3.10.2015

Command Line Tools to Monitor Linux Performance


Top – Linux Process Monitoring

Linux Top command is a performance monitoring program which is used frequently by many system administrators to monitor Linux performance and it is available under many Linux/Unix like operating systems.

Lsof – List Open Files

Lsof command used in many Linux/Unix like system that is used to display list of all the open files and the processes. The open files included are disk files, network sockets, pipes, devices and processes.


VmStat – Virtual Memory Statistics

Linux VmStat command used to display statistics of virtual memory, kernerl threads, disks, system processes, I/O blocks, interrupts, CPU activity and much more.

Netstat – Network Statistics

Netstat is a command line tool for monitoring incoming and outgoing network packets statistics as well as interface statistics.

Tcpdump – Network Packet Analyzer

Tcpdump one of the most widely used command-line network packet analyzer or packets sniffer program that is used capture or filter TCP/IP packets that received or transferred on a specific interface over a network.

Htop – Linux Process Monitoring

Htop is a much advanced interactive and real time Linux process monitoring tool. This is much similar to Linux top command but it has some rich features like user friendly interface to manage process, shortcut keys, vertical and horizontal view of the processes and much more.

Iostat – Input/Output Statistics

IoStat is simple tool that will collect and show system input and output storage device statistics.


Iotop – Monitor Linux Disk I/O

Iotop is also much similar to top command and Htop program, but it has accounting function to monitor and display real time Disk I/O and processes.

Monit – Linux Process and Services Monitoring

Monit is a free open source and web based process supervision utility that automatically monitors and managers system processes, programs, files, directories, permissions, checksums and filesystems.


IPTraf – Real Time IP LAN Monitoring

IPTraf is an open source console-based real time network (IP LAN) monitoring utility for Linux.

Psacct or Acct – Monitor User Activity

psacct or acct tools are very useful for monitoring each users activity on the system. Both daemons runs in the background and keeps a close watch on the overall activity of each user on the system and also what resources are being consumed by them.

Suricata – Network Security Monitoring

Suricata is an high performance open source Network Security and Intrusion Detection and Prevention Monitoring System for Linux, FreeBSD and Windows.

 NetHogs – Monitor Per Process Network Bandwidth

NetHogs is an open source nice small program (similar to Linux top command) that keeps a tab on each process network activity on your system. It also keeps a track of real time network traffic bandwidth used by each program or application.

Monitorix – System and Network Monitoring

Monitorix is a free lightweight utility that is designed to run and monitor system and network resources as many as possible in Linux/Unix servers. It has a built in HTTP web server that regularly collects system and network information and display them in graphs.

Arpwatch – Ethernet Activity Monitor

Arpwatch is a kind of program that is designed to monitor Address Resolution (MAC and IP address changes) of Ethernet network traffic on a Linux network.

Collectl: All-in-One Performance Monitoring Tool
Collectl is a yet another powerful and feature rich command line based utility, that can be used to gather information about Linux system resources such as CPU usage, memory, network, inodes, processes, nfs, tcp, sockets and much more.

 VnStat PHP – Monitoring Network Bandwidth

VnStat PHP a web based frontend application for most popular networking tool called “vnstat“. VnStat PHP monitors a network traffic usage in nicely graphical mode.


Nagios – Network/Server Monitoring

Nagios is an leading open source powerful monitoring system that enables network/system administrators to identify and resolve server related problems before they affect major business processes.

iftop – Network Bandwidth Monitoring

iftop is another terminal-based free open source system monitoring utility that displays a frequently updated list of network bandwidth utilization (source and destination hosts) that passing through the network interface on your system. iftop is considered for network usage, what ‘top‘ does for CPU usage.

Nmon: Monitor Linux Performance

Nmon (stands for Nigel’s performance Monitor) tool, which is used to monitor all Linux resources such as CPU, Memory, Disk Usage, Network, Top processes, NFS, Kernel and much more.




