Upload
kyree-ale
View
235
Download
13
Tags:
Embed Size (px)
Citation preview
Introduction to
Linux (Unix)
Computer System
• The Hardware– the CPU, memory, and I/O devices
• The Operating System– controls and coordinates the use of hardware among the
various application programs for the various users• The Application Programs
– defines the ways in which resources, such as word processors, spreadsheets, and compiles, are used to solve the computing problems of the users.
• The Users– you and me
Operating System
• It provides an environment within which other programs can do useful work
• The OS is a resource allocator by managing the system resources and allocating them to programs and users as needed
• The OS is a control program by controlling the execution of user programs to prevent errors and improper use of the computer
Standard Of OS
ALL reasonably sophisticated operating systems are the same in that they all provide "standard" features that more or less define the purpose of an OS:
• Hardware-level I/O • Job control • Memory management • Task switching • Utilities for management
Unix Evolution
• In 1965 Bell Labs joined with General Electric and MIT to create a new operating system to be called “Multics” (Multiplexed Information and Computing Service)
• In 1969 AT&T, the parent to Bell Labs, withdrew from the Multics project and went with an existing GE OS called “GECOS”
• The researchers decided to fashion their own version of the Multics and that summer introduced “Unics” (UNiplexed Information and Computing Service) and then finally called “Unix”
Unix Evolution
• From 1969 to 1991 Unix went thru many revisions
• Other companies and universities introduced their own versions of the operating system such as HP-UX, BSD, AIX, IRIX, and Solaris
• In 1987 Professor Andrew S. Tanenbaum invents Minix, an open-source operating system that's a clone of Unix
Linux
• In 1991 Linux is introduced by Linus Torvald, a student in Finland
• The project that started as a hobby, became a full-fledged OS when Linus posted the source code at a bulletin board asking people for suggestions and improvements, which received an overwhelming response!
What is Linux
• Linux is an implementation of UNIX.
• Linux is completely Free under GPL (GNU Public License).
• First stable release: Linux kernel v1.0 in March 1994.• Stable kernel versions have even sub-version numbers
(1.2, 1.4, 2.0, 2.2, 2.4). Experimental versions have odd numbers (1.1, 1.3, 2.1, 2.3, 2.5).
Layers of a Linux System
User
Shells
UNIX OS kernel
Hardware
Access through user mode
Access through kernel mode
Linux Features
Free – no per-user licensing.
Stable – continuous uptime of one or more years is not uncommon for Linux installations.
Secure – primarily as a result of open peer review throughout its development.
Internet-ready – Linux was designed from the ground up as a network operating system.
Open – based on published standards and built for interoperability.
Linux Features
• Can run on 386 with 4MB RAM.
• Users don't have to upgrade hardware as often.
• “Obsolete" machines can be productive as terminals or even servers. (A 486 with 16MB RAM makes an excellent server or internet firewall for a home or small office.)
Linux Features
• Linux Support many File Systems e.g
autofs, ext, ext2, ext3, iso9660, minix, msdos, nfs,
vfat, xenix, etc.
• Easy to mount all the file systems in different paths.
File System
• A file is the basic component for data storage
• UNIX considers everything it interacts with as a file, even devices such as monitors
• A directory can contain other files and directories
• The tree-like structure for UNIX file systems starts at the root level
-Root is the file at this level, denoted by character “/”
Directory Structure
/
class etc dev
51223
daws3489mart2345
newfile myfile
Linux Distribution?
• Linux is just an operating system
• Does not include any applications, no word processors, games, programming languages, or even installers!
• Different people bundle different applications with Linux and call it a “Linux Distribution”
• Some distros cost $$$ (RedHat) while others do not (Debian)
Common Linux Distributions
• Red Hat
• Mandrake
• SuSE
• Caldera
• Turbo Linux
• VaLinux
How Linux is Different then Other OS?
• Several hardware platforms Support (Intel, Mac (68K and PPC), Alpha, MIPS, ...)
• Several users (or the same person more than once) can Work on the same machine at the same time. Each user can run several tasks.
• A secure file permission system. • Users cannot be allowed to affect each other or the OS. • User(s) must log in (id/password) before use. • Programs compiled to run on Linux do not run on
DOS/Windows. Some DOS and Windows programs can be run under Linux using emulators.
Some Linux Applications
• Graphical Environment - KDE/Gnome/IceWM, Others
• Browsers - Mozilla/Konqueror/ Netscape
• E-Mail - Kmail/Evolution
• Ftp Client - gftp
• Multimedia - XMMS/Xine/Cdparanoia/Cdrecord
• Security - iptables/ipchains
• Office Suite - OpenOffice/StarOffice/KOffice
• File Browser - Konqueror
• Editors - Joe, VI, Kwrite, Gedit, OpenOffice Writer
• Languages - C++, FORTRAN, Perl, Emacs, Php etc are build in Linux and can be upgraded with latest release available on net.
Where does Linux fit ?
• File and print serving in heterogeneous environments (Samba, Netatalk, NFS).
• Web serving (Apache).
• Proxy Server (Squid)
• Network infrastructure (DNS/DHCP, LDAP).
• Network security (fire walling, IP masquerading, NAT).
• EMAIL and NEWS SERVER (Internet Exchange, Sendmail, NNTP, list servers).
Disadvantages of Linux
• Flexibility can be intimidating:
• Complex installation - no "turnkey", minimal PnP.
• Most vendors won't pre-install onto a new computer.
• Many command options (but you can use a GUI instead).
• Never originally designed to be user-friendly.
• Can have significant learning curve moving from another OS:
• User must learn new commands and vocabulary.
• Different "look and feel" for both OS and some applications although current window managers can now emulate Windows “look and feel” if you wish.
• All file and command names are case-sensitive.
LINUX
INSTALLATION
Linux Installation
We break it down into 5 steps
1. Gather the recourses
2. Gather Hardware information
3. Prepare the hard drive
4. Perform the installation
5. Adding packages and customization
Gather the recourses
• A computer to install Linux on
Minimum: Pentium 166 MHz with 8MB RAM• Minimum 1GB Disk Space• A 8x speed CD-ROM• A Linux Distribution (RedHat, Debian,
Shackware etc..)• One 3.5” Floppy Disk
Gather Hardware Information
• Before installing Linux you need to have detailed information about your hardware. e.g. Mouse, Hard Drive, VGA Card, Monitor, Sound, Modem
• In Windows go to Control Panel > System > Deice Manager and record the information for each of the relevant device.
• Linux compatibility lists are available on the Distributor’s web site.
Preparing the Hard Drive
Creating a partition with enough free disk space for
Linux installation
• How data is stored on hard disk• Partitions• FIPS / Partition Magic to split a Windows
partition.
Problems
• Remove Hard Disk compression if present
• Norton’s Speeddisk is known to cause problems.
Turn it off / uninstall it. Turn it on after linux
installation.
• Remove windows Swapfile
RedHat Linux Installation
1. Insert bootable CD or bootable Floppy
2. Start computer
3. Select Installation Mode– Graphic (800x600x16-bit)– Text– LowRes Graphic– Linux rescue– Linux dd (to install third party driver)– expert
RedHat Linux Installation
4. Select Language
5. Select Keyboard type
6. Select mouse type and options– emulate 3-button?
7. Select installation type– new install– upgrade existing system
RedHat Linux Installation
8. Type of install– Workstation– Laptop– Server– Custom
RedHat Linux Installation
• Workstation– Typically single user "client" system– Automatic partitioning– GUI Login (GNOME default)– All free space dedicated to Linux– Preserves any Windows install, multiboots– No server daemons installed
RedHat Linux Installation
• Server– Multiuser, networked– Typical server daemons installed by default– No GUI installed– Takes ALL hard disk space (erases existing
partitions)– No multiboot
RedHat Linux Installation
• Laptop– Similar to Workstation, but with PCMCIA support– Multiboot supported
RedHat Linux Installation
• Custom– Mixed use, server and client if desired– Select any or all packages– Most flexible, but requires knowledge of package
choices– Single or multiboot
RedHat Linux Installation
9. Partitioning Strategy– Automatic
• Partitions are– /– swap
– Manual, with Disk Druid– Manual, with fdisk
RedHat Linux Installation
• Choose partitioning method– Remove all Linux partitions– Remove all partitions– Use existing free space, preserve existing non-
Linux partitions– RAID?
RedHat Linux Installation
• Apply partitioning design (set up partitions)• Minimum partitions are
/ - for the root file system
swap- should be 2X RAM size• Setting up multiple file systems in separate
partitions permits greater control over use of available space
RedHat Linux Installation
• /boot 250MB• swap should be 2X RAM size• / 5GB for RH-9 complete instllation• /home For users data (Optional)• /var For logs, mails etc (Optional)
RedHat Linux Installation
10. Choose boot loader method– MBR (GRUB controls boot selection)– First sector of boot partition (lets other boot
loader manage choices)– GRUB may optionally be protected with a
password of your choice.
RedHat Linux Installation
11. Configure Networking (LAN only)– DHCP (localhost.localdomain)
• No further configuration needed
– Static IP• Intranet (e.g., 172.16.0.1)• Routable (e.g., 198.168.49.214 is sonic)• Host name and domain name
RedHat Linux Installation
• Static IP configuration– IP address– Netmask– Network address– Broadcast address– Hostname– Gateway– Primary DNS (maybe secondary, tertiary)
RedHat Linux Installation
12. Firewall configuration• None
– all ports open in either direction
• Medium– inbound DNS, HTTP
• High– outbound only
• Customize– Choose port and packet type (TCP/UDP)– e.g., nntp:tcp
RedHat Linux Installation
13. Language support– Choose additional languages for documentation, etc.
14. Choose Time zone– Clock may be set to GMT, with offset for local time– If you wish to change your time zone configuration after you have
booted your Red Hat Linux system, become root and use the /usr/sbin/timeconfig command.
15. Configure user accounts– Choose password for "root" account– Create at least one "ordinary" user so that typical tasks need not be
done as root– To become root from an ordinary user login, type su - at the
shell prompt in a terminal window and then press [Enter]. Then, enter the root password and press [Enter]. Type "exit" to return to original login.
RedHat Linux Installation
16. Enable authentication– Make sure "shadow" and "MD5" are selected.– Enable MD5 passwords — allows a long password to be used (up
to 256 characters), instead of the standard eight characters or less. – Enable shadow passwords — provides a secure method for
retaining passwords. The passwords are stored in /etc/shadow, which can only be read by root.
– NIS is for networked Linux systems to share file systems– SMB is for file-sharing with Windows NT, 2000, XP network
systems– Kerberos and LDAP are additional authentication systems that
require appropriate server software.
RedHat Linux Installation
17. Select packages– Carefully review and study package choices
before proceeding– Pick the minimum package set for your purposes
for a production server– Some server packages open up security holes in
the system
RedHat Linux Installation
RedHat Linux Installation
RedHat Linux Installation
18. Begin install– Copying installation packages from CD's.– May take up to two hours
19. Configure video hardware– Automatic probing may provide choices for you– Have monitor information handy at this point
RedHat Linux Installation
20. Create boot disk– Label the floppy "Red Hat Linux 7.3 Custom
Boot Disk"
21. Select monitor configuration22. Choose custom X configuration
– Color depth– Resolution
23. Select default boot mode (text or GUI)24. Finish installing, reboot system
Basic Linux Commands
Shortcut Commands
• / - root directory • ./ - current directory • ./command_name - run a command in the current directory• ../ - parent directory• ~ - home directory • $ - typical prompt when logged in as ordinary user • # - typical prompt when logged in as root or superuser • & - run a program in background mode• [Tab][Tab] - prints a list of all available commands. • x[Tab][Tab] - prints a list of all available completions for
a command, where the beginning is ``x'' • [Alt][Ctrl][F1] - switch to the first virtual text console • [Alt][Ctrl][Fn] - switch to the nth virtual text console. Typically, there
are six on a Linux PC system. • [Alt][Ctrl][F7] - switch to the first GUI console, • [ArrowUp] - scroll through the command history (in bash) • [Shift][PageUp] - scroll terminal output up. This also works at the
login prompt, so you can scroll through your boot messages.
• [Shift][PageDown] - scroll terminal output down
• [Ctrl][Alt][+] - switch to next X server resolution (if the server is set up for more than one
resolution)
• [Ctrl][Alt][-] - change to previous X server resolution
• [Ctrl][Alt][Del] - shut down the system and reboot
• [Ctrl]c - kill the current process
• [Ctrl]d logout from the current terminal
• [Ctrl]z - send current process to the background
Files Related Commands
1. cd to change directory2. ls To get a file list3. ls –a to list hidden files4. ls –l to list files permissions5. ls –al to list perm & hidden files6. ls –i to get I node no7. touch to create file8. mkdir to create Directory9. rm to delete a file10. Rmdir to delete a Directory11. cp tp copy files12. mv to move or rename files & Directories13. cat to see the content of a file14. more to see the content of a file15. less same as more
System Commands
• command --help Display help of command• man Manual• date Display or change the date & time • cal Display a calendar • pwd Print Working Directory • df Report filesystem disk space usage• echo Display message on screen • mount Mount a file system• eject Eject CD-ROM • fdformat Low-level format a floppy disk • locate Search for files
• free Display memory usage• ps Process status• kill Kill a process• top Show top Process• shutdown • shutdown –h now To shutdown system• shutdown –r now to restart system• shutdown –h t15 shutdown after 15 sec• adduser to add a new user• passwd change password• su switch user• who Print all usernames currently logged in • tail Output the last part of files
• last Display the last users logged on and how long.
