Linux Admin
Documentation / Getting Help
- yelp
- Default Gnome help system. Contains basic documentation, manpages, and guides (which can even install applications if clicked on)
- doc-base
- The doc-base package implements a flexible mechanism for handling and presenting documentation. See doc-base on debian.org.
- dwww
- dwww is the web base documentation reader. When installed, you can browse the documentation available on your machine by opening your browser at http://localhost/dwww/. dwww has also command-line support.
32-bit / 64-bit
32-bit executables can still run on 64-bit architecture (amd-64). Check package ia32-libs.
Note that 32-bit libraries are located in /usr/lib32 and not in /usr/lib
/etc/sudoers
The man page gives a complete but unclear description of the file specification. Here a simplified but complete version:
First the description of possible entries in the file:
# Alias
'User_Alias' NAME '=' User... (':' NAME '=' User... )*
'Runas_Alias' NAME '=' Runas_Member... (':' NAME '=' Runas_Member...)*
'Host_Alias' NAME '=' Host... (':' NAME '=' Host... )*
'Cmnd_Alias' NAME '=' Cmnd... (':' NAME '=' Cmnd... )*
#Default_Entry
'Defaults' ('@' Host... | ':' User... | '!' Cmnd... | '>' Runas_Member...)? Parameter...
#User_Spec
User... Host... '=' Cmnd_Spec... (':' Host... '=' Cmnd_Spec...)*
Now the description of the syntactical elements (note the description of ...
, which is simply a comma-separated list):
identifier... ::= identifier (',' identifier)*
NAME ::= [A-Z]([a-z][A-Z][0-9]_)*
User /
Runas_Member ::= '!'* ( username | '#'uid | '%'group | '+'netgroup | Alias | 'ALL' )
Host ::= '!'* ( hostname | ip_addr | network(/netmask)? | '+'netgroup | Alias| 'ALL' )
Cmnd ::= '!'* ( command filename (args | '""')? | directory | "sudoedit" | Alias | 'ALL' )
Parameter ::= Parameter '=' Value | Parameter '+=' Value | Parameter '-=' Value | '!'* Parameter
Cmnd_Spec ::= ('(' Runas_Member...? (':' ...? ')')? ('NOPASSWD:'|'PASSWD:'|'NOEXEC:'|'EXEC:'|'SETENV:'|'NOSETENV:')* Cmnd
- HTTP Proxy — When using a HTTP proxy defined through the variable
http_proxy
, you have to add/change the following lines to /etc/sudoers:
Defaults env_reset, env_keep=http_proxy
File Systems
Reiserfs
- For better performance, use mount switch
noatime,notail
(see [1])
Hardware
Commands
Interesting commands:
- lsmod, Show the status of modules in the Linux Kernel
- lspci, listing all PCI devices
- modprobe, add and remove modules from the Linux kernel
- modinfo, show information about a kernel module (incl. available parameters)
- iwconfig, configure a wireless network interface
- dmidecode, DMI (SMBIOS) table decoder
System information
- lshw is available by default,
- or use sysinfo (sudo apt-get install sysinfo),
- or use hardinfo (sudo apt-get install hardinfo),
udev & devfs
Reference: [2]
This chapter is about the devices in /dev. Since kernel 2.6, the content of this directory is generated by udev rules.
These rules are located at:
- /lib/udev/rules.d
- /etc/udev/rules.d (these can be customized)
Use udevadm to get information on a given device:
udevadm info -q path -n /dev/sda2 # To get the path to the device /dev/sda2
udevadm info -q -n /dev/sda2 # To get all the attributes of device /dev/sda2
udevadm info -a -p $(udevadm info -q path -n /dev/sda2) # Same as above
udevadm test $(udevadm info -q path -n /dev/sda2) 2>&1 | grep OWNER # Test the effect of a new rule on device /dev/sda2
Libraries
See the Library HOWTO.
Static Libraries
See Library HOWTO - Static Libraries
See Library HOWTO - Shared Libraries
Path conventions according to the info:standards#Directory_Variables GNU Standards (used by developers):
- /usr/local/lib: for all libraries when distributing source code (executables go to /usr/local/bin).
Path conventions according to the Filesystem Hierarchy Standard) (used by distributors through package management)
- /usr/lib: for most libraries (executables go to /usr/bin, executables that users should not call directly go to /usr/libexec/).
- /lib: for libraries needed at boot time.
- /usr/local/lib: for libraries that are not part of the system (/usr/local/bin for executables, and /usr/local/libexec for library executable)
- soname — real name — linker name
- /usr/lib/libreadline.so.3 is a fully-qualified soname (symlinked to realname below by ldconfig)
- /usr/lib/libreadline.so.3.0 is the realname
- /usr/lib/libreadline.so is the linker name (symlinked to soname /usr/lib/libreadline.so.3)
- Environment variables
- LD_LIBRARY_PATH temporarily overrides the usual library path for a given executable (should only be used for debugging)
- LD_DEBUG triggers debugging in C loader (e.g.
LD_DEBUG=files /bin/ls
)
- Utilities
ldconfig -n directory_with_shared_libraries #Creates soname links to realname when installing new libraries
ldd /bin/ls #List shared libraries needed by a given executable
Dynamically Loaded (DL) Libraries
See Library HOWTO - Dynamically Loaded Libraries.
Kernel Stuff
Out of Memory
Kernel has an advanced algorithm to detect which process to kill when an Out of Memory occures (from [3]):
[...] But, actually, Linux doesn't just pick the process with the failed allocation to kill. Instead, when a process makes a memory request which cannot be fulfilled, the OS runs a quick calculation of the memory usage "badness" of all processes. The base of the badness score is the processes resident memory, plus the resident memory of child processes. Processes that have been "nice'd" get a score boost (on the theory they're likely to be less important), but long-running processes get a score decrease (on the theory they're likely to be more important). Superuser processes have their score decreased. Finally, processes have their scores decreased by a user-settable value in /proc//oom_adj (default is no adjustment). Also, if /proc//oom_adj is set to the constant OOM_DISABLE, then the process is not killable.
When memory runs out, Linux kills the process with the highest score. If a single ordinary user process, especially a short-lived desktop process, has consumed nearly all of the system RAM, and no one has messed with oom_adj for that process, then it WILL be the one that dies. [...]
The OOM score of each process can be obtained with:
find /proc -maxdepth 2 -name oom_score | while read i; do echo -n "$i "; cat $i; done | sort -n -k2
Managing Alternatives
For instance, to define the default cursor-theme, use update-alternatives
:
sudo update-alternatives --config x-cursor-theme
Network
ZeroConfig
ZeroConfig refers to all utilities that help setting up network without any additional configuration. More information on wikipedia. See also zeroconf (open standard issued by Apple).
- Address resolution
- Name resolution
- In Apple ZeroConf, you can access a given host with name hostname.local without need of a local DNS server.
- Apple ZeroConf relies on mDNS (multicast DNS) protocol. mDNS client makes a request to a well-known multicast address (224.0.0.251 for IPv4 and ff02::fb for IPv6 link-local addressing).
- On Linux, avahi package implements the Apple Zeroconf specification.
- Service discovery
Network Manager - Search Path
See NetworkManager Ubuntu documtation for how to add a static local domain to resolv.conf search path.
Basically:
- In the NM applet, changed the network from DHCP (auto) to DHCP (address only)
- Edit the network configuration file in /etc/>NetworkManager/system-connections to appear as follows:
- Select the network in the wired network
[ipv4] method=auto dns-search=domain1.com;domain2.org;domain3.edu; ignore-auto-routes=false ignore-auto-dns=false # !!! Set this line back to FALSE !!!
Import Windows Settings for Enterprise Wireless Network (Dynamic WEP, TLS)
This chapter explains how to import the network configuration settings from Windows for an enterprise wireless network using Dynamic WEP (802.1x), with TLS authentication.
