TechNotes

/usr/bin/emacs-24.5: sticky ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 2.6.32

The Linux alternatives system allows you configure the use of a specific executable referred to by a generic name. The typical example is to configure the use of a specific editor when several alternatives are available.

Suppose the following editors are installed on a system:

/usr/bin/vim
/usr/bin/gedit
/usr/bin/emacs
/bin/vi

First, you need to "install" these editors into the alternatives system. The general form of the "alternatives" command is:

# alternatives --install link name path priority

The "link" is just a name that you will use to invoke an editor; it should be something that exists in your PATH; in this case we will choose the value "/usr/bin/edit"
The "name" is a generic term that refers to some functionality; in this case we will choose "editor"; this will be installed in /etc/alternavites/<name> as a symbolic link
The "path" is the fully qualified path to some real, existing, executable
The "priority" is a number that determines which "alternative" is current

Now, let's "install" 3 of our alternatives in the alternatives system:

# alternatives --install /usr/bin/edit editor /usr/bin/vim 100

# alternatives --install /usr/bin/edit editor /usr/bin/gedit 200

# alternatives --install /usr/bin/edit editor /usr/bin/emacs 300

In this example, 3 of our 4 available editors have been installed in the alternatives system. The execution of the above 3 commands will cause the following:

Symbolic link /usr/bin/edit is created, pointing to /etc/alternatives/editor
Symbolic link /etc/alternatives/editor is created, pointing to /usr/bin/emacs
File /var/lib/alternatives/editor is created, with the following contents:

auto <--- the mode

/usr/bin/edit <--- the link (symbolic link /etc/alternatives/<name>)

/usr/bin/vim <--- the first alternative

100 <--- and its priority

/usr/bin/gedit <--- etc

200

/usr/bin/emacs

300

If we were to now execute the following command:

# alternatives --display editor

the alternatives system would consult the above file to display the current settings:

edit - status is auto

link currently points to /usr/bin/emacs

/usr/bin/vim - priority 100

/usr/bin/gedit - priority 200

/usr/bin/emacs - priority 300

Current 'best' version is /usr/bin/emacs

If we were to execute the following command:

# alternatives --config editor

The alternatives system would present us with a menu allowing us to change the settings. The "+" indicates which entry is current and the "*" indicates which entry is considered best (based on the priority).

If we wanted to introduce /bin/vi as a choice, we could:

# alternatives --install /usr/bin/edit editor /bin/vi 400

Instead of using "config" we could have used "--set" directly to select a new choice:

# alternatives --set editor /bin/vi

Note that "--set" can only be executed on an already "--installe[ed]" alternative

Relationship Between Contents of "/var/lib/alternatives/<name>" and "alternatives --install" Command

The generic format of the "alternatives --install" command is:

# alternatives --install link name path priority \

--slave slink1 sname1 spath1 \

--slave slink2 sname2 spath2 \

--slave slink3 sname3 spath3 \

--slave slink4 sname4 spath4

The execution of the command:

# alternatives --install /usr/bin/java java /usr/lib/jvm/jre-1.4.2-gcj/bin/java 1420 \

--slave /usr/lib/jvm/jre jre /usr/lib/jvm/jre-1.4.2-gcj \

--slave /usr/lib/jvm-exports/jre jre_exports /usr/lib/jvm-exports/jre-1.4.2-gcj \

--slave /usr/bin/keytool keytool /usr/lib/jvm/jre-1.4.2-gcj/bin/keytool \

--slave /usr/bin/rmiregistry rmiregistry /usr/lib/jvm/jre-1.4.2-gcj/bin/rmiregistry

would result in:

# cat /var/lib/alternatives/java <--- "java" is name

manual

/usr/bin/java <--- link

jre <--- sname1

/usr/lib/jvm/jre <--- slink1

jre_exports <--- sname2

/usr/lib/jvm-exports/jre <--- slink2

keytool <--- sname3

/usr/bin/keytool <--- slink3

rmiregistry <--- sname4

/usr/bin/rmiregistry <--- slink4

...blank line...

/usr/lib/jvm/jre-1.4.2-gcj/bin/java <--- path

1420 <--- priority

/usr/lib/jvm/jre-1.4.2-gcj <--- spath1

/usr/lib/jvm-exports/jre-1.4.2-gcj <--- spath2

/usr/lib/jvm/jre-1.4.2-gcj/bin/keytool <--- spath3

/usr/lib/jvm/jre-1.4.2-gcj/bin/rmiregistry <--- spath4

Note that "alternatives --display <name>" simply summarizes the contents of file "/var/lib/alternatives/<name>"

