OpenWRT adds IPv6, preps for IoT future ·  LinuxGizmos.com

[object Window]

via OpenWRT adds IPv6, preps for IoT future ·  LinuxGizmos.com.

ipv6 part2: soho ipv6

In this series for small office and home office (soho) I will discuss connecting via ipv6 to the outside world, and back.
In this 2nd post, I will look at ipv6 in my linux machines.

There are 3 desktops and as many laptops in my network, all running one or the other Debian like distro. Regardless, what I will talk about in this post should be similar to most linux distros. I realize that this is a highly technical post. The most important thing is that you try some or many of the things in this post for yourself. A practical approach is the best to learn: you ask yourself questions, next, you’re bound to look for answers.

ipv6 on my desktop

3 years ago, we had a world wide ipv6 day: On 8 June, 2011, top websites and Internet service providers around the world, including Google, Facebook, Yahoo!, Akamai and Limelight Networks joined together with more than 1000 other participating websites in World IPv6 Day for a successful global scale trial of the new Internet Protocol, IPv6.

I’m sure that this was not the first, neither the last ipv6 day, but it was the first that caught my attention. With 3 people, we did some experiments that day, involving windows and linux machines. Unfortunately, our first steps were on a Link local ipv6 network only, and such a network is not representative for the ipv6 internet. I will talk about link-local networks at the end of the series, but now only mention them when they appear without going deeper.
In January 2014, mysteriously ipv6 global links appeared out of nothing: my provider was rolling out ipv6.

hands on

No network-manager enabled, No avahi-daemon.
The most simple configuration in /etc/network/interfaces

bert@lx24:~$ cat /etc/network/interfaces
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
# The loopback network interface
auto lo
iface lo inet loopback
# The primary network interface
auto eth1
iface eth1 inet dhcp

Starting with no cable attached and a two minutes waiting time for the network (not to come up), we get the following situation:

bert@lx24:~$ ifconfig
eth1 Link encap:Ethernet HWaddr 08:00:27:07:b6:19
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
‌
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0

Notice that this machine is ipv6 enabled, the local loopback address ::1 is configured for ipv6. Any linux kernel from 2.6 onwards (and some even before), are ipv6 ready. Unless you still have a SuSE-Linux-9.0 from 2004 running you should be ok;
The /128 means that ::1 sits in its own address space. In ipv4 it would look like a /32.

As soon as we connect a network cable, the situation changes.

I first connect to a network without ipv6 access (ipv4 only):

bert@lx24:~$ ifconfig
eth1 Link encap:Ethernet HWaddr 08:00:27:07:b6:19
inet addr:10.0.0.74 Bcast:10.0.0.255 Mask:255.255.255.0
inet6 addr: fe80::a00:27ff:fe07:b619/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:462 errors:0 dropped:0 overruns:0 frame:0
TX packets:182 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:69963 (69.9 KB) TX bytes:24713 (24.7 KB)
‍
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:72 errors:0 dropped:0 overruns:0 frame:0
TX packets:72 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:5632 (5.6 KB) TX bytes:5632 (5.6 KB)

We get ipv4 addresses but in ipv6 we only get a Link-local address. We already had a loopback address.
If we look at the link local address we notice a /64. The first 64 bits or 16 hexes are network identifier, the next 16 hexes should be unique host-addresses in the entire network. I underlined the part of the mac address that is repeated in the ipv6 address. If MAC-addresses are unique (and they are), your Link-local addresses are also unique.

Now I connect the same network adapter to an ipv6/ipv4 network:

bert@lx24:~$ ifconfig
eth1 Link encap:Ethernet HWaddr 08:00:27:07:b6:19
inet addr:10.0.1.150 Bcast:10.0.1.255 Mask:255.255.255.0
inet6 addr: fe80::a00:27ff:fe07:b619/64 Scope:Link
inet6 addr: 2a02:1811:e100:e100:a9cc:a9c8:c2bb:f335/64 Scope:Global
inet6 addr: 2a02:1811:e100:e100:a00:27ff:fe07:b619/64 Scope:Global
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:530 errors:0 dropped:0 overruns:0 frame:0
TX packets:233 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:82428 (82.4 KB) TX bytes:33056 (33.0 KB)
‍
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:188 errors:0 dropped:0 overruns:0 frame:0
TX packets:188 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:14880 (14.8 KB) TX bytes:14880 (14.8 KB)

Almost immediately I get two global ipv6 addresses. Only minutes later the ipv4 addresses appear.

This raises some questions:

  • Why are there two ipv6 GLOBAL addresses and not one?
  • How does my system find the right subnet,
    and from where does it get an answer?
  • Did I get a default ipv6 gateway?
  • How and Whom can I ping?

Why are there two ipv6 GLOBAL addresses and not one?

Instead of using ‘ifconfig‘, I will use the ‘ip addr‘ command. Slowly but surely the older familiar commands are replaced by newer ones. The ‘ip’ command set is different, but more powerfull. Let’s use this hidden powers to analyze the ipv6 configuration:

bert@lx24:~$ ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 08:00:27:07:b6:19 brd ff:ff:ff:ff:ff:ff
inet 10.0.1.150/24 brd 10.0.1.255 scope global eth1
inet6 2a02:1811:e100:e100:a9cc:a9c8:c2bb:f335/64 scope global temporary dynamic
valid_lft 566728sec preferred_lft 47728sec
inet6 2a02:1811:e100:e100:a00:27ff:fe07:b619/64 scope global dynamic
valid_lft 603626sec preferred_lft 85226sec
inet6 fe80::a00:27ff:fe07:b619/64 scope link
valid_lft forever preferred_lft forever

Both GLOBAL ipv6 addresses are type dynamic; they don’t come from a dhcp6 server, but are self generated by a process called Stateless Address Autoconfiguration (SLAAC). Now if we look at the second global dynamic ipv6 address, we notice that it is constructed around the MAC, in the same way as the Link-Local address. If my computer will connect to a website, that ipv6 address can be harvested. However, in today’s ipv4 world, only the public ipv4 address of my router would be seen, and my private addresses would become obscured by NAT.

Does that matter? Well, yes, it could mean less privacy, and for that reason there is a process in my linux machine creating temporary global dynamic ipv6 addresses.

Now there is a problem: if my system creates a new ipv6 address every day, the old sockets would not survive. So we keep old addresses alive for a longer period, lets say a week, but we start new connections with the most recently created ipv6 global temporary dynamic address. We will keep the old sockets alive for a week. In the long run, we will have several auto-created global temporary dynamic addresses.

In my world, this way of working is not good, not good at all. I keep a lot of SSH sessions running permanently. So I can configure a static ipv6 address (in another part of this series), and use that all the time.

How does my system find the right subnet,
and from where does it get an answer?
Did I get a default ipv6 gateway?

To find this out, I started a wireshark sniffing session on my network. I used a capture filterIP6‘. This is what I saw:

No.     Time           Source                     Destination     Protocol Length Info
6 1.540652000 fe80::a00:27ff:fe07:b619   ff02::2                  ICMPv6   70     Router Solicitation from 08:00:27:07:b6:19
7 1.543190000 fe80::5e35:3bff:fe5c:8b35  fe80::a00:27ff:fe07:b619 ICMPv6   206    Router Advertisement from 5c:35:3b:5c:8b:35

Remember that my system autocreated Link-Local addresses regardless whether it was on an ipv6 network. It now uses this address to ask whether an ipv6-router exist on the network. That is the first packet (6).

It sends the solicitation to a multicast address, ff02::2

In ipv6 the designers got rid of annoying broadcasts. They replaced them by task-specific multicast addresses.
An ipv6 multicast address starts with a binary 11111111/8 or ff in hexes.

Link Local Multicasts start with FF02 (www.iana.org)

And an FF02::2 means All Routers Address

So the link local address is used to multicast to all routers and asks for their presence and information.
A unicast answer, packet (7), is sent by all routers (in this case and in most SOHO cases only one) to advertise themselves.

In the body of this packet we find the following intersting parts:

Ethernet II, 
Src: CompalBr_5c:8b:35 (5c:35:3b:5c:8b:35), 
Dst: CadmusCo_07:b6:19 (08:00:27:07:b6:19)
    Type: IPv6 (0x86dd)
Internet Protocol Version 6, 
Src: fe80::5e35:3bff:fe5c:8b35
Dst: fe80::a00:27ff:fe07:b619
    Next header: ICMPv6 (58)
Internet Control Message Protocol v6
    Type: Router Advertisement (134)
    Cur hop limit: 64
        ...0 1... = Prf (Default Router Preference): High (1)
    Router lifetime (s): 1800
    ICMPv6 Option (Prefix information : 2a02:1811:e100:e100::/64)
    ICMPv6 Option (Recursive DNS Server 2a02:1800:100::41:2 2a02:1800:100::41:1)
        Recursive DNS Servers: 2a02:1800:100::41:2 (2a02:1800:100::41:2)
        Recursive DNS Servers: 2a02:1800:100::41:1 (2a02:1800:100::41:1)
    ICMPv6 Option (DNS Search List Option telenet.be)
        Domain Names: telenet.be
    ICMPv6 Option (Source link-layer address : 5c:35:3b:5c:8b:35)

I snipped away most of the jargon. We see a subnet, DNS-servers (2) and a domain name from my ISP (telenet.be), and the MAC address of the router. The ipv6 address of the router sits inside the ipv6 header.

How and Whom can I ping?

Does it all work? Let me do a ping:

bert@lx24:~$ ping6 google.com
PING google.com(ea-in-x64.1e100.net) 56 data bytes
64 bytes from ea-in-x64.1e100.net: icmp_seq=1 ttl=52 time=16.7 ms
64 bytes from ea-in-x64.1e100.net: icmp_seq=2 ttl=52 time=17.9 ms
64 bytes from ea-in-x64.1e100.net: icmp_seq=3 ttl=52 time=17.8 ms
...
3 packets transmitted, 3 received, 0% packet loss, time 2003ms
...
bert@lx24:~$ ping6 -n google.com
PING google.com(2a00:1450:4013:c01::64) 56 data bytes
64 bytes from 2a00:1450:4013:c01::64: icmp_seq=1 ttl=52 time=15.7 ms
64 bytes from 2a00:1450:4013:c01::64: icmp_seq=2 ttl=52 time=16.9 ms
64 bytes from 2a00:1450:4013:c01::64: icmp_seq=3 ttl=52 time=17.9 ms

it’s obvious that it works …
and that I can ping the world; I’ll come back to this in a next post

Finally, let’s have a look at the routing table:

bert@lx24:~$ route -n6
Kernel IPv6 routing table
Destination                    Next Hop                   Flag  Met Ref Use If
2a02:1811:e100:e100::/64       ::                         UAe    256 0   0 eth1
fe80::/64                      ::                         U      256 0   0 eth1
::/0                  fe80::5e35:3bff:fe5c:8b35  UGDAe 1024 0   0 eth1
::/0                           ::                         !n   -1  1   111 lo
::1/128                        ::                         Un   0   1    13 lo
2a02:1811:e100:e100:a00:27ff:fe07:b619/128 ::             Un   0   1     0 lo
2a02:1811:e100:e100:18bf:ef2:ce5e:ae2a/128 ::             Un   0   1    22 lo
fe80::a00:27ff:fe07:b619/128   ::                         Un   0   1     9 lo
ff00::/8                       ::                         U    256 0     0 eth1
::/0                           ::                         !n   -1  1   111 lo

A final remark on the default gateway

Well, the pinging works, once we have a global unicast address. We use a local-link address of the gateway to go outside. This is not necessary, we can also use a static global unicast address for it. The latter looks more familiar, but it doesn’t have to be; after all, your default gateway in ipv4 is usually a private address too.

What’s next:

In part 3 we will be looking at DNS / traceroute / … how do I do “this” in ipv6

References:

IPv6 temporary addresses and privacy extensions

IPv6 Multicast Address Space Registry

Observing Router Advertisements

IPv6: Goodbye to broadcast, say hello to Multicast

Multicast Listener Discovery Version 2 (MLDv2) for IPv6

ICMP Version 6 (ICMPv6) Informational Message Types and Formats

Marking Packets

IPv6-ready kernel

Post Scriptum:

It is difficult to create posts like this in WordPress. All themes generally messed up the lay-out I wanted. Double spacing where single spacing was required, joining two paragraphs where only one was available, separating one paragraph into several parts, etc ….

I started editing in WP, then switched to LibreOffice, next to Google Docs. Google Docs used a lot less lay-out, but still too much for WP. I’m slightly disappointend :-)

ipv6 for home / small business — part 1

about:

In this series I will discuss connecting via ipv6 to the outside world, and back.

In this first post, I will peek at ipv6 in my cable-modem router. We are talking about a decent cable modem from compal: Gateway-CH6643E

docsis_7594

The router itself is about 3 years old, routes coax-cable-internet to LAN and WiFi using NAT, and it is capable of doing this via ipv4 as well as ipv6. The latter has been slowly rolled out by my provider, telenet.be, owned by Liberty Global.

some ipv6 basics

In January 2014 I noticed that my PC showed a “global” IPV6 address:
inet6 addr: 2a02:1811:e100:e100::27ff:fe2d:ba0c/64 Scope:Global

Global ipv6 addresses in 2014 must start with a binary 001 mask /3
This means that in practice, the hex global addresses currently assigned, must start with a 2 (0010) or a 3 (0011).

So any ipv6 address starting with 2 or 3 in the highest position is a global unicast address. IPV6 Global Unicast addresses are routable on the ipv6 internet.

Before I only ‘owned’ an ipv6 link local unicast address:
inet6 addr: fe80::76d4:35ff:fe80:b46c/64 Scope:Link

Link-local unicast addresses start with a binary 11111110 10 mask /10 In practice, the hex form of the address always starts with fe8 (1111 1110 1000),
fe9 (1111 1110 1001), fea (1111 1110 1010) or feb (1111 1110 1011).

The link-local address is most often self generated containing a unique MAC-address or by using a pseudo randomizing algorithm. Link local addresses are not routable on the internet.

Another very important address is ::1 the local loopback address; you’re familiar with it in the ipv4 world as 127.0.0.1

If you’re interested in reading a routing table in ipv6 it is important to know that the default gateway points to ::

in the ipv4 world known as 0.0.0.0

the router

What does my cable router tell me:

LAN-configuration:

LAN-subnet-ipv4: 10.0.1.0/24
LAN-subnet-ipv6: 2a02:1811:e100:e100::/64
LAN-IPv4: 10.0.1.1
LAN-IPv6: 2a02:1811:e100:e100:5e35:3bff:fe5c:8b35

WAN-configuration:

IPv4-adres: 94.225.67.23/19
IPv6-adres: 2a02:181f:1:4142:29fc:39b:2213:df3e

the network ipv4

In ipv4 we see two networks connected to the docsis router:

A private 10.0.1.0/24 with 254 host-ip-adresses and a public address routable on the internet. The 32bit private address is divided into a 24bit net-id and 8 bits for hosts. The docsis will do Network-Address-Translation.

The public address resides into a large ISP metro-net 94.225.64.0-94.225.95.255 with 19 bits reserved for the network and 13 bits for hosts (leaving up to 8000+ addresses in this network).

the network ipv6

There are two networks connecting to the docsis router. Both are global unicast networks.

Basically this means that “our” ipv6 network, on the right side of the docsis router, — 2a02:1811:e100:e100::/64 — is reachable from outside and routable on the internet. This is not a private ip-range, and there is no NAT, only pure routing.

In my case there was no danger for visitors from outside, since the docsis router in default ipv6 settings, functions as a firewall blocking all traffic that has not been originating/initiated from inside. However this might not be the case with your isp and/or with your access-router. It might be a good thing to check this as soon as you discover global unicast ipv6 addresses on your systems.

From a hacker’s point of view the ipv6 world today is a paradise of unprotected machines as well as a desert where these machines are extremely difficult to find.

The network assigned to me has 64bit assigned as network portion: 2a02:1811:e100:e100// . This is a HUGE network, and I can do with it what I want !!! Every hex-number contains four bits. These 16 hex-numbers (2a02:1811:e100:e100) are fixed for my network.

There is another 64 bits space left for me to fill in. While in the unaware state, unaware that my machines had given themselves an ipv6 address, these addresses were created on a temporary base and semi-random.

If a hacker could guess my net-ID, (s)he could then randomly test addresses in that 64 bit space. This is however rather unlikely today:

2 to the power of 64 is 1.800 000 000 000 000 000. I can devide my own network space into 4 billion networks, the size of today’s ipv4 internet.
In most lottery systems around the globe, today, you have a chance of one out of 10 billion to win. The hacker has a chance of 4 out of 2 quintillion to correctly guess an address. It’s still very lonely in the ipv6 internet :-)

If you randomly test 100 ipv4 addresses in today’s internet, I’m sure you get more than 10 responses. If you randomly test 1 000 000 global unicast ipv6 addresses, your response is probably going to be zero.

 

Next Some Hands ON

… –>> Where do I start … that will be the subject of next post.

 

PacketTracer6 on Ubuntu Trusty

packettracer6 in ubuntu14.04 (or linux mint 17) (x86_64)

[ disclaimer: just a blog post, not a how-to :-) ]

when you are inscribed on a cisco course
you can download PT6 “Cisco_Packet_Tracer_6.0.1_for_Linux-Ubuntu_installation.bin
for Ubuntu …

I moved it into an isolated directory before executing, but it was not necessary:

$ mkdir pt-install
$ mv Cisco_Packet_Tracer_6.0.1_for_Linux-Ubuntu_installation.bin pt-install

then chmodded and executed with sudo

$ sudo chmod +x Cisco_Packet_Tracer_6.0.1_for_Linux-Ubuntu_installation.bin
$ sudo ./Cisco_Packet_Tracer_6.0.1_for_Linux-Ubuntu_installation.bin

Self extracting archive…
Welcome to Cisco Packet Tracer 6.0.1 Installation
Read the following End User License Agreement “EULA” carefully. You must accept the terms of this EULA to install and use Cisco Packet Tracer 6.0.1.

Press the Enter key to read the EULA.

Do you accept the terms of this EULA? (Y)es/(N)o

Y

You have accepted the terms to the EULA. Cisco Packet Tracer will now be installed.
Attempting to install package now
Selecting previously unselected package packettracer.
(Reading database … 217630 files and directories currently installed.)
Preparing to unpack PacketTracer-6.0.1.i386.deb …
Unpacking packettracer (6.0.1) …
Setting up packettracer (6.0.1) …
Installed files. Please wait for post-install operations to finish..
/usr/local/PacketTracer6/registerPktsGnome: line 7: gtk-update-icon-cache: command not found
Writing PT6HOME environment variable to /etc/profile
Processing triggers for desktop-file-utils (0.22-1ubuntu1) …
Processing triggers for mime-support (3.54ubuntu1) …
Processing triggers for gnome-icon-theme (3.10.0-0ubuntu2) …

Trying to launch from terminal:

$ cd /usr/local/PacketTracer6/bin
$ ./PacketTracer6

./PacketTracer6: error while loading shared libraries: libQtScriptTools.so.4: cannot open shared object file: No such file or directory

Checking the failing dependencies:

$ ldd ./PacketTracer6 | grep not

libQtScriptTools.so.4 => not found
libQt3Support.so.4 => not found

Installing the first dependency:

$ sudo apt-get install qtscript-tools:i386

Reading package lists… Done
Building dependency tree
Reading state information… Done
The following extra packages will be installed:
libqt4-scripttools:i386
Suggested packages:
libqtscript4-doc:i386
Recommended packages:
libqtscript4-qtbindings:i386

Checking the failing dependencies again:

$ ldd ./PacketTracer6 | grep not

libQt3Support.so.4 => not found

So I tried the same as before … and went to install libqt3support4-perl:i386 (incorrectly identifying the package containing the lib)

but then dependency hell broke loose …

so I did what was suggested by DedunuDhananjaya on
http://www.dedunu.info/2013/12/installing-cisco-packet-tracer-601-on.html

$ sudo dpkg –add-architecture i386

$ sudo apt-get install libnss3-1d:i386 libqt4-qt3support:i386 libssl1.0.0:i386 libqtwebkit4:i386 libqt4-scripttools:i386

Reading package lists… Done
Building dependency tree
Reading state information… Done
libqt4-scripttools:i386 is already the newest version.
libqtwebkit4:i386 is already the newest version.
libssl1.0.0:i386 is already the newest version.
The following NEW packages will be installed:
libnspr4:i386 libnss3:i386 libnss3-1d:i386 libqt4-designer:i386
libqt4-qt3support:i386

Setting up libnspr4:i386 (2:4.10.2-1ubuntu1.1) …
Setting up libnss3:i386 (2:3.15.4-1ubuntu7) …
Setting up libqt4-designer:i386 (4:4.8.5+git192-g085f851+dfsg-2ubuntu4) …
Setting up libqt4-qt3support:i386 (4:4.8.5+git192-g085f851+dfsg-2ubuntu4) …
Setting up libnss3-1d:i386 (2:3.15.4-1ubuntu7) …
Processing triggers for libc-bin (2.19-0ubuntu6) …

Apparently I first misidentified the packet to be installed when using aptitude search for libqt3support4. The packet marked in red might have been the only one necessary.

And yes !!!

finally all dependencies have been met !!!

I made a launcher containing: /usr/local/PacketTracer6/bin/PacketTracer6
and here is the result …

Screenshot

Of course, I should have reverse looked up the library with dpkg -S

$ dpkg -S libQt3Support.so.4
libqt4-qt3support: /usr/lib/i386-linux-gnu/libQt3Support.so.4
libqt4-qt3support: /usr/lib/i386-linux-gnu/libQt3Support.so.4.8.1
libqt4-qt3support: /usr/lib/i386-linux-gnu/libQt3Support.so.4.8

But then, we are not always smart enough to find the easiest road to a destination.

Users, Groups and their permissions, Debian Wheezy 7.2.

Users, Groups and their permissions, Debian Wheezy 7.2.

In this tutorial we’ll talk about users, groups and their permissions on files and directories.
We’ll guide you how to add users and make them members of groups.
At this point we’ve only one default user installed.
Let’s see wich user is active by using whoami commando.
Type whoami + enter.
We see user “anne” is logged into our system.

anne@alfa:~$ whoami
anne
anne@alfa:~$

You can use who commando to see all users on your system.
We didn’t execute that but we used users commando instead of who.
Type users + enter.

anne@alfa:~$ users
anne anne
anne@alfa:~$

Our output displays “anne” twice.
Our Debian Wheezy system handles different kinds of users and groups.
The first “anne” is the user itself (owner) and the second “anne” correspond her primary group membership.
Users can be member of primary and supplementary groups.
This will be discussed later on.
Short description of the characters u.g.o.a. used on our Debian Wheezy systeem.
u = user (owner)
g = group (group which user belongs to)
o = other (everyone who logged local or on a remote machine)
a = All users belonging to u,g and o.

Each file or directory created by the user “anne” becomes her property and she’ll have read, write and execute permission in her /home/anne directory.
The primary group “anne” and the “others” (everyone) have read and execute rights on the folders and subdirectories owned by anne.
Take in account that all users belonging to others can read the contents of the /home/anne directory.
This is in fact a security breach and it must be taken care off.
How to do that will be discussed later on.
Luckily nobody have write permission on /home/anne except “anne” and user “root”.
Let’s take a closer look at our permissions in the home directory of “anne”.
Type ls -l + enter.

anne@alfa:~$ pwd
/home/anne
anne@alfa:~$ ls -l
total 32
drwxr-xr-x 3 anne anne 4096 Nov  4 16:09 Desktop
drwxr-xr-x 3 anne anne 4096 Dec  1 14:51 Documents
drwxr-xr-x 2 anne anne 4096 Nov 16 20:18 Downloads
drwxr-xr-x 2 anne anne 4096 Oct 17 16:25 Music
drwxr-xr-x 2 anne anne 4096 Dec  7 13:05 Pictures
drwxr-xr-x 2 anne anne 4096 Oct 17 16:25 Public
drwxr-xr-x 2 anne anne 4096 Oct 17 16:25 Templates
drwxr-xr-x 2 anne anne 4096 Oct 17 16:25 Videos
anne@alfa:~$

We’ll explain our output displayed above.
d = directory
l = link (not displayed in this output)
– = file (not displayed in this output)
rwx = read, write, execute permission user anne
r-w = read, execute permission primary group anne
r-w = read, execute permission others (everyone)
3 = number of available links to directory
anne = user (owner)
anne = primary group anne which user anne belongs to
4096 = size of the direcoty in bytes
Nov = month of last modification directory
4 = date of last modification directory
16:09 = time stamp last modification directory
Desktop = name of the directory

Let’s examine our directory root /.
De root directory is the home directory owned by the user root.
The user root has full permission over the whole system even not owned folders and files.
The users which belongs to the primary group ‘root’ and ‘others’ are permitted to read and execute.
This mean everyone can read those directories but they aren’t able to write.
It’s nice to explore those directories who has learning purposes.
Our system is a free examine “place” to explore and having fun.
In a company environment can this affect the security purposes.
We’ll discus this later on.
Typ cd / + enter and than type ls -l + enter.

anne@alfa:~$ cd /
anne@alfa:/$ ls -l
total 88
drwxr-xr-x   2 root root  4096 Oct 17 16:12 bin
drwxr-xr-x   3 root root  4096 Oct 17 16:16 boot
drwxr-xr-x  14 root root  3160 Jan  9 17:59 dev
drwxr-xr-x 133 root root 12288 Jan  9 17:59 etc
drwxr-xr-x   3 root root  4096 Oct 17 16:18 home
lrwxrwxrwx   1 root root    30 Oct 17 15:47 initrd.img -> /boot/initrd.img-3.2.0-4-amd64
drwxr-xr-x  16 root root  4096 Oct 17 16:12 lib
drwxr-xr-x   2 root root  4096 Oct 17 15:46 lib64
drwx——   2 root root 16384 Oct 17 15:45 lost+found
drwxr-xr-x   4 root root  4096 Oct 25 11:57 media
drwxr-xr-x   2 root root  4096 Sep 23 00:31 mnt
drwxr-xr-x   2 root root  4096 Oct 17 15:46 opt
dr-xr-xr-x 135 root root     0 Jan  9 17:59 proc
drwx——   9 root root  4096 Dec 12 17:35 root
drwxr-xr-x  19 root root   840 Jan  9 18:03 run
drwxr-xr-x   2 root root  4096 Oct 17 16:19 sbin
drwxr-xr-x   2 root root  4096 Jun 10  2012 selinux
drwxr-xr-x   2 root root  4096 Oct 17 15:46 srv
drwxr-xr-x  13 root root     0 Jan  9 17:59 sys
drwxrwxrwt   9 root root  4096 Jan  9 19:17 tmp
drwxr-xr-x  10 root root  4096 Oct 17 15:46 usr
drwxr-xr-x  12 root root  4096 Oct 17 16:14 var
lrwxrwxrwx   1 root root    26 Oct 17 15:47 vmlinuz -> boot/vmlinuz-3.2.0-4-amd64
anne@alfa:/$

Let’s make a direcoty “TEST” into / directory.
Be aware you’re logged in as default user $.
Type mkdir TEST + enter.
Your prompt will display “mkdir: cannot create directory `TEST': Permission denied”.
As you already know the user root has ownership of the directory root.
At default the user root is the only one that can change every file and directory into our system.
User anne has no write permission, only read and execute.

We’ll create a second user Eddy and his /home/Eddy directory.
We’ve two commando’s available, useradd and adduser.
Adduser will create the new user at a interactive manner instead useradd.
We’ve chosen the low level utility useradd using the arguments -m and -U.
Short explanation of our arguments we’ll using to create new user Eddy.
-m:
Create the user’s home directory if it does not exist.
The files and directories contained in the skeleton directory (which can be defined with the
-k option) will be copied to the home directory.

-U:
Create a group with the same name as the user, and add the user to this group.
The default behavior (if the -g, -N, and -U options are not specified)
is defined by the USERGROUPS_ENAB variable in /etc/login.defs.

-p:
–password PASSWORD
The encrypted password, as returned by crypt (3).
The default is to disable the password.
Note: This option is not recommended because the password (or encrypted password) will be visible by users
listing the processes.
You should make sure the password respects the system’s password policy.

-p:
This argument will be not used because this will be visible in our terminal history.
The password will be provided using passwd commando instead useradd -p.

