If it's not still here on the first page, this is a link to the post explaining my current situation (wouldn't fit here): http://trackmyhack504.blogspot.com/2013/01/my-current-situation.html?m=0 System info basics are in some of the first few posts I made. And I apoligize, since most of this blog is posted via android I'm guessing there will plenty of typos (thumb typing is slow going).
Saturday, January 19, 2013
MOUNTED DEVICE REDHAT
https://access.redhat.com/knowledge/docs/en-US/Red_Hat_Enterprise_Linux/5/html/Deployment_Guide/sect-Using_the_mount_Command-Mounting-Bind.html
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=blob_plain;f=Documentation/sharedsubtree.txt;hb=ce9e3d9953c8cb67001719b5516da2928e956be4
https://access.redhat.com/knowledge/docs/en-US/Red_Hat_Enterprise_Linux/5/html/Deployment_Guide/ch-ext3.html
http://lwn.net/Articles/159077/ ♥
https://access.redhat.com/knowledge/docs/en-US/Red_Hat_Enterprise_Linux/5/html/Deployment_Guide/sect-Using_the_mount_Command-Unmounting.html
2.2.3. Sharing Mounts
Occasionally, certain system administration tasks require access to the same file system from more than one place in the directory tree (for example, when preparing a chroot environment). To address such requirements, the mount command implements the --bind option that provides a means for duplicating certain mounts. Its usage is as follows:mount --bind old_directory new_directoryAlthough the above command allows a user to access the file system from both places, it does not apply on the file systems that are mounted within the original directory. To include these mounts as well, type:mount --rbind old_directory new_directoryAdditionally, to provide as much flexibility as possible, Red Hat Enterprise Linux 5.9 implements the functionality known as shared subtrees. This feature allows you to use the following four mount types:Shared MountA shared mount allows you to create an exact replica of a given mount point. When a shared mount is created, any mount within the original mount point is reflected in it, and vice versa. To create a shared mount, type the following at a shell prompt:mount --make-shared mount_pointAlternatively, you can change the mount type for the selected mount point and all mount points under it:mount --make-rshared mount_pointSee Example 2.4, "Creating a Shared Mount Point" for an example usage.
Example 2.4. Creating a Shared Mount Point
There are two places where other file systems are commonly mounted: the /mediadirectory for removable media, and the /mnt directory for temporarily mounted file systems. By using a shared mount, you can make these two directories share the same content. To do so, as root, mark the /media directory as "shared":~]# mount --bind /media /media ~]# mount --make-shared /mediaThen create its duplicate in /mnt by using the following command:~]# mount --bind /media /mntYou can now verify that a mount within /media also appears in /mnt. For example, if you have non-empty media in your CD-ROM drive and the /media/cdrom/ directory exists, run the following commands:~]# mount /dev/cdrom /media/cdrom ~]# ls /media/cdrom EFI GPL isolinux LiveOS ~]# ls /mnt/cdrom EFI GPL isolinux LiveOSSimilarly, you can verify that any file system mounted in the /mnt directory is reflected in /media. For instance, if you have a non-empty USB flash drive that uses the /dev/sdc1device plugged in and the /mnt/flashdisk/ directory is present, type:~]# mount /dev/sdc1 /mnt/flashdisk ~]# ls /media/flashdisk en-US publican.cfg ~]# ls /mnt/flashdisk en-US publican.cfgSlave MountA slave mount allows you to create a limited duplicate of a given mount point. When a slave mount is created, any mount within the original mount point is reflected in it, but no mount within a slave mount is reflected in its original. To create a slave mount, type the following at a shell prompt:mount --make-slave mount_pointAlternatively, you can change the mount type for the selected mount point and all mount points under it:mount --make-rslave mount_pointSee Example 2.5, "Creating a Slave Mount Point" for an example usage.
Example 2.5. Creating a Slave Mount Point
Imagine you want the content of the /media directory to appear in /mnt as well, but you do not want any mounts in the /mnt directory to be reflected in /media. To do so, as root, first mark the /media directory as "shared":~]# mount --bind /media /media ~]# mount --make-shared /mediaThen create its duplicate in /mnt, but mark it as "slave":~]# mount --bind /media /mnt ~]# mount --make-slave /mntYou can now verify that a mount within /media also appears in /mnt. For example, if you have non-empty media in your CD-ROM drive and the /media/cdrom/ directory exists, run the following commands:~]# mount /dev/cdrom /media/cdrom ~]# ls /media/cdrom EFI GPL isolinux LiveOS ~]# ls /mnt/cdrom EFI GPL isolinux LiveOSYou can also verify that file systems mounted in the /mnt directory are not reflected in /media. For instance, if you have a non-empty USB flash drive that uses the /dev/sdc1device plugged in and the /mnt/flashdisk/ directory is present, type: :~]# mount /dev/sdc1 /mnt/flashdisk ~]# ls /media/flashdisk ~]# ls /mnt/flashdisk en-US publican.cfgPrivate MountA private mount allows you to create an ordinary mount. When a private mount is created, no subsequent mounts within the original mount point are reflected in it, and no mount within a private mount is reflected in its original. To create a private mount, type the following at a shell prompt:mount --make-private mount_pointAlternatively, you can change the mount type for the selected mount point and all mount points under it:mount --make-rprivate mount_pointSee Example 2.6, "Creating a Private Mount Point" for an example usage.
Example 2.6. Creating a Private Mount Point
Taking into account the scenario in Example 2.4, "Creating a Shared Mount Point", assume that you have previously created a shared mount point by using the following commands as root:~]# mount --bind /media /media ~]# mount --make-shared /media ~]# mount --bind /media /mntTo mark the /mnt directory as "private", type:~]# mount --make-private /mntYou can now verify that none of the mounts within /media appears in /mnt. For example, if you have non-empty media in your CD-ROM drive and the /media/cdrom/directory exists, run the following commands:~]# mount /dev/cdrom /media/cdrom ~]# ls /media/cdrom EFI GPL isolinux LiveOS ~]# ls /mnt/cdrom ~]#You can also verify that file systems mounted in the /mnt directory are not reflected in /media. For instance, if you have a non-empty USB flash drive that uses the /dev/sdc1device plugged in and the /mnt/flashdisk/ directory is present, type:~]# mount /dev/sdc1 /mnt/flashdisk ~]# ls /media/flashdisk ~]# ls /mnt/flashdisk en-US publican.cfgUnbindable MountAn unbindable mount allows you to prevent a given mount point from being duplicated whatsoever. To create an unbindable mount, type the following at a shell prompt:mount --make-unbindable mount_pointAlternatively, you can change the mount type for the selected mount point and all mount points under it:mount --make-runbindable mount_pointSee Example 2.7, "Creating an Unbindable Mount Point" for an example usage.
