SuperUser aka Root

Leave a reply

Before we go back into the world of Linux (having spent time in the world of networking), let’s talk about users again.  In particular, the SuperUser also known as Root.  Root is his every day name, SuperUser is his power!  And with great power comes great responsibility.

Groot not Root

Groot not Root

That’s Groot, not root, even though they rhyme.  Groot is a superhero, root is a superuser, and root doesn’t go around saying ‘I am Groot’ all the time.  They’re both super though.

SuperUsers’s great power is that he can do anything on a system and  I do mean, anything.  You change the permissions on your file so that you’re the only one that can see it?  Well, the superuser can see it too. He’s all powerful like Superman, but without that annoying green rock allergy.

His username is root and because he’s so powerful, he shouldn’t be logged in unless he’s absolutely needed.  The administrator of your system shouldn’t keep him logged in, but there’s a command to see who is logged in.  It’s called who.

Alpha:~ computerlamp$ who
computerlamp  console  Mar 17 08:01

There I am, logged into the system and I don’t have root logged into my system right now and that’s a good thing.

Since root is a user, he (or she!) has a password.  If you know the password, you can become root.  Like IronMan putting on his suit or BatMan suiting up, you can put on the root armor and be… SuperUser!  And like I always say, there’s a command for that.  This one is called su.

Alpha:~ computerlamp$ su
Password:
Alpha:~ :~ root#

You have to know the password in order for it to work.  If you don’t know the password, don’t try to do this.  It means you don’t have the permission to do it and if you try, you’re attempting to go around the system’s security and that’s a bad thing.  It’s like trying to lift Thor’s hammer and you’re not worthy.

If your root password gets out, then that’s a security problem.  When we made the shield group to hide the helicarrier plans, we thought we were safe from prying eyes.  But if Hydra got the root password, it wouldn’t matter.  That’s why it’s so important to keep that root password safe. The administrator of the system shouldn’t share it with anyone who doesn’t absolutely need it.

Ping — Are You There Computer?

Leave a reply

We talked about traceroute, that’s a way to see how your traffic gets to its destination.  Like putting a GPS tracker on someone and saying ‘now how did you get to the comic book store?’.  What if you want to know ‘is the other computer on the network’?  Not how do I get there, but just are you there?  There’s a command for that!  It’s called ping.

ping is a way of saying ‘are you alive?’ to another computer.  It doesn’t mean the computer is actually doing anything worthwhile, but it does mean that the computer is talking on the network.

It’s like playing ping pong.

One Person Ping Pong

One Person Ping Pong

Pretend that there’s a field that blocks your view of the other guy.   You hit the ball over to him and the only way you’re sure he’s over there is if he hits it back to you. He could be there and just not in the mood to hit, but you don’t know because you can’t see him.

Alpha:~ computerlamp$ ping www.google.com
PING www.google.com (216.58.217.132): 56 data bytes
64 bytes from 216.58.217.132: icmp_seq=0 ttl=54 time=16.306 ms
64 bytes from 216.58.217.132: icmp_seq=1 ttl=54 time=15.747 ms
64 bytes from 216.58.217.132: icmp_seq=2 ttl=54 time=15.769 ms
64 bytes from 216.58.217.132: icmp_seq=3 ttl=54 time=15.342 ms
64 bytes from 216.58.217.132: icmp_seq=4 ttl=54 time=16.163 ms

If you try it, you’ll see that it keeps pinging along and it’ll keep going until you hit control-C to stop it.  When you do that, you’ll see:

^C
--- www.google.com ping statistics ---
5 packets transmitted, 5 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 15.342/15.865/16.306/0.341 ms

It’s nice how it keeps up with the statistics, doesn’t it?  And it tells you how long the ping took in milliseconds.

Suppose we know we only want to ping a computer a couple of times.  There’s a flag for that!

Alpha:~ computerlamp$ ping -c 2 www.marvel.com PING www.marvel.com (72.32.138.96): 56 data bytes 64 bytes from 72.32.138.96: icmp_seq=0 ttl=242 time=51.122 ms 64 bytes from 72.32.138.96: icmp_seq=1 ttl=242 time=50.637 ms — www.marvel.com ping statistics — 2 packets transmitted, 2 packets received, 0.0% packet loss round-trip min/avg/max/stddev = 50.637/50.880/51.122/0.243 ms

If your favorite website is down, or not responding to your polite web request, then a good first step is to ping it.  Maybe the entire computer is down and if it is, well, maybe you could try a traceroute next.  A traceroute might tell you if the computer is down or if there’s something down between you and the computer.

