I got these from a guy who has probally forgotten more about Linux than I will ever know - see name and contact info below. I put them here instead of a direct link to his page because it seems that everytime I do that someone's page goes down and the information is lost.
~Matt
Version 3.7, June 17, 2007
Hugh Sparks
http://www.csparks.com
tar czf arch.tgz path # Make an archive (Add v for verbose)
tar xzf arch.tgz # Restore an archive (Add v for verbose)
tar tf arch.tar # List an archive (must not be gziped)
Other tar options
-C directory # Change to this directory first
-T fileList # Use this list of file names
--same-owner # Keep original ower when extracting
--same-permissions # Keep original permissions when extracting
--absolute-paths # Don't strip leading /
--directory dirPath # Change to this directory first
--files-from=fileList # Get file names from another file
gzip file
gunzip file.gz
zip -r archive.zip files...
unzip archive.zip
Normal unix-to-unix with locally mounted paths:
rsync -a --delete sourceDir/ destDir
Backup to a vfat or smb filesystem using only time attribute:
rsync -rt --delete --exclude="System Volume Information"* \
sourceDir/ destDir
The trailing / on the sourceDir is important:
It means copy the contents of sourceDir into destDir.
Mode of operation is one of "pio":
p Pass files through without using an archive file
i Extract from an archive
o Create an archive
Other common options:
t List the contents of the archive
m Preserve modification times
d Create directories as needed
u Overwrite files without warnings
Extract files from a cpio archive, create directories as needed
cpio -mid < archiveFile
Check for absolute file names in cpio archives
List the archive to see if it has absolute names.
Use --no-absolute-filenames if necessary.
This doesn't happen very often, but if it does and
you are root a Bad Thing (tm) can happen.
cpio -t < archiveFile
Use cpio to copy everyting in current dir to targetDir
Includes invisible dot files. Preserves all dates.
find . | cpio -pudm targetDir
On modern Linux systems "cp -a" will do the same thing.
Create a cpio archive from a list of files in current directory
find . | cpio -o > archiveFile
play test.wav
Use 'play' on systems with artsd (such as kde)
On these systems, /dev/dsp is always tied up by artsd.
Use the artsdsp command to run any program that would
normally access /dev/dsp directly:
artsdsp play test.wav
Record a "normal" stereo wav file:
rec -c 2 -f U -r 44100 -s w -v 8.0 test.wav
Options:
-c 2 Two channels (stereo)
-r 44100 Sample rate
-f Sample encoding:
s Signed linear (2's compliment)
u Unsigned linear
U U-law (logarithmic) U.S. standard
A A-law (logarithmic) EU. standard
a ADPCM (Adaptive Differential Pulse-Code Modulation)
i IMA_ADPCM
g GSM
-s Sample size:
b 8 bit bytes
w 16 bit words
l 32 bit long words
f 32 bit floats
d 64 bit floats
D 80 bit IEEE floats
-t File format:
au Sun
cdr CD track
gsm GSM 06.10 Lossy Speech Compression
wav Windows RIFF (Header contains all params)
-v Set the volume
1.0 No change
2.0 Linear increase by 2.0
0.5 Linear decrease by 2.0
8.0 About right to balance with other .wavs
The file format can be specified by giving the file
a matching extension.
ADPCM, IMA_ADPCM & GSM are intended for speech compression.
U-law would be appropriate for music.
esdplay
(Some people make this an alias for 'play')
Reroute microphone through esd
esdrec | esdcat
mpg123 yourfile.mp3
First run:
mpg123 -s yourfile.mpg > yourfile.raw
The above command will display the sample rate and the number
of channels. (Mono or Stereo)
The output is 16 bit, signed pcm, little endian. No header.
sox -c 2 -w -s -r xxx yourfile.raw yourfile.wav
The xxx value must be the sample rate displayed by mpg123.
You can pipeline mpg123 into sox. Use a - for the sox input.
An easier way to do both steps:
lame --decode yourfile.mp3 yourfile.wav
Use sox to play (almost) any sound file
sox inputOptions inputFile outputOptions outputFile
Do a "man soxexam" to see many examples.
Format options
Channels
-c n Where n = 1,2 or 4
Sample rate
-r rate Where rate is in Hertz
Sample size
-b 8 bits
-w 16 bits
-l 32 bits
Encoding
-s Signed linear
-u Unsigned linear
-U U-law (U.S. logarithmic)
-A A-law (Euro logarithmic)
-a ADPCM (Adaptive pulse-code modulation)
-i IMA_ADPCM
-g GSM
-f Floating point
Input file format is controled by the file extension:
.wav (You don't need to specify other options)
.au (Options may or may not be needed)
lame [-b bitrate] infile.wav outfile.mp3
lame [-b newbitrate] --mp3input oldfile.mp3 newfile.mp3
Rip the audio from an avi video
mplayer -novideo -ao pcm:file=result.wav source.avi
. includeFileName
source fileName
alias name='expression'
unalias name
var=value
unset var
exit value
export var=value,...
-d Is a directory
-e Exists
-f Is a regular file
-h Is a symbolic link
-r Is readable
-s Size is > 0
-w Is writable
-x Is executable
Example:
if [ -e <path> ] ; then
# Do this if file exists
fi
if [ ! -d <path> ] ; then
# Do this if it's not a directory
fi
-z <astring> # Length of string is zero
-n <astring> # Length of string is non-zero
-nt Newer than. Or file1 exists and file2 does not.
-ot Older than. Or file2 exists and file1 does not.
if [ <file1> -nt <file2> ] ; then
Do this if file1 is newer than file2 (or file2 does not exist)
fi
=, !=, <, >
-eq, -ne, -lt, -le, -gt, -ge
NOT prefix operator: !
AND operator: &&
OR operator: ||
Using command results as a parameter
Enclose the command in back-quotes:
Example: getting the size of a directory
dirSize=`du -s myDirectory | awk '{print $1}'`
Picking out the nth element of a string
The string should be pipelined to this command:
awk '{print $n}'
Example:
SIZE=`du -s -k myPath/myDir | awk '{print $1}'`
if [$SIZE -gt 4096]; then
echo "The directory myDir contains more than 4096kb"
fi
Picking out the nTh element from multi-line text
This example returns the memory size of the machine.
Note the escapes required on nested quotes:
memSize=`sh -c 'echo $7' \`cat /proc/meminfo\` `
cat > myPath/myFile <<- 'EOF'
line1
line2
...
lineN
EOF
Script name: $0
Parameters: $1,...,$n
All parameters starting with $1: $@
To shift all parameters left by 1: $1=$2, $2=$3 etc:
shift 1
You can shift by any positive n.
Local functions work like shell scripts.
The have their own $0..$n parameters:
demo()
{ echo Function: $0
echo Param 1: $1
shift 1
for i in $@ ; do
echo Arg: $i
done
}
demo special 123 456 789
echo Done
If-then-else:
if [ -e $pathname ] ; then
# It exists
elif [ -e $thatname ] ; then
# That exists
elif [ -e $theOther ] ; then
# The other exits
else
# They don't
fi
Iteration:
myDirs="dev etc bin proc mnt tmp var lib"
for dir in $myDirs ; do
mkdir $targetRoot/$dir
chmod u=rwx,og=rx $targetRoot/$dir
done
line="&test1=a1&test2=a2"
while [ $line != "" ]; do
a1=`echo $line | sed -e 's/.*&//'`
line=`echo $line | sed -e "s/&"$a1"//"`
echo $a1
done
There are others...
Integer computations
Note the lack of spaces between operands and operators.
This is the bash internal form:
let x=3+2
The external "expr" utility also supports integer expressions.
The expr form may be used anywhere, (inside backquotes)
not just in assignments. Note the spaces between operands
and operators.
expr 2 + 3
expr 12 / 4
expr 14 % 3 The % is "MOD"
Assignment
let p=5-2
p=`expr 5 - 2`
The parenthesis and mutiply require escapes with expr:
let q=(5-2)*3
q=`expr \( 5 - 2 \) \* 3`\
Use "bc" for floating point computation
echo 45.3/2 | bc -l
The trailing -l (lower case L) loads the floating point library
x=`echo 99.0/3.14 | bc -l`
y=`echo 14.2 + 11 | bc -l`
echo $x + $y | bc
Base conversions
echo "obase=16; 1234" | bc
Select decimal places for result
echo "scale=3; 1/3" | bc
You don't need to use the -l if you set the scale > 0
echo "scale=3; 7/2" | bc
echo "scale=0; 7/2" | bc
ls # Show current directory contents
ls -l $path # Show details about the file or directory
cd $dir # Change current directory to $dir
cd .. # Change current directory to parent directory
pwd # Show current directory path
mkdir $dir # Create a directory
cp $src(s) $dst # Copy $src file(s) to $dst
cp $src(s) $dir # Copy $src file(s) into the directory $dir
mv $src $dst # Move $src to $dst. Also used to rename files.
mv $src(s) $dir # Move a group of files into a directory
rm $file(s) # Remove (delete) files
rmdir $dir(s) # Delete empty directory(s)
rm -rf $dirs(s) # Delete files and/or directory(s) with their contents
> $file # Erase the contents of a file
cp -a $sourceDir $destDir
Backup a hierarchical directory
rsync -a --delete $sourceDir $destDir
1) Sym links, ownership, permissions and hidden files are copied.
2) A trailing "/" on either dir means "contents of".
3) Only the files that need to be copied get copied.
4) Files in the destDir but not in source are deleted.
chown owner file # owner only
chown owner.group file # owner & group
chown .group file # group only
chown owner. file # owner & group=owner
Change the permissions of a file
chmod changes fileName
The changes are a comma separated list of expressions.
Each expression is of the form:
users+permissions # Add permissions
users-permissions # Remove permissions
The users can be one or more of the letters:
u User (Oner of the file)
g Group (Group of users)
o Others (Everyone else)
OR:
a All (Same as "ugo", the default)
The permissions can be one or more of the letters:
r Read
w Write
x Execute
The user classes are specified in the order
UserGroupOther, with three bits for each to
enable or disable ReadWriteExecute.
Example:
chmod u+rwx,g+rw,o-rwx aFile
Numerical equivalent:
chmod 760 aFile
Show disk usage of current dir or selected dir
du -s <dir>
echo anything
echo anything > <path>
echo anything >> <path>
Update the modified time for a file
touch <path>
> <path>
Show differences between files
diff -r leftDir rightDir
Show files that differ without details
diff -r -q leftDir rightDir
Trace execution of a shell script
sh -x <fileName>
Monitor additions to a log file
tail -f <fileName>
ln -s <path> <name>
ls --color=tty
(Alias this to ls)
List a single column of names only
ls -1
find -type d -maxdepth 1
(Alias this to lsd)
List files in order of modification time
ls -lrt
List all open files and sockets
lsof
Run a shell script so it changes the environment
source .bash_profile (or whatever script you changed)
Run a command relative to another root file system
chroot newroot command
Execute a shell script and echo the commands for debugging
sh -x yourScript
Using cdrecord with non-scsi drives
The primary tool described in the following sections is "cdrecord".
The most current versions of this program accept normal Linux
CD device names, e.g. "/dev/cdrom" and support both SCSI and
ATAPI drives.
Earlier versions of cdrecord only worked with SCSI drives and
required the bizarre "x,y,z" drive name notation.
Create a data CDR readable by Linux (-r) or Windows (-J)
nice --18 mkisofs -l -J -r -V MyVolumeName sourceDirectory/ \
| cdrecord speed=x dev=/dev/cdrom -data -
To make a CDRW, add blank=fast to cdrecord options.
Speed should be 8 for CDRs and 4 for CDRW on my HP 9200.
Create a data DVD readable by Linux (-r) or Windows (-J)
growisofs -dvd-compat -Z /dev/hdc -J -r /path/to/directory
growisofs -dvd-video -Z /dev/hdc /pathTo/Directory
The Directory should contain the AUDIO_TS and VIDEO_TS
subdirectories expected on a video.
