Sunday, September 21, 2008

Linux Users and Groups

Linux stores all users and groups configuration data in the following files.
  • /etc/passwd
  • /etc/shadow
  • /etc/group
E.G

geeko:x:1000:100:Geeko Chameleon:/home/geeko:/bin/bash
geeko:$sdfsdf$123$asf234sdfasdf23132:13181:0:9999:7:-1::

The above illustration shows the entry for the user geeko with an encrypted password. Some users such as wwwrun or bin ave an * in the password field. This means that these users can not log in to the system, but are for special applications.

Command to manage the users and groups.
  • useradd -m : automatically generates the home directory for the user. Without this argument, the directory is created under /home/
  • useradd -c : creating a new user with the ext for comment field.
  • useradd -u : specifying the UID of the new account.
  • useradd -g : specifying the primary group of the user.
  • useradd -e : set the expire date.
  • usermod : used to modify the setting. All the options used by usermod is the same as useradd
  • passwd -l : a user can be locked out.
  • passwd -u : a user can be unlocked, or re-activated.
  • if /etc/shadow lists a user account where is the password field is started with !, it means this account had been locked.
  • passwd -S : list the status of a user account.
  • passwd -i : disable an account after the password has been expired for number of days
  • passwd -n : sets the minimum number of days before a password can be changed.
  • passwd -w : warns the user that in number of days his password will expire.
  • passwd -x : sets the maximum number of days a password remains valid. After number of days the password must be changed.
E.G passwd -x 30 -w 5 geeko

When the passwd command is used, the /etc/default/passwd file is checked for the encryption method.

Manage groups from the command line.
  • groupadd -g 200 sports : adding a new group, called sport with gid, 200
  • groupdel sports : deleting a group called sports
  • groupmod -g 201 sports : modifying the gid of sports group to 201
  • groupmod -A geeko : add the user geekp to the group
  • gpasswd : Change password for group accounts.


The standrad configuration information is derived from 2 importants files.
  • /etc/default/useradd
  • /etc/login.defs
Posted by at No comments:

Sunday, September 14, 2008

Apache on SLES10

To setup a basic apache webserver, you need to install
  • apache2
  • apache2-prefork
  • apache2-example-pages (optional)

Commands to administer apache2

  • To start apache2: rcapache2 start
  • To stop: rcapache2 stop
  • To let apache starts at boot time: insserv apache2
  • To reload the config file: rcapache2 reload
  • To restart daemon: rcapache2 restart
  • To examine the syntax of the config files: apache2ctl configtest
  • The default directory: /srv/www/htdocs. It is called DocumentRoot of the web server.
  • wwwrun is the user that executing apache2

Apache2 configuration files

  • /etc/apache2/httpd.conf - The main apache configuration file.
  • /etc/apache2/default-server.conf - Contains the basic web server setup. All options set in this file can be overwritten by other configuration files.
  • /etc/apache2/vhost.d - The directory for virtual host setups.
  • /etc/apache2/uuid - Sets the user and group id for apache. By default, apache uses wwwrun(uid) and www(gid)
  • /etc/apache2/server-tuning.conf - tune the performance of apache2.
  • /etc/apache2/errors.conf - configure the behavior of apache when a request cannot be performed.
  • /etc/apache2/ssl-global.conf - configure the connection encryption with SSL.

Create RSA Key Pair

  • cat /dev/random > /tmp/random Stop this command after a few seconds by pressing Ctrl-C
  • To create the server key: openssl genrsa -des3 -rand /tmp/random 1024 -out server.key
  • Sign the public key to create a certification: openssl req -new -x509 -key server.key -out server.crt
  • Copy the server.key to /etc/apache2/ssl.key/* and copy the server.crt to /etc/apache2/ssl.crt/*
  • To configure the main server, you need to add the following lines to /etc/apache2/default-server.conf
  • SSLEngine on
  • SSLCertificateFile /etc/apache2/ssl.crt/server.crt
  • SSLCertificateKeyFile /etc/apache2/ssl.key/server.key
  • APACHE_START_TIMEOUT="10" - This setting extends the start timeout of apache so that have more time to enter the passphrase of the private RSA key.
  • APACHE_SERVER_FLAGS="SSL" - This enables some directives that are necessary for SSL encrytion. It lets apache listen on port 443 instead of only to port 80.
Posted by at No comments:

Xen on SLES10

Xen consists of two major components.
  • Virtual Machine Monitor (VMM) - A layer between physical hardware and VM. In general term, this is called hypervisor.
  • Xen Tools - a set of command line application used to administer VM.

