Chapter one

System and Network administration

What is system administration?

 What is system?

 A group of interacting, interrelated, or interdependent elements that together form a

complex whole.

….a system

In the context of this class, we generally consider computer-human systems consisting of

 the computer(s)

 the network

 the user(s)

 the organization’s goals and policies

Computer systems have four parts

 Hardware
 Software
 Data
 User

Administration?

Merriam Webster: administer, v: to manage or supervise the execution, use, or conduct of

In this regard, the main issues are the following:

 System plan and design

 Resource management (checking and repair)
 Fault diagnosis handing

Is a set of functions that:

 Provides support services

 Ensures reliable operations

 Promotes efficient use of the system

 Ensures that prescribed service-quality objectives are met

1
System administration functions include installation, configuration, and maintenance of network
equipment and computer systems.

 Network equipment  switches, routers, DHCP, DNS servers, etc.

 Computer systems  database, email server, web server

Is the branch of engineering that is responsible for maintaining reliable computer systems in a
multi-user environment

A person who works a system administration is called system administrator, or sys admin,
system admin

Sys administrator: one who manages IT infrastructure, (the h/w, s/w, users)

Sysadmin is responsible for their company’s IT services (email, file storage, running website) is
responsible for the day-to-day operation of a technology system

IT infrastructure is the s/w, the h/w, network, and service required for an organization to operate
in an enterprise IT env’t

Systems Administration…

 Morning of systems/software.

 Performing backups of data.

 Applying operating system updates, and configuration changes.

 Installing and configuring new hardware/software.

 Adding/deleting/creating/modifying user account information, resetting passwords, etc.

 Answering technical queries.

 Automating operations

 Responsibility for security.

 Responsibility for documenting the configuration of the system.

 Troubleshooting any reported problem or reported problems.

 System performance tuning.

 Keeping the network up and running

2
The Goal of System Administration

 Ensuring the systems are running efficiently and effectively.

 Supervise system functionality. Every system must work and be connected to the
network.

 Create backups on media, better if automatic backup.

 Create and install desktop and servers.

o Create users and assign to them customizable Graphical User Interface.

 Update systems for the maximum performance

 Share system resources for the maximum network flow

 share disks between heterogenous systems in the better position

 share printers to save superfluous investment

 Systems starts up and shutdowns properly

 Allocating disks spaces and relocating quotas when the needs grows

The Goal of Network Administration

 To ensures that the users of networks receive the information and technically serves with
quality of services they expect

 Network administration means the management of network infrastructures devices (such

as router and switches)

 Network administration compromises of 3 majors’ groups:

Network provisioning

 It consists of planning and design of network which is done by engineer.

Network operations

 it consists of fault, configurations, traffic, all type of management and it is done

by plant facilities group. It is nerve center of network management operations.

Network maintenance:

 its consists of all type of installations and maintenance work.

3
Responsibilities of the Network Administrator

 As a network administrator, your tasks generally fall into the following areas:

 Designing and planning the network

 Setting up the network

 Maintaining the network

 Adding new host machines to the network

 Administering network security

 Administering network services, name services, and electronic

mail

 Troubleshooting network problems

 Expanding the network

4
The Job of

 What exactly does a System Administrator do?

 no precise job description

 often learned by experience
 “Makes things run”
 often known as IT support, Operator, Network Administrator, System Programmer,
System Manager, Service Engineer, Site Reliability Engineer etc

What sysadmins do?

 User account management

 Hardware management

 Perform filesystem backups, restores

 Install and configure new software and services

 Keep systems and services operating

 Maintain documentation

 Audit security

 Help users, performance tuning, and more!

1. User Management

 Is Defining the rights of organizational members to information in the organization

 Involves a wide range of functionality such as adding/deleting users, controlling user

activity through permissions, managing user roles, updating permissions when users
change roles, defining authentication policies, managing external user stores and
manual/automatic logout, and resetting passwords.

 Challenge: managing large number of users

o Commonly organized into groups (users with similar privileges)

 E.g. all faculty members in the computer science department access to

mailing list

 Active directory in windows provides centralized user management and access control
for computers.

5
 Any user management system has the following basic components:

 Users: Users are consumers who interact with your organizational applications,
databases, and other systems. A user can be a person, a device, or another
application/program within or outside of the organization's network. Because users
interact with internal systems and access data, organizations need to define which data
and functionality each user can access by assigning permissions.

 Permissions: A permission is a delegation of authority or a right that is assigned to a

user or a group of users to perform an action on a system. Permissions can be granted to
or revoked from a user, user group, or user role automatically or by a system
administrator. For example, if a user has the permission to log in to a system, the
permission to log out is automatically granted as well.

 User roles: A user role is a grouping of permissions. In addition to assigning individual

permissions to users, admins can create user roles and assign those roles to users. For
example, you might create user roles called VP, Manager, and Employee, each of which
has a different set of permissions, and then assign those roles to users based on their
position in the company. Then, if you need to modify the permissions of all your
managers, you can simply modify the Manager user role, and all the users with that role
will have their permissions updated automatically.

 Creating user accounts

o User Ids

 Home directories (quotas, drive capacities)

 Default startup files (paths)
 Permissions, group memberships, accounting and restrictions
 Communicating policies and procedures
 Disabling / removing user accounts
 Consistency requires automation
 Username and UID namespace management
 Home directory backups and quotas
 Removing user accounts
o Consistency requires automation

o Remove everything, not just home Dir and passwd

6
1. Hardware Management

 Adding and removing hardware

 Configuration, cabling, etc.
 Device driver's installation
 Scheduling downtimes and notifying users
 Hardware evaluation and purchase
 System configuration and settings
 Capacity planning
 How many servers?
 How much bandwidth, disk space?
 Data Center management
 Power, racks, environment (cooling, fire alarm)
2. Data Backups

 Perhaps most important aspect!

 Backup strategy and policies
o Scheduling: when and how often?

o Capacity planning

o Location: On-site vs off-site.

 Installing backup software

 Performing backups and restores
 Monitoring backups
o Checking logs

o Verifying media

 Disaster recovery

 Onsite/Offsite
 Periodic testing
 Multiple copies

7
3. Software Installation and Maintenance

 Automated consistent OS installs

 Evaluation of software

 Finding and building open-source software

 Purchase of commercial software

 Managing software installations

o Distributing software to multiple hosts

o Package management

o Managing multiple versions of a software pkg

 Patching and updating software

 Scheduling downtimes and notifying users

 Maintenance of multiple versions

4. Troubleshooting

 Problem discovery, diagnosis, and resolution

o Often difficult

 Problem identification

o By user notification

o By log files or monitoring programs

 Tracking and visibility

o Ensure users know you’re working on problem

 Finding the root cause of problems

o Provide temporary solution if necessary

o Solve the root problem to permanently eliminate

8
5. Monitoring

 Hardware and services functioning and operational

 Automatically monitor systems for

o Problems (disk full, error logs, security)

o Performance (CPU, memory, disk, network)

 Log periodic rotation and backups

 Provides data for capacity planning

o Convince management of need for hardware

 Two Kinds:

o Reactive: Detecting and analyzing failures after they have occurred

 Problem notifications, analyzing logs after failures (e.g. identifying modus

operandi, affected system

o Proactive: testing a system for specific issues before they occur

 Vulnerability scanners (automatically identify/prioritize issues),

penetration testing

6. Local Documentation

 Administrative policies and procedures

o Backup media locations

o Hardware

 Location
 Description, configuration, connections
o Software

 Install media (or download location)

 Installation, build, and configuration details
 Patches installed
 Acceptable use policies

9
  Network setting

7. Security Concerns
 System logging and audit facilities
o Evaluation and implementation
o Monitoring and analysis
o Traps, auditing and monitoring programs
 Unexpected or unauthorized use detection
 Monitoring of security advisories
o Security holes and weaknesses
o Live exploits
8. Helping Users
 Request tracking system

a. Ensures that you don’t forget problems.

b. Ensures users know you’re working on their problem; reduces interruptions,

status queries.

c. Let’s management know what you’ve done.

 User documentation and training

d. Acceptable Use Policies

e. Document software, hardware (printers), etc.

Qualities of a Successful Sysadmin

 Customer oriented

o Ability to deal with interrupts, time pressure

o Communication skills

o Service provider, not system police

 Technical knowledge

o Hardware, network, and software knowledge

o Debugging and troubleshooting skills

 Time management

o Automate everything possible.

10
 o Ability to prioritize tasks: urgency and importance.

Principles of SA

Simplicity

 Choose the simplest solution that solves the entire problem.

Clarity

 Choose a straightforward solution that’s easy to change, maintain, debug, and explain to
other SAs.

Generality

 Choose reusable solutions and open protocols.

Automation

 Use software to replace human effort.

Communication

 Be sure that you’re solving the right problems and that people know what you’re doing.

Basics First

 Solve basic infrastructure problems before moving to advanced ones.

Standard “best practices” for system administration

A. documentation

B. backup and restore

C. logging

D. Disaster recovery plan

E. automating repetitive tasks using scripting

F. Announce user

G. Add skill

H. Never do anything you can’t back out of

I. Use strong security mechanism

11
 Documentation

o Write what you have done

o Comment the scripts you write

 Backup every thing

o Strong back up policy

o Employ redundancy

o Don’t make a single point of failure

 Check Your Log Files

o Regularly check your log files for any errors and warnings, so they can alert you
to problems before they become a threat to your servers and everything they
support.

o Don’t ignore your log file

 Perform disaster recovery plan

o best disaster recovery plans are not designed for “if” something happens, but
“when” something happens.

o what needs to be done

o Practice the plan and make sure that it is working properly

 Automate anything you have to do more than three times and anything that is
complicated

o Capture your most clever commands in aliases, functions, and scripts – and give
them meaningful names.

o Commit the complicated processes that you perform to scripts so that you don't
have to figure out the steps required and the complex commands more than once.

o You'll save yourself a lot of time and effort over the long haul and have a much
easier time if and when you need someone else to do the work for you.

12
  Keep users informed

o When you server is down for maintenance?

o New services added?

o Inform how long it take to resolve the problem

o Always let users know when to expect upgrades or changes

 Never stop picking new skills

o “If you are not moving ahead, you are falling backward”

o Always be looking for new things to learn

 Never do anything you can’t back out of

o For changes, you should always have a back out plan

o Undo the change possible?

o Make backup copies of files you’re about to edit

 Implement Strong Security

o Less privilege principle,

o a role-based security system,

o monitoring critical services,

o and conducting vulnerability and penetration testing.

o Also, watch for any signs of a break-in

Use a request system.

 receive too many requests to remember them all

 Customers know what you’re doing
 You know what you’re doing.
Manage quick requests right

13
  Team organize/ shield /day2day+project tasks
 Handle emergencies quickly.
 Use request system to avoid interruptions.
Policies

 How do people get help?

 What is the scope of responsibility for SA team?

 What is our definition of emergency?

Start every host in a known state.

 Good working practices are the threads that tie together the tasks performed by the
Sysadmin.

 Good practices make tasks easier to reproduce, preserve system security/robustness, and
maintain system functionality.

 System administrator involves managing details.

o Knowing how a system is configured, what patches have been applied, what
services the system needs or provides, and any number of other items is a
tremendous aid in solving problems.

 Avoid using root or administrator as much as possible. Use a less privileged account, for
which mistakes will be less drastic.

 Avoid using wildcard characters, such as the asterisk (*), when running as root or
administrator.

 Make it a habit to create backup copies of files before you edit.

 Allow plenty of time to complete the tasks you need to perform.

 Look for answers in manuals, newsgroups, and archive of mailing lists. Usually “google”
helps for most common problems.

 Use controlled trial and error for diagnosis.

 Listen to people who tell us there is a problem. It might be true.

 Write down problems and solutions in a log book, and write down experiences.

 Take responsibilities for our actions.

14
  Remember to tidy things up regularly.

 After learning something new, ask yourself “How does this apply to my work?”

Administration Challenges

• System administration is not just about installing operating systems.

• It is about planning and designing an efficient community of computers so that real users
will be able to get their jobs done.

That means:

1. Designing a network which is logical and efficient.

2. Deploying large numbers of machines which can be easily upgraded later.
3. Deciding what services are needed.
4. Planning and implementing adequate security.
5. Providing a comfortable environment for users.
6. Developing ways of fixing errors and problems which occur.
7. Keeping track of and understanding how to use the enormous amount of knowledge
which increases every year.

 Need

o Broad knowledge of hardware and software

o To balance conflicting requirements

 Short-term vs. long-term needs

 End-user vs. organizational requirements
o Service provider vs. police model

o To work well and efficiently under pressure

o 24x7 availability

o Flexibility, tolerance, and patience

o Good communication skills

 People think of sysadmins only when things don't work!

 Requires:

o Breadth of knowledge:

15
  operating system concepts

 TCP/IP networking

 programming

Depth of knowledge:

 certain OS flavor

 specific service (DNS, E-Mail, Databases, Content-Delivery, ...)

 specific implementation/vendor (Oracle, Hadoop, Apache, Cisco, ...)

 specific are of expertise (security, storage, network, data center, ...)

Types of Administrators/Users

 In a larger company, following may all be separate positions within a computer support
or Information Services (IS) department.

 In a smaller group they may be shared by a few sysadmins, or even a single person.

 Database Administrator

 Network Administrator

 Security Administrator

 Web Administrator

 Technical support

 computer operator

 A database administrator (DBA) maintains a database system, and is responsible for

the integrity of the data and the efficiency and performance of the system.

 A network administrator maintains network infrastructure such as switches and routers,

and diagnoses problems with these or with the behavior of network-attached computers.

 A security administrator is a specialist in computer and network security, including the

administration of security devices such as firewalls, as well as consulting on general
security measures.

 A web administrator maintains web server services (such as IIS or Apache) that allow
for internal or external access to web sites. Tasks include managing multiple sites,

16
 administering security, and configuring necessary components and software.
Responsibilities may also include software change management.

 Technical support staff respond to individual users' difficulties with computer systems,
provide instructions and sometimes training, and diagnose and solve common problems.

 A computer operator performs routine maintenance and upkeep, such as changing

backup tapes or replacing failed drives in a RAID array. Such tasks usually require
physical presence in the room with the computer; and while less skilled than sysadmin
tasks require a similar level of trust, since the operator has access to possibly sensitive
data.

Operating System supporting Administration

17
 Chapter Two
Access Control

What Is Access Control?

• Granting or denying approval to use specific resources

• Information system’s mechanism to allow or restrict access to data or devices

• Four standard models

• Specific practices used to enforce access control

Access Control Terminology

• Identification

– Presenting credentials

– Example: delivery driver presenting employee badge

• Authentication

– Checking the credentials

– Example: examining the delivery driver’s badge

• Authorization

– Granting permission to take action

– Example: allowing delivery driver to pick up package

18
• Object

– Specific resource

– Example: file or hardware device

• Subject

– User or process functioning on behalf of a user

– Example: computer user

• Operation

– Action taken by the subject over an object

– Example: deleting a file

19
Access Control Models

• Standards that provide a predefined framework for hardware or software developers

• Used to implement access control in a device or application

• Custodians can configure security based on owner’s requirements

20
• Four major access control models

– Mandatory Access Control (MAC)

– Discretionary Access Control (DAC)

• Four major access control models (cont’d.)

– Role Based Access Control (RBAC)

– Rule Based Access Control (RBAC)

• Mandatory Access Control

– Most restrictive access control model

– Typically found in military settings

– Two elements

• Labels

• Levels

• MAC grants permissions by matching object labels with subject labels

– Labels indicate level of privilege

• To determine if file may be opened:

– Compare object and subject labels

– Subject must have equal or greater level than object to be granted access

• Two major implementations of MAC

– Lattice model

– Bell-LaPadula model

• Lattice model

– Subjects and objects are assigned a “rung” on the lattice

– Multiple lattices can be placed beside each other

• Bell-LaPadula

– Similar to lattice model

21
 – Subjects may not create a new object or perform specific functions on lower-level
objects
• Example of MAC implementation

– Windows 7/Vista has four security levels

– Specific actions by a subject with lower classification require administrator
approval
• Discretionary Access Control (DAC)

– Least restrictive model

– Every object has an owner
– Owners have total control over their objects
– Owners can give permissions to other subjects over their objects

• Discretionary Access Control (cont’d.)

