Implementing a Parallel World Model Using Linux Containers for Efficient System Administration

Total Page:16

File Type:pdf, Size:1020Kb

Implementing a Parallel World Model Using Linux Containers for Efficient System Administration Implementing a parallel world model using Linux containers for efficient system administration (Paper) Yasushi Shinjo and Wataru Ishida Jinpeng Wei Department of Computer Science School of Computing and Information Sciences University of Tsukuba Florida International University 1-1-1 Tennoudai, Tsukuba, Ibaraki 305-8573, Japan Miami, Florida, USA Email: [email protected] Abstract—This paper describes the implementation of a par- software updates. However, this method does not help to run allel world model using Linux containers. A parallel world the production environment while testing. (or parallel universe) model allows a user to create multiple To address these problems, we propose providing a parallel execution environments, called worlds, in a single operating system and to manipulate these worlds. This model enables world model at the operating system level. A parallel world or a system administrator to create a new test world that looks parallel universe model is a model to describe time machines like a production world. The system administrator upgrades in science fiction (SF) and to interpret observations in quantum fundamental software and tests applications in the new test physics. In our parallel world model at the operating system world while running the production world. If the applications level, a world is a container of files and an execution environ- do not pass the tests, the administrator deletes the new world. If the applications pass the tests, the administrator merges the ment of processes. Using this parallel world model, a system test world into the production world. Prior to the merge, the administrator can upgrade fundamental software, as follows. administrator can examine the differences between these two 1) Create one or more child worlds for upgrading and worlds, and identify any unintentional file modifications. The parallel world model has been implemented using Linux testing, based on the root world as the production containers and Aufs, a union filesystem. In addition, this im- environment and other existing derived worlds. We allow plementation uses Auditd, an audit tool, to trace file accesses multiple inheritance. A child world inherits files from in worlds. This paper describes the effectiveness of the par- multiple parents in a copy-on-write manner. allel world model by analyzing a software upgrade process. 2) Keep running the root production world while upgrading Experimental results show that the world-related operations are completed within a few seconds, and that it is difficult for remote and testing in child worlds. users to notice the overhead caused by running in parallel worlds. 3) Remove child worlds if the application does not work. 4) Merge the contents of child worlds into the root world if the application works well. Before merging, the system I. INTRODUCTION administrator can show differences between the child worlds and the root world, and see the files that will be Software bugs are found every day, and software up- modified on merging. dates or patches are released regularly. System administra- tors, especially those in small organizations, are very busy We have implemented this parallel world model in Linux upgrading fundamental software, such as Web servers and using Linux containers (LXC) [13]. We realize the copy-on- language processors. It is easy for system administrators to write feature using Aufs, a union filesystem [20]. We also perform software updates. For example, a system administra- use Audit daemon (Auditd), a system audit tool, to trace file tor can perform an update by typing “apt-get update; accesses in worlds and watch for derived files [7]. apt-get-upgrade” in a Debian-based Linux distribution. However, upgrading fundamental software can crash applica- II. COMMANDS FOR MANIPULATING WORLDS tions. System administrators must test their applications after upgrading. If they identify problems, they must undo the This section shows the usage of commands that manipulate upgrade. worlds by using the following scenario. Some systems provide transactional/undoable operations to • The production environment runs a blog application with support these activities of system administrators. Using virtual WordPress [36], which is written in the PHP language machines enables administrators to easily clone the production [32]. The Web server is Apache [31]. environment at the disk block level. However, it is not straight- • Patches are released for WordPress and PHP. The system forward to move the contents of the test environment into the administrator needs to upgrade WordPress and PHP. production environment after testing. Taking filesystem-level • Before actually upgrading, the system administrator must snapshots allows administrators to easily revert destructive test the blog application. $ exec WPUpdate bash wordpress_update.sh Root World phpphp files wordword files The second world is for upgrading PHP. httpd press logs mysqld DBDB press logs files filesfiles