System
Hardware | Statistics | Users | Limits | Runlevels | root password | Compile kernel
Running kernel and system information @@ -557,7 +562,7 @@ # sysctl kern.openfiles # How many file descriptors are in use # sysctl kern.ipc.numopensockets # How many open sockets are in use -See The FreeBSD handbook Chapter 11http://www.freebsd.org/handbook/configtuning-kernel-limits.html for details. +See The FreeBSD handbook Chapter 11http://www.freebsd.org/handbook/configtuning-kernel-limits.html for details.Solaris
The following values in/etc/system will increase the maximum file descriptors per proc:
@@ -622,7 +627,7 @@
If, after booting, the root partition is mounted read only, remount it rw:
# mount -o remount,rw / # passwd # or delete the root password (/etc/shadow) -# sync; mount -o remount,ro / # sync before ro remount +# sync; mount -o remount,ro / # sync before to remount read only # reboot@@ -639,7 +644,7 @@ # reboot Alternatively on FreeBSD, boot in single user mode, remount / rw and use passwd. -
# mount -u /; mount -a
+# mount -u /; mount -a # will mount / rw
# passwd
# reboot
@@ -712,8 +717,9 @@
586: old priority 0, new priority -5
Start the process with a defined priority with nice. Positive is "nice" or weak, negative is strong scheduling priority. Make sure you know if /usr/bin/nice or the shell built-in is used (check with # which nice).
-# nice -n 5 top # Weaker priority (/usr/bin/nice) -# nice +5 top # tcsh builtin nice (same as above) +# nice -n -5 top # Stronger priority (/usr/bin/nice) +# nice -n 5 top # Weaker priority (/usr/bin/nice) +# nice +5 top # tcsh builtin nice (same as above!)Background/Foreground
@@ -961,7 +967,7 @@ Nero simply adds a 300Kb header to a normal iso image. This can be trimmed with dd.# dd bs=1k if=imagefile.nrg of=imagefile.iso skip=300Convert a bin/cue image to .iso
-The littlebchunkprogramhttp://freshmeat.net/projects/bchunk/ can do this. It is in the FreeBSD ports in sysutils/bchunk. +The littlebchunkprogramhttp://freshmeat.net/projects/bchunk/ can do this. It is in the FreeBSD ports in sysutils/bchunk.# bchunk imagefile.bin imagefile.cue imagefile.iso@@ -976,11 +982,23 @@ # umount /mnt; mdconfig -d -u 1; rm /usr/vdisk.img # Cleanup the md device
Linux
+# dd if=/dev/zero of=/usr/vdisk.img bs=1024k count=1024
# mkfs.ext3 /usr/vdisk.img
# mount -o loop /usr/vdisk.img /mnt
# umount /mnt; rm /usr/vdisk.img # Cleanup
+Linux with losetup
+/dev/zero is much faster than urandom, but less secure for encryption.
+# dd if=/dev/urandom of=/usr/vdisk.img bs=1024k count=1024 +# losetup /dev/loop0 /usr/vdisk.img # Creates and associates /dev/loop0 +# mkfs.ext3 /dev/loop0 +# mount /dev/loop0 /mnt +# losetup -a # Check used loops +# umount /mnt +# losetup -d /dev/loop0 # Detach +# rm /usr/vdisk.img +
Create a memory file system
A memory based file system is very fast for heavy IO application. How to create a 64 MB partition mounted on /memdisk: @@ -1002,7 +1020,7 @@Network
-Routing | Additional IP | Change MAC | Ports | Firewall | IP Forward | NAT | DNS | DHCP | Traffic | NIS
+Routing | Additional IP | Change MAC | Ports | Firewall | IP Forward | NAT | DNS | DHCP | Traffic | QoS | NIS
Debugging (See also Traffic analysis)
# mii-diag eth0 # Show the link status (Linux) # ifconfig fxp0 # Check the "media" field on FreeBSD @@ -1011,6 +1029,7 @@ # traceroute cb.vu # Print the route path to destination # mii-diag -F 100baseTx-FD eth0 # Force 100Mbit Full duplex (Linux) # ifconfig fxp0 media 100baseTX mediaopt full-duplex # Same for FreeBSD +# netstat -s # System-wide statistics for each network protocol
Routing
@@ -1215,7 +1234,7 @@Traffic analysis
-Bmonhttp://people.suug.ch/~tgr/bmon/ is a small console bandwidth monitor and can display the flow on different interfaces. +Bmonhttp://people.suug.ch/~tgr/bmon/ is a small console bandwidth monitor and can display the flow on different interfaces.Sniff with tcpdump
# tcpdump -nl -i bge0 not port ssh and src \(192.168.16.121 or 192.168.16.54\)
# tcpdump -l > dump && tail -f dump # Buffered output
@@ -1250,6 +1269,61 @@
