Unix Administrator

The startup phases:
• Bootstrap program execution
• Kernel execution
• rc system initialization
• Terminal line initialization



two main UNIX platforms:
    Berkeley UNIX (also known as Berkeley Software Distribution — BSD UNIX)
    System V UNIX (also known as AT&T UNIX)

UNIX was developed in two different environments: academic and industrial.

The kernel:
is the “core” of the UNIX operating system. It provides services such as a filesystem, memory management, CPU scheduling, and device I/O for programs.kernel interacts directly with the underlying hardware; therefore, it must be adapted to the unique machine architecture. However, there were some implementations of UNIX in which the kernel interacted with another underlying system that in turn controlled the hardware. The kernel keeps track of who is logged in, as well as the locations of all files; it also accepts and enables instruction executions received from the shell as the output of interpreted commands.

The machine-dependent parts of the kernel include:
? Low-level system initialization and bootstrap
? Fault, trap, interrupt, and exception handling
? Memory management: hardware address translation
? Low-level kernel/user mode process context switching
? I/O device drivers and device initialization code

The major features of UNIX can be summarized as:
? Portability
? Multi-user operation
? Device independence
? Tools and tool-building utilities
? Hierarchical filesystem

All programs invoked within the shell start out with three predefined files, specified by corresponding file descriptors. By default the three files are:
1. Standard input — normally assigned to the terminal (console) keyboard
2. Standard output — normally assigned to the terminal (console) display
3. Error output — normally assigned to the terminal (console) display

The shell fully supports:
? Redirection — Since I/O devices and files are treated the same way in UNIX, the shell treats the two notions as files. From the user’s viewpoint, it is easy to redefine file descriptors for any program, and in that way replace attached standard input and output files; this is known as redirection.
? Pipes — The standard output of one program can be used as standard input in another program by means of pipes. Several programs can be connected via
pipes to form a pipeline. Redirection and piping are used to make UNIX utilities called filters, which are used to perform complex compound functions.
? Concurrent execution of the user programs — Users may indicate their intentionto invoke several programs concurrently by placing their execution in the “background” (as opposed to the single “foreground” program that requires full control of the display). This mode of operation allows users to perform unrelated work while potentially lengthy operations are being performed in the background on their behalf.

three access classes:
(userowner, group-owner, and others)
three separate
permissions are specified:
reading, writing, and execution

network filesystems (for example, NFS, RFS, or AFS
network file synchronization schemes (for example, rdist and track),

umask 023.

additional access modes are listed below:
Code Name Meaning
t     sticky bit         Keep executable image in memory after exit (memory resident program)
s     set UID (SUID)     Set process user ID on execution (will be discussed in greater detail)
s     set GID (SGID)     Set process group ID on execution (will be discussed in greater detail)
l     file locking     Set mandatory file locking on r/w for this file (originally System V)


Set Bit     File or Directory         Meaning
SUID         Executable file         Effective user ID on execution (EUID) is equal to the file user owner’s ID
SUID         Nonexecutable file         None
            or directory
SGID         Executable file         Effective group ID on execution (EGID) is equal to the file group owner’s ID
SGID         Nonexecutable file         Enable mandatory locking of the file
SGID         Directory                 Opposite semantic in propagation of the group ownership; BSD behaves like System V, and vice versa
Sticky         Executable file         Memory resident program
Sticky         Nonexecutable file         Memory resident file (system’s paging is skipped, as in swap files)
Sticky         Directory                 Deletion of files in the directory is restricted only to the owner of the directory, or of the file itself


To create a hard link use the ln command:
ln myfile hardlink

To create a symbolic link use also the ln command (with the option -s):
ln -s myfile symlink

UNIX provides the command to create a named pipe pipename:
mknod pipename p

Sending a message to the user:
write username [tty]
where
username User to whom the message is sent
[tty] Optional terminal if the user is logged in to more than one

Sending a message to all users
wall (stands for “write all”)

Sending the message of the day
The message of the day — “motd” — can be used to broadcast systemwide information
to all users. The file /etc/motd keeps an arbitrary message which will be displayed
during any user’s log-in procedure.

man man_page_title
where
man_page_title A title we are looking for. If the specified title does not exist, or if it is spelled incorrectly, the system informs us; otherwise the required manual pages will be displayed, page by page.

To become user bjl while retaining the previously exported environment, execute:
$ su bjl
To become user bjl but also change the environment as if bjl had originally logged in, execute:
$ su - bjl
To execute commands with the temporary environment and permissions of user bjl, type:
$ su - bjl -c command args

The uname command prints the basic UNIX system information to the standard output file. The displayed system data contain: hostname, operating system data, and hardware architecture data.

uname [ options ]
where the available options are:
-n Print the hostname (the hostname may be the name by which the system is known
to a communications network)
-s Print the operating system name (default)
-r Print the operating system release
-v Print the operating system version
-m Print the machine hardware name (architecture)
-a Print all the above information

The uptime command displays:
? The current time
? How long the system has been up (the length of time)
? Number of users
? A rough estimate of the system load over the last estimate, every 5 and 15 minutes

The dmesg command collects system diagnostic messages; it looks in a system buffer for recently generated messages when errors occur and forwards them to the standard output.

The top command lists
the top-most CPU-consuming processes.

On the HP-UX platform, the special command ioscan is available for dealing with actual hardware
The ioscan command recognizes the following options:
-C class Restricts the output listing to those devices belonging to the specified class
-d driver Restricts the output listing to those devices controlled by the specified driver
-f Generates a full listing, displaying the module’s class, instance number,
hardware path, driver, software state, hardware type, and a brief
description
-F Produces a compact listing of fields separated by colons
-H hw_path Restricts the scan and output listing to those devices connected at
the specified hardware path
-I instance Restricts the scan and output listing to the specified instance
-k Scans kernel I/O system data structures instead of the actual hardware
and lists the results
-n Lists device file names in the output; only special files in the /dev
directory and its subdirectories are listed
-u Scans and list usable I/O system devices instead of the actual hardware.
Usable I/O devices are those having a driver in the kernel and an
assigned instance number.

The Solaris prtconf Command
On the Solaris platform, the prtconf command displays the system configuration information.
The output includes the total amount of memory and the configuration of system
peripherals formatted as a device tree.

The prtconf command has several options:
-P Includes information about pseudo devices; by default, information regarding
pseudo devices is omitted
-v Specifies verbose mode
-F Returns the device pathname of the console frame buffer, if one exists. If there
is no frame buffer, prtconf returns a non-zero exit code
-p Displays information derived from the device tree provided by the firmware
(PROM)
-V Display platform-dependent information
-D For each system peripheral in the device tree, displays the name of the device
driver used to manage the peripheral

The Solaris sysdef Command
Another Solaris command that can be used for this purpose is sysdef. The sysdef command
outputs the current system definition in tabular form

eval. This command allows so-called “double command-line scanning,” where the shell variables are first processed, developed,
and then replaced for the second command-line processing

The format of the command is: eval args where args includes the actual command itself and command arguments

System Startup
? Bootstrap program execution
? Kernel execution
? rc system initialization
? Terminal line initialization


the BSD flavored system could be in one of three possible states — off, single-user,
and multi-user mode — the System V platform explicitly defines a series of system states,
called run-levels designated by a one-character name. System V run-levels are flavor
dependent; an example is listed in the following table:

