X Window System

For Linux systems, the graphical user interface of choice is the X Window System.
It is the real graphical engine underneath the desktop.
Main advantages of X windows
Separation of computing and Graphics
Different systems under X
Only Mechanism, No policy
Network Transparency
Room for future Extensions
Load Sharing
Resource Sharing
X Window System uses a client-server relationship for creating a graphical
user interface (GUI) for the user.
An X server process is started that X client processes can connect to via a
network or local connection.
The server process handles the communication with the hardware, such as the
video card, monitor, keyboard, and mouse.
The X client exists in the user space, issuing requests to the X server for tasks
to be performed using the hardware it controls.
X uses an asynchronous network protocol for communication between X
client and X server.
The X protocol defines how the graphical primitives are communicated
between the X client and the X server.
An X client running on any operating system can display on any X server
running on any operating system.
The X Windows System: Linux GUI Components
Figure : Components of the Linux GUI
The graphical environment for Red Hat Linux is supplied by XFree86
XFree86 Freeware graphical server.
XFree86 project adds hardware drivers for a variety of video cards as well
as several extensions and releases it as XFree86.
Xorg Appears to be the successor to XFree86 on many Linux distributions
(due to license problems).
The X Window System resides primarily in two locations in the file system
/usr/X11R6
A directory containing X client binaries, assorted header files, libraries,
and manual pages, and various other X documentation.
/etc/X11
The /etc/X11 directory hierarchy contains all of the configuration files for
the various components that make up the X Window System.
Installing X Server
The easiest way to install X server is to do so during the installation of the
operating system.
Install Xfree86 by using the system package manager to install the correct
package.
X server comes with many packages.
Only one of the packages will contain the actual server, the other packages will
be the support libraries, fonts, utilities, and so on.
X Server Configuration
X Server configuration consists of two fundamental tasks:
1.The first is to choose appropriate X server.
-Red Hat Linux uses XFree86 v4 as the base X Window System. To provide
maximum compatibility with older hardware, Red Hat Linux also provides the older
XFree86 v3 Server packages.
-XFree86 version 4 server is a single binary executable - /usr/X11R6/bin/XFree86.
-This server dynamically loads various X server modules at runtime from the
/usr/X11R6/lib/modules/ directory including video drivers, font engine drivers, and
other modules as needed.
-The configuration files are made up by a collection of sections, each of which
defines a particular aspect of the XFree86 server's operation...
2.The second task is to generate a configuration file appropriate for the given
hardware.
X Configuration during Installation Process
X Window System can be configured during the kickstart installation by
checking the Configure the X Window System button on the X
Configuration window.
The first step in configuring X is to choose the default color depth and
resolution.
Choose the default desktop (GNOME/KDE)
Next, choose whether to start the X Window System when the system is
booted. This option will start the system in runlevel 5 with the graphical
login screen. After the system is installed, this can be changed by modifying
the /etc/inittab configuration file.
Video Card
Select your video card from the list and click Next.
Monitor
Select your monitor from the list and click Next.
Proceed with the other installation steps.
XFree86 Startup
Starts automatically in runlevel 5.
Can be started manually with startx in runlevel 3.
When you type startx it checks for the existence of a local .xinitrc file. In its
absence it looks for the xinitrc file usually located in /etc/X11/xinit.
xinit is the master program for starting graphical desktop.
.xserverrc file
-defines the X server that you want to run and is almost never used.
Backing Up and Restoring the Desktop
-As an administrator, you can backup individual desktops and configurations
that can then be stored for quick rebuilds.
-You can also create a standard desktop layout and provide users with it.
-Create a skeleton desktop and backup the resultant desktop. Place it in the
appropriate directory.
-The standard desktop will be restored each time the user log on to the
computer.
Window Managers
-Window managers are X client programs that control the way other X clients are
positioned, resized, or moved.
-Window managers can also provide title bars to windows, keyboard focus by
keyboard or mouse, and user-specified key and mouse button bindings.
-Window managers work with a collection of different X clients, wrapping
around the program, making it look a certain way and appear on the screen in a
particular place.
Five window managers are included with Red Hat Linux:
1.kwin The KWin window manager is the default window manager for the KDE
desktop environment.
2.metacity The Metacity window manager is the default window manager for the
GNOME desktop environment
3.mwm The Motif window manager, is a basic, standalone window manager.
it should not be used in conjunction with the GNOME or KDE desktop environments.
4.sawfish The Sawfish window manager is a full featured window manager which was
the default for the GNOME desktop environment until the release of Red Hat Linux 8.0.
It can be used either standalone or with a desktop environment.
5.twm The minimalist Tab Window Manager, which provides the most basic tool set
of any of the window managers and can be used either standalone or with a desktop
environment. It is installed as part of XFree86.
Desktop Environments
-A desktop environment brings together assorted X clients that can be run together
using similar methods, utilizing a common development environment
-Red Hat Linux provides two desktop environments:
*GNOME The default desktop environment for Red Hat Linux based on the
GTK+ 2 graphical toolkit.
* KDE K Desktop Environment
GNOME :
GNOME is an international project that includes
- creating software development frameworks
- selecting application software for the desktop
- working on the programs which manage application launching
- file handling
-window and task management.
An intuitive and attractive desktop
GNOME is the default environment for major releases such as Fedora or
Ubuntu.