Uptime 33.120 days (since Fri Aug 31 11:41:04 2007)
+Traffic control (QoS)
+Traffic control manages the queuing, policing, scheduling, and other traffic parameters for a network. The following examples are simple practical uses of the Linux and FreeBSD capabilities to better use the available bandwidth. +Limit upload
+DSL or cable modems have a long queue to improve the upload throughput. However filling the queue with a fast device (e.g. ethernet) will dramatically decrease the interactivity. It is therefore useful to limit the device upload rate to match the physical capacity of the modem, this should greatly improve the interactivity. Set to about 90% of the modem maximal (cable) speed. +Linux
+For a 512 Kbit upload modem. +# tc qdisc add dev eth0 root tbf rate 480kbit latency 50ms burst 1540 +# tc -s qdisc ls dev eth0 # Status +# tc qdisc del dev eth0 root # Delete the queue +# tc qdisc change dev eth0 root tbf rate 220kbit latency 50ms burst 1540 ++
FreeBSD
+FreeBSD uses thedummynet traffic shaper which is configured with ipfw. Pipes are used to set limits the bandwidth in units of [K|M]{bit/s|Byte/s}, 0 means unlimited bandwidth. Using the same pipe number will reconfigure it. For example limit the upload bandwidth to 500 Kbit.
++# kldload dummynet # load the module if necessary +# ipfw pipe 1 config bw 500Kbit/s # create a pipe with limited bandwidth +# ipfw add pipe 1 ip from me to any # divert the full upload into the pipe ++
Quality of service
+Linux
+Priority queuing withtc to optimize VoIP. See the full example on voip-info.org or www.howtoforge.com. Suppose VoIP uses udp on ports 10000:11024 and device eth0 (could also be ppp0 or so). The following commands define the QoS to three queues and force the VoIP traffic to queue 1 with QoS 0x1e (all bits set). The default traffic flows into queue 3 and QoS Minimize-Delay flows into queue 2.
+# tc qdisc add dev eth0 root handle 1: prio priomap 2 2 2 2 2 2 2 2 1 1 1 1 1 1 1 0 +# tc qdisc add dev eth0 parent 1:1 handle 10: sfq +# tc qdisc add dev eth0 parent 1:2 handle 20: sfq +# tc qdisc add dev eth0 parent 1:3 handle 30: sfq +# tc filter add dev eth0 protocol ip parent 1: prio 1 u32 \ + match ip dport 10000 0x3C00 flowid 1:1 # use server port range + match ip dst 123.23.0.1 flowid 1:1 # or/and use server IP ++Status and remove with +
# tc -s qdisc ls dev eth0 # queue status +# tc qdisc del dev eth0 root # delete all QoS ++
Calculate port range and mask
+The tc filter defines the port range with port and mask which you have to calculate. Find the 2^N ending of the port range, deduce the range and convert to HEX. This is your mask. Example for 10000 -> 11024, the range is 1024. +# 2^13 (8192) < 10000 < 2^14 (16384) # ending is 2^14 = 16384 +# echo "obase=16;(2^14)-1024" | bc # mask is 0x3C00 ++ +
FreeBSD
+The max link bandwidth is 500Kbit/s and we define 3 queues with priority 100:10:1 for VoIP:ssh:all the rest. +# ipfw pipe 1 config bw 500Kbit/s +# ipfw queue 1 config pipe 1 weight 100 +# ipfw queue 2 config pipe 1 weight 10 +# ipfw queue 3 config pipe 1 weight 1 +# ipfw add 10 queue 1 proto udp dst-port 10000-11024 +# ipfw add 11 queue 1 proto udp dst-ip 123.23.0.1 # or/and use server IP +# ipfw add 20 queue 2 dsp-port ssh +# ipfw add 30 queue 3 from me to any # all the rest ++Status and remove with +
# ipfw list # rules status +# ipfw pipe list # pipe status +# ipfw flush # deletes all rules but default +
NIS Debugging
Some commands which should work on a well configured NIS client:# ypwhich # get the connected NIS server name @@ -1299,7 +1373,7 @@ Notice: We used a DSA key, RSA is also possible. The key is not protected by a password.Using putty for Windows
-Puttyhttp://www.chiark.greenend.org.uk/~sgtatham/putty/download.html is a simple and free ssh client for Windows. +Puttyhttp://www.chiark.greenend.org.uk/~sgtatham/putty/download.html is a simple and free ssh client for Windows.