System V  Run-Level Name and Uses
0 Power-down state => safe to power-off the system
1 Administrative state
s or S Single-user mode (on many systems same as 1)
2 Multi-user mode for stand-alone system
3 Multi-user mode for networked system, possibly sharing disks with other systems => via RFS, TCP/IP, and NFS, or some other protocol
4 Unused => can be user defined locally
5 Firmware state => for maintenance and running diagnostics, and for booting from an alternate not-root disk
6 Shutdown and reboot state => to reboot system from some running state (s, 2, 3, or 4); the system
is taken down (to run-level 0) and then rebooted back

The file type is identified in the following way:
    - Plain (regular) file
    d Directory
    c Character special file
    b Block special file
    l Symbolic link
    s Socket
    p Named pipe

    
To create a special file, UNIX provides the mknod command, which has the following
    syntax:
    mknod filename type major minor
    where
    filename A name of the special file to be created
    type A type of the special file to be created
    c — for a character (row) type special file
    b— for a block type special file
    p — for a named pipe (FIFO)
    major A major device number (decimal or octal)
    minor A minor device number (decimal or octal)
    
The three distinct types of processes are:

Interactive processes — Interactive processes are initiated and controlled by a
terminal session; they run in the foreground attached for the standard input
STDIN (in a terminal session STDIN corresponds to the terminal) or in the
background. Job control (which originated in BSD) allows a foreground process
to be sent to the background and vice versa.

Batch processes — Processes not associated with a terminal; these are explicitly
submitted to a batch queue and executed with a lower priority in sequential order,
primarily at off-peak times. Originally, batch processing was not very thoroughly
developed on UNIX platforms, but third-party vendors have improved it. Batch
processing is very convenient for non-urgent, long-lasting data processing such
as iterative calculations and the like.

Daemons — Server background processes, usually initiated at the system boot
time, which continue running as long as the system is up. Daemons perform different
system-related tasks; they wait in the background until some process requires
their service.

The fork system call involves three main steps:
1. Allocating and initializing a new structure for the child process
2. Duplicating the context of the parent process for the child process
3. Scheduling the child process to run

BSD Flavored ps Command
? -a option Includes processes that are not owned by the user who issues the
command itself; displays all processes attached to the control terminal

? -x option Includes processes without control terminals; when both -a and -x
are specified, ps displays processes owned by anyone, with or without
a control terminal
? -r option Restricts the list of displayed processes to the running processes:
runnable processes, those in page wait, or those in short-term noninterruptible
waits
? -l option Displays a long listing with many additional fields; gives a full
picture of each displayed process
? -u option Displays a user-oriented listing with additional user-related fields


    Column Meaning
    USER (u) The user name of the process owner
    UID (l) The user ID of the process owner
    PID (all) The process ID of the process
    PPID (l) The process ID of the parent process
    %CPU (u) Percentage of the CPU this process used in the previous minute
    %MEM (u) Percentage of real memory this process is using
    PRI (l) The priority of the process
    NI (l) NICE value; used in priority computation
    RSS (all) Resident set size (real memory size) in KB
    SZ (u) The combined size of the data and stack segment in KB
    WCHAN (l) The event for which the process is waiting or sleeping
    START (u) Starting time of the process (if created this day) or the date otherwise
    TT (all) The controlling terminal for the process
    TIME (all) The CPU time (both user and system) the process has consumed
    COMMAND (all) The command name and its arguments
    STAT (all) The state of the process given as a sequence of four letters:
    First letter: R = runnable D= short-term wait for disk
    S = sleeping (<20 sec) I = sleeping (>20 sec)
    T = stopped Z = zombie
    P= page wait
    Second letter: W= swapped out > =memory soft limit exceeded
    Third letter: N = reduced priority < = raised priority
    Fourth letter: Indicates some special process treatment
    F (l) Flags associated with the process and presented in hexadecimal notation
    (up to 8 hex. numbers). A number of flags describe the process in more detail.
    For a flag specification consult manual pages.

System V (AT&T) Flavored ps Command
? -e option Displays all processes
? -f option Produces a full listing, including the process start time
? -l option Displays a long listing with many additional fields

    Column Meaning
    F (l) Flags (octal and additive) associated with the process:
    0 = swapped 1 =in core
    2 = system process 4 =locked in core (e.g., for I/O)
    10 = traced by another process 20 = another tracing flag
    S (l) The state of the process:
    0 = nonexistent S = sleeping
    W= waiting R = running
    I = intermediate Z = terminated
    T = stopped X = growing
    UID (f, l) The real user ID number of the process owner; the login name is printed under the
    -f option
    PID (all) The process ID of the process; it is possible to kill a process if you know this datum
    PPID (f, l) The process ID of the parent process
    C (f, l) Processor utilization for scheduling
    PRI (l) The priority of the process; higher numbers mean lower priority
    NI (l) Nice value; used in priority computation
    ADDR (l) The memory address of the process, if resident; otherwise, the disk address
    SZ (l) The size in blocks of the core image of the process
    WCHAN (l) The event for which the process is waiting or sleeping; if blank, the process is running
    STIME (f) Starting time of the process. The starting date is printed instead if the elapsed time
    is greater than 24 hours
    TTY (all) The controlling terminal for the process
    TIME (all) The cumulative execution time for the process (reported in the form “min:sec”)
    COMD (all) The command name; the full command name and its arguments are printed under
    the -f option. This field is renamed COMMAND except when the -l option is specified
    
Mounting is the process that makes a disk’s contents available to the system, merging
them into an overall filesystem directory tree. Dismounting is the process that breaks
established logical ties and makes the disk’s contents unavailable.

mount [key-options] block-special-file mount-point

-p Print the list of mounted filesystems in a format suitable for
use in the filesystem configuration file.
-a Stands for all. Attempt to mount all the filesystems described
in the filesystem configuration file. If a type argument is
specified with the -t option, mount all file systems of that
type. Some UNIX platforms have a special mount command
for this purpose.
-f Fake a filesystem status entry (in the filesystem status file /etc/
mtab, or /etc/mnttab), but do not actually mount any filesystem.
-n Mount a filesystem without making an entry in the filesystem
status file.
-v Verbose. Display messages indicating each filesystem being
mounted.
-t type Specify a file system “type” (see the later text about filesystem
types).
-r Mount the specified file system read-only, even if the configuration
entry specifies that it is to be mounted read-write.
Physically write-protected and read-only filesystems
should be mounted read-only. Otherwise errors occur when
the system attempts to update access times, even if no write
operation is attempted.
-o FS-specific-options Specify the filesystem-specific options — a comma-separated
list of options valid for the corresponding filesystem type
(see the text about filesystem types).


fuser [option] fsname
where
fsname The name of the filesystem, specified as a special device file (recommended) or a mount directory
option w/o option Lists all involved processes, identified by their PIDs
-u Lists all involved processes; the login user name is added in parentheses besides the PIDs
-k Destroys all involved processes and makes the filesystem free


 * Mount file system automatically, add in /etc/fstab:

BSD flavor
block-special-file  mount-point  type  opts  dump-freq  pass-number

The fields have the following meanings:
block-special-file The name of a special block device file where the filesystem resides

mount-point The directory at which to mount the filesystem

type The filesystem type; here the implemented values are:
4.2 For local partitions
nfs For volumes mounted remotely via NFS
pcfs For DOS formatted floppy diskettes

These could also be:
swap For swap partition
ignore For the mount command to ignore this line

opts The field consists of one or more options, separated by commas. These are the usual mount options for a specified filesystem type, determined by the type field. For ignore type entries, this
field is ignored. For swap type entries, this field should be sw. If the file’s type is 4.2, the options field may include the following keywords, separated by commas:
rw Read-write filesystem
ro Read-only filesystem
suid The SUID access mode permitted
nosuid The SUID access mode not permitted
quota Quotas may be placed in effect
noquota Quotas not in use
dump-freq A decimal number indicating the frequency with which this filesystem should be backed up. A value of 1 means every day, 2 means every other day, and so on. This field should be 0 for
swap devices.

pass-number A decimal number indicating the order in which fsck should check the filesystems. The number 1 indicates that the filesystem should be checked first, 2 indicates that the filesystem
should be checked second, and so on. The root filesystem must have a pass-number of 1. All other filesystems should have higher numbers. For optimal performance, two filesystems that are on the same disk drive should have different numbers; however, filesystems on different drives may have the same number, letting fsck check the two filesystems in parallel. The number should be 0 for a swap device.

