apt/apt.tex --------------------------------------------------- diff LFS301EN/CHAPS/LFS301_apt/apt.tex LFS307/CHAPS/apt/apt.tex --------------------------------------------------- 9c9 < \item Includes utilities such as \textbf{apt-get} and --- > \item Includes utilities such as \textbf{apt} and 22c22 < scripts. In this course we will use \textbf{apt-get} --- > scripts. In this course we sometimes use \textbf{apt-get} 114c114 < $ sudo apt-get install apt-file --- > $ sudo apt install apt-file 139c139 < Displays detailed information about the --- > Display detailed information about the 169,171c169,171 < $ sudo apt-get install glibc < $ sudo apt-get remove glibc < $ sudo apt-get --purge remove glibc --- > $ sudo apt install glibc > $ sudo apt remove glibc > $ sudo apt --purge remove glibc 178,180c178,180 < $ sudo apt-get update < $ sudo apt-get upgrade < $ sudo apt-get dist-upgrade --- > $ sudo apt update > $ sudo apt upgrade > $ sudo apt dist-upgrade 195c195 < $ sudo apt-get install [package] --- > $ sudo apt install [package] 201c201 < $ sudo apt-get remove [package] --- > $ sudo apt remove [package] 207c207 < $ sudo apt-get --purge remove [package] --- > $ sudo apt --purge remove [package] 212c212 < $ sudo apt-get update --- > $ sudo apt update 220,221c220,221 < $ sudo apt-get upgrade < $ sudo apt-get dist-upgrade --- > $ sudo apt upgrade > $ sudo apt dist-upgrade 244c244 < $ sudo apt-get autoremove --- > $ sudo apt autoremove 251c251 < $ sudo apt-get clean --- > $ sudo apt clean apt/labs.tex --------------------------------------------------- diff LFS301EN/CHAPS/LFS301_apt/labs.tex LFS307/CHAPS/apt/labs.tex --------------------------------------------------- 48c48 < $ sudo apt-get update --- > $ sudo apt update 52,53c52,53 < $ sudo apt-get upgrade < $ sudo apt-get -u upgrade --- > $ sudo apt upgrade > $ sudo apt -u upgrade 76c76 < $ sudo apt-get install apache2-dev --- > $ sudo apt install apache2-dev 86c86 < Using \textbf{apt-cache} and \textbf{apt-get} --- > Using \textbf{apt-cache} and \textbf{apt} 141,142c141,142 < \vspace{\negkspace} < \begin{klst}[] --- > > \begin{out}[] 150c150 < \end{klst} --- > \end{out} 154c154 < $ sudo apt-get install bacula-client --- > $ sudo apt install bacula-client 156,157c156,157 < \vspace{\negkspace} < \begin{klst}[] --- > > \begin{out}[] 171c171 < \end{klst} --- > \end{out} backups/basics.tex --------------------------------------------------- diff LFS301EN/CHAPS/LFS301_backups/basics.tex LFS307/CHAPS/backups/basics.tex --------------------------------------------------- 84c84 < \item Pseudo-filesystems such as \filelink{/proc}, --- > \item Pseudo filesystems such as \filelink{/proc}, 141c141 < For life times longer than the usual back up timescale, --- > For life times longer than the usual backup timescale, backups/labs.tex --------------------------------------------------- diff LFS301EN/CHAPS/LFS301_backups/labs.tex LFS307/CHAPS/backups/labs.tex --------------------------------------------------- 44,45c44,45 < \vspace{\negkspace} < \begin{klst}[] --- > > \begin{out}[] 47c47 < \end{klst} --- > \end{out} 52,53c52,53 < \vspace{\negkspace} < \begin{klst}[] --- > > \begin{out}[] 59c59 < \end{klst} --- > \end{out} 64,65c64,65 < \vspace{\negkspace} < \begin{klst}[] --- > > \begin{out}[] 72c72 < \end{klst} --- > \end{out} 82,83c82,83 < \vspace{\negkspace} < \begin{klst}[] --- > > \begin{out}[] 91,182c91 < \end{klst} < \end{enumerate} < \end{sol} < \end{exe} < < \begin{exe} {Using cpio for Backup} < < We are going to do essentially the same exercise now, < but using \textbf{cpio} in place of \textbf{tar}. We'll < repeat the slightly altered instructions for ease of use. < < \begin{enumerate} < \item < Create a directory called \verb?backup? and in it < place a compressed \textbf{cpio} archive of all the < files under \filelink{/usr/include}, with the highest < level directory being \verb?include?. You can use < any compression method (\textbf{gzip}, \textbf{bzip2} < or \textbf{xzip}). < \item < List the files in the archive. < \item < Create a directory called \verb?restore? and < unpack and decompress the archive. < \item < Compare the < contents with the original directory the archive < was made from. < \end{enumerate} < < \begin{sol} < < \begin{enumerate} < \item < \begin{cmd} < $ (cd /usr ; find include | cpio -c -o > /home/student/backup/include.cpio) < \end{cmd} < \vspace{\negkspace} < \begin{klst}[] < 82318 blocks < \end{klst} < or to put it in a compressed form: < \begin{cmd} < $ (cd /usr ; find include | cpio -c -o | gzip -c > /home/student/backup/include.cpio.gz) < \end{cmd} < \vspace{\negkspace} < \begin{klst}[] < 82318 blocks < \end{klst} < \begin{cmd} < $ ls -lh include* < \end{cmd} < \vspace{\negkspace} < \begin{klst}[] < total 64M < -rw-rw-r-- 1 coop coop 41M Nov 3 15:26 include.cpio < -rw-rw-r-- 1 coop coop 6.7M Nov 3 15:28 include.cpio.gz < -rw-rw-r-- 1 coop coop 5.3M Nov 3 14:44 include.tar.bz2 < -rw-rw-r-- 1 coop coop 6.8M Nov 3 14:44 include.tar.gz < -rw-rw-r-- 1 coop coop 4.7M Nov 3 14:46 include.tar.xz < \end{klst} < \item < \begin{cmd} < $ cpio -ivt < include.cpio < \end{cmd} < \vspace{\negkspace} < \begin{klst}[] < drwxr-xr-x 86 root root 0 Oct 29 07:04 include < -rw-r--r-- 1 root root 42780 Aug 26 12:24 include/unistd.h < -rw-r--r-- 1 root root 957 Aug 26 12:24 include/re_comp.h < -rw-r--r-- 1 root root 22096 Aug 26 12:24 include/regex.h < ..... < \end{klst} < Note the redirection of input; the archive is not an argument. < One could also do: < \begin{cmd} < $ cd ../restore < $ cat ../backup/include.cpio | cpio -ivt < $ gunzip -c include.cpio.gz | cpio -ivt < \end{cmd} < \item < \begin{cmd} < $ rm -rf include < $ cpio -id < ../backup/include.cpio < $ ls -lR include < \end{cmd} < or < \begin{cmd} < $ cpio -idv < ../backup/include.cpio < < $ diff -qr include /usr/include < \end{cmd} --- > \end{out} 198,199c107,108 < \vspace{\negkspace} < \begin{klst}[] --- > > \begin{out}[] 207c116 < \end{klst} --- > \end{out} 214,215c123,124 < \vspace{\negkspace} < \begin{klst}[] --- > > \begin{out}[] 220c129 < \end{klst} --- > \end{out} 227,228c136,137 < \vspace{\negkspace} < \begin{klst}[] --- > > \begin{out}[] 231c140 < \end{klst} --- > \end{out} 240,241c149,150 < \vspace{\negkspace} < \begin{klst}[] --- > > \begin{out}[] 252c161 < \end{klst} --- > \end{out} 262,263c171,172 < \vspace{\negkspace} < \begin{klst}[] --- > > \begin{out}[] 272c181 < \end{klst} --- > \end{out} containers/basics.tex --------------------------------------------------- diff LFS301EN/CHAPS/LFS301_containers/basics.tex LFS307/CHAPS/containers/basics.tex --------------------------------------------------- 90,91c90,91 < needs. For a while each facility had its day in the sun < and was seen as the way to go for almost everything. --- > needs. For a while each facility has had its day in the sun > and been seen as the way to go for almost everything. containers/labs.tex --------------------------------------------------- diff LFS301EN/CHAPS/LFS301_containers/labs.tex LFS307/CHAPS/containers/labs.tex --------------------------------------------------- 2a3 > \begin{exe} {Install, test and run a podman container} 4,22c5,48 < \begin{exe} {Install and test \textbf{Apache} (\textbf{httpd}) as a \textbf{Docker} application.} < < \begin{lfbox}[Overview] < In this exercise, we will install, run and test the < \textbf{docker} package, and follow with getting and < deploying \textbf{httpd}, the \textbf{Apache} web server < container. < \end{lfbox} < < \begin{redhatfamilybox} < Please note that \textbf{RHEL/CentOS 8} and recent < \textbf{Fedora} distributions utilized < \textbf{podman}. On these systems \textbf{docker} is < supported by a backwards compatibility layer: < < \begin{cmd} < $ sudo dnf install podman podman-docker < \end{cmd} < \end{redhatfamilybox} --- > \begin{important}[Overview] > This exercise is intended for distributions that have > the \textbf{podman} package available. > > For distributions that do not have the \textbf{podman} > packages, use \textbf{Docker} instead; skip to the > next exercise. > > \end{important} > > \lftable{podman and distribution status} > > \small{\begin{tcolorbox}[tabularx={p{0.20\textwidth}|X|p{0.50\textwidth}}] > > \textbf{Distribution} > & > \textbf{Status} > & > \textbf{Remedy} > \\ \hline > \textbf{CentOS-8-Stream} > & > Some repositories malfunction > & > reduce repositories to \textbf{docker.io} > \\ \hline > \textbf{CentOS-9-Stream} > & > Works > & > none > \\ \hline > \textbf{Ubuntu-20.04} > & > packages not available > & > use Docker > \\ \hline > \textbf{Ubuntu-22.04} > & > may be missing repository records > & > update repository records in repositories.conf > \end{tcolorbox}} 26,45c52,94 < Make sure \textbf{Docker} is installed (or emulated with < \textbf{podman}.) Pick the right command for your < distribution: < \begin{cmd} < $ sudo yum install docker # RHEL/CentOS 7 < $ sudo dnf install podman podman-docker # RHEL/CentOS 8, Fedora < $ sudo apt-get install docker.io # Ubuntu, Debian < $ sudo zypper install docker # openSUSE < \end{cmd} < < \begin{info}[Reinstall Docker?] < \begin{itemize} < \item < If you get strange errors at later points in the < exercise you might find it useful to < \textbf{reinstall} \textbf{docker}. We have < observed cases (for example, with \textbf{RHEL 7}) < where \textbf{docker} configurations were broken, < after a system upgrade, < \end{itemize} --- > Make sure \textbf{podman} is installed: pick the > appropriate command for your distribution: > > \begin{cmd} > $ sudo dnf install podman podman-docker slirp4netns # RHEL/CentOS, Fedora > $ sudo apt install podman podman-docker slirp4netns # Ubuntu-22.04, Debian > $ sudo zypper install podman podman-docker slirp4netns # openSUSE > \end{cmd} > > \item > Start the \textbf{podman} socket: > > \begin{cmd} > $ sudo systemctl start podman.socket > \end{cmd} > > You may want to verify that it is running properly > with > \begin{cmd} > $ sudo systemctl status podman.socket?: > \end{cmd} > > \begin{figure}[H] > \includegraphics[width=7in]{IMAGES/podman-status} > \caption{Checking podman socket status} > \end{figure} > \vspace{-12pt} > > If you see anything indicating failure, you should > inspect \filelink{/var/log/messages} or whatever other > logging file you have on your system for clues. > > \begin{info}[Kernel version may matter] > > If you are running a standard distribution kernel > you should be fine. However, if you are running a > custom \textbf{Linux} kernel, it is likely you have > to select the proper configuration options, > especially as regards to networking. This is too > complicated to go into here, so please stay with a > distribution-supplied kernel unless you want a > more challenging exercise! > 49d97 < Start the \textbf{docker} service: 51,54c99,310 < \begin{important} < You can skip to the next step on \textbf{podman}-based < systems as there is no \textbf{docker} service to start! < \end{important} --- > The container \textbf{registry} is a collection of > containers ready to run. These may be public, private > or local collections. Some distributions ship with > several registries defined and others have nothing > defined. > > Search for the \textbf{httpd} image container, with: > > \begin{cmd} > $ sudo podman search apache > \end{cmd} > > \begin{figure}[H] > \includegraphics[width=7in]{IMAGES/podman-search} > \caption{Using podman search} > \end{figure} > > (You could have used \textbf{httpd} instead of > \textbf{apache} in the above command with very similar > results.) > > \begin{troubleshooting} > > A list of container images containing \textbf{httpd} > or \textbf{apache} is expected. If this is not the > case, distribution may not have defined a default > search entry in the repository information. This > can be easily corrected, by entering the following command > and retesting the search command: > > \begin{cmd} > $ sudo sh -c 'echo unqualified-search-registries = ["docker.io"] >> /etc/containers/registries.conf' > \end{cmd} > > \end{troubleshooting} > > From now on we will not show detailed output since if > you have gotten this far, things should be fine. > > \item > Retrieve the container: > > \begin{cmd} > $ sudo podman pull docker.io/httpd > > \end{cmd} > > This may take a couple of minutes while all the > components download. > > \item > List the installed containers: > > \begin{cmd} > $ sudo podman images > \end{cmd} > > \item > List the components associated with the images. > > \begin{cmd} > $ sudo podman images --all > \end{cmd} > > \item > Start the \textbf{httpd} \textbf{podman} container. > The terminal will appear to hang as it is now > connected to the \textbf{httpd} daemon. > > \item > You can open a graphical web browser pointing to > the IP address in the above output. (Do not use the > address shown in the output above!) > > Or you can use a text-based browser (especially if > you are not in a graphical environment) by opening > up a new terminal window (do not kill the one in > which the \textbf{httpd} container is running!) and > doing one of the following commands: > > \begin{cmd} > $ lynx http://10.88.0.33 > $ w3m http://10.88.0.33 > $ elinks http://10.88.0.33 > \end{cmd} > > using whichever text-based browser is installed on your system. > \item > Stop the container and \textbf{podman} containers and > clean up. > > \begin{cmd} > $ sudo podman container list > \end{cmd} > > \begin{outfootnotesize}[] > CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES > 5eb53be5d5a0 docker.io/library/httpd:latest httpd-foreground 12 minutes ago Up 12 minutes ago nice_khorana > \end{outfootnotesize} > > \begin{cmd} > $ sudo podman container kill nice_khorana > \end{cmd} > > \begin{out}[] > nice_khorana > \end{out} > > \item > This will leave images and their associated storage > under either \filelink{/var/lib/docker} or > \filelink{/var/lib/containers} depending on your > particular system and distribution. If you do not > need to reuse them you can clean up with: > > \begin{cmd} > sudo podman container prune > \end{cmd} > > \begin{out}[] > WARNING! This will remove all non running containers. > Are you sure you want to continue? [y/N] y > 00b785df8f14fafff679e759329f327de01d8d0efce645f7d708ef73c168d0f5 > 23ad214fbaa9e2b1387c006f364a7e473af7c93f4d36940d001a237ea7e8309d > 27526c4912abdb22e56813d26f19554f9cd5ae3123a789a534c96253496652f2 > 27d627aff076f871683cb92e6f89db6efbf47cc150fb5e71f9349c41b03a9ea5 > 35e7b44229d056073cb39a718a6c4cc624fc6b5e69c861908c15d9881ff45803 > 3e885f9f02a861adf49858516dff15c4432fab96afaf0cc40d62d66832857225 > 47c43e3eb2eff9092c82e806f64ce3b1bf720a922715d97a4ba5fa1c0d18de7e > \end{out} > > \begin{cmd} > $ sudo podman image list > \end{cmd} > \begin{out} > REPOSITORY TAG IMAGE ID CREATED SIZE > docker.io/library/httpd latest f2a976f932ec 3 weeks ago 149 MB > quay.io/libpod/banner latest 5ba9aec95f0f 2 months ago 12.1 MB > \end{out} > \begin{cmd} > $ sudo podman image rm docker.io/library/httpd > \end{cmd} > \begin{out} > Untagged: docker.io/library/httpd:latest > Deleted: f2a976f932ec6fe48978c1cdde2c8217a497b1f080c80e49049e02757302cf74 > \end{out} > > \end{enumerate} > > \end{exe} > > \begin{exe} {Install, test and run a Docker container} > > \begin{important}[Overview] > > This exercise is for distributions that have the > \textbf{docker} package available. > > %(For distributions that do not have the > %\textbf{podman} packages available, use > %\textbf{Docker} instead. > > \end{important} > > > \lftable{Docker and distribution status} > \small{\begin{tcolorbox}[tabularx={p{0.20\textwidth}|X|p{0.50\textwidth}}] > > \textbf{Distribution} > & > \textbf{Status} > & > \textbf{Remedy} > \\ \hline > \textbf{CentOS-8-Stream} > & > No distribution supported packages > & > Use podman > \\ \hline > \textbf{CentOS-9-Stream} > & > No distribution supported packages > & > use podman-docker > \\ \hline > \textbf{Ubuntu-20.04} > & > Docker packages are available > & > use Docker > \\ \hline > \textbf{Ubuntu-22.04} > & > Docker packages are availabe but may be missing repository records > & > update repository records in repositories.conf > \end{tcolorbox}} > > \begin{enumerate} > > \item > Make sure \textbf{docker} is installed. Pick the appropriate > command for your distribution: > > \begin{cmd} > $ sudo apt install docker.io # Ubuntu-20.04 > $ sudo zypper install docker # openSUSE > \end{cmd} > > \item > Start the \textbf{docker} service: 59,60c315,319 < You may want to verify that it is running properly with < \verb? systemctl status docker?: --- > You may want to verify that it is running properly > with > \begin{cmd} > $ sudo systemctl status docker > \end{cmd} 63,64c322,323 < \includegraphics[width=7in]{IMAGES/docker-status} < \caption{Checking docker status} --- > \includegraphics[width=7in]{IMAGES/docker-start-service} > \caption{Checking docker service status} 66,74c325,347 < If you see anything indicating failure you should inspect < \filelink{/var/log/messages} or whatever other logging file < you have on your system for clues. If you are running a < standard distribution kernel you should be fine, but < if you are running a custom \textbf{Linux} kernel, it is < likely you have to select the proper configuration options, < especially as regards to networking. This is too complicated < to go into here, so please stay with a distribution supplied < kernel unless you want a challenging exercise! --- > > \begin{troubleshooting} > > If you see anything indicating failure you should > inspect \filelink{/var/log/messages} or whatever > other logging file you have on your system for > clues. > > \begin{info}[Kernel version may matter] > > If you are running a standard distribution kernel > you should be fine. However, if you are running a > custom \textbf{Linux} kernel, it is likely you > have to select the proper configuration options, > especially as regards to networking. This is too > complicated to go into here, so please stay with a > distribution-supplied kernel unless you want a > more challenging exercise! > > \end{info} > > \end{troubleshooting} > 76c349,356 < Search for the \textbf{httpd} container, with --- > The container \textbf{registry} is a collection of > containers ready to run. These may be public, private > or local collections. Some distributions ship with > several registries defined and others have nothing > defined. > > Search for the \textbf{httpd} image container, with: > 79c359,360 < \end{cmd} --- > \end{cmd} > 83a365 > 89a372,374 > > %% insert trouble shooting section for missing image repository > 91a377 > 94a381 > 96a384 > 98c386,387 < List the installed containers: --- > List the installed images: > 101,106c390,391 < \end{cmd} < \item < List the components associated with the images. < \begin{cmd} < $ sudo docker images --all < \end{cmd} --- > \end{cmd} > 111,112d395 < \begin{cmd} < c7:/tmp>sudo docker run httpd 113a397,400 > \begin{cmd} > $ sudo docker run httpd > \end{cmd} > \begin{out}[] 117c404,405 < \end{cmd} --- > \end{out} > 119,127c407,414 < You can open a graphical web browser pointing to the < IP address in the above output. (Do not use the address shown in < the output above!) < < Or you can use a text-based browser (especially if you < are not in a graphical environment) by opening up a < new terminal window (do not kill the one in which the < \textbf{docker httpd} container is running!) and doing < one of the following commands: --- > You can open a graphical web browser pointing to > the IP address in the above output. Or you can use > a text-based browser (especially if you are not in > a graphical environment) by opening up a new > terminal window (do not kill the one in which the > \textbf{httpd} container