Jitendrakumaryogi: April 2014

Wednesday 30 April 2014

NFS Stale File Handle Error and Solution

Sometime NFS can result in to weird problems. For example NFS mounted directories sometimes contain stale file handles. If you run command such as ls or vi you will see an error:
$ ls
.: Stale File Handle

NFS Stale:
A file handle becomes stale whenever the file or directory referenced by the handle is removed by another host, while your client still holds an active reference to the object. A typical example occurs when the current directory of a process, running on your client, is removed on the server (either by a process running on the server or on another client).

How do I fix this problem?

a) The best solution is to remount directory from the NFS client using mount command.

# umount -f /mnt/local
# mount -t nfs nfsserver:/path/to/share /mnt/local

Difference between Samba and CIFS

SAMBA was originally SMB Server - but the name had to be changed due to SMB Server being an actual product. SMB was the predecessor to CIFS. SMB "server message block" and CIFS "common internet file system" are protocols. Samba implements CIFS network protocol. This is what allows Samba to communicate with (newer) MS Windows systems. Typically you will see it referred to SMB/CIFS. However, CIFS is the extension of the SMB protocol so if someone is sharing out SMB via Samba to a legacy system still using NetBIOS it will typically connect to the Samba server via port 137, 138, 139 and CIFS is strictly port 445

Tuesday 29 April 2014

How to extract the RPM package

We can extract the content of RPM package first into cpio archive using utility rpm2cpio on standard output. if a – argument is given using cpio command, an rpm stream is read from standard in. The syntax is as follows.

SYNTAX:

$ rpm2cpio <RPM package> | cpio –idvm

Example:

[root@syncsrv01 jitendrakumar]# ls -ltr

total 292

-rw-------. 1 jitendrakumar domain admins 1675 Aug 23 2013 ssh_key

-rwxr-xr-x. 1 root root 879 Nov 26 15:46 root_expir_alert

-rw-r--r--. 1 root root 290624 Apr 29 15:48 ntfs-3g-2011.4.12- 5.el6.i686.rpm

[root@syncsrv01 jitendrakumar]# rpm2cpio ntfs-3g-2011.4.12-5.el6.i686.rpm | cpio -idvm

./bin/lowntfs-3g

./bin/ntfs-3g

./bin/ntfs-3g.probe

./bin/ntfs-3g.secaudit

./bin/ntfs-3g.usermap

./bin/ntfsmount

./lib/libntfs-3g.so.81

./lib/libntfs-3g.so.81.0.0

./sbin/mount.lowntfs-3g

./sbin/mount.ntfs

./sbin/mount.ntfs-3g

./sbin/mount.ntfs-fuse

./usr/bin/ntfs-3g

./usr/bin/ntfsmount

./usr/share/doc/ntfs-3g-2011.4.12

./usr/share/doc/ntfs-3g-2011.4.12/AUTHORS

./usr/share/doc/ntfs-3g-2011.4.12/COPYING

./usr/share/doc/ntfs-3g-2011.4.12/CREDITS

./usr/share/doc/ntfs-3g-2011.4.12/ChangeLog

./usr/share/doc/ntfs-3g-2011.4.12/NEWS

./usr/share/doc/ntfs-3g-2011.4.12/README

./usr/share/hal/fdi/policy/10osvendor/20-ntfs-config-write-policy.fdi

./usr/share/man/man8/mount.lowntfs-3g.8.gz

./usr/share/man/man8/mount.ntfs-3g.8.gz

./usr/share/man/man8/ntfs-3g.8.gz

./usr/share/man/man8/ntfs-3g.probe.8.gz

./usr/share/man/man8/ntfs-3g.secaudit.8.gz

./usr/share/man/man8/ntfs-3g.usermap.8.gz

1304 blocks

[root@syncsrv01 jitendrakumar]# ll

total 308

drwxr-xr-x. 2 root root 4096 Apr 29 15:49 bin

drwxr-xr-x. 2 root root 4096 Apr 29 15:49 lib

-rw-r--r--. 1 root root 290624 Apr 29 15:48 ntfs-3g-2011.4.12-5.el6.i686.rpm

-rwxr-xr-x. 1 root root 879 Nov 26 15:46 root_expir_alert

drwxr-xr-x. 2 root root 4096 Apr 29 15:49 sbin

-rw-------. 1 jitendrakumar domain admins 1675 Aug 23 2013 ssh_key

drwxr-xr-x. 4 root root 4096 Apr 29 15:49 usr

The extracted rpm data are

bin lib sbin user

Note:

In this example, output of rpm2cpio command piped to cpio command with following options:

§ i: Restore archive

§ d: Create leading directories where needed

§ m: Retain previous file modification times when creating files

§ v: Verbose i.e. display progress

Security Modes/Type in Samba Setup in Linux

If you have read any of the Samba content you probably will have noticed that within the smb.conf configuration file a line that begins with security =. This is a very important part of Samba setup and generally the section that gives users the most problems. Although the security mode would seem fairly straight-forward, it is certainly worth explaining.

