Book
List
Wednesday, August 8, 2012
Microsoft Exchange Server Online Book
Linux Boot Process
Introduction: The Linux startup process is the process of
Linux-operating system initialization. Linux Boot Process is most
discussed topic over internet. It includes Linux internals. It is very
important for Linux Administrator. Because most of the troubleshooting
is depend upon this. Please note that in this article, I have explained
everything for x86 platform.
.
Phase1 From Power ON to Loading Kernel
Overview of Phase1:
Step 1- When we power on PC, BIOS (which is stored on Motherboard) loads into RAM. The purpose of BIOS is load OS or Kernel into RAM.
Step 2- BIOS search for Bootable Device. When bootable device found goes to next step
Step 3- When bootable device found it loads 1 stage Boot Loader i.e. MBR in RAM. Size of MBR is just 512 bytes. just first sector of Harddisk
Step 4- First stage boot loader loads Second stage boot loader i.e. GRUB or LILO
Step 5- When second stage boot loader gets executed in RAM, Splash Screen gets displayed. Job of second stage boot loader is to load kernel in RAM
Step 6- Stage 2 boot loader loads Kernel and optional initial Root FileSystem into RAM. It passes control to Kernel and kernel get decompressed into RAM and get initialised. At this stage second stage boot loader checks Hardware and mount root device also loads necessary kernel modules. When it completes first Userspace program gets executed i.e. init. init is father of all processes
Detail Phase1 process:
Step 1- BIOS boots up
- When we power on PC, BIOS (which is stored on MotherBoard) loads into RAM.
The purpose of BIOS is load OS or Kernel into RAM.
BIOS is made up of two parts: the POST code and runtime services. After the POST is complete, it is flushed from memory, but the BIOS runtime services remain and are available to the target operating system.
Step 2- BIOS boots up contd.
- BIOS performs Power On Self Test (POST). Here BIOS does Hardware Inventory.
- Here, to boot an operating system, the BIOS runtime searches for devices that are both active and bootable in the order of preference defined by the complementary metal oxide semiconductor (CMOS) settings.
What is this MBR?
=============================================
| Boot Sector (BS) | Partition | Magic |
| | Table (PT) | Numbers |
| 446 bytes | 64 bytes | 2 bytes |
============== 512 bytes ======================
.
Phase1 From Power ON to Loading Kernel
Overview of Phase1:
Step 1- When we power on PC, BIOS (which is stored on Motherboard) loads into RAM. The purpose of BIOS is load OS or Kernel into RAM.
Step 2- BIOS search for Bootable Device. When bootable device found goes to next step
Step 3- When bootable device found it loads 1 stage Boot Loader i.e. MBR in RAM. Size of MBR is just 512 bytes. just first sector of Harddisk
Step 4- First stage boot loader loads Second stage boot loader i.e. GRUB or LILO
Step 5- When second stage boot loader gets executed in RAM, Splash Screen gets displayed. Job of second stage boot loader is to load kernel in RAM
Step 6- Stage 2 boot loader loads Kernel and optional initial Root FileSystem into RAM. It passes control to Kernel and kernel get decompressed into RAM and get initialised. At this stage second stage boot loader checks Hardware and mount root device also loads necessary kernel modules. When it completes first Userspace program gets executed i.e. init. init is father of all processes
Detail Phase1 process:
Step 1- BIOS boots up
- When we power on PC, BIOS (which is stored on MotherBoard) loads into RAM.
The purpose of BIOS is load OS or Kernel into RAM.
BIOS is made up of two parts: the POST code and runtime services. After the POST is complete, it is flushed from memory, but the BIOS runtime services remain and are available to the target operating system.
Step 2- BIOS boots up contd.
- BIOS performs Power On Self Test (POST). Here BIOS does Hardware Inventory.
- Here, to boot an operating system, the BIOS runtime searches for devices that are both active and bootable in the order of preference defined by the complementary metal oxide semiconductor (CMOS) settings.
What is this MBR?
=============================================
| Boot Sector (BS) | Partition | Magic |
| | Table (PT) | Numbers |
| 446 bytes | 64 bytes | 2 bytes |
============== 512 bytes ======================
M
B R
- Size of MBR is 512 bytes.
- Boot Sector is stored in first 446 bytes.
Boot Loader resides here.
- Partition Table is stored in next 64 bytes
- Last 2 bytes are for Magic No. The magic number serves as a validation check of the MBR.
Step 3- MBR loads into RAM
- If the POST is successful, the BIOS calls INT 19H
- INT 19H is to load the sector at head 0, cylinder 0, sector 1 i.e. MBR of Hard disk into memory at 0:7C00h, and transfer control to it.
- After MBR gets loaded into RAM, BIOS handover control to it.
- It loads First Stage Boot Loader which resides in MBR
Step 4- Stage 1 Boot Loader loads into RAM
- The job of the Stage 1 Boot Loader is to find and load the Stage 2 Boot Loader
- Stage 1 BL examines Partition Table from MBR and search for Active Partition.
- It also scans remaining to verify that they are all inactive.
- Active Partition's boot record is read from the device into RAM and executed.
Step 5- Stage 2 Boot Loader & Kernel
- The purpose of Stage 2 BL is to load OS kernel into RAM.
- Now here 2 major Boot Loaders are available for Linux. i.e. LILO & GRUB. Here we w
- The main advantage of GRUB over LILO is, GRUB has knowledge of Linux Filesystems. So GRUB can load kernel directly from ext2 or ext3 filesystem. Whereas LILO uses RAW sectors on the disk and it requires BIOS calls int 13 fn 8 & int 13 fn 2.
- GRUB does this by adding one more Stage after Stage 1 i.e. Stage 1.5.
o Here Stage 1 BL loads Stage 1.5 (i.e. /boot/e2fs_stage1_5 to load ext2 or ext3 FileSystem)
o Stage 1.5 then loads Stage 2 BL.
o Now GRUB has all the information about FileSystem.
- Stage 2 BL then request to display a list of available kernel (Defined in /boot/grub/menu.lst)
It is also called GRUB startup menu, which allows the user to choose an operating system and examine and edit startup parameters.
- After an operating system is chosen, respective kernel gets loaded into RAM and Stage 2 BL passes over the control.
