Course material of Principle of system and network administration
The readings referred to in the table below are recommended material from A. Principles of Network and System Administration by Mark Burgess ohn !iley " Sons #td B. TCP$%P Network administration by Craig &unt oreilly publications C. TCP$%P Protocol Suite by 'ro(en TM& ). Analytical Network and System Administration Managing &uman* Computer Networks by Mark Burgess ohn !iley " Sons #td +. Cryptography " Network Security by Atul ,ahate TM& '. Cryptography " Network Security by !illiam Stalling Pearson +ducation -. .our /N%0 /ltimate -uide by Sumitabha )as TM& &. )ata Communication " computer networks by Bi1ender Singh +++
A u g - D e c 2 0 0 9 DEPTT : IT Paper Code : IT 403 E SEMESTER: 7 th #ecture 23 4eading5 A2.262.78 A2.98 )2.262.:8 )2.; Contents56 1) Introduction to System and Network Administration 2) The Goal of System and Network Administration %ntroduction 2.2 !hat is System and Network Administration Network and system administration is a branch of engineering that concerns the operational management of humancomputer systems! It is unusual as an engineering discipline in that it addresses both the technology of computer systems and the users of the technology on an e"ual basis! It is about putting together a network of computers #workstations$ %&s and supercomputers)$ getting them running and then keeping them running in spite of the acti'ities of users who tend to cause the systems to fail! A system administrator works for users$ so that they can use the system to produce work! (nce a computer is attached to the Internet$ we ha'e to consider the conse"uences of being directly connected to all the other computers in the world! The terms network administration and system administration e)ist separately and are used both 'ariously and inconsistently by industry and by academics! System administration is the term used traditionally by mainframe and *NI+ engineers to describe the management of computers whether they are coupled by a network or not! Network administration means the management of network infrastructure de'ices #routers and switches)! Network administration is the management of %&s in a network! !hat is a system< 5 A system is most often an organi,ed effort to fulfill a goal$ or at least carry out some predictable beha'ior A system could be a mechanical de'ice$ a computer$ an office of workers$ a network of humans and machines$ a series of forms and procedures #a bureaucracy) etc! Systems in'ol'e themes$ such as collaboration and communication between different actors$ the use of structure to represent information or to promote efficiency$ and the laws of cause and effect A computer system is usually understood to mean a system composed primarily of computers$ using computers or supporting computers! A humancomputer system includes the role of humans$ such as in a business enterprise where computers are widely used! The principles and theories concerning systems come from a wide range of fields of study! They are synthesi,ed here in a form and language that is suitable for scholars of science and engineering! !hat is administration< 5 In humancomputer system administration$ the definition is broadened to include all of the organi,ational aspects and also engineering issues$ such as system fault diagnosis! In this regard$ it is like the medical profession$ which combines checking$ management and repair of bodily functions! The main issues are the following- . System design and rationali,ation . /esource management . 0ault !handing In order to achie'e these goals$ it re"uires . %rocedure . Team work . 1thical practices . Appreciation of security! Administration comprises two aspects- technical solutions and arbitrary policies! A technical solution is re"uired to achie'e goals and sub2goals$ so that a problem can be broken down into manageable pieces! %olicy is re"uired to make the system$ as far as possible$ predictable- it pre2 decides the answers to "uestions on issues that cannot be deri'ed from within the system itself! %olicy is therefore an arbitrary choice$ perhaps guided by a goal or a principle! 2.= Applying technology in an en>ironment A key task of network and system administration is to build hardware configurations3 another is to configure software systems! 4oth of these tasks are performed for users! 1ach of these tasks presents its own challenges$ but neither can be 'iewed in isolation! 5ardware has to conform to the constraints of the physical world3 it re"uires power$ a temperate #usually indoor) climate$ and a conformance to basic standards in order to work systematically! The type of hardware limits the kind of software that can run on it! Software re"uires hardware$ a basic operating system infrastructure and a conformance to certain standards$ but is not necessarily limited by physical concerns as long as it has hardware to run on! Today the comple)ity of multiple software systems sharing a common Internet space reaches almost the le'el of the biological! Today that strategy is less dominant$ and e'en untenable$ thanks to networking! Today$ there is not only a physical en'ironment but a technological one$ with a di'ersity that is constantly changing! %art of the challenge is to knit apparently disparate pieces of this community into a harmonious whole! The global 'iew$ presented to us by information technology means that we ha'e to think penetratingly about the systems that are deployed! The e)tensi'e filaments of our inter2networked systems are e)posed to attack$ both accidental and malicious in a competiti'e 6ungle! Ignore the en'ironment and one e)poses oneself to unnecessary risk! 2.:The human role in systems 0or humans$ the task of system administration is a balancing act! It re"uires patience$ understanding$ knowledge and e)perience! Administrators need to be the doctor$ the psychologist$ and when instruments fail the mechanic! 7e need to work with the limited resources we ha'e$ be in'enti'e in a crisis$ and know a lot of general facts and figures about the way computers work! 7e need to recogni,e that the answers are not always written down for us to copy$ that machines do not always beha'e the way we think they should! 7e need to remain calm and attenti'e$ and learn a do,en new things a year! &omputing systems re"uire the 'ery best of organi,ational skills and the most professional of attitudes! To start down the road of system administration$ we need to know many facts and build confidence though e)perience but we also need to know our limitations in order to a'oid the careless mistakes which are all too easily pro'oked! 2.7The challenges of system administration System administration is not 6ust about installing operating systems! It is about planning and designing an efficient community of computers so that real users will be able to get their 6obs done! That means- 8esigning a network which is logical and efficient! 8eploying large numbers of machines which can be easily upgraded later! 8eciding what ser'ices are needed! %lanning and implementing ade"uate security! %ro'iding a comfortable en'ironment for users! 8e'eloping ways of fi)ing errors and problems which occur! 9eeping track of and understanding how to use the enormous amount of knowledge which increases e'ery year! =? The -oal of System and Network Administration =.2-oal of network administration56 The goal of network administration is to ensures that the users of networks recei'e the information and technically ser'es with "uality of ser'ices they e)cept! Network administration means the management of network infrastructures de'ices #such as router and switches) Network administration compromises of : ma6ors groups- 1! Network pro'isioning 2! Network operations :! Network maintenance Network pro>isioning56 is the primary responsibility of engineering groups and its consists of planning and design of network which is done by engineer! Network operations5 2 it consists of fault$ configurations$ traffic$ all type of management and it is done by plant facilities group! Its is ner'e center of network management operations! Network maintenance56 its consists of all type of installations and maintenance work! 4esponsibilities of Network Administration56 It is to pro'ide a reliable consistent and scalable network infrastructure that meets or e)ceeds le'els and optimi,e enterprises assets! To build hardware configuration To configure software configuration 8esigning of network which is logical and official 8isplaying large nos of machines which can be easily upgraded later 8eciding which; what ser'ices are needed! %lanning and implementing en'ironments for users! 8e'eloping a ways of fi)ing errors and problems when occurs! To make user life 'ery easy and to empower them in production of real work! 1! So to meets abo'e goal a management should establish policy either formally or informally contract ser'ice le'els agreements with users! 2! 0rom a business administration point of 'iew$ network administration in'ol'es strategic and tactical planning of engineering$ operations and maintenance of network and network ser'ice for current and future needs at minimum o'erall costs :! 7ell established communications and interactions among 'arious groups are necessary to perform these functions =.= -oal of System administration56 The primary tasks of system administration is to ensures that the following things happens a) The top management is assured of efficiency in utili,ations of the system resources b) The general user<s community gets the ser'ices which they are seeking! =arious tasks performed by system administrators are Systems starts up and shutdowns (pening and closing of users accounts 5elping users to set up there working en'ironments >aintaining users ser'ices Allocating disks spaces and relocating "uotas when the needs grows #ecture =3 4eading5 A=.26=.= #inks56 http-;;www!geocities!com;ra'ee?2@; www!NT0S!(/G http-;;gama!'tu!lt;biblioteka;(perating?systems;(perating?systems!pdf http-;;nptel!iitm!ac!in;courses;7ebcourse2contents;IISc 4ANG;(perating A2BSystems;pdf;Cecture?Notes;>odA2B1?CN!pdf Contents56 :) System &omponents and there >anagements D) (perating System - 7indows and *NI+ 'ariants 2? System Components and there Managements 2.2 !hat is @the systemA< In system administration$ the word system is used to refer both to the operating system of a computer and often$ collecti'ely the set of all computers that cooperate in a network! If we look at computer systems analytically$ we would speak more precisely about humancomputer systems- )efinition 2 Bhuman*computer system?. An organi,ed collaboration between humans and computers to sol'e a problem or pro'ide a ser'ice! Although computers are deterministic$ humans are non2deterministic$ so humancomputer systems are non2deterministic! 2.2.2 Network infrastructure There are three main components in a humancomputer system #see figure below) &umans 5 who use and run the fi)ed infrastructure$ and cause most problems! 5ost computers- computer de'ices that run software! These might be in a fi)ed location$ or mobile de'ices! Network hardware- This co'ers a 'ariety of speciali,ed de'ices including the following key components- 8edicated computing de'ices that direct traffic around the Internet! /outers talk at the I% address le'el$ or Elayer :<$ by simple speaking! Switches 5 fi)ed hardware de'ices that direct traffic around local area networks! Switches talk at the le'el of 1thernet or Elayer 2< protocols! Cables 5 There are many types of cable that interconnect de'ices- !fiber optic cables$ twisted pair cables$ null2modem cables etc! 0ig- some of the key dependencies in system administration! The sum of these elements forms a networked community$ bound by human ties and cable ties! Ser'ices depend on a physical network$ on hosts and users$ both as consumers of the resources and as teams of administrators that maintain them! 2.2.= Computers All contemporary computers in common use are based on the 1ckert>auchly'on Neumann architecture as shown in figure below 1ach computer has a clock which dri'es a central processor unit #&%*)$ a random access memory #/A>) and an array of other de'ices$ such as disk dri'es! In order to make these parts work together$ the &%* is designed to run programs which can read and write to hardware de'ices! The most important program is the operating system kernel! (n top of this are software layers that pro'ide working abstractions for programmers and users! These consist of files$ processes and ser'ices! %art of Ethe system< refers to the network de'ices that carry messages from computer to computer$ including the cables themsel'es! 0inally$ the system refers to all of these parts and le'els working together! 0igure- The basic elements of the 'on Neumann architecture! 2.= &andling hardware To be a system administrator it is important to ha'e a basic appreciation of the frailties and procedures surrounding hardware! All electronic e"uipment should be treated as highly fragile and easily damaged$ regardless of how sturdy it is! Ne'er insert or remo'e power cords from e"uipment without ensuring that it is switched off! Take care when inserting multi2pin connectors that the pins are oriented the right way up and that no pins are bent on insertion! Moreo>er5 2? 4ead instructions5 7hen dealing with hardware$ one should always look for and read instructions in a manual! =? &andling components5 >odern day &>(S chips work at low 'oltages #typically F 'olts or lower)! Standing on the floor with insulating shoes$ you can pick up a static electric charge of se'eral thousand 'olts! Such a charge can instantly destroy computer chips! 4efore touching any computer components$ earth yourself by touching the metal casing of the computer! If you are installing e"uipment inside a computer$ wear a conducti'e wrist strap! :? )isks5 8isk technology has been impro'ing steadily for two decades! The most common disk types$ in the workplace$ fall into two families- ATA #formerly I81) and S&SI! ATA disks are now generally cheaper than S&SI disks #due to 'olume sales) and e)cel at se"uential access$ but S&SI disks ha'e traditionally been more efficient at handling multiple accesses due to a multitasking bus design$ and are therefore better in multitasking systems$ where random access is important! 7? Memory5 >emory chips are sold on small pluggable boards! They are sold in different si,es and with different speeds! A computer has a number of slots where they can be installed! 7hen buying and installing /A>$ remember The physical si,e of memory plug2in is important! Not all of them fit into all sockets! >emory is sold in units with different capacities and data rates! (ne must find out what si,e can be used in a system! ;? #ightning5 strikes can destroy fragile e"uipment! No fuse will protect hardware from a lightning strike! Transistors and &>(S chips burn out much faster than any fuse! 1lectronic spike protectors can help here$ but nothing will protect against a direct strike! 9? Power5 failure can cause disk damage and loss of data! A *%S #uninterruptible power supply) can help! C? &eat - 4la,ing summer heat or a poorly placed heater can cause systems to o'erheat and suddenly black out! (ne should not let the ambient temperature near a computer rise much abo'e 2F degrees &entigrade! Increased temperature also increases noise le'els that can reduce network capacities by a fraction of a percent! 5eat can cause /A> to operate unpredictably and disks to misread;miswrite! Good 'entilation is essential for computers and screens to a'oid electrical faults! D? Cold5 Sudden changes from hot to cold are 6ust as bad! They can cause unpredictable changes in electrical properties of chips and cause systems to crash! In the long term$ these changes could lead to cracks in the circuit boards and irreparable chip damage! E? &umidity5 In times of 'ery cold weather and 'ery dry heat$ the humidity falls to 'ery low le'els! At these times$ the amount of static electricity builds up to "uite high le'els without dissipating! This can be a risk to electronic circuitry! 5umans pick up charge 6ust by walking around$ which can destroy fragile circuitry! %aper sticks together causing paper crashes in laser printers! Too much humidity can lead to condensation and short circuits! =? Fperating System5 !indows and /N%0 >ariants (perating System #or shortly (S) primarily pro'ides ser'ices for running applications on a computer system =.2 Need for an FS5 The primary need for the (S arises from the fact that user needs to be pro'ided with ser'ices and (S ought to facilitate the pro'isioning of these ser'ices! The central part of a computer system is a processing engine called &%*! A system should make it possible for a user<s application to use the processing unit! A user application would need to store information! The (S makes memory a'ailable to an application when re"uired! Similarly$ user applications need use of input facility to communicate with the application! This is often in the form of a key board$ or a mouse or e'en a 6oy stick #if the application is a game for instance)! The output usually pro'ided by a 'ideo monitor or a printer as some times the user may wish to generate an output in the form of a printed document! (utput may be a'ailable in some other forms! 0or e)ample it may be a 'ideo or an audio file! Cet us consider few applications! . 8ocument 8esign . Accounting . 12mail . Image processing 7e notice that each of the abo'e application re"uires resources for . %rocessing information . Storage of Information . >echanism to inputting information . %ro'ision for outputting information . These ser'ice facilities are pro'ided by an operating system regardless of the nature of application! The (S offers generic ser'ices to support all the abo'e operations! These operations in turn facilitate the applications mentioned earlier! To that e)tent an (S operation is application neutral and service specific. =.= /ser and System Giew5 0rom the user point of 'iew the primary consideration is always the con'enience! It should be easy to use an application! ! The human computer interface which helps to identify an application and its launch is 'ery useful! If we e)amine the programs that help us in using input de'ices like a key board all the comple) details of character reading program are hidden from the user! The same is true when we write a program! 0or instance$ when we use a programming language like &$ a printf command helps to generate the desired form of output! The following figure essentially depicts the basic schema of the use of (S from a user stand point! 