files $ wcreate PHPUpdate Root $ wexec PHPUpdate apt-get upgrade php5 inherit and The final world is for testing the blog application. Fig. 1 WPUpdate World copy-on-write PHPUpdate World shows the final direct acyclic graph (DAG) of these worlds. wordword phpphp presspress $ wcreate WPTest WPUpdate PHPUpdate filesfiles filesfiles inherit and Next, the system administrator dumps databases in the root copy-on-write world. Test World $ wexec Root "mysqldump --single-transaction \ --all-databases > backup_root.sql" httpd mysqld DB logslogs DB filesfiles Next, the system administrator restores databases in the test world, runs MySQL server [21], and runs the Apache Web server. Fig. 1. A direct acyclic graph of worlds for upgrading WordPress and PHP. $ wconsole WPTest WPTest$ service mysql start WPTest$ mysql < backup_root.sql • If the blog application works well in testing, the system WPTest$ service apache2 start administrator makes these patches effective in the pro- WPTest$ exit duction environment. • Otherwise, the system administrator keeps the production Next, the system administrator maps the port of the test environment unchanged, finds the causes of the problem world to the host. and considers alternatives. $ wip WPTest forward 80 50080 Table I shows commands for manipulating worlds. In the parallel world model, there is a special world called the root Now, the system administrator begins testing the blog appli- world. The root world, referred to as Root, is the base of other cation with a Web browser. If the application passes the test, derived child worlds. The root world typically runs production the system administrator sees updated files. applications. The following command runs a Web server in the $ wdiff WPUpdate Root root world. + /var/www/html/wordpress/wp-includes/js/q $ wexec Root service apache2 start uicktags.js + /var/www/html/wordpress/wp-includes/sess The system administrator also uses the wconsole com- ion.php mand to run commands interactively. + /var/www/html/wordpress/wp-admin/plugin- Next, the system administrator creates three child worlds. install.php The first world is for upgrading WordPress; its parent is the ... root world. $ wdiff PHPUpdate Root $ wcreate WPUpdate Root ... If no problem is found, the system administrator makes these modifications effective in the root world, and deletes TABLE I COMMANDS FOR MANIPULATING WORLDS. the test world that contains dirty log files and databases. Four fundamental commands $ wdelete WPTest Command Description $ wmerge WPUpdate Root wcreate Create a child world based on one or more parent $ wmerge PHPUpdate Root worlds. wdelete Delete a world. $ wexec Root service apache2 restart wdiff Show differences between two worlds. wmerge Merge a world into another world. If serious problems in the patches are found, the system administrator deletes the worlds and considers alternatives. Supplemental commands Command Description $ wdelete WPTest WPUpdate PHPUpdate wexec Run a command in a world. wconsole Connect a terminal to a world. Note that this process of upgrading and testing is not wip Configure IP addresses and port forwardings. serializable in terms of transaction processing [37]. As we check-off Checks off files on merging. see in this example, we do not need strict serializability in Containers rootfs Filesystem layers Each world has its own network namespace. When we run Test Container read-write a server in a child world, we can allocate an IP address to the mount Union logs DBDB Test child world, or we can map the server’s port number to an httpd mysqld read-only logs files layer files unused port number of the host. We create a child world based on a parent world as follows. mount PHPUpdate Container Union • We create a root directory with Aufs. First, we create phpphp PHPUpdate a new empty directory. Next, we union-mount the new filesfiles layer empty directory and the lower root directory (or directo- ries) of the parent world(s). For example, in Fig. 2, we WPUpdate Container mount union-mount the WPUpdate layer and the Root bottom Union wordword WPUpdate presspress layer layer for the WPUpdate Container. files files • We create a container by cloning a template container with the lxc-clone command. We set the root filesys- Root Container Root bottom layer tem (rootfs) of the container to the directory of Aufs wordword phpphp DB above. httpd mysqld presspress logslogs DB filesfiles files filesfiles files • We configure Auditd. We will describe Auditd in Section III-B. • We execute the container with the lxc-start com- Fig. 2. Implementation of worlds with Linux containers (LXC) and Aufs, a mand. union filesystem. To delete a world, we kill processes in the container, delete the container, unmount the Aufs directory, and remove files in the read-write layer of Aufs. software upgrading and testing. Human administrators solve To show differences between a parent and a child world, conflicts and tolerate miner problems. we show the file names in the Aufs read-write layer of the In this paper, we describe the third implementation of the child. At this time, we exclude some system files that are parallel world model. First, we implemented the model in a automatically modified by LXC.
