Find out if service / server running in chrooted jail or not under Linux

Posted on in Categories Howto, Linux, Sys admin, Tips last updated September 10, 2007

Chrooted jail allows run command or service such as http / mysql / postfix with special root directory i.e. chroot changes the root directory for application. The biggest benefit is a service that is re-rooted to another directory cannot access files outside that directory. Basically you are going to set service in sandbox. Chrooting offers the following 2 benefits:

[a] Service Isolation

[b] Privilege Separation

But how do you find out if service / server is chrooted or not under Linux?

Simply run ls -ld command on /proc/MAIN-PID/root directory.

For example, find out if httpd chrooted or not:
pidof httpd
Output:

23456

Run ls command:
ls -ld /proc/23456/root
Output:

lrwxrwxrwx 1 root root 0 Sep 10 02:52 /proc/23456/root -> /wwwdata

Find out if postfix is chrooted or not (PID 4645):
ls -ld /proc/4645/root
Output:
lrwxrwxrwx 1 root root 0 Sep 10 02:59 /proc/4645/root -> /
The PID 4645 pointing out to / (root) i.e. the root directory for application is not changed or chrooted. This is a quick and dirty way to find out if application is chrooted or not w/o opening configuration files.

Understanding the Linux file system directories / hierarchy

Posted on in Categories Linux, RedHat/Fedora Linux, Sys admin, Tips, UNIX last updated August 24, 2007

I’ve already written about conceptual information regarding file system, especially data structure and related terms that help you become a successful system administrator. However I do get few emails asking about /opt directory or /usr or /lost+found directories and their purpose on the system.

Exploring Linux File System Hierarchy

A typical Linux system has the following directories:

=> / : This is the root directory.

=> /bin : This directory contains executable programs which are needed in single user mode and to bring the system up or repair it.

=> /boot : Contains static files for the boot loader. This directory only holds the files which are needed during the boot process.

=> /dev : Special or device files, which refer to physical devices such as hard disk, keyboard, monitor, mouse and modem etc

=> /etc : Contains configuration files which are local to the machine. Some larger software packages, like Apache, can have their own subdirectories below /etc i.e. /etc/httpd. Some important subdirectories in /etc:

  • /etc/skel : When a new user account is created, files from this directory are usually copied into the user’s home directory.
  • /etc/X11 : Configuration files for the X11 window system .
  • /etc/sysconfig : Important configuration file used by SysV script stored in /etc/init.d and /etc.rcX directories
  • /etc/cron.* : cron daemon configuration files which is used to execute scheduled commands

=> /home : Your sweet home to store data and other files. However in large installation yhe structure of /home directory depends on local administration decisions.

=> /lib : This directory should hold those shared libraries that are necessary to boot the system and to run the commands in the root filesystem.

=> /lib64 : 64 bit shared libraries that are necessary to boot the system and to run the commands in the root filesystem.

=> /mnt : This directory contains mount points for temporarily mounted filesystems

=> /opt : This directory should contain add-on packages such as install download firefox or static files

=> /proc : This is a mount point for the proc filesystem, which provides information about running processes and the kernel.

=> /root : This directory is usually the home directory for the root user.

=> /sbin : Like /bin, this directory holds commands needed to boot the system, but which are usually not executed by normal users, root / admin user specific commands goes here.

=> /tmp : This directory contains temporary files which may be deleted with no notice, such as by a regular job or at system boot up.

=> /usr : This directory is usually mounted from a separate partition. It should hold only sharable, read-only data, so that it can be mounted by various machines run ning Linux (useful for diskless client or multiuser Linux network such as university network). Programs, libraries, documentation etc. for all user-related programs.

=> /var : This directory contains files which may change in size, such as spool and log files.

=> /lost+found : Every partition has a lost+found in its upper directory. Files that were saved during failures are here, for e.g ext2/ext3 fsck recovery.

How do I get information about each and every directory from command prompt?