5owe'er$ when it comes to the 'iew point of a system$ the (S needs to ensure that all the system users and applications get to use the facilities that they need! =.: what does an FS )o< . %ower (n Self Test #%(ST) . /esource management Support for multi2user . 1rror 5andling . &ommunication support o'er Network . #(ptional) 8eadline support so that safety critical application run and fail gracefully =.7 /N%0 *NI+ is a powerful computer operating system originally de'eloped at ATGT 4ell Caboratories! It is 'ery popular among the scientific$ engineering$ and academic communities due to its multi2user and multi2 tasking en'ironment$ fle)ibility and portability$ electronic mail and networking capabilities$ and the numerous programming$ te)t processing and scientific utilities a'ailable! Unix Variants This diagram shows the Hfamily treeH of the *ni) operating system! *ni)2like The *ni)2like family is a di'erse group of operating systems$ with se'eral ma6or subcategories including System =$ 4S8$ and Cinu)! The name H*ni)H is a trademark of The (pen Group which licenses it for use to any operating system that has been shown to conform to the definitions that they ha'e cooperati'ely de'eloped! The name is commonly used to refer to the large set of operating systems which resemble the original *ni)! *ni) systems run on a wide 'ariety of machine architectures! They are used hea'ily as ser'er systems in business$ as well as workstations in academic and engineering en'ironments! 0ree software *ni) 'ariants$ such as Cinu) and 4S8$ are increasingly popular! They are used in the desktop market as well$ for e)ample *buntu$ but mostly by hobbyists! Some *ni) 'ariants like 5%Is 5%2*+ and I4>Is AI+ are designed to run only on that 'endorIs proprietary hardware! (thers$ such as Solaris$ can run on both proprietary hardware and on commodity )J@ %&s! AppleIs >ac (S +$ a microkernel 4S8 'ariant deri'ed from Ne+TST1%$ >ach$ and 0ree4S8$ has replaced AppleIs earlier #non2*ni)) >ac (S! ('er the past se'eral years$ free *ni) systems ha'e supplanted proprietary ones in most instances =.; Microsoft !indows The >icrosoft 7indows family of operating systems originated as a graphical layer on top of the older >S2 8(S en'ironment for the I4> %&! >odern 'ersions are based on the newer 7indows NT core that first took shape in (S;2 and borrowed from (pen=>S! 7indows runs on :22bit and @D2bit Intel and A>8 computers$ although earlier 'ersions also ran on the 81& Alpha$ >I%S$ and %ower%& architectures #some work was done to port it to the S%A/& architecture)! As of 2BBD$ 7indows held a near2monopoly of around KBA of the worldwide desktop market share$ although this is thought to be dwindling due to the increase of interest focused on open source operating systems! It is also used on low2end and mid2range ser'ers$ supporting applications such as web ser'ers and database ser'ers! #ecture :3 4eading5 A=.78 A=.7.26=.7.78 A=.;8 A=.9 #inks56 http-;;www!cim!mcgill!ca;Lfranco;(pSys2:BD2D2M;lecture2notes;node1@!html http-;;amath!colorado!edu;computing;uni);cheatsheet;A!pdf http-;;hpce!iitm!ac!in;website;*serInfo;uni)A2Bcommands!pdf http-;;cs!nyu!edu;courses;fallB@;G22!22DF2BB1;syll;lect:!pdf Contents56 F) %rocesses and Nob &ontrol @) %ri'ileged $*ser and Group Accounts M) Cogs and audits 2? Processes and ob Control (n a multitasking computer$ all work on a running program is performed by an abstraction called a process! This is a collection of resources such as file handles$ allocated memory$ program code and &%* registers that is associated with a specific running program! (n modern operating systems$ processes can contain many concurrent threads which share program resources! 2.2The /N%0 process model A %rocess is simply an instance of a running a program! A process is said to be born when program starts e)ecutions and remains ali'e as long as the program is acti'e! So after e)ecution is complete a process is said to be die! A process also has name$ usually the name of the program being e)ecuted! 0or e!g! when you e)ecute the grep command a process name grep is created! 5owe'er a process can be considered synonymous with a program when 2 users run the same program$ there one program on disks but 2 process in memory! The kernel is responsible for management of process !its determines the time and priorities that are allocated to processes so that multiple processes are able to share &%* resources! its pro'ides a mechanisms by which a process is able to e)ecute for a finite period of time and then relin"uish control to another process! 1'ery process has attributes so some of attributes of e'ery process is maintained by kernel in memory in separate structure called process table 'igure *NI+ process state model In case of *NI+ the /unning state is di'ided into 2 states *ser running state 9ernel running state! 1) New State-2 the process being created 2) /eady State- 2 the process is waiting to be assigned to a processor! :) 4locked State-2 the process is in main memory and waiting for an e'ents D) 4locked Suspended- 2 the process is in secondary memory and waiting for an e'ent! F) Suspend ; /eady-2 the process is in secondary memory but is a'ailable for e)ecution as soon as it is loaded into memory @) 1)ited State- 2 it is a process for which parent ha'e decided not to waits for them after a process die for their cleaning purpose! So this process does not ha'e any entry in process table! M) Oombie-2 it is a process for which there parent ha'e to waits for the completions # possibly to clean after them) and system maintain its entry in process tables J) %reempted State-2 it is a special case pf blocked state a process retaining from system calls # hence after ha'ing run in kernel modes) to immediately blocked and put the ready process "ueue instead of returning $lea'ing &%* to another process! All processes in *NI+ are created using the fork() system call ! *NI+ implements through the fork() and exec() system calls an elegant two2step mechanism for process creation and e)ecution! fork() is used to create the image of a process using the one of an e)isting one$ and exec is used to e)ecute a program by o'erwriting that image with the programIs one! A call to fork() of the form- Pinclude Qsys;types!hR pid?t childpid3 !!! childpid S fork#)3 ;T childIs pid in the parent$ B in the child T; !!! creates #if it succeeds) a new process$ which a child of the callerIs$ and is an e)act copy of of the #parent) caller itself! 4y e)act copy we mean that itIs image is a physical bitwise copy of the parentIs The two processes ob'iously ha'e two different process id!s! #pid)! In a & program process id!s are con'eniently represented by 'ariables of pid_t type$ the type being defined in the sys/types.h header! In *NI+ the %&4 of a process contains the id of the processIs parent$ hence the childIs %&4 will contain as parent id #ppid) the pid of the process that called fork()$ while the caller will ha'e as ppid the pid of the process that spawned it! The child process has its own copy of the parentIs file descriptors! These descriptors reference the same under2lying ob6ects$ so that files are shared between the child and the parent! This makes sense$ since other processes might access those files as well$ and ha'ing them already open in the child is a time2sa'er! The fork() call returns in both the parent and the child$ and both resume their e)ecution from the statement immediately following the call! (ne usually wants that parent and child beha'e differently$ and the way to distinguish between them in the programIs source code is to test the 'alue returned by fork()! This 'alue is B in the child$ and the childIs pid in the parent! Process management command ps -To display the currently working processes top -8isplay all running process kill pid -9ill the process with gi'en pid killall proc- 9ill all the process named proc pkill pattern -7ill kill all processes matching the pattern bg -Cist stopped or background 6obs$resume a stopped 6ob in the background fg- 4rings the most recent 6ob to foreground fg n- 4rings 6ob n to the foreground ps )- gi'es information about currently2running processes that you own! These may be from other *NI+ sessions than your current *NI+ session! The name of each process is in the far right column$ and the process id for each process is in the first column! #417A/1- the options for ps 'ary on different fla'ors of *NI+ and Cinu)U 2.= Child processes and (ombies 7hen we start a process$ the new process becomes a child of the original! If one of the children starts a new process then it will be a child of the child #a grandchild)! %rocesses therefore form hierarchies! Se'eral children can ha'e a common parent! All *ni) user2processes are children of the initial process init$ with process I8 1! If we kill a parent$ then #unless the child has detached itself from the parent) all of its children die too! If a child dies$ the parent is not affected! Sometimes when a child is killed$ it does not die but becomes defunct or a zombie process! This means that the child has a parent which is waiting for it to finish! If the parent has not yet been informed that the child has died$ because it has been suspended itself for instance$ then the dead child is not completely remo'ed from the kernel<s process table! 7hen the parent wakes up and recei'es the message that the child has terminated #and its e)it status)$ the process entry for the dead child can be remo'ed! >ost *NI+ processes go through a ,ombie state$ but most terminate so "uickly that they cannot be seen! It is not possible to kill a ,ombie process$ since it is already dead! The only way to remo'e a ,ombie is to either reacti'ate the process which is waiting for it$ or to kill that process! %ersistent ,ombie processes are usually caused by software bug 2.: The !indows process model Cike *NI+$ processes under 7indows;NT can li'e in the foreground or in the background$ though unlike *NI+$ 7indows does not fork processes by replicating e)isting ones! A background process can be started with start ;4 In order to kill the process it is necessary to purchase the /esource kit which contains a kill command! A background process detaches itself from a login session and can continue to run e'en when the user is logged out! Threads are the preferred method for multitasking! This means that additional functionality is often implemented as modules to e)isting software$ rather than as independent ob6ects! The shutdown of the whole system is normally performed from the 7indows menu! Any logged on user can shut down a host! 4ackground processes die when this happens and updates from an administrator could fail to be applied! = Pri>ileged accounts (perating systems that restrict user pri'ileges need an account which can be used to configure and maintain the system! Such an account must ha'e access to the whole system$ without regard for restrictions! It is therefore called a pri'ileged account! In *NI+ the pri'ileged account is called root$ also referred to collo"uially as the super2user! In 7indows$ the Administrator account is similar to *NI+<s root$ e)cept that the administrator does not ha'e automatic access to e'erything as does root! Instead he;she must be first granted access to an ob6ect! 5owe'er the Administrator always has the right to grant them self access to a resource !These accounts place 'irtually no restriction on what the account holder can do! In a sense$ they pro'ide the pri'ileged user with a skeleton key$ a uni'ersal pass to any part of the system! Administrator and root accounts should ne'er be used for normal work- they wield far too much power! This is one of the hardest things to drill into no'ices$ particularly those who ha'e grown up using insecure operating systems! Such users are used to being able to do whate'er they please! : #ogs and audits (perating system kernels share resources and offer ser'ices! They can be asked to keep lists of transactions which ha'e taken place so that one can later go back and see e)actly what happened at a gi'en time! This is called logging or auditing! 0ull system auditing in'ol'es logging e'ery single operation that the computer performs! This consumes 'ast amounts of disk space and &%* time and is generally inad'isable unless one has a specific reason to audit the system! Auditing has become an issue again in connection with security! (rgani,ations ha'e become afraid of break2ins from system crackers and want to be able to trace the acti'ities of the system in order to be able to look back and find out the identity of a cracker! The other side of the coin is that system accounting is so resource consuming that the loss of performance might be more important to an organi,ation than the threat of intrusion 0or some organi,ations auditing is important$ howe'er! (ne use for auditing is so2called non2repudiation$ or non2denial! If e'erything on a system is logged$ then users cannot back away and claim that they did not do something- it<s all there in the log! Non2repudiation is a security feature which encourages users to be responsible for their actions! #ecture 73 4eading5 AD.228 AD.22.26 D.22.7 Contents56 System %erformance Tuning 1) System %erformance Tuning System performance tuning is a comple) sub6ect$ in which no part of the system is sacrosanct! Although it is "uite easy to pin2point general performance problems$ it is harder to make general recommendations to fi) these! 7hat processes are running 5ow much a'ailable memory the system has 7hether disks are being used e)cessi'ely 7hether the network is being used hea'ily 7hat software dependencies the system has #e!g! 8NS$ N0S)! 2.24esources and dependencies Since all resources are scheduled by processes$ it is natural to check the process table first and then look at resource usage! (n 7indows$ one has the process manager and performance monitor for this! (n *ni)2like systems$ we check the process listing with ps au)! A 4S8 process listing looks like this- hostA ps au) V more *S1/ %I8 A&%* A>1> SO /SS TT S STA/T TI>1 &(>>AN8 root : B!2 B!B B B W S Nun 1F FF-:J fsflush root 22112 B!1 B!F 1D@D 1112 pts;2 ( 1F-:K-FD B-BB ps au) mark 2211: B!1 B!: 11DD M2B pts;2 ( 1F-:K-FD B-BB more root :DB B!1 B!D 1MK2 K@J W S Nun 1F :-1: ;bin;fingerd This one was taken on a "uiet system$ with no load! The columns show the user I8 of the process$ the process I8$ an indication of the amount of &%* time used in e)ecuting the program #the percentage scale can be taken with a pinch of salt$ since it means different things for different kernels)$ and an indication of the amount of memory allocated! The SO post is the si,e of the process in total #code plus data plus stack)$ while /SS is the resident si,e$ or how much of the program code is actually resident in /A>$ as opposed to being paged out$ or ne'er e'en loaded! TI>1 shows the amount of &%* time accumulated by the process$ while STA/T indicates the amount of clock time which has elapsed since the process started! 2.= &ardware )isks5 7hen assigning partitions to new disks$ it pays to use the fastest disks for the data which are accessed most often$ e!g! for user home directories! To impro'e disk performance$ we can do two things! (ne is to buy faster disks and the other is to use parallelism to o'ercome the time it takes for physical motions to be e)ecuted! The mechanical problem which is inherent in disk dri'es is that the heads which read and write data ha'e to mo'e as a unit! If we need to collect two files concurrently which lie spread all o'er the disk$ this has to be done serially! 8isk striping is a techni"ue whereby filesystems are spread o'er se'eral disks! 4y spreading files o'er se'eral disks$ we ha'e se'eral sets of disk heads which can seek independently of one another$ and work in parallel! This does not necessarily increase the transfer rate$ but it does lower seek times$ and thus performance impro'ement can approach as much as N times with N disks! /AI8 technologies employ striping techni"ues and are widely a'ailable commercially! Spreading disks and files across multiple disk controllers will also increase parallelism! Network5 To impro'e network performance$ we need fast interfaces! All interfaces$ whether they be 1thernet or some other technology$ 'ary in "uality and speed! This is particularly true in the %& world$ where the number of competing products is huge! Network interfaces should not be trusted to gi'e the performance they ad'ertise! Some interfaces which are sold as 1BB>bits;sec$ 0ast 1thernet$ manage little more than DB>bits;sec! +thernet collisions5 1thernet communication is like a tele'ision panel of politicians- many parties shouting at random$ without waiting for others to finish! The 1thernet cable is a shared bus! 7hen a host wishes to communicate with another host$ it simply tries! If another host happens to be using the bus at that time$ there is a collision and the host must try again at random until it is heard! This method naturally leads to contention for bandwidth! The system works "uite well when traffic is low$ but as the number of hosts competing for bandwidth increases$ the probability of a collision increases in step )isk thrashing5 Thrashing is a problem which occurs because of the slowness of disk head mo'ements$ compared with the speed of kernel time2sharing algorithms! If two processes attempt to take control of a resource simultaneously$ the kernel and its de'ice dri'ers attempt to minimi,e the motion of the heads by "ueuing re"uested blocks in a special order! The algorithms really try to make the disks tra'erse the disk platter uniformly$ but the re"uests do not always come in a predictable or congenial order! The result is that the disk heads can be forced back and forth across the disk$ dri'en by different processes and slowing the system to a 'irtual standstill! The time for disk heads to mo'e is an eternity to the kernel$ some hundreds of times slower than conte)t switching times! 2.: Software tuning and kernel configuration Software performance tuning is a more comple) problem than hardware performance tuning$ simply because the options we ha'e for tuning software depend on what the software is$ how it is written and whether or not the designer made it easy for us to tune its performance! Some software is designed to be stable rather than efficient! 1fficiency is not a fundamental re"uirement3 there are other priorities$ such as simplicity and robustness! %erformance tuning is related to the a'ailability or sharing of system resources! This re"uires tuning the system kernel! The most configurable piece of software on the system is the kernel! All *ni)2like systems kernel parameters can be altered and tuned! The most elegant approach to this is taken by *ni) S=/D$ and Solaris! 5ere$ many kernel parameters can be set at run time using the kernel module configuration command ndd! (thers can be configured in a single file ;etc;system! The parameters in this file can be set with a reboot of the kernel$ using the reconfigure flag reboot 22 2r 0or instance$ on a hea'ily loaded system which allows many users to run e)ternal logins$ terminals$ or +2 terminal software$ we need to increase many of the default system parameters! The ma)users parameter #actually in most *ni)2like systems) is used as a guide to estimating the si,e of many tables and limits on resources! Its default 'alue is based on the amount of a'ailable /A>$ so one should be careful about changing its 'alue in Solaris$ though other (Ss are less intelligent! The file ;etc;system$ then looks like this- set ma)usersS1BB set shmsys-shminfo?shmma) S B)1BBBBBBB set pt?cntS12J >ost *ni)2like operating systems do not permit run2time configuration! New kernels ha'e to be compiled and the 'alues hard2coded into the kernel! This re"uires not 6ust a reboot$ but a recompilation of the kernel in order to make a change! This is not an optimal way to e)periment with parameters! >odularity in kernel design can sa'e us memory$ since it means that static code does not ha'e to take up 'aluable memory space! 5owe'er$ the downside of this is that modules take time to load from disk$ on demand! The GN*;Cinu) system kernel is a modular kernel$ which can load dri'ers for special hardware at run time$ in order to remain small in the memory! 7hen we build a kernel$ we ha'e the option to compile in modules statically! 7indows performance tuning can be undertaken by perusing the multitudinous screens in the graphical performance monitor and editing the 'alues! 0or once$ this useful tool is a standard part of the 7indows system! 2.7 )ata efficiency 1fficiency of storage and transmission depends on the configuration parameters used to manage disks and networks$ and also on the amount of traffic the de'ices ! Some filesystem formatting programs on *ni)2like systems allow us to reser'e a certain percentage of disk space for pri'ileged users! 0or instance$ the default for 4S8 is to reser'e ten percent of the si,e of a partition for use by pri'ileged processes only! The idea here is to pre'ent the operating system from choking due to the acti'ities of users! This practice goes back to the early times when disks were small and e)pensi'e and partition numbers were limited! Today$ these limits are somewhat inappropriate! Ten percent of a gigabyte disk is a huge amount of space$ which many users could li'e happily with for many weeks! If we ha'e partitioned a host so as to separate users from the operating system$ then there is no need to reser'e space on user disks! 4etter to let users utili,e the e)isting space until a real problem occurs! %re'entati'e tidying helps to a'oid full disks! The effect is to sa'e us time and loss of resource a'ailability Another issue with disk efficiency is the configuration of block si,es! 4riefly$ the standard unit of space which is allocated on a filesystem is a block! 4locks are "uite large$ usually around J kilobytes! 1'en if we allocate a file which is one byte long$ it will be stored as a separate unit$ in a block by itself$ or in a fragment! 0ragments are usually around 1 kilobyte! If we ha'e many small files$ this can clearly lead to a large wastage of space and it might be prudent to decrease the filesystem block si,e! If$ con'ersely$ we deal with mostly large files$ then the block si,e could be increased to impro'e transfer efficiency! The filesystem parameters can$ in other words$ be tuned to balance file si,e and transfer2rate efficiency! Normally the default settings are a good compromise #ecture ; 3 4eading5 A7.=8 A7.=28 A78 =:8 A7.:=8 A7.::8 A7.::8 A7.:78 A7.:;8 A7.7.D Contents56 1) 5ost >anagement- 4ooting and Shutting down of an (perating System$ 2) 0ormatting$ %artitioning and 4uilding a 0ile System$ 0ile System Cayout$ :) &oncept of swap space$ &loning Systems! 2 &ost management5 Booting and shutting down of an Fperating System 2.2 -lobal >iew8 local action =arious point considers foe host installation are-2 0ollow the (S designer<s recommended setupW #(ften this is insufficient for our purpose) &reate our own setupW >ake all machines alikeW >ake all machines differentW 2.= Physical considerations of ser>er room 1) &ritical hardware needs to be protected from accidental and malicious damage! An organi,ation<s 'ery li'elihood could be at stake from a lack of protection of its basic hardware! Not all organi,ations ha'e the lu)ury of choosing ideal conditions for their e"uipment$ but all organi,ations could dedicate a room or two to ser'er e"uipment! 2) Any ser'er room should ha'e$ at the 'ery least$ a lockable door$ probably cooling or 'entilation e"uipment to pre'ent the temperature from rising abo'e about 2B degrees &elsius and some kind of anti2theft protection! :) /emember that backup tapes should ne'er be stored in the same room as the hosts they contain data from$ and duplicate ser'ers are best placed in different physical locations so that natural disasters or physical attacks #fire$ bombs etc!) will not wipe out all e"uipment at the same time! D) Security registration should be re"uired for all workers and 'isitors$ with camera recorded registration and security guards! =isitors should present photo2I8 and be pre'ented from bringing anything into the building3 they should be accompanied at all times! F) 7ithin the ser'er area- A reliable #uninterruptible) power supply is needed for essential e"uipment! Single points of failure$ e!g! network cables$ should be a'oided! 5ot standby e"uipment should be a'ailable for minimal loss of uptime in case of failure! /eplaceable hard disks should be considered1 with /AI8 protection for continuity! %rotection from natural disasters like fire and floods$ and heating failure in cold countries should be secured! Note that most countries ha'e regulations about fire control! A ser'er room should be in its own Efire cell<$ i!e! it should be isolated by doorways and 'entilation systems from neighboring areas to pre'ent the spread of fire! 2.: Computer startup and shutdown The two most fundamental operations which one can perform on a host are to start it up and to shut it down! 7ith any kind of mechanical de'ice with mo'ing parts$ there has to be a procedure for shutting it down! (ne does not shut down any machine in the middle of a crucial operation! 7ith a multitasking operating system$ the problem is that it is ne'er possible to predict when the system will be performing a crucial operation in the background! 0or this simple reason$ e'ery multitasking operating system pro'ides a procedure for shutting down safely! A safe shutdown a'oids damage to disks by mechanical interruption$ but it also synchroni,es hardware and memory caches$ making sure that no operation is left incomplete! 2.:.2 Booting /niH *ni) systems can boot in se'eral different modes or run levels! The most common modes are called multi2user mode and single2user mode! In single2user mode no e)ternal logins are permitted! The purpose of single2user mode is to allow the system administrator access to the system without fear of interference from other users! It is used for installing disks or when repairing filesystems$ where the presence of other users on the system would cause problems! The *ni) boot procedure is controlled entirely by the init program3 init reads a configuration file called ;etc;inittab! (n older 4S8 *nices$ a file called ;etc;rc meaning Erun commands< and subsidiary files like rc!local was then called to start all ser'ices! These files were no more than shell scripts! In the System = approach$ a directory called #something like) ;etc;rc!d is used to keep one script per ser'ice! ;etc;inittab defines a number of run2le'els$ and starts scripts depending on what run2le'el you choose! The idea behind inittab is to make *ni) installable in packages$ where each package can be started or configured by a separate script! 7hich packages get started depends on the run2le'el you choose! If the system does not boot right away$ you might see the line type b) boot$ c) continue or n) new command! In this case$ you should type b s in order to boot in single2user mode! *nder the GN*;Cinu) operating system$ using the CIC( (/ G/*4 boot system$ we interrupt the normal boot se"uence by pressing the S5I0T key when the CIC( prompt appears! This should cause the system to stop at the prompt- 4oot- To boot$ we must normally specify the name of a kernel file$ normally linu)! To boot in single2 user mode$ we then type 4oot- linu) single The correct run2le'el should be determined from the file ;etc;inittab! It is normally called S or 1 or e'en 1S! 2.:.= Shutting down /niH Anyone can start a *ni)2like system$ but we ha'e to be an administrator or Esuperuser< to shut one down correctly!The correct way to shut down a *ni) system is to run one of the following programs! halt- Stops the system immediately and without warning! All processes are killed with the T1/>2 inate signal 1F and disks are synchroni,ed! reboot- As halt$ but the system reboots in the default manner immediately! shutdown- This program is the recommended way of shutting down the system! It is 6ust a friendly user2interface to the other programs$ but it warns the users of the system about the impending shutdown and allows them to finish what they are doing before the system goes down! 5ere are some e)amples of the shutdown command! The first is from 4S8 *ni)- shutdown 2h X: HSystem halting in three minutes$ please log outH shutdown 2r XD HSystem rebooting in four minutesH The 2h option implies that the system will halt and not reboot automatically! The 2r option implies that the system will reboot automatically! The times are specified in minutes! The shutdown command allows one to switch run2le'els in a 'ery general way! To halt the system$ we ha'e to call this! shutdown 2i F 2g 12B H%owering down os!!!!H The 2i F option tells S=/D to go to run2le'el F$ which is the power2off state! /un The 2g 12B option tells shutdown to wait for a grace2period of 12B seconds before shutting down! Note that Solaris also pro>ides a BS) >ersion of shutdown in $usr$ucb. 2.:.: Booting and shutting down !indows To boot the system$ it is simply a matter of switching on the power! To shut it down$ one chooses shutdown from the Start >enu! There is no direct e"ui'alent of single2user mode for 7indows$ though Esecure mode< is sometimes in'oked$ in which only the essential de'ice dri'ers are loaded$ if some problem is suspected! The 7indows boot procedure on a %& begins with the 4I(S$ or %& hardware! This performs a memory check and looks for a boot2able disk! A boot2able disk is one which contains a master boot record #>4/)! Normally the 4I(S is configured to check the floppy dri'e A- first and then the hard2disk &- for a boot block! The boot block is located in the first sector of the boot2able dri'e! It identifies which partition is to be used to continue with the boot procedure! (n each primary partition of a boot2able disk$ there is a boot program which Eknows< how to load the operating system it finds there! 7indows has a menu2dri'en boot manager program which makes it possible for se'eral (Ss to coe)ist on different partitions! (nce the disk partition containing 7indows has been located$ the program NTC8/ is called to load the kernel! The file 4((T!INI configures the defaults for the boot manager! After the initial boot$ a program is run which attempts to automatically detect new hardware and 'erify old hardware! 0inally the kernel is loaded and 7indows starts properly! = 'ormatting8 Partitioning and Building a 'ile System8 'ile System #ayout =.2 Partitioning 8isks can be di'ided up into partitions! %artitions physically di'ide the disk surface into separate areas which do not o'erlap! The main difference between two partitions on one disk and two separate disks is that partitions can only be accessed one at a time$ whereas multiple disks can be accessed in parallel! 8isks are partitioned so that files with separate purposes cannot be allowed to spill o'er into one another<s space! %artitioning a disk allows us to reser'e a fi)ed amount of space for a particular purpose$ safe in the knowledge that nothing else will encroach on that space! 0or e)ample$ it makes sense to place the operating system on a separate partition$ and user data on another partition! If these two independent areas shared common space$ the acti'ities of users could "uickly choke the operating system by using up all of its workspace! 5ere are some practical points to consider when partitioning disks- 1! Si,e partitions appropriately for the 6obs they will perform! 4ear in mind that operating system upgrades are almost always bigger than pre'ious 'ersions$ and that there is a general tendency for e'erything to grow! 2! 4ear in mind that /IS& #e!g! Sun Sparc) compiled code is much larger than &IS& compiled code #e!g! software on an Intel architecture)$ so software will take up more space on a /IS& system! :! &onsider how backups of the partitions will be made! It might sa'e many complications if disk partitions are small enough to be backed up in one go with a single tape$ or other backup de'ice! 8isk partitioning is performed with a special program! (n %& hardware$ this is called fdisk or cfdisk! (n Solaris systems the program is called$ confusingly$ format! To repartition a disk$ we first edit the partition tables! Then we ha'e to write the changes to the disk itself! This is called labelling the disk! 4oth of these tasks are performed from the partitioning programs! It is important to make sure manually that partitions do not o'erlap! The partitioning programs do not normally help us here! If partitions o'erlap$ data will be destroyed and the system will sooner or later get into deep trouble$ as it assumes that the o'erlapping area can be used legitimately for two separate purposes! %artitions are labelled with logical de'ice names in *ni)! As one comes to e)pect$ these are different in e'ery fla'or of *ni)! The general pattern is that of a separate de'ice node for each partition$ in the ;de' directory$ e!g! ;etc;sd1a$ ;etc;sd1b$ ;de';dsk;cBtBdBsB etc! =.= 'ormatting and building file systems 8isk formatting is a way of organi,ing and finding a way around the surface of a disk! (n a disk surface$ it makes sense to di'ide up the a'ailable space into sectors or blocks! The way in which different operating systems choose to do this differs$ and thus one kind of formatting is incompatible with another! >aking a filesystem also in'ol'es setting up an infrastructure for creating and naming files and directories! A filesystem is not 6ust a labeling scheme$ it also pro'ides functionality! If a filesystem becomes damaged$ it is possible to lose data! *sually filesystem checking programs called disk doctors$ e!g! the *ni) program fsck #filesystem check)$ can be used to repair the operating system<s map of a disk! In *ni) filesystems$ data which lose their labelling get placed for human inspection in a special directory which is found on e'ery partition$ called lostXfound! The filesystem creation programs for different operating systems go by 'arious names! 0or instance$ on a Sun host running Sun(S;Solaris$ we would create a filesystem on the ,eroth partition of disk B$ controller ,ero with a command like this to the raw de'ice- newfs 2m B ;de';rdsk;cBtBdBsB The newfs command is a friendly front2end to the mkfs program! The option m B$ used here$ tells the filesystem creation program to reser'e ,ero bytes of special space on the partition! This partition is then made a'ailable to the system by mounting it! This can either be performed manually- mount ;de';dsk;cBtBdBsB ;mountpoint;directory or by placing it in the filesystem table ;etc;'fstab! GN*;Cinu) systems ha'e the mkfs command$ e!g! mkfs ;de';hda1 The filesystems are registered in the file ;etc;fstab! (n 7indows systems$ disks are detected automatically and partitions are assigned to different logical dri'e names! 8ri'e letters &- to O- are used for nonfloppy disk de'ices! 7indows assigns dri'e letters based on what hardware it finds at boot2time! %rimary partitions are named first$ then each secondary partition is assigned a dri'e letter! The format program is used to generate a filesystem on a dri'e! The command format ;fs-ntfs ;'-spare 0- would create an NT0S filesystem on dri'e 0- and gi'e it a 'olume label Espare<! =.7 'ilesystem layout 7e ha'e no choice about the layout of the software and support files which are installed on a host as part of Ethe operating system<! This is decided by the system designers and cannot easily be changed A working computer system has se'eral facets- 1! The operating system software distribution$ 2! Third party software$ :! *sers< files$ D! Information databases$ F! Temporary scratch space! @! These are logically separate because- M! They ha'e different functions$ J! They are maintained by different sources$ K! They change at different rates$ 1B! A different policy of backup is re"uired for each! The point of directories and partitions is to separate files so as not to mi) together things which are logically separate! There are many things which we might wish to keep separate- for e)ample$ 1! *ser home directories 2! 8e'elopment work :! &ommercial software D! 0ree software F! Cocal scripts and databases! (ne of the challenges of system design is in finding an appropriate directory structure for all data which are not part of the operating system$ i!e! all those files which are locally maintained! : Concept of swap space8 Cloning Systems. :.2 Swap space In 7indows operating systems$ 'irtual memory uses filesystem space for sa'ing data to disk! In *ni)2like operating systems$ a preferred method is to use a whole$ unformatted partition for 'irtual memory storage! A 'irtual memory partition is traditionally called the swap partition$ though few modern *ni)2like systems Eswap< out whole processes$ in the traditional sense! The swap partition is now used for paging! It is 'irtual memory scratch space$ and uses direct disk access to address the partition! :.= Cloning systems ! A system administrator usually has to install ten$ twenty or e'en a hundred machines at a time! 5e or she would also like them to be as far as possible the same$ so that users will always know what to e)pect! This might sound like a straightforward problem$ but it is not! There are se'eral approaches! 1! A few *ni)2like operating systems pro'ide a solution to this using package templates so that the installation procedure becomes standardi,ed! 2! The hard disks of one machine can be physically copied and then the hostname and I% address can be edited afterwards! :! All software can be placed on one host and shared using N0S$ or another shared file system! 1ach of these approaches has its attractions! The N0S;shared filesystem approach is without doubt the least amount of work$ since it in'ol'es installing the software only once$ but it is also the slowest in operation for users! In /ed5at Cinu) we use this command $ rpm 2i'h package!rpm 8isks can be mirrored directly$ using some kind of cloning program! 0or instance$ the *ni) tape archi'e program #tar) can be used to copy the entire directory tree of one host! In order to make this work$ we first ha'e to perform a basic installation of the (S$ with ,ero packages and then copy o'er all remaining files which constitutes the packages we re"uire! 0or e)ample$ with a GN*;Cinu) distribution- tar 22e)clude ;proc 22e)clude ;lib;libc!so!F!D!2: Y 22e)clude ;etc;hostname 22e)clude ;etc;hosts 2c 2' Y 2f host2imprint!tar ; #ecture 9 3 4eading5 A7.78 A7.7.267.7.=8 A7.7.967.7.CA Contents56 1) (S Installation$ Installation and configuration of de'ices and dri'ers$ 2 FS %nstallation8 %nstallation and configuration of de>ices and dri>ers 2.2 %nstalling a /N%0 disk There are se'eral types of disk interface used for communicating with hard2disks! ATA/IDE disks SSI disks IEEE !"#$ disks 2.2.2 mount and umount To make a disk partition appear as part of the file tree it has to be mounted! 7e say that a particular filesystem is mounted on a directory or mountpoint! The command mount mounts filesystems defined in the filesystem table file! This is a file which holds data for mount to read! The synta) of the command is mount filesystem directory type #options) There are two main types of filesystem a disk filesystem #called ufs$ hfs etc!) #which means a physical disk) and the %&S network filesystem! 5ere are some e)amples$ using the Sun(S filesystem list abo'e- mount 2a P mount all in fstab mount 2at nfs P mount all in fstab which are type nfs mount 2at D!2 P mount all in fstab which are type D!2 mount ;'ar;spool;mail P mount only this fs with options gi'en in fstab #The 2t option does not work on all *ni) implementations!) 2.= %nstallation of the operating system The installation process is one of the most destructi'e things we can do to a computer! 1'erything on the disk will disappear during the installation process! (ne should therefore ha'e a plan for restoring the information if it should turn out that reinstallation was in error! Today$ installing a new machine is a simple affair! The operating system comes on some remo'able medium #like a &8 or 8=8) that is inserted into the player and booted! (ne then answers a few "uestions and the installation is done! (perating systems are now large so they are split up into packages! (ne is e)pected to choose whether to install e'erything that is a'ailable or 6ust certain packages! >ost operating systems pro'ide a package installation program which helps this process! In order to answer the "uestions about installing a new host$ information must be collected and some choices made- 1! 7e must decide a name for each machine! 2! 7e need an unused Internet address for each! :! 7e must decide how much 'irtual memory #swap) space to allocate! D! 7e need to know the local netmask and domain name! F! 7e need to know the local time,one! 2.=.2 Solaris Solaris can be installed in a number of ways! The simplest is from &82/(>! At the boot prompt$ we simply type W boot cdrom This starts a graphical user interface which leads one through the steps of the installation from disk partitioning to operating system installation!The installation procedure proceeds through the standard list of "uestions$ in this order- 1! %referred language and keyboard type! 2! Name of host! :! Net interfaces and I% addresses! D! Subscribe to NIS or NIS plus domain$ or not! F! Subnet mask! @! Time,one! M! &hoose upgrade or install from scratch!! 2.=.= -N/$#inuH Installing GN*;Cinu) is simply a case of inserting a &82/(> and booting from it$ then following the instructions! 7hat makes GN*;Cinu) installation uni"ue amongst operating system installations is the sheer si,e of the program base! Since e'ery piece of free software is bundled$ there are literally hundreds of packages to choose from! This presents GN*;Cinu) distributors with a dilemma! To make installation as simple as possible$ package maintainers make software self2installing with some kind of default configuration! This applies to user programs and to operating system ser'ices! As with most operating systems$ GN*;Cinu) installations assume that you are setting up a stand2 alone %& which is yours to own and do with as you please! Although GN*;Cinu) is a multiuser system$ it is treated as a single2user system! Cittle thought is gi'en to the effect of installing ser'ices like news ser'ers and web ser'ers! The scripts which are bundled for adding user accounts also treat the host as a little microcosm$ placing users in ;home and software in ;usr;local! 2.=.: !indows The installation of 7indows is similar to both of the abo'e! (ne inserts a &82/(> and boots! 5ere it is preferable to begin with an already partitioned hard2dri'e #the installation program is somewhat ambiguous with regard to partitions)! (n rebooting$ we are asked whether we wish to install 7indows anew$ or repair an e)isting installation! This is rather like the GN*;Cinu) rescue disk! Ne)t we choose the filesystem type for 7indows to be installed on$ either 8(S or NT0S! There is clearly only one choice- installing on a 8(S partition would be irresponsible with regard to security! &hoose NT0S! 7indows reboots se'eral times during the installation procedure$ though this has impro'ed somewhat in recent 'ersions! The first time around$ it con'erts its default 8(S partition into NT0S and reboots again! Then the remainder of the installation proceeds with a graphical user interface! There are se'eral installation models for 7indows workstations$ including regular$ laptop$ minimum and custom! 5a'ing chosen one of these$ one is asked to enter a license key for the operating system! The installation procedure asks us whether we wish to use 85&% to configure the host with an I% address dynamically$ or whether a static I% address will be set! After 'arious other "uestions$ the host reboots and we can log in as Administrator! #ecture C3 4eading5 A;.28 A;.2.26;.2.=8 A;.2.78 A;.:6A;.:.28 A;.:.28 A;.:.:8 A;.;8 A;.;.26;.;.: #inks56 http-;;hell!org!ua;8ocs;oreilly;tcpip;puis;chBD?B2!htm http-;;nptel!iitm!ac!in;courses;7ebcourse2contents;IISc 4ANG;(perating A2BSystems;pdf;Cecture?Notes;>odA2B1K?CN!pdf Contents56 1) *ser >anagement$ Adding;/emo'ing users! 2) &ontrolling *ser /esources$ 8isk Space Allocation and "uotas! :) Super user;Administrator %ri'ileges! 2 /ser management 7ithout users$ there would be few challenges in system administration! *sers are both the reason that computers e)ist and their greatest threat! 2.2 %ssues *ser management is about interfacing humans to computers! This brings to light a number of issues- . Accounting- registering new users and deleting old ones! . &omfort and con'enience! . Support ser'ices! . 1thical issues! . Trust management and security! 2.= /ser registration (ne of the first issues on a new host is to issue accounts for users! The tools pro'ided by operating systems for this task are$ at best$ primiti'e and are rarely suitable for the task without considerable modification 0or small organi,ations$ user registration are a relati'ely simple matter! *sers can be registered at a centrali,ed location by the system manager$ and made a'ailable to all of the hosts in the network by some sharing mechanism$ such as a login ser'er$ distributed authentication ser'ice or by direct copying of the data! 0or larger organi,ations$ with many departments$ user registration is much more complicated! The need for centrali,ation is often in conflict with the need for delegation of responsibility! It is con'enient for autonomous departments to be able to register their own users$ but it is also important for all users to be registered under the umbrella of the organi,ation$ to ensure uni"ue identities for the users and fle)ibility of access to different parts of the organi,ation! 2.=.2 #ocal and network accounts >ost organi,ations need a system for centrali,ing passwords$ so that each user will ha'e the same password on each host on the network! In !fi)ed model computing en'ironments such as NT or No'ell Netware$ where a login or domain ser'er is used$ this is a simple matter! In larger organi,ations with many departments or sub2domains it is more difficult! 4oth *ni) and NT support the creation of accounts locally on a single host$ or Eglobally< within a network domain! 7ith a local account$ a user has permission to use only the local host! 7ith a network account$ the user can use any host which belongs to a network domain! Cocal accounts are configured on the local host itself! *ni) registers local users by added them to the files ;etc;passwd and ;etc;shadow! In NT the Security Accounts >anager #SA>) is used to add local accounts to a gi'en workstation! Principle B)istributed accounts?! *sers mo'e around from host to host$ share data and collaborate! They need easy access to data and workstations all o'er an organi,ation! Suggestion BPasswords?. Gi'e users a common username on all hosts$ of no more than eight characters! Gi'e them a common password on all hosts$ unless there is a special reason not to do so! Some users ne'er change their passwords unless forced to$ and some users ne'er e'en log in$ so it is important to assign good passwords initially! Ne'er assign a simple password and assume that it will be changed! Adding$4emo>ing users 2.=.= /niH accounts 7hen a new person 6oins an organi,ation he is usually gi'en an account by the system administrator! This is the login account of the user! Now a day<s almost all *ni) systems support an admin tool which seeks the following information from the system administrator to open a new account- 1! *sername- This ser'es as the login name for the user! 2! %assword- *sually a system administrator gi'es a simple password! The users are ad'ised to later select a password which they feel comfortable using! *serIs password appears in the shadow files in encrypted forms! *sually$ the ;etc;passwd file contains the information re"uired by the login program to authenticate the login name and to initiate appropriate shell as shown in the description below- bhatt'('!))*'!''/e(port/home/bhatt'/usr/local/bin/bash damu'('!))!'!)''/e(port/home/damu'/usr/local/bin/bash 1ach line abo'e contains information about one user! The first field is the name of the user3 the ne)t a dummy indicator of password$ which is in another file$ a shadow file! %assword programs use a trap2door algorithm for encryption! :! 5ome directory- 1'ery new user has a home directory defined for him! This is the default login directory! *sually it is defined in the run command files! D! 7orking set2up- The system administrators prepare !login and !profile files to help users to obtain an initial set2up for login! The administrator may prepare !cshrc$ !)initrc !mailrc !ircrc files! these files are used in customi,ing a userIs working en'ironment! A natural point of curiosity would be- what happens when users log outW *ni) systems recei'e signals when users log out! As earlier we mentioned that a user logs in under a login process initiated by getty process! %rocess getty identifies the terminal being used! So when a user logs out$ the getty process which was running to communicate with that terminal is first killed! A new getty process is now launched to enable yet another prospecti'e login from that terminal! The working set2 up is completely determined by the startup files! These are basically !rc #run command) files! These files help to customi,e the userIs working en'ironment! 0or instance$ a userIs !cshrc file shall ha'e a path 'ariable which defines the access to 'arious *ni) built2in shell commands$ utilities$ libraries etc! In fact$ many other shell en'ironmental 'ariables like 5(>1$ S51CC$ >AIC$ TO #the time ,one) are set up automatically! In addition$ the !rc files define the access to network ser'ices or some need2based access to certain licensed software or databases as well! To that e)tent the +rc files help to customi,e the userIs working en'ironment! F! Group2id- The user login name is the user2id! *nder *ni) the access pri'ileges are determined by the group a user belongs to! So a user is assigned a group2id! It is possible to obtain the id information by using an id command as shown below- ,bhatt-iiitbsun .S/0id uid1!))*2bhatt3 gid1!2other3 ,bhatt-iiitbsun .S/0 (nce an account has been opened the user may do the following- 1! &hange the pass2word for access to one of his liking! 2! &ustomi,e many of the run command files to suit his needs! Closing a user account5 5ere again the password file plays a role! 7e know that ;etc;password file has all the information about the usersI home directory$ password$ shell$ user and group2id$ etc! 7hen a userIs account is to be deleted$ all of this information needs to be erased! System administrators login as root and delete the user entry from the password file to delete the account! )isabling and$or remo>ing user accounts. /emo'e or modify entry in ;etc;passwd /emo'e entry in NIS;NISX maps /emo'e Z5(>1;!rhosts files /emo'e mail spool file /emo'e from mail aliases file /emo'e any cron or at 6obs /emo'e directory Garious file contents 56 2?Password file 6 $etc$passwd ;etc;passwd contains M fields$ each separated by H5H$ in the form- Cogin2id- password- user2idP- group2idP- *ser Info-home2dir-shell = -roup file 6 $etc$group $etc$group contains D fields$ each separated by a H-H$ in the form- group2name-password-gid-comma2separated$list$of$names : Shadow file 6 $etc$shadow etc$shadow contains K fields$ each separated by a H-H$ in the form- login2id-password-lastchg-min-ma)-warn-inacti'e-e)pire-flag The encrypted password field might also contain the entries- NP for no password is 'alid I#,I meaning the account is locked until the superuser sets a password A typical $etc$shadow file might be- root-stDDwfkg)::"+------- daemon-N%-@DDF------ The shadow password file is updated using the commands- passwd change the password and password attributes useradd add a new user usermod modify a userIs login information userdel delete a userJs login entry 7 Password Aging 7ith password aging you can set minimum and ma)imum lengths of time for which the password is 'alid! (nly the super user can change these 'alues! >a)imum time lengths force your users to change passwords regularly! >inimum lengths pre'ent them from "uickly changing them back! P passwd 2) DB frank 2.=.: !indows accounts Single 7indows accounts are added with the command net user username password ;A88 ;domain or using the G*I! The additional /esource 9it package contains tools which allow lists of users to be registered from a standard file format$ with addusers!e)e$ but only at additional cost! 7indows users begin in the root directory by default! It is customary to create a Yusers directory for home directories! Network users con'entionally ha'e their home directory on the domain ser'er mapped to the dri'e 5-! There is only a single choice of shell #command interpreter) for NT$ so this is not specified in the user registration procedure! Se'eral possibilities e)ist for creating user profiles and access policies$ depending on the management model used! = Controlling /ser 4esources8 )isk Space Allocation and Kuotas 1'ery system has a mi)ture of passi'e and acti'e users! 4assive users utili,e the system often minimally$ "uietly accepting the choices which ha'e been made for them! %assi'e users can be a security risk$ because they are not aware of their actions! Active users$ on the other hand$ follow e'ery detail of system de'elopment! They fre"uently 0ind e'ery error in the system and contact system administrators fre"uently$ demanding upgrades of their fa'orite programs! Acti'e users can be of great help to a system administrator$ because they test out problems and report them acti'ely! They are an important part of the system administration team$ or community$ and can also go a long way to helping the passi'e users! Principle BActi>e users?. Active users need to understand that5 while their skills are appreciated5 they do not decide system policy' they must obey it+ Even in a democracy5 rules are determined by process and then obeyed by everyone+ =.2 4esource consumption 8isks fill up at an alarming rate! *sers almost ne'er throw away 0iles unless they ha'e to! If one is lucky enough to ha'e only 'ery e)perienced and e)tremely friendly users on the system$ then one can try asking them nicely to tidy up their files! >ost administrators do not ha'e this lu)ury howe'er! >ost users ne'er think about the trouble they might cause others by keeping lots of 6unk around! After all$ multi2user systems and network ser'ers are designed to gi'e e'ery user the impression that they ha'e their own pri'ate machine! (f course$ some users are problematical by nature! Suggestion BProblem users?. 9eep a separate partition for problem users< home directories$ or enforce strict "uotas on them To keep hosts working it is necessary to remo'e files$ not 6ust add them! [uotas limit the amount of disk space users can ha'e access to$ but this does not sol'e the real problem! The real problem is that in the course of using a computer many flies are created as temporary data but are ne'er deleted afterwards! The solution is to delete them! 7hen a *NI+ program crashes$ the kernel dumps its image to disk in a file called core! These files crop up all o'er the place and ha'e no useful purpose for most users! To most users they are 6ust fluff on the upholstery and should be remo'ed! A lot of free disk space can be reclaimed by deleting these files! >any users will not delete them themsel'es$ howe'er$ because they do not e'en understand why they are there! +Hample. A useful strategy is to delete files one is not sure about only if they have not been accessed for a certain period of time5 say a week+ This allows users to use +les freely as long as they need to5 but prevents them from keeping the +les around for ever+ fengine can be used to perform this task =.