Sunday, 8 March 2015

Difference between chcon and semanage command

chcon command:

chcon command is use to change the SElinux context for files. Changes made with this command do not survive the file system relabel, or the execution of restorecon command. chcon temporarily changes the context of files, it means after the execution of restorecon command the context will be reset. When using chcon users provide all or the part of SElinux context to change.

#chcon -t context_type  file_name
run this command to change the selinux context of a file.

#chcon -R context_type directory_name
run this command to recursively change the selinux context of  a directory and it's contents.

#ls -Z file_name/directory_name
use this command to view the selinux context of a file or directory

semanage command:

The 'semanage fcontext' command is use to change the SElinux context of a file or directory persistently. When using targeted policy, changes are written to the file located at /etc/selinux/targeted/contexts/files/ directory.
the file_contexts file specifies defaults contexts for man files.
the file_contexts.local stores contexts for newly created files and directories that are not found in file_contexts file.
Basically two utilities read these files. The setfiles utility is used when the filesystem is relabeled and the restorecon utility restore the SElinux contexts. This means that changes made by semanage fcontext are persistent, even if the file system is relabeled.

#semanage -a options file_name|directory_name
use this command to set the SElinux context for the given file or directory.

#restorecon -v file_name|directory_name 
use this command to apply the context changes.

Saturday, 7 March 2015

MBR or GPT ?

As a system administrator you might want to use either MBR or GPT while partitioning. Let's explore some basic concepts about MBR and GPT, thier advantages, limitations and  differences.

What is the use of GPT and MBR ?

Master Boot Record (MBR) and GUID Partition Table (GPT) are two distinct ways of storing the partition information on a drive. This information includes where partition begin and start, so the operating system know which sector belongs to each partition and which is bootable. This is the reason you need to choose between MBR and GPT, before creating partitions on a hard drive.

Master Boot Record

Master Boot Record (MBR) disk use the standard BIOS partition table. It is the information in the first sector of any hard disk that identifies how and where the operating system is located so that it can be loaded into the main memory of the system. This sector contains the boot loader for the installed operating system and information about the drive's logical partition. The master boot record is also sometimes called as "partition sector" or "master partition table" because it includes table that locates each partition tht the hard disk is been formatted into. MBR works with disks upto 2 TB in size. It also supports only 4 primary partitions, if you want more partitions than you have to create one of your primary partition into "extended partition" and further creates logical partitions inside it.



GUID Partition Table

Globally Unified Identifier Partition Table or GPT is a new standard acting as a replacement of MBR. GPT use Unified Extensible Firmware Interface (UEFI). It’s called GUID Partition Table because every partition on your drive has a “globally unique identifier,” or GUID that is a random string so long that every GPT partition on earth likely has its own unique identifier. One advantage of GPT disk is that you can have more than 4 partitions on each disks. GPT allows nearly about unlimited amount of partitions depending upon your operating system. GPT is also required for disks larger than 2 terabytes.Using GPT a drive could support between 8 and 9.4 ZB depending on the sector size. On an MBR disk, the partitioning and boot data is stored in one place. If this data is overwritten or corrupted, the whole system might get corrupted. Whereas, GPT stores multiple copies of this data across the disk, so it’s much more robust and can recover if the data is corrupted.






Friday, 6 March 2015

Few 'ls' commands you might not Familiar with..

If you are a linux system administrator then you must be familiar with the 'ls' command. ls command is basically used for listing the contents and information about the files. Let's take a look at some interesting ls commands options which you might not familiar with:

# ls -a
List all files including hidden also known as dot (.) files

#ls -A
List all files including hidden files but do not list implied . and ..

#ls --author -l
Will print out the author of each file

#ls -b
Will print escape for non graphic character.

#ls --block-size=M -l
List all files and directories in the desired block size format. block size may be M, K etc

#ls -B
List all files but ignore backup files.

#ls -cl
Sort all files within a directory by name and show last modification information.

#ls -ltc
Sort all files within a directory by modification time and show related information.

#ls --color=never
control the output of ls command without any color. color argument takes the three self explanatory parameters auto, never and always.

SystemD vs init

What is Init ?

In Linux, Init is used as a short form for Initialization. In Linux, init is the first process started during the booting of the computer system and continue running until it is shutdown. It is the parent process of all running processes directly or indirectly and automatically adopts all orphaned processes. Because it is the first process to start as the system boots up it is assigned PID 1 (process identifier).
If somehow init process unable to start, no process will be able to start and the system will reach a stage known as "Kernel Panic". Init is commonly known as System V init.

Several alternatives of init were developed from time to time few of which are:
Upstart
Epoch
Mudar
Systemd


What is Systemd ?

Systemd is a system management daemon, described by its author as a "basic building block" for an operating system primarily acts as a replacement of init. Systemd is not just the name of the init daemon but can also refer to the entire software bundle around itself, which includes the daemons systemd, journald, logind and networkd, and many other low-level components such as libraries and utilities. Like the init daemon, systemd is a daemon that manages other daemons, which, including systemd itself and works as a background process. Systemd is the first daemon to start during booting and the last daemon to terminate during shutdown. By offering on-demand service start-up and better transactional dependency controls, systemd dramatically reduces start up times. As a systemd user, you can prioritize critical services over less important services.




Some characteristics of Systemd :


  • From the moment that the initial RAM disk is mounted to start the Linux kernel to final shutdown of the system, all log messages are stored by the new systemd journal. Before the systemd journal existed, initial boot messages were lost, requiring that you try to watch the screen as messages scrolled by to debug boot problems.
  • Concurrent and parallel processing at boot.
  • Better integration with GNOME.
  • Services don't just have to be always running or not running based on runlevel, as they were previous to systemd. Services can now be activated based on path, socket, bus, timer, or hardware activation. Likewise, because systemd can set up sockets, if a process handling communications goes away, the process that starts up in its place can pick up the next message from the socket.
  • Tracks process using kernel's cgroup not PID.
  • Do more than just managing service, Systemd can manage several different unit files. It includes creation and use of devices, mount and automount filesystem, divide up computer resources, take snapshots of the current state of the system, set up sockets to allow communication, create and use swap partitions, trigger action based on time intervals.
  • Each systemd unit is always associated with its own cgroup lets you control the amount of resources each service can use. For example, you can set a percent of CPU usage by service which can put a jack on the total amount of CPU that service can use.



Wednesday, 4 March 2015

Difference Between KVM and Qemu

KVM is a module of kernel mainly known as Kernel-based Virtual Machine. It acts as a software or simulator on which guest operating system (virtual machines) runs. Qemu is basically acts as a communicator between hardware and kvm, hardware assisted virtualization are done with the help of qemu.
Qemu is a generic open source machine emulator and virtualizer. Whereas KVM is a virtualization infrastructure of linux kernel, that turns it into a hypervisor.


Different Virtualization Types

Full Virtualization : A form of Virtualization that allows operating system to be run on a virtual machine exactly as if it were running on directly on a real hardware. In full virtualization the guest operating system (viz a virtual machine) is unaware that it is in a virtualized environment. Access to physical hardware is controlled by the hypervisor so that virtual machines cannot interfere with each other.

Paravirtualization : A form of virtualization technique where the hypervisors provides the guest operating system with special interfaces so that it can communicate more than efficiently with the hypervisor. In this technique the guest operating system (viz the vm) is aware that it is a guest and accordingly has drivers, this requires modifications to the guest operating system or the installation of special hypervisor aware drivers.

Native Virtualization : It is also known as Hardware-assisted virtualization, enables efficient full virtualization with the help of hardware capabilities primarily from the host processors.