C2110 UNIX operating system and programming basics 2nd lesson -1C2110 UNIX and Programming Petr Kulhánek kulhanek@chemi.muni.cz National Centre for Biomolecular Research, Faculty of Science, Masaryk University, Kamenice 5, CZ-62500 Brno 2nd lesson Linux as a multi-user system C2110 UNIX operating system and programming basics 2nd lesson -2Linux vs UNIX In informatics, UNIX is a trademark of operating system created by Bell Labs of US company AT&T in 1969. The trademark is currently owned by The Open Group consortium, and can be used only by systems that are certified according to the Single UNIX Specification. Various systems exist, that are to the varying degree compatible with Unix, but cannot or do not want to pay license fees. Because of that, they often use names that link to the name UNIX (for example, Xenix, MINIX, Linux), but they can be named differently (for example, BSD, variants OpenBSD, NetBSD, but also Mac OS X, etc.). They are collectively known as the Unix-like Systems. GNU/Linux or just Linux is term used for an operating system based on Linux kernel. The first version of the kernel was programmed by Linus Torvalds in 1991, who is still actively involved in its further development. Adapted from: https://cs.wikipedia.org/wiki/Unix https://cs.wikipedia.org/wiki/Linux https://cs.wikipedia.org/wiki/Linux_%28j%C3%A1dro%29 C2110 UNIX operating system and programming basics 2nd lesson -3- Contents ➢ Revision • terminals, command line ➢ Commands • manual pages ➢ Remote log in • ssh, transmission security (encryption), nested logging in, • running GUI applications, password-less login (Kerberos) ➢ Virtualization • what is virtualization, typical use, overview of hypervisors, MS Windows in VirtualBox, Putty, installing Ubuntu OS C2110 UNIX operating system and programming basics 2nd lesson -4- Revision ➢ terminals ➢ command line C2110 UNIX operating system and programming basics 2nd lesson -5- Terminals Command line is accessible directly from the text terminals. In a graphical environment, X11 must be run in the appropriate application emulating the text terminal: ➢ gnome-terminal (Terminal) ➢ konsole ➢ xterm xterm konsole simple, standard on all UNIX and UNIX-like systems Default directory is: /home/username simple, yet highly configurable gnome-terminal C2110 UNIX operating system and programming basics 2nd lesson -6Command Line [kulhanek@wolf ~]$ username machinename default directory (~ is your home directory /home/username) Prompt - user type / calls ($ normal user, # super user, another possibilities %, >) place for commands Command is executed by hitting Enter. History: It is possible to scroll through the list of previously used commands by using the up and down arrow keys . The command from history can be reused or modified before use. History is also accessible by command history. Notation: $ ls –l $ ssh wolf01.wolf.inet ls –l # apt-get install firefox Means new line. Characters $ and # are not typed to command line C2110 UNIX operating system and programming basics 2nd lesson -7- Commands ➢ manual pages C2110 UNIX operating system and programming basics 2nd lesson -8Command Help Manual pages (what to do if you get lost): man command displays the manual page $ man [section_number] topic Available sections: ❑ Section 1 user commands ❑ Section 2 system calls ❑ Section 3 library functions ❑ Section 4 special files ❑ Section 5 file formats name of command, function, topic, chapter etc. Section number should be quoted in subjects with the same name assigned to different sections. ❑ Section 6 games ❑ Section 7 conventions and miscellany ❑ Section 8 administration and privileged commands ❑ Section L math library functions ❑ Section N tcl functions $ man 1 printf $ man 3 printf Manunal page of command printf Manual page of print() function in C language C2110 UNIX operating system and programming basics 2nd lesson -9Help, Looking for Commands Navigation in the manual: ● shifting the text line by line (up and down arrow keys or j and k) ● shifting the text by page (PgDn and PgUp keys or f and b) ● searching (/search_text, n key for further search) ● closing the manual (key q) On-line manual pages in HTML format: http://linux.die.net/man/ Useful commands: whatis displays a short description of a command (from the man page) apropos searches for commands containing specified word in the manual pages info views info pages of a command (similar to man pages) C2110 UNIX operating system and programming basics 2nd lesson -10Command Syntax $ command [options] [--] [arguments] short options -a -as or -a -s -f test.txt long options --file test.txt end of options entering, has to be used only in very specific cases, is not used regularly. arguments main data or information given to the command must be given in a specific order [] marks optional arguments or options <> marks mandatory options or arguments, can be stated without brackets Options expand/change behavior of the command and can be given in any order C2110 UNIX operating system and programming basics 2nd lesson -11- Commands man manual pages of commands whatis displays a short description of a command (from the manual page) apropos searches for commands containing specified word in the manual page info displays info pages of a command (similar to man pages) whoami prints the name of the logged user hostname prints the name of the machine on which you are logged in id prints identification data of the logged user and user’s groups w prints users logged on the machine and their actions who prints users logged on the machine ps displays running processes top monitors running processes ssh command for secure login to the remote machine C2110 UNIX operating system and programming basics 2nd lesson -12Exercise I 1. What is the full name of your computer? (command hostname and an option according to the manual pages) 2. Display your user name by whoami command. 