- Create a key pair with the puTTYgen program.
- Save the public and private keys (for example into C:\Documents and Settings\%USERNAME%\.ssh). @@ -1333,12 +1407,12 @@ # scp -r joe@host-two:/www /www/tmp In Konqueror or Midnight Commander it is possible to access a remote file system with the address fish://user@gate. However the implementation is very slow.
-Furthermore it is possible to mount a remote folder with sshfs a file system client based on SCP. See fuse sshfshttp://fuse.sourceforge.net/sshfs.html. +Furthermore it is possible to mount a remote folder with sshfs a file system client based on SCP. See fuse sshfshttp://fuse.sourceforge.net/sshfs.html.
Tunneling
-SSH tunneling allows to forward or reverse forward a port over the SSH connection, thus securing the traffic and accessing ports which would otherwise be blocked. This only works with TCP. The general nomenclature for forward and reverse is: +SSH tunneling allows to forward or reverse forward a port over the SSH connection, thus securing the traffic and accessing ports which would otherwise be blocked. This only works with TCP. The general nomenclature for forward and reverse is (see also ssh and NAT example):# ssh -L localport:desthost:destport user@gate # desthost as seen from the gate -# ssh -R remoteport:localhost:localport user@gate +# ssh -R destport:desthost:localport user@gate # forwards your localport to destination # ssh -X user@gate # To force X forwardingThis will connect to gate and forward the local port to the host desthost:destport. Note desthost is the destination host as seen by the gate, so if the connection is to the gate, then desthost is localhost. More than one port forward is possible. @@ -1373,14 +1447,14 @@
Connect two clients behind NAT
+Connect two clients behind NAT
Suppose two clients are behind a NAT gateway and client cliadmin has to connect to client cliuser (the destination), both can login to the gate with ssh and are running Linux with sshd. You don't need root access anywhere as long as the ports on gate are above 1024. We use 2022 on gate. Also since the gate is used locally, the option GatewayPorts is not necessary.On client cliuser (from destination to gate): -
# ssh -R 2022:localhost:22 user@gate+
# ssh -R 2022:localhost:22 user@gate # forwards client 22 to gate:2022
On client cliadmin (from host to gate):
-# ssh -L 3022:localhost:2022 admin@gate+
# ssh -L 3022:localhost:2022 admin@gate # forwards client 3022 to gate:2022
Now the admin can connect directly to the client cliuser with:
-# ssh -p 3022 admin@localhost+
# ssh -p 3022 admin@localhost # local:3022 -> gate:2022 -> client:22
Connect to VNC behind NAT
Suppose a Windows client with VNC listening on port 5900 has to be accessed from behind NAT. @@ -1392,7 +1466,6 @@# vncconnect -display :0 localhost
VPN with SSH
As of version 4.3, OpenSSH can use the tun/tap device to encrypt a tunnel. This is very similar to other TLS based VPN solutions like OpenVPN. One advantage with SSH is that there is no need to install and configure additional software. Additionally the tunnel uses the SSH authentication like pre shared keys. The drawback is that the encapsulation is done over TCP which might result in poor performance on a slow link. Also the tunnel is relying on a single (fragile) TCP connection. This technique is very useful for a quick IP based VPN setup. There is no limitation as with the single TCP port forward, all layer 3/4 protocols like ICMP, TCP/UDP, etc. are forwarded over the VPN. In any case, the following options are needed in the sshd_conf file:PermitRootLogin yes
@@ -1467,7 +1540,6 @@
gateA># sysctl net.inet.ip.fw.enable=1
The two private networks are now transparently connected via the SSH VPN. The IP forward and NAT settings are only necessary if the gates are not the default gateways. In this case the clients would not know where to forward the response, and nat must be activated.
