Linux+ Certification Cram

Planning the Implementation

The Parts

The term Linux actually refers to the Kernel, which is the operating system itself. Software that runs on top of the Kernel is called an application, and includes items like web servers and mail clients. Since collecting all the appropriate software needed to make a Linux installation useful (shells, administration tools, etc.) is a time consuming task, Distributions are made that package the Linux kernel, and relevant software and applications. Examples of distributions are RedHat, Debian, Mandrake, and Corel Linux.

Determining Requirements

Linux owes its versatility to the wide availability of software that runs on it. Understanding what software to use to solve what problem is key to maximizing the utility of Linux.

  • Web server – Apache ( is the most popular web server
  • Web proxy – To better control web usage and to allow for caching of frequently accessed pages, Squid ( is used.
  • File Sharing – Linux can be made to look like an NT server with respect to file and print sharing. Samba ( is the software that does this.
  • Email – Linux excels at handling email. Sendmail ( is the most widely used Mail Transfer Agent (MTA). Qmail ( and PostFix ( are alternatives. Regardless of your choice, a basic knowledge of Sendmail is required both for the exam, and for everyday work.
  • DNS – The Domain Name Service provides mappings between names and IP addresses, along with distributing network information (i.e., mail servers). BIND ( is the most widely used name server.
  • X-Windows – XFree86 ( is the GUI system common to most Linux installations, though there are some commercial X versions that support more esoteric hardware. It provides the framework to build graphical applications. More information on the use and functionality of X is provided later.

Though there are always several software packages to solve the same problem, using the more popular one is usually the best choice because more support exists. Once you become familiar with the operation of the product, using the other packages will be made easier.

With the exception of some commercial products, the source code for all Linux applications is readily available. This increases the platforms that can run Linux, since most software just needs to be compiled to work. Currently, Linux runs on x86, Alpha, SPARC, PowerPC, and MIPS processors, among many others. Choosing the appropriate platform is usually a matter of sizing up the application, and determining the cost of various alternatives.

Most mainstream hardware is supported under Linux. Since the majority of device drivers are written by Linux users, the more popular the device the more likely there is a driver. Linux vendors tend to distribute a list of supported hardware:

The various portions of software, including the kernel and distributions themselves, can be licensed under one of several methods:

  • Commercial – like Microsoft Windows, you own the right to use the software. In the Linux world, this is rare.
  • GPL ( The GNU Public License – The basis of the GPL is that the source code must be readily available to the user, at no charge (other than media and handling). Furthermore, any additions to, or inclusions of GPL’ed software falls, under the GPL.
  • BSD – The BSD license is much like the GPL except that it does not place heavy restrictions on the redistribution of source or any modifications.
  • Freeware – The author retains any source and is under no obligation to release it. There is no charge, though, for use of the software.

Software, where the source is freely available, is said to be open sourced. Closed source software is thus software where the source is not freely available.

Software can be distributed in source or binary form. Where it is in source form, instructions are usually given to compile it, or a Makefile (script file of computer instructions to build the binary version) is provided.

Binary distributions usually take one of three forms. A tarball is a compressed collection of software, much like a .zip file. The term takes its name from the utility, tar, used to bunch the files into one file, which is then compressed. This form of binary distribution is also used to distribute source. It has the limitation that it cannot carry any dependency information (i.e., you will need the ABC library to run), nor can it execute any instructions (such as creating users for you). The Slackware distribution uses this form, though it will look for the presence of certain scripts within the tarball to be executed. Furthermore, there is no easy way to go back and determine what package a file belongs to.

RPM stands for the RedHat Package Manager, and is the packaging of choice for many distributions. It carries dependency information, and keeps information on what files belong to what package. DEB is the package management system used by Debian distributions. It is much like RedHat, except that it takes care of dependencies more effectively. Use of either one of these makes upgrades easier, since files can be designated as configuration files to be left alone. Old libraries can then be removed, rather than the tarball method, where there would be multiple copies.

Kernel Versioning

The Linux kernel is constantly under development. To keep track of versions, a simple system has been put in place. Versions consist of three integers, separated by periods, i.e., 2.4.2. The first digit is the major number, while the second is the minor. The last is the patch level. Thus, 2.4.0 is the initial release of the 2.4 kernel, with the next upgrade being 2.4.1. The second digit is also important in that it determines whether or not the kernel is a development or stable kernel. If it is odd, it is in development. Both the stable and development kernels will have releases at various intervals. Once 2.4 (as of the time of this writing, it is the current stable stream) goes into a feature freeze, it will be branched out into 2.5. Though minor development (bug fixes, minor updates to drivers) will continue, major reconstruction will be going on in 2.5. Once 2.5 is at a release state, it will be released as 2.6.0 and the process will continue.

Benefits of Using Linux

Linux is a powerful, modular operating system that is free of the licensing restrictions that burdens many of its competitors. It can support multiple users, works on standard or enterprise hardware, and has a wide variety of software available, from desktop productivity software to Internet servers. The open nature of all the software ensures that bugs can be found and fixed by anyone with the right skills, rather than being constrained by a vendor’s schedule.


Each distribution of Linux has a different installation procedure, though there are many commonalities.

Source Location

One critical item to determine is where you plan on storing the distribution itself. If only one computer is to be installed, it may be easiest to store it on a CD and install from there. However, if several computers are involved, a network-based installation may be preferred.

The first method is called a local installation, which usually employs a CD, though the image may already be on the hard drive (usually on a DOS partition). The second, network based installation, has four possible sources; namely, HTTP, FTP, SMB, and NFS (note that not all distributions support all of these methods). Your choice will depend on the server that is storing the image. SMB would be used if a Windows machine hosts the image, NFS if you are already in a UNIX shop, and FTP/HTTP if you decide to install from a remote site (i.e., your local distribution mirror).

Boot Disk

Common to all methods is the need for a boot disk (though the CD itself may be bootable). This disk boots into a stripped down version of Linux that is used to guide the user through the installation. If you cannot boot off the CD, or are doing a hard drive or network install, you will have to locate the images directory on the source. As all distributions are different, this may be difficult. With RedHat, this is in the root directory of the CD in a directory called images. There are multiple files, but boot.img and bootnet.img are the main ones. As their name may imply, boot.img is used for local installations, while bootnet.img allows for network-based installations. Once you have the appropriate image, you can copy it to a floppy disk from DOS with the rawrite.exe utility (almost always provided on the CD). You will need to know the name of the image, and the device you are copying to (usually a:). If you already have a UNIX machine handy, you can use the dd command.

dd if=imagename of=/dev/fd0

will copy imagename to the first floppy drive (a:). Once this floppy is created, you can boot off of it to begin the installation.

Installation Options

One important thing to know before starting a Linux installation is your hardware. Know your model of video card, how much hard drive space to allocate to Linux, any ISA devices and their IRQ/DMA/port settings, and what port your mouse and/or modem are on.


Many distributions allow you to speed the installation by defining a role for your machine, such as Workstation or Server. Choosing one of these preselects the packages to install, and may influence the partitioning of your drives. For beginners, these selections save time, but, as you gain experience, you may want to choose a custom installation.


While Windows tends to rely on drive letters (C:, D:, etc.), Unix has a single filesystem concept. To the system, multiple drives combine into one by mounting (or attaching) to a particular point on the filesystem. This practice allows for easier expansion, since applications do not have to be reconfigured, and, in the event of corruption, limits the extent of damage.

At the very minimum, you will need two partitions for your system — root (/) and swap. For performance reasons, Linux likes to have swap on its own partition. In practice, you will have multiple partitions:

Name Min Size Usage
Swap 128M Virtual RAM — stores inactive memory to disk until it is later used
/ 250M Root filesystem, includes basic libraries, programs, and configuration
/var 250M Logs, spool files, lock files. For files that change frequently, hence the name
/usr 500M+ Most applications go here
/boot 16M Kernels get stored here, used to overcome BIOS limitations during the boot sequence
/home 500M+ Home directories of users, including user specific configuration and data

The size of the swap file usually varies between a factor of 1-2 times the amount of physical memory. There are situations (databases, mainly), where increased swap is desired, but the 1-2 times, or a round number like 128M, is good.

Partitions like /usr and /home tend to fill up quickly, so if you have extra space it should be put there. Depending on the function of a server, extra space could go to other partitions. For example, a mail server might have little need for a /home partition, but would want lots of space in /var to store all the mail. Likewise, a file server would not have many binaries in /bin, but its /home might be heavily used.


The flexibility of UNIX allows a system to have different types of filesystems on the same computer, each mounted on its own partition. For example, a fault tolerant filesystem may be appropriate for /home, but a faster one, with less overhead, may be better for /usr.

ext2 is the standard filesystem for Linux. It offers good performance, and is stable, but does not take well to abrupt shutdowns. ReiserFS is a recent addition to the kernel tree, and is called a journaling filesystem. Each write to the drive is written to a logfile, so if the system is shutdown uncleanly, all the transactions can simply be replayed instead of having to reconstruct missing information, as in ext2. Performance is surprisingly good, as it makes excellent use of space on a filesystem with small files.

Security Options

During the installation, you will be prompted for many security settings. The first is likely a choice of authentication methods. Shadowed passwords are an option, and should always be used. Since UNIX stores the password as a hash (one way encrypted), an attacker could try to encrypt common passwords to see if any match up to the hashes. Shadowing the password file makes these hashes much harder to obtain. Using MD5 means that the hashing algorithm is much stronger, though this may cause compatibility issues when connecting to other Unix systems.

In a networked environment, a central password server makes sense, much like NT’s domain structure. The traditional way of doing this is via NIS, the Network Information Service. If you have a NIS server you can put it in at this time and you will be able to share the password database. Other methods of authentication include LDAP (Lightweight Directory Access Protocol) and Kerberos (a system created at MIT employing strong cryptography). Your network administrator will know which method is in use at your site. When in doubt, select the local option, and reconfigure later.

You will also be prompted for a root password. The root account is the administrator of the system: it can do anything. You will use this account to create other accounts, clean up filesystems, and perform other maintenance tasks. It is important that this password be kept secure.

Most modern distributions will now give you the opportunity to create a user account. User accounts, having less privileges, should be used whenever possible. The root account should be used only when needed.


If you have selected to install the X-Windows system, you will be required to supply information about your computer and video equipment. Having this information handy before you begin will make the installation easier. You will need to know the model of video card, amount of RAM on it, and your monitor’s horizontal and vertical refresh capabilities.

You may also be given a choice, depending on the distribution, between KDE and GNOME. Both are functionally similar, so the choice is mostly aesthetic. It is wise to learn the basic usage of both of them.

Boot Loader

The Linux Loader, or LILO for short, is used to boot the Linux operating system. During the install phase, you will be asked for some details about how LILO will be configured. First, you will have to decide if LILO is to be placed in the master boot record (MBR), or the first sector of the boot partition. Usually, the first option should be selected, unless you have extra software used to manage large hard drives, in which the second option should be used.

One of the next things you will have to answer is if you wish to boot any other operating systems. LILO, the flexible software that it is, can boot Windows operating systems on your behalf. If you wish to do this, then specify the partition that the other operating system is on.

Another option you will have to choose is if you wish to pass anything to the kernel. Your distribution will likely make suggestions. Otherwise, this can be left blank.

More configuration options are presented in the next chapter.


By default, the kernel will come with most drivers compiled as modules, meaning they take up no resources until they are loaded in. If you have the need to add a driver that isn’t built, or if your vendor supplies the driver in source form, you will likely need to rebuild your kernel. Another reason you may need to do this is when you need a later version of Linux than is supplied with your distribution (i.e., for added functionality).


Network Settings


Before configuring the network settings for a computer, ensure you have the proper information handy, such as the IP address, gateway, and DNS servers, unless you are using DHCP.

The network information is most easily configured from netconfig or linuxconf. Netconfig presents a simple screen as shown below.

Linuxconf allows you to enter the same information, along with more specific details such as extra routes, under the Config->Networking->Client tasks menu. You will likely use netconfig to get a machine started, and use linuxconf to make any minor changes later.


Dialup connections are configured from rp3-config, an X11 wizard that will walk you through the setup. It will discover your modem, or prompt you for the location if it can’t find it. It will also need to know the phone number, and user account information of your ISP. From rp3-config, you can choose the dial option to initiate the connection. For more information on the rp3 system, and an alternate (Kppp), see


There are two main methods to configure X Windows. The first is with the XF86Setup command, which is a text-based program that asks you to select your hardware from several lists. It is not very user-friendly, which is why Xconfigurator was developed. Xconfigurator will attempt to auto-detect your hardware, and integrates testing into the procedure (XF86Setup will create the configuration for you, but if a setting is wrong you have to go through the whole program again). Typing in either of the above commands, as root, will start the process. For either method, it is helpful to have your monitor manual and video card manual handy, since you may have to look up frequencies and different options.

There is a third, but very difficult, method of configuring X, involves editing the XF86Config file in either /etc or /etc/X11. The settings may be tweaked by this method after one of the automated processes have run, but to generate a new XF86Config file would be time consuming.

Internet Services


Most Internet services are run from a process called inetd. Inetd listens on behalf of a service, and, upon a connection, it spawns the service and passes over control. This is done to reduce the resources required to have all the daemons stay active and listen themselves.

Inetd is controlled out of /etc/inetd.conf. A typical line looks like

ftp stream tcp nowait root /usr/sbin/tcpd in.ftpd -l -a

The key elements here are the first field, which defines the port, number, in this case FTP (21). A list of the service-number mappings can be found in /etc/services. Column five dictates the user that the service will run under. Columns six and on are used to tell inetd how to start up the daemon. Column six is the daemon to run, and seven and on are the arguments. In this example, /usr/sbin/tcpd, the TCP wrappers, are being run, and are passed in.ftpd -l -a. tcpd then uses the arguments to run the program after performing security checks. If in.ftpd was to be run directly, column six would be /usr/sbin/in.ftpd.

To disable a service, comment out its line by putting a hash symbol (#) in front of the line. After restarting inetd (killall -HUP inetd), the service will no longer be active.

Most services run out of inetd are run through the TCP Wrappers (/usr/sbin/tcpd) in order to provide restrictions based on IP address. /etc/hosts.allow and /etc/hosts.deny control this. The form of a line in those files is

service: address1, address2, etc.

where service is the name of the daemon (i.e., in.ftpd for the FTP daemon configured above), or ALL for everything. A secure system would have ALL:ALL in hosts.deny, and would then permit access on a fine-grained level in hosts.allow. To permit FTP from anywhere, and SSH from the network, hosts.allow would have

in.ftpd: ALL

sshd: 10.

A more detailed examination of these files is in the hosts_access(5) man page.


FTP is a service that is usually run out of inetd. Most distributions include the WUFTP daemon, which is configured in /etc/ftpaccess. The best reference for this is the ftpaccess(5) man page (man ftpaccess). Alternatively, Linuxconf can be used to configure FTP via Config->Networking->Server Tasks->Ftp server.

Web Server

HTTP can be run out of inetd, or run as a standalone daemon. The latter is the preferred method, because of the bursty nature of HTTP traffic. Apache is the most popular web server. The configuration file is httpd.conf, but the location depends on your distribution (locate httpd.conf will find it). has a complete list of all the available commands, and the default httpd.conf is well documented.

Those familiar with HTML will find apache easy to configure. Directives are simply statements, such as

ServerRoot “/usr/local/apache”

Options can be made to apply only to directories with the directory tag:

<directory /usr/local/apache>

Options FollowSymLinks



NFS is the Network File System, which allows machines to share directories. The /etc/exports file controls who can access which filesystems.

/export machine1(rw)
/public (ro)

The example above shares the /export tree with machine1, in a read and write fashion. /public has no restrictions on who can connect, but it is read only. Run man exports for more information on all the options available in this file. You will have to restart the mountd process in order for any changes to become visible. The exports(5) man page has a list of all the options available, along with examples.


The Post Office Protocol, or POP, is used to let remote users retrieve messages from their mailbox. It runs out of inetd, and should require no configuration. In Linuxconf, accounts can be made POP-only from Config->Users Accounts->POP Accounts.


Rlogin services are, for the most part, replaced by ssh due to the lack of security in the Rlogin protocol. If the service is enabled in inetd.conf, then passwordless authentication can be configured by the creation of a .rhosts file in the user’s home directory, or a global wide /etc/hosts.equiv. The general form of this file is

+host user

which would let the specified user, from the specified host, log in to the local user account with no password. As you can see, this is easily spoofable, and is not recommended.


Samba, the Windows file sharing package, consists of two daemons. “smbd” takes care of the file sharing itself, and “nmbd” takes care of name resolution. They are both configured through the same file, smb.conf. Configuration of Samba is best done through the SWAT (Samba Web Administration Tool) interface, which runs on port 901 (http://localhost:901/). However, a basic knowledge of the configuration directives is necessary.

Besides the complete list of configuration directives at

the HOWTO is a good reference:

The simplest smb.conf demonstrates the form of the file:


workgroup = MYGROUP


guest ok = no

read only = no

The format is much like a windows .ini file: there are several headings encased in square brackets. [global] is the main section, it sets the main options for the program (in this case, the workgroup is MYGROUP). Shares also have the same format. In this example, the homes share is defined as requiring authenticated access (guest ok = no). Homes is a special share: it maps the user’s home directory to \\server\username. A share such as \\mymachine\fred will map to user fred’s home directory (assuming you haven’t explicitly defined a fred share) according to the rules in [home].

A share can be defined as simply as



guest ok = yes

which will create a tmp share pointing to /tmp. The smbd daemon must be restarted in order to make the configuration files take effect.


Configuration of sendmail is extremely complex, and is a job usually left for the senior administrators. However, linuxconf can be used to make common changes via the Config->Networking->Server Tasks->Mail delivery system menu.

As you can see, there are many options to be configured. Important menus are the Configure basic information menu, which is used to define your domain name, and what your system is to do with email (deliver, or send on to a gateway). The Setting user aliases menu is where you assign extra addresses to users (i.e., goes to, or redirect mail to other domains.


If telnet is to be used, it should be strictly controlled through the TCP Wrappers. Since all communications, including passwords, are sent in the clear, a person sniffing packets could compromise your system. The use of SSH is preferred.


TFTP is an unauthenticated version of FTP that runs over UDP. Common usage is in network devices, or diskless workstations, where the machine obtains its kernel from a TFTP server. When implementing TFTP, create a directory on your computer that you consider to be the TFTP root, and don’t store any sensitive information in there. Since the TFTP daemon can not break outside this root, it can not access files like password or user files, as it could if the root were the normal filesystem root directory. This special directory is then passed to the daemon in inetd.conf as the last argument.

Another special note about TFTP is that, by default, the file must exist before it is written. This is to prevent unauthorized people from creating files. Simply run touch filename in the appropriate directory to allow the remote client to write to filename.

Printers and Other Hardware

UNIX has a spooling system, much like Windows NT, except it is more flexible and formal in that there are multiple processes which handle different aspects of the printing procedure. The lpd daemon is responsible for listening to printer requests and spooling them. Jobs are submitted through the lpr program.

Configuring a printer is done through the printtool program. Clicking on the “new” icon gives a menu as shown below. Each print queue requires a name, and may have several aliases. It is advisable to have one printer with a name or alias of “lp”, since this is the default printer name for the system.

If your browser doesn’t support inline frames click HERE to view the full-sized graphic.

Selecting the “Queue Type” option lets you select where this printer resides, either on a physical port (/dev/lp0 corresponds to LPT1:, lp1 to LPT2:, etc), another UNIX server, a Microsoft NT share, a Novell server, or a print server address. From the “Printer Driver” menu, you can select the model of printer.

This last option is important. Before a job is sent to the printer, it is passed through a filter. This filter can do almost anything, from converting a raw .jpg image to PCL or PostScript, or converting PostScript to the native printer language. To properly do the conversion, the type of printer must be known.

Other Configuration Files

UNIX is a system controlled by text-based files. Each file has a specific purpose, which adds to the ease of administration, but requires the administrator to memorize more information. Most are tab-delimited files, and extended syntax can be obtained through the man system.

/etc/fstab lists the filesystems available to the system:

Device Name Mount Point Type Options Dump Pass
/dev/hda6 /   ext2 defaults 1 1

All columns are self explanatory except for five and six. The dump flag indicates if the filesystem should be backed up, but is rarely consulted. The Pass flag determines the order that the filesystems will be checked. / should be 1, the rest should be 2, except the non disk ones (/proc), which should be 0 to indicate no checking is needed.

/etc/inittab dictates the programs run in various runlevels. The important thing to know from this file is how to change the default system runlevel.


The second column in the above line specifies the system runlevel, in this case, 3, which is multi-user, no GUI. 5 is multi-user, GUI.

/etc/csh.login and /etc/csh/cshrc are invoked on login for all users on csh-like shells. For bash shells, /etc/profile is used. Items like global path settings, umasks, ulimits, and other settings should be set here. These are run before the user-specific versions are executed.

/etc/motd, /etc/issue, and /etc/ are used for giving users information upon login. The Message Of The Day (MOTD) is given after logging in. issue and are given before the login prompt on local based terminals, and network based terminals respectively.

/etc/ is a list of directories in which the dynamic loader,, will look for shared libraries. After modification, it is essential to run ldconfig.


The Linux Loader is responsible for booting the operating system on x86 systems. /etc/lilo.conf is the file used to configure it. A skeleton file looks like:

boot=/dev/hda # install on the MBR of the first drive
prompt # give the user the opportunity to input
timeout=50 # 5 seconds (50 tsec)
default=linux # default is the linux label
image=/boot/vmlinuz # define a kernel — /boot/vmlinuz
label=linux # tag as linux (see above for default)
read-only # mount as read only (necessary for linux)
root=/dev/hda6 # root device (/)is /dev/hda6

Thus, it is possible to add extra images, and use LILO to reboot into different kernel versions. In practice, you will always want to have an older kernel to use in the event that an upgrade fails. View man lilo.conf for all the details and options. One common addition is linear, which forces a different way of specifying sectors on the drive. This fixes a common problem when LILO cannot boot the system.


Modules are akin to device drivers, in that they enable functionality for a specific device or feature. Almost anything in the kernel can be made into a module, which reduces the size of the kernel and conserves resources until they are needed. It also does away with the need to recompile the kernel each time a new device is added, because modules can be kept handy without taking up memory. They are stored under /lib/modules/kernel-version; i.e., /lib/modules/2.4.4

The lsmod command takes care of listing the currently resident modules

# lsmod      
Module   Size Used by
pppoe   6416 2
pppox   1328 1 [pppoe]
Ppp_generic   15936 3 [pppoe pppox]

Column one shows the module name. Above, the modules are related to the PPP service (Point to Point Protocol, for remote access). Column two shows the amount of memory the module is taking up. Column three shows a reference counter, which lets you know if the module is being used or not. A value of 0 means it is not currently being used. The fourth column is a list of the referring modules, or those that depend on the current module. For example, the pppoe module relies on the pppox module as shown above. They both require the ppp_generic module.

The dependency tree is built at boot time by running depmod -a.

To add a module, you use either of the insmod or modprobe commands. Modprobe is better at handling module dependencies, but insmod is better at forcing modules to load if something goes wrong with modprobe. The syntax for them is similar

insmod pppox

modprobe pppox

insmod can also take the -f flag, which means “force”, in the event that the version is incorrect or something else goes wrong. Insmod can also accept a full path name in the following fashion:

insmod /lib/modules/2.4.2/kernel/drivers/net/pppox.o

Note that when the full pathname is specified, the .o extension is required. Otherwise, the name is looked up in the dependency tree.


Users and Groups

As a multi-user operating system, Unix uses a concept of users and groups to assign permissions. A user must have a primary group, and may be assigned to multiple secondary groups. The user called root is a special account, as it has virtually unlimited privileges and is used for the administration of the system.

Users are defined in the /etc/passwd file, one user per line. A typical line looks like

dave:x:1010:100:David Smith,,,:/home/dave:/bin/bash

A colon (:) delimits fields within the line. The first field is the user name, in this case, “dave”. The second field is for the password, in this case ‘x’ means the password has been shadowed (see section 2). Field three is the userid, referred to as the UID. In Linux, this is a 16 bit number, allowing a maximum of 65,536 users. It is this number that the system uses internally to represent a user. Field four is the primary groupid of the user, defined in /etc/group, and will be explained shortly. Next is a description of the user, often called the GECOS (gee-koss). Some sites choose to add information like phone numbers in this field, separated by commas. Since this field is not important to the operation of the machine, almost anything can go in here.

The final two entries are very important to the security of the user and her environment when logging in. The second last field is the user’s home directory, which is where many user specific configuration and files will be stored. The last field is the shell, which is the command line interface the user will see. Common values are /bin/bash (the Bourne shell), /bin/tcsh (a variant of the C shell), and /bin/false. The latter is used when you?re setting up a user that cannot log in interactively to the system, such as a mail only user, or a service account.

Groups are defined in /etc/group, and follow a similar scheme:



Field one is the name of the group. Field two is for a group password, but this is legacy and not used any more. The groupid, or GID, follows. Optionally, users can be placed into this group as a secondary by adding the user names to the end, separated by commas. As above, the sys group (GID 3) has root, bin, and adm as members. GID 100, users, has no secondary members. From above, though, you can see that David Smith’s primary group is 100.

Adding and deleting users is usually done via the useradd and userdel programs, respectively. The usual form of the command to add a user is:

useradd -c “GECOS” -s shell -g GID username

from this, the UID will be automatically assigned. If no GID is specified, either “users” will be assumed, or a new group will be created matching the username, and the user placed into it (most distributions now do the latter). This process also creates the home directory, by default.

The user can be deleted by

userdel -r username

The -r option deletes the user’s home directory. It is recommended that the user’s files be archived if you choose this option.

The groupadd and groupdel commands exist to add and delete groups, and their usage is similar.

A password must be assigned after the user is created, or the user will not be able to log in.

passwd username

This command will prompt for a password and confirmation. It can be used at any time to change another user’s password, or for the user to change her password by leaving out the username option.

The Root User

The Root user is a special user, since it has permission to do anything on the system. It is always identified by its UID of zero. It is advisable to only use root when needed, thus you should never log in directly as root. The “su” command will allow you to switch users from your current user to root:

$ su –

Password: mypassword


Normal restrictions that prevent users from hurting other users, such as ownership and permissions, do not apply to the root user. Thus, make sure you think about every command before you hit enter!


Most everything in Linux is represented as a file. To control access to files, a permission system is used. A file is owned by a user, belongs to a group, and has a set of attributes that dictate who can write to it. There are three main permission attributes: read (r), write (w), and execute (x). These are then applied, to the user (u), group (g), and others (o).

