Laboratory nr.

4
Laboratory Topics:
1. Linux kernel overview
2. Understanding kernel directory structure
3. Managing modules and the kernel
4. System processes
5. File permissions and ownership
6. Archiving
7. Searching for a file/binary

1. Linux kernel overview

The kernel controls everything inside-out on a system that runs
the Linux operating system. It controls system hardware including
memory, processors, disks and I/O devices; runs, schedules and
manages processes and service daemons; enforces security and
access controls; and so on. The kernel receives instructions from
the shell, engages appropriate hardware resources and acts as
instructed.
The Linux kernel is a set of software components called modules that
work together coherently as a single unit to enable programs, services and
applications to run smoothly and efficiently on the system. Modules are
basically device drivers used for controlling hardware devices such as
controller cards and peripheral devices, as well as software components
such as LVM, file systems and RAID. Some of these modules are static to
the kernel while others are loaded automatically and dynamically as
necessary.
When the system is booted, the kernel is loaded into memory with all
static modules. The dynamic modules are separately and individually
loaded when needed. A Linux kernel that comprises of static modules only
is referred to as a monolithic kernel and a Linux kernel that includes
dynamic modules as well is known as a modular kernel.
A monolithic kernel is typically larger in size than a modular kernel since
it includes all components that may or may not be required at all times.
1

This makes a monolithic kernel occupy more physical memory and less
efficient.
A modular kernel, on the other hand, is made up of mere critical and
essential components, and loads dynamic modules automatically as and
when needed. This makes a modular kernel occupy less physical memory
as compared to a monolithic kernel, faster and more efficient in terms of
overall performance, and less vulnerable to crashes. Another benefit of a
modular kernel is that software driver updates only require the associated
module recompiled without a system reboot. It does not need an entire
kernel recompile.
Linux distributions come standard with several types of kernels that are
designed for diverse processor architectures such as 32-bit and 64-bit
Intel/AMD (i386/i686), 64-bit Itanium 2 (ia64), 64-bit PowerPC, and IBM
System z and 390 mainframes. The uname command with -m option tells
the architecture of the system. At Linux installation, the installer program
automatically chooses the regular kernel that best suits the processor
architecture. Files related to kernel architectures are installed in /boot
directory. The regular kernel supports not more than 4GB of physical
memory on a system with one or more processors. Additional kernels kernel-PAE and kernel-xen - are also available for each supported
architecture, which provide support for systems with multiple processors
and physical memory beyond 4GB (up to 64GB), and allow for constructing
several virtual machines on a single system. Optional software packages
such as kernel-devel and kernel-headers may also be loaded to get
device drivers and associated header information. Linux distributions also
include source code for the kernel.
The default kernel installed during installation is usually adequate for
most system needs; however, it requires a rebuild when a new functionality
is added or removed. The new functionality may be introduced by updating
or upgrading the kernel, installing a new hardware device or changing a
critical system component. Likewise, an existing functionality that is no
longer needed may be removed to make the kernel smaller resulting in
improved performance and reduced memory utilization. To control the
behavior of the modules, and the kernel in general, several tunable
parameters are set, which define a baseline for the kernel functionality.
Some of these parameters must be tuned to allow certain applications and
database software to be installed smoothly and function properly.

Checking and understanding kernel version

To check the version of the kernel, run the uname command:
# uname r
2.6.18-194.el5

The output indicates that the kernel version currently in use is 2.6.18194.el5. An anatomy of the version is displayed below:
From left to right:
(2) Indicates that this is the second major version of the Linux kernel. The
major number changes when there are significant alterations,
enhancements and updates to the previous major version.
(6) Indicates that this is the sixth major revision of the second major
version.
(18) Indicates that this is the eighteenth patched version of this kernel to
fix minor bugs and security holes, add minor enhancements and so on.
(19) Indicates that this is the nineteenth version of Cent OS customized
kernel.
(4) Indicates that this is the fourth build of the nineteenth version of the
Cent OS customized kernel.
(el5) indicates that this kernel is for Red Hat Enterprise Linux 5.

