Friday, June 29, 2012

Files Opened By Application

In Order to find the files that are opened by an application we can use the lsof command like,

[root@vx111a bin]# lsof +f  | head

init         1      root   cwd     DIR    8,8     4096         2             /
init         1      root   rtd       DIR    8,8     4096        2             /
init         1      root   txt       REG   8,8     38652      11370583  /sbin/init
init         1      root   mem    REG   8,8     129900    918498     /lib/
init         1      root   mem    REG   8,8     1693796  918499     /lib/
init         1      root   mem    REG   8,8     20668     918500      /lib/
init         1      root   10u      FIFO  0,17                  1320       /dev/initctl

Read More

Thursday, June 28, 2012

Why 'du', 'df', and 'ls' show different result for the same disk block

du , df and ls commands show different results for the same Disk block , the reason is

 * 'ls' gives data on individual files based on the difference between the end-of-file and the beginning-of-file, whether or not blocks were actually allocated to the file
 * 'du' shows the blocks actually allocated to an individual file
 * 'df' shows the blocks allocated in the entire file system, including inodes and other meta data
Read More

Mounting a NTFS file system

Since Linux supports different File systems than Windows, there is always a problem accessing the windows files in linux.

This article helps you in mounting the ntfs file system on linux and allows accessing the files available on them. The article was written on RHEL 5.4 with Kernel 2.6.18-238.el5.Make sure you download the correct kernel packages.

There is a need for some packages to be installed for this to work. We need to download ntfs-3g and fuse packages. These are available at

For this article purpose, iam attaching the required files.

1. Install the kernel-module-ntfs rpm

[root@vx111a]# rpm -ivh kernel-module-ntfs-2.6.18-128.el5-2.1.27-0.rr.10.11.i686.rpm Preparing... ####################### [100%]
1:kernel-module-ntfs-2.6. ################# [100%]

Use insmod to insert module into the linux kernel at run time.

[root@vx111a]# insmod kernel-module-ntfs-2.6.18-128.el5-2.1.27-0.rr.10.11.i686.ko

Once successful, check for the ntfs

[root@vx111a Desktop]# lsmod | grep ntfs
ntfs                  189080  0

lsmod command shows information about all the loaded modules.

2. Install the ntfs-3g packages

  • tar -zvxf ntfs-3g_ntfsprogs-2012.1.15.tgz
  • cd ntfs-3g_ntfsprogs-2012.1.15
  • ./configure
  • make
  • make install 

3. Install the Fuge package
  • tar -zvxf fuse-2.9.0.tar.gz
  • cd fuse-2.9.0
  • ./configure
  • make
  • make install

4.Execute the modprobe command

Modprobe command Is used to load a single module or a stack of dependent modules.

modprobe fuse

Now the Final Step is to mount the ntfs file system.

 mkdir /mnt/ntfs
 mount -t ntfs-3g /dev/sda1 /mnt/ntfs
 cd /mnt/ntfs/

[root@vx111a ntfs]# pwd

[root@vx111a ntfs]# ll
total 2097497
rwxrwxrwx 1 root root       4096 Jul  4  2011 DELL
drwxrwxrwx 1 root root       4096 Jul 28  2011 Documents and Settings
-rwxrwxrwx 1 root root          0 Jul  4  2011 MSDOS.SYS
-rwxrwxrwx 1 root root      47564 Apr 14  2008 NTDETECT.COM
-rwxrwxrwx 1 root root     250048 Apr 14  2008 ntldr
drwxrwxrwx 1 root root          0 Aug  2  2011 Oracle
drwxrwxrwx 1 root root          0 Jul 22  2011 RECYCLER
-rwxrwxrwx 1 root root       1242 Apr  5 21:15 smtp.txt
drwxrwxrwx 1 root root       4096 Jul  4  2011 System Volume Information
-rwxrwxrwx 1 root root          0 Jun 20 16:39 t1d8.2
-rwxrwxrwx 1 root root          0 Apr 25 16:53 t1dc.3
drwxrwxrwx 1 root root       4096 Mar  2 17:50 TEMP
-rwxrwxrwx 1 root root     418633 Nov 18  2011 Untitled.sql
drwxrwxrwx 1 root root      86016 Jun 27 17:15 WINDOWS

You can access the files from this location, but windows specific files cannot be accessed.