Recommended publications
  • A Novel Scheduling Framework Leveraging Hardware Cache Partitioning for Cache-Side-Channel Elimination in Clouds
    A Novel Scheduling Framework Leveraging Hardware Cache Partitioning for Cache-Side-Channel Elimination in Clouds Read Sprabery Konstantin Evchenko Abhilash Raj University of Illinois, University of Illinois, Oregon State University Urbana-Champaign Urbana-Champaign [email protected] [email protected] [email protected] Rakesh B. Bobba Sibin Mohan Roy H. Campbell Oregon State University University of Illinois, University of Illinois, [email protected] Urbana-Champaign Urbana-Champaign [email protected] [email protected] ABSTRACT on the Last-Level-Cache (LLC) that is shared across multiple cores While there exist many isolation mechanisms that are available [18, 23, 43, 44, 48] – these make defenses much harder. to cloud service providers, including virtual machines, containers, Many defenses against cache-side-channel attacks in cloud envi- etc. , the problem of side-channel increases in importance as a re- ronments have also been proposed (e.g., [6, 19, 21, 22, 24, 25, 28, 31, maining security vulnerability – particularly in the presence of 32, 37–40, 45, 51]). However, the proposed solutions suer from a shared caches and multicore processors. In this paper we present variety of drawbacks: (a) some are probabilistic [25, 37, 51]; (b) oth- a hardware-software mechanism that improves the isolation of ers do not protect applications when SMT is enabled [51]; (c) some cloud processes in the presence of shared caches on multicore require developers to re-write applications [19, 22, 31], (d) while chips. Combining the Intel CAT architecture that enables cache others require hardware changes [39, 40] impacting deployability; partitioning on the y with novel scheduling techniques and state (e) some depend on violating x86 semantics by modifying the reso- cleansing mechanisms, we enable cache-side-channel free comput- lution, accuracy or availability of timing instructions [21, 24, 38] ing for Linux-based containers and virtual machines, in particular, and consequently require signicant changes to the applications.
    [Show full text]
  • The Virtual Filesystem Interface in 4.4BSDI
    The Virtual Filesystem Interface in 4.4BSDI Marshall Kirk McKusick Consultant and Author Berkeley, California ABSTRACT: This paper describes the virtual filesys- tem interface found in 4.4BSD. This interface is de- signed around an object oriented virtual file node or "vnode" data structure. The vnode structure is de- scribed along with its method for dynamically expand- ing its set of operations. These operations have been divided into two groups: those to manage the hierarchi- cal filesystem name space and those to manage the flat filestore. The translation of pathnames is described, as it requires a tight coupling between the virtual filesys- tem layer and the underþing filesystems through which the path traverses. This paper describes the filesystem services that are exported from the vnode interface to its clients, both local and remote. It also describes the set of services provided by the vnode layer to its client filesystems. The vnode interface has been generalized to allow multiple filesystems to be stacked together. After describing the stacking functionality, several examples of stacking filesystems are shown. t To appear in The Design and Implementation of the 4.4BSD Operating System, by Marshall Kirk McKusick, publisher. et al., @1995 by Addison-Wesley Publishing Companf Inc. Reprinted with the permission of the o 1995 The USENIX Association, Computing Systems, Vol. 8 ' No. 1 ' Winter 1995 I. The Virtual Filesystem Interface In early UNIX systems, the file entries directly referenced the local filesystem inode, see Figure I [Leffler et al. 1989]. This approach worked fine when there was a single filesystem implementation. However, with the advent of multþle filesystem types, the architecture had to be generalized.
