tag:blogger.com,1999:blog-24745798067670047242024-03-13T20:35:08.462+04:00Linux / Aix Administration - Tips & StuffAnonymoushttp://www.blogger.com/profile/06075017084210151388noreply@blogger.comBlogger95125tag:blogger.com,1999:blog-2474579806767004724.post-80825123943143100722010-08-13T13:47:00.002+04:002010-08-13T13:58:05.326+04:00Linux Kernel panic reboot<div class="Section1"><div><div class="MsoNormal"><span style="font-family: Arial; font-size: x-small;"><span style="font-family: Arial; font-size: 10pt;">By default after a kernel panic Linux just waits there for a sysadmin to hit the restart or powercycle button. This is because of the value set on "kernel.panic" parameter.<br />
<br />
[root@linux23 ~]# cat /proc/sys/kernel/panic<br />
0<br />
[root@linux23 ~]# sysctl -a | grep kernel.panic<br />
kernel.panic = 0<br />
[root@linux23 ~]#<br />
<br />
To disable this and make the Linux OS reboot after a kernel panic, we have to set an integer N greater than zero to the paramter "kernel.panic", where "N" is the number of seconds to wait before a automatic reboot. For example , if you set N = 10 , then the system waits for 10 seconds before automatic reboot. To make this permanent, edit /etc/sysctl.conf and set it.<br />
<br />
[root@linux23 ~]# echo "10" > /proc/sys/kernel/panic<br />
0<br />
[root@linux23 ~]# grep kernel.panic /etc/sysctl.conf<br />
kernel.panic = 10<br />
[root@linux23 ~]#<o:p></o:p></span></span></div></div></div>Anonymoushttp://www.blogger.com/profile/06075017084210151388noreply@blogger.com5tag:blogger.com,1999:blog-2474579806767004724.post-67925675936150383492010-08-13T13:06:00.001+04:002010-08-13T13:59:20.690+04:00Disable ipv6 on RHEL 4 and 5<div class="Section1"><div><div><span style="font-family: Times New Roman; font-size: small;"><span style="font-size: 12pt;">Edit /etc/sysconfig/network and change<o:p></o:p></span></span><br />
<code><span style="font-family: Courier New; font-size: x-small;"><span style="font-size: 10pt;">NETWORKING_IPV6=yes</span></span></code> to<br />
<code><span style="font-family: Courier New; font-size: x-small;"><span style="font-size: 10pt;">NETWORKING_IPV6=no</span></span></code><o:p></o:p><br />
<span style="font-family: Times New Roman; font-size: small;"><span style="font-size: 12pt;">Edit /etc/modprobe.conf and add these lines (if they're not in it):<o:p></o:p></span></span><br />
<code><span style="font-family: Courier New; font-size: x-small;"><span style="font-size: 10pt;">alias net-pf-10 off</span></span></code><span style="font-family: Courier New; font-size: x-small;"><span style="font-family: "Courier New"; font-size: 10pt;"><br />
<code><span style="font-family: Courier New;">alias ipv6 off</span></code></span></span><o:p></o:p><br />
<span style="font-family: Times New Roman; font-size: small;"><span style="font-size: 12pt;">Stop the ipv6tables service by typing:<o:p></o:p></span></span><br />
<code><span style="font-family: Courier New; font-size: x-small;"><span style="font-size: 10pt;">service ip6tables stop</span></span></code><o:p></o:p><br />
<span style="font-family: Times New Roman; font-size: small;"><span style="font-size: 12pt;">Disable the ipv6tables service by typing:<o:p></o:p></span></span><br />
<code><span style="font-family: Courier New; font-size: x-small;"><span style="font-size: 10pt;">chkconfig ip6tables off</span></span></code><o:p></o:p><br />
<span style="font-family: Times New Roman; font-size: small;"><span style="font-size: 12pt;">After these changes, IPv6 will be disabled after the next reboot of your system.<o:p></o:p></span></span></div></div></div>Anonymoushttp://www.blogger.com/profile/06075017084210151388noreply@blogger.com1tag:blogger.com,1999:blog-2474579806767004724.post-21975883232420534502010-08-13T13:04:00.002+04:002010-08-13T13:59:51.205+04:00Why is there no free RAM in Linux? or Why Memory usage is 100% in Linux?<div class="Section1"><div><div class="MsoNormal"><span class="postbody"><span style="font-family: Times New Roman; font-size: small;"><span style="font-size: 12pt;">Traditional Unix tools like 'top' often report a surprisingly small amount of free memory after a system has been running for a while. For instance, after about 3 hours of uptime, the machine I'm writing this on reports under 60 MB of free memory, even though I have 512 MB of RAM on the system. Where does it all go? </span></span></span><br />
<br />
<span class="postbody">The biggest place it's being used is in the disk cache, which is currently over 290 MB. This is reported by top as "cached". Cached memory is essentially free, in that it can be replaced quickly if a running (or newly starting) program needs the memory. </span><br />
<br />
<span class="postbody">The reason Linux uses so much memory for disk cache is because the RAM is wasted if it isn't used. Keeping the cache means that if something needs the same data again, there's a good chance it will still be in the cache in memory. Fetching the information from there is around 1,000 times quicker than getting it from the hard disk. If it's not found in the cache, the hard disk needs to be read anyway, but in that case nothing has been lost in time. </span><br />
<br />
<span class="postbody">To see a better estimation of how much memory is really free for applications to use, run the command: </span><o:p></o:p></div><div align="center"><table border="0" cellpadding="0" cellspacing="1" class="MsoNormalTable" style="width: 90%;"><tbody>
<tr> <td style="padding: 2.25pt;"><div class="MsoNormal"><span class="genmed"><b><span style="font-family: Times New Roman; font-size: small;"><span style="font-size: 12pt; font-weight: bold;">Code:</span></span></b></span><o:p></o:p></div></td> </tr>
<tr> <td style="padding: 2.25pt;"><div class="MsoNormal"><span style="font-family: Times New Roman; font-size: small;"><span style="font-size: 12pt;">free <span style="color: navy;"><span style="color: navy;">–</span></span>m<o:p></o:p></span></span></div></td> </tr>
</tbody></table></div><div class="MsoNormal"><span style="font-family: Times New Roman; font-size: small;"><span style="font-size: 12pt;"><br />
<span class="postbody">The -m option stands for megabytes, and the output will look something like this: </span><o:p></o:p></span></span></div><div align="center"><table border="0" cellpadding="0" cellspacing="1" class="MsoNormalTable" style="width: 90%;"><tbody>
<tr> <td style="padding: 2.25pt;"><div class="MsoNormal"><span class="genmed"><b><span style="font-family: Times New Roman; font-size: small;"><span style="font-size: 12pt; font-weight: bold;">Code:</span></span></b></span><o:p></o:p></div></td> </tr>
<tr> <td style="padding: 2.25pt;"><div class="MsoNormal"><span style="font-family: Times New Roman; font-size: small;"><span style="font-size: 12pt;"> total used free shared buffers cached <br />
Mem: 503 451 52 0 14 293 <br />
-/+ buffers/cache: 143 360 <br />
Swap: 1027 0 1027<o:p></o:p></span></span></div></td> </tr>
</tbody></table></div><div class="MsoNormal"><span style="font-family: Times New Roman; font-size: small;"><span style="font-size: 12pt;"><br />
<span class="postbody">The <span style="color: green;"><span style="color: green;">-/+ buffers/cache</span></span> line shows how much memory is used and free from the perspective of the applications. Generally speaking, if little swap is being used, memory usage isn't impacting performance at all. </span><br />
<br />
<span class="postbody">Notice that I have 512 MB of memory in my machine, but only 503 is listed as available by free. This is mainly because the kernel can't be swapped out, so the memory it occupies could never be freed. There may also be regions of memory reserved for/by the hardware for other purposes as well, depending on the system architecture. </span><br />
<br />
<span style="color: navy;"><span style="color: navy;"><o:p></o:p></span></span></span></span></div><div class="MsoNormal"><br />
</div><div class="MsoNormal"><span class="postbody"><span style="color: darkblue; font-family: Times New Roman; font-size: medium;"><span style="color: darkblue; font-size: 13.5pt;">The difference among VIRT, RES, and SHR in top output</span></span> </span><br />
<span class="postbody">VIRT stands for the virtual size of a process, which is the sum of memory it is actually using, memory it has mapped into itself (for instance the video card's RAM for the X server), files on disk that have been mapped into it (most notably shared libraries), and memory shared with other processes. VIRT represents how much memory the program is able to access at the present moment. </span><br />
<br />
<span class="postbody">RES stands for the resident size, which is an accurate representation of how much actual physical memory a process is consuming. (This also corresponds directly to the %MEM column.) This will virtually always be less than the VIRT size, since most programs depend on the C library. </span><br />
<br />
<span class="postbody">SHR indicates how much of the VIRT size is actually sharable (memory or libraries). In the case of libraries, it does not necessarily mean that the entire library is resident. For example, if a program only uses a few functions in a library, the whole library is mapped and will be counted in VIRT and SHR, but only the parts of the library file containing the functions being used will actually be loaded in and be counted under RES. </span><br />
<br />
<span class="postbody"><span style="color: darkblue; font-size: medium;"><span style="color: darkblue; font-size: 13.5pt;">The difference between buffers and cache</span></span> </span><br />
<span class="postbody">Buffers are associated with a specific block device, and cover caching of filesystem metadata as well as tracking in-flight pages. The cache only contains parked file data. That is, the buffers remember what's in directories, what file permissions are, and keep track of what memory is being written from or read to for a particular block device. The cache only contains the contents of the files themselves. </span><br />
<br />
<span class="postbody">Corrections and additions to this section welcome; I've done a bit of guesswork based on tracing how /proc/meminfo is produced to arrive at these conclusions. </span><br />
<br />
<span class="postbody"><span style="color: darkblue; font-size: medium;"><span style="color: darkblue; font-size: 13.5pt;">Swappiness (2.6 kernels)</span></span> </span><br />
<span class="postbody">Since 2.6, there has been a way to tune how much Linux favors swapping out to disk compared to shrinking the caches when memory gets full. </span><br />
<br />
<span class="postbody">When an application needs memory and all the RAM is fully occupied, the kernel has two ways to free some memory at its disposal: it can either reduce the disk cache in the RAM by eliminating the oldest data or it may swap some less used portions (pages) of programs out to the swap partition on disk. It is not easy to predict which method would be more efficient. </span><br />
<span class="postbody">The kernel makes a choice by roughly guessing the effectiveness of the two methods at a given instant, based on the recent history of activity. </span><br />
<br />
<span class="postbody">Before the 2.6 kernels, the user had no possible means to influence the calculations and there could happen situations where the kernel often made the wrong choice, leading to thrashing and slow performance. The addition of swappiness in 2.6 changes this. </span><br />
<br />
<span class="postbody">Swappiness takes a value between 0 and 100 to change the balance between swapping applications and freeing cache. At 100, the kernel will always prefer to find inactive pages and swap them out; in other cases, whether a swapout occurs depends on how much application memory is in use and how poorly the cache is doing at finding and releasing inactive items. </span><br />
<br />
<span class="postbody">The default swappiness is 60. A value of 0 gives something close to the old behavior where applications that wanted memory could shrink the cache to a tiny fraction of RAM. For laptops which would prefer to let their disk spin down, a value of 20 or less is recommended. </span><br />
<br />
<span class="postbody">As a sysctl, the swappiness can be set at runtime with either of the following commands: </span><o:p></o:p></div><div align="center"><table border="0" cellpadding="0" cellspacing="1" class="MsoNormalTable" style="width: 90%;"><tbody>
<tr> <td style="padding: 2.25pt;"><div class="MsoNormal"><span class="genmed"><b><span style="font-family: Times New Roman; font-size: small;"><span style="font-size: 12pt; font-weight: bold;">Code:</span></span></b></span><o:p></o:p></div></td> </tr>
<tr> <td style="padding: 2.25pt;"><div class="MsoNormal"><span style="font-family: Times New Roman; font-size: small;"><span style="font-size: 12pt;"># sysctl -w vm.swappiness=30 <br />
# echo 30 >/proc/sys/vm/swappiness<o:p></o:p></span></span></div></td> </tr>
</tbody></table></div><div class="MsoNormal"><span style="font-family: Times New Roman; font-size: small;"><span style="font-size: 12pt;"><br />
<span class="postbody">The default when Gentoo boots can also be set in <span style="color: green;"><span style="color: green;">/etc/sysctl.conf</span></span>: </span><o:p></o:p></span></span></div><div align="center"><table border="0" cellpadding="0" cellspacing="1" class="MsoNormalTable" style="width: 90%;"><tbody>
<tr> <td style="padding: 2.25pt;"><div class="MsoNormal"><span class="genmed"><b><span style="font-family: Times New Roman; font-size: small;"><span style="font-size: 12pt; font-weight: bold;">Code:</span></span></b></span><o:p></o:p></div></td> </tr>
<tr> <td style="padding: 2.25pt;"><div class="MsoNormal"><span style="font-family: Times New Roman; font-size: small;"><span style="font-size: 12pt;"># Control how much the kernel should favor swapping out applications (0-100) <br />
vm.swappiness = 30<o:p></o:p></span></span></div></td> </tr>
</tbody></table></div><div class="MsoNormal"><span style="font-family: Times New Roman; font-size: small;"><span style="font-size: 12pt;"><br />
<span class="postbody">Some patchsets allow the kernel to auto-tune the swappiness level as it sees fit; they may not keep a user-set value. </span><o:p></o:p></span></span></div></div></div>Anonymoushttp://www.blogger.com/profile/06075017084210151388noreply@blogger.com0tag:blogger.com,1999:blog-2474579806767004724.post-43453485474325743242010-08-13T12:56:00.002+04:002010-08-13T14:00:10.869+04:00print commands in Linux<div class="Section1"><div class="MsoNormal"><span style="font-family: Arial; font-size: x-small;"><span style="font-family: Arial; font-size: 10pt;">To see a list of available printers: <o:p></o:p></span></span></div><div class="MsoNormal"><br />
</div><div class="MsoNormal"><b><span style="color: blue; font-family: Arial; font-size: x-small;"><span style="color: blue; font-family: Arial; font-size: 10pt; font-weight: bold;"># lpstat -p -d<o:p></o:p></span></span></b></div><div class="MsoNormal"><br />
</div><div class="MsoNormal"><span style="font-family: Arial; font-size: x-small;"><span style="font-family: Arial; font-size: 10pt;">To print the file to printer "MyPrinter"<o:p></o:p></span></span></div><div class="MsoNormal"><br />
</div><div class="MsoNormal"><b><span style="color: blue; font-family: Arial; font-size: x-small;"><span style="color: blue; font-family: Arial; font-size: 10pt; font-weight: bold;"># lpr -P MyPrinter filename<o:p></o:p></span></span></b></div><div class="MsoNormal"><br />
</div><div class="MsoNormal"><span style="font-family: Arial; font-size: x-small;"><span style="font-family: Arial; font-size: 10pt;">To view (query) the print queue, use the lpq or lpstat command. When entered without arguments, it displays the contents of the default print queue.<o:p></o:p></span></span></div><div class="MsoNormal"><br />
</div><div class="MsoNormal"><b><span style="color: blue; font-family: Arial; font-size: x-small;"><span style="color: blue; font-family: Arial; font-size: 10pt; font-weight: bold;"># lpq<o:p></o:p></span></span></b></div><div class="MsoNormal"><b><span style="color: blue; font-family: Arial; font-size: x-small;"><span style="color: blue; font-family: Arial; font-size: 10pt; font-weight: bold;"># lpstat<o:p></o:p></span></span></b></div><div class="MsoNormal"><br />
</div><div class="MsoNormal"><span style="font-family: Arial; font-size: x-small;"><span style="font-family: Arial; font-size: 10pt;">To list the default printer<o:p></o:p></span></span></div><div class="MsoNormal"><br />
</div><div class="MsoNormal"><b><span style="color: blue; font-family: Arial; font-size: x-small;"><span style="color: blue; font-family: Arial; font-size: 10pt; font-weight: bold;"># lpstat -d<o:p></o:p></span></span></b></div><div class="MsoNormal"><br />
</div><div class="MsoNormal"><span style="font-family: Arial; font-size: x-small;"><span style="font-family: Arial; font-size: 10pt;">To know the status of default printer<o:p></o:p></span></span></div><div class="MsoNormal"><br />
</div><div class="MsoNormal"><b><span style="color: blue; font-family: Arial; font-size: x-small;"><span style="color: blue; font-family: Arial; font-size: 10pt; font-weight: bold;"># lpstat -p<o:p></o:p></span></span></b></div><div class="MsoNormal"><br />
</div><div class="MsoNormal"><span style="font-family: Arial; font-size: x-small;"><span style="font-family: Arial; font-size: 10pt;">If the printer status is disabled, you need to enable the printer using "enable" command as follows.<o:p></o:p></span></span></div><div class="MsoNormal"><br />
</div><div class="MsoNormal"><b><span style="color: blue; font-family: Arial; font-size: x-small;"><span style="color: blue; font-family: Arial; font-size: 10pt; font-weight: bold;"># /usr/bin/enable <PrinterName><o:p></o:p></span></span></b></div><div class="MsoNormal"><br />
</div><div class="MsoNormal"><span style="font-family: Arial; font-size: x-small;"><span style="font-family: Arial; font-size: 10pt;">To disable the printer<o:p></o:p></span></span></div><div class="MsoNormal"><br />
</div><div class="MsoNormal"><b><span style="color: blue; font-family: Arial; font-size: x-small;"><span style="color: blue; font-family: Arial; font-size: 10pt; font-weight: bold;"># /usr/bin/disable -c <PrinterName><o:p></o:p></span></span></b></div><div class="MsoNormal"><br />
</div><div class="MsoNormal"><span style="font-family: Arial; font-size: x-small;"><span style="font-family: Arial; font-size: 10pt;">To reset the print queue, you have to disable and reenable as follows<o:p></o:p></span></span></div><div class="MsoNormal"><br />
</div><div class="MsoNormal"><b><span style="color: blue; font-family: Arial; font-size: x-small;"><span style="color: blue; font-family: Arial; font-size: 10pt; font-weight: bold;"># /usr/bin/disable -c <PrinterName><o:p></o:p></span></span></b></div><div class="MsoNormal"><b><span style="color: blue; font-family: Arial; font-size: x-small;"><span style="color: blue; font-family: Arial; font-size: 10pt; font-weight: bold;"># /usr/bin/enable <PrinterName><o:p></o:p></span></span></b></div><div class="MsoNormal"><br />
</div><div class="MsoNormal"><span style="font-family: Arial; font-size: x-small;"><span style="font-family: Arial; font-size: 10pt;">To remove the print job<o:p></o:p></span></span></div><div class="MsoNormal"><br />
</div><div class="MsoNormal"><b><span style="color: blue; font-family: Arial; font-size: x-small;"><span style="color: blue; font-family: Arial; font-size: 10pt; font-weight: bold;"># lprm <job Number></span></span></b><b><span style="color: navy; font-family: Arial; font-size: x-small;"><span style="color: navy; font-family: Arial; font-size: 10pt; font-weight: bold;"><o:p></o:p></span></span></b></div></div>Anonymoushttp://www.blogger.com/profile/06075017084210151388noreply@blogger.com0tag:blogger.com,1999:blog-2474579806767004724.post-52172677645428581862010-08-13T12:48:00.005+04:002010-08-13T14:00:45.320+04:00How can I unlock a SAN disk in AIX?<div class="Section1"><span style="font-family: Times New Roman; font-size: small;"><span style="font-size: 12pt;">I got my LUN mapped to my system, but when I try to create my Volume Group with </span></span><code><span style="font-family: Courier New; font-size: x-small;"><span style="font-size: 10pt;">mkvg -f vpath100</span></span></code> all I get is an I/O error. What can I do? <o:p></o:p><br />
<span style="font-family: Times New Roman; font-size: small;"><span style="font-size: 12pt;">Probably there is still a SAN lock on the disk. Try to unlock it with: <o:p></o:p></span></span><br />
<pre><span style="font-family: Courier New; font-size: x-small;"><span style="font-size: 10pt;"> # <b><span style="font-weight: bold;">lquerypv -ch /dev/vpath100</span></b><o:p></o:p></span></span></pre><span style="font-family: Times New Roman; font-size: small;"><span style="font-size: 12pt;">and retry to create your Volume Group. <o:p></o:p></span></span></div>Anonymoushttp://www.blogger.com/profile/06075017084210151388noreply@blogger.com0tag:blogger.com,1999:blog-2474579806767004724.post-61685726332000480492010-08-13T12:48:00.004+04:002010-08-13T14:00:29.302+04:00How can I directly read out the VGDA of a PV (hdisk)?<div class="Section1"><span style="font-family: Times New Roman; font-size: small;"><span style="font-size: 12pt;">Information about VGx, LVx, filesystems, etc. are stored in the ODM. But these information are also written to the VGDA of the disks itself. You can read the information directly from the disk's VGDA with a command like this: <o:p></o:p></span></span><br />
<pre><span style="font-family: Courier New; font-size: x-small;"><span style="font-size: 10pt;"> # <b><span style="font-weight: bold;">lqueryvg -Atp hdisk100</span></b><o:p></o:p></span></span></pre><span style="font-family: Times New Roman; font-size: small;"><span style="font-size: 12pt;">You can use <o:p></o:p></span></span><br />
<pre><span style="font-family: Courier New; font-size: x-small;"><span style="font-size: 10pt;"> # <b><span style="font-weight: bold;">redefinevg -d hdisk100 myvg</span></b><o:p></o:p></span></span></pre><span style="font-family: Times New Roman; font-size: small;"><span style="font-size: 12pt;">to synchronize the ODM with the information of the VGDA. You can also synchronize the VGDA with the information stored in the ODM: <o:p></o:p></span></span><br />
<pre><span style="font-family: Courier New; font-size: x-small;"><span style="font-size: 10pt;"> # <b><span style="font-weight: bold;">synclvodm myvg</span></b><o:p></o:p></span></span></pre></div>Anonymoushttp://www.blogger.com/profile/06075017084210151388noreply@blogger.com1tag:blogger.com,1999:blog-2474579806767004724.post-35914035667972397752010-08-13T12:45:00.002+04:002010-08-13T14:01:14.445+04:00How to set a static routes in AIX<div class="Section1"><span style="font-family: Times New Roman; font-size: small;"><span style="font-size: 12pt;">You can use the </span></span><code><span style="font-family: Courier New; font-size: x-small;"><span style="font-size: 10pt;">route</span></span></code> command to set a static route. But this way you don't get it back after reboot. <o:p></o:p><br />
<span style="font-family: Times New Roman; font-size: small;"><span style="font-size: 12pt;">To make a route persistent you need to change </span></span><tt><span style="font-family: Courier New; font-size: x-small;"><span style="font-size: 10pt;">inet0</span></span></tt>. First check which routes are already set: <o:p></o:p><br />
<pre><span style="font-family: Courier New; font-size: x-small;"><span style="font-size: 10pt;"> # <b><span style="font-weight: bold;">lsattr -El inet0 -a route</span></b>
route net,-hopcount,0,,0,<a href="http://192.168.1.1/" title="blocked::http://192.168.1.1/">192.168.1.1</a> Route True
route net,-hopcount,<a href="http://255.255.255.128/" title="blocked::http://255.255.255.128/">255.255.255.128</a>,,,,,<a href="http://192.168.3.155/" title="blocked::http://192.168.3.155/">192.168.3.155</a>,<a href="http://192.168.2.1/" title="blocked::http://192.168.2.1/">192.168.2.1</a> Route True
<o:p></o:p></span></span></pre><span style="font-family: Times New Roman; font-size: small;"><span style="font-size: 12pt;">These routes would be set with: <o:p></o:p></span></span><br />
<pre><span style="font-family: Courier New; font-size: x-small;"><span style="font-size: 10pt;"> # <b><span style="font-weight: bold;">chdev -l inet0 -a route=net,-hopcount,0,,0,<a href="http://192.168.1.1/" title="blocked::http://192.168.1.1/">192.168.1.1</a></span></b>
# <b><span style="font-weight: bold;">chdev -l inet0 -a route=net,-hopcount,<a href="http://255.255.255.128/" title="blocked::http://255.255.255.128/">255.255.255.128</a>,,,,,<a href="http://192.168.3.155/" title="blocked::http://192.168.3.155/">192.168.3.155</a>,<a href="http://192.168.2.1/" title="blocked::http://192.168.2.1/">192.168.2.1</a></span></b>
<o:p></o:p></span></span></pre><span style="font-family: Times New Roman; font-size: small;"><span style="font-size: 12pt;">To remove these specific static routes: <o:p></o:p></span></span><br />
<pre><span style="font-family: Courier New; font-size: x-small;"><span style="font-size: 10pt;"> # <b><span style="font-weight: bold;">chdev -l inet0 -a delroute=net,-hopcount,0,,0,<a href="http://192.168.1.1/" title="blocked::http://192.168.1.1/">192.168.1.1</a></span></b>
# <b><span style="font-weight: bold;">chdev -l inet0 -a delroute=net,-hopcount,<a href="http://255.255.255.128/" title="blocked::http://255.255.255.128/">255.255.255.128</a>,,,,,<a href="http://192.168.3.128/" title="blocked::http://192.168.3.128/">192.168.3.128</a>,<a href="http://192.168.2.1/" title="blocked::http://192.168.2.1/">192.168.2.1</a></span></b>
<o:p></o:p></span></span></pre><span style="font-family: Times New Roman; font-size: small;"><span style="font-size: 12pt;">In this route string </span></span><code><span style="font-family: Courier New; font-size: x-small;"><span style="font-size: 10pt;"><a href="http://255.255.255.128/" title="blocked::http://255.255.255.128/"><span style="font-family: Times New Roman; font-size: small;"><span style="font-family: "Times New Roman"; font-size: 12pt;">255.255.255.128</span></span></a></span></span></code> is the netmask, <code><span style="font-family: Courier New; font-size: x-small;"><span style="font-size: 10pt;"><a href="http://192.168.3.128/" title="blocked::http://192.168.3.128/"><span style="font-family: Times New Roman; font-size: small;"><span style="font-family: "Times New Roman"; font-size: 12pt;">192.168.3.128</span></span></a></span></span></code> the destination net, and <code><span style="font-family: Courier New; font-size: x-small;"><span style="font-size: 10pt;"><a href="http://192.168.2.1/" title="blocked::http://192.168.2.1/"><span style="font-family: Times New Roman; font-size: small;"><span style="font-family: "Times New Roman"; font-size: 12pt;">192.168.2.1</span></span></a></span></span></code> the gateway. <o:p></o:p><br />