Download the Files from Here 

Happy learning.
Read More

Wednesday, June 27, 2012

Empty A File

There are many ways available for making a file empty. Here are few

[root@vx111a ~]# echo "this Is jagadesh" >> sample.txt

[root@vx111a ~]# cat sample.txt
this Is jagadesh

[root@vx111a ~]# >sample.txt

[root@vx111a ~]# cat sample.txt

[root@vx111a ~]# echo "this Is jagadesh" >> sample.txt

[root@vx111a ~]# :>sample.txt
[root@vx111a ~]# cat sample.txt

[root@vx111a ~]# echo "this Is jagadesh" >> sample.txt
[root@vx111a ~]# echo "">sample.txt

[root@vx111a ~]# cat sample.txt

[root@vx111a ~]#
Read More

su vs su-

The main difference between su - and su is that the former makes the shell a login shell. This is very important especially if the user is going to su from a regular user account to a root (superuser) account. Normal users do not usually have /sbin/ and /usr/sbin/ in their search path. Therefore if a normal user wants to execute the command ifconfig, for example, after doing su, he usually gets the error message:

bash: ifconfig: command not found

With su -, on the other hand, root's .bashrc and .bash_profile and other special environment settings get sourced and this puts the sbin directories into the search path. Below is a sample session:

[testuser@localhost ~]$ su
[root@localhost testuser]# echo $PATH
[root@localhost testuser]# ifconfig
bash: ifconfig: command not found
[root@localhost testuser]# exit

and with su -

[testuser@localhost ~]$ su -
[root@localhost ~]# echo $PATH
[root@localhost ~]# ifconfig
eth0      Link encap:Ethernet  HWaddr 00:A0:CC:39:75:41
          inet addr:  Bcast:  Mask:
          inet6 addr: fe80::2a0:ccff:fe39:7541/64 Scope:Link
          RX packets:21619559 errors:1 dropped:0 overruns:0 frame:87
          TX packets:21190195 errors:4 dropped:0 overruns:4 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:1509569968 (1.4 GiB)  TX bytes:2280347397 (2.1 GiB)
          Interrupt:177 Base address:0x6800
lo        Link encap:Local Loopback
          inet addr:  Mask:
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:6159 errors:0 dropped:0 overruns:0 frame:0
          TX packets:6159 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:3784618 (3.6 MiB)  TX bytes:3784618 (3.6 MiB)
Read More

Commands on Commands

There are few commands in Linux which can be executed on other commands

To see how the command is executing and what actually is command is doing

 strace ls

An excerpt of the output,

execve("/bin/ls", ["ls"], [/* 36 vars */]) = 0
brk(0)                                  = 0x8e51000
access("/etc/", R_OK)      = -1 ENOENT (No such file or directory)
open("/etc/", O_RDONLY)      = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=61502, ...}) = 0
mmap2(NULL, 61502, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb7fb2000
close(3)                                = 0
open("/lib/", O_RDONLY)       = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\200\210\213\0004\0\0\0"..., 512) = 512
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7fb1000
fstat64(3, {st_mode=S_IFREG|0755, st_size=48156, ...}) = 0
mmap2(0x8b7000, 33324, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x8b7000
mmap2(0x8be000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x7) = 0x8be000
close(3)                                = 0
open("/lib/", O_RDONLY)      = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0@2\212\0004\0\0\0"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=25624, ...}) = 0

Strace is  to trace system calls and signals

Monitor activity: We can monitor activity using the watch command ,

watch –l 3 logName.log

watch command is used  execute a program periodically, showing output fullscreen. We can pass the time to execute the command using “-l”

Time : we can use time command to find how much time the command has taken to execute
Time ls

Whereis: we can use this to find the location of the command ,
Whereis ls

Whatis: we can use this command to get information about a command
Whatis ls

Happy learning :-)
Read More

Find Examples

The examples were used by me mostly during my work, (continuously updated)

Find and Gzip

find $PWD –type f –name “*.log” | xargs tar zcvf one.tar

Find and Remove

find –type f –name “*.log” | xargs rm
find –type f –name “*.log” -exec rm -f {} \;

Find and get confirmation to remove

find –type f –name “*.log” –ok rm {} ‘;’

Find files with size and compress

find $PWD –size + 10000c –type f –name “*.log”  | xargs tar zcvf one.tar

Find files with size and compress , that are not already compressed by gzip

find $PWD –size + 10000c –type f –name “*.log”  -regex ‘.*[^gz]’ –exec gzip ‘{}’ ‘;’

Find and grep (grep is)

find $PWD –size + 10000c –type f –name “*.log” –exec grep is {} ‘;’

List the number of files in the given directory,

Using a special predicate ‘\! –type d|f’ to exclude the listing of directories or files

Find $pwd ‘! –type d | wc –l ( list only files)

Find $pwd ‘! –type f | wc –l ( list only directories)

Find using max depth

Find $PWD –maxdepth 1 –type d –print

Find and stop executing if the result is blank

Find $PWD –name “*.bak” –print | xargs –r ls –l

If the result of find is blank ,the ls –l will not get   executed if we use “-r” option 

Redirect errors with  out seeing them on screen

find -name "*.txt" 2>>/dev/null

Find files that are accessed after the /etc/hosts/ was modified

find -anewer /etc/hosts

Find all files which are modified after the /sample file is modified

find -newer $PWD/sample

Find Files Which Changed in The Last 60 minutes

find $PWD  -cmin -60

Find Files Which Accessed in The Last 60 minutes

find  $PWD  -amin -60

FInd Files That are Updated in The Last 60 Minutes

find $PWD -mmin -60

Find all files Older than 2 days and gzip them

find $PWD -type f -mtime +2 | xargs gzip

Find the Top 20 high size files

find $PWD -type f -print0 | xargs -0 du -h | sort -nr | head -20

Find Broken Sym Links

find -type l ! -exec test -e {} \;

Find Empty Files

Find $PWD -empty
Find and Move Files
find /home -iname '*.zip' -exec mv '{}' /backup/ \;
Grep a File
find $PWD -type f | grep PAVAN
find $PWD -type f -exec egrep PAVAN {} \;

Find and Delete a file

find $PWD -type f –delete
find /tmp/bar/ -type f -delete

Please Let me Know if these need any modifications.