VMM must be loaded before any of VMs are started. VM in xen are called as domains. Privileged domain, called domain0 is an interface to communicate directly with an adminstrator to access the physical hardware of the host machine.

An unprivileged domain is called domainU. To install Xen, the following package is needed.

  • xen
  • xen-tools
  • kernel-xen
  • xen-doc* (optional)

After the installation, the reboot is required to boot into Xen bootloader. In case the system is not booting properly, you can switch back to the non-virtualized system and disable the firewall.

  • rcSuSEfirewall2 stop
  • insserv -r SuSEfirewall2_setup
  • insserv -r SuSEfirewall2_init
  • insserv -r SuSEfirewall_final (conditional)

To manage Xen domains at the commands line.

  • Xen configuration file is located at: /etc/xen/vm
  • There are examples of template configuration file for a single domain: /etc/xen/examples
  • xm is the administration tools, it communicates with the xend management processes running on domain0 linux installation.
  • To start a vm, the create command is used: xm create -c -f /data/xen/SLES10-WebServer.conf
  • To list the currently running Xen domains: xm list
  • The list command contains the following fields: name, domid, memory, vcpus, state (r - running, b - blocked, domain has been created, but it is blocked when a domain is waiting for IO or nothing to do, p - pause, s - shutdown, c - crashed)
  • To connects you with the terminal of running domain: xm console domain_id
  • To disconnect from a terminal: use the keystrokes: Ctrl-]
  • To interrupt the execution a domain temporarily: xm pause domain_id
  • To unpause: xm unpause domain_id
  • To shutdown: xm shutdown domain_id
  • To force shutdown a not responding domain: xm destroy domain_id
  • To save the state of a domain for a longer time: xm save domain_id
  • To restore a domain from a resulting file: xm restore filename
  • To change the memory allocation for a domain: xm mem-set domain_id amount_of_memory_in_megabytes

Automate Domain Startup and shutdown

  • SLES10 comes with a start script called, xendomains, which included in the xen-tools package.
  • If domain0 is booted, all the domains with the configuration files located under /etc/xen/auto will be started.
  • If domain0 is shutdown, or rebooted, all the running Xen domains will be shutdown.
  • The script can be adjusted /etc/sysconfig/xendomains for some configuration options like: XENDOMAINS_MIGRATE. It will migrate domain automatically to a different host when a domain0 is shutdown. The flags has to be set to the IP address of the target machine.

Understand Xen Networking














  • domain0 is controlling the physical network interfaces of the host system. Unprivileged domains are connected to domain0 through Virtual Ethernet adapters.
  • domainU (VE) <---->(VE)domain0(Physical Ethernet)<------>Network(LAN)
  • The default mechanism to connect VE and PE in domain0 is bridging.
  • When a new domain is created, the following steps happened.
  • 1. Xen provides a VE to the new domain
  • 2. xend creates a new VE in domain0
  • 3. both VE are connected through a virtual point to point connection.
  • 4. The VE in domain0 is added to the bridge with the physical interface.
  • xend performs the networking changes with the help of scripts: /etc/xen/scripts.
  • The script to initiate the bridge xenbr0: /etc/xen/scripts/nework-bridge
  • The script to start and add the VE: /etc/xen/scripts/vif-bridge
  • To configure the network scripts are used by xend: /etc/xen/xend-config.sxp
  • Command: ip a is prompted on domain0 will list down all the different interface naming schema.
  • 1. peth - physical interfaces in domain0. peth devices are connected to the network bridge
  • 2. vif - virtual interfaces which are part of the bridge. E.g: vif6.0 is connected to the first vif in domain 6.
  • 3. veth - virtual interfaces are connected to the vif interfaces of domain0 (vif0.x)
  • 4. eth0 - the default veth interface is named eth0 and connected with vif0.0. This is the default network interface of domain0.
  • 5. xenbr0 - the default bridge that connects virtual and physical interfaces.

Migrate a Guest Domain

  • 2 methods: Use domain save and restore or Use migration and live migration.
  • Domain Save and Restore
  • 1. suspend the domain: xm save domain_id filename
  • 2. copy the file to the new host system, then restore the domain: xm restore filename
  • Migration and Live Migration
  • 1. xm migrate domain_id target_host
  • 2. By adding --live migration flag, the downtime during the migration can be reduced.
  • 3. /etc/xen/xend-config.sxp with 2 importants flags: xend-relocation-server yes, xend-relocation-hosts-allow '^localhost$'


Posted by at No comments:

Wednesday, September 3, 2008

VI Cursor Movement Commands

Posted by at No comments:
Subscribe to: Posts (Atom)