EVALUATION COPY

Unauthorized

Reproduction

or Distribution

Linux Prohibited Fundamentals Student Workbook EVALUATION COPY

Unauthorized

Reproduction GL120 FUNDAMENTALS RHEL7 SLES12 U16.04

or Distribution The contents of this course and all its modules and related materials, including handouts to audience members, are copyright ©2017 Guru Labs L.. No part of this publication may be stored in a retrieval system, transmitted or reproduced in any way, including, but not limited to, photocopy, photograph, magnetic, electronic or other record, without the prior written permission of Guru Labs. This curriculum contains proprietary information which is for the exclusive use of customers of Guru Labs L.C., and is not to be shared with personnel other than those in attendance at this course. This instructional program, including all material provided herein, is supplied without any guarantees from Guru Labs L.C. Guru Labs L.C. assumes no liability for damages or legal action arising from Prohibited the use or misuse of contents or details contained herein. Photocopying any part of this manual without prior written consent of Guru Labs L.C. is a violation of federal law. This manual should not appear to be a photocopy. If you believe that Guru Labs training materials are being photocopied without permission, please email [email protected] or call 1-801-298-5227. Guru Labs L.C. accepts no liability for any claims, demands, losses, damages, costs or expenses suffered or incurred howsoever arising from or in connection with the use of this courseware. All trademarks are the property of their respective owners. Version: GL120S-R7S12U1604-T03 EVALUATION COPY

Unauthorized

Reproduction

or Distribution

Prohibited Table of Contents Chapter 1 EVALUATIONUnix/Linux FilesystemCOPY Features 3 WHAT IS LINUX? 1 Filesystem Hierarchy Standard 4 and its Design Principles 2 Navigating the Filesystem 6 FSF and GNU Unauthorized 4 Displaying Directory Contents 7 GPL – General Public License 5 Filesystem Structures 9 The 6 Determining Disk Usage With df and du 10 Linux Kernel and Versioning 7 Determining Disk Usage (GUI) 11 Components of a Distribution 9 Disk Usage with Quotas 13 10 File Ownership 14 SUSE Linux Products 11 Default Group Ownership 15 12 File and Directory Permissions 16 13 File Creation Permissions with umask 18 Linux Products 14 SUID and SGID on files 20 Reproduction 16 SGID and Sticky Bit on Directories 21 Changing File Permissions 22 Chapter 2 User Private Group Scheme 24 LOGIN AND EXPLORATION 1 Lab Tasks 26 Logging In 2 1. Navigating Directories and Listing Files 27 Running Programs 3 2. Disk and Filesystem Usage 29 Interacting with Command Line 4 3. File and Directory Ownership and Permissions 31 Desktop Environments 6 4. Introduction to Troubleshooting Labs [R7 S12] 36 GNOME 7 5. Troubleshooting Practice: Filesystem [R7 S12] 41 Starting X or9 Gathering Login Session Info 11 DistributionChapter 4 Gathering System Info 12 MANIPULATING FILES 1 uptime & w 14 Directory Manipulation 2 got root? 15 File Manipulation 3 Switching User Contexts 16 Deleting and Creating Files 4 sudo 17 Managing Files Graphically 5 Help from Commands and Documentation 19 Drag and drop with Nautilus 6 whereis 20 Physical Unix File Structure 7 Getting Help Within the Graphical Desktop 21 Filesystem LinksProhibited 8 Getting Help with man & info 22 File Extensions and Content 9 Lab Tasks 24 Displaying Files 10 1. Login and Discovery 25 Previewing Files 12 2. Help with Commands 30 Producing File Statistics 13 3. Switching Users With su 34 Displaying Binary Files 14 Searching the Filesystem 16 Chapter 3 Alternate Search Method 17 THE LINUX FILESYSTEM 1 Lab Tasks 18 Filesystem Support 2 1. Manipulating Files and Directories 19 ii 2. File Examination & Search Commands 23 Extracting Columns of Text 9 Combining Files and Merging Text 10 Chapter 5 EVALUATIONComparing COPY File Changes 12 BASICS 1 Lab Tasks 14 Role of Command Shell 2 1. Processing Text Streams 15 CommunicationUnauthorized Channels 3 2. Text Processing 17 File Redirection 4 Piping Commands Together 5 Chapter 8 Filename Matching 6 REGULAR EXPRESSIONS 1 File Globbing and Wildcard Patterns 7 Regular Expression Overview 2 Brace Expansion 8 Regular Expressions 3 Shell and Environment Variables 9 RE Character Classes 4 Key Environment Variables 10 Regex Quantifiers 5 Which and Type 12 RE Parenthesis 6 General Quoting Rules Reproduction 14 Lab Tasks 7 Nesting Commands 16 1. Pattern Matching with Regular Expressions 8 Lab Tasks 17 2. Extended Regular Expressions 10 1. Redirection and Pipes 18 3. Using Regular Expressions With sed 14 2. Wildcard File Matching 25 3. Shell Variables 27 Chapter 9 4. Shell Meta-Characters 30 TEXT EDITING 1 5. Command Substitution 33 Text Editing 2 Pico/GNU Nano 3 Chapter 6 or Pico/Nano Interface 4 ARCHIVING AND COMPRESSION 1 Nano configuration 5 Archives with tar 2DistributionPico/Nano Shortcuts 6 Archives with cpio 3 vi and Vim 7 The gzip Compression Utility 4 Learning Vim 8 The bzip2 Compression Utility 5 Basic vi 9 The XZ Compression Utility 6 Intermediate vi 10 The PKZIP Archiving/Compression format 7 Lab Tasks 13 GNOME File Roller 8 1. Text Editing with Nano 14 Lab Tasks 9 2. Text Editing with Vim 17 1. Archiving and Compression 10 Prohibited Chapter 10 Chapter 7 MESSAGING 1 TEXT PROCESSING 1 System Messaging Commands 2 Searching Inside Files 2 Controlling System Messaging 3 The Streaming Editor 3 4 Text Processing with Awk 4 Instant Messenger Clients 5 Replacing Text Characters 6 Electronic 6 Text Sorting 7 Sending Email with sendmail 7 Duplicate Removal Utility 8 Sending and Receiving Email with mailx 8 iii Sending and Receiving Email with mutt 10 The borne for-Loop 13 Sending Email with Pine 11 The while and until Loops 14 Evolution EVALUATION13 Lab Tasks COPY 15 Lab Tasks 14 1. Writing a Shell Script 16 1. Command Line Messaging 15 2. Messaging withUnauthorized talkd 17 Chapter 13 3. Command Line Email 20 PROCESS MANAGEMENT AND 1 4. Alpine 22 What is a Process? 2 Process Lifecycle 3 Chapter 11 Process States 4 COMMAND SHELLS 1 Viewing Processes 5 Shells 2 Signals 7 Identifying the Shell 4 Tools to Send Signals 8 Changing the Shell 5 nohup and disown 9 Configuration Files Reproduction 6 Managing Processes 10 Script Execution 7 Tuning Process 11 Shell Prompts 8 Job Control Overview 13 Bash: Bourne-Again Shell 9 Job Control Commands 14 Bash: Configuration Files 10 Persistent Shell Sessions with Screen 15 Bash: Command Line History 11 Using screen 16 Bash: Command Editing 13 Advanced Screen 18 Bash: Command Completion 15 Lab Tasks 19 Bash: "shortcuts" 16 1. Job Control Basics 20 Bash: prompt 17or 2. Process Management Basics 25 Setting Resource Limits via ulimit 18 3. Screen Basics 28 Lab Tasks 19 Distribution4. Using Screen Regions 31 1. Linux Shells 20 5. Troubleshooting Practice: Process Management [R7 S12] 34 2. Bash History 24 3. Aliases 27 Chapter 14 4. Bash Login Scripts 29 AT AND CRON 1 5. The Z Shell 31 Automating Tasks 2 at/batch 3 Chapter 12 cron 5 INTRODUCTION TO SHELL SCRIPTING 1 The crontab CommandProhibited 6 Shell Script Strengths and Weaknesses 2 crontab Format 7 Example Shell Script 3 /etc/cron.*/ Directories 8 Positional Parameters 4 Anacron 10 Input & Output 5 Lab Tasks 12 Doing Math 7 1. Creating and Managing User Cron Jobs 13 Exit Status 8 2. Adding System cron Jobs 16 Comparisons with test 9 3. Troubleshooting Practice: Automating Tasks [R7 S12] 18 Conditional Statements 10 Flow Control: case 11 iv Chapter 15 Chapter 17 MANAGING 1 MOUNTING FILESYSTEMS & MANAGING REMOVABLE MEDIA 1 Downloading withEVALUATION FTP 2 Filesystems COPY Concept Review 2 FTP 3 Mounting Filesystems 3 lftp 5 NFS 4 Command LineUnauthorized Internet – Non-interactive 6 SMB 5 Command Line Internet – Interactive 8 Filesystem Table (/etc/fstab) 6 Managing Software Dependencies 9 AutoFS 7 Using the Yum command 11 Removable Media 8 Using Yum history 14 Lab Tasks 9 YUM package groups 17 1. Accessing NFS Shares 10 Configuring Yum 18 2. On-demand filesystem mounting with AutoFS 12 yumdownloader 20 Popular Yum Repositories 21 Chapter 18 Using the Zypper command Reproduction 22 PRINTING 1 Zypper Services and Catalogs 24 Legacy Print Systems 2 The dselect & APT Frontends to dpkg 26 Common UNIX Printing System 3 Aptitude 27 Defining a Printer 4 Configuring APT 28 Standard Print Commands 6 Lab Tasks 30 Format Conversion Utilities 8 1. Command Line File Transfers 31 enscript and mpage 9 2. Using Yum [R7] 35 Lab Tasks 11 3. Using Zypper [S12] 42 1. Printing 12 4. Managing Yum Repositories [R7] or47 2. Configuring Print Queues 16 5. Managing Zypper Repositories [S12] 50 6. Using APT [U1604] 53DistributionAppendix A 7. Adding an APT repository [U1604] 55 THE 1 The X Window System 2 Chapter 16 X Modularity 3 THE SECURE SHELL (SSH) 1 X.Org Drivers 4 Secure Shell 2 Configuring X Manually 5 OpenSSH Client & Server Configuration 3 Automatic X Configuration 7 Accessing Remote Shells 4 Xorg and Fonts 8 Transferring Files 5 Installing FontsProhibited for Modern Applications 10 Alternative sftp Clients 6 Installing Fonts for Legacy Applications 12 SSH Key Management 8 The X11 Protocol and Display Names 13 ssh-agent 9 Display Managers and Graphical Login 14 Lab Tasks 10 Starting X Apps Automatically 16 1. Introduction to ssh and scp 11 X Access Control 18 2. SSH Key-based User Authentication 13 Remote X Access (historical/insecure) 20 3. Using ssh-agent 15 Remote X Access (modern/secure) 22 XDMCP 24 Remote Graphical Access With VNC and RDP 26 v Specialized X Servers 27 Lab Tasks 28 1. Remote X with XDMCPEVALUATION29 COPY 2. Configure X Security 36 3. Configure a VNC Server [R7] 42 4. Configure a VNCUnauthorized Server [S12] 47 5. Configure a VNC Server [U1604] 52 6. Launching X Apps Automatically 54 7. Secure X 62

Appendix B EMACS 1 Emacs 2 The Emacs Interface 3 Basic Emacs Reproduction 4 More Emacs Commands 6 Lab Tasks 8 1. Text Editing with Emacs 9

or Distribution

Prohibited

vi Typographic ConventionsEVALUATION COPY The fonts, layout, and typographic conventions of this book have been carefully chosen to increase readability. Please take a moment to familiarize yourselfUnauthorized with them. A Warning and Solution

A common problem with computer training and reference materials is the confusion of the numbers "zero" and "one" with the letters "oh" and 0The number OThe letter "ell". To avoid this confusion, this book uses a fixed-width font that makes "zero". "oh". each letter and number distinct. Typefaces Used and Their Meanings Reproduction The following typeface conventions have been followed in this book: fixed-width normal ⇒ Used to denote file names and directories. For example, the /etc/passwd file or /etc/sysconfig/directory. Also used for computer text, particularily command line output. 1The number lThe letter "one". "ell". fixed-width italic ⇒ Indicates that a substitution is required. For example, the string stationX is commonly used to indicate that the student is expected to replace X with his or her own station number,or such as station3. Distribution fixed-width bold ⇒ Used to set apart commands. For example, the sed command. Also used to indicate input a user might type on the command line. For example, ssh -X station3. fixed-width bold italic ⇒ Used when a substitution is required within a command or user input. For example, ssh -X stationX. fixed-width underlined ⇒ Used to denote URLs. For example, Prohibited http://www.gurulabs.com/. variable-width bold ⇒ Used within labs to indicate a required student action that is not typed on the command line.

