Wednesday, October 11, 2006

lsof Identify Resource Locked Process

Samba server comes with a handy utility called smbstatus to report users who are holding the shared resources.

Utilities used to find out processes that are locking system resources are among the most wanted system utilities for experienced users and system administrators. The lsof being one of such excellent utility that used to identify process or user that is locking system resource such as file or network socket.

For example, a system administrator could use the lsof -i to easily understand how the IBM MQ server communicate over the TCP/IP network with IBM Informix server. The lsof output, as in the diagram below, shows that the Informix oninit is listening to a user defined mnemonic port name stp which the IBM MQ server communicate with. The /etc/services system files is usually used to map a numeric port number to a descriptive port name defined by user.

The Linux lsof utility used to find out process or user that locks a system resource such as file or network socket

  1. Execute lsof -i TCP to report all processes that are accessing the TCP sockets found on the system

  2. Execute lsof -i tcp:8080 to find out what process is holding TCP port 8080.

  3. Execute lsof without any command options to list system wide resources that are using by processes running in the system.

  4. Execute lsof -p 456 to show all resources that are being held by process id 456

  5. Some programs might running on the Linux system by more than one instance. In this case, type lsof -c ProgramName instead of lsof -p PID to get a broader scope of view. For example, lsof -c squid to find out what are the resources held by all squid processes running on the system.

  6. Execute lsof -u keith to confirm resources that are being held by user id keith

  7. Execute lsof /home/keith/secretfile to find out what are the processes that are locking the specify file /home/keith/secretfile
Related information:
  • Another utility called fuser has similar features as of lsof utility. Executing fuser -m /media/cdrom will report all process id that are holding the specify resource.

    Each of the process id suffix with an ASCII character code which represent the resource access type. These resource access type codes are not standardize among various Linux distributions. To be safe and accurate, always consult the fuser man page to confirm the code definitions.

    To check out what process ID is using TCP port 8080, execute the fuser as fuser -n tcp 8080 or fuser 8080/tcp

  • The native network related Linux command netstat is a good tool to find out what program or command is binding to a TCP and UDP port. For example, there are Bind, Djbdns, etc, used to bind with port 53 for DNS protocol. By executing netstat command as

    netstat -tulap

    will shows both the program and process id that bind to the network port. The diagram below shows the commands output of lsof vs netstat.

    netstat vs lsof

    Both of the commands displaying pseudo port name instead of numeric port number, where the mapping of pseudo port name and numeric port number is defined in /etc/services file.

    The netstat command, however, able to display numeric port and IP address with -n option switch. For example, rewrite the command as netstat -tulapn

    Note! Both netstat -tulap and lsof -i MUST be executed with root user account privileges, else nothing as those in the diagram above will be seen.

  • Search more related info with Google Search engine built-in

Tuesday, October 10, 2006

Repair Corrupted Windows Boot.ini

Boot up to Windows Recovery Console and execute command bootcfg to repair corrupted or recreate missing Windows boot.ini file.

The bootcfg command able to scan hard disks for installation of Windows NT 4.0 and above and then add them to existing boot.ini file. The command also able to rebuild a new boot.ini file if one does not exist.

A brief of bootcfg command usage and syntax

  • bootcfg /add scans the computer for Windows systems installed (for example Windows 2000 and Windows XP in a dual boot setup), displays the results to choose and add it to the Boot menu.
  • bootcfg /rebuild iterates through all Windows installations found in the PC, allows user to specify which installations to rebuild the boot.ini file.
  • bootcfg /list reads the boot.ini file and displays the operating system identifier, the operating system load options, and the operating system location (path).
Related information:
  • The bootcfg command syntax and usages
  • Search more related info with Google Search engine built-in

Sending Windows Console Message

Windows Me or 9x comes with one handy network chatting program called Winpopup. Simple GUI allows user at one computer to chat over the network with counterparts sitting at another networked Windows.

However, there is not similar Winpopup replacement for Windows 2000 and above. There are two ways to send a message, better known as console message or Windows Alerts, to networked system running Windows 2000 and above.

  1. Via the Computer Management window

    1. Right-click on the My Computer icon on Desktop
    2. Click on the Manage option from the pop up context menu
    3. Click on the Action menu of Computer Management window
    4. Goto All Tasks option
    5. Click on the Send Console Message... option to call up Send Console Message window.

      Sending console message or Windows Alerts via the Send Console Message GUI.

  2. Via Command Prompt

    1. Click on the Start button
    2. Click on the Program menu
    3. Click on the Accessories menu
    4. Click on the Command Prompt application
    5. At the Command Prompt window, type

      net send 192.168.1.2 "testing messages"

      to send a messages "testing messages" to PC with 192.168.1.2 IP address.

      It is possible to replace IP address with DNS name or domain name to send console message to all workstations of the said domain.
    6. Type net help send for more syntax and usage information.

Related information:
  • Search more related info with Google Search engine built-in

Restart VNC Remotely

Opsss! Can't VNC over to remote hosts!

Might need to restart the VNC server, but how?

  • Restart Windows-based (Windows 2000 and above) VNC server

    1. Right-click the My Computer icon on Desktop

    2. Click the Manage option from the pop up context menu

    3. Click the Action menu of the Computer Management windows

    4. Click the Connect to another computer... option

    5. Type the IP address or DNS name of the target PC running the VNC server

    6. Enter the login authentication info when prompt

    7. After connect successfully, click the Services and Applications on the left panel.

    8. Click the Services option

    9. Search for VNC Server service on the right panel, right-click on it, and click Restart option to restart the VNC server.

