Unit 1 and 2

 Introduction:
 Duties of the Administrator, Administration tools, Overview of
permissions.
 Processes: Process status, Killing processes, process priority.
 Starting up and Shut down: Peripherals, Kernel loading, Console,
The scheduler, init and the inittab file, Run-levels, Run level scripts.

 Managing User Accounts:

 Principles, password file, Password security, Shadow file,
 Groups and the group file,
 Shells, restricted shells,
 user management commands, homes and permissions, default files,
profiles, locking accounts, setting passwords, Switching user,
Switching group, Removing users.
 LINUX OVERVIEW

 Linux is developed by Open Source development i.e. funded by Free

Software Foundation. Its also known as GNU operating system.
 Inspired by MINIX (a Unix-like system) and eventually after adding
many features of GUI, Drivers etc, Linus Torvaldis developed the
framework of the OS that became LINUX in 1992. The LINUX kernel
was released on 17th September, 1991
 BASH (Bourne Again SHell) is the Linux default shell. It can support
multiple command interpreters.
 Free but support is available for a price.
 Linux has had about 60-100 viruses listed till date. None of them
actively spreading nowadays.
 LINUX VS WINDOWS

 System Administration – Most significant difference

 Linux – tougher environment
 Linux requires learning multi-user issues built into Unix-
file permissions
 NT – easier environment
 NT requires less effort to get a starter server up and
running
 But in NT you have to solve multi-user issues for each and
every subsystem
 LINUX VS WINDOWS

 Keeping up to date
By Upgrading
Linux upgrades faster than Windows
 Compatibility
Linux is Backward Compatible unlike Windows
• Proprietary vs. Open Source
• Windows is a Proprietary Technology
Applications will only work on Windows
• Linux – Open Source
 System Administrator

 An individual responsible for maintaining a multi-user

computer system, including a local-area network (LAN)
Typical duties include:
 Adding and configuring new workstations
 Setting up user accounts
 Installing system-wide software
 Performing procedures to prevent the spread of viruses
 allocating mass storage space
The system administrator is sometimes called the
sysadmin or the systems administrator. Small
organizations may have just one system administrator,
whereas larger enterprises usually have a whole team of
system administrators.
 System Administrator

 Limiting unauthorized access to your directories

and files is a very important concern for ALL Linux
(Unix) users.
 System Admin Tasks

 Setting the Run Level

 Setting System Services
 User Management
 Network Settings
 Scheduling Jobs
 Quota Management
 Backup and Restore
 Adding and Removing software/packages
 Setting a Printer
 Monitoring the system (general, logs)
 Monitoring any specific services running. Eg. DNS, DHCP,
Web, NIS, NPT, Proxy etc
 A program in detail

When we type:
ls -l /usr/bin/top
We'll see:
-rwxr-xr-x 1 root root 68524 2011-12-19 07:18 /usr/bin/top

What does all this mean?

-r-xr-xr-x 1 root root 68524 2011-12-19 07:18 /usr/bin/top

---------- --- ------- ------- -------- ------------ -------------

| | | | | | |
| | | | | | File Name
| | | | | |
| | | | | +--- Modification Time/Date
| | | | |
| | | | +------------- Size (in bytes
| | | |
| | | +----------------------- Group
| | |
| | +-------------------------------- Owner
| |
| +-------------------------------------- “link count”
|
+---------------------------------------------- File Permissions
Group
The name of the group that has permissions in addition to the file's
owner.
Owner
The name of the user who owns the file.
File Permissions
The first character is the type of file. A "-" indicates a regular (ordinary)
file. A "d” indicate a directory. Second set of 3 characters represent the
read, write, and execution rights of the file's owner. Next 3 represent the
rights of the file's group, and the final 3 represent the rights granted to
everybody else.
 File / Directory Permissions

 The Linux (Unix) OS can allow the user to specify read,

write and execute permissions to the user, group or all
others (UGO) for files.
 A user can also specify read, write and execute permissions
for a directory. The execute permission for a directory
allows the person to view files in that directory
 chmod Command(Relative Method)

Used to change the access permissions of a file or

directory
Format:

chmod [option] [who] [operation] [permission] file

chmod [option] [permission] file-list

 who relates to user (u) , group (g) or all others (o)

 operation relates to adding (+), removing (-) or setting (=)
permissions
 permissions are read (r), write (w) and execute (x)
 chmod Command (Relative Method)

There are two ways to set permissions when using the chmod
command:
Symbolic mode:
testfile has permissions of -r--r--r--
U G O*
$ chmod g+x testfile ==> -r--r-xr--
$ chmod u+wx testfile ==> -rwxr-xr--
$ chmod ug-x testfile ==> -rw--r--r--
U=user, G=group, O=other (world)
 chmod Command(Absolute Method)