-
RSYNC
@@ -1502,7 +1574,7 @@Rsync on Windows
-Rsync is available for Windows through cygwin or as stand-alone packaged in cwrsynchttp://sourceforge.net/projects/sereds. This is very convenient for automated backups. Install one of them (not both) and add the path to the Windows system variables: # Control Panel -> System -> tab Advanced, button Environment Variables. Edit the "Path" system variable and add the full path to the installed rsync, e.g. C:\Program Files\cwRsync\bin or C:\cygwin\bin. This way the commandsrsync and ssh are available in a Windows command shell.
+Rsync is available for Windows through cygwin or as stand-alone packaged in cwrsynchttp://sourceforge.net/projects/sereds. This is very convenient for automated backups. Install one of them (not both) and add the path to the Windows system variables: # Control Panel -> System -> tab Advanced, button Environment Variables. Edit the "Path" system variable and add the full path to the installed rsync, e.g. C:\Program Files\cwRsync\bin or C:\cygwin\bin. This way the commands rsync and ssh are available in a Windows command shell.
Public key authentication
Rsync is automatically tunneled over SSH and thus uses the SSH authentication on the server. Automatic backups have to avoid a user interaction, for this the SSH public key authentication can be used and the rsync command will run without a password.All the following commands are executed within a Windows console. In a console (Start -> Run -> cmd) create and upload the key as described in SSH, change "user" and "server" as appropriate. If the file authorized_keys2 does not exist yet, simply copy id_dsa.pub to authorized_keys2 and upload it. @@ -1551,7 +1623,6 @@
# cat /etc/sudoers # Host aliases are subnets or hostnames. Host_Alias DMZ = 212.118.81.40/28 -Host_Alias PRIVATE = 10.0.10.0/24, dusk, pbxde, nightowl Host_Alias DESKTOP = work1, work2 # User aliases are a list of users which can have the same rights @@ -1561,9 +1632,7 @@ # Command aliases define the full path of a list of commands Cmnd_Alias SYSTEM = /sbin/reboot,/usr/bin/kill,/sbin/halt,/sbin/shutdown,/etc/init.d/ -Cmnd_Alias USERS = /usr/sbin/adduser [A-z]*,/usr/sbin/userdel -r [A-z]* Cmnd_Alias PW = /usr/bin/passwd [A-z]*, !/usr/bin/passwd root # Not root pwd! -Cmnd_Alias NETWORK = /sbin/route,/sbin/ifconfig Cmnd_Alias DEBUG = /usr/sbin/tcpdump,/usr/bin/wireshark,/usr/bin/nmap
# The actual rules root,ADMINS ALL = (ALL) NOPASSWD: ALL # ADMINS can do anything w/o a password. @@ -1571,7 +1640,7 @@ DEVEL DMZ = (ALL) NOPASSWD: DEBUG # Developers can debug the DMZ servers. # User sysadmin can mess around in the DMZ servers with some commands. -sysadmin DMZ = (ALL) NOPASSWD: SYSTEM,NETWORK,PW,DEBUG +sysadmin DMZ = (ALL) NOPASSWD: SYSTEM,PW,DEBUG sysadmin ALL,!DMZ = (ALL) NOPASSWD: ALL # Can do anything outside the DMZ. %dba ALL = (DBA) ALL # Group dba can run as database user. @@ -1605,6 +1674,90 @@
Encrypt Partitions
+Linux with LUKS | Linux dm-crypt only | FreeBSD GELI | FBSD pwd only
+There are (many) other alternative methods to encrypt disks, I only show here the methods I know and use. Keep in mind that the security is only good as long the OS has not been tempered with. An intruder could easily record the password from the keyboard events. Furthermore the data is freely accessible when the partition is attached and will not prevent an intruder to have access to it in this state. +Linux
+Those instructions use the Linuxdm-crypt (device-mapper) facility available on the 2.6 kernel. In this example, lets encrypt the partition /dev/sdc1, it could be however any other partition or disk, or USB or a file based partition created with losetup. In this case we would use /dev/loop0. See file image partition. The device mapper uses labels to identify a partition. We use sdc1 in this example, but it could be any string.