Example 2.7. Creating an Unbindable Mount Point
To prevent the /media directory from being shared, as root, type the following at a shell prompt:~]# mount --bind /media /media ~]# mount --make-unbindable /mediaThis way, any subsequent attempt to make a duplicate of this mount will fail with an error:~]# mount --bind /media /mnt mount: wrong fs type, bad option, bad superblock on /media/, missing code page or other error In some cases useful info is found in syslog - try dmesg | tail or soPrevIntroduction1. Document Conventions2. Send in Your FeedbackI. File Systems1. File System Structure1.1. Why Share a Common Structure?1.2. Overview of File System Hierarchy Standard (FHS)1.2.1. FHS Organization1.3. Special File Locations Under Red Hat Enterprise Linux2. Using the mount Command2.1. Listing Currently Mounted File Systems2.2. Mounting a File System2.2.1. Specifying the File System Type2.2.2. Specifying the Mount Options2.2.3. Sharing Mounts2.2.3. Sharing Mounts2.2.4. Moving a Mount Point2.3. Unmounting a File System2.4. Additional Resources2.4.1. Installed Documentation2.4.2. Useful Websites3. The ext3 File System3.1. Features of ext33.2. Creating an ext3 File System3.3. Converting to an ext3 File System3.4. Reverting to an ext2 File System4. The ext4 File System4.1. Features of ext44.2. Managing an ext4 File System4.3. Creating an ext4 File System4.4. Mounting an ext4 File System4.5. Resizing an ext4 File System5. The proc File System5.1. A Virtual File System5.1.1. Viewing Virtual Files5.1.2. Changing Virtual Files5.2. Top-level Files within the proc File System5.2.1. /proc/apm 5.2.2. /proc/buddyinfo 5.2.3. /proc/cmdline 5.2.4. /proc/cpuinfo 5.2.5. /proc/crypto 5.2.6. /proc/devices 5.2.7. /proc/dma 5.2.8. /proc/execdomains 5.2.9. /proc/fb 5.2.10. /proc/filesystems 5.2.11. /proc/interrupts 5.2.12. /proc/iomem 5.2.13. /proc/ioports 5.2.14. /proc/kcore 5.2.15. /proc/kmsg 5.2.16. /proc/loadavg 5.2.17. /proc/locks 5.2.18. /proc/mdstat 5.2.19. /proc/meminfo 5.2.20. /proc/misc 5.2.21. /proc/modules 5.2.22. /proc/mounts 5.2.23. /proc/mtrr 5.2.24. /proc/partitions 5.2.25. /proc/pci 5.2.26. /proc/slabinfo 5.2.27. /proc/stat 5.2.28. /proc/swaps 5.2.29. /proc/sysrq-trigger 5.2.30. /proc/uptime 5.2.31. /proc/version 5.3. Directories within /proc/ 5.3.1. Process Directories5.3.2. /proc/bus/ 5.3.3. /proc/driver/ 5.3.4. /proc/fs 5.3.5. /proc/ide/ 5.3.6. /proc/irq/ 5.3.7. /proc/net/ 5.3.8. /proc/scsi/ 5.3.9. /proc/sys/ 5.3.10. /proc/sysvipc/ 5.3.11. /proc/tty/ 5.3.12. /proc/<PID>/ 5.4. Using the sysctl Command5.5. Additional Resources5.5.1. Installed Documentation5.5.2. Useful Websites6. Redundant Array of Independent Disks (RAID)6.1. What is RAID?6.1.1. Who Should Use RAID?6.1.2. Hardware RAID versus Software RAID6.1.3. RAID Levels and Linear Support6.2. Configuring Software RAID6.2.1. Creating the RAID Partitions6.2.2. Creating the RAID Devices and Mount Points6.3. Managing Software RAID6.3.1. Reviewing RAID Configuration6.3.2. Creating a New RAID Device6.3.3. Replacing a Faulty Device6.3.4. Extending a RAID Device6.3.5. Removing a RAID Device6.3.6. Preserving the Configuration6.4. Additional Resources6.4.1. Installed Documentation7. Swap Space7.1. What is Swap Space?7.2. Adding Swap Space7.2.1. Extending Swap on an LVM2 Logical Volume7.2.2. Creating an LVM2 Logical Volume for Swap7.2.3. Creating a Swap File7.3. Removing Swap Space7.3.1. Reducing Swap on an LVM2 Logical Volume7.3.2. Removing an LVM2 Logical Volume for Swap7.3.3. Removing a Swap File7.4. Moving Swap Space8. Managing Disk Storage8.1. Standard Partitions using parted8.1.1. Viewing the Partition Table8.1.2. Creating a Partition8.1.3. Removing a Partition8.1.4. Resizing a Partition8.2. LVM Partition Management9. Implementing Disk Quotas9.1. Configuring Disk Quotas9.1.1. Enabling Quotas9.1.2. Remounting the File Systems9.1.3. Creating the Quota Database Files9.1.4. Assigning Quotas per User9.1.5. Assigning Quotas per Group9.1.6. Setting the Grace Period for Soft Limits9.2. Managing Disk Quotas9.2.1. Enabling and Disabling9.2.2. Reporting on Disk Quotas9.2.3. Keeping Quotas Accurate9.3. Additional Resources9.3.1. Installed Documentation9.3.2. Related Books10. Access Control Lists10.1. Mounting File Systems10.1.1. NFS10.2. Setting Access ACLs10.3. Setting Default ACLs10.4. Retrieving ACLs10.5. Archiving File Systems With ACLs10.6. Compatibility with Older Systems10.7. Additional Resources10.7.1. Installed Documentation10.7.2. Useful Websites11. LVM (Logical Volume Manager)11.1. What is LVM?11.1.1. What is LVM2?11.2. LVM Configuration11.3. Automatic Partitioning11.4. Manual LVM Partitioning11.4.1. Creating the /boot Partition11.4.2. Creating the LVM Physical Volumes11.4.3. Creating the LVM Volume Groups11.4.4. Creating the LVM Logical Volumes11.5. Using the LVM utility system-config-lvm11.5.1. Utilizing uninitialized entities11.5.2. Adding Unallocated Volumes to a volume group11.5.3. Migrating extents11.5.4. Adding a new hard disk using LVM11.5.5. Adding a new volume group11.5.6. Extending a volume group11.5.7. Editing a Logical Volume11.6. Additional Resources11.6.1. Installed Documentation11.6.2. Useful WebsitesII. Package Management12. Package Management with RPM12.1. RPM Design Goals12.2. Using RPM12.2.1. Finding RPM Packages12.2.2. Installing12.2.3. Uninstalling12.2.4. Upgrading12.2.5. Freshening12.2.6. Querying12.2.7. Verifying12.3. Checking a Package's Signature12.3.1. Importing Keys12.3.2. Verifying Signature of Packages12.4. Practical and Common Examples of RPM Usage12.5. Additional Resources12.5.1. Installed Documentation12.5.2. Useful Websites12.5.3. Related Books13. Package Management Tool13.1. Listing and Analyzing Packages13.2. Installing and Removing Packages14. YUM (Yellowdog Updater Modified)14.1. Setting Up a Yum Repository14.2. yum Commands14.3. yum Options14.4. Configuring yum 14.4.1. [main] Options14.4.2. [repository] Options14.5. Useful yum Variables15. Registering a System and Managing Subscriptions15.1. Using Red Hat Subscription Manager Tools15.1.1. Launching the Red Hat Subscription Manager GUI15.1.2. Running the subscription-manager Command-Line Tool15.2. Registering and Unregistering a System15.2.1. Registering from the GUI15.2.2. Registering from the Command Line15.2.3. Unregistering15.3. Attaching