Linux Acronyms




A
AMD   Advanced Micro Devices
API   application programming interface
ARP   address resolution protocol
ARPANET   Advanced Research Projects Agency Network
AS   autonomous system
ASCII   American Standard Code for Information Interchange
AT&T   American Telephone and Telegraph Company
ATA   advanced technology attachment
ATM   asynchronous transfer mode

B
B   byte
BELUG   Bellevue Linux Users Group
BGP   border gateway protocol
BIOS   basic input output system
BKL   big kernel lock
BNC   Bayonet Neill-Concelman
BSA   Business Software Alliance
BSD   Berkeley Software Distribution (originally Berkeley Source Distribution)

C
CCITT   Comité Consultatif International Téléphonique et Télégraphique
cd   change directory
CD   compact disc
CDROM   compact disc read-only memory
CJKV   Chinese Japanese Korean Vietnamese
CLDR   common locale data repository
CLI   command line interface
CPU   central processing unit
CRC   cyclic redundancy check
CRT   cathode ray tube
CSMA/CD   carrier sense multiple access/collision detection
CSS   cascading style sheets
CUPS   common UNIX printing system
CVS   concurrent versions system
D
daemon   disk and execution monitor*
DEC   Digital Equipment Corporation
DHCP   dynamic host configuration protocol
DLC   data link control
DLL   dynamic link library
DMCA   Digital Millennium Copyright Act
DNS   domain name service
DOS   disk operating system
DRAM   dynamic random access memory
DVD   digital versatile disc (originally digital video disc)

E
EDGE   enhanced data GSM environment
EEPROM   electrically erasable read-only memory
EFF   Electronic Frontier Foundation
EGP   exterior gateway protocol
EULA   end user license agreement

F
FAQ   frequently asked questions
FDD   floppy disk drive
FDDI   fiber distributed data interface
FOSS   free open source software
FQDN   fully qualified domain name
FS   filesystem
FSF   Free Software Foundation
FTP   file transfer protocol

G
Gb   gigabit
GB   gigabyte
GbE   gigabit Ethernet
GCC   GNU Compiler Collection (originally GNU C Compiler)
GFDL   GNU Free Documentation License
GID   group identification
GIF   graphics interchange format
GIGO   garbage in garbage out
GIMP   GNU Image Manipulation Program
GNOME   GNU Network Object Model Environment
GOCC   Government Open Code Collaborative
GNU   GNU's Not UNIX
GPG   GNU Privacy Guard
GPRS   general packet radio service
GRUB   grand unified bootloader
GUI   graphical user interface

H
HDD   hard disk drive
HDLC   high level data link control
HFS   hierarchical file system
HP   Hewlett-Packard
HTML   hypertext markup language
HTTP   hypertext transfer protocol

I
IANA   Internet Assigned Numbers Authority
IBM   International Business Machines
IC   integrated circuit
ICANN   Internet Corporation for Assigned Names and Numbers
ICMP   Internet control message protocol
IDE   integrated drive electronics
IEEE   Institute of Electrical and Electronic Engineers
IETF   Internet Engineering Task Force
IGP   interior gateway protocol
IGRP   interior gateway routing protocol
IMAP   Internet message access protocol
I/O   input/output
IP   Internet protocol
IPC   inter-process communication
IPX   internetwork packet exchange
IRC   Internet relay chat
ISO   International Organization for Standardization
ISP   Internet service provider
IT   information technology
IXP   Internet exchange points

J
JPEG   Joint Photographic Experts Group
JVM   Java virtual machine

K
Kb   kilobit
KB   kilobyte
KCP   kernel control path
KDE   K Desktop Environment

L
LAMP   Linux Apache MySQL and PHP
LAN   local area network
LANANA   Linux Assigned Names and Numbers Authority
LAP   link access procedure
LCD   liquid crystal display
LDAP   lightweight directory access protocol
LED   light emitting diode
LFS   Linux From Scratch
LGPL   GNU Lesser General Public License
LIDS   Linux intrusion detection system
LILO   Linux loader
LINFO   The Linux Information Project
LFS   log-structured file system
LSB   Linux Mark Institute
LSB   Linux Standards Base
LSI   large scale integrated circuit
LUG   Linux users group
LVM   logical volume management
LZW   Lempel-Ziv-Welch

M
MAC   media access control
Mb   megabit
MB   megabyte
MBR   master boot record
MD5   message digest 5
MDI   medium dependent interface
MIT   Massachussets Institute of Technology
MMU   memory management unit
MS   Microsoft
MS-DOS   Microsoft disk operating system
MTU   maximum transmission unit

N
NFS   network file system
NIC   network interface card
NILFS   new implementation log-structured file system
NIS   network information system
NNTP   network news transfer protocol
NTP   network time protocol

O
ODF   open document format
OS   operating system
OSDL   Open Source Development Labs
OSI   open systems interconnection
OSPF   open shortest path first