Occasional variations from these conventions occur to increase clarity. This is most apparent in the labs where bold text is only used to indicate commands the student must enter or actions the student must perform.

vii Typographic ConventionsEVALUATION COPY Terms and Definitions Line Wrapping

The following format is used to introduce and define a series of terms: Occasionally content that should be on a single line, such as command Unauthorized line input or URLs, must be broken across multiple lines in order to fit deprecate ⇒ To indicate that something is considered obsolete, with on the page. When this is the case, a special symbol is used to indicate the intent of future removal. to the reader what has happened. When copying the content, the line frob ⇒ To manipulate or adjust, typically for fun, as opposed to tweak. breaks should not be included. For example, the following hypothetical grok ⇒ To understand. Connotes intimate and exhaustive knowledge. PAM configuration should only take two actual lines: hork ⇒ To break, generally beyond hope of repair. hosed ⇒ A metaphor referring to a Cray that crashed after the password required /lib/security/pam_cracklib.so retry=3a disconnection of coolant hoses. Upon correction, users were assured type= minlen=12 dcredit=2 ucredit=2 lcredit=0 ocredit=2 the system was rehosed. password required /lib/security/pam_unix.so use_authtok mung (or munge) ⇒ Mash Until No Good:Reproduction to modify a file, often Representing File Edits irreversibly. troll ⇒ To bait, or provoke, an argument, often targeted towards the File edits are represented using a consistent layout similar to the unified newbie. Also used to refer to a person that regularly trolls. diff format. When a line should be added, it is shown in bold with a twiddle ⇒ To make small, often aimless, changes. Similar to frob. plus sign to the left. When a line should be deleted, it is shown struck out with a minus sign to the left. When a line should be modified, it When discussing a command, this same format is also used to show and is shown twice. The old version of the line is shown struck out with a describe a list of common or important command options. For example, minus sign to the left. The new version of the line is shown below the the following ssh options: or old version, bold and with a plus sign to the left. Unmodified lines are often included to provide context for the edit. For example, the following -X ⇒ Enables X11 forwarding. In older versions of OpenSSH that do describes modification of an existing line and addition of a new line to not include -Y, this enables trusted X11 forwarding. In newer versions Distribution the OpenSSH server configuration file: of OpenSSH, this enables a more secure, limited type of forwarding. -Y ⇒ Enables trusted X11 forwarding. Although less secure, trusted File: /etc/ssh/sshd_config forwarding may be required for compatibility with certain programs. #LoginGraceTime 2m Representing Keyboard Keystrokes - #PermitRootLogin yes + PermitRootLogin no When it is necessary to press a series of keys, the series of keystrokes + AllowUsers sjansenProhibited will be represented without a space between each key. For example, the #StrictModes yes following means to press the "j" key three times: jjj Note that the standard file edit representation may not be used when it When it is necessary to press keys at the same time, the combination will is important that the edit be performed using a specific editor or method. be represented with a plus between each key. For example, the following In these rare cases, the editor specific actions will be given instead. means to press the "ctrl," "alt," and "backspace" keys at the same time: Ó¿Ô¿×. Uppercase letters are treated the same: Ò¿A

viii Lab ConventionsEVALUATION COPY Lab Task Headers Variable Data Substitutions

Every lab task begins with three standard informational headers: In some lab tasks, students are required to replace portions of commands "Objectives," "Requirements,"Unauthorized and "Relevance". Some tasks also include a with variable data. Variable substitution are represented using italic fonts. "Notices" section. Each section has a distinct purpose. For example, X and Y.

Objectives ⇒ An outline of what will be accomplished in the lab task. Substitutions are used most often in lab tasks requiring more than one Requirements ⇒ A list of requirements for the task. For example, computer. For example, if a student on station4 were working with a whether it must be performed in the graphical environment, or student on station2, the lab task would refer to stationX and stationY whether multiple computers are needed for the lab task. Relevance ⇒ A brief example of how concepts presented in the lab stationX$ ssh root@stationY task might be applied in the real world. and each would be responsible for interpreting the X and Y as 4 and 2. Notices ⇒ Special information or warningsReproductionneeded to successfully complete the lab task. For example, unusual prerequisites or common station4$ ssh root@station2 sources of difficulty.

Command Prompts Truncated Command Examples

Though different shells, and distributions, have different prompt Command output is occasionally omitted or truncated in examples. There characters, examples will use a $ prompt for commands to be run as are two type of omissions: complete or partial. a normal user (like guru or visitor), and commands with a # prompt should be run as the root user. For example: or Sometimes the existence of a command’s output, and not its content, is all that matters. Other times, a command’s output is too variable to $ whoami Distributionreliably represent. In both cases, when a command should produce guru output, but an example of that output is not provided, the following $ su - format is used: Password: password # whoami $ cat /etc/passwd root . . . output omitted . . . Occasionally the prompt will contain additional information. For example, In general, at least a partial output example is included after commands. when portions of a lab task should be performed on two different stations When exampleProhibited output has been trimmed to include only certain lines, (always of the same distribution), the prompt will be expanded to: the following format is used: stationX$ whoami $ cat /etc/passwd guru root:x:0:0:root:/root:/bin/bash stationX$ ssh root@stationY . . . snip . . . root@stationY’s password: password clints:x:500:500:Clint Savage:/home/clints:/bin/zsh stationY# whoami . . . snip . . . root

ix Lab ConventionsEVALUATION COPY Distribution Specific Information Action Lists

This courseware is designed to support multiple Linux distributions. Some lab steps consist of a list of conceptually related actions. A When there are differencesUnauthorized between supported distributions, each description of each action and its effect is shown to the right or under version is labeled with the appropriate base strings: the action. Alternating actions are shaded to aid readability. For example, the following action list describes one possible way to launch and use R ⇒ (RHEL) xkill to kill a graphical application: S ⇒ SUSE Linux Enterprise Server (SLES) U ⇒ Ubuntu Ô¿Å Open the "Run Application" dialog. The specific supported version is appended to the base distribution xkillÕ Launch xkill. The cursor should change, strings, so for Red Hat Enterprise Linux versionReproduction 6 the complete string usually to a skull and crossbones. is: R6. Click on a window of the application to kill. Indicate which process to kill by clicking on Certain lab tasks are designed to be completed on only a sub-set of it. All of the application’s windows should the supported Linux distributions. If the distribution you are using is not disappear. shown in the list of supported distributions for the lab task, then you should skip that task. Callouts Certain lab steps are only to be performed on a sub-set of the supported Linux distributions. In this case, the step will start with a standardized Occasionally lab steps will feature a shaded line that extends to a note string that indicates which distributions the step should be performed on.or in the right margin. This note, referred to as a "callout," is used to provide When completing lab tasks, skip any steps that do not list your chosen additional commentary. This commentary is never necessary to complete distribution. For example: Distributionthe lab succesfully and could in theory be ignored. However, callouts do provide valuable information such as insight into why a particular 1) [R4] This step should only be performed on RHEL4. command or option is being used, the meaning of less obvious command Because of a bug in RHEL4's Japanese fonts... output, and tips or tricks such as alternate ways of accomplishing the task at hand. Sometimes commands or command output is distribution specific. In [S10] $ sux - On SLES10, the sux command these cases, the matching distribution string will be shown to the left of Password: password copies the MIT-MAGIC-COOKIE-1 the command or output. For example: # xclock Prohibited so that graphical applications can be run after switching $ grep -i linux /etc/*-release | cut -d: -f2 to another user account. The [R6] Red Hat Enterprise Linux Server release 6.0 (Santiago) SLES10 su command did not [S11] SUSE Linux Enterprise Server 11 (i586) do this.

x Content EVALUATION COPY Unix and its Design Principles ...... 2 FSF and GNU ...... 4 GPL – GeneralUnauthorized Public License ...... 5 The Linux Kernel ...... 6 Linux Kernel and Versioning ...... 7 Components of a Distribution ...... 9 Slackware ...... 10 SUSE Linux Products ...... 11 Debian ...... 12 Ubuntu ...... 13 Red Hat Linux Products ...... 14 Oracle Linux ...... Reproduction ...... 16 Chapter

or Distribution1 WHAT IS LINUX?

Prohibited Unix and its Design Principles

EVALUATIONInherits features fromCOPY Multics such as the hierarchical filesystem Everything is a file Small single-purpose programs Unauthorized Ability to pipe small programs together to accomplish more complex tasks The kernel makes minimum policy decisions, leaving things up to easily modifiable userland programs All configuration data stored as text, (e.g. ASCII, UTF-8)

Unix Origins Reproduction another, as yet unknown, program. Don't output with extraneous information. Avoid stringently columnar or binary The original batch processing systems of the 1950s were limited to input formats. Don't insist on interactive input. processing only one job at a time. Batch processing systems were 3. Design and build software, even operating systems, to be tried replaced with time sharing systems, such as the Compatible Time early, ideally within weeks. Don't hesitate to throw away the Sharing System. In 1964, AT&T began discussions with MIT and GE to clumsy parts and rebuild them. create a second generation time sharing system, Multics. Work 4. Use tools in preference to unskilled help to lighten a started at BTL in 1965. Over the next four years, cutting-edge programming task, even if you have to detour to build the tools research was done by the academics at MIT, and the computer and expect to throw some of them out after you've finished scientists at GE and AT&T, changing the mind set of how computersor using them. should operate, such as the view that computing should be an interactive and multi-user experience. Distribution(From M.D. McIlroy, E.N.Pinson, and B.A. Tague, Unix Time-Sharing System Forward, The Bell System Technical Journal, July -Aug. 1978 AT&T pulled out of the Multics project in 1969. The Multics project vol 57, number 6 part 2, pg. 1902.) had been ambitious, and each party had differing visions that were hard to reconcile. Bell Labs researcher Ken Thompson started Small programs and pipes are flexible, and build simple, fast solutions working on an alternative to Multics, later nick named Unics by Brian to otherwise complex tasks. Kernighan, to distinguish it from the complexity of Multics. It was originally written in machine language for the DEC PDP-7 and 9, but Plain text config data facilitates remote administration. The ANSI text ran primarily on the PDP-11 through Edition 7. originally used is limitedProhibited by the 127 characters available on US keyboards. UTF-8 (Unicode), the 9 character set developed by Unix Design Principles Thompson, is now used by many Unix systems, offering an international character set while remaining backwards compatible to The researchers, led by Doug McIlroy, developed a set of principles ANSI text. The file command (covered later) will report most text to guide their work. Among these principles were: files as ASCII text, as it is rare to see characters used outside Latin-1 1. Make each program do one thing well. To do a new job, build (extended ASCII), though not as rare as it used to be. afresh rather than complicate old programs by adding new features. 2. Expect the output of every program to become the input to 1-2 The Unix family Growth of Unix In February 1973, theEVALUATION third edition of Unix was released. The preface As the DEC seriesCOPY systems gave way to Sun workstations, mail order of the UNIX PROGRAMMER'S MANUAL claimed an increase from 10 computer kits, and the PC era of home computers, it was realized by installations to 16, but what was more important was reflected in this Thompson, Pike, and others that a redesign was needed to take statement under "Writing a program": "The three principal languages advantage of these new, cheaper technologies. Plan 9 succeeded in Unix are assemblyUnauthorized language (see as(1) ), FORTRAN (see fc(1)), Unix as a from scratch rewrite, incorporating a distributed filesystem and C (see cc(1)). . ." The new C language was a modification of and applications, and rethinking computing in terms of multiple Thompson's B interpreter, adding types, and a compiler. C's simplicity systems, not single time-sharing systems communicating with each led to the fourth edition Unix being rewritten in C, and to its dominant other. Though Plan 9 brings along many tools from later editions of use in the Unix family of operating systems. Unix (especially 8-10), it is a new system. Plan 9 is an open-source carrying the Unix philosophy to its pinacle. Starting with the sixth edition of Unix, AT&T licensed the source code at low cost; however, Bell Labs kept the UNIX name trademarked, Plan 9's most significant influence on Linux was UTF-8. Though Linux and closely held. After AT&T sold UNIX to , the UNIX trademark was intended as a free System V replacement, it has become a was sold to the Open Group, and the sourceReproduction code licensed to the bridge system, incorporating ideas from Unix and Plan 9, and Santa Cruz Operation. Each licensee had to come up with their own interoperating with other systems, such as . name, (hence groups that used names like USENIX). Though UNIX is a trademark, in common usage the capitalization "Unix" is used. See the preface to A Quarter Century of UNIX (Peter H. Salus – ISBN-13: 9780201547771) and http://www.opengroup.org/tm-guidelines.htm. There are two main branches in the Unix family tree, the System V branch and the BSD branch. The System V branch was maintainedor by AT&T and the BSD branch by the University of California at Berkeley, and enhancement of the research system. There was lots of Distribution cross-pollination of features between the two branches, especially in later editions of research Unix. System V Release 4 is essentially a merger of these two branches. Today, the BSD branch continues in several open-source projects, but System V exists primarily in commercial off-shoots, such as . Several clones are available including Minix and Linux. See http://levenez.com/unix/ for a graphical chart of Unix and its derivatives. Prohibited