Let’s create user Eddy.
First login as root by typing su + enter.
You’ll be asked to fill in your “root” password + enter.
Your prompt shows # sign being root.

anne@alfa:~$ su
Password:
root@alfa:/home/anne#

Type useradd -m -U Eddy + enter.
The new user Eddy and his home directory is added into our system.

root@alfa:/home/anne# useradd -m -U Eddy
root@alfa:/home/anne#

Check Eddy’s /home directoy by using ls command.
Our new user’s home directory has been made successfully.
Type ls -l /home + enter.

root@alfa:/home/anne# ls /home
anne  Eddy
root@alfa:/home/anne#

Restart your computer to take affect modifications.
Our user Eddy has no login password set and would be unable to login the system.
We’ll provide one at Eddy but he must change it at first login.
We’re still logged as user root so we can carry on.
Type passwd Eddy + enter.
You’ll be asked to enter Eddy’s password + enter.
Retype the same password as your first attempt +enter.
At most companies it’s a mandatory task for new user to change their login passwords.
In most cases it’s forbidden to share login passwords even by system administrators.
Users can change their own password using the same command without being root.
If users can’t remember their passwords only sysadmins are able to provide new ones.
Our user Eddy has received his password provided by our system administrator and would be able to use his freshly created account.

root@alfa:~# passwd Eddy
Enter new UNIX password: (sdf123456)
Retype new UNIX password: (sdf123456)
passwd: password updated successfully
root@alfa:~#

Now we’ve two users Eddy and anne installed into our system.
We’ll face a security breach and privacy issues which will affect both users.
Let’s take a look which permissions our users have in their home directories.
Type cd /home + enter.
Check the permissions available on both directories anne and Eddy.
Type sl -l + enter.
We discover that everyone who’s logged into the system can access both user’s home directories and read contents of it.
At company employees it isn’t  a good practice and insecure.

anne@alfa:/$ cd /home
anne@alfa:/home$ ls -l
total 8
drwxr-xr-x 25 anne anne 4096 Jan 10 14:38 anne
drwxr-xr-x 19 Eddy Eddy 4096 Jan  9 22:39 Eddy
anne@alfa:/home$

Let’s take a closer look in /home/anne direcoty.
Type ls -Rl anne + enter.
Her folders, subfolders and files are readable by Eddy and everyone.

anne@alfa:/home$ ls -Rl anne
anne:
total 32
drwxr-xr-x 3 anne anne 4096 Nov  4 16:09 Desktop
drwxr-xr-x 3 anne anne 4096 Dec  1 14:51 Documents
drwxr-xr-x 2 anne anne 4096 Nov 16 20:18 Downloads
drwxr-xr-x 2 anne anne 4096 Oct 17 16:25 Music
drwxr-xr-x 2 anne anne 4096 Dec  7 13:05 Pictures
drwxr-xr-x 2 anne anne 4096 Oct 17 16:25 Public
drwxr-xr-x 2 anne anne 4096 Oct 17 16:25 Templates
drwxr-xr-x 2 anne anne 4096 Oct 17 16:25 Videos

anne/Desktop:
total 4
drwxr-xr-x 3 anne anne 4096 Nov  5 18:43 Gnubizz

anne/Desktop/Gnubizz:
total 8
-rw-r–r– 1 anne anne  450 Nov  5 18:43 GnubizzSite
drwxr-xr-x 4 anne anne 4096 Nov  4 16:09 OpenSourceComputing

anne/Desktop/Gnubizz/OpenSourceComputing:
total 8
drwxr-xr-x 2 anne anne 4096 Nov  5 20:54 Gnubizz1
drwxr-xr-x 2 anne anne 4096 Nov  5 20:55 Gnubizz2

anne/Desktop/Gnubizz/OpenSourceComputing/Gnubizz1:
total 4
-rw-r–r– 1 anne anne 1423 Nov  5 22:25 GnubizzSite

anne/Desktop/Gnubizz/OpenSourceComputing/Gnubizz2:
total 4
-rw-r–r– 1 anne anne 450 Nov  5 20:55 GnubizzSite

anne/Documents:
total 4
drwxr-xr-x 3 anne anne 4096 Jan  9 22:49 GnuBizz

anne/Documents/GnuBizz:
total 68
-rw-r–r– 1 anne anne 16999 Jan  9 22:21 INFO_USERADD
-rw-r–r– 1 anne anne 16999 Jan  9 20:37 INFO_USERADD~
-rw-r–r– 1 anne anne  9460 Jan  9 22:49 Permissions
-rw-r–r– 1 anne anne  9317 Jan  9 22:21 Permissions~
drwxr-xr-x 2 anne anne  4096 Jan  9 18:09 Published

anne/Documents/GnuBizz/Published:
total 188
-rw-r–r– 1 anne anne 31853 Nov  5 23:55 A.odt
-rw-r–r– 1 anne anne 30402 Nov 17 20:29 Application_Locations.odt
-rw-r–r– 1 anne anne 29148 Nov 12 23:55 GbuBizz
-rw-r–r– 1 anne anne 24809 Oct 29 19:22 Gnubizz
-rw-r–r– 1 anne anne 12728 Dec  7 13:38 OpenApplicationInGUIandTerminal.odt
-rw-r–r– 1 anne anne 31003 Nov 16 22:45 Programma_Locaties.odt
-rw-r–r– 1 anne anne 13496 Oct 25 12:40 TerminalExplorationInHomeDirectoryDebianWheezy7.odt

anne/Downloads:
total 0

anne/Music:
total 0

anne/Pictures:
total 0

anne/Public:
total 0

anne/Templates:
total 0

anne/Videos:
total 0
anne@alfa:/home$

Take in account that each user owns his/her home directory.
The user is able to change his/her permission on their own files and directories without being root.
We can grant three permissions available: read, write and execute.
While using chmod commando we’ll use numbers instead using read, write and execute.
The number shown below correspond each permission.
4 = read
2 = write
1 = execute

Let’s say we’ve a folder named Drive which has full permission set for all users.
It’ll look like: drwxrwxrwx 1 anna anne 4096 jan 10 15:56 Drive
We’ll avoid that everyone can access this Drive by changing some permissions.
The followed command would be: chmod 750 Drive + enter.
Now the permissions on Drive would look like: drwxr-x— 1 anna anne 4096 jan 10 15:56 Drive
Thus we’ve to count this numbers to get our permission set like shown below.
read, write and execute = 7
read and execute = 5
read and write = 6
The effective permissions on Drive would be:
750
7 = read, write and execute permission for the owner (user)
5 = read, execute permission for the group which the user belongs to.
0 = No permission set for everyone.

Ok let’s change both user’s permissions as user root.
Loggin as root by typing su + enter.
You’ll be asked to fill in your password + enter.
Your prompt will display # sign.

anne@alfa:~$ su
Password:
root@alfa:/home/anne#

Check existing permissions at both users /home directories.
Type ls -l /home + enter.

root@alfa:/home/anne# ls -l /home
total 8
drwxr-xr-x 25 anne anne 4096 Jan 10 15:56 anne
drwxr-xr-x 19 Eddy Eddy 4096 Jan  9 22:39 Eddy
root@alfa:/home/anne#

As you already know both users are able to access each others files and directories.
We’ll change those permissions that will affect everyone users except root.
They’re no longer allowed anymore to read contents of other users.
Type chmod -R 750 /home/Eddy + enter.
The argument -R will force the permission on the sub-folders as well.

root@alfa:/home/anne# ls -l /home
total 8
drwxr-xr-x 25 anne anne 4096 Jan 10 15:56 anne
drwxr-xr-x 19 Eddy Eddy 4096 Jan  9 22:39 Eddy
root@alfa:/home/anne# chmod 750 /home/Eddy
root@alfa:/home/anne#

Check if the change has took place.
We notice the permission by everyone has changed.
Type ls -l /home + enter.

root@alfa:/home/anne# ls -l /home
total 8
drwxr-xr-x 25 anne anne 4096 Jan 10 15:56 anne
drwxr-xr-x 19 Eddy Eddy 4096 Jan  9 22:39 Eddy
root@alfa:/home/anne# chmod 750 /home/Eddy
root@alfa:/home/anne# ls -l /home
total 8
drwxr-xr-x 25 anne anne 4096 Jan 10 15:56 anne
drwxr-x— 19 Eddy Eddy 4096 Jan  9 22:39 Eddy
root@alfa:/home/anne#

Logout as user root by typing exit + enter.
Your prompt displays $ again.
Now we’re ready to test if our permissions works.
We’re logged in as anne.
Navigate to /home by typing cd /home + enter.
Our working directory is /home that contains the sub-folders anne and Eddy.
Type ls + enter.

anne@alfa:~$ cd /home
anne@alfa:/home$ ls
anne  Eddy
anne@alfa:/home$

Ok we would like to see anne’s subdirectories.
You’ll see all the folders owned by anne.
Type ls anne + enter.

anne@alfa:~$ cd /home
anne@alfa:/home$ ls
anne  Eddy
anne@alfa:/home$ ls anne
Desktop  Documents  Downloads  Music  Pictures  Public  Templates  Videos
anne@alfa:/home$

We’ll redo this command to see Eddy’s sub-directories.
Hm, We’ll encounter a issue displayed below.
Our output give us the reason why this task can’t be performed.
ls: cannot open directory Eddy: Permission denied
We’ve no read permission anymore because we belongs to the users “everyone”.
Type ls Eddy + enter.

anne@alfa:~$ cd /home
anne@alfa:/home$ ls
anne  Eddy
anne@alfa:/home$ ls anne
Desktop  Documents  Downloads  Music  Pictures  Public  Templates  Videos
anne@alfa:/home$ ls Eddy
ls: cannot open directory Eddy: Permission denied
anne@alfa:/home$

Can we access his home directoy? I don’t think so.
Let’s test it and type cd Eddy + enter.
No success  to access it which protects Eddy’s privacy.
Our output displays the reason why: cd: Eddy: Permission denied

anne@alfa:~$ cd /home
anne@alfa:/home$ ls
anne  Eddy
anne@alfa:/home$ ls anne
Desktop  Documents  Downloads  Music  Pictures  Public  Templates  Videos
anne@alfa:/home$ ls Eddy
ls: cannot open directory Eddy: Permission denied
anne@alfa:/home$ cd Eddy
bash: cd: Eddy: Permission denied
anne@alfa:/home$

We’ve shown how to set permissions at user level but this can become complicated when having much users.
In our example we’ve only two users which are easy manageable.
Our users are divided into two different primary groups anne and Eddy.
Type ls -l + enter.

root@alfa:/home# ls -l
total 8
drwxr-x— 25 anne anne 4096 Jan 11 12:03 anne
drwxr-x— 19 Eddy Eddy 4096 Jan  9 22:39 Eddy
root@alfa:/home#

The best practice is to set permissions at group level instead of users.
We’ll create two users Bert and Vivianne by executing useradd.
We will create a new supplementary group _gnubizzers using groupadd.
A directory GNUBIZZ-DRIVE will be created in our / home directory.
Create both users Bert, Vivianne and their /home directories.
Type useradd -m -U Bert + enter.

anne@alfa:~$ su
Password:
root@alfa:/home/anne# useradd -m -U Bert
root@alfa:/home/anne#

Repeat this command creating user Vivianne.
Type useradd -m -U Vivianne + enter.

anne@alfa:~$ su
Password:
root@alfa:/home/anne# useradd -m -U Bert
root@alfa:/home/anne# useradd -m -U Vivianne
root@alfa:/home/anne#

Restart your computer so the system can write down the modifications you’ve just made.
Check if both users exist by ls commando.
Now we see four users anne, Bert, Eddy and Vivianne.
Type ls /home + enter.

root@alfa:/home/anne# ls /home
anne  Bert  Eddy  Vivianne
root@alfa:/home/anne#

Asign users Bert and Vivianne a login password.
Type passwd Bert + enter.
You’ll be asked to fill in Bert’s new password + enter.
Retype this password + enter.
Do the same task by the user Vivianne.

root@alfa:/home/anne# passwd Bert
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully
root@alfa:/home/anne# passwd Vivianne
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully
root@alfa:/home/anne#

Check the newly user’s permissions by typing ls -l + enter.
Other users are able to read contents of both users Bert and Vivianne.
When you don’t like it to happen you’ve to change it.
Type chmod 750 Bert Vivianne + enter.

root@alfa:/home# ls -l
total 16
drwxr-x— 25 anne     anne     4096 Jan 11 21:48 anne
drwxr-xr-x 19 Bert     Bert     4096 Jan 11 21:45 Bert
drwxr-x— 19 Eddy     Eddy     4096 Jan 11 21:30 Eddy
drwxr-xr-x 19 Vivianne Vivianne 4096 Jan 11 21:47 Vivianne
root@alfa:/home# chmod 750 Bert Vivianne
root@alfa:/home# ls -l
total 16
drwxr-x— 25 anne     anne     4096 Jan 11 21:48 anne
drwxr-x— 19 Bert     Bert     4096 Jan 11 21:45 Bert
drwxr-x— 19 Eddy     Eddy     4096 Jan 11 21:30 Eddy
drwxr-x— 19 Vivianne Vivianne 4096 Jan 11 21:47 Vivianne
root@alfa:/home#

Our next task is creating our directory GNUBIZZ-DRIVE using mkdir commando in the /home directory.
Navigate to /home using cd.
Type mkdir GNUBIZZ-DRIVE + enter.
We’ll face a permission issue by “Permission denied” because we were executing our command as default user.
The directory /home is owned by root.
Login as root by typing su + enter.
Typ your password + enter and retype it again + enter.
Now we’ll be able to perform this task.
Type mkdir GNUBIZZ-DRIVE + enter.
Check by ls -l and you’ll see our newly directoy GNUBIZZ-DRIVE and it’s permissions.
As you can see everyone has read and execute permissions at GNUBIZZ-DRIVE owned by root.

anne@alfa:/home$ mkdir GNUBIZZ-DRIVE
mkdir: cannot create directory `GNUBIZZ-DRIVE': Permission denied
anne@alfa:/home$ su
Password:
root@alfa:/home# mkdir GNUBIZZ-DRIVE
root@alfa:/home# ls -l
total 20
drwxr-x— 26 anne     anne     4096 Jan 11 22:19 anne
drwxr-x— 19 Bert     Bert     4096 Jan 11 21:45 Bert
drwxr-x— 19 Eddy     Eddy     4096 Jan 11 21:30 Eddy
drwxr-xr-x  2 root     root     4096 Jan 11 22:28 GNUBIZZ-DRIVE
drwxr-x— 19 Vivianne Vivianne 4096 Jan 11 21:47 Vivianne
root@alfa:/home#

Change permission at GNUBIZZ-DRIVE so others aren’t able to gain access to it.
Type chmod 750 GNUBIZZ-DRIVE + enter.
At this stage user root and group root has still permissions set.
Check this by ls -l + enter.

root@alfa:/home# chmod 750 GNUBIZZ-DRIVE
root@alfa:/home# ls -l
total 20
drwxr-x— 26 anne     anne     4096 Jan 11 22:19 anne
drwxr-x— 19 Bert     Bert     4096 Jan 11 21:45 Bert
drwxr-x— 19 Eddy     Eddy     4096 Jan 11 21:30 Eddy
drwxr-x—  2 root     root     4096 Jan 11 22:28 GNUBIZZ-DRIVE
drwxr-x— 19 Vivianne Vivianne 4096 Jan 11 21:47 Vivianne
root@alfa:/home#

Now we’re ready to go further using groups instead of users.
Our purpose is to make users members of specific groups.
Our system handles two kinds of groups, primary and supplementary.
Each user becomes a member of a primary group when we created them.
Let’s look which group our users belongs to using id commando.
Type id username + enter.
Here we can see our primary groups of our users:
anne’s primary group is “anne”
Eddy’s primary group is “Eddy”
Bert’s primary group is “Bert”
Viviannes’s primary group is “Vivianne”

anne@alfa:~$ id anne
uid=1000(anne) gid=1000(anne) groups=1000(anne),24(cdrom),25(floppy),29(audio),30(dip),44(video),46(plugdev),106(scanner),111(bluetooth),113(netdev)
anne@alfa:~$ id Eddy
uid=1001(Eddy) gid=1001(Eddy) groups=1001(Eddy)
anne@alfa:~$ id Bert
uid=1002(Bert) gid=1002(Bert) groups=1002(Bert)
anne@alfa:~$ id Vivianne
uid=1003(Vivianne) gid=1003(Vivianne) groups=1003(Vivianne)
anne@alfa:~$

First we’ll create a new group named _gnubizzers.
To perform this you’ll need high privileges being root.
Login as user root by typing su + enter.
Fill in password of root user + enter.
Retype password + enter.
Your prompt will displays # again.
Create the group _gnubizzers using groupadd commando.
Type groupadd _gnubizzers + enter.

anne@alfa:~$ su
Password:
root@alfa:/home/anne# groupadd _gnubizzers
root@alfa:/home/anne#

Our group _gnubizzers is abandon containing no members yet.
We’ll add users Eddy, Bert and Vivianne to _gnubizzers using usermod commando.
Take in account that our users and group already exist so we’ll use some arguments.
A short arguments -a and -G  explanation:
-a = Append existing user to the group
-G = Specify supplementary group which the user will join.
Be aware and use your root user.
We’re still logged in as root so we’ll continue to make our users members of _gnubizzers.
Type usermod -a -G _gnubizzers Eddy + enter.
Check Eddy’s groups membership using id commando.
Type id Eddy + enter.
Eddy’s primary group is “Eddy” and his supplementary group is “_gnubizzers”

root@alfa:/home# usermod -a -G _gnubizzers Eddy
root@alfa:/home# id Eddy
uid=1001(Eddy) gid=1001(Eddy) groups=1001(Eddy),1004(_gnubizzers)
root@alfa:/home#

Repeat this task by the users Bert and Vivianne.
Type usermod -a -G _gnubizzers Bert + enter.
Than type usermod -a -G _gnubizzers Vivianne + enter.
The group _gnubizzers contains three members Eddy, Bert and Vivanne.
Check their membership using id command followed by their username.
Type id Bert + enter.
Redo this command at the user Vivianne.
You we’ll see  _gnubizzers is added as a supplementary group.

root@alfa:/home# usermod -a -G _gnubizzers Bert
root@alfa:/home# usermod -a -G _gnubizzers Vivianne
root@alfa:/home# id Bert
uid=1002(Bert) gid=1002(Bert) groups=1002(Bert),1004(_gnubizzers)
root@alfa:/home# id Vivianne
uid=1003(Vivianne) gid=1003(Vivianne) groups=1003(Vivianne),1004(_gnubizzers)
root@alfa:/home#

At this moment our members of the group _gnubizzers has no permissions on GNUBIZZ-DRIVE.
Let’s check this using ls -l /home + enter.
We see GNUBIZZ-DRIVE is owned by root and group root.
Our purpose is to change the group ownership from root to _gnubizzers.
At this stage displayed below our user root has full permission and the group root has read and execute permissions.

anne@alfa:~$ ls -l /home
total 20
drwxr-x— 25 anne     anne     4096 Jan 14 11:23 anne
drwxr-x— 19 Bert     Bert     4096 Jan 11 21:45 Bert
drwxr-x— 19 Eddy     Eddy     4096 Jan 11 21:30 Eddy
drwxr-x—  2 root     root     4096 Jan 11 22:28 GNUBIZZ-DRIVE
drwxr-x— 19 Vivianne Vivianne 4096 Jan 11 21:47 Vivianne
anne@alfa:~$

Let’s change the group ownership by using chgrp commando.
We’ll insert some arguments like -v and -R.
-v Is used to see the diagnostics what happened .
-R Is used to operate on files and directories recursively.
Type chgrp -v -R _gnubizzers /home/GNUBIZZ-DRIVE + enter.
Our output displays that the group has changed from root to _gnubizzers.

anne@alfa:~$ su
Password:
root@alfa:/home/anne# chgrp -v -R _gnubizzers /home/GNUBIZZ-DRIVE
changed group of `/home/GNUBIZZ-DRIVE’ from root to _gnubizzers
root@alfa:/home/anne#

Check using ls -l verifying the changes.
The directory GNUBIZZ-DRIVE is still owned by user root but the group ownership has changed to _gnubizzers.
The group _gnubizzers are able to read and execute in the directory GNUBIZZ-DRIVE.

root@alfa:/home/anne# ls -l /home
total 20
drwxr-x— 25 anne     anne        4096 Jan 14 11:23 anne
drwxr-x— 19 Bert     Bert        4096 Jan 11 21:45 Bert
drwxr-x— 19 Eddy     Eddy        4096 Jan 11 21:30 Eddy
drwxr-x—  2 root     _gnubizzers 4096 Jan 11 22:28 GNUBIZZ-DRIVE
drwxr-x— 19 Vivianne Vivianne    4096 Jan 11 21:47 Vivianne
root@alfa:/home/anne#

We’ll change the permissions on GNUBIZZ-DRIVE so our members of the  group _gnubizzers will be able to read, write and execute.
Login as root using su.
Type chmod 770 /home/GNUBIZZ-DRIVE + enter.
Verify your changes using ls -l /home + enter.
The user root (owner) and the group _gnubizzers (group owner) has the same permissions on GNUBIZZ-DRIVE.
Be aware that this situation is far from ideal and insecure using such configurations at companies.
Each member is able to write, change, move, store and even delete other member’s directories and files by accident.
How to avoid this will be discussed later on.

root@alfa:/home/anne# ls -l /home
total 20
drwxr-x— 25 anne     anne        4096 Jan 14 11:23 anne
drwxr-x— 19 Bert     Bert        4096 Jan 11 21:45 Bert
drwxr-x— 19 Eddy     Eddy        4096 Jan 11 21:30 Eddy
drwxr-x—  2 root     _gnubizzers 4096 Jan 11 22:28 GNUBIZZ-DRIVE
drwxr-x— 19 Vivianne Vivianne    4096 Jan 11 21:47 Vivianne
root@alfa:/home/anne# chmod 770 /home/GNUBIZZ-DRIVE
root@alfa:/home/anne# ls -l /home
total 20
drwxr-x— 25 anne     anne        4096 Jan 14 11:23 anne
drwxr-x— 19 Bert     Bert        4096 Jan 11 21:45 Bert
drwxr-x— 19 Eddy     Eddy        4096 Jan 11 21:30 Eddy
drwxrwx—  2 root     _gnubizzers 4096 Jan 11 22:28 GNUBIZZ-DRIVE
drwxr-x— 19 Vivianne Vivianne    4096 Jan 11 21:47 Vivianne
root@alfa:/home/anne#

We’ll show you a security breach on GNUBIZZ-DRIVE.
Login as user Eddy in the same terminal you working on.
First become user root before using login commando.
Type login Eddy + enter.
You’ll be asked to fill in Eddy’s password + enter.
You’re now logged in as “Eddy”.
Verify who is logged by using whoami command.
Type whoami + enter.
Eddy will be displayed.
Check Eddy’s working directory by pwd commando.
Type pwd + enter.
Eddy’s working directory would be /home/Eddy.
Navigate to GNUBIZZ-DRIVE by typing cd /home/GNUBIZZ-DRIVE + enter.
Eddy will create a sub-directory “Eddy-gnu”.
Type mkdir Eddy-gnu + enter.
Verify with ls and Eddy will see his new directory Eddy-gnu stored at GNUBIZZ-DRIVE.
Logout by typing exit + enter and you’ll become root user.
Your prompt shows # sign again being root user.

root@alfa:/home/anne# login Eddy
Password:
Last login: Tue Jan 14 12:43:58 CET 2014 on pts/0
Linux alfa 3.2.0-4-amd64 #1 SMP Debian 3.2.51-1 x86_64

The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
$ whoami
Eddy
$ pwd
/home/Eddy
$ cd /home/GNUBIZZ-DRIVE
$ pwd
/home/GNUBIZZ-DRIVE
$ mkdir Eddy-gnu
$ ls
Eddy-gnu
$ exit
root@alfa:/home/anne#

So far nothing happened yet to proof our configuration issue.
Login as user Vivianne.
Verify Vivianne’s working directory by pwd.
Navigate to GNUBIZZ-DRIVE.
Check which directories are stored at GNUBIZZ-DRIVE by ls -l.
Vivianne will see Eddy’s directory Eddy-gnu.
Take in account the whole group _gnubizzers has full rights on GNUBIZZ-DRIVE.
Let’s test our security risk by removing Eddy’s folder.
Type rmdir Eddy-gnu + enter.
Use ls and you’ll see Eddy’s directory Eddy-gnu is gone.
This is not a good practice being able to delete each others folders and files.
Logout by typing exit + enter.
We’re root again and ready to modify it at a better way.

root@alfa:/home/anne# login Vivianne
Password:
Linux alfa 3.2.0-4-amd64 #1 SMP Debian 3.2.51-1 x86_64

The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
$ pwd
/home/Vivianne
$ cd /home/GNUBIZZ-DRIVE
$ ls -l
total 4
drwxr-xr-x 2 Eddy Eddy 4096 Jan 14 12:52 Eddy-gnu
$ rmdir Eddy-gnu
$ ls
$ exit
root@alfa:/home/anne#

Our goal is working more secure for everyone who’s member of the group _gnubizzers.
Let’s change our permission using a sticky bit.
The user root will not be affected by sticky bit and the permission will remain unchanged.
This will prevent the user being able by deleting files and directories accidently by other users which belongs to the same group _gnubizzers.
Set your permission on GNUBIZZ-DRIVE using chmod commando.
Type chmod -v 1770 /home/GNUBIZZ-DRIVE + enter.
Check this by ls -l /home + enter.

root@alfa:/home/anne# chmod -v 1770 /home/GNUBIZZ-DRIVE
mode of `/home/GNUBIZZ-DRIVE’ changed from 0770 (rwxrwx—) to 1770 (rwxrwx–T)
root@alfa:/home/anne# ls -l /home
total 20
drwxr-x— 25 anne     anne        4096 Jan 14 11:23 anne
drwxr-x— 19 Bert     Bert        4096 Jan 11 21:45 Bert
drwxr-x— 19 Eddy     Eddy        4096 Jan 11 21:30 Eddy
drwxrwx–T  2 root     _gnubizzers 4096 Jan 14 12:59 GNUBIZZ-DRIVE
drwxr-x— 19 Vivianne Vivianne    4096 Jan 11 21:47 Vivianne
root@alfa:/home/anne#

Our security breach must be solved so we’ll test it again.
Type the bold text displayed in our example below.
The red text represents our terminal output.
Just follow this small content and explore and discuss your thoughts.
Don’t forget to be root when logging as another user in the same terminal.
Login as user Eddy and create a directory Eddy-gnu at GNUBIZZ-DRIVE.

root@alfa:/home/anne# login Eddy
Password:
Last login: Tue Jan 14 12:44:45 CET 2014 on pts/0
Linux alfa 3.2.0-4-amd64 #1 SMP Debian 3.2.51-1 x86_64

The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
$ pwd
/home/Eddy
$ cd /home/GNUBIZZ-DRIVE
$ pwd
/home/GNUBIZZ-DRIVE
$ mkdir Eddy-gnu
$ ls -l
total 4
drwxr-xr-x 2 Eddy Eddy 4096 Jan 14 13:27 Eddy-gnu
$ exit
root@alfa:/home/anne#

Login as user Bert and Vivianne and create sub-directory correspond by username:
Vivianne will create directory Vivianne-gnu.
Bert will create directory Bert-gnu.
Type the bold text displayed below.
Login as user Bert and perform the task described above.

root@alfa:/home/anne# login Bert
Password:
Last login: Tue Jan 14 13:30:39 CET 2014 on pts/0
Linux alfa 3.2.0-4-amd64 #1 SMP Debian 3.2.51-1 x86_64

The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
$ pwd
/home/Bert
$ cd /home/GNUBIZZ-DRIVE
$ ls
Eddy-gnu
$ mkdir Bert-gnu
$ ls -l
total 8
drwxr-xr-x 2 Bert Bert 4096 Jan 14 13:31 Bert-gnu
drwxr-xr-x 2 Eddy Eddy 4096 Jan 14 13:27 Eddy-gnu
$$ exit
root@alfa:/home/anne#

Login as user Vivianne and create a sub-directory Vivianne-gnu at GNUBIZZ-DRIVE.
Type the bold text and follow our example below.

root@alfa:/home/anne# login Vivianne
Password:
Last login: Tue Jan 14 12:58:36 CET 2014 on pts/0
Linux alfa 3.2.0-4-amd64 #1 SMP Debian 3.2.51-1 x86_64

The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
$ pwd
/home/Vivianne
$ cd /home/GNUBIZZ-DRIVE
$ mkdir Vivianne-gnu
$ ls -l
total 12
drwxr-xr-x 2 Bert     Bert     4096 Jan 14 13:31 Bert-gnu
drwxr-xr-x 2 Eddy     Eddy     4096 Jan 14 13:27 Eddy-gnu
drwxr-xr-x 2 Vivianne Vivianne 4096 Jan 14 13:42 Vivianne-gnu
$ exit
root@alfa:/home/anne#

Let’s see if users can delete files and directories by accident of othter members.
Login as user Eddy again.
Eddy will remove other members their directories stored at GNUBIZZ-DRIVE.
The bold text must be typed. Explore what will happen and enjoy it.
Nobody of the group _gnubizzers will be able to delete each others files and direcoties.
Notice they’re still be able to read each others contents but they can’t create or remove contents at other members.