GNOME
*KDE
KDE K Desktop Environment
It was founded in 1996 by Matthias Ettrich
The K was originally suggested to stand for "Kool"
provides an easy to use contemporary desktop environment
to help programmers create robust and comprehensive applications in the most
efficient manner, eliminating the complexity
KDE's application framework, implements the latest advances in framework
technology positioning it in direct competition with popular development
frameworks like Microsoft's MFC/COM/ActiveX technology etc
KDE is developing a complete office application suite based on KDE's
innovative KParts technology
based on the Qt 3 graphical toolkit.
-When you start X using the startx command, a pre-specified desktop
environment is utilized. To change the default desktop environment used
when X starts, open a terminal and type the switchdesk command. This brings
up a graphical utility that allows you to select the desktop environment or
window manager to use the next time X starts.
KDE
Configuring X After Installation
-Most installations automatically configure X What happens if you want to add
X later, or if your X server will not start after installation?
-Yes, this can happen one example is with some TNT based video cards the
automatic detection of hardware is faulty for these cards, and the setup at
installation is incorrect
Two options:
1.Configure by hand by editing the /etc/X11/XF86Config file (xorg.conf for
xorg versions) and hand coding the right parameters. Difficult to do.
2.Use the tools provided by RedHat
Xf86config: - It operates entirely in text mode
Xconfigurator: - This tool can be used in either text mode or GUI mode
XF86Setup: - This tool can only be used in GUI mode

Setting up email servers
using postfix ( SMTP services), courier (IMAP & POP3 services), squirrel
mail ( web mail services)

Definition:
Mail-boxes
A mail-box is a file, or possibly a directory of files, where incoming messages
are stored.
User Agents
A mail user agent, or MUA, is an application run directly by a user. User agents
are used to compose and send out-going messages as well as to display, file
and print messages which have arrived in a user's mail-box. Examples of user
agents are elm, mailx, mh, zmail, Netscape.
Transfer Agents
-Mail transfer agents (MTAs) are used to transfer messages between machines.
-User agents give the message to the transfer agent, who may pass it onto
another transfer agent, or possibly many other transfer agents
Delivery Agents
Delivery agents are used to place a message into a user's mail-box. When the
message arrives at its destination, the final transfer agent will give the message to
the appropriate delivery agent, who will add the message to the user's mail-box.
History of SMTP
SMTP stands for Simple Mail Transfer Protocol, a protocol for sending e-
mail messages between servers. Most e-mail systems that send mail over the
Internet use SMTP to send messages from one server to another; the messages can
then be retrieved with an e-mail client using either POP or IMAP.
-SMTP is generally used to send messages from a mail client to a mail server.
*SMTP used TCP/IP protocol to exchange email messages
between two MTAs via intermediate MTAs using store and
forward principle.
*Many SMTP servers are available for Linux such as Sendmail,
Postfix, qmail, Exim.
*Today SMTP servers not only accept, relay and deliver email,
but also perform other functions like Authentication, SPAM
filtering and Access Control
Flow of Email
Step 1: Mail client connects to the SMTP server saying that it has an email to
send
Step 2: SMTP server authenticates the client to ensure that it is allowed to relay
through it
Step 3: SMTP server accepts the message and give a success code to the mail
client as well as a message ID
Step 4: SMTP server checks the recepient(s) of the message and does a local
delivery if the recepient(s) are local; if the recepient(s) are not local, then the SMTP
server initiates a remote mail delivery
Step 5: SMTP server connects to the remote mail server and tries to deliver the
email
Step 6: Remote mail server authenticates the delivery and accepts the email if it is
authorised to receive email for the recepient(s)
Step 7: The remote mail server delivers the email to the recepient(s) mailbox
Step 8: Receipent(s) open the mailbox (using protocol like IMAP or POP3 or
locally on the shell) and read the email.

Role of DNS in Mail Delivery
DNS plays a very important role in delivering email
To be able to deliver an email to a remote mail server, a SMTP server has to use
DNS to query the mail server of a specific recipient
Mail server information is stored in the DNS using the MX(Mail eXchange)
record
A DNS server could have multiple MX records for redundancy or load distribution.
Thus, to be able to deliver an email to a remote mail server, a SMTP server first has
to use DNS to query the mail server of a specific recipient
*On receiving information of the destination mail server from the MX record, a
SMTP server will initiate a connection as soon as possible
*If the connection fails, then the SMTP server will keep trying again and again until it
get a permanent error. The SMTP server can also query the DNS to get information
about other mail servers that are available for the recipient and then try to initiate a
mail delivery through them.