and Removing Subscriptions15.3.1. Attaching and Removing Subscriptions through the GUI15.3.2. Attaching and Removing Subscriptions through the Command Line15.4. Redeeming Vendor Subscriptions15.4.1. Redeeming Subscriptions through the GUI15.4.2. Redeeming Subscriptions through the Command Line15.5. Attaching Subscriptions from a Subscription Asset Manager Activation Key15.6. Setting Preferences for Systems15.6.1. Setting Preferences in the UI15.6.2. Setting Service Levels Through the Command Line15.6.3. Setting a Preferred Operating System Release Version in the Command Line15.6.4. Removing a Preference15.7. Managing Subscription Expiration and NotificationsIII. Network-Related Configuration16. Network Interfaces16.1. Network Configuration Files16.2. Interface Configuration Files16.2.1. Ethernet Interfaces16.2.2. IPsec Interfaces16.2.3. Channel Bonding Interfaces16.2.4. Alias and Clone Files16.2.5. Dialup Interfaces16.2.6. Other Interfaces16.3. Interface Control Scripts16.4. Static Routes and the Default Gateway16.5. Network Function Files16.6. Additional Resources16.6.1. Installed Documentation17. Network Configuration17.1. Overview17.2. Establishing an Ethernet Connection17.3. Establishing an ISDN Connection17.4. Establishing a Modem Connection17.5. Establishing an xDSL Connection17.6. Establishing a Token Ring Connection17.7. Establishing a Wireless Connection17.8. Managing DNS Settings17.9. Managing Hosts17.10. Working with Profiles17.11. Device Aliases17.12. Saving and Restoring the Network Configuration18. Controlling Access to Services18.1. Runlevels18.2. TCP Wrappers18.2.1. xinetd18.3. Services Configuration Tool18.4. ntsysv18.5. chkconfig18.6. Additional Resources18.6.1. Installed Documentation18.6.2. Useful Websites19. Berkeley Internet Name Domain (BIND)19.1. Introduction to DNS19.1.1. Nameserver Zones19.1.2. Nameserver Types19.1.3. BIND as a Nameserver19.2. /etc/named.conf 19.2.1. Common Statement Types19.2.2. Other Statement Types19.2.3. Comment Tags19.3. Zone Files19.3.1. Zone File Directives19.3.2. Zone File Resource Records19.3.3. Example Zone File19.3.4. Reverse Name Resolution Zone Files19.4. Using rndc 19.4.1. Configuring /etc/named.conf 19.4.2. Configuring /etc/rndc.conf 19.4.3. Command Line Options19.5. Advanced Features of BIND19.5.1. DNS Protocol Enhancements19.5.2. Multiple Views19.5.3. Security19.5.4. IP version 619.6. Common Mistakes to Avoid19.7. Additional Resources19.7.1. Installed Documentation19.7.2. Useful Websites19.7.3. Related Books20. OpenSSH20.1. Features of SSH20.1.1. Why Use SSH?20.2. SSH Protocol Versions20.3. Event Sequence of an SSH Connection20.3.1. Transport Layer20.3.2. Authentication20.3.3. Channels20.4. Configuring an OpenSSH Server20.4.1. Requiring SSH for Remote Connections20.5. OpenSSH Configuration Files20.6. Configuring an OpenSSH Client20.6.1. Using the ssh Command20.6.2. Using the scp Command20.6.3. Using the sftp Command20.7. More Than a Secure Shell20.7.1. X11 Forwarding20.7.2. Port Forwarding20.7.3. Generating Key Pairs20.8. Additional Resources20.8.1. Installed Documentation20.8.2. Useful Websites21. Network File System (NFS)21.1. How It Works21.1.1. Required Services21.2. NFS Client Configuration21.2.1. Mounting NFS File Systems using /etc/fstab21.3. autofs21.3.1. What's new in autofs version 5?21.3.2. autofs Configuration21.3.3. autofs Common Tasks21.4. Common NFS Mount Options21.5. Starting and Stopping NFS21.6. NFS Server Configuration21.6.1. Exporting or Sharing NFS File Systems21.6.2. Command Line Configuration21.6.3. Running NFS Behind a Firewall21.6.4. Hostname Formats21.7. The /etc/exports Configuration File21.7.1. The exportfs Command21.8. Securing NFS21.8.1. Host Access21.8.2. File Permissions21.9. NFS and portmap21.9.1. Troubleshooting NFS and portmap21.10. Using NFS over TCP21.11. Additional Resources21.11.1. Installed Documentation21.11.2. Useful Websites21.11.3. Related Books22. Samba22.1. Introduction to Samba22.1.1. Samba Features22.2. Samba Daemons and Related Services22.2.1. Samba Daemons22.3. Connecting to a Samba Share22.3.1. Command Line22.3.2. Mounting the Share22.4. Configuring a Samba Server22.4.1. Graphical Configuration22.4.2. Command Line Configuration22.4.3. Encrypted Passwords22.5. Starting and Stopping Samba22.6. Samba Server Types and the smb.conf File22.6.1. Stand-alone Server22.6.2. Domain Member Server22.6.3. Domain Controller22.7. Samba Security Modes22.7.1. User-Level Security22.7.2. Share-Level Security22.8. Samba Account Information Databases22.9. Samba Network Browsing22.9.1. Domain Browsing22.9.2. WINS (Windows Internetworking Name Server)22.10. Samba with CUPS Printing Support22.10.1. Simple smb.conf Settings22.11. Samba Distribution Programs22.12. Additional Resources22.12.1. Installed Documentation22.12.2. Related Books22.12.3. Useful Websites23. Dynamic Host Configuration Protocol (DHCP)23.1. Why Use DHCP?23.2. Configuring a DHCP Server23.2.1. Configuration File23.2.2. Lease Database23.2.3. Starting and Stopping the Server23.2.4. DHCP Relay Agent23.3. Configuring a DHCP Client23.4. Configuring a Multihomed DHCP Server23.4.1. Host Configuration23.5. Additional Resources23.5.1. Installed Documentation24. Apache HTTP Server24.1. Apache HTTP Server 2.224.1.1. Features of Apache HTTP Server 2.224.2. Migrating Apache HTTP Server Configuration Files24.2.1. Migrating Apache HTTP Server 2.0 Configuration Files24.2.2. Migrating Apache HTTP Server 1.3 Configuration Files to 2.024.3. Starting and Stopping httpd24.4. Apache HTTP Server Configuration24.4.1. Basic Settings24.4.2. Default Settings24.5. Configuration Directives in httpd.conf24.5.1. General Configuration Tips24.5.2. Configuration Directives for SSL24.5.3. MPM Specific Server-Pool Directives24.6. Adding Modules24.7. Virtual Hosts24.7.1. Setting Up Virtual Hosts24.8. Apache HTTP Secure Server Configuration24.8.1. An Overview of Security-Related Packages24.8.2. An Overview of Certificates and Security24.8.3. Using Pre-Existing Keys and Certificates24.8.4. Types of Certificates24.8.5. Generating a Key24.8.6. How to configure the server to use the new key24.9. Additional Resources24.9.1. Useful Websites25. FTP25.1. The File Transfer Protocol25.1.1. Multiple Ports, Multiple Modes25.2. FTP Servers25.2.1. vsftpd25.3. Files