is running!) and doing one > of the following commands: > 130,133c417,423 < $ w3m http://172.17.0.2 < $ elinks http://172.17.0.2 < \end{cmd} < using whichever text-based browser is installed on your system. --- > $ lynx w3m://172.17.0.2 > $ lynx elinks://172.17.0.2 > \end{cmd} > > using whichever text-based browser is installed on > your system. > 135,136c425,426 < Stop the container and \textbf{docker} service and < clean up. --- > Stop the containers and clean up. > 138c428 < c7:/tmp>sudo docker ps --- > $ sudo docker container list --all 140,150c430,445 < \begin{klstfootnotesize}[] < CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES < b936b0afeb23 httpd "httpd-foreground" 41 seconds ago Up 40 seconds 80/tcp boring_turing < \end{klstfootnotesize} < \begin{cmd} < c7:/tmp>sudo docker stop b936b0afeb23 < \end{cmd} < \vspace{\negkspace} < \begin{klst}[] < b936b0afeb23 < \end{klst} --- > > \begin{outfootnotesize}[] > CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES > 959a4ab95626 httpd "httpd-foreground" 2 hours ago Exited (0) > 2 hours ago pensive_sammet > \end{outfootnotesize} > > \begin{cmd} > $ sudo docker container rm pensive_sammet > > \end{cmd} > > \begin{out}[] > pensive_sammet > \end{out} > 151a447 > 155,164c451,453 < particular system and distribution. If you do not need < to reuse them you can clean up with: < \begin{cmd} < c7:/tmp>sudo docker rmi -f docker.io/httpd < Untagged: docker.io/httpd:latest < Untagged: docker.io/httpd@sha256:cf774f082e92e582d02acdb76dc84e61dcf5394a90f99119d1ae39bcecbff075 < Deleted: sha256:cf6b6d2e846326d2e49e12961ee0f63d8b5386980b5d3a11b8283151602fa756 < \end{cmd} < and on some systems you may also need to do: < Deleted Containers: --- > particular system and distribution. If you do not > need to reuse them you can clean up with: > 166,169c455,494 < c7:/tmp>sudo docker system prune -a < ..... < \end{cmd} < On non-\textbf{podman} systems you may also want to do: --- > sudo docker container prune > \end{cmd} > > \begin{out}[] > WARNING! This will remove all non running containers. > Are you sure you want to continue? [y/N] y > 00b785df8f14fafff679e759329f327de01d8d0efce645f7d708ef73c168d0f5 > 23ad214fbaa9e2b1387c006f364a7e473af7c93f4d36940d001a237ea7e8309d > 27526c4912abdb22e56813d26f19554f9cd5ae3123a789a534c96253496652f2 > 27d627aff076f871683cb92e6f89db6efbf47cc150fb5e71f9349c41b03a9ea5 > 35e7b44229d056073cb39a718a6c4cc624fc6b5e69c861908c15d9881ff45803 > 3e885f9f02a861adf49858516dff15c4432fab96afaf0cc40d62d66832857225 > 47c43e3eb2eff9092c82e806f64ce3b1bf720a922715d97a4ba5fa1c0d18de7e > \end{out} > > \begin{cmd} > $ sudo docker image list --all > \end{cmd} > > \begin{out}[] > REPOSITORY TAG IMAGE ID CREATED SIZE > httpd latest a981c8992512 4 days ago 145MB > \end{out} > > \begin{cmd} > $ sudo docker image rm httpd > \end{cmd} > > \begin{out}[] > Untagged: httpd:latest > Untagged: httpd@sha256:70999c4a17c796dd28f86f9c847b30f28abaed6ef1fd72a44282b1c941238804 > Deleted: sha256:a981c8992512d65c9b450a9ecabb1cb9d35bb6b03f3640f86471032d5800d825 > Deleted: sha256:0fbd49f82b45671985b3275bbe52bb36496047a8893146e7e6fc8b258c0c7274 > Deleted: sha256:d4d2d5c5d610b9cd6063e316954eb0bdc0af36cf8c94570658278504f4c6bbf8 > Deleted: sha256:1c463a675bc2ad1cd823d7944a0c7cbea87635a248257455c5fd355c98bcfd0a > Deleted: sha256:6b66301e945a6b716b5fdef63c4e2e2dd692ec6aa5a84abb1165dec8a22538c6 > \end{out} > > You may also want to do: > 171,172c496,498 < c7:/tmp>sudo systemctl stop docker < \end{cmd} --- > $ sudo systemctl stop docker > \end{cmd} > containers/podman.tex --------------------------------------------------- diff LFS301EN/CHAPS/LFS301_containers/podman.tex LFS307/CHAPS/containers/podman.tex --------------------------------------------------- 45,46c45,46 < $ sudo apt-get update < $ sudo apt-get install podman --- > $ sudo apt update > $ sudo apt install podman 49,54d48 < On \textbf{Ubuntu 18.04} you have to first do: < \begin{cmd} < $ sudo apt-get update < $ sudo apt-get install software-properties-common < $ sudo add-apt-repository ppa:projectatomic/ppa < \end{cmd} 56a51,165 > \begin{frame} > {Podman, rootful vs rootless} > > Most container management utilities have the > concept of non-root users running containers. > Podman has very distinct differences. > > \begin{itemize} > \item rootful > \begin{itemize} > \item use \textbf{sudo} to be rootful > \item rootful does not show all resources > \item has a network bridge between the container > and the host system by default. > \item uses \file{/etc/containers} directory for configuration > \end{itemize} > \item{rootless} > \begin{itemize} > \item can see user related resources only > (images,networks,containers) > \item has an isolated private network with no > bridge to the host system > \item stores configuration information in: > > \file{\$HOME/.config/containers/containers.conf} > > \end{itemize} > \end{itemize} > \end{frame} > > \cprotect\note{ > > The order of precedence for the configuration files is: > \begin{enumerate} > \item distribution default: > > \file{/usr/share/containers/containers.conf} > > \item administrators override file: > > \file{/etc/containers/containers.conf} > > (This file may not be present.) > \item users preferences: > > \file{\$HOME/.config/containers/containers.conf} > > \end{enumerate} > > The networking and user level access to the networking is provided by: > \begin{itemize} > \item \textbf{slirp4netns} via the \textbf{podman network} interface > \item as of \textbf{podman v4}, the \textbf{netarvark} package > can be used for rootless and rootful containers. > \end{itemize} > > For additional information on podman networking, see: > > \url{https://github.com/containers/podman/blob/main/docs/tutorials/basic_networking.md} > > > > } > > \begin{frame} > {Podman, repositories} > > There are several locations for the container image repositories to reside: > \begin{itemize} > \item \textbf{/etc/containers/registries.conf} > \begin{itemize} > \item > system wide configuration file location > \item > may also have separate \textbf{.conf} files in > > \textbf{/etc/containers/registries.conf.d} > > (format V2 only) > \end{itemize} > \item > \file{\$HOME/.config/containers/registries.conf} > will be used first if it exists. In the > case of a conflict, the first match is used. > \end{itemize} > > > > \end{frame} > > \cprotect\note{ > The repository information options, some of the more common items are: > \begin{itemize} > \item \textbf{registries.search} > indicates which repository will be used for the \textbf{podman search} > command. If there is no search repositories defined, > the search will not return any information. > \item \textbf{registries.insecure} > by default registries require \textbf{TLS} to retrieve an image > from the registries, this option allows unencrypted HTTP > traffic > \item \textbf{registries.block} > container images cannot be pulled from the listed locations > \item an additional parameter for the repositories file is the: > > \textbf{unqualified-search-registries} > option which allows a comma separated list of image registries > to be used for the \textbf{podman search} command for example: > > > \begin{out}unqualified-search-registries = ["docker.io"] > \end{out} > \end{itemize} > See \textbf{man 5 containers-registries.conf} for additional details. > } dpkg/dpkg.tex --------------------------------------------------- diff LFS301EN/CHAPS/LFS301_dpkg/dpkg.tex LFS307/CHAPS/dpkg/dpkg.tex --------------------------------------------------- 45a46 > 48c49 < \begin{itemize} --- > \begin{itemize}A 52c53 < \begin{kcode} --- > \begin{out}[] 54c55 < \end{kcode} --- > \end{out} 56c57 < \begin{kcode} --- > \begin{out}[] 59c60 < \end{kcode} --- > \end{out} 133,136c134,167 < Only versions of \textbf{dpkg} greater than 1.17 support the < \texttt{-V} option. Without arguments this will verify all < packages on the system. See the \textbf{man} page to < interpret the output. --- > It is often important to get information about a > particular package or to locate any files that have > changed after installation. For example, to see what > version of a particular package is installed: > > \begin{cmd} > $ dpkg -s dpkg | grep -i version > \end{cmd} > > \begin{out}[] > Version: 1.19.7ubuntu3.2 > \end{out} > on \textbf{Ubuntu 20.04}. > > Without additional arguments, \verb?dpkg -V? will verify > all packages on the system: > > \begin{cmd} > $ sudo dpkg -V > \end{cmd} > > \begin{out}[] > ??5?????? c /etc/logrotate.conf > ??5?????? c /etc/logrotate.d/apt > ??5?????? c /etc/logrotate.d/bootlog > ??5?????? c /etc/logrotate.d/rsyslog > ??5?????? c /etc/logrotate.d/ufw > ??5?????? c /etc/logrotate.d/apport > ??5?????? c /etc/logrotate.d/speech-dispatcher > ??5?????? c /etc/logrotate.d/unattended-upgrades > .... > \end{out} > > See the \textbf{man} page to interpret the output. dpkg/labs.tex --------------------------------------------------- diff LFS301EN/CHAPS/LFS301_dpkg/labs.tex LFS307/CHAPS/dpkg/labs.tex --------------------------------------------------- 41,42c41,42 < \vspace{\negkspace} < \begin{klst}[] --- > > \begin{out}[] 46c46 < \end{klst} --- > \end{out} 51,52c51,52 < \vspace{\negkspace} < \begin{klst}[] --- > > \begin{out}[] 54c54 < \end{klst} --- > \end{out} 63,64c63,64 < \vspace{\negkspace} < \begin{klst}[] --- > > \begin{out}[] 74c74 < \end{klst} --- > \end{out} ext4/labs.tex --------------------------------------------------- diff LFS301EN/CHAPS/LFS301_ext4/labs.tex LFS307/CHAPS/ext4/labs.tex --------------------------------------------------- 45,46c45,46 < \vspace{\negkspace} < \begin{klst}[] --- > > \begin{out}[] 49c49 < \end{klst} --- > \end{out} 72,73c72,73 < \vspace{\negkspace} < \begin{klst}[] --- > > \begin{out}[] 87c87 < \end{klst} --- > \end{out} 91,92c91,92 < \vspace{\negkspace} < \begin{klst}[] --- > > \begin{out}[] 110c110 < \end{klst} --- > \end{out} 175,176c175,176 < \vspace{\negkspace} < \begin{klst}[] --- > > \begin{out}[] 178c178 < \end{klst} --- > \end{out} 182,183c182,183 < \vspace{\negkspace} < \begin{klst}[] --- > > \begin{out}[] 189c189 < \end{klst} --- > \end{out} 194,195c194,195 < \vspace{\negkspace} < \begin{klst}[] --- > > \begin{out}[] 198c198 < \end{klst} --- > \end{out} 202,203c202,203 < \vspace{\negkspace} < \begin{klst}[] --- > > \begin{out}[] 206c206 < \end{klst} --- > \end{out} 210,211c210,211 < \vspace{\negkspace} < \begin{klst}[] --- > > \begin{out}[] 214c214 < \end{klst} --- > \end{out} 219,220c219,220 < \vspace{\negkspace} < \begin{klst}[] --- > > \begin{out}[] 222c222 < \end{klst} --- > \end{out} 227,228c227,228 < \vspace{\negkspace} < \begin{klst}[] --- > > \begin{out}[] 234c234 < \end{klst} --- > \end{out} 238,239c238,239 < \vspace{\negkspace} < \begin{klst}[] --- > > \begin{out}[] 257c257 < \end{klst} --- > \end{out} firewall/firewalld.tex --------------------------------------------------- diff LFS301EN/CHAPS/LFS301_firewall/firewalld.tex LFS307/CHAPS/firewall/firewalld.tex --------------------------------------------------- 55,56c55,56 < \vspace{\negkspace} < \begin{klst}[] --- > > \begin{out}[] 65c65 < \end{klst} --- > \end{out} 116,117c116,117 < \vspace{\negkspace} < \begin{klst}[] --- > > \begin{out}[] 123c123 < \end{klst} --- > \end{out} 126,127d125 < < running 128a127,130 > \begin{out}[] > running > \end{out} > firewall/firewalls.tex --------------------------------------------------- diff LFS301EN/CHAPS/LFS301_firewall/firewalls.tex LFS307/CHAPS/firewall/firewalls.tex --------------------------------------------------- 72c72 < metadata about transmissions --- > metadata about transmissions. firewall/labs.tex --------------------------------------------------- diff LFS301EN/CHAPS/LFS301_firewall/labs.tex LFS307/CHAPS/firewall/labs.tex --------------------------------------------------- 15,16c15,16 < \vspace{\negkspace} < \begin{klst}[] --- > > \begin{out}[] 19c19 < \end{klst} --- > \end{out} 26c26 < $ sudo apt-get install firewalld --- > $ sudo apt install firewalld 75,76c75,76 < \vspace{\negkspace} < \begin{klst}[] --- > > \begin{out}[] 85c85 < \end{klst} --- > \end{out} 109,110c109,110 < \vspace{\negkspace} < \begin{klst}[] --- > > \begin{out}[] 112c112 < \end{klst} --- > \end{out} 116,117c116,117 < \vspace{\negkspace} < \begin{klst}[] --- > > \begin{out}[] 119c119 < \end{klst} --- > \end{out} 123,124c123,124 < \vspace{\negkspace} < \begin{klst}[] --- > > \begin{out}[] 126c126 < \end{klst} --- > \end{out} 132,133c132,133 < \vspace{\negkspace} < \begin{klst}[] --- > > \begin{out}[] 135c135 < \end{klst} --- > \end{out} 164a165,166 > > \input{nat-lab.inc} firewall/port.tex --------------------------------------------------- diff LFS301EN/CHAPS/LFS301_firewall/port.tex LFS307/CHAPS/firewall/port.tex --------------------------------------------------- 1a2 > 31,32c32,34 < \vspace{\negkspace} < \vspace{\negkspace} --- > > \vspace{-12pt} > 43,49c45,48 < \vspace{\negkspace} < \begin{klst}[] < RH-Satellite-6 amanda-client bacula bacula-client dhcp dhcpv6 dhcpv6-client dns ftp high-availability http\ < https imaps ipp ipp-client ipsec kerberos kpasswd ldap ldaps libvirt libvirt-tls mdns mountd ms-wbt\ < mysql nfs ntp openvpn pmcd pmproxy pmwebapi pmwebapis pop3s postgresql proxy-dhcp radius rpc-bind samba\ < samba-client smtp ssh telnet tftp tftp-client transmission-client vnc-server wbem-https < \end{klst} --- > > \begin{out}[] > RH-Satellite-6 amanda-client bacula bacula-client dhcp dhcpv6 dhcpv6-client dns ftp high-availability http https imaps ipp ipp-client ipsec kerberos kpasswd ldap ldaps libvirt libvirt-tls mdns mountd ms-wbt mysql nfs ntp openvpn pmcd pmproxy pmwebapi pmwebapis pop3s postgresql proxy-dhcp radius rpc-bind samba samba-client smtp ssh telnet tftp tftp-client transmission-client vnc-server wbem-https > \end{out} 55,56c54,55 < \vspace{\negkspace} < \begin{klst}[] --- > > \begin{out}[] 58c57 < \end{klst} --- > \end{out} 63,65c62,64 < \vspace{\negkspace} < \vspace{\negkspace} < \begin{klst}[] --- > > > \begin{out}[] 67c66 < \end{klst} --- > \end{out} 75a75,76 > \vspace{-12pt} > 101,102c102,103 < \vspace{\negkspace} < \begin{klst}[] --- > > \begin{out}[] 104c105 < \end{klst} --- > \end{out} 108,109c109,110 < \vspace{\negkspace} < \begin{klst}[] --- > > \begin{out}[] 111c112 < \end{klst} --- > \end{out} 117,118c118,119 < \vspace{\negkspace} < \begin{klst}[] --- > > \begin{out}[] 120c121 < \end{klst} --- > \end{out} firewall/source.tex --------------------------------------------------- diff LFS301EN/CHAPS/LFS301_firewall/source.tex LFS307/CHAPS/firewall/source.tex --------------------------------------------------- 39,40c39,40 < \vspace{\negkspace} < \begin{klst}[] --- > > \begin{out}[] 42c42 < \end{klst} --- > \end{out} firewall/zones.tex --------------------------------------------------- diff LFS301EN/CHAPS/LFS301_firewall/zones.tex LFS307/CHAPS/firewall/zones.tex --------------------------------------------------- 116,117c116,117 < \vspace{\negkspace} < \begin{klst}[] --- > > \begin{out}[] 139c139 < \end{klst} --- > \end{out} fownership/fileperm.tex --------------------------------------------------- diff LFS301EN/CHAPS/LFS301_fownership/fileperm.tex LFS307/CHAPS/fownership/fileperm.tex --------------------------------------------------- 20,21c20,21 < \vspace{\negkspace} < \begin{klst}[] --- > > \begin{out}[] 25c25 < \end{klst} --- > \end{out} 36,37c36,37 < \vspace{\negkspace} < \begin{klst}[] --- > > \begin{out}[] 39c39 < \end{klst} --- > \end{out} 62,63c62,63 < \vspace{\negkspace} < \begin{klst}[] --- > > \begin{out}[] 65c65 < \end{klst} --- > \end{out} 122c122 < --- > \clearpage 139c139 < \begin{kcode}[] --- > \begin{out}[] 141c141 < \end{kcode} --- > \end{out} 147c147 < \begin{kcode}[] --- > \begin{out}[] 149c149 < \end{kcode} --- > \end{out} 297,298c297,298 < \vspace{\negkspace} < \begin{klst}[] --- > > \begin{out}[] 301c301 < \end{klst} --- > \end{out} 310,311c310,311 < \vspace{\negkspace} < \begin{klst}[] --- > > \begin{out}[] 313c313 < \end{klst} --- > \end{out} fownership/labs.tex --------------------------------------------------- diff LFS301EN/CHAPS/LFS301_fownership/labs.tex LFS307/CHAPS/fownership/labs.tex --------------------------------------------------- 45,46c45,46 < \vspace{\negkspace} < \begin{klst}[] --- > > \begin{out}[] 48c48 < \end{klst} --- > \end{out} 63,64c63,64 < \vspace{\negkspace} < \begin{klst}[] --- > > \begin{out}[] 66c66 < \end{klst} --- > \end{out} 95c95 < from previous exercises. --- > from previous exercises). 100c100 < User \textbf{setfacl} to make the file writeable by the new user --- > Use \textbf{setfacl} to make the file writeable by the new user 103c103 < User \textbf{setfacl} to make the file not readable by the new user --- > Use \textbf{setfacl} to make the file not readable by the new user 107c107 < Clean up as necessary --- > Clean up as necessary. 121,122c121,122 < \vspace{\negkspace} < \begin{klst}[] --- > > \begin{out}[] 130c130 < \end{klst} --- > \end{out} 143,144c143,144 < \vspace{\negkspace} < \begin{klst}[] --- > > \begin{out}[] 146c146 < \end{klst} --- > \end{out} 153,154c153,154 < \vspace{\negkspace} < \begin{klst}[] --- > > \begin{out}[] 164c164 < \end{klst} --- > \end{out} fslayout/bin.tex --------------------------------------------------- diff LFS301EN/CHAPS/LFS301_fslayout/bin.tex LFS307/CHAPS/fslayout/bin.tex --------------------------------------------------- 57c57 < \includegraphics[width=6.0in]{IMAGES/lsbin} --- > \includegraphics[width=6.5in]{IMAGES/lsbin} fslayout/boot.tex --------------------------------------------------- diff LFS301EN/CHAPS/LFS301_fslayout/boot.tex LFS307/CHAPS/fslayout/boot.tex --------------------------------------------------- 42c42 < \includegraphics[width=5.0in]{IMAGES/lsboot} --- > \includegraphics[width=4.5in]{IMAGES/lsboot} fslayout/dev.tex --------------------------------------------------- diff LFS301EN/CHAPS/LFS301_fslayout/dev.tex LFS307/CHAPS/fslayout/dev.tex --------------------------------------------------- 15c15 < \includegraphics[height=3.3in]{IMAGES/device_node} --- > \includegraphics[height=3.2in]{IMAGES/device_node} 23,41c23,39 < \vspace{\negkspace} < < This directory contains \textbf{special device files} < (also known as \textbf{device nodes}) which represent < devices built into or connected to the system. These special < files are essential for the system to function properly. < Such device files represent \textbf{character} < (byte-stream) and \textbf{block} I/O devices; < \textbf{network} devices do not have devices nodes in < \textbf{Linux} and are instead referenced by name, such as < \texttt{eth1} or \texttt{wlan0}. < < \begin{figure}[H] < \includegraphics[width=4.0in]{IMAGES/lsdev} < \caption{/dev Directory} < \end{figure} < \vspace{\negkspace} < \vspace{\negkspace} < --- > \vspace{-12pt} > \small{ > This directory contains \textbf{special device files} > (also known as \textbf{device nodes}) which represent > devices built into or connected to the system. These special > files are essential for the system to function properly. > Such device files represent \textbf{character} > (byte-stream) and \textbf{block} I/O devices; > \textbf{network} devices do not have devices nodes in > \textbf{Linux} and are instead referenced by name, such as > \texttt{eth1} or \texttt{wlan0}. > > \begin{figure}[H] > \includegraphics[width=4.0in]{IMAGES/lsdev} > \caption{/dev Directory} > \end{figure} > \vspace{-12pt} 43,54c41,53 < All modern \textbf{Linux} distributions use the < \textbf{udev} system, which creates nodes in < \filelink{/dev} only as needed when devices are found, < If you were to look at the \filelink{/dev} directory on < an unmounted filesystem, you would find it empty. < %% directory; upon boot a virtual filesystem is created and < %% mounted at \filelink{/dev} and then populated with < %% devices nodes as \textbf{udev} requires. Embedded < %% \textbf{Linux} systems (which are not being discussed < %% much in this course) may have fixed device nodes and not < %% use \textbf{udev} or use an alternative such as < %% \textbf{mdev}. --- > All modern \textbf{Linux} distributions use the > \textbf{udev} system, which creates nodes in > \filelink{/dev} only as needed when devices are found. > If you were to look at the \filelink{/dev} directory on > an unmounted filesystem, you would find it empty. > %% directory; upon boot a virtual filesystem is created and > %% mounted at \filelink{/dev} and then populated with > %% devices nodes as \textbf{udev} requires. Embedded > %% \textbf{Linux} systems (which are not being discussed > %% much in this course) may have fixed device nodes and not > %% use \textbf{udev} or use an alternative such as > %% \textbf{mdev}. > } fslayout/etc.tex --------------------------------------------------- diff LFS301EN/CHAPS/LFS301_fslayout/etc.tex LFS307/CHAPS/fslayout/etc.tex --------------------------------------------------- 13,14c13,14 < extends adds a number of other directories, including < \filelink{sysconfig} --- > adds a number of other directories, including > \filelink{/etc/sysconfig} 30c30 < hosts,equiv, hosts.lpd, inetd.conf, inittab, issue, --- > hosts.equiv, hosts.lpd, inetd.conf, inittab, issue, 50c50 < used to populate newly created home directories). --- > used to populate newly created home directories. 