- Here Stage 2 BL uncompresses Kernel and fills the memory with kernel memory structures which can be seen in the /proc virtual file system
The Engine Of The Car Is Ready And Running!!
The Linux OS is ready and running!! Kernel Land is ready!!
But No User land!!
============================== ============================== ======================
Phase2. From init to Login prompt.
- When the kernel is loaded, it immediately initializes and configures the computer's memory and configures various hardware attached to the system, including all processors, I/O subsystems, and storage devices. It then looks for the compressed initrd image in a predetermined location in memory, decompresses it, mounts it, and loads all necessary drivers.
- After this the kernel locates & starts the first user-space application /sbin/init
- Init is the Father of all Processes. Its PID is 1
- Before /sbin/init loads into RAM, it reads /etc/inittab file
- /etc/inittab is ASCII text file. Where we can configure multiple parameters for init daemon
- If you take close look of /etc/inittab, you will find below entries there ->
------------------------------ ------------------------------ ------------------------------ ------------------------------ --------------------
/etc/inittab
============
id:5:initdefault:
---- > Defines Default Runlevel. Here it is 5
# System initialization.
si::sysinit:/etc/rc.d/rc. sysinit ---- >
Executes /etc/rc.d/rc.sysinit in subshell
I have explained below about rc.sysinit
l0:0:wait:/etc/rc.d/rc 0
l1:1:wait:/etc/rc.d/rc 1
l2:2:wait:/etc/rc.d/rc 2
l3:3:wait:/etc/rc.d/rc 3
l4:4:wait:/etc/rc.d/rc 4
l5:5:wait:/etc/rc.d/rc 5
l6:6:wait:/etc/rc.d/rc 6
# Trap CTRL-ALT-DELETE
ca::ctrlaltdel:/sbin/shutdown -t3 -r now
# When our UPS tells us power has failed, assume we have a few minutes
# of power left. Schedule a shutdown for 2 minutes from now.
# This does, of course, assume you have powerd installed and your
# UPS connected and working correctly.
pf::powerfail:/sbin/shutdown -f -h +2 "Power Failure; System Shutting Down"
# If power was restored before the shutdown kicked in, cancel it.
pr:12345:powerokwait:/sbin/ shutdown -c "Power Restored; Shutdown
Cancelled"
# Run gettys in standard runlevels
1:2345:respawn:/sbin/mingetty tty1
2:2345:respawn:/sbin/mingetty tty2
3:2345:respawn:/sbin/mingetty tty3
4:2345:respawn:/sbin/mingetty tty4
5:2345:respawn:/sbin/mingetty tty5
6:2345:respawn:/sbin/mingetty tty6
# Run xdm in runlevel 5
x:5:respawn:/etc/X11/prefdm nodaemon -> this line will get executed for
runlevel 5
------------------------------ ------------------------------ ------------------------------ ------------------------------ --------------------
- /etc/inittab executes /etc/rc.d/rc.sysinit in new subshell.
o calls /etc/sysconfig/network in same shell
It sets the hostname and checks whether Network is yes or no i.e. checks for existence for Network card
o calls /etc/init.d/functions script in the same shell.
It sets global umask and path and defines 27 shells functions within the rc.sysinit shell environment
o Displays the "Welcome to Red Hat..." from /etc/redhat-release
o Runs dmesg* which creates /var/log/dmesg and display its contents on the screen
o Mounts all local filesystems from /etc/fstab and updates /etc/mtab
mount command simply displays the contents of /etc/mtab
Now /etc/rc.d/rc.sysinit script ends!!
Summary: rc.sysinit: 1. Sets the global umask, global PATH
2. Sets up the Networking subsystem
3. Basically starts the System Daemons
------------------------------ ------------------------------ ------------------------------ ------------------------------ --------------------
Back to /etc/inittab:
- /etc/rc.d/rc script is executed in a new subshell of /etc/inittab
o It starts and stops the Application Networking daemons, by using Init Scripts
These init scripts are stored under /etc/init.d/
Their symlinks are created in all /etc/rc.d/rc?.d/directories
If name of the symlink in /etc/rc.d/rc?.d/ starts with S then those services will get start system boots.
If name of symlink in /etc/rc.d/rc?.d/ starts with K then those services will get stop when system boot.
If you want any service to start when system boots up then use below command:
# chkconfig -level on
# chkconfig level 3 gpm on --- > Enabling GPM service
o It runs /etc/rc.d/rc.local which is a symlink in all RLs and is the only script which is run regardless of the RL and is S99local in all /etc/rc.d/rc?.d/... and points to
/etc/rc.d/rc.local
- Goes back to inittab
- shutdown CAD magic keys are set - You can hack it if you wish
ca::ctrlaltdel:/sbin/shutdown -t3 -r now
- mingettys are spawned with their terminals. All mingettys enter sleep state - EXCEPT one
And here you get a LOGIN PROMPT.
- If Runlevel 5, then script " /etc/X11/prefdm" is executed..
Here INITAB is OVER.
============================== ===========================
- Size of MBR is 512 bytes.
- Boot Sector is stored in first 446 bytes.
Boot Loader resides here.
- Partition Table is stored in next 64 bytes
- Last 2 bytes are for Magic No. The magic number serves as a validation check of the MBR.
Step 3- MBR loads into RAM
- If the POST is successful, the BIOS calls INT 19H
- INT 19H is to load the sector at head 0, cylinder 0, sector 1 i.e. MBR of Hard disk into memory at 0:7C00h, and transfer control to it.
- After MBR gets loaded into RAM, BIOS handover control to it.
- It loads First Stage Boot Loader which resides in MBR
Step 4- Stage 1 Boot Loader loads into RAM
- The job of the Stage 1 Boot Loader is to find and load the Stage 2 Boot Loader
- Stage 1 BL examines Partition Table from MBR and search for Active Partition.
- It also scans remaining to verify that they are all inactive.
- Active Partition's boot record is read from the device into RAM and executed.
Step 5- Stage 2 Boot Loader & Kernel
- The purpose of Stage 2 BL is to load OS kernel into RAM.
