An IP address is the location of a given computer or other network device on an IP network. It tells other devices where to go to "talk" to that computer/device. Think of it like a phone number.
A MAC address is kind of a serial number for network devices like ethernet cards - the first half of the MAC address tells what brand/model the card is, and the second half is a unique identifier specific to that card. Think of it like the VIN (Vehicle Identification Number) on your car.
Friday, November 26, 2010
Switch, hub, and Router
In a word: intelligence.
Hubs, switches, and routers are all devices that let you connect one or more computers to other computers, networked devices, or to other networks. Each has two or more connectors called ports into which you plug in the cables to make the connection. Varying degrees of magic happen inside the device, and therein lies the difference. I often see the terms misused so let's clarify what each one really means.
A hub is typically the least expensive, least intelligent, and least complicated of the three. Its job is very simple: anything that comes in one port is sent out to the others. That's it. Every computer connected to the hub "sees" everything that every other computer on the hub sees. The hub itself is blissfully ignorant of the data being transmitted. For years, simple hubs have been quick and easy ways to connect computers in small networks.
A switch does essentially what a hub does but more efficiently. By paying attention to the traffic that comes across it, it can "learn" where particular addresses are. For example, if it sees traffic from machine A coming in on port 2, it now knows that machine A is connected to that port and that traffic to machine A needs to only be sent to that port and not any of the others. The net result of using a switch over a hub is that most of the network traffic only goes where it needs to rather than to every port. On busy networks this can make the network significantly faster.
A router is the smartest and most complicated of the bunch. Routers come in all shapes and sizes from the small four-port broadband routers that are very popular right now to the large industrial strength devices that drive the internet itself. A simple way to think of a router is as a computer that can be programmed to understand, possibly manipulate, and route the data its being asked to handle. For example, broadband routers include the ability to "hide" computers behind a type of firewall which involves slightly modifying the packets of network traffic as they traverse the device. All routers include some kind of user interface for configuring how the router will treat traffic. The really large routers include the equivalent of a full-blown programming language to describe how they should operate as well as the ability to communicate with other routers to describe or determine the best way to get network traffic from point A to point B.
A quick note on one other thing that you'll often see mentioned with these devices and that's network speed. Most devices now are capable of both 10mps (10 mega-bits, or million bits, per second) as well as 100mbs and will automatically detect the speed. If the device is labeled with only one speed then it will only be able to communicate with devices that also support that speed. 1000mbs or "gigabit" devices are starting to slowly become more common as well. Similarly many devices now also include 802.11b or 802.11g wireless transmitters that simply act like additional ports to the device.
Hubs, switches, and routers are all devices that let you connect one or more computers to other computers, networked devices, or to other networks. Each has two or more connectors called ports into which you plug in the cables to make the connection. Varying degrees of magic happen inside the device, and therein lies the difference. I often see the terms misused so let's clarify what each one really means.
A hub is typically the least expensive, least intelligent, and least complicated of the three. Its job is very simple: anything that comes in one port is sent out to the others. That's it. Every computer connected to the hub "sees" everything that every other computer on the hub sees. The hub itself is blissfully ignorant of the data being transmitted. For years, simple hubs have been quick and easy ways to connect computers in small networks.
A switch does essentially what a hub does but more efficiently. By paying attention to the traffic that comes across it, it can "learn" where particular addresses are. For example, if it sees traffic from machine A coming in on port 2, it now knows that machine A is connected to that port and that traffic to machine A needs to only be sent to that port and not any of the others. The net result of using a switch over a hub is that most of the network traffic only goes where it needs to rather than to every port. On busy networks this can make the network significantly faster.
A router is the smartest and most complicated of the bunch. Routers come in all shapes and sizes from the small four-port broadband routers that are very popular right now to the large industrial strength devices that drive the internet itself. A simple way to think of a router is as a computer that can be programmed to understand, possibly manipulate, and route the data its being asked to handle. For example, broadband routers include the ability to "hide" computers behind a type of firewall which involves slightly modifying the packets of network traffic as they traverse the device. All routers include some kind of user interface for configuring how the router will treat traffic. The really large routers include the equivalent of a full-blown programming language to describe how they should operate as well as the ability to communicate with other routers to describe or determine the best way to get network traffic from point A to point B.
A quick note on one other thing that you'll often see mentioned with these devices and that's network speed. Most devices now are capable of both 10mps (10 mega-bits, or million bits, per second) as well as 100mbs and will automatically detect the speed. If the device is labeled with only one speed then it will only be able to communicate with devices that also support that speed. 1000mbs or "gigabit" devices are starting to slowly become more common as well. Similarly many devices now also include 802.11b or 802.11g wireless transmitters that simply act like additional ports to the device.
Introduction to Network Types
One way to categorize the different types of computer network designs is by their scope or scale. For historical reasons, the networking industry refers to nearly every type of design as some kind of area network. Common examples of area network types are:
LAN - Local Area Network
WLAN - Wireless Local Area Network
WAN - Wide Area Network
MAN - Metropolitan Area Network
SAN - Storage Area Network, System Area Network, Server Area Network, or sometimes Small Area Network
CAN - Campus Area Network, Controller Area Network, or sometimes Cluster Area Network
PAN - Personal Area Network
DAN - Desk Area Network
LAN and WAN were the original categories of area networks, while the others have gradually emerged over many years of technology evolution.
Note that these network types are a separate concept from network topologies such as bus, ring and star.
See also - Introduction to Network Topologies
LAN - Local Area Network
A LAN connects network devices over a relatively short distance. A networked office building, school, or home usually contains a single LAN, though sometimes one building will contain a few small LANs (perhaps one per room), and occasionally a LAN will span a group of nearby buildings. In TCP/IP networking, a LAN is often but not always implemented as a single IP subnet.
In addition to operating in a limited space, LANs are also typically owned, controlled, and managed by a single person or organization. They also tend to use certain connectivity technologies, primarily Ethernet and Token Ring.
WAN - Wide Area Network
As the term implies, a WAN spans a large physical distance. The Internet is the largest WAN, spanning the Earth.
A WAN is a geographically-dispersed collection of LANs. A network device called a router connects LANs to a WAN. In IP networking, the router maintains both a LAN address and a WAN address.
A WAN differs from a LAN in several important ways. Most WANs (like the Internet) are not owned by any one organization but rather exist under collective or distributed ownership and management. WANs tend to use technology like ATM, Frame Relay and X.25 for connectivity over the longer distances.
LAN, WAN and Home Networking
Residences typically employ one LAN and connect to the Internet WAN via an Internet Service Provider (ISP) using a broadband modem. The ISP provides a WAN IP address to the modem, and all of the computers on the home network use LAN (so-called private) IP addresses. All computers on the home LAN can communicate directly with each other but must go through a central gateway, typically a broadband router, to reach the ISP.
LAN - Local Area Network
WLAN - Wireless Local Area Network
WAN - Wide Area Network
MAN - Metropolitan Area Network
SAN - Storage Area Network, System Area Network, Server Area Network, or sometimes Small Area Network
CAN - Campus Area Network, Controller Area Network, or sometimes Cluster Area Network
PAN - Personal Area Network
DAN - Desk Area Network
LAN and WAN were the original categories of area networks, while the others have gradually emerged over many years of technology evolution.