2. Understanding kernel directory structure

Kernel files are stored at different locations in the system directory
hierarchy of which four locations /boot, /proc, /lib/modules and /usr/src
are of significance, and are explained below :
The /boot File System
The /boot file system is created at system installation time and its
purpose is to store kernel-related information including current working
kernel and associated files. This file system also stores any updated or
modified kernel data. An ll on /boot displays the following information:
# II /boot
total 27575
total 6133
-rw-r--r-- 1 root root 66887 Apr 2 2010 config-2.6.18-194.el5
drwxr-xr-x 2 root root 1024 Feb 23 16:37 grub
-rw------- 1 root root 2769585 Feb 23 17:46 initrd-2.6.18-194.el5.img
drwx------ 2 root root 12288 Feb 23 16:19 lost+found
-rw-r--r-- 1 root root 80032 Mar 16 2009 message
-rw-r--r-- 1 root root 112656 Apr 2 2010 symvers-2.6.18-194.el5.gz
-rw-r--r-- 1 root root 1242340 Apr 2 2010 System.map-2.6.18-194.el5
-rw-r--r-- 1 root root 1953660 Apr 2 2010 vmlinuz-2.6.18-194.el5
The output indicates that the current kernel is vmlinuz-2.6.18-194.el5,
its boot image is stored in the initrd-2.6.18-194.el5.img file and
configuration is located in the config-2.6.18-194.el5 file.

A sub directory/boot/grub contains GRUB information as shown below:

# ll /boot/grub
total 258
-rw-r--r-- 1 root root
63 Feb 23 16:37 device.map
-rw-r--r-- 1 root root 7584 Feb 23 16:37 e2fs_stage1_5
-rw-r--r-- 1 root root 7456 Feb 23 16:37 fat_stage1_5
-rw-r--r-- 1 root root 6720 Feb 23 16:37 ffs_stage1_5
-rw------- 1 root root 573 Feb 23 16:37 grub.conf
-rw-r--r-- 1 root root 6720 Feb 23 16:37 iso9660_stage1_5
-rw-r--r-- 1 root root 8224 Feb 23 16:37 jfs_stage1_5
lrwxrwxrwx 1 root root
11 Feb 23 16:37 menu.lst -> ./grub.conf
-rw-r--r-- 1 root root 6880 Feb 23 16:37 minix_stage1_5
-rw-r--r-- 1 root root 9248 Feb 23 16:37 reiserfs_stage1_5
-rw-r--r-- 1 root root 55808 Mar 16 2009 splash.xpm.gz
-rw-r--r-- 1 root root 512 Feb 23 16:37 stage1
-rw-r--r-- 1 root root 104988 Feb 23 16:37 stage2
-rw-r--r-- 1 root root 7072 Feb 23 16:37 ufs2_stage1_5
-rw-r--r-- 1 root root 6272 Feb 23 16:37 vstafs_stage1_5
-rw-r--r-- 1 root root 8872 Feb 23 16:37 xfs_stage1_5
The key file in /boot/grub is grub.conf, which maintains a list of available
kernels and defines the default kernel to load at boot. Below you can see
the contents of the file:
# cat /boot/grub/grub.conf
# grub.conf generated by anaconda
#
# Note that you do not have to rerun grub after making changes to this file
# NOTICE: You have a /boot partition. This means that
#
all kernel and initrd paths are relative to /boot/, eg.
#
root (hd0,0)
#
kernel /vmlinuz-version ro root=/dev/sda2
#
initrd /initrd-version.img
#boot=/dev/sda
default=0
timeout=5
splashimage=(hd0,0)/grub/splash.xpm.gz
hiddenmenu
title CentOS (2.6.18-194.el5)
root (hd0,0)
kernel /vmlinuz-2.6.18-194.el5 ro root=LABEL=/ rhgb quiet
initrd /initrd-2.6.18-194.el5.img
The /proc File System
4

The /proc file system is a virtual file system that is created in memory.
Its contents are created at system boot and destroyed when the system is
powered off. Underneath this file system lie current hardware configuration
and status information. A directory listing of /proc is provided below:
# ll /proc
.
-r--r--r-- 1 root
dr-xr-xr-x 6 root
-r--r--r-- 1 root
-r--r--r-- 1 root
-r--r--r-- 1 root
-r--r--r-- 1 root
-r--r--r-- 1 root
-r--r--r-- 1 root
dr-xr-xr-x 2 root
-r--r--r-- 1 root
-r--r--r-- 1 root
-r--r--r-- 1 root
dr-xr-xr-x 4 root
dr-xr-xr-x 3 root
-r--r--r-- 1 root
-r--r--r-- 1 root
-r--r--r-- 1 root
dr-xr-xr-x 21 root
-r--r--r-- 1 root
-r-------- 1 root
-r--r--r-- 1 root
-r--r--r-- 1 root
-r-------- 1 root
-r--r--r-- 1 root
-r--r--r-- 1 root
-r--r--r-- 1 root
-r--r--r-- 1 root
..