1-3 FSF and GNU

EVALUATIONRichard Stallman –COPY founder of GNU and the FSF 1983 – GNU (GNU's not Unix) • goal: create the free GNU Operating System Unauthorized • first programs: emacs and gcc 1985 – Foundation • nonprofit organization for promotion of free software • manages the GNU project By 1991 the GNU system was almost complete • only crucial component missing was a kernel

FSF and GNU Reproduction The GNU project was announced in September 1983 by with the goal of creating a free software operating system: GNU. In addition to defining the guiding philosophy for the GNU project, Richard Stallman contributed code, and is the principal author of several important software components such as GCC (the GNU Compiler Collection), GDB (the GNU Symbolic Debugger), and the popular GNU Emacs text editor. Stallman graduated from Harvard with a degree in Physics. For or several years, he worked in the Artificial Intelligence lab at MIT, Distribution resigning to work on GNU. He has been granted honorary PhDs from several universities, and won numerous prestigious awards for his continuing efforts to advance the ideals of free software as advocated by the FSF. The GNU project started work on the Alix kernel in 1990. The kernel is now called the Hurd, and runs on top of GNU Mach, a Mach 4 micro-kernel. Although a micro-kernel architecture is theoretically a Prohibited superior kernel design, in practice the Mach design has proven cumbersome. The Debian project provides the official release of GNU/Hurd.

1-4 GPL – General Public License

EVALUATIONGuarantees thatCOPY free software remains free (as in freedom) All software under the GPL makes source available to the end user Changes to a GPL licensed software package must also be licensed Unauthorized under the GPL Source code from GPL licensed software can be incorporated into other GPL licensed software Other Licenses: • http://www.gnu.org/licenses/license-list.html • http://www.opensource.org/licenses/index.html In 1992, released 0.12 of the Linux kernel under the GPL.

Free Software Reproduction In the Linux community you will often hear the term "free software." To help guarantee that all software remains free, with the first GNU What is meant by this term? What follows is an excerpt from the release of Emacs, Stallman wrote a copyright license so that GNU GNU website: http://www.gnu.org/philosophy/free-sw.html. "'Free software cannot be hidden in proprietary, "non-free" code. He called software' is a matter of liberty, not price. To understand the concept, this copyleft. See you should think of 'free speech', not 'free beer'." http://www.gnu.org/licenses/licenses.html#WhatIsCopyleft 'Free software' refers to the users' freedom to run, copy, distribute, "Copyleft is a general method for making a program free software study, change and improve the software. More precisely, it refers and requiring all modified and extended versions of the program to four kinds of freedom, for the users of the software: or to be free software as well...To copyleft a program, we first state Distributionthat it is copyrighted; then we add distribution terms, which are a The freedom to run the program, for any purpose (freedom 0). legal instrument that gives everyone the rights to use, modify, and The freedom to study how the program works, and adapt it to your redistribute the program's code or any program derived from it but needs (freedom 1). Access to the source code is a precondition only if the distribution terms are unchanged. Thus, the code and for this. the freedoms become legally inseparable. developers use copyright to take away the users' freedom; we The freedom to redistribute copies so you can help your neighbor use copyright to guarantee their freedom. That's why we reverse (freedom 2). the name, changingProhibited 'copyright' into 'copyleft'." The freedom to improve the program, and release your Licenses improvements to the public, so that the whole community benefits. (freedom 3). Access to the source code is a precondition While the GPL license is arguably the most important of the free for this. software licenses, many other licenses exist. A program is free software if users have all of these freedoms. Thus, you should be free to redistribute copies, either with or without modifications, either gratis, or charging a fee for distribution to anyone, anywhere.

1-5 The Linux Kernel EVALUATIONLinus Torvalds – FinnishCOPY college student • wanted to replace Minix, a UNIX-like feature-limited teaching OS The Linux kernel Unauthorized • fresh re-implementation of the UNIX APIs • under the GPL license The Linux kernel together with GNU and other programs forms a complete free operating system

The Linux Kernel Reproduction PS. Yes - it's free of any minix code, and it has a multi-threaded fs. It is NOT portable (uses 386 task switching Linus Torvalds made the now famous first post about Linux in the etc.), and it probably never will support anything other comp.os.minix newsgroup in August of 1991. It is reproduced here: than AT-harddisks, as that's all I have :-(. From: [email protected] (Linus Benedict Torvalds) Newsgroups: comp.os.minix Subject: What would you like to see most in minix? Summary: small poll for my new operating system Message-ID: <[email protected]> or Date: 25 Aug. 91 20:57:08 GMT Organization: University of Helsinki Distribution Hello everybody out there using minix - I'm doing a (free) operating system (just a hobby, won't be big and professional like gnu) for 386(486) AT clones. This has been brewing since april, and is starting to get ready. I'd like any feedback on things people like/dislike in minix, as my OS resembles it somewhat (same physical layout of the file-system (due to practical reasons) among Prohibited other things). I've currently ported bash(1.08) and gcc(1.40), and things seem to work. This implies that I'll get something practical within a few months, and I'd like to know what features most people would want. Any suggestions are welcome, but I won't promise I'll implement them :-) Linus ([email protected])

1-6 Linux Kernel and Versioning EVALUATION1994 – Linux kernelCOPY 1.0 released 1996 – Linux kernel 2.0 released, based on 1.3 development branch 2003 – Linux kernel 2.6 released, based on 2.5 development branch Unauthorized 2004 – Linux kernel 2.6.8 released, based on Linus' post 2.6.7 development branch 2004 – Linux kernel 2.6.8.1 released to fix a NFS code problem 2005 – Linux kernel 2.6.11.1 released making stability patches to the mainline release kernel official 2006 – Linux kernel 2.6.16 was released, becoming the first of several longterm release kernels 2011 – 3.0 kernel released (after 2.6.39), patched as 3.0.1 2015 – 4.0 kernel released (after 3.19)

Linux Kernel Versioning Reproduction Originally, Linux kernels with an even minor number (e.g. 1.2.x, 2.0.x, 2.2.x, 2.4.x) were considered stable production kernels. Only bug The Linux kernel is maintained by a large group of developers headed fixes and isolated features, such as new drivers, were added to the by Linus Torvalds. Linus acts as a "benevolent dictator" and has final stable kernel tree, indicated by a third number, the patch level. Linux say over what changes are introduced into the official kernel. Linus is kernels with an odd minor number (e.g. 1.1.x, 2.1.x, 2.3.x) were sponsored by the , a merger of the development kernels, not to be used on production systems. Development Labs (OSDL) and the . See http://www.linux-foundation.org/en/FAQ. The odd-numbered development kernel was where new features were introduced. When all the slated features were added, then the The Linux kernel version is designated by a major number, a minoror development kernel went into a feature freeze where only bug fixes release number, and optionally a patch level. Linux distributors may were allowed. After the development kernels became stable, the add an additional component, the EXTRAVERSION. For example, an Distributionversion number was bumped so that the minor number was even. If errata kernel might be 3.13.0-42. the number or importance of features was large enough, the major number was incremented. In 2004, Linus Torvalds decided that it was not necessary to create a 2.7 development branch, as the overall structure and key components of the 2.6 kernel were sufficient for future development. Instead, further development kernels would be built within the 2.6 tree. Stable kernels then usedProhibited a fourth version number. The first such release was 2.6.8.1. Kernels with such a fourth digit were stable patch versions. Newly incremented third digit versions were made to signify the completion of sets of new and revised features. See the Documentation/HOWTO file in the kernel source documentation for current information.

1-7 Kernels now have long term service releases. The first such release depending on the willingness of individuals to keep supporting a was 2.6.16, released 20 March 2006, and last patched 21 July 2008 release. The mainline kernel is the current release kernel, and the with release 2.6.16.62. EvenEVALUATION though a kernel is declared end-of-life (it kernel in development COPY for the next release, e.g. 3.13-rc7. See will not receive further updates), kernels are considered stable for 6 https://www.kernel.org/category/releases.html for current months from release. Other longterm supported kernels include 3.10. information. Longterm kernel supportUnauthorized is usually about two years, plus another 2

Reproduction

or Distribution

Prohibited

1-8 Components of a Distribution EVALUATIONTypical Linux distributionsCOPY provide • collection of applications along with the Linux kernel • installation program Unauthorized • documentation • support • some are very specialized (e.g. Linux Router Project) • POSIX and Single Unix Specification compliance Most Linux distributions provide the same basic software: • GNU software GNU Coding Standards • BSD and Linux utilities • X.Org, GNOME, KDE, and other GUI components

Linux Distributions Reproduction realize that, in spite of their brand differences, all main-stream Linux distributions are compatible with each other at the API and binary Most Linux companies producing distributions have teams of levels, because they all consist of the same core software: GNU and developers working full time to produce free software. The BSD libraries and utilities, the X Window System as implemented by companies earn money from services related to their distribution the X.Org Project, the GNOME and KDE desktops, etc. including support, consulting, and selling boxed copies. In spite of this basic compatibility, distributions are still Most distributions are available for download off of the Internet. distinguishable because their developers tailor them for various Since 1999, most distributions have also made ISO CD-ROM images markets. For example, some will include advanced software available for download. If you have a fast Internet connection andor a packaging functions, or commercial support, or automatic updating CD/DVD writer, you can download an ISO image and create your own capabilities, while others may include features like commercial installation media. Also, the use of bootable USB is typically offered,Distributionword-processing software, or additional free software targeted for and is beginning to replace optical media. more specialized audiences. Linux Standards Locating Linux Software There are hundreds of different Linux distributions. At the API/ABI Software for Linux is available for download all over the Internet. level, all Linux distributions share a common kernel, which conforms Most software projects have their own sites. In addition, there are to the POSIX/IEEE interface specifications and the Single Unix several sites that maintain listings of many programs with links for Specification. The GNU Project follows the design standards of the downloading and more information. GNU Operating System, which influence the userland, and other Prohibited tools, provided by the GNU Project. This is documented in the Starting places when looking for Linux software include: standards info manual, found at http://kernel.org/pub/linux http://www.gnu.org/prep/standards/ http://www.rpmfind.net http://directory.fsf.org Components of Distributions With the plethora of Linux distributions on the market, it might at first seem that Linux is repeating the same Balkanization that has hampered the Unix world for the past two decades. It's important to

1-9 Slackware EVALUATIONOldest active distribution COPY Fork of Softlanding Linux System (SLS) Added simple package management Unauthorized • Uses compressed tarballs Added an automated installer Became extremely popular and continues to have a wide following

SLS Reproduction The SLS distribution was an early distribution, making it possible for non-überhackers to install a Linux system on their computer. Before Linux distributions, if you wanted to install Linux, you would first download and install Minix, , SysV, or a 386BSD derivative, then after building the GNU toolkit (binutils, glibc, and perhaps gcc), you could begin the process of downloading, configuring, and compiling the Linux kernel, and a boot loader (e.g. LILO). This gave you a kernel, but no commands. Now you could begin downloadingor the GNU userland, and other source code. Distribution Slackware First released in April 1993, and a derivative of SLS, Slackware has long sought to be the most Unix-like of all the Linux distributions. In addition, Slackware primarily targets -compatible architectures; few ports to other architectures have been completed and released. Slackware tends to be popular among those who prefer a minimalistic approach to Linux installation and configuration. Prohibited The first commercial Linux was S.u.S.E., which originally distributed Slackware. Pat Volkerding assisted in the development of the early S.u.S.E. releases, until it switched to RPM and forked as its own distribution. SUSE still has many underlying similarities to Slackware. Additional information about how to Get Slack can be found at http://slackware.com. The name Slackware is derived from the teachings of the Church of the SubGenius, http://subgenius.com.