• bg start a suspend process in background• fg start a suspend process in foreground• & At the end of the command makes it run
in the background. • kill Kill a process• pstree Display the tree of running processes• fsck Used to repair a filesystem.
Must not be run on a mounted file system• mke2fs Create a Linux second extended filesystem.• mkswap Sets up a Linux swap area on a device or file.• hostname Used to show or set the name of the computer• Pine E-mail Client• lynx Internet Browser
WildcardInput / Output Redirector
& Pipes
Wildcards
Another way that bash makes typing commands easier is by enabling users to use wildcards in their commands. The bash shell supports three kinds of wildcards:
* matches any character and any number of characters.
? matches any single character.
[…] matches any single character contained within the brackets
*
The * wildcard can be used in a manner similar to command-line completion. For example, assume the current directory contains the following files
/etc/hosts /etc/host.conf /etc/hosts.allow …
ls /etc/h<tab><tab>
Or
ls /etc/h*
?
The ? wildcard functions in an identical way to the * wildcard except that the ? wildcard only matches a single character. For example, a directory contains the following files
ch1.doc ch2.doc ch3.doc ch4.doc chimp config
ls ch?.doc
[…]
The […] wildcard enables you to specify certain characters or ranges of characters to match. To print all of the files in the example with the .doc extension using the […] wildcard, enter one of the following two commands: ch1.doc ch2.doc ch3.doc ch4.doc chimp config ls ch[123].doc
ls ch[1-3].doc
Input Redirection
Input redirection changes the source of input for a command. When a command is entered in bash, the command is expecting some kind of input in order to do its job
The input for these commands can be found in a file
wc test11 2 1
or
wc < test11 2 1
Output Redirection
Output redirection is more commonly used than input redirection. Output redirection enables you to redirect the output from a command into a file, as opposed to having the output displayed onscreen.
The input for these commands can be found in a file
ls /etc > list.txt
Pipes
Pipes (often called pipelines) are a way to string together a series of commands 1. Output from the first command in the pipeline is used as the input to the second command in the pipeline. 2. The output from the second command in the pipeline is used as inputto the third command in the pipeline 3. The output from the last command in the pipeline is the output that actually displays onscreen (or is put into a file)
cat sample.text | grep “High” | wc -l
This pipeline takes the output from the cat command (which lists thecontents of a file) and sends it into the grep command. The grep command searches for each occurrence of the word “High” in its input. The grep command’s output then consists
Pipesof each line in the file that contains the word “High.” This output is then sent to the wc command. The wc command with the -l optionprints the number of lines contained in its input.
To show the results on a real file, suppose the contents of sample.text appeared as follows:
Things to do today:Low: Go grocery shoppingHigh: Return movieHigh: Clear level 3 in Alien vs. PredatorMedium: Pick up clothes from dry cleaner The pipeline then returns the result 2
cat sample.text | grep “High” | wc -l2
Linux Text Editors
Text Files
• Most bioinformatics work involves messing around with text files.
• DNA and protein sequences, databases, results of similarity searches and multiple alignments are all stored on the computer as ordinary ASCII text files.
• To read, write, and edit these text files you must get familiar with a Text Editor program
What is a Text Editor?
• A text editor is like a word processor on a personal computer, except that it does not apply formatting styles (bold, italics, different fonts etc.).
• Unix has line editors (view and edit one line at a time) and full screen editors.
• A screen editor loads an entire document into a buffer - allows you to jump to any point in the document.
Unix Text Editors
• There are many different text editors available for Unix computers
Graphical (X-Windows) Text Editors
• gedit – (click on Gnome-footprint > programs >
applications > gedit) • kedit
– (click on Gnome-footprint > KDE menus > applications > Text Editor)
• kwrite – (click on Gnome-footprint > KDE menus >
applications > Advanced Editor)
Console Text Editors
• emacs - screen based (but not X-windows) editor
• vi - visual editor (screen based but not X-windows) editor
• pico - screen based (but not X-windows) editor
• ed - basic/crude line editor,
Emacs
• The full name of the Emacs program is: "GNU emacs, the Extensible, Customizable, Self-Documenting, Real-time Display Editor.”
• Emacs is free software produced by the Free Software Foundation (Boston, MA) and distributed under the GNU General Public License.
Starting emacs
• To start Emacs, at the > command prompt, just type: emacs
• To use Emacs to edit a file, type: emacs filename
(where filename is the name of your file)
• When Emacs is launched, it opens either a blank text window or a window containing the text of an existing file.
The Emacs Display
• The display in Emacs is divided into three basic areas.
• The top area is called the text window. The text window takes up most of the screen, and is where the document being edited appears.
• Below the text window, there is a single mode line (in reverse type). The mode line gives information about the document, and about the Emacs session.
• The bottom line of the Emacs display is called the minibuffer. The minibuffer holds space for commands that you give to Emacs, and displays status information.
Emacs Commands
• Emacs uses Control and Escape characters to distinguish editor commands from text to be inserted in the buffer.
Control-x means to hold down the control key, and type the letter x.
(You don't need to capitalize the x, or any other control character)
[ESCAPE] x means to press the escape key down, release it, and then type x.
Save & Exit
• To save a file as you are working on it, type:Control-x » Control-s
• To exit emacs and return to the Unix shell, type: Control-x » Control-c
If you have made any changes to the file, Emacs will ask you if you want to save:
Save file /u/browns02/nrdc.msf? (y,n,!,.,q,C-r or C-h)
• Type “y” to save your changes and exit• If you type “n”, then it will ask again:
Modified buffers exist; exit anyway? (yes or no)• If you answer “no”, then it will return you to the file,
you must answer “yes” to exit without saving changes
Moving Around
The arrow keys on the keyboard work for moving around one line or one character at a time.
Some navigation commands:
• Move to the Top of the file: [Esc] <
• Move to the End of the file: [Esc] >
• Next screen (page down): Ctrl-v
• Previous screen (page up): [Esc] v
• Start of the current line: Ctrl-a
• End of the current line: Ctrl-e
• Forward one word: [Esc] f
• Backward one word: [Esc] b
Type Text
• Once you move the cursor to the location in the file where you want to do some editing, you can just start typing - just like in an ordinary word processor.
• The delete key should work to remove characters and inserted text will push existing text over.
Cut, Copy, and Paste
• You can delete or move blocks of text.– First move the cursor to the beginning (or end)
of the block of text.– Then set a mark with: Ctrl-spacebar– Now move to the other end of the block of text
and Delete or Copy the block:• Delete: Ctrl-w• Copy: [Esc] w
– To Paste a copied block, move to the new location and insert with : Ctrl-y
Getting Help in Emacs
• Emacs has a built in help feature– Just type: Ctrl-h– To get help with a specific command,
type: Ctrl-h k keys(where “keys” are the command keys that you type for
that command)
• Emacs has a built in tutorial: Ctrl-h t• this will be the primary exercise for this week’s
computer lab.
vi
• vi is pronounced "vee-eye." • It is found on almost all Unix and Linux
systems. • vi has two basic modes:
– Command Mode– Text Insert Mode
• To run vi just type on command prompt
vi or vi filename
Movement
KEY EFFECT Left Arrow Move one character left Down Arrow Move down one line Up Arrow Move up one line Right Arrow Move one character right
or h Move one character left j Move down one line k Move up one line l Move one character right 0 Move to beginning of current line
(Note: this is “zero” key)
$ Move to end of current line
KEY EFFECT i Insert text o Insert line below cursor A Append at end of line esc Command mode : Invoke “ex” command r Replace character cw Change word x Delete character dw Delete word dd Delete line
Command format is normally[count] command [where]
• count number of times to repeat a command (optional) • command the actual command • where how much to act on or where to take the cursor
depending on the command (optional) • Examples
• 23xDelete 23 characters
• 25ddDelete 25 lines
• d$Delete from current position to the end of the line
You access these command by hitting “:” in command mode ex commands provide one way of getting out of vi
• :wqWrite any changes and quit
• :qQuit (will only do so if no changes)
• :q!Quit without saving changes
KEY EFFECT p Put (paste) contents of buffer yw Yank (copy) word yy Yank (copy) line u Undo last command . Repeat last command U Undo all changes to line d$ Delete to end of line C Change text to end of line J Join lines
KEY EFFECT
/ pattern Search forward for pattern
? pattern Search backward for pattern
n Repeat search in same direction N Repeat search in opposite direction
Keystroke Purpose
^B Scroll backwards one page. A count scrolls that many pages.
^D Scroll forwards half a window. A count scrolls that many lines.
^F Scroll forwards one page. A count scrolls that many pages.
^H Move the cursor one space to the left. A count moves that many spaces.
^J Move the cursor down one line in the same column. A count moves that many lines down.
^M Move to the first character on the next line.
^N Move the cursor down one line in the same column. A count moves that many lines down.
^P Move the cursor up one line in the same column. A count moves that many lines up.
^U Scroll backwards half a window. A count scrolls that many lines.
$ Move the cursor to the end of the current line. A count moves to the end of the following lines.
Keystroke Purpose
% Move the cursor to the matching parenthesis or brace.
^ Move the cursor to the first non-whitespace character.
( Move the cursor to the beginning of a sentence.
) Move the cursor to the beginning of the next sentence.
{ Move the cursor to the preceding paragraph.
} Move the cursor to the next paragraph.
| Move the cursor to the column specified by the count.
+ Move the cursor to the first non-whitespace character in the next line.
- Move the cursor to the first non-whitespace character in the previous line.
_ Move the cursor to the first non-whitespace character in the current line.
0 (Zero) Move the cursor to the first column of the current line.
B Move the cursor back one word, skipping over punctuation.
E Move forward to the end of a word, skipping over punctuation.
G Go to the line number specified as the count. If no count is given, then go to the end of the file.
Keystroke Purpose
H Move the cursor to the first non-whitespace character on the top of the screen.
L Move the cursor to the first non-whitespace character on the bottom of the screen.
M Move the cursor to the first non-whitespace character on the middle of the screen.
W Move forward to the beginning of a word, skipping over punctuation.
b Move the cursor back one word. If the cursor is in the middle of a word, move the cursor to the first character of that word.
e Move the cursor forward one word. If the cursor is in the middle of a word, move the cursor to the last character of that word.
h Move the cursor to the left one character position.
j Move the cursor down one line.
Keystroke Purpose
k Move the cursor up one line.
l Move the cursor to the right one character position.
w Move the cursor forward one word. If the cursor is in the middle of a word, move the cursor to the first character of the next word.
~ Switch the case of the character under the cursor.
< Shift the lines up to where to the left by one shiftwidth. "<<" shifts the current line to the left, and can be specified with a count
> Shift the lines up to where to the right by one shiftwidth. ">>" shifts the current line to the right, and can be specified with a count
J Join the current line with the next one. A count joins that many lines.
LINUX FILE SYSTEM
File System
• File System is developed for • create/store/load/delete/seek file on media
• Media example• Magnetic Media
• Tape
• Floppy disk
• Hard disk
• Optical Media• Cdrom
• Dvd
File System of OS
• File system of Windows OS
• Windows 98 and Windows ME
• Support FAT16, FAT32
• Windows 2000
• Support FAT16,FAT32, NTFS
• Windows XP
• Support FAT32, NTFS
File System Structures
• Files - store the data• Directories - organize files• Partitions - separate collections of
directories (also called “volumes”)– all directory information kept in partition– mount file system to access
Diff between Linux and Win File System
Characteristic Windows LinuxFile System NTFS, FAT ext2,ext3
Reference Root of each partition point
Each partition is mount under a drive letterEx. C:, D:, F:
Each partitions is mounted under /
File Extensions Files are recognized by file extensions.Ex. Abc.txt, tmp.exe
No File Ext
Case Sensitive No Yes
File System in Linux
• File System in Linux is divided into 2 type
• Linux Swap
is used in virtual memory system
• Linux File System
• is used to store file
• there is various type of file system
• ext2 ( is first introduced in kernel 2.0.x )
• ext3 ( is first introduced in kernel 2.4.x )
Basic File System Concepts
• Every Linux filesystem implements a basic set of common concepts derived from the Unix operating system
• Files are represented by inodes (information nodes)• Directories are simply files containing a list of
entries, so a directory is represented by an inode as well
INODE
• Each file is represented by a structure, called an inode• An ``inode'' (information node) contains all the
information about a file (except file data), Each inode contains the description of the file: – file type– access rights– owners– timestamps– size– pointers to data blocks
• The inode also contains the locations of all the data that make up a file so the operating system can collect it all when needed. The only information the inode does not contain is the name of the file and the contents.
• Directories contain the actual filenames.• Blocks pointed to by the inode contain the actual data
Directories
• Directories are implemented as a special type of file• A directory is a file containing a list of entries• Each entry contains an inode number and a file name• When a process uses a pathname, the kernel code
searches in the directories to find the corresponding inode number
• After the name has been converted to an inode number, the inode is loaded into memory and is used by subsequent requests
i-nodeData blocks
• Anatomy of an inode
The Extended File System
• The ext fs supports standard Unix file types: – regular files– Directories– device special files– symbolic links (Shortcuts)
• Ext fs is able to manage filesystems created on really big partitions up to 4 TB
• Ext fs provides long file names. The maximum file name size is 255 characters
• Ext fs reserves some blocks for the super user (root)– This allows the administrator to recover easily
from situations where user processes fill up filesystems
SuperBlock
• One special data block, the ``superblock'', contains overall information about the filesystem, just as the inode contains information about a specific file. The superblock contains the information necessary to mount a filesystem and access its data, including the size of the filesystem, the number of free inodes, and information about free space available.
File System Consistency
• When a filesystem such as ext fs is mounted it checks a flag in the superblock to determine the consistency of the filesystem
• When an ext fs system boots it sets this consistency flag to Not Clean
• When an ext fs system shuts down normally it sets the consistency flag to Clean
• If the system boots and discovers the consistency flag is Not Clean, as could happen in a system crash, it runs fsck (file system check) to search for errors in the files system
Disk layout in classical UNIX systems
UNIX File system Hierarchy
/ (root)
bin var devusrrootbootetchomesbin
scott bobalice
public_html
bin sbin local lib
man lib sharebin
lib
tmp
srcn321
• In the root directory there are a number of folders. The names of these folders, what they are expected to contain
/bin
• The /bin directory contains commands that may be used by users or system administrators
• A command is a small executable file
• This directory is available when the system starts up
/boot
• This is the directory where the Linux kernel is stored
• It contains everything that is required for the boot process except configuration files
/dev
• To Linux all devices are considered to be files• For any device, such as a CDROM or a Video display
Card, there must be a corresponding file in this directory
• Examples of device files would be:
/dev/cdrom for the CDROM
/dev/fd0 for the first floppy disk
/dev/hda1 for the first IDE hard disk
/dev/sda1 for the first SCSI hard disk
• Some devices are mounted when the system boots and some must be manually mounted
/etc
• This directory contains configuration files and directories for the current system
• Linux is well known for the fact that its configuration files are plain text files (rather than the bizarre registry database of Windows)
• Every Linux program is expected to store its configuration in this directory or a subdirectory of this directory
/home
• This directory stores all files belonging to the multiple users who have accounts on the system
• If user name is “abc” then the home directory of this will be /home/abc
/initrd
• Stands for initial ram disk• A ram disk is an area of memory that acts as if it is a
disk device (very fast, but not very permanent!)• During the boot process a ram disk is created and
mounted in this directory• The kernel can then use this ram disk which usually
contains device drivers needed during the boot process
• Without this directory RedHat Linux will not boot• Once the boot process is complete the ram disk is
unmounted
/lib
The system libraries needed for the following are found in this directory:
1. to boot the system
2. for commands found in /bin
3. For commands found in /sbin• Libraries for user applications are likely to be
found in /usr/lib
/lost+found
• If Linux system crash, the program fsck
(file system check) will be run when the system reboots
• If any files are found to be corrupted or damaged in some way then they are placed in this directory
/mnt
• This is the default directory to which temporary filesystems (such as CD-ROMs and Floppy Disks) are mounted
• To mount a CDROM you would give the command:
mount /mnt/cdrom
• The result will be a directory called cdrom in the mnt directory
• This cdrom directory will contain the filesystem of the CDROM
/opt
• This directory is inherited from early versions of
UNIX
• Applications that did not come with the operating
system were installed here (they are optional
applications)
/proc
• This is a virtual filesystem, containing process information• The files in this directory or its sub-directories are neither text
or binary• Most of the files have a length of zero (0)• Yet when the file is viewed, it can contain quite a bit of
information.• Both applications and system administrators can use /proc
as a method of accessing information about the state of the kernel, the attributes of the machine, the state of individual processes, and so on.
• For example, cat /proc/meminfo will present information on the memory used by Linux
/root
• The root user does not get a home directory (/home/root)
• Instead, a directory in the root filesystem is created as the home directory for the system administrator
/sbin/sbin
• Root-only commands and utilities used for system administration are stored in /sbin, /usr/sbin, and /usr/local/sbin
• /sbin also contains binaries essential for booting, restoring, recovering, and/or repairing the system
• Root-only commands that are run after /usr is mounted are placed in one of the /usr/sbin directories
/tmp
• Programs that require temporary files store them here
• This directory may be cleared out every time the system boots up
/var
• This directory contains variable data files• This includes spool directories, administrative and
logging data, and transient and temporary files• The directory /var/log contains log files generated by
the web server, ftp server, and boot process along with any other application that creates a log file
• /var can be located on other partitions or filesystems
/usr
• This directory contains user binary files such as the applications you would use
• This directory contains shareable, read-only data
• /usr can be located on other partitions or filesystems
/usr t q bin t q dict t q etc t q games t q i386-glibc21-linux t q include t q kerberos t q lib t q libexec t q local t q lost+found t q sbin t q share t q src t q tmp m q X11R6
• /usr/bin• This is the primary directory for executable
commnads on the system• /usr/include• This is where all of the system’s general-use include
files for the C programming language are placed• /usr/lib• Object files, libraries, and internal binaries that would
be linked into C programs are placed here• /usr/sbin• Non-essential binaries used exclusively by the system
administrator are stored here
Network File System(NFS)
Introduction
Sun Microsystems, Inc. defined a remote file access mechanism that has become widely accepted throughout the computer industry, known as NFS.
The mechanism allows a computer to run a server that makes some or all of its files available for remote access, and allow applications on other computers to access those files.
Remote File Access Vs Transfer
When an application accesses a file that resides on a remote
machine, the program’s operating system invokes client software
that contacts a file server on the remote machine and performs the
requested operations on the file.
Unlike a file transfer, the application’s system does not retrieve
or store an entire file at once; instead, it requests transfer of one
small block of data at a time.
File Access Among various Computers
In addition to the basic mechanisms for reading file protections, and translate information among the presentations used on various computers.
Because a remote file access service connects two machines, it must handle differences in the way the client and server systems name files, denote paths through directories, and store information about files.
The files access software must accommodate differences and writing files, a file access service must provide ways to create and destroy files, peruse directories, authenticates requests, honor in the semantics interpretation of file operations.
Stateless Servers
The NFS design stores state information at the client site, allowing servers to remain stateless.
Because the server is stateless, disruption in service will not affect client operation.
A client will be able to continue file access after a stateless server crashes and reboots; the application program, which runs on the client system, can remain unaware of the server reboot.
Because a stateless server does not need to allocate resources for each client, a stateless design can scale to handle more clients than a stateful design.
+
NFS and UNIX File Semantics
The NFS designers adopted UNIX file system semantics when defining the meaning of individual operations.
Understanding the UNIX file system is essential to understanding NFS because NFS uses the UNIX file systems terminologies and semantics.
It honors the same open-read-write-close paradigm as UNIX, and offers most of the same services.
Like UNIX, NFS assumes a hierarchical naming system. It considers the file hierarchy to be composed of directories and files.
Diskless workstations
Ethernet
Lab1-1.tul.edu Lab1-2.tul.edu Lab1-3.tul.edu
Lab1-4.tul.edu
NFS Server
DISK
NFS File Modes
NFS assumes that file or directory has a mode that specifies its type and access protection.
The definitions and meaning of bits in the NFS mode integer is very similar to that of UNIX.
Although NFS defines file types for devices, it does not permit remote device access (e.g., a client may not read or write a remote device)
NFS Client and Server
An NFS file server runs on a machine (which has large disks) that has a local file system.
An NFS client runs on an ordinary machine and access the files on machines that run NFS servers.
When an application program calls open to obtain access to a file, the OS uses the syntax of the path name to choose between local and remote file access procedures.
If the path refers to a local file, the system uses the computer’s standard file system software to access the file; If the path refers to a remote file, the system uses NFS client software to access the remote file.
NFS Client and UNIX
In UNIX, the mount mechanism construct a single, unified naming
hierarchy from individual file systems on multiple disks.
UNIX implementation of NFS client code use an extended version of
the mount mechanism to integrate remote file systems into the naming
hierarchy along with local file systems.
The main advantage of using the mount mechanism is consistency: all
file names have the same form.
An application program cannot tell whether a file is local or remote
from the name syntax alone.
Diskless workstations(Logical view)
ws1:/ ws2:/ ws3:/
Ws4:/
NFS Server's disk:/
ws4 ws3ws2ws1
.
.
.
.
.
.
.
.
.
.
.
.
Several workstations with NFS
Ethernet
Lab1-1.tul.edu.pk Lab1-2.tul.edu.pk Lab1-3.tul.edu.pk
Lab1-4.tul.edu.pk
NFS Server
DISK
Several workstations with NFS(Logical view)
Lab1-1:/
etc home usr ...
Lab1-2:/
etc home usr ...
Lab1-3:/
etc home usr ...
NFS Server's disk:/
etc home usr ...
abc asd xyz ...
Lab1-4:/
etc home usr ...
How does NFS work ? When a user is accessing a file, the kernel determines whether the file
is a local file or an NFS file. The kernel passes all references to local
files to the local file access module and all references to the NFS files
to the NFS client module
The NFS client sends RPC requests to the NFS server through its
TCP/TP module, Normally, NFS is used with UDP, but newer
implementations can use TCP.
Then the NFS server receives the requests on port 2049.
Next, the NFS server passes the request through its local
file access routines,
How does NFS work ?which access the file on server’s local disk. After the server gets the results
back from the local file access routines, the NFS server sends back the
reply in the RPC reply format to the client.
while the NFS server is handling the client’s request, the local file
system needs some amount of time to return the results to the server.
During this time the server does not want to block other incoming
client requests. To handle multiple client requests, NFS servers are
multithreaded or there are multiple servers running at the same time.
Second, the same situation occurs in the client’s side. Some Unix systems
often use a technique similar to the NFS server: there are multiple biod’s
running on the client side to provide more concurrency of NFS requests.
How does NFS work ?
localfile
access
NFSclient
TCP/UDPIP
userprocess
NFSserver
TCP/UDPIP
localfile
access
port 2049
client kernel server kernel
localdisk
localdisk
RPC RPC
Client wants to access a file from server
How does RPC works ?
Client Process
Clientexecutes
ServerwaitsRPC
messageServer starts
Procedure call
Procedure return
Server executesprocedure
Call terminatesRPC returnmessage
Clientwaits
Clientcontinues
Server Process
OSI v.s. NFS
Application
Presentation
Session
Transport
Network
Link
Physical
NFSMOUNT
PORT MAPPERNIS(Network Information System)
XDR (eXternal Data Representation)
RPC (Remote Procedure Call)
TCP, UDP
IP
Ethernet
OSI Model NFS Protocol Layers
OSI v.s. NFS
NFS is a protocol in the application layer. It works with some protocols.
• The mount protocol provides the method of validation and permission
checking and initiates the root file handle for client.
• The port mapper protocol provides the current server port number
to the client that needs to access the specific server program.
• NIS is usually implemented with NFS. It provides a convenient way
User can login with the same user name and password to all the
OSI v.s. NFS
machines in the same NIS group.
• NFS and all related protocols are using the service provided by RPC.
All NFS requests and replies are in the format specified by RPC.
• XDR is the standard for encoding data in RPC.
NFS and RPC requests can be used with both UDP and TCP,
• NFS was designed to be independent from transport layer.
That means NFS can use on top of many transport protocols.
However, in this class we interested in TCP and UDP only.
File Handles
How does a server know which file/directory the client needs to access?There is a data structure that is called the File Handle.
The File handle is created by the NFS server and it is a unique reference to the specific file or directory on the NFS server itself.
This FH is passed to the client at the first time the NFS client contacts the NFS server. The process of first contact is called the Mounting process.
The top directory of the NFS server file system is called the root of the mounted file system. So, when the client mounts the server file system, the client will get a file handle of the root file system from the server.
