Linux Foundation Certified System Administrator LFCS v1.3 PDF

Linux Foundation Certified System
Administrator (LFCS)
Exam preparation notes
Diarmuid Briain, diarmuid@obriain.com
27 November 2014
Linux Foundation Certified System Administrator (LFCS)

Copyright 2014 CS Consulting.
Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free
Documentation License, Version 1.3 or any later version published by the Free Software Foundation;
with no Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts. A copy of the license is
included in the section entitled "GNU Free Documentation License".
Throughout this document I am ably assisted by Luigi Menabrea and Ada Lovelace. Both of
these individuals were key to the development of the famous analytical engine of 1830s and
40s fame from which modern computing can trace its origins. Luigi went on to serve as the 7th
Prime Minister of Italy from 1867 to 1869. His sketch of The Analytical Engine Invented by
Charles Babbage, Esq while a military engineer was translated by Ada Augusta, Countess of
Lovelace in 1842. These notes included additional detail that Lovelace is now widely
recognised as the world's first computer program and therefore Ada is credited as being the
first computer programmer.
Luigi Menabrea
Ada Lovelace
Diarmuid Briain
Table of Contents
1. Local system administration...........................................................................................................5
1.1. Creating backups...............................................................................................................................5
1.2. Managing local users accounts........................................................................................................5
1.3. Managing user accounts...................................................................................................................6
1.4. Managing user account attributes...................................................................................................6
1.4.2. Password expiry management.......................................................................................................6

1.5. Creating local user groups................................................................................................................8
1.6. Managing file permissions................................................................................................................8
1.6.1. Change file attributes.......................................................................................................................9
1.6.2. Access Control Lists......................................................................................................................11
1.7. Managing fstab entries....................................................................................................................12
1.8. Restoring backed up data..............................................................................................................13
1.9. Setting file permissions and ownership.........................................................................................13
1.10. Managing user processes............................................................................................................14
1.10.1. top/htop.........................................................................................................................................14
1.10.2. Process Snapshot (ps)................................................................................................................15
1.10.3. kill processes................................................................................................................................15
1.10.4. nice/renice....................................................................................................................................16
1.11. Managing the startup process and related services.................................................................17
1.11.1. Boot process.................................................................................................................................17
1.11.2. Runlevels......................................................................................................................................18
1.11.3. System and service managers...................................................................................................19
2. Command-line...............................................................................................................................25
2.1. Editing text files on the command line...........................................................................................25
2.1.1. VI......................................................................................................................................................25
2.1.2. VIm...................................................................................................................................................26
2.2.2. nano.................................................................................................................................................27
2.2. Manipulating text files from the command line.............................................................................27
2.2.1. tac....................................................................................................................................................28
2.2.2. Stream Editor (sed)........................................................................................................................28
2.2.3. grep..................................................................................................................................................30
2.2.4. cut....................................................................................................................................................32
2.2.5. sort...................................................................................................................................................32
2.2.6. tr.......................................................................................................................................................33
2.2.7. nl.......................................................................................................................................................33
2.2.8. Join..................................................................................................................................................33
2.2.9. uniq..................................................................................................................................................34
2.2.10. awk................................................................................................................................................34
3. File-system & Storage..................................................................................................................35
3.1. Archiving and compressing files and directories.........................................................................35
3.2. Assembling partitions as Redundant Array of Independent Disks (RAID) devices................37
3.2.1. Logical Volume Manager (LVM)...................................................................................................37
3.2.2. RAID Types....................................................................................................................................41
3.2.3. Building RAID Arrays.....................................................................................................................43
3.3. Configuring swap partitions............................................................................................................53
3.3.1. Add a SWAP partition....................................................................................................................53
3.3.2. Add a SWAP file.............................................................................................................................55
3.4. File attributes....................................................................................................................................55
3.4.1. Basic permissions..........................................................................................................................55
Diarmuid Briain

3.4.2. Default permissions.......................................................................................................................56
3.4.3. Change permissions......................................................................................................................56
3.4.4. Special bits.....................................................................................................................................57
3.5. Finding files on the file-system.......................................................................................................59

3.6. Formatting file-systems...................................................................................................................59
3.6.1. Encrypt a partition..........................................................................................................................63
3.7. Mounting file-systems automatically at boot time........................................................................65
3.8.1. Encrypting a partition.....................................................................................................................67
3.8. Mounting networked file-systems..................................................................................................68
3.8.1. Install Network File System (NFS)...............................................................................................68
3.9. Partitioning storage devices...........................................................................................................72
3.10. Troubleshooting file-system issues.............................................................................................72
4. Local security.................................................................................................................................75
4.1. Accessing the root account............................................................................................................75
4.2. Using sudo to manage access to the root account.....................................................................76
4.2.1. Who can sudo ?..............................................................................................................................77
4.2.2. root from sudo.................................................................................................................................78
5. Shell scripting................................................................................................................................79
5.1. Basic bash shell scripting...............................................................................................................79
5.1.1. Hello world......................................................................................................................................79
5.1.2. Getting input...................................................................................................................................79
5.1.3. Basic Syntax and Special Characters.........................................................................................79
5.1.4. Functions.........................................................................................................................................79
5.1.5. Command Substitution..................................................................................................................79
5.1.6. Environment Variables..................................................................................................................80
5.1.7. Exporting Variables........................................................................................................................80
5.1.8. Script Parameters..........................................................................................................................80
5.1.9. Redirection......................................................................................................................................80
5.1.10. if statement...................................................................................................................................81
5.1.11. elif statement................................................................................................................................81
5.1.12. Comparison Operators................................................................................................................83
5.1.13. Arithmetic Expressions................................................................................................................83
5.1.14. Strings...........................................................................................................................................83
5.1.15. Boolean Expressions...................................................................................................................84
5.1.16. CASE statement...........................................................................................................................84
5.1.17. Looping Constructs......................................................................................................................85
5.1.18. Script Debugging.........................................................................................................................86
5.1.19. Redirecting Errors to File and Screen.......................................................................................86
5.1.20. Creating Temporary Files and Directories................................................................................86
5.1.21. Discarding Output with /dev/null................................................................................................86
5.1.22. Random Numbers and Data.......................................................................................................87
5.1.23. Here Documents..........................................................................................................................87
6. Software management..................................................................................................................89
6.1. Installing software packages..........................................................................................................89
6.1.1. apt-get commands.........................................................................................................................89
6.1.2. Example...........................................................................................................................................89
7. Additional handy tools for exam...................................................................................................91
7.1. Using tmux........................................................................................................................................91
7.1.1. Session Management....................................................................................................................91
7.1.2. Session commands.......................................................................................................................91
7.2. Calculator..........................................................................................................................................92
GNU Free Documentation License..................................................................................................93
4
Diarmuid Briain
1. Local system administration

1.1. Creating backups
This is the process for creating backups using the gzip or bz2 utilities. This are explained in
detail in section 3.
Backup the /home directory using gzip.
$ sudo tar -czvf /home.tgz /home
$ file /home.tgz
home.tgz: gzip compressed data, from Unix, last modified: Tue Oct 21 10:38:46
2014
Backup the /home directory using bz2.

$ sudo tar -cjvf /home.tbz2 /home
$ file /home.tbz2
home.tbz2: bzip2 compressed data, block size = 900k
1.2. Managing local users accounts

Main users account options.
Switch
Notes
-c, --comment COMMENT

-m, --create-home
Create the user's home directory.
-s, --shell SHELL
Login shell of the new account.
-U, --user-group
Create a group with the same name as the user.
Add a user Ada Lovelace to the system.

$ sudo useradd -c "Ada Lovelace" -s /bin/bash -m alovelace
$ cat /etc/passwd |grep alovelace
alovelace:x:1002:1002:Ada Lovelace:/home/alovelace:/bin/bash
Change the password for Ada Lovelace.

$ sudo passwd alovelace
Enter new UNIX password: maths
Retype new UNIX password: maths
passwd: password updated successfully
Test the login for Ada Lovelace.

$ su alovelace
Password: maths
$ id
uid=1002(alovelace) gid=1002(alovelace) groups=1002(alovelace)
Diarmuid Briain
1.3. Managing user accounts

Add Ada Lovelace to the babbage group.
$ sudo usermod -g babbage alovelace
1.4. Managing user account attributes

Change the shell of Ada Lovelace to tcsh.
$ sudo usermod -s /bin/tcsh alovelace
$ cat /etc/passwd | grep alovelace
alovelace:x:1002:1002:Ada Lovelace:/home/alovelace:/bin/tcsh
Add Ada Lovelace to the babbage group as well as the alovelace group.
$ cat /etc/group | grep babbage
babbage:x:1003:
$ sudo usermod -a -G alovelace,babbage alovelace
$ cat /etc/group | grep babbage
babbage:x:1003:alovelace
1.4.2. Password expiry management

The chage command is used to change the number of days between password changes and
the date of the last password change.
$ sudo passwd alovelace
passwd: password updated successfully
Review Ada Lovelace's password aging information.

$ sudo chage -l alovelace
Last password change
Password expires
Password inactive
Account expires
Minimum number of days between password change
Maximum number of days between password change
Number of days of warning before password expires
:
:
:
:
:
:
:
Nov 19, 2014

never
never
never
0
99999
7
Set Ada Lovelace's account expiration date to 1st December 2014, the minimum number of
days before password change to ten and the maximum number of days before password
change to twenty.
$ sudo chage -E 2014-12-01 -m 10 -M 20 alovelace
Diarmuid Briain

Password expires
Password inactive
Account expires
:
:
:
:
:
:
:
Nov 19, 2014

Dec 09, 2014
never
Dec 01, 2014
10
20
7
Setting the date of last password change to zero forces a password change at the next login.
$ sudo chage -d 0 alovelace
Password expires
Password inactive
Account expires
:
:
:
:
:
:
:
password must be changed

Dec 01, 2014
10
20
7
The following sequence of attempts to change the password gives some idea of the general
restrictions.
$ su - alovelace
Password:
You are required to change your password immediately (root enforced)
Changing password for alovelace.
(current) UNIX password: maths
Password unchanged
Enter new UNIX password: ada
Retype new UNIX password: ada
You must choose a longer password
Enter new UNIX password: ada123
Retype new UNIX password: ada123
Bad: new password is too simple
su: Authentication token manipulation error
$ su - alovelace
Password:
You are required to change your password immediately (root enforced)
Changing password for alovelace.
(current) UNIX password: maths
Enter new UNIX password: multiply
Retype new UNIX password: multiply
alovelace~$ id
uid=1001(alovelace) gid=1001(alovelace) groups=1001(alovelace)
Password expires
Password inactive
Account expires
Diarmuid Briain
:
:
:
:
:
:
:
Nov 19, 2014

Dec 09, 2014
never
Dec 01, 2014
10
20
7
1.5. Creating local user groups

Create a user group called babbage.
$ sudo groupadd babbage
$ cat /etc/group |grep babbage
babbage:x:1003:
Add a group password for the new group babbage.

$ sudo gpasswd babbage
Changing the password for group babbage
New Password: engine
Re-enter new password: engine
In practice the group password is not that useful. It was conceived to allow a user who does not
have access to a particular group could use the newgrp command to award such a group
access. In this case the group password would be used in response to the system challenge.
1.6. Managing file permissions

Every file and directory on a GNU/Linux system has an owner and a group associated with it.
Taking a directory sandbox owned by user lmenabrea and group lmenabrea, change the
group to babbage.
$ ls -la |grep sandbox
drwxr-xr-x 2 lmenabrea lmenabrea
4096 Oct 21 15:48 sandbox
$ sudo chgrp babbage ./sandbox

drwxr-xr-x 2 lmenabrea babbage
Change the permissions on the directory to give the group Read, Write and eXecute (RWX)
permissions.
$ chmod g+w sandbox
or
$ chmod 775 sandbox
$ ls -la | grep sandbox

drwxrwxr-x 2 lmenabrea babbage
Create two files, one owned by Luigi Menabrea and the other by Ata Lovelace in the sandbox
directory.
$ echo "This is a Luigi Menabrea file." > file1.txt
$ su alovelace
Password: maths
sandbox> echo "This is an Ata Lovelace file." > file2.txt
sandbox> exit
Diarmuid Briain
Review the file in the sandbox directory.

$ ls -la
total 16
drwxrwxr-x
drwxr-xr-x
-rw-r--r--rw-rw-r--
2
6
1
1
lmenabrea babbage
4096 Oct 21 15:55 .
lmenabrea lmenabrea 4096 Oct 21 15:50 ..
lmenabrea lmenabrea
34 Oct 21 15:54 file1.txt
alovelace alovelace
$ cat file1.txt
This is a Luigi Menabrea file.
$ cat file2.txt
This is an Ata Lovelace file.
Why can Ata Lovelace write in the directory ? Well she is part of the babbage group and as the
directory has RW permissions for the babbage group she has rights to Read and Write files.
1.6.1. Change file attributes

The chattr command permits the changing of extended attributes to files on filesystems that
support them like ext2, ext3, ext4, XFS and JFS. The corresponding lsattr command displays
the extended attributes for files.
chattr [-+=AaCcDdeijSsTtu] files
Operators
'+' - Adds selected attributes

'-' - Removes selected attributes
'=' - Specifies that there are the only attributes
Adjustable attributes
A - no atime updates
a - append only
C - no copy on write
c - compressed
D - synchronous directory updates
d - no dump
e - extent format
i - immutable (Superuser only)
j - data journalling
S - synchronous updates
s - secure deletion
T - top of directory hierarchy
t - no tail-merging
u - undeletable
Read only attributes
h - huge file
E - compression error
Diarmuid Briain
I - indexed directory
X - compression raw access
Z - compressed dirty file (Z)
To demonstrate create a directory and a file and review the associated extended attributes.
Only e is set which indicates that the file is using extents for mapping the blocks on disk.
Remove it and replace it again from the adafile.
$ mkdir adadirectory
$ touch adafile
$ lsattr
-------------e-- ./adadirectory
-------------e-- ./adafile
$ chattr -e adafile
$ lsattr adafile
---------------- adafile
$ chattr +e adafile
$ lsattr adafile
-------------e-- adafile
Now set the immutable attribute on the file. This will prevent deletion or renaming of the file. It
will also prevent all but the superuser from writing date to the file. It can only be set with
superuser privileges.
$ echo "Ada Lovelace file" > adafile
$ cat adafile
Ada Lovelace file
$ sudo chattr +i adafile
[sudo] password for lmenabrea:
$ lsattr adafile
----i--------e-- adafile
$ echo "Change Ada Lovelace" >> adafile
bash: adafile: Permission denied
$ rm adafile
rm: remove write-protected regular file adafile? yes
rm: cannot remove adafile: Operation not permitted
$ mv adafile ADAfile
mv: cannot move adafile to ADAfile: Operation not permitted
To securely delete a file where its blocks are zeroed and written back to the disk set the s
attribute.
$ sudo chattr =es adafile
$ lsattr adafile
s------------e-- adafile
Another interesting attribute is the A which tells the filesystem to NOT update the file's atime.
This cuts down on disk access which is good for extending the life of an Solid State Drive
(SSD) or extending the life of a laptop battery. While this can be done with this extended
attribute the more typical method is to mount the filesystem with the noatime option. Note in
the example that once the A is set the Access time remains constant.
10
Diarmuid Briain

$ stat adafile
File: adafile
Size: 86
Blocks: 8
IO Block: 4096
regular file
Device: fc01h/64513d Inode: 12194930
Links: 1
Access: (0644/-rw-r--r--) Uid: ( 1000/lmenabrea)
Gid: ( 1000/lmenabrea)
Access: 2014-11-26 06:36:58.176489751 +0000
Modify: 2014-11-26 06:40:13.100481599 +0000
Change: 2014-11-26 06:46:18.964466297 +0000
Birth: $ cat adafile
Ada Lovelace file
$ stat adafile
File: adafile
Size: 86
Blocks: 8
IO Block: 4096
regular file
Links: 1
Access: 2014-11-26 06:46:43.928465253 +0000
Modify: 2014-11-26 06:40:13.100481599 +0000
Change: 2014-11-26 06:46:18.964466297 +0000
Birth: $ chattr +A adafile
$ cat adafile
Ada Lovelace file
$ stat adafile
File: adafile
Size: 86
Blocks: 8
IO Block: 4096
regular file
Links: 1
Access: 2014-11-26 06:46:43.928465253 +0000
Modify: 2014-11-26 06:40:13.100481599 +0000
Change: 2014-11-26 06:47:04.464464394 +0000
Birth: -
1.6.2. Access Control Lists

GNU/Linux has the facility to apply Access Control Lists (ACL) to give more granularity to file
and directory management.
Here is a directory sandbox that is owned by lmenabrea and has a group of babbage.
$ sudo groupadd babbage
$ mkdir sandbox
$ sudo chgrp babbage sandbox
drwxrwxr-x 2 lmenabrea babbage
4096 Nov 19 21:05 sandbox
The setfacl utility is used to set ACLs for files and directories. ACLs can be added or modified
using the -m switch option. Here are a number of examples. First get the ACL details for the
sandbox directory using the getfacl sister utility.
$ getfacl sandbox
# file: sandbox
# owner: lmenabrea
# group: babbage
user::rwx
group::rwx
other::r-x
Diarmuid Briain
11
Giving Ada Lovelace read/write privileges to the directory.

$ sudo setfacl -m u:alovelace:rw sandbox
$ sudo getfacl sandbox
# file: sandbox
# owner: lmenabrea
# group: babbage
user::rwx
user:alovelace:rwgroup::rwx
mask::rwx
other::r-x
Add the lmenabrea group with read/write privileges.

$ sudo setfacl -m g:lmenabrea:rw sandbox
# file: sandbox
# owner: lmenabrea
# group: babbage
user::rwx
group:lmenabrea:rwmask::rwx
other::r-x
Remove the lmenabrea group rights with the -x switch option.