Note that these network types are a separate concept from network topologies such as bus, ring and star.
See also - Introduction to Network Topologies
LAN - Local Area Network
A LAN connects network devices over a relatively short distance. A networked office building, school, or home usually contains a single LAN, though sometimes one building will contain a few small LANs (perhaps one per room), and occasionally a LAN will span a group of nearby buildings. In TCP/IP networking, a LAN is often but not always implemented as a single IP subnet.
In addition to operating in a limited space, LANs are also typically owned, controlled, and managed by a single person or organization. They also tend to use certain connectivity technologies, primarily Ethernet and Token Ring.
WAN - Wide Area Network
As the term implies, a WAN spans a large physical distance. The Internet is the largest WAN, spanning the Earth.
A WAN is a geographically-dispersed collection of LANs. A network device called a router connects LANs to a WAN. In IP networking, the router maintains both a LAN address and a WAN address.
A WAN differs from a LAN in several important ways. Most WANs (like the Internet) are not owned by any one organization but rather exist under collective or distributed ownership and management. WANs tend to use technology like ATM, Frame Relay and X.25 for connectivity over the longer distances.
LAN, WAN and Home Networking
Residences typically employ one LAN and connect to the Internet WAN via an Internet Service Provider (ISP) using a broadband modem. The ISP provides a WAN IP address to the modem, and all of the computers on the home network use LAN (so-called private) IP addresses. All computers on the home LAN can communicate directly with each other but must go through a central gateway, typically a broadband router, to reach the ISP.
access point, wireless
Wireless access points (APs or WAPs) are specially configured nodes on wireless local area networks (WLANs). Access points act as a central transmitter and receiver of WLAN radio signals.
Access points used in home or small business networks are generally small, dedicated hardware devices featuring a built-in network adapter, antenna, and radio transmitter. Access points support Wi-Fi wireless communication standards.
Although very small WLANs can function without access points in so-called "ad hoc" or peer-to-peer mode, access points support "infrastructure" mode. This mode bridges WLANs with a wired Ethernet LAN and also scales the network to support more clients. Older and base model access points allowed a maximum of only 10 or 20 clients; many newer access points support up to 255 clients.
Access points used in home or small business networks are generally small, dedicated hardware devices featuring a built-in network adapter, antenna, and radio transmitter. Access points support Wi-Fi wireless communication standards.
Although very small WLANs can function without access points in so-called "ad hoc" or peer-to-peer mode, access points support "infrastructure" mode. This mode bridges WLANs with a wired Ethernet LAN and also scales the network to support more clients. Older and base model access points allowed a maximum of only 10 or 20 clients; many newer access points support up to 255 clients.
Why can http://localhost not be found?
There can be different reasons for this behavior. You should check the following things:
Open "Services" from the administrative menu, and verify if the IIS Admin Service and the WWW Publishing Service are started.
Be sure, that you have created a defaultdocument. If not, simply create a file named default.htm and copy this into the root of your webserver.
Try to open http://127.0.0.1 in your browser. If this succeeds, you may have problems with the name resolution.
how can I am able to put .exe files on my web server so that people can download them. At the moment, if someone clicks on such a download link, it times out (even when someone makes a right-click and then uses "save-as"). What causes this problem and how can it be fixed?
Just make sure that "Allow Execution" flag is switched off in Properties page for an appropriate folder via IIS MMC.
How do you get IIS to release the dlls it calls so you can overwrite them without restarting?
To do this,just go to Component Services MMC, right-click on the package containing the DLL's and select Shut Down. Alternatively, from a command prompt type 'net stop iisamin' and then 'net start w3svc' (dll's will be released then).
How can I create a virtual Server? in win 2000 server
To create a virtual server, you have to run at least Windows 2000 Server There is no possibility to run more than one virtual server under Windows 2000 Professional! The IIS is restricted in this case. Virtual servers under IIS means the same as the "Multihomed" Apache-feature.
It gives you the possibility to use more than one domainnames on a server (using one IP-Adress). This is only possible since the HTTP 1/1 standard, which is well known.
To add a virtual server, simply open the Internet Service Manager and right-click your webservername. Then select New -> Website, and follow the instructions of the upcoming Wizard. Its very important, that you specifiy a different hostname for this new virtual server. Otherwise, you will be in conflict with other virtual servers like the Default Web Site.
It gives you the possibility to use more than one domainnames on a server (using one IP-Adress). This is only possible since the HTTP 1/1 standard, which is well known.
To add a virtual server, simply open the Internet Service Manager and right-click your webservername. Then select New -> Website, and follow the instructions of the upcoming Wizard. Its very important, that you specifiy a different hostname for this new virtual server. Otherwise, you will be in conflict with other virtual servers like the Default Web Site.
How to install Perl on Internet Information Server? on windows
To run Perl under the IIS, you need the latest version of ActivePerl. ActivePerl is distributed by ActiveState and can be free downloaded at www.activestate.com/ActivePerl/download.htm.
After you downloaded ActivePerl, you should do two things before installing it:
Open the MMC (IIS Console), and select your Webserver, and open its main properties.
After you downloaded ActivePerl, you should do two things before installing it:
Open the MMC (IIS Console), and select your Webserver, and open its main properties.
How do I configure IIS server to allow download of .exe files? in winsows server
Check to make sure you do not have the Execute option selected on the particular folder in the MMC. You normally only need to have the Scripts option setup. This is on the home directory tab for the website/or folder
What does the file extension mean? in linux
Well that's not entirely true, but the 'system' does not rely on the names of files, but some programs can and do use the extention as a hint at what type it may be. Any file can be made executable with the chmod command. If you write a program (binary or script) then to 'run it' you'll need to then do 'chmod u+x' (which sets it executable by the owner of that file).
When you tell the system to run a file that is executable, then the first few bytes of the file are examined to decide how it is to be run. Files like ELF/Java binaries will be handled by the kernel directly, and text files that start with something like "#! /path/to/some/interpreter" (often called the 'shebang line'), cause the interpreter to be executed and then the text file be used as the source code. (eg. Perl, Shell scripts, Python, tcl)
If it isn't a valid binary, and it doesn't have a shebang line, then the lines will be passed to the current shell (probably bash). So you can be lazy and not use a shebang line if you always use the same shell, but it is good practice to start your Bourne-Again-SHell scripts with #! /bin/bash
To find out information about a file, then use the 'file' command. (see 'man file' and 'man magic' for more info ) eg. try these...
file /bin/bash
file /etc/rc.d/rc.sysinit
file /usr/share/icons/xv.xpm
OK, your paths might not be the same as mine, but you get the point.
For data files, there is a huge number of different types of naming conventions used to hint at what type it might be, and some programs like mc (midnight commander - a file manager) use these to decide what program to use to view it etc....
Take a look at the file /etc/mime.types for a list of common extentions
When you tell the system to run a file that is executable, then the first few bytes of the file are examined to decide how it is to be run. Files like ELF/Java binaries will be handled by the kernel directly, and text files that start with something like "#! /path/to/some/interpreter" (often called the 'shebang line'), cause the interpreter to be executed and then the text file be used as the source code. (eg. Perl, Shell scripts, Python, tcl)
If it isn't a valid binary, and it doesn't have a shebang line, then the lines will be passed to the current shell (probably bash). So you can be lazy and not use a shebang line if you always use the same shell, but it is good practice to start your Bourne-Again-SHell scripts with #! /bin/bash
To find out information about a file, then use the 'file' command. (see 'man file' and 'man magic' for more info ) eg. try these...
file /bin/bash
file /etc/rc.d/rc.sysinit
file /usr/share/icons/xv.xpm
OK, your paths might not be the same as mine, but you get the point.