# alternatives --display java

java - status is manual

link currently points to /usr/lib/jvm/jre-1.4.2-gcj/bin/java

/usr/lib/jvm/jre-1.4.2-gcj/bin/java - priority 1450

slave jre: /usr/lib/jvm/jre-1.4.2.gcj

slave jre_exports: /usr/lib/jvm-exports/jre-1.4.2-gcj

slave keytool: /usr/lib/jvm/jre-1.4.2-gcj/bin/keytool

slave rmiregistry: /usr/lib/jvm/jre-1.4.2-gcj/bin/rmiregistry

Current 'best' version is /usr/lib/jvm/jre-1.4.2-gcj/bin/java

DIRCOLORS

dircolors is used to adjust the colors displayed by the "ls" command. To get the current settings:

$ dircolors -p > lscolors.txt

Now modify "lscolors.txt". Here is a summary of the codes used:

Attribute Text Background Color

00=none 30 40 black

01=bold 31 41 red

04=underscore 32 42 green

05=blink 33 43 yellow

07=reverse 34 44 blue

08=conceal 35 45 magenta

36 46 cyan

37 47 white

To "install" your modified "lscolors.txt":

$ eval $(dircolors lscolors.txt)

However, the easier way is to create "lscolors.txt" as ".dircolors" in your home directory. A file in /etc/profile.d (colorls.sh) detects the presence of ".dircolors" and uses it instead of the standard system version.

USER EQUIVALENCE

To setup user equivalence:

On HOST1:

# generate the host1 public and private keys

$ ssh-keygen -t {dsa|rsa}

# copy host1 public keys to host2

$ cd ~/.ssh

$ scp *.pub <userid>@<host2>:/tmp/

On HOST2:

# generate the host2 public and private keys

$ ssh-keygen -t {dsa|rsa}

# copy host2 public keys to host1

$ cd ~/.ssh

$ scp *.pub <userid>@<host1>:/tmp/

# append the public keys from host1 to the authorized_keys file

$ cat /tmp/*.pub >> authorized_keys

On HOST1:

# append the public keys from host2 to the authorized_keys file

$ cd ~/.ssh

$ cat /tmp/*.pub >> authorized_keys

NOTE: The ~/.ssh directory contains the public and private keys that belong to "this" host. The authorized_keys file contains the public keys of the other hosts (the ones allowed to ssh to this host). Repeat the process between all sets of hosts for which user equivalence is desired.

NOTE: Ensure that file authorized_keys has 600 (rw- --- ---) permissions.

VIM

Global Initialization File:

Linux: /etc/vimrc

Some Useful SET Options For VIMRC:

set autoindent set ignorecase set smartcase

set shiftwidth=3 set showmatch set showmode

set nowrapscan set tabstop=8 set softtabstop=3

set wrapmargin=5 set nohls syntax off

Help Commands

:h # general help

:h index # command index

:h user-manual # user manual table of contents

:h reference_toc # reference manual table of contents

:h motion.txt # list motion commands

:h x # help on normal mode command "x"

:h :x # help on command line command ":x"

:h i_x # help on insert mode command "x"

:h v_x # help on visual mode command "x"

:h c-x # help on c-x

:h enn # help on error number

:h pattern"tab" # help on pattern (tab to next pattern)

:h pattern"c-d" # help on pattern (all patterns at once)

:h 'option' # help on particular option

:options # get a list of options

:version # get list of where .vimrc, .exrc is

:helpg pattern # subcommands: :cn :cp :cfir :cla :copen :cclose

:args :file # get info about args, current file

:let # show current let bindings

:set # show current set bindings

Moving Around

% # matching ([{}])

w W # next word (next whitespace word)

b B # prev word (prev whitespace word)

e E # next word (next whitespace word)

ge gE # end of prev word (prev whitespace word)

0 $ # first char (last char)

fx Fx ; , # forward (back) to char x; repeat (opposite dir)

tx Tx ; , # forward (back) to before char x; repeat (opp dir)

gg G H M L # first last home middle last

c-] # jump to link: 'opt' ":cmd" |subject|

c-t # older entry in tag stack

c-o # older entry in jump list (jump back)

c-i # newer entry in jump list

c-w h|j|k|l # move to new window

Undo/Redo

u # undo

c-r # redo

Change/Delete Commands (Operators)

~ # switch case (see :set top, :set notop)

x X # delete char under, to left of cursor

d$ D # delete to end of line

dw db # delete from cursor to end, start of word

daw diw # delete word (including, not including white space)

dgg dG # delete from cursor to beginning, end of file

g~{motion} # swap case operator

{visual}~ # swap case of highlighted text

{visual}u {visual}Gu # make highlighted text lowercase/uppercase

gu{motion} gU{motion} # make lowercase, uppercase

! # filter through external program operator

gq # text formatting operator

< > # shift left, right operators

zf{motion} # create a fold

zd # delete fold at cursor

zo # open a fold under the cursor

zc # close one fold under the cursor

. # repeat prior change

Buffers and Files

:f # show current filename

:ls # list buffers

:b n # switch to buffer n

:buffers # show buffers

# where: % (current window) # (alternate buffer) + (modified buffer)

a=active buffer = (read only buffer)

