Professional Documents
Culture Documents
Operating Systems
Operating Systems
4
Laboratory Topics:
1. Linux kernel overview
2. Understanding kernel directory structure
3. Managing modules and the kernel
4. System processes
5. File permissions and ownership
6. Archiving
7. Searching for a file/binary
This makes a monolithic kernel occupy more physical memory and less
efficient.
A modular kernel, on the other hand, is made up of mere critical and
essential components, and loads dynamic modules automatically as and
when needed. This makes a modular kernel occupy less physical memory
as compared to a monolithic kernel, faster and more efficient in terms of
overall performance, and less vulnerable to crashes. Another benefit of a
modular kernel is that software driver updates only require the associated
module recompiled without a system reboot. It does not need an entire
kernel recompile.
Linux distributions come standard with several types of kernels that are
designed for diverse processor architectures such as 32-bit and 64-bit
Intel/AMD (i386/i686), 64-bit Itanium 2 (ia64), 64-bit PowerPC, and IBM
System z and 390 mainframes. The uname command with -m option tells
the architecture of the system. At Linux installation, the installer program
automatically chooses the regular kernel that best suits the processor
architecture. Files related to kernel architectures are installed in /boot
directory. The regular kernel supports not more than 4GB of physical
memory on a system with one or more processors. Additional kernels kernel-PAE and kernel-xen - are also available for each supported
architecture, which provide support for systems with multiple processors
and physical memory beyond 4GB (up to 64GB), and allow for constructing
several virtual machines on a single system. Optional software packages
such as kernel-devel and kernel-headers may also be loaded to get
device drivers and associated header information. Linux distributions also
include source code for the kernel.
The default kernel installed during installation is usually adequate for
most system needs; however, it requires a rebuild when a new functionality
is added or removed. The new functionality may be introduced by updating
or upgrading the kernel, installing a new hardware device or changing a
critical system component. Likewise, an existing functionality that is no
longer needed may be removed to make the kernel smaller resulting in
improved performance and reduced memory utilization. To control the
behavior of the modules, and the kernel in general, several tunable
parameters are set, which define a baseline for the kernel functionality.
Some of these parameters must be tuned to allow certain applications and
database software to be installed smoothly and function properly.
The output indicates that the kernel version currently in use is 2.6.18194.el5. An anatomy of the version is displayed below:
From left to right:
(2) Indicates that this is the second major version of the Linux kernel. The
major number changes when there are significant alterations,
enhancements and updates to the previous major version.
(6) Indicates that this is the sixth major revision of the second major
version.
(18) Indicates that this is the eighteenth patched version of this kernel to
fix minor bugs and security holes, add minor enhancements and so on.
(19) Indicates that this is the nineteenth version of Cent OS customized
kernel.
(4) Indicates that this is the fourth build of the nineteenth version of the
Cent OS customized kernel.
(el5) indicates that this kernel is for Red Hat Enterprise Linux 5.
The /proc file system is a virtual file system that is created in memory.
Its contents are created at system boot and destroyed when the system is
powered off. Underneath this file system lie current hardware configuration
and status information. A directory listing of /proc is provided below:
# ll /proc
.
-r--r--r-- 1 root
dr-xr-xr-x 6 root
-r--r--r-- 1 root
-r--r--r-- 1 root
-r--r--r-- 1 root
-r--r--r-- 1 root
-r--r--r-- 1 root
-r--r--r-- 1 root
dr-xr-xr-x 2 root
-r--r--r-- 1 root
-r--r--r-- 1 root
-r--r--r-- 1 root
dr-xr-xr-x 4 root
dr-xr-xr-x 3 root
-r--r--r-- 1 root
-r--r--r-- 1 root
-r--r--r-- 1 root
dr-xr-xr-x 21 root
-r--r--r-- 1 root
-r-------- 1 root
-r--r--r-- 1 root
-r--r--r-- 1 root
-r-------- 1 root
-r--r--r-- 1 root
-r--r--r-- 1 root
-r--r--r-- 1 root
-r--r--r-- 1 root
..
root
0 Feb 24 14:13 buddyinfo
root
0 Feb 23 15:48 bus
root
0 Feb 24 14:13 cmdline
root
0 Feb 24 14:13 cpuinfo
root
0 Feb 24 14:13 crypto
root
0 Feb 24 14:13 devices
root
0 Feb 24 14:13 diskstats
root
0 Feb 24 14:13 dma
root
0 Feb 24 14:13 driver
root
0 Feb 24 14:13 execdomains
root
0 Feb 24 14:13 fb
root
0 Feb 24 14:13 filesystems
root
0 Feb 23 15:48 fs
root
0 Feb 24 14:13 ide
root
0 Feb 24 14:13 interrupts
root
0 Feb 24 14:13 iomem
root
0 Feb 24 14:13 ioports
root
0 Feb 24 14:13 irq
root
0 Feb 24 14:13 kallsyms
root
1073745920 Feb 24 14:13 kcore
root
0 Feb 24 14:13 keys
root
0 Feb 24 14:13 key-users
root
0 Feb 23 15:48 kmsg
root
0 Feb 24 14:13 loadavg
root
0 Feb 24 14:13 locks
root
0 Feb 24 14:13 mdstat
root
0 Feb 23 15:49 meminfo
# cat /proc/cpuinfo
processor
:0
vendor_id
: GenuineIntel
cpu family
:6
model
: 23
model name
: Intel(R) Core(TM)2 Duo CPU
stepping
: 10
cpu MHz
: 2527.000
5
P8700 @ 2.53GHz
# cat meminfo
MemTotal:
1026816 kB
MemFree:
21840 kB
Buffers:
97784 kB
Cached:
666156 kB
SwapCached:
0 kB
Active:
410112 kB
Inactive:
479148 kB
The data stored in files in the /proc file system is used by a number of
system utilities including top, uname and vmstat to display information.
The /lib/modules Directory
This directory holds information about kernel modules. Underneath this
directory, there are sub-directories specific to the kernels available on the
system. For example, the ll output on /lib/modules below shows that there
is one kernel configuration stored on this system:
# ll
total 8
drwxr-xr-x 7 root root 4096 Feb 23 17:46 2.6.18-194.el5
# pwd
/lib/modules
# ll `uname -r`
total 1336
lrwxrwxrwx 1 root root
46 Feb 23 16:29
../../../usr/src/kernels/2.6.18-194.el5-x86_64
drwxr-xr-x 2 root root 4096 Apr 2 2010 extra
drwxr-xr-x 9 root root 4096 Feb 23 16:29 kernel
drwxr-xr-x 2 root root 4096 Feb 23 17:45 misc
-rw-r--r-- 1 root root 288180 Feb 23 17:46 modules.alias
-rw-r--r-- 1 root root
69 Feb 23 17:46 modules.ccwmap
-rw-r--r-- 1 root root 217407 Feb 23 17:46 modules.dep
-rw-r--r-- 1 root root 147 Feb 23 17:46 modules.ieee1394map
-rw-r--r-- 1 root root 375 Feb 23 17:46 modules.inputmap
-rw-r--r-- 1 root root 2314 Feb 23 17:46 modules.isapnpmap
-rw-r--r-- 1 root root
74 Feb 23 17:46 modules.ofmap
-rw-r--r-- 1 root root 218408 Feb 23 17:46 modules.pcimap
-rw-r--r-- 1 root root 4033 Feb 23 17:46 modules.seriomap
-rw-r--r-- 1 root root 143691 Feb 23 17:46 modules.symbols
-rw-r--r-- 1 root root 393321 Feb 23 17:46 modules.usbmap
6
build
->
4096
4096
4096
4096
4096
4096
4096
4096
4096
4096
4096
4096
Feb
Feb
Feb
Feb
Feb
Feb
Feb
Feb
Feb
Feb
Feb
Feb
23
23
23
23
23
23
23
23
23
23
23
23
16:29
16:29
16:29
16:29
16:29
16:29
16:29
16:29
16:29
16:29
16:29
16:29
acpi
ata
atm
block
bluetooth
cdrom
char
cpufreq
dca
dma
dma_v3
edac
# cat /proc/modules
autofs4 63049 3 - Live
0xffffffff886a3000
hidp 83521 2 - Live
0xffffffff8868d000
rfcomm 104681 0 - Live
0xffffffff88672000
l2cap 89281 10 hidp,rfcomm, Live
0xffffffff8865b000
bluetooth 118853 5
hidp,rfcomm,l2cap, Live
0xffffffff8863c000
lockd 101553 0 - Live
0xffffffff88622000
sunrpc 199945 2 lockd, Live
0xffffffff885f0000
vmblock 53956 4 - Live
0xffffffff885e1000 (U)
vsock 123360 0 - Live