1-10 SUSE Linux Products

EVALUATIONSUSE Linux EnterpriseCOPY Family • Server and Desktop releases • 10-13 year maintenance life cycle Unauthorized • Highly scalable, mature technology • Three platforms: AMD64/Intel64, ppc64le (Power 8), IBM s/390x (z196 and z114) • ISV certifications The openSUSE Project • Tumbleweed: cutting edge • Future stable releases are based on SLE

SUSE Linux Enterprise Family Reproduction See https://www.suse.com/lifecycle/ for details. There are two SUSE Linux Enterprise products available from SUSE: Some of the features included in SUSE Linux Enterprise Server are as SUSE Linux Enterprise Server (SLES) and SUSE Linux Enterprise follows. (For a full list of features, see http://www.suse.com/). Desktop (SLED). SUSE Linux Enterprise has a 10 year life cycle. Customers can deploy SLES and SLED and have security and bug y Scalability fixes available for the entire duration. The extended 18-24 month y Scales up to 8192 CPUs release cycle coupled with the 10 year life cycle allows ISVs time to y Certified to at least 64 TiB of RAM (1-4 TiB theoretically, certify their products on a stable Linux platform. depending on architecture) or y Clustering and High Availability (HA) Life Cycle Considerations y Support for load balance clustering and HA configurations y Platform Availability The SUSE Linux Enterprise family has three stages of support: Distribution y AMD64/Intel64, ppc64le (POWER8 only), IBM zSeries s/390x general support, extended support, and self-support. The general (z196 and z114) support period is for the first 10 years of life, and is supported within periodic service pack releases. Each service pack has the option for The openSUSE Project long term service pack support after a 6 month grace period in between service pack releases, and often will have extended support. The openSUSE project was founded by Novell as the community Feature additions are only within the first 5 years of the general supported successor to SUSE Linux Professional. Focused on the support life cycle. The extended support period provides 3 years of most current andProhibited cutting edge open-source technologies, openSUSE's extended (long term service pack support) for server editions, and Tumbleweed provides builds of the newest open-source packages for with SLED11 for desktop editions, with critical bug maintenance openSUSE. openSUSE 13.1 is currently maintained by Project (such as security patches) for a subset of packages. Self-support is Evergreen until November 2016. openSUSE 13.2 is the currently available throughout the 13 year life cycle. End-of-life, the end of the supported release. Releases beyond 13.2 are planned to based on extended support cycle, is as follows: SLE, currently called Leap, with its first release in November 2015. y SLES10: 31 July 2016. (Extended and self support only.) y SLES11: 31 March 2019/2022. y SLES12: 31 October 2024/2027.

1-11 Debian EVALUATIONSecond oldest activeCOPY distribution Initially sponsored by the FSF Authored and Controlled by the Debian community Unauthorized Very committed to free software Uses own package management, dpkg Innovated with in-place, no reboot upgradability Easy to keep your system current • apt-get update • apt-get upgrade

Debian Reproduction Begun the same year, shortly before Red Hat Linux, the non-commercial Debian project sought to develop a package-based approach to GNU/Linux installation. Since that time, Debian has become popular for its dedication to free software principles and for its huge variety of packaged software. It is also the most widely ported GNU/, with ports to over a dozen architectures, completed or in progress. It has even begun to support non-Linux kernels, including the Hurd and various BSD project or kernels. Distribution Much like Linux itself, Debian is developed and maintained by a cadre of thousands of volunteers from all over the world, working together over the Internet. Additional information about Debian can be found at http://www.debian.org/. Prohibited

1-12 Ubuntu EVALUATIONFounded by MarkCOPY Shuttleworth Licensed by Canonical Based closely on Debian Unauthorized Uses Debian's package management, dpkg Easy to keep your system current • aptitude update • aptitude upgrade Package Update Availability • Nine months • LTS: Five years

Ubuntu Reproduction Ubuntu was first released in October 2004 with the 4.10 release. Since that time Ubuntu has stuck to a strict six-month release cycle using a "Year.Month" versioning scheme. Ubuntu supports each six month released version with security and errata updates for 9 months. Beginning with 6.06, Ubuntu marked releases as LTS every two years, which were given additional preparation and support. LTS releases are currently supported for five years. Ubuntu also promises that they will never have an "Enterprise"or release, meaning that the entire community—business or Distribution personal—will benefit from the same product. A few of the key things that separate Ubuntu from other distributions are: y Community first y Ubuntu Code of Conduct y No "Enterprise" release y Ubuntu will always be free of charge Prohibited

1-13 Red Hat Linux Products EVALUATIONInvented the RPM COPY Easy-to-use installer integrates partitioning and leverages RPM Loyal to free software ideals: only ships open-source software with Unauthorized few exceptions that restrict modification and redistribution. Fedora • Cutting edge, community oriented project • Provides new technology for future RHEL releases Red Hat Enterprise Linux (RHEL) • Enterprise targeted distribution with commercial support CentOS • Community edition of Red Hat Enterprise Linux

Red Hat Enterprise Linux Reproduction Red Hat Enterprise Linux for SAP Business Applications ⇒ Ships with the Server component, plus SAP Business Applications First released in 1994, Red Hat Linux (RHL) quickly became the most Red Hat Enterprise Linux for SAP HANA ⇒ Provides in-memory popular Linux distribution in the United States. Red Hat introduced a database management with SAP HANA. variety of tools which simplify system management, such as RPM Red Hat Enterprise Linux Client ⇒ Desktop oriented, with more and Kickstart, and has been ported to several architectures. The fast add-ons, but less server, software. pace of RHL releases lead ISVs to ask Red Hat for a long-term option Red Hat Enterprise Linux Workstation ⇒ The same as Client, but to allow product certification on a stable platform. The result was the with development add-ons. introduction of what became Red Hat Enterprise Linux (RHEL), a Red Hat Cloud Infrastructure ⇒ Includes Red Hat Enterprise Linux stability branch of RHL/Fedora. See http://www.redhat.com/. or OpenStack Platform, Red Hat Enterprise , and Red y RPMs bundled with purchased support contract DistributionHat CloudForms. y Source RPMs freely available and accessible For a complete breakdown of the differences between RHEL variants, y Ten year life cycle for feature additions and bug/security fixes and other options, such as support for IBM System Z and POWER y Per-year extensions after end-of-life (existing clients) systems, see http://www.redhat.com/rhel/compare/. Red Hat Enterprise Linux comes in several variants, including: Fedora Red Hat Enterprise Linux for Server ⇒ The primary Enterprise Linux With the release of RHEL3, Red Hat decided to rename RHL to release, but requires a key to unlock add-on software (at install), eliminate confusionProhibited with RHEL. What would have been called Red and in some cases extra media. Not all packages built from Hat Linux 10 became Fedora Core 1. The name change to Fedora source RPMs are included on the installation media, but instead Core wasn't only about the name. Fedora is a community project, are only available from RHN. These packages are labeled optional, open to the public. The Fedora Core and Fedora Extras repositories and are not covered by the ABI compatibility guarantees, or errata were merged for the release of Fedora 7. The word "Core" has, support (though errata may extend from related updates), similar therefore, been dropped. to supplementary packages Red Hat Enterprise Linux for High-Performance Computing ⇒ Increased y Release cycle of 6 months RHEL Server support options (e.g. more CPUs, SAN) intended for y 13 month life cycle for bug/security fixes High Performance Computing y Commercial support is not available from Red Hat

1-14 CentOS CentOS is a Red HatEVALUATION sponsored community release of Red Hat COPY Enterprise Linux. It removes trademarked components to allow legal redistribution of Red Hat Enterprise Linux, and to provide access to RHEL for testing and development without a Red Hat Network subscription. See http://centos.orgUnauthorized.

Reproduction

or Distribution

Prohibited

1-15 Oracle Linux EVALUATIONOracle Linux COPY • Matched release cycles with RHEL • Binary and Source compatible with RHEL Unauthorized • Highly scalable, mature technology • AMD64/Intel64 • ISV certifications

Oracle Linux Reproduction Oracle Linux is an Oracle provided Linux distribution that is source and binary compatible to Red Hat Enterprise Linux. Oracle uses the publicly available source code from Red Hat Enterprise Linux for the core of its distribution. While Oracle does incorporate additional patches and updates, they maintain compatibility with both Red Hat Enterprise Linux, and the certified ISV products which run on it. Patches and modifications to Oracle Linux are released to the Linux community under the GPL license and are available for anyone, or including Red Hat, to use and incorporate into their products. Distribution Oracle Linux (7.0) features include: CPU ⇒ up to 240 cores Physical memory ⇒ up to 3TB ext4 ⇒ up to 16TB filesystems XFS ⇒ up to 500TB filesystems ⇒ up to 16EB filesystems ocfs2 ⇒ up to 16TB filesystems Prohibited Kernel base version ⇒ Compatible: 3.10 For a complete list of features refer to: http://www.oracle.com/linux/ Oracle Linux is available free of charge from http://linux.oracle.com.

1-16 Content EVALUATION COPY Logging In ...... 2 Running Programs ...... 3 Interacting withUnauthorized Command Line ...... 4 Desktop Environments ...... 6 GNOME ...... 7 Starting X ...... 9 Gathering Login Session Info ...... 11 Gathering System Info ...... 12 uptime & w ...... 14 got root? ...... 15 Switching User Contexts ...... 16 sudo ...... Reproduction 17 Chapter Help from Commands and Documentation ...... 19 whereis ...... 20 Getting Help Within the Graphical Desktop ...... 21 Getting Help with man & info ...... 22 Lab Tasks 24 1. Login and Discovery ...... 25 2. Help with Commands ...... 30 3. Switching Users With su ...... 34 or Distribution2 LOGIN AND EXPLORATION

Prohibited Logging In EVALUATIONSerial terminals —COPY Text mode login via serial port • mgetty+login — Handles modems • agetty+login — Handles VT100/VT220 dumb terminals Unauthorized Virtual terminals — Text mode login(s) on local console • agetty+login • mingetty+login Graphical — GUI login on local console • xdm, gdm, kdm, etc. • , , -terminal, konsole Network logins — Remote text mode login • in.telnetd+login, in.rlogind, sshd, etc.