Search Commands

* # # find next, prior string under cursor

g* g# # as above but don't treat string as a word

n N # find next, prior occurence

/\<word # find whole word that begins "word"

/word\> # find whole word that ends with "word"

Copy/Paste Commands

v .. move cursor .. y # yank visual mode section

"ry{motion} # yank some motion into register r

"rp # paste register r

"rd # delete into register r

:edit f1 :saveas f2 # edit f1, mod it, save it as f2; future :w to f2

Options and Miscellaneous Commands

:set cmdheight=n # to make more room for error displays

:set aw noaw # automatic write when moving between files

:set bk nobk # make backup copies (~ at end of name)

:set is nois # incremental search

:set hl nohl # highlight

:set hls nohls # highlight search

:set list nolist # list invisible characters

:set nu nonu # line numbers

:set top notop # tilde operator (see g~)

ga # print ascii value of char under cursor

g8 # print hex value of char under cursor

8g8 # find an illegal UTF-8 byte seq after the cursor

Highlight/Format Commands

:ce # center

:le # left align

:ri # right align

:hi clear linenr # clear line number highlight

:hi DiffAdd # change the foreground (ctermfg) or background (ctermbg) colors

:hi DiffChange # 0 = black 1 = dark red 2 = dark green

:hi DiffDelete # 3 = dark yellow 4 = dark blue 5 = dark magenta

:hi DiffText # 6 = dark cyan 7 = gray n* = turn on bold attribute

Window Commands

:sp :vsp # split current window (two views on same file)

:sp f1 :vsp f1 # split and edit file f1 (editing two files)

:new :vnew # split and edit empty file (editing two files)

:next :prev # move to next, prev file

:last :first # move to last, first file

c-w+ c-w- # increase, decrease window size

c-ww # switch to other window

<n>c-w_ # set window size to n

:clo # close current window

:qall :wall # quit all windows, write all windows

:wqall # write and quit all windows

Map Commands

:map Fx cmd # map function to command

:map ^V<F1>ix^V<esc> # F1 = insert "x" at cursor

NOTE: can also enter F1 and ESC as <F1> and <ESC>, using 4 or 5 chars instead of using C-V

File Commands

:edit <file> # close current file, edit new one

:args # show file arguments

:argadd <file> # add file to list of files being edited

:first :last :prev :next # edit first, last, previous, next file

:r <file> # insert file below cursor

:r !cmd # exec cmd and insert its stdout below cursor

Tags, Jump Lists and Marks

:tags # display tag stack

:pop :tag # older/newer entry in tag stack

:jumps # display jump list

c-o c-i # older/newer jump entry

`. # jump to last edit

`" # jump to last cursor

`<x> # jump to file mark

:m x # set mark x

:delm x # delete mark x

:marks :marks x # display marks, info about mark x

'x `x # goto line, line/column marked with x

'' # goto cursor position before last jump

'[ '] # goto start, end of last change

Visual Mode

v V c-v # enter character/line/block visual mode

o O # go to other end of highlighted text

<esc> # exit visual mode

Miscellaneous Commands

:vert diffs f1 # diff current file against f1 vertically

zo zc # open, close a fold

K # invoke "man" on token under cursor

Using a Clipboard

"*yy # put yanked line in clipboard

"#p # paste clipboard contents

Record a Script

q<register>

... enter commands ...

q # to quit recording

@<register> # to execute

MISCELLANEOUS

ALIAS

See .bashrc

aliases for "ls" colors are set in /etc/profile.d/colors.x (see /etc/profile)

alias r="fc -s"

alias ls="ls -Fx color=none"

alias ps="ps -Heo euser,pid,ppid,cputime,start,comm"

AUDIT

auditd

/etc/audit/auditd.conf

/etc/audit/audit.rules

/var/log/audit -> /var/log/audit.d/bin.n

auditctl

-e 0|1 [disable, enable auditing]

-l [list rules]

-s [status]

-a list,action -F name oper value [add rule to end of list]

-A list,action -F name oper value [add rule to beginning of list]

list = task, entry, exit, user, exclude

action = never, always

aureport

Selection Options:

--failed

-i --interpret

--success

-te --end (recent, today, yesterday, this-week)

-ts --start (recent, today, yesterday, this-week)

Report Options

-au --auth

-a --avc

-cr --crypto

-e --event

-f --file

-h --host

-l --login

-m --mods

-ma --mac

-r --response

-s --syscall

-u --user

-x --executable

ausearch

Selection Options:

-i --interpret

-te --end (today, yesterday, this-week)

-ts --start (today, yesterday, this-week)

-w --word (must match whole word)

