Linux - Trapping Signals

It is a general practice to interrupt a running program by passing a signal to the program or some times there may be situations that you don’t want users of your script to interrupt or exit in between by passing signals. 

A signal is a message to a process from the kernel to notify that some condition has occurred. For example, When you press the “ctrl + c” while running a program we are basically sending a signal to that program to terminate. When a signal is issued to a process, the process is interrupted and signal handler is executed. If no signal handler is available, then the default signal handler is called instead. Just run the “man -k signal” command to see the list of signals available. 

Some of the common signal types are:

SIGINT: user sends an interrupt signal (Ctrl + C). this is sent when user press the ctrl +c .

SIGKILL - The SIGKILLsignal is used to cause immediate program termination. It cannot be handled or ignored, and is therefore always fatal. It is also not possible to block this signal.

SIGTERM : this is the most generic signal used to cause program termination. Unlike SIGKILL, this signal can be blocked, handled, and ignored. It is the normal way to politely ask a program to terminate.

SIGQUIT: user sends a quit signal (Ctrl + C)

Note - the SIGKILL and SIGSTOPsignals cannot be caught, blocked or ignored.

Handling a signal is crucial for programs since they need to perform some cleanup of resources like file deletion etc before the process getting shut completely. Bash provides a simple utility called trap by which we can customize a script behavior when the script receives a signal. This is very useful, for example, to make sure that the system is always in a consistent state

[root@ansible ~]# trap -l

 1) SIGHUP           2) SIGINT     3) SIGQUIT 4) SIGILL 5) SIGTRAP

 6) SIGABRT         7) SIGBUS     8) SIGFPE 9) SIGKILL 10) SIGUSR1

11) SIGSEGV        12) SIGUSR2 13) SIGPIPE 14) SIGALRM

15) SIGTERM         16) SIGSTKFLT 17) SIGCHLD 18) SIGCONT

19) SIGSTOP         20) SIGTSTP 21) SIGTTIN 22) SIGTTOU

23) SIGURG  24) SIGXCPU 25) SIGXFSZ         26) SIGVTALRM

27) SIGPROF 28) SIGWINCH 29) SIGIO         30) SIGPWR

31) SIGSYS         34) SIGRTMIN 35) SIGRTMIN+1 36) SIGRTMIN+2

37) SIGRTMIN+3  38) SIGRTMIN+4 39) SIGRTMIN+5 40) SIGRTMIN+6

41) SIGRTMIN+7 42) SIGRTMIN+8  43) SIGRTMIN+9 44) SIGRTMIN+10

45) SIGRTMIN+11 46) SIGRTMIN+12 47) SIGRTMIN+13  48) SIGRTMIN+14 49) SIGRTMIN+15 50) SIGRTMAX-14 51) SIGRTMAX-13 52) SIGRTMAX-12

53) SIGRTMAX-11 54) SIGRTMAX-10 55) SIGRTMAX-9 56) SIGRTMAX-8

57) SIGRTMAX-7   58) SIGRTMAX-6 59) SIGRTMAX-5 60) SIGRTMAX-4

61) SIGRTMAX-3 62) SIGRTMAX-2   63) SIGRTMAX-1 64) SIGRTMAX

Let's write a simple program to understand how we can trap signals,

[root@ansible ~]# cat traptest.sh 

#!/bin/bash

#

# A simple script to demonstrate how trap works

#

set -e

set -u

set -o pipefail

trap 'echo "  signal caught, cleaning..."; rm -irf /tmp/hello' SIGINT SIGTERM

echo "Going to Sleep..."

while true

do 

  sleep 10000

done

In the above script, we used trap to catch the SIGINT and SIGTERM signals. The program goes to an infinite sleep loop and when i press Ctrl + C, the program terminals but it also executes the command that we defined in the trap condition.

[root@ansible ~]# sh traptest.sh 

Going to Sleep...

^C  signal caught, cleaning...

In this case the command are actually two, the first is the echo and second is the removal of the files in /tmp location. Instead of specifying command this way we can define a function and call it with whatever actions we want to do

Hope this short introduction helps in understanding signals and how they can be trapped in bash.

Read More

Sendmail - Send an email to your Gmail Account

Sendmail is an MTA (mail transfer agent ) server used for transferring email from different hosts. Sendmail uses SMTP ( Simple Mail Transfer Protocol ) protocol. Sendmail is one of the preferred mta used by system admins.