File Handles
• FH is opaque to the client. This means the client does not do
anything with the FH. The client only sends it back to the server
when it wants to access that file/directory. • And the server can know from the file handle which file/dir the
client needs to access.• With the FH, the client does not need to know how the NFS server
specifies the path name. And the other important point is that the
server doesn’t need to keep track of what is the current access
point of the client.
volume ID inode # generation #
Example of File HandlesSuppose :client needs to cat the file sub2/myname.txt under the current directory
What is the attributeof current
dir(9925949) ?These are attributesof 9925949
What is FH of "sub"in 9925949 ?
FH of sub is 7656838
What is FH of "myname.txt"in 7656838 ?
FH of myname.txtis 7657235
What is the attribute of7657235 ?
.
.
.
NFS Client NFS Server
Idempotent Procedures
Suppose :client needs to remove the file sub2/myname.txt
Remove OK
Here is the attr andcontent of 7656838
Remove "myname.txt"from 7656838
NFS Client NFS Server
Remove "myname.txt" from7656838 (retransmitted)
Error : No such file or dir
What is the attribute of7656838 (dir 856) ?
Idempotent Procedures
• Can be executed more than once by the server and still return the same result
• Stateless protocol requires idempotent operation• How to makes all NFS requests idempotent:–Server records recently performed operations in
cache–Server checks in cache for duplicate requests–Server returns the previous result if it is a duplicate
Should NFS use TCP or UDP ?
• From the beginning, NFS used UDP–Most NFS systems were on LAN–High overhead if using TCP
• Currently, NFS across WAN needs TCP–Reliability and congestion control–Both sides set TCP’s keep alive option–If server crashes, client opens new TCP connection–If client crashes, server will terminate the
connection after the next keep alive probe
How does RPC different from local procedure call ?
• Error handling:–failures of the server or network must be handled
Performance:–slower than local procedure calls
• Authentication:–RPC can be transported over insecure networks
Port Mapper
Airport Entrance
Terminal A
Terminal B
Term
inal
C
Term
inal
D
Terminal E
Terminal F
US109 to Akron
Port Mapper
Airport Entrance
Terminal A
Terminal B
Term
inal
C
Term
inal
DTerminal E
Terminal FFlight schedule
US109 to AkronFlight Departure timeDestinationGate
DE427 6:15 AMCincinnati E8
US109 7:40 AMAkron OH B5
US278 4:35 PMDetroit MI C9UA0097 6:00 PMLAX CA D12
Port Mapper/RPCBIND
ClientProcess
Client Kernel Server Kernel
Port Mapper
userprocess
userprocess
ServerProcess
userprocess
(1)register
at start
(2) get port# RPC request
(3) RPC reply with port#
(4) RPC call (request)
(5) RPC reply message
Files Permissions
Files
We're going to look at • file types
UNIX recognizes a number of types. • magic numbers
How different normal files can be distinguished • file attributes
Information stored about files • file protection
How access to files is restricted.
File types
UNIX stores information in byte-oriented files. UNIX recognizes a number of different file types. You can view the different types of files with ls -l
[root@lab1 home]# ls -l /home /dev/null /etc/passwddrwxr-xr-x 11 root root 1024 Feb 7 1996 /homecrw-rw-rw- 1 root root 1, 3 May 6 1998 /dev/null-rw-r--r-- 1 root root 669 Dec 30 15:49 /etc/passwd
[root@lab1 home]# ls -l /dev/hda1brw-rw---- 1 root disk 3, 1 May 6 1998 /dev/hda1
[root@lab1 home]# ls -l /etc/X11/Xlrwxrwxrwx 1 root root 29 Jan 26 1998 /etc/X11/X -> ../../usr/X11R6/bin/XF86_SVGA
File types
The first letter indicates file type.
File Type Meaning Example
- a normal file /etc/passwd
d a directory /
l symbolic link /dev/modem
b block device file /dev/hda
c character device file /dev/tty1
Access Permissions
• Limiting unauthorized access to your directories and files is a very important concern for ALL Linux (Unix) users.
• Consequences of Unauthorized Access:– Copying your assignments (cheating)– Using your account for illegal activity– Using your account to send obscene messages– Tampering with files
File Protection
UNIX achieve this by • specifying three valid file operations
Read, write and execute • dividing users into three groups
user - person who owns the filegroup - group who owns the fileother - everybody else
• allow the owner to specify valid operations for each group
File Operations
The meaning of a file operation is different if applied to a file or a directory.
Operation
Effect on a file Effect on a directory
read read the contents of the file
find out what files are in the directory, e.g. ls
write delete the file or add something to the file
be able to create or remove a file from the directory
execute
be able to run a file/program
be able to access a file within a directory
File Permissions
Every file has file permissions
[root@lab1]# ls -l / /etc/passwd /home/test/teachingdrwxr-xr-x 19 root root 1024 Dec 8 15:54 /-rw-r--r-- 1 root root 669 Dec 30 15:49 /etc/passwd
drwxrwxrwx 10 test test 1024 Dec 24 23:18 /home/test/teaching
They specify which operations each group can perform.
File Permissions
File Permissions Description
/ drwxr-xr-x file type => directoryuser/owner (root) => read, write and executegroup (root) => read and executeother => read and execute
/etc/passwd -rw-r--r-- file type => normal fileuser/owner (root) => read and writegroup (root) => readother => read
/home/test/teaching/ drwxrwxrwx file type => directoryuser/owner (test) => read, write and executegroup (test) => read, write and executeother => read, write and execute
Numeric and Symbolic Permissions
UNIX actually stores permissions as numbers. But humans generally don't do numbers well. The nice commands (like ls, stat) change them to symbolic. A Systems Administrator needs to be able to translate from one to the other.
Symbolic Permissions
Following table summarizes the valid symbols.
Symbol Meaning
r read
w write
x execute
Numeric Permissions
Each symbolic permission has a numeric equivalent. Summarized in the following table. These are actually octal numbers
Symbol Numeric equivalent
r 4
w 2
x 1
Doing the conversion
Doing a conversion from symbolic to numeric (e.g. rwxr--r-x) • split symbols into three user groups
user - rwxgroup - r--other - r-x
• replace symbols with numeric equivalent and adduser - rwx = 4 + 2 + 1 = 7group - r-- = 4 other - r-x = 4 + 1 = 5
Doing the conversion
• bring them together to form the numeric permissionsrwxr--r-x = 745
Changing file permissions
Command
Purpose
chmod
Change the file permissions for a file. Only the owner of a file can use it.
chgrp Change the group owner of a file. You can only change it to a group you belong to.
chown
Change the user owner of a file. Only root can use this.
Introduction to
Linux Shells
Computer Language
• Computers do not understand a thing we type• The language of computers is a language consisting
exclusively of numbers• What these numbers mean are determined by the
manufacturer of the CPU• The instruction set for a Pentium CPU is not the same
as the set for an IBM PowerPC CPU
Enter the Shell
• One of the features of Unix is that it can and has been ported to many different types of CPU
• Linux is a clone of Unix that works on Intel CPUs (i386) and beyond
• Regardless of the flavor of Unix you are using, once you are logged into the system in console mode, you are using a shell or command interpreter
• The shell is a program that responds to user commands either typed at the keyboard or read from a file
• These commands will work on most every version of Unix regardless of the CPU
• In the history of Unix there have been and still are a number of shells a user can choose from
Shell’s Tasks
It performs the following tasks
1. Wait for the user to enter a command 2. Parse the command line, 3. Find the executable file for the command This
can be a a shell function, a built-in shell command or an executable program.
4. If the command can't be found generate an error message
5. If it is found, fork off a child process to execute the command
6. Wait until the command is finished 7. Return to step 1
Common Shells
The Most Common Linux Shell
• The Bourne Shell• The Bash Shell• The C Shell• The TC Shell• The Korn Shell• The A Shell• The Z Shell
The Bourne Shell
• Bourse shell is the first Unix shell, its the grandfather of all modern shells
• It was written by Steve Bourne at AT&T• It is installed as /bin/sh• This is the only shell guaranteed to be on any Unix
system you might encounter• In many cases, however, you'll find that /bin/sh is not
a real Bourne shell• Instead it is a symbolic link to a more modern shell
that has backward compatibility with the Bourne shell.
• You won't find the Bourne shell being used much interactively these days
• It doesn't contain any of the fancy interactive features of newer shells
• But it remains immensely popular for scripts for two reasons: – it's a pretty fair scripting language, – it's available on every Unix box a script might find
itself being executed upon• Where the Bourne shell falls short scripting-wise,
other widely available utilities such as the AWK language interpreter (awk) and the stream editor (sed) are used within Bourne shell scripts.
The bash Shell
• The Bourne Again Shell (bash) is a product of the Free Software Foundation's GNU project
• It is backward compatible with the Bourne shell and contains all of the nicer features of both csh and ksh,
• This is the default Linux shell and is usually installed as /bin/bash with a symbolic link to /bin/sh (typing /bin/sh will invoke bash)
• On commercial Unix systems you may find that someone has installed it as /usr/local/bin/bash.
The C Shell
• The C shell was written by Bill Joy at the University of California at Berkeley
• His main intent for writing the C shell was to create a shell with C language-like syntax
• Its major enhancement over the original Bourne shell is its command history facility
• Despite the C language heritage, csh proved to be unsuitable for high-powered script programming
• The C Shell is usually installed as /bin/csh
The TC Shell
• A later effort, also involving William Joy, improved on C Shell by adding command line editing
• The result was the TC Shell (tcsh)• You can configure the editing for vi-like or emacs-
like modes• TC Shell is usually installed as /bin/tcsh and
sometimes symbolically linked to /bin/csh.
The Korn Shell
• The Korn Shell (ksh), a product of AT&T, was a successful attempt to provide the functionality of C Shell while using a Bourne Shell syntax and maintaining Bourne Shell backward compatibility
A to Z
• A Shell (ash) by Kenneth Almquist of Berkely is a lightweight Bourne Shell clone which you may find suitable for use on machines that are very tight on memory
• It's usually installed as /bin/ash and it may also have symbolic links to /bin/bsh and /bin/sh.
• The Z Shell (zsh) by Paul Falstad resembles the Korn Shell in many respects but has some extra features, including built-in spell checking
• It's usually installed as /bin/zsh. • Both ash and zsh are included with most Linux
distributions.
Shell Scripts
• When a command is entered into a shell it is compared to an internal (to the shell) set of commands
• If it is found then the shell executes the command• If it is not found then a search is conducted in the
user’s PATH for an executable file with the same name as the command
• Commands, either internal or external, can be stored in a (text) file
• A file of commands is called a shell script
The file /etc/shells contains a list of valid shells.
Secure Shell (SSH)
Basics
• Command line terminal connection tool• Secure connections over the Internet• Replacement for rsh, rcp, telnet, and others• Both ends authenticate themselves to the other end• Designed by Tatu Ylonen of Finland• Encrypting all transmitted confidential data
- Password- Binary Files- Administrative Commands
• Two version of Secure Shell (Not Compatible with each other) 1. Secure Shell (SSH) 2. Secure Shell version 2 (SSH2 or SecSh)
• Solve two acute problem in Internet - Secure remote tunnel logins - Secure file transfer
• Tunnel TCP Session over encrypted Secure Shell Connection
• Secure the communication of other applications and protocols without modifying the application
Encrypted SSH2 Tunnel
InternetInternet
SSH Server Mail ServerSSH Client
SSH TunnelSSH Tunnel
Replacement of RSH
SSH’s first use was as a replacement for rsh, the Unix remote shell
application. This tool allowed one to connect to a shell on a remote
machine.
The tool suffered from two major shortcomings.
1. Like telnet it sent all traffic in cleartext,
2. Secondly, the /etc/hosts.equiv and ~/.rhosts files listed trusted
machines and users; these could make rsh connections
without any further authentication.
If an attacker compromised any of these trusted hosts, they would
immediately get access to the rsh server with no more effort.
SSH encrypts all traffic, including the password or key authentication.
Features
Strong authentication.
Closes several security holes (e.g., IP, routing, and DNS spoofing). New authentication methods: .rhosts together with RSA based host authentication, and pure RSA authentication. Improved privacy.
All communications are automatically and transparently encrypted. RSA is used for key exchange, and a conventional cipher (normally IDEA, DES, ortriple-DES) for encrypting the session. Encryption is started before authentication, and no passwords or other information is transmitted in the clear. Encryption is also used to protect against spoofed packets.
Port Forwarding:Arbitrary TCP/IP ports can be redirected through the encrypted channel in both directions (e.g., for e-cash transactions).
Host Authentication: Never trusts the network. Minimal trust on the remote side of the connection. Minimal trust on domain name servers. Pure RSA authentication never trusts anything but the private key.
Shield against Spoofing:Client RSA-authenticates the server machine in the beginning of every connection to prevent trojan horses (by routing or DNS spoofing) and man-in-the-middle attacks, and the server RSA-authenticates the clientmachine before accepting .rhosts or /etc/hosts.equiv authentication(to prevent DNS, routing, or IP-spoofing).