<span style="font-family: Times New Roman; font-size: small;"><span style="font-size: 12pt;">For hostroutes the keyword </span></span><code><span style="font-family: Courier New; font-size: x-small;"><span style="font-size: 10pt;">net</span></span></code> has to be replaced with <code><span style="font-family: Courier New; font-size: x-small;"><span style="font-size: 10pt;">host</span></span></code>.<o:p></o:p></div>Anonymoushttp://www.blogger.com/profile/06075017084210151388noreply@blogger.com0tag:blogger.com,1999:blog-2474579806767004724.post-17606879941871228682010-08-13T12:35:00.002+04:002010-08-13T14:01:35.655+04:00Difference between Ethernet Interface(en0) and Ethernet adapter (ent0)<div class="Section1"><div class="MsoNormal"><b><u><span style="color: navy; font-family: Arial; font-size: x-small;"><span style="color: navy; font-family: Arial; font-size: 10pt; font-weight: bold;">AIX differentiates between hardware adapters, their interfaces and protocols standards associated. <o:p></o:p></span></span></u></b></div><div class="MsoNormal"><br />
</div><div class="MsoNormal"><span style="color: navy; font-family: Arial; font-size: x-small;"><span style="color: navy; font-family: Arial; font-size: 10pt;">To recognize interface card AIX uses three notations:<o:p></o:p></span></span></div><div class="MsoNormal"><span style="color: navy; font-family: Arial; font-size: x-small;"><span style="color: navy; font-family: Arial; font-size: 10pt;">ent, en and et.<o:p></o:p></span></span></div><div class="MsoNormal"><span style="color: navy; font-family: Arial; font-size: x-small;"><span style="color: navy; font-family: Arial; font-size: 10pt;">All are different and are described below and the sake of completeness I am using 0 at the end:<o:p></o:p></span></span></div><div class="MsoNormal"><b><span style="color: red; font-family: Arial; font-size: x-small;"><span style="color: red; font-family: Arial; font-size: 10pt; font-weight: bold;">ent0:<o:p></o:p></span></span></b></div><div class="MsoNormal"><span style="color: navy; font-family: Arial; font-size: x-small;"><span style="color: navy; font-family: Arial; font-size: 10pt;">The notation ent0 is used to specify the hardware adapter. It has nothing to do with the TCP/IP address. The parameters associated with ent0 can be seen as below:<o:p></o:p></span></span></div><div class="MsoNormal"><span style="color: navy; font-family: Arial; font-size: x-small;"><span style="color: navy; font-family: Arial; font-size: 10pt;"># lsattr –El ent0<o:p></o:p></span></span></div><div class="MsoNormal"><span style="color: navy; font-family: Arial; font-size: x-small;"><span style="color: navy; font-family: Arial; font-size: 10pt;">It will show parameters related to card. <o:p></o:p></span></span></div><div class="MsoNormal"><span style="color: navy; font-family: Arial; font-size: x-small;"><span style="color: navy; font-family: Arial; font-size: 10pt;">It shows adapter_names, alt_addr, auto_recovery, backup_adapter, hash_mode, mode, netaddr, noloss_failover, num_retries, retry_time, use_alt_addr, use_jumbo_frame.<o:p></o:p></span></span></div><div class="MsoNormal"><b><span style="color: red; font-family: Arial; font-size: x-small;"><span style="color: red; font-family: Arial; font-size: 10pt; font-weight: bold;">en0:<o:p></o:p></span></span></b></div><div class="MsoNormal"><span style="color: navy; font-family: Arial; font-size: x-small;"><span style="color: navy; font-family: Arial; font-size: 10pt;">en0 represents the interface associated with hardware adapter ent0. The notation en0 is used for Standard Ethernet(inet). The TCP/IP address is associated with this interface. <o:p></o:p></span></span></div><div class="MsoNormal"><span style="color: navy; font-family: Arial; font-size: x-small;"><span style="color: navy; font-family: Arial; font-size: 10pt;">The parameters associated with en0 can be seen as below:<o:p></o:p></span></span></div><div class="MsoNormal"><span style="color: navy; font-family: Arial; font-size: x-small;"><span style="color: navy; font-family: Arial; font-size: 10pt;">#lsattr –El en0 <o:p></o:p></span></span></div><div class="MsoNormal"><span style="color: navy; font-family: Arial; font-size: x-small;"><span style="color: navy; font-family: Arial; font-size: 10pt;">It'll shows all the parameters related with the interface en0 of the adapter ent0.<o:p></o:p></span></span></div><div class="MsoNormal"><span style="color: navy; font-family: Arial; font-size: x-small;"><span style="color: navy; font-family: Arial; font-size: 10pt;">It shows alias4, alias6, arp, authority, broadcast=1500, mtu, netaddr, netaddr6, netmask, prefixlen, remmtu, rfc1323, security, state, tcp_mssdflt, tcp_nodelay, tcp_recvspace, tcp_sendspace.<o:p></o:p></span></span></div><div class="MsoNormal"><span style="color: navy; font-family: Arial; font-size: x-small;"><span style="color: navy; font-family: Arial; font-size: 10pt;">Rest everything is same except mtu(Maximum Transfer Unit) value. Which is 1500 as per the standard ethernet protocol.<o:p></o:p></span></span></div><div class="MsoNormal"><b><span style="color: red; font-family: Arial; font-size: x-small;"><span style="color: red; font-family: Arial; font-size: 10pt; font-weight: bold;">et0:<o:p></o:p></span></span></b></div><div class="MsoNormal"><span style="color: navy; font-family: Arial; font-size: x-small;"><span style="color: navy; font-family: Arial; font-size: 10pt;">et0 represents the interface associated with hardware adapter ent0. The notation et0 is used for IEEE 802.3 Ethernet(inet). If you are using standard ethernet protocol then it will not have TCP/IP address. <o:p></o:p></span></span></div><div class="MsoNormal"><span style="color: navy; font-family: Arial; font-size: x-small;"><span style="color: navy; font-family: Arial; font-size: 10pt;">The parameters associated with et0 can be seen as below:<o:p></o:p></span></span></div><div class="MsoNormal"><span style="color: navy; font-family: Arial; font-size: x-small;"><span style="color: navy; font-family: Arial; font-size: 10pt;">#lsattr –El et0 <o:p></o:p></span></span></div><div class="MsoNormal"><span style="color: navy; font-family: Arial; font-size: x-small;"><span style="color: navy; font-family: Arial; font-size: 10pt;">It'll shows all the parameters related with the interface et0 of the adapter ent0. <o:p></o:p></span></span></div><div class="MsoNormal"><span style="color: navy; font-family: Arial; font-size: x-small;"><span style="color: navy; font-family: Arial; font-size: 10pt;">It shows alias4, alias6, arp, authority, broadcast, mtu=1492, netaddr, netaddr6, netmask, prefixlen, remmtu, rfc1323, security, state, tcp_mssdflt, tcp_nodelay, tcp_recvspace, tcp_sendspace.<o:p></o:p></span></span></div><div class="MsoNormal"><span style="color: navy; font-family: Arial; font-size: x-small;"><span style="color: navy; font-family: Arial; font-size: 10pt;">Note here as well that the MTU shown will be 1492 as per IEEE 802.3 standard. Rest all parameters will be same. Also, netaddr, netmask fields will be empty fr et0.<o:p></o:p></span></span></div><div class="MsoNormal"><br />
</div><div class="MsoNormal"><b><u><span style="color: navy; font-family: Arial; font-size: x-small;"><span style="color: navy; font-family: Arial; font-size: 10pt; font-weight: bold;">Are these terms interchangable or is there a difference between them? I always get confused with these terms. What does en0 and ent0 mean and the difference between these?<o:p></o:p></span></span></u></b></div><div class="MsoNormal"><br />
</div><div class="MsoNormal"><span style="color: navy; font-family: Arial; font-size: x-small;"><span style="color: navy; font-family: Arial; font-size: 10pt;">AIX differentiates between a network adapter and network interface: <o:p></o:p></span></span></div><div class="MsoNormal"><br />
</div><div class="MsoNormal"><span style="color: navy; font-family: Arial; font-size: x-small;"><span style="color: navy; font-family: Arial; font-size: 10pt;">Network adapter Represents the layer-2 device, for example, the Ethernet adapter ent0 has a MAC address, such as 06:56:C0:00:20:03 <o:p></o:p></span></span></div><div class="MsoNormal"><br />
</div><div class="MsoNormal"><span style="color: navy; font-family: Arial; font-size: x-small;"><span style="color: navy; font-family: Arial; font-size: 10pt;">Network interface Represents the layer-3 device, for example the Ethernet interface en0 has an IP address, such as 9.3.5.195 <o:p></o:p></span></span></div><div class="MsoNormal"><br />
</div><div class="MsoNormal"><span style="color: navy; font-family: Arial; font-size: x-small;"><span style="color: navy; font-family: Arial; font-size: 10pt;">Typically, a network interface is attached to a network adapter, for example, an Ethernet interface en0 is attached to an Ethernet adapter ent0. <o:p></o:p></span></span></div><div class="MsoNormal"><br />
</div><div class="MsoNormal"><span style="color: navy; font-family: Arial; font-size: x-small;"><span style="color: navy; font-family: Arial; font-size: 10pt;">There are also some network interfaces in AIX that are not attached to a network adapter, for example, the loopback interface lo0 or a Virtual IP Address (VIPA) interface, such as vi0, if defined.<o:p></o:p></span></span></div></div>Anonymoushttp://www.blogger.com/profile/06075017084210151388noreply@blogger.com4tag:blogger.com,1999:blog-2474579806767004724.post-44079348452091912172010-08-13T12:26:00.002+04:002010-08-13T14:01:50.871+04:00Hhow to disable first time password change in AIX<div class="Section1"><div><div class="MsoNormal"><br />
</div><div class="MsoNormal"><span style="color: #333399; font-family: Times New Roman; font-size: small;"><span style="color: #333399; font-size: 12pt;">Clear the ADMCHG flag of the user account with "pwdadm -c <user>".<br />
<br />
<o:p></o:p></span></span></div><div class="MsoNormal"><span style="color: #333399; font-family: Arial; font-size: x-small;"><span style="color: #333399; font-family: Arial; font-size: 10pt;">Example:<o:p></o:p></span></span></div><div class="MsoNormal"><br />
</div><div class="MsoNormal"><span style="color: #333399; font-family: Arial; font-size: x-small;"><span style="color: #333399; font-family: Arial; font-size: 10pt;"># pwdadm –c <i><span style="font-style: italic;">username</span></i><o:p></o:p></span></span></div></div></div>Anonymoushttp://www.blogger.com/profile/06075017084210151388noreply@blogger.com0tag:blogger.com,1999:blog-2474579806767004724.post-60476853082493621362010-08-13T11:59:00.002+04:002010-08-13T14:02:11.046+04:00Disable the Ctrl-Alt-Delete shutdown keys in Linux<div class="Section1"><div><span style="font-family: Times New Roman; font-size: small;"><span style="font-size: 12pt;">On a production system it is recommended that you disable the [Ctrl]-[Alt]-[Delete] shutdown. It is configured using /etc/inittab (used by sysv-compatible init process) file. The inittab file describes which processes are started at bootup and during normal operation. You need to open this file and remove (or comment it) ctrlaltdel entry. <o:p></o:p></span></span><br />
<span style="font-family: Times New Roman; font-size: small;"><span style="font-size: 12pt;">Ctrlaltdel specifies the process that will be executed when init receives the SIGINT signal. SIGINT is the symbolic name for the signal thrown by computer programs when a user wishes to interrupt the process, for example reboot/shutdown system using [Ctrl]-[Alt]-[<st1:state w:st="on"><st1:place w:st="on">Del</st1:place></st1:state>].). This means that someone on the system console has pressed the CTRL-ALT-DEL key combination. Typically one wants to execute some sort of shutdown either to get into single-user level or to reboot the machine.<o:p></o:p></span></span><br />
<h2><b><span style="font-family: Times New Roman; font-size: large;"><span style="font-size: 18pt;">Disable CTRL+ALT+<st1:state w:st="on"><st1:place w:st="on">Del</st1:place></st1:state> keys<o:p></o:p></span></span></b></h2><span style="font-family: Times New Roman; font-size: small;"><span style="font-size: 12pt;">Open /etc/inittab file, enter:<br />
</span></span><code><span style="font-family: Courier New; font-size: x-small;"><span style="font-size: 10pt;"># vi /etc/inittab</span></span></code><o:p></o:p><br />
<span style="font-family: Times New Roman; font-size: small;"><span style="font-size: 12pt;">Search for line that read as follows:<br />
</span></span><code><span style="font-family: Courier New; font-size: x-small;"><span style="font-size: 10pt;">ca:12345:ctrlaltdel:/sbin/shutdown -t1 -a -r now</span></span></code><o:p></o:p><br />
<span style="font-family: Times New Roman; font-size: small;"><span style="font-size: 12pt;">And remove the line or comment out the above line by putting a hash mark (#) in front of it:<br />
</span></span><code><span style="font-family: Courier New; font-size: x-small;"><span style="font-size: 10pt;"># ca:12345:ctrlaltdel:/sbin/shutdown -t1 -a -r now</span></span></code><o:p></o:p><br />
<span style="font-family: Times New Roman; font-size: small;"><span style="font-size: 12pt;">Save the file and exit to shell promot. Reboot system to take effect or type command:<br />
</span></span><code><span style="font-family: Courier New; font-size: x-small;"><span style="font-size: 10pt;"># init q</span></span></code><o:p></o:p></div></div>Anonymoushttp://www.blogger.com/profile/06075017084210151388noreply@blogger.com0tag:blogger.com,1999:blog-2474579806767004724.post-43693843157260769432010-08-13T11:52:00.002+04:002010-08-13T14:02:28.373+04:00How to change Max length of username in aix<div class="Section1"><div><div class="MsoNormal"><b><u><span style="color: navy; font-family: Arial; font-size: x-small;"><span style="color: navy; font-family: Arial; font-size: 10pt; font-weight: bold;">On AIX 5.3 to change default length of username:</span></span></u></b><span style="color: navy; font-family: Arial; font-size: x-small;"><span style="color: navy; font-family: Arial; font-size: 10pt;"><br />
<br />
# chdev -l sys0 -a max_logname=9 <br />
sys0 changed <o:p></o:p></span></span></div><div class="MsoNormal"><br />
</div><div class="MsoNormal"><b><u><span style="color: navy; font-family: Arial; font-size: x-small;"><span style="color: navy; font-family: Arial; font-size: 10pt; font-weight: bold;">To check the current length of username:<o:p></o:p></span></span></u></b></div><div class="MsoNormal"><span style="color: navy; font-family: Arial; font-size: x-small;"><span style="color: navy; font-family: Arial; font-size: 10pt;"><br />
# lsattr -El sys0 -a max_logname <br />
max_logname 9 Maximum login name length at boot time True <o:p></o:p></span></span></div><div class="MsoNormal"><br />
</div><div class="MsoNormal"><span style="color: navy; font-family: Arial; font-size: x-small;"><span style="color: navy; font-family: Arial; font-size: 10pt;"># getconf LOGIN_NAME_MAX 21</span></span><br clear="all" /> <o:p></o:p></div></div></div>Anonymoushttp://www.blogger.com/profile/06075017084210151388noreply@blogger.com0tag:blogger.com,1999:blog-2474579806767004724.post-36944463163934053102010-08-13T08:20:00.001+04:002010-08-13T08:20:49.693+04:00HMC Commands for Documenting LPAR Configuration<div dir="ltr"><div class="gmail_quote"><div dir="ltr"><table border="0" cellpadding="0" cellspacing="0"><tbody><tr><td width="443">For power systems p servers that are HMC managed, there are some tools you can use to document your LPAR profile configurations that in conjunction with other traditional data such as AIX snap files or prtconf output can be useful should a server need to be manually rebuilt. The tools that can make the tasks of documenting the LPARs' configuration include system plan and some queries of the profile data. Queries can be run from the HMC command line and the text output does provide a compact way of describing profile definitions which can also be used to recreate profiles from scripts if desired. The system plan output file can be used to restore profiles automatically should the need ever arise. <br> Following are some simple queries you can run to document the LPAR configurations.<br> <br> If you are running HMC v7r3.4 or higher then the following command should allow you to create a system plan that details the profile definitions. <br> <br> mksysplan -f <filename.sysplan> -m <server name> --novios <br> <br> The plan can be exported using the HMC GUI and used in case you have to manually rebuild your profiles or the plan might be used to automatically recreate the profiles should restoring profile data from other backup methods fail. <br> <br> Another command you can use to gather your profile data in case there are issues with system plan follows. <br> <br> lssyscfg -r prof -m <server name> <br> <br> Some additional queries you can do if you have VIO servers that are active include following. <br> <br> lshwres -m <server name> -r virtualio --rsubtype scsi <br> <br> To get the name of your server to use in the above commands you can run <br> <br> lssyscfg -r sys -F name <br> <br> The data you get back from querying the profile data with the lssyscfg command and querying the virtual scsi data from lshwres can be saved along with any other server configuration data you might and would provide good documentation of your LPAR configurations should you ever need to manually rebuild a server the servers. <br> <br> For more information regarding system plan or other HMC commands you can used the related topics links posted at the end of this tech-note. </td></tr></tbody></table><br></div></div></div> Anonymoushttp://www.blogger.com/profile/06075017084210151388noreply@blogger.com0tag:blogger.com,1999:blog-2474579806767004724.post-27703781460425675402010-08-08T10:26:00.002+04:002010-08-08T10:32:03.353+04:00How to mount an ISO file in Linux<div class="Section1"><div><div class="MsoNormal"><span style="font-family: Times New Roman; font-size: small;"><span style="font-size: 12pt;">To mount an ISO file on Linux machine, you should mount it as "loop" back filesystem. The option to be used in mount command is "-o loop". <span style="color: navy;"><span style="color: navy;"><o:p></o:p></span></span></span></span></div><div class="MsoNormal"><br />
</div><div class="MsoNormal"><span style="font-family: Times New Roman; font-size: small;"><span style="font-size: 12pt;">Check out the below example.<br />
<br />
</span></span><span style="font-family: Courier;"><span style="font-family: Courier;"># <b><span style="font-weight: bold;">mount -o loop boot.iso /mnt</span></b><br />
#<br />
# df /mnt<br />
Filesystem 1K-blocks Used Available Use% Mounted on<br />
/media/boot.iso<br />
131708 131708 0 100% /mnt<br />
# ls /mnt<br />
images isolinux<br />
<br />
# mount | grep /mnt<br />
/media/ boot.iso on /mnt type iso9660 (ro,loop=/dev/loop0)<br />
#</span></span><br clear="all" /> <o:p></o:p></div></div></div>Anonymoushttp://www.blogger.com/profile/06075017084210151388noreply@blogger.com0tag:blogger.com,1999:blog-2474579806767004724.post-73353253265266014682010-08-07T11:36:00.001+04:002010-08-07T11:36:53.485+04:00How to Disable ping to Linux server?<div dir="ltr"><div class="gmail_quote"><div lang="EN-US" link="blue" vlink="purple"><div><p class="MsoNormal"><font size="3" face="Times New Roman"><span style="font-size:12.0pt">How to Disable ping to Linux server?</span></font></p> <p class="MsoNormal"><font size="3" face="Times New Roman"><span style="font-size:12.0pt"> </span></font></p> <p class="MsoNormal"><font size="3" face="Times New Roman"><span style="font-size:12.0pt"> </span></font></p> <p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:0in;text-autospace:none"><font size="3" face="Times New Roman"><span style="font-size:12.0pt">To disable ping</span></font></p> <p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:0in;text-autospace:none"><font size="3" face="Times New Roman"><span style="font-size:12.0pt">echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_all<br> To enable ping<br> echo 0 > /proc/sys/net/ipv4/icmp_echo_ignore_all</span></font></p> <p class="MsoNormal"><font class="Apple-style-span" face="'Times New Roman'" size="4"><span class="Apple-style-span" style="font-size: 16px;"><br></span></font></p></div></div></div></div> Anonymoushttp://www.blogger.com/profile/06075017084210151388noreply@blogger.com0tag:blogger.com,1999:blog-2474579806767004724.post-55648067026860618702010-08-07T11:34:00.001+04:002010-08-07T11:34:43.859+04:00Enable remote desktop remotely<div dir="ltr"><div class="gmail_quote"><div lang="EN-US" link="blue" vlink="purple"><div><p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:0in;text-autospace:none"><font size="3" face="Times New Roman"><span style="font-size:12.0pt">1. Run Regedit </span></font></p> <p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:0in;text-autospace:none"><font size="3" face="Times New Roman"><span style="font-size:12.0pt">2. Select <b><span style="font-weight:bold">File | Connect Network Registry</span></b> </span></font></p> <p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:0in;text-autospace:none"><font size="3" face="Times New Roman"><span style="font-size:12.0pt">3. Enter the name of the remote computer and select <b><span style="font-weight:bold">Check Names</span></b></span></font></p> <p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:0in;text-autospace:none"><font size="3" face="Times New Roman"><span style="font-size:12.0pt">4. Go to <b><span style="font-weight:bold">hklm\system\currentcontrolset\control\terminal server\FdenyTSConnection=1</span></b></span></font></p> <p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:0in;text-autospace:none"><font size="3" face="Times New Roman"><span style="font-size:12.0pt">5. Change the <b><span style="font-weight:bold">FdenyTSConnection</span></b> to 0 </span></font></p> <p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:0in;text-autospace:none"><font size="3" face="Times New Roman"><span style="font-size:12.0pt">Now you should be able to connect to the remote computer using Remote Desktop.</span></font></p> <p class="MsoNormal"><font size="3" face="Times New Roman"><span style="font-size:12.0pt">6. Reboot the remote machine by issuing the following command in Command Prompt: </span></font></p> <p class="MsoNormal"><b><font size="3" face="Times New Roman"><span style="font-size:12.0pt;font-weight:bold">shutdown -m \\hostname –r</span></font></b></p> <p class="MsoNormal"><font size="3" face="Times New Roman"><span style="font-size:12.0pt">7. Remote Desktop for the remote computer has been enabled and listening on default Remote Desktop port for any incoming Remote Desktop Connection. For security reason, you may want to consider changing the Remote Desktop listening port. There is also plenty of freeware utility that allows user to remotely enable Remote Desktop without modifying registry.</span></font></p> <p class="MsoNormal"><font size="3" face="Times New Roman"><span style="font-size:12.0pt"> </span></font></p> <p class="MsoNormal"><font size="3" face="Times New Roman"><span style="font-size:12.0pt"><b><u>Using PSEXEC:</u></b></span></font></p> <p class="MsoNormal"><font size="3" face="Times New Roman"><span style="font-size:12.0pt"> </span></font></p> <p class="MsoNormal"><font size="3" face="Times New Roman"><span style="font-size:12.0pt">psexec \\computername reg add "hklm\system\currentcontrolset\control\terminal server" /f /v fDenyTSConnections /t REG_DWORD /d 0</span></font></p><p class="MsoNormal"><font size="3" face="Times New Roman"><span style="font-size:12.0pt"><br></span></font></p><p class="MsoNormal"><font size="3" face="Times New Roman"><span style="font-size:12.0pt"><b><u>You can also look at the following URL:</u></b></span></font></p> <p class="MsoNormal"><font size="3" face="Times New Roman"><span style="font-size:12.0pt"> </span></font></p> <p class="MsoNormal"><font size="3" face="Times New Roman"><span style="font-size:12.0pt"><a href="http://www.mydigitallife.info/2008/06/25/freeware-to-turn-on-and-enable-remote-desktop-on-another-computer-remotely/" target="_blank">http://www.mydigitallife.info/2008/06/25/freeware-to-turn-on-and-enable-remote-desktop-on-another-computer-remotely/</a></span></font></p> </div> </div> </div><br></div> Anonymoushttp://www.blogger.com/profile/06075017084210151388noreply@blogger.com1tag:blogger.com,1999:blog-2474579806767004724.post-15542456859411040402010-08-07T11:30:00.001+04:002010-08-07T11:30:45.074+04:00WHY AIX MEMORY IS TYPICALLY AROUND 100%<div dir="ltr"><div class="gmail_quote"><div dir="ltr">Memory utilization on AIX systems typically runs around 100%. This is often a source of concern. However, high memory utilization in AIX does not imply the system is out of memory. By design, AIX leaves files it has accessed in memory. This significantly improves performance when AIX reaccesses these files because they can be reread directly from memory, not disk*. When AIX needs memory, it discards files using a "least used" algorithm. This generates no I/O and has almost no performance impact under normal circumstances. <br><br>Sustained paging activity is the best indication of low memory. Paging activity can be monitored using the "vmstat" command. If the "page-in" (PI) and "page-out" (PO) columns show non-zero values over "long" periods of time, then the system is short on memory. (All systems will show occasional paging, which is not a concern.) <br><br>Memory requirements for applications can be empirically determined using the AIX "rmss"command. The "rmss" command is a test tool that dynamically reduces usable memory. The onset of paging indicates an application's minimum memory requirement. <br><br>Finally, the "svmon" command can be used to list how much memory is used each process. The interpretation of the svmon output requires some expertise. See the AIX documentation for details. The vmo parameters also needs to be tuned.