3. What is your identification number (UID)? 4. Find out who is logged to your work station by using commands w and who. 5. What is the difference between commands w and who according to the manual pages? 6. Find manual pages from section 1, that contain key word directory or directories. Which command is used to make directories? 7. Monitor running processes by top command (press q to quit the program) C2110 UNIX operating system and programming basics 2nd lesson -13Remote Login ➢ ssh ➢ encryption ➢ nested login ➢ remote running of graphical applications ➢ password-less login (Kerberos) C2110 UNIX operating system and programming basics 2nd lesson -14Remote Login Several options for remote login (rsh, XDMCP, etc.) exist, but the most used and safest is the Secure shell (ssh) $ ssh [user@]hostname [command] Syntax: user name; if not stated, ssh uses name of the logged user machine name [] - can be skipped Logout: Remote interactive logins (sessions) are terminated by exit. Examples: $ ssh wolf.ncbr.muni.cz $ ssh wolf01 who command we want to execute, if command is not stated, command line is opened up in interactive mode C2110 UNIX operating system and programming basics 2nd lesson -15First Remote Login [kulhanek@wolf01 ~]$ ssh wolf02 The authenticity of host 'wolf02 (10.251.28.102)' can't be established. ECDSA key fingerprint is 1f:9d:f3:d3:1d:24:28:12:56:30:99:ef:2d:68:d2:cf. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added 'wolf02,10.251.28.102' (ECDSA) to the list of known hosts. [kulhanek@wolf02 ~]$ When you login to a machine for the first time, it is required to confirm the authenticity of the machine. Fingerprint can be accepted without verification only in secure networks. In non-secure environment, it is appropriate to certify the fingerprint of machine by an independent way (e.g., by sending fingerprints via mail by the administrator of the remote machine). Note: WOLF cluster is a safe network and the confirmation is not required between its computers C2110 UNIX operating system and programming basics 2nd lesson -16Asymmetric Encryption key I key IIpair of encryption keys message encrypted message encrypted message message encrypted messagemessage Decrypting of the message by the key for encrypting is not feasible. C2110 UNIX operating system and programming basics 2nd lesson -17Asymmetric Encryption, Usage I public key private key Sender Recipient Transfer of encrypted data: 1. obtaining the public key of the recipient 2. encrypting the message of sender by public key of recipient 3. sending encrypted messages through an insecure network 4. recipient decrypts the message with his private key network transfer message encrypted message pair of encrypting keys Anybody who steals the recipient's private key, can decrypt transmitted data! 1 2 3 4 C2110 UNIX operating system and programming basics 2nd lesson -18Asymmetric Encryption, Usage II veřejný klíč soukromý klíč Sender Recipient Validation of the sender of public message 1. encrypting data by private key of the sender 2. recipient obtains encrypted data and the public key of sender 3. recipient decrypts the data by sender's public key network transfer public message encrypted message pair of encrypting keys Anybody who steals sender's private key, can impersonate him! 1 2 3 4 public key private key C2110 UNIX operating system and programming basics 2nd lesson -19Remote Login wolf wolf03 wolf04 wolf05wolf02wolf01 wolf06 wolf07 wolf08 wolf23 ssh can perform nested remote login. ssh wolf06ssh wolf ssh wolf02 ssh wolf02 Each level of remote login increases overhead, therefore, if possible, use the most direct path to log in Nested remote login must be used to access the computers in private networks. (details in supercomputing C2115). C2110 UNIX operating system and programming basics 2nd lesson -20Exercise II 1. Log in to the remote node wolf01.ncbr.muni.cz 2. Verify that this is indeed a node wolf01 (hostname command). Using commands w and who find out who is the node logged in. 3. Log off from node wolf01.ncbr.muni.cz 4. Find out who is logged onto the node wolf01.ncbr.muni.cz without using the interactive session. C2110 UNIX operating system and programming basics 2nd lesson -21Remote GUI Applications Graphical User Interface (GUI) can be run directly in the X11 environment (graphical terminal) or by exporting display from the remote desktop environment with X11. Direct usage Display