  • Restart Linux-base VNC daemon

    1. Telnet or ssh over to target host that running the VNC daemon

    2. Type the command vncserver -kill:1 to kill the VNC daemon running on DISPLAY:1, for example.

    3. Type vncserver :1 to bring up the VNC daemon running on DISPLAY:1 again.

    4. To ensure VNC daemon startup listening for connection, type

      netstat -ant | grep 5901

      where 5901 is the legacy VNC daemon listening port of DISPLAY:1 in the previous step. If the port is open and listening means that VNC daemon is up and running successfully.
Related information:

MD5 Shell Scripts Find Duplicate Files

The shell scripts wrap the default md5sum program found on most Linux system to prepare a report of unique and duplicate files in a given directory.

The lengthy source code could be shorten if removing the DupUniRpt function which merely used to prepare an easy to read report that showing both the filename and number of duplicate and unique files.

By removing the DupUniRpt function call and function coding, do remember to add the line

cat $FM5L

right after the DupUniRpt function call in the if-else statement. The $FM5L is a semi-raw report file that groups duplicate and unique files together.

The wDupUniRpt.sh contain the same source code of DupUniRpt function source code, which could be used to prepare that easy to read report based on the semi-raw report file. This shell scripts created merely for easy debugging purpose.

Both these shell scripts have been tested successfully with as much as possible scenarios. The source code might be able to further enhanced for efficiency or bugs fixing if any. Any suggestive comments are greatly appreciated.

Related information:

  • wmd5.sh to report both filename and number of duplicate and unique files in a given directory
  • wDupUniRpt.sh used to report redundant and unique records in an ASCII file of sorted records.
  • MD5 checksum used to find redundant files
  • Search more related info with Google Search engine built-in

Monday, October 09, 2006

Install Recover Console To Boot Menu

Recover Console is not install to local hard disk by default during Windows installation.

In order to access to Recovery Console, normally practice is to boot up the system from the appropriate Windows setup CD. If the system is running on Windows XP, use the Windows XP setup CD. Note that Recover Console only available in Windows 2000 and above.

Other than access the Windows Recovery Console from bootable Windows setup CD, it is possible to install the Windows Recovery Console to local hard disk and configure it to appear as one of the Windows boot up option.

Install Recovery Console to local hard disk and enable Recovery Console as part of the Windows boot up menu option:

  1. Click on the Start button

  2. Click on the Run menu

  3. Type D:\i386\winnt32.exe /cmdcons by assuming D: drive is CD-ROM drive letter in which the Windows XP Setup CD is loaded.

  4. Click OK button and then follow the instructions on the screen to complete the straight forward setup and restart the computer at the end of setup process.

  5. After the Windows reboot, edit the file C:\boot.ini with notepad editor. Note that this file is hidden system file which is not "appear" in Windows Explorer by default, unless turning on the view hidden file options.

  6. If view hidden file option is not turn on, turn it on by

    1. Open My Computer
    2. Click on the Tools menu
    3. Click on the Folder Options
    4. Click on the View tab
    5. Click on the Hidden files and folders
    6. Click to select Show hidden files and folders option button.
    7. Click to clear Hide protected operating system files check box
    8. click OK to complete the turning on view hidden file procedures.

  7. At the bottom of the file, append this line

    C:\cmdcons\bootsect.dat="Recovery Console" /cmdcons

    Note that changing the description "Recovery Console" to whatever meaningful name is possible.

  8. Save and exit the edited file. On the next system boot up, notice that there is one new boot option called Recovery Console in the Windows boot up menu.
Related information:

Using ls Command By Examples

The ls command is a Linux command that is used to list directory contents. In fact, it is a standard shell command that exists in all Unix/Linux variants.

Using ls command by examples

  • To list all files in ascending order of file name detailed with file modification time

    ls -la

  • To list all files in descending order of file creation time in full or customized date-time format

    ls -lact --full-time
    ls -lact --time-style="+%d %m %Y"

  • To list all files in descending order of file creation time

    ls -lact

  • To list all files in descending order of file size in kilobytes

    ls -laSh

  • To list only directories

    ls -ap | grep /
              or
    ls -al | grep ^d

    Alternatively, use the find command as

    find . -type d -print

  • To list only directories initial with rpt filename

    ls -al rpt* | grep :$
              or
    find . -type d -name "rpt*" -print

Definition of ls file listing command option switch
  • option switch l used to list files in long listing detailed format.

  • option switch a used to list all files including hidden files which filename prefix with a dot.

  • option switch lct used together to list file in descending order of file creation time.

    option switch lc list file creation time and sorted by filename.

    option switch lt list file in descending order of file modification time.

  • option switch h used to list files size information in kilobytes (KB).

  • option switch S used to list files in descending order of file size in byte.

  • option switch r used to reverse the default of descending listing order to ascending listing order.

  • option switch --full-time or --time-style used to display time-related info in full or customized format.


Notes! If the ls command colour scheme is not easy to read, turn it off by either:
  • On ad-hoc basis by adding option switch. For example

    ls /etc --color=none

    to list /etc directory contents without color scheme turning on. OR

  • On selective login session only. Use the alias command to save typing efforts. For example, execute the command

    alias ls="ls --color=none"

    will cause subsequent ls command executing as if it is supplied with --color=none option switch and automatically turn off the color scheme.

  • On each login session of individual login acount only. Copy the file /etc/DIR_COLORS to the user home directory as $HOME/.dir_colors and edit the variable COLOR to become COLOR=none to do the job.

    From the next user login onwards, type the command set | grep COLOR will notice that the COLORS variable changed as specified in the $HOME/.dir_colors setting file. Typing the ls command as usual which will disable the file listing color scheme automatically.

    To turn on the color scheme again, simply rewrite the line COLOR=none to COLOR=tty or COLOR=auto will do.

    The file /etc/DIR_COLORS is used to control file listing color scheme globally, meaning that all users account will be affected.
Related information: