Details about SUID, SGID and Sticky bit permission on linux os

■ Requirement : Define suid, sgid & sticky bit
■ OS Environment : Linux, RHEL, Centos
■ Resolution : 

1. SUID or setuid:
         change user ID on execution. If setuid bit is set, when the file will be executed by a user, the process will have the same rights as the owner of the file being executed.

2. SGID or setgid: 
        change group ID on execution. Same as above, but inherits rights of the group of the owner of the file on execution. For directories it also may mean that when a new file is created in the directory it will inherit the group of the directory (and not of the user who created the file).

3. Sticky bit.
       It was used to trigger process to "stick" in memory after it is finished, now this usage is obsolete. Currently its use is system dependant and it is mostly used to suppress deletion of the files that belong to other users in the folder where you have "write" access to.

4. Numeric representation :

Octal digit Binary value Meaning

0 000 setuid, setgid, sticky bits are cleared
1 001 sticky bit is set
2 010 setgid bit is set
3 011 setgid and sticky bits are set
4 100 setuid bit is set
5 101 setuid and sticky bits are set
6 110 setuid and setgid bits are set
7 111 setuid, setgid, sticky bits are set

file should have permission: 2644
dir should have permission : 2755

5. Textual representation :

SUID If set, then replaces "x" in the owner permissions to "s", if owner has execute permissions, or to "S" otherwise. Examples:
-rws------ both owner execute and SUID are set
-r-S------ SUID is set, but owner execute is not set

SGID If set, then replaces "x" in the group permissions to "s", if group has execute permissions, or to "S" otherwise. Examples:

-rwxrws--- both group execute and SGID are set
-rwxr-S--- SGID is set, but group execute is not set

Sticky If set, then replaces "x" in the others permissions to "t", if others have execute permissions, or to "T" otherwise. Examples:
-rwxrwxrwt both others execute and sticky bit are set
-rwxrwxr-T sticky bit is set, but others execute is not set

drwxrwxrwt - Sticky Bits - chmod 1777
drwsrwxrwx - SUID set - chmod 4777
drwxrwsrwx - SGID set - chmod 2777

What are the CPU states found in "top" output?

■ Requirement : Describe CPU states found in output of "top" command
■ OS Environment : Linux, RHEL, Centos
■ Resolution  : 

Cpu(s): 0.0%us, 0.0%sy, 0.0%ni,100.0%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st

# us -> User CPU time: The time the CPU has spent running users’ processes that are not niced.
# sy -> System CPU time: The time the CPU has spent running the kernel and its processes.
# ni -> Nice CPU time: The time the CPU has spent running users’ process that have been niced.
# wa -> iowait: Amount of time the CPU has been waiting for I/O to complete.
# hi -> Hardware IRQ: The amount of time the CPU has been servicing hardware interrupts.
# si -> Software Interrupts.: The amount of time the CPU has been servicing software interrupts.

How to check details of the rpm pacakge which is not installed yet?

■ Requirement : Check details of rpm package
■ OS Environment : Linux, RHEL, Centos
■ Resolution  : 

$ rpm -qpil  

To check details of installed package :

$ rpm -qi  

Check dependencies of package : 

$ rpm -qp -requires  

How to access windows share from Linux machine

■ Requirement : Access windows share directory from linux system
■ OS Environment : windows, Linux, RHEL, Centos
■ Implementation Steps : 

1. Mount windows share using cifs file system : 

$mount -t cifs \\Win_IP\WIN_SHARE /mnt

Note : you should place windows IP and share directory in above & below command
put following entry in /etc/fstab

\\win_ip\winshare /mnt cifs credentials=/root/.smbpasswd 0 0

Details :

win_ip = win server name = win IP
winshare = share directory on windows.
/mnt = mounted directory on linux
/root/.smbpasswd = contains login credentials to access windows share
cifs = filesytem name

2. Manual Verification :

$smbclient -L //win_ip -U workgroup/win_user

3. Debugging Steps for cifs :

1) "dmesg -c" (clear the error log)
2) "echo 7 > /proc/fs/cifs/cifsFYI" (enabling cifs
informational/debug messages)
3) try the mount and examine the dmesg output ("dmesg")
4) capture tcpdump.

How do I determine if my x86-compatible Intel system is multi-processor, multi-core or supports hyperthreading?

■ Requirement : Check of processor is multi core or HT supported 
■ OS Environment : Linux, RHEL, Centos

■ Prerequisites : 

Physical ID (Physical processor or socket ID):

       The physical id value is a number assigned to each processor socket. The number of unique physical id values on a system tells you the number of CPU sockets that are in use. All logical processors (cores or hyperthreaded images) contained within the same physical processor will share the same physical id value.

Siblings (ie chield , logical processor):
       The siblings value tells you how many logical processors are provided by each physical processor.

Core ID (Core ID value) :

        The core id values are numbers assigned to each physical processor core. Systems with hyperthreading will see duplications in this value as each hyperthreaded image is part of a physical core. Under Red Hat Enterprise Linux 5, these numbers are an index within a particular CPU socket so duplications will also occur in multi-socket systems. Under Red Hat Enterprise Linux 4, which uses APIC IDs to assign core id values, these numbers are not reused between sockets so any duplications seen will be due solely to hyperthreading.