- In Windows, export the client Authentication certificate and private key from Windows Certificate Store:
- In Control Panel → Internet Options → Content tab, click Certificates.
- In the Personal tab, select the certificate used for client authentication, and click Export.
- In the new window, click Next, then select Yes, export the private key and click Next.
(If this option is grayed out, and you also have the message "The associated private key is marked as not exportable. Only the certificate can be exported", you can use the tool Jailbreak) - Select format Personal information interchange - PKCS #12 (.PFX), and select Include all the certificates in the certificate path if possible and Enable strong protection.
- Select a password, and save the file (say mywindowscert.pfx).
- In Ubuntu, split the exported certificate in the components CA / Cert / Private key (see [4]):
- Now create a new wireless network connection in Ubuntu:
- Security: Dynamic WEP (802.1x)
- Authentication: TLS
- Identity: the account name (this is not necessarily the same as the name whom the certificate was issued to)
- User Certificate: mycert.crt.pem
- CA certificate: mycert.ca.pem
- Private key: mycert.key.p12
- Private key password: as required
openssl pkcs12 -in mywindowscert.pfx -nocerts -out mycert.key.p12
openssl pkcs12 -in mywindowscert.pfx -clcerts -nokeys -out mycert.crt.pem
openssl pkcs12 -in mywindowscert.pfx -cacerts -nokeys -out mycert.ca.pem
Rescue
Some tips to rescue a broken linux installation.
Using GRUB
See Grub#Rescue on how to fix a broken GRUB installation or on how to use GRUB to fix a broken linux installation.
Kernel line
To boot a minimal bash shell, edit the kernel line as follows:
- Change ro → rw to allow read-write access to file system
- Add init=/bin/bash to run Bash shell
After that, one can uses eg. nano to edit text configuration files.
To get boot messages:
- Remove quiet splash
- Add --verbose
/var/log
Some external links:
syslog is an utility to log all system messages, from information messages to critical errors. Log files are stored in /var/log. On Ubuntu, the default logging system is rsyslog, with configuration files /etc/rsyslog.conf and in /etc/rsyslog.conf.d/.
Logs generated by rsyslog (see /etc/rsyslog.d/50-default.conf):
file | source | description |
---|---|---|
aptitude | ||
auth.log | rsyslog | Messages to facilities auth and authpriv |
boot | ||
boot.log | ||
btmp | ||
daemon.log | rsyslog | Messages to facility daemon |
debug | rsyslog | Messages with debug priority, but excluding facilities auth, mail and news |
dmesg | kernel' | Boot time hardware detection and driver setup (i.e. kernel messages before syslog daemon is launched). Note the same as dmesg output (which is kern.log stripped to current day)!
|
dpkg.log | ||
faillog | ||
fontconfig.log | ||
jockey.log | ||
kern.log | rsyslog | Messages to facility kern |
lastlog | lastlog | last login of each user ([5]). It looks big, but it's a sparse file (du -h lastlog ) !!!
|
lpr.log | rsyslog | Messages to facility lpr |
mail.info | rsyslog | Messages to facility mail, priority ≥ info |
mail.err | rsyslog | Messages to facility mail, priority ≥ err |
mail.log | rsyslog | Messages to facility mail |
mail.warn | rsyslog | Messages to facility mail, priority ≥ warn |
messages | rsyslog | Messages with info,notice and warn priority, but excluding facilities auth, daemon, mail and news |
MountManager.log | ||
mysql.err | ||
mysql.log | ||
pm-powersave.log | ||
pm-suspend.log | ||
pycentral.log | ||
syslog.log | rsyslog | All messages except those in auth.log (i.e. facilities auth and authpriv) |
udev | ||
ufw.log | rsyslog | All messages from UFW firewall |
user.log | rsyslog | All messages targeting facility user |
vbox-install.log | ||
wtmp | ||
Xorg.0.log | ||
Xorg.failsafe.log |