Intermediate Linux Flashcards
Where are device files generally stored?
/dev
Device files are denoted with what characters in the first bit of the ls command?
c - character
b - block
p - pipe
s - socket
Devices are characterized using what two numbers?
major device number and minor device number
How can you interact with device drivers?
Through special files that look like regular files called device files or device nodes
A device takes all of our input and just discards it, so nothing gets returned
/dev/null
What are character devices?
These devices transfer data, but one a character at a time. These are pseudo devices (e.g. /dev/null) that aren’t really physically connected to the machine, but they allow the operating system greater functionality.
What is a block device?
These devices transfer data in large fixed-sized blocks. Most commonly devices such as harddrives, filesystems, etc.
What is a Pipe Device?
They allow two or more processes to communicate with each other, these are similar to character devices, but instead of having output sent to a device, it’s sent to another process.
Similar to pipe devices but they can communicate with many processes at once
Socket device
What does the major device number represent?
The device driver that is used
What does the minor device number represent?
The minor number tells the kernel which unique device it is in this driver class
A protocol used for allow communication between disks, printers, scanners and other peripherals to your system
SCSI (pronounced “scuzzy”) protocol.
SCSI stands for Small Computer System Interface
What does Linux identify with a prefix of sd?
sd (SCSI disk)
Linux systems correspond SCSI disks with hard disk drives in /dev
What is the name of the first and second hard disks in Linux?
First hard disk: /dev/sda
Second hard disk: /dev/sdb
e.g. /dev/sda3 - Third partition on the first hard disk
What are some of the most common pseudo devices?
The most common pseudo devices are character devices:
/dev/zero - accepts and discards all input, produces a continuous stream of NULL (zero value) bytes
/dev/null - accepts and discards all input, produces no output
/dev/random - produces random numbers
Sometimes in older systems you may see hard drives being referred to with what prefix?
hd
/dev/hda - First hard disk
/dev/hdd2 - Second partition on 4th hard disk
What was created to better manage devices on our system than the /dev directory?
A virtual filesystem, Sysfs, most often mounted to the /sys directory
What is the difference between /sys and /dev?
/sys gives us more detailed information than what we would be able to see in the /dev directory
The /dev directory is simple, and it allows other programs to access devices and interact with them
The /sys filesystem is used to view detailed information about the devices, and to manage the devices
$ mknod /dev/sdb1 b 8 3
This is the old way of creating a device node.
This command will make a device node /dev/sdb1 and it will make it a block device (b) with a major number of 8 and a minor number of 3.
How would you remove a device node using old methods?
To remove a device, you would simply rm the device file in the /dev directory
Dynamically creates and removes device files for us depending on whether or not they are connected
The udev system
What does the udevd daemon do?
It’s a daemon that is running on the system and it listens for messages from the kernel about devices connected to the system
What does udevd do when it finds a new device?
Udevd will parse the information and it will match the data with the rules that are specified in /etc/udev/rules.d.
Depending on those rules it will most likely create device nodes and symbolic links for the devices
How can you view the udev database and sysfs?
By using the udevadm command
Name the tools that list information about devices like the ‘ls’ command lists files and directories.
Listing USB Devices: lsusb
Listing PCI Devices: lspci
Listing SCSI Devices: lsscsi
A tool which reads input from a file or data stream and writes it to a file or data stream
dd
e.g. $ dd if=/home/pete/backup.img of=/dev/sdb bs=1024
if - input file
of - output file
bs - bytes
What tool can be used to make backups of anything, including whole disk drives?
dd
Linux filesystems structure should conform to what?
Filesystem Hierarchy Standard
The character for the root directory of the entire filesystem hierarchy
/
Everything is nestled under this directory
Essential ready-to-run programs (binaries) including the most basic commands such as ls and cp
/bin
Contains kernel boot loader files
/boot
Device files directory
/dev
Core system configuration directory that should hold only configuration files and not any binaries
/etc
Personal directories for users, holds your documents, files, settings, etc.
/home
Holds library files that binaries can use
/lib
Used as an attachment point for removable media like USB drives
/media
Temporarily mounted filesystems
/mnt
Optional application software packages
/opt
Information about currently running processes
/proc
The root user’s home directory
/root
Information about the running system since the last boot
/run
Contains essential system binaries which usually can only be ran by root
/sbin
Site-specific data which are served by the system
/srv
Storage for temporary files
/tmp
User installed software and utilities
/usr
Inside this directory are sub-directories for /usr/bin, /usr/local, etc.