Report Options

-a --event audit_event_id

-c --comm commnad_name

-f --file file_name

-ga --gid-all group_id

-hn --host hostname

-k --key key_string

-m --message message_type

-o --object se-linux-context

-p --pid pid

-pp --ppid ppid

-sc --syscall syscall_name_or_value

-se --context se-linux-context

-su --subject se-linux-context

-sv --success yes|no

-ua --uid-all userid

-x --executable executable name

BOOT ARGUMENTS

See "man bootparam"

/var/log/dmesg

/var/log/boot.log

cat /proc/cmdline

hda -> 1st IDE, master

hdb -> 1st IDE, slave

hdc -> 2nd IDE, master

hdd -> 2nd IDE, slave

BOOT LOADER

/etc/grub.conf

The master boot record (MBR):

The recommended place to install a boot loader, unless the MBR already starts another operating system loader, such as System Commander or OS/2's Boot Manager. The MBR is a special area on your hard drive that is automatically loaded by your computer's BIOS, and is the earliest point at which the boot loader can take control of the boot process. If you install it in the MBR, when your machine boots, GRUB (or LILO) will present a boot prompt. You can then boot Red Hat Enterprise Linux AS or any other operating system that you have configured the boot loader to boot.

The first sector of your root partition:

If you are already using another boot loader on your system (such as OS/2's Boot Manager). In this case, your other boot loader will take control first. You can then configure that boot loader to start GRUB (or LILO), which will then boot Red Hat Enterprise Linux AS.

Caution:

If you have a RAID card, be aware that some BIOSes do not support booting from the RAID card. In cases such as these, the boot loader should not be installed on the MBR of the RAID array. Rather, the boot loader should be installed on the MBR of the same drive as the /boot partition was created.

CERTIFICATES

# GENERIC INSTRUCTIONS

# create a private key then generate a certificate request from it

openssl genrsa -out privkey.pem 1024

openssl req -new -key privkey.pem -out certreq.pem

# same thing as above, but using req

# create a private key and a certificate request (all equivalent)

openssl req -new -out certreq.pem

openssl req -new -keyout privkey.pem -out certreq.pem

openssl req -newkey rsa:1024 -out certreq.pem

openssl req -newkey rsa:1024 -keyout privkey.pem -out certreq.pem

# remove the pass phrase from an RSA private key

openssl rsa -in privkey.pem -out privkey_npp.pem

# create a private key and self signed root certificate

openssl req -x509 -newkey rsa:1024 -keyout privkey.pem -out rootcert.pem

# create self signed root certificate from a private key

openssl x509 -req -in certreq.pem -signkey privkey_npp.pem -out rootcert.pem

# examine and verify a certificate request

openssl req -in certreq.pem -text -verify -noout

# encrypt a private key using triple DES

openssl rsa -in privkey.pem -des3 -out privkey_3des.pem

# convert a private key from PEM to DER format

openssl rsa -in privkey.pem -outform DER -out privkey.der

# print out components of private key

openssl rsa -in privkey.pem -text -noout

# print out public part of a private key

openssl rsa -in privkey.pem -pubout -out pubkey.pem

# EXAMPLE

# generate private key

openssl genrsa -des3 -out server.key 1024

# generate cert signing request

openssl req -new -key server.key -out server.csr

# remove pass phrase from key

cp server.key server.key.org

openssl rsa -in server.key.org -out server.key

# create self signed certificate

openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

# install certificate and private key

cp server.crt /usr/local/apache/conf/ssl.crt/

cp server.key /usr/local/apache/conf/ssl.key/

# configure ssl.conf

SSLEngine on

SSLCertificateFile /usr/local/apache/conf/ssl.crt/server.crt

SSLCertificateKeyFile /usr/local/apache/conf/ssl.key/server.key

COMPRESSION

.Z compress/uncompress

.gz gzip/gunzip

.zip, .jar, .war zip/unzip

.bz2 bzip2/bunzip2

CONFIGURATION FILES

See /usr/share/doc/initscripts-version/sysconfig.txt for details

/etc/hosts

/etc/sysconfig/network

GATEWAY=<gateway IP>

HOSTNAME=<fqdn by default, but whatever hostname you want>

GATEWAYDEV=<device to use when multiple devices have a gateway (eg eth0)>

IPV6FORWARDING=yes|no

IPV6INIT=yes|no

IPV6TO4_RADVD_PIDFILE=<pid-file> (obsolete)

IPV6_AUTOCONF=yes|no

IPV6_AUTOTUNNEL=yes|no

IPV6_DEFAULTDEV=<interface> (optional)

IPV6_DEFAULTGW=<IPv6 address[%interface]> (optional)

IPV6_RADVD_PIDFILE=<pid-file> (optional)

IPV6_RADVD_TRIGGER_ACTION=startstop|reload|restart|SIGHUP (optional)