In other words, ping is a useful networking tool to keep in your Linux® bag of tricks.

 

CIDR Addressing: What is it?

Leave a reply

A collection of IP addresses is a network.  We want the addresses to be contiguous, that means they should be right next to each other.  We want 127.0.0.1, 127.0.0.2, 127.0.0.3, not the addresses 127.0.0.1, 192.168.5.4 and 8.8.8.8.  Those first three are next to each other, the next three are all over the Internet.  Instead of listing everything in a network, CIDR addressing lets us use one thing to mean the whole network. We could list everything out.  That would take too long.  I want a shorthand.

An IP address is also a 32 bit number.  Instead of writing 192.168.0.5,  I could do:

1 1 0 0 0 0 0 0 1 0 1 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 1

That’s quite a mouthful, isn’t it? All 32 1’s and 0’s.  Imagine having to type that every time.

Back to CIDR addressing and networks.  To create a network, we say, ‘okay, the first 24 of these 32  1’s and 0’s cannot change!’.  Like on the Millennium Falcon the hyperdrive goes wonky and 24 of the 32 switches Han and Chewie need to flip won’t flip.  They’re stuck.  But they can flip any of the other 8.  Of course, that’s when the Empire shows up and tries to shoot them out of the sky, but that’s not the point of CIDR addressing and networks.

Back to CIDR addressing.  We fix the first 24 bits.  That looks like:

1 1 0 0 0 0 0 0 1 0 1 0 1 0 0 0 0 0 0 0 0 0

And now we let the last 8 bits be aaaaanything they want.  They can be 1 0 0 1 1 0 0 1, 1 1 1 1 1 1 1 1, or any other combination you can dream up.  Each one of those combinations makes a number.  And (insert math magic here) an 8 bit number is anything between 0 and 255.

Moving away from the 1’s and 0’s for a moment, what we’ve done is said ‘ok, the first part of my network is 192.168.0’.  The ‘second part of my network is any number between 0 and 255’.

In CIDR addressing terms, we’ve made 192.168.0/24.  That 24 is from those 24 1’s and 0’s we fixed.

You can fix any number of bits between 0 and 32.  If you fix 0 bits, then you’re listing every single IP address in the Internet.  If you fix all the bits, well, your network is just a single IP address.

Netmask

Leave a reply

The last post talked about how to find your gateway, also known as your first hop.  In the output to netstat there was a weird thing called a Genmask.  We’re going to talk about that and something called a netmask this time.

It isn’t the same thing as the mask Batman wears.  It isn’t even the same thing as the helmet Iron Man wears.  It’d be cool if it was, then we could have a helmet over the computer and wouldn’t that just be too cool for words?  But it isn’t, it’s just a fancy way of saying something else.

So the first thing, your computer is part of a local network.  It might not seem that way because you’re using a cable provider or DSL or wireless at a library or however you’re using the Internet, but there’s a local network your computer is part of.  We’ll pretend it’s 256 computers.  It makes things easier to begin with.

The first part of your IP address is the network that it is a part of.  So if your IP address is 192.168.0.25 then the network part of that IP address is 192.168.0.  (Why is that true?  Remember how I said that every part of an IP address is a number between 0 and 255? So that last dotted quad can be any number between  0 and 255 and there’s 256 numbers right there.)

Back to talking about networks!  We now know what your network is, that’s a start.  We also know that there’s 255 possible other IP addresses in that network.

The netmask (or subnet mask or network mask your choice!) is another way of saying this.  The netmask for your network is 255.255.255.0.  That means that the first three quads are fixed and the last is allowed to roam free!  Free!  Free as a bird!

Wait, I digress.  It also means that those are the computers you don’t need routing for because you’re all together.  There’s all different sizes of networks, next time we’ll talk about some more and how we write them in shorthand notation.

Wait, I almost left off genmask!