For data files, there is a huge number of different types of naming conventions used to hint at what type it might be, and some programs like mc (midnight commander - a file manager) use these to decide what program to use to view it etc....
Take a look at the file /etc/mime.types for a list of common extentions
What is the difference between statically and dynamically linked executables
It tells you how the programs were compiled. All but the simplest of programs will use functions that are part of common libraries.
When the source code is compliled, usually dynamic linking is used. This means that the program will be smaller as the common functions will not be part of the program. However, to be able to run, it will need the correct libraries to be present on your system. The README file that comes with the distribution should tell you which libraries (and versions) you will need. Dynamically linked programs also mean that the library functions only need to find their way into memory once. So as well as saving some disk space, you also save memory as more programs share some of the same space.
A statically linked program means that the common functions from the libraries have been compiled into the program. So if you see a Linux executable that has been statically linked, then you won't run into trouble trying to get it to work if you a lacking a library file, or have a version of the library that is too old. There is also another advantage, and that is that your program 'may' run a little faster with statically linked libraries.
When the source code is compliled, usually dynamic linking is used. This means that the program will be smaller as the common functions will not be part of the program. However, to be able to run, it will need the correct libraries to be present on your system. The README file that comes with the distribution should tell you which libraries (and versions) you will need. Dynamically linked programs also mean that the library functions only need to find their way into memory once. So as well as saving some disk space, you also save memory as more programs share some of the same space.
A statically linked program means that the common functions from the libraries have been compiled into the program. So if you see a Linux executable that has been statically linked, then you won't run into trouble trying to get it to work if you a lacking a library file, or have a version of the library that is too old. There is also another advantage, and that is that your program 'may' run a little faster with statically linked libraries.
about a CGI bin directory
A CGI bin directory is a special directory on the server where CGI scripts are allowed to be executed. Most servers are configured to only allow CGI scripts to be executed from one location, in order to minimize security holes. Poorly written scripts can wreak havoc on a server if allowed to run unchecked - most system admins will want to verify that the script isn't doing anything malicious before letting you run it
I install a package under a graphic environment I don't know how to use the program. How can I create an icon to access the program under X-Windows or even KDE
To run any X program, you can just start it from an xterm, ie.
netscape &
and put it in the background with '&' to carry on working in that shell. So long as the $DISPLAY environment variable is set then you should be able to try the program out.
But, about icons and things... It all depends what window manager you use. I can't answer for KDE as I've not used it. In twm fvwm fvwm-95 etc... it is a matter of looking through your .fvwmrc (or equiv) file and following the syntax already there to add a menu in the appropriate place. Coupled with the manpage for the wm then it's do-able but not that easy. Also, some wm's generate that rc file 'on the fly' with m4 or somesuch, and before you know it you find yourself going round in circles trying to find the right file to edit. If you don't have an rc file for your wm, then the system one will normally be used instead eg. /usr/X11R6/lib/X11/fvwm2/system.fvwmrc
RedHat have made this easier if you use their RPM's, as they now put supply general config files and scripts to read them and convert them into a menu item for you. (This works with several wm). However, you don't always want to be waiting for RH or someone to make an RPM.
What I use now is NextStep. In my opinion it couldn't get much simpler. There is a directory for each user called ~/GNUstep/Library/AfterStep/start
Any directories I put there appear as new popup menus on the start menu, and files containing a one line command appear as menu options. Effectively it's doing the same thing as the other wm's, as it is based on the same code, but there has been a lot of work put in to splitting the many configs down into managable chunks.
netscape &
and put it in the background with '&' to carry on working in that shell. So long as the $DISPLAY environment variable is set then you should be able to try the program out.
But, about icons and things... It all depends what window manager you use. I can't answer for KDE as I've not used it. In twm fvwm fvwm-95 etc... it is a matter of looking through your .fvwmrc (or equiv) file and following the syntax already there to add a menu in the appropriate place. Coupled with the manpage for the wm then it's do-able but not that easy. Also, some wm's generate that rc file 'on the fly' with m4 or somesuch, and before you know it you find yourself going round in circles trying to find the right file to edit. If you don't have an rc file for your wm, then the system one will normally be used instead eg. /usr/X11R6/lib/X11/fvwm2/system.fvwmrc
RedHat have made this easier if you use their RPM's, as they now put supply general config files and scripts to read them and convert them into a menu item for you. (This works with several wm). However, you don't always want to be waiting for RH or someone to make an RPM.
What I use now is NextStep. In my opinion it couldn't get much simpler. There is a directory for each user called ~/GNUstep/Library/AfterStep/start
Any directories I put there appear as new popup menus on the start menu, and files containing a one line command appear as menu options. Effectively it's doing the same thing as the other wm's, as it is based on the same code, but there has been a lot of work put in to splitting the many configs down into managable chunks.
How can I create multiple Websites using one IP-Address?
To use one IP-Address with more than one Website, you have to specifiy the HTTP 1.1 Hostheader for each Website.
The following sample explains, how to test this on your local machine:
Open the file hosts located under \winnt\system32\drivers\etc\
Add two entries as showed in this sample:
127.0.0.1 www.testdomain01.com
127.0.0.1 www.testdomain02.com
Now create two new Websites using the Internet Service Manager.
Add www.testdomain01.com as hostheader to the first new created Website and www.testdomain02.com to the second. Both Websites should use the same IP-Address (127.0.0.1).
Now you have created two Websites running on the same IP-Address. You can now start your browser to view the www.testdomain01.com and www.testdomain02.com.
The following sample explains, how to test this on your local machine:
Open the file hosts located under \winnt\system32\drivers\etc\
Add two entries as showed in this sample:
127.0.0.1 www.testdomain01.com
127.0.0.1 www.testdomain02.com
Now create two new Websites using the Internet Service Manager.
Add www.testdomain01.com as hostheader to the first new created Website and www.testdomain02.com to the second. Both Websites should use the same IP-Address (127.0.0.1).
Now you have created two Websites running on the same IP-Address. You can now start your browser to view the www.testdomain01.com and www.testdomain02.com.
What do you need to add a network printer?
1. A network printer can be a printer that is already installed on one computer in your home or office network. It does not have to be anything special.
2. You need to know the actual computer name that the printer is installed on. How to find the Computer Name?
3. Printer Sharing has to be enabled. (Go to Control Panel>Printers Settings Icon>right click on the printer icon and choose sharing. Also create a simple name for your printer here.)
4. The share name of you shared printer. It usually is the brand of the printer which could be cannon bj3000, however I like to rename it just printer.
How to add a network printer onto your home network:
1. Go to the control panel which can be found by clicking the start button.
2. In the left bar click on switch to classic view.
3. Then click on the Printer and Faxes Icon.
4. Choose to Add Printer in the left sidebar.
5. A dialog box will appear. You can choose to add a network Printer. Then ask the computer to find it. If it does find it your done.
