eth0 essid TopperWireless mode Managed ap any rate auto key =0x<key>
WORKING WITH ISO's
To capture the contents of a CD Into an ISO image file
# dd if=/dev/cdrom of=image.iso
To create an ISO image file
Create a directory which will be populated with the file structure you want to create
# mkdir /tmp/isodir
Populate the directory
Create the ISO image file from the contents of the directory
# mkisofs -o image.iso -l -r -J -A appid -P pubid -V volid /tmp/dir
To view the contents of an ISO file
# mount -r -t iso9660 -o loop=/dev/loop0 image.iso /mnt
# cd /mnt
# ls
To write an ISO image file a CD
# cdrecord -v -pad -data speed=1 dev=x,y,z image.iso
# cdrecord -dev AT
NOTE: x,y,z can be determined from:
# cdrecord -scanbus
or
# cat /proc/scsi/scsi
NOTE: on Windows, use cdburn (available from Windows Resource Kit Tools [rktools.exe])
c:\ cdburn <drive-letter>: image.iso
To Download and ISO image
# curl -C - -o 'URL'
or
# wget -c 'URL'
To verify an ISO checksum
Download the ISO
Download the CHECKSUM file
Import GPG keys
$ curl https://fedoraproject.org/static/fedora.gpg | gpg --import
Verify that the checksum is valid
$ gpg --verify *-CHECKSUM
Fedora CHECKSUM signatures
Fedora 11: D22E77F2
Fedora 10: 4EBFC273
Fedora 9 and earlier: 4F2A6FD2
Now that CHECKSUM has been verified, ensure that ISO's checksum matches
$ sha256sum -c *-CHECKSUM
X
Some important files:
/usr/bin/startx
/etc/X11/xinit/xinitrc
/etc/X11/prefdm (this file contains a reference to /etc/sysconfig/desktop)
/etc/sysconfig/desktop GNOME|KDE|XDMContents of /etc/sysconfig/desktop:
DISPLAYMANAGER=GNOME|KDE|XDM
DESKTOP=GNOME|KDE
To allow dell.local.net to connect X to zenith.local.net
xhost +dell.local.net (on zenith)
To display X on zenith.local.net from dell.local.net
firefox --display=zenith.local.net:0.0
YUM
yum-utils
yum-complete-transaction
/var/lib/yum --- incomplete transactions