56c56 < \filelink{/etc/init.d}: Contains, startup and shutdown scripts for --- > \filelink{/etc/init.d}: Contains startup and shutdown scripts for fslayout/fhs.tex --------------------------------------------------- diff LFS301EN/CHAPS/LFS301_fslayout/fhs.tex LFS307/CHAPS/fslayout/fhs.tex --------------------------------------------------- 17a18 > 144c145 < Virtual pseudo-filesystem giving information about the --- > Virtual pseudo filesystem giving information about the 156c157 < Virtual pseudo-filesystem giving information about the --- > Virtual pseudo filesystem giving information about the fslayout/labs.tex --------------------------------------------------- diff LFS301EN/CHAPS/LFS301_fslayout/labs.tex LFS307/CHAPS/fslayout/labs.tex --------------------------------------------------- 30,31c30,31 < \vspace{\negkspace} < \begin{klst}[] --- > > \begin{out}[] 45c45 < \end{klst} --- > \end{out} 61c61 < because these are pseudo-filesystems which exist --- > because these are pseudo filesystems which exist 93,94c93,94 < \vspace{\negkspace} < \begin{klst}[] --- > > \begin{out}[] 129c129 < \end{klst} --- > \end{out} 170,171c170,171 < \vspace{\negkspace} < \begin{klst}[] --- > > \begin{out}[] 179c179 < \end{klst} --- > \end{out} fslayout/lib.tex --------------------------------------------------- diff LFS301EN/CHAPS/LFS301_fslayout/lib.tex LFS307/CHAPS/fslayout/lib.tex --------------------------------------------------- 6c6 < \item Contains only those libraries which are needed --- > \item Contain only those libraries which are needed 9,10d8 < \item Kernel modules go in \filelink{/lib/modules} < \item PAM modules go in \filelink{/lib/security} 11a10,12 > \item Kernel modules go in \filelink{/lib/modules} > \item \textbf{PAM} modules go in distribution-dependent locations such as > \filelink{/lib64/security} or \filelink{/lib/x86_64-linux-gnu/security} 37c38,39 < located under \url{/lib/modules/}. --- > located under \file{/lib/modules/}, > as in \filelink{/lib/modules/5.19.4}. 40,41c42,45 < \textbf{M}odules) files are stored in the < \filelink{/lib/security}. --- > \textbf{M}odules) files are stored in > distribution-dependent locations such as > \filelink{/lib64/security} or > \filelink{/lib/x86_64-linux-gnu/security}. 53,55c57 < \vspace{\negkspace} < \begin{klst}[] < >>>>>>> staging --- > \begin{out}[] 58c60 < \end{klst} --- > \end{out} fslayout/opt.tex --------------------------------------------------- diff LFS301EN/CHAPS/LFS301_fslayout/opt.tex LFS307/CHAPS/fslayout/opt.tex --------------------------------------------------- 14,20c14,22 < \vspace{\negkspace} < \begin{klst}[] < total 20 < drwxr-xr-x 4 root root 4096 Feb 4 2020 brother < drwxr-xr-x 4 root root 4096 Sep 1 2019 google < drwxr-xr-x 29 root root 12288 Jan 19 17:06 zoom < \end{klst} --- > > \begin{out}[] > total 20K > drwxr-xr-x. 4 root root 4.0K Jul 26 2021 brother > drwxr-xr-x. 4 root root 4.0K Sep 1 2019 google > drwxr-xr-x 3 root root 4.0K Jul 7 08:03 rh > drwxr-xr-x 12 root root 4.0K Jul 1 09:55 VirtualBox > drwxr-xr-x. 30 root root 4.0K May 30 13:08 zoom > \end{out} fslayout/proc.tex --------------------------------------------------- diff LFS301EN/CHAPS/LFS301_fslayout/proc.tex LFS307/CHAPS/fslayout/proc.tex --------------------------------------------------- 6c6 < \item A pseudo-file system: not stored --- > \item A pseudo filesystem: not stored 19c19 < \textbf{pseudo-filesystem} where all information --- > \textbf{pseudo filesystem} where all information 44c44 < Important pseudo-files including --- > Important pseudo files including 63c63 < We will extensively examine entries in \filelink{/proc} --- > We will examine entries in \filelink{/proc} 80c80,82 < \vspace{\negkspace} --- > > \vspace{-12pt} > 88,89c90,91 < \vspace{\negkspace} < \vspace{\negkspace} --- > > \vspace{-24pt} 98,99c100,101 < \vspace{\negkspace} < \vspace{\negkspace} --- > > \vspace{-24pt} fslayout/run.tex --------------------------------------------------- diff LFS301EN/CHAPS/LFS301_fslayout/run.tex LFS307/CHAPS/fslayout/run.tex --------------------------------------------------- 5c5 < \item Pseudo-filesystem, exists only in memory --- > \item Pseudo filesystem, exists only in memory 23c23 < is a pseudo-filesystem existing only in memory. --- > is a pseudo filesystem existing only in memory. fslayout/sbin.tex --------------------------------------------------- diff LFS301EN/CHAPS/LFS301_fslayout/sbin.tex LFS307/CHAPS/fslayout/sbin.tex --------------------------------------------------- 47a48 > 51,54c52,55 < \vspace{\negkspace} < \begin{klst}[] < rwxrwxrwx 1 root root 8 Apr 23 2020 /sbin -> usr/sbin < \end{klst} --- > > \begin{out}[] > rwxrwxrwx 1 root root 8 Apr 23 08:23 /sbin -> usr/sbin > \end{out} fslayout/srv.tex --------------------------------------------------- diff LFS301EN/CHAPS/LFS301_fslayout/srv.tex LFS307/CHAPS/fslayout/srv.tex --------------------------------------------------- 44a45,48 > On \textbf{Linux} distributions such as \textbf{Ubuntu} > and \textbf{Red Hat}-based ones, \filelink{/srv} is empty > by default. > fslayout/sys.tex --------------------------------------------------- diff LFS301EN/CHAPS/LFS301_fslayout/sys.tex LFS307/CHAPS/fslayout/sys.tex --------------------------------------------------- 6c6 < \item Another pseudo-file system: not stored --- > \item Another pseudo filesystem: not stored 22c22 < \textbf{sysfs} \textbf{pseudo-filesystem} where all --- > \textbf{sysfs} \textbf{pseudo filesystem} where all 34c34 < pseudo-files in \filelink{/sys} contain only one --- > pseudo files in \filelink{/sys} contain only one fslayout/tmp.tex --------------------------------------------------- diff LFS301EN/CHAPS/LFS301_fslayout/tmp.tex LFS307/CHAPS/fslayout/tmp.tex --------------------------------------------------- 14c14 < that mount \filelink{/tmp} as a pseudo-filesystem --- > that mount \filelink{/tmp} as a pseudo filesystem groups/group.tex --------------------------------------------------- diff LFS301EN/CHAPS/LFS301_groups/group.tex LFS307/CHAPS/groups/group.tex --------------------------------------------------- 57a58,115 > \section{Group Membership} > \begin{frame} > {Group Membership} > > A \textbf{Linux} user: > \begin{itemize} > \item Has one primary group > \begin{itemize} > \item Primary group is the one listed in > \filelink{/etc/passwd} > \item Also will be listed in > \filelink{/etc/group} > \end{itemize} > \item May belong to between 0 and 15 secondary groups > \item Can identify the groups he or she belongs to by > executing either of > \begin{cmd} > $ groups [user1 user2 ...] > $ id -Gn [user1 user2 ...] > \end{cmd} > \item With no arguments, either command reports on the > current user. > \end{itemize} > > \end{frame} > > \cprotect\note{ > > The primary group is the GID that is used whenever the > user creates files or directories. Membership in > other, secondary, groups grants the user those > additional permissions. > > Users can identify which groups they are a member of > with either the \textbf{groups} or \textbf{id -Gn} > commands. > > Default groups can differ by distribution and installation specifics. > > On \textbf{CentOS}: > \begin{cmd} > [student@CentOS ~] groups > \end{cmd} > > \begin{out}[] > student > \end{out} > On \textbf{Ubuntu}: > \begin{cmd} > student@ubuntu ~$ groups > \end{cmd} > > \begin{out}[] > student adm cdrom sudo dip plugdev lpadmin sambashare libvirt > \end{out} > > } > 139,195d196 < \section{Group Membership} < \begin{frame} < {Group Membership} < < A \textbf{Linux} user: < \begin{itemize} < \item Has one primary group < \begin{itemize} < \item Primary group is the one listed in < \filelink{/etc/passwd} < \item Also will be listed in < \filelink{/etc/group} < \end{itemize} < \item May belong to between 0 and 15 secondary groups < \item Can identify the groups he or she belongs to by < executing either of < \begin{cmd} < $ groups [user1 user2 ...] < $ id -Gn [user1 user2 ...] < \end{cmd} < \item With no arguments, either command reports on the < current user. < \end{itemize} < < \end{frame} < < \cprotect\note{ < < The primary group is the GID that is used whenever the < user creates files or directories. Membership in < other, secondary, groups grants the user those < additional permissions. < < Users can identify which groups they are a member of < with either the \textbf{groups} or \textbf{id -Gn} < commands. < < Default groups can differ by distribution and installation specifics. < < On \textbf{CentOS}: < \begin{cmd} < [student@CentOS ~] groups < \end{cmd} < \vspace{\negkspace} < \begin{klst}[] < student < \end{klst} < On \textbf{Ubuntu}: < \begin{cmd} < student@ubuntu ~$ groups < \end{cmd} < \vspace{\negkspace} < \begin{klst}[] < student adm cdrom sudo dip plugdev lpadmin sambashare libvirt < \end{klst} < < } groups/labs.tex --------------------------------------------------- diff LFS301EN/CHAPS/LFS301_groups/labs.tex LFS307/CHAPS/groups/labs.tex --------------------------------------------------- 40c40 < Add \verb?bullwinkle? to the bosses group and try --- > Add \verb?bullwinkle? to the \verb?bosses? group and try 43c43 < effective. do the following: --- > effective. Do the following: 55,56c55,56 < \vspace{\negkspace} < \begin{klst}[] --- > > \begin{out}[] 60c60 < \end{klst} --- > \end{out} 64,65c64,65 < \vspace{\negkspace} < \begin{klst}[] --- > > \begin{out}[] 69c69 < \end{klst} --- > \end{out} 73,74c73,74 < \vspace{\negkspace} < \begin{klst}[] --- > > \begin{out}[] 79c79 < \end{klst} --- > \end{out} 86,87c86,87 < \vspace{\negkspace} < \begin{klst}[] --- > > \begin{out}[] 90c90 < \end{klst} --- > \end{out} 98,99c98,99 < \vspace{\negkspace} < \begin{klst}[] --- > > \begin{out}[] 104c104 < \end{klst} --- > \end{out} 108,109c108,109 < \vspace{\negkspace} < \begin{klst}[] --- > > \begin{out}[] 112c112 < \end{klst} --- > \end{out} 121,122c121,122 < \vspace{\negkspace} < \begin{klst}[] --- > > \begin{out}[] 126c126 < \end{klst} --- > \end{out} 135,136c135,136 < \vspace{\negkspace} < \begin{klst}[] --- > > \begin{out}[] 138c138 < \end{klst} --- > \end{out} iomonitor/iomonitor.tex --------------------------------------------------- diff LFS301EN/CHAPS/LFS301_iomonitor/iomonitor.tex LFS307/CHAPS/iomonitor/iomonitor.tex --------------------------------------------------- 15c15 < Three important tools: --- > Some important tools: 21,22d20 < \item < \textbf{ionice} 53c51 < complex. We will also consider \textbf{I/O scheduling} later. --- > complex. iomonitor/iotop.tex --------------------------------------------------- diff LFS301EN/CHAPS/LFS301_iomonitor/iotop.tex LFS307/CHAPS/iomonitor/iotop.tex --------------------------------------------------- 27,29c27,28 < Please note that the \textbf{be} and \textbf{rt} entries in < the \textbf{PRIO} are explained in the \textbf{ionice} < section, and stand for \textbf{best effort} and --- > In the \verb?PRIO? column, \textbf{be} stands for > \textbf{best effort} and \textbf{rt} stands for iomonitor/labs.tex --------------------------------------------------- diff LFS301EN/CHAPS/LFS301_iomonitor/labs.tex LFS307/CHAPS/iomonitor/labs.tex --------------------------------------------------- 14c14 < \textbf{bon\_csv2txt}, can be used convert to html and --- > \textbf{bon\_csv2txt}, can be used to convert to html and 25,26c25,26 < \vspace{\negkspace} < \begin{klst}[] --- > > \begin{out}[] 37c37 < \end{klst} --- > \end{out} 70a71,83 > \begin{lfbox} > > For \textbf{RHEL/CentOS 9}, there is currently no > package available but the earlier version works, and > can be obtained from the \textbf{EPEL 8} repository: > \url{https://dl.fedoraproject.org/pub/epel/8/Everything/x86_64/Packages/b/bonnie++-1.98-1.el8.x86_64.rpm} > and install with: > > \begin{cmd} > $ sudo dnf localinstall bonnie++-*rpm > \end{cmd} > \end{lfbox} > 74c87 < \end{cmd} --- > \end{cmd} 76,77c89 < \vspace{\negkspace} < \begin{klst}[] --- > \begin{out}[] 91c103 < \end{klst} --- > \end{out} 92a105 > 96a110 > 100,101c114,115 < \vspace{\negkspace} < \begin{klst}[] --- > > \begin{out}[] 115c129 < \end{klst} --- > \end{out} 160,161c174,175 < \vspace{\negkspace} < \begin{klst}[] --- > > \begin{out}[] 164c178 < \end{klst} --- > \end{out} kernel-config/config.tex --------------------------------------------------- diff LFS301EN/CHAPS/LFS301_kernel-config/config.tex LFS307/CHAPS/kernel-config/config.tex --------------------------------------------------- 1c1,87 < \section{Kernel Configuration} --- > \section{Kernel Boot Parameters} > \begin{frame} > {Kernel Boot Parameters} > > \begin{itemize} > \item > Appear on the kernel line in \filelink{grub.cfg} > \item > Can also be supplied interactively at boot > \item > Parameters can be specified either as: > > \begin{itemize} > > \item > A simple value as an argument > > \item > In the form \verb?param=value? where \verb?value? can > be a string, integer, array of integers etc. > \end{itemize} > > \begin{out}[] > vmlinuz root=/dev/sda6 rhgb quiet crashkernel=512M > \end{out} > > \item > No intentionally secret, hidden, parameters > > \item > Enumerated in \file{kernel-parameters.txt} in the kernel > source or on line at > \url{https://kernel.org/doc/html/latest/admin-guide/kernel-parameters.html}. > > \end{itemize} > > \end{frame} > > \cprotect\note{ > > Kernel options are placed at the end of the kernel line > and are separated by spaces. An example of kernel > boot parameters: > > \begin{out}[] > linux /boot/vmlinuz-5.19.0 root=/dev/sda5 ro crashkernel=512M quiet selinux=0 > \end{out} > > \begin{itemize} > > \item > \verb?root?: root filesystem (can be in the form of > \verb?root=UUID=...? or \verb?root=/dev/sda5? or > \verb?root=LABEL=CentOS9? etc. > > \item > \verb?ro?: mounts root device read-only on boot > > \item > \verb?crashkernel=512M?: how much memory to set aside > for \textbf{kernel crashdumps} through the > \textbf{kdump} facility. > > \item > \verb?quiet?: disables most log messages > > \item > \verb?selinux=0? disables \textbf{SELinux} > > \end{itemize} > > See \textbf{man bootparam} and > \filelink{kernel-parameters.txt} in the on-machine kernel > documentation, which can be found either in the kernel > source, or in a package with a name like > \textbf{kernel-doc}. Even easier, look online at > \url{https://kernel.org/doc/html/latest/admin-guide/kernel-parameters.html}. > > Note that \textbf{Linux} distributions often add > parameters that are particular to that distribution, such > as \verb?rhgb? in the example above, which stands for > \textbf{Red Hat Graphical Boot}. > > } > > \clearpage > \section{Kernel Command Line} 11c97 < \file{grub.cfg} somewhere under \filelink{/boot} --- > \filelink{grub.cfg} somewhere under \filelink{/boot} 17c103 < \begin{kcode} --- > \begin{out}[] 22c108 < \end{kcode} --- > \end{out} 29c115 < \begin{kcode}[] --- > \begin{out}[] 34c120 < \end{kcode} --- > \end{out} 43,44d128 < \begin{kcode} < linux /boot/vmlinuz-4.19.0 root=UUID=7ef4e747-afae-48e3-90b4-9be8be8d0258 ro quiet crashkernel=384M-:128M 46,47c130,134 < linuxefi /boot/vmlinuz-5.2.9 root=UUID=77461ee7-c34a-4c5f-b0bc-29f4feecc743 ro crashkernel=auto rhgb quiet < \end{kcode} --- > \begin{out}[] > linux /boot/vmlinuz-5.19.0 root=UUID=7ef4e747-afae-48e3-90b4-9be8be8d0258 ro quiet > > linuxefi /boot/vmlinuz-5.2.9 root=UUID=77461ee7-c34a-4c5f-b0bc-29f4feecc743 ro crashkernel=auto rhgb quiet crashkernel=384M-:128M > \end{out} 62,65c149,152 < \vspace{\negkspace} < \begin{klst}[] < BOOT_IMAGE=(hd0,msdos1)/boot/vmlinuz-5.11.0 root=UUID=7a8244d5-f289-4067-8ad6-9090080b7e35 ro resume=UUID=d602c4e1-ef8a-4945-8e3b-e98fcc8bfba2 rhgb quiet < \end{klst} --- > > \begin{out}[] > BOOT_IMAGE=(hd0,msdos2)/boot/vmlinuz-5.19.0 root=UUID=7f7221b8-60d8-41b9-b643-dfcc80527c37 ro rhgb quiet crashkernel=512M > \end{out} 68c155 < \textbf{Fedora} and \textbf{RHEL/CentOS 8} now use --- > \textbf{Fedora} and \textbf{RHEL/CentOS} use the 71,77c158,160 < line is set. < You should now look in \filelink{/boot/grub2/grubenv} < for that information. < < We will discuss this later in more detail when we take < up \textbf{grub} in a full chapter. < --- > line is set. You should now look in either > \filelink{/boot/grub2/grubenv} for that information, > or the files in \filelink{/boot/loader/entries}. 