.
Server Key The server program has its own server RSA key which is automatically regenerated every hour. This key is never saved in any file. Exchanged session keys are encrypted using both the server key and the server hostkey. The purpose of the separate server key is to make it impossible to decipher a captured session by breaking into the server machine at a later time; one hour from the connection even the server machine cannot decipher the session key. The server key is normally 768 bits.
Flexible Any user can create any number of user authentication RSA keys for his own use. Each user has a file which lists the RSA public keys for which proof of possession of the corresponding private key is accepted as authentication. User authentication keys are typically 1024 bits.
Easier to Use: No retraining needed for normal users; everything happens automatically,and old .rhosts files will work with strong authentication if administration installs host key files
Replacement of “R”Complete replacement for rlogin, rsh, and rcp
Why Should Use SSH
Currently, almost all communications on computer networks are done without encryption. As a consequence, anyone who has access to any machine connected to the network can listen in on any communication. This is being done by hackers, curious administrators, employers, criminals, industrial spies, and governments. Some networks leak off enough electromagnetic radiation that data may be captured even from a distance.
When you log in, your password goes in the network in plain text. Thus, any listener can then use your account to do any evil he likes. Many incidents have been encountered worldwide where crackers have started programs on workstations without the owner’s knowledge just to listen to the network and collect passwords.
Encryption and cryptographic authentication and integrity protection are required to secure networks and computer systems. SSH uses strong cryptographic algorithms to achieve these goals.
Ease of use is critical to the acceptance of a piece of software. SSH attempts to be *easier* to use than its insecure counterparts.
SSH is available for almost all Unix platforms, and commercial versions are available for Windows (3.1, 95, NT) and Macintosh
Encryption
Support of the strongest available encryption algorithms
• 3DES• CAST-128• Twofish• Blowfish• U.S.Advanced Encryption Standard (AES)
- 128 Bit
Encryption Methods
x-CAST-128-cbc
x-AES
x-ArcFour
x-TwoFish
xxBlowFish
-xIDEA
xx3DES
-xDES
SSH2SSH1Methods
SSH Transport Layer Protocol
client server
TCP connection setup
SSH version string exchange
SSH key exchange(includes algorithm negotiation)
SSH data exchange
termination of the TCP connection
SSH key background
• Old way: password stored on server, user supplied password compared to stored version• New way: private key kept on client, public key stored on server.
The serious problem with the password approach, whether used with telnet
or with ssh, is that the password you need to enter at the client end is stored
on the server. Even though it’s stored in an encoded form in /etc/passwd or
/etc/shadow, this password can be cracked with brute force once one has
access to that file. The difference with the public/private key split is that if
an attacker gets the public key stored on the server, that public key cannot
be used to get back into the server! Only the private key, kept on the client
only, can be used to get into a server with the public key.
RSA Authentication
RSA authentication is based on public key cryptography. The idea is that there are two encryption keys, one for encryption and another fordecryption. It is not possible (on human time scale) to derive the decryption key from the encryption key. The encryption key is called the Public key, because it can be given to anyone and it is not secret. The decryption key, on the other hand, is secret, and is called the Private key
RSA authentication is based on the impossibility of deriving the privatekey from the public key. The public key is stored on the server machinein the user's $HOME/.ssh/authorized_keys file. The private key is onlykept on the user's local machine, laptop, or other secure storage
How RSA Auth Works
When the user tries to log in, the client tells the server the public key that the user wishes to use for authentication. The server then checks if this public key is admissible. If so, it generates a 256 bit random number, encrypts it with the public key, and sends the value to the client.The client then decrypts the number with its private key, computes a 128bit MD5 checksum from the resulting data, and sends the checksum backto the server. (Only a checksum is sent to prevent chosen-plaintext attacksagainst RSA.) The server checks computes a checksum from the correct data, and compares the checksums. Authentication is accepted if the checksums match.
Overview Of Secure Shell
The software consists of a number of programs.sshd Server program run on the server machine. This listens for connections from client machines, and whenever it receives a connection, it performs authentication and starts serving the client. ssh This is the client program used to log into another machine or to executecommands on the other machine. "slogin" is another name for this program. scp Securely copies files from one machine to another. ssh-keygenUsed to create RSA keys (host keys and user authentication keys).
ssh-agentAuthentication agent. This can be used to hold RSA keys for authentication. ssh-addUsed to register new keys with the agent. make-ssh-known-hosts Used to create the /etc/ssh_known_hosts file.
SSH1 vs. SSH2
• Two Entirely Different Protocols• SSH1 uses Server and Host Keys to Authenticate • SSH2 only uses Host keys.• SSH2 encrypt different parts of the packet• SSH2 is more secure
Setting Up Secure Shell (SSH)
• Download the latest version follow the following steps.
• Decompress and unarcheve the software with the command.tar –zxf ssh-1.2.27.tar.gz
• Change your working directory so that you are in the root level of the Source code distribution.
cd ssh-1.2.27
• Run the configure program./configure
• Use the make command to compile the software. make
• When the process is finished, you will need to install the newly created binaries. During the installation process, the software will generate randomkeys to be used in the encryption process.
make install • Start new service by typing
service sshd start or /etc/rc.d/init.d/sshd startservice sshd stop or /etc/rc.d/init.d/sshd stopservice sshd status or /etc/rc.d/init.d/sshd status
Testing The SSH
[root@lab1]# slogin -l aamir localhost or ssh –l aamir localhost
[email protected]'s password:
Last login: Wed Aug 1 19:25:02 2001 from 202.133.64.67
If there is a message "connection refused," you may need to make a small change in your local tcpwrapper configuration files. Check to see if you have an /etc/hosts.deny file. Make a entry in this file that looks like this:
ALL: ALL
In /etc/hosts.allow file make following entry:
sshd: ALL or IP addresses of allowed machines
The etc/ssh/sshd_config File
The SSH configuration file is called /etc/ssh/sshd_config. By default SSH listens on all your NICs and uses TCP port 22.
#Port 22#Protocol 2,1#ListenAddress 0.0.0.0#ListenAddress
To prevent from people trying to hack in on a well known TCP port,then you can change port 22 to something else that won't interfere with other applications on your system, such as port 435 First make sure your system isn't listening on port 435
[root@bigboy root]# netstat -an | grep 435[root@bigboy root]#
Change the Port line in /etc/ssh/sshd_config to mention 435 and remove the "#" at the beginning of the line. If port 435 is being used, pick another port and try again.
Port 435
Restart SSH [root@lab1]# service sshd restart
Check to ensure SSH is running on the new port [root@lab1]# netstat -an | grep 435tcp 0 0 192.168.1.100:435 0.0.0.0:* LISTEN
The etc/ssh/sshd_config File
Port 22ListenAddress 192.168.1.1HostKey /etc/ssh/ssh_host_keyServerKeyBits 1024LoginGraceTime 600KeyRegenerationInterval 3600PermitRootLogin noIgnoreRhosts yesIgnoreUserKnownHosts yesStrictModes yesX11Forwarding noPrintMotd yesSyslogFacility AUTHLogLevel INFOR
The etc/ssh/sshd_config File
RhostsAuthentication noRhostsRSAAuthentication noRSAAuthentication yesPasswordAuthentication yesPermitEmptyPasswords noAllowUsers admin
Port 22 The option Port specifies on which port number ssh daemon listens for incoming connections. The default port is 22. ListenAddress 192.168.1.1 The option ListenAddress specifies the IP address of the interface network on which the ssh daemon server socket is bind. The default is 0.0.0.0; to improve security you may specify only the required ones to limit possible addresses. HostKey /etc/ssh/ssh_host_key The option HostKey specifies the location containing the private host key. ServerKeyBits 1024 The option ServerKeyBits specifies how many bits to use in the server key. These bits are used when the daemon starts to generate its RSA key
LoginGraceTime 600 The option LoginGraceTime specifies how long in seconds after a connection request the server will wait before disconnecting if the user has not successfully logged in. KeyRegenerationInterval 3600 The option KeyRegenerationInterval specifies how long in seconds the server should wait before automatically regenerated its key. This is a security feature to prevent decrypting captured sessions. PermitRootLogin no The option PermitRootLogin specifies whether root can log in using ssh. Never say yes to this option. IgnoreRhosts yes The option IgnoreRhosts specifies whether rhosts or shosts files should not be used in authentication.
IgnoreUserKnownHosts yes The option IgnoreUserKnownHosts specifies whether the ssh daemon should ignore the user's $HOME/.ssh/known_hosts during RhostsRSAAuthentication. StrictModes yes The option StrictModes specifies whether ssh should check user's permissions in their home directory and rhosts files before accepting login. This option must always be set to yes because sometimes users may accidentally leave their directory or files world-writable. X11Forwarding no The option X11Forwarding specifies whether X11 forwarding should be enabled or not on this server. Since we setup a server without GUI installed on it, we can safely turn this option off.
PrintMotd yes The option PrintMotd specifies whether the ssh daemon should print the contents of the /etc/motd file when a user logs in interactively. The /etc/motd file is also known as the message of the day. SyslogFacility AUTH The option SyslogFacility specifies the facility code used when logging messages from sshd. The facility specifies the subsystem that producedthe message--in our case, AUTH.LogLevel INFO The option LogLevel specifies the level that is used when logging messages from sshd. INFO is a good choice. See the man page for sshd for more information on other possibilities. RhostsAuthentication no The option RhostsAuthentication specifies whether sshd can try to use rhosts based authentication. Because rhosts authentication is insecure you shouldn't use this option.
RhostsRSAAuthentication no The option RhostsRSAAuthentication specifies whether to try rhosts authentication in concert with RSA host authentication. RSAAuthentication yes The option RSAAuthentication specifies whether to try RSA authentication. This option must be set to yes for better security in your sessions. RSA use public and private key pairs created with thessh-keygen utility for authentication purposes. PasswordAuthentication yes The option PasswordAuthentication specifies whether we should use password-based authentication. For strong security, this option must always be set to yes.
PermitEmptyPasswords no The option PermitEmptyPasswords specifies whether the server allows logging in to accounts with a null password. If you intend to use the scp utility to make automatic backups over the network, you must set this option to yes. AllowUsers admin The option AllowUsers specifies and controls which users can access ssh services. Multiple users can be specified, separated by spaces.
Using SSH To Login To A Remote Machine
Using SSH is similar to Telnet. To login from another Linux box use the "ssh" command with a "-l" to specify the username you wish to login as. If you leave out the "-l", your username will not change.
User “root” Logs In To smallfry As User “root” [root@lab1]# ssh 192.168.2.1
User “root” Logs In To testsrv As User “abc” Using default port 22[root@lab1]# ssh -l abc 192.168.2.1
Using port 435[root@lab1]# ssh -l abc -p 435 192.168.2.1
Copying Files To The Local Linux BoxCommand Format: scp username@address:remotefile localdir Examples:
Copy file /tmp/software.rpm on the remote machine to the local directory /home
[root@lab1]# scp [email protected]:/tmp/software.rpm /home
Copy file /tmp/software.rpm on the remote machine to the local directory /home using TCP port 435
[root@lab1]# scp –p 435 [email protected]:/tmp/software.rpm /home
RSA Key Generation SSH1
[xyz@lab1]$ ssh-keygen
Generating public/private rsa1 key pair.Enter file in which to save the key (/home/xyz/.ssh/identity): /home/xyz/.ssh/identityEnter passphrase (empty for no passphrase):Enter same passphrase again:Your identification has been saved in /home/xyz/.ssh/identity.Your public key has been saved in /home/xyz/.ssh/identity.pub.The key fingerprint is:22:bc:0b:fe:f5:06:1d:c0:05:ea:59:09:e3:07:8a:8c
xyz@lab1
cd ~.ssh; ls –l-rw------- 1 xyz xyz 526 Nov 2 01:33 identity-rw-r--r-- 1 xyz xyz 330 Nov 2 01:33 identity.pub
The file identity contains your private key. This key is used to gain access on systems which have your private keylisted in their authorized keys file. Also, make sure your private key always is chmod 600, so other users on the system won't have access to it.
The file identity.pub contains your public key, which can be added to other system's authorized keys files. We will get to adding keys later
RSA Key Generation SSH1
[xyz@lab1]$ ssh-keygen –t dsa
Generating public/private dsa key pair.Enter file in which to save the key (/home/xyz/.ssh/id_dsa) Enter passphrase (empty for no passphrase):Enter same passphrase again:Your identification has been saved in /home/xyz/.ssh/id_dsaYour public key has been saved in /home/xyz/.ssh/id_dsa.pub The key fingerprint is:22:bc:0b:fe:f5:06:1d:c0:05:ea:59:09:e3:07:8a:8c
xyz@lab1
cd ~.ssh; ls –l-rw------- 1 xyz xyz 526 Nov 2 01:33 id_dsa -rw-r--r-- 1 xyz xyz 330 Nov 2 01:33 id_dsa.pub
The file id_dsa contains your version 2 private keyThe file id_dsa.pub contains your version 2 public key
Placing the public key on the remote server
To be able to log in to remote systems using your pair of keys, you will first have to add your public key on the remote server to the authorized_keys (for version 1) file,
and the authorized_keys2 (for version2) file in the .ssh/ directory in your home directory on the remote machine.