System-V flavor

blk-spfile char-spfile mount-point type fsck-pass automount? opts

where
blk-spfile Block special file (to be used by mount)
char-spfile Character special file (to be used by fsck)
mount-point Directory at which to mount the filesystem
type Filesystem type. The possible values are:
ufs (efs) For a BSD-style filesystem
nfs For volumes mounted remotely via NFS
s5 For a System V-like filesystem
fsck-pass A decimal pass-number indicating the order in which fsck should check the filesystems.  1 indicates that the filesystem should be checked first, 2 if it’s to be checked second, and so on. The root filesystem must have a pass-number of 1. All other filesystems should have higher numbers. Again, for optimal performance, filesystems on the same disk drive should have different numbers; however, filesystems on different drives may have the same number, allowing fsck to check the two filesystems in parallel.
automount? The keyword yes or no, indicating whether the filesystem is to be automatically mounted by the mountall command
opts The field consists of one or more options, separated by commas.
The options field may include the following keywords:
rw Read-write filesystem
ro Read-only filesystem
rq Read-write filesystem with disk quotas in effect
suid The SUID access mode permitted
nosuid The SUID access mode not permitted

Mount status: cat /etc/mtab

File System types:

• ufs (UNIX filesystem).
• hfs On the HP-UX platform
• efs On the IRIX platform
• ext2 On Linux platform
• jfs Journaled filesystem, introduced by AIX, but also implemented on other platforms. jfs has some advantages; it is more robust in the face of filesystem corruption because a journal of filesystem activities enables a rollback of incomplete transactions to maintain filesystem data consistency
• 4.2 An improved filesystem introduced with BSD 4.2 UNIX, and widely used on the SunOS platform (a real ancestor of the ufs filesystem)
• vxfs Veritas filesystem, an improved journaled filesystem version with a number of beneficial filesystem characteristics

• afs Andrew filesystem, provides some additional flexibility, especially regarding remote filesystem sharing
• hsfs High Sierra filesystem, typical for CD-ROM media
• cdfs CD-ROM filesystem
• pcfs PC filesystem (FAT filesystem), implemented for DOS-formatted floppy diskettes
• cachefs Cache filesystem, allows use of local disk space to cache frequently-used data from a CD-ROM or a remote filesystem

• tmpfs Temporary filesystem, a temporary file storage in memory that swaps to bypass the overhead of writing into a disk
• lofs Loopback filesystem, a virtual filesystem to approach files using different pathnames (it is discussed in more details later in this section)
• tfs Translucent filesystem, allows mounting of a filesystem on top of existing files (mount-point does not have to be an empty directory)
• swapfs Swap filesystem, used by the kernel to manage swap space
• proc Process access filesystem, allows access to active processes and their images
• specfs Special filesystem, allows access to the special device files

remote filesystem types are:
• nfs Network filesystem, widely used on all UNIX platforms
• rfs Remote file share filesystem, typical for System V and barely in use
• autofs Automount filesystem, an NIS-based automounted NFS filesystem

Manage filesystem usage:
df To display filesystem statistics
du To report on disk usage
quot To report disk usage by users

A special device file is a pointer to the disk driver within the kernel (in UNIX all device drivers are part of the kernel).

The existing AIX menu-driven SMIT utility (system management interface tool) also supports LVM (Logical Volume Manager) in managing storage resources.

Redundant Array of Inexpensive Disks (RAID)

Adding a new disk:
• Disk formatting (also known as low, or hard, formatting) to establish the track layout onto the contiguous magnetic media of the disk plates
• Disk partitioning to establish one or more independent storage entities within the disk for further processing
• Filesystem creation (also known as soft formatting) to make disk partitions available for data storage.



User Database — File /etc/passwd
name:encrypted-passwd:UID:GID:user information:home-directory:shell

Field    Meaning
name The username assigned to the user. Usernames are not private or secure information; they should be easy to remember; older UNIX flavors restricted the name length to a maximum of eight characters, and it is advisable to keep them within that length.
encrypted-passwd The user’s encrypted password (readable encrypted text). An empty field means no password is required to log in to the system (which is not legal and represents a security hole); an asterisk (:*:) in the field prevents anyone from logging into the system; the field cannot be edited, a password can be assigned only by using the passwd command.
UID The user identification number. Each user must have a unique UID; it is good idea to assign UIDs sequentially starting from 100; UIDs less than 100 are conventionally used for system accounts.
GID Determines the user’s primary group membership. GID corresponds to a group identification number assigned to a group in the file /etc/group; GIDs less than 10 are conventionally used for system groups.
user information Usually contains the user’s full name; the e-mail subsystem and commands like finger use this information; a space is a legal character in the field; other identification data, such as the address or phone number, are also common.
home-directory The user’s home directory; when a user logs into the system, this will be the initial working directory.
shell The program that UNIX will use as a command interpreter for the user; whenever the user logs in, UNIX will automatically execute this program. The common shells are /bin/sh (Bourne shell), /bin/csh (C shell) or /bin/ksh (Korn shell) – shells can be located in other directories, like /usr/bin, or /sbin; other shells are also legal; if the field is empty the default is the Bourne shell. Other programs can also be specified instead of a shell; often an application is automatically started once the user logs in; for example, for the user uucp the uucp program /usr/lib/uucp/uucic is specified; another example is a “restricted user account” when a restricted shell is started.

The password field in the /etc/passwd file is marked by “x”, indicating to the system the need to check the shadowed password file for the encrypted password


Group Database — File /etc/group
group-name:*:GID:additional-users

Field     Meaning
group-name A name identifying the group.
* The second field is an artifact of earlier UNIX versions. It is unused and is usually filled with an asterisk.
GID The group’s identification number. By convention, standard UNIX groups have consecutive numbers beginning with 0.
additional-users A list of users and other groups that will have access to this group’s files (as a secondary group). Commas must separate users’ names in the list.

UNIX Login Initialization

User’s Shell Sequence of Sourced Initialization Files
Bourne shell       /etc/profile    $HOME/.profile
C shell         /etc/.login     ~ /.cshrc         ~ /.login
Korn shell     /etc/profile     $HOME/.profile     $HOME/.kshrc

a sequence of bash initialization files is: /etc/bash_profile,     $HOME/.bash_profile,     and $HOME/.bashrc.

$ chown -R username.groupname /home/username ==

$ chown -R username /home/username
$ chgrp -R groupname /home/username

$ useradd -?
useradd: invalid option -- ?
usage: useradd [-u uid [-o]] [-g group] [-G group,…]
[-d home] [-s shell] [-c comment] [-m [-k template]]
[-f inactive] [-e expire mm/dd/yy] [-p passwd] [-n] [-r] name
useradd -D [-g group] [-b base] [-s shell] [-f inactive] [-e expire mm/dd/yy]
name corresponds to the user’s login name, and the listed options are:

Option Description
-D Display default values
-u uid Specifies the UID; -o option allows duplicated values
-g group Specifies an existing group name or GID for the primary group
-G group,… Specifies secondary groups by the group name or GID
-d home Specifies the home directory
-s shell Specifies the user’s shell
-c comments Specifies information about the user
-m Creates a new home directory if one does not exist
-k template Specifies a skeleton directory with template initialization files
-f inactive Specifies a number of days for an account to be inactive
-e mm/dd/yy Specifies an expiration date for an account
-p passwd Specifies a password
-n Creates a group with the same name as the user (Linux specific)
-r Specifies a system account (Linux specific)
-b base Specifies the default base home directory
Note: All listed options are not available for all UNIX flavors; password-related options, in particular, are often excluded from this utility.

The groups command can be used to display group membership:
# groups username Lists groups that username belongs to
# groups Lists all user’s groups

Alternatively, the id command that lists all of a user’s identification data could also be used:
$ id -g username Lists groups that username belongs to
$ id -g Lists groups that the user who invokes the command belongs to

The standard UNIX users are:
User UID Comments
root    0     The superuser has unrestricted access to all aspects of the system; most administrative activities must be performed by the superuser
daemon 1     Used to execute system server processes; only exists to own these processes and the associated files, and to guarantee that they execute with the appropriate file access permission
bin     2     Owns some executables
sys     3     Owns some system files
adm     4     Typically owns the accounting files
uucp     5     An old-fashioned UNIX-to-UNIX copy subsystem account; the user that owns the uucp tools and files
operator     A user with read-only access to the entire filesystem and write access as a normal user; for system operators who need to do backup, initiate system shutdown, and             perform some other administrative functions
nobody - 2     Account primarly used by NFS; nowadays also by browsers; UID = - 2 appears in the /etc/passwd file as a very large integer (UIDs are presented as unsigned data             type numbers)

The standard UNIX groups are:
Group GID Comments

root     0     In principle, a highly privileged group that own’s system-related files and directories
daemon     This group exists to own spooling directories /usr/spool/* and programs responsible for transferring files. The spooling directories are temporary resting places for files that are waiting to be printed, to be transferred by uucp, or to be processed by some other subsystem. Owning these programs and directories provides additional security — they are not public, so no individual user can access them directly. Spooling programs use the SGID access mode, and users can only manipulate the files in these directories in ways allowed by the programs themselves
kmem 2     The BSD-like special group that owns some system programs needed to read kernel memory directly (like ps and pstat)
sys         System V-like, this group is the same as the BSD-like group kmem
tty         This group owns special files connected to terminals; it controls access to the terminals
others         Group that may be used to own user-related resources users


Creation of User Accounts required procedure consists of:
• Assigning a username, a user ID number, and a primary group to the user
• Entering this data in the system user database (the /etc/passwd file) and, if required, in any secondary password file
• Assigning a password to the new account
• Setting other user account parameters in use on the system, such as password aging, account expiration date, and other resource limits
• Creating a home directory for the user
• Placing initialization files in the home directory
• Setting the new user ownership to the home directory and initialization files
• Adding the user to any other facilities in use such as the disk quotas system
• Defining any secondary group membership for the user in the system group file, /etc/group
• Performing any other site-specific initialization tasks
• Testing the new account

Removing a user from the system, a number of issues should be considered:
• Removing the user’s mail files
• Removing the user from the mail aliases (the file /usr/lib/aliases), or redefining
the alias to send mail to someone else
• Removing pending print requests
• Performing any other site-specific termination activities that may be appropriate

Users frequently interact with UNIX systems, but there are other ways a user’s requests and jobs could be submitted. Time-related UNIX utilities provide this function:

cron Enables the submission of a user’s jobs for periodic execution
at Enables the submission of a user’s jobs for execution at specific (usually offpeak) times
batch Enables the submission of a user’s jobs for execution at off-peak times, when the system is less busy
Removing a user account also includes making sure the user has not left any pending cron, at, or batch jobs in the system.

Manage disk for user
Accounting


/etc/shadow:
To increase security, modern UNIX flavors split the data in the /etc/passwd file into two files; all security-relevant information is removed from the /etc/passwd file and stored in a separate file with access restricted only to the superuser and members of a selected group. This file is known as a shadowed password file, The format of the file is similar to the /etc/passwd file, but each entry includes only password-related data for a specified user.
Password-related data include the encrypted password, time of the last modification, password aging data, and other additional data (some of the existing fields are reserved for future use).

Each entry in the /etc/shadow file has the form:
username:password:lastchg:min:max:warn:inactive:expire:flag
where:
username The user’s login name
password The encrypted password (NP indicates non-login accounts)
lastchg The date of the last change (modification), also encrypted
min The minimum number of days between changes
max The maximum number of days the password is valid
warn The number of days before a user is warned
inactive The number of days of allowed inactivity
expire An absolute date when the login expires
flag Reserved for a future use

To disable login access for an active user’s account, mark password fields in the regular /etc/passwd file were by the asterisk (*)

In ULTRIX the name of the shadowed password file was /etc/auth

# ls -lg /etc/passwd /etc/auth
-rw-r--r-- 1 root system 186340 Sep 7 13:57 /etc/passwd
-rw-r----- 1 root authread 88621 Sep 8 11:45 /etc/auth

Here a special, untypical group “authread” was introduced for authentication purposes. Only members of this group and the superuser had access to the shadowed file.
An asterisk in the password field indicated that the password-related data were located in the shadowed file /etc/auth. This could be somewhat confusing, given the earlier
suggestion of how to disable login access for an active user’s account; obviously for this flavor the asterisk had a different meaning.

The format of an entry in the /etc/auth file was:
UID:password:lastchg:min:max:accmask:count:auditID:auditctrl:auditmask
where:
UID The user’s ID
password The encrypted password
lastchg The time of the last change (modification)
min The minimum number of sec required between changes
max The maximum period of time the password is valid
accmask Special user’s account parameters
count The count of unsuccessful login attempts
auditID The identifier used in generating audit records
auditctrl The control in generating audit records
auditmask The mask to determine which events will be audited

On the AIX platform, the following files contain password relevant data:
/usr/bin/passwd The passwd command
/etc/passwd Contains user IDs, user names, home directories, login shell, and finger information
/etc/security/passwd Contains encrypted passwords and security information

The format of the /etc/passwd file is typical, with the only difference being that an asterisk (*) in the “password field” indicates an invalid password (no one can login), while an exclamation point (!) points to the password-related data in the /etc/security/passwd file (this is a common and normal situation). A password must be specified in accordance with the password rules in the “pw_restrictions stanza” of the configuration file: /etc/security/login.cfg, which includes:
min_alpha The minimum number of alphabetic characters
min_other The minimum number of other characters
min_diff The minimum number of characters in the new password that are not in the old password — this is not positional; if the new password is abcd and the old password is edcb, the number of different characters is 1
max_repeats The maximum number of times a single character can be used in a password
min_age The minimum age at which a password can be changed measured in weeks
max_age The maximum age of a password. After this age the password must be changed. This value is measured in weeks

If a user entry in the /etc/security/passwd file is tagged with the NOCHECK flag, the user password does not have to meet the password restrictions. If this flag is ADMIN, then
only the superuser can change the password. When the superuser changes a user password, the user’s entry in the /etc/security/passwd file is tagged with the ADMCHG flag, and this password must be changed the next time the user logs in.