0xffffffff885c1000 (U)
vmmemctl 50344 0 - Live
0xffffffff885b3000 (U)
vmhgfs 104416 0 - Live
0xffffffff88598000 (U)
acpiphp 58841 0 - Live
0xffffffff88588000
loop 48721 0 - Live
0xffffffff8857b000
dm_multipath 56920 0 - Live
Description
Specifies the association of logical device and module. In the file
excerpt above, e1000 is a module associated with the network
interface e1000
Executes the specified command on a module instead of
running the insmod command
Specifies options for a module
Executes the specified command after installing a module
Executes the specified command on a module instead of
9
4. System processes
A process is created in memory when a program or command is
executed.
A unique identification number, known as process
identification (PID), is allocated to it, which is used by the kernel
to manage the process until the program or command it is
associated with, terminates. When a user logs in to the system,
shell is started, which is a process. A process is any program,
application or command that runs on the system.
Several processes are started at system boot up, many of which sit in
memory and wait for an event to trigger a request to use their service.
These background system processes are called daemons and are critical to
system functionality.
TIME CMD
00:00:00 bash
00:00:00 ps
The output has for columns: PID of the process in the first column,
terminal the process belongs to in the second column, cumulative time the
10
process given by the system CPU in the third column and actual command
being executed in the last column.
Two options e (every) and f (full) are popularly used to generate
detailed information on every process running in the system. Check the ps
command man pages for more options.
# ps -ef
UID
PID PPID C STIME TTY
TIME CMD
root
1
0 0 11:29 ?
00:00:01 init [5]
root
2
1 0 11:29 ?
00:00:00 [migration/0]
root
3
1 0 11:29 ?
00:00:00 [ksoftirqd/0]
root
4
1 0 11:29 ?
00:00:00 [events/0]
root
5
1 0 11:29 ?
00:00:00 [khelper]
root
21
1 0 11:29 ?
00:00:00 [kthread]
root
25 21 0 11:29 ?
00:00:00 [kblockd/0]
root
26 21 0 11:29 ?
00:00:00 [kacpid]
root
222 21 0 11:29 ?
00:00:00 [cqueue/0]
Now lets see what happens when you run a command like find, to
search for files ending with .bak in / :
# find / -type f -name *.bak
/etc/mail/submit.cf.bak
# ps -ef
UID
PID PPID C STIME TTY
root
root
root
root
*.bak
root
TIME CMD
00:00:00 ps ef
5029 root
15 0 12744 1080 808 R 0.3 0.1 0:00.02 top
1 root
15 0 10352 700 588 S 0.0 0.0 0:01.69 init
2 root
RT -5
0 0 0 S 0.0 0.0 0:00.00 migration/0
3 root
34 19
0 0 0 S 0.0 0.0 0:00.00 ksoftirqd/0
4 root
10 -5
0 0 0 S 0.0 0.0 0:00.42 events/0
5 root
10 -5
0 0 0 S 0.0 0.0 0:00.00 khelper
21 root
11 -5
0 0 0 S 0.0 0.0 0:00.00 kthread
25 root
10 -5
0 0 0 S 0.0 0.0 0:00.07 kblockd/0
26 root
20 -5
0 0 0 S 0.0 0.0 0:00.00 kacpid
222 root
11 -5
0 0 0 S 0.0 0.0 0:00.00 cqueue/0
225 root
10 -5
0 0 0 S 0.0 0.0 0:00.00 khubd
227 root
10 -5
0 0 0 S 0.0 0.0 0:00.00 kseriod
292 root
15 0
0 0 0 S 0.0 0.0 0:00.00 khungtaskd
293 root
16 0
0 0 0 S 0.0 0.0 0:00.00 pdflush
294 root
15 0
0 0 0 S 0.0 0.0 0:00.09 pdflush
Find out more information on top with the man top command.