If you don’t like that group members are able to read your contents you can change it at your own folders and files stored at GNUBIZZ_DRIVE.
A example what a group member can do.
Supposing Eddy don’t like that others are able to read his contents.
At this stage permissions read and execute rights on Eddy’s-gnu owned by Eddy are granted  for everyone.
drwxr-xr-x 2 Eddy     Eddy     4096 Jan 14 13:27 Eddy-gnu
Eddy can change this by executing chmod 750 Eddy-gnu to avoid reading permissions by others.
Now his folder permission would like this:
drwxr-x— Eddy     Eddy     4096 Jan 14 13:27 Eddy-gnu
The members of the group _gnubizzers aren’t able anymore to read Eddy’s folders and files contents.
Setting permissions can become very complicated and must be well documented by system administrators.

root@alfa:/home/anne# login Eddy
Password:
Last login: Tue Jan 14 13:27:13 CET 2014 on pts/0
Linux alfa 3.2.0-4-amd64 #1 SMP Debian 3.2.51-1 x86_64

The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
$ pwd
/home/Eddy
$ cd /home/GNUBIZZ-DRIVE
$ ls -l
total 12
drwxr-xr-x 2 Bert     Bert     4096 Jan 14 13:31 Bert-gnu
drwxr-xr-x 2 Eddy     Eddy     4096 Jan 14 13:27 Eddy-gnu
drwxr-xr-x 2 Vivianne Vivianne 4096 Jan 14 13:42 Vivianne-gnu
$ rmdir Bert-gnu
rmdir: failed to remove `Bert-gnu': Operation not permitted
$ rmdir Vivianne-gnu
rmdir: failed to remove `Vivianne-gnu': Operation not permitted
$ exit
root@alfa:/home/anne# 

A permission overview configured in our example.
Our system has four users anne, Eddy, Bert and Vivianne.
Membership _gnubizzers:
Eddy, Bert and Vivianne
Non membership of _gnubizzers:
anne and root
The permissions set at users home direcories:
Read, write and execute by the owner (user itself).
Read and execute permission granted at primary group which user belongs to.
No rights granted for everyone.
Permission set at GNUBIZZ-DRIVE shared by the group _gnubizzers:
Read, write and execute rights granted user root.
Read, write and execute rights granted to _gnubizzers members.
Sticky bit set preventing by removing contents of other members.
No rights granted for everyone

So that’s it and we hope you’ve enjoyed it.
Feel free to share your thoughts so we can get things going better.
Don’t hesitate to leave a comment.
We’ll back soon to giude you through this nice system Debian Wheezy 7.2. ;-)

Written by Anne-Marie.

Turn your Debian Wheezy 7.2 system into a Samba Server.

Turn your Debian Wheezy 7.2 system into a Samba Server.

We’ve already installed our Debian Wheezy 7.2 system and now it runs a desktop environment. Our purpose is to run it as a Samba server.
We’ll deploy shared drives and print services to our Windows clients.
The most companies runs DFS ( Distributed File Services ) and Print Services deployed by their servers.
Samba server communicates using SMB ( Simple Message Block ) protocol which are supported in most systems.

In this tutorial we’ll install and test our Samba Server.
Each pc that connects to a network receives their ip addresses automatically assigned by DHCP ( Dynamic Host Configuration Protocol ).
A ip address assigned by dhcp is not optimal for servers so we’ll assign our machine a static one.
We can check our ip settings of our machine by executing ifconfig.
Type ifconfig + enter.

anne@Samba:~$ ifconfig
bash: ifconfig: command not found
anne@Samba:~$


Oops what’s went wrong inhere?

In the most Linux machines you’ll get your ip settings displayed but in Debian Wheezy you’ll see bash: ifconfig: command not found.
We’ve discussed in previous tutorials how to find locations of commando’s.
If you like you can review “Applications and commando’s locations Debian Wheezy 7″ article.
The location of ifconfig is /sbin directory.
Let’s continue revealing our machine’s ip settings.
Type /sbin/ifconfig + enter.
We have two interfaces displayed in our output, etho and a loopback 0 interface.

anne@Samba:~$ ifconfig
bash: ifconfig: command not found
anne@Samba:~$ /sbin/ifconfig
eth0      Link encap:Ethernet  HWaddr 08:00:27:a8:9a:9a 
          inet addr:192.168.0.233  Bcast:192.168.0.255  Mask:255.255.255.0
          inet6 addr: fe80::a00:27ff:fea8:9a9a/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:5641 errors:0 dropped:0 overruns:0 frame:0
          TX packets:3726 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:5746232 (5.4 MiB)  TX bytes:635055 (620.1 KiB)

 lo        Link encap:Local Loopback 
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:8 errors:0 dropped:0 overruns:0 frame:0
          TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:480 (480.0 B)  TX bytes:480 (480.0 B)

anne@Samba:~$


Our machine ip settings assigned by dhcp are:

ip: 192.168.0.233/24
subnetmask: 255.255.255.0
Our default gateway is missing at this moment but we’ll execute netstat command to reveal this.
Type netstat -r + enter.

anne@Samba:~$ netstat -r
Kernel IP routing table
Destination        Gateway           Genmask              Flags    MSS Window  irtt Iface
default                 192.168.0.1      0.0.0.0                 UG              0 0                  0 eth0
link-local             *                        255.255.0.0         U                 0 0                  0 eth0
192.168.0.0        *                         255.255.255.0     U                 0 0                  0 eth0
anne@Samba:~$


Now we know our important ip settings assigned by dhcp.

Complete machine ip settings are:
ip: 192.168.0.233/24
subnetmask: 255.255.255.0
default gateway: 192.168.0.1

The best practice is to write down your ip settings on a piece of paper because you’ll need it later on.
Our next task is important before proceeding by installing our samba server.
We need a static ip address instead a assigned one by dhcp.
First off all we’ve to shutdown some services like avahi-daemon and network-manager.
On a server they’re annoying because they startup by system boot with the purpose to give a ip address assigned by dhcp.
Don’t do this at desktops, laptops and other devices, they need this services to work properly while connecting to a network.
The services network-manager and avahi-daemon are located in the directory /etc/rc2.d.
Let’s take a look and type cd /etc/rc2.d + enter and than type ls -l + enter.
Now we’ll see all our services here including avahi-daemon and network-manager displayed below.
The links of our services are bold and underlined tekst displayed below.

anne@Samba:~$ cd /etc/rc2.d
anne@Samba:/etc/rc2.d$ ls -l
total 4
-rw-r–r– 1 root root 677 Jul 14 19:24 README
lrwxrwxrwx 1 root root  14 Oct 17 15:46 S01motd -> ../init.d/motd
lrwxrwxrwx 1 root root  17 Oct 17 16:14 S13rpcbind -> ../init.d/rpcbind
lrwxrwxrwx 1 root root  20 Oct 17 16:14 S14nfs-common -> ../init.d/nfs-common
lrwxrwxrwx 1 root root  22 Oct 17 16:14 S16acpi-fakekey -> ../init.d/acpi-fakekey
lrwxrwxrwx 1 root root  24 Oct 17 16:14 S16binfmt-support -> ../init.d/binfmt-support
lrwxrwxrwx 1 root root  17 Oct 17 16:14 S16rsyslog -> ../init.d/rsyslog
lrwxrwxrwx 1 root root  14 Oct 17 16:14 S16sudo -> ../init.d/sudo
lrwxrwxrwx 1 root root  32 Oct 17 16:14 S16virtualbox-guest-utils -> ../init.d/virtualbox-guest-utils
lrwxrwxrwx 1 root root  15 Oct 17 16:14 S17acpid -> ../init.d/acpid
lrwxrwxrwx 1 root root  22 Oct 17 16:14 S17acpi-support -> ../init.d/acpi-support
lrwxrwxrwx 1 root root  17 Oct 17 16:14 S17anacron -> ../init.d/anacron
lrwxrwxrwx 1 root root  13 Oct 17 16:14 S17atd -> ../init.d/atd
lrwxrwxrwx 1 root root  14 Oct 17 16:14 S17cron -> ../init.d/cron
lrwxrwxrwx 1 root root  14 Oct 17 16:14 S17dbus -> ../init.d/dbus
lrwxrwxrwx 1 root root  15 Oct 17 16:14 S17exim4 -> ../init.d/exim4
lrwxrwxrwx 1 root root  27 Oct 17 16:14 S17speech-dispatcher -> ../init.d/speech-dispatcher
lrwxrwxrwx 1 root root  22 Oct 17 16:14 S18avahi-daemon -> ../init.d/avahi-daemon
lrwxrwxrwx 1 root root  19 Oct 17 16:14 S18bluetooth -> ../init.d/bluetooth
lrwxrwxrwx 1 root root  25 Oct 17 16:14 S18network-manager -> ../init.d/network-manager
lrwxrwxrwx 1 root root  14 Oct 17 16:14 S19cups -> ../init.d/cups
lrwxrwxrwx 1 root root  14 Oct 17 16:15 S19gdm3 -> ../init.d/gdm3
lrwxrwxrwx 1 root root  20 Oct 17 16:14 S19pulseaudio -> ../init.d/pulseaudio
lrwxrwxrwx 1 root root  15 Oct 17 16:15 S19saned -> ../init.d/saned
lrwxrwxrwx 1 root root  18 Oct 17 16:15 S20bootlogs -> ../init.d/bootlogs
lrwxrwxrwx 1 root root  19 Oct 17 16:15 S21minissdpd -> ../init.d/minissdpd
lrwxrwxrwx 1 root root  18 Oct 17 16:15 S21rc.local -> ../init.d/rc.local
lrwxrwxrwx 1 root root  19 Oct 17 16:15 S21rmnologin -> ../init.d/rmnologin
anne@Samba:/etc/rc2.d$


Ok we’ll remove the links of both services using the command rm. You must have high privileges on your system so you’ve to use your root user.

Type su + enter.
You’ll be asked to fill in your root password followed by enter.
The sign # represents that you’re logged in as user root.
Be aware when you’re changing things in here because you’ve full privileges on your system. This actions will affect your system’s behavior.
Let’s remove the links of our services by using mv command.

Type rm -v /etc/rc2.d/S18avahi-daemon + enter.
than,
Type rm -v /etc/rc2.d/S18network-manager + enter.
We’ve used the -v option to see what happens after our execution.

As you can see they’re successfully removed.

anne@Samba:/etc/rc2.d$ su
Password:
root@Samba:/etc/rc2.d#rm -v /etc/rc2.d/S18avahi-daemon
removed `/etc/rc2.d/S18avahi-daemon’
root@Samba:/etc/rc2.d# rm -v /etc/rc2.d/S18network-manager
removed `/etc/rc2.d/S18network-manager’
root@Samba:/etc/rc2.d#


We’ve no links to our services anymore so we’ll create a new one as followed.

Type ln -s /etc/init.d/networking /etc/rc2.d/S15networking + enter.
Now we’ve a new link that leads to our directory /etc/init.d/networking.

anne@Samba:/etc/rc2.d$ su
Password:
root@Samba:/etc/rc2.d#rm -v /etc/rc2.d/S18avahi-daemon
removed `/etc/rc2.d/S18avahi-daemon’
root@Samba:/etc/rc2.d# rm -v /etc/rc2.d/S18network-manager
removed `/etc/rc2.d/S18network-manager’
root@Samba:/etc/rc2.d# ln -s /etc/init.d/networking /etc/rc2.d/S15networking


Ok, we’re ready to stop our services avahi-deamon and network-manager as followed.

Type /etc/init.d/avahi-daemon stop + enter.
than,
Type /etc/init.d/network-manager stop + enter.
If you prefer you can just restart your machine. It’s causes the same results.

We can see in our output that our services are stopped successfully.

root@Samba:/etc/rc2.d# /etc/init.d/avahi-daemon stop
[ ok ] Stopping Avahi mDNS/DNS-SD Daemon: avahi-daemon.
root@Samba:/etc/rc2.d# /etc/init.d/network-manager stop
[ ok ] Stopping network connection manager: NetworkManager.
root@Samba:/etc/rc2.d#


Hmm, alright, let’s continue by taking care of our ip settings.

We’ll give our machine a static ip address before being able to install our samba.
As you already know our system is built up of directories and files.
The configuration files we need are located at the directory /etc.
Type cd /etc + enter.
Our working directory /etc so we’re interested in the network files. Let’s take a look.
Type ls net* + enter.

anne@Samba:~$ cd /etc
anne@Samba:/etc$
ls net*
netconfig  networks

network:
if-down.d  if-post-down.d  if-pre-up.d  if-up.d  interfaces  run
anne@Samba:/etc$


We see the file interfaces located in our  sub directory network.

Go to that directory and type cd network + enter.
Now we’re in our working directory network which contains the file interfaces.

anne@Samba:/etc$ cd network
anne@Samba:/etc/network$
ls
if-down.d  if-post-down.d  if-pre-up.d  if-up.d  interfaces  run
anne@Samba:/etc/network$


Each file can be changed that affect our system’s behavior so pay attention while you’re changing files like this one.
Let’s take a look at the contents of the file interfaces by using our cat. If you have any doubts you can check it’s properties by executing command file.

Type file interfaces + enter.
Our file interfaces is a ASCII-tekst based file so we’re able to read it’s contents by performing the cat command.
Type cat interfaces + enter.
This file contains the available interfaces on your system and can be modified if it’s necessary to do so like assigning ip addresses.

anne@Samba:/etc/network$ file interfaces
interfaces: ASCII text
anne@Samba:/etc/network$ cat interfaces
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

# The loopback network interface
auto lo
iface lo inet loopback
anne@Samba:/etc/network$


Let’s check all our interfaces available in our machine by executing ls.

Type lspci + enter.
Here you discover your Ethernet Controller shown below.
Type lspci + enter.
Here you see our Ethernet Controller displayed below.
Everything seems to be alright so far.

root@Samba:/etc/network# lspci
00:00.0 Host bridge: Intel Corporation 440FX – 82441FX PMC [Natoma] (rev 02)
00:01.0 ISA bridge: Intel Corporation 82371SB PIIX3 ISA [Natoma/Triton II]
00:01.1 IDE interface: Intel Corporation 82371AB/EB/MB PIIX4 IDE (rev 01)
00:02.0 VGA compatible controller: InnoTek Systemberatung GmbH VirtualBox Graphics Adapter
00:03.0 Ethernet controller: Intel Corporation 82540EM Gigabit Ethernet Controller (rev 02)
00:04.0 System peripheral: InnoTek Systemberatung GmbH VirtualBox Guest Service

00:05.0 Multimedia audio controller: Intel Corporation 82801AA AC’97 Audio Controller (rev 01)
00:06.0 USB controller: Apple Inc. KeyLargo/Intrepid USB
00:07.0 Bridge: Intel Corporation 82371AB/EB/MB PIIX4 ACPI (rev 08)
00:0d.0 SATA controller: Intel Corporation 82801HM/HEM (ICH8M/ICH8M-E) SATA Controller [AHCI mode] (rev 02)
root@Samba:/etc/network#


Let’s start our static ip configuration by opening our file interfaces using Pico.