This article helps users for installing sendmail server on centos 7. In this article we will configure sendmail and then Gmail and finally send a mail.

1. Install sendmail using “yum install sendmail sendmail-cf m4 mailx”.

2. Create a directory for storing authentication files

[root@ip-172-31-23-93 ~]# sudo mkdir /etc/mail/authinfo

[root@ip-172-31-23-93 ~]# sudo chmod 700 /etc/mail/authinfo

3. Create an authentication file as smtp-auth and add the contents,

[root@ip-172-31-23-93 mail]# cat authinfo/smtp-auth

AuthInfo: "U:root" "I:jagadesh.manchala@gmail.com" "P:<Password for the mail>"

4. Create a hash map for the authentication file using,

[root@ip-172-31-23-93 ~]# makemap hash /etc/mail/authinfo/smtp-auth < /etc/mail/authinfo/smtp-auth

5. Configure Sendmail with SMART_HOST with below content in /etc/mail/sendmail.mc as below,

define(`SMART_HOST',`[smtp.gmail.com]')dnl

define(`RELAY_MAILER_ARGS', `TCP $h 587')dnl

define(`ESMTP_MAILER_ARGS', `TCP $h 587')dnl

define(`confAUTH_OPTIONS', `A p')dnl

TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl

define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl

FEATURE(`authinfo',`hash -o /etc/mail/authinfo/smtp-auth.db')dnl

The above lines should be added before MAILER line.

6. Rebuild sendmail configuration using make command,

[root@ip-172-31-23-93 mail]# make -C /etc/mail

make: Entering directory `/etc/mail'

make: Leaving directory `/etc/mail'

7. Restart the service using “service sendmail restart”

8. Now send a test mail using

[root@ip-172-31-23-93 mail]# echo "Test Email" | mail -s "Subject Here" jagadesh.manchala@gmail.com

While sending mail , if the mail does not come to your account, check for /var/mail/ for recently created log files and check that. SInce iam using gmail, google will not allow to send mail saying suspicious login attempt warning.

Then try to sign in your account there will be a "Suspicious login attempt" warning message at the top of the page. After clicking the warning and authorizing the access, everything works.

We can see the mail in our mail box as,

Read More

Network File System

A Network  file system ( NFS ) is a type of file system mechanism that enables storage and retrieval of data from multiple disks or directories that are spanned across network. The Nfs lets uses to access file systems or files from remote machines as if they were located on the local Machines. Nfs was originally developed by sun microsystems. 

Some of major points of Nfs are,
    Nfs allows local access to remote files
    It uses the standard Client/server architecture for file sharing between multiple machines
    It is not necessary that machines run on same Operating system
    Users can access data irrespective of physical location
    No refresh is required if new files are added.
    Have options to be secured by firewalls and kerberos

Important Services: In order to create a nfs , we need to install 3 services  

Portmap : it maps calls made from other machines to the correct RPC service 

Nfs : it translates remote file sharing requests into requests on the local file system 

Rpc.mountd : this service is responsible for mounting and unmounting of file systems 

Important Files: While working with nfs, we will be editing some system files which are, 

/etc/exports : Its a main configuration file of NFS, all exported files and directories are defined in this file at the NFS Server end. 

/etc/fstab : To mount a NFS directory on your system across the reboots, we need to make an entry in /etc/fstab. 

/etc/sysconfig/nfs : Configuration file of NFS to control on which port rpc and other services are listening. 

Installation ( Server Side ): For the demo, we will have 2 machines  “10.131.237.55” and “10.131.237.58”. We will be using “10.131.237.58” as our client machine and “10.131.237.55” as our server machine. We will create a directory on our server which will be shared to client. The client can access files from our shared location that is in server. 

In both the machine install the necessary package,  

   [root@nfsserver ~]# yum install nfs-utils nfs-utils-lib 

   [root@nfsserver ~]# yum install portmap  

Start the nfs and portmap services as below, 

   [root@nfsserver ~]# /etc/init.d/portmap start 

   [root@nfsserver ~]# /etc/init.d/nfs-server restart 

Note - if it says portmap not available while restarting, just ignore and start the nfs-server service 

In order to share the directory with nfs, we need to make an entry in the /etc/exports configuration file. We will create a directory first under the /usr/local location as nfsshare in the server. This location will be shared with the client machine.  

