While Mac OS is unlike any Unix-like operating system I've managed so far, there are certainly some of similarities. I can honestly say that I'm enjoying the Mac Book Pro so far, and hope to discover most of the differences compared to my previous Unix-like desktop which is Ubuntu 9.10.

Mounting NFS on MAC OS X

One thing which I noticed immediately was that out of the box it was impossible to mount any NFS shares from my Ubuntu NAS server. Any attempt to mount a remote filesystem would give me an error like this:

mbp:~ root# mount nasbox:/try /mnt
mount_nfs: /mnt: Operation not permitted

This error was happening for a relatively simple NFS share on the Ubuntu box:

nasbox# cat /etc/exports
/try            (rw)

… so I started looking around and realized that the reason for this strange problem is quite simple.

Mac OS X uses non-standard port for outgoing NFS connections

That's right – apparently, Mac OS X uses a non-privileged port (2049) for TCP and UDP connections serving the NFS transport. What this means is that most likely attempts to mount remote filesystems will fail, because most NFS servers don't really like connections from insecure ports.

There are two ways to approach this problem:

1. Fix it on the client side (probably makes more sense)
2. Fix it on the NFS server side (if you manage both systems)

Using reserved NFS port number on Mac OS X

There's a mount option supported by the mount_nfs command, which allows you to force the NFS client connections to originate from a privileged port. This will magically make your attempts to mount remote filesystems successful. The option is called resvport.

First we double-check that default mounts still don't work:

mbp:~ root# mount nasbox:/try /mnt
mount_nfs: /mnt: Operation not permitted

… and now let's use the resvport option:

mbp:~ root# mount -o resvport nasbox:/try /mnt

… and make sure we're actually looking at a mounted filesystem:

mbp:~ root# df -h /mnt
Filesystem   Size   Used  Avail Capacity  Mounted on
nasbox:/try    61Gi   56Gi  2.6Gi    96%    /mnt

Allowing connections from non-privileged ports on NFS server

Like I said, if you manage both the Mac OS based client and the NFS server, perhaps it makes more sense to relax the default NFS server security and allow the connections from non-privileged ports.

Just to remind you about the validity of such a decision, the option to allow non-privileged connections is called insecure.

Here's how you use it:

nasbox# cat /etc/exports
/try            (rw,insecure)

After making this change to the /etc/exports file, you'll have to restart your NFS server. On my Ubuntu NAS box, it's done like this:

nasbox# /etc/init.d/nfs-kernel-server restart
* Stopping NFS kernel daemon
…done.
* Unexporting directories for NFS kernel daemon…
…done.
* Exporting directories for NFS kernel daemon…
…done.
* Starting NFS kernel daemon
…done.

We know are ready to attempt the default mount of the same filesystem on the Mac OS X client:

mbp:~ root# mount nasbox:/try /mnt

That's it! I won't promise any Mac OS posts just yet, but if there is enough interest – I'd love to do the research and to post all the discoveries on the Unix Tutorial pages.

If you're an existing member and have a topic which you think belongs to the Operating Systems Basics module, please leave a comment.

The purpose of the module is to give a very high level overview of how modern operating systems work and to also explain the importance of securely managing all the available resources (hence a few topics on files, users and privileges). Almost every single topic deserves a separate module, if not a course, on its own – but for the moment it will be really basic stuff.

Here's the list of topics so far:

• What OS is and why we need it
• Features of a modern OS
• Kernel and kernel modules
• Features of Unix OS
• MINDMAP: Features and components of an OS
• Everything is a file! Types of files in Unix
• A typical filesystem tree of a Unix-like OS
• Users, privileges and file ownership
• Executing a binary file in Unix

To all those of you asking for the date when this module will be posted: I will make the Operating Systems Basics module available to all the existing Unix Tutorial Members on February 1st, 2010.

See also:

• Unix Tutorial – members area
• What Unix Tutorial members area is about
• Unix Tutorial gets a Facebook page

See you all there, and feel free to share your suggestions – either here or on the wall of the Unix Tutorial page.

How to confirm if IPv6 is running on your system

IPv6 is implemented as a kernel module, so you can use the lsmod command to confirm if it's currently running on your Red Hat system:

$ lsmod | grep ip
ipv6                  410913  36

If lsmod doesn't return anything, it confirms that your system isn't running IPv6.

Prevent IPv6 from getting started by modprobe

As you probably know, modprobe command is used for probing modules upon system boot. Probing simply means a module is loaded and an attempt is made to start it up. With any luck, the module starts successfully and its functionality becomes available to the Linux kernel.