= ,illing old processes %rocesses sometimes do not get terminated when they should! There are se'eral reasons for this! Sometimes users forget to log out$ sometimes poorly written terminal software does not properly kill its processes when a user logs out! Sometimes background programs simply crash or go into loops from which they ne'er return! (ne way to clean up processes in a work en'ironment is to look for user processes which ha'e run for more than a day! #Note that the assumption here is that e'eryone is supposed to log out each day and then log in again the ne)t day that is not always the case!) &fengine can also be used to clean up old processes! &fengine<s processes commands are used to match processes in the process table #which can be seen by running ps a) on *ni))! =.: Mo>ing users 7hen disk partitions become full$ it is necessary to mo'e users from old partitions to new ones! >o'ing users is a straightforward operation$ but it should be done with some caution! A user who is being mo'ed should not be logged in while the mo'e is taking place$ or !les could be copied incorrectly! 7e begin by looking for an appropriate user$ perhaps one who has used a particularly large amount of disk space! 6sers need to be informed about the move' we have to remember that they might hard7code the names of their home directories in scripts and programs5 e+g+ 8Iscripts+ Also5 the user9s account must be closed by altering their login shell5 for instance5 before the +les are moved+ =. 7 )eleting old users *sers who lea'e an organi,ation e'entually need to be deleted from the system! 0or the sake of certainty$ it is often ad'isable to keep old accounts for a time in case the user actually returns$ or wishes to transfer data to a new location! 7hether or not this is acceptable must be a "uestion of policy! &learly it would be unacceptable for company secrets to be transferred to a new location! 4efore deleting a user completely$ a backup of the data can be made for safe2keeping! Then we ha'e to remo'e the following- Account entry from the password database! %ersonal files! 12mail and 'oice mail and mailing lists! /emo'al from groups and lists #e!g! mailing lists)! /emo'al of cron and batch tasks! /e'ocation of smartcards and electronic I8 codes =.; )isk Space Allocation and Kuotas In this section we shall discuss how does a system administrator manage the disk space! we stated that at the time of formatting$ partitions of the disk get defined! The partitions may be physical or logical! In case of a physical partition we ha'e the file system resident within one disk dri'e! In case of logical partition$ the file system may e)tend o'er se'eral dri'es! In either of these cases the following issues are at stake- =.;.2 )isk Kuota5 8isk "uota can be allocated by reconfiguring the file system usually located at /etc/fstab! To e)tend the allocation "uota in a file system we first ha'e to modify the corresponding entry in the /etc/fstab file! The system administration can set hard or soft limits of user "uota! If a hard limit has been set$ then the user simply cannot e)ceed the allocated space! 5owe'er$ if a soft limit is set$ then the user is cautioned when he approaches the soft limit! *sually$ it is e)pected that the user will resort to purging files no longer in use! 1lse he may seek additional disk space! Some systems ha'e "uota set at the group le'el! It may also be possible to set "uota for indi'idual users! 4oth these situations re"uire e)ecuting an edit "uota instruction with user name or group name as the argument! The format of ed:uota instruction is shown below! ed:uota user7name 8isk "uotas mean that users ha'e a hard limit to the number of bytes they are allowed to use on the disk! They are an e)ample of a more general concept known as system accounting whereby you can control the resources used by any user$ whether they be the number of printed pages sent to the printer or the number of bytes written to the disk! 8isk "uotas ha'e ad'antages and disad'antages! The ad'antage is that users really cannot e)ceed their limits! There is no way around this! 8isk "uotas are 'ery restricti'e and when a user e)ceeds their limit they often do not understand what has happened! *sually users do not e'en get a message unless they are logging in! [uotas also pre'ent users from creating large temporary files which can be a problem when compiling programs! They carry with them a system o'erhead$ which makes e'erything run a little slower! A user may interrogate the disk space a'ailable at any time by using the df command! Its usage is shown below- df ,options/ ,name/ ' to know the free disk space+ where name refers to a mounted file system$ local or remote! 7e may specify directory if we need to know the information about that directory! The following options may help with additional information- 7l ' for local file system 7t ' reports total no+ of allocated blocks and i7nodes on the device+ The *ni) command du reports the number of disk blocks occupied by a file! Its usage is shown below- du ,options/ ,name/+++ where name is a directory or a file Abo'e name by default refers to the current directory! The following options may help with additional information- 7a ' produce output line for each file 7s ' report only the total usage for each name that is a directory i+e+ not individual files+ 7r ' produce messages for files that cannot be read or opened : Super user$Administrator Pri>ileges. As we know$ a pri'ileged account has potentially dangerous conse"uences for the system! 0rom this account$ we ha'e the power to destroy the system$ or sabotage it! In short$ the superuser<s account should be configured to a'oid as many casual mistakes as possible! There is no harm in gi'ing *ni)<s root account an intelligent shell like tcsh or bash pro'ided that shell is physically stored on the root partition! 7hen a *ni) system boots$ only the root partition is mounted! If we reference a shell which is not a'ailable$ we can render the host unbootable! The superuser<s %AT5 'ariable should ne'er include E!<$ i!e! the current directory! This is because it opens the system to a type of security 'ulnerability that can lead to accidental e)ecution of the wrong command! 0or instance$ suppose an ordinary user left a files called ls in the ;tmp directory$ and suppose the root account had the path seten' %AT5 !-;bin-;usr;bin If the superuser does the following hostP cd ;tmp hostP ls then$ because the path search looks in the current directory first$ it would find and e)ecute the program which had been left by the user! That program then gets e)ecuted with root pri'ileges and could be used to gi'e the user concerned permanent pri'ileged access to the system$ for instance by installing a special account for the user which has root pri'ileges! It should be clear that this is a security ha,ard! The pri'ileged user should ne'er log in directly #unless the system is in single user mode or on the console)! The Superuser 1'ery *NI+ system comes with a special user in the /etc/passwd file with a *I8 of B! This user is known as the superuser and is normally gi'en the username root! The password for the root account is usually called simply the Hroot password!H The root account is the identity used by the operating system itself to accomplish its basic functions$ such as logging users in and out of the system$ recording accounting information$ and managing input;output de'ices! 0or this reason$ the superuser e)erts nearly complete control o'er the operating system- nearly all security restrictions are bypassed for any program that is run by the root user$ and most of the checks and warnings are turned off! #ecture D 3 4eading5 A2L.=.=62L.=.: Contents56 2? Maintaining #og 'iles =? 'ile System 4epair :? Backup and 4estoration #inks56 http-;;en!wikibooks!org;wiki;*NI+?&omputing?Security;Cog?files?and?auditing http-;;fuseDbsd!creo!hu;localcgi;man2cgi!cgiWloggerX1 http-;;www!adminschoice!com;docs;fsck!htm Contents56 2? Maintaining #og 'iles =? 'ile System 4epair :? Backup and 4estoration 2 Maintaining #og 'iles Cog files are generated by system processes to record acti'ities for subse"uent analysis! They can be useful tools for troubleshooting system problems and also to check for inappropriate acti'ity! The *NI+ releases are preconfigured to record certain information in log files$ but configuration settings are a'ailable to increase the amount of information recorded! Cog files can be 'ery useful resources for security incident in'estigations! They can also be essential for prosecution of criminal acti'ity! 0or these reasons log files should be periodically backed up to separate media$ and precautions need to be taken to pre'ent tampering with the log files! It is e)peced that an unauthori,ed intruder into a computing system will attempt to remo'e any trace of their acti'ities from the system log files! 0or log files that tend to grow significantly in si,e o'er the course of time$ it can be good practice to periodically rotate the logs! That is to say$ rename the current log file to a name in a se"uence$ and start a new log! 5ere is an e)ample of rotating a log file called mylog5 Z cd ;'ar;adm Z test 2f mylog!2 GG m' 2f mylog!2 mylog!: Z test 2f mylog!1 GG m' 2f mylog!1 mylog!2 Z test 2f mylog!log GG cp 2p mylog mylog!1 Z -Rmylog 1.1 Syslog The system log is a log file that is maintained by the syslogd daemon! This log file can collect a 'ariety of useful information$ including panic conditions$ data corruption$ hardware errors$ as well as warnings and tracking information! This log file can be written to from a shell or script by means of the logger command! >essages are sent to the syslogd daemon$ which processes them according to a configuration defined by a special file #such as /etc/syslog.conf)! 1'ents passed to the syslog are defined by a set of facilities and log le'els! &ombinations of facilities and log le'els can be processed in different manners$ or ignored altogether! 0or e)ample$ all error messages can be copied to the syslog.log file and e2mailed to the System Administrator$ alerts can be printed to the console$ mail debug messages can be added to a mail.log file$ and so forth! The System Administrator should also be wary of misleading log messages! *sers can add log entries using the logger command$ and this can be employed as a prank or nuisance factor! 2.= Newsyslog 22 maintain system log files to manageable si,es newsyslog \6C'Nnrs>] \64 tagname] \6a directory] \6d directory]\6f config;file] \file +++] The newsyslog utility should be scheduled to run periodically ! 2.: syslogd 22 log systems messages syslogd \679DACcdknosu>] \6a allowed;peer] \6b bind;address]\6f config;file] \6l \mode-]path] \6m mark;interval] \6P pid;file] \6p log;socket] The syslogd utility reads and logs messages to the system console$ log files$ other machines and;or users as specified by its configuration 2.7 logger 22 make entries in the system log logger \679Ais] \6f file] \6h host] \6P port] \6p pri] \6t tag] \message +++] The logger utility pro'ides a shell command interface to the syslog system log module! = 'ile System 4epair fsck is a *ni) utility for checking and repairing file system inconsistencies ! 0ile system can become inconsistent due to se'eral reasons and the most common is abnormal shutdown due to hardware failure $ power failure or switching off the system without proper shutdown ! 8ue to these reasons the superblock in a file system is not updated and has mismatched information relating to system data blocks$ free blocks and inodes ! =.2 Modes of operation - fsck operates in two modes interacti'e and non interacti'e - a? interacti>e - the fsck e)amines the file system and stops at each error it finds in the file system and gi'es the problem description and ask for user response usually whether to correct the problem or continue without making any change to the file system! b?noninteracti>e -fsck tries to repair all the problems it finds in a file system without stopping for user response useful in case of a large number of inconsistencies in a file system but has the disad'antage of remo'ing some useful files which are detected to be corrupt ! If file system is found to ha'e problem at the booting time non interacti'e fsck fsck is run and all errors which are considered safe to correct are corrected! 4ut if still file system has problems the system boots in single user mode asking for user to manually run the fsck to correct the problems in file system =8=4unning fsck - fsck should always be run in a single user mode which ensures proper repair of file system ! If it is run in a busy system where the file system is changing constantly fsck may see the changes as inconsistencies and may corrupt the file system ! if the system can not be brought in a single user mode fsck should be run on the partitions $other than root G usr $ after unmounting them ! /oot G usr partitions can not be unmounted ! If the system fails to come up due to root;usr files system corruption the system can booted with &8 and root;usr partitions can be repaired using fsck! command syntaH5 fsck \ 6' fstype] \6G] \6y^] \6o options] special =.: phases - fsck checks the file system in a series of F pages and checks a specific functionality of file system in each phase! TT phase 1 2 &heck 4locks and Si,es TT phase 2 2 &heck %athnames TT phase : 2 &heck &onnecti'ity TT phase D 2 &heck /eference &ounts TT phase F 2 &heck &ylinder Groups : Backup and 4estoration :.2 Backup schemes 4ackup applies to indi'idual changes$ to system setup and to user data alike! In backing up data according to a regular pattern$ we are assuming that no ma6or changes occur in the structure of data !If ma6or changes occur$ we need to start backups afresh! The network has completely changed the way we ha'e to think about backup! Transmitting copies of files to secondary locations is now much simpler! The basics of backup are these- Physical location: A backup should be kept at a different physical location than the original! If data were lost because of fire or natural disaster$ then copies will also be lost if they are stored nearby! (n the other hand$ they should not be too far away$ or restoration time will suffer! How often? 5ow often does the data change significantly$ i!e! how often do we need to make a backupW 1'ery dayW 8o you need to archi'e se'eral different 'ersions of files$ or 6ust the latest 'ersionW The cost of making a backup is a rele'ant factor her Relevant and irrelevant files: There is no longer much point in making a backup of parts of the operating system distribution itself! Today it is usually 6ust as "uick to reinstall the operating system from source$ using the original &82/(>! If we ha'e followed the principle of separating local modifications from the system files$ then it should be tri'ial to backup only the files which cannot be reco'ered from the &82/(>$ without ha'ing to backup e'erything! Backup policy: Some sites might ha'e rules for defining what is regarded as 'alid information$ i!e! what it is worth making a backup of! 0iles like prog!tar!g, might not need to be kept on backup media since they can be reco'ered from the network 6ust as easily! Also one might not want to make backups of teen Eartwork< which certain users collect from the network$ nor temporary data$ such as browser cache files! :.2.2 Medium Traditionally backups ha'e been made from disk to tape #which is relati'ely cheap and mobile)$ but tape backup is awkward and difficult to automate unless one can afford a speciali,ed robot to change and manage the tapes! 0or small sites it is also possible to perform disk mirroring! 8isk is cheap$ while human operators are e)pensi'e! >any modern filesystems #e!g! 80S) are capable of automatic disk mirroring in real2time! A cheap approach to mirroring is to use cfengine- P cfengine!conf on backup host copy- ;home destS;backup;home recurseSinf ser'erSmyhost e)cludeScore 7hen run on the backup host$ this makes a backup of all the files under the directory ;home on the host myhost$ apart from core files! /AI8 disks also ha'e inbuilt redundancy which allows data to be reco'ered in the e'ent of a single disk crash! Another ad'antage with a simple mirroring scheme is that users can reco'er their files themsel'es$ immediately without ha'ing to bother a system administrator! :.2.=A backup schedule 5ow often we need to make backups depends on two competing rates of change- The rate at which new data are produced! The e)pected rate of loss or failure! 0or most sites$ a daily backup is sufficient! In a war2,one$ where risk of bombing is a threat at any moment$ it might be necessary to back up more often! >ost organi,ations do not produce huge amounts of data e'ery day3 there are limits to human creati'ity! 5owe'er$ other organi,ations$ such as research laboratories collect data automatically from instruments which would be impractically e)pensi'e to re2ac"uire! In that case$ the importance of backup would be e'en greater! (f course$ there are limits to how often it is possible to make a backup! 4ackup is a resource2 intensi'e process! Suggestion BStatic data?. <hen new data are ac:uired and do not change5 they should be backed up to permanent write7once media at once+ D7=.> is an e(cellent medium for storing permanent data+ Backup 4estore cp 2ar cp 2ar tar cf tar )pf GN* tar ,cf tar ,)pf dd dd cpio cpio dump restore ufsdump restore rdump rrestore NT4ackup (f course$ commercial backup solutions e)ist for all operating systems$ but they are often costly! (n both *NI+ and 7indows$ it is possible to backup filesystems either fully or differentially$ also called incrementally. A full dump is a copy of e'ery file! An incremental backup is a copy of only those files which ha'e changed since the last backup was taken! Incremental backups rely on dump timestamps and a consistent and reliable system clock to a'oid files being missed! 