If you have a Facebook account and would like to get in touch with other visitors of this blog to discuss Unix, here’s a great way to get started: join the Unix Tutorial Facebook page!
See you all there, and feel free to share your suggestions – either here or on the wall of the Unix Tutorial.
Since it may be a while before I’m ready to use the IPv6 on my systems, I’ve been disabling IPv6 on most servers so far. And since there’s a particularly elegant way of doing this in Red Hat Linux, I think it’s worth sharing.
IPv6 is implemented as a kernel module, so you can use the lsmod command to confirm if it’s currently running on your Red Hat system:
$ lsmod | grep ip ipv6 410913 36
If lsmod doesn’t return anything, it confirms that your system isn’t running IPv6.
As you probably know, modprobe command is used for probing modules upon system boot. Probing simply means a module is loaded and an attempt is made to start it up. With any luck, the module starts successfully and its functionality becomes available to the Linux kernel.
For the boot stage, modprobe uses a special config file which helps you control its behavior: /etc/modprobe.conf. For now, let’s just concentrate on the IPv6 task at hand. To make sure modprobe doesn’t load the actual module next time your OS reboots, add the following line to the top of the /etc/modprobe.conf file (yes, you’re going to need root privileges for this):
install ipv6 /bin/true
WHY THIS WORKS: just to quickly explain the line above, here’s why we’re using the /bin/true command. install is rule of the modprobe config file which overrides the standard way of probing a module. Effectively, it tells modprobe to just run the specified command for starting a module. In the line above, we’re telling modprobe to use the /bin/true command for probing the ipv6 module. And as you remember, /bin/true is a command which doesn’t do anything but still returns a successful completion code – so in effect we’re doing nothing instead of loading the ipv6 module, and we’re looking good while doing this too.
Next, add the the following two lines to the same /etc/modprobe.conf file, and they will ensure that common aliases used for starting the IPv6 module are ignored by modprobe:
alias net-pf-10 off alias ipv6 off
IMPORTANT: These change doesn’t immediately disable IPv6 on your system. Being a pretty important module, IPv6 isn’t easy to disable on a live system, and so the easiest is to always follow the changes above with a reboot.
The ip6tables service (/etc/init.d/ip6tables sciprt) is responsible for starting IPv6 firewall, and so you probably want to disable it:
# chkconfig ip6tables off
and then confirm that it won’t be started next time you reboot or switch to any runlevel:
# chkconfig --list ip6tables ip6tables 0:off 1:off 2:off 3:off 4:off 5:off 6:off
That’s it, there really is nothing else to disabling IPv6. Let me know if you have any questions, otherwise I’ll talk to you soon!
Since it’s Blog Action Day 2009 today, I’d like to remind all the readers of my blog how climate change can be prevented by following really simple rules.
Since Unix Tutorial is a technical blog, I’ll try and stay as technical as possible within the topic.
Old servers required a much bigger commitment in the past: not only did they cost a fortune, but they also needed a lot of space and required a lot of power. These days, 1u or 2u server solution can easily outperform a computing system which used to take a whole cabinet in your datacentre. And since the cost of supporting old hardware only increases with each year, it makes a lot of sense to simply but a new server to replace the old infrastructure.
If you’re really big into the whole life cycle thing, an even better approach is to virtualize most of your systems. There are quite a few great solutions today – vSphere from VMware, Xen and KVM based virtualization from RedHat and the xVM family of virtualization solutions by Sun Microsystems (Oracle).
A ratio of 15 virtual machines per 1 physical server isn’t that uncommon, which can give you an idea about the kind of improvement you’ll get by following the route of virtualization.
The math is really simple: shut down 15 old servers, keep only 1 new server running – this means greatly reducing the amount of energy and therefore helping the planet stay green for a bit longer.
Perhaps on a much smaller scale, the issue of printing materials is also a direction you may want to explore if you’re serious about helping the climate change prevention.
Many of us still print dozens of sheets of A4 paper a day. We print out emails and directions, man pages and screenshots – many of these to never be used again.
Start small and pay attention to every urge of yours to print something out. Ask yourself a few simple questions just to be sure that you absolutely need each piece of the information printed out.