Process States
There are several states that a process can go through in its life. There
are five process states: running, waiting, sleeping, stopped and zombie.
The running state shows that the process is currently being
executed by the system CPU.
The sleeping state means shows that the process is currently
waiting for input from user or another process.
The waiting state means that the process has received input it has
been waiting for and is now ready to run as soon as its turn comes.
The stopped state indicates that the process is currently halted and
will not run even when its turn comes, unless it is sent a signal.
The zombie state determines that the process is dead. A zombie
process exists in process table just as any other process entry, but
takes up no resources. The entry for zombie is retained until the
parent process permits it to die.
Process Priority
Process priority is determined using the nice value. The system assigns
a nice value to a process when it is initiated to establish priority. A total of
40 nice values exist with -20 being the highest and +19 the lowest. Most
system started processes use the default nice value of 0. A child process
inherits the nice value of its parent process.
Use the ps command and specify the l option to determine nice values
of running processes. See associated nice values for each process under
the NI column.
A different priority may be assigned to a program or command at the
time it is initiated. For example, to run system-config-users with higher
priority:
12
#nice -2 system-config-users
The value assigned with nice is relative to the default nice value. The
number -2 is added to 0, which means the specified program will run at a
higher priority since its nice value is -2.
The commands used to pass a signal to a process are kill and pkill.
These commands are usually used to terminate a process. Ordinary users
can kill processes they own, while root can kill any process.
The syntax of the kill command to kill a process is:
#kill PID
#kill s <signal name or number> PID
Homework : read the manual pages of the pkill and kill
command.
Description
Owner of the file or directory. Usually the
creator of the file or directory is the owner of it
A set of users that need identical access on files
and directories that they share. Group
information is maintained in the /etc/group file
13
Others (o)
Permission Types
Permissions control what actions can be performed on a file or directory
and by whom. There are four types of permissions defined in the table
below:
Permission
type
Read
Symbol
File
Directory
Write
Execute
Access
denied
X
-
The output of the ll command lists files and directories along with their
type and permissions settings. This information is shown in the first column
of the output where 10 characters are displayed. The first character
indicates the type of file : d for directory, - for regular file, l for symbolic
link, c for character device file, b for block device file , n for named pipes, s
for socket and so on. The next nine characters three groups of three
characters- show read (r), write (w), execute (x) or none (-) permissions for
the three user classes: user, group and others:
1
2
3
4
5
6
7
--x execute
-w- write
-wx write and execute
r-- read
r-x read and execute
rw- read and write
rwx read, write and execute
16
6. Archiving
17
There are several archiving tools present in Linux, in the section below
there will be described a series of commands most used in archiving an
extracting.
The tar (tape archive) command archives, lists and extracts files to and
from a single file called tar file. A tar file can be created as a regular file on
a disk or tape; it supports several options, some of which are summarized
below:
-c creates a new archive
-f specifies archive destination
-j compresses the archive contents with bzip2 command
-t lists archive contents
-v verbose mode
-x extracts from a archive
-z compress the archive contents with the gzip command
Examples:
To create an archive of the home directory in a file called home.tar, you
can use the following command:
# tar -cvf /home.tar /home
tar: Removing leading `/' from member names
/home/
/home/lost+found/
/home/vlad/
/home/vlad/.bash_logout
/home/vlad/.bash_profile
/home/vlad/.mozilla/
/home/vlad/.mozilla/plugins/
/home/vlad/.mozilla/extensions/
/home/vlad/.bashrc
/home/vlad/hello.sh
/home/vlad/.bash_history
# ls -la home.tar
-rw-r--r-- 1 root root 10240 Mar 3 13:24 home.tar
To list the home.tar archive contents use:
# tar -tvf home.tar
drwxr-xr-x root/root
0 2011-02-24 17:13:20 home/
drwx------ root/root
0 2011-02-22 13:33:33 home/lost+found/
drwx------ vlad/vlad
0 2011-02-28 13:45:02 home/vlad/
-rw-r--r-- vlad/vlad
33 2009-01-21 20:15:22 home/vlad/.bash_logout
-rw-r--r-- vlad/vlad
176 2009-01-21 20:15:22 home/vlad/.bash_profile
.