- Now here 2 major Boot Loaders are available for Linux. i.e. LILO & GRUB. Here we w
- The main advantage of GRUB over LILO is, GRUB has knowledge of Linux Filesystems. So GRUB can load kernel directly from ext2 or ext3 filesystem. Whereas LILO uses RAW sectors on the disk and it requires BIOS calls int 13 fn 8 & int 13 fn 2.
- GRUB does this by adding one more Stage after Stage 1 i.e. Stage 1.5.
o Here Stage 1 BL loads Stage 1.5 (i.e. /boot/e2fs_stage1_5 to load ext2 or ext3 FileSystem)
o Stage 1.5 then loads Stage 2 BL.
o Now GRUB has all the information about FileSystem.
- Stage 2 BL then request to display a list of available kernel (Defined in /boot/grub/menu.lst)
It is also called GRUB startup menu, which allows the user to choose an operating system and examine and edit startup parameters.
- After an operating system is chosen, respective kernel gets loaded into RAM and Stage 2 BL passes over the control.
- Here Stage 2 BL uncompresses Kernel and fills the memory with kernel memory structures which can be seen in the /proc virtual file system
The Engine Of The Car Is Ready And Running!!
The Linux OS is ready and running!! Kernel Land is ready!!
But No User land!!
==============================
Phase2. From init to Login prompt.
- When the kernel is loaded, it immediately initializes and configures the computer's memory and configures various hardware attached to the system, including all processors, I/O subsystems, and storage devices. It then looks for the compressed initrd image in a predetermined location in memory, decompresses it, mounts it, and loads all necessary drivers.
- After this the kernel locates & starts the first user-space application /sbin/init
- Init is the Father of all Processes. Its PID is 1
- Before /sbin/init loads into RAM, it reads /etc/inittab file
- /etc/inittab is ASCII text file. Where we can configure multiple parameters for init daemon
- If you take close look of /etc/inittab, you will find below entries there ->
------------------------------
/etc/inittab
============
id:5:initdefault:
# System initialization.
si::sysinit:/etc/rc.d/rc.
I have explained below about rc.sysinit
l0:0:wait:/etc/rc.d/rc 0
l1:1:wait:/etc/rc.d/rc 1
l2:2:wait:/etc/rc.d/rc 2
l3:3:wait:/etc/rc.d/rc 3
l4:4:wait:/etc/rc.d/rc 4
l5:5:wait:/etc/rc.d/rc 5
l6:6:wait:/etc/rc.d/rc 6
# Trap CTRL-ALT-DELETE
ca::ctrlaltdel:/sbin/shutdown -t3 -r now
# When our UPS tells us power has failed, assume we have a few minutes
# of power left. Schedule a shutdown for 2 minutes from now.
# This does, of course, assume you have powerd installed and your
# UPS connected and working correctly.
pf::powerfail:/sbin/shutdown -f -h +2 "Power Failure; System Shutting Down"
# If power was restored before the shutdown kicked in, cancel it.
pr:12345:powerokwait:/sbin/
# Run gettys in standard runlevels
1:2345:respawn:/sbin/mingetty tty1
2:2345:respawn:/sbin/mingetty tty2
3:2345:respawn:/sbin/mingetty tty3
4:2345:respawn:/sbin/mingetty tty4
5:2345:respawn:/sbin/mingetty tty5
6:2345:respawn:/sbin/mingetty tty6
# Run xdm in runlevel 5
x:5:respawn:/etc/X11/prefdm nodaemon -> this line will get executed for
runlevel 5
------------------------------
- /etc/inittab executes /etc/rc.d/rc.sysinit in new subshell.
o calls /etc/sysconfig/network in same shell
It sets the hostname and checks whether Network is yes or no i.e. checks for existence for Network card
o calls /etc/init.d/functions script in the same shell.
It sets global umask and path and defines 27 shells functions within the rc.sysinit shell environment
o Displays the "Welcome to Red Hat..." from /etc/redhat-release
o Runs dmesg* which creates /var/log/dmesg and display its contents on the screen
o Mounts all local filesystems from /etc/fstab and updates /etc/mtab
mount command simply displays the contents of /etc/mtab
Now /etc/rc.d/rc.sysinit script ends!!
Summary: rc.sysinit: 1. Sets the global umask, global PATH
2. Sets up the Networking subsystem
3. Basically starts the System Daemons
------------------------------
Back to /etc/inittab:
- /etc/rc.d/rc script is executed in a new subshell of /etc/inittab
o It starts and stops the Application Networking daemons, by using Init Scripts
These init scripts are stored under /etc/init.d/
Their symlinks are created in all /etc/rc.d/rc?.d/directories
If name of the symlink in /etc/rc.d/rc?.d/ starts with S then those services will get start system boots.
If name of symlink in /etc/rc.d/rc?.d/ starts with K then those services will get stop when system boot.
If you want any service to start when system boots up then use below command:
# chkconfig -level
# chkconfig level 3 gpm on --- > Enabling GPM service
o It runs /etc/rc.d/rc.local which is a symlink in all RLs and is the only script which is run regardless of the RL and is S99local in all /etc/rc.d/rc?.d/... and points to
/etc/rc.d/rc.local
- Goes back to inittab
- shutdown CAD magic keys are set - You can hack it if you wish
ca::ctrlaltdel:/sbin/shutdown -t3 -r now
- mingettys are spawned with their terminals. All mingettys enter sleep state - EXCEPT one
And here you get a LOGIN PROMPT.
- If Runlevel 5, then script " /etc/X11/prefdm" is executed..
Here INITAB is OVER.
==============================
Phase3. From Login prompt to Bash Prompt
Now mingettys are loaded.
What is getty?
A getty is is a program that opens a tty port, prompts for a login name, and runs the /bin/login command. It is normally invoked by init.
The mingetty daemon is used to listen for virtual consoles (like the 6 that run by default with your keyboard and monitor) and cannot be used to handle serial lines
You will need to configure agetty or mgetty to listen on the serial ports, because they are capable of responding to input on physical serial ports.
How do you get Login Prompt?
- The first mingetty [awake one] loads device driver for /dev/tty1 & executes /etc/issue
- mingetty then executes the /bin/login process and is then put to sleep state by init
- /bin/login displays login prompt.