– Used on operating systems such as most types of UNIX and Microsoft Windows

• DAC weaknesses

– Relies on decisions by end user to set proper security level

• Incorrect permissions may be granted

– Subject’s permissions will be “inherited” by any programs the subject executes

22
 – Trojans are a particular problem with DAC

• Role Based Access Control (RBAC)

– Also called Non-discretionary Access Control

– Access permissions are based on user’s job function

• RBAC assigns permissions to particular roles in an organization

– Users are assigned to those roles

• Rule Based Access Control (RBAC)

23
 – Dynamically assigns roles to subjects based on a set of rules defined by a
custodian

• Rule Based Access Control (cont’d.)

– Each resource object contains access properties based on the rules

– When user attempts access, system checks object’s rules to determine access
permission

– Often used for managing user access to one or more systems

• Business changes may trigger application of the rules specifying access

changes

Best Practices for Access Control

• Establishing best practices for limiting access

– Can help secure systems and data

• Examples of best practices

– Separation of duties
– Job rotation
– Least privilege
– Implicit deny
– Mandatory vacations
• Separation of duties

– Fraud can result from single user being trusted with complete control of a process

24
 – Requiring two or more people responsible for functions related to handling money

– System is not vulnerable to actions of a single person

• Job rotation

– Individuals periodically moved between job responsibilities

• Job rotation (cont’d.)

– Employees can rotate within their department or across departments

• Advantages of job rotation

– Limits amount of time individuals is in a position to manipulate security

configurations

– Helps expose potential avenues for fraud

• Individuals have different perspectives and may uncover vulnerabilities

– Reduces employee burnout

• Least privilege

– Limiting access to information based on what is needed to perform a job function

– Helps reduce attack surface by eliminating unnecessary privileges

– Should apply to users and processes on the system

– Processes should run at minimum security level needed to correctly function

– Temptation to assign higher levels of privilege is great

25
 • Implicit deny

– If a condition is not explicitly met, access request is rejected

– Example: network router rejects access to all except conditions matching the rule
restrictions

• Mandatory vacations

– Limits fraud, because perpetrator must be present daily to hide fraudulent actions

– Audit of employee’s activities usually scheduled during vacation for sensitive

positions

Access Control Lists

• Set of permissions attached to an object

• Specifies which subjects may access the object and what operations they can perform

• When subject requests to perform an operation:

– System checks ACL for an approved entry

• ACLs usually viewed in relation to operating system files

26
 • Each entry in the ACL table is called access control entry (ACE)

• ACE structure (Windows)

– Security identifier for the user or group account or logon session

– Access mask that specifies access rights controlled by ACE

– Flag that indicates type of ACE

– Set of flags that determine whether objects can inherit permissions

Group Policies

• Microsoft Windows feature

– Provides centralized management and configuration of computers and remote

users using Active Directory (AD)

– Usually used in enterprise environments

– Settings stored in Group Policy Objects (GPOs)

• Local Group Policy

– Fewer options than a Group Policy

27
 – Used to configure settings for systems not part of AD

Account Restrictions

• Time of day restrictions

– Limits the time of day a user may log onto a system

– Time blocks for permitted access are chosen

– Can be set on individual systems

• Account expiration

– Orphaned accounts: accounts that remain active after an employee has left the
organization

– Dormant accounts: not accessed for a lengthy period of time

– Both can be security risks

28
 • Recommendations for dealing with orphaned or dormant accounts

– Establish a formal process

– Terminate access immediately

– Monitor logs

• Orphaned accounts remain a problem in today’s organizations

• Account expiration

– Sets a user’s account to expire

• Password expiration sets a time when user must create a new password

– Different from account expiration

• Account expiration can be a set date, or a number of days of inactivity

Authentication Services

• Authentication

– Process of verifying credentials

29
 • Authentication services provided on a network

– Dedicated authentication server

• Or AAA server if it also performs authorization and accounting

• Common types of authentication and AAA servers

– Kerberos, RADIUS, TACACS, LDAP

RADIUS

• Remote Authentication Dial in User Service

– Developed in 1992

– Became industry standard

– Suitable for high volume service control applications

• Such as dial-in access to corporate network

– Still in use today

• RADIUS client

– Typically, a device such as a wireless AP

• Responsible for sending user credentials and connection parameters to the

RADIUS server

30
 • RADIUS user profiles stored in central database

– All remote servers can share

• Advantages of a central service

– Increases security due to a single administered network point

– Easier to track usage for billing and keeping network statistics

Kerberos

• Authentication system developed at MIT

– Uses encryption and authentication for security

• Most often used in educational and government settings

• Works like using a driver’s license to cash a check

• Kerberos ticket

– Contains information linking it to the user

– User presents ticket to network for a service

– Difficult to copy

31
 – Expires after a few hours or a day

Terminal Access Control Access Control System (TACACS)

• Authentication service similar to RADIUS

• Developed by Cisco Systems

• Commonly used on UNIX devices

• Communicates by forwarding user authentication information to a centralized server

Lightweight Directory Access Protocol (LDAP)

• Directory service

– Database stored on a network

– Contains information about users and network devices

– Keeps track of network resources and user’s privileges to those resources

– Grants or denies access based on its information

• Standard for directory services

– X.500

• X.500 standard defines protocol for client application to access the DAP

• LDAP

– A simpler subset of DAP

– Designed to run over TCP/IP

– Has simpler functions

32
 – Encodes protocol elements in simpler way than X.500

– An open protocol

• Weakness of LDAP

– Can be subject to LDAP injection attacks

• Similar to SQL injection attacks

• Occurs when user input is not properly filtered

Summary

• Access control is the process by which resources or services are denied or granted

• Four major access control models exist

• Best practices for implementing access control

– Separation of duties

– Job rotation

– Least privilege

– Mandatory vacations

• Access control lists define which subjects are allowed to access which objects

– Specify which operations they may perform

• Group Policy is a Windows feature that provides centralized management and

configuration

• Authentication services can be provided on a network by a dedicated AAA or

authentication server

– RADIUS is the industry standard

CHAPTER THREE

NETWORK OPERATING SYSTEMS

3.1 Network Operating System (NOS)

33
  An Operating System (OS) is a software that acts as an interface between computer
hardware components and the user.

 Every computer system must have at least one operating system to run other programs.

 Applications like Browsers, MS Office, Notepad Games, etc., need some environment
to run and perform its tasks.

 The OS helps you to communicate with the computer without knowing how to speak
the computer’s language.

 A network operating system (NOS) controls another operating system.

 It provides services that are used to control applications running on other computers.

 If you have one computer and want to use it for personal purposes, you will install an
operating system on it.

 If you have many computers and want to control all computers from a single
computer, you will install a network operating system on the computer that you want
to use to control the remaining computers, and on the remaining computers, you will
install the operating system that supports the installed network operating system.

 Companies that make a NOS also make an OS that takes commands from the NOS and
executes them on the local computer.

 The OS that accepts commands from the NOS is called a client OS.

 For example, Microsoft makes NOS under the brand name Windows Server.

 Microsoft also makes OS that supports the NOS.

 A Network Operating System (NOS) is a software program that controls other

software and hardware running on a network.

What is Network Operating System?

 It also allows multiple computers, known as network computers, to communicate

with one central hub and each other to share resources, run applications, and send
messages.

34
  Such a system can consist of a wireless network, Local Area Network (LAN), or even
two or three computer networks connected together.

 Administrators running these networks typically have training in different network

operating systems.

 Network Operating System is an Operating system that helps different computers to

connect.

 Here each computer will have its memory, hardware and may run on different
operating systems.

 These independent computers are capable to process and undertake the functions of a
single user.

 In short, Network Operating System helps multiple anonymous independent

computers to network and communicate between them.

 Usually, these Network Operating System (NOS) are runnel on large and powerful
computers with more hardware resources.

 This computer act as a server that connects and manages the data from a different
independent system.

 This helps in sharing the resources and among a group of computers.

 It helps to share the tasks between the computers connected to the network.

 You can easily assign tasks, communicate, and securely access different
workstations.

 Some of the famous Network Operating System is Novel Netware, Microsoft Windows
Server, UNIX, and Linux.

Features of Network Operating System (NOS):

 Here are the primary features that every Network Operating System will have:

35
  It has basic operating system features like protocol support, hardware detection,
multiprocessing for application, processor support, and hardware that make up the
system etc…

 It has high-security features like authorization of users, restrictions on shared data,

hardware authentication, etc…

 It allows the user to use their backup database and web services.

 It helps in internetworking through routing and WAN ports.

 It allows every user to create their user account and manage user logging in and
logging out and what files and services each user has access to

 An NOS (network operating system) controls the utilities, users, and devices that
make up a network

 While similar to a computer OS, NOS contain utilities that ensure data is transmitted
to the correct user, computer, and other devices.

 NOS manage all printing, storage, backup, and duplication services for computers
and users accessing a network.

 It also control access to the internet, local-area (LAN) and wide-area networks
(WAN), port routing, and internal web services (Intranet).

 Network Operating System allows to manage email for those using the NOS.

Types of Network Operating System (NOS):

 There are two types of Network Operating System. They are as follow:

1.Peer-to-Peer:

 Peer-to-peer network operating systems allow users to share the memory, data, files
located on their computers with others and also grant access to the data and resources
available with other computers.

 Here all the independent computers (users) are considered the same all of them have an
equal level of access and right in the shared network.

 This type of Networking is mostly practiced in the small and medium Local Area
Network (LAN) in the workplace.

 This allows them to share, assign, and work on the tasks. Windows for the workplace
is the best example of a Peer-to-Peer network operating system.

36
  Advantages of Peer-to-peer Network Operating System

 Easy to install and setup and the setup cost is also low.

 Fewer requirements for advanced hardware and software.

 The sharing process is quick, easy, and secure.

 Disadvantages of Peer-to-Peer network Operating System

 It has no centralized memory storage. Each system has its memory and storage capacity.

 It less secure compared to the client-server Network Operating System.

 It does not have backup functionalities.

2. Client-Server Operating System

 In this type, Network Operating System runs on a server machine that is connected
with multiple client computers.

 A server is a large form computer will unlimited resources.

 This server acts as the centralized hub for all the client computers.

 The client computer will request the information or access, then the server machine
will reply by providing the requested service.

 The client computer will have memory, resources, and a separate normal operating
system to process, however, if large calculations or processing is needed it is done in
the client-server.

 It is the most used Network Operating System type in today’s modern world.

 Advantages of Client-Server Network Operating System

 It has centralized control, memory, and management.

 It is more reliable than the Peer-to-Peer.

 It has backup functionalities to restore the last data.

 The shared resources can be accessed at the same time by multiple clients.

 Disadvantages of Client-Server Network Operating System

 The setup cost is very high, not affordable for small firms.

 There is a need for an administrator to administer the network.

37
  Network failure and a huge amount of client requests may affect the process.

Functions of a NOS

 The most common functions of a NOS are the following.

 Sharing Printer Resources

 Providing access to remote printers.

 Managing which users are using which printers at what time.

 Managing how print jobs are queued.

 Recognizing which printers are offline.

 Centralized Files and storages management

 Enabling and managing access to files on remote systems.

 Determining which user can access what files.

 Specifying a storage location for each user.

 Preventing users from storing files outside the allowed storage locations.

 Monitoring and controlling file access.

 Managing Applications and other network resources

 Granting access to remote applications and resources, such as the Internet.

 Making resources seem like local resources to the user.

 Allowing users to work on a single application from multiple computers.

 Storing the data of the application in a single location.

 Provides Routing and monitoring

 Providing routing services, including support for major networking protocols, so

that the operating system knows what data to send where

 Monitoring the system and security, to provide proper security against viruses,
hackers, and data corruption.

 Administration and security

38
  Providing network administration utilities (such as SNMP, or Simple Network
Management Protocol).

 Enabling an administrator to perform tasks involving managing network resources

and users.

 Blocking unauthorized accesses

NOS services

 A NOS provides several services. Most of them are inbuilt. If you need more services,
you can install them separately. The most common services are the following.

 DHCP Services:

 These allow the administrator to configure the server to assign IP addresses to

clients on the network.

 DNS Services:

 These services allow the administrator to map hostnames with related IP addresses.

 E-mail Services:

 These services allow the administrator to configure the server to send and receive e-
mail using the Simple Mail Transfer Protocol (SMTP).

 Web Services:

 These services allow the administrator to host websites and related applications on
the server.

 File and print Services:

 These services allow the administrator to share files and printers among clients.

 Directory Services:

 These services allow the administrator to build a centralized database of objects,

such as user accounts that may be used by clients to log on to the network.

 On Windows Server, the directory service is known as Active Directory.

Group Policies:

39
  These services allow an administrator to deploy settings down to the client operating
systems from a central point.

 Some of the types of settings that can be applied to clients through group policies are
user rights, folder redirection, file permissions, and installation of software.

Network Operating Systems Features

 Multitasking

 One NOS can handle many thousands of tasks simultaneously.

 A NOS also runs each service separately.

 This means, if one service fails, it does not affect other services. Other services will be
running without any lag.

 Stability

 A NOS can run for years without crashing. Most services running on the NOS can be
restarted without a system-level restart.

 It means a NOS does not restart for every change or update.

 Multiusers

 A NOS allows several users to log into the system simultaneously.

 A NOS initiates a separate login session for each user.

 A NOS allows a user to log into the same system at the same time as another user.

 High performance and hot plug support

 A NOS supports the largest capacity of hardware devices.

 A NOS also supports the hot plug feature.

 The hot plug feature allows the administrator to replace or upgrade most of the hardware
without shutting down the system.

 Support Internetworking such as routing and WAN ports.

 User management and support for logon and logoff, remote access; system
management, administration and auditing tools with graphical interfaces.

 It has clustering capabilities.

40
  Authentication of data, restrictions on required data, authorizations of users etc.

 It can also manage directory and name services.

 It also provides basic network administration utilities like access to the user.

 It also provides priority to the printing jobs which are in the queue in the network.

 It detects the new hardware whenever it is added to the system.

Examples of Network Operating systems:

 Following are the examples of network operating systems.

 Microsoft Windows Server

 UNIX/Linux

 Artisoft’s LANtastic

 Banyan’s VINES

4.1 Network Resources

 Network resources refer to forms of data, information, and hardware devices that can
be accessed by a group of computers through the use of a shared connection.

 These types of resources are known as shared resources.

 They are important in work environments where collaboration is essential for the
successful operation of tasks.

 For example, the most common types of network resources in an office environment
are hardware, such as:

 Computers, printers, fax machines, and scanners.

 Communication Circuits and Wireless Devices,

 Data files are also important network resources shared by those who must collaborate on
projects.

 Network resources are also infrastructure resources that are capable of transferring
data.

 Network resources in a network infrastructure include:

 Locations, which represent the named location of a Wide Area Network (WAN).

41
  Repeaters

 Wireless Access Points

 Printers, Scanners and Fax Machines

 Servers

 Server Rack

 Routers

 Switches

 Firewalls

 Application Software's

 Load balancers

 CCTV cameras

 UPS

 Client Computers

 Shared Databases

 Network Toolkits

 Communication Channels or Circuits

 Intrusion Detection Systems

 Operating Systems and Network Software

 IP address pools, which are assigned based on BMC Network Automation container
blueprint policies.

 And other electronics and network equipment's

Organization of Network Resources

42
  Network resources are organized by pods, network containers, and network zones.

 BMC Network Automation is the resource provider for network resources.

 BMC Network Automation defines and provides network resources for clouds defined
by BMC Cloud Lifecycle Management.

 BMC Network Automation organizes cloud network resources by the following

hierarchy:

 One or more pods at a location

 One or more network containers within a pod

 Networks, virtual firewalls, and virtual load balancers reside at the network
container level.

 Zones reference a set of networks.

 Networks can reside in multiple zones or in no zone.

 A network container does not have to have a zone. Neither firewalls nor load
balancers are required to reside in zones.

 Multiple networks can share the same BMC Cloud Lifecycle Management network
label.

1. Locations

 A location is a physical location, such as a building, and is defined using the

Application Administration Console of the BMC Remedy IT Service Management
(ITSM) Suite.

2. Pods

 A pod represents a physical layer-2 portion of the cloud.

 A pod is created on a group of co-located network hardware, such as routers,

firewalls, and load balancers, and segregates cloud networks from other pods and
non-cloud networks.