81,132d163 < < \section{Kernel Boot Parameters} < \begin{frame} < {Kernel Boot Parameters} < < \begin{itemize} < \item Appear on the kernel line in \filelink{grub.cfg} < \item Can also be supplied interactively at boot < \item Parameters can be specified either as: < \begin{itemize} < \item a simple value as an argument < \item in the form \verb?param=value? where < \verb?value? can be a string, integer, array of < integers etc. < \end{itemize} < \begin{kcode} < vmlinuz root=/dev/sda6 ..... noapic .... crashkernel=256M < \end{kcode} < \item No intentionally secret, hidden, parameters < \item < Enumerated in \filelink{kernel-parameters.txt} in the kernel source < \end{itemize} < < \end{frame} < < \cprotect\note{ < < Kernel options are placed at the end of the kernel < line and are separated by spaces. An example of < kernel boot parameters (all on one line): < < \begin{kcode} < linux16 /boot/vmlinuz-3.19.1.0 root=UUID=178d0092-4154-4688-af24-cda272265e08 ro < vconsole.keymap=us crashkernel=auto vconsole.font=latarcyrheb-sun16 rhgb quiet LANG=en_US.UTF-8 < \end{kcode} < \begin{itemize} < \item \verb?root?: root filesystem < \item \verb?ro?: mounts root device read-only on boot < \item \verb?vconsole.keymap?: which keyboard to use on the console < \item \verb?crashkernel?: how much memory to set aside for \textbf{kernel crashdumps} < \item \verb?vconsole.font?: which font to use on the console < \item \texttt{rhgb}: for graphical boot < \item \texttt{quiet}: disables most log messages < \item \texttt{LANG}: is the system language < \end{itemize} < < See \textbf{man bootparam} and < \filelink{kernel-parameters.txt} in the kernel < documentation. Kernel documentation can be found in a < package with a name like \textbf{kernel-doc} or < \textbf{linux-doc}, or online at < \url{http://kernel.org/doc/Documentation/}. } kernel-config/labs.tex --------------------------------------------------- diff LFS301EN/CHAPS/LFS301_kernel-config/labs.tex LFS307/CHAPS/kernel-config/labs.tex --------------------------------------------------- 131,132c131,132 < \vspace{\negkspace} < \begin{klst}[] --- > > \begin{out}[] 134c134 < \end{klst} --- > \end{out} 148,149c148,149 < \vspace{\negkspace} < \begin{klst}[] --- > > \begin{out}[] 151c151 < \end{klst} --- > \end{out} kernel-config/sysctl.tex --------------------------------------------------- diff LFS301EN/CHAPS/LFS301_kernel-config/sysctl.tex LFS307/CHAPS/kernel-config/sysctl.tex --------------------------------------------------- 53,55c53,54 < \filelink{/etc/sysctl.d}. However, the original file < (\filelink{/etc/sysctl.conf}) is still supported as is < self-documented in that file. --- > \filelink{/etc/sysctl.d}. However, the self-documenting > original file (\filelink{/etc/sysctl.conf}) is still supported. kernel-modules/utils.tex --------------------------------------------------- diff LFS301EN/CHAPS/LFS301_kernel-modules/utils.tex LFS307/CHAPS/kernel-modules/utils.tex --------------------------------------------------- 141c141 < \includegraphics[width=5.5in]{IMAGES/modinfo} --- > \includegraphics[width=6.5in]{IMAGES/modinfo} 157c157 < \filelink{/sys} pseudo-filesystem directory tree; in the --- > \filelink{/sys} pseudo filesystem directory tree; in the 159c159 < \filelink{/sys/module/e1000} and some if not all parameters --- > \filelink{/sys/module/sg} and some if not all parameters 161c161 < \filelink{/sys/module/e1000/parameters}. We will show how --- > \filelink{/sys/module/sg/parameters}. We will show how kernel-udev/labs.tex --------------------------------------------------- diff LFS301EN/CHAPS/LFS301_kernel-udev/labs.tex LFS307/CHAPS/kernel-udev/labs.tex --------------------------------------------------- 46,47c46,47 < \vspace{\negkspace} < \begin{klst}[] --- > > \begin{out}[] 49c49 < \end{klst} --- > \end{out} kernel-udev/udev.tex --------------------------------------------------- diff LFS301EN/CHAPS/LFS301_kernel-udev/udev.tex LFS307/CHAPS/kernel-udev/udev.tex --------------------------------------------------- 98,99c98,99 < \vspace{\negkspace} < \begin{klst}[] --- > > \begin{out}[] 124c124 < \end{klst} --- > \end{out} 208c208 < \vspace{\negkspace} --- > 229,230c229,230 < \vspace{\negkspace} < \begin{klstfootnotesize}[] --- > > \begin{outfootnotesize}[] 232c232 < \end{klstfootnotesize} --- > \end{outfootnotesize} 236,237c236,237 < \vspace{\negkspace} < \begin{klstfootnotesize}[] --- > > \begin{outfootnotesize}[] 245c245 < \end{klstfootnotesize} --- > \end{outfootnotesize} 254c254,255 < \begin{kcode} --- > \vspace{12pt} > \begin{out}[] 256c257 < \end{kcode} --- > \end{out} 259c260,261 < \begin{kcode} --- > \vspace{12pt} > \begin{out}[] 264c266 < \end{kcode} --- > \end{out} 307,311c309,312 < \vspace{-6pt} < \begin{kcode}[] < SUBSYSTEM=="usb", ATTR{idVendor}=="2687", ATTR{idProduct}=="fb01", \ < SYMLINK+="fitbit", MODE="0666" < \end{kcode} --- > > \begin{out}[] > SUBSYSTEM=="usb", ATTR{idVendor}=="2687", ATTR{idProduct}=="fb01", SYMLINK+="fitbit", MODE="0666" > \end{out} 317,327c318,324 < \vspace{-6pt} < \begin{kcode}[] < SUBSYSTEM=="cpu", ACTION=="add", PROGRAM="/bin/systemctl \ < try-restart kdump.service" < SUBSYSTEM=="cpu", ACTION=="remove", PROGRAM="/bin/systemctl \ < try-restart kdump.service" < SUBSYSTEM=="memory", ACTION=="online", PROGRAM="/bin/systemctl \ < try-restart kdump.service" < SUBSYSTEM=="memory", ACTION=="offline", PROGRAM="/bin/systemctl \ < try-restart kdump.service" < \end{kcode} --- > > \begin{out}[] > SUBSYSTEM=="cpu", ACTION=="add", PROGRAM="/bin/systemctl try-restart kdump.service" > SUBSYSTEM=="cpu", ACTION=="remove", PROGRAM="/bin/systemctl try-restart kdump.service" > SUBSYSTEM=="memory", ACTION=="online", PROGRAM="/bin/systemctl try-restart kdump.service" > SUBSYSTEM=="memory", ACTION=="offline", PROGRAM="/bin/systemctl try-restart kdump.service" > \end{out} 332,333c329,330 < \vspace{-6pt} < \begin{kcode}[] --- > > \begin{out}[] 335c332 < \end{kcode} --- > \end{out} lsm/apparmor.tex --------------------------------------------------- diff LFS301EN/CHAPS/LFS301_lsm/apparmor.tex LFS307/CHAPS/lsm/apparmor.tex --------------------------------------------------- 74,75c74,75 < \vspace{\negkspace} < \vspace{\negkspace} --- > > 77c77 < Distributions that come with \textbf{AppArmor}, tend to --- > Distributions that come with \textbf{AppArmor} tend to 100,101c100,101 < \vspace{\negkspace} < \begin{klst}[] --- > > \begin{out}[] 107c107 < \end{klst} --- > \end{out} 119,120c119,120 < \vspace{\negkspace} < \begin{klst}[] --- > > \begin{out}[] 123c123 < \end{klst} --- > \end{out} 191,192c191,192 < \vspace{\negkspace} < \begin{klst}[] --- > > \begin{out}[] 197c197 < \end{klst} --- > \end{out} 256,257c256,257 < \vspace{\negkspace} < \begin{klst}[] --- > > \begin{out}[] 273c273 < \end{klst} --- > \end{out} 281,282c281,282 < \vspace{\negkspace} < \begin{klst}[] --- > > \begin{out}[] 286c286 < \end{klst} --- > \end{out} lsm/labs.tex --------------------------------------------------- diff LFS301EN/CHAPS/LFS301_lsm/labs.tex LFS307/CHAPS/lsm/labs.tex --------------------------------------------------- 45,46c45,46 < \vspace{\negkspace} < \begin{klst}[] --- > > \begin{out}[] 48c48 < \end{klst} --- > \end{out} 59,60c59,60 < \vspace{\negkspace} < \begin{klst}[] --- > > \begin{out}[] 64c64 < \end{klst} --- > \end{out} 71,72c71,72 < \vspace{\negkspace} < \begin{klst}[] --- > > \begin{out}[] 75c75 < \end{klst} --- > \end{out} 82,83c82,83 < \vspace{\negkspace} < \begin{klst}[] --- > > \begin{out}[] 85c85 < \end{klst} --- > \end{out} 101c101 < \textbf{apt-get} commands should be replaced by --- > \textbf{apt} commands should be replaced by 120c120 < student@ubuntu:~$ sudo apt-get install apparm* --- > student@ubuntu:~$ sudo apt install apparm* lsm/selinux.tex --------------------------------------------------- diff LFS301EN/CHAPS/LFS301_lsm/selinux.tex LFS307/CHAPS/lsm/selinux.tex --------------------------------------------------- 56c56 < An \textbf{SELinux} context is a label used by a rule --- > A \textbf{SELinux} context is a label used by a rule 143,144c143,144 < \vspace{\negkspace} < \begin{klst}[] --- > > \begin{out}[] 146c146 < \end{klst} --- > \end{out} 152,153c152,153 < \vspace{\negkspace} < \begin{klst}[] --- > > \begin{out}[] 155c155 < \end{klst} --- > \end{out} 292,293c292,293 < \vspace{\negkspace} < \begin{klst}[] --- > > \begin{out}[] 295c295 < \end{klst} --- > \end{out} 300,301c300,301 < \vspace{\negkspace} < \begin{klst}[] --- > > \begin{out}[] 303c303 < \end{klst} --- > \end{out} 307,308c307,308 < \vspace{\negkspace} < \begin{klst}[] --- > > \begin{out}[] 311c311 < \end{klst} --- > \end{out} 316,317c316,317 < \vspace{\negkspace} < \begin{klst}[] --- > > \begin{out}[] 320c320 < \end{klst} --- > \end{out} 344,345c344,345 < \vspace{\negkspace} < \vspace{\negkspace} --- > > 357,358c357,358 < \vspace{\negkspace} < \begin{klst}[] --- > > \begin{out}[] 369c369 < \end{klst} --- > \end{out} 373,374c373,374 < \vspace{\negkspace} < \begin{klst}[] --- > > \begin{out}[] 381c381 < \end{klst} --- > \end{out} 408,409c408,409 < \vspace{\negkspace} < \vspace{\negkspace} --- > > 424,425c424,425 < \vspace{\negkspace} < \begin{klst}[] --- > > \begin{out}[] 427c427 < \end{klst} --- > \end{out} 433,434c433,434 < \vspace{\negkspace} < \begin{klst}[] --- > > \begin{out}[] 436c436 < \end{klst} --- > \end{out} 441,442c441,442 < \vspace{\negkspace} < \begin{klst}[] --- > > \begin{out}[] 445c445 < \end{klst} --- > \end{out} 487,488c487,488 < \vspace{\negkspace} < \begin{klst}[] --- > > \begin{out}[] 491c491 < \end{klst} --- > \end{out} 495,496c495,496 < \vspace{\negkspace} < \begin{klst}[] --- > > \begin{out}[] 499c499 < \end{klst} --- > \end{out} 503,504c503,504 < \vspace{\negkspace} < \begin{klst}[] --- > > \begin{out}[] 507c507 < \end{klst} --- > \end{out} 531,532c531,532 < \vspace{\negkspace} < \vspace{\negkspace} --- > > 545,546c545,546 < \vspace{\negkspace} < \begin{klst}[] --- > > \begin{out}[] 549c549 < \end{klst} --- > \end{out} 554,555c554,555 < \vspace{\negkspace} < \begin{klst}[] --- > > \begin{out}[] 558c558 < \end{klst} --- > \end{out} 562,563c562,563 < \vspace{\negkspace} < \begin{klst}[] --- > > \begin{out}[] 566c566 < \end{klst} --- > \end{out} 570,571c570,571 < \vspace{\negkspace} < \begin{klst}[] --- > > \begin{out}[] 573c573 < \end{klst} --- > \end{out} 600a601,602 > > \vspace{-12pt} 620,621c622 < \vspace{\negkspace} < \vspace{\negkspace} --- > \vspace{-12pt} 652c653 < \begin{klstfootnotesize}[] --- > \begin{outfootnotesize}[] 679c680 < \end{klstfootnotesize} --- > \end{outfootnotesize} lsm/whatis.tex --------------------------------------------------- diff LFS301EN/CHAPS/LFS301_lsm/whatis.tex LFS307/CHAPS/lsm/whatis.tex --------------------------------------------------- 68c68,70 < --- > \item > \textbf{Yama}: > \url{https://kernel.org/doc/html/latest/admin-guide/LSM/Yama.html} 70,72c72,73 < Since 2019 it has been possible to combine < (stack) \textbf{LSM}s in certain specified < orders. --- > Since 2019 it has been possible to combine (stack) > \textbf{LSM}s in certain specified orders. lvm/lvm.tex --------------------------------------------------- diff LFS301EN/CHAPS/LFS301_lvm/lvm.tex LFS307/CHAPS/lvm/lvm.tex --------------------------------------------------- 59c59 < devices (which we will discuss next.) They can actually be built on top of a --- > devices. They can actually be built on top of a lvm/lvs.tex --------------------------------------------------- diff LFS301EN/CHAPS/LFS301_lvm/lvs.tex LFS307/CHAPS/lvm/lvs.tex --------------------------------------------------- 123c123 < more physical volumes. If you leave off physical --- > more physical volumes. If you leave off the physical memmon/labs.tex --------------------------------------------------- diff LFS301EN/CHAPS/LFS301_memmon/labs.tex LFS307/CHAPS/memmon/labs.tex --------------------------------------------------- 3c3,8 < \begin{exe} {Invoking the OOM Killer} --- > \ifINSTRUCTORLED > \begin{videobox} > \begin{alltt} > \reslink{using_swap_and_oom_demo.mp4}\end{alltt} > \end{videobox} > \fi 5,6c10 < Examine what swap partitions and files are present on < your system by examining \filelink{/proc/swaps}. --- > \begin{exe} {Managing Swap Space} 8c12,15 < Turn off all swap with the command --- > Examine your current swap space by doing: > \begin{cmd} > $ cat /proc/swaps > \end{cmd} 9a17,22 > \begin{out}[] > Filename Type Size Used Priority > /dev/sda11 partition 4193776 0 -1 > \end{out} > We will now add more swap space by adding either a new > partition or a file. To use a file we can do: 11c24 < $ sudo /sbin/swapoff -a --- > $ dd if=/dev/zero of=swpfile bs=1M count=1024 13,14c26,31 < Make sure you turn it back on later, when we are done, < with --- > > \begin{out}[] > 1024+0 records in > 1024+0 records out > 1073741824 bytes (1.1 GB) copied, 1.30576 s, 822 MB/s > \end{out} 16c33 < $ sudo /sbin/swapon -a --- > $ mkswap swpfile 19,22c36,42 < Now we are going to put the system under increasing < memory pressure. One way to do this is to exploit the < \textbf{stress-ng} program we installed earlier, running it < with arguments such as: --- > \begin{out}[] > Setting up swapspace version 1, size = 1048572 KiB > no label, UUID=85bb62e5-84b0-4fdd-848b-4f8a289f0c4c > \end{out} > (For a real partition just feed \textbf{mkswap} the > partition name, but be aware all data on it will be > erased!) 23a44 > Activate the new swap space: 25c46 < $ stress-ng -m 12 -t 10s --- > $ sudo swapon swpfile 27d47 < which would keep 3 GB busy for 10 seconds. 29,35c49,64 < You should see the \textbf{OOM} (Out of Memory) killer < swoop in and try to kill processes in a struggle to stay < alive. You can see what is going on by running < \textbf{dmesg} or monitoring < \filelink{/var/log/messages} or < \filelink{/var/log/syslog}, or through graphical < interfaces that expose the system logs. --- > \begin{out}[] > swapon: /tmp/swpfile: insecure permissions 0664, 0600 suggested. > swapon: /tmp/swpfile: insecure file owner 500, 0 (root) suggested. > \end{out} > \begin{redhatfamilybox} > Notice \textbf{RHEL} warns us we are being insecure, we really > should fix with: > \begin{cmd} > $ sudo chown root:root swpfile > $ sudo chmod 600 swpfile > \end{cmd} > \end{redhatfamilybox} > We ensure \verb?swpfile? is being used: > \begin{cmd} > $ cat /proc/swaps > \end{cmd} 37c66,73 < Who gets clobbered first? --- > \begin{out}[] > Filename Type Size Used Priority > /dev/sda11 partition 4193776 0 -1 > /tmp/swpfile file 1048572 0 -2 > \end{out} > Note the \verb?Priority? field; swap partitions or files > of lower priority will not be used until higher priority > ones are filled. 38a75,81 > > Remove the swap file from use and delete it to save > space: > \begin{cmd} > $ sudo swapoff swpfile > $ sudo rm swpfile > \end{cmd} 40a84,174 > > \begin{exe} {Invoking the \textbf{OOM} Killer} > > \begin{itemize} > \item > > When the \textbf{Linux} kernel gets under extreme memory > pressure it invokes the dreaded \textbf{OOM} (\textbf{O}ut > \textbf{O}f \textbf{M}emory) \textbf{Killer}. This tries to > select the ``best'' process to kill to help the > system recover gracefully. > > \item > > We are going to force the system to run short on memory > and watch what happens. The first thing to do is to open > up a terminal window, and in it type: > > \begin{cmd} > $ sudo tail -f /var/log/messages > \end{cmd} > in order to watch kernel messages as they appear. > > \end{itemize} > \begin{lfbox} > \begin{itemize} > \item > An even better way to look is furnished by: > \begin{cmd} > $ dmesg -w > \end{cmd} > as it does not show non-kernel messages. > \end{itemize} > \end{lfbox} > \begin{itemize} > > \item > > This exercise will be easier to perform if we turn off > all swap first with the command: > > \begin{cmd} > $ sudo /sbin/swapoff -a > \end{cmd} > Make sure you turn it back on later with > \begin{cmd} > $ sudo /sbin/swapon -a > \end{cmd} > > \item > > Now we are going to put the system under increasing > memory pressure. You are welcome to find your own way of > doing it but we also supply a program for consuming the > memory: > > \cfile[\texttt{lab\_wastemem.c}]{lab_wastemem.c} > > It takes as an argument how many MB to consume. > Keep running it, gradually increasing the amount of memory > requested until your system runs out of memory. > > \begin{info} > You should be able to compile the program and > run it by just doing: > \begin{cmd} > $ gcc -o lab_wastemem lab_wastemem.c > $ ./lab_wastemem 4096 > \end{cmd} > which would waste 4 GB. It would be a good idea > to run \textbf{gnome-system-monitor} or another > memory monitoring program while it is running > (although the display may freeze for a while!) > \end{info} > > \item > > You should see the \textbf{OOM} (Out of Memory) killer > swoop in and try to kill processes in a struggle to stay > alive. Who gets clobbered first? > \end{itemize} > > \begin{sol} > \begin{alltt} > \lablink{lab_wastemem.c} > \lablink{lab_waste.sh} > \end{alltt} > > \end{sol} > > \end{exe} memmon/memmon.tex --------------------------------------------------- diff LFS301EN/CHAPS/LFS301_memmon/memmon.tex LFS307/CHAPS/memmon/memmon.tex --------------------------------------------------- 40,41c40,41 < \vspace{\negkspace} < \begin{klst}[] --- > > \begin{out}[] 45c45 < \end{klst} --- > \end{out} 92c92 < The pseudofile \filelink{/proc/meminfo} contains a wealth of --- > The pseudo file \filelink{/proc/meminfo} contains a wealth of 193,199c193,199 < With the \verb?-a? option, \textbf{vmstat} displays information about active < and inactive memory pages: active pages are those < recently used; they may be clean (disk < contents are up to date) or dirty (need to be flushed to < disk eventually). By contrast, inactive memory pages have < not been recently used and are more likely to be clean and < are released sooner under memory pressure: --- > With the \verb?-a? option, \textbf{vmstat} displays > information about active and inactive memory pages: > active pages are those recently used; they may be clean > (disk contents are up to date) or dirty (need to be > flushed to disk eventually). By contrast, inactive memory > pages have not been recently used and are more likely to > be clean and are released sooner under memory pressure: 206c206 < \includegraphics[width=4.75in]{IMAGES/vmstata} --- > \includegraphics[width=4.9in]{IMAGES/vmstata} 209,210c209,211 < \vspace{\negkspace} < \vspace{\negkspace} --- > > \vspace{-24pt} > 212a214 > 214c216 < \includegraphics[width=4.75in]{IMAGES/vmstatp} --- > \includegraphics[width=4.9in]{IMAGES/vmstatp} 217,273c219 < } < < \section{Out of Memory Killer (OOM)} < < \begin{frame} < {OOM Killer} < < \begin{itemize} < \item < Systems may run out of physical memory. One can: < \begin{enumerate} < \item Deny any further memory requests until memory is freed up < \item Extend physical memory by the use of \textbf{swap} space < \item Terminate (intelligently) selected processes to reduce memory usage < and let the system survive < \end{enumerate} < \item \textbf{Linux} systems most often implement the second and third < methods < \item Which processes are terminated is selected by the < \textbf{OOM} killer < \end{itemize} < \end{frame} < < \cprotect\note{ < < The simplest way to deal with memory pressure would be to < permit memory allocations to succeed as long as free memory < is available and then fail when all memory is exhausted. < < The second simplest way is to use swap space on disk to push < some of the resident memory out of core; in this case, the < total available memory (at least in theory) is the actual < RAM plus the size of the swap space. The hard part of this < is to figure out which pages of memory to swap out when < pressure demands. In this approach, once the swap space < itself is filled, requests for new memory must fail. < < Linux, however, goes one better; it permits the system to < overcommit memory, so that it can grant memory requests that < exceed the size of RAM plus swap. While this might seem < foolhardy, many (if not most) processes do not use all < requested memory. < < An example would be a program that allocates a 1 MB buffer, < and then uses only a few pages of the memory. Another < example is that every time a child process is forked, it < receives a copy of the entire memory space of the < parent. Because Linux uses the COW (copy on write) < technique, unless one of the processes modifies memory, no < actual copy needs be made. However, the kernel has to assume < that the copy might need to be done. < < Thus, the kernel permits overcommission of memory, but only < for pages dedicated to user processes; pages used within the < kernel are not swappable and are always allocated at request < time. < --- > \vspace{-24pt} 277,349d222 < \begin{frame} < {OOM Killer Algorithms} < < \begin{itemize} < < \item < Heuristic algorithm is not intended to be depended on for < normal operations. Is there more for a graceful shutdown or < retrenchment < \item < Process selection depends on a \textbf{badness} value which can < be read from \filelink{/proc/[pid]/oom_score} for each process < \item < Adjustments can be made to a process's \file{oom\_adj\_score} in the < same directory for each task. < \end{itemize} < < \end{frame} < < \cprotect\note{ < < One can modify, and even turn off overcommission by < setting the value of < \filelink{/proc/sys/vm/overcommit_memory}: < \begin{itemize} < < \item 0: (default) Permit overcommission, but refuse < obvious overcommits, and give root users somewhat more < memory allocation than normal users. < < \item 1: All memory requests are allowed to overcommit. < < \item 2: Turn off