Towards Bash prompt ->
- /bin/login execs /usr/bin/passwd which challenges for passwd from user which then does authentication and authorization using PAM
- init then puts the login daemon into sleep state, wakes up mingetty which now takes over
- mingetty checks for .hushlogin in $HOME/$USER
If $HOME/.hushlogin DOES NOT EXISTS then it does the following:
- executes lastlog* -u $USER using /var/log/lastlog
- executes cat /etc/motd
- executes users mail, if any, in /var/spool/mail/$USER
- init then wakes /bin/login process
- mingetty then goes into zombie state and is killed by init
- login then loads /bin/bash as a monitored child process
- /bin/bash takes over
- and login goes into sleep state
- Executes /etc/profile -> sets system-wide ENV variables Global Profile
- Executes /etc/inputrc -> Sets keyboard mappings [See stty -a] Show Terminal characteristics
Examples -> # stty intr ^g --> Keyboard mapping
# stty -echo --> Terminal Characteristics
#/etc/inputrc See man bash - /bell-style
============
set bell-style [audible] [none] [visible]
set disable-completion [off] on
To do it per-user:
=================
setterm -blength 0 [in per user .bash_profile]
or
xset b off [in GUI]
[bash -r, --noediting as args in /etc/passwd 7th field]
- Executes /etc/profile.d/*.sh [16 shell scripts are executed]
colorls.csh colorls.sh
glib2.csh glib2.sh
gnome-ssh-askpass.csh gnome-ssh-askpass.sh
krb5-workstation.csh krb5-workstation.sh
lang.csh lang.sh
less.csh less.sh
vim.csh vim.sh
which-2.sh
- Executes /etc/bashrc - Sets system-wide [Global] aliases/shell functions
sets the users and root's final global umask
- Executes user's personal .bash_profile
- Executes .bashrc -> user specific Bash initialization file. It resides at every users home directory. And gets executed when you successfully login to the Linux system.
- Misc :
o .bash_history -> It stores all command history
o .bash_logout -> It stores logout logs. It gets executes while Logoff.
Finally, at last, the comforting shell login prompt bash!!
========================= Boot Process Ends
here====================
Now mingettys are loaded.
What is getty?
A getty is is a program that opens a tty port, prompts for a login name, and runs the /bin/login command. It is normally invoked by init.
The mingetty daemon is used to listen for virtual consoles (like the 6 that run by default with your keyboard and monitor) and cannot be used to handle serial lines
You will need to configure agetty or mgetty to listen on the serial ports, because they are capable of responding to input on physical serial ports.
How do you get Login Prompt?
- The first mingetty [awake one] loads device driver for /dev/tty1 & executes /etc/issue
- mingetty then executes the /bin/login process and is then put to sleep state by init
- /bin/login displays login prompt.
Towards Bash prompt ->
- /bin/login execs /usr/bin/passwd which challenges for passwd from user which then does authentication and authorization using PAM
- init then puts the login daemon into sleep state, wakes up mingetty which now takes over
- mingetty checks for .hushlogin in $HOME/$USER
If $HOME/.hushlogin DOES NOT EXISTS then it does the following:
- executes lastlog* -u $USER using /var/log/lastlog
- executes cat /etc/motd
- executes users mail, if any, in /var/spool/mail/$USER
- init then wakes /bin/login process
- mingetty then goes into zombie state and is killed by init
- login then loads /bin/bash as a monitored child process
- /bin/bash takes over
- and login goes into sleep state
- Executes /etc/profile -> sets system-wide ENV variables Global Profile
- Executes /etc/inputrc -> Sets keyboard mappings [See stty -a] Show Terminal characteristics
Examples -> # stty intr ^g --> Keyboard mapping
# stty -echo --> Terminal Characteristics
#/etc/inputrc See man bash - /bell-style
============
set bell-style [audible] [none] [visible]
set disable-completion [off] on
To do it per-user:
=================
setterm -blength 0 [in per user .bash_profile]
or
xset b off [in GUI]
[bash -r, --noediting as args in /etc/passwd 7th field]
- Executes /etc/profile.d/*.sh [16 shell scripts are executed]
colorls.csh colorls.sh
glib2.csh glib2.sh
gnome-ssh-askpass.csh gnome-ssh-askpass.sh
krb5-workstation.csh krb5-workstation.sh
lang.csh lang.sh
less.csh less.sh
vim.csh vim.sh
which-2.sh
- Executes /etc/bashrc - Sets system-wide [Global] aliases/shell functions
sets the users and root's final global umask
- Executes user's personal .bash_profile
- Executes .bashrc -> user specific Bash initialization file. It resides at every users home directory. And gets executed when you successfully login to the Linux system.
- Misc :
o .bash_history -> It stores all command history
o .bash_logout -> It stores logout logs. It gets executes while Logoff.
Finally, at last, the comforting shell login prompt bash!!
=========================
Thursday, August 2, 2012
SAMBA Interview Question & Answer
Q: - Which SELinux
security context used for SAMBA ?
samba_share_t
Q: - On which ports
SAMBA server works ?
- UDP port 137 for netbios-ns, the NETBIOS Name Service
- UDP port 138 for netbios-dgm, the NETBIOS Datagram Service
- TCP port 139 for netbios-ssn, the NETBIOS session service
- TCP port 445 for microsoft-ds, the Microsoft Domain
Service
Q: - What are the
Secrity or Authentication Mode for SAMBA server?
ADS
DOMAIN
SERVER
USER
SHARE
Q: - How to Manually
Create Machine Trust Accounts ?
/usr/sbin/useradd -g machines -d /var/lib/nobody -c
"machine nickname" -s /bin/false machine_name$
passwd -l machine_name$
Q: - What are the
SAMBA server Types ?
- Primary Domain Controller (PDC)
- Backup Domain Controller (BDC)
- ADS Domain Controller
Q: - Which protocol
SAMBA server uses ?
SMB, which stands for Server Message Block, is a protocol
for sharing files, printers, serial ports, and communications abstractions such
as named pipes and mail slots between computers.
Q: - How Does a Workstation
find its Domain Controller?
There are two different mechanisms to locate a domain
controller: one method is used when NetBIOS over TCP/IP is enabled and the
other when it has been disabled in the TCP/IP network configuration. Where
NetBIOS over TCP/IP is disabled, all name resolution involves the use of DNS,
broadcast messaging over UDP, as well as Active Directory communication
technologies.