Create an ISO image file from a directory of files
mkisofs -l -r -J -V MyVolumeName -o myISOfile.iso.bin sourceDirectory/
Display info about writable media
dvd+rw-mediainfo /dev/hdc
Copy a raw DATA CD at the sector level. Source is on /dev/cdrom
cdrecord -v dev=/dev/cdrom speed=2 -isosize /dev/cdrom
Make an audio cd track from an mp3 file
mpg123 -s file1.mp3 \
| cdrecord speed=x dev=/dev/cdrom -audio -pad -swab -nofix -
Use this command for each track, then fixate using the
command documented next:
cdrecord dev=/dev/cdrom -fix
cdparanoia [-d device] trackRange result.wav
Rip all the tracks on an audio cd to a set of wav files
One wav per track:
cdparanoia 1- -B
Rip and convert one track to one mp3
cdparanoia trackNumber - | lame -b 160 - result.mp3
Record an audio cd from a directory full of wav files
One wav per track:
cdrecord speed=s dev=/dev/cdrom -audio *.wav
1- # Entire CD
-- -3 # Beginning through track 3
2-4 # Tracks 2 through 4
Create a CDR from an ISO image
cdrecord speed=4 dev=/dev/cdrom -data imageFile.iso.bin
For cdrw, add: blank=fast
Create a CDR from a raw partition
cdrecord speed=4 dev=/dev/cdrom -isosize -dao -data /dev/hda2
For cdrw, add: blank=fast
Create an ISO image file from a CD
readcd dev=/dev/cdrom f=myImageFile.iso.bin
Dealing with older versions of cdrecord
Older versions of cdrecord require scsi drivers or
scsi emulation with atapi drives. The following sections
show how to deal with this situation.
Make your ide cdrom look like a scsi device
The cdrecord program wants to see scsi devices:
The cdrom module must be loaded first, but it will
normally be loaded if it was operating in ide mode.
Otherwise, do an "insmod cdrom" first.
rmmod ide-cd
insmod cdrom
insmod sr_mod
insmod ide-scsi
The scsi-mod will be loaded if you have
a real scsi interface in your machine.
Otherwise, # it must be loaded before sr_mod.
Restore the cd to normal (IDE) operation
rmmod sr_mod ide-scsi
insmod ide-cd
Make atapi cd drives look like scsi at boot time
For this example, assume you have two ide drives:
hdc and hdd.
Method 1: Add this line in lilo.conf to the kernel section:
append="hdc=ide-scsi hdd=ide-scsi"
Method 2: Add these lines to /etc/modules.conf:
options ide-cd ignore=hdc
options ide-cd ignore=hdd
pre-install sg modprobe ide-scsi
pre-install sr_mod modprobe ide-scsi
pre-install ide-scsi modprobe ide-cd
Devices for the cd drives in scsi mode
/dev/scd0 cdram
/dev/scd1 cdrom
/dev/scd1 dvd
Device names for cd drives in ide mode
/dev/hdc cdram
/dev/hdd cdrom
/dev/hdd dvd
List all SCSI devices visible to cdrecord in x,y,z format
The cdrecord program will use "dev=x,y,z" notation where x,y,z are
shown by the command:
cdrecord -scanbus
File locations and descriptions
/etc/hosts # Known IP number/name bindings
/etc/fstab # Define mount points & filesystems
/etc/smb.conf # Config Samba server
/etc/exports # List of nfs exported directories
/etc/cram-md5.pwd # Imap & pop3 access: username <tab> password
/etc/dhcpd.conf # Configure dhcpd server (bootp)
/etc/inetd.conf # Configure servers (telnet, tftp, etc)
/etc/bashrc # Global functions and aliases
/etc/lilo.conf # Edit for boot setup, then run lilo
/etc/localtime # Link into a /usr/share/zoneinfo file
/etc/named.conf # Configuation for named DNS (bind)
/etc/resolv.conf # IP names and config for DNS
/etc/securetty # Terminals that are allowed to be root
/etc/DIR_COLORS # Colors used by color ls
/etc/modprobe.conf # Configure module loader
/etc/printcap # One entry per printer
/etc/profile # Global environment and startup
/etc/profile.d/*.sh # Modular global environ additions
/etc/ppp/options # Contains lock for ppp (Remove lock!)
/etc/ppp/ip-up.local # Things to do after connecting
/etc/ppp/pap-secrets # Username-password entries
/etc/ppp/resolv.conf # Created by ppp with usepeerdns option
/etc/pcmcia/config.opts # Used to exclude IRQ 12 for PS/2 mouse
/etc/pcmcia/network.opts # Configure and start pcmcia ethernet
/etc/securetty # List terminals allowed to login as root
/etc/sysconfig/pcmcia # Use this to turn on pcmcia
/etc/sysconfig/network # Start networking, set def gateway
/etc/sysconfig/network-scripts # ifcfg-xxx files for each interface
/etc/sysconfig/clock # Vars used in rc.sysinit to set the clock
/etc/sysctl.conf # Kernel settings for /proc/sys boot
/etc/rc.d/init.d # Start/stop scripts for system services
/etc/rc.d/rc.sysinit # Boot time configuration script
/etc/X11/XF86Config # Configuration for XFree86
/etc/X11/XF86Config-4 # New Configuration for XFree86 4.x
/etc/X11/fs/config # Configuration for xfs font server
/etc/X11/xdm/Xservers # List of servers and displays for xdm
/boot/vmlinuz # Conventional symbolic link to kernel image
/var/log/dmesg # Startup messages
/var/log/messages # Main system message log
/var/log/maillog # Log for mail i/o
/var/log/httpd # Apache web server log files
/var/named/ # Location of zone files for named
/var/spool/mail # Each user's mbox file for new mail
/var/spool/lpd/xxx # One xxx directory per printer
/var/spool/lpd/xxx/.config # Hidden access info for printer
/var/spool/mqueue # Directory for queued outgoing mail
/usr/X11R6/lib/X11/rgb.txt # Names for all the X colors
/usr/X11R6/lib/X11/ # X configuration stuff
/dev/sndstat # Shows the sound configuration
/lib/modules # Path to system modules
/usr/share/zoneinfo # Subdirectories contain time zone files
/usr/src/linux/.config # Hidden kernel config file
/usr/src/redhat/... # RPM source and build directories
# Root and swap volumes
/dev/hda1 / ext3 defaults 1 1
/dev/hda3 swap swap defaults 0 0
# Special device mounts
none /proc proc defaults 0 0
none /dev/pts devpts gid=5,mode=620 0 0
none /dev/shm tmpfs defaults 0 0
# Removable media
/dev/fd0 /mnt/floppy auto noauto,owner,kudzu 0 0
/dev/cdrom /mnt/cdrom iso9660 noauto,owner,kudzu,ro 0 0
# Logical volumes on the boot device
/dev/vg2/spoolVol /var/spool ext2 defaults 0 0
/dev/vg2/homeVol /home ext2 defaults 0 0
/dev/vg2/wwwVol /var/www ext2 defaults 0 0
# Logical volumes on the backup device
/dev/vg1/backVol /mnt/back ext3 defaults 0 0
/dev/vg1/archVol /mnt/dos ext3 defaults 0 0
# Samba network
//hp/dos /mnt/hpDos smbfs noauto,username=administrator 0 0
//hp/c /mnt/hpWin smbfs noauto,username=administrator 0 0
//sparksVaio/C$ /mnt/vaio smbfs noauto,username=administrator 0 0
//sparks9k/Main /mnt/9kWin smbfs noauto,username=administrator 0 0
# NFS network
# hp:/mnt/c /mnt/dummy1 nfs noauto,_netdev 0 0
# Loop mount example
# /mnt/Mac.hfs /mnt/mac hfs noauto,loop 0 0
Note: "sync" is the default, but if it is not specified, the
log gets complaints.
/mnt/back *.csparks.com(rw,no_root_squash,sync)
/mnt/dos *.csparks.com(rw,no_root_squash,sync)
/var/www/html *.csparks.com(rw,no_root_squash,sync)
boot=/dev/hda
root=/dev/hda6
map=/boot/map
message=/boot/message
install=/boot/boot.b
prompt
timeout=50
default=linux
# Enable boot partition beyond cylinder 1024:
lba32
image=/boot/vmlinuz
label=linux
root=/dev/hda6
read-only
image=/boot/oldlinuz
label=oldlinux
root=/dev/hda6
read-only
other=/dev/hda1
label=win
#boot=/dev/hda
default=0
timeout=10
splashimage=(hd0,0)/boot/grub/splash.xpm.gz
title Fedora Core (2.6.6-1.435.2.3)
root (hd0,0)
kernel /boot/vmlinuz-2.6.6-1.435.2.3 ro root=/dev/hda1 rhgb quiet
initrd /boot/initrd-2.6.6-1.435.2.3.img
Example /etc/sysconfig/static-routes
When a device is started, the static-routes file
is read by the script ifup-routes. For each line
that matches the device in the first parameter it
reads the line:
read device args
The routes are added by a script that performs "route add"
(Note the minus character before $args)
route add -$args $device
For example: (This is used to route back to basilisk)
eth0 host 192.168.2.3 gw 192.168.0.1
# OBSOLETE: Now using /etc/modprobe.conf
alias eth0 tulip
alias tap0 ethertap
alias scsi_hostadapter aic7xxx
alias parport_lowlevel parport_pc
alias sound-slot-0 es1371
alias sound-service-0-0 es1371
alias sound-service-0-3 es1371
alias sound-service-0-4 es1371
post-install sound-slot-0 /bin/aumix-minimal \
-f /etc/.aumixrc -L >/dev/null 2>&1 || :
pre-remove sound-slot-0 /bin/aumix-minimal \
-f /etc/.aumixrc -S >/dev/null 2>&1 || :
alias usb-controller usb-uhci
alias char-major-180 usbcore
alias cdrom sr_mod
alias cdram sr_mod
above sr_mod ide-scsi
alias char-major-195 NVdriver
alias net-pf-1 unix
alias net-pf-17 af_packet
alias eth0 8139too
alias eth1 tulip
alias scsi_hostadapter fdomain
alias snd-card-0 snd-intel8x0
install snd-intel8x0 /sbin/modprobe --ignore-install snd-intel8x0 && /usr/sbin/alsactl restore >/dev/null 2>&1 || :
remove snd-intel8x0 { /usr/sbin/alsactl store >/dev/null 2>&1 || : ; }; /sbin/modprobe -r --ignore-remove snd-intel8x0
alias usb-controller ohci-hcd
alias char-major-195* nvidia
mouse -> /dev/input/mice
modem -> /dev/ttyS0
cdrom -> /dev/hdc
cdrom1 -> /dev/hdd
Part of my basement LAN configuration
# /etc/rc.d/init.d/dhcpd
ddns-update-style ad-hoc;
option domain-name "csparks.com";
option domain-name-servers 192.168.1.2;
subnet 192.168.1.0 netmask 255.255.255.0
{ option routers 192.168.1.2;
option subnet-mask 255.255.255.0;
option broadcast-address 192.168.1.255;
}
subnet 192.168.0.0 netmask 255.255.255.0 {}
host hp
{ hardware ethernet 00:20:78:12:16:89;
fixed-address 192.168.1.1;
option host-name "hp";
}
host sparks750
{ hardware ethernet 00:60:08:8a:b9:ce;
fixed-address 192.168.1.3;
option host-name "sparks750";
}
hdparm options /dev/hda
-c 1 I/O support mode 1 (32 bit)
-c 2 I/O support mode 2 (16 bit)
-c 3 I/O support mode 3 (32 bit & sync)
-m 16 Multi sector count 16 on
-A 1 Enable drive read-ahead
-a 8 Drive read-ahead count
-d 1 DMA On
-u 1 Enable interruptable driver (dangerous)
-X 66 Ultra DMA mode 2 (dangerous, unnecessary)
-X 34 Multiword DMA mode 2 (dangerout, unnecessary)
-S n Spindown time in 5sec tics (0 <= n <= 240)
-t Perform & display drive test results
-T Perform & display Linux disk cache test
Example tuning for my computer
A 200G Maxtor on my server has these settings:
hdparm -A 1 -a 8 -m 16 -d 1 -c 2
/etc/sysconfig/harddisks
Dump the entire DNS configuration
nslookup
server=dns1.somedomain.com
ls -d somedomain.com
dig @dns1.somedomain.com any mail.somedomain.com
The following sections show the DNS configuration files for my site.