P
PAM   pluggable authentication modules
PCMCIA   Personal Computer Memory Card International Association
PDA   personal digital assistant
PDF   portable document format
PGP   pretty good privacy
PHP   PHP hypertext preprocessor (originally personal home page)
PID   process identification number
ping   packet Internet groper (orginally not an acronym)
PKI   public key cryptography
PKI   public key infrastructure
PNG   portable network graphics
PnP   plug-and-play
POP   post office protocol
POSIX   portable operating system interface
POTS   plain old telephone service
PPP   point-to-point protocol
PS   postscript
PSTN   public switched telephone network
pwd   print working directory

R
RAID   redundant arrays of independent disks
RAM   random access memory
RARP   reverse address resolution protocol
RDBMS   relational database management system
RFID   radio frequency identification
RHCE   Red Hat Certified Engineer
RIP   routing information protocol
RJ   registered jack
RMON   remote monitoring
RMS   Richard M. Stallman
ROM   read-only memory
RPC   remote procedure call
RPM   Red Hat package manager
RSS   really simple syndication
RTOS   real time operating system
RTP   real-time transport protocol

S
SAN   storage area network
SANE   scanner access now easy
SCO   Santa Cruz Operation
SCSI   small computer standard interface
SDLC   synchronous data link control
SDRAM   synchronous dynamic random access memory
SGID   set group ID
SGML   standard generalized markup language
SMB   server message block
SNMP   simple network management protocol
SMTP   simple mail transfer protocol
SOAP   simple object access protocol
SPAM   superfluous pieces of additional mail*
SRAM   static random access memory
SRI   Stanford Research Institute
SSH   secure shell
SSL   secure sockets layer
su   substitute user
SUID   set user ID
SVID   System V interface definition

T
TAR   tape archive
TB   terabyte
TCP   transmission control protocol
TCP/IP   transmission control protocol/Internet protocol
Tcl   tool command language
TCO   total cost of ownership
TCO   transmission control protocol
TLB   translation lookaside buffer
TLD   top level domain
TRON   The Real Time Operating System
TSL   transport layer security
TTL   time-to-live
TTL   transistor-transistor logic
TTY   teletype terminal

U
UCB   University of California at Berkeley
UCITA   Uniform Computer Information Transactions Act
UCLA   University of California at Los Angeles
UCS   universal character set
UDP   user datagram protocol
UID   user identification
URI   uniform resource identifier
URL   uniform resource locator
USB   universal serial bus
UTF   UCS transformation format
UTMS   universal mobile telecommunications system
UUCP   UNIX-to-UNIX copy

V
VFAT   virtual file allocation table
VGA   video graphics array
VLSI   very large scale integrated circuit
vm   virtual memory
VPN   virtual private network

W
W3C   World Wide Web Consortium
WAN   wide area network
WAP   wireless access point
WAP   wireless application protocol
WEP   wired equivalent privacy
WINE   WINE is not an emulator
WLAN   wireless local area network
WWW   World Wide Web
WXGA   wide extended graphics array

X
X   X Window System
XML   extensible markup language

GRUB - GRand Unified Bootloader

File:GNU GRUB on MBR partitioned hard disk drives.svg

The GNU GRand Unified Boot loader (GRUB) is a program which enables the selection of the installed operating system or kernel to be loaded at system boot time. It also allows the user to pass arguments to the kernel.

GRUB  which provides a user the choice to boot one of multiple operating systems installed on a computer or select a specific kernel configuration available on a particular operating system's partitions.

 GRUB was developed from a package called the Grand Unified Bootloader (a play on Grand Unified Theory). It is predominantly used for Unix-like systems. The operating system uses  GRUB as its boot loader, as do most Linux distributions. The Solaris operating system has used GRUB as its boot loader on x86 systems, starting with the Solaris 10 1/06 release.



GRUB and the x86 Boot Process

This section discusses the specific role GRUB plays when booting an x86 system. For a look at the overall boot process, refer to Section 33.2, “A Detailed Look at the Boot Process”.
GRUB loads itself into memory in the following stages:

  1. The Stage 1 or primary boot loader is read into memory by the BIOS from the MBR ⁠[4]. The primary boot loader exists on less than 512 bytes of disk space within the MBR and is capable of loading either the Stage 1.5 or Stage 2 boot loader.
  2. The Stage 1.5 boot loader is read into memory by the Stage 1 boot loader, if necessary. Some hardware requires an intermediate step to get to the Stage 2 boot loader. This is sometimes true when the /boot/ partition is above the 1024 cylinder head of the hard drive or when using LBA mode. The Stage 1.5 boot loader is found either on the /boot/ partition or on a small part of the MBR and the /boot/ partition.
  3. The Stage 2 or secondary boot loader is read into memory. The secondary boot loader displays the GRUB menu and command environment. This interface allows the user to select which kernel or operating system to boot, pass arguments to the kernel, or look at system parameters.
  4. The secondary boot loader reads the operating system or kernel as well as the contents of /boot/sysroot/ into memory. Once GRUB determines which operating system or kernel to start, it loads it into memory and transfers control of the machine to that operating system.

Configure the GRUB boot loader

GRUB is a boot loader designed to boot a wide range of operating systems from a wide range of filesystems. GRUB is becoming popular due to the increasing number of possible root filesystems that can Linux can reside upon.
GRUB is documented in a GNU info file. Type info grub to view the documentation.
The GRUB configuration file is /boot/grub/menu.lst. Some distributions use another configuration file; for example, Red Hat Linux uses the file /boot/grub/grub.conf.
GRUB configuration files are interpreted. Syntax errors will not be detected until the machine is rebooted, so take care not to make typing errors.
Edit the GRUB configuration file and remove any splashimage entries. If these entries are not removed GRUB 0.90 behaves very oddly, transferring control between the serial console and the attached monitor and keyboard.
If there is not already a password command in the GRUB configuration file then create a hashed password, see Figure 4-4. The password should be good, as it can be used to gain root access.
Figure 4-4. Using md5crypt to create a hashed password for GRUB
grub> md5crypt
Password: **********
Encrypted: $1$U$JK7xFegdxWH6VuppCUSIb.
Use that hashed password in the GRUB configuration file, this is shown in Figure 4-5.
Figure 4-5. GRUB configuration to require a password
password --md5 $1$U$JK7xFegdxWH6VuppCUSIb.
Define the serial port and configure GRUB to use the serial port, as shown in Figure 4-6.
Figure 4-6. GRUB configuration for serial console
serial --unit=0 --speed=9600 --word=8 --parity=no --stop=1
terminal serial
--unit is the number of the serial port, counting from zero, unit 0 being COM1.
Note that the values of --parity are spelt out in full: noeven and odd. The common abbreviations ne and o are not accepted.
If there is mysteriously no output on the serial port then suspect a syntax error in the serial or terminal commands.
If you also want to use and attached monitor and keyboard as well as the serial port to control the GRUB boot loader then use the alternative configuration in Figure 4-7.
Figure 4-7. GRUB configuration for serial console and attached monitor and keybaord console
password --md5 $1$U$JK7xFegdxWH6VuppCUSIb.
serial --unit=0 --speed=9600 --word=8 --parity=no --stop=1
terminal --timeout=10 serial console
When both the serial port and the attached monitor and keyboard are configured they will both ask for a key to be pressed until the timeout expires. If a key is pressed then the boot menu is displayed to that device. Disconcertingly, the other device sees nothing.
If no key is pressed then the boot menu is displayed on the whichever of serial or console is listed first in the terminal command. After the timeout set by the timeout the default option set by default is booted.
Figure 4-8. GRUB output to default device when configured for serial and attached monior output
Press any key to continue.
Press any key to continue.
Press any key to continue.
Press any key to continue.
Press any key to continue.
Press any key to continue.
Press any key to continue.
Press any key to continue.
Press any key to continue.
Press any key to continue.

    GRUB  version 0.90  (639K lower / 162752K upper memory)

 +-------------------------------------------------------------------------+
 | [ Red Hat Linux (2.4.9-21)   ]                                          |  
 |                                                                         |
 |                                                                         |
 +-------------------------------------------------------------------------+
      Use the ^ and v keys to select which entry is highlighted.
      Press enter to boot the selected OS or 'p' to enter a
      password to unlock the next set of features.