Installed with vsftpd25.4. Starting and Stopping vsftpd25.4.1. Starting Multiple Copies of vsftpd25.5. vsftpd Configuration Options25.5.1. Daemon Options25.5.2. Log In Options and Access Controls25.5.3. Anonymous User Options25.5.4. Local User Options25.5.5. Directory Options25.5.6. File Transfer Options25.5.7. Logging Options25.5.8. Network Options25.6. Additional Resources25.6.1. Installed Documentation25.6.2. Useful Websites26. Email26.1. Email Protocols26.1.1. Mail Transport Protocols26.1.2. Mail Access Protocols26.2. Email Program Classifications26.2.1. Mail Transport Agent26.2.2. Mail Delivery Agent26.2.3. Mail User Agent26.3. Mail Transport Agents26.3.1. Sendmail26.3.2. Postfix26.3.3. Fetchmail26.4. Mail Transport Agent (MTA) Configuration26.5. Mail Delivery Agents26.5.1. Procmail Configuration26.5.2. Procmail Recipes26.6. Mail User Agents26.6.1. Securing Communication26.7. Additional Resources26.7.1. Installed Documentation26.7.2. Useful Websites26.7.3. Related Books27. Lightweight Directory Access Protocol (LDAP)27.1. Why Use LDAP?27.1.1. OpenLDAP Features27.2. LDAP Terminology27.3. OpenLDAP Daemons and Utilities27.3.1. NSS, PAM, and LDAP27.3.2. PHP4, LDAP, and the Apache HTTP Server27.3.3. LDAP Client Applications27.4. OpenLDAP Configuration Files27.5. The /etc/openldap/schema/ Directory27.6. OpenLDAP Setup Overview27.6.1. Editing /etc/openldap/slapd.conf27.7. Configuring a System to Authenticate Using OpenLDAP27.7.1. PAM and LDAP27.7.2. Migrating Old Authentication Information to LDAP Format27.8. Migrating Directories from Earlier Releases27.9. Additional Resources27.9.1. Installed Documentation27.9.2. Useful Websites27.9.3. Related Books28. Authentication Configuration28.1. User Information28.2. Authentication28.3. Options28.4. Command Line Version29. Using and Caching Credentials with SSSD29.1. About the sssd.conf File29.2. Starting and Stopping SSSD29.3. Configuring SSSD to Work with System Services29.3.1. Configuring NSS Services29.3.2. Configuring the PAM Service29.4. Creating Domains29.4.1. General Rules and Options for Configuring a Domain29.4.2. Configuring an LDAP Domain29.4.3. Configuring Kerberos Authentication with a Domain29.4.4. Configuring a Proxy Domain29.5. Configuring Access Control for SSSD Domains29.5.1. Using the Simple Access Provider29.5.2. Using the LDAP Access Filter29.6. Configuring Domain Failover29.6.1. Configuring Failover29.6.2. Using SRV Records with Failover29.7. Deleting Domain Cache Files29.8. Using NSCD with SSSD29.9. Troubleshooting SSSD29.9.1. Checking SSSD Log Files29.9.2. Problems with SSSD ConfigurationIV. System Configuration30. Console Access30.1. Disabling Shutdown Via Ctrl+Alt+Del30.2. Disabling Console Program Access30.3. Defining the Console30.4. Making Files Accessible From the Console30.5. Enabling Console Access for Other Applications30.6. The floppy Group31. The sysconfig Directory31.1. Files in the /etc/sysconfig/ Directory31.1.1. /etc/sysconfig/amd31.1.2. /etc/sysconfig/apmd31.1.3. /etc/sysconfig/arpwatch31.1.4. /etc/sysconfig/authconfig31.1.5. /etc/sysconfig/autofs31.1.6. /etc/sysconfig/clock31.1.7. /etc/sysconfig/desktop31.1.8. /etc/sysconfig/dhcpd31.1.9. /etc/sysconfig/exim31.1.10. /etc/sysconfig/firstboot31.1.11. /etc/sysconfig/gpm31.1.12. /etc/sysconfig/hwconf31.1.13. /etc/sysconfig/i18n31.1.14. /etc/sysconfig/init31.1.15. /etc/sysconfig/ip6tables-config31.1.16. /etc/sysconfig/iptables-config31.1.17. /etc/sysconfig/irda31.1.18. /etc/sysconfig/keyboard31.1.19. /etc/sysconfig/kudzu31.1.20. /etc/sysconfig/named31.1.21. /etc/sysconfig/network31.1.22. /etc/sysconfig/nfs31.1.23. /etc/sysconfig/ntpd31.1.24. /etc/sysconfig/radvd31.1.25. /etc/sysconfig/samba31.1.26. /etc/sysconfig/selinux31.1.27. /etc/sysconfig/sendmail31.1.28. /etc/sysconfig/spamassassin31.1.29. /etc/sysconfig/squid31.1.30. /etc/sysconfig/system-config-securitylevel31.1.31. /etc/sysconfig/system-config-selinux31.1.32. /etc/sysconfig/system-config-users31.1.33. /etc/sysconfig/system-logviewer31.1.34. /etc/sysconfig/tux31.1.35. /etc/sysconfig/vncservers31.1.36. /etc/sysconfig/xinetd31.2. Directories in the /etc/sysconfig/ Directory31.3. Additional Resources31.3.1. Installed Documentation32. Date and Time Configuration32.1. Time and Date Properties32.2. Network Time Protocol (NTP) Properties32.3. Time Zone Configuration33. Keyboard Configuration34. The X Window System34.1. The X11R7.1 Release34.2. Desktop Environments and Window Managers34.2.1. Desktop Environments34.2.2. Window Managers34.3. X Server Configuration Files34.3.1. xorg.conf34.4. Fonts34.4.1. Fontconfig34.4.2. Core X Font System34.5. Runlevels and X34.5.1. Runlevel 334.5.2. Runlevel 534.6. Additional Resources34.6.1. Installed Documentation34.6.2. Useful Websites35. X Window System Configuration35.1. Display Settings35.2. Display Hardware Settings35.3. Dual Head Display Settings36. Users and Groups36.1. User and Group Configuration36.1.1. Adding a New User36.1.2. Modifying User Properties36.1.3. Adding a New Group36.1.4. Modifying Group Properties36.2. User and Group Management Tools36.2.1. Command Line Configuration36.2.2. Adding a User36.2.3. Adding a Group36.2.4. Password Aging36.2.5. Explaining the Process36.3. Standard Users36.4. Standard Groups36.5. User Private Groups36.5.1. Group Directories36.6. Shadow Passwords36.7. Additional Resources36.7.1. Installed Documentation37. Printer Configuration37.1. Adding a Local Printer37.2. Adding an IPP Printer37.3. Adding a Samba (SMB) Printer37.4. Adding a JetDirect Printer37.5. Selecting the Printer Model and Finishing37.5.1. Confirming Printer Configuration37.6. Printing a Test Page37.7. Modifying Existing Printers37.7.1. The Settings Tab37.7.2. The Policies Tab37.7.3. The Access Control Tab37.7.4. The Printer and Job OptionsTab37.8. Managing Print Jobs37.9. Additional Resources37.9.1. Installed Documentation37.9.2. Useful Websites38. Automated Tasks38.1. Cron38.1.1. Configuring Cron Jobs38.1.2. Controlling Access to Cron38.1.3. Starting and Stopping the Service38.2. At and Batch38.2.1. Configuring At Jobs38.2.2. Configuring Batch Jobs38.2.3. Viewing Pending Jobs38.2.4. Additional Command Line Options38.2.5. Controlling Access to At and Batch38.2.6. Starting and Stopping the Service38.3. Additional Resources38.3.1. Installed