 Because these resources reside physically close to each other, pods are useful for
organizing network resources by geographic location.

 Pods can physically overlap in order to make efficient use of the hardware involved.

 However, these overlapping pods are logically separated by routing.

43
  Pods are created in BMC Network Automation using pod blueprints, which define the
pod architecture and include a definition of the physical pod topology.

 After a pod is created, you can then on-board the pod into BMC Cloud Lifecycle
Management.

3. Network Containers

 Network containers represent virtual layer-2 segments in a pod, isolating a segment

of the network for specific tenants or workloads, based on specific policies and rules.

 Multiple network containers can exist within each pod.

 A network container is also known as a virtual data centre (VDC).

 Network containers are built from network container blueprints, which define the
network container architecture.

 They can include definitions for firewalls, routers, load balancers, networks, and
zones.

4. Network Zones

 A network zone represents a finer partitioning of network resources to isolate

workloads.

 The need for this level of structure is driven by security and performance
requirements.

 A network resource can be within a single zone or it can exist outside of zones
completely.

5. Networks

 A network represents a logical abstraction of one or more virtual LANs (VLANs) in a

network, where those VLANs share the same quality of service characteristics.

 You can define networks at the pod level and the container level.

 For example, you might use a pod-level network to allow BMC Cloud Lifecycle
Management components to communicate, and a container-level network to allow
communication between the infrastructure resources that are provisioned as a result
of service requests.

 Networks can span network zones and network containers.

44
  The following figure shows a sample network configuration, in which a single pod
contains four network containers.

 Each network container includes 1 or more zones

6. IP Address Management

 The cloud administrator manages IP addresses associated to network containers

through BMC Network Automation and an integration with third-party IP address
management systems.

 When provisioning compute resource containers, BMC Cloud Lifecycle Management

relies on BMC Network Automation to assign IP addresses from the pool of
addresses available within the associated network container.

45
  IP address pools can also be configured at the pod level to manage networks spanning
multiple network containers within that pod.

 BMC Network Automation uses two addressing schemes for IP address management
(IPAM) to define resources:

 Pod-oriented Addressing

 Container-oriented Addressing

 When a server is added to a network container, the IPAM system acquires addresses
for its NICs from address pools within the container.

 When the server is removed, the addresses that the server used are released back to
the IPAM system.

1.2 Network Services

 The term network service is used to describe a wide range of software and connectivity
tools that are managed by a central group and distributed to the networked
computers.

 A networked computer environment occurs when multiple computers are connected

to each other or a central server.

 The computers are able to access shared files and utilities from a central location.

 In computer networking, a network service is an application running at the network

application layer and above, that provides data storage, manipulation, presentation,
communication or other capability which is often implemented using a client-server or
peer-to-peer architecture based on application layer network protocols.

 Each service is usually provided by a server component running on one or more

computers (often a dedicated server computer offering multiple services) and
accessed via a network by a client component running on other devices.

 However, the client and server components can both be run on the same machine.

 The following are some of the basic network services:

1. Directory Services

 Mapping between name and its value, which can be variable value or fixed.

 This software system helps to store the information, organize it, and provides various
means of accessing it.

46
A. Accounting

 In an organization, a number of users have their user names and passwords mapped to
them.

 Directory Services provide means of storing this information in cryptic form and
make available when requested.

B. Authentication and Authorization

 User credentials are checked to authenticate a user at the time of login and/or
periodically.

 User accounts can be set into hierarchical structure and their access to resources can
be controlled using authorization schemes.

C. Domain Name Services

 DNS is widely used and one of the essential services on which internet works.

 This system maps IP addresses to domain names, which are easier to remember and
recall than IP addresses.

 Because network operates with the help of IP addresses and humans tend to remember
website names, the DNS provides website’s IP address which is mapped to its name
from the back-end on the request of a website name from the user.

2. File Services

 File services include sharing and transferring files over the network.

A. File Sharing

 One of the reasons which gave birth to networking was file sharing.

 File sharing enables its users to share their data with other users.

 User can upload the file to a specific server, which is accessible by all intended users.

 As an alternative, user can make its file shared on its own computer and provides
access to intended users.

47
B. File Transfer

 This is an activity to copy or move file from one computer to another computer or to
multiple computers, with help of underlying network.

 Network enables its user to locate other users in the network and transfers files.

3. Communication Services

A. Email

 Electronic mail is a communication method and something a computer user cannot

work without.

 This is the basis of today’s internet features.

 Email system has one or more email servers.

 All its users are provided with unique IDs.

 When a user sends email to other user, it is actually transferred between users with
help of email server.

B. Social Networking

 Recent technologies have made technical life social.

 The computer savvy peoples, can find other known peoples or friends, can connect
with them, and can share thoughts, pictures, and videos.

C. Internet Chat

 Internet chat provides instant text transfer services between two hosts.

 Two or more people can communicate with each other using text-based Internet
Relay Chat services.

 These days, voice chat and video chat are very common.

D. Discussion Boards

 Discussion boards provide a mechanism to connect multiple peoples with same

interests.

 It enables the users to put queries, questions, suggestions etc. which can be seen by all
other users. Other may respond as well.

48
E. Remote Access

 This service enables user to access the data residing on the remote computer.

 This feature is known as Remote desktop.

 This can be done via some remote device, e.g. mobile phone or home computer.

4. Application Services

 These are nothing but providing network-based services to the users such as web
services, database managing, and resource sharing.

A. Resource Sharing

 To use resources efficiently and economically, network provides a mean to share them.

 This may include Servers, Printers, and Storage Media etc.

B. Managing Databases

 This application service is one of the most important services.

 It stores data and information, processes it, and enables the users to retrieve it
efficiently by using queries.

 Databases help organizations to make decisions based on statistics.

C. Web Services

 World Wide Web has become the synonym for internet.

 It is used to connect to the internet, and access files and information services provided
by the internet servers.

1.3 Remote Administration

 Remote administration is an approach being followed to control either a computer

system or a network or an application or all three from a remote location.

 Simply put, Remote administration refers to any method of controlling a computer or

network resources from a remote location.

 A remote location may refer to a computer in the next room or one on the other side
of the world.

 It may also refer to both legal and illegal remote administration.

49
  Generally, remote administration is essentially adopted when it is difficult or
impractical to a person to be physically present and do administration on a system’s
terminal.

1.3.1 Requirements to Perform Remote Administration

A. Internet connection

 One of the fundamental requirements to perform remote administration is network

connectivity.

 Any computer with an Internet connection, TCP/IP or on a Local Area Network can
be remotely administered.

 For non-malicious administration:

 The user must install or enable server software on the host system in order to be
viewed.

 Then the user/client can access the host system from another computer using the
installed software.

 Usually, both systems should be connected to the Internet, and the IP address of the
host/server system must be known.

 Remote administration is therefore less practical if the host uses a dial-up modem,
which is not constantly online and often has a Dynamic IP.

B. Connecting

 When the client connects to the host computer, a window showing the Desktop of the
host usually appears.

 The client may then as if he/she were sitting right in front of it.

 Windows has a built-in remote administration package called Remote Desktop

Connection.

 A free cross-platform alternative is VNC (Virtual Network Computing) which offers

similar functionality.

50
Tasks/Services of Remote Administration

 Generally, remote administration is needed for:

 User management,

 File system management,

 Software installation/configuration,

 Network management,

 Network Security/Firewalls,

 VPN,

 Infrastructure Design,

 Network File Servers,

 Auto-mounting etc. and

 kernel optimization/ recompilation.

 The following are some of the tasks/ services for which remote administration need to
be done:

1. General Management

 Controlling one’s own computer from a remote location (e.g. to access the software
or data on a personal computer from an Internet café).

2. ICT Infrastructure Management

 Remote administration essentially needed to administer the ICT infrastructure such

as the servers, the routing and switching components, the security devices and other
such related.

3. Shutdown a computer

 Shutting down or rebooting a computer over a network.

4. Accessing Peripherals

 Using a network device, like printer remotely can access

 Retrieving streaming data, much like a CCTV system.

51
5. Modifying System Services and Settings

 Editing another computer’s Registry settings,

 Remotely connect to another machine to troubleshoot issues

 Modifying system services,

 Installing software on another machine,

 Modifying logical groups.

6. Viewing programs or files or monitor remote computer activities

 Remotely run a program or copy a file

 Remotely assisting others,

 Supervising computer or Internet usage (monitor the remote computers activities)

 Access to a remote system’s “Computer Management” snap-in.

7. Hacking

 Computers infected with malware, such as Trojans, sometimes open back doors
into computer systems which allow malicious users to hack into and control the
computer.

 Such users may then add, delete, modify or execute files on the computer to their
own ends.

1.3.3 Remote Desktop Solutions

 Most people who are used to a Unix-style environment know that a

machine can be reached over the network at the shell level using utilities
like telnet or ssh.

 And some people realize that X Windows output can be redirected back to
the client workstation.

 But many people don’t realize that it is easy to use an entire desktop over
the network.

 The following are some of proprietary and open-source applications that

can be used to achieve this.

52
A. SSH (Secure Shell)

 Secure Shell (SSH) is a proprietary cryptographic network tool for secure data
communication between two networked computers that connects, via a secure channel
over an insecure network, a server and a client (running SSH server and SSH client
programs, respectively).

 The protocol specification distinguishes between two major versions that are referred to
as SSH-1 and SSH-2.

 The best-known application of the tool is for access to shell accounts on Unix-like
operating systems- GNU/Linux, OpenBSD, FreeBSD, but it can also be used in a similar
fashion for accounts on Windows.

 SSH is generally used to log into a remote machine and execute commands.

 It also supports tunnelling, forwarding TCP ports and X11 connections, it can transfer
files using the associated SSH file transfer (SFTP) or secure copy (SCP) protocols. SSH
uses the client-server model.

 SSH is important in cloud computing to solve connectivity problems, avoiding the

security issues of exposing a cloud-based virtual machine directly on the Internet.

 An SSH tunnel can provide a secure path over the Internet, through a firewall to a virtual
machine.

B. OpenSSH (OpenBSD Secure Shell)

 OpenSSH is a tool providing encrypted communication sessions over a computer

network using the SSH protocol.

 It was created as an open-source alternative to the proprietary Secure Shell software suite
offered by SSH Communications Security.

53
C. Telnet

 Telnet is used to connect a remote computer over network.

 It provides a bidirectional interactive text- oriented communication facility using a

virtual terminal connection on internet or local area networks.

 Telnet provides a command-line interface on a remote host.

 Most network equipment and operating systems with a TCP/IP stack support a Telnet
service for remote configuration (including systems based on Windows NT).

 Telnet is used to establish a connection to Transmission Control Protocol (TCP) on port

number 23, where a Telnet server application (telnetd) is listening.

 Experts in computer security, recommend that the use of Telnet for remote logins should
be discontinued under all normal circumstances, for the following reasons:

 Telnet, by default, does not encrypt any data sent over the connection (including
passwords), and so it is often practical to eavesdrop on the communications and use the
password later for malicious purposes; anybody who has access to a router, switch, hub
or gateway located on the network between the two hosts where Telnet is being used can
intercept the packets passing by and obtain login, password and whatever else is typed
with a packet analyzer.

 Most implementations of Telnet have no authentication that would ensure communication

is carried out between the two desired hosts and not intercepted in the middle.

 Several vulnerabilities have been discovered over the years in commonly used Telnet
daemons.

D. rlogin

 rlogin is a utility for Unix-like computer operating systems that allows users to log in on
another host remotely through network, communicating through TCP port 513.

 rlogin has several serious security problems- all information, including passwords is
transmitted in unencrypted mode.

 rlogin is vulnerable to interception.

 Due to serious security problems, rlogin was rarely used across distrusted networks (like
the public Internet) and even in closed networks.

54
D. rsh

 The remote shell (rsh) can connect a remote host across a computer network.
 The remote system to which rsh connects runs the rsh daemon (rshd).
 The daemon typically uses the well-known Transmission Control Protocol (TCP) port
number 514.
 In security point of view, it is not recommended.
E. VNC (Virtual Network Computing)
 VNC is a remote display system which allows the user to view the desktop of a remote
machine anywhere on the Internet.
 It can also be directed through SSH for security.
 Install VNC server on a computer (server) and install client on local PC. Setup is
extremely easy and server is very stable.
 On client side, set the resolution and connect to IP of VNC server.
F. FreeNX

 FreeNX allows to access desktop from another computer over the Internet.

 One can use this to login graphically to a desktop from a remote location.

 One example of its use would be to have a FreeNX server set up on home computer, and
graphically logging in to the home computer from work computer, using a FreeNX client.

G. Wireless Remote Administration

 Remote administration software has recently started to appear on wireless devices such as
the BlackBerry, Pocket PC, and Palm devices, as well as some mobile phones.

 Generally, these solutions do not provide the full remote access seen on software such as
VNC or Terminal Services, but do allow administrators to perform a variety of tasks,
such as rebooting computers, resetting passwords, and viewing system event logs, thus
reducing or even eliminating the need for system administrators to carry a laptop or be
within reach of the office.

 AetherPal and Netop are some of the tools used for full wireless remote access and
administration on Smartphone devices.

 Wireless remote administration is usually the only method to maintain man-made objects
in space.

55
G. Remote Desktop Connection (RDC)

 Remote Desktop Connection (RDC) is a Microsoft technology that allows a local

computer to connect to and control a remote PC over a network or the Internet.

 It is done through a Remote Desktop Service (RDS) or a terminal service that uses the
company’s proprietary Remote Desktop Protocol (RDP).

 Remote Desktop Connection is also known simply as Remote Desktop.

 Typically, RDC requires the remote computer to enable the RDS and to be powered
on.

 The connection is established when a local computer requests connection to a remote

computer using an RDC-enabled software.

 On authentication, the local computer has full or restricted access to the remote
computer.

 Besides desktop computers, servers and laptops, RDC also supports connecting to
virtual machines.

 This technology was introduced in Windows XP.

 Alternatively referred to as remote administration, remote admin is way to control

another computer without physically being in front of it.

 Below are examples of how remote administration could be used.

 Remotely run a program or copy a file.

 Remotely connect to another machine to troubleshoot issues.

 Remotely shutdown a computer.

 Install software to another computer.

 Monitor the remote computers activity.

56
Disadvantages of Remote Administration

 Remote administration has many disadvantages too apart from its advantages.

 The first and foremost disadvantage is the security.

 Generally, certain ports to be open at Server level to do remote administration.

 Due to open ports, the hackers/attackers take advantage to compromise the system.

 It is advised that remote administration to be used only in emergency or essential

situations only to do administration remotely.

 In normal situations, it is ideal to block the ports to avoid remote administration.

Access Services

 Network access services provide businesses with communication links to carrier and
service provider wide area networks.

 A telephone is connected via twisted-pair copper wire (the local loop) to the public
telephone network where switches connect calls.

 Internet users can connect to the Internet over the same local loop or use a variety of
other services, including cable TV connections, wireless connections, and fibber-optic
connections.

 Network access service means the provision by a local exchange telecommunication

service provider of the use of its local exchange network by an inter- exchange
telecommunication service provider to originate or terminate the inter-exchange
telecommunication service provider’s traffic carried to or from a distant exchange.

 Access Service means access to a local exchange network for the purpose of enabling a
provider to originate or terminate telecommunication services within the local
exchange.

 Except for end-user common line services, access service does not include access
service to a person who is not a provider

 The following are the most common network access services:

 Broadband Internet access service means a mass-market retail service by wire or

radio that provides the capability to transmit data to and receive data from all or
substantially all Internet endpoints, including any capabilities that are incidental to and
enable the operation of the communications service, but excluding dial-up Internet
access service.

57
 Switched Access Service means the offering of transmission and switching services to
Interexchange Carriers for the purpose of the origination or termination of telephone
toll service.

 Switched Access Services include: Feature Group A, Feature Group B, Feature

Group D, 8XX access, and 900 access and their successors or similar Switched Access
Services

 Wireless service means any service, using licensed or unlicensed wireless spectrum,
including the use of Wi-Fi, whether at a fixed location or mobile, provided to the public
using a network node.

 Online Services means Microsoft-hosted services to which Customer subscribes

under this Agreement.

