Linux Basics: Difference between revisions
Content added Content deleted
Line 227: | Line 227: | ||
== Shadow file == |
== Shadow file == |
||
*Located in /etc/shadow, it is not world readable and can be read by root user only. |
|||
*Shadow file permissions are 400 i.e. -r——– and ownership is root:root. |
|||
*Means it can be only read and by root users only. |
|||
*Reason for such security is password related information which is being stored in this file. |
|||
# cat /etc/shadow |
|||
root:$1$UFnkhP.mzcMyajdD9OEY1P80:17413:0:99999:7::: |
|||
bin:*:15069:0:99999:7::: |
|||
daemon:*:15069:0:99999:7::: |
|||
adm:*:15069:0:99999:7::: |
|||
testuser:$1$FrWa$ZCMQ5zpEG61e/wI45N8Zw.:17413:0:33:7::: |
|||
There are total of 8 fields in shadow file separated by colon(:) |
|||
Username |
|||
Encrypted password |
|||
Last password change |
|||
Min days |
|||
Max days |
|||
Warn days |
|||
Inactive days |
|||
Expiry |
|||
Revision as of 18:09, 27 September 2017
Linux Booting Process
Source: technochords.com
The following are the 6 high level stages of a typical Linux boot process:
- BIOS
- MBR
- GRUB
- Kernel
- Init
- Runlevel programs
Detailed explanation of each stage:
- BIOS
- Performs some system integrity checks (POST-Power On Self Test)
- Searches, loads, and executes the boot loader program.
- It looks for boot loader in floppy, cd-rom, or hard drive.
- You can press a key (typically F12 of F2, but it depends on your system) during the BIOS startup to change the boot sequence.
- Once the boot loader program is detected and loaded into the memory, BIOS gives the control to it.
- In simple terms BIOS loads and executes the MBR boot loader.
- MBR
- MBR stands for Master Boot Record.
- It is located in the 1st sector of the bootable disk.
- Typically /dev/hda, or /dev/sda
- MBR is less than 512 bytes in size.
- This has three components:
- primary boot loader info in 1st 446 bytes,
- partition table info in next 64 bytes(16,16,16,16) 4 partitions,
- magic numbers as mbr validation check in last 2 bytes.
- It contains information about GRUB (or LILO in old systems).
- In simple terms MBR loads and executes the GRUB boot loader.
- GRUB
- GRUB stands for Grand Unified Bootloader.
- It is a Multiboot boot loader.
- If you have multiple kernel images installed on your system, you can choose which one to be executed.
- GRUB displays a splash screen, waits for few seconds, if you don’t enter anything, it loads the default kernel image as specified in the grub configuration file.
- GRUB has the knowledge of the filesystem (the older Linux loader LILO didn’t understand filesystem).
- Grub configuration file is /boot/grub/grub.conf (/etc/grub.conf is a link to this).
- As you notice from the above info, it contains kernel and initrd image.
- So, in simple terms GRUB just loads and executes Kernel and initrd images.
- Kernel
- Once the control is given to kernel which is the central part of all your OS and act as a mediator between hardware and software.
- Kernel once loaded into to RAM it always resides on RAM until the machine is shutdown.
- Once the Kernel starts its operations the first thing it do is executing INIT process.
- Init (initialization)
- Looks at the /etc/inittab file to decide the Linux run level.
- Following are the available run levels
0 – halt 1 – Single user mode 2 – Multiuser, without NFS 3 – Full multiuser mode 4 – unused 5 – X11 6 – reboot
- Init identifies the default initlevel from /etc/inittab and uses that to load all appropriate program.
- Execute ‘grep initdefault /etc/inittab’ on your system to identify the default run level
- If you want to get into trouble, you can set the default run level to 0 or 6. Since you know what 0 and 6 means, probably you might not do that.
- Typically you would set the default run level to either 3 or 5.
- Runlevel programs
- When the Linux system is booting up, you might see various services getting started.
- For example, it might say “starting sendmail …. OK”.
- Those are the runlevel programs, executed from the run level directory as defined by your run level.
- Depending on your default init level setting, the system will execute the programs from one of the following directories.
Run level 0 – /etc/rc.d/rc0.d/ Run level 1 – /etc/rc.d/rc1.d/ Run level 2 – /etc/rc.d/rc2.d/ Run level 3 – /etc/rc.d/rc3.d/ Run level 4 – /etc/rc.d/rc4.d/ Run level 5 – /etc/rc.d/rc5.d/ Run level 6 – /etc/rc.d/rc6.d/
- Please note that there are also symbolic links available for these directory under /etc directly.
- So, /etc/rc0.d is linked to /etc/rc.d/rc0.d.
- Under the /etc/rc.d/rc*.d/ directories, you would see programs that start with S and K.
- Programs starts with S are used during startup. S for startup.
- Programs starts with K are used during shutdown. K for kill.
- There are numbers right next to S and K in the program names.
- Those are the sequence number in which the programs should be started or killed.
- For example, S12syslog is to start the syslog deamon, which has the sequence number of 12.
- S80sendmail is to start the sendmail daemon, which has the sequence number of 80.
- So, syslog program will be started before sendmail.
Linux file system layout
This is a layout file system structure from a CentOS linux, depends on the system and linux distro, the structure may vary, and directories may be removed or added.
- / – The Root Directory
- Everything on Linux system is located under the / or root directory.
- The meaning of / or root and root user are often confusing to new Linux users.
- In Linux, the root directory “/” is a separator between a file and a directory contains all underlying directories and files, yet root user is a super user or administrator user with has administrative privileges on the system vs Linux privileged users who only have limited privileges to protect system security.
- /bin – Essential command binaries
- The /bin directory is a place contains most commonly essential executable terminal binaries programs or file required during booting, repairing like cat, ls, mount, rm, du, df, tar, rpm, wc, etc.
- /boot – Boot loader files
- All of the required files to boot the system contains in /boot directory, including GRUB boot loader’s files, Linux kernels, the Linux initial RAM disk (initrd),
- /dev – Device Files
- All of the hardware devices on the machine like cdrom, cpu, hard drives, etc will be stored as special device files that represent all the devices in /dev directory. Device files are created during your Linux system installation.
- /etc – Configuration Files
- Contain host-specific files and directories, e.g. information about system and application configuration files like startup, shutdown, start, stop script for every individual program.
- In another word /etc data is very similar to Control panel in Microsoft Windows.
- /home – Home Directory
- Home directory of the users. Every time you create a new user, a new directory with user’s name is created in /home directory for users to store their own files within their own home’s directory.
- Most common automatic directories created within /home ‘s user are Desktop, Downloads, Documents, Music, Movie, etc.
- Most programs configuration file for a specific user will be saved in it’s users /home directory like web browser settings, web browser bookmarks, desktop wallpaper, themes, and passwords.
- /lib – Essential Libraries
- Similar to Windows ‘dll’ files, all Linux shared libraries and kernel modules files stores in /lib directory.
- These important Linux dynamic libraries are required to boot the system and run commands in the root file system.
- /lost+found – Recovering Files
- Sounds weird but yes we have lost+found in Linux file system structure.
- Every Linux file system and partitions has a lost+found in it’s directory.
- In the even your system is crashed or unexpected shutdown, you can run fsck command to check and repair the filesystem, fsck will turn any corrupted or almost-deleted files back into files that you can recover them later in /lost+founddirectory.
- /media – Removable Media Devices
- Every time you insert a removable device such as external hard drive, floppy disk, zip drive, CDs, DVDs, flash drive to a Linux system, a new directory will automatically be created inside the /media directory.
- It is a temporary mount directory for removable devices.
- /mnt – Temporarily mounted filesystems
- While /media is where the system automatically mounts removable media, /mnt is for you to mount things (partitions, file systems, devices) manually and temporarily.
- /opt – Optional software packages
- The /opt directory is reserved to store addition software or extra and third-party software for your system, those addition software usually don’t follow the standard file system hierarchy and not handled by the package manager.