Q: - Can Samba Be a
Backup Domain Controller to an NT4 PDC?
No. The native NT4 SAM replication protocols have not yet
been fully implemented.
Q: - How Do I
Replicate the smbpasswd File?
Replication of the smbpasswd file is sensitive. It has to be
done whenever changes to the SAM are made. Every user's password change is done
in the smbpasswd file and has to be replicated to the BDC. So replicating the
smbpasswd file very often is necessary.As the smbpasswd file
contains plaintext password equivalents, it must not be sent unencrypted over
the wire. The best way to set up smbpasswd replication from the PDC to the BDC
is to use the utility rsync. rsync can use ssh as a transport. ssh itself can
be set up to accept only rsync transfer without requiring the user to type a
password.As said a few times before, use of this method is broken and awed.
Machine trust accounts will go out of sync, resulting in a broken domain. This
method is not recommended. Try using LDAP instead.
Q: - Can Samba fully
replace my Windows NT server that is not a Primary Domain Controller (PDC)?
Samba can completely serve files and printers to Windows,
just as a Windows NT server would.
Q: - Can Samba
replaces my Windows NT PDC?
Not completely. Samba
domain control capabilities for a Windows 9x client are solid and complete, and so these clients
would probably never know the difference. The domain control support for
Windows NT/2000 clients is still being developed. Currently, enough has been
implemented to allow a Windows NT client to join a Samba-controlled domain, but
there is more to domain control than that. The most conspicuous absence is the
lack of support for Windows NT trust relationships and the SAM replication
protocol used between NT PDCs and Backup Domain Controllers (BDCs).
Q: - What TCP and UDP
ports required for NetBIOS over TCP/IP use?
The NBT name service uses port 137/udp, the NBT session
service uses port 139/tcp, and the NBT datagram service uses port 138/udp.
Q: - How SMB protocol
works?
There will be three stages in creating an SMB connection
between a client and a specific share on a server.
The first stage in connecting to an SMB share is to
negotiate the SMB protocol dialect to use. In the request packet, the client
sends a text listing of all the SMB dialects that it understands. The server
selects the most advanced protocol that it knows and responds to the client,
specifying the protocol number from the list. At this point, the client and
server have agreed that SMB commands can be used for the remainder of the
conversation.
The second stage is to create a session connection between
the client and server. To do this, the client issues a session setup request,
which includes a sername and some proof of validity, such as a password. The
server attempts to validate requesting user. If successful, the server then
returns a session UID to client. This UID is unique for each session and has no
relation to the server internal representation of users.
The third stage before access to files on a remote share is
allowed is for the client to make a successful tree connection to the shared
resource. The client sends to the server a tree connect request, which includes
the UID previously issued by the server. At this stage the server verifies that
the authenticated user is authorized to access the requested resource. If the
user has sufficient privileges to access the share, the client is issued a tree
connection ID (TID). The TID is used in all requests to access files contained
in the resource to which the TID refers.
In this way SMB protocol works.
Q: - How man sections
samba configuration file (smb.conf) contains?
smb.conf file contains three sections.
1. [global] Contains settings that determine Samba overall
behavior.
2. [homes] A default share for providing a home directory
for all users.
3. [printers] A default share for exporting all printers on
the host via CIFS.
Q: - If a netbios
name is not defined in smb.conf, than what will be netbios name?
If a netbios name is not defined, Samba will use the IP
hostname of the server by default.
Q: - I want to use
User level security for my samba server than what i have to add in smb.conf file?
security = user
Q: - How you will
verify that your smb.conf file doesn’t have any mistakes and misspellings?
"testparm " tool that verifies the syntax of a
configuration file(smb.conf).
testparm -s smb.conf
Q: - What is the use
of "smbclient" command?
"smbclient" is used to display the list of shares
on your server. This verifies that smbd is running and functioning correctly.
The -L option instructs smbclient to enumerate the shares on the server rather
than actually connecting to one. The -N
switch instructs smbclient to use an anonymous login rather than the login name
of the current user.
smbclient -L localhost -N
Antother use of "smbclient" command to connect the
samba share.
smbclient /// -U
Q: - Explain
"smbstatus" command?
The smbstatus utility displays information about connected
users and currently locked files.
Q: - Is it possible
for Samba to share file systems that have been mounted using NFS?
Yes. However, this can be problematic if the NFS server that
provides the file system fails, causing the Samba server to hang. It is always
safer to use Samba to share a local file system.
Q: - How many
simultaneous connections can a Samba server support?
In theory, there is no limit. In practice, the limit is
determined by the server’s hardware, specifically the total amount of available
RAM and the CPU power. It might also depend on the amount of activity from the
smbd processes.
Q: - Can Samba be a
member of more than one workgroup at the same time?
No, Samba can be a member of only one workgroup.
Q: - What is SWAT?
SWAT is GUI Based administration tool for samba server.
Q: - I am trying to
use SWAT, but I keep getting the message There was no response. The server
could be down or not responding. What is the problem?
The most likely cause is that SWAT is not listening to
connections, or you have used the wrong URL in trying to connect to SWAT. SWAT
usually lives behind port 901, so the URL you should use is http://ID_ADDRESS_OF_SERVER:901/
Q: - Can i set empty password
for samba user?
Yes, if you want to set the value
to an empty password, you must change
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXX
to
NOPASSWORDXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XX
in your smbpasswd file.
XX
in your smbpasswd file.
Note: - if you have edited the
smbpasswd file by hand, make sure that the LAN Manager and NT password fields
contain exactly 32 characters, no more and no fewer. If these fields do not
have exactly 32 characters, Samba will not be able to correctly read the entry.
or You can modify by
"smbpasswd" command.
smbpasswd -n USER_NAME
Also you have to set the null passwords parameter to yes in the [global] section of smb.conf:
null passwords = yes
smbpasswd -n USER_NAME
Also you have to set the null passwords parameter to yes in the [global] section of smb.conf:
null passwords = yes
Q: - Can i set empty password for samba user?
Yes, If you want to set the value
to an empty password, you must change
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXX
to
NOPASSWORDXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XX
in your smbpasswd file.