$ ls -l example

-rw-r–r– 1 sean users 0 May 28 19:15 example

The example file above is owned by user sean, from the users group. The permissions are user read/write, group and other read. This can be written as u=rw,g=r,o=r.

For simplicity, the permission attributes are given octal values of 4, 2, and 1 respectively, and are written in the order of user, group, and other. Thus, the previous example would have permissions of 644. A table illustrates.

  U G O
r 4 4 4
w 2    
  6 4 4

Permissions are changed via the chmod (change mode) command.

chmod permission filename

Permissions can either be in octal form (600, 640, etc.), or in long hand (u=rw,g=r). The former form is preferred, as the latter does not explicitly set the mode. Any set of people (u,g,o) that are not specified are not changed. Permissions can be added or removed by using + and – respectively.

Sometimes you will see the permissions listed with four digits. In this case, the first digit specifies special properties:

Octal Value Symbol Description
1 t On directories only the owner of the file can delete the file. AKA the “sticky bit”
2 s (group) On files with +x, the program can inherit the group of the owner (instead of the executor). On directories, new files are created with the group of the directory rather than the owner. AKA the SETGID bit
4 s (user) On files with +x, the program can inherit the uid of the owner. AKA the SETUID bit

The owner and group of a file can be changed by chown (change owner) and chgrp (change group). For security reasons, only root can change the owner. Furthermore, a user must belong to the group that he is changing the file to.

chown fred myfile

chgrp users myfile

The Filesystem


The UNIX filesystem is much like a tree. The root directory is called /, or simply the root. Basic system libraries and binaries go under /lib and /bin respectively. A special directory, called /sbin, is for binaries that only the system administrator will generally use. Traditionally, sbin stood for statically linked binaries, but this is no longer necessarily true.

A similar structure exists under /usr and /usr/local, with the former being for general purpose applications and software that will be common across multiple machines. The latter, /usr/local tree, is often a special use directory for locally installed software.

Other directories of note are /etc, which stores configuration files, and /dev which contains all the device files.

Directories and Files

Basic commands are needed to work with directories and files.

A directory listing is obtained with the ls command:

$ ls

a.txt b.txt c.doc

You may want to use the -l flag to specify that file sizes are to be shown.

$ ls -l

total 3

-rw-r–r– 1 sean users   2 Jun 30 13:39 a.txt
-rw-r–r– 1 sean users   2 Jun 30 13:39 b.txt
-rw-r–r– 1 sean users   2 Jun 30 13:39 c.doc

A file can be copied with the cp command:

cp myfile /tmp

will copy “myfile” to the /tmp directory. If /tmp didn’t exist as a directory, then it would be created as a file. A similar command exists to move and rename files, called mv. Its use is the same as cp. Be careful not to use it as the DOS ren command when working with multiple files:

mv *.doc *.txt

will not have the effect intended! When a * appears in a shell command, the shell expands it to match any files. Thus, in a directory with a.doc, b.doc, and c.txt, the command would expand to

mv a.doc b.doc c.txt

Luckily, when specifying multiple files, the last argument must be a directory, so this will result in an error.

Directories are created and deleted via the mkdir and rmdir commands respectively.

Files are deleted with rm. The -r flag to rm means to recurse into subdirectories. -f will suppress some warning messages. Thus, to delete the contents of /usr/local/test (including the test directory itself), run:

rm -rf /usr/local/test

You can find your current directory with “pwd” (?present working directory?).

Symbolic links are a way of having multiple names for the same file, without having two copies on disk. There are two types, hard and soft. A hard symbolic link must reside on the same filesystem as the original file, because the filesystem considers the files the same. A soft link is used more often, because it can cross filesystems and refer to directories.

ln -s /usr/bin/telnet /usr/local/bin/telnet

creates a link, called telnet, in /usr/local/bin, which points to /usr/bin/telnet (note the order: source file then destination file). Omitting the -s would create a hard link.


Managing Services

At any given time, the system is in a certain runlevel:

Level Description
0 Shutdown
1 Single User Mode
3 Multi User Mode, Text
5 Multi User Mode, Graphical
6 Reboot

Runlevels 2 and 4, while not generally used, are still technically valid. The importance of the runlevel is that it determines what daemons to start and stop. For example, in single user mode, very little would be running, but in runlevel 5, X-Windows and all the internet daemons would be running.

/etc/rc.d/init.d contains programs that start and stop various services. Each file is a shell script that accepts, at minimum, either start or stop as a command line parameter. /etc/rc.d/rcX.d, where X is a runlevel, contains symbolic links to each file in init.d. The links are named either SXXservice or KXXservice, where XX is a number denoting priority. Upon entering a runlevel, all the K files are run in order with the “stop” parameter, then the S files with the start parameter. Thus, if /etc/rc.d/rc3.d contained

K20nfs K30web S10oracle S50scanner

upon entry, nfs and web would be stopped (in that order), and oracle and scanner would be started (in that order). These symbolic links can be managed by hand, or by various scripts that come with each distribution (service, ntsysv, etc.)

Changing runlevels is handled by the init command. To change into runlevel 5, simply type

# init 5

The init.d directory is also helpful if you want to restart daemons during normal operation. For example, to restart the web service, you can run

# /etc/rc.d/init.d/web stop

# /etc/rc.d/init.d/web start

Print Queues

Command Action
lpq Show all the jobs in the queue
lprm jobid Remove jobid from the queue
lpc Control queue, i.e., start and restart spooler

The commands above default to the queue defined by the PRINTER environment variable, or the lp printer. Adding -P printer will choose the printer.

Connecting to Other Machines

There are various ways to connect to other computers.

Telnet is the most common, but suffers from lack of security, as passwords are sent plaintext.

$ telnet othermachine

SSH, the secure shell, is much better, but it may not be installed. Its usage is similar

$ ssh othermachine

While on another machine, you can have X-Windows sessions forwarded to your screen. If you are on the console of mymachine, but telnetted to othermachine, you can set the DISPLAY variable on othermachine.

othermachine$ export DISPLAY=mymachine:0.0

Any X sessions will go to your console. Depending on how secure your distribution installs X-Windows, you may need to allow othermachine to connect to your X-Server

mymachine$ xhost +othermachine

If you are logged in via ssh, none of this necessary, as it will forward X automatically over the encrypted tunnel (another reason to use SSH). SSH also allows you to set up password-less authentication in a secure manner.

Shell Scripting

Shell scripting refers to creating programs that are interpreted by the shell, much like a DOS batch file. Each shell script starts off with a line denoting the shell:


This will force the shell to be /bin/bash, even if the user is using a different shell. Remember that the script file must be marked as executable for it to run directly from the command line.

Within a shell script, any commands that you normally type are OK; i.e.,


# rewind the tape, tar up the home directory

mt -f /dev/nst0 rewind

tar -czf /dev/nst0 /home

You can also assign and read environment variables

echo You are using printer $PRINTER

Or test variables:

if [ “$PRINTER” == “” ]; then

echo \$PRINTER is not set, using LP



echo You are using $PRINTER


Note that when setting a variable, omit the $.

Within man pages, you will see that programs return result codes. This number is available in the special $? variable.

grep -q sean /etc/passwd

if [ $? -eq 0 ]; then

echo Sean has an account


echo Sean does not have an account


Note in the example above, -eq was used to compare, where in the PRINTER example, == was used. The former is used to compare integer expressions, the latter is for string expressions. Sometimes the if statement will be written as

if [ “x$PRINTER” == “x” ]; then

so that even if $PRINTER is an integer, the expression is still a string.

A variable can also be set to the output of a program by using backticks:

USER=�grep sean /etc/passwd�

Shell scripting is a large topic, so further reading will be required:

System Maintenance


Creating Filesystems

Each physical disk (hda, sda, etc), can be broken down into slices known as partitions. The fdisk command is used to manage these disk partitions. Fdisk is invoked by passing the name of the physical disk:

# fdisk /dev/hda

Once inside the fdisk program, the following commands are used

Command Action
P Prints the current partition table
N Creates a new partition. You will need to specify the start and end cylinders on the disk
w Writes your work to disk. This will remove any existing partitions
t Changes the partition type. 82 is for Swap space, 83 for regular filesystems. You can pull up a complete list with the ‘L’ key
d Deletes a partition

Once the partition is created, you have to format it:

# mkfs -t ext2 /dev/hda1

will create an ext2 filesystem on the first partition of hda1.

Fixing Filesystems

Filesystems can be fragile. If power is lost to a machine, data may not be properly flushed to disk, resulting in a filesystem inconsistency. Fsck (filesystem check) is used to attempt a repair of the disk. On bootup, fsck will be run, but if errors occur, you will have to perform the task manually.

# fsck /dev/hda1

will run fsck on hda1. You will be required to confirm that you would like fsck to fix the filesystem when an error is found. Running fsck on an active filesystem is not a good idea, since data can be written to it. It is advisable to unmount the disk before fsck’ing.


A filesystem on its own is of no use, so it must be mounted on a mount point; i.e., a directory.

# mount /dev/hda5 /usr

will mount /dev/hda5 on the usr directory. Unmounting is similar:

# umount /usr

# umount /dev/hda5

Either the directory or device can be specified for an unmount. Thus, the two commands above are equivalent.

/etc/fstab is a file that contains the device to directory mappings, and was described in the Configuration section. If a device is listed in this file, then the mount command requires only one of the device or mount point.

Scheduling Tasks

Rather than requiring the administrator to manually run routing jobs, the cron facility can be used to schedule commands to be run on a regular basis. The daemon that handles this is crond, and its jobs are controlled via crontab (by no coincidence, the list of jobs itself is called the crontab).

crontab -e – edits the current user’s crontab

crontab -l – lists the current user’s crontab

crontab filename – replaces the current user’s crontab with the contents of filename

Additionally, root can use the -u username option with the above commands in order to specify another user.

The crontab itself has a special format which allows the date and time to be easily set. Six tab-delimited columns are used:

minute hour day month weekday command

A * in any of the first five columns means that anything is allowed. Thus,

0 0 * * * /usr/local/bin/runbackup

will run the /usr/local/bin/runbackup each day at midnight. The man page for crontab(5) has further examples and shortcuts.

By default, any output of a cron job goes to the owner of the crontab. This behavior can be overridden by specifying


at the top of the crontab. In this example, any output would go to fred.


When a program crashes, it usually leaves behind a core dump, in the form of a file named core. This file contains the memory occupied by the program, and is useful for debugging and determining where the program crashed. As in the example below, core files are usually very large. The file command will tell you which program generated the core dump.

# ls -l core

-rw——- 1 sean sean 14798848 Jun 11 22:30 core

# file core

core: ELF 32-bit LSB core file of ‘soffice.bin’ (signal 6), Intel 80386, version 1, from ‘soffice.bin’

A core file is only useful on the computer it was generated on. On another computer, it is likely that the addresses in the core file do not match with the originating computer, and the debugging will be impossible. If a program constantly dumps core, it would be wise to contact the author. He will be able to give you instructions on what to do with the core (usually by asking you to use a debugger to generate a back trace). If you have no desire to debug the core file, you can safely erase it.

Since most software in Linux is distributed in source format, patches are one way of upgrading the code. Rather than downloading a new version, the differences (diffs) can be applied to the old tree to update it. This is common with the kernel, where the compressed size is in the 20MB range, while a patch is around the 1MB mark.

From the top of the directory, /usr/src/linux, you can apply the patch via

patch -p1 < /path/to/patch

Usually patches are compressed (patch.gz), so you will want to uncompress them first (gunzip patch.gz).


Each task that the kernel is working on is assigned a process id (PID). Each process has a parent process (PPID). The parent of all processes is init (PID=1). Init is responsible for creating and managing processes.

The ps command is used to list processes. The systems administrator will likely use the -ef flags, which specify all processes, with extended information:

# ps -ef
root 1 0 0 Jun16 ? 00:00:04 init [5]
root 2 1 0 Jun16 ? 00:00:00 [keventd]
root 3 1 0 Jun16 ? 00:00:00 [kapm- idled]
Root 478 1 0 Jun16 ? 00:00:00 syslogd -m 0

The columns, in order, are the owner of the process, the process ID, the parent process ID, an internally used value, the start time of the process, the controlling terminal (? means that there is no terminal associated with the process), the CPU time in seconds, and the command. The latter can be changed by the process itself (i.e., sendmail uses this space to display its current status). Init (PID=1), and square brackets indicate kernel tasks that can not be killed.

To kill a process, the kill command is used. Killing a process actually sends a signal, which the program can trap and handle in its own way.

kill 478

will kill PID 478, the syslog daemon in the example above. Since PIDs are assigned in sequence (rolling over at 32767), syslog will not always be PID 478! Sometimes, a process is hung, and will not respond to the kill, so a stronger kill must be used:

kill -9 478

This sends signal 9 (SIGKILL) to the process, which forces init to immediately destroy it. A normal kill sends signal 15 (SIGTERM), which gives the process a chance to clean itself up before closing. Another signal you may use are 1 (SIGHUP), which is usually interpreted as a signal to reread the configuration file. Instead of numbers, you can specify the name (without the sig). Thus, kill -HUP 478 is the same as kill -1 478. A full list of signals and their meanings is in signal(7).


The syslog daemon is responsible for collecting logs generated by programs, and writing them to different files. While a complete discussion of this program is not needed for this exam, you will need to know the default logfiles, and what goes in them.