Installation Plan
Install Postfix MTA to host ,a local email domain.
Configure Postfix for some basic form of relay access control and test out
mail delivery to a users mailbox.
Understand how mail delivery happens and lookup emails in the users
mailbox.
Study logs to see what information is given by the mail server while
delivering email.
Install and configure a IMAP & POP3 server so that we can lookup email
using a standard mail client.
Postfix as an MTA
Postfix is a SMTP server written as replacement for Sendmail
It is designed to be secure and easy-to-use yet powerful SMTP server
Postfix can run on Linux, Unix and most Unix-like systems
Is available as source code as well as binary packages under most distributions
Is a very flexible and advanced SMTP server - can be used to run a simple single
domain mail server as well as very busy and high traffic mail servers
Installing Postfix
-If the binary has been downloaded, then use the Debian repository:
apt-get install postfix
-If the source code has been downloaded, then execute the following commands to
install postfix.
Download and uncompress the source code
Chdir to the source directory
Before compiling, ensure that libdb-dev (Berkley DB development
package) is installed since Postfix needs that
Configure the software and generate the Makefiles -
make -f Makefile.in MAKELEVEL= Makefiles
Compile the software using: make
Install Posfix: make install
Postfix is now ready to use!
The Postfix Directory Structure
Postfix uses the following directories for storing configuration, data and binaries:
- /etc/postfix - for configuration files
- /usr/sbin - for server / system binaries
- /usr/bin - for user level binaries (like mailq)
- /var/spool/postfix - for storing the mail queue
-The Postfix, by default, delivers email into /var/spool/mail/<username> file.
Postfix Configuration Files
/etc/postfix/main.cf - This is the major Postfix configuration file. It controls
all the settings and details of the Postfix MTA
/etc/postfix/master.cf - Master process configuration file; controls how
different Postfix components are initiated and run
/etc/aliases - Email and system aliases for email delivery
/etc/postfix/access - The Postfix access table; configures Postfix to
selectively accept or reject email
/etc/postfix/relocated - Handles bounce messages for users who have moved
Basic Postfix Configuration
Configure the main.cf file for the following options:
myorigin - Value = Domain; will be used for all outgoing email
mydestination - Value = Domains; what domains to receive emails for. These
domains are considered to be hosted on Postfix and Postfix will accept all email
meant for these domains
mynetworks - Value = Network subnets; what networks can clients relay from -
emails from these networks configured here
are accepted unconditionally - irrespective to whom they are addressed
relayhost - Value = host ; This configuration is not mandatory configures Postfix to
relay outgoing email through the configured host.
smtpd banner - Value = string ; Specifies what sort of banner to show for SMTP
connections
myhostname - Value = hostname ; Specifies what the machine running postfix will be
identified as
home mailbox - Value = Mailbox / Maildir ; Specifies the format and location of a
users mailbox
local recepient maps - configures how to look up valid local recepients and deliver
email to them; empty value disables recepient lookups

The Maildir Mailbox Format
Maildir format invented by Prof DJ Bernstein, the author of the qmail MTA
Replaces the mbox format
mbox format stores all mailbox messages in a single file; each message is
separated by a delimiter
Maildir format stores all messages in a directory with each message being stored
in a separate file
The filename is a timestamp - the time at this the message was delivered
Maildir mailboxes are fast, dont need to be locked during operation, can be
operated on simultaneously, are NFS-safe and very easy to use!
Using latest filesytems such as ReiserFS, which can efficiently store thousands of
files in a single directly, Maildir becomes even moreuseful
Testing Mail Delivery
The socket / telnet method
Use basic SMTP protocol to send email by connecting to port 25
A sample transaction is shown in the next slide
Using the mail command
Linux ships with a mail command that allows one to send emails
We can also use this command to test out mail delivery to local system users
Using a mail client which supports the SMTP protocol
Sample Postfix SMTP conversation
abhas@anokha:$ telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.localdomain.
Escape character is ].
220 anokha.deeproot.co.in ESMTP Postfix (Debian/GNU)
helo deeproot.co.in
250 anokha.deeproot.co.in
mail from: abhas@deeproot.co.in
250 Ok
rcpt to: abhas@anokha.abhas.in
250 Ok
data
354 End data with <CR><LF>.<CR><LF>
This is a test email - please ignore...
.
250 Ok: queued as F404B5BF82
quit
The IMAP & POP3 Protocols
-IMAP is an I nternet Message Access Protocol.
-IMAP is a more complex protocol - allows you to access other mail folders apart
from the INBOX as well - can be used to store email on the server and only keep a
copy on the local machine
-In other words, it permits a "client" email program to access remote message
stores as if they were local.
-For example, email stored on an IMAP server can be manipulated from a desktop
computer at home, a workstation at the office, and a notebook computer while
travelling, without the need to transfer messages or files back and forth between
these computers.
-IMAP uses TCP/IP port 143.
IMAP
POP
-Short for Post Office Protocol, a protocol used to retrieve e-mail from a mail
server. Most e-mail applications (sometimes called an e-mail client) use the
POP protocol, although some can use the newer IMAP (Internet Message
Access Protocol).
-POP3 is a very simple protocol that allows you to connect to a mailbox, list
emails in the INBOX and then fetch those emails one-by-one
-There are two versions of POP. The first, called POP2, became a standard in
the mid-80's and requires SMTP to send messages. The newer version, POP3,
can be used with or without SMTP.
- POP3 uses TCP/IP port 110.
POP3 vs IMAP

Protocol
Advantage Disadvantage
POP

Message storage limited
only by the capacity of
your computer.

Reading your e-mail from
multiple computers or e-
mail programs results in
messages scattered about.
Messages are stored on
your computer. If your
computer fails you may
lose all your e-mail.
IMAP

Messages are stored on
the server and are not
affected if your computer
fails.
Easily use multiple
computers or e-mail
programs to read mail.