   The highlighted entry will be booted automatically in 10 seconds.
If you are not using a VT100 terminal then the cursor keys may not work to select a GRUB menu item. The instructions shown in Figure 4-8 are literally correct: Use the ^ and v keys means that the caret key (Shift-6) moves the cursor up and letter vee key (V) moves the cursor down.
Note when configuring GRUB that there are two timeouts involved. Press any key to continue is printed for terminal --timeout=10 seconds, waiting for someone on the keyboard or terminal to press a key to get the input focus. Then the menu is displayed for timeout 10 seconds before the default boot option is taken.
If the terminal attached to the serial port is not a real or emulated VT100, then force GRUB to use it's command line interface. This interface is much more difficult to use than GRUB's menu interface; however, the command line interface does not assume the VT100's terminal language.
Figure 4-9. GRUB configuration for command line interface for terminals other than VT100
terminal --timeout=10 --dumb serial console
This HOWTO does not discuss the use of GRUB's command line. It is far too complex and error-prone to recommend for use on production machines. Wizards will know to consult GRUB's info manual for the commands required to boot the kernel.
GRUB's menu's can be edited interactively after P is pressed and the password supplied. A better approach is to add menu items to boot the machine into alternative run levels. A sample configuration showing a menu entry for the default run level and an alternative menu entry for single user mode (run level s) is shown in Figure 4-10. Remember to use the lock command to require a password for single user mode, as single user mode does not ask for a Linux password.
Figure 4-10. Adding a single user mode option to the GRUB menu
password --md5 $1$U$JK7xFegdxWH6VuppCUSIb.
default 0
title Red Hat Linux (2.4.9-21)
        root (hd0,0)
        kernel /vmlinuz-2.4.9-21 ro root=/dev/hda6
        initrd /initrd-2.4.9-21.img
title Red Hat Linux (2.4.9-21) single user mode
        lock
        root (hd0,0)
        kernel /vmlinuz-2.4.9-21 ro root=/dev/hda6 s
        initrd /initrd-2.4.9-21.img
File names in the kernel and initrd commands are relative to the GRUB installation directory, which is usually /boot/grub. So /vmlinuz-2.4.9-21 is actually the file /boot/grub/vmlinuz-2.4.9-21.
GRUB is now configured to use the serial console. The kernels booted from GRUB are yet to be configured to use the serial console.

3.08.2015

Linux builder - Linus Torvalds


Image result for Linus Torvalds
Linus Torvalds

Linus Benedict Torvalds  born December 28, 1969) is a Finnish American software engineer, who was the principal force behind the development of the Linux kernel that became the most popular kernel for operating systems. He later became the chief architect of the Linux kernel and now acts as the project's coordinator. He also created the revision control system Git. He was honored, along with Shinya Yamanaka, with the 2012 Millennium Technology Prize by the Technology Academy Finland "in recognition of his creation of a new open source operating system for computers leading to the widely used Linux kernel"


Recognition
 Awards
 IEEE Computer Pioneer Award
On April 23, 2014, the Institute of Electrical and Electronics Engineers named Torvalds as the 2014 recipient of the IEEE Computer Society's Computer Pioneer Award. The Computer Pioneer Award was established in 1981 by the IEEE Computer Society Board of Governors to recognize and honor the vision of those whose efforts resulted in the creation and continued vitality of the computer industry. The award is presented to outstanding individuals whose main contribution to the concepts and development of the computer field was made at least 15 years earlier.

 Internet Hall of Fame
On April 23, 2012 at Internet Society's Global INET conference in Geneva, Switzerland, Torvalds was one of the inaugural inductees into the Internet Hall of Fame, one of ten in the Innovators category and thirty-three overall inductees.

 Millennium Technology Prize
On April 20, 2012, Torvalds was declared one of two winners of that year's Millennium Technology Prize, along with Shinya Yamanaka. The honor is widely described as technology's equivalent of the Nobel Prize.

 Academics
In 1997, Torvalds received his Master degree (Laudatur Grade) from the Department of Computer Science at the University of Helsinki. Two years later he received honorary doctor status at Stockholm University, and in 2000 he received the same honor from his alma mater. University of Helsinki has named an auditorium after Torvalds and his computer is on display at the Department of Computer Science.

In August 2005, Torvalds received the Vollum Award from Reed College.

 Industry
In 1998, Torvalds received an EFF Pioneer Award. In 2000 he was awarded the Lovelace Medal from the British Computer Society. In 2001, he shared the Takeda Award for Social/Economic Well-Being with Richard Stallman and Ken Sakamura. In 2008, he was inducted into the Hall of Fellows of the Computer History Museum in Mountain View, California. He was awarded the C&C Prize by the NEC Corporation in 2010 for "contributions to the advancement of the information technology industry, education, research, and the improvement of our lives". 

Q&A session with Linus Torvalds - 2015


                 Q&A session with Linus Torvalds - 2015

The Q&A session was moderated by Bdale Garbee with the assistance of Andrew Tridgell.
Linux.conf.au 2015 was held in Auckland, New Zealand, at the University of Auckland Business School from 12-16th January 2015.