Above list just summaries important directories, you can get list by entering the following command to display description of the file system hierarchy (works under all other UNIX like oses such as HP-UX ):
$ man hier

List contents of directories in a tree-like format

ls command is basic tool for exploring file system. You can use tree command for a recursive directory listing. It produces a depth indented listing of files.
$ tree
Output:

|-- DIR_COLORS
|-- DIR_COLORS.xterm
|-- Muttrc
|-- Muttrc.local
|-- NetworkManager
|-- X11
|   |-- Xmodmap
|   |-- Xresources
|   |-- applnk
|   |-- fs
|   |   `-- config
.....
.......
..

find is another useful command to search for files in a directory hierarchy.

Further readings:

Linux: Find Out How Many File Descriptors Are Being Used

Posted on in Categories File system, Linux, Sys admin, Tips, Troubleshooting last updated August 21, 2007

While administrating a box, you may wanted to find out what a processes is doing and find out how many file descriptors (fd) are being used. You will surprised to find out that process does open all sort of files:
=> Actual log file

=> /dev files

=> UNIX Sockets

=> Network sockets

=> Library files /lib /lib64

=> Executables and other programs etc

In this quick post, I will explain how to to count how many file descriptors are currently in use on your Linux server system.

Linux display the date when a file was accessed with stat command

Posted on in Categories CentOS, Debian Linux, File system, Linux, RedHat/Fedora Linux, Ubuntu Linux last updated August 6, 2007

A quick question from my mail bag:

How do I display or get the date when a file was last time accessed?

The best and simplest way is to use stat command. It displays file or file system status such as:

=> File size

=> File type

=> Inode number

=> UID/GID

=> File access , modify and creation time etc.

stat command example

$ stat /etc/passwd
Output

  File: `/etc/passwd'
  Size: 2453            Blocks: 8          IO Block: 4096   regular file
Device: 806h/2054d      Inode: 25298826    Links: 1
Access: (0644/-rw-r--r--)  Uid: (    0/    root)   Gid: (    0/    root)
Access: 2007-08-06 04:45:18.000000000 -0500
Modify: 2007-07-17 16:25:12.000000000 -0500
Change: 2007-07-17 16:25:12.000000000 -0500

Display file system status

You can display file system status instead of file status. For example, display status for / file system:
$ stat -f /
Output:

  File: "/"
    ID: 0        Namelen: 255     Type: ext2/ext3
Block size: 4096       Fundamental block size: 4096
Blocks: Total: 32161831   Free: 30458361   Available: 28798245
Inodes: Total: 33226752   Free: 33135357

stat command and shell scripts

You can use stat in a shell script. It supports -c option. By default it shows all information about file. Use -c option to specify FORMAT instead of the default. For example store access time in a shell variable:

ATIME=$(stat -c "%x" /etc/passwd)
echo $ATIME

See the stat command man page for full details for the valid format sequences for files:
man stat

How Linux or UNIX Understand which program to run – PART I

Posted on in Categories Debian Linux, File system, Howto, Linux, Shell scripting, Solaris, Suse Linux, Sys admin, Tips, Ubuntu Linux, UNIX last updated February 11, 2006

This article was organically contributed by monk.

When you are logged in to a Linux server and you type a command. It is the responsibility of the shell to interpret your command. Here I will explain how BASH shell finds out which program to run. The method used by SHELL is straightforward but often creates confusion for new Linux user/admins/Interns.

Remember your shell deals with different commands and command line options to process your request.
For example:

  1. Internal commands aka shell builtin command (such as set)
  2. External commands (such as clear, date)
  3. Aliases (such as alias rm=’rm -i’)
  4. Command substitutions ( such as echo “Today is $(date)”)
  5. Functions
  6. Pipes ( such as cat /etc/passwd | wc -l)
  7. I/O redirection (such as cat /etc/passwd > /tmp/names)

As you can see, SHELL has to do many things before it can find the correct executable file for you. For example, when you type single command date; SHELL will locate date command for you. Then it spawns (forks) a new process and “execs” the date command. Please note that discussion related forks and kernel is beyond the scope of this document (see nice explanation by Tony @ How shells call other programs). Here you just want to understand how Linux knows which program to run.