[xyz@lab1]$ cd .ssh/
For SSH1
$ scp identity.pub [email protected]:/home/identity.pub
For SSH2
$ scp id_dsa.pub [email protected]:/home/id_dsa.pub
This will place your keys in your home directory on the remote server. After that we will login on the remote server using ssh or telnet the conventional way... with a password.
[xyz@tmpsrv xyz]$ mkdir .ssh[xyz@tmpsrv xyz]$ chmod 700 .ssh[xyz@tmpsrv xyz]$ cd .ssh[[email protected]]$ touch authorized_keys[[email protected]]$ chmod 600 authorized_keys[xyz@tmpsrv .ssh]$ cat ../identity.pub >> authorized_keys
Placing the key for version 2 works about the same :
[xyz@tmpsrv xyz]$ mkdir .ssh[xyz@tmpsrv xyz]$ chmod 700 .ssh[xyz@tmpsrv xyz]$ cd .ssh[[email protected]]$ touch authorized_keys2[[email protected]]$ chmod 600 authorized_keys2[xyz@tmpsrv .ssh]$ cat ../id_dsa.pub >> authorized_keys2
Now logout from the remote server and connect again with ssh
ssh –i ./.ssh/identity 192.168.2.11 (for ssh1)
ssh –i ./.ssh/id_dsa 192.168.2.11 (for ssh2)
Software Management
Package
A package is a software collection written in a particular format to achieve a specific goal. It makes installation easier.
Redhat linux has over 450 packages available of which about 270 are installed originally on the server.
What is Package Management & why do we want it?
• Managing Programs• Executables• Data Files• Configuration Files• Documentation
Examples of Packages · Applications, eg. a word processor or a
programming language · A part of the Operating System, eg. an
FTP server
Advantages · One easily managed "chunk" · Packages are "intelligent"
What you can do with Packages
Package operations: · Installing packages · Upgrading packages · Removing packages
Keeping track of packages: · Finding out what packages are
installed · Get information on a specific
package · Is a package still installed
correctly?
Types of Packages
In Red Hat Linux there are two most common types of Packages
1. RPM Packages
2. Tarball Packages
RPM?
RPM stands for Redhat Package Manager. This utility was originally developed by Redhat but is now found in other Linux distributions.
It is an easy method for installing, upgrading, deleting, or quering a software package. RPM is a significant enhancement over the tar utility that is used to install tarballs
RPM Design Goals
• Make it easy to get packages on and
off the system • Make it easy to verify a package
was installed correctly • Make it easy for the package builder • Make it start with the original
source code • Make it work on different computer
architectures
RPM Design Goals
For the end user, RPM provides many features that make
maintaining a system far easier than it has ever been.
• One command : Installing, uninstalling, and upgrading of
RPM packages
• Package Database: Maintain database of installed packages
and their files, which allows you to perform powerful queries and verification of your system.
• During upgrades, RPM handles configuration files specially, so that you never lose your customizations -- a feature that is impossible with straight .tar.gz files.
RPM Design Goals
For the developer, RPM allows to take source code for software and package it into source and binary packages for end users. This process is quite simple and is driven from a single file and optional patches that you create
A Bit of History
RPP · Used in Red Hat Linux versions before 2.0 · Supported one-command
installation and uninstallation · Package verification · Powerful querying · No support for multiple architectures
PMS · Developed at the same time as RPP · Used in the BOGUS distribution · No package verification · Weak querying · No support for multiple architectures
PM · Produced by the developers of PMS
under contract to Red Hat Software · Combined the best features of RPP and
PMS · Weak database design · No support for multiple architectures
· Produced by Marc Ewing and Erik Troan
· Automatic Handling of Configuration Files
· Easy to rebuild many packages
· Slow and big (written in Perl)
· Poor support for multiple architectures
RPM Version 1
RPM Version 2
· Rewritten in C - much faster and didn't
require Perl · New database design improved speed and
reliability · Enhanced multiple architecture support
RPM Packages usually have a file extension.rpm
eg. eject- 1.4-3. i386 .rpm
Some packages have “noarch” in file name, it means the package is not dependent on the architecture of the system.
Package Name Platform ExtVer
I nstalling Packages
rpm –i file1.rpm ...
eg. rpm –i eject-1.4-3.i386.rpm
• Performs dependency checks · Checks for conflicts · Performs any tasks required before
the install · Decides what to do with config files · Unpacks files from the package · Performs any tasks required after the
install
I nstalling Packages (cont.)
Additional options · Overwriting packages: --replacepkgs · Overwriting files: --replacefiles · Overwriting packages and files: --force · Ignoring dependencies: --nodeps · Don't install documentation: --excludedocs
Erasing Packages
rpm -e pkg1 ...
· Checks that no other packages require the one being removed
· Performs any tasks required before uninstalling
· Check if any config files were changed· Deletes any files belonging to the package · Performs any tasks required after
uninstalling · Keeps track of what it did
rpm -e eject
Upgrading Packages
rpm -U file1.rpm ...
· Installs the new version · Erases any older versions if they exist • Configuration file handling
rpm -U eject-1.2-2.i386.rpm · "Upgrade" to an older version: --oldpackage
Querying Packages: rpm -q
Example Queries: · Where did this file come from? · What is in this package I received? · What version of this package do I have installed? · Is there any documentation for this package?
Parts to a query: · What packages to query · What information is wanted
Selecting Packages
To Check All installed packages
• rpm –qa• Use "less" or "grep“
rpm -qa | grep -i ssh
openssh-server-3.4p1-2openssh-clients-3.4p1-2openssh-askpass-gnome-3.4p1-2openssh-3.4p1-2openssh-askpass-3.4p1-2
Selecting Packages (cont.)
Query a package file: You can use the “-ql” qualifier to list all the files associated with an installed RPM. In this example we test to make sure that the NTP package is installed using the”-qa” qualifier, then we use the “-ql” qualifier to get the file listing [root@lab tmp]# rpm -qa ntp ntp-4.1.2-0.rc1.2 [root@lab tmp]# rpm -ql ntp /etc/ntp /etc/ntp.conf /etc/ntp/drift /etc/ntp/keys
Listing Files In RPM Files
You can use the “-qpl” qualifier to list all the files in a RPM file
[root@lab tmp]# rpm -qpl dhcp-3.0pl1-23.i386.rpm /etc/rc.d/init.d/dhcpd/etc/rc.d/init.d/dhcrelay/etc/sysconfig/dhcpd/etc/sysconfig/dhcrelay………/usr/share/man/man8/dhcrelay.8.gz/var/lib/dhcp/var/lib/dhcp/dhcpd.leases[root@lab tmp]#
How Uninstall RPMs
The rpm –e command will erase an installed package. The package name given must match that listed in the rpm –qa command as the version of the package is important.
[root@lab tmp]# rpm -e dhcp-3.0pl1-23.i386.rpm
How to Install Source RPMs
Sometimes the packages you want to install need to be compiled in order to match your kernel version. This requires you to use source RPM files. Download the source RPMs or locate them on CD They usually have a file extension ending with (.src.rpm) Run the following commands as root: rpmbuild --rebuild filename.src.rpm
Gnome-RPM
One of the most convenient package manipulation tools available is Gnome-RPM, a graphical tool which runs under the X Window System.
LINUX NETWORKING
Networks and Standalone Computers
• Network– Group of computers and other devices connected
by some type of transmission media– Networks enable users to share devices and data,
collectively called a network’s resources• Standalone computer
– Uses programs and data only from its local disks and is not connected to a network
Local and Remote Computers
• Local computer– Computer on which user is working
• Remote computer– Computer that user controls or works on via
network connection
Types of Network
1. Local Area Network (LAN)
2. Metropolitan Area Network (MAN)
3. Wide Area Network (WAN)
Local Area Network (LAN)
• Network of computers and other devices confined to relatively small space
• LAN Modules
- Peer to Peer Module
- Client / Server Module
Peer-to-Peer Network
• Computers communicate on single segment of cable and share each other’s data and devices
• Simple example of a local area network (LAN)• Not Secure and not scalable
Client/server network
Network based on client/server architecture– Clients do not communicate directly to each other
in a client/server architecture but use the server as an intermediate step in comm
• Network operating system– Special software designed to manage data, network
security and sharing other resources on a server for a number of clients
Networking Basics
Figure 1-3: LAN with a file
server
Advantages of Server-Based over Peer-to-Peer Networks
• User login accounts and passwords can be assigned in one place
• Access to multiple shared resources can be centrally granted
• Servers are optimized to handle heavy processing loads and dedicated to handling requests from clients
• Servers can connect more than a handful of computers
MANs and WANs
• Metropolitan area network (MAN)– Network connecting clients and servers in
multiple buildings within limited geographic area
• Wide area network (WAN)– Network that spans large distance and connects
two or more LANs– The Internet is an example of a very intricate
and extensive WAN that spans the globe
Local Area Network
Wide Area Network
Elements Common to AllServer-Based Networks
• Server• Workstation• Node
– Client, server, or other device that can communicate over a network and that is identified by a unique identifying number, known as its network address
Elements Common to AllServer-Based Networks
• Network operating system (NOS)– Linux, Solaris, Windows 2000 etc..
• Network interface card (NIC)– Enables workstation to connect to the network and
communicate with other computers
Network Topologies
• Bus Topology• Star Topology• Ring Topology• Mesh Topology• Hybrid Topologies
Bus Topology
Terminator
Segment
Terminator
Star Topology
Hub
Ring Topology
Mesh Topology
Hybrid Topologies
Star-Bus Bus
Star-Ring
Network Devices
• Repeaters and Hubs• Bridges• Switches• Routers• Gateways• Remote Access Connectivity Types• Public Switched Telephone Network (PSTN)• Integrated Services Digital Network (ISDN)• X.25• Asymmetric Digital Subscriber Line (ADSL)
Repeaters and Hubs
RepeaterTransmits data to
all connected computers
HubTransmits data to all connected computers in a star topology
Repeater
Hub
Bridges
Bridge
Switches
Switch
Routers
RouterRouter
RouterRouter
Gateways
Ethernet
Token Ring
Gateway
Remote Access Connectivity Types
Dial-up Remote Access
Remote Access Client
Remote Access Server
Virtual Private Network
Remote Access Client
Linux VPN ServerCorporateIntranet
InternetInternet
TunnelTunnel
Public Switched Telephone Network (PSTN)
AnalogModem
Analog Modem
Analog Voice Data Worldwide Availability Analog Modem 56 Kbps
Analog Voice Data Worldwide Availability Analog Modem 56 Kbps
PSTNPSTN
Telephone Wires
Client Server
Integrated Services Digital Network (ISDN)
ISDN Modem
ISDN Modem
International Communication Standard Digital Transmission Extends over Local Telephone Exchange ISDN Modem 64 Kbps or Faster
International Communication Standard Digital Transmission Extends over Local Telephone Exchange ISDN Modem 64 Kbps or Faster
ISDNISDN
Digital Telephone Lines or Telephone Wires
Client Server
X.25
Modem
Based on Packet Switching X.25 Packet Assembler/Disassembler
(PAD) Client Configuration Server Configuration
Based on Packet Switching X.25 Packet Assembler/Disassembler
(PAD) Client Configuration Server Configuration
X.25X.25
X.25 Smart Card
Client Server
PAD Service
Asymmetric Digital Subscriber Line (ADSL)
LANAdapter
Copper Telephone Lines Simultaneous Voice and Data Transmission 1.5 to 9 Mbps Downstream Rate 16 to 640 Kbps Upstream Rate LAN Interface or Dial-up Interface
Copper Telephone Lines Simultaneous Voice and Data Transmission 1.5 to 9 Mbps Downstream Rate 16 to 640 Kbps Upstream Rate LAN Interface or Dial-up Interface
ADSLADSL
LANAdapter
ATMAdapter
ATMAdapter
Client Server
ADSL Wires
Elements Common to AllServer-Based Networks
• Transmission media– Means
through which data are transmitted and received
Coaxial ThinNetThickNet10Base2, 10Base5
Fiber-Optic
Twisted-PairUnshielded (UTP)Shielded (STP)10/100
• Transmission Media
Elements Common to AllServer-Based Networks
• Protocol– Rules network uses to transfer data
e.g TCP/IP, IPX/SPX, AppleTalk ….
• Data Packets– The distinct units of data transmitted from one
computer to another on a network
What Is TCP/IP?
• TCP/IP is a universal standard suite of protocols used to provide connectivity between networked devices.