+dm-crypt with LUKS
+LUKS with dm-crypt has better encryption and makes it possible to have multiple passphrase for the same partition or to change the password easily. To test if LUKS is available, simply type# cryptsetup --help, if nothing about LUKS shows up, use the instructions below Without LUKS. First create a partition if necessary: fdisk /dev/sdc.
+Create encrypted partition
+# dd if=/dev/urandom of=/dev/sdc1 # Optional. For paranoids only (takes days) +# cryptsetup -y luksFormat /dev/sdc1 # This destroys any data on sdc1 +# cryptsetup luksOpen /dev/sdc1 sdc1 +# mkfs.ext3 /dev/mapper/sdc1 # create ext3 file system +# mount -t ext3 /dev/mapper/sdc1 /mnt +# umount /mnt +# cryptsetup luksClose sdc1 # Detach the encrypted partition+
Attach
+# cryptsetup luksOpen /dev/sdc1 sdc1 +# mount -t ext3 /dev/mapper/sdc1 /mnt+
Detach
+# umount /mnt +# cryptsetup luksClose sdc1 ++
dm-crypt without LUKS
+# cryptsetup -y create sdc1 /dev/sdc1 # or any other partition like /dev/loop0 +# dmsetup ls # check it, will display: sdc1 (254, 0) +# mkfs.ext3 /dev/mapper/sdc1 # This is done only the first time! +# mount -t ext3 /dev/mapper/sdc1 /mnt +# umount /mnt/ +# cryptsetup remove sdc1 # Detach the encrypted partition ++Do exactly the same (without the mkfs part!) to re-attach the partition. If the password is not correct, the mount command will fail. In this case simply remove the map sdc1 (
cryptsetup remove sdc1) and create it again.
+FreeBSD
+The two popular FreeBSD disk encryption modules aregbde and geli. I now use geli because it is faster and also uses the crypto device for hardware acceleration. See The FreeBSD handbook Chapter 18.6http://www.freebsd.org/handbook/disks-encrypting.html for all the details. The geli module must be loaded or compiled into the kernel:
+options GEOM_ELI +device crypto # or as module: +# echo 'geom_eli_load="YES"' >> /boot/loader.conf # or do: kldload geom_eli ++
Use password and key
+I use those settings for a typical disk encryption, it uses a passphrase AND a key to encrypt the master key. That is you need both the password and the generated key/root/ad1.key to attach the partition. The master key is stored inside the partition and is not visible. See below for typical USB or file based image.
+Create encrypted partition
++# dd if=/dev/random of=/root/ad1.key bs=64 count=1 # this key encrypts the mater key +# geli init -s 4096 -K /root/ad1.key /dev/ad1 # -s 8192 is also OK for disks +# geli attach -k /root/ad1.key /dev/ad1 # DO make a backup of /root/ad1.key +# dd if=/dev/random of=/dev/ad1.eli bs=1m # Optional and takes a long time +# newfs /dev/ad1.eli # Create file system +# mount /dev/ad1.eli /mnt ++
Attach
+# geli attach -k /root/ad1.key /dev/ad1
+# fsck -ny -t ffs /dev/ad1.eli # In doubt check the file system
+# mount /dev/ad1.eli /mnt
+
+Detach
+The detach procedure is done automatically on shutdown. +# umount /mnt +# geli detach /dev/ad1.eli ++
/etc/fstab
+The encrypted partition can be configured to be mounted with /etc/fstab. The password will be prompted when booting. The following settings are required for this example: +# grep geli /etc/rc.conf +geli_devices="ad1" +geli_ad1_flags="-k /root/ad1.key" +# grep geli /etc/fstab +/dev/ad1.eli /home/private ufs rw 0 0 ++
Use password only
+It is more convenient to encrypt a USB stick or file based image with a passphrase only and no key. In this case it is not necessary to carry the additional key file around. The procedure is very much the same as above, simply without the key file. Let's encrypt a file based image/cryptedfile of 1 GB.