Only 7-bit ASCII characters are supported in the passwords. Only the first 8 characters of a password are significant.

Access to the /etc/security directory is granted only to the superuser and the group “security.” Besides the mentioned files login.cfg and passwd, several other files reside in
this directory:
• /etc/security/mkuser.default Contains default attributes for new users
• /etc/security/group Contains extended attributes of groups (besides the /etc/group file)
• /etc/security/user Contains extended attributes of users
• /etc/security/environ Contains environment attributes of users
• /etc/security/limits Contains process resource limits of users

Obviously, the AIX platform provides extremely versatile tools to manage users’ passwords.



Secure Terminals:
By using the wheel group, the number of users who may execute the switch to root can be restricted to only the members of this group. Members of the wheel group must be
specified in the /etc/group file.

HP-UX 10.x introduced the file /etc/securetty, which defines secure terminals that allow direct superuser login. Usually, this is the console.
Solaris 2.x introduced the directory /etc/default that includes a number of files to define the default system behavior. Among them, the file /etc/default/login defines the login rules, including the secure terminals


Important Files for the System Security
Description Files
Root account initialization files: /.profile, /.kshrc, /.cshrc, /.login, /.logout
Other root initialization files: /.forward, /.mailrc, /.exrc, /.netrc (see note)
Systemwide initialization files: /etc/profile, /etc/.login, /etc/csh.login, /etc/login
Host equivalency related files: /etc/hosts.equiv, /.rhosts (see note)
File permissions on device files: /dev/*
cron and at files: /usr/spool/cron/crontabs/*, /usr/spool/cron/at/*
All dialup related files: /etc/dialup, /etc/d_passwd, /etc/remote …
Default system settings: /etc/default/*
Filesystem configuration: /etc/fstab, /etc/vfstab, /etc/checklist (HP-UX), /etc/filesystems (AIX)
Exported (shared) filesystem for NFS: /etc/exports, /etc/dfs/share, /etc/dfs/sharetab
User and group configuration: /etc/passwd, /etc/group. /etc/shadow, /etc/security/* (AIX)
Network related files: /etc/hosts, /etc/protocols, /etc/services, /etc/netgroup, /etc/networks
Internet super daemon configuration: /etc/inetd.conf
FTP related files: /etc/ftpusers, /etc/shells, $HOME/.netrc
System logging configuration: /etc/syslog.conf
System startup files: /etc/init.d/*, /etc/rc.config.d/*, /sbin/init.d/* (HP-UX)
System initialization (System V): /etc/inittab
E-mail related files: /etc/mail/sendmail.cf, /etc/mail/sendmail.fc, /etc/mail/aliases, /etc/aliases
Accounting log files: /usr/adm/*, /var/adm/*, etc.
UUCP related files: /usr/lib/uucp/*, /etc/uucp/*
Login related raw databases: /var/adm/wtmp, /var/adm/utmp, /var/adm/btmp, /etc/wtmp, /etc/utmp, etc.
All SUID and SGID files: wherever the files might be

Note: Specified files are dependent on the implemented UNIX platform, flavor and release; some discrepancies are possible.

Log: /etc/syslog.conf  /usr/sbin/syslogd daemon

The available logging facilities are:
user User processes
kern The kernel
mail The mail system
daemon System daemons, such as telnetd, ftpd, etc.
auth The authentication (authorization) system: login, su, getty, etc.
lpr The printer spooling system: lpr, lpc, etc.
cron The cron/at facility: crontab, at, cron, etc.
local 0–7 Reserved for local use
mark For timestamp messages produced internally by the syslogd daemon
news Reserved for the USENET network news system
uucp Reserved for the UUCP system
* An asterisk indicates all facilities except for the mark facility

The defined severity (priority) levels (the highest levels are at the top) are:
emerg For panic conditions, such as catastrophic failures
alert For conditions that should be corrected immediately, such as a corrupted DB
crit For warnings about critical conditions, such as hardware device errors
err For other errors
warning For warning messages
notice For conditions that are not error conditions, but may require special handling
info For informational messages
debug For messages that are normally used only when debugging a program
none Do not log messages; use only in combination with other levels


Limiting the Growth of Log Files
$ cp /dev/null /usr/adm/sulog
or
$ cat /dev/null > /usr/adm/sulog

The 100 last lines of the sulog file will be retained.
$ tail -100 sulog > sulog.tmp
$ cp sulog.tmp sulog
$ rm sulog.tmp

$ cp -p messages.old2 messages.old3
$ cp -p messages.old messages.old2
$ cp -p messages messages.old
$ cat /dev/null > messages



BSD Printing Subsystem

Today the BSD printing subsystem represents a collection of five programs and several files:
lpr Adds a print job to a print queue by copying the file into its spooling directory. A print job is assigned a job ID number when it is submitted, and this number is used to refer to the print job in subsequent commands. The name of the command originates from “line-printer,” the most advanced printer in the early days of UNIX.
lpq Lists jobs that are currently in the print queues.
lprm Removes jobs from the print queues. Users may remove only their own jobs, but the superuser may remove any print job.
lpd The printer daemon, responsible for sending data from the spooling directory to a printer (i.e., printing device).
lpc The administrative interface to the printing subsystem.
/etc/printcap The printer configuration file, which contains entries describing each printer on the system. The standard template version includes a number of the most common printers, which an administrator can then customize for a specific system. Usually, entries are commentedout, so the administrator should activate (remove the comment markers from) all needed entries in the file. Sometimes minor adjustments are required.

The lpr command is available to activate the printing of a printable file:
lpr -Pprinter printfile
where
-P Option to select a printer for this printing
printer The name of the selected printer
printfile The name of the file to be printed

Please note that there is no space between the -P option and the printer name (some UNIX platforms allow this). If the -P option is missing, the default printer is selected. The default printer is defined in the printer configuration file /etc/printcap, as are all other printers.

The lpq command is available to check the current status of a print queue, i.e. to list the
contents of the queue:
lpq -Pprinter
where
-P Option to select a printer
printer The name of the selected printer the queue belongs to

If the -P option is missing, the default printer is selected.
A few examples:
# lpq –Ppp (post-script printer pp)
no entries
or
# lpq (default local printer)
no entries

The lprm command is available to remove individual print jobs:
lprm -Pprinter jobs-to-remove
where
-P Option to select a printer
printer The name of the selected printer jobs to remove from
jobs-to-remove A list of job IDs
A list of usernames for whom to remove all jobs
A single hyphen to remove all jobs (only if superuser)
The lprm command identifies print jobs by their IDs (obtained with the lpq command);
obviously, the lpq command should be issued before the lprm command is used.