    [Show full text]
  • A NAS Integrated File System for On-Site Iot Data Storage
    A NAS Integrated File System for On-site IoT Data Storage Yuki Okamoto1 Kenichi Arai2 Toru Kobayashi2 Takuya Fujihashi1 Takashi Watanabe1 Shunsuke Saruwatari1 1Graduate School of Information Science and Technology, Osaka University, Japan 2Graduate School of Engineering, Nagasaki University, Japan Abstract—In the case of IoT data acquisition, long-term storage SDFS, multiple NAS can be handled as one file system and of large amounts of sensor data is a significant challenge. When a users can easily add new NAS. cloud service is used, fixed costs such as a communication line for The remainder of this paper is organized as follows. In uploading and a monthly fee are unavoidable. In addition, the use of large-capacity storage servers incurs high initial installation section 2, we discuss the issues associated with the sensor data costs. In this paper, we propose a Network Attached Storage storage. Section 3 describes the overview and implementation (NAS) integrated file system called the “Sensor Data File System of the proposed file system, SDFS. In section 4, we evaluate (SDFS)”, which has advantages of being on-site, low-cost, and the performance of SDFS and existing file systems. Section 5 highly scalable. We developed the SDFS using FUSE, which introduces related work, and Section 6 summarizes the main is an interface for implementing file systems in user-space. In this work, we compared SDFS with existing integrated storage findings of this paper. modalities such as aufs and unionfs-fuse. The results indicate that II. ISSUES ASSOCIATED WITH THE SENSOR DATA STORAGE SDFS achieves an equivalent throughput compared with existing file systems in terms of read/write performance.
    [Show full text]
  • A BRIEF HISTORY of the BSD FAST FILE SYSTEM 9 June07login Press.Qxd:Login June 06 Volume 31 5/27/07 10:22 AM Page 10
    June07login_press.qxd:login June 06 Volume 31 5/27/07 10:22 AM Page 9 I FIRST STARTED WORKING ON THE UNIX file system with Bill Joy in the late MARSHALL KIRK MCKUSICK 1970s. I wrote the Fast File System, now called UFS, in the early 1980s. In this a brief history of article, I have written a survey of the work that I and others have done to the BSD Fast File improve the BSD file systems. Much of System this research has been incorporated into other file systems. Dr. Marshall Kirk McKusick writes books and articles, teaches classes on UNIX- and BSD-related subjects, and provides expert-witness testimony on software patent, trade secret, and copyright issues, particu - 1979: Early Filesystem Work larly those related to operating systems and file sys - tems. While at the University of California at Berke - The first work on the UNIX file system at Berke - ley, he implemented the 4.2BSD Fast File System and was the Research Computer Scientist at the Berkeley ley attempted to improve both the reliability and Computer Systems Research Group (CSRG) oversee - the throughput of the file system. The developers ing the development and release of 4.3BSD and improved reliability by staging modifications to 4.4BSD. critical filesystem information so that the modifi - [email protected] cations could be either completed or repaired cleanly by a program after a crash [14]. Doubling the block size of the file system improved the per - formance of the 4.0BSD file system by a factor of more than 2 when compared with the 3BSD file system.