 It does not include software and services provided under separate license terms

 Support Services means support in relation to the use of, and the identification and
resolution of errors in, the Hosted Services, but shall not include the provision of
training services;

 Conditional Access System means any technical measure and/or arrangement

whereby access to a protected radio or television broadcasting service in intelligible
form is made conditional upon subscription or other form of prior individual
authorisation

 Integrated Services Digital Network (ISDN) means a switched network service that
provides end-to-end digital connectivity for the simultaneous transmission of voice
and data.

 Basic Rate Interface-ISDN (BRI-ISDN) provides for a digital transmission of two 64

Kbps bearer channels and one 16 Kbps data channel (2B+D

58
 Chapter Four

The file system

File System

 File system is a method for storing and organizing computer files and the data they
contain to make it easy to find and access them.

 Most file systems make use of an underlying data storage device such as Hard Disks that
offers access to an array of fixed-size blocks which is the smallest logical amount of disk
space that can be allocated to hold a file.

 File systems typically have directories which associate file names with files, usually by
connecting the file name to an index in a file allocation table of some sort, such as the
FAT in a DOS file system, or an incode in a Unix-like file system.

 File names are simple strings, and per-file Metadata is maintained which is the book
keeping information, typically associated with each file within a file system.

 Metadata could contain file attributes such as file size, data and time of creation or
modification of the file, owner of the file, access permissions etc.

Types of File System

 File system types can be classified into

 disk file systems,

 network file systems ()

 flash file systems.

 A disk file system is a file system designed for the storage of files on a data storage
device, most commonly a disk drive e.g. FAT, NTFS, etx2, ext3 etc.

 A network file system is a file system that acts as a client for a remote file access
protocol, providing access to files on a server e.g. NFS(Network File System),
SMB(Server Message Block) etc.

 A flash file system is a file system designed for storing files on flash memory devices.

59
File System and OS

 Operating systems provide a file system, as a file system is an integral part of any modern
operating system.

 Windows Operating system supports FAT and NTFS File Systems

 Linux popularly supports ext2 and ext3 File Systems

 Other flavors of Operating Systems may support other File Systems like UFS in many
UNIX Operating Systems and HFS in MAC OS X.

 All Operating Systems provide a user interface like Command Line (CLI) or File
Browser to access and manage File System information.

FAT (DOS/Windows File System)

 The File Allocation Table (FAT) file system was initially developed for DOS Operating
System and was later used and supported by all versions of Microsoft Windows.

 It was an evolution of Microsoft's earlier operating system MS-DOS and was the
predominant File System in Windows versions like 95, 98, ME etc.

 All the latest versions of Windows still support FAT file system although it may not be
popular.

 FAT had various versions like FAT12, FAT16 and FAT32. Successive versions of FAT
were named after the number of bits in the table: 12, 16 and 32.

Windows File System (NTFS New Technology File System)

 NTFS or the NT File System was introduced with the Windows NT operating system.

 NTFS allows ACL-based permission control which was the most important feature
missing in FAT File System.

 Later versions of Windows like Windows 2000, Windows XP, Windows Server 2003,
Windows Server 2008, and Windows Vista also use NTFS.

 NTFS has several improvements over FAT such as security access control lists (ACL)
and file system journaling.

60
File System in Linux

 Linux supports many different file systems, but common choices for the system disk
include the ext family (such as ext2 and ext3), XFS, JFS and Reiser FS.

 The ext3 or third extended file system is a journaled file system and is the default file
system for many popular Linux distributions.

 It is an upgrade of its predecessor ext2 file system and among other things it has added
the journouling feature.

 A journaling file system is a file system that logs changes to a journal (usually a circular
log in a dedicated area) before committing them to the main file system. Such file
systems are less likely to become corrupted in the event of power failure or system crash.

FAT

 FAT == File Allocation Table

 FAT is located at the top of the volume.

 two copies kept in case one becomes damaged.

 Cluster size is determined by the size of the volume.

Volume size VS Cluster size

Drive Size Cluster Size Number of Sectors

----------------------------- -------------------- ---------------------------

512MB or less 512 bytes 1

513MB to 1024MB(1GB) 1024 bytes (1KB) 2

1025MB to 2048MB(2GB) 2048 bytes (2KB) 4

2049MB and larger 4096 bytes (4KB) 8

FAT block indexing

61
FAT Limitations

 Entry to reference a cluster is 16 bits.

 Thus, at most 2^16=65,536 clusters accessible.

 Partitions are limited in size to 2~4 GB.

 Too small for today’s hard disk capacity!

 For partition over 200 MB, performance degrades rapidly.

 Wasted space in each cluster increases.

Two copies of FAT…

 still susceptible to a single point of failure!

62
FAT32

 Enhancements over FAT

 More efficient space usage

 By smaller clusters.

 Why is this possible? 32-bit entry…

 More robust and flexible

 root folder became an ordinary cluster chain; thus, it can be located anywhere on
the drive.

 back up copy of the file allocation table.

 less susceptible to a single point of failure.

NTFS

 MFT == Master File Table

 Analogous to the FAT

 Design Objectives

Fault-tolerance

 Built-in transaction logging feature.

Security

 Granular (per file/directory) security support.

Scalability

 Handling huge disks efficiently.

 Scalability

 NTFS references clusters with 64-bit addresses.

 Thus, even with small sized clusters, NTFS can map disks up to sizes that we
won't likely see even in the next few decades.

63
 Reliability

 Under NTFS, a log of transactions is maintained so that CHKDSK can roll back
transactions to the last commit point in order to recover consistency within the file
system.

 Under FAT, CHKDSK checks the consistency of pointers within the directory,
allocation, and file tables.

 It allows you to access files on remote hosts in exactly the same way you would access
local files.

 NFS offers a number of useful features:

 Data accessed by all users can be kept on a central host, with clients
mounting this directory at boot time.

 For example, you can keep all user accounts on one host and have all hosts
on your network mount /home from that host.

 If NFS is installed beside NIS, users can log into any system and still
work on one set of files.

 Data consuming large amounts of disk space can be kept on a single host.

 For example, all files and programs relating to LaTeX and METAFONT can be kept and
maintained in one place.

 Administrative data can be kept on a single host.

 There is no need to use rcp to install the same stupid file on 20 different machines.

64
NTFS Metadata Files

NTF
S : MFT record

65
MFT record for directory

Application~ File System Interaction

66
Open (file…) under the hood

Types of Linux file systems

67
 1. Ordinary files

 Is a file on the system that contains data, text, or program instructions.

 Used to store your information, such as some text you have written or an image you have
drawn.
 This is the type of file that you usually work with.
 Always located within/under a directory file.
 Do not contain other files.
 In long-format output of ls -l, this type of file is specified by the “-” symbol.
2. Directories

 Directories store both special and ordinary files.

 For users familiar with Windows or Mac OS, UNIX directories are equivalent to folders
 A directory file contains an entry for every file and subdirectory that it houses.
 If you have 10 files in a directory, there will be 10 entries in the directory.
 Each entry has two components.
 (1) The Filename
(2) A unique identification number for the file or directory (called the inode
number)
3. Special Files

 Used to represent a real physical device such as a printer, tape drive or terminal, used for
Input/Ouput (I/O) operations.
 Device or special files are used for device Input/Output(I/O) on UNIX and Linux
systems.
4. Pipes

 UNIX allows you to link commands together using a pipe.

 The pipe acts a temporary file which only exists to hold data from one command until it
is read by another.
 A Unix pipe provides a one-way flow of data.
 The output or result of the first command sequence is used as the input to the second
command sequence.

68
5. Sockets

 A Unix socket (or Inter-process communication socket) is a special file which allows for
advanced inter-process communication.

 A Unix Socket is used in a client-server application framework. In essence, it is a stream

of data, very similar to network stream (and network sockets), but all the transactions are
local to the filesystem.

 In long-format output of ls -l, Unix sockets are marked by “s” symbol.

6. Symbolic Link

 Symbolic link is used for referencing some other file of the file system.

 Symbolic link is also known as soft link.

 It contains a text form of the path to the file it references.

 To an end user, symbolic link will appear to have its own name, but when you try reading
or writing data to this file, it will instead reference these operations to the file it points to.

 If we delete the soft link itself, the data file would still be there.

 If we delete the source file or move it to a different location, symbolic file will not
function properly

Log files and syslog

 Syslog is a way for network devices to send event messages to a logging server – usually
known as a Syslog server.

 System logs deal primarily with the functioning of the Ubuntu system, not necessarily
with additional applications added by users.

 Examples include authorization mechanisms, system daemons, system messages, and the
all-encompassing system log itself, syslog.

69
Types of Files

Linux defines seven types of files.

 Regular Files: - Most files used directly by a human user are regular files. For example,
executable files, text files, and image files are regular files.

 Directories: - organize folders and files into a hierarchical structure.

 Devices

 Character Devices
 Block Devices
 Sockets and Named Pipes
 Symbolic Links: is a pointer or an alias to another file.
Files and Directories

 Everything is referenced via a file

 Directories

o List of files & inodes

o “.” – Reference to the current directory

o “..” – Reference to parent directory

o Root (/) – “.” and “..” are the same

70
  Inodes (index node) :- contains details about each file, such as the node, owner, file,
location of file
Standard directories and their contents

71
Device Files

 Character Devices

 Transfer unit: byte

 Example: /dev/console

 Block Devices

 Transfer unit: Group of bytes (block)

 Examples: /dev/hda

 Device Numbers

 Major – Type of device

 Minor – Device number

Sockets & Named Pipes

 Enables communication between processes

 Socket

 Processed must have a connection first

 Example: X Windows

72
  Named Pipe

 Communication between unrelated processes

 FIFO

 Not used very often

Link Files

 Multiple names for same file

 Hard Link

 Pointer to Inode

 Can’t cross partitions

 Equivalent to the original file reference

 File removed when all links deleted

 Symbolic (Soft) Links

 Pointer to file path name

 Dangling symlink – Real file which no longer exists

 ln [-s] <real_file> <link_file>

Magic Numbers

 Byte pattern at beginning of file

 Patterns listed in file called magic

RedHat: /usr/share/magic

 file – Tests a file to determine type

 Filesystem Test

 Magic Number Test

 Language Test

73
MS File/Directory Attributes

UNIX/Linux File Attributes

74
Viewing File Attributes

ls –l: Long listing (includes attributes)

 File Type

 Permissions

 Link Count

 Ownership

 File Size/Device #

 Modification Date

 File Name

stat: Lists all attributes

File Type Attribute

75
Ownership

Permissions

76
Changing Access

Numeric/Symbolic Permissions

77
Default Permissions

 umask Shell Environment Variable

 Defines permissions to remove

Special Attributes

 Setuid (SUID) Bit

 Run program with access of owner

 Symbolic: s

 Numeric: 4000

 Setgid (SGID) Bit

 Run program with access of owner group

 Symbolic: s

 Numeric: 2000

78
Sticky Bit

 Purpose

 File: Force program to stay in RAM (obsolete)

 Directory: Cannot remove file unless you own the file or directory

 Symbolic: t

 Numeric: 1000

 Example: /tmp

Microsoft Permissions

 Read
 Create
 Write
 Append
 Delete
 Execute
 Search
 Ownership
 Access Control
GUI and Command Line (cacls) tools to manage

Searching the Filesystem

find: Command line search tool

 Searches through directory hierarchy

 Search by any combination of file names and attributes

 Display files or perform operations on them

 Examples:

 find /var –mtime -1

 find / -name core –exec rm –f {} \;

79
 CHAPTER FIVE

Introducing Windows Server and Controlling Processes

Introduction to Operating Systems

 An operating system (OS) is a set of basic programming instructions to computer

hardware, forming a layer of programming code on which most other functions of the
computer are built.

 The kernel is the programming code that is the core of the operating system.

 Code is a general term that refers to instructions written in a computer

programming language.

 Computer hardware consists of physical devices such as the central processing unit
(CPU), circuit boards, the monitor and keyboard, and disk drives.

 Two types of operating systems will be covered in this book:

 Desktop operating system – installed on a personal computer (PC) type of

computer that is used by one person at a time, and that may or may not be
connected to a network.

 Examples of installations are desktop computers, laptops, and iMac

computers

 Server operating system – installed on a more powerful computer that is

connected to a network and enables multiple users to access information
such as e-mail, files, and software.

 Examples of hardware with a server OS include traditional

server hardware, rack-mounted server hardware, and blade
servers.

 Traditional server – often used by small or medium businesses

 Usually consists of a monitor, CPU box, keyboard, and mouse

 Rack-mounted server – CPU boxes mounted in racks(rack) that can hold multiple
servers

 All servers often share one monitor and pointing device

80
  Blade servers – looks like a card that fits into a blade enclosure

 A blade enclosure is a large box with slots for blade servers

 Medium and large organizations use blade servers to help conserve space and to
consolidate server management

Tasks of Operating Systems

 A basic task of an OS is to take care of input/output (I/O) functions, which let other
programs communicate with the computer hardware

 Some examples of I/O tasks:

 Handle input from the keyboard, mouse, and other input devices

 Handle output to the monitor and printer

 Handle remote communications using a modem

 Manage network communications, such as for a local network and the Internet

 Control input/output for devices such as network interface card

 Control information storage and retrieval using various types of disk

 Enable multimedia use for voice and video composition or reproduction, such as
recording video from a camera or playing music

General tasks for all operating systems

81
Role of a Server Operating System

 Hardware or Software? Server software is ambiguous; can run on multiple different

platforms (i.e. laptop)

 Windows Server 2008 roles short summary:

 File and Printer sharing

 Web server

 Routing and Remote Access Services (RRAS)

 Domain Name System (DNS)

 Dynamic Host Configuration Protocol (DHCP)

 File Transfer Protocol (FTP) Server

 Active Directory

 Distributed File System (DFS)

 Fax Server

Windows Server 2008 Editions

 Windows Server 2008 Standard Edition

 Smaller organizations consisting of a few hundred users or less

 Windows Server 2008 Enterprise Edition

 Larger companies with more needs

 Windows Server 2008 Datacenter Edition

 Companies that run high powered servers with considerable resources

 Windows Web Server 2008

 Similar to Standard.

 User base varies from small businesses to corporations with large departments

82
Windows 2008 Standard Edition

 Up to 4 physical processors allowed

 Available in 32-bit or 64-bit versions

 32-bit version supports up to 4 GB of RAM, 64-bit version up to 32 GB

 Lacks more advanced features, such as clustering

 64-bit version can install one virtual instance of Server 2008 Standard Edition with
Hyper-V

Windows Server 2008 Datacenter Edition

 All the features of Enterprise Edition

 Up to 32 physical processors in 32-bit version, 64 processors in 64-bit

 Extra fault tolerance features: hot-add and hot-replace memory or CPU

 Can’t be purchased as individual license, only through volume license or through OEMs
original equipment manufacturer(pre-installed)

 Unlimited number of virtual instances

Windows Web Server 2008

 Designed to run Internet Information Services (IIS) 7.0

 Hardware support similar to Standard Edition

 Lacks many of the features present in other editions

 Typically used when roles such as Active Directory or Terminal Services are not required

System Requirements (All editions)

83
Windows Server 2008 Core Technologies

 New Technology File System

 Active Directory

 Microsoft Management Console

 Disk Management

 File and printer sharing

 Windows networking

 Internet Information Services

NTFS

 New Technology File System

 Successor to FAT/FAT32

 Native support for long filenames, file and folder permissions, support for large files and
volumes, reliability, compression, and encryption

 Most significant is the added ability for more granular file access control

Active Directory

 Provides a single point of administration of resources (Users, groups, shared printers,

etc.)
 Provides centralized authentication and authorization of users to network resources
 Along with DNS, provides domain-naming services and management for a Windows
domain.
 Enables administrators to assign system policies, deploy software to client computers,
and assign permissions and rights to users of network resources
Microsoft Management Console (MMC)

 Creates a centralized management interface for administrators

 Uses snap-ins, which are designed to perform specific administrative tasks (such as disk
management or active directory configuration)

 Multiple snap-ins can be combined into a single MMC, providing quicker access to
commonly used tools

84
Disk Management

 Monitors disk and volume status

 Initializes new disks
 Creates and formats new volumes
 Troubleshoots disk problems
 Configures redundant disk configurations (RAID)
File and Printer Sharing

 Shadow copies
 Disk quotas
 Distributed File System (DFS)
 Also possible to configure options that allow redundancy, version control, and user
storage restrictions.
Windows Networking Concepts

 The Workgroup Model

 A small group of computers that share common roles, such as sharing files or
printers.
 Also called a peer-to-peer network
 Decentralized logons, security, and resource sharing
 Easy to configure and works well for small groups of users (fewer than 10)
 A Windows Server 2008 server that participates in a workgroup is referred to as a
stand-alone server
 The Domain Model

 Preferred for a network of more than 10 computers or a network that requires

centralized security and resource management

 Requires at least one computer to be a domain controller

 A domain controller is a Windows server that has Active Directory installed and
is responsible for allowing client computers access to domain resources

 A member server is a Windows Server that’s in the management scope of a

domain but doesn’t have Active Directory installed

85
Windows Networking Components

 Network Interface

 Composed of two parts; the network interface card (NIC) and the device driver
software

 Network Protocol

 Specifies the rules and format of communication between network devices

 Network Client and Server Software

 Network client sends requests to a server to access network resources

 Network server software receives requests for shared network resources and
makes those resources available to a network client

Internet Information Services

 Windows Server 2008 provides IIS 7.0

 Modular design

 Unused features aren’t available for attackers to exploit

 Extensibility

 Functionality is easily added via modular design

 Manageability

 Delegated administration; can assign control over some aspects of the website to
developers and content owners

 Appcmd.exe provides the ability to manage IIS via scripts and batch files

Windows Server 2008 Roles

 Server role is a major function or service that a server performs

 Role services add functions to main roles

 Server features provide functions that enhance or support an installed role or add a stand-
alone function

 A server can be configured for a single role or multiple roles

86
Active Directory Certificate Services

 A digital certificate is an electronic document containing information about the certificate

holder and the entity that issued the certificate

 The Active Directory Certificate Services role provides services for creating, issuing, and
managing digital certificates

 AD CS can include other server roles for managing certificates

Active Directory Domain Services

 Active Directory Domain Services (AD DS) installs Active Directory and turns Windows
Server 2008 into a domain controller

 Read Only Domain Controller (RODC)

 Provides the same authentication and authorization services as a standard domain

controller

 Changes cannot be made on an RODC directly

 Updated periodically by replication from standard domain controllers

Other Active Directory Related Roles

 Active Directory Federation Services (AD FS)

 Active Directory Lightweight Directory Services (AD LDS)

 Active Directory Rights Management Services (AD RMS)

Application Server

 Provides high-performance integrated environment for managing, deploying, and running

client/server business applications.

 Applications for this role usually built with one or more of the following technologies:
IIS, ASP.NET, Microsoft .NET Framework, COM+, and Message Queuing

87
DHCP Server

 Dynamic Host Configuration Protocol Server role provides automatic IP address

assignment and configuration for client computers

 Can provide default gateway address, DNS server addresses, WINS server addresses, and
other options

 Windows Server 2008’s DHCP server role provides support for IPv6

 DNS Server resolves the names of Internet computers and computers that are members of
a Windows Domain to their assigned IP addresses.

 When installing Active Directory, you can specify an existing DNS server or install DNS
on the same server as Active Directory

Fax Server

 Provides tools to managed shared fax resources and allow users to send and receive faxes

 After the role is installed, you can

 Manage users who have access to fax resources

 Configure fax devices

 Create rules for routing incoming and outgoing faxes

 Monitor and log use of fax resources

File Services

 Provide high availability, reliable, shared storage to Windows and other client OSs

 Installing File Services role installs the File Server service automatically

Hyper-V

 Provides services to create and manage virtual machines on a Windows Server 2008
computer

 A virtual machine is a software environment that simulates the computer hardware an OS

requires for installation

 Installing an OS on a virtual machine is done using the same methods used on a physical
machine

88
Network Policy and Access Services

 Provides Routing and Remote Access Services (RRAS)

 Other services that can be installed

 Network Policy Server (NPS)

 Health Registration Authority (HRA)

 Host Credential Authorization Protocol (HCAP)

Print Services

 Enables administrators to manage access to network printers

 Installs Print Server by default

 Internet Printing role service enables Web-based management of network printers

 Line Printer Daemon (LPD) role service provides compatibility with Linux/UNIX clients

Terminal Services

 Enables users and administrators to control a Windows desktop remotely / run

applications hosted on a server remotely

 Terminal server role permits up to two simultaneous remote desktop sessions

 Additional sessions require TS Licensing role service and license purchases

 Other roles

 TS Sessions Broker

 TS Gateway

 TS Web Access

UDDI Services

 Universal Description, Discovery, and Integration (UDDI) Services enables

administrators to manage, catalog, and share web services

 Allows users to search for web services available to them

 Gives developers a catalog of existing applications and development work

89
Web Server (IIS)

 Consists of role services Web Server, management tools, and FTP publishing

 Secondary role services can be installed for additional features

Windows Deployment Services

 Simplifies the installation of Windows over a network

 Can install and remotely configure Windows Vista and Server 2008 systems

 WDS is an improved version of Remote Installation Services (RIS) found in Windows

Server 2000 and 2003

New Features in Windows Server 2008

 Server Manager

 Server Core

 Hyper-V virtualization

 Storage management enhancements

 Networking enhancements

 Network Access Protection

 Windows Deployment Services

 New Active Directory roles

 Terminal Services enhancements

Server Manager

I. Provides a single interface for installing, configuring, and removing a variety of server
roles and features on a server.

II. Summarizes server status and configuration

III. Includes tools to diagnose problems, manage storage, and perform general configuration
tasks

IV. Consolidates tools from Windows Server 2003

90
Server Core

 Has a minimum environment and lacks a full GUI

 Can install the following server roles:

 Active Directory Domain Services (AD DS)

 Active Directory Lightweight Directory Services (AD LDS)

 Dynamic Host Configuration Protocol (DHCP) Server

 DNS Server

 File Services

 Print Server

 Streaming Media Services

 Web Server

 Hyper-V

Core supports additional features to enhance server roles:

 Microsoft Failover Clustering

 Network Load Balancing

 Subsystem for UNIX-based Applications

 Windows Backup

 Multipath I/O

 Removable Storage Management

 Windows Bitlocker Drive Encryption

 Simple Network Management Protocol (SNMP)

 Windows Internet Naming Service (WINS)

 Telnet client

 Quality of Service (QOS)

91
 Server Core lacks the ability to install the following server roles (and their optional
features):

 Application Server

 Active Directory Rights Management Services

 Fax Server

 UDDI Services

 Windows Deployment Services

 Active Directory Certificate Services

 Network Policy and Access Services

 Terminal Services

 Active Directory Federation Services

92
Hyper-V

 Virtualization isolates critical applications

 Virtualization helps to consolidate multiple physical servers into a singular server

 Using a virtual machine increases the ease of backing up essential servers

 Updates or changes to an OS can be made on a virtual machine to test stability before

being applied to a production machine

 Reduces the need for physical devices in educational environments

 Hyper-V Requirements:

 64-bit version of Windows Server 2008 Standard, Enterprise, or Datacenter

Edition

 A server running a 64-bit processor with virtualization support and hardware data
execution protection.

 Enough free memory and disk space to run virtual machines and store virtual hard
drives. Virtual machines use the same amount of memory and disk space
resources as a physical machine.

93
Storage Management Enhancements

 Share and Storage Management MMC Snap-in

 File Server Resource Manager

 Windows Server Backup

 Other improvements include:

 Storage Explorer

 SMB 2.0

 Remote boot support

Networking Enhancements

 Improved support for IPv6

 DHCPv6

 Load balancing

 Redesigned TCP/IP stack

 Improved performance, error-detection, and recovery

 Virtual Private Networking

 Secure Socket Tunneling Protocol (SSTP)

Network Access Protection

 Ensures computers are equipped with required security features

 Enables monitoring of anti-virus software and firewall settings

 If a computer does not meet all requirements defined by an administrator, it can be

restricted automatically from accessing certain network resources

 Can force computers to update themselves

94
Windows Deployment Services

 Updates Remote Installation Services

 Allows unattended installation of Windows OSs

 WDS can multicast deployment of disk images, reducing network bandwidth required

 Includes tools to customize the Windows OS for deployment

New Active Directory Roles

 Active Directory Lightweight Directory Services (AD LDS)

 Provides tighter integration for applications that require large amounts of data
retrieval. Does not require a domain controller or domain

 Active Directory Federation Services (AD FS)

 Provides Single Sign-On for users of an organization to access internal resources

as well as external resources inside of a partner organization

 Active Directory Rights Management Services (AD RMS)

 Helps the author of a document decide how a document can be used or modified,
and deny unauthorized user’s access

Terminal Services Enhancements

 RemoteApp

 Rather than accessing a program on a server through remote desktop, the

application appears as if it is actually running locally

 Terminal Services Web Access (TS Web Access)

 Allows users to access applications through a web browser, requiring no

additional software for the client if running Vista

 Can list available RemoteApp programs

 Allows secure, encrypted connections using Secure HTTP (HTTPS) without the
need for a VPN

95
Summary

 A server is defined more by the software installed on hardware as opposed to the

hardware in use. In many cases, a client OS can behave as a server.

 Windows Server 2008 is available in four editions: Standard, Enterprise, Datacenter, and
Windows Web Server 2008

 Core technologies in Windows Server 2008 include NTFS, Active Directory, MMC, disk
management, file and printer sharing, networking components, and IIS

 Windows Server 2008 updates previously available services with additional functionality,
while adding several new services.

Controlling Processes

Control process

 Will give you a list of the processes running on your system.

 With no options, ps will list processes that belong to the current user and have a
controlling terminal.

PID, PPID, UID, GID

 In Linux, an executable stored on disk is called a program, and a program loaded into
memory and running is called a process.

 When a process is started, it is given a unique number called process ID (PID) that
identifies that process to the system.

 If you ever need to kill a process, for example, you can refer to it by its PID.

 Each process is assigned a parent process ID (PPID) that tells which process started it.

 The PPID is the PID of the process’s parent.

 For example, if process1 with a PID of 101 starts a process named process2, then
process2 will be given a unique PID, such as 3240, but it will be given the PPID of 101.

 It’s a parent-child relationship.

 A single parent process may spawn several child processes, each with a unique PID but
all sharing the same PPID.

 Unix-like operating systems identify users within the kernel by a value called a user
identifier, often abbreviated to UID or User ID.

96
  The UID, along with the GID and other access control criteria, is used to determine
which system resources a user can access.

 The password file maps textual usernames to UIDs, but in the kernel, only UID's are
used.

 The effective UID (euid) of a process is used for most access checks. It is also used as the
owner for files created by that process.

GID:

 A group identifier, often abbreviated to GID, is a numeric value used to represent a

specific group.

 The range of values for a GID varies amongst different systems;

 at the very least, a GID can be between 0 and 32,767, with one restriction: the login
group for the superuser must have GID 0.

Priority and nice value

 Nice Sets the priority for a process.

 nice -20 is the maximum priority (only administrative users can assign negative
priorities), nice 20 is the minimum priority.

 You must be root to give a process a higher priority, but you can always lower the
priority of your own processes...

 Example:

 nice -20 make Would execute make and it would run at maximum priority.

Priority vs. nice

 The difference is that PR is a real priority of a process at the moment inside of the kernel
and NI is just a hint for the kernel what the priority the process should have.

 In most cases PR value can be computed by the following formula:

 PR = 20 + NI.

 Thus the process with niceness 3 has the priority 23 (20 + 3) and the process with
niceness -7 has the priority 13 (20 - 7).

 You can check the first by running command nice -n 3 tops.

 It will show that top process has NI 3 and PR 23.

97
  But for running nice -n -7 top in most Linux systems you need to have root privileges
because actually the lower PR value is the higher actual priority is.

Signals, process states, etc.

 A signal is a software interrupt,

 a way to communicate information to a process about the state of other processes,
the operating system, and hardware.
 A signal is an interrupt in the sense that it can change the flow of the program

 when a signal is delivered to a process, the process will stop what it’s doing, either handle
or ignore the signal, or in some cases terminate, depending on the signal.

 Signals may also be delivered in an unpredictable way, out of sequence with the program
due to the fact that signals may originate outside of the currently executing process.

 Another way to view signals is that it is a mechanism for handling asynchronous

events.

 As opposed to synchronous events, which is when a standard program executes iterative,

that is, one line of code following another.

 Asynchronous events occur when portions of the program execute out of order.

 Asynchronous events typically occur due to external events originating at the hardware or
operating system; the signal, itself, is the way for the operating system to communicate
these events to the processes so that the process can take appropriate action.

How we use signals

 Signals are used for a wide variety of purposes in Unix programming, and we've already
used them in smaller contexts.

 For example, when we are working in the shell and wish to "kill all cat programs" we
type the command:

 #> killall cat the killall command will send a signal to all processes named cat that says
"terminate."

 The actually signal being sent is SIGTERM,

 whose purposes is to communicate a termination request to a given process,

 but the process does not actually have to terminate … more on that later.

1. Periodic process
98
1. What is cron?

 Cron is a standard Unix utility that is used to schedule commands for automatic
execution at specific intervals.

 For instance, you might have a script that produces web statistics that you want to run
once a day automatically at 5:00 AM.

 Commands involving cron are referred to as "cron jobs.

 Cron in the Account Control Center

 The ACC has a built-in interface for cron. We recommend that all customers use the
ACC cron interface, although advanced users may use cron manually.

Chapter Six

99
 Dynamic Host Configuration Protocol (DHCP)

A Network & System Administration Perspective

Introduction

• DHCP is s a network service that enables host computers to be automatically assigned

settings from a server.

 Computers configured to be DHCP clients have no control over the settings they
receive from the DHCP server.

 The configuration is transparent to the computer's user.

• The most common settings provided by a DHCP server to DHCP clients include:

 IP address and Subnet Mask

 IP address of the default-gateway to use

 IP addresses of the DNS servers to use

• However, a DHCP server can also supply configuration properties such as:

 Host Name: Eg. www, mail, …

 Domain Name: Eg. ambou.edu.et, aau.edu.et

 Time Server: ntp

 Print Server

• Advantages of using DHCP includes:

 Changes to the network need only be changed at the DHCP server.

 It is also easier to integrate new computers into the network.

 Conflicts in IP address allocation is also reduced.

How DHCP works?

100
 • Manual allocation (MAC address)

 Using DHCP to identify the unique hardware address of each network card
connected to the network.

 Continually supplying a constant configuration each time, the DHCP client makes
a request to the DHCP server using that network device.

 This ensures that a particular address is assigned automatically to that network

card, based on its MAC address.

• Dynamic allocation (address pool)

 The DHCP server will assign an IP address from a pool of addresses (sometimes
also called a range or scope) for a period of time or lease.

 This way, the clients will be receiving their configuration properties dynamically
and on a "first come, first served “basis

 When a DHCP client is no longer on the network for a specified period, the
configuration is expired and released back to the address pool for use by other
DHCP Clients.

• Automatic allocation

 The DHCP automatically assigns an IP address permanently to a device, selecting

it from a pool of available addresses.

 DHCP is used to assign a temporary address to a client, but a DHCP server can
allow an infinite lease time.

DHCP Server Configuration

• DHCP Server configuration on ‘ubuntu’ follows the following steps:

 Installation of the dhcp service (dhcpd)

sudo apt-get install isc-dhcp-server

Note: Edit the /etc/dhcp/dhcp.conf file to change the default confituration.

 Configuration

101
  Most commonly, what you want to do is assign an IP address randomly.
This can be done with settings as follows:

# minimal sample /etc/dhcp/dhcpd.conf

default-lease-time 600;

max-lease-time 7200;

subnet 192.168.1.0 netmask 255.255.255.0 {

range 192.168.1.150 192.168.1.200;

option routers 192.168.1.254;

option domain-name-servers 192.168.1.1, 192.168.1.2;

option domain-name "mydomain.example";}

 This will result in the DHCP server giving clients an IP address from the range
192.168.1.150-192.168.1.200.

 It will lease an IP address for 600 seconds if the client doesn't ask for a specific
time frame.

 Otherwise the maximum (allowed) lease will be 7200 seconds.

 The server will also "advise" the client to use 192.168.1.254 as the default-
gateway

 192.168.1.1 and 192.168.1.2 as its DNS servers.