Keep this file empty!
order hosts,bind
domain csparks.com
nameserver 127.0.0.1
NETWORKING=yes
HOSTNAME=server
GATEWAY=192.168.0.254
options {
directory "/var/named";
forward first;
forwarders {
66.50.135.146;
170.215.255.114;
};
};
logging {
category lame-servers { null; } ;
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "localhost.rev";
allow-update { none; };
};
zone "csparks.com" {
type master;
allow-update { none; };
file "csparks.zone";
};
zone "1.168.192.in-addr.arpa" {
type master;
allow-update { none; };
file "csparks.rev";
};
$TTL 3D
@ IN SOA server.csparks.com. hugh.csparks.com. (
2001100710 ; Serial
8H ; Refresh
2H ; Retry
4W ; Expire
1D ) ; Minimum
IN NS server.csparks.com.
1 IN PTR localhost.
; csparks.zone - Zone file for csparks.com
$TTL 3D
@ IN SOA server.csparks.com. postmaster.csparks.com. (
20040807 ; serial: todays date + todays serial
8H ; refresh, seconds
2H ; retry, seconds
4W ; expire, seconds
1D ) ; minimum, seconds
NS server
MX 10 mail.csparks.com.
localhost A 127.0.0.1
server A 192.168.1.2
router A 192.168.0.254
hp A 192.168.1.1
sparks750 A 192.168.1.3
mac A 192.168.1.5
sparksVaio A 192.168.1.7
sparks9k A 192.168.1.9
cyndi81 A 192.168.1.10
guest A 192.168.1.11
sparks730 A 192.168.1.23
wireless A 192.168.1.99
mail CNAME server
ftp CNAME server
www CNAME server
shell CNAME server
hardinge CNAME server
watchmaking CNAME server
ipchange CNAME server
dspam CNAME server
proxy CNAME server
$TTL 3D
@ IN SOA server.csparks.com. postmaster.csparks.com. (
20040312 ; Serial, todays date + todays serial
8H ; Refresh
2H ; Retry
4W ; Expire
1D) ; Minimum TTL
NS server.csparks.com.
1 PTR hp.csparks.com.
2 PTR server.csparks.com.
3 PTR sparks750.csparks.com.
5 PTR mac.csparks.com.
7 PTR sparksVaio.csparks.com.
9 PTR sparks9k.csparks.com.
10 PTR cyndi81.csparks.com.
11 PTR guest.csparks.com.
23 PTR sparks730.csparks.com.
99 PTR wireless.csparks.com.
254 PTR router.csparks.com.
Send a file to another user with sendmail
sendmail <useraddress> < <messageFileName>
Send a typed message to another user
mail -s 'A subject string' someone@somewhere.com
Type your message here
and end with a <control>d
Send mail with a binary attachment
cat afile.bin | uuencode temp.txt | mail -s "This is a test" userid
Talk to sendmail directly for debugging
telnet <destinationMachine> 25
ehlo <yourDomainName>
mail from: <yourEmailAddress>
rcpt to: <receiverEmailAddress>
data
Type your message here and end with a dot:
.
quit
Talk to a POP server directly for debugging
telnet <destinationMachine> 110
USER <yourEmailAddress>
PASS <yourPassword>
STAT
RETR n
DELE n
QUIT
Talk to an IMAP server directly for debugging
telnet <destinationMachine> 143
a login <yourUsername> <yourPassword>
a select inbox
a fetch <n> full
a fetch <n> body[header]
a fetch <n> body[text]
a logout
Enable the sendmail daemon via rc scripts
You only do this if the machine is a server.
chkconfig --add sendmail
service sendmail start
Changes for sendmail.mc
/etc/mail/sendmail.mc: (Changes only)
dnl DAEMON_OPTIONS(Port=smtp,Addr=127.0.0.1, Name=MTA)dnl
dnl FEATURE(accept_unresolvable_domains)dnl
FEATURE(`masquerade_entire_domain')dnl
FEATURE(`masquerade_envelope')dnl
FEATURE(`allmasquerade')dnl
MASQUERADE_AS(`csparks.com')dnl
MASQUERADE_DOMAIN(`csparks.com')dnl
If you run an mail server behind NAT,
sendmail may try to use the envelope sender "localhost.localdomain".
This upsets a lot of remote MTAs and they may bounce your email.
To fix this, add this line to sendmail.mc:
define(`confDOMAIN_NAME', `server.csparks.com')dnl
Whatever name you use should resolve externally to your server.
After changing /etc/mail/sendmail.mc you must run:
m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf
service sendmail restart
Allow all local hosts on your domain to relay:
/etc/mail/access:
csparks.com RELAY
makemap hash /etc/mail/access < /etc/mail/access
On the server, populate local-host-names with machine names that
have local accounts. When mail arrives for any of these machines,
the user name is presumed to match that of a local user.
csparks.com
mail.csparks.com
People who have identical user names on other machines must be
sorted out with distinct local accounts:
virtusertable:
user@machine1 localUserName1
user@machine2 localUserName2
makemap hash /etc/mail/virtusertable < /etc/mail/virtusertable
In client /etc/hosts file, add "doted" entries for the server:
Not required if you run a real DNS with bind.
192.168.0.2 mail.csparks.com mail.csparks.com.
Restart sendmail after reconfiguring
kill -HUP `head -1 /var/run/sendmail.pid`
Entry for /etc/xinetd.d
service imap
{ socket_type = stream
wait = no
user = root
server = /usr/sbin/imapd
disable = no
}
Create an md5 password file owned by root:
touch /etc/cram-md5.pwd
Add one line for each imap user of this form:
username<tab>password
Both pop & imap will use this file to avoid
transmitting clear-text passwords.
After editing, the file permissions should be changed:
chmod a-rwx,o+r /etc/cram-md5.pwd
Serve mailing lists using GNU mailman
This example assumes you have installed a redhat/fedora mailman rpm.
Initial setup of the program:
Edit: /usr/lib/mailman/Mailman/mm_cfg.py
Modify these definitions:
DEFAULT_URL_HOST = 'www.yourdomain.com'
DEFAULT_EMAIL_HOST = 'yourdomain.com'
Create the "mailman" mailing list:
cd /usr/lib/mailman
./bin/newlist mailman
You will be asked to provide your email address and a password.
A list of alias defintions are presented and you must copy
these into:
/etc/aliases
Then run:
newaliases
Provide a site password by running:
cd /usr/bin/mailman
./bin/mmsitepass
Configure the system service
chkconfig mailman on
service mailman start
Edit the httpd configuration file in:
/etc/httpd/conf.d/mailman
Un-comment and edit the line at the end to redirect mailman
queries on your server, then restart httpd:
service httpd restart
Now you can visit
http://www.yourdomain.com/mailman
Check your own email and you should see the creation
announcement for the new list "mailman."
To create new lists:
cd /usr/lib/mailman
./bin/newlist mynewlist
To delete a list
cd /usr/lib/mailman
./bin/rmlist listname
To remove all the associated archives as well:
./bin/rmlist -a listname
fdformat /dev/fd0H1440
mkfs -t msdos /dev/fd0H1440 1440
When putting ext2 on a floppy, omit the su reserve:
mkfs -t ext2 -m 0 /dev/fd0H1440 1440
Some-but-not-all floppies can be enlarged:
fdformat /dev/fd0u1722
mount -t iso9660 -ro /dev/hdc /mnt/cdrom
mount -t vfat /dev/hda5 /mnt/dos
mount -t ext2 /dev/sda3 /mnt/jazz
mount -t ntfs /dev/hda1 /mnt/nt
mount -t smbfs //sparks750/c /mnt/sparks750
(See fstab below for more smbfs options)
mount -t hfs /dev/sda /mnt/jazz -o afpd -o uid=500
(Currently, the afpd option hangs up the Mac...)
mount -t nfs mac.sparks.com:/root /mnt/macroot
To support nfs mounts, remote system must have /etc/exports:
/root *.sparks.com(rw)
Make and mount 1Meg file system inside a file
dd if=/dev/zero of=MyDiskImage.ext2 bs=1k count=1000
mkfs -t ext2 MyDiskImage.ext2
mkdir here
mount -t ext2 -o loop MyDiskImage.ext2 here
Make and format a Macintosh filesystem inside a file
dd if=/dev/zero of=MacDiskImage.hfs bs=1k count=whatever
hformat -l "HD1" MacDiskImage.hfs
df
Show details about a linux file system
tune2fs -l /dev/hdax
mkfs -t ext2 -j /dev/hdax
tune2fs -j /dev/hdax
Resize a file system (offline)
Revert from ext3 to ext2 if necessary (see below)
I have heard that this step is unnecessary.
unmount /dev/hda1
e2fsck -f /dev/hda1
resize2fs /dev/hda1 newSizeInBlocks
mount /dev/hda1 /mnt/point
If newSize is not specified, the file system will grow to
fill the partition.
After shrinking a file system, you can shrink the partition to match.
After growing a partition, you can grow the file system to match.
Revert an ext3 file system to ext2
umount /dev/hda1 # Unmount the partition
tune2fs -O ^has_journal /dev/hda1 # Turn off journaling
e2fsk -y /dev/hda1 # Check for errors
mount -t ext2 /dev/hda1 /mnt/point # Remount as ext2
cd /mnt/point # Go to root directory
rm -f .journal # Remove the journal
You must update entry in fstab if this is a permanent change.
Ext3 should be reverted to ext2 before resizing.
Convert an ext2 file system to ext3
tune2fs -j /dev/hda1
Edit fstab to indicate ext3
If this is the root partition, you need to use an initrd to boot.
See redhat documentation for details.
Create and use an encrypted dm_crypt volume
This is the new and prefered way to handle file system encryption.
See the next section on the older "cryptoloop" method.
You need a device to access a whole drive, a partition, a logical
volume or a loopback file. We will use "myDev" for this example.
A new filesystem will be created in this example.
Create a dm_crypt mapping to the device
cryptsetup create mymap mydev
You will be prompted for the passphrase.
The default cipher is AES 256.
Now you can create and mount any normal filesystem:
mkfs -t ext2 /dev/mapper/mymap
mount -t ext2 /dev/mymap /mnt/mymount
When you are finished using the volume:
umount /mnt/mymount
cryptsetup remove mymap
When mounting a previously-created dm_crypt volume:
cryptsetup create mymap mydev
mount /dev/mapper/mydev /mnt/mymount
Create and use an encrypted cryptoloop volume
This is the older and depricated method for using an encrypted
loopback filesystem. It depends on patched versions of of losetup
that are not part of recent Linux distributions.
First make a big file of random stuff:
dd if=/dev/urandom of=myfile bs=1M count=50
Load the crypto module group and your selected cypher:
modprobe cryptoloop
modprobe cipher-twofish
Mount the file as an encrypted loopback device:
losetup -e twofish /dev/loop0 myfile
You will need to answer these questions:
Available keysizes (bits): 128 192 256
Keysize: 128
Password :
Now you can create and mount any normal filesystem:
mkfs -t ext2 /dev/loop0
mount -t ext2 /dev/loop0 /mnt/myMount
When you are finished using the volume:
umount /mnt/myMount
losetup -d /dev/loop0
To mount a previously-created cryptoloop volume:
mount -t ext2 -o loop,encryption=twofish myfile /mnt/myMount
Incoming and outgoing IP packets pass through chains.
A chain is a list of rules.
A rule specifies a pattern to match in an IP packet's header.
If the rule does not match, the packet is passed on to the
next rule in the chain.
If the rule matches, the packet is passed to the target.
The target of a rule can be another chain or one of the
special targets: ACCEPT, DROP, QUEUE or RETURN.
ACCEPT - Let the packet through
DROP - Throw the packet away
RETURN - Leave this chain and let the caller decide.
QUEUE - Pass the packet to an external program.
There are built-in chains and user-defined chains.
If packet 'runs off' the end of a user-defined chain without
triggering a rule, RETURN is the default target. If a packet
runs off the end of a built-in chain, a default target is
selected. This target is configured by a command that sets
the default chain policy.
Chains are organized into named tables. There are two commonly
used tables: "filter" and "nat". Both of these tables have some
built-in chains that are connected in a flow diagram.
(A link to the diagram is in the next section.)
Chains have names local to their parent table.