Note: - if you have edited the
smbpasswd file by hand, make sure that the LAN Manager and NT password fields
contain exactly 32 characters, no more and no fewer. If these fields do not
have exactly 32 characters, Samba will not be able to correctly read the entry.
or You can modify by
"smbpasswd" command.
smbpasswd -n USER_NAME
Also you have to set the null
passwords parameter to yes in the [global] section of smb.conf: null passwords
= yes
Q: - Does Samba
support PAM?
Yes
Q: - What is role of
"NTLM"?
The challenge / response authentication protocol available to Windows
clients and servers for validating connection requests.
Q: - Explain
"force group" parameter used in smb.conf?
It will define the group id to be used for all file access
in the place of the user’s primary group.
Q: - Explain
"force user" parameter used in smb.conf?
It will define the user id to be used for all file access.
Q: - Explain
"write list" parameter used in smb.conf?
A list of users and/or groups that should be given write
access even if the read only parameter has been enabled.
SEND MAIL IINTERVIEW QUESTION & ANSWER
Q: - How to start
sendmail server ?
service sendmail restart
Q: - On which ports
sendmail and senmail with SSL works ?
By default, Sendmail uses TCP and UDP port 25 for
non-encrypted transfers. If the Sendmail server is configured to use SSL for
encrypting email sent and received, it uses port 465.
Q: - Explain use of
"trusted-users" file ?
List of users that can send email as other users without a
warning including system users such as apache for the Apache HTTP Server.
Q: - Explain the use
of "local-host-names" file ?
If the email server should be known by different hostnames,
list the host- names in this file, one line per hostname. Any email sent to
addresses at these hostnames is treated as local mail. The FEATURE(`use_cw_file̢۪)
option must be enabled in the sendmail.mc file for this file to be referenced.
Q: - explain the use
of /etc/aliases file ?
/etc/aliases, can be used to redirect email from one user to
another. By default, it includes redirects for system accounts to the root
user. It can then be used to redirect all email for the root user to the user
account for the system administrator.
Q: - Can we use SSL
Encryption with Sendmail ?
Yes, Sendmail can be configured to encrypt email sent and
received using SSL (secure sockets layer)
Q: - What is Sendmail
?
Sendmail is an MTA, meaning it accepts email messages sent
to it using the SMTP proto- col and transports them to another MTA email server
until the messages reach their destinations. It also accepts email for the
local network and delivers them to local mail spools, one for each user.
Q: - What is the role
of MUA ?
An MUA (Mail User Agent) with access to the mailbox file,
directly or through a network file system, can read messages from the disk and
display them for the user. This is generally a console or webmail application
running on the server.
Q: - Which are the
important configuration files for Sendmail server ?
The /etc/mail/ directory contains all the Sendmail
configuration files, with sendmail.cf and submit.cf being the main
configuration files. The sendmail.cf file includes options for the mail
transmission agent and accepts SMTP connections for sending email. The
submit.cf file configures the mail submission program.
Q: - How to configure
sendmail to accept mail for local delivery that is addressed to other hosts?
Create a /etc/mail/local-host-names file. Put into that file
the hostnames and domain names for which sendmail should accept mail for local
delivery. Enter the names with one hostname or domain name per line. And also
make sure that Sendmail configuration file should contain
"use_cw_file" option.
dnl Load class $=w with other names for the local host
FEATURE(`use_cw_file')
Q: - When an
organization stores aliases on an LDAP server, how you will configure sendmail
to read aliases from the LDAP server?
Use "sendmail -bt -d0" command to check the
sendmail compiler options. If sendmail was not compiled with LDAP support,
recompile and reinstall sendmail.
Add an ALIAS_FILE define, containing the string ldap to the sendmail configuration.
# Set the LDAP cluster value
define(`confLDAP_CLUSTER', `wrotethebook.com')
# Tell sendmail that aliases are available via LDAP
define(`ALIAS_FILE', `ldap:')
Q: - How to forward
emails of a local user to external address?
Add an alias to the aliases file for each user whose mail
must be forwarded to another system. The recipient field of the alias entry
must be a full email address that includes the host part. After adding the
desired aliases, rebuild the aliases database file with the newaliases command.
Q: - You have been
asked to create a sendmail configuration that sends all local mail to a mail
hub, while directly delivering mail addressed to external systems.
Create a sendmail configuration containing the MAIL_HUB
define to identify the mail relay host for local mail. Use the LOCAL_USER
command to exempt the root user's mail from relaying.
dnl Define a relay server for local mail
define(`MAIL_HUB', `smtp.test.com')
dnl Users whose mail is not passed to the mail hub
LOCAL_USER(root)
Rebuild and reinstall sendmail.cf, and then restart
sendmail.
Q: - How to configure multiple mail queues?
mkdir /var/spool/mqueue/queue.1
mkdir /var/spool/mqueue/queue.2
mkdir /var/spool/mqueue/queue.3
chmod 700 /var/spool/mqueue/queue.1
chmod 700 /var/spool/mqueue/queue.2
chmod 700 /var/spool/mqueue/queue.3
Add the QUEUE_DIR define to the sendmail configuration to
use the new queue directories.
dnl Declare the queue directory path
define(`QUEUE_DIR', `/var/spool/mqueue/queue.*')
Q: - How to disable certain SMTP commands?
Add the confPRIVACY_FLAGS define to the sendmail
configuration to set Privacy Options that disable unwanted, optional SMTP
commands. Here we will disables the EXPN, VRFY, VERB, and ETRN commands.
dnl Disable EXPN, VRFY, VERB and ETRN
define(`confPRIVACY_FLAGS', `noexpn,novrfy,noverb,noetrn')
Rebuild and reinstall sendmail.cf, and then restart
sendmail.
Q: - In which
Sendmail configuration file we have to make changes?
we will make the changes only in the sendmail.mc file, and
the changes will be moved into the sendmail.cf file for us.
Q: - When Sendmail
dispatches your email, it places the servers hostname behind your username,
which becomes the "from address" in the email (ie.
user@mail.test.com).But we want to use the domain name and not the hostname?
define(`confDOMAIN_NAME', `test.com')dnl
FEATURE(`relay_entire_domain')dnl
Q: - What does /etc/mail/access
file contains?