• After changing the config file you have to restart the dhcpd:

 sudo /etc/init.d/isc-dhcp-server restart

Name Server and Configuration

102
 • The Domain Name System (DNS) is a distributed database.

 This allows local control of the segments of the overall database, yet the data in
each segment is available across the entire network through a client-server
scheme.

• DNS's distributed database is indexed by domain names.

 Each domain name is essentially just a path in a large inverted tree, called the
domain name space.

• DNS's tree can branch any number of ways at each intersection point, or node.

Name Server …

• The depth of the tree is limited to 127 levels.

 Each node in the tree has a text label (without dots) that can be up to 63 characters
long.

 A null (zero-length) label is reserved for the root.

 Domain names are always read from the node toward the root, with dots
separating the names in the path.

 When the root node's label appears by itself, it is written as a single dot (.) for
convenience.

 DNS requires that sibling nodes have different labels.

 Restriction guarantees that a domain name uniquely identifies a single node in the
tree.

103
• The domain name of a domain is the same as the domain name of the node at the very top
of the domain.

• So for example, the top of the purdue.edu domain is a node named purdue.edu

• Any domain name in the subtree is considered a part of the domain.

• Because a domain name can be in many subtrees, it can also be in many domains.

• For example, the domain name pa.ca.us is part of the ca.us domain and also part of the us
domain

104
Internet Domain Name Space

• The original top-level domains divided the Internet domain name space organizationally
into seven domains:

 com

 Commercial organizations, such as Hewlett-Packard (hp.com), Sun

Microsystems (sun.com), and IBM (ibm.com).

 edu

 Educational organizations, such as Ambo University (ambou.edu) and

Purdue University (purdue.edu).

 gov

 Government organizations, such as INSA (insa.gov) and the Ministry of

Foreign Affairs (mfa.gov).

 mil

 Military organizations, such as the U.S. Army (army.mil ) and Navy

(navy.mil ).

 net

 Organizations providing network infrastructure, such as EthioTelecom

(ethiotelecom.net) and UUNET (uu.net).

105
  org

 Formerly, noncommercial organizations, such as the Electronic Frontier

Foundation (eff.org ). Like net, however, restrictions on org were removed
in 1996.

 int

 International organizations, such as NATO (nato.int).

Delegation

• Decentralize administration in DNS is achieved through delegation.

 An organization administering a domain can divide it into subdomains.

 Each of those subdomains can be delegated to other organizations.

 An organization becomes responsible for maintaining all the data in that

subdomain.

 It can freely change the data, and even divide up its subdomain into more
subdomains and delegate those.

 Not all organizations delegate away their whole domain.

 A domain may have several delegated subdomains and also contain hosts that
don't belong in the subdomains.

 For example, the Ambo University has a campus at Awaro and Woliso. So it
might have a awaro.ambou.edu.et subdomain and a woliso.ambou.edu.et
subdomain.

106
Name Servers and Zones

• The programs that store information about the domain name space are called name
servers.

• Name servers generally have complete information about some part of the domain name
space (a zone), which they load from a file or from another name server.

 The other name server is called Forwarder.

• The name server is then said to have authority for that zone. Name servers can be
authoritative for multiple zones, too.

• All top-level domains, and many domains at the second level and lower, such as
berkeley.edu and hp.com, are broken into smaller, more manageable units by delegation.

• These units are called zones.

Zone Data Files

• Most entries in zone data files are called DNS resource records.

• DNS lookups are case-insensitive, so you can enter names in your zone data files in
uppercase, lowercase, or mixed case.

 Commonly all lowercase is used.

107
Types of DNS Resource Records

• SOA record

 Indicates authority for this zone (Start Of Authority)

• NS record

 Lists a name server for this zone

• A record

 Name-to-address mapping

• PTR records

 Address-to-name mapping

• CNAME records

 Canonical name (for aliases)

• MX records

 Records for Mail Exchange server

Example

108
Resolver

• Resolvers are the clients that access name servers. Programs running on a host that need
information from the domain name space use the resolver.

• The resolver handles the following tasks:

 Querying a name server

 Interpreting responses (which may be resource records or an error)

 Returning the information to the programs that requested it

Name Space Resolution

• Name servers are adept at retrieving data from the domain name space.

• They have to be, given the limited intelligence of most resolvers.

• Not only can they give you data from zones for which they're authoritative, they can also
search through the domain name space to find data for which they're not authoritative.

• This process is called name resolution or simply resolution.

Resolution…

• Because the namespace is structured as an inverted tree, a name server needs only one
piece of information to find its way to any point in the tree:

 The domain names and addresses of the root name servers

 A name server can issue a query to a root name server for any domain name in the
domain name space, and the root name server starts the name server on its way.

Resolution Process

109
Adding More Name Servers

• Primary and Slave Name Servers

 In large networks it is a good idea to define name servers and give them authority.

 Primary Name Server is Authoritative

 Secondary Name Server is active when Primary NS fails

• Caching Only Name Servers

 The name implies that the only function this server performs is looking up data
and caching it.

 They are not authoritative for any zones (except 0.0.127.in-addr.arpa).

BIND

• BIND (Berkeley Internet Name Domain) is the default name server for Linux OS.

• Installation and Configuration:

 Update your server and Install BIND on it. Execute the following commands one
by one.

$sudo apt-get update

$sudo apt-get install bind9 bind9utils bind9-doc

 Before proceeding you can optionally set bind9 to IPv4 mode.

$sudo nano /etc/default/bind9

 Add "-4" to the OPTIONS variable. Then save and exit. It should look like the
following:

OPTIONS="-4 -u bind"

110
 Chapter 7
Mail Server Basics

Linux OS Perspective

How the staff works

• E-Mail is a mechanism by which peoples send and receive electronic message over the
Internet.

• It gives us the ability to contact any person in the world in a matter of seconds.

• With E-Mail, on can compose a message, attach any necessary files, and send it to the
recipient.

• The main components of an e-mail system that facilitate sending and receiving of e-mails
on Internet are:

 An e-mail client

 An e-mail server (SMTP server)

 POP and IMAP servers.

An E-Mail Client

• If you use e-mails for online communication the you would definitely be using an e-mail
client.

• An e-mail client provides you with the following capabilities:

 Provides a list of messages that people have sent to you. Each entry in the list
contains the name of sender, a subject, a few words from the message body and
the time/date on which it was received.

 Provides the ability to read a complete message, reply to it or forward it to other

people.

 Provides the ability to compose a new message and send it to the desired
recipients.

 Delete a message.

111
 • The e-mail clients could be:

 Standalone (like Microsoft Outlook, Pegasus etc) or

 Could be web based (like gmail, yahoo etc).

• There could be many advanced abilities that e-mail clients may provide.

 But whatever the type of e-mail client be, the core abilities described above are
provided by all type of clients.

An E-Mail Server

• Whenever you send a message from your e-mail client, it goes to an e-mail server.

• The e-mail server manages the messages received by it.

 It forwards the message to a POP or IMAP service if the message is to be sent to a

recipient on the same subnet

 else it follows the standard procedure to send the message over Internet to the
destined person.

112
 • An e-mail server comes into the picture twice if e-mail is sent over Internet to a remote
destination.

 First it’s the sender’s e-mail server that sends the e-mail over the Internet

 Second is the receiver’s e-mail server that receives the e-mail and makes sure that
it is delivered to the recipient’s system.

• On the other hand, an E-mail server comes into picture only once when the
recipient is on the same subnet.

• SMTP servers are widely used as e-mail servers all over the internet. An SMTP server is
also known as Mail Transfer Agent (MTA).

• The flow of e-mail on the Internet is managed by the SMTP (Simple Mail Transfer
Protocol).

• The SMTP server is simply a computer running SMTP, and which acts more or less
like the postman.

What happens when once sends out E-Mail

• Here is what happens when one sends out e-mail:

 Sender sends mail using mail client its address (e.g. biyansa@ambou.edu.et) to a
given recipient (e.g. abebe@aau.edu.et).

 In jargon, the e-mail client is called Message User Agent, or MUA.

 The message is sent normally via port 25 to an SMTP server (named for instance
mail.ambou.edu.et)

 The smtp server acts as a Message Transfer Agent or MTA.

 Note that SMTP defines only the message's transmission, and doesn't deal
with its body content.

 Then, if the domain where your recipient has his account is directly connected to
the server, the email is immediately delivered.

 If it's not the case, the SMTP hands it to another incoming server closer to the
recipient.

 These passages are called relays.

 If the receiving server is down or busy, one of the following will happen:

113
  The SMTP host simply drops the message to a backup server: if none of
them is available, the email is queued and the delivery is retried
periodically.

 After a determined period, however, the message is returned as

undelivered.

 If there are no issues, however, the final segment is controlled by POP, another
protocol that picks up the email from the receiving server and puts it into the
recipient's inbox.

114
POP and IMAP Servers

• These servers come into the picture when a message is received by SMTP server and it
needs to be forwarded to the actual recipient.

• POP

 POP stands for Post Office Protocol.

 A POP (or POP3) server in it’s simplest form stores the messages for a particular
user in a text file.

 The file for a particular user is appended with information each time an e-mail is
received by a POP server.

 A POP server requires the log-in credentials of a user that are sent through e-mail
client.

 Once a user is authenticated, the POP server provides access to user’s e-mails.

 As with any client server architecture, the e-mail client interacts with the POP
server through a predefined set of commands.

• USER – For User-ID

• PASS – For Password

• LIST – Provide message list

• DELE – To delete a message

• QUIT – To end the interaction

 The e-mail client connects to port 110 on the server where POP service is
running.

115
POP in Picture

IMAP

• IMAP stands for Internet message access protocol.

• This protocol is also used to access e-mails but it is far more capable than POP.

 One of the most prominent feature an IMAP server provides is the central access
to e-mails.

 Unlike POP server, an IMAP server keeps the e-mails on the server itself and so
you can access e-mails from any machine or device.

• This server also provides easy management of e-mails like searching, categorizing the e-
mails and placing them into various sub-folders etc.

 The only problem that one could imagine with IMAP server is that you always
need an Internet connection so that the e-mail client is able to fetch e-mails from
the IMAP server.

 To interact with IMAP server, the e-mail client connects to server machine on
port 143.

116
IMAP in Picture

SMTP Relaying

• If you work for company A and want to send an email to someone in company B, you
connect to your SMTP server which then relays your message to the SMTP server owned
by company B.

 The notion that an SMTP server accepts an email that is destined for a different
SMTP server is called relaying.

• When SMTP servers relay messages they use two mechanisms:

 User Authentication

 Requires User ID and Password. Secured.

 Open Relay

Doesn’t require any credential and is not secured.

117
Mail Administration Basics in Linux

• A linux system administrator can follow the following basic configuration to configure
mail server:

• Set hostname for the machine

 Edit the file /etc/hostname

 Eg. mail.ambou.edu.et

• Set the time zone.

 ln -sf /usr/share/zoneinfo/Africa/Addis Ababa /etc/localtime

• Configure /etc/hosts file

 127.0.0.1 localhost.localdomain localhost

 213.55.83154 mail.ambou.edu.et mail

Spam control and Filtering

• Spam is any kind of email that you don’t want and that you didn’t sign up to receive.

 Some spam is annoying but harmless, but some might be part of an identity theft
scam or other kind of fraud.

• When one use e-mail, he/she can use different mechanisms to deal with spammers using
features provided by e-mail clients:

 Use email software with built-in spam filtering.

 Add people you know to your safe sender list and unwanted senders to your
blocked list.

 Report junk mail. If you get an email message that looks like spam or a phishing
scam, report it.

 Share your email address only with people you know.

 Look for pre-checked boxes.

 Read the privacy policy.

 Disguise your email address.

 Improve your computer's security.

118
Remote Administration & Mgmt

• Webmin

 Webmin is a program that simplifies the process of managing a Linux or Unix

system.

 Normally you need to manually edit configuration files and run commands
to create accounts, set up a web server or manage email forwarding.

 Webmin lets you perform these tasks through an easy to use web interface, and
automatically updates all of the required configuration files for you.

 This makes the job of administering your system much easier.

• Some of the things that you can do with Webmin are:

 Create, edit and delete Unix accounts on your system.

 Export files and directories to other systems with the NFS protocol.

 Set up Disk Quotas to control how much space users can use up with their files.

 Install, view and remove software packages in RPM and other formats.

 Change your system's IP address, DNS Server settings and routing configuration.

 Set up a Linux Firewall to protect your computer, or to give hosts on an internal

LAN access to the Internet.

 Create and configure virtual web servers for the Apache Webserver.

 Manage databases, tables and fields in a MySQL or PostgreSQL Database Server.

 Share files with Windows systems by configuring Samba File Sharing.

119
Webmin in pictures

SSH (Secured Shell)

• Accessing a shell account through the telnet:

 Exposes everything that you send or receive over that telnet session is visible in
plain text on your local network, and the local network of the machine you are
connecting to.

120
 • SSH was designed and created to provide the best security when accessing another
computer remotely.

• Not only does it encrypt the session

 It also provides better authentication facilities, as well as features like

 secure file transfer,

 X session forwarding,

 port forwarding and more so that you can increase the security of other
protocols.

UNIX Introduction
What is UNIX?
UNIX is an operating system which was first developed in the 1960s, and has been under
constant development ever since. By operating system, we mean the suite of programs which
make the computer work. It is a stable, multi-user, multi-tasking system for servers, desktops and
laptops.
UNIX systems also have a graphical user interface (GUI) similar to Microsoft Windows which
provides an easy-to-use environment. However, knowledge of UNIX is required for operations
which aren't covered by a graphical program, or for when there is no windows interface
available, for example, in a telnet session.

Types of UNIX
There are many different versions of UNIX, although they share common similarities. The most
popular varieties of UNIX are Sun Solaris, GNU/Linux, and MacOS X.
Here in the School, we use Solaris on our servers and workstations, and Fedora Linux on the
servers and desktop PCs.

The UNIX operating system

The UNIX operating system is made up of three parts; the kernel, the shell and the programs.

The kernel
The kernel of UNIX is the hub of the operating system: it allocates time and memory to
programs and handles the filestore and communications in response to system calls.
As an illustration of the way that the shell and the kernel work together, suppose a user types rm
myfile (which has the effect of removing the file myfile). The shell searches the filestore for the
file containing the program rm, and then requests the kernel, through system calls, to execute the
program rm on myfile. When the process rm myfile has finished running, the shell then returns
the UNIX prompt % to the user, indicating that it is waiting for further commands.

121
The shell
The shell acts as an interface between the user and the kernel. When a user logs in, the login
program checks the username and password, and then starts another program called the shell.
The shell is a command line interpreter (CLI). It interprets the commands the user types in and
arranges for them to be carried out. The commands are themselves programs: when they
terminate, the shell gives the user another prompt (% on our systems).
The adept user can customise his/her own shell, and users can use different shells on the same
machine. Staff and students in the school have the tcsh shell by default.
The tcsh shell has certain features to help the user inputting commands.
Filename Completion - By typing part of the name of a command, filename or directory and
pressing the [Tab] key, the tcsh shell will complete the rest of the name automatically. If the
shell finds more than one name beginning with those letters you have typed, it will beep,
prompting you to type a few more letters before pressing the tab key again.
History - The shell keeps a list of the commands you have typed in. If you need to repeat a
command, use the cursor keys to scroll up and down the list or type history for a list of previous
commands.

Files and processes

Everything in UNIX is either a file or a process.
A process is an executing program identified by a unique PID (process identifier).
A file is a collection of data. They are created by users using text editors, running compilers etc.
Examples of files:
 a document (report, essay etc.)
 the text of a program written in some high-level programming language
 instructions comprehensible directly to the machine and incomprehensible to a casual user, for
example, a collection of binary digits (an executable or binary file);
 a directory, containing information about its contents, which may be a mixture of other
directories (subdirectories) and ordinary files.

The Directory Structure

All the files are grouped together in the directory structure. The file-system is arranged in a
hierarchical structure, like an inverted tree. The top of the hierarchy is traditionally called root
(written as a slash / )

122
In the diagram above, we see that the home directory of the undergraduate student "ee51vn"
contains two sub-directories (docs and pics) and a file called report.doc.
The full path to the file report.doc is "/home/its/ug1/ee51vn/report.doc"

Starting an UNIX terminal

To open an UNIX terminal window, click on the "Terminal" icon from Applications/Accessories
menus.