Create the directory using, [root@nfsserver ~]# mkdir /usr/local/nfsshare 

Set the owner and permission on this directory as, 

     Chmod -R 755 /usr/local/nfsshare 

     Chown root:root /usr/local/nfsshare 

Add entries to the /etc/exports file as below, 

[root@manja17-I19279 nfsshare]# cat /etc/exports 

/usr/local/nfsshare 10.131.237.58(rw,sync,no_root_squash,no_all_squash) 

Note - If you see the /etc/exports contains the IP address “10.131.237.58”. This is the IP address of the client machine from where we will be accessing the shared location that is created on the server. 

Restart the Nfs service and check if the locations are shared using, 

[root@manja17-I19279 nfsshare]# service nfs-server restart 

Redirecting to /bin/systemctl restart nfs-server.service 

[root@manja17-I19279 nfsshare]# showmount -e 

Export list for k8s-master: 

/usr/local/nfsshare 10.131.237.58 

From the above output we can see that the /nfsshare is now exported. 

NFS Options : we see that inside the /etc/exports file we have defined the shared location and also some options with them. Below are the options that we can use to define in the /etc/exports file 

ro: With the help of this option we can provide read only access to the shared files i.e client will only be able to read.  rw: This option allows the client server to both read and write access within the shared directory.  sync: Sync confirms requests to the shared directory only once the changes have been committed.  no_subtree_check: This option prevents the subtree checking. When a shared directory is  

the subdirectory of a larger file system, nfs performs scans of every directory above it, in order to verify its permissions and details. Disabling the subtree check may increase the reliability of NFS, but reduce security.  

no_root_squash: This phrase allows root to connect to the designated directory. 

Installation ( Client Side ) : Now that we have configured our nfs server and mounted a location to share. Lets configure the Client to access this shared location. 

In both the machine install the necessary package,  

   [root@nfsserver ~]# yum install nfs-utils nfs-utils-lib 

   [root@nfsserver ~]# yum install portmap  

Start the nfs and portmap services as below, 

   [root@nfsserver ~]# /etc/init.d/portmap start 

   [root@nfsserver ~]# /etc/init.d/nfs-server restart 

Note - if it says portmap not available while restarting, just ignore and start the nfs-server service 

Mount Shared NFS directory on the Client machine - 

Create a directory first to sync the shared location on to our client machine, 

[root@manja17-I19278 yum.repos.d]# mkdir /mnt/nfsshare 

All the contents that we see in the /nfsshare of the server machine will now be seen on the /mnt/nfsshare location of client machine. 

Mount the shared location using, 

[root@manja17-I19278 nfsshare]# mount -t nfs 10.131.237.55:/usr/local/nfsshare /mnt/nfsshare 

The above command will mount that shared directory in “/mnt/nfsshare” on the client server. You can verify it following command. 

[root@manja17-I19278 nfsshare]# mount | grep nfs 

nfsd on /proc/fs/nfsd type nfsd (rw,relatime) 

sunrpc on /var/lib/nfs/rpc_pipefs type rpc_pipefs (rw,relatime) 

10.131.237.55:/usr/local/nfsshare on /mnt/nfsshare type nfs4 (rw,relatime,vers=4.1,rsize=1048576,wsize=1048576,namlen=255,hard,proto=tcp,port=0,timeo=600,retrans=2,sec=sys,clientaddr=10.131.237.58,local_lock=none,addr=10.131.237.55) 

  

The above mount command mounted the nfs shared directory on to nfs client temporarily, to mount an NFS directory permanently on your system across the reboots, we need to make an entry in “/etc/fstab“.   
[root@nfsclient ~]# vi /etc/fstab  
Add the following new line as shown below. 
10.131.237.55:/usr/local/nfsshare /mnt/nfsshare  nfs defaults 0 0 

Now lets create some files in the /usr/local/nfsshare directory in the nfs server and we will be able to see those files in the /mnt/nfsshare of the client location 

Some of the nfs related commands that can be usefull are, 

showmount -e : Shows the available shares on your local machine 

showmount -e ip or hostname>: Lists the available shares at the remote server 

showmount -d : Lists all the sub directories 

exportfs -v : Displays a list of shares files and options on a server 

exportfs -a : Exports all shares listed in /etc/exports, or given name 

exportfs -u : Unexports all shares listed in /etc/exports, or given name 

exportfs -r : Refresh the server’s list after modifying /etc/exports 

More to Come, Happy learning :-)

Read More