Message storage is
limited to 2GB.
Reading messages while
offline requires use of
your e-mail program's
Offline mode.
Courier
-Courier is a mail system which includes a number of packages. It has its own
MTA. We are interested in only the following components IMAP/POP3
servers and sqwebmail
-The courier packages now share a single authentication library, courier-
authlib. This package is responsible for looking up usernames and passwords
Install courier-imap
Using ports, building courier-imap is straightforward:
# cd /usr/ports/mail/courier-imap
# make
[When prompted for options on the screen, press <TAB> to highlight OK, and
then <ENTER> to continue.]
# make install
# make clean (optional step)
Compilation will take 10 to 15 minutes on your machines.
Configure and start courier-imap & pop3
You can choose to run POP3, IMAP, or both. There is a configuration file for
each one:
/usr/local/etc/courier-imap/pop3d
/usr/local/etc/courier-imap/imapd
The default configuration is acceptable in most cases. However for a large
server you may wish to increase the maximum number of concurrent
connections from the default of 40, if you have fairly powerful hardware:
# cd /usr/local/etc/courier-imap
# vi pop3d
...
MAXDAEMONS=300
...
# vi imapd
...
MAXDAEMONS=300

Then, you need to enable the daemon(s) which you wish to run in /etc/rc.conf
# vi /etc/rc.conf
add the following line(s):
courier_imap_pop3d_enable="YES"
courier_imap_imapd_enable="YES"
And then run the startup script(s):
# /usr/local/etc/rc.d/courier-imap-pop3d.sh start
Starting courier_imap_pop3d.
# /usr/local/etc/rc.d/courier-imap-imapd.sh start
Starting courier_imap_imapd.
Test POP3
Test using telnet: POP3 and IMAP are both text-based layer 7 protocols and
you can drive them by hand.
# telnet localhost 110
Connected to localhost.ws.afnog.org
Escape character is '^]'.
+OK Hello there.
user username
+OK Password required.
pass password
+OK logged in.
stat
+OK 26 49857
retr 1
+OK 1073 octets follow.
... message
.
quit
+OK Bye-bye.
Connection closed by foreign host.
Test IMAP ..
# telnet localhost 143
Connected to localhost.ws.afnog.org.
Escape character is '^]'.
* OK [CAPABILITY IMAP4rev1 UIDPLUS CHILDREN NAMESPACE
THREAD=ORDEREDSUBJECT
THREAD=REFERENCES SORT QUOTA IDLE ACL ACL2=UNION
STARTTLS] Courier-IMAP ready.
Copyright 1998-2005 Double Precision, Inc. See COPYING for distribution
information.
a login username password
a OK LOGIN Ok.
a examine inbox
* FLAGS (\Answered \Flagged \Deleted \Seen \Recent)
* OK [PERMANENTFLAGS ()] No permanent flags permitted
* 26 EXISTS
* 0 RECENT
* OK [UIDVALIDITY 989061119] Ok
* OK [READ-ONLY] Ok
a logout
* BYE Courier-IMAP server shutting down
a OK LOGOUT completed
Connection closed by foreign host.

Squirrel Mail is probably the most popular open source web mail client. It
has a focus on compatibility, so it's usable even with the most archaic
browser as long as it supports frames and cookies.
PHP-enabled web server, like apache or apache2 with the php4 module are
required
Squirrel Mail runs on top of an IMAP-server.
Examples of good IMAP server packages are courier-imap, cyrus and
dovecot.
installing SquirrelMail
Before installing Squirrel Web Mail you need to make sure you have installed
apache2 with php support
apt-get install squirrelmail
Squirrel Mail ( web mail services)
Squirrel mail configuration file is located in: /etc/squirrelmail/ folder.
By default all settings are preloaded.
# Run squirrelmail configuration utility as ROOT
/usr/sbin/squirrelmail-configure
Now we want to setup to run under apache. Edit apache configuration file
/etc/apache2/apache2.conf and insert the following line
Include /etc/squirrelmail/apache.conf
Restart the webserver using the following command:
#/etc/init.d/apache2 restart
Access your webmail using the following link
http://yourdomain or server ip/squirrelmail
Ex : http://192.168.200.248/squirrelmail/
Create a separate local user and login as a new user.
Mail Server Logs
Always refer to logs located in /var/log/mail.log so that you can identify what
the problem is before you can troubleshoot.
Squirrel mail configuration
Setting up web servers
-- using apache ( HTTP services), php (server-side scripting), perl ( CGI support)
Web server
A Web Server is a computer which is connected to the Internet and is running
specialized World Wide Web Server software.
A computer connected to the Internet that stores and distributes Web pages upon
request.
The "server" is actually a software program running on the computer
More specifically, a server is a computer that manages and shares web based
applications accessible anytime from any computer connected to the Internet.
Web server machine, in Addition to the Web page files it can serve, it runs an
HTTP daemon, which wait for HTTP requests and handle them when they
arrive.
Your Web browser is an HTTP client, sending requests to server machines. When
the browser user enters file requests by either "opening" a Web file or clicking on a
hypertext link, the browser builds an HTTP request and sends it to the Internet
Protocol address (IP address) indicated by the URL.
The HTTP daemon in the destination server machine receives the request and sends
back the requested file or files associated with the request.

Popular web servers
Apache (open source),
Microsoft's Internet Information Server
(IIS)(commercial).
Other web server:
1. Personnel web server
2. lighttpd
3. Jigsaw
4. Sun Java System Web Server
5. Xitami web server
6. Zeus web server
HTTP (Hypertext Transfer Protocol) is the set of rules for transferring files
(text, graphic images, sound, video, and other multimedia files) on the World
Wide Web.
Hypertext Transfer Protocol (HTTP) is the primary method used to convey
information on the World Wide Web. The original purpose was to provide a way
to publish and receive HTML pages.
HTTP is an application protocol that runs on top of the TCP/IP suite of
protocols (the foundation protocols for the Internet).