0or instance$ the *NI+ dump utility records the dates of its dumps in a file ;etc;dumpdates! Incremental dumps work on a scheme of le'els$ as we shall see in the e)amples below! There is many schemes for performing system dumps- M Mirroring' 4y far the simplest backup scheme is to mirror data on a daily basis! A tool like cfengine or rsync #*ni)) can be used for this$ copying only the files which ha'e changed since the pre'ious backup! &fengine is capable of retaining the last two 'ersions of a file$ if disk space permits! A disad'antage with this approach is that it places the onus of keeping old 'ersions of files on the user! (ld 'ersions will be mercilessly o'erwritten by new ones! . Simple tape ackup: Tape backups are made at different levels! A le'el B dump is a complete dump of a filesystem! A le'el 1 dump is a dump of only those files which ha'e changed since the last le'el B dump3 a le'el 2 dump backs up files which ha'e changed since the last le'el 1 dump and so on$ incrementally! There are commonly nine le'els of dumps using the *ni) dump commands! NT4ackup also allows incremental dumps! The point of making incremental backups is that they allow us to capture changes in rapidly changing files without ha'ing to copy an entire filesystem e'ery time! The 'ast ma6ority of files on a filesystem do not change appreciably o'er the space of a few weeks$ but the few files which we are working on specifically do change often! 4y pin2pointing these for special treatment we sa'e both time and tapes! So how do we choose a backup schemeW There are many approaches$ but the key principle to ha'e in mind is that of redundancy. The more copies of a file we ha'e$ the less likely we are to lose the file! A dump se"uence should always begin with a le'el B dump$ i!e! the whole filesystem! This initiali,es the se"uence of incremental dumps! >onday e'ening$ Tuesday morning or Saturday are good days to make a le'el B dump$ since that will capture most large changes to the filesystem that occur during the week or weekend$ in the le'el B dump rather than in the subse"uent incremental ones! Studies show that users download large amounts of data on >ondays #after the weekend break) and it stands to reason that after a week of work$ large changes will ha'e taken place by Saturday! So we can take our pick! 5ere is a simple backup se"uence for user home2directories$ then$ assuming that the backups are taken at the end of each day- Notice how this se"uence works! 7e start with a full dump on >onday e'ening$ collecting all files on the filesystem! Then on subse"uent days we add only those files which ha'e changed since the pre'ious day! 0inally on Saturday we go back to a le'el 1 dump which captures all the changes from the whole week #since the >onday dump) in one go! 4y doing this$ we ha'e two backups of the changes$ not 6ust one! If we do not e)pect much to happen o'er the weekend$ we might want to drop the dump on Saturday! A 'ariation on this scheme$ which captures se'eral copies of e'ery file o'er multiple tapes$ is the so2called !owers of Hanoi se"uence! The idea here is to switch the order of the dump le'els e'ery other day! This has the effect of capturing not only the files which ha'e changed since the last dump$ but also all of the files from the pre'ious dump as well! 5ere is a sample for >onday to Saturday- There are se'eral things to notice here! 0irst of all$ we begin with a le'el B dump at the beginning of the month! This captures primarily all of the static files! Ne)t we begin our first week with a le'el : dump which captures all changes since the le'el B dump! Then$ instead of stepping up$ we step down and capture all of the changes since the le'el B dump again #since : is higher than 2)! This means that we get e'erything from the le'el : dump and all the changes since then too! (n day D we go for a le'el F dump which captures e'erything since the last le'el :$ and so on! 1ach backup captures not only new changes$ but all of the pre'ious backup also! This pro'ides double the amount of redundancy as would be gained by a simple incremental se"uence! 7hen it comes to >onday again$ we begin with a le'el 1 backup which grabs the changes from the whole of the pre'ious week! Then once a month$ a le'el B backup grabs the whole thing again! 2=.:.: 4eco>ery from loss The ability to reco'er from loss presupposes that we ha'e enough pieces of the system from which to reconstruct it$ should disaster strike! This is where the principle of redundancy comes in! If we ha'e done an ade"uate 6ob of backing up the system$ including special information about its hardware configuration$ then we will not lose data$ but we can still lose 'aluable time! /eco'ery plans can be useful pro'ided they are not merely bureaucratic e)ercises! *sually a checklist is sufficient$ pro'ided the system administration team is all familiar with the details of the local configuration! A common mistake in a large organi,ation$ which is guaranteed to lead to friction$ is to make unwarranted assumptions about a local department! 8elegation can be a 'aluable strategy in the fight against time! If there are sufficient local system administrators who know the details of each part of the network$ then it will take such people less time to make the appropriate decisions and implement the reco'ery plan! 5owe'er$ delegation also opens us up to the possibility of inconsistency we must make sure that those we delegate to be well trained! #/emember to set the write2protect tab on tapes and ha'e someone check this afterwards!) 7hen loss occurs$ we ha'e to reco'er files from the backups! (ne of the great ad'antages of a disk mirroring scheme is that users can find backups of their own files without ha'ing to in'ol'e an administrator! 0or larger file reco'eries$ it is more efficient for a system administrator to deal with the task! /estoring from tape backup is a much more in'ol'ed task! *nfortunately$ it is not merely a matter of donkey work! 0irst of all we ha'e to locate the correct tape #or tapes) which contain the appropriate 'ersions of backed up files! This in'ol'es ha'ing a system for storage$ reading labels and understanding any incremental se"uence which was used to perform the dump! It is a time2consuming business! (ne of the awkwardness<s of incremental backups is that backing up files can in'ol'e changing se'eral tapes to gather all of the files! Suggestion B/4# filesystem names?. 6se a global 6=? naming scheme for all filesystems5 so that the filename contains the true location of the file5 and you will never lose a file on a tape5 even if the label falls off+ Each file will be sufficiently labeled by its time7stamp and its name+ 7e ha'e two choices in reco'ery- reconstruction from backup or from source! /eco'ery from source is not an attracti'e option for local data! It would in'ol'e typing in e'ery document from scratch! 0or software which is imported from e)ternal sources #&82/(>s or ftp repositories)$ it is possible to reconstruct software repositories like ;usr;local or 7indows< software directories! 7hether or not this is a realistic option depends on how much money one has to spend! 0or a particularly impo'erished department$ reconstruction from source is a cheap option! A&Cs present an awkward problem for 7indows filesystems! 7hereas *ni)<s root account always has permission to change the ownership and access rights of a file$ 7indows<s Administrator account does not! (n 7indows systems$ it is important not to reinstate files with permissions intact if there is a risk of them belonging to a foreign domain! If we did that$ the files would be unreadable to e'eryone$ with no possibility of changing their permissions! /eco'ery also in'ol'es some soul searching! 7e ha'e to consider the reason for the loss of the data! &ould the loss of data ha'e been pre'entedW &ould it be pre'ented at a later timeW If the loss was due to a security breach or some other form of 'andalism$ then it is prudent to consider other security measures at the same time as we reconstruct the system from the pieces! #ecture E 3 4eading5 A7.C Contents56 2? &andling Man Pages$&elp System =? ,ernel Customi(ation #inks56 http-;;www!computerhope!com;uni);uman!htm 2 &andling Man Pages$&elp System man The man command which is short for manual pro'ides in depth information about the re"uested command or allows users to search for commands related to a particular keyword! SyntaH Shows you online manuals on *ni) commands! man ,7/ ,7k keywords/ topic 6 8isplays the manual without stopping! 6k keywords Searches for keywords in all of the manuals a'ailable! topic 8isplays the manual for the topic or command typed in! +Hamples man mkdir 2 Cists help information on the mkdir command! man 6k irc 2 [uickly search for manuals containing irc within them! 4elow is an e)ample of what the results may look like- = ,ernel customi(ation The operating system kernel is that most important part of the system which dri'es the hardware of the machine and shares it between multiple processes! If the kernel does not work well$ the system as a whole will not work well! The main reason for making changes to the kernel is to fi) bugs and to upgrade system software$ such as support for new hardware3 performance gains can also be achie'ed howe'er$ if one is patient!>any operating system kernels are monolithic$ statically compiled programs which are specially built for each host$ but static programs are infle)ible and the current trend is to replace them with software configurable systems which can be manipulated without the need to recompile the kernel! System = *ni) has bla,ed the trail of adaptable$ configurable kernels$ in its "uest to build an operating system which will scale from laptops to mainframes! It introduces kernel modules which can be loaded on demand! 4y loading parts of the kernel only when re"uired$ one reduces the si,e of the resident kernel memory image$ which can sa'e memory! This policy also makes upgrades of the different modules independent of the main kernel software$ which makes patching and reconfiguration simpler! &onfiguration of the 7indows kernel also does not re"uire a recompilation$ only the choice of a number of parameters$ accessed through the system editor in the %erformance >onitor$ followed by a reboot! GN*;Cinu) switched from a static$ monolithic kernel to a modular design "uite "uickly! The Cinu) kernel strikes a balance between static compilation and modular loading! This balances the con'enience of modules with the increased speed of ha'ing statically compiled code fore'er in memory! Solaris Neither Solaris nor 7indows re"uire or permit kernel recompilation in order to make changes! In Solaris$ for instance$ one edits configuration files and reboots for an auto2reconfiguration! 0irst we edit the file ;etc;system to change kernel parameters$ then reboot with the command reboot 22 2r which reconfigures the system automatically! There is also a large number of system parameters which can be configured on the fly #at run time) using the ndd command! -N/$#inuH The Cinu) kernel is sub6ect to more fre"uent re'ision than many other systems$ owing to the pace of its de'elopment! It must be recompiled when new changes are to be included$ or when an optimi,ed kernel is re"uired! >any GN*;Cinu) distributions are distributed with older kernels$ while newer kernels offer significant performance gains$ particularly in kernel2intensi'e applications like N0S$ so there is a practical reason to upgrade the kernel! The compilation of a new kernel is a straightforward but time2consuming$ process! The standard published procedure for installing and configuring a new kernel is as follows! New kernel distributions are obtained from any mirror of the Cinu) kernel site \1M@]! 0irst we back up the old kernel$ unpack the kernel sources into the operating system<s files #see the note below) and alias the kernel re'ision to ;usr;src;linu)! Note that the bash shell is re"uired for kernel compilation! Z cp ;boot;'mlinu, ;boot;'mlinu)!old Z cd ;usr;src Z tar ,)f ;local;site;src;linu)22!2!K!tar!g, Z ln 2s linu)22!2!K linu) There are often patches to be collected and applied to the sources! 0or each patch file- Z ,cat ;local;site;src;patch+!g, V patch 2pB Then we make sure that we are building for the correct architecture #Cinu) now runs on se'eral types of processor)! Z cd ;usr;include Z rm 2rf asm linu) scsi Z ln 2s ;usr;src;linu);include;asm2i:J@ asm Z ln 2s ;usr;src;linu);include;linu) linu) Z ln 2s ;usr;src;linu);include;scsi scsi Ne)t we prepare the configuration- Z cd ;usr;src;linu) Z make mrproper lilo and -rub After copying a kernel loader into place$ we ha'e to update the boot blocks on the system disk so that a boot program can be located before there is an operating kernel which can interpret the filesystem! This applies to any operating system$ e!g! Sun(S has the installboot program! After installing a new kernel in GN*;Cinu)$ we update the boot records on the system disk by running the lilo program! The new loader program is called by simply typing lilo! This reads a default configuration file ;etc;lilo!conf and writes loader data to the >aster 4oot /ecord #>4/)! (ne can also write to the primary Cinu) partition$ in case something should go wrong- lilo 2b ;de';hda1 so that we can still boot$ e'en if another operating system should destroy the boot block! #ogistics of kernel customi(ation The standard procedure for installing a new kernel breaks a basic principle- don<t mess with the operating system distribution$ as this will 6ust be o'erwritten by later upgrades! It also potentially breaks the principle of reproducibility- the choices and parameters which we choose for one host do not necessarily apply for others! It seems as though kernel configuration is doomed to lead us down the slippery path of making irreproducible$ manual changes to e'ery host! 7e should always bear in mind that what we do for one host must usually be repeated for many others! If it were necessary to recompile and configure a new kernel on e'ery host indi'idually$ it would simply ne'er happen! It would be a pro6ect for eternity! The situation with a kernel is not as bad as it seems$ howe'er! Although$ in the case of GN*;Cinu)$ we collect kernel upgrades from the net as though it were third party software$ it is rightfully a part of the operating system! The kernel is maintained by the same source as the kernel in the distribution$ i!e! we are not in danger of losing anything more serious than a configuration file if we upgrade later! 5owe'er$ reproducibility across hosts is a more serious concern! 7e do not want to repeat the 6ob of kernel compilation on e'ery single host! Ideally$ we would like to compile once and then distribute to similar hosts! 9ernels can be compiled$ cloned and distributed to different hosts pro'ided they ha'e a common hardware base #this comes back to the principle of uniformity)! #ecture 2L3 4eading- A9.C8 A9.C.269.C.: Contents56 %ntegrating Multiple Fperating Systems System Sharing /ser %)s8 Passwords and Authentication. Integrating >ultiple (perating Systems-2 &ombining radically different operating systems in a network en'ironment is a challenge both to users and administrators! 1ach operating system ser'ices a specific function well$ and if we are to allow users to mo'e from operating system to operating system with access to their personal data$ we need to balance the con'enience of a'ailability with the caution of differentiation! It ought to be clear to users where they are$ and what system they are using$ to a'oid unfortunate mistakes! &ombining different *ni)2like systems is challenge enough$ but adding 7indows hosts or >acintosh technology to a primarily *ni)2based network$ or 'ice 'ersa$ re"uires careful planning! It is always possible to mo'e data between two hosts using the uni'ersally supported 0T% protocol! 4ut do we need to ha'e open file sharing or software compatibilityW 2.2 Compatible naming 8ifferent operating systems use "uite different naming schemes for ob6ects! *NI+ names could not be represented in >S8(S unless they were no longer than eight characters! Some operating systems did not allow spaces in filenames! Some assign and reser'e special meanings for characters! The Internet */C naming scheme has created its own naming scheme for ob6ects$ which takes into account the ser'ice or communications channel used to access the ob6ect- &hannel-;;(b6ect2name 0ile names are often$ but not always$ hierarchical! 7indows introduced the notion of Edri'es<$ for instance- A-$ 4-$ &- and so on! The Internet %rotocol family uses a hierarchical naming scheme encoded into I% addresses! The general problem of naming ob6ects in distributed systems has great importance to being able to locate resources and e)press their locations! Names can play a fundamental role in how we choose to integrate resources within a system! They address both cultural and practical issues! 2.= 'ilesystem sharing Sharing of filesystems between different operating systems can be useful in a 'ariety of circumstances! 0ile2ser'ers$ which host and share users< files$ need to be fast$ stable and capable machines! 7orkstations for end2users$ on the other hand$ are chosen for "uite different reasons! They might be chosen to run some particular software$ or on economic ground$ or perhaps for user2friendliness! The >acIntosh has always been a fa'orite workstation for multi2media applications! It is often the preferred platform for music and graphical applications! 7indows operating systems are cheap and ha'e a wide and successful software base! There are other reasons for wanting to keep an inhomogeneous #heterogeneous) network! An organi,ation might need a mainframe or 'ector processor for intensi'e computation$ whose disks need to be a'ailable to workstations for collecting data! There might be legacy systems waiting to be replaced with new machinery$ which we ha'e to accommodate in order to run old software$ or de'elopment groups supporting software across multiple platforms! There are a do,en reasons for integration! >ost solutions to the file2sharing problem are software based! &lient and ser'er software is a'ailable for implementing network2sharing protocols across platform boundaries! 0or e)ample$ client software for the *ni) N0S filesystem has been implemented for both 7indows #%&N0S) and >acIntosh system This enables 7indows and >acIntosh workstations to use *ni)like hosts as file and printer ser'ers$ in much the same way as 7indows ser'ers or No'ell Netware ser'ers pro'ide those ser'ices! These ser'ices are ade"uate for insecure operating systems$ since there is no need to map file permissions across foreign filesystems! 