6. When the computer does not find your network printer manually type it in yourself.
7. I have written \\server\printer$ then I pressed Next. Server is the name of the computer that has the printer installed on it, and Printer$ is the name I gave my printer when I enabled sharing.
Advantages and disadvantages to having a network printer?
Advantages:
1. You only need one printer for your entire network.
2. You save money on office equipment.
3. You save space.
Disadvantages:
1. If another user is printing hundreds of pages on the network printer you will have to wait for them to finish printing.
2. The computer the network printer is attached to must be on for the printer to function.
2. You need to know the actual computer name that the printer is installed on. How to find the Computer Name?
3. Printer Sharing has to be enabled. (Go to Control Panel>Printers Settings Icon>right click on the printer icon and choose sharing. Also create a simple name for your printer here.)
4. The share name of you shared printer. It usually is the brand of the printer which could be cannon bj3000, however I like to rename it just printer.
How to add a network printer onto your home network:
1. Go to the control panel which can be found by clicking the start button.
2. In the left bar click on switch to classic view.
3. Then click on the Printer and Faxes Icon.
4. Choose to Add Printer in the left sidebar.
5. A dialog box will appear. You can choose to add a network Printer. Then ask the computer to find it. If it does find it your done.
6. When the computer does not find your network printer manually type it in yourself.
7. I have written \\server\printer$ then I pressed Next. Server is the name of the computer that has the printer installed on it, and Printer$ is the name I gave my printer when I enabled sharing.
Advantages and disadvantages to having a network printer?
Advantages:
1. You only need one printer for your entire network.
2. You save money on office equipment.
3. You save space.
Disadvantages:
1. If another user is printing hundreds of pages on the network printer you will have to wait for them to finish printing.
2. The computer the network printer is attached to must be on for the printer to function.
I want to know how to enable/disable usb ports...
Suppose i want to prevent the users to connect any usb devices in the system. How can i do that??
Go to run and type devmgmt.msc in that click universal serialbus controllers,right click on the sub menus and disable it.
or
on the desktop, right click on MY COMPUTER, and then select MANAGE option. a new window will appear, in that select SYSTEM TOOLS, in that click on DEVICE MANAGER, on the right side of the window pane, a list wil appear,
that will show u the components attached to your system, in that select the USB port, right click and diable the port.
or
start>>settings>>controlpannel>>system>>hardware>>devise manager>>look for the usb port in the list and select it then you can see an option disable or enable accordingly on the tool bar
Go to run and type devmgmt.msc in that click universal serialbus controllers,right click on the sub menus and disable it.
or
on the desktop, right click on MY COMPUTER, and then select MANAGE option. a new window will appear, in that select SYSTEM TOOLS, in that click on DEVICE MANAGER, on the right side of the window pane, a list wil appear,
that will show u the components attached to your system, in that select the USB port, right click and diable the port.
or
start>>settings>>controlpannel>>system>>hardware>>devise manager>>look for the usb port in the list and select it then you can see an option disable or enable accordingly on the tool bar
Create a Web Site (IIS 6.0)
During installation of Internet Information Services (IIS), a default home directory and Web site configuration are created on your hard disk. Similarly, creating a Web site by using IIS Manager does not create content, but merely creates a directory structure and configuration files from which to publish the content. To publish your Web content, you can place content in the default home directory, or you can create a different home directory or virtual directory and place content there.
Important If you install ASP.NET with IIS 6.0, structure the content of your Web site so that requests for Web site content do not need to contain /bin in the request URL. As a security measure, ASP .NET returns a 404 error for all requests containing /bin in the requested URL.
Requirements
• Iis.msc.
Recommendation
As a security best practice, log on to your computer using an account that is not in the Administrators group, and then use the Run as command to run IIS Manager as an administrator. At the command prompt, type runas /user:administrative_accountname mmc %systemroot%\system32\inetsrv\iis.msc.
Procedures
To use the default Web site
1.In IIS Manager, expand the local computer, and expand the Web Sites folder.
2.Right-click Default Web Site, and select Properties.
3.On the Web Site tab, under Web site identification, type the name of your Web site in the Description box.
4.Click OK. The new name of the site appears in IIS Manager.
To create a new Web site
1.In IIS Manager, expand the local computer, and right-click the Web Sites folder.
2.Select New, and then click Web Site. The Web Site Creation Wizard appears.
3.Click Next.
4.In the Description box, type a name for your site, and then click Next.
5.Type or select the IP address (the default is All Unassigned), TCP port, and host header (for example, www.mysite.com) for your site.
6.Click Next.
7.In the Path box, type the name of the directory or click Browse to navigate to the directory that contains, or will contain, the site content.
8.Click Next.
9.Select the check boxes for the Web site access permissions you want to assign to your users, and then click Next.
10.Click Finish.
11.To change these and other settings later, right-click the Web site, and select Properties.
Important If you install ASP.NET with IIS 6.0, structure the content of your Web site so that requests for Web site content do not need to contain /bin in the request URL. As a security measure, ASP .NET returns a 404 error for all requests containing /bin in the requested URL.
Requirements
• Iis.msc.
Recommendation
As a security best practice, log on to your computer using an account that is not in the Administrators group, and then use the Run as command to run IIS Manager as an administrator. At the command prompt, type runas /user:administrative_accountname mmc %systemroot%\system32\inetsrv\iis.msc.
Procedures
To use the default Web site
1.In IIS Manager, expand the local computer, and expand the Web Sites folder.
2.Right-click Default Web Site, and select Properties.
3.On the Web Site tab, under Web site identification, type the name of your Web site in the Description box.
4.Click OK. The new name of the site appears in IIS Manager.
To create a new Web site
1.In IIS Manager, expand the local computer, and right-click the Web Sites folder.
2.Select New, and then click Web Site. The Web Site Creation Wizard appears.
3.Click Next.
4.In the Description box, type a name for your site, and then click Next.
5.Type or select the IP address (the default is All Unassigned), TCP port, and host header (for example, www.mysite.com) for your site.
6.Click Next.
7.In the Path box, type the name of the directory or click Browse to navigate to the directory that contains, or will contain, the site content.
8.Click Next.
9.Select the check boxes for the Web site access permissions you want to assign to your users, and then click Next.
10.Click Finish.
11.To change these and other settings later, right-click the Web site, and select Properties.
How to attach and detach databases in SQL server.
Open MSSQL management studio
login user with admin privileges
To detach database
expand databases tab
Select database (which you want to attach are detach)
Right click on selected database ?tasks ? detach ?OK
To Atach database
After login the user with admin privileges
Right click on databases ?Attach ?select ldf and mdf fles ?OK
login user with admin privileges
To detach database
expand databases tab
Select database (which you want to attach are detach)
Right click on selected database ?tasks ? detach ?OK
To Atach database
After login the user with admin privileges
Right click on databases ?Attach ?select ldf and mdf fles ?OK
Thursday, November 25, 2010
in xampp What is where?
What is where? A big question of our existens, here are some answers! ;)
IMPORTANT FILES AND DIRECTORIES
File/Directory Purpose
/opt/lampp/bin/ The XAMPP commands home. /opt/lampp/bin/mysql calls for example the MySQL monitor.
/opt/lampp/htdocs/ The Apache DocumentRoot directory.