For the boot stage, modprobe uses a special config file which helps you control its behavior: /etc/modprobe.conf. For now, let's just concentrate on the IPv6 task at hand. To make sure modprobe doesn't load the actual module next time your OS reboots, add the following line to the top of the /etc/modprobe.conf file (yes, you're going to need root privileges for this):

install ipv6 /bin/true

WHY THIS WORKS: just to quickly explain the line above, here's why we're using the /bin/true command. install is rule of the modprobe config file which overrides the standard way of probing a module. Effectively, it tells modprobe to just run the specified command for starting a module. In the line above, we're telling modprobe to use the /bin/true command for probing the ipv6 module. And as you remember, /bin/true is a command which doesn't do anything but still returns a successful completion code – so in effect we're doing nothing instead of loading the ipv6 module, and we're looking good while doing this too.

Next, add the the following two lines to the same /etc/modprobe.conf file, and they will ensure that common aliases used for starting the IPv6 module are ignored by modprobe:

alias net-pf-10 off
alias ipv6 off

IMPORTANT: These change doesn't immediately disable IPv6 on your system. Being a pretty important module, IPv6 isn't easy to disable on a live system, and so the easiest is to always follow the changes above with a reboot.

Make sure your IPv6 firewall is disabled

The ip6tables service (/etc/init.d/ip6tables sciprt) is responsible for starting IPv6 firewall, and so you probably want to disable it:

# chkconfig ip6tables off

and then confirm that it won't be started next time you reboot or switch to any runlevel:

# chkconfig --list ip6tables
ip6tables       0:off   1:off   2:off   3:off   4:off   5:off   6:off

That's it, there really is nothing else to disabling IPv6. Let me know if you have any questions, otherwise I'll talk to you soon!

Since Unix Tutorial is a technical blog, I'll try and stay as technical as possible within the topic.

Virtualize to consume less energy, get rid of old hardware

Old servers required a much bigger commitment in the past: not only did they cost a fortune, but they also needed a lot of space and required a lot of power. These days, 1u or 2u server solution can easily outperform a computing system which used to take a whole cabinet in your datacentre. And since the cost of supporting old hardware only increases with each year, it makes a lot of sense to simply but a new server to replace the old infrastructure.

If you're really big into the whole life cycle thing, an even better approach is to virtualize most of your systems. There are quite a few great solutions today – vSphere from VMware, Xen and KVM based virtualization from RedHat and the xVM family of virtualization solutions by Sun Microsystems (Oracle).

A ratio of 15 virtual machines per 1 physical server isn't that uncommon, which can give you an idea about the kind of improvement you'll get by following the route of virtualization.

The math is really simple: shut down 15 old servers, keep only 1 new server running – this means greatly reducing the amount of energy and therefore helping the planet stay green for a bit longer.

Read from your screen, print less

Perhaps on a much smaller scale, the issue of printing materials is also a direction you may want to explore if you're serious about helping the climate change prevention.

Many of us still print dozens of sheets of A4 paper a day. We print out emails and directions, man pages and screenshots – many of these to never be used again.

Start small and pay attention to every urge of yours to print something out. Ask yourself a few simple questions just to be sure that you absolutely need each piece of the information printed out.

As a Unix administrator, you should find ways to monitor your printing service. Even simple things like weekly stats of the top users printing stuff out might sometimes help you save really big on the paper and toner cost. Many users print stuff out without a certain reason for doing so – it's just their habit.

This means that if you're familiar with lpstat and lpadmin commands, you have a chance to help yourself and others become more aware of how much you're printing and what can be done to break your printing patters.

eInk-based book readers are a great alternative for those of you who claim they absolutely can't read off screen. It may be a while until A4-sized readers become widely available and affordable, but already you can get a book reader for just a few hundred dollars and this little device can be used for storing and reading of many books – all without much of an environmental impact, since you no longer need paper books.

Use only what you need

You'll be amazed how much can be saved if you run CPUs on your system at the speed sufficient to fulfill your computational needs instead of having everything running at 100% of their speed!

Many modern servers have power-awareness and intelligence built-in. I especially like blade server solutions – Dell, HP and Sun have all got a range of blade enclosures and blade servers on offer.

The beauty of using blades is that blade enclosures are extremely intelligent and configurable devices – you can use them to cap the power draw for your whole enclosure or a certain blade. Such power limitations will usually result in a lower performance, but for many solutions it's not critical at all. For example, if your blade hosts a FlexLM licenses server or serves web pages, it will be almost impossible to spot a performance difference even if you significantly lower the CPU speed.

Most operating systems support power management options. For desktops, this means ability to manage the speed of your cooling fans or the speed of your CPU which immediately has an impact. Sometimes you can also control your graphics card in the same manner. If you add screen blanking and hard drives management to this (configuring the sleep times for periods of long inactivity), you have all you need to reduce the power draw of your PC and ultimately help our planet stay the way it currently is or maybe even get refreshed over the next few years.