Logfile Description
/var/log/messages General system messages, such as status reports from various daemons
/var/log/maillog Messages dealing with mail transfer, such as logs of sent and received messages, and any other sendmail warnings
/var/log/secure Logs of connection attempts, logins, and security related notifications
/var/log/cron Status reports from the cron daemon


These files are used to provide historical data about logins. The “last” command is used to interpret these files. It is vitally important not to delete them, as it will cause problems for users logging in.

Other files in the /var/log/ directory may be as a result of other installed applications. For example, many distributions have the samba daemon log to various files in /var/log/samba/.


There are two general programs used to make backups. The first is tar (Tape Archive), and the second consists of the dump and restore commands.


To create an archive, run

tar -czf backup.tar.gz /home

will create a gzipped tarball called backup.tar.gz, containing the contents of the /home directory. This file will usually be copied to a CD or tape for safe keeping. To restore /home,

tar -xzf backup.tar.gz

One important thing to keep in mind is that inside the tarball, all filenames will start with home/ (the leading / is always stripped). Thus, when the file is unpacked, a home directory will be created in the current directory. This is because the file specifier in the create command explicitly used the home directory. The other way to do this would have been to run the tar command in /home, and use * instead of /home. You can check what’s inside the tarball with

tar -tzf backup.tar.gz


Dump and restore allow the administrator a bit more flexibility, but are more complex to use. They work on drives/partitions, rather than directories. To perform a full back up /dev/hda1 to tape device /dev/nst0, run:

# dump 0usf 1048576 /dev/nst0 /dev/hda1

The first parameter given is the dump level, in this case 0. 0 means a full backup. A level one backup refers to all the files changed since the last level 0. Level two will get all the changed files since the level one, and so on. The u flag means to update the /etc/dumpdates file, which helps dump in calculating which files to archive for each dump level. ‘s’ means that you will be passing the tape length (in feet), which helps it know when to prompt for a new tape. This number comes after the flags, which is what the 1048576 refers to (DDS1 tape). ‘f’ indicates the output file, which is given as /dev/nst0. Finally, after all the flags and associated values are given, goes the device to dump. This will not compress the output: it is expected that the tape drive will do that for you. To compress manually, run:

dump 0usf 1048576 – /dev/hda1 | gzip -c > /dev/nst0

could be used. The file ‘-‘ means the standard output, which is then piped through gzip, and manually sent to /dev/nst0.

You can verify a dump file against the disk with

restore -Cf /dev/nst0

assuming the tape is positioned at the current dump file.

Some commands helpful to move the tape are:

mt -f /dev/nst0 rewind # rewind the tape
mt -f /dev/nst0 fsf 1 # fast forward one position
mt -f /dev/nst0 tell # what position are we at?

To perform a full restore, get into a freshly formatted partition,

restore -rf /dev/nst0

more often, you will want to only restore a few files at once. Interactive mode is then used:

restore -if /dev/nst0

The man pages for both dump and restore provide complete information on their use.



Physical security is very important, since many security settings can be overridden at the console. Ensure that servers are in a controlled environment, behind locked doors, and with limited access. Don’t leave root logged in!


Passwords should expire after a certain amount of time. This way, if a password is compromised, then the cracker will not be able to hang around your system forever. To see the aging information on an account, use the chage command:

# chage -l testuser
Minimum: 0
Maximum: 99999
Warning: 7
Inactive: -1
Last Change: Jun 22, 2001
Password Expires: Never
Password Inactive: Never
Account Expires: Never

To force a password change every three months (90 days), and give a seven day warning, use

# chage -M 90 -W 7 testuser

When the password is about to expire, the user will get a warning message upon login:

login: testuser


Warning: your password will expire in 1 day


Maintaining system security can be a lot of work. Mailing lists are a great way to keep on top of current problems with your software, and to let you know of updates. You should be subscribed to your distribution’s security mailing list at the least. A web sites of interest is:


Here?s a small checklist to follow after installing, and to periodically verify

  • Check your inetd related services (/etc/inetd.conf, /etc/xinetd.d/), and make sure you know what is running. Turn off anything you are not using.
  • Check the services that are starting in your runlevel (/etc/rcX.d). The chkconfig –list command will be helpful
  • Replace telnet with SSH if at all possible.
  • Browse the list of installed packages, and remove items you’ll never need (news servers, etc.)
  • Look at the accounts in /etc/passwd to make sure there are no surprises
  • Use the wrappers (/etc/hosts.allow, /etc/hosts.deny) to limit who can connect
  • Keep an eye on logs. Logcheck ( is a handy tool for this
  • Keep up on those patches!
  • Keep the number of setuid and setgid files to a minimum



Proper documentation of your system is critical. In the event of a problem, you may not be able to rely on the information your system is giving you. During the install phase, a list of the options chosen should be kept in case a re-install is needed. Changes to configuration files (and regular backups) should also be logged. Not only does this help during a recovery, but also when determining the cause of a problem.

Any software that doesn’t come from your distribution should be noted in case you want to check for upgrades later, or change options. Keeping all the source files in a directory such as /usr/local/src is also helpful.


A keen grasp of the various UNIX commands will be helpful when troubleshooting a problem. When dealing with logfiles, it is often easier to maintain a constant watch on a particular logfile when trying to reproduce the error.

tail -f /var/log/messages

will keep a constant watch on the messages log (new messages will get appended within the terminal). If the error occurred in the past, you might be interested in only certain log entries.

grep imapd /var/log/messages

will return only the lines containing the “imapd” string. If there you find a reference to a file, but can not find it, there are two ways of finding the file:


find / -name -print

are roughly equivalent. Depending on the distribution, the locate command may not be able to see into all directories, so the find version is often preferred.

Sometimes a program will generate too much output on the screen to read. Redirecting this to a file is then necessary.

program > logfile # truncate logfile and dump all output to it

program >> logfile # append output to logfile

The above uses suffer from not being able to catch the error stream. Some extra shell commands are required to get both the standard output stream, and the standard error stream

program >> logfile 2>&1 # redirect both stderr and stdout to logfile

If you would like to see the output on the screen, and save to a file, the tee command is used

program | tee logfile

The next thing that is essential is to be able to use one of the many UNIX editors. VI is perhaps the best choice, since it is going to be available on almost any UNIX variant, and, in the event that you have to boot up in a minimal mode, it may be the only editor available.

VI uses commands instead of menus. Generally, you are either in edit mode (where you are typing text), or in command mode (where you are giving commands to vi). To switch from edit mode to command mode, hit the ESC key. To get from the default command mode into an edit mode, use one of the following commands (note that everything in VI is case sensitive):

a – start editing after (append) the current character

A – start editing at the end of the current line

i – start editing at the current character (insert)

I – start editing at the beginning of a line

o – create a new line after the current, and start editing

O – insert a new line and start editing

From command mode, you can enter :w to write the file, or :w filename to write to filename. :q quits, and :q! quits without saving. A full VI tutorial can be found at VI is complicated, but once the basic commands are mastered, editing becomes very quick and easy.

Diagnosis and Repair

A methodical approach must be taken to solving Linux problems. If the report comes from a user, carefully document the symptoms, especially error messages. Unix is very terse, so exact wording is often necessary. Try to separate users’ opinions (logging in is slow) from the actual symptoms (it is hanging right before it tells me that I have new mail).


Boot problems will generally fall into one of two categories. Kernel booting, and startup scripts. Booting of the kernel is handled by LILO, the Linux Loader.

The second class are usually the easiest to solve. As noted before, each service has its own script in /etc/rc.d/init.d (or /etc/init.d in some distributions). Thus, if the failing script is known, it can be tested while the system is still operational. The software section below gives some advice on using logfiles to determine problems. In the case of a daemon not starting up, it is sometimes more helpful to follow the logic of the script in another session so that all errors are noticed. One common problem is with libraries (below). The actual error may not be noticed on bootup since the script might redirect it, but if the startup commands are typed in by hand, you will likely see them and be able to determine what the problem is.

In the case of heavy disk corruption, you may only be able to boot into single user mode and must fsck the disks by hand. If you would like to force a single user mode boot, you can enter

linux single

at the LILO prompt. Most daemons will not be started, so you have the opportunity to troubleshoot without corrupting data further.

Problems where the operating system itself fails to boot may require you to use a rescue disk. A rescue disk is a kernel plus a root filesystem with utilities (fsck, fdisk, vi, etc.) on it. Essentially, you are booting into a minimal Linux configuration, and must mount your real filesystems manually. Distributions handle this in different ways. With Red Hat, you can use the installation CD and select the “rescue” option. Sites like also carry distribution neutral versions, which may be handy to keep in your toolkit.

If the case is that the kernel itself is corrupted, you may be able to use the rescue toolkit to boot your own root filesystem. Generally, you can boot with


passed to LILO in order to boot onto /dev/hda1.

LILO may stop before booting the kernel. Each letter that is printed gives some indication of how far it got. A description is given at

the README file for LILO (/usr/doc/lilo*/README) also has some excellent troubleshooting procedures (including an expanded version of the table in the link above).


Resources, such as memory and CPU, are shared between all processes. A common problem is that a process consumes 100% of the CPU, or starts allocating excessive memory. While these are usually caused by software errors, the administrator must return the system back to the normal state. In these cases, restarting the daemon is required. If the daemon is persistent, a kill -9 might be necessary. The “top” utility is helpful for finding which process is hogging the resources.

Before killing off the process, make a note of the symptoms, such as 100% CPU usage, any recent log entries, number of connections, etc. Restarting the daemon should return the system to normal. If this is a reoccurring problem, then you should check for updates to the software. You are likely not the only person experiencing this error.


Though shared libraries reduce memory and disk usage, they can also cause problems if the correct version is not available.

# amflush

amflush: error while loading shared libraries: cannot load shared object file: No such file or directory

All the library dependencies can be checked with the ldd command. This command is particularly helpful if you need to know what version of library that the binary is looking for.

# ldd /usr/sbin/amflush => not found => /lib/i686/ (0x40025000)

From this example, you can see that amflush is missing libamanda, and uses version 6 of libm (the math library). Missing libraries are usually caused by improper installation, accidental deletion, or a library directory that is not specified in /etc/ (don’t forget to run ldconfig after changing this file.)

When using .deb or .rpm binary packages, you will not be able to install the software without filling the required dependencies:

# rpm -i openjade-1.3-13.i386.rpm

error: failed dependencies:

sgml-common >= 0.5 is needed by openjade-1.3-13

In this example, the sgml-common package is required before installation of openjade can continue.


Most software will generate some sort of logging information. If it is a background daemon, chances are that it logs through syslog, and you’ll find what you need in /var/log/messages. Some exceptions are apache, which logs to its own file (/var/log/httpd/error_log or /usr/local/apache/logs/error_log), and samba (/var/log/samba/ or /usr/local/samba/logs/).

If users complain that they are experiencing problems with your internet services, such as not being able to retrieve their mail, or are getting errors on the web server, look at the logs. Here is an example of an imap user giving an incorrect password:

poochie imapd[5177]: Login failure user=test host=localhost []

From this log entry, you can see that the service is imapd (the grep technique from above is helpful in finding this), and that user “test” had a login failure. The hostname is localhost (so this was a local user).

Once the cause of the error has been determined, the fix is usually a configuration change. In the example above, the fix would be to change the user’s password (assuming it was forgotten). With programs like apache and samba, fixes tend to be changing file permissions or adjusting the configuration file.

Sometimes errors can only be fixed by restarting the daemon. Like the CPU and memory errors above, checking for updates in the software is the recommended long-term solution. Errors in this category include unresponsive daemons, or a slow service. A complete reboot of the system should never be necessary, unless you have exhausted all other options.


Hardware problems will generally result in some kernel messages being printed. The dmesg command is used to show the kernel log buffer. Messages in this log dealing with errors will include the device number. The following is an example of the kernel reporting that it is running into some bad sector errors on drive hda:

hda: read_intr: status=0x59 { DriveReady SeekComplete DataRequest Error }

hda: read_intr: error=0x40 { UncorrectableError }, LBAsect=8166445, sector=214207

end_request: I/O error, dev 03:09 (hda), sector 214207

You should be able to reconcile the sector (8166445) with the filesystem that is giving the problem with fdisk.

File Systems

File systems can become corrupt after unclean shutdowns, so the unmount and fsck commands must be used to return them to a stable state as previously described.

Another problem with disks is capacity. A disk can become full by either storing too much information, or too many files. Due to the nature of the ext2 filesystem (and many others), a certain amount of inodes, or file pointers, are created when the file system is formatted. The df command is used to show the current usage of both space and inodes. “df -k” shows free space in Kilobytes, and “df -i” will show inode usage. Even if df -k shows that ample free space exists, the system can still run out of inodes. Normally, this won’t happen, but a system with thousands of small files will exhibit this behavior. This is probably as a result of a poorly written program that isn’t cleaning up after itself, but could also be a sign that the partition must be reformatted with a higher inode count.


Backups can fail for many reasons, but the most common will be lack of tape (or disk, depending on how you back up). Either the correct tape was not ready, or the backup is too large to fit on a tape. Depending on the backup software used, you may get an explicit message to the fact, or a disk error.

Another problem with backups is the media. Tapes can go bad, and CD writes can fail. Even if the backup succeeds, it is important to verify the consistency of your backups. Testing can be done through the backup software, or through periodic test restores.

Identify, Install, and Maintain System Hardware

The best thing that you can do to prevent hardware problems is to make sure all your devices are on the distribution’s hardware compatibility list. This list is generally available off of the vendor’s web site.


Your best troubleshooting source is the /proc directory. /proc is a virtual filesystem — it takes up no hard drive space, each file is a way to get information from the kernel. For example, the /proc/uptime file, when read, will return the uptime of the system.