Logging In Reproduction used on modern systems). In the case of modems, the process started is usually /sbin/mgetty. In the case of virtual On a multi-user operating system, user identification is essential. This terminals, where no serial port management code is needed, can be accomplished with hardware-based passkeys, biometrics (e.g. the light-weight /sbin/mingetty may be used instead, if fingerprints, voiceprints, retina scans), and other authentication available. tokens. The most common method is to prompt the user to enter a 5. The getty process is the second of the three programs (init, username and corresponding password. getty, and login) used by the system to allow users to log in. To provide authentication services and permit access to the system, mgetty, agetty, or mingetty is invoked by init to: Linux will run special processes that are designed to gather a user's y Open tty lines and set their modes. username and authentication token(s) (such as a password). To or y Print the login banner, usually the contents of the understand the processes involved, you must examine some basics Distribution/etc/issue file. of the boot process: y Spawn a login process for the user, usually /bin/login. 6. The login program is what actually prompts the user to input 1. When a Linux system boots, it must first locate and load the their password. login will then validate the user's credentials kernel. and start the shell defined in the user's corresponding 2. When the kernel finishes its loading process, it loads and /etc/passwd entry. passes control to some initial process, usually the program init. If configured, graphical logins are provided by one of the graphical 3. The init process goes through its initialization procedures, display managers,Prohibited commonly: xdm, gdm, or kdm. After logging in part of which is to enter the currently defined run-level. graphically, a terminal emulator can be run (such as the Run-levels (among other things) determine if the system will gnome-terminal command) to get a command shell, or from within display a text or graphical login prompt at the console. GNOME or KDE, the key combination Ô¿Å can be used. 4. For a text mode login, init spawns one or more getty Network login access is provided by daemons such as in.telnetd, processes and associates them with the appropriate terminals. in.rlogind, or sshd which are launched as stand alone services, or getty is the program responsible for configuring the terminal from a super-server such as xinetd. These programs take the place hardware settings. agetty is the typical package used for of mgetty, and in some cases login as well. For security reasons, providing getty (sometimes named agetty), and is especially SSH has replaced rlogin and telnet in most environments and suitable for directly attached serial terminals (though rarely provides both strong authentication and encryption. 2-2 Running Programs

EVALUATIONGraphical environment COPY (e.g. X+GNOME) Command line (e.g. Bash) Unauthorized

Running Programs Within the GUI Reproduction Running Programs From the Command Line (Text Interface) Linux includes a graphical server called X and several full-featured Linux includes special programs called shells that provide a command desktop environments such as GNOME and KDE. Most Linux line interface to the system. Modern shell programs such as Bash workstations boot automatically to a graphical login. Server systems (the default shell) are highly configurable and feature rich. When may have the graphical interface installed, but more commonly boot launched, shells present a text interface with a string called a prompt directly to a text login. being displayed. Typing the name of a program at this prompt and then pressing Õ will launch the program. Most graphical desktops provide an intuitive interface for launching programs such as a simple menu. If the name of the program is Advantages of the command line include: known, an alternative is to type that name from a terminal commandor prompt and press Õ. In the GNOME and KDE desktop, pressing Distributiony Most tasks can be accomplished more quickly verses the Ô¿Å opens a dialog where programs can be launched by typing the equivalent option performed within the GUI. command name. If running commands from a terminal emulator, y The ability to pass options and arguments to programs provides graphical programs may need to have the & character appended to finer grained control than most GUI interfaces. ensure the command does not tie up the terminal. Graphical y Lower overhead: most command line programs use less programs requiring administrative privileges typically should be run as memory and CPU than equivalent GUI programs. a regular user; the program will prompt for the root user's (or other y Ease of automation due to shell scripting features and administrative) password. non-captive program interfaces. Once packaged into a script, a sequence ofProhibited commands can be run on hundreds of systems Advantages of the GUI include: nearly as easily as a single system. y Easily accommodates remote access and interaction. Programs Aesthetically compelling and inviting to new users. y such as SSH can allow secure interaction with a command shell Ease of multitasking (click and drag to move and resize program y on a remote system, even over low bandwidth links. windows, click on a program to bring it to focus and interact y The shell provides powerful ways to connect programs together with it, etc.) to accomplish more complex tasks. Almost any command line Graphical display can convey, and allow interaction with, certain y program can be connected to any other, (although not all types of information very efficiently. combinations are useful or make sense). y Some advanced applications require the GUI (e.g. The Gimp)

2-3 Interacting with Command Line

EVALUATIONWhat happens whenCOPY I press Õ at the command prompt? • expansion, substitution, and splitting performed • redirection setup Unauthorized • execution Command options Command arguments Common errors Tips and Tricks

Processing of the Command Line Reproduction Command Options The shell command prompt provides an interactive text interface for Depending on how they are run, most commands can change their running programs. Under normal usage, you type the name of the behavior. These extra command features are accessed by passing the program you want to run and hit Õ. The shell executes the program corresponding "option" when running the program. To help the shell and it may return results which are printed to the same text window. and command recognize options, they are almost always preceded This process is then repeated as needed, (running commands and with either a single dash "-" or two dashes "--". analyzing the results). Letters that follow a single dash are called short options and will With a modern shell, several types of pre-processing are performed activate the corresponding feature of the program when it runs. on the command line before a program is run. For example, many or Generally, the order of options does not matter. For example, each of characters have special meaning to the shell and cause it to perform Distributionthe following would be operationally identical (causing the command expansion or substitution, replacing these special characters with to run with the a, b, and c options selected: other values. The shell must also break the input into logical pieces, $ command -abc an operation called word splitting, with whitespace acting as the $ command -cba primary delimiter between words. $ command -a -b -c By default, commands run from the shell can continue to accept $ command -c -b -a input typed into the same terminal while they execute. Output or Short options are quick to type and generally have some mnemonic errors generated by the program will be displayed on the same significance. SomeProhibited commands support long options as a more terminal. Alternatively, you can tell the shell to redirect input and descriptive alternative. These are specified with a preceding double output to another place. For example, input might be read from a file, dash: or output sent to a file or another program. $ command --alpha --beta --charlie Finally, the shell will attempt to run the specified program. If the shell can't locate the program then an error is displayed. When run, some Often commands support both short (Unix) and long (GNU) options programs will exit quickly returning you to a command prompt. Other for the same feature. Other times, a feature will be accessible via programs may continue accepting input from the terminal effectively only one type or the other. A mix of option types can be used: preventing you from running other programs from that shell. $ command -a --beta -c --delta

2-4 Command Arguments Multiple Commands on One Command Line Many commands areEVALUATION designed to operate on one or more objects Sometimes, itCOPY is desirable to enter several commands at once and (often files). This list of objects are called "arguments" and are then have the system execute them one by one. This can be generally listed after the command name options. When the shell accomplished using a semi-colon to separate commands. For runs a command, it passes the list of arguments to the command as example: an array. ArgumentsUnauthorized not preceded by a dash are normally delimited by whitespace. For example: $ command_1; command_2 $ command --option1 arg1 arg2 Commands are run in a serial fashion only after the preceding command finishes and exits. If separate commands need to share a Common Errors shell variable, or avoid permanent settings (e.g. umask), the commands can be grouped together in parentheses: The shell searches a configurable list of locations for programs. If the program you want to run is not installed into one of the configured $ (foo=bar; echo $foo) directories, or if you make a typo in specifyingReproduction the name of the bar program then an error is returned: $ echo $foo $ command $ bash: command: command not found Command Line Tips and Tricks If the file containing the program does not grant you execute permissions then attempts to run it result in an error: Modern command shells have a large number of features designed to make command line access more efficient and increase productivity. $ command The following is a brief list of features. More extensive coverage of bash: command: Permission denied or each of these features is found in later chapters. If an invalid (unknown) option is specified, then an error is displayed.DistributionHistory ⇒ The shell keeps a record of commands run in each Often some basic usage information, or help, for the command is session. Use the arrow keys to bring back previously run also displayed: commands to save typing. Completion ⇒ Context sensitive auto-completion functions can save $ command -a huge amounts of typing. With default settings, press the Ð key command: invalid option -- a to attempt completion. Try `command --help' for more information. Aliases ⇒ Give your own names to commands by defining aliases. If an invalid argument is specified (such as a file that doesn't exist), For example, after running alias p="cd ..", typing pÕ at the then a command specific error is generated. The following is a prompt wouldProhibited change to the parent directory. common example: Clear screen ⇒ Pressing Ó¿l will clear the screen, (Bash specific). Copy & Paste ⇒ The act of highlighting text with the mouse (by left $ command file1 clicking and dragging to select it) automatically places a copy of command: cannot stat `file1': No such file or directory that text into a copy buffer. Clicking the middle mouse button will paste from that buffer.

2-5 Desktop Environments

EVALUATIONComplete interface COPY • Consistent look and feel Standardized working environment Unauthorized • (window placement, behavior, and virtual desktops , applications and utilities • Display Manager Originally handled terminal hangups and log in graphical directory of available logins remote display connection/browsing Look and feel of X actually a function of the window manager • Tom's Window Manager (, officially maintained by X.Org)

Desktop Environments Reproduction on providing a clean, simple interface, with full EWMH support; and FVWM, based on TWM: historically one of the first window As with Unix, the X Window System consists of many small, discrete managers, and still quite popular. More information, including screen applications, rather than one huge monolithic application. As a result, shots, about these and other window managers can be found at the X server application itself only provides a screen on which http://www.xwinman.org/. applications can be displayed. The task of actually managing those applications, and providing the user with a way to manipulate those X Display Managers applications (iconify them, move them on the screen, and so forth) is handled by a separate program, the aptly named window manager. Display managers provide graphical logins for Linux. In addition to basic user authentication (much like the login program offers), Historically, X has long had a variety of window managers which or display managers also take care of setting up the initial user provide basic windowing functionality—manipulating window Distributionenvironment; typically, they offer a choice of several different placement, modifying window size, and so forth. In the early 1990s, graphical setups which the user can select when they log into the window managers began acquiring additional functionality, such as system. Many display managers offer more advanced services as toolbars for launching commonly used applications. By the well, such as a graphical browser of available logins, or a graphical mid-1990s, developers began extending window managers even browser of remote systems which can be accessed using the display further, creating desktop environments. Desktop environments manager. implement all the functionality provided by window managers, either as a separate window manager or as an integral part of the desktop Linux offers a variety of different display managers which can be environment, but they also provide other features: end-user applets, selected, dependingProhibited up on the feature set and appearance desired by such as text editors and games; utilities, like desktop clocks; an the system administrator. Through the display manager, the X application launcher; and file managers. The two leading desktop Window System also provides remote access to the graphical display, environments these days are GNOME and KDE. and LXDE are or its programs. X Window system security is provided through a popular, lighter weight alternatives. trusted host, by host name. Popular window managers include , which provides an interface similar to the old NeXT environment; , a full-featured window manager which strives to provide maximal amounts of eye candy; , a window manager which focuses

2-6 GNOME

EVALUATIONGNOME – consistent COPY • all GNOME applications have a common look Uses the GTK library Unauthorized • programmable in many different programming languages -able GNOME 3 use by default • Originally used the Enlightenment window manager, then Sawfish • GNOME 2 used gnome-control-center

GNOME Reproduction The GNOME project, begun by the FSF to provide a free software alternative to KDE (KDE was originally built on the non-free library), has built a complete free and easy-to-use desktop environment for the user, as well as a powerful application framework for the software developer. All GNOME applications look and feel the same, and can be configured through the GNOME Control Center. One powerful feature of GNOME is its support for themes. By configuring themes, the end user can easily modify GNOME (andor consequently all GNOME applications) to look and feel how they Distribution would like. Additional information about GNOME, as well as a large catalog of GNOME applications, can be found at the GNOME website: http://www.gnome.org/. The following shows a simple GNOME 3 desktop, in Classic Mode, with open programs: Prohibited

2-7 GNOME Settings The GNOME Settings isEVALUATION the central location for modifying all things COPY related to GNOME. You can modify screensaver settings, keyboard settings, themes and background , among other items. All changed settings take effect immediately. For ease of use, there are no "Apply" buttons. Unauthorized Accessing the GNOME Settings can be done by selecting Places → System Tools → Settings. This launches the gnome-control-center command. From the command-line, type gnome-control-center -l to get a list of available panels.