HTTP
Why Apache
Worlds most popular web server.
Market share of 70% (Netcraft survey, June 2005).
Compiled modules.
Popular authentication modules
- mod_access, mod_auth, and mod_digest.
Other features include
SSL and TLS support (mod_ssl),
A proxy module, a useful URL rewriter
Custom log files (mod_log_config), and
Filtering support (mod_include and mod_ext_filter).
Apache Introduction
The Apache Web Server is a free, open source web server developed and
maintained by the Apache Server Project.
The Apache Server Project is made up of volunteer programmers as well as
contributors from all over the world.
Apache was originally developed for Unix and Linux systems however, it is now
available on other platforms such as Windows and OS.
Most Linux distributions allow you the option of including Apache in the Linux
installation.
The first version of Apache, based on the NCSA httpd Web server, was developed in
1995.
Because it was developed from existing NCSA code plus various patches, it was
called a patchy server - hence the name Apache Server.
Apache Installation
1. Download/unpack Apache2 source from the Apache httpd server
website, http://httpd.apache.org/
2. In the Apache 2 source directory, create a Makefile by typing:
3. Make Apache from the just-created Make file:
make
4. If make is successful, install Apache as root:
make install
Configure Apache
Configuration is achieved by entering directives into the httpd.conf file (in the
/etc/httpd/conf directory). Apache provides a default httpd.conf file with
directives, some of which are commented out.
Depending on your requirements, you might not even need to change anything in
the httpd.conf file, however there are some directives that you should customise
for your site (ServerName, ServerAdmin etc).
The config file is broken up into three sections, the Global Section, the Main (or
default server) section, and the Virtual Hosts section.
Here are some of the more useful directives.
Structure of httpd.conf
DocumentRoot /var/www/html
Specifies the root directory for your web files (index.html etc).
ServerRoot /etc/httpd
Specifies where your web server configuration, error, and log files are kept.
Redirect [ status ] url-path url
Maps an old URL into a new one. This can be useful if you move a page or
directory to a new location, or if you delete a file and want to redirect users to
another file.
Two types of containers most containers evaluated at every request.
Some like <IfDefine> are evaluated only at startup.
Directives are applied only for those requests that match the containers.
<Directory> container.
For example, directory indexes will be enabled for the directory /var/web/dir1
and all its subdirectories in the following:
<Directory /var/web/dir1>
Options +Indexes
</Directory>
Apache Files
/usr/sbin Contains Web Server program files and utilities.
apachectl - is a front end to the Apache HyperText Transfer Protocol (HTTP)
server. It is designed to help the administrator control the functioning of the
Apache httpd daemon.
/usr/doc - Contains Web Server documentation
/var/log/http - Contains the Apache log files
Access.log-records all requests processed by the server
Error.log -where Apache httpd will send diagnostic information and record any
errors that it encounters in processing requests.
Test the web server
1. /etc/rc.d/init.d/httpd start (starts the web server)
2. Open web browser and type http://localhost/ into the address bar
3. /etc/rc.d/init.d/httpd stop (stops the web server)
Virtual hosts
Running more than one website on a single machine.
Two forms: IP-based, or name-based.
Name-based: more than one website per IP.
IP-based: Virtual host uses IP of connection to determine correct pages to serve.
Setting up file services
using samba ( file and authentication services for windows networks),
using NFS ( file services for gnu/Linux / Unix networks) ;
Essence of file sharing
File sharing lets you share files on your machine with others on the network
File sharing also lets you access files that are shared by others
File services enable organizations to create and maintain central data stores
File servers also allow complex access control to be applied to the data stored on
the server - so that only those who should have access to the data can access it
A file server could be used to share data with a Windows network or a Linux /
Unix network - Linux contains software to do both these things
File sharing services on Linux is provided through two methods namely.
1. Linux-with-Linux file sharing is implemented with a set of protocols
called NFS (Network File Service). NFS is basically a UDP based protocol
that allows Linux and Unix systems to access files stored on other machines.
Nowadays, NFS supports TCP-based file services also.
2. Linux-with-Windows file sharing is implemented using the Samba
package. Samba is Free Software that implements the SMB and NetBIOS
protocols. It lets a Linux user create shareware so that the files can be
accessed over the network from a Windows machine.
Introduction to Samba
Project home page: www.samba.org - Opening Windows to a Wider World
Samba was developed by Andrew Tridgell, an Australian developer who basically
wanted to access files stored on a Unix machine from his Windows machine
Samba has been developed by reverse-engineering Microsoft's CIFS (Common
Internet File System), SMB (Server Message Block) and NetBIOS protocols. These
are not standardised protocols and are solely under the control of Microsoft. However,
Samba developers have managed to ensure that Samba remains abreast and up to date
with Windows development.
Samba implements the complete suite of Microsoft server protocols for file sharing,
domain controllers and membership and authentication.
Samba has several practical applications which can generally be categorized as
follows:
1. Using a Linux server as a simple peer-to-peer server. There is no user
authentication involved and no need for passwords.
2. Using a Linux server as a member server on an existing Windows NT domain.
The existing Windows domain controller will use NT authentication tools to
control file permissions and access.
3. Using a Linux server as a primary domain controller with its own user
authentication and control mechanisms
Installing Samba - From Source
Download source code from a Samba mirror (details at www.samba.org )
Uncompress source code and read the README file and other required documents
Using the configure utility, configure Samba -e.g., change the prefix to
/usr/local/samba/ so that you have all Samba related files in one directory
After downloading samba, the following commands are to be run:
gunzip samba-3.x.x.tar.gz
tar xvf samba-3.x.x
./configure
cd samba-3.x.x/source
make
make install
If needed, PATH environment variable should be changed so as to contain samba
binaries path.
Samba has to be manually started E.g., smbd -D, nmbd -D