/opt/lampp/etc/httpd.conf The Apache configuration file.
/opt/lampp/etc/my.cnf The MySQL configuration file.
/opt/lampp/etc/php.ini The PHP configuration file.
/opt/lampp/etc/proftpd.conf The ProFTPD configuration file. (since 0.9.5)
/opt/lampp/phpmyadmin/config.inc.php The phpMyAdmin configuration file.
IMPORTANT FILES AND DIRECTORIES
File/Directory Purpose
/opt/lampp/bin/ The XAMPP commands home. /opt/lampp/bin/mysql calls for example the MySQL monitor.
/opt/lampp/htdocs/ The Apache DocumentRoot directory.
/opt/lampp/etc/httpd.conf The Apache configuration file.
/opt/lampp/etc/my.cnf The MySQL configuration file.
/opt/lampp/etc/php.ini The PHP configuration file.
/opt/lampp/etc/proftpd.conf The ProFTPD configuration file. (since 0.9.5)
/opt/lampp/phpmyadmin/config.inc.php The phpMyAdmin configuration file.
Start and stop commands for xampp services
start and stop parameters
/opt/lampp/lampp could only start and stop XAMPP.
START AND STOP PARAMETERS
Parameter Description
--------------------------
start Starts XAMPP.
stop Stops XAMPP.
restart Stops and starts XAMPP.
startapache Starts only the Apache.
startssl Starts the Apache SSL support. This command activates the SSL support permanently, e.g. if you restarts XAMPP in the future SSL will stay activated.
startmysql Starts only the MySQL database.
startftp Starts the ProFTPD server. Via FTP you can upload files for your web server (user "nobody", password "lampp"). This command activates the ProFTPD permanently, e.g. if you restarts XAMPP in the future FTP will stay activated.
stopapache Stops the Apache.
stopssl Stops the Apache SSL support. This command deactivates the SSL support permanently, e.g. if you restarts XAMPP in the future SSL will stay deactivated.
stopmysql Stops the MySQL database.
stopftp Stops the ProFTPD server. This command deactivates the ProFTPD permanently, e.g. if you restarts XAMPP in the future FTP will stay deactivated.
security Starts a small security check programm.
For example: To start Apache with SSL support simply type in the following command (as root):
/opt/lampp/lampp startssl
You can also access your Apache server via SSL under https://localhost.
/opt/lampp/lampp could only start and stop XAMPP.
START AND STOP PARAMETERS
Parameter Description
--------------------------
start Starts XAMPP.
stop Stops XAMPP.
restart Stops and starts XAMPP.
startapache Starts only the Apache.
startssl Starts the Apache SSL support. This command activates the SSL support permanently, e.g. if you restarts XAMPP in the future SSL will stay activated.
startmysql Starts only the MySQL database.
startftp Starts the ProFTPD server. Via FTP you can upload files for your web server (user "nobody", password "lampp"). This command activates the ProFTPD permanently, e.g. if you restarts XAMPP in the future FTP will stay activated.
stopapache Stops the Apache.
stopssl Stops the Apache SSL support. This command deactivates the SSL support permanently, e.g. if you restarts XAMPP in the future SSL will stay deactivated.
stopmysql Stops the MySQL database.
stopftp Stops the ProFTPD server. This command deactivates the ProFTPD permanently, e.g. if you restarts XAMPP in the future FTP will stay deactivated.
security Starts a small security check programm.
For example: To start Apache with SSL support simply type in the following command (as root):
/opt/lampp/lampp startssl
You can also access your Apache server via SSL under https://localhost.
Installing Apache
#apt-get install apache2
#apt-get install apache2-doc
Now we'll do a quick check to verify Apache is running.
#/etc/init.d/apache2 start
Starting web server: Apache2httpd (pid 11205) already running
Now, try browsing with you IP Address/Localhost/LoopBackAdd
The default Apache files are stored in /var/www/
So, if you get an error, check this location for any files. If there are no files, move some html files and check again.
For Accessing Directories other than from /var/www, create a Virtual Directory.
Virtual Directories in Apache lets you browse websites with a http://localhost/sitename.
If the physical path for /sitename is located at a different location.
Solution:
Add the Following Lines to httpd.conf or conf.d/apache2.conf file(which are located in apache directory) and do the changes as per your requirement
Alias /sitename "/sites/sitename"
<Directory "/sites/sitename ">
Options Indexes FollowSymLinks Includes ExecCGI
AllowOverride All
Order allow, deny
Allow from all
</Directory>
Install and configure xampp on linux
To install xampp download software from below link
http://www.apachefriends.org/en/xampp-linux.html#377
Installation
After downloading simply type in the following commands:
1. Go to a Linux shell and login as the system administrator root:
su
2. Extract the downloaded archive file to /opt:
tar xvfz xampp-linux-1.7.3a.tar.gz -C /opt
Warning: Please use only this command to install XAMPP. DON'T use any Microsoft Windows tools to extract the archive, it won't work.
Warning 2: already installed XAMPP versions get overwritten by this command.
That's all. XAMPP is now installed below the /opt/lampp directory.
Start
To start XAMPP simply call this command:
/opt/lampp/lampp start
You should now see something like this on your screen:
Starting XAMPP 1.7.3a...
LAMPP: Starting Apache...
LAMPP: Starting MySQL...
LAMPP started.
Ready. Apache and MySQL are running.
Test
OK, that was easy but how can you check that everything really works? Just type in the following URL at your favourite web browser:
http://localhost
Now you should see the start page of XAMPP containing some links to check the status of the installed software and some small programming examples.
The Instant Art example: A small PHP/GD program (since 0.9.6pre1 also a flashy PHP/Ming example, see screenshot).
security
XAMPP is not meant for production use but only for developers in a development environment. The way XAMPP is configured is to be open as possible and allowing the developer anything he/she wants. For development environments this is great but in a production environment it could be fatal
Here a list of missing security in XAMPP:
1. The MySQL administrator (root) has no password.
2. The MySQL daemon is accessible via network.
3. ProFTPD uses the password "lampp" for user "nobody".
4. PhpMyAdmin is accessible via network.
5. Examples are accessible via network.
6. MySQL and Apache running under the same user (nobody).
To fix most of the security weaknesses simply call the following command:
/opt/lampp/lampp security
It starts a small security check and makes your XAMPP installation quite secure. For example this protects the XAMPP demo pages by a username ('lampp') and password combination.
http://www.apachefriends.org/en/xampp-linux.html#377
Installation
After downloading simply type in the following commands:
1. Go to a Linux shell and login as the system administrator root:
su
2. Extract the downloaded archive file to /opt:
tar xvfz xampp-linux-1.7.3a.tar.gz -C /opt
Warning: Please use only this command to install XAMPP. DON'T use any Microsoft Windows tools to extract the archive, it won't work.
Warning 2: already installed XAMPP versions get overwritten by this command.
That's all. XAMPP is now installed below the /opt/lampp directory.
Start
To start XAMPP simply call this command:
/opt/lampp/lampp start
You should now see something like this on your screen:
Starting XAMPP 1.7.3a...
LAMPP: Starting Apache...
LAMPP: Starting MySQL...
LAMPP started.
Ready. Apache and MySQL are running.