An interrupt request, otherwise known as an IRQ, is a system that allows devices to request the attention of a CPU, such as the arrival of a packet on an interface.

A list of devices assigned to IRQs can be determined from the /proc/interrupts file:

$ cat /proc/interrupts
0: 137450255 XT-PIC timer
1: 848513 XT-PIC keyboard
2: 0 XT-PIC cascade
3: 19674 XT-PIC serial
5: 15607219 XT-PIC ide2, eth0
8: 39034 XT-PIC rtc
9: 62416173 XT-PIC es1371
11: 518706 XT-PIC usb-uhci, usb-uhci, advansys
12: 8195016 XT-PIC PS/2 Mouse
14: 1535447 XT-PIC ide0
NMI: 0  
ERR: 0  

When an interrupt is shared, it will show up with multiple devices, as in the example above beside IRQ 5 and 11.

If you do not want devices to share IRQs, the best method is to adjust the PnP settings in the BIOS. While Linux does support PnP to a limited extent, it is not an easy thing to manage, and it is not always successful.

Ioports are much like IRQs in that they provide a way for devices to share data with the rest of the computer. The list of used io ports are in /proc/ioports

$ cat /proc/ioports

0000-001f : dma1

0020-003f : pic1

cc00-cc7f : 3Com Corporation 3c900B-TPO [Etherlink XL TPO]

cc00-cc7f : eth0

In this example, you can see that the Ethernet card is using the ioports from 0xcc00 to 0xcc7f. If another device is set up to use this, it could cause both devices to fail.


One symptom of bad memory is random segmentation violations in otherwise stable applications. The Sig 11 FAQ at is an excellent resource on tracking down the cause of these errors.


CPU and motherboard problems usually manifest themselves by the computer failing to start. More subtle problems include random segmentation violations, and periodic rebooting. Ensure that your motherboard is clocking the CPU at the correct frequency, and that the voltages are correct.

If the motherboard or CPU fails entirely, a replacement is the only option.

Hard Drives


Before installing any SCSI device, you must make sure that the new device’s SCSI ID is unique on the bus. SCSI acts as a shared bus: if two devices have the same ID, neither will work properly. Don’t forget that the SCSI card itself has an ID, usually 7. As a bus, it requires proper termination at both ends (internal and external). More modern devices implement termination automatically, so this may not be necessary.

Troubleshooting procedures involve testing the above requirements. If the SCSI bus was working before the new device was installed, then either the device is incorrectly configured, or something was dislodged during installation. Testing of a new bus might be difficult in Linux, because the Windows applications that come with the card will not work. Try booting the machine without any devices on the chain, and then slowly add devices.

The /proc/scsi directory carries a lot of helpful information on the state of SCSI in your system. /proc/scsi/scsi lists all the devices seen on the bus. /proc/scsi/modulename, where modulename is the module name of your SCSI card, lists valuable diagnostic information.

If your SCSI card is not detected on boot, ensure that /etc/conf.modules has an alias line similar to

alias scsi_hostadapter advansys

If not, Linux will probably not find the device. In this example, the SCSI card uses the advansys module. You can find a complete list of available modules in /lib/module/KERNELVERSION/kernel/drivers/scsi for 2.4 kernels, or /lib/module/KERNELVERSION/scsi for 2.2 and earlier kernels. As discussed before, you can insert the module with the modprobe command.


IDE devices are less work to configure than SCSI, but generally do not have the speed or flexibility of SCSI. Each chain has a master and a slave device. Normally, you have two chains, the primary and secondary, but expansion cards can extend that up to ten chains.

The device will have a name of /dev/hdX, where X is a letter corresponding to the chain and position. The primary-master will be ‘a’, the primary slave ‘b’, and so on. The busses themselves are referred to as ideN, with the primary bus ide0. /proc/ide contains several directories and files depending on the hardware you have installed.

When installing an IDE device, you must know beforehand where it will be, and set the drive to be a master or a slave accordingly. Drives are detected on bootup, so you can watch for them in the initialization sequence. The dmesg command shows this again if you missed it, though /proc/ide will give more than enough information.


A network is a system that allows for the sharing of resources. There are four main topologies of networks:

If your browser doesn’t support inline frames click = HERE to view the full-sized graphic.
Bus – A bus can be modeled as a long chain, each device connecting to at most two neighbors. This is the simplest of all, but a single break in the chain will segment the network. The chance for collisions is greatly increased as the number of devices increases.

Star – In the star topology, each device connects to other devices through a central controller, usually a hub or switch. A cable break will only isolate one device, rather than segmenting the network in the case of a bus. Collisions can be the same as in a bus topology, or can be lessened by increasing the intelligence in the central controller.

Ring – A ring is like a bus that closes in on itself. It is ideal for token based protocols, where only the device that holds the token can talk, virtually eliminating collisions. In the case of protocols like FDDI, the ring can survive a break by using two concentric rings.

Mesh – This is quite a complex configuration, since it will require (N^2-N)/2 links, where N is the amount of devices. It has better survivability in the case of link failures, which makes it ideal for WAN configurations. The cost and complication of management make it unattractive for the LAN, however.

Network adapters are used to connect to networks. In Linux, you can get a complete listing of active network adapters by running ifconfig:

# ifconfig eth0 Link encap:Ethernet HWaddr 00:A0:24:D3:C4:FB inet addr: Bcast: Mask: UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:60965615 errors:16 dropped:0 overruns:16 frame:16 TX packets:54918449 errors:0 dropped:0 overruns:0 carrier:19 collisions:1002834 txqueuelen:100 Interrupt:9 Base address:0xfc40 eth0:1 Link encap:Ethernet HWaddr 00:A0:24:D3:C4:FB inet addr: Bcast: Mask: UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 Interrupt:9 Base address:0xfc40 lo Link encap:Local Loopback inet addr: Mask: UP LOOPBACK RUNNING MTU:3924 Metric:1 RX packets:33148157 errors:0 dropped:0 overruns:0 frame:0 TX packets:33148157 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0

Device Name Function
lo Loopback interface
ethN Ethernet
pppN Point to Point
tunlN Tunnel device

A ?:? after a device name denotes a sub interface, thus eth0:1 above is a virtual device running on eth0 (the first Ethernet device). As you can see, there is a lot of information available from the ifconfig command, such as the hardware and IP addresses of the devices.

Peripheral Devices

Peripheral devices include typical items like monitor, mouse, and keyboard, and also devices like scanners and printers.

Monitor, mouse, and keyboard problems are usually very easy to diagnose. Installation under Linux is likewise very easy. When upgrading video hardware on a machine running X-Windows, it is best to reconfigure X to take advantage of the new hardware.

The other devices will most likely need some sort of driver to be installed in order to function. For example, a printer will require the “lp” device to function. USB devices will require the USB drivers, in addition to any specific drivers for the device:

# lsmod
hid 11776 0 (unused)
input 3488 0 [usbkbd keybdev hid]
usb-uhci 20720 0 (unused)
usbcore 49664 1 [usbkbd hid usb- uhci]

Most distributions take care of making sure that the USB system is ready.

Modems are best set up through one of the wizards mentioned earlier for ppp configurations, rp3-config or Kppp. Most problems with modems will be related to IRQs and ports. Linux does not currently support so called “WinModems”, which are mostly software based. Remember that a modem that would be on COM1 in DOS would be on /dev/ttyS0 in Linux. COM2 is /dev/ttyS1, and so on. Mixing this up is a common error.


Structured Query Language


What is SQL?

SQL (pronounced “ess-que-el”) stands for Structured Query Language. SQL is used to communicate with a database. According to ANSI (American National Standards Institute), it is the standard language for relational database management systems. SQL statements are used to perform tasks such as update data on a database, or retrieve data from a database. Some common relational database management systems that use SQL are: Oracle, Sybase, Microsoft SQL Server, Access, Ingres, etc. Although most database systems use SQL, most of them also have their own additional proprietary extensions that are usually only used on their system. However, the standard SQL commands such as “Select”, “Insert”, “Update”, “Delete”, “Create”, and “Drop” can be used to accomplish almost everything that one needs to do with a database. This tutorial will provide you with the instruction on the basics of each of these commands as well as allow you to put them to practice using the SQL Interpreter.


A relational database system contains one or more objects called tables. The data or information for the database are stored in these tables. Tables are uniquely identified by their names and are comprised of columns and rows. Columns contain the column name, data type, and any other attributes for the column. Rows contain the records or data for the columns. Here is a sample table called “weather”.

city, state, high, and low are the columns. The rows contain the data for this table:


city state high low
Phoenix Arizona 105 90
Tucson Arizona 101 92
Flagstaff Arizona 88 69
San Diego California 77 60
Albuquerque New Mexico 80 72

Retrieving Data

Basic Select

In a relational database, data is stored in tables. An example table would relate Social Security Number, Name, and Address:

SSN FirstName LastName Address City State
512687458 Joe Smith 83 First Street Howard Ohio
758420012 Mary Scott 842 Vine Ave. Losantiville Ohio
102254896 Sam Jones 33 Elm St. Paris New York
876512563 Sarah Ackerman 440 U.S. 110 Upton Michigan

Now, let’s say you want to see the address of each employee. Use the SELECT statement, like so:

SELECT FirstName, LastName, Address, City, State
FROM EmployeeAddressTable;

The following is the results of your query of the database:

First Name Last Name Address City State
Joe Smith 83 First Street Howard Ohio
Mary Scott 842 Vine Ave. Losantiville Ohio
Sam Jones 33 Elm St. Paris New York
Sarah Ackerman 440 U.S. 110 Upton Michigan

To explain what you just did, you asked for the all of data in the EmployeeAddressTable, and specifically, you asked for the columns called FirstName, LastName, Address, City, and State. Note that column names and table names do not have spaces…they must be typed as one word; and that the statement ends with a semicolon (;). The general form for a SELECT statement, retrieving all of the rows in the table is:

SELECT ColumnName, ColumnName, ...
FROM TableName;

To get all columns of a table without typing all column names, use:

SELECT * FROM TableName;

Each database management system (DBMS) and database software has different methods for logging in to the database and entering SQL commands; see the local computer “guru” to help you get onto the system, so that you can use SQL.

Conditional Selection

To further discuss the SELECT statement, let’s look at a new example table (for hypothetical purposes only):

EmployeeIDNo Salary Benefits Position
010 75000 15000 Manager
105 65000 15000 Manager
152 60000 15000 Manager
215 60000 12500 Manager
244 50000 12000 Staff
300 45000 10000 Staff
335 40000 10000 Staff
400 32000 7500 Entry-Level
441 28000 7500 Entry-Level

Relational Operators

There are six Relational Operators in SQL, and after introducing them, we’ll see how they’re used:

= Equal
<> or != Not Equal
< Less Than
> Greater Than
<= Less Than or Equal To
>= Greater Than or Equal To

The WHERE clause is used to specify that only certain rows of the table are displayed, based on the criteria described in that WHERE clause. It is most easily understood by looking at a couple of examples.

If you wanted to see the EMPLOYEEIDNO’s of those making at or over $50,000, use the following:

WHERE SALARY >= 50000;

Notice that the >= (greater than or equal to) sign is used, as we wanted to see those who made greater than $50,000, or equal to $50,000, listed together. This displays:


The WHERE description, SALARY >= 50000, is known as a condition (an operation which evaluates to True or False). The same can be done for text columns:


This displays the ID Numbers of all Managers. Generally, with text columns, stick to equal to or not equal to, and make sure that any text that appears in the statement is surrounded by single quotes (‘). Note: Position is now an illegal identifier because it is now an unused, but reserved, keyword in the SQL-92 standard.

Aggregate Functions

SQL has five important aggregate functions: SUM, AVG, MAX, MIN, and COUNT. They are called aggregate functions because they summarize the results of a query, rather than listing all of the rows.

  • SUM () gives the total of all the rows, satisfying any conditions, of the given column, where the given column is numeric.
  • AVG () gives the average of the given column.
  • MAX () gives the largest figure in the given column.
  • MIN () gives the smallest figure in the given column.
  • COUNT(*) gives the number of rows satisfying the conditions.

Looking at the tables at the top of the document, let’s look at three examples:


This query shows the total of all salaries in the table, and the average salary of all of the entries in the table.


This query gives the smallest figure of the Benefits column, of the employees who are Managers, which is 12500.


This query tells you how many employees have Staff status (3).

More Complex Conditions:
Compound Conditions / Logical Operators

The AND operator joins two or more conditions, and displays a row only if that row’s data satisfies ALL conditions listed (i.e. all conditions hold true). For example, to display all staff making over $40,000, use:


The OR operator joins two or more conditions, but returns a row if ANY of the conditions listed hold true. To see all those who make less than $40,000 or have less than $10,000 in benefits, listed together, use the following query:


AND & OR can be combined, for example:

WHERE POSITION = 'Manager' AND SALARY > 60000 OR BENEFITS > 12000;

First, SQL finds the rows where the salary is greater than $60,000 and the position column is equal to Manager, then taking this new list of rows, SQL then sees if any of these rows satisfies the previous AND condition or the condition that the Benefits column is greater than $12,000. Subsequently, SQL only displays this second new list of rows, keeping in mind that anyone with Benefits over $12,000 will be included as the OR operator includes a row if either resulting condition is True. Also note that the AND operation is done first.