root
0 Feb 24 14:13 buddyinfo
root
0 Feb 23 15:48 bus
root
0 Feb 24 14:13 cmdline
root
0 Feb 24 14:13 cpuinfo
root
0 Feb 24 14:13 crypto
root
0 Feb 24 14:13 devices
root
0 Feb 24 14:13 diskstats
root
0 Feb 24 14:13 dma
root
0 Feb 24 14:13 driver
root
0 Feb 24 14:13 execdomains
root
0 Feb 24 14:13 fb
root
0 Feb 24 14:13 filesystems
root
0 Feb 23 15:48 fs
root
0 Feb 24 14:13 ide
root
0 Feb 24 14:13 interrupts
root
0 Feb 24 14:13 iomem
root
0 Feb 24 14:13 ioports
root
0 Feb 24 14:13 irq
root
0 Feb 24 14:13 kallsyms
root
1073745920 Feb 24 14:13 kcore
root
0 Feb 24 14:13 keys
root
0 Feb 24 14:13 key-users
root
0 Feb 23 15:48 kmsg
root
0 Feb 24 14:13 loadavg
root
0 Feb 24 14:13 locks
root
0 Feb 24 14:13 mdstat
root
0 Feb 23 15:49 meminfo

# cat /proc/cpuinfo
processor
:0
vendor_id
: GenuineIntel
cpu family
:6
model
: 23
model name
: Intel(R) Core(TM)2 Duo CPU
stepping
: 10
cpu MHz
: 2527.000
5

P8700 @ 2.53GHz


# cat meminfo
MemTotal:
1026816 kB
MemFree:
21840 kB
Buffers:
97784 kB
Cached:
666156 kB
SwapCached:
0 kB
Active:
410112 kB
Inactive:
479148 kB

The data stored in files in the /proc file system is used by a number of
system utilities including top, uname and vmstat to display information.
The /lib/modules Directory
This directory holds information about kernel modules. Underneath this
directory, there are sub-directories specific to the kernels available on the
system. For example, the ll output on /lib/modules below shows that there
is one kernel configuration stored on this system:
# ll
total 8
drwxr-xr-x 7 root root 4096 Feb 23 17:46 2.6.18-194.el5
# pwd
/lib/modules
# ll `uname -r`
total 1336
lrwxrwxrwx 1 root root
46 Feb 23 16:29
../../../usr/src/kernels/2.6.18-194.el5-x86_64
drwxr-xr-x 2 root root 4096 Apr 2 2010 extra
drwxr-xr-x 9 root root 4096 Feb 23 16:29 kernel
drwxr-xr-x 2 root root 4096 Feb 23 17:45 misc
-rw-r--r-- 1 root root 288180 Feb 23 17:46 modules.alias
-rw-r--r-- 1 root root
69 Feb 23 17:46 modules.ccwmap
-rw-r--r-- 1 root root 217407 Feb 23 17:46 modules.dep
-rw-r--r-- 1 root root 147 Feb 23 17:46 modules.ieee1394map
-rw-r--r-- 1 root root 375 Feb 23 17:46 modules.inputmap
-rw-r--r-- 1 root root 2314 Feb 23 17:46 modules.isapnpmap
-rw-r--r-- 1 root root
74 Feb 23 17:46 modules.ofmap
-rw-r--r-- 1 root root 218408 Feb 23 17:46 modules.pcimap
-rw-r--r-- 1 root root 4033 Feb 23 17:46 modules.seriomap
-rw-r--r-- 1 root root 143691 Feb 23 17:46 modules.symbols
-rw-r--r-- 1 root root 393321 Feb 23 17:46 modules.usbmap
6

build

->

lrwxrwxrwx 1 root root

5 Feb 23 16:29 source -> build
drwxr-xr-x 2 root root 4096 Apr 2 2010 updates
drwxr-xr-x 2 root root 4096 Apr 2 2010 weak-updates
There are several files and a few sub directories displayed in the output
above. These files and sub directories hold module specific information.
Browse the directory tree to get your self familiarized.
One
of
the
key
subdirectories
is
/lib/modules/2.6.18194.el5/kernel/drivers where modules categorized in groups are stored in
various sub directories as show in the listing below:
# ll
total 312
drwxr-xr-x 2 root root
drwxr-xr-x 2 root root
drwxr-xr-x 2 root root
drwxr-xr-x 4 root root
drwxr-xr-x 2 root root
drwxr-xr-x 2 root root
drwxr-xr-x 8 root root
drwxr-xr-x 2 root root
drwxr-xr-x 2 root root
drwxr-xr-x 2 root root
drwxr-xr-x 2 root root
drwxr-xr-x 2 root root
.