Absolute mode:
We use octal (base eight) values represented like this:
Letter Permission Value
R read 4
W write 2
X execute 1
- none 0

For each column, User, Group or Other you can set values
from 0 to 7. Here is what each means:
0= --- 1= --x 2= -w- 3= -wx
4= r-- 5= r-x 6= rw- 7= rwx
 chmod – Example (Absolute Method)

Applying octal values of rwx use the absolute chmod

command:

chmod 777 filename - r w x r w x r w x

chmod 755 filename - r w x r - x r - x
chmod 711 filename - r w x - - x - - x
chmod 644 filename - r w - r - - r - -
chmod -R ### <filename or directory>
Where # stands for
0 = Nothing
1 = Execute
2 = Write
3 = Execute & Write (2 + 1)
4 = Read
5 = Execute & Read (4 + 1)
6 = Read & Write (4 + 2)
7 = Execute & Read & Write (4 + 2 + 1)
 What is a process
The kernel considers each program running on your system to be a process
A process refers to a program in execution; it’s a running instance of a program. It is
made up of the program instruction, data read from files, other programs or input from
a system user.

A new process is normally created when an existing process makes an exact copy of
itself in memory. The child process will have the same environment as its parent, but
only the process ID number is different.
There are two conventional ways used for creating a new process in Linux:

Using The System() Function – this method is relatively simple, however, it’s
inefficient and has significantly certain security risks.

Using fork() and exec() Function – this technique is a little advanced but offers
greater flexibility, speed, together with security.
 System Calls

fork() creates a new process

exec() overlay the image of a program onto the
running process
exit() finish executing a process
wait() synchronize process execution with the exit of
a previously forked process
brk() control the size of the memory allocated
to the process
signal() control process response to extra
ordinary calls
 Process type

Init or systemd is the parent of all processes.

Daemons are (server) processes often initiated at runtime, that run continuously
when the system is up, waiting in background until a process require there services
e.g. Network processes .

Batch processes are queued into a spooler area, where they wait to be executed on
a FIFO basis. They are not associated with terminal rather they are submitted to a
queue, from which jobs are executed sequentially.

Interactive processes are initialized and controlled through a terminal session. They
may run either in foreground or background of terminal.
 Process STAT

The STATS of processes are

R: Runnable
P: Page wait: waiting to be paged back in physical memory
D: Disc Wait; Waiting for normal disc operation to complete
S: Sleeping
I: Idle wait: process is waiting for something
T: Stopped: Usually user has stopped the process
Z: Exiting or Zombie
S: Session Leader
+: Foreground processes
Paging scheme can store & retrieve data from secondary storage for use in
main memory
 Monitoring Processes

top Display a dynamic real-time view of a running system.

ps Report a snapshot of the current processes.

ps –a grep firefox

pstree Display a tree of processes.

time Run programs and summarize system resource

Kill The kill command can kill a process, given its process ID.

pgrep pgrep firefox

pkill and killall

nice

renice
 Using top..

•■ PID The process ID of the process.

•■ USER The name of the user that owns the process.
•■ PR The priority assigned to the process.
•■ NI This is the nice value of the process.
•■ VIRT The amount of virtual memory used by the process.
•■ RES The amount of physical RAM the process is using (its resident size) in
kilobytes.
•■ SHR The amount of shared memory used by the process.
•■ S The status of the process. Possible values include:
– ■ D Uninterruptibly sleeping.
– ■ R Running.
– ■ S Sleeping.
– ■ T Traced or stopped.
– ■ Z Zombied.
 Using top...

• ■ %CPU The percentage of CPU time used by the

process.
• ■ %MEM The percentage of available physical RAM
used by the process.
• ■ TIME+ The total amount of CPU time the process
has consumed since being started.
• ■ COMMAND The name of the command that was
entered to start the process.

26
 Using ps

• ■ PID The process ID of the process.

• ■ TTY The name of the terminal session (shell) that
the process is running within.
• ■ TIME The amount of CPU time used by the
process.
• ■ CMD The name of the command that was entered
to create the process.

28
 Using ps..

• ps –e : viewing all processes

• ps –f :
– UID The user ID of the process’ owner.
– PPID The PID of the process’ parent process.
– C The amount of processor time utilized by the process.
– STIME The time that the process started

29
 ps Command

"ps" Syntax

ps [options]

This is the basic "ps" command, with no flags and no arguments. It will list basic
information about your processes.

ps -e
This command lists every process that is currently running on the UNIX system.

ps -ef
This variation lists full information about every process that is currently running on
the UNIX system.
 Killing Processes

A program can be killed by sending it a termination signal.

kill

Send a signal to a process.

killall

Kill processes by name.

xkill

Kill a client by its X resource.

kill -15 is the default, and orders the process to terminate in an

clean way.

kill -9 sends a termination signal which can't be ignored.