The access database ("/etc/mail/access") is a list
of IP addresses and domainnames of allowable connections.
FEATURE(`access_db',`hash -T -o
/etc/mail/access.db')dnl
and cat
/etc/mail/access
localhost.localdomain RELAY
localhost RELAY
127.0.0.1 RELAY
192.168.0
RELAY
test.com RELAY
Q: - How to restrict sendmail
to sending a big file?
define(`confMAX_MESSAGE_SIZE',`52428800')dnl
or If you are using a PHP based webmail application like
SquirrelMail, you can adjust the max file size in php.ini file.
vi php.ini
post_max_size = 50M
upload_max_filesize = 50M
memory_limit = 64M
Q: - How to set 25
recipients for each email?
define(`confMAX_RCPTS_PER_MESSAGE',`50')dnl
Q: - Which antivirus
you have integrated with sendmail ?
ClaimAV
Q: - What is
Clamav-Milter?
Clamav-Milter is a tool to integrate sendmail and clamAV
antivirus.
Q: - Which
configuration files are required to integrate sendmail and ClaimAV antivirus?
milter.conf and clamav-milter
Q: - How to test
sendmail integration with ClaimAV?
grep Milter /var/log/maillog
You have to get following type of messages.
sendmail: Milter add: header: X-Virus-Scanned: ClamAV
version 0.88.2, clamav-milter version 0.88.2 on mail.test.com
sendmail: Milter add: header: X-Virus-Status: Clean
Q: - Which tool you
have used to block spamming?
SpamAssassin
Q: - What does
"/etc/mail/" directory contains?
The /etc/mail/ directory contain all the Sendmail
configuration files, with sendmail.cf and submit.cf being the main
configuration files.
Q: - Explain the use
of /etc/mail/relay-domains file?
The /etc/mail/relay-domains file is used to determine
domains from which it will relay mail. The contents of the relay-domains file
should be limited to those domains that can be trusted not to originate spam.
Friday, July 27, 2012
Mouse Emulator
Is your mouse broken, or did you just forget it? Or maybe you are
having USB driver problems, and your mouse isn't working. With
Mouse Emulator, you can still use your computer.
Yust run the program, and it will show you
which keys you have to press to move the mouse cursor. For more
information, check the readme or read the manual on this page.
This program is also very usefull for
laptop owners with low quality mouses. Just hold down the Fn key,
and you can use the numeric keypad in the center of your keyboard
to move the mouse!
Mouse Emulator can also toggle mouse
buttons with a simple key press. This is very useful for RSI
users that have problems with drag operations with the mouse.
The program recognizes the following keys:
(NumLock must be ON!)
- Keypad 1 - Left mouse button
- Keypad 2 - Right mouse button
- Keypad 3 - Middle mouse button
- Keypad 4, 5, 6, 8 - Moves the mouse left, down, right and/or up respectively.
- Keypad 7 - Mousewheel up (Scroll)
- Keypad 9 - Mousewheel down (Scroll)
- Keypad / - Toggle Left mouse button (Useful for RSI users)
- Keypad * - Toggle Right mouse button (Useful for RSI users)
- Keypad - - Toggle Middle mouse button (Useful for RSI users)
You can exit Mouse Emulator by right
clicking on the mouse icon in the taskbar.
Monday, July 16, 2012
Linux File System Structure
1. / – Root
- Every single file and directory starts from the root directory.
- Only root user has write privilege under this directory.
- Please note that /root is root user’s home directory, which is not same as /.
2. /bin – User Binaries
- Contains binary executables.
- Common linux commands you need to use in single-user modes are located under this directory.
- Commands used by all the users of the system are located here.
- For example: ps, ls, ping, grep, cp.
3. /sbin – System Binaries
- Just like /bin, /sbin also contains binary executables.
- But, the linux commands located under this directory are used typically by system aministrator, for system maintenance purpose.
- For example: iptables, reboot, fdisk, ifconfig, swapon
4. /etc – Configuration Files
- Contains configuration files required by all programs.
- This also contains startup and shutdown shell scripts used to start/stop individual programs.
- For example: /etc/resolv.conf, /etc/logrotate.conf
5. /dev – Device Files
- Contains device files.
- These include terminal devices, usb, or any device attached to the system.
- For example: /dev/tty1, /dev/usbmon0
6. /proc – Process Information
- Contains information about system process.
- This is a pseudo filesystem contains information about running process. For example: /proc/{pid} directory contains information about the process with that particular pid.
- This is a virtual filesystem with text information about system resources. For example: /proc/uptime
7. /var – Variable Files
- var stands for variable files.
- Content of the files that are expected to grow can be found under this directory.
- This includes — system log files (/var/log); packages and database files (/var/lib); emails (/var/mail); print queues (/var/spool); lock files (/var/lock); temp files needed across reboots (/var/tmp);
8. /tmp – Temporary Files
- Directory that contains temporary files created by system and users.
- Files under this directory are deleted when system is rebooted.
9. /usr – User Programs
- Contains binaries, libraries, documentation, and source-code for second level programs.
- /usr/bin contains binary files for user programs. If you can’t find a user binary under /bin, look under /usr/bin. For example: at, awk, cc, less, scp
- /usr/sbin contains binary files for system administrators. If you can’t find a system binary under /sbin, look under /usr/sbin. For example: atd, cron, sshd, useradd, userdel
- /usr/lib contains libraries for /usr/bin and /usr/sbin
- /usr/local contains users programs that you install from source. For example, when you install apache from source, it goes under /usr/local/apache2
10. /home – Home Directories
- Home directories for all users to store their personal files.
- For example: /home/john, /home/nikita
11. /boot – Boot Loader Files
- Contains boot loader related files.
- Kernel initrd, vmlinux, grub files are located under /boot
- For example: initrd.img-2.6.32-24-generic, vmlinuz-2.6.32-24-generic
12. /lib – System Libraries
- Contains library files that supports the binaries located under /bin and /sbin
- Library filenames are either ld* or lib*.so.*
- For example: ld-2.11.1.so, libncurses.so.5.7
13. /opt – Optional add-on
Applications
- opt stands for optional.