Shell uses PATH variable

Your shell uses the environment variable called PATH to locate commands. Just type following command to display your current PATH:

$ echo $PATH

/usr/local/bin:/usr/bin:/bin:/usr/bin/X11:/usr/games:/usr/java/bin:/home/monk/bin

The variable PATH defines search path for commands. As you can see, PATH holds a colon-separated list of directories in which the shell looks for commands. Returning to the date example, when you type date command, shell will start with the directory on left (i.e. /usr/local/bin) side of PATH variable and checks to see if there is date command executable file. If executable file found, shell will execute date command. If command cannot be located at all in all directories then you will see command not found error message. BASH shell use following sequence to execute command (for example purpose, we will use date command):

  1. If there exists a shell FUNCTION date() execute it and stop.
  2. If there exists a shell builtin date command, execute it and stop
  3. If the date is neither a shell function nor a builtin then BASH searches in HASH tables. If there exists an entry for date command execute it and stop.
  4. Finally, if date does not exist in HASH tables, it will search using PATH variable.
  5. If above all method fails then SHELL will return error “Command not found” and always exit with 127 status code.

However, things started to get complicated if it is a shell script, the SHELL does exactly the same thing (as mentioned above), but the exec fails, which causes the shell to read the script and interpret it.

What is a HASH table?

A HASH table is nothing but some sort of caching mechanism to speed up things. For each command, the full file name of the command is determined by searching the directories in $PATH variable and remembered by shell in HASH table. Just type hash command and it will display the all remembered directory name:
$ hash
Output:

hits    command
5    /usr/bin/chsh
1    /usr/bin/man
1    /bin/ls

Related shell commands
To solve a command searching mysteries Linux/SHELL offers couple of commands.

type command

Tells whether command is an alias, function, buitin command or executable command file. To be frank type command indicate how it would be interpreted if used as a command name. General syntax:
type {command-name}

$ type -a ls
Output

ls is aliased to 'ls --color=auto'

Output:
$ type date
Output:

date is hashed (/bin/date)

$ type dirs
Output:

dirs is a shell builtin

$ type if
Output:

if is a shell keyword

$ type getip
Output:

getip is a function
getip ()
{
lynx --dump 'http://localhost:81/getip'
}

which command

Use to locate a command in a PATH.
$ which ls
Output:

/bin/ls

Continue reading the second part of “How Linux or UNIX Understand which program to run” series (this is part I).

  • PART I : How Linux or UNIX Understand which program to run
  • PART II : An example: How shell Understand which program to run

Updated for accuracy by Vivek. This article almost rewritten to fix typos.

Linux: Burn multi session CDs on Linux

Posted on in Categories CentOS, Debian Linux, File system, Gentoo Linux, Hardware, Howto, Linux, Linux desktop, RedHat/Fedora Linux, Suse Linux, Ubuntu Linux last updated July 8, 2004

Under Linux you can use tool called cdrecored (use to record audio or data Compact Discs) with mkisofs (use to create an hybrid SO9660/JOLIET/HFS filesystem with optional Rock Ridge attributes ) for this purpose.