We’re still root user with high privileges so we can carry on.
We hope you’ve written down your ip settings.
Type pico interfaces +  enter.
Your file may look like this.

# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

# The loopback network interface
auto lo
iface lo inet loopback


Write your ip settings you like to use as static ip.

We’ve chosen a /24 network 192.168.0.0
Our samba server will use ip 192.168.0.254
Subnetmask 255.255.255.0
Gateway 192.168.0.1
A little explanation about the file we’re modifying:
auto eth0 stands for startup ethernet interface 0 while system boots.
Iface eth0 inet static indicates a static assigned address at ethernet interface 0
These ip addresses displayed here are just examples so you can use your own settings you prefer.
Take note you can’t use a ip address twice and you must pay attention not to use addresses served by dhcp.
Navigate your cursor below using your arrow keys.
Write in our file the followed tekst:
auto eth0
iface eth0 init static
address 192.168.0.254
netmask 255.255.255.0
gateway 192.168.0.1

# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

# The loopback network interface
auto lo
iface lo inet loopback

auto eth0
iface eth0 inet static
address 192.168.0.254
netmask 255.255.255.0
gateway 192.168.0.1


If it’s correct save your file without changing the name of it.

Press ctrl + x and type y to save your file.
Don’t change anything here but just press enter.
Your file is now saved and ready to use after restarting our network services as followed.

We do this so the system can write down the changes we’ve just made.
Type /etc/init.d/networking restart + enter.
This will restart the network services.
Leave your root by typing exit.
Your prompt shown the $ again that indicates the default user.

Check your ip settings by typing /sbin/ifconfig + enter.
We can see our static ip settings listed below.
ip 192.168.0.254
subnetmask 255.255.255.0
defaul gateway 192.168.0.1

anne@Samba:~$ /sbin/ifconfig
eth0      Link encap:Ethernet  HWaddr 08:00:27:a8:9a:9a 
          inet addr:192.168.0.254  Bcast:192.168.0.255  Mask:255.255.255.0
          inet6 addr: fe80::a00:27ff:fea8:9a9a/64 Scope:Link

          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:1595 errors:0 dropped:0 overruns:0 frame:0
          TX packets:164 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:251030 (245.1 KiB)  TX bytes:19119 (18.6 KiB)

lo        Link encap:Local Loopback 
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:8 errors:0 dropped:0 overruns:0 frame:0
          TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:480 (480.0 B)  TX bytes:480 (480.0 B)

 anne@Samba:~$


We’ll test our connectivity by executing the ping command.

Type ping www.google.com + enter.
You’ll see a output like below if you’re connected successfully.
Notice we have transmitted 4 packets and received four. None of them were lost.
Stop you ping by pressing ctrl +c.

anne@Samba:~$ ping http://www.google.com
PING http://www.google.com (74.125.136.104) 56(84) bytes of data.
64 bytes from ea-in-f104.1e100.net (74.125.136.104): icmp_req=1 ttl=46 time=23.5 ms
64 bytes from ea-in-f104.1e100.net (74.125.136.104): icmp_req=2 ttl=46 time=25.7 ms
64 bytes from ea-in-f104.1e100.net (74.125.136.104): icmp_req=3 ttl=46 time=23.8 ms
64 bytes from ea-in-f104.1e100.net (74.125.136.104): icmp_req=4 ttl=46 time=23.1 ms
^C
http://www.google.com ping statistics —
4 packets transmitted, 4 received, 0% packet loss, time 3005ms
rtt min/avg/max/mdev = 23.113/24.050/25.723/0.999 ms
anne@Samba:~$


Now we’re able to install our Samba server.

Login as user root by performing su + enter.
Type your root user password + enter.
Your prompt shows the #  sign instead the default $ sign.
Ok, let’s do it.
Typ apt-get install samba + enter.

anne@Samba:~$ su
Password:
root@Samba:/home/anne# apt-get install samba
Reading package lists… Done
Building dependency tree      
Reading state information… Done
The following extra packages will be installed:
  libwbclient0 samba-common smbclient tdb-tools
Suggested packages:
  openbsd-inetd inet-superserver smbldap-tools ldb-tools ctdb cifs-utils
The following NEW packages will be installed:
  samba tdb-tools
The following packages will be upgraded:
  libwbclient0 samba-common smbclient
3 upgraded, 2 newly installed, 0 to remove and 27 not upgraded.
Need to get 10.5 MB of archives.
After this operation, 23.8 MB of additional disk space will be used.
Do you want to continue [Y/n]?


Now you can make a decision here.

We can see what will happen during this installation and how much disk space will be used.
You can abort this by pressing n but we’ll proceed the installation by pressing y.
Type y + enter.
Our samba server will be installed and a long list will roll on our terminal.

root@Samba:/home/anne# apt-get install samba
Reading package lists… Done
Building dependency tree      
Reading state information… Done
The following extra packages will be installed:
  libwbclient0 samba-common smbclient tdb-tools
Suggested packages:
  openbsd-inetd inet-superserver smbldap-tools ldb-tools ctdb cifs-utils
The following NEW packages will be installed:
  samba tdb-tools
The following packages will be upgraded:
  libwbclient0 samba-common smbclient
3 upgraded, 2 newly installed, 0 to remove and 27 not upgraded.
Need to get 10.5 MB of archives.
After this operation, 23.8 MB of additional disk space will be used.
Do you want to continue [Y/n]? y
Get:1 http://ftp.belnet.be/debian/ wheezy/main tdb-tools amd64 1.2.10-2 [27.0 kB]
Get:2 http://security.debian.org/ wheezy/updates/main libwbclient0 amd64 2:3.6.6-6+deb7u2 [95.7 kB]
Get:3 http://security.debian.org/ wheezy/updates/main smbclient amd64 2:3.6.6-6+deb7u2 [5,891 kB]
Get:4 http://security.debian.org/ wheezy/updates/main samba-common all 2:3.6.6-6+deb7u2 [213 kB]
Get:5 http://security.debian.org/ wheezy/updates/main samba amd64 2:3.6.6-6+deb7u2 [4,322 kB]
Fetched 10.5 MB in 5s (2,059 kB/s)
Reading changelogs… Done
Preconfiguring packages …
(Reading database … 142221 files and directories currently installed.)
Preparing to replace libwbclient0:amd64 2:3.6.6-6+deb7u1 (using …/libwbclient0_2%3a3.6.6-6+deb7u2_amd64.deb) …
Unpacking replacement libwbclient0:amd64 …
Preparing to replace smbclient 2:3.6.6-6+deb7u1 (using …/smbclient_2%3a3.6.6-6+deb7u2_amd64.deb) …
Unpacking replacement smbclient …
Preparing to replace samba-common 2:3.6.6-6+deb7u1 (using …/samba-common_2%3a3.6.6-6+deb7u2_all.deb) …
Unpacking replacement samba-common …
Selecting previously unselected package samba.
Unpacking samba (from …/samba_2%3a3.6.6-6+deb7u2_amd64.deb) …
Selecting previously unselected package tdb-tools.
Unpacking tdb-tools (from …/tdb-tools_1.2.10-2_amd64.deb) …
Processing triggers for man-db …
Setting up libwbclient0:amd64 (2:3.6.6-6+deb7u2) …
Setting up samba-common (2:3.6.6-6+deb7u2) …
Setting up smbclient (2:3.6.6-6+deb7u2) …
Setting up samba (2:3.6.6-6+deb7u2) …
Generating /etc/default/samba…
Adding group `sambashare’ (GID 123) …
Done.
update-alternatives: using /usr/bin/smbstatus.samba3 to provide /usr/bin/smbstatus (smbstatus) in auto mode
[ ok ] Starting Samba daemons: nmbd smbd.
Setting up tdb-tools (1.2.10-2) …
update-alternatives: using /usr/bin/tdbbackup.tdbtools to provide /usr/bin/tdbbackup (tdbbackup) in auto mode
root@Samba:/home/anne#


We’ll configure and test our samba server.

Our fresh installed server uses configuration files located at /etc/samba directory.
We’ll copy this one in the same directory using mv command.
Type mv /etc/samba/smb/conf /etc/samba/smb.conf.testsamba.
You’re free in naming your smb.conf file you prefer.
Now we’ve copied our configuration file named smb.conf.testsamba.

root@Samba:/home/anne# mv /etc/samba/smb.conf /etc/samba/smb.conf.testsamba
root@Samba:/home/anne#


Now we’re able to configure our smb.conf file using Pico.

Let’s open this file, pico /etc/samba/smb.conf + enter.
You’ll see a empty file which contains nothing at this moment.

You’re free to use your own configuration instead of this example displayed below.
Type:
[global]
workgroup=gnubizzers

[antwerp]
path=/home/shareddrive
comment=sambainstallation

If you’re satisfied you can safe your file by pressing ctrl+x at once.
You’ll be asked what to do with this file, just press y.
Now press enter without changing it’s name.
Ok our smb.conf file is configured and saved in our directory /etc/samba.

At this time we’ve no shared drive yet in our samba server.
We need to create a directory in our directory /home.
Type mkdir /home/shareddrive + enter.

root@Samba:/# mkdir /home/shareddrive
root@Samba:/#


We’ve chosen shareddrive but you’re free to name it what you like.

Check this in your /home directory using ls command.
Type ls +enter.
Yes our directory shareddrive is pressent inhere.

root@Samba:/# ls /home
anne  shareddrive
root@Samba:/#


Everything is done so far so we’re ready to restart our samba server.

Every change we made needs to be written into our system by restarting our samba services.
Type /etc/init.d/samba restart + enter.

root@Samba:/# /etc/init.d/samba restart
[ ok ] Stopping Samba daemons: nmbd smbd.
[ ok ] Starting Samba daemons: nmbd smbd.
root@Samba:/#


Ok, we’ll now test our configuration we’ve made before.

Type testparm + enter.
You’ll be asked to see your dump of your service definitions.
Press y.
In this output we see our successfull deployment of our shared drive.

root@Samba:/# testparm
Load smb config files from /etc/samba/smb.conf
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
Processing section “[antwerp]“
Loaded services file OK.
Server role: ROLE_STANDALONE
Press enter to see a dump of your service definitions

[global]
     workgroup = GNUBIZZERS
     idmap config * : backend = tdb

[antwerp]
     comment = sambainstallation
     path = /home/shareddrive
root@Samba:/#


We’re not done yet.

We need a user which will use our samba server.
We have named our samba user sysadmin.
Let’s create our user by typing useradd + username you prefere + enter.
than

Type smbpasswd -a username you’ve chosen + enter.
You’ll see New SMB password:
Type password your prefer + enter.
You’ll see Retype new SMB password:
Retype your password + enter.
Now the user sysadmin is added.

root@Samba:/# useradd sysadmin
root@Samba:/#
smbpasswd -a sysadmin
New SMB password:
Retype new SMB password:
Added user sysadmin.
root@Samba:/#


Now we’ve done everything and ready for the ultimate test.

We’ll login as sysadmin in our samba server. In fact we’ll connect into our shareddrive we’ve created before.
Type smbclient //localhost/antwerp -U sysadmin. + enter.
You’ll see Enter sysadmain’s password:
Type your password  + enter.

root@Samba:~# smbclient //192.168.0.254/antwerp -U sysadmin
Enter sysadmin’s password:
Domain=[GNUBIZZERS] OS=[Unix] Server=[Samba 3.6.6]
smb: \>


We’ve a successful logged into our shareddrive antwerp.

Let’s take a look what’s stored on that drive.
Type ls + enter.
Now we’ve a few pictures inhere displayed below.

root@Samba:~# smbclient //192.168.0.254/antwerp -U sysadmin
Enter sysadmin’s password:
Domain=[GNUBIZZERS] OS=[Unix] Server=[Samba 3.6.6]
smb: \> ls
.                                                                 D                 0    Wed Dec 18 23:40:59 2013
..                                                                D                 0    Wed Dec 18 22:57:48 2013
fancy-debian.jpg                                           1101847    Wed Dec 18 23:38:28 2013
icons.png                                                          341553    Wed Dec 18 23:36:56 2013
terminal.png                                                     79743     Wed Dec 18 23:37:40 2013
38577 blocks of size 524288. 28649 blocks available
smb: \>

If you’ve seen enough you can disconnect by typing quit + enter.


Our second test will be done using a Windows 7 based system.

Click start and type cmd than click cmd and your prompt will open.
Your CMD prompt looks like this below.
The numbers which are divided between dots repressents our samba-server’s ip address.
We’ll accomplish a connection to our samba server’s shared drive.
Type NET USE L: \\192.168.0.254\antwerp /USER:sysadmin + enter.
Type sysadmin’s password + enter.
We’re connected successfully but we’re still in our C:\ directory of Windows so w’ll change our working directory.
In Windows our shared drive is given the drive letter L.
Type L: + enter.
Our cmd prompt shows L:\ instead the default C:\
Now we’re able to see the contents by executing dir + enter.

Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.

C:\Users\Anne-Marie>NET USE L: \\192.168.0.254\antwerp /USER:sysadmin
Enter the password for ‘sysadmin’ to connect to ‘192.168.0.254’:
The command completed susscessfully.

C:\Users\Anne-Marie>L:

L:\dir
 Volume in drive L is antwerp
 Vomume Serial Number is 622C-D244

 Directory of L:\


Picture displayed below how our real CMD look like.

You’ll see we’ve some pictures stored in our shared drive antwerp.

Samba



In our Windows system graphical user interface you’ll discover your network drive displayed on the left side below computer.

You can just click on network drive and you’ll be asked to insert sysadmin’s password to connect.

samba.gui


The contents of your drive is now accessible to explore.
Ok in our example there’s not that much stored inhere.

Samba_gui_access_shareddrive

We like to use our CMD instead of our graphical user interface.
It’s more accurate when creating directories and files.
Let’s use our cmd again and navigate to your shared drive L.
Type L: + enter.
Our purpose is to make a directory into our shared drive antwerp.
We’ll make a folder named Samba_Lessons + enter.
Type mkdir Samba-Lessons + enter.
Hmm, we’ll face a Access is denied.

L:\>mkdir Samba-Lessons
Access is denied.

L:\>

Oops it’s seems we’ve a problem here.
We’ve not write permissions here so we’ve to change it in our Samba system.

Samba_access_is_denied


Let’s go back into our configuration file smb.conf located at /etc/samba.
We’ll give us write permissions so we’ll be able to make our directories and files we like.
First you’ve to be root to perform this action.
Type su + enter.
than
Insert your password followed by enter.

anne@Samba:~$ su
Password:
root@Samba:/home/anne#


Open your configuration file using Pico.
Type pico /etc/samba/smb.conf + enter.
The file look like below.