An UNIX Terminal window will then appear with a % prompt, waiting for you to start entering
commands.

123
 UNIX Tutorial One
1.1 Listing files and directories
ls (list)
When you first login, your current working directory is your home directory. Your home
directory has the same name as your user-name, for example, ee91ab, and it is where your
personal files and subdirectories are saved.
To find out what is in your home directory, type
% ls
The ls command ( lowercase L and lowercase S ) lists the contents of your current working
directory.

There may be no files visible in your home directory, in which case, the UNIX prompt will be
returned. Alternatively, there may already be some files inserted by the System Administrator
when your account was created.
ls does not, in fact, cause all the files in your home directory to be listed, but only those ones
whose name does not begin with a dot (.) Files beginning with a dot (.) are known as hidden files

124
and usually contain important program configuration information. They are hidden because you
should not change them unless you are very familiar with UNIX!!!
To list all files in your home directory including those whose names begin with a dot, type
% ls -a
As you can see, ls -a lists files that are normally hidden.

ls is an example of a command which can take options: -a is an example of an option. The

options change the behaviour of the command. There are online manual pages that tell you which
options a particular command can take, and how each option modifies the behaviour of the
command. (See later in this tutorial)

1.2 Making Directories

mkdir (make directory)
We will now make a subdirectory in your home directory to hold the files you will be creating
and using in the course of this tutorial. To make a subdirectory called unixstuff in your current
working directory type
% mkdir unixstuff
To see the directory you have just created, type
% ls

1.3 Changing to a different directory

cd (change directory)
The command cd directory means change the current working directory to 'directory'. The
current working directory may be thought of as the directory you are in, i.e. your current position
in the file-system tree.
To change to the directory you have just made, type

125
% cd unixstuff
Type ls to see the contents (which should be empty)

Exercise 1a
Make another directory inside the unixstuff directory called backups

1.4 The directories . and ..

Still in the unixstuff directory, type
% ls -a
As you can see, in the unixstuff directory (and in all other directories), there are two special
directories called (.) and (..)

The current directory (.)

In UNIX, (.) means the current directory, so typing % cd .
NOTE: there is a space between cd and the dot
means stay where you are (the unixstuff directory).
This may not seem very useful at first, but using (.) as the name of the current directory will save
a lot of typing, as we shall see later in the tutorial.

The parent directory (..)

(..) means the parent of the current directory, so typing % cd ..
will take you one directory up the hierarchy (back to your home directory). Try it now.
Note: typing cd with no argument always returns you to your home directory. This is very useful
if you are lost in the file system.

1.5 Pathnames
pwd (print working directory)
Pathnames enable you to work out where you are in relation to the whole file-system. For
example, to find out the absolute pathname of your home-directory, type cd to get back to your
home-directory and then type
% pwd
The full pathname will look something like this -
/home/its/ug1/ee51vn
which means that ee51vn (your home directory) is in the sub-directory ug1 (the group
directory),which in turn is located in the its sub-directory, which is in the home sub-directory,
which is in the top-level root directory called " / " .

126
Exercise 1b
Use the commands cd, ls and pwd to explore the file system.
(Remember, if you get lost, type cd by itself to return to your home-directory)

1.6 More about home directories and pathnames

Understanding pathnames
First type cd to get back to your home-directory, then type
% ls unixstuff
to list the conents of your unixstuff directory.
Now type
% ls backups
You will get a message like this -
backups: No such file or directory
The reason is, backups is not in your current working directory. To use a command on a file (or
directory) not in the current working directory (the directory you are currently in), you must
either cd to the correct directory, or specify its full pathname. To list the contents of your
backups directory, you must type
% ls unixstuff/backups

~ (your home directory)

Home directories can also be referred to by the tilde ~ character. It can be used to specify paths
starting at your home directory. So typing
% ls ~/unixstuff
will list the contents of your unixstuff directory, no matter where you currently are in the file
system.
What do you think
% ls ~

127
would list?
What do you think
% ls ~/..
would list?

Summary
Command Meaning

ls list files and directories

ls -a list all files and directories

mkdir make a directory

cd directory change to named directory

cd change to home-directory

cd ~ change to home-directory

cd .. change to parent directory

pwd display the path of the current directory

128
UNIX Tutorial Two
2.1 Copying Files
cp (copy)
cp file1 file2 is the command which makes a copy of file1 in the current working directory and
calls it file2
What we are going to do now, is to take a file stored in an open access area of the file system,
and use the cp command to copy it to your unixstuff directory.
First, cd to your unixstuff directory.
% cd ~/unixstuff
Then at the UNIX prompt, type,
% cp /vol/examples/tutorial/science.txt .
Note: Don't forget the dot . at the end. Remember, in UNIX, the dot means the current directory.
The above command means copy the file science.txt to the current directory, keeping the name
the same.
(Note: The directory /vol/examples/tutorial/ is an area to which everyone in the school has read
and copy access. If you are from outside the University, you can grab a copy of the file here. Use
'File/Save As..' from the menu bar to save it into your unixstuff directory.)

Exercise 2a
Create a backup of your science.txt file by copying it to a file called science.bak

2.2 Moving files

mv (move)
mv file1 file2 moves (or renames) file1 to file2
To move a file from one place to another, use the mv command. This has the effect of moving
rather than copying the file, so you end up with only one file rather than two.
It can also be used to rename a file, by moving the file to the same directory, but giving it a
different name.
We are now going to move the file science.bak to your backup directory.
First, change directories to your unixstuff directory (can you remember how?). Then, inside the
unixstuff directory, type
% mv science.bak backups/.
Type ls and ls backups to see if it has worked.

129
2.3 Removing files and directories
rm (remove), rmdir (remove directory)
To delete (remove) a file, use the rm command. As an example, we are going to create a copy of
the science.txt file then delete it.
Inside your unixstuff directory, type
% cp science.txt tempfile.txt
% ls
% rm tempfile.txt
% ls
You can use the rmdir command to remove a directory (make sure it is empty first). Try to
remove the backups directory. You will not be able to since UNIX will not let you remove a
non-empty directory.

Exercise 2b
Create a directory called tempstuff using mkdir , then remove it using the rmdir command.

2.4 Displaying the contents of a file on the screen

clear (clear screen)
Before you start the next section, you may like to clear the terminal window of the previous
commands so the output of the following commands can be clearly understood.
At the prompt, type
% clear
This will clear all text and leave you with the % prompt at the top of the window.

cat (concatenate)
The command cat can be used to display the contents of a file on the screen. Type:
% cat science.txt
As you can see, the file is longer than than the size of the window, so it scrolls past making it
unreadable.

less
The command less writes the contents of a file onto the screen a page at a time. Type
% less science.txt
Press the [space-bar] if you want to see another page, and type [q] if you want to quit reading.
As you can see, less is used in preference to cat for long files.

head
The head command writes the first ten lines of a file to the screen.

130
First clear the screen then type
% head science.txt
Then type
% head -5 science.txt
What difference did the -5 do to the head command?

tail
The tail command writes the last ten lines of a file to the screen.
Clear the screen and type
% tail science.txt
Q. How can you view the last 15 lines of the file?

2.5 Searching the contents of a file

Simple searching using less
Using less, you can search though a text file for a keyword (pattern). For example, to search
through science.txt for the word 'science', type
% less science.txt
then, still in less, type a forward slash [/] followed by the word to search
/science
As you can see, less finds and highlights the keyword. Type [n] to search for the next occurrence
of the word.

grep (don't ask why it is called grep)

grep is one of many standard UNIX utilities. It searches files for specified words or patterns.
First clear the screen, then type
% grep science science.txt
As you can see, grep has printed out each line containg the word science.
Or has it ????
Try typing
% grep Science science.txt
The grep command is case sensitive; it distinguishes between Science and science.
To ignore upper/lower case distinctions, use the -i option, i.e. type
% grep -i science science.txt
To search for a phrase or pattern, you must enclose it in single quotes (the apostrophe symbol).
For example to search for spinning top, type
% grep -i 'spinning top' science.txt
Some of the other options of grep are:
-v display those lines that do NOT match
-n precede each matching line with the line number
-c print only the total count of matched lines

131
Try some of them and see the different results. Don't forget, you can use more than one option at
a time. For example, the number of lines without the words science or Science is
% grep -ivc science science.txt

wc (word count)
A handy little utility is the wc command, short for word count. To do a word count on
science.txt, type
% wc -w science.txt
To find out how many lines the file has, type
% wc -l science.txt

Summary
Command Meaning

cp file1 file2 copy file1 and call it file2

mv file1 file2 move or rename file1 to file2

rm file remove a file

rmdir directory remove a directory

cat file display a file

less file display a file a page at a time

head file display the first few lines of a file

tail file display the last few lines of a file

grep 'keyword' file search a file for keywords

132
wc file count number of lines/words/characters in file

133
UNIX Tutorial Three
3.1 Redirection
Most processes initiated by UNIX commands write to the standard output (that is, they write to
the terminal screen), and many take their input from the standard input (that is, they read it from
the keyboard). There is also the standard error, where processes write their error messages, by
default, to the terminal screen.
We have already seen one use of the cat command to write the contents of a file to the screen.
Now type cat without specifing a file to read
% cat
Then type a few words on the keyboard and press the [Return] key.
Finally hold the [Ctrl] key down and press [d] (written as ^D for short) to end the input.
What has happened?
If you run the cat command without specifing a file to read, it reads the standard input (the
keyboard), and on receiving the 'end of file' (^D), copies it to the standard output (the screen).
In UNIX, we can redirect both the input and the output of commands.

3.2 Redirecting the Output

We use the > symbol to redirect the output of a command. For example, to create a file called
list1 containing a list of fruit, type
% cat > list1
Then type in the names of some fruit. Press [Return] after each one.
pear
banana
apple
^D {this means press [Ctrl] and [d] to stop}
What happens is the cat command reads the standard input (the keyboard) and the > redirects the
output, which normally goes to the screen, into a file called list1
To read the contents of the file, type
% cat list1

Exercise 3a
Using the above method, create another file called list2 containing the following fruit: orange,
plum, mango, grapefruit. Read the contents of list2

3.2.1 Appending to a file

The form >> appends standard output to a file. So to add more items to the file list1, type
% cat >> list1
Then type in the names of more fruit

134
peach
grape
orange
^D (Control D to stop)
To read the contents of the file, type
% cat list1
You should now have two files. One contains six fruit, the other contains four fruit.
We will now use the cat command to join (concatenate) list1 and list2 into a new file called
biglist. Type
% cat list1 list2 > biglist
What this is doing is reading the contents of list1 and list2 in turn, then outputing the text to the
file biglist
To read the contents of the new file, type
% cat biglist

3.3 Redirecting the Input

We use the < symbol to redirect the input of a command.
The command sort alphabetically or numerically sorts a list. Type
% sort
Then type in the names of some animals. Press [Return] after each one.
dog
cat
bird
ape
^D (control d to stop)
The output will be
ape
bird
cat
dog
Using < you can redirect the input to come from a file rather than the keyboard. For example, to
sort the list of fruit, type
% sort < biglist
and the sorted list will be output to the screen.
To output the sorted list to a file, type,
% sort < biglist > slist
Use cat to read the contents of the file slist

3.4 Pipes
To see who is on the system with you, type
% who
One method to get a sorted list of names is to type,

135
% who > names.txt
% sort < names.txt
This is a bit slow and you have to remember to remove the temporary file called names when
you have finished. What you really want to do is connect the output of the who command
directly to the input of the sort command. This is exactly what pipes do. The symbol for a pipe is
the vertical bar |
For example, typing
% who | sort
will give the same result as above, but quicker and cleaner.
To find out how many users are logged on, type
% who | wc -l

Exercise 3b
Using pipes, display all lines of list1 and list2 containing the letter 'p', and sort the result.
Answer available here

Summary
Command Meaning

command > file redirect standard output to a file

command >> file append standard output to a file

command < file redirect standard input from a file

command1 | command2 pipe the output of command1 to the input of command2

cat file1 file2 > file0 concatenate file1 and file2 to file0

sort sort data

who list users currently logged in

136
UNIX Tutorial Four
4.1 Wildcards
The * wildcard
The character * is called a wildcard, and will match against none or more character(s) in a file
(or directory) name. For example, in your unixstuff directory, type
% ls list*
This will list all files in the current directory starting with list....
Try typing
% ls *list
This will list all files in the current directory ending with ....list

The ? wildcard
The character ? will match exactly one character.
So ?ouse will match files like house and mouse, but not grouse.
Try typing
% ls ?list

4.2 Filename conventions

We should note here that a directory is merely a special type of file. So the rules and conventions
for naming files apply also to directories.
In naming files, characters with special meanings such as / * & % , should be avoided. Also,
avoid using spaces within names. The safest way to name a file is to use only alphanumeric
characters, that is, letters and numbers, together with _ (underscore) and . (dot).
Good filenames Bad filenames

project.txt project

my_big_program.c my big program.c

fred_dave.doc fred & dave.doc

File names conventionally start with a lower-case letter, and may end with a dot followed by a
group of letters indicating the contents of the file. For example, all files consisting of C code may
be named with the ending .c, for example, prog1.c . Then in order to list all files containing C
code in your home directory, you need only type ls *.c in that directory.

137
4.3 Getting Help
On-line Manuals
There are on-line manuals which gives information about most commands. The manual pages
tell you which options a particular command can take, and how each option modifies the
behaviour of the command. Type man command to read the manual page for a particular
command.
For example, to find out more about the wc (word count) command, type
% man wc
Alternatively
% whatis wc
gives a one-line description of the command, but omits any information about options etc.

Apropos
When you are not sure of the exact name of a command,
% apropos keyword
will give you the commands with keyword in their manual page header. For example, try typing
% apropos copy

Summary
Command Meaning
* match any number of characters
? match one character
man command read the online manual page for a command
whatis command brief description of a command
apropos keyword match commands with keyword in their man pages

UNIX Tutorial Five

5.1 File system security (access rights)
In your unixstuff directory, type
% ls -l (l for long listing!)
You will see that you now get lots of details about the contents of your directory, similar to the
example below.

138
Each file (and directory) has associated access rights, which may be found by typing ls -l. Also,
ls -lg gives additional information as to which group owns the file (beng95 in the following
example):
-rwxrw-r-- 1 ee51ab beng95 2450 Sept29 11:52 file1
In the left-hand column is a 10 symbol string consisting of the symbols d, r, w, x, -, and,
occasionally, s or S. If d is present, it will be at the left hand end of the string, and indicates a
directory: otherwise - will be the starting symbol of the string.
The 9 remaining symbols indicate the permissions, or access rights, and are taken as three groups
of 3.
 The left group of 3 gives the file permissions for the user that owns the file (or directory)
(ee51ab in the above example);
 the middle group gives the permissions for the group of people to whom the file (or directory)
belongs (eebeng95 in the above example);
 the rightmost group gives the permissions for all others.
The symbols r, w, etc., have slightly different meanings depending on whether they refer to a
simple file or to a directory.

Access rights on files.

 r (or -), indicates read permission (or otherwise), that is, the presence or absence of permission
to read and copy the file
 w (or -), indicates write permission (or otherwise), that is, the permission (or otherwise) to
change a file
 x (or -), indicates execution permission (or otherwise), that is, the permission to execute a file,
where appropriate

Access rights on directories.

 r allows users to list files in the directory;
 w means that users may delete files from the directory or move files into it;
 x means the right to access files in the directory. This implies that you may read files in the
directory provided you have read permission on the individual files.
So, in order to read a file, you must have execute permission on the directory containing that file,
and hence on any directory containing that directory as a subdirectory, and so on, up the tree.

139
Some examples
-rwxrwxrwx a file that everyone can read, write and execute (and delete).

a file that only the owner can read and write - no-one else
-rw------- can read or write and no-one has execution rights (e.g. your
mailbox file).

5.2 Changing access rights

chmod (changing a file mode)
Only the owner of a file can use chmod to change the permissions of a file. The options of
chmod are as follows
Symbol Meaning

u user

g group

o other

a all

r read

w write (and delete)

x execute (and access directory)

+ add permission

- take away permission

140
For example, to remove read write and execute permissions on the file biglist for the group and
others, type
% chmod go-rwx biglist
This will leave the other permissions unaffected.
To give read and write permissions on the file biglist to all,
% chmod a+rw biglist

Exercise 5a
Try changing access permissions on the file science.txt and on the directory backups
Use ls -l to check that the permissions have changed.