IPV6_ROUTER=yes|no

IPX=yes|no

IPXAUTOFRAME=on|off

IPXAUTOPRIMARY=on|off

IPXINTERNALNETNUM=<netnum>

IPXINTERNALNODENUM=<nodenum>

NETWORKDELAY=<delay in seconds>

NETWORKING=yes|no

NETWORKING_IPV6=yes|no

NISDOMAIN=<nis domain name>

VLAN=yes|no

/etc/sysconfig/network-scripts/ifcfg-eth0

BOOTPROTO=none|bootp|dhcp

DEVICE=<name of physical device

DHCLIENT_IGNORE_GATEWAY=yes|no|1|0

DHCPRELEASE=yes|no|1|0

DNS{1,2}=<ip address>

GATEWAY=

HOTPLUG=yes|no

HWADDR= ethernet hardware address for this device

IPADDR=

MACADDR=use of this in with HWADDR= may cause unintended behavior

METRIC=metric for the default route using GATEWAY

MTU=default MTU for this device

NAME=<friendly name for users to see>

NETMASK=

NM_CONTROLLED=yes|no

NOZEROCONF=

ONBOOT=yes|no (not valid for alias devices; use ONPARENT)

PEERDNS=yes|no

PERSISTENT_DHCLIENT=yes|no|1|0

SCOPE= Ethernet with BOOTPROTO=none

SRCADDR= use the specified source address for outgoing packets

USERCTL=yes|no

WINDOW= Default window for routes from this device

If BOOTPROTO is not "none", then the only other item that must be set is the DEVICE item; all the rest will be determined by the boot protocol. No "dummy" entries need to be created.

Base items being deprecated:

NETWORK=<will be calculated automatically with ipcalc>

BROADCAST=<will be calculated automatically with ipcalc>

Alias specific items:

ONPARENT=yes|no

Whether to bring up the device when parent device is brought up.

Wireless-specific items:

See iwconfig(8) for additional information.

CHANNEL= Ignored if MODE=Managed.

DEFAULTKEY=<default key index>

ESSID= Defaults to "any".

FRAG=[off|<fragmentation threshold>

FREQ= Ignored if MODE=Managed.

IWCONFIG=<other iwconfig(8) options>

IWPRIV=<iwpriv(8) commands>

KEY=<default WEP key>

KEY{1,2,3,4}=<WEP key with the given index>

NWID=

RATE=

RTS=[auto|fixed|off|<rts threshold>

SECURITYMODE=[on|off|open|restricted]

SENS=<sensitivity threshold>

SPYIPS=<list of IP addresses to monitor for link quality>

/etc/resolv.conf

search <domain> | domain <domain> (search/domain mutually exclusive)

nameserver x.x.x.x

/etc/nsswitch.conf

where to look first to resolve names

/etc/sysconfig/static-routes

any host x.x.x.x netmask x.x.x.x gw x.x.x.x

route add -host 192.168.100.17 netmask 255.255.255.0 gw 172.16.22.1

See /etc/init.d/network

/etc/localtime

/usr/share/zoneinfo/EST5EDT

/etc/security/opasswd

/etc/ntp.conf

/usr/lib/X11/app-defaults

$HOME/.Xresources

$HOME/.Xdefaults

/etc/rc.d/rc.sysinit

AUTOFSCK_TIMEOUT=15

CRON

/var/spool/cron/

/etc/crontab

/etc/cron.hourly/

/etc/cron.daily/

/etc/cron.weekly/

/etc/cron.monthly/

/etc/cron.d/sysstat

minute: 0-59 | a-b/n | */n

hour: 0-23

day_of_month: 1-31

month: 1-12

day_of_week: 0-7 (0 or 7 is Sunday)

DIRECTORY PERMISSIONS

Need read to use ls on directory

Need write to add/remove files in directory

Need execute to cd into directory or use it as part of a path

If you don't have execute in all directories along a path to a file you cannot use the file regardless of the file's permissions

If you don't have read permissions to a directory, file name expansion will not work on that directory's files; you must use the full pathname to access files

If you don't have write permission you cannot move, create or remove files in the directory

If you have write permissions in a directory, you can remove a file, regardless of the file's permissions or who the owner is. However, as of SVR3.2, if a directory is writable and the sticky bit is set, a user can remove a file in that directory only if the user owns the file, or the user owns the directory, or the file is writable by the user, or the user is root.

DISK FAILURE

To copy physical disk to another:

dd if=/dev/hda of=/dev/hdb bs=1k conf=sync,noerror

DISK INFORMATION

fdisk -l

fdisk -l /dev/hdx

sfdisk -l

sfdisk -l /dev/hdx

hdparm -i /dev/hdx

hdparm -I /dev/hdx

parted /dev/hdx

EDITING .WAR FILES

Get table of contents:

unzip -l some.war | less

Get table of contents, listing a particular element:

unzip -l some.war '*/element'

Extract particular element to stdout:

unzip -c some.war '*/element'

Extract particular element into some directory:

unzip -d dir some.war '*/element'

Extract particular element into some directory, but remove paths:

unzip -j -d dir some.war '*/element'

Extract particular element into current directory, preserving paths:

unzip some.war '*/element'

Extract particular element into current directory, but remove paths:

unzip -j some.war '*/element'

Remove a particular element:

zip -d some.war '*/element'...