    [Show full text]
  • Upgrade Without Bricking
    Upgrade without Bricking Arnout Vandecappelle http://mind.be/content/Presentation_Upgrade-without-Bricking.pdf or .odp © 2012 Essensium N.V. This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License You never know where your product will be used High-precision GNSS receiver You never know where your product will be used What if you install new firmware on remote systems? What if you install new firmware on remote systems? Murphy's Law What if you install new firmware on remote systems? Murphy's Law Upgrade without Bricking Arnout Vandecappelle http://mind.be/content/Presentation_Upgrade-without-Bricking.pdf or .odp © 2012 Essensium N.V. This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License Overview 1 Failure mechanisms ● Power failure ● Bad firmware ● Communication errors 2 Boot loader upgrade 3 Package-based upgrade Overview 1 Failure mechanisms ● Power failure ● Bad firmware ● Communication errors 2 Boot loader upgrade 3 Package-based upgrade Power failure Power fails during upgrade ⇒ new firmware only partially written Solutions: Add fail-safe firmware Detect failed power Atomic update of firmware images Use journalling filesystem for writable data Detecting power failure: Switch to fail-safe firmware 1. Boot current firmware fail- boot current config safe loader firmware files FW Detecting power failure: Switch to fail-safe firmware 2. Switch to fail-safe fail- boot current config safe loader firmware files FW Detecting power failure: Switch to fail-safe firmware fail- boot new config safe loader firmware files FW 3. Overwrite firmware Detecting power failure: Switch to fail-safe firmware 4. Fail-safe restarts upgrade fail- boot new config safe loader firmware files FW Detecting power failure: Switch to fail-safe firmware 5.
    [Show full text]
  • A Method of Merging Vmware Disk Images Through File System Unification by Sarah X
    A Method of Merging VMware Disk Images MASSACHUSETTS INSTITUTE through File System Unification OF TECHN4OLOGY by DEC 16 2010 Sarah X. Cheng LIBRARIES S.B., Computer Science and Engineering, Massachusetts Institute of Technology (2004) Submitted to the Department of Electrical Engineering and Computer Science in partial fulfillment of the requirements for the degree of Master of Engineering in Electrical Engineering and Computer Science at the MASSACHUSETTS INSTITUTE OF TECHNOLOGY ACHIVES February 2011 © Massachusetts Institute of Technology 2011. All rights reserved. -7--) Author ...... ...... Department of Electrical Enginer' d Computer Science October 5, 2010 ... s ..... Certified by............. Stephen A. Ward Professor Thesis Supervisor Accepted by........ Dr. Christopher J. Terman Chairman, Master of Engineering Thesis Committee 2 A Method of Merging VMware Disk Images through File System Unification by Sarah X. Cheng Submitted to the Department of Electrical Engineering and Computer Science on October 5, 2010, in partial fulfillment of the requirements for the degree of Master of Engineering in Electrical Engineering and Computer Science Abstract This thesis describes a method of merging the contents of two VMware disk images by merging the file systems therein. Thus, two initially disparate file systems are joined to appear and behave as a single file system. The problem of file system namespace unification is not a new one, with predecessors dating as far back as 1988 to present-day descendants such as UnionFS and union mounts. All deal with the same major issues - merging directory contents of source branches and handling any naming conflicts (namespace de-duplication), and allowing top-level edits of file system unions in presence of read-only source branches (copy-on-write).
    [Show full text]
  • Use the Overlayfs Storage Driver | Docker Documentation
    Use the OverlayFS storage driver Estimated reading time: 18 minutes OverlayFS is a modern union filesystem that is similar to AUFS, but faster and with a simpler implementation. Docker provides two storage drivers for OverlayFS: the original overlay , and the newer and more stable overlay2 . This topic refers to the Linux kernel driver as OverlayFS and to the Docker storage driver as overlay or overlay2 . ! Note:: IfIf youyou useuse OverlayFS,OverlayFS, useuse thethe overlay2 driverdriver ratherrather thanthan thethe overlay driver,driver, becausebecause itit isis moremore eefficient in terms of inode utilization. To use the new driver, you need version 4.0 or higher of thethe LinuxLinux kernel,kernel, oror RHELRHEL oror CentOSCentOS usingusing versionversion 3.10.0-5143.10.0-514 andand above. For more information about differences between overlay vs overlay2 , check Docker storage drivers (https://docs.docker.com/storage/storagedriver/select-storage-driver/). Prerequisites OverlayFS is supported if you meet the following prerequisites: The overlay2 driver is supported on Docker CE, and Docker EE 17.06.02-ee5 and up, and is the recommended storage driver. Version 4.0 or higher of the Linux kernel, or RHEL or CentOS using version 3.10.0-514 of the kernel or higher. If you use an older kernel, you need to use the overlay driver, which is not recommended. The overlay and overlay2 drivers are supported on xfs backing filesystems, but only with d_type=true enabled. Use xfs_info to verify that the ftype option is set to 1 . To format an xfs filesystem correctly, use the flag -n ftype=1 .