Used for anything that is subject to change all the time like system logging, user tracking, caches, etc.
/var
A layer between applications and the different filesystem types, so no matter what filesystem you have, your applications will be able to work with it
Virtual File System (VFS) abstraction layer
What is a journaled system?
The system keeps a log file (journal) in order to keep track of tasks. The filesystem is always in a consistent state because of this, so it will know exactly where you left off if your machine shutdown suddenly.
This also decreases the boot time because instead of checking the entire filesystem it just looks at your journal.
The most current version of the native Linux filesystems
ext4
Compatible with the older ext2 and ext3 versions
A new filesystem for Linux that comes with snapshots, incremental backups, performance increase and much more
Btrfs - “Better or Butter FS”
High performance journaling file system, great for a system with large files such as a media server
XFS
Windows filesystems
NTFS or FAT
Macintosh filesystem
HFS+
This command reports file system disk space usage and other details about your disk
df
Hard disks can be subdivided into what?
Partitions
This is essentially making multiple block devices
What is a partition table?
This table tells the system how the disk is partitioned
The two main partition table schemes used
- ) Master Boot Record (MBR)
2. ) GUID Partition Table (GPT)
Space on a disk that is not allocated to a partition
Free space
Can partitions overlap?
No
You can have multiple partitions on a disk and they can’t overlap each other
What is becoming the new standard for disk partitioning?
GUID Partition Table (GPT)
What is a filesystem?
An organized collection of files and directories
It is comprised of a database to manage files and the actual files themselves
This is located in the first few sectors of the filesystem
Boot block
This is not really used the by the filesystem. Rather, it contains information used to boot the operating system.
This is a single block that comes after the boot block, and it contains information about the filesystem
Super block
It contains information such as the size of the inode table, size of the logical blocks and the size of the filesystem
The database that manages our files
Inode (index node) table
Each file or directory has a unique entry in the inode table and it has various information about the file
This is the actual data for the files and directories
Data blocks
The parts of a Filesystem Structure
- Boot block
- Super block
- Inode table
- Data blocks
Common disk partitioning tools
fdisk - No GPT support
parted - Supports both MBR and GPT
gparted - The GUI version of parted
gdisk - fdisk, but only supports GPT
What is the parted command to make a partition?
mkpart
This tool allows us to create a filesystem, specify the type of filesystem we want, and where we want it
The mkfs (make filesystem) tool
e.g. $ sudo mkfs -t ext4 /dev/sdb2
What happens if you try to create a filesystem on top of an existing one?
You’ll most likely leave your filesystem in a corrupted state
You only want to create a filesystem on a newly partitioned disk or if you are repartitioning an old one
A directory on the system where the filesystem is going to be attached
The mount point
How to create a mount point?
With the mount command
e.g. $ sudo mount -t ext4 /dev/sdb2 /mydrive
Or to unmount
e. g. $ sudo umount /mydrive
e. g. $ sudo umount /dev/sdb2
How do you view the UUIDS on your system for block devices?
With the blkid (block identification) command
How can we automatically mount filesystems at startup?
We can add them to a file called /etc/fstab
(pronounced “eff es tab” not “eff stab”)
short for filesystem table
What is a swap partition?
Swap is used to allocate virtual memory to our system.
The system uses this partition to “swap” pieces of memory of idle processes to the disk, so you’re not bogged for memory on systems with low memory
What commands are used to create a swap partition?
mkswap to initialize swap areas
swapon to enable the swap device
swapoff to remove swap
If you want the swap partition to persist on bootup, you need to add an entry to the /etc/fstab file
How much swap space should you allocate compared to memory?
You should generally allocate about twice as much swap space as you have memory
Why is swap space not as important on modern systems?
Modern systems have enough RAM and low memory is usually not an issue
What command shows you the utilization of your currently mounted filesystems?
disk free: df -h
(h flag gives you a human readable format)
This shows the device, and how much capacity is used and available
This command shows you the disk usage of the current directory you are in
disk usage: du -h
h flag gives you a human readable format
What is the difference between du and df commands?