Step #1: Create first session as follows

1) Create an iso image first:

# mkisofs -R -o /tmp/cd.iso /backup/06-07-2004/

Where,

  • -R : Uses Rock Ridge naming convention/attributes
  • -o : Name of new iso file (cd.iso)
  • /backup/06-07-2004/ : Everything in /backup/06-07-2004/ will be put into cd.iso file

2) Burning the disk (or an ISO image) for first session:

# cdrecord -dev=0,0,0 -multi -data -v -eject -speed=4 /tmp/cd.iso

Where,

  • -dev=0,0,0 : device number (tip you can use cdrecord -scanbus command to get this number)
  • -multi : Start multi session disk
  • -data : This option required for HP and Sony CD Writer only.
  • -v : Verbose i.e show info while burning the disk
  • -eject : Ejects the CD when done
  • -speed=4 : Write speed (4x)
  • cd.iso : Name of image being burned

3) Mount cdrom and see the contains:

# mount /mnt/cdrom
# ls /mnt/cdrom
# rm -f /tmp/cd.iso

OR< pre># mount /dev/hda /mnt/cdrom; ls /mnt/cdrom; rm -f /tmp/cd.iso
4) You can also verify that how many sessions written so far:

# umount /mnt/cdrom
# cdrecord -dev=0,0,0 -toc

Where,

  • -dev=0,0,0 : Device number
  • -toc : Retrieve and print out the table of content

Step #2: Burning the disk (or ISO image) for next session

Next session is bit tricky. You need to specify last sessions starting and ending sector numbers this information can be obtained from the following command:

# cdrecord -dev=0,0,0 -msinfo

Output:

0,11063

1) Create next session ISO file:

# mkisofs -o /tmp/ses2.iso -R -V session2 -C $(cdrecord -dev=0,0,0 =msinfo)
-M 0,0,0 /backup/07-07-2004

Where,

  • -C $(cdrecord -dev=0,0,0 –msinfo) : This option is needed when mkisofs is used to create the image of a second session or a higher level session for a multi session disk
  • -M 0,0,0 : Specifies path to existing iso9660 image to be merged.

2) Burning the disk (or an ISO image) for second session:

# cdrecord -dev=0,0,0 -multi -data -v -eject -speed=4 /tmp/ses2.iso

3) Mount cdrom and see the contains:

# mount /mnt/cdrom; ls /mnt/cdrom; rm -f /tmp/ses2.iso

OR

# mount /dev/hda  /mnt/cdrom; ls /mnt/cdrom; rm -f /tmp/ses2.iso

Note: When you wish to close disk (multi session cd), omit the -multi option for last session.

Online references:

How to mount remote windows partition (windows share) under Linux

Posted on in Categories CentOS, File system, Howto, Linux, RedHat/Fedora Linux, Suse Linux, Sys admin, Tip of the day, Ubuntu Linux, UNIX, Windows, Windows server last updated April 26, 2004

All files accessible in a Linux (and UNIX) system are arranged in one big tree, the file hierarchy, rooted at /. These files can be spread out over several devices. The mount command serves to attach the file system found on some device to the big file tree.

Use the mount command to mount remote windows partition or windows share under Linux as follows:

Procedure to mount remote windows partition (NAS share)

1) Make sure you have following information:
==> Windows username and password to access share name
==> Sharename (such as //server/share) or IP address
==> root level access on Linux

2) Login to Linux as a root user (or use su command)

3) Create the required mount point:
# mkdir -p /mnt/ntserver
4) Use the mount command as follows:
# mount -t cifs //ntserver/download -o username=vivek,password=myPassword /mnt/ntserver

Use following command if you are using Old version such as RHEL <=4 or Debian <= 3: # mount -t smbfs -o username=vivek,password=D1W4x9sw //ntserver/download /mnt/ntserver

5) Access Windows 2003/2000/NT share using cd and ls command:
# cd /mnt/ntserver; ls -l
Where,

  • -t smbfs : File system type to be mount (outdated, use cifs)
  • -t cifs : File system type to be mount
  • -o : are options passed to mount command, in this example I had passed two options. First argument is password (vivek) and second argument is password to connect remote windows box
  • //ntserver/download : Windows 2000/NT share name
  • /mnt/ntserver Linux mount point (to access share after mounting)

See also:

Updated for accuracy on Aug-8-2007, 8:19PM.