    [Show full text]
  • Docker Containers for HEP - first Steps
    docker containers for HEP - first steps Sébastien Binet LAL/IN2P3 2014-05-21 S. Binet (LAL) docker 2014-05-21 1 / 19 Outline What ? Why ? How ? (When ?) S. Binet (LAL) docker 2014-05-21 2 / 19 Docker: what is it ? http://www.docker.io/ an open source project to pack, ship and run any application as a lightweight container High level description kind of like a lightweightVM runs in its own process space has its own network interface can run stuff as root Low level description chroot on steroids container = isolated process(es) share kernel with host no device emulation S. Binet (LAL) docker 2014-05-21 3 / 19 Docker: why ? same use cases than for VMs speed: boots in (milli)seconds footprint: 100-1000 containers on a single machine/laptop. small disk requirements Containers vs. VMs S. Binet (LAL) docker 2014-05-21 4 / 19 Docker: why ? Efficiency: almost no overhead processes are isolated but run straight on the host CPU performance = native performance memory performance = a few % shaved off for (optional) accounting network perfomace = small overhead Efficiency: storage friendly unioning filesystems snapshotting filesystems copy-on-write provisionning takes a few milliseconds . and a few kilobytes creating a new container/base-image takes a few seconds S. Binet (LAL) docker 2014-05-21 5 / 19 Docker: how ? LinuX Containers (LXC) Control Groups and Namepsaces AUFS (overlaying filesystem), or BTRFS, or DeviceMapper Client-Server with an http/REST API LXC Let’s your run a Linux system within another Linux system A container is a group of processes on a Linux box, put together is an isolated environment From the inside, it looks like a VM.
    [Show full text]
  • State of the Union When You Don’T Need Union Mounts
    State of the Union When you don't need Union Mounts Jan Blunck Novell [email protected] 30. October 2009 What Union? I Not the European Union ... this is Dresden not Brussels I This is about Filesystems I In particular about Filesystem Namespace Unification What Union? I Not the European Union ... this is Dresden not Brussels I This is about Filesystems I In particular about Filesystem Namespace Unification What Union? I Not the European Union ... this is Dresden not Brussels I This is about Filesystems I In particular about Filesystem Namespace Unification Outline Introduction Where is the Problem? Unioning Filesystems UnionFS Another UnionFS UnionFS-FUSE mini fo Union Mount You probably don't need Union Mounts Device-Mapper Snapshot Delta Filesystem CLIC Filesystem SquashFS Fake Write Support Shared root filessytem - NFS Root Shared root filessytem - XIP Whats left to do than? Thanks Disclaimer I'm the author of the VFS based Union Mount patches. That somehow makes me biased. I'll try my very best though ... Where is the Problem? POSIX Requirements I seek to cookie POSIX is missing I whiteout filetype DT WHITEOUT I topology of mount tree I open (directories) by inode number Where is the Problem? POSIX Requirements I seek to cookie POSIX is missing I whiteout filetype DT WHITEOUT I topology of mount tree I open (directories) by inode number Where is the Problem? I NFS Sucks ftp://ftp.lst.de/pub/people/okir/papers/2006-OLS/ nfs-sucks-slides.pdf Where is the Problem? I NFS Sucks ftp://ftp.lst.de/pub/people/okir/papers/2006-OLS/ nfs-sucks-slides.pdf
    [Show full text]
  • Liveng Documentation Release 1.0
    liveng Documentation Release 1.0 LumIT Labs Feb 04, 2019 Contents 1 Why liveng 3 2 More features 5 3 Table of contents 7 3.1 Standard Debian live...........................................7 3.2 Set up a standard Debian live......................................8 3.3 liveng structure..............................................9 3.4 UEFI Secure Boot............................................ 14 3.5 Persistence................................................ 16 3.6 Kernel update............................................... 21 3.7 Kernel update, the Debian way...................................... 23 3.8 Kernel update improvements....................................... 24 3.9 About liveng............................................... 25 3.10 liveng-based operating systems and tools................................ 