Showing posts with label UNIX. Show all posts
Showing posts with label UNIX. Show all posts

Tuesday, October 7, 2014

Disk Metadata : Superblock, Directory and Inodes

Metadata
Filesystem blocks are user for 2 purposes : To store User data and Metadata
  • User data - stores actual data contained in files
  • Metadata - stores file system structural information such as superblock, inodes, directories
Metadata describes the structure of the file system. Most common metadata structure are superblock, inode and directories.

Superblocks
Every FS has a superblock which contains info about filesystems such as :
  • File system type
  • Size
  • Status
  • Information about other metadata structures
    • For filesystems with 1k blocksizes, a backup superblock can be found at block 8193
    • For filesystems with 2k blocksizes, at block 16384
    • For 4k blocksizes, at block 32768.
List backup superblocks:
# dumpe2fs /dev/hda3 | grep -i superblock

If Superblock  is corrupted, restore with backup :
# e2fsck -f -b 8193 /dev/sda3
 
Inode
 
 An inode is a data structure on a Linux Unix FS which stores stores basic information about a regular file, directory, or other file system objects.  

Monday, April 28, 2014

Recover deleted files used by any process in Linux from RAM memory.


Every thing in Linux is a File. A file in turn is actually a pointer to inode which contain the actual data on the disk, permissions, ownership. Now what happens when a file is deleted ? Only the link is removed by not the inode or the actual data. if a process is using the file, or if the file is open , the inode is not released for overwriting util the process is done with the file. Such files will remain in the server memory (RAM). 

Lets discuss how to recover such deleted files which is being used by a process.

Lets do it with an example.

Create a test file.
# touch testfile.txt

Echo some random data on it.
# cat /dev/random > testfile.txt

Open the file using some command like below.
# less  testfile.txt

# ps -ef | grep -i less
less 4607 root  4r  REG 254,4   21  
           8880214 /root/testing.txt (deleted)

All the open files remain in the memory and hence in the /proc filesystem. The important columns in the above output are the second one, which gives you the PID of the process that has the file open (4607), and the fourth one, which gives you the file descriptor (4). Now, we go look in /proc, where there will still be a reference to the inode, from which you can copy the file back.

# ls -l /proc/4607/fd/4
lr-x------ 1 root root 64 Apr  7 03:19 
             /proc/4607/fd/4 -> /root/testing.txt (deleted)
  
To recover the deleted file in memory, just copy as below.
 #cp /proc/4607/fd/4 testing.txt.bk


Hurray you got your file back. Just make sure not to use "-a" switch while copying the file as this will copy the broken softlink.

JK

 

Tuesday, April 8, 2014

Sendmail Error : NOQUEUE: SYSERR(root): No local mailer defined NOQUEUE: SYSERR(root): QueueDirectory (Q) option must be set

Error using m4 macro while building sendmail.cf from sendmail.mc on RHEL 6 / CentOS 6 flavors?

[root@cent1]# m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf
m4:/etc/mail/sendmail.mc:10: cannot open `/usr/share/sendmail-cf/m4/cf.m4': No such file or directory
[root@cent1]#

The above error is because the package sendmail-cf is not installed.


You will have the below error messages on the /var/log/maillog file also. 

sendmail[3215]: gethostbyaddr(10.0.3.15) failed: 2
sendmail[3215]: NOQUEUE: SYSERR(root): No local mailer defined
sendmail[3215]: NOQUEUE: SYSERR(root): QueueDirectory (Q) option must be set

The above error is because the sendmail.cf is not configured properly. 

Fix is to install the package sendmail-cf, build sendmail.cf from sendmail.mc and restart sendmail service.

Install the sendmail-cf

# yum install -y sendmail-cf


Comment the entry which makes the sendmail listens only to loopback address as below by adding "dnl" on /etc/mail/sendmail.mc

# vi /etc/mail/sendmail.mc
dnl # DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl

# m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf

# service sendmail restart

Check if sendmail is started properly.

[root@cent1 ~]# netstat -tulnp |  grep -i :25
tcp        0      0 0.0.0.0:25                  0.0.0.0:*                   LISTEN      3748/sendmail
[root@cent1 ~]#

Hope this helps.
Jk


Thursday, April 25, 2013

Set Setuid, Setgid and Sticky bit in Linux

Special permissions on files and directories in linux are : SetUID, SetGID and Sticky bit.

With the help of “chmod” command  we can implement the special permissions on file and directories.

SUID / Set User ID : A program is executed with the file owner's permissions (rather than with the permissions of the user who executes it).

SGID / Set Group ID : Files created in the directory inherit its GID, i.e When a directory is shared between the users , and sgid is implemented on that shared directory , when these users creates  directory, then the created directory has the same gid or group owner of its parent directory.

Sticky Bit :  It is used mainly used on folders in order to avoid deletion of a folder and its content by other user though he/she is having write permissions. If Sticky bit is enabled on a folder, the folder is deleted by only owner of the folder and super user(root). This is a security measure to suppress deletion of critical folders where it is having full permissions by others.

Friday, March 30, 2012

The Find command cheat sheet


The Find Command Cheat Sheet


1. Basic find command
# find -name "TestFile"

2. Find Files Using Name and Ignoring Case
# find -iname "TestFile"

3. Limit Search To Specific Directory Level Using mindepth and maxdepth
# find / -maxdepth 3 -name passwd
-maxdepth --> will go 3 directories below -- / 1st; /etc 2nd; /usr/bin 3rd

# find / -mindepth 3 -maxdepth 5 -name passwd
will go 3 depths first and upto 5 -- so will not disply under /; /usr; /usr/bin

4. Executing Commands on the Files Found by the Find Command.
user -exec {} /;
# find -iname "TestFile" -exec md5sum {} \;

5. Inverting the match.
To inver the match use the "-not" switch
# find / -not -iname "TestFile"

6. List inodes of the files
# ls -i1 test*
16187429 test-file-name
16187430 test-file-name

# find -inum 16187430 -exec mv {} new-test-file-name \;
# ls -i1 *test*
16187430 new-test-file-name
16187429 test-file-name

7. Find file based on the File-Permissions
You can :
    * Find files that match exact permission
    * Check whether the given permission matches, irrespective of other permission bits
    * Search by giving octal / symbolic representation

# find . -perm -g=r -type f -exec ls -l {} \;
Will display all files with group permission read. Not files with readonly group permission

# find . -perm g=r -type f -exec ls -l {} \;
Will dispay files with 040 permission. i.e files with group read only permisison

# find . -perm 040 -type f -exec ls -l {} \;
Will dispay files with 040 permission. i.e files with group read only permisison

Wednesday, March 3, 2010

setuid File Permission in UNIX/Linux

In this post I am going to describe you about the 'setuid' in UNIX and Linux.

setuid or 'set user ID upon execution' and setgid or 'set group ID upon execution' are UNIX access right flags which are used to allow users to run an executable file with the permission of the executable file's owner or group. If the setuid is enabled for an executable file, the user executing the file will get permissions of the user or group that owns the executable file. This is very useful for allowing users on a computer system to run programs with temporarily elevated privileges for performing a particular task. 

These programs are needed for performing some tasks like 'ping' from an unprivileged user. The ping executable in /usr/bin folder is set with setuid bit on and consider its owner is root. So that whenever the ping command is used it is executed with elevated privileges and hence all the unprivileged users can use the ping command unless they are explicitly blocked form using it via some other means. By this hope you got the concept of setuid. Please continue reading for knowing more about setting, listing and more about setuid.