 Process Priority

Process priority is calculated from the nice number, and recent CPU usage of
the process.

nice

Run a program with modified scheduling priority.

renice

Alter priority of running processes.

 Job control Commands

Job control means switching between several jobs or processes.

A foreground job occupies the terminal which initialized it. It can be put in the
background, so that the terminal can accept new commands.

command & Run command in the background.

Ctrl + C Terminate a process running in the foreground.

Ctrl + Z Suspend a process running in the foreground.

bg Reactivate a suspended program in the background.

fg Place a job in the foreground, and make it the current job.

jobs Lists processes in the background. Each one has a number n

and can be referred to by %n.
 nice and renice

On a Linux machine, there are hundred's of processes, that are

continuously running for some or the other tasks.
Linux Kernel does a fantastic job in mediating between these processes and
allotting CPU to these processes.

With the help of Nice command in Linux you can set process priority. If you give a
process a higher priority, then Kernel will allocate more cpu time to that process.

By default when a program is launched in Linux, it gets launched with the priority
of '0'. However you can change the priority of your programs by either of the
following methods.

You can launch a program with your required priority or you can also change the
priority of an already running process.

Nice With no COMMAND, print the current niceness.

Nicenesses range from -20 (most favorable scheduling) to 19 (least
favorable).
 Nice Value
• Process priority values range from -20 to 19.
• A process with the nice value of -20 is considered to be on top of the
priority. And a process with nice value of 19 is considered to be low on
the priority list.
• a nice value of numerically higher number is low on priority and a nice value of
numerically low number is higher on priority.
• running a process with nice command with no options will set that process's
priority to 10
• Normal users can only decrease their process priority. However root user can
increase/decrease all process's priority.
• Normal users can only decrease their process priority. However root user can
increase/decrease all process's priority.
• nice -10 <command name> and nice -n 10 <command name> will do the
same thing.(both the above commands will make the process priority to the
value 10).
• You can only use nice command to change the process priority when you
launch it. You cannot use nice command to change the priority of an already
running process.
 Renice command

• In order to change the priority of an already running process you can use
"renice" command.
• renice command is very much similar to the nice command( interms of
options in priority), however it does differ slightly in terms of parameters.
You can give username,groupname etc in renice command as a parameter.

• Some examples of renice command is as follows:

• renice -4 -p 3423 (this will set the priority of process id no 3423 to -4,
which will inturn increase its priority over others)

• renice 13 -p 3564 -u sarath (this will set the priority of the process id 3564
to 13, and all the process owned by user "sarath" to the priority of 13)

• renice 14 -u sarath,satish -g custom (this will set all process owned by

"sarath","satish" and also the group "custom" to 14)
 PR- Process priority

nice value is a user-space and priority PR is the process's actual priority that use
by Linux kernel. In linux system priorities are 0 to 139 in which 0 to 99 for real
time and 100 to 139 for users. nice value range is -20 to +19 where -20 is highest,
0 default and +19 is lowest. relation between nice value and priority is :
PR = 20 + NI

so , the value of PR = 20 + (-20 to +19) is 0 to 39 that maps 100 to 139.

PR -- Priority The scheduling priority of the task. If you see 'rt' in this field, it
means the task is running under 'real time' scheduling priority.

% ps -o pid,comm,pri,nice -p $(pgrep firefox)

PID COMMAND PRI NI

2769 firefox 19 0
 Some Abbreviations

 BIOS = Basic Input Output System

 UEFI = Unified Extensible Firmware Interface

 POST= Power On Self Test

 BR = Boot Record (aka MBR)

 BC = Boot Code (aka MBC)

 GUID = Globally Unique Identifier

 GPT = GUID Partition Table

CS- CODE SECTOR
IP- Instruction Pointer
 Booting sequence (BIOS firmware)
46

1. Turn on Power
2. CPU jump to address of BIOS (Basic Input / Output System)
3. BIOS runs POST (Power-On Self Test)
4. POST performs System Integrity Checks
5. BIOS gives the control to boot loader
6. Loads and execute boot sector from MBR
(The MBR is a 512-byte sector, located in the first sector on
the disk (sector 1 of cylinder 0, head 0), MBR contains
Instructions for booting machine called Boot loader, along
with the partition table.
7. Boot loader program is detected and loaded into memory,.
8. Load OS (Kernel)
 BIOS

 Instructions used to start the computer from a cold

start. (power off to power on).
 The BIOS instructions are written on non-volatile
RAM.
 EEP-ROM is the common media choice for the BIOS,
installed on the motherboard.
 The BIOS instructions are based on the chip-set
installed on the motherboard
 BIOS

 The BIOS primary functions are

 Issue the instructions for starting the hardware at
boot time.
 Load the OS from the boot device.
 Hardware Boot Sequence