To see how much of your disk is free use df
To check disk usage use du
What command is used to check the consistency of a filesystem and can even try to repair it for us?
fsck (filesystem check)
Usually when you boot up a disk, fsck will run before your disk is mounted to make sure everything is ok
A filesystem is comprised of all our actual files and a database that manages these files? The database is known as what?
The inode table
What is an inode?
An inode (index node) is an entry in this table and there is one for every file. It describes everything about the file
inodes store everything about the file, except the filename and the file itself
When are inodes created?
When a filesystem is created, space for inodes is allocated as well
How can you see how many inodes are left on your system?
df -i
How can you view the inode number of a file?
ls -li
This command is used to see detailed information about a file
stat
How do inodes locate files?
Inodes point to the actual data blocks of your files using 15 pointers. 12 direct pointers and pointers to pointers.
In the Windows operating system, there are aliases to files known as shortcuts. What is the Linux equivalent?
symbolic links (or soft links or symlinks)
What are Linux hardlinks?
A file with a link to an inode
Symbolic links are denoted by what?
myfilelink -> myfile
When you modify a symlink what happens to the file it points to?
The file also gets modified
What is the link count in the ls command?
The link count is the number of hardlinks that an inode has
What is the difference between symlinks and hardlinks?
symlinks are just files that point to filenames so they can be referenced across different filesystems
hardlinks create another file with a link to the same inode. hardlinks do not span filesystems because inodes are unique to the filesystem
How do you create a symlink?
With the ln command with -s for symbolic and you specific a target file and then a link name
e.g. $ ln -s myfile mylink
How to create a hardlink?
With the ln command, but without the -s flag
e.g. $ ln somefile somelink
What are the 4 stages of the Linux boot process?
- ) BIOS
- ) Bootloader
- ) Kernel
- ) Init
What does BIOS stand for?
BIOS stands for “Basic Input/Output System”
What happens during the BIOS phase of the boot process?
BIOS is a firmware that comes most common in IBM PC compatible computers
BIOS performs system integrity checks with power-on self test (POST)
BIOS’s main goal is to find the system bootloader. Once the BIOS boots up the hard drive, it searches for the boot block to figure out how to boot up the system. It will look to the master boot record (MBR) or GPT
The MBR contains the code to load another program somewhere on the disk, this program in turn actually loads up our bootloader
What does POST stand for?
Power-on self test (POST) which checks that all the hardware is good to go for system startup
What does the bootloader do?
Boots into an operating system
Selects a kernel to use
Specifies kernel parameters
What is the kernel doing during the boot process?
When the kernel is loaded, it immediately initializes devices and memory using initramfs to get the necessary drivers.
Then it creates a root device and mount the root partition in read-only mode first so that fsck can run safely and check for system integrity. Afterwards it remounts the root filesystem in read-write mode.
Then the kernel locates the init program and executes it
What is init?
The init process is the first process that gets started, init starts and stops essential service process on the system
The successor to BIOS
UEFI (stands for “Unified extensible firmware interface”)
The GPT format was intended for use with EFI
The first sector of a GPT disk is reserved for a “protective MBR” to make it possible to boot a BIOS-based machine
UEFI stores all the information about startup in an .efi file stored on a special partition called EFI system partition
This partition contains the bootloader
The most common bootloader for Linux?
GRUB
The kernel manages our systems hardware, however not all drivers are available to the kernel during bootup. How is this resolved?
There is a temporary root filesystem that contains just the essential modules that the kernel needs to get to the rest of the hardware
Initrd vs Initramfs
initrd (initial ram disk) has been replaced by initramfs
In older versions of Linux the kernel would mount the initrd, a temporary root filesystem, get the necessary bootup drivers, then when it was done loading everything it needed, it would replace the initrd with the actual root filesystem.
Now we use initramfs, a temporary root filesystem that is built into the kernel itself to load all the necessary drivers for the real root filesystem
What are the three major implementations of init in Linux?
- ) System V init (sysv)
- ) Upstart
- ) Systemd
System V init (sysv)
pronounced as ‘System Five’
The traditional init system. It sequentially starts and stops processes, based on startup scripts. The state of the machine is denoted by runlevels, each runlevel starts or stops a machine in a different way.