Installing Samba
Some useful Samba binaries are :
smbd - The SMB / CIFS daemon [samba]
nmbd - The NetBIOS server daemon [samba]
smbpasswd - The Samba Password tool [samba-common]
net - Multipurpose tool for administering Samba [samba-common]
smbclient - Linux-based Samba client [smbclient]
testparm - Tests whether the Samba config files are correct [samba-common]
nmblookup - Resolves a NetBIOS name into its IP address [samba-common]
-By executing the command apt-get, install samba smbclient samba-doc swat can be
also done assuming binaries are available with Linux distribution.
-We can also start Samba using: /etc/init.d/samba start
Samba is divided into multiple packages on Debian:
samba / samba-common - main server packages
samba-doc - Samba documentation
smbclient / libsmbclient - Samba client utilities and libraries
winbind - For enabling username lookups against Windows
smbfs - For mounting Windows shares on Linux
swat - Samba Web Administration Tool
Samba Configuration & Data Files and Logs
Main configuration is smb.conf. Binaries expect to find this file as
/etc/samba/smb.conf
Samba maintains its configuration in /var/lib/samba/ and other cached
configuration in /var/cache/samba/
Default Samba logs - log.smbd and log.nmbd - can be found in /var/log/samba/
Samba also maintain a file called smbpasswd which stores information about SMB
user accounts and their passwords
The smb.conf file supplied with Debian has six sections:
1. [global] - contains many subsections for network-related things such as the
domain/workgroup name, WINS, some printing settings, authentication, logging
and accounting, etc.
2. [homes] - for file sharing of user home directories
3. [netlogon] - commented out by default, for setting the server to act as a domain
controller
4. [printers] - for printer sharing of locally-attached printers
5. [print$] - to set up a share for Windows printer drivers
6. [cdrom] - commented out by default, to optionally share the server's CD-ROM
drive
Each section has a series of statements that follow the:
option = value format and these statements are typically unique to each section

Minimal Options include: (M = Mandatory, O = Optional, s = string, m = multiple
options, b = boolean)
workgroup : M,s : The workgroup or domain that the Samba server will be a part of
netbios name : O,s : How the server will be known on the network
server string : O,s : Description of the Samba server
security : O,m : The server role that the Samba server will perform-can be one of
user (domain controller is enabled), share (only per-share level access control and
authentication is enabled), domain (authentication information is picked up from
another domain controller or server).
encrypt passwords : M,b : Whether passwords sent by a client should be encrypted
or not
passdb backend: M,s : What type of database to use for picking up user accounts
printing: O,m : Printing system to use
log level : O,s : Verbosity of the log messages
preferred master : M,b : Is the server going to be the master browser of the
workgroup?
local master : M,b : Should nmbd try to become the local master of the workgroup?
domain master : M,b : Primary domain controller?
domain logons : M,b : Enable domain logons?
logon home : M,s : The network path for the logon home share
Sample Samba Global Configuration
[global]
workgroup = NRCFOSS
netbios name = laptop
server string = Samba Test Server
security = user
encrypt passwords = yes
passdb backend = smbpasswd:/etc/samba/smbpasswd
printing = cups
log level = 1
preferred master = yes
local master = yes
domain master = yes
domain logons = yes
logon home = \\laptop\homes
logon drive = x:
Configurating Samba Shares
Samba share section can be used to write instructions to export Linux files / directories
and make them available on other machines. Basic Samba share options are:
comment - Description of what the share is about
path - Absolute path of the directory being shared
read only - Whether the share is read-only or read-write
guest ok - Should unauthenticated users be allowed to view the share?
browseable - Should the share show up while browsing the Samba server?
valid users - List of users who are allowed to see this share
force user - The user on whose behalf all directory operations are done
read list - Users with read-only access to the shares data; this is generally used in
conjugation with the force user option. If this option is given, filesystem based access
control is not used.
write list - Users who have full read-write access to the shares data
Sample Samba Share
[mydata]
comment = MyData Share
path = /mydata
read only = no
guest ok = no
browseable = yes
[homes]
comment = Home Directory of %U
path = /home/%U
read only = no
guest ok = no
browseable = no
force user = %U
Another Sample Samba Share
[test]
comment = Test Share for Force User
path = /usr/local/test
read only = no
guest ok = yes
browseable = yes
force user = admin
read list = userone usertwo admin
write list = userone userthree admin
valid users = userone usertwo userthree
admin
Managing Samba Users
Samba can only authenticate users against passwords stored in its own database; it
can not authenticate users again the Linux passwd file
However, it is necessary to have a mapping between Linux system users and Samba
users - for each Samba user, a valid system user with the same name should also exist;
otherwise Samba will not be able to lookup the user
In the simplest of scenarios, Samba can store its accounts in the smbpasswd file. The
smbpasswd utility can be used to manipulate the smbpasswd file.
To add a user: smbpasswd -a <username>
To change a user's password: smbpasswd <username>
To delete a user: smbpasswd -x <username>
Lookup man smbpasswd for help
Samba Clients
To test out Samba authentication and configuration, run the smbclient utility
smbclient Llocalhost -U<username>
smbclient \\\\<machine>\\<share-name> -U<username>
smbclient can be used to talk to a Samba server or even a Windows desktop /
server
A very versatile utility that can help debug most basic
samba configuration problems
Lookup man smbclient for help
Testing out Samba from Windows
Log on as a local user
Open up Network Neighbourhood and browse the complete network
Locate the Workgroup of interest that is setup on the Linux machine and click
on it
Inside the workgroup, select the machine and test the accessibility
There will be a prompt for a password and, if authenticated, the shares
defined in the Samba server will be shown
Try doing some operations on the share to validate whether the access control
is happening correctly or not
Introduction to NFS
NFS is a file sharing protocol primarily used on the Linux / Windows world
NFS is completely transparent for a user or application -there is no change in the
way a user or application would access a file on disk or over NFS
NFS is commonly implemented over UDP; it depends on RPC to perform most of
its functions
On Debian, the NFS server package is called: nfs-kernel-server. Installing this
package will install NFS on your Linux system.
Kernel Support for NFS
To run NFS kernel services, your Linux kernel needs to have NFS support
Kernel level NFS support is implemented at both the server and client end
Without this kernel support, you will not be able to use NFS at all
Unlike NFS, Samba is implemented completely in user space and does not depend on
the kernel at all
Each Linux and Unix / Unix-like system has a NFS client and server implementation
Setting up NFS Exports
NFS shares are configured through the /etc/exports file
Format of NFS share configuration is a follows:
<DIRECTORY> MACHINE_NAME(OPTIONS)
Eg. /data/debian *(ro,sync,no_root_squash)
A MACHINE_NAME could be any of the following:
Single host (192.168.1.1)
A network or subnet (192.168.1.0/24)
Wildcards (* or *.test.in)
OPTIONS can ba any of the following:
ro / rw - for read-only or read-write access
sync / async - use synchronous or asynchronous disk access
root squash - don't map root on client machine to root on the server
all squash - don't map any user on the client machine to its respective user on the
server; in both these cases, users are mapped to the 'anonymous' user - nobody by
default
anonuid / anongid - use the configured UID and GID for the anonymous user