<br clear="all"><br></div></div></div> Anonymoushttp://www.blogger.com/profile/06075017084210151388noreply@blogger.com0tag:blogger.com,1999:blog-2474579806767004724.post-52739803651946257212010-08-07T11:19:00.001+04:002010-08-07T11:19:52.171+04:00How to stop crontab writing to var/spool/mail/root file<div dir="ltr"><div class="gmail_quote"><div lang="EN-US" link="blue" vlink="purple"><div><p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:0in;text-autospace:none"><font size="3" face="Times New Roman"><span style="font-size:12.0pt">My crontab is writing to /var/spool/mail/root file... Is there anyway I can stop this? The crontab is running every minute and it would fill the mail pretty quickly.<br> <br> </span></font><b><u><font size="2" face="Arial"><span style="font-size:10.0pt;font-family:Arial;font-weight:bold">Solutions:</span></font></u></b></p> <p class="MsoNormal"><b><font size="2" face="Arial"><span style="font-size:10.0pt;font-family:Arial;font-weight:bold"> </span></font></b></p> <p class="MsoNormal"><b><font size="2" face="Arial"><span style="font-size:10.0pt;font-family:Arial;font-weight:bold">1)</span></font></b></p> <p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:0in;text-autospace:none"><font size="3" face="Times New Roman"><span style="font-size:12.0pt">Can i see the crontab rule ?? you must of put to sent email to root<br> If use the crontab rule like in below example, it will not send any email</span></font></p><p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:0in;text-autospace:none"><font size="3" face="Times New Roman"><span style="font-size:12.0pt"><br> <u>Example:</u><br> */5 17,18 * * 1-5 /sage.sh >/dev/null 2>&1<br> <br> </span></font></p> <p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:0in;text-autospace:none"><b><font size="2" face="Arial"><span style="font-size:10.0pt;font-family:Arial;font-weight:bold">2)</span></font></b></p> <p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:0in;text-autospace:none"><font size="3" face="Times New Roman"><span style="font-size:12.0pt">At the top of your crontab file just add:<br> MAILTO=""<br> This will disable mail sending by crond.</span></font></p> <p class="MsoNormal"><font size="2" face="Arial"><span style="font-size:10.0pt;font-family:Arial"> </span></font></p> <p class="MsoNormal"><b><u><font size="2" face="Arial"><span style="font-size:10.0pt;font-family:Arial;font-weight:bold">Recommended Solution:</span></font></u></b></p> <p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:0in;text-autospace:none"><font size="3" face="Times New Roman"><span style="font-size:12.0pt">Try to set that in the script itself rather than the whole crontab file</span></font></p></div></div></div></div> Anonymoushttp://www.blogger.com/profile/06075017084210151388noreply@blogger.com0tag:blogger.com,1999:blog-2474579806767004724.post-58160899939548770902010-08-07T11:08:00.001+04:002010-08-07T11:08:32.639+04:00Bandwidth vs Latency<div dir="ltr"><div class="gmail_quote"><div dir="ltr"><h1 align="center"><span class="Apple-style-span" style="font-weight: normal; font-size: small; "><div dir="ltr"><h3 style="text-align: left;border-top-width: 0em; border-top-style: none; border-top-color: initial; "> <a name="12674ffe4e91c184_694">Latency versus Bandwidth - What is it?</a></h3><h3 style="border-top-width: 0em; border-top-style: none; border-top-color: initial; "><a name="12674ffe4e91c184_694"></a></h3><div style="text-align: left;"> One of the most commonly misunderstood concepts in networking is speed and capacity. Most people believe that capacity and speed are the same thing. For example, it's common to hear "How fast is your connection?" Invariably, the answer will be "640K", "1.5M" or something similar. These answers are actually referring to the bandwidth or capacity of the service, not speed.</div> <div style="text-align: left;"><br></div><div style="text-align: left;">Speed and bandwidth are interdependent. The combination of latency and bandwidth gives users the perception of how quickly a webpage loads or a file is transferred. It doesn't help that broadband providers keep saying "get high speed access" when they probably should be saying "get <i>high capacity</i> access". Notice the term "Broadband" - it refers to how <b>wide</b> the pipe is, not how fast.</div> <div style="text-align: left;"><br></div><b><div style="text-align: left;"><span class="Apple-style-span" style="font-weight: normal; "><b><u>Latency:</u></b></span></div></b><div style="text-align: left;"><br></div><div style="text-align: left;"> Latency is <b>delay</b>.</div><div style="text-align: left;"><br></div><div style="text-align: left;">For our purposes, it is the amount of time it takes a packet to travel from source to destination. Together, latency and bandwidth define the speed and capacity of a network.</div> <div style="text-align: left;"><br></div><div style="text-align: left;">Latency is normally expressed in milliseconds. One of the most common methods to measure latency is the utility <b>ping</b>. A small packet of data, typically 32 bytes, is sent to a host and the RTT (round-trip time, time it takes for the packet to leave the source host, travel to the destination host and return back to the source host) is measured.</div> <div style="text-align: left;"><br></div><div style="text-align: left;">The following are typical latencies as reported by others of popular circuits type to the first hop. Please remember however that latency on the Internet is also affected by routing that an ISP may perform (ie, if your data packet has to travel further, latencies increase).</div> <blockquote><div style="text-align: left;"><br></div><pre><div style="text-align: left;">Ethernet .3ms</div><div style="text-align: left;">Analog Modem 100-200ms</div><div style="text-align: left;"> ISDN 15-30ms</div><div style="text-align: left;">DSL/Cable 10-20ms</div><div style="text-align: left;">Stationary Satellite >500ms, mostly due to high orbital elevation</div><div style="text-align: left;"> <br></div><div style="text-align: left;">DS1/T1 2-5ms</div></pre></blockquote><div style="text-align: left;"><br></div><div style="text-align: left;"><br></div><b><div style="text-align: left;"><span class="Apple-style-span" style="font-weight: normal; "><b><u>Bandwidth:</u></b></span></div> </b><div style="text-align: left;"><br></div><div style="text-align: left;">Bandwidth is normally expressed in bits per second. It's the amount of data that can be transferred during a second.</div><div style="text-align: left;"> <br></div><div style="text-align: left;">Solving bandwidth is easier than solving latency. To solve bandwidth, more pipes are added. For example, in early analog modems it was possible to increase bandwidth by bonding two or more modems. In fact, ISDN achieves 128K of bandwidth by bonding two 64K channels using a datalink protocol called <i>multilink-ppp</i>.</div> <div style="text-align: left;"><br></div><div style="text-align: left;">Bandwidth and latency are connected. If the bandwidth is saturated then congestion occurs and latency is increased. However, if the bandwidth of a circuit is not at peak, the latency will not decrease. Bandwidth can always be increased but latency cannot be decreased. Latency is the function of the electrical characteristics of the circuit.</div> <div style="text-align: left;"><br></div><div style="text-align: left;"><b><i>Bandwidth vs. Latency</i></b></div><div style="text-align: left;"><br></div><div style="text-align: left;">There are two factors in online gaming when it comes to your internet connection: bandwidth and latency. Let's review on what each of them means:</div> <div style="text-align: left;"><br></div><div style="text-align: left;"><br></div><div style="text-align: left;"> * Bandwidth – The average rate of successful data transfer through a communications path (usually measured in KB/s or Mb/s – that's megabits, not megabytes! See below) </div> <div style="text-align: left;"><br></div><div style="text-align: left;"> * Latency – The time it takes for data to be passed from the source to a server and back again (usually measured in milliseconds)</div><div style="text-align: left;"> <br></div></div></span></h1><h1 align="center">It's the Latency, Stupid</h1> <p>Stuart Cheshire, May 1996. </p><p>(Revised periodically) </p><p>Copyright © Stuart Cheshire 1996-2001 </p><p>Years ago David Cheriton at Stanford taught me something that seemed very obvious at the time -- that if you have a network link with low bandwidth then it's an easy matter of putting several in parallel to make a combined link with higher bandwidth, but if you have a network link with bad latency then no amount of money can turn any number of them into a link with good latency. </p><p>It's now many years later, and this obvious fact seems lost on the most companies making networking hardware and software for the home. I think it's time it was explained again in writing. </p><h2>Fact One: Making more bandwidth is easy.</h2> <p>Imagine you live in a world where the only network connection you can get to your house is a 33kbit/sec modem running over a telephone line. Imagine that this is not enough for your needs. You have a problem. </p><p>The solution is easy. You can get two telephone lines, and use them together in parallel, giving you a total of 66kbit/sec. If you need even more you can get ten telephone lines, giving you 330kbit/sec. Sure, it's expensive, and having ten modems in a pile is inconvenient, and you may have to write your own networking software to share the data evenly between the ten lines, but if it was important enough to you, you could get it done. </p><p>It may not be cheap, but at least it's possible. </p><p>People with ISDN lines can already do this. It's called "bonding" and it uses two 56 (or 64) kbit/sec ISDN channels in parallel to give you a combined throughput of 112 (or 128) kbit/sec. </p><h2>Fact Two: Once you have bad latency you're stuck with it.</h2> <p>If you want to transfer a large file over your modem it might take several seconds, or even minutes. The less data you send, the less time it takes, but there's a limit. No matter how small the amount of data, for any particular network device there's always a minimum time that you can never beat. That's called the latency of the device. For a typical Ethernet connection the latency is usually about 0.3ms (milliseconds -- thousandths of a second). For a typical modem link the latency is usually about 100ms, about 300 times worse than Ethernet. </p><p>If you wanted to send ten characters over your 33kbit/sec modem link you might think the total transmission time would be: </p><p align="center">80 bits / 33000 bits per second = 2.4ms. </p><p>but it doesn't. It takes 102.4ms because of the 100ms latency introduced by the modems at each end of the link. </p><p>If you want to send a large amount of data, say 100K, then that takes 25 seconds, and the 100ms latency isn't very noticable, but if you want send a smaller amount of data, say 100bytes, then the latency is more than the transmission time. </p><p>Why would you care about this? Why do small pieces of data matter? For most end-users it's the time it takes to transfer big files that annoys them, not small files, so they don't even think about latency when buying products. In fact if you look at the boxes modems come in, they proudly proclaim "14.4 kbps", "28.8 kbps" and "33.6 kbps", but they don't mention the latency anywhere. What most end-users don't know is that in the process of transferring those big files their computers have to send back and forth hundreds of little control messages, so the performance of small data packets directly affects the performance of everything else they do on the network. </p><p>Now, imagine the same scenario as before. You live in a world where the only network connection you can get to your house is a modem running over a telephone line. Your modem has a latency of 100ms, but you're doing something that needs lower latency. Maybe you're trying to do computer audio over the net. 100ms may not sound like very much, but it's enough to cause a noticable delay and echo in voice communications, which makes conversation difficult. Maybe you're trying to play an interactive game over the net. The game only sends tiny amounts of data, but that 100ms delay is making the interactivity of the game decidedly sluggish. </p><p>What can you do about this? </p><p>Nothing. </p><p>You can compress the data, but it doesn't help. It was already small to start with, and that 100ms latency is still there. </p><p>You can get 80 phone lines in parallel, and send one single bit over each phone line, but that 100ms latency is still there. </p><p>Once you've got yourself a device with bad latency there's absolutely nothing you can do about it (except throw out the device and get something else). </p><h2>Fact Three: Current consumer devices have appallingly bad latency.</h2> <p>A typical Ethernet card has a latency less than 1ms. The Internet backbone as a whole also has very good latency. Here's a real-world example: </p><ul><li>The distance from Stanford to Boston is 4320km. </li><li>The speed of light in vacuum is 300 x 10^6 m/s. </li><li>The speed of light in fibre is roughly 66% of the speed of light in vacuum. </li><li>The speed of light in fibre is 300 x 10^6 m/s * 0.66 = 200 x 10^6 m/s. </li><li>The one-way delay to Boston is 4320 km / 200 x 10^6 m/s = 21.6ms. </li><li>The round-trip time to Boston and back is 43.2ms. </li><li>The current ping time from Stanford to Boston over today's Internet is about 85ms: <pre>[cheshire@nitro]$ ping -c 1 <a href="http://lcs.mit.edu" target="_blank">lcs.mit.edu</a><br>PING <a href="http://lcs.mit.edu" target="_blank">lcs.mit.edu</a> (18.26.0.36): 56 data bytes<br>64 bytes from <a href="http://18.26.0.36" target="_blank">18.26.0.36</a>: icmp_seq=0 ttl=238 time=84.5 ms</pre> </li><li>So: the hardware of the Internet can currently achieve within a factor of two of the speed of light. </li></ul> <p>So the Internet is doing pretty well. It may get better with time, but we know it can never beat the speed of light. In other words, that 85ms round-trip time to Boston might reduce a bit, but it's never going to beat 43ms. The speed's going to get a bit better, but it's not going to double. We're already within a factor of two of the theoretical optimum. I think that's pretty good. Not many technologies can make that claim. </p><p>Compare this with a modem. Suppose you're 18km from your ISP (Internet Service Provider). At the speed of light in fibre (or the speed of electricity in copper, which is about the same) the latency should be: </p><p align="center">18000 / (180 x 10^6 m/s) = 0.1ms </p><p>The latency over your modem is actually over 100ms. Modems are currently operating at level that's 1000 times worse than the speed of light. They have a long way to go before they get close to what the rest of the Internet is achieving. </p><p>Of course no modem link is ever going to have a latency of 0.1ms. I'm not expecting that. The important issue is the total end-to-end transmission delay for a packet -- the time from the moment the software makes the call to send the packet to the moment the last bit of the packet arrives the destination and the packet delivered to the software at the receiving end. The total end-to-end transmission delay is made up of fixed latency (including the speed-of-light propagation delay), plus the transmission time. For a 36 byte packet the transmission time is 10ms (the time it takes to send 288 bits at a rate of 28800 bits per second). When the actual transmission time is about 10ms, working to make the latency 0.1ms would be silly. All that's needed is that the latency should not be so huge that it completely overshadows the transmission time. For a modem that has a transmission rate of 28.8kb/s, a sensible latency target to aim for is about 5ms. </p><h2>Fact Four: Making limited bandwidth go further is easy.</h2> <p>If you know you have limited bandwidth, there are many techniques you can use to reduce the problem. </p><h3>Compression</h3> <p>If you know you have limited bandwidth, compression is one easy solution. </p><p>You can apply general purpose compression, such as gzip, to the data. </p><p>Even better, you can apply data-specific compression, because that gets much higher compression ratios. For example, still pictures can be compressed with JPEG, Wavelet compression, or GIF. Moving pictures can be compressed with MPEG, Motion JPEG, Cinepak, or one of the other QuickTime codecs. Audio can be compressed with uLaw, and English text files can be compressed with dictionary-based compression algorithms. </p><p>All of these compression techniques trade off use of CPU power in exchange for lower bandwidth requirements. There's no equivalent way to trade off use of extra CPU power to make up for poor latency. </p><p>All modern modems have compression algorithms built-in. Unfortunately, having your modem do compression is nowhere near as good as having your computer do it. Your computer has a powerful, expensive, fast processor in it. Your modem has a feeble, cheap, slow processor in it. There's no way your modem can compress data as well or as quickly as your computer can. In addition, in order to compress data, your modem has to hold on to the data until it has a block that's big enough to compress effectively. That adds latency, and once added, there's no way for you to get rid of latency. Also, the modem doesn't know what kind of data you are sending, so it can't use the superior data-specific compression algorithms. In fact, since most images and sounds on Web pages are compressed already, the modem's attempts to compress the data a second time is futile, and just adds more latency without giving any benefit. </p><p>This is not to say that having a modem do compression <b>never</b> helps. In the case where the host software at the endpoints is not very smart, and doesn't compress its data appropriately, then the modem's own compression can compensate somewhat for that deficiency and improve throughput. The point is that modem compression only helps dumb software, and it actually hurts smart software by adding extra delay. For someone planning to write dumb software this is no problem. For anyone planning to write smart software this should be a big cause for concern. </p><h3>Bandwidth-conscious code</h3> <p>Another way to cope with limited bandwidth is to write programs that take care not to waste bandwidth. </p><p>For example, to reduce packet size, wherever possible Bolo uses bytes instead of 16-bit or 32-bit words. </p><p>For many kinds of interactive software like games, it's not important to carry a lot of data. What's important is that when the little bits of data are delivered, they are delivered quickly. Bolo was originally developed running over serial ports at 4800 bps and could support 8 players that way. Over 28.8 modems it can barely support 2 players with acceptable response time. Why? A direct-connect serial port at 4800 bps has a transmission delay of 2ms per byte, and a latency that is also 2ms. To deliver a typical ten byte Bolo packet takes 22ms. A 28800 bps modem has transmission delay of 0.28ms per byte, but a latency of 100ms, 50 times worse than the 4800 bps serial connection. Over the 28.8 modem, it takes 103ms to deliver a ten byte packet. </p><h3>Send less data</h3> <p>A third way to cope with limited bandwidth is simply to send less data. </p><p>If you don't have enough bandwidth to send high resolution pictures, you can use lower resolution. </p><p>If you don't have enough bandwidth to send colour images, you can send black and white images, or send images with dramatically reduced colour detail (which is actually what NTSC television does). </p><p>If you don't have enough bandwidth to send 30 frames per second, you can send 15fps, or 5fps, or fewer. </p><p>Of course these tradeoffs are not pleasant, but they are possible. You can either choose to pay more money to run multiple circuits in parallel for more bandwidth, or you can choose to send less data to stay within the limited bandwidth you have available. </p><p>If the latency is not good enough to meet your needs you don't have the same option. Running multiple circuits in parallel won't make your latency any better, and sending less data won't improve it either. </p><h3>Caching</h3> <p>One of the most effective techniques throughout all areas of computer science is caching, and that is just as true in networking. </p><p>If visit a web site, your Web browser can keep a copy of the text and images on your computer's hard disk. If you visit the same site again, all your Web browser has to do check that the copies it has stored are up to date -- i.e. check that the copies on the Web server haven't been changed since the date and time the previous copies were downloaded and cached on the local disk. </p><p>Checking the date and time a file was last modified is a tiny request to send across the network. This kind of request is so small that the throughput of your modem makes no difference -- latency is all that matters. </p><p>Recently companies have started providing CDROMs of entire Web sites to speed Web browsing. When browsing these Web sites, all the Web browser has to do is check the modification date of each file it accesses to make sure that the copy on the CDROM is up to date. It only has to download files that have changed since the CDROM was made. Since most of the large files on a Web site are images, and since images on a Web site change far less frequently than the HTML text files, in most cases very little data has to be transferred. </p><p>Since for the most part the Web browser is only doing small modification date queries to the Web server, the performance the user experiences is entirely dominated by the latency of the connection, and the throughput is virtually irrelevant. </p><h2>Another analogy</h2> <p>Even smart people have trouble fully grasping the implications of these latency issues. It's subtle stuff. </p><p>The Cable TV industry is hyping "cable modems" right now, claiming that they're "1000 times 'faster' than a telephone modem." Given the lack of public awareness of the importance of latency, I wouldn't be in the least surprised if many of them have latency that is just as bad, or maybe even worse, than telephone modems. (The results from some early prototype cable modems, however, look quite promising. Lets hope the production ones are as good.) </p><p>Another device in a similar position is the DirecPC satellite dish, which is supposed to be "14 times faster than a 28.8 modem". Is it really? Here are some excerpts of what Lawrence Magid had to say about it in <a href="http://www.larrysworld.com/articles/satdish.html" target="_blank">his article</a> in the San Jose Mercury News (2nd February 1997): </p><blockquote> <p>The system is expensive, requires a relatively elaborate installation and configuration and, in the end, doesn't necessarily speed up your access to the World Wide Web. </p><p>I set up two nearly identical PCs side by side. One was connected to the Net at 28.8kbps and the other with DirecPC. In most cases the satellite system displayed Web pages a bit faster than the one with a modem, but not by much. </p><p>In some cases, the modem-equipped PC was faster, especially with sites that don't have a great deal of graphics. </p><p>Alluring as its promise may be, DirecPC for now doesn't offer spectacular advantages for normal Web surfing, even though it does carry a spectacular price. </p></blockquote> <p>Do we see a pattern starting to emerge yet? </p><p>Part of the problem here is misleading use of the word "faster". </p><p>Would you say that a Boeing 747 is three times "faster" than a Boeing 737? Of course not. They both cruise at around 500 miles per hour. The difference is that the 747 carries 500 passengers where as the 737 only carries 150. The Boeing 747 is three times <b>bigger</b> than the Boeing 737, not faster. </p><p>Now, if you wanted to go from New York to London, the Boeing 747 is not going to get you there three times faster. It will take just as long as the 737. </p><p>In fact, if you were really in a hurry to get to London quickly, you'd take Concorde, which cruises around 1350 miles per hour. It only seats 100 passengers though, so it's actually the smallest of the three. Size and speed are not the same thing. </p><p>On the other hand, If you had to transport 1500 people and you only had one aeroplane to do it, the 747 could do it in three trips where the 737 would take ten, so you might say <i>the Boeing 747 can transport large numbers of people three times faster than a Boeing 737</i>, but you would never say that <i>a Boeing 747 <b>is</b> three times faster than a Boeing 737</i>. </p><p>That's the problem with communications devices today. Manufacturers say "speed" when they mean "capacity". The other problem is that as far as the end-user is concerned, the thing they want to do is transfer large files quicker. It may seem to make sense that a high-capacity slow link might be the best thing for the job. What the end-user doesn't see is that in order to manage that file transfer, their computer is sending dozens of little control messages back and forth. The thing that makes computer communication different from television is interactivity, and interactivity depends on all those little back-and-forth messages. </p><p>The phrase "high-capacity slow link" that I used above probably looked very odd to you. Even to me it looks odd. We've been used to wrong thinking for so long that correct thinking looks odd now. How can a high-capacity link be a slow link? High-capacity means fast, right? It's odd how that's not true in other areas. If someone talks about a "high-capacity" oil tanker, do you immediately assume it's a very fast ship? I doubt it. If someone talks about a "large-capacity" truck, do you immediately assume it's faster than a small sports car? </p><p>We have to start making that distinction again in communications. When someone tells us that a modem has a speed of 28.8 kbit/sec we have to remember that 28.8 kbit/sec is its <i>capacity,</i> not its speed. Speed is a measure of distance divided by time, and 'bits' is not a measure of distance. </p><p>I don't know how communications came to be this way. Everyone knows that when you buy a hard disk you should check what its seek time is. The maximum transfer rate is something you might also be concerned with, but the seek time is definitely more important. Why does no one think to ask what a modem's 'seek time' is? The latency is exactly the same thing. It's the minimum time between asking for a piece of data and getting it, just like the seek time of a disk, and it's just as important. </p><h2>Lessons to learn</h2> <p>ISDN has a latency of about 10ms. Its throughput may be twice that of a modem, but its latency is ten times better, and that's the key reason why browsing the web over an ISDN link feels so much better than over a modem. If you have the option of ISDN, and a good ISP that supports it, and it is not too expensive in your area, then get it. </p><p>One of the reasons that telephone modems have such poor latency is that they don't know what you're doing with your computer. An external modem is usually connected through a serial port. It has no idea what you are doing, or why. All it sees is an unstructured stream of bytes coming down the serial port. </p><p>Ironically, the Apple Geoport telecom adapter, which has suffered so much criticism, may offer an answer to this problem. The Apple Geoport telecom adapter connects your computer to a telephone line, but it's not a modem. All of the functions of a modem are performed by software running on the Mac. The main reason for all the criticism is that running this extra software takes up memory slows down the Mac, but it could also offer an advantage that no external modem could ever match. Because when you use the Geoport adapter the modem software is running on the same CPU as your TCP/IP software and your Web browser, it could know exactly what you are doing. When your Web browser sends a TCP packet, there's no need for the Geoport modem software to mimic the behaviour of current modems. It could take that packet, encode it, and start sending it over the telephone line immediately, with almost zero latency. </p><p>Sending 36 bytes of data, a typical game-sized packet, over an Apple Geoport telecom adapter running at 28.8kb/s could take as little as 10ms, making it as fast as ISDN, and ten times faster than the current best modem you can buy. For less than the price of a typical modem the Geoport telecom adapter would give you Web browsing performance close to that of ISDN. Even better, all the people who already own Apple Geoport telecom adapters wouldn't need to buy anything at all -- they'd just need a software upgrade. Even better, Microsoft wouldn't be able to just copy it for Windows like they do with everything else they see on the Mac, because Wintel clones don't have anything like a Geoport for Microsoft to use. What a PR triumph for Apple that would be! It really would show that Apple is the company that understands the Internet. I'm know that in practice there would be other factors that prevent us from getting the delay all the way down to 10ms, but I'm confident that we could get a long way towards that goal. </p><p>So far Apple has shown no interest in making use of this opportunity. </p><h2>Bandwidth Still Matters</h2> <p>Having said all this, you should not conclude that I believe that bandwidth is unimportant. It is very important, but in a way that most people do not think of. Bandwidth is important not only for it's own sake, but also for it's effect on overall latency. As I said above, the important issue is the total end-to-end transmission delay for a packet. </p><p>Many people believe that having a private 64kb/sec ISDN connection is just as good, or even better than having a 1/150 share of a 10MB/sec Ethernet. Telephone companies argue that ISDN is just as good as new technologies like cable modems, because while cable modems have much higher bandwidth, that bandwidth is shared between lots of users, so the average works out the same. This idea, that you can average packets as if they were a fluid in a pipe, is flawed, as the following example will show: </p><p>Say we have a game where the state of the virtual world amounts to 40K of data. We have a game server, and in this simple example, the game server transmits the entire current game state to the player once every 10 seconds. That's 40K every 10 seconds, or an average of 4K/sec, or 32kb/sec. That's only half the capacity of a 64kb/sec ISDN line, and 150 users doing this on an Ethernet is only half the capacity of the Ethernet. So far so good. Both links are running at only 50% capacity, so the performance should be the same, right? Wrong. On the Ethernet, when the server sends the 40K to a player, the player can receive that data as little as 32ms later (320kb / 10Mb/sec). If the server is not the only machine sending packets on the Ethernet, then there could be contention for the shared medium, but even in that case the average delay before the player receives the data is only 64ms. On the ISDN line, when the server sends the 40K to a player, the player receives that data 5 seconds later (320kb / 64kb/sec). In both cases the users have the same average bandwidth, but the actual performance is very different. In the Ethernet case the player receives the data almost instantly, but in the ISDN case, by the time the player gets the game information it is already 5 seconds out of date. </p><p>The standard mistake is to assume that a 40K chunk every ten seconds and a uniform rate of 4K/second are the same thing. They're not. If they were then ISDN, ATM, and all the other telephone company schemes would be good ideas. The telephone companies assume that all communications are like the flow of fluid in a pipe. You just tell them the rate of flow you need, and they tell you how big the pipe has to be. Audio streams, like voice, are like the flow of fluid in a pipe, but computer data is not. Computer data comes in lumps. The standard mistake is to say that if I want to send 60K of data once per minute, that's exactly the same as sending 1K per second. It's not. A 1K per second connection may be sufficient *capacity* to carry the amound of data you're sending, but that doesn't mean it will deliver the 60K lump of data in a timely fashion. It won't. By the time the lump finishes arriving, it will be one minute old. Just because you don't send data very often doesn't mean you want it delivered late. You may only write to your aunt once a year, but that doesn't mean that on the occasions when you do write her a letter you'd like it to take a year to be delivered. </p><p>The conclusion here is obvious. If you're given the choice between a low bandwidth private connection, or a small share of a larger bandwidth connection, take the small share. </p><p>Again, this is painfully obvious outside the computer world. If a politician said they would build either a large shared freeway, or a million tiny separate private footpaths, one reserved for each citizen, which would you vote for? </p><h2>Survey</h2> <p>A lot of people have sent me e-mail disputing what I've said here. A lot of people have sent me e-mail simply asserting that their modem isn't slow at all, and the slow performance they see is due to the rest of the Internet being slow, not their modem link. </p><p>To try to get to the truth of the matter, I'm going to do a small-scale survey. If you think your modem has low latency, please try an experiment for me. Run a "traceroute" to some destination a little way away. On the West coast of the US <a href="http://lcs.mit.edu" target="_blank">lcs.mit.edu</a> might be a good host to trace to. From the East coast of the US you can trace to <a href="http://core-gateway.stanford.edu" target="_blank">core-gateway.stanford.edu</a>. In other places, pick a host of your choice (or use one of those two if you like). </p><p>On Unix, you can run a trace by typing "traceroute " (if you have traceroute installed). On the Mac, get Peter Lewis's <a href="http://hyperarchive.lcs.mit.edu/cgi-bin/NewSearch?key=TCP+Watcher" target="_blank">Mac TCP Watcher</a> and click the "Trace" button. On Windows '95, you have to open a DOS window and type a command like in Unix, except on Windows '95 the "traceroute" command is called "TRACERT". Jack Richard wrote a good <a href="http://www.boardwatch.com/mag/96/dec/bwm38.htm" target="_blank">article about traceroute</a> for <a href="http://www.boardwatch.com/" target="_blank">Boardwatch Magazine</a>. </p><p>When you get your trace, send it to me, along with any other relevant information, like what brand of modem you're using, what capacity of modem (14.4/28.8/33k/64k ISDN, etc.), whether it is internal or external, what speed serial port (if applicable), who your Internet Service Provider is, etc. </p><p>I'll collect results and see if any interesting patterns emerge. If any particular brands of modems and/or ISPs turn out to have good latency, I'll report that. </p><p>To start things off, here's my trace: </p><pre>Name: Stuart Cheshire<br>Modem: No modem (Quadra 700 built-in Ethernet)<br>ISP: BBN (Bolt, Beranek and Newman)<br><br>Hop Min Avg Max IP Name<br> 1 3/3 0.003 0.003 0.004 36.186.0.1 <a href="http://jenkins-gateway.stanford.edu" target="_blank">jenkins-gateway.stanford.edu</a><br> 2 3/3 0.003 0.006 0.013 171.64.1.161 <a href="http://core-gateway.stanford.edu" target="_blank">core-gateway.stanford.edu</a><br> 3 3/3 0.004 0.004 0.004 171.64.1.34 <a href="http://sunet-gateway.stanford.edu" target="_blank">sunet-gateway.stanford.edu</a><br> 4 3/3 0.003 0.003 0.004 198.31.10.3 <a href="http://su-pr1.bbnplanet.net" target="_blank">su-pr1.bbnplanet.net</a><br> 5 3/3 0.004 0.004 0.005 4.0.1.89 <a href="http://paloalto-br1.bbnplanet.net" target="_blank">paloalto-br1.bbnplanet.net</a><br> 6 2/3 0.006 0.006 0.007 4.0.1.62 <a href="http://oakland-br1.bbnplanet.net" target="_blank">oakland-br1.bbnplanet.net</a><br> 7 3/3 0.036 0.036 0.037 4.0.1.134 <a href="http://denver-br1.bbnplanet.net" target="_blank">denver-br1.bbnplanet.net</a><br> 8 3/3 0.036 0.160 0.406 4.0.1.190 <a href="http://denver-br2.bbnplanet.net" target="_blank">denver-br2.bbnplanet.net</a><br> 9 3/3 0.056 0.058 0.059 4.0.1.130 <a href="http://chicago1-br1.bbnplanet.net" target="_blank">chicago1-br1.bbnplanet.net</a><br> 10 3/3 0.056 0.058 0.059 4.0.1.194 <a href="http://chicago1-br2.bbnplanet.net" target="_blank">chicago1-br2.bbnplanet.net</a><br>11 3/3 0.076 0.077 0.078 4.0.1.126 <a href="http://boston1-br1.bbnplanet.net" target="_blank">boston1-br1.bbnplanet.net</a><br> 12 3/3 0.076 0.076 0.076 4.0.1.182 <a href="http://boston1-br2.bbnplanet.net" target="_blank">boston1-br2.bbnplanet.net</a><br>13 3/3 0.077 0.077 0.078 4.0.1.158 <a href="http://cambridge1-br2.bbnplanet.net" target="_blank">cambridge1-br2.bbnplanet.net</a><br> 14 3/3 0.080 0.081 0.083 199.94.205.1 <a href="http://cambridge1-cr1.bbnplanet.net" target="_blank">cambridge1-cr1.bbnplanet.net</a><br>15 3/3 0.080 0.145 0.212 192.233.149.202 <a href="http://cambridge2-cr2.bbnplanet.net" target="_blank">cambridge2-cr2.bbnplanet.net</a><br> 16 3/3 0.079 0.081 0.084 192.233.33.3 <a href="http://ihtfp.mit.edu" target="_blank">ihtfp.mit.edu</a><br>17 3/3 0.083 0.096 0.104 18.168.0.6 <a href="http://b24-rtr-fddi.mit.edu" target="_blank">b24-rtr-fddi.mit.edu</a><br> 18 3/3 0.082 0.082 0.084 18.10.0.1 <a href="http://radole.lcs.mit.edu" target="_blank">radole.lcs.mit.edu</a><br> 19 3/3 0.082 0.085 0.089 18.26.0.36 <a href="http://mintaka.lcs.mit.edu" target="_blank">mintaka.lcs.mit.edu</a></pre> <p>You can see it took my Mac (Quadra 700 running Open Transport) 3ms to get to jenkins-gateway. This is not particularly fast. With a good Ethernet interface it would be less than 1ms. From there, it took 1ms to get to paloalto-br1 (near to Stanford) and another 2ms to get to oakland-br1 (across the bay from San Francisco). </p><p>From oakland-br1 to denver-br1 took 30ms, from denver-br1 to chicago1-br1 took 20ms, and from chicago1-br1 to boston1-br1 took another 20ms. </p><p>The last stretch from boston1-br1 to <a href="http://mintaka.lcs.mit.edu" target="_blank">mintaka.lcs.mit.edu</a> took another 6ms. </p><p>So to summarise where the time's going, there's 6ms spent at each end, and 70ms spent on the long-haul getting across the country. Remember those are round-trip times -- the one-way times are half as much. </p><p>Now, let's find out what the breakdown looks like when we try the same experiment with a modem. Send in your <a href="http://www.stuartcheshire.org/rants/LatencyResults.html" target="_blank">results!</a> Hopefully we'll find at least one brand of modem that has good latency. </p><p><b>Note: October 1997.</b> Now that I've got a decent collection of results, please only send me your results if they're a lot faster (or slower) than what's already on the list. Also, please send me results only for consumer technologies. If you're company has a T-1 Internet connection, or if you are a student in University houseing with a connection even faster than that, then it's not a great suprise to find that your connection has good latency. My goal here is to find what consumer technologies are available that offer good latency. </p><h2>Are we there yet?</h2> <p>The good news is that since I first wrote this rant I've started to see a shift in awareness in the industry. Here are a couple of examples: </p><p>From Red Herring, June 1997, page 83, Luc Hatlestad wrote: </p><blockquote> <p>Matthew George is the vice president of techhnology at Engage... To Mr George, latency issues are more about modems than about network bandwidth. "Network latency in and of itself is not material to game playing; at least 70 to 90 percent of latency problems we see are due to the end points: the modems," he says. </p></blockquote> <p>From MacWeek, 12th May 1997, page 31, Larry Stevens wrote about the new 56k modems: </p><blockquote> <p>Greg Palen, director of multimedia at Galzay Marketing Group, a digital communications, prepress and marketing company in Kansas City, Kan., is one of those taking a wait-and-see attitude. "We can always use more bandwidth, but modem speed is not the primary issue at this point. The main issue is latency. </p></blockquote> <p>Some modem makers are finally starting to care about latency. One major modem manufacturer has contacted me, and we've been investigating where the time goes. It seems that there is room for improvement, but unfortunately modems will never be able to match ISDN. The problem is that over a telephone line, electrical signals get "blurred" out. In order to decode just one single bit, a 33.6kb/s modem needs to take not just a single reading of the voltage on the phone line at that instant, but that single reading plus another 79 like it, spaced 1/6000 of a second apart. A mathematical function of those 80 readings gives the actual result. This process is called "line equalization". Better line equalization allows higher data rates, but the more "taps" the equalizer has the more delay it adds. The V.34 standard also specifies particular scrambling and descrambling of the data, which also take time. According to this company, the theoretical best round-trip delay for a 14.4kb/s modem (no compression or error recovery) should be 40ms, and for a 33.6kb/s modem 64ms. The irony here is that as the capacity goes up, the best-case latency gets worse instead of better. For a small packet, it would be faster for your modem to send it at 9.6kb/s than at 33.6kb/s! </p><p>I don't know what the theoretical optimum for a 56kb/s modem is. The sample rate with these is 16000 times per second (62.5us between samples) but I don't know how many taps the equalizer has.</p></div></div></div> Anonymoushttp://www.blogger.com/profile/06075017084210151388noreply@blogger.com0tag:blogger.com,1999:blog-2474579806767004724.post-75926030916519571292010-08-07T10:37:00.002+04:002010-08-07T16:52:16.064+04:00Linux Tuning Parameters<div dir="ltr"><div class="gmail_quote"><div lang="EN-US" link="blue" vlink="purple"><div><div class="MsoNormal" style="margin-bottom: 5pt; margin-left: 0in; margin-right: 0in;"><b><span style="font-family: Times New Roman; font-size: medium;"><span style="font-size: 14pt; font-weight: bold;">Kernel</span></span></b></div><div class="MsoNormal" style="margin-bottom: 5pt; margin-left: 0in; margin-right: 0in;"><span style="font-family: Times New Roman; font-size: small;"><span style="font-size: 12pt;">To successfully run enterprise applications, such as a database server, on your Linux distribution, you may be required to update some of the default kernel parameter settings. For example, the 2.4.x series kernel message queue parameter msgmni has a default value (for example, shared memory, or shmmax is only 33,554,432 bytes on Red Hat Linux by default) that allows only a limited number of simultaneous connections to a database. Here are some recommended values (by the IBM DB2 Support Web site) for database servers to run optimally:</span></span></div><div align="center"><table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse;"><tbody>
<tr> <td bgcolor="white" style="background: none repeat scroll 0% 0% white; padding: 0in; width: 444.6pt;" width="593"><div class="MsoNormal"><span style="font-family: Courier New; font-size: x-small;"><span style="font-family: "Courier New"; font-size: 10pt;">- kernel.shmmax=268435456 for 32-bit</span></span></div><div class="MsoNormal"><span style="font-family: Courier New; font-size: x-small;"><span style="font-family: "Courier New"; font-size: 10pt;">- kernel.shmmax=1073741824 for 64-bit</span></span></div><div class="MsoNormal"><span style="font-family: Courier New; font-size: x-small;"><span style="font-family: "Courier New"; font-size: 10pt;">- kernel.msgmni=1024</span></span></div><div class="MsoNormal"><span style="font-family: Courier New; font-size: x-small;"><span style="font-family: "Courier New"; font-size: 10pt;">- fs.file-max=8192</span></span></div><div class="MsoNormal"><span style="font-family: Courier New; font-size: x-small;"><span style="font-family: "Courier New"; font-size: 10pt;">- kernel.sem="250 32000 32 1024"</span></span></div></td> </tr>
</tbody></table></div><div align="center" class="MsoNormal" style="margin-bottom: 5pt; margin-left: 0in; margin-right: 0in; text-align: center;"><b><i><span style="font-family: Times New Roman; font-size: small;"><span style="font-size: 12pt; font-style: italic; font-weight: bold;">Shared Memory</span></span></i></b></div><div align="center"><table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse;"><tbody>
<tr> <td bgcolor="white" style="background: none repeat scroll 0% 0% white; padding: 0in; width: 444.6pt;" width="593"><div class="MsoNormal"><span style="font-family: Courier New; font-size: x-small;"><span style="font-family: "Courier New"; font-size: 10pt;">To view current settings, run command:</span></span></div><div class="MsoNormal"><span style="font-family: Courier New; font-size: x-small;"><span style="font-family: "Courier New"; font-size: 10pt;"># more /proc/sys/kernel/shmmax</span></span></div><div class="MsoNormal"><span style="font-family: Courier New; font-size: x-small;"><span style="font-family: "Courier New"; font-size: 10pt;">To set it to a new value for this running session, which takes effect immediately, run command:</span></span></div><div class="MsoNormal"><span style="font-family: Courier New; font-size: x-small;"><span style="font-family: "Courier New"; font-size: 10pt;"># echo 268435456 > /proc/sys/kernel/shmmax</span></span></div><div class="MsoNormal"><span style="font-family: Courier New; font-size: x-small;"><span style="font-family: "Courier New"; font-size: 10pt;">To set it to a new value permanently (so it survives reboots), modify the sysctl.conf file:</span></span></div><div class="MsoNormal"><span style="font-family: Courier New; font-size: x-small;"><span style="font-family: "Courier New"; font-size: 10pt;">...</span></span></div><div class="MsoNormal"><span style="font-family: Courier New; font-size: x-small;"><span style="font-family: "Courier New"; font-size: 10pt;">kernel.shmmax = 268435456</span></span></div><div class="MsoNormal"><span style="font-family: Courier New; font-size: x-small;"><span style="font-family: "Courier New"; font-size: 10pt;">...</span></span></div></td> </tr>
</tbody></table></div><div align="center" class="MsoNormal" style="margin-bottom: 5pt; margin-left: 0in; margin-right: 0in; text-align: center;"><b><i><span style="font-family: Times New Roman; font-size: small;"><span style="font-size: 12pt; font-style: italic; font-weight: bold;">Semaphores</span></span></i></b></div><div align="center"><table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse;"><tbody>
<tr> <td bgcolor="white" style="background: none repeat scroll 0% 0% white; padding: 0in; width: 444.6pt;" width="593"><div class="MsoNormal"><span style="font-family: Courier New; font-size: x-small;"><span style="font-family: "Courier New"; font-size: 10pt;">To view current settings, run command:</span></span></div><div class="MsoNormal"><span style="font-family: Courier New; font-size: x-small;"><span style="font-family: "Courier New"; font-size: 10pt;"># more /proc/sys/kernel/sem </span></span></div><div class="MsoNormal"><span style="font-family: Courier New; font-size: x-small;"><span style="font-family: "Courier New"; font-size: 10pt;">250 32000 32 1024 </span></span></div><div class="MsoNormal"><span style="font-family: Courier New; font-size: x-small;"><span style="font-family: "Courier New"; font-size: 10pt;">To set it to a new value for this running session, which takes effect immediately, run command:</span></span></div><div class="MsoNormal"><span style="font-family: Courier New; font-size: x-small;"><span style="font-family: "Courier New"; font-size: 10pt;"># echo 500 512000 64 2048 > /proc/sys/kernel/sem</span></span></div><div class="MsoNormal"><span style="font-family: Courier New; font-size: x-small;"><span style="font-family: "Courier New"; font-size: 10pt;">Parameters meaning:</span></span></div><div class="MsoNormal"><span style="font-family: Courier New; font-size: x-small;"><span style="font-family: "Courier New"; font-size: 10pt;">SEMMSL - semaphores per ID</span></span></div><div class="MsoNormal"><span style="font-family: Courier New; font-size: x-small;"><span style="font-family: "Courier New"; font-size: 10pt;">SEMMNS - (SEMMNI*SEMMSL) max semaphores in system</span></span></div><div class="MsoNormal"><span style="font-family: Courier New; font-size: x-small;"><span style="font-family: "Courier New"; font-size: 10pt;">SEMOPM - max operations per semop call</span></span></div><div class="MsoNormal"><span style="font-family: Courier New; font-size: x-small;"><span style="font-family: "Courier New"; font-size: 10pt;">SEMMNI - max semaphore identifiers</span></span></div></td> </tr>
</tbody></table></div><div align="center" class="MsoNormal" style="margin-bottom: 5pt; margin-left: 0in; margin-right: 0in; text-align: center;"><b><i><span style="font-family: Times New Roman; font-size: small;"><span style="font-size: 12pt; font-style: italic; font-weight: bold;">ulimits</span></span></i></b></div><div align="center"><table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse;"><tbody>
<tr> <td bgcolor="white" style="background: none repeat scroll 0% 0% white; padding: 0in; width: 444.6pt;" width="593"><div class="MsoNormal"><span style="font-family: Courier New; font-size: x-small;"><span style="font-family: "Courier New"; font-size: 10pt;">To view current settings, run command:</span></span></div><div class="MsoNormal"><span style="font-family: Courier New; font-size: x-small;"><span style="font-family: "Courier New"; font-size: 10pt;"># ulimit -a</span></span></div><div class="MsoNormal"><span style="font-family: Courier New; font-size: x-small;"><span style="font-family: "Courier New"; font-size: 10pt;">To set it to a new value for this running session, which takes effect immediately, run command:</span></span></div><div class="MsoNormal"><span style="font-family: Courier New; font-size: x-small;"><span style="font-family: "Courier New"; font-size: 10pt;"># ulimit -n 8800</span></span></div><div class="MsoNormal"><span style="font-family: Courier New; font-size: x-small;"><span style="font-family: "Courier New"; font-size: 10pt;"># ulimit -n -1 // for unlimited; recommended if server isn't shared</span></span></div><div class="MsoNormal"><br />
</div><div class="MsoNormal"><span style="font-family: Courier New; font-size: x-small;"><span style="font-family: "Courier New"; font-size: 10pt;">Alternatively, if you want the changes to survive reboot, do the following:</span></span></div><div class="MsoNormal"><br />
</div><div class="MsoNormal"><span style="font-family: Courier New; font-size: x-small;"><span style="font-family: "Courier New"; font-size: 10pt;">- Exit all shell sessions for the user you want to change limits on.</span></span></div><div class="MsoNormal"><span style="font-family: Courier New; font-size: x-small;"><span style="font-family: "Courier New"; font-size: 10pt;">- As root, edit the file /etc/security/limits.conf and add these two lines toward the end:</span></span></div><div class="MsoNormal"><span style="font-family: Courier New; font-size: x-small;"><span style="font-family: "Courier New"; font-size: 10pt;"> user1 soft nofile 16000</span></span></div><div class="MsoNormal"><span style="font-family: Courier New; font-size: x-small;"><span style="font-family: "Courier New"; font-size: 10pt;"> user1 hard nofile 20000</span></span></div><div class="MsoNormal"><span style="font-family: Courier New; font-size: x-small;"><span style="font-family: "Courier New"; font-size: 10pt;"> ** the two lines above changes the max number of file handles - nofile - to new settings.</span></span></div><div class="MsoNormal"><span style="font-family: Courier New; font-size: x-small;"><span style="font-family: "Courier New"; font-size: 10pt;">- Save the file.</span></span></div><div class="MsoNormal"><span style="font-family: Courier New; font-size: x-small;"><span style="font-family: "Courier New"; font-size: 10pt;">- Login as the user1 again. The new changes will be in effect.</span></span></div></td> </tr>
</tbody></table></div><div align="center" class="MsoNormal" style="margin-bottom: 5pt; margin-left: 0in; margin-right: 0in; text-align: center;"><b><i><span style="font-family: Times New Roman; font-size: small;"><span style="font-size: 12pt; font-style: italic; font-weight: bold;">Message queues</span></span></i></b></div><div align="center"><table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse;"><tbody>
<tr> <td bgcolor="white" style="background: none repeat scroll 0% 0% white; padding: 0in; width: 444.6pt;" width="593"><div class="MsoNormal"><span style="font-family: Courier New; font-size: x-small;"><span style="font-family: "Courier New"; font-size: 10pt;">To view current settings, run command:</span></span></div><div class="MsoNormal"><span style="font-family: Courier New; font-size: x-small;"><span style="font-family: "Courier New"; font-size: 10pt;"># more /proc/sys/kernel/msgmni</span></span></div><div class="MsoNormal"><span style="font-family: Courier New; font-size: x-small;"><span style="font-family: "Courier New"; font-size: 10pt;"># more /proc/sys/kernel/msgmax</span></span></div><div class="MsoNormal"><span style="font-family: Courier New; font-size: x-small;"><span style="font-family: "Courier New"; font-size: 10pt;">To set it to a new value for this running session, which takes effect immediately, run command:</span></span></div><div class="MsoNormal"><span style="font-family: Courier New; font-size: x-small;"><span style="font-family: "Courier New"; font-size: 10pt;"># echo 2048 > /proc/sys/kernel/msgmni</span></span></div><div class="MsoNormal"><span style="font-family: Courier New; font-size: x-small;"><span style="font-family: "Courier New"; font-size: 10pt;"># echo 64000 > /proc/sys/kernel/msgmax</span></span></div></td> </tr>