It convenient to think of the complete name of a chain as the
concatenation of the table name and the chain name.
(Different tables may use the same local chain names.)
When a packet arrives for processing by the firewall, its source
and destination address are examined to determine which built-in
filter chain should be used:
INPUT - Destination is on this machine.
OUTPUT - Source is on this machine, destination is elsewhere.
FORWARD - Source and destination are elsewhere.
The FORWARD chain is exclusive: packets that arrive from outside
to be routed elsewhere do not pass through the INPUT or OUTPUT chains.
The "nat" table contains chains for packets that get altered by rules.
Built-in chains for "nat":
PREROUTING - Alters packets before routing to INPUT or FORWARD.
OUTPUT - Alters packets after INPUT and before OUTPUT.
POSTROUTING - Alters packets after OUTPUT or FORWARD.
PREROUTING is used to alter the packet destination (DNAT).
This is used, for example, when you want to route mail or web traffic
to some other machine on your LAN.
POSTROUTING is used to alter the packet source (SNAT). This is used
to allow machines on your LAN to share a single IP address on the internet.
To really see what's going on, you need to study this diagram.
Commonly used flags for creating rules
-t TableName (default is filter)
-A ChainName to append this new rule
-s Source IP address
-d Destination IP address
-i Input interface
-o Output interface
-p IP protocol
-j Target
--dport Desination port
--sport Source port
Examples:
To drop all packets from an ip address stored in "badGuy":
iptables -t filter -A INPUT -i eth0 -s $badGuy -j DROP
To pass all mail arriving on "netDev" to "anotherIP":
iptables -t nat -A PREROUTING -i $netDev -p tcp \
--dport smtp -j DNAT --to-destination $anotherIP:smtp
In the example above, the packet destination will be altered so
it goes to $anotherIP. The FORWARD chain will then process the
packet becase the source and destination are now external.
If the the default policy for the FORWARD chain is not ACCEPT,
you need to add this rule:
iptables -t filter -A FORWARD -i $netDev -p tcp \
--dport smtp -d $otherMachine -j ACCEPT
TCP/IP header diagram
The flags are used to match various parts of the IP
and/or TCP header.
To really see what's going on, you need to study this diagram.
Commonly used IP protocols
tcp, udp, icmp
Commonly used ports
http, ftp, nntp, pop3, imap, smtp, ssh, domain
Remove all rules on a chain or on all chains (--flush)
iptables -F optionalChainName
Delete a chain or all chains (--delete-chain)
iptables -X optionalChainName
Zero packet & byte counters in all chains (--zero)
iptables -Z optionalChainName
Create new chain (--new-chain)
iptables -N newChainName
Apply a default policy (--policy)
Only valid for built-in chains (INPUT, OUTPUT, etc.)
The policy target cannot be another chain.
iptables -P chainName target
List the rules in a chain
iptables -L optionalChainName
Rules to reset (eliminate) a firewall
iptables -t filter -F
iptables -t filter -X
iptables -t filter -Z
iptables -t nat -F
iptables -t nat -X
iptables -t nat -Z
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT
Target for logging a rule (must go before the planned action)
-j LOG --log-prefix "Firewall: My rule fired"
Enable forwarding NAT when the server has a static IP address
(The static IP of the server is in the variable $inetIP)
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -o $inetDev -j SNAT --to-source $inetIP
iptables -A FORWARD -i $lanDev -j ACCEPT
Enable forwarding NAT when the server has a dynamic IP address
echo 1 > /proc/sys/net/ipv4/ip_forward
echo 1 > /proc/sys/net/ipv4/ip_dynaddr
iptables -t nat -A POSTROUTING -o $inetDev -j MASQUERADE
Forwarding a port to another server
iptables -t nat -A PREROUTING -i $inetDev -p $proto --dport $port
-j DNAT --to-destination $targetIP:$port
iptables -A FORWARD -i $netDev -p $proto --dport $port
-d $targetIP -j ACCEPT
Where
$inetDev = Device for incomming packets
$proto = Protocol: tcp, udp, or icmp
$port = The port you want to forward
$targetIP = The target server
Simple iptables firewall
Automatic iptables using the redhat init script
When the system boots, the firewall configuation is restored from:
/etc/sysconfig/iptables
This file can be updated by using the command
iptables-save > /etc/sysconfig/iptables
Enable the script at boot time using
chkconfig --add iptables
Other init script operations:
service iptables start # Apply /etc/sysconfig/iptables
service iptables stop # Admit all packets (remove firewall)
service iptables panic # Stop all incomming packets
service iptables restart # Reload the tables
service iptables save # Does iptables-save for you
service iptables status # Display the tables
Common kernel settings for a firewall
IMPORTANT: Changing the value of ip_forward resets many other
parameters to their default values. Your script should always
set the value of ip_forward first!
Bash commands to configure the kernel:
echo 1 > /proc/sys/net/ipv4/ip_forward
echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
echo 1 > /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses
echo 1 > /proc/sys/net/ipv4/tcp_syncookies
echo 1 > /proc/sys/net/ipv4/conf/all/rp_filter
echo 0 > /proc/sys/net/ipv4/conf/all/accept_source_route
echo 0 > /proc/sys/net/ipv4/conf/all/accept_redirects
Alternatively, the /proc settings may be configured in the
file /etc/sysctl.conf:
net.ipv4.ip_forward = 1
net.ipv4.icmp_echo_ignore_broadcasts = 1
net.ipv4.icmp_ignore_bogus_error_responses = 1
net.ipv4.tcp_syncookies = 1
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.all.accept_redirects = 0
At boot time, sysctl.conf is loaded by /etc/rc.d/rc.sysinit
Load the firewire packet module
modprobe ieee1394
Load the firewire card controller
modprobe ohci1394
The ohci module will recognize your disk as a SCSI device
and automatically load the serial bus protocol (sbp2) module.
If you need to see what's going on for debugging, do a
tail -f /var/log/messages in another shell window before
you load the module.
Scan the bus for the SCSI address
cdrecord --scanbus
Mine was at SCSI addresss 2,0,0 so it is /dev/sdb.
If the result had been 1,x,y it would be on /dev/sda.
Use fdisk to find the partition name
fdisk /dev/sdb
I found the DOS partition on the ipod at /dev/sdb2
mkdir /mnt/ipod
mount -t vfat /dev/sb2 /mnt/ipod
/dev/sb2 /mnt/ipod vfat noauto 0 0
Mount the device when an fstab entry exists
mount /mnt/ipod
umount /mnt/ipod
rmmod sbp2
After the rmmod, the iPod will tell you that
it's ok to disconnect. This precaution should
be observed before unplugging any firewire disk.
Remounting (With firewire and ohci already loaded)
modprobe sbp2
mount /mnt/ipod
mogrify -resize 50% *.jpg
Resize images to specified width (height will be proportional)
mogrify -resize 400 *.jpg
Convert color images to grayscale (blank and white)
mogrify -colorspace gray *.jpg
mogrify -format jpg *.gif
Rotate a jpg 90 degrees clockwise, width equals height
mogrify -rotate 90 myfile.jpg
Rotate a jpg 90 degrees clockwise, width greather than height
mogrify -rotate "90>" myfile.jpg
Rotate a jpg 90 degrees clockwise, width less than height
mogrify -rotate "90<" myfile.jpg
dmesg
Slow down the boot process so you can see what happens
Add 'confirm' (no quotes) to the lilo command line:
Example, At the lilo promp:
LILO: vmLinuz confirm
Display all system version information
uname -a
Display only the kernel version string
uname -r
Specify the root device on a boot floppy
rdev /dev/fd0 /dev/hda7
Show the root device for an image file
rdev anImageFile
Set the root device for an image file
rdev anImageFile /dev/hda7
mknod /dev/name type major minor
Where type is p b c or u
Make a ramdisk root file system image with support for PCMCIA
pcinitrd --all myInitrdFile
Mount a RAM disk root file system image so you can poke around inside
mount -t ext2 -o loop myInitrdFile /mnt/initrd
(You have to gunzip compressed images first)
ulimit -c <size>
You can disable core dumps by putting "ulimit -c 0" in
/etc/profile
cardctl { suspend, resume, status, eject, insert } slot#
cardinfo # X interface for cardctl
Copy raw kernel image to floppy device (obscure way)
dd if=/boot/vmlinuz of=/dev/fd0 bs=8192
DOS command to boot with a commpressed RAM disk root file system
loadlin vmlinuz initrd=myGZippedFileSystemImage
Change a dynamic kernel parameter (example)
echo anInteger > /proc/sys/kernel/file_max
Update module dependancies after editing /etc/modules.conf
depmod -a
Tell lilo you have edited lilo.conf
lilo
Tell the kernel to flush the write-behind cache
sync
Write something in the system log (Great for system script debugging)
logger -t MyProgram "This is a message"
Also see "man initlog" for debugging init.d scripts.
Update /usr/src/linux symbolic link to point at sources.
Go into /usr/src/linux
Backup .config to a safe place if you want to keep a copy.
make mrproper (Will delete old .config)
make xconfig (Fill in the blanks and write the .config file)
OR Copy in an old .config file and do:
make oldconfig
Edit the Makefile to bump the version number!
make dep clean bzImage install ;
make modules modules_install
If your root device has a modular driver
you will need an initial ram disk at boot time.
For kernel/module version set xx.yy.zz use:
mkinitrd /boot/initrd-xx.yy.zz xx.yy.zz
This will build a ramdisk file system image that contains
all the loadable modules for block devices described in your
/etc/conf.modules file. See also pcinitrd for PCMCIA boot
devices.
Add another entry for your old kernel to lilo.conf & run lilo.
Move any modules you don't build (like dpc)
Some versions of gcc are not compatible with some kernels.
Redhat supplies a "kgcc" for these systems.
OBSOLETE: This is part of the kernel make process now!
Preserve the Redhat-modified /etc/pcmcia/network script.
In the pcmcia-cs source directory:
make clean config
Answer the questions: Symbols from the source tree and
don't say yes to the plug & play bios question.
make all install
Restore the redhat version of /etc/pcmcia/network
Put the patch file in /usr/src (above 'linux') and cd there.
Then:
patch -s -p0 < patchfile
Add the --dry-run option
Copy raw kernel image to make a bootable floppy device
cp zImage /dev/fd0
Build cross versions of binutils and gcc:
Define the appropriate CROSS_COMPILE prefix and
use ./config & make as usual.
Make a separate copy of kernel sources.
Don't update the /usr/src/linux symbolic link.
The /usr/src/linux must point to your host kernel source.
Edit the Linux Makefile in the new kernel sources.
The CROSS_COMPILE must match the one used for the
binutils & gcc. Example:
ARCH := ppc
CROSS_COMPILE =powerpc-linux-
Proceed as usual.
Re-lilo a linux boot partition that is not the running system
The need for this arrises when you forget to lilo a new kernel.
Boot from a CD or floppy, mount the target Linux partition. Then:
chroot linuxPartition lilo
Redefine the backspace/delete key
Used when telneting to unusual systems
stty erase <press a key>
Show the keycodes as you press keys
showkey
Turn on autorepeat (Sometimes it goes away...)
xset r
Restore default backspace key operation
xmodmap -e "keycode 22 = BackSpace"
Restore default delete key operation
xmodmap -e "keycode 107 = Delete"
Physical Volume - A whole disk or a partition on a disk.
Volume Group - A collection of physical volumes.
Logical volume - A "partition" on a Volume Group.
If LVM has never been used on a system, first run
vgscan to create the /dev directory and other structures.
Each partition must have a partition type of 0x8E. (Use fdisk)
(This does not apply if you are using a whole disk.)
pvcreate /dev/hdb # A whole disk
pvcreate /dev/hda3 # A partition
An error may be reported if you try to create a physical
volume from a whole disk that had partitions defined.