Test
OK, that was easy but how can you check that everything really works? Just type in the following URL at your favourite web browser:
http://localhost
Now you should see the start page of XAMPP containing some links to check the status of the installed software and some small programming examples.
The Instant Art example: A small PHP/GD program (since 0.9.6pre1 also a flashy PHP/Ming example, see screenshot).
security
XAMPP is not meant for production use but only for developers in a development environment. The way XAMPP is configured is to be open as possible and allowing the developer anything he/she wants. For development environments this is great but in a production environment it could be fatal
Here a list of missing security in XAMPP:
1. The MySQL administrator (root) has no password.
2. The MySQL daemon is accessible via network.
3. ProFTPD uses the password "lampp" for user "nobody".
4. PhpMyAdmin is accessible via network.
5. Examples are accessible via network.
6. MySQL and Apache running under the same user (nobody).
To fix most of the security weaknesses simply call the following command:
/opt/lampp/lampp security
It starts a small security check and makes your XAMPP installation quite secure. For example this protects the XAMPP demo pages by a username ('lampp') and password combination.
Linux or UNIX change file permissions recursively ( conditional )
How do I recursively change files with 777 permissions to 755 in /home/user/demo directory? I have a number of files in this directory and I need to change from 777 to only if that file has 777 permissions.
Is there an easy way out to achieve this?
To change file access permissions you use chmod command. It has -R or -recursive option that change files and directories recursively. For example
$ chmod -R 0755 directory
However, if you need to apply conditional file permissions recursively use combination of find and chmod command.
Find all files in /home/user/demo directory
$ find /home/user/demo -print
Now find all files in /home/user/demo directory with permission 777
$ find /home/user/demo -perm 777 -print
Next you need to apply chmod on all these files using -exec option:
$ find /home/user/demo -perm 777 -print -exec chmod 755 {} \;
Is there an easy way out to achieve this?
To change file access permissions you use chmod command. It has -R or -recursive option that change files and directories recursively. For example
$ chmod -R 0755 directory
However, if you need to apply conditional file permissions recursively use combination of find and chmod command.
Find all files in /home/user/demo directory
$ find /home/user/demo -print
Now find all files in /home/user/demo directory with permission 777
$ find /home/user/demo -perm 777 -print
Next you need to apply chmod on all these files using -exec option:
$ find /home/user/demo -perm 777 -print -exec chmod 755 {} \;
Linux Files and File Permission
Linux files are setup so access to them is controlled. There are three types of access:
1. read
2. write
3. execute
Each file belongs to a specific user and group. Access to the files is controlled by user, group, and what is called other. The term, other, is used to refer to someone who is not the user (owner) of the file, nor is the person a member of the group the file belongs to. When talking about setting permissions for "other" users to use, it is commonly referred to as setting the world execute, read, or write bit since anyone in the world will be able to perform the operation if the permission is set in the other category.
File names and permission characters
File names can be up to 256 characters long with "-", "_", and "." characters along with letters and numbers.
When a long file listing is done, there are 10 characters that are shown on the left that indicate type and permissions of the file. File permissions are shown according to the following syntax example: drwerwerwe
There are a total of 10 characters in this example, as in all Linux files. The first character indicates the type of file, and the next three indicate read, write, and execute permission for each of the three user types, user, group and other. Since there are three types of permission for three users, there are a total of nine permission bits. The table below shows the syntax:
1 2 3 4 5 6 7 8 9 10
File User Permissions Group Permissions Other Permissions
Type Read Write Execute Read Write Execute Read Write Execute
d r w e r w e r w e
* Character 1 is the type of file: - is ordinary, d is directory, l is link.
* Characters 2-4 show owner permissions. Character 2 indicates read permission, character 3 indicates write permission, and character 4 indicates execute permission.
* Characters 5-7 show group permissions. Character 5=read, 6=write, 7=execute
* Characters 8-10 show permissions for all other users. Character 8=read, 9=write, 10=execute
There are 5 possible characters in the permission fields. They are:
* r = read - This is only found in the read field.
* w = write - This is only found in the write field.
* x = execute - This is only found in the execute field.
* s = setuid - This is only found in the execute field.
* If there is a "-" in a particular location, there is no permission. This may be found in any field whether read, write, or execute field.
Examples
Type "ls -l" and a listing like the following is displayed:
total 10
drwxrwxrwx 4 george team1 122 Dec 12 18:02 Projects
-rw-rw-rw- 1 george team1 1873 Aug 23 08:34 test
-rw-rw-rw- 1 george team1 1234 Sep 12 11:13 datafile
Which means the following:
Type and # of Files's File's Size in Date of last Filename
Permission field Links Owner Group Bytes modification
| | | | | | |
drwxrwxrwx 4 george team1 122 Dec 12 18:02 Projects
The fields are as follows:
1. Type field: The first character in the field indicates a file type of one of the following:
* d = directory
* l = symbolic link
* s = socket
* p = named pipe
* - = regular file
* c= character (unbuffered) device file special
* b=block (buffered) device file special
2. Permissions are explained above.
3. Links: The number of directory entries that refer to the file. In our example, there are four.
4. The file's owner in our example is George.
5. The group the file belongs to. In our example, the group is team1.
6. The size of the file in bytes
7. The last modification date. If the file is recent, the date and time is shown. If the file is not in the current year, the year is shown rather than time.
8. The name of the file.
Set User Identification Attribute
The file permissions bits include an execute permission bit for file owner, group and other. When the execute bit for the owner is set to "s" the set user ID bit is set. This causes any persons or processes that run the file to have access to system resources as though they are the owner of the file. When the execute bit for the group is set to "s", the set group ID bit is set and the user running the program is given access based on access permission for the group the file belongs to. The following command:
chmod +s myfile
sets the user ID bit on the file "myfile". The command:
chmod g+s myfile
sets the group ID bit on the file "myfile".
The listing below shows a listing of two files that have the group or user ID bit set.
-rws--x--x 1 root root 14024 Sep 9 1999 chfn
-rwxr-sr-x 1 root mail 12072 Aug 16 1999 lockfile
The files chfn and lockfile are located in the directory "/usr/bin". The "s" takes the place of the normal location of the execute bit in the file listings above. This special permission mode has no meaning unless the file has execute permission set for either the group or other as well. This means that in the case of the lockfile, if the other users (world execute) bit is not set with permission to execute, then the user ID bit set would be meaningless since only that same group could run the program anyhow. In both files, everyone can execute the binary. The first program, when run is executed as though the program is the root user. The second program is run as though the group "mail" is the user's group.
For system security reasons it is not a good idea to set many program's set user or group ID bits any more than necessary, since this can allow an unauthorized user privileges in sensitive system areas. If the program has a flaw that allows the user to break out of the intended use of the program, then the system can be compromised.
Directory Permissions
There are two special bits in the permissions field of directories. They are:
* s - Set group ID
* t - Save text attribute (sticky bit) - The user may delete or modify only those files in the directory that they own or have write permission for.
Save text attribute
The /tmp directory is typically world-writable and looks like this in a listing:
drwxrwxrwt 13 root root 4096 Apr 15 08:05 tmp
Everyone can read, write, and access the directory. The "t'' indicates that only the user (and root, of course) that created a file in this directory can delete that file.