$ setfacl -x g:lmenabrea sandbox
# file: sandbox
# owner: lmenabrea
# group: babbage
user::rwx
mask::rwx
other::r-x
1.7. Managing fstab entries

The file /etc/fstab contains descriptive information about the various file systems.
$ cat /etc/fstab
# /etc/fstab: static file system information.
#
# Use 'blkid' to print the universally unique identifier for a
# device; this may be used with UUID= as a more robust way to name devices
# that works even if disks are added and removed. See fstab(5).
#
# <file system>
<mount point>
<type> <options>
<dump> <pass>
/dev/mapper/mint--vg-root
/
ext4 errors=remount-ro
0
1
# /boot was on /dev/sda1 during installation
UUID=3b0a7ce9-55c7-43b1-8c54-96510bbda441 /boot
ext2
defaults 0
2
/dev/mapper/mint--vg-swap_1
none
swap
sw
0
0
12
Diarmuid Briain
Field
Function
Notes
Device name
Use dmesg or tail f /var/log/messages to find the device name.
Mount point
A directory that exists.
File system type
ext2, ext3, ext4, reiserfs, swap, vfat, ntfs, ISP 9660, auto
Mount options
auto, noauto, exec, noexec, user, nouser, ro, rw, sync, async, suid, nosuid
Dump
0 - exclude from backup, nonzero value - device will be backed up.
fsck option
0 - exclude from fsck check, nonzero value - fsck check in order of value.
Default options are: rw,suid,dev,exec,auto,nouser,async
1.8. Restoring backed up data

Restore the /home directory using a gzip backup.
$ cd /
$ sudo tar -xzvf /home.tgz
Restore the /home directory using a bz2 backup.

$ cd /
$ sudo tar -xjvf /home.tbz2
1.9. Setting file permissions and ownership

Create a simple script in the sandbox.
$ cat << SCRIPT > hello.sh
#!/bin/bash
echo "Hello World"
SCRIPT
Make the script eXecutable and execute.

$ ls -la | grep hello.sh
-rw-r--r-- 1 lmenabrea lmenabrea
31 Oct 21 16:05 hello.sh
$ chmod +x hello.sh
-rwxr-xr-x 1 lmenabrea lmenabrea
$ ./hello.sh
Hello World
Remove the eXecute rights from the script.

$ chmod -x hello.sh
Diarmuid Briain
13
Change the group of the script to babbage and give it group eXecute permissions.
$ sudo chgrp babbage hello.sh
-rw-r--r-- 1 lmenabrea babbage
$ chmod g+x hello.sh

-rw-r-xr-- 1 lmenabrea babbage
Note that the owner cannot run the script however Ata Lovelace who belongs to the babbage
group can.
$ ./hello.sh
bash: ./hello.sh: Permission denied
$ su alovelace
Password: maths
sandbox> ./hello.sh
Hello World
1.10. Managing user processes

Install the package stress and run it as Ada Lovelace.
$ sudo apt-get install stress
$ su alovelace
Password: maths
sandbox> stress --cpu 3
stress: info: [4939] dispatching hogs: 3 cpu, 0 io, 0 vm, 0 hdd
1.10.1. top/htop
Monitor processes using top.
$ top
top - 17:02:24 up
Tasks: 285 total,
%Cpu(s): 2.0 us,
KiB Mem:
7738224
KiB Swap: 7942140
PID
4940
4941
4942
2817
1
2
3
5
7
8
14
USER
alovela+
alovela+
alovela+
lmenabrea
root
root
root
root
root
root
8:34, 4 users, load average: 2.83, 1.07, 0.57

5 running, 280 sleeping,
0 stopped,
0 zombie
0.6 sy, 0.1 ni, 96.5 id, 0.6 wa, 0.2 hi, 0.0 si, 0.0 st
total, 7360264 used,
377960 free,
195104 buffers
total,
628 used, 7941512 free. 3712256 cached Mem
PR NI
20
0
20
0
20
0
20
0
20
0
20
0
20
0
0 -20
20
0
20
0
VIRT
RES
7308
100
7308
100
7308
100
846300 116420
34024
3328
0
0
0
0
0
0
0
0
0
0
SHR S
0 R
0 R
0 R
14880 S
1496 S
0 S
0 S
0 S
0 S
0 S
%CPU %MEM
95.0 0.0
95.0 0.0
95.0 0.0
6.3 1.5
0.0 0.0
0.0 0.0
0.0 0.0
0.0 0.0
0.0 0.0
0.0 0.0
TIME+ COMMAND
1:34.62 stress
1:34.56 stress
1:34.60 stress
0:58.97 chrome
0:01.92 init
0:00.01 kthreadd
0:00.22 ksoftirqd/0
0:00.00 kworker/0:0H
0:19.93 rcu_sched
0:03.87 rcuos/0
Diarmuid Briain
htop command is an improved top. It typically needs to be installed.

$ sudo apt-get install htop
$ htop
1.10.2. Process Snapshot (ps)

Review the processes, focusing on the stress process started by Ada Lovelace.
$ ps -A | grep
4939 pts/2
4940 pts/2
4941 pts/2
4942 pts/2
stress
00:00:00
00:07:42
00:07:42
00:07:42
stress
stress
stress
stress
$ ps aux | grep stress

alovela+ 4939 0.0 0.0
alovela+ 4940 99.7 0.0
alovela+ 4941 99.7 0.0
alovela+ 4942 99.7 0.0
lmenabrea 5128 0.0 0.0
--colour=auto stress
$ ps -ef | grep
alovela+ 4939
alovela+ 4940
alovela+ 4941
alovela+ 4942
lmenabrea 5131
7308
7308
7308
7308
11744
432 pts/2
100 pts/2
100 pts/2
100 pts/2
912 pts/5
stress
4225 0 17:00 pts/2
4939 99 17:00 pts/2
4939 99 17:00 pts/2
4939 99 17:00 pts/2
4256 0 17:08 pts/5
S+
R+
R+
R+
S+
17:00
17:00
17:00
17:00
17:08
0:00 stress
8:03 stress
8:03 stress
8:03 stress
0:00 grep
--cpu
--cpu
--cpu
--cpu
3
3
3
3
00:00:00 stress --cpu 3

00:08:10 stress --cpu 3
00:08:10 stress --cpu 3
00:08:10 stress --cpu 3
00:00:00 grep --colour=auto stress
1.10.3. kill processes

Individual processes can be stopped using the kill command with the -9 switch.
$ pgrep stress
5224
5225
5226
5257
5258
5259
5260
Diarmuid Briain
15

$ sudo kill -9 5224
$ pgrep stress
5225
5226
5257
5258
5259
5260
To kill all process any of the following options will do.

$ sudo kill $(pgrep stress)
$ sudo pkill stress
$ sudo killall stress
$ pgrep stress
1.10.4. nice/renice
nice is a utility for managing scheduling priority of processes. Nice values range from -19 (very
high priority) to 19 (very low priority) with a value of 0 being the default priority. Looking at the
top output, the column marked NI indicated the current nice value of each process.
$ top
top - 17:28:33 up
Tasks: 280 total,
%Cpu(s): 3.5 us,
KiB Mem:
7738224
KiB Swap: 7942140
PID
5640
5642
5641
5643
2817
3533
USER
alovela+
alovela+
alovela+
alovela+
lmenabrea
lmenabrea

0 stopped,
0 zombie
0.6 sy, 0.1 ni, 94.9 id, 0.6 wa, 0.2 hi, 0.0 si, 0.0 st
201428 free,
169464 buffers
total,
PR NI
VIRT
RES
20
0
7308
100
20
0
7308
100
20
0
7308
100
20
0
7308
100
20
0 846300 113908
20
0 1086508 395052
SHR S
0 R
0 R
0 R
0 R
13676 S
39320 S
%CPU %MEM
84.4 0.0
84.4 0.0
79.1 0.0
79.1 0.0
5.3 1.5
5.3 5.1
TIME+ COMMAND
0:06.04 stress
0:06.03 stress
0:06.04 stress
0:06.04 stress
1:33.87 chrome
1:42.02 chrome
Change the nice value of the stress processes by lowering it to 15.

$ sudo renice 15 5640
5640 (process ID) old priority 0, new priority 15
$ top
top - 17:29:31 up
Tasks: 280 total,
%Cpu(s): 3.6 us,
KiB Mem:
7738224
KiB Swap: 7942140
PID
5640
5641
5642
5643
3533
16
USER
alovela+
alovela+
alovela+
alovela+
lmenabrea

0 stopped,
0 zombie
0.6 sy, 0.2 ni, 94.8 id, 0.6 wa, 0.2 hi, 0.0 si, 0.0 st
176604 free,
173632 buffers
total,
PR NI
VIRT
RES
35 15
7308
100
20
0
7308
100
20
0
7308
100
20
0
7308
100
20
0 1094700 402600
SHR S
0 R
0 R
0 R
0 R
39320 S
%CPU %MEM
99.7 0.0
99.7 0.0
99.7 0.0
99.7 0.0
6.2 5.2
TIME+ COMMAND
1:03.97 stress
1:03.96 stress
1:03.92 stress
1:03.97 stress
1:45.17 chrome
Diarmuid Briain
Change all Ada Lovelaces processes to a nice value of -5.

$ sudo renice -5 -u alovelace
1002 (user ID) old priority 0, new priority -5
top - 17:30:58 up
Tasks: 281 total,
%Cpu(s): 3.7 us,
KiB Mem:
7738224
KiB Swap: 7942140
PID
5641
5642
5640
5643
1
2
USER
alovela+
alovela+
alovela+
alovela+
root
root
PR
15
15
15
15
20
20

0 stopped,
0 zombie
0.6 sy, 0.2 ni, 94.7 id, 0.6 wa, 0.2 hi, 0.0 si, 0.0 st
220124 free,
156512 buffers
total,
NI
-5
-5
-5
-5
0
0
VIRT
7308
7308
7308
7308
34024
0
RES
100
100
100
100
3328
0
SHR
0
0
0
0
1496
0
S %CPU %MEM
R 100.0 0.0
R 100.0 0.0
R 96.2 0.0
R 96.2 0.0
S
0.0 0.0
S
0.0 0.0
TIME+
2:30.70
2:30.64
2:30.63
2:30.71
0:02.25
0:00.01
COMMAND
stress
stress
stress
stress
init
kthreadd
1.11. Managing the startup process and related services

1.11.1. Boot process
The Basic Input/Output System (BIOS) is the lowest level interface between the
computer and peripherals. On boot it performs integrity checks on memory and seeks
instructions on the Master Boor Record (MBR) on the first drive.
The MBR points to the GRand Unified Bootloader (GRUB).
GRUB lists the Operating System (OS) labels and the user will select, or the default is
selected to identify which kernel to run and which partition, on which drive it is located.
GRUB then loads the GNU/Linux OS.
The GNU/Kernel loads the kernel which executes the init program. init is the
root/parent of all processes executing on Linux.
The first processes that init starts is:
SysV - /etc/inittab.
upstart - /sbin/init.
As part of the upstart initialisation it runs /etc/init/rc.conf to start the
legacy SysV init system.
Systemd - /lib/systemd/system/default.target plus the files in

/etc/systemd/system/ and /lib/systemd/system/.
Based on the appropriate run-level, scripts are executed to start various processes to run the
system and make it functional.
The init process is the last step in the boot procedure and identified by process id "1". init is
responsible for starting system processes.
Diarmuid Briain
17
1.11.2. Runlevels
Runlevels are sets of system configurations. Runlevels for Debian and Ubuntu systems are:
The default runlevel is 2.
Level
Description
System halt.
Single-User mode.
Graphical multi-user plus networking.
Same as "2", but not used.
System reboot.
Display the current runlevel.

$ runlevel
N 2
To change runlevel immediately, use one of the commands below:

$ sudo reboot
$ sudo shutdown -h now
# Halt now
$ sudo shutdown +3 "The system will shutdown in 3 minutes"
# Halt in 3 minutes
Broadcast message from alovelace@linuxSys

(/dev/pts/3) at 9:11 ...
The system is going down for maintenance in 3 minutes!
The system will shutdown in 3 minutes
$ sudo telinit 0
18
# change the system runlevel to 0 will halt system
Diarmuid Briain
1.11.3. System and service managers

Process are managed using the GNU/Linux using an initialisation init system.
SysV init is the first process started during boot and is assigned PID 1.
Init is started by the kernel using a hard-coded filename, and if the kernel is
unable to start it, a kernel panic will result.
This system is in the process of being replaced in GNU/Linux distributions by
systemd.
Upstart is an event-based replacement for the /sbin/init daemon which handles
starting of tasks and services during boot, stopping them during shutdown and
supervising them while the system is running.
It was developed and used by Ubuntu.
When Debian GNU/Linux decided to use systemd as its replacement for
/sbin/init, Ubuntu announced that it would follow.
systemd is a system and service manager for Linux which:
provides aggressive parallelisation capabilities.
uses socket and D-Bus activation for starting services.
offers on-demand starting of daemons.
keeps track of processes using Linux control groups.
supports snapshotting and restoring of the system state.
maintains mount and automount points.
implements an elaborate transactional dependency-based service control logic.
Diarmuid Briain
19
1.11.3.1. SysV
SystemV (SysV) is the traditional UNIX/Linux init system. It is essentially a number of process
management scripts grouped into runlevels.
/etc/init.d contains the actual scripts for each process (service).

rc0.d - The symbolic links in this directory are executed once when entering
(Halt).
(Single-User mode).
(Graphical multi-user plus networking).
(Same as 2 - Not used).
runlevel 0
runlevel 1
runlevel 2
runlevel 3
runlevel 4
runlevel 5
runlevel 6
rcS.d - The symbolic links in this directory whose names begin with an 'S' are executed
once when booting the system.
The actual scripts are all contained in the /etc/init.d directory. Each of the other rcX.d
directories contain Start and Stop symbolic links to the scripts in /etc/init.d. These scripts are
named either SXX<name> or KXX<name> where:
S - Start
K - Stop
XX - Order number
<name> - name of script in /etc/init.d
$ file /etc/rc1.d/K20hddtemp
/etc/rc1.d/K20hddtemp: symbolic link to `../init.d/hddtemp'
If a new script is added to /etc/init.d, manual symbolic links can be created in the various
rcX.d directories or a script called update-rc.d can be used to make links to start the service
in runlevels 2345 and to stop the service in runlevels 016.
$ sudo update-rc.d hddtemp defaults
System start/stop links for /etc/init.d/hddtemp already exist.
20
Diarmuid Briain
Individual scripts can be ran directly from /etc/init.d (or with the service utility described
below). Here is an example stopping the Apache2 Server.
/etc/init.d $ ./apache2
Usage: apache2 {start|stop|graceful-stop|restart|reload|force-reload|starthtcacheclean|stop-htcacheclean}
/etc/init.d $ ./apache2 stop
* Stopping web server apache2
*
/etc/init.d $ ./apache2 status
* apache2 is not running
Determine the runlevels for processes

Install sysv-rc-conf, a Run-level configuration for SysV like init script links.
$ sudo apt-get install sysv-rc-conf
Diarmuid Briain
21
service
Use of the service utility with command options. Typical options in the scripts are:
start
stop
restart
reload
status
list
show
$ service --status-all
[ + ] acpid
[ - ] anacron
[ + ] apache2
[ + ] atd
[ + ] atop
[ + ] avahi-daemon
[ ? ] binfmt-support
[ + ] bluetooth
[ - ] brltty
[ + ] btsync
[ - ] casper
[ ? ] console-setup
[ ? ] cpufrequtils
Review a specific process.

$ service networking status
networking start/running
Start a particular process.

$ service apache2
Usage: apache2 {start|stop|graceful-stop|restart|reload|force-reload|starthtcacheclean|stop-htcacheclean}
/etc/init.d $ service apache2 start
* Starting web server apache2
*
$ service apache2 status
* apache2 is running
22
Diarmuid Briain
1.11.3.2. Upstart
initctl command has a number of command options.
start
stop
restart
reload
status
list
$ initctl list
avahi-cups-reload stop/waiting
avahi-daemon start/running, process 1127
mountall-net stop/waiting
mountnfs-bootclean.sh start/running
nmbd start/running, process 1954
passwd stop/waiting
rc stop/waiting
rsyslog start/running, process 919
startpar-bridge stop/waiting
tty4 start/running, process 1537
udev start/running, process 569
upstart-udev-bridge start/running, process 556
Review a specific process.

$ initctl list | grep ^networking
$ initctl status networking
1.11.3.3. systemd
Use of the systemctl utility with command options. Typical options in the scripts are:
start
stop
restart
reload
status
list
show
$ systemctl status networking

Diarmuid Briain
23
This page is intentionally blank
24
Diarmuid Briain
2. Command-line
2.1. Editing text files on the command line
2.1.1. VI
vim is the Vi IMproved, a programmers text editor.
Save and Exit
:q[uit]
:wq!
Quit Vim. This fails when changes have been made.