System V Printing Subsystem
• User commands:
lp Initiates print requests (equivalent to lpr on BSD)
lpstat Lists print queue contents (equivalent to lpq on BSD)
cancel Cancels a pending print request (equivalent to lprm on BSD)


Network:

Network Access Layer
Functions performed in this layer include encapsulation of IP datagrams into the frames to be transmitted by the network, and mapping of IP addresses to the physical addresses used by the network itself.
Protocols in this layer often appear as a combination of device drivers and related programs

Internet layer:
Internet Protocol (IP) is the core of TCP/IP, and it provides the basic packet delivery service on which TCP/IP networks are built. IP is a connectionless protocol.IP is also an unreliable protocol.
• Defining the datagram, which is the basic unit of transmission in the TCP/IP network
• Defining the Internet addressing scheme
• Moving data between the layer below, the network access layer, and the layer above, the host-to-host transport layer
• Routing datagrams to remote hosts
• Performing fragmentation and reassembly of datagrams

Internet Control Message Protocol (ICMP) is an integral part of the Internet layer, and it uses the IP datagram delivery facility to send its messages.
ICMP protocol is widely used to check connectivity with designated remote hosts. The special command ping is used for this purpose (it completely relies on ICMP) to check if the remote host is “alive.
• Flow control
• Detection of unreachable destinations
• Redirection of routes
• Checking of remote hosts (supports the ping command)

Transport layer
TCP
UDP

Application layer
Some of the best-known application protocols are:
• TELNET The network terminal protocol, which provides remote login access over the network
• FTP The file transfer protocol, which provides interactive file transfer over the network
• SMTP The simple mail transfer protocol, which provides electronic mail delivery

other systemoriented applications (services) widely in use are:
• Domain name service (DNS) Also called name service, to convert (map) host names assigned to the network devices into the appropriate IP addresses and vice versa
• Routing information protocol (RIP) To exchange routing information
• Network file system (NFS) To share files between various hosts on the network
• Network information service (NIS) To centralize the administration over a group of hosts on the network

Data Delivery
1. Addressing IP addresses uniquely identify each host on the entire internet; TCP/IP relies on IP addressing to deliver data to the correct host on the network.
2. Routing The Internet consists of many interconnected networks; different networks are connected over routers (gateways). Routing means to forward data to the correct network (or subnetwork) via an appropriate router (gateway).
3. Multiplexing Protocol numbers and port numbers identify how to deliver data to the correct software module within the host.


The netstat -[n]r command will display the current routing table (the listed option r specifies the routing table, while the option n specifies numerical data representation; otherwise, data are represented symbolically whenever possible).

[root@tiv-isc07 bin]# netstat -nr
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
9.123.122.0     0.0.0.0         255.255.255.0   U         0 0          0 eth0
169.254.0.0     0.0.0.0         255.255.0.0     U         0 0          0 eth0
0.0.0.0         9.123.122.1     0.0.0.0         UG        0 0          0 eth0

Field Meaning
Destination The destination network or host.
Gateway The router (gateway) to use to reach the specified destination.
Flags The flags describe certain characteristics of this route. The possible flag values are:
U Indicates that the route is up and operational.
H Indicates this is the route to a specific host.
G Indicates the route uses a gateway.
D Indicates that this route was added because of an ICMP redirect. When a system learns of a route, it adds the route to the table.
Refcnt Shows the number of times the route has been referenced to establish a connection.
Use Shows the number of packets transmitted via this route.
Interface The name of the network interface used by this route.

To modify the route table, we can use route command.

It is recommended that you implement static routing whenever only one router exists in the local network, which is the most common case.


Protocol value identifies the protocol in the layer above IP, the transport layer, to which the data should be passed. UNIX specifies protocol numbers in
the /etc/protocols file.
Port numbers identify application processes, which are also called network services. UNIX specifies port numbers in the /etc/services file.
A combination of an IP address and a port number is called a socket. A socket uniquely identifies a single network process throughout the entire Internet.

The protocol that performs IP address mapping to the physical Ethernet address(often specified as a MAC addres) is known as the address resolution protocol (ARP), and it belongs to the network access layer.

The arp command displays and controls the contents of the IP-to-Ethernet address translation table used by the ARP protocol.

Remote Procedure Call (RPC) provides a mechanism for a host to make a procedure call that appears to be a part of the local process, while it is really executed on another, remote host in the network.  The file /etc/rpc contains a list of RPC servers and their program numbers.

The mapping of RPC program numbers to port numbers is handled by the portmap daemon (named portmapper). The port number where an RPC client can find portmapper is specified in the /etc/services file:

rpcinfo

Configure network:

Two UNIX commands are very instrumental in handling network interfaces:
1. The ifconfig command, to configure network interface
2. The netstat command, to show network-related data


ifconfig
ifconfig interface ipaddress netmask mask broadcast address
The command arguments are shown in the following table:
Argument Meaning
interface The name of the network interface to be configured.
ipaddress The IP address assigned to this interface. Enter an address as either an IP address (in dotted numerical form) or as a hostname; if the hostname is given,  ifconfig must resolve the hostname - IP address. During system startup, ifconfig is usually executed before DNS is running, so the hostname must exist in /etc/hosts file. SunOS/Solaris uses the /etc/hostname.ifname file for this purpose (where ifname is the name of the interface).
netmask mask The subnet mask for this interface. The mask value depends on the subnet (local network) address class (for example, 255.255.0.0 for class B, or 255.255.255.0 for class C); it could be also specified in the/etc/netmasks file.
broadcast address The broadcast address for the network is defined by the address value; the default broadcast address network IP address, with all bits in the host part (determined by the netmask), is set to 1.


netstat
The possible state values for TCP sockets are as follows:
CLOSED Closed, the socket is not being used.
LISTEN Listening for incoming connections.
SYN_SENT Actively trying to establish connection.
SYN_RECEIVED Initial synchronization of the connection is under way.
ESTABLISHED Connection has been established.
CLOSE_WAIT Remote shutdown, waiting for the socket to close.
FIN_WAIT_1 Socket closed, shutting down connection.
CLOSING Closed, then remote shutdown, awaiting acknowledgment.
LAST_ACK Remote shutdown, then closed, awaiting acknowledgment.
FIN_WAIT_2 Socket closed, waiting for shutdown from remote.
TIME_WAIT Wait after close for remote shutdown retransmission.
If no options, or only the -n option is specified, netstat displays the status of active sockets only.



There are two basic types of top-level domains: geographic and organizational.
Geographic domains have been set aside for each country in the world and are identified
by a two-letter code, for example:
uk United Kingdom
ca Canada
au Australia
us United States

organizational:
com Commercial organizations
edu Educational institutions
gov Government agencies
mil Military organizations
net Network support organizations
org Organizations that do not fit in any of the above, such as nonprofit organizations
int International organizations
info New, recently introduced top-level domain of general nature

Although the local host table has been superseded by DNS, it is still required and used for the following reasons:

• All systems must have a small host table containing the name and address information of the host itself and sometimes of the important hosts on the local network. This table is used during the initial system startup, when DNS is not running (DNS is started in the last phase of the system startup). The /etc/hostsfile must include entries for the host itself, the localhost, the gateways, and depending
on the implemented network services, the servers on the local network.
• Sites that use NIS (Network Information System) use the host table as input to the NIS host database. Even when NIS is used in conjunction with DNS, most NIS sites create a complete NIS host database that has an entry for every host on the network belonging to the NIS domain. The corresponding /etc/hosts file must exist on the master NIS server.
• Very small sites sometimes use the host table. If there are few local hosts and there is no need to communicate with remote sites, then there is little advantage in using DNS.
• Some sites run old software that cannot use DNS; if they cannot be upgraded, these sites have to use the host table. For example, old SunOS versions did not support DNS if NIS was not running. In this case the /etc/hosts file must be maintained.