18
Sometimes you need to find one or more files or directories in the file
system structure based on a criterion. Linux offers two tools to help you in
19
that situation. These tools are called find and locate, an explained in this
section.
The find command recursively searches the directory tree, finds files
that match the specified criteria and optionally performs an action. This
powerful tool customized to look for files in a number of ways. The search
criteria may include searching for files by name, size, ownership, last
access, permissions, inode number, file type...etc. Here is the command
syntax:
#find <path> <option> <action>
-path is the location where to search. It can be /etc, /root or the current
directory you are in with < . >.
-the option can be, search by name name, search by file type type f to
search only for files, search by access time atime
-the action is the process to take place on the located files : -exec
<command> {} \; -ok <command> {} \;
The best way to get familiarized with the find command is with some
examples. Lets search for file in /etc larger than 1MB and display them:
# find /etc -type f -size +1024k -exec ls -lah {} \;
-rw-r--r-- 1 root root 1.4M Mar 31 2010 /etc/firmware/microcode.dat
-rw-r--r-1
root
root
1.3M
May
24
2008
/etc/gconf/schemas/apps_nautilus_preferences.schemas
-rw-r--r-- 1 root root 1.8M Mar 11
2009 /etc/gconf/schemas/gnometerminal.schemas
-rw-r--r-- 1 root root 1.1M Jan 6 2007 /etc/gconf/schemas/gok.schemas
-rw-r--r-- 1 root root 1.2M Apr 11 2007 /etc/gconf/schemas/ekiga.schemas
-rw-r--r-1
root
root
1.2M
Mar
31
2010
/etc/gconf/schemas/metacity.schemas
-rw-r--r-- 1 root root 3.4M Mar 6 19:50 /etc/gconf/gconf.xml.defaults/
%gconf-tree.xml
-rw-r--r-- 1 root root 1.8M Mar 6 19:46 /etc/selinux/targeted/policy/policy.21
First of all I specified the directory where to search, in this example
its /etc, find automatically searches the subfolders included in the path.
After this, I used a few options:
-type f to search only for files
-size +1024k to search for files over 1024Kb (1Mb), the + represents
increase of
-exec ls lah to execute a listing in human readable format on the files
found
# find / -name *.vl -exec rm -i {} \;
20
rm:
rm:
rm:
rm:
rm:
remove
remove
remove
remove
remove
regular
regular
regular
regular
regular
empty
empty
empty
empty
empty
file
file
file
file
file
`/home/vlad/file3.vl'?
`/home/vlad/file4.vl'?
`/home/vlad/file2.vl'?
`/home/vlad/file1.vl'?
`/home/vlad/file5.vl'?
y
y
y
y
y
In this example I used find to locate all files with names ending in .vl to
be removed interactively.
The locate command is used for locating all occurrences of the specified
string as it appears in file pathnames. It can also be used to locate files
with
certain
extensions.
The
command
searches
the
/var/lib/mlocate/mlocate.db
database
file
and
displays
matching
occurrences. This file is updated automatically every day when the
/etc/cron.daily/mlocate.cron script is executed by the cron daemon.
Alternatively it can be updated manually with the updatedb command.
# updatedb
# locate passwd
/etc/passwd
/etc/passwd/etc/news/passwd.nntp
/etc/pam.d/passwd
/etc/security/opasswd
Homework: read the man pages of the locate and find command.
21