Core value (Number of core value ie how many core can be combined in one logical processor) : The cpu cores value tells you how many physical cores are provided by each physical processor.

Thread (Each core can contain max 2 threads in Intel arch) : Number of threads.

■ Resolution :

$cat /proc/cpuinfo 
$ dmidecode.

How to check whether current running kernel is tainted(contaminated) or not ?

■ Requirement : check whether current running kernel is tainted(contaminated) or not
■ OS Environment : Linux, RHEL, Centos
■ Resolution : 

The Linux kernel maintains a"taint state" which is included in kernel error messages. The taint state provides an indication whether something has happened to the running kernel that affects whether a kernel error or hang can be troubleshoot effectively by analysing the kernel source code. Some of the information in the taint relates to whether the information provided by the kernel in an error message can be considered trustworthy.

1. Following command could be used :

$ cat /proc/sys/kernel/tainted
536870912

Use the following to decipher the taint value :

Non-zero if the kernel has been tainted. Numeric values, which can be ORed together:

1 - A module with a non-GPL license has been loaded, this includes modules with no license. Set by modutils >= 2.4.9 and module-init-tools.
2 - A module was force loaded by insmod -f. Set by modutils >= 2.4.9 and module-init-tools.
4 - Unsafe SMP processors: SMP with CPUs not designed for SMP.
8 - A module was forcibly unloaded from the system by rmmod -f.
16 - A hardware machine check error occurred on the system.
32 - A bad page was discovered on the system.
64 - The user has asked that the system be marked "tainted". This could be because they are running software that directly modifies the hardware, or for other reasons.
128 - The system has died.
256 - The ACPI DSDT has been overridden with one supplied by the user instead of using the one provided by the hardware.
512 - A kernel warning has occurred.
1024 - A module from drivers/staging was loaded.
268435456 - Unsupported hardware
536870912 - Technology Preview code was loaded

The taint status of the kernel not only indicates whether or not the kernel has been tainted but also indicates what type(s) of event caused the kernel to be marked as tainted. This information is encoded through single-character flags in the string following "Tainted:" in a kernel error message.

* P: Proprietary module has been loaded, i.e. a module that is not licensed under the GNU General Public License (GPL) or a compatible license. This may indicate that source code for this module is not available to the Linux kernel developers.
* G: The opposite of P: the kernel has been tainted (for a reason indicated by a different flag), but all modules loaded into it were licensed under the GPL or a license compatible with the GPL.
* F: Module has been forcibly loaded using the force option "-f" of insmod or modprobe, which caused a sanity check of the versioning information from the module (if present) to be skipped.
* S: SMP with CPUs not designed for SMP. The Linux kernel is running with Symmetric MultiProcessor support (SMP), but the CPUs in the system are not designed or certified for SMP use.
* R: User forced a module unload. A module which was in use or was not designed to be removed has been forcefully removed from the running kernel using the force option "-f" of rmmod.
* M: System experienced a machine check exception. A Machine Check Exception (MCE) has been raised while the kernel was running. MCEs are triggered by the hardware to indicate a hardware related problem, for example the CPU's temperature exceeding a treshold or a memory bank signaling an uncorrectable error.
* B: System has hit bad_page, indicating a corruption of the virtual memory subsystem, possibly caused by malfunctioning RAM or cache memory.
* U: Userspace-defined naughtiness.
* D: Kernel has oopsed before
* A: ACPI table overridden.
* W: Taint on warning.
* C: modules from drivers/staging are loaded.
* I: Working around severe firmware bug.

The taint flags above are implemented in the standard Linux kernel and indicate the information provided in kernel error messages is not necessarily to be trusted. Additionally, the following flags are used by the RHEL kernel:

* H: Hardware is unsupported.
* T: Technology Preview code is loaded.

How to find out which process is using swap space?

■ Requirement :  Find out process which consumes swap space
■ OS Environment : Linux, RHEL, Centos
■ Implementation Steps : 

1. If we would like to sort out the running or queueing process as per swap usage we can do like :

$ top

Then press capital "o" (ie "O") followed by "p" and press enter. Now processes should be sorted by their swap usage.

2. Use script : 
Use bash script to pick up the process from /proc file system.

#!/bin/bash
# Get current swap usage for all running processes
SUM=0
OVERALL=0
for DIR in `find /proc/ -maxdepth 1 -type d | egrep "^/proc/[0-9]"` ; do
PID=`echo $DIR | cut -d / -f 3`
PROGNAME=`ps -p $PID -o comm --no-headers`
for SWAP in `grep Swap $DIR/smaps 2>/dev/null| awk '{ print $2 }'`
do
let SUM=$SUM+$SWAP
done
echo "PID=$PID - Swap used: $SUM - ($PROGNAME )"
let OVERALL=$OVERALL+$SUM
SUM=0

done
echo "Overall swap used: $OVERALL"