Documentation39. Log Files39.1. Locating Log Files39.2. Viewing Log Files39.3. Adding a Log File39.4. Monitoring Log FilesV. System Monitoring40. SystemTap40.1. Introduction40.2. Implementation40.3. Using SystemTap40.3.1. Tracing 41. Gathering System Information41.1. System Processes41.2. Memory Usage41.3. File Systems41.4. Hardware41.5. Additional Resources41.5.1. Installed Documentation42. OProfile42.1. Overview of Tools42.2. Configuring OProfile42.2.1. Specifying the Kernel42.2.2. Setting Events to Monitor42.2.3. Separating Kernel and User-space Profiles42.3. Starting and Stopping OProfile42.4. Saving Data42.5. Analyzing the Data42.5.1. Using opreport42.5.2. Using opreport on a Single Executable42.5.3. Getting more detailed output on the modules42.5.4. Using opannotate42.6. Understanding /dev/oprofile/42.7. Example Usage42.8. Graphical Interface42.9. Additional Resources42.9.1. Installed Docs42.9.2. Useful WebsitesVI. Kernel and Driver Configuration43. Manually Upgrading the Kernel43.1. Overview of Kernel Packages43.2. Preparing to Upgrade43.3. Downloading the Upgraded Kernel43.4. Performing the Upgrade43.5. Verifying the Initial RAM Disk Image43.6. Verifying the Boot Loader43.6.1. x86 Systems43.6.2. Itanium Systems43.6.3. IBM S/390 and IBM System z Systems43.6.4. IBM eServer iSeries Systems43.6.5. IBM eServer pSeries Systems44. General Parameters and Modules44.1. Kernel Module Utilities44.2. Persistent Module Loading44.3. Specifying Module Parameters44.4. Storage parameters44.5. Ethernet Parameters44.5.1. Using Multiple Ethernet Cards44.5.2. The Channel Bonding Module44.6. Additional Resources44.6.1. Installed Documentation44.6.2. Useful Websites45. The kdump Crash Recovery Service45.1. Installing the kdump Service45.2. Configuring the kdump Service45.2.1. Configuring kdump at First Boot45.2.2. Using the Kernel Dump Configuration Utility45.2.3. Configuring kdump on the Command Line45.2.4. Testing the Configuration45.3. Analyzing the Core Dump45.3.1. Displaying the Message Buffer45.3.2. Displaying a Backtrace45.3.3. Displaying a Process Status45.3.4. Displaying Virtual Memory Information45.3.5. Displaying Open Files45.4. Additional Resources45.4.1. Installed Documentation45.4.2. Useful WebsitesVII. Security And Authentication46. Security Overview46.1. Introduction to Security46.1.1. What is Computer Security?46.1.2. Security Controls46.1.3. Conclusion46.2. Vulnerability Assessment46.2.1. Thinking Like the Enemy46.2.2. Defining Assessment and Testing46.2.3. Evaluating the Tools46.3. Attackers and Vulnerabilities46.3.1. A Quick History of Hackers46.3.2. Threats to Network Security46.3.3. Threats to Server Security46.3.4. Threats to Workstation and Home PC Security46.4. Common Exploits and Attacks46.5. Security Updates46.5.1. Updating Packages47. Securing Your Network47.1. Workstation Security47.1.1. Evaluating Workstation Security47.1.2. BIOS and Boot Loader Security47.1.3. Password Security47.1.4. Administrative Controls47.1.5. Available Network Services47.1.6. Personal Firewalls47.1.7. Security Enhanced Communication Tools47.2. Server Security47.2.1. Securing Services With TCP Wrappers and xinetd47.2.2. Securing Portmap47.2.3. Securing NIS47.2.4. Securing NFS47.2.5. Securing the Apache HTTP Server47.2.6. Securing FTP47.2.7. Securing Sendmail47.2.8. Verifying Which Ports Are Listening47.3. Single Sign-on (SSO)47.3.1. Introduction47.3.2. Getting Started with your new Smart Card47.3.3. How Smart Card Enrollment Works47.3.4. How Smart Card Login Works47.3.5. Configuring Firefox to use Kerberos for SSO47.4. Pluggable Authentication Modules (PAM)47.4.1. Advantages of PAM47.4.2. PAM Configuration Files47.4.3. PAM Configuration File Format47.4.4. Sample PAM Configuration Files47.4.5. Creating PAM Modules47.4.6. PAM and Administrative Credential Caching47.4.7. PAM and Device Ownership47.4.8. Additional Resources47.5. TCP Wrappers and xinetd47.5.1. TCP Wrappers47.5.2. TCP Wrappers Configuration Files47.5.3. xinetd47.5.4. xinetd Configuration Files47.5.5. Additional Resources47.6. Kerberos47.6.1. What is Kerberos?47.6.2. Kerberos Terminology47.6.3. How Kerberos Works47.6.4. Kerberos and PAM47.6.5. Configuring a Kerberos 5 Server47.6.6. Configuring a Kerberos 5 Client47.6.7. Domain-to-Realm Mapping47.6.8. Setting Up Secondary KDCs47.6.9. Setting Up Cross Realm Authentication47.6.10. Additional Resources47.7. Virtual Private Networks (VPNs)47.7.1. How Does a VPN Work?47.7.2. VPNs and Red Hat Enterprise Linux47.7.3. IPsec47.7.4. Creating an IPsec Connection47.7.5. IPsec Installation47.7.6. IPsec Host-to-Host Configuration47.7.7. IPsec Network-to-Network Configuration47.7.8. Starting and Stopping an IPsec Connection47.8. Firewalls47.8.1. Netfilter and IPTables47.8.2. Basic Firewall Configuration47.8.3. Using IPTables47.8.4. Common IPTables Filtering47.8.5. FORWARD and NAT Rules47.8.6. Malicious Software and Spoofed IP Addresses47.8.7. IPTables and Connection Tracking47.8.8. IPv647.8.9. Additional Resources47.9. IPTables47.9.1. Packet Filtering47.9.2. Differences Between IPTables and IPChains47.9.3. Command Options for IPTables47.9.4. Saving IPTables Rules47.9.5. IPTables Control Scripts47.9.6. IPTables and IPv647.9.7. Additional Resources48. Security and SELinux48.1. Access Control Mechanisms (ACMs)48.1.1. Discretionary Access Control (DAC)48.1.2. Access Control Lists (ACLs)48.1.3. Mandatory Access Control (MAC)48.1.4. Role-based Access Control (RBAC)48.1.5. Multi-Level Security (MLS)48.1.6. Multi-Category Security (MCS)48.2. Introduction to SELinux48.2.1. SELinux Overview48.2.2. Files Related to SELinux48.2.3. Additional Resources48.3. Brief Background and History of SELinux48.4. Multi-Category Security (MCS)48.4.1. Introduction48.4.2. Applications for Multi-Category Security48.4.3. SELinux Security Contexts48.5. Getting Started with Multi-Category Security (MCS)48.5.1. Introduction48.5.2. Comparing SELinux and Standard Linux User Identities48.5.3. Configuring Categories48.5.4. Assigning Categories to Users48.5.5. Assigning Categories to Files48.6. Multi-Level Security (MLS)48.6.1. Why Multi-Level?48.6.2. Security Levels, Objects and Subjects48.6.3. MLS Policy48.6.4. Enabling MLS in SELinux48.6.5. LSPP Certification48.7. SELinux Policy Overview48.7.1. What is