 Turn on the power switch

 All memory and cache is empty at startup.
 A reset signal is generated by the chipset to the
CPU until the power is ready.
 The CPU powers up and reads address xFFFF0
from the ROM. This contains a jump instruction to
the start of the BIOS instructions.
 POST

 The POST (Power On Self Test)

 Provide power to the motherboard-speaker
 This allows error-code signals to be broadcast by the
mobo-speaker when errors are detected

 Test if components on the motherboard are receiving

power and functioning as intended.
 Hardware Boot Sequence

 Video and keyboard are activated early in the boot

sequence. (video start instruction in ROM address
is xC000)
 Other devices are activated like the disk drives,
optical drives, sound-card, NIC, USB bus, etc.
 BIOS setup becomes available for the user.
 BIOS: User Interface

 There is a curses (curses is a terminal control

library) based user interface that allows:
a) Selection of a boot device
b) Setting the system clock
c) Configuring hardware (includes enabling or disabling
some devices)
d)Setting passwords for booting & the UI, etc.
e) Also shows access to some system config information:
memory size, disk size, etc.
 BIOS Completion

 Memory count
 Search for the OS Boot device
 Optical drive
 USB device
 Network device
 HDD
 HDD Boot Sequence

 If the HDD is the boot device then, ...

 The BR is read from the first cylinder, first track,
first sector.
 The BR contains the BC (boot code) and a
partition table.
 HDD Boot Sequence

 The boot code will do one of two things when

executed:
1. Load a boot loader (GRUB, LILO, MS-BM)
1. Allows one to choose from different OSes or different
versions of the same OS.
2. Load the OS if no boot loader is available.
 Partition Table

 The PT contains information about 4 primary

partitions.
 Only one of the 4 primary partitions is designated as
the active partition
 The active partition contains the OS for booting.
 One of the 4 primary partitions can be designated as
the extended partition.
 The extended partition can be divided into additional
logical partitions.
BIOS/UEFI
 BIOS/UEFI

 In the beginning there was the BIOS

 Intel creates the Extensible Firmware Interface in
1998
 UEFI now supersedes EFI
– UEFI can run on-top-of the traditional BIOS or in
place of the BIOS.
 BIOS/UEFI

 BIOS is often used to describe UEFI

 Modern OSes allow backward compatibility
between the traditional BIOS boot record and the
UEFI GPT.
 GPT

 Globally Unique Identifier – This is required to

allow a file system to exceed 2TB.
 The 2TB limit is a result of limitations of the
original BR partition table
(Each partition has only16 bytes of storage in the partition
table.)
 Booting sequence (UEFI firmware)

 UEFI Firmware --Performs CPU and Chipset

initialization, load drivers etc.
 UEFI Boot Manager--Loads UEFI device drivers
(based on NVRAM DriverXxx variable), loads
windows boot application
 Windows Boot Manager (bootmgfw.efi)--Loads
Windows OS loader selected by user
 Windows OS Loader (winload.efi)--Loads the
Windows OS, calls ExitBootServices()
 Kernel (ntoskrnl.exe)
• bin System binaries, including the command shell
• /boot Boot-up routines
• /dev Device files for all your peripherals
• /etc System configuration files
• /home User directories
• /lib Shared libraries and modules
• /lost+foundLost cluster files, recovered from a disk-check
• /mnt Mounted file-systems
• /opt Optional software
• /tmp Programs can write there temporary files here
• /proc This is a virtual directory, it contains some info
about the kernel itself
 What’s a Kernel?
 This can be considered the heart of operating system
responsible for handling all system processes.
• Controls and mediates access to hardware.

• Implements and supports fundamental abstractions:

Processes, files, devices etc.

• Schedules / allocates system resources:

Memory, CPU, disk, descriptors, etc.

• Enforces security and protection.

• Responds to user requests for service (system calls).

• Etc…etc…
 Loading of Kernel
Kernel is loaded in the following stages:
Kernel as soon as it is loaded configures hardware and memory allocated to the
system.
Next it uncompresses the initrd image (compressed using zlib into zImage or
bzImage formats) and mounts it and loads all the necessary drivers.

Loading and unloading of kernel modules is done with the help of programs like
insmod, and rmmod present in the initrd image.

Looks out for hard disk types be it a LVM or RAID.

RAID aims to improve redundancy whereas LVM aims to improve DATA
management and handling.

Unmounts initrd image and frees up all the memory occupied by the disk
image.

Then kernel mounts the root partition as specified in grub.conf as read-only.