</tbody></table></div><div align="center" class="MsoNormal" style="margin-bottom: 5pt; margin-left: 0in; margin-right: 0in; text-align: center;"><br />
</div><div class="MsoNormal" style="margin-bottom: 5pt; margin-left: 0in; margin-right: 0in;"><b><span style="font-family: Times New Roman; font-size: medium;"><span style="font-size: 14pt; font-weight: bold;">Network</span></span></b></div><div align="center" class="MsoNormal" style="margin-bottom: 5pt; margin-left: 0in; margin-right: 0in; text-align: center;"><span style="font-family: Times New Roman; font-size: small;"><span style="font-size: 12pt;">Gigabit-based network interfaces have many performance-related parameters inside of their device driver such as CPU affinity. Also, the TCP protocol can be tuned to increase network throughput for connection-hungry applications. </span></span></div><div class="MsoNormal" style="margin-bottom: 5pt; margin-left: 0in; margin-right: 0in;"><span style="font-family: Times New Roman; font-size: small;"><span style="font-size: 12pt;"><br />
<br />
</span></span></div><div align="center" class="MsoNormal" style="margin-bottom: 5pt; margin-left: 0in; margin-right: 0in; text-align: center;"><b><i><span style="font-family: Times New Roman; font-size: small;"><span style="font-size: 12pt; font-style: italic; font-weight: bold;">Tune TCP</span></span></i></b></div><div align="center"><table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse;"><tbody>
<tr> <td bgcolor="white" style="background: none repeat scroll 0% 0% white; padding: 0in; width: 444.6pt;" width="593"><div class="MsoNormal"><span style="font-family: Courier New; font-size: x-small;"><span style="font-family: "Courier New"; font-size: 10pt;">To view current TCP settings, run command:</span></span></div><div class="MsoNormal"><span style="font-family: Courier New; font-size: x-small;"><span style="font-family: "Courier New"; font-size: 10pt;"># </span></span><span style="font-family: Courier New; font-size: x-small;"><span style="font-family: "Courier New"; font-size: 10pt;">sysctl net.ipv4.tcp_keepalive_time</span></span></div><div class="MsoNormal"><span style="font-family: Courier New; font-size: x-small;"><span style="font-family: "Courier New"; font-size: 10pt;">net.ipv4.tcp_keepalive_time = 7200 // 2 hours</span></span></div><div class="MsoNormal"><span style="font-family: Courier New; font-size: x-small;"><span style="font-family: "Courier New"; font-size: 10pt;">where net.ipv4.tcp_keepalive_time is a TCP tuning parameter.</span></span><span style="font-family: Courier New; font-size: x-small;"><span style="font-family: "Courier New"; font-size: 10pt;"></span></span></div><div class="MsoNormal"><span style="font-family: Courier New; font-size: x-small;"><span style="font-family: "Courier New"; font-size: 10pt;">To set a TCP parameter to a value, run command:</span></span></div><div class="MsoNormal"><span style="font-family: Courier New; font-size: x-small;"><span style="font-family: "Courier New"; font-size: 10pt;"># </span></span><span style="font-family: Courier New; font-size: x-small;"><span style="font-family: "Courier New"; font-size: 10pt;">sysctl -w net.ipv4.tcp_keepalive_time=1800</span></span><span style="font-family: Courier New; font-size: x-small;"><span style="font-family: "Courier New"; font-size: 10pt;"></span></span></div><div class="MsoNormal"><span style="font-family: Courier New; font-size: x-small;"><span style="font-family: "Courier New"; font-size: 10pt;">A list of recommended TCP parameters, values, and their meanings:</span></span><span style="font-family: Courier New; font-size: x-small;"><span style="font-family: "Courier New"; font-size: 10pt;"></span></span></div><div class="MsoNormal"><span style="font-family: Courier New; font-size: x-small;"><span style="font-family: "Courier New"; font-size: 10pt;">Tuning Parameter Tuning Value Description of impact </span></span></div><div class="MsoNormal"><span style="font-family: Courier New; font-size: x-small;"><span style="font-family: "Courier New"; font-size: 10pt;">------------------------------------------------------------------------------</span></span></div><div class="MsoNormal"><span style="font-family: Courier New; font-size: x-small;"><span style="font-family: "Courier New"; font-size: 10pt;">net.ipv4.tcp_tw_reuse </span></span></div><div class="MsoNormal"><span style="font-family: Courier New; font-size: x-small;"><span style="font-family: "Courier New"; font-size: 10pt;">net.ipv4.tcp_tw_recycle 1 Reuse sockets in the time-wait state </span></span></div><div class="MsoNormal"><span style="font-family: Courier New; font-size: x-small;"><span style="font-family: "Courier New"; font-size: 10pt;">---</span></span></div><div class="MsoNormal"><span style="font-family: Courier New; font-size: x-small;"><span style="font-family: "Courier New"; font-size: 10pt;">net.core.wmem_max 8388608 Increase the maximum write buffer queue size </span></span></div><div class="MsoNormal"><span style="font-family: Courier New; font-size: x-small;"><span style="font-family: "Courier New"; font-size: 10pt;">---</span></span></div><div class="MsoNormal"><span style="font-family: Courier New; font-size: x-small;"><span style="font-family: "Courier New"; font-size: 10pt;">net.core.rmem_max 8388608 Increase the maximum read buffer queue size </span></span></div><div class="MsoNormal"><span style="font-family: Courier New; font-size: x-small;"><span style="font-family: "Courier New"; font-size: 10pt;">---</span></span></div><div class="MsoNormal"><span style="font-family: Courier New; font-size: x-small;"><span style="font-family: "Courier New"; font-size: 10pt;">net.ipv4.tcp_rmem 4096 87380 8388608 Set the minimum, initial, and maximum sizes for the read buffer. Note that this maximum should be less than or equal to the value set in net.core.rmem_max. </span></span></div><div class="MsoNormal"><span style="font-family: Courier New; font-size: x-small;"><span style="font-family: "Courier New"; font-size: 10pt;">---</span></span></div><div class="MsoNormal"><span style="font-family: Courier New; font-size: x-small;"><span style="font-family: "Courier New"; font-size: 10pt;">net.ipv4.tcp_wmem 4096 87380 8388608 Set the minimum, initial, and maximum sizes for the write buffer. Note that this maximum should be less than or equal to the value set in net.core.wmem_max. </span></span></div><div class="MsoNormal"><span style="font-family: Courier New; font-size: x-small;"><span style="font-family: "Courier New"; font-size: 10pt;">---</span></span></div><div class="MsoNormal"><span style="font-family: Courier New; font-size: x-small;"><span style="font-family: "Courier New"; font-size: 10pt;">timeout_timewait echo 30 > /proc/sys/net/ipv4/tcp_fin_timeout </span></span></div><div class="MsoNormal"><br />
</div><div class="MsoNormal"><span style="font-family: Courier New; font-size: x-small;"><span style="font-family: "Courier New"; font-size: 10pt;">Determines the time that must elapse before TCP/IP can release a closed connection and reuse its resources. This interval between closure and release is known as the TIME_WAIT state or twice the maximum segment lifetime (2MSL) state. During this time, reopening the connection to the client and server cost less than establishing a new connection. By reducing the value of this entry, TCP/IP can release closed connections faster, providing more resources for new connections. Adjust this parameter if the running application requires rapid release, the creation of new connections, and a low throughput due to many connections sitting in the TIME_WAIT state. </span></span></div></td> </tr>
</tbody></table></div><div class="MsoNormal" style="margin-bottom: 5pt; margin-left: 0in; margin-right: 0in;"><a href="" name="1275cb8b68008c32_Diskio"></a><span style="font-family: Times New Roman; font-size: small;"><span style="font-size: 12pt;"> </span></span><b><span style="color: white; font-family: Times New Roman; font-size: medium;"><span style="color: white; font-size: 14pt; font-weight: bold;">Disk I/O</span></span></b></div><div align="center" class="MsoNormal" style="margin-bottom: 5pt; margin-left: 0in; margin-right: 0in; text-align: center;"><b><i><span style="font-family: Times New Roman; font-size: small;"><span style="font-size: 12pt; font-style: italic; font-weight: bold;">Choose the Right File System</span></span></i></b></div><div class="MsoNormal" style="margin-bottom: 5pt; margin-left: 0in; margin-right: 0in;"><span style="font-family: Times New Roman; font-size: small;"><span style="font-size: 12pt;">Use 'ext3' file system in Linux. <br />
- It is enhanced version of ext2 <br />
- With journaling capability - high level of data integrity (in event of unclean shutdown) <br />
- It does not need to check disks on unclean shutdown and reboot (time consuming) <br />
- Faster write - ext3 journaling optimizes hard drive head motion </span></span></div><div align="center"><table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse;"><tbody>
<tr> <td bgcolor="white" style="background: none repeat scroll 0% 0% white; padding: 0in; width: 444.6pt;" width="593"><div class="MsoNormal"><span style="font-family: Courier New; font-size: x-small;"><span style="font-family: "Courier New"; font-size: 10pt;"># mke2fs -j -b 2048 -i 4096 /dev/sda</span></span></div><div class="MsoNormal"><span style="font-family: Courier New; font-size: x-small;"><span style="font-family: "Courier New"; font-size: 10pt;">mke2fs 1.32 (09-Nov-2002)</span></span></div><div class="MsoNormal"><span style="font-family: Courier New; font-size: x-small;"><span style="font-family: "Courier New"; font-size: 10pt;">/dev/sda is entire device, not just one partition!</span></span></div><div class="MsoNormal"><span style="font-family: Courier New; font-size: x-small;"><span style="font-family: "Courier New"; font-size: 10pt;">Proceed anyway? (y,n) y</span></span></div><div class="MsoNormal"><span style="font-family: Courier New; font-size: x-small;"><span style="font-family: "Courier New"; font-size: 10pt;">Filesystem label=</span></span></div><div class="MsoNormal"><span style="font-family: Courier New; font-size: x-small;"><span style="font-family: "Courier New"; font-size: 10pt;">OS type: Linux</span></span></div><div class="MsoNormal"><span style="font-family: Courier New; font-size: x-small;"><span style="font-family: "Courier New"; font-size: 10pt;">Block size=2048 (log=1)</span></span></div><div class="MsoNormal"><span style="font-family: Courier New; font-size: x-small;"><span style="font-family: "Courier New"; font-size: 10pt;">Fragment size=2048 (log=1)</span></span></div><div class="MsoNormal"><span style="font-family: Courier New; font-size: x-small;"><span style="font-family: "Courier New"; font-size: 10pt;">13107200 inodes, 26214400 blocks</span></span></div><div class="MsoNormal"><span style="font-family: Courier New; font-size: x-small;"><span style="font-family: "Courier New"; font-size: 10pt;">1310720 blocks (5.00%) reserved for the super user</span></span></div><div class="MsoNormal"><span style="font-family: Courier New; font-size: x-small;"><span style="font-family: "Courier New"; font-size: 10pt;">First data block=0</span></span></div><div class="MsoNormal"><span style="font-family: Courier New; font-size: x-small;"><span style="font-family: "Courier New"; font-size: 10pt;">1600 block groups</span></span></div><div class="MsoNormal"><span style="font-family: Courier New; font-size: x-small;"><span style="font-family: "Courier New"; font-size: 10pt;">16384 blocks per group, 16384 fragments per group</span></span></div><div class="MsoNormal"><span style="font-family: Courier New; font-size: x-small;"><span style="font-family: "Courier New"; font-size: 10pt;">8192 inodes per group</span></span></div><div class="MsoNormal"><span style="font-family: Courier New; font-size: x-small;"><span style="font-family: "Courier New"; font-size: 10pt;">Superblock backups stored on blocks:</span></span></div><div class="MsoNormal"><span style="font-family: Courier New; font-size: x-small;"><span style="font-family: "Courier New"; font-size: 10pt;"> 16384, 49152, 81920, 114688, 147456, 409600, 442368, 802816, 1327104,</span></span></div><div class="MsoNormal"><span style="font-family: Courier New; font-size: x-small;"><span style="font-family: "Courier New"; font-size: 10pt;"> 2048000, 3981312, 5619712, 10240000, 11943936</span></span></div><div class="MsoNormal"><br />
</div><div class="MsoNormal"><span style="font-family: Courier New; font-size: x-small;"><span style="font-family: "Courier New"; font-size: 10pt;">Writing inode tables: done</span></span></div><div class="MsoNormal"><span style="font-family: Courier New; font-size: x-small;"><span style="font-family: "Courier New"; font-size: 10pt;">Writing superblocks and filesystem accounting information: done</span></span></div><div class="MsoNormal"><br />
</div><div class="MsoNormal"><span style="font-family: Courier New; font-size: x-small;"><span style="font-family: "Courier New"; font-size: 10pt;">This filesystem will be automatically checked every 28 mounts or</span></span></div><div class="MsoNormal"><span style="font-family: Courier New; font-size: x-small;"><span style="font-family: "Courier New"; font-size: 10pt;">180 days, whichever comes first. Use tune2fs -c or -i to override.</span></span></div></td> </tr>
</tbody></table></div><div align="center" class="MsoNormal" style="margin-bottom: 5pt; margin-left: 0in; margin-right: 0in; text-align: center;"><b><i><span style="font-family: Times New Roman; font-size: small;"><span style="font-size: 12pt; font-style: italic; font-weight: bold;">Use 'noatime' File System Mount Option</span></span></i></b></div><div class="MsoNormal" style="margin-bottom: 5pt; margin-left: 0in; margin-right: 0in;"><span style="font-family: Times New Roman; font-size: small;"><span style="font-size: 12pt;">Use 'noatime' option in the file system boot-up configuration file 'fstab'. Edit the fstab file under /etc. This option works the best if external storage is used, for example, SAN:</span></span></div><div align="center"><table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse;"><tbody>
<tr> <td bgcolor="white" style="background: none repeat scroll 0% 0% white; padding: 0in; width: 444.6pt;" width="593"><div class="MsoNormal"><span style="font-family: Courier New; font-size: x-small;"><span style="font-family: "Courier New"; font-size: 10pt;"># more /etc/fstab</span></span></div><div class="MsoNormal"><span style="font-family: Courier New; font-size: x-small;"><span style="font-family: "Courier New"; font-size: 10pt;">LABEL=/ / ext3 defaults 1 1</span></span></div><div class="MsoNormal"><span style="font-family: Courier New; font-size: x-small;"><span style="font-family: "Courier New"; font-size: 10pt;">none /dev/pts devpts gid=5,mode=620 0 0</span></span></div><div class="MsoNormal"><span style="font-family: Courier New; font-size: x-small;"><span style="font-family: "Courier New"; font-size: 10pt;">none /proc proc defaults 0 0</span></span></div><div class="MsoNormal"><span style="font-family: Courier New; font-size: x-small;"><span style="font-family: "Courier New"; font-size: 10pt;">none /dev/shm tmpfs defaults 0 0</span></span></div><div class="MsoNormal"><span style="font-family: Courier New; font-size: x-small;"><span style="font-family: "Courier New"; font-size: 10pt;">/dev/sdc2 swap swap defaults 0 0</span></span></div><div class="MsoNormal"><span style="font-family: Courier New; font-size: x-small;"><span style="font-family: "Courier New"; font-size: 10pt;">/dev/cdrom /mnt/cdrom udf,iso9660 noauto,owner,kudzu,ro 0 0</span></span></div><div class="MsoNormal"><span style="font-family: Courier New; font-size: x-small;"><span style="font-family: "Courier New"; font-size: 10pt;">/dev/fd0 /mnt/floppy auto noauto,owner,kudzu 0 0</span></span></div><div class="MsoNormal"><span style="font-family: Courier New; font-size: x-small;"><span style="font-family: "Courier New"; font-size: 10pt;">/dev/sda /database ext3 defaults,noatime 1 2</span></span></div><div class="MsoNormal"><span style="font-family: Courier New; font-size: x-small;"><span style="font-family: "Courier New"; font-size: 10pt;">/dev/sdb /logs ext3 defaults,noatime 1 2</span></span></div><div class="MsoNormal"><span style="font-family: Courier New; font-size: x-small;"><span style="font-family: "Courier New"; font-size: 10pt;">/dev/sdc /multimediafiles ext3 defaults,noatime 1 2</span></span></div></td> </tr>
</tbody></table></div><div align="center" class="MsoNormal" style="margin-bottom: 5pt; margin-left: 0in; margin-right: 0in; text-align: center;"><b><i><span style="font-family: Times New Roman; font-size: small;"><span style="font-size: 12pt; font-style: italic; font-weight: bold;">Tune the Elevator Algorithm in Linux Kernel for Disk I/O</span></span></i></b></div><div class="MsoNormal" style="margin-bottom: 5pt; margin-left: 0in; margin-right: 0in;"><span style="font-family: Times New Roman; font-size: small;"><span style="font-size: 12pt;">After choosing the file system, there are several kernel and mounting options that can affect it. One such kernel setting is the elevator algorithm. Tuning the elevator algorithm helps the system balance the need for low latency with the need to collect enough data to efficiently organize batches of read and write requests to the disk. The elevator algorithm can be adjusted with the following command:</span></span></div><div align="center"><table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse;"><tbody>
<tr> <td bgcolor="white" style="background: none repeat scroll 0% 0% white; padding: 0in; width: 444.6pt;" width="593"><div class="MsoNormal"><span style="font-family: Courier New; font-size: x-small;"><span style="font-family: "Courier New"; font-size: 10pt;"># elvtune -r 1024 -w 2048 /dev/sda</span></span></div><div class="MsoNormal"><span style="font-family: Courier New; font-size: x-small;"><span style="font-family: "Courier New"; font-size: 10pt;">/dev/sda elevator ID 2 </span></span></div><div class="MsoNormal"><span style="font-family: Courier New; font-size: x-small;"><span style="font-family: "Courier New"; font-size: 10pt;">read_latency: 1024 </span></span></div><div class="MsoNormal"><span style="font-family: Courier New; font-size: x-small;"><span style="font-family: "Courier New"; font-size: 10pt;">write_latency: 2048 </span></span></div><div class="MsoNormal"><span style="font-family: Courier New; font-size: x-small;"><span style="font-family: "Courier New"; font-size: 10pt;">max_bomb_segments: 6 </span></span></div><div class="MsoNormal"><span style="font-family: Courier New; font-size: x-small;"><span style="font-family: "Courier New"; font-size: 10pt;">The parameters are: read latency (-r), write latency (-w) and the device affected. </span></span></div><div class="MsoNormal"><span style="font-family: Courier New; font-size: x-small;"><span style="font-family: "Courier New"; font-size: 10pt;">Red Hat recommends using a read latency half the size of the write latency (as shown). </span></span></div><div class="MsoNormal"><span style="font-family: Courier New; font-size: x-small;"><span style="font-family: "Courier New"; font-size: 10pt;">As usual, to make this setting permanent, add the 'elvtune' command to the </span></span></div><div class="MsoNormal"><span style="font-family: Courier New; font-size: x-small;"><span style="font-family: "Courier New"; font-size: 10pt;">/etc/rc.d/rc.local script.</span></span></div></td> </tr>
</tbody></table></div><div align="center" class="MsoNormal" style="margin-bottom: 5pt; margin-left: 0in; margin-right: 0in; text-align: center;"><br />
</div><div class="MsoNormal" style="margin-bottom: 5pt; margin-left: 0in; margin-right: 0in;"><b><span style="color: white; font-family: Times New Roman; font-size: medium;"><span style="color: white; font-size: 14pt; font-weight: bold;">Others</span></span></b><b><span style="font-size: medium;"><span style="font-size: 14pt; font-weight: bold;"></span></span></b></div><div class="MsoNormal" style="margin-bottom: 5pt; margin-left: 0in; margin-right: 0in;"><b><i><span style="font-family: Times New Roman; font-size: small;"><span style="font-size: 12pt; font-style: italic; font-weight: bold;">Disable Unnecessary Daemons (They Take up Memory and CPU)</span></span></i></b></div><div class="MsoNormal" style="margin-bottom: 5pt; margin-left: 0in; margin-right: 0in;"><span style="font-family: Times New Roman; font-size: small;"><span style="font-size: 12pt;">There are daemons (background services) running on every server that are probably not needed. Disabling these daemons frees memory, decreases startup time, and decreases the number of processes that the CPU has to handle. A side benefit to this is increased security of the server because fewer daemons mean fewer exploitable processes.</span></span></div><div align="center"><table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse;"><tbody>
<tr> <td bgcolor="white" colspan="2" style="background: none repeat scroll 0% 0% white; padding: 0in; width: 72.75pt;" width="97"><div class="MsoNormal"><br />
</div><div class="MsoNormal"><span style="font-family: Courier New; font-size: x-small;"><span style="font-family: "Courier New"; font-size: 10pt;">Some example Linux daemons running by default (and should be disabled). Use command:</span></span><span style="font-family: Courier New; font-size: x-small;"><span style="font-family: "Courier New"; font-size: 10pt;"></span></span></div><div class="MsoNormal"><span style="font-family: Courier New; font-size: x-small;"><span style="font-family: "Courier New"; font-size: 10pt;">#/sbin/chkconfig --levels 2345 sendmail off </span></span></div><div class="MsoNormal"><span style="font-family: Courier New; font-size: x-small;"><span style="font-family: "Courier New"; font-size: 10pt;">#/sbin/chkconfig sendmail off </span></span></div></td> </tr>
<tr> <td bgcolor="white" style="background: none repeat scroll 0% 0% white; padding: 0in; width: 72.75pt;" valign="top" width="97"><div class="MsoNormal" style="margin-bottom: 5pt; margin-left: 0in; margin-right: 0in;"><span style="font-family: Times New Roman; font-size: small;"><span style="font-size: 12pt;">Daemon</span></span></div></td> <td bgcolor="white" style="background: none repeat scroll 0% 0% white; padding: 0in; width: 371.85pt;" valign="top" width="496"><div class="MsoNormal" style="margin-bottom: 5pt; margin-left: 0in; margin-right: 0in;"><span style="font-family: Times New Roman; font-size: small;"><span style="font-size: 12pt;">Description</span></span></div></td> </tr>
<tr> <td bgcolor="white" style="background: none repeat scroll 0% 0% white; padding: 0in; width: 72.75pt;" valign="top" width="97"><div class="MsoNormal" style="margin-bottom: 5pt; margin-left: 0in; margin-right: 0in;"><span style="font-family: Times New Roman; font-size: small;"><span style="font-size: 12pt;">apmd</span></span></div></td> <td bgcolor="white" style="background: none repeat scroll 0% 0% white; padding: 0in; width: 371.85pt;" valign="top" width="496"><div class="MsoNormal" style="margin-bottom: 5pt; margin-left: 0in; margin-right: 0in;"><span style="font-family: Times New Roman; font-size: small;"><span style="font-size: 12pt;">Advanced power management daemon</span></span></div></td> </tr>
<tr> <td bgcolor="white" style="background: none repeat scroll 0% 0% white; padding: 0in; width: 72.75pt;" valign="top" width="97"><div class="MsoNormal" style="margin-bottom: 5pt; margin-left: 0in; margin-right: 0in;"><span style="font-family: Times New Roman; font-size: small;"><span style="font-size: 12pt;">autofs</span></span></div></td> <td bgcolor="white" style="background: none repeat scroll 0% 0% white; padding: 0in; width: 371.85pt;" valign="top" width="496"><div class="MsoNormal" style="margin-bottom: 5pt; margin-left: 0in; margin-right: 0in;"><span style="font-family: Times New Roman; font-size: small;"><span style="font-size: 12pt;">Automatically mounts file systems on demand (i.e.: mounts a CD-ROM automatically)</span></span></div></td> </tr>
<tr> <td bgcolor="white" style="background: none repeat scroll 0% 0% white; padding: 0in; width: 72.75pt;" valign="top" width="97"><div class="MsoNormal" style="margin-bottom: 5pt; margin-left: 0in; margin-right: 0in;"><span style="font-family: Times New Roman; font-size: small;"><span style="font-size: 12pt;">cups</span></span></div></td> <td bgcolor="white" style="background: none repeat scroll 0% 0% white; padding: 0in; width: 371.85pt;" valign="top" width="496"><div class="MsoNormal" style="margin-bottom: 5pt; margin-left: 0in; margin-right: 0in;"><span style="font-family: Times New Roman; font-size: small;"><span style="font-size: 12pt;">Common UNIX</span></span><span style="font-family: Arial Unicode MS;"><span style="font-family: "Arial Unicode MS";">�</span></span> Printing System</div></td> </tr>
<tr> <td bgcolor="white" style="background: none repeat scroll 0% 0% white; padding: 0in; width: 72.75pt;" valign="top" width="97"><div class="MsoNormal" style="margin-bottom: 5pt; margin-left: 0in; margin-right: 0in;"><span style="font-family: Times New Roman; font-size: small;"><span style="font-size: 12pt;">hpoj</span></span></div></td> <td bgcolor="white" style="background: none repeat scroll 0% 0% white; padding: 0in; width: 371.85pt;" valign="top" width="496"><div class="MsoNormal" style="margin-bottom: 5pt; margin-left: 0in; margin-right: 0in;"><span style="font-family: Times New Roman; font-size: small;"><span style="font-size: 12pt;">HP OfficeJet support</span></span></div></td> </tr>
<tr> <td bgcolor="white" style="background: none repeat scroll 0% 0% white; padding: 0in; width: 72.75pt;" valign="top" width="97"><div class="MsoNormal" style="margin-bottom: 5pt; margin-left: 0in; margin-right: 0in;"><span style="font-family: Times New Roman; font-size: small;"><span style="font-size: 12pt;">isdn</span></span></div></td> <td bgcolor="white" style="background: none repeat scroll 0% 0% white; padding: 0in; width: 371.85pt;" valign="top" width="496"><div class="MsoNormal" style="margin-bottom: 5pt; margin-left: 0in; margin-right: 0in;"><span style="font-family: Times New Roman; font-size: small;"><span style="font-size: 12pt;">ISDN modem support</span></span></div></td> </tr>
<tr> <td bgcolor="white" style="background: none repeat scroll 0% 0% white; padding: 0in; width: 72.75pt;" valign="top" width="97"><div class="MsoNormal" style="margin-bottom: 5pt; margin-left: 0in; margin-right: 0in;"><span style="font-family: Times New Roman; font-size: small;"><span style="font-size: 12pt;">netfs</span></span></div></td> <td bgcolor="white" style="background: none repeat scroll 0% 0% white; padding: 0in; width: 371.85pt;" valign="top" width="496"><div class="MsoNormal" style="margin-bottom: 5pt; margin-left: 0in; margin-right: 0in;"><span style="font-family: Times New Roman; font-size: small;"><span style="font-size: 12pt;">Used in support of exporting NFS shares</span></span></div></td> </tr>
<tr> <td bgcolor="white" style="background: none repeat scroll 0% 0% white; padding: 0in; width: 72.75pt;" valign="top" width="97"><div class="MsoNormal" style="margin-bottom: 5pt; margin-left: 0in; margin-right: 0in;"><span style="font-family: Times New Roman; font-size: small;"><span style="font-size: 12pt;">nfslock</span></span></div></td> <td bgcolor="white" style="background: none repeat scroll 0% 0% white; padding: 0in; width: 371.85pt;" valign="top" width="496"><div class="MsoNormal" style="margin-bottom: 5pt; margin-left: 0in; margin-right: 0in;"><span style="font-family: Times New Roman; font-size: small;"><span style="font-size: 12pt;">Used for file locking with NFS</span></span></div></td> </tr>
<tr> <td bgcolor="white" style="background: none repeat scroll 0% 0% white; padding: 0in; width: 72.75pt;" valign="top" width="97"><div class="MsoNormal" style="margin-bottom: 5pt; margin-left: 0in; margin-right: 0in;"><span style="font-family: Times New Roman; font-size: small;"><span style="font-size: 12pt;">pcmcia</span></span></div></td> <td bgcolor="white" style="background: none repeat scroll 0% 0% white; padding: 0in; width: 371.85pt;" valign="top" width="496"><div class="MsoNormal" style="margin-bottom: 5pt; margin-left: 0in; margin-right: 0in;"><span style="font-family: Times New Roman; font-size: small;"><span style="font-size: 12pt;">PCMCIA support on a server</span></span></div></td> </tr>
<tr> <td bgcolor="white" style="background: none repeat scroll 0% 0% white; padding: 0in; width: 72.75pt;" valign="top" width="97"><div class="MsoNormal" style="margin-bottom: 5pt; margin-left: 0in; margin-right: 0in;"><span style="font-family: Times New Roman; font-size: small;"><span style="font-size: 12pt;">rhnsd</span></span></div></td> <td bgcolor="white" style="background: none repeat scroll 0% 0% white; padding: 0in; width: 371.85pt;" valign="top" width="496"><div class="MsoNormal" style="margin-bottom: 5pt; margin-left: 0in; margin-right: 0in;"><span style="font-family: Times New Roman; font-size: small;"><span style="font-size: 12pt;">Red Hat Network update service for checking for updates and security errata</span></span></div></td> </tr>
<tr> <td bgcolor="white" style="background: none repeat scroll 0% 0% white; padding: 0in; width: 72.75pt;" valign="top" width="97"><div class="MsoNormal" style="margin-bottom: 5pt; margin-left: 0in; margin-right: 0in;"><span style="font-family: Times New Roman; font-size: small;"><span style="font-size: 12pt;">sendmail</span></span></div></td> <td bgcolor="white" style="background: none repeat scroll 0% 0% white; padding: 0in; width: 371.85pt;" valign="top" width="496"><div class="MsoNormal" style="margin-bottom: 5pt; margin-left: 0in; margin-right: 0in;"><span style="font-family: Times New Roman; font-size: small;"><span style="font-size: 12pt;">Mail Transport Agent</span></span></div></td> </tr>
<tr> <td bgcolor="white" style="background: none repeat scroll 0% 0% white; padding: 0in; width: 72.75pt;" valign="top" width="97"><div class="MsoNormal" style="margin-bottom: 5pt; margin-left: 0in; margin-right: 0in;"><span style="font-family: Times New Roman; font-size: small;"><span style="font-size: 12pt;">xfs</span></span></div></td> <td bgcolor="white" style="background: none repeat scroll 0% 0% white; padding: 0in; width: 371.85pt;" valign="top" width="496"><div class="MsoNormal" style="margin-bottom: 5pt; margin-left: 0in; margin-right: 0in;"><span style="font-family: Times New Roman; font-size: small;"><span style="font-size: 12pt;">Font server for X Windows</span></span></div></td> </tr>
</tbody></table></div><div align="center" class="MsoNormal" style="margin-bottom: 5pt; margin-left: 0in; margin-right: 0in; text-align: center;"><b><i><span style="font-family: Times New Roman; font-size: small;"><span style="font-size: 12pt; font-style: italic; font-weight: bold;">Shutdown GUI</span></span></i></b></div><div class="MsoNormal" style="margin-bottom: 5pt; margin-left: 0in; margin-right: 0in;"><span style="font-family: Times New Roman; font-size: small;"><span style="font-size: 12pt;">Normally, there is no need for a GUI on a Linux server. All administration tasks can be achieved by the command line, redirecting the X display or through a Web browser interface. Modify the 'inittab' file to set boot level as 3:</span></span></div><div align="center"><table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse;"><tbody>
<tr> <td bgcolor="white" style="background: none repeat scroll 0% 0% white; padding: 0in; width: 444.6pt;" width="593"><div class="MsoNormal"><span style="font-family: Courier New; font-size: x-small;"><span style="font-family: "Courier New"; font-size: 10pt;">To set the initial runlevel (3 instead of 5) of a machine at boot, </span></span></div><div class="MsoNormal"><span style="font-family: Courier New; font-size: x-small;"><span style="font-family: "Courier New"; font-size: 10pt;">modify the /etc/inittab file </span></span></div></td> </tr>
</tbody></table></div><div align="center" class="MsoNormal" style="margin-bottom: 5pt; margin-left: 0in; margin-right: 0in; text-align: center;"><span class="Apple-style-span" style="font-family: 'Times New Roman'; font-size: medium;"><span class="Apple-style-span" style="font-size: 16px;"><br />
</span></span></div></div></div></div></div>Anonymoushttp://www.blogger.com/profile/06075017084210151388noreply@blogger.com0tag:blogger.com,1999:blog-2474579806767004724.post-89021347563481816902010-08-07T10:34:00.000+04:002010-08-07T10:35:10.564+04:00How to get a list of exported shares on a Windows server from Linux<div dir="ltr"><div class="gmail_quote"><div lang="EN-US" link="blue" vlink="purple"><div><p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:0in;text-autospace:none"><font size="3" face="Times New Roman"><span style="font-size:12.0pt"><br> </span></font></p><p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:0in;text-autospace:none"><font size="3" face="Times New Roman"><span style="font-size:12.0pt">How to get a list of exported shares on a Windows server from Linux</span></font></p><p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:0in;text-autospace:none"><font size="3" face="Times New Roman"><span style="font-size:12.0pt"><br> Example: smbclient -U username -L win_server<br><font class="Apple-style-span" face="arial"><span class="Apple-style-span" style="font-size: small;"><font class="Apple-style-span" face="'Times New Roman'" size="4"><span class="Apple-style-span" style="font-size: 16px;"><br> </span></font></span></font></span></font></p></div></div></div></div> Anonymoushttp://www.blogger.com/profile/06075017084210151388noreply@blogger.com0tag:blogger.com,1999:blog-2474579806767004724.post-29879497404924149762010-08-07T10:32:00.000+04:002010-08-07T10:33:13.754+04:00LVM Snapshot theory<div dir="ltr"><div class="gmail_quote"><div lang="EN-US" link="blue" vlink="purple"><div><p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:0in;text-autospace:none"><font size="3" face="Times New Roman"><span style="font-size:12.0pt">LVM snapshots are meant to capture the filesystem in a frozen state. <b><span style="font-weight:bold">They are not meant to be a backup in and of themselves. They are, however, useful for obtaining backup images that are consistent because the frozen image cannot and will not change during the backup process.</span></b> So while you won't use them directly to make long-term backups, they will be of great value in any backup process that you decide to use.</span></font></p> <p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:0in;text-autospace:none"><font size="3" face="Times New Roman"><span style="font-size:12.0pt">When LVM implements a snapshot, there are several things that happen, all very quickly. The first is that a new logical volume has to be allocated. The true purpose of this volume is to provide an area where deltas (changes) to the filesystem are recorded. This allows the original volume to continue on without disrupting any existing read/write access. The downside to this is that the snapshot area is of a finite size, which means on a system with busy writes, it can fill up rather quickly. For volumes that have significant write activity, you will want to increase the size of your snapshot to allow enough space for all changes to be recorded. If your snapshot overflows (fills up) both the original volume and the logical volume grind to a screeching halt. This is done to prevent filesystem corruption, although it has the effect of unceremoniously dropping any I/O (and therefore any programs) that were using the original volume. Should this happen, you will want to release your snapshot <i><span style="font-style:italic">as soon as possible</span></i> so you can get the original volume back online. Once the release is complete, you'll be able to remount the volume as read/write and make the filesystem on it available.</span></font></p> <p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:0in;text-autospace:none"><font size="3" face="Times New Roman"><span style="font-size:12.0pt">The second thing that happens is that LVM now "swaps" the true purposes of the volumes in question. You would think that the newly allocated snapshot would be the place to look for any changes to the filesystem, after all, it's where all the writes are going to, right? No, it's the other way around. Filesystems are mounted to LVM volume <i><span style="font-style:italic">names</span></i>, so swapping out the <i><span style="font-style:italic">name</span></i> from underneath the rest of the system would be a no-no (because the snapshot uses a <i><span style="font-style:italic">different</span></i> name). So the solution here is simple: When you access the original volume name, it will continue to refer to the <i><span style="font-style:italic">live</span></i> (read/write) version of the volume you did the snapshot of. The snapshot volume you create will refer to the <i><span style="font-style:italic">frozen</span></i> (read-only) version of the volume you intend to back up. A little confusing at first, but it will make sense.</span></font></p> <p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:0in;text-autospace:none"><font size="3" face="Times New Roman"><span style="font-size:12.0pt">All of this happens in less than 2 seconds. The rest of the system doesn't even notice. Unless, of course, you don't release the snapshot before it overflows...</span></font></p> <p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:0in;text-autospace:none"><font size="3" face="Times New Roman"><span style="font-size:12.0pt">When you go to release a snapshot, it then takes all of the recorded changes and "replays" them back into the original volume. This takes a bit longer - depending on how much data was recorded - but won't significantly impact what you're doing. Once the release is complete, the snapshot volume is destroyed and the original remains. This is also why it is important to not "hold onto" snapshots - the data needs to be re-integrated back into the original "live" volume at some point.</span></font></p> <p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:0in;text-autospace:none"><font size="3" face="Times New Roman"><span style="font-size:12.0pt">There is a third, older version of a snapshot from the LVM version 1 days, that is read-only. This form of snapshot does not record changes to the filesystem. <b><span style="font-weight:bold">I do not recommend pursuing this as a long-term backup strategy. You are still hosting data on the same physical drive that can fail, and recovery of your filesystem from a drive that has failed is no backup at all.</span></b></span></font></p> <p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:0in;text-autospace:none"><font size="3" face="Times New Roman"><span style="font-size:12.0pt">So, in a nutshell:</span></font></p> <p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:.5in;text-autospace:none"><font size="3" face="Times New Roman"><span style="font-size:12.0pt">Snapshots are good for assisting backups </span></font></p> <p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:.5in;text-autospace:none"><b><font size="3" face="Times New Roman"><span style="font-size:12.0pt;font-weight:bold">Snapshots are not, in and of themselves, a form of backup</span></font></b> </p> <p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:.5in;text-autospace:none"><font size="3" face="Times New Roman"><span style="font-size:12.0pt">Snapshots do not last forever </span></font></p> <p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:.5in;text-autospace:none"><font size="3" face="Times New Roman"><span style="font-size:12.0pt">A full snapshot is a BAD thing </span></font></p> <p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:.5in;text-autospace:none"><font size="3" face="Times New Roman"><span style="font-size:12.0pt">Snapshots need to "go home" at some point (data needs to be re-integrated) </span></font></p> <p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:.5in;text-autospace:none"><font size="3" face="Times New Roman"><span style="font-size:12.0pt">LVM is your friend, if you use it wisely.</span></font></p><p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:.5in;text-autospace:none"><font size="3" face="Times New Roman"><span style="font-size:12.0pt"><br></span></font></p> </div></div></div></div> Anonymoushttp://www.blogger.com/profile/06075017084210151388noreply@blogger.com1tag:blogger.com,1999:blog-2474579806767004724.post-8706435186291809092010-08-07T10:30:00.001+04:002010-08-07T10:30:26.722+04:00An rc.local equivalent for Debian/Ubuntu<div dir="ltr"><div class="gmail_quote"><div dir="ltr"><h1>An rc.local equivalent for Debian/Ubuntu</h1><br clear="all"><p>In many distributions you can add commands to run certain programs at the end of the boot process after all system services have been started. For this purpose various distribution uses various methods. For example in Redhat based distributions we can add our own scripts or programs into the /etc/rc.d/rc.local file, however there is no such file in a Debian based system. Here is the way to accomplish the same thing the debian way: <span></span><span></span></p><p> </p><h2>Creatting /etc/init.d/local</h2> <span></span><p><span></span><span></span></p><pre>sudo vi /etc/init.d/local</pre><span></span><span></span><p> This file is a shell script and it should start with: <span></span><span></span><span></span></p><pre>#!/bin/sh</pre><span></span><span></span><p> </p><h2>Making the file executable</h2> <span></span><span></span><p>Make this file executable with: <span></span><span></span><span></span></p> <pre> sudo chmod +x /etc/init.d/local</pre><span></span><span></span><p> </p><h2>link the new local file with Init</h2> <span></span><span></span><p>We are going to use this script a System V init script using: <span></span><span></span><span></span></p> <pre>sudo update-rc.d local defaults 80</pre><span></span><p> </p><h2>An Example</h2> <span></span><span></span><p>Now you can call your scripts or pograms using this file. For example, to mount a NFS directry at boot time add the following line to /etc/init.d/rc.local <span></span><span></span></p><p><span></span><span></span></p><pre>mount server.fossedu.org:/data /data</pre></div></div></div> Anonymoushttp://www.blogger.com/profile/06075017084210151388noreply@blogger.com0tag:blogger.com,1999:blog-2474579806767004724.post-56444094543061083962010-08-07T02:49:00.000+04:002010-08-07T02:50:20.856+04:00Linux Permissions along with ACL (access control list)<div dir="ltr"><div class="gmail_quote"><div lang="EN-US" link="blue" vlink="purple"><div><p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:0in;text-autospace:none"><font size="3" face="Times New Roman"><span style="font-size:12.0pt">Linux file permissions are based upon three actions:</span></font></p> <p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:.5in;text-autospace:none"><b><font size="3" face="Times New Roman"><span style="font-size:12.0pt;font-weight:bold">Read</span></font></b> – read a file, on directories grants permission to read names of files in the directory (but not find any additional information size owner etc..) </p> <p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:.5in;text-autospace:none"><b><font size="3" face="Times New Roman"><span style="font-size:12.0pt;font-weight:bold">Write</span></font></b> – modify, delete rename a file, on directories it gives permission to modify entries inside the directory including create, delete and rename files </p> <p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:.5in;text-autospace:none"><b><font size="3" face="Times New Roman"><span style="font-size:12.0pt;font-weight:bold">Execute</span></font></b> – execute a file, on directories is grants permission to go into the directory and subdirectories it goes not grant read access to the directory</p> <p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:0in;text-autospace:none"><font size="3" face="Times New Roman"><span style="font-size:12.0pt">Linux also supports three additional permissions:</span></font></p> <p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:.5in;text-autospace:none"><b><font size="3" face="Times New Roman"><span style="font-size:12.0pt;font-weight:bold">SUID</span></font></b> – Set user ID – when a file with this bit is set and it is executable it will be executed with the effective permissions of the owner. </p> <p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:.5in;text-autospace:none"><b><font size="3" face="Times New Roman"><span style="font-size:12.0pt;font-weight:bold">SGID</span></font></b> – Set group ID – when a file with this bit is set and it is executable it will be executed with the effective permissions of the group, directories with the SGID new files and directories created under the original directory will inhert it's group from the SGID group. </p> <p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:.5in;text-autospace:none"><b><font size="3" face="Times New Roman"><span style="font-size:12.0pt;font-weight:bold">sticky</span></font></b> - when a file with this bit is set and it is executable it encourages the kernel to retain the resulting process beyond termination, when set upon a directory it prevents users who are not the owner from renaming, deleting or moving files or subdirectories.</p> <p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:0in;text-autospace:none"><font size="3" face="Times New Roman"><span style="font-size:12.0pt">Each file can be owned by a single user, group and everyone else. Other is everyone who is not the user or a member of the group. All directories are really just files in linux. Linux filenames can be up to 256 characters long. Linux permissions are not inherited except SGID directories. Since the 2.6 Kernel linux also support acl based file permissions giving you better control on your file system. You can see the permission user and group on a file by performing a long listing of a file:</span></font></p> <p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:0in;text-autospace:none"><font size="3" face="Times New Roman"><span style="font-size:12.0pt">ls -al</span></font></p> <p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:0in;text-autospace:none"><font size="3" face="Times New Roman"><span style="font-size:12.0pt">drwxr-xr-x 3 root root 4096 Nov 10 21:25 .<br> drwx—— 46 root root 4096 Nov 10 21:12 ..<br> drwxr-xr-x 2 jgriffiths users 4096 Nov 10 21:25 cheese<br> -rw-r–r– 1 root root 0 Nov 10 21:12 donkey.doc<br> -rw-r–r– 1 jgriffiths video 0 Nov 10 21:12 myfile.txt</span></font></p> <p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:0in;text-autospace:none"><font size="3" face="Times New Roman"><span style="font-size:12.0pt">This listing displays hidden files because we issued ls with the -a command line switch. The sections are divided as follows:</span></font></p> <div align="center"> <table border="0" cellspacing="0" cellpadding="0" style="border-collapse:collapse"> <tbody><tr> <td width="74" style="width:55.5pt;border:ridge windowtext 2.25pt;padding:0in 0in 0in 0in"> <p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:0in;text-autospace:none"><b><font size="3" face="Times New Roman"><span style="font-size:12.0pt;font-weight:bold">Sample</span></font></b></p> </td> <td width="103" style="width:77.05pt;border:ridge windowtext 2.25pt;border-left:none;padding:0in 0in 0in 0in"> <p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:0in;text-autospace:none"><b><font size="3" face="Times New Roman"><span style="font-size:12.0pt;font-weight:bold">Field</span></font></b></p> </td> <td width="447" style="width:335.4pt;border:ridge windowtext 2.25pt;border-left:none;padding:0in 0in 0in 0in"> <p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:0in;text-autospace:none"><b><font size="3" face="Times New Roman"><span style="font-size:12.0pt;font-weight:bold">Description </span></font></b></p> </td> </tr> <tr> <td width="74" style="width:55.5pt;border:ridge windowtext 2.25pt;border-top:none;padding:0in 0in 0in 0in"> <p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:0in;text-autospace:none"><font size="3" face="Times New Roman"><span style="font-size:12.0pt">drwxr_xr_x</span></font></p> </td> <td width="103" style="width:77.05pt;border-top:none;border-left:none;border-bottom:ridge windowtext 2.25pt;border-right:ridge windowtext 2.25pt;padding:0in 0in 0in 0in"> <p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:0in;text-autospace:none"><font size="3" face="Times New Roman"><span style="font-size:12.0pt">Permissions</span></font></p> </td> <td width="447" style="width:335.4pt;border-top:none;border-left:none;border-bottom:ridge windowtext 2.25pt;border-right:ridge windowtext 2.25pt;padding:0in 0in 0in 0in"> <p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:0in;text-autospace:none"><font size="3" face="Times New Roman"><span style="font-size:12.0pt">Permissions on the directory or file</span></font></p> </td> </tr> <tr> <td width="74" style="width:55.5pt;border:ridge windowtext 2.25pt;border-top:none;padding:0in 0in 0in 0in"> <p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:0in;text-autospace:none"><font size="3" face="Times New Roman"><span style="font-size:12.0pt">2</span></font></p> </td> <td width="103" style="width:77.05pt;border-top:none;border-left:none;border-bottom:ridge windowtext 2.25pt;border-right:ridge windowtext 2.25pt;padding:0in 0in 0in 0in"> <p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:0in;text-autospace:none"><font size="3" face="Times New Roman"><span style="font-size:12.0pt">Directories</span></font></p> </td> <td width="447" style="width:335.4pt;border-top:none;border-left:none;border-bottom:ridge windowtext 2.25pt;border-right:ridge windowtext 2.25pt;padding:0in 0in 0in 0in"> <p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:0in;text-autospace:none"><font size="3" face="Times New Roman"><span style="font-size:12.0pt">Amount of links (files and directories) inside the directory including itself</span></font></p> </td> </tr> <tr> <td width="74" style="width:55.5pt;border:ridge windowtext 2.25pt;border-top:none;padding:0in 0in 0in 0in"> <p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:0in;text-autospace:none"><font size="3" face="Times New Roman"><span style="font-size:12.0pt">jgriffiths</span></font></p> </td> <td width="103" style="width:77.05pt;border-top:none;border-left:none;border-bottom:ridge windowtext 2.25pt;border-right:ridge windowtext 2.25pt;padding:0in 0in 0in 0in"> <p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:0in;text-autospace:none"><font size="3" face="Times New Roman"><span style="font-size:12.0pt">User</span></font></p> </td> <td width="447" style="width:335.4pt;border-top:none;border-left:none;border-bottom:ridge windowtext 2.25pt;border-right:ridge windowtext 2.25pt;padding:0in 0in 0in 0in"> <p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:0in;text-autospace:none"><font size="3" face="Times New Roman"><span style="font-size:12.0pt">Owner of this files username</span></font></p> </td> </tr> <tr> <td width="74" style="width:55.5pt;border:ridge windowtext 2.25pt;border-top:none;padding:0in 0in 0in 0in"> <p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:0in;text-autospace:none"><font size="3" face="Times New Roman"><span style="font-size:12.0pt">users</span></font></p> </td> <td width="103" style="width:77.05pt;border-top:none;border-left:none;border-bottom:ridge windowtext 2.25pt;border-right:ridge windowtext 2.25pt;padding:0in 0in 0in 0in"> <p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:0in;text-autospace:none"><font size="3" face="Times New Roman"><span style="font-size:12.0pt">Group</span></font></p> </td> <td width="447" style="width:335.4pt;border-top:none;border-left:none;border-bottom:ridge windowtext 2.25pt;border-right:ridge windowtext 2.25pt;padding:0in 0in 0in 0in"> <p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:0in;text-autospace:none"><font size="3" face="Times New Roman"><span style="font-size:12.0pt">Group this file is owner by</span></font></p> </td> </tr> <tr> <td width="74" style="width:55.5pt;border:ridge windowtext 2.25pt;border-top:none;padding:0in 0in 0in 0in"> <p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:0in;text-autospace:none"><font size="3" face="Times New Roman"><span style="font-size:12.0pt">4096</span></font></p> </td> <td width="103" style="width:77.05pt;border-top:none;border-left:none;border-bottom:ridge windowtext 2.25pt;border-right:ridge windowtext 2.25pt;padding:0in 0in 0in 0in"> <p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:0in;text-autospace:none"><font size="3" face="Times New Roman"><span style="font-size:12.0pt">Size</span></font></p> </td> <td width="447" style="width:335.4pt;border-top:none;border-left:none;border-bottom:ridge windowtext 2.25pt;border-right:ridge windowtext 2.25pt;padding:0in 0in 0in 0in"> <p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:0in;text-autospace:none"><font size="3" face="Times New Roman"><span style="font-size:12.0pt">Size of file in k-bytes</span></font></p> </td> </tr> <tr> <td width="74" style="width:55.5pt;border:ridge windowtext 2.25pt;border-top:none;padding:0in 0in 0in 0in"> <p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:0in;text-autospace:none"><font size="3" face="Times New Roman"><span style="font-size:12.0pt">Nov 10 21:25</span></font></p> </td> <td width="103" style="width:77.05pt;border-top:none;border-left:none;border-bottom:ridge windowtext 2.25pt;border-right:ridge windowtext 2.25pt;padding:0in 0in 0in 0in"> <p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:0in;text-autospace:none"><font size="3" face="Times New Roman"><span style="font-size:12.0pt">Modification time</span></font></p> </td> <td width="447" style="width:335.4pt;border-top:none;border-left:none;border-bottom:ridge windowtext 2.25pt;border-right:ridge windowtext 2.25pt;padding:0in 0in 0in 0in"> <p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:0in;text-autospace:none"><font size="3" face="Times New Roman"><span style="font-size:12.0pt">Time of last change</span></font></p> </td> </tr> <tr> <td width="74" style="width:55.5pt;border:ridge windowtext 2.25pt;border-top:none;padding:0in 0in 0in 0in"> <p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:0in;text-autospace:none"><font size="3" face="Times New Roman"><span style="font-size:12.0pt">cheese</span></font></p> </td> <td width="103" style="width:77.05pt;border-top:none;border-left:none;border-bottom:ridge windowtext 2.25pt;border-right:ridge windowtext 2.25pt;padding:0in 0in 0in 0in"> <p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:0in;text-autospace:none"><font size="3" face="Times New Roman"><span style="font-size:12.0pt">Name</span></font></p> </td> <td width="447" style="width:335.4pt;border-top:none;border-left:none;border-bottom:ridge windowtext 2.25pt;border-right:ridge windowtext 2.25pt;padding:0in 0in 0in 0in"> <p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:0in;text-autospace:none"><font size="3" face="Times New Roman"><span style="font-size:12.0pt">Name of directory or file</span></font></p> </td> </tr> </tbody></table> </div> <p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:0in;text-autospace:none"><font size="3" face="Times New Roman"><span style="font-size:12.0pt">The permissions field is 11 characters broken down into four sections: type, owner permissions, group permissions and other permissions.