As a Unix administrator, you should find ways to monitor your printing service. Even simple things like weekly stats of the top users printing stuff out might sometimes help you save really big on the paper and toner cost. Many users print stuff out without a certain reason for doing so – it’s just their habit.
This means that if you’re familiar with lpstat and lpadmin commands, you have a chance to help yourself and others become more aware of how much you’re printing and what can be done to break your printing patters.
eInk-based book readers are a great alternative for those of you who claim they absolutely can’t read off screen. It may be a while until A4-sized readers become widely available and affordable, but already you can get a book reader for just a few hundred dollars and this little device can be used for storing and reading of many books – all without much of an environmental impact, since you no longer need paper books.
You’ll be amazed how much can be saved if you run CPUs on your system at the speed sufficient to fulfill your computational needs instead of having everything running at 100% of their speed!
Many modern servers have power-awareness and intelligence built-in. I especially like blade server solutions – Dell, HP and Sun have all got a range of blade enclosures and blade servers on offer.
The beauty of using blades is that blade enclosures are extremely intelligent and configurable devices – you can use them to cap the power draw for your whole enclosure or a certain blade. Such power limitations will usually result in a lower performance, but for many solutions it’s not critical at all. For example, if your blade hosts a FlexLM licenses server or serves web pages, it will be almost impossible to spot a performance difference even if you significantly lower the CPU speed.
Most operating systems support power management options. For desktops, this means ability to manage the speed of your cooling fans or the speed of your CPU which immediately has an impact. Sometimes you can also control your graphics card in the same manner. If you add screen blanking and hard drives management to this (configuring the sleep times for periods of long inactivity), you have all you need to reduce the power draw of your PC and ultimately help our planet stay the way it currently is or maybe even get refreshed over the next few years.
That’s it for today! Sure enough, these tips may not seem to be all this climate change preventative, but trust me – we all have to participate with however small steps and environmental improvements we can think of.
Hi everyone, it seems to be really long since my last technical post here – too much stuff happening at work, plus I’m studying for a CCNA exam.
If you’re in need of quick help – drop me a message on Twitter – I’m UnixTutorial there. I can’t promise a prompt reply, but at least this way you’ll have some interactivity.
I see how many people leave questions in comments to my posts, and I don’t always have the time to reply – so feel free to send me an email if you really need my help.
Although I’ve already shown you how to sum numbers up in bash, I only covered the bash way of doing it. I really like scripting with bash, but when it comes to calculations, there’s quite a few important features missing from bash, and fixed point (thanks for the correction, Azrael Tod!) calculations is one of them. Fortunately, bc command comes as a standard in most Unix distros, and can be used for quite complex calculations.
bc is a very simple command. It takes standard input as an expression and then evaluates this, performing all the necessary calculations and showing you the result. Thus, to quickly sum numbers up or get a result of some other calculation, simply echo the expression and then pipe it out to the bc command:
ubuntu$ echo "1+2" | bc 3
Now, in scripts your calculations with bc are done quite similarly to what we did in bash. Here’s an example:
ubuntu$ NUMBER1=1 ubuntu$ NUMBER2=2 ubuntu$ SUM=$(echo "$NUMBER1+$NUMBER2"| bc) ubuntu$ echo $SUM 3
I told you these calculations would be basic, right? Now onto the more interesting stuff!
Most people learn about bash math limitations when they attempt to do a simple calculation but can’t get the current answer with fixed point values. By default, all the operations happen with integers, and that’s what you would get:
ubuntu$ echo "1/2" | bc 0
Now, if you expect 0.5 to be the result of dividing 1 by 2, you need to explain it to bc, because by default it doesn’t show you any fractional part of the number.
The way you do this is quite simple: all you have to do is specify the number of digits you’d like to see after the radix point of your result. For example, if I set this number to 5, I’ll get bc to output the result of my calculation with 5 digits after the radix point. The special keyword to convey this intention to the bc command is called scale. Just specify the scale value and separate it from the rest of your expression by the semicolon sign:
ubuntu$ echo "scale=5; 1/2" | bc .50000
Here’s another example:
ubuntu$ echo "scale=5; 0.16*10.79" | bc 1.7264
Hope this answers your question! bc command is very powerful, so I’ll definitely have to revisit it again in the future. For now though, enjoy the fixed point calculations and be sure to ask questions if you think I can help!