Replace a particular element:

zip -f some.war path/element

Replace all elements recursively:

zip -fr some.war path/

FILE ACCESS TIMES

When using find or ls:

To get file access time: use -atime for find, -tu for ls

To get file status change time: use -ctime for find, -tc for ls

To get file modification time: use -mtime for find, -t for ls

FILE AND DIRECTORY PERMISSIONS

Linux files are setup so access to them is controlled. There are three

types of access: 1. read 2. write 3. execute

Each file belongs to a specific user and group. Access to the files is

controlled by user, group, and what is called other. The term, other, is

used to refer to someone who is not the user (owner) of the file, nor is

the person a member of the group the file belongs to. When talking about

setting permissions for "other" users to use, it is commonly referred to as setting the world execute, read, or write bit since anyone in the world

will be able to perform the operation if the permission is set in the other category.

File names and permission characters

File names can be up to 256 characters long with "-", "_", and "."

characters along with letters and numbers. When a long file listing is done, there are 10 characters that are shown on the left that indicate type and permissions of the file. File permissions are shown according to the following syntax example: drwerwerwe

There are a total of 10 characters in this example, as in all Linux files.

The first character indicates the type of file, and the next three indicate read, write, and execute permission for each of the three user types, user, group and other. Since there are three types of permission for three users, there are a total of nine permission bits. The table below shows the syntax:

1 2 3 4 5 6 7 8 9 10

d r w e r w e r w e

* Character 1 is the type of file: - is ordinary, d is directory, l is link.

Characters 2-4 show owner permissions.

Characters 5-7 show group permissions.

Characters 8-10 show permissions for all other users.

There are 5 possible characters in the permission fields. They are:

r = read - This is only found in the read field.

w = write - This is only found in the write field.

x = execute - This is only found in the execute field.

s = setuid - This is only found in the execute field.

- = no permission.

Examples

Type "ls -l" and a listing like the following is displayed:

total 10

drwxrwxrwx 4 george team1 122 Dec 12 18:02 Projects

-rw-rw-rw- 1 george team1 1873 Aug 23 08:34 test

-rw-rw-rw- 1 george team1 1234 Sep 12 11:13 datafile

The fields are as follows:

1. Type field: The first character in the field indicates a file type of one of the following:

d = directory

l = symbolic link

s = socket

p = named pipe

- = regular file

c = character (unbuffered) device file special

b = block (buffered) device file special

2. Permissions are explained above.

3. Links: The number of directory entries that refer to the file. In our example, there are four.

4. The file's owner in our example is George.

5. The group the file belongs to. In our example, the group is team1.

6. The size of the file in bytes

7. The last modification date. If the file is recent, the date and time is shown. If the file is not in the current year, the year is shown rather than time.

8. The name of the file.

Set User Identification Attribute

The file permissions bits include an execute permission bit for file owner, group and other. When the execute bit for the owner is set to "s" the set user ID bit is set. This causes any persons or processes that run the file to have access to system resources as though they are the owner of the file. When the execute bit for the group is set to "s", the set group ID bit is set and the user running the program is given access based on access permission for the group the file belongs to. The following command:

chmod +s myfile

sets the user ID bit on the file "myfile".

chmod g+s myfile

sets the group ID bit on the file "myfile".

The listing below shows a listing of two files that have the group or user

ID bit set.

-rws--x--x 1 root root 14024 Sep 9 1999 chfn

-rwxr-sr-x 1 root mail 12072 Aug 16 1999 lockfile

The files chfn and lockfile are located in the directory "/usr/bin". The

"s" takes the place of the normal location of the execute bit in the file

listings above. This special permission mode has no meaning unless the file has execute permission set for either the group or other as well. This means that in the case of the lockfile, if the other users (world execute) bit is not set with permission to execute, then the user ID bit set would be meaningless since only that same group could run the program anyhow. In both files, everyone can execute the binary. The first program, when run is executed as though the program is the root user. The second program is run as though the group "mail" is the user's group.

For system security reasons it is not a good idea to set many program's set user or group ID bits any more than necessary, since this can allow an

unauthorized user privileges in sensitive system areas. If the program has

a flaw that allows the user to break out of the intended use of the

program, then the system can be compromised.

Directory Permissions

There are two special bits in the permissions field of directories. They

are:

s - Set group ID

t - Save text attribute (sticky bit) - The user may delete or modify only those files in the directory that they own or have write permission for.