overcommission. Memory requests will fail < when the total memory commit reaches the size of the < swap space plus a configurable percentage (50 by < default) of RAM. This factor is modified changing < \filelink{/proc/sys/vm/overcommit_ratio}. < < \end{itemize} < An amusing take on this was given by Andries Brouwer < (\url{https://lwn.net/Articles/104185/}): < < \begin{quote}\small{ < < An aircraft company discovered that it was cheaper to < fly its planes with less fuel on board. The planes < would be lighter and use less fuel and money was saved. < On rare occasions however the amount of fuel was < insufficient, and the plane would crash. This problem < was solved by the engineers of the company by the < development of a special OOF (out-of-fuel) mechanism. < In emergency cases a passenger was selected and thrown < out of the plane. (When necessary, the procedure was < repeated.) A large body of theory was developed and < many publications were devoted to the problem of < properly selecting the victim to be ejected. Should the < victim be chosen at random? Or should one choose the < heaviest person? Or the oldest? Should passengers pay < in order not to be ejected, so that the victim would be < the poorest on board? And if for example the heaviest < person was chosen, should there be a special exception < in case that was the pilot? Should first class < passengers be exempted? Now that the OOF mechanism < existed, it would be activated every now and then, and < eject passengers even when there was no fuel shortage. < The engineers are still studying precisely how this < malfunction is caused. < } < \end{quote} < < < < } netconfig/configfiles.tex --------------------------------------------------- diff LFS301EN/CHAPS/LFS301_netconfig/configfiles.tex LFS307/CHAPS/netconfig/configfiles.tex --------------------------------------------------- 41a42,43 > \begin{frame} > {Network Manager Config Files} 42a45,79 > \begin{itemize} > \item > \textbf{Network Manager} can use the traditional network files > from several distributions. The networking profiles > are supported by \textbf{plugins}. > \item The \textbf{key-value} is the preferred file format. > \item There are > several optional \texttt{plugins} for > traditional configuration compatibility. > \begin{itemize} > \item \textbf{ifupdown} for \file{/etc/network/interfaces} > \item \textbf{ifcfg-rh} for \file{/etc/sysconfig/network-scripts} > \item \textbf{ifcfg-suse} is for simple compatibility for SUSE > and openSUSE > \item \textbf{key-file} is a generic replacement for > system specific configuration files. > \end{itemize} > \end{itemize} > > > For additional information see: \\ > \url{https://wiki.gnome.org/Projects/NetworkManager/SystemSettings/} > > \end{frame} > > \cprotect\note{ > There is a configuration option in \file{/etc/NetworkManager/NetworkManager.conf} > in the \textbf{[main]} section that lists which \textbf{plugins} for configuration > processing are to be used in a comma separated list. \\ > For additional information see: \\ > \url{https://developer-old.gnome.org/NetworkManager/stable/NetworkManager.conf.html} > > > > } netconfig/diagnostics.tex --------------------------------------------------- diff LFS301EN/CHAPS/LFS301_netconfig/diagnostics.tex LFS307/CHAPS/netconfig/diagnostics.tex --------------------------------------------------- 22c22 < Sends 64-byte test packets to designated network hosts and --- > Sends 64-byte test packets to designated network hosts netconfig/dns.tex --------------------------------------------------- diff LFS301EN/CHAPS/LFS301_netconfig/dns.tex LFS307/CHAPS/netconfig/dns.tex --------------------------------------------------- 69,70c69,70 < \vspace{\negkspace} < \begin{klst}[] --- > > \begin{out}[] 76c76 < \end{klst} --- > \end{out} 171,172c171,172 < \vspace{\negkspace} < \begin{klst}[] --- > > \begin{out}[] 174c174 < \end{klst} --- > \end{out} netconfig/labs.tex --------------------------------------------------- diff LFS301EN/CHAPS/LFS301_netconfig/labs.tex LFS307/CHAPS/netconfig/labs.tex --------------------------------------------------- 29a30 > \item Verify the DHCP lease is updating on an adapter. 150,151c151,152 < \vspace{\negkspace} < \begin{klst}[] --- > > \begin{out}[] 162c163 < \end{klst} --- > \end{out} 186,187c187,188 < \vspace{\negkspace} < \begin{klst}[] --- > > \begin{out}[] 191c192 < \end{klst} --- > \end{out} 196,197c197,198 < \vspace{\negkspace} < \begin{klst}[] --- > > \begin{out}[] 199c200 < \end{klst} --- > \end{out} 217,218c218,219 < \vspace{\negkspace} < \begin{klst}[] --- > > \begin{out}[] 230c231 < \end{klst} --- > \end{out} 259,260c260,261 < \vspace{\negkspace} < \begin{klst}[] --- > > \begin{out}[] 267c268 < \end{klst} --- > \end{out} 271,272c272,273 < \vspace{\negkspace} < \begin{klst}[] --- > > \begin{out}[] 277c278 < \end{klst} --- > \end{out} 288,289c289,290 < \vspace{\negkspace} < \begin{klst}[] --- > > \begin{out}[] 296c297 < \end{klst} --- > \end{out} 302,303c303,304 < \vspace{\negkspace} < \begin{klst}[] --- > > \begin{out}[] 305c306 < \end{klst} --- > \end{out} 309,310c310,311 < \vspace{\negkspace} < \begin{klst}[] --- > > \begin{out}[] 318c319 < \end{klst} --- > \end{out} 325,326c326,327 < \vspace{\negkspace} < \begin{klst}[] --- > > \begin{out}[] 334c335 < \end{klst} --- > \end{out} 340,341c341,342 < \vspace{\negkspace} < \begin{klst}[] --- > > \begin{out}[] 350c351 < \end{klst} --- > \end{out} 361a363,457 > \item The NetworkManager client is becoming the default DHCP > client on most distributions. > The Network Manager DHCP client stores the information > internally in its own location and format. > We can use the Network Manager “nmcli” command to > query the DHCP information stored by Network Manager. > > Use the following command to locate a connection and > related device. The “-a” option will restrict the > output to “active” devices. This option can be removed > for additional device and connection information. > > \begin{cmd} > $ nmcli con sho -a > \end{cmd} > \begin{out}[] > NAME UUID TYPE DEVICE > centos9stream beb244d0-fb0e-3f4a-83a4-c700fd0fca7a ethernet ens33 > \end{out} > To extract the DHCP information, use the “nmcli connection show” > command including the connection name this time. > There will be about 140 lines of information which > can be easily be reduced by adding a > “grep” command to search for only “DHCP” information. > \begin{cmd} > $ nmcli con sho centos9stream| grep "^DHCP4" > \end{cmd} > \begin{out}[] > DHCP4.OPTION[1]: broadcast_address = 192.168.156.255 > DHCP4.OPTION[2]: dhcp_lease_time = 1800 > DHCP4.OPTION[3]: dhcp_server_identifier = 192.168.156.254 > DHCP4.OPTION[4]: domain_name = localdomain > DHCP4.OPTION[5]: domain_name_servers = 192.168.156.2 > DHCP4.OPTION[6]: expiry = 1677701018 > DHCP4.OPTION[7]: ip_address = 192.168.156.128 > DHCP4.OPTION[8]: next_server = 192.168.156.254 > DHCP4.OPTION[9]: requested_broadcast_address = 1 > DHCP4.OPTION[10]: requested_domain_name = 1 > DHCP4.OPTION[11]: requested_domain_name_servers = 1 > DHCP4.OPTION[12]: requested_domain_search = 1 > DHCP4.OPTION[13]: requested_host_name = 1 > DHCP4.OPTION[14]: requested_interface_mtu = 1 > DHCP4.OPTION[15]: requested_ms_classless_static_routes = 1 > DHCP4.OPTION[16]: requested_nis_domain = 1 > DHCP4.OPTION[17]: requested_nis_servers = 1 > DHCP4.OPTION[18]: requested_ntp_servers = 1 > DHCP4.OPTION[19]: requested_rfc3442_classless_static_routes = 1 > DHCP4.OPTION[20]: requested_root_path = 1 > DHCP4.OPTION[21]: requested_routers = 1 > DHCP4.OPTION[22]: requested_static_routes = 1 > DHCP4.OPTION[23]: requested_subnet_mask = 1 > DHCP4.OPTION[24]: requested_time_offset = 1 > DHCP4.OPTION[25]: requested_wpad = 1 > DHCP4.OPTION[26]: routers = 192.168.156.2 > DHCP4.OPTION[27]: subnet_mask = 255.255.255.0 > \end{out} > > One of the lines of interest is: \verb?expiry = 1677701018? which > is the \textbf{Unix timestamp} when the lease expires. > We can force a DHCP update from the server by cycling the > connection down then back up. > > Bring the connection down. > \begin{cmd} > $ nmcli con down id centos9stream > $ nmcli con sho centos9stream| grep "^DHCP4" > \end{cmd} > To verify the connection is down search again for the > DHCP information with “nmcli”, since the connection is down, > no related information will be displayed. > > Bring the connection back up. > \begin{cmd} > $ nmcli con up id centos9stream > \end{cmd} > \begin{out}[] > Connection successfully activated (D-Bus active path: > /org/freedesktop/NetworkManager/ActiveConnection/5) > \end{out} > > Now the connection is back up, the DHCP information > is available again. This time the command has been > expanded to only include the “expiry” timestamp. > > \begin{cmd} > $ nmcli con sho centos9stream| grep "^DHCP4"|grep expiry > \end{cmd} > \begin{out}[] > DHCP4.OPTION[6]: expiry = 1677702231 > \end{out} > > Compare the timestamps between the > command just executed and the previous output, the timestamps > should be slightly different indicating the DHCP server has > indeed updated our DHCP client’s request. netconfig/pnidn.tex --------------------------------------------------- diff LFS301EN/CHAPS/LFS301_netconfig/pnidn.tex LFS307/CHAPS/netconfig/pnidn.tex --------------------------------------------------- 37,38c37,38 < \vspace{\negkspace} < \vspace{\negkspace} --- > > 44,45c44,45 < \vspace{\negkspace} < \begin{klstfootnotesize}[] --- > > \begin{outfootnotesize}[] 53c53 < \end{klstfootnotesize} --- > \end{outfootnotesize} 58,59c58,59 < \vspace{\negkspace} < \begin{klstfootnotesize}[] --- > > \begin{outfootnotesize}[] 63c63 < \end{klstfootnotesize} --- > \end{outfootnotesize} 72,73c72,73 < \vspace{\negkspace} < \begin{klstfootnotesize}[] --- > > \begin{outfootnotesize}[] 79c79 < \end{klstfootnotesize} --- > \end{outfootnotesize} netconfig/routing.tex --------------------------------------------------- diff LFS301EN/CHAPS/LFS301_netconfig/routing.tex LFS307/CHAPS/netconfig/routing.tex --------------------------------------------------- 80,81c80,81 < \vspace{\negkspace} < \begin{klst}[] --- > > \begin{out}[] 89c89 < \end{klst} --- > \end{out} packagingsystems/concepts.tex --------------------------------------------------- diff LFS301EN/CHAPS/LFS301_packagingsystems/concepts.tex LFS307/CHAPS/packagingsystems/concepts.tex --------------------------------------------------- 115,116c115,116 < \vspace{\negkspace} < \begin{klst}[] --- > > \begin{out}[] 122c122 < \end{klst} --- > \end{out} 188c188,189 < Install or remove a single package or a list of named ones --- > Install or remove a single package or a list of named > ones 190,191c191,195 < \item Dependencies not fully handled, only warned about or cause error < \item If another package needs to be installed first --- > \item > Dependencies not fully handled, only warned about or > cause error > \item > If another package needs to be installed first 193,194c197,199 < \item If the package is needed by another package, < removal will fail --- > \item > If the package is needed by another package, removal > will fail 196c201,202 < \item Examples: \textbf{rpm} and \textbf{dpkg} --- > \item > Examples: \textbf{rpm} and \textbf{dpkg} 198c204,205 < \item \textbf{High Level Utility} --- > \item > \textbf{High Level Utility} 207,209c214,216 < \item Examples: \textbf{dnf}, \textbf{yum}, < \textbf{zypper}, \textbf{PackageKit},and < \textbf{apt} --- > \item > Examples: \textbf{dnf}, \textbf{yum}, \textbf{zypper}, > \textbf{PackageKit},and \textbf{apt} 221,222c228,229 < removes a single package, or a list of packages each < one of which is individually and specifically named. --- > removes a single package, or a list of packages each one > of which is individually and specifically named. 226c233,234 < \item If another package needs to be installed first --- > \item > If another package needs to be installed first 228,231c236,246 < \item If the package is needed by another package, < removal will fail. < \end{itemize} The \textbf{rpm} and \textbf{dpkg} utilities < play this role for the packaging systems that use them. --- > \item > If the package is needed by another package, removal > will fail. > \end{itemize} > > The \textbf{rpm} and \textbf{dpkg} utilities play this > role for the packaging systems that use them. > > \item > \textbf{High Level Utility}: This solves the dependency > problems: 233,234d247 < \item \textbf{High Level Utility}: This solves the < dependency problems: 236,249c249,252 < \item If another package or group of packages needs to < be installed before software can be installed, such < needs will be satisfied. < \item If removing a package interferes with another < installed package, the administrator will be given < the choice of either aborting, or removing all < affected software. < \end{itemize} The \textbf{dnf} and \textbf{zypper} < utilities (and the older \textbf{yum}) take < care of the dependency resolution for \textbf{rpm} < systems, and \textbf{apt-get} and \textbf{apt-cache} and < other utilities take care of it for \textbf{dpkg} < systems. < \end{enumerate} --- > \item > If another package or group of packages needs to be > installed before software can be installed, such needs > will be satisfied. 250a254,266 > \item > If removing a package interferes with another > installed package, the administrator will be given the > choice of either aborting, or removing all affected > software. > \end{itemize} > > The \textbf{dnf} and \textbf{zypper} utilities (and the > older \textbf{yum}) take care of the dependency > resolution for \textbf{rpm} systems, and > \textbf{apt} and \textbf{apt-cache} and other > utilities take care of it for \textbf{dpkg} systems. > \end{enumerate} 254,256c270,272 < graphical front ends used by each \textbf{Linux} distribution can be < useful, we would like to be less tied to any one interface < and have more flexibility. --- > graphical front ends used by each \textbf{Linux} > distribution can be useful, we would like to be less tied > to any one interface and have more flexibility. 265,268c281,292 < \item Distributions have multiple \textbf{repositories} < \item All packages must work together well < \item External repositories also exist; some interface < cleanly, others cause conflicts --- > \item > Distributions have multiple \textbf{repositories} > \item > All packages must work together well > \item > External repositories also exist > \begin{itemize} > \item > Some interface cleanly > \item > Others cause conflicts > \end{itemize} 276,279c300,303 < \textbf{repositories} where system utilities go to < obtain software and to update with new versions. It is < the job of the distribution to make sure all packages in < the repositories play well with each other. --- > \textbf{repositories} where system utilities go to obtain > software and to update with new versions. It is the job > of the distribution to make sure all packages in the > repositories play well with each other. 281c305 < There are always other, external repositories, which can --- > There are always other external repositories which can 286,290c310,314 < (\textbf{E}xtra \textbf{P}ackages for < \textbf{E}nterprise \textbf{L}inux) set of < version-dependent repositories, which fit well with < \textbf{RHEL} since their source is \textbf{Fedora} and < the maintainers are close to \textbf{Red Hat}. --- > (\textbf{E}xtra \textbf{P}ackages for \textbf{E}nterprise > \textbf{L}inux) set of version-dependent repositories, > which fit well with \textbf{RHEL} since their source is > \textbf{Fedora} and the maintainers are close to > \textbf{Red Hat}. 293,296c317,320 < constructed or maintained. For example, when a package < is updated in the main repository, dependent packages < may not be updated in the external one, which can lead < to one form of \textbf{dependency hell}. --- > constructed or maintained. For example, when a package is > updated in the main repository, dependent packages may > not be updated in the external one, which can lead to one > form of \textit{\textbf{dependency hell}}. packagingsystems/labs.tex --------------------------------------------------- diff LFS301EN/CHAPS/LFS301_packagingsystems/labs.tex LFS307/CHAPS/packagingsystems/labs.tex --------------------------------------------------- 11a12,17 > \begin{info}[] > We will have more detailed discussion of \textbf{git} > in later sections. Here, we will just get a basic feel > for how to use it. > \end{info} > 21c27 < $ sudo apt-get install git* # Debian /Ubuntu --- > $ sudo apt install git* # Debian /Ubuntu 56,57c62,63 < \vspace{\negkspace} < \begin{klst}[] --- > > \begin{out}[] 67c73 < \end{klst} --- > \end{out} 87,88c93,94 < \vspace{\negkspace} < \begin{klst}[] --- > > \begin{out}[] 98c104 < \end{klst} --- > \end{out} 122,123c128,129 < \vspace{\negkspace} < \begin{klst}[] --- > > \begin{out}[] 131c137 < \end{klst} --- > \end{out} 140,141c146,147 < \vspace{\negkspace} < \begin{klst}[] --- > > \begin{out}[] 145c151 < \end{klst} --- > \end{out} 161,162c167,168 < \vspace{\negkspace} < \begin{klst}[] --- > > \begin{out}[] 168c174 < \end{klst} --- > \end{out} packagingsystems/versioncontrol.tex --------------------------------------------------- diff LFS301EN/CHAPS/LFS301_packagingsystems/versioncontrol.tex LFS307/CHAPS/packagingsystems/versioncontrol.tex --------------------------------------------------- 37c37 < Standard features of such programs included the ability --- > Standard features of such programs include the ability 67c67 < source environments } --- > source environments.} 87a88,94 > > \begin{info}[] > We will have more detailed discussion of \textbf{git} > and its use in later sections. Here, and in the > accompanying lab exercise, we will get a feel for how > it works and how to use it. > \end{info} partitions/geometry.tex --------------------------------------------------- diff LFS301EN/CHAPS/LFS301_partitions/geometry.tex LFS307/CHAPS/partitions/geometry.tex --------------------------------------------------- 25c25 < \begin{kcode}[] --- > \begin{out}[] 29c29 < \end{kcode} --- > \end{out} partitions/labs.tex --------------------------------------------------- diff LFS301EN/CHAPS/LFS301_partitions/labs.tex LFS307/CHAPS/partitions/labs.tex --------------------------------------------------- 32,36c32,37 < If you are using your own native machine, you either have < it or you do not. If you do not, you will have shrink a < partition and the filesystem on it (first!) and then make < it available, using \textbf{gparted} and/or the steps we < have outlined or will outline. --- > If you are using your own native machine, you > either have it or you do not. If you do not, you > will have to shrink a partition and the filesystem > on it (first!) and then make it available, using > \textbf{gparted} and/or the steps we have outlined > or will outline. 74,75c75,76 < \vspace{\negkspace} < \begin{klst}[] --- > > \begin{out}[] 81c82 < \end{klst} --- > \end{out} 138c139 < Run \textbf{fdisk} on your imagefile: --- > Run \textbf{fdisk} on \file{imagefile}: 142,143c143,144 < \vspace{\negkspace} < \begin{klst}[] --- > > \begin{out}[] 152c153 < \end{klst} --- > \end{out} 164,165c165,166 < \vspace{\negkspace} < \begin{klst}[] --- > > \begin{out}[] 188c189 < \end{klst} --- > \end{out} 191c192 < whatever size you would like: --- > whatever size you would like): 195,196c196,197 < \vspace{\negkspace} < \begin{klst}[] --- > > \begin{out}[] 206c207 < \end{klst} --- > \end{out} 211,212c212,213 < \vspace{\negkspace} < \begin{klst}[] --- > > \begin{out}[] 235c236 < \end{klst} --- > \end{out} 242,243c243,244 < \vspace{\negkspace} < \begin{klst}[] --- > > \begin{out}[] 247c248 < \end{klst} --- > \end{out} 281,282c282,283 < \vspace{\negkspace} < \begin{klst}[] --- > > \begin{out}[] 284c285 < \end{klst} --- > \end{out} 297,298c298,299 < \vspace{\negkspace} < \begin{klst}[] --- > > \begin{out}[] 300c301 < \end{klst} --- > \end{out} 323,324c324,325 < \vspace{\negkspace} < \begin{klst}[] --- > > \begin{out}[] 336c337 < \end{klst} --- > \end{out} 344,345c345,346 < \vspace{\negkspace} < \begin{klst}[] --- > > \begin{out}[] 350c351 < \end{klst} --- > \end{out} 370,371c371,372 < \vspace{\negkspace} < \begin{klst}[] --- > > \begin{out}[] 378c379 < \end{klst} --- > \end{out} partitions/naming.tex --------------------------------------------------- diff LFS301EN/CHAPS/LFS301_partitions/naming.tex LFS307/CHAPS/partitions/naming.tex --------------------------------------------------- 97c97 < meta-data (e.g. LABEL or UUID fields). --- > metadata (e.g. LABEL or UUID fields). 