One of the really useful features almost every Unix shell has is support for command aliases – a way to run a command or a series of Unix commands using a shorter name you get associated with such commands.
Here’s one of the most useful aliases I have for Solaris systems:
solaris$ alias ls='/usr/local/gnu/bin/ls --color -F'
What is allows me to do is to simply type “ls” instead of the really long command line it refers to: /usr/local/gnu/bin/ls –color -F.
You see, the ls command which is shipped with Solaris, doesn’t have many options of the more up-to-date GNU ls command, and working with many Linux systems I quite like some of them like color highlighting of different directory objects – files, directories and executables.
Try typing the longer command a few times in a row, and compare it to the “ls” to get the idea of how much of a productivity gain one command alias can be!
Like many other things in Unix, aliases are a way to become more productive. The general rule of thumb is this: if you have to run some command something more than once every day – consider creating an alias for it. These are just a few cases where it makes sense to employ them:
All of these and many more examples are greatly simplified if you alias them to some shorter commands.
Setting up a new alias is quite easy, the syntax for alias command is very straightforward. Let’s say I want to automate the confirmation of swap usage based on a free command in Linux:
redhat$ free total used free shared buffers cached Mem: 2075156 945712 1129444 0 177292 503416 -/+ buffers/cache: 265004 1810152 Swap: 2040244 0 2040244
The result I’m after is this command:
redhat$ free | grep Swap Swap: 2040244 0 2040244
And here’s how I can create an alias called “swp” which refers to this series of commands:
redhat$ alias swp='free | grep Swap'
Once you execute this command, you can start using swp as a Unix command:
redhat$ swp Swap: 2040244 0 2040244
Important: such a creation of new aliases is going to be only active for your current Unix shell and sub-shells you may spawn. To make your alias permanent, you’ll have to update one of your initialization scripts like. For Linux and bash, you should add the same alias command to your .bashrc file.
In very much the same way, you can use the unalias command to get rid of a certain alias. The nature of this command is such that you’ll most likely use it when creating and debugging new aliases. It’s unlikely that you’ll need to use it in your initialization scripts.
Following the example above, here’s how to get rid of the swp alias and verify that it’s gone:
redhat$ unalias swp redhat$ swp bash: swp: command not found
If you run the alias command without any parameters, you’ll be shown a full list of aliases currently configured for your user account, here’s an example from one of my systems:
l. ls -d .* --color=tty ll ls -l --color=tty ls ls --color=tty vi vim
That’s it for today! Stay tuned for a follow-up post which will share some of the examples for command aliases in Unix. If you have some – please leave a comment so that I can share it with others!
SSH (Secure SHell) is possibly the best way to remotely access a Unix system – it’s very secure thanks to automatic encryption of all the traffic, and it’s also quite universal because you can do all sorts of things: access remote command line shell, forward graphics session output, establish network tunnels, set up port redirections and even transfer files over the encrypted session.
Today I’m going to show you how to get started with SSH in Ubuntu.
By default, your (desktop) system will have no SSH service enabled, which means you won’t be able to connect to it remotely using SSH protocol (TCP port 22). This makes installing SSH server one of the first post-install steps on your brand new Ubuntu.
The most common SSH implementation is OpenSSH. Although there are alternative implementations (closed source solutions and binary distributions maintained by various Unix and Unix-like OS vendors), OpenSSH is a de-facto standard in the secure transfers and connections industry. That’s exactly what you want to install.
Log in with your standard username and password, and run the following command to install openssh-server.
