Linux Admin: Difference between revisions

From miki
Jump to navigation Jump to search
Line 61: Line 61:
udevadm test $(udevadm info -q path -n /dev/sda2) 2>&1 | grep OWNER # Test the effect of a new rule on device /dev/sda2
udevadm test $(udevadm info -q path -n /dev/sda2) 2>&1 | grep OWNER # Test the effect of a new rule on device /dev/sda2
</source>
</source>

== Libraries ==
See the [http://www.linux.org/docs/ldp/howto/Program-Library-HOWTO/index.html Library HOWTO].

=== Static Libraries ===
See [http://www.linux.org/docs/ldp/howto/Program-Library-HOWTO/static-libraries.html Library HOWTO - Static Libraries]

=== Shared Libraries ===
See [http://www.linux.org/docs/ldp/howto/Program-Library-HOWTO/shared-libraries.html Library HOWTO - Shared Libraries]

Path conventions according to the [http://www.gnu.org/prep/standards/html_node/Directory-Variables.html info:standards#Directory_Variables GNU Standards] (used by developers):
* <tt>/usr/local/lib</tt>: for all libraries when distributing ''source'' code (executables go to <tt>/usr/local/bin</tt>).

Path conventions according to the [http://www.pathname.com/fhs Filesystem Hierarchy Standard]) (used by distributors through package management)
* <tt>/usr/lib</tt>: for most libraries (executables go to <tt>/usr/bin</tt>, executables that users should not call directly go to <tt>/usr/libexec/</tt>).
* <tt>/lib</tt>: for libraries needed at boot time.
* <tt>/usr/local/lib</tt>: for libraries that are not part of the system (<tt>/usr/local/bin</tt> for executables, and <tt>/usr/local/libexec</tt> for library executable)

;soname &mdash; real name &mdash; linker name
* <tt>/usr/lib/libreadline.so.3</tt> is a fully-qualified soname (symlinked to realname below by <tt>ldconfig</tt>)
* <tt>/usr/lib/libreadline.so.3.0</tt> is the realname
* <tt>/usr/lib/libreadline.so</tt> is the linker name (symlinked to soname <tt>/usr/lib/libreadline.so.3</tt>)

;Environment variables
* <tt>LD_LIBRARY_PATH</tt> temporarily overrides the usual library path for a given executable (should only be used for debugging)
* <tt>LD_DEBUG</tt> triggers debugging in C loader (e.g. <code>LD_DEBUG=files /bin/ls</code>)

;Utilities
<source lang="bash">
ldconfig -n directory_with_shared_libraries #Creates soname links to realname when installing new libraries
ldd /bin/ls #List shared libraries needed by a given executable
</source>

=== Dynamically Loaded (DL) Libraries ===
See [http://www.linux.org/docs/ldp/howto/Program-Library-HOWTO/dl-libraries.html Library HOWTO - Dynamically Loaded Libraries].



== Managing Alternatives ==
== Managing Alternatives ==

Revision as of 08:45, 22 September 2010

/etc/sudoers

The man page gives a complete but unclear description of the file specification. Here a simplified but complete version:

First the description of possible entries in the file: 

# Alias
'User_Alias'  NAME '=' User...         (':' NAME '=' User...        )*
'Runas_Alias' NAME '=' Runas_Member... (':' NAME '=' Runas_Member...)*
'Host_Alias'  NAME '=' Host...         (':' NAME '=' Host...        )*
'Cmnd_Alias'  NAME '=' Cmnd...         (':' NAME '=' Cmnd...        )*

#Default_Entry
'Defaults' ('@' Host... | ':' User... | '!' Cmnd... | '>' Runas_Member...)? Parameter...

#User_Spec
User... Host... '=' Cmnd_Spec...       (':' Host... '=' Cmnd_Spec...)*

Now the description of the syntactical elements (note the description of ..., which is simply a comma-separated list): 

identifier... ::= identifier (',' identifier)*

NAME          ::= [A-Z]([a-z][A-Z][0-9]_)*

User /
Runas_Member  ::= '!'* ( username | '#'uid | '%'group | '+'netgroup | Alias | 'ALL' )

Host          ::= '!'* ( hostname | ip_addr | network(/netmask)? | '+'netgroup | Alias| 'ALL' )

Cmnd          ::= '!'* ( command filename (args | '""')? | directory | "sudoedit" | Alias | 'ALL' )

Parameter     ::= Parameter '=' Value | Parameter '+=' Value | Parameter '-=' Value | '!'* Parameter

Cmnd_Spec     ::= ('(' Runas_Member...? (':' ...? ')')? ('NOPASSWD:'|'PASSWD:'|'NOEXEC:'|'EXEC:'|'SETENV:'|'NOSETENV:')* Cmnd


  • HTTP Proxy — When using a HTTP proxy defined through the variable http_proxy, you have to add/change the following lines to /etc/sudoers:
Defaults	env_reset, env_keep=http_proxy

File Systems

Reiserfs

  • For better performance, use mount switch noatime,notail (see [1])

udev & devfs

Reference: [2]

This chapter is about the devices in /dev. Since kernel 2.6, the content of this directory is generated by udev rules.