[global]
workgroup=gnubizzers

[antwerp]
path=/home/shareddrive
comment=sambainstallation


Now we’ll insert one more argument that will give us write permissions.

Move your cursor downwards by using your arrow keys.
Type writable=yes.
Safe your file by pressing ctrl+x
than
Enter without changing it’s name.

[global]
workgroup=gnubizzers

[antwerp]
path=/home/shareddrive
comment=sambainstallation
writable=yes


Our changes must be written by our server and must be restarted to take affect.

Type /etc/init.d/samba restart + enter.

root@Samba:/home/anne# /etc/init.d/samba restart
[ ok ] Stopping Samba daemons: nmbd smbd.
[ ok ] Starting Samba daemons: nmbd smbd.
root@Samba:/home/anne#


Ok, let’s test it.

Open your cmd one more time and navigate to L drive.
Make a directory named Samba-Lessons.
Type one more time mkdir Samba-Lessons + enter.
We face the same issue again.
We still have no write permissions after our file mocification so we need to go furter.

L:\>mkdir Samba-Lessons
Access is denied.

L:\>


Open your terminal in your Samba server.

We need to change our permissions on the shared drive itself.
Let’s take a look.
Type ls -l /home + enter.
Shareddrive is owned by user root and only this user can do everything.

anne@Samba:~$ ls -l /home
total 8
drwxr-xr-x 25 anne anne 4096 Dec 19 14:09 anne

drwxr-xr-x 
2 root root 4096 Dec 18 23:40 shareddrive
anne@Samba:~$


Login as user root by executing su + enter. Fill in your password followed by enter.
Type chmod 777 shareddrive + enter.
Check your permissions using ls -l command.
Now we must be able to write on that shared drive.

anne@Samba:~$ su
Password:
root@Samba:/home/anne# cd ..
root@Samba:/home# ls -l
total 8
drwxr-xr-x 25 anne anne 4096 Dec 24 11:43 anne
drwxr-xr-x  2 root root 4096 Dec 18 23:40 shareddrive
root@Samba:/home# chmod 777 shareddrive
root@Samba:/home# ls -l
total 8
drwxr-xr-x 25 anne anne 4096 Dec 24 11:43 anne
drwxrwxrwx  2 root root 4096 Dec 18 23:40 shareddrive
root@Samba:/home#


Let’s check this out in our Windows based machine using cmd.

Open your cmd and navigate to your L drive.
Type mkdir Samba-Lessons + enter and check this by using dir + enter.
We see here our newly created folder Samba-Lessons displayed below.

Samba_mkdir_Samba-Lessons


Now we’re able to create, change, safe and delete directories and files on the shared drive at the Samba server  from any machine connected to that drive.

When we perform such a configuration we’ll face a security breach that will affect the whole company.
The best practice is a permission management based on groups instead of users.
How to do that will be spoken in a later chapter.
We hope you’ve enjoyed this part of the servey. ;-)

Applications and commando’s locations Debian Wheezy 7

Applications and commando’s locations Debian Wheezy 7.

When we search for applications and files available in our system you don’t see such directory like Programs Files.
Our programs, files and services are divided over many directories instead of other systems.
In a Windows system you’ll find your applications in the default folder C:\Programs.Files and C:\ProgramsFiles (x86).
Our applications, services and users are stored in the root directory.The root is the start of everything in our system.
Let’s see how this looks like.
Start your terminal and navigate into the / (directory root).
The bold text in this tutorial are commando’s and its last outputs are red.
We’re in our home directory when we open our terminal.
Type cd / + enter.
Verify with pwd and you’ll see your working directory is root /.
Execute ls that reveals the subdirectories of root.

anne0001@beta:~$ pwd
/home/anne0001
anne0001@beta:~$ cd /
anne0001@beta:/$ pwd
/
anne0001@beta:/$ ls
bin   etc         lib         mnt   root  selinux  tmp  vmlinuz
boot  home        lost+found  opt   run   srv      usr
dev   initrd.img  media       proc  sbin  sys      var
anne0001@beta:/$

We can see who’s the owner of the root directory as followed.
Type ls -l + enter.
Notice the whole directory is owned by the root user.

anne0001@beta:/$ pwd
/
anne0001@beta:/$ ls -l
total 84
drwxr-xr-x   2 root root  4096 Nov 13 21:39 bin
drwxr-xr-x   3 root root  4096 Nov 13 21:51 boot
drwxr-xr-x  14 root root  3160 Nov 14 11:14 dev
drwxr-xr-x 132 root root 12288 Nov 14 11:14 etc
drwxr-xr-x   3 root root  4096 Nov 13 21:54 home
lrwxrwxrwx   1 root root    32 Nov 13 20:52 initrd.img -> /boot/initrd.img-3.2.0-4-686-pae
drwxr-xr-x  16 root root  4096 Nov 13 21:38 lib
drwx——   2 root root 16384 Nov 13 20:47 lost+found
drwxr-xr-x   3 root root  4096 Nov 13 20:47 media
drwxr-xr-x   2 root root  4096 Oct  7 17:25 mnt
drwxr-xr-x   2 root root  4096 Nov 13 20:48 opt
dr-xr-xr-x 135 root root     0 Nov 14 11:12 proc
drwx——   4 root root  4096 Nov 13 21:48 root
drwxr-xr-x  19 root root   840 Nov 14 11:15 run
drwxr-xr-x   2 root root  4096 Nov 13 21:57 sbin
drwxr-xr-x   2 root root  4096 Jun 10  2012 selinux
drwxr-xr-x   2 root root  4096 Nov 13 20:48 srv
drwxr-xr-x  13 root root     0 Nov 14 11:12 sys
drwxrwxrwt  11 root root  4096 Nov 14 15:34 tmp
drwxr-xr-x  10 root root  4096 Nov 13 20:48 usr
drwxr-xr-x  12 root root  4096 Nov 13 21:45 var
lrwxrwxrwx   1 root root    28 Nov 13 20:52 vmlinuz -> boot/vmlinuz-3.2.0-4-686-pae
anne0001@beta:/$

As we said our applications are divided over different directories and files.
A incomplete list of folders that contains application files and directories displayed below.
/bin
/sbin
/usr
/usr/bin
/usr/sbin
/usr/share
/usr/local
/usr/local/games
/usr/lib
etc……

Let’s take a small guide through some of them.
In the directory /sbin you’ll find subdirectories and files that contains many commando’s used by system configuration purposes.
Important commando’s like fdisk, iptables, ifconfig, iwconfig, shutdown, etc…
Let’s see what we get here.
Type ls sbin + enter.

anne0001@beta:/$ pwd
/
anne0001@beta:/$ ls sbin
acpi_available       ip                 ntfsresize
agetty               ip6tables          ntfsundelete
apm_available        ip6tables-restore  on_ac_power
badblocks            ip6tables-save     osd_login
blkid                ipmaddr            pam_tally
blockdev             iptables           pam_tally2
capsh                iptables-restore   pccardctl
cfdisk               iptables-save      pivot_root
crda                 iptunnel           plipconfig
cryptsetup           isosize            poweroff
ctrlaltdel           iw                 rarp
debugfs              iwconfig           raw
depmod               iwevent            reboot
dhclient             iwgetid            regdbdump
dhclient-script      iwlist             resize2fs
discover             iwpriv             rmmod
discover-modprobe    iwspy              route
discover-pkginstall  kbdrate            rpcbind
dmsetup              killall5           rpc.statd
dosfsck              ldconfig           rtacct
dosfslabel           logsave            rtmon
dumpe2fs             losetup            runlevel
e2fsck               lsmod              setcap
e2image              lspcmcia           sfdisk
e2label              mii-tool           shadowconfig
e2undo               mkdosfs            showmount
fdisk                mke2fs             shutdown
findfs               mkfs               slattach
fsck                 mkfs.bfs           sm-notify
fsck.cramfs          mkfs.cramfs        startpar
fsck.ext2            mkfs.ext2          startpar-upstart-inject
fsck.ext3            mkfs.ext3          start-stop-daemon
fsck.ext4            mkfs.ext4          sulogin
fsck.ext4dev         mkfs.ext4dev       swaplabel
fsck.minix           mkfs.minix         swapoff
fsck.msdos           mkfs.msdos         swapon
fsck.nfs             mkfs.ntfs          switch_root
fsck.vfat            mkfs.vfat          sysctl
fsfreeze             mkhomedir_helper   tc
fstab-decode         mkntfs             telinit
fstrim               mkswap             tune2fs
getcap               modinfo            udevadm
getpcaps             modprobe           udevd
getty                mount.fuse         umount.nfs
halt                 mount.lowntfs-3g   umount.nfs4
hdparm               mount.nfs          umount.udisks
hwclock              mount.nfs4         unix_chkpwd
ifconfig             mount.ntfs         unix_update
ifdown               mount.ntfs-3g      wipefs
ifquery              mount.vboxsf       wpa_action
ifup                 nameif             wpa_cli
init                 nfnl_osf           wpa_supplicant
insmod               ntfsclone          xtables-multi
insserv              ntfscp
installkernel        ntfslabel
anne0001@beta:/$

This long list can be overwhelming and difficult to overview.
We can avoid this by using a argument.
Our command will look like, command + path directory you prefer + /argument + wild card.
We’re interested in subdirectories and files available started by the characters if.
Let’s see what list we get.
Type ls sbin/if* + enter.
Now we see our small list filtered by if

anne0001@beta:/$ pwd
/
anne0001@beta:/$ ls sbin/if*
sbin/ifconfig  sbin/ifdown  sbin/ifquery  sbin/ifup
anne0001@beta:/$

How many directories and files are available started by f?
Our argument must focus on f followed by *.
We’re only interested in those directories started by the characters f.
Type ls sbin/f* + enter.

anne0001@beta:/$ pwd
/
anne0001@beta:/$ ls sbin/f*
sbin/fdisk        sbin/fsck.ext2     sbin/fsck.minix  sbin/fsfreeze
sbin/findfs       sbin/fsck.ext3     sbin/fsck.msdos  sbin/fstab-decode
sbin/fsck         sbin/fsck.ext4     sbin/fsck.nfs    sbin/fstrim
sbin/fsck.cramfs  sbin/fsck.ext4dev  sbin/fsck.vfat
anne0001@beta:/$

Hmm to much directories and files displayed here?
Well we’ll ad one more argument to reduce our list to a minimum displayed items.
Our command will look like, command + path directory you prefer + /first argument + * + second argument.
Let’s filter our directories started by f and ended by s.
You see a short list here.
Type ls sbin/f*s + enter.

anne0001@beta:/$ pwd
/
anne0001@beta:/$ ls sbin/f*s
sbin/findfs  sbin/fsck.cramfs  sbin/fsck.msdos  sbin/fsck.nfs
anne0001@beta:/$

The directory bin contains user commando’s like, cp, chmod, less, open, dir, etc…
Command ls in this directory will produce a very long list of applications en files.
Just execute ls /bin + enter if you like.
We prefer the reduced list by using another manner.
In our command we’ll use a pipe followed by a second command followed by a argument.
Our command will look like command + path directory you prefer + pipe + second command + argument.
We’re interested in command en files that contains the characters nt.
Type ls bin | grep nt + enter.
This’ll display only those items containing nt.

anne0001@beta:/$ pwd
/
anne0001@beta:/$ ls bin | grep nt
findmnt
fusermount
lowntfs-3g
mount
mountpoint
ntfs-3g
ntfs-3g.probe
ntfs-3g.secaudit
ntfs-3g.usermap
ntfscat
ntfsck
ntfscluster
ntfscmp
ntfsdump_logfile
ntfsfix
ntfsinfo
ntfsls
ntfsmftalloc
ntfsmove
ntfstruncate
ntfswipe
setfont
umount
anne0001@beta:/$

We have another directory that contains a very long list of subdirectories and files.
Directory usr/share contains applications like iceweasel, java, brasero, Libreoffice, nautilus, etc…
We’ll filter our list by using our command as above.
Display the items containing lib.
Type ls usr/share | grep lib + enter.

anne0001@beta:/$ pwd
/
anne0001@beta:/$ ls usr/share | grep lib
glib-2.0
libaudio2
libc-bin
libexttextcat
libgksu
libgnomekbd
libgnome-media-profiles
libgphoto2
libgweather
liblouis
libnm-gtk
libquvi-scripts
librarian
libreoffice
libsensors4
libsocialweb
libthai
libvisual-plugins-0.4
libwacom
anne0001@beta:/$

Feel free and explore more.
A few examples we’ve executed showed below.
We’ve typed ls usr/share | grep gnome + enter.

anne0001@beta:/$ pwd
/
anne0001@beta:/$ ls usr/share | grep gnome
gnome
gnome-2.0
gnome-applets
gnome-background-properties
gnome-bluetooth
gnome-color-manager
gnome-control-center
gnome-dictionary
gnome-documents
gnome-games
gnome-js
gnome-mag
gnome-nettool
gnome-packagekit
gnome-panel
gnome-power-manager
gnome-screenshot
gnome-session
gnome-settings-daemon
gnome-shell
gnome-sound-recorder
gnome-sudoku
gnome-system-log
gnome-system-monitor
gnome-terminal
gnome-tweak-tool
gnome-user-share
gnome-video-effects
libgnomekbd
libgnome-media-profiles
anne0001@beta:/$

And here we have executed ls usr/share/sy* + enter.
Notice path descriptions and its contents in this output.

anne0001@beta:/$ pwd
/
anne0001@beta:/$ ls usr/share/sy*
usr/share/synaptic:
gtkbuilder  html  pixmaps

usr/share/sysvinit:
inittab  update-rc.d

usr/share/sysv-rc:
saveconfig
anne0001@beta:/$

There are much more directories and files available we have not discussed yet like the applications libraries.
Feel free to explore them and you can review the examples above.
If you don’t know what a command or application does you can execute the whatis + naam command or application name.
We’ll see how we can get the location of applications.
There are many tools we can use like whereis, locate, find and which.
Let’s see what whereis, locate, find, and which stands for.
Start in your home directory.
Type whatis whereis + enter.
The whereis is used to find the executables, location and man pages.

anne0001@beta:~$ pwd
/home/anne0001
anne0001@beta:~$ whatis whereis
whereis (1)          – locate the binary, source, and manual page files for a…
anne0001@beta:~$

Repeat this command with the argument locate, find and which.
We have just discovered that locate searches in files by names.
Find w’ll search files in our folder structure and which locates user commando’s.
That’s good to know while we’re searching the locations we prefer.