- /proc – Kernel & Process Information
- Similar to /dev, /proc directory contains information about running process, system resources and information.
- You can view information about any running process with a specific process-id (pid) or hardware’s information such as memory, cpu, io, etc.
- /root – Root Home Directory
- Don’t be confused with “/” or root directory, /root is a root account’s home directory determined by developer or local preference rather than /home/root to allow for booting the system even if /home/ is not available.
- Sometimes /home is located on a different partition or even on another separate system and it’s inaccessible to “root”, that is why “root’s home directory” need to be in the same partition as “/” directory.
- /sbin – System binaries
- Similar to /bin, /sbin contains essential binaries that are generally intended to be run by the root user for system administration and maintenance purpose.
- For example iptables, reboot, fdisk, ifconfig, swapon, init, ip, mount
- /selinux – Security-Enhanced Linux
- Selinux comes with RedHat based distro (fedora, centos), selinux is a security architecture integrated into the 2.6.x kernel using the Linux Security Modules (LSM).
- For some reason Centos 6 created an emtpry selinux directory in root directory, the real selinux directory with its configuration files are stored in /etc/selinux/ directory.
- /srv – Service Data
- Server (srv) contains data of services such as HTTP, FTP, rsync, cvs
- /sys – virtual filesystem
- Some newer Linux distros have /sys directory with sysfs virtual filesystem to store information and statistics about (physical and virtual) device and device names.
- It is newly added since Linux kernel 2.6 /sys contains similar information with /proc which display device information about the kernel’s view of the system.
- /tmp – Temporary files
- System’s Temporary Directory, all users and programs in your system can access/read/write in this directory.
- Most files in this directory are required temporarily.
- Many programs use /tmp to create lock file to save temporary data or files.
- Normally don’t delete files from /tmp unless you know what you are doing because most files are required for current running programs.
- You should not save or store any important files/directories under /tmp since all files will be removed after system is rebooted.
- /usr – binaries, documentation, source code, libraries
- Pronounced as ‘user’, /usr contains the majority of user utilities, programs, libraries, documentation etc for all user-related second level programs rather than applications and files used by the system.
- Some user programs are stored here like telnet, ftp, etc.. /usr is shareable between various FHS-compliant hosts but can not be written to.
- /var – Variable Files
- Variable or /var contains data that is expected to change and grow as the system is running (system log files, mail, printer spool, temporary files).
- Some sub directories under /var are not shareable between systems like /var/log, /var/lock, or /var/run, while other sub directories are shareable like /var/mail, var/cache/man, var/cache/fonts, and /var/spool/news
File Details
Passwd file
- Password file /etc/passwd is human readable file.
- By default /etc/passwd file permission is 644 i.e. -rw-r–r– and ownership root:root.
- Means file is world readable and only root users can edit it.
- However it is not recommended it manually.
# cat /etc/passwd root:x:0:0:ROOT account:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin myuser:x:513:520:Test User:/home/myuser:/bin/bash ----- output truncated -----
- For every user (row) there are 7 fields defined separated by colon(:)
Username Encrypted password x means encrypted password is stored in /etc/shadow file UID GID Comment Home directory Shell
Shadow file
- Located in /etc/shadow, it is not world readable and can be read by root user only.
- Shadow file permissions are 400 i.e. -r——– and ownership is root:root.
- Means it can be only read and by root users only.
- Reason for such security is password related information which is being stored in this file.
# cat /etc/shadow root:$1$UFnkhP.mzcMyajdD9OEY1P80:17413:0:99999:7::: bin:*:15069:0:99999:7::: daemon:*:15069:0:99999:7::: adm:*:15069:0:99999:7::: testuser:$1$FrWa$ZCMQ5zpEG61e/wI45N8Zw.:17413:0:33:7:::
There are total of 8 fields in shadow file separated by colon(:)
Username Encrypted password Last password change Min days Max days Warn days Inactive days Expiry
- References
{{#widget:DISQUS
|id=networkm
|uniqid=Linux Basics
|url=https://aman.awiki.org/wiki/Linux_Basics
}}