export aplikace wolf01 application wolf01 wolf01 wolf02 application GUI = Graphical User Interface C2110 UNIX operating system and programming basics 2nd lesson -22Display Export application wolf01 wolf02 ssh command sets all requirements for display export automatically when using option -X (large X). [wolf01] $ ssh -X wolf02 [wolf02] $ ./my_application Option -x (lowercase x) forbid the export Display export can also be done manually, however, it is necessary to set the DISPLAY variable correctly and execute commands xhost and xauth Option -X is enabled by default on the WOLF cluster. C2110 UNIX operating system and programming basics 2nd lesson -23Display Export - Recommendations ➢ Display export requires high quality of network connectivity with low latency and high transfer speed ➢ Requirements for the transfer speed and compatibility of the graphical interfaces of the local and remote computer rise in the case of applications displaying 3D graphics (OpenGL). ➢ It is recommended to avoid display export (by e.g., moving the data to the local computer and displaying them by application run locally). It is more suitable to use VNC (Virtual Network Computing) when display export is necessary. Notes to VNC: ➢ WOLF cluster has forbidden ports 5900 and higher (firewall), which are by default used by VND protocol. Therefore, VNC client must be connected to the VNC server through the appropriate port by an ssh tunel. ➢ All requirements are automatically set by module tigervnc on machines with available Infinity environment. $ module help tigervnc C2110 UNIX operating system and programming basics 2nd lesson -24Exercise III 1. Log in to your colleague's workstation. 2. Run on his machine program nemesis (module nemesis) 3. Verify in the list of running programs (ps -e), that the application really runs on the remote machine. 4. Verify that your workstation is running nemesis (ps -u username) started by your colleague. 5. What do the options e and u of ps command do? Work in pairs, use multiple terminals C2110 UNIX operating system and programming basics 2nd lesson -25- Kerberos https://cs.wikipedia.org/wiki/Kerberos_%28protokol%29 Why do I do not need to retype my password? More detailed information in the C2115 course. C2110 UNIX operating system and programming basics 2nd lesson -26- Kerberos Kerberos is a network authentication protocol, that allows anyone to securely prove their identity to someone else in non secure network. Kerberos prevents listening to or repeating of such communication and ensures data integrity. It was created primarily for client-server model and provides mutual authentication - both client and server identify their counterparts. Kerberos is based on symmetric cryptography, and therefore needs a trustworthy third party. Optionally, you may use asymmetric encryption in some parts of authentication process. Kerberos has strict requirements for time synchronization of clients and servers. Tickets have given lifetime and if the client time is not synchronized with the server time, authentication fails. Standard setting by MIT requires that these times do not differ by more than 5 minutes. In practice, NTP (Network Time Protocol) is used to synchronize time. wikipedia.org WOLF cluster uses Kerberos system to authenticate the user's identity. After primary verification (username/password), the user obtains a ticket from META realm. While the ticket is valid, it authenticates the user to use services of the cluster and to log in on machines of the same realm without further typing of password. C2110 UNIX operating system and programming basics 2nd lesson -27- Commands kinit creates new Kerberos ticket klist prints existing Kerberos tickets kdestroy deletes existing Kerberos tickets [kulhanek@pes ~]$ kinit Password for kulhanek@META: [kulhanek@pes ~]$ klist Ticket cache: FILE:/tmp/krb5cc_1001 Default principal: kulhanek@META Valid starting Expires Service principal 01/30/2016 23:28:30 01/31/2016 23:28:24 krbtgt/META@META [kulhanek@pes ~]$ kdestroy [kulhanek@pes ~]$ klist klist: No credentials cache found (ticket cache FILE:/tmp/krb5cc_1001) [kulhanek@pes ~]$ META realm C2110 UNIX operating system and programming basics 2nd lesson -28Ticket Expiration When ticket expires, further access to services that require it will be denied. It can lead to errors with access denying. Some errors are might not be clear and finding the cause of the error may not be straight forward. Typically, this situation occurs in the sessions, that are opened longer than the validity of Kerberos ticket, and it is related mainly to software activated with the command module or physically located on the AFS file system (almost all the software in MetaCentrum and WOLF cluster). If something starts to behave strangely (not working software modules), verify that you have valid Kerberos tickets (klist) and eventually re-create them (kinit). C2110 UNIX operating system and programming basics 2nd lesson -29Exercise III 1. Verify the status of Kerberos ticket. When do they expire? 2. Log in to the neighboring computer using ssh. Is password required? 3. Try it again, but first remove the Kerberos tickets using command kdestroy. 