7indows is more of a problem$ howe'er! 7indows A&Cs cannot be represented in a simple fashion on a *ni) filesystem! The con'erse$ that of making *ni) files a'ailable to %&s$ has the re'erse problem! 7hile NT is capable of representing *ni) file permissions$ 7indows K) and the >acIntosh are not! Insecure operating systems are always a risk in network sharing! The Samba software is a free software package which implements *ni) file semantics in terms of the 7indows S>4 #Ser'er >essage 4lock) protocols! Netware pro'ides an NT client called N8S #Network 8irectory Ser'ices) for NT which allows NT domain ser'ers to understand the No'ell ob6ect directory model! >echanisms clearly e)ist to implement cross2platform sharing! The main "uestion is$ how easy are these systems to implement and maintainW Are they worth the cost in time and moneyW 2.: /ser %)s and passwords If we intend to implement sharing across such different operating systems as *ni) and 7indows$ we need to ha'e common usernames on both systems! &rossplatform user authentication is usually based on the understanding that username te)t can be mapped across operating systems! &learly numerical *ni) user I8s and 7indows security I8s cannot map meaningfully between systems without some glue to match them- that glue is the username! To achie'e sharing$ then$ we must standardi,e usernames! *ni)2like systems often re"uire usernames to be no more than eight characters$ so this is a good limit to keep to if *ni)2like operating systems are in'ol'ed or might become in'ol'ed! Principle BFne name for one ob1ect %%?. Each user should have the same uni:ue name on every host+ >ultiple names lead to confusion and mistaken identity+ A uni:ue username makes it clear which user is responsible for which actions+ &ommon passwords across multiple platforms are much harder than disk sharing$ and it is a much more "uestionable practice #see below)! 2.7 /ser authentication >aking passwords work across different operating systems is problem in a scheme for complete integration! The password mechanisms for *NI+ and 7indows are completely different and basically incompatible! The new >ac (S Ser'er + is based on 4S8D!D emulation$ so its integration with other *ni)2 like operation systems should be relati'ely painless! 7indows$ howe'er$ remains the odd2one2out! 7hether or not it is correct to merge the password files of two separate operating systems is a matter for policy! The user bases of one operating system are often different from the user bases of another! 0rom a security perspecti'e$ making access easy is not always the right thing to do! %asswords are incompatible between 7indows and *NI+ for two reasons- NT passwords can be longer than *NI+ passwords and the form of encryption used to store them is different! The encryption mechanisms which are used to store passwords are one2way transformations$ so it is not possible to con'ert one into the other! There is no escaping the fact that these systems are basically incompatible! The %A> #%luggable Authentication >odules) mechanism is an indirection mechanism for e)changing or supplementing authentication mechanisms$ for users and for network ser'ices$ simply by adding modules to a configuration file ;etc;pam!conf! Instead of being prompted for a *NI+ password on login$ users are connected to one or more password modules! 1ach module prompts for a password and grants security credentials if the password is correctly recei'ed! Thus$ for instance$ users could be immediately prompted for a *NI+ password$ a 9erberos password and a 8&1 password on login$ thus remo'ing the necessity for a manual login to these e)tra systems later! %A> also supports the idea of mapped passwords$ so that a single strong password can be used to trigger the automatic login to se'eral stacked modules$ each with its own pri'ate password stored in a %A> database! %A> could clearly help in the integration of *ni) with 7indows if a module for 7indows2style authentication could be written for *ni)! #ecture 22 3 4eading5 A=.:.26=.:.: #inks56 http-;;www!geocities!com;ra'ee?2@; www!NT0S!(/G http-;;gama!'tu!lt;biblioteka;(perating?systems;(perating?systems!pdf http-;;nptel!iitm!ac!in;courses;7ebcourse2contents;IISc 4ANG;(perating A2BSystems;pdf;Cecture?Notes;>odA2B1?CN!pdf Contents56 0ile Systems and standards #*0S!N0S$NT0S) 10ile Systems and standards #*0S!N0S$NT0S) 2 'ile systems 0iles and file systems are at the 'ery heart of what system administration is about! Almost e'ery task in host administration or network configuration in'ol'es making changes to files! 7e need to ac"uire a basic understanding of the principles of file systems$ so what better way than to e)amine some of the most important files systems in use today 2.2 /niH file model B/'S? *NI+ has a hierarchical file system$ which makes use of directories and subdirectories to form a tree! All file systems on *ni)2like operating systems are based on a system of inde) nodes$ or inodes$ in which e'ery file has an inde) entry stored in a special part of the file system! The inodes contain an e)tensible system of pointers to the actual disk blocks which are associated with the file! The inode contains essential information needed to locate a file on the disk! The top or start of the *NI+ file tree is called the root file system or E;<! The file hierarchy All files and directories in the *NI+ system are stored in a hierarchical tree structure! 1n'ision it as an *pside2down tree$ as in the figure below! 0igure *NI+ 8irectory Structure At the top of the tree is the root directory! Its directory name is simply ; #a slash character)! 4elow the root directory is a set of ma6or subdirectories that usually include bin$ de'$ etc$ lib$ pub$ tmp$ and usr! 0or e)ample$ the ;bin directory is a subdirectory$ or _child$` of ; #the root directory)! The root directory$ in this case$ is also the parent directory of the bin directory! 1ach path leading down$ away from the root$ ends in a file or directory! (ther paths can branch out from directories$ but not from files! >any directories on a *NI+ system ha'e traditional names and traditional contents! 0or e)ample$ directories named bin contain binary files$ which are the e)ecutable command and application files! A lib directory contains library files$ which are often collections of routines that can be included in programs by a compiler! de> contains de'ice files$ which are the software components of terminals$ printers$ disks$ etc! tmp directories are for temporary storage$ such as when a program creates a file for something and then deletes it when it is done! The etc directory is used for miscellaneous administrati'e files and commands! pub is for public files that anyone can use usr has traditionally been reser'ed for user directories ^our home directory is the directory that you start out from when you first login! It is the top le'el directory of your account! ^our home directory name is almost always the same as your userid! 1'ery directory and file on the system has a path by which it is accessed$ starting from the root directory! The path to the directory is called its pathname. ^ou can refer to any point in the directory hierarchy in two different ways- using its full Bor absolute? pathname or its relati>e pathname. The full pathname traces the absolute position of a file or directory back to the root directory$ using slashes #;) to connect e'ery point in the path! 0or e)ample$ in the figure abo'e$ the full pathname of file2 would be ;usr;bin;file2! 4elati>e pathnames begin with the current directory #also called the working directory$ the one you are in)! If ;usr were your current directory$ then the relati'e pathname for file2 would be bin;file2! 2.= !indows file model The 7indows operating system supports a 'ariety of legacy file systems for backward compatibility with 8(S and 7indows K)! NT0S 0AT 'ile system layout 8rawing on its 8(S legacy$ 7indows treats different disk partitions as independent floppy disks$ labeled by a letter of the alphabet- A- 4- &- 8- !!! 0or historical reasons$ dri'e A- is normally the diskette station$ while dri'e &- is the primary hard disk partition! (ther dri'e names are assigned at random$ but often 5- is reser'ed for partitions containing users< home directories! The layout of the 7indows file system has changed through the different 'ersions$ in an effort to impro'e the structure! This description relates to NT D!B! The system root is usually stored in &-Y7inNT and is generally referred to by the system en'ironment 'ariable ASystem /ootA! &-YI:J@ This directory contains binary code and data for the 7indows operating system! This should normally be left alone! &-Y%rogram 0iles this is 7indows<s official location for new software! %rogram packages which you buy should install themsel'es in subdirectories of this directory! >ore often than not they choose their own locations$ howe'er$ often with a distressing lack of discipline! &-YTemp Temporary scratch space$ like *ni)<s ; tmp! &-Y7inNT this is the root directory for the 7indows system! This is mainly for operating system files$ so you should not place new files under this directory yourself unless you really know what you are doing! Some software packages might install themsel'es here! &-Y7inNTYconfig &onfiguration information for programs! These are generally binary files so the contents of 7indows configuration files are not 'ery interesting! &-Y7inNTYsystem:2 this is the so2called system root! This is where most system applications and data2 files are kept! 'ile eHtensions 7hereas files can go by any name in *NI+$ >icrosoft operating systems ha'e always used the concept of file e)tensions to identify special file types! 0or e)ample- 2.: 'ile System Standards Garious file system standards are 2? 'AT =? NT'S :? /'SB /N%0 'ile System? 7? N'S 2? 'AT B'ile allocation Table? 0ile Allocation Table #0AT) is a patented file system de'eloped by >icrosoft for >S28(S and is the primary file system for consumer 'ersions of >icrosoft 7indows up to and including 7indows >e! 0AT is a table that an operating system maintains in order to map the clusters #the smallest unit of storage) that a file has been stored in! 7hen files are written to a hard disk$ the files are stored in one or more clusters that may be spread out all o'er the hard disk! The table allows 7indows to find the HpiecesH of your file and reassemble them when you wish to open it! A partition is di'ided up into identically si,ed clusters$ small blocks of contiguous space! &luster si,es 'ary depending on the type of 0AT file system being used and the si,e of the partition$ typically cluster si,es lie somewhere between 2 94 and :2 94! 1ach file may occupy one or more of these clusters depending on its si,e3 thus$ a file is represented by a chain of these clusters #referred to as a singly linked list)! 5owe'er these chains are not necessarily stored ad6acent to one another on the diskIs surface but are often instead fragmented throughout the 8ata /egion! The 0ile Allocation Table #0AT) is a list of entries that map to each cluster on the partition! 1ach entry records one of fi'e things- . The address of the ne)t cluster in a chain . A special end of file #1(0) character that indicates the end of a chain . A special character to mark a bad cluster . A special character to mark a reser'ed cluster . A ,ero to note that that cluster is unused 'AT29 6 0AT1@ table entries are 1@ bits in length limiting hard disk si,es to 2G4! Note that e'en if the (S supports larger partition si,es$ the 4I(S must also support logical block addressing #C4A) or the ma)imum partition that you will be able to create will be either FBD or F2J >4! 'AT:= 6 &reated to allow more efficient use of hard dri'e space and allowed for partitions up to JG4 using D94 cluster si,es! In order to format a dri'e as 0AT:2$ the HCarge disk SupportH must be enabled when starting 08IS9! 0AT:2 is not compatible with older 'ersions of 7indows including 7indows KFA and NT! In 7indows K!)$ the &=T1!1+1 can be used to con'ert 0AT1@ partitions to 0AT:2 Main disk structures A 0AT file system is composed of four different sections! 2. The 4eser>ed sectors$ located at the 'ery beginning! The first reser'ed sector is the Boot Sector BPartition Boot 4ecord?! It includes an area called the 4I(S %arameter 4lock #with some basic file system information$ in particular its type$ and pointers to the location of the other sections) and usually contains the operating systemIs boot loader code! The total count of reser'ed sectors is indicated by a field inside the 4oot Sector! Important information from the 4oot Sector is accessible through an operating system structure called the 8ri'e %arameter 4lock in 8(S and (S;2! =. The 'AT 4egion! This contains two copies of the 0ile Allocation Table for the sake of redundancy$ although the e)tra copy is rarely used$ e'en by disk repair utilities! These are maps of the partition$ indicating how the clusters are allocated! :. The 4oot )irectory 4egion! This is a 8irectory Table that stores information about the files and directories in the root directory! 7ith 0AT:2 it can be stored anywhere in the partition$ howe'er with earlier 'ersions it is always located immediately after the 0AT /egion! 7. The )ata 4egion. This is where the actual file and directory data is stored and takes up most of the partition! The si,e of files and subdirectories can be increased arbitrarily #as long as there are free clusters) by simply adding more links to the fileIs chain in the 0AT! Note howe'er$ that each cluster can be taken only by one file$ and so if a 1 94 file resides in a :2 94 cluster$ :1 94 are wasted! Ad>antage56 The 0AT file system is considered relati'ely uncomplicated$ and is conse"uently supported by 'irtually all e)isting operating systems for personal computers! This ubi"uity makes it an ideal format for floppy disks and solid2state memory cards$ and a con'enient way of sharing data between disparate operating systems installed on the same computer #a dual boot en'ironment)! It is not possible to perform an undelete under 7indows NT on any of the supported file systems! *ndelete utilities try to directly access the hardware$ which cannot be done under 7indows NT! 5owe'er$ if the file was located on a 0AT partition$ and the system is restarted under >S28(S$ the file can be undeleted! The 0AT file system is best for dri'es and;or partitions under appro)imately 2BB >4$ because 0AT starts out with 'ery little o'erhead )isad>antages56 7hen files are deleted and new files written to the media$ their fragments tend to become scattered o'er the entire media making reading and writing a slow process! 8efragmentation is one solution to this$ but is often a lengthy process in itself and has to be repeated regularly to keep the 0AT file system clean! %referably$ when using dri'es or partitions of o'er 2BB >4 the 0AT file system should not be used! This is because as the si,e of the 'olume increases$ performance with 0AT will "uickly decrease! It is not possible to set permissions on files that are 0AT partitions! 0AT partitions are limited in si,e to a ma)imum of D Gigabytes #G4) under 7indows NT and 2 G4 in >S28(S = NT'S BNew Technology 'AT System? An ad'anced file system that pro'ides performance$ security$ reliability$ and ad'anced features that are not found in any 'ersion of 0AT! It is designed to "uickly perform standard file operations such as read$ write$ and search 2 and e'en ad'anced operations such as file2system reco'ery 2 on 'ery large hard disks! 0ormatting a 'olume with the NT0S file system results in the creation of se'eral system files and the >aster 0ile Table #>0T)$ this contains information about all the files and folders on the NT0S 'olume! The first information on an NT0S 'olume is the %artition 4oot Sector$ which starts at sector B and can be up to 1@ sectors long! The first file on an NT0S 'olume is the >aster 0ile Table #>0T)! The following figure illustrates the layout of an NT0S 'olume when formatting has finished! 0igure F21 0ormatted NT0S =olume Ad>antages56 +ncryption5 The 1ncrypting 0ile System #10S) pro'ides the core file encryption technology used to store encrypted files on NT0S 'olumes! 10S keeps files safe from intruders who might gain unauthori,ed physical access to sensiti'e$ stored data #for e)ample$ by stealing a portable computer or e)ternal disk dri'e)! )isk Nuotas- 7indows 2BBB supports disk "uotas for NT0S 'olumes! ^ou can use disk "uotas to monitor and limit disk2space use! 4eparse Points5 /eparse points are new file system ob6ects in NT0S that can be applied to NT0S files or folders! A file or folder that contains a reparse point ac"uires additional beha'ior not present in the underlying file system! /eparse points are used by many of the new storage features in 7indows 2BBB$ including 'olume mount points! Golume Mount Points5 =olume mount points are new to NT0S! 4ased on reparse points$ 'olume mount points allow administrators to graft access to the root of one local 'olume onto the folder structure of another local 'olume! Sparse 'iles- Sparse files allow programs to create 'ery large files but consume disk space only as needed! )istributed #ink Tracking5 NT0S pro'ides a link2tracking ser'ice that maintains the integrity of shortcuts to files as well as (C1 links within compound documents! 'ile compressions5 6 NT0S uses lossless compression algorithm which ensures that no data is lost when compressing and decompressing the data NT0S is best for use on 'olumes of about DBB >4 or more! This is because performance does not degrade under NT0S$ as it does under 0AT$ with larger 'olume si,es! The reco'erability designed into NT0S is such that a user should ne'er ha'e to run any sort of disk repair utility on an NT0S partition! )raw backs56 (ld software might not run on NT0S properly! Secondly$ if youIre going to run an earlier 'ersion of 7indows along with 7indows +%$ youIll need to ha'e a 0AT or 0AT:2 as the start2up partition! The reason is that earlier 'ersions of 7indows canIt access a partition with the latest 'ersion of NT0S! It is not recommended to use NT0S on a 'olume that is smaller than appro)imately DBB >4$ because of the amount of space o'erhead in'ol'ed in NT0S! This space o'erhead is in the form of NT0S system files that typically use at least D >4 of dri'e space on a 1BB >4 partition! &urrently$ there is no file encryption built into NT0S! Therefore$ someone can boot under >S28(S$ or another operating system$ and use a low2le'el disk editing utility to 'iew data stored on an NT0S 'olume! It is not possible to format a floppy disk with the NT0S file system3 7indows NT formats all floppy disks with the 0AT file system because the o'erhead in'ol'ed in NT0S will not fit into a floppy disk Conversion of FATS into NTFS ^ouI'e got two options- either format a dri'e with NT0S or use the Icon'ertI command! The first way is recommended because all data on the partition will be erased 2 conse"uently$ youIll be starting with a IcleanI dri'e! *se this method only if you donIt need to keep your files intact! 