These rules are located at:

  • /lib/udev/rules.d
  • /etc/udev/rules.d (these can be customized)

Use udevadm to get information on a given device: 

udevadm info -q path -n /dev/sda2                                     # To get the path to the device /dev/sda2
udevadm info -q -n /dev/sda2                                          # To get all the attributes of device /dev/sda2
udevadm info -a -p $(udevadm info -q path -n /dev/sda2)               # Same as above
udevadm test $(udevadm info -q path -n /dev/sda2) 2>&1 | grep OWNER   # Test the effect of a new rule on device /dev/sda2

Libraries

See the Library HOWTO.

Static Libraries

See Library HOWTO - Static Libraries

Shared Libraries

See Library HOWTO - Shared Libraries

Path conventions according to the info:standards#Directory_Variables GNU Standards (used by developers):

  • /usr/local/lib: for all libraries when distributing source code (executables go to /usr/local/bin).

Path conventions according to the Filesystem Hierarchy Standard) (used by distributors through package management)

  • /usr/lib: for most libraries (executables go to /usr/bin, executables that users should not call directly go to /usr/libexec/).
  • /lib: for libraries needed at boot time.
  • /usr/local/lib: for libraries that are not part of the system (/usr/local/bin for executables, and /usr/local/libexec for library executable)
soname — real name — linker name
  • /usr/lib/libreadline.so.3 is a fully-qualified soname (symlinked to realname below by ldconfig)
  • /usr/lib/libreadline.so.3.0 is the realname
  • /usr/lib/libreadline.so is the linker name (symlinked to soname /usr/lib/libreadline.so.3)
Environment variables
  • LD_LIBRARY_PATH temporarily overrides the usual library path for a given executable (should only be used for debugging)
  • LD_DEBUG triggers debugging in C loader (e.g. LD_DEBUG=files /bin/ls)
Utilities
ldconfig -n directory_with_shared_libraries      #Creates soname links to realname when installing new libraries
ldd /bin/ls                                      #List shared libraries needed by a given executable

Dynamically Loaded (DL) Libraries

See Library HOWTO - Dynamically Loaded Libraries.


Managing Alternatives

For instance, to define the default cursor-theme, use update-alternatives: 

sudo update-alternatives --config x-cursor-theme

Network

ZeroConfig

ZeroConfig refers to all utilities that help setting up network without any additional configuration. More information on wikipedia. See also zeroconf (open standard issued by Apple).

Address resolution
Name resolution
In Apple ZeroConf, you can access a given host with name hostname.local without need of a local DNS server.
Apple ZeroConf relies on mDNS (multicast DNS) protocol. mDNS client makes a request to a well-known multicast address (224.0.0.251 for IPv4 and ff02::fb for IPv6 link-local addressing).
On Linux, avahi package implements the Apple Zeroconf specification.
Service discovery


Import Windows Settings for Enterprise Wireless Network (Dynamic WEP, TLS)

This chapter explains how to import the network configuration settings from Windows for an enterprise wireless network using Dynamic WEP (802.1x), with TLS authentication.

  1. In Windows, export the client Authentication certificate and private key from Windows Certificate Store:
    • In Control PanelInternet OptionsContent tab, click Certificates.
    • In the Personal tab, select the certificate used for client authentication, and click Export.
    • In the new window, click Next, then select Yes, export the private key and click Next.
      (If this option is grayed out, and you also have the message "The associated private key is marked as not exportable. Only the certificate can be exported", you can use the tool Jailbreak)
    • Select format Personal information interchange - PKCS #12 (.PFX), and select Include all the certificates in the certificate path if possible and Enable strong protection.
    • Select a password, and save the file (say mywindowscert.pfx).
  2. In Ubuntu, split the exported certificate in the components CA / Cert / Private key (see [3]):
    3. openssl -in mywindowscert.pfx -nocerts -out mycert.key.p12
openssl -in mywindowscert.pfx -clcerts -nokeys -out mycert.crt.pem
openssl -in mywindowscert.pfx -cacerts -nokeys -out mycert.ca.pem
  3. Now create a new wireless network connection in Ubuntu:
    • Security: Dynamic WEP (802.1x)
    • Authentication: TLS
    • Identity: the account name (this is not necessarily the same as the name whom the certificate was issued to)
    • User Certificate: mycert.crt.pem
    • CA certificate: mycert.ca.pem
    • Private key: mycert.key.p12
    • Private key password: as required
Retrieved from "https://miki.immie.org/mediawiki/index.php?title=Linux_Admin&oldid=2218"