5.3 Processes and Jobs

A process is an executing program identified by a unique PID (process identifier). To see
information about your processes, with their associated PID and status, type
% ps
A process may be in the foreground, in the background, or be suspended. In general the shell
does not return the UNIX prompt until the current process has finished executing.
Some processes take a long time to run and hold up the terminal. Backgrounding a long process
has the effect that the UNIX prompt is returned immediately, and other tasks can be carried out
while the original process continues executing.

Running background processes

To background a process, type an & at the end of the command line. For example, the command
sleep waits a given number of seconds before continuing. Type
% sleep 10
This will wait 10 seconds before returning the command prompt %. Until the command prompt
is returned, you can do nothing except wait.
To run sleep in the background, type
% sleep 10 &
[1] 6259
The & runs the job in the background and returns the prompt straight away, allowing you do run
other programs while waiting for that one to finish.
The first line in the above example is typed in by the user; the next line, indicating job number
and PID, is returned by the machine. The user is be notified of a job number (numbered from 1)
enclosed in square brackets, together with a PID and is notified when a background process is
finished. Backgrounding is useful for jobs which will take a long time to complete.

Backgrounding a current foreground process

At the prompt, type

141
% sleep 1000
You can suspend the process running in the foreground by typing ^Z, i.e.hold down the [Ctrl]
key and type [z]. Then to put it in the background, type
% bg
Note: do not background programs that require user interaction e.g. vi

5.4 Listing suspended and background processes

When a process is running, backgrounded or suspended, it will be entered onto a list along with a
job number. To examine this list, type
% jobs
An example of a job list could be
[1] Suspended sleep 1000
[2] Running netscape
[3] Running matlab
To restart (foreground) a suspended processes, type
% fg %jobnumber
For example, to restart sleep 1000, type
% fg %1
Typing fg with no job number foregrounds the last suspended process.

5.5 Killing a process

kill (terminate or signal a process)
It is sometimes necessary to kill a process (for example, when an executing program is in an
infinite loop)
To kill a job running in the foreground, type ^C (control c). For example, run
% sleep 100
^C
To kill a suspended or background process, type
% kill %jobnumber
For example, run
% sleep 100 &
% jobs
If it is job number 4, type
% kill %4
To check whether this has worked, examine the job list again to see if the process has been
removed.

ps (process status)
Alternatively, processes can be killed by finding their process numbers (PIDs) and using kill
PID_number

142
% sleep 1000 &
% ps
PID TT S TIME COMMAND
20077 pts/5 S 0:05 sleep 1000
21563 pts/5 T 0:00 netscape
21873 pts/5 S 0:25 nedit
To kill off the process sleep 1000, type
% kill 20077
and then type ps again to see if it has been removed from the list.
If a process refuses to be killed, uses the -9 option, i.e. type
% kill -9 20077
Note: It is not possible to kill off other users' processes !!!

Summary
Command Meaning

ls -lag list access rights for all files

chmod [options] file change access rights for named file

command & run command in background

^C kill the job running in the foreground

^Z suspend the job running in the foreground

bg background the suspended job

jobs list current jobs

fg %1 foreground job number 1

kill %1 kill job number 1

ps list current processes

kill 26152 kill process number 26152

143
UNIX Tutorial Six
Other useful UNIX commands
quota
All students are allocated a certain amount of disk space on the file system for their personal
files, usually about 100Mb. If you go over your quota, you are given 7 days to remove excess
files.
To check your current quota and how much of it you have used, type
% quota -v

df
The df command reports on the space left on the file system. For example, to find out how much
space is left on the fileserver, type
% df .

du
The du command outputs the number of kilobyes used by each subdirectory. Useful if you have
gone over quota and you want to find out which directory has the most files. In your home-
directory, type
% du -s *
The -s flag will display only a summary (total size) and the * means all files and directories.

gzip
This reduces the size of a file, thus freeing valuable disk space. For example, type
% ls -l science.txt
and note the size of the file using ls -l . Then to compress science.txt, type
% gzip science.txt
This will compress the file and place it in a file called science.txt.gz
To see the change in size, type ls -l again.
To expand the file, use the gunzip command.
% gunzip science.txt.gz

zcat
zcat will read gzipped files without needing to uncompress them first.
% zcat science.txt.gz
If the text scrolls too fast for you, pipe the output though less .
% zcat science.txt.gz | less

144
file
file classifies the named files according to the type of data they contain, for example ascii (text),
pictures, compressed data, etc.. To report on all files in your home directory, type
% file *

diff
This command compares the contents of two files and displays the differences. Suppose you
have a file called file1 and you edit some part of it and save it as file2. To see the differences
type
% diff file1 file2
Lines beginning with a < denotes file1, while lines beginning with a > denotes file2.

find
This searches through the directories for files and directories with a given name, date, size, or
any other attribute you care to specify. It is a simple command but with many options - you can
read the manual by typing man find.
To search for all fies with the extention .txt, starting at the current directory (.) and working
through all sub-directories, then printing the name of the file to the screen, type
% find . -name "*.txt" -print
To find files over 1Mb in size, and display the result as a long listing, type
% find . -size +1M -ls

history
The C shell keeps an ordered list of all the commands that you have entered. Each command is
given a number according to the order it was entered.
% history (show command history list)
If you are using the C shell, you can use the exclamation character (!) to recall commands easily.
% !! (recall last command)
% !-3 (recall third most recent command)
% !5 (recall 5th command in list)
% !grep (recall last command starting with grep)
You can increase the size of the history buffer by typing
% set history=100

145
UNIX Tutorial Seven
7.1 Compiling UNIX software packages
We have many public domain and commercial software packages installed on our systems,
which are available to all users. However, students are allowed to download and install small
software packages in their own home directory, software usually only useful to them personally.
There are a number of steps needed to install the software.
 Locate and download the source code (which is usually compressed)
 Unpack the source code
 Compile the code
 Install the resulting executable
 Set paths to the installation directory
Of the above steps, probably the most difficult is the compilation stage.

Compiling Source Code

All high-level language code must be converted into a form the computer understands. For
example, C language source code is converted into a lower-level language called assembly
language. The assembly language code made by the previous stage is then converted into object
code which are fragments of code which the computer understands directly. The final stage in
compiling a program involves linking the object code to code libraries which contain certain
built-in functions. This final stage produces an executable program.
To do all these steps by hand is complicated and beyond the capability of the ordinary user. A
number of utilities and tools have been developed for programmers and end-users to simplify
these steps.

make and the Makefile

The make command allows programmers to manage large programs or groups of programs. It
aids in developing large programs by keeping track of which portions of the entire program have
been changed, compiling only those parts of the program which have changed since the last
compile.
The make program gets its set of compile rules from a text file called Makefile which resides in
the same directory as the source files. It contains information on how to compile the software,
e.g. the optimisation level, whether to include debugging info in the executable. It also contains
information on where to install the finished compiled binaries (executables), manual pages, data
files, dependent library files, configuration files, etc.
Some packages require you to edit the Makefile by hand to set the final installation directory and
any other parameters. However, many packages are now being distributed with the GNU
configure utility.

configure
As the number of UNIX variants increased, it became harder to write programs which could run
on all variants. Developers frequently did not have access to every system, and the characteristics

146
of some systems changed from version to version. The GNU configure and build system
simplifies the building of programs distributed as source code. All programs are built using a
simple, standardised, two step process. The program builder need not install any special tools in
order to build the program.
The configure shell script attempts to guess correct values for various system-dependent
variables used during compilation. It uses those values to create a Makefile in each directory of
the package.
The simplest way to compile a package is:
1. cd to the directory containing the package's source code.
2. Type ./configure to configure the package for your system.
3. Type make to compile the package.
4. Optionally, type make check to run any self-tests that come with the package.
5. Type make install to install the programs and any data files and documentation.
6. Optionally, type make clean to remove the program binaries and object files from the source
code directory
The configure utility supports a wide variety of options. You can usually use the --help option to
get a list of interesting options for a particular configure script.
The only generic options you are likely to use are the --prefix and --exec-prefix options. These
options are used to specify the installation directories.
The directory named by the --prefix option will hold machine independent files such as
documentation, data and configuration files.
The directory named by the --exec-prefix option, (which is normally a subdirectory of the --
prefix directory), will hold machine dependent files such as executables.

7.2 Downloading source code

For this example, we will download a piece of free software that converts between different units
of measurements.
First create a download directory
% mkdir download
Download the software here and save it to your new download directory.

7.3 Extracting the source code

Go into your download directory and list the contents.
% cd download
% ls -l
As you can see, the filename ends in tar.gz. The tar command turns several files and directories
into one single tar file. This is then compressed using the gzip command (to create a tar.gz file).
First unzip the file using the gunzip command. This will create a .tar file.
% gunzip units-1.74.tar.gz
Then extract the contents of the tar file.

147
% tar -xvf units-1.74.tar
Again, list the contents of the download directory, then go to the units-1.74 sub-directory.
% cd units-1.74

7.4 Configuring and creating the Makefile

The first thing to do is carefully read the README and INSTALL text files (use the less
command). These contain important information on how to compile and run the software.
The units package uses the GNU configure system to compile the source code. We will need to
specify the installation directory, since the default will be the main system area which you will
not have write permissions for. We need to create an install directory in your home directory.
% mkdir ~/units174
Then run the configure utility setting the installation path to this.
% ./configure --prefix=$HOME/units174
NOTE: The $HOME variable is an example of an environment variable. The value of $HOME
is the path to your home directory. Just type

% echo $HOME

to show the contents of this variable. We will learn more about environment variables in a later
chapter.
If configure has run correctly, it will have created a Makefile with all necessary options. You can
view the Makefile if you wish (use the less command), but do not edit the contents of this.

7.5 Building the package

Now you can go ahead and build the package by running the make command.
% make
After a minute or two (depending on the speed of the computer), the executables will be created.
You can check to see everything compiled successfully by typing
% make check
If everything is okay, you can now install the package.
% make install
This will install the files into the ~/units174 directory you created earlier.

7.6 Running the software

You are now ready to run the software (assuming everything worked).
% cd ~/units174
If you list the contents of the units directory, you will see a number of subdirectories.
bin The binary executables
info GNU info formatted documentation
man Man pages

148
 share Shared data files
To run the program, change to the bin directory and type
% ./units
As an example, convert 6 feet to metres.
You have: 6 feet
You want: metres
* 1.8288
If you get the answer 1.8288, congratulations, it worked.
To view what units it can convert between, view the data file in the share directory (the list is
quite comprehensive).
To read the full documentation, change into the info directory and type
% info --file=units.info

7.7 Stripping unnecessary code

When a piece of software is being developed, it is useful for the programmer to include
debugging information into the resulting executable. This way, if there are problems encountered
when running the executable, the programmer can load the executable into a debugging software
package and track down any software bugs.
This is useful for the programmer, but unnecessary for the user. We can assume that the package,
once finished and available for download has already been tested and debugged. However, when
we compiled the software above, debugging information was still compiled into the final
executable. Since it is unlikey that we are going to need this debugging information, we can strip
it out of the final executable. One of the advantages of this is a much smaller executable, which
should run slightly faster.
What we are going to do is look at the before and after size of the binary file. First change into
the bin directory of the units installation directory.
% cd ~/units174/bin
% ls -l
As you can see, the file is over 100 kbytes in size. You can get more information on the type of
file by using the file command.
% file units
units: ELF 32-bit LSB executable, Intel 80386, version 1, dynamically linked (uses shared libs),
not stripped
To strip all the debug and line numbering information out of the binary file, use the strip
command
% strip units
% ls -l
As you can see, the file is now 36 kbytes - a third of its original size. Two thirds of the binary file
was debug code!!!
Check the file information again.
% file units

149
units: ELF 32-bit LSB executable, Intel 80386, version 1, dynamically linked (uses shared libs),
stripped
Sometimes you can use the make command to install pre-stripped copies of all the binary files
when you install the package. Instead of typing make install, simply type make install-strip

150
UNIX Tutorial Eight
8.1 UNIX Variables
Variables are a way of passing information from the shell to programs when you run them.
Programs look "in the environment" for particular variables and if they are found will use the
values stored. Some are set by the system, others by you, yet others by the shell, or any program
that loads another program.
Standard UNIX variables are split into two categories, environment variables and shell variables.
In broad terms, shell variables apply only to the current instance of the shell and are used to set
short-term working conditions; environment variables have a farther reaching significance, and
those set at login are valid for the duration of the session. By convention, environment variables
have UPPER CASE and shell variables have lower case names.

8.2 Environment Variables

An example of an environment variable is the OSTYPE variable. The value of this is the current
operating system you are using. Type
% echo $OSTYPE
More examples of environment variables are
 USER (your login name)
 HOME (the path name of your home directory)
 HOST (the name of the computer you are using)
 ARCH (the architecture of the computers processor)
 DISPLAY (the name of the computer screen to display X windows)
 PRINTER (the default printer to send print jobs)
 PATH (the directories the shell should search to find a command)

Finding out the current values of these variables.

ENVIRONMENT variables are set using the setenv command, displayed using the printenv or
env commands, and unset using the unsetenv command.
To show all values of these variables, type
% printenv | less

8.3 Shell Variables

An example of a shell variable is the history variable. The value of this is how many shell
commands to save, allow the user to scroll back through all the commands they have previously
entered. Type
% echo $history
More examples of shell variables are
 cwd (your current working directory)
 home (the path name of your home directory)
 path (the directories the shell should search to find a command)

151
  prompt (the text string used to prompt for interactive commands shell your login shell)

Finding out the current values of these variables.

SHELL variables are both set and displayed using the set command. They can be unset by using
the unset command.
To show all values of these variables, type
% set | less

So what is the difference between PATH and path ?

In general, environment and shell variables that have the same name (apart from the case) are
distinct and independent, except for possibly having the same initial values. There are, however,
exceptions.
Each time the shell variables home, user and term are changed, the corresponding environment
variables HOME, USER and TERM receive the same values. However, altering the environment
variables has no effect on the corresponding shell variables.
PATH and path specify directories to search for commands and programs. Both variables always
represent the same directory list, and altering either automatically causes the other to be changed.

8.4 Using and setting variables

Each time you login to a UNIX host, the system looks in your home directory for initialisation
files. Information in these files is used to set up your working environment. The C and TC shells
uses two files called .login and .cshrc (note that both file names begin with a dot).
At login the C shell first reads .cshrc followed by .login
.login is to set conditions which will apply to the whole session and to perform actions that are
relevant only at login.
.cshrc is used to set conditions and perform actions specific to the shell and to each invocation of
it.
The guidelines are to set ENVIRONMENT variables in the .login file and SHELL variables in
the .cshrc file.
WARNING: NEVER put commands that run graphical displays (e.g. a web browser) in
your .cshrc or .login file.

8.5 Setting shell variables in the .cshrc file

For example, to change the number of shell commands saved in the history list, you need to set
the shell variable history. It is set to 100 by default, but you can increase this if you wish.
% set history = 200
Check this has worked by typing
% echo $history
However, this has only set the variable for the lifetime of the current shell. If you open a new
xterm window, it will only have the default history value set. To PERMANENTLY set the value
of history, you will need to add the set command to the .cshrc file.
First open the .cshrc file in a text editor. An easy, user-friendly editor to use is nedit.

152
% nedit ~/.cshrc
Add the following line AFTER the list of other commands.
set history = 200
Save the file and force the shell to reread its .cshrc file buy using the shell source command.
% source .cshrc
Check this has worked by typing
% echo $history

8.6 Setting the path

When you type a command, your path (or PATH) variable defines in which directories the shell
will look to find the command you typed. If the system returns a message saying "command:
Command not found", this indicates that either the command doesn't exist at all on the system or
it is simply not in your path.
For example, to run units, you either need to directly specify the units path
(~/units174/bin/units), or you need to have the directory ~/units174/bin in your path.
You can add it to the end of your existing path (the $path represents this) by issuing the
command:
% set path = ($path ~/units174/bin)
Test that this worked by trying to run units in any directory other that where units is actually
located.
% cd
% units
To add this path PERMANENTLY, add the following line to your .cshrc AFTER the list of other
commands.
set path = ($path ~/units174/bin)

153