That's it for today! Sure enough, these tips may not seem to be all this climate change preventative, but trust me – we all have to participate with however small steps and environmental improvements we can think of.

See also:

• Blog Action Day website
• Change
• Desktop Virtualization website

If you're in need of quick help – drop me a message on Twitter – I'm UnixTutorial there. I can't promise a prompt reply, but at least this way you'll have some interactivity.

I see how many people leave questions in comments to my posts, and I don't always have the time to reply – so feel free to send me an email if you really need my help.

I'm back from my holidays, and it's time to open the Unix Tutorial members area for new registrations once again!

If you're still looking for a reason to become a member – please read the Becoming a Unix Tutorial member post.

This time around, new users will receive a life-time access to just one course, the Unix foundations one. This is going to be a constantly updated and expanded course so I'm sure you'll benefit from revisiting it now and then. New courses added at a later stage will never be available for free: I plan to make them very specialized and will charge for access – more on this later.

Wait no more – here's your chance to join: Unix Tutorial members sign-up. I don't have nearly as much time to further develop the course, but please take time to leave a comment to this post or update a thread on the Unix Tutorial members discussion board about what exactly you're interested in.

Basic calculations with bc

bc is a very simple command. It takes standard input as an expression and then evaluates this, performing all the necessary calculations and showing you the result. Thus, to quickly sum numbers up or get a result of some other calculation, simply echo the expression and then pipe it out to the bc command:

ubuntu$ echo "1+2" | bc
3

Now, in scripts your calculations with bc are done quite similarly to what we did in bash. Here's an example:

ubuntu$ NUMBER1=1
ubuntu$ NUMBER2=2
ubuntu$ SUM=$(echo "$NUMBER1+$NUMBER2"| bc)
ubuntu$ echo $SUM
3

I told you these calculations would be basic, right? Now onto the more interesting stuff!

Fixed point calculations with bc

Most people learn about bash math limitations when they attempt to do a simple calculation but can't get the current answer with fixed point values. By default, all the operations happen with integers, and that's what you would get:

ubuntu$ echo "1/2" | bc
0

Now, if you expect 0.5 to be the result of dividing 1 by 2, you need to explain it to bc, because by default it doesn't show you any fractional part of the number.

The way you do this is quite simple: all you have to do is specify the number of digits you'd like to see  after the radix point of your result. For example, if I set this number to 5, I'll get bc to output the result of my calculation with 5 digits after the radix point. The special keyword to convey this intention to the bc command is called scale. Just specify the scale value and separate it from the rest of your expression by the semicolon sign:

ubuntu$ echo "scale=5; 1/2" | bc
.50000

Here's another example:

ubuntu$ echo "scale=5; 0.16*10.79" | bc
1.7264

Hope this answers your question! bc command is very powerful, so I'll definitely have to revisit it again in the future. For now though, enjoy the fixed point calculations and be sure to ask questions if you think I can help!

See also:

• Summing numbers up in Unix scripts
• Basic math in Unix scripting
• Another way of doing calculations in scripts
  

An example of a command alias in Unix shell

Here's one of the most useful aliases I have for Solaris systems:

solaris$ alias ls='/usr/local/gnu/bin/ls --color -F'

What is allows me to do is to simply type "ls" instead of the really long command line it refers to: /usr/local/gnu/bin/ls –color -F.

You see, the ls command which is shipped with Solaris, doesn't have many options of the more up-to-date GNU ls command, and working with many Linux systems I quite like some of them like color highlighting of different directory objects – files, directories and executables.

Try typing the longer command a few times in a row, and compare it to the "ls" to get the idea of how much of a productivity gain one command alias can be!

Why you should use command aliases

Like many other things in Unix, aliases are a way to become more productive. The general rule of thumb is this: if you have to run some command something more than once every day – consider creating an alias for it. These are just a few cases where it makes sense to employ them:

• if you repeatedly check whether some files exist or get updated
• if you're monitoring a certain aspect of your OS and you get the values using grep command
• if you're connecting to the same hosts using rsh or ssh

All of these and many more examples are greatly simplified if you alias them to some shorter commands.