</span></font></p> <div align="center"> <table border="0" cellspacing="0" cellpadding="0" style="border-collapse:collapse"> <tbody><tr> <td width="110" style="width:82.25pt;border:ridge windowtext 2.25pt;padding:0in 0in 0in 0in"> <p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:0in;text-autospace:none"><b><font size="3" face="Times New Roman"><span style="font-size:12.0pt;font-weight:bold">Characters #'s<br> <br> </span></font></b></p> </td> <td width="132" style="width:99.25pt;border:ridge windowtext 2.25pt;border-left:none;padding:0in 0in 0in 0in"> <p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:0in;text-autospace:none"><b><font size="3" face="Times New Roman"><span style="font-size:12.0pt;font-weight:bold">Section </span></font></b></p> </td> <td width="382" style="width:286.4pt;border:ridge windowtext 2.25pt;border-left:none;padding:0in 0in 0in 0in"> <p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:0in;text-autospace:none"><b><font size="3" face="Times New Roman"><span style="font-size:12.0pt;font-weight:bold">Description</span></font></b></p> </td> </tr> <tr> <td width="110" style="width:82.25pt;border:ridge windowtext 2.25pt;border-top:none;padding:0in 0in 0in 0in"> <p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:0in;text-autospace:none"><font size="3" face="Times New Roman"><span style="font-size:12.0pt">1</span></font></p> </td> <td width="132" style="width:99.25pt;border-top:none;border-left:none;border-bottom:ridge windowtext 2.25pt;border-right:ridge windowtext 2.25pt;padding:0in 0in 0in 0in"> <p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:0in;text-autospace:none"><font size="3" face="Times New Roman"><span style="font-size:12.0pt">type</span></font></p> </td> <td width="382" style="width:286.4pt;border-top:none;border-left:none;border-bottom:ridge windowtext 2.25pt;border-right:ridge windowtext 2.25pt;padding:0in 0in 0in 0in"> <p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:0in;text-autospace:none"><font size="3" face="Times New Roman"><span style="font-size:12.0pt">This defines a directory vs a file or special type</span></font></p> </td> </tr> <tr> <td width="110" style="width:82.25pt;border:ridge windowtext 2.25pt;border-top:none;padding:0in 0in 0in 0in"> <p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:0in;text-autospace:none"><font size="3" face="Times New Roman"><span style="font-size:12.0pt">2-4</span></font></p> </td> <td width="132" style="width:99.25pt;border-top:none;border-left:none;border-bottom:ridge windowtext 2.25pt;border-right:ridge windowtext 2.25pt;padding:0in 0in 0in 0in"> <p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:0in;text-autospace:none"><font size="3" face="Times New Roman"><span style="font-size:12.0pt">owner permissions</span></font></p> </td> <td width="382" style="width:286.4pt;border-top:none;border-left:none;border-bottom:ridge windowtext 2.25pt;border-right:ridge windowtext 2.25pt;padding:0in 0in 0in 0in"> <p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:0in;text-autospace:none"><font size="3" face="Times New Roman"><span style="font-size:12.0pt">This defines users permissions</span></font></p> </td> </tr> <tr> <td width="110" style="width:82.25pt;border:ridge windowtext 2.25pt;border-top:none;padding:0in 0in 0in 0in"> <p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:0in;text-autospace:none"><font size="3" face="Times New Roman"><span style="font-size:12.0pt">5-7</span></font></p> </td> <td width="132" style="width:99.25pt;border-top:none;border-left:none;border-bottom:ridge windowtext 2.25pt;border-right:ridge windowtext 2.25pt;padding:0in 0in 0in 0in"> <p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:0in;text-autospace:none"><font size="3" face="Times New Roman"><span style="font-size:12.0pt">group permissions</span></font></p> </td> <td width="382" style="width:286.4pt;border-top:none;border-left:none;border-bottom:ridge windowtext 2.25pt;border-right:ridge windowtext 2.25pt;padding:0in 0in 0in 0in"> <p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:0in;text-autospace:none"><font size="3" face="Times New Roman"><span style="font-size:12.0pt">This defines group permissions</span></font></p> </td> </tr> <tr> <td width="110" style="width:82.25pt;border:ridge windowtext 2.25pt;border-top:none;padding:0in 0in 0in 0in"> <p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:0in;text-autospace:none"><font size="3" face="Times New Roman"><span style="font-size:12.0pt">8-11</span></font></p> </td> <td width="132" style="width:99.25pt;border-top:none;border-left:none;border-bottom:ridge windowtext 2.25pt;border-right:ridge windowtext 2.25pt;padding:0in 0in 0in 0in"> <p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:0in;text-autospace:none"><font size="3" face="Times New Roman"><span style="font-size:12.0pt">other permissions</span></font></p> </td> <td width="382" style="width:286.4pt;border-top:none;border-left:none;border-bottom:ridge windowtext 2.25pt;border-right:ridge windowtext 2.25pt;padding:0in 0in 0in 0in"> <p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:0in;text-autospace:none"><font size="3" face="Times New Roman"><span style="font-size:12.0pt">This defines world permissions</span></font></p> </td> </tr> </tbody></table> </div> <p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:0in;text-autospace:none"><font size="3" face="Times New Roman"><span style="font-size:12.0pt">There can be the following types:</span></font></p> <div align="center"> <table border="0" cellspacing="0" cellpadding="0" style="border-collapse:collapse"> <tbody><tr> <td width="51" style="width:38.4pt;border:ridge windowtext 2.25pt;padding:0in 0in 0in 0in"> <p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:0in;text-autospace:none"><b><font size="3" face="Times New Roman"><span style="font-size:12.0pt;font-weight:bold">Type</span></font></b></p> </td> <td width="410" style="width:307.2pt;border:ridge windowtext 2.25pt;border-left:none;padding:0in 0in 0in 0in"> <p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:0in;text-autospace:none"><b><font size="3" face="Times New Roman"><span style="font-size:12.0pt;font-weight:bold">Description </span></font></b></p> </td> </tr> <tr> <td width="51" style="width:38.4pt;border:ridge windowtext 2.25pt;border-top:none;padding:0in 0in 0in 0in"> <p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:0in;text-autospace:none"><font size="3" face="Times New Roman"><span style="font-size:12.0pt">d</span></font></p> </td> <td width="410" style="width:307.2pt;border-top:none;border-left:none;border-bottom:ridge windowtext 2.25pt;border-right:ridge windowtext 2.25pt;padding:0in 0in 0in 0in"> <p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:0in;text-autospace:none"><font size="3" face="Times New Roman"><span style="font-size:12.0pt">Directory</span></font></p> </td> </tr> <tr> <td width="51" style="width:38.4pt;border:ridge windowtext 2.25pt;border-top:none;padding:0in 0in 0in 0in"> <p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:0in;text-autospace:none"><font size="3" face="Times New Roman"><span style="font-size:12.0pt">l</span></font></p> </td> <td width="410" style="width:307.2pt;border-top:none;border-left:none;border-bottom:ridge windowtext 2.25pt;border-right:ridge windowtext 2.25pt;padding:0in 0in 0in 0in"> <p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:0in;text-autospace:none"><font size="3" face="Times New Roman"><span style="font-size:12.0pt">Symbolic link</span></font></p> </td> </tr> <tr> <td width="51" style="width:38.4pt;border:ridge windowtext 2.25pt;border-top:none;padding:0in 0in 0in 0in"> <p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:0in;text-autospace:none"><font size="3" face="Times New Roman"><span style="font-size:12.0pt">s</span></font></p> </td> <td width="410" style="width:307.2pt;border-top:none;border-left:none;border-bottom:ridge windowtext 2.25pt;border-right:ridge windowtext 2.25pt;padding:0in 0in 0in 0in"> <p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:0in;text-autospace:none"><font size="3" face="Times New Roman"><span style="font-size:12.0pt">Socket</span></font></p> </td> </tr> <tr> <td width="51" style="width:38.4pt;border:ridge windowtext 2.25pt;border-top:none;padding:0in 0in 0in 0in"> <p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:0in;text-autospace:none"><font size="3" face="Times New Roman"><span style="font-size:12.0pt">p</span></font></p> </td> <td width="410" style="width:307.2pt;border-top:none;border-left:none;border-bottom:ridge windowtext 2.25pt;border-right:ridge windowtext 2.25pt;padding:0in 0in 0in 0in"> <p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:0in;text-autospace:none"><font size="3" face="Times New Roman"><span style="font-size:12.0pt">Named pipe</span></font></p> </td> </tr> <tr> <td width="51" style="width:38.4pt;border:ridge windowtext 2.25pt;border-top:none;padding:0in 0in 0in 0in"> <p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:0in;text-autospace:none"><font size="3" face="Times New Roman"><span style="font-size:12.0pt">-</span></font></p> </td> <td width="410" style="width:307.2pt;border-top:none;border-left:none;border-bottom:ridge windowtext 2.25pt;border-right:ridge windowtext 2.25pt;padding:0in 0in 0in 0in"> <p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:0in;text-autospace:none"><font size="3" face="Times New Roman"><span style="font-size:12.0pt">Normal file</span></font></p> </td> </tr> <tr> <td width="51" style="width:38.4pt;border:ridge windowtext 2.25pt;border-top:none;padding:0in 0in 0in 0in"> <p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:0in;text-autospace:none"><font size="3" face="Times New Roman"><span style="font-size:12.0pt">c</span></font></p> </td> <td width="410" style="width:307.2pt;border-top:none;border-left:none;border-bottom:ridge windowtext 2.25pt;border-right:ridge windowtext 2.25pt;padding:0in 0in 0in 0in"> <p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:0in;text-autospace:none"><font size="3" face="Times New Roman"><span style="font-size:12.0pt">Character device or special file</span></font></p> </td> </tr> <tr> <td width="51" style="width:38.4pt;border:ridge windowtext 2.25pt;border-top:none;padding:0in 0in 0in 0in"> <p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:0in;text-autospace:none"><font size="3" face="Times New Roman"><span style="font-size:12.0pt">b</span></font></p> </td> <td width="410" style="width:307.2pt;border-top:none;border-left:none;border-bottom:ridge windowtext 2.25pt;border-right:ridge windowtext 2.25pt;padding:0in 0in 0in 0in"> <p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:0in;text-autospace:none"><font size="3" face="Times New Roman"><span style="font-size:12.0pt">Block device or special file</span></font></p> </td> </tr> </tbody></table> </div> <p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:0in;text-autospace:none"><font size="3" face="Times New Roman"><span style="font-size:12.0pt">Each of the user, group and other permissions files contain either a r,w,x or an -. They are always displayed in the order of rwx.</span></font></p> <div align="center"> <table border="0" cellspacing="0" cellpadding="0" style="border-collapse:collapse"> <tbody><tr> <td width="51" style="width:38.4pt;border:ridge windowtext 2.25pt;padding:0in 0in 0in 0in"> <p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:0in;text-autospace:none"><font size="3" face="Times New Roman"><span style="font-size:12.0pt">Type</span></font></p> </td> <td width="435" style="width:326.4pt;border:ridge windowtext 2.25pt;border-left:none;padding:0in 0in 0in 0in"> <p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:0in;text-autospace:none"><font size="3" face="Times New Roman"><span style="font-size:12.0pt">Description</span></font></p> </td> </tr> <tr> <td width="51" style="width:38.4pt;border:ridge windowtext 2.25pt;border-top:none;padding:0in 0in 0in 0in"> <p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:0in;text-autospace:none"><font size="3" face="Times New Roman"><span style="font-size:12.0pt">-</span></font></p> </td> <td width="435" style="width:326.4pt;border-top:none;border-left:none;border-bottom:ridge windowtext 2.25pt;border-right:ridge windowtext 2.25pt;padding:0in 0in 0in 0in"> <p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:0in;text-autospace:none"><font size="3" face="Times New Roman"><span style="font-size:12.0pt">Not set not allowed to take action</span></font></p> </td> </tr> <tr> <td width="51" style="width:38.4pt;border:ridge windowtext 2.25pt;border-top:none;padding:0in 0in 0in 0in"> <p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:0in;text-autospace:none"><font size="3" face="Times New Roman"><span style="font-size:12.0pt">r</span></font></p> </td> <td width="435" style="width:326.4pt;border-top:none;border-left:none;border-bottom:ridge windowtext 2.25pt;border-right:ridge windowtext 2.25pt;padding:0in 0in 0in 0in"> <p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:0in;text-autospace:none"><font size="3" face="Times New Roman"><span style="font-size:12.0pt">Read permission</span></font></p> </td> </tr> <tr> <td width="51" style="width:38.4pt;border:ridge windowtext 2.25pt;border-top:none;padding:0in 0in 0in 0in"> <p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:0in;text-autospace:none"><font size="3" face="Times New Roman"><span style="font-size:12.0pt">w</span></font></p> </td> <td width="435" style="width:326.4pt;border-top:none;border-left:none;border-bottom:ridge windowtext 2.25pt;border-right:ridge windowtext 2.25pt;padding:0in 0in 0in 0in"> <p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:0in;text-autospace:none"><font size="3" face="Times New Roman"><span style="font-size:12.0pt">Write permission</span></font></p> </td> </tr> <tr> <td width="51" style="width:38.4pt;border:ridge windowtext 2.25pt;border-top:none;padding:0in 0in 0in 0in"> <p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:0in;text-autospace:none"><font size="3" face="Times New Roman"><span style="font-size:12.0pt">x</span></font></p> </td> <td width="435" style="width:326.4pt;border-top:none;border-left:none;border-bottom:ridge windowtext 2.25pt;border-right:ridge windowtext 2.25pt;padding:0in 0in 0in 0in"> <p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:0in;text-autospace:none"><font size="3" face="Times New Roman"><span style="font-size:12.0pt">Execute permission</span></font></p> </td> </tr> </tbody></table> </div> <p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:0in;text-autospace:none"><font size="3" face="Times New Roman"><span style="font-size:12.0pt">For example the following listing:</span></font></p> <p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:0in;text-autospace:none"><font size="3" face="Times New Roman"><span style="font-size:12.0pt">drwxr-xr-x 2 root root 4096 Nov 10 21:25 cheese</span></font></p> <p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:0in;text-autospace:none"><font size="3" face="Times New Roman"><span style="font-size:12.0pt">Is a directory (d) with owner (root) read (r), write (w), execute (x), group (root) read (r), no-write (-), execute (x), other, read (r), no-write (-), and execute (x).</span></font></p> <p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:0in;text-autospace:none"><b><font size="3" face="Times New Roman"><span style="font-size:12.0pt;font-weight:bold">Additional Permissions</span></font></b></p> <p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:0in;text-autospace:none"><font size="3" face="Times New Roman"><span style="font-size:12.0pt">The additional permissions show up by replacing the execute bit with a character:</span></font></p> <div align="center"> <table border="0" cellspacing="0" cellpadding="0" style="border-collapse:collapse"> <tbody><tr> <td width="128" style="width:96.0pt;border:ridge windowtext 2.25pt;padding:0in 0in 0in 0in"> <p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:0in;text-autospace:none"><b><font size="3" face="Times New Roman"><span style="font-size:12.0pt;font-weight:bold">Permission</span></font></b></p> </td> <td width="77" style="width:.8in;border:ridge windowtext 2.25pt;border-left:none;padding:0in 0in 0in 0in"> <p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:0in;text-autospace:none"><b><font size="3" face="Times New Roman"><span style="font-size:12.0pt;font-weight:bold">Class</span></font></b></p> </td> <td width="179" style="width:134.4pt;border:ridge windowtext 2.25pt;border-left:none;padding:0in 0in 0in 0in"> <p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:0in;text-autospace:none"><b><font size="3" face="Times New Roman"><span style="font-size:12.0pt;font-weight:bold">Non-Executable</span></font></b></p> </td> <td width="128" style="width:96.0pt;border:ridge windowtext 2.25pt;border-left:none;padding:0in 0in 0in 0in"> <p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:0in;text-autospace:none"><b><font size="3" face="Times New Roman"><span style="font-size:12.0pt;font-weight:bold">Executable</span></font></b></p> </td> </tr> <tr> <td width="128" style="width:96.0pt;border:ridge windowtext 2.25pt;border-top:none;padding:0in 0in 0in 0in"> <p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:0in;text-autospace:none"><font size="3" face="Times New Roman"><span style="font-size:12.0pt">setuid</span></font></p> </td> <td width="77" style="width:.8in;border-top:none;border-left:none;border-bottom:ridge windowtext 2.25pt;border-right:ridge windowtext 2.25pt;padding:0in 0in 0in 0in"> <p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:0in;text-autospace:none"><font size="3" face="Times New Roman"><span style="font-size:12.0pt">User</span></font></p> </td> <td width="179" style="width:134.4pt;border-top:none;border-left:none;border-bottom:ridge windowtext 2.25pt;border-right:ridge windowtext 2.25pt;padding:0in 0in 0in 0in"> <p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:0in;text-autospace:none"><font size="3" face="Times New Roman"><span style="font-size:12.0pt">S</span></font></p> </td> <td width="128" style="width:96.0pt;border-top:none;border-left:none;border-bottom:ridge windowtext 2.25pt;border-right:ridge windowtext 2.25pt;padding:0in 0in 0in 0in"> <p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:0in;text-autospace:none"><font size="3" face="Times New Roman"><span style="font-size:12.0pt">s</span></font></p> </td> </tr> <tr> <td width="128" style="width:96.0pt;border:ridge windowtext 2.25pt;border-top:none;padding:0in 0in 0in 0in"> <p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:0in;text-autospace:none"><font size="3" face="Times New Roman"><span style="font-size:12.0pt">setgid</span></font></p> </td> <td width="77" style="width:.8in;border-top:none;border-left:none;border-bottom:ridge windowtext 2.25pt;border-right:ridge windowtext 2.25pt;padding:0in 0in 0in 0in"> <p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:0in;text-autospace:none"><font size="3" face="Times New Roman"><span style="font-size:12.0pt">Group</span></font></p> </td> <td width="179" style="width:134.4pt;border-top:none;border-left:none;border-bottom:ridge windowtext 2.25pt;border-right:ridge windowtext 2.25pt;padding:0in 0in 0in 0in"> <p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:0in;text-autospace:none"><font size="3" face="Times New Roman"><span style="font-size:12.0pt">S</span></font></p> </td> <td width="128" style="width:96.0pt;border-top:none;border-left:none;border-bottom:ridge windowtext 2.25pt;border-right:ridge windowtext 2.25pt;padding:0in 0in 0in 0in"> <p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:0in;text-autospace:none"><font size="3" face="Times New Roman"><span style="font-size:12.0pt">s</span></font></p> </td> </tr> <tr> <td width="128" style="width:96.0pt;border:ridge windowtext 2.25pt;border-top:none;padding:0in 0in 0in 0in"> <p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:0in;text-autospace:none"><font size="3" face="Times New Roman"><span style="font-size:12.0pt">Sticky bit</span></font></p> </td> <td width="77" style="width:.8in;border-top:none;border-left:none;border-bottom:ridge windowtext 2.25pt;border-right:ridge windowtext 2.25pt;padding:0in 0in 0in 0in"> <p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:0in;text-autospace:none"><font size="3" face="Times New Roman"><span style="font-size:12.0pt">Others</span></font></p> </td> <td width="179" style="width:134.4pt;border-top:none;border-left:none;border-bottom:ridge windowtext 2.25pt;border-right:ridge windowtext 2.25pt;padding:0in 0in 0in 0in"> <p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:0in;text-autospace:none"><font size="3" face="Times New Roman"><span style="font-size:12.0pt">T</span></font></p> </td> <td width="128" style="width:96.0pt;border-top:none;border-left:none;border-bottom:ridge windowtext 2.25pt;border-right:ridge windowtext 2.25pt;padding:0in 0in 0in 0in"> <p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:0in;text-autospace:none"><font size="3" face="Times New Roman"><span style="font-size:12.0pt">t</span></font></p> </td> </tr> </tbody></table> </div> <p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:0in;text-autospace:none"><b><font size="5" face="Times New Roman"><span style="font-size:18.0pt;font-weight:bold">Changing Permissions</span></font></b></p> <p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:0in;text-autospace:none"><font size="3" face="Times New Roman"><span style="font-size:12.0pt">In Linux you use the chmod command to change permissions of a file or directory. chmod can be used with an octal set of permissions or individually using characters to represent user (u), group (g), other (o), and an add (+), subtract (-). I will cover Octal permissions using numbers to represent combination permissions. When using octal permissions you seperate out permission in the following order user:group:other. Each permission type adds an amount to zero:</span></font></p> <p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:.5in;text-autospace:none"><b><font size="3" face="Times New Roman"><span style="font-size:12.0pt;font-weight:bold">Read</span></font></b> – Adds 4 to the total </p> <p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:.5in;text-autospace:none"><b><font size="3" face="Times New Roman"><span style="font-size:12.0pt;font-weight:bold">Write</span></font></b> – Adds 2 to the total </p> <p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:.5in;text-autospace:none"><b><font size="3" face="Times New Roman"><span style="font-size:12.0pt;font-weight:bold">Execute</span></font></b> – Adds 1 to the total</p> <p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:0in;text-autospace:none"><font size="3" face="Times New Roman"><span style="font-size:12.0pt">So permission 744 would be User: read,write, execute; Group read; Other read. The command to set a file to 744 would be:</span></font></p> <p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:0in;text-autospace:none"><font size="3" face="Times New Roman"><span style="font-size:12.0pt">chmod 744 <i><span style="font-style:italic">filename </span></i></span></font></p> <p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:0in;text-autospace:none"><b><font size="3" face="Times New Roman"><span style="font-size:12.0pt;font-weight:bold">Changing Additional Permissions</span></font></b></p> <p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:0in;text-autospace:none"><font size="3" face="Times New Roman"><span style="font-size:12.0pt">Additional permissions take the first bit a hidden bit of the permissions:</span></font></p> <p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:.5in;text-autospace:none"><font size="3" face="Times New Roman"><span style="font-size:12.0pt">The setuid bit adds 4 to the total. </span></font></p> <p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:.5in;text-autospace:none"><font size="3" face="Times New Roman"><span style="font-size:12.0pt">The setgid bit adds 2 to the total. </span></font></p> <p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:.5in;text-autospace:none"><font size="3" face="Times New Roman"><span style="font-size:12.0pt">The sticky bit adds 1 to the total.</span></font></p> <p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:0in;text-autospace:none"><font size="3" face="Times New Roman"><span style="font-size:12.0pt">If I wanted to set the permissions to 744 with the sticky bit set I would run this command:</span></font></p> <p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:0in;text-autospace:none"><font size="3" face="Times New Roman"><span style="font-size:12.0pt">chmod 1744<i><span style="font-style:italic"> filename</span></i></span></font></p> <p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:0in;text-autospace:none"><b><font size="5" face="Times New Roman"><span style="font-size:18.0pt;font-weight:bold">Default Permissions – Umask</span></font></b></p> <p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:0in;text-autospace:none"><font size="3" face="Times New Roman"><span style="font-size:12.0pt">The umask defines the default permissions assigned to any file created by a user or system. You can assign your umask at any time by executing:</span></font></p> <p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:0in;text-autospace:none"><font size="3" face="Times New Roman"><span style="font-size:12.0pt">umask <i><span style="font-style:italic">permissions</span></i></span></font></p> <p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:0in;text-autospace:none"><font size="3" face="Times New Roman"><span style="font-size:12.0pt">The permissions on umasks can be tricky. You need to take the permissions of 777 and subtract the umask. For example a user has the umask of 022 when he / she creates a file the default permissions are: 644.</span></font></p> <p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:0in;text-autospace:none"><b><font size="5" face="Times New Roman"><span style="font-size:18.0pt;font-weight:bold">Finding Files with Special Permissions</span></font></b></p> <p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:0in;text-autospace:none"><font size="3" face="Times New Roman"><span style="font-size:12.0pt">Since special permissions break the authentication method for Linux they can be very dangerous. There are some simple ways to locate suid and sgid files.</span></font></p> <p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:0in;text-autospace:none"><font size="3" face="Times New Roman"><span style="font-size:12.0pt">Find all SetGID files on your system:</span></font></p> <p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:0in;text-autospace:none"><font size="3" face="Times New Roman"><span style="font-size:12.0pt">find / -xdev -type f -perm +g=s -print'</span></font></p> <p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:0in;text-autospace:none"><font size="3" face="Times New Roman"><span style="font-size:12.0pt">Find all SetUID files on your system:</span></font></p> <p class="MsoNormal" style="text-autospace:none"><font size="2" face="Courier New"><span style="font-size:10.0pt;font-family:"Courier New"">find / -xdev -type f -perm +u=s -print</span></font></p> <p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:0in;text-autospace:none"><font size="3" face="Times New Roman"><span style="font-size:12.0pt">Find all world writable files on a system:</span></font></p> <p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:0in;text-autospace:none"><font size="3" face="Times New Roman"><span style="font-size:12.0pt">find / -xdev -perm +o=w ! \( -type d -perm +o=t \) ! -type l -printtype f -perm +u=s -print</span></font></p> <p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:0in;text-autospace:none"><b><font size="5" face="Times New Roman"><span style="font-size:18.0pt;font-weight:bold">ACL File Permissions on 2.6 Kernel</span></font></b></p> <p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:0in;text-autospace:none"><font size="3" face="Times New Roman"><span style="font-size:12.0pt">The 2.6 Linux kernel added ACL's to file permissions (access control lists) it allows you to have unlimited number of users with individual permissions on a file. It also adds a level of complexity to your file system. Before you can work with ACL's you need to enable them on a mount point basis. Enabling ACL's requires adding the option <b><span style="font-weight:bold">acl </span></b>to the /etc/fstab and remounting the mount point. For example take a look at this root partition:</span></font></p> <p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:0in;text-autospace:none"><font size="3" face="Times New Roman"><span style="font-size:12.0pt">/dev/hda5 / ext3 acl,user_xattr 1 1</span></font></p> <p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:0in;text-autospace:none"><font size="3" face="Times New Roman"><span style="font-size:12.0pt">This shows acl's enabled and ready to work. ACL can only be used on the following file systems: ext2/3, XFS, JFS and ReiserFS. The primary method for manipulating acl's is using the getfacl and setfacl commands. getfact allows you to display acl lists on a file or directory. setfacl allows you to set the current acl on a file or directory. In order to explain acl's lets assume that I have a unix system with four users jack,jill,bob and myself (jgriffiths). I want to create a file called test.txt and give jack and jill read and write permission to this file while bob can only read the file. I created the file and started with the following permissions:</span></font></p> <p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:0in;text-autospace:none"><font size="3" face="Times New Roman"><span style="font-size:12.0pt">ls -al test.txt<br> -rw——- 1 jgriffiths users 0 2007-11-16 23:37 test.txt</span></font></p> <p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:0in;text-autospace:none"><font size="3" face="Times New Roman"><span style="font-size:12.0pt">The permissions are clearly set to allow jgriffiths as the only person who can manipulate this file in anyway. setfacl allows you to set permissions for more than one user at a time. To create my acl permissions I would use the following command:</span></font></p> <p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:0in;text-autospace:none"><font size="3" face="Times New Roman"><span style="font-size:12.0pt">setfacl -m u:bob:r–,u:jack,jill:rw- tester.txt</span></font></p> <p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:0in;text-autospace:none"><font size="3" face="Times New Roman"><span style="font-size:12.0pt">I can use the getfacl to view the current effective permissions on the file:</span></font></p> <p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:0in;text-autospace:none"><font size="3" face="Times New Roman"><span style="font-size:12.0pt">getfacl test.txt<br></span></font></p></div></div> </div><blockquote class="webkit-indent-blockquote" style="margin: 0 0 0 40px; border: none; padding: 0px;"><div class="gmail_quote"><div lang="EN-US" link="blue" vlink="purple"><div><p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:0in;text-autospace:none"> <font size="3" face="Times New Roman"><span style="font-size:12.0pt"> # file: test.txt</span></font></p></div></div></div><div class="gmail_quote"><div lang="EN-US" link="blue" vlink="purple"><div><p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:0in;text-autospace:none"> <font size="3" face="Times New Roman"><span style="font-size:12.0pt"> # owner: jgriffiths</span></font></p></div></div></div><div class="gmail_quote"><div lang="EN-US" link="blue" vlink="purple"><div><p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:0in;text-autospace:none"> <font size="3" face="Times New Roman"><span style="font-size:12.0pt"> # group: users</span></font></p></div></div></div><div class="gmail_quote"><div lang="EN-US" link="blue" vlink="purple"><div><p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:0in;text-autospace:none"> <font size="3" face="Times New Roman"><span style="font-size:12.0pt"> user:jill:rw-</span></font></p></div></div></div><div class="gmail_quote"><div lang="EN-US" link="blue" vlink="purple"><div><p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:0in;text-autospace:none"> <font size="3" face="Times New Roman"><span style="font-size:12.0pt"> user:jack:rwx</span></font></p></div></div></div><div class="gmail_quote"><div lang="EN-US" link="blue" vlink="purple"><div><p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:0in;text-autospace:none"> <font size="3" face="Times New Roman"><span style="font-size:12.0pt">user:bob:r–</span></font></p></div></div></div><div class="gmail_quote"><div lang="EN-US" link="blue" vlink="purple"><div><p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:0in;text-autospace:none"> <font size="3" face="Times New Roman"><span style="font-size:12.0pt"> group::—</span></font></p></div></div></div><div class="gmail_quote"><div lang="EN-US" link="blue" vlink="purple"><div><p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:0in;text-autospace:none"> <font size="3" face="Times New Roman"><span style="font-size:12.0pt"> mask::r-x</span></font></p></div></div></div><div class="gmail_quote"><div lang="EN-US" link="blue" vlink="purple"><div><p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:0in;text-autospace:none"> <font size="3" face="Times New Roman"><span style="font-size:12.0pt"> other::—</span></font></p></div></div></div></blockquote><div class="gmail_quote"><div lang="EN-US" link="blue" vlink="purple"><div> <p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:0in;text-autospace:none"><font size="3" face="Times New Roman"><span style="font-size:12.0pt">So jack and jill can read and write while bob can only read. Everyone else but jgriffiths cannot do anything with this file. You will also notice an entry called mask. The mask sets the effective permissions for all acl groups and users. This allows you to limit acl's control maxium on a file or directory. Assume my mask looks like this in the above entry: mask::r– then no one would be able to do more than read this file unless they are the owner. You can set the mask using:</span></font></p> <p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:0in;text-autospace:none"><font size="3" face="Times New Roman"><span style="font-size:12.0pt">setfacl -m mask::rw- tester.txt</span></font></p> <p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:0in;text-autospace:none"><font size="3" face="Times New Roman"><span style="font-size:12.0pt">Viewing the rights of our file now produces an effective rights listing:</span></font></p> <p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:0in;text-autospace:none"><font size="3" face="Times New Roman"><span style="font-size:12.0pt">getfacl tester.txt<br></span></font></p></div></div> </div><blockquote class="webkit-indent-blockquote" style="margin: 0 0 0 40px; border: none; padding: 0px;"><div class="gmail_quote"><div lang="EN-US" link="blue" vlink="purple"><div><p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:0in;text-autospace:none"> <font size="3" face="Times New Roman"><span style="font-size:12.0pt"> # file: tester.txt</span></font></p></div></div></div><div class="gmail_quote"><div lang="EN-US" link="blue" vlink="purple"><div><p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:0in;text-autospace:none"> <font size="3" face="Times New Roman"><span style="font-size:12.0pt"> # owner: jgriffiths</span></font></p></div></div></div><div class="gmail_quote"><div lang="EN-US" link="blue" vlink="purple"><div><p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:0in;text-autospace:none"> <font size="3" face="Times New Roman"><span style="font-size:12.0pt"> # group: users</span></font></p></div></div></div><div class="gmail_quote"><div lang="EN-US" link="blue" vlink="purple"><div><p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:0in;text-autospace:none"> <font size="3" face="Times New Roman"><span style="font-size:12.0pt"> user::rw-</span></font></p></div></div></div><div class="gmail_quote"><div lang="EN-US" link="blue" vlink="purple"><div><p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:0in;text-autospace:none"> <font size="3" face="Times New Roman"><span style="font-size:12.0pt"> user:jack:rw- #effective:r–</span></font></p></div></div></div><div class="gmail_quote"><div lang="EN-US" link="blue" vlink="purple"><div><p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:0in;text-autospace:none"> <font size="3" face="Times New Roman"><span style="font-size:12.0pt"> user:bob:r–</span></font></p></div></div></div><div class="gmail_quote"><div lang="EN-US" link="blue" vlink="purple"><div><p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:0in;text-autospace:none"> <font size="3" face="Times New Roman"><span style="font-size:12.0pt"> group::—</span></font></p></div></div></div><div class="gmail_quote"><div lang="EN-US" link="blue" vlink="purple"><div><p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:0in;text-autospace:none"> <font size="3" face="Times New Roman"><span style="font-size:12.0pt"> mask::r–</span></font></p></div></div></div><div class="gmail_quote"><div lang="EN-US" link="blue" vlink="purple"><div><p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:0in;text-autospace:none"> <font size="3" face="Times New Roman"><span style="font-size:12.0pt"> other::—</span></font></p></div></div></div></blockquote><div class="gmail_quote"><div lang="EN-US" link="blue" vlink="purple"><div> <p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:0in;text-autospace:none"><font size="3" face="Times New Roman"><span style="font-size:12.0pt">If we perform an ls -al on the file it produces the following confusing results:</span></font></p> <p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:0in;text-autospace:none"><font size="3" face="Times New Roman"><span style="font-size:12.0pt">-rw-rw—-+ 1 jgriffiths users 0 2007-11-17 00:01 test.txt</span></font></p> <p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:0in;text-autospace:none"><font size="3" face="Times New Roman"><span style="font-size:12.0pt">As you can see it seems the users group has read and write access to test.txt when in reality they do not. Also linux has added a + to the permission list to help us know there is a acl on this file.</span></font></p> <p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:0in;text-autospace:none"><font size="3" face="Times New Roman"><span style="font-size:12.0pt">ACL's can be added based upon Linux groups using the same setfacl command:</span></font></p> <p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:0in;text-autospace:none"><font size="3" face="Times New Roman"><span style="font-size:12.0pt">setfacl -m g:<i><span style="font-style:italic">groupname</span></i>:rw-,g:<i><span style="font-style:italic">groupname_two</span></i>:r test.txt</span></font></p> <p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:0in;text-autospace:none"><font size="3" face="Times New Roman"><span style="font-size:12.0pt">Removing acl based permission can be done using the -x command line parameter:</span></font></p> <p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:0in;text-autospace:none"><font size="3" face="Times New Roman"><span style="font-size:12.0pt">setfacl -x u:bob,u:jack tester.txt</span></font></p> <p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:0in;text-autospace:none"><font size="3" face="Times New Roman"><span style="font-size:12.0pt">Now only Jill can access the tester.txt file. Or we can removal all acl's on a file with the –remove-all:</span></font></p> <p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:0in;text-autospace:none"><font size="3" face="Times New Roman"><span style="font-size:12.0pt">setfacl –remove-all tester.txt</span></font></p> <p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:0in;text-autospace:none"><font size="3" face="Times New Roman"><span style="font-size:12.0pt">If you would like to recursively assign an acl to a directory and all files add an -R to the command use the following command:</span></font></p> <p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:0in;text-autospace:none"><font size="3" face="Times New Roman"><span style="font-size:12.0pt">setfacl -R -m g:users:r-x /data/webroot</span></font></p> <p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:0in;text-autospace:none"><font size="3" face="Times New Roman"><span style="font-size:12.0pt">ACL's viewed by the getfacl command can be piped into a file and used to generate the same acl on any other file using the setfacl command:</span></font></p> </div></div></div><blockquote class="webkit-indent-blockquote" style="margin: 0 0 0 40px; border: none; padding: 0px;"><div class="gmail_quote"><div lang="EN-US" link="blue" vlink="purple"><div><p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:0in;text-autospace:none"> <font size="3" face="Times New Roman"><span style="font-size:12.0pt"># getfacl -omit tester.txt</span></font></p></div></div></div><div class="gmail_quote"><div lang="EN-US" link="blue" vlink="purple"><div><p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:0in;text-autospace:none"> <font size="3" face="Times New Roman"><span style="font-size:12.0pt"> # setfacl -M myacl test*</span></font></p></div></div></div><div class="gmail_quote"><div lang="EN-US" link="blue" vlink="purple"><div><p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:0in;text-autospace:none"> <font size="3" face="Times New Roman"><span style="font-size:12.0pt"> # getfacl -omit test.txt</span></font></p></div></div></div><div class="gmail_quote"><div lang="EN-US" link="blue" vlink="purple"><div><p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:0in;text-autospace:none"> <font size="3" face="Times New Roman"><span style="font-size:12.0pt"> user:jill:rw-</span></font></p></div></div></div><div class="gmail_quote"><div lang="EN-US" link="blue" vlink="purple"><div><p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:0in;text-autospace:none"> <font size="3" face="Times New Roman"><span style="font-size:12.0pt"> user:jack:r-x</span></font></p></div></div></div><div class="gmail_quote"><div lang="EN-US" link="blue" vlink="purple"><div><p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:0in;text-autospace:none"> <font size="3" face="Times New Roman"><span style="font-size:12.0pt"> user:bob:r–</span></font></p></div></div></div><div class="gmail_quote"><div lang="EN-US" link="blue" vlink="purple"><div><p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:0in;text-autospace:none"> <font size="3" face="Times New Roman"><span style="font-size:12.0pt"> group::—</span></font></p></div></div></div><div class="gmail_quote"><div lang="EN-US" link="blue" vlink="purple"><div><p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:0in;text-autospace:none"> <font size="3" face="Times New Roman"><span style="font-size:12.0pt"> mask::r-x</span></font></p></div></div></div><div class="gmail_quote"><div lang="EN-US" link="blue" vlink="purple"><div><p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:0in;text-autospace:none"> <font size="3" face="Times New Roman"><span style="font-size:12.0pt"> other::—</span></font></p></div></div></div></blockquote><div class="gmail_quote"><div lang="EN-US" link="blue" vlink="purple"><div> <p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:0in;text-autospace:none"><font size="3" face="Times New Roman"><span style="font-size:12.0pt">You can also use gid's and uid's instead of names as long as you provide the -numeric switch to setfacl.</span></font></p> <p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:0in;text-autospace:none"><b><font size="3" face="Times New Roman"><span style="font-size:12.0pt;font-weight:bold">ACL's and Directories the Default ACL</span></font></b></p> <p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:0in;text-autospace:none"><font size="3" face="Times New Roman"><span style="font-size:12.0pt">ACL's created inherited permissions that allow subdirectories and file to get the permissions of their parent. This type of inheritance is easy to manage but can be a security concern make sure to consider carefully how you set acl's on directories because those same permissions will exist on the lower levels.</span></font></p> <p class="MsoNormal"><font class="Apple-style-span" face="Arial"><br></font></p></div></div></div></div> Anonymoushttp://www.blogger.com/profile/06075017084210151388noreply@blogger.com0tag:blogger.com,1999:blog-2474579806767004724.post-7264641784971786592010-08-07T02:46:00.001+04:002010-08-07T02:46:39.149+04:00iptables allow ssh, dns and http<div dir="ltr"><div class="gmail_quote"><div><div class="h5"><div dir="ltr"><div class="gmail_quote"><div lang="EN-US" link="blue" vlink="purple"><div><p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:0in;text-autospace:none"> <font size="3" face="Times New Roman"><span style="font-size:12.0pt">Allow web and ssh connections SSH and web both require out going messages on established tcp connections.</span></font></p> <p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:0in;text-autospace:none"><b><font size="3" face="Times New Roman"><span style="font-size:12.0pt;font-weight:bold">iptables -A OUTPUT -o eth0 -m state –state ESTABLISHED,RELATED -j ACCEPT<br> </span></font></b><br><br> </p><p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:0in;text-autospace:none">Then you need to allow incomming connections on port 80 and 22 and possibly 443</p> <p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:0in;text-autospace:none"><b><font size="3" face="Times New Roman"><span style="font-size:12.0pt;font-weight:bold">iptables -A INPUT -p tcp -i eth0 –dport 22 –sport 1024:65535 -m state –state NEW -j ACCEPT</span></font></b></p> <p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:0in;text-autospace:none"><b><font size="3" face="Times New Roman"><span style="font-size:12.0pt;font-weight:bold">iptables -A INPUT -p tcp -i eth0 –dport 80 –sport 1024:65535 -m state –state NEW -j ACCEPT</span></font></b></p> <p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:0in;text-autospace:none"><b><font size="3" face="Times New Roman"><span style="font-size:12.0pt;font-weight:bold">iptables -A INPUT -p tcp -i eth0 –dport 443 –sport 1024:65535 -m state –state NEW -j ACCEPT</span></font></b></p></div></div></div></div> </div></div></div><br><div><span class="Apple-style-span" style="font-family: arial, sans-serif; font-size: 13px; border-collapse: collapse; "><p class="MsoNormal" style="margin-top: 0px; margin-right: 0in; margin-bottom: 5pt; margin-left: 0in; "> <font size="3" face="Times New Roman"><span style="font-size: 12pt; ">To allow a DNS server to operate use the following rules (assuming your blocking inbound and outbound in iptables)</span></font></p><p class="MsoNormal" style="margin-top: 0px; margin-right: 0in; margin-bottom: 5pt; margin-left: 0in; "> <font size="3" face="Times New Roman"><span style="font-size: 12pt; ">DNS communicated in to destination port 53 but can come from any port in the upper range. So these rules require a large section of ports to allow access as long as they want to talk to 53.</span></font></p> <p class="MsoNormal" style="margin-top: 0px; margin-right: 0in; margin-bottom: 5pt; margin-left: 0in; "><font size="3" face="Times New Roman"><span style="font-size: 12pt; "><br></span></font></p><p class="MsoNormal" style="margin-top: 0px; margin-right: 0in; margin-bottom: 5pt; margin-left: 0in; "> <font size="3" face="Times New Roman"><span style="font-size: 12pt; "><b>iptables -A OUTPUT -p udp –dport 53 –sport 1024:65535 -j ACCEPT</b></span></font></p><p class="MsoNormal" style="margin-top: 0px; margin-right: 0in; margin-bottom: 5pt; margin-left: 0in; "> <font size="3" face="Times New Roman"><span style="font-size: 12pt; "><b>iptables -A INPUT -p udp –dport 53 –sport 1024:65535 -j ACCEPT</b></span></font></p></span></div></div> Anonymoushttp://www.blogger.com/profile/06075017084210151388noreply@blogger.com0tag:blogger.com,1999:blog-2474579806767004724.post-30834723740121287732010-08-07T02:41:00.000+04:002010-08-07T02:42:19.135+04:00How to mount a Logical Volume on a different Linux Server<div dir="ltr"><div class="gmail_quote"><div lang="EN-US" link="blue" vlink="purple"><div><p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:0in;text-autospace:none"><font size="3" face="Times New Roman"><span style="font-size:12.0pt">I have finally converted to logical volumes which leaves me learning a whole new world. I was moving some data (500GB's) between machines using a USB drive and found that the logical volume on the drive would not quickly mount via traditional mount /dev/sd… command. So here is the process to mount a LVM.</span></font></p> <p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:0in;text-autospace:none"><font size="3" face="Times New Roman"><span style="font-size:12.0pt">1. Scan for the new volume (Assuming you added it after boot)</span></font></p> <p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:0in;text-autospace:none"><font size="3" face="Times New Roman"><span style="font-size:12.0pt">vgscan</span></font></p> <p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:0in;text-autospace:none"><font size="3" face="Times New Roman"><span style="font-size:12.0pt">2. Activate the volume</span></font></p> <p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:0in;text-autospace:none"><font size="3" face="Times New Roman"><span style="font-size:12.0pt">vgchange -a y VolumeName</span></font></p> <p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:0in;text-autospace:none"><font size="3" face="Times New Roman"><span style="font-size:12.0pt">3. Display the volume and confirm it's active</span></font></p> <p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:0in;text-autospace:none"><font size="3" face="Times New Roman"><span style="font-size:12.0pt">lvdisplay</span></font></p> <p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:0in;text-autospace:none"><font size="3" face="Times New Roman"><span style="font-size:12.0pt">4. Mount the volume via it's volume name</span></font></p> <p class="MsoNormal" style="margin-right:0in;margin-bottom:5.0pt;margin-left:0in;text-autospace:none"><font size="3" face="Times New Roman"><span style="font-size:12.0pt">mount /dev/mapper/VolumeName /destination_mount_point</span></font></p> </div></div></div></div> Anonymoushttp://www.blogger.com/profile/06075017084210151388noreply@blogger.com1