135c135 < \vspace{\negkspace} --- > 140,141c140,141 < \vspace{\negkspace} < \begin{klstscriptsize}[] --- > > \begin{outscriptsize}[] 178c178 < \end{klstscriptsize} --- > \end{outscriptsize} partitions/partitioning.tex --------------------------------------------------- diff LFS301EN/CHAPS/LFS301_partitions/partitioning.tex LFS307/CHAPS/partitions/partitioning.tex --------------------------------------------------- 231,232c231,232 < \vspace{\negkspace} < \begin{klst}[] --- > > \begin{out}[] 234c234 < \end{klst} --- > \end{out} 240,241c240,241 < \vspace{\negkspace} < \begin{klst}[] --- > > \begin{out}[] 243c243 < \end{klst} --- > \end{out} partitions/sizing.tex --------------------------------------------------- diff LFS301EN/CHAPS/LFS301_partitions/sizing.tex LFS307/CHAPS/partitions/sizing.tex --------------------------------------------------- 7c7,8 < \item Most \textbf{Linux} systems should use a minimum of two --- > \item > Many \textbf{Linux} systems use a minimum of two 12,15c13,19 < \item Used for the filesystem < \item Most \textbf{Linux} installations will have more < than one filesystem < \item It is somewhat inconvenient to re-size (can use --- > \item > Used for the filesystem > \item > Most \textbf{Linux} installations will have more than > one filesystem > \item > It is somewhat inconvenient to re-size (can use 21,23c25,31 < \item Used as an extension of physical memory < \item A common choice is equal to \textbf{RAM} size < \item May have multiple swap partitions as well as swap files --- > \item > Used as an extension of physical memory > \item > A common choice is equal to \textbf{RAM} size > \item > May have multiple swap partitions as well as swap > files 26,27c34,38 < \item Some distributions, such as \textbf{Ubuntu}, default to < a swap file rather than a partition, but: --- > > \item > Some distributions, including \textbf{Ubuntu}, default > to use of a swap file rather than a partition: > 29,30c40,44 < \item More flexible < \item More dangerous if error or bug --- > \item > Is more flexible (resizing is easier for example) > \item > Can be more dangerous, however, if error or bug > spreads corruption 38a53,54 > \vspace{-12pt} > 44,45c60,61 < root partition; using \textbf{LVM} (discussed later) < can make this easier. --- > root partition; using \textbf{LVM} (discussed later) can > make this easier. 47,50c63,66 < While it is certainly possible to run \textbf{Linux} < with just the root partition, most systems use more < partitions to allow for easier backups, more efficient < use of disk drives, and better security. --- > While it is certainly possible to run \textbf{Linux} with > just the root partition, most systems use more partitions > to allow for easier backups, more efficient use of disk > drives, and better security. 58,61c74,92 < Adding more and more swap will not necessarily < help because at a certain point it becomes useless. < One will need to either add more memory or < re-evaluate the system setup. --- > Adding more and more swap will not necessarily help > because at a certain point it becomes useless. One will > need to either add more memory or re-evaluate the system > setup. > > On older rotational hard drive media, it may make more > sense to have a separate swap partition, but on > \textbf{SSD}-type media, this is unimportant. However, > one still may want to put swap on slower and probably > cheaper hardware. This is true whether you use a > partition or a file, which is becoming a more prevalent > choice. > > Note that some distributions are now using (optionally) > \textbf{zram} > (\url{www.kernel.org/doc/html/latest/admin-guide/blockdev/zram.html}) > which instead of using disk storage for swap, uses > compressed memory. This can easily lead to out of memory > conditions but in expert hands can improve performance. } 63d93 < } 64a95 > 72,74c103,107 < \item Use the \textbf{dd} program: < \item The following command will backup the \textbf{MBR} (along < with the partition table) --- > \item > Use the \textbf{dd} program: > \item > The following command will backup the \textbf{MBR} > (along with the partition table) 77,78c110,112 < \end{cmd} < \item The \textbf{MBR} can be restored using the following --- > \end{cmd} > \item > The \textbf{MBR} can be restored using the following 81c115 < \end{cmd} --- > \end{cmd} 83c117,119 < \item \textbf{GPT} --- > \item > \textbf{GPT} > 85c121,122 < \item Use \textbf{sgdisk} which can also be used on --- > \item > Use \textbf{sgdisk} which can also be used on 86a124 > 90c128 < \end{cmd} --- > \end{cmd} 96a135 > \vspace{-24pt} 98,99d136 < \vspace{\negkspace} < \vspace{\negkspace} 121,122c158,159 < \vspace{\negkspace} < \begin{klstscriptsize}[] --- > > \begin{outscriptsize}[] 133c170 < \end{klstscriptsize} --- > \end{outscriptsize} 140d176 < \vspace{\negkspace} 142c178,179 < \begin{klstscriptsize}[] --- > > \begin{outscriptsize}[] 151c188 < \end{klstscriptsize} --- > \end{outscriptsize} 152a190 > \vspace{-12pt} pmonitor/labs.tex --------------------------------------------------- diff LFS301EN/CHAPS/LFS301_pmonitor/labs.tex LFS307/CHAPS/pmonitor/labs.tex --------------------------------------------------- 2a3,11 > \ifINSTRUCTORLED > \begin{videobox} > \begin{alltt} > \reslink{top_demo.mp4} > \reslink{ps_demo.mp4} \end{alltt} > \end{videobox} > \fi > > 43,44c52,53 < \vspace{\negkspace} < \begin{klst}[] --- > > \begin{out}[] 48c57 < \end{klst} --- > \end{out} 57,58c66,67 < \vspace{\negkspace} < \begin{klst}[] --- > > \begin{out}[] 63c72 < \end{klst} --- > \end{out} 69,70c78,79 < \vspace{\negkspace} < \begin{klst}[] --- > > \begin{out}[] 76c85 < \end{klst} --- > \end{out} 118,119c127,128 < \vspace{\negkspace} < \begin{klst}[] --- > > \begin{out}[] 121c130 < \end{klst} --- > \end{out} 129,130c138,139 < \vspace{\negkspace} < \begin{klst}[] --- > > \begin{out}[] 133c142 < \end{klst} --- > \end{out} 142,143c151,152 < \vspace{\negkspace} < \begin{klst}[] --- > > \begin{out}[] 145c154 < \end{klst} --- > \end{out} pmonitor/pmonitor.tex --------------------------------------------------- diff LFS301EN/CHAPS/LFS301_pmonitor/pmonitor.tex LFS307/CHAPS/pmonitor/pmonitor.tex --------------------------------------------------- 76a77,162 > \section{Troubleshooting} > > \begin{frame} > {Troubleshooting Levels} > > Three Levels of Troubleshooting: > \begin{itemize} > \item > \textbf{Beginner:} Can be taught very quickly. > \item > \textbf{Experienced:} Comes after a few years of practice. > \item > \textbf{Wizard:} Some people think you have to be born > this way, but that is nonsense; all skills can be learned. > \end{itemize} > > \end{frame} > > \cprotect\note{ > > > Even the best administered \textbf{Linux} systems will > develop problems. > > \textbf{Troubleshooting} can isolate whether the problems > arise from software or hardware, as well as whether they > are local to the system, or come from within the local > network or the Internet. > > Troubleshooting properly requires judgment and > experience, and while it will always be somewhat of an > art form, following good methodical procedures can really > help isolate the sources of problems in a reproducible > fashion. > > } > > \begin{frame} > {Basic Troubleshooting Techniques} > > \begin{itemize} > \item > Characterize the problem. > \item > Reproduce the problem. > \item > Always try the easy things first. > \item > Eliminate possible causes one at a time. > \item > Change only one thing at at time; if that does not > fix the problem, change it back. > \item > Check the system logs (\filelink{/var/log/messages}, > \filelink{/var/log/secure}, etc.) for further > information. > \end{itemize} > > \end{frame} > > \cprotect\note{ > > Sometimes the ruling philosophy and methodology requires > following a very established procedure; making leaps based > on intuition is discouraged. The motivation for using a > checklist and uniform procedure is to avoid reliance on a > wizard, to ensure any system administrator will be able to > eventually solve a problem if they adhere to well known > procedures. Otherwise, if the wizard leaves the > organization, there is no one skilled enough to solve tough > problems. > > If, on the other hand, you elect to respect your intuition > and check hunches, you should make sure you can get sufficient > data quickly enough to decide whether or not to continue or > abandon an intuitive path, based on whether it looks like it > will be productive. > > While ignoring intuition can sometimes make solving a > problem take longer, the troubleshooter's previous track > record is the critical benchmark for evaluating whether to > invest resources this way. In other words, useful intuition > is not magic, it is distilled experience. > > } > 110c196 < \textbf{UNIX} options, which must be preceded by --- > \textbf{UNIX} options, which \textbf{must} be preceded by 113c199 < \textbf{BSD} options, which must not be preceded by --- > \textbf{BSD} options, which \textbf{must} not be preceded by 162,163c248,249 < \vspace{\negkspace} < \vspace{\negkspace} --- > > 187,188c273,274 < \vspace{\negkspace} < \begin{klst}[] --- > > \begin{out}[] 195c281 < \end{klst} --- > \end{out} 208,209c294,295 < \vspace{\negkspace} < \begin{klst}[] --- > > \begin{out}[] 218c304 < \end{klst} --- > \end{out} 230,231c316,317 < \vspace{\negkspace} < \begin{klst}[] --- > > \begin{out}[] 237c323 < \end{klst} --- > \end{out} processes/labs.tex --------------------------------------------------- diff LFS301EN/CHAPS/LFS301_processes/labs.tex LFS307/CHAPS/processes/labs.tex --------------------------------------------------- 6c6 < \reslink{using_renice_demo.mp4}\end{alltt} --- > \reslink{using_renice_demo.mp4}\end{alltt} 43,44c43,44 < \vspace{\negkspace} < \begin{klst}[] --- > > \begin{out}[] 46c46 < \end{klst} --- > \end{out} 50,51c50,51 < \vspace{\negkspace} < \begin{klst}[] --- > > \begin{out}[] 53c53 < \end{klst} --- > \end{out} 57,58c57,58 < \vspace{\negkspace} < \begin{klst}[] --- > > \begin{out}[] 60c60 < \end{klst} --- > \end{out} 66,67c66,67 < \vspace{\negkspace} < \begin{klst}[] --- > > \begin{out}[] 69c69 < \end{klst} --- > \end{out} 75,76c75,76 < \vspace{\negkspace} < \begin{klst}[] --- > > \begin{out}[] 78c78 < \end{klst} --- > \end{out} 83,84c83,84 < \vspace{\negkspace} < \begin{klst}[] --- > > \begin{out}[] 86c86 < \end{klst} --- > \end{out} 90,91c90,91 < \vspace{\negkspace} < \begin{klst}[] --- > > \begin{out}[] 93c93 < \end{klst} --- > \end{out} 129,130c129,130 < \vspace{\negkspace} < \begin{klst}[] --- > > \begin{out}[] 155c155 < \end{klst} --- > \end{out} 169,170c169,170 < \vspace{\negkspace} < \begin{klst}[] --- > > \begin{out}[] 187c187 < \end{klst} --- > \end{out} 193,194c193,194 < \vspace{\negkspace} < \begin{klst}[] --- > > \begin{out}[] 198c198 < \end{klst} --- > \end{out} 210,211c210,211 < \vspace{\negkspace} < \begin{klst}[] --- > > \begin{out}[] 219c219 < \end{klst} --- > \end{out} 224a225,490 > \begin{exe} {Getting Uptime and Load Average} > > Ascertain how long your system has been up, and also > display its load average. > > \begin{sol} > > A very simple method is just to use the > \textbf{uptime} utility: > \begin{cmd} > $ uptime > \end{cmd} > > \begin{out}[] > 10:26:40 up 3:19, 5 users, load average: 1.46, 1.40, 1.19 > \end{out} > A second method is to look at the first line of output > from \textbf{top}: > \begin{cmd} > $ top | head > \end{cmd} > > \begin{out}[] > top - 10:28:11 up 3:20, 5 users, load average: 1.93, 1.52, 1.25 > Tasks: 313 total, 1 running, 312 sleeping, 0 stopped, 0 zombie > %Cpu(s): 1.0 us, 0.3 sy, 0.0 ni, 98.2 id, 0.5 wa, 0.0 hi, 0.0 si, 0.0 > KiB Mem : 16284472 total, 6556792 free, 1029760 used, 8697920 buff/cache > KiB Swap: 8290300 total, 8290300 free, 0 used. 10364220 avail Mem > > PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND > 2615 coop 20 0 504536 186312 65488 S 6.7 1.1 6:28.30 skype-b+ > 18248 coop 20 0 655804 50816 30884 S 6.7 0.3 0:20.11 emacs > 1 root 20 0 204912 6508 3956 S 0.0 0.0 0:00.92 systemd > \end{out} > A third method is to use \textbf{w}: > > \begin{out}[] > 10:30:51 up 3:23, 5 users, load average: 0.55, 1.11, 1.14 > USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT > coop :0 :0 07:08 ?xdm? 16:51 0.19s gdm-session- > coop pts/0 :0 07:09 2:22m 0.12s 0.12s bash > coop pts/1 :0 07:09 1:37m 0.42s 0.42s bash > coop pts/2 :0 07:09 0.00s 51.09s 0.00s w > coop pts/3 :0 07:09 27:08 0.25s 0.25s bash > \end{out} > \end{sol} > \end{exe} > > \begin{exe} {Background and Foreground Jobs} > > We are going to launch a graphical program from a > terminal window, so that one can no longer type in the > window. \textbf{gedit} is an easy choice but you can > substitute any other program that does this. > > \begin{enumerate} > \item > Open \textbf{gedit} on a new file as in > \begin{cmd} > $ gedit somefile > \end{cmd} > You can no longer type in the terminal window. > \item > While your pointer is over the terminal window, hit > \texttt{CTRL-Z}. > \begin{cmd} > ^Z > \end{cmd} > > \begin{out}[] > [3]+ Stopped gedit somefile > \end{out} > You can no longer type in the \textbf{gedit} window. > \item > With \textbf{jobs -l}, see what processes have been > launched from this terminal window: > \begin{cmd} > $ jobs -l > \end{cmd} > > \begin{out}[] > [1] 17705 Running evince *pdf & > [2]- 18248 Running emacs /tmp/hello.tex & > [3]+ 19827 Stopped gedit somefile > \end{out} > \item > Now put the most recent job (\textbf{gedit somefile}) > in background: > \begin{cmd} > $ bg > \end{cmd} > > \begin{out}[] > [3]+ gedit somefile & > \end{out} > Now you should be able to type in the \textbf{gedit} > window. > \item > Put the process in foreground again: > \begin{cmd} > $ fg > gedit somefile > \end{cmd} > Note you can no longer type in the terminal window. > \item > To clean up, suspend the process again and then use > \textbf{kill} to terminate it: > \begin{cmd} > ^Z > \end{cmd} > > \begin{out}[] > [3]+ Stopped gedit somefile > \end{out} > \begin{cmd} > $ jobs -l > \end{cmd} > > \begin{out}[] > [1] 17705 Running evince *pdf & > [2]- 18248 Running emacs /tmp/hello.tex & > [3]+ 19827 Stopped gedit somefile > \end{out} > \begin{cmd} > $ kill -9 19827 > $ jobs -l > \end{cmd} > > \begin{out}[] > [1] 17705 Running evince *pdf & > [2]- 18248 Running emacs /tmp/hello.tex & > [3]+ 19827 Killed gedit somefile > \end{out} > \begin{cmd} > $ jobs -l > \end{cmd} > > \begin{out}[] > [1]- 17705 Running evince *pdf & > [2]- 18248 Running emacs /tmp/hello.tex & > \end{out} > \end{enumerate} > \end{exe} > > \begin{exe} {Using \textbf{at} for Batch Processing in the Future} > > Schedule a very simple task to run at a future time from > now. This can be as simple as running \textbf{ls} or > \textbf{date} and saving the output. (You can use a > time as short as one minute in the future.) > > Note that the command will run in the directory from > which you schedule it with \textbf{at}. > > Do this: > \begin{enumerate} > \item From a short \textbf{bash} script. > \item Interactively > \end{enumerate} > > \begin{sol} \ > > \begin{enumerate} > \item > Create the file \filelink{testat.sh} containing: > \begin{cmd} > #!/bin/bash > date > /tmp/datestamp > \end{cmd} > and then make it executable and queue it up with \textbf{at}: > \begin{cmd} > $ chmod +x testat.sh > $ at now + 1 minute -f testat.sh > \end{cmd} > You can see if the job is queued up to run with \textbf{atq}: > \begin{cmd} > $ atq > \end{cmd} > > \begin{out}[] > 17 Wed Apr 22 08:55:00 2015 a student > \end{out} > Make sure the job actually ran: > \begin{cmd} > $ cat /tmp/datestamp > \end{cmd} > > \begin{out}[] > Wed Apr 22 08:55:00 CDT 2015 > \end{out} > What happens if you take the \verb?>/tmp/datestamp? > out of the command? (Hint: type \textbf{mail} if not > prompted to do so!) > \item > Interactively it is basically the same procedure. Just > queue up the job with: > \begin{cmd} > $ at now + 1 minute > at> date > /tmp/datestamp > CTRL-D > $ atq > \end{cmd} > \end{enumerate} > \end{sol} > \end{exe} > > \begin{exe} {Scheduling a Periodic Task with \textbf{cron}} > > Set up a \textbf{cron} job to do some simple task > every day at 10 AM. > > \begin{sol} \ > > Create a file named \filelink{mycrontab} with the > following content: > \begin{kcode} > 0 10 * * * /tmp/myjob.sh > \end{kcode} > and then create \filelink{/tmp/myjob.sh} containing: > > \begin{shlst}[\texttt{/tmp/myjob.sh}] > #!