To set the sticky bit in a directory, do the following:
chmod +t data
This option should be used carefully. A possible alternative to this is
1. Create a directory in the user's home directory to which he or she can write temporary files.
2. Set the TMPDIR environment variable using each user's login script.
3. Programs using the tempnam(3) function will look for the TMPDIR variable and use it, instead of writing to the /tmp directory.
Directory Set Group ID
If the setgid bit on a directory entry is set, files in that directory will have the group ownership as the directory, instead of than the group of the user that created the file.
This attribute is helpful when several users need access to certain files. If the users work in a directory with the setgid attribute set then any files created in the directory by any of the users will have the permission of the group. For example, the administrator can create a group called spcprj and add the users Kathy and Mark to the group spcprj. The directory spcprjdir can be created with the set GID bit set and Kathy and Mark although in different primary groups can work in the directory and have full access to all files in that directory, but still not be able to access files in each other's primary group.
The following command will set the GID bit on a directory:
chmod g+s spcprjdir
The directory listing of the directory "spcprjdir":
drwxrwsr-x 2 kathy spcprj 1674 Sep 17 1999 spcprjdir
The "s'' in place of the execute bit in the group permissions causes all files written to the directory "spcprjdir" to belong to the group "spcprj" .
Examples
Below are examples of making changes to permissions: chmod u+x myfile Gives the user execute permission on myfile.
chmod +x myfile Gives everyone execute permission on myfile.
chmod ugo+x myfile Same as the above command, but specifically specifies user, group and other.
chmod 400 myfile Gives the user read permission, and removes all other permission. These permissions are specified in octal, the first char is for the user, second for the group and the third is for other. The high bit (4) is for read access, the middle bit (2) os for write access, and the low bit (1) is for execute access.
chmod 764 myfile Gives user full access, group read and write access, and other read access.
chmod 751 myfile Gives user full access, group read and execute permission, and other, execute permission.
chmod +s myfile Set the setuid bit.
chmod go=rx myfile Remove read and execute permissions for the group and other.
Below are examples of making changes to owner and group: chown mark test1 Changes the owner of the file test1 to the user Mark.
chgrp mark test1 Changes the file test1 to belong to the group "mark".
Note: Linux files were displayed with a default tab value of 8 in older Linux versions. That means that file names longer than 8 may not be displayed fully if you are using an old Linux distribution. There is an option associated with the ls command that solves this problem. It is "-T". Ex: "ls al -T 30" to make the tab length 30.
Umask Settings
The umask command is used to set and determine the default file creation permissions on the system. It is the octal complement of the desired file mode for the specific file type. Default permissions are:
* 777 - Executable files
* 666 - Text files
These defaults are set allowing all users to execute an executable file and not to execute a text file. The defaults allow all users can read and write the file.
The permission for the creation of new executable files is calculated by subtracting the umask value from the default permission value for the file type being created. An example for a text file is shown below with a umask value of 022:
666 Default Permission for text file
-022 Minus the umask value
-----
644 Allowed Permissions
Therefore the umask value is an expression of the permissions the user, group and world will not have as a default with regard to reading, writing, or executing the file. The umask value here means the group the file belongs to and users other than the owner will not be able to write to the file. In this case, when a new text file is created it will have a file permission value of 644, which means the owner can read and write the file, but members of the group the file belongs to, and all others can only read the file. A long directory listing of a file with these permissions set is shown below.
-rw-r--r-- 1 root workgrp 14233 Apr 24 10:32 textfile.txt
A example command to set the umask is:
umask 022
The most common umask setting is 022. The /etc/profile script is where the umask command is usually set for all users.
Red Hat Linux has a user and group ID creation scheme where there is a group for each user and only that user belongs to that group. If you use this scheme consistently you only need to use 002 for your umask value with normal users.
1. read
2. write
3. execute
Each file belongs to a specific user and group. Access to the files is controlled by user, group, and what is called other. The term, other, is used to refer to someone who is not the user (owner) of the file, nor is the person a member of the group the file belongs to. When talking about setting permissions for "other" users to use, it is commonly referred to as setting the world execute, read, or write bit since anyone in the world will be able to perform the operation if the permission is set in the other category.
File names and permission characters
File names can be up to 256 characters long with "-", "_", and "." characters along with letters and numbers.
When a long file listing is done, there are 10 characters that are shown on the left that indicate type and permissions of the file. File permissions are shown according to the following syntax example: drwerwerwe
There are a total of 10 characters in this example, as in all Linux files. The first character indicates the type of file, and the next three indicate read, write, and execute permission for each of the three user types, user, group and other. Since there are three types of permission for three users, there are a total of nine permission bits. The table below shows the syntax:
1 2 3 4 5 6 7 8 9 10
File User Permissions Group Permissions Other Permissions
Type Read Write Execute Read Write Execute Read Write Execute
d r w e r w e r w e
* Character 1 is the type of file: - is ordinary, d is directory, l is link.
* Characters 2-4 show owner permissions. Character 2 indicates read permission, character 3 indicates write permission, and character 4 indicates execute permission.
* Characters 5-7 show group permissions. Character 5=read, 6=write, 7=execute
* Characters 8-10 show permissions for all other users. Character 8=read, 9=write, 10=execute
There are 5 possible characters in the permission fields. They are:
* r = read - This is only found in the read field.
* w = write - This is only found in the write field.
* x = execute - This is only found in the execute field.
* s = setuid - This is only found in the execute field.
* If there is a "-" in a particular location, there is no permission. This may be found in any field whether read, write, or execute field.
Examples
Type "ls -l" and a listing like the following is displayed:
total 10
drwxrwxrwx 4 george team1 122 Dec 12 18:02 Projects
-rw-rw-rw- 1 george team1 1873 Aug 23 08:34 test
-rw-rw-rw- 1 george team1 1234 Sep 12 11:13 datafile
Which means the following:
Type and # of Files's File's Size in Date of last Filename
Permission field Links Owner Group Bytes modification
| | | | | | |
drwxrwxrwx 4 george team1 122 Dec 12 18:02 Projects
The fields are as follows:
1. Type field: The first character in the field indicates a file type of one of the following:
* d = directory
* l = symbolic link
* s = socket
* p = named pipe
* - = regular file
* c= character (unbuffered) device file special
* b=block (buffered) device file special
2. Permissions are explained above.
3. Links: The number of directory entries that refer to the file. In our example, there are four.
4. The file's owner in our example is George.
5. The group the file belongs to. In our example, the group is team1.
6. The size of the file in bytes
7. The last modification date. If the file is recent, the date and time is shown. If the file is not in the current year, the year is shown rather than time.
8. The name of the file.
Set User Identification Attribute
The file permissions bits include an execute permission bit for file owner, group and other. When the execute bit for the owner is set to "s" the set user ID bit is set. This causes any persons or processes that run the file to have access to system resources as though they are the owner of the file. When the execute bit for the group is set to "s", the set group ID bit is set and the user running the program is given access based on access permission for the group the file belongs to. The following command:
chmod +s myfile
sets the user ID bit on the file "myfile". The command:
chmod g+s myfile
sets the group ID bit on the file "myfile".
The listing below shows a listing of two files that have the group or user ID bit set.