Alpha:~ computerlamp$ netstat -rn
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
0.0.0.0         192.0.2.0       0.0.0.0         UG        0 0          0 eth0

If 255.255.255.0 means that that last quad can be anything, then 0.0.0.0 means that, well, anything goes!  You can put any IP address in those spots that you want  In other words, this Gateway (192.0.2.0) is how you get anywhere from your computer, no matter what.

That First Hop

1 Reply

In the last post we talked about how your data moves around the Internet, which is neat and all, but how does your computer know how to take that first hop?  Somehow your data has to get onto the route to get to www.google.com.  When you get into a car to take a ride to the comic book store, or the gaming store, or the computer store, you open the door to your home and step out through that.  That’s what your computer does, it takes the gateway to the Internet to get anywhere on the Internet.

Like in Star Trek, when they step onto the transporter to go somewhere, that’s their first hop.  Or in Portal, when you jump through the portal to go anywhere, that’s your first hop.

But what’s the computer’s first hop? If you’re reading this blog from your home Linux® system, you had to get here somehow.

And of course, there’s a command for that!  It’s called netstat.

Alpha:~ computerlamp$ netstat -rn
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
0.0.0.0         192.0.2.0       0.0.0.0         UG        0 0          0 eth0

Now the next question:  What in the world does that mean?  Looks kind of like nonsense, right?  Kind of what you’d see when watching The Avengers, they’d show it on one of the screens so it would look official, even if it is just a status report.

The Iface at the end of the report is the hardware that the computer uses to connect to the Internet.  It’s usually called eth0, or ethernet 0.  If you have multiple interfaces on your computer, you might see eth1, eth2, eth3, or more.  Sometimes you’ll see lo0 as an interface.  That’s the interface that the computer uses to talk to itself on the Internet.  Isn’t that weird?  Your computer talks to itself on the network and to make that happen, it has a hardware interface to do it.

The IP address under Gateway is the IP address that your computer uses as its first hop.  We’ll talk about masks next time, for now, you can read more in the man page.  Of course there’s a man page, there’s always a man page!

 

More about Networking, aka Route my Traffic

2 Replies

So we talked about IP addresses, we talked about how to turn a domain name into an IP address… so the next question is, how do we get there from here?  I mean, how does my computer access that domain that I want to see?  Well, it’s called routing or taking a route.

When I leave my house and go to the comic book store, I take a route.  I can go down back roads or main roads or even sneak through back alleys if I’m walking.  I could even take a detour through the Batcave (if I knew where it was) or sneak through Stark Enterprises (If I knew where that was!).

But I’m lazy.  Taking all those detours or back alleys or even back roads is just the long way and I really want to get there as quick as possible.  I want the latest Spiderman, please, or the latest Wonder Woman.  I don’t want to spend all my time getting there.

Well, the Internet works the same way.

When you go from your computer to www.google.com, you send your traffic on a route through the Internet.  That route takes you through various computers with a special tasks, known as routers.  You hop from one router to the next until you reach that magic destination.  Which is kind of why each step is known as a hop.  Think of it as a magical rabbit carrying your information from one computer to the next until he reaches his rabbit hole.  Or don’t, that’s rather silly.

Of course, there’s a command to see those hops.  It’s called traceroute.

You can run this from your command like:

Alpha:~ computerlamp$ traceroute www.google.com
traceroute to www.google.com (172.217.4.164), 30 hops max, 60 byte packets
 1 ip-69-163-160-1.dreamhost.com (69.163.160.1) 2.273 ms 2.246 ms 2.229 ms
 2 pdx1-cr-1.sd.dreamhost.com (66.33.200.2) 0.211 ms pdx1-cr-2.sd.dreamhost.com (66.33.200.3) 0.229 ms 0.268 ms
 3 pdx1-bdr-2.sd.dreamhost.com (66.33.200.1) 0.239 ms pdx1-bdr-1.sd.dreamhost.com (66.33.200.0) 0.234 ms 0.262 ms
 4 pdx1-bdr-1.sd.dreamhost.com (66.33.200.0) 0.248 ms google.nwax.net (198.32.195.34) 5.565 ms pdx1-bdr-1.sd.dreamhost.com (66.33.200.0) 0.215 ms
 5 google.nwax.net (198.32.195.34) 5.589 ms 6.025 ms 108.170.245.114 (108.170.245.114) 5.611 ms
 6 209.85.248.159 (209.85.248.159) 6.152 ms 108.170.245.98 (108.170.245.98) 5.733 ms 66.249.94.201 (66.249.94.201) 6.185 ms
 7 209.85.250.126 (209.85.250.126) 8.912 ms 72.14.238.38 (72.14.238.38) 9.633 ms 209.85.250.126 (209.85.250.126) 8.765 ms
 8 74.125.37.136 (74.125.37.136) 30.852 ms 30.771 ms 209.85.250.126 (209.85.250.126) 8.087 ms
 9 209.85.248.124 (209.85.248.124) 30.571 ms 74.125.37.136 (74.125.37.136) 29.833 ms 209.85.247.0 (209.85.247.0) 29.980 ms
10 108.170.247.129 (108.170.247.129) 31.130 ms 209.85.247.0 (209.85.247.0) 30.637 ms 30.647 ms
11 108.170.247.161 (108.170.247.161) 31.333 ms 31.123 ms 108.170.247.129 (108.170.247.129) 30.494 ms
12 108.170.234.215 (108.170.234.215) 30.513 ms lax28s01-in-f164.1e100.net (172.217.4.164) 30.423 ms 108.170.234.213 (108.170.234.213) 30.562 ms

That’s twelve hops to get there from here!

Or I could use what is called a Looking Glass Utility and do it on a webpage.  Global Crossing has such a Utility.  This lets you see the route from somewhere else, rather than from your computer.

traceroute doesn’t always work.  Sometimes companies block the kind of traffic that traceroute uses.  Try using it to go to www.marvel.com and see what happens!  If you

 

DNS

1 Reply

In the last post we talked about how computers only understand numbers not names, in this post we’ll talk DNS. It’s how the computer knows what number goes with what name without knowing every
possible combination.

IP addresses can also change, so a computer would not only have to keep up with every possible combination but also all of the possible changes every second of every day.  Remember, there’s 4294967296 IP addresses. This translates to ‘a lot of them’. I’m not sure even a superhero could do that without help. Hrm. Maybe Batman or Iron Man could build something.

Now in the old days of the internet, this was possible. It wasn’t that big. Now… it’s that big. I mean, we’re running out of IP addresses and there’s 4294967296 of them.  Since we have no superheroes to solve this, we had to rely on the geniuses that created the whole thing to begin with. They’re the superheroes of the Internet!

Back to what DNS is. It’s a system that takes a name and returns an IP address. When you open your web browser to go to www.google.com, the first action it takes is to find that IP address using DNS. It asks the server known as a name server.   It doesn’t just ask any name server though, it asks the servers known as the roots.

The roots are a collection of name servers that only know where other name servers are.  It’s like a super search engine.  Suppose there’s a search engine that tells you if you need to go to Google or Bing or Yahoo or even Wikipedia to do your search.  You have to go to the super search engine first, then to that engine, then FINALLY to your answer.

In the case of DNS, you go first to the roots (that is, super search engine) who tells you what name servers know the answer for domains that end with com, and then that name server will tell you the name server that knows the answer for google.com.

No one name server knows all, it’s what is called a distributed system. This means if one name server is taken off line, it still works. Unlike the Death Star, that’s a single system. Blow that thing up and there goes the Empire!  Or those droids in Phantom Menace.  They blew up the one ship that controlled all the droids and WHOOPS, there goes all the droids offline!

If you want to find the IP address for www.google.com, there’s a command for that.

Alpha:~ computerlamp$ host www.google.com

Try it out, see what you get!

Networking

4 Replies

Let’s change the pace a little bit, we’ve talked about using the command line to do things, now we’re going to talk about the computer network and IP addresses.  That’s also know as networking.

These days, computers do everything. Planes, trains, automobiles, your house, your phone, everything has computers. Everything is on the network too! You can even buy  light bulbs that you can talk to over a network connection. Isn’t that weird? I can’t wait for my light bulb to message me ‘I’m dying, please replace me.’ I wonder if Batman has network enabled gear yet. Can you imagine his Batmobile sending a message saying ‘My tire is low’. I wonder if it would send that to Alfred instead of Batman…

Anyway, back to the computers doing everything. One important thing to know is that they don’t understand words, they understand numbers. If you tell your phone ‘connect me to the Batmobile’ it won’t understand the word ‘Batmobile’, it has to turn it into a number it will understand. (And if your phone does connect you to the Batmobile, tell me how you did it? I want to talk to it too!)