Next it runs the init process

 Init Process

 Executes the system to boot into the run level as specified in /etc/inittab

 We can define default boot runlevel inside /etc/inittab

 The runlevels are:

# 0 - halt (Do NOT set init default to this)

# 1 - Single user mode
# 2 - Multiuser, without NFS (The same as 3, if you do not have
networking)
# 3 - Full multiuser mode
# 4 - unused
# 5 - X11
# 6 - reboot (Do NOT set init default to this)
id:5:initdefault:

As per above system will boot into runlevel 5
 inittab file

An entry in the inittab file has the following format:

 id:runlevels:action:process
id - A unique sequence of 1-4 characters which identifies an entry in inittab.
runlevels - Lists the runlevels for which the specified action should be taken.
action - Describes which action should be taken.
process - Specifies the process to be executed

Example

1. id :3:initdefault:
2. si::sysinit:/etc/rc.d/rc.sysinit[System Initialization]
3. ca::ctrlaltdel:/sbin/shutdown -t3 -r now [Trap]
 Valid actions

 respawn - The process will be restarted whenever it terminates.

 wait - The process will be started once when the specified runlevel is entered
and init will wait for its termination.
 once - The process will be executed once when the specified runlevel is entered
 boot - The process will be executed during system boot. The runlevels field is
ignored.
 bootwait - Same as "boot" above, but init waits for its termination.
 off - This does nothing.
 initdefault - Specifies the runlevel which should be entered after system boot.
If none exists, init will ask for a runlevel on the console. The process field is
ignored.
 sysinit - The process will be executed during system boot. It will be executed
before any boot or bootwait entries. The runlevels field is ignored.
 ctrlaltdel - This process is executed when init receives the SIGINT signal. This
means someone on the system console has pressed the "CTRL-ALT-DEL" key
combination.
 Run level

 A runlevel is a software configuration of the system that

allows only a selected group of processes to exist. Init can
run the system in one of eight runlevels. These runlevels
are 0-6 and S or s. The system runs in only one of these
runlevels at a time.
 Typically these runlevels are used for different purposes.
Runlevels 0, 1, and 6 are reserved. you can check current
runlevel details of your system using below command on
the terminal
# who -r
run-level 3 Jan 28 23:29 last=S
 Runlevels

 0-halt
 1-Single user mode
 2-Multiuser, without NFS (The same as 3, if you
don't have networking)
 3-Full multiuser mode
 4-unused
 5-X11
 6-Reboot
 S or s – single user login
 Runlevel scripts

 A no. of runlevel scripts are defined inside /etc/rc.d/rcx.d

(Runlevel Directory)

0 /etc/rc.d/rc0.d
1 /etc/rc.d/rc1.d
2 /etc/rc.d/rc2.d
3 /etc/rc.d/rc3.d
4 /etc/rc.d/rc4.d
5 /etc/rc.d/rc5.d

 Based on the selected runlevel, the init process executes startup scripts located in
subdirectories of the /etc/rc.d directory.
 Scripts used for runlevels 0 to 6 are located in subdirectories /etc/rc.d/rc0.d through
/etc/rc.d/rc6.d, respectively.
 There are s and k scripts in the /etc /rcx.d directories
 init runs whatever it finds in /etc/rc.d/rc.local (regardless of run level). rc.local is rather
special in that it is executed every time that you change run levels.
 NOTE: rc.local is not used in all the distros as for example Debian.
 Managing User Accounts

 Use useradd or adduser command to create a new user

(useradd –g <group> -d <home directory> -c
<comment> -s <shell> login-name) and groupadd to
create a new group (groupadd group-name).
 In GUI: Applications  System Settings  Users and
Groups
 useradd command

 When we run ‘useradd‘ command in Linux

terminal, it performs following major things:
 It edits /etc/passwd, /etc/shadow, /etc/group and
/etc/gshadow files for the newly created User
account.
 Creates and populate a home directory for the new
user.
 Sets permissions and ownerships to home directory.
Syntax:
useradd [options] username
 Some Examples

 Adding user
useradd abc
 Changing password
passwd abc
 Create user with different home directory
useradd -d /data/new abc
 Create a User with Specific User ID
useradd -u 999 abc
 (create user with specific UID and GID)
 useradd -u 1000 -g 500 abc
 Add user to many groups
 useradd -G admins, webadmin, developers
 grep abc /etc/passwd
 /etc/passwd file

 /etc/passwd holds user account info

 Included fields are:
 Login name: user login name
 Password: User password in encrypted format
 User Id (uid) UID 0 (zero) is reserved for root and UIDs 1-99 are
reserved for other predefined accounts. Further UID 100-999 are
reserved by system for administrative and system accounts/groups.
 Group Id (gid) : primary group id stored in /etc/group
 General Comment about the user
 Home Directory: absolute location of user’s home directory
 Shell : the user’s default shell i.e. /bin/bash
 Example:
 smithj:x:561:561:Joe Smith:/home/smithj:/bin/bash
 /etc/shadow File