To destroy the partition table for a whole disk:
dd if=/dev/zero of=/dev/hdb bs=1K count=1
blockdev --rereadpt /dev/hdb
Create a volume group using several physical volumes
vgcreate myVG /dev/hdb /dev/hda3
Note: If you are using devfs, you must use the whole physical name
not just the symbolic link in /dev. For example:
/dev/ide/host0/bus0/target0/lun0/part1
Extend a volume group by adding another physical volume
vgextend /dev/myVG /dev/hda5
Reduce a volume group by removing a physical volume
vgreduce /dev/myVG /dev/hda3
This can be done live, but you have to make sure all
the extents in use on the physical volume are moved
to another volume. To do this before executing the
command shown above, you would use:
pvmove /dev/hda3
lvcreate --size 200M --name myVol myVG
You can now use this logical volume like a normal partition
mkfs -t ext2 /dev/myVG/myVol
mount -t ext2 /dev/myVG/myVol /mnt/myMP
Extend a logical volume to a specific size
lvextend --size 12G /dev/myVG/myVol
Does NOT extend the size of the file system!
Extend a logical volume by adding a specific size
lvextend --size +1G /dev/myVG/myVol
Does NOT extend the size of the file system!
Extend the file system and logical volume at the same time
e2fsadm --size +2G /dev/myVG/myVol
Sadly, there is no e2fsadm for LVM version 2...
Extend the file system and logical volume (the old way)
You have to unmount first
umount /mnt/myMP
Grow the volume
lvextend --size +40G /dev/myVG/myVol
Check the filesystem (It makes you do this before the resize)
e2fsck -f /dev/myFG/myVol
Resize the file system to take up all the available space
resize2fs /dev/myVG/myVol
Reduce a file system and logical volume at the same time
e2fsadm --size -200M /dev/myVG/myVol
Activate all volume groups at boot time
vgscan
vgchange --available y
umount /mnt/myMP
lvchange --available n /dev/myVG/myVol
lvremove /dev/myVG/myVol
Make sure all the logical volumes are unmounted!
vgchange --available n /dev/myVG
vgremove /dev/myVG
A snapshot lets you do a backup of the instantanious state of
a logical volume. You create a snapshot, back it up, and then
delete the snapshot. The state of the snapshot volume is frozen
while you're making the backup, while the original volume keeps
changing.
lvcreate --size 200M --snapshot --name snapVol /dev/myVG/myVol
mount -t ext2 /dev/myVG/snapVol /mnt/snap
rsync -a --delete /mnt/snap/ /mnt/backups/myVol
umount /mnt/snap
lvremove /dev/myVG/snapVol
pvscan # Display all physcial volumes
lvscan # Display all logical volumes
pvdisplay /dev/hda4 # Display the state of a physical volume
vgdisplay /dev/myVG # Display the state of a volume group
lvdisplay /dev/vg1/archVol # Display the state of a logical volume
vgscan
pvcreate /dev/hdb
vgcreate vg1 /dev/hdb
lvcreate --size 30G --name backVol vg1
lvcreate --size 40G --name archVol vg1
lvcreate --size 4G --name tempVol vg1
mkfs -t ext2 -j /dev/vg1/backVol
mkfs -t ext2 -j /dev/vg1/archVol
mkfs -t ext2 /dev/vg1/tempVol
pvcreate /dev/hda4
vgcreate vg2 /dev/hda4
lvcreate --size 5G --name homeVol vg2
lvcreate --size 9G --name wwwVol vg2
lvcreate --size 1G --name spoolVol vg2
lvcreate --size 3G --name tempVol vg2
mkfs -t ext2 -j /dev/vg2/homeVol
mkfs -t ext2 -j /dev/vg2/wwwVol
mkfs -t ext2 -j /dev/vg2/spoolVol
mkfs -t ext2 /dev/vg2/tempVol
Install the server and client rpms.
rpm -i mysql-server...
rpm -i mysql-...
Configure for autostart at boot time
chkconfig --del mysqld # To clean up
chkconfig --add mysqld # Add to the runlevels
Start the service immediately
service mysqld start
Setting the root password for the first time
mysqladmin password firstPassword
Changing the root password
mysqladmin --password=oldPassword password newPassword
The mysqladmin examples assume you are logged in as
root. Otherwise add the parameter: --user=root
Key concept: mysql usernames and passwords have
nothing to do with Linux usernames and passwords:
You must explicitly authorize all mysql users.
(See the GRANT command below.)
Login to the command line interface
mysql --user=myName --password=xxxyyy
If you don't specify the database user name,
mysql will try to connect using your linux
user name.
show databases ;
If you are not logged in as the mysql administrator,
you will only see the databases you have privileges
to access.
It is the usual practice that only the mysql administrator
creates new databases. From within mysql, this command line
adds a new database:
create database databaseName ;
A new database can also be created from the shell:
mysqladmin --password=password create databaseName
From inside mysql:
drop database databaseName ;
From the shell:
mysqladmin --password=password drop databaseName
1) You can't drop a database that some program is using.
2) On some versions of MySQL, deleting a database is more
involved. When you try to drop a database, the "show databases"
command will show that the database is still there. This occurs
because some files are left in the top-level database directory.
On Redhat/Fedora installations, the top-level database directories
are located in /var/lib/mysql. After the first "drop database"
fails, delete all the debris in the top-level database directory.
A second "drop database" command will now succeed.
Access privileges are assigned to a username/hostname combination.
The syntax looks like an email address: "username@hostname".
Adding a user simply means allowing a username@hostname
to perform certain operations on all or part of one or
more databases.
The most typical case is to assign all privileges to
some user who manages the database. If this username
and hostname are new, this operation "adds" the new
user:
grant all privileges
on databaseName.*
to username@localhost
identified by 'aPassword' ;
The wild card * in the example above refers to all table
names. (Even though the database may not have any tables
yet.)
The "grant" command may be used multiple times to allow
access from other hosts or to assign different privileges
to different tables for the same user.
If a user must be able to grant access to other users,
the grant command must be used again with a special option:
grant grant option on databaseName.* to username@localhost ;
A user can only grant privileges to others that they
already have on the database.
Removing a user means removing the privileges of
the username@hostname from all or part of a database:
revoke all privileges on *.* from username@localhost
If you are sure that a username@hostname has been
revoked on all databases, you can purge the user from
the mysql database:
delete from mysql.user where user='username' and host='hostname' ;
flush privileges ;
Show all users allowed to access a database
select host,user from mysql.db where Db="databaseName" ;
Show all users and the databases they can access
select host,user,Db from mysql.db ;
select host,user,password from mysql.user ;
set password for user@somehost.somewhere=password('newpassword') ;
Run a script to configure a database
mysql --password=xxxyyy dataBaseName < configFile.sql
use dataBaseName ;
Show the tables defined in the database
show tables ;
Describe a table (Show the column names and types)
describe tableName ;
show columns from tableName ;
Create a new table in the current database
create table pet
( name VARCHAR(20),
owner VARCHAR(20),
species VARCHAR(20),
sex CHAR(1),
birth DATE,
death DATE
) ;
char(size)
Fixed-length character string.
Size is specified in parenthesis.
Unused positions are padded with spaces.
varchar(size)
Variable-length character string.
Max size is specified in parenthesis.
Limit is 255 bytes. (1 byte size field)
text
A large block of variable-sized text.
Limit is 65535 bytes. (2 byte size field)
int
4 byte signed integer value.
float
4 byte floating point value
date
Date value
time
Time value
Each column is defined by a name, data type and optional constraint.
Example constraints:
unique
not null
primary key
Adding rows to a table from a text file
load data local infile "pet.txt" into table pet ;
Table text file format has tab delimited fields
# Note the use of \N for null values.
Fido Mary dog \N 1997-12-09 \N
Adding rows to a table from the command line
Note the use of NUL and quotes around string values.
insert into pet values
( 'Puffball',
'Diane',
'hamster',
'f',
'1999-03-30',
NULL
) ;
Inserting only selected column values
insert into pet (name, owner) values ('Goober', 'George') ;
Inserting selected columns from another table
insert into pet select (name, owner) from oldpet ;
delete from pet where name = 'Puffball' ;
delete from pet
Deleting a table and all the data
drop table tableName
update tableName set columnName1=value1, columnName2=value2,...
where optionalConditions ;
update pet set birth="1989-08-31" where name="Bowser" ;
Modify rows using values and conditions from multiple tables
update table1, table2,...,tableN
set table1.column1=table2.column2,...
where optionalConditions ;
update new,old set new.email=old.value
where new.name=old.name and old.type="Email";
alter table tableName add columnName dataType
alter table tableName drop columnName
alter table tableName modify columnName newDataType
alter table oldTableName rename newTableName
alter table tableName modify column columnName dataType after otherColumnName
alter table tableName modify column columnName dataType before otherColumnName
alter table tableName modify column columnName dataType first
This is not-destructive, but you must supply the correct dataType for the column.
Looking things up in the database
select <what to select> from <which table> where <conditions>
<what to select> a list of columns or * for all columns
select * from pet
Reload the whole table from a text file
set autocommit=1; # Used for quick re-create of the table
delete from pet;
load data local infile "pet.txt" into table pet ;
select * from pet where name = "Bowser" ;
select * from pet where birth >= "1998-1-1" ;
select * from pet where species = "dog" and sex = "f" ;
select name, birth from pet;
select owner from pet ;
select name, owner from pet where species in ('dog', 'cat') ;
select distinct owner from pet ;
select name, birth from pet order by birth ;
select name, birth from pet order by birth desc ;
select name, species, birth from pet order by species, birth desc ;
select pet.name, pet.age, employee.salary, employee.title
from pet, employee where pet.name = "Bugsy";
mysqldump --user=userName --password=aPassword --host=hostName \
dbName > backupFile.sql
Create an empty database with the same name and privileges.
Next:
use yourDatabase ;
source backupFile.sql ;
Or from the shell:
mysql --user=userName --password=aPassword --host=hostName \
dbName < backupFile.sql
After performing a grant to someuser@localhost, you may
find that an external application configured to access the
database will not be able to connect.
Many Linux distributions will have an /etc/hosts file like this:
127.0.0.1 myname.mydomain myalias localhost.localdomain localhost
When DNS (named) is not configured and running, the /etc/hosts file
is used for forward and reverse lookups. It appears that many
programs do some sort of security checking before connecting to MySQL
by looking up "localhost" and then doing a reverse lookup on the
result. The reverse lookup on "127.0.0.1" using the /etc/hosts file
shown above will yield: "myname.mydomain.com". This string gets
used when connecting to MySQL, which fails because it doesn't match
the string "localhost".
To fix this (only for machines without DNS), I suggest that
/etc/hosts contain:
127.0.0.1 localhost myalias
In other words, forget about pretending you have a domain when you don't.
Fix import timeout by editing libimport.php :
After:
$fp = fopen($userfile, "r");
Add:
set_time_limit(360) ;
ifup <interface>
ifdown <interface>
These commands are scripts that automatically set up all
the ip parameters and take care of special cases
such as PPP, PPPoE, DHCP, firewalls and others.
At least in Redhat, the implicit parameters go in:
/etc/sysconfig/network
/etc/sysconfig/network-scripts/ifcfg-<interface>
Show or configure interface parameters
ifconfig # Show params for active interfaces
ifconfig -a # Show params including inactive interfaces
ifconfig <interface> # Show params for a specific interface
ifconfig <interface> \ # Set params and start the interface
address <ipaddress> \
netmask <mask> \
broadcast <address> \
metric <ametric>
The ifconfig command directly configures and starts the interface.
It is up to you to take care of routing and other issues.
Show and modify routing tables
route -n # List numbers, not names
route add default <dev> # Add a default route
route delete <dev> # Remove a route
Export NFS files systems after editing /etc/exports
exportfs -r
Select all traffic on a specific interface:
tcpdump -i eth0
If you run this from a remote session, you will want
to ignore your own session:
tcpdump -i eth0 not $myAddress
The interface will expose more information if it operates
in promiscuous mode:
ipconfig eth0 promisc
You will want to turn this off:
ipconfig eth0 -promisc
Restart xinetd after you edit /etc/xinetd.d files
killall -HUP xinetd
Configure a tftp directory path
Add the path as a parameter to the tftp daemon in inetd.conf
Run a command on another computer
ssh user@remoteMachine anyCommand
Any text output from the command will be displayed locally.
You must have appropriate keys configured.
See the SSH section for details.