4096
4096
4096
4096
4096
4096
4096
4096
4096
4096
4096
4096

Feb
Feb
Feb
Feb
Feb
Feb
Feb
Feb
Feb
Feb
Feb
Feb

23
23
23
23
23
23
23
23
23
23
23
23

16:29
16:29
16:29
16:29
16:29
16:29
16:29
16:29
16:29
16:29
16:29
16:29

acpi
ata
atm
block
bluetooth
cdrom
char
cpufreq
dca
dma
dma_v3
edac

These sub-directories contain driver modules to control hardware

devices associated with them.
The /usr/src Directory
This directory contains source code for kernel. All information related to
building a new kernel from the source code is located here. The /usr/src
directory contains two sub-directories.
Homework : Explore the sub directories of /usr/src , can you
provide more details on the contents ?

3. Managing modules and the kernel

Managing modules includes tasks such as listing, building, installing,
loading and unloading modules, and managing the kernel involves tasks
such as updating, upgrading and patching it. These tasks are explained
below.
Listing a module
With the lsmod command you can vie currently loaded modules.
Alternatively, you can view them by displaying the contents of
/proc/modules file. Both methods show module names, their sizes, how
they are being used and dependent modules.
#lsmod
Module
Size Used by
autofs4
63049 3
hidp
83521 2
rfcomm
104681 0
l2cap
89281 10
hidp,rfcomm
bluetooth
118853 5
hidp,rfcomm,l2cap
lockd
101553 0
sunrpc
199945 2 lockd
vmblock
53956 4
vsock
123360 0
vmmemctl
50344 0
vmhgfs
104416 0
acpiphp
58841 0
loop
48721 0
dm_multipath
56920 0
scsi_dh
42177 1
dm_multipath

# cat /proc/modules
autofs4 63049 3 - Live
0xffffffff886a3000
hidp 83521 2 - Live
0xffffffff8868d000
rfcomm 104681 0 - Live
0xffffffff88672000
l2cap 89281 10 hidp,rfcomm, Live
0xffffffff8865b000
bluetooth 118853 5
hidp,rfcomm,l2cap, Live
0xffffffff8863c000
lockd 101553 0 - Live
0xffffffff88622000
sunrpc 199945 2 lockd, Live
0xffffffff885f0000
vmblock 53956 4 - Live
0xffffffff885e1000 (U)
vsock 123360 0 - Live
0xffffffff885c1000 (U)
vmmemctl 50344 0 - Live
0xffffffff885b3000 (U)
vmhgfs 104416 0 - Live
0xffffffff88598000 (U)
acpiphp 58841 0 - Live
0xffffffff88588000
loop 48721 0 - Live
0xffffffff8857b000
dm_multipath 56920 0 - Live

Building and installing a new module

Linux detects most hardware and loads appropriate modules
automatically; however, there may be instances when a device is left
undetected or added online (as in the case of SAN disk allocation). In such
case execute the depmod command to force the system to scan the
hardware, find appropriate modules for the new devices and update the
/lib/modules/2.6.18-194.el5/modules.dep file.

Loading and unloading a module

The modprobe command is used to add and remove modules form the
Linux kernel. This command ensures that any dependent modules are
loaded prior to loading the specified module. The following example loads
the Intel Ethernet network card module called e1000:
#modprobe e1000
Add an entry to the /etc/modprobe.conf file to make the module get
autmoaticaly loaded at each system reboot.
#cat /etc/modprobe.conf
alias eth0 e1000
alias scsi_hostadapter mptbase
alias scsi_hostadapter1 mptspi
alias scsi_hostadapter2 ata_piix
alias snd-card-0 snd-ens1371
..
The /etc/modprobe.conf file supports several directives, some of which
are explained below:
Directive
alias
install
options
Postinstall
Remove

Description
Specifies the association of logical device and module. In the file
excerpt above, e1000 is a module associated with the network
interface e1000
Executes the specified command on a module instead of
running the insmod command
Specifies options for a module
Executes the specified command after installing a module
Executes the specified command on a module instead of
9

running the rmmod command.

To unload the e1000 module along with all unused dependent modules,
run either the modprobe or the rmmod command:
#modprobe r e1000
#rmmod e1000
To display information about a specific module such as e1000, use the
modinfo command:
#modinfo e1000

4. System processes
A process is created in memory when a program or command is
executed.
A unique identification number, known as process
identification (PID), is allocated to it, which is used by the kernel
to manage the process until the program or command it is
associated with, terminates. When a user logs in to the system,
shell is started, which is a process. A process is any program,
application or command that runs on the system.
Several processes are started at system boot up, many of which sit in
memory and wait for an event to trigger a request to use their service.
These background system processes are called daemons and are critical to
system functionality.