 /etc/shadow Contains the encrypted password information for users'

accounts and optionally the password aging information. Included fields
are:
 Login name : Use login name case sensitive
 Encrypted password : 13 characters encrypted
 Days since Jan 1, 1970 that password was last changed
 Days before password may not be changed
(0 indicates it may be changed at any time)
 Days after which password must be changed
(99999 indicates user can keep his or her password unchanged for
many, many years)
 Days before password is to expire that user is warned (7 for a full week)
 Days after password expires that account is disabled
 Days since Jan 1, 1970 that account is disabled
 A reserved field for possible future use
Example:
smithj:Ep6mckrOLChF.:10063:0:99999:7:::
The password should be minimum 8-12 characters long including special characters, digits, lower case
alphabetic and more. Usually password format is set to $id$salt$hashed, The $id is the algorithm
used On GNU/Linux as follows:

$1$ is MD5

$2a$ is Blowfish

$2y$ is Blowfish

$5$ is SHA-256

$6$ is SHA-512
 Some Commands

• passwd
• pwck: The pwck command verifies the integrity of the users and
authentication information. It checks that all entries in /etc/passwd
and /etc/shadow have the proper format and contain valid data.
• grpck: grpck command verifies the integrity of the groups
information. It checks that all entries in /etc/groupand /etc/gshadow
• useradd: Add a group to the system.
• userdel
• usermod
• groupadd
• groupdel
• groupmod
• login
• vipw
 Removing account

 Remove login id from /etc/passwd & /etc/shadow file and delete home
directory
 userdel –r <username>
or Use GUI to Delete the user
/etc/group contain four fields:
Group Name: Group Password: Group ID : Group Member
Group name should not be more then 8 characters
 /etc/group

 It contains definition of groups and their

corresponding group members
 /etc/group contain following four fields
groupname: grouppassword: groupid: groupmembers
hostnamectl

uname -arm
Linux 4.15.0-54-generic x86_64Copy
The output above shows that the Linux kernel is 64-bit and its version is 4.15.0-54, \
where:
•4 - Kernel Version.
•15 - Major Revision.
•0 - Minor Revision.
•54 - Patch number.
•generic - Distribution specific information.

hostnamectl
Static hostname: linuxize.localdomain
Icon name: computer-laptop
Chassis: laptop
Machine ID: af8ce1d394b844fea8c19ea5c6a9bd09
Boot ID: 15bc3ae7bde842f29c8d925044f232b9
Operating System: Ubuntu 18.04.2 LTS
Kernel: Linux 4.15.0-54-generic
Architecture: x86-64
The Relationship of shell functionality

Korn shell

Bourne
shell C shell

Common
core Common
core
 CORE Shell Functionality
• Built-in commands
• Scripts
• Variables (local, environment)
• Redirection
• Wildcards
• Pipes
• Sequences (conditional, unconditional)
• Subshells
• Background processing
• Command substitution
 What does the shell do?

• The following takes place:

– (1) reads a special startup file (.cshrc for csh in the user's
home directory) and executes all the commands in that file
– (2) displays a prompt and waits for a user command
– (3) If user enters CTRL-D (end of input) the shell
terminates, otherwise it executes the user command(s)
To change your default shell use the chsh utility
• To examine your default shell, type:
– echo $SHELL
 Shells in Linux

The shell is a program that takes your commands from the

keyboard and gives them to the operating system to perform
 The original shell was the Bourne shell, sh.
 Every Unix platform will either have the Bourne shell,
or a Bourne compatible shell available.
 The default prompt for the Bourne shell is $ (or #,for
the root user).
 Another popular shell is C Shell. The default prompt
for the C shell is %.
 Shells in Linux

A shell is a command interpreter that allows you to type commands

from the keyboard to interact with the operating system kernel.

 sh (Bourne Shell) The sh shell was the earliest shell, being

developed for UNIX back in the late 1970s.
 bash (Bourne-Again Shell) The bash shell is an improved
version of the sh shell and is one of the most popular shells today. It’s
the default shell used by most Linux distributions.
 csh (C Shell) The csh shell was originally developed for BSD UNIX.
It uses a syntax that is very similar to C programming.
 tsch The tsch shell is an improved version of the C Shell. It is the
default shell used on FreeBSD systems.
 zsh (Z Shell) The Z Shell is an improved version of the bash shell
 Restricted shells

 Linux shell is so powerful that the whole Linux system can

be controlled precisely, using it.

 The other aspect of Linux shell is that, it can be potentially

harmful, when you executed a system command, without
knowing its consequence.