Save text attribute

The /tmp directory is typically world-writable and looks like this in a

listing:

drwxrwxrwt 13 root root 4096 Apr 15 08:05 tmp

Everyone can read, write, and access the directory. The "t'' indicates that only the user (and root, of course) that created a file in this directory can delete that file. To set the sticky bit in a directory, do the following:

chmod +t data

This option should be used carefully. A possible alternative to this is

1. Create a directory in the user's home directory to which he or she can write temporary files.

2. Set the TMPDIR environment variable using each user's login script.

3. Programs using the tempnam(3) function will look for the TMPDIR variable and use it, instead of writing to the /tmp directory.

Directory Set Group ID

If the setgid bit on a directory entry is set, files in that directory will have the group ownership as the directory, instead of than the group of the user that created the file. This attribute is helpful when several users need access to certain files. If the users work in a directory with the setgid attribute set then any files created in the directory by any of the users will have the permission of the group. For example, the administrator can create a group called spcprj and add the users Kathy and Mark to the group spcprj. The directory spcprjdir can be created with the set GID bit set and Kathy and Mark although in different primary groups can work in the directory and have full access to all files in that directory, but still not be able to access files in each other's primary group.

The following command will set the GID bit on a directory:

chmod g+s spcprjdir

The directory listing of the directory "spcprjdir":

drwxrwsr-x 2 kathy spcprj 1674 Sep 17 1999 spcprjdir

The "s'' in place of the execute bit in the group permissions causes all

files written to the directory "spcprjdir" to belong to the group "spcprj".

Note: Linux files were displayed with a default tab value of 8 in older

Linux versions. That means that file names longer than 8 may not be

displayed fully if you are using an old Linux distribution. There is an

option associated with the ls command that solves this problem. It is "-T".

Ex: "ls al -T 30" to make the tab length 30.

Umask Settings

The umask command is used to set and determine the default file creation

permissions on the system. It is the octal complement of the desired file

mode for the specific file type. Default permissions are:

777 - Executable files

666 - Text files

These defaults are set allowing all users to execute an executable file and not to execute a text file. The defaults allow all users can read and write the file. The permission for the creation of new executable files is calculated by subtracting the umask value from the default permission value for the file type being created. An example for a text file is shown below with a umask value of 022:

666 Default Permission for text file

-022 Minus the umask value

-----

644 Allowed Permissions

Therefore the umask value is an expression of the permissions the user,

group and world will not have as a default with regard to reading, writing, or executing the file. The umask value here means the group the file belongs to and users other than the owner will not be able to write to the file. In this case, when a new text file is created it will have a file permission value of 644, which means the owner can read and write the file, but members of the group the file belongs to, and all others can only read the file. A long directory listing of a file with these permissions set is shown below.

-rw-r--r-- 1 root workgrp 14233 Apr 24 10:32 textfile.txt

A example command to set the umask is:

umask 022

The most common umask setting is 022. The /etc/profile script is where the

umask command is usually set for all users. Red Hat Linux has a user and group ID creation scheme where there is a group for each user and only that user belongs to that group. If you use this scheme consistently you only need to use 002 for your umask value with normal users.

FONTS

chkfontpath -l

chkfontpath -a font_dir

chkfontpath -r font_dir

fc-list

xfs

xfsinfo

xlsfonts

FSCK

See p. 244 of File System Admin by Arleen Frisch

When FSCK prints error messages, mode values have the following meaning

01 - named pipe

02 - character special file

04 - directory

06 - block special file

10 - plain file

12 - symbolic link

14 - socket

GPG

To create a GPG key:

gpg --gen-key

To encrypt a file using GPG key:

gpg -r userid --output file.gpg --encrypt file.txt

To decrypt a file using GPG key:

gpg -r userid --output file.txt --decrypt file.gpg

GRUB

HISTORY

To keep track of date & time when commands are executed, add to /etc/profile:

HISTSIZE=2000

HISTTIMEFORMAT="%m%d%H%M%S "

HOSTNAME

/proc/sys/kernel/hostname

/etc/sysconfig/network

/etc/hosts

HARDWARE RESOURCES

dmidecode - list hardware resources

kudzu - looks for new hardware

To Get a List of Attached Devices:

# cat /proc/scsi/scsi

# dmidecode -s <keyword>

<keyword> can be:

bios-vendor, bios-version, bios-release-date, system-manufacturer,

system-product-name, system-version, system-serial-number, system-uuid, baseboard-manufacturer, baseboard-product-name, baseboard-ver-sion, baseboard-serial-number, baseboard-asset-tag, chassis-man-ufacturer, chassis-type, chassis-version, chassis-serial-number, chassis-asset-tag,

processor-family, processor-manufacturer, processor-version, processor-frequency.