To generalize this process, SQL performs the AND operation(s) to determine the rows where the AND operation(s) hold true (remember: all of the conditions are true), then these results are used to compare with the OR conditions, and only display those remaining rows where any of the conditions joined by the OR operator hold true (where a condition or result from an AND is paired with another condition or AND result to use to evaluate the OR, which evaluates to true if either value is true). Mathematically, SQL evaluates all of the conditions, then evaluates the AND “pairs”, and then evaluates the OR’s (where both operators evaluate left to right).

To look at an example, for a given row for which the DBMS is evaluating the SQL statement Where clause to determine whether to include the row in the query result (the whole Where clause evaluates to True), the DBMS has evaluated all of the conditions, and is ready to do the logical comparisons on this result:

True AND False OR True AND True OR False AND False

First simplify the AND pairs:

False OR True OR False

Now do the OR’s, left to right:

True OR False

The result is True, and the row passes the query conditions. Be sure to see the next section on NOT’s, and the order of logical operations. I hope that this section has helped you understand AND’s or OR’s, as it’s a difficult subject to explain briefly.

To perform OR’s before AND’s, like if you wanted to see a list of employees making a large salary ($50,000) or have a large benefit package ($10,000), and that happen to be a manager, use parentheses:

WHERE POSITION = 'Manager' AND (SALARY > 50000 OR BENEFITS > 10000);


An easier method of using compound conditions uses IN or BETWEEN. For example, if you wanted to list all managers and staff:

WHERE POSITION IN ('Manager', 'Staff');

or to list those making greater than or equal to $30,000, but less than or equal to $50,000, use:


To list everyone not in this range, try:


Similarly, NOT IN lists all rows excluded from the IN list.

Additionally, NOT’s can be thrown in with AND’s & OR’s, except that NOT is a unary operator (evaluates one condition, reversing its value, whereas, AND’s & OR’s evaluate two conditions), and that all NOT’s are performed before any AND’s or OR’s.

SQL Order of Logical Operations (each operates from left to right)

  1. NOT
  2. AND
  3. OR

Using LIKE

Look at the EmployeeStatisticsTable, and say you wanted to see all people whose last names started with “S”; try:


The percent sign (%) is used to represent any possible character (number, letter, or punctuation) or set of characters that might appear after the “S”. To find those people with LastName’s ending in “S”, use ‘%S’, or if you wanted the “S” in the middle of the word, try ‘%S%’. The ‘%’ can be used for any characters in the same position relative to the given characters. NOT LIKE displays rows not fitting the given description. Other possibilities of using LIKE, or any of these discussed conditionals, are available, though it depends on what DBMS you are using; as usual, consult a manual or your system manager or administrator for the available features on your system, or just to make sure that what you are trying to do is available and allowed. This disclaimer holds for the features of SQL that will be discussed below. This section is just to give you an idea of the possibilities of queries that can be written in SQL.


In this section, we will only discuss inner joins, and equijoins, as in general, they are the most useful.

Good database design suggests that each table lists data only about a single entity, and detailed information can be obtained in a relational database, by using additional tables, and by using a join.

First, take a look at these example tables:


OwnerID OwnerLastName OwnerFirstName
01 Jones Bill
02 Smith Bob
15 Lawson Patricia
21 Akins Jane
50 Fowler Sam


OwnerID ItemDesired
02 Table
02 Desk
21 Chair
15 Mirror


SellerID BuyerID Item
01 50 Bed
02 15 Table
15 02 Chair
21 50 Mirror
50 01 Desk
01 21 Cabinet
02 21 Coffee Table
15 50 Chair
01 15 Jewelry Box
02 21 Pottery
21 02 Bookcase
50 01 Plant Stand


First, let’s discuss the concept of keys. A primary key is a column or set of columns that uniquely identifies the rest of the data in any given row. For example, in the AntiqueOwners table, the OwnerID column uniquely identifies that row. This means two things: no two rows can have the same OwnerID, and, even if two owners have the same first and last names, the OwnerID column ensures that the two owners will not be confused with each other, because the unique OwnerID column will be used throughout the database to track the owners, rather than the names.

A foreign key is a column in a table where that column is a primary key of another table, which means that any data in a foreign key column must have corresponding data in the other table where that column is the primary key. In DBMS-speak, this correspondence is known as referential integrity. For example, in the Antiques table, both the BuyerID and SellerID are foreign keys to the primary key of the AntiqueOwners table (OwnerID; for purposes of argument, one has to be an Antique Owner before one can buy or sell any items), as, in both tables, the ID rows are used to identify the owners or buyers and sellers, and that the OwnerID is the primary key of the AntiqueOwners table. In other words, all of this “ID” data is used to refer to the owners, buyers, or sellers of antiques, themselves, without having to use the actual names.

Performing a Join

The purpose of these keys is so that data can be related across tables, without having to repeat data in every table–this is the power of relational databases. For example, you can find the names of those who bought a chair without having to list the full name of the buyer in the Antiques table…you can get the name by relating those who bought a chair with the names in the AntiqueOwners table through the use of the OwnerID, which relates the data in the two tables. To find the names of those who bought a chair, use the following query:


Note the following about this query…notice that both tables involved in the relation are listed in the FROM clause of the statement. In the WHERE clause, first notice that the ITEM = ‘Chair’ part restricts the listing to those who have bought (and in this example, thereby own) a chair. Secondly, notice how the ID columns are related from one table to the next by use of the BUYERID = OWNERID clause. Only where ID’s match across tables and the item purchased is a chair (because of the AND), will the names from the AntiqueOwners table be listed. Because the joining condition used an equal sign, this join is called an equijoin. The result of this query is two names: Smith, Bob & Fowler, Sam.

Dot notation refers to prefixing the table names to column names, to avoid ambiguity, as follows:


As the column names are different in each table, however, this wasn’t necessary. In general, you should always use Dot notation as when you change your database, some queries that did not use Dot notation may cease working because they become ambiguous.


One special use of GROUP BY is to associate an aggregate function (especially COUNT; counting the number of rows in each group) with groups of rows. First, assume that the Antiques table has the Price column, and each row has a value for that column. We want to see the price of the most expensive item bought by each owner. We have to tell SQL to group each owner’s purchases, and tell us the maximum purchase price:


Now, say we only want to see the maximum purchase price if the purchase is over $1000, so we use the HAVING clause:


DISTINCT and Eliminating Duplicates

Let’s say that you want to list the ID and names of only those people who have sold an antique. Obviously, you want a list where each seller is only listed once–you don’t want to know how many antiques a person sold, just the fact that this person sold one (for counts, see the Aggregate Function section below). This means that you will need to tell SQL to eliminate duplicate sales rows, and just list each person only once. To do this, use the DISTINCT keyword.

First, we will need an equijoin to the AntiqueOwners table to get the detail data of the person’s LastName and FirstName. However, keep in mind that since the SellerID column in the Antiques table is a foreign key to the AntiqueOwners table, a seller will only be listed if there is a row in the AntiqueOwners table listing the ID and names. We also want to eliminate multiple occurrences of the SellerID in our listing, so we use DISTINCT on the column where the repeats may occur (however, it is generally not necessary to strictly put the Distinct in front of the column name).

To throw in one more twist, we will also want the list alphabetized by LastName, then by FirstName (on a LastName tie). Thus, we will use the ORDER BY clause:


In this example, since everyone has sold an item, we will get a listing of all of the owners, in alphabetical order by last name. For future reference (and in case anyone asks), this type of join is considered to be in the category of inner joins.

Aliases & In/Subqueries

In this section, we will talk about Aliases, In and the use of subqueries, and how these can be used in a 3-table example. First, look at this query which prints the last name of those owners who have placed an order and what the order is, only listing those orders which can be filled (that is, there is a buyer who owns that ordered item):


This gives:

Last Name Item Ordered
--------- ------------
Smith     Table
Smith     Desk
Akins     Chair
Lawson    Mirror

There are several things to note about this query:

  1. First, the “Last Name” and “Item Ordered” in the Select lines gives the headers on the report.
  2. The OWN & ORD are aliases; these are new names for the two tables listed in the FROM clause that are used as prefixes for all dot notations of column names in the query (see above). This eliminates ambiguity, especially in the equijoin WHERE clause where both tables have the column named OwnerID, and the dot notation tells SQL that we are talking about two different OwnerID’s from the two different tables.
  3. Note that the Orders table is listed first in the FROM clause; this makes sure listing is done off of that table, and the AntiqueOwners table is only used for the detail information (Last Name).
  4. Most importantly, the AND in the WHERE clause forces the In Subquery to be invoked (“= ANY” or “= SOME” are two equivalent uses of IN). What this does is, the subquery is performed, returning all of the Items owned from the Antiques table, as there is no WHERE clause. Then, for a row from the Orders table to be listed, the ItemDesired must be in that returned list of Items owned from the Antiques table, thus listing an item only if the order can be filled from another owner. You can think of it this way: the subquery returns a set of Items from which each ItemDesired in the Orders table is compared; the In condition is true only if the ItemDesired is in that returned set from the Antiques table.
  5. Also notice, that in this case, that there happened to be an antique available for each one desired…obviously, that won’t always be the case. In addition, notice that when the IN, “= ANY”, or “= SOME” is used, that these keywords refer to any possible row matches, not column matches…that is, you cannot put multiple columns in the subquery Select clause, in an attempt to match the column in the outer Where clause to one of multiple possible column values in the subquery; only one column can be listed in the subquery, and the possible match comes from multiple row values in that one column, not vice-versa.

More Subqueries

Another common usage of subqueries involves the use of operators to allow a Where condition to include the Select output of a subquery. First, list the buyers who purchased an expensive item (the Price of the item is $100 greater than the average price of all items purchased):


The subquery calculates the average Price, plus $100, and using that figure, an OwnerID is printed for every item costing over that figure. One could use DISTINCT BUYERID, to eliminate duplicates.

List the Last Names of those in the AntiqueOwners table, ONLY if they have bought an item:


The subquery returns a list of buyers, and the Last Name is printed for an Antique Owner if and only if the Owner’s ID appears in the subquery list (sometimes called a candidate list). Note: on some DBMS’s, equals can be used instead of IN, but for clarity’s sake, since a set is returned from the subquery, IN is the better choice.

For an Update example, we know that the gentleman who bought the bookcase has the wrong First Name in the database…it should be John:


WHERE ITEM = 'Bookcase');
First, the subquery finds the BuyerID for the person(s) who bought the Bookcase, then the outer query updates his First Name.

Remember this rule about subqueries: When you have a subquery as part of a WHERE condition, the Select clause in the subquery must have columns that match in number and type to those in the Where clause of the outer query. In other words, if you have “WHERE ColumnName = (SELECT...);“, the Select must have only one column in it, to match the ColumnName in the outer Where clause, and they must match in type (both being integers, both being character strings, etc.).

Adding, Modifying, and Deleting Data

Adding Data

To insert rows into a table, do the following:

INSERT INTO ANTIQUES VALUES (21, 01, 'Ottoman', 200.00);

This inserts the data into the table, as a new row, column-by-column, in the pre-defined order. Instead, let’s change the order and leave Price blank:

VALUES (01, 21, 'Ottoman');

Deleting Data

Let’s delete this new row back out of the database:

WHERE ITEM = 'Ottoman';

But if there is another row that contains ‘Ottoman’, that row will be deleted also. Let’s delete all rows (one, in this case) that contain the specific data we added before:


Updating Data

Let’s update a Price into a row that doesn’t have a price listed yet:


This sets all Chair’s Prices to 500.00. As shown above, more WHERE conditionals, using AND, must be used to limit the updating to more specific rows. Also, additional columns may be set by separating equal statements with commas.

Modifying the Database

Creating New Tables

All tables within a database must be created at some point in time…let’s see how we would create the Orders table:


This statement gives the table name and tells the DBMS about each column in the table. Please note that this statement uses generic data types, and that the data types might be different, depending on what DBMS you are using. As usual, check local listings. Some common generic data types are:


  • Char(x) – A column of characters, where x is a number designating the maximum number of characters allowed (maximum length) in the column.
  • Integer – A column of whole numbers, positive or negative.
  • Decimal(x, y) – A column of decimal numbers, where x is the maximum length in digits of the decimal numbers in this column, and y is the maximum number of digits allowed after the decimal point. The maximum (4,2) number would be 99.99.
  • Date – A date column in a DBMS-specific format.
  • Logical – A column that can hold only two values: TRUE or FALSE.

One other note, the NOT NULL means that the column must have a value in each row. If NULL was used, that column may be left empty in a given row.

Altering Tables

Let’s add a column to the Antiques table to allow the entry of the price of a given Item (Parentheses optional):


The data for this new column can be updated or inserted as shown later.


Indexes allow a DBMS to access data quicker (please note: this feature is nonstandard/not available on all systems). The system creates this internal data structure (the index) which causes selection of rows, when the selection is based on indexed columns, to occur faster. This index tells the DBMS where a certain row is in the table given an indexed-column value, much like a book index tells you what page a given word appears. Let’s create an index for the OwnerID in the AntiqueOwners table:


Now on the names:


To get rid of an index, drop it:


By the way, you can also “drop” a table, as well (careful!–that means that your table is deleted). In the second example, the index is kept on the two columns, aggregated together–strange behavior might occur in this situation…check the manual before performing such an operation.

Some DBMS’s do not enforce primary keys; in other words, the uniqueness of a column is not enforced automatically. What that means is, if, for example, I tried to insert another row into the AntiqueOwners table with an OwnerID of 02, some systems will allow me to do that, even though we do not, as that column is supposed to be unique to that table (every row value is supposed to be different). One way to get around that is to create a unique index on the column that we want to be a primary key, to force the system to enforce prohibition of duplicates:




Cause No. 0
This is usually given by the router when none of the other codes apply. This cause usually occurs in the same type of situations as cause 1, cause 88, and cause 100.