Happy Learning J

Read More

Halt, Reboot & Power off

The Difference between these are

Halt : halt the system

Reboot: Sym link to halt command, halt the system and then power off and start

Power off: Sym link to halt command, halt the system and then power off

Happy learning 

Read More

Getent in Linux

Getent is a shortcut for get Entries. This gets the details from administrative databases. These databases can be passwd, group, hosts, ip nodes, services, protocols, ethers and network e.t.c

The General Syntax will be 

getent [group|hosts|networks|passwd|protocols|services] [keyword]

[root@vx111a ~]# getent passwd root

[root@vx111a ~]# getent group bin

[root@vx111a ~]# getent services 80
http                  80/tcp www www-http

[root@vx111a test]# getent services mail
smtp                  25/tcp mail

[root@vx111a test]# getent services domain
domain                53/tcp

Happy learning :-)
Read More

Tuesday, June 26, 2012

How do I find how many files an application is using

In order to find how many files and application is using , we can use

lsof +c 0 | cut -d' ' -f1 | sort | uniq –c
Read More

Find Out What Partition a File Belongs To

We can use the df command to find out what partition a file belongs,

[root@vx111a perl]# df -T file1

Filesystem    Type   1K-blocks      Used        Available    Use% Mounted on
/dev/sda7     ext3    49594196     5499736  41534504  12%    /

Read More

Monday, June 25, 2012

Use Full Commands 1

Here is a List of use full commands that can used be used on linux. This page will be updated continuously with commands,

Find The MAC Address  
[root@vx111a test]# cat /sys/class/net/eth0/address

Find The Command Line Of the Process Using Specific Port
cat /proc/$(lsof -ti:631)/cmdline

Ping a Host Using Specific Interface ( Or can check Internet Connection for an Interface)
ping -I eth0

Differences between 2 files on 2 different Hosts
diff <(ssh dbs001 cat /etc/apt/sources.list) <(ssh dbs002 cat /etc/apt/sources.list)

Scp To transfer a File
Scp  /root/file1 root@
‘.’ Says to the root folder. You can use /tmp or any thing to copy to a specific location

Delete a File
Unlink fileName

Describe a Command
[root@vx111a ~]$ type ls
ls is aliased to `ls --color=tty'

Show colors assigned to directories
[root@vx11a ~]$ dircolors
export LS_COLORS

UUID for Hardisk
[root@vx111a ~]# ls /dev/disk/
by-id  by-label  by-path  by-uuid

[root@vx111a ~]# ls /dev/disk/by-id/
scsi-SATA_ST3320418AS_9VM6N3ZL         scsi-SATA_ST3320418AS_9VM6N3ZL-part11scsi-SATA_ST3320418AS_9VM6N3ZL-part6  scsi-SATA_ST3320418AS_9VM6N3ZL-part9
scsi-SATA_ST3320418AS_9VM6N3ZL-part10  scsi-SATA_ST3320418AS_9VM6N3ZL-part2

[root@vx111a ~]# ls /dev/disk/by-uuid/
10ebe17b-73b7-4222-bd0a-dc67e7b5002e  1d4cd06a-fc44-481f-9d3e-30028937acff  8674853774852B4F
1441b1a8-6545-42b7-8509-a1e0735731fb  50F268E7F268D330                      9e8dad18-2019-4dc0-accf-
bd177ac8e0d  e631b874-c545-4732-bf49-4e8bb092d798

DMI table Decoder
[root@vx111a ~]# dmidecode -type bios
Invalid type keyword: ype
Valid type keywords are:

ex: dmidecode –type memory : Prints memory relegated things

Last Reboot Information
[root@vx111a ~]# last reboot
reboot   system boot  2.6.18-238.el5   Mon Jul 30 12:44          (06:45)   
reboot   system boot  2.6.18-238.el5   Fri Jul 27 12:39          (06:36)   
reboot   system boot  2.6.18-238.el5   Thu Jul 26 13:38          (06:59)   
reboot   system boot  2.6.18-238.el5   Fri Jul 20 13:03          (06:29)   

wtmp begins Tue Jul  3 15:22:01 2012
Read More

Check the Multi Cast Address Subscribed

There are times where we need to test various address including the multi cast address.To find the multi cast address that was subscribed for the system we can use

 [root@vx111a local]# ip maddr
1:         lo
2:         eth0
            link  01:00:5e:00:00:fb
            link  01:00:5e:00:00:01
Read More