3.07.2015

LINUX Permissions

The Linux operating system (and likewise, Linux) differs from other computing environments in that it is not only a multitasking system but it is also a multi-user system as well.
What exactly does this mean? It means that more than one user can be operating the computer at the same time. While your computer will only have one keyboard and monitor, it can still be used by more than one user. For example, if your computer is attached to a network, or the Internet, remote users can log in via telnet or ssh (secure shell) and operate the computer. In fact, remote users can execute X applications and have the graphical output displayed on a remote computer. The X Windows system supports this.
The multi-user capability of Unix is not a recent "innovation," but rather a feature that is deeply ingrained into the design of the operating system. If you remember the environment in which Unix was created, this makes perfect sense. Years ago before computers were "personal," they were large, expensive, and centralized. A typical university computer system consisted of a large mainframe computer located in some building on campus and terminals were located throughout the campus, each connected to the large central computer. The computer would support many users at the same time.
In order to make this practical, a method had to be devised to protect the users from each other. After all, you could not allow the actions of one user to crash the computer, nor could you allow one user to interfere with the files belonging to another user.
This lesson will cover the following commands:
  • chmod - modify file access rights
  • su - temporarily become the superuser
  • chown - change file ownership
  • chgrp - change a file's group ownership

    Although there are already a lot of good security features built into Linux-based systems, one very important potential vulnerability can exist when local access is granted - - that is file permission based issues resulting from a user not assigning the correct permissions to files and directories. So based upon the need for proper permissions, I will go over the ways to assign permissions and show you some examples where modification may be necessary.
    Basic File Permissions
    Permission Groups
    Each file and directory has three user based permission groups:
    • owner - The Owner permissions apply only the owner of the file or directory, they will not impact the actions of other users.
    • group - The Group permissions apply only to the group that has been assigned to the file or directory, they will not effect the actions of other users.
    • all users - The All Users permissions apply to all other users on the system, this is the permission group that you want to watch the most.

    Permission Types

    Each file or directory has three basic permission types:
    • read - The Read permission refers to a user's capability to read the contents of the file.
    • write - The Write permissions refer to a user's capability to write or modify a file or directory.
    • execute - The Execute permission affects a user's capability to execute a file or view the contents of a directory.

    Viewing the Permissions

    You can view the permissions by checking the file or directory permissions in your favorite GUI File Manager (which I will not cover here) or by reviewing the output of the \"ls -l\" command while in the terminal and while working in the directory which contains the file or folder.

    The permission in the command line is displayed as: _rwxrwxrwx 1 owner:group
    1. User rights/Permissions
      1. The first character that I marked with an underscore is the special permission flag that can vary.
      2. The following set of three characters (rwx) is for the owner permissions.
      3. The second set of three characters (rwx) is for the Group permissions.
      4. The third set of three characters (rwx) is for the All Users permissions.
    2. Following that grouping since the integer/number displays the number of hardlinks to the file.
    3. The last piece is the Owner and Group assignment formatted as Owner:Group.

    Modifying the Permissions

    When in the command line, the permissions are edited by using the command chmod. You can assign the permissions explicitly or by using a binary reference as described below.

    Explicitly Defining Permissions

    To explicity define permissions you will need to reference the Permission Group and Permission Types.

    The Permission Groups used are:
    • u - Owner
    • g - Group
    • o or a - All Users
    The potential Assignment Operators are + (plus) and - (minus); these are used to tell the system whether to add or remove the specific permissions.

    The Permission Types that are used are:
    • r - Read
    • w - Write
    • x - Execute
    So for an example, lets say I have a file named file1 that currently has the permissions set to _rw_rw_rw, which means that the owner, group and all users have read and write permission. Now we want to remove the read and write permissions from the all users group.

    To make this modification you would invoke the command: chmod a-rw file1
    To add the permissions above you would invoke the command: chmod a+rw file1

    As you can see, if you want to grant those permissions you would change the minus character to a plus to add those permissions.

    Using Binary References to Set permissions

    Now that you understand the permissions groups and types this one should feel natural. To set the permission using binary references you must first understand that the input is done by entering three integers/numbers.

    A sample permission string would be chmod 640 file1, which means that the owner has read and write permissions, the group has read permissions, and all other user have no rights to the file.

    The first number represents the Owner permission; the second represents the Group permissions; and the last number represents the permissions for all other users. The numbers are a binary representation of the rwx string.
    • r = 4
    • w = 2
    • x = 1
    You add the numbers to get the integer/number representing the permissions you wish to set. You will need to include the binary permissions for each of the three permission groups.