You should be using the same username that you specified when installing Ubuntu, as it will be the only account with sudo privileges to run commands as root:
ubuntu$ sudo apt-get install openssh-server [sudo] password for greys: Reading package lists... Done Building dependency tree Reading state information... Done Suggested packages: rssh molly-guard openssh-blacklist openssh-blacklist-extra The following NEW packages will be installed: openssh-server0 upgraded, 1 newly installed, 0 to remove and 75 not upgraded. Need to get 285kB of archives. After this operation, 782kB of additional disk space will be used. Get:1 http://ie.archive.ubuntu.com jaunty/main openssh-server 1:5.1p1-5ubuntu1 [285kB] Fetched 285kB in 0s (345kB/s) Preconfiguring packages ... Selecting previously deselected package openssh-server. (Reading database ... 101998 files and directories currently installed.) Unpacking openssh-server (from .../openssh-server_1%3a5.1p1-5ubuntu1_i386.deb) ... Processing triggers for ufw ... Processing triggers for man-db ... Setting up openssh-server (1:5.1p1-5ubuntu1) ... Creating SSH2 RSA key; this may take some time ... Creating SSH2 DSA key; this may take some time ... * Restarting OpenBSD Secure Shell server sshd [ OK ]
As you can see in the sample output above, the installation procedure created 2 sets of keys – SSH2 RSA keypair and SSH2 DSA keypair. The reason for this is that OpenSSH relies heavily on the public and private key (PPK) infrastructure.
The concept behind PPK is pretty cool: SSH allows you to create keypairs. They are generated to the maximum randomness achievable on your system. Keypairs can be created for your server or for your individual uses.
The idea is that public keys are shared with other servers, and they later can be used as a unique identificator to confirm your true identity. When you’re connecting to another server, it uses your public key to encrypt a short message and the secure session will only be established if on your side you have a private key that allows decrypting the message. No other system or user can decrypt the message because only you would have the private key. That’s why it’s called private – don’t ever share it with anyone.
As an additional security measure, when you’re generating personal keypairs you’ll be asked to supply a passphrase so that even if someone steals your private password they won’t be able to use it without knowing your passphrase.
While you’re still on your local desktop session, you can use the ps command to confirm that SSH daemon (sshd) is running:
ubuntu$ ps -aef | grep sshd root 24114 1 0 15:18 ? 00:00:00 /usr/sbin/sshd
Now that you see it’s there, it’s time to try connecting:
ubuntu$ ssh localhost
Since this is the first time you’re trying to connect using SSH, you’ll have to answer yes to the following question:
The authenticity of host 'localhost (::1)' can't be established.RSA key fingerprint is 18:4d:96:b3:0d:25:00:c8:a1:a3:84:5c:9f:1c:0d:a5.Are you sure you want to continue connecting (yes/no)? yes
… you’ll then be prompted for your own password (remember, the system treats such connection request as if you were connecting remotely, so it can’t trust you without confirming your password):
Warning: Permanently added 'localhost' (RSA) to the list of known hosts.greys@localhost's password:
.. and finally you’ll see the usual Ubuntu (Jaunty in this example) banner and prompt:
Linux ubuntu 2.6.28-11-generic #42-Ubuntu SMP Fri Apr 17 01:57:59 UTC 2009 i686 The programs included with the Ubuntu system are free software;the exact distribution terms for each program are described in the individual files in /usr/share/doc/*/copyright. Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law. To access official Ubuntu documentation, please visit:http://help.ubuntu.com Last login: Fri May 15 15:18:34 2009 from ubuntu ubuntu$
That’s it, providing you have your networking configured and you know your IP address or hostname, you can start connecting to your Ubuntu box from remote systems, using the same command. Enjoy!
As some of you may know already, I’ve recently restarted my activity on another technical blog of mine: Solaris blog.
Solaris blog is the very first blog I started, I was actively posting new material in 2006-2007. Since then my primary focus had shifted to Linux systems, but I realized that I miss Solaris so much that I still need to play with latest versions and features in Solaris 10 and OpenSolaris.
Today I’d like to offer you a few articles from Solaris blog, let me know if you find them useful:
Most of these topics are fairly technical and expect you to have previous knowledge of Solaris OS, but Unix Tutorial is here to take care of the basics – so ask away and I’ll be glad to help you discover Solaris in my future posts.
show disk size in Unix is a very popular request visitors use to arrive at my Unix Tutorial pages. Since I never addressed the question of confirming the number of hard drivers available on your system or the task of finding out a disk’s capacity, I’d like to document a quick and easy way of doing just that.
I hope that when someone looks for a way to show disk size, what’s really expected is a command to help you confirm the capacity of a disk in gigabytes.