anne0001@beta:~$ pwd
/home/anne0001
anne0001@beta:~$ whatis whereis
whereis (1)          – locate the binary, source, and manual page files for a…
anne0001@beta:~$ whatis locate
locate (1)           – find files by name
anne0001@beta:~$ whatis find
find (1)             – search for files in a directory hierarchy
anne0001@beta:~$ whatis which
which (1)            – locate a command
anne0001@beta:~$

Let’s start our application tour and get the location of it.
Where’s whereis located?
Which command will we use to know the location of commands?
We’ve seen the meaning of which showed above.
Type which whereis + enter.
Whereis location is /usr/bin/whereis.

anne0001@beta:~$ pwd
/home/anne0001
anne0001@beta:~$ which whereis
/usr/bin/whereis
anne0001@beta:~$

We know there’s a nice program called gimp.
Gimp is used to pimp your pictures and other materials.
Where’s gimp located?
Now we’ll use whereis + name of our application we prefer.
Type whereis gimp + enter.
This application uses a lot of directories displayed below.
Notice the directory that contains the man1 page of gimp.
We think the executable of gimp is located in/usr/bin/gimp but we’ll discuss thisitem later on.

anne0001@beta:~$ pwd
/home/anne0001
anne0001@beta:~$ whereis gimp
gimp: /usr/bin/gimp /etc/gimp /usr/lib/gimp /usr/bin/X11/gimp /usr/share/gimp /usr/share/man/man1/gimp.1.gz
anne0001@beta:~$

We were interested in the applications displayed below.
Type whereis followed by the name you prefer.
We used the applications tomboy, vim, synaptic and iceweasel.

anne0001@beta:~$ pwd
/home/anne0001
anne0001@beta:~$ whereis tomboy
tomboy: /usr/bin/tomboy /usr/lib/tomboy /usr/bin/X11/tomboy /usr/share/tomboy /usr/share/man/man1/tomboy.1.gz
anne0001@beta:~$ whereis vim
vim: /usr/bin/vim.tiny /etc/vim /usr/bin/X11/vim.tiny /usr/share/vim /usr/share/man/man1/vim.1.gz
anne0001@beta:~$ whereis synaptic
synaptic: /usr/sbin/synaptic /usr/share/synaptic /usr/share/man/man8/synaptic.8.gz
anne0001@beta:~$ whereis iceweasel
iceweasel: /usr/bin/iceweasel /etc/iceweasel /usr/lib/iceweasel /usr/bin/X11/iceweasel /usr/share/iceweasel /usr/share/man/man1/iceweasel.1.gz
anne0001@beta:~$

We can discover which files applications use and we can see what kind of extensions they’ve.
This is useful for system administrators and advanced users who like to change the behavior of applications.
Let’s see which files is used by synaptic located in /usr/share/synaptic.
We know it’s location so we’ll use the find command followed by it’s path to see our files.
Type find synaptic + /usr/share/synaptic + enter.
Be aware, this can be a very very long list.
In our example you see 2 full paths displayed containing many files.
/usr/share/synaptic/gtkbuilder and /usr/share/synaptic/pixmaps.
( incomplete list displayed below ).

anne0001@beta:~$ pwd
/home/anne0001
anne0001@beta:~$ find /usr/share/synaptic
/usr/share/synaptic
/usr/share/synaptic/gtkbuilder
/usr/share/synaptic/gtkbuilder/stock_menu_about.png
/usr/share/synaptic/gtkbuilder/dialog_update_outdated.ui
/usr/share/synaptic/gtkbuilder/dialog_proposed_new_repositories.ui
/usr/share/synaptic/gtkbuilder/window_find.ui
/usr/share/synaptic/gtkbuilder/proceed_small.png
/usr/share/synaptic/gtkbuilder/druid_repository.ui
/usr/share/synaptic/gtkbuilder/dialog_quit.ui
/usr/share/synaptic/gtkbuilder/update_small.png
/usr/share/synaptic/gtkbuilder/window_main.ui
/usr/share/synaptic/gtkbuilder/dialog_disc_label.ui
/usr/share/synaptic/gtkbuilder/window_changes.ui
/usr/share/synaptic/gtkbuilder/window_filters.ui
/usr/share/synaptic/gtkbuilder/dialog_columns.ui
/usr/share/synaptic/gtkbuilder/stock_help-book.png
/usr/share/synaptic/gtkbuilder/window_tasks.ui
/usr/share/synaptic/gtkbuilder/dialog_new_repositroy.ui
/usr/share/synaptic/gtkbuilder/window_preferences.ui
/usr/share/synaptic/gtkbuilder/dialog_task_descr.ui
/usr/share/synaptic/gtkbuilder/window_logview.ui
/usr/share/synaptic/gtkbuilder/dialog_example.ui
/usr/share/synaptic/gtkbuilder/window_about.ui
/usr/share/synaptic/gtkbuilder/window_disc_name.ui
/usr/share/synaptic/gtkbuilder/dialog_changelog.ui
/usr/share/synaptic/gtkbuilder/logo.png
/usr/share/synaptic/gtkbuilder/pref_vpaned.xpm
/usr/share/synaptic/gtkbuilder/dialog_unmet.ui
/usr/share/synaptic/gtkbuilder/window_rginstall_progress.ui
/usr/share/synaptic/gtkbuilder/dialog_download_error.ui
/usr/share/synaptic/gtkbuilder/dialog_authentication.ui
/usr/share/synaptic/gtkbuilder/dialog_update_failed.ui
/usr/share/synaptic/gtkbuilder/dialog_change_version.ui
/usr/share/synaptic/gtkbuilder/stock_filter-data-by-criteria.png
/usr/share/synaptic/gtkbuilder/distupgrade_small.png
/usr/share/synaptic/gtkbuilder/stock_filter-navigator.png
/usr/share/synaptic/gtkbuilder/window_iconlegend.ui
/usr/share/synaptic/gtkbuilder/window_setopt.ui
/usr/share/synaptic/gtkbuilder/window_details.ui
/usr/share/synaptic/gtkbuilder/window_zvtinstallprogress.ui
/usr/share/synaptic/gtkbuilder/window_summary.ui
/usr/share/synaptic/gtkbuilder/window_install_progress.ui
/usr/share/synaptic/gtkbuilder/window_rgdebinstall_progress.ui
/usr/share/synaptic/gtkbuilder/window_repositories.ui
/usr/share/synaptic/gtkbuilder/dialog_upgrade.ui
/usr/share/synaptic/gtkbuilder/upgrade_small.png
/usr/share/synaptic/gtkbuilder/cnc.png
/usr/share/synaptic/gtkbuilder/dialog_conffile.ui
/usr/share/synaptic/gtkbuilder/deb.png
/usr/share/synaptic/gtkbuilder/window_procceed.ui
/usr/share/synaptic/gtkbuilder/synaptic.xpm
/usr/share/synaptic/gtkbuilder/synaptic_mini.xpm
/usr/share/synaptic/gtkbuilder/pref_hpaned.xpm
/usr/share/synaptic/gtkbuilder/dialog_welcome.ui
/usr/share/synaptic/gtkbuilder/window_fetch.ui
/usr/share/synaptic/gtkbuilder/window_rginstall_progress_msgs.ui
/usr/share/synaptic/pixmaps
/usr/share/synaptic/pixmaps/green.png
/usr/share/synaptic/pixmaps/synaptic_32x32.xpm
/usr/share/synaptic/pixmaps/yellow.png
/usr/share/synaptic/pixmaps/red.png

We can search files by name using locate.
This will reveal full paths that contains files used by applications and services.
Our home directory is also divided over many places.
Let’s see how it look like. It’s amazing how many files are in use by Dekstop.
Type locate Desktop + enter.

anne0001@beta:~$ pwd
/home/anne0001
anne0001@beta:~$ ls
Desktop  Documents  Downloads  Music  Pictures  Public  Templates  Videos
anne0001@beta:~$ locate Desktop
/home/anne0001/Desktop
/usr/lib/girepository-1.0/GDesktopEnums-3.0.typelib
/usr/lib/libreoffice/program/wizards/common/Desktop.py
/usr/lib/pymodules/python2.6/xdg/DesktopEntry.py
/usr/lib/pymodules/python2.6/xdg/DesktopEntry.pyc
/usr/lib/pymodules/python2.7/xdg/DesktopEntry.py
/usr/lib/pymodules/python2.7/xdg/DesktopEntry.pyc
/usr/share/man/man3/File::DesktopEntry.3pm.gz
/usr/share/perl5/File/DesktopEntry.pm
/usr/share/pyshared/xdg/DesktopEntry.py
anne0001@beta:~$

We can make a journey through our system that never ends.
Play en enjoy the possibilities you get.
We have done more examples showed below.
Notice the contents that has been saved by the user like pictures and documents.

anne0001@beta:~$ pwd
/home/anne0001
anne0001@beta:~$ ls
Desktop  Documents  Downloads  Music  Pictures  Public  Templates  Videos
anne0001@beta:~$ locate Documents
/home/anne0001/Documents
/usr/share/dbus-1/services/org.gnome.Documents.GDataMiner.service
/usr/share/dbus-1/services/org.gnome.Documents.SearchProvider.service
/usr/share/glib-2.0/schemas/org.gnome.Documents.enums.xml
anne0001@beta:~$ locate Downloads
/home/anne0001/Downloads
/home/anne0001/Downloads/.~lock.Application_Locations.odt#
/home/anne0001/Downloads/Application_Locations.odt
/home/anne0001/Downloads/Default_Programs_Debian_Wheezy_7.odt
/home/anne0001/Downloads/new article.zip
/usr/lib/iceweasel/components/DownloadsStartup.js
/usr/lib/iceweasel/components/DownloadsUI.js
/usr/share/iceweasel/modules/DownloadsCommon.jsm
anne0001@beta:~$ locate Music
/home/anne0001/Music
/usr/share/perl/5.14.2/unicore/lib/Blk/MusicalS.pl
anne0001@beta:~$ locate Pictures
/home/anne0001/Pictures
/home/anne0001/Pictures/1.png
anne0001@beta:~$

How to find our application executables?
We can use the file command that will reveal more specific file information.
At all it can by difficult to find them but don’t give up, you’ll find your way out.
Let’s look to some of them like gimp, synaptic, libreOffice, etc….
First of all we have to know where the application is located.
Use the whereis command followed by the name application you prefer.
Type file + path + enter.
In this example you’ll see the path /usr/bin/gimp is linked to gimp-2.8.
Now you have to find out where gimp-2.8 is located by the whereis command.
Than execute file + the given path of gimp-2.8 and you’ll see this is a executable file.

anne0001@beta:~$ pwd
/home/anne0001
anne0001@beta:~$ whereis gimp
gimp: /usr/bin/gimp /etc/gimp /usr/lib/gimp /usr/bin/X11/gimp /usr/share/gimp /usr/share/man/man1/gimp.1.gz
anne0001@beta:~$ file /usr/bin/gimp
/usr/bin/gimp: symbolic link to `gimp-2.8′
anne0001@beta:~$ whereis gimp-2.8
gimp-2: /usr/bin/gimp-2.8 /usr/bin/X11/gimp-2.8
anne0001@beta:~$ file /usr/bin/gimp-2.8
/usr/bin/gimp-2.8: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.26, BuildID[sha1]=0x4be6b5c0c3f262db1fdb5a9eca1ebc38b62934b9, stripped
anne0001@beta:~$

Let’s see some more executables files of our selected applications.
We have chosen for Synaptic, vim, tomboy. You’re free in your choices of applications.
By Synaptic we’re in lucky, the first path contains our executable file.
Type the bold text displayed here.

anne0001@beta:~$ whereis synaptic
synaptic: /usr/sbin/synaptic /usr/share/synaptic /usr/share/man/man8/synaptic.8.gz
anne0001@beta:~$ file /usr/sbin/synaptic
/usr/sbin/synaptic: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.26, BuildID[sha1]=0x1dbc721d9863f48b1e7f762848f289664abb946d, stripped
anne0001@beta:~$

Let’s look which location tomboy have.

anne0001@beta:~$ whereis tomboy
tomboy: /usr/bin/tomboy /usr/lib/tomboy /usr/bin/X11/tomboy /usr/share/tomboy /usr/share/man/man1/tomboy.1.gz
anne0001@beta:~$ file /usr/bin/tomboy
/usr/bin/tomboy: a /usr/bin/env bash script, ASCII text executable
anne0001@beta:~$ file /usr/lib/tomboy
/usr/lib/tomboy: directory
anne0001@beta:~$ file /usr/bin/X11/tomboy
/usr/bin/X11/tomboy: a /usr/bin/env bash script, ASCII text executable
anne0001@beta:~$ file /usr/share/tomboy
/usr/share/tomboy: directory
anne0001@beta:~$ file  /usr/share/man/man1/tomboy.1.gz
/usr/share/man/man1/tomboy.1.gz: gzip compressed data, from Unix, max compression
anne0001@beta:~$

Sometimes it’s handy to find locations of different applications at once.
In this example we’ll use synaptic and vim.
Our output shows two executable files of synaptic and vim.

anne0001@beta:~$ whereis synaptic
synaptic: /usr/sbin/synaptic /usr/share/synaptic /usr/share/man/man8/synaptic.8.gz
anne0001@beta:~$ whereis vim
vim: /usr/bin/vim.tiny /etc/vim /usr/bin/X11/vim.tiny /usr/share/vim /usr/share/man/man1/vim.1.gz
anne0001@beta:~$ file /usr/sbin/synaptic /usr/bin/vim.tiny
/usr/sbin/synaptic: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.26, BuildID[sha1]=0x1dbc721d9863f48b1e7f762848f289664abb946d, stripped
/usr/bin/vim.tiny:  ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.26, BuildID[sha1]=0x18ec027c27af8f3fdc812003fc46aaeaf4c28814, stripped
anne0001@beta:~$

Now we’ve a good idea about applications and it’s files locations.
Keep in mind that this tutorial showed a small amount of possibilities.
Next time we’ll show you how we can open applications using our terminal.

Some handy tips you can use while you’re on a journey through this fancy system.
For very long command use the copy and past feature available in your terminal.
You can review the previous tutorial “Directory and File Management using Terminal Debian.
(
http://gnubizz2.wordpress.com/2013/11/06/directory-and-file-management-using-terminal-debian/ ).

Need some more help about commands and how to use applications?
You can advise –help, man and info pages.
Visit our tutorial “Important built-in information in Debian Wheezy 7 system.”
(
http://gnubizz2.wordpress.com/2013/10/30/important-built-in-information-in-debian-wheezy-7-system/).

We hope you have enjoyed it.
If you have any doubts or questions you can leave a comment.
See you next time. ;-)

 

Follow

Get every new post delivered to your Inbox.