the SELinux Policy?48.7.2. Where is the Policy?48.7.3. The Role of Policy in the Boot Process48.7.4. Object Classes and Permissions48.8. Targeted Policy Overview48.8.1. What is the Targeted Policy?48.8.2. Files and Directories of the Targeted Policy48.8.3. Understanding the Users and Roles in the Targeted Policy49. Working With SELinux49.1. End User Control of SELinux49.1.1. Moving and Copying Files49.1.2. Checking the Security Context of a Process, User, or File Object49.1.3. Relabeling a File or Directory49.1.4. Creating Archives That Retain Security Contexts49.2. Administrator Control of SELinux49.2.1. Viewing the Status of SELinux49.2.2. Relabeling a File System49.2.3. Managing NFS Home Directories49.2.4. Granting Access to a Directory or a Tree49.2.5. Backing Up and Restoring the System49.2.6. Enabling or Disabling Enforcement49.2.7. Enable or Disable SELinux49.2.8. Changing the Policy49.2.9. Specifying the Security Context of Entire File Systems49.2.10. Changing the Security Category of a File or User49.2.11. Running a Command in a Specific Security Context49.2.12. Useful Commands for Scripts49.2.13. Changing to a Different Role49.2.14. When to Reboot49.3. Analyst Control of SELinux49.3.1. Enabling Kernel Auditing49.3.2. Dumping and Viewing Logs50. Customizing SELinux Policy50.1. Introduction50.1.1. Modular Policy50.2. Building a Local Policy Module50.2.1. Using audit2allow to Build a Local Policy Module50.2.2. Analyzing the Type Enforcement (TE) File50.2.3. Loading the Policy Package51. ReferencesVIII. Red Hat Training And Certification52. Red Hat Training and Certification 52.1. Three Ways to Train52.2. Microsoft Certified Professional Resource Center53. Certification Tracks53.1. Free Pre-assessment tests54. RH033: Red Hat Linux Essentials54.1. Course Description54.1.1. Prerequisites54.1.2. Goal54.1.3. Audience54.1.4. Course Objectives54.1.5. Follow-on Courses55. RH035: Red Hat Linux Essentials for Windows Professionals55.1. Course Description55.1.1. Prerequisites55.1.2. Goal55.1.3. Audience 55.1.4. Course Objectives55.1.5. Follow-on Courses56. RH133: Red Hat Linux System Administration and Red Hat Certified Technician (RHCT) Certification56.1. Course Description56.1.1. Prerequisites56.1.2. Goal56.1.3. Audience56.1.4. Course Objectives56.1.5. Follow-on Courses57. RH202 RHCT EXAM - The fastest growing credential in all of Linux.57.1. Course Description57.1.1. Prerequisites58. RH253 Red Hat Linux Networking and Security Administration58.1. Course Description58.1.1. Prerequisites58.1.2. Goal58.1.3. Audience 58.1.4. Course Objectives 58.1.5. Follow-on Courses59. RH300: RHCE Rapid track course (and RHCE exam)59.1. Course Description59.1.1. Prerequisites59.1.2. Goal59.1.3. Audience 59.1.4. Course Objectives 59.1.5. Follow-on Courses60. RH302 RHCE EXAM60.1. Course Description60.1.1. Prerequisites60.1.2. Content61. RHS333: RED HAT enterprise security: network services61.1. Course Description61.1.1. Prerequisites61.1.2. Goal61.1.3. Audience 61.1.4. Course Objectives61.1.5. Follow-on Courses62. RH401: Red Hat Enterprise Deployment and systems management62.1. Course Description62.1.1. Prerequisites62.1.2. Goal62.1.3. Audience 62.1.4. Course Objectives62.1.5. Follow-on Courses63. RH423: Red Hat Enterprise Directory services and authentication63.1. Course Description63.1.1. Prerequisites63.1.2. Goal63.1.3. Audience 63.1.4. Course Objectives63.1.5. Follow-on Courses64. SELinux Courses64.1. RHS427: Introduction to SELinux and Red Hat Targeted Policy64.1.1. Audience64.1.2. Course Summary64.2. RHS429: Red Hat Enterprise SELinux Policy Administration 65. RH436: Red Hat Enterprise storage management65.1. Course Description65.1.1. Prerequisites65.1.2. Goal65.1.3. Audience 65.1.4. Course Objectives65.1.5. Follow-on Courses66. RH442: Red Hat Enterprise system monitoring and performance tuning66.1. Course Description66.1.1. Prerequisites66.1.2. Goal66.1.3. Audience 66.1.4. Course Objectives66.1.5. Follow-on Courses67. Red Hat Enterprise Linux Developer Courses67.1. RHD143: Red Hat Linux Programming Essentials 67.2. RHD221 Red Hat Linux Device Drivers 67.3. RHD236 Red Hat Linux Kernel Internals 67.4. RHD256 Red Hat Linux Application Development and Porting68. JBoss Courses68.1. RHD161 JBoss and EJB3 for Java68.1.1. Prerequisites68.2. RHD163 JBoss for Web Developers 68.2.1. Prerequisites68.3. RHD167: JBOSS - HIBERNATE ESSENTIALS68.3.1. Prerequisites68.3.2. Course Summary68.4. RHD267: JBOSS - ADVANCED HIBERNATE68.4.1. Prerequisites68.5. RHD261:JBOSS for advanced J2EE developers68.5.1. Prerequisites68.6. RH336: JBOSS for Administrators68.6.1. Prerequisites68.6.2. Course Summary68.7. RHD439: JBoss Clustering68.7.1. Prerequisites 68.8. RHD449: JBoss jBPM 68.8.1. Description 68.8.2. Prerequisites68.9. RHD451 JBoss Rules68.9.1. PrerequisitesA. Revision HistoryB. ColophonNext@RedHatSupport Red Hat Support Red Hat SupportFREQUENT ACTIONSSearch KnowledgeView Support CasesDownload SoftwareManage SubscriptionsSUPPORTLogin ProblemsPhone Numbers & HoursContact UsSITE INFOBrowser Support PolicySite IndexAwards & RecognitionLEGALTerms of UsePrivacy PolicyAbout Red HatEnglish español Deutsch italiano 한국어 français 日本語 português 中文 (中国)Copyright © 2013 Red Hat, Inc.
♥
2.2.4. Moving a Mount Point
To change the directory in which a file system is mounted, use the following command:mount --move old_directory new_directorySee Example 2.8, "Moving an Existing NFS Mount Point" for an example usage.
Example 2.8. Moving an Existing NFS Mount Point
Imagine that you have an NFS storage that contains user directories. Assuming that this storage is already mounted in /mnt/userdirs/, as root, you can move this mount point to /home by using the following command:~]# mount --move /mnt/userdirs /homeTo verify the mount point has been moved, list the content of both directories:~]# ls /mnt/userdirs ~]# ls /home jill joe
♥♥♥♥♥♥♥♥♥♥♥♥♥♥♥♥♥♥UNMOUNT♥♥♥♥♥♥
2.3. Unmounting a File System
To detach a previously mounted file system, use either of the following variants of the umountcommand:umount directory umount deviceNote that unless you are logged in as root, you must have permissions to unmount the file system (see Section 2.2.2, "Specifying the Mount Options"). See Example 2.9, "Unmounting a CD" for an example usage.
Important: Make Sure the File System Is Not in Use
When a file system is in use (for example, when a process is reading a file on this file system), running the umount command will fail with an error. To determine which processes are accessing the file system, use the fuser command in the following form:fuser -m directoryFor example, to list the processes that are accessing a file system mounted to the /media/cdrom/ directory, type:~]$ fuser -m /media/cdrom /media/cdrom: 1793 2013 2022 2435 10532c 10672c
Example 2.9. Unmounting a CD
To unmount a CD that was previously mounted to the /media/cdrom/ directory, type the following at a shell prompt:~]$ umount /media/cdrom
♥
5f) Unmount semantics Consider the following command umount A where 'A' is a mount mounted on mount 'B' at dentry 'b'. If mount 'B' is shared, then all most-recently-mounted mounts at dentry 'b' on mounts that receive propagation from mount 'B' and does not have sub-mounts within them are unmounted. Example: Lets say 'B1', 'B2', 'B3' are shared mounts that propagate to each other. lets say 'A1', 'A2', 'A3' are first mounted at dentry 'b' on mount 'B1', 'B2' and 'B3' respectively. lets say 'C1', 'C2', 'C3' are next mounted at the same dentry 'b' on mount 'B1', 'B2' and 'B3' respectively. if 'C1' is unmounted, all the mounts that are most-recently-mounted on 'B1' and on the mounts that 'B1' propagates-to are unmounted. 'B1' propagates to 'B2' and 'B3'. And the most recently mounted mount on 'B2' at dentry 'b' is 'C2', and that of mount 'B3' is 'C3'. So all 'C1', 'C2' and 'C3' should be unmounted. If any of 'C2' or 'C3' has some child mounts, then that mount is not unmounted, but all other mounts are unmounted. However if 'C1' is told to be unmounted and 'C1' has some sub-mounts, the umount operation is failed entirely. 5g) Clone Namespace A cloned namespace contains all the mounts as that of the parent namespace. Lets say 'A' and 'B' are the corresponding mounts in the parent and the child namespace. If 'A' is shared, then 'B' is also shared and 'A' and 'B' propagate to each other. If 'A' is a slave mount of 'Z', then 'B' is also the slave mount of 'Z'. If 'A' is a private mount, then 'B' is a private mount too. If 'A' is unbindable mount, then 'B' is a unbindable mount too. 6) Quiz A. What is the result of the following command sequence? mount --bind /mnt /mnt mount --make-shared /mnt mount --bind /mnt /tmp mount --move /tmp /mnt/1 what should be the contents of /mnt /mnt/1 /mnt/1/1 should be? Should they all be identical? or should /mnt and /mnt/1 be identical only? B. What is the result of the following command sequence? mount --make-rshared / mkdir -p /v/1 mount --rbind / /v/1 what should be the content of /v/1/v/1 be? C. What is the result of the following command sequence? mount --bind /mnt /mnt mount --make-shared /mnt mkdir -p /mnt/1/2/3 /mnt/1/test mount --bind /mnt/1 /tmp mount --make-slave /mnt mount --make-shared /mnt mount --bind /mnt/1/2 /tmp1 mount --make-slave /mnt At this point we have the first mount at /tmp and its root dentry is 1. Lets call this mount 'A' And then we have a second mount at /tmp1 with root dentry 2. Lets call this mount 'B' Next we have a third mount at /mnt with root dentry mnt. Lets call this mount 'C' 'B' is the slave of 'A' and 'C' is a slave of 'B' A -> B -> C at this point if we execute the following command mount --bind /bin /tmp/test The mount is attempted on 'A' will the mount propagate to 'B' and 'C' ? what would be the contents of /mnt/1/test be? 7) FAQ
Q1. Why is bind mount needed? How is it different from symbolic links? symbolic links can get stale if the destination mount gets unmounted or moved. Bind mounts continue to exist even if the other mount is unmounted or moved. Q2. Why can't the shared subtree be implemented using exportfs? exportfs is a heavyweight way of accomplishing part of what shared subtree can do. I cannot imagine a way to implement the semantics of slave mount using exportfs? Q3 Why is unbindable mount needed? Lets say we want to replicate the mount tree at multiple locations within the same subtree. if one rbind mounts a tree within the same subtree 'n' times the number of mounts created is an exponential function of 'n'. Having unbindable mount can help prune the unneeded bind mounts. Here is a example. step 1: lets say the root tree has just two directories with one vfsmount. root / \ tmp usr And we want to replicate the tree at multiple mountpoints under /root/tmp step2: mount --make-shared /root mkdir -p /tmp/m1 mount --rbind /root /tmp/m1 the new tree now looks like this: root / \ tmp usr / m1 / \ tmp usr / m1 it has two vfsmounts step3: mkdir -p /tmp/m2 mount --rbind /root /tmp/m2 the new tree now looks like this: root / \ tmp usr / \ m1 m2 / \ / \ tmp usr tmp usr / \ / m1 m2 m1 / \ / \ tmp usr tmp usr / / \ m1 m1 m2 / \ tmp usr / \ m1 m2 it has 6 vfsmounts step 4: mkdir -p /tmp/m3 mount --rbind /root /tmp/m3 I wont' draw the tree..but it has 24 vfsmounts at step i the number of vfsmounts is V[i] = i*V[i-1]. This is an exponential function. And this tree has way more mounts than what we really needed in the first place. One could use a series of umount at each step to prune out the unneeded mounts. But there is a better solution. Unclonable mounts come in handy here. step 1: lets say the root tree has just two directories with one vfsmount. root / \ tmp usr How do we set up the same tree at multiple locations under /root/tmp step2: mount --bind /root/tmp /root/tmp mount --make-rshared /root mount --make-unbindable /root/tmp mkdir -p /tmp/m1 mount --rbind /root /tmp/m1 the new tree now looks like this: root / \ tmp usr / m1 / \ tmp usr step3: mkdir -p /tmp/m2 mount --rbind /root /tmp/m2 the new tree now looks like this: root / \ tmp usr / \ m1 m2 / \ / \ tmp usr tmp usr step4: mkdir -p /tmp/m3 mount --rbind /root /tmp/m3 the new tree now looks like this: root / \ tmp usr / \ \ m1 m2 m3 / \ / \ / \ tmp usr tmp usr tmp usr
(4) Private mount A 'private mount' is defined as vfsmount that does not receive or forward any propagation events. (5) Unbindable mount A 'unbindable mount' is defined as vfsmount that does not receive or forward any propagation events and cannot be bind mounted. State diagram: The state diagram below explains the state transition of a mount, in response to various commands. ------------------------------------------------------------------------ | |make-shared | make-slave | make-private |make-unbindab| --------------|------------|--------------|--------------|-------------| |shared |shared |*slave/private| private | unbindable | | | | | | | |-------------|------------|--------------|--------------|-------------| |slave |shared | **slave | private | unbindable | | |and slave | | | | |-------------|------------|--------------|--------------|-------------| |shared |shared | slave | private | unbindable | |and slave |and slave | | | | |-------------|------------|--------------|--------------|-------------| |private |shared | **private | private | unbindable | |-------------|------------|--------------|--------------|-------------| |unbindable |shared |**unbindable | private | unbindable | ------------------------------------------------------------------------ * if the shared mount is the only mount in its peer group, making it slave, makes it private automatically. Note that there is no master to which it can be slaved to. ** slaving a non-shared mount has no effect on the mount. Apart from the commands listed below, the 'move' operation also changes the state of a mount depending on type of the destination mount. Its explained in section 5d. 5b) Bind semantics Consider the following command mount --bind A/a B/b where 'A' is the source mount, 'a' is the dentry in the mount 'A', 'B' is the destination mount and 'b' is the dentry in the destination mount. The outcome depends on the type of mount of 'A' and 'B'. The table below contains quick reference. --------------------------------------------------------------------------- | BIND MOUNT OPERATION | |************************************************************************** |source(A)->| shared | private | slave | unbindable | | dest(B) | | | | | | | | | | | | | v | | | | | |************************************************************************** | shared | shared | shared | shared & slave | invalid | | | | | | | |non-shared| shared | private | slave | invalid | *************************************************************************** Details: 1. 'A' is a shared mount and 'B' is a shared mount. A new mount 'C' which is clone of 'A', is created. Its root dentry is 'a' . 'C' is mounted on mount 'B' at dentry 'b'. Also new mount 'C1', 'C2', 'C3' ... are created and mounted at the dentry 'b' on all mounts where 'B' propagates to. A new propagation tree containing 'C1',..,'Cn' is created. This propagation tree is identical to the propagation tree of 'B'. And finally the peer-group of 'C' is merged with the peer group of 'A'. 2. 'A' is a private mount and 'B' is a shared mount. A new mount 'C' which is clone of 'A', is created. Its root dentry is 'a'. 'C' is mounted on mount 'B' at dentry 'b'. Also new mount 'C1', 'C2', 'C3' ... are created and mounted at the dentry 'b' on all mounts where 'B' propagates to. A new propagation tree is set containing all new mounts 'C', 'C1', .., 'Cn' with exactly the same configuration as the propagation tree for 'B'. 3. 'A' is a slave mount of mount 'Z' and 'B' is a shared mount. A new mount 'C' which is clone of 'A', is created. Its root dentry is 'a' . 'C' is mounted on mount 'B' at dentry 'b'. Also new mounts 'C1', 'C2', 'C3' ... are created and mounted at the dentry 'b' on all mounts where 'B' propagates to. A new propagation tree containing the new mounts 'C','C1',.. 'Cn' is created. This propagation tree is identical to the propagation tree for 'B'. And finally the mount 'C' and its peer group is made the slave of mount 'Z'. In other words, mount 'C' is in the state 'slave and shared'. 4. 'A' is a unbindable mount and 'B' is a shared mount. This is a invalid operation. 5. 'A' is a private mount and 'B' is a non-shared(private or slave or unbindable) mount. A new mount 'C' which is clone of 'A', is created. Its root dentry is 'a'. 'C' is mounted on mount 'B' at dentry 'b'. 6. 'A' is a shared mount and 'B' is a non-shared mount. A new mount 'C' which is a clone of 'A' is created. Its root dentry is 'a'. 'C' is mounted on mount 'B' at dentry 'b'. 'C' is made a member of the peer-group of 'A'. 7. 'A' is a slave mount of mount 'Z' and 'B' is a non-shared mount. A new mount 'C' which is a clone of 'A' is created. Its root dentry is 'a'. 'C' is mounted on mount 'B' at dentry 'b'. Also 'C' is set as a slave mount of 'Z'. In other words 'A' and 'C' are both slave mounts of 'Z'. All mount/unmount events on 'Z' propagates to 'A' and 'C'. But mount/unmount on 'A' do not propagate anywhere else. Similarly mount/unmount on 'C' do not propagate anywhere else. 8. 'A' is a unbindable mount and 'B' is a non-shared mount. This is a invalid operation. A unbindable mount cannot be bind mounted.