Return the ip information about a host
host hostName
dig hostName
nslookup hostName <dnsServerName>
ping hostName
ping ipAddress
Show all connections
netstat -vat
Show which processes on localhost are listening for connections
netstat -lp
Show which ports on any host are listening for connections
nmap -sT hostName
Obtain and install network configuration from a DHCP server
dhclient -nw
Show or configure a wireless interface
iwconfig # Show params for active interfaces
iwconfig eth0 essid GOOB # Set the network name to GOOB
iwconfig eth0 key 43224598a34bc2d457e2 # Specify a hex WEP key
iwconfig eth0 key s:ThisIsAnAsciiPassphrase
Managing partitions with the parted utility
Partitions must not be mounted while being changed.
Run from a bootable floppy or CD if you need to alter
the root or any other partition that can't be
unmounted while running the normal system.
Parameters for <start> <end> and <size> are floating
decimal numbers. When creating adjacent partitions,
the <end> of the last partition should match the
<start> of the next.
Use df to see how much space is used if you intend
to shrink a working partition. You must take care of
shrinking the file system before you attempt to shrink
the partition itself.
primary, logical, extended
The partition types extended and logical are only
used with the msdos PART-TYPE. It is a concept
needed by Windows to support more than four partions
on a disk.
ext2, linux-swap, reiserfs, fat16, fat32, HFS, NTFS
Flags are used to indicate other attributes of a partition.
set partitionNumber, flag, [on | off]
The flags :
boot : The partition is bootable.
lba : Tells Windows that linear addression is used.
swap : Linux swap space
hidden : Hide the partition from Windows
raid : Linux RAID partition
LVM : Linux logical volume manager
PALO : Mark for use by Linux/PA-RISC boot loader
PREP : PowerPC PReP boot partition
Create an unformatted partition
mkpart ptype start end
Create a new primary ext2 partition
mkpartfs ptype ftype start end
rm pnumber
Change the partition state flag
set pnumber flag state
check pnumber
Make a new partition table (Destroys the whole disk)
mklabel type
Linux can create file systems on disks that don't have
partitions, but a partition table is necessary when sharing
a disk with Windows.
msdos, bsd, mac, pc98, sun, loop
oldVersion # Path to the unmodified files
newVersion # Path to the modified files
diff -rN oldVersion newVersion > patchFile
-r Perform diff recursively
-N Support creating new files
You should be in the directory above oldVersion:
patch -u -s -p0 < patchFile
-s Silent
-p0 Don't modify file path names in the patch
-pN Remove first N components of file path names
-d p Switch to the directory named by p
Building and installing a package
perl Makefile.PL;
make
make test
su
make install
Print a file on the default printer
lpr myfile
Print a file on a selected printer
lpr -P printer myfile
Show a list of available printers
lpstat -p
lpstat -d
Set the default printer for the user
lpoptions -d LaserJet
Set the default printer for everyone
lpadmin -d LaserJet
Show what's on the print queue
lpq
Remove a job from the print queue
lprm nn
Remove all jobs queued by the user
lprm -
Control the printers (has help for commands)
lpc
http://localhost:631/
Configure a remote Windows printer
Determine the remote printer name:
smbclient -L hostname -U username
(In this case, the printer was called "Deskjet")
1) Device: Windows Printer via Samba
2) URI: smb//administrator:password@sparksvaio/Deskjet
3) Driver: HP New Deskjet Series Cups v1.1 (en)
Configure a local printer-port printer
1) Device: Parallel Port #1 (Hewlett-Packard HP LaserJet 4000 Series)
2) Driver: HP LaserJet Series CUPS v1.1 (en)
CUPS directory for manufacturer's ppd files
/usr/share/cups/model
hp4000.ppd.gz
hp970Cse.ppd
These came from the sourceforge project sponsored by HP.
The hp970Cse.pdd requires foomatic which requires a TON of
perl stuff. If you don't want all this, the cups built-in
"New Deskjet" works fine.
Fixing the the Samba rec_read bad magic 0x0 error
This is caused by a bug that has been in Samba for
many years. It is evidently nearly impossible to
fix in the Samba code. Fortunately, there is an easy
work-around to clear up the problem. Stop the samba
service and delete all the .tbd files in the printer
cache:
service smb stop
rm -rf /var/cache/samba/printer/*.tbd
service smb start
Configure printers on a Linksys print server
1) Select LPD/LPR Protocol.
2) Device URIs for each port:
lpd://Sc0405b5/L1
lpd://Sc0405b5/L2
3) Select the drivers
HP New Deskjet Series Cups v1.1 (en)
HP LaserJet 4000 Series PS (en)
ps ax
killall name
kill pid
Kill a process that is being difficult
kill -s 9 pid
Run a command in the background
command &
Put an active command into the background
First break with control Z, then
bg
List all the jobs you have running
jobs
Bring a job back to the forground
fg
kill
stop
Fix terminal that has fonts garbled by a binary dump
Just type: <control>V <control>O
cc file1.c file2.c file3.c -o program
Compile for subsequent linking
cc -c file.c # Produces file.o by default
ld file1.o file2.o file3.o -o result
Create a dynamically linkable library
This library can be used with dlopen, dlclose, dlsym:
cc -rdynamic -c test.c -o test.o
ld -shared test.o -o test.so
list <line> # List source starting at line
list # No <line> continues listing
break <line> # Set breakpoint
clear <line> # Clear breakpoint
run p1 p2 ... # Start program with parameters
step # Step into
next # Step over
quit # Exit debugger
continue # Continue from break
print expr # Show value of expression
display expr # Print value at each break
backtrace # Show the calling stack
Show the libraries used by a program
ldd <program>
List all the symbols defined by an object file
nm <objfile>
Ask dynamic linker to scan for new libraries
ldconfig
export CVSROOT=":pserver:anonymous@cvs.computer.com:/var/cvsroot"
cvs login
Answer the password prompt.
Then cd to the local diretory where you want the source.
Check out the files:
cvs -z3 checkout name
^ Beginning of the line
$ End of the line
< Left word boundary
> Right word boundary
. Any single character except eol
x* Zero or more x's (maximal)
x+ One or more x's (maximal)
x? Zero or one x's (maximal)
x*? Zero or more (minimal)
x+? One or more (minimal)
x?? Zero or one (minimal)
[abcdef] Any of the enclosed characters
[a-z] Any in the range of characters
[^a-e] Any char except a-e
[^abcdef] Not any of the characters
(expression) Grouping an expression
\c Escape a meta character c like *+. etc.
exp1|exp2 Matches expression1 or expression 2.
3Com OfficeConnect Remote 812 ADSL Router
http://router.csparks.com:8080
Enable IP Routing
IP Address & DHCP:
IP: 192.168.0.254
Mask: 255.255.255.0
Rip: None
Use this network as DHCP: No
DNS: Disable
I tried this. I made my named.conf forward
requests to the router instead of the known
Citizens name server addresses. It worked
very slowly.
IP Static Routes: None.
IPX Address:
IPX Static Services:
IPX Static Routes: Turn all this stuff off.
This is the main setup for the ADSL connection.
I have one remote site profile called "Citizens".
Enable Remote Site: yes
PPP over ATM (PPPoA): yes
User Name: xxxxx@citlink.net
Password: yyyyy
VPI: 0
VCI: 35
Quality of Service: Unspecified Bit Rate
Enable IP Routing: Yes
Use this connection as default gateway: yes
RIP: None
DNS: Pass DNS requests to...: No.
Security:
Verify packets can be routed back: Yes
Enable protect files and printers: Yes
IPX Stuff:
Turn all this off.
Address Translation: NAT
Default Workstation: 0.0.0.0 (None)
Accessible LAN Servers:
Set table below.
Port forwarding setup for TCP only. UDP map is empty.
ftp-data 20 192.168.0.2:20
ftp 21 192.168.0.2:21
telnet 23 192.168.0.2:23
smtp 25 192.168.0.2:25
domain 53 192.168.0.2:53
http 80 192.168.0.2:80
pop2 109 192.168.0.2:109
pop3 110 192.168.0.2:110
auth 113 192.168.0.2:113
imap 143 192.168.0.2:143
When I switched to a firewall machine, I still had to
configure the individual ports as above. I tried to
leave them blank and set the default workstation to the
firewall, but it didn't work. Outsiders could not connect
to the servers for some reason.
rpm -i package.rpm # Install a package
rpm -U package.rpm # Update an installed package
rpm -F package.rpm # Freshen (Update only if installed)
rpm -e packageName # Remove a package
rpm -qip package.rpm # Describe a non-installed package
rpm -qlp package.rpm # List files in a non-installed package
rpm -qa # List all installed packages
rpm -qf afile # See which package installed a file
rpm -qR package # Find out what a package needs
rpm -qa | grep <pat> # See which packages have pat in name
rpm -qa --last # List by installation time
List packages by the source Linux distribution
rpm -qai | grep Dist | awk -F': ' '{print $3}' | sort | uniq -c
Build a binary rpm using a source rpm
rpmbuild --rebuild your.src.rpm
The result is in /usr/src/redhat/RPMS/i386
Build a new source rpm from an installed source rpm
rpm -i xxxx.src.rpm
You can now tamper with the tgz in /usr/src/redhat/SOURCES
rpmbuild -bs /usr/src/redhat/SPECS/xxxx.spec
The result is in /usr/src/redhat/SRPMS
Create a binary rpm from a tar.gz that contains a .spec
rpmbuild -tb yourpackage.tar.gz
Obtain a set of updates from Redhat
up2date -u -d
The downloaded files are in /var/spool/up2date
Install rpm on an empty linux partition mounted on 'mp'
rpm --root mp --initdb
Create a cpio archive from an rpm and write to an archiveFile
rpm2cpio rpmFile > archive.cpio
cpio -mid < archive.cpio
rpm2cpio rpmFile | cpio -mid
The whole format is one "string"
Each tag specification looks like this: %{NAME}
You usually want a newline at the end:
rpm -q xmms --qf "%{SIZE}\n"
Between the "%" and the opening brace "{" you can
specify field sizes, or any other C printf formatting chars.
Positive integers select right alignment in the field.
Negative integers select left alignment in the field:
rpm -qa --qf "%-30{NAME} %10{SIZE}\n"
Some header tags select arrays of values.
Use square brackets to iterate over the set.
You can specify more than one array tag inside the query:
rpm -q xmms --qf "[%-50{FILENAMES} %10{FILESIZES}\n]"
Normally, all tags inside square brackets must be array tags.
If you want to print a fixed tag as a label on each line, add
an "=" char to the fixed-tag name:
rpm -q xmms -qf "[%{=NAME} %{FILENAMES}\n]"
Display a list of all rpms sorted by size:
rpm -qa --qf "%-50{NAME} %10{SIZE}\n" | sort -nk 2,2
Display a list of all "devel" packages sorted by size:
rpm -qa | grep devel | \
xargs rpm -q --qf "%-50{NAME} %10{SIZE}\n" | \
sort -nk 2,2
List all the available header tags for query formats
rpm --querytags
Show the value of a header element
rpm -q packageName --qf "%{SIZE}\n"
List the sizes of selected packages
rpm -qa | grep devel | xargs rpm -q --qf "%{NAME} %{SIZE}\n"
Symptom: All rpm commands "hang up"
Find and kill all processes running rpm or up2date:
ps ax | grep rpm
ps ax | grep up2date
(Kill them by hand)
Remove all rpm database lock files:
rm -f /var/lib/rpm/__db*
This usually gets things going. If not:
First make a backup of the database:
cp -a /var/lib/rpm /var/lib/rpm.copy
Then rebuild the database
rpm --rebuilddb
This takes some time, but if it hangs forever, repeat
the "Find and kill rpm" step and proceed with:
cd /var/lib/rpm
db_verify Packages
(You may need to install db4-utils)
If db_verify reports errors, try:
cp Packages Packages.backup
db_dump Packages.backup | db_load Packages
rpm --rebuilddb
If all these steps fail, you are in big do-do.
Fix signature verification errors
Recent versions of Redhat require signature verification
when processing packages. If you havn't imported the
Redhat GPG signature, you will get errors of the form:
warning: ... V3 DSA signature: NOKEY, key ID ...
To fix this, first obtain a copy of the file RPM-GPG-KEY.
If you are creating your own rpm-based distribution, the
file is widely available on the web.