Write the current file and exit always.
Inserting Text
a
Append text after the cursor [count] times.
Append text at the end of the line [count] times.
Insert text before the cursor [count] times.
Insert text before the first non-blank in the line [count] times.
gI
Insert text in column 1 [count] times.
Begin a new line below the cursor and insert text, repeat [count] times.
Begin a new line above the cursor and insert text, repeat [count] times.
<ESC>
Escape from edit mode.
Deleting text
<Del>
Delete [count] characters under and after the cursor.
Delete [count] characters under and after the cursor.
Delete [count] characters before the cursor.
d{motion}
Delete text that {motion} moves over.
dd
Delete [count] lines.
Delete the characters under the cursor until the end of the line.
Undo|Redo |Repeat
u
Undo [count] changes.
:u[ndo]
Undo one change.
CTRL-R
Redo [count] changes which were undone.
:red[o]
Redo one change which was undone.
Undo all latest changes on one line. {Vi: while not moved off of it}.
Repeat last change, with count replaced with [count].
Diarmuid Briain
25
Searching
/{pattern}[/]
Search forward for the [count]'th occurrence of {pattern}.
/<CR>
Search forward for the [count]'th latest used pattern.
?<CR>
Search backward for the [count]'th latest used pattern.
Repeat the latest "/" or "?" [count] times.
Repeat the latest "/" or "?" [count] times in opposite direction.
Moving Around
Basic motion commands:
h
Move left one character (or left arrow).
Move Right one character (or right arrow).
Move up one line (or up arrow).
Move down one line (or down arrow).
To the first character of the line.
<Home>
To the first character of the line.
To the first non-blank character of the line.
To the end of the line.
<End>
To the end of the line.
2.1.2. VIm
Follow the sequence below to practice creating and editing a file using vim.
$ vi file3.txt
[Press i] The quick brown fox jumps over the lazy dog. [Press ESC :wq]
$ cat file3.txt
The quick brown fox jumps over the lazy dog.
$ vi file3.txt
The quick brown fox jumps over the lazy dog. [Press o]
[Press CR]
He is then shot by the farmer. [Press ESC :wq]
$ vi file3.txt
The quick brown fox jumps over the lazy dog. [Press j twice (or scroll down to
last line]
He is then shot by the farmer. [Press l or scroll right until curser is on f]
[Press i][type angry ]
[Press ESC :wq]
$ cat file3.txt
The quick brown fox jumps over the lazy dog.
He is then shot by the angry farmer.
26
Diarmuid Briain
2.2.2. nano
Alternatively use GNU nano. Nano is ANOther editor, an enhanced free Pico clone
$ nano file3.txt
Press Control - X.
Press Y.
Confirm filename, Press CR.
2.2. Manipulating text files from the command line

Using the following file as the basis for demonstration.
$ cat printer.txt
My printer will drive me insane,
I'm always refilling its ink,
it empties my purse,
to make matters worse,
it's usually on the blink!
Diarmuid Briain
27
2.2.1. tac
The tac command is the inverse of cat. It prints files in reverse.
$ cat users.txt
lmenabrea
cbabbage
alovelace
$ tac users.txt
alovelace
cbabbage
lmenabrea
2.2.2. Stream Editor (sed)

sed is a stream editor for filtering and transforming text.
In this example the first instance of the string insane is replaced by the string to drink. Note
that the original file is not overwritten so to save the output it must be redirected into another
file.
$ sed 's/insane/to drink/' printer.txt
My printer will drive me to drink,
$ cat printer.txt
My printer will drive me insane,
$ sed 's/insane/to drink/' printer.txt > printer2.txt
$ cat printer2.txt
So what is the difference between the following outputs and why ?

$ sed 's/a/A/' printer2.txt
I'm Always refilling its paper,
it empties my wAllet,
to mAke matters worse,
it's usuAlly broken!
$ sed 's/a/A/g' printer2.txt
I'm AlwAys refilling its pAper,
it empties my wAllet,
to mAke mAtters worse,
it's usuAlly broken!
28
Diarmuid Briain
Well in the first output the first lowercase a instance on each line is replaced by an uppercase
A. In the second example the addition of the g or global flag changes every instance of a to A.
What about special characters ? Lets replace **
$ sed 's/'/"/g' printer2.txt
>
A problem, so each special character must be escaped with a backslash.

$ sed -e "s/'/\"/g" printer2.txt
I"m always refilling its paper,
it empties my wallet,
its usually broken!
To print put lines in a file found by a pattern and suppress the other lines use the -n quiet
option. The p flag indicates print the lines found.
$ sed -n '/er/p' printer2.txt
I'm always refilling its paper,
Extract the Bluetooth messages from dmesg.

$ dmesg | sed -n '/Bluetooth/p'
[
35.427264] Bluetooth: Core ver 2.17
[
35.427284] Bluetooth: HCI device and connection manager initialized
[
35.427291] Bluetooth: HCI socket layer initialized
[
35.427293] Bluetooth: L2CAP socket layer initialized
[
35.427297] Bluetooth: SCO socket layer initialized
[
35.474045] Bluetooth: can't load firmware, may not work correctly
[
37.243507] Bluetooth: BNEP (Ethernet Emulation) ver 1.3
[
37.243510] Bluetooth: BNEP filters: protocol multicast
[
37.243517] Bluetooth: BNEP socket layer initialized
[
37.244466] Bluetooth: RFCOMM TTY layer initialized
[
37.244472] Bluetooth: RFCOMM socket layer initialized
[
37.244476] Bluetooth: RFCOMM ver 1.11
Extract the comment lines from the /etc/netconfig file.

$
#
#
#
#
#
#
#
#
#
#
#
#
sed -n '/^#/p' /etc/netconfig

The network configuration file. This file is currently only used in
conjunction with the TI-RPC code in the libtirpc library.
Entries consist of:
<network_id> <semantics> <flags> <protofamily> <protoname> \
<device> <nametoaddr_libs>
The <device> and <nametoaddr_libs> fields are always empty in this
implementation.
Diarmuid Briain
29
2.2.3. grep
The grep utility is a powerful pattern search tool. There are numerous options so only some
common ones are listed here.
Option
Meaning
-c
Count instead of presenting results
-E
Extended regular expression
-H
Print the file name for each match
-h
Suppress the prefixing of file names on output
-i
Ignore case
-l
List only filenames that contain matches
-n
Prefix output with line number
-r
Recursive
-v
Invert match
$ grep lmenabrea /etc/passwd

alovelace:x:1002:1003:Ada Lovelace:/home/alovelace:/usr/bin/tcsh
$ sudo grep -n alovelace /etc/passwd
41:alovelace:x:1002:1003:Ada Lovelace:/home/alovelace:/usr/bin/tcsh
$ ls /home
alovelace cbabbage
lmenabrea
$ ls /home | grep alovelace

alovelace
$ ls /home | grep -v alovelace
lmenabrea
cbabbage
30
Diarmuid Briain
Recursively search all files from a point.

$ sudo grep -r alovelace /etc/
/etc/gshadow-:alovelace:!::alovelace
/etc/gshadow-:babbage:
$6$Lo92oBZTUm/H$qw5oIp55D.uy3E5xnzZpHKlO3R5sjJwxayizt1vqbFmLzkcnVdD3RJUhC6WbwGyaLsh
Rv6EtofdFDLAbdrp7X/::alovelace
/etc/gshadow:sudo:*::lmenabrea,alovelace
/etc/gshadow:alovelace:!::alovelace
/etc/gshadow:babbage:
/etc/subuid:alovelace:231072:65536
/etc/passwd:alovelace:x:1002:1003:Ada Lovelace:/home/alovelace:/usr/bin/tcsh
/etc/subgid-:alovelace:231072:65536
/etc/passwd-:alovelace:x:1002:27:Ada Lovelace:/home/alovelace:/usr/bin/tcsh
/etc/shadow:alovelace:
$6$DnyWC4UQ$8bS26d/yiiRdnlj8PTDD8KQpc.bWrDfMCqDcC1FE6XoUDMMDJ6tyn/ZbghwIiUL57kAvcPp
Dd2CoF5bWJl2wA/:0:0:99999:7:::
/etc/subuid-:alovelace:231072:65536
/etc/shadow-:alovelace:
Dd2CoF5bWJl2wA/:16369:0:99999:7:::
/etc/group:sudo:x:27:lmenabrea,alovelace
/etc/group:alovelace:x:1002:alovelace
/etc/group:babbage:x:1003:alovelace
/etc/subgid:alovelace:231072:65536
/etc/group-:alovelace:x:1002:alovelace
/etc/group-:babbage:x:1003:alovelace
Recursively search but supress the filename at the beginning of the line.
$ sudo grep -rh alovelace /etc/
alovelace:!::alovelace
babbage:
sudo:*::lmenabrea,alovelace
alovelace:!::alovelace
babbage:
alovelace:231072:65536
alovelace:
Dd2CoF5bWJl2wA/:0:0:99999:7:::
alovelace:
Dd2CoF5bWJl2wA/:16369:0:99999:7:::
sudo:x:27:lmenabrea,alovelace
alovelace:x:1002:alovelace
Diarmuid Briain
31
Recursively search files and output only the files that contain matches.
$ sudo grep -rl alovelace /etc/
/etc/gshadow/etc/gshadow
/etc/subuid
/etc/passwd
/etc/subgid/etc/passwd/etc/shadow
/etc/subuid/etc/shadow/etc/group
/etc/subgid
/etc/group-
Use a regular expression to extract groups where Ada Lovelace is the first listed member.
$ sudo grep '[0-9]*:alovelace' /etc/group
2.2.4. cut
The cut command filters out fields or columns. Typical options are:
Option
-d
Meaning
Define field delimiter (default is tab)
-c list
Cut by column position
-f list
Cut by field number
$ id
uid=1000(lmenabrea) gid=1000(lmenabrea) groups=1000(lmenabrea),4(adm),6(disk),
24(cdrom),27(sudo),30(dip),46(plugdev),108(lpadmin),110(sambashare)
$ id | cut -d ' ' -f1,2
uid=1000(lmenabrea) gid=1000(lmenabrea)
2.2.5. sort
The sort command is used to sort lines of text files. There are a number of options so here are
just some of the most used.
Option
32
Meaning
-b
Ignore leading blanks
-f
Ignore case
-r
Reverse order
-R
Random sort
Diarmuid Briain

$ ls /home
alovelace
cbabbage
lmenabrea
$ ls /home | sort -r
lmenabrea
cbabbage
alovelace
2.2.6. tr
The tr translate command translates characters in a file from one form to another.
$ cat printer2.txt
I'm always refilling its paper,
its usually broken!
$ cat printer2.txt | tr [:upper:] [:lower:]
my printer will drive me to drink,
i'm always refilling its paper,
its usually broken!
2.2.7. nl
To write a file to standard output with line numbers added use the nl command.
$ ls /home | nl > users.txt
$ cat users.txt
1
lmenabrea
2
cbabbage
3
alovelace
$
1
2
3
ls /home | nl | sed 's/^[ \t]* //g' | sed 's/\t/ /g'

lmenabrea
cbabbage
alovelace
$ ls /home | nl | sed 's/^[ \t]* //g' | sed 's/\t/ /g' > users_list.txt
$
1
2
3
cat users_list.txt
alovelace
cbabbage
johnny
2.2.8. Join
The join command is used to join lines of two files on a common field. In the example the
common field is the line number, the output links these as shown.
$
1
2
3
cat roles.txt
mathematician
inventor
programmer
$
1
2
3
join users_list.txt roles.txt

lmenabrea mathematician
cbabbage inventor
alovelace programmer
Diarmuid Briain
33
2.2.9. uniq
The uniq utility can be used to filter matching lines from input to output. The -c option prefix
lines by the number of occurrences while the -u switch option only prints unique lines. -w can
be used to compare no more than N characters in lines.
$
1
3
8
cat
2 5
3 4
9 7
numbers.txt
3 3 4 8 9 7 6 5 4 3 2 5 6 7 8 9 1 2 5 3 3 4 8 9 7 6 5 4 3 2 5 6 7 8 9 1 2 5
8 9 7 6 5 4 3 2 5 6 7 8 9 1 2 5 3 3 4 8 9 7 6 5 4 3 2 5 6 7 8 9 1 2 5 3 3 4
6 5 4 3 2 5 6 7 8 9 1
$ cat numbers.txt | sed 's/ /\n/g' | sort | uniq

1
2
3
4
5
6
7
8
9
2.2.10. awk
awk is a pattern scanning and processing language. This is a whole language in itself so it is
best analise an example.
$ df -h
Filesystem
/dev/mapper/mint--vg-root
none
udev
tmpfs
none
none
none
/dev/sda1
Size
451G
4.0K
3.7G
756M
5.0M
3.7G
100M
236M
$ df -h | awk '/none/'
none
none
none
none
4.0K
5.0M
3.7G
100M
Used Avail Use% Mounted on

155G 273G 37% /
0 4.0K
0% /sys/fs/cgroup
4.0K 3.7G
1% /dev
1.7M 755M
1% /run
0 5.0M
0% /run/lock
27M 3.7G
1% /run/shm
20K 100M
1% /run/user
77M 147M 35% /boot
0
0
27M
20K
4.0K
5.0M
3.7G
100M
0%
0%
1%
1%
/sys/fs/cgroup
/run/lock
/run/shm
/run/user
$ df -h | awk '/none/ {print $6, "\t", $4}'

/sys/fs/cgroup
4.0K
/run/lock
5.0M
/run/shm
3.7G
/run/user
100M
34
Diarmuid Briain
3. File-system & Storage

3.1. Archiving and compressing files and directories
GNU tar is the GNU version of the tar archiving utility. Originally that was the tape archive. It is
useful to tar up a directory and all the directories and file therein as a single file, the tar archive
file. The GNU tar program can do this. The resultant file is generally called a tarball.
$ tar -cf sandbox.tar sandbox
$ $ file sandbox.tar
sandbox.tar: POSIX tar archive (GNU)
Review a tar archive with the -t or --list option to see a table of contents for the archive.
$ tar -tf sandbox.tar
sandbox/
sandbox/file2.txt
sandbox/file1.txt
sandbox/file3.txt
sandbox/hello.sh
Remove the original directory.

$ rm -r sandbox
Extract the archive and confirm the directory is recovered.

$ tar -xf sandbox.tar
$ ls sandbox
file1.txt file2.txt
file3.txt
hello.sh
3.1.0.1. Compression
The tar archive can be compressed to reduce file size. For example gzip which reduces the
size of files using Lempel-Ziv coding (LZ77) can be applied to the tarball. tar has the ability to
incorporate compression functions as well as archiving and perform both functions with the
same command.
$ tar sandbox.tar
$ ls -l |grep sandbox.tar
Diarmuid Briain
506 Oct 24 13:49 sandbox.tar.gz
35
To reverse this process use the gunzip command.

$ gunzip sandbox.tar.gz
10240 Oct 24 13:49 sandbox.tar
An alternative approach is to use the bzip2 utility which uses the Burrows-Wheeler block
sorting text compression algorithm, and Huffman coding. bzip2 compression is generally
considerably better that the more conventional LZ77/LZ78-based compressors.
$ bzip2 sandbox.tar
507 Oct 24 13:49 sandbox.tar.bz2
The reverse process is similar to what has been seen for gunzip.
$ bunzip2 sandbox.tar.bz2
Fortunately the tar utility offers the ability to both archive and compress in one operation, here
is an example using gzip. Note the file extension for a gzipped archives is either .tar.gz or
simply .tgz. The z switch in the command instructs that the directory be archived and gzipped.
$ tar -czf sandbox.tar.gz sandbox
$ file sandbox.tar.gz
sandbox.tar.gz: gzip compressed data, from Unix, last modified: Fri Oct 24
13:56:47 2014
A similar process can be achieved for bzip2, the end extension being .tar.bz2 or .tbz2 by
convention. The j switch is used to archive and bzip2.
$ tar -cjf sandbox.tar.bz2 sandbox
$ file sandbox.tar.bz2
sandbox.tar.bz2: bzip2 compressed data, block size = 900k
Comparing the relative sizes of the archive and the two compressed versions. When the
requirement is very fast compression, the gzip is the best option, it has also very small memory
footprint, making it ideal for systems with limited memory. bzip2 creates about 15% smaller
files than gzip on average however it compresses at a slower rate than gzip. For
decompression a similar picture emerges with gzip the fastest. bzip2 is a lot slower taking four
to twelve times more time to decompress than gzip.
36
Diarmuid Briain


3.2. Assembling partitions as Redundant Array of Independent

Disks (RAID) devices
With RAID technology it is possible to achieve high levels of storage reliability from low cost
and less reliable harddisk components. This is possible by arranging the devices into arrays for
redundancy. RAID describes a number of methods to divide and replicate data among multiple
harddisk drives. Each RAID Type offers different levels of data reliability and/or Input/Output
(I/O) performance. Physical disks grouped in such configurations are termed RAID arrays. The
RAID array distributes data across multiple disks, but from the OS perspective the array is
seen as one single disk.
3.2.1. Logical Volume Manager (LVM)

In GNU/Linux RAID is often grouped with Logical Volume Manager (LVM) as they share
functionality however they are not the same. LVM allows for the clustering of disks, Physical
Volumes (PV) into Volume Groups (VG), these VGs are mapped to Logical Volumes (LV) that
are interpreted by the OS as partitions.
Install Logical Volume Manager v2 (lvm2).
$ sudo apt-get install lvm2
To demonstrate create a number of partitions on a device like a USB stick. These would
typically be different devices attached to the one system, i.e. /dev/sdb1, /dev/sdc1, /dev/sdd1.
Change the volume types to LVM (id : df) using fdisk.
$ sudo fdisk /dev/sdb
[sudo] password for lmenabrea:
Command (m for help): p
Disk /dev/sdb: 8004 MB, 8004304896 bytes
247 heads, 62 sectors/track, 1020 cylinders, total 15633408 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0x00000000
Device Boot
/dev/sdb1
/dev/sdb2
/dev/sdb3
Start
2048
4196352
8390656
End
4196351
8390655
12584959
Blocks
2097152
2097152
2097152
Id
83
83
83
System
Linux
Linux
Linux
Command (m for help): t

Partition number (1-4): 1
Hex code (type L to list codes): df
Changed system type of partition 1 to df (BootIt)
Diarmuid Briain
37

Disk /dev/sdb: 8004 MB, 8004304896 bytes
Device Boot
/dev/sdb1
/dev/sdb2
/dev/sdb3
Start
2048
4196352
8390656
End
4196351
8390655
12584959
Blocks
2097152
2097152
2097152
Id
df
df
df
System
BootIt
BootIt
BootIt
Command (m for help): w

The partition table has been altered!
Calling ioctl() to re-read partition table.
Syncing disks.
Initialise these disks for use by LVM with the pvcreate command.
$ sudo pvcreate /dev/sdb1
Physical volume "/dev/sdb1" successfully created
Create as volume group into which the physical volumes are incorporated.
$ sudo vgcreate vg0 /dev/sdb1 /dev/sdb2 /dev/sdb3
Volume group "vg0" successfully created
Now create logical volumes as necessary up to the limits on size imposed by the overall volume
group size. In this way the logical volumes loose the limitations of the physical volumes.
$ sudo lvcreate -L 5G -n lv0 vg0
Logical volume "lv0" created
$ sudo lvcreate -L 500M -n lv1 vg0
Logical volume "lv1" created
Display the physical and logical volumes.