Mounting NFS Exports
To use NFS exports on the client, we need to mount the NFS export from the server.
The mount command can be used for this
Syntax for NFS exports is:
mount server-name:/path-to-share-on-server /path-to-local-mount-point
Eg. mount -t nfs 192.168.6.42:/data/debian /mnt
For this to work successfully on the client, the client needs to kernel NFS support and
the portmap utility should be running. You can do this by first ensuring the portmap is
installed on your system (Debian package: portmap) and then starting portmap as:
/etc/init.d/portmap restart
Setting up proxy services
-- using squid ( http / ftp / https proxy services)
Web Proxy:
is an intermediate server between local network and the internet.
used when clients do not access the web directly
used for security, logging, accounting and performance
caching proxy:
is a server, which sits between web browsers, such as Netscape or Internet
Explorer and remote web sites.
The proxy stores local copies of files as they are downloaded, and if a file is
requested that has already been downloaded the local copy is supplied, rather
than repeating the download
Adv:
1. Save money
2. Bandwidth


browser proxy
web
Squid Proxy Server
Squid proxy server is designed to cache web content as clients requests,it checks for
presence of local copy of request, if found servers it directly. This not only saves
bandwidth usage but accelerates web speed.
Duane Wessels of the National Laboratory for Applied Network Research (funded by
the National Science Foundation) leads code development.
Squid is free, licensed under the GNU Public License. Squid runs on nearly all
flavors of Unix, including Linux.
Internet object caching
Internet object caching is a way to store requested Internet objects (i.e., data available
via the HTTP, FTP, and gopher protocols) on a system closer to the requesting site than
to the source. Web browsers can then use the local Squid cache as a proxy HTTP server,
reducing access time as well as bandwidth consumption.
Squid supports:
proxying and caching of HTTP, FTP, and other URLs
proxying for SSL
cache hierarchies
ICP, HTCP, CARP, Cache Digests
transparent caching
WCCP (Squid v2.3 and above)
extensive access controls
HTTP server acceleration
SNMP caching of DNS lookups
Supported OS
Linux
FreeBSD
NetBSD
OpenBSD
BSDI
Mac OS/X
OSF/Digital Unix/Tru64
OS/2

System Requirements
A web proxy cache requires a generous amount of memory and a fast disk I/O
subsystem.
Memory is needed to maintain lists of cached objects, and disks must be capable of
keeping up with a steady flood of random reads and writes.
Typically processor speed is not limiting factor, and a modest processor can make a
satisfactory proxy server given the appropriate I/O and memory configuration.
Downloading Squid
You must download a source archive file of the form squid-x.y.z-src.tar.gz
(eg, squid-1.1.6-src.tar.gz) from the following sites,
ftp://ftp.squid-cache.org/pub/
http://www.squid-cache.org/mirrors.html
Patch programs are available from the GNU FTP site
ftp://ftp.gnu.org/gnu/patch for upgrading to new versions.
Compiling Squid
To compile Squid, you will need an ANSI C compiler. Almost all modern Unix
systems come with pre-installed compilers which work just fine.
The old SunOS compilers do not have support for ANSI C, and the Sun compiler for
Solaris is a product which must be purchased separately.
If you are uncertain about your system's C compiler, The GNU C compiler is available
at the GNU FTP site ftp://ftp.gnu.org/gnu/gcc
In addition to gcc, you may also want or need to install the binutils package.
You will need Perl installed on your system.
For Squid-1.0 and Squid-1.1 versions, you can just type make from the top-level
directory after unpacking the source files. For example:
% tar xzf squid-1.1.21-src.tar.gz
% cd squid-1.1.21
% make
For Squid-2 you must run the configure script yourself
before running make:
% tar xzf squid-2.0.RELEASE-src.tar.gz
% cd squid-2.0.RELEASE
% ./configure
% make