• One component of TCP/IP is the Internet Protocol (IP) which is responsible for ensuring that data is transferred between two addresses without being corrupted.
• For manageability, the data is usually split into multiple pieces or “packets”
• The two most popular transportation mechanisms used on the Internet are Transmission Control Protocol (TCP) and User Datagram Protocol (UDP).
What is TCP?
• TCP is a connection oriented protocol. It opens up aconnection between client and server programs running onseparate computers so that multiple and/or sporadic streams of data can be sent over an indefinite period of time.
TCP keeps track of the packets sent by giving each one asequence number with the remote server sending back “acknowledgement” packets confirming correct delivery.
What is UDP?
UDP is a connectionless protocol. the machine that sends the data having no means of verifying whether the data was correctly received by the remote machine
TCP / UDP Ports
While in data transmission both the UDP and the TCP segment headers track the “port” being used. The source/destination port and the source/ destination IP addresses of the client & server computers are then combined to uniquely identify each data flow
IP Addresses
• All devices connected to the Internet have an Internet Protocol (IP) address. Just like a telephone number, it helps to uniquely identify a user of the system.
• IP addresses are in reality a string of binary digits or "bits". Eachbit is either a 1 or a 0. IP addresses have 32 bits in total. • For ease of use, IP addresses are written in what is called a "dotted decimal" format, four numbers with dots in between. None of the numbers between the dots may be greater than 255. An example of an IP address would be 192.168.0.1 • The numbers between the dots are frequently referred to as"octets"
IP Address Classes
Class 1st Byte Format Total Hosts
A 0 – 126 N.H.H.H 16 Million
B 128 – 191 N.N.H.H 64 Thousand
C 192 – 239 N.N.N.H 254
D 224 – 239 - (Multicast)
E 240 – 254 - (Experimental)
Subnet Masks
• Splits networks into subnetworks• Separates address into 2 parts
– 1’s – Network Portion– 0’s – Host Portion
• Example: Class C Network– Address: N.N.N.H– Mask: 255.255.255.0 (255 = 11111111)– CIDR Notation: N.N.N.H/24
Private IP Addresses
Some groups of IP addresses are reserved for use only in private networks and are not routed over the Internet. These are
10.0.0.0 - 10.255.255.255 172.16.0.0 - 172.31.255.255 192.168.0.0 - 192.168.255.255
Home networking equipment / devices usually are configured in the factory with an IP address in the range 192.168.1.1 to 192.168.1.255
What Is Localhost?
Whether or not your computer has a network interface card it will have a “built in” IP address with which network aware applicationscan communicate with one another. This IP address is defined as 127.0.0.1 and is frequently referred to as “localhost”
MAC Address
• MAC Address also known as Physical address of hardware.
• Assigned by manufacturer (hardware)• Must be absolutely unique• Address format
– 6 octets in hex (#:#:#:#:#:#)– First 3 octets: Manufacturer Identifier– Last 3 octets: Card serial number
• Used for local network communication
Address Resolution Protocol
• Translates IP addresses to Ethernet (MAC) addresses
Who is 10.0.0.3?
10.0.0.1 10.0.0.2 10.0.0.3 10.0.0.4
I am (1:2:3:7:8:9)
arp –a: View the cache
Default Gateways
• Connects Networks together• If destination not on local network, packets
sent through gateway
route: Display/configure routing
Connecting Linux to a Network
• Hostname and IP Address assignment• Configuration of hardware• Default route (gateway) assignment• Name Service Configuration• Testing and troubleshooting
Hostnames
• Uniquely identifies each system• Fully Qualified Domain Name
– hostname.site.domain[.country]– Country: 2 letter identifier for country– Domain: Type of site (edu, com, org)– Site: Unique name of organization– Hostname: Unique name of system
• hostname: Display or set system name
Configuring NIC's IP Address
• Most modern PCs come with an ethernet port. When Linux is installed, this device is called "eth0". You can determine the IP address of this device with the "ifconfig" command
To assign or unassign the eth0 interface an IP address use the ifconfig command
ifconfig eth0 10.0.0.1 netmask 255.255.255.0 uporifconfig eth0 10.0.0.1 netmask 255.255.255.0 down
• To make this permanent each time you boot up you'll have to add this command in your /etc/sysconfig/network-scripts Directory. Interface eth0 has a file called ifcfg-eth0, eth1 uses ifcfg-eth1…etc
Typical format of Ifcfg-eth0 file.
DEVICE=eth0IPADDR=192.168.1.100NETMASK=255.255.255.0ONBOOT= yes
Or in case of DHCP server.
DEVICE=eth0BOOTPROTO=dhcpONBOOT=yes
Multiple IP Addresses On A Single NIC
You can assign multiple IP Address on a single NIC with Ifconfig command or by creating a file.
A virtual sub-interface also known as an "IP alias". IP aliasing is one of the most common ways of creating multiple IP addresses associated with a single NIC. Aliases have the name format "parent-interface-name:X", where "X" is the sub-interface number of your choice.
1. First ensure the "parent" real interface exists 2. Verify that no other IP aliases with the same name exists 3. with the name you plan to use. Create the virtual interface with the ifconfig command ifconfig eth0:0 192.168.1.99 netmask 255.255.255.0 up You then have the choice of creating a file in with the name of /etc/sysconfig/network-scripts/ifcfg-eth0:0
Default Gateway
Default gateway is the address of the router / firewall connected to the Internet or the other network.
Command to check the route is route• To add the default route use the following command route add default gw 192.168.1.1 In this case, make sure that the router / firewall with IP address 192.168.1.1 is connected to the same network the “/etc/sysconfig/network” file is used to configure default gateway each time Linux boots
Following is the sample of /etc/sysconfig/network
NETWORKING=yesHOSTNAME=lab2-3GATEWAY=192.168.1.1
• To delete default route use
route del default gw 192.168.1.1
Linux as Router
A linux server can act as router for this there is need of
1. Two NIC cards2. Enable Packet Forwarding - In simple terms packet forwarding lets packets flow through the Linux box from one network to another The configuration parameter to activate this is found in the file /etc/sysctl.conf. Remove the "#" from the line related to packet forwarding
Before # Disables packet forwarding
#net.ipv4.ip_forward=1
After # Enables packet forwarding net.ipv4.ip_forward=1 Restart the machine or use the following command to activate itimmediately.
echo 1 > /proc/sys/net/ipv4/ip_forward
Name Services
• Following files are need to be configured for name service
1. /etc/hosts– Local configuration
2. /etc/resolv.conf– Domain Name Service (DNS) lookup– search: domains to search if not FQDN
/etc/hosts
The /etc/hosts lists the name and IP address of local hostsLinux will typically check this file before referencing DNS, if the name is found with a corresponding IP address then DNS won't be queried. The /etc/hosts file has the following format
ip-address fully-qualified-domain-name alias1 alias2
The very first line should always look like this with "localhost" being the only alias
127.0.0.1 localhost.localdomain localhost
If you have a NIC card in the server, then you have to add another entry in this file. First determine whats your true hostname is: [root@test /]# hostname test
Add the corresponding entry in the /etc/hosts file for the NIC's IP address
Host test with an IP address of 192.168.1.100 isn't part of any DNS domain
192.168.1.100 test.my-site.com test mail
/etc/resolv.conf
The file /etc/resolv.conf is used to determined the name server of DNS server.
Following is the sample of resolv.conf
nameserver 202.133.76.51nameserver 192.168.2.1
Network tools
• ping – Reachability test
• arp –a - To check the MAC address
• ifconfig - To check the IP Address
• traceroute – Routing performance
• Netstat –a – Network performance stats
• nslookup/dig – DNS Queries
Domain Name Service (DNS)
Purpose of naming
• Addresses are used to locate objects
• Names are easier to remember than numbers
• You would like to get to the address or other objects using a name
• DNS provides a mapping from names to resources of several types
Names and addresses in general
• An address is how you get to an endpoint– Typically, hierarchical (for scaling):
• 950 Milton Street, Brisbane City, QLD 4064• 204.152.187.11, +617-3858-3188
• A “name” is how an endpoint is referenced– Typically, no structurally significant hierarchy
• “David”, “Tokyo”, “apnic.net”
What is DNS?
• DNS is the Domain Name System, which converts/maps symbolic machine names to the Internet addresses. It translates (maps) from name to address and from address to name.
• A Distributed, Hierarchical database of the Names of hosts on the Internet and their associated IP addresses.
In The Beginning..There was ARPANET
• Host names were mapped to IP addresses using 'hosts' files.
• This is the '/etc/hosts' file found on your Linux system. It still exists today to provide basic information to your networking system before any of the major networking services start.
• These files were then copied around the ARPANET using 9600Baud UUCP connections.
• UUCP -- Unix to Unix CoPy; Still used in some places today.
Problems• traffic and load• Name collisions• Consistency
Mapping
• A mapping is simply an association between two things, – easy-to-remember machine name, like
ftp.linux.org, – and the machine's IP address (199.249.150.4).
• DNS also contains mappings the other way, from the IP number to the machine name; this is called a "reverse mapping".
• Maps domain name to IP address.– Application calls resolver– Resolver sends UDP packet to local DNS server– DNS server returns IP address to resolver– Resolver returns IP address to application
DNS Features: Global Distribution
• Data is maintained locally, but retrievable globally– No single computer has all DNS data
• DNS lookups can be performed by any device
• Remote DNS data is locally cacheable to improve performance
DNS Features: Loose Coherency
• The database is always internally consistent– Each version of a subset of the database (a zone) has
a serial number• The serial number is incremented on each database change
• Changes to the master copy of the database are replicated according to timing set by the zone administrator
• Cached data expires according to timeout set by zone administrator
DNS Features: Scalability
• No limit to the size of the database– One server has over 20,000,000 names
• Not a particularly good idea
• No limit to the number of queries– 24,000 queries per second handled easily
• Queries distributed among masters, slaves, and caches
DNS Features: Reliability
• Data is replicated– Data from master is copied to multiple slaves
• Clients can query– Master server– Any of the copies at slave servers
• Clients will typically query local caches
DNS Features: Dynamicity
• Database can be updated dynamically– Add/delete/modify of any record
• Modification of the master database triggers replication– Only master can be dynamically updated
• Creates a single point of failure
Concept: DNS Names
• The namespace needs to be made hierarchical to be able to scale.
• The idea is to name objects based on – location (within country, set of
organizations, set of companies, etc)– unit within that location (company within set
of company, etc)– object within unit (name of person in
company)
DNS Names
• How names appear in the DNS – Fully Qualified Domain Name (FQDN)
• WWW.APNIC.NET.– labels separated by dots
• DNS provides a mapping from FQDNs to resources of several types
• Names are used as a key when fetching data in the DNS
DNS Names
• Domain names can be mapped to a tree• Dot used as a separator
whois
Root DNS
net com
whois
apnic
ftpwww
iana
org
dots
gov
Concept: Resource Records
• The DNS maps names into data using Resource Records.
www.apnic.net. … A 10.10.10.2
Address Resource
Resource Record
Concept: Domains
• Domains are “namespaces”
• Everything below .com is in the com domain
• Everything below apnic.net is in the apnic.net domain and in the net domain
Concept: Domains
net domain
com domain
apnic.net domain
net com
apnic
www www
edu
isi tislabs
•training
ns1ns2
•
• •
•
•
ftp
sun
moon
•
•
Delegation
• Administrators can create subdomains to group hosts– According to geography, organizational affiliation or any other
criterion
• An administrator of a domain can delegate responsibility for managing a subdomain to someone else
• The parent domain retains links to the delegated subdomain– The parent domain “remembers” who it delegated the subdomain to
Concept: Zones and Delegations
• Zones are “administrative spaces”
• Zone administrators are responsible for portion of a domain’s name space
• Authority is delegated from a parent and to a child
Concept: Zones and Delegations
net domain
apnic.net zone
net zone
training.apnic.net zone
net com
apnic
www www
edu
isi tislabs
•
training
ns1ns2
•
• •
•
•
•ftp
sun
moon
google•
the Domain Name System
• It has two parts...– the Name Server– the Resolver
Type of DNS Servers
• Primary: Contains the writable authoritative copy for the zones that it is primary for
• Secondary: Contains mirror copy of the data from a primary nameserver. No updates take place here, used to provide redundancy
• Caching-only: relies on other name servers for authoritative answers
Note: BIND -- Berkley Internet Name DaemonThis is the most common name server..
Primary vs. Secondary Servers
• Primary – Data loaded from a file. – One primary server per zone.
• Secondary – Data transferred from a primary server. – Data may be stored in a file. – Checks every refresh period with the primary,
looking for changes. – Might have many secondaries per zone
Sample Forward Lookup File
;; domain.edu (use your favorite naming scheme)$TTL 86400@ IN SOA ns1.domain.edu. root.domain.edu. (
2002093000 ; serial - YYYYMMDDXX21600 ; refresh - 6 hours1200 ; retry - 20 minutes3600000; expire - long time86400) ; minimum TTL - 24 hours
;; NameserversIN NS ns1.domain.edu.IN NS ns2.domain.edu.