$ sudo pvdisplay
--- Physical volume --PV Name
/dev/sdb1
VG Name
vg0
PV Size
2.00 GiB / not usable 4.00 MiB
Allocatable
yes (but full)
PE Size
4.00 MiB
Total PE
511
Free PE
0
Allocated PE
511
PV UUID
axBeys-m1DN-JGyy-FAv5-exzB-saai-d2YwhQ
38
Diarmuid Briain

/dev/sdb2
VG Name
vg0
PV Size
Allocatable
yes (but full)
PE Size
4.00 MiB
Total PE
511
Free PE
0
Allocated PE
511
PV UUID
PJ2k6p-II6z-7RRG-qbvf-EdLS-A1M6-6DRHNQ
/dev/sdb3
VG Name
vg0
PV Size
Allocatable
yes
PE Size
4.00 MiB
Total PE
511
Free PE
253
Allocated PE
258
PV UUID
oEG0Af-Rnhv-qAA7-BzHE-i3Rc-rr5t-4llifX
$ sudo vgdisplay
--- Volume group --VG Name
System ID
Format
Metadata Areas
Metadata Sequence No
VG Access
VG Status
MAX LV
Cur LV
Open LV
Max PV
Cur PV
Act PV
VG Size
PE Size
Total PE
Alloc PE / Size
Free PE / Size
VG UUID
vg0
$ sudo lvdisplay
--- Logical volume --LV Path
LV Name
VG Name
LV UUID
LV Write Access
LV Creation host, time
LV Status
# open
LV Size
Current LE
Segments
Allocation
Read ahead sectors
- currently set to
Block device
lvm2
3
2
read/write
resizable
0
1
0
0
3
3
5.99 GiB
4.00 MiB
1533
1280 / 5.00 GiB
253 / 1012.00 MiB
EK76Ui-bH4A-ALHr-0xYJ-7MEh-mUjB-AokyLw
Diarmuid Briain
/dev/vg0/lv0
lv0
vg0
447mNo-2MqY-6AtZ-GdeW-sI6A-y3K9-LoYovm
read/write
Precision-M70, 2014-11-19 20:59:28 +0000
available
0
5.00 GiB
1280
3
inherit
auto
256
252:0
39

--- Logical volume --LV Path
LV Name
VG Name
LV UUID
LV Write Access
LV Creation host, time
LV Status
# open
LV Size
Current LE
Segments
Allocation
Read ahead sectors
- currently set to
Block device
/dev/vg0/lv1
lv1
vg0
cPDY8T-CvYl-7dmH-gTo6-ByTR-Kdop-PvLte2
read/write
Precision-M70, 2014-11-19 21:02:19 +0000
available
0
500.00 MiB
125
1
inherit
auto
256
252:1
These logical volumes can be addressed as either:
/dev/vg0/lv0
/dev/vg0/lv0
/dev/mapper/vg0-lv0
/dev/mapper/vg0-lv1
or
Make a filesystem on the logical volumes, create mount points and mount.
$ sudo ls /dev/mapper
control vg0-lv0 vg0-lv1
$ sudo mkfs.ext4 /dev/vg0/lv0
$ sudo mkfs.ext4 /dev/vg0/lv1
$ sudo mkdir /mnt/l-vol0
$ sudo mkdir /mnt/l-vol1
$ sudo mount -t ext4 /dev/vg0/lv0 /mnt/l-vol0
$ sudo mount -t ext4 /dev/vg0/lv1 /mnt/l-vol1
$ df -h
Filesystem
/dev/sda1
none
udev
tmpfs
none
none
none
/dev/mapper/vg0-lv0
/dev/mapper/vg0-lv1
40
Size
91G
4.0K
488M
101M
5.0M
501M
100M
4.8G
477M

4.0G
82G
5% /
0 4.0K
0% /sys/fs/cgroup
4.0K 488M
1% /dev
1.1M 100M
2% /run
0 5.0M
0% /run/lock
152K 501M
1% /run/shm
40K 100M
1% /run/user
10M 4.6G
1% /mnt/l-vol0
2.3M 445M
1% /mnt/l-vol1
Diarmuid Briain
3.2.2. RAID Types

Here is a description of the basic concepts on some RAID types:
Diarmuid Briain
41
RAID
Type
42
Description
The data is distributed equally between one or more disks without information on parity
or redundancy, without offering fault tolerance. Data is distributed across the disks to
increase storage volume, if the disk fails physically, the information will be lost and will
have to be recovered from backup copies. What does increase is the performance,
depending on the RAID 0 implementation, given that the read and write options will be
divided among the different disks. This is often confused with LVM.
This RAID type creates an exact copy, a mirror on a set of two or more disks in an
array. RAID 1 is useful for the reading performance which can increase lineally with the
number of disks. It also adds fault tolerance where a fault occurs to one of the disks as
the same information is available on each. RAID 1 is usually adequate for High
Availability (HA) where resources are needed critically. This configuration also makes
it possible to hot swap disks. If a fault is detected in any of the disks, it can be replaced
without switching off the system.
Unlike earlier RAID types with RAID 2 the data is divided into bits and redundant
codes are used for error correction. It is not widely used as a large number of disks is
required, one per system bit plus redundancy bits, so for a 32 bit system 39 disks are
required.
RAID3 uses byte divisions with an additional disk dedicated to the parity of blocks.
This is not very widely used type. Depending on the size of the data and the positions,
it does not provide simultaneous accesses.
RAID 4 is similar to RAID 3, however it stripes the data at the block level, instead of
byte level, which means that it is possible to service simultaneous requests when only
a single block is requested.
Block level striping is used, distributing the parity among the disks. It is widely used,
due to the simple parity scheme and due to the fact that this calculation is implemented
simply by the hardware, with good performance levels.
Block level striping like in RAID 5 with the addition of another parity block, i.e. Block
level striping with two parity blocks.
01
A mirror stripe is a nested RAID level where groups of RAID 0 arrays are used in a
RAID 1 array to create a mirror between them. An advantage is that, in the event of an
error, the RAID 0 level used may be rebuilt thanks to the other copy, but if more disks
need to be added, they have to be added to all the RAID 0 groups equally.
10
Striping of mirrors where groups of RAID 1 arrays are used in a RAID 0 array. In each
RAID 1 group if a disk fails there is no loss of data. RAID 10 arrays are used with high
performance databases as they include both fault tolerance and the speed.
Diarmuid Briain
3.2.3. Building RAID Arrays

Looking at an example to build a RAID array across two USB Sticks. Create and format a
RAID-1 partition using these two units. Configure the system to automatically mount it into a
given location and so that users without administrative rights are allowed to Read and Write
files in the partition.
The steps:
Create partitions on each disk (type fd).

Creade RAID device with the mdadm.
Format RAID device.
Mount RAID device (add to /etc/fstab).
Capture RAID details to ensure persistence.
mdadm -s can be used to stop RAID.
3.2.3.1. Install the mdadm utility

The GNU/Linux mdadm utility provides GNU/Linux Software RAID. Each RAID device is a
virtual device created from two or more real block devices. This allows multiple devices to be
combined into a single device upon which a single file-system is installed. This example will
demonstrate RAID 1 across two USB Sticks. The USB Sticks will have a file-system created
across the RAID array md0.
$ sudo apt-get install mdadm
Diarmuid Briain
43
3.2.3.2. Prepare the disks

Plug in two USB Sticks, the first is assigned the device name /dev/sdb and the second
/dev/sdc.
$ sudo dmesg --clear
$ dmesg
[11812.842203] usb 1-1.2: new high-speed USB device number 12 using ehci-pci
[11812.935115] usb 1-1.2: New USB device found, idVendor=0781, idProduct=557c
[11812.935123] usb 1-1.2: New USB device strings: Mfr=1, Product=2,
SerialNumber=3
[11812.935127] usb 1-1.2: Product: Cruzer Orbit
[11812.935130] usb 1-1.2: Manufacturer: SanDisk
[11812.935133] usb 1-1.2: SerialNumber: 4C530006020326110033
[11812.935558] usb-storage 1-1.2:1.0: USB Mass Storage device detected
[11812.935814] scsi9 : usb-storage 1-1.2:1.0
[11813.936669] scsi 9:0:0:0: Direct-Access
SanDisk Cruzer Orbit
1.27
PQ:
0 ANSI: 6
[11813.937222] sd 9:0:0:0: Attached scsi generic sg2 type 0
[11813.938856] sd 9:0:0:0: [sdb] 15633408 512-byte logical blocks: (8.00 GB/7.45
GiB)
[11813.941206] sd 9:0:0:0: [sdb] Write Protect is off
[11813.941214] sd 9:0:0:0: [sdb] Mode Sense: 43 00 00 00
[11813.942306] sd 9:0:0:0: [sdb] Write cache: disabled, read cache: enabled,
doesn't support DPO or FUA
[11813.959652] sdb: sdb1
[11813.965473] sd 9:0:0:0: [sdb] Attached SCSI removable disk
[11814.189686] FAT-fs (sdb1): Volume was not properly unmounted. Some data may
be corrupt. Please run fsck.
[11880.789055] usb 3-3: new high-speed USB device number 12 using xhci_hcd
[11880.805751] usb 3-3: New USB device found, idVendor=0781, idProduct=557c
[11880.805758] usb 3-3: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[11880.805762] usb 3-3: Product: Cruzer Orbit
[11880.805765] usb 3-3: Manufacturer: SanDisk
[11880.805768] usb 3-3: SerialNumber: 4C530101970326110163
[11880.806130] usb-storage 3-3:1.0: USB Mass Storage device detected
[11880.806375] scsi10 : usb-storage 3-3:1.0
1.27
PQ: 0 ANSI: 6
[11881.809030] sd 10:0:0:0: [sdc] 15633408 512-byte logical blocks: (8.00 GB/7.45
GiB)
[11881.810928] sd 10:0:0:0: [sdc] Write Protect is off
[11881.810938] sd 10:0:0:0: [sdc] Mode Sense: 43 00 00 00
[11881.811232] sd 10:0:0:0: [sdc] Write cache: disabled, read cache: enabled,
[11881.825638] sdc: sdc1
[11881.829394] sd 10:0:0:0: [sdc] Attached SCSI removable disk
[11882.022366] FAT-fs (sdc1): Volume was not properly unmounted. Some data may
44
Diarmuid Briain
You can use the lsblk command to see the physical layout.
$ sudo lsblk
NAME
MAJ:MIN RM
sda
8:0
0
sda1
8:1
0
sda2
8:2
0
sda5
8:5
0
sdb
8:16
1
sdb1
8:17
1
sdc
8:32
1
sdc1
8:33
1
sr0
11:0
1
SIZE RO TYPE MOUNTPOINT

93.2G 0 disk
92.2G 0 part /
1K 0 part
1022M 0 part [SWAP]
7.5G 0 disk
7.5G 0 part
7.5G 0 disk
7.5G 0 part
1024M 0 rom
Another useful tool is the blkid command. This gives the Universally Unique IDentifier (UUID)
label for each device.
$ blkid
/dev/sda1: UUID="3b0a7ce9-55c7-43b1-8c54-96510bbda441" TYPE="ext2"
/dev/sda5: UUID="e619d452-fc36-4022-b0c0-571125787752" TYPE="crypto_LUKS"
/dev/mapper/sda5_crypt: UUID="rnEgUj-16bd-KFYn-MvEP-gkaw-3VOB-1g6XKg"
TYPE="LVM2_member"
/dev/mapper/mint--vg-root: UUID="ef2975f9-eeff-4b5d-82cf-13bc6ed90220"
TYPE="ext4"
/dev/mapper/mint--vg-swap_1: UUID="915e1367-6aec-4a1b-b098-7cf05e7804ff"
TYPE="swap"
/dev/sdb1: UUID="cc0e789a-869f-4999-a231-324bc8203eac" TYPE="ext4"
/dev/sdb2: UUID="9f1730b7-b2c9-4ffc-9ec1-62466b2c9b78" TYPE="ext4"
Delete existing partitions on the USB Sticks.

dev/sdb
Command (m for help): d
Selected partition 1
Disk /dev/sdc: 8004 MB, 8004304896 bytes
Device Boot
Start
End
Blocks
Id
System

WARNING: Re-reading the partition table failed with error 16: Device or resource
busy.
The kernel still uses the old table. The new table will be used at
the next reboot or after you run partprobe(8) or kpartx(8)
Syncing disks.
Diarmuid Briain
45
dev/sdb
$ sudo fdisk /dev/sdc
Command (m for help): d
Selected partition 1
Disk /dev/sdc: 8004 MB, 8004304896 bytes
Device Boot
Start
End
Blocks
Id
System

WARNING: Re-reading the partition table failed with error 16: Device or resource
busy.
The kernel still uses the old table. The new table will be used at
the next reboot or after you run partprobe(8) or kpartx(8)
Syncing disks.
3.2.3.3. Create RAID Array

Create a RAID Array /dev/md0 from the two USB Sticks /dev/sdb and /dev/sdc.
$ sudo mdadm --create /dev/md0 --level=1 --raid-devices=2 /dev/sdb /dev/sdc
mdadm: /dev/sdb appears to be part of a raid array:
level=raid0 devices=2 ctime=Tue May 27 09:26:15 2014
mdadm: partition table exists on /dev/sdb but will be lost or
meaningless after creating array
mdadm: Note: this array has metadata at the start and
may not be suitable as a boot device. If you plan to
store '/boot' on this device please ensure that
your boot-loader understands md/v1.x metadata, or use
--metadata=0.90
mdadm: /dev/sdc appears to be part of a raid array:
level=raid0 devices=2 ctime=Tue May 27 09:26:15 2014
mdadm: partition table exists on /dev/sdc but will be lost or
meaningless after creating array
Continue creating array? yes
mdadm: Defaulting to version 1.2 metadata
mdadm: array /dev/md0 started.
Confirm array is started.

$ cat /proc/mdstat
Personalities : [raid0] [raid1]
md0 : active raid1 sdc[1] sdb[0]
7812544 blocks super 1.2 [2/2] [UU]
[>....................] resync = 1.6% (125824/7812544) finish=48.8min
speed=2619K/sec
46
Diarmuid Briain

$ sudo mdadm --detail /dev/md0
/dev/md0:
Version : 1.2
Creation Time : Tue May 27 09:33:51 2014
Raid Level : raid1
Array Size : 7812544 (7.45 GiB 8.00 GB)
Used Dev Size : 7812544 (7.45 GiB 8.00 GB)
Raid Devices : 2
Total Devices : 2
Persistence : Superblock is persistent
Update Time
State
Active Devices
Working Devices
Failed Devices
Spare Devices
:
:
:
:
:
:
Tue May 27 09:33:51 2014

clean, resyncing
2
2
0
0
Resync Status : 2% complete

Name : riomhairePAD:0 (local to host riomhairePAD)
UUID : 50ca6035:dfa9701c:212aa43b:709ca81c
Events : 0
Number
0
1
Major
8
8
Minor
16
32
RaidDevice State
0
active sync
1
active sync
/dev/sdb
/dev/sdc
3.2.3.4. Create file-system on RAID Array

Make a file-system on the new RAID Array. In this case an GNU/Linux fourth EXTended filesystem (ext4).
$ sudo mkfs --type ext4 /dev/md0
mke2fs 1.42.8 (20-Jun-2013)
file-system label=
OS type: Linux
Block size=4096 (log=2)
Fragment size=4096 (log=2)
Stride=0 blocks, Stripe width=0 blocks
488640 inodes, 1953136 blocks
97656 blocks (5.00%) reserved for the super user
First data block=0
Maximum file-system blocks=2000683008
60 block groups
32768 blocks per group, 32768 fragments per group
8144 inodes per group
Superblock backups stored on blocks:
32768, 98304, 163840, 229376, 294912, 819200, 884736, 1605632
Allocating group tables: done
Writing inode tables: done
Creating journal (32768 blocks): done
Writing superblocks and file-system accounting information: done
3.2.3.5. Mount new file-system on Operating System

Mount the new file-system on the OS.
$ sudo mkdir /mnt/raid1-md0
$ sudo chown root:disk /mnt/raid1-md0/
$ sudo chmod 775 /mnt/raid1-md0/
Diarmuid Briain
47
Add users that require access to the drive to the disk group.
$ sudo vi /etc/group
...
disk:x:100:lmenabrea
...
Make persistent, such that after a reboot the RAID array will reform. The initramfs needs to be
updated so it contains the /etc/mdadm/mdadm.conf settings during boot.
$
#
#
#
sudo -s
echo -e "\n# RAID1 Array of USB Sticks" >> /etc/mdadm/mdadm.conf
mdadm --detail --scan >> /etc/mdadm/mdadm.conf
echo -e "\n# Mount for RAID 1\n/dev/md0\t/mnt/raid1-md0\text4\tdefaults\t0\t0"
>> /etc/fstab
# mount -a
# update-initramfs -u
# exit
Review the new file-system.

$ sudo df -h /mnt/raid1-md0/
file-system
/dev/md0
Size
7.3G

17M 6.9G
1% /mnt/raid1-md0
Create the /etc/mdadm.conf file

Create the /etc/mdadm.conf file.
$ sudo mdadm --detail --scan >> /etc/mdadm.conf
3.2.3.6. Test file access and persistence

Test that members of the disk group can create files on the RAID array partition.
$ echo "This is a test" > /mnt/raid1-md0/testfile
$ cat /mnt/raid1-md0/testfile
This is a test
After a reboot check the RAID device exists.