Upstart
This is the init you’ll find on older Ubuntu installations. Upstart uses the idea of jobs and events and works by starting jobs that performs certain actions in response to events.
Systemd
This is the new standard for init, it is goal oriented. Basically you have a goal that you want to achieve and systemd tries to satisfy the goal’s dependencies to complete the goal.
The core of the operating system
The kernel
The Linux operating system can be organized into what three different levels of abstraction
- ) Hardware. The physical layer. CPU, memory, hard disks, networking ports, etc
- ) Kernel. It handles process and memory management, device communication, system calls, sets up our filesystem, etc. It’s the software / hardware interface.
- ) User space. This includes the shell, the programs that you run, the graphics, etc.
What are the privilege levels (protection rings)?
Ring #0 - Ring #3
- ) Kernel Mode - the kernel has complete access to the hardware, it controls everything
- ) User Mode - there is a very small amount of safe memory and CPU that you are allowed to access
What allows us to perform a privileged instruction in kernel mode and then switch back to user mode?
System calls (syscall)
Systems calls provide user space processes a way to request the kernel to do something
The kernel makes certain services available to user space processes through what?
The system call API
These services allow us to read or write to a file, modify memory usage, modify our network, etc.
You can view the system calls that a process makes with this command
strace
e.g. $ strace ls
Can you install multiple kernels on your system?
Yes
During the boot process in our GRUB menu we can choose which kernel to boot to
This command show what kernel version you have on your system
uname
- r command will print out all of the kernel release version
e. g. $ uname -r
How can you install the Linux kernel?
- ) Download the source package and compile from source
- ) Install it using package management tools
- ) Upgrade kernel version with $ sudo apt dist-upgrade
You’ll need to also install some other linux packages
What is the actual linux kernel file named?
vmlinuz
Where are kernel related files usually stored?
Usually the /boot directory
Pieces of code that can be loaded and unloaded into the kernel on demand
Kernel modules
Modules allow us to extend the functionality of the kernel without actually adding to the core kernel code
How can you view a list of currently loaded modules?
lsmod
How to load a kernel module?
modprobe
e.g. $ sudo modprobe bluetooth
How to remove a kernel module?
modprobe with the -r flag
e.g. $ sudo modprobe -r bluetooth
How to load a kernel module on bootup?
Modify the /etc/modprobe.d directory and add a configuration file
How to ensure that a kernel module does not load on bootup?
Modify the /etc/modprobe.d directory and add a configuration file to blacklist the module
Under this version of init the state of the machine is denoted by runlevels, each runlevel starts or stops a machine in a different way.
System V
This is the init that uses jobs and events and works by starting jobs that performs certain actions in response to events. Found on older Ubuntu installations
Upstart
The new, goal oriented, standard for init
Systemd
The main purpose of init?
To start and stop essential processes on the system
The most traditional version of init
System V
How to find out if you are using the Sys V init implementation?
If you have an /etc/inittab file you are most likely running System V
Why is performance bad with System V?
Usually only one thing is starting or stopping at a time
When using this version of init, the state of the machine is defined by runlevels which are set from 0 to 6
System V
What scripts are located at /etc/rc.d/rc[runlevel number].d/ or /etc/init.d?
Scripts that are run based on the runlevel of the system (Sys v)
Scripts that start with S(start) or K(kill) will run on startup and shutdown, respectively. The numbers next to these characters are the sequence they run in.
How can you see the default runlevel?
In the /etc/inittab file
$ service –status-all
List the status of Sys V services
$ sudo service networking start
Start the networking service
This could also be stop or restart
Who developed Upstart?
Canonical, and it was used in Unbuntu
How can you tell if your system is using Upstart?
If you have a /usr/share/upstart directory
With Upstart, what’s the difference between jobs and events?
Jobs are the actions that Upstart performs and events are messages that are received from other processes to trigger jobs
How can you view a list of jobs (Upstart) and their configurations?
$ ls /etc/init
What does this do: initctl list
Lists Upstart jobs
initctl status networking
View the Upstart status of the networking job
How to manually start a job?
$ sudo initctl start networking
You can also stop, restart, or emit an event
How can you tell if your system is using Systemd?
You have a /usr/lib/systemd directory