/bin/bash > echo Hello I am running $0 at $(date) > \end{shlst} > and make it executable: > \begin{cmd} > $ chmod +x /tmp/myjob.sh > \end{cmd} > Put it in the \textbf{crontab} system with: > \begin{cmd} > $ crontab mycrontab > \end{cmd} > and verify it was loaded with: > \begin{cmd} > $ crontab -l > \end{cmd} > > \begin{out}[] > 0 10 * * * /tmp/myjob.sh > \end{out} > \begin{cmd} > $ sudo ls -l /var/spool/cron/student > \end{cmd} > > \begin{out}[] > -rw------- 1 student student 25 Apr 22 09:59 /var/spool/cron/student > \end{out} > \begin{cmd} > $ sudo cat /var/spool/cron/student > 0 10 * * * /tmp/myjob.sh > \end{cmd} > Note if you don't really want this running every day, > printing out messages like: > > \begin{out}[] > Hello I am running /tmp/myjob.sh at Wed Apr 22 10:03:48 CDT 2015 > \end{out} > and mailing them to you, you can remove it with: > \begin{cmd} > $ crontab -r > \end{cmd} > If the machine is not up at 10 AM on a given day, > \textbf{anacron} will run the job at a suitable time. > \end{sol} > \end{exe} > 225a492 > processes/limits.tex --------------------------------------------------- diff LFS301EN/CHAPS/LFS301_processes/limits.tex LFS307/CHAPS/processes/limits.tex --------------------------------------------------- 101,102c101,102 < \vspace{\negkspace} < \begin{klst}[] --- > > \begin{out}[] 104c104 < \end{klst} --- > \end{out} 108,109c108,109 < \vspace{\negkspace} < \begin{klst}[] --- > > \begin{out}[] 111c111 < \end{klst} --- > \end{out} processes/niceness.tex --------------------------------------------------- diff LFS301EN/CHAPS/LFS301_processes/niceness.tex LFS307/CHAPS/processes/niceness.tex --------------------------------------------------- 68c68 < \begin{kcode}[] --- > \begin{out}[] 73c73 < \end{kcode} --- > \end{out} processes/processes.tex --------------------------------------------------- diff LFS301EN/CHAPS/LFS301_processes/processes.tex LFS307/CHAPS/processes/processes.tex --------------------------------------------------- 17c17 < People often distinguish between programs, which are --- > One should distinguish between programs, which are 30c30 < out. Programs may also use external data.. --- > out. Programs may also use external data. 127c127 < setuid programs. They run with the user-id of the user who --- > \textbf{setuid} programs. They run with the user-id of the user who rescue/labs.tex --------------------------------------------------- diff LFS301EN/CHAPS/LFS301_rescue/labs.tex LFS307/CHAPS/rescue/labs.tex --------------------------------------------------- 158,159c158,159 < \vspace{\negkspace} < \begin{klst}[] --- > > \begin{out}[] 163c163 < \end{klst} --- > \end{out} 169,170c169,170 < \vspace{\negkspace} < \begin{klst}[] --- > > \begin{out}[] 172c172 < \end{klst} --- > \end{out} 178,179c178,179 < \vspace{\negkspace} < \begin{klst}[] --- > > \begin{out}[] 183c183 < \end{klst} --- > \end{out} 247,248c247,248 < \vspace{\negkspace} < \begin{klst}[] --- > > \begin{out}[] 250c250 < \end{klst} --- > \end{out} 255,256c255,256 < \vspace{\negkspace} < \begin{klst}[] --- > > \begin{out}[] 259c259 < \end{klst} --- > \end{out} rescue/rescuemedia.tex --------------------------------------------------- diff LFS301EN/CHAPS/LFS301_rescue/rescuemedia.tex LFS307/CHAPS/rescue/rescuemedia.tex --------------------------------------------------- 63c63 < {Using Rescue/Recovery Media} --- > {Using a Rescue/Recovery Media Image} rpm/labs.tex --------------------------------------------------- diff LFS301EN/CHAPS/LFS301_rpm/labs.tex LFS307/CHAPS/rpm/labs.tex --------------------------------------------------- 45,46c45,46 < \vspace{\negkspace} < \begin{klst}[] --- > > \begin{out}[] 48c48 < \end{klst} --- > \end{out} 53,54c53,54 < \vspace{\negkspace} < \begin{klst}[] --- > > \begin{out}[] 56c56 < \end{klst} --- > \end{out} 65,66c65,66 < \vspace{\negkspace} < \begin{klst}[] --- > > \begin{out}[] 69c69 < \end{klst} --- > \end{out} 76,77c76,77 < \vspace{\negkspace} < \begin{klst}[] --- > > \begin{out}[] 81c81 < \end{klst} --- > \end{out} 88,89c88,89 < \vspace{\negkspace} < \begin{klst}[] --- > > \begin{out}[] 100c100 < \end{klst} --- > \end{out} rpm/rpm.tex --------------------------------------------------- diff LFS301EN/CHAPS/LFS301_rpm/rpm.tex LFS307/CHAPS/rpm/rpm.tex --------------------------------------------------- 80c80 < --- > \clearpage 87c87 < \begin{kcode} --- > \begin{out}[] 90c90 < \end{kcode} --- > \end{out} 93c93 < \begin{kcode} --- > \begin{out}[] 96c96 < \end{kcode} --- > \end{out} 159,160c159,160 < \vspace{\negkspace} < \begin{klst}[] --- > > \begin{out}[] 162c162 < \end{klst} --- > \end{out} 323,324c323,324 < \vspace{\negkspace} < \begin{klst}[] --- > > \begin{out}[] 326c326 < \end{klst} --- > \end{out} 333,334c333,334 < \vspace{\negkspace} < \begin{klst}[] --- > > \begin{out}[] 337c337 < \end{klst} --- > \end{out} 408,409c408,409 < \vspace{\negkspace} < \begin{klst}[] --- > > \begin{out}[] 411c411 < \end{klst} --- > \end{out} 419c419 < \begin{klstfootnotesize}[] --- > \begin{outfootnotesize}[] 431c431 < \end{klstfootnotesize} --- > \end{outfootnotesize} 579a580,591 > \begin{important}[Removing Older Package Versions] > > If you really want to remove older versions of kernel > and other packages, on \textbf{Red Hat}-based systems > you can do: > \begin{cmd} > $ sudo dnf remove --oldinstallonly > \end{cmd} > Be careful when using this command. > > \end{important} > 668c680 < If all you want to is list the files in a package, the --- > If all you want to do is list the files in a package, the users/accounts.tex --------------------------------------------------- diff LFS301EN/CHAPS/LFS301_users/accounts.tex LFS307/CHAPS/users/accounts.tex --------------------------------------------------- 7c7,8 < \item Providing each user with their own individualized --- > \item > Providing each user with their own individualized 9c10,11 < \item Creating particular user accounts for specific --- > \item > Creating particular user accounts for specific 11c13,14 < \item Distinguishing privileges among users. --- > \item > Distinguishing privileges among users. 14d16 < 42d43 < 47c48 < \begin{kcode} --- > \begin{out}[] 53c54 < \end{kcode} --- > \end{out} 116a118,302 > } > > \begin{frame} > {Determine the Current User} > > \begin{itemize} > \item \textbf{Linux} is a multi-user system > \item Find out users who are currently logged in: > \begin{itemize} > \item \textbf{who} > \end{itemize} > \item Find out current user ID: > \begin{itemize} > \item \textbf{whoami} > \end{itemize} > \end{itemize} > > \end{frame} > > \cprotect\note{ > For example: > \begin{cmd} > $ who > \end{cmd} > > \begin{out}[] > bjmoose :0 2015-03-17 07:55 (:0) > bjmoose pts/0 2015-03-17 07:55 (:0) > bjmoose pts/1 2015-03-17 07:55 (:0) > bjmoose pts/2 2015-03-17 07:55 (:0) > bjmoose pts/3 2015-03-18 15:13 (:0) > bjmoose pts/4 2015-03-18 15:13 (:0) > rjsquirrel pts/5 2015-03-18 16:54 (fbfalls7) > \end{out} > \begin{cmd} > $ whoami > \end{cmd} > > \begin{out}[] > bjmoose > \end{out} > } > > > \section{Shell Startup Files} > > \begin{frame} > {Startup Files} > > \begin{itemize} > \item > Each command shell uses multiple startup files to create > environment > \item > Interactive environments affected somewhat differently > \item > The files in \filelink{/etc} provide global settings > \item > The files in the user home directory override global > settings > \end{itemize} > > \end{frame} > > \cprotect\note{ > > Every time a new shell (either a command window or a > script that is run) begins executing, there are files > included that contain elements employed to ensure proper > functioning. This may include: > > \begin{itemize} > \item > Defining relevant \textbf{Environment Variables} that > are used by many programs and scripts (including > \verb?$PATH?). > \item > Defining \textbf{aliases} that are used as shorthand to > specify commands and options. > \item > Defining \textbf{functions} that can be used in > subsequent scripts. > \end{itemize} > > There are usually system-wide global initializing files > found in \filelink{/etc} that are usually used by all > users before individualized files are used. > > Exactly which files are used and in what order depends on > the context as we will explain. > > } > > \begin{frame} > {Advantages of Startup Files} > > \begin{itemize} > \item Customize user's prompt > \item Set user's terminal type > \item Set command line shortcuts and aliases > \item Set default text editor > \end{itemize} > > \end{frame} > > \cprotect\note{ > > Without the startup (initialization) file processing, each > time a command or program is run there may be a lot of set > up work to ensure proper functioning. > > Many programs evaluate certain environment variables are > set when they begin to execute, and then make use of them > to control functioning. > > For example, any program which needs to modify text files > interactively will see how \verb?EDITOR? is set, perhaps > to \verb?vim?, \verb?emacs?, or \verb?nano?; whichever > editor the user prefers to use. > > We will see examples of the above in the section on > Environment Variables. } > > > \begin{frame} > {Startup Files Order} > > \begin{itemize} > \item Default values for all users > > \filelink{/etc/profile} > > \item Login shells configuration > > \filelink{~/.bash_profile} > > \item Login initialization > > \filelink{~/.bash_login} > > \item Overrides \filelink{/etc/profile} > > \filelink{~/.profile} > > \item Interactive non-login shells configuration > > \filelink{~/.bashrc} > > \item > Usually you only need to customize \filelink{~/.bashrc?} > \end{itemize} > > \end{frame} > > \cprotect\note{ > When you login to \textbf{Linux}, \filelink{/etc/profile} is > always read and evaluated. > > Next, the following files are searched for in this > order: > > \filelink{~/.bash_profile} > > \filelink{~/.bash_login} > > \filelink{~/.profile} > > After finding the first file it comes to, the \textbf{Linux} > login shell will evaluate that one startup file and > ignore all the rest. > > While this may sound redundant, various \textbf{Linux} > distributions tend to use different startup files. > > Every time you create a sub-shell, but aren't > logging-in, only \filelink{~/.bashrc} is read and > evaluated. While it is not read and evaluated with a > login shell, most distributions and users will call > \filelink{~/.bashrc} from within one of the three > user-owned startup files; so, in reality, > \filelink{~/.bashrc} is used for login shells. > > Thus the vast majority of your customizations should > go into \filelink{~/.bashrc}. > users/labs.tex --------------------------------------------------- diff LFS301EN/CHAPS/LFS301_users/labs.tex LFS307/CHAPS/users/labs.tex --------------------------------------------------- 73,74c73,74 < \vspace{\negkspace} < \begin{klst}[] --- > > \begin{out}[] 78c78 < \end{klst} --- > \end{out} 90,91c90,91 < \vspace{\negkspace} < \begin{klst}[] --- > > \begin{out}[] 93c93 < \end{klst} --- > \end{out} 107,108c107,108 < \vspace{\negkspace} < \begin{klst}[] --- > > \begin{out}[] 111c111 < \end{klst} --- > \end{out} 116,117c116,117 < \vspace{\negkspace} < \begin{klst}[] --- > > \begin{out}[] 121c121 < \end{klst} --- > \end{out} 127,128c127,128 < \vspace{\negkspace} < \begin{klst}[] --- > > \begin{out}[] 137c137 < \end{klst} --- > \end{out} 141,142c141,142 < \vspace{\negkspace} < \begin{klst}[] --- > > \begin{out}[] 144c144 < \end{klst} --- > \end{out} 152,153c152,153 < \vspace{\negkspace} < \begin{klst}[] --- > > \begin{out}[] 156c156 < \end{klst} --- > \end{out} 162,163c162,163 < \vspace{\negkspace} < \begin{klst}[] --- > > \begin{out}[] 166c166 < \end{klst} --- > \end{out} 173,174c173,174 < \vspace{\negkspace} < \begin{klst}[] --- > > \begin{out}[] 177c177 < \end{klst} --- > \end{out} 186,292d185 < \end{sol} < \end{exe} < < \begin{exe} {Restricted Shells and Accounts} < \begin{enumerate} < \item < Start a restricted still in your current window with: < \begin{cmd} < $ bash -r < \end{cmd} < Try elementary options such as resetting the path or changing < directories. < \item < Set up a restricted account and verify its restricted nature, then < clean up. < \end{enumerate} < \begin{info} < \begin{itemize} < \item < On some distributions, notably some < \textbf{Ubuntu}-based versions, there is a bug < which prevents this lab from behaving properly. < On \textbf{RedHat}-based distributions, the above < correct behaviour is observed. < \item < As noted earlier, the use of restricted shells is < deprecated as they are really not secure and there < are better methods available. However, you may < run into them which is why we discuss this facility. < \end{itemize} < \end{info} < < \begin{sol} < < \begin{enumerate} < \item < \begin{cmd} < c8:/tmp>bash -r < c8:/tmp>cd $HOME < \end{cmd} < \vspace{\negkspace} < \begin{klst}[] < rbash: cd: restricted < \end{klst} < \begin{cmd} < c8:/tmp>PATH=$PATH:/tmp < \end{cmd} < \vspace{\negkspace} < \begin{klst}[] < rbash: PATH: readonly variable < \end{klst} < \begin{cmd} < c8/tmp>exit < \end{cmd} < \vspace{\negkspace} < \begin{klst}[] < exit < \end{klst} < \item < \begin{cmd} < c8/home/coop>sudo ln /bin/bash /bin/rbash < c8:/home/coop>sudo useradd -s /bin/rbash fool < c8:/home/coop>sudo passwd fool < \end{cmd} < \vspace{\negkspace} < \begin{klst}[] < Changing password for user fool. < New password: < BAD PASSWORD: The password is shorter than 8 characters < Retype new password: < passwd: all authentication tokens updated successfully. < \end{klst} < \begin{cmd} < c8:/home/coop>sudo su - fool < \end{cmd} < \vspace{\negkspace} < \begin{klst}[] < fool@c8~]$ c d /tmp < -rbash: /usr/libexec/pk-command-not-found: restricted: cannot specify `/' in command names < \end{klst} < \begin{cmd} < [fool@c8~]$ cd /tmp < \end{cmd} < \vspace{\negkspace} < \begin{klst}[] < -rbash: cd: restricted < \end{klst} < \begin{cmd} < [fool@c8~]$ PATH=$PATH:/tmp < \end{cmd} < \vspace{\negkspace} < \begin{klst}[] < -rbash: PATH: readonly variable < \end{klst} < \begin{cmd} < [fool@87 ~]$ exit < \end{cmd} < \vspace{\negkspace} < \begin{klst}[] < logout < \end{klst} < \begin{cmd} < c8/home/coop>sudo userdel -r fool < c8/home/coop>sudo rm /bin/rbash < \end{cmd} < \end{enumerate} < users/management.tex --------------------------------------------------- diff LFS301EN/CHAPS/LFS301_users/management.tex LFS307/CHAPS/users/management.tex --------------------------------------------------- 1d0 < 8a8 > 10c10 < $ sudo useradd dexter --- > $ sudo useradd bjmoose 11a12 > 13c14 < \item Creates account \texttt{dexter} --- > \item Creates account \texttt{bjmoose} 17c18,20 < \item Override defaults by using options to \textbf{useradd} --- > \item Override defaults by using options to > \textbf{useradd} > 20a24 > 29c33 < $ sudo useradd dexter --- > $ sudo useradd bjmoose 39c43 < \texttt{dexter}'s \texttt{UID}. --- > \texttt{bjmoose}'s \texttt{UID}. 42c46 < A group called \texttt{dexter} with a --- > A group called \texttt{bjmoose} with a 44c48 < \texttt{dexter}'s primary group. --- > \texttt{bjmoose}'s primary group. 47,48c51,52 < A home directory \filelink{/home/dexter} is created < and owned by \texttt{dexter}. --- > A home directory \filelink{/home/bjmoose} is created > and owned by \texttt{bjmoose}. 51c55 < \texttt{dexter}'s login shell will be --- > \texttt{bjmoose}'s login shell will be 56c60 < \filelink{/home/dexter}. By default, --- > \filelink{/home/bjmoose}. By default, 63c67 < \texttt{dexter}'s entry, thus requiring the --- > \texttt{bjmoose}'s entry, thus requiring the 68,69c72,73 < The defaults can easily be overruled by using options < to \textbf{useradd} as in: --- > The defaults can easily be overruled by using options to > \textbf{useradd} as in: 78,79d81 < < 84c86,87 < \item The root user can delete user accounts with --- > \item > The root user can delete user accounts with 88c91 < $ sudo userdel morgan --- > $ sudo userdel rjsquirrel 90,91c93,94 < Deletes the \texttt{morgan} user account, but does not < remove her home directory --- > Deletes the \texttt{rjsquirrel} user account, but does > not remove her home directory 93,94c96,97 < \item User accounts can be modified with < \textbf{usermod} --- > \item > User accounts can be modified with \textbf{usermod} 97c100 < $ sudo usermod -L dexter --- > $ sudo usermod -L bjmoose 99c102 < Locks the account for \texttt{dexter} so he cannot --- > Locks the account for \texttt{bjmoose} so he cannot 109c112 < $ sudo userdel morgan --- > $ sudo userdel rjsquirrel 113,115c116,119 < All references to the user \verb?morgan? will be erased from < \filelink{/etc/passwd}, \filelink{/etc/shadow}, and < \filelink{/etc/group}. --- > > All references to the user \verb?rjsquirrel? will be > erased from \filelink{/etc/passwd}, > \filelink{/etc/shadow}, and \filelink{/etc/group}. 117c121 < home directory (usually \filelink{/home/morgan}) in --- > home directory (usually \filelink{/home/rjsquirrel}) in 126,130c130,134 < directory, login name, password, default shell, user id < etc. < Usage is pretty straightforward. Note \textbf{usermod} < will take care of any modifications to files in the < \filelink{/etc} directory as necessary.} --- > directory, login name, password, default shell, user > id etc. Usage is pretty straightforward. Note > \textbf{usermod} will take care of any modifications > to files in the \filelink{/etc} directory as > necessary.} 136,137d139 < \vspace{\negkspace} < \vspace{\negkspace} 146,147c148,150 < \item \textbf{Linux} ships with some system accounts that < are \textbf{locked:} --- > \item > \textbf{Linux} ships with some system accounts > that are \textbf{locked:} 149,151c152,156 < \item Accounts such as \texttt{bin}, \texttt{daemon}, or < \texttt{sys} < \item May run programs but are never used for login --- > \item > Accounts such as \texttt{bin}, > \texttt{daemon}, or \texttt{sys} > \item > May run programs but are never used for login 154c159,161 < \item Other locked accounts may be created for other --- > > \item > Other locked accounts may be created for other 155a163 > 157,158c165,166 < \item Accounts used by major applications like a < database --- > \item > Accounts used by major applications like a database 160c168,170 < \item Locked account has no valid password --- > \item > Locked account has no valid password > 162,163c172,174 < \item Usually represented by "!!" < \item Fewer or greater than 100 characters for password --- > \item > Usually represented by "\verb?!!?" in > \file{/etc/shadow} 165c176,178 < \item Ensure that all locked accounts also have an invalid --- > > \item > Ensure that all locked accounts also have an invalid 173,179c186,192 < \textbf{Linux} ships with some \textbf{locked} < accounts, which means they can run programs, but can < never login to the system and have no valid password < associated with them. For example < \filelink{/etc/passwd} has entries like: < \vspace{\negkspace} < \begin{klst}[] --- > \textbf{Linux} ships with some \textbf{locked} accounts, > which means they can run programs, but can never login to > the system and have no valid password associated with > them. For example \filelink{/etc/passwd} has entries > like: > > \begin{out}[] 182,183c195,196 < \end{klst} < \vspace{\negkspace} --- > \end{out} > 186,187c199,200 < \vspace{\negkspace} < \begin{klst}[] --- > > \begin{out}[] 189,190c202,203 < \end{klst} < \vspace{\negkspace} --- > \end{out} > 199a213 > 201c215 < $ sudo usermod -L dexter --- > $ sudo usermod -L bjmoose 202a217 > 205,210c220,225 < \texttt{-U} option. < A customary practice is to lock a user's account < whenever they leave the organization or is on an < extended leave of absence. < Another way to lock an account is to use \textbf{chage} < to change the expiration date of an account: --- > \texttt{-U} option. A customary practice is to lock a > user's account whenever they leave the organization or is > on an extended leave of absence. Another way to lock an > account is to use \textbf{chage} to change the expiration > date of an account: > 212c227 < $ sudo chage -E 2014-09-11 morgan --- > $ sudo chage -E 2001-09-11 rjsquirrel 213a229 > users/passwords.tex --------------------------------------------------- diff LFS301EN/CHAPS/LFS301_users/passwords.tex LFS307/CHAPS/users/passwords.tex --------------------------------------------------- 0a1,2 > \clearpage > 6c8 < \begin{kcode} --- > \begin{out}[] 9c11 < \end{kcode} --- > \end{out} 68c70 < \section{/etc/shadow I} --- > \section{/etc/shadow} 185,190c187,192 < \vspace{\negkspace} < \begin{klst}[] < Changing password for clyde < (current) UNIX password: < New UNIX password: < Retype new UNIX password: --- > > \begin{out}[] > Changing password for bjmoose > (current) UNIX password: > New UNIX password: > Retype new UNIX password: 192c194 < \end{klst} --- > \end{out} 196c198 < $ sudo passwd kevin --- > $ sudo passwd rjsquirrel 198,201c200,203 < \vspace{\negkspace} < \begin{klst}[] < New UNIX password: < Retype new UNIX password: --- > > \begin{out}[] > New UNIX password: > Retype new UNIX password: 203c205 < \end{klst} --- > \end{out} 222,225c224,227 < $ sudo chage -l stephane < $ sudo chage -m 14 -M 30 kevlin < $ sudo chage -E 2012-4-1 isabelle < $ sudo chage -d 0 clyde --- > $ sudo chage -l beaver > $ sudo chage -m 14 -M 30 wally > $ sudo chage -E 2012-4-1 eddie > $ sudo chage -d 0 june users/root.tex --------------------------------------------------- diff LFS301EN/CHAPS/LFS301_users/root.tex LFS307/CHAPS/users/root.tex --------------------------------------------------- 1a2,52 > > \begin{frame} > {root Account} > > \begin{itemize} > \item Root account has full access to system > \item Never give root access to users > \item To change to root account: > \begin{cmd} > $ su > \end{cmd} > \item To execute command as root: > \begin{cmd} > $ sudo command > \end{cmd} > \item \textbf{sudo} configuration in: > \file{/etc/sudoers} and > \file{/etc/sudoers.d} > > \item > \textbf{sudo} far preferred over \textbf{su} > \end{itemize} > > \end{frame} > > \cprotect\note{ > root has access to everything and can do everything; > this is a very powerful account. > > \textbf{sudo} allows regular user accounts to have > root privileges on a temporary basis. \textbf{sudo} > can be configured to allow only certain accounts to > have this ability and for certain accounts to only > have elevated privileges for certain commands. See > \textbf{man sudo} for more details. > > \textbf{su} (pronounced ess-you and means switch or > substitute user) creates a sub-shell environment that > allows the user elevated privileges until they exit > that shell. \textbf{All} commands executed in that > sub-shell are executed with the elevated privileges of > the root user. > > \textbf{Mistakes will be made!