DNS(Domain Name service):

In UNIX, the Berkeley Internet Name Domain (BIND) software implements DNS

nslookup is a debugging tool provided as part of the BIND software package. It allows anyone to directly query name servers and retrieve any of the information known to the DNS

nslookup [-option …] [-[server]]

The Network Information Service (or System) - NIS, initially known as the Yellow Pages, is an administrative database that enables a central control over a group of hosts (computers) that belong to the same, so-called NIS domain.

Today it seems that another product, LDAP, is the most serious candidate to replace NIS. LDAP stands for Lightweight Directory Access Protocol and presents a project to provide global directory services over the Internet in an easier way.


NIS:

Set up NIS env:
The server setting includes three main steps:
1. Set a new NIS environment and identify the master and slave servers.
2. Start the ypserv daemon, which makes a system act as an NIS server.
3. Add new slave servers when the growth of the NIS domain reaches a point of needing more server bandwidth.
Enabling an NIS client requires two main steps:
1. Adapt the client’s administrative files to the NIS environment so the client can benefit from NIS.
2. Start the ypbind daemon, which allows the client to make NIS queries from the “chosen” server. The algorithm to choose a server is trivial: the client sends a broadcast query for available servers and bind to the first one that has responded to the query. The established relationship remains valid as long as the NIS communication between two hosts exists.



Modern UNIX flavors, like Solaris, HP-UX, or Linux, provide a special name-serviceswitch configuration file /etc/nsswitch.conf, which specifies the lookup policy used to define
the order and the conditions under which various sources are queried to obtain the desired information
The lookup policy is defined by an nsswitch-entry specified by the system administrator;  The following sources (databases) are allowed to be used in the specified policy:
dns (domain name system), nis (Network Information Service), and files (local configuration files).

info-class : src [ criteria src [ criteria src ] ]
where
info-class Refers to the class of information being queried: for example, hosts for the
host name service resolution.

src Refers to a source (network database) to be queried, as stated earlier (dns,
nis, and files).
criteria Optional field containing status=action pairs enclosed in square brackets, which represent the criteria when, and how, to query the following source.
The valid status strings are: SUCCESS, NOTFOUND, TRYAGAIN, and UNAVAIL. The valid action strings are: continue and return — to continue
query with the next source on the line if the associated status for this action has occurred, or to terminate the search and return any result of the last query. Default actions are:
For SUCCESS=return
For NOTFOUND=return
For UNAVAIL=continue
for TRYAGAIN=return
The only exception is that all the actions associated with the last source in the entry are always set to return and cannot be overridden.


The domain name system (DNS) is the dedicated global service that spans the entire Internet with only one goal — to provide information about hosts worldwide; to be more specific, to provide host names and IP addresses.

The Network Information Service (NIS) is a dedicated service to provide various administrative data for a certain number of hosts contained within the specified NIS domain; these data also include host names and IP addresses.


There are two aspects related to system administration when using NFS: choosing a filesystem naming and mounting scheme, and then configuring the servers and clients to adhere to this scheme.


NFS:
The NFS related daemons are:
nfsd [option] The NFS server daemon, which runs on the server side. The daemon services the client’s NFS requests. The option specifies how many
daemons should be started; the common value is eight.
biod [option] The NFS block I/O daemon handles the client side of the NFS I/O. The option specifies the number of daemons to be started; the common
value is eight.
rpc.lockd The NFS lock daemon, which handles file lock requests on both sides; a client requests file locks and a server grants them.
rpc.statd The NFS status monitor daemon, which provides monitoring services requested by the rpc.lockd daemon. More specifically, this daemon
allows locks to be reset properly after a crash. The daemon runs on both sides: client and server.
rpc.mountd The NFS mount daemon runs on the server side and processes the client mount requests.


Once a filesystem has been exported, a new directory cannot be exported if it is either a parent or a subdirectory of one that is currently exported and within the same local
filesystem.

The exportfs and share Commands
A filesystem exporting is performed by the UNIX command /usr/sbin/exportfs (on some flavors, also /usr/etc/exportfs); on Solaris 2.x the equivalent command is /usr/sbin/share.
A brief description of the exportfs command follows. It is normally invoked at boot time within the corresponding rc startup script and uses information contained in the /etc/exports file to export specified directories (which must be specified as full pathnames). The command can also be invoked from the command line at any time to alter the list or characteristics of exported directories and filenames (superuser privileges are required). Directories and files that are currently exported are listed in the file /etc/xtab (on Solaris 2.x this is the file /etc/dfs/sharetab)

/usr/sbin/exportfs [ -options ] [ pathname ]
With no options or arguments, exportfs prints out the list of directories and filenames currently exported.

Export Configuration File: /etc/exports
Each entry in the file has the format:
directory [-option][,option]…
where
directory Defines a filesystem (a directory structure) specified by the reference starting directory (it can be even a single file) available for export.
option Each option specifies a condition for the export of that directory:
ro Read-only prevents clients from writing to this directory.
rw Read-write permits clients to read and write to this directory; a sign = with a list of clients separated by the colons can also be included. If the list is omitted all clients are granted readwrite access.
access=hostlist Permits the mounting of this directory only to hosts specified in the hostlist (the list of clients separated by colons); this is necessary, otherwise all hosts on
the Internet are allowed to mount this directory.

Export Status File: /etc/xtab
It is helpful to remember that whenever the exportfs or share command is executed without any specified options, it reads the contents of the export status file.

Mounting Remote Filesystems

showmount -e patsy (patsy is the NFS server and it belongs to the same domain)

The automounter interacts with the kernel in the following ways:
• It uses the automount map to locate an appropriate NFS server, the exported filesystem, and the mount data.
• It then mounts the filesystem in a temporary location and replaces the associated referenced mount point (the entry for the directory) with a symbolic link to the
temporary location.
• Afterward, if the filesystem is not accessed within an appropriate interval (by default, 5 minutes), it dismounts the filesystem and removes the symbolic
link.
• If the referenced mount-point (specified directory) does not already exist, the automounter creates it, and then removes it upon exiting.

automounter maps:
• Direct maps — Contain mapping for any number of nonrelated directories. Each entry in the map lists a directory that is automatically mounted as needed. The
direct map as a whole is not associated with any single directory.
• Indirect maps — Specify mapping for the subdirectories to be mounted under the directory indicated in the entry. The indirect map as a whole is associated
with the directory in the entry, providing more data related to the belonging subdirectories.
• Included maps — The contents of another map can be included within the map; it simply replaces a complete entry in the map. The included map is identified
by the leading “+” sign.
• Special maps — These are special cases; currently there are three such maps: “-hosts,” “-passwd,” and “-null.”

/etc/auto_master is known as the master map for the automounter; it is actually the automount configuration file, and it specifies the locations of all other automount maps.


Common UNIX Network Applications:

1. telnet The network terminal protocol, which provides remote login over the network
2. ftp The file transfer protocol, which is used for file transfers over the network
3. finger Provides information about remote users


Telnet Commands Meaning

open host [ port ]     Open a connection to the named host. If no port number is specified, telnet will attempt to contact a TELNET server at the default port. The host specification may
be either a host name or an IP address specified in the “dot notation.”

close         Close a TELNET session and return to command mode.
quit Close any open TELNET session and exit telnet. An EOF (in command mode) will also close a session and exit.

mode type     type is either line (for line-by-line mode) or character (for character-at-a-time mode). The remote host is asked for permission to go into the requested mode. If the remote
host is capable of entering that mode, the requested mode will be entered. status Show the current status of telnet. This includes the peer one is connected to, as well as the current mode.

display [argument… ]     Display all, or some, of the set values.