One of the easiest ways to learn a lot about hard drives installed on your Linux system is to use the fdisk command:suse# fdisk -l
Disk /dev/sda: 145.4 GB, 145492017152 bytes 255 heads, 63 sectors/track, 17688 cylinders Units = cylinders of 16065 * 512 = 8225280 bytes Device Boot Start End Blocks Id System /dev/sda1 1 262 2104483+ 82 Linux swap / Solaris /dev/sda2 * 263 17688 139974345 83 Linux
As you can see, there are two sections in the output provided: disk information (capacity and geometry) and disk layout (partitions). The same pattern is repeated if you have more than one disk installed.
What you should look for is the lines starting with “Disk” word: they usually specify the device names for each drive and also provide the capacity in gigabytes. Thus, a time saver would be to grep the necessary information from the command above, this way:
suse# fdisk -l | grep Disk Disk /dev/sda: 145.4 GB, 145492017152 bytes
On a system with multiple disks, the output will look more useful:
redhat# fdisk -l | grep Disk Disk /dev/sda: 21.4 GB, 21474836480 bytes Disk /dev/sdb: 4294 MB, 4294967296 bytes
That’s it – a very simple way for you to determine the number of disks in your system while also confirming the capacity available for your needs. fdisk command is actually a very powerful disks management tool which allows you to manage partitions – create and delete them or modify the type of each partition. I will be sure to revisit this command some other time cause usage above doen’t do this wonderful Unix command any justice.
I had to download a piece of software today for one of the servers which I haven’t used in a while. A question of confirming the 64bit CPU capability came up, and I realized that I never mentioned it here on Unix Tutorial.
Some of you probably remember the uname command which also shows you similar information, but uname confirms the running kernel of your OS and not the CPU capability: if you’re booted into 32bit mode, it will not help you to recognize the 64bit potential of your system.
Most Linux distros will have the special /proc/cpuinfo file which contains a textual description of all the features your processors have. This is a very useful file – depending on your task it may help you identify any features of your processors, as well as confirm the overall number of CPUs your system has installed.
Most commonly, the following information is obtained from /proc/cpuinfo:
Here’s how the typical output will look:
processor : 0 vendor_id : GenuineIntel cpu family : 15 model : 4 model name : Intel(R) Xeon(TM) CPU 3.20GHz stepping : 3 cpu MHz : 3192.320 cache size : 2048 KB physical id : 0 siblings : 2 core id : 0 cpu cores : 1 fpu : yes fpu_exception : yes cpuid level : 5 wp : yes flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm syscall nx lm pni monitor ds_cpl cid cx16 xtpr bogomips : 6388.78 clflush size : 64 cache_alignment : 128 address sizes : 36 bits physical, 48 bits virtual power management:
The same block of information will be shown for each CPU visible to your system. There will be 2 processor instances for each physical CPU if hyper-treading is enabled, and there will be 2 or 4 processor entries for each physical CPU on dual- and quad-core systems configurations.
Based on /proc/cpuinfo file, it is quite easy to confirm whether your CPU is capable of 64bit or not. All you have to do is look at the flags which tell you what instruction sets your CPU is capable of.
All the CPUs on your system will have the same type and therefore support the same instruction sets, that’s why in this example the grep command returns 4 similar lines – for the 4 CPU instances found on my system:
newserver# grep flags /proc/cpuinfo flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm syscall nx lm pni monitor ds_cpl cid cx16 xtpr flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm syscall nx lm pni monitor ds_cpl cid cx16 xtpr flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm syscall nx lm pni monitor ds_cpl cid cx16 xtpr flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm syscall nx lm pni monitor ds_cpl cid cx16 xtpr
What you’re looking for is the following flag: lm. It stands for X86_FEATURE_LM, the Long Mode (64bit) support. If you can find the “lm” flag among your CPU flags, this means you’re looking at a 64bit capable processor.
As you can see from the example about, the processors in question are 64bit capable.
And this is how /proc/cpuinfo will look on an older system with only 32bit capable CPUs, there’s no lm flag as you can see:
oldserver# grep flags /proc/cpuinfo flags : fpu vme de pse tsc msr pae mce cx8 apic mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm flags : fpu vme de pse tsc msr pae mce cx8 apic mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm flags : fpu vme de pse tsc msr pae mce cx8 apic mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm flags : fpu vme de pse tsc msr pae mce cx8 apic mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm
That’s it, hope this little tip helps you next time you’re puzzled about your CPU capabilities!