4ut most of us would want to keep our files$ and to do this youI'e got two options- 2. Backup all your data before formatting So you want to start with a IcleanI dri'e but canIt afford losing your precious filesW =ery simple! All you need to do is back up your files to an e)ternal hard2dri'e or a partition other than the one you want to con'ert$ or burn the data onto &8s! After youIre done you can format a dri'e with NT0S! =. /se the con>ert command from command prompt This way$ you donIt need to back up! All files are preser'ed as they are! 5owe'er$ I recommend a backup! ^ou donIt know what might go wrong and besides what would you lose if you do back2 upW 7hen I con'erted to NT0S using con'ert!e)e$ e'erything went smooth! &hances are your con'ersion will be e"ually smooth! Note5 This is a one2way con'ersion! (nce youI'e con'erted to NT0S$ you canIt go back to 0AT or 0AT:2 unless you format the dri'e! (pen command prompt# by going start$ all program $ accessories $ click command prompt) (/ Start V /un V type HcmdH without "uotes V (9 Type Hcon'ert dri'e letter- ;fs-ntfsH and press 1nter! 0or e)ample$ type Hcon'ert &- ;fs-ntfsH #without "uotes) if you want to con'ert dri'e &! If youIre asked whether you want to dismount the dri'e$ agree! To find more information about con'ert!e)e type Hhelp con'ertH #without "uotes) in &ommand %rompt and press 1nter! 7? N'S BNetwork 'ile System? A network file system is any computer file system that supports sharing of files$ printers and other resources as persistent storage o'er a computer networkThe Network 0ile System #N0S) is a client;ser'er application that lets a computer user 'iew and optionally store and update file on a remote computer as though they were on the userIs own computer! The userIs system needs to ha'e an N0S client and the other computer needs the N0S ser'er! 4oth of them re"uire that you also ha'e T&%;I% installed since the N0S ser'er and client use T&%;I% as the program that sends the files and updates back and forth! #5owe'er$ the *ser 8atagram %rotocol$ *8%$ which comes with T&%;I%$ is used instead of T&% with earlier 'ersions of N0S!) N0S was de'eloped by Sun >icrosystems and has been designated a file ser'er standard! Its protocol uses the /emote %rocedure &all #/%&) method of communication between computers! ^ou can install N0S on 7indows KF and some other operating systems using products like SunIs Solstice Network &lient! *sing N0S$ the user or a system administrator can mount all or a portion of a file system #which is a portion of the hierarchical tree in any file directory and subdirectory$ including the one you find on your %& or >ac)! The portion of your file system that is mounted #designated as accessible) can be accessed with whate'er pri'ileges go with your access to each file #read2only or read2write)! N0S allows a system to share directories and files with others o'er a network! 4y using N0S$ users and programs can access files on remote systems almost as if they were local files! Ad>antages5 Cocal workstations use less disk space because commonly used data can be stored on a single machine and still remain accessible to others o'er the network! There is no need for users to ha'e separate home directories on e'ery network machine! 5ome directories could be set up on the N0S ser'er and made a'ailable throughout the network! N0S is centrali,ed administration so its much easier $for e)ample $ to backup a file systems stored on ser'ers than on indi'idually backup a scattered system! N0S when used with NIS makes it tri'ially simple to update keys configurations files! )isad>antages56 N0S is sensiti'e to network congestion! 5ea'y disk acti'ity of N0S ser'er effects the N0S performance If an e)ported file system is not a'ailable when client to attempts to mount$ client system hangs although this can be mitigated using specific mount! If ser'er is hosting the e)ported file system becomes una'ailable due to any reasons no one can access the resources! N0S has security problems because its design assumes a trusted network. #ecture 2= 3 4eading5 A7.;8 A7.;.26;.= Contents56 Software %nstallations and Structuring Software8 Fpen Source Software5 The -N/ Pro1ect Software %nstallations and Structuring Software8 Fpen Source Software5 The -N/ Pro1ect 2 Software installation 2.2 'ree and proprietary software *nlike most other popular operating systems$ *ni) grew up around people who wrote their own software rather than relying on off2the2shelf products! The Internet now contains gigabytes of software for *ni) systems which cost nothing! Traditionally$ only large companies like the oil industry and newspapers could afford off2the2shelf software for *ni)! There are therefore two kinds of software installation- the installation of software from binaries and the installation of software from source! &ommercial software is usually installed from a &8 by running an installation program and following the instructions carefully3 the only decision we need to make is where we want to install the software! 0ree software and open source software usually come in source form and must therefore be compiled! *ni) programmers ha'e gone to great lengths to make this process as simple as possible for system administrators! 2.= Structuring software The first step in installing software is to decide where we want to keep it! 7e could$ naturally$ locate software anywhere we like$ but consider the following- . Software should be separated from the operating system<s installed files$ so that the (S can be reinstalled or upgraded without ruining a software installation! . *ni)2like operating systems ha'e a naming con'ention! &ompiled software can be collected in a special area$ with a bin directory and a lib directory so that binaries and libraries conform to the usual *ni) con'entions! This makes the system consistent and easy to understand! It also keeps the program search %AT5 'ariable simple! . 5ome2grown files and programs which are special to our own particular site can be kept separate from files which could be used anywhere! That way$ we define clearly the 'alidity of the files and we see who is responsible for maintaining them! The directory traditionally chosen for installed software is called ;usr;local! (ne then makes subdirectories ;usr;local;bin and ;usr;local;lib and so on \1DM]! *ni) has a de2facto naming standard for directories which we should try to stick to as far as reason permits$ so that others will understand how our system is built up! . bin 4inaries or e)ecutables for normal user programs! . sbin 4inaries or e)ecutables for programs which only system administrators re"uire! Those files in ;sbin are often statically linked to a'oid problems with libraries which lie on unmounted disks during system booting! . lib Cibraries and support files for special software! . etc &onfiguration files! . share 0iles which might be shared by se'eral programs or hosts! 0or instance$ databases or help2 information3 other common resources! 0igure - (ne way of structuring local software! Another is shown in figure D!2! 5ere we di'ide these into three categories- regular installed software$ GN* software #i!e! free software) and sitesoftware! The di'ision is fairly arbitrary! The reason for this is as follows- . ;usr;local is the traditional place for software which does not belong to the (S! 7e could keep e'erything here$ but we will end up installing a lot of software after a while$ so it is useful to create two other sub2 categories! . GN* software$ written by and for the 0ree Software 0oundation$ forms a self2contained set of tools which replace many of the older *ni) e"ui'alents$ like ls and cp! GN* software has its own system of installation and set of standards! GN* will also e'entually become an operating system in its own right! Since these files are maintained by one source it makes sense to keep them separate! This also allows us to place GN* utilities ahead of others in a user<s command %AT5! . Site2specific software includes programs and data which we build locally to replace the software or data which follows with the operating system! It also includes special data like the database of aliases for 12mail and the 8NS tables for our site! Since it is special to our site$ created and maintained by our site$ we should keep it separate so that it can be backed up often and separately! A similar scheme to this was described !in a system called Depot! In the 8epot system$ software is installed under a file node called ;depot which replaces ;usr;local! In the depot scheme$ separate directories are maintained for different machine architectures under a single file tree! This has the ad'antage of allowing e'ery host to mount the same filesystem$ but the disad'antage of making the single filesystem 'ery large! Software is installed in 0igure D!2- Another$ more rational way of structuring local software! 5ere we drop the affectation of placing local modifications under the operating system<s ;usr tree and separate it completely! Symbolic links can be used to alias ;usr;local to one of these directories for historical consistency! a package2like format under the depot tree and is linked in to local hosts with symbolic links! 2.: -N/ software eHample 7hen installing GN* software$ we are e)pected to gi'e the name of a prefi( for installing the package! The prefi) in the abo'e cases is ;usr;local for ordinary software$ ;usr;local;gnu for GN* software and ;usr;local;site for site2specific software! >ost software installation scripts place files under bin and lib automatically! The steps are as follows! 1! >ake sure we are working as a regular$ unpri'ileged user! The software installation procedure might do something which we do not agree with! It is best to work with as few pri'ileges as possible until we are sure! 2! &ollect the software package by ftp from a site like ftp!uu!net or ftp!funet!fi etc! *se a program like ncftp for painless anonymous login! :! *npack the file using tar ,)f software!tar!g,$ if using GN* tar$ or gun,ip software!tar!g,3 tar )f software!tar if not! D! 1nter the directory which is unpacked$ cd software! F! Type- configure 22prefi)S;usr;local;gnu! This checks the state of our local operating system and other installed software and configures the software to work correctly there! @! Type- make! M! If all goes well$ type make 2n install! This indicates what the make program will install and where! If we ha'e any doubts$ this allows us to make changes or abort the procedure without causing any damage! J! 0inally$ switch to pri'ileged root;Administrator mode with the su command and type make install! This should be enough to install the software! Note$ howe'er$ that this step is a security 'ulnerability! If one blindly e)ecutes commands with pri'ilege$ one can be tricked into installing back2doors and Tro6an horses K! Some installation scripts lea'e files with the wrong permissions so that ordinary users cannot access the files! 7e might ha'e to check that the files ha'e a mode like FFF so that normal users can access them! This is in spite of the fact that installation programs attempt to set the correct permissions 2.7 Proprietary software eHample If we are installing proprietary software$ we will ha'e recei'ed a copy of the program on a &82/(>$ together with licensing information$ i!e! a code which acti'ates the program! The steps are somewhat different! 1! To install from &82/(> we must start work with root;Administrator pri'ileges$ so the authenticity of the &82/(> should be certain! 2! Insert the &82/(> into the dri'e! 8epending on the operating system$ the &82/(> might be mounted automatically or not! &heck this using the mount command with no arguments$ on a *ni)2like system! If the &82/(> has not been mounted$ then$ for standard &82/(> formats$ the following will normally suffice- mkdir ;cdrom if necessary mount ;de';cdrom ;cdrom 0or some manufacturers$ or on older operating systems$ we might ha'e to specify the type of filesystem on the &82/(>! &heck the installation instructions! :! (n a 7indows system a clickable icon appears to start the installation program! (n a *ni)2like system we need to look for an installation script cd ;cdrom; cd2name less /1A8>1 !;install2script D! 0ollow the instructions! Some proprietary software re"uires the use of a license ser'er$ such as lmgrd! This is installed automatically$ and we are re"uired only to edit a configuration file with a license key which is pro'ided$ in order to complete the installation! 2.; %nstalling shared libraries Systems which use shared libraries or shared ob6ects sometimes need to be reconfigured when new libraries are added to the system! This is because the names of the libraries are cached to pro'ide fast access! The system will not look for a library if it is not in the cache file! . Sun(S #prior to Solaris 2)- After adding a new library$ one must run the command ldconfig lib2directory! The file ;etc;ld!so!cache is updated! . GN*;Cinu)- New library directories are added to the file ;etc;ld!so!conf! Then one runs the command ldconfig! The file ;etc;ld!so!cache is updated! 2.9 Configuration security Principle BSeparation %%%?. "ndependent systems should not interfere with one another# or e confused with one another. $eep them in separate storage areas. Suggestion 2 BGigilance?. Be on the lookout for software which is configured# y default# to install itself on top of the operating system. %lways check the destination using make 6n install efore actually committing to an installation. Programs which are replacements for standard operating system components often reak the principle of separation. Principle B#imited pri>ilege?. &o process or file should e given more privileges than it needs to do its 'o. !o do so is a security ha(ard. Another use for this principle arises when we come to configure certain types of software! 7hen a user e)ecutes a software package$ it normally gets e)ecuted with the user pri'ileges of that user! There are two e)ceptions to this- . Services which are run by the system' 8aemons which carry out essential ser'ices for users or for the system itself$ run with a user I8 which is independent of who is logged on to the system! (ften$ such daemons are started as root or the Administrator when the system boots! In many cases$ the daemons do not need these pri'ileges and will function "uite happily with ordinary user pri'ileges after changing the permissions of a few files! This is a much safer strategy than allowing them to run with full access! 0or e)ample$ the httpd daemon for the 777 ser'ice uses this approach! In recent years$ bugs in many programs which run with root pri'ileges ha'e been e)ploited to gi'e intruders access to the system! If software is run with a non2pri'ileged user I8$ this is not possible! . 6ni( setuid programs' *ni) has a mechanism by which special pri'ilege can be gi'en to a user for a short time$ while a program is being e)ecuted! Software which is installed with the *ni) setuid bit set$ and which is owned by root$ runs with root<s special pri'ileges! Some software producers install software with this bit set with no respect for the pri'ilege it affords! >ost programs which are setuid root do not need to be! A good e)ample of this is the &ommon 8esktop 1n'ironment #a multi2'endor desktop en'ironment used on *ni) systems)! In a recent release$ almost e'ery program was installed setuid root! 7ithin only a short time$ a list of reports about users e)ploiting bugs to gain control of these systems appeared Principle BTemporary files?. !emporary files or sockets which are opened y any program# should not e placed in any pulicly writale directory like $tmp. !his opens the possiility of race conditions and symolic link attacks. "f possile# configure them to write to a private directory+ Principle B'lagging customi(ation?. )ustomi(ations and deviations from standards should e made conspicuous to users and administrators. !his makes the system easier to understand oth for ourselves and our successors. 2.C !hen compilation fails Today$ software producers who distribute their source code are able to configure it automatically to work with most operating systems! &ompilation usually proceeds without incident! (ccasionally though$ an error will occur which causes the compilation to halt! There are a few things we can try to remedy this- . A pre'ious configuration might ha'e been left lying around$ try make clean make distclean and start again$ from the beginning! . >ake sure that the software does not depend on the presence of another package$ or library! Install any dependencies$ missing libraries and try again! . 1rrors at the linking stage about missing functions are usually due to missing or un2locatable libraries! &heck that the C8 CI4/A/^ %AT5 'ariable includes all rele'ant library locations! Are any other en'ironment 'ariables re"uired to configure the softwareW . Sometimes an e)tra library needs to be added to the >akefile! To find out whether a library contains a function$ we can use the following &2shell trick- hostA cd ;lib hostA foreach lib # libT ) R echo &hecking Zlib 2222222222222222222222 R nm Zlib V grep function Rend . &arefully try to patch the source code to make the code compile! . &heck in news groups whether others ha'e e)perienced the same problem! . &ontact the author of the program! 2.D /pgrading software Some software #especially free software) gets updated 'ery often! 7e could easily spend an entire life 6ust chasing the latest 'ersions of fa'orite software packages! A'oid this! . It is a waste of time! . Sometimes new 'ersions contain more bugs than the old one$ and an e'ennewer2 'ersion is 6ust around the corner! . *sers will not thank us for changing things all the time! Stability is a 'irtue! 1'eryone likes time to get used to the system before change strikes! A plan is needed for testing new 'ersions of software! %ackage systems for software make this process easier$ since one can allow se'eral 'ersions of software to coe)ist$ or roll back to earlier 'ersions if problems are disco'ered with newer 'ersions!