4. Try it again, but first restore tickets using command kinit. C2110 UNIX operating system and programming basics 2nd lesson -30- Virtualization ➢ what is virtualization ➢ typical use ➢ overview of hypervisors ➢ MS Windows in VirtualBox ➢ installing Ubuntu OS C2110 UNIX operating system and programming basics 2nd lesson -31Virtualization - Hypervisor Hardware Host OS Hypervisor OS 1 OS 2 OS 3 Virtualization are procedures and techniques that allow to use the available resources in different ways than they physically exist. You can virtualize at different levels, from whole computer (called virtual machine) to the individual hardware components (e.g., virtual processor, virtual memory) or software-only environment (OS virtualization) Source: www.wikipedia.org Hypervisor – manager of virtual machines Guest OS (in virtual machine) C2110 UNIX operating system and programming basics 2nd lesson -32Advantages of Virtualization • Single physical machines can run multiple virtual machines (each can have different OS). • Performance of the physical hardware is better utilized (lower operating costs). • Easier backup. State of virtual machines can be recorded in a so-called snapshots, from which it is possible to restore virtual machine. • Teleportation. Virtual machines can be transferred between two physical machines with minimal time of virtual machine shutdown. Useful when replacing the defective hardware or upgrade. • Easier testing of OS. C2110 UNIX operating system and programming basics 2nd lesson -33List of Tools for Virtualization VirtualBox www.virtualbox.org Supported host OS: MS Windows, Mac OS X, Linux License: freeware + proprietary extensions for non commercial use KVM part of the host kernel Supported host OS: Linux Supports programs: virt-manager , qemu License: freeware VMWare http://www.vmware.com/ Supported host OS: MS Windows, Linux License: commercial C2110 UNIX operating system and programming basics 2nd lesson -34MS Windows in WOLF cluster Launched MS Windows XP in a virtual machine (VirtualBox hypervisor) $ /win/win7uc/start C2110 UNIX operating system and programming basics 2nd lesson -35Control of Virtual Machine Switching to/from Fullscreen Host = (righ key Ctrl) (MS Windows and Linux) Pressing keys Ctrl+Alt+Del C2110 UNIX operating system and programming basics 2nd lesson -36Turning Off the Virtual Machine Right way to turn off Wrong way of turn off C2110 UNIX operating system and programming basics 2nd lesson -37- Putty Putty http://www.chiark.greenend.org.uk/~sgtatham/putty/ Implementation of SSH (Secure Shell) for Windows, which allows remote log in to computers that support this type of protocol (mostly Unix). C2110 UNIX operating system and programming basics 2nd lesson -38Putty – settings wolf.ncbr.muni.cz Address of remote machine For proper function of the backspace key. C2110 UNIX operating system and programming basics 2nd lesson -39Putty – settings II mouse selection compatible with Unix terminal non-proportional font (all characters have the same width) C2110 UNIX operating system and programming basics 2nd lesson -40Exercise V 1. Start virtual machine with MS Windows 7 (/win/win7uc/start). 2. In the virtual machine, open Internet Explorer and in Wikipedia (English) find keyword Hypervisor. 3. Monitor run of the hypervisor on the host machine by using top (termination by pressing key q) . 4. Pause and resume running of the virtual machine. 5. Open Putty in MS Windows. 6. Make settings according to previous pages and log in to the frontend of cluster WOLF (wolf.ncbr.muni.cz) 7. Print users logged to frontend, both in the Putty terminal and your host machine. Compare them. 8. launch nemesis (module nemesis) in Putty terminal. Explain the behavior. 9. Terminate Putty by command exit. 10. Turn off your virtual machine. C2110 UNIX operating system and programming basics 2nd lesson -41- Conclusion C2110 UNIX operating system and programming basics 2nd lesson -42- Conclusions ➢Linux is a multi-user operational system, which allows parallel work of more users, who can be logged locally or remotely. ➢Linux has native support of remote launching of applications with graphical output (GUI). ➢Linux has support for running virtual machines, thus it can run instances of MS Windows OS. ➢System is very well documented (commands, etc.) C2110 UNIX operating system and programming basics 2nd lesson -43- Homeworks ➢ Instalation of Ubuntu 16.04 LTS C2110 UNIX operating system and programming basics 2nd lesson -44Instalation Ubuntu 16.04 LTS ➢ Install VirtualBox (http://www.virtualbox.org). ➢ Download installation image for OS Ubuntu in iso format http://www.ubuntu.com/ Ubuntu 16.04 LTS (Ubuntu Desktop) ➢ Create virtual machine in VirtualBox manager chose OS Linux and Ubuntu version keep rest of the setting default ➢ First launch of virtual machine when first starting virtual machine, you will be asked to insert installation medium, insert medium to the virtual machine in form of iso (right icon and select the downloaded image) ➢ Installation of system when installation starts, continue according to the instructions of the installation wizard. Homework.