Creating new aliases in bash

Setting up a new alias is quite easy, the syntax for alias command is very straightforward. Let's say I want to automate the confirmation of swap usage based on a free command in Linux:

redhat$ free
total       used       free     shared    buffers     cached
Mem:       2075156     945712    1129444          0     177292     503416
-/+ buffers/cache:     265004    1810152
Swap:      2040244          0    2040244

The result I'm after is this command:

redhat$ free | grep Swap
Swap:      2040244          0    2040244

And here's how I can create an alias called "swp" which refers to this series of commands:

redhat$ alias swp='free | grep Swap'

Once you execute this command, you can start using swp as a Unix command:

redhat$ swp
Swap:      2040244          0    2040244

Important: such a creation of new aliases is going to be only active for your current Unix shell and sub-shells you may spawn. To make your alias permanent, you'll have to update one of your initialization scripts like. For Linux and bash, you should add the same alias command to your .bashrc file.

Removing aliases in Unix

In very much the same way, you can use the unalias command to get rid of a certain alias. The nature of this command is such that you'll most likely use it when creating and debugging new aliases. It's unlikely that you'll need to use it in your initialization scripts.

Following the example above, here's how to get rid of the swp alias and verify that it's gone:

redhat$ unalias swp
redhat$ swp
bash: swp: command not found

How to list your current aliases

If you run the alias command without any parameters, you'll be shown a full list of aliases currently configured for your user account, here's an example from one of my systems:

l.      ls -d .* --color=tty
ll      ls -l --color=tty
ls      ls --color=tty
vi      vim

That's it for today! Stay tuned for a follow-up post which will share some of the examples for command aliases in Unix. If you have some – please leave a comment so that I can share it with others!

See also:

• Unix commands: ls
• List directories in a given directory
• How to find what symlink points to
  

Installing SSH server in Ubuntu

By default, your system will have no SSH service enabled, which means you won't be able to connect to it remotely using SSH protocol (TCP port 22). This means that installing SSH server will be one of the first post-install steps on your system.

The most common SSH implementation is OpenSSH server, and that's exactly what you want to install.

Log in with your standard username and password, and run the following command to install openssh-server. You should be using the same username that you specified when installing Ubuntu, as it will be the only account with sudo privileges to run commands as root:

ubuntu$ sudo apt-get install openssh-server
[sudo] password for greys:
Reading package lists... Done
Building dependency tree
Reading state information... Done
Suggested packages:
  rssh molly-guard openssh-blacklist openssh-blacklist-extra
The following NEW packages will be installed:
  openssh-server
0 upgraded, 1 newly installed, 0 to remove and 75 not upgraded.
Need to get 285kB of archives.
After this operation, 782kB of additional disk space will be used.
Get:1 http://ie.archive.ubuntu.com jaunty/main openssh-server 1:5.1p1-5ubuntu1 [
285kB]
Fetched 285kB in 0s (345kB/s)
Preconfiguring packages ...
Selecting previously deselected package openssh-server.
(Reading database ... 101998 files and directories currently installed.)
Unpacking openssh-server (from .../openssh-server_1%3a5.1p1-5ubuntu1_i386.deb) .
..
Processing triggers for ufw ...
Processing triggers for man-db ...
Setting up openssh-server (1:5.1p1-5ubuntu1) ...
Creating SSH2 RSA key; this may take some time ...
Creating SSH2 DSA key; this may take some time ...
 * Restarting OpenBSD Secure Shell server sshd                           [ OK ]

Verifying your SSH server works

While you're still on your local desktop session, you can use the ps command to confirm that SSH daemon (sshd) is running:

ubuntu$ ps -aef | grep sshd
root     24114     1  0 15:18 ?        00:00:00 /usr/sbin/sshd

Now that you see it's there, it's time to try connecting:

ubuntu$ ssh localhost

Since this is the first time you're trying to connect using SSH, you'll have to answer yes to the following question:

The authenticity of host 'localhost (::1)' can't be established.
RSA key fingerprint is 18:4d:96:b3:0d:25:00:c8:a1:a3:84:5c:9f:1c:0d:a5.
Are you sure you want to continue connecting (yes/no)? yes

… you'll then be prompted for your own password (remember, the system treats such connection request as if you were connecting remotely, so it can't trust you without confirming your password):

Warning: Permanently added 'localhost' (RSA) to the list of known hosts.
greys@localhost's password:

.. and finally you'll see the usual Ubuntu (Jaunty in this example) banner and prompt:

Linux ubuntu 2.6.28-11-generic #42-Ubuntu SMP Fri Apr 17 01:57:59 UTC 2009 i686

The programs included with the Ubuntu system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by
applicable law.

To access official Ubuntu documentation, please visit:

http://help.ubuntu.com/

Last login: Fri May 15 15:18:34 2009 from ubuntu
ubuntu$

That's it, providing you have your networking configured and you know your IP address or hostname, you can start connecting to your Ubuntu box from remote systems, using the same command.  Enjoy!

See also:

• Unix commands
• Using apt-get behind proxy
• List installed packages in Ubuntu