# dmidecode -t <type>

<type> can be bios, system, baseboard, chassis, processor, memory, cache, connector, slot

INFO COMMAND

Selecting other nodes:

n # next node

p # previous node

[ # previous node in document

] # next node in document

t # top node in document

u # up to parent node

d # to directory node

g # go to node [g top = t]

l # last visited node

L # list of visited nodes (c-x c-b)

m # select menu item by name (identified by "* menu:")

r|f # follow x-ref (identified by "*Note xref-name: node-name")

tab # move to next hyperlink

b # beginning of node

e # end of node

Moving around:

spc|pgdn # next page (c-v)

bsp|pgup # previous page (m-v)

down arrow # next line (c-n)

up arrow # previous lines (c-p)

c-a # cursor to beginning of line

c-e # cursor to end of line

c-b # cursor back one char

c-f # cursor forward one char

Screen Commands

c-x 0 # close current window

c-x 1 # close all windows except current

c-x 2 # split window

c-x o # move cursor to other window

c-l # refresh screen

c-g # cancel operation

Searching

/|s # search (s for next entry)

c-s # interactive search forward

c-r # interactive search backward

} # find next occurence (c-x n)

{ # find previous occurence (c-x N)

i # search index (use "," for next entry)

R # toggle regular expression

Quiting and Help

q # quit (c-x c-c)

?|h # open a help window

KEYCODES

To see keycodes of special keys:

stty echo; cat -v; stty echo

enter special key

type ^D to quit

LINE NUMBERING

nl -vstart -iincr -sstring -wwidth -nformat -bstyle

nl -v1000 -i10 -s -w4 -nrz -ba

DIRECTORY LINK COUNT

Link count represents the number of entries contained within a directory (always at least 2 to account for . and ..)

LOCKED ACCOUNT

To reset root password (must be in sudoers file):

sudo faillog -u root -r

Note: /etc/sudoers must contain "<someuserid> all=/usr/bin/faillog" for the above to work

For 64-bit systems, faillog has been replaced by pam_tally2

faillog -a list all failed logings

faillog -u user list failed logins for user

faillog -u user -l sec set lock time for user

faillog -u user -m max set max login fail count before lock

faillog -u user -r reset locked user

lastlog -u userid get last login date/time for user

pam_tally [--user userid] [--reset[=n]] set/reset login failure count

LOOPBACK

Create a file to hold the filesystem:

dd if=/dev/zero of=/.u01 bs=1024 count=20M (creates a 20G file)

Associate the file with a loopback device:

losetup /dev/loop0 /.u01

Create a filesystem on the loopback device:

mkfs -t ext3 -b 2048 -m 1 -v /dev/loop0

Create a mount point:

mkdir /u01

Mount the loopback device on the mount point:

mount -t ext3 /dev/loop0 /u01

MAN PAGE SYMBOLIC LINKS

cd /usr/local/man/man3

for x in $(find /opt/appl/man/man3 -print)

do

ln -s $x $(basename $x)

done

PCI DEVICES

# lspci

PRIVATE IP ADDRESSES

Class A 10.0.0.0

Class B 172.16.0.0 - 172.31.0.0

Class C 192.168.0.0 - 192.168.255.255

RECORD A SESSION

# script [-a] [file]

RPM

Useful --query options:

--configfiles displays change info for a pkg

--docfiles lists documentation files

--info displays pkg information; uses --queryformat if supplied

--list lists files in pkg

--provides lists capabilities this pkg provides

--scripts lists scripts provided for installation/uninstallation

--state pkg state: normal, not installed, replaced

To import a package GPG key:

rpm --import /usr/share/rhn/RPM-GPG-KEY

To query all installed packages:

rpm --query --all

To query pkg owning filename:

rpm --query --file filename

To list files this pkg provides:

rpm --query --provides pkg

To list files this pkg requires:

rpm --query --requires pkg

To list tag names:

rpm --querytags

To list using query tags:

rpm --query --queryformat '%{name}-%{version}-%{release}-(%{arch})\n' package

To list files in an rpm pkg file:

rpm2cpio pkg | cpio -t

To find what capabilities a package provides:

for x in $(ls -1)

do

echo ====

echo "$x provides"

rpm --query --provides --package $x

done

SCREEN

To share a screen session:

On the control side:

$ screen - S <session_name>

ctrl-a :multiuser on

ctrl-a :acladd <userid>

On the client side:

$ screen -x <userid>/<session_name>;

where <userid> and <session_name> are from the control side

SHADOW FORMAT

See chage; See /etc/login.defs for default values for using useradd

amachina:x..x:13570:1:60:7:35:x:

| | | | | |_ account expires << chage -E yy-mm-dd usr

| | | |_ warn days << chage -W n user

| | |_ maximum age << chage -M n user

| |_ mininum age << chage -m n user

|_ last change since 1970 in days << chage -d n user

set last password change date << chage -d yy-mm-dd usr

SHELL FILE EXECUTION ORDER

Interactive Login Shell or Non-interactive Shell with --login option:

/etc/profile

~/.bash_profile

~/.bashrc <- I put local changes here

/etc/bashrc <- I put global changes here

~/.bash_login

~/.profile

Interactive Shell That Is Not A Login Shell:

~./.bashrc

/etc/bashrc