Cause No. l – Unallocated (unassigned) number.
This cause indicates that the destination requested by the calling user cannot be reached because, although the number is in a valid format, it is not currently assigned (allocated).

What it usually means:

  1. The SPIDS may be incorrectly entered in the router or the Telco switch, giving a SPID failure in the router logs.
  2. The ISDN phone number being dialed by the router is invalid and the telco switch cannot locate the number to complete the call, as it is invalid.
  3. On long distance calls, the call cannot be properly routed to its destination.

Cause No. 2 – No route to specified transit network (national use).
This cause indicates that the equipment sending this cause has received a request to route the call through a particular transit network which it does not recognize. The equipment sending this cause does not recognize the transit network either because the transit network does not exist or because that particular transit network not serve the equipment which is sending this cause.

Cause No. 3 – No route to destination.
This cause indicates that the called party cannot be reached because the network through which the call has been routed does not serve the destination desired. This cause is supported on a network dependent basis.

Cause No. 4 – send special information tone.
This cause indicates that the called party cannot be reached for reasons that are of a long term nature and that the special information tone should be returned to the calling party.

Cause No. 5 – misdialed trunk prefix (national use).
This cause indicates the erroneous inclusion of a trunk prefix in the called party number. This number is to sniped from the dialed number being sent to the network by the customer premises equipment.

Cause No. 6 – channel unacceptable.
This cause indicates that the channel most recently identified is not acceptable to the sending entity for use in this call.

Cause No. 7 – call awarded. being delivered in an established channel.
This cause indicates that the user has been awarded the incoming call and that the incoming call is being connected to a channel already established to that user for similar calls (e.g. packet-mode x.25 virtual calls).

Cause No. 8 – preemption.
This cause indicates the call is being preempted.

Cause No. 9 – preemption – circuit reserved for reuse.
This cause indicates that the call is being preempted and the circuit is reserved for reuse by the preempting exchange.

Cause No. 16 – normal call clearing.
This cause indicates that the call is being cleared because one of the users involved in the call has requested that the call be cleared.

What it means:
This could be almost anything; it is the vaguest of the cause codes. The call comes down normally, but the reasons for it could be:

  1. Bad username or password
  2. Router’s settings do not match what is expected by the remote end.
  3. Telephone line problems.
  4. Hung session on remote end.

Cause No. 17 – user busy.
This cause is used to indicate that the called party is unable to accept another call because the user busy condition has been encountered. This cause value may be generated by the called user or by the network. In the case of user determined user busy it is noted that the user equipment is compatible with the call.

What is means:
Calling end is busy.
Cause No. 18 – no user responding.
This cause is used when a called party does not respond to a call establishment message with either an alerting or connect indication within the prescribed period of time allocated.

What it means:
The equipment on the other end does not answer the call. Usually this is a misconfiguration on the equipment being called.
Cause No. 19 – no answer from user (user alerted).
This cause is used when the called party has been alerted but does not respond with a connect indication within a prescribed period of time. Note – This cause is not necessarily generated by Q.931 procedures but may be generated by internal network timers.

Cause No. 20 – subscriber absent.
This cause value is used when a mobile station has logged off. Radio contact is not obtained with a mobile station or if a personal telecommunication user is temporarily not addressable at any user-network interface.

Cause No. 21 – call rejected.
This cause indicates that the equipment sending this cause does not wish to accept this call. although it could have accepted the call because the equipment sending this cause is neither busy nor incompatible. This cause may also be generated by the network, indicating that the call was cleared due to a supplementary service constraint. The diagnostic field may contain additional information about the supplementary service and reason for rejection.

What it means:
This is usually a telco issue. The call never reaches the final destination, which can be caused by a bad switch translation, or a misconfiguration on the equipment being called.
Cause No. 22 – number changed.
This cause is returned to a calling party when the called party number indicated by the calling party is no longer assigned. The new called party number may optionally be included in the diagnostic field. If a network does not support this cause, cause no. 1, unallocated (unassigned) number shall be used.

Cause No. 26 – non-selected user clearing.
This cause indicates that the user has not been awarded the incoming call.

Cause No. 27 – destination out of order.
This cause indicates that the destination indicated by the user cannot be reached because the interface to the destination is not functioning correctly. The term “not functioning correctly” indicates that a signal message was unable to be delivered to the remote party; e.g., a physical layer or data link layer failure at the remote party or user equipment off-line.

Cause No. 28 – invalid number format (address incomplete).
This cause indicates that the called party cannot be reached because the called party number is not in a valid format or is not complete.

Cause No. 29 – facilities rejected.
This cause is returned when a supplementary service requested by the user cannot be provide by the network.

Cause No. 30 – response to STATUS INQUIRY.
This cause is included in the STATUS message when the reason for generating the STATUS message was the prior receipt of a STATUS INQUIRY.

Cause No. 31 – normal. unspecified.
This cause is used to report a normal event only when no other cause in the normal class applies.

Cause No. 34 – no circuit/channel available.
This cause indicates that there is no appropriate circuit/channel presently available to handle the call.

What it means:
There is no place on the Public Telephone network to place the call; the call never gets to its destiation. This is usually a temporary problem.
Cause No. 35 – Call Queued.

Cause No. 38 – network out of order.
This cause indicates that the network is not functioning correctly and that the condition is likely to last a relatively long period of time e.g., immediately re-attempting the call is not likely to be successful.

Cause No. 39 – permanent frame mode connection out-of-service.
This cause is included in a STATUS message to indicate that a permanently established frame mode connection is out-of-service (e.g. due to equipment or section failure)

Cause No. 40 – permanent frame mode connection operational.
This cause is included in a STATUS message to indicate that a permanently established frame mode connection is operational and capable of carrying user information.

Cause No. 41 – temporary failure.

This cause indicates that the network is not functioning correctly and that the condition is no likely to last a long period of time; e.g., the user may wish to try another call attempt almost immediately.

What it means:
This means that there is a temporary failure at the physical layer on the ISDN network. If you remove the ISDN cable from the Netopia, you would see this. It’s usually temporary.
Cause No. 42 – switching equipment congestion.
This cause indicates that the switching equipment generating this cause is experiencing a period of high traffic.

What it means:
Just too much going on at this point on the ISDN network to get the call through to its destination.
Cause No. 43 – access information discarded.
This cause indicates that the network could not deliver access information to the remote user as requested. i.e., user-to-user information, low layer compatibility, high layer compatibility or sub-address as indicated in the diagnostic. It is noted that the particular type of access information discarded is optionally included in the diagnostic.

Cause No. 44 – requested circuit/channel not available.
This cause is returned when the circuit or channel indicated by the requesting entity cannot be provided by the other side of the interface.

Cause No. 46 – precedence call blocked.
This cause indicates that there are no predictable circuits or that the called user is busy with a call of equal or higher preventable level.

Cause No. 47 – resource unavailable, unspecified.
This cause is used to report a resource unavailable event only when no other cause in the resource unavailable class applies.

Cause No. 49 – Quality of Service not available.
This cause is used to report that the requested Quality of Service, as defined in Recommendation X.213. cannot be provided (e.g., throughput of transit delay cannot be supported).

Cause No. 50 – requested facility not subscribed.
This cause indicates that the user has requested a supplementary service which is implemented by the equipment which generated this cause but the user is not authorized to use.

What it means:
The switch looks at the number being dialed and thinks it is for another service rather than ISDN. If the phone number is put in the correct format, the call should be placed properly. There are no standards for this, all Telcos have their own system for programming the number formats that the switches will recognize. Some systems want to see 7 digits, some 10, and others 11.
Cause No. 52 – outgoing calls barred.

Cause No. 53 – outgoing calls barred within CUG.
This cause indicates that although the calling party is a member of the CUG for the outgoing CUG call. Outgoing calls are not allowed for this member of the CUG.

Cause No. 54 – incoming calls barred

Cause No. 55 – incoming calls barred within CUG.
This cause indicates that although the calling party is a member of the CUG for the incoming CUG call. Incoming calls are not allowed for this member of the CUG.

Cause No. 57 – bearer capability not authorized.
This cause indicates that the user has requested a bearer capability which is implemented by the equipment which generated this cause but the user is not authorized to use.

Cause No. 58 – bearer capability not presently available.
This cause indicates that the user has requested a bearer capability which is implemented by the equipment which generated this cause but which is not available at this time.

Cause No. 62 – inconsistency in outgoing information element.
This cause indicates an inconsistency in the designated outgoing access information and subscriber class.

Cause No. 63 – service or option not available. unspecified.
This cause is used to report a service or option not available event only when no other cause in the service or option not available class applies.

Cause No. 65 – bearer capability not implemented.
This cause indicates that the equipment sending this cause does not support the bearer capability requested.

What it means:

  1. In most cases, the number being called is not an ISDN number but an analog destination.
  2. The equipment is dialing at a faster rate than the circuitry allows, for example, dialing at 64K when only 56K is supported.

Cause No. 66 – channel type not implemented.
This cause indicates that the equipment sending this cause does not support the channel type requested.

Cause No. 69 – requested facility not implemented.
This cause indicates that the equipment sending this cause does not support the requested supplementary services.

Cause No. 70 – only restricted digital information bearer capability is available.
This cause indicates that the calling party has requested an unrestricted bearer service but the equipment sending this cause only supports the restricted version of the requested bearer capability.

Cause No. 79 – service or option not implemented unspecified.
This cause is used to report a service or option not implemented event only when no other cause in the service or option not implemented class applies.

Cause No. 81 – invalid call reference value.
This cause indicates that the equipment sending this cause has received a message with a call reference which is not currently in use on the user-network interface.

Cause No. 82 – identified channel does not exist.
This cause indicates that the equipment sending this cause has received a request to use a channel not activated on the interface for a call. For example, if a user has subscribed to those channels on a primary rate interface numbered from l to 12 and the user equipment or the network attempts to use channels 3 through 23, this cause is generated.

Cause No. 83 – a suspended call exists, but this call identify does not. This cause indicates that a call resume has been attempted with a call identity which differs from that in use for any presently suspended call(s).

Cause No. 84 – call identity in use.
This cause indicates that the network has received a call suspended request containing a call identity (including the null call identity) which is already in use for a suspended call within the domain of interfaces over which the call might be resumed.

Cause No. 85 – no call suspended.
This cause indicates that the network has received a call resume request containing a call identity information element which presently does not indicate any suspended call within the domain of interfaces over which calls may be resumed.

Cause No. 86 – call having the requested call identity has been cleared.
This cause indicates that the network has received a call resume request containing a call identity information element indicating a suspended call that has in the meantime been cleared while suspended (either by network time-out or by the remote user).

Cause No. 87 – user not a member of CUG.
This cause indicates that the called user for the incoming CUG call is not a member of the specified CUG or that the calling user is an ordinary subscriber calling a CUG subscriber.

Cause No. 88 – incompatible destination.
This cause indicates that the equipment sending this cause has received a request to establish a call which has low layer compatibility. high layer compatibility or other compatibility attributes (e.g., data rate) which cannot be accommodated.

What it means:

  1. This usually means that the Number To Dial in the Connection Profile is in the wrong format. You may need to dial a 10 or 11 digit number, or dial a 9 in front of the number if it is a Centrex line.
  2. This problem may also give a Cause 111.
  3. Dialing at the wrong line speed can also give this Cause.

Cause No. 90 – non-existent CUG.
This cause indicates that the specified CUG does not exist.

Cause No. 91 – invalid transit network selection (national use).
This cause indicates that a transit network identification was received which is of an incorrect format as defined in Annex C/Q.931

Cause No. 95 – invalid message, unspecified.
This cause is used to report an invalid message event only when no other cause in the invalid message class applies.

Cause No. 96 – mandatory information element is missing.
This cause indicates that the equipment sending this cause has received a message which is missing an information element which must be present in the message before that message can be processed.

What it means:
This is rarely seen in North America but usually means that the number that is being dialed is in the wrong format, (similar to cause 88). Some part of the format being used is not understood by either the remote side equipment or the switching equipment between the source and destination of the call.
Cause No. 97 – message type non-existent or not implemented.
This cause indicates that the equipment sending this cause has received a message with a message type it does not recognize either because this is a message not defined of defined but not implemented by the equipment sending this cause.

Cause No. 98 – message not compatible with call state or message type non-existent.
This cause indicates that the equipment sending this cause has received a message such that the procedures do not indicate that this is a permissible message to receive while in the call state, or a STATUS message was received indicating an incompatible call state.

Cause No. 99 – Information element / parameter non-existent or not implemented.
This cause indicates that the equipment sending this cause has received a message which includes information element(s)/parameter(s) not recognized because the information element(s)/parameter name(s) are not defined or are defined but not implemented by the equipment sending the cause. This cause indicates that the information element(s)/parameter(s) were discarded. However, the information element is not required to be present in the message in order for the equipment sending the cause to process the message.

Cause No. 100 – Invalid information element contents.
This cause indicates that the equipment sending this cause has received and information element which it has implemented; however, one or more of the fields in the information element are coded in such a way which has not been implemented by the equipment sending this cause.