$ sudo mdadm --detail --scan
ARRAY /dev/md0 metadata=1.2 name=riomhairePAD:0
UUID=b775b70c:e8d82e72:39e88cc4:e0c79c0f
48
Diarmuid Briain

/dev/md0:
Version
Creation Time
Raid Level
Array Size
Used Dev Size
Raid Devices
Total Devices
Persistence
:
:
:
:
:
:
:
:
1.2
Tue May 27 15:28:05 2014
raid1
7812544 (7.45 GiB 8.00 GB)
7812544 (7.45 GiB 8.00 GB)
2
2
Superblock is persistent
Update Time
State
Active Devices
Working Devices
Failed Devices
Spare Devices
:
:
:
:
:
:
Tue May 27 15:33:10 2014

active, resyncing
2
2
0
0
Resync Status : 12% complete

UUID : b775b70c:e8d82e72:39e88cc4:e0c79c0f
Events : 5
Number
0
1
Major
8
8
Minor
16
32
RaidDevice State
0
active sync
1
active sync
/dev/sdb
/dev/sdc
3.2.3.7. Simulate disk failure during a copy

Force failure of system during file transfer
Start copying a rather large file, stop the machine and remove one of the disks to simulate a
physical disk failure.
$ ls -l ~/Downloads/debian-live-7.4-i386-standard.iso
-rw-r--r-- 1 lmenabrea lmenabrea 565182464 May 4 07:04
/home/lmenabrea/Downloads/debian-live-7.4-i386-standard.iso
$ sudo cp ~/Downloads/debian-live-7.4-i386-standard.iso /mnt/raid1-md0/
During copy stop computer, remove one of the disks and reboot. As the computer reboots the
following message is displayed.
***
Warning degraded device detected
***
Press Y to start degraded RAID or N to launch recovery shell
Press Y and as the computer continues to boot it displays the following message.
Starting the RAID in degraded mode.
Diarmuid Briain
49
Upon reboot review the RAID. Notice that /dev/sdc is marked as removed.
/dev/md0:
Version
Creation Time
Raid Level
Array Size
Used Dev Size
Raid Devices
Total Devices
Persistence
:
:
:
:
:
:
:
:
1.2
Tue May 27 15:28:05 2014
raid1
7812544 (7.45 GiB 8.00 GB)
7812544 (7.45 GiB 8.00 GB)
2
1
Update Time
State
Active Devices
Working Devices
Failed Devices
Spare Devices
:
:
:
:
:
:
Tue May 27 15:56:55 2014

clean, degraded
1
1
0
0

Events : 13
Number
0
1
Major
8
0
Minor
16
0
RaidDevice State
0
active sync
1
removed
/dev/sdb
Confirm data is intact on single disk

Existing data on the drive is intact.
$ sudo df -h /mnt/raid1-md0/
file-system
Size Used Avail Use% Mounted on
/dev/md0
7.3G
17M 6.9G
1% /mnt/raid1-md0
$ cat /mnt/raid1-md0/testfile
This is a test
Check failed disk. Note that [2/1] [U_] replaces [2/2] [UU] from the earlier runs of the
command.
$ cat /proc/mdstat
Personalities : [linear] [multipath] [raid0] [raid1] [raid6] [raid5] [raid4]
[raid10]
md0 : active raid1 sdb[0]
7812544 blocks super 1.2 [2/1] [U_]
unused devices: <none>
Remove failed disk and replace

Remove the failed drive from the RAID array.
$ mdadm --manage /dev/md0 --fail /dev/sdc
50
Diarmuid Briain
Replace the physical drive.

$ dmesg
...
[ 731.411863] usb 1-1.2: new high-speed USB device number 6 using ehci-pci
[ 731.505089] usb 1-1.2: New USB device found, idVendor=0781, idProduct=557c
[ 731.505098] usb 1-1.2: New USB device strings: Mfr=1, Product=2,
SerialNumber=3
[ 731.505102] usb 1-1.2: Product: Cruzer Orbit
[ 731.505105] usb 1-1.2: Manufacturer: SanDisk
[ 731.505108] usb 1-1.2: SerialNumber: 4C530006020326110033
[ 731.505542] usb-storage 1-1.2:1.0: USB Mass Storage device detected
[ 731.505749] scsi7 : usb-storage 1-1.2:1.0
[ 732.506834] scsi 7:0:0:0: Direct-Access
1.27
PQ: 0 ANSI: 6
[ 732.507436] sd 7:0:0:0: Attached scsi generic sg3 type 0
[ 732.508903] sd 7:0:0:0: [sdc] 15633408 512-byte logical blocks: (8.00 GB/7.45
GiB)
[ 732.511286] sd 7:0:0:0: [sdc] Write Protect is off
[ 732.511296] sd 7:0:0:0: [sdc] Mode Sense: 43 00 00 00
[ 732.512391] sd 7:0:0:0: [sdc] Write cache: disabled, read cache: enabled,
[ 732.525679] sdc:
[ 732.531656] sd 7:0:0:0: [sdc] Attached SCSI removable disk
Dump partitions from good disk to new disk

Dump the partitions /dev/sdb to the new /dev/sdc.
$ sudo sfdisk --dump /dev/sdb | sfdisk /dev/sdc
Checking that no-one is using this disk right now ...
BLKRRPART: Permission denied
OK
Disk /dev/sdc: 1020 cylinders, 247 heads, 62 sectors/track
Old situation:
Units = cylinders of 7840768 bytes, blocks of 1024 bytes, counting from 0
Device Boot Start
End
#cyls
#blocks
/dev/sdc1
0
0
0
/dev/sdc2
0
0
0
/dev/sdc3
0
0
0
/dev/sdc4
0
0
0
New situation:
Units = sectors of 512 bytes, counting from 0
Id
0
0
0
0
System
Empty
Empty
Empty
Empty
Device Boot
Start
End
#sectors Id System
/dev/sdc1
0
0
0 Empty
/dev/sdc2
0
0
0 Empty
/dev/sdc3
0
0
0 Empty
/dev/sdc4
0
0
0 Empty
Warning: no primary partition is marked bootable (active)
This does not matter for LILO, but the DOS MBR will not boot this disk.
Successfully wrote the new partition table
Re-reading the partition table ...
BLKRRPART: Permission denied
If you created or changed a DOS partition, /dev/foo7, say, then use dd(1)
to zero the first 512 bytes: dd if=/dev/zero of=/dev/foo7 bs=512 count=1
(See fdisk(8).)
Diarmuid Briain
51
Add new disk to RAID array

Now add the new physical disk to the RAID array. The new drive will be synchronised and
while it does it will be shown as md0 : active raid1 sdc[2] sdb[0] and the recovery will be
shown as a percentage. This can be reviewed by re-running the command regularly.
$ sudo mdadm --manage /dev/md0 --add /dev/sdc
mdadm: added /dev/sdc
$ cat /proc/mdstat
[raid10]
7812544 blocks super 1.2 [2/1] [U_]
[>....................] recovery = 0.9% (75136/7812544) finish=48.0min
speed=2683K/sec
$ cat /proc/mdstat |grep recovery
[=>...................] recovery
speed=2617K/sec
[============>........] recovery
speed=2650K/sec
[==============>......] recovery
speed=2638K/sec
[==================>..] recovery
speed=2617K/sec
[===================>.] recovery
speed=2611K/sec
9.8% (770496/7812544) finish=44.8min
= 61.7% (4826880/7812544) finish=18.7min

= 72.4% (5657152/7812544) finish=13.6min
= 91.5% (7150336/7812544) finish=4.2min
= 96.0% (7507456/7812544) finish=1.9min
$ cat /proc/mdstat
[raid10]
7812544 blocks super 1.2 [2/2] [UU]
52
Diarmuid Briain

/dev/md0:
Version
Creation Time
Raid Level
Array Size
Used Dev Size
Raid Devices
Total Devices
Persistence
:
:
:
:
:
:
:
:
1.2
Tue May 27 15:28:05 2014
raid1
7812544 (7.45 GiB 8.00 GB)
7812544 (7.45 GiB 8.00 GB)
2
2
Update Time
State
Active Devices
Working Devices
Failed Devices
Spare Devices
:
:
:
:
:
:
Tue May 27 17:06:09 2014

clean
2
2
0
0

Events : 40
Number
0
2
Major
8
8
Minor
16
32
RaidDevice State
0
active sync
1
active sync
/dev/sdb
/dev/sdc
The RAID array is now fully recovered with two disks.
3.3. Configuring swap partitions

It may be necessary to add more SWAP space on a GNU/Linux system. After upgrading the
RAM on a system you may want to increase the amount of SWAP space if the system runs
memory hungry applications or performs memory intense operations. SWAP can be added as
either an additional SWAP partition or a SWAP file. The preference is to add a partition but that
may not always be possible.
3.3.1. Add a SWAP partition

$ sudo parted /dev/sdb
GNU Parted 2.3
Using /dev/sdb
Welcome to GNU Parted! Type 'help' to view a list of commands.
(parted) print
Model: SanDisk Ultra (scsi)
Disk /dev/sdb: 16.0GB
Sector size (logical/physical): 512B/512B
Partition Table: gpt
Number
1
2
Start
1049kB
8193MB
End
8193MB
15.0GB
Size
8191MB
6807MB
File system
ext4
fat32
Name
primary
primary
Flags
(parted) rm 2
Warning: Partition /dev/sdb2 is being used. Are you sure you want to continue?
Yes/No? Yes
Diarmuid Briain
53

Error: Partition(s) 2 on /dev/sdb have been written, but we have been unable to
inform the kernel of the change, probably because it/they are in use. As a
result, the old partition(s) will remain in use. You should reboot now before
making further changes.
Ignore/Cancel? Ignore
(parted) print
Number
1
Start
1049kB
End
8193MB
Size
8191MB
File system
ext4
Name
primary
Flags
(parted) mkpart primary 8193 15000

(parted) quit
Make the new partition into a SWAP partition.

$ sudo mkswap /dev/sdb2
Setting up swapspace version 1, size = 6647804 KiB
no label, UUID=63e7a71a-b0c6-4a24-a227-8c16fe54236f
Enable the new SWAP partition.

$ sudo swapon /dev/sdb2
Add an entry to /etc/fstab to enable the SWAP partition after boot.

$ sudo -s
# cat << FSTAB >> /etc/fstab
# Add lines to mount /dev/sdb2 as a SWAP partition on boot
/dev/sdb2
swap
swap
defaults
FSTAB
Confirm the new SWAP partition is operational.

$ cat /proc/swaps
Filename
/dev/dm-2
/dev/sdb2
54
Type
partition
partition
Size
Used
7942140
0
6647804
0
Priority
-1
-2
Diarmuid Briain
3.3.2. Add a SWAP file

Decide on the size of SWAP file required in MB (lets say 128 MB). Multiply the size (in MB) by
1024 to determine the block size 128 x 1024 = 131,072. Create the file.
$ sudo dd if=/dev/zero of=/swapfile bs=1024 count=131072
131072+0 records in
131072+0 records out
134217728 bytes (134 MB) copied, 0.324203 s, 414 MB/s
Make the new file /swapfile into a SWAP file.

$ sudo mkswap /swapfile
Setting up swapspace version 1, size = 131068 KiB
no label, UUID=1f5a5eb3-2ac2-48f6-8174-ed20aebfa4e2
Enable the new SWAP file.

$ sudo swapon /swapfile
Add an entry to /etc/fstab to enable the SWAP file after boot.

$ sudo -s
# Add lines to mount /dev/sdb2 as a SWAP partition on boot
/swapfile
swap
swap
defaults
FSTAB
Confirm the new SWAP partition is operational.

$ cat /proc/swaps
Filename
/dev/dm-2
/dev/sdb2
/swapfile
Type
partition
partition
file
Size
Used
7942140
0
6647804
0
131068
0
Priority
-1
-2
-3
3.4. File attributes

3.4.1. Basic permissions
Basic permissions for files are:
Permission
Description
Read
to be able to open and view the file.
Write
to overwrite or modify the file.
eXecute
to run the file as a binary.
Diarmuid Briain
55
Basic permissions for directories are:

Permission
Description
Read
to be able to view the contents of the directory.
Write
to be able to create new files/directories within the directory.
eXecute
to be able to Change Directory (cd) into the directory.
View permissions in the sandbox directory.

$ ls -l
total 16
-rw-r--r--rw-r--r--rw-r--r--rwxr-xr-drwxr-xr-x
1
1
1
1
2
lmenabrea lmenabrea 34 Oct 21 15:54 file1.txt

alovelace babbage 91 Oct 26 00:54 hello.sh
lmenabrea babbage 4096 Oct 27 00:13 more_files
3.4.2. Default permissions

The default permissions on a GNU/Linux system are set with the umask command. This
command takes a mask (inverse) of the permissions that will be applied to new files. The
command without values will display the current mask.
$ umask
0022
In this case with a mask of 022 the default permissions will be:
Files
Directories
777
666
022
022
755
644
3.4.3. Change permissions

To change permissions of files/directories the following commands can be used:
chown - change the ownership of the file/directory (need to be root to use).

chgrp - change group ownership of a file or directory.
chmod - change the access rights to the file or directory, such as:
chmod +rx filename - adds Read and eXecute permissions for the Owner,
Group and Others.
chmod g+w filename - adds Write permissions to the group.
56
chmod go-w filename - removes write perms for the group as well as others.
Diarmuid Briain
Change the permissions on file1.txt to User and Group having Read and Write access and
others with no access.
$ chmod u+rw,g+rw,o-rwx file1.txt
$ ls -l | grep file1.txt
total 20
-rw-rw---- 1 lmenabrea lmenabrea
Instead of letters, numeric permissions can also be used.

Permissions
Description
no access
eXecute
Write
Read
For example changing file permissions to 660 will give the user
$ chmod 660 file2.txt
$ ls -l | grep file2.txt
total 20
-rw-rw---- 1 lmenabrea lmenabrea
3.4.4. Special bits

3.4.4.1. setuid Bit
The set user ID (setuid) bit allows the specification of which user a certain program is
executed as. This is invaluable when an application that needs to run as another user (i.e.
'root') when launched. An example:
$ sudo chown root hello.sh
$ sudo chmod +x hello.sh
$ sudo chmod +s hello.sh
$ ls -l | grep hello.sh
-rwsr-xr-x 1 root
root
$ whoami
lmenabrea
$ ./hello.sh
When Luigi Menabrea launched the hello.sh script, it has all of the rights of the root user
despite lmenabrea being the owner of the process. Note the s instead of the x in the user
section. This indicates that the setuid is set.
Diarmuid Briain
57
3.4.4.2. setgid Bit

The set group ID (setgid) allows for the enforcement of what group ownership a directory, plus
all it's subdirectories and files have. i.e. If the setgid bit is set to babbage on a directory, any
directory or file created below that directory will also have the babbage group ownership. This
allows the setup of shared network folders that are accessible by any member of the group,
and any file below that directory will maintain that group ownership.
$ sudo chgrp babbage more_files
$ sudo chmod g+s more_files
$ ls -l | grep more_files
drwxr-sr-x 2 lmenabrea babbage
4096 Oct 27 00:13 more_files
$ whoami
lmenabrea
$ echo "New file data" > more_files/file4.txt
$ ls -l more_files/
total 4
-rw-r--r-- 1 lmenabrea babbage 14 Oct 27 00:48 file4.txt
Note that the new file has the group babbage.
3.4.4.3. Sticky Bit

The Save Text Attribute bit (sticky bit) is only set on a directory. It specifies that only the
owner of a file can delete their own file within the directory regardless of other permissions. In
the example where more_files has the group babbage and a file created by lmenabrea could
only be deleted by him. So Ada Lovelace who is part of the babbage group cannot delete.
$ sudo chmod +t more_files
$ ls -l | grep ^d
drwxr-sr-t 2 lmenabrea babbage
4096 Oct 27 00:48 more_files
Note that the other x permission position is replaced by t, the sticky bit.
3.4.4.4. Special bits using numeric permissions

This is similar to regular permissions with the addition of another digit at the front.
Permissions
58
Description
no special bit is set.
sticky bit is set.
setgid bit is set.
setuid bit is set.
Diarmuid Briain

$ sudo chmod 0660 file4.txt
# No special bits, RW - User, RW - Group

# Sticky and setgid bits, RW - User, RW - Group
# setuid bits, RW - User, RW Group
3.5. Finding files on the file-system

There are a number of ways to find files on a GNU/Linux system. The first is the find command
that searches through the file-system from the poing given in the command.
find START-POINT -name FILE-NAME -print
$ find ~/ -name hello.sh -print
/home/lmenabrea/Desktop/sandbox/hello.sh
Using locate is somewhat faster assuming the database it is using is up-to-date. Usually cron
runs the updatedb utility daily which updates a database of filenames in the system. Searching
this database is much faster than searching the actual file-system. The database can be
updated manually with the updatedb command.
$ sudo updatedb
$ locate hello.sh
/home/lmenabrea/Desktop/sandbox/hello.sh
Using GREP to find a string within a file, and list the files containing the string.
grep [OPTIONS] PATTERN FILES-TO-SEARCH
-r
Recursively.
-H
Print the file name for each match.
-l
Print file names only.
-i
Ignore case.
$ grep -rl "The quick brown fox" ~/*

/home/lmenabrea/Desktop/sandbox/file3.txt
/home/lmenabrea/Desktop/sandbox.tar
$ grep -rH "The quick brown fox" ~/*
/home/lmenabrea/Desktop/sandbox/file3.txt:The quick brown fox jumps over the lazy
dog.
Binary file /home/lmenabrea/Desktop/sandbox.tar matches
3.6. Formatting file-systems

As an example plug in a USB Stick into the USB port on the computer and format it with two
partitions, one as an ext4 partition and the other as a FAT32 (vfat) partition. Plug in the USB
Stick and tail the output of the system dmesg output to determine its device name.
$ dmesg | tail
SanDisk Ultra
PQ: 0 ANSI: 5
Diarmuid Briain
1.26
59

[25817.295497] sd 7:0:0:0: [sdb] 31266816 512-byte logical blocks: (16.0 GB/14.9
GiB)
[25817.297056] sd 7:0:0:0: [sdb] Write Protect is off
[25817.297065] sd 7:0:0:0: [sdb] Mode Sense: 43 00 00 00
[25817.298075] sd 7:0:0:0: [sdb] Write cache: disabled, read cache: enabled,
[25817.321262] sdb: sdb1
[25817.324918] sd 7:0:0:0: [sdb] Attached SCSI removable disk
[25817.598220] EXT4-fs (sdb1): recovery complete
[25817.599850] EXT4-fs (sdb1): mounted file-system with ordered data mode. Opts:
(null)
Another method to find block devices is with the use of the lsblk command. This command
lists information about all or the specified block devices by reading the information from the
sysfs filesystem.
$ lsblk
NAME
sda
sda1
sda2
sda5
sda5_crypt (dm-0)
mint--vg-root (dm-1)
mint--vg-swap_1 (dm-2)
sdb
sdb1
sdb2
sr0
MAJ:MIN RM
SIZE RO TYPE
8:0
0 465.8G 0 disk
8:1
0
243M 0 part
8:2
0
1K 0 part
8:5
0 465.5G 0 part
252:0
0 465.5G 0 crypt
252:1
0 457.9G 0 lvm
252:2
0
7.6G 0 lvm
8:16
1 14.6G 0 disk
8:17
1
7.3G 0 part
8:18
1
7.3G 0 part
11:0
1 1024M 0 rom
MOUNTPOINT
/boot
/
[SWAP]
Note that the USB Stick is /dev/sdb1. Run the fdisk utility to edit the partition table. If the
existing drive was created with GUID Partition Table (GPT) layout of the partition table on the
disk instead of Master Boot Record (MBR) then the gparted utility must be used.
WARNING: GPT (GUID Partition Table) detected on '/dev/sdb'! The util fdisk
doesn't support GPT. Use GNU Parted.
Command (m for help):
Install gparted.
$ sudo apt-get gparted
$ sudo gparted /dev/sdb
60
Diarmuid Briain
gparted is a graphical utility, for command-line equivalent use parted.

GNU Parted 2.3
Using /dev/sdb
(parted)
The print command shows the existing partitions on the drive.

(parted) print
Number
1
Start
1049kB
End
16.0GB
Size
16.0GB
File system
ext4
Name
Flags
Linux file-system
(parted) rm 1
Warning: Partition /dev/sdb1 is being used. Are you sure you want to continue?
Yes/No? Yes
Error: Partition(s) 1 on /dev/sdb have been written, but we have been unable to
inform the kernel of the change, probably because it/they are in use. As a
result, the old partition(s) will remain in use. You should reboot now before
making further changes.
Ignore/Cancel? Ignore
(parted) quit
Information: You may need to update /etc/fstab.
Umount the partition /dev/sdb1 and reload by removing the USB drive and plugging it back in.
Now print the partition table for /dev/sdb and you will see the table is empty.
$ sudo umount /dev/sdb1
GNU Parted 2.3
Using /dev/sdb
(parted) print
Number
Start
End
Size
File system
Name
Flags
(parted)
Create two partitions of roughly equal size.

(parted) print
Number
1
2
Start
1049kB
8193MB
End
8193MB
15.0GB
Size
8191MB
6807MB
File system
ext4
Name
primary
primary
Flags
(parted) exit
Diarmuid Briain
61
Check the new partitions.

$ cat /proc/partitions |
8
16
15633408
8
17
7999488
8
18
6647808
grep sdb
sdb
sdb1
sdb2
Make an ext4 file-system on /dev/sdb1.

$ sudo mkfs.ext4 /dev/sdb1
mke2fs 1.42.9 (4-Feb-2014)
file-system label=
OS type: Linux
First data block=0
Maximum file-system blocks=2051014656
62 block groups
32768, 98304, 163840, 229376, 294912, 819200, 884736, 1605632
Writing superblocks and file-system accounting information:
Make a FAT32 (vfat) file-system on /dev/sdb2.

$ sudo mkfs.fat /dev/sdb2
mkfs.fat 3.0.26 (2014-03-07)
Display new partitions.

$ sudo gparted /dev/sdb
62
Diarmuid Briain

GNU Parted 2.3
Using /dev/sdb
(parted) print
Number
1
2
Start
1049kB
8193MB
End
8193MB
15.0GB
Size
8191MB
6807MB
File system
ext4
fat32
Name
primary
primary
Flags
3.6.1. Encrypt a partition

Starting with a standard partition of type ext4.
$ mkfs.ext4 /dev/sdb1
Using Linux Unified Key Setup (LUKS) as the standard for disk encryption on Linux.
luksFormat initialises a LUKS partition and sets the initial passphrase.
$ sudo cryptsetup luksFormat /dev/sdb1
WARNING!
========
This will overwrite data on /dev/sdb1 irrevocably.
Are you sure? (Type uppercase yes): YES
Enter passphrase: secret
Verify passphrase: secret
luksOpen opens the LUKS device and sets up a mapping to a given name (i.e. secret-disk)
after successful verification of the supplied passphrase.
$ sudo cryptsetup luksOpen /dev/sdb1 secret-disk
Enter passphrase for /dev/sdb1: secret
The file /etc/crypttab contains descriptive information about encrypted filesystems. crypttab
is only read by programs like cryptdisks_start and cryptdisks_stop.
$ sudo vi /etc/crypttab
# <target name> <source device>
secret-disk
<key file>
<options>
/dev/sdb1
Note: The device can be referred to as /dev/sdb or /dev/mapper/secret-disk.
Diarmuid Briain
63
Make a filesystem on the new encrypted partition.

$ sudo mkfs.ext4 /dev/sdb1
mke2fs 1.42.9 (4-Feb-2014)
Filesystem label=
OS type: Linux
First data block=0
Maximum filesystem blocks=2000683008
60 block groups
32768, 98304, 163840, 229376, 294912, 819200, 884736, 1605632
Writing superblocks and filesystem accounting information: done
Make a mount point.

$ sudo mkdir /mnt/secret
Add to the /etc/fstab file.

$ sudo vi /etc/fstab
# Secret Disk
/dev/mapper/secret-disk
/mnt/secret
ext4
defaults
Mount the filesystems in the /etc/fstab.

$ sudo mount -a
Confirm.
$ df -h | grep secret
64
7.3G
17M
6.9G
1% /mnt/secret
Diarmuid Briain
3.7. Mounting file-systems automatically at boot time

For this example the USB Stick created earlier will be mounted automatically at boot time.
Clear the dmesg log.
$ sudo dmesg clear
Plug in the USB Stick and then run dmesg.

$ dmesg
[ 7574.595004] usb 1-1.2: new high-speed USB device number 7 using ehci-pci
[ 7574.688531] usb 1-1.2: New USB device found, idVendor=0781, idProduct=556c
[ 7574.688536] usb 1-1.2: New USB device strings: Mfr=1, Product=2,
SerialNumber=3
[ 7574.688539] usb 1-1.2: Product: Ultra
[ 7574.688542] usb 1-1.2: Manufacturer: SanDisk
[ 7574.688544] usb 1-1.2: SerialNumber: 20051535821900D271F3
[ 7574.688966] usb-storage 1-1.2:1.0: USB Mass Storage device detected
[ 7574.689214] scsi7 : usb-storage 1-1.2:1.0
[ 7575.687130] scsi 7:0:0:0: Direct-Access
SanDisk Ultra
1.26
PQ: 0 ANSI: 5
[ 7575.687636] sd 7:0:0:0: Attached scsi generic sg2 type 0
[ 7575.689238] sd 7:0:0:0: [sdb] 31266816 512-byte logical blocks: (16.0 GB/14.9
GiB)
[ 7575.690942] sd 7:0:0:0: [sdb] Write Protect is off
[ 7575.690945] sd 7:0:0:0: [sdb] Mode Sense: 43 00 00 00
[ 7575.692903] sd 7:0:0:0: [sdb] Write cache: disabled, read cache: enabled,
[ 7575.717239] sdb: sdb1 sdb2
[ 7575.721558] sd 7:0:0:0: [sdb] Attached SCSI removable disk
[ 7576.079960] FAT-fs (sdb2): Volume was not properly unmounted. Some data may
[ 7576.116953] EXT4-fs (sdb1): recovery complete
[ 7576.125055] EXT4-fs (sdb1): mounted file-system with ordered data mode. Opts:
(null)
This confirms the device is /dev/sdb. Now check the partition table with parted.
GNU Parted 2.3
Using /dev/sdb
(parted) print
Number
1
2
Start
1049kB
8193MB
End
8193MB
15.0GB
Size
8191MB
6807MB
File system
ext4
fat32
Name
primary
primary
Flags
Two partitions /dev/sdb1, the ext4 partition and /dev/sdb2 the FAT32 (vfat) partition exist.
Create directories as points in the file system to mount the partitions to.
$ sudo mkdir /mnt/ext4fs
$ sudo mkdir /mnt/fat32fs
Add entries to the /etc/fstab file to map these mounts.

$ sudo -s
Diarmuid Briain
65

# Add lines to mount /dev/sdb1 and /dev/sdb2 on boot
/dev/sdb1
/dev/sdb2
/mnt/ext4fs
/mnt/fat32fs
ext4
vfat
defaults,users
defaults,users
0
0
0
0
FSTAB
The users option permits users that are part of the disk group to mount and unmount the
drives.
$ sudo usermod -a -G disk lmenabrea
Now mount the two partitions with the mount command, which will read the entries in the
/etc/fstab directory.
$ mount /dev/sdb1
$ mount /dev/sdb2
$ mount | grep sdb
/dev/sdb1 on /mnt/ext4fs type ext4 (rw,noexec,nosuid,nodev)
/dev/sdb2 on /mnt/fat32fs type vfat (rw,noexec,nosuid,nodev)
Create a file on the mounted partition, confirm the file was created. umount the partition and
confirm file is gone. Remount again to see file is back.
$ echo "This is a test file on the ext4 partition." > /mnt/ext4fs/ext4-file.txt
$ ls /mnt/ext4fs/ | grep ext4-file.txt
ext4-file.txt
$ cat /mnt/ext4fs/ext4-file.txt
This is a test file on the ext4 partition.
$ umount /dev/sdb1
$ mount /dev/sdb1
ext4-file.txt
Reboot to confirm the partitions will mount automatically.

$ mount | grep sdb
/dev/sdb1 on /mnt/ext4fs type ext4 (rw,noexec,nosuid,nodev)
/dev/sdb2 on /mnt/fat32fs type vfat (rw,noexec,nosuid,nodev)
$ cat /mnt/ext4fs/ext4-file.txt
This is a test file on the ext4 partition.
Mounts occurred automatically and the file created on the mounted partition is accessible.
66
Diarmuid Briain
3.8.1. Encrypting a partition

Starting with a standard partition of type ext4.
$ mkfs.ext4 /dev/sdb1
Using Linux Unified Key Setup (LUKS) as the standard for disk encryption on Linux.
luksFormat initialises a LUKS partition and sets the initial passphrase.
$ sudo cryptsetup luksFormat /dev/sdb1
WARNING!
========
This will overwrite data on /dev/sdb1 irrevocably.
Are you sure? (Type uppercase yes): YES
Enter passphrase: secret
Verify passphrase: secret
luksOpen opens the LUKS device and sets up a mapping to a given name (i.e. secretdisk) after successful verification of the supplied passphrase.
$ sudo cryptsetup luksOpen /dev/sdb1 secret-disk
Enter passphrase for /dev/sdb1: secret
The file /etc/crypttab contains descriptive information about encrypted filesystems. crypttab
is only read by programs like cryptdisks_start and cryptdisks_stop.
$ sudo vi /etc/crypttab
# <target name> <source device>
secret-disk
<key file>
<options>
/dev/sdb1
Make a filesystem on the new encrypted partation.

$ sudo mkfs -t ext4 /dev/mapper/secret-disk
mke2fs 1.42.9 (4-Feb-2014)
Filesystem label=
OS type: Linux
First data block=0
Maximum filesystem blocks=2000683008
60 block groups
32768, 98304, 163840, 229376, 294912, 819200, 884736, 1605632
Writing superblocks and filesystem accounting information: done
Diarmuid Briain
67
Make a mount point.

$ sudo mkdir /mnt/secret
Add to the /etc/fstab file.

$ sudo -s
# mkdir /mnt/library
# echo -e "\n# /Mount to linux1.obriain.com:/library" >> /etc/fstab
# echo -e "/dev/mapper/secret-disk\t/mnt/secret\text4\tdefaults\t1\t2" >>
/etc/fstab
Mount the filesystems in the /etc/fstab.

$ sudo mount -a
Confirm the new encrypted partition is available.

$ df -h | grep secret
7.3G
17M
6.9G
1% /mnt/secret
If the computer reboots, during the reboot the user will be presented with:
Passphrase: secret
3.8. Mounting networked file-systems

3.8.1. Install Network File System (NFS)
3.8.1.1. What is NFS
NFS is a Client/Server solution that offers the ability to share the resources of a server with
many clients. It is also possible to have clients without hard-drives and they mount a virtual
hard-drive on a remote NFS Server. In this way all files are stored on the NFS Server.
68
Diarmuid Briain
3.8.1.2. NFS Server

Create /library on the Server
linux1:~$ mkdir library
linux1:~$ sudo ln -s /home/lmenabrea/library /library
linux1:~$ echo "This is a test file" > /library/testfile
Install NFS on the Server

Install the following packages on the NFS Server.
linux1:~$ sudo apt-get install nfs-kernel-server nfs-common rpcbind
Add domain to idmapd.conf

Under the line #Domain = localdomain add the domain name.
linux1:~$ vi /etc/idmapd.conf
...
Domain = obriain.com
Confirm connectivity with the Client

$ ping -c1 linux2.obriain.com
PING linux2.obriain.com (78.143.141.205) 56(84) bytes of data.
64 bytes from 78.143.141.205: icmp_req=1 ttl=61 time=5.51 ms
--- linux2.obriain.com ping statistics --1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 5.519/5.519/5.519/0.000 ms
Configure the NFS Server

NFS exports are configured in the file /etc/exports. Each line begins with the absolute
path of the directory to be exported, followed by a space separated list of allowed clients and
their associated options. In this case the options are:
Option
Description
rw
Allow both read and write requests on this NFS volume.
sync
Reply to requests only after the changes have been committed to stable storage.
no_subtree_check
This disables subtree checking, which has mild security implications, but can improve
reliability.
linux1:~$ sudo -s
linux1:~# echo -e "\n# /library access" >> /etc/exports
linux1:~# echo "/library linux.obriain.com(rw,sync,fsid=0,no_subtree_check)"
>> /etc/exports
linux1:~# service nfs-kernel-server start
[ ok ] Exporting directories for NFS kernel daemon....
[ ok ] Starting NFS kernel daemon: nfsd mountd.
Diarmuid Briain
69

linux1:~# exportfs -a
linux1:~# exit
3.8.1.3. NFS Client

Confirm connectivity with the NFS Server
linux2:~$ ping -c1 linux1.obriain.com
PING linux1.obriain.com (109.106.96.158) 56(84) bytes of data.
64 bytes from 109.106.96.158: icmp_req=1 ttl=62 time=8.12 ms
--- linux1.obriain.com ping statistics --1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 8.122/8.122/8.122/0.000 ms
Install NFS on the Client

Install the following packages for a Debian GNU/Linux NFS client.
linux2:~$ sudo apt-get install nfs-common rpcbind
Add domain to idmapd.conf

As on the Server add the shared Domain name.
linux1:~$ vi /etc/idmapd.conf
...
Domain = obriain.com
...
linux1:~$ sudo /etc/init.d/nfs-common restart
Setup mount in /etc/fstab file

Add an entry in the /etc/fstab file that mounts the remote NFS Server export to a local directory
/mnt/library. Establish a number of options to allow user Read/Write (rw) access and the NO
Set owner User ID (nosuid) option to block the operation of suid, and sgid bits being
transferred from files on the NFS Server. Initially using the verbose -v option switch with the
mount command highlights any potential problems that may exist.
linux2:~$ sudo -s
linux2:~# mkdir /mnt/library
linux2:~# echo -e "\n# /Mount to linux1.obriain.com:/library" >> /etc/fstab
linux2:~# echo -e
"linux1.obriain.com:/library\t/mnt/library\tnfs\tuser,rw,nosuid\t0\t0" >>
/etc/fstab
70
Diarmuid Briain

linux2:~# mount -v linux1.obriain.com:/library
mount.nfs: timeout set for Tue May 27 20:06:59 2014
mount.nfs: trying text-based options
'vers=4,addr=109.106.96.158,clientaddr=78.143.141.205'
mount.nfs: mount(2): No such file or directory
mount.nfs: trying text-based options 'addr=109.106.96.158'
mount.nfs: prog 100003, trying vers=3, prot=6
mount.nfs: trying 109.106.96.158 prog 100003 vers 3 prot TCP port 2049
mount.nfs: prog 100005, trying vers=3, prot=17
mount.nfs: trying 109.106.96.158 prog 100005 vers 3 prot UDP port 37778
Users and Groups

It is essential that users have the same User ID (UID) and Group ID (GID) at each side as NFS
uses the ID numbers to implement permissions. In the example below note that the permissions
in both cases are UID=1001 and GID=1001.
NFS Server
linux1:~$ id
uid=1001(lmenabrea) gid=1001(lmenabrea) groups=1001(lmenabrea)
NFS Client
linux2:~$ id
uid=1001(lmenabrea) gid=1001(lmenabrea) groups=1001(lmenabrea)
3.8.1.4. Testing the NFS Setup

Confirm a successful mount.
linux2:~$ df -h | grep library
linux1.obriain.com:/library
29G
3.3G
24G
13% /mnt/library
Create a file on the NFS Share from the Client, use the user lmenabrea.
linux2:~$ echo "This is a client side write test" > /mnt/library/clienttestfile
linux2:~$ cat /mnt/library/clienttestfile
This is a client side write test
Check the file in the /library directory on the Server and create a server side file for test with
the user lmenabrea.
linux1:~$ cat /library/clienttestfile
This is a client side write test
linux1:~$ echo "This is a Server side write test" > /library/servertestfile
linux1:~$ cat /library/servertestfile
This is a Server side write test
Diarmuid Briain
71
Check the servertestfile on the NFS Client from the lmenabrea user.
linux2:~$ cat /mnt/library/servertestfile
This is a Server side write test
3.9. Partitioning storage devices