Reproduction

or Distribution

Prohibited

2-8 Starting X EVALUATIONX already running COPY with a graphical login • On Red Hat Enterprise Linux and SUSE Linux Enterprise Server, the graphical.target Unauthorized See the /etc/systemd/system/default.target symlink • On Ubuntu, runlevels 2-5 by default From a text virtual terminal login, use startx • startx is a shell script that eventually runs • can run xinit manually, but by default only starts the X server

Starting X Reproduction Changing runlevels on the fly X can be started in a variety of ways. Often, X will already be started To change the current runlevel, the following is the equivalent to for you; Linux systems can be configured to boot either to a graphical changing to runlevel 5 with the telinit command: login screen, or a text login prompt. # systemctl isolate graphical.target Starting X on boot on RHEL7/SLES12 The following is the equivalent to changing to runlevel 3 with the Whether Red Hat Enterprise Linux and SUSE Linux Enterprise Server telinit command: boots by default to a text-based login, or to a graphical login, is controlled by the systemd graphical target. To configure the systemor # systemctl isolate multi-user.target to start with a graphical login, and be presented with a display manager login prompt, the following will provide the equivalent of DistributionStarting X at boot on Ubuntu setting runlevel 5 and setting it as the default: Whether Ubuntu boots to a text-based login, or graphical login, by [R7] The following applies to RHEL7 only: default is controlled by whether or not the graphical login manager is installed. To configure the system to no longer boot to a graphical # systemctl enable graphical.target -f login, while leaving the display manager installed, requires a modification to the GRUB boot loader: [S12] The following applies to SLES12 only: File: /etc/default/grubProhibited # systemctl set-default graphical.target -f → GRUB_CMDLINE_LINUX="text" To configure the system boot to a text login prompt, do the following: To complete this change, run the update-grub command.

[R7] The following applies to RHEL7 only: $ sudo update-grub # systemctl enable multi-user.target -f The display manager can be manually started from its init script (in the /etc/init.d/ directory), controlled by the initctl (or the [S12] The following applies to SLES12 only: service or start) command. # systemctl set-default multi-user.target -f 2-9 To reenable the display manager, revert the change made to /etc/default/grub. EVALUATION COPY $ sudo sed -i 's/text//' /etc/default/grub $ sudo update-grub Starting X manually Unauthorized If X is not started automatically, you can start it manually or by running the xinit command to start the X server. Usually, this requires custom configuration (in /etc/X11/ or ~/.xinitrc), so the startx command starts a more usable, pre-configured graphical environment. Since X is modular, you can control exactly how much of it you start. Accessing Virtual Terminal Reproduction Running one or more X graphical servers on a system does not preclude having simultaneous text login sessions. Each graphical or text session will be associated with a virtual terminal. The first twelve virtual terminals can be accessed by pressing Ô¿Ä through Ô¿Ï respectively (when in X, Ó is also necessary). Optionally, using Ô¿¡ or Ô¿¤ works when not in X and can be used to access high numbered terminals (moving sequentially from one terminal to the next). or Distribution

Prohibited

2-10 Gathering Login Session Info

EVALUATIONWho are you really?COPY • UID – user id • GID – group id Unauthorized • terminal: tty, pts Commands for gathering information: • id id -un|whoami id -Gn|groups • tty

Identifying Users, Groups, and TerminalsReproduction Although it is common to identify users by their username, at a lower level the system uses simple numbers to identify the various users on the system. Each user account on the system is associated with a user identification number called the UID. This UID identifies the user, and is used to track processes and files created by that user. For ease of administration and use, Linux makes use of a group scheme. Each group defined on the system has both a name and a unique identification number called a GID. Although a user may beor a member of several groups on the system, they can only have one Distribution group active at any given instant. When you are interacting with the system, some type of terminal will be associated with your session. Following the Unix design philosophy mentioned earlier, terminals are represented on the system as files. The following list shows several types of logins, and the ttys used by each: /dev/ttyS0, /dev/ttyS1... ⇒ Serial terminals Prohibited /dev/tty0, /dev/tty1... ⇒ Virtual terminal /dev/pts/x ⇒ Network connected terminals (i.e. via ssh) /dev/pts/x ⇒ Text terminals in an X Window System terminal emulator

2-11 Gathering System Info

EVALUATIONWho else is logged COPY into the system? • users, who, w, last What type of system is this? Unauthorized • cat /etc/os-release • uname -a • hostnamectl • free What is the system's network name • uname -n and hostname and cat /etc/hostname • ip and ifconfig

Determining Who is Using the System Reproduction to which you are currently connected. If your terminal prompt does not list the host name of the system, it is very easy to forget on On a multi-user system, sometimes it is helpful to see which other which system that terminal is connected. This is further complicated users are currently logged onto the system. Maybe you just want to by the fact that it is not at all uncommon to have multiple terminals send a quick message to the console of a friend, or perhaps you open simultaneously, connected to different machines. want to run a process that you know will largely monopolize a certain resource on the system, and you want to wait for a time when The hostnamectl command can be used to query and change the system usage is low. Even more likely, you notice that some resource system hostname and related settings. Details and information is being largely consumed (memory, CPU, disk, etc.) and you want to presented by the hostnamectl command includes the Static see who is using it so you can go complain. or hostname, system Chassis information, Machine ID and Boot ID, as well as OS, Kernel version, and Architecture. The information and Linux provides several commands such as users, who, w and last Distributiondetails presented by the hostnamectl command varies depending on that allow you to query the system and determine who is currently your system. The command also provides a number of options which logged on, as well as gain other useful information such as: can be used to operate on a remote host and change many of the y when they logged on system details listed above. To query information about the local y how long they have been idle host, type: y what process they are currently running $ hostnamectl status y what tty they are attached to To operate on a remote host, type: Many of the commands mentioned above return largely the same Prohibited information, differing only in supported options, how they obtain the $ hostnamectl -H user@host information, or in the formatting of the output. To set a new hostname on the local host, type: Gathering and Changing System Details $ hostnamectl set-hostname NAME The amount of physical memory in the system and usage can be obtained by running the free command. Numerous more commands are available for hostnamectl. To veiw a full comprehensive list of commands and correct usage details, check The uname command can be used to list information about the host out the man page.

2-12 Networking Details The uname -n or theEVALUATIONhostname command can be used to determine COPY the host name as well as the domain name. To only view the hostname, type: $ hostname -s Unauthorized To view the domain name run: $ hostname -d To view IP settings run the command ip addr. To see what DNS servers are configured look in the file /etc/resolv.conf.

Reproduction

or Distribution

Prohibited

2-13 uptime & w EVALUATIONuptime COPY • Shows the following information: Current time How long the system has been running Unauthorized The number of users logged in to the system The system load average. • Reads data from /proc/ and /var/log/wtmp w • Same ouput as update plus list of logged in users • Use -i to display remote IP address instead of hostname

uptime Reproduction w The uptime command provides a quick and easy way of viewing The w command provides the same information as the uptime with information about the running system. the addition of displaying all the logged in users. For example: The first entry shows the current time and how long the system has $ w been booted. The second entry indicates the number of users 17:56:10 up 3 days, 15:11, 25 users, load average:a currently logged in, as logged by /var/log/wtmp. The final entry 0.16, 0.16, 0.15 provides an indication of how busy the system is over 1, 5 and 15 USER TTY FROM LOGIN@ IDLE WHAT minute averages. or gurulabs pts/3 40.141.117.2 17:56 1.00s w ddmayne pts/8 ddmayne.dsl.xmis 07:58 17:54 -bash CPU load averages show the CPU capacity available, and the average Distributionamipjs pts/11 ip98-163-88-193. Mon06 9:43m pine processes using them. Systems that have multiple cores will report jjanney pts/12 216:S.0 Sat07 3days emacs -nw one CPU per core. The number will be doubled if hyperthreading is jjanney pts/13 216:S.1 Sat07 2:05m w3m enabled. The following example shows a single processor (one core, bmwright pts/14 179.5.103.122 17:32 23:42 -ksh no hyperthreading) with 0.42 processes that had to wait their turn in the previous minute of CPU cycle, but which otherwise were not overloaded: $ uptime 14:37:56 up 5:34, 5 users, load average: 1.42, 0.27, 0.12 Prohibited

2-14 got root?

EVALUATIONMany operating COPY systems have the concept of a super user This super, or privileged, user has special access rights and privileges on the system Unauthorized The root user is the privileged user on most Unix systems Has the user ID (UID) of zero (0)

root Reproduction Many network operating systems support the concept of a privileged user. On Linux (as on most Unix systems), this user is called the root user. The root user is in many respects all-powerful on the system. Below is a short list of some of the things that the root user can do: y Change to any directory and read and write to files regardless of the permissions set on those files y Install software and make it available system wide (because root can create/modify/delete files anywhere) or y Modify device settings Distribution y Modify the network configuration y Change the time on the system y Add/modify/remove users on the system y Assume the identity of any user on the system Although the name of the all-powerful, privileged user is normally root, the name assigned to the user is not actually important. The system identifies users by assigning a number to each called the user Prohibited identifier or UID. The privileged user is identified by the UID of 0. However, it is recommended that the root user name not be changed, as there are some user-space pieces that actually look at the username rather than the UID.

[U1604] The following applies to U16.04 only: On Ubuntu the root account password is locked by default.

2-15 Switching User Contexts

EVALUATIONsu: launch a new shellCOPY as another user (using the target user's credentials) • Use - | -l | --login to inherit login profile Unauthorized • Default user is root sudo: run a single command with another user's privilege • Remembers authentication per-terminal (typically five minutes) • Configuration affects authentication and available privilege (/etc/sudoers)

Switching User Contexts Reproduction configuration), type sudo -i. y To run a single command using another user's privilege, type On a multi-user system, an individual may have more than one sudo command_name. account. Logged in from one account, there may be a need to do something using another account. This would require the following In both cases, the sudo command will ask for the user's password, procedure: and based on the configuration in the file /etc/sudoers, will allow the user to execute an administrative command. 1. log out 2. log in using the new account sudo remembers authentication by username and terminal, typically 3. execute the needed commands or for five minutes. To extend the time out, run sudo -v. To cancel the 4. log out of the new account time out, run sudo -k. 5. log back in using the old account Distribution [S12] The following applies to SLES12 only: To avoid the above, use the substitute user command (su) to temporarily use the other account. For example: By default, the sudo command on SUSE Linux Enterprise Server will ask for the root user's password, the default target user. 1. type su - new_username 2. execute the needed commands [U1604] The following applies to U16.04 only: 3. type exit to return to the old user account Ubuntu has locked the root password by default, requiring administrators to rely solely on sudo. See the sudo_root(8) man The original purpose of the su command was to perform system Prohibited page for details. administration tasks as the root user. This remains its most common use. Unfortunately, in an attempt to avoid being forced to switch between accounts, new users are often tempted to log in initially as root. Using the root account to perform routine tasks is a bad idea! The sudo command provides administrative access using user authorization. For example:

y To switch to a login shell (typically root's, depending on

2-16 sudo

EVALUATIONsudo – a more COPY powerful su • more fine-grained security • able to log commands Unauthorized sudoedit – a safer way to edit files • sudo -e visudo – a safer way to manage sudo • /etc/sudoers Replacing su with sudo • sudo -i Using sudo with ssh • ssh -t hostname "sudo reboot"

Delegating Privileges Reproduction target user's password is required. This is done so that all users can be safely allowed to use sudo without first being granted permission sudo makes it possible to run commands as a different user. It can by an administrator. be used to replace or complement su. In most situations, sudo is superior because it supports more fine-grained configuration. $ sudo reboot root's password: makeitso Õ When evaluating security rules, sudo considers many variables . . . output omitted . . . including: Editing Files with sudo y The command being run y Arguments being passed to the command or Failure to consider edge conditions when configuring sudo can y The user launching the command Distributioncompromise system security. For example, a user permitted to run y The user the command will run as "sudo vi some_file" can get complete root access by typing y The host the command will run on ":!/bin/bash" within vi. By default, sudo logs all commands to syslog. It can also be When granting a user permission to edit files, using the sudoedit configured to log to another file. command may be safer. When launched as either sudoedit or sudo -e, sudo will make a temporary copy of the file to be edited then Unless a different user is requested, sudo runs commands as root. launch an editor running with normal user privileges. When the user Unlike su, by default sudo does not prompt for the target user's finishes editing, the contents of the file will be copied back. However, password. Instead, the user is required to re-authenticate using his or Prohibited creating temporary copies may not be appropriate for sensitive files. her own password. For example: Configuring sudo $ sudo reboot [sudo] password for guru: work Õ sudo security rules are defined in /etc/sudoers. The visudo . . . output omitted . . . command should be used when editing /etc/sudoers because it prevents simultaneous modifications, and it verifies syntax to prevent [S12] The following applies to SLES12 only: typos or other mistakes in the configuration file. SLES12 changes the default behavior of sudo by enabling the targetpw option. Instead of requiring the user's own password, the 2-17 File: /etc/sudoers %wheel ALL = (ALL)EVALUATION NOPASSWD: ALL COPY %operator ALL = /usr/local/bin/backup,a /usr/sbin/lpc, /usr/sbin/lprm guru www.example.comUnauthorized = sudoedit /etc/hosts.allow In this example, members of group wheel can run any command on any host without entering a password. Members of group operator can run backup and printing commands on any host. And guru can edit /etc/hosts.allow using sudoedit only on a host named www.example.com. The implication is the inherent assumption of a distributed (e.g. NFS, LDAP) /etc/sudoers file, delimiting the capabilities of users and groups on specific hosts. Replacing su with sudo Reproduction To launch an interactive shell, similar to default behavior of the su command, use the -i option. For example: $ sudo -i [sudo] password for guru: work Õ # whoami root Using sudo with ssh or When the requiretty option is enabled in /etc/sudoers, sudo can Distribution not be used as part of an ssh command unless the -t option is used. For example: $ ssh station1.example.com "sudo service cups restart" sudo: sorry, you must have a tty to run sudo $ ssh -t station1.example.com "sudo service cups restart" . . . output omitted (cups is restarted) . . . Prohibited