25 3.11 License.................................................. 25 i ii liveng Documentation, Release 1.0 Next Generation Linux live distributions concepts A live operating system allows booting from a removable medium, such a USB key, without the need of being installed to the hard drive. Contents 1 liveng Documentation, Release 1.0 2 Contents CHAPTER 1 Why liveng None of the existing ISO9660-based live operating systems provide a kernel update feature: the kernel and the initrd are the only components that a live operating system cannot update, because they lay outside of the data persistence partition and the system partition is ISO9660-formatted, so not writeable - which is the best option for a live, because of its strength
    [Show full text]
  • Linux - Hard Drives, Partitions and Filesystems Naming Convention
    Linux - Hard Drives, Partitions and Filesystems Naming Convention IDE drives are referred to as hda for the first drive, hdb for the second etc. Serial ATA and SCSI drives are referenced as sda, sdb etc. Hard drive partitions are represented by an additional number. The partitions on each drive are referred numerically. The first partition on the first drive is referred to as hda1, the second as hda2, the third as hda3 etc. Linux IDE naming conventions: Device Description Configuration /dev/(s)hda 1st (Primary) IDE controller Master /dev/(s)hdb 1st (Primary) IDE controller Slave /dev/(s)hdc 2nd (Secondary) IDE controller Master /dev/(s)hdd 2nd (Secondary) IDE controller Slave Linux SATA/SCSI naming conventions: /dev/sda 1st SATA /dev/sdb 2nd SATA Partitioning A computer system may have multiple drives with primary partitions but only one primary partition may be active on one drive only. The active primary partition is used for booting the system and is referenced by the Master Boot Record (MBR). Each hard drive may only have a maximum of four primary partitions. You must an OS from a primary partition. Extended partitions allow one to place up to 24 partitions on a single drive. The first partition on the first drive is referred to as hda1, the second as hda2, the third as hda3 etc. Use the fdisk command under LINUX to partition a hardrive. Implicit in the fdisk command is the mkdev command that creates the device file for the partition. On sime UNIX systems, the mkdev command is explicitly used to create the device file.
    [Show full text]
  • Freebsd and Openbsd Are Increasingly Gaining Traction In
    < Day Day Up > Mastering FreeBSD and OpenBSD Security By Paco Hope, Yanek Korff, Bruce Potter ............................................... Publisher: O'Reilly Pub Date: March 2005 ISBN: 0-596-00626-8 Pages: 464 Table of Contents | Index | Errata FreeBSD and OpenBSD are increasingly gaining traction in educational institutions, non- profits, and corporations worldwide because they provide significant security advantages over Linux. Although a lot can be said for the robustness, clean organization, and stability of the BSD operating systems, security is one of the main reasons system administrators use these two platforms. There are plenty of books to help you get a FreeBSD or OpenBSD system off the ground, and all of them touch on security to some extent, usually dedicating a chapter to the subject. But, as security is commonly named as the key concern for today's system administrators, a single chapter on the subject can't provide the depth of information you need to keep your systems secure. FreeBSD and OpenBSD are rife with security "building blocks" that you can put to use, and Mastering FreeBSD and OpenBSD Security shows you how. Both operating systems have kernel options and filesystem features that go well beyond traditional Unix permissions and controls. This power and flexibility is valuable, but the colossal range of possibilities need to be tackled one step at a time. This book walks you through the installation of a hardened operating system, the installation and configuration of critical services, and ongoing maintenance of your FreeBSD and OpenBSD systems. Using an application-specific approach that builds on your existing knowledge, the book provides sound technical information on FreeBSD and Open-BSD security with plenty of real- world examples to help you configure and deploy a secure system.
    [Show full text]