3.10. Troubleshooting file-system issues
The fsck utility is used to check a file-system health and should only be run against an
unmounted file-system to check for possible issues.
The exit code returned by fsck is the sum of the following conditions:
Exit code
Meaning
No errors
file-system errors corrected
System should be rebooted
file-system errors left uncorrected
Operational error
16
Usage or syntax error
32
Fsck canceled by user request
128
Shared-library error
Check the EXT4 file-system on /dev/sdb1 partition. Note the echo $? gives the exit status for
the previous command.
$ fsck.ext4 /dev/sdb1
e2fsck 1.42.9 (4-Feb-2014)
/dev/sdb1: clean, 13/499968 files, 68558/1999872 blocks
$ echo $?
0
Check the FAT32 file-system on /dev/sdb2 partition. echo $? returns an exit status of 0.
$ fsck.vfat /dev/sdb2
fsck.fat 3.0.26 (2014-03-07)
/dev/sdb2: 1 files, 1/1658708 clusters
$ echo $?
0
72
Diarmuid Briain
If a file-system has not been cleanly unmounted, the system detects a dirty bit on the filesystem during the next bootup and starts a check. fsck will detect any errors on the file-system
and attempt to fix. You should not interrupt this repair process. If an empty forcefsck file is
created in the root of the root file-system. file-systems that have > 0 specified in the sixth
column of the /etc/fstab will be checked. 0 means do not check. In the case of the extract of
/etc/fstab below, /dev/sdb1 would be checked, however /dev/sdb2 would not.
$ sudo touch /forcefsck
(Extract from /dev/fstab)
# <file system> <mount point>
<type> <options>
/dev/sdb1
/mnt/ext4fs
ext4
defaults
/dev/sdb2
/mnt/fat32fs
vfat
defaults
Diarmuid Briain
<dump>
0
0
<pass>
1
0
73
74
Diarmuid Briain
4. Local security
4.1. Accessing the root account
Substitute User (su) is command is used to change a login session's owner. In this example
the login session of lmenabrea has the ownership of the session change to Ada Lovelace
alovelace.
$ whoami
lmenabrea
$ su alovelace
Password: maths
:/home> whoami
alovelace
:/home> echo $PATH
/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/
games
In this case Ada Lovelace will maintain the current directory and the environmental variables of
the original user rather than switching to her own account directory and environment variables.
To switch and change the current directory and environmental variables a - is required. To
demonstrate, note the different $PATH values.
$ whoami
lmenabrea
Change to Ada Lovelace account. Trying with and without the '-' or a '-l' switch. Using either of
these switch options provide an environment similar to what the user would expect had the
user logged in directly. This can be seen by noting the $PATH assigned after login.
$ su alovelace
Password: maths
:~> whoami
alovelace
:~> echo $PATH
/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/
local/games
:~> echo $HOME
/home/alovelace
$ su - alovelace
Password: maths
:~% whoami
alovelace
:~% echo $PATH
/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games
:~% echo $HOME
/home/alovelace
Diarmuid Briain
75
To change to the root user with Super User privileges. Again note the difference when a '-' or 'l' is used.
$ su
Password: root-pass
~ # whoami
root
$ echo $PATH
/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/
local/games
# echo $HOME
/root
$ su Password: root-pass
~ # whoami
root
~ # echo $PATH
/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
~ # echo $HOME
/root
4.2. Using sudo to manage access to the root account

SuperUser Do (sudo) is a program used to execute a command as another user. It allows
users to run programs with the security privileges of another user (typically the superuser, or
root).
Looking at a new iteration of the hello.sh script used earlier. Note that it is owned by
alovelace and group rights are with the babbage group. Therefore any attempt by
lmenabrea to run the script fails.
$ cat hello.sh
#!/bin/bash
echo "Hello World"
while :
do
echo "Press [CTRL+C] to stop.."q
sleep 1
done
-rwxr-xr-- 1 alovelace babbage
$ ./hello.sh
-bash: ./hello.sh: Permission denied
76
Diarmuid Briain
Now run with sudo, you can see that the process is actually ran by the user root.
$ sudo ./hello.sh
Hello World
Press [CTRL+C] to stop..
root
6248
6247
0 01:00 pts/7
00:00:00 /bin/bash ./hello.sh
Now try running it as alovelace or the group babbage using sudo. In the latter case the script
is ran by lmenabrea and is allowed because the sudo was supplied the group babbage and
lmenabrea is in the sudo group.
$ sudo -u alovelace ./hello.sh
Hello World
alovela+
6130
6129
$ sudo -g babbage
Hello World
Press [CTRL+C] to
Press [CTRL+C] to
Press [CTRL+C] to
lmenabrea
6402
0 00:58 pts/7
./hello.sh
stop..
stop..
stop..
6401
0 01:02 pts/7
4.2.1. Who can sudo ?

The sudo policy is configured in the /etc/sudoers file. This is responsible for defining which
users have privileges to use sudo.
This file also has an includedir that reads in all files in the /etc/sudoers.d directory and it is
expected that files be added instead of editing the /etc/sudoers file directly. It has three
important lines that give the user root and the users in the admin and sudo groups rights to
sudo access.
root
ALL=(ALL:ALL) ALL
%admin
ALL=(ALL) ALL
%sudo
ALL=(ALL:ALL) ALL
Diarmuid Briain
77
The easiest way to give a user sudo rights is to add them to the sudo group. In this example
Ada Lovelace is added to the sudo group and given sudo privileges. (It is possible to directly
edit the /etc/group file either).
$ cat /etc/group | grep ^sudo
sudo:x:27:lmenabrea
$ sudo usermod -a -G sudo alovelace
$ cat /etc/group | grep ^sudo
sudo:x:27:lmenabrea,alovelace
4.2.2. root from sudo

It is possible to get full root privileges using sudo with the -s switch. This is identical to the su
command except the root password is not necessary.
$ sudo -s
# whoami
root
78
Diarmuid Briain
5. Shell scripting
5.1. Basic bash shell scripting
5.1.1. Hello world
#!/bin/bash
echo "Hello World"
5.1.2. Getting input

#!/bin/bash
# Interactive reading of variables
echo "ENTER YOUR NAME"
read sname
# Display of variable values
echo $sname
5.1.3. Basic Syntax and Special Characters

Character
Description
Used to add a comment, except when used as \#, or as #! when starting a script
Used at the end of a line to indicate continuation on to the next line
Used to interpret what follows as a new command
Indicates what follows is a variable
5.1.4. Functions
display () {
echo "This is a sample function"
}
5.1.5. Command Substitution

By enclosing the inner command with backticks (`) or by enclosing the inner command in $( ) .
#!/bin/bash
ls /lib/modules/`uname -r`
echo; printf '*%.0s' {1..20}; echo
ls /lib/modules/$(uname -r)
echo
Diarmuid Briain
79

$ ./cmd_sub.sh
build kernel
modules.alias.bin modules.builtin.bin
modules.order
modules.symbols
updates
initrd
modules.alias modules.builtin
modules.dep
modules.devname modules.softdep modules.symbols.bin
********************
build kernel
modules.alias.bin modules.builtin.bin
modules.order
modules.symbols
updates
initrd
modules.alias modules.builtin
modules.dep
modules.devname modules.softdep modules.symbols.bin
modules.dep.bin
modules.dep.bin
5.1.6. Environment Variables

#!/bin/bash
DIDDLY=pink
echo "My teddybear is $DIDDLY"
$ ./pink.sh
My teddybear is pink
5.1.7. Exporting Variables

Variables created within a script are available only to the subsequent steps of that script. Any
child processes (sub-shells) do not have automatic access to the values of these variables.
export VAR=value
or
VAR=value ; export VAR
5.1.8. Script Parameters

Parameter
Meaning
$0
Script name
$1
First parameter
$2, $3, etc.
Second, third parameter, etc.
$*
All parameters
$#
Number of arguments
5.1.9. Redirection
$ wc -l syslog.pdf
1721 syslog.pdf
$ wc -l < syslog.pdf
1721
80
Diarmuid Briain
5.1.10. if statement
if TEST-COMMANDS; then CONSEQUENT-COMMANDS; fi
A more general definition is:

if condition
then
statements
else
statements
fi
i.e.
$ cat if.sh
#!/bin/bash
echo -n "ENTER A NUMBER: "
read number
if [ $number -eq 10 ]
then
echo 'It is 10'
else
echo 'It is not 10'
fi
$ ./if.sh
ENTER A NUMBER: 10
It is 10
$ ./if.sh
ENTER A NUMBER: 11
It is not 10
5.1.11. elif statement

if condition
then
statements
else
statements
fi
Diarmuid Briain
81
i.e.
$ cat elif.sh
#!/bin/bash
echo -n "ENTER A NUMBER: "
read number
if [ $number -eq 10 ]
then
echo 'It is 10'
elif [ $number -eq 11 ]
then
echo 'It is 11'
else
echo 'It is not 10 or 11'
fi
$ ./elif.sh
ENTER A NUMBER: 10
It is 10
$ ./elif.sh
ENTER A NUMBER: 11
It is 11
$ ./elif.sh
ENTER A NUMBER: 12
It is not 10 or 11
5.1.11.1. Using 'if' to test for files

if [ -f filename ]
Condition
82
Meaning
-e file
Check if the file exists.
-d file
Check if the file is a directory.
-f file
Check if the file is a regular file.
-s file
Check if the file is of non-zero size.
-g file
Check if the file has sgid set.
-u file
Check if the file has suid set.
-r file
Check if the file is readable.
-w file
Check if the file is writeable.
-x file
Check if the file is executable.
Diarmuid Briain
5.1.12. Comparison Operators

5.1.12.1. Numerical tests
Operator
Meaning
-eq
Equal to.
-ne
Not equal to.
-gt
Greater than.
-lt
Less than.
-ge
Greater than or equal to.
-le
Less than or equal to.
5.1.12.2. String tests

Operator
Meaning
==
Is equal to.
!=
Is not equal to.
-z
String is null.
-n
String is not null.
if [ string1 == string2 ] ; then

ACTION
fi
5.1.13. Arithmetic Expressions

expr 8 + 8
echo $(expr 8 + 8)
Using the $((...)) syntax: This is the built-in shell format. The syntax is as follows:
echo $((x+1))
Using the built-in shell command let. The syntax is as follows:

let x=( 1 + 2 ); echo $x
5.1.14. Strings
5.1.14.1. Length of a String
myLen1=${#mystring1}
Saves the length of mystring1 in the variable myLen1.
Diarmuid Briain
83
5.1.14.2. Parts of a string

${string:0:1}
Here 0 is the offset in the string (i.e., which character to begin from) where the extraction needs
to start and 1 is the number of characters to be extracted.
${string#*.}
To extract all characters in a string after a dot (.).
5.1.15. Boolean Expressions

Operator
Operation
Meaning
&&
AND
The action will be performed only if both the conditions evaluate to true.
||
OR
The action will be performed if any one of the conditions evaluate to

true.
NOT
The action will be performed only if the condition evaluates to false.
5.1.16. CASE statement

case expression in
pattern1) execute
pattern2) execute
pattern3) execute
pattern4) execute
* )
execute
esac
commands;;
commands;;
commands;;
commands;;
some default commands or nothing ;;
Example:
#!/bin/bash
echo "ENTER a number between 1 & 5"
read numb
case $numb in
1 ) echo "you selected 1";;
* ) echo "you cheated !! ";;
esac
84
Diarmuid Briain
5.1.17. Looping Constructs

5.1.17.1. for
#!/bin/bash
num=0
end=15
for i in 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
do
num=$(($num+$i))
done
echo "The sum of $end numbers is $num "
num=0
for i in {1..15}
do
num=$(($num+$i))
done
num=0
for (( j=$num; j<=$end; j++ ))
do
num=$(($num+$j))
done
5.1.17.2. while
#!/bin/bash
num=0
end=15
while [ $num -lt $end ]
do
echo "$num is less than $end"
((num++))
done
echo "$num = $end"
5.1.17.3. until
#!/bin/bash
num=0
end=15
until [ $num -eq $end ]
do
echo "$num is less than $end"
((num++))
done
echo "$num = $end"
Diarmuid Briain
85
5.1.18. Script Debugging

#!/bin/bash -xv
set -x
activate debugging from here.
cmd
Command or command block to be monitored.
set +x
stop debugging from here.
5.1.19. Redirecting Errors to File and Screen

File stream
Description
File Descriptor
Standard Input, by default the keyboard/terminal for

programs run from the command line
stdout
Standard output, by default the screen for programs run

from the command line
stderr
Standard error, where output error messages are shown or

saved
stdin
5.1.20. Creating Temporary Files and Directories

Command
Usage
TEMP=$(mktemp /tmp/tempfile.XXXXXXXX)
To create a temporary file
TEMPDIR=$(mktemp -d /tmp/tempdir.XXXXXXXX)
To create a temporary directory
$ mktemp passwdXXXX
passwdU9t3
$ mktemp -d passwdXXXX
passwdSjnH
$ ls -l |grep pass
drwx------ 2 lmenabrea lmenabrea
-rw------- 1 lmenabrea lmenabrea
4096 Oct
0 Oct
1 17:49 passwdSjnH
1 17:49 passwdU9t3
5.1.21. Discarding Output with /dev/null

/dev/null the bit bucket or black hole.
86
Diarmuid Briain
5.1.22. Random Numbers and Data

$ echo $RANDOM
3679
$ echo $RANDOM
394
$ echo $RANDOM
16847
$ echo $RANDOM
7609
random, urandom
kernel random number source devices.
$ head -c 1M < /dev/urandom > ~/Desktop/random.data.1M

$ ls -l ~/Desktop/random.data.1M
-rw-r--r-- 1 lmenabrea lmenabrea 1048576 Oct
/home/lmenabrea/Desktop/random.data.1M
1 19:01
$ cat ~/Desktop/random.data.1M
RI;HlX0
VRs.Kes42"MEFebE+)&}D*
IG4FQw
#EfN6ySO\`;;
<}X"IFJo_mVu(vCGH 9XK=rdD`&>t4\.\:7k?
x.RO}+zX8c4NPx55 jE|}M4OrvFk-0
_9v`4=KAi{1S{E
WV=Z_ga'$U B/nGKu-"|4@#
5.1.23. Here Documents

A here document is a special-purpose code block. It uses a form of I/O redirection to feed a
command list to an interactive program or a command.
$ cat <<EOM
------------------------------------This is line 1 of the message.
This is line 2 of the message.
This is the last line of the message.
------------------------------------EOM
Diarmuid Briain
87
Using <<- instead of << suppresses leading tabs.

$ cat <<-EOM
------------------------------------EOM
Assign a here document to a variable.

#!/bin/bash
here_file=$(cat <<EOM
------------------------------------EOM
)
echo "Here is the document"; echo
echo "$here_file"
Using a here document as a comment block. Handy for troubleshooting.

: <<COMMENT
This will not be processed
by the bash interpretor.
COMMENT
88
Diarmuid Briain
6. Software management
6.1. Installing software packages
Software is installed on Debian based distributions using the APT utility. apt-cache is the tool
used to search for packages in the repositories while apt-get is the APT tool for handling
packages
aptget[options][command][package]
6.1.1. apt-get commands

Command
Meaning
update
used to resynchronise the package overview files from their sources.
upgrade
used to install the newest versions of all packages currently installed on the
system from the sources enumerated in /etc/apt/sources.list.
dist-upgrade
dist-upgrade, in addition to performing the function of upgrade, also

intelligently handles changing dependencies with new versions of packages.
install
install is followed by one or more packages desired for installation.
remove
to install except that packages are removed instead of installed.
check
Diagnostic tool; it updates the package cache and checks for broken
packages.
clean
clean clears out the local repository of retrieved package files.
6.1.2. Example
Find a package that acts as a sticky note for the desktop and install.
aptcachesearch<package>
$ apt-cache search sticky
knotes - sticky notes application
labrea - a "sticky" honeypot and IDS
rhinote - virtual sticky-notes for your desktop
xpad - sticky note application for X
$ sudo apt-get install xpad
Diarmuid Briain
89

$ xpad
90
Diarmuid Briain
7. Additional handy tools for exam

7.1. Using tmux
tmux is a terminal multiplexer: it enables a number of terminals to be created, accessed, and
controlled from a single screen. tmux may be detached from a screen and continue running in
the background, then later reattached.
7.1.1. Session Management

Shell command
Meaning
$ tmux new -s <session_name>
Creates a new tmux session named <session_name>
$ tmux attach -t <session_name>
Attaches to an existing tmux session named

<session_name>
$ tmux switch -t <session_name>
Switches to an existing session named <session_name>
$ tmux list-sessions
Lists existing tmux sessions
$ tmux detach (prefix + d)
Detach the currently attached session
7.1.2. Session commands

Keystroke
Meaning
<Ctrl-b>%
Split a window vertically
<Ctrl-b>"
Split the window horizontally
<Ctrl-b>x
Kill the current pane
<Ctrl-b> Up, Down, Right, Left
Move the cursor from one pane to the other
<Ctrl-b>;
If you want to go to the previously active pane
<Ctrl-b><Ctrl-o>
Rotate the panes
<Ctrl-b>x
Close the current pane
<Ctrl-b>[
Scroll within a pane (use q to exit this mode)
<Ctrl-b>{
Swap the current pane with the previous pane
<Ctrl-b>}
Swap the current pane with the next pane
tmux is handy for the examination to create multiple shell panes.
Diarmuid Briain
91
7.2. Calculator
bc is a command-line calculator.
$ bc
bc 1.06.95
Copyright 1991-1994, 1997, 1998, 2000, 2004, 2006 Free Software Foundation, Inc.
This is free software with ABSOLUTELY NO WARRANTY.
For details type `warranty'.
34*4
136
23+45
68
10/5
2
66-6
60
quit
92
Diarmuid Briain
GNU Free Documentation License

Version 1.3, 3 November 2008
Copyright 2000, 2001, 2002, 2007, 2008 Free Software Foundation, Inc. <http://fsf.org/>
Everyone is permitted to copy and distribute verbatim copies of this license document, but
changing it is not allowed.
0. PREAMBLE
The purpose of this License is to make a manual, textbook, or other functional and useful
document "free" in the sense of freedom: to assure everyone the effective freedom to copy and
redistribute it, with or without modifying it, either commercially or noncommercially.
Secondarily, this License preserves for the author and publisher a way to get credit for their
work, while not being considered responsible for modifications made by others.
This License is a kind of "copyleft", which means that derivative works of the document must
themselves be free in the same sense. It complements the GNU General Public License, which
is a copyleft license designed for free software.
We have designed this License in order to use it for manuals for free software, because free
software needs free documentation: a free program should come with manuals providing the
same freedoms that the software does. But this License is not limited to software manuals; it
can be used for any textual work, regardless of subject matter or whether it is published as a
printed book. We recommend this License principally for works whose purpose is instruction or
reference.
1. APPLICABILITY AND DEFINITIONS