2-18 Help from Commands and Documentation EVALUATIONcommand --help COPY Documentation for installed packages • RHEL7 /usr/share/doc/package_name-version Unauthorized • SLES12 /usr/share/doc/packages/package_name • U16.04 /usr/share/doc/package_name Shipped or online distribution documentation Linux Documentation Project - TLDP Online help: • web sites, FAQs, Howtos, newsgroups, mailing lists (s) (LUGs) • membership typically by mailing list subscription (no dues) • monthly presentations/meetings

Getting Help Reproduction Online Help Most Unix commands will print a usage summary if an incorrect In addition to documentation installed, or available for installation, to option or argument is used. Some commands have a dedicated the system, most open-source projects will have a website or email option (e.g. -?) to print a usage summary, which in some cases list (typically both), sometimes a Usenet group or IRC channel, includes descriptions of the options and arguments printed. dedicated to both users and developers of the software. Common files or web pages include a frequently asked questions (FAQ), a Supplementary documentation may be included in the /usr/share/ HOWTO guide, and sometimes the user's manual available for filesystem, either directly (e.g. /usr/share/emacs), or under the download or as a web page. /usr/share/doc/ directory. Linux distributions will often include source code documentation to supplement incomplete man pages.or The Linux community has produced lots of documentation to assist Distributionusers. One of the most organized and ambitious projects of this Help Syntax nature is The Linux Documentation Project (TLDP). This goal is stated When invoking a command with the GNU --help option, a usage in their manifesto: summary with option and argument descriptions will be printed to the The Linux Documentation Project is working on developing free, screen. This uses syntax which may not be readily identifiable: high quality documentation for the GNU/Linux operating system. $ date --help | head -n 2 The overall goal of the TLDP is to collaborate in all of the issues Usage: date [OPTION]... [+FORMAT] of Linux documentation. This includes the creation of HOWTOs or: date [-u|--utc|--universal] [MMDDhhmm[[CC]YY][.ss]] and Guides.Prohibited We hope to establish a system of documentation for Linux that will be easy to use and search. This includes the For instance, capital letters (angle brackets < > are sometimes used) integration of the manual pages, info docs, HOWTOs, and other specify a variable: OPTION. This variable is enclosed in square documents. TLDP's goal is to create the canonical set of free Linux brackets, indicating an optional argument. Also, a vertical bar (|) documentation. While online (and downloadable) documentation separates arguments where only one in a list can be chosen: can be frequently updated in order to stay on top of the many [-u|--utc|--universal]. Ellipses (. . .) are used to specify that more changes in the Linux world, we also like to see the same docs than one argument may follow. Finally, notice the difference in types included on CDs and printed in books. of optional arguments: GNU long (--universal), POSIX (-u) flags, and — http://tldp.org/ keys (BSD style, e.g. ps ax, tar tf).

2-19 whereis EVALUATIONwhereis COPY • Used to identify the location of a command, related source code, and related man pages Unauthorized -m | -M: restricts results to manual page(s) -b | -B: restricts results to executable files

whereis Reproduction The whereis command is useful for identifying the path(s) of a command, and its associated man pages. $ whereis ls ls: /bin/ls /usr/share/man/man1/ls.1.gz To retrieve only one of these, use -b or -m. Other options exist, such as -s (which will look for the source files of a command). or $ whereis -m ls ls: /usr/share/man/man1p/ls.1p.gz /usr/share/man/man1/ls.1.gz Distribution Constraining the search locations The -B, -M, and -S options do the same as their lower case counterparts, but provides results restricted to a specific directory. The directory is provided as an argument to the respective option, and must be an absolute path. The use of -f is required to identify the file in question. Prohibited $ whereis -b -B /usr/bin -f zgrep zgrep: /usr/bin/zgrep

2-20 Getting Help Within the Graphical Desktop

EVALUATIONGraphical Help COPY begins with Ä • Gives a help manual for the active window yelp Unauthorized khelpcenter

Graphical Help Reproduction The Linux Programmer's Manual and GNU info manuals can be viewed graphically with the GNOME yelp command, or the KDE Help Center (the khelpcenter command). Yelp can also be used with GNOME applications. The KDE Help Center can also be used with any KDE application. In GNOME, typing Ä will bring up an active program's documentation. In KDE, individual application handbooks can be located from the Help menu. or Distribution

[U1604] The following applies to U16.04 only: The xman command can also be used to browse man pages. Prohibited

2-21 Getting Help with man & info EVALUATIONIt may seem cryptic, COPY but at least it's well-documented • man [section] name man sections Unauthorized useful options • info created by the GNU project meant as a "superior" replacement for man uses HTML like navigation with links if info pages exist, they usually provide more complete and up-to-date documentation than the corresponding man page use pinfo to view pages

Getting Help Reproduction man Sections: If you are new to Linux, and especially if you have no previous (1) ⇒ User Commands experience using the system from the command line, you may feel (2) ⇒ System Calls intimidated or even confused by the commands. Some commands (3) ⇒ Subroutines have what seem to be countless different options, each causing the (4) ⇒ Devices command to behave in a slightly different manner. Often, even the (5) ⇒ File Formats names of the commands can seem non-intuitive and confusing. (6) ⇒ Games (7) ⇒ Miscellaneous Fear not! What at first may seem like an insurmountable task is or (8) ⇒ System Administration actually far easier than you may think. Linux has excellent online (n) ⇒ new (used for writing and testing new and/or updated man documentation for the commands and programs found on the Distributionpages for other sections) system. After learning the help systems, and practicing with the commands, soon what you once found short and cryptic you may The man command will search the sections in the following order: consider efficient and elegant. Commands that you thought had far 1,8,2,3,4,5,6,7,n. Usually this will not be a problem, but occasionally too many options you will soon describe as flexible or versatile. you will be looking for help on a command that is found in several sections. In this case, man will return the page for the first instance it The mainstays for command line help are the electronic manual finds. For example, suppose you are adding a new task to the system pages commonly called "man pages." Almost all of the commands on crontab and need to check syntax for the file. You type man crontab the system have corresponding man pages, and when new software and get this output:Prohibited is installed it usually comes with additional man pages. Man pages are organized into sections or books that group similar things together. Although additional sections can be added, the following sections are defined by default:

2-22 CRONTAB(1) CRONTAB(1) NAME crontab - maintainEVALUATION crontab files for individual users (V3) COPY SYNOPSIS crontab [ -u user ] file crontab [ Unauthorized-u user ] [ -l | -r | -e ] DESCRIPTION Crontab is the program used to install, deinstall or list the . . . snip . . . This is not what you were after, and you notice that the very first line of output starts with CRONTAB(1) indicating that this page is from section one. To override the normal search order of the man command, type man 5 crontab to get the output you were after: CRONTAB(5) Reproduction CRONTAB(5) NAME crontab - tables for driving cron DESCRIPTION A crontab file contains instructions to the cron(8) daemon of the general form: ``run this command at this time on this date' . . . snip . . . Notice the CRONTAB(5) convention of referring to the manual and its chapter. This was a convention started in the first Unix Programmer'sor Manual, which was broke up alphabetically into chapters. When looking at the manual online (on the system, not the Internet), it Distribution means type man 5 crontab. It is therefore common to see 'crontab(5)' as a way to reference the crontab entry in chapter 5 of the manual. Another command for getting help is the info command. info is similar to man and just requires one parameter, the command you want help on. info organizes help into different topic pages with links leading from page to page. It is the format preferred by the FSF to man pages, and if the software, or command, in question is from Prohibited the FSF, the info pages will likely be more complete than the man pages for that command. A good viewer to use to read info pages is pinfo. Also, the Emacs editor provides an excellent info viewer, (info was originally designed as the documentation system for Emacs).

2-23 EVALUATION COPYLab 2 Estimated Time: S12: 25 minutes Unauthorized R7: 25 minutes Task 1: Login and Discovery U1604: 25 minutes Page: 2-25 Time: 10 minutes Requirements: b (1 station) d (graphical environment)

Task 2: Help with Commands Page: 2-30 Time: 10 minutes Requirements: b (1 station) c (classroom server) Reproduction Task 3: Switching Users With su Page: 2-34 Time: 5 minutes Requirements: b (1 station)

or Distribution

Prohibited

2-24 Objectives Lab 2 y Login toEVALUATION the workstation using a virtual console. COPY y Use the various virtual console changing keystrokes. Task 1 y Login to the workstation using a GUI interface. Login and Discovery y Use a varietyUnauthorized of commands to gather information about the current login and the other users on the system. Estimated Time: 10 minutes

Requirements b (1 station) d (graphical environment)

Relevance The commands covered in this task will help you be able to login to a Linux system and identify the state of the system. These commands are particularly important, because itReproduction is common when using Linux to access many user accounts and systems, often from the same terminal. Notices y If this lab exercise is being run within a virtual environment, the use of special keystrokes may be needed to switch between virtual terminals.

1) If the system is currently logged in, log out. Use the menus to log out from the graphical interface, or type logout at the command prompt if logged into the text terminal. or

2) Switch to the second virtual terminal and login as the guru user:Distribution Ó¿Ô¿Å Some virtual machines, or remote interfaces, do not stationX login: guru have a way to pass the Ó¿Ô¿Å key sequence. Password: work Õ An alternative is the command su -c "chvt 2" which . . . output omitted . . . will switch the display to /dev/tty2. (You will be prompted for the root password.)

3) Use the id command to see the user id(uid) and group id(gid): Prohibited $ id [R7] uid=1000(guru) gid=1000(guru) groups=1000(guru) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 [S12] uid=1000(guru) gid=100(users) groups=100(users) [U1604] uid=1000(guru) gid=1000(guru) groups=1000(guru),4(adm),24(cdrom),a 27(sudo),30(dip),46(plugdev),110(lpadmin),125(sambashare)

2-25 4) See what accountEVALUATION name you are logged in as: COPY $ id -un This can also be done with the whoami command. guru Unauthorized

5) Use the tty command to observe what terminal is associated with the login: $ tty /dev/tty2

6) Install the finger command for use by the visitor user in a later step:

[R7] $ su -c "yum install -y finger"Reproduction [R7] Password: makeitso Õ [U1604] $ sudo apt-get install -y finger [U1604] Password: work Õ

7) Switch to the third virtual terminal and login as the visitor user: Ó¿Ô¿Æ stationX login: visitor or Password: work Õ . . . output omitted . . . Distribution

8) Since you logged into the third virtual terminal, the associated terminal will be different. Verify which terminal is in use: $ tty /dev/tty3 Prohibited 9) Use the who and w commands to see all users logged onto the system: $ who . . . output omitted . . . There should be at least two users logged in to the $ w workstation. . . . output omitted . . .

2-26 10) Use the fingerEVALUATIONcommand to find out more information on the user visitor thatCOPY is logged in to the workstation: $ finger visitor . . . outputUnauthorized omitted . . . Besides GECOS field information (Name, Primary contact info such as room number, office phone number, other contact info), finger prints the following files: ~/.pgpkey, ~/.project, ~/.plan, and ~/.forward (PGP public key, current projects summary, general schedule such as work hours, and where email is forwarded, respectively).