Viewing System processes

There are two commands commonly used to view currently running
processes. These are ps (process status) ant top.
The ps command without any options or arguments, lists processes
specific to the terminal where the ps command is run:
# ps
PID TTY
4306 pts/1
4319 pts/1

TIME CMD
00:00:00 bash
00:00:00 ps

The output has for columns: PID of the process in the first column,
terminal the process belongs to in the second column, cumulative time the

10

process given by the system CPU in the third column and actual command
being executed in the last column.
Two options e (every) and f (full) are popularly used to generate
detailed information on every process running in the system. Check the ps
command man pages for more options.
# ps -ef
UID
PID PPID C STIME TTY
TIME CMD
root
1
0 0 11:29 ?
00:00:01 init [5]
root
2
1 0 11:29 ?
00:00:00 [migration/0]
root
3
1 0 11:29 ?
00:00:00 [ksoftirqd/0]
root
4
1 0 11:29 ?
00:00:00 [events/0]
root
5
1 0 11:29 ?
00:00:00 [khelper]
root
21
1 0 11:29 ?
00:00:00 [kthread]
root
25 21 0 11:29 ?
00:00:00 [kblockd/0]
root
26 21 0 11:29 ?
00:00:00 [kacpid]
root
222 21 0 11:29 ?
00:00:00 [cqueue/0]
Now lets see what happens when you run a command like find, to
search for files ending with .bak in / :
# find / -type f -name *.bak
/etc/mail/submit.cf.bak

# ps -ef
UID
PID PPID C STIME TTY
root
root
root
root
*.bak
root

TIME CMD

4306 4303 0 11:31 pts/1 00:00:00 bash

4322
1 0 11:31 ?
00:00:00 gnome-screensaver
4889 4303 0 11:49 pts/2 00:00:00 bash
4917 4306 8 11:49 pts/1
00:00:00 find / -type f -name
4918 4889 0 11:49 pts/2

00:00:00 ps ef

The second method to view process information is the top command,

which displays additional information including CPU and memory utilization.
A sample output from a running top session is shown below:
top - 11:53:10 up 23 min, 3 users, load average: 0.11, 0.10, 0.10
Tasks: 117 total, 2 running, 115 sleeping, 0 stopped, 0 zombie
Cpu(s): 8.0%us, 3.3%sy, 0.0%ni, 87.7%id, 0.0%wa, 1.0%hi, 0.0%si, 0.0%st
Mem: 1921784k total, 704436k used, 1217348k free, 76548k buffers
Swap: 2048276k total,
0k used, 2048276k free, 426104k cached
PID USER
4064 root
4303 root

PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND

15 0 218m 11m 6236 S 8.3 0.6 0:15.84 Xorg
15 0 262m 15m 8480 R 2.3 0.8 0:01.84 gnome-terminal
11

5029 root
15 0 12744 1080 808 R 0.3 0.1 0:00.02 top
1 root
15 0 10352 700 588 S 0.0 0.0 0:01.69 init
2 root
RT -5
0 0 0 S 0.0 0.0 0:00.00 migration/0
3 root
34 19
0 0 0 S 0.0 0.0 0:00.00 ksoftirqd/0
4 root
10 -5
0 0 0 S 0.0 0.0 0:00.42 events/0
5 root
10 -5
0 0 0 S 0.0 0.0 0:00.00 khelper
21 root
11 -5
0 0 0 S 0.0 0.0 0:00.00 kthread
25 root
10 -5
0 0 0 S 0.0 0.0 0:00.07 kblockd/0
26 root
20 -5
0 0 0 S 0.0 0.0 0:00.00 kacpid
222 root
11 -5
0 0 0 S 0.0 0.0 0:00.00 cqueue/0
225 root
10 -5
0 0 0 S 0.0 0.0 0:00.00 khubd
227 root
10 -5
0 0 0 S 0.0 0.0 0:00.00 kseriod
292 root
15 0
0 0 0 S 0.0 0.0 0:00.00 khungtaskd
293 root
16 0
0 0 0 S 0.0 0.0 0:00.00 pdflush
294 root
15 0
0 0 0 S 0.0 0.0 0:00.09 pdflush
Find out more information on top with the man top command.

Process States
There are several states that a process can go through in its life. There
are five process states: running, waiting, sleeping, stopped and zombie.
The running state shows that the process is currently being
executed by the system CPU.
The sleeping state means shows that the process is currently
waiting for input from user or another process.
The waiting state means that the process has received input it has
been waiting for and is now ready to run as soon as its turn comes.
The stopped state indicates that the process is currently halted and
will not run even when its turn comes, unless it is sent a signal.
The zombie state determines that the process is dead. A zombie
process exists in process table just as any other process entry, but
takes up no resources. The entry for zombie is retained until the
parent process permits it to die.