+# dd if=/dev/zero of=/cryptedfile bs=1M count=1000 # 1 GB file +# mdconfig -at vnode -f /cryptedfile +# geli init /dev/md0 # encrypts with password only +# geli attach /dev/md0 +# newfs -U -m 0 /dev/md0.eli +# mount /dev/md0.eli /mnt +# umount /dev/md0.eli +# geli detach md0.eli ++It is now possible to mount this image on an other system with the password only. +
# mdconfig -at vnode -f /cryptedfile +# geli attach /dev/md0 +# mount /dev/md0.eli /mnt ++
SSL Certificates
So called SSL/TLS certificates are cryptographic public key certificates and are composed of a public and a private key. The certificates are used to authenticate the endpoints and encrypt the data. They are used for example on a web server (https) or mail server (imaps).Procedure
@@ -1711,10 +1864,17 @@ ^D # Use [Control][D] to quit the edit # cvs commit # Commit all the configuration changes -Add a readers file if you want to differentiate read and write permissions Note: Do not (ever) edit files directly into the main cvs, but rather checkout the file, modify it and check it in. We did this with the file writers to define the write access. +Add a readers file if you want to differentiate read and write permissions Note: Do not (ever) edit files directly into the main cvs, but rather checkout the file, modify it and check it in. We did this with the file writers to define the write access.+There are three popular ways to access the CVS at this point. The first two don't need any further configuration. See the examples on CVSROOT below for how to use them: + +
-
+
- Direct local access to the file system. The user(s) need sufficient file permission to access the CS directly and there is no further authentication in addition to the OS login. However this is only useful if the repository is local. +
- Remote access with ssh with the ext protocol. Any use with an ssh shell account and read/write permissions on the CVS server can access the CVS directly with ext over ssh without any additional tunnel. There is no server process running on the CVS for this to work. The ssh login does the authentication. +
- Remote access with pserver. This is the preferred use for larger user base as the users are authenticated by the CVS pserver with a dedicated password database, there is therefore no need for local users accounts. This setup is explained below. +
Network setup with inetd
-The CVS can be run locally only if a network access is not needed. For a remote access, the daemon inetd can be used with the following line in /etc/inetd.conf (/etc/xinetd.d/cvs on SuSE): +The CVS can be run locally only if a network access is not needed. For a remote access, the daemon inetd can start the pserver with the following line in /etc/inetd.conf (/etc/xinetd.d/cvs on SuSE):cvspserver stream tcp nowait cvs /usr/bin/cvs cvs \ --allow-root=/usr/local/cvs pserver@@ -1741,12 +1901,15 @@ -
CVSROOT variable
-This is an environment variable used to specify the location of the repository we're doing operations on. For local use, it can be just set to the directory of the repository. For use over the network, it must be of the form: +CVSROOT variable
+This is an environment variable used to specify the location of the repository we're doing operations on. For local use, it can be just set to the directory of the repository. For use over the network, the transport protocol must be specified. Set the CVSROOT variable withsetenv CVSROOT string on a csh, tcsh shell, or with export CVSROOT=string on a sh, bash shell.
# setenv CVSROOT :pserver:<username>@<host>:/cvsdirectory For example: # setenv CVSROOT /usr/local/cvs # Used locally only -# setenv CVSROOT :pserver:colin@192.168.50.254:/usr/local/cvs # Used over the network +# setenv CVSROOT :local:/usr/local/cvs # Same as above +# setenv CVSROOT :ext:user@cvsserver:/usr/local/cvs # Direct access with SSH +# setenv CVS_RSH ssh # for the ext access +# setenv CVSROOT :pserver:user@cvsserver.254:/usr/local/cvs # network with pserverWhen the login succeeded one can import a new project into the repository: cd into your project root directory @@ -1814,7 +1977,7 @@
SVN
Server setup | SVN+SSH | SVN over http | SVN usage
-Subversion (SVN)http://subversion.tigris.org/ is a version control system designed to be the successor of CVS (Concurrent Versions System). The concept is similar to CVS, but many shortcomings where improved. See also the SVN bookhttp://svnbook.red-bean.com/en/1.4/. +Subversion (SVN)http://subversion.tigris.org/ is a version control system designed to be the successor of CVS (Concurrent Versions System). The concept is similar to CVS, but many shortcomings where improved. See also the SVN bookhttp://svnbook.red-bean.com/en/1.4/.Server setup
The initiation of the repository is fairly simple (here for example/home/svn/ must exist):
# svnadmin create --fs-type fsfs /home/svn/project1@@ -1870,7 +2033,7 @@
SVN commands and usage
-See also the Subversion Quick Reference Cardhttp://www.cs.put.poznan.pl/csobaniec/Papers/svn-refcard.pdf. Tortoise SVNhttp://tortoisesvn.tigris.org is a nice Windows interface. +See also the Subversion Quick Reference Cardhttp://www.cs.put.poznan.pl/csobaniec/Papers/svn-refcard.pdf. Tortoise SVNhttp://tortoisesvn.tigris.org is a nice Windows interface.Import
A new project, that is a directory with some files, is imported into the repository with theimport command. Import is also used to add a directory with its content to an existing project.