? [command]         Get help. With no arguments, telnet prints a help summary. If a command is specified, telnet will print the help information only for that command.

send arguments         Send one or more special character sequences to the remote host (more than one argument may be specified at a time).

set argument value     Set any one of a number of telnet variables to a specific value. The special value “off” turns off the function associated with the variable. The values of variables may be interrogated with the display command.

Telnet uses a clear-text in communications, including the transfer of the password, which could be a significant disadvantage in a nonsecure environment
Telnet is not suitable for shell script programming at all, because of its strictly interactive nature including the interactive login procedure.
Telnet allows you to specify a port other than the default one for a TELNET session. In that way telnet can be instrumental in checking that a port is active.
“local echo character” (initially “^E”) may be used to turn off and on the local echo (this would mostly be used to enter passwords without the password being echoed)
While connected to a remote host, telnet command mode may be entered by typing the telnet “escape character” (by default “^]”, which is “Ctrl-Right Bracket”).



ftp [-options] [ hostname ]
where options may be specified at the command line, or to the command interpreter:
-d Enable debuggin.
-g Disable filename globbing.
-i Turn off interactive prompting during multiple file transfers.
-n Do not attempt “auto-login” upon initial connection. If auto-login is enabled, ftp checks the .netrc file in the user’s home directory for an entry describing an account on the remote machine. If no entry exists, ftp will prompt for the login name of the account on the remote machine (the default is the login name on the local machine), and, if necessary, prompts for a password and an account with which to login.
-v Show all responses from the remote server, and report on data transfer statistics. This is turned on by default if ftp is running interactively with its input coming from the user’s terminal.
hostname The name of the remote host.
The most used “ftp command interpreter commands” are:
FTP Commands Meaning
! [command]     Run command as a shell command on the local machine. If no command is given, invoke an interactive shell.
ascii         Set the “representation type” to “network ASCII.” This is the default type.
bell         Sound a bell after each file transfer command is completed.
binary         Set the “representation type” to “image.”
bye         Terminate the FTP session with the remote server and exit ftp. An EOF will also terminate the session and exit.
case         Toggle remote computer file name case mapping during mget commands. When case is on (the default is off), remote computer file names with all uppercase letters are written in the local directory with the letters mapped to lower case.
cd remote-directory     Change the working directory on the remote machine to remote-directory.
close         Terminate the FTP session with the remote server and return to the command interpreter. Any defined macros are erased.
delete remote-file         Delete the file remote-file on the remote machine.
debug [debug-value]     Toggle debugging mode. If an optional debug-value is specified, it is used to set the debugging level. When debugging is on, ftp prints each command
sent to the remote machine, preceded by the string “-->.”
dir [remote-directory] [local-file]     Print a listing of the directory contents in the directory named remote-directory and, optionally, place the output in local-file. If no directory is  specified, the current working directory on the remote machine is used. Output is sent to the terminal if no local file is specified, or if local-file is “-.”
disconnect         A synonym for (is the same as) close.
get remote-file [local-file]         Retrieve the remote-file and store it on the local machine. If the local file name is not specified, it is given the same name it has on the remote machine.
help [command]         Print an informative message about the meaning of command. If no argument is given, ftp prints a list of the known commands.
lcd [directory]         Change the working directory on the local machine. If no directory is specified, the user’s home directory is used.
ls [remote-directory] [local-file]     Print an abbreviated listing of the contents of a directory on the remote machine. If remote-directory is left unspecified, the current working directory
is used. The output is sent to the terminal if no local file is specified, or if local-file is “-.”
mdelete [remote-files]         Delete the remote-files on the remote machine.
mdir rote-files local-file Like dir, except multiple remote files may be specified. If interactive prompting is on, ftp will prompt the user to verify that the last argument is indeed the target local file for receiving mdir output. mget remote-files Expand the remote-files on the remote machine and do a get for each file name thus produced.
mkdir         directory-name Make a directory on the remote machine.
mls         remote-files local-file Like ls, except multiple remote files may be specified. If interactive prompting is on, ftp will prompt the user to verify that the last argument
is indeed the target local file for receiving mls output. mode [mode-name] Set the “transfer mode” to mode-name. The only valid mode-name is stream, which corresponds to the default “stream” mode.
mput         local-files Expand wild cards in the list of local files given as arguments and do a put for each file in the resulting list. open host [port] Establish a connection to the specified host FTP server. An optional port number may be supplied, in which case ftp will attempt to contact an FTP server at that port. If the auto-login option is on (default), ftp will also attempt
to automatically log the user in to the FTP server.
prompt         Toggle interactive prompting. Interactive prompting occurs during multiple file transfers to allow the user to selectively retrieve or store files. By default, prompting is turned on. If prompting is turned off, any mget or mput will transfer all files, and any mdelete will delete all files.
put local-file [remote-file]         Store a local file on the remote machine. If remotefile is left unspecified, the local file name is used after processing according to any ntrans or nmap
settings in naming the remote file. File transfer uses the current settings for “representation type,” “file structure,” and “transfer mode.”
pwd Print the name of the current working directory on the remote machine.
quit A synonym for (is the same as) bye.
recv remote-file [local-file] A synonym for (is the same as) get.
remotehelp [command-name] Request help from the remote FTP server. If a command-name is specified it is supplied to the server as well.
rename from to Rename the file from on the remote machine as the name to.
reset Clear reply queue. This command resynchronizes command/reply sequencing with the remote FTP server. Resynchronization may be necessary following a violation of the FTP protocol by the remote server.
rmdir directory-name Delete a directory on the remote machine.
send local-file [remote-file] A synonym for (is the same as) put.
sendport Toggle the use of PORT commands. By default, ftp will attempt to use a PORT command when establishing a connection for each data transfer. The use of PORT commands can prevent delays when performing multiple file transfers. If the PORT command fails, ftp will use the default data port. When the use of PORT commands is disabled, no attempt will be made to use PORT commands for each data transfer. This is useful when connected to certain FTP implementations that ignore PORT commands but incorrectly indicate they have been accepted.
status Show the current status of ftp.
type [type-name] Iet the “representation type” to type-name. The valid type-names are ascii for “network ASCII”, and binary or image for “image.” If no type is specified,
the current type is printed. The default type is “network ASCII.”
user user-name [password] [account] Identify yourself to the remote FTP server. If the password is not specified and the server requires it, ftp will prompt the user for it (after disabling local echo). If an account field is not specified and the FTP server requires it, the user will be prompted for it. If an account field is specified, an account command will b e relayed to the remote server after the login sequence is completed if the remote server did not require it for logging in. Unless ftp is invoked with “auto-login” disabled, this process is done automatically on initial connection to the FTP server.
verbose Toggle verbose mode. In verbose mode, all responses from the FTP server are displayed to the user. In addition, if verbose mode is on, statistics regarding the efficiency of the transfer are reported when a file transfer completes. By default, verbose mode is on if ftp’s commands are coming from a terminal, and off otherwise.
? [command] A synonym for (is the same as) help.

ftp is basically an interactive network application; however, ftp supports an “auto-login” procedure upon initial host connection, i.e., under certain conditions the authentication can be automatically provided. That makes ftp more suitable for shell script programming, and it is frequently used to transfer files between remote hosts.
Another useful feature is that ftp allows “anonymous access,” an ftp account for global read-only access. Both features will be briefly discussed