11) [R7] This step should only be performed onReproduction RHEL7. Press Ô¿Ä, or run su -c "chvt 1" (with the accompanying root password of makeitso), to bring up the GUI login screen, and if needed, log in with account name guru and password work. [Note:] Since release 6 of Enterprise Linux, the GUI boots to tty1, instead of the next-available terminal. However, sometimes X will float to tty7 (the next available) while using the system from a text-terminal. If you see what looks like boot splash screen residual when switching to tty1, try tty7 instead. or 12) [S12 U1604] This step should only be performed on SLES12/U16.04. Distribution Press Ô¿Ê, or run sudo "chvt 7" (with the accompanying guru password of work), to bring up the GUI login screen, and if needed, log in with account name guru and password work.

13) Open a terminal window. Observe that the terminal window does not use a virtual terminal, but a pseudo terminal: Prohibited $ tty /dev/pts/0

14) With three different logins and terminal sessions on the system, use the who and w commands to see all the active sessions: $ who

2-27 . . . output omitted . . . $ w EVALUATION COPY . . . output omitted . . . Note that the second column of both commands lists the associated terminal and that the displayed TTY is different. Be aware that the :0 is the graphical login 15) Press Ó¿Ô¿ÅUnauthorizedto return to the second virtual terminal where the guru user is session itself. still logged in: [guru@stationX ~]$

16) Determine how much physical RAM and swap is configured in the system: $ free total used free shared buffers cached Mem: 1034880 1013264Reproduction 21616 0 135708 266452 -/+ buffers/cache: 611104 423776 Swap: 1959888 0 1959888 Output on the system will likely vary from this example output. The top left number is the installed physical RAM in bytes on your system. The bottom left number is the amount of swap.

17) Pass an option to the free command to display numbersor in megabytes instead of kilobytes: Distribution $ free -m total used free shared buffers cached Mem: 1010 974 36 0 129 254 -/+ buffers/cache: 590 420 Swap: 1913 0 1913

18) Display the IP address of the main network adapter using the ip command. If theProhibited primary network interface is called eth0, ip can show a specific interface's details by specifying the interface name as follows: $ ip addr show dev eth0 . . . output omitted . . .

2-28 19) Display theEVALUATION default IP gateway currently configured: COPY $ ip route default via 10.100.0.254 dev eth0 proto static metric 1024 10.100.0.0/24Unauthorized dev eth0 proto kernel scope link src 10.100.0.X The first entry is the default gateway.

20) Display the currently configured DNS server(s): $ cat /etc/resolv.conf The cat command displays to the terminal the contents . . . snip . . . of a text file. search example.com nameserver 10.100.0.254 Reproduction Sometimes this may point to a 127. address, which means a DNS server, e.g. named, dnsmasq, is handling The DNS servers are defined using the nameserver lines. Up to three nameserver the request. lines are supported. Typically, this configuration file will be dynamically modified, even when not using DHCP. Normallly, there are comments at the top of the file reminding administrators of this.

21) [R7] This step should only be performed on RHEL7. The nmcli command, part of NetworkManager, can identifyor what the system is using for its DNS server: Distribution # nmcli dev show | grep DNS IP4.DNS[1]: 10.100.0.254

22) [U1604] This step should only be performed on U16.04. The nm-tool command, part of NetworkManager, can identify what the system is using for its DNS server. Run nm-tool to identify the system's name resolver: Prohibited $ nm-tool | grep DNS DNS: 10.100.0.254

23) Using the Ò¿Ü and Ò¿Ý keys, the terminal window can be scrolled. Use these keys to scroll back as far as possible in the terminal. Note that scroll back is possible using these same key sequences at the full screen text virtual terminals. However, when using scroll back at the virtual terminal the scroll back buffer is cleared when switching to another terminal (or back to X).

2-29 Objectives Lab 2 y Use the built-inEVALUATION manual (man) system. COPY y Use the built-in info documentation system. Task 2 y Access usage information built into commands. Help with Commands y Locate a program's README file and other bundled documentation. Unauthorized Estimated Time: 10 minutes Requirements b (1 station) c (classroom server)

Relevance Being able to effectively use the powerful documentation system built into Linux is an important skill useful in many situations. This lab task covers the man and info systems. Reproduction 1) Use the man command to find which of its options is equivalent to the apropos command. $ man 1 man When finished reading, press the q key to exit.

2) Use the -k option to discover what manual pages contain the term "delete" in their description: or $ man -k delete Distribution . . . output omitted . . . This command uses a database that may not exist on the system (it is usually rebuilt on a daily basis). If it fails, run the makewhatis or mandb command as root to build the database.

3) Use the man command to view one of the specific man pages returned by the Prohibited previous search: $ man userdel . . . output omitted . . .

4) The man command uses another command to display the output one page at a time. By default, on Linux this is the less command. You can easily search within a man page using the / key.

2-30 Search for theEVALUATION words SEE ALSO to view other related manual pages: COPY /SEE ALSOÕ the SEE ALSO section of the man page is displayed q the man command exits Unauthorized 5) Using the man command, open the first chapter of the intro manual, and peruse the contents: $ man 1 intro When finished reading, press the q key to exit.

6) Use the info command to learnReproduction about the wget downloading utility: $ info wget the info page for the wget command is displayed press the down arrow key until the cursor is on the Overview line Õ the overview page for wget is displayed p the previous info page is displayed again q the man command exits or 7) [R7 U1604] This step should only be performed on RHEL7/U16.04. Distribution Try using the newer pinfo viewer to browse the same wget info page: $ pinfo wget Notice the more browser-like interface compared with the traditional info command. Use the arrow keys and Õ to navigate. When you are ready, press q to quit. Prohibited 8) Another useful resource for getting help is the package documentation directories. Most commands and programs will have an entry in these directories. Usually, the information in these text files is different than what is found with man or info. They commonly contain release notes, installation notes, etc. See what information exists for the command wget:

[R7 U1604] $ cd /usr/share/doc/ [S12] $ cd /usr/share/doc/packages/

2-31 $ ls Lists all files and directories contained in the current . . . outputEVALUATION omitted . . . COPYdirectory.

[R7] $ cd wget-version/ Replace version with the real wget version number [S12 U1604] $ cd wget/ seen in the directory listing. Hint: Press Ð to use Unauthorized shell auto-completion. $ ls See what documentation files exist . . . output omitted . . . $ more AUTHORS Display the contents of the file (showing who the authors of wget are).

9) Though most commands provide a usage summary when mistyped, with wget and other GNU/Linux commands, a list of possible command line arguments can be obtained by running the command with the --help option. This provides both the usage summary and more detailedReproduction information on running the command. Some GNU commands only provide --help instead of a man page. Some Unix derived commands rely on the usage summary and man page only. With GNU commands, --help is commonly used to build man pages, (since GNU prefers the textbook style of the Emacs Texinfo format). Run the wget command with this option to see the list of available arguments: $ wget --help . . . snip . . . -c, --continue resume getting ora partially-downloaded file. --progress=TYPE select progress gauge type. -N, --timestamping don't re-retrieve filesDistribution unless newer than local. -S, --server-response print server response. --spider don't download anything. -T, --timeout=SECONDS set all timeout values to SECONDS. --dns-timeout=SECS set the DNS lookup timeout to SECS. --connect-timeout=SECS set the connect timeout to SECS. --read-timeout=SECS set the read timeout to SECS. . . . snip . . . Prohibited This output illustrates the GNU long option format common in many command line utilities on Linux. Some options may have an equivalent POSIX flag (e.g. -?) to each GNU long option. Some options have only a short (POSIX) or long (GNU) version. All the long versions are prefixed by a double dash. Also, some GNU commands may request that the --help option be run, when mistyping a command.

2-32 10) Use the wgetEVALUATIONcommand a couple of times, with and without one of the options: COPY $ cd /tmp/ $ wget http://server1.example.com/ . . . outputUnauthorized omitted . . . $ wget -S http://server1.example.com/ . . . output omitted . . . This time the server responses are printed. $ wget -S --spider http://server1.example.com/ . . . output omitted . . . This time the server responses are printed, but without downloading the file.

11) If time permits, use the different help resources explored in this lab task to find out more about the ls and cat commands.Reproduction

or Distribution

Prohibited

2-33 Objectives Lab 2 y Use andEVALUATION explore the use of the su command. COPY y Observe the operation differences between su and su -. Task 3 Switching Users With su RequirementsUnauthorized b (1 station) Estimated Time: 5 minutes

Relevance This lab task illustrates the difference between using su and su - on the environment.

1) Ensure that guru is the currently logged in user: $ cd Reproduction $ whoami guru If result is different, log out and log back in as the guru $ id -un user. The id command can also be used to identify guru which user is currently logged in.

2) Observe and record the value of the existing environment variable $PATH: $ echo $PATH . . . output omitted . . . or Result: Distribution

3) Observe and record the current working directory: $ pwd Prohibited . . . output omitted . . . Result:

4) [U1604] This step should only be performed on U16.04. Ubuntu makes the first user of the system the administrative user. This means that the path will be different for the guru and visitor users. Switch user to visitor and compare the path difference:

2-34 $ su - visitor Password: EVALUATIONwork Õ COPY $ echo $PATH . . . output omitted . . . Unauthorized 5) [S12 U1604] This step should only be performed on SLES12/U16.04. The ifconfig utility can be used to display network card IP address assignment and other NIC parameters and statistics. Try to use ifconfig (expecting an error): $ ifconfig -bash: ifconfig: command not found This message is to be expected as the ifconfig program is located in a directory that is not in an unprivileged user's $PATH by default. 6) [U1604] This step should only be performedReproduction on U16.04. With Ubuntu the root user is disabled by default. Follow the instructions in the sudo_root(8) manual to enable the root user: $ exit Exit from the visitor owned shell, to the guru owned $ sudo passwd root shell. [sudo] password for guru: work Õ Enter new UNIX password: makeitso Õ Retype new UNIX password: makeitso Õ or passwd: password updated successfully Distribution 7) Use the su command to become the root user: $ su Password: makeitso Õ

8) Observe how you have root privileges: Prohibited # id -u Note how the prompt has changed to ending in a # 0 instead of $ or > now that you are root, i.e. user ID 0.

9) Compare the output of these commands to the previously obtained (and recorded) output: # echo $PATH

2-35 . . . output omitted . . . # pwd EVALUATION COPY . . . output omitted . . .

10) [S12] This stepUnauthorized should only be performed on SLES12. Attempt to run the ifconfig utility again: # ifconfig On SUSE Linux Enterprise Server, the su command is Absolute path to 'ifconfig' is '/sbin/ifconfig', so running ita customized so that when su is run without the -, the may require super user privileges (eg. root). sbin directories are added to the user's inherited $PATH variable. 11) Return to the regular, unprivilegedReproduction user account: # exit

12) Use the su command with the - option to become the root user via a login shell (which processes root's login scripts): $ su - Password: makeitso Õ or 13) This time, the root shell has the correct environment. CheckDistribution the user ID and group memberships: # id uid=0(root) gid=0(root) groups=0(root)

14) Compare the output of these commands to the previously obtained output: # echo $PATH Prohibited . . . output omitted . . . # pwd . . . output omitted . . . Note how the environment has changed to be root's native environment. Most distributions only include the sbin directories in the $PATH of the root user.

2-36 15) [S12] This stepEVALUATION should only be performed on SLES12. COPY Run the ifconfig utility again: # ifconfigUnauthorized . . . output omitted . . . It works as the ifconfig utility is located at /sbin/ifconfig and that directory is in the root user's $PATH.

16) Observe how with root privileges the su command will switch to another account without knowing or supplying a password: # su - guru Reproduction There is no prompt for a password.

17) See that the environment has changed to that of the guru user: $ id . . . output omitted . . . $ pwd . . . output omitted . . .

18) Return to the root shell: or $ exit Distribution Clean Up

19) [R7 S12] This step should only be performed on RHEL7/SLES12. Administrative privileges are no longer required; exit the root shell to return to an unprivileged account: # exit Prohibited

20) [U1604] This step should only be performed on U16.04. Return to the guru user's shell and remove the root user's password: # exit $ sudo passwd -l root [sudo] password for guru: work Õ

2-37