;; Hosts with just A recordshost1 IN A 1.0.0.1
Concept: Resource Records
• Resource records consist of it’s name, it’s TTL, it’s class, it’s type and it’s RDATA
• TTL is a timing parameter• IN class is widest used• There are multiple types of RR records• Everything behind the type identifier is called
rdata
Labelttl
classtype rdata
www.ibadat.edu.pk. 3600 IN A 10.10.10.2
Example: RRs in a zone file
apnic.net. 7200 IN SOA ns.apnic.net. admin.apnic.net. (
2001061501 ; Serial 43200 ; Refresh 12 hours 14400 ; Retry 4 hours 345600 ; Expire 4 days 7200 ; Negative cache 2 hours )
apnic.net. 7200 IN NS ns.apnic.net.apnic.net. 7200 IN NS ns.ripe.net.
Label ttl class type rdata
host25.apnic.net. 2600 IN A 193.0.3.25
Configuring named.conf
The main DNS configuration is kept in the file /etc/named.conf which is used to tell BIND where to find the configuration files for each domain you own. There are usually two zone areas in this file:
Forward zone file definitions which list files to map domains to IP addresses
Reverse zone file definitions which list files to map IP addresses to domains
In this example the forward zone for www.my-site.com is being set up by placing the following entries at the bottom of the /etc/named.conf file. The zone file is named my-site.zone
zone "my-site.com" {
type master;notify no;allow-query { any; };file "my-site.zone";
};
You can also insert additional entries in the /etc/named.conf file zone "my-other-site.com" { type master;notify no;allow-query { any; };file "my-other-site.zone"; };
DNS Data
• DNS databases contain more than just hostname-to-address records:– Name server records NS– Hostname aliases CNAME– Mail Exchangers MX– Host Information HINFO
Resource Record: SOA and NS
• The SOA and NS records are used to provide information about the zone itself
• The NS indicates where information about a given zone can be found
• The SOA record provides information about the Start Of Authority, i.e. the top of the zone, also called the APEX
Resource Record: SOA
Timing parameter
Master server
Contact address
Version number
net. 3600 IN SOA A.GTLD-SERVERS.net. nstld.verisign-grs.com. (2002021301 ; serial30M ; refresh15M ; retry1W ; expiry1D ) ; neg.answ.ttl
Concept: TTL and other Timers
• TTL is a timer used in caches– An indication for how long the data may be reused– Data that is expected to be ‘stable’ can have high
TTLs
• SOA timers are used for maintaining consistency between primary and secondary servers
Writing a zone file
• Zone file is written by the zone administrator
• Zone file is read by the master server and it’s content is replicated to slave servers
• What is in the zone file will end up in the database
• Because of timing issues it might take some time before the data is actually visible at the client side
First attempt
• The ‘header’ of the zone file– Start with a SOA record– Include authoritative name servers and– Add other information
• Add other RRs
• Delegate to other zones
The SOA record
apnic.net. 3600 IN SOA ns.apnic.net. admin\.email.apnic.net. (
2002021301 ; serial1h ; refresh30M ; retry1W ; expiry3600 ) ; neg. answ. ttl
• [email protected] admin\.email.apnic.net
• Serial number: 32bit circular arithmetic– People often use date format– To be increased after editing
• The timers above qualify as reasonable
Authoritative NS records and related A records
• NS record for all the authoritative servers– They need to carry the zone at the moment you
publish
• A records only for “in-zone” name servers– Delegating NS records might have glue associated
apnic.net. 3600 IN NS NS1.apnic.net.apnic.net. 3600 IN NS NS2.apnic.net.
NS1.apnic.net. 3600 IN A 203.0.0.4NS2.apnic.net. 3600 IN A 193.0.0.202
Other data in the zone
• Add all the other data to your zone file
• Some notes on notation– Note the fully qualified domain name including
trailing dot– Note TTL and CLASS
localhost.apnic.net. 3600 IN A 127.0.0.1NS1.apnic.net. 4500 IN A 203.0.0.4
www.apnic.net. 3600 IN CNAME wasabi.apnic.net.apnic.net. 3600 IN MX 50 mail.apnic.net.
Complete Zone file format
apnic.net. 3600 IN SOA NS1.apnic.net. admin\.email.apnic.net. ( 2002021301 ; serial 1h ; refresh 30M ; retry 1W ; expiry 3600 ) ; neg. answ. Ttl
apnic.net. 3600 IN NS NS1.apnic.net.apnic.net. 3600 IN NS NS2.apnic.net.
apnic.net. 3600 IN MX 50 mail.apnic.net.apnic.net. 3600 IN MX 150 mailhost2.apnic.net.
NS1.apnic.net. 4500 IN A 203.0.0.4NS2.apnic.net. 3600 IN A 193.0.0.202localhost.apnic.net. 3600 IN A 127.0.0.1
NS1.apnic.net. 3600 IN A 193.0.0.4www.apnic.net. 3600 IN CNAME IN. apnic.net.
Sample Forward Zone File of my-site.com.
; Zone file for my-site.com;; The full zone file;$TTL 3D@ IN SOA www.my-site.com. hostmaster.my-site.com. ( 200211152 ; serial# 3600 ; refresh, seconds 3600 ; retry, seconds 3600 ; expire, seconds 3600 ) ; minimum, seconds; NS www ; Inet Address of nameserver my-site.com. MX 10 mail ; Primary Mail Exchanger ;localhost A 127.0.0.1www A 97.158.253.26mail CNAME www
Sample Rev Zone File of my-site.com.
; Filename: 192-168-1.zone;; Zone file for 192.168.1.x;$TTL 3D@ IN SOA www.my-site.com. hostmaster.my-site.com. ( 200303301 ; serial number 8H ; refresh, seconds 2H ; retry, seconds 4W ; expire, seconds 1D ) ; minimum, seconds; NS www ; Nameserver Address; 100 PTR bigboy.my-site.com.103 PTR smallfry.my-site.com. 32 PTR dhcp-32.my-site.com.33 PTR dhcp-33.my-site.com
DNS Message Format
HEADER
QUERIES
Response RESOURCE RECORDS
Response AUTHORITY RECORDS
Response ADDITIONAL INFORMATION
DNS Message Header
• query identifier• flags• # of questions• # of RRs• # of authority RRs• # of additional RRs
Response}16 b
it f
ield
s
Message Flags
• QR: Query=0, Response=1• AA: Authoritative Answer• TC: response truncated (> 512 bytes)• RD: recursion desired• RA: recursion available• rcode: return code
Recursion
• A request can indicate that recursion is desired - this tells the server to find out the answer (possibly by contacting other servers).
• If recursion is not requested - the response may be a list of other name servers to contact.
Question Format
Name: domain name (or IP address)
Query type (A, NS, MX, …)
Query class (1 for IP)
Response Resource Record
• Domain Name• Response type • Class (IP)• Time to live (in seconds) • Length of resource data • Resource data
UDP & TCP
• Both UDP and TCP are used:– TCP for transfers of entire database to
secondary servers (replication).– UDP for lookups– If more than 512 bytes in response - requestor
resubmits request using TCP.
WEB Server
Web Server?
A Web server is the server software behind the World Wide Web.
It listens for requests from a client, such as a browser like Netscape or Microsoft's Internet Explorer. When it gets one, it processes that request and returns some data.
This data usually takes the form of a formatted page with text and graphics. The browser then renders this data to the best of its ability and presents it to the user.
Web servers are in concept very simple programs. They await for requests and fulfill them when received.
How WWW works?
Web Client
Web Server
1. DNS Lookup
2. TCP connection
3. HTTP request
4. HTTP response
Typical Transaction on the Web
The Web is based on the client/server paradigm.
URLDNS Server
Web servers communicate with browsers or other clients using the Hypertext Transfer Protocol (HTTP), which is a simple protocol that standardizes the way requests are sent and processed. This allows a variety of clients to communicate with any vendor's server without compatibility problems. Most of the documents requested are formatted using Hypertext Markup Language (HTML). HTML is a small subset of another markup language called Standard General Markup Language (SGML), which is in wide use by many organizations and the U.S. Government.
HTTP /Hypertext Transfer Protocol
• The protocol, designed by Tim Berners-Lee as early as 1989
• Application-level protocol• client (browser) makes request - server responds• support for:
– use of URL’s– Internet media types (MIME types: RFC2045-
RFC2049)• allows access to different data formats • standards:
– HTTP 1.0 (RFC 1945), HTTP 1.1 (RFC 2616, a formal on 07.99)
protocol server name port directory/file name on the server
http://www.apache.kr.net:8080/directory/file.html
HTTP Request/Response
GET /index.html HTTP/1.1Host: orange.kr.psi.net
HTTP/1.1 200 OKDate: Tue, 09 Jan 2001 10:49:14 GMTServer: Apache/1.3.14 (Unix)Last-Modified: Tue, 09 Jan 2001 01:11:02 GMTETag: "131e-a074-3a5a6526"Accept-Ranges: bytesContent-Length: 41076Content-Type: text/html
<!--Copyright (c) 1997-2001 by Kwan-jin,Jung --><!--All Rights Reserved -->
<html>
Simple client request
Server reply
Server status codes
• Status codes are three digit numbers grouped as follows:· 1xx - informational· 2xx - client request successful
200 - OK· 3xx - request redirected· 4xx - client errors (request incomplete)
403 - Forbidden
404 - Not found· 5xx - server errors
The Apache HTTP Project
• A common GoalTo provide an open-source, secure, efficient and extensible server that provides HTTP services in sync with non-proprietary World Wide Web standards
• Apache Group– Non-Profit Organization– Develop bug fixes and software additions– Approve and implement any bug fixes and software additions submitted
by non-core developers – Test new releases– Document new features
What’s the Apache ?
• Freely Available : – source code– binaries for many platforms (version 1.3.x includes also the
Windows NT)• Web server orginally based on NCSA server(in 1995)• Over 60% of Internet Web servers run Apache or an Apache
derivative(In the December 2000 survey)• very configurable, lots of directives...• optional modules provide extra functionality• Powerful performance and Continually upgrade
What’s an Apache Module?
• 'modular' architecture makes is possible for anyone to add new functions to the server
• There are a large number of modules now written for Apache
• A way to extend the Web server’s request processing• It is easy to add a module to Apache• Can be statically or dynamically loaded
Features of Apache
Support for Windows NT systems(Available on Windows 95/98/2000)
Better configuration and building process Support for dynamic modules Better performance Better security Enhanced virtual host configurations
Installing the Server on Unix
• If you have a pre-built package– Install it and runs
• Otherwise,– download and unpack in suitable directory
(ftp, uncompress, gunzip, tar...)– initial configuration(Choose your modules)– Compile the server– install executable in system – further configuration files to reflect your
environment– Run httpd
Apache directory structure
• some important directories:– cgi-bin/ - CGI scripts directory– conf/ - configuration files for httpd server– htdocs/ - main directory for documents– logs/ - directory with log files – other stuff (bin/, icons/, include/,proxy/, man/…)
default location is ‘/usr/local/apache’
bin conf wwwcgi-bin logslibexec
ab httpd htpasswd
Configuring Apache
• How ? (It’s basic configuration)– ServerType standalone– Port 80– User apache– Group apache– ServerAdmin your_e-mail_address– ServerRoot "/etc/httpd"– ErrorLog /var/log/httpd/logs/error_log– TransferLog /var/log/httpd/access_log– DocumentRoot /var/www/html– DirectoryIndex index.html– ScriptAlias /cgi-bin/ /var/www/cgi-bin/
• More Directives :– StartServers, Min/MaxSpareServers, MaxClients, …
Alias
Alias /home /var/www/html/mail/
</Directory “/home/mail”>Opetions Indexes MultiviewsAllowOverride NoneOrder allow,denyAllow from all</Directory>
• CGI, PHP Scripts
ScriptAlias /passwd "/home/httpd/cgi-bin/chpasswd.cgi" <Directory "/home/httpd/cgi-bin/chpasswd.cgi">
AllowOverride AuthConfigOptions ExecCGIOrder allow,denyAllow from all
</Directory>
Virtual Hosts
• The term Virtual Host refers to the practice of maintaining more than one server on one machine, as differentiated by their apparent hostname.
• ISPs do this a lot• Allows additional Web presence without
accompanying hardware or software investment required
• each of the virtual server may have totally different content, configuration, separate log and error files, …
• alternative is to run another server on a different port
• part of basic server configuration (httpd.conf)
<VirtualHost comsats.edu.pk>ServerAdmin [email protected] /home/httpd/cgi-bin/nwebmailServerName ibadat.comServerAlias www.ibadat.com
</VirtualHost>