On a Redhat system, it can be found using:
find /usr -name RPM-GPG-KEY
When you have the file, execute the following expression:
rpm --import RPM-GPG-KEY
Find the scsi device that controls your scanner
sane-find-scanner
(For this example, we will assume that /dev/sg0 is the result)
Make a new user & group for the scanner
useradd saned
Give this group access to the scanner device
chown root:saned /dev/sg0
chmod g+rw /dev/sg1
sane-port 6566/tcp saned # SANE network scanner daemon
service sane-port
{
socket_type = stream
server = /usr/sbin/saned
protocol = tcp
user = saned
group = saned
wait = no
disable = no
}
You will need to verify the location of the saned program
on your system. Use "which saned" and modify the xinet.d
file shown above appropriately.
Edit:
/etc/sane.d/saned.conf
Append your allowed hosts (names, ip numbers, or subnets)
Example for a local subnet:
192.168.1.0/24
This is not strictly necessary, but it may prevent some
module loading errors. Edit:
/etc/sane.d/dll.conf
Remove everything but the entry for your scanner type and "net."
The "v41", for example, causes the char-major-81 error.
UPDATE: None of this section applies to Fedora core II.
Tell xinetd to reload the configuration files
service xinetd restart
Find path to an executable file
which command
find adirectoryPath/ -name <pattern>
Find and apply a command to each file found
find path/ -name <pattern> | xargs <command>
Find and apply a command (old way)
find path -name <pattern> -exec <com> {} \;
Find a pattern with recursive search and show file names
find path -name "<filePattern>" -exec grep -l <pattern> {} \;
Find a pattern in any and all files with recursive search
find path | grep <pattern>
Find and and confirm before doing a command
find path/ -name <pattern> -ok <com> {} \;
grep <pattern> <files...>
Find a pattern in files with recursive search (new way)
grep -rl <pattern> <start directory>
Use RPM to verify all packages
rpm -Va
The code letters:
S file Size differs
M Mode differs (includes permissions and file type)
5 MD5 sum differs
D Device major/minor number mis-match
L readLink(2) path mis-match
U User ownership differs
G Group ownership differs
T mTime differs
c A configuration file
A streamlined report that ignores date-only changes:
rpm -Va | grep -v ".......T"
To make this a cron job that mails the result:
rpm -Va | grep -v ".......T" | mail myself@mydomain
To skim off acceptable changes
rpm -Va | grep -v ".......T" | grep -vf rpmChanges | \
mail myself@mydomain
Append any new acceptable changes to the rpmChanges file.
Services or 'daemons' are programs that run in the background,
usually without any user interaction.
They implement system functions such as logging, network
servers, and many other housekeeping tasks.
To start a service by hand:
service <serviceName> <selector>
Typical selectors are: start, stop, restart, status.
If you run the command without a selector, it will display
a list of possible selectors.
Run levels identify groups of system services
The operating system can run in different modes called
run levels. Each runlevel determines a set of services to
run and a set of services to stop.
Run levels are identified by small integers. The group
of services associated with each run level is conventional:
0 Halt
1 Single user
2 Multiuser, no networking, local additions
3 Multiuser, networking, local additions
4 Multiuser, networking, no local additions
5 Same as 3 plus X Windows Login
6 Reboot
who -r
Change the run level of the system immediately
telinit newLevelNumber
Change the run level the system will use after reboot
This is done by editing the file:
/etc/inittab
Inside, you will find an expression that looks like this:
id:3:initdefault::
In the example shown above, "3" is the run level used at boot time.
If you wanted to have an X-Windows splash screen with a login dialog,
you would change this number to "5".
For each runlevel, we need to specify which services start and which
services stop. We also need to specify the order in which services
start or stop to allow for interdependencies.
A collection of directories and symbolic links are used to perform
these functions. The Linux boot process uses these links to start
or stop the appropriate services at boot time or when you explicitly
switch the run level.
A directory exists for each run level X:
/etc/rc.d/rcX.d
Each run level directory contains symbolic links. The links all
point to the service control files found in:
/etc/rc.d/init.d
The name of the link begins with the letter "S" if the service
should start. The name of the link begins with "K" if the service
should stop. (Think "killed.") The start and stop links for a
given service point to the same file.
The link names also determine the order of starting or stopping:
Following the S or K is a two-character integer that determines
the order of execution relative to the other links in the directory.
Higher numbers make the service start later.
After the ordering digits, the service name appears. For example,
the following link will start networking at relative step 10 of
runlevel 3:
/etc/rc.d/rc3.d/S10network -> ../init.d/network
Networking gets turned off in runlevel 1, so we find this link:
/etc/rc.d/rc1.d/K90network -> ../init.d/network
When a service is installed, a start or stop link should should
be created in every run level directory. Here's a complete example
for the web server httpd:
Starting:
/etc/rc.d/rc3.d/S85httpd -> ../init.d/httpd
/etc/rc.d/rc4.d/S85httpd -> ../init.d/httpd
/etc/rc.d/rc5.d/S85httpd -> ../init.d/httpd
Stopping:
/etc/rc.d/rc0.d/S15httpd -> ../init.d/httpd
/etc/rc.d/rc1.d/S15httpd -> ../init.d/httpd
/etc/rc.d/rc2.d/S15httpd -> ../init.d/httpd
/etc/rc.d/rc6.d/S15httpd -> ../init.d/httpd
It is important idea to keep the links complimentary: If you create
start links on levels 2 and 5, you should create kill links on
levels 0,1,3,4, and 6.
It is clearly a pain to do all this correctly by hand.
Configuring runlevels with chkconfig
The chkconfig command helps you maintain run level links.
It doesn't start or stop services, it only creates or deletes the
appropriate symbolic links in the run level directories.
The chkconfig command obtains run level and starting order information
from a special comment found inside each service control file.
A typical comment in a service control file looks like this:
# chkconfig: 2345 90 60
This was extracted from my /etc/rc.d/init.d/crond control file.
The comment suggests that the crond service should start on
runlevels 2345 at relative position 90. By the complimentary
priciple, it should have kill links on levels 0, 1 and 6 at relative
position 60.
Install both start and kill links for a newly installed service:
chkconfig --add serviceName
Remove all start and kill links for a service at all run levels.
chkconfig --del serviceName
Some service control files will have a minus character for the list
of run levels. For example, my Samba control file (smb) contains:
# chkconfig - 91 35
To install a new service like this you first use:
chkconfig --add serviceName
This will put kill links on every level.
Then you specify the levels where you want the service to run:
Add start links and remove kill links from specified levels:
chkconfig --level levelString serviceName on
Add kill links and remove start links from specified levels:
chkconfig --level levelString serviceName off
If you don't use the "--level levelString" option, the default
levels 2345 will be used.
Example to start Samba at runlevels 345:
chkconfig --level 345 smb on
It often happens that people try to maintain the links
by hand and get everything messed up. To clean house when you
are uncertain about a service configuration, first get rid of all
the links using:
chkconfig --del serviceName
Login using your current user name:
ssh remoteHostIpName
Specify the remote user name:
ssh -l userName remoteHostIpName
Or use 'email' notation:
ssh userName@remoteHostIpName
You can run a command on a remote system and see
the results locally:
ssh userName@remoteHost ls
The following sections deal with understanding and configuring basic ssh access.
Creating your own set of RSA keys
Individual users will need to run ssh-keygen to create their own public/private key files.
ssh-keygen -t rsa -C "A comment"
The program will propose this private key filename, which you normally accept:
/home/someuser/.ssh/id_rsa
The program will also create the public key file:
/home/someuser/.ssh/id_rsa.pub
yourName@yourMachine.yourDomain
chmod u+rw,g-rwx,o-rwx id_rsa
The individual user's hidden .ssh directory must also have the proper permissions:
chmod u+rwx,g-rwx,o-rwx .ssh
Enable ssh access to a remote account
cat client_rsa.pub >> .ssh/authorized_keys
chmod u+rw,g-rwx,o-rwx .ssh/authorized_keys
chown yourUserName:yourGroupName .ssh/authorized_keys
Similarly, the remote .ssh directory must have the correct permissions and owner:
chmod u+rwx,g-rwx,o-rwx .ssh
chown yourUserName:yourGroupName .ssh
Host keys should be located in:
/etc/ssh/ssh_host_rsa_key
/etc/ssh/ssh_host_rsa_key.pub
scp localfile.txt remote.host.com:
To copy the file to some other user's account:
scp localfile.txt username@remote.host.com:
scp srcUser@srcMachine:srcFilePath destUser@destMachine:destFilePath
ispell myFile.txt
Check spelling of one word: script version
echo $1 | ispell -a | sed -n -e '/^\&/p' -e '/^\#/p'
Put this expression in a shell script on your PATH.
Cut out part of lines cols n-m
cut -c n-m path
cut -c n- path
Update the clock from a time server (Three steps)
rdate -u -p -s ns.scruz.net # This gets the time and sets system time
hwclock --systohc # Write system time to cmos
hwclock --adjust # Apply a rate adjustment
# The startup scripts normally take care of this:
hwclock --hctosys <opt> # Read system time from cmos
The <opt> may be --localtime or --utc. For localtime, you
need to have an /etc/localtime file which can be a copy or
link to zoneinfo file. (These are in /usr/share/zoneinfo)
Schedule a command for later execution
Examples using a specific time:
at 10:25pm
at 1am Dec 20
at 2pm tomorrow
at midnight tomorrow
Examples using relative time:
at now + 10 minutes
at 4pm + 3 days
at 4pm + 3 weeks
A prompt will appear for you to enter commands.
Finish with EOF (control D)
Show your pending jobs:
atq
Remove a job:
atrm <job number>
Send a reminder to your cellphone
at 6am Mar 17
mail -s "Meeting at 10am in Room 101" 1234567890@attnet.com
Don't forget to bring the rats!
^D
Start a timed server as the master clock (put in rc.local)
timed -M -F localhost
timed
Use cron for periodic script execution
Use a bash script in one of these directories:
cron.daily
cron.hourly
cron.monthly
cron.weekly
Using 'at' from inside a bash script
at 3am <<-EOF
service tomcat restart
EOF
Each user has a private crontab file.
On Redhat/Fedora systems the actual files are located
in files:
/var/spool/cron/username
To edit your crontab file:
crontab -e
Crontab file format:
Min(0-59) Hour(0-23) Date(1-31) Month(1-12) Day(0-6 Sun-Sat) Command
Use a * character for "every."
This command lists the root directory to a a file at 9AM every Monday:
0 9 * * 1 ls /root > /root/listing.txt
passwd
Change your login shell program
chsh
shutdown -r now
shutdown -h now
useradd userName
userdel name
In Redhat Land, useradd also creates and adds the
new user to a new unique group with the same name.
groupadd name
groupdel name
passwd
passwd user
Adding or removing users from a group
gpasswd -a user group
gpasswd -d user group
Change all sorts of stuff at once
usermod loginName \
-g newLoginGroup
-G newGroup1,...,newGroupN
-l newLoginName
-d newHomeDirectory
-u newUID
Using -G, the user will be removed from any group not listed.
Using -l, the user still has their old home directory.
You can't change the login name of a user who is currently logged in.
See man page for more options.
Log into a remote system with no password
rlogin remoteIP
The .rhosts file must be in the remote login directory.
It contains the ipNames of allowed users.
You can add a local username if not the same as remote.
The .rhosts file must have read privilages only for owner.
/etc/xinetd.d/rlogin must not be disabled.
If you want to rlogin from a root account
/etc/securetty must have an entry for "rlogin".
Update: This method is obsolete and dangerous. Please see the SSH section for a safe alternative.
Forgotten password
Concept: Boot the system using the bash shell as the startup
application. This will bypass the usual system initialization
and login process. Then run passwd to set a new root password.
The procedure varies depending on the boot loader.
Example using Grub:
Hit "e" on the boot menu.
Select the line that begins with "kernel"
Hit "e" again.
Add this string to the end of the line:
init=/bin/bash
Press "Enter", then "b" to boot the system.
At the bash prompt:
mount /proc
mount / -o rw,remount
passwd
At this point, you will be prompted to enter a new password.
Next, remount the root file system read-only to flush the cache:
mount / -o ro,remount
Now control-alt-delete to reboot.