} It is best to limit > your exposure to big mistakes, like removing many > important files, by not using an \textbf{su} sub-shell > to execute commands that do not require elevated > privileges. > > } > users/ssh.tex --------------------------------------------------- diff LFS301EN/CHAPS/LFS301_users/ssh.tex LFS307/CHAPS/users/ssh.tex --------------------------------------------------- 16c16 < $ ssh some_user@remote_computer.com apt-get update --- > $ ssh some_user@remote_computer.com apt update 27a28,32 > or even easier: > \begin{cmd} > $ pssh -viH node1 node2 node3 some_command > \end{cmd} > 49,50c54,55 < \vspace{\negkspace} < \begin{klst}[] --- > > \begin{out}[] 52c57 < \end{klst} --- > \end{out} 67a73,82 > You can use the \textbf{pssh} (\textbf{Parallel SSH}) utility to execute > a command on multiple systems in one fell stroke as in: > \begin{cmd} > $ pssh -viH machine1 machine2 machine3 do_something > \end{cmd} > > You may need to read the \textbf{man} page for > \textbf{pssh} to figure out all its options and how to > deal with passwords. > 101,104c116,119 < \vspace{\negkspace} < \vspace{\negkspace} < \small < { --- > > \vspace{-24pt} > > \small{ 118,119c133,134 < \vspace{\negkspace} < \begin{klst}[] --- > > \begin{out}[] 122c137 < \end{klst} --- > \end{out} 142,143c157,158 < \vspace{\negkspace} < \begin{klst}[] --- > > \begin{out}[] 146c161 < \end{klst} --- > \end{out} 152,153c167,168 < \vspace{\negkspace} < \begin{klst}[] --- > > \begin{out}[] 156c171 < \end{klst} --- > \end{out} 162a178,287 > \begin{frame} > {SSH config file precedence} > > The order the configuration files are processed: > \begin{enumerate} > \item \textbf{command line} options > \item \filelink{~/.ssh/config} > \item \filelink{/etc/ssh/ssh_config} > \end{enumerate} > > The precedence of the files and the contents is > \textbf{first match used}. > > \end{frame} > > \cprotect\note{ > > \begin{configlst}[\texttt{/home/student/.ssh/config}] > > Host apple > HostName 192.168.0.196 > User student > Port 4242 > IdentityFile /home/student/.ssh/custom > > Host aws > Hostname ec2-34-238-135-25.compute-1.amazonaws.com > User ubuntu > IdentityFile /home/student/.ssh/cloud1.pem > ForwardX11 no > PasswordAuthentication no > > Host * > > \end{configlst} > > In the above \filelink{~/.ssh/config} specific configuration > information is listed for the hosts \textbf{apple} and > \textbf{aws}. If neither of these match then the generic > parameters would apply. This configuration has no generic > parameters. The command usage would be: > \begin{cmd} > $ ssh apple > \end{cmd} > or > \begin{cmd} > $ ssh aws > \end{cmd} > > } > > \begin{frame} > {SSH on a Cloud system} > > \begin{itemize} > \item > SSH on a cloud system works the same, with some > automation applied. > \item > The ssh keys are generated for the default user > during cloud system creation > \item > The public key is copied into the default user's > \file{authorized\_keys} file > \item > An option to copy the public and private to your > local system is presented > \item > Password-based authentication is generally not > supported for users on cloud systems > \end{itemize} > > \end{frame} > > \cprotect\note{ > > It is not uncommon to misplace public keys on remote > systems. Recreating a public can be done with > \textbf{ssh-keygen}: > > \begin{cmd} > student@ubuntu:~/.ssh$ ~/.ssh$ ls -l > \end{cmd} > > \begin{out}[] > -rw------- 1 student student 411 Jul 11 07:01 id_ed25519 > -rw-r--r-- 1 student student 96 Jul 11 07:01 id_ed25519.pub > \end{out} > Rename the public key: > \begin{cmd} > student@ubuntu:~/.ssh$ mv id_ed25519.pub id_ed25519.pub.lost > student@ubuntu:~/.ssh$ ls -l > \end{cmd} > > \begin{out}[] > -rw------- 1 student student 411 Jul 11 07:01 id_ed25519 > -rw-r--r-- 1 student student 96 Jul 11 07:01 id_ed25519.pub.lost > \end{out} > \begin{cmd} > student@ubuntu:~/.ssh$ ssh-keygen -y -f ~/.ssh/id_ed25519 > ~/.ssh/id_ed25519.pub > student@ubuntu:~/.ssh$ ls -l > \end{cmd} > > \begin{out}[] > -rw------- 1 student student 411 Jul 11 07:01 id_ed25519 > -rw-rw-r-- 1 student student 96 Jul 11 07:04 id_ed25519.pub > -rw-r--r-- 1 student student 96 Jul 11 07:01 id_ed25519.pub.lost > \end{out} > > } 183c308 < \end{cmd} --- > \end{cmd} 194,195c319,321 < \vspace{\negkspace} < \vspace{\negkspace} --- > > \vspace{-24pt} > 201,202c327,328 < \vspace{\negkspace} < \begin{klst}[] --- > > \begin{out}[] 205c331 < \end{klst} --- > \end{out} 209c335 < $ sudo [dnf|zypper|apt-get] install tigervnc* --- > $ sudo [dnf|zypper|apt] install tigervnc* vfs/avail.tex --------------------------------------------------- diff LFS301EN/CHAPS/LFS301_vfs/avail.tex LFS307/CHAPS/vfs/avail.tex --------------------------------------------------- 10a11 > 16d16 < 20,21c20,22 < \item Commonly used filesystems include < \textbf{ext4, xfs, btrfs, squashfs, nfs} and \textbf{vfat} --- > \item > Commonly used filesystems include \textbf{ext4, xfs, > btrfs, squashfs, nfs} and \textbf{vfat} 23,24c24,26 < \item A list of currently supported filesystems can be < seen at \filelink{/proc/filesystems} --- > \item > A list of currently supported filesystems can be seen at > \filelink{/proc/filesystems} 31a34,49 > You can see a list of the filesystem types currently > registered and understood by the currently running > \textbf{Linux} kernel by doing: > > \begin{cmd} > $ cat /proc/filesystems > \end{cmd} > > \respfile{filesystems.inc} > > > (The ones with \texttt{nodev} are \textbf{special > filesystems} which do not reside on storage.) > Additional filesystems may have their code loaded as a > module only when the system tries to access a partition > that uses them. 33a52 > 37,38c56,57 < \textbf{Linux} supports many filesystem varieties, most with full < read and write access, including: --- > \textbf{Linux} supports many filesystem varieties, most > with full read and write access, including: 41,48c60,73 < \item \textbf{ext4}: \textbf{Linux} native filesystem (and earlier < \textbf{ext2} and \textbf{ext3} < \item \textbf{XFS}: A high-performance filesystem < originally created by \textbf{SGI} < \item \textbf{JFS}: A high-performance filesystem < originally created by \textbf{IBM} < \item \textbf{Windows}-natives: \textbf{FAT12, FAT16, FAT32, VFAT, NTFS} < \item Pseudo-filesystems resident only in memory, including --- > \item > \textbf{ext4}: \textbf{Linux} native filesystem (and > earlier \textbf{ext2} and \textbf{ext3}) > \item > \textbf{XFS}: A high-performance filesystem originally > created by \textbf{SGI} > \item > \textbf{JFS}: A high-performance filesystem originally > created by \textbf{IBM} > \item > \textbf{Windows}-natives: \textbf{FAT12, FAT16, FAT32, > VFAT, NTFS} > \item > Pseudo filesystems resident only in memory, including 50c75,76 < \item Network filesystems such as \textbf{NFS}, --- > \item > Network filesystems such as \textbf{NFS}, 52c78,79 < \item etc. --- > \item > etc. 59a87,100 > \textbf{Linux} supports many types of filesystems, and > more are constantly being added. These may be: > \begin{itemize} > \item > Native filesystems designed directly for \textbf{Linux}, > such as \textbf{ext4}. > \item > Filesystems brought over from other operating systems, > such as \textbf{xfs} and \textbf{ntfs}. > \item > Special filesystems which are not real filesystems, but > use the infrastructure to accomplish particular > purposes, such as \textbf{debugfs} > \end{itemize} 61,90c102,103 < You can see a list of the filesystem types currently registered < and understood by the currently running \textbf{Linux} < kernel by doing: < < \begin{cmd} < $ cat /proc/filesystems < \end{cmd} < \vspace{\negkspace} < \begin{klst}[] < iso9660 < squashfs < ext3 < ext2 < ext4 < fuseblk < nodev sysfs < nodev proc < nodev tmpfs < nodev debugfs < nodev sockfs < nodev hugetlbfs < nodev fuse < nodev nfsd < .... < \end{klst} < < (The ones with \texttt{nodev} are \textbf{special < filesystems} which do not reside on storage.) Additional < filesystems may have their code loaded as a module only when the < system tries to access a partition that uses them. --- > \textbf{Linux} is structured in a very modular fashion > which renders this flexibility which is put to good use. 92a106 > 138c152 < \textbf{ext3} Features include extents, 48-bit block --- > \textbf{ext3}. Features include extents, 48-bit block vfs/concepts.tex --------------------------------------------------- diff LFS301EN/CHAPS/LFS301_vfs/concepts.tex LFS307/CHAPS/vfs/concepts.tex --------------------------------------------------- 7,10c7,11 < \item The \textbf{name} of a file is just a property of its < \textbf{inode}, which is the more fundamental object. < \item Inodes are stored on the filesystem as well as being < data structures in memory. --- > \item The \textbf{name} of a file is just a property > of its \textbf{inode}, which is the more fundamental > object. > \item Inodes are stored on the filesystem as well as > being data structures in memory. 25,26c26,27 < Filenames are \textbf{not} stored in the inode; < they are stored in the \textbf{directory} --- > Filenames are \textbf{not} stored in the inode; they > are stored in the \textbf{directory} 33,35c34,35 < An inode is a data structure on disk that describes < and stores a file's attributes, including its < location. --- > An inode is a data structure on disk that describes and > stores a file's attributes, including its location. 44a45,63 > > Note that there are three timestamps: > > \begin{enumerate} > > \item > \textbf{Access Time}: The last time the file was > accessed for any purpose. > > \item > \textbf{Modification Time}: The last time file's > \textbf{contents} were modified. > > \item > \textbf{Change Time}: The last time the file's inode was > changed, by a change in permissions, ownership, > filename, hard links etc. > > \end{enumerate} 51c70,72 < \item \textbf{Hard} links point to an inode. --- > \item > \textbf{Hard} links point to an inode. > 53,55c74,78 < \item Two or more files can point to the same inode < (hard link) < \item All hard linked files have to be on the same --- > \item > Two or more files can point to the same inode (hard > link) > \item > All hard linked files have to be on the same 58,59c81,85 < \item \textbf{Soft} (or \textbf{symbolic}) links point to < a file name with an associated inode. --- > > \item > \textbf{Soft} (or \textbf{symbolic}) links point to a > file name with an associated inode. > 61,64c87,91 < \item Soft linked files may be on different < filesystems < \item The target may not exist or yet be mounted, < it can be \textbf{dangling} --- > \item > Soft linked files may be on different filesystems > \item > The target may not exist or yet be mounted, it can > be \textbf{dangling} 66c93,94 < \item Be careful with hard linked files: --- > \item > Be careful with hard linked files: 69,70c97,98 < Changing the contents in one place may not change it < at others --- > Changing the contents in one place may not change > it at others 71a100 > 72a102 > 87,92c117,126 < \item \textbf{Hard} links point to an inode. They are < made by using \textbf{ln} without an option. < \item \textbf{Soft} (or \textbf{symbolic}) links point < to a file name which has an associated inode. They < are made with using \textbf{ln} with the \verb?-s? < option. --- > > \item > \textbf{Hard} links point to an inode. They are made by > using \textbf{ln} without an option. > > \item > \textbf{Soft} (or \textbf{symbolic}) links point to a > file name which has an associated inode. They are made > by using \textbf{ln} with the \verb?-s? option. > 95,97c129,131 < Each association of a directory file contents and < an inode is known as a link. Additional links can be < created using \textbf{ln}. --- > Each association of a directory file contents and an inode > is known as a link. Additional links can be created using > \textbf{ln}. 100,103c134,137 < directory entries to point to the same inode (hard links), a < file can be known by multiple names, each of which has its < own place in the directory structure. However, it can have < only one inode no matter which name is being used. --- > directory entries to point to the same inode (hard links), > a file can be known by multiple names, each of which has > its own place in the directory structure. However, it can > have only one inode no matter which name is being used. 107,109c141,142 < the name has been converted to an inode number, the inode is < loaded into memory and is used by subsequent requests. < } --- > the name has been converted to an inode number, the inode > is loaded into memory and is used by subsequent requests. 110a144,150 > Normally when you modify a file it does not break the hard > links that reference the same inode. However, there are > (badly written) applications that can copy a file and > change it and then replace it, or delete a file and > replace it, and in the process create a new file that is > not linked any more. So keep your eye out for this > behavior if it is not intended. 111a152 > } vfs/labs.tex --------------------------------------------------- diff LFS301EN/CHAPS/LFS301_vfs/labs.tex LFS307/CHAPS/vfs/labs.tex --------------------------------------------------- 82,83c82,83 < \vspace{\negkspace} < \begin{klst}[] --- > > \begin{out}[] 86c86 < \end{klst} --- > \end{out} 103,104c103,104 < \vspace{\negkspace} < \begin{klst}[] --- > > \begin{out}[] 110c110 < \end{klst} --- > \end{out} vfs/special.tex --------------------------------------------------- diff LFS301EN/CHAPS/LFS301_vfs/special.tex LFS307/CHAPS/vfs/special.tex --------------------------------------------------- 35c35 < tuning kernel behaviour, or for implementing particular --- > tuning kernel behavior, or for implementing particular virtual/hypervisor.tex --------------------------------------------------- diff LFS301EN/CHAPS/LFS301_virtual/hypervisor.tex LFS307/CHAPS/virtual/hypervisor.tex --------------------------------------------------- 112c112 < \textbf{VMWare} --- > \textbf{Xen} 129a130,141 > The main difference between internal and external hypervisors > is architectural, Xen uses a macro-kernel architecture, a small kernel that manages > the shared resources. The Xen kernel is loaded by the grub boot loader first then > the Linux kernel is loaded as a virtual machine. This initial VM has the ability > to configure and control the Xen kernel and is normally called Domain0. The label of external is derived from Xen loading first, then Linux is loaded second. > > In contrast, KVM is part of Linux kernel and is activated by a kernel module. The > shared resources are managed by the Linux kernel. Since there is no separate kernel > for KVM it is considered internal. > > The specific differences may be debated, however both KVM and Xen provide hypervisor functionality to Linux. > 146,147c158,159 < \textbf{VMware ESX} (and related friends) is an < example of a hypervisor embedded into an operating --- > \textbf{Xen} and \textbf{VMware ESX} (and related friends) are > examples of hypervisors embedded into an operating virtual/kvm.tex --------------------------------------------------- diff LFS301EN/CHAPS/LFS301_virtual/kvm.tex LFS307/CHAPS/virtual/kvm.tex --------------------------------------------------- 91a92 > \item \textbf{cockpit} 122d122 < 124,128d123 < < < < < virtual/labs.tex --------------------------------------------------- diff LFS301EN/CHAPS/LFS301_virtual/labs.tex LFS307/CHAPS/virtual/labs.tex --------------------------------------------------- 163c163 < --- > \checkclearpage{LFS307} 339c339 < \begin{cmdtt} --- > \begin{cmd} 341,343c341,342 < $ sudo qemu-system-x86_64 -hda /var/lib/libvirtd/myimg.qcow2 \textbackslash < -cdrom /teaching/LFCW/RESOURCES/\course/CorePlus-current.iso -usbdevice tablet < \end{cmdtt} --- > $ sudo qemu-system-x86_64 -hda /var/lib/libvirtd/myimg.qcow2 -cdrom CorePlus-current.iso -usbdevice tablet > \end{cmd} 404a404,407 > > > \input{lab-cloud-init.tex} > virtual/libvirt.tex --------------------------------------------------- diff LFS301EN/CHAPS/LFS301_virtual/libvirt.tex LFS307/CHAPS/virtual/libvirt.tex --------------------------------------------------- 12a13 > \item \textbf{VMware} 22a24 > \url{https://www.libvirt.org} 31,60c33,66 < The complete list of currently supported hypervisors < at \url{https://www.libvirt.org}: < \begin{itemize} < \item < \textbf{QEMU/KVM} < \item < \textbf{Xen} < \item < \textbf{Oracle VirtualBox} < \item < \textbf{VMware ESX} < \item < \textbf{VMware Workstation/Player} < \item < \textbf{Microsoft Hyper-V} < \item < \textbf{IBM PowerVM (phyp)} < \item < \textbf{OpenVZ} < \item < \textbf{UML} (User Mode Linux) < \item < \textbf{LXC} (Linux Containers) < \item < \textbf{Virtuozzo} < \item < \textbf{Bhyve} (The BSD Hypervisor) < \item < \textbf{Test} (Used for testing) < \end{itemize} --- > The complete list of currently supported hypervisors can > be seen at \url{https://www.libvirt.org/drivers.html} > \begin{multicols}{2} > \begin{itemize} > \item > \textbf{LXC} (Linux Containers) > \item > \textbf{OpenVZ} > \item > \textbf{QEMU/KVM/HVF} > \item > \textbf{Test} (Used for testing) > \item > \textbf{VirtualBox} > \item > \textbf{VMware ESX} > \item > \textbf{VMware Workstation/Player} > \item > \textbf{Xen} > \item > \textbf{Microsoft Hyper-V} > \item > \textbf{Virtuozzo} > \item > \textbf{Bhyve} (The BSD Hypervisor) > \item > \textbf{Cloud Hypervisor} > \end{itemize} > \end{multicols} > > and a nice detailed and more thorough list can be seen at > \url{https://wiki.qemu.org/Documentation/Platforms}. > virtual/qemu.tex --------------------------------------------------- diff LFS301EN/CHAPS/LFS301_virtual/qemu.tex LFS307/CHAPS/virtual/qemu.tex --------------------------------------------------- 77c77,82 < }} --- > } > \vspace{12pt} > > See \url{https://wiki.qemu.org/Documentation/Platforms}. > > } 102a108,109 > \item > \textbf{VMware ESX} and \textbf{VMware Workstation/Player} 154c161 < \textbf{cmd}: Simplest --- > \textbf{raw}: Simplest 179c186 < \textbf{cmd} (default) --- > \textbf{raw} (default) 188c195 < There are many options. See \textbf{man qemu-img}. --- > There are many options. See \textbf{man qemu-img}. 195,196c202,203 < \vspace{\negkspace} < \begin{klst}[] --- > > \begin{out}[] 198c205 < \end{klst} --- > \end{out} virtual/whatis.tex --------------------------------------------------- diff LFS301EN/CHAPS/LFS301_virtual/whatis.tex LFS307/CHAPS/virtual/whatis.tex --------------------------------------------------- 72c72,74 < \textbf{Network:} The details of the actual physical --- > \textbf{Network:} > > The details of the actual physical yum/labs.tex --------------------------------------------------- diff LFS301EN/CHAPS/LFS301_yum/labs.tex LFS307/CHAPS/yum/labs.tex --------------------------------------------------- 163c163 < upgrade. While we could simply go the download page and --- > upgrade. While we could simply go to the download page and yum/yum.tex --------------------------------------------------- diff LFS301EN/CHAPS/LFS301_yum/yum.tex LFS307/CHAPS/yum/yum.tex --------------------------------------------------- 1c1 < \section{dnf and yum} --- > \section{dnf}