Process Priority
Process priority is determined using the nice value. The system assigns
a nice value to a process when it is initiated to establish priority. A total of
40 nice values exist with -20 being the highest and +19 the lowest. Most
system started processes use the default nice value of 0. A child process
inherits the nice value of its parent process.
Use the ps command and specify the l option to determine nice values
of running processes. See associated nice values for each process under
the NI column.
A different priority may be assigned to a program or command at the
time it is initiated. For example, to run system-config-users with higher
priority:
12

#nice -2 system-config-users
The value assigned with nice is relative to the default nice value. The
number -2 is added to 0, which means the specified program will run at a
higher priority since its nice value is -2.

Signals and Their Use

A system runs several processes simultaneously. Sometimes it becomes
necessary to pass a notification to a process alerting it of an event. A user
or the system uses a signal to pass that notification to a process. A signal
contains a signal number and its used to control processes. There are a
number of signals available for use but most of the time you only deal with
only a few of them. A list of available signals can be displayed with the kill
command using the l option.

The commands used to pass a signal to a process are kill and pkill.
These commands are usually used to terminate a process. Ordinary users
can kill processes they own, while root can kill any process.
The syntax of the kill command to kill a process is:
#kill PID
#kill s <signal name or number> PID
Homework : read the manual pages of the pkill and kill
command.

5. File permissions and ownership

Permissions are set on files and directories to prevent access by
unauthorized users. Users on the system are categorized in to three distinct
classes:
Permission class
User (u)
Group (g)

Description
Owner of the file or directory. Usually the
creator of the file or directory is the owner of it
A set of users that need identical access on files
and directories that they share. Group
information is maintained in the /etc/group file

13

and users are assigned to groups according to

shared file access needs.
All other users that have access to the system
except the owner and group members. Also
called public.

Others (o)

Permission Types
Permissions control what actions can be performed on a file or directory
and by whom. There are four types of permissions defined in the table
below:
Permission
type
Read

Symbol

File

Directory

Write

Execute
Access
denied

X
-

Displays file contents or Displays

copies content to
contents with
another file
the ll command
Modifies file contents
Creates,
removes,
renames files
and sub
directories
Execute a file
cd in a directory
none
none

The output of the ll command lists files and directories along with their
type and permissions settings. This information is shown in the first column
of the output where 10 characters are displayed. The first character
indicates the type of file : d for directory, - for regular file, l for symbolic
link, c for character device file, b for block device file , n for named pipes, s
for socket and so on. The next nine characters three groups of three
characters- show read (r), write (w), execute (x) or none (-) permissions for
the three user classes: user, group and others:

Changing access permissions

14

The chmod command is used to modify access permissions on files and

directories, chmod can be used by root or file owner, and can modify
permissions specified in one of two methods: symbolic or octal.
Symbolic notation uses a combination of letters and symbols to add
revoke or assign permissions to each class of users. The following examples
will provide an understanding on setting permissions.
We will create a file called vlad and we will change permissions on it in
the below examples:
# touch vlad
# ls -la
total 12
drwxr-xr-x 2 root root 4096 Mar 3 16:16 .
drwxr-xr-x 26 root root 4096 Mar 3 16:16 ..
-rw-r--r-- 1 root root 0 Mar 3 16:16 vlad
The default permissions for user root while creating a file are : user :
read + write, group: read, others: read, the owner of the file is root and the
group root as seen in columns 3 and 4 of the ls la command output.
Now lets add write and execute permissions to others and revoke the
read from the group in one command using chmod:
# chmod o+wx,g-r vlad
# ls -l
total 0
-rw----rwx 1 root root 0 Mar 3 16:16 vlad
After these changes lets add execute permissions to user root:
# chmod u+x vlad
# ls -la
total 12
drwxr-xr-x 2 root root 4096 Mar 3 16:16 .
drwxr-xr-x 26 root root 4096 Mar 3 16:16 ..
-rwx---rwx 1 root root 0 Mar 3 16:16 vlad
Homework: read the man pages for the chmod command and
practice!
The octal notation uses a three digit numbering system that ranges
from 0 to 7 to specify permissions for the three user classes. Octal values
are presented below:
0 --- no permission
15

1
2
3
4
5
6
7

--x execute
-w- write
-wx write and execute
r-- read
r-x read and execute
rw- read and write
rwx read, write and execute

Octal digit values can be added together to make Symbolic Notations:

(4=r)+(1=x)==(5=r-x)
(4=r)+(2=w)==(6=rw-)
(4=r)+(2=w)+(1=x) == (7=rwx)
Example :
777 = "-rwxrwxrwx" = rwx for all
754 = "-rwxr-xr--" = rwx for owner, r-x for group, r-- for other
124 = "--x-w-r--" = x for owner, w for group, r for other
Lets change the permissions to vlad file to user: read, group write and
execute and others set to no permissions.
# chmod 430 vlad
# ls -la
total 12
drwxr-xr-x 2 root root 4096 Mar 3 16:16 .
drwxr-xr-x 26 root root 4096 Mar 3 16:16 ..
-r---wx--- 1 root root 0 Mar 3 16:16 vlad
As you can see the changes have been made to the request.
Setting default permissions
The system assigns default permissions to a file or directory when its
created. Default permissions are calculated based on the umask (user
mask) permission values subtracted from a pre default value called initial
permissions.
# id
uid=0(root)
gid=0(root)
groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel)
# umask
0022

16

The S option at the umask command displays the current umask in

symbolic notation:
# umask -S
u=rwx,g=rx,o=rx
The umask (default permission) is set for files by subtracting out of 666
the value of the umask 022 resulting in 644 (user: read and write, group:
read, others: read) and for directories by subtracting out of 777 resulting
755 for the directories created.
User root has the default umask of 022 on the system, and other users
have the default umask set to 002. The default value can be changed.
Homework: How can we change the default value of the umask
for a user on a server?
Changing file ownership and group membership.
In Linux, every file and directory has an owner associated with it. By
default, the creator becomes the owner. The ownership can be changed if
required, and allocated to some other user. Similarly, every user is a
member of one or more groups. A group is a collection of users with exact
same privileges. By default the owners group is assigned to a file or
directory.
# ls -la
total 12
drwxr-xr-x 2 root root 4096 Mar 3 17:01 .
drwxr-xr-x 26 root root 4096 Mar 3 16:16 ..
-rw-r--r-- 1 root root 0 Mar 3 17:01 bla
-r---wx--- 1 root root 0 Mar 3 16:16 vlad
# chown vlad vlad
# chgrp vlad vlad
# ls -al
total 12
drwxr-xr-x 2 root root 4096 Mar 3 17:01 .
drwxr-xr-x 26 root root 4096 Mar 3 16:16 ..
-rw-r--r-- 1 root root 0 Mar 3 17:01 bla
-r---wx--- 1 vlad vlad 0 Mar 3 16:16 vlad
Using the chgrp and chown commands I changed the owner and the
group of the file vlad to user and group vlad. Read the manual pages for
the two commands and get yourself familiarized to them.

6. Archiving
17

There are several archiving tools present in Linux, in the section below
there will be described a series of commands most used in archiving an
extracting.
The tar (tape archive) command archives, lists and extracts files to and
from a single file called tar file. A tar file can be created as a regular file on
a disk or tape; it supports several options, some of which are summarized
below:
-c creates a new archive
-f specifies archive destination
-j compresses the archive contents with bzip2 command
-t lists archive contents
-v verbose mode
-x extracts from a archive
-z compress the archive contents with the gzip command
Examples:
To create an archive of the home directory in a file called home.tar, you
can use the following command:
# tar -cvf /home.tar /home
tar: Removing leading `/' from member names
/home/
/home/lost+found/
/home/vlad/
/home/vlad/.bash_logout
/home/vlad/.bash_profile
/home/vlad/.mozilla/
/home/vlad/.mozilla/plugins/
/home/vlad/.mozilla/extensions/
/home/vlad/.bashrc
/home/vlad/hello.sh
/home/vlad/.bash_history
# ls -la home.tar
-rw-r--r-- 1 root root 10240 Mar 3 13:24 home.tar
To list the home.tar archive contents use:
# tar -tvf home.tar
drwxr-xr-x root/root
0 2011-02-24 17:13:20 home/
drwx------ root/root
0 2011-02-22 13:33:33 home/lost+found/
drwx------ vlad/vlad
0 2011-02-28 13:45:02 home/vlad/
-rw-r--r-- vlad/vlad
33 2009-01-21 20:15:22 home/vlad/.bash_logout
-rw-r--r-- vlad/vlad
176 2009-01-21 20:15:22 home/vlad/.bash_profile
.
18

To extract/restore home from home.tar:

# tar -xvf home.tar
home/
home/lost+found/
home/vlad/
home/vlad/.bash_logout
home/vlad/.bash_profile
home/vlad/.mozilla/

The zip command is a popular compression utility available on a number

of operating systems platforms. This command adds the .zip extension to a
zipped file. The following example compresses three files in to one called
file1.zip. The first file name specified on the command line is automatically
chosen as the same of the resultant compressed file.
# touch file{1,2,3}
# ls -la
total 12
drwxr-xr-x 2 root root 4096 Mar 3 13:35 .
drwxr-xr-x 25 root root 4096 Mar 3 13:35 ..
-rw-r--r-- 1 root root 0 Mar 3 13:35 file1
-rw-r--r-- 1 root root 0 Mar 3 13:35 file2
-rw-r--r-- 1 root root 0 Mar 3 13:35 file3
# zip file1 file2 file3
adding: file2 (stored 0%)
adding: file3 (stored 0%)
# ll
total 4
-rw-r--r-- 1 root root 0 Mar 3 13:35 file1
-rw-r--r-- 1 root root 262 Mar 3 13:35 file1.zip
-rw-r--r-- 1 root root 0 Mar 3 13:35 file2
-rw-r--r-- 1 root root 0 Mar 3 13:35 file3
The unzip command performs the opposite of what zip does. It
uncompresses a zipped file and restores the files to their original state. To
uncompress the three files
#unzip file1.zip
7.

Searching for a file/binary

Sometimes you need to find one or more files or directories in the file
system structure based on a criterion. Linux offers two tools to help you in
19

that situation. These tools are called find and locate, an explained in this
section.
The find command recursively searches the directory tree, finds files
that match the specified criteria and optionally performs an action. This
powerful tool customized to look for files in a number of ways. The search
criteria may include searching for files by name, size, ownership, last
access, permissions, inode number, file type...etc. Here is the command
syntax:
#find <path> <option> <action>
-path is the location where to search. It can be /etc, /root or the current
directory you are in with < . >.
-the option can be, search by name name, search by file type type f to
search only for files, search by access time atime
-the action is the process to take place on the located files : -exec
<command> {} \; -ok <command> {} \;
The best way to get familiarized with the find command is with some
examples. Lets search for file in /etc larger than 1MB and display them:
# find /etc -type f -size +1024k -exec ls -lah {} \;
-rw-r--r-- 1 root root 1.4M Mar 31 2010 /etc/firmware/microcode.dat
-rw-r--r-1
root
root
1.3M
May
24
2008
/etc/gconf/schemas/apps_nautilus_preferences.schemas
-rw-r--r-- 1 root root 1.8M Mar 11
2009 /etc/gconf/schemas/gnometerminal.schemas
-rw-r--r-- 1 root root 1.1M Jan 6 2007 /etc/gconf/schemas/gok.schemas
-rw-r--r-- 1 root root 1.2M Apr 11 2007 /etc/gconf/schemas/ekiga.schemas
-rw-r--r-1
root
root
1.2M
Mar
31
2010
/etc/gconf/schemas/metacity.schemas
-rw-r--r-- 1 root root 3.4M Mar 6 19:50 /etc/gconf/gconf.xml.defaults/
%gconf-tree.xml
-rw-r--r-- 1 root root 1.8M Mar 6 19:46 /etc/selinux/targeted/policy/policy.21
First of all I specified the directory where to search, in this example
its /etc, find automatically searches the subfolders included in the path.
After this, I used a few options:
-type f to search only for files
-size +1024k to search for files over 1024Kb (1Mb), the + represents
increase of
-exec ls lah to execute a listing in human readable format on the files
found
# find / -name *.vl -exec rm -i {} \;
20

rm:
rm:
rm:
rm:
rm:

remove
remove
remove
remove
remove

regular
regular
regular
regular
regular

empty
empty
empty
empty
empty

file
file
file
file
file

`/home/vlad/file3.vl'?
`/home/vlad/file4.vl'?
`/home/vlad/file2.vl'?
`/home/vlad/file1.vl'?
`/home/vlad/file5.vl'?

y
y
y
y
y

In this example I used find to locate all files with names ending in .vl to
be removed interactively.
The locate command is used for locating all occurrences of the specified
string as it appears in file pathnames. It can also be used to locate files
with
certain
extensions.
The
command
searches
the
/var/lib/mlocate/mlocate.db
database
file
and
displays
matching
occurrences. This file is updated automatically every day when the
/etc/cron.daily/mlocate.cron script is executed by the cron daemon.
Alternatively it can be updated manually with the updatedb command.
# updatedb
# locate passwd
/etc/passwd
/etc/passwd/etc/news/passwd.nntp
/etc/pam.d/passwd
/etc/security/opasswd
Homework: read the man pages of the locate and find command.

21