What it means:
Like cause 1 and cause 88, this usually indicates that the ISDN number being dialed is in a format that is not understood by the equipment processing the call. SPIDs will sometimes fail to initialize with a Cause 100, or a call will fail with this cause.
Cause No. 101 – message not compatible with call state.
This cause indicates that a message has been received which is incompatible with the call state.

Cause No. 102 – recovery on timer expiry.
This cause indicates that a procedure has been initiated by the expiration of a timer in association with error handling procedures.

What it means:
This is seen in situations where ACO (Alternate Call Offering) is being used. With this type of call pre-emption, the Telco switch operates a timer. For example, when an analog call is placed to a Netopia router that has two B Data Channels in place, the router relinquishes the second channel, but if it doesn’t happen in the time allotted by the switch programming, the call will not ring through and will be discarded by the switch.
Cause No. 103 – parameter non-existent or not implemented – passed on (national use).
This cause indicates that the equipment sending this cause has received a message which includes parameters not recognized because the parameters are not defined or are defined but not implemented by the equipment sending this cause. The cause indicates that the parameter(s) were ignored. In addition, if the equipment sending this cause is an intermediate point, then this cause indicates that the parameter(s) were passed unchanged.

Cause No. 110 – message with unrecognized parameter discarded.
This cause indicates that the equipment sending this cause has discarded a received message which includes a parameter that is not recognized.

Cause No. 111 – protocol error, unspecified.
This cause is used to report a protocol error event only when no other cause in the protocol error class applies.

Cause No. 127 – Intel-working, unspecified.
This cause indicates that an interworking call (usually a call to 5W56 service) has ended.

Notes about Cause Codes over 128
Cause code values of 128 and higher aren’t sent over the network. A terminal displaying a value 128 or higher and claiming it is a cause code arguably has a bug or is implementing some proprietary diagnostic code (not necessarily bad). Some commendation has cause codes listed with numbers higher than 128, but at this time they are proprietary in nature.

The PRI equipment vendors are the most likely to use these codes as they have been using proprietary messages in the facilities data link for some time now (there is an as yet undefined area in the FDL which is big enough to carry small datagrams or messages). It is typically used to pass proprietary control or maintenance messages between multiplexers.

Como ativar a hibernação no Ubuntu 14.04

No Ubuntu 14.04, a hibernação vem desabilitada por padrão, mas felizmente, existe um modo de ativá-la. Veja aqui como fazer isso.
Normalmente quando o computador hiberna, todos os seus aplicativos e documentos são salvos e o computador desliga completamente, mas quando você liga o computador novamente, os aplicativos e documentos ainda serão abertos como estavam. Se isso não ocorre, você pode perder muita coisa. Este tutorial irá mostrar como ativar o recurso de hibernação no Ubuntu 14.04 Trusty Tahr, para que você possa trabalhar mais tranquilamente.

Teste se a hibernação funciona no seu PC

Antes de fazer qualquer modificação no Ubuntu, é importante checar se a hibernação funcionará em seu equipamento. Para isso, abra um terminal (Usando o Dash ou pressionando as teclas CTRL+ALT+T) e digite o comando:

Depois que o computador for desligado, ligue-o novamente e veja se seus aplicativos que estavam abertos irão reabrir. Se a hibernação não funcionar, verifique se a sua partição swap é pelo menos tão grande quanto a sua memória RAM disponível.

Ativando a opção “Hibernar” no menu do Ubuntu

Para ativar a opção “Hibernar” no menu do Ubuntu, faça o seguinte:
Passo 1. Abra um terminal (Usando o Dash ou pressionando as teclas CTRL+ALT+T)
Passo 2. Torne-se administrador com o comando:

Passo 3. Vá para a pasta do sistema onde ficará a configuração:

Passo 4. Crie um arquivo de configuração, chamando o gedit:

Passo 5. Com o arquivo aberto, copie as linhas a seguir e cole dentro do arquivo;

Passo 6. Salve o arquivo e feche-o.
Passo 7. Reinicie o computador e a opção já estará disponível no menu do sistema.

Colocando seu laptop para hibernar quando a tampa for fechada

Para deixar a hibernação completa, é preciso configurar o recurso para ser ativado quando a tampa do seus laptop for fechada. Para isso, faça o seguinte:
Passo 1. Abra um terminal (Usando o Dash ou pressionando as teclas CTRL+ALT+T)
Passo 2. Edite o arquivo de configuração /etc/systemd/logind.conf usando o comando:

Passo 3. Altere a linha #HandleLidSwitch=suspend para HandleLidSwitch=hibernate e salve o arquivo;
Passo 4. Execute o comando abaixo ou simplesmente reinicie o computador, para aplicar as alterações;

Pronto! Agora você já pode usar seu equipamento com mais tranquilidade, sem ficar se preocupando com seus documentos.

Via UbuntuHandbook

Uma Introdução Básica ao SoX

O que é o SoX?

SoX (Sound eXchange) é, como o autor o chama, o “canivete Suíço dos programas de processamento de som”. Ele é gratuito, livre/de código aberto e roda em Windows, Mac e Linux.

O SoX pode reproduzir, gravar, converter, editar, dividir, combinar e aplicar vários efeitos a arquivos de áudio de muitos formatos diferentes.

Formatos Suportados

Em uma instalação padrão do Slackware Linux 13.37, os formatos suportados pelo SoX são:

8svx, aif, aifc, aiff, aiffc, al, amb, au, avr, caf, cdda, cdr, cvs, cvsd, cvu, dat, dvms, f32, f4, f64, f8, fap, flac, fssd, gsm, gsrt, hcom, htk, ima, ircam, la, lpc, lpc10, lu, mat, mat4, mat5, maud, mp2, mp3, nist, ogg, paf, prc, pvf, raw, s1, s16, s2, s24, s3, s32, s4, s8, sb, sd2, sds, sf, sl, smp, snd, sndfile (formatos suportados pela biblioteca Libsndfile), sndr, sndt, sou, sox ( formato interno), sph, sw, txw, u1, u16, u2, u24, u3, u32, u4, u8, ub, ul, uw, vms, voc, vorbis, vox, w64, wav, wavpcm, wv, wve, xa, xi

E mais alguns outros caso as bibliotecas associadas estejam instaladas.

Apenas alguns dos efeitos suportados:

bandpass (filtro passa-banda), chorus, delay, echo (eco), equalizer (equalizador), fade (fade in e out), highpass (filtro passa-alta), lowpass (filtro passa-baixa), pitch (altera apenas o tom), reverb (reverberação), reverse (inversão), riaa, speed (altera a velocidade e o tom), synth (gera formas básicas de onda), tempo (altera apenas a velocidade), tremolo, trim, vocoder

Para uma lista completa de formatos, efeitos e outras características, visite esta página (em Inglês).


Versões para Windows e Mac podem ser baixadas diretamente da página oficial de download. Para Linux, o SoX pode ser compilado do código-fonte (disponível na mesma página), ou instalado via repositórios de pacotes para distribuições específicas. No caso do Slackware (a distribuição Linux que eu uso), ele é instalado por padrão embora o suporte a geração de arquivos MP3 venha desabilitado, o que pode ser resolvido apenas executando novamente o script (SlackBuild) para compilá-lo, depois reinstalá-lo.

Programas Inclusos

O SoX é uma ferramenta para linha de comando e vem com alguns mini programas (comandos) para execução de diferentes tarefas:


Reproduz arquivos de áudio nos formatos suportados, além de aplicar efeitos durante a reprodução caso desejado.


Grava de um dispositivo (microfone, placa de som etc) para um arquivo em um dos formatos suportados.


Exibe informações sobre arquivos de áudio nos formatos suportados.


É comumente usado para processar arquivo (s) e salvar os resultados em outro arquivo, mas na verdade ele é o núcleo do “play”, do “rec” e do “soxi”.

Exemplos Básicos de Uso

Nota: estes exemplos foram executados no Linux, não sei se há diferenças nos comandos para outros sistemas.

Exibir Informações Sobre Arquivos

  1. Exibe informações como tamanho, duração, codificação, taxa de bits (bitrate), número de canais, taxa de amostragem (sample rate), comentários etc. de um arquivo chamado “musica.mp3”:$ soxi musica.mp3
  2. Exibe apenas a duração do arquivo acima:$ soxi -d musica.mp3

Reproduzindo Arquivos

  1. Toca um arquivo chamado “exemplo.mp3”:$ play exemplo.mp3
  2. Toca um arquivo chamado “exemplo.mp3” com um efeito de reverberação (reverb):$ play exemplo.mp3 reverb
  3. Reproduz o arquivo “exemplo.mp3” de trás para frente:$ play exemplo.mp3 reverse
  4. Reproduz apenas os primeiros cinco segundos de “exemplo.mp3”:$ play exemplo.mp3 trim 0 5
  5. Toca o arquivo “exemplo.mp3”, do quinto segundo em diante:$ play exemplo.mp3 trim 5

Nota: existem opções para controlar os parâmetros de reverb, trim etc., bem como vários outros efeitos. Leia a seção “Obtendo Ajuda” abaixo para mais informações.


Captura o som do dispositivo de gravação padrão (por exemplo, um microfone) e salva em um arquivo chamado “exemplo.wav”:

Nota: primeiro você precisa definir o dispositivo de gravação (por exemplo, nas configurações de som no Windows, ou com programas como “alsamixer” ou “aumix” no Linux).

Pausando e Continuando

Para pausar a reprodução ou gravação, pressione Ctrl-z. O SoX vai pausar e ficar em segundo plano (background). Para retomar de onde parou e colocá-lo novamente em primeiro plano (foreground), digite o comando:

Nota: não sei se isso funciona da mesma forma (nem como/se funciona) no Windows.

Processamento e Conversão de arquivos

Estes comandos processam arquivo(s) e salvam o resultado em outro arquivo, até mesmo convertendo-o para outro formato.

  1. Converte um arquivo chamado “exemplo.wav” para “exemplo.mp3”:$ sox exemplo.wav exemplo.mp3
  2. Aplica um efeito de reverb (com os parâmetros padrões do SoX) ao arquivo “exemplo1.wav” e salva o resultado em “exemplo2.wav”:$ sox exemplo1.wav exemplo2.wav reverb
  3. Une os arquivos “exemplo-parte1.flac” e “exemplo-parte2.flac” para formar “exemplo-completo.flac”:$ sox exemplo-parte1.flac exemplo-parte2.flac exemplo-completo.flac
  4. Salva os primeiros cinquenta segundos de “exemplo1.mp3” para “exemplo2.ogg”:$ sox exemplo1.mp3 exemplo2.ogg trim 0 50
  5. Mescla (para que toquem simultaneamente) uma música de fundo (“musica.mp3”) com uma gravação de voz (“discurso.wav”), produzindo “apresentacao.ogg”:$ sox -m musica.mp3 discurso.wav apresentacao.ogg
  6. Mescla o fundo (“musica.mp3”) na metade do volume e a voz (“discurso.wav”) com o dobro de volume, produzindo “apresentacao.ogg”:$ sox -m -v0.5 musica.mp3 -v2 discurso.wav apresentacao.ogg

Dica: se quiser “pré-visualizar” (ou seria “pré-ouvir”?) os efeitos sem alterar o arquivo, você pode usar o “play” para aplicar os efeitos e ouvir:

Ajuste os parâmetros (neste exemplo, o volume, que é o número após a opção “-v”) até encontrar os valores que julgar apropriados, então substitua o comando “play” por “sox” e especifique um arquivo de saída. Exemplo:

Gerando Áudio

O SoX também pode gerar algumas formas básicas de áudio como ondas senoidais (sine waves), triangulares (triangular waves), quadradas (square waves) e “dente de serra” (sawtoot waves), além de algumas outras coisas como ruído “branco” (“white” noise), “marrom” (“brown” noise) e “rosa” (“pink” noise).

  1. Este comando reproduz uma onda senoidal em 440Hz (a nota Lá/A4) durante um segundo. O ganho (e volume do som) é diminuído para não ficar muito alto:$ play -n synth 1 sine 440 gain -10
  2. Este faz a mesma coisa, mas usa o nome da nota em vez da frequência:$ play -n synth 1 sine A4 gain -10
  3. Este outro comando salva o som para um arquivo chamado “senoide.wav” em vez de tocá-lo:$ sox -n senoide.wav synth 1 sine A4 gain -10

Suprimindo Informações

Se a quantidade de texto exibida na tela incomodar, você pode usar a opção “-q” para que o SoX não exiba nenhuma informação, exceto alertas e erros. Isso funciona tanto com o “play”, quanto com o “rec” e o “sox”. Exemplo:

Obtendo Ajuda

Para mostrar todos os comandos do SoX, formatos e efeitos, digite:

Para “play”, “rec” e “soxi”, digite “play –help”, “rec –help” e “soxi –help”, respectivamente.

Nota: a ajuda é praticamente a mesma para o “sox”, o “play” e o “rec”, exceto pela ordem dos arquivos de entrada/saída e efeitos.

Há também os manuais do usuário (em Inglês), com explicações mais detalhadas dos comandos, parâmetros de efeito e exemplos. No Linux, se os manuais estiverem instalados, você pode lê-los offline digitando

para os manuais do “sox”, do “play” e do “rec”,

para todas as opções relacionadas aos formatos de arquivo suportados e

para o manual do “soxi”. Há também o

para aqueles que querem mexer com código e a biblioteca da engine do SoX.

Você também pode ler os manuais online na página de documentação do SoX.

Links Externos

Site oficial do SoX (em Inglês)



Gustavo Franco Pabx – Linux – Cisco – Juniper – Asterisk – VoIP – Redes – Telefonia