    So to set a file to permissions on file1 to read _rwxr_____, you would enter chmod 740 file1.
    Owners and Groups
    I have made several references to Owners and Groups above, but have not yet told you how to assign or change the Owner and Group assigned to a file or directory.

    You use the chown command to change owner and group assignments, the syntax is simple chown owner:group filenameso to change the owner of file1 to user1 and the group to family you would enter chown user1:family file1.
    Advanced Permissions
    The special permissions flag can be marked with any of the following:
    • _ - no special permissions
    • d - directory
    • l - The file or directory is a symbolic link
    • s - This indicated the setuid/setgid permissions. This is not set displayed in the special permission part of the permissions display, but is represented as a s in the read portion of the owner or group permissions.
    • t - This indicates the sticky bit permissions. This is not set displayed in the special permission part of the permissions display, but is represented as a t in the executable portion of the all users permissions
    Setuid/Setgid Special Permissions
    The setuid/setguid permissions are used to tell the system to run an executable as the owner with the owner\'s permissions.

    Be careful using setuid/setgid bits in permissions. If you incorrectly assign permissions to a file owned by root with the setuid/setgid bit set, then you can open your system to intrusion.

    You can only assign the setuid/setgid bit by explicitly defining permissions. The character for the setuid/setguid bit is s.

    So do set the setuid/setguid bit on file2.sh you would issue the command chmod g+s file2.sh.
    Sticky Bit Special Permissions
    The sticky bit can be very useful in shared environment because when it has been assigned to the permissions on a directory it sets it so only file owner can rename or delete the said file.

    You can only assign the sticky bit by explicitly defining permissions. The character for the sticky bit is t.

    To set the sticky bit on a directory named dir1 you would issue the command chmod +t dir1.

    When Permissions Are Important

    To some users of Mac- or Windows-based computers you don't think about permissions, but those environments don't focus so aggressively on user based rights on files unless you are in a corporate environment. But now you are running a Linux-based system and permission based security is simplified and can be easily used to restrict access as you please.

    So I will show you some documents and folders that you want to focus on and show you how the optimal permissions should be set.
    • home directories - The users\' home directories are important because you do not want other users to be able to view and modify the files in another user\'s documents of desktop. To remedy this you will want the directory to have the drwx______ (700) permissions, so lets say we want to enforce the correct permissions on the user user1\'s home directory that can be done by issuing the command chmod 700 /home/user1.
    • bootloader configuration files - If you decide to implement password to boot specific operating systems then you will want to remove read and write permissions from the configuration file from all users but root. To do you can change the permissions of the file to 700.
    • system and daemon configuration files - It is very important to restrict rights to system and daemon configuration files to restrict users from editing the contents, it may not be advisable to restrict read permissions, but restricting write permissions is a must. In these cases it may be best to modify the rights to 644.
    • firewall scripts - It may not always be necessary to block all users from reading the firewall file, but it is advisable to restrict the users from writing to the file. In this case the firewall script is run by the root user automatically on boot, so all other users need no rights, so you can assign the 700 permissions.

File types In Linux/Unix


How many types of file are there in Linux/Unix?
By default Unix have only 3 types of files. They are..
1. Regular files
2. Directory files
3. Special files(This category is having 5 sub types in it.)

So in practical we have total 7 types(1+1+5) of files in Linux/Unix. And in Solaris we have 8 types. And you can see the file type indication at leftmost part of “ls -l” command.

Here are those files type.

1. Regular file(-)
2. Directory files(d)

Special files
1. Block file(b)
2. Character device file(c)
3. Named pipe file or just a pipe file(p)
4. Symbolic link file(l)
5. Socket file(s)

For your information there is one more file type called door file(D) which is present in Sun Solaris as mention earlier. A door is a special file for inter-process communication between a client and server (so total 8 types in Unix machines). We will learn about different types of files as below sequence for every file type.

Definition and information of the file type

How to create particular file type
How to list/see particular file type
Regular file type Explained in Linux

These are the files which are indicated with "-" in ls -l command output at the starting of the line. And these files are.

1. Readable file or
2. A binary file or
3. Image files or
4. Compressed files etc.

How to create regular files in Linux/Unix? 

Ans: Use touch/vi command and redirection operators etc.