This License applies to any manual or other work, in any medium, that contains a notice placed
by the copyright holder saying it can be distributed under the terms of this License. Such a
notice grants a world-wide, royalty-free license, unlimited in duration, to use that work under
the conditions stated herein. The "Document", below, refers to any such manual or work. Any
member of the public is a licensee, and is addressed as "you". You accept the license if you
copy, modify or distribute the work in a way requiring permission under copyright law.
A "Modified Version" of the Document means any work containing the Document or a portion of
it, either copied verbatim, or with modifications and/or translated into another language.
A "Secondary Section" is a named appendix or a front-matter section of the Document that
deals exclusively with the relationship of the publishers or authors of the Document to the
Document's overall subject (or to related matters) and contains nothing that could fall directly
within that overall subject. (Thus, if the Document is in part a textbook of mathematics, a
Secondary Section may not explain any mathematics.) The relationship could be a matter of
historical connection with the subject or with related matters, or of legal, commercial,
philosophical, ethical or political position regarding them.
The "Invariant Sections" are certain Secondary Sections whose titles are designated, as being
Diarmuid Briain
93
those of Invariant Sections, in the notice that says that the Document is released under this
License. If a section does not fit the above definition of Secondary then it is not allowed to be
designated as Invariant. The Document may contain zero Invariant Sections. If the Document
does not identify any Invariant Sections then there are none.
The "Cover Texts" are certain short passages of text that are listed, as Front-Cover Texts or
Back-Cover Texts, in the notice that says that the Document is released under this License. A
Front-Cover Text may be at most 5 words, and a Back-Cover Text may be at most 25 words.
A "Transparent" copy of the Document means a machine-readable copy, represented in a
format whose specification is available to the general public, that is suitable for revising the
document straightforwardly with generic text editors or (for images composed of pixels) generic
paint programs or (for drawings) some widely available drawing editor, and that is suitable for
input to text formatters or for automatic translation to a variety of formats suitable for input to
text formatters. A copy made in an otherwise Transparent file format whose markup, or
absence of markup, has been arranged to thwart or discourage subsequent modification by
readers is not Transparent. An image format is not Transparent if used for any substantial
amount of text. A copy that is not "Transparent" is called "Opaque".
Examples of suitable formats for Transparent copies include plain ASCII without markup,
Texinfo input format, LaTeX input format, SGML or XML using a publicly available DTD, and
standard-conforming simple HTML, PostScript or PDF designed for human modification.
Examples of transparent image formats include PNG, XCF and JPG. Opaque formats include
proprietary formats that can be read and edited only by proprietary word processors, SGML or
XML for which the DTD and/or processing tools are not generally available, and the machinegenerated HTML, PostScript or PDF produced by some word processors for output purposes
only.
The "Title Page" means, for a printed book, the title page itself, plus such following pages as
are needed to hold, legibly, the material this License requires to appear in the title page. For
works in formats which do not have any title page as such, "Title Page" means the text near the
most prominent appearance of the work's title, preceding the beginning of the body of the text.
The "publisher" means any person or entity that distributes copies of the Document to the
public.
A section "Entitled XYZ" means a named subunit of the Document whose title either is precisely
XYZ or contains XYZ in parentheses following text that translates XYZ in another language.
(Here XYZ stands for a specific section name mentioned below, such as "Acknowledgements",
"Dedications", "Endorsements", or "History".) To "Preserve the Title" of such a section when
you modify the Document means that it remains a section "Entitled XYZ" according to this
definition.
The Document may include Warranty Disclaimers next to the notice which states that this
License applies to the Document. These Warranty Disclaimers are considered to be included
by reference in this License, but only as regards disclaiming warranties: any other implication
that these Warranty Disclaimers may have is void and has no effect on the meaning of this
License.
94
Diarmuid Briain
2. VERBATIM COPYING
You may copy and distribute the Document in any medium, either commercially or
noncommercially, provided that this License, the copyright notices, and the license notice
saying this License applies to the Document are reproduced in all copies, and that you add no
other conditions whatsoever to those of this License. You may not use technical measures to
obstruct or control the reading or further copying of the copies you make or distribute.
However, you may accept compensation in exchange for copies. If you distribute a large
enough number of copies you must also follow the conditions in section 3.
You may also lend copies, under the same conditions stated above, and you may publicly
display copies.
3. COPYING IN QUANTITY
If you publish printed copies (or copies in media that commonly have printed covers) of the
Document, numbering more than 100, and the Document's license notice requires Cover Texts,
you must enclose the copies in covers that carry, clearly and legibly, all these Cover Texts:
Front-Cover Texts on the front cover, and Back-Cover Texts on the back cover. Both covers
must also clearly and legibly identify you as the publisher of these copies. The front cover must
present the full title with all words of the title equally prominent and visible. You may add other
material on the covers in addition. Copying with changes limited to the covers, as long as they
preserve the title of the Document and satisfy these conditions, can be treated as verbatim
copying in other respects.
If the required texts for either cover are too voluminous to fit legibly, you should put the first
ones listed (as many as fit reasonably) on the actual cover, and continue the rest onto adjacent
pages.
If you publish or distribute Opaque copies of the Document numbering more than 100, you
must either include a machine-readable Transparent copy along with each Opaque copy, or
state in or with each Opaque copy a computer-network location from which the general
network-using public has access to download using public-standard network protocols a
complete Transparent copy of the Document, free of added material. If you use the latter
option, you must take reasonably prudent steps, when you begin distribution of Opaque copies
in quantity, to ensure that this Transparent copy will remain thus accessible at the stated
location until at least one year after the last time you distribute an Opaque copy (directly or
through your agents or retailers) of that edition to the public.
It is requested, but not required, that you contact the authors of the Document well before
redistributing any large number of copies, to give them a chance to provide you with an
updated version of the Document.
4. MODIFICATIONS
You may copy and distribute a Modified Version of the Document under the conditions of
sections 2 and 3 above, provided that you release the Modified Version under precisely this
License, with the Modified Version filling the role of the Document, thus licensing distribution
and modification of the Modified Version to whoever possesses a copy of it. In addition, you
must do these things in the Modified Version:
Diarmuid Briain
95
A. Use in the Title Page (and on the covers, if any) a title distinct from that of the
Document, and from those of previous versions (which should, if there were any, be
listed in the History section of the Document). You may use the same title as a previous
version if the original publisher of that version gives permission.
B. List on the Title Page, as authors, one or more persons or entities responsible for
authorship of the modifications in the Modified Version, together with at least five of the
principal authors of the Document (all of its principal authors, if it has fewer than five),
unless they release you from this requirement.
C. State on the Title page the name of the publisher of the Modified Version, as the
publisher.
D. Preserve all the copyright notices of the Document.
E. Add an appropriate copyright notice for your modifications adjacent to the other
copyright notices.
F. Include, immediately after the copyright notices, a license notice giving the public
permission to use the Modified Version under the terms of this License, in the form
shown in the Addendum below.
G. Preserve in that license notice the full lists of Invariant Sections and required Cover
Texts given in the Document's license notice.
H. Include an unaltered copy of this License.
I. Preserve the section Entitled "History", Preserve its Title, and add to it an item stating
at least the title, year, new authors, and publisher of the Modified Version as given on
the Title Page. If there is no section Entitled "History" in the Document, create one
stating the title, year, authors, and publisher of the Document as given on its Title Page,
then add an item describing the Modified Version as stated in the previous sentence.
J. Preserve the network location, if any, given in the Document for public access to a
Transparent copy of the Document, and likewise the network locations given in the
Document for previous versions it was based on. These may be placed in the "History"
section. You may omit a network location for a work that was published at least four
years before the Document itself, or if the original publisher of the version it refers to
gives permission.
K. For any section Entitled "Acknowledgements" or "Dedications", Preserve the Title of

the section, and preserve in the section all the substance and tone of each of the
contributor acknowledgements and/or dedications given therein.
L. Preserve all the Invariant Sections of the Document, unaltered in their text and in
their titles. Section numbers or the equivalent are not considered part of the section
titles.
M. Delete any section Entitled "Endorsements". Such a section may not be included in
the Modified Version.
N. Do not retitle any existing section to be Entitled "Endorsements" or to conflict in title

with any Invariant Section.
O. Preserve any Warranty Disclaimers.
If the Modified Version includes new front-matter sections or appendices that qualify as
96
Diarmuid Briain
Secondary Sections and contain no material copied from the Document, you may at your option
designate some or all of these sections as invariant. To do this, add their titles to the list of
Invariant Sections in the Modified Version's license notice. These titles must be distinct from
any other section titles.
You may add a section Entitled "Endorsements", provided it contains nothing but
endorsements of your Modified Version by various partiesfor example, statements of peer
review or that the text has been approved by an organization as the authoritative definition of a
standard.
You may add a passage of up to five words as a Front-Cover Text, and a passage of up to 25
words as a Back-Cover Text, to the end of the list of Cover Texts in the Modified Version. Only
one passage of Front-Cover Text and one of Back-Cover Text may be added by (or through
arrangements made by) any one entity. If the Document already includes a cover text for the
same cover, previously added by you or by arrangement made by the same entity you are
acting on behalf of, you may not add another; but you may replace the old one, on explicit
permission from the previous publisher that added the old one.
The author(s) and publisher(s) of the Document do not by this License give permission to use
their names for publicity for or to assert or imply endorsement of any Modified Version.
5. COMBINING DOCUMENTS
You may combine the Document with other documents released under this License, under the
terms defined in section 4 above for modified versions, provided that you include in the
combination all of the Invariant Sections of all of the original documents, unmodified, and list
them all as Invariant Sections of your combined work in its license notice, and that you
preserve all their Warranty Disclaimers.
The combined work need only contain one copy of this License, and multiple identical Invariant
Sections may be replaced with a single copy. If there are multiple Invariant Sections with the
same name but different contents, make the title of each such section unique by adding at the
end of it, in parentheses, the name of the original author or publisher of that section if known, or
else a unique number. Make the same adjustment to the section titles in the list of Invariant
Sections in the license notice of the combined work.
In the combination, you must combine any sections Entitled "History" in the various original
documents, forming one section Entitled "History"; likewise combine any sections Entitled
"Acknowledgements", and any sections Entitled "Dedications". You must delete all sections
Entitled "Endorsements".
6. COLLECTIONS OF DOCUMENTS
You may make a collection consisting of the Document and other documents released under
this License, and replace the individual copies of this License in the various documents with a
single copy that is included in the collection, provided that you follow the rules of this License
for verbatim copying of each of the documents in all other respects.
You may extract a single document from such a collection, and distribute it individually under
this License, provided you insert a copy of this License into the extracted document, and follow
Diarmuid Briain
97
this License in all other respects regarding verbatim copying of that document.
7. AGGREGATION WITH INDEPENDENT WORKS

A compilation of the Document or its derivatives with other separate and independent
documents or works, in or on a volume of a storage or distribution medium, is called an
"aggregate" if the copyright resulting from the compilation is not used to limit the legal rights of
the compilation's users beyond what the individual works permit. When the Document is
included in an aggregate, this License does not apply to the other works in the aggregate which
are not themselves derivative works of the Document.
If the Cover Text requirement of section 3 is applicable to these copies of the Document, then if
the Document is less than one half of the entire aggregate, the Document's Cover Texts may
be placed on covers that bracket the Document within the aggregate, or the electronic
equivalent of covers if the Document is in electronic form. Otherwise they must appear on
printed covers that bracket the whole aggregate.
8. TRANSLATION
Translation is considered a kind of modification, so you may distribute translations of the
Document under the terms of section 4. Replacing Invariant Sections with translations requires
special permission from their copyright holders, but you may include translations of some or all
Invariant Sections in addition to the original versions of these Invariant Sections. You may
include a translation of this License, and all the license notices in the Document, and any
Warranty Disclaimers, provided that you also include the original English version of this License
and the original versions of those notices and disclaimers. In case of a disagreement between
the translation and the original version of this License or a notice or disclaimer, the original
version will prevail.
If a section in the Document is Entitled "Acknowledgements", "Dedications", or "History", the
requirement (section 4) to Preserve its Title (section 1) will typically require changing the actual
title.
9. TERMINATION
You may not copy, modify, sublicense, or distribute the Document except as expressly
provided under this License. Any attempt otherwise to copy, modify, sublicense, or distribute it
is void, and will automatically terminate your rights under this License.
However, if you cease all violation of this License, then your license from a particular copyright
holder is reinstated (a) provisionally, unless and until the copyright holder explicitly and finally
terminates your license, and (b) permanently, if the copyright holder fails to notify you of the
violation by some reasonable means prior to 60 days after the cessation.
Moreover, your license from a particular copyright holder is reinstated permanently if the
copyright holder notifies you of the violation by some reasonable means, this is the first time
you have received notice of violation of this License (for any work) from that copyright holder,
and you cure the violation prior to 30 days after your receipt of the notice.
Termination of your rights under this section does not terminate the licenses of parties who
98
Diarmuid Briain
have received copies or rights from you under this License. If your rights have been terminated
and not permanently reinstated, receipt of a copy of some or all of the same material does not
give you any rights to use it.
10. FUTURE REVISIONS OF THIS LICENSE

The Free Software Foundation may publish new, revised versions of the GNU Free
Documentation License from time to time. Such new versions will be similar in spirit to the
present version, but may differ in detail to address new problems or concerns. See
http://www.gnu.org/copyleft/.
Each version of the License is given a distinguishing version number. If the Document specifies
that a particular numbered version of this License "or any later version" applies to it, you have
the option of following the terms and conditions either of that specified version or of any later
version that has been published (not as a draft) by the Free Software Foundation. If the
Document does not specify a version number of this License, you may choose any version ever
published (not as a draft) by the Free Software Foundation. If the Document specifies that a
proxy can decide which future versions of this License can be used, that proxy's public
statement of acceptance of a version permanently authorizes you to choose that version for the
Document.
11. RELICENSING
"Massive Multiauthor Collaboration Site" (or "MMC Site") means any World Wide Web server
that publishes copyrightable works and also provides prominent facilities for anybody to edit
those works. A public wiki that anybody can edit is an example of such a server. A "Massive
Multiauthor Collaboration" (or "MMC") contained in the site means any set of copyrightable
works thus published on the MMC site.
"CC-BY-SA" means the Creative Commons Attribution-Share Alike 3.0 license published by
Creative Commons Corporation, a not-for-profit corporation with a principal place of business
in San Francisco, California, as well as future copyleft versions of that license published by that
same organization.
"Incorporate" means to publish or republish a Document, in whole or in part, as part of another
Document.
An MMC is "eligible for relicensing" if it is licensed under this License, and if all works that were
first published under this License somewhere other than this MMC, and subsequently
incorporated in whole or in part into the MMC, (1) had no cover texts or invariant sections, and
(2) were thus incorporated prior to November 1, 2008.
The operator of an MMC Site may republish an MMC contained in the site under CC-BY-SA on
the same site at any time before August 1, 2009, provided the MMC is eligible for relicensing.
Diarmuid Briain
99
100
Diarmuid Briain

Linux Foundation Certified System Administrator LFCS v1.3 PDF

Uploaded by

Copyright:

Available Formats

Linux Foundation Certified System Administrator LFCS v1.3 PDF

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Linux Foundation Certified System Administrator LFCS v1.3 PDF

Uploaded by

Copyright:

Available Formats

Linux Foundation Certified System

Linux Foundation Certified System Administrator (LFCS)

Linux Foundation Certified System Administrator (LFCS)

1.4.2. Password expiry management.......................................................................................................6

Linux Foundation Certified System Administrator (LFCS)

3.5. Finding files on the file-system.......................................................................................................59

Linux Foundation Certified System Administrator (LFCS)

1. Local system administration

Backup the /home directory using bz2.

1.2. Managing local users accounts

-c, --comment COMMENT

Create the user's home directory.

-s, --shell SHELL

Login shell of the new account.

Create a group with the same name as the user.

Add a user Ada Lovelace to the system.

Change the password for Ada Lovelace.

Test the login for Ada Lovelace.

Linux Foundation Certified System Administrator (LFCS)

1.3. Managing user accounts

1.4. Managing user account attributes

1.4.2. Password expiry management

Review Ada Lovelace's password aging information.

Nov 19, 2014

Linux Foundation Certified System Administrator (LFCS)

Nov 19, 2014

password must be changed

Nov 19, 2014

Linux Foundation Certified System Administrator (LFCS)

1.5. Creating local user groups

Add a group password for the new group babbage.

1.6. Managing file permissions

4096 Oct 21 15:48 sandbox

$ sudo chgrp babbage ./sandbox

4096 Oct 21 15:39 sandbox

$ chmod 775 sandbox

$ ls -la | grep sandbox

4096 Oct 21 15:39 sandbox

Linux Foundation Certified System Administrator (LFCS)

Review the file in the sandbox directory.

1.6.1. Change file attributes

'+' - Adds selected attributes

'=' - Specifies that there are the only attributes

Read only attributes

Linux Foundation Certified System Administrator (LFCS)

Z - compressed dirty file (Z)

Linux Foundation Certified System Administrator (LFCS)

1.6.2. Access Control Lists

4096 Nov 19 21:05 sandbox

Linux Foundation Certified System Administrator (LFCS)

Giving Ada Lovelace read/write privileges to the directory.

Add the lmenabrea group with read/write privileges.

Remove the lmenabrea group rights with the -x switch option.

1.7. Managing fstab entries

Linux Foundation Certified System Administrator (LFCS)

Use dmesg or tail f /var/log/messages to find the device name.

A directory that exists.

File system type

0 - exclude from backup, nonzero value - device will be backed up.