- Contains add-on applications from individual vendors.
- add-on applications should be installed under either /opt/ or /opt/ sub-directory.
14. /mnt – Mount Directory
- Temporary mount directory where sysadmins can mount filesystems.
15. /media – Removable Media Devices
- Temporary mount directory for removable devices.
- For examples, /media/cdrom for CD-ROM; /media/floppy for floppy drives; /media/cdrecorder for CD writer
16. /srv – Service Data
- srv stands for service.
- Contains server specific services related data.
- For example, /srv/cvs contains CVS related data.
Thursday, July 12, 2012
DESKTOP LEVEL INTERVIEW QUESTION & ANSWER
QUESTION & ANSWER
Difference between Switch and Hub
Switch HUB
a. Works at
layer 2 works at layer 1
b. Uses MAC
address for packet uses broadcast
for packet forwarding
forwarding
c. Does not
required CSMA/CD requires
CSMA/CD
d. Faster
than HUB Slower than Switch
e. Full-duplex Half-duplex
f. high
throughput Low throughput
What is bandwidth of
of CAT5 & CAT 6 cables?
Answer: CAT 5 - 100 Mbps, CAT 6 – 1000 Mbps
What is the recommended CAT5 cable length between switch and
PC ?
Answer: 100 meters
When to use cross cable and straight cable
Answer: Similar device = cross cable
• Switch
to switch
• PC to PC
• Hub to
HUB
• Switch
to HUB
• PC to
router
• router
to router
Unsimilar device = straight cable
• PC to
switch
• PC to
HUB
• Router
to Switch
Difference between domain and workgroup
Answer:
Domain Workgroup
A. centralized
network model Decentralized
network
B. Domain is
controlled by DC No
centralized control
C. Centralized
login Local
login
D. centralized
user database local
user data based
E. Easy and
centralized management NA
F. good for
large network good
for small network
Explain in short about all 7 layers of OSI
Answer:
• Application
layer - user interface and application Data conversion
• Presentation
layer - and transformation keep data of diff
• Session
layer - application separately end to end connectivity
• Transport
layer - using port numbers, logical addressing like IP
• Network
layer - address. Physical addressing like MAC
• Data link
layer - address. Physical transmission of data using
• Physical
layer - O's and l's.
_______________________________________________________________________
Define Active
directory service
Answer: ADS is a new logical network model of windows 2000
and 2003 which includes forest, trees, domain, etc.
What if forest. ?
Answer: forest is collection of single or multiple trees.
What is trees?
Answer: Trees are collection of single or multiple domain
arrange in hierarchy using child-parent relationship.
Which authentication protocols are supported by ADS?
Answer: NTLM and Kerberos
What is Global Catalog?
Answer: GC is a DC which maintains full copy of local domain
parti on and partial copy of entire forest.
What is function of LDAP?
Answer: LDAP is a protocol used to query or access active
directory database. It uses port 389.
What are the requirements for ADS?
Answer:
A) Windows
2000/2003 Server Operating System
b) TCP/IP
protocol and IP address
c) Network
Card with Active state
d) NTFS
partition
What is Sysvol?
Answer: Sysvol (System Volume) a special folder located on
NTFS partition of DC for storing domain public files like logon script, GPO
templates, etc. The contents of sysvol folder are replicated to all DC in a
domain.
______________________________________________________________________________
Difference between FAT32 and NTFS
Answer:
FAT32 NTFS
a. Supported
by win9x, 2000, 2003, xp supported
by NT, 2000, 2003, xp
b. Remote
security Local security
c. NA compression and encryption
d. NA Hot
Fixing
e. NA Shadow
copy and Disk quota
Difference between Basic disk and dynamic disk
Answer:
Basic Disk Dynamic
disk
partition
are created Volumes
are created
can be
converted to dynamic cannot be
converted to basic
grouping
of disk not allowed grouping
of disk are allowed
No data
redundancy data
redundancy using RAID 1/5
partition
table is at start Partition table is at end
Explain about RAID-1
Answer:
A. Min. and
max. 2 hard disk
b. If any
one disk fails data can be recovered from other disk.
c. 50%
space wastage.
D. no
read/write performance improvement.
E. good for
storing Operating system.
Explain about RAID-5
Answer:
A. data is
stored in distributed format across all the disk
B. min 3
max. 32
C. if any
one disk fails data can be recovered using parity.
D. parity
space wastage eg. parity = total space \ no of disk.
E. good for
storing data.
Can we convert FAT32 to NTFS? How?
Answer: you can convert FAT32 partition to NTFS using
convert.exe command.
Eg . convert /fs:ntfs
What is mounting?
Answer: mounting is a process of assigning or mapping of the
folder to a drive.
What is RAID?
Answer: RAID is a technology of grouping disk in order to
provide more space and redundancy. There are total 54 RAID method. Windows 2003
support RAID 0, 1 and 5.
What is difference between mirroring and duplexing?
Answer: Mirroring requires single controller and duplexing
requires two controllers.
______________________________________________________________________________
What is Web Server?
Answer: Web server is a server or application server which
host or stores websites. Every web site should have a name like www.vision.com
and IP address. Eg. IIS, Apache server, etc.
What is mail server?
Answer: Mail server is a software which maintains user
mailboxes, eg : Exchange server , Lotus domino, etc.
What is mail client?
Answer: software used by client to access to mails stores on
mail server, using mail client software you can send mail and receive mail. Eg:
Microsoft Outlook, Outlook Express, Lotus notes, etc.
What is Proxy server?
Answer: It is software used for sharing of internet
connection.
E.g. Wingate, Win proxy, Analog proxy, etc.
Port numbers for various application and services
Answer:
There are total 65536 ports available. Below are the lists
of some well-known ports.
LDAP : 389
Global catalog:
Kerberos : 88
DNS : 53
SMTP : 25
POP3 : 110
Telnet : 23
NNTP : 119
IMAP : 143
RPC : 135
HTTP : 80
HTTPS/SSL : 443
FTP : 21
What is firewall?
Answer: It is software used to provide security to your network
by not allowing unauthorized access to your internal network from External
users. Eg: PIX firewall, Checkpoint firewall, etc.
Subscribe to:
Posts (Atom)