How can we list regular files?

ls -l | grep ^-

Example listing of regular files :

-rw-r–r– 1 krishna krishna 20986522 2010-01-31 13:48 test.wmv
-rw-r–r– 1 krishna krishna 173448 2010-01-30 21:20 Transformers-Teaser-Wallpaper-310.jpg
-r-xr-xr-x 1 root root 135168 2009-12-12 19:14 VIDEO_TS.VOB
-rw-r–r– 1 krishna krishna 2113536 2009-12-01 13:32 Aditya 365 – Janavule.mp3
-rwxrwxrwx 1 root root 168 2010-02-14 14:12 xyz.sh

Directory file type explained in Linux/Unix

These type of files contains regular files/folders/special files stored on a physical device. And this type of files will be in blue in color with link greater than or equal 2.

How can we list them in my present working directory? 

ls -l | grep ^d

Example listing of directories.
drwxr-xr-x 2 surendra surendra 4096 2010-01-19 18:37 bin
drwxr-xr-x 5 surendra surendra 4096 2010-02-15 18:46 Desktop
drwxr-xr-x 2 surendra surendra 4096 2010-01-18 14:36 Documents
drwxr-xr-x 2 surendra surendra 4096 2010-02-13 17:45 Downloads

How to create them? 

Ans : Use mkdir command
Block file type in Linux
These files are hardware files most of them are present in /dev.

How to create them? 

Ans : Use fdisk command or create virtual partition.
How can we list them in my present working directory?
ls -l | grep ^b

Example listing of Block files(for you to see these file, they are located in /dev).
brw-rw—- 1 root disk 8,  1 2010-02-15 09:35 sda1
brw-rw—- 1 root disk 8, 2 2010-02-15 09:35 sda2
brw-rw—- 1 root disk 8, 5 2010-02-15 09:35 sda5

Character device files in Linux
Provides a serial stream of input or output.Your terminals are classic example for this type of files.

How can we list character files in my present working directory?
ls -l | grep ^c
Example listing of character files(located in /dev)

crw-rw-rw- 1 root tty 5, 0 2010-02-15 16:52 tty
crw–w—- 1 root root 4, 0 2010-02-15 09:35 tty0
crw——- 1 root root 4,  1 2010-02-15 09:35 tty1

Pipe files in Linux/Unix

The other name of pipe is a “named” pipe, which is sometimes called a FIFO. FIFO stands for “First In, First Out” and refers to the property that the order of bytes going in is the same coming out. The “name” of a named pipe is actually a file name within the file system.

How to create them? 
Ans: Use mkfifo command.

How can we list character files in my present working directory?
ls -l | grep ^p

Example listing of pipe files
prw-r—– 1 root root 0 2010-02-15 09:35 /dev/.initramfs/usplash_outfifo
prw-r—– 1 root root 0 2010-02-15 09:35 /dev/.initramfs/usplash_fifo
prw——- 1 syslog syslog 0 2010-02-15 15:38 /var/run/rsyslog/kmsg
symbolic link files in Linux

These are linked files to other files. They are either Directory/Regular File. The inode number for this file and its parent files are same. There are two types of link files available in Linux/Unix ie soft and hard link.

How to create them? 
Ans : use ln command

How can we list linked files in my present working directory?
ls -l | grep ^l

Example listing of linked files

lrwxrwxrwx 1 root root 24 2010-02-15 09:35 sndstat -> /proc/asound/oss/sndstat
lrwxrwxrwx 1 root root 15 2010-02-15 09:35 stderr -> /proc/self/fd/2
lrwxrwxrwx 1 root root 15 2010-02-15 09:35 stdin -> /proc/self/fd/0
lrwxrwxrwx 1 root root 15 2010-02-15 09:35 stdout -> /proc/self/fd/1
Socket files in Linux

A socket file is used to pass information between applications for communication purpose

How to create them? 

Ans : You can create a socket file using socket() system call available under

Example in C programming
int sockfd = socket(AF_INET, SOCK_STREAM, 0);
You can refer to this socket file using the sockfd. This is same as the file descriptor, and you can use read(), write() system calls to read and write from the socket.
How can we list Socket files in my present working directory?
ls -l | grep ^s

Example listing of socket files.
srw-rw-rw- 1 root root 0 2010-02-15 09:35 /dev/log
srwxrwxrwx 1 root root 0 2010-02-15 10:07 /var/run/cups/cups.sock
srwxrwxrwx 1 root root 0 2010-02-15 09:35 /var/run/samba/winbindd_privileged/pipe
srwxrwxrwx 1 mysql mysql 0 2010-02-15 09:35 /var/run/mysqld/mysqld.sock