-rws--x--x 1 root root 14024 Sep 9 1999 chfn
-rwxr-sr-x 1 root mail 12072 Aug 16 1999 lockfile
The files chfn and lockfile are located in the directory "/usr/bin". The "s" takes the place of the normal location of the execute bit in the file listings above. This special permission mode has no meaning unless the file has execute permission set for either the group or other as well. This means that in the case of the lockfile, if the other users (world execute) bit is not set with permission to execute, then the user ID bit set would be meaningless since only that same group could run the program anyhow. In both files, everyone can execute the binary. The first program, when run is executed as though the program is the root user. The second program is run as though the group "mail" is the user's group.
For system security reasons it is not a good idea to set many program's set user or group ID bits any more than necessary, since this can allow an unauthorized user privileges in sensitive system areas. If the program has a flaw that allows the user to break out of the intended use of the program, then the system can be compromised.
Directory Permissions
There are two special bits in the permissions field of directories. They are:
* s - Set group ID
* t - Save text attribute (sticky bit) - The user may delete or modify only those files in the directory that they own or have write permission for.
Save text attribute
The /tmp directory is typically world-writable and looks like this in a listing:
drwxrwxrwt 13 root root 4096 Apr 15 08:05 tmp
Everyone can read, write, and access the directory. The "t'' indicates that only the user (and root, of course) that created a file in this directory can delete that file.
To set the sticky bit in a directory, do the following:
chmod +t data
This option should be used carefully. A possible alternative to this is
1. Create a directory in the user's home directory to which he or she can write temporary files.
2. Set the TMPDIR environment variable using each user's login script.
3. Programs using the tempnam(3) function will look for the TMPDIR variable and use it, instead of writing to the /tmp directory.
Directory Set Group ID
If the setgid bit on a directory entry is set, files in that directory will have the group ownership as the directory, instead of than the group of the user that created the file.
This attribute is helpful when several users need access to certain files. If the users work in a directory with the setgid attribute set then any files created in the directory by any of the users will have the permission of the group. For example, the administrator can create a group called spcprj and add the users Kathy and Mark to the group spcprj. The directory spcprjdir can be created with the set GID bit set and Kathy and Mark although in different primary groups can work in the directory and have full access to all files in that directory, but still not be able to access files in each other's primary group.
The following command will set the GID bit on a directory:
chmod g+s spcprjdir
The directory listing of the directory "spcprjdir":
drwxrwsr-x 2 kathy spcprj 1674 Sep 17 1999 spcprjdir
The "s'' in place of the execute bit in the group permissions causes all files written to the directory "spcprjdir" to belong to the group "spcprj" .
Examples
Below are examples of making changes to permissions: chmod u+x myfile Gives the user execute permission on myfile.
chmod +x myfile Gives everyone execute permission on myfile.
chmod ugo+x myfile Same as the above command, but specifically specifies user, group and other.
chmod 400 myfile Gives the user read permission, and removes all other permission. These permissions are specified in octal, the first char is for the user, second for the group and the third is for other. The high bit (4) is for read access, the middle bit (2) os for write access, and the low bit (1) is for execute access.
chmod 764 myfile Gives user full access, group read and write access, and other read access.
chmod 751 myfile Gives user full access, group read and execute permission, and other, execute permission.
chmod +s myfile Set the setuid bit.
chmod go=rx myfile Remove read and execute permissions for the group and other.
Below are examples of making changes to owner and group: chown mark test1 Changes the owner of the file test1 to the user Mark.
chgrp mark test1 Changes the file test1 to belong to the group "mark".
Note: Linux files were displayed with a default tab value of 8 in older Linux versions. That means that file names longer than 8 may not be displayed fully if you are using an old Linux distribution. There is an option associated with the ls command that solves this problem. It is "-T". Ex: "ls al -T 30" to make the tab length 30.
Umask Settings
The umask command is used to set and determine the default file creation permissions on the system. It is the octal complement of the desired file mode for the specific file type. Default permissions are:
* 777 - Executable files
* 666 - Text files
These defaults are set allowing all users to execute an executable file and not to execute a text file. The defaults allow all users can read and write the file.
The permission for the creation of new executable files is calculated by subtracting the umask value from the default permission value for the file type being created. An example for a text file is shown below with a umask value of 022:
666 Default Permission for text file
-022 Minus the umask value
-----
644 Allowed Permissions
Therefore the umask value is an expression of the permissions the user, group and world will not have as a default with regard to reading, writing, or executing the file. The umask value here means the group the file belongs to and users other than the owner will not be able to write to the file. In this case, when a new text file is created it will have a file permission value of 644, which means the owner can read and write the file, but members of the group the file belongs to, and all others can only read the file. A long directory listing of a file with these permissions set is shown below.
-rw-r--r-- 1 root workgrp 14233 Apr 24 10:32 textfile.txt
A example command to set the umask is:
umask 022
The most common umask setting is 022. The /etc/profile script is where the umask command is usually set for all users.
Red Hat Linux has a user and group ID creation scheme where there is a group for each user and only that user belongs to that group. If you use this scheme consistently you only need to use 002 for your umask value with normal users.
Setting up PhpMyAdmin on debian server
PhpMyAdmin is a web interface designed specifically for administering MySQL.
#apt-get install phpmyadmin
Also install the following if not automatically installed with above command
php4-gd php5-gd
Once the installation begins, we'll be presented with a question about which web servers to reconfigure. Since we used Apache2, be sure to check that. When prompted, go ahead and have Apache2 restarted.
To test out phpmyadmin, we'll first point our web browser to http://servername/phpmyadmin/. We will connect using the username "root" and a blank password. Once we do, phpmyadmin will greet us with stern warning about our blank password. Clicking on "Change password" will allow us to set one and get rid of that warning.
If phpmyadmin is not working, add the following line in /etc/apache2/apache.conf file
Include /etc/phpmyadmin/apache.conf
Setting up PHP on debian server
#apt-get install php4
or check the latest version in Debian website.
Also install the following if not automatically installed with above command and also install the Suggested packages if needed
apache-common libapache-mod-php4 php4 php4-mysql php4-pear
There are a few other packages we'll need to install to get Apache working with PHP.
#apt-get install libapache2-mod-php4 php4-cgi
All the necessary packages are installed, but we aren't quite done yet. Using your favorite text editor, we'll need to make some changes to /etc/apache2/apache2.conf.
First, locate the line "#AddType application/x-httpd-php .php" and un-comment the line by removing the # from the beginning. Next, we'll need to add the line below.
LoadModule php4_module /usr/lib/apache2/modules/libphp4.so
To get those changes to take effect, we'll have to restart Apache. If we don't, web browsers will be downloading our full PHP files rather than Apache processing them first.
/etc/init.d/apache2 restart
Note: If we get an error while restarting, saying the module is already loaded, we can go ahead and remove the LoadModule Line added above.
To show that PHP is working, we'll place a PHP file in our web folder, and browse it through a Web Browser.
Installing and Setting up MySQL on debian linux
#apt-get install mysql-server5.0
or check the latest version in Debian website.
Also install the following if not automatically installed with above command
libdbd-mysql-perl, libmysqlclient12, mysql-client, mysql-common
Before moving on, we'll make sure that MySQL service is running.
#/etc/init.d/mysql start
Starting MySQL database server: mysqld...already running.
Subscribe to:
Posts (Atom)