Those numbers are called IP addresses.  An IP address (also technically called an IPv4 address) is a number between 0 and 4294967296.  Can you imagine having to remember the IP address of your computer if it was just an integer?  2130706433 is an awful number to have to memorize.  Luckily, the geniuses who designed everything came up with dotted quad notation.  It’s a bit mathy (wibble wobble effect here) but instead of memorizing 2130706433, you’d memorize 127.0.0.1.  That’s four numbers to remember with dots in between, which is why they called it dotted quad.

This website has a converter so you can see what the integer is for the IP address of your computer.

But first, you’ve gotta know the IP address of your computer before you can use that website.  There’s a command for that!

Alpha:~ computerlamp$ ip addr show

Try it out and see what you get!

The bashrc file

Leave a reply

In this post we made aliases… now we want to save them in a file; bash has such a file called the .bashrc file.  It’s also known as the bash configuration file.

That period before the name is very important, without it it isn’t the right file.  It also means that the filename is hidden from view when you do a ls.  You have to use the ls -a flag in order to see it.

But this post isn’t about ls, it’s about the .bashrc file.  We’re going to use nano, that useful editor we talked about in the last post, to edit the file.

I’ll start with opening the file in nano:

Editing .bashrc with nano

Editing .bashrc with nano

I did this with the command:

Alpha:~ computerlamp$ nano .bashrc

Now I’ll type those two alias commands that I used before.  I aliased more to less and history to whatIdid:

Adding Aliases to the .bashrc file

Adding Aliases to the .bashrc file

And now we save the file:

Saving .bashrc with nano

Saving .bashrc with nano

Well, so now what?  I edited the file, I added those two lines, and saved it… just don’t forget to exit nano when you’re done with control-X!

Once we created the file, we need to use it.  Otherwise, we just saved our aliases in a file to do nothing.

It’s called sourcing  the file.  The command to do it is:

Alpha:~ computerlamp$ . .bashrc

See that dot before the .bashrc?  Be sure to type it.  That’s how bash knows to use its configuration file.  Also, every time you open up a new terminal, you’ll have those aliases.  And you’ll be able to see them with the alias command.

You can also look at what you’ve got aliased by using:

Alpha:~ computerlamp$ cat .bashrc

The output is exactly the same, no matter which one you use.  It looks like:

alias less='more'
alias whatIdid='history'

The .bashrc has other uses aside from aliases, we’ll talk about more in the future.

Nano! Creating, Changing and Saving Files

Leave a reply

In this post we created files using the echo command, now we want something more complex.  The answer is to use an editor.  Now this isn’t an editor like the guy who works for a newspaper, this is a program that lets us create, save, change, and otherwise fiddle with a file.  We’re going to use one called nano.

In the Linux© community, a good way to start an argument is to ask a group of people what the best editor is.  It’s kind of like asking who the best superhero is (I’m told Deadpool. I personally like Iron Man… or even Hawkeye… Black Widow is cool… see what I mean?) or which is better, Marvel or DC?  So we’re not going to talk about best editor, we’re going to start with an easy one.

Alpha:~ computerlamp$ nano

This is what it looks like:

The nano editor

The nano editor

I can type whatever I want into this screen, like this:

Editing with nano

Editing with nano

I can save it with the key combination control-O:

Saving with nano

Saving with nano

I just have to tell it what filename I want.  I’m going to save it as nano.txt.

Then, when I’m done, I’ll exit nano:

Exiting nano

Exiting nano

And now I can create, edit and save a file.  What if I want to edit the file again?

Alpha:~ computerlamp$ nano nano.txt

That brings up that file I just created.

nano has a man page, and it even explains why it’s called nano:

NANO(1)                                                                                NANO(1)

NAME
       nano - Nano's ANOther editor, an enhanced free Pico clone

SYNOPSIS
       nano [OPTIONS] [[+LINE,COLUMN] FILE]...

There’s also help available within nano, if you use the key combination control-G you’ll get a help screen that looks like:

Help within nano

Help within nano

nano is one of the easiest editors to use, which is awesome because we no longer have to rely on echo!  It also creates what are called text files, which means that what  you type in is what you get.