Rotate an AVI movie 90 degrees clockwise
mencoder \
-vf rotate=1 \
-ovc lavc -lavcopts vcodec=wmv2 \
-oac copy \
INPUT -o OUTPUT
Changes in /etc/wine/wine.conf
[Drive C]
"Path" = "/mnt/win"
[wine]
# In this section, change all the paths: substituting
# winnt for windows if that applies to your windows
# installation mounted at /mnt/win
# iPod support for EphPod
[Drive G]
"Path" = "/mnt/ipod"
"Type" = "hd"
"Label" = "iPod Drive"
"Filesystem" = "win95"
# To share EphPod config file with windows
# Drive E is where Windows sees the server
[Drive H]
"Path" = "/mnt/server"
"Type" = "network"
"Label" = "Server"
"Filesystem" = "win95"
Start X windows and specify bits per pixel
startx -- -bpp 24
Start X windows and specify a layout
startx -- -layout myLayout
Layouts are defined in /etc/X11/XF86Config
Start X with a specific monitor dots-per-inch setting
startx -- -dpi 80 # My Hitachi monitor
startx -- -dpi 95 # My Tecra flat panel
You can do this with a config file .xserverrc in home dir:
exec X -dpi 80
Then just "startx" as usual.
Start X and record the messages so you can see what happened
The startx messages are automatically recorded in:
/var/log/XFree.x.y
or
/var/log/Xorg.x.y
If you want to explicity redirect the messages from startx:
startx > myXDebug.txt 2>&1
Display info about the active X display
xdpyinfo
Show properties of an X window
xwininfo
xprop
Send X output of one program to another machine
<Any X command> -display <targetIP>:0
Send all X output to another machine
export DISPLAY=targetIPnameOrNumber:0.0
xsetroot -cursor_name left_ptr
Others: draped_box, hand1, hand2, iron_cross,
plus, top_left_arrow, watch
Show X events (including keys)
xev
xset -q
Allow some other machine to draw on your x display
xhost +<other machine name or ip number>
Put this command in your .xinitrc to make it permanent
Run xterm on another machine & exec a command
xterm -display <ip>:0 -e <command>
Make XF86Config use the xfs font server
Use FontPath "unix/:-1" (Redhat 6.x)
Update: "unix/:7100" (Redhat 7.x and other Linux systems)
Add a TrueType font directory (Requires FreeType package)
cd theFontDirectory
ttmkfdir > fonts.scale
mkfontdir
chkfontpath --add `pwd`
service xfs reload
Note: Redhat runs ttmkfdir and mkfontdir on
every directory known to xfs in the xfs
startup script. These fonts become known
when you run chkfontpath.
Add a font to the Redhat anti-aliasing system
Put the new font file in: /usr/share/fonts
Or in the per-user directory: ~/.fonts
Then run:
fc-cache <directory>
xlsfonts
fsinfo -server unix/:-1
Example /etc/X11/xdm/Xservers for a one-display system
:0 local /usr/X11R6/bin/X
Show the status of X video support
xvinfo
Install the NVIDIA binary drivers
rpm --rebuild NVIDIA_kernel-1.0-2314.src.rpm
rpm -i /usr/src/redhat/RPMS/i386/NVIDIA_kernel-1.0-2314.i386.rpm
rpm -i NVIDIA_GLX-1.0-2313.i386.rpm
# Now edit your XF86Config-4:
Remove Device section line:
Driver "nv"
Add Device section line:
Driver "nvidia"
Add Module section line: (it is normally present)
Load "glx"
Remove from Module section:
Load "dri"
Load "GLcore"
Use kdm to support remote X terminals (or Cygwin)
You need to edit a bunch of files on the server:
File: /etc/X11/xdm/kdmrc
Make sure access is enabled as shown:
Enable=true
File: /etc/X11/xdm/Xaccess
Comment out the line:
* CHOOSER BROADCAST #any indirect host can get a chooser
Add lines to the end of the file with the ip name or number of
each client:
myclient.my.domain.com
anotherclient.anotherdomain.com
etc.
Note: If you use ip numbers, they must be reversable
to names. You can do this by adding a definition to
hosts or by running dns.
File: /etc/X11/xdm/Xservers
If-and-only-if your server runs headless, comment out this line:
:0 local /usr/X11R6/bin/X
File: /etc/inittab
If you want automatic startup of kdm or xdm, on the server,
change the default runlevel:
id:5:initdefault:
File: /etc/rc.d/rc.local
If you don't start kdm using inittab, add this entry to rc.local:
/usr/bin/kdm
File: /etc/sysconfig/desktop
If you have more than one desktop system installed, this
entry selects the one that will be used for remote and local
logins: (Use KDM for kde or GDM for Gnome.)
DISPLAYMANAGER=KDM
In your iptables firewall setup script you must allow xdmcp:
iptables -A udpChain -p udp --dport xdmcp -j ACCEPT
Remote access with SSH RSA security
/usr/share/config/kdm/kdmkeys
If you create this file, you must set the permissions:
chmod u+rw,g-rwx,o-rwx /usr/share/config/kdm/kdmkeys
/etc/ssh/ssh_host_rsa_key.pub
Public key files for individual users are found in:
/home/someuser/.ssh/id_rsa.pub
Simply append the contents of this file to the server's kdmkeys file to authorize this user.
FORWARDX11 yes
FORWARDX11Trusted yes
Each of these represents a few hours of frustration
Q: sendto: No buffer space available
A: Your loopback interface is not running.
Q: XFree fails to start but no errors are reported.
A: Your .xinitrc is an empty file or contains an error.
Q: NFS fails to start reliably because it can't register...
A: Put a delay in the portmap start script. (Old Redhat bug. FIXED.)
Q: After updating the kernel, it fails to boot with an
endless rapid loop of:
Kmod: failed to exec /sbin/modprobe -s -k binfmt-464c, errno=8
request_module[binfmt-464c]: fork failed, errorno=11
A: You must not make ELF binary support a module.
Q: When updating NFS during a lanconfig with exportfs -r,
I get an error that "goop is not an internet address"?
A: The name goop is not in your hosts file so after you
reconfigure your lan, it is not available from the DNS.
Make an /etc/hosts file entry with the alias name.
Q: After installing a new Redhat 6.1 system and booting
successfully, the keyboard fails to respond.
A: The /etc/rc.d/init.d/gpm thing must be disabled
on some portables. (Toshiba 750) Boot to runlevel 1 and
then "chkconfig --del gpm". This has been fixed in
newer Redhat systems.
Q: X does not start because of some problem with unix
sockets and the localhost being 'non local'.
A: Something is wrong with the font server configuration in
/etc/X11/XF86Config:
A1: Redhat 6.x: The fontserver FontPath should be "user/:-1".
A2: Redhat 7.x: The fontserver path should be "user/:7100".
Q: The printer won't print and the syslog says lpd can't
execute the filter. All paths and permissions look ok.
A: LPRng filters use the shell, which uses shared libraries.
Make sure all library paths have appropriate permissions
for non-root processes.
Q: My sound module doesn't load automatically.
A: /etc/conf.modules must contain "alias sound your_sound_module"
Q: My ethernet module doesn't load automatically.
A: /etc/conf.modules must contain "alias eth0 your_ether_module"
Q: My GUI mixer doesn't work.
A1: /etc/conf.modules must have: "alias char-major-14 your_sound_module"
A2: This no longer seems necessary. It may depend on how you have
configured the sound system to use modules in the kernel.
Q: When I run console apps, the backspace key doesn't delete.
A: Install console-tools and run "loadkeys -d". If this doesn't work
you may have to install kbdconfig and run it to select your keyboard.
Q: After compiling for kernel usb support, the keyboard and mouse are not
available.
A: A bug in Redhat 7 rc.sysinit made it necessary to compile all the
usb keyboard and mouse support as modules. If you build in usbcore, the
rc script branches around the code that loads the mouse and keyboard.
See modules.conf example above for details on how to specify your
hardware module.
Q: Sendmail won't sent messages to local clients because it tries to
route them through DNS.
A: Put your local domain name in the /etc/mail/local-host-names files.
e.g.: "csparks.com" will make all mail destinations with this domain
go into local accounts. It is easier to use sendmail when you have DNS.
Q: I am behind NAT and have no DNS. Sendmail on the client machines tries
to lookup my server on the internet even though I have it listed in my
/etc/hosts file.
A: On the client machines, add a 'doted' name for the mail server in
the hosts file, e.g.:
192.168.0.2 mail.mydomain.com mail.mydomain.com.
A: You will be much happier if you setup a real DNS using the bind package.
Q: Procmail won't work. I setup .forward and all the symbolic links
in /etc/smrsh...
A: You don't need .forward because Redhat sendmail uses procmail as
the default mail transfer agent. Remove .forward and your .procmailrc
will start working. You do need smrsh links to use other programs in
your procmail rules.
Q: Sendmail reports timeouts when delivering local mail though my user's
procmail filter.
A: This is a well-known bug in sendmail. It occurs when too much output
is generated by procmail. Use a simpler filter for now. (FIXED in 2003)
Q: These messages appear in the log, but sound seems to be working:
modprobe: modprobe: Can't locate module sound-slot-1
modprobe: modprobe: Can't locate module sound-service-1-0
modprobe: modprobe: Can't locate module sound-slot-1
modprobe: modprobe: Can't locate module sound-service-1-0
A: This is caused by KDE. It is looking for a second sound
card and mixer. No harm is done, but if you want to get rid of
the messages, look in KDE Control Center/Sound/Mixer and set the
maximum number of probes & devices to "1".
Q: My /var/log/messsages is filling up with "Lame server..." reports.
A: Disable lame server logging in /etc/named.conf (See example above.)
Q: After Redhat 9 update, the Apache error_log is filled with PHP errors:
"PHP Warning: Function registration failed - duplicate name ..."
A: The new php4 rpm has a number of packages compiled in that once required
extra rpms. The Redhat 9 updater is not smart enought to remove the
unnecessary packages. When you remove the extra packages, libraries will
be removed that are required by php4 with no errors reported! To fix this:
1) Stop httpd. 2) Remove all php-xxx packages and dependants. 3) Re-install
only php. Reinstall dependants. 4) Restart Apache.
Q: After working for 65 days with many routine configuration restarts, the
Apache webserver refuses to start because mod_python reports:
[error] (28)No space left on device: mod_python:
Failed to create global mutex 0 of 32 ...
Configuration failed.
A: It appears that restarting Apache doesn't cause mod_python to
properly release resouces. In any case, the following fix made things work
immediately. It increases the number of available kernel semaphores.
I added this incantation to my /etc/rc.d/rc.local script:
echo "512 32000 32 512" > /proc/sys/kernel/sem
Q: After replacing a NIC, named on my server isn't working locally.
Remote requests are resolved correctly.
When restarted, it complains: rndc: localhost not defined.
A: This is a good one: Kudzu edited my resolve.conf file when I removed
and added the new NIC card. (I rebooted in between.) It left the
nameserver declaration alone, but it removed my "domain csparks.com" line.
This produced bizarre and wonderful problems.
Q: Accessing a Samba share from Windows XP hangs up the Explorer window.
A: Bad things happen when the Linux side has mounted a shared directory
on the Windows machine and the Windows machine reboots. Executing the
Linux "mount" command with no parameters will hang up the listing when it
reaches the broken windows share. Even stranger things happen when
the Windows machine tries to mount Samba shares on the Linux box:
the Explorer window will open, but then hang up trying to produce a
listing. You have to kill and restart Explorer by hand and remove
the share from the command window using "net use /delete letter:"
Then run mount on the Linux side and unmount the stale share from
the last incarnation of Windows.
Q: Using "rpm -v" to verify packages gives multiple errors of
the form "At least one of file's dependencies has changed." The
files involved are all libraries.
A: This occured after up2date installed new versions of some system
libraries. The dynamic link map created by prelinking was invalidated.
Use the command "prelink -a" to refresh the dynamic link map.
Q: Mail directed to "postmaster" or "root" on my site does not
get forwarded properly even though I have an entry in /etc/aliases.
A: If the alias for root is the last entry in the file, make sure
it has a newline at the end of the file. The symptom of a missing
new line can be seen in /var/log/maillog: The aliased recipients
name will end with a \t sequence.