In this article I will discuss what the security mode feature does and what the different modes are. By the end of this article there should be no confusion as to which mode your Samba setup should use.

What are security modes?

I like to think of security modes as a means to inform the server just how a client will authenticate. You know about authentication from many sources. You can authenticate at a local level, as part of a domain, using Active Directory, and more. How you authenticate is generally dictated by your IT department (or by yourself if you are personal or home user). Because of the different types of authentication, Samba needs a way to know how this authentication is going to happen.

Now, from a Windows perspective (and the reason why Samba exists) there are only two types of security level: Share level and User level. But because Windows has multiple ways of authentication Samba needs to break the user level down further. So, as far as Samba is concerned, these levels are called modes and there are five modes: user, share, domain, ADS, and server. Let's take a look at each of these.

user

The security = user mode is really the easiest to understand. From the Samba server perspective, the only things that matter (with regard to user mode) is username/password and the name of the client machine. This mode works very simply: If the Samba server accepts the username/password of the client then that client is able to mount shares on the server.

share

The security = share mode the client will authenticate itself against a share on the Samba server. Unlike user, when security = shareauthenticates against a share, that means that client only has access to that share. When using this mode the client sends a password along with each share request. If the password authenticates, the client has access to the share. If not, no access is granted. The authentication process is like this:

1. The client sends a session setup request that includes a valid username.

2. Samba records this username.

3. Client issues a tree connection request and the share the client wishes to connect with.

4. The users password is the then checked against the username. If password matches, the client is given access.

domain

The security = domain provides a means for storing all username/passwords in a centralized, shared account. This account is then shared between domain controllers. So when Samba uses this mode of security it has a domain security trust account and forces all authentication requests to be passed through the domain controller. When using this mode the configuration requires a second parameter. So the configuration will look like:

security = domain

workgroup = DOMAIN_NAME

You also have to join the domain using the net rpc join -U ADMINISTRATOR%PASSWORD command. Where ADMINISTRATOR is the name of the administrator account and PASSWORD is the password for that account.

ads

As you might expect, this is the Active Directory mode. Samba added ADS functionality at release 3. Using ADS mode is only possible if the Active Directory server is run in native mode. When running in ADS mode Samba will need NT-compatible authentication data - in other words Kerberos. So your Samba server will need to have a working Kerberos system installed. When using ADS mode, your Samba configuration adds another line like so:

realm = YOUR.KERBEROS.REALM

security = ADS

server

The last mode is security = server. This mode is generally not used any more because it basically sends username/password authentication to another machine. If this other machine is down, there will be no authentication. This mode presents numerous problems, which is why it is often not used. One of the more serious problems is that once a connection to the password server is made, that connection can be left open for extended periods of time - thus a severe security issue.

Append files to an Archive TAR file

The simplest way to append the files into existing archive is the “--append” or “-r” operation using tar command.

Syntax:

tar –rvf <Tar Archived File> <filename>

tar –append –file=< Tar Archived File> <filename>

Example1:

Here we are adding filename “five” into archive file “test.tar”.

[root@mail01 jitendrakumar]# tar -rvf test.tar five

five

[root@mail01 jitendrakumar]# tar -tvf test.tar

-rw-r--r-- root/root 0 2014-04-29 10:58 two

-rw-r--r-- root/root 0 2014-04-29 10:58 three

-rw-r--r-- root/root 0 2014-04-29 10:58 foure

-rw-r--r-- root/root 0 2014-04-29 10:58 one

-rw-r--r-- root/root 0 2014-04-29 10:59 five

Example2:

Here we are adding filename “six” into archive file “test.tar”.

[root@mail01 jitendrakumar]# tar --append --file=test.tar six

[root@mail01 jitendrakumar]# tar -tvf test.tar

-rw-r--r-- root/root 0 2014-04-29 10:58 two

-rw-r--r-- root/root 0 2014-04-29 10:58 three

-rw-r--r-- root/root 0 2014-04-29 10:58 foure

-rw-r--r-- root/root 0 2014-04-29 10:58 one

-rw-r--r-- root/root 0 2014-04-29 10:59 five

-rw-r--r-- root/root 0 2014-04-29 11:06 six

Monday 28 April 2014

List the content of tar, tar.gz and tar.bz2 compressed files

tar is an archiving program designed to store and extract files from an archive file known as a tarfile. You can create a tar file or compressed tar file tar. However sometime you need to list the contents of a tar or tar.gz file on screen before extracting the all files. Following commands will help you to view the content of tarfile.

To list the content of tar file.

# tar –tvf file.tar

To list the content of a tar.gz file.

# tar –ztvf file.tar.gz

To List the content of a tar.bz2 file.

# tar –jtvf file.tar.bz2

Where:

§ t: List the contents of an archive

§ v: Verbosely list files processed (display detailed information)

§ z: Filter the archive through gzip so that we can open compressed (decompress) .gz tar file

§ j: Filter archive through bzip2, use to decompress .bz2 files.

§ f filename: Use archive file called filename

Jitendrakumaryogi