Apart from the above semantics this feature provides the building blocks to solve the following problems: C) Per-user namespace The above semantics allows a way to share mounts across namespaces. But namespaces are associated with processes. If namespaces are made first class objects with user API to associate/disassociate a namespace with userid, then each user could have his/her own namespace and tailor it to his/her requirements. Offcourse its needs support from PAM. D) Versioned files If the entire mount tree is visible at multiple locations, then a underlying versioning file system can return different version of the file depending on the path used to access that file. An example is: mount --make-shared / mount --rbind / /view/v1 mount --rbind / /view/v2 mount --rbind / /view/v3 mount --rbind / /view/v4 and if /usr has a versioning filesystem mounted, than that mount appears at /view/v1/usr, /view/v2/usr, /view/v3/usr and /view/v4/usr too A user can request v3 version of the file /usr/fs/namespace.c by accessing /view/v3/usr/fs/namespace.c . The underlying versioning filesystem can then decipher that v3 version of the filesystem is being requested and return the corresponding inode. 5) Detailed semantics: ------------------- The section below explains the detailed semantics of bind, rbind, move, mount, umount and clone-namespace operations. Note: the word 'vfsmount' and the noun 'mount' have been used to mean the same thing, throughout this document. 5a) Mount states A given mount can be in one of the following states 1) shared 2) slave 3) shared and slave 4) private 5) unbindable A 'propagation event' is defined as event generated on a vfsmount that leads to mount or unmount actions in other vfsmounts. A 'peer group' is defined as a group of vfsmounts that propagate events to each other. (1) Shared mounts A 'shared mount' is defined as a vfsmount that belongs to a 'peer group'. For example: mount --make-shared /mnt mount --bin /mnt /tmp The mount at /mnt and that at /tmp are both shared and belong to the same peer group. Anything mounted or unmounted under /mnt or /tmp reflect in all the other mounts of its peer group. (2) Slave mounts A 'slave mount' is defined as a vfsmount that receives propagation events and does not forward propagation events. A slave mount as the name implies has a master mount from which mount/unmount events are received. Events do not propagate from the slave mount to the master. Only a shared mount can be made a slave by executing the following command mount --make-slave mount A shared mount that is made as a slave is no more shared unless modified to become shared. (3) Shared and Slave A vfsmount can be both shared as well as slave. This state indicates that the mount is a slave of some vfsmount, and has its own peer group too. This vfsmount receives propagation events from its master vfsmount, and also forwards propagation events to its 'peer group' and to its slave vfsmounts. Strictly speaking, the vfsmount is shared having its own peer group, and this peer-group is a slave of some other peer group. Only a slave vfsmount can be made as 'shared and slave' by either executing the following command mount --make-shared mount or by moving the slave vfsmount under a shared vfsmount.
ared Subtrees --------------- Contents: 1) Overview 2) Features 3) smount command 4) Use-case 5) Detailed semantics 6) Quiz 7) FAQ 8) Implementation 1) Overview ----------- Consider the following situation: A process wants to clone its own namespace, but still wants to access the CD that got mounted recently. Shared subtree semantics provide the necessary mechanism to accomplish the above. It provides the necessary building blocks for features like per-user-namespace and versioned filesystem. 2) Features ----------- Shared subtree provides four different flavors of mounts; struct vfsmount to be precise a. shared mount b. slave mount c. private mount d. unbindable mount 2a) A shared mount can be replicated to as many mountpoints and all the replicas continue to be exactly same. Here is an example: Lets say /mnt has a mount that is shared. mount --make-shared /mnt note: mount command does not yet support the --make-shared flag. I have included a small C program which does the same by executing 'smount /mnt shared' #mount --bind /mnt /tmp The above command replicates the mount at /mnt to the mountpoint /tmp and the contents of both the mounts remain identical. #ls /mnt a b c #ls /tmp a b c Now lets say we mount a device at /tmp/a #mount /dev/sd0 /tmp/a #ls /tmp/a t1 t2 t2 #ls /mnt/a t1 t2 t2 Note that the mount has propagated to the mount at /mnt as well. And the same is true even when /dev/sd0 is mounted on /mnt/a. The contents will be visible under /tmp/a too. 2b) A slave mount is like a shared mount except that mount and umount events only propagate towards it. All slave mounts have a master mount which is a shared. Here is an example: Lets say /mnt has a mount which is shared. #mount --make-shared /mnt Lets bind mount /mnt to /tmp #mount --bind /mnt /tmp the new mount at /tmp becomes a shared mount and it is a replica of the mount at /mnt. Now lets make the mount at /tmp; a slave of /mnt #mount --make-slave /tmp [or smount /tmp slave] lets mount /dev/sd0 on /mnt/a #mount /dev/sd0 /mnt/a #ls /mnt/a t1 t2 t3 #ls /tmp/a t1 t2 t3 Note the mount event has propagated to the mount at /tmp However lets see what happens if we mount something on the mount at /tmp #mount /dev/sd1 /tmp/b #ls /tmp/b s1 s2 s3 #ls /mnt/b Note how the mount event has not propagated to the mount at /mnt 2c) A private mount does not forward or receive propagation. This is the mount we are familiar with. Its the default type. 2d) A unbindable mount is a unbindable private mount lets say we have a mount at /mnt and we make is unbindable #mount --make-unbindable /mnt [ smount /mnt unbindable ] Lets try to bind mount this mount somewhere else. # mount --bind /mnt /tmp mount: wrong fs type, bad option, bad superblock on /mnt, or too many mounted file systems Binding a unbindable mount is a invalid operation. 3) smount command Currently the mount command is not aware of shared subtree features. Work is in progress to add the support in mount ( util-linux package ). Till then use the following program. ------------------------------------------------------------------------ // //this code was developed my Miklos Szeredi <miklos@szeredi.hu> //and modified by Ram Pai <linuxram@us.ibm.com> // sample usage: // smount /tmp shared // #include <stdio.h> #include <stdlib.h> #include <unistd.h> #include <sys/mount.h> #include <sys/fsuid.h> #ifndef MS_REC #define MS_REC 0x4000 /* 16384: Recursive loopback */
Subscribe to:
Post Comments (Atom)
 
No comments:
Post a Comment