# svn help import # Get help for any command
@@ -2164,7 +2327,7 @@
Without the -f option, iconv will use the local char-set, which is usually fine
if the document displays well.
-Unix ↔ DOS newlines
+Unix - DOS newlines
Convert DOS (CR/LF) to Unix (LF) newlines within a Unix shell. See alsodos2unix and unix2dos if you have them.
# sed 's/.$//' dosfile.txt > unixfile.txt@@ -2292,6 +2455,15 @@ Here is "secret" the mysql root password, there is no space after -p. When the -p option is used alone (w/o password), the password is asked at the command prompt.
SQLite
+SQLitehttp://www.sqlite.org is a small powerfull self-contined, serverless, zero-configuration SQL database. +Dump and restore
+It can be useful to dump and restore an SQLite database. For example you can edit the dump file to change a column attribute or type and then restore the database. This is easier than messing with SQL commands. Use the commandsqlite3 for a 3.x database.
+# sqlite database.db .dump > dump.sql # dump +# sqlite database.db < dump.sql # restore ++
Convert 2.x to 3.x database
+sqlite database_v2.db .dump | sqlite3 database_v3.db
Disk Quota
A disk quota allows to limit the amount of disk space and/or the number of files a user or (or member of group) can use. The quotas are allocated on a per-file system basis and are enforced by the kernel. @@ -2506,8 +2678,7 @@Bourne script example
As a small example, the script used to create a PDF booklet from this xhtml document: --#!/bin/sh +#!/bin/sh # This script creates a book in pdf format ready to print on a duplex printer if [ $# -ne 1 ]; then # Check the argument echo 1>&2 "Usage: $0 HtmlFile" @@ -2562,6 +2733,9 @@ x = (y > z) ? y : z; /* if (y > z) x = y; else x = z; */ int a[]={0,1,2}; /* Initialized array (or a[3]={0,1,2}; */ int a[2][3]={{1,2,3},{4,5,6}}; /* Array of array of ints */ +int i = 12345; /* Convert in i to char str */ +char str[10]; +sprintf(str, "%d", i);C example
A minimal c program simple.c: @@ -2662,16 +2836,19 @@+ Success, CVS operation completedOnline Help
Documentation
-
- Linux Documentation en.tldp.org - Linux Man Pages www.linuxmanpages.com - FreeBSD Handbook www.freebsd.org/handbook - FreeBSD Man Pages www.freebsd.org/cgi/man.cgi + Solaris Man Pages docs.sun.com/app/docs/coll/40.10 + Linux Documentation en.tldp.org + Linux Man Pages www.linuxmanpages.com + Linux commands directory www.oreillynet.com/linux/cmd + Linux doc man howtos linux.die.net + FreeBSD Handbook www.freebsd.org/handbook + FreeBSD Man Pages www.freebsd.org/cgi/man.cgi + FreeBSD user wiki www.freebsdwiki.net Solaris Man Pages docs.sun.com/app/docs/coll/40.10 Other Unix/Linux references
@@ -2679,13 +2856,13 @@
- Rosetta Stone for Unix bhami.com/rosetta.html (a Unix command translator) + Unix guide cross reference unixguide.net/unixguide.shtml Unix guide cross reference unixguide.net/unixguide.shtml Linux commands line list www.linuxguide.it/commands_list.php Short Linux reference www.pixelbeat.org/cmdline.html That's all folks!
-