Configuring Squid
The configure script can take numerous options. The most useful is --prefix to install
it in a different directory. The default installation directory is /usr/local/squid/. To
change the default, you could do:
% cd squid-x.y.z
% ./configure --prefix=/some/other/directory/squid
To see all available options, type %./configurehelp
If there is a mismatch between the header files and DNS library that Squid has
found. There are a couple of things you can try.
First, try adding -lbind to XTRA_LIBS in src/Makefile.
If -lresolv is already there, remove it.
If that doesn't seem to work, edit your arpa/inet.h file and comment out the
following:
#define inet_addr __inet_addr
#define inet_aton __inet_aton
#define inet_lnaof __inet_lnaof
#define inet_makeaddr __inet_makeaddr
#define inet_neta __inet_neta
#define inet_netof __inet_netof
#define inet_network __inet_network
#define inet_net_ntop __inet_net_ntop
#define inet_net_pton __inet_net_pton
#define inet_ntoa __inet_ntoa
#define inet_pton __inet_pton
#define inet_ntop __inet_ntop
#define inet_nsap_addr __inet_nsap_addr
#define inet_nsap_ntoa __inet_nsap_ntoa
Installing Squid
After compiling Squid, you can install it with this simple command:

If you have enabled the ICMP features then you will also want to type



After installing, you will want to edit and customize the squid.conf file. By
default, this file is located at /usr/local/squid/etc/squid.conf.
Basic Configuration
Some basic Configuration is to be done in Configuration file. By default this file
is in the following path "usr/local/squid/etc/squid.conf". In the configuration file
uncomment and edit the following lines.
cache_dir
Set cache_dir to an area that has a large amount of hard disk space in
order to devote to caching.
Cache_dir ufs /usr/local/squid/cache 100 16 256 is common.
http_port
Check http_port, 3128 is a default.
http_access
By default http_access is denied to all. You have to set ACL rules as per your
requirements. This is important because it prevents people from stealing your
network resources
cache_effective_user & cache_effective_ group
Set cache_effective_user and cache_effective_ group to a user and group. This
user should have the permission to read and write in the cache directory and in
the log files.
Configuring squid for proxy
By default, squid is configured in proxy mode. In order to cache web traffic and to
use the squid system as a proxy, you have to configure your browser, which needs at
least two pieces of information:
the proxy server's host name
the port that the proxy server is accepting requests on
Configuring squid for transparency
Using squid transparently is a two part process.
First that squid be configured properly to accept non-proxy requests (performed in the
squid module)
Second that web traffic gets redirected to the squid port (achieved in three ways
namely policy based routing, Using smart switching or by setting squid Box as a
gateway).
Getting transparent caching to work requires the following steps:
For some operating systems, you have to configure and build a version of Squid which
can recognize the hijacked connections and discern the destination addresses.
For Linux this seems to work automatically.
For BSD-based systems, you probably have to configure squid with the --enable-ipf-
transparent option, and you have to configure squid as:
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
Next you have to configure your cache host to accept the redirected packets - any IP
address, on port 80 and deliver them to your cache application.
This is typically done with IP filtering/forwarding features built into the kernel. In
Linux they call this ipfilter (kernel 2.4.x), ipchains (2.2.x) or ipfwadm (2.0.x).

Configuring squid for Reverse Proxy
To run Squid as an accelerator, you probably want to listen on port 80. And you have
to define the machine you are accelerating for. This is done in squid module,
http_port 80
httpd_accel_host visolve.com
httpd_accel_port 81
httpd_accel_single_host on
httpd_accel_with_proxy on
If you are using Squid as an accelerator for a virtual host system, then instead of a
'hostname' here you have to use the word virtual as:
http_port 80
httpd_accel_host virtual
httpd_accel_port 81
httpd_accel_with_proxy on
httpd_accel_single_host off


Verification of Config. file
To verify your configuration file you can use the -k parse option
% /usr/local/squid/sbin/squid -k parse
If this outputs any errors then these are syntax errors or other fatal misconfigurations
and needs to be corrected before you continue.
If it is silent and immediately gives back the command prompt then your squid.conf is
syntactically correct and could be understood by Squid.
Starting Squid
After you've finished editing the configuration file, you can start Squid for the first
time. First, you must create the swap directories. Do this by running Squid with the -z
option: /usr/local/squid/sbin/squid -z
NOTE: If you run Squid as root then you may need to first create
/usr/local/squid/var/logs and your cache_dir directories and assign ownership of these to
the cache_effective_user configured in your squid.conf.
Once that completes, you can start Squid and try it out. Probably the best thing to do is
run it from your terminal and watch the debugging output. Use this command:
/usr/local/squid/sbin/squid -NCd1
If everything is working okay, then your console displays: "Ready to serve requests
If you want to run squid in the background, as a daemon process, just leave off all options:
/usr/local/squid/sbin/squid
Check the cache.log file in your logs directory. This file generates run time error messages
that Squid generates.


Checking the run status of Squid
You can use the squidclient program:
% squidclient http://www.netscape.com/ > test
There are other command-line HTTP client programs available as well. Two that you
may find useful are wget and echoping.
Another way is to use Squid itself to see if it can signal a running Squid process:
% squid -k check
And then check the shell's exit status variable.
Also, check the log files, most importantly the access.log and cache.log files.