 The Restricted Shell is a Linux Shell that restrict some of

the features of bash shell, and is very clear from the name.
The restriction is well implemented for the command as
well as script running in restricted shell. It provides an
additional layer for security to bash shell in Linux.
 rbash

Restrictions Implemented in rbash

 cd command (Change Directory)

 PATH (setting/ unsetting)
 ENV aka BASH_ENV (Environment Setting/ unsetting)
 Specifying file name containing argument ‘/’
 Specifying file name containing argument ‘-‘
 Redirecting output using ‘>‘, ‘>>‘, ‘>|‘, ‘<>‘, ‘>&‘, ‘&>‘
 turning off restriction using ‘set +r‘ or ‘set +o‘
 Note: Restrictions of rbash is enforced after any startup files are read.
 Enabling Restricted Shell
 # cd /bin
 # ln -s bash rbash
 Starting rbash
 # bash -r OR
 # rbash
 Pros and Cons of Restricted Shell

 Pros of Restricted Shell

Restricted shell is used in conjunction with a chroot jail, in a further
attempt to limit access to the system as a whole.
 Cons of Restricted Shell
Insufficient to allow execution of entirely untrusted software.
When a command that is found to be a shell script is executed, rbash
turns off any restrictions in the shell spawned to execute the script.
When users run bash or dash from rbash then they got unrestricted
shells.
rbash should only be used within a chroot unless you know what you
are doing.
There are many ways to break out a restricted bash shell that are not
easy to predict in advance.
 File Types in Linux

 By default Unix have only 3 types of files. They are..

 Regular files (-)
 Directory files (d)
 Special files(This category is having 5 sub types in it.)
 Block file(b)
 Character device file(c)
 Named pipe file or a pipe file(p) - form a way for processes to
communicate with each other.
 Symbolic link file (l)
 Socket file(s) – A socket file is used to pass information between
applications for communication purpose
 Linux Supported File systems
(cat /proc/filesystems)
(FAT) - vfat, FAT 12, FAT 32, Inodes (ext) (keeping track of files)
and blocks (basic unit of storage)
Block Groups (ext2) – 16 GB to 2 TB individual, 2TB to 32 TB
overall file system
Journaling (ext3) - JFS-efficient journaling, directory
organisation, and better space usage
extents and B-Trees (ext4)- 16 GB to 16 TB and over all 1 EB.(1
exabyte = 1024 PB (petabyte), 1 PB = 1024 TB
reiserfs- alternative to ext2 file system.
xfs – stable and best journaling
NTFS – Max. File size 2 TB to Max. partition size 256 TB
 File System Structure

 A UNIX file system is a collection of files and directories stored. Each

file system is stored in a separate whole disk partition. The following
are a few of the file system:
 / - Special file system that incorporates the files under several
directories including /dev, /sbin, /tmp etc
 /usr - Stores application programs
 /var - Stores log files, mails and other data
 /tmp - Stores temporary files

File system divided into two categories:

 User data - stores actual data contained in files
 Metadata - stores file system structural information such as bootblock,
superblock, inodes, datablock
 File System
A file system consists of a sequence of logical blocks. Each containing size 512,
1024, 2048 or any convenience multiple of 512 bytes.

1.Boot Block- beginning of a file system and may contain the

bootstrap code that is read into m/c boot or initialize the OS.
2.Super Block- describes the state of file system, how large it is, how many
files it can store. Where to find free space on the file system and other information
3.inode- list of inodes that follows the superblock
4.Data Block- starts at the end of the inode, list and contain file data
and administrative data. An allocated data block can belong to one and only one
file in the file system.

block size is the size of chunks in which data will be spread. So if the block
size is 4K, then for a file of 15K it will take 4 blocks(because 4K*4 16), and
technically speaking you waste 1 K
 Structure of Super Block

Structure of Super Block:

The super block consist of the following fields

1. Total size of the partition (Size of the file system)
2. The block size (Number of free blocks in the file system)
3. Size of the inode list
4. Index of the next free block in the free block list
5. The number of free inodes in the file system
6. A list of free inodes in the file system
7. Index of the next free inode in the free inode list
8. Lock fields for the free block and free inode list.
9. Magic number (A flag indicating that the superblock has been modified)
 inode
Inode - An inode is metadata of the data.“ Kernel maintains the
information about each file in a structure called index node.
Each inode contain 40 separate pieces of information.:
An inode can be of a file, directory or a block device etc.
It consists of the following fields-
• File owner identifier
• File type (e.g., regular, directory, special device, pipes, etc.)
• File access permissions
• Number of links to the file
• Table of contents for the disk addresses of data in a file
• File Size
• time of last access, and modification
• size of the file in bytes (for regular files), major and minor
device numbers for special devices.
• ls -i
 Data Block

Data Block- block for files, directories etc.

A block is a sequence of bit or Bytes with a fixed length ie 512 bytes, 4kB,
8kB, 16kB, 32kB etc.
Soft Link or Symbolic Link or Symlink
Soft Link or Symbolic Link or Symlink

Soft links are very similar to what we

say “Shortcut” in windows, is a way to
link to a file or directory. Symlinks
doesn’t contain any information about
the destination file or contents of the
file, instead of that, it simply contains
the pointer to the location of the
destination file. In more technical words,
in soft link, a new file is created with a
new inode, which have the pointer to
the inode location of the original file.
 Hard Link

Hard link is a bit different object when

compared to a symlink. In softlink a
new file and a new Inode is created,
but in hard link, only an entry into
directory structure is created for the
file, but it points to the inode location
of the original file. In hard link, you
are referencing the inode directly on
the disk
 Types of Devices in linux

There are generally three types of devices in Linux:

1. Character Devices
2. Block devices
3. Network Devices

The segregation is majorly in the way these devices interact and perform I/O
with the operating system.

Device files allows program to communicate with the system’s hardware and
peripheral modules, for a particular device called device driver.`
 Character Devices

Character Devices are devices where data is a stream of bytes i.e. the
input/output happens byte by byte. Therefore, the character device drivers
would be in a such a way to implement such kind of streamed data. The
interactive operations (often called the file operations) which would be most
vital to implement are:

– open()
– read()
– write()
– close()
Examples: A terminal, Keyboard, etc
.
 Block Devices

Block Devices are devices, as the name suggests, deal with blocks of data.
Therefore, block device drivers are implemented to read/write block data and
also supports random access data. However, since data is to be handled in
blocks, therefore its implementation involves an extra intermediate buffer to
store data between reads and writes. It has block device operations such as
– open()
– release()
– direct_access()
– revalidate_disk()
etc.
Examples: A floppy, hard disks
 Network devices

• Network device are the ones which are used to transmit

data from one machine to another. The network device
drivers implementation is entirely different to those of char
devices and block devices. Here, they are exchange data in
the form of data packets with another remote machine,
using a standard protocol. They also deal with setting up ip
addresses, configurations and modifying transmission
parameters, traffic, etc.
Their I/O operations are specific to the data packet
transmission protocol, as in, TCP/UDP.
• Examples: NIC
 fdisk

• Tools used for partitioning under linux is fdisk.

• # fdisk /dev/sdax
• fdisk program is interactive, pressing m displays a list of all its
commands. Common use commands are:
 n or new, to create a new partition
 t or type, to change the type of partition
 p or print, to print the partition table
 w or write, to write the partition table to disk
When we create a new partition we can further create primary partition
and extended partition using command action p and e
 Mounting FileSystem

• When the file system is created it has to be mounted,

it can be mounted by two ways-
– Edit the /etc/fstab file and add an entry for the new drive
– By using mount command

/etc/fstab fields

Example:-
<device> <mountpoint> <filesystemtype><options> <dump> <fsckorder>
/dev/hdc /mnt/cdrom iso9660 noauto,ro,user 0 0
Example:

Device Default mount FS Type Mount Options dump fsck

Point

/dev/hda2 / ext2 defaults 1 1

/dev/hdb1 /home ext2 defaults 1 2
/dev/cdrom /media/cdrom auto ro,noauto,user,exec 0 0
/dev/fd0 /media/floppy auto rw,noauto,user,sync 0 0
proc /proc proc defaults 0 0
 Options

• sync / async : All I/O to the file system should be done (a)synchronously.
• auto : The filesystem can be mounted automatically (at bootup, or when
mount is passed the -a option).
• noauto : The filesystem will NOT be automatically mounted at startup, or
when mount passed -a. You must explicitly mount the filesystem.
• dev / nodev : Permit any user to mount the filesystem.
• exec / noexec: Permit/Prevent the execution of binaries from the filesystem.
• suid / nosuid :Permit/Block the operation of suid, and sgid bits.
• ro :Mount read-only.
• rw :Mount read-write.
• User: Permit any user to mount the filesystem. This automatically implies
noexec, nosuid, nodev unless overridden.
• nouser:Only permit root to mount the filesystem. This is also a default setting.
• Defaults: Use default settings. Equivalent to rw, suid, dev, exec, auto, nouser,
async.
 /etc/fstab fields
first field (/dev/hdc) is the physical device/remote filesystem which is to
be described.

second field (/mnt/cdrom) specifies the mount point where the filesystem
will be mounted.
third field (iso9660) is the type of filesystem on the device from the
first field.
fourth field (noauto,ro,user)is a (default) list of options which mount
should use when mounting the filesystem.
fifth field (0) is used by dump (a backup utility) to decide if
a filesystem should be backed up. If zero then
dump will ignore that filesystem.
sixth field (0) is used (the filesystem check